]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/regressions/kc-18-find-combined.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.31.2.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / regressions / kc-18-find-combined.c
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the xLicense.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // Tests the ability of SecItemCopyMatching to replace the following
26 // deprecated keychain search functions:
27 //
28 // - SecKeychainSearchCreateFromAttributes +
29 // SecKeychainSearchCopyNext [for keys, certificates, passwords]
30 //
31 // - SecIdentitySearchCreate (or SecIdentitySearchCreateWithPolicy) +
32 // SecIdentitySearchCopyNext [for identities]
33 //
34 //
35 // This tool incidentally tests other Security API functions, including:
36 // - SecItemAdd
37 // - SecItemImport
38 // - SecItemDelete
39 // - SecKeyGenerateSymmetric
40 //
41
42 #include <CoreFoundation/CoreFoundation.h>
43 #include <CoreServices/CoreServices.h>
44 #include <Security/Security.h>
45 #include <Security/SecPolicyPriv.h>
46
47 #include <stdlib.h>
48 #include <string.h>
49 #include <syslog.h>
50 #include <unistd.h>
51 #include <time.h>
52 #include <sys/param.h>
53 #include "test/testenv.h"
54 #include "utilities/SecCFRelease.h"
55
56 #include "keychain_regressions.h"
57 #include "kc-helpers.h"
58
59 /* Following is a 3-element certificate chain
60 * (ROOT_CERT, INTERMEDIATE_CERT, LEAF_CERT)
61 */
62 unsigned char ROOT_CERT[985]={
63 0x30,0x82,0x03,0xD5,0x30,0x82,0x02,0xBD,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
64 0x30,0x0B,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x30,0x81,0x9D,
65 0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x54,0x65,0x73,0x74,0x2D,
66 0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,0x52,0x4F,0x4F,0x54,0x31,0x0E,0x30,0x0C,
67 0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,
68 0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,
69 0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,
70 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,
71 0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,
72 0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,
73 0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,
74 0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,
75 0x0D,0x30,0x39,0x31,0x32,0x31,0x38,0x31,0x37,0x32,0x39,0x32,0x33,0x5A,0x17,0x0D,
76 0x31,0x30,0x31,0x32,0x31,0x38,0x31,0x37,0x32,0x39,0x32,0x33,0x5A,0x30,0x81,0x9D,
77 0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x54,0x65,0x73,0x74,0x2D,
78 0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,0x52,0x4F,0x4F,0x54,0x31,0x0E,0x30,0x0C,
79 0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,
80 0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,
81 0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,
82 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,
83 0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,
84 0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,
85 0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,
86 0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,
87 0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,
88 0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xB0,0x4C,
89 0x94,0xF7,0x56,0x26,0x91,0xB8,0xD1,0x5B,0x7C,0xEE,0x74,0xCB,0x1F,0x43,0xFE,0x88,
90 0x24,0xAD,0xB0,0x1E,0x85,0x86,0xE9,0x3F,0xE7,0x74,0x40,0x6C,0x4A,0x8E,0x6B,0x50,
91 0x7A,0x1B,0x43,0x9A,0x9E,0xF4,0x81,0xB3,0xF1,0xDB,0x6E,0xD4,0xFA,0xAE,0x06,0xCB,
92 0x7F,0xE6,0xCA,0x06,0x06,0xC4,0x1E,0x2D,0xF3,0xFA,0x67,0xD6,0x95,0x0E,0xAC,0xCA,
93 0x2B,0x25,0x14,0x4C,0x20,0x04,0xB4,0x26,0xAC,0x15,0x62,0x15,0xA6,0x21,0x14,0x51,
94 0xCC,0x77,0x82,0x11,0xD0,0xF8,0xB0,0x06,0xC1,0x0F,0xFB,0x08,0x60,0x53,0x11,0x1F,
95 0x00,0xA8,0x27,0x0E,0x2C,0x2C,0x63,0x34,0x6A,0xC5,0x4B,0x2D,0xCC,0x07,0xF6,0x39,
96 0xDC,0x00,0xCF,0x6E,0x29,0x15,0x3E,0x3F,0x6C,0x89,0xB9,0x48,0x97,0x19,0xA2,0xB8,
97 0x44,0x8D,0x98,0x85,0xF4,0x0B,0x70,0x06,0xD6,0x9A,0x39,0x4F,0x44,0x92,0x73,0x74,
98 0xDF,0x46,0x10,0x9C,0xB5,0xBB,0x69,0xF4,0xE1,0xB5,0x61,0x2E,0xFF,0x92,0xDB,0x47,
99 0x93,0x48,0x45,0xEB,0x7E,0xFA,0xCC,0xDB,0xCE,0x50,0x0A,0xCA,0xAF,0xAB,0x7D,0x09,
100 0x9A,0x1E,0xC4,0x08,0xA1,0xD4,0xB9,0x2A,0x42,0x49,0x10,0x75,0x63,0x4E,0x51,0x3B,
101 0xF7,0xF4,0xCA,0xCB,0x05,0xC9,0xE0,0xC9,0xD3,0x04,0x14,0x81,0xF6,0x9A,0xEE,0x0C,
102 0x2B,0x56,0x87,0x20,0x50,0x27,0x14,0x71,0x1C,0x30,0x18,0x8C,0xDD,0xF4,0xA9,0x41,
103 0x13,0x6D,0xE4,0x41,0xB1,0xE0,0x7E,0x09,0xD7,0x99,0xCE,0xE4,0x7A,0x91,0x65,0xBB,
104 0x3F,0xE1,0xD4,0x07,0x8D,0xA9,0x23,0x0A,0xA4,0x80,0x47,0x58,0xD5,0x25,0x02,0x03,
105 0x01,0x00,0x01,0xA3,0x20,0x30,0x1E,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,
106 0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,
107 0x04,0x03,0x02,0x02,0x84,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,
108 0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x38,0x44,0x10,0xF4,0x24,0x4A,0xAA,
109 0x9F,0x0D,0x37,0x5E,0x75,0xB7,0xF5,0xC5,0x27,0x19,0x57,0xE5,0x25,0x4A,0x44,0x03,
110 0x5F,0x2E,0xD4,0x70,0x69,0xDD,0x55,0xDB,0x47,0x07,0x06,0x3E,0x5D,0xA4,0xBB,0x64,
111 0xE2,0xA6,0x09,0x8B,0x6D,0x0B,0x50,0x33,0x5A,0x92,0x5A,0x5B,0xDF,0x6A,0x9F,0x81,
112 0x5F,0x17,0x95,0xB0,0xC6,0xC3,0xCD,0x6D,0x17,0xDD,0x83,0xC1,0xA5,0xB7,0xCD,0xFF,
113 0xE8,0x13,0x10,0x35,0x85,0x3E,0xCA,0xE4,0xF5,0x22,0x58,0x1E,0x68,0x14,0x62,0x35,
114 0xE4,0x65,0xB4,0xD3,0x42,0x5A,0x03,0x5C,0x2D,0x76,0xD5,0x9B,0xAA,0xCB,0x3A,0xAC,
115 0x55,0x58,0xAD,0x67,0x30,0xDC,0xC3,0xA7,0xA9,0x37,0xBB,0x61,0xA2,0xEA,0x6E,0x0C,
116 0xB0,0x4B,0x0D,0x64,0x3D,0x59,0x3C,0xA3,0xA1,0x73,0x4F,0x33,0xDB,0x6F,0xBF,0x2D,
117 0xB2,0x9D,0xCE,0x05,0x1C,0xF0,0xAB,0x4A,0xB0,0x70,0x5D,0x32,0x20,0x22,0xD7,0x12,
118 0xC0,0x1C,0x0B,0x0D,0xC0,0x72,0x6B,0x6F,0xA4,0xF8,0xAA,0xD2,0x34,0x36,0x63,0x84,
119 0x80,0xF0,0x70,0x5E,0x09,0xEA,0xFF,0x48,0x49,0x85,0x83,0x8E,0x8E,0x6E,0x4C,0x2E,
120 0x2F,0xBB,0xBF,0xDF,0x3B,0x73,0x65,0xA2,0x0D,0x09,0x84,0x8F,0x08,0x86,0x61,0x27,
121 0x58,0xB6,0x7E,0x2D,0xEC,0x08,0xBA,0x40,0x5D,0x20,0x54,0x37,0xDD,0xCC,0xE5,0xDB,
122 0x38,0x68,0xEE,0x56,0x9F,0x92,0xDD,0x03,0x04,0xD2,0x94,0x51,0xD3,0xA9,0x08,0x2E,
123 0x6E,0x25,0x8E,0xBF,0x8A,0xA9,0x2B,0xAD,0x50,0x00,0xA7,0x39,0x11,0x6A,0x9A,0x28,
124 0x99,0x9A,0xB9,0x3B,0xB9,0xB5,0x9C,0x19,0x3A,
125 };
126
127 unsigned char INTERMEDIATE_CERT[1037]={
128 0x30,0x82,0x04,0x09,0x30,0x82,0x02,0xF1,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x02,
129 0x30,0x0B,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x30,0x81,0x9D,
130 0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x54,0x65,0x73,0x74,0x2D,
131 0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,0x52,0x4F,0x4F,0x54,0x31,0x0E,0x30,0x0C,
132 0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,
133 0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,
134 0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,
135 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,
136 0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,
137 0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,
138 0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,
139 0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,
140 0x0D,0x30,0x39,0x31,0x32,0x31,0x38,0x31,0x37,0x33,0x30,0x35,0x34,0x5A,0x17,0x0D,
141 0x31,0x30,0x31,0x32,0x31,0x38,0x31,0x37,0x33,0x30,0x35,0x34,0x5A,0x30,0x81,0xA5,
142 0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x0C,0x19,0x54,0x65,0x73,0x74,0x2D,
143 0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,0x49,0x4E,0x54,0x45,0x52,0x4D,0x45,0x44,
144 0x49,0x41,0x54,0x45,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,
145 0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,
146 0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,
147 0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
148 0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,
149 0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,
150 0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,
151 0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,
152 0x65,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
153 0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,
154 0x0A,0x02,0x82,0x01,0x01,0x00,0xC4,0xBD,0x46,0x0E,0x0F,0x5C,0x1C,0xA2,0x23,0xD2,
155 0x3B,0x8C,0xC4,0x02,0x52,0x8C,0xD8,0xB1,0xC2,0x58,0x2E,0x84,0xAA,0x6C,0xCB,0x4B,
156 0xE4,0xF1,0xE7,0x48,0x98,0x46,0x6B,0xD0,0x50,0xB0,0xA3,0x1F,0x23,0xC6,0x3C,0x81,
157 0x73,0xE7,0xEA,0xAA,0x55,0xF7,0x37,0x58,0x85,0xF6,0x96,0x0D,0xC0,0x81,0x8D,0x3D,
158 0xD9,0xAD,0xFA,0x32,0x46,0x56,0x4A,0x53,0xF5,0x53,0x34,0x5B,0xFC,0xFC,0x51,0x2A,
159 0x45,0xD4,0xCB,0x53,0xF9,0x58,0xBF,0x7D,0x48,0xB3,0x23,0x41,0xD7,0x93,0x1C,0xC2,
160 0x32,0xE8,0x1C,0x82,0xDC,0xDC,0xCB,0xED,0x0B,0xDA,0x8A,0x1C,0xC0,0x0E,0x83,0x24,
161 0xE6,0x2E,0x68,0xA6,0xB6,0x60,0xEE,0xAF,0xB1,0x07,0xF1,0xC0,0xDB,0x29,0x83,0x9E,
162 0x0C,0xF4,0xCF,0x67,0x5B,0x49,0x3A,0x17,0x7E,0xC1,0xEB,0x75,0x3E,0xDD,0x0F,0x9A,
163 0xC7,0x06,0x60,0x2B,0x18,0xBD,0xAA,0x96,0xD1,0xE1,0x9C,0xF0,0x34,0xFF,0x3E,0x8C,
164 0x4A,0x96,0x5D,0x68,0x7C,0xCF,0xA1,0x14,0xED,0xB1,0x8E,0x10,0x8D,0x1F,0x15,0x22,
165 0x4E,0x8E,0x1A,0xC7,0xAD,0xB9,0x16,0xCB,0x3C,0xCB,0x5D,0xB9,0xAC,0xD9,0xFE,0xAE,
166 0xDE,0x06,0x3B,0xB6,0xA1,0xAA,0x7C,0x91,0x76,0xC6,0xA4,0x81,0xBD,0x29,0x86,0x33,
167 0xA6,0xB5,0x4D,0x28,0x94,0x51,0x81,0x3F,0x68,0x95,0xEB,0x41,0x7A,0xE9,0x87,0xD7,
168 0xDC,0xC8,0xA0,0x5F,0xAB,0x29,0xD9,0xC4,0x08,0xC8,0xA0,0x0B,0x77,0xAC,0x6C,0x21,
169 0x10,0xA4,0xED,0x86,0x78,0x99,0x1F,0xA7,0x23,0x33,0x34,0x89,0x80,0x02,0xBC,0xAF,
170 0xC6,0x3E,0x38,0xFB,0x7C,0x47,0x02,0x03,0x01,0x00,0x01,0xA3,0x4C,0x30,0x4A,0x30,
171 0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,
172 0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x02,0x84,
173 0x30,0x27,0x06,0x03,0x55,0x1D,0x11,0x04,0x20,0x30,0x1E,0x81,0x1C,0x73,0x65,0x63,
174 0x75,0x72,0x69,0x74,0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,0x6F,0x75,0x70,0x2E,
175 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
176 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x3C,0x66,0x3B,
177 0x9D,0x6E,0xA9,0x0E,0xC9,0xC2,0x6C,0xF4,0x79,0xFB,0xD5,0x6E,0x1F,0x01,0x4E,0x0D,
178 0x2C,0x64,0x7B,0x6E,0xD7,0xC7,0xA7,0x64,0x8B,0xF0,0xCD,0x93,0xCD,0x12,0x29,0x71,
179 0x87,0x3E,0xA3,0x1E,0x7F,0x57,0xC7,0xD9,0xBF,0xD2,0xF2,0x03,0x27,0xD5,0x5E,0xEF,
180 0x59,0xBC,0x91,0x37,0xB4,0x4A,0xEE,0xD2,0x2F,0xEA,0x92,0x07,0xBC,0xEC,0xAC,0x6A,
181 0xF1,0x34,0xA4,0x40,0x61,0x8B,0xB9,0x3D,0xAF,0x5B,0x86,0x6E,0xEE,0x4C,0xCB,0x7F,
182 0x1F,0xD0,0x0F,0x9E,0x5A,0xF0,0x39,0xFD,0x89,0xF3,0x03,0x61,0x5A,0xDF,0x6B,0x5F,
183 0xE3,0x33,0x51,0x80,0x1B,0x61,0xFE,0x7A,0xC7,0x27,0xBF,0x12,0xB5,0x69,0x79,0x1E,
184 0xAD,0x75,0xA8,0xFA,0x94,0xCC,0x22,0x4C,0xF9,0xB4,0xD3,0xD0,0xDC,0x57,0xD3,0x66,
185 0x96,0xDD,0x8A,0xC0,0xE4,0x11,0x5A,0xD9,0xB3,0x76,0x17,0x04,0xDA,0x62,0x71,0x58,
186 0xEA,0x99,0xC3,0x06,0xA7,0xE8,0xDB,0xA9,0x05,0xEC,0xA3,0xCA,0xDA,0x2E,0x77,0x66,
187 0xF4,0xC4,0xD2,0xC6,0xF0,0x5F,0xE6,0x88,0xDF,0x7F,0x23,0xDE,0x7B,0x04,0xA4,0x22,
188 0x45,0xEF,0x0A,0x13,0x79,0x8E,0xE1,0x14,0x22,0x79,0x22,0x86,0x1A,0x4C,0xA7,0xBA,
189 0x06,0x55,0xD9,0x5E,0xF3,0x9C,0xE0,0x1F,0xE3,0xA4,0x1C,0x8E,0x01,0x9F,0x7E,0xEF,
190 0xD2,0xA7,0x8D,0xD6,0x4D,0x1A,0x3D,0xA7,0xB2,0xDB,0x44,0x25,0xB5,0xA6,0x8A,0xD5,
191 0x49,0x87,0x04,0x6C,0x41,0x13,0x88,0x7A,0xFB,0x5E,0x16,0xA2,0x8F,0x37,0x81,0x47,
192 0xD8,0x27,0x3D,0xBD,0xB1,0x3E,0xCE,0x2A,0x07,0x75,0x45,0x5F,0x44,
193 };
194
195 unsigned char LEAF_CERT[1037]={
196 0x30,0x82,0x04,0x09,0x30,0x82,0x02,0xF1,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x03,
197 0x30,0x0B,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x30,0x81,0xA5,
198 0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x0C,0x19,0x54,0x65,0x73,0x74,0x2D,
199 0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,0x49,0x4E,0x54,0x45,0x52,0x4D,0x45,0x44,
200 0x49,0x41,0x54,0x45,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,
201 0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,
202 0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,
203 0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
204 0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,
205 0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,
206 0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,
207 0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,
208 0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,0x0D,0x30,0x39,0x31,0x32,0x31,0x38,0x31,
209 0x37,0x33,0x32,0x31,0x36,0x5A,0x17,0x0D,0x31,0x30,0x31,0x32,0x31,0x38,0x31,0x37,
210 0x33,0x32,0x31,0x36,0x5A,0x30,0x81,0x9D,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,
211 0x03,0x0C,0x11,0x54,0x65,0x73,0x74,0x2D,0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,
212 0x4C,0x45,0x41,0x46,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,
213 0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,
214 0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,
215 0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
216 0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,
217 0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,
218 0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,
219 0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,
220 0x65,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
221 0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,
222 0x0A,0x02,0x82,0x01,0x01,0x00,0xBF,0x1B,0x87,0x6B,0x10,0xF8,0xF6,0x24,0x07,0x40,
223 0xC3,0xE3,0x81,0x26,0xD6,0xF4,0xFF,0xAA,0x6C,0x26,0xD4,0xBF,0xF7,0x9A,0xF5,0xB8,
224 0x63,0xBD,0x8B,0xFD,0x4B,0xFE,0xFF,0x4B,0xA2,0x15,0x13,0x52,0x84,0x87,0x9E,0x2B,
225 0x32,0x5B,0xF8,0x01,0x28,0x5E,0xF1,0x9C,0xE7,0x52,0xB0,0x89,0xB8,0x4A,0xD0,0x87,
226 0x40,0x0C,0xCD,0xAC,0x11,0x22,0x89,0x44,0x26,0x3B,0x40,0xF3,0x34,0x61,0x14,0x3A,
227 0x94,0xF3,0x1F,0x27,0x62,0xF8,0x8C,0xB4,0xF5,0x1E,0xA6,0x37,0x53,0xB2,0xB3,0x1E,
228 0x35,0xF6,0x00,0x34,0x4B,0x28,0x72,0x5B,0x9D,0xD8,0xEA,0x06,0x91,0x77,0x57,0x38,
229 0x9C,0xA5,0x66,0x5F,0x1A,0x9A,0x0B,0xCC,0x2F,0x2E,0x58,0xA2,0x70,0x66,0xA6,0xEF,
230 0x1B,0x3A,0x0E,0xF0,0x4B,0xA6,0x9D,0x6D,0x63,0xE0,0x1C,0x9C,0x8E,0xFF,0x6F,0x50,
231 0x5F,0x03,0x1A,0x80,0x12,0x4A,0xB6,0x89,0x83,0x5C,0x51,0x9F,0x2F,0xEA,0xE4,0x7F,
232 0x12,0xFB,0xE4,0x92,0xF0,0x8B,0x17,0x35,0x02,0x73,0xA0,0x7D,0xA2,0xB9,0x89,0xE2,
233 0x78,0x52,0xA1,0x08,0x42,0x78,0xD5,0xD3,0x8C,0x3C,0xF2,0x88,0x5E,0x7A,0xCC,0x94,
234 0x80,0x42,0xEA,0xED,0x6E,0x64,0x19,0x5E,0x53,0x05,0xB6,0x60,0xDB,0x81,0x92,0x2C,
235 0x3D,0xD4,0xAF,0xF8,0xED,0xD9,0x28,0xCE,0x0B,0xD9,0xDC,0x20,0x0C,0xA9,0x8D,0xA4,
236 0x54,0xD1,0xDA,0xDE,0x30,0x4A,0x67,0xC6,0xAC,0x4E,0xE3,0xB4,0xD7,0x16,0xF5,0xDC,
237 0xE3,0x52,0xAC,0x01,0x1C,0xB6,0xC1,0x5B,0xB4,0xEA,0x67,0x25,0xFE,0xF6,0x58,0x5C,
238 0xFE,0x88,0x4E,0xCF,0xF1,0x11,0x02,0x03,0x01,0x00,0x01,0xA3,0x4C,0x30,0x4A,0x30,
239 0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x07,0x80,0x30,
240 0x0F,0x06,0x03,0x55,0x1D,0x25,0x04,0x08,0x30,0x06,0x06,0x04,0x55,0x1D,0x25,0x00,
241 0x30,0x27,0x06,0x03,0x55,0x1D,0x11,0x04,0x20,0x30,0x1E,0x81,0x1C,0x73,0x65,0x63,
242 0x75,0x72,0x69,0x74,0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,0x6F,0x75,0x70,0x2E,
243 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
244 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x1A,0xE5,0xD1,
245 0x13,0x66,0x83,0xC7,0x1A,0xB0,0x50,0xF0,0x1B,0x6E,0x70,0x6E,0x36,0x1A,0x0F,0x12,
246 0x9E,0x0B,0xFD,0x4B,0x79,0xEC,0xAA,0x5E,0x2A,0x37,0x79,0x50,0x97,0x13,0x9E,0xB6,
247 0x43,0xF0,0xD2,0xC6,0xF3,0x43,0x73,0x33,0x6C,0xCB,0x73,0xE5,0xBE,0x4C,0x42,0x6F,
248 0x33,0x76,0x96,0xA2,0x6B,0xA0,0x8D,0xAD,0x46,0xA5,0xD4,0xAC,0x0E,0x55,0x80,0x1A,
249 0x6E,0xAF,0xC2,0x2E,0xB3,0xD4,0x64,0xC3,0x65,0xFA,0x1C,0x42,0x47,0x12,0x9F,0x44,
250 0xD2,0x1F,0xCF,0xA1,0x53,0x49,0x66,0x66,0x14,0x21,0xD4,0x17,0xD1,0x26,0x75,0xAD,
251 0x08,0x93,0x9C,0x3B,0xB7,0x7C,0x03,0x2F,0x76,0x5D,0xB7,0x25,0x83,0x68,0xE3,0x01,
252 0x5C,0xCD,0x87,0x7A,0x71,0x8B,0x8D,0x5D,0x27,0x27,0xF2,0x24,0x56,0x7C,0x7E,0x33,
253 0x8F,0xE6,0x02,0x46,0xAD,0x63,0x28,0x85,0xA2,0x9E,0xEA,0x5A,0xC4,0x92,0xCE,0x76,
254 0xE8,0xD4,0xD4,0x7D,0x48,0x44,0xA4,0x21,0x8C,0xB7,0xC2,0x15,0x80,0x87,0x19,0xB1,
255 0x10,0x6A,0xC7,0x51,0xB7,0x25,0x40,0x26,0x8A,0xCC,0xB6,0x0C,0xE2,0x0D,0xA1,0x40,
256 0x20,0x85,0x0F,0xE5,0xB9,0xB5,0x32,0x10,0xA9,0x5F,0x25,0xCA,0xD2,0x95,0x11,0x54,
257 0x41,0xEA,0xC3,0xBA,0x0C,0x24,0x10,0x28,0xC9,0x09,0xAF,0x7E,0xDF,0x6A,0x2F,0x30,
258 0x49,0x7C,0xB0,0x23,0x46,0xA8,0xDC,0xE3,0x6A,0x17,0x87,0xF7,0xCC,0x3A,0xBD,0x11,
259 0x95,0xC3,0x0A,0x37,0xD1,0x1F,0x20,0xB6,0x1B,0xB2,0xA2,0x45,0xFF,0xC1,0x0D,0x9A,
260 0x56,0xCD,0x5A,0xF6,0x08,0xAA,0xBD,0xAB,0x13,0xC6,0xFD,0xAA,0xEC,
261 };
262
263 /* Test certificate for Code Signing policy
264 */
265 unsigned char Test_codesign[]={
266 0x30, 0x82, 0x03, 0xe3, 0x30, 0x82, 0x02, 0xcb, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x01, 0xc8, 0x60, 0x30, 0x0d,
267 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x9d, 0x31, 0x24, 0x30, 0x22,
268 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1b, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x37, 0x38, 0x37, 0x35, 0x38, 0x30, 0x31, 0x20,
269 0x28, 0x43, 0x6f, 0x64, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x29, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
270 0x55, 0x04, 0x0a, 0x0c, 0x0b, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e,
271 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x43, 0x6f, 0x72, 0x65, 0x20, 0x4f, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
272 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
273 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x75, 0x70, 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f,
274 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x6e, 0x6f, 0x62,
275 0x6f, 0x64, 0x79, 0x40, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30,
276 0x34, 0x30, 0x34, 0x32, 0x32, 0x35, 0x35, 0x33, 0x32, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x30, 0x34, 0x30, 0x32, 0x32, 0x32,
277 0x35, 0x35, 0x33, 0x32, 0x5a, 0x30, 0x81, 0x9d, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1b, 0x54,
278 0x65, 0x73, 0x74, 0x2d, 0x37, 0x38, 0x37, 0x35, 0x38, 0x30, 0x31, 0x20, 0x28, 0x43, 0x6f, 0x64, 0x65, 0x20, 0x53, 0x69,
279 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x29, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0b, 0x41, 0x70, 0x70,
280 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x43,
281 0x6f, 0x72, 0x65, 0x20, 0x4f, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31,
282 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
283 0x07, 0x0c, 0x09, 0x43, 0x75, 0x70, 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86,
284 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x6e, 0x6f, 0x62, 0x6f, 0x64, 0x79, 0x40, 0x61, 0x70, 0x70, 0x6c,
285 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
286 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb0, 0x78,
287 0x41, 0xd5, 0xc0, 0x71, 0x1d, 0x02, 0xc8, 0x57, 0x46, 0xf8, 0xc4, 0x3c, 0x7c, 0xa2, 0x13, 0x45, 0x8a, 0x1b, 0xef, 0x16,
288 0xa6, 0x6f, 0xfe, 0x97, 0xe4, 0x8b, 0x6a, 0x7b, 0x89, 0xd2, 0x50, 0xcb, 0x6b, 0xcc, 0x47, 0x32, 0x9a, 0xd3, 0xf4, 0x19,
289 0x62, 0x70, 0xe6, 0x27, 0xc4, 0x13, 0x5a, 0x60, 0x20, 0x8c, 0xb1, 0xc4, 0xf1, 0x76, 0xcd, 0x06, 0xb3, 0x60, 0x78, 0x4d,
290 0xb2, 0x30, 0xb1, 0x1c, 0x53, 0x36, 0x98, 0x44, 0x84, 0x35, 0x57, 0xe9, 0xbc, 0xb7, 0x2d, 0x17, 0xd7, 0x0c, 0xbc, 0x52,
291 0x9e, 0xfd, 0xe5, 0x32, 0x2a, 0xad, 0x28, 0x36, 0x24, 0x81, 0x87, 0x56, 0xd2, 0x39, 0x66, 0x13, 0x9e, 0x26, 0x44, 0x32,
292 0xa3, 0xa7, 0x8b, 0xe7, 0x33, 0x25, 0xa3, 0x8e, 0x25, 0x14, 0x91, 0xf4, 0x32, 0x1a, 0x97, 0x82, 0xd3, 0x5a, 0xb5, 0x68,
293 0x24, 0x0c, 0x46, 0x89, 0x00, 0x6f, 0xfa, 0x27, 0x03, 0xc6, 0x0b, 0xa2, 0xf0, 0xad, 0xd2, 0xec, 0x35, 0xca, 0x1a, 0xc5,
294 0x76, 0xd4, 0xb2, 0x48, 0x72, 0xf0, 0x34, 0x48, 0xd6, 0x8e, 0xae, 0x37, 0x35, 0x87, 0x60, 0x25, 0x16, 0x71, 0xda, 0x0c,
