]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/regressions/kc-18-find-combined.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.1.18.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / regressions / kc-18-find-combined.c
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the xLicense.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // Tests the ability of SecItemCopyMatching to replace the following
26 // deprecated keychain search functions:
27 //
28 // - SecKeychainSearchCreateFromAttributes +
29 // SecKeychainSearchCopyNext [for keys, certificates, passwords]
30 //
31 // - SecIdentitySearchCreate (or SecIdentitySearchCreateWithPolicy) +
32 // SecIdentitySearchCopyNext [for identities]
33 //
34 //
35 // This tool incidentally tests other Security API functions, including:
36 // - SecItemAdd
37 // - SecItemImport
38 // - SecItemDelete
39 // - SecKeyGenerateSymmetric
40 //
41
42 #include <CoreFoundation/CoreFoundation.h>
43 #include <CoreServices/CoreServices.h>
44 #include <Security/Security.h>
45 #include <Security/SecPolicyPriv.h>
46
47 #include <stdlib.h>
48 #include <string.h>
49 #include <syslog.h>
50 #include <unistd.h>
51 #include <time.h>
52 #include <sys/param.h>
53 #include "test/testenv.h"
54 #include "utilities/SecCFRelease.h"
55
56 #include "keychain_regressions.h"
57 #include "kc-helpers.h"
58
59 /* Following is a 3-element certificate chain
60 * (ROOT_CERT, INTERMEDIATE_CERT, LEAF_CERT)
61 */
62 unsigned char ROOT_CERT[985]={
63 0x30,0x82,0x03,0xD5,0x30,0x82,0x02,0xBD,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
64 0x30,0x0B,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x30,0x81,0x9D,
65 0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x54,0x65,0x73,0x74,0x2D,
66 0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,0x52,0x4F,0x4F,0x54,0x31,0x0E,0x30,0x0C,
67 0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,
68 0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,
69 0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,
70 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,
71 0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,
72 0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,
73 0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,
74 0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,
75 0x0D,0x30,0x39,0x31,0x32,0x31,0x38,0x31,0x37,0x32,0x39,0x32,0x33,0x5A,0x17,0x0D,
76 0x31,0x30,0x31,0x32,0x31,0x38,0x31,0x37,0x32,0x39,0x32,0x33,0x5A,0x30,0x81,0x9D,
77 0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x54,0x65,0x73,0x74,0x2D,
78 0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,0x52,0x4F,0x4F,0x54,0x31,0x0E,0x30,0x0C,
79 0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,
80 0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,
81 0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,
82 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,
83 0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,
84 0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,
85 0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,
86 0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,
87 0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,
88 0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xB0,0x4C,
89 0x94,0xF7,0x56,0x26,0x91,0xB8,0xD1,0x5B,0x7C,0xEE,0x74,0xCB,0x1F,0x43,0xFE,0x88,
90 0x24,0xAD,0xB0,0x1E,0x85,0x86,0xE9,0x3F,0xE7,0x74,0x40,0x6C,0x4A,0x8E,0x6B,0x50,
91 0x7A,0x1B,0x43,0x9A,0x9E,0xF4,0x81,0xB3,0xF1,0xDB,0x6E,0xD4,0xFA,0xAE,0x06,0xCB,
92 0x7F,0xE6,0xCA,0x06,0x06,0xC4,0x1E,0x2D,0xF3,0xFA,0x67,0xD6,0x95,0x0E,0xAC,0xCA,
93 0x2B,0x25,0x14,0x4C,0x20,0x04,0xB4,0x26,0xAC,0x15,0x62,0x15,0xA6,0x21,0x14,0x51,
94 0xCC,0x77,0x82,0x11,0xD0,0xF8,0xB0,0x06,0xC1,0x0F,0xFB,0x08,0x60,0x53,0x11,0x1F,
95 0x00,0xA8,0x27,0x0E,0x2C,0x2C,0x63,0x34,0x6A,0xC5,0x4B,0x2D,0xCC,0x07,0xF6,0x39,
96 0xDC,0x00,0xCF,0x6E,0x29,0x15,0x3E,0x3F,0x6C,0x89,0xB9,0x48,0x97,0x19,0xA2,0xB8,
97 0x44,0x8D,0x98,0x85,0xF4,0x0B,0x70,0x06,0xD6,0x9A,0x39,0x4F,0x44,0x92,0x73,0x74,
98 0xDF,0x46,0x10,0x9C,0xB5,0xBB,0x69,0xF4,0xE1,0xB5,0x61,0x2E,0xFF,0x92,0xDB,0x47,
99 0x93,0x48,0x45,0xEB,0x7E,0xFA,0xCC,0xDB,0xCE,0x50,0x0A,0xCA,0xAF,0xAB,0x7D,0x09,
100 0x9A,0x1E,0xC4,0x08,0xA1,0xD4,0xB9,0x2A,0x42,0x49,0x10,0x75,0x63,0x4E,0x51,0x3B,
101 0xF7,0xF4,0xCA,0xCB,0x05,0xC9,0xE0,0xC9,0xD3,0x04,0x14,0x81,0xF6,0x9A,0xEE,0x0C,
102 0x2B,0x56,0x87,0x20,0x50,0x27,0x14,0x71,0x1C,0x30,0x18,0x8C,0xDD,0xF4,0xA9,0x41,
103 0x13,0x6D,0xE4,0x41,0xB1,0xE0,0x7E,0x09,0xD7,0x99,0xCE,0xE4,0x7A,0x91,0x65,0xBB,
104 0x3F,0xE1,0xD4,0x07,0x8D,0xA9,0x23,0x0A,0xA4,0x80,0x47,0x58,0xD5,0x25,0x02,0x03,
105 0x01,0x00,0x01,0xA3,0x20,0x30,0x1E,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,
106 0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,
107 0x04,0x03,0x02,0x02,0x84,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,
108 0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x38,0x44,0x10,0xF4,0x24,0x4A,0xAA,
109 0x9F,0x0D,0x37,0x5E,0x75,0xB7,0xF5,0xC5,0x27,0x19,0x57,0xE5,0x25,0x4A,0x44,0x03,
110 0x5F,0x2E,0xD4,0x70,0x69,0xDD,0x55,0xDB,0x47,0x07,0x06,0x3E,0x5D,0xA4,0xBB,0x64,
111 0xE2,0xA6,0x09,0x8B,0x6D,0x0B,0x50,0x33,0x5A,0x92,0x5A,0x5B,0xDF,0x6A,0x9F,0x81,
112 0x5F,0x17,0x95,0xB0,0xC6,0xC3,0xCD,0x6D,0x17,0xDD,0x83,0xC1,0xA5,0xB7,0xCD,0xFF,
113 0xE8,0x13,0x10,0x35,0x85,0x3E,0xCA,0xE4,0xF5,0x22,0x58,0x1E,0x68,0x14,0x62,0x35,
114 0xE4,0x65,0xB4,0xD3,0x42,0x5A,0x03,0x5C,0x2D,0x76,0xD5,0x9B,0xAA,0xCB,0x3A,0xAC,
115 0x55,0x58,0xAD,0x67,0x30,0xDC,0xC3,0xA7,0xA9,0x37,0xBB,0x61,0xA2,0xEA,0x6E,0x0C,
116 0xB0,0x4B,0x0D,0x64,0x3D,0x59,0x3C,0xA3,0xA1,0x73,0x4F,0x33,0xDB,0x6F,0xBF,0x2D,
117 0xB2,0x9D,0xCE,0x05,0x1C,0xF0,0xAB,0x4A,0xB0,0x70,0x5D,0x32,0x20,0x22,0xD7,0x12,
118 0xC0,0x1C,0x0B,0x0D,0xC0,0x72,0x6B,0x6F,0xA4,0xF8,0xAA,0xD2,0x34,0x36,0x63,0x84,
119 0x80,0xF0,0x70,0x5E,0x09,0xEA,0xFF,0x48,0x49,0x85,0x83,0x8E,0x8E,0x6E,0x4C,0x2E,
120 0x2F,0xBB,0xBF,0xDF,0x3B,0x73,0x65,0xA2,0x0D,0x09,0x84,0x8F,0x08,0x86,0x61,0x27,
121 0x58,0xB6,0x7E,0x2D,0xEC,0x08,0xBA,0x40,0x5D,0x20,0x54,0x37,0xDD,0xCC,0xE5,0xDB,
122 0x38,0x68,0xEE,0x56,0x9F,0x92,0xDD,0x03,0x04,0xD2,0x94,0x51,0xD3,0xA9,0x08,0x2E,
123 0x6E,0x25,0x8E,0xBF,0x8A,0xA9,0x2B,0xAD,0x50,0x00,0xA7,0x39,0x11,0x6A,0x9A,0x28,
124 0x99,0x9A,0xB9,0x3B,0xB9,0xB5,0x9C,0x19,0x3A,
125 };
126
127 unsigned char INTERMEDIATE_CERT[1037]={
128 0x30,0x82,0x04,0x09,0x30,0x82,0x02,0xF1,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x02,
129 0x30,0x0B,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x30,0x81,0x9D,
130 0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x54,0x65,0x73,0x74,0x2D,
131 0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,0x52,0x4F,0x4F,0x54,0x31,0x0E,0x30,0x0C,
132 0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,
133 0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,
134 0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,
135 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,
136 0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,
137 0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,
138 0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,
139 0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,
140 0x0D,0x30,0x39,0x31,0x32,0x31,0x38,0x31,0x37,0x33,0x30,0x35,0x34,0x5A,0x17,0x0D,
141 0x31,0x30,0x31,0x32,0x31,0x38,0x31,0x37,0x33,0x30,0x35,0x34,0x5A,0x30,0x81,0xA5,
142 0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x0C,0x19,0x54,0x65,0x73,0x74,0x2D,
143 0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,0x49,0x4E,0x54,0x45,0x52,0x4D,0x45,0x44,
144 0x49,0x41,0x54,0x45,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,
145 0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,
146 0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,
147 0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
148 0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,
149 0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,
150 0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,
151 0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,
152 0x65,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
153 0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,
154 0x0A,0x02,0x82,0x01,0x01,0x00,0xC4,0xBD,0x46,0x0E,0x0F,0x5C,0x1C,0xA2,0x23,0xD2,
155 0x3B,0x8C,0xC4,0x02,0x52,0x8C,0xD8,0xB1,0xC2,0x58,0x2E,0x84,0xAA,0x6C,0xCB,0x4B,
156 0xE4,0xF1,0xE7,0x48,0x98,0x46,0x6B,0xD0,0x50,0xB0,0xA3,0x1F,0x23,0xC6,0x3C,0x81,
157 0x73,0xE7,0xEA,0xAA,0x55,0xF7,0x37,0x58,0x85,0xF6,0x96,0x0D,0xC0,0x81,0x8D,0x3D,
158 0xD9,0xAD,0xFA,0x32,0x46,0x56,0x4A,0x53,0xF5,0x53,0x34,0x5B,0xFC,0xFC,0x51,0x2A,
159 0x45,0xD4,0xCB,0x53,0xF9,0x58,0xBF,0x7D,0x48,0xB3,0x23,0x41,0xD7,0x93,0x1C,0xC2,
