0001: package org.bouncycastle.jce.provider.test;
0002:
0003: import org.bouncycastle.asn1.ASN1EncodableVector;
0004: import org.bouncycastle.asn1.ASN1InputStream;
0005: import org.bouncycastle.asn1.DEREnumerated;
0006: import org.bouncycastle.asn1.DERObjectIdentifier;
0007: import org.bouncycastle.asn1.DEROctetString;
0008: import org.bouncycastle.asn1.DERSequence;
0009: import org.bouncycastle.asn1.DERSet;
0010: import org.bouncycastle.asn1.DERTaggedObject;
0011: import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
0012: import org.bouncycastle.asn1.cms.ContentInfo;
0013: import org.bouncycastle.asn1.cms.SignedData;
0014: import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
0015: import org.bouncycastle.asn1.x509.CRLReason;
0016: import org.bouncycastle.asn1.x509.GeneralName;
0017: import org.bouncycastle.asn1.x509.GeneralNames;
0018: import org.bouncycastle.asn1.x509.KeyPurposeId;
0019: import org.bouncycastle.asn1.x509.X509Extension;
0020: import org.bouncycastle.asn1.x509.X509Extensions;
0021: import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
0022: import org.bouncycastle.jce.X509KeyUsage;
0023: import org.bouncycastle.jce.X509Principal;
0024: import org.bouncycastle.jce.interfaces.ECPointEncoder;
0025: import org.bouncycastle.jce.provider.BouncyCastleProvider;
0026: import org.bouncycastle.jce.spec.ECParameterSpec;
0027: import org.bouncycastle.jce.spec.ECPrivateKeySpec;
0028: import org.bouncycastle.jce.spec.ECPublicKeySpec;
0029: import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
0030: import org.bouncycastle.math.ec.ECCurve;
0031: import org.bouncycastle.util.encoders.Base64;
0032: import org.bouncycastle.util.encoders.Hex;
0033: import org.bouncycastle.util.test.SimpleTest;
0034: import org.bouncycastle.x509.X509V1CertificateGenerator;
0035: import org.bouncycastle.x509.X509V2CRLGenerator;
0036: import org.bouncycastle.x509.X509V3CertificateGenerator;
0037: import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
0038: import org.bouncycastle.x509.extension.X509ExtensionUtil;
0039:
0040: import javax.security.auth.x500.X500Principal;
0041: import java.io.ByteArrayInputStream;
0042: import java.io.IOException;
0043: import java.io.InputStream;
0044: import java.math.BigInteger;
0045: import java.security.KeyFactory;
0046: import java.security.KeyPair;
0047: import java.security.KeyPairGenerator;
0048: import java.security.PrivateKey;
0049: import java.security.PublicKey;
0050: import java.security.SecureRandom;
0051: import java.security.Security;
0052: import java.security.Signature;
0053: import java.security.cert.CRL;
0054: import java.security.cert.Certificate;
0055: import java.security.cert.CertificateFactory;
0056: import java.security.cert.CertificateParsingException;
0057: import java.security.cert.X509CRL;
0058: import java.security.cert.X509CRLEntry;
0059: import java.security.cert.X509Certificate;
0060: import java.security.spec.RSAPrivateCrtKeySpec;
0061: import java.security.spec.RSAPublicKeySpec;
0062: import java.util.Collection;
0063: import java.util.Date;
0064: import java.util.Hashtable;
0065: import java.util.Iterator;
0066: import java.util.List;
0067: import java.util.Set;
0068: import java.util.Vector;
0069:
0070: public class CertTest extends SimpleTest {
0071: //
0072: // server.crt
0073: //
0074: byte[] cert1 = Base64
0075: .decode("MIIDXjCCAsegAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
0076: + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
0077: + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
0078: + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
0079: + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU2MjFaFw0wMTA2"
0080: + "MDIwNzU2MjFaMIG4MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
0081: + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
0082: + "dGQxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFtMR0wGwYDVQQDExR3d3cyLmNvbm5l"
0083: + "Y3Q0LmNvbS5hdTEoMCYGCSqGSIb3DQEJARYZd2VibWFzdGVyQGNvbm5lY3Q0LmNv"
0084: + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvDxclKAhyv7Q/Wmr2re"
0085: + "Gw4XL9Cnh9e+6VgWy2AWNy/MVeXdlxzd7QAuc1eOWQkGQEiLPy5XQtTY+sBUJ3AO"
0086: + "Rvd2fEVJIcjf29ey7bYua9J/vz5MG2KYo9/WCHIwqD9mmG9g0xLcfwq/s8ZJBswE"
0087: + "7sb85VU+h94PTvsWOsWuKaECAwEAAaN3MHUwJAYDVR0RBB0wG4EZd2VibWFzdGVy"
0088: + "QGNvbm5lY3Q0LmNvbS5hdTA6BglghkgBhvhCAQ0ELRYrbW9kX3NzbCBnZW5lcmF0"
0089: + "ZWQgY3VzdG9tIHNlcnZlciBjZXJ0aWZpY2F0ZTARBglghkgBhvhCAQEEBAMCBkAw"
0090: + "DQYJKoZIhvcNAQEEBQADgYEAotccfKpwSsIxM1Hae8DR7M/Rw8dg/RqOWx45HNVL"
0091: + "iBS4/3N/TO195yeQKbfmzbAA2jbPVvIvGgTxPgO1MP4ZgvgRhasaa0qCJCkWvpM4"
0092: + "yQf33vOiYQbpv4rTwzU8AmRlBG45WdjyNIigGV+oRc61aKCTnLq7zB8N3z1TF/bF"
0093: + "5/8=");
0094:
0095: //
0096: // ca.crt
0097: //
0098: byte[] cert2 = Base64
0099: .decode("MIIDbDCCAtWgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
0100: + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
0101: + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
0102: + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
0103: + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU1MzNaFw0wMTA2"
0104: + "MDIwNzU1MzNaMIG3MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
0105: + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
0106: + "dGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMMQ29u"
0107: + "bmVjdCA0IENBMSgwJgYJKoZIhvcNAQkBFhl3ZWJtYXN0ZXJAY29ubmVjdDQuY29t"
0108: + "LmF1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgs5ptNG6Qv1ZpCDuUNGmv"
0109: + "rhjqMDPd3ri8JzZNRiiFlBA4e6/ReaO1U8ASewDeQMH6i9R6degFdQRLngbuJP0s"
0110: + "xcEE+SksEWNvygfzLwV9J/q+TQDyJYK52utb++lS0b48A1KPLwEsyL6kOAgelbur"
0111: + "ukwxowprKUIV7Knf1ajetQIDAQABo4GFMIGCMCQGA1UdEQQdMBuBGXdlYm1hc3Rl"
0112: + "ckBjb25uZWN0NC5jb20uYXUwDwYDVR0TBAgwBgEB/wIBADA2BglghkgBhvhCAQ0E"
0113: + "KRYnbW9kX3NzbCBnZW5lcmF0ZWQgY3VzdG9tIENBIGNlcnRpZmljYXRlMBEGCWCG"
0114: + "SAGG+EIBAQQEAwICBDANBgkqhkiG9w0BAQQFAAOBgQCsGvfdghH8pPhlwm1r3pQk"
0115: + "msnLAVIBb01EhbXm2861iXZfWqGQjrGAaA0ZpXNk9oo110yxoqEoSJSzniZa7Xtz"
0116: + "soTwNUpE0SLHvWf/SlKdFWlzXA+vOZbzEv4UmjeelekTm7lc01EEa5QRVzOxHFtQ"
0117: + "DhkaJ8VqOMajkQFma2r9iA==");
0118:
0119: //
0120: // testx509.pem
0121: //
0122: byte[] cert3 = Base64
0123: .decode("MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV"
0124: + "BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz"
0125: + "MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM"
0126: + "RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF"
0127: + "AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO"
0128: + "/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE"
0129: + "Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ"
0130: + "zl9HYIMxATFyqSiD9jsx");
0131:
0132: //
0133: // v3-cert1.pem
0134: //
0135: byte[] cert4 = Base64
0136: .decode("MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx"
0137: + "NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz"
0138: + "dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw"
0139: + "ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu"
0140: + "ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2"
0141: + "ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp"
0142: + "miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C"
0143: + "AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK"
0144: + "Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x"
0145: + "DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR"
0146: + "MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB"
0147: + "AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21"
0148: + "X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3"
0149: + "WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO");
0150:
0151: //
0152: // v3-cert2.pem
0153: //
0154: byte[] cert5 = Base64
0155: .decode("MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD"
0156: + "YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0"
0157: + "ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu"
0158: + "dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1"
0159: + "WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV"
0160: + "BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx"
0161: + "FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA"
0162: + "6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT"
0163: + "G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ"
0164: + "YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm"
0165: + "b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc"
0166: + "F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz"
0167: + "lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap"
0168: + "jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=");
0169:
0170: //
0171: // pem encoded pkcs7
0172: //
0173: byte[] cert6 = Base64
0174: .decode("MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJbzCCAj0w"
0175: + "ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG"
0176: + "A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy"
0177: + "dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw"
0178: + "CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi"
0179: + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A"
0180: + "MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH"
0181: + "mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF"
0182: + "4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d"
0183: + "6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix"
0184: + "3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR"
0185: + "cZQwggMuMIICl6ADAgECAhEA0nYujRQMPX2yqCVdr+4NdTANBgkqhkiG9w0BAQIFADBfMQswCQYD"
0186: + "VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj"
0187: + "IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTgwNTEyMDAwMDAwWhcNMDgwNTEy"
0188: + "MjM1OTU5WjCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy"
0189: + "dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5j"
0190: + "b3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0Eg"
0191: + "SW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDCBnzANBgkqhkiG9w0B"
0192: + "AQEFAAOBjQAwgYkCgYEAu1pEigQWu1X9A3qKLZRPFXg2uA1Ksm+cVL+86HcqnbnwaLuV2TFBcHqB"
0193: + "S7lIE1YtxwjhhEKrwKKSq0RcqkLwgg4C6S/7wju7vsknCl22sDZCM7VuVIhPh0q/Gdr5FegPh7Yc"
0194: + "48zGmo5/aiSS4/zgZbqnsX7vyds3ashKyAkG5JkCAwEAAaN8MHowEQYJYIZIAYb4QgEBBAQDAgEG"
0195: + "MEcGA1UdIARAMD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEFBQcCARYfd3d3LnZlcmlzaWduLmNv"
0196: + "bS9yZXBvc2l0b3J5L1JQQTAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B"
0197: + "AQIFAAOBgQCIuDc73dqUNwCtqp/hgQFxHpJqbS/28Z3TymQ43BuYDAeGW4UVag+5SYWklfEXfWe0"
0198: + "fy0s3ZpCnsM+tI6q5QsG3vJWKvozx74Z11NMw73I4xe1pElCY+zCphcPXVgaSTyQXFWjZSAA/Rgg"
0199: + "5V+CprGoksVYasGNAzzrw80FopCubjCCA/gwggNhoAMCAQICEBbbn/1G1zppD6KsP01bwywwDQYJ"
0200: + "KoZIhvcNAQEEBQAwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln"
0201: + "biBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBB"
0202: + "IEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAx"
0203: + "IENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwHhcNMDAxMDAy"
0204: + "MDAwMDAwWhcNMDAxMjAxMjM1OTU5WjCCAQcxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD"
0205: + "VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3Jl"
0206: + "cG9zaXRvcnkvUlBBIEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk4MR4wHAYDVQQLExVQZXJz"
0207: + "b25hIE5vdCBWYWxpZGF0ZWQxJzAlBgNVBAsTHkRpZ2l0YWwgSUQgQ2xhc3MgMSAtIE1pY3Jvc29m"
0208: + "dDETMBEGA1UEAxQKRGF2aWQgUnlhbjElMCMGCSqGSIb3DQEJARYWZGF2aWRAbGl2ZW1lZGlhLmNv"
0209: + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqxBsdeNmSvFqhMNwhQgNzM8mdjX9eSXb"
0210: + "DawpHtQHjmh0AKJSa3IwUY0VIsyZHuXWktO/CgaMBVPt6OVf/n0R2sQigMP6Y+PhEiS0vCJBL9aK"
0211: + "0+pOo2qXrjVBmq+XuCyPTnc+BOSrU26tJsX0P9BYorwySiEGxGanBNATdVL4NdUCAwEAAaOBnDCB"
0212: + "mTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQgwKjAoBggrBgEFBQcCARYcaHR0"
0213: + "cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTARBglghkgBhvhCAQEEBAMCB4AwMwYDVR0fBCwwKjAo"
0214: + "oCagJIYiaHR0cDovL2NybC52ZXJpc2lnbi5jb20vY2xhc3MxLmNybDANBgkqhkiG9w0BAQQFAAOB"
0215: + "gQBC8yIIdVGpFTf8/YiL14cMzcmL0nIRm4kGR3U59z7UtcXlfNXXJ8MyaeI/BnXwG/gD5OKYqW6R"
0216: + "yca9vZOxf1uoTBl82gInk865ED3Tej6msCqFzZffnSUQvOIeqLxxDlqYRQ6PmW2nAnZeyjcnbI5Y"
0217: + "syQSM2fmo7n6qJFP+GbFezGCAkUwggJBAgEBMIHhMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j"
0218: + "LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWdu"
0219: + "LmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UE"
0220: + "AxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3Qg"
0221: + "VmFsaWRhdGVkAhAW25/9Rtc6aQ+irD9NW8MsMAkGBSsOAwIaBQCggbowGAYJKoZIhvcNAQkDMQsG"
0222: + "CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDAxMDAyMTczNTE4WjAjBgkqhkiG9w0BCQQxFgQU"
0223: + "gZjSaBEY2oxGvlQUIMnxSXhivK8wWwYJKoZIhvcNAQkPMU4wTDAKBggqhkiG9w0DBzAOBggqhkiG"
0224: + "9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwBwYFKw4DAh0w"
0225: + "DQYJKoZIhvcNAQEBBQAEgYAzk+PU91/ZFfoiuKOECjxEh9fDYE2jfDCheBIgh5gdcCo+sS1WQs8O"
0226: + "HreQ9Nop/JdJv1DQMBK6weNBBDoP0EEkRm1XCC144XhXZC82jBZohYmi2WvDbbC//YN58kRMYMyy"
0227: + "srrfn4Z9I+6kTriGXkrpGk9Q0LSGjmG2BIsqiF0dvwAAAAAAAA==");
0228:
0229: //
0230: // dsaWithSHA1 cert
0231: //
0232: byte[] cert7 = Base64
0233: .decode("MIIEXAYJKoZIhvcNAQcCoIIETTCCBEkCAQExCzAJBgUrDgMCGgUAMAsGCSqG"
0234: + "SIb3DQEHAaCCAsMwggK/MIIB4AIBADCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7"
0235: + "d8miwTMN55CUSmo3TO8WGCxgY61TX5k+7NU4XPf1TULjw3GobwaJX13kquPh"
0236: + "fVXk+gVy46n4Iw3hAhUBSe/QF4BUj+pJOF9ROBM4u+FEWA8CQQD4mSJbrABj"
0237: + "TUWrlnAte8pS22Tq4/FPO7jHSqjijUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/z"
0238: + "m8Q12PFp/PjOhh+nMA4xDDAKBgNVBAMTA0lEMzAeFw05NzEwMDEwMDAwMDBa"
0239: + "Fw0zODAxMDEwMDAwMDBaMA4xDDAKBgNVBAMTA0lEMzCB8DCBpwYFKw4DAhsw"
0240: + "gZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxgY61TX5k+7NU4XPf1TULj"
0241: + "w3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/QF4BUj+pJOF9ROBM4u+FE"
0242: + "WA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jHSqjijUHfXKTrHL1OEqV3"
0243: + "SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nA0QAAkEAkYkXLYMtGVGWj9OnzjPn"
0244: + "sB9sefSRPrVegZJCZbpW+Iv0/1RP1u04pHG9vtRpIQLjzUiWvLMU9EKQTThc"
0245: + "eNMmWDCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxg"
0246: + "Y61TX5k+7NU4XPf1TULjw3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/Q"
0247: + "F4BUj+pJOF9ROBM4u+FEWA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jH"
0248: + "SqjijUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nAy8AMCwC"
0249: + "FBY3dBSdeprGcqpr6wr3xbG+6WW+AhRMm/facKJNxkT3iKgJbp7R8Xd3QTGC"
0250: + "AWEwggFdAgEBMBMwDjEMMAoGA1UEAxMDSUQzAgEAMAkGBSsOAwIaBQCgXTAY"
0251: + "BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMjA1"
0252: + "MjQyMzEzMDdaMCMGCSqGSIb3DQEJBDEWBBS4WMsoJhf7CVbZYCFcjoTRzPkJ"
0253: + "xjCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxgY61T"
0254: + "X5k+7NU4XPf1TULjw3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/QF4BU"
0255: + "j+pJOF9ROBM4u+FEWA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jHSqji"
0256: + "jUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nBC8wLQIVALID"
0257: + "dt+MHwawrDrwsO1Z6sXBaaJsAhRaKssrpevmLkbygKPV07XiAKBG02Zvb2Jh"
0258: + "cg==");
0259:
0260: //
0261: // testcrl.pem
0262: //
0263: byte[] crl1 = Base64
0264: .decode("MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT"
0265: + "F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy"
0266: + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw"
0267: + "MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw"
0268: + "MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw"
0269: + "MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw"
0270: + "MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw"
0271: + "MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw"
0272: + "MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw"
0273: + "NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw"
0274: + "NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF"
0275: + "AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ"
0276: + "wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt"
0277: + "JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v");
0278:
0279: //
0280: // ecdsa cert with extra octet string.