295 0x71, 0xaa, 0x95, 0xc2, 0xe4, 0x09, 0x91, 0xd9, 0x38, 0x62, 0xee, 0x0c, 0x26, 0x34, 0x7b, 0x6b, 0xbb, 0xf8, 0x33, 0xa1,
296 0x08, 0x71, 0xc1, 0x4a, 0x5f, 0x7d, 0x17, 0x31, 0x25, 0xb7, 0xbe, 0x66, 0xab, 0x28, 0x6e, 0x58, 0x3c, 0xd1, 0x5f, 0xbf,
297 0x8f, 0x48, 0x6e, 0x42, 0x8f, 0x85, 0x1a, 0x9e, 0x6b, 0x79, 0xbf, 0x43, 0xd9, 0xeb, 0x20, 0xa8, 0x1e, 0xf6, 0xe4, 0xaa,
298 0xdb, 0x62, 0x87, 0x02, 0x43, 0xd0, 0x75, 0xa4, 0x14, 0x1d, 0x33, 0x3e, 0x81, 0x5d, 0x7a, 0x7c, 0x4a, 0xdf, 0x3e, 0x79,
299 0x70, 0xca, 0xf5, 0xb6, 0xd8, 0x6d, 0x8e, 0xc7, 0x7f, 0xc7, 0xa0, 0x72, 0x6e, 0x95, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
300 0x2a, 0x30, 0x28, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30,
301 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
302 0x07, 0x03, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
303 0x01, 0x01, 0x00, 0x98, 0x03, 0xa7, 0x17, 0x66, 0x1a, 0xf3, 0x19, 0xd5, 0x7f, 0xac, 0x74, 0x8e, 0xa7, 0x43, 0x6a, 0x14,
304 0xca, 0x5d, 0xa8, 0xf9, 0x8d, 0x22, 0x38, 0x48, 0x1c, 0x10, 0xd8, 0xe6, 0xfe, 0x0e, 0x8e, 0xd4, 0xb5, 0x8e, 0x89, 0xd9,
305 0x95, 0x01, 0xba, 0x11, 0x4c, 0x7b, 0x7c, 0x64, 0x98, 0xd8, 0x4a, 0x11, 0x43, 0x0d, 0x71, 0xbd, 0x9f, 0xd9, 0x33, 0x84,
306 0xa0, 0x3e, 0x9d, 0x6d, 0xa7, 0x72, 0xf0, 0x8d, 0x62, 0x9e, 0x45, 0xc2, 0x91, 0xfe, 0xbb, 0xbf, 0x08, 0x8b, 0x37, 0xd7,
307 0x38, 0x71, 0x8f, 0x17, 0x2d, 0x98, 0x81, 0x16, 0x2d, 0xf6, 0x90, 0x6d, 0x57, 0x64, 0x6b, 0xa0, 0xbc, 0x02, 0xd8, 0xeb,
308 0x63, 0x65, 0x1d, 0x1b, 0x20, 0xe7, 0x73, 0x8f, 0xe0, 0x82, 0x8d, 0x8f, 0xf6, 0x36, 0x08, 0x9d, 0xf3, 0xfd, 0x33, 0x4f,
309 0xd2, 0xb0, 0x6d, 0xb8, 0x50, 0x02, 0x43, 0x2f, 0x90, 0x16, 0xe9, 0xb0, 0x1f, 0x9b, 0x2e, 0x70, 0x10, 0x89, 0xaa, 0xdc,
310 0x18, 0xd7, 0xda, 0x3a, 0xce, 0xb8, 0x8f, 0xa4, 0x42, 0x4e, 0x50, 0x50, 0xa9, 0x19, 0x42, 0x0b, 0x07, 0x7c, 0x33, 0xe5,
311 0x47, 0x40, 0x6a, 0x14, 0x02, 0x1f, 0x1e, 0xcf, 0x66, 0xb2, 0x76, 0x88, 0x0d, 0x49, 0x3a, 0xa5, 0xde, 0xfb, 0x99, 0xfa,
312 0x70, 0xd4, 0x5e, 0xa1, 0x3e, 0x6d, 0x7f, 0x6b, 0x8c, 0x71, 0x79, 0x94, 0xb3, 0x1f, 0xcf, 0xdd, 0x9a, 0x31, 0xfd, 0x26,
313 0x82, 0xa9, 0x94, 0x55, 0x87, 0x17, 0x33, 0xd0, 0x35, 0x3e, 0x80, 0x53, 0x8e, 0xb7, 0x18, 0x86, 0x5b, 0x8b, 0xee, 0x29,
314 0xcf, 0xdf, 0x0e, 0x3f, 0x31, 0x9e, 0x29, 0x44, 0xa8, 0x99, 0xf7, 0xbe, 0x51, 0x3b, 0x53, 0xcd, 0x55, 0xfc, 0xb7, 0x6e,
315 0x50, 0x21, 0xf2, 0xcc, 0x9c, 0x09, 0xe2, 0x6f, 0x4d, 0x15, 0x2f, 0x98, 0xa1, 0x04, 0xc0, 0xeb, 0x4c, 0x98, 0x93
316 };
317 unsigned int Test_7875801__Code_Signing__cer_len = 999;
318
319 /* Test certificate for S/MIME policy (encrypt only, no sign), expires September 2026
320 */
321 unsigned char Test_smime_encryptonly[]={
322 0x30, 0x82, 0x04, 0x07, 0x30, 0x82, 0x02, 0xef, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x02, 0xb8, 0x95, 0x23, 0x30,
323 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x9e, 0x31, 0x21, 0x30,
324 0x1f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74,
325 0x69, 0x6f, 0x6e, 0x20, 0x28, 0x53, 0x2f, 0x4d, 0x49, 0x4d, 0x45, 0x29, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
326 0x07, 0x13, 0x09, 0x43, 0x75, 0x70, 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
327 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x43, 0x41, 0x31, 0x10,
328 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x07, 0x43, 0x6f, 0x72, 0x65, 0x20, 0x4f, 0x53, 0x31, 0x14, 0x30, 0x12,
329 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x23,
330 0x30, 0x21, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x14, 0x73, 0x6d, 0x69, 0x6d, 0x65,
331 0x2d, 0x74, 0x65, 0x73, 0x74, 0x40, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31,
332 0x36, 0x30, 0x39, 0x32, 0x30, 0x31, 0x32, 0x30, 0x32, 0x31, 0x33, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x30, 0x39, 0x31, 0x38,
333 0x31, 0x32, 0x30, 0x32, 0x31, 0x33, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
334 0x18, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x28, 0x53, 0x2f,
335 0x4d, 0x49, 0x4d, 0x45, 0x29, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x43, 0x75, 0x70, 0x65,
336 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b,
337 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x43, 0x41, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b,
338 0x13, 0x07, 0x43, 0x6f, 0x72, 0x65, 0x20, 0x4f, 0x53, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b,
339 0x41, 0x70, 0x70, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x23, 0x30, 0x21, 0x06, 0x09, 0x2a, 0x86, 0x48,
340 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x14, 0x73, 0x6d, 0x69, 0x6d, 0x65, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x40, 0x61,
341 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
342 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
343 0x00, 0xd5, 0x9e, 0xf0, 0xe6, 0x4e, 0x8d, 0x1d, 0x0f, 0x62, 0x75, 0x1a, 0x5d, 0xd7, 0x19, 0x34, 0xf0, 0x27, 0xaf, 0x35,
344 0xbb, 0x6d, 0xfe, 0x1b, 0xe5, 0xfd, 0xd5, 0x54, 0x77, 0x4a, 0x2f, 0x1d, 0x50, 0x51, 0xbb, 0x6e, 0x55, 0x9e, 0xfe, 0xcd,
345 0x40, 0xe0, 0xe1, 0xa5, 0xfb, 0xef, 0x8c, 0x6b, 0x49, 0x7e, 0x73, 0x5c, 0x19, 0x44, 0xad, 0x50, 0xbc, 0x10, 0xf9, 0x66,
346 0xcf, 0x17, 0xd4, 0x63, 0x8d, 0x6b, 0x4b, 0x61, 0x09, 0x5e, 0xe7, 0xf2, 0xbf, 0x20, 0x78, 0xf4, 0xe4, 0x71, 0x81, 0xba,
347 0xb9, 0xb0, 0x0e, 0x8c, 0x58, 0xfd, 0x23, 0x67, 0x67, 0x38, 0x4b, 0xcd, 0x23, 0xb3, 0x76, 0x20, 0x51, 0x99, 0xb7, 0x7a,
348 0xc4, 0x34, 0xd4, 0xca, 0x50, 0xc1, 0x16, 0x4d, 0xcf, 0x60, 0x3c, 0xc2, 0x29, 0x06, 0x9b, 0x48, 0x35, 0xdb, 0x7e, 0x1a,
349 0xf8, 0x5d, 0x0e, 0x72, 0xa7, 0x01, 0x02, 0xb4, 0x26, 0x40, 0x81, 0xf3, 0xa8, 0x28, 0x0e, 0x53, 0x79, 0x55, 0x19, 0x13,
350 0xe1, 0xd9, 0x41, 0x78, 0xe6, 0x68, 0x96, 0x91, 0xf9, 0xc9, 0xbf, 0x60, 0xd4, 0x88, 0xdf, 0x26, 0x19, 0xc6, 0xd5, 0xc4,
351 0x3f, 0x70, 0x1f, 0xc0, 0x8f, 0x2c, 0x3d, 0x49, 0xba, 0x79, 0xd8, 0xcd, 0x6d, 0xcc, 0x88, 0xde, 0x86, 0xd4, 0x19, 0x89,
352 0x1b, 0x1c, 0xbd, 0xd8, 0xeb, 0xc6, 0x81, 0xdb, 0xb7, 0x57, 0x53, 0xeb, 0x92, 0xbf, 0xf8, 0x1b, 0xd8, 0x4a, 0xe7, 0xee,
353 0x83, 0x01, 0xf7, 0xae, 0xf4, 0x25, 0x2b, 0x6f, 0x17, 0xf4, 0xa0, 0xb8, 0x7f, 0x87, 0x20, 0x4f, 0xfd, 0xac, 0x59, 0x00,
354 0x80, 0x5e, 0x20, 0x02, 0x5a, 0x41, 0x76, 0xf2, 0x57, 0x97, 0x29, 0xa9, 0x87, 0xae, 0x79, 0xb7, 0x3f, 0x95, 0x2f, 0x37,
355 0x6e, 0xbf, 0x1f, 0x6d, 0xe2, 0x27, 0x39, 0x1c, 0xf2, 0x0b, 0x8f, 0xe4, 0xff, 0x60, 0x5d, 0x8f, 0xeb, 0x02, 0x03, 0x01,
356 0x00, 0x01, 0xa3, 0x4b, 0x30, 0x49, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02,
357 0x05, 0x20, 0x30, 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06,
358 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x18, 0x30, 0x16, 0x81, 0x14, 0x73,
359 0x6d, 0x69, 0x6d, 0x65, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x40, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
360 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x0a,
361 0x49, 0x1f, 0xbe, 0xda, 0xa3, 0x8f, 0x78, 0x2c, 0x19, 0x6d, 0xd1, 0xa4, 0xa8, 0x8d, 0xa1, 0x00, 0xee, 0x8f, 0xa4, 0xd3,
362 0x2b, 0x73, 0xad, 0x46, 0x00, 0x44, 0x40, 0x18, 0xc7, 0x7a, 0xbd, 0x5c, 0x21, 0x80, 0x91, 0xfe, 0xa0, 0x48, 0xfe, 0x00,
363 0x3f, 0xf3, 0xc3, 0xb5, 0x26, 0xf0, 0xf2, 0xfa, 0x6e, 0xf2, 0x64, 0x45, 0x59, 0x41, 0xbd, 0x6f, 0xc2, 0xb6, 0xf8, 0xba,
364 0xc4, 0x75, 0x6a, 0x41, 0xd1, 0x0a, 0x6d, 0x1f, 0xd4, 0xe0, 0xec, 0x77, 0x7a, 0x5f, 0xa8, 0x44, 0x2e, 0xb3, 0x96, 0xe4,
365 0x62, 0x8e, 0xa2, 0x58, 0x85, 0x77, 0x21, 0x4f, 0x70, 0xed, 0x38, 0x5a, 0x69, 0x36, 0x8e, 0xf5, 0x3f, 0x4b, 0x25, 0x40,
366 0xe4, 0x4a, 0x00, 0xef, 0x14, 0xe4, 0xa3, 0xad, 0xaa, 0xbc, 0xdc, 0x18, 0x5f, 0xc5, 0xe9, 0xc1, 0xfe, 0xe4, 0x68, 0x52,
367 0x30, 0x87, 0x1e, 0x80, 0x4d, 0xa6, 0xf5, 0xfd, 0x0d, 0x15, 0x00, 0x06, 0xd8, 0x05, 0x82, 0x2d, 0x94, 0x44, 0x80, 0x8f,
368 0x1b, 0xac, 0x18, 0x9f, 0x51, 0x40, 0x47, 0x29, 0x4f, 0x7b, 0xb8, 0xbb, 0x03, 0xdd, 0x8a, 0x01, 0x4f, 0xd0, 0x4e, 0x21,
369 0xf5, 0xc3, 0x64, 0x2f, 0xa6, 0xe3, 0x81, 0x8d, 0x65, 0xc0, 0x6a, 0x17, 0x1d, 0xc5, 0xdf, 0xa6, 0x07, 0x7c, 0x48, 0x59,
370 0x35, 0x78, 0x02, 0x29, 0xa0, 0xbe, 0x25, 0x39, 0xdf, 0x51, 0x30, 0x7b, 0x2a, 0x19, 0xd0, 0x33, 0xcd, 0x07, 0x61, 0x38,
371 0x18, 0x46, 0xc7, 0x16, 0x8b, 0xcd, 0xa9, 0xbf, 0x22, 0xd0, 0xf7, 0xd1, 0xa4, 0x32, 0x80, 0x9f, 0x2e, 0x17, 0x0a, 0x17,
372 0xbc, 0x48, 0xf3, 0x2c, 0x6d, 0x40, 0x3b, 0xf0, 0xf5, 0x0b, 0x10, 0x98, 0x93, 0x50, 0xcc, 0x46, 0x64, 0x57, 0x6d, 0xb5,
373 0xa0, 0xda, 0x8f, 0xd7, 0xc6, 0x0a, 0x01, 0x1d, 0x89, 0x0b, 0x2f, 0xe3, 0x98, 0xcc, 0x9a
374 };
375 unsigned int Test_Encryption__S_MIME__cer_len = 1035;
376
377 /* Test identity for S/MIME policy (sign only, no encrypt)
378 */
379 unsigned char Test_smime_signonly_p12[] = {
380 0x30, 0x82, 0x0a, 0xdd, 0x02, 0x01, 0x03, 0x30, 0x82, 0x0a, 0xa4, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
381 0x07, 0x01, 0xa0, 0x82, 0x0a, 0x95, 0x04, 0x82, 0x0a, 0x91, 0x30, 0x82, 0x0a, 0x8d, 0x30, 0x82, 0x05, 0x07, 0x06, 0x09,
382 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06, 0xa0, 0x82, 0x04, 0xf8, 0x30, 0x82, 0x04, 0xf4, 0x02, 0x01, 0x00,
383 0x30, 0x82, 0x04, 0xed, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a,
384 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x06, 0x30, 0x0e, 0x04, 0x08, 0xa7, 0xf8, 0xe5, 0x65, 0x62, 0x31, 0xe0,
385 0xa6, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x04, 0xc0, 0x2b, 0xf6, 0xdc, 0x0d, 0x1c, 0xce, 0x0d, 0x2a, 0xa8, 0x50, 0x94,
386 0xc5, 0x52, 0x04, 0xa0, 0x07, 0x8b, 0xf2, 0x31, 0x4e, 0x5e, 0xfe, 0xe7, 0x8f, 0x53, 0xac, 0x98, 0x1a, 0x04, 0x08, 0xdc,
387 0xd9, 0xc6, 0xd5, 0xee, 0xbd, 0x43, 0x15, 0x55, 0xf8, 0x03, 0xa7, 0x05, 0x31, 0x7f, 0xee, 0x36, 0xa8, 0x43, 0xdb, 0x09,
388 0x25, 0x61, 0x8e, 0x1c, 0xd2, 0x84, 0x22, 0xc2, 0xf5, 0x2f, 0x29, 0x4b, 0x97, 0xfd, 0x38, 0xb8, 0x4d, 0xde, 0x76, 0x28,
389 0xe9, 0xd9, 0xf7, 0xf1, 0x77, 0xdd, 0x7d, 0x6f, 0x35, 0xf7, 0x73, 0x94, 0xeb, 0x39, 0x5d, 0xaf, 0x92, 0xca, 0x07, 0x39,
390 0xa2, 0x8a, 0xd2, 0xcd, 0xe0, 0x69, 0x5b, 0x2f, 0xc3, 0x29, 0x1c, 0xbb, 0x27, 0x01, 0x83, 0x49, 0xfe, 0x55, 0x75, 0x1f,
391 0x56, 0xf4, 0xf8, 0xed, 0x60, 0xe3, 0xee, 0x10, 0x40, 0x4d, 0x67, 0xdb, 0x1b, 0x4e, 0x0b, 0x03, 0x65, 0xfc, 0x10, 0x9f,
392 0x40, 0x19, 0xcd, 0xe7, 0x5b, 0x6f, 0x8d, 0xf4, 0x21, 0x80, 0x1e, 0x81, 0xae, 0x34, 0xac, 0x70, 0xf5, 0xdd, 0x59, 0xb7,
393 0xd8, 0x31, 0x9f, 0xd9, 0xec, 0x54, 0x8c, 0x93, 0x73, 0x78, 0xbf, 0x5c, 0xf9, 0x29, 0x8b, 0x32, 0xdd, 0x3d, 0xb5, 0xe8,
394 0xdf, 0xe6, 0x78, 0xd2, 0xbe, 0x9d, 0x55, 0x2d, 0xde, 0x23, 0xe4, 0x14, 0xc2, 0x7b, 0x38, 0xce, 0x27, 0x22, 0x0b, 0x6a,
395 0x05, 0x22, 0x27, 0x39, 0x04, 0x99, 0x6f, 0x02, 0x74, 0xc0, 0xc8, 0xcd, 0x8d, 0xa7, 0x76, 0x9f, 0x41, 0x76, 0x6b, 0x97,
396 0x5f, 0x40, 0xc4, 0xa4, 0x77, 0x85, 0x2b, 0x18, 0x94, 0x79, 0xa3, 0x2a, 0x8d, 0x72, 0x5c, 0x8a, 0x15, 0xad, 0x57, 0x87,
397 0xc3, 0x72, 0x83, 0x89, 0x4a, 0xec, 0x92, 0xb6, 0xad, 0xb0, 0x5a, 0xb6, 0x1a, 0x53, 0x61, 0x28, 0x66, 0xfc, 0x9c, 0x4a,
398 0x4f, 0xfd, 0x38, 0x2a, 0x00, 0x55, 0x56, 0x03, 0xff, 0x09, 0xb0, 0xff, 0xbc, 0xa6, 0x78, 0x43, 0x0c, 0x90, 0xc7, 0x6d,
399 0x25, 0x45, 0x73, 0x61, 0x55, 0x24, 0x5d, 0x93, 0x2c, 0x38, 0x4f, 0x8d, 0x68, 0x41, 0xfe, 0xeb, 0xbc, 0xae, 0xee, 0x92,
400 0xa5, 0xbd, 0x6c, 0x1f, 0x4c, 0xe2, 0xb2, 0xc8, 0x42, 0x50, 0x5c, 0xa9, 0xa3, 0x53, 0x46, 0x6b, 0xa1, 0x4e, 0x69, 0x6f,
401 0xe0, 0x12, 0xc4, 0x03, 0x1e, 0xe5, 0xc1, 0xad, 0x8d, 0x57, 0x95, 0xfd, 0x24, 0x85, 0xd7, 0x2b, 0x5d, 0xbb, 0x72, 0x5b,
402 0x62, 0x72, 0x97, 0xdd, 0xb8, 0xb1, 0x7a, 0xf7, 0x42, 0x2c, 0x9f, 0xe2, 0x6e, 0x57, 0x7d, 0xee, 0x72, 0x67, 0xec, 0x98,
403 0x3a, 0x63, 0x44, 0x28, 0x75, 0xce, 0x9b, 0x5e, 0x95, 0xe6, 0x34, 0x7c, 0x1e, 0x56, 0x33, 0x3d, 0x31, 0x69, 0xd6, 0xf7,
404 0x62, 0xa9, 0x7c, 0x0e, 0xf7, 0x9d, 0xf8, 0x7d, 0xfe, 0x86, 0x12, 0x62, 0x18, 0xf1, 0xdd, 0xbf, 0x37, 0x73, 0xb2, 0x0b,
405 0x81, 0xb4, 0x38, 0xcb, 0x93, 0x8c, 0x3a, 0xe6, 0xd6, 0x72, 0x39, 0x09, 0x84, 0x09, 0xd7, 0x14, 0xc1, 0x67, 0x78, 0xc4,
406 0x5a, 0xa3, 0xa6, 0x0b, 0x0c, 0xd8, 0xd4, 0xda, 0xd7, 0xb8, 0x3a, 0x86, 0xcc, 0x44, 0x7d, 0xf6, 0x30, 0x4f, 0x07, 0x9f,
407 0x8a, 0x28, 0x22, 0x89, 0x34, 0xd3, 0x7b, 0xe6, 0x1b, 0xac, 0x9a, 0x11, 0xdd, 0x06, 0x72, 0x6e, 0x3f, 0x39, 0x3f, 0x18,
408 0x92, 0xc8, 0x93, 0xbb, 0x7c, 0x4a, 0x65, 0xad, 0xba, 0xfb, 0x6b, 0x29, 0xe3, 0xd5, 0x0d, 0xfc, 0xf1, 0x05, 0x91, 0x9d,
409 0x3f, 0x86, 0x86, 0xd3, 0xf3, 0x48, 0x8b, 0xba, 0x97, 0x59, 0xaf, 0xfb, 0x06, 0x34, 0x6e, 0x09, 0x5b, 0x4f, 0x4a, 0xdf,
410 0x3c, 0x94, 0xc7, 0x18, 0xb0, 0xf0, 0x23, 0xaf, 0x2f, 0x4e, 0x29, 0xd2, 0x99, 0xc3, 0x5f, 0x43, 0x52, 0xd2, 0x93, 0x1b,
411 0x8c, 0x13, 0x08, 0x5c, 0xa3, 0x5a, 0x68, 0x14, 0x7d, 0xda, 0xad, 0x92, 0xb5, 0xd0, 0x13, 0xe6, 0x21, 0xbc, 0x5b, 0xd5,
412 0xfa, 0x4e, 0xd7, 0x01, 0x8b, 0xa0, 0x9a, 0xfd, 0x02, 0x02, 0xc3, 0x9e, 0x7f, 0xfc, 0xc0, 0x90, 0x2a, 0xdd, 0xac, 0xa0,
413 0x01, 0x92, 0x39, 0x23, 0xb4, 0x3b, 0x2a, 0x13, 0x56, 0xcb, 0x78, 0xf5, 0xe1, 0xac, 0x15, 0x7f, 0x22, 0x38, 0x77, 0x0c,
414 0xa8, 0xfc, 0x46, 0x14, 0x02, 0xbe, 0x28, 0xf2, 0xa4, 0x59, 0x68, 0x01, 0x73, 0x4a, 0x52, 0xea, 0xfe, 0xb8, 0x8e, 0x59,
415 0xf2, 0x41, 0xaa, 0x04, 0x77, 0x20, 0xc6, 0x57, 0x62, 0x60, 0xb3, 0xc0, 0x6b, 0x2b, 0x5b, 0x4d, 0x64, 0x0c, 0xfe, 0x09,
416 0x92, 0x35, 0x9f, 0xde, 0xfe, 0xad, 0x8e, 0xd6, 0xf3, 0x8f, 0xb9, 0xf4, 0x77, 0x0f, 0xed, 0x47, 0x0d, 0x77, 0x59, 0x9c,
417 0xda, 0x7f, 0x40, 0xa1, 0xee, 0x6c, 0xaf, 0x66, 0x69, 0x12, 0x3a, 0x42, 0x98, 0x55, 0x91, 0x34, 0xf8, 0x02, 0x57, 0xf9,
418 0xf1, 0x9c, 0x5e, 0x7f, 0xec, 0x44, 0x14, 0x21, 0x8b, 0x21, 0x98, 0xe8, 0x62, 0x00, 0x0b, 0x9b, 0xe2, 0xc8, 0xff, 0xfe,
419 0xf5, 0xa0, 0xc5, 0x6a, 0x61, 0x75, 0x6f, 0xbf, 0x1f, 0x8d, 0x72, 0xbe, 0x48, 0x1f, 0xdf, 0x58, 0xba, 0x13, 0x33, 0x60,
420 0x8f, 0xc4, 0x5b, 0xf3, 0x70, 0x94, 0xee, 0x25, 0x98, 0x5e, 0x30, 0x40, 0x7f, 0x1c, 0xf6, 0x34, 0xb5, 0x6d, 0x5c, 0xc2,
421 0x45, 0xad, 0x1b, 0x88, 0x9e, 0x10, 0x59, 0x86, 0xcf, 0x49, 0xaa, 0xa4, 0x72, 0xee, 0x1c, 0xeb, 0x21, 0x85, 0x78, 0x5c,
422 0x1a, 0x08, 0x33, 0x6d, 0x52, 0xf3, 0xde, 0x86, 0x64, 0x2a, 0x34, 0x9e, 0x17, 0x16, 0xc5, 0xaf, 0xc9, 0x5a, 0xb0, 0x69,
423 0xcb, 0xdf, 0x6f, 0x23, 0x67, 0xe7, 0x02, 0x93, 0xf8, 0x79, 0x3d, 0xc1, 0x7f, 0x7e, 0xe7, 0x9a, 0xb2, 0xa8, 0x5b, 0x11,
424 0x64, 0x8c, 0x4b, 0x71, 0x29, 0xc4, 0x8c, 0xa5, 0x3b, 0xcf, 0x42, 0x48, 0x41, 0x2b, 0x29, 0x31, 0xc4, 0xfc, 0x21, 0x69,
425 0x10, 0x1e, 0x8c, 0xde, 0x02, 0x45, 0x43, 0x30, 0x4a, 0x9f, 0x4b, 0x8f, 0x4f, 0xf5, 0x63, 0x4f, 0x6d, 0xed, 0x7c, 0x37,
426 0x3f, 0x88, 0x43, 0x01, 0x95, 0xba, 0x49, 0x03, 0xa1, 0xe0, 0xe6, 0xf9, 0x58, 0x3a, 0x50, 0xf3, 0x3f, 0xcf, 0x15, 0xc7,
427 0x30, 0x4b, 0x56, 0xad, 0x74, 0x9e, 0x1d, 0xe1, 0x1f, 0x33, 0x33, 0x10, 0x9f, 0x55, 0xf6, 0xad, 0xf2, 0x07, 0x32, 0x39,
428 0xd4, 0x6e, 0x32, 0xd2, 0xc5, 0xbb, 0x67, 0x7d, 0x77, 0xd3, 0x21, 0xb5, 0xce, 0x5f, 0x07, 0xc4, 0x61, 0x6b, 0x67, 0x1d,
429 0x58, 0x56, 0xf7, 0xa3, 0x99, 0x4f, 0x7a, 0x9d, 0xd3, 0x78, 0x07, 0x7f, 0x4e, 0x24, 0x94, 0x2e, 0x75, 0x46, 0xd0, 0x1e,
430 0x76, 0x77, 0xf1, 0x18, 0x1c, 0xbf, 0x3e, 0xe5, 0x42, 0x45, 0x9c, 0x30, 0x78, 0x64, 0x5e, 0x55, 0x43, 0x42, 0x4e, 0x60,
431 0x1f, 0x57, 0xc3, 0xd3, 0xe3, 0xf4, 0x8b, 0x4c, 0xaf, 0x18, 0xc0, 0xa9, 0xf8, 0xe5, 0xd3, 0x96, 0xe0, 0xd2, 0x0a, 0x05,
432 0xc5, 0x2a, 0x42, 0x16, 0xc9, 0x1d, 0x90, 0xfb, 0x4b, 0x2d, 0x3b, 0xbf, 0x14, 0xfc, 0x7b, 0x47, 0x11, 0xf7, 0x46, 0x7b,
433 0x31, 0xb4, 0x2f, 0x25, 0x89, 0xed, 0x5d, 0x95, 0x7c, 0x0b, 0xe9, 0x89, 0x7a, 0x0a, 0x83, 0xc2, 0x08, 0xcc, 0x61, 0x8d,
434 0x7a, 0xf3, 0x3a, 0x7e, 0x7e, 0xa4, 0x16, 0x36, 0x0e, 0x9e, 0xac, 0xd3, 0x01, 0x0d, 0x60, 0x0c, 0x5e, 0xca, 0x2d, 0xcc,
435 0x59, 0xd8, 0x9d, 0x67, 0xb6, 0xc0, 0x81, 0xa7, 0xcb, 0x64, 0x8f, 0x03, 0x18, 0xc8, 0xba, 0x2b, 0x3d, 0x83, 0x37, 0x7e,
436 0xe2, 0x24, 0x9e, 0xff, 0xef, 0x78, 0x0c, 0x24, 0xaf, 0x90, 0x83, 0x45, 0x29, 0xfd, 0x1c, 0x1e, 0xc3, 0xf9, 0x49, 0x88,
437 0x48, 0xf3, 0xae, 0x22, 0x26, 0x07, 0xa6, 0xc6, 0x50, 0xed, 0xda, 0xb7, 0xb8, 0x4e, 0x1f, 0x6c, 0x7f, 0x9c, 0x54, 0x77,
438 0x0c, 0x66, 0x0b, 0x65, 0x4b, 0xdd, 0x9a, 0x9f, 0x69, 0xdc, 0x9a, 0x3a, 0xfc, 0xa8, 0x1c, 0xb5, 0xcf, 0xfd, 0x9a, 0x9d,
439 0x49, 0x5e, 0xcb, 0xd5, 0xa8, 0xcd, 0x89, 0xa6, 0xd3, 0x26, 0xfd, 0xa3, 0x8f, 0x46, 0xb8, 0x98, 0x63, 0x0d, 0x0a, 0xd8,
440 0x21, 0xed, 0xa5, 0x5f, 0x0a, 0x6e, 0x8b, 0xd1, 0xd7, 0x93, 0xca, 0xa8, 0xc2, 0x54, 0x6d, 0x8e, 0x4a, 0x3a, 0x87, 0x50,
441 0x23, 0x6c, 0x98, 0x4d, 0x61, 0xc9, 0x21, 0xca, 0xfa, 0xe9, 0x14, 0xaf, 0x85, 0x07, 0x66, 0x40, 0xe4, 0x3c, 0x78, 0xcf,
442 0x8f, 0x0d, 0x06, 0xe2, 0xce, 0x5b, 0x38, 0xdd, 0x6c, 0x99, 0x95, 0x7a, 0x3a, 0xaf, 0xfb, 0x82, 0xdb, 0x94, 0x51, 0x6d,
443 0x99, 0xd6, 0x47, 0x41, 0x16, 0x8c, 0x7e, 0x30, 0xb4, 0x86, 0x42, 0xe7, 0xad, 0x38, 0x16, 0x12, 0x3e, 0x6b, 0xcf, 0xb8,
444 0x8f, 0x08, 0x8c, 0xce, 0xc9, 0xf5, 0x5a, 0x6d, 0x6d, 0x1c, 0xef, 0xa3, 0xee, 0x44, 0x1e, 0x48, 0xe4, 0x41, 0xc6, 0xfa,
445 0x38, 0x63, 0xf6, 0x7d, 0x50, 0x59, 0x36, 0x9b, 0x8a, 0xbc, 0x66, 0x9d, 0x3d, 0xac, 0xe0, 0x4a, 0x2b, 0x27, 0xd4, 0x0a,
446 0x5e, 0x8c, 0xd2, 0x03, 0xde, 0x30, 0x82, 0x05, 0x7e, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01,
447 0xa0, 0x82, 0x05, 0x6f, 0x04, 0x82, 0x05, 0x6b, 0x30, 0x82, 0x05, 0x67, 0x30, 0x82, 0x05, 0x63, 0x06, 0x0b, 0x2a, 0x86,
448 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04, 0xee, 0x30, 0x82, 0x04, 0xea, 0x30, 0x1c, 0x06,
449 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, 0x04, 0x08, 0xe8, 0xe9, 0xa0, 0xff, 0x46,
450 0xbd, 0xb7, 0xbe, 0x02, 0x02, 0x08, 0x00, 0x04, 0x82, 0x04, 0xc8, 0xb7, 0xe8, 0x82, 0xae, 0xfd, 0x43, 0x15, 0xbb, 0xf4,
451 0x94, 0x2d, 0x8d, 0x28, 0x5c, 0x66, 0xc4, 0x78, 0x5b, 0x0f, 0x41, 0xf9, 0x8e, 0x65, 0x3f, 0xf3, 0x06, 0x99, 0x36, 0x70,
452 0xeb, 0x99, 0x38, 0x29, 0x49, 0xea, 0x28, 0xc4, 0x84, 0x11, 0x8c, 0x4f, 0x5e, 0x61, 0x7c, 0x3f, 0xc3, 0x61, 0x16, 0x1b,
453 0xce, 0x50, 0xc9, 0xd6, 0x3e, 0x0e, 0x96, 0x93, 0xd1, 0xf7, 0x1a, 0x79, 0x86, 0x86, 0x22, 0x7e, 0x39, 0xc0, 0x15, 0x49,
454 0x69, 0xc5, 0x56, 0xf9, 0xb6, 0xeb, 0xe0, 0x36, 0x53, 0x01, 0xc1, 0xb9, 0x2d, 0x31, 0xdb, 0xdc, 0x12, 0xe0, 0x1b, 0x85,
455 0x4b, 0x11, 0xfa, 0x74, 0xd5, 0x5b, 0x4a, 0x84, 0xbc, 0x7e, 0x1f, 0xf4, 0x1e, 0x04, 0x75, 0x5e, 0x75, 0x6b, 0xb0, 0x6f,
456 0xc0, 0xb6, 0x5c, 0x0b, 0x93, 0xe7, 0x96, 0x94, 0x4c, 0x17, 0x97, 0xce, 0x4e, 0x2c, 0xe8, 0x48, 0xff, 0x89, 0xd5, 0x8c,
457 0x41, 0xe1, 0x0d, 0xed, 0xb2, 0x82, 0x7a, 0x75, 0x49, 0xbf, 0x0e, 0xf2, 0xec, 0x06, 0x8b, 0xa7, 0x86, 0xd8, 0x95, 0x4a,
458 0x3e, 0x5a, 0x78, 0xea, 0xf3, 0xee, 0xff, 0x5b, 0xc9, 0x21, 0x58, 0x88, 0x2c, 0x84, 0xab, 0x1f, 0x79, 0x07, 0xae, 0x98,
459 0x6a, 0xa0, 0xc9, 0x93, 0x3d, 0x74, 0x67, 0x43, 0x5b, 0x2d, 0xfb, 0x57, 0xc8, 0x24, 0x8e, 0xe6, 0x74, 0x0f, 0x11, 0x53,
460 0x8d, 0x2b, 0xd9, 0xa6, 0x44, 0x11, 0x32, 0xab, 0xec, 0x08, 0xe4, 0x63, 0xb3, 0x19, 0x5d, 0xd2, 0xff, 0x7d, 0x29, 0xb2,
461 0x4e, 0xc0, 0x44, 0x0b, 0xd2, 0x68, 0x4d, 0xc0, 0xbf, 0x24, 0xcd, 0x01, 0x26, 0x31, 0x52, 0xcf, 0x1c, 0x14, 0x8f, 0x70,
462 0x31, 0x1f, 0x68, 0x19, 0xfd, 0x81, 0x09, 0xef, 0xbd, 0xc0, 0xa7, 0xcd, 0xd9, 0x6c, 0xff, 0xf7, 0xb1, 0x11, 0xbb, 0xfa,
463 0x8b, 0x73, 0x22, 0xd9, 0x3a, 0x74, 0xa3, 0x49, 0x54, 0xd7, 0x52, 0x53, 0xd5, 0xaa, 0x1b, 0x72, 0xbd, 0xa6, 0x44, 0x7d,
464 0xed, 0x97, 0xe9, 0xfd, 0xcf, 0x26, 0x2b, 0x3c, 0x3a, 0x00, 0xf7, 0x3f, 0xf7, 0xdc, 0x91, 0x3a, 0x65, 0x5b, 0xcb, 0xba,
465 0x79, 0x5c, 0xb7, 0xfb, 0x79, 0x15, 0xe7, 0x7d, 0x1c, 0xd8, 0xf5, 0x89, 0x0f, 0xb1, 0x5e, 0x8d, 0x96, 0xa2, 0xef, 0x3f,
466 0x8d, 0x27, 0x38, 0x36, 0xd5, 0xcf, 0xe5, 0x67, 0xd0, 0xa9, 0xa5, 0xde, 0x16, 0xe7, 0xe7, 0x62, 0x04, 0x55, 0x66, 0xfd,
467 0x9f, 0xa4, 0x10, 0xcb, 0x30, 0x12, 0x10, 0x24, 0xb4, 0x7f, 0x63, 0x6a, 0x38, 0xd0, 0x9b, 0x77, 0x93, 0x27, 0xda, 0x72,
468 0xeb, 0xdb, 0x79, 0x26, 0x92, 0x60, 0xc5, 0x41, 0xb9, 0xe6, 0xce, 0x08, 0xaf, 0x3e, 0x0f, 0xe6, 0x8d, 0x17, 0x7e, 0x3b,
469 0xbc, 0x37, 0x57, 0x16, 0x54, 0xbe, 0x8c, 0x6a, 0xda, 0xb1, 0x7c, 0x46, 0xee, 0xc7, 0xed, 0x26, 0x76, 0x91, 0x01, 0xd5,
470 0x9c, 0x7b, 0xc2, 0xb7, 0x6f, 0x8c, 0xa1, 0xd1, 0x93, 0x50, 0x0c, 0x27, 0x0c, 0x74, 0xa4, 0x80, 0x7c, 0x3d, 0x28, 0x93,