160 0x32,0xE8,0x1C,0x82,0xDC,0xDC,0xCB,0xED,0x0B,0xDA,0x8A,0x1C,0xC0,0x0E,0x83,0x24,
161 0xE6,0x2E,0x68,0xA6,0xB6,0x60,0xEE,0xAF,0xB1,0x07,0xF1,0xC0,0xDB,0x29,0x83,0x9E,
162 0x0C,0xF4,0xCF,0x67,0x5B,0x49,0x3A,0x17,0x7E,0xC1,0xEB,0x75,0x3E,0xDD,0x0F,0x9A,
163 0xC7,0x06,0x60,0x2B,0x18,0xBD,0xAA,0x96,0xD1,0xE1,0x9C,0xF0,0x34,0xFF,0x3E,0x8C,
164 0x4A,0x96,0x5D,0x68,0x7C,0xCF,0xA1,0x14,0xED,0xB1,0x8E,0x10,0x8D,0x1F,0x15,0x22,
165 0x4E,0x8E,0x1A,0xC7,0xAD,0xB9,0x16,0xCB,0x3C,0xCB,0x5D,0xB9,0xAC,0xD9,0xFE,0xAE,
166 0xDE,0x06,0x3B,0xB6,0xA1,0xAA,0x7C,0x91,0x76,0xC6,0xA4,0x81,0xBD,0x29,0x86,0x33,
167 0xA6,0xB5,0x4D,0x28,0x94,0x51,0x81,0x3F,0x68,0x95,0xEB,0x41,0x7A,0xE9,0x87,0xD7,
168 0xDC,0xC8,0xA0,0x5F,0xAB,0x29,0xD9,0xC4,0x08,0xC8,0xA0,0x0B,0x77,0xAC,0x6C,0x21,
169 0x10,0xA4,0xED,0x86,0x78,0x99,0x1F,0xA7,0x23,0x33,0x34,0x89,0x80,0x02,0xBC,0xAF,
170 0xC6,0x3E,0x38,0xFB,0x7C,0x47,0x02,0x03,0x01,0x00,0x01,0xA3,0x4C,0x30,0x4A,0x30,
171 0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,
172 0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x02,0x84,
173 0x30,0x27,0x06,0x03,0x55,0x1D,0x11,0x04,0x20,0x30,0x1E,0x81,0x1C,0x73,0x65,0x63,
174 0x75,0x72,0x69,0x74,0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,0x6F,0x75,0x70,0x2E,
175 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
176 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x3C,0x66,0x3B,
177 0x9D,0x6E,0xA9,0x0E,0xC9,0xC2,0x6C,0xF4,0x79,0xFB,0xD5,0x6E,0x1F,0x01,0x4E,0x0D,
178 0x2C,0x64,0x7B,0x6E,0xD7,0xC7,0xA7,0x64,0x8B,0xF0,0xCD,0x93,0xCD,0x12,0x29,0x71,
179 0x87,0x3E,0xA3,0x1E,0x7F,0x57,0xC7,0xD9,0xBF,0xD2,0xF2,0x03,0x27,0xD5,0x5E,0xEF,
180 0x59,0xBC,0x91,0x37,0xB4,0x4A,0xEE,0xD2,0x2F,0xEA,0x92,0x07,0xBC,0xEC,0xAC,0x6A,
181 0xF1,0x34,0xA4,0x40,0x61,0x8B,0xB9,0x3D,0xAF,0x5B,0x86,0x6E,0xEE,0x4C,0xCB,0x7F,
182 0x1F,0xD0,0x0F,0x9E,0x5A,0xF0,0x39,0xFD,0x89,0xF3,0x03,0x61,0x5A,0xDF,0x6B,0x5F,
183 0xE3,0x33,0x51,0x80,0x1B,0x61,0xFE,0x7A,0xC7,0x27,0xBF,0x12,0xB5,0x69,0x79,0x1E,
184 0xAD,0x75,0xA8,0xFA,0x94,0xCC,0x22,0x4C,0xF9,0xB4,0xD3,0xD0,0xDC,0x57,0xD3,0x66,
185 0x96,0xDD,0x8A,0xC0,0xE4,0x11,0x5A,0xD9,0xB3,0x76,0x17,0x04,0xDA,0x62,0x71,0x58,
186 0xEA,0x99,0xC3,0x06,0xA7,0xE8,0xDB,0xA9,0x05,0xEC,0xA3,0xCA,0xDA,0x2E,0x77,0x66,
187 0xF4,0xC4,0xD2,0xC6,0xF0,0x5F,0xE6,0x88,0xDF,0x7F,0x23,0xDE,0x7B,0x04,0xA4,0x22,
188 0x45,0xEF,0x0A,0x13,0x79,0x8E,0xE1,0x14,0x22,0x79,0x22,0x86,0x1A,0x4C,0xA7,0xBA,
189 0x06,0x55,0xD9,0x5E,0xF3,0x9C,0xE0,0x1F,0xE3,0xA4,0x1C,0x8E,0x01,0x9F,0x7E,0xEF,
190 0xD2,0xA7,0x8D,0xD6,0x4D,0x1A,0x3D,0xA7,0xB2,0xDB,0x44,0x25,0xB5,0xA6,0x8A,0xD5,
191 0x49,0x87,0x04,0x6C,0x41,0x13,0x88,0x7A,0xFB,0x5E,0x16,0xA2,0x8F,0x37,0x81,0x47,
192 0xD8,0x27,0x3D,0xBD,0xB1,0x3E,0xCE,0x2A,0x07,0x75,0x45,0x5F,0x44,
193 };
194
195 unsigned char LEAF_CERT[1037]={
196 0x30,0x82,0x04,0x09,0x30,0x82,0x02,0xF1,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x03,
197 0x30,0x0B,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x30,0x81,0xA5,
198 0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x0C,0x19,0x54,0x65,0x73,0x74,0x2D,
199 0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,0x49,0x4E,0x54,0x45,0x52,0x4D,0x45,0x44,
200 0x49,0x41,0x54,0x45,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,
201 0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,
202 0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,
203 0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
204 0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,
205 0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,
206 0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,
207 0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,
208 0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,0x0D,0x30,0x39,0x31,0x32,0x31,0x38,0x31,
209 0x37,0x33,0x32,0x31,0x36,0x5A,0x17,0x0D,0x31,0x30,0x31,0x32,0x31,0x38,0x31,0x37,
210 0x33,0x32,0x31,0x36,0x5A,0x30,0x81,0x9D,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,
211 0x03,0x0C,0x11,0x54,0x65,0x73,0x74,0x2D,0x35,0x36,0x38,0x35,0x33,0x31,0x36,0x2D,
212 0x4C,0x45,0x41,0x46,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x0A,0x0C,0x05,0x41,
213 0x70,0x70,0x6C,0x65,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x43,
214 0x6F,0x72,0x65,0x20,0x43,0x72,0x79,0x70,0x74,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,
215 0x55,0x04,0x08,0x0C,0x02,0x43,0x41,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
216 0x13,0x02,0x55,0x53,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,
217 0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,0x31,0x2B,0x30,0x29,0x06,0x09,0x2A,0x86,
218 0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,0x1C,0x73,0x65,0x63,0x75,0x72,0x69,0x74,
219 0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,0x6F,0x75,0x70,0x2E,0x61,0x70,0x70,0x6C,
220 0x65,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
221 0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,
222 0x0A,0x02,0x82,0x01,0x01,0x00,0xBF,0x1B,0x87,0x6B,0x10,0xF8,0xF6,0x24,0x07,0x40,
223 0xC3,0xE3,0x81,0x26,0xD6,0xF4,0xFF,0xAA,0x6C,0x26,0xD4,0xBF,0xF7,0x9A,0xF5,0xB8,
224 0x63,0xBD,0x8B,0xFD,0x4B,0xFE,0xFF,0x4B,0xA2,0x15,0x13,0x52,0x84,0x87,0x9E,0x2B,
225 0x32,0x5B,0xF8,0x01,0x28,0x5E,0xF1,0x9C,0xE7,0x52,0xB0,0x89,0xB8,0x4A,0xD0,0x87,
226 0x40,0x0C,0xCD,0xAC,0x11,0x22,0x89,0x44,0x26,0x3B,0x40,0xF3,0x34,0x61,0x14,0x3A,
227 0x94,0xF3,0x1F,0x27,0x62,0xF8,0x8C,0xB4,0xF5,0x1E,0xA6,0x37,0x53,0xB2,0xB3,0x1E,
228 0x35,0xF6,0x00,0x34,0x4B,0x28,0x72,0x5B,0x9D,0xD8,0xEA,0x06,0x91,0x77,0x57,0x38,
229 0x9C,0xA5,0x66,0x5F,0x1A,0x9A,0x0B,0xCC,0x2F,0x2E,0x58,0xA2,0x70,0x66,0xA6,0xEF,
230 0x1B,0x3A,0x0E,0xF0,0x4B,0xA6,0x9D,0x6D,0x63,0xE0,0x1C,0x9C,0x8E,0xFF,0x6F,0x50,
231 0x5F,0x03,0x1A,0x80,0x12,0x4A,0xB6,0x89,0x83,0x5C,0x51,0x9F,0x2F,0xEA,0xE4,0x7F,
232 0x12,0xFB,0xE4,0x92,0xF0,0x8B,0x17,0x35,0x02,0x73,0xA0,0x7D,0xA2,0xB9,0x89,0xE2,
233 0x78,0x52,0xA1,0x08,0x42,0x78,0xD5,0xD3,0x8C,0x3C,0xF2,0x88,0x5E,0x7A,0xCC,0x94,
234 0x80,0x42,0xEA,0xED,0x6E,0x64,0x19,0x5E,0x53,0x05,0xB6,0x60,0xDB,0x81,0x92,0x2C,
235 0x3D,0xD4,0xAF,0xF8,0xED,0xD9,0x28,0xCE,0x0B,0xD9,0xDC,0x20,0x0C,0xA9,0x8D,0xA4,
236 0x54,0xD1,0xDA,0xDE,0x30,0x4A,0x67,0xC6,0xAC,0x4E,0xE3,0xB4,0xD7,0x16,0xF5,0xDC,
237 0xE3,0x52,0xAC,0x01,0x1C,0xB6,0xC1,0x5B,0xB4,0xEA,0x67,0x25,0xFE,0xF6,0x58,0x5C,
238 0xFE,0x88,0x4E,0xCF,0xF1,0x11,0x02,0x03,0x01,0x00,0x01,0xA3,0x4C,0x30,0x4A,0x30,
239 0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x07,0x80,0x30,
240 0x0F,0x06,0x03,0x55,0x1D,0x25,0x04,0x08,0x30,0x06,0x06,0x04,0x55,0x1D,0x25,0x00,
241 0x30,0x27,0x06,0x03,0x55,0x1D,0x11,0x04,0x20,0x30,0x1E,0x81,0x1C,0x73,0x65,0x63,
242 0x75,0x72,0x69,0x74,0x79,0x2D,0x64,0x65,0x76,0x40,0x67,0x72,0x6F,0x75,0x70,0x2E,
243 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
244 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x1A,0xE5,0xD1,
245 0x13,0x66,0x83,0xC7,0x1A,0xB0,0x50,0xF0,0x1B,0x6E,0x70,0x6E,0x36,0x1A,0x0F,0x12,
246 0x9E,0x0B,0xFD,0x4B,0x79,0xEC,0xAA,0x5E,0x2A,0x37,0x79,0x50,0x97,0x13,0x9E,0xB6,
247 0x43,0xF0,0xD2,0xC6,0xF3,0x43,0x73,0x33,0x6C,0xCB,0x73,0xE5,0xBE,0x4C,0x42,0x6F,
248 0x33,0x76,0x96,0xA2,0x6B,0xA0,0x8D,0xAD,0x46,0xA5,0xD4,0xAC,0x0E,0x55,0x80,0x1A,
249 0x6E,0xAF,0xC2,0x2E,0xB3,0xD4,0x64,0xC3,0x65,0xFA,0x1C,0x42,0x47,0x12,0x9F,0x44,
250 0xD2,0x1F,0xCF,0xA1,0x53,0x49,0x66,0x66,0x14,0x21,0xD4,0x17,0xD1,0x26,0x75,0xAD,
251 0x08,0x93,0x9C,0x3B,0xB7,0x7C,0x03,0x2F,0x76,0x5D,0xB7,0x25,0x83,0x68,0xE3,0x01,
252 0x5C,0xCD,0x87,0x7A,0x71,0x8B,0x8D,0x5D,0x27,0x27,0xF2,0x24,0x56,0x7C,0x7E,0x33,
253 0x8F,0xE6,0x02,0x46,0xAD,0x63,0x28,0x85,0xA2,0x9E,0xEA,0x5A,0xC4,0x92,0xCE,0x76,
254 0xE8,0xD4,0xD4,0x7D,0x48,0x44,0xA4,0x21,0x8C,0xB7,0xC2,0x15,0x80,0x87,0x19,0xB1,
255 0x10,0x6A,0xC7,0x51,0xB7,0x25,0x40,0x26,0x8A,0xCC,0xB6,0x0C,0xE2,0x0D,0xA1,0x40,
256 0x20,0x85,0x0F,0xE5,0xB9,0xB5,0x32,0x10,0xA9,0x5F,0x25,0xCA,0xD2,0x95,0x11,0x54,
257 0x41,0xEA,0xC3,0xBA,0x0C,0x24,0x10,0x28,0xC9,0x09,0xAF,0x7E,0xDF,0x6A,0x2F,0x30,
258 0x49,0x7C,0xB0,0x23,0x46,0xA8,0xDC,0xE3,0x6A,0x17,0x87,0xF7,0xCC,0x3A,0xBD,0x11,
259 0x95,0xC3,0x0A,0x37,0xD1,0x1F,0x20,0xB6,0x1B,0xB2,0xA2,0x45,0xFF,0xC1,0x0D,0x9A,
260 0x56,0xCD,0x5A,0xF6,0x08,0xAA,0xBD,0xAB,0x13,0xC6,0xFD,0xAA,0xEC,
261 };
262
263 /* Test certificate for Code Signing policy
264 */
265 unsigned char Test_codesign[]={
266 0x30, 0x82, 0x03, 0xe3, 0x30, 0x82, 0x02, 0xcb, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x01, 0xc8, 0x60, 0x30, 0x0d,
267 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x9d, 0x31, 0x24, 0x30, 0x22,
268 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1b, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x37, 0x38, 0x37, 0x35, 0x38, 0x30, 0x31, 0x20,