0281: //
0282: byte[] oldEcdsa = Base64
0283: .decode("MIICljCCAkCgAwIBAgIBATALBgcqhkjOPQQBBQAwgY8xCzAJBgNVBAYTAkFVMSgwJ"
0284: + "gYDVQQKEx9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHEw"
0285: + "lNZWxib3VybmUxETAPBgNVBAgTCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWV"
0286: + "kYmFjay1jcnlwdG9AYm91bmN5Y2FzdGxlLm9yZzAeFw0wMTEyMDcwMTAwMDRaFw0w"
0287: + "MTEyMDcwMTAxNDRaMIGPMQswCQYDVQQGEwJBVTEoMCYGA1UEChMfVGhlIExlZ2lvb"
0288: + "iBvZiB0aGUgQm91bmN5IENhc3RsZTESMBAGA1UEBxMJTWVsYm91cm5lMREwDwYDVQ"
0289: + "QIEwhWaWN0b3JpYTEvMC0GCSqGSIb3DQEJARYgZmVlZGJhY2stY3J5cHRvQGJvdW5"
0290: + "jeWNhc3RsZS5vcmcwgeQwgb0GByqGSM49AgEwgbECAQEwKQYHKoZIzj0BAQIef///"
0291: + "////////////f///////gAAAAAAAf///////MEAEHn///////////////3///////"
0292: + "4AAAAAAAH///////AQeawFsO9zxiUHQ1lSSFHXKcanbL7J9HTd5YYXClCwKBB8CD/"
0293: + "qWPNyogWzMM7hkK+35BcPTWFc9Pyf7vTs8uaqvAh5///////////////9///+eXpq"
0294: + "fXZBx+9FSJoiQnQsDIgAEHwJbbcU7xholSP+w9nFHLebJUhqdLSU05lq/y9X+DHAw"
0295: + "CwYHKoZIzj0EAQUAA0MAMEACHnz6t4UNoVROp74ma4XNDjjGcjaqiIWPZLK8Bdw3G"
0296: + "QIeLZ4j3a6ividZl344UH+UPUE7xJxlYGuy7ejTsqRR");
0297:
0298: byte[] uncompressedPtEC = Base64
0299: .decode("MIIDKzCCAsGgAwIBAgICA+kwCwYHKoZIzj0EAQUAMGYxCzAJBgNVBAYTAkpQ"
0300: + "MRUwEwYDVQQKEwxuaXRlY2guYWMuanAxDjAMBgNVBAsTBWFpbGFiMQ8wDQYD"
0301: + "VQQDEwZ0ZXN0Y2ExHzAdBgkqhkiG9w0BCQEWEHRlc3RjYUBsb2NhbGhvc3Qw"
0302: + "HhcNMDExMDEzMTE1MzE3WhcNMjAxMjEyMTE1MzE3WjBmMQswCQYDVQQGEwJK"
0303: + "UDEVMBMGA1UEChMMbml0ZWNoLmFjLmpwMQ4wDAYDVQQLEwVhaWxhYjEPMA0G"
0304: + "A1UEAxMGdGVzdGNhMR8wHQYJKoZIhvcNAQkBFhB0ZXN0Y2FAbG9jYWxob3N0"
0305: + "MIIBczCCARsGByqGSM49AgEwggEOAgEBMDMGByqGSM49AQECKEdYWnajFmnZ"
0306: + "tzrukK2XWdle2v+GsD9l1ZiR6g7ozQDbhFH/bBiMDQcwVAQoJ5EQKrI54/CT"
0307: + "xOQ2pMsd/fsXD+EX8YREd8bKHWiLz8lIVdD5cBNeVwQoMKSc6HfI7vKZp8Q2"
0308: + "zWgIFOarx1GQoWJbMcSt188xsl30ncJuJT2OoARRBAqJ4fD+q6hbqgNSjTQ7"
0309: + "htle1KO3eiaZgcJ8rrnyN8P+5A8+5K+H9aQ/NbBR4Gs7yto5PXIUZEUgodHA"
0310: + "TZMSAcSq5ZYt4KbnSYaLY0TtH9CqAigEwZ+hglbT21B7ZTzYX2xj0x+qooJD"
0311: + "hVTLtIPaYJK2HrMPxTw6/zfrAgEPA1IABAnvfFcFDgD/JicwBGn6vR3N8MIn"
0312: + "mptZf/mnJ1y649uCF60zOgdwIyI7pVSxBFsJ7ohqXEHW0x7LrGVkdSEiipiH"
0313: + "LYslqh3xrqbAgPbl93GUo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB"
0314: + "/wQEAwIBxjAdBgNVHQ4EFgQUAEo62Xm9H6DcsE0zUDTza4BRG90wCwYHKoZI"
0315: + "zj0EAQUAA1cAMFQCKAQsCHHSNOqfJXLgt3bg5+k49hIBGVr/bfG0B9JU3rNt"
0316: + "Ycl9Y2zfRPUCKAK2ccOQXByAWfsasDu8zKHxkZv7LVDTFjAIffz3HaCQeVhD"
0317: + "z+fauEg=");
0318:
0319: byte[] keyUsage = Base64
0320: .decode("MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UE"
0321: + "BhMCVVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50"
0322: + "cnVzdC5uZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBs"
0323: + "aW1pdHMgbGlhYi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExp"
0324: + "bWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0"
0325: + "aW9uIEF1dGhvcml0eTAeFw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBa"
0326: + "MIHJMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNV"
0327: + "BAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5mby9DUFMgaW5jb3Jw"
0328: + "LiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMpIDE5OTkgRW50"
0329: + "cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50"
0330: + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUAA4GL"
0331: + "ADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo6oT9n3V5z8GKUZSv"
0332: + "x1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux5zDeg7K6PvHV"
0333: + "iTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zmAqTmT173"
0334: + "iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSCARkw"
0335: + "ggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50"
0336: + "cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0Ff"
0337: + "SW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UE"
0338: + "CxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50"
0339: + "cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYD"
0340: + "VQQDEwRDUkwxMCygKqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9D"
0341: + "bGllbnQxLmNybDArBgNVHRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkx"
0342: + "MDEyMTkyNDMwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW"
0343: + "/O5bs8qZdIuV6kwwHQYDVR0OBBYEFMT7nCl7l81MlvzuW7PKmXSLlepMMAwG"
0344: + "A1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI"
0345: + "hvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7pFuPeJoSSJn59DXeDDYHAmsQ"
0346: + "OokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzzwy5E97BnRqqS5TvaHBkU"
0347: + "ODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/aEkP/TOYGJqibGapE"
0348: + "PHayXOw=");
0349:
0350: byte[] nameCert = Base64
0351: .decode("MIIEFjCCA3+gAwIBAgIEdS8BozANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJE"
0352: + "RTERMA8GA1UEChQIREFURVYgZUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRQ0Eg"
0353: + "REFURVYgRDAzIDE6UE4wIhgPMjAwMTA1MTAxMDIyNDhaGA8yMDA0MDUwOTEwMjI0"
0354: + "OFowgYQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIFAZCYXllcm4xEjAQBgNVBAcUCU7I"
0355: + "dXJuYmVyZzERMA8GA1UEChQIREFURVYgZUcxHTAbBgNVBAUTFDAwMDAwMDAwMDA4"
0356: + "OTU3NDM2MDAxMR4wHAYDVQQDFBVEaWV0bWFyIFNlbmdlbmxlaXRuZXIwgaEwDQYJ"
0357: + "KoZIhvcNAQEBBQADgY8AMIGLAoGBAJLI/LJLKaHoMk8fBECW/od8u5erZi6jI8Ug"
0358: + "C0a/LZyQUO/R20vWJs6GrClQtXB+AtfiBSnyZOSYzOdfDI8yEKPEv8qSuUPpOHps"
0359: + "uNCFdLZF1vavVYGEEWs2+y+uuPmg8q1oPRyRmUZ+x9HrDvCXJraaDfTEd9olmB/Z"
0360: + "AuC/PqpjAgUAwAAAAaOCAcYwggHCMAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUD"
0361: + "AwdAADAxBgNVHSAEKjAoMCYGBSskCAEBMB0wGwYIKwYBBQUHAgEWD3d3dy56cy5k"
0362: + "YXRldi5kZTApBgNVHREEIjAggR5kaWV0bWFyLnNlbmdlbmxlaXRuZXJAZGF0ZXYu"
0363: + "ZGUwgYQGA1UdIwR9MHuhc6RxMG8xCzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1"
0364: + "bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0"
0365: + "MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE6CBACm8LkwDgYHAoIG"
0366: + "AQoMAAQDAQEAMEcGA1UdHwRAMD4wPKAUoBKGEHd3dy5jcmwuZGF0ZXYuZGWiJKQi"
0367: + "MCAxCzAJBgNVBAYTAkRFMREwDwYDVQQKFAhEQVRFViBlRzAWBgUrJAgDBAQNMAsT"
0368: + "A0VVUgIBBQIBATAdBgNVHQ4EFgQUfv6xFP0xk7027folhy+ziZvBJiwwLAYIKwYB"
0369: + "BQUHAQEEIDAeMBwGCCsGAQUFBzABhhB3d3cuZGlyLmRhdGV2LmRlMA0GCSqGSIb3"
0370: + "DQEBBQUAA4GBAEOVX6uQxbgtKzdgbTi6YLffMftFr2mmNwch7qzpM5gxcynzgVkg"
0371: + "pnQcDNlm5AIbS6pO8jTCLfCd5TZ5biQksBErqmesIl3QD+VqtB+RNghxectZ3VEs"
0372: + "nCUtcE7tJ8O14qwCb3TxS9dvIUFiVi4DjbxX46TdcTbTaK8/qr6AIf+l");
0373:
0374: byte[] probSelfSignedCert = Base64
0375: .decode("MIICxTCCAi6gAwIBAgIQAQAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQUFADBF"
0376: + "MScwJQYDVQQKEx4gRElSRUNUSU9OIEdFTkVSQUxFIERFUyBJTVBPVFMxGjAYBgNV"
0377: + "BAMTESBBQyBNSU5FRkkgQiBURVNUMB4XDTA0MDUwNzEyMDAwMFoXDTE0MDUwNzEy"
0378: + "MDAwMFowRTEnMCUGA1UEChMeIERJUkVDVElPTiBHRU5FUkFMRSBERVMgSU1QT1RT"
0379: + "MRowGAYDVQQDExEgQUMgTUlORUZJIEIgVEVTVDCBnzANBgkqhkiG9w0BAQEFAAOB"
0380: + "jQAwgYkCgYEAveoCUOAukZdcFCs2qJk76vSqEX0ZFzHqQ6faBPZWjwkgUNwZ6m6m"
0381: + "qWvvyq1cuxhoDvpfC6NXILETawYc6MNwwxsOtVVIjuXlcF17NMejljJafbPximEt"
0382: + "DQ4LcQeSp4K7FyFlIAMLyt3BQ77emGzU5fjFTvHSUNb3jblx0sV28c0CAwEAAaOB"
0383: + "tTCBsjAfBgNVHSMEGDAWgBSEJ4bLbvEQY8cYMAFKPFD1/fFXlzAdBgNVHQ4EFgQU"
0384: + "hCeGy27xEGPHGDABSjxQ9f3xV5cwDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIB"
0385: + "AQQEAwIBBjA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vYWRvbmlzLnBrNy5jZXJ0"
0386: + "cGx1cy5uZXQvZGdpLXRlc3QuY3JsMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN"
0387: + "AQEFBQADgYEAmToHJWjd3+4zknfsP09H6uMbolHNGG0zTS2lrLKpzcmkQfjhQpT9"
0388: + "LUTBvfs1jdjo9fGmQLvOG+Sm51Rbjglb8bcikVI5gLbclOlvqLkm77otjl4U4Z2/"
0389: + "Y0vP14Aov3Sn3k+17EfReYUZI4liuB95ncobC4e8ZM++LjQcIM0s+Vs=");
0390:
0391: byte[] gost34102001base = Base64
0392: .decode("MIIB1DCCAYECEEjpVKXP6Wn1yVz3VeeDQa8wCgYGKoUDAgIDBQAwbTEfMB0G"
0393: + "A1UEAwwWR29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRv"
0394: + "UHJvMQswCQYDVQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIw"
0395: + "MDFAZXhhbXBsZS5jb20wHhcNMDUwMjAzMTUxNjQ2WhcNMTUwMjAzMTUxNjQ2"
0396: + "WjBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQK"
0397: + "DAlDcnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0"
0398: + "UjM0MTAtMjAwMUBleGFtcGxlLmNvbTBjMBwGBiqFAwICEzASBgcqhQMCAiQA"
0399: + "BgcqhQMCAh4BA0MABECElWh1YAIaQHUIzROMMYks/eUFA3pDXPRtKw/nTzJ+"
0400: + "V4/rzBa5lYgD0Jp8ha4P5I3qprt+VsfLsN8PZrzK6hpgMAoGBiqFAwICAwUA"
0401: + "A0EAHw5dw/aw/OiNvHyOE65kvyo4Hp0sfz3csM6UUkp10VO247ofNJK3tsLb"
0402: + "HOLjUaqzefrlGb11WpHYrvWFg+FcLA==");
0403:
0404: byte[] gost341094base = Base64
0405: .decode("MIICDzCCAbwCEBcxKsIb0ghYvAQeUjfQdFAwCgYGKoUDAgIEBQAwaTEdMBsG"
0406: + "A1UEAwwUR29zdFIzNDEwLTk0IGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1By"
0407: + "bzELMAkGA1UEBhMCUlUxJzAlBgkqhkiG9w0BCQEWGEdvc3RSMzQxMC05NEBl"
0408: + "eGFtcGxlLmNvbTAeFw0wNTAyMDMxNTE2NTFaFw0xNTAyMDMxNTE2NTFaMGkx"
0409: + "HTAbBgNVBAMMFEdvc3RSMzQxMC05NCBleGFtcGxlMRIwEAYDVQQKDAlDcnlw"
0410: + "dG9Qcm8xCzAJBgNVBAYTAlJVMScwJQYJKoZIhvcNAQkBFhhHb3N0UjM0MTAt"
0411: + "OTRAZXhhbXBsZS5jb20wgaUwHAYGKoUDAgIUMBIGByqFAwICIAIGByqFAwIC"
0412: + "HgEDgYQABIGAu4Rm4XmeWzTYLIB/E6gZZnFX/oxUJSFHbzALJ3dGmMb7R1W+"
0413: + "t7Lzk2w5tUI3JoTiDRCKJA4fDEJNKzsRK6i/ZjkyXJSLwaj+G2MS9gklh8x1"
0414: + "G/TliYoJgmjTXHemD7aQEBON4z58nJHWrA0ILD54wbXCtrcaqCqLRYGTMjJ2"
0415: + "+nswCgYGKoUDAgIEBQADQQBxKNhOmjgz/i5CEgLOyKyz9pFGkDcaymsWYQWV"
0416: + "v7CZ0pTM8IzMzkUBW3GHsUjCFpanFZDfg2zuN+3kT+694n9B");
0417:
0418: byte[] gost341094A = Base64
0419: .decode("MIICSDCCAfWgAwIBAgIBATAKBgYqhQMCAgQFADCBgTEXMBUGA1UEAxMOZGVmYXVsdDM0MTAtOTQx"
0420: + "DTALBgNVBAoTBERpZ3QxDzANBgNVBAsTBkNyeXB0bzEOMAwGA1UEBxMFWS1vbGExDDAKBgNVBAgT"
0421: + "A01FTDELMAkGA1UEBhMCcnUxGzAZBgkqhkiG9w0BCQEWDHRlc3RAdGVzdC5ydTAeFw0wNTAzMjkx"
0422: + "MzExNTdaFw0wNjAzMjkxMzExNTdaMIGBMRcwFQYDVQQDEw5kZWZhdWx0MzQxMC05NDENMAsGA1UE"
0423: + "ChMERGlndDEPMA0GA1UECxMGQ3J5cHRvMQ4wDAYDVQQHEwVZLW9sYTEMMAoGA1UECBMDTUVMMQsw"
0424: + "CQYDVQQGEwJydTEbMBkGCSqGSIb3DQEJARYMdGVzdEB0ZXN0LnJ1MIGlMBwGBiqFAwICFDASBgcq"
0425: + "hQMCAiACBgcqhQMCAh4BA4GEAASBgIQACDLEuxSdRDGgdZxHmy30g/DUYkRxO9Mi/uSHX5NjvZ31"
0426: + "b7JMEMFqBtyhql1HC5xZfUwZ0aT3UnEFDfFjLP+Bf54gA+LPkQXw4SNNGOj+klnqgKlPvoqMGlwa"
0427: + "+hLPKbS561WpvB2XSTgbV+pqqXR3j6j30STmybelEV3RdS2Now8wDTALBgNVHQ8EBAMCB4AwCgYG"
0428: + "KoUDAgIEBQADQQBCFy7xWRXtNVXflKvDs0pBdBuPzjCMeZAXVxK8vUxsxxKu76d9CsvhgIFknFRi"
0429: + "wWTPiZenvNoJ4R1uzeX+vREm");
0430:
0431: byte[] gost341094B = Base64
0432: .decode("MIICSDCCAfWgAwIBAgIBATAKBgYqhQMCAgQFADCBgTEXMBUGA1UEAxMOcGFyYW0xLTM0MTAtOTQx"
0433: + "DTALBgNVBAoTBERpZ3QxDzANBgNVBAsTBkNyeXB0bzEOMAwGA1UEBxMFWS1PbGExDDAKBgNVBAgT"
0434: + "A01lbDELMAkGA1UEBhMCcnUxGzAZBgkqhkiG9w0BCQEWDHRlc3RAdGVzdC5ydTAeFw0wNTAzMjkx"
0435: + "MzEzNTZaFw0wNjAzMjkxMzEzNTZaMIGBMRcwFQYDVQQDEw5wYXJhbTEtMzQxMC05NDENMAsGA1UE"
0436: + "ChMERGlndDEPMA0GA1UECxMGQ3J5cHRvMQ4wDAYDVQQHEwVZLU9sYTEMMAoGA1UECBMDTWVsMQsw"
0437: + "CQYDVQQGEwJydTEbMBkGCSqGSIb3DQEJARYMdGVzdEB0ZXN0LnJ1MIGlMBwGBiqFAwICFDASBgcq"
0438: + "hQMCAiADBgcqhQMCAh4BA4GEAASBgEa+AAcZmijWs1M9x5Pn9efE8D9ztG1NMoIt0/hNZNqln3+j"
0439: + "lMZjyqPt+kTLIjtmvz9BRDmIDk6FZz+4LhG2OTL7yGpWfrMxMRr56nxomTN9aLWRqbyWmn3brz9Y"
0440: + "AUD3ifnwjjIuW7UM84JNlDTOdxx0XRUfLQIPMCXe9cO02Xskow8wDTALBgNVHQ8EBAMCB4AwCgYG"
0441: + "KoUDAgIEBQADQQBzFcnuYc/639OTW+L5Ecjw9KxGr+dwex7lsS9S1BUgKa3m1d5c+cqI0B2XUFi5"
0442: + "4iaHHJG0dCyjtQYLJr0OZjRw");
0443:
0444: byte[] gost34102001A = Base64
0445: .decode("MIICCzCCAbigAwIBAgIBATAKBgYqhQMCAgMFADCBhDEaMBgGA1UEAxMRZGVmYXVsdC0zNDEwLTIw"
0446: + "MDExDTALBgNVBAoTBERpZ3QxDzANBgNVBAsTBkNyeXB0bzEOMAwGA1UEBxMFWS1PbGExDDAKBgNV"
0447: + "BAgTA01lbDELMAkGA1UEBhMCcnUxGzAZBgkqhkiG9w0BCQEWDHRlc3RAdGVzdC5ydTAeFw0wNTAz"
0448: + "MjkxMzE4MzFaFw0wNjAzMjkxMzE4MzFaMIGEMRowGAYDVQQDExFkZWZhdWx0LTM0MTAtMjAwMTEN"
0449: + "MAsGA1UEChMERGlndDEPMA0GA1UECxMGQ3J5cHRvMQ4wDAYDVQQHEwVZLU9sYTEMMAoGA1UECBMD"
0450: + "TWVsMQswCQYDVQQGEwJydTEbMBkGCSqGSIb3DQEJARYMdGVzdEB0ZXN0LnJ1MGMwHAYGKoUDAgIT"
0451: + "MBIGByqFAwICIwEGByqFAwICHgEDQwAEQG/4c+ZWb10IpeHfmR+vKcbpmSOClJioYmCVgnojw0Xn"
0452: + "ned0KTg7TJreRUc+VX7vca4hLQaZ1o/TxVtfEApK/O6jDzANMAsGA1UdDwQEAwIHgDAKBgYqhQMC"
0453: + "AgMFAANBAN8y2b6HuIdkD3aWujpfQbS1VIA/7hro4vLgDhjgVmev/PLzFB8oTh3gKhExpDo82IEs"
0454: + "ZftGNsbbyp1NFg7zda0=");
0455:
0456: byte[] gostCA1 = Base64
0457: .decode("MIIDNDCCAuGgAwIBAgIQZLcKDcWcQopF+jp4p9jylDAKBgYqhQMCAgQFADBm"
0458: + "MQswCQYDVQQGEwJSVTEPMA0GA1UEBxMGTW9zY293MRcwFQYDVQQKEw5PT08g"
0459: + "Q3J5cHRvLVBybzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxFzAVBgNVBAMTDkNQ"
0460: + "IENTUCBUZXN0IENBMB4XDTAyMDYwOTE1NTIyM1oXDTA5MDYwOTE1NTkyOVow"
0461: + "ZjELMAkGA1UEBhMCUlUxDzANBgNVBAcTBk1vc2NvdzEXMBUGA1UEChMOT09P"
0462: + "IENyeXB0by1Qcm8xFDASBgNVBAsTC0RldmVsb3BtZW50MRcwFQYDVQQDEw5D"
0463: + "UCBDU1AgVGVzdCBDQTCBpTAcBgYqhQMCAhQwEgYHKoUDAgIgAgYHKoUDAgIe"
0464: + "AQOBhAAEgYAYglywKuz1nMc9UiBYOaulKy53jXnrqxZKbCCBSVaJ+aCKbsQm"
0465: + "glhRFrw6Mwu8Cdeabo/ojmea7UDMZd0U2xhZFRti5EQ7OP6YpqD0alllo7za"
0466: + "4dZNXdX+/ag6fOORSLFdMpVx5ganU0wHMPk67j+audnCPUj/plbeyccgcdcd"
0467: + "WaOCASIwggEeMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud"