471 0x21, 0xbe, 0xc9, 0x9f, 0xb5, 0x0a, 0xc8, 0x31, 0x12, 0x25, 0x90, 0x3f, 0x9a, 0x6d, 0x20, 0x02, 0xa0, 0xd6, 0x21, 0x53,
472 0x10, 0x55, 0x19, 0x48, 0x57, 0xf8, 0x2a, 0x48, 0xc4, 0xb5, 0xa1, 0x79, 0xac, 0x53, 0xbd, 0x2b, 0xde, 0x4d, 0xa4, 0x77,
473 0xe4, 0x1f, 0x87, 0x9f, 0x9f, 0xd1, 0x9c, 0x00, 0x8d, 0x7b, 0x83, 0x4a, 0xc4, 0x25, 0xf2, 0xb7, 0xfc, 0xb8, 0x0e, 0x97,
474 0x26, 0x70, 0x26, 0x89, 0x86, 0xe6, 0x15, 0xaa, 0x8f, 0x5e, 0x76, 0xb3, 0x3f, 0x8b, 0x01, 0xda, 0xf5, 0x99, 0x01, 0x32,
475 0xc3, 0x76, 0x19, 0x93, 0xca, 0xda, 0x27, 0xb1, 0x74, 0x0e, 0x84, 0x4b, 0x02, 0x4b, 0x50, 0x31, 0x64, 0x69, 0xd9, 0xa4,
476 0x21, 0x85, 0xfd, 0xab, 0x69, 0xf3, 0x66, 0x40, 0x43, 0x13, 0x4f, 0x58, 0xf5, 0x03, 0x3b, 0xc1, 0xea, 0x40, 0xeb, 0xe4,
477 0xca, 0x63, 0x29, 0xca, 0x41, 0x64, 0x7a, 0x0e, 0xb9, 0x46, 0xf2, 0xcb, 0xa0, 0xf3, 0x3e, 0x35, 0xaf, 0xe1, 0x81, 0xa9,
478 0xd3, 0x0c, 0xef, 0xe9, 0x2d, 0xc4, 0x10, 0x46, 0x24, 0xd0, 0x6d, 0xab, 0xb1, 0xd3, 0xe0, 0x4a, 0x43, 0xcd, 0x3f, 0xa4,
479 0xe4, 0xdc, 0x3e, 0x70, 0x07, 0x62, 0x93, 0x27, 0x32, 0x46, 0x57, 0x85, 0x45, 0x6a, 0xcf, 0x0d, 0xec, 0x08, 0xf0, 0x07,
480 0x6c, 0xb8, 0x87, 0xd1, 0xc5, 0xa3, 0xf0, 0xd6, 0xaf, 0x37, 0x09, 0xff, 0xbc, 0x15, 0x56, 0x60, 0xfc, 0x2a, 0xec, 0xbf,
481 0x8c, 0x22, 0x1c, 0xef, 0xaa, 0xfe, 0x6a, 0x42, 0xa0, 0x41, 0xdd, 0x8d, 0x7d, 0xa8, 0x74, 0xa8, 0xb4, 0xfc, 0x12, 0x2e,
482 0xf2, 0xe6, 0xbe, 0xa6, 0xbc, 0x31, 0x01, 0x40, 0xa4, 0x27, 0xc2, 0x75, 0xbb, 0x12, 0x91, 0xc9, 0x84, 0xa0, 0xd5, 0xff,
483 0xaa, 0x8d, 0x8f, 0x22, 0xd0, 0x05, 0x05, 0x63, 0xe1, 0xa3, 0xa0, 0xfc, 0x7d, 0xb4, 0xd9, 0x26, 0xcf, 0x77, 0x46, 0x36,
484 0x9a, 0xdd, 0x97, 0x8f, 0xc6, 0x79, 0x99, 0x81, 0x47, 0x91, 0x00, 0xe3, 0x88, 0xe4, 0x09, 0xca, 0xb9, 0x2c, 0x66, 0x70,
485 0xa2, 0x1c, 0xc7, 0xb9, 0xfe, 0xd3, 0x3e, 0x8f, 0x52, 0x5a, 0xfb, 0x63, 0x8d, 0x06, 0x36, 0xd9, 0x40, 0xf6, 0x4a, 0x99,
486 0xcf, 0xf6, 0x60, 0x02, 0xb2, 0xff, 0x81, 0x51, 0x44, 0xf7, 0x69, 0x7a, 0xc6, 0xf9, 0x6a, 0xe3, 0x3a, 0xc5, 0x11, 0xc3,
487 0x61, 0xe7, 0x09, 0xdd, 0x88, 0x04, 0x0c, 0x41, 0xbf, 0x41, 0x6e, 0x20, 0x5c, 0xf0, 0x6b, 0x3c, 0x57, 0x3b, 0x03, 0x16,
488 0x25, 0xc7, 0x39, 0x42, 0x4d, 0x32, 0x30, 0xd3, 0x12, 0xbf, 0x85, 0x3b, 0x90, 0x9a, 0x38, 0xe1, 0x6c, 0x32, 0x5b, 0xe5,
489 0xa0, 0x8e, 0xab, 0x7f, 0xcc, 0x36, 0x91, 0x7b, 0xd3, 0x45, 0x47, 0xa5, 0x14, 0x47, 0xb0, 0x0a, 0x0f, 0x29, 0xcd, 0xbc,
490 0x72, 0x2c, 0xc9, 0x47, 0xf4, 0xd7, 0x3e, 0x5c, 0x25, 0x85, 0x9b, 0x7d, 0xa9, 0xf7, 0xdc, 0xec, 0xfe, 0x7b, 0x6b, 0xad,
491 0x00, 0x24, 0xd2, 0x84, 0xd8, 0xd1, 0xc1, 0x2a, 0xde, 0x0d, 0x14, 0x46, 0x87, 0xa6, 0x83, 0x59, 0x6b, 0xde, 0x06, 0xf8,
492 0x1c, 0x81, 0x04, 0x3e, 0x14, 0xac, 0x9a, 0xe4, 0xc4, 0xe1, 0x51, 0xbb, 0xcf, 0xe0, 0xf5, 0xc3, 0x40, 0xdd, 0x1e, 0xae,
493 0x3e, 0x06, 0x45, 0x80, 0x7a, 0x6b, 0x07, 0x58, 0xc1, 0xcf, 0xb3, 0x22, 0xd4, 0xfe, 0xc0, 0x01, 0x86, 0x16, 0x48, 0x5a,
494 0x04, 0xe9, 0x3c, 0xa0, 0xdb, 0x2d, 0x57, 0xec, 0x6f, 0x83, 0x4e, 0x14, 0xcc, 0xf8, 0x01, 0x3b, 0x46, 0x6a, 0xec, 0xd0,
495 0xd3, 0x13, 0x29, 0xf5, 0x61, 0x38, 0x7a, 0x41, 0xd6, 0xca, 0x87, 0x4e, 0x91, 0x67, 0x3a, 0x7f, 0x4e, 0x1e, 0x40, 0x07,
496 0xad, 0x0d, 0x80, 0xac, 0x83, 0xd2, 0x4d, 0xee, 0xc6, 0x81, 0xab, 0x86, 0x58, 0xd0, 0x86, 0x3e, 0x97, 0x95, 0xef, 0xec,
497 0xbe, 0xd6, 0xe9, 0xc1, 0xce, 0x2e, 0xa5, 0xd1, 0x71, 0x1c, 0x7e, 0xb9, 0xa4, 0x5f, 0xcc, 0x12, 0x96, 0x13, 0x50, 0x6d,
498 0x07, 0x8c, 0xa3, 0xa5, 0x40, 0x73, 0xb3, 0x90, 0x70, 0x92, 0x4b, 0x48, 0x95, 0xb7, 0x38, 0x72, 0xe3, 0x9c, 0x1d, 0x1d,
499 0x6b, 0x4a, 0x29, 0xf3, 0xf5, 0x77, 0xfb, 0x5e, 0x44, 0x4e, 0x2b, 0xec, 0xc2, 0x65, 0xd2, 0x4c, 0x6c, 0xad, 0xac, 0xb7,
500 0x64, 0x9a, 0xd2, 0xbf, 0x10, 0x53, 0xdd, 0x2d, 0x48, 0x55, 0x45, 0x9d, 0x64, 0x1d, 0x00, 0x15, 0xd2, 0x20, 0x15, 0x9f,
501 0xcf, 0xc0, 0x72, 0x20, 0xec, 0xf3, 0x55, 0x86, 0x36, 0x8b, 0xac, 0x8f, 0x71, 0x04, 0xc5, 0x17, 0x3b, 0x98, 0x8d, 0x96,
502 0xd9, 0x56, 0x1c, 0x48, 0x5f, 0xd4, 0x32, 0x3d, 0x41, 0x94, 0x54, 0x7b, 0xa8, 0x44, 0xfd, 0x99, 0x9e, 0xbb, 0x22, 0x6d,
503 0x36, 0x57, 0x86, 0x19, 0xc5, 0x09, 0x73, 0x5e, 0x4a, 0xb7, 0x99, 0x2c, 0x51, 0x9d, 0xf3, 0x0e, 0x40, 0x82, 0x9a, 0xc3,
504 0x5e, 0x00, 0x85, 0xf1, 0xa1, 0xe0, 0xe7, 0xf2, 0xcd, 0x7d, 0x6a, 0x3a, 0x10, 0x42, 0x1d, 0x95, 0xb1, 0xc5, 0x9e, 0x76,
505 0x2a, 0x22, 0x00, 0x48, 0x52, 0x07, 0xc7, 0x49, 0xab, 0xa1, 0xd5, 0xa6, 0xe2, 0xc5, 0x51, 0x47, 0x31, 0x80, 0x37, 0xbd,
506 0xb6, 0x91, 0xab, 0xa3, 0x9c, 0xee, 0x9c, 0x1e, 0x69, 0xc7, 0x15, 0x29, 0xf5, 0x8f, 0x12, 0x4f, 0xf4, 0x99, 0xaf, 0x58,
507 0x68, 0x5b, 0x2e, 0x0d, 0x99, 0x25, 0x13, 0xc1, 0xe4, 0xe7, 0x7f, 0x58, 0x16, 0xaa, 0x02, 0xf1, 0xce, 0xde, 0x90, 0x33,
508 0x80, 0x5b, 0xb3, 0xdb, 0xb6, 0x6b, 0xda, 0x77, 0x4b, 0x45, 0xff, 0x73, 0x27, 0x02, 0x79, 0xb3, 0x01, 0xe9, 0x11, 0x64,
509 0x0b, 0x93, 0x17, 0xd5, 0x71, 0x23, 0xdb, 0x2d, 0xbd, 0x06, 0xb5, 0x8a, 0x1e, 0xfd, 0x13, 0xe4, 0x0c, 0xfb, 0x5f, 0xd5,
510 0x68, 0x04, 0xd7, 0xd2, 0xeb, 0x63, 0xc2, 0x2f, 0x7d, 0xfe, 0x9b, 0x24, 0x92, 0xb7, 0x46, 0xab, 0x0e, 0x7c, 0x15, 0xfa,
511 0x0d, 0x1a, 0xdc, 0x65, 0x99, 0xdb, 0xa1, 0x6f, 0x55, 0x90, 0x76, 0xb5, 0x20, 0x8b, 0x6f, 0x31, 0x62, 0x30, 0x3b, 0x06,
512 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x14, 0x31, 0x2e, 0x1e, 0x2c, 0x00, 0x54, 0x00, 0x65, 0x00, 0x73,
513 0x00, 0x74, 0x00, 0x2d, 0x00, 0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6e, 0x00, 0x4f, 0x00, 0x6e, 0x00, 0x6c, 0x00, 0x79,
514 0x00, 0x20, 0x00, 0x28, 0x00, 0x53, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x49, 0x00, 0x4d, 0x00, 0x45, 0x00, 0x29, 0x30, 0x23,
515 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x60, 0x94, 0x0b, 0x09, 0xd9,
516 0x9c, 0x09, 0x22, 0xc2, 0x15, 0x0e, 0xf8, 0x47, 0x4c, 0x8f, 0xbe, 0xaa, 0x65, 0x51, 0x76, 0x30, 0x30, 0x30, 0x21, 0x30,
517 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x76, 0xa4, 0x2d, 0xf1, 0x67, 0x61, 0x56, 0x63,
518 0xd0, 0x39, 0x34, 0xe3, 0xb4, 0x1c, 0x96, 0xa3, 0xc0, 0x5a, 0xf7, 0xff, 0x04, 0x08, 0x06, 0xe1, 0x19, 0x07, 0xbf, 0xf2,
519 0xb9, 0xbf, 0x02, 0x01, 0x01
520 };
521 unsigned int test_sign_only_smime_p12_len = 2785;
522
523
524 /* Test SSL User identity (PKCS12 data), expires in 2026
525 */
526 unsigned char Test_ssl_user_p12[] = {
527 0x30, 0x82, 0x0a, 0x83, 0x02, 0x01, 0x03, 0x30, 0x82, 0x0a, 0x4a, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
528 0x07, 0x01, 0xa0, 0x82, 0x0a, 0x3b, 0x04, 0x82, 0x0a, 0x37, 0x30, 0x82, 0x0a, 0x33, 0x30, 0x82, 0x04, 0xbf, 0x06, 0x09,
529 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06, 0xa0, 0x82, 0x04, 0xb0, 0x30, 0x82, 0x04, 0xac, 0x02, 0x01, 0x00,
530 0x30, 0x82, 0x04, 0xa5, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a,
531 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x06, 0x30, 0x0e, 0x04, 0x08, 0xe2, 0xcf, 0xcc, 0x9d, 0x17, 0xcd, 0x62,
532 0xa4, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x04, 0x78, 0xe0, 0x0c, 0xd8, 0xf5, 0x7c, 0xf7, 0x2f, 0x1e, 0xbf, 0x95, 0x6b,
533 0xc1, 0x43, 0x35, 0x3e, 0x8d, 0xdf, 0x65, 0x9b, 0xd8, 0xa0, 0xb2, 0x86, 0xec, 0x38, 0x39, 0x04, 0x72, 0x39, 0x3b, 0xf1,
534 0x5c, 0x1d, 0x1c, 0xac, 0xe6, 0x67, 0xea, 0xce, 0xb2, 0x15, 0xe5, 0xd4, 0xee, 0xe8, 0xf1, 0xad, 0x45, 0x75, 0x6a, 0x07,
535 0xbd, 0xe5, 0x2b, 0x55, 0x89, 0x24, 0xed, 0x65, 0xc7, 0x8e, 0x50, 0xf8, 0x38, 0xef, 0x9c, 0x79, 0x1b, 0xb7, 0xb5, 0x34,
536 0x32, 0x36, 0xa9, 0x1a, 0x65, 0x0f, 0xc4, 0x22, 0x9c, 0x9f, 0xd8, 0x70, 0xe9, 0x8e, 0x59, 0x88, 0x95, 0x86, 0xb0, 0x2c,
537 0xb2, 0xc5, 0x4d, 0x5a, 0x3d, 0x6a, 0xbf, 0x1a, 0x3a, 0x60, 0xbe, 0xde, 0x33, 0xb4, 0x21, 0x86, 0x8b, 0x02, 0x38, 0xf4,
538 0x77, 0x7e, 0x40, 0x9f, 0x0c, 0x55, 0xed, 0x76, 0xfd, 0x60, 0x70, 0x94, 0x3e, 0xf9, 0x01, 0x42, 0xa7, 0x84, 0x0f, 0xfd,
539 0xc0, 0x93, 0x4e, 0xe2, 0x78, 0x13, 0x5d, 0x56, 0x1a, 0x76, 0xf0, 0x99, 0x34, 0x92, 0x0c, 0x3f, 0x19, 0x81, 0x5c, 0x0a,
540 0x6b, 0xcc, 0x19, 0x65, 0x06, 0x88, 0xc9, 0x9c, 0x76, 0xaa, 0xa2, 0x0c, 0x5c, 0x4a, 0x38, 0xcf, 0x6d, 0x79, 0xf6, 0xde,
541 0x39, 0x7a, 0xc9, 0xe6, 0x6c, 0x42, 0xfe, 0xaa, 0xc4, 0xc0, 0x62, 0xa3, 0xda, 0xe1, 0x08, 0x86, 0x79, 0x2d, 0x80, 0x6a,
542 0x5f, 0xa9, 0x79, 0x43, 0xfe, 0xfc, 0xed, 0x08, 0xb3, 0x80, 0x91, 0xa6, 0xe7, 0x9a, 0xc8, 0x77, 0xc7, 0x4c, 0x7e, 0x6a,
543 0x79, 0x76, 0x9f, 0x28, 0x0f, 0x24, 0xd2, 0xee, 0x5e, 0x4f, 0x76, 0xe8, 0xa9, 0xd3, 0x1a, 0xf1, 0xe4, 0x0d, 0xb8, 0x26,
544 0x95, 0x63, 0xd3, 0x59, 0xfb, 0x03, 0x08, 0xea, 0x59, 0x4e, 0xe2, 0x6d, 0x74, 0x47, 0xa2, 0x8b, 0x1c, 0x21, 0x9f, 0x1c,
545 0x68, 0x54, 0x76, 0x78, 0x8a, 0xfa, 0xa3, 0x65, 0x87, 0xd4, 0x6c, 0x16, 0x38, 0xaa, 0xc9, 0x11, 0x58, 0x25, 0x05, 0xba,
546 0x68, 0x92, 0xd8, 0x06, 0x85, 0x19, 0x1e, 0xcc, 0xdb, 0x07, 0x27, 0xa8, 0xe9, 0xec, 0xfb, 0xb9, 0xbd, 0x5e, 0x67, 0x22,
547 0xae, 0xcd, 0xbd, 0xe6, 0xdc, 0x8d, 0x5a, 0xf2, 0x3c, 0xf4, 0x06, 0xa6, 0x0e, 0x98, 0xfc, 0xec, 0x64, 0x05, 0xb8, 0xa5,
548 0xfe, 0x5b, 0x27, 0x41, 0x90, 0xe4, 0x2c, 0x93, 0x38, 0xec, 0xc6, 0xa2, 0x08, 0xe4, 0xab, 0xb2, 0xb5, 0x7b, 0xa6, 0xe0,
549 0x89, 0x97, 0xb6, 0xc0, 0xd4, 0xa8, 0x1f, 0xcb, 0xf4, 0xc6, 0x59, 0xcd, 0xaa, 0x99, 0x40, 0xc6, 0x41, 0x18, 0x3a, 0x95,
550 0x3a, 0x71, 0x06, 0x5c, 0x0d, 0x4c, 0xdf, 0xc2, 0x37, 0x37, 0x78, 0x33, 0x5d, 0x35, 0x7c, 0x0e, 0x33, 0x7c, 0xfd, 0x97,
551 0x18, 0x07, 0xad, 0x54, 0xf0, 0x83, 0xed, 0x20, 0x6c, 0x8a, 0x28, 0x48, 0x29, 0x5c, 0x2c, 0x61, 0x25, 0x87, 0x0b, 0xfc,
552 0x96, 0x8a, 0x51, 0x74, 0x8d, 0x21, 0x0b, 0x6d, 0x6a, 0x88, 0x6c, 0xa5, 0xc0, 0xd7, 0x9a, 0xe7, 0x16, 0x49, 0x66, 0xbf,
553 0xb3, 0x96, 0x73, 0x4d, 0x61, 0x9e, 0x7f, 0x3b, 0x6d, 0x37, 0x5d, 0x31, 0x3f, 0x00, 0x5c, 0x92, 0x20, 0x6e, 0xab, 0x25,
554 0xb3, 0xe9, 0x7a, 0xba, 0xeb, 0xaa, 0x9e, 0xb4, 0xdb, 0xf5, 0x85, 0x51, 0x71, 0xed, 0x5e, 0x4d, 0x04, 0xdc, 0x4d, 0x5d,
555 0x0d, 0x24, 0x74, 0xa4, 0xaf, 0x30, 0x3f, 0x82, 0x0c, 0xe3, 0xfa, 0x21, 0x82, 0x25, 0x29, 0xda, 0x0f, 0x4b, 0x2e, 0x1c,
556 0xb2, 0x06, 0xe7, 0x36, 0x56, 0xb7, 0x4c, 0xf6, 0x37, 0x2c, 0x80, 0xa3, 0x21, 0xdc, 0x3b, 0xa5, 0xed, 0x24, 0x0e, 0x69,
557 0x15, 0xc2, 0x96, 0x0b, 0xa2, 0x72, 0x7a, 0xa4, 0xf8, 0xab, 0x6b, 0xa4, 0xa5, 0x7e, 0x6e, 0x3a, 0xf3, 0x4d, 0x92, 0xba,
558 0x90, 0xf0, 0x9d, 0x20, 0x9f, 0xf4, 0x5c, 0xf6, 0x44, 0x74, 0x6a, 0xc3, 0xc4, 0xed, 0x6d, 0x95, 0x81, 0x53, 0x60, 0xb4,
559 0x80, 0xf4, 0xd3, 0x5f, 0xad, 0xb6, 0x57, 0x9c, 0xb7, 0x59, 0xcc, 0x51, 0x54, 0x5f, 0x67, 0x32, 0x69, 0x63, 0x80, 0x77,
560 0x03, 0x23, 0x07, 0x4f, 0xff, 0x27, 0xd4, 0x52, 0xce, 0xac, 0xba, 0xd5, 0x8d, 0xab, 0xf8, 0xc9, 0x48, 0x01, 0xf7, 0xea,
561 0xf7, 0x76, 0x2e, 0xbc, 0xdd, 0x7b, 0x7f, 0x60, 0x12, 0x72, 0x4f, 0x04, 0x0e, 0x93, 0x5e, 0x7e, 0x15, 0x09, 0x2b, 0xa1,
562 0x2c, 0xa5, 0x9d, 0x36, 0xd4, 0xbf, 0x5c, 0xb1, 0x19, 0xd4, 0x0e, 0x00, 0x0e, 0x05, 0x7a, 0x84, 0xb0, 0xba, 0xe9, 0x8e,
563 0x15, 0x0a, 0xad, 0x4d, 0x8d, 0x1e, 0xff, 0x10, 0x01, 0x43, 0xbf, 0xa9, 0xbf, 0x3b, 0xdf, 0x86, 0x6b, 0xef, 0x86, 0x63,
564 0xfa, 0x9e, 0x28, 0xda, 0xb7, 0x03, 0x2b, 0x0b, 0xce, 0x12, 0x5f, 0xd8, 0x42, 0xfc, 0x4f, 0x63, 0x93, 0xbe, 0xef, 0x11,
565 0x73, 0xd4, 0xc0, 0xbc, 0x23, 0xc2, 0x99, 0xbc, 0x29, 0xe1, 0xd7, 0x4d, 0xc2, 0xe8, 0x3e, 0xb0, 0xaa, 0x96, 0xed, 0xf8,
566 0x48, 0x20, 0x3d, 0xa6, 0xed, 0xc6, 0xa2, 0x8f, 0x89, 0x45, 0x70, 0xbf, 0xf7, 0xee, 0x6f, 0x2a, 0xd1, 0x93, 0xce, 0xad,
567 0x55, 0xfe, 0xe9, 0xa8, 0xfc, 0x94, 0x24, 0x91, 0x98, 0x0a, 0xac, 0x90, 0xa6, 0xa7, 0x27, 0x05, 0x55, 0xb3, 0x3e, 0xa7,
568 0x08, 0xb0, 0x4b, 0x31, 0xb5, 0xe8, 0x9f, 0x67, 0x74, 0x73, 0x3c, 0x42, 0x84, 0x67, 0x84, 0x97, 0x95, 0x33, 0x00, 0xfe,
569 0x69, 0x61, 0x52, 0x05, 0x4c, 0x8b, 0x65, 0x8e, 0x00, 0xf8, 0xd8, 0xe3, 0x40, 0x66, 0x04, 0x06, 0x09, 0x05, 0x93, 0x49,
570 0x18, 0xa5, 0x41, 0x6f, 0xc3, 0x28, 0xaf, 0x30, 0xaf, 0x43, 0xaa, 0x74, 0x73, 0x9f, 0xdc, 0x58, 0x83, 0xe9, 0x42, 0xa8,
571 0x16, 0xdd, 0xce, 0xf9, 0xbe, 0xe9, 0x33, 0xf8, 0xbf, 0x51, 0x08, 0x25, 0xdf, 0x7a, 0xbe, 0x00, 0x8a, 0xd6, 0x82, 0xf3,
572 0xdb, 0xd0, 0x21, 0x48, 0x5c, 0xd5, 0xea, 0x86, 0xd7, 0xff, 0xe0, 0x2f, 0x93, 0xfc, 0x3e, 0xc8, 0xdd, 0xb8, 0x3e, 0x79,
573 0xd4, 0x22, 0xa3, 0xaa, 0xeb, 0x47, 0xec, 0xaf, 0xd8, 0xf1, 0xa8, 0x71, 0x7e, 0xae, 0x85, 0xff, 0xe1, 0x98, 0x7f, 0x59,
574 0x88, 0x1d, 0xaa, 0x11, 0x89, 0xbe, 0x6e, 0x4e, 0xdc, 0x77, 0xf4, 0xe1, 0x14, 0xcc, 0x1c, 0xd4, 0x8a, 0xc3, 0x0c, 0xff,
575 0xb9, 0x12, 0xc1, 0xf3, 0xb6, 0xcc, 0xa2, 0x01, 0x49, 0xad, 0x59, 0x47, 0x17, 0x4a, 0x1a, 0x90, 0xd0, 0x77, 0x77, 0x3e,
576 0xad, 0xdd, 0x58, 0x08, 0x40, 0x92, 0xb6, 0xcf, 0x84, 0x64, 0x72, 0x84, 0x8d, 0x98, 0x9f, 0x64, 0x28, 0x45, 0x1a, 0xb0,
577 0x88, 0x08, 0xaa, 0x7b, 0x11, 0x15, 0x08, 0xc3, 0x56, 0xa5, 0x0d, 0x7e, 0x04, 0x37, 0xe0, 0x62, 0xbb, 0x34, 0xe9, 0x84,
578 0xb2, 0xd0, 0x1a, 0xec, 0xa9, 0x74, 0x9b, 0xf1, 0x0e, 0x30, 0x84, 0xb0, 0x62, 0x17, 0x92, 0x31, 0x0c, 0x11, 0x9e, 0xa0,
579 0xa7, 0x48, 0x9a, 0xd7, 0xa4, 0x29, 0x05, 0xea, 0xf4, 0x11, 0x21, 0xdd, 0x8e, 0x9b, 0x79, 0x4a, 0x9b, 0x5c, 0xeb, 0x8b,
580 0x55, 0x0b, 0x0d, 0x0d, 0x7e, 0xe0, 0x79, 0x2f, 0x03, 0x52, 0xec, 0x4c, 0x63, 0xa0, 0xa8, 0xc2, 0x66, 0x63, 0xda, 0x18,
581 0xad, 0x93, 0xde, 0xb3, 0xb1, 0xe8, 0x08, 0xf8, 0x98, 0x5d, 0x19, 0x40, 0xae, 0xcd, 0x3e, 0xcd, 0x82, 0x09, 0x0c, 0x05,
582 0x5b, 0x84, 0x77, 0xd4, 0xf8, 0x1b, 0x53, 0xa6, 0xf0, 0x93, 0x85, 0x9c, 0x79, 0x43, 0x71, 0x4c, 0x8f, 0x66, 0x05, 0x7f,
583 0xc4, 0x20, 0x95, 0xfe, 0x1b, 0xd6, 0xf4, 0x2d, 0x4d, 0x42, 0xc6, 0x7f, 0x69, 0x69, 0x1e, 0xad, 0xf5, 0x26, 0xdf, 0x85,
584 0x26, 0xed, 0xf3, 0xe1, 0x5c, 0x1a, 0x86, 0x03, 0xbe, 0xd8, 0x96, 0x77, 0x52, 0xd5, 0x4a, 0xb4, 0xf5, 0xfc, 0x0a, 0xb0,
585 0xee, 0xb5, 0x21, 0x8c, 0xa4, 0x56, 0xf9, 0xf9, 0x05, 0x27, 0x49, 0x2d, 0x5d, 0x11, 0xac, 0xa5, 0x33, 0xe6, 0x55, 0x73,
586 0x54, 0xb9, 0xd1, 0x2a, 0xf8, 0x9a, 0x1d, 0xd3, 0x30, 0x90, 0x41, 0x3f, 0x0c, 0xf1, 0x0c, 0xa9, 0xae, 0xd0, 0x4d, 0xec,
587 0x66, 0x66, 0xc8, 0xb5, 0x57, 0xbc, 0xf4, 0xc0, 0xeb, 0x23, 0xb9, 0xc8, 0x8b, 0x43, 0x70, 0x96, 0x2e, 0x20, 0x14, 0x3a,
588 0x70, 0x3a, 0xf7, 0x83, 0xa9, 0x7b, 0x80, 0x6d, 0xc4, 0x76, 0xa5, 0x83, 0xf0, 0x55, 0xa0, 0x78, 0xc4, 0x7f, 0xc4, 0xae,
589 0xf0, 0xa9, 0x65, 0x5c, 0xd5, 0xda, 0xe1, 0xe1, 0x90, 0xb8, 0xa6, 0x07, 0x2e, 0x30, 0x82, 0x05, 0x6c, 0x06, 0x09, 0x2a,
590 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x05, 0x5d, 0x04, 0x82, 0x05, 0x59, 0x30, 0x82, 0x05, 0x55,
591 0x30, 0x82, 0x05, 0x51, 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04,
592 0xee, 0x30, 0x82, 0x04, 0xea, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30,
593 0x0e, 0x04, 0x08, 0x33, 0x8e, 0xe4, 0x7e, 0x74, 0x9d, 0xf7, 0xfa, 0x02, 0x02, 0x08, 0x00, 0x04, 0x82, 0x04, 0xc8, 0x10,
594 0x10, 0x9b, 0xe5, 0xa8, 0xe1, 0x82, 0x43, 0x54, 0xc5, 0xda, 0xfb, 0x4b, 0x57, 0x45, 0xd3, 0x38, 0xfe, 0x8f, 0x95, 0xf7,
595 0x86, 0x7f, 0x50, 0x15, 0x3a, 0x1a, 0xee, 0xcf, 0x8a, 0xa4, 0x67, 0x2a, 0x62, 0x1e, 0x2d, 0x05, 0xab, 0x21, 0x93, 0xdc,
596 0x37, 0xe3, 0xdb, 0x5c, 0xb9, 0x86, 0x7c, 0x78, 0xab, 0x62, 0x1a, 0xea, 0x7d, 0x51, 0x01, 0x72, 0x3f, 0xcd, 0x40, 0x0b,
597 0x97, 0xae, 0x89, 0xe3, 0x97, 0x81, 0x0e, 0x1f, 0x27, 0x36, 0x46, 0x7b, 0x17, 0xd3, 0xe3, 0x93, 0x8c, 0xde, 0xc3, 0xf1,
598 0x05, 0x0f, 0x0c, 0x40, 0x45, 0x53, 0xe9, 0xf5, 0xa9, 0x42, 0xc9, 0x22, 0x8e, 0xa5, 0xd0, 0x3b, 0xbe, 0xf0, 0x1e, 0x39,
599 0x11, 0xc5, 0xf7, 0x19, 0x27, 0x65, 0x56, 0xb4, 0x4d, 0xe8, 0xee, 0xd3, 0x81, 0x21, 0xb4, 0x43, 0x9d, 0x82, 0x24, 0x03,
600 0x81, 0x06, 0xc5, 0xe2, 0x9c, 0x4e, 0x10, 0x4c, 0x5d, 0xda, 0x1a, 0xc0, 0x8b, 0x54, 0x42, 0x3f, 0x6a, 0x9c, 0x9e, 0xad,
601 0xfd, 0xce, 0x62, 0x30, 0xb9, 0xaf, 0x99, 0xc8, 0xea, 0xd7, 0x3c, 0x8d, 0x81, 0x9a, 0xa4, 0x13, 0x11, 0x56, 0x6a, 0x99,
602 0x18, 0x40, 0x95, 0x65, 0x61, 0x54, 0x94, 0x91, 0x69, 0x37, 0x99, 0xa5, 0xd1, 0xce, 0x76, 0x3d, 0x63, 0x52, 0xb9, 0x8a,
603 0x4e, 0xcb, 0x21, 0x8f, 0x6b, 0xe3, 0xe1, 0x2a, 0x6d, 0xdc, 0x58, 0xf7, 0x1b, 0x9b, 0x9b, 0xa1, 0x6a, 0xe4, 0x60, 0xc6,
604 0x6b, 0x55, 0x35, 0x8c, 0x90, 0xfe, 0x12, 0xe2, 0x4a, 0xd3, 0x5d, 0x55, 0xd1, 0x19, 0x47, 0xcd, 0x3a, 0x74, 0xfb, 0xc8,
605 0xfe, 0xb1, 0x82, 0xe9, 0x50, 0xb9, 0x80, 0x77, 0x4a, 0x18, 0xc5, 0xe0, 0x3d, 0x45, 0xe8, 0xf7, 0xd3, 0x96, 0x0f, 0x88,
606 0x09, 0xf0, 0x49, 0xe7, 0xcf, 0x44, 0xfd, 0xe8, 0x33, 0x22, 0x98, 0x7f, 0x06, 0x1b, 0xf7, 0x54, 0xf6, 0xd1, 0xd1, 0x05,
607 0xa8, 0x17, 0x94, 0x41, 0xbf, 0x2b, 0x80, 0xca, 0x41, 0xc5, 0xdc, 0xeb, 0xee, 0x1b, 0xad, 0xbe, 0xae, 0xcf, 0x67, 0x9b,
608 0xfb, 0x88, 0x3d, 0xc0, 0x70, 0xb2, 0xbe, 0x16, 0x7c, 0x35, 0xa9, 0xc5, 0xdc, 0xa0, 0x2d, 0x0a, 0x59, 0x9a, 0x59, 0x51,
609 0x76, 0x35, 0x85, 0x8f, 0xc7, 0xf7, 0x56, 0x0c, 0xdc, 0xc6, 0xe4, 0x6a, 0xe8, 0x26, 0x6f, 0xd4, 0x4e, 0x0a, 0xa5, 0x99,
610 0x3b, 0xcc, 0x0a, 0xa3, 0x44, 0x24, 0x31, 0x28, 0x4f, 0x84, 0xeb, 0x5b, 0x00, 0xf4, 0xa2, 0xf0, 0xdd, 0xfe, 0xe0, 0x57,
611 0x5a, 0x9a, 0xc0, 0x64, 0x9f, 0x9c, 0x5e, 0xf8, 0x42, 0x74, 0x54, 0xe8, 0xc4, 0x3b, 0x70, 0xe3, 0xd3, 0x08, 0x9e, 0x13,
612 0xbd, 0xeb, 0x5f, 0x01, 0xe6, 0x08, 0xb8, 0x6a, 0xae, 0xe8, 0xe3, 0x9a, 0x89, 0x29, 0xb8, 0x2d, 0xb3, 0x29, 0x19, 0xee,
613 0x6e, 0x3d, 0x66, 0xa1, 0x04, 0xbb, 0x17, 0xe1, 0x5b, 0xb7, 0xaa, 0x87, 0x76, 0xe5, 0x88, 0x6c, 0x24, 0x26, 0xdf, 0x69,
614 0x6b, 0x40, 0xd6, 0x42, 0x13, 0xc4, 0x0a, 0x09, 0xfb, 0x92, 0x41, 0x34, 0x85, 0x6a, 0xd9, 0xb2, 0xa6, 0x3b, 0xb2, 0xbd,
615 0xae, 0x50, 0x9a, 0x1a, 0xc4, 0xe1, 0xd7, 0x86, 0x3c, 0xb9, 0xf5, 0x5f, 0x99, 0x2a, 0x2a, 0xfb, 0x64, 0x2e, 0x33, 0xb2,
616 0x2b, 0xb5, 0x0b, 0x87, 0x19, 0x7f, 0xc1, 0xfa, 0xa3, 0x0f, 0x8c, 0xff, 0xda, 0x64, 0x48, 0xa7, 0xe8, 0x85, 0x10, 0x2a,
617 0x61, 0x1d, 0x59, 0xf8, 0x1b, 0x46, 0x8a, 0x7a, 0xa2, 0x44, 0x90, 0xd9, 0x1d, 0xe6, 0xe7, 0x69, 0x53, 0x1c, 0xd6, 0x02,
618 0x27, 0x2c, 0x86, 0xed, 0xbc, 0xe8, 0xf8, 0xb9, 0xbd, 0x8c, 0xd4, 0x12, 0xf0, 0xb9, 0x66, 0x61, 0xf8, 0xda, 0x7c, 0x7c,
619 0xb6, 0x72, 0xa4, 0xd6, 0xd8, 0x84, 0x0b, 0x06, 0x85, 0x25, 0x5e, 0xf8, 0x4d, 0xad, 0xcc, 0x60, 0x00, 0x61, 0xf0, 0xf0,
620 0x38, 0x65, 0xe5, 0x4e, 0xfc, 0xd3, 0x8b, 0x3e, 0xae, 0xf1, 0x29, 0x2e, 0x9f, 0xb1, 0x59, 0x0c, 0x65, 0x03, 0x2e, 0x1f,
621 0x95, 0xd8, 0x07, 0x19, 0x3d, 0x85, 0x27, 0xfa, 0xc5, 0x35, 0xec, 0x69, 0xda, 0x2f, 0x9e, 0x40, 0xa7, 0x5c, 0x0b, 0xed,
622 0xac, 0xc4, 0x99, 0xa3, 0x63, 0xef, 0x73, 0x24, 0x9c, 0x43, 0x1c, 0x45, 0x36, 0xb9, 0x33, 0xf4, 0x2e, 0xbd, 0x7e, 0xb6,
623 0xf0, 0xd1, 0xf6, 0x86, 0xf4, 0x2c, 0x1d, 0xc2, 0xc6, 0x62, 0xcf, 0x6d, 0x70, 0x89, 0x9f, 0x36, 0x26, 0xbe, 0xa3, 0x4b,
624 0x23, 0x00, 0xbc, 0x62, 0x85, 0x35, 0xa4, 0x25, 0x23, 0xae, 0x60, 0x82, 0x02, 0x25, 0xfd, 0x5b, 0x6a, 0xa1, 0x6b, 0x1b,
625 0xcf, 0x42, 0x40, 0xca, 0xee, 0x95, 0x08, 0xd4, 0x5b, 0xa7, 0xc8, 0x29, 0x0b, 0xea, 0xe3, 0x19, 0xb4, 0x85, 0xb7, 0x0d,
626 0xcf, 0x3a, 0x0f, 0x51, 0x15, 0x84, 0x4a, 0x1d, 0xad, 0x7f, 0xd0, 0x41, 0x93, 0x10, 0x31, 0xb1, 0x54, 0xfb, 0x19, 0xad,
627 0x96, 0x09, 0xb8, 0x65, 0x3f, 0xe2, 0x57, 0x40, 0xb5, 0x0c, 0xc9, 0x89, 0x52, 0x56, 0x10, 0xda, 0xe0, 0x10, 0x18, 0x91,
628 0xbb, 0xe2, 0xe3, 0x2c, 0x8e, 0xd7, 0x43, 0x7a, 0xdc, 0xbb, 0x76, 0x67, 0x25, 0x9c, 0x81, 0xec, 0x59, 0x7c, 0xdc, 0xea,
629 0x02, 0x29, 0x80, 0xdf, 0x20, 0xaf, 0xba, 0x26, 0xe1, 0x49, 0xcf, 0x7e, 0x69, 0x36, 0x77, 0xad, 0x0b, 0xcc, 0x7d, 0x10,
630 0x3f, 0x31, 0x60, 0x0e, 0x17, 0x36, 0x8c, 0xbd, 0x4d, 0x80, 0xe8, 0xe7, 0x7a, 0x7a, 0x1e, 0x17, 0x77, 0x79, 0x9a, 0x1f,
631 0xd7, 0x2f, 0x76, 0xf2, 0x4a, 0x52, 0xd9, 0x9f, 0x02, 0x2c, 0xc7, 0xd5, 0x0f, 0x05, 0x8b, 0x59, 0xd9, 0x13, 0xdc, 0x57,
632 0xbb, 0x56, 0xd0, 0xc4, 0x13, 0xac, 0x34, 0x05, 0x19, 0x92, 0xb6, 0x18, 0x12, 0x26, 0xe1, 0xe6, 0xe9, 0x8d, 0x6a, 0xad,
633 0x83, 0x95, 0xcf, 0x7f, 0x91, 0xad, 0xe3, 0x9f, 0x15, 0x05, 0x95, 0x96, 0x8d, 0x80, 0xc3, 0x13, 0x09, 0xac, 0xa4, 0xd9,
634 0xfe, 0xb1, 0xb3, 0x9d, 0x94, 0x49, 0xb9, 0x2d, 0x84, 0x64, 0x4d, 0x75, 0xb8, 0x58, 0x75, 0xec, 0x30, 0x0a, 0xf7, 0x96,
635 0xf3, 0xc8, 0x19, 0xa8, 0xbd, 0x62, 0x14, 0x00, 0xb4, 0x26, 0x35, 0x3f, 0x78, 0x43, 0xb1, 0xab, 0x8f, 0xab, 0xa1, 0xf3,
636 0x43, 0x87, 0xb3, 0x88, 0x1f, 0xc1, 0x89, 0x6c, 0xcf, 0x1f, 0x38, 0x1c, 0xe0, 0x68, 0xcc, 0x93, 0x46, 0x8c, 0xde, 0x4c,
637 0x2c, 0x27, 0x6d, 0xb6, 0x91, 0xa8, 0xc5, 0xee, 0xf7, 0x47, 0x17, 0x5a, 0x11, 0xb2, 0x3a, 0xbc, 0x35, 0xee, 0x05, 0xc3,