269 0x28, 0x43, 0x6f, 0x64, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x29, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
270 0x55, 0x04, 0x0a, 0x0c, 0x0b, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e,
271 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x43, 0x6f, 0x72, 0x65, 0x20, 0x4f, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
272 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
273 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x75, 0x70, 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f,
274 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x6e, 0x6f, 0x62,
275 0x6f, 0x64, 0x79, 0x40, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30,
276 0x34, 0x30, 0x34, 0x32, 0x32, 0x35, 0x35, 0x33, 0x32, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x30, 0x34, 0x30, 0x32, 0x32, 0x32,
277 0x35, 0x35, 0x33, 0x32, 0x5a, 0x30, 0x81, 0x9d, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1b, 0x54,
278 0x65, 0x73, 0x74, 0x2d, 0x37, 0x38, 0x37, 0x35, 0x38, 0x30, 0x31, 0x20, 0x28, 0x43, 0x6f, 0x64, 0x65, 0x20, 0x53, 0x69,
279 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x29, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0b, 0x41, 0x70, 0x70,
280 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x43,
281 0x6f, 0x72, 0x65, 0x20, 0x4f, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31,
282 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
283 0x07, 0x0c, 0x09, 0x43, 0x75, 0x70, 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86,
284 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x6e, 0x6f, 0x62, 0x6f, 0x64, 0x79, 0x40, 0x61, 0x70, 0x70, 0x6c,
285 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
286 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb0, 0x78,
287 0x41, 0xd5, 0xc0, 0x71, 0x1d, 0x02, 0xc8, 0x57, 0x46, 0xf8, 0xc4, 0x3c, 0x7c, 0xa2, 0x13, 0x45, 0x8a, 0x1b, 0xef, 0x16,
288 0xa6, 0x6f, 0xfe, 0x97, 0xe4, 0x8b, 0x6a, 0x7b, 0x89, 0xd2, 0x50, 0xcb, 0x6b, 0xcc, 0x47, 0x32, 0x9a, 0xd3, 0xf4, 0x19,
289 0x62, 0x70, 0xe6, 0x27, 0xc4, 0x13, 0x5a, 0x60, 0x20, 0x8c, 0xb1, 0xc4, 0xf1, 0x76, 0xcd, 0x06, 0xb3, 0x60, 0x78, 0x4d,
290 0xb2, 0x30, 0xb1, 0x1c, 0x53, 0x36, 0x98, 0x44, 0x84, 0x35, 0x57, 0xe9, 0xbc, 0xb7, 0x2d, 0x17, 0xd7, 0x0c, 0xbc, 0x52,
291 0x9e, 0xfd, 0xe5, 0x32, 0x2a, 0xad, 0x28, 0x36, 0x24, 0x81, 0x87, 0x56, 0xd2, 0x39, 0x66, 0x13, 0x9e, 0x26, 0x44, 0x32,
292 0xa3, 0xa7, 0x8b, 0xe7, 0x33, 0x25, 0xa3, 0x8e, 0x25, 0x14, 0x91, 0xf4, 0x32, 0x1a, 0x97, 0x82, 0xd3, 0x5a, 0xb5, 0x68,
293 0x24, 0x0c, 0x46, 0x89, 0x00, 0x6f, 0xfa, 0x27, 0x03, 0xc6, 0x0b, 0xa2, 0xf0, 0xad, 0xd2, 0xec, 0x35, 0xca, 0x1a, 0xc5,
294 0x76, 0xd4, 0xb2, 0x48, 0x72, 0xf0, 0x34, 0x48, 0xd6, 0x8e, 0xae, 0x37, 0x35, 0x87, 0x60, 0x25, 0x16, 0x71, 0xda, 0x0c,
295 0x71, 0xaa, 0x95, 0xc2, 0xe4, 0x09, 0x91, 0xd9, 0x38, 0x62, 0xee, 0x0c, 0x26, 0x34, 0x7b, 0x6b, 0xbb, 0xf8, 0x33, 0xa1,
296 0x08, 0x71, 0xc1, 0x4a, 0x5f, 0x7d, 0x17, 0x31, 0x25, 0xb7, 0xbe, 0x66, 0xab, 0x28, 0x6e, 0x58, 0x3c, 0xd1, 0x5f, 0xbf,
297 0x8f, 0x48, 0x6e, 0x42, 0x8f, 0x85, 0x1a, 0x9e, 0x6b, 0x79, 0xbf, 0x43, 0xd9, 0xeb, 0x20, 0xa8, 0x1e, 0xf6, 0xe4, 0xaa,
298 0xdb, 0x62, 0x87, 0x02, 0x43, 0xd0, 0x75, 0xa4, 0x14, 0x1d, 0x33, 0x3e, 0x81, 0x5d, 0x7a, 0x7c, 0x4a, 0xdf, 0x3e, 0x79,
299 0x70, 0xca, 0xf5, 0xb6, 0xd8, 0x6d, 0x8e, 0xc7, 0x7f, 0xc7, 0xa0, 0x72, 0x6e, 0x95, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
300 0x2a, 0x30, 0x28, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30,
301 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
302 0x07, 0x03, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
303 0x01, 0x01, 0x00, 0x98, 0x03, 0xa7, 0x17, 0x66, 0x1a, 0xf3, 0x19, 0xd5, 0x7f, 0xac, 0x74, 0x8e, 0xa7, 0x43, 0x6a, 0x14,
304 0xca, 0x5d, 0xa8, 0xf9, 0x8d, 0x22, 0x38, 0x48, 0x1c, 0x10, 0xd8, 0xe6, 0xfe, 0x0e, 0x8e, 0xd4, 0xb5, 0x8e, 0x89, 0xd9,
305 0x95, 0x01, 0xba, 0x11, 0x4c, 0x7b, 0x7c, 0x64, 0x98, 0xd8, 0x4a, 0x11, 0x43, 0x0d, 0x71, 0xbd, 0x9f, 0xd9, 0x33, 0x84,
306 0xa0, 0x3e, 0x9d, 0x6d, 0xa7, 0x72, 0xf0, 0x8d, 0x62, 0x9e, 0x45, 0xc2, 0x91, 0xfe, 0xbb, 0xbf, 0x08, 0x8b, 0x37, 0xd7,
307 0x38, 0x71, 0x8f, 0x17, 0x2d, 0x98, 0x81, 0x16, 0x2d, 0xf6, 0x90, 0x6d, 0x57, 0x64, 0x6b, 0xa0, 0xbc, 0x02, 0xd8, 0xeb,
308 0x63, 0x65, 0x1d, 0x1b, 0x20, 0xe7, 0x73, 0x8f, 0xe0, 0x82, 0x8d, 0x8f, 0xf6, 0x36, 0x08, 0x9d, 0xf3, 0xfd, 0x33, 0x4f,
309 0xd2, 0xb0, 0x6d, 0xb8, 0x50, 0x02, 0x43, 0x2f, 0x90, 0x16, 0xe9, 0xb0, 0x1f, 0x9b, 0x2e, 0x70, 0x10, 0x89, 0xaa, 0xdc,
310 0x18, 0xd7, 0xda, 0x3a, 0xce, 0xb8, 0x8f, 0xa4, 0x42, 0x4e, 0x50, 0x50, 0xa9, 0x19, 0x42, 0x0b, 0x07, 0x7c, 0x33, 0xe5,
311 0x47, 0x40, 0x6a, 0x14, 0x02, 0x1f, 0x1e, 0xcf, 0x66, 0xb2, 0x76, 0x88, 0x0d, 0x49, 0x3a, 0xa5, 0xde, 0xfb, 0x99, 0xfa,
312 0x70, 0xd4, 0x5e, 0xa1, 0x3e, 0x6d, 0x7f, 0x6b, 0x8c, 0x71, 0x79, 0x94, 0xb3, 0x1f, 0xcf, 0xdd, 0x9a, 0x31, 0xfd, 0x26,
313 0x82, 0xa9, 0x94, 0x55, 0x87, 0x17, 0x33, 0xd0, 0x35, 0x3e, 0x80, 0x53, 0x8e, 0xb7, 0x18, 0x86, 0x5b, 0x8b, 0xee, 0x29,
314 0xcf, 0xdf, 0x0e, 0x3f, 0x31, 0x9e, 0x29, 0x44, 0xa8, 0x99, 0xf7, 0xbe, 0x51, 0x3b, 0x53, 0xcd, 0x55, 0xfc, 0xb7, 0x6e,
315 0x50, 0x21, 0xf2, 0xcc, 0x9c, 0x09, 0xe2, 0x6f, 0x4d, 0x15, 0x2f, 0x98, 0xa1, 0x04, 0xc0, 0xeb, 0x4c, 0x98, 0x93
316 };
317 unsigned int Test_7875801__Code_Signing__cer_len = 999;
318
319 /* Test certificate for S/MIME policy (encrypt only, no sign), expires April 2026
320 */
321 unsigned char Test_smime_encryptonly[]={
322 0x30, 0x82, 0x04, 0x07, 0x30, 0x82, 0x02, 0xef, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x02, 0xb8, 0x95, 0x23, 0x30,
323 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x9e, 0x31, 0x21, 0x30,
324 0x1f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x18, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74,
325 0x69, 0x6f, 0x6e, 0x20, 0x28, 0x53, 0x2f, 0x4d, 0x49, 0x4d, 0x45, 0x29, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
326 0x0a, 0x0c, 0x0b, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
327 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x43, 0x6f, 0x72, 0x65, 0x20, 0x4f, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
328 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x12,
329 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x43, 0x75, 0x70, 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x23,
330 0x30, 0x21, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x14, 0x73, 0x6d, 0x69, 0x6d, 0x65,
331 0x2d, 0x74, 0x65, 0x73, 0x74, 0x40, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31,
332 0x36, 0x30, 0x34, 0x30, 0x34, 0x32, 0x32, 0x32, 0x32, 0x33, 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x30, 0x34, 0x30, 0x32,
333 0x32, 0x32, 0x32, 0x32, 0x33, 0x36, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
334 0x18, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x28, 0x53, 0x2f,
335 0x4d, 0x49, 0x4d, 0x45, 0x29, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0b, 0x41, 0x70, 0x70, 0x6c,
336 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x43, 0x6f,
337 0x72, 0x65, 0x20, 0x4f, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31, 0x0b,
338 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07,
339 0x0c, 0x09, 0x43, 0x75, 0x70, 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x23, 0x30, 0x21, 0x06, 0x09, 0x2a, 0x86, 0x48,
340 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x14, 0x73, 0x6d, 0x69, 0x6d, 0x65, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x40, 0x61,
341 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
342 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
343 0x00, 0xc6, 0x5a, 0xe9, 0x94, 0x4a, 0x9e, 0x4d, 0x47, 0xa3, 0x9d, 0x06, 0xb3, 0xd5, 0x05, 0xad, 0x05, 0x71, 0xaf, 0x93,
344 0x42, 0x9d, 0x02, 0x58, 0x33, 0x30, 0xee, 0xcb, 0xe4, 0x96, 0x24, 0x4b, 0x35, 0x0b, 0x6a, 0x58, 0xd0, 0xe7, 0x13, 0x5b,
345 0xd5, 0xd3, 0xa1, 0x99, 0x55, 0xff, 0xe9, 0x3b, 0xe7, 0x20, 0x4e, 0x9e, 0x6b, 0xcd, 0x86, 0x47, 0xd7, 0xf6, 0x67, 0xc2,
346 0xde, 0x51, 0xbc, 0x58, 0xd8, 0xc8, 0xe1, 0xb6, 0x42, 0xc5, 0xe9, 0x9e, 0x65, 0x3a, 0x04, 0xab, 0x47, 0x1b, 0xc8, 0xfe,
347 0xb6, 0xb2, 0x47, 0x03, 0xc4, 0xa4, 0xb8, 0xaf, 0x31, 0xe7, 0x10, 0x7b, 0x4a, 0x4b, 0x29, 0x09, 0x91, 0xc2, 0xd2, 0x1f,
348 0x42, 0x9a, 0x77, 0xc2, 0x08, 0x98, 0x53, 0x32, 0x8f, 0x8c, 0xa7, 0x06, 0xa5, 0x05, 0x9e, 0xeb, 0xc9, 0x5b, 0x7a, 0x5c,
349 0xb3, 0xd7, 0x91, 0x6f, 0xea, 0xa1, 0x4f, 0x93, 0x9b, 0xa6, 0xf5, 0xdb, 0x32, 0x3b, 0x71, 0xfd, 0x07, 0xa4, 0x30, 0x30,
350 0x35, 0xfa, 0x6c, 0x77, 0x76, 0x98, 0x99, 0x3a, 0x19, 0xcd, 0x7c, 0x5d, 0xc5, 0x70, 0x86, 0xaf, 0xf9, 0x9e, 0xa1, 0x45,
351 0x5e, 0x6d, 0x03, 0x63, 0x3b, 0x4a, 0xcc, 0x14, 0xda, 0x75, 0xc2, 0xf1, 0x8f, 0x51, 0xd3, 0x80, 0x5f, 0xf7, 0x52, 0xd0,