0468: + "DgQWBBTe840gTo4zt2twHilw3PD9wJaX0TCBygYDVR0fBIHCMIG/MDygOqA4"
0469: + "hjYtaHR0cDovL2ZpZXdhbGwvQ2VydEVucm9sbC9DUCUyMENTUCUyMFRlc3Ql"
0470: + "MjBDQSgzKS5jcmwwRKBCoECGPmh0dHA6Ly93d3cuY3J5cHRvcHJvLnJ1L0Nl"
0471: + "cnRFbnJvbGwvQ1AlMjBDU1AlMjBUZXN0JTIwQ0EoMykuY3JsMDmgN6A1hjMt"
0472: + "ZmlsZTovL1xcZmlld2FsbFxDZXJ0RW5yb2xsXENQIENTUCBUZXN0IENBKDMp"
0473: + "LmNybC8wEgYJKwYBBAGCNxUBBAUCAwMAAzAKBgYqhQMCAgQFAANBAIJi7ni7"
0474: + "9rwMR5rRGTFftt2k70GbqyUEfkZYOzrgdOoKiB4IIsIstyBX0/ne6GsL9Xan"
0475: + "G2IN96RB7KrowEHeW+k=");
0476:
0477: byte[] gostCA2 = Base64
0478: .decode("MIIC2DCCAoWgAwIBAgIQe9ZCugm42pRKNcHD8466zTAKBgYqhQMCAgMFADB+"
0479: + "MRowGAYJKoZIhvcNAQkBFgtzYmFAZGlndC5ydTELMAkGA1UEBhMCUlUxDDAK"
0480: + "BgNVBAgTA01FTDEUMBIGA1UEBxMLWW9zaGthci1PbGExDTALBgNVBAoTBERp"
0481: + "Z3QxDzANBgNVBAsTBkNyeXB0bzEPMA0GA1UEAxMGc2JhLUNBMB4XDTA0MDgw"
0482: + "MzEzMzE1OVoXDTE0MDgwMzEzNDAxMVowfjEaMBgGCSqGSIb3DQEJARYLc2Jh"
0483: + "QGRpZ3QucnUxCzAJBgNVBAYTAlJVMQwwCgYDVQQIEwNNRUwxFDASBgNVBAcT"
0484: + "C1lvc2hrYXItT2xhMQ0wCwYDVQQKEwREaWd0MQ8wDQYDVQQLEwZDcnlwdG8x"
0485: + "DzANBgNVBAMTBnNiYS1DQTBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMC"
0486: + "Ah4BA0MABEDMSy10CuOH+i8QKG2UWA4XmCt6+BFrNTZQtS6bOalyDY8Lz+G7"
0487: + "HybyipE3PqdTB4OIKAAPsEEeZOCZd2UXGQm5o4HaMIHXMBMGCSsGAQQBgjcU"
0488: + "AgQGHgQAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud"
0489: + "DgQWBBRJJl3LcNMxkZI818STfoi3ng1xoDBxBgNVHR8EajBoMDGgL6Athito"
0490: + "dHRwOi8vc2JhLmRpZ3QubG9jYWwvQ2VydEVucm9sbC9zYmEtQ0EuY3JsMDOg"
0491: + "MaAvhi1maWxlOi8vXFxzYmEuZGlndC5sb2NhbFxDZXJ0RW5yb2xsXHNiYS1D"
0492: + "QS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwCgYGKoUDAgIDBQADQQA+BRJHbc/p"
0493: + "q8EYl6iJqXCuR+ozRmH7hPAP3c4KqYSC38TClCgBloLapx/3/WdatctFJW/L"
0494: + "mcTovpq088927shE");
0495:
0496: byte[] inDirectCrl = Base64
0497: .decode("MIIdXjCCHMcCAQEwDQYJKoZIhvcNAQEFBQAwdDELMAkGA1UEBhMCREUxHDAaBgNV"
0498: + "BAoUE0RldXRzY2hlIFRlbGVrb20gQUcxFzAVBgNVBAsUDlQtVGVsZVNlYyBUZXN0"
0499: + "MS4wDAYHAoIGAQoHFBMBMTAeBgNVBAMUF1QtVGVsZVNlYyBUZXN0IERJUiA4OlBO"
0500: + "Fw0wNjA4MDQwODQ1MTRaFw0wNjA4MDQxNDQ1MTRaMIIbfzB+AgQvrj/pFw0wMzA3"
0501: + "MjIwNTQxMjhaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
0502: + "VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
0503: + "EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP+oXDTAzMDcyMjA1NDEyOFowZzBlBgNV"
0504: + "HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
0505: + "bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
0506: + "UE4wfgIEL64/5xcNMDQwNDA1MTMxODE3WjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
0507: + "CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
0508: + "BgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNDpQTjB+AgQvrj/oFw0wNDA0"
0509: + "MDUxMzE4MTdaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
0510: + "VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
0511: + "EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP+UXDTAzMDExMzExMTgxMVowZzBlBgNV"
0512: + "HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
0513: + "bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
0514: + "UE4wfgIEL64/5hcNMDMwMTEzMTExODExWjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
0515: + "CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
0516: + "BgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNDpQTjB+AgQvrj/jFw0wMzAx"
0517: + "MTMxMTI2NTZaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
0518: + "VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
0519: + "EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP+QXDTAzMDExMzExMjY1NlowZzBlBgNV"
0520: + "HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
0521: + "bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
0522: + "UE4wfgIEL64/4hcNMDQwNzEzMDc1ODM4WjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
0523: + "CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
0524: + "BgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNDpQTjB+AgQvrj/eFw0wMzAy"
0525: + "MTcwNjMzMjVaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
0526: + "VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
0527: + "EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP98XDTAzMDIxNzA2MzMyNVowZzBlBgNV"
0528: + "HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
0529: + "bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
0530: + "UE4wfgIEL64/0xcNMDMwMjE3MDYzMzI1WjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
0531: + "CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
0532: + "BgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNDpQTjB+AgQvrj/dFw0wMzAx"
0533: + "MTMxMTI4MTRaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
0534: + "VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
0535: + "EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP9cXDTAzMDExMzExMjcwN1owZzBlBgNV"
0536: + "HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
0537: + "bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
0538: + "UE4wfgIEL64/2BcNMDMwMTEzMTEyNzA3WjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
0539: + "CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
0540: + "BgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNDpQTjB+AgQvrj/VFw0wMzA0"
0541: + "MzAxMjI3NTNaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
0542: + "VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
0543: + "EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP9YXDTAzMDQzMDEyMjc1M1owZzBlBgNV"
0544: + "HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
0545: + "bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
0546: + "UE4wfgIEL64/xhcNMDMwMjEyMTM0NTQwWjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
0547: + "CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
0548: + "BgEKBxQTATEwGAYDVQQDFBFUVEMgVGVzdCBDQSAxMTpQTjCBkAIEL64/xRcNMDMw"
0549: + "MjEyMTM0NTQwWjB5MHcGA1UdHQEB/wRtMGukaTBnMQswCQYDVQQGEwJERTEcMBoG"
0550: + "A1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEQMA4GA1UECxQHVGVsZVNlYzEoMAwG"
0551: + "BwKCBgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNTpQTjB+AgQvrj/CFw0w"
0552: + "MzAyMTIxMzA5MTZaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRww"
0553: + "GgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNV"
0554: + "BAMUEVRUQyBUZXN0IENBIDExOlBOMIGQAgQvrj/BFw0wMzAyMTIxMzA4NDBaMHkw"
0555: + "dwYDVR0dAQH/BG0wa6RpMGcxCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2No"
0556: + "ZSBUZWxla29tIEFHMRAwDgYDVQQLFAdUZWxlU2VjMSgwDAYHAoIGAQoHFBMBMTAY"
0557: + "BgNVBAMUEVNpZ0cgVGVzdCBDQSA1OlBOMH4CBC+uP74XDTAzMDIxNzA2MzcyNVow"
0558: + "ZzBlBgNVHR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRz"
0559: + "Y2hlIFRlbGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRVFRDIFRlc3Qg"
0560: + "Q0EgMTE6UE4wgZACBC+uP70XDTAzMDIxNzA2MzcyNVoweTB3BgNVHR0BAf8EbTBr"
0561: + "pGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcx"
0562: + "EDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBU"
0563: + "ZXN0IENBIDU6UE4wgZACBC+uP7AXDTAzMDIxMjEzMDg1OVoweTB3BgNVHR0BAf8E"
0564: + "bTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20g"
0565: + "QUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2ln"
0566: + "RyBUZXN0IENBIDU6UE4wgZACBC+uP68XDTAzMDIxNzA2MzcyNVoweTB3BgNVHR0B"
0567: + "Af8EbTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVr"
0568: + "b20gQUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQR"
0569: + "U2lnRyBUZXN0IENBIDU6UE4wfgIEL64/kxcNMDMwNDEwMDUyNjI4WjBnMGUGA1Ud"
0570: + "HQEB/wRbMFmkVzBVMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVs"
0571: + "ZWtvbSBBRzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFUVEMgVGVzdCBDQSAxMTpQ"
0572: + "TjCBkAIEL64/khcNMDMwNDEwMDUyNjI4WjB5MHcGA1UdHQEB/wRtMGukaTBnMQsw"
0573: + "CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEQMA4GA1UE"
0574: + "CxQHVGVsZVNlYzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0Eg"
0575: + "NTpQTjB+AgQvrj8/Fw0wMzAyMjYxMTA0NDRaMGcwZQYDVR0dAQH/BFswWaRXMFUx"
0576: + "CzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYH"
0577: + "AoIGAQoHFBMBMTAYBgNVBAMUEVRUQyBUZXN0IENBIDExOlBOMIGQAgQvrj8+Fw0w"
0578: + "MzAyMjYxMTA0NDRaMHkwdwYDVR0dAQH/BG0wa6RpMGcxCzAJBgNVBAYTAkRFMRww"
0579: + "GgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMRAwDgYDVQQLFAdUZWxlU2VjMSgw"
0580: + "DAYHAoIGAQoHFBMBMTAYBgNVBAMUEVNpZ0cgVGVzdCBDQSA1OlBOMH4CBC+uPs0X"
0581: + "DTAzMDUyMDA1MjczNlowZzBlBgNVHR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUx"
0582: + "HDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgG"
0583: + "A1UEAxQRVFRDIFRlc3QgQ0EgMTE6UE4wgZACBC+uPswXDTAzMDUyMDA1MjczNlow"
0584: + "eTB3BgNVHR0BAf8EbTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRz"
0585: + "Y2hlIFRlbGVrb20gQUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwEx"
0586: + "MBgGA1UEAxQRU2lnRyBUZXN0IENBIDY6UE4wfgIEL64+PBcNMDMwNjE3MTAzNDE2"
0587: + "WjBnMGUGA1UdHQEB/wRbMFmkVzBVMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1"
0588: + "dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFUVEMgVGVz"
0589: + "dCBDQSAxMTpQTjCBkAIEL64+OxcNMDMwNjE3MTAzNDE2WjB5MHcGA1UdHQEB/wRt"
0590: + "MGukaTBnMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBB"
0591: + "RzEQMA4GA1UECxQHVGVsZVNlYzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFTaWdH"
0592: + "IFRlc3QgQ0EgNjpQTjCBkAIEL64+OhcNMDMwNjE3MTAzNDE2WjB5MHcGA1UdHQEB"
0593: + "/wRtMGukaTBnMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtv"
0594: + "bSBBRzEQMA4GA1UECxQHVGVsZVNlYzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFT"
0595: + "aWdHIFRlc3QgQ0EgNjpQTjB+AgQvrj45Fw0wMzA2MTcxMzAxMDBaMGcwZQYDVR0d"
0596: + "AQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxl"
0597: + "a29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEVRUQyBUZXN0IENBIDExOlBO"
0598: + "MIGQAgQvrj44Fw0wMzA2MTcxMzAxMDBaMHkwdwYDVR0dAQH/BG0wa6RpMGcxCzAJ"
0599: + "BgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMRAwDgYDVQQL"
0600: + "FAdUZWxlU2VjMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEVNpZ0cgVGVzdCBDQSA2"
0601: + "OlBOMIGQAgQvrj43Fw0wMzA2MTcxMzAxMDBaMHkwdwYDVR0dAQH/BG0wa6RpMGcx"
0602: + "CzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMRAwDgYD"
0603: + "VQQLFAdUZWxlU2VjMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEVNpZ0cgVGVzdCBD"
0604: + "QSA2OlBOMIGQAgQvrj42Fw0wMzA2MTcxMzAxMDBaMHkwdwYDVR0dAQH/BG0wa6Rp"
0605: + "MGcxCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMRAw"
0606: + "DgYDVQQLFAdUZWxlU2VjMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEVNpZ0cgVGVz"
0607: + "dCBDQSA2OlBOMIGQAgQvrj4zFw0wMzA2MTcxMDM3NDlaMHkwdwYDVR0dAQH/BG0w"
0608: + "a6RpMGcxCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFH"
0609: + "MRAwDgYDVQQLFAdUZWxlU2VjMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEVNpZ0cg"
0610: + "VGVzdCBDQSA2OlBOMH4CBC+uPjEXDTAzMDYxNzEwNDI1OFowZzBlBgNVHR0BAf8E"
0611: + "WzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20g"
0612: + "QUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRVFRDIFRlc3QgQ0EgMTE6UE4wgZAC"
0613: + "BC+uPjAXDTAzMDYxNzEwNDI1OFoweTB3BgNVHR0BAf8EbTBrpGkwZzELMAkGA1UE"
0614: + "BhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxEDAOBgNVBAsUB1Rl"
0615: + "bGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDY6UE4w"
0616: + "gZACBC+uPakXDTAzMTAyMjExMzIyNFoweTB3BgNVHR0BAf8EbTBrpGkwZzELMAkG"
0617: + "A1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxEDAOBgNVBAsU"
0618: + "B1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDY6"
0619: + "UE4wgZACBC+uPLIXDTA1MDMxMTA2NDQyNFoweTB3BgNVHR0BAf8EbTBrpGkwZzEL"
0620: + "MAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxEDAOBgNV"
0621: + "BAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENB"
0622: + "IDY6UE4wgZACBC+uPKsXDTA0MDQwMjA3NTQ1M1oweTB3BgNVHR0BAf8EbTBrpGkw"
0623: + "ZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxEDAO"
0624: + "BgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0"
0625: + "IENBIDY6UE4wgZACBC+uOugXDTA1MDEyNzEyMDMyNFoweTB3BgNVHR0BAf8EbTBr"
0626: + "pGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcx"
0627: + "EDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBU"
0628: + "ZXN0IENBIDY6UE4wgZACBC+uOr4XDTA1MDIxNjA3NTcxNloweTB3BgNVHR0BAf8E"
0629: + "bTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20g"
0630: + "QUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2ln"
0631: + "RyBUZXN0IENBIDY6UE4wgZACBC+uOqcXDTA1MDMxMDA1NTkzNVoweTB3BgNVHR0B"
0632: + "Af8EbTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVr"
0633: + "b20gQUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQR"
0634: + "U2lnRyBUZXN0IENBIDY6UE4wgZACBC+uOjwXDTA1MDUxMTEwNDk0NloweTB3BgNV"
0635: + "HR0BAf8EbTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
0636: + "bGVrb20gQUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UE"
0637: + "AxQRU2lnRyBUZXN0IENBIDY6UE4wgaoCBC+sbdUXDTA1MTExMTEwMDMyMVowgZIw"
0638: + "gY8GA1UdHQEB/wSBhDCBgaR/MH0xCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0"
0639: + "c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLFBZQcm9kdWt0emVudHJ1bSBUZWxlU2Vj"
0640: + "MS8wDAYHAoIGAQoHFBMBMTAfBgNVBAMUGFRlbGVTZWMgUEtTIFNpZ0cgQ0EgMTpQ"