638 0x17, 0x63, 0x69, 0x77, 0xbd, 0x43, 0x80, 0x71, 0xe9, 0xd6, 0x8c, 0xdd, 0xef, 0x0a, 0xf8, 0x59, 0x1d, 0x61, 0xd6, 0x19,
639 0x64, 0x71, 0xe7, 0x3c, 0x36, 0xd8, 0x07, 0x5d, 0x6c, 0x0f, 0x28, 0x99, 0xa6, 0x9e, 0x01, 0x1b, 0x4c, 0x9a, 0x5f, 0xde,
640 0x96, 0xb0, 0x61, 0x0a, 0x9c, 0xeb, 0x2a, 0x29, 0x09, 0x1b, 0xaa, 0x62, 0x75, 0x5e, 0xd5, 0x9f, 0xe1, 0x12, 0x69, 0xa2,
641 0x1d, 0xbd, 0x97, 0x10, 0xdd, 0x62, 0xf9, 0x27, 0x47, 0xf2, 0x64, 0x12, 0xce, 0x95, 0xc0, 0xdc, 0xd6, 0x92, 0x48, 0xb4,
642 0xb2, 0x18, 0x78, 0x2e, 0xaf, 0xb0, 0xd7, 0x48, 0x98, 0x29, 0x1b, 0xb9, 0x50, 0xf7, 0x95, 0x26, 0x53, 0xc4, 0xd6, 0x6f,
643 0x26, 0x5f, 0x95, 0x9f, 0x51, 0xf3, 0x96, 0xbc, 0xca, 0xff, 0x0d, 0x8a, 0x69, 0xa5, 0xb0, 0x82, 0x02, 0x3e, 0x77, 0xb7,
644 0x87, 0xea, 0x2a, 0xc0, 0x2e, 0xc7, 0xb6, 0x2c, 0x06, 0x19, 0x8f, 0x84, 0x46, 0xd6, 0x58, 0xf2, 0xb8, 0x8a, 0xdb, 0xd2,
645 0x72, 0xe0, 0xc1, 0xa7, 0xb5, 0xb0, 0xb0, 0x2b, 0x83, 0xbb, 0x3b, 0x85, 0x3d, 0xcc, 0xc2, 0x89, 0x77, 0x65, 0x8d, 0x3c,
646 0x03, 0xbe, 0x84, 0x78, 0xf7, 0x2a, 0x32, 0x9c, 0x02, 0x23, 0x7b, 0x25, 0x42, 0xec, 0x4f, 0x29, 0x77, 0x79, 0xc1, 0x48,
647 0x46, 0xde, 0x76, 0xdb, 0x23, 0x9b, 0x5a, 0xee, 0xc7, 0xd1, 0x40, 0x73, 0x39, 0xa5, 0x23, 0x41, 0x66, 0x4c, 0x24, 0x1f,
648 0xaa, 0xd8, 0xc7, 0x3c, 0xc4, 0xd5, 0xd7, 0x3b, 0x2d, 0x00, 0x1c, 0x49, 0x17, 0x7a, 0xb5, 0x90, 0x6c, 0x6b, 0x43, 0x2f,
649 0x61, 0x6b, 0x8a, 0xdc, 0xb9, 0x58, 0xa8, 0x92, 0x49, 0x3e, 0xe9, 0x32, 0xc9, 0x3c, 0x4e, 0xeb, 0x2e, 0x15, 0xb8, 0x78,
650 0x9f, 0x30, 0x05, 0xd7, 0x4d, 0x71, 0xe8, 0xd0, 0x98, 0x7c, 0xe5, 0x3b, 0xc7, 0x65, 0x27, 0x5b, 0x16, 0x35, 0x77, 0xfc,
651 0x97, 0xf8, 0x1a, 0x07, 0xc2, 0x50, 0x67, 0x71, 0x7d, 0xd4, 0xd6, 0x55, 0x83, 0x8b, 0x15, 0xb1, 0xac, 0xba, 0xba, 0x8c,
652 0x73, 0x6e, 0x58, 0xf9, 0x1a, 0x3a, 0x1b, 0xc0, 0xe5, 0x90, 0x5a, 0xae, 0x96, 0xeb, 0x05, 0xe1, 0x37, 0xaa, 0xeb, 0x0c,
653 0xb9, 0xf2, 0xd4, 0x24, 0x82, 0x70, 0x64, 0x7a, 0x9b, 0x13, 0x27, 0xab, 0xb9, 0x18, 0xc8, 0xc7, 0xa3, 0x36, 0x5c, 0x7d,
654 0xff, 0xb8, 0xde, 0xbb, 0x9b, 0xc8, 0x78, 0xdf, 0xc8, 0x99, 0x39, 0x9e, 0xce, 0x1b, 0xe0, 0x09, 0x53, 0x00, 0x7d, 0xad,
655 0x86, 0x87, 0x8a, 0x31, 0x50, 0x30, 0x29, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x14, 0x31, 0x1c,
656 0x1e, 0x1a, 0x00, 0x54, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x20, 0x00, 0x53, 0x00, 0x53, 0x00, 0x4c, 0x00, 0x20,
657 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
658 0x15, 0x31, 0x16, 0x04, 0x14, 0xa6, 0x63, 0xd5, 0xb2, 0xb4, 0x24, 0x91, 0x4c, 0x75, 0xa8, 0x11, 0x34, 0xd7, 0x7f, 0xb0,
659 0xa3, 0x55, 0xd4, 0xfd, 0x9a, 0x30, 0x30, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00,
660 0x04, 0x14, 0x2f, 0xc5, 0x73, 0xe2, 0xe4, 0xb4, 0x77, 0xfb, 0xb5, 0x49, 0x80, 0xcf, 0x13, 0xbe, 0x63, 0x7e, 0xaf, 0xdc,
661 0x2b, 0xae, 0x04, 0x08, 0xdc, 0x37, 0x8d, 0x3f, 0x8d, 0xc5, 0x94, 0x54, 0x02, 0x01, 0x01
662 };
663 unsigned int Test_ssl_user_p12_len = 2695;
664
665
666 /* Test identity (PKCS12 data), SMIME cert, expired in 2008
667 */
668 unsigned char TestIDSMIME2007_p12[2805] = {
669 0x30,0x82,0x0a,0xf1,0x02,0x01,0x03,0x30,0x82,0x0a,0xb8,0x06,0x09,0x2a,0x86,0x48,
670 0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x82,0x0a,0xa9,0x04,0x82,0x0a,0xa5,0x30,0x82,
671 0x0a,0xa1,0x30,0x82,0x05,0x17,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,
672 0x06,0xa0,0x82,0x05,0x08,0x30,0x82,0x05,0x04,0x02,0x01,0x00,0x30,0x82,0x04,0xfd,
673 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0x30,0x1c,0x06,0x0a,0x2a,
674 0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x01,0x06,0x30,0x0e,0x04,0x08,0x3f,0x0b,0xd9,
675 0x3c,0x80,0x6d,0x5e,0x7b,0x02,0x02,0x08,0x00,0x80,0x82,0x04,0xd0,0x08,0x25,0x32,
676 0xdc,0x7b,0xed,0x8a,0x29,0xf8,0x56,0x84,0x51,0x5c,0x6d,0xe6,0xe6,0x34,0xf8,0x03,
677 0xb3,0x80,0xe2,0xf4,0x0e,0x3f,0x1f,0xad,0x12,0x11,0x27,0x56,0xe8,0x89,0x59,0x90,
678 0x03,0xf0,0xa7,0xc2,0xde,0xd0,0x70,0xbf,0x2c,0xea,0x01,0xe7,0xbd,0xba,0xaf,0xfc,
679 0x07,0x84,0x2f,0xdb,0x65,0xa0,0x7b,0x4b,0x6a,0xab,0xe4,0xbd,0xd0,0xbb,0x31,0xaf,
680 0x90,0x8c,0xa8,0x71,0x10,0x23,0x96,0x67,0x44,0xdd,0x02,0x72,0xd2,0x0f,0xca,0xcb,
681 0x4f,0xc2,0x14,0x04,0xfa,0xde,0x31,0xa5,0x2f,0x97,0xc0,0x2a,0xdd,0xdd,0x91,0x62,
682 0xa7,0xf7,0x9b,0x43,0x57,0x7d,0x4d,0x1c,0xb1,0x92,0xba,0xae,0xa1,0x24,0x6c,0x99,
683 0x81,0x49,0x56,0x46,0x8b,0xea,0x7c,0x16,0x19,0x76,0xf7,0x40,0x06,0x82,0xe2,0x5b,
684 0x3f,0xd8,0x2c,0x87,0x60,0xf7,0xae,0xaa,0xa5,0xba,0x96,0xbf,0x5c,0x86,0x57,0x81,
685 0x8d,0xbf,0x6c,0xe1,0xd1,0xb9,0x20,0x93,0x27,0xfc,0xe6,0x35,0x80,0xaa,0xfb,0xe6,
686 0x4b,0xfd,0x4f,0xa4,0x06,0x05,0x46,0x85,0x66,0x15,0xfb,0x83,0x2b,0x42,0x26,0x98,
687 0xc8,0x69,0x24,0xa1,0x71,0xb4,0x56,0x38,0x3d,0x5e,0xc2,0x13,0x34,0xab,0x2f,0xb1,
688 0x33,0x6e,0xf0,0x07,0x80,0xdd,0x0e,0x6f,0x19,0x01,0xaf,0xff,0x5f,0xc3,0xea,0x24,
689 0x5a,0x6d,0xad,0xb3,0x10,0xbb,0x63,0x02,0x14,0x38,0xa9,0x21,0x83,0xb9,0xc3,0x23,
690 0xba,0xfc,0x56,0x76,0x4d,0x46,0x43,0xd1,0x09,0x37,0x1f,0x79,0xe5,0x70,0x93,0xb5,
691 0x0f,0x21,0xe3,0xef,0x0b,0x4d,0x87,0x0c,0x68,0xf5,0x16,0xc0,0x13,0xee,0x28,0xe8,
692 0x49,0xaa,0x60,0x61,0xe5,0x76,0xe6,0x8e,0xd6,0xae,0x52,0x70,0xb2,0x70,0xbf,0xeb,
693 0xd2,0xd8,0xb8,0x92,0x71,0x6e,0xb8,0x59,0xdf,0xee,0xad,0xc1,0x55,0x14,0x4b,0x52,
694 0x0c,0x20,0x4c,0x79,0x93,0x71,0xe6,0xc5,0xbc,0xf3,0xf3,0x14,0x13,0xd0,0xcd,0x1c,
695 0x62,0x21,0xc0,0xcf,0x4e,0xf5,0xda,0x52,0xbf,0x2c,0x86,0x8f,0xb5,0x67,0xf5,0x72,
696 0xbb,0xe9,0xb8,0x86,0x17,0xd9,0x35,0x49,0xae,0x0a,0x99,0x94,0xa5,0xaa,0x96,0xf4,
697 0x95,0xfe,0x4a,0xe2,0x13,0x46,0xcb,0xd9,0x8b,0x48,0x50,0xff,0x34,0x88,0x12,0xe7,
698 0x9b,0x00,0x8d,0x57,0x94,0x44,0xa5,0xe6,0xd1,0x7f,0x34,0xbb,0x33,0x9f,0xc3,0x12,
699 0x3b,0xb2,0xba,0xb6,0xb3,0x15,0x9e,0xaf,0x90,0x5e,0x2e,0x61,0x0d,0xe6,0x02,0x25,
700 0x41,0x55,0x18,0xc9,0x4a,0x5a,0x0a,0xb2,0xf5,0x99,0x8a,0x27,0xc7,0xd7,0x01,0x96,
701 0x9e,0x4c,0x05,0x7f,0x54,0x90,0x08,0x92,0x9c,0xf2,0xbd,0x0d,0x7d,0x37,0x5a,0x57,
702 0x1d,0x5b,0xcb,0xce,0xc1,0x58,0x5e,0x50,0x73,0x4d,0x61,0x28,0x18,0x90,0x2d,0xac,
703 0x91,0x4b,0x5e,0x5f,0x57,0x29,0x58,0x65,0xba,0xa4,0x11,0x92,0xa8,0xf4,0xac,0xa8,
704 0x39,0x1c,0x52,0x14,0x09,0x13,0xdd,0x4e,0xfa,0xef,0xba,0x4f,0x48,0xc3,0x46,0x4e,
705 0xb9,0x8d,0xff,0x5e,0x28,0xb8,0xcc,0x99,0x7f,0x3a,0xdc,0xf4,0x90,0x5c,0x41,0x14,
706 0x4b,0xbc,0x6b,0xa3,0x01,0x78,0x87,0xc1,0x86,0xd7,0xad,0x98,0xa0,0xc6,0x82,0x35,
707 0x76,0x41,0x6f,0xf1,0xee,0x54,0xbd,0xef,0xef,0xfc,0x2b,0x88,0x56,0x61,0xb1,0x93,
708 0xa0,0xe5,0x8e,0x1e,0xb4,0xb1,0x39,0xb3,0xd3,0x85,0xe0,0xa2,0x61,0x4b,0xe8,0x24,
709 0xc3,0xdd,0x48,0x2a,0xfd,0x5a,0x98,0x7a,0x98,0x2a,0xc7,0x81,0x4c,0x3d,0x3b,0x0c,
710 0x42,0x69,0x42,0x87,0xf1,0x5f,0x13,0x47,0xf6,0x89,0xc5,0x5e,0x47,0x84,0x59,0x81,
711 0x97,0xef,0x22,0x79,0x16,0x37,0xdc,0x74,0x66,0x30,0x81,0xbc,0x45,0x21,0xe4,0x75,
712 0x69,0xe4,0x64,0x2b,0x98,0x97,0x61,0xe1,0x34,0xdf,0x4a,0x37,0x65,0x74,0xdc,0xe1,
713 0x71,0x37,0xd6,0x2c,0x54,0x83,0x7a,0x91,0xc4,0xa6,0xfe,0x09,0x12,0xf3,0xf5,0x2b,
714 0xec,0xe9,0x63,0xa3,0x25,0x0f,0x6f,0xd1,0xb0,0x95,0x3f,0x7f,0xab,0xa7,0x25,0x9b,
715 0x85,0xdb,0xcf,0x6e,0x0e,0xc0,0x8d,0xd3,0xca,0x0e,0xd2,0x98,0xeb,0x77,0x39,0xf4,
716 0x1a,0x30,0xe6,0x76,0x6d,0xba,0xc0,0x61,0x55,0x4e,0xbe,0x88,0x32,0xb2,0xae,0x16,
717 0x27,0xbd,0x61,0xc5,0x48,0x26,0x0f,0x05,0x1a,0x42,0xa6,0xd9,0x29,0xf8,0x58,0x96,
718 0x16,0x1d,0xad,0xf4,0x58,0xc6,0x79,0x46,0xdf,0x1f,0x25,0x43,0xaa,0xf5,0xc3,0x1f,
719 0x75,0x36,0x1c,0x17,0xd2,0x4d,0x88,0xf6,0x37,0x35,0x21,0x1f,0x0f,0x45,0x85,0x13,
720 0x50,0x85,0x0a,0xa2,0xb4,0x96,0x7a,0xe4,0x0a,0x27,0x74,0x87,0x1b,0x11,0xaa,0x7c,
721 0x35,0xf6,0xb6,0x49,0x8d,0x58,0x30,0x16,0xb7,0x36,0xd6,0xd8,0x82,0xe6,0x3d,0xa4,
722 0xdf,0xa7,0xc4,0xc7,0xfe,0x81,0x01,0xa6,0xda,0x63,0x10,0x9f,0x2b,0x84,0x14,0x62,
723 0xb8,0x37,0x9b,0xb4,0x3f,0x62,0x6b,0x76,0x36,0x39,0xb7,0x41,0xaf,0xb9,0xc9,0xf8,
724 0xa5,0x20,0x1f,0x0c,0xfc,0x71,0xca,0x6f,0x56,0x4d,0x6b,0x23,0x5b,0xb2,0x77,0x6f,
725 0x83,0xcc,0x8e,0x8c,0x78,0xda,0x4a,0xbf,0x92,0xd4,0x20,0xfe,0x43,0x6a,0xd4,0x7e,
726 0xd5,0x6c,0x56,0xdb,0xf8,0x94,0x01,0xc8,0x6f,0xdb,0x00,0x9c,0x0b,0x4c,0x97,0xa5,
727 0x2b,0xc1,0x46,0x19,0x91,0x34,0x05,0x9b,0x33,0x20,0xb2,0x79,0xe5,0x00,0x3d,0xb2,
728 0x54,0x4f,0xfa,0x23,0xaa,0xfa,0x3d,0x0c,0x83,0xcf,0x81,0xd1,0xd0,0x12,0x03,0x34,
729 0xda,0x6b,0xbb,0x63,0xbe,0x1b,0x3c,0x53,0x91,0x2b,0x7e,0xd7,0x76,0x62,0x6e,0xc9,
730 0xb1,0x3d,0x74,0x9f,0x96,0xfb,0x66,0xad,0x35,0xba,0x23,0x10,0x9b,0xab,0xc3,0x8a,
731 0x87,0xd1,0x0b,0xa2,0x99,0x34,0x8a,0x43,0x90,0xe9,0x65,0xe7,0x69,0x09,0x61,0x5f,
732 0xce,0x42,0x58,0x69,0xdf,0x8b,0x0c,0x5a,0xa0,0x6a,0x25,0x33,0x29,0x9e,0x23,0xbb,
733 0x77,0xf9,0xa4,0x2f,0x66,0x86,0xc5,0x38,0xf6,0x3d,0xcb,0x03,0xbf,0x94,0x9d,0x56,
734 0x73,0x53,0x9d,0xf4,0xc6,0xad,0x22,0x6d,0xff,0x92,0x90,0x63,0x80,0x5b,0xd2,0x4b,
735 0x18,0xcd,0xc5,0xe1,0xdb,0x4d,0x96,0xc4,0x29,0x0b,0x0e,0xb8,0x18,0x53,0x66,0x49,
736 0x20,0x8e,0xef,0x25,0x93,0x48,0x12,0xe6,0x36,0xd4,0x33,0xcc,0x4d,0x99,0xbd,0x94,
737 0x96,0x61,0xb2,0x7a,0x76,0x7f,0xa1,0xd9,0x1b,0x77,0xfc,0xb7,0x54,0xaf,0x6c,0xeb,
738 0xec,0x90,0x15,0x21,0x2f,0xe2,0x40,0x05,0x23,0x0c,0x2a,0xe2,0xda,0xa0,0x9b,0x0c,
739 0xc7,0x8b,0x31,0xd7,0x8e,0x91,0x95,0x39,0x79,0xd7,0x6d,0xbf,0x86,0x24,0x4d,0xcd,
740 0x72,0x43,0x05,0x56,0xc0,0xe1,0x0c,0xed,0x51,0xa3,0xa9,0x85,0x74,0x41,0x20,0xe2,
741 0x37,0x66,0x80,0x40,0x02,0xf2,0x4b,0x60,0x36,0x4f,0xcf,0x12,0x5a,0x22,0xbc,0x6c,
742 0x21,0xb1,0x2f,0x0c,0x4a,0x26,0xc2,0x14,0x23,0xb3,0x91,0x17,0x48,0x9e,0x27,0x6d,
743 0x6a,0x2f,0xaf,0x58,0xe4,0xf7,0x4d,0x40,0x4b,0xd9,0x52,0xa0,0xf6,0x5e,0xc3,0x36,
744 0xda,0xa6,0x27,0x81,0x1e,0x7c,0x61,0x45,0x93,0x1a,0xa6,0x9d,0x16,0x61,0x95,0xed,
745 0x20,0x2c,0x49,0x6d,0x8f,0x8d,0x1a,0x44,0x89,0x0a,0xce,0x3c,0x00,0x9c,0x76,0x76,
746 0xa5,0x0b,0x40,0x52,0xf2,0xb9,0x30,0xae,0xab,0x04,0x41,0xa1,0x30,0x2f,0x43,0x1b,
747 0x68,0xdb,0x7c,0x4d,0x6c,0xe6,0x05,0xfc,0xa4,0xab,0xd2,0x0a,0x75,0x0c,0xd9,0x40,
748 0x09,0xf1,0xcb,0x5e,0x0a,0x09,0x2c,0x75,0xbc,0x79,0xa5,0xd5,0xb5,0xde,0x07,0xfd,
749 0x27,0x31,0x96,0xad,0x66,0xc6,0xa6,0x5e,0x0a,0x57,0x06,0x39,0x03,0xe4,0x84,0x61,
750 0xcf,0x25,0x6c,0xcd,0x56,0xf4,0xe7,0xd1,0xff,0x93,0x6c,0x2d,0xd6,0xcf,0x0d,0xe6,
751 0x1e,0xe5,0x57,0x37,0xa6,0x6d,0xec,0xa1,0xde,0xe8,0x1f,0x64,0x90,0x5e,0x70,0xe2,
752 0xe8,0x05,0x24,0xac,0x36,0xe1,0xea,0x75,0xdf,0x60,0xe2,0xbf,0xc2,0x30,0x82,0x05,
753 0x82,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x82,0x05,0x73,
754 0x04,0x82,0x05,0x6f,0x30,0x82,0x05,0x6b,0x30,0x82,0x05,0x67,0x06,0x0b,0x2a,0x86,
755 0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x02,0xa0,0x82,0x04,0xee,0x30,0x82,0x04,
756 0xea,0x30,0x1c,0x06,0x0a,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x01,0x03,0x30,
757 0x0e,0x04,0x08,0xf4,0xa6,0x0f,0xb4,0x2e,0x8e,0x48,0xa6,0x02,0x02,0x08,0x00,0x04,
758 0x82,0x04,0xc8,0x0a,0x64,0x3b,0x68,0x4a,0x9a,0xf0,0xf6,0x80,0x65,0x2d,0xca,0xa6,
759 0x74,0x33,0x32,0xf3,0x71,0x97,0x27,0x24,0x3c,0xd1,0xaf,0x8b,0xfb,0xee,0x69,0x40,
760 0xfc,0xff,0x45,0x32,0x3a,0x1a,0xd1,0x35,0x2d,0xae,0xce,0xd6,0x84,0x5b,0x2b,0x20,
761 0x91,0xf8,0x26,0xa6,0x13,0x19,0x21,0x3e,0x8d,0xbb,0x30,0xef,0xdd,0x99,0x58,0x00,
762 0x61,0x57,0xe5,0x1b,0xc6,0x96,0xbe,0x7f,0x9e,0x95,0x47,0x7c,0xdf,0xf1,0x09,0x8f,
763 0xb9,0xa8,0x99,0x0d,0xf1,0x2a,0xe0,0xfd,0x08,0x92,0xf7,0x56,0x45,0x2e,0xb0,0xf4,
764 0x2b,0xf9,0x36,0x43,0xb2,0xbf,0x63,0x82,0x59,0x41,0x25,0x70,0xd6,0x49,0xe8,0x15,
765 0x7f,0x77,0x7c,0x7c,0xb3,0xab,0x7e,0xb6,0x16,0xd9,0xf7,0x22,0xa6,0x23,0x00,0x6a,
766 0x0e,0x62,0xfa,0xd6,0xe2,0x51,0x13,0x0e,0x99,0x9e,0x12,0x48,0xfa,0x71,0xea,0x47,
767 0xeb,0xf7,0xd9,0x9d,0x6f,0xa1,0x77,0x55,0xff,0x30,0xf7,0x68,0x33,0xee,0x26,0x16,
768 0xf6,0x43,0x63,0x4e,0xb7,0x16,0x97,0xd3,0x49,0x1c,0xf1,0x9e,0xe0,0xe5,0x77,0x52,
769 0xca,0x13,0x48,0x8f,0x11,0x23,0x0d,0x87,0x38,0xa7,0xf3,0x81,0x65,0x96,0xff,0xc7,
770 0xb4,0x0f,0x39,0x59,0xff,0x39,0x5a,0x55,0x2b,0x7b,0xab,0x34,0x11,0x42,0x47,0x42,
771 0x0c,0xb0,0x71,0x64,0x73,0xa5,0x1d,0x88,0x6e,0xa4,0x61,0x3c,0x67,0x18,0x67,0x2b,
772 0x42,0xa1,0x2e,0x60,0xae,0x82,0x3e,0x37,0xc8,0x2e,0x8a,0x80,0x2e,0x9c,0x5d,0xe4,
773 0x37,0x58,0xcb,0x6e,0x38,0x75,0x76,0x9a,0xaf,0x25,0xd3,0xb2,0xbe,0xf5,0x36,0x4f,
774 0x09,0x05,0xe2,0xe3,0x20,0x03,0x64,0x6f,0x94,0x3b,0xec,0x40,0x8c,0xe1,0x7e,0xed,
775 0x94,0xfa,0xed,0x9c,0x4d,0x1d,0xd7,0x31,0x1b,0x9d,0xf3,0xf5,0x1b,0xa0,0xf9,0xc8,
776 0xd6,0xf0,0x5e,0xe5,0x26,0x17,0x42,0x18,0xd8,0xe3,0x04,0x65,0xdf,0xa3,0xe6,0x16,
777 0x16,0xd5,0xfb,0xbe,0x08,0x1e,0xbf,0xd2,0x0e,0xd5,0x2b,0x4b,0x78,0xb2,0x80,0xf3,
778 0x8c,0xe6,0x74,0x89,0xe8,0xce,0xa6,0x2b,0xa5,0x38,0x1f,0x2f,0x87,0x93,0x51,0x35,
779 0xe8,0xad,0x6c,0x8d,0x95,0xbd,0xc0,0x24,0xa5,0x14,0x25,0x2d,0xdf,0x4e,0x77,0x32,
780 0x68,0xc0,0x91,0xad,0x51,0x95,0x25,0x44,0x7a,0xd7,0x4c,0x75,0xdf,0x73,0xe5,0x2b,
781 0xeb,0x1c,0xd3,0xe9,0x42,0xa7,0x5a,0x58,0x85,0x06,0xf0,0xcb,0x38,0x51,0x6d,0x09,
782 0x57,0x14,0x6f,0xd8,0x55,0x0c,0x7a,0x77,0x7f,0xb5,0x20,0xe8,0xd0,0xbd,0x88,0x5a,
783 0xad,0xe6,0xf5,0x02,0x2c,0x7d,0x0b,0xfb,0xe4,0x07,0xad,0xa2,0xd5,0x0c,0xc5,0xbc,
784 0x66,0xc4,0x19,0x48,0xe8,0xa2,0x60,0xdd,0xd2,0xf8,0x03,0x9a,0xd9,0x68,0x4d,0xa9,
785 0xd8,0xfa,0xda,0xa3,0x6f,0xcc,0x53,0xea,0x11,0x7e,0xa0,0xa8,0x8f,0xec,0xdb,0xc0,
786 0x2a,0x40,0xc6,0x84,0x58,0x4f,0x2a,0x23,0x4c,0xbc,0xfe,0xaa,0x78,0x58,0x9c,0xdd,
787 0x6c,0xd5,0x63,0xe9,0xe6,0x78,0xc2,0x73,0x14,0xd5,0x11,0xc3,0x2a,0xf5,0x8a,0x46,
788 0x78,0xfc,0x5a,0x59,0xc9,0x9a,0x7f,0xba,0x94,0x44,0xb3,0x45,0x83,0x08,0x94,0x4d,
789 0x72,0x0b,0x0f,0xd6,0x89,0x9a,0x75,0x6b,0x31,0xcb,0xeb,0x55,0x85,0x38,0x2c,0x3e,
790 0x9b,0x86,0xf0,0x58,0x0f,0x4c,0x93,0x24,0xec,0xd5,0xa3,0x61,0x3a,0x79,0x76,0xab,
791 0x37,0x63,0x2d,0x79,0xde,0x6d,0xa3,0x7f,0xf2,0xf0,0x8c,0x45,0xe6,0xce,0x97,0xc6,
792 0x88,0xfd,0x93,0xe0,0xf9,0xd0,0x93,0x6a,0x77,0xa4,0x28,0xc3,0x02,0x77,0x87,0xf6,
793 0x22,0xfa,0x2b,0x0b,0x31,0xcf,0xe2,0xce,0xaa,0xd9,0x65,0xa6,0x96,0x53,0x8d,0xc7,
794 0x67,0xaf,0x0c,0x0f,0xbc,0x51,0xdf,0x0b,0xc4,0xf8,0x06,0x46,0x07,0x12,0x95,0xce,
795 0x38,0x8e,0xe7,0x8f,0x8d,0x46,0x68,0xbe,0xa5,0x40,0xdc,0xed,0xab,0x76,0x5c,0x87,
796 0xac,0xb3,0x5f,0xb9,0xfd,0x9d,0x79,0x54,0x28,0xc2,0x19,0x2e,0x46,0x3f,0x1f,0x67,
797 0xe2,0x58,0x30,0x4e,0x89,0xdd,0x2f,0x44,0x59,0xde,0xe4,0xf4,0x0d,0x4c,0x33,0xe4,
798 0x98,0x6d,0xb4,0x1f,0x03,0x6b,0x0f,0x8e,0xde,0x86,0x1b,0x33,0x37,0x74,0x14,0xbe,
799 0xa9,0x4a,0xac,0xf4,0x9b,0xa7,0x37,0xe8,0xdd,0x94,0x67,0x25,0x5c,0xb4,0x5b,0x79,
800 0xfd,0xd3,0x24,0x21,0x11,0xbe,0x76,0x1f,0x98,0x8b,0x73,0x87,0x0c,0x96,0x82,0x59,
801 0x04,0x22,0x8c,0x9b,0x57,0x0c,0xca,0x16,0xb3,0x02,0xc6,0xdc,0x6f,0xd2,0x9c,0xcd,
802 0x0f,0x31,0xea,0x97,0x94,0xf7,0x43,0xfe,0xe2,0x8f,0xc7,0x07,0x98,0x57,0x30,0x72,
803 0x55,0x43,0xca,0xfa,0xde,0x92,0xf9,0x06,0x9e,0x56,0x73,0x80,0x84,0xbb,0x44,0xe5,
804 0x7d,0x04,0xfc,0x49,0x8d,0x28,0xfa,0x91,0xe3,0x50,0x76,0xc2,0xf8,0x87,0x29,0x04,
805 0xa4,0xfd,0xfb,0x28,0x20,0xe3,0x07,0xb6,0xf4,0xbf,0xe7,0xc4,0x6a,0x93,0x8c,0x12,
806 0xda,0x9d,0x9a,0x5d,0x8c,0x0a,0xd7,0xf5,0x9f,0xbd,0x71,0x00,0xfc,0x22,0xea,0xa4,
807 0x45,0x6f,0xd4,0xc6,0x7d,0x7a,0x47,0x38,0x15,0x17,0xc6,0xde,0xb3,0xeb,0x1b,0x9a,
808 0xea,0x94,0xc1,0x74,0xd1,0x65,0x25,0xc1,0x11,0x82,0x5d,0xb3,0x66,0x7f,0x05,0xd3,
809 0xe1,0x0a,0xfe,0x29,0xcf,0xdd,0x18,0x30,0xff,0x00,0x7f,0xef,0xc1,0x50,0x54,0x7c,
810 0x8b,0x89,0x3c,0x6a,0x12,0x9d,0xd4,0x5a,0xcc,0x48,0x76,0xab,0x64,0xd3,0x54,0x36,
811 0x70,0x9e,0x04,0x69,0x3d,0x20,0x9d,0x62,0x5d,0xe6,0x55,0x8e,0xd0,0x53,0x5c,0xb4,
812 0x54,0x79,0x73,0x69,0x6f,0x56,0xfa,0x60,0x1d,0x61,0xeb,0xeb,0x76,0xb4,0xd5,0x7a,
813 0xc9,0x51,0xfc,0xa9,0xed,0x4a,0xfa,0x5c,0x5c,0xb5,0x20,0x6a,0x44,0xf7,0xaa,0xf0,
814 0x27,0x90,0x55,0xda,0x2d,0xb4,0x11,0x59,0x21,0x65,0x0e,0x87,0xd2,0x53,0x21,0xd2,
815 0x81,0x93,0xf7,0xfe,0x3b,0xec,0x49,0x7e,0x1c,0xdc,0xc2,0x8f,0xdb,0xef,0x3c,0x0a,
816 0x40,0x89,0x94,0xf3,0x2d,0x77,0x84,0x15,0x03,0x00,0x29,0xfa,0x1b,0xea,0x55,0x7d,
817 0xdc,0xdb,0x69,0x95,0xe5,0x72,0xa5,0x17,0x8f,0xfb,0xfc,0x86,0xfc,0x72,0x91,0x09,
818 0x9b,0x32,0x1a,0x06,0x5c,0xa5,0x26,0x4b,0x61,0x40,0x97,0x40,0xce,0x17,0xca,0xe7,
819 0x79,0xe6,0xcc,0x6c,0xa3,0x81,0x9c,0x9f,0x36,0x74,0x36,0x9f,0xd9,0x5d,0x3e,0x29,
820 0xa0,0xce,0xa1,0x84,0xf6,0xaf,0x33,0x2b,0x8b,0x32,0xb4,0x45,0xb1,0x3d,0x72,0x87,
821 0x20,0x8c,0x88,0x02,0x0d,0x93,0x50,0xcc,0x31,0xce,0x03,0xf8,0x85,0x4a,0xdc,0xed,
822 0xc0,0xcc,0xb3,0xda,0x06,0xbd,0x12,0xd5,0xfc,0xd2,0xbb,0x75,0x4b,0xca,0xb2,0x77,
823 0x18,0xe1,0x5e,0xf5,0x9f,0x0c,0x8c,0xe2,0x17,0x73,0xe5,0xa3,0x80,0x40,0xd8,0x42,
824 0xb1,0xf7,0xd0,0x04,0x9f,0x2e,0xc2,0x2b,0x9b,0x5e,0xcb,0xae,0xb4,0x5f,0x95,0x53,
825 0xf5,0xc1,0x72,0xf1,0xff,0xa2,0x5a,0xcf,0x1b,0x78,0x5c,0x99,0xdf,0x09,0x24,0xbf,
826 0xbf,0x86,0xc3,0x0e,0x65,0x9a,0xe6,0xdc,0xde,0x88,0x28,0x94,0xd7,0xc0,0x6d,0xf6,
827 0x93,0x52,0xa6,0x7f,0x74,0x92,0x9b,0x0b,0x62,0xd5,0x2c,0xb4,0xad,0x7c,0xc0,0xc6,
828 0x3b,0x1b,0xd2,0xbd,0x89,0xa8,0x64,0x02,0x9c,0x81,0x9a,0xd8,0x51,0x04,0x22,0x10,
829 0x62,0x46,0x38,0xaa,0xaa,0x3b,0x00,0x5c,0xe8,0x58,0x09,0x25,0xf7,0x53,0x1d,0x72,
830 0xab,0x44,0x80,0xb4,0x33,0x91,0xf8,0x8e,0xe1,0x00,0x5c,0x07,0xdb,0x81,0x71,0x25,
831 0x86,0x3b,0xa7,0x8e,0x31,0x02,0x89,0x43,0x8f,0x0a,0xa8,0xac,0x6b,0x2a,0xe3,0xba,
832 0x4d,0xdf,0x8c,0x20,0x46,0xea,0xd4,0x98,0x2f,0x47,0x98,0xfb,0x03,0x5e,0xdd,0x92,
833 0xc5,0x73,0xa2,0x54,0xf7,0x9f,0x5f,0xda,0xb5,0x1d,0xb5,0xab,0x78,0x2b,0x72,0x43,
834 0x07,0x0a,0x34,0x22,0xb6,0x23,0xde,0x90,0x0f,0x85,0x7b,0x31,0x66,0x30,0x3f,0x06,
835 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x14,0x31,0x32,0x1e,0x30,0x00,0x54,
836 0x00,0x65,0x00,0x73,0x00,0x74,0x00,0x20,0x00,0x49,0x00,0x64,0x00,0x65,0x00,0x6e,
837 0x00,0x74,0x00,0x69,0x00,0x74,0x00,0x79,0x00,0x20,0x00,0x53,0x00,0x4d,0x00,0x49,
838 0x00,0x4d,0x00,0x45,0x00,0x20,0x00,0x32,0x00,0x30,0x00,0x30,0x00,0x37,0x30,0x23,
839 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x15,0x31,0x16,0x04,0x14,0x69,
840 0x6e,0x3e,0x79,0x39,0x9b,0x28,0xf4,0x29,0xd4,0x38,0x78,0xcd,0xbd,0x11,0x46,0xb5,
841 0x73,0xec,0x96,0x30,0x30,0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,
842 0x05,0x00,0x04,0x14,0x5b,0xc7,0xc7,0x83,0x6c,0xc1,0x23,0xf1,0xeb,0xe8,0xd7,0xc8,
843 0x3f,0x4c,0x59,0x18,0x49,0x61,0xdb,0x72,0x04,0x08,0xde,0xab,0x8d,0x3a,0xff,0xf8,
844 0x2d,0x69,0x02,0x01,0x01
845 };
846
847 /* Test identity (PKCS12 data), SSL cert, expired in 2008
848 */
849 unsigned char TestIDSSL2007_p12[2753] = {
850 0x30,0x82,0x0a,0xbd,0x02,0x01,0x03,0x30,0x82,0x0a,0x84,0x06,0x09,0x2a,0x86,0x48,
851 0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x82,0x0a,0x75,0x04,0x82,0x0a,0x71,0x30,0x82,
852 0x0a,0x6d,0x30,0x82,0x04,0xe7,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,
853 0x06,0xa0,0x82,0x04,0xd8,0x30,0x82,0x04,0xd4,0x02,0x01,0x00,0x30,0x82,0x04,0xcd,
854 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0x30,0x1c,0x06,0x0a,0x2a,
855 0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x01,0x06,0x30,0x0e,0x04,0x08,0x7a,0xe7,0xca,
856 0x1b,0x57,0x26,0xac,0x5e,0x02,0x02,0x08,0x00,0x80,0x82,0x04,0xa0,0x1a,0x44,0x31,
857 0x1c,0x4d,0xa9,0x00,0x7f,0x14,0x71,0x83,0x3b,0x68,0xf8,0xf0,0x6e,0x42,0xd0,0x6a,
858 0x8c,0x02,0xbf,0x6e,0x0c,0xcd,0xee,0x7e,0x48,0xab,0x8b,0x7e,0xc7,0xe4,0x66,0x3f,
859 0x4d,0x3f,0x05,0xcd,0xa5,0x41,0x5c,0xa2,0x2e,0x59,0x4c,0x62,0x4c,0xa7,0xca,0x31,
860 0x10,0xd8,0xc7,0x8c,0xa1,0x6c,0x1d,0x9b,0x27,0x7a,0xa8,0x00,0x7a,0xb9,0xd3,0x4b,
861 0x09,0xf0,0xf7,0x75,0xb6,0x53,0xdf,0x54,0xba,0x2e,0x26,0xf5,0x1c,0x49,0x94,0x72,
862 0xcb,0x06,0xf3,0xa3,0x28,0xcb,0x48,0xb4,0x70,0x4a,0x0a,0xf8,0xfb,0x82,0xad,0x7f,
863 0x50,0x78,0xb7,0x11,0x41,0xd5,0x2b,0x11,0x5c,0x95,0x90,0x0f,0xcb,0xd8,0x95,0xe6,
864 0x77,0x74,0x84,0xe5,0x4c,0x24,0xa0,0xd4,0x7a,0x0a,0xd6,0xc8,0x10,0xa4,0x7a,0xcb,
865 0x5d,0x81,0x61,0x33,0xb7,0x75,0x6a,0x98,0xbe,0xd4,0xaf,0x3c,0x8c,0x61,0x66,0x43,
866 0x6f,0x12,0x4b,0x1e,0x72,0x10,0x76,0xbb,0xc6,0x57,0xbd,0xdb,0x2c,0x99,0xa7,0x53,
867 0x1e,0xe5,0x6a,0x42,0x80,0xb9,0x24,0x4f,0x1a,0x2c,0x96,0x0b,0x64,0xd3,0x63,0x36,