352 0x04, 0x1b, 0x37, 0x6e, 0x3a, 0xfe, 0xcc, 0x5d, 0xba, 0xbe, 0x0f, 0x1a, 0xd8, 0x31, 0xd4, 0x7b, 0xf2, 0x20, 0x22, 0x56,
353 0xd1, 0x84, 0x8f, 0x12, 0x4a, 0x81, 0xa5, 0xeb, 0x7f, 0x8b, 0x4b, 0x21, 0x02, 0xeb, 0xb4, 0x6e, 0xb6, 0x3c, 0x3c, 0x15,
354 0x09, 0xa4, 0x79, 0x7c, 0x3e, 0x45, 0xf3, 0xe7, 0x84, 0x10, 0xc9, 0x45, 0x86, 0xd5, 0xda, 0x9e, 0xdf, 0x7d, 0x05, 0xcc,
355 0xdf, 0x1a, 0x30, 0x8f, 0xea, 0x57, 0x9a, 0x72, 0xb0, 0x58, 0x95, 0x6b, 0x9e, 0xe8, 0x94, 0xf2, 0x8d, 0x02, 0x03, 0x01,
356 0x00, 0x01, 0xa3, 0x4b, 0x30, 0x49, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02,
357 0x07, 0x80, 0x30, 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06,
358 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x18, 0x30, 0x16, 0x81, 0x14, 0x73,
359 0x6d, 0x69, 0x6d, 0x65, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x40, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
360 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x79,
361 0xc0, 0x92, 0xf8, 0xfd, 0xac, 0x3f, 0x21, 0x3a, 0x1b, 0x7c, 0x2b, 0xc9, 0x0a, 0x62, 0xb6, 0xe2, 0x1d, 0x3b, 0x67, 0x4b,
362 0x4b, 0xf8, 0xe8, 0xbe, 0xd8, 0x8e, 0x71, 0x07, 0x4a, 0x6e, 0xbd, 0x07, 0xc8, 0xd0, 0x86, 0x9c, 0xdb, 0xd5, 0x43, 0x23,
363 0xc3, 0x56, 0x03, 0x45, 0xa6, 0xab, 0xf8, 0xba, 0xc2, 0xba, 0xd8, 0x78, 0x33, 0x49, 0xaa, 0x82, 0xb4, 0x0c, 0x6c, 0x9b,
364 0x4c, 0x5b, 0x9d, 0x4f, 0xb5, 0xd8, 0xd9, 0x0f, 0x33, 0x21, 0x27, 0x8c, 0x99, 0xa0, 0xb6, 0xe0, 0xfb, 0x40, 0x4e, 0x88,
365 0x36, 0x91, 0x42, 0x3f, 0xcc, 0x52, 0x3f, 0x39, 0x82, 0x3d, 0xbd, 0x43, 0x45, 0xf4, 0x1c, 0x17, 0x4c, 0x29, 0x63, 0x5d,
366 0x12, 0xdd, 0x16, 0x8a, 0xa3, 0x6a, 0x81, 0x21, 0xbc, 0x55, 0x10, 0xfa, 0x88, 0x95, 0x80, 0x5d, 0x6a, 0xeb, 0x96, 0x54,
367 0x37, 0x94, 0x07, 0x28, 0x06, 0x0f, 0x62, 0x7e, 0x6f, 0x3d, 0x9e, 0xe7, 0x1d, 0x0e, 0x35, 0xb5, 0x89, 0x07, 0x04, 0xd6,
368 0x70, 0x69, 0x43, 0x8b, 0x44, 0xdb, 0xb5, 0x0b, 0xc8, 0x80, 0xc5, 0xe9, 0x8f, 0xe4, 0xa7, 0x75, 0x32, 0xa6, 0x47, 0xdc,
369 0xc9, 0x68, 0x26, 0x85, 0x96, 0x8c, 0x15, 0x47, 0xe0, 0x4f, 0x13, 0x81, 0x97, 0xae, 0x7c, 0xc5, 0x1c, 0xda, 0x22, 0xef,
370 0x39, 0xef, 0xe8, 0x8f, 0xbb, 0x33, 0xd3, 0x40, 0x12, 0x45, 0xcd, 0x05, 0x81, 0x39, 0xdc, 0x88, 0x9f, 0xd2, 0x3e, 0x20,
371 0xe5, 0xec, 0xf9, 0x39, 0xc5, 0x55, 0xeb, 0x97, 0x7f, 0x67, 0x36, 0x80, 0xfa, 0x2a, 0xe1, 0xf4, 0x36, 0x03, 0xe5, 0xe2,
372 0xa8, 0x75, 0x0e, 0x58, 0x21, 0xdf, 0x86, 0x38, 0x49, 0x19, 0x6f, 0x00, 0x3b, 0x8c, 0x57, 0x8c, 0xa7, 0x60, 0xf8, 0xda,
373 0x01, 0xbc, 0xbc, 0xe5, 0x77, 0x81, 0xeb, 0xda, 0xd6, 0xd6, 0x6e, 0xa4, 0x1a, 0x09, 0x3c
374 };
375 unsigned int Test_Encryption__S_MIME__cer_len = 1035;
376
377 /* Test identity for S/MIME policy (sign only, no encrypt)
378 */
379 unsigned char Test_smime_signonly_p12[] = {
380 0x30, 0x82, 0x0a, 0xdd, 0x02, 0x01, 0x03, 0x30, 0x82, 0x0a, 0xa4, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
381 0x07, 0x01, 0xa0, 0x82, 0x0a, 0x95, 0x04, 0x82, 0x0a, 0x91, 0x30, 0x82, 0x0a, 0x8d, 0x30, 0x82, 0x05, 0x07, 0x06, 0x09,
382 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06, 0xa0, 0x82, 0x04, 0xf8, 0x30, 0x82, 0x04, 0xf4, 0x02, 0x01, 0x00,
383 0x30, 0x82, 0x04, 0xed, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a,
384 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x06, 0x30, 0x0e, 0x04, 0x08, 0xa7, 0xf8, 0xe5, 0x65, 0x62, 0x31, 0xe0,
385 0xa6, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x04, 0xc0, 0x2b, 0xf6, 0xdc, 0x0d, 0x1c, 0xce, 0x0d, 0x2a, 0xa8, 0x50, 0x94,
386 0xc5, 0x52, 0x04, 0xa0, 0x07, 0x8b, 0xf2, 0x31, 0x4e, 0x5e, 0xfe, 0xe7, 0x8f, 0x53, 0xac, 0x98, 0x1a, 0x04, 0x08, 0xdc,
387 0xd9, 0xc6, 0xd5, 0xee, 0xbd, 0x43, 0x15, 0x55, 0xf8, 0x03, 0xa7, 0x05, 0x31, 0x7f, 0xee, 0x36, 0xa8, 0x43, 0xdb, 0x09,
388 0x25, 0x61, 0x8e, 0x1c, 0xd2, 0x84, 0x22, 0xc2, 0xf5, 0x2f, 0x29, 0x4b, 0x97, 0xfd, 0x38, 0xb8, 0x4d, 0xde, 0x76, 0x28,
389 0xe9, 0xd9, 0xf7, 0xf1, 0x77, 0xdd, 0x7d, 0x6f, 0x35, 0xf7, 0x73, 0x94, 0xeb, 0x39, 0x5d, 0xaf, 0x92, 0xca, 0x07, 0x39,
390 0xa2, 0x8a, 0xd2, 0xcd, 0xe0, 0x69, 0x5b, 0x2f, 0xc3, 0x29, 0x1c, 0xbb, 0x27, 0x01, 0x83, 0x49, 0xfe, 0x55, 0x75, 0x1f,
391 0x56, 0xf4, 0xf8, 0xed, 0x60, 0xe3, 0xee, 0x10, 0x40, 0x4d, 0x67, 0xdb, 0x1b, 0x4e, 0x0b, 0x03, 0x65, 0xfc, 0x10, 0x9f,
392 0x40, 0x19, 0xcd, 0xe7, 0x5b, 0x6f, 0x8d, 0xf4, 0x21, 0x80, 0x1e, 0x81, 0xae, 0x34, 0xac, 0x70, 0xf5, 0xdd, 0x59, 0xb7,
393 0xd8, 0x31, 0x9f, 0xd9, 0xec, 0x54, 0x8c, 0x93, 0x73, 0x78, 0xbf, 0x5c, 0xf9, 0x29, 0x8b, 0x32, 0xdd, 0x3d, 0xb5, 0xe8,
394 0xdf, 0xe6, 0x78, 0xd2, 0xbe, 0x9d, 0x55, 0x2d, 0xde, 0x23, 0xe4, 0x14, 0xc2, 0x7b, 0x38, 0xce, 0x27, 0x22, 0x0b, 0x6a,
395 0x05, 0x22, 0x27, 0x39, 0x04, 0x99, 0x6f, 0x02, 0x74, 0xc0, 0xc8, 0xcd, 0x8d, 0xa7, 0x76, 0x9f, 0x41, 0x76, 0x6b, 0x97,
396 0x5f, 0x40, 0xc4, 0xa4, 0x77, 0x85, 0x2b, 0x18, 0x94, 0x79, 0xa3, 0x2a, 0x8d, 0x72, 0x5c, 0x8a, 0x15, 0xad, 0x57, 0x87,
397 0xc3, 0x72, 0x83, 0x89, 0x4a, 0xec, 0x92, 0xb6, 0xad, 0xb0, 0x5a, 0xb6, 0x1a, 0x53, 0x61, 0x28, 0x66, 0xfc, 0x9c, 0x4a,
398 0x4f, 0xfd, 0x38, 0x2a, 0x00, 0x55, 0x56, 0x03, 0xff, 0x09, 0xb0, 0xff, 0xbc, 0xa6, 0x78, 0x43, 0x0c, 0x90, 0xc7, 0x6d,
399 0x25, 0x45, 0x73, 0x61, 0x55, 0x24, 0x5d, 0x93, 0x2c, 0x38, 0x4f, 0x8d, 0x68, 0x41, 0xfe, 0xeb, 0xbc, 0xae, 0xee, 0x92,
400 0xa5, 0xbd, 0x6c, 0x1f, 0x4c, 0xe2, 0xb2, 0xc8, 0x42, 0x50, 0x5c, 0xa9, 0xa3, 0x53, 0x46, 0x6b, 0xa1, 0x4e, 0x69, 0x6f,
401 0xe0, 0x12, 0xc4, 0x03, 0x1e, 0xe5, 0xc1, 0xad, 0x8d, 0x57, 0x95, 0xfd, 0x24, 0x85, 0xd7, 0x2b, 0x5d, 0xbb, 0x72, 0x5b,
402 0x62, 0x72, 0x97, 0xdd, 0xb8, 0xb1, 0x7a, 0xf7, 0x42, 0x2c, 0x9f, 0xe2, 0x6e, 0x57, 0x7d, 0xee, 0x72, 0x67, 0xec, 0x98,
403 0x3a, 0x63, 0x44, 0x28, 0x75, 0xce, 0x9b, 0x5e, 0x95, 0xe6, 0x34, 0x7c, 0x1e, 0x56, 0x33, 0x3d, 0x31, 0x69, 0xd6, 0xf7,
404 0x62, 0xa9, 0x7c, 0x0e, 0xf7, 0x9d, 0xf8, 0x7d, 0xfe, 0x86, 0x12, 0x62, 0x18, 0xf1, 0xdd, 0xbf, 0x37, 0x73, 0xb2, 0x0b,
405 0x81, 0xb4, 0x38, 0xcb, 0x93, 0x8c, 0x3a, 0xe6, 0xd6, 0x72, 0x39, 0x09, 0x84, 0x09, 0xd7, 0x14, 0xc1, 0x67, 0x78, 0xc4,
406 0x5a, 0xa3, 0xa6, 0x0b, 0x0c, 0xd8, 0xd4, 0xda, 0xd7, 0xb8, 0x3a, 0x86, 0xcc, 0x44, 0x7d, 0xf6, 0x30, 0x4f, 0x07, 0x9f,
407 0x8a, 0x28, 0x22, 0x89, 0x34, 0xd3, 0x7b, 0xe6, 0x1b, 0xac, 0x9a, 0x11, 0xdd, 0x06, 0x72, 0x6e, 0x3f, 0x39, 0x3f, 0x18,
408 0x92, 0xc8, 0x93, 0xbb, 0x7c, 0x4a, 0x65, 0xad, 0xba, 0xfb, 0x6b, 0x29, 0xe3, 0xd5, 0x0d, 0xfc, 0xf1, 0x05, 0x91, 0x9d,
409 0x3f, 0x86, 0x86, 0xd3, 0xf3, 0x48, 0x8b, 0xba, 0x97, 0x59, 0xaf, 0xfb, 0x06, 0x34, 0x6e, 0x09, 0x5b, 0x4f, 0x4a, 0xdf,
410 0x3c, 0x94, 0xc7, 0x18, 0xb0, 0xf0, 0x23, 0xaf, 0x2f, 0x4e, 0x29, 0xd2, 0x99, 0xc3, 0x5f, 0x43, 0x52, 0xd2, 0x93, 0x1b,
411 0x8c, 0x13, 0x08, 0x5c, 0xa3, 0x5a, 0x68, 0x14, 0x7d, 0xda, 0xad, 0x92, 0xb5, 0xd0, 0x13, 0xe6, 0x21, 0xbc, 0x5b, 0xd5,
412 0xfa, 0x4e, 0xd7, 0x01, 0x8b, 0xa0, 0x9a, 0xfd, 0x02, 0x02, 0xc3, 0x9e, 0x7f, 0xfc, 0xc0, 0x90, 0x2a, 0xdd, 0xac, 0xa0,
413 0x01, 0x92, 0x39, 0x23, 0xb4, 0x3b, 0x2a, 0x13, 0x56, 0xcb, 0x78, 0xf5, 0xe1, 0xac, 0x15, 0x7f, 0x22, 0x38, 0x77, 0x0c,
414 0xa8, 0xfc, 0x46, 0x14, 0x02, 0xbe, 0x28, 0xf2, 0xa4, 0x59, 0x68, 0x01, 0x73, 0x4a, 0x52, 0xea, 0xfe, 0xb8, 0x8e, 0x59,
415 0xf2, 0x41, 0xaa, 0x04, 0x77, 0x20, 0xc6, 0x57, 0x62, 0x60, 0xb3, 0xc0, 0x6b, 0x2b, 0x5b, 0x4d, 0x64, 0x0c, 0xfe, 0x09,
416 0x92, 0x35, 0x9f, 0xde, 0xfe, 0xad, 0x8e, 0xd6, 0xf3, 0x8f, 0xb9, 0xf4, 0x77, 0x0f, 0xed, 0x47, 0x0d, 0x77, 0x59, 0x9c,
417 0xda, 0x7f, 0x40, 0xa1, 0xee, 0x6c, 0xaf, 0x66, 0x69, 0x12, 0x3a, 0x42, 0x98, 0x55, 0x91, 0x34, 0xf8, 0x02, 0x57, 0xf9,
418 0xf1, 0x9c, 0x5e, 0x7f, 0xec, 0x44, 0x14, 0x21, 0x8b, 0x21, 0x98, 0xe8, 0x62, 0x00, 0x0b, 0x9b, 0xe2, 0xc8, 0xff, 0xfe,
419 0xf5, 0xa0, 0xc5, 0x6a, 0x61, 0x75, 0x6f, 0xbf, 0x1f, 0x8d, 0x72, 0xbe, 0x48, 0x1f, 0xdf, 0x58, 0xba, 0x13, 0x33, 0x60,
420 0x8f, 0xc4, 0x5b, 0xf3, 0x70, 0x94, 0xee, 0x25, 0x98, 0x5e, 0x30, 0x40, 0x7f, 0x1c, 0xf6, 0x34, 0xb5, 0x6d, 0x5c, 0xc2,
421 0x45, 0xad, 0x1b, 0x88, 0x9e, 0x10, 0x59, 0x86, 0xcf, 0x49, 0xaa, 0xa4, 0x72, 0xee, 0x1c, 0xeb, 0x21, 0x85, 0x78, 0x5c,
422 0x1a, 0x08, 0x33, 0x6d, 0x52, 0xf3, 0xde, 0x86, 0x64, 0x2a, 0x34, 0x9e, 0x17, 0x16, 0xc5, 0xaf, 0xc9, 0x5a, 0xb0, 0x69,
423 0xcb, 0xdf, 0x6f, 0x23, 0x67, 0xe7, 0x02, 0x93, 0xf8, 0x79, 0x3d, 0xc1, 0x7f, 0x7e, 0xe7, 0x9a, 0xb2, 0xa8, 0x5b, 0x11,
424 0x64, 0x8c, 0x4b, 0x71, 0x29, 0xc4, 0x8c, 0xa5, 0x3b, 0xcf, 0x42, 0x48, 0x41, 0x2b, 0x29, 0x31, 0xc4, 0xfc, 0x21, 0x69,
425 0x10, 0x1e, 0x8c, 0xde, 0x02, 0x45, 0x43, 0x30, 0x4a, 0x9f, 0x4b, 0x8f, 0x4f, 0xf5, 0x63, 0x4f, 0x6d, 0xed, 0x7c, 0x37,
426 0x3f, 0x88, 0x43, 0x01, 0x95, 0xba, 0x49, 0x03, 0xa1, 0xe0, 0xe6, 0xf9, 0x58, 0x3a, 0x50, 0xf3, 0x3f, 0xcf, 0x15, 0xc7,
427 0x30, 0x4b, 0x56, 0xad, 0x74, 0x9e, 0x1d, 0xe1, 0x1f, 0x33, 0x33, 0x10, 0x9f, 0x55, 0xf6, 0xad, 0xf2, 0x07, 0x32, 0x39,