0641: + "TjCBlQIEL64uaBcNMDYwMTIzMTAyNTU1WjB+MHwGA1UdHQEB/wRyMHCkbjBsMQsw"
0642: + "CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEWMBQGA1UE"
0643: + "CxQNWmVudHJhbGUgQm9ubjEnMAwGBwKCBgEKBxQTATEwFwYDVQQDFBBUVEMgVGVz"
0644: + "dCBDQSA5OlBOMIGVAgQvribHFw0wNjA4MDEwOTQ4NDRaMH4wfAYDVR0dAQH/BHIw"
0645: + "cKRuMGwxCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFH"
0646: + "MRYwFAYDVQQLFA1aZW50cmFsZSBCb25uMScwDAYHAoIGAQoHFBMBMTAXBgNVBAMU"
0647: + "EFRUQyBUZXN0IENBIDk6UE6ggZswgZgwCwYDVR0UBAQCAhEMMB8GA1UdIwQYMBaA"
0648: + "FANbyNumDI9545HwlCF26NuOJC45MA8GA1UdHAEB/wQFMAOEAf8wVwYDVR0SBFAw"
0649: + "ToZMbGRhcDovL3Brc2xkYXAudHR0Yy5kZS9vdT1ULVRlbGVTZWMgVGVzdCBESVIg"
0650: + "ODpQTixvPURldXRzY2hlIFRlbGVrb20gQUcsYz1kZTANBgkqhkiG9w0BAQUFAAOB"
0651: + "gQBewL5gLFHpeOWO07Vk3Gg7pRDuAlvaovBH4coCyCWpk5jEhUfFSYEDuaQB7do4"
0652: + "IlJmeTHvkI0PIZWJ7bwQ2PVdipPWDx0NVwS/Cz5jUKiS3BbAmZQZOueiKLFpQq3A"
0653: + "b8aOHA7WHU4078/1lM+bgeu33Ln1CGykEbmSjA/oKPi/JA==");
0654:
0655: byte[] directCRL = Base64
0656: .decode("MIIGXTCCBckCAQEwCgYGKyQDAwECBQAwdDELMAkGA1UEBhMCREUxHDAaBgNVBAoU"
0657: + "E0RldXRzY2hlIFRlbGVrb20gQUcxFzAVBgNVBAsUDlQtVGVsZVNlYyBUZXN0MS4w"
0658: + "DAYHAoIGAQoHFBMBMTAeBgNVBAMUF1QtVGVsZVNlYyBUZXN0IERJUiA4OlBOFw0w"
0659: + "NjA4MDQwODQ1MTRaFw0wNjA4MDQxNDQ1MTRaMIIElTAVAgQvrj/pFw0wMzA3MjIw"
0660: + "NTQxMjhaMBUCBC+uP+oXDTAzMDcyMjA1NDEyOFowFQIEL64/5xcNMDQwNDA1MTMx"
0661: + "ODE3WjAVAgQvrj/oFw0wNDA0MDUxMzE4MTdaMBUCBC+uP+UXDTAzMDExMzExMTgx"
0662: + "MVowFQIEL64/5hcNMDMwMTEzMTExODExWjAVAgQvrj/jFw0wMzAxMTMxMTI2NTZa"
0663: + "MBUCBC+uP+QXDTAzMDExMzExMjY1NlowFQIEL64/4hcNMDQwNzEzMDc1ODM4WjAV"
0664: + "AgQvrj/eFw0wMzAyMTcwNjMzMjVaMBUCBC+uP98XDTAzMDIxNzA2MzMyNVowFQIE"
0665: + "L64/0xcNMDMwMjE3MDYzMzI1WjAVAgQvrj/dFw0wMzAxMTMxMTI4MTRaMBUCBC+u"
0666: + "P9cXDTAzMDExMzExMjcwN1owFQIEL64/2BcNMDMwMTEzMTEyNzA3WjAVAgQvrj/V"
0667: + "Fw0wMzA0MzAxMjI3NTNaMBUCBC+uP9YXDTAzMDQzMDEyMjc1M1owFQIEL64/xhcN"
0668: + "MDMwMjEyMTM0NTQwWjAVAgQvrj/FFw0wMzAyMTIxMzQ1NDBaMBUCBC+uP8IXDTAz"
0669: + "MDIxMjEzMDkxNlowFQIEL64/wRcNMDMwMjEyMTMwODQwWjAVAgQvrj++Fw0wMzAy"
0670: + "MTcwNjM3MjVaMBUCBC+uP70XDTAzMDIxNzA2MzcyNVowFQIEL64/sBcNMDMwMjEy"
0671: + "MTMwODU5WjAVAgQvrj+vFw0wMzAyMTcwNjM3MjVaMBUCBC+uP5MXDTAzMDQxMDA1"
0672: + "MjYyOFowFQIEL64/khcNMDMwNDEwMDUyNjI4WjAVAgQvrj8/Fw0wMzAyMjYxMTA0"
0673: + "NDRaMBUCBC+uPz4XDTAzMDIyNjExMDQ0NFowFQIEL64+zRcNMDMwNTIwMDUyNzM2"
0674: + "WjAVAgQvrj7MFw0wMzA1MjAwNTI3MzZaMBUCBC+uPjwXDTAzMDYxNzEwMzQxNlow"
0675: + "FQIEL64+OxcNMDMwNjE3MTAzNDE2WjAVAgQvrj46Fw0wMzA2MTcxMDM0MTZaMBUC"
0676: + "BC+uPjkXDTAzMDYxNzEzMDEwMFowFQIEL64+OBcNMDMwNjE3MTMwMTAwWjAVAgQv"
0677: + "rj43Fw0wMzA2MTcxMzAxMDBaMBUCBC+uPjYXDTAzMDYxNzEzMDEwMFowFQIEL64+"
0678: + "MxcNMDMwNjE3MTAzNzQ5WjAVAgQvrj4xFw0wMzA2MTcxMDQyNThaMBUCBC+uPjAX"
0679: + "DTAzMDYxNzEwNDI1OFowFQIEL649qRcNMDMxMDIyMTEzMjI0WjAVAgQvrjyyFw0w"
0680: + "NTAzMTEwNjQ0MjRaMBUCBC+uPKsXDTA0MDQwMjA3NTQ1M1owFQIEL6466BcNMDUw"
0681: + "MTI3MTIwMzI0WjAVAgQvrjq+Fw0wNTAyMTYwNzU3MTZaMBUCBC+uOqcXDTA1MDMx"
0682: + "MDA1NTkzNVowFQIEL646PBcNMDUwNTExMTA0OTQ2WjAVAgQvrG3VFw0wNTExMTEx"
0683: + "MDAzMjFaMBUCBC+uLmgXDTA2MDEyMzEwMjU1NVowFQIEL64mxxcNMDYwODAxMDk0"
0684: + "ODQ0WqCBijCBhzALBgNVHRQEBAICEQwwHwYDVR0jBBgwFoAUA1vI26YMj3njkfCU"
0685: + "IXbo244kLjkwVwYDVR0SBFAwToZMbGRhcDovL3Brc2xkYXAudHR0Yy5kZS9vdT1U"
0686: + "LVRlbGVTZWMgVGVzdCBESVIgODpQTixvPURldXRzY2hlIFRlbGVrb20gQUcsYz1k"
0687: + "ZTAKBgYrJAMDAQIFAAOBgQArj4eMlbAwuA2aS5O4UUUHQMKKdK/dtZi60+LJMiMY"
0688: + "ojrMIf4+ZCkgm1Ca0Cd5T15MJxVHhh167Ehn/Hd48pdnAP6Dfz/6LeqkIHGWMHR+"
0689: + "z6TXpwWB+P4BdUec1ztz04LypsznrHcLRa91ixg9TZCb1MrOG+InNhleRs1ImXk8"
0690: + "MQ==");
0691:
0692: private final byte[] pkcs7CrlProblem = Base64
0693: .decode("MIIwSAYJKoZIhvcNAQcCoIIwOTCCMDUCAQExCzAJBgUrDgMCGgUAMAsGCSqG"
0694: + "SIb3DQEHAaCCEsAwggP4MIIC4KADAgECAgF1MA0GCSqGSIb3DQEBBQUAMEUx"
0695: + "CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR4wHAYDVQQD"
0696: + "ExVHZW9UcnVzdCBDQSBmb3IgQWRvYmUwHhcNMDQxMjAyMjEyNTM5WhcNMDYx"
0697: + "MjMwMjEyNTM5WjBMMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMR2VvVHJ1c3Qg"
0698: + "SW5jMSYwJAYDVQQDEx1HZW9UcnVzdCBBZG9iZSBPQ1NQIFJlc3BvbmRlcjCB"
0699: + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4gnNYhtw7U6QeVXZODnGhHMj"
0700: + "+OgZ0DB393rEk6a2q9kq129IA2e03yKBTfJfQR9aWKc2Qj90dsSqPjvTDHFG"
0701: + "Qsagm2FQuhnA3fb1UWhPzeEIdm6bxDsnQ8nWqKqxnWZzELZbdp3I9bBLizIq"
0702: + "obZovzt60LNMghn/unvvuhpeVSsCAwEAAaOCAW4wggFqMA4GA1UdDwEB/wQE"
0703: + "AwIE8DCB5QYDVR0gAQH/BIHaMIHXMIHUBgkqhkiG9y8BAgEwgcYwgZAGCCsG"
0704: + "AQUFBwICMIGDGoGAVGhpcyBjZXJ0aWZpY2F0ZSBoYXMgYmVlbiBpc3N1ZWQg"
0705: + "aW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBBY3JvYmF0IENyZWRlbnRpYWxzIENQ"
0706: + "UyBsb2NhdGVkIGF0IGh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNl"
0707: + "cy9jcHMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jl"
0708: + "c291cmNlcy9jcHMwEwYDVR0lBAwwCgYIKwYBBQUHAwkwOgYDVR0fBDMwMTAv"
0709: + "oC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9hZG9iZWNhMS5j"
0710: + "cmwwHwYDVR0jBBgwFoAUq4BZw2WDbR19E70Zw+wajw1HaqMwDQYJKoZIhvcN"
0711: + "AQEFBQADggEBAENJf1BD7PX5ivuaawt90q1OGzXpIQL/ClzEeFVmOIxqPc1E"
0712: + "TFRq92YuxG5b6+R+k+tGkmCwPLcY8ipg6ZcbJ/AirQhohzjlFuT6YAXsTfEj"
0713: + "CqEZfWM2sS7crK2EYxCMmKE3xDfPclYtrAoz7qZvxfQj0TuxHSstHZv39wu2"
0714: + "ZiG1BWiEcyDQyTgqTOXBoZmfJtshuAcXmTpgkrYSrS37zNlPTGh+pMYQ0yWD"
0715: + "c8OQRJR4OY5ZXfdna01mjtJTOmj6/6XPoLPYTq2gQrc2BCeNJ4bEhLb7sFVB"
0716: + "PbwPrpzTE/HRbQHDrzj0YimDxeOUV/UXctgvYwHNtEkcBLsOm/uytMYwggSh"
0717: + "MIIDiaADAgECAgQ+HL0oMA0GCSqGSIb3DQEBBQUAMGkxCzAJBgNVBAYTAlVT"
0718: + "MSMwIQYDVQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9yYXRlZDEdMBsGA1UE"
0719: + "CxMUQWRvYmUgVHJ1c3QgU2VydmljZXMxFjAUBgNVBAMTDUFkb2JlIFJvb3Qg"
0720: + "Q0EwHhcNMDMwMTA4MjMzNzIzWhcNMjMwMTA5MDAwNzIzWjBpMQswCQYDVQQG"
0721: + "EwJVUzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHTAb"
0722: + "BgNVBAsTFEFkb2JlIFRydXN0IFNlcnZpY2VzMRYwFAYDVQQDEw1BZG9iZSBS"
0723: + "b290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzE9UhPen"
0724: + "ouczU38/nBKIayyZR2d+Dx65rRSI+cMQ2B3w8NWfaQovWTWwzGypTJwVoJ/O"
0725: + "IL+gz1Ti4CBmRT85hjh+nMSOByLGJPYBErA131XqaZCw24U3HuJOB7JCoWoT"
0726: + "aaBm6oCREVkqmwh5WiBELcm9cziLPC/gQxtdswvwrzUaKf7vppLdgUydPVmO"
0727: + "rTE8QH6bkTYG/OJcjdGNJtVcRc+vZT+xqtJilvSoOOq6YEL09BxKNRXO+E4i"
0728: + "Vg+VGMX4lp+f+7C3eCXpgGu91grwxnSUnfMPUNuad85LcIMjjaDKeCBEXDxU"
0729: + "ZPHqojAZn+pMBk0GeEtekt8i0slns3rSAQIDAQABo4IBTzCCAUswEQYJYIZI"
0730: + "AYb4QgEBBAQDAgAHMIGOBgNVHR8EgYYwgYMwgYCgfqB8pHoweDELMAkGA1UE"
0731: + "BhMCVVMxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMR0w"
0732: + "GwYDVQQLExRBZG9iZSBUcnVzdCBTZXJ2aWNlczEWMBQGA1UEAxMNQWRvYmUg"
0733: + "Um9vdCBDQTENMAsGA1UEAxMEQ1JMMTArBgNVHRAEJDAigA8yMDAzMDEwODIz"
0734: + "MzcyM1qBDzIwMjMwMTA5MDAwNzIzWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgw"
0735: + "FoAUgrc4SpOqmxDvgLvZVOLxD/uAnN4wHQYDVR0OBBYEFIK3OEqTqpsQ74C7"
0736: + "2VTi8Q/7gJzeMAwGA1UdEwQFMAMBAf8wHQYJKoZIhvZ9B0EABBAwDhsIVjYu"
0737: + "MDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQAy2p9DdcH6b8lv26sdNjc+"
0738: + "vGEZNrcCPB0jWZhsnu5NhedUyCAfp9S74r8Ad30ka3AvXME6dkm10+AjhCpx"
0739: + "aiLzwScpmBX2NZDkBEzDjbyfYRzn/SSM0URDjBa6m02l1DUvvBHOvfdRN42f"
0740: + "kOQU8Rg/vulZEjX5M5LznuDVa5pxm5lLyHHD4bFhCcTl+pHwQjo3fTT5cujN"
0741: + "qmIcIenV9IIQ43sFti1oVgt+fpIsb01yggztVnSynbmrLSsdEF/bJ3Vwj/0d"
0742: + "1+ICoHnlHOX/r2RAUS2em0fbQqV8H8KmSLDXvpJpTaT2KVfFeBEY3IdRyhOy"
0743: + "Yp1PKzK9MaXB+lKrBYjIMIIEyzCCA7OgAwIBAgIEPhy9tTANBgkqhkiG9w0B"
0744: + "AQUFADBpMQswCQYDVQQGEwJVUzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJ"
0745: + "bmNvcnBvcmF0ZWQxHTAbBgNVBAsTFEFkb2JlIFRydXN0IFNlcnZpY2VzMRYw"
0746: + "FAYDVQQDEw1BZG9iZSBSb290IENBMB4XDTA0MDExNzAwMDMzOVoXDTE1MDEx"
0747: + "NTA4MDAwMFowRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu"
0748: + "Yy4xHjAcBgNVBAMTFUdlb1RydXN0IENBIGZvciBBZG9iZTCCASIwDQYJKoZI"
0749: + "hvcNAQEBBQADggEPADCCAQoCggEBAKfld+BkeFrnOYW8r9L1WygTDlTdSfrO"
0750: + "YvWS/Z6Ye5/l+HrBbOHqQCXBcSeCpz7kB2WdKMh1FOE4e9JlmICsHerBLdWk"
0751: + "emU+/PDb69zh8E0cLoDfxukF6oVPXj6WSThdSG7H9aXFzRr6S3XGCuvgl+Qw"
0752: + "DTLiLYW+ONF6DXwt3TQQtKReJjOJZk46ZZ0BvMStKyBaeB6DKZsmiIo89qso"
0753: + "13VDZINH2w1KvXg0ygDizoNtbvgAPFymwnsINS1klfQlcvn0x0RJm9bYQXK3"
0754: + "5GNZAgL3M7Lqrld0jMfIUaWvuHCLyivytRuzq1dJ7E8rmidjDEk/G+27pf13"
0755: + "fNZ7vR7M+IkCAwEAAaOCAZ0wggGZMBIGA1UdEwEB/wQIMAYBAf8CAQEwUAYD"
0756: + "VR0gBEkwRzBFBgkqhkiG9y8BAgEwODA2BggrBgEFBQcCARYqaHR0cHM6Ly93"
0757: + "d3cuYWRvYmUuY29tL21pc2MvcGtpL2Nkc19jcC5odG1sMBQGA1UdJQQNMAsG"
0758: + "CSqGSIb3LwEBBTCBsgYDVR0fBIGqMIGnMCKgIKAehhxodHRwOi8vY3JsLmFk"
0759: + "b2JlLmNvbS9jZHMuY3JsMIGAoH6gfKR6MHgxCzAJBgNVBAYTAlVTMSMwIQYD"
0760: + "VQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9yYXRlZDEdMBsGA1UECxMUQWRv"
0761: + "YmUgVHJ1c3QgU2VydmljZXMxFjAUBgNVBAMTDUFkb2JlIFJvb3QgQ0ExDTAL"
0762: + "BgNVBAMTBENSTDEwCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIK3OEqTqpsQ"
0763: + "74C72VTi8Q/7gJzeMB0GA1UdDgQWBBSrgFnDZYNtHX0TvRnD7BqPDUdqozAZ"
0764: + "BgkqhkiG9n0HQQAEDDAKGwRWNi4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA"
0765: + "PzlZLqIAjrFeEWEs0uC29YyJhkXOE9mf3YSaFGsITF+Gl1j0pajTjyH4R35Q"
0766: + "r3floW2q3HfNzTeZ90Jnr1DhVERD6zEMgJpCtJqVuk0sixuXJHghS/KicKf4"
0767: + "YXJJPx9epuIRF1siBRnznnF90svmOJMXApc0jGnYn3nQfk4kaShSnDaYaeYR"
0768: + "DJKcsiWhl6S5zfwS7Gg8hDeyckhMQKKWnlG1CQrwlSFisKCduoodwRtWgft8"
0769: + "kx13iyKK3sbalm6vnVc+5nufS4vI+TwMXoV63NqYaSroafBWk0nL53zGXPEy"
0770: + "+A69QhzEViJKn2Wgqt5gt++jMMNImbRObIqgfgF1VjCCBUwwggQ0oAMCAQIC"
0771: + "AgGDMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1H"
0772: + "ZW9UcnVzdCBJbmMuMR4wHAYDVQQDExVHZW9UcnVzdCBDQSBmb3IgQWRvYmUw"
0773: + "HhcNMDYwMzI0MTU0MjI5WhcNMDkwNDA2MTQ0MjI5WjBzMQswCQYDVQQGEwJV"
0774: + "UzELMAkGA1UECBMCTUExETAPBgNVBAoTCEdlb1RydXN0MR0wGwYDVQQDExRN"
0775: + "YXJrZXRpbmcgRGVwYXJ0bWVudDElMCMGCSqGSIb3DQEJARYWbWFya2V0aW5n"
0776: + "QGdlb3RydXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
0777: + "ANmvajTO4XJvAU2nVcLmXeCnAQX7RZt+7+ML3InmqQ3LCGo1weop09zV069/"
0778: + "1x/Nmieol7laEzeXxd2ghjGzwfXafqQEqHn6+vBCvqdNPoSi63fSWhnuDVWp"
0779: + "KVDOYgxOonrXl+Cc43lu4zRSq+Pi5phhrjDWcH74a3/rdljUt4c4GFezFXfa"
0780: + "w2oTzWkxj2cTSn0Szhpr17+p66UNt8uknlhmu4q44Speqql2HwmCEnpLYJrK"
0781: + "W3fOq5D4qdsvsLR2EABLhrBezamLI3iGV8cRHOUTsbTMhWhv/lKfHAyf4XjA"
0782: + "z9orzvPN5jthhIfICOFq/nStTgakyL4Ln+nFAB/SMPkCAwEAAaOCAhYwggIS"
0783: + "MA4GA1UdDwEB/wQEAwIF4DCB5QYDVR0gAQH/BIHaMIHXMIHUBgkqhkiG9y8B"
0784: + "AgEwgcYwgZAGCCsGAQUFBwICMIGDGoGAVGhpcyBjZXJ0aWZpY2F0ZSBoYXMg"
0785: + "YmVlbiBpc3N1ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBBY3JvYmF0IENy"
0786: + "ZWRlbnRpYWxzIENQUyBsb2NhdGVkIGF0IGh0dHA6Ly93d3cuZ2VvdHJ1c3Qu"
0787: + "Y29tL3Jlc291cmNlcy9jcHMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2Vv"
0788: + "dHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwOgYDVR0fBDMwMTAvoC2gK4YpaHR0"
0789: + "cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9hZG9iZWNhMS5jcmwwHwYDVR0j"
0790: + "BBgwFoAUq4BZw2WDbR19E70Zw+wajw1HaqMwRAYIKwYBBQUHAQEEODA2MDQG"
0791: + "CCsGAQUFBzABhihodHRwOi8vYWRvYmUtb2NzcC5nZW90cnVzdC5jb20vcmVz"
0792: + "cG9uZGVyMBQGA1UdJQQNMAsGCSqGSIb3LwEBBTA8BgoqhkiG9y8BAQkBBC4w"
0793: + "LAIBAYYnaHR0cDovL2Fkb2JlLXRpbWVzdGFtcC5nZW90cnVzdC5jb20vdHNh"
0794: + "MBMGCiqGSIb3LwEBCQIEBTADAgEBMAwGA1UdEwQFMAMCAQAwDQYJKoZIhvcN"
0795: + "AQEFBQADggEBAAOhy6QxOo+i3h877fvDvTa0plGD2bIqK7wMdNqbMDoSWied"
0796: + "FIcgcBOIm2wLxOjZBAVj/3lDq59q2rnVeNnfXM0/N0MHI9TumHRjU7WNk9e4"
0797: + "+JfJ4M+c3anrWOG3NE5cICDVgles+UHjXetHWql/LlP04+K2ZOLb6LE2xGnI"
0798: + "YyLW9REzCYNAVF+/WkYdmyceHtaBZdbyVAJq0NAJPsfgY1pWcBo31Mr1fpX9"
0799: + "WrXNTYDCqMyxMImJTmN3iI68tkXlNrhweQoArKFqBysiBkXzG/sGKYY6tWKU"
0800: + "pzjLc3vIp/LrXC5zilROes8BSvwu1w9qQrJNcGwo7O4uijoNtyYil1Exgh1Q"
0801: + "MIIdTAIBATBLMEUxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJ"
0802: + "bmMuMR4wHAYDVQQDExVHZW9UcnVzdCBDQSBmb3IgQWRvYmUCAgGDMAkGBSsO"
0803: + "AwIaBQCgggxMMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwIwYJKoZIhvcN"
0804: + "AQkEMRYEFP4R6qIdpQJzWyzrqO8X1ZfJOgChMIIMCQYJKoZIhvcvAQEIMYIL"
0805: + "+jCCC/agggZ5MIIGdTCCA6gwggKQMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV"
0806: + "BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR4wHAYDVQQDExVHZW9U"
0807: + "cnVzdCBDQSBmb3IgQWRvYmUXDTA2MDQwNDE3NDAxMFoXDTA2MDQwNTE3NDAx"
0808: + "MFowggIYMBMCAgC5Fw0wNTEwMTEyMDM2MzJaMBICAVsXDTA0MTEwNDE1MDk0"
0809: + "MVowEwICALgXDTA1MTIxMjIyMzgzOFowEgIBWhcNMDQxMTA0MTUwOTMzWjAT"
0810: + "AgIA5hcNMDUwODI3MDQwOTM4WjATAgIAtxcNMDYwMTE2MTc1NTEzWjATAgIA"
0811: + "hhcNMDUxMjEyMjIzODU1WjATAgIAtRcNMDUwNzA2MTgzODQwWjATAgIA4BcN"
0812: + "MDYwMzIwMDc0ODM0WjATAgIAgRcNMDUwODAyMjIzMTE1WjATAgIA3xcNMDUx"
0813: + "MjEyMjIzNjUwWjASAgFKFw0wNDExMDQxNTA5MTZaMBICAUQXDTA0MTEwNDE1"
0814: + "MDg1M1owEgIBQxcNMDQxMDAzMDEwMDQwWjASAgFsFw0wNDEyMDYxOTQ0MzFa"
0815: + "MBMCAgEoFw0wNjAzMDkxMjA3MTJaMBMCAgEkFw0wNjAxMTYxNzU1MzRaMBIC"
0816: + "AWcXDTA1MDMxODE3NTYxNFowEwICAVEXDTA2MDEzMTExMjcxMVowEgIBZBcN"
0817: + "MDQxMTExMjI0ODQxWjATAgIA8RcNMDUwOTE2MTg0ODAxWjATAgIBThcNMDYw"
0818: + "MjIxMjAxMDM2WjATAgIAwRcNMDUxMjEyMjIzODE2WjASAgFiFw0wNTAxMTAx"
0819: + "NjE5MzRaMBICAWAXDTA1MDExMDE5MDAwNFowEwICAL4XDTA1MDUxNzE0NTYx"