868 0x6f,0x75,0x74,0x8e,0xd0,0x50,0x5d,0xab,0x4b,0xec,0x59,0x04,0xdb,0x23,0xfb,0x9a,
869 0xbf,0xe0,0x88,0x24,0xc6,0x00,0x7e,0xd9,0x12,0x11,0xf0,0xe5,0xe2,0x96,0xb7,0x85,
870 0x6b,0x90,0x03,0xab,0x18,0xa4,0x07,0xcc,0xda,0x19,0x76,0x49,0xde,0x41,0x32,0xda,
871 0x0f,0x9c,0x8d,0xca,0x96,0xbb,0x39,0xbe,0xeb,0x3d,0xb8,0xe6,0xc1,0xea,0xc5,0xa6,
872 0xc3,0x69,0x72,0x96,0x53,0xde,0x36,0x8b,0xee,0x2c,0x6b,0x2e,0x3d,0xad,0xdd,0x9b,
873 0x8a,0xd9,0x1c,0xdd,0x92,0xf3,0x38,0xa7,0xec,0x5d,0xa6,0x46,0x54,0x70,0x71,0x0b,
874 0xa9,0x1a,0x2a,0x54,0x67,0x6e,0x82,0x8e,0xcb,0x5c,0x2d,0x23,0x2f,0x9b,0x0a,0xc8,
875 0xb1,0xf8,0xea,0x9b,0x16,0x72,0xc5,0xf5,0x2c,0x94,0x10,0xdf,0x3f,0xde,0x84,0xa0,
876 0x97,0x96,0xfc,0xd7,0x49,0x4e,0xa6,0x37,0x0c,0x2a,0x39,0x08,0x5e,0xbe,0x58,0x9c,
877 0x94,0x59,0x98,0x71,0x5b,0x30,0x16,0xcc,0x6f,0x64,0xb5,0xe1,0x1e,0x31,0x34,0x6d,
878 0x4a,0xe6,0xb0,0x20,0x31,0x81,0xe4,0x0e,0x48,0x7e,0x4c,0xc4,0xfa,0x9c,0x57,0xf9,
879 0xee,0x58,0xfb,0xc2,0x1b,0xd7,0x96,0xdd,0x91,0x0f,0x86,0x40,0xc9,0x45,0x29,0x07,
880 0x65,0x48,0xd1,0x1d,0xf8,0x1c,0x6d,0x1d,0x5d,0xce,0x76,0xce,0x70,0x33,0x4f,0x1d,
881 0xcc,0x4a,0x87,0xd0,0x9a,0xf3,0xb5,0x40,0xf3,0x35,0xcc,0x89,0x26,0x72,0x94,0x53,
882 0x79,0x59,0xbb,0xe6,0xc4,0x24,0x63,0x46,0x83,0x27,0xb7,0xf8,0xff,0x80,0x4c,0x0a,
883 0x98,0xee,0xe7,0x4a,0x73,0x11,0x90,0xbf,0x94,0x1c,0x03,0x91,0x78,0xe8,0x01,0x3a,
884 0xa1,0xf3,0x53,0xea,0x78,0xb1,0x09,0x4e,0xea,0x2d,0xaa,0xb4,0xce,0xce,0xb1,0xc6,
885 0x51,0xb6,0x59,0x52,0x89,0x7e,0xab,0x4c,0xe3,0xd3,0x9b,0x6b,0xa7,0xf2,0xca,0x70,
886 0x53,0x95,0x8a,0x13,0xfc,0xc0,0xa2,0x24,0xd2,0x94,0xb5,0xe5,0x95,0x38,0x01,0x39,
887 0x0a,0x28,0x1d,0x83,0xd1,0x2a,0x03,0xfa,0xf6,0x6e,0x63,0x80,0x17,0x05,0x18,0x33,
888 0x11,0x56,0xe1,0x7e,0x66,0x94,0xbf,0x1b,0x8b,0x11,0xcf,0x41,0xbf,0x71,0xd9,0xa3,
889 0x6f,0xbb,0xf5,0xae,0x43,0x1d,0x2f,0xf1,0x88,0x00,0x72,0xca,0x49,0x83,0x3e,0xe3,
890 0x87,0x5e,0x0f,0x58,0x97,0xaa,0x2b,0x92,0x40,0xdd,0x8b,0x17,0xce,0xd8,0x11,0x05,
891 0xa4,0x03,0x51,0x0b,0xfa,0x35,0x4c,0xde,0x5b,0xda,0x88,0xdd,0x3a,0xe7,0x93,0x60,
892 0xca,0xe2,0x8e,0x84,0xcd,0x5b,0x6d,0xb6,0x5c,0x53,0xbc,0x85,0x75,0x96,0xaa,0x00,
893 0x06,0x19,0x84,0x66,0x4d,0x41,0x89,0xdd,0x84,0x81,0xbe,0xb6,0xa3,0x69,0x71,0xf4,
894 0x3e,0x31,0x89,0xae,0x9e,0x77,0x68,0xff,0x21,0x78,0xa2,0x43,0xc9,0x0e,0x36,0xe0,
895 0xa0,0xb6,0xae,0x40,0xf1,0xf4,0xe3,0xc8,0xa9,0x89,0x80,0x32,0x45,0x07,0x37,0xf1,
896 0x1d,0xc3,0x1e,0x79,0x0b,0x8b,0x1d,0x7d,0xc9,0xd6,0xa2,0x91,0xc8,0xd8,0x05,0xc0,
897 0xc0,0x25,0x27,0x97,0x5f,0x60,0x3f,0xc7,0xc9,0x3e,0xf2,0xac,0x7e,0x4c,0x4b,0x42,
898 0x15,0x85,0x1a,0xe0,0xe1,0xfa,0xf9,0x27,0xaf,0x8d,0x6f,0x90,0x52,0x33,0x6c,0x55,
899 0xa7,0x9d,0x9c,0x0b,0xc1,0xf8,0xe5,0xa9,0xd7,0x9c,0x81,0xce,0x08,0x49,0x9c,0xb1,
900 0x91,0x00,0xdd,0x6f,0xaf,0x17,0xf8,0x01,0xb5,0x9e,0x53,0x2a,0xa0,0xdd,0x47,0x6e,
901 0xb3,0x1b,0xd3,0x9d,0xc1,0x8c,0x07,0x9b,0x78,0x8c,0x2e,0xad,0xbb,0x7d,0xe1,0x0a,
902 0x11,0x35,0xf7,0xfa,0xf4,0x00,0xf3,0xc2,0xa6,0xf1,0x3f,0xa1,0xdc,0xe1,0xc2,0x2a,
903 0x4b,0x22,0x31,0x20,0x45,0x93,0xbb,0x5e,0xfc,0xe5,0xd7,0xcb,0x69,0x1b,0xad,0x3a,
904 0x48,0x59,0x9c,0xc7,0x74,0xbb,0x79,0x56,0xb7,0x73,0x92,0x54,0x49,0xc9,0xbc,0x5d,
905 0xf2,0x74,0xc8,0x63,0xa8,0x9c,0x99,0x67,0x4d,0x75,0x64,0x10,0x46,0xe7,0x0f,0xf1,
906 0xb0,0x4e,0x8b,0x9d,0x4f,0xa7,0x67,0xe9,0xec,0xbf,0x1b,0x0a,0xfd,0xde,0xe4,0xf6,
907 0xcd,0xba,0x12,0xce,0x4e,0xb5,0x29,0xbf,0x59,0x0b,0xf7,0xea,0xc7,0x7c,0xfb,0xe4,
908 0xe6,0x36,0x86,0x52,0x18,0xf6,0xe5,0x14,0xe1,0x92,0x02,0x98,0x08,0x0f,0xbc,0xd0,
909 0x40,0xf3,0xb1,0x87,0xcc,0x6b,0xee,0xee,0x1a,0x8c,0x40,0x13,0x53,0x9e,0x61,0xb3,
910 0x17,0x02,0x7e,0x97,0x22,0x90,0x6f,0xf0,0x64,0x75,0x42,0xf4,0xf9,0x8f,0x38,0x46,
911 0x27,0x5c,0x14,0x82,0x80,0x71,0xe9,0x7d,0xe9,0xc8,0x32,0xb2,0xae,0xbd,0x90,0x28,
912 0xda,0xc0,0xc1,0x6d,0x06,0x03,0x6c,0x83,0x68,0x3b,0xdf,0xb4,0xb4,0x48,0x04,0x0e,
913 0xbb,0x6e,0xa8,0xa5,0xa5,0x1b,0x36,0xbe,0xfc,0x40,0xd3,0x97,0xc3,0x62,0xb9,0x34,
914 0x94,0xbf,0x01,0xfb,0x21,0xae,0xbb,0xd9,0xdd,0x0d,0xe0,0xf4,0xce,0x25,0x9a,0x7c,
915 0xc4,0x10,0xfc,0xac,0x53,0x1d,0x11,0xdc,0x5c,0x4c,0x6e,0x65,0xb3,0x9c,0xca,0x76,
916 0x3d,0x5d,0x2d,0x21,0x64,0xa6,0x3c,0xc1,0xa1,0x35,0xe7,0x38,0x8b,0x39,0x9f,0x7f,
917 0x93,0x68,0x6f,0xeb,0x96,0x4f,0x7c,0xd3,0x49,0xbe,0x65,0xdb,0x82,0x91,0x2a,0xb4,
918 0x62,0x38,0xdd,0x73,0xa7,0x7f,0x66,0x54,0xfa,0x92,0x65,0xbf,0x71,0xc6,0x62,0x38,
919 0x96,0xe2,0xf4,0x16,0xc6,0xf7,0x7e,0x9d,0x7a,0x4f,0x35,0x5f,0x0e,0x29,0xe6,0x38,
920 0x7b,0x05,0x02,0x61,0xfb,0x16,0xb4,0x43,0xe9,0xb1,0x74,0x3d,0x50,0xe3,0x51,0x5c,
921 0x54,0x5e,0x3e,0xe0,0xb1,0xfe,0x20,0x2d,0xe0,0x05,0x25,0x2f,0x1f,0x9a,0x25,0xe9,
922 0xec,0xb6,0xb8,0x9a,0xe9,0xff,0x3a,0x7a,0xc8,0x53,0xfd,0xc4,0x61,0xb1,0xa1,0x22,
923 0xc6,0x85,0x7a,0x11,0x07,0x84,0xe9,0x58,0x15,0x74,0x33,0x08,0x1f,0x59,0xe9,0x0d,
924 0x7f,0x7e,0x38,0xd9,0x77,0x22,0x46,0xb5,0xfc,0xd5,0x3b,0x1d,0x47,0x7a,0x4a,0x16,
925 0x35,0xa8,0x67,0x99,0x6d,0x72,0x66,0x0d,0xd4,0xb3,0x3b,0xdf,0xb8,0x9f,0x7f,0x59,
926 0x37,0x97,0x65,0xdf,0x79,0x0c,0x15,0xe3,0x14,0x99,0xc0,0x1a,0xcc,0x9a,0x98,0x6a,
927 0xb7,0x59,0x35,0x21,0x31,0x3e,0xf4,0xa2,0xce,0xc4,0xca,0x60,0xf8,0xa0,0x43,0xb6,
928 0xbe,0x8a,0x0a,0x95,0xea,0xe7,0xa0,0xdb,0x4f,0x36,0x22,0xf8,0xb6,0x60,0xff,0x15,
929 0x69,0x45,0x84,0x53,0xad,0x48,0x00,0x0e,0x20,0xb3,0x62,0x07,0xbd,0x02,0x46,0x19,
930 0xf6,0x3d,0xb8,0x55,0x4b,0x5f,0xac,0x3a,0x6a,0x86,0xcf,0x07,0x79,0x30,0x82,0x05,
931 0x7e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x82,0x05,0x6f,
932 0x04,0x82,0x05,0x6b,0x30,0x82,0x05,0x67,0x30,0x82,0x05,0x63,0x06,0x0b,0x2a,0x86,
933 0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x02,0xa0,0x82,0x04,0xee,0x30,0x82,0x04,
934 0xea,0x30,0x1c,0x06,0x0a,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x01,0x03,0x30,
935 0x0e,0x04,0x08,0xd3,0x22,0x2a,0xd2,0xd9,0xd0,0xd6,0xd3,0x02,0x02,0x08,0x00,0x04,
936 0x82,0x04,0xc8,0x7b,0x88,0x0e,0x83,0x90,0x25,0x3f,0x51,0xab,0x13,0xf1,0x35,0x1f,
937 0xec,0x56,0xcb,0xfc,0x31,0x6b,0xd1,0x1a,0x6c,0x35,0x51,0x31,0xb7,0x27,0x2e,0xe6,
938 0x8c,0x75,0x7d,0xa6,0x58,0xfd,0x08,0x0b,0xe4,0x39,0x63,0xc6,0x3e,0x2d,0xee,0x2b,
939 0xe5,0x58,0x90,0x48,0xb5,0x57,0x38,0x97,0x48,0xf3,0x2c,0xac,0xf1,0xf8,0x10,0x9c,
940 0x56,0x02,0xc7,0x9d,0x7f,0x9e,0xe0,0x9c,0x96,0xe7,0x0c,0x9f,0x54,0xab,0x9f,0x26,
941 0x17,0xac,0x86,0x88,0x5e,0x4a,0x9c,0xce,0xea,0xc8,0x48,0x83,0x0c,0x2e,0xf0,0xa0,
942 0x6c,0x96,0x07,0x26,0x47,0x63,0xc1,0xac,0x27,0xd1,0x1a,0x25,0x88,0x43,0x8e,0x9d,
943 0xe0,0x5f,0x80,0xd9,0xd1,0x1a,0x86,0x92,0x12,0x80,0xe1,0x99,0x13,0xc3,0xab,0x53,
944 0x97,0xbe,0x51,0x17,0xc4,0x5a,0x9d,0xc0,0xcd,0xe4,0xc5,0xd6,0x44,0x56,0xaa,0x8d,
945 0x5b,0x3d,0xc8,0x66,0xaf,0x6c,0xd2,0x96,0xc6,0x83,0x57,0x7a,0x0e,0x66,0x68,0xd6,
946 0x30,0xf0,0xaa,0xde,0x13,0x92,0x5e,0x21,0x2c,0x36,0x96,0x77,0x1f,0xd0,0xaa,0x4b,
947 0x14,0x9f,0x9f,0xe5,0xa4,0x3f,0xbf,0x7a,0x9b,0x38,0xff,0x91,0x1d,0x0d,0xd4,0x32,
948 0x34,0x2b,0x3f,0xd8,0xfb,0x09,0x71,0xdf,0x1b,0x61,0xa3,0x36,0x81,0xaa,0x49,0xa3,
949 0xe4,0x5c,0xc4,0x8d,0xc5,0xab,0xc0,0x43,0xbe,0xc1,0x41,0xa2,0xcc,0x28,0x36,0x65,
950 0xa6,0xb6,0x73,0x96,0x6a,0x5f,0x1a,0xd9,0xb8,0x48,0x49,0x7b,0x12,0xda,0x2a,0xdb,
951 0xaa,0xaf,0x46,0x8b,0x39,0x7e,0xa7,0x78,0x88,0x15,0x95,0x32,0x13,0x76,0xbb,0x2d,
952 0xf5,0xd5,0x41,0x6a,0x9b,0xb8,0xe6,0x6d,0x43,0xa6,0xc3,0x53,0xb7,0xc5,0x68,0x9d,
953 0xa9,0x84,0x30,0x42,0x59,0x33,0x81,0x79,0x22,0x91,0x1e,0x34,0x31,0x9b,0xd4,0xf3,
954 0x2a,0xda,0xe2,0xa3,0x95,0x7a,0x2a,0x9c,0x67,0x57,0xee,0x2b,0x89,0xfc,0x64,0x67,
955 0x00,0x98,0x21,0x63,0xc7,0x19,0x95,0x69,0x9b,0x42,0x73,0x5c,0x68,0x59,0xfc,0x64,
956 0xe5,0x22,0x57,0x54,0x58,0x06,0xff,0xa3,0x87,0x7d,0x05,0xc8,0xc4,0xfd,0xc7,0x29,
957 0x1b,0x1d,0x88,0x0b,0x08,0x96,0x94,0x9b,0xd8,0xee,0x47,0x99,0x06,0xfa,0x64,0x67,
958 0xfd,0xb0,0xb1,0xa1,0xf5,0x26,0x7e,0xb1,0x46,0xb1,0x0c,0x82,0x52,0x5f,0xc5,0x94,
959 0x23,0x75,0xff,0xb3,0x42,0x18,0xa2,0x9f,0x65,0xfb,0x06,0xb0,0x8a,0x29,0xc1,0x6e,
960 0x84,0xd9,0xd4,0x39,0x77,0x02,0x47,0xe3,0x5f,0xf2,0xb4,0x84,0xc0,0x75,0x48,0x4b,
961 0x3a,0xef,0x48,0x2e,0x8d,0xa1,0xe5,0xc6,0x86,0x44,0x00,0xd9,0x4d,0x73,0xed,0x68,
962 0x8c,0x91,0x56,0x3e,0x2c,0x18,0xd0,0x58,0xd8,0x04,0x15,0xe0,0xd8,0xa8,0xe6,0x46,
963 0x36,0x54,0xc5,0x8c,0x2b,0x98,0xa5,0x01,0x73,0xf0,0x67,0x95,0x41,0x4e,0xa3,0xd6,
964 0x8d,0x24,0xc4,0xc3,0x8f,0x28,0x7c,0x76,0x76,0x84,0x6c,0x95,0x94,0x22,0xde,0xe2,
965 0x9d,0xcb,0x37,0xb6,0x97,0x6b,0xf3,0x58,0x1d,0x5a,0x98,0x88,0xac,0xd9,0xb1,0x59,
966 0x16,0x11,0xd8,0x0b,0x68,0xce,0xdf,0x4b,0x1a,0x28,0x3c,0xeb,0x14,0xb2,0x28,0xa7,
967 0xad,0x54,0x55,0xa1,0x6b,0x50,0x86,0x55,0x00,0xae,0xf6,0xdf,0x6b,0xb3,0x42,0xb3,
968 0x7b,0xbb,0x0d,0x91,0x14,0xdb,0x82,0xea,0xe9,0x08,0x9f,0xf6,0x6f,0xd0,0x10,0xd7,
969 0x83,0x1e,0xfc,0x5e,0x58,0xca,0x01,0xdd,0xb4,0xc8,0xbe,0x80,0xe3,0x07,0x71,0x0a,
970 0x74,0x01,0xd4,0xf1,0x50,0xe1,0x51,0x22,0xb1,0x43,0x98,0xf1,0x5e,0xdd,0xb4,0x65,
971 0x5a,0x18,0x0c,0x8b,0x1b,0x4e,0xe1,0xce,0xb1,0x0e,0x81,0xda,0x6b,0x98,0xc4,0xcb,
972 0xd9,0xd2,0xb2,0x1e,0xea,0xac,0x0c,0x08,0x86,0xa4,0x60,0xab,0x84,0x50,0x13,0xf8,
973 0x48,0xfb,0x64,0xf3,0x33,0x88,0x83,0x72,0x22,0xe8,0x6a,0x43,0xd3,0xb4,0xc7,0xd2,
974 0x04,0xed,0x07,0x75,0x26,0x96,0x2d,0x84,0xb9,0x10,0x02,0xd2,0xda,0xc8,0xc8,0x0b,
975 0x95,0xe3,0x69,0x1e,0x57,0x16,0x7a,0xb5,0x1c,0xe7,0x46,0x89,0xfc,0xed,0x49,0x69,
976 0x47,0xb8,0x07,0xe4,0xcb,0xd1,0x52,0xd6,0x8c,0x32,0xaa,0x91,0x8d,0x45,0x19,0xf1,
977 0x54,0x23,0x3c,0x5f,0xcc,0xc7,0x60,0xfc,0x89,0x00,0x9a,0xa3,0xc2,0xf0,0x48,0xda,
978 0xbf,0xe4,0xfd,0x78,0x3b,0x6c,0x2d,0x34,0x91,0x6b,0x0d,0x21,0xb4,0xba,0xe8,0x6d,
979 0x80,0xbc,0xfb,0x91,0xcb,0xce,0x77,0x01,0x4e,0xfe,0x7b,0xf2,0x08,0x78,0x2e,0x3f,
980 0x16,0xd4,0xfd,0xf0,0x76,0x68,0xce,0x43,0xdc,0xb2,0xe2,0x82,0x64,0x8f,0xc8,0x71,
981 0x0f,0x6e,0xc6,0x3b,0x4a,0x6b,0x6a,0xd7,0xf6,0x21,0x46,0xcd,0x05,0xce,0x19,0xab,
982 0x28,0x28,0x55,0x19,0x1d,0x07,0xaf,0x38,0xd9,0x9c,0xdf,0xe8,0x91,0x68,0x16,0xdd,
983 0x36,0x19,0x71,0x46,0x86,0x08,0x0a,0x08,0x34,0xc5,0x3b,0x53,0xaa,0x35,0x27,0x6e,
984 0xe4,0xf3,0xa1,0xd6,0x04,0x78,0xf9,0x63,0xec,0x1e,0xfe,0x30,0x38,0xb3,0xe7,0xd8,
985 0x27,0x9f,0x98,0xd5,0xb9,0x4d,0xb9,0x80,0x4f,0xb0,0x81,0xc6,0xaa,0xc2,0xe6,0xbf,
986 0x98,0x63,0x05,0xc6,0xab,0x4e,0xc8,0x7e,0xf4,0x37,0x68,0xad,0x63,0x08,0x6e,0x8f,
987 0xe5,0xd9,0x62,0x43,0xa3,0x0d,0x61,0x84,0x41,0x02,0xd0,0xc6,0x33,0x19,0x76,0xb8,
988 0x31,0xb1,0x27,0x2f,0x81,0x40,0x71,0x35,0x3c,0xf6,0xf2,0xc7,0x9b,0x85,0x9c,0x2e,
989 0xa0,0xf6,0xd2,0x3a,0xd9,0x7e,0xdd,0x82,0x56,0xf4,0x61,0x97,0x79,0xdb,0x27,0x5d,
990 0xa7,0x5b,0x8d,0x01,0x9d,0x68,0x9b,0x3a,0x4e,0xe1,0x3c,0xaf,0x61,0x0f,0xbf,0xfa,
991 0x61,0x12,0x2f,0xde,0x7a,0x71,0x0a,0xdd,0x6e,0x29,0x11,0x8e,0xa4,0x93,0x31,0x85,
992 0x2a,0x31,0xa8,0xd7,0x3f,0xfb,0xf4,0xd2,0xd4,0x7f,0x0c,0xb2,0x8d,0x63,0x25,0x47,
993 0x18,0x04,0x00,0x28,0x90,0xd3,0xc0,0x7e,0xca,0xfa,0x0d,0xc4,0xab,0xd4,0x7a,0x17,
994 0xb7,0xdc,0xce,0x7d,0xc2,0xe8,0x5b,0x68,0x7c,0xa9,0x3c,0xac,0x4e,0x2c,0xde,0x0c,
995 0x4a,0x09,0x09,0x03,0x77,0x12,0xb9,0x31,0xc9,0x0d,0x6e,0x2b,0xac,0x96,0x7b,0xb0,
996 0x3d,0x37,0x03,0x32,0xc6,0xe1,0x64,0x16,0xc1,0x1b,0xfa,0xa3,0x32,0xe9,0xea,0x25,
997 0x0c,0xa1,0xbf,0xae,0xaa,0xba,0xbd,0x24,0xba,0x9d,0x5f,0x15,0x20,0x59,0x2d,0xe5,
998 0x09,0xe6,0x71,0x70,0xcd,0xf5,0x44,0x12,0xcf,0x17,0x8b,0x33,0x4b,0x67,0x86,0x53,
999 0xd3,0x66,0x80,0x2e,0xfb,0x6b,0x95,0x38,0x35,0x2d,0x39,0xb8,0x19,0xb7,0x01,0xe0,
1000 0xe2,0x7d,0x29,0xd3,0x89,0xc7,0xc9,0x4f,0xb4,0xf9,0x48,0x20,0x6a,0x40,0xd3,0x71,
1001 0x28,0xf4,0xdf,0x3a,0xff,0xf0,0xd1,0x7a,0x78,0xbd,0x92,0xe4,0xa2,0x05,0x47,0xf5,
1002 0xfa,0x25,0x4f,0x22,0x3f,0x8f,0x85,0x72,0xaa,0x0f,0xfa,0x21,0x84,0x63,0xbc,0xb6,
1003 0xe0,0x49,0x1e,0xdf,0x0a,0xee,0x4b,0xa8,0x96,0xbf,0x2f,0xa7,0x31,0x64,0xc3,0xa1,
1004 0x19,0xe1,0x2b,0x69,0xbf,0x0f,0xcc,0x76,0x49,0x9f,0xdd,0x4e,0xf0,0x77,0xf0,0xae,
1005 0x83,0x20,0xe2,0xd6,0x21,0x1a,0x3a,0x1a,0xb4,0xbf,0x57,0x02,0x9c,0xf6,0xb1,0x47,
1006 0x83,0x59,0x0c,0x43,0xce,0x9a,0x3d,0xb3,0x9b,0x9c,0xd2,0x30,0xcd,0x40,0x58,0xfe,
1007 0xec,0xa9,0x59,0xa8,0xf6,0x28,0x31,0xbf,0xc3,0xfb,0xad,0x37,0x07,0xd4,0x34,0xe7,
1008 0x58,0xfa,0xca,0xe7,0xe3,0xbb,0x3d,0xd8,0xf6,0xd7,0x9c,0xf5,0x6f,0xc0,0xbd,0x9e,
1009 0x3a,0x91,0x30,0x7c,0xe4,0xff,0x8d,0xbe,0x85,0x91,0x27,0x92,0x51,0xdc,0xd6,0x66,
1010 0x7e,0x5a,0xfb,0xf7,0xbe,0x34,0xce,0x5e,0xa4,0x50,0xf1,0x6d,0xc0,0x32,0x3b,0xaa,
1011 0x8c,0x52,0x25,0xcc,0x75,0x26,0x2b,0xa8,0x2f,0x6f,0x02,0x81,0x18,0x07,0x5f,0xbe,
1012 0xc3,0xed,0xa3,0x93,0x73,0xc9,0xd4,0x79,0xec,0x34,0x78,0x31,0x62,0x30,0x3b,0x06,
1013 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x14,0x31,0x2e,0x1e,0x2c,0x00,0x54,
1014 0x00,0x65,0x00,0x73,0x00,0x74,0x00,0x20,0x00,0x49,0x00,0x64,0x00,0x65,0x00,0x6e,
1015 0x00,0x74,0x00,0x69,0x00,0x74,0x00,0x79,0x00,0x20,0x00,0x53,0x00,0x53,0x00,0x4c,
1016 0x00,0x20,0x00,0x32,0x00,0x30,0x00,0x30,0x00,0x37,0x30,0x23,0x06,0x09,0x2a,0x86,
1017 0x48,0x86,0xf7,0x0d,0x01,0x09,0x15,0x31,0x16,0x04,0x14,0xd0,0xcb,0xd6,0x5c,0xe1,
1018 0x73,0x7a,0xb8,0xa8,0x2a,0xf8,0xc9,0xe6,0xdc,0xbb,0xc2,0xec,0x00,0x2e,0x6a,0x30,
1019 0x30,0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x05,0x00,0x04,0x14,
1020 0x47,0x2e,0x9e,0xca,0x71,0x3b,0x36,0xcf,0x34,0x59,0x7e,0x0a,0x6e,0xe0,0xeb,0x79,
1021 0xcb,0x82,0x47,0x76,0x04,0x08,0xff,0xe9,0xf7,0xee,0x2f,0x48,0xcc,0x24,0x02,0x01,
1022 0x01
1023 };
1024
1025
1026 static int quiet = 0;
1027 static int debug = 0;
1028
1029 #define MAXNAMELEN MAXPATHLEN
1030 #define MAXITEMS INT32_MAX
1031
1032 #pragma mark -- Utility Functions --
1033
1034
1035 static void PrintTestResult(char *testStr, OSStatus status, OSStatus expected)
1036 {
1037 is(status, expected, "%s", testStr);
1038 fflush(stdout);
1039 }
1040
1041
1042 static void PrintStringToMatch(CFStringRef nameStr)
1043 {
1044 char *buf = (char*)malloc(MAXNAMELEN);
1045 if (buf) {
1046 if (CFStringGetCString(nameStr, buf, (CFIndex)MAXNAMELEN, kCFStringEncodingUTF8)) {
1047 fprintf(stdout, "### String to match is \"%s\"\n", buf);
1048 fflush(stdout);
1049 }
1050 free(buf);
1051 }
1052 }
1053
1054
1055 static void PrintSecCertificate(SecCertificateRef certificate)
1056 {
1057 CFStringRef nameStr;
1058 OSStatus status = SecCertificateCopyCommonName(certificate, &nameStr);
1059 if (status) {
1060 fprintf(stderr, "### SecCertificateCopyCommonName error %d\n", (int)status);
1061 }
1062 else {
1063 char *buf = (char*)malloc(MAXNAMELEN);
1064 if (buf) {
1065 if (CFStringGetCString(nameStr, buf, (CFIndex)MAXNAMELEN, kCFStringEncodingUTF8)) {
1066 fprintf(stdout, "### Found certificate name: \"%s\"\n", buf);
1067 }
1068 free(buf);
1069 }
1070 CFRelease(nameStr);
1071 }
1072 }
1073
1074
1075 static void PrintSecIdentity(SecIdentityRef identity)
1076 {
1077 SecCertificateRef certRef;
1078 OSStatus status = SecIdentityCopyCertificate(identity, &certRef);
1079 if (status) {
1080 fprintf(stderr, "### SecIdentityCopyCertificate error %d\n", (int)status);
1081 }
1082 else {
1083 PrintSecCertificate(certRef);
1084 CFRelease(certRef);
1085 }
1086 }
1087
1088
1089 static void PrintCFStringWithFormat(const char *formatStr, CFStringRef inStr)
1090 {
1091 char *buf = (char*)malloc(MAXNAMELEN);
1092 if (buf) {
1093 if (CFStringGetCString(inStr, buf, (CFIndex)MAXNAMELEN, kCFStringEncodingUTF8)) {
1094 fprintf(stdout, formatStr, buf);
1095 fflush(stdout);
1096 }
1097 free(buf);
1098 }
1099 }
1100
1101
1102 static void PrintCFThing(CFTypeRef thing)
1103 {
1104 fprintf(stderr, "### Results: %p\n", (void*)thing);
1105
1106 CFTypeID thingID = (thing) ? CFGetTypeID(thing) : 0;
1107 if (thingID == SecCertificateGetTypeID()) {
1108 // print a SecCertificateRef
1109 PrintSecCertificate((SecCertificateRef)thing);
1110 }
1111 else if (thingID == SecIdentityGetTypeID()) {
1112 // print a SecIdentityRef
1113 PrintSecIdentity((SecIdentityRef)thing);
1114 }
1115 else if (thingID == SecKeychainItemGetTypeID() ||
1116 thingID == SecIdentityGetTypeID() ||
1117 thingID == CFDictionaryGetTypeID() ||
1118 thingID == CFArrayGetTypeID() ||
1119 thingID == CFStringGetTypeID() ||
1120 thingID == CFDataGetTypeID()) {
1121 CFShow(thing);
1122 }
1123 else {
1124 fprintf(stderr, "### ERROR: result is not a supported CFType! (%ld)\n",
1125 thingID);
1126 }
1127 }
1128
1129 //%%% FIXME need to break this up into separate functions
1130 static int TestAddItems(SecKeychainRef keychain)
1131 {
1132 SecCertificateRef certs[5];
1133 CFDataRef tmpData;
1134 OSStatus status;
1135
1136 /* add test leaf */
1137 tmpData = CFDataCreateWithBytesNoCopy(NULL, LEAF_CERT, sizeof(LEAF_CERT), kCFAllocatorNull);
1138 certs[0] = SecCertificateCreateWithData(NULL, tmpData);
1139 CFRelease(tmpData);
1140
1141 /* add test intermediate */
1142 tmpData = CFDataCreateWithBytesNoCopy(NULL, INTERMEDIATE_CERT, sizeof(INTERMEDIATE_CERT), kCFAllocatorNull);
1143 certs[1] = SecCertificateCreateWithData(NULL, tmpData);
1144 CFRelease(tmpData);
1145
1146 /* add test root */
1147 tmpData = CFDataCreateWithBytesNoCopy(NULL, ROOT_CERT, sizeof(ROOT_CERT), kCFAllocatorNull);
1148 certs[2] = SecCertificateCreateWithData(NULL, tmpData);
1149 CFRelease(tmpData);
1150 // will add this below using SecItemAdd instead of SecCertificateAddToKeychain
1151
1152 /* use SecItemAdd to add an array containing certs 1-3 */
1153 CFArrayRef certArray = CFArrayCreate(NULL, (const void**) certs, 3, &kCFTypeArrayCallBacks);
1154 CFMutableDictionaryRef attrs = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
1155 CFDictionaryAddValue(attrs, kSecClass, kSecClassCertificate); // we are adding certificates
1156 CFDictionaryAddValue(attrs, kSecUseItemList, certArray); // add these items (to default keychain, since we aren't specifying one)
1157 CFDictionaryAddValue(attrs, kSecUseKeychain, keychain); // add these to the test keychain
1158 status = SecItemAdd(attrs, NULL);
1159 CFRelease(attrs);
1160 CFRelease(certArray);
1161 ok_status(status, "Unable to add 3 test certificates: error %d\n", (int)status);
1162 if (status && status != errSecDuplicateItem) {
1163 goto error_exit;
1164 }
1165
1166 /* add test cert for S/MIME policy (encrypt only, no sign) */
1167 tmpData = CFDataCreateWithBytesNoCopy(NULL, Test_smime_encryptonly, sizeof(Test_smime_encryptonly), kCFAllocatorNull);
1168 certs[3] = SecCertificateCreateWithData(NULL, tmpData);
1169 CFRelease(tmpData);
1170 status = SecCertificateAddToKeychain(certs[3], keychain);
1171 ok_status(status, "Unable to add test S/MIME certificate: error %d\n", (int)status);
1172 if (status && status != errSecDuplicateItem) {
1173 goto error_exit;
1174 }
1175
1176 /* add test cert for Code Signing policy */
1177 tmpData = CFDataCreateWithBytesNoCopy(NULL, Test_codesign, sizeof(Test_codesign), kCFAllocatorNull);
1178 certs[4] = SecCertificateCreateWithData(NULL, tmpData);
1179 CFRelease(tmpData);
1180 status = SecCertificateAddToKeychain(certs[4], keychain);
1181 ok_status(status, "Unable to add test Code Signing certificate: error %d\n", (int)status);
1182 if (status && status != errSecDuplicateItem) {
1183 goto error_exit;
1184 }
1185
1186 /* import test SSL identity */
1187 {
1188 CFDataRef p12DataRef = CFDataCreateWithBytesNoCopy(NULL, Test_ssl_user_p12, (CFIndex)sizeof(Test_ssl_user_p12), kCFAllocatorNull);
1189 SecExternalFormat format = kSecFormatPKCS12;
1190 SecExternalItemType itemType = kSecItemTypeAggregate;
1191 SecItemImportExportFlags flags = 0;
1192 #if 0
1193 /* deprecated method, using CDSA constants */
1194 SecKeyImportExportParameters keyParams = {
1195 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1196 0, // SecKeyImportExportFlags flags
1197 CFSTR("test"), // CFTypeRef passphrase
1198 CFSTR("title"), // CFStringRef alertTitle
1199 CFSTR("pw:"), // CFStringRef alertPrompt
1200 NULL, // SecAccessRef accessRef (unspecified, use default)
1201 CSSM_KEYUSE_SIGN, // CSSM_KEYUSE keyUsage (0=unspecified)
1202 CSSM_KEYATTR_PERMANENT // CSSM_KEYATTR_FLAGS keyAttributes
1203 };
1204 status = SecKeychainItemImport(p12DataRef,
1205 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1206 #else