428 0xd4, 0x6e, 0x32, 0xd2, 0xc5, 0xbb, 0x67, 0x7d, 0x77, 0xd3, 0x21, 0xb5, 0xce, 0x5f, 0x07, 0xc4, 0x61, 0x6b, 0x67, 0x1d,
429 0x58, 0x56, 0xf7, 0xa3, 0x99, 0x4f, 0x7a, 0x9d, 0xd3, 0x78, 0x07, 0x7f, 0x4e, 0x24, 0x94, 0x2e, 0x75, 0x46, 0xd0, 0x1e,
430 0x76, 0x77, 0xf1, 0x18, 0x1c, 0xbf, 0x3e, 0xe5, 0x42, 0x45, 0x9c, 0x30, 0x78, 0x64, 0x5e, 0x55, 0x43, 0x42, 0x4e, 0x60,
431 0x1f, 0x57, 0xc3, 0xd3, 0xe3, 0xf4, 0x8b, 0x4c, 0xaf, 0x18, 0xc0, 0xa9, 0xf8, 0xe5, 0xd3, 0x96, 0xe0, 0xd2, 0x0a, 0x05,
432 0xc5, 0x2a, 0x42, 0x16, 0xc9, 0x1d, 0x90, 0xfb, 0x4b, 0x2d, 0x3b, 0xbf, 0x14, 0xfc, 0x7b, 0x47, 0x11, 0xf7, 0x46, 0x7b,
433 0x31, 0xb4, 0x2f, 0x25, 0x89, 0xed, 0x5d, 0x95, 0x7c, 0x0b, 0xe9, 0x89, 0x7a, 0x0a, 0x83, 0xc2, 0x08, 0xcc, 0x61, 0x8d,
434 0x7a, 0xf3, 0x3a, 0x7e, 0x7e, 0xa4, 0x16, 0x36, 0x0e, 0x9e, 0xac, 0xd3, 0x01, 0x0d, 0x60, 0x0c, 0x5e, 0xca, 0x2d, 0xcc,
435 0x59, 0xd8, 0x9d, 0x67, 0xb6, 0xc0, 0x81, 0xa7, 0xcb, 0x64, 0x8f, 0x03, 0x18, 0xc8, 0xba, 0x2b, 0x3d, 0x83, 0x37, 0x7e,
436 0xe2, 0x24, 0x9e, 0xff, 0xef, 0x78, 0x0c, 0x24, 0xaf, 0x90, 0x83, 0x45, 0x29, 0xfd, 0x1c, 0x1e, 0xc3, 0xf9, 0x49, 0x88,
437 0x48, 0xf3, 0xae, 0x22, 0x26, 0x07, 0xa6, 0xc6, 0x50, 0xed, 0xda, 0xb7, 0xb8, 0x4e, 0x1f, 0x6c, 0x7f, 0x9c, 0x54, 0x77,
438 0x0c, 0x66, 0x0b, 0x65, 0x4b, 0xdd, 0x9a, 0x9f, 0x69, 0xdc, 0x9a, 0x3a, 0xfc, 0xa8, 0x1c, 0xb5, 0xcf, 0xfd, 0x9a, 0x9d,
439 0x49, 0x5e, 0xcb, 0xd5, 0xa8, 0xcd, 0x89, 0xa6, 0xd3, 0x26, 0xfd, 0xa3, 0x8f, 0x46, 0xb8, 0x98, 0x63, 0x0d, 0x0a, 0xd8,
440 0x21, 0xed, 0xa5, 0x5f, 0x0a, 0x6e, 0x8b, 0xd1, 0xd7, 0x93, 0xca, 0xa8, 0xc2, 0x54, 0x6d, 0x8e, 0x4a, 0x3a, 0x87, 0x50,
441 0x23, 0x6c, 0x98, 0x4d, 0x61, 0xc9, 0x21, 0xca, 0xfa, 0xe9, 0x14, 0xaf, 0x85, 0x07, 0x66, 0x40, 0xe4, 0x3c, 0x78, 0xcf,
442 0x8f, 0x0d, 0x06, 0xe2, 0xce, 0x5b, 0x38, 0xdd, 0x6c, 0x99, 0x95, 0x7a, 0x3a, 0xaf, 0xfb, 0x82, 0xdb, 0x94, 0x51, 0x6d,
443 0x99, 0xd6, 0x47, 0x41, 0x16, 0x8c, 0x7e, 0x30, 0xb4, 0x86, 0x42, 0xe7, 0xad, 0x38, 0x16, 0x12, 0x3e, 0x6b, 0xcf, 0xb8,
444 0x8f, 0x08, 0x8c, 0xce, 0xc9, 0xf5, 0x5a, 0x6d, 0x6d, 0x1c, 0xef, 0xa3, 0xee, 0x44, 0x1e, 0x48, 0xe4, 0x41, 0xc6, 0xfa,
445 0x38, 0x63, 0xf6, 0x7d, 0x50, 0x59, 0x36, 0x9b, 0x8a, 0xbc, 0x66, 0x9d, 0x3d, 0xac, 0xe0, 0x4a, 0x2b, 0x27, 0xd4, 0x0a,
446 0x5e, 0x8c, 0xd2, 0x03, 0xde, 0x30, 0x82, 0x05, 0x7e, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01,
447 0xa0, 0x82, 0x05, 0x6f, 0x04, 0x82, 0x05, 0x6b, 0x30, 0x82, 0x05, 0x67, 0x30, 0x82, 0x05, 0x63, 0x06, 0x0b, 0x2a, 0x86,
448 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04, 0xee, 0x30, 0x82, 0x04, 0xea, 0x30, 0x1c, 0x06,
449 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, 0x04, 0x08, 0xe8, 0xe9, 0xa0, 0xff, 0x46,
450 0xbd, 0xb7, 0xbe, 0x02, 0x02, 0x08, 0x00, 0x04, 0x82, 0x04, 0xc8, 0xb7, 0xe8, 0x82, 0xae, 0xfd, 0x43, 0x15, 0xbb, 0xf4,
451 0x94, 0x2d, 0x8d, 0x28, 0x5c, 0x66, 0xc4, 0x78, 0x5b, 0x0f, 0x41, 0xf9, 0x8e, 0x65, 0x3f, 0xf3, 0x06, 0x99, 0x36, 0x70,
452 0xeb, 0x99, 0x38, 0x29, 0x49, 0xea, 0x28, 0xc4, 0x84, 0x11, 0x8c, 0x4f, 0x5e, 0x61, 0x7c, 0x3f, 0xc3, 0x61, 0x16, 0x1b,
453 0xce, 0x50, 0xc9, 0xd6, 0x3e, 0x0e, 0x96, 0x93, 0xd1, 0xf7, 0x1a, 0x79, 0x86, 0x86, 0x22, 0x7e, 0x39, 0xc0, 0x15, 0x49,
454 0x69, 0xc5, 0x56, 0xf9, 0xb6, 0xeb, 0xe0, 0x36, 0x53, 0x01, 0xc1, 0xb9, 0x2d, 0x31, 0xdb, 0xdc, 0x12, 0xe0, 0x1b, 0x85,
455 0x4b, 0x11, 0xfa, 0x74, 0xd5, 0x5b, 0x4a, 0x84, 0xbc, 0x7e, 0x1f, 0xf4, 0x1e, 0x04, 0x75, 0x5e, 0x75, 0x6b, 0xb0, 0x6f,
456 0xc0, 0xb6, 0x5c, 0x0b, 0x93, 0xe7, 0x96, 0x94, 0x4c, 0x17, 0x97, 0xce, 0x4e, 0x2c, 0xe8, 0x48, 0xff, 0x89, 0xd5, 0x8c,
457 0x41, 0xe1, 0x0d, 0xed, 0xb2, 0x82, 0x7a, 0x75, 0x49, 0xbf, 0x0e, 0xf2, 0xec, 0x06, 0x8b, 0xa7, 0x86, 0xd8, 0x95, 0x4a,
458 0x3e, 0x5a, 0x78, 0xea, 0xf3, 0xee, 0xff, 0x5b, 0xc9, 0x21, 0x58, 0x88, 0x2c, 0x84, 0xab, 0x1f, 0x79, 0x07, 0xae, 0x98,
459 0x6a, 0xa0, 0xc9, 0x93, 0x3d, 0x74, 0x67, 0x43, 0x5b, 0x2d, 0xfb, 0x57, 0xc8, 0x24, 0x8e, 0xe6, 0x74, 0x0f, 0x11, 0x53,
460 0x8d, 0x2b, 0xd9, 0xa6, 0x44, 0x11, 0x32, 0xab, 0xec, 0x08, 0xe4, 0x63, 0xb3, 0x19, 0x5d, 0xd2, 0xff, 0x7d, 0x29, 0xb2,
461 0x4e, 0xc0, 0x44, 0x0b, 0xd2, 0x68, 0x4d, 0xc0, 0xbf, 0x24, 0xcd, 0x01, 0x26, 0x31, 0x52, 0xcf, 0x1c, 0x14, 0x8f, 0x70,
462 0x31, 0x1f, 0x68, 0x19, 0xfd, 0x81, 0x09, 0xef, 0xbd, 0xc0, 0xa7, 0xcd, 0xd9, 0x6c, 0xff, 0xf7, 0xb1, 0x11, 0xbb, 0xfa,
463 0x8b, 0x73, 0x22, 0xd9, 0x3a, 0x74, 0xa3, 0x49, 0x54, 0xd7, 0x52, 0x53, 0xd5, 0xaa, 0x1b, 0x72, 0xbd, 0xa6, 0x44, 0x7d,
464 0xed, 0x97, 0xe9, 0xfd, 0xcf, 0x26, 0x2b, 0x3c, 0x3a, 0x00, 0xf7, 0x3f, 0xf7, 0xdc, 0x91, 0x3a, 0x65, 0x5b, 0xcb, 0xba,
465 0x79, 0x5c, 0xb7, 0xfb, 0x79, 0x15, 0xe7, 0x7d, 0x1c, 0xd8, 0xf5, 0x89, 0x0f, 0xb1, 0x5e, 0x8d, 0x96, 0xa2, 0xef, 0x3f,
466 0x8d, 0x27, 0x38, 0x36, 0xd5, 0xcf, 0xe5, 0x67, 0xd0, 0xa9, 0xa5, 0xde, 0x16, 0xe7, 0xe7, 0x62, 0x04, 0x55, 0x66, 0xfd,
467 0x9f, 0xa4, 0x10, 0xcb, 0x30, 0x12, 0x10, 0x24, 0xb4, 0x7f, 0x63, 0x6a, 0x38, 0xd0, 0x9b, 0x77, 0x93, 0x27, 0xda, 0x72,
468 0xeb, 0xdb, 0x79, 0x26, 0x92, 0x60, 0xc5, 0x41, 0xb9, 0xe6, 0xce, 0x08, 0xaf, 0x3e, 0x0f, 0xe6, 0x8d, 0x17, 0x7e, 0x3b,
469 0xbc, 0x37, 0x57, 0x16, 0x54, 0xbe, 0x8c, 0x6a, 0xda, 0xb1, 0x7c, 0x46, 0xee, 0xc7, 0xed, 0x26, 0x76, 0x91, 0x01, 0xd5,
470 0x9c, 0x7b, 0xc2, 0xb7, 0x6f, 0x8c, 0xa1, 0xd1, 0x93, 0x50, 0x0c, 0x27, 0x0c, 0x74, 0xa4, 0x80, 0x7c, 0x3d, 0x28, 0x93,
471 0x21, 0xbe, 0xc9, 0x9f, 0xb5, 0x0a, 0xc8, 0x31, 0x12, 0x25, 0x90, 0x3f, 0x9a, 0x6d, 0x20, 0x02, 0xa0, 0xd6, 0x21, 0x53,
472 0x10, 0x55, 0x19, 0x48, 0x57, 0xf8, 0x2a, 0x48, 0xc4, 0xb5, 0xa1, 0x79, 0xac, 0x53, 0xbd, 0x2b, 0xde, 0x4d, 0xa4, 0x77,
473 0xe4, 0x1f, 0x87, 0x9f, 0x9f, 0xd1, 0x9c, 0x00, 0x8d, 0x7b, 0x83, 0x4a, 0xc4, 0x25, 0xf2, 0xb7, 0xfc, 0xb8, 0x0e, 0x97,
474 0x26, 0x70, 0x26, 0x89, 0x86, 0xe6, 0x15, 0xaa, 0x8f, 0x5e, 0x76, 0xb3, 0x3f, 0x8b, 0x01, 0xda, 0xf5, 0x99, 0x01, 0x32,
475 0xc3, 0x76, 0x19, 0x93, 0xca, 0xda, 0x27, 0xb1, 0x74, 0x0e, 0x84, 0x4b, 0x02, 0x4b, 0x50, 0x31, 0x64, 0x69, 0xd9, 0xa4,
476 0x21, 0x85, 0xfd, 0xab, 0x69, 0xf3, 0x66, 0x40, 0x43, 0x13, 0x4f, 0x58, 0xf5, 0x03, 0x3b, 0xc1, 0xea, 0x40, 0xeb, 0xe4,
477 0xca, 0x63, 0x29, 0xca, 0x41, 0x64, 0x7a, 0x0e, 0xb9, 0x46, 0xf2, 0xcb, 0xa0, 0xf3, 0x3e, 0x35, 0xaf, 0xe1, 0x81, 0xa9,
478 0xd3, 0x0c, 0xef, 0xe9, 0x2d, 0xc4, 0x10, 0x46, 0x24, 0xd0, 0x6d, 0xab, 0xb1, 0xd3, 0xe0, 0x4a, 0x43, 0xcd, 0x3f, 0xa4,
479 0xe4, 0xdc, 0x3e, 0x70, 0x07, 0x62, 0x93, 0x27, 0x32, 0x46, 0x57, 0x85, 0x45, 0x6a, 0xcf, 0x0d, 0xec, 0x08, 0xf0, 0x07,
480 0x6c, 0xb8, 0x87, 0xd1, 0xc5, 0xa3, 0xf0, 0xd6, 0xaf, 0x37, 0x09, 0xff, 0xbc, 0x15, 0x56, 0x60, 0xfc, 0x2a, 0xec, 0xbf,
481 0x8c, 0x22, 0x1c, 0xef, 0xaa, 0xfe, 0x6a, 0x42, 0xa0, 0x41, 0xdd, 0x8d, 0x7d, 0xa8, 0x74, 0xa8, 0xb4, 0xfc, 0x12, 0x2e,
482 0xf2, 0xe6, 0xbe, 0xa6, 0xbc, 0x31, 0x01, 0x40, 0xa4, 0x27, 0xc2, 0x75, 0xbb, 0x12, 0x91, 0xc9, 0x84, 0xa0, 0xd5, 0xff,
483 0xaa, 0x8d, 0x8f, 0x22, 0xd0, 0x05, 0x05, 0x63, 0xe1, 0xa3, 0xa0, 0xfc, 0x7d, 0xb4, 0xd9, 0x26, 0xcf, 0x77, 0x46, 0x36,
484 0x9a, 0xdd, 0x97, 0x8f, 0xc6, 0x79, 0x99, 0x81, 0x47, 0x91, 0x00, 0xe3, 0x88, 0xe4, 0x09, 0xca, 0xb9, 0x2c, 0x66, 0x70,
485 0xa2, 0x1c, 0xc7, 0xb9, 0xfe, 0xd3, 0x3e, 0x8f, 0x52, 0x5a, 0xfb, 0x63, 0x8d, 0x06, 0x36, 0xd9, 0x40, 0xf6, 0x4a, 0x99,
486 0xcf, 0xf6, 0x60, 0x02, 0xb2, 0xff, 0x81, 0x51, 0x44, 0xf7, 0x69, 0x7a, 0xc6, 0xf9, 0x6a, 0xe3, 0x3a, 0xc5, 0x11, 0xc3,
487 0x61, 0xe7, 0x09, 0xdd, 0x88, 0x04, 0x0c, 0x41, 0xbf, 0x41, 0x6e, 0x20, 0x5c, 0xf0, 0x6b, 0x3c, 0x57, 0x3b, 0x03, 0x16,
488 0x25, 0xc7, 0x39, 0x42, 0x4d, 0x32, 0x30, 0xd3, 0x12, 0xbf, 0x85, 0x3b, 0x90, 0x9a, 0x38, 0xe1, 0x6c, 0x32, 0x5b, 0xe5,
489 0xa0, 0x8e, 0xab, 0x7f, 0xcc, 0x36, 0x91, 0x7b, 0xd3, 0x45, 0x47, 0xa5, 0x14, 0x47, 0xb0, 0x0a, 0x0f, 0x29, 0xcd, 0xbc,
490 0x72, 0x2c, 0xc9, 0x47, 0xf4, 0xd7, 0x3e, 0x5c, 0x25, 0x85, 0x9b, 0x7d, 0xa9, 0xf7, 0xdc, 0xec, 0xfe, 0x7b, 0x6b, 0xad,
491 0x00, 0x24, 0xd2, 0x84, 0xd8, 0xd1, 0xc1, 0x2a, 0xde, 0x0d, 0x14, 0x46, 0x87, 0xa6, 0x83, 0x59, 0x6b, 0xde, 0x06, 0xf8,
492 0x1c, 0x81, 0x04, 0x3e, 0x14, 0xac, 0x9a, 0xe4, 0xc4, 0xe1, 0x51, 0xbb, 0xcf, 0xe0, 0xf5, 0xc3, 0x40, 0xdd, 0x1e, 0xae,
493 0x3e, 0x06, 0x45, 0x80, 0x7a, 0x6b, 0x07, 0x58, 0xc1, 0xcf, 0xb3, 0x22, 0xd4, 0xfe, 0xc0, 0x01, 0x86, 0x16, 0x48, 0x5a,
494 0x04, 0xe9, 0x3c, 0xa0, 0xdb, 0x2d, 0x57, 0xec, 0x6f, 0x83, 0x4e, 0x14, 0xcc, 0xf8, 0x01, 0x3b, 0x46, 0x6a, 0xec, 0xd0,
495 0xd3, 0x13, 0x29, 0xf5, 0x61, 0x38, 0x7a, 0x41, 0xd6, 0xca, 0x87, 0x4e, 0x91, 0x67, 0x3a, 0x7f, 0x4e, 0x1e, 0x40, 0x07,
496 0xad, 0x0d, 0x80, 0xac, 0x83, 0xd2, 0x4d, 0xee, 0xc6, 0x81, 0xab, 0x86, 0x58, 0xd0, 0x86, 0x3e, 0x97, 0x95, 0xef, 0xec,
497 0xbe, 0xd6, 0xe9, 0xc1, 0xce, 0x2e, 0xa5, 0xd1, 0x71, 0x1c, 0x7e, 0xb9, 0xa4, 0x5f, 0xcc, 0x12, 0x96, 0x13, 0x50, 0x6d,