0820: + "MFowDQYJKoZIhvcNAQEFBQADggEBAEKhRMS3wVho1U3EvEQJZC8+JlUngmZQ"
0821: + "A78KQbHPWNZWFlNvPuf/b0s7Lu16GfNHXh1QAW6Y5Hi1YtYZ3YOPyMd4Xugt"
0822: + "gCdumbB6xtKsDyN5RvTht6ByXj+CYlYqsL7RX0izJZ6mJn4fjMkqzPKNOjb8"
0823: + "kSn5T6rn93BjlATtCE8tPVOM8dnqGccRE0OV59+nDBXc90UMt5LdEbwaUOap"
0824: + "snVB0oLcNm8d/HnlVH6RY5LnDjrT4vwfe/FApZtTecEWsllVUXDjSpwfcfD/"
0825: + "476/lpGySB2otALqzImlA9R8Ok3hJ8dnF6hhQ5Oe6OJMnGYgdhkKbxsKkdib"
0826: + "tTVl3qmH5QAwggLFMIIBrQIBATANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQG"
0827: + "EwJVUzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHTAb"
0828: + "BgNVBAsTFEFkb2JlIFRydXN0IFNlcnZpY2VzMRYwFAYDVQQDEw1BZG9iZSBS"
0829: + "b290IENBFw0wNjAxMjcxODMzMzFaFw0wNzAxMjcwMDAwMDBaMIHeMCMCBD4c"
0830: + "vUAXDTAzMDEyMTIzNDY1NlowDDAKBgNVHRUEAwoBBDAjAgQ+HL1BFw0wMzAx"
0831: + "MjEyMzQ3MjJaMAwwCgYDVR0VBAMKAQQwIwIEPhy9YhcNMDMwMTIxMjM0NzQy"
0832: + "WjAMMAoGA1UdFQQDCgEEMCMCBD4cvWEXDTA0MDExNzAxMDg0OFowDDAKBgNV"
0833: + "HRUEAwoBBDAjAgQ+HL2qFw0wNDAxMTcwMTA5MDVaMAwwCgYDVR0VBAMKAQQw"
0834: + "IwIEPhy9qBcNMDQwMTE3MDEzOTI5WjAMMAoGA1UdFQQDCgEEoC8wLTAKBgNV"
0835: + "HRQEAwIBDzAfBgNVHSMEGDAWgBSCtzhKk6qbEO+Au9lU4vEP+4Cc3jANBgkq"
0836: + "hkiG9w0BAQUFAAOCAQEAwtXF9042wG39icUlsotn5tpE3oCusLb/hBpEONhx"
0837: + "OdfEQOq0w5hf/vqaxkcf71etA+KpbEUeSVaHMHRPhx/CmPrO9odE139dJdbt"
0838: + "9iqbrC9iZokFK3h/es5kg73xujLKd7C/u5ngJ4mwBtvhMLjFjF2vJhPKHL4C"
0839: + "IgMwdaUAhrcNzy16v+mw/VGJy3Fvc6oCESW1K9tvFW58qZSNXrMlsuidgunM"
0840: + "hPKG+z0SXVyCqL7pnqKiaGddcgujYGOSY4S938oVcfZeZQEODtSYGlzldojX"
0841: + "C1U1hCK5+tHAH0Ox/WqRBIol5VCZQwJftf44oG8oviYq52aaqSejXwmfT6zb"
0842: + "76GCBXUwggVxMIIFbQoBAKCCBWYwggViBgkrBgEFBQcwAQEEggVTMIIFTzCB"
0843: + "taIWBBS+8EpykfXdl4h3z7m/NZfdkAQQERgPMjAwNjA0MDQyMDIwMTVaMGUw"
0844: + "YzA7MAkGBSsOAwIaBQAEFEb4BuZYkbjBjOjT6VeA/00fBvQaBBT3fTSQniOp"
0845: + "BbHBSkz4xridlX0bsAICAYOAABgPMjAwNjA0MDQyMDIwMTVaoBEYDzIwMDYw"
0846: + "NDA1MDgyMDE1WqEjMCEwHwYJKwYBBQUHMAECBBIEEFqooq/R2WltD7TposkT"
0847: + "BhMwDQYJKoZIhvcNAQEFBQADgYEAMig6lty4b0JDsT/oanfQG5x6jVKPACpp"
0848: + "1UA9SJ0apJJa7LeIdDFmu5C2S/CYiKZm4A4P9cAu0YzgLHxE4r6Op+HfVlAG"
0849: + "6bzUe1P/hi1KCJ8r8wxOZAktQFPSzs85RAZwkHMfB0lP2e/h666Oye+Zf8VH"
0850: + "RaE+/xZ7aswE89HXoumgggQAMIID/DCCA/gwggLgoAMCAQICAXUwDQYJKoZI"
0851: + "hvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu"
0852: + "Yy4xHjAcBgNVBAMTFUdlb1RydXN0IENBIGZvciBBZG9iZTAeFw0wNDEyMDIy"
0853: + "MTI1MzlaFw0wNjEyMzAyMTI1MzlaMEwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK"
0854: + "EwxHZW9UcnVzdCBJbmMxJjAkBgNVBAMTHUdlb1RydXN0IEFkb2JlIE9DU1Ag"
0855: + "UmVzcG9uZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiCc1iG3Dt"
0856: + "TpB5Vdk4OcaEcyP46BnQMHf3esSTprar2SrXb0gDZ7TfIoFN8l9BH1pYpzZC"
0857: + "P3R2xKo+O9MMcUZCxqCbYVC6GcDd9vVRaE/N4Qh2bpvEOydDydaoqrGdZnMQ"
0858: + "tlt2ncj1sEuLMiqhtmi/O3rQs0yCGf+6e++6Gl5VKwIDAQABo4IBbjCCAWow"
0859: + "DgYDVR0PAQH/BAQDAgTwMIHlBgNVHSABAf8EgdowgdcwgdQGCSqGSIb3LwEC"
0860: + "ATCBxjCBkAYIKwYBBQUHAgIwgYMagYBUaGlzIGNlcnRpZmljYXRlIGhhcyBi"
0861: + "ZWVuIGlzc3VlZCBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIEFjcm9iYXQgQ3Jl"
0862: + "ZGVudGlhbHMgQ1BTIGxvY2F0ZWQgYXQgaHR0cDovL3d3dy5nZW90cnVzdC5j"
0863: + "b20vcmVzb3VyY2VzL2NwczAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90"
0864: + "cnVzdC5jb20vcmVzb3VyY2VzL2NwczATBgNVHSUEDDAKBggrBgEFBQcDCTA6"
0865: + "BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxz"
0866: + "L2Fkb2JlY2ExLmNybDAfBgNVHSMEGDAWgBSrgFnDZYNtHX0TvRnD7BqPDUdq"
0867: + "ozANBgkqhkiG9w0BAQUFAAOCAQEAQ0l/UEPs9fmK+5prC33SrU4bNekhAv8K"
0868: + "XMR4VWY4jGo9zURMVGr3Zi7Eblvr5H6T60aSYLA8txjyKmDplxsn8CKtCGiH"
0869: + "OOUW5PpgBexN8SMKoRl9YzaxLtysrYRjEIyYoTfEN89yVi2sCjPupm/F9CPR"
0870: + "O7EdKy0dm/f3C7ZmIbUFaIRzINDJOCpM5cGhmZ8m2yG4BxeZOmCSthKtLfvM"
0871: + "2U9MaH6kxhDTJYNzw5BElHg5jlld92drTWaO0lM6aPr/pc+gs9hOraBCtzYE"
0872: + "J40nhsSEtvuwVUE9vA+unNMT8dFtAcOvOPRiKYPF45RX9Rdy2C9jAc20SRwE"
0873: + "uw6b+7K0xjANBgkqhkiG9w0BAQEFAASCAQC7a4yICFGCEMPlJbydK5qLG3rV"
0874: + "sip7Ojjz9TB4nLhC2DgsIHds8jjdq2zguInluH2nLaBCVS+qxDVlTjgbI2cB"
0875: + "TaWS8nglC7nNjzkKAsa8vThA8FZUVXTW0pb74jNJJU2AA27bb4g+4WgunCrj"
0876: + "fpYp+QjDyMmdrJVqRmt5eQN+dpVxMS9oq+NrhOSEhyIb4/rejgNg9wnVK1ms"
0877: + "l5PxQ4x7kpm7+Ua41//owkJVWykRo4T1jo4eHEz1DolPykAaKie2VKH/sMqR"
0878: + "Spjh4E5biKJLOV9fKivZWKAXByXfwUbbMsJvz4v/2yVHFy9xP+tqB5ZbRoDK"
0879: + "k8PzUyCprozn+/22oYIPijCCD4YGCyqGSIb3DQEJEAIOMYIPdTCCD3EGCSqG"
0880: + "SIb3DQEHAqCCD2Iwgg9eAgEDMQswCQYFKw4DAhoFADCB+gYLKoZIhvcNAQkQ"
0881: + "AQSggeoEgecwgeQCAQEGAikCMCEwCQYFKw4DAhoFAAQUoT97qeCv3FXYaEcS"
0882: + "gY8patCaCA8CAiMHGA8yMDA2MDQwNDIwMjA1N1owAwIBPAEB/wIIO0yRre3L"
0883: + "8/6ggZCkgY0wgYoxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNl"
0884: + "dHRzMRAwDgYDVQQHEwdOZWVkaGFtMRUwEwYDVQQKEwxHZW9UcnVzdCBJbmMx"
0885: + "EzARBgNVBAsTClByb2R1Y3Rpb24xJTAjBgNVBAMTHGFkb2JlLXRpbWVzdGFt"
0886: + "cC5nZW90cnVzdC5jb22gggzJMIIDUTCCAjmgAwIBAgICAI8wDQYJKoZIhvcN"
0887: + "AQEFBQAwRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4x"
0888: + "HjAcBgNVBAMTFUdlb1RydXN0IENBIGZvciBBZG9iZTAeFw0wNTAxMTAwMTI5"
0889: + "MTBaFw0xNTAxMTUwODAwMDBaMIGKMQswCQYDVQQGEwJVUzEWMBQGA1UECBMN"
0890: + "TWFzc2FjaHVzZXR0czEQMA4GA1UEBxMHTmVlZGhhbTEVMBMGA1UEChMMR2Vv"
0891: + "VHJ1c3QgSW5jMRMwEQYDVQQLEwpQcm9kdWN0aW9uMSUwIwYDVQQDExxhZG9i"
0892: + "ZS10aW1lc3RhbXAuZ2VvdHJ1c3QuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN"
0893: + "ADCBiQKBgQDRbxJotLFPWQuuEDhKtOMaBUJepGxIvWxeahMbq1DVmqnk88+j"
0894: + "w/5lfPICPzQZ1oHrcTLSAFM7Mrz3pyyQKQKMqUyiemzuG/77ESUNfBNSUfAF"
0895: + "PdtHuDMU8Is8ABVnFk63L+wdlvvDIlKkE08+VTKCRdjmuBVltMpQ6QcLFQzm"
0896: + "AQIDAQABo4GIMIGFMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2Vv"
0897: + "dHJ1c3QuY29tL2NybHMvYWRvYmVjYTEuY3JsMB8GA1UdIwQYMBaAFKuAWcNl"
0898: + "g20dfRO9GcPsGo8NR2qjMA4GA1UdDwEB/wQEAwIGwDAWBgNVHSUBAf8EDDAK"
0899: + "BggrBgEFBQcDCDANBgkqhkiG9w0BAQUFAAOCAQEAmnyXjdtX+F79Nf0KggTd"
0900: + "6YC2MQD9s09IeXTd8TP3rBmizfM+7f3icggeCGakNfPRmIUMLoa0VM5Kt37T"
0901: + "2X0TqzBWusfbKx7HnX4v1t/G8NJJlT4SShSHv+8bjjU4lUoCmW2oEcC5vXwP"
0902: + "R5JfjCyois16npgcO05ZBT+LLDXyeBijE6qWmwLDfEpLyILzVRmyU4IE7jvm"
0903: + "rgb3GXwDUvd3yQXGRRHbPCh3nj9hBGbuzyt7GnlqnEie3wzIyMG2ET/wvTX5"
0904: + "4BFXKNe7lDLvZj/MXvd3V7gMTSVW0kAszKao56LfrVTgp1VX3UBQYwmQqaoA"
0905: + "UwFezih+jEvjW6cYJo/ErDCCBKEwggOJoAMCAQICBD4cvSgwDQYJKoZIhvcN"
0906: + "AQEFBQAwaTELMAkGA1UEBhMCVVMxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMg"
0907: + "SW5jb3Jwb3JhdGVkMR0wGwYDVQQLExRBZG9iZSBUcnVzdCBTZXJ2aWNlczEW"
0908: + "MBQGA1UEAxMNQWRvYmUgUm9vdCBDQTAeFw0wMzAxMDgyMzM3MjNaFw0yMzAx"
0909: + "MDkwMDA3MjNaMGkxCzAJBgNVBAYTAlVTMSMwIQYDVQQKExpBZG9iZSBTeXN0"
0910: + "ZW1zIEluY29ycG9yYXRlZDEdMBsGA1UECxMUQWRvYmUgVHJ1c3QgU2Vydmlj"
0911: + "ZXMxFjAUBgNVBAMTDUFkb2JlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUA"
0912: + "A4IBDwAwggEKAoIBAQDMT1SE96ei5zNTfz+cEohrLJlHZ34PHrmtFIj5wxDY"
0913: + "HfDw1Z9pCi9ZNbDMbKlMnBWgn84gv6DPVOLgIGZFPzmGOH6cxI4HIsYk9gES"
0914: + "sDXfVeppkLDbhTce4k4HskKhahNpoGbqgJERWSqbCHlaIEQtyb1zOIs8L+BD"
0915: + "G12zC/CvNRop/u+mkt2BTJ09WY6tMTxAfpuRNgb84lyN0Y0m1VxFz69lP7Gq"
0916: + "0mKW9Kg46rpgQvT0HEo1Fc74TiJWD5UYxfiWn5/7sLd4JemAa73WCvDGdJSd"
0917: + "8w9Q25p3zktwgyONoMp4IERcPFRk8eqiMBmf6kwGTQZ4S16S3yLSyWezetIB"
0918: + "AgMBAAGjggFPMIIBSzARBglghkgBhvhCAQEEBAMCAAcwgY4GA1UdHwSBhjCB"
0919: + "gzCBgKB+oHykejB4MQswCQYDVQQGEwJVUzEjMCEGA1UEChMaQWRvYmUgU3lz"
0920: + "dGVtcyBJbmNvcnBvcmF0ZWQxHTAbBgNVBAsTFEFkb2JlIFRydXN0IFNlcnZp"
0921: + "Y2VzMRYwFAYDVQQDEw1BZG9iZSBSb290IENBMQ0wCwYDVQQDEwRDUkwxMCsG"
0922: + "A1UdEAQkMCKADzIwMDMwMTA4MjMzNzIzWoEPMjAyMzAxMDkwMDA3MjNaMAsG"
0923: + "A1UdDwQEAwIBBjAfBgNVHSMEGDAWgBSCtzhKk6qbEO+Au9lU4vEP+4Cc3jAd"
0924: + "BgNVHQ4EFgQUgrc4SpOqmxDvgLvZVOLxD/uAnN4wDAYDVR0TBAUwAwEB/zAd"
0925: + "BgkqhkiG9n0HQQAEEDAOGwhWNi4wOjQuMAMCBJAwDQYJKoZIhvcNAQEFBQAD"
0926: + "ggEBADLan0N1wfpvyW/bqx02Nz68YRk2twI8HSNZmGye7k2F51TIIB+n1Lvi"
0927: + "vwB3fSRrcC9cwTp2SbXT4COEKnFqIvPBJymYFfY1kOQETMONvJ9hHOf9JIzR"
0928: + "REOMFrqbTaXUNS+8Ec6991E3jZ+Q5BTxGD++6VkSNfkzkvOe4NVrmnGbmUvI"
0929: + "ccPhsWEJxOX6kfBCOjd9NPly6M2qYhwh6dX0ghDjewW2LWhWC35+kixvTXKC"
0930: + "DO1WdLKduastKx0QX9sndXCP/R3X4gKgeeUc5f+vZEBRLZ6bR9tCpXwfwqZI"
0931: + "sNe+kmlNpPYpV8V4ERjch1HKE7JinU8rMr0xpcH6UqsFiMgwggTLMIIDs6AD"
0932: + "AgECAgQ+HL21MA0GCSqGSIb3DQEBBQUAMGkxCzAJBgNVBAYTAlVTMSMwIQYD"
0933: + "VQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9yYXRlZDEdMBsGA1UECxMUQWRv"
0934: + "YmUgVHJ1c3QgU2VydmljZXMxFjAUBgNVBAMTDUFkb2JlIFJvb3QgQ0EwHhcN"
0935: + "MDQwMTE3MDAwMzM5WhcNMTUwMTE1MDgwMDAwWjBFMQswCQYDVQQGEwJVUzEW"
0936: + "MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgQ0Eg"
0937: + "Zm9yIEFkb2JlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+V3"
0938: + "4GR4Wuc5hbyv0vVbKBMOVN1J+s5i9ZL9nph7n+X4esFs4epAJcFxJ4KnPuQH"
0939: + "ZZ0oyHUU4Th70mWYgKwd6sEt1aR6ZT788Nvr3OHwTRwugN/G6QXqhU9ePpZJ"
0940: + "OF1Ibsf1pcXNGvpLdcYK6+CX5DANMuIthb440XoNfC3dNBC0pF4mM4lmTjpl"
0941: + "nQG8xK0rIFp4HoMpmyaIijz2qyjXdUNkg0fbDUq9eDTKAOLOg21u+AA8XKbC"
0942: + "ewg1LWSV9CVy+fTHREmb1thBcrfkY1kCAvczsuquV3SMx8hRpa+4cIvKK/K1"
0943: + "G7OrV0nsTyuaJ2MMST8b7bul/Xd81nu9Hsz4iQIDAQABo4IBnTCCAZkwEgYD"
0944: + "VR0TAQH/BAgwBgEB/wIBATBQBgNVHSAESTBHMEUGCSqGSIb3LwECATA4MDYG"
0945: + "CCsGAQUFBwIBFipodHRwczovL3d3dy5hZG9iZS5jb20vbWlzYy9wa2kvY2Rz"
0946: + "X2NwLmh0bWwwFAYDVR0lBA0wCwYJKoZIhvcvAQEFMIGyBgNVHR8Egaowgacw"
0947: + "IqAgoB6GHGh0dHA6Ly9jcmwuYWRvYmUuY29tL2Nkcy5jcmwwgYCgfqB8pHow"
0948: + "eDELMAkGA1UEBhMCVVMxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jw"
0949: + "b3JhdGVkMR0wGwYDVQQLExRBZG9iZSBUcnVzdCBTZXJ2aWNlczEWMBQGA1UE"
0950: + "AxMNQWRvYmUgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMTALBgNVHQ8EBAMCAQYw"
0951: + "HwYDVR0jBBgwFoAUgrc4SpOqmxDvgLvZVOLxD/uAnN4wHQYDVR0OBBYEFKuA"
0952: + "WcNlg20dfRO9GcPsGo8NR2qjMBkGCSqGSIb2fQdBAAQMMAobBFY2LjADAgSQ"
0953: + "MA0GCSqGSIb3DQEBBQUAA4IBAQA/OVkuogCOsV4RYSzS4Lb1jImGRc4T2Z/d"
0954: + "hJoUawhMX4aXWPSlqNOPIfhHflCvd+Whbarcd83NN5n3QmevUOFUREPrMQyA"
0955: + "mkK0mpW6TSyLG5ckeCFL8qJwp/hhckk/H16m4hEXWyIFGfOecX3Sy+Y4kxcC"
0956: + "lzSMadifedB+TiRpKFKcNphp5hEMkpyyJaGXpLnN/BLsaDyEN7JySExAopae"
0957: + "UbUJCvCVIWKwoJ26ih3BG1aB+3yTHXeLIorextqWbq+dVz7me59Li8j5PAxe"
0958: + "hXrc2phpKuhp8FaTScvnfMZc8TL4Dr1CHMRWIkqfZaCq3mC376Mww0iZtE5s"
0959: + "iqB+AXVWMYIBgDCCAXwCAQEwSzBFMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN"
0960: + "R2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgQ0EgZm9yIEFkb2Jl"
0961: + "AgIAjzAJBgUrDgMCGgUAoIGMMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB"
0962: + "BDAcBgkqhkiG9w0BCQUxDxcNMDYwNDA0MjAyMDU3WjAjBgkqhkiG9w0BCQQx"
0963: + "FgQUp7AnXBqoNcarvO7fMJut1og2U5AwKwYLKoZIhvcNAQkQAgwxHDAaMBgw"
0964: + "FgQU1dH4eZTNhgxdiSABrat6zsPdth0wDQYJKoZIhvcNAQEBBQAEgYCinr/F"
0965: + "rMiQz/MRm9ZD5YGcC0Qo2dRTPd0Aop8mZ4g1xAhKFLnp7lLsjCbkSDpVLDBh"
0966: + "cnCk7CV+3FT5hlvt8OqZlR0CnkSnCswLFhrppiWle6cpxlwGqyAteC8uKtQu"
0967: + "wjE5GtBKLcCOAzQYyyuNZZeB6oCZ+3mPhZ62FxrvvEGJCgAAAAAAAAAAAAAA"
0968: + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
0969: + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
0970: + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
0971: + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
0972: + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
0973: + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
0974: + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
0975: + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
0976: + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==");
0977:
0978: private PublicKey dudPublicKey = new PublicKey() {
0979: public String getAlgorithm() {
0980: return null;
0981: }
0982:
0983: public String getFormat() {
0984: return null;
0985: }
0986:
0987: public byte[] getEncoded() {
0988: return null;
0989: }
0990:
0991: };
0992:
0993: public String getName() {
0994: return "CertTest";
0995: }
0996:
0997: public void checkCertificate(int id, byte[] bytes) {
0998: ByteArrayInputStream bIn;
0999: String dump = "";
1000:
1001: try {
1002: bIn = new ByteArrayInputStream(bytes);
1003:
1004: CertificateFactory fact = CertificateFactory.getInstance(
1005: "X.509", "BC");
1006:
1007: Certificate cert = fact.generateCertificate(bIn);
1008:
1009: PublicKey k = cert.getPublicKey();
1010: // System.out.println(cert);
1011: } catch (Exception e) {
1012: fail(dump + System.getProperty("line.separator")
1013: + getName() + ": " + id + " failed - exception "
1014: + e.toString(), e);
1015: }
1016:
1017: }
1018:
1019: public void checkNameCertificate(int id, byte[] bytes) {
1020: ByteArrayInputStream bIn;
1021: String dump = "";
1022:
1023: try {
1024: bIn = new ByteArrayInputStream(bytes);
1025:
1026: CertificateFactory fact = CertificateFactory.getInstance(
1027: "X.509", "BC");
1028:
1029: X509Certificate cert = (X509Certificate) fact
1030: .generateCertificate(bIn);
1031:
1032: PublicKey k = cert.getPublicKey();
1033: if (!cert
1034: .getIssuerDN()
1035: .toString()
1036: .equals(
1037: "C=DE,O=DATEV eG,0.2.262.1.10.7.20=1+CN=CA DATEV D03 1:PN")) {
1038: fail(id + " failed - name test.");
1039: }
1040: // System.out.println(cert);
1041: } catch (Exception e) {