1207 CFTypeRef keyUsages[1] = { kSecAttrCanSign };
1208 CFArrayRef keyUsagesArray = CFArrayCreate(NULL, keyUsages, 1, &kCFTypeArrayCallBacks);
1209 CFTypeRef keyAttrs[1] = { kSecAttrIsPermanent };
1210 CFArrayRef keyAttrsArray = CFArrayCreate(NULL, keyAttrs, 1, &kCFTypeArrayCallBacks);
1211 SecItemImportExportKeyParameters keyParams = {
1212 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1213 0, // SecKeyImportExportFlags flags
1214 CFSTR("test"), // CFTypeRef passphrase
1215 CFSTR("title"), // CFStringRef alertTitle
1216 CFSTR("pw:"), // CFStringRef alertPrompt
1217 NULL, // SecAccessRef accessRef (unspecified, use default)
1218 keyUsagesArray, // CFArrayRef keyUsages
1219 keyAttrsArray // CFArrayRef keyAttributes
1220 };
1221 status = SecItemImport(p12DataRef,
1222 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1223 CFRelease(keyUsagesArray);
1224 CFRelease(keyAttrsArray);
1225 #endif
1226 ok_status(status, "Unable to import test SSL identity: error %d\n", (int)status);
1227 if (status && status != errSecDuplicateItem) {
1228 goto error_exit;
1229 }
1230 }
1231
1232 /* import test S/MIME signing identity */
1233 {
1234 CFDataRef p12DataRef = CFDataCreateWithBytesNoCopy(NULL, Test_smime_signonly_p12, (CFIndex)sizeof(Test_smime_signonly_p12), kCFAllocatorNull);
1235 SecExternalFormat format = kSecFormatPKCS12;
1236 SecExternalItemType itemType = kSecItemTypeAggregate;
1237 SecItemImportExportFlags flags = 0;
1238 #if 0
1239 /* deprecated method, using CDSA constants */
1240 SecKeyImportExportParameters keyParams = {
1241 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1242 0, // SecKeyImportExportFlags flags
1243 CFSTR("test"), // CFTypeRef passphrase
1244 CFSTR("title"), // CFStringRef alertTitle
1245 CFSTR("pw:"), // CFStringRef alertPrompt
1246 NULL, // SecAccessRef accessRef (unspecified, use default)
1247 CSSM_KEYUSE_SIGN, // CSSM_KEYUSE keyUsage (0=unspecified)
1248 CSSM_KEYATTR_PERMANENT // CSSM_KEYATTR_FLAGS keyAttributes
1249 };
1250 status = SecKeychainItemImport(p12DataRef,
1251 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1252 #else
1253 CFTypeRef keyUsages[1] = { kSecAttrCanSign };
1254 CFArrayRef keyUsagesArray = CFArrayCreate(NULL, keyUsages, 1, &kCFTypeArrayCallBacks);
1255 CFTypeRef keyAttrs[1] = { kSecAttrIsPermanent };
1256 CFArrayRef keyAttrsArray = CFArrayCreate(NULL, keyAttrs, 1, &kCFTypeArrayCallBacks);
1257 SecItemImportExportKeyParameters keyParams = {
1258 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1259 0, // SecKeyImportExportFlags flags
1260 CFSTR("test"), // CFTypeRef passphrase
1261 CFSTR("title"), // CFStringRef alertTitle
1262 CFSTR("pw:"), // CFStringRef alertPrompt
1263 NULL, // SecAccessRef accessRef (unspecified, use default)
1264 keyUsagesArray, // CFArrayRef keyUsages
1265 keyAttrsArray // CFArrayRef keyAttributes
1266 };
1267 status = SecItemImport(p12DataRef,
1268 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1269 CFRelease(keyUsagesArray);
1270 CFRelease(keyAttrsArray);
1271 #endif
1272 ok_status(status, "Unable to import test S/MIME identity: error %d\n", (int)status);
1273 if (status && status != errSecDuplicateItem) {
1274 goto error_exit;
1275 }
1276 }
1277
1278 /* import expired SSL identity */
1279 {
1280 CFDataRef p12DataRef = CFDataCreateWithBytesNoCopy(NULL, TestIDSSL2007_p12, (CFIndex)sizeof(TestIDSSL2007_p12), kCFAllocatorNull);
1281 SecExternalFormat format = kSecFormatPKCS12;
1282 SecExternalItemType itemType = kSecItemTypeAggregate;
1283 SecItemImportExportFlags flags = 0;
1284 CFTypeRef keyUsages[1] = { kSecAttrCanSign };
1285 CFArrayRef keyUsagesArray = CFArrayCreate(NULL, keyUsages, 1, &kCFTypeArrayCallBacks);
1286 CFTypeRef keyAttrs[1] = { kSecAttrIsPermanent };
1287 CFArrayRef keyAttrsArray = CFArrayCreate(NULL, keyAttrs, 1, &kCFTypeArrayCallBacks);
1288 SecItemImportExportKeyParameters keyParams = {
1289 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1290 0, // SecKeyImportExportFlags flags
1291 CFSTR("test"), // CFTypeRef passphrase
1292 CFSTR("title"), // CFStringRef alertTitle
1293 CFSTR("pw:"), // CFStringRef alertPrompt
1294 NULL, // SecAccessRef accessRef (unspecified, use default)
1295 keyUsagesArray, // CFArrayRef keyUsages
1296 keyAttrsArray // CFArrayRef keyAttributes
1297 };
1298 status = SecItemImport(p12DataRef,
1299 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1300 CFRelease(keyUsagesArray);
1301 CFRelease(keyAttrsArray);
1302 ok_status(status, "Unable to import TestIDSSL2007_p12 identity: error %d\n", (int)status);
1303 if (status && status != errSecDuplicateItem) {
1304 goto error_exit;
1305 }
1306 }
1307
1308 /* import expired S/MIME identity */
1309 {
1310 CFDataRef p12DataRef = CFDataCreateWithBytesNoCopy(NULL, TestIDSMIME2007_p12, (CFIndex)sizeof(TestIDSMIME2007_p12), kCFAllocatorNull);
1311 SecExternalFormat format = kSecFormatPKCS12;
1312 SecExternalItemType itemType = kSecItemTypeAggregate;
1313 SecItemImportExportFlags flags = 0;
1314 CFTypeRef keyUsages[1] = { kSecAttrCanSign };
1315 CFArrayRef keyUsagesArray = CFArrayCreate(NULL, keyUsages, 1, &kCFTypeArrayCallBacks);
1316 CFTypeRef keyAttrs[1] = { kSecAttrIsPermanent };
1317 CFArrayRef keyAttrsArray = CFArrayCreate(NULL, keyAttrs, 1, &kCFTypeArrayCallBacks);
1318 SecItemImportExportKeyParameters keyParams = {
1319 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1320 0, // SecKeyImportExportFlags flags
1321 CFSTR("test"), // CFTypeRef passphrase
1322 CFSTR("title"), // CFStringRef alertTitle
1323 CFSTR("pw:"), // CFStringRef alertPrompt
1324 NULL, // SecAccessRef accessRef (unspecified, use default)
1325 keyUsagesArray, // CFArrayRef keyUsages
1326 keyAttrsArray // CFArrayRef keyAttributes
1327 };
1328 status = SecItemImport(p12DataRef,
1329 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1330 CFRelease(keyUsagesArray);
1331 CFRelease(keyAttrsArray);
1332 ok_status(status, "Unable to import TestIDSMIME2007_p12 identity: error %d\n", (int)status);
1333 if (status && status != errSecDuplicateItem) {
1334 goto error_exit;
1335 }
1336 }
1337
1338 /* add generic password items */
1339 status = SecKeychainAddGenericPassword(keychain,
1340 strlen("Test Service 42"), "Test Service 42",
1341 strlen("nobody"), "nobody",
1342 strlen("weakpass"), "weakpass",
1343 NULL);
1344 ok_status(status, "Unable to add \"Test Service 42\" generic password: error %d\n", (int)status);
1345 if (status && status != errSecDuplicateItem) {
1346 goto error_exit;
1347 }
1348 status = SecKeychainAddGenericPassword(keychain,
1349 strlen("Test Service 69"), "Test Service 69",
1350 strlen("nobody"), "nobody",
1351 strlen("weakpass"), "weakpass",
1352 NULL);
1353 ok_status(status, "Unable to add \"Test Service 69\" generic password: error %d\n", (int)status);
1354 if (status && status != errSecDuplicateItem) {
1355 goto error_exit;
1356 }
1357
1358 /* add internet password items */
1359 status = SecKeychainAddInternetPassword(keychain,
1360 strlen("test1.subdomain.apple.com"), "test1.subdomain.apple.com",
1361 0, NULL,
1362 strlen("nobody"), "nobody",
1363 0, NULL,
1364 80, kSecProtocolTypeHTTP, kSecAuthenticationTypeDefault,
1365 strlen("weakpass"), "weakpass",
1366 NULL);
1367 ok_status(status, "Unable to add \"test1.subdomain.apple.com\" internet password: error %d\n", (int)status);
1368 if (status && status != errSecDuplicateItem) {
1369 goto error_exit;
1370 }
1371 status = SecKeychainAddInternetPassword(keychain,
1372 strlen("test2.subdomain.apple.com"), "test2.subdomain.apple.com",
1373 0, NULL,
1374 strlen("nobody"), "nobody",
1375 0, NULL,
1376 443, kSecProtocolTypeHTTPS, kSecAuthenticationTypeDefault,
1377 strlen("weakpass"), "weakpass",
1378 NULL);
1379 ok_status(status, "Unable to add \"test2.subdomain.apple.com\" internet password: error %d\n", (int)status);
1380 if (status && status != errSecDuplicateItem) {
1381 goto error_exit;
1382 }
1383
1384 /* add a Mail password */
1385 status = SecKeychainAddInternetPassword(keychain,
1386 strlen("mail.apple.com"), "mail.apple.com",
1387 0, NULL,
1388 strlen("testacct"), "testacct",
1389 0, NULL,
1390 143, kSecProtocolTypeIMAP, kSecAuthenticationTypeDefault,
1391 strlen("testpass"), "testpass",
1392 NULL);
1393 ok_status(status, "Unable to add \"mail.apple.com\" internet password: error %d\n", (int)status);
1394 if (status && status != errSecDuplicateItem) {
1395 goto error_exit;
1396 }
1397
1398 /* if an item was already in the keychain from a previous run, we can ignore the error */
1399 if (status == errSecDuplicateItem)
1400 status = noErr;
1401
1402 error_exit:
1403
1404 if (keychain) CFRelease(keychain);
1405 PrintTestResult("TestAddItems", status, noErr);
1406
1407 return (int)status;
1408 }
1409
1410
1411 static int CheckResults(CFTypeRef results, CFIndex minMatchesExpected, CFIndex maxMatchesExpected)
1412 {
1413 OSStatus status = noErr;
1414 if (debug) {
1415 PrintCFThing(results);
1416 }
1417 if (minMatchesExpected > 0) {
1418 CFIndex matchesFound;
1419 if (CFGetTypeID(results) == CFArrayGetTypeID()) {
1420 // multiple items returned as an array
1421 matchesFound = CFArrayGetCount(results);
1422 }
1423 else {
1424 // single item returned as either a dictionary or an item reference
1425 matchesFound = (results) ? 1 : 0;
1426 }
1427 if (debug) {
1428 fprintf(stdout, "### Items matched: %d (minimum expected: %d",
1429 (int)matchesFound, (int)minMatchesExpected);
1430 if (maxMatchesExpected < MAXITEMS)
1431 fprintf(stdout, ", maximum expected: %d", (int)minMatchesExpected);
1432 fprintf(stdout, ")\n");
1433 fflush(stdout);
1434 }
1435 if (matchesFound < minMatchesExpected ||
1436 matchesFound > maxMatchesExpected) {
1437 /* should not happen, unless SecItemCopyMatching has a bug */
1438 status = errSecInternalError;
1439 }
1440 if(matchesFound < minMatchesExpected) {
1441 fail("CheckResults: %ld < %ld (minimum required)", matchesFound, minMatchesExpected);
1442 } else if(matchesFound > maxMatchesExpected) {
1443 fail("CheckResults: %ld > %ld (maximum allowed", matchesFound, maxMatchesExpected);
1444 } else {
1445 pass("CheckResults: matches found fall within requirements: %ld <= %ld <= %ld", minMatchesExpected, matchesFound, maxMatchesExpected);
1446 }
1447 }
1448 return (int)status;
1449 }
1450
1451
1452 #pragma mark -- Individual Test Cases --
1453
1454
1455 static int FindCertificateByEmail(SecKeychainRef keychain,
1456 CFStringRef emailStr,
1457 CFTypeRef returnType,
1458 CFTypeRef matchLimit,
1459 CFIndex minMatchesExpected,
1460 OSStatus expected)
1461 {
1462 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1463 &kCFTypeDictionaryKeyCallBacks,
1464 &kCFTypeDictionaryValueCallBacks);
1465
1466 /* set up the query */
1467 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1468 CFDictionaryAddValue( query, kSecMatchEmailAddressIfPresent, emailStr );
1469 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
1470 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
1471
1472 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1473 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1474 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1475
1476 CFTypeRef results = NULL;
1477 if (debug) {
1478 PrintStringToMatch(emailStr);
1479 }
1480
1481 OSStatus status = SecItemCopyMatching(query, &results);
1482
1483 if (!status && results) {
1484 status = CheckResults(results, minMatchesExpected, MAXITEMS);
1485 CFRelease(results);
1486 }
1487 if (query)
1488 CFRelease(query);
1489
1490 PrintTestResult("FindCertificateByEmail", status, expected);
1491
1492 return (status==expected) ? (int)noErr : (int)status;
1493 }
1494
1495
1496 static int FindCertificateByLabel(SecKeychainRef keychain,
1497 CFStringRef labelStr,
1498 CFTypeRef returnType,
1499 CFTypeRef matchLimit,
1500 CFIndex minMatchesExpected,
1501 CFIndex maxMatchesExpected,
1502 OSStatus expected)
1503 {
1504 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1505 &kCFTypeDictionaryKeyCallBacks,
1506 &kCFTypeDictionaryValueCallBacks);
1507
1508 /* set up the query */
1509 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1510 CFDictionaryAddValue( query, kSecAttrLabel, labelStr );
1511 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
1512 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
1513
1514 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1515 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1516 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1517
1518 CFTypeRef results = NULL;
1519 if (debug) {
1520 PrintStringToMatch(labelStr);
1521 }
1522
1523 OSStatus status = SecItemCopyMatching(query, &results);
1524
1525 if (!status && results) {
1526 status = CheckResults(results, minMatchesExpected, maxMatchesExpected);
1527 CFRelease(results);
1528 }
1529 if (query)
1530 CFRelease(query);
1531
1532 PrintTestResult("FindCertificateByLabel", status, expected);
1533
1534 return (status==expected) ? (int)noErr : (int)status;
1535 }
1536
1537
1538 static int FindCertificateByNameInSubject(SecKeychainRef keychain,
1539 CFStringRef nameStr,
1540 CFTypeRef matchType,
1541 CFTypeRef returnType,
1542 CFTypeRef matchLimit,
1543 CFIndex minMatchesExpected,
1544 OSStatus expected)
1545 {
1546 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1547 &kCFTypeDictionaryKeyCallBacks,
1548 &kCFTypeDictionaryValueCallBacks);
1549
1550 /* set up the query */
1551 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1552 CFDictionaryAddValue( query, matchType, nameStr );
1553 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
1554 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
1555
1556 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1557 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1558 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1559
1560 CFTypeRef results = NULL;
1561 if (debug) {
1562 PrintStringToMatch(nameStr);
1563 }
1564
1565 OSStatus status = SecItemCopyMatching(query, &results);
1566
1567 if (!status && results) {
1568 status = CheckResults(results, minMatchesExpected, MAXITEMS);
1569 CFRelease(results);
1570 }
1571 if (query)
1572 CFRelease(query);
1573
1574 PrintTestResult("FindCertificateByNameInSubject", status, expected);
1575
1576 return (status==expected) ? (int)noErr : (int)status;
1577 }
1578
1579
1580 static int FindCertificateByNameAndPolicy(SecKeychainRef keychain,
1581 CFStringRef nameStr,
1582 SecPolicyRef policy,
1583 CFTypeRef returnType,
1584 CFTypeRef matchLimit,
1585 CFIndex matchesExpected,
1586 OSStatus expected)
1587 {
1588 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1589 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1590
1591 const void *keys[] = {
1592 kSecMatchSearchList,
1593 kSecClass,
1594 kSecMatchSubjectContains,
1595 kSecMatchPolicy,
1596 kSecMatchLimit,
1597 returnType
1598 };
1599 const void *values[] = {
1600 searchList,
1601 kSecClassCertificate,
1602 nameStr,
1603 policy,
1604 matchLimit,
1605 kCFBooleanTrue
1606 };
1607
1608 OSStatus status = noErr;
1609 CFTypeRef results = NULL;
1610 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
1611 sizeof(keys) / sizeof(*keys),
1612 &kCFTypeDictionaryKeyCallBacks,
1613 &kCFTypeDictionaryValueCallBacks);
1614
1615 if (debug) {
1616 PrintStringToMatch(nameStr);
1617 PrintStringToMatch(SecPolicyGetName(policy));
1618 }
1619
1620 status = SecItemCopyMatching(query, &results);
1621
1622 if (!status && results) {
1623 status = CheckResults(results, matchesExpected, matchesExpected);
1624 CFRelease(results);
1625 }
1626 if (query)
1627 CFRelease(query);
1628
1629 PrintTestResult("FindCertificateByNameAndPolicy", status, expected);
1630
1631 return (status==expected) ? (int)noErr : (int)status;
1632 }
1633
1634
1635 static int FindCertificateByNameAndValidDate(SecKeychainRef keychain,
1636 CFStringRef nameStr,
1637 CFTypeRef validOnDate,
1638 CFTypeRef returnType,
1639 CFTypeRef matchLimit,
1640 CFIndex minMatchesExpected,
1641 OSStatus expected)
1642 {
1643 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1644 &kCFTypeDictionaryKeyCallBacks,
1645 &kCFTypeDictionaryValueCallBacks);
1646
1647 /* set up the query */
1648 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1649 CFDictionaryAddValue( query, kSecMatchSubjectContains, nameStr );
1650 CFDictionaryAddValue( query, kSecMatchValidOnDate, validOnDate ); // value may be a CFDateRef or a CFNullRef
1651 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
1652 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
1653
1654 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1655 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1656 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1657
1658 CFTypeRef results = NULL;
1659 if (debug) {
1660 PrintStringToMatch(nameStr);
1661 PrintStringToMatch(CFCopyDescription(validOnDate));
1662 }
1663
1664 OSStatus status = SecItemCopyMatching(query, &results);
1665
1666 if (!status && results) {
1667 status = CheckResults(results, minMatchesExpected, MAXITEMS);
1668 CFRelease(results);
1669 }
1670 if (query)
1671 CFRelease(query);
1672
1673 PrintTestResult("FindCertificateByNameAndValidDate", status, expected);
1674
1675 return (status==expected) ? (int)noErr : (int)status;
1676 }
1677
1678
1679 static int FindCertificateForSMIMEEncryption(SecKeychainRef keychain,
1680 CFStringRef emailAddr,
1681 CFTypeRef validOnDate,
1682 CFTypeRef returnType,
1683 CFTypeRef matchLimit,
1684 CFIndex minMatchesExpected,
1685 CFIndex maxMatchesExpected,
1686 OSStatus expected)
1687 {
1688 /* create a SecPolicyRef for S/MIME */
1689 SecPolicyRef policy = SecPolicyCreateWithOID(kSecPolicyAppleSMIME);
1690 if (policy == NULL)
1691 return errSecPolicyNotFound;
1692
1693 CFMutableDictionaryRef properties = CFDictionaryCreateMutable(NULL, 0,
1694 &kCFTypeDictionaryKeyCallBacks,
1695 &kCFTypeDictionaryValueCallBacks);
1696
1697 /* property 1: must match email address */
1698 CFDictionaryAddValue( properties, kSecPolicyName, emailAddr );
1699 /* property 2: must have "key encipherment" key usage to be used for encryption */
1700 CFDictionaryAddValue( properties, kSecPolicyKU_KeyEncipherment, kCFBooleanTrue );
1701
1702 SecPolicySetProperties(policy, properties);
1703
1704 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1705 &kCFTypeDictionaryKeyCallBacks,
1706 &kCFTypeDictionaryValueCallBacks);
1707
1708 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1709 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1710 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1711
1712 /* set up the query */
1713 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1714 CFDictionaryAddValue( query, kSecMatchPolicy, policy );
1715 CFDictionaryAddValue( query, kSecMatchValidOnDate, validOnDate );
1716 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
1717 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
1718
1719 CFTypeRef results = NULL;
1720 if (debug) {
1721 PrintStringToMatch(emailAddr);
1722 PrintStringToMatch(CFCopyDescription(kSecPolicyAppleSMIME));
1723 PrintStringToMatch(CFCopyDescription(validOnDate));
1724 }
1725
1726 OSStatus status = SecItemCopyMatching(query, &results);
1727
1728 if (!status && results) {
1729 status = CheckResults(results, minMatchesExpected, maxMatchesExpected);
1730 CFRelease(results);
1731 }
1732 if (query)
1733 CFRelease(query);
1734 if (policy)
1735 CFRelease(policy);
1736 if (properties)
1737 CFRelease(properties);
1738
1739 PrintTestResult("FindCertificateForSMIMEEncryption", status, expected);
1740
1741 return (status==expected) ? (int)noErr : (int)status;
1742 }
1743
1744
1745 static int FindPreferredCertificateForSMIMEEncryption(SecKeychainRef keychain,
1746 CFStringRef emailAddr, CFTypeRef validOnDate)
1747 {
1748 // Note: this function assumes that a preferred certificate has been set up
1749 // previously for the given email address. This is handled in the calling
1750 // function.