498 0x07, 0x8c, 0xa3, 0xa5, 0x40, 0x73, 0xb3, 0x90, 0x70, 0x92, 0x4b, 0x48, 0x95, 0xb7, 0x38, 0x72, 0xe3, 0x9c, 0x1d, 0x1d,
499 0x6b, 0x4a, 0x29, 0xf3, 0xf5, 0x77, 0xfb, 0x5e, 0x44, 0x4e, 0x2b, 0xec, 0xc2, 0x65, 0xd2, 0x4c, 0x6c, 0xad, 0xac, 0xb7,
500 0x64, 0x9a, 0xd2, 0xbf, 0x10, 0x53, 0xdd, 0x2d, 0x48, 0x55, 0x45, 0x9d, 0x64, 0x1d, 0x00, 0x15, 0xd2, 0x20, 0x15, 0x9f,
501 0xcf, 0xc0, 0x72, 0x20, 0xec, 0xf3, 0x55, 0x86, 0x36, 0x8b, 0xac, 0x8f, 0x71, 0x04, 0xc5, 0x17, 0x3b, 0x98, 0x8d, 0x96,
502 0xd9, 0x56, 0x1c, 0x48, 0x5f, 0xd4, 0x32, 0x3d, 0x41, 0x94, 0x54, 0x7b, 0xa8, 0x44, 0xfd, 0x99, 0x9e, 0xbb, 0x22, 0x6d,
503 0x36, 0x57, 0x86, 0x19, 0xc5, 0x09, 0x73, 0x5e, 0x4a, 0xb7, 0x99, 0x2c, 0x51, 0x9d, 0xf3, 0x0e, 0x40, 0x82, 0x9a, 0xc3,
504 0x5e, 0x00, 0x85, 0xf1, 0xa1, 0xe0, 0xe7, 0xf2, 0xcd, 0x7d, 0x6a, 0x3a, 0x10, 0x42, 0x1d, 0x95, 0xb1, 0xc5, 0x9e, 0x76,
505 0x2a, 0x22, 0x00, 0x48, 0x52, 0x07, 0xc7, 0x49, 0xab, 0xa1, 0xd5, 0xa6, 0xe2, 0xc5, 0x51, 0x47, 0x31, 0x80, 0x37, 0xbd,
506 0xb6, 0x91, 0xab, 0xa3, 0x9c, 0xee, 0x9c, 0x1e, 0x69, 0xc7, 0x15, 0x29, 0xf5, 0x8f, 0x12, 0x4f, 0xf4, 0x99, 0xaf, 0x58,
507 0x68, 0x5b, 0x2e, 0x0d, 0x99, 0x25, 0x13, 0xc1, 0xe4, 0xe7, 0x7f, 0x58, 0x16, 0xaa, 0x02, 0xf1, 0xce, 0xde, 0x90, 0x33,
508 0x80, 0x5b, 0xb3, 0xdb, 0xb6, 0x6b, 0xda, 0x77, 0x4b, 0x45, 0xff, 0x73, 0x27, 0x02, 0x79, 0xb3, 0x01, 0xe9, 0x11, 0x64,
509 0x0b, 0x93, 0x17, 0xd5, 0x71, 0x23, 0xdb, 0x2d, 0xbd, 0x06, 0xb5, 0x8a, 0x1e, 0xfd, 0x13, 0xe4, 0x0c, 0xfb, 0x5f, 0xd5,
510 0x68, 0x04, 0xd7, 0xd2, 0xeb, 0x63, 0xc2, 0x2f, 0x7d, 0xfe, 0x9b, 0x24, 0x92, 0xb7, 0x46, 0xab, 0x0e, 0x7c, 0x15, 0xfa,
511 0x0d, 0x1a, 0xdc, 0x65, 0x99, 0xdb, 0xa1, 0x6f, 0x55, 0x90, 0x76, 0xb5, 0x20, 0x8b, 0x6f, 0x31, 0x62, 0x30, 0x3b, 0x06,
512 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x14, 0x31, 0x2e, 0x1e, 0x2c, 0x00, 0x54, 0x00, 0x65, 0x00, 0x73,
513 0x00, 0x74, 0x00, 0x2d, 0x00, 0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6e, 0x00, 0x4f, 0x00, 0x6e, 0x00, 0x6c, 0x00, 0x79,
514 0x00, 0x20, 0x00, 0x28, 0x00, 0x53, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x49, 0x00, 0x4d, 0x00, 0x45, 0x00, 0x29, 0x30, 0x23,
515 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x60, 0x94, 0x0b, 0x09, 0xd9,
516 0x9c, 0x09, 0x22, 0xc2, 0x15, 0x0e, 0xf8, 0x47, 0x4c, 0x8f, 0xbe, 0xaa, 0x65, 0x51, 0x76, 0x30, 0x30, 0x30, 0x21, 0x30,
517 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x76, 0xa4, 0x2d, 0xf1, 0x67, 0x61, 0x56, 0x63,
518 0xd0, 0x39, 0x34, 0xe3, 0xb4, 0x1c, 0x96, 0xa3, 0xc0, 0x5a, 0xf7, 0xff, 0x04, 0x08, 0x06, 0xe1, 0x19, 0x07, 0xbf, 0xf2,
519 0xb9, 0xbf, 0x02, 0x01, 0x01
520 };
521 unsigned int test_sign_only_smime_p12_len = 2785;
522
523
524 /* Test SSL User identity (PKCS12 data), expires in 2026
525 */
526 unsigned char Test_ssl_user_p12[] = {
527 0x30, 0x82, 0x0a, 0x83, 0x02, 0x01, 0x03, 0x30, 0x82, 0x0a, 0x4a, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
528 0x07, 0x01, 0xa0, 0x82, 0x0a, 0x3b, 0x04, 0x82, 0x0a, 0x37, 0x30, 0x82, 0x0a, 0x33, 0x30, 0x82, 0x04, 0xbf, 0x06, 0x09,
529 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06, 0xa0, 0x82, 0x04, 0xb0, 0x30, 0x82, 0x04, 0xac, 0x02, 0x01, 0x00,
530 0x30, 0x82, 0x04, 0xa5, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a,
531 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x06, 0x30, 0x0e, 0x04, 0x08, 0xe2, 0xcf, 0xcc, 0x9d, 0x17, 0xcd, 0x62,
532 0xa4, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x04, 0x78, 0xe0, 0x0c, 0xd8, 0xf5, 0x7c, 0xf7, 0x2f, 0x1e, 0xbf, 0x95, 0x6b,
533 0xc1, 0x43, 0x35, 0x3e, 0x8d, 0xdf, 0x65, 0x9b, 0xd8, 0xa0, 0xb2, 0x86, 0xec, 0x38, 0x39, 0x04, 0x72, 0x39, 0x3b, 0xf1,
534 0x5c, 0x1d, 0x1c, 0xac, 0xe6, 0x67, 0xea, 0xce, 0xb2, 0x15, 0xe5, 0xd4, 0xee, 0xe8, 0xf1, 0xad, 0x45, 0x75, 0x6a, 0x07,
535 0xbd, 0xe5, 0x2b, 0x55, 0x89, 0x24, 0xed, 0x65, 0xc7, 0x8e, 0x50, 0xf8, 0x38, 0xef, 0x9c, 0x79, 0x1b, 0xb7, 0xb5, 0x34,
536 0x32, 0x36, 0xa9, 0x1a, 0x65, 0x0f, 0xc4, 0x22, 0x9c, 0x9f, 0xd8, 0x70, 0xe9, 0x8e, 0x59, 0x88, 0x95, 0x86, 0xb0, 0x2c,
537 0xb2, 0xc5, 0x4d, 0x5a, 0x3d, 0x6a, 0xbf, 0x1a, 0x3a, 0x60, 0xbe, 0xde, 0x33, 0xb4, 0x21, 0x86, 0x8b, 0x02, 0x38, 0xf4,
538 0x77, 0x7e, 0x40, 0x9f, 0x0c, 0x55, 0xed, 0x76, 0xfd, 0x60, 0x70, 0x94, 0x3e, 0xf9, 0x01, 0x42, 0xa7, 0x84, 0x0f, 0xfd,
539 0xc0, 0x93, 0x4e, 0xe2, 0x78, 0x13, 0x5d, 0x56, 0x1a, 0x76, 0xf0, 0x99, 0x34, 0x92, 0x0c, 0x3f, 0x19, 0x81, 0x5c, 0x0a,
540 0x6b, 0xcc, 0x19, 0x65, 0x06, 0x88, 0xc9, 0x9c, 0x76, 0xaa, 0xa2, 0x0c, 0x5c, 0x4a, 0x38, 0xcf, 0x6d, 0x79, 0xf6, 0xde,
541 0x39, 0x7a, 0xc9, 0xe6, 0x6c, 0x42, 0xfe, 0xaa, 0xc4, 0xc0, 0x62, 0xa3, 0xda, 0xe1, 0x08, 0x86, 0x79, 0x2d, 0x80, 0x6a,
542 0x5f, 0xa9, 0x79, 0x43, 0xfe, 0xfc, 0xed, 0x08, 0xb3, 0x80, 0x91, 0xa6, 0xe7, 0x9a, 0xc8, 0x77, 0xc7, 0x4c, 0x7e, 0x6a,
543 0x79, 0x76, 0x9f, 0x28, 0x0f, 0x24, 0xd2, 0xee, 0x5e, 0x4f, 0x76, 0xe8, 0xa9, 0xd3, 0x1a, 0xf1, 0xe4, 0x0d, 0xb8, 0x26,
544 0x95, 0x63, 0xd3, 0x59, 0xfb, 0x03, 0x08, 0xea, 0x59, 0x4e, 0xe2, 0x6d, 0x74, 0x47, 0xa2, 0x8b, 0x1c, 0x21, 0x9f, 0x1c,
545 0x68, 0x54, 0x76, 0x78, 0x8a, 0xfa, 0xa3, 0x65, 0x87, 0xd4, 0x6c, 0x16, 0x38, 0xaa, 0xc9, 0x11, 0x58, 0x25, 0x05, 0xba,
546 0x68, 0x92, 0xd8, 0x06, 0x85, 0x19, 0x1e, 0xcc, 0xdb, 0x07, 0x27, 0xa8, 0xe9, 0xec, 0xfb, 0xb9, 0xbd, 0x5e, 0x67, 0x22,
547 0xae, 0xcd, 0xbd, 0xe6, 0xdc, 0x8d, 0x5a, 0xf2, 0x3c, 0xf4, 0x06, 0xa6, 0x0e, 0x98, 0xfc, 0xec, 0x64, 0x05, 0xb8, 0xa5,
548 0xfe, 0x5b, 0x27, 0x41, 0x90, 0xe4, 0x2c, 0x93, 0x38, 0xec, 0xc6, 0xa2, 0x08, 0xe4, 0xab, 0xb2, 0xb5, 0x7b, 0xa6, 0xe0,
549 0x89, 0x97, 0xb6, 0xc0, 0xd4, 0xa8, 0x1f, 0xcb, 0xf4, 0xc6, 0x59, 0xcd, 0xaa, 0x99, 0x40, 0xc6, 0x41, 0x18, 0x3a, 0x95,
550 0x3a, 0x71, 0x06, 0x5c, 0x0d, 0x4c, 0xdf, 0xc2, 0x37, 0x37, 0x78, 0x33, 0x5d, 0x35, 0x7c, 0x0e, 0x33, 0x7c, 0xfd, 0x97,
551 0x18, 0x07, 0xad, 0x54, 0xf0, 0x83, 0xed, 0x20, 0x6c, 0x8a, 0x28, 0x48, 0x29, 0x5c, 0x2c, 0x61, 0x25, 0x87, 0x0b, 0xfc,
552 0x96, 0x8a, 0x51, 0x74, 0x8d, 0x21, 0x0b, 0x6d, 0x6a, 0x88, 0x6c, 0xa5, 0xc0, 0xd7, 0x9a, 0xe7, 0x16, 0x49, 0x66, 0xbf,
553 0xb3, 0x96, 0x73, 0x4d, 0x61, 0x9e, 0x7f, 0x3b, 0x6d, 0x37, 0x5d, 0x31, 0x3f, 0x00, 0x5c, 0x92, 0x20, 0x6e, 0xab, 0x25,
554 0xb3, 0xe9, 0x7a, 0xba, 0xeb, 0xaa, 0x9e, 0xb4, 0xdb, 0xf5, 0x85, 0x51, 0x71, 0xed, 0x5e, 0x4d, 0x04, 0xdc, 0x4d, 0x5d,
555 0x0d, 0x24, 0x74, 0xa4, 0xaf, 0x30, 0x3f, 0x82, 0x0c, 0xe3, 0xfa, 0x21, 0x82, 0x25, 0x29, 0xda, 0x0f, 0x4b, 0x2e, 0x1c,
556 0xb2, 0x06, 0xe7, 0x36, 0x56, 0xb7, 0x4c, 0xf6, 0x37, 0x2c, 0x80, 0xa3, 0x21, 0xdc, 0x3b, 0xa5, 0xed, 0x24, 0x0e, 0x69,
557 0x15, 0xc2, 0x96, 0x0b, 0xa2, 0x72, 0x7a, 0xa4, 0xf8, 0xab, 0x6b, 0xa4, 0xa5, 0x7e, 0x6e, 0x3a, 0xf3, 0x4d, 0x92, 0xba,
558 0x90, 0xf0, 0x9d, 0x20, 0x9f, 0xf4, 0x5c, 0xf6, 0x44, 0x74, 0x6a, 0xc3, 0xc4, 0xed, 0x6d, 0x95, 0x81, 0x53, 0x60, 0xb4,
559 0x80, 0xf4, 0xd3, 0x5f, 0xad, 0xb6, 0x57, 0x9c, 0xb7, 0x59, 0xcc, 0x51, 0x54, 0x5f, 0x67, 0x32, 0x69, 0x63, 0x80, 0x77,
560 0x03, 0x23, 0x07, 0x4f, 0xff, 0x27, 0xd4, 0x52, 0xce, 0xac, 0xba, 0xd5, 0x8d, 0xab, 0xf8, 0xc9, 0x48, 0x01, 0xf7, 0xea,
561 0xf7, 0x76, 0x2e, 0xbc, 0xdd, 0x7b, 0x7f, 0x60, 0x12, 0x72, 0x4f, 0x04, 0x0e, 0x93, 0x5e, 0x7e, 0x15, 0x09, 0x2b, 0xa1,
562 0x2c, 0xa5, 0x9d, 0x36, 0xd4, 0xbf, 0x5c, 0xb1, 0x19, 0xd4, 0x0e, 0x00, 0x0e, 0x05, 0x7a, 0x84, 0xb0, 0xba, 0xe9, 0x8e,
563 0x15, 0x0a, 0xad, 0x4d, 0x8d, 0x1e, 0xff, 0x10, 0x01, 0x43, 0xbf, 0xa9, 0xbf, 0x3b, 0xdf, 0x86, 0x6b, 0xef, 0x86, 0x63,
564 0xfa, 0x9e, 0x28, 0xda, 0xb7, 0x03, 0x2b, 0x0b, 0xce, 0x12, 0x5f, 0xd8, 0x42, 0xfc, 0x4f, 0x63, 0x93, 0xbe, 0xef, 0x11,
565 0x73, 0xd4, 0xc0, 0xbc, 0x23, 0xc2, 0x99, 0xbc, 0x29, 0xe1, 0xd7, 0x4d, 0xc2, 0xe8, 0x3e, 0xb0, 0xaa, 0x96, 0xed, 0xf8,
566 0x48, 0x20, 0x3d, 0xa6, 0xed, 0xc6, 0xa2, 0x8f, 0x89, 0x45, 0x70, 0xbf, 0xf7, 0xee, 0x6f, 0x2a, 0xd1, 0x93, 0xce, 0xad,
567 0x55, 0xfe, 0xe9, 0xa8, 0xfc, 0x94, 0x24, 0x91, 0x98, 0x0a, 0xac, 0x90, 0xa6, 0xa7, 0x27, 0x05, 0x55, 0xb3, 0x3e, 0xa7,
568 0x08, 0xb0, 0x4b, 0x31, 0xb5, 0xe8, 0x9f, 0x67, 0x74, 0x73, 0x3c, 0x42, 0x84, 0x67, 0x84, 0x97, 0x95, 0x33, 0x00, 0xfe,
569 0x69, 0x61, 0x52, 0x05, 0x4c, 0x8b, 0x65, 0x8e, 0x00, 0xf8, 0xd8, 0xe3, 0x40, 0x66, 0x04, 0x06, 0x09, 0x05, 0x93, 0x49,
570 0x18, 0xa5, 0x41, 0x6f, 0xc3, 0x28, 0xaf, 0x30, 0xaf, 0x43, 0xaa, 0x74, 0x73, 0x9f, 0xdc, 0x58, 0x83, 0xe9, 0x42, 0xa8,
571 0x16, 0xdd, 0xce, 0xf9, 0xbe, 0xe9, 0x33, 0xf8, 0xbf, 0x51, 0x08, 0x25, 0xdf, 0x7a, 0xbe, 0x00, 0x8a, 0xd6, 0x82, 0xf3,
572 0xdb, 0xd0, 0x21, 0x48, 0x5c, 0xd5, 0xea, 0x86, 0xd7, 0xff, 0xe0, 0x2f, 0x93, 0xfc, 0x3e, 0xc8, 0xdd, 0xb8, 0x3e, 0x79,
573 0xd4, 0x22, 0xa3, 0xaa, 0xeb, 0x47, 0xec, 0xaf, 0xd8, 0xf1, 0xa8, 0x71, 0x7e, 0xae, 0x85, 0xff, 0xe1, 0x98, 0x7f, 0x59,
574 0x88, 0x1d, 0xaa, 0x11, 0x89, 0xbe, 0x6e, 0x4e, 0xdc, 0x77, 0xf4, 0xe1, 0x14, 0xcc, 0x1c, 0xd4, 0x8a, 0xc3, 0x0c, 0xff,