1042: fail(dump + System.getProperty("line.separator")
1043: + getName() + ": " + id + " failed - exception "
1044: + e.toString(), e);
1045: }
1046:
1047: }
1048:
1049: public void checkKeyUsage(int id, byte[] bytes) {
1050: ByteArrayInputStream bIn;
1051: String dump = "";
1052:
1053: try {
1054: bIn = new ByteArrayInputStream(bytes);
1055:
1056: CertificateFactory fact = CertificateFactory.getInstance(
1057: "X.509", "BC");
1058:
1059: X509Certificate cert = (X509Certificate) fact
1060: .generateCertificate(bIn);
1061:
1062: PublicKey k = cert.getPublicKey();
1063:
1064: if (cert.getKeyUsage()[7]) {
1065: fail("error generating cert - key usage wrong.");
1066: }
1067:
1068: // System.out.println(cert);
1069: } catch (Exception e) {
1070: fail(dump + System.getProperty("line.separator")
1071: + getName() + ": " + id + " failed - exception "
1072: + e.toString(), e);
1073: }
1074:
1075: }
1076:
1077: public void checkSelfSignedCertificate(int id, byte[] bytes) {
1078: ByteArrayInputStream bIn;
1079: String dump = "";
1080:
1081: try {
1082: bIn = new ByteArrayInputStream(bytes);
1083:
1084: CertificateFactory fact = CertificateFactory.getInstance(
1085: "X.509", "BC");
1086:
1087: Certificate cert = fact.generateCertificate(bIn);
1088:
1089: PublicKey k = cert.getPublicKey();
1090:
1091: cert.verify(k);
1092: // System.out.println(cert);
1093: } catch (Exception e) {
1094: fail(dump + System.getProperty("line.separator")
1095: + getName() + ": " + id + " failed - exception "
1096: + e.toString(), e);
1097: }
1098:
1099: }
1100:
1101: /**
1102: * we generate a self signed certificate for the sake of testing - RSA
1103: */
1104: public void checkCreation1() throws Exception {
1105: //
1106: // a sample key pair.
1107: //
1108: RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
1109: new BigInteger(
1110: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
1111: 16), new BigInteger("11", 16));
1112:
1113: RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
1114: new BigInteger(
1115: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
1116: 16),
1117: new BigInteger("11", 16),
1118: new BigInteger(
1119: "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
1120: 16),
1121: new BigInteger(
1122: "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb",
1123: 16),
1124: new BigInteger(
1125: "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5",
1126: 16),
1127: new BigInteger(
1128: "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391",
1129: 16),
1130: new BigInteger(
1131: "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd",
1132: 16),
1133: new BigInteger(
1134: "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19",
1135: 16));
1136:
1137: //
1138: // set up the keys
1139: //
1140: PrivateKey privKey;
1141: PublicKey pubKey;
1142:
1143: KeyFactory fact = KeyFactory.getInstance("RSA", "BC");
1144:
1145: privKey = fact.generatePrivate(privKeySpec);
1146: pubKey = fact.generatePublic(pubKeySpec);
1147:
1148: //
1149: // distinguished name table.
1150: //
1151: Hashtable attrs = new Hashtable();
1152:
1153: attrs.put(X509Principal.C, "AU");
1154: attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
1155: attrs.put(X509Principal.L, "Melbourne");
1156: attrs.put(X509Principal.ST, "Victoria");
1157: attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org");
1158:
1159: Vector ord = new Vector();
1160: Vector values = new Vector();
1161:
1162: ord.addElement(X509Principal.C);
1163: ord.addElement(X509Principal.O);
1164: ord.addElement(X509Principal.L);
1165: ord.addElement(X509Principal.ST);
1166: ord.addElement(X509Principal.E);
1167:
1168: values.addElement("AU");
1169: values.addElement("The Legion of the Bouncy Castle");
1170: values.addElement("Melbourne");
1171: values.addElement("Victoria");
1172: values.addElement("feedback-crypto@bouncycastle.org");
1173:
1174: //
1175: // extensions
1176: //
1177:
1178: //
1179: // create the certificate - version 3 - without extensions
1180: //
1181: X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
1182:
1183: certGen.setSerialNumber(BigInteger.valueOf(1));
1184: certGen.setIssuerDN(new X509Principal(attrs));
1185: certGen.setNotBefore(new Date(
1186: System.currentTimeMillis() - 50000));
1187: certGen
1188: .setNotAfter(new Date(
1189: System.currentTimeMillis() + 50000));
1190: certGen.setSubjectDN(new X509Principal(attrs));
1191: certGen.setPublicKey(pubKey);
1192: certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
1193:
1194: X509Certificate cert = certGen.generate(privKey);
1195:
1196: cert.checkValidity(new Date());
1197:
1198: cert.verify(pubKey);
1199:
1200: Set dummySet = cert.getNonCriticalExtensionOIDs();
1201: if (dummySet != null) {
1202: fail("non-critical oid set should be null");
1203: }
1204: dummySet = cert.getCriticalExtensionOIDs();
1205: if (dummySet != null) {
1206: fail("critical oid set should be null");
1207: }
1208:
1209: //
1210: // create the certificate - version 3 - with extensions
1211: //
1212: certGen = new X509V3CertificateGenerator();
1213:
1214: certGen.setSerialNumber(BigInteger.valueOf(1));
1215: certGen.setIssuerDN(new X509Principal(attrs));
1216: certGen.setNotBefore(new Date(
1217: System.currentTimeMillis() - 50000));
1218: certGen
1219: .setNotAfter(new Date(
1220: System.currentTimeMillis() + 50000));
1221: certGen.setSubjectDN(new X509Principal(attrs));
1222: certGen.setPublicKey(pubKey);
1223: certGen.setSignatureAlgorithm("MD5WithRSAEncryption");
1224: certGen.addExtension("2.5.29.15", true, new X509KeyUsage(
1225: X509KeyUsage.encipherOnly));
1226: certGen.addExtension("2.5.29.37", true, new DERSequence(
1227: KeyPurposeId.anyExtendedKeyUsage));
1228: certGen.addExtension("2.5.29.17", true, new GeneralNames(
1229: new GeneralName(GeneralName.rfc822Name,
1230: "test@test.test")));
1231:
1232: cert = certGen.generate(privKey);
1233:
1234: cert.checkValidity(new Date());
1235:
1236: cert.verify(pubKey);
1237:
1238: ByteArrayInputStream sbIn = new ByteArrayInputStream(cert
1239: .getEncoded());
1240: ASN1InputStream sdIn = new ASN1InputStream(sbIn);
1241: ByteArrayInputStream bIn = new ByteArrayInputStream(cert
1242: .getEncoded());
1243: CertificateFactory certFact = CertificateFactory.getInstance(
1244: "X.509", "BC");
1245:
1246: cert = (X509Certificate) certFact.generateCertificate(bIn);
1247:
1248: if (!cert.getKeyUsage()[7]) {
1249: fail("error generating cert - key usage wrong.");
1250: }
1251:
1252: List l = cert.getExtendedKeyUsage();
1253: if (!l.get(0).equals(KeyPurposeId.anyExtendedKeyUsage.getId())) {
1254: fail("failed extended key usage test");
1255: }
1256:
1257: Collection c = cert.getSubjectAlternativeNames();
1258: Iterator it = c.iterator();
1259: while (it.hasNext()) {
1260: List gn = (List) it.next();
1261: if (!gn.get(1).equals("test@test.test")) {
1262: fail("failed subject alternative names test");
1263: }
1264: }
1265:
1266: // System.out.println(cert);
1267:
1268: //
1269: // create the certificate - version 1
1270: //
1271: X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator();
1272:
1273: certGen1.setSerialNumber(BigInteger.valueOf(1));
1274: certGen1.setIssuerDN(new X509Principal(ord, attrs));
1275: certGen1.setNotBefore(new Date(
1276: System.currentTimeMillis() - 50000));
1277: certGen1.setNotAfter(new Date(
1278: System.currentTimeMillis() + 50000));
1279: certGen1.setSubjectDN(new X509Principal(ord, values));
1280: certGen1.setPublicKey(pubKey);
1281: certGen1.setSignatureAlgorithm("MD5WithRSAEncryption");
1282:
1283: cert = certGen1.generate(privKey);
1284:
1285: cert.checkValidity(new Date());
1286:
1287: cert.verify(pubKey);
1288:
1289: bIn = new ByteArrayInputStream(cert.getEncoded());
1290: certFact = CertificateFactory.getInstance("X.509", "BC");
1291:
1292: cert = (X509Certificate) certFact.generateCertificate(bIn);
1293:
1294: // System.out.println(cert);
1295: if (!cert.getIssuerDN().equals(cert.getSubjectDN())) {
1296: fail("name comparison fails");
1297: }
1298: }
1299:
1300: /**
1301: * we generate a self signed certificate for the sake of testing - DSA
1302: */
1303: public void checkCreation2() {
1304: //
1305: // set up the keys
1306: //
1307: PrivateKey privKey;
1308: PublicKey pubKey;
1309:
1310: try {
1311: KeyPairGenerator g = KeyPairGenerator.getInstance("DSA",
1312: "SUN");
1313:
1314: g.initialize(512, new SecureRandom());
1315:
1316: KeyPair p = g.generateKeyPair();
1317:
1318: privKey = p.getPrivate();
1319: pubKey = p.getPublic();
1320: } catch (Exception e) {
1321: fail("error setting up keys - " + e.toString());
1322: return;
1323: }
1324:
1325: //
1326: // distinguished name table.
1327: //
1328: Hashtable attrs = new Hashtable();
1329:
1330: attrs.put(X509Principal.C, "AU");
1331: attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
1332: attrs.put(X509Principal.L, "Melbourne");
1333: attrs.put(X509Principal.ST, "Victoria");
1334: attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org");
1335:
1336: //
1337: // extensions
1338: //
1339:
1340: //
1341: // create the certificate - version 3
1342: //
1343: X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
1344:
1345: certGen.setSerialNumber(BigInteger.valueOf(1));
1346: certGen.setIssuerDN(new X509Principal(attrs));
1347: certGen.setNotBefore(new Date(
1348: System.currentTimeMillis() - 50000));
1349: certGen
1350: .setNotAfter(new Date(
1351: System.currentTimeMillis() + 50000));
1352: certGen.setSubjectDN(new X509Principal(attrs));
1353: certGen.setPublicKey(pubKey);
1354: certGen.setSignatureAlgorithm("SHA1withDSA");
1355:
1356: try {
1357: X509Certificate cert = certGen.generate(privKey);
1358:
1359: cert.checkValidity(new Date());
1360:
1361: cert.verify(pubKey);
1362:
1363: ByteArrayInputStream bIn = new ByteArrayInputStream(cert
1364: .getEncoded());
1365: CertificateFactory fact = CertificateFactory.getInstance(
1366: "X.509", "BC");
1367:
1368: cert = (X509Certificate) fact.generateCertificate(bIn);
1369:
1370: // System.out.println(cert);
1371: } catch (Exception e) {
1372: fail("error setting generating cert - " + e.toString());
1373: }
1374:
1375: //
1376: // create the certificate - version 1
1377: //
1378: X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator();
1379:
1380: certGen1.setSerialNumber(BigInteger.valueOf(1));
1381: certGen1.setIssuerDN(new X509Principal(attrs));
1382: certGen1.setNotBefore(new Date(
1383: System.currentTimeMillis() - 50000));
1384: certGen1.setNotAfter(new Date(
1385: System.currentTimeMillis() + 50000));
1386: certGen1.setSubjectDN(new X509Principal(attrs));
1387: certGen1.setPublicKey(pubKey);
1388: certGen1.setSignatureAlgorithm("SHA1withDSA");
1389:
1390: try {
1391: X509Certificate cert = certGen1.generate(privKey);
1392:
1393: cert.checkValidity(new Date());
1394:
1395: cert.verify(pubKey);
1396:
1397: ByteArrayInputStream bIn = new ByteArrayInputStream(cert
1398: .getEncoded());
1399: CertificateFactory fact = CertificateFactory.getInstance(
1400: "X.509", "BC");
1401:
1402: cert = (X509Certificate) fact.generateCertificate(bIn);
1403:
1404: //System.out.println(cert);
1405: } catch (Exception e) {
1406: fail("error setting generating cert - " + e.toString());
1407: }
1408:
1409: //
1410: // exception test
1411: //
1412: try {
1413: certGen.setPublicKey(dudPublicKey);
1414:
1415: fail("key without encoding not detected in v1");
1416: } catch (IllegalArgumentException e) {
1417: // expected
1418: }
1419: }
1420:
1421: /**
1422: * we generate a self signed certificate for the sake of testing - ECDSA
1423: */
1424: public void checkCreation3() {
1425: ECCurve curve = new ECCurve.Fp(
1426: new BigInteger(
1427: "883423532389192164791648750360308885314476597252960362792450860609699839"), // q
1428: new BigInteger(
1429: "7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc",
1430: 16), // a
1431: new BigInteger(
1432: "6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a",
1433: 16)); // b
1434:
1435: ECParameterSpec spec = new ECParameterSpec(
1436: curve,
1437: curve
1438: .decodePoint(Hex
1439: .decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
1440: new BigInteger(
1441: "883423532389192164791648750360308884807550341691627752275345424702807307")); // n
1442:
1443: ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(
1444: new BigInteger(
1445: "876300101507107567501066130761671078357010671067781776716671676178726717"), // d
1446: spec);
1447:
1448: ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(
1449: curve
1450: .decodePoint(Hex
1451: .decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
1452: spec);
1453:
1454: //
1455: // set up the keys
1456: //
1457: PrivateKey privKey;
1458: PublicKey pubKey;
1459:
1460: try {
1461: KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC");
1462:
1463: privKey = fact.generatePrivate(privKeySpec);
1464: pubKey = fact.generatePublic(pubKeySpec);
1465: } catch (Exception e) {
1466: fail("error setting up keys - " + e.toString());
1467: return;
1468: }
1469:
1470: //
1471: // distinguished name table.