1751
1752 OSStatus status = noErr;
1753 SecCertificateRef preferredCertificate = NULL;
1754 SecCertificateRef validatedCertificate = NULL;
1755
1756 // Pass an explicit key usage value to SecCertificateCopyPreferred to test <rdar://8192797>
1757 CFArrayRef keyUsage = CFArrayCreate(kCFAllocatorDefault, (const void **)&kSecAttrCanEncrypt, 1, &kCFTypeArrayCallBacks);
1758
1759 preferredCertificate = SecCertificateCopyPreferred(emailAddr, keyUsage);
1760 if (!preferredCertificate)
1761 status = errSecItemNotFound; // our test expects a preferred certificate to exist, so we return an error
1762 if (keyUsage)
1763 CFRelease(keyUsage);
1764
1765 if (!status && preferredCertificate) {
1766 // We found a preferred certificate, but it may have expired.
1767 // Verify the preferred certificate by looking up all certificates which
1768 // are valid for SMIME encryption, and using the kSecMatchItemList query
1769 // parameter to filter out everything but our preferred certificate. If
1770 // we end up with 0 results, the preferred certificate wasn't valid.
1771
1772 // set up the S/MIME policy first to check for the Key Encipherment key usage (needed for encryption)
1773 SecPolicyRef policy = SecPolicyCreateWithOID(kSecPolicyAppleSMIME);
1774 CFDictionaryRef properties = CFDictionaryCreate(kCFAllocatorDefault, (const void **)&kSecPolicyKU_KeyEncipherment, (const void **)&kCFBooleanTrue, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
1775 status = SecPolicySetProperties(policy, properties);
1776 CFRelease(properties);
1777
1778 // set up an item list consisting of just our preferred certificate
1779 CFArrayRef itemList = CFArrayCreate(kCFAllocatorDefault, (const void **)&preferredCertificate, 1, &kCFTypeArrayCallBacks);
1780
1781 // set up the query
1782 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
1783 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1784 CFDictionaryAddValue( query, kSecMatchPolicy, policy );
1785 CFDictionaryAddValue( query, kSecMatchValidOnDate, validOnDate );
1786 CFDictionaryAddValue( query, kSecMatchItemList, itemList );
1787 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne ); // only need to match one item!
1788 CFDictionaryAddValue( query, kSecReturnRef, kCFBooleanTrue );
1789
1790 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1791 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1792 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1793
1794 if (debug) {
1795 PrintStringToMatch(emailAddr);
1796 PrintStringToMatch(CFCopyDescription(validOnDate));
1797 }
1798
1799 status = SecItemCopyMatching(query, (CFTypeRef*)&validatedCertificate);
1800
1801 if (!status && validatedCertificate) {
1802 status = CheckResults(validatedCertificate, 1, 1); // expect exactly 1 result
1803 CFRelease(validatedCertificate);
1804 }
1805 if (query)
1806 CFRelease(query);
1807 if (policy)
1808 CFRelease(policy);
1809 if (itemList)
1810 CFRelease(itemList);
1811 }
1812 else if (!quiet)
1813 fprintf(stderr, "FindPreferredCertificateForSMIMEEncryption: unexpected error %d\n", (int)status);
1814
1815 if (preferredCertificate)
1816 CFRelease(preferredCertificate);
1817
1818 PrintTestResult("FindPreferredCertificateForSMIMEEncryption", status, noErr);
1819
1820 return (status==noErr) ? (int)noErr : (int)status;
1821 }
1822
1823
1824 static int SetPreferredCertificateForSMIMEEncryption(SecKeychainRef keychain, CFStringRef nameStr,
1825 CFStringRef emailAddr)
1826 {
1827 // find the certificate exactly matching the given common name
1828 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1829 &kCFTypeDictionaryKeyCallBacks,
1830 &kCFTypeDictionaryValueCallBacks);
1831
1832 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1833 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1834 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1835
1836 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1837 CFDictionaryAddValue( query, kSecMatchSubjectWholeString, nameStr );
1838 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne );
1839 CFDictionaryAddValue( query, kSecReturnRef, kCFBooleanTrue );
1840
1841 CFTypeRef results = NULL;
1842 OSStatus status = SecItemCopyMatching(query, &results);
1843
1844 if (!quiet && status)
1845 fprintf(stderr, "SetPreferredCertificateForSMIMEEncryption: SecItemCopyMatching error %d\n", (int)status);
1846
1847 if (!status && results) {
1848 // since we asked for kSecMatchLimitOne, the result is a single item
1849 SecCertificateRef certificate = (SecCertificateRef) results;
1850 if (SecCertificateGetTypeID() != CFGetTypeID(certificate)) {
1851 fprintf(stderr, "SetPreferredCertificateForSMIMEEncryption: unexpected result type!\n");
1852 }
1853 else {
1854 // Pass an explicit key usage value to SecCertificateSetPreferred to test <rdar://8192797>
1855 CFArrayRef keyUsage = CFArrayCreate(kCFAllocatorDefault, (const void **)&kSecAttrCanEncrypt, 1, &kCFTypeArrayCallBacks);
1856 status = SecCertificateSetPreferred(certificate, emailAddr, keyUsage);
1857 if (!quiet && status)
1858 fprintf(stderr, "SetPreferredCertificateForSMIMEEncryption: SecCertificateSetPreferred error %d\n", (int)status);
1859 if (keyUsage)
1860 CFRelease(keyUsage);
1861 }
1862 CFRelease(results);
1863 }
1864 if (query)
1865 CFRelease(query);
1866
1867 return (status==noErr) ? (int)noErr : (int)status;
1868 }
1869
1870
1871 static int FindIdentityByName(SecKeychainRef keychain,
1872 CFStringRef nameStr,
1873 CFTypeRef returnType,
1874 CFTypeRef matchLimit,
1875 CFIndex matchesExpected,
1876 OSStatus expected)
1877 {
1878 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1879 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1880
1881 const void *keys[] = {
1882 kSecMatchSearchList,
1883 kSecClass,
1884 kSecMatchSubjectContains,
1885 kSecMatchLimit,
1886 returnType
1887 };
1888 const void *values[] = {
1889 searchList,
1890 kSecClassIdentity,
1891 nameStr,
1892 matchLimit,
1893 kCFBooleanTrue
1894 };
1895
1896 OSStatus status = noErr;
1897 CFTypeRef results = NULL;
1898 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
1899 sizeof(keys) / sizeof(*keys),
1900 &kCFTypeDictionaryKeyCallBacks,
1901 &kCFTypeDictionaryValueCallBacks);
1902
1903 if (debug) PrintStringToMatch(nameStr);
1904
1905 status = SecItemCopyMatching(query, &results);
1906
1907 if (!status && results) {
1908 status = CheckResults(results, matchesExpected, matchesExpected);
1909 CFRelease(results);
1910 }
1911 if (query)
1912 CFRelease(query);
1913
1914 PrintTestResult("FindIdentityByName", status, expected);
1915
1916 return (status==expected) ? (int)noErr : (int)status;
1917 }
1918
1919
1920 static int FindIdentityByPolicy(SecKeychainRef keychain,
1921 SecPolicyRef policy,
1922 CFTypeRef returnType,
1923 CFTypeRef matchLimit,
1924 CFIndex minMatchesExpected,
1925 OSStatus expected)
1926 {
1927 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1928 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1929
1930 const void *keys[] = {
1931 kSecMatchSearchList,
1932 kSecClass,
1933 kSecMatchPolicy,
1934 kSecMatchLimit,
1935 returnType
1936 };
1937 const void *values[] = {
1938 searchList,
1939 kSecClassIdentity,
1940 policy,
1941 matchLimit,
1942 kCFBooleanTrue
1943 };
1944
1945 OSStatus status = noErr;
1946 CFTypeRef results = NULL;
1947 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
1948 sizeof(keys) / sizeof(*keys),
1949 &kCFTypeDictionaryKeyCallBacks,
1950 &kCFTypeDictionaryValueCallBacks);
1951
1952 if (debug) PrintStringToMatch(SecPolicyGetName(policy));
1953
1954 status = SecItemCopyMatching(query, &results);
1955
1956 if (!status && results) {
1957 status = CheckResults(results, minMatchesExpected, MAXITEMS);
1958 CFRelease(results);
1959 }
1960 if (query)
1961 CFRelease(query);
1962
1963 PrintTestResult("FindIdentityByPolicy", status, expected);
1964
1965 return (status==expected) ? (int)noErr : (int)status;
1966 }
1967
1968
1969 static int FindIdentityByPolicyAndValidDate(SecKeychainRef keychain,
1970 CFTypeRef policyIdentifier,
1971 Boolean isClientPolicy,
1972 CFTypeRef validOnDate,
1973 CFStringRef forbidStr,
1974 CFTypeRef returnType,
1975 CFTypeRef matchLimit,
1976 CFIndex matchesExpected,
1977 OSStatus expected)
1978 {
1979 /* given the policy OID, create a SecPolicyRef */
1980 SecPolicyRef policy = SecPolicyCreateWithOID(policyIdentifier);
1981 if (policy == NULL)
1982 return errSecPolicyNotFound;
1983 if (isClientPolicy == TRUE) {
1984 /* specify the kSecPolicyClient property key for this policy */
1985 const void *keys[] = { kSecPolicyClient };
1986 const void *values[] = { kCFBooleanTrue };
1987 CFDictionaryRef properties = CFDictionaryCreate(NULL, keys, values,
1988 sizeof(keys) / sizeof(*keys),
1989 &kCFTypeDictionaryKeyCallBacks,
1990 &kCFTypeDictionaryValueCallBacks);
1991 SecPolicySetProperties(policy, properties);
1992 }
1993
1994 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1995 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1996
1997 const void *keys[] = {
1998 kSecMatchSearchList,
1999 kSecClass,
2000 kSecMatchPolicy,
2001 kSecMatchValidOnDate,
2002 kSecMatchLimit,
2003 returnType
2004 };
2005 const void *values[] = {
2006 searchList,
2007 kSecClassIdentity,
2008 policy,
2009 validOnDate,
2010 matchLimit,
2011 kCFBooleanTrue
2012 };
2013
2014 OSStatus status = noErr;
2015 CFTypeRef results = NULL;
2016 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
2017 sizeof(keys) / sizeof(*keys),
2018 &kCFTypeDictionaryKeyCallBacks,
2019 &kCFTypeDictionaryValueCallBacks);
2020
2021 if (debug) PrintStringToMatch(CFCopyDescription(policyIdentifier));
2022
2023 status = SecItemCopyMatching(query, &results);
2024
2025 // check returned items for forbidStr as a substring in the label attribute;
2026 // return errSecInternalError if found
2027 if (!status && results && forbidStr) {
2028 if (CFArrayGetTypeID() == CFGetTypeID(results)) {
2029 CFArrayRef items = (CFArrayRef) results;
2030 CFIndex ix, count = CFArrayGetCount(results);
2031 for (ix=0; ix<count; ix++) {
2032 CFTypeRef anItem = (CFTypeRef) CFArrayGetValueAtIndex(items, ix);
2033 if (anItem && CFDictionaryGetTypeID() == CFGetTypeID(anItem)) {
2034 CFDictionaryRef item = (CFDictionaryRef) anItem;
2035 CFStringRef label = NULL;
2036 if (CFDictionaryGetValueIfPresent(item, kSecAttrLabel, (const void **)&label) && label) {
2037 CFRange range = CFStringFind(label, forbidStr, 0);
2038 if (!(range.length < 1)) {
2039 status = errSecInternalError; // shouldn't have found this, but we did.
2040 break;
2041 } // found forbidStr
2042 } // found label attribute
2043 } // item is a dictionary
2044 } // item for-loop
2045 } // result is an array
2046 } // check forbidStr
2047
2048
2049 if (!status && results) {
2050 status = CheckResults(results, matchesExpected, matchesExpected);
2051 CFRelease(results);
2052 }
2053 if (query)
2054 CFRelease(query);
2055 if (policy)
2056 CFRelease(policy);
2057
2058 PrintTestResult("FindIdentityByPolicyAndValidDate", status, expected);
2059
2060 return (status==expected) ? (int)noErr : (int)status;
2061 }
2062
2063
2064 static int FindIdentityByNameAndValidDate(SecKeychainRef keychain,
2065 CFStringRef nameStr,
2066 CFTypeRef validOnDate,
2067 CFTypeRef returnType,
2068 CFTypeRef matchLimit,
2069 CFIndex minMatchesExpected,
2070 OSStatus expected)
2071 {
2072 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
2073 &kCFTypeDictionaryKeyCallBacks,
2074 &kCFTypeDictionaryValueCallBacks);
2075
2076 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2077 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2078 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
2079
2080 /* set up the query */
2081 CFDictionaryAddValue( query, kSecClass, kSecClassIdentity );
2082 CFDictionaryAddValue( query, kSecMatchSubjectContains, nameStr );
2083 CFDictionaryAddValue( query, kSecMatchValidOnDate, validOnDate ); // value may be a CFDateRef or a CFNullRef
2084 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
2085 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
2086
2087 CFTypeRef results = NULL;
2088 if (debug) {
2089 PrintStringToMatch(nameStr);
2090 PrintStringToMatch(CFCopyDescription(validOnDate));
2091 }
2092
2093 OSStatus status = SecItemCopyMatching(query, &results);
2094
2095 if (!status && results) {
2096 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2097 CFRelease(results);
2098 }
2099 if (query)
2100 CFRelease(query);
2101
2102 PrintTestResult("FindIdentityByNameAndValidDate", status, expected);
2103
2104 return (status==expected) ? (int)noErr : (int)status;
2105 }
2106
2107
2108 static int FindPreferredIdentityForSMIMESigning(SecKeychainRef keychain, CFStringRef emailAddr,
2109 CFTypeRef validOnDate)
2110 {
2111 // Note: this function assumes that a preferred identity has been set up
2112 // previously for the given email address. This is handled in the calling
2113 // function.
2114
2115 OSStatus status = noErr;
2116 SecIdentityRef preferredIdentity = NULL;
2117 SecIdentityRef validatedIdentity = NULL;
2118
2119 // Pass an explicit key usage value to SecIdentityCopyPreferred to test <rdar://8192797>
2120 CFArrayRef keyUsage = CFArrayCreate(kCFAllocatorDefault, (const void **)&kSecAttrCanSign, 1, &kCFTypeArrayCallBacks);
2121
2122 preferredIdentity = SecIdentityCopyPreferred(emailAddr, keyUsage, NULL);
2123 isnt(preferredIdentity, NULL, "FindPreferredIdentityForSMIMESigning: SecIdentityCopyPreferred");
2124
2125 if (!preferredIdentity)
2126 status = errSecItemNotFound; // our test expects a preferred identity to exist, so we return an error
2127 if (keyUsage)
2128 CFRelease(keyUsage);
2129
2130 if (!status && preferredIdentity) {
2131 pass("FindPreferredIdentityForSMIMESigning: found a preferred identity");
2132
2133 // We found a preferred identity, but it may have expired.
2134 // Verify the preferred identity by looking up all identities which
2135 // are valid for SMIME signing, and using the kSecMatchItemList query
2136 // parameter to filter out everything but our preferred identity. If
2137 // we end up with 0 results, the preferred identity wasn't valid.
2138
2139 // set up the S/MIME policy first to check for Digital Signature key usage
2140 SecPolicyRef policy = SecPolicyCreateSMIME(kSecSignSMIMEUsage, emailAddr);
2141
2142 // set up an item list consisting of just our preferred identity
2143 CFArrayRef itemList = CFArrayCreate(kCFAllocatorDefault, (const void **)&preferredIdentity, 1, &kCFTypeArrayCallBacks);
2144
2145 // set up the query
2146 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
2147 CFDictionaryAddValue( query, kSecClass, kSecClassIdentity );
2148 CFDictionaryAddValue( query, kSecMatchPolicy, policy );
2149 CFDictionaryAddValue( query, kSecMatchValidOnDate, validOnDate );
2150 CFDictionaryAddValue( query, kSecMatchItemList, itemList );
2151 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne ); // only need to match one item!
2152 CFDictionaryAddValue( query, kSecReturnRef, kCFBooleanTrue );
2153
2154 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2155 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2156 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
2157
2158 if (debug) {
2159 PrintStringToMatch(emailAddr);
2160 PrintStringToMatch(CFCopyDescription(validOnDate));
2161 }
2162
2163 status = SecItemCopyMatching(query, (CFTypeRef*)&validatedIdentity);
2164 ok_status(status, "FindPreferredIdentityForSMIMESigning: SecItemCopyMatching");
2165
2166 if (!status && validatedIdentity) {
2167 status = CheckResults(validatedIdentity, 1, 1); // expect exactly 1 result
2168 CFRelease(validatedIdentity);
2169 }
2170 if (query)
2171 CFRelease(query);
2172 if (policy)
2173 CFRelease(policy);
2174 if (itemList)
2175 CFRelease(itemList);
2176 }
2177 else {
2178 fail("FindPreferredIdentityForSMIMESigning: unexpected error %d\n", (int)status);
2179 }
2180
2181 if (preferredIdentity)
2182 CFRelease(preferredIdentity);
2183
2184 PrintTestResult("FindPreferredIdentityForSMIMESigning", status, noErr);
2185
2186 return (status==noErr) ? (int)noErr : (int)status;
2187 }
2188
2189
2190 static int SetPreferredIdentityForSMIMESigning(SecKeychainRef keychain, CFStringRef nameStr,
2191 CFStringRef emailAddr)
2192 {
2193 // find the identity exactly matching the given common name
2194 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
2195 &kCFTypeDictionaryKeyCallBacks,
2196 &kCFTypeDictionaryValueCallBacks);
2197
2198 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2199 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2200 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
2201
2202 CFDictionaryAddValue( query, kSecClass, kSecClassIdentity );
2203 CFDictionaryAddValue( query, kSecMatchSubjectWholeString, nameStr );
2204 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne );
2205 CFDictionaryAddValue( query, kSecReturnRef, kCFBooleanTrue );
2206
2207 CFTypeRef results = NULL;
2208 OSStatus status = SecItemCopyMatching(query, &results);
2209
2210 ok_status(status, "SetPreferredIdentityForSMIMESigning: SecItemCopyMatching error %d\n", (int)status);
2211
2212 if (!status && results) {
2213 // since we asked for kSecMatchLimitOne, the result is a single SecIdentityRef
2214 SecIdentityRef identity = (SecIdentityRef) results;
2215
2216 is(SecIdentityGetTypeID(),CFGetTypeID(identity), "SetPreferredCertificateForSMIMEEncryption: unexpected result type!\n");
2217
2218 // Pass an explicit key usage value to SecIdentitySetPreferred to test <rdar://8192797>
2219 CFArrayRef keyUsage = CFArrayCreate(kCFAllocatorDefault, (const void **)&kSecAttrCanSign, 1, &kCFTypeArrayCallBacks);
2220 status = SecIdentitySetPreferred(identity, emailAddr, keyUsage);
2221 ok_status(status, "SetPreferredIdentityForSMIMESigning: SecIdentitySetPreferred error %d\n", (int)status);
2222 if (keyUsage)
2223 CFRelease(keyUsage);
2224
2225 CFRelease(results);
2226 }
2227 if (query)
2228 CFRelease(query);
2229
2230 return (status==noErr) ? (int)noErr : (int)status;
2231 }
2232
2233
2234 static int FindGenericPasswordByAccount(SecKeychainRef keychain,
2235 CFStringRef accountStr,
2236 CFTypeRef returnType,
2237 CFTypeRef matchLimit,
2238 CFIndex minMatchesExpected,
2239 OSStatus expected)
2240 {
2241 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2242 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2243
2244 const void *keys[] = {
2245 kSecMatchSearchList,
2246 kSecClass,
2247 kSecAttrAccount,
2248 kSecMatchLimit,
2249 returnType
2250 };
2251 const void *values[] = {
2252 searchList,
2253 kSecClassGenericPassword,
2254 accountStr,
2255 matchLimit,
2256 kCFBooleanTrue
2257 };
2258
2259 OSStatus status = noErr;
2260 CFTypeRef results = NULL;
2261 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
2262 sizeof(keys) / sizeof(*keys),
2263 &kCFTypeDictionaryKeyCallBacks,
2264 &kCFTypeDictionaryValueCallBacks);
2265
2266 if (debug) PrintStringToMatch(accountStr);
2267
2268 status = SecItemCopyMatching(query, &results);
2269 ok_status(status, "FindGenericPasswordByAccount: SecItemCopyMatching");
2270
2271 if (!status && results) {
2272 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2273 CFRelease(results);
2274 }
2275 if (query)
2276 CFRelease(query);
2277
2278 PrintTestResult("FindGenericPasswordByAccount", status, expected);
2279
2280 return (status==expected) ? (int)noErr : (int)status;
2281 }
2282
2283
2284 static int FindGenericPasswordByAccountAndService(SecKeychainRef keychain,
2285 CFStringRef accountStr,
2286 CFStringRef serviceStr,
2287 CFTypeRef returnType,
2288 CFTypeRef matchLimit,
2289 CFIndex minMatchesExpected,
2290 OSStatus expected)
2291 {
2292 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2293 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2294
2295 const void *keys[] = {
2296 kSecMatchSearchList,
2297 kSecClass,
2298 kSecAttrAccount,
2299 kSecAttrService,
2300 kSecMatchLimit,
2301 returnType
2302 };
2303 const void *values[] = {
2304 searchList,
2305 kSecClassGenericPassword,
2306 accountStr,
2307 serviceStr,
2308 matchLimit,
2309 kCFBooleanTrue
2310 };
2311
2312 OSStatus status = noErr;
2313 CFTypeRef results = NULL;
2314 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
2315 sizeof(keys) / sizeof(*keys),
2316 &kCFTypeDictionaryKeyCallBacks,
2317 &kCFTypeDictionaryValueCallBacks);
2318
2319 if (debug) {
2320 PrintStringToMatch(accountStr);
2321 PrintStringToMatch(serviceStr);
2322 }
2323 status = SecItemCopyMatching(query, &results);
2324 ok_status(status, "FindGenericPasswordByAccountAndService: SecItemCopyMatching");
2325
2326 if (!status && results) {
2327 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2328 CFRelease(results);
2329 }
2330 if (query)
2331 CFRelease(query);
2332
2333 PrintTestResult("FindGenericPasswordByAccountAndService", status, expected);
2334
2335 return (status==expected) ? (int)noErr : (int)status;
2336 }
2337
2338
2339 static int FindInternetPasswordByAccount(SecKeychainRef keychain,
2340 CFStringRef accountStr,
2341 CFTypeRef returnType,
2342 CFTypeRef matchLimit,
2343 CFIndex minMatchesExpected,
2344 OSStatus expected)
2345 {
2346 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2347 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2348
2349 const void *keys[] = {
2350 kSecMatchSearchList,
2351 kSecClass,
2352 kSecAttrAccount,
2353 kSecMatchLimit,
2354 returnType
2355 };
2356 const void *values[] = {
2357 searchList,
2358 kSecClassInternetPassword,
2359 accountStr,
2360 matchLimit,
2361 kCFBooleanTrue
2362 };
2363
2364 OSStatus status = noErr;
2365 CFTypeRef results = NULL;
2366 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
2367 sizeof(keys) / sizeof(*keys),
2368 &kCFTypeDictionaryKeyCallBacks,
2369 &kCFTypeDictionaryValueCallBacks);
2370
2371 if (debug) PrintStringToMatch(accountStr);
2372
2373 status = SecItemCopyMatching(query, &results);
2374 ok_status(status, "FindInternetPasswordByAccount: SecItemCopyMatching");
2375
2376 if (!status && results) {
2377 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2378 CFRelease(results);
2379 }
2380 if (query)
2381 CFRelease(query);
2382
2383 PrintTestResult("FindInternetPasswordByAccount", status, expected);
2384
2385 return (status==expected) ? (int)noErr : (int)status;
2386 }
2387
2388
2389 static int FindInternetPasswordByAccountAndServer(SecKeychainRef keychain,
2390 CFStringRef accountStr,
2391 CFStringRef serverStr,
2392 CFTypeRef returnType,
2393 CFTypeRef matchLimit,
2394 CFIndex minMatchesExpected,
2395 OSStatus expected)
2396 {
2397 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2398 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2399
2400 const void *keys[] = {
2401 kSecMatchSearchList,
2402 kSecClass,
2403 kSecAttrAccount,
2404 kSecAttrServer,
2405 kSecMatchLimit,
2406 returnType
2407 };
2408 const void *values[] = {
2409 searchList,
2410 kSecClassInternetPassword,
2411 accountStr,
2412 serverStr,
2413 matchLimit,
2414 kCFBooleanTrue
2415 };
2416
2417 OSStatus status = noErr;
2418 CFTypeRef results = NULL;
2419 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
2420 sizeof(keys) / sizeof(*keys),
2421 &kCFTypeDictionaryKeyCallBacks,
2422 &kCFTypeDictionaryValueCallBacks);
2423
2424 if (debug) {
2425 PrintStringToMatch(accountStr);
2426 PrintStringToMatch(serverStr);
2427 }
2428 status = SecItemCopyMatching(query, &results);
2429 ok_status(status, "FindInternetPasswordByAccountAndServer: SecItemCopyMatching");
2430
2431 if (!status && results) {
2432 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2433 CFRelease(results);
2434 }
2435 if (query)
2436 CFRelease(query);
2437
2438 PrintTestResult("FindInternetPasswordByAccountAndServer", status, expected);
2439
2440 return (status==expected) ? (int)noErr : (int)status;
2441 }
2442
2443
2444 static int FindMailPassword(SecKeychainRef keychain,
2445 CFStringRef account,
2446 CFStringRef server)
2447 {
2448 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
2449 &kCFTypeDictionaryKeyCallBacks,
2450 &kCFTypeDictionaryValueCallBacks);
2451
2452 SInt16 port = 143;
2453 CFNumberRef portNumber = CFNumberCreate(NULL, kCFNumberSInt16Type, &port);
2454
2455 // set up query for a Mail password (IMAP, port 143) for given account and server
2456 CFDictionaryAddValue( query, kSecClass, kSecClassInternetPassword );
2457 CFDictionaryAddValue( query, kSecAttrAccount, account );
2458 CFDictionaryAddValue( query, kSecAttrServer, server );
2459 CFDictionaryAddValue( query, kSecAttrProtocol, kSecAttrProtocolIMAP );
2460 CFDictionaryAddValue( query, kSecAttrPort, portNumber );
2461 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne );
2462 CFDictionaryAddValue( query, kSecReturnData, kCFBooleanTrue );
2463
2464 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2465 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2466 CFDictionaryAddValue(query, kSecMatchSearchList, searchList);
2467
2468 CFTypeRef results = NULL;
2469 OSStatus status = SecItemCopyMatching(query, &results);
2470 ok_status(status, "FindMailPassword: SecItemCopyMatching error %d\n", (int)status);
2471
2472 if (!status && results) {
2473 // since we asked for kSecMatchLimitOne w/kSecReturnData, the result is the found password
2474 CFDataRef password = (CFDataRef) results;
2475 is(CFDataGetTypeID(), CFGetTypeID(password), "FindMailPassword: unexpected result type!\n");
2476
2477 if (debug) CFShow(password);
2478
2479 CFRelease(results);
2480 }
2481 if (query)
2482 CFRelease(query);
2483 if (portNumber)
2484 CFRelease(portNumber);
2485
2486 return (status==noErr) ? (int)noErr : (int)status;
2487 }
2488
2489
2490
2491 const CFStringRef gPrefix = CFSTR("Test Key");
2492 const CFStringRef gLabel = CFSTR("Test AES Encryption Key");
2493 const CFStringRef gUUID = CFSTR("550e8400-e29b-41d4-a716-446655441234");
2494
2495 // CreateSymmetricKey will create a new AES-128 symmetric encryption key
2496 // with the provided label, application label, and application tag.
2497 // Each of those attributes is optional, but only the latter two
2498 // (application label and application tag) are considered part of the
2499 // key's "unique" attribute set. Previously, if you attempted to create a
2500 // key which differs only in the label attribute (but not in the other two)
2501 // then the attempt would fail and leave a "turd" key with no label in your
2502 // keychain: <rdar://8289559>, fixed in 11A268a.
2503
2504 static int CreateSymmetricKey(
2505 SecKeychainRef keychain,
2506 CFStringRef keyLabel,
2507 CFStringRef keyAppLabel,
2508 CFStringRef keyAppTag,
2509 OSStatus expected)
2510 {
2511 OSStatus status;
2512 int keySizeValue = 128;
2513 CFNumberRef keySize = CFNumberCreate(NULL, kCFNumberIntType, &keySizeValue);
2514
2515 // create a SecAccessRef to set up the initial access control settings for this key
2516 // (this step is optional; if omitted, the creating application has access to the key)
2517 // note: the access descriptor should be the same string as will be used for the item's label,
2518 // since it's the string that is displayed by the access confirmation dialog to describe the item.
2519 SecAccessRef access = NULL;
2520 status = SecAccessCreate(gLabel, NULL, &access);
2521
2522 // create a dictionary of parameters describing the key we want to create
2523 CFMutableDictionaryRef params = CFDictionaryCreateMutable(NULL, 0,
2524 &kCFTypeDictionaryKeyCallBacks,
2525 &kCFTypeDictionaryValueCallBacks);
2526
2527 CFDictionaryAddValue( params, kSecClass, kSecClassKey );
2528 CFDictionaryAddValue( params, kSecUseKeychain, keychain );
2529 CFDictionaryAddValue( params, kSecAttrAccess, access );
2530 CFDictionaryAddValue( params, kSecAttrKeyClass, kSecAttrKeyClassSymmetric );
2531 CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeAES );
2532 CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize );
2533 CFDictionaryAddValue( params, kSecAttrIsPermanent, kCFBooleanTrue );
2534 CFDictionaryAddValue( params, kSecAttrCanEncrypt, kCFBooleanTrue );
2535 CFDictionaryAddValue( params, kSecAttrCanDecrypt, kCFBooleanTrue );
2536 CFDictionaryAddValue( params, kSecAttrCanWrap, kCFBooleanFalse );
2537 CFDictionaryAddValue( params, kSecAttrCanUnwrap, kCFBooleanFalse );
2538 if (keyLabel)
2539 CFDictionaryAddValue( params, kSecAttrLabel, keyLabel );
2540 if (keyAppLabel)
2541 CFDictionaryAddValue( params, kSecAttrApplicationLabel, keyAppLabel );
2542 if (keyAppTag)
2543 CFDictionaryAddValue( params, kSecAttrApplicationTag, keyAppTag );
2544
2545 // generate the key
2546 CFErrorRef error = NULL;
2547 SecKeyRef key = SecKeyGenerateSymmetric(params, &error);
2548
2549 // print result and clean up
2550 if (debug) {
2551 if (key == NULL) {
2552 CFStringRef desc = (error) ? CFErrorCopyDescription(error) : CFRetain(CFSTR("(no result!"));
2553 PrintCFStringWithFormat("SecKeyGenerateSymmetric failed: %s\n", desc);
2554 CFRelease(desc);
2555 }
2556 else {
2557 CFStringRef desc = CFCopyDescription(key);
2558 PrintCFStringWithFormat("SecKeyGenerateSymmetric succeeded: %s\n", desc);
2559 CFRelease(desc);
2560 }
2561 }
2562 status = (error) ? (OSStatus) CFErrorGetCode(error) : noErr;
2563 // if (status == errSecDuplicateItem)
2564 // status = noErr; // it's OK if the key already exists
2565
2566 if (key) CFRelease(key);
2567 if (error) CFRelease(error);
2568 if (params) CFRelease(params);
2569 if (keychain) CFRelease(keychain);
2570 if (access) CFRelease(access);
2571
2572 PrintTestResult("CreateSymmetricKey", status, expected);
2573
2574 return status;
2575 }
2576
2577
2578 static int FindSymmetricKey(
2579 SecKeychainRef keychain,
2580 CFStringRef keyLabel,
2581 CFStringRef keyAppLabel,
2582 CFStringRef keyAppTag,
2583 OSStatus expected)
2584 {
2585 // create a dictionary of parameters describing the key we want to find,
2586 // and how we want the result to be returned
2587 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
2588 &kCFTypeDictionaryKeyCallBacks,
2589 &kCFTypeDictionaryValueCallBacks);
2590
2591 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2592 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2593 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
2594
2595 CFDictionaryAddValue( query, kSecClass, kSecClassKey );
2596 CFDictionaryAddValue( query, kSecAttrKeyClass, kSecAttrKeyClassSymmetric );
2597 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne ); // we only want the first match
2598 CFDictionaryAddValue( query, kSecReturnRef, kCFBooleanTrue ); // we want the result as a SecKeyRef
2599 CFDictionaryAddValue( query, kSecReturnAttributes, kCFBooleanTrue ); // we also want the found item's attributes
2600 if (keyLabel)
2601 CFDictionaryAddValue( query, kSecAttrLabel, keyLabel );
2602 if (keyAppLabel)
2603 CFDictionaryAddValue( query, kSecAttrApplicationLabel, keyAppLabel );
2604 if (keyAppTag)
2605 CFDictionaryAddValue( query, kSecAttrApplicationLabel, keyAppTag );
2606
2607 CFTypeRef result = NULL;
2608 OSStatus status = SecItemCopyMatching(query, &result);
2609 if(expected == errSecSuccess) {
2610 ok_status(status, "FindSymmetricKey: SecItemCopyMatching");
2611 } else {
2612 is(status, expected, "FindSymmetricKey: SecItemCopyMatching");
2613 }
2614
2615 // print result and clean up
2616 if (debug) {
2617 if (status == noErr) {
2618 fprintf(stdout, "SecItemCopyMatching succeeded; found key\n");
2619 PrintCFThing(result);
2620 }
2621 else if (status == errSecItemNotFound) {
2622 fprintf(stdout, "SecItemCopyMatching: item not found\n");
2623 }
2624 else {
2625 fprintf(stdout, "SecItemCopyMatching: failed! (error %d)\n", (int)status);
2626 }
2627 }
2628
2629 SecKeyRef key = NULL;
2630 if (result) {
2631 // since we asked for both the item reference and the item attributes,
2632 // we expect a dictionary to be returned...