575 0xb9, 0x12, 0xc1, 0xf3, 0xb6, 0xcc, 0xa2, 0x01, 0x49, 0xad, 0x59, 0x47, 0x17, 0x4a, 0x1a, 0x90, 0xd0, 0x77, 0x77, 0x3e,
576 0xad, 0xdd, 0x58, 0x08, 0x40, 0x92, 0xb6, 0xcf, 0x84, 0x64, 0x72, 0x84, 0x8d, 0x98, 0x9f, 0x64, 0x28, 0x45, 0x1a, 0xb0,
577 0x88, 0x08, 0xaa, 0x7b, 0x11, 0x15, 0x08, 0xc3, 0x56, 0xa5, 0x0d, 0x7e, 0x04, 0x37, 0xe0, 0x62, 0xbb, 0x34, 0xe9, 0x84,
578 0xb2, 0xd0, 0x1a, 0xec, 0xa9, 0x74, 0x9b, 0xf1, 0x0e, 0x30, 0x84, 0xb0, 0x62, 0x17, 0x92, 0x31, 0x0c, 0x11, 0x9e, 0xa0,
579 0xa7, 0x48, 0x9a, 0xd7, 0xa4, 0x29, 0x05, 0xea, 0xf4, 0x11, 0x21, 0xdd, 0x8e, 0x9b, 0x79, 0x4a, 0x9b, 0x5c, 0xeb, 0x8b,
580 0x55, 0x0b, 0x0d, 0x0d, 0x7e, 0xe0, 0x79, 0x2f, 0x03, 0x52, 0xec, 0x4c, 0x63, 0xa0, 0xa8, 0xc2, 0x66, 0x63, 0xda, 0x18,
581 0xad, 0x93, 0xde, 0xb3, 0xb1, 0xe8, 0x08, 0xf8, 0x98, 0x5d, 0x19, 0x40, 0xae, 0xcd, 0x3e, 0xcd, 0x82, 0x09, 0x0c, 0x05,
582 0x5b, 0x84, 0x77, 0xd4, 0xf8, 0x1b, 0x53, 0xa6, 0xf0, 0x93, 0x85, 0x9c, 0x79, 0x43, 0x71, 0x4c, 0x8f, 0x66, 0x05, 0x7f,
583 0xc4, 0x20, 0x95, 0xfe, 0x1b, 0xd6, 0xf4, 0x2d, 0x4d, 0x42, 0xc6, 0x7f, 0x69, 0x69, 0x1e, 0xad, 0xf5, 0x26, 0xdf, 0x85,
584 0x26, 0xed, 0xf3, 0xe1, 0x5c, 0x1a, 0x86, 0x03, 0xbe, 0xd8, 0x96, 0x77, 0x52, 0xd5, 0x4a, 0xb4, 0xf5, 0xfc, 0x0a, 0xb0,
585 0xee, 0xb5, 0x21, 0x8c, 0xa4, 0x56, 0xf9, 0xf9, 0x05, 0x27, 0x49, 0x2d, 0x5d, 0x11, 0xac, 0xa5, 0x33, 0xe6, 0x55, 0x73,
586 0x54, 0xb9, 0xd1, 0x2a, 0xf8, 0x9a, 0x1d, 0xd3, 0x30, 0x90, 0x41, 0x3f, 0x0c, 0xf1, 0x0c, 0xa9, 0xae, 0xd0, 0x4d, 0xec,
587 0x66, 0x66, 0xc8, 0xb5, 0x57, 0xbc, 0xf4, 0xc0, 0xeb, 0x23, 0xb9, 0xc8, 0x8b, 0x43, 0x70, 0x96, 0x2e, 0x20, 0x14, 0x3a,
588 0x70, 0x3a, 0xf7, 0x83, 0xa9, 0x7b, 0x80, 0x6d, 0xc4, 0x76, 0xa5, 0x83, 0xf0, 0x55, 0xa0, 0x78, 0xc4, 0x7f, 0xc4, 0xae,
589 0xf0, 0xa9, 0x65, 0x5c, 0xd5, 0xda, 0xe1, 0xe1, 0x90, 0xb8, 0xa6, 0x07, 0x2e, 0x30, 0x82, 0x05, 0x6c, 0x06, 0x09, 0x2a,
590 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x05, 0x5d, 0x04, 0x82, 0x05, 0x59, 0x30, 0x82, 0x05, 0x55,
591 0x30, 0x82, 0x05, 0x51, 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04,
592 0xee, 0x30, 0x82, 0x04, 0xea, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30,
593 0x0e, 0x04, 0x08, 0x33, 0x8e, 0xe4, 0x7e, 0x74, 0x9d, 0xf7, 0xfa, 0x02, 0x02, 0x08, 0x00, 0x04, 0x82, 0x04, 0xc8, 0x10,
594 0x10, 0x9b, 0xe5, 0xa8, 0xe1, 0x82, 0x43, 0x54, 0xc5, 0xda, 0xfb, 0x4b, 0x57, 0x45, 0xd3, 0x38, 0xfe, 0x8f, 0x95, 0xf7,
595 0x86, 0x7f, 0x50, 0x15, 0x3a, 0x1a, 0xee, 0xcf, 0x8a, 0xa4, 0x67, 0x2a, 0x62, 0x1e, 0x2d, 0x05, 0xab, 0x21, 0x93, 0xdc,
596 0x37, 0xe3, 0xdb, 0x5c, 0xb9, 0x86, 0x7c, 0x78, 0xab, 0x62, 0x1a, 0xea, 0x7d, 0x51, 0x01, 0x72, 0x3f, 0xcd, 0x40, 0x0b,
597 0x97, 0xae, 0x89, 0xe3, 0x97, 0x81, 0x0e, 0x1f, 0x27, 0x36, 0x46, 0x7b, 0x17, 0xd3, 0xe3, 0x93, 0x8c, 0xde, 0xc3, 0xf1,
598 0x05, 0x0f, 0x0c, 0x40, 0x45, 0x53, 0xe9, 0xf5, 0xa9, 0x42, 0xc9, 0x22, 0x8e, 0xa5, 0xd0, 0x3b, 0xbe, 0xf0, 0x1e, 0x39,
599 0x11, 0xc5, 0xf7, 0x19, 0x27, 0x65, 0x56, 0xb4, 0x4d, 0xe8, 0xee, 0xd3, 0x81, 0x21, 0xb4, 0x43, 0x9d, 0x82, 0x24, 0x03,
600 0x81, 0x06, 0xc5, 0xe2, 0x9c, 0x4e, 0x10, 0x4c, 0x5d, 0xda, 0x1a, 0xc0, 0x8b, 0x54, 0x42, 0x3f, 0x6a, 0x9c, 0x9e, 0xad,
601 0xfd, 0xce, 0x62, 0x30, 0xb9, 0xaf, 0x99, 0xc8, 0xea, 0xd7, 0x3c, 0x8d, 0x81, 0x9a, 0xa4, 0x13, 0x11, 0x56, 0x6a, 0x99,
602 0x18, 0x40, 0x95, 0x65, 0x61, 0x54, 0x94, 0x91, 0x69, 0x37, 0x99, 0xa5, 0xd1, 0xce, 0x76, 0x3d, 0x63, 0x52, 0xb9, 0x8a,
603 0x4e, 0xcb, 0x21, 0x8f, 0x6b, 0xe3, 0xe1, 0x2a, 0x6d, 0xdc, 0x58, 0xf7, 0x1b, 0x9b, 0x9b, 0xa1, 0x6a, 0xe4, 0x60, 0xc6,
604 0x6b, 0x55, 0x35, 0x8c, 0x90, 0xfe, 0x12, 0xe2, 0x4a, 0xd3, 0x5d, 0x55, 0xd1, 0x19, 0x47, 0xcd, 0x3a, 0x74, 0xfb, 0xc8,
605 0xfe, 0xb1, 0x82, 0xe9, 0x50, 0xb9, 0x80, 0x77, 0x4a, 0x18, 0xc5, 0xe0, 0x3d, 0x45, 0xe8, 0xf7, 0xd3, 0x96, 0x0f, 0x88,
606 0x09, 0xf0, 0x49, 0xe7, 0xcf, 0x44, 0xfd, 0xe8, 0x33, 0x22, 0x98, 0x7f, 0x06, 0x1b, 0xf7, 0x54, 0xf6, 0xd1, 0xd1, 0x05,
607 0xa8, 0x17, 0x94, 0x41, 0xbf, 0x2b, 0x80, 0xca, 0x41, 0xc5, 0xdc, 0xeb, 0xee, 0x1b, 0xad, 0xbe, 0xae, 0xcf, 0x67, 0x9b,
608 0xfb, 0x88, 0x3d, 0xc0, 0x70, 0xb2, 0xbe, 0x16, 0x7c, 0x35, 0xa9, 0xc5, 0xdc, 0xa0, 0x2d, 0x0a, 0x59, 0x9a, 0x59, 0x51,
609 0x76, 0x35, 0x85, 0x8f, 0xc7, 0xf7, 0x56, 0x0c, 0xdc, 0xc6, 0xe4, 0x6a, 0xe8, 0x26, 0x6f, 0xd4, 0x4e, 0x0a, 0xa5, 0x99,
610 0x3b, 0xcc, 0x0a, 0xa3, 0x44, 0x24, 0x31, 0x28, 0x4f, 0x84, 0xeb, 0x5b, 0x00, 0xf4, 0xa2, 0xf0, 0xdd, 0xfe, 0xe0, 0x57,
611 0x5a, 0x9a, 0xc0, 0x64, 0x9f, 0x9c, 0x5e, 0xf8, 0x42, 0x74, 0x54, 0xe8, 0xc4, 0x3b, 0x70, 0xe3, 0xd3, 0x08, 0x9e, 0x13,
612 0xbd, 0xeb, 0x5f, 0x01, 0xe6, 0x08, 0xb8, 0x6a, 0xae, 0xe8, 0xe3, 0x9a, 0x89, 0x29, 0xb8, 0x2d, 0xb3, 0x29, 0x19, 0xee,
613 0x6e, 0x3d, 0x66, 0xa1, 0x04, 0xbb, 0x17, 0xe1, 0x5b, 0xb7, 0xaa, 0x87, 0x76, 0xe5, 0x88, 0x6c, 0x24, 0x26, 0xdf, 0x69,
614 0x6b, 0x40, 0xd6, 0x42, 0x13, 0xc4, 0x0a, 0x09, 0xfb, 0x92, 0x41, 0x34, 0x85, 0x6a, 0xd9, 0xb2, 0xa6, 0x3b, 0xb2, 0xbd,
615 0xae, 0x50, 0x9a, 0x1a, 0xc4, 0xe1, 0xd7, 0x86, 0x3c, 0xb9, 0xf5, 0x5f, 0x99, 0x2a, 0x2a, 0xfb, 0x64, 0x2e, 0x33, 0xb2,
616 0x2b, 0xb5, 0x0b, 0x87, 0x19, 0x7f, 0xc1, 0xfa, 0xa3, 0x0f, 0x8c, 0xff, 0xda, 0x64, 0x48, 0xa7, 0xe8, 0x85, 0x10, 0x2a,
617 0x61, 0x1d, 0x59, 0xf8, 0x1b, 0x46, 0x8a, 0x7a, 0xa2, 0x44, 0x90, 0xd9, 0x1d, 0xe6, 0xe7, 0x69, 0x53, 0x1c, 0xd6, 0x02,
618 0x27, 0x2c, 0x86, 0xed, 0xbc, 0xe8, 0xf8, 0xb9, 0xbd, 0x8c, 0xd4, 0x12, 0xf0, 0xb9, 0x66, 0x61, 0xf8, 0xda, 0x7c, 0x7c,
619 0xb6, 0x72, 0xa4, 0xd6, 0xd8, 0x84, 0x0b, 0x06, 0x85, 0x25, 0x5e, 0xf8, 0x4d, 0xad, 0xcc, 0x60, 0x00, 0x61, 0xf0, 0xf0,
620 0x38, 0x65, 0xe5, 0x4e, 0xfc, 0xd3, 0x8b, 0x3e, 0xae, 0xf1, 0x29, 0x2e, 0x9f, 0xb1, 0x59, 0x0c, 0x65, 0x03, 0x2e, 0x1f,
621 0x95, 0xd8, 0x07, 0x19, 0x3d, 0x85, 0x27, 0xfa, 0xc5, 0x35, 0xec, 0x69, 0xda, 0x2f, 0x9e, 0x40, 0xa7, 0x5c, 0x0b, 0xed,
622 0xac, 0xc4, 0x99, 0xa3, 0x63, 0xef, 0x73, 0x24, 0x9c, 0x43, 0x1c, 0x45, 0x36, 0xb9, 0x33, 0xf4, 0x2e, 0xbd, 0x7e, 0xb6,
623 0xf0, 0xd1, 0xf6, 0x86, 0xf4, 0x2c, 0x1d, 0xc2, 0xc6, 0x62, 0xcf, 0x6d, 0x70, 0x89, 0x9f, 0x36, 0x26, 0xbe, 0xa3, 0x4b,
624 0x23, 0x00, 0xbc, 0x62, 0x85, 0x35, 0xa4, 0x25, 0x23, 0xae, 0x60, 0x82, 0x02, 0x25, 0xfd, 0x5b, 0x6a, 0xa1, 0x6b, 0x1b,
625 0xcf, 0x42, 0x40, 0xca, 0xee, 0x95, 0x08, 0xd4, 0x5b, 0xa7, 0xc8, 0x29, 0x0b, 0xea, 0xe3, 0x19, 0xb4, 0x85, 0xb7, 0x0d,
626 0xcf, 0x3a, 0x0f, 0x51, 0x15, 0x84, 0x4a, 0x1d, 0xad, 0x7f, 0xd0, 0x41, 0x93, 0x10, 0x31, 0xb1, 0x54, 0xfb, 0x19, 0xad,
627 0x96, 0x09, 0xb8, 0x65, 0x3f, 0xe2, 0x57, 0x40, 0xb5, 0x0c, 0xc9, 0x89, 0x52, 0x56, 0x10, 0xda, 0xe0, 0x10, 0x18, 0x91,
628 0xbb, 0xe2, 0xe3, 0x2c, 0x8e, 0xd7, 0x43, 0x7a, 0xdc, 0xbb, 0x76, 0x67, 0x25, 0x9c, 0x81, 0xec, 0x59, 0x7c, 0xdc, 0xea,
629 0x02, 0x29, 0x80, 0xdf, 0x20, 0xaf, 0xba, 0x26, 0xe1, 0x49, 0xcf, 0x7e, 0x69, 0x36, 0x77, 0xad, 0x0b, 0xcc, 0x7d, 0x10,
630 0x3f, 0x31, 0x60, 0x0e, 0x17, 0x36, 0x8c, 0xbd, 0x4d, 0x80, 0xe8, 0xe7, 0x7a, 0x7a, 0x1e, 0x17, 0x77, 0x79, 0x9a, 0x1f,
631 0xd7, 0x2f, 0x76, 0xf2, 0x4a, 0x52, 0xd9, 0x9f, 0x02, 0x2c, 0xc7, 0xd5, 0x0f, 0x05, 0x8b, 0x59, 0xd9, 0x13, 0xdc, 0x57,
632 0xbb, 0x56, 0xd0, 0xc4, 0x13, 0xac, 0x34, 0x05, 0x19, 0x92, 0xb6, 0x18, 0x12, 0x26, 0xe1, 0xe6, 0xe9, 0x8d, 0x6a, 0xad,
633 0x83, 0x95, 0xcf, 0x7f, 0x91, 0xad, 0xe3, 0x9f, 0x15, 0x05, 0x95, 0x96, 0x8d, 0x80, 0xc3, 0x13, 0x09, 0xac, 0xa4, 0xd9,
634 0xfe, 0xb1, 0xb3, 0x9d, 0x94, 0x49, 0xb9, 0x2d, 0x84, 0x64, 0x4d, 0x75, 0xb8, 0x58, 0x75, 0xec, 0x30, 0x0a, 0xf7, 0x96,
635 0xf3, 0xc8, 0x19, 0xa8, 0xbd, 0x62, 0x14, 0x00, 0xb4, 0x26, 0x35, 0x3f, 0x78, 0x43, 0xb1, 0xab, 0x8f, 0xab, 0xa1, 0xf3,
636 0x43, 0x87, 0xb3, 0x88, 0x1f, 0xc1, 0x89, 0x6c, 0xcf, 0x1f, 0x38, 0x1c, 0xe0, 0x68, 0xcc, 0x93, 0x46, 0x8c, 0xde, 0x4c,
637 0x2c, 0x27, 0x6d, 0xb6, 0x91, 0xa8, 0xc5, 0xee, 0xf7, 0x47, 0x17, 0x5a, 0x11, 0xb2, 0x3a, 0xbc, 0x35, 0xee, 0x05, 0xc3,
638 0x17, 0x63, 0x69, 0x77, 0xbd, 0x43, 0x80, 0x71, 0xe9, 0xd6, 0x8c, 0xdd, 0xef, 0x0a, 0xf8, 0x59, 0x1d, 0x61, 0xd6, 0x19,
639 0x64, 0x71, 0xe7, 0x3c, 0x36, 0xd8, 0x07, 0x5d, 0x6c, 0x0f, 0x28, 0x99, 0xa6, 0x9e, 0x01, 0x1b, 0x4c, 0x9a, 0x5f, 0xde,
640 0x96, 0xb0, 0x61, 0x0a, 0x9c, 0xeb, 0x2a, 0x29, 0x09, 0x1b, 0xaa, 0x62, 0x75, 0x5e, 0xd5, 0x9f, 0xe1, 0x12, 0x69, 0xa2,
641 0x1d, 0xbd, 0x97, 0x10, 0xdd, 0x62, 0xf9, 0x27, 0x47, 0xf2, 0x64, 0x12, 0xce, 0x95, 0xc0, 0xdc, 0xd6, 0x92, 0x48, 0xb4,
642 0xb2, 0x18, 0x78, 0x2e, 0xaf, 0xb0, 0xd7, 0x48, 0x98, 0x29, 0x1b, 0xb9, 0x50, 0xf7, 0x95, 0x26, 0x53, 0xc4, 0xd6, 0x6f,
643 0x26, 0x5f, 0x95, 0x9f, 0x51, 0xf3, 0x96, 0xbc, 0xca, 0xff, 0x0d, 0x8a, 0x69, 0xa5, 0xb0, 0x82, 0x02, 0x3e, 0x77, 0xb7,
644 0x87, 0xea, 0x2a, 0xc0, 0x2e, 0xc7, 0xb6, 0x2c, 0x06, 0x19, 0x8f, 0x84, 0x46, 0xd6, 0x58, 0xf2, 0xb8, 0x8a, 0xdb, 0xd2,