1472: //
1473: Hashtable attrs = new Hashtable();
1474: Vector order = new Vector();
1475:
1476: attrs.put(X509Principal.C, "AU");
1477: attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
1478: attrs.put(X509Principal.L, "Melbourne");
1479: attrs.put(X509Principal.ST, "Victoria");
1480: attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org");
1481:
1482: order.addElement(X509Principal.C);
1483: order.addElement(X509Principal.O);
1484: order.addElement(X509Principal.L);
1485: order.addElement(X509Principal.ST);
1486: order.addElement(X509Principal.E);
1487:
1488: //
1489: // toString test
1490: //
1491: X509Principal p = new X509Principal(order, attrs);
1492: String s = p.toString();
1493:
1494: if (!s
1495: .equals("C=AU,O=The Legion of the Bouncy Castle,L=Melbourne,ST=Victoria,E=feedback-crypto@bouncycastle.org")) {
1496: fail("ordered X509Principal test failed - s = " + s + ".");
1497: }
1498:
1499: p = new X509Principal(attrs);
1500: s = p.toString();
1501:
1502: //
1503: // we need two of these as the hash code for strings changed...
1504: //
1505: if (!s
1506: .equals("O=The Legion of the Bouncy Castle,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU")
1507: && !s
1508: .equals("ST=Victoria,L=Melbourne,C=AU,E=feedback-crypto@bouncycastle.org,O=The Legion of the Bouncy Castle")) {
1509: fail("unordered X509Principal test failed.");
1510: }
1511:
1512: //
1513: // create the certificate - version 3
1514: //
1515: X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
1516:
1517: certGen.setSerialNumber(BigInteger.valueOf(1));
1518: certGen.setIssuerDN(new X509Principal(order, attrs));
1519: certGen.setNotBefore(new Date(
1520: System.currentTimeMillis() - 50000));
1521: certGen
1522: .setNotAfter(new Date(
1523: System.currentTimeMillis() + 50000));
1524: certGen.setSubjectDN(new X509Principal(order, attrs));
1525: certGen.setPublicKey(pubKey);
1526: certGen.setSignatureAlgorithm("SHA1withECDSA");
1527:
1528: try {
1529: X509Certificate cert = certGen.generate(privKey);
1530:
1531: cert.checkValidity(new Date());
1532:
1533: cert.verify(pubKey);
1534:
1535: ByteArrayInputStream bIn = new ByteArrayInputStream(cert
1536: .getEncoded());
1537: CertificateFactory fact = CertificateFactory.getInstance(
1538: "X.509", "BC");
1539:
1540: cert = (X509Certificate) fact.generateCertificate(bIn);
1541:
1542: //
1543: // try with point compression turned off
1544: //
1545: ((ECPointEncoder) pubKey).setPointFormat("UNCOMPRESSED");
1546:
1547: certGen.setPublicKey(pubKey);
1548:
1549: cert = certGen.generate(privKey, "BC");
1550:
1551: cert.checkValidity(new Date());
1552:
1553: cert.verify(pubKey);
1554:
1555: bIn = new ByteArrayInputStream(cert.getEncoded());
1556: fact = CertificateFactory.getInstance("X.509", "BC");
1557:
1558: cert = (X509Certificate) fact.generateCertificate(bIn);
1559: // System.out.println(cert);
1560: } catch (Exception e) {
1561: fail("error setting generating cert - " + e.toString());
1562: }
1563:
1564: X509Principal pr = new X509Principal(
1565: "O=\"The Bouncy Castle, The Legion of\",E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU");
1566:
1567: if (!pr
1568: .toString()
1569: .equals(
1570: "O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU")) {
1571: fail("string based X509Principal test failed.");
1572: }
1573:
1574: pr = new X509Principal(
1575: "O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU");
1576:
1577: if (!pr
1578: .toString()
1579: .equals(
1580: "O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU")) {
1581: fail("string based X509Principal test failed.");
1582: }
1583:
1584: }
1585:
1586: /**
1587: * we generate a self signed certificate for the sake of testing - SHA224withECDSA
1588: */
1589: private void createECCert(String algorithm,
1590: DERObjectIdentifier algOid) throws Exception {
1591: ECCurve.Fp curve = new ECCurve.Fp(
1592: new BigInteger(
1593: "6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151"), // q (or p)
1594: new BigInteger(
1595: "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
1596: 16), // a
1597: new BigInteger(
1598: "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
1599: 16)); // b
1600:
1601: ECParameterSpec spec = new ECParameterSpec(
1602: curve,
1603: curve
1604: .decodePoint(Hex
1605: .decode("02C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66")), // G
1606: new BigInteger(
1607: "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
1608: 16)); // n
1609:
1610: ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(
1611: new BigInteger(
1612: "5769183828869504557786041598510887460263120754767955773309066354712783118202294874205844512909370791582896372147797293913785865682804434049019366394746072023"), // d
1613: spec);
1614:
1615: ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(
1616: curve
1617: .decodePoint(Hex
1618: .decode("026BFDD2C9278B63C92D6624F151C9D7A822CC75BD983B17D25D74C26740380022D3D8FAF304781E416175EADF4ED6E2B47142D2454A7AC7801DD803CF44A4D1F0AC")), // Q
1619: spec);
1620:
1621: //
1622: // set up the keys
1623: //
1624: PrivateKey privKey;
1625: PublicKey pubKey;
1626:
1627: KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC");
1628:
1629: privKey = fact.generatePrivate(privKeySpec);
1630: pubKey = fact.generatePublic(pubKeySpec);
1631:
1632: //
1633: // distinguished name table.
1634: //
1635: Hashtable attrs = new Hashtable();
1636: Vector order = new Vector();
1637:
1638: attrs.put(X509Principal.C, "AU");
1639: attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
1640: attrs.put(X509Principal.L, "Melbourne");
1641: attrs.put(X509Principal.ST, "Victoria");
1642: attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org");
1643:
1644: order.addElement(X509Principal.C);
1645: order.addElement(X509Principal.O);
1646: order.addElement(X509Principal.L);
1647: order.addElement(X509Principal.ST);
1648: order.addElement(X509Principal.E);
1649:
1650: //
1651: // create the certificate - version 3
1652: //
1653: X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
1654:
1655: certGen.setSerialNumber(BigInteger.valueOf(1));
1656: certGen.setIssuerDN(new X509Principal(order, attrs));
1657: certGen.setNotBefore(new Date(
1658: System.currentTimeMillis() - 50000));
1659: certGen
1660: .setNotAfter(new Date(
1661: System.currentTimeMillis() + 50000));
1662: certGen.setSubjectDN(new X509Principal(order, attrs));
1663: certGen.setPublicKey(pubKey);
1664: certGen.setSignatureAlgorithm(algorithm);
1665:
1666: X509Certificate cert = certGen.generate(privKey, "BC");
1667:
1668: cert.checkValidity(new Date());
1669:
1670: cert.verify(pubKey);
1671:
1672: ByteArrayInputStream bIn = new ByteArrayInputStream(cert
1673: .getEncoded());
1674: CertificateFactory certFact = CertificateFactory.getInstance(
1675: "X.509", "BC");
1676:
1677: cert = (X509Certificate) certFact.generateCertificate(bIn);
1678:
1679: //
1680: // try with point compression turned off
1681: //
1682: ((ECPointEncoder) pubKey).setPointFormat("UNCOMPRESSED");
1683:
1684: certGen.setPublicKey(pubKey);
1685:
1686: cert = certGen.generate(privKey, "BC");
1687:
1688: cert.checkValidity(new Date());
1689:
1690: cert.verify(pubKey);
1691:
1692: bIn = new ByteArrayInputStream(cert.getEncoded());
1693: certFact = CertificateFactory.getInstance("X.509", "BC");
1694:
1695: cert = (X509Certificate) certFact.generateCertificate(bIn);
1696:
1697: if (!cert.getSigAlgOID().equals(algOid.toString())) {
1698: fail("ECDSA oid incorrect.");
1699: }
1700:
1701: if (cert.getSigAlgParams() != null) {
1702: fail("sig parameters present");
1703: }
1704:
1705: Signature sig = Signature.getInstance(algorithm, "BC");
1706:
1707: sig.initVerify(pubKey);
1708:
1709: sig.update(cert.getTBSCertificate());
1710:
1711: if (!sig.verify(cert.getSignature())) {
1712: fail("EC certificate signature not mapped correctly.");
1713: }
1714: // System.out.println(cert);
1715: }
1716:
1717: private void checkCRL(int id, byte[] bytes) {
1718: ByteArrayInputStream bIn;
1719: String dump = "";
1720:
1721: try {
1722: bIn = new ByteArrayInputStream(bytes);
1723:
1724: CertificateFactory fact = CertificateFactory.getInstance(
1725: "X.509", "BC");
1726:
1727: CRL cert = fact.generateCRL(bIn);
1728:
1729: // System.out.println(cert);
1730: } catch (Exception e) {
1731: fail(dump + System.getProperty("line.separator")
1732: + getName() + ": " + id + " failed - exception "
1733: + e.toString(), e);
1734: }
1735:
1736: }
1737:
1738: public void checkCRLCreation1() throws Exception {
1739: KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA",
1740: "BC");
1741: X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
1742: Date now = new Date();
1743: KeyPair pair = kpGen.generateKeyPair();
1744:
1745: crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
1746:
1747: crlGen.setThisUpdate(now);
1748: crlGen.setNextUpdate(new Date(now.getTime() + 100000));
1749: crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
1750:
1751: crlGen.addCRLEntry(BigInteger.ONE, now,
1752: CRLReason.privilegeWithdrawn);
1753:
1754: crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier,
1755: false, new AuthorityKeyIdentifierStructure(pair
1756: .getPublic()));
1757:
1758: X509CRL crl = crlGen.generate(pair.getPrivate(), "BC");
1759:
1760: if (!crl.getIssuerX500Principal().equals(
1761: new X500Principal("CN=Test CA"))) {
1762: fail("failed CRL issuer test");
1763: }
1764:
1765: byte[] authExt = crl
1766: .getExtensionValue(X509Extensions.AuthorityKeyIdentifier
1767: .getId());
1768:
1769: if (authExt == null) {
1770: fail("failed to find CRL extension");
1771: }
1772:
1773: AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(
1774: authExt);
1775:
1776: X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
1777:
1778: if (entry == null) {
1779: fail("failed to find CRL entry");
1780: }
1781:
1782: if (!entry.getSerialNumber().equals(BigInteger.ONE)) {
1783: fail("CRL cert serial number does not match");
1784: }
1785:
1786: if (!entry.hasExtensions()) {
1787: fail("CRL entry extension not found");
1788: }
1789:
1790: byte[] ext = entry.getExtensionValue(X509Extensions.ReasonCode
1791: .getId());
1792:
1793: if (ext != null) {
1794: DEREnumerated reasonCode = (DEREnumerated) X509ExtensionUtil
1795: .fromExtensionValue(ext);
1796:
1797: if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn) {
1798: fail("CRL entry reasonCode wrong");
1799: }
1800: } else {
1801: fail("CRL entry reasonCode not found");
1802: }
1803: }
1804:
1805: public void checkCRLCreation2() throws Exception {
1806: KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA",
1807: "BC");
1808: X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
1809: Date now = new Date();
1810: KeyPair pair = kpGen.generateKeyPair();
1811:
1812: crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
1813:
1814: crlGen.setThisUpdate(now);
1815: crlGen.setNextUpdate(new Date(now.getTime() + 100000));
1816: crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
1817:
1818: Vector extOids = new Vector();
1819: Vector extValues = new Vector();
1820:
1821: CRLReason crlReason = new CRLReason(
1822: CRLReason.privilegeWithdrawn);
1823:
1824: try {
1825: extOids.addElement(X509Extensions.ReasonCode);
1826: extValues.addElement(new X509Extension(false,
1827: new DEROctetString(crlReason.getEncoded())));
1828: } catch (IOException e) {
1829: throw new IllegalArgumentException(
1830: "error encoding reason: " + e);
1831: }
1832:
1833: X509Extensions entryExtensions = new X509Extensions(extOids,
1834: extValues);
1835:
1836: crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
1837:
1838: crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier,
1839: false, new AuthorityKeyIdentifierStructure(pair
1840: .getPublic()));
1841:
1842: X509CRL crl = crlGen.generate(pair.getPrivate(), "BC");
1843:
1844: if (!crl.getIssuerX500Principal().equals(
1845: new X500Principal("CN=Test CA"))) {
1846: fail("failed CRL issuer test");
1847: }
1848:
1849: byte[] authExt = crl
1850: .getExtensionValue(X509Extensions.AuthorityKeyIdentifier
1851: .getId());
1852:
1853: if (authExt == null) {
1854: fail("failed to find CRL extension");
1855: }
1856:
1857: AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(
1858: authExt);
1859:
1860: X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
1861:
1862: if (entry == null) {
1863: fail("failed to find CRL entry");
1864: }
1865:
1866: if (!entry.getSerialNumber().equals(BigInteger.ONE)) {
1867: fail("CRL cert serial number does not match");
1868: }
1869:
1870: if (!entry.hasExtensions()) {
1871: fail("CRL entry extension not found");
1872: }
1873:
1874: byte[] ext = entry.getExtensionValue(X509Extensions.ReasonCode
1875: .getId());
1876:
1877: if (ext != null) {
1878: DEREnumerated reasonCode = (DEREnumerated) X509ExtensionUtil
1879: .fromExtensionValue(ext);
1880:
1881: if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn) {
1882: fail("CRL entry reasonCode wrong");
1883: }
1884: } else {
1885: fail("CRL entry reasonCode not found");
1886: }
1887: }
1888:
1889: public void checkCRLCreation3() throws Exception {
1890: KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA",
1891: "BC");
1892: X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
1893: Date now = new Date();
1894: KeyPair pair = kpGen.generateKeyPair();
1895:
1896: crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
1897:
1898: crlGen.setThisUpdate(now);
1899: crlGen.setNextUpdate(new Date(now.getTime() + 100000));
1900: crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
1901:
1902: Vector extOids = new Vector();
1903: Vector extValues = new Vector();
1904:
1905: CRLReason crlReason = new CRLReason(
1906: CRLReason.privilegeWithdrawn);
1907:
1908: try {
1909: extOids.addElement(X509Extensions.ReasonCode);
1910: extValues.addElement(new X509Extension(false,
1911: new DEROctetString(crlReason.getEncoded())));
1912: } catch (IOException e) {
1913: throw new IllegalArgumentException(
1914: "error encoding reason: " + e);
1915: }
1916:
1917: X509Extensions entryExtensions = new X509Extensions(extOids,
1918: extValues);
1919:
1920: crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
1921:
1922: crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier,
1923: false, new AuthorityKeyIdentifierStructure(pair
1924: .getPublic()));
1925:
1926: X509CRL crl = crlGen.generate(pair.getPrivate(), "BC");
1927:
1928: if (!crl.getIssuerX500Principal().equals(
1929: new X500Principal("CN=Test CA"))) {
1930: fail("failed CRL issuer test");
1931: }
1932:
1933: byte[] authExt = crl
1934: .getExtensionValue(X509Extensions.AuthorityKeyIdentifier
1935: .getId());
1936:
1937: if (authExt == null) {
1938: fail("failed to find CRL extension");
1939: }
1940:
1941: AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(
1942: authExt);
1943:
1944: X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
1945:
1946: if (entry == null) {
1947: fail("failed to find CRL entry");
1948: }
1949:
1950: if (!entry.getSerialNumber().equals(BigInteger.ONE)) {
1951: fail("CRL cert serial number does not match");
1952: }
1953:
1954: if (!entry.hasExtensions()) {
1955: fail("CRL entry extension not found");
1956: }
1957:
1958: byte[] ext = entry.getExtensionValue(X509Extensions.ReasonCode
1959: .getId());
1960:
1961: if (ext != null) {
1962: DEREnumerated reasonCode = (DEREnumerated) X509ExtensionUtil
1963: .fromExtensionValue(ext);
1964:
1965: if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn) {
1966: fail("CRL entry reasonCode wrong");
1967: }
1968: } else {
1969: fail("CRL entry reasonCode not found");
1970: }
1971:
1972: //
1973: // check loading of existing CRL
1974: //
1975: crlGen = new X509V2CRLGenerator();
1976: now = new Date();
1977:
1978: crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
1979:
1980: crlGen.setThisUpdate(now);
1981: crlGen.setNextUpdate(new Date(now.getTime() + 100000));
1982: crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
1983:
1984: crlGen.addCRL(crl);
1985:
1986: crlGen.addCRLEntry(BigInteger.valueOf(2), now, entryExtensions);
1987:
1988: crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier,
1989: false, new AuthorityKeyIdentifierStructure(pair
1990: .getPublic()));
1991:
1992: X509CRL newCrl = crlGen.generate(pair.getPrivate(), "BC");
1993:
1994: int count = 0;
1995: boolean oneFound = false;
1996: boolean twoFound = false;
1997:
1998: Iterator it = newCrl.getRevokedCertificates().iterator();
1999: while (it.hasNext()) {
2000: X509CRLEntry crlEnt = (X509CRLEntry) it.next();
2001:
2002: if (crlEnt.getSerialNumber().intValue() == 1) {
2003: oneFound = true;
2004: } else if (crlEnt.getSerialNumber().intValue() == 2) {
2005: twoFound = true;
2006: }
2007:
2008: count++;
2009: }
2010:
2011: if (count != 2) {
2012: fail("wrong number of CRLs found");
2013: }
2014:
2015: if (!oneFound || !twoFound) {
2016: fail("wrong CRLs found in copied list");
2017: }
2018:
2019: //
2020: // check factory read back
2021: //
2022: CertificateFactory cFact = CertificateFactory.getInstance(
2023: "X.509", "BC");
2024:
2025: X509CRL readCrl = (X509CRL) cFact
2026: .generateCRL(new ByteArrayInputStream(newCrl
2027: .getEncoded()));
2028:
2029: if (readCrl == null) {
2030: fail("crl not returned!");
2031: }
2032:
2033: Collection col = cFact.generateCRLs(new ByteArrayInputStream(
2034: newCrl.getEncoded()));
2035:
2036: if (col.size() != 1) {
2037: fail("wrong number of CRLs found in collection");
2038: }
2039: }
2040:
2041: /**
2042: * we generate a self signed certificate for the sake of testing - GOST3410
2043: */
2044: public void checkCreation4() throws Exception {
2045: //
2046: // set up the keys
2047: //
2048: PrivateKey privKey;
2049: PublicKey pubKey;
2050:
2051: KeyPairGenerator g = KeyPairGenerator.getInstance("GOST3410",
2052: "BC");
2053: GOST3410ParameterSpec gost3410P = new GOST3410ParameterSpec(
2054: "GostR3410-94-CryptoPro-A");
2055:
2056: g.initialize(gost3410P, new SecureRandom());
2057:
2058: KeyPair p = g.generateKeyPair();
2059:
2060: privKey = p.getPrivate();
2061: pubKey = p.getPublic();
2062:
2063: //
2064: // distinguished name table.