2633 if (CFDictionaryGetTypeID() == CFGetTypeID(result)) {
2634 if (CFDictionaryGetValueIfPresent(result, kSecValueRef, (CFTypeRef*)&key))
2635 CFRetain(key);
2636 }
2637 CFRelease(result); // all done with result dictionary
2638 }
2639
2640 if (key) CFRelease(key);
2641 if (query) CFRelease(query);
2642
2643 PrintTestResult("FindSymmetricKey", status, expected);
2644
2645 return status;
2646 }
2647
2648
2649 static int FindAndDeleteItemsByName(
2650 SecKeychainRef keychain,
2651 CFStringRef nameStr,
2652 CFStringRef accountStr,
2653 CFTypeRef itemClass,
2654 CFTypeRef matchLimit,
2655 CFIndex minMatchesExpected,
2656 OSStatus expected)
2657 {
2658 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
2659 &kCFTypeDictionaryKeyCallBacks,
2660 &kCFTypeDictionaryValueCallBacks);
2661
2662 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2663 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2664 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
2665
2666 CFTypeRef nameMatchKey;
2667 if (CFEqual(itemClass, kSecClassCertificate) ||
2668 CFEqual(itemClass, kSecClassIdentity)) {
2669 nameMatchKey = kSecMatchSubjectStartsWith; /* must start with nameStr */
2670 }
2671 else {
2672 nameMatchKey = kSecAttrLabel; /* nameStr must exactly match label */
2673 }
2674
2675 /* set up the query */
2676 CFDictionaryAddValue( query, kSecClass, itemClass );
2677 CFDictionaryAddValue( query, nameMatchKey, nameStr);
2678 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit);
2679 if (accountStr) {
2680 CFDictionaryAddValue( query, kSecAttrAccount, accountStr);
2681 }
2682
2683 CFTypeRef results = NULL;
2684 if (debug) {
2685 PrintStringToMatch(nameStr);
2686 }
2687
2688 OSStatus status = SecItemCopyMatching(query, &results);
2689 ok_status(status, "FindAndDeleteItemsByName: SecItemCopyMatching");
2690
2691 if (!status) {
2692 /* Make sure that we found the items we expected to find */
2693 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2694 CFRelease(results);
2695 }
2696
2697 if (!status) {
2698 /* OK, now the real reason we're here... the same query must work for SecItemDelete */
2699 status = SecItemDelete(query);
2700
2701 PrintTestResult("FindAndDeleteItemsByName: deleting items", status, expected);
2702 }
2703
2704 if (!status) {
2705 /* re-run the same query... should find no matching items this time */
2706 status = SecItemCopyMatching(query, &results);
2707 if (!status) {
2708 /* oops... we still found matches using this query */
2709 int count = (int)CFArrayGetCount(results);
2710 is(count, 0, "### FindAndDeleteItemsByName: still found %d items, expected 0\n", count);
2711 CFRelease(results);
2712 }
2713 PrintTestResult("FindAndDeleteItemsByName: find after delete", status, errSecItemNotFound);
2714
2715 status = (status == errSecItemNotFound) ? expected : errSecInternalError;
2716 }
2717
2718 if (query)
2719 CFRelease(query);
2720
2721 return (status==expected) ? (int)noErr : (int)status;
2722 }
2723
2724
2725 #pragma mark -- Test Functions --
2726
2727
2728 static int TestIdentityLookup(SecKeychainRef keychain)
2729 {
2730 int result = 0;
2731
2732 // look up identity by name, want first result as a SecIdentityRef
2733 result += FindIdentityByName(keychain, CFSTR("Test SSL User"), kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2734
2735 // look up existing non-identity certificate by name, expect errSecItemNotFound error
2736 result += FindIdentityByName(keychain, CFSTR("Test-5685316-LEAF"), kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2737
2738 // look up non-existent identity by name, expect errSecItemNotFound error
2739 result += FindIdentityByName(keychain, CFSTR("myxlpytk"), kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2740
2741 /* given the policy OID, create a SecPolicyRef */
2742 const void *keys[] = { kSecPolicyClient };
2743 const void *values[] = { kCFBooleanTrue };
2744 CFDictionaryRef properties = CFDictionaryCreate(NULL, keys, values,
2745 sizeof(keys) / sizeof(*keys),
2746 &kCFTypeDictionaryKeyCallBacks,
2747 &kCFTypeDictionaryValueCallBacks);
2748
2749 SecPolicyRef sslPolicy = SecPolicyCreateWithProperties(kSecPolicyAppleSSL, properties);
2750 SecPolicyRef codeSigningPolicy = SecPolicyCreateWithProperties(kSecPolicyAppleCodeSigning, NULL);
2751
2752 // look up identity by policy, want first result as a SecIdentityRef (should find "Test SSL User" identity)
2753 result += FindIdentityByPolicy(keychain, sslPolicy, kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2754
2755 // look up identity by policy, want first result as a CFDictionary of attributes (should find "Test SSL User" identity)
2756 result += FindIdentityByPolicy(keychain, sslPolicy, kSecReturnAttributes, kSecMatchLimitOne, 1, noErr);
2757
2758 // look up identity by policy, expect errSecItemNotFound error (this assumes no code signing identity is present!)
2759 result += FindIdentityByPolicy(keychain, codeSigningPolicy, kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2760
2761 // -------------------------
2762 // test kSecMatchValidOnDate
2763 // -------------------------
2764
2765 // make a valid date which will match at least some identities we used to populate the keychain
2766 CFGregorianDate aCurrentGDate = { 2016, 7, 20, 12, 0, 0 }; // Jul 20 2016 12:00 PM
2767 CFDateRef aCurrentDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aCurrentGDate, NULL));
2768 if (FindIdentityByNameAndValidDate(keychain, CFSTR("Test SSL User"), aCurrentDate, kSecReturnRef, kSecMatchLimitAll, 1, noErr))
2769 ++result;
2770 if(aCurrentDate) CFRelease(aCurrentDate);
2771
2772 // make a date in the past which should NOT match any identities (expect errSecItemNotFound)
2773 CFGregorianDate aPastGDate = { 1984, 7, 20, 12, 0, 0 }; // Jul 20 1984 12:00 PM
2774 CFDateRef aPastDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aPastGDate, NULL));
2775 if (FindIdentityByNameAndValidDate(keychain, CFSTR("Test SSL User"), aPastDate, kSecReturnRef, kSecMatchLimitAll, 0, errSecItemNotFound))
2776 ++result;
2777 if(aPastDate) CFRelease(aPastDate);
2778
2779 // make a date in the future which should NOT match any identities yet (expect errSecItemNotFound)
2780 CFGregorianDate aFutureGDate = { 2034, 7, 20, 12, 0, 0 }; // Jul 20 2034 12:00 PM
2781 CFDateRef aFutureDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aFutureGDate, NULL));
2782 if (FindIdentityByNameAndValidDate(keychain, CFSTR("Test SSL User"), aFutureDate, kSecReturnRef, kSecMatchLimitAll, 0, errSecItemNotFound))
2783 ++result;
2784 if(aFutureDate) CFRelease(aFutureDate);
2785
2786 // make a date in the past which SHOULD match 2 identities we used to populate the keychain
2787 CFGregorianDate aPastValidGDate = { 2007, 12, 20, 12, 0, 0 }; // Dec 20 2007 12:00 PM
2788 CFDateRef aPastValidDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aPastValidGDate, NULL));
2789 if (FindIdentityByNameAndValidDate(keychain, CFSTR(" 2007"), aPastValidDate, kSecReturnRef, kSecMatchLimitAll, 0, noErr))
2790 ++result;
2791
2792 // test the ability of kCFNull to denote "currently valid" (should not find anything, since the " 2007" certs are expired)
2793 if (FindIdentityByNameAndValidDate(keychain, CFSTR(" 2007"), kCFNull, kSecReturnRef, kSecMatchLimitAll, 0, errSecItemNotFound))
2794 ++result;
2795
2796 // test Ian's bug: <rdar://8197632>; the 4th argument is a string which should NOT be present in any found items
2797 if (FindIdentityByPolicyAndValidDate(keychain, kSecPolicyAppleSMIME, FALSE, kCFNull, CFSTR(" 2007"), kSecReturnAttributes, kSecMatchLimitAll, 0, errSecSuccess))
2798 ++result;
2799
2800 return result;
2801 }
2802
2803
2804 static int TestCertificateLookup(SecKeychainRef keychain)
2805 {
2806 int result = 0;
2807
2808 //======================================================================
2809 // item attribute tests (kSecItemAttr* keys)
2810 //======================================================================
2811
2812 // %%%TBA: need to flesh out this section with all certificate attributes
2813
2814 // ------------------------------------------
2815 // test kSecAttrIssuer & kSecAttrSerialNumber
2816 // ------------------------------------------
2817
2818 // look up cert by issuer & serial
2819 // %%%TBA -- underlying support was added in <rdar://8131491>; need to implement these keys
2820 //CFDictionarySetValue(query, (const void *)kSecAttrIssuer, (const void *)nameStr);
2821 //CFDictionarySetValue(query, (const void *)kSecAttrSerialNumber, (const void *)nameStr);
2822
2823 // -------------------------
2824 // test kSecAttrSubjectKeyID
2825 // -------------------------
2826
2827 // look up cert by subject key ID
2828 // %%%TBA -- can we get the subject key ID from SecCertificateCopyValues??
2829 //CFDictionarySetValue(query, (const void *)kSecAttrSubjectKeyID, (const void *)nameStr);
2830
2831 // ------------------
2832 // test kSecAttrLabel
2833 // ------------------
2834
2835 // look up cert by label, want array of all results (expect only 1) as SecCertificateRef
2836 result += FindCertificateByLabel(keychain, CFSTR("Test-5685316-LEAF"),
2837 kSecReturnRef, kSecMatchLimitAll, 1, 1, noErr);
2838
2839
2840 //======================================================================
2841 // search attribute tests (kSecMatch* keys)
2842 //======================================================================
2843
2844 // -----------------------------------
2845 // test kSecMatchEmailAddressIfPresent
2846 // -----------------------------------
2847
2848 // look up cert by email, want first result as a SecCertificateRef
2849 result += FindCertificateByEmail(keychain, CFSTR("security-dev@group.apple.com"),
2850 kSecReturnRef, kSecMatchLimitOne, 0, noErr);
2851
2852 // look up cert by email, want first result as a CFDictionaryRef of attributes
2853 result += FindCertificateByEmail(keychain, CFSTR("security-dev@group.apple.com"),
2854 kSecReturnAttributes, kSecMatchLimitOne, 0, noErr);
2855
2856 // -----------------------------
2857 // test kSecMatchSubjectContains
2858 // -----------------------------
2859
2860 // look up cert containing name, want array of all results (expect at least 3) as SecCertificateRef
2861 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-5685316"),
2862 kSecMatchSubjectContains, kSecReturnRef, kSecMatchLimitAll, 3, noErr);
2863
2864 // look up non-existent cert by name, expect errSecItemNotFound error
2865 result += FindCertificateByNameInSubject(keychain, CFSTR("myxlpytk"),
2866 kSecMatchSubjectContains, kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2867
2868 // look up cert by name, want array of all results (expect at least 2) as CFDataRef
2869 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-5685316"),
2870 kSecMatchSubjectContains, kSecReturnData, kSecMatchLimitAll, 2, noErr);
2871
2872 // look up cert by name, want array of all results (expect at least 2) as CFDictionaryRef of attributes
2873 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-5685316"),
2874 kSecMatchSubjectContains, kSecReturnAttributes, kSecMatchLimitAll, 2, noErr);
2875
2876 // -------------------------------
2877 // test kSecMatchSubjectStartsWith
2878 // -------------------------------
2879
2880 // look up cert starting with name, want array of all results (expect at least 3) as SecCertificateRef
2881 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-568"),
2882 kSecMatchSubjectStartsWith, kSecReturnRef, kSecMatchLimitAll, 3, noErr);
2883
2884 // look up cert starting with a name which isn't at start, expect errSecItemNotFound error
2885 result += FindCertificateByNameInSubject(keychain, CFSTR("5685316"),
2886 kSecMatchSubjectStartsWith, kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2887
2888 // -----------------------------
2889 // test kSecMatchSubjectEndsWith
2890 // -----------------------------
2891
2892 // look up cert ending with name, want array of all results (expect at least 1) as SecCertificateRef
2893 result += FindCertificateByNameInSubject(keychain, CFSTR("LEAF"),
2894 kSecMatchSubjectEndsWith, kSecReturnRef, kSecMatchLimitAll, 1, noErr);
2895
2896 // look up cert ending with a name which isn't at end, expect errSecItemNotFound error
2897 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-"),
2898 kSecMatchSubjectEndsWith, kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2899
2900 // --------------------------------
2901 // test kSecMatchSubjectWholeString
2902 // --------------------------------
2903
2904 // look up cert by whole name, want first result (expecting 1) as a SecCertificateRef
2905 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-5685316-LEAF"),
2906 kSecMatchSubjectWholeString, kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2907
2908 // look up cert by whole name (which is a substring in other certs), expect errSecItemNotFound error
2909 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-568"),
2910 kSecMatchSubjectWholeString, kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2911
2912 // --------------------
2913 // test kSecMatchPolicy
2914 // --------------------
2915
2916 const void *keys[] = { kSecPolicyClient };
2917 const void *values[] = { kCFBooleanTrue };
2918 CFDictionaryRef properties = CFDictionaryCreate(NULL, keys, values,
2919 sizeof(keys) / sizeof(*keys),
2920 &kCFTypeDictionaryKeyCallBacks,
2921 &kCFTypeDictionaryValueCallBacks);
2922
2923 SecPolicyRef sslPolicy = SecPolicyCreateWithProperties(kSecPolicyAppleSSL, properties);
2924 SecPolicyRef codeSigningPolicy = SecPolicyCreateWithProperties(kSecPolicyAppleCodeSigning, NULL);
2925 SecPolicyRef smimePolicy = SecPolicyCreateWithProperties(kSecPolicyAppleSMIME, NULL);
2926
2927 // look up cert by name and policy (Code Signing), want first result as a SecCertificateRef
2928 result += FindCertificateByNameAndPolicy(keychain, CFSTR("Test-7875801"),
2929 codeSigningPolicy,
2930 kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2931
2932 // look up cert by name and policy (S/MIME), want first result as a SecCertificateRef
2933 result += FindCertificateByNameAndPolicy(keychain, CFSTR("Test-"),
2934 smimePolicy,
2935 kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2936
2937 // look up cert by name and policy (SSL), want first result as a SecCertificateRef
2938 result += FindCertificateByNameAndPolicy(keychain, CFSTR("Test "),
2939 sslPolicy,
2940 kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2941
2942 // look up cert by name and policy, want array of all results as SecCertificateRef
2943 result += FindCertificateByNameAndPolicy(keychain, CFSTR("Test-7875801"),
2944 codeSigningPolicy,
2945 kSecReturnAttributes, kSecMatchLimitAll, 1, noErr);
2946
2947 // look up cert by email address for SMIME encryption, date valid today, want array of all results as SecCertificateRef
2948 // (note that a date value of kCFNull is interpreted as the current date)
2949 result += FindCertificateForSMIMEEncryption(keychain, CFSTR("smime-test@apple.com"), kCFNull,
2950 kSecReturnRef, kSecMatchLimitAll, 1, 1, noErr);
2951
2952 CFReleaseSafe(sslPolicy);
2953 CFReleaseSafe(codeSigningPolicy);
2954 CFReleaseSafe(smimePolicy);
2955 CFReleaseSafe(properties);
2956
2957 // -------------------------
2958 // test kSecMatchValidOnDate
2959 // -------------------------
2960
2961 // make a valid date which will match at least 2 certificates we used to populate the keychain
2962 CFGregorianDate aCurrentGDate = { 2010, 7, 20, 12, 0, 0 }; // Jul 20 2010 12:00 PM
2963 CFDateRef aCurrentDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aCurrentGDate, NULL));
2964 if (FindCertificateByNameAndValidDate(keychain, CFSTR("Test-"), aCurrentDate, kSecReturnRef, kSecMatchLimitAll, 2, noErr))
2965 ++result;
2966 if(aCurrentDate) CFRelease(aCurrentDate);
2967
2968 // make a date in the past which should NOT match any certificates (expect errSecItemNotFound)
2969 CFGregorianDate aPastGDate = { 1984, 7, 20, 12, 0, 0 }; // Jul 20 1984 12:00 PM
2970 CFDateRef aPastDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aPastGDate, NULL));
2971 if (FindCertificateByNameAndValidDate(keychain, CFSTR("Test-"), aPastDate, kSecReturnRef, kSecMatchLimitAll, 2, errSecItemNotFound))
2972 ++result;
2973 if(aPastDate) CFRelease(aPastDate);
2974
2975 // make a date in the future which should NOT match any certificates yet (expect errSecItemNotFound)
2976 CFGregorianDate aFutureGDate = { 2034, 7, 20, 12, 0, 0 }; // Jul 20 2034 12:00 PM
2977 CFDateRef aFutureDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aFutureGDate, NULL));
2978 if (FindCertificateByNameAndValidDate(keychain, CFSTR("Test-"), aFutureDate, kSecReturnRef, kSecMatchLimitAll, 2, errSecItemNotFound))
2979 ++result;
2980 if(aFutureDate) CFRelease(aFutureDate);
2981
2982 return result;
2983 }
2984
2985
2986 static int TestPreferredIdentityLookup(SecKeychainRef keychain)
2987 {
2988 int result = 0;
2989
2990 // set a preferred identity first
2991 if (SetPreferredIdentityForSMIMESigning(keychain, CFSTR("Test-SignOnly (S/MIME)"), CFSTR("smime-test@apple.com")))
2992 ++result;
2993
2994 // define a valid date for this preferred identity (typically this would just be kCFNull in a real program, meaning "now")
2995 CFGregorianDate aCurrentGDate = { 2016, 7, 27, 21, 0, 0 }; // Jul 27 2016 9:00 PM
2996 CFDateRef aCurrentDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aCurrentGDate, NULL));
2997 if (FindPreferredIdentityForSMIMESigning(keychain, CFSTR("smime-test@apple.com"), aCurrentDate))
2998 ++result;
2999 if(aCurrentDate) CFRelease(aCurrentDate);
3000
3001 // delete identity preference(s) for this email address by setting a NULL identity
3002 ok_status(SecIdentitySetPreferred(NULL, CFSTR("smime-test@apple.com"), 0), "TestPreferredIdentityLookup: SecIdentitySetPreferred");
3003
3004 return result;
3005 }
3006
3007
3008 static int TestPreferredCertificateLookup(SecKeychainRef keychain)
3009 {
3010 int result = 0;
3011
3012 // set a preferred certificate first
3013 if (SetPreferredCertificateForSMIMEEncryption(keychain, CFSTR("Test-Encryption (S/MIME)"), CFSTR("smime-test@apple.com")))
3014 ++result;
3015
3016 // define a valid date for this preferred certificate (typically this would just be kCFNull in a real program, meaning "now")
3017 CFGregorianDate aCurrentGDate = { 2016, 9, 27, 21, 0, 0 }; // September 27 2016 9:00 PM
3018 CFDateRef aCurrentDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aCurrentGDate, NULL));
3019 if (FindPreferredCertificateForSMIMEEncryption(keychain, CFSTR("smime-test@apple.com"), aCurrentDate))
3020 ++result;
3021 if(aCurrentDate) CFRelease(aCurrentDate);
3022
3023 // delete certificate preference(s) for this email address by setting a NULL identity
3024 ok_status(SecCertificateSetPreferred(NULL, CFSTR("smime-test@apple.com"), 0), "TestPreferredCertificateLookup: SecCertificateSetPreferred");
3025
3026 return result;
3027 }
3028
3029
3030 static int TestSymmetricKeyLookup(SecKeychainRef keychain)
3031 {
3032 int result = 0;
3033
3034 // look up our symmetric key by label and UUID (it might not exist yet)
3035 if (FindSymmetricKey(keychain, gLabel, gUUID, NULL, errSecItemNotFound) != errSecSuccess) {
3036 // create test key (unique by UUID only)
3037 if (CreateSymmetricKey(keychain, gLabel, gUUID, NULL, errSecSuccess) != errSecSuccess)
3038 ++result;
3039 // look it up again (it should exist now!)
3040 if (FindSymmetricKey(keychain, gLabel, gUUID, NULL, errSecSuccess) != errSecSuccess)
3041 ++result;
3042 }
3043
3044 // now look up a key whose name is derived from today's date
3045 // (so we can make sure on a daily basis that SecKeyGenerateSymmetric is still working)
3046 CFGregorianDate curGDate = CFAbsoluteTimeGetGregorianDate(CFAbsoluteTimeGetCurrent(), NULL);
3047 CFStringRef curDateLabel = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@ (%4d-%02d-%02d)"),
3048 gPrefix, (int32_t) curGDate.year, (int8_t) curGDate.month, (int8_t) curGDate.day);
3049
3050 //
3051 //%%% FIXME Creating a symmetric key with attributes that would duplicate an existing
3052 // key item currently results in a broken <unknown> key which can't be found: <rdar://8289559>
3053 //
3054 //CFStringRef curAppTag = curDateLabel; // i.e. make sure it will be unique, for now
3055 CFStringRef curAppTag = CFSTR("SecItemFind");
3056
3057 // look up our date-based symmetric key by label, UUID, and tag (it might not exist yet)
3058 if (FindSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecItemNotFound) != errSecSuccess) {
3059 // create test key (unique by combination of UUID and application tag)
3060 if (CreateSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecSuccess) != errSecSuccess)
3061 ++result;
3062 // look it up again (it should exist now!)
3063 if (FindSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecSuccess) != errSecSuccess)
3064 ++result;
3065 }
3066
3067 // test handling of duplicate symmetric key items (<rdar://8289559>)
3068 if (CreateSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecDuplicateItem) != errSecDuplicateItem)
3069 ++result;
3070
3071 CFRelease(curDateLabel);
3072
3073 return result;
3074 }
3075
3076
3077 static int TestInternetPasswordLookup(SecKeychainRef keychain)
3078 {
3079 int result = 0;
3080
3081 // look up internet password by account and server, want first result as data
3082 if (FindInternetPasswordByAccountAndServer(keychain, CFSTR("nobody"),
3083 CFSTR("test2.subdomain.apple.com"), kSecReturnData, kSecMatchLimitOne, 1, noErr))
3084 ++result;
3085
3086 // look up internet password by account and server, want dictionary of the item's attributes
3087 if (FindInternetPasswordByAccountAndServer(keychain, CFSTR("nobody"),
3088 CFSTR("test2.subdomain.apple.com"), kSecReturnAttributes, kSecMatchLimitOne, 1, noErr))
3089 ++result;
3090
3091 // look up internet passwords by account, want array of SecKeychainItemRef results
3092 if (FindInternetPasswordByAccount(keychain, CFSTR("nobody"),
3093 kSecReturnRef, kSecMatchLimitAll, 1, noErr))
3094 ++result;
3095
3096 // look up a Mail password for an IMAP account, replacing SecKeychainFindInternetPassword
3097 // (see <rdar://8347516>)
3098 if (FindMailPassword(keychain, CFSTR("testacct"), CFSTR("mail.apple.com")))
3099 ++result;
3100
3101 return result;
3102 }
3103
3104
3105 static int TestGenericPasswordLookup(SecKeychainRef keychain)
3106 {
3107 int result = 0;
3108
3109 // look up generic password by account and service, want first result as data
3110 if (FindGenericPasswordByAccountAndService(keychain, CFSTR("nobody"),
3111 CFSTR("Test Service 42"), kSecReturnData, kSecMatchLimitOne, 1, noErr))
3112 ++result;
3113
3114 // look up generic password by account and service, dictionary of the item's attributes
3115 if (FindGenericPasswordByAccountAndService(keychain, CFSTR("nobody"),
3116 CFSTR("Test Service 42"), kSecReturnAttributes, kSecMatchLimitOne, 1, noErr))
3117 ++result;
3118
3119 // look up generic passwords by account, want array of SecKeychainItemRef results
3120 if (FindGenericPasswordByAccount(keychain, CFSTR("nobody"),
3121 kSecReturnRef, kSecMatchLimitAll, 1, noErr))
3122 ++result;
3123
3124 return result;
3125 }
3126
3127
3128 static int TestUpdateItems(SecKeychainRef keychain)
3129 {
3130 int result = 0;
3131
3132 // test for <rdar://8658820>
3133 // create a new 1024-bit RSA key pair
3134 SecKeyRef publicKey = NULL;
3135 SecKeyRef privateKey = NULL;
3136 CFMutableDictionaryRef params = CFDictionaryCreateMutable(NULL, 0,
3137 &kCFTypeDictionaryKeyCallBacks,
3138 &kCFTypeDictionaryValueCallBacks);
3139 int keySizeValue = 1024;
3140 CFNumberRef keySize = CFNumberCreate(NULL, kCFNumberIntType, &keySizeValue);
3141 CFStringRef keyLabel = CFSTR("AppleID 8658820 test key");
3142 CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeRSA );
3143 CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize );
3144 CFDictionaryAddValue( params, kSecAttrLabel, keyLabel );
3145 CFDictionaryAddValue( params, kSecUseKeychain, keychain );
3146 // CFDictionaryAddValue( params, kSecAttrAccess, access );
3147 // %%% note that SecKeyGeneratePair will create the key pair in the default keychain
3148 // if a keychain is not given via the kSecUseKeychain parameter.
3149 OSStatus status = SecKeyGeneratePair(params, &publicKey, &privateKey);
3150 if (status != noErr) {
3151 ++result;
3152 }
3153 PrintTestResult("TestUpdateItems: generating key pair", status, noErr);
3154
3155 // create a query which will match just the private key item (based on its known reference)
3156 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
3157 &kCFTypeDictionaryKeyCallBacks,
3158 &kCFTypeDictionaryValueCallBacks);
3159 CFArrayRef itemList = CFArrayCreate(NULL, (const void**) &privateKey, 1, &kCFTypeArrayCallBacks);
3160 // %%% note that kSecClass seems to be a required query parameter even though
3161 // kSecMatchItemList is provided; that looks like it could be a bug...
3162 CFDictionaryAddValue( query, kSecClass, kSecClassKey );
3163 // CFDictionaryAddValue( query, kSecAttrKeyClass, kSecAttrKeyClassPrivate );
3164 CFDictionaryAddValue( query, kSecMatchItemList, itemList );
3165
3166 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
3167 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
3168 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
3169
3170 // create dictionary of changed attributes for the private key
3171 CFMutableDictionaryRef attrs = CFDictionaryCreateMutable(NULL, 0,
3172 &kCFTypeDictionaryKeyCallBacks,
3173 &kCFTypeDictionaryValueCallBacks);
3174 SecAccessRef access = NULL;
3175 CFStringRef newLabel = CFSTR("AppleID 8658820 test PRIVATE key");
3176 status = SecAccessCreate(newLabel, NULL, &access);
3177 if (status != noErr) {
3178 ++result;
3179 }
3180 PrintTestResult("TestUpdateItems: creating access", status, noErr);
3181 //%%% note that changing the access for this key causes a dialog,
3182 // so leave this out for the moment (uncomment to test that access change works).
3183 // Normally the desired access should be passed into the SecKeyGeneratePair function.
3184 // so there is no need for a dialog later.
3185 // CFDictionaryAddValue( attrs, kSecAttrAccess, access );
3186 CFDictionaryAddValue( attrs, kSecAttrLabel, newLabel );
3187
3188 // update the private key with the new attributes
3189 status = SecItemUpdate( query, attrs );
3190 if (status != noErr) {
3191 ++result;
3192 }
3193 PrintTestResult("TestUpdateItems: updating item", status, noErr);
3194
3195 if (publicKey)
3196 CFRelease(publicKey);
3197 if (privateKey)
3198 CFRelease(privateKey);
3199 if (access)
3200 CFRelease(access);
3201
3202 if (params)
3203 CFRelease(params);
3204 if (query)
3205 CFRelease(query);
3206 if (attrs)
3207 CFRelease(attrs);
3208
3209 return result;
3210 }
3211
3212
3213 static int TestDeleteItems(SecKeychainRef keychain)
3214 {
3215 int result = 0;
3216
3217 // delete our 3 test certificates that start with "Test-5685316-"
3218 if (FindAndDeleteItemsByName(keychain, CFSTR("Test-5685316-"), NULL, kSecClassCertificate, kSecMatchLimitAll, 3, noErr))
3219 ++result;
3220
3221 // delete our 2 test identities that start with "Test Identity S" (fixed by <rdar://8317856>)
3222 if (FindAndDeleteItemsByName(keychain, CFSTR("Test Identity S"), NULL, kSecClassIdentity, kSecMatchLimitAll, 2, noErr))
3223 ++result;
3224
3225 // delete the "Test-SignOnly (S/MIME)" identity
3226 if (FindAndDeleteItemsByName(keychain, CFSTR("Test-SignOnly (S/MIME)"), NULL, kSecClassIdentity, kSecMatchLimitAll, 1, noErr))
3227 ++result;
3228
3229 // delete the "Test-Encryption (S/MIME)" certificate
3230 if (FindAndDeleteItemsByName(keychain, CFSTR("Test-Encryption (S/MIME)"), NULL, kSecClassCertificate, kSecMatchLimitAll, 1, noErr))
3231 ++result;
3232
3233 // delete the "Test-7875801 (Code Signing)" certificate
3234 if (FindAndDeleteItemsByName(keychain, CFSTR("Test-7875801 (Code Signing)"), NULL, kSecClassCertificate, kSecMatchLimitAll, 1, noErr))
3235 ++result;
3236
3237 // delete our test passwords (no partial string matching for password items! need an ER Radar...)
3238 if (FindAndDeleteItemsByName(keychain, CFSTR("Test Service 42"), NULL, kSecClassGenericPassword, kSecMatchLimitAll, 1, noErr))
3239 ++result;
3240 if (FindAndDeleteItemsByName(keychain, CFSTR("Test Service 69"), NULL, kSecClassGenericPassword, kSecMatchLimitAll, 1, noErr))
3241 ++result;
3242 if (FindAndDeleteItemsByName(keychain, CFSTR("test1.subdomain.apple.com"), NULL, kSecClassInternetPassword, kSecMatchLimitAll, 1, noErr))
3243 ++result;
3244 if (FindAndDeleteItemsByName(keychain, CFSTR("test2.subdomain.apple.com"), NULL, kSecClassInternetPassword, kSecMatchLimitAll, 1, noErr))
3245 ++result;
3246 if (FindAndDeleteItemsByName(keychain, CFSTR("mail.apple.com"), CFSTR("testacct"), kSecClassInternetPassword, kSecMatchLimitAll, 1, noErr))
3247 ++result;
3248
3249 // delete our test symmetric keys (no partial string matching for key items! need an ER Radar...)
3250 if (FindAndDeleteItemsByName(keychain, gLabel, NULL, kSecClassKey, kSecMatchLimitAll, 1, noErr))
3251 ++result;
3252 CFGregorianDate curGDate = CFAbsoluteTimeGetGregorianDate(CFAbsoluteTimeGetCurrent(), NULL);
3253 CFStringRef curDateLabel = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@ (%4d-%02d-%02d)"),
3254 gPrefix, (int32_t) curGDate.year, (int8_t) curGDate.month, (int8_t) curGDate.day);
3255 if (FindAndDeleteItemsByName(keychain, curDateLabel, NULL, kSecClassKey, kSecMatchLimitAll, 1, noErr))
3256 ++result;
3257 CFRelease(curDateLabel);
3258
3259 // delete our test asymmetric key pair (remember we renamed the private key...)
3260 if (FindAndDeleteItemsByName(keychain, CFSTR("AppleID 8658820 test key"), NULL, kSecClassKey, kSecMatchLimitAll, 1, noErr))
3261 ++result;
3262 if (FindAndDeleteItemsByName(keychain, CFSTR("AppleID 8658820 test PRIVATE key"), NULL, kSecClassKey, kSecMatchLimitAll, 1, noErr))
3263 ++result;
3264
3265 return result;
3266 }
3267
3268
3269 int kc_18_find_combined (int argc, char *const *argv)
3270 {
3271 plan_tests(167);
3272
3273 printf("Getting -25308 or -25293? Try unlocking your default keychain; that's where identity and certificate preferences are stored (with no other option).\n");
3274
3275 debug = test_verbose;
3276
3277 SecKeychainRef keychain = createNewKeychain("SecItemTest.keychain", "test");
3278 addToSearchList(keychain);
3279
3280 TestAddItems(keychain);
3281 TestGenericPasswordLookup(keychain);
3282 TestInternetPasswordLookup(keychain);
3283 TestSymmetricKeyLookup(keychain);
3284 TestCertificateLookup(keychain);
3285 TestIdentityLookup(keychain);
3286 TestPreferredIdentityLookup(keychain);
3287 TestPreferredCertificateLookup(keychain);
3288 TestUpdateItems(keychain);
3289 TestDeleteItems(keychain);
3290
3291 ok_status(SecKeychainDelete(keychain), "SecKeychainDelete");
3292 CFReleaseNull(keychain);
3293
3294 deleteTestFiles();
3295 return 0;
3296 }
mirror of Security