2065: //
2066: Hashtable attrs = new Hashtable();
2067:
2068: attrs.put(X509Principal.C, "AU");
2069: attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
2070: attrs.put(X509Principal.L, "Melbourne");
2071: attrs.put(X509Principal.ST, "Victoria");
2072: attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org");
2073:
2074: //
2075: // extensions
2076: //
2077:
2078: //
2079: // create the certificate - version 3
2080: //
2081: X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
2082:
2083: certGen.setSerialNumber(BigInteger.valueOf(1));
2084: certGen.setIssuerDN(new X509Principal(attrs));
2085: certGen.setNotBefore(new Date(
2086: System.currentTimeMillis() - 50000));
2087: certGen
2088: .setNotAfter(new Date(
2089: System.currentTimeMillis() + 50000));
2090: certGen.setSubjectDN(new X509Principal(attrs));
2091: certGen.setPublicKey(pubKey);
2092: certGen.setSignatureAlgorithm("GOST3411withGOST3410");
2093:
2094: X509Certificate cert = certGen.generate(privKey, "BC");
2095:
2096: cert.checkValidity(new Date());
2097:
2098: //
2099: // check verifies in general
2100: //
2101: cert.verify(pubKey);
2102:
2103: //
2104: // check verifies with contained key
2105: //
2106: cert.verify(cert.getPublicKey());
2107:
2108: ByteArrayInputStream bIn = new ByteArrayInputStream(cert
2109: .getEncoded());
2110: CertificateFactory fact = CertificateFactory.getInstance(
2111: "X.509", "BC");
2112:
2113: cert = (X509Certificate) fact.generateCertificate(bIn);
2114:
2115: //System.out.println(cert);
2116:
2117: //check getEncoded()
2118: byte[] bytesch = cert.getEncoded();
2119: }
2120:
2121: public void checkCreation5() throws Exception {
2122: //
2123: // a sample key pair.
2124: //
2125: RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
2126: new BigInteger(
2127: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
2128: 16), new BigInteger("11", 16));
2129:
2130: RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
2131: new BigInteger(
2132: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
2133: 16),
2134: new BigInteger("11", 16),
2135: new BigInteger(
2136: "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
2137: 16),
2138: new BigInteger(
2139: "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb",
2140: 16),
2141: new BigInteger(
2142: "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5",
2143: 16),
2144: new BigInteger(
2145: "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391",
2146: 16),
2147: new BigInteger(
2148: "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd",
2149: 16),
2150: new BigInteger(
2151: "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19",
2152: 16));
2153:
2154: //
2155: // set up the keys
2156: //
2157: SecureRandom rand = new SecureRandom();
2158: PrivateKey privKey;
2159: PublicKey pubKey;
2160:
2161: KeyFactory fact = KeyFactory.getInstance("RSA", "BC");
2162:
2163: privKey = fact.generatePrivate(privKeySpec);
2164: pubKey = fact.generatePublic(pubKeySpec);
2165:
2166: //
2167: // distinguished name table.
2168: //
2169: Hashtable attrs = new Hashtable();
2170:
2171: attrs.put(X509Principal.C, "AU");
2172: attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
2173: attrs.put(X509Principal.L, "Melbourne");
2174: attrs.put(X509Principal.ST, "Victoria");
2175: attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org");
2176:
2177: Vector ord = new Vector();
2178: Vector values = new Vector();
2179:
2180: ord.addElement(X509Principal.C);
2181: ord.addElement(X509Principal.O);
2182: ord.addElement(X509Principal.L);
2183: ord.addElement(X509Principal.ST);
2184: ord.addElement(X509Principal.E);
2185:
2186: values.addElement("AU");
2187: values.addElement("The Legion of the Bouncy Castle");
2188: values.addElement("Melbourne");
2189: values.addElement("Victoria");
2190: values.addElement("feedback-crypto@bouncycastle.org");
2191:
2192: //
2193: // create base certificate - version 3
2194: //
2195: X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
2196:
2197: certGen.setSerialNumber(BigInteger.valueOf(1));
2198: certGen.setIssuerDN(new X509Principal(attrs));
2199: certGen.setNotBefore(new Date(
2200: System.currentTimeMillis() - 50000));
2201: certGen
2202: .setNotAfter(new Date(
2203: System.currentTimeMillis() + 50000));
2204: certGen.setSubjectDN(new X509Principal(attrs));
2205: certGen.setPublicKey(pubKey);
2206: certGen.setSignatureAlgorithm("MD5WithRSAEncryption");
2207: certGen.addExtension("2.5.29.15", true, new X509KeyUsage(
2208: X509KeyUsage.encipherOnly));
2209: certGen.addExtension("2.5.29.37", true, new DERSequence(
2210: KeyPurposeId.anyExtendedKeyUsage));
2211: certGen.addExtension("2.5.29.17", true, new GeneralNames(
2212: new GeneralName(GeneralName.rfc822Name,
2213: "test@test.test")));
2214:
2215: X509Certificate baseCert = certGen.generate(privKey, "BC");
2216:
2217: //
2218: // copy certificate
2219: //
2220: certGen = new X509V3CertificateGenerator();
2221:
2222: certGen.setSerialNumber(BigInteger.valueOf(1));
2223: certGen.setIssuerDN(new X509Principal(attrs));
2224: certGen.setNotBefore(new Date(
2225: System.currentTimeMillis() - 50000));
2226: certGen
2227: .setNotAfter(new Date(
2228: System.currentTimeMillis() + 50000));
2229: certGen.setSubjectDN(new X509Principal(attrs));
2230: certGen.setPublicKey(pubKey);
2231: certGen.setSignatureAlgorithm("MD5WithRSAEncryption");
2232:
2233: certGen.copyAndAddExtension(
2234: new DERObjectIdentifier("2.5.29.15"), true, baseCert);
2235: certGen.copyAndAddExtension("2.5.29.37", false, baseCert);
2236:
2237: X509Certificate cert = certGen.generate(privKey, "BC");
2238:
2239: cert.checkValidity(new Date());
2240:
2241: cert.verify(pubKey);
2242:
2243: if (!areEqual(baseCert.getExtensionValue("2.5.29.15"), cert
2244: .getExtensionValue("2.5.29.15"))) {
2245: fail("2.5.29.15 differs");
2246: }
2247:
2248: if (!areEqual(baseCert.getExtensionValue("2.5.29.37"), cert
2249: .getExtensionValue("2.5.29.37"))) {
2250: fail("2.5.29.37 differs");
2251: }
2252:
2253: //
2254: // exception test
2255: //
2256: try {
2257: certGen.copyAndAddExtension("2.5.99.99", true, baseCert);
2258:
2259: fail("exception not thrown on dud extension copy");
2260: } catch (CertificateParsingException e) {
2261: // expected
2262: }
2263:
2264: try {
2265: certGen.setPublicKey(dudPublicKey);
2266:
2267: certGen.generate(privKey, "BC");
2268:
2269: fail("key without encoding not detected in v3");
2270: } catch (IllegalArgumentException e) {
2271: // expected
2272: }
2273: }
2274:
2275: private void testForgedSignature() throws Exception {
2276: String cert = "MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV"
2277: + "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD"
2278: + "VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa"
2279: + "Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs"
2280: + "YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy"
2281: + "IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD"
2282: + "hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u"
2283: + "12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU"
2284: + "DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ"
2285: + "e20sRA==";
2286:
2287: CertificateFactory certFact = CertificateFactory.getInstance(
2288: "X.509", "BC");
2289:
2290: X509Certificate x509 = (X509Certificate) certFact
2291: .generateCertificate(new ByteArrayInputStream(Base64
2292: .decode(cert)));
2293: try {
2294: x509.verify(x509.getPublicKey());
2295:
2296: fail("forged RSA signature passed");
2297: } catch (Exception e) {
2298: // expected
2299: }
2300: }
2301:
2302: private void pemTest() throws Exception {
2303: CertificateFactory cf = CertificateFactory.getInstance("X.509",
2304: "BC");
2305:
2306: Certificate cert = cf
2307: .generateCertificate(new ByteArrayInputStream(
2308: PEMData.CERTIFICATE_1.getBytes("US-ASCII")));
2309: if (cert == null) {
2310: fail("PEM cert not read");
2311: }
2312: CRL crl = cf.generateCRL(new ByteArrayInputStream(PEMData.CRL_1
2313: .getBytes("US-ASCII")));
2314: if (crl == null) {
2315: fail("PEM crl not read");
2316: }
2317: Collection col = cf
2318: .generateCertificates(new ByteArrayInputStream(
2319: PEMData.CERTIFICATE_2.getBytes("US-ASCII")));
2320: if (col.size() != 1 || !col.contains(cert)) {
2321: fail("PEM cert collection not right");
2322: }
2323: col = cf.generateCRLs(new ByteArrayInputStream(PEMData.CRL_2
2324: .getBytes("US-ASCII")));
2325: if (col.size() != 1 || !col.contains(crl)) {
2326: fail("PEM crl collection not right");
2327: }
2328: }
2329:
2330: private void pkcs7Test() throws Exception {
2331: ASN1EncodableVector certs = new ASN1EncodableVector();
2332:
2333: certs.add(new ASN1InputStream(CertPathTest.rootCertBin)
2334: .readObject());
2335: certs.add(new DERTaggedObject(false, 2, new ASN1InputStream(
2336: AttrCertTest.attrCert).readObject()));
2337:
2338: ASN1EncodableVector crls = new ASN1EncodableVector();
2339:
2340: crls.add(new ASN1InputStream(CertPathTest.rootCrlBin)
2341: .readObject());
2342: SignedData sigData = new SignedData(new DERSet(),
2343: new ContentInfo(CMSObjectIdentifiers.data, null),
2344: new DERSet(certs), new DERSet(crls), new DERSet());
2345:
2346: ContentInfo info = new ContentInfo(
2347: CMSObjectIdentifiers.signedData, sigData);
2348:
2349: CertificateFactory cf = CertificateFactory.getInstance("X.509",
2350: "BC");
2351:
2352: X509Certificate cert = (X509Certificate) cf
2353: .generateCertificate(new ByteArrayInputStream(info
2354: .getEncoded()));
2355: if (cert == null
2356: || !areEqual(cert.getEncoded(), certs.get(0)
2357: .getDERObject().getEncoded())) {
2358: fail("PKCS7 cert not read");
2359: }
2360: X509CRL crl = (X509CRL) cf
2361: .generateCRL(new ByteArrayInputStream(info.getEncoded()));
2362: if (crl == null
2363: || !areEqual(crl.getEncoded(), crls.get(0)
2364: .getDERObject().getEncoded())) {
2365: fail("PKCS7 crl not read");
2366: }
2367: Collection col = cf
2368: .generateCertificates(new ByteArrayInputStream(info
2369: .getEncoded()));
2370: if (col.size() != 1 || !col.contains(cert)) {
2371: fail("PKCS7 cert collection not right");
2372: }
2373: col = cf.generateCRLs(new ByteArrayInputStream(info
2374: .getEncoded()));
2375: if (col.size() != 1 || !col.contains(crl)) {
2376: fail("PKCS7 crl collection not right");
2377: }
2378:
2379: // data with no certificates or CRLs
2380:
2381: sigData = new SignedData(new DERSet(), new ContentInfo(
2382: CMSObjectIdentifiers.data, null), new DERSet(),
2383: new DERSet(), new DERSet());
2384:
2385: info = new ContentInfo(CMSObjectIdentifiers.signedData, sigData);
2386:
2387: cert = (X509Certificate) cf
2388: .generateCertificate(new ByteArrayInputStream(info
2389: .getEncoded()));
2390: if (cert != null) {
2391: fail("PKCS7 cert present");
2392: }
2393: crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(info
2394: .getEncoded()));
2395: if (crl != null) {
2396: fail("PKCS7 crl present");
2397: }
2398:
2399: // data with absent certificates and CRLS
2400:
2401: sigData = new SignedData(new DERSet(), new ContentInfo(
2402: CMSObjectIdentifiers.data, null), null, null,
2403: new DERSet());
2404:
2405: info = new ContentInfo(CMSObjectIdentifiers.signedData, sigData);
2406:
2407: cert = (X509Certificate) cf
2408: .generateCertificate(new ByteArrayInputStream(info
2409: .getEncoded()));
2410: if (cert != null) {
2411: fail("PKCS7 cert present");
2412: }
2413: crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(info
2414: .getEncoded()));
2415: if (crl != null) {
2416: fail("PKCS7 crl present");
2417: }
2418:
2419: //
2420: // sample message
2421: //
2422: InputStream in = new ByteArrayInputStream(pkcs7CrlProblem);
2423: Collection certCol = cf.generateCertificates(in);
2424: Collection crlCol = cf.generateCRLs(in);
2425:
2426: if (crlCol.size() != 0) {
2427: fail("wrong number of CRLs: " + crlCol.size());
2428: }
2429:
2430: if (certCol.size() != 4) {
2431: fail("wrong number of Certs: " + certCol.size());
2432: }
2433: }
2434:
2435: private void createPSSCert(String algorithm) throws Exception {
2436: RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
2437: new BigInteger(
2438: "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",
2439: 16), new BigInteger("010001", 16));
2440:
2441: RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
2442: new BigInteger(
2443: "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",
2444: 16),
2445: new BigInteger("010001", 16),
2446: new BigInteger(
2447: "33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",
2448: 16),
2449: new BigInteger(
2450: "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",
2451: 16),
2452: new BigInteger(
2453: "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",
2454: 16),
2455: new BigInteger(
2456: "28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",
2457: 16),
2458: new BigInteger(
2459: "1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",
2460: 16),
2461: new BigInteger(
2462: "27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",
2463: 16));
2464:
2465: KeyFactory fact = KeyFactory.getInstance("RSA", "BC");
2466:
2467: PrivateKey privKey = fact.generatePrivate(privKeySpec);
2468: PublicKey pubKey = fact.generatePublic(pubKeySpec);
2469:
2470: //
2471: // distinguished name table.
2472: //
2473: Hashtable attrs = new Hashtable();
2474:
2475: attrs.put(X509Principal.C, "AU");
2476: attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
2477: attrs.put(X509Principal.L, "Melbourne");
2478: attrs.put(X509Principal.ST, "Victoria");
2479: attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org");
2480:
2481: Vector ord = new Vector();
2482: Vector values = new Vector();
2483:
2484: ord.addElement(X509Principal.C);
2485: ord.addElement(X509Principal.O);
2486: ord.addElement(X509Principal.L);
2487: ord.addElement(X509Principal.ST);
2488: ord.addElement(X509Principal.E);
2489:
2490: values.addElement("AU");
2491: values.addElement("The Legion of the Bouncy Castle");
2492: values.addElement("Melbourne");
2493: values.addElement("Victoria");
2494: values.addElement("feedback-crypto@bouncycastle.org");
2495:
2496: //
2497: // create base certificate - version 3
2498: //
2499: X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
2500:
2501: certGen.setSerialNumber(BigInteger.valueOf(1));
2502: certGen.setIssuerDN(new X509Principal(attrs));
2503: certGen.setNotBefore(new Date(
2504: System.currentTimeMillis() - 50000));
2505: certGen
2506: .setNotAfter(new Date(
2507: System.currentTimeMillis() + 50000));
2508: certGen.setSubjectDN(new X509Principal(attrs));
2509: certGen.setPublicKey(pubKey);
2510: certGen.setSignatureAlgorithm(algorithm);
2511: certGen.addExtension("2.5.29.15", true, new X509KeyUsage(
2512: X509KeyUsage.encipherOnly));
2513: certGen.addExtension("2.5.29.37", true, new DERSequence(
2514: KeyPurposeId.anyExtendedKeyUsage));
2515: certGen.addExtension("2.5.29.17", true, new GeneralNames(
2516: new GeneralName(GeneralName.rfc822Name,
2517: "test@test.test")));
2518:
2519: X509Certificate baseCert = certGen.generate(privKey, "BC");
2520:
2521: baseCert.verify(pubKey);
2522: }
2523:
2524: public void performTest() throws Exception {
2525: checkCertificate(1, cert1);
2526: checkCertificate(2, cert2);
2527: checkCertificate(4, cert4);
2528: checkCertificate(5, cert5);
2529: checkCertificate(6, oldEcdsa);
2530: checkCertificate(7, cert7);
2531:
2532: checkKeyUsage(8, keyUsage);
2533: checkSelfSignedCertificate(9, uncompressedPtEC);
2534: checkNameCertificate(10, nameCert);
2535:
2536: checkSelfSignedCertificate(11, probSelfSignedCert);
2537: checkSelfSignedCertificate(12, gostCA1);
2538: checkSelfSignedCertificate(13, gostCA2);
2539: checkSelfSignedCertificate(14, gost341094base);
2540: checkSelfSignedCertificate(15, gost34102001base);
2541: checkSelfSignedCertificate(16, gost341094A);
2542: checkSelfSignedCertificate(17, gost341094B);
2543: checkSelfSignedCertificate(17, gost34102001A);
2544:
2545: checkCRL(1, crl1);
2546:
2547: checkCreation1();
2548: checkCreation2();
2549: checkCreation3();
2550: checkCreation4();
2551: checkCreation5();
2552:
2553: createECCert("SHA1withECDSA",
2554: X9ObjectIdentifiers.ecdsa_with_SHA1);
2555: createECCert("SHA224withECDSA",
2556: X9ObjectIdentifiers.ecdsa_with_SHA224);
2557: createECCert("SHA256withECDSA",
2558: X9ObjectIdentifiers.ecdsa_with_SHA256);
2559: createECCert("SHA384withECDSA",
2560: X9ObjectIdentifiers.ecdsa_with_SHA384);
2561: createECCert("SHA512withECDSA",
2562: X9ObjectIdentifiers.ecdsa_with_SHA512);
2563:
2564: createPSSCert("SHA1withRSAandMGF1");
2565: createPSSCert("SHA224withRSAandMGF1");
2566: createPSSCert("SHA256withRSAandMGF1");
2567: createPSSCert("SHA384withRSAandMGF1");
2568:
2569: checkCRLCreation1();
2570: checkCRLCreation2();
2571: checkCRLCreation3();
2572:
2573: pemTest();
2574: pkcs7Test();
2575:
2576: testForgedSignature();
2577: }
2578:
2579: public static void main(String[] args) {
2580: Security.addProvider(new BouncyCastleProvider());
2581:
2582: runTest(new CertTest());
2583: }
2584: }
|