645 0x72, 0xe0, 0xc1, 0xa7, 0xb5, 0xb0, 0xb0, 0x2b, 0x83, 0xbb, 0x3b, 0x85, 0x3d, 0xcc, 0xc2, 0x89, 0x77, 0x65, 0x8d, 0x3c,
646 0x03, 0xbe, 0x84, 0x78, 0xf7, 0x2a, 0x32, 0x9c, 0x02, 0x23, 0x7b, 0x25, 0x42, 0xec, 0x4f, 0x29, 0x77, 0x79, 0xc1, 0x48,
647 0x46, 0xde, 0x76, 0xdb, 0x23, 0x9b, 0x5a, 0xee, 0xc7, 0xd1, 0x40, 0x73, 0x39, 0xa5, 0x23, 0x41, 0x66, 0x4c, 0x24, 0x1f,
648 0xaa, 0xd8, 0xc7, 0x3c, 0xc4, 0xd5, 0xd7, 0x3b, 0x2d, 0x00, 0x1c, 0x49, 0x17, 0x7a, 0xb5, 0x90, 0x6c, 0x6b, 0x43, 0x2f,
649 0x61, 0x6b, 0x8a, 0xdc, 0xb9, 0x58, 0xa8, 0x92, 0x49, 0x3e, 0xe9, 0x32, 0xc9, 0x3c, 0x4e, 0xeb, 0x2e, 0x15, 0xb8, 0x78,
650 0x9f, 0x30, 0x05, 0xd7, 0x4d, 0x71, 0xe8, 0xd0, 0x98, 0x7c, 0xe5, 0x3b, 0xc7, 0x65, 0x27, 0x5b, 0x16, 0x35, 0x77, 0xfc,
651 0x97, 0xf8, 0x1a, 0x07, 0xc2, 0x50, 0x67, 0x71, 0x7d, 0xd4, 0xd6, 0x55, 0x83, 0x8b, 0x15, 0xb1, 0xac, 0xba, 0xba, 0x8c,
652 0x73, 0x6e, 0x58, 0xf9, 0x1a, 0x3a, 0x1b, 0xc0, 0xe5, 0x90, 0x5a, 0xae, 0x96, 0xeb, 0x05, 0xe1, 0x37, 0xaa, 0xeb, 0x0c,
653 0xb9, 0xf2, 0xd4, 0x24, 0x82, 0x70, 0x64, 0x7a, 0x9b, 0x13, 0x27, 0xab, 0xb9, 0x18, 0xc8, 0xc7, 0xa3, 0x36, 0x5c, 0x7d,
654 0xff, 0xb8, 0xde, 0xbb, 0x9b, 0xc8, 0x78, 0xdf, 0xc8, 0x99, 0x39, 0x9e, 0xce, 0x1b, 0xe0, 0x09, 0x53, 0x00, 0x7d, 0xad,
655 0x86, 0x87, 0x8a, 0x31, 0x50, 0x30, 0x29, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x14, 0x31, 0x1c,
656 0x1e, 0x1a, 0x00, 0x54, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x20, 0x00, 0x53, 0x00, 0x53, 0x00, 0x4c, 0x00, 0x20,
657 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
658 0x15, 0x31, 0x16, 0x04, 0x14, 0xa6, 0x63, 0xd5, 0xb2, 0xb4, 0x24, 0x91, 0x4c, 0x75, 0xa8, 0x11, 0x34, 0xd7, 0x7f, 0xb0,
659 0xa3, 0x55, 0xd4, 0xfd, 0x9a, 0x30, 0x30, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00,
660 0x04, 0x14, 0x2f, 0xc5, 0x73, 0xe2, 0xe4, 0xb4, 0x77, 0xfb, 0xb5, 0x49, 0x80, 0xcf, 0x13, 0xbe, 0x63, 0x7e, 0xaf, 0xdc,
661 0x2b, 0xae, 0x04, 0x08, 0xdc, 0x37, 0x8d, 0x3f, 0x8d, 0xc5, 0x94, 0x54, 0x02, 0x01, 0x01
662 };
663 unsigned int Test_ssl_user_p12_len = 2695;
664
665
666 /* Test identity (PKCS12 data), SMIME cert, expired in 2008
667 */
668 unsigned char TestIDSMIME2007_p12[2805] = {
669 0x30,0x82,0x0a,0xf1,0x02,0x01,0x03,0x30,0x82,0x0a,0xb8,0x06,0x09,0x2a,0x86,0x48,
670 0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x82,0x0a,0xa9,0x04,0x82,0x0a,0xa5,0x30,0x82,
671 0x0a,0xa1,0x30,0x82,0x05,0x17,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,
672 0x06,0xa0,0x82,0x05,0x08,0x30,0x82,0x05,0x04,0x02,0x01,0x00,0x30,0x82,0x04,0xfd,
673 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0x30,0x1c,0x06,0x0a,0x2a,
674 0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x01,0x06,0x30,0x0e,0x04,0x08,0x3f,0x0b,0xd9,
675 0x3c,0x80,0x6d,0x5e,0x7b,0x02,0x02,0x08,0x00,0x80,0x82,0x04,0xd0,0x08,0x25,0x32,
676 0xdc,0x7b,0xed,0x8a,0x29,0xf8,0x56,0x84,0x51,0x5c,0x6d,0xe6,0xe6,0x34,0xf8,0x03,
677 0xb3,0x80,0xe2,0xf4,0x0e,0x3f,0x1f,0xad,0x12,0x11,0x27,0x56,0xe8,0x89,0x59,0x90,
678 0x03,0xf0,0xa7,0xc2,0xde,0xd0,0x70,0xbf,0x2c,0xea,0x01,0xe7,0xbd,0xba,0xaf,0xfc,
679 0x07,0x84,0x2f,0xdb,0x65,0xa0,0x7b,0x4b,0x6a,0xab,0xe4,0xbd,0xd0,0xbb,0x31,0xaf,
680 0x90,0x8c,0xa8,0x71,0x10,0x23,0x96,0x67,0x44,0xdd,0x02,0x72,0xd2,0x0f,0xca,0xcb,
681 0x4f,0xc2,0x14,0x04,0xfa,0xde,0x31,0xa5,0x2f,0x97,0xc0,0x2a,0xdd,0xdd,0x91,0x62,
682 0xa7,0xf7,0x9b,0x43,0x57,0x7d,0x4d,0x1c,0xb1,0x92,0xba,0xae,0xa1,0x24,0x6c,0x99,
683 0x81,0x49,0x56,0x46,0x8b,0xea,0x7c,0x16,0x19,0x76,0xf7,0x40,0x06,0x82,0xe2,0x5b,
684 0x3f,0xd8,0x2c,0x87,0x60,0xf7,0xae,0xaa,0xa5,0xba,0x96,0xbf,0x5c,0x86,0x57,0x81,
685 0x8d,0xbf,0x6c,0xe1,0xd1,0xb9,0x20,0x93,0x27,0xfc,0xe6,0x35,0x80,0xaa,0xfb,0xe6,
686 0x4b,0xfd,0x4f,0xa4,0x06,0x05,0x46,0x85,0x66,0x15,0xfb,0x83,0x2b,0x42,0x26,0x98,
687 0xc8,0x69,0x24,0xa1,0x71,0xb4,0x56,0x38,0x3d,0x5e,0xc2,0x13,0x34,0xab,0x2f,0xb1,
688 0x33,0x6e,0xf0,0x07,0x80,0xdd,0x0e,0x6f,0x19,0x01,0xaf,0xff,0x5f,0xc3,0xea,0x24,
689 0x5a,0x6d,0xad,0xb3,0x10,0xbb,0x63,0x02,0x14,0x38,0xa9,0x21,0x83,0xb9,0xc3,0x23,
690 0xba,0xfc,0x56,0x76,0x4d,0x46,0x43,0xd1,0x09,0x37,0x1f,0x79,0xe5,0x70,0x93,0xb5,
691 0x0f,0x21,0xe3,0xef,0x0b,0x4d,0x87,0x0c,0x68,0xf5,0x16,0xc0,0x13,0xee,0x28,0xe8,
692 0x49,0xaa,0x60,0x61,0xe5,0x76,0xe6,0x8e,0xd6,0xae,0x52,0x70,0xb2,0x70,0xbf,0xeb,
693 0xd2,0xd8,0xb8,0x92,0x71,0x6e,0xb8,0x59,0xdf,0xee,0xad,0xc1,0x55,0x14,0x4b,0x52,
694 0x0c,0x20,0x4c,0x79,0x93,0x71,0xe6,0xc5,0xbc,0xf3,0xf3,0x14,0x13,0xd0,0xcd,0x1c,
695 0x62,0x21,0xc0,0xcf,0x4e,0xf5,0xda,0x52,0xbf,0x2c,0x86,0x8f,0xb5,0x67,0xf5,0x72,
696 0xbb,0xe9,0xb8,0x86,0x17,0xd9,0x35,0x49,0xae,0x0a,0x99,0x94,0xa5,0xaa,0x96,0xf4,
697 0x95,0xfe,0x4a,0xe2,0x13,0x46,0xcb,0xd9,0x8b,0x48,0x50,0xff,0x34,0x88,0x12,0xe7,
698 0x9b,0x00,0x8d,0x57,0x94,0x44,0xa5,0xe6,0xd1,0x7f,0x34,0xbb,0x33,0x9f,0xc3,0x12,
699 0x3b,0xb2,0xba,0xb6,0xb3,0x15,0x9e,0xaf,0x90,0x5e,0x2e,0x61,0x0d,0xe6,0x02,0x25,
700 0x41,0x55,0x18,0xc9,0x4a,0x5a,0x0a,0xb2,0xf5,0x99,0x8a,0x27,0xc7,0xd7,0x01,0x96,
701 0x9e,0x4c,0x05,0x7f,0x54,0x90,0x08,0x92,0x9c,0xf2,0xbd,0x0d,0x7d,0x37,0x5a,0x57,
702 0x1d,0x5b,0xcb,0xce,0xc1,0x58,0x5e,0x50,0x73,0x4d,0x61,0x28,0x18,0x90,0x2d,0xac,
703 0x91,0x4b,0x5e,0x5f,0x57,0x29,0x58,0x65,0xba,0xa4,0x11,0x92,0xa8,0xf4,0xac,0xa8,
704 0x39,0x1c,0x52,0x14,0x09,0x13,0xdd,0x4e,0xfa,0xef,0xba,0x4f,0x48,0xc3,0x46,0x4e,
705 0xb9,0x8d,0xff,0x5e,0x28,0xb8,0xcc,0x99,0x7f,0x3a,0xdc,0xf4,0x90,0x5c,0x41,0x14,
706 0x4b,0xbc,0x6b,0xa3,0x01,0x78,0x87,0xc1,0x86,0xd7,0xad,0x98,0xa0,0xc6,0x82,0x35,
707 0x76,0x41,0x6f,0xf1,0xee,0x54,0xbd,0xef,0xef,0xfc,0x2b,0x88,0x56,0x61,0xb1,0x93,
708 0xa0,0xe5,0x8e,0x1e,0xb4,0xb1,0x39,0xb3,0xd3,0x85,0xe0,0xa2,0x61,0x4b,0xe8,0x24,
709 0xc3,0xdd,0x48,0x2a,0xfd,0x5a,0x98,0x7a,0x98,0x2a,0xc7,0x81,0x4c,0x3d,0x3b,0x0c,
710 0x42,0x69,0x42,0x87,0xf1,0x5f,0x13,0x47,0xf6,0x89,0xc5,0x5e,0x47,0x84,0x59,0x81,
711 0x97,0xef,0x22,0x79,0x16,0x37,0xdc,0x74,0x66,0x30,0x81,0xbc,0x45,0x21,0xe4,0x75,
712 0x69,0xe4,0x64,0x2b,0x98,0x97,0x61,0xe1,0x34,0xdf,0x4a,0x37,0x65,0x74,0xdc,0xe1,
713 0x71,0x37,0xd6,0x2c,0x54,0x83,0x7a,0x91,0xc4,0xa6,0xfe,0x09,0x12,0xf3,0xf5,0x2b,
714 0xec,0xe9,0x63,0xa3,0x25,0x0f,0x6f,0xd1,0xb0,0x95,0x3f,0x7f,0xab,0xa7,0x25,0x9b,
715 0x85,0xdb,0xcf,0x6e,0x0e,0xc0,0x8d,0xd3,0xca,0x0e,0xd2,0x98,0xeb,0x77,0x39,0xf4,
716 0x1a,0x30,0xe6,0x76,0x6d,0xba,0xc0,0x61,0x55,0x4e,0xbe,0x88,0x32,0xb2,0xae,0x16,
717 0x27,0xbd,0x61,0xc5,0x48,0x26,0x0f,0x05,0x1a,0x42,0xa6,0xd9,0x29,0xf8,0x58,0x96,
718 0x16,0x1d,0xad,0xf4,0x58,0xc6,0x79,0x46,0xdf,0x1f,0x25,0x43,0xaa,0xf5,0xc3,0x1f,
719 0x75,0x36,0x1c,0x17,0xd2,0x4d,0x88,0xf6,0x37,0x35,0x21,0x1f,0x0f,0x45,0x85,0x13,
720 0x50,0x85,0x0a,0xa2,0xb4,0x96,0x7a,0xe4,0x0a,0x27,0x74,0x87,0x1b,0x11,0xaa,0x7c,
721 0x35,0xf6,0xb6,0x49,0x8d,0x58,0x30,0x16,0xb7,0x36,0xd6,0xd8,0x82,0xe6,0x3d,0xa4,
722 0xdf,0xa7,0xc4,0xc7,0xfe,0x81,0x01,0xa6,0xda,0x63,0x10,0x9f,0x2b,0x84,0x14,0x62,
723 0xb8,0x37,0x9b,0xb4,0x3f,0x62,0x6b,0x76,0x36,0x39,0xb7,0x41,0xaf,0xb9,0xc9,0xf8,
724 0xa5,0x20,0x1f,0x0c,0xfc,0x71,0xca,0x6f,0x56,0x4d,0x6b,0x23,0x5b,0xb2,0x77,0x6f,
725 0x83,0xcc,0x8e,0x8c,0x78,0xda,0x4a,0xbf,0x92,0xd4,0x20,0xfe,0x43,0x6a,0xd4,0x7e,
726 0xd5,0x6c,0x56,0xdb,0xf8,0x94,0x01,0xc8,0x6f,0xdb,0x00,0x9c,0x0b,0x4c,0x97,0xa5,
727 0x2b,0xc1,0x46,0x19,0x91,0x34,0x05,0x9b,0x33,0x20,0xb2,0x79,0xe5,0x00,0x3d,0xb2,
728 0x54,0x4f,0xfa,0x23,0xaa,0xfa,0x3d,0x0c,0x83,0xcf,0x81,0xd1,0xd0,0x12,0x03,0x34,
729 0xda,0x6b,0xbb,0x63,0xbe,0x1b,0x3c,0x53,0x91,0x2b,0x7e,0xd7,0x76,0x62,0x6e,0xc9,
730 0xb1,0x3d,0x74,0x9f,0x96,0xfb,0x66,0xad,0x35,0xba,0x23,0x10,0x9b,0xab,0xc3,0x8a,
731 0x87,0xd1,0x0b,0xa2,0x99,0x34,0x8a,0x43,0x90,0xe9,0x65,0xe7,0x69,0x09,0x61,0x5f,
732 0xce,0x42,0x58,0x69,0xdf,0x8b,0x0c,0x5a,0xa0,0x6a,0x25,0x33,0x29,0x9e,0x23,0xbb,
733 0x77,0xf9,0xa4,0x2f,0x66,0x86,0xc5,0x38,0xf6,0x3d,0xcb,0x03,0xbf,0x94,0x9d,0x56,
734 0x73,0x53,0x9d,0xf4,0xc6,0xad,0x22,0x6d,0xff,0x92,0x90,0x63,0x80,0x5b,0xd2,0x4b,
735 0x18,0xcd,0xc5,0xe1,0xdb,0x4d,0x96,0xc4,0x29,0x0b,0x0e,0xb8,0x18,0x53,0x66,0x49,
736 0x20,0x8e,0xef,0x25,0x93,0x48,0x12,0xe6,0x36,0xd4,0x33,0xcc,0x4d,0x99,0xbd,0x94,
737 0x96,0x61,0xb2,0x7a,0x76,0x7f,0xa1,0xd9,0x1b,0x77,0xfc,0xb7,0x54,0xaf,0x6c,0xeb,
738 0xec,0x90,0x15,0x21,0x2f,0xe2,0x40,0x05,0x23,0x0c,0x2a,0xe2,0xda,0xa0,0x9b,0x0c,
739 0xc7,0x8b,0x31,0xd7,0x8e,0x91,0x95,0x39,0x79,0xd7,0x6d,0xbf,0x86,0x24,0x4d,0xcd,
740 0x72,0x43,0x05,0x56,0xc0,0xe1,0x0c,0xed,0x51,0xa3,0xa9,0x85,0x74,0x41,0x20,0xe2,
741 0x37,0x66,0x80,0x40,0x02,0xf2,0x4b,0x60,0x36,0x4f,0xcf,0x12,0x5a,0x22,0xbc,0x6c,
742 0x21,0xb1,0x2f,0x0c,0x4a,0x26,0xc2,0x14,0x23,0xb3,0x91,0x17,0x48,0x9e,0x27,0x6d,
743 0x6a,0x2f,0xaf,0x58,0xe4,0xf7,0x4d,0x40,0x4b,0xd9,0x52,0xa0,0xf6,0x5e,0xc3,0x36,
744 0xda,0xa6,0x27,0x81,0x1e,0x7c,0x61,0x45,0x93,0x1a,0xa6,0x9d,0x16,0x61,0x95,0xed,
745 0x20,0x2c,0x49,0x6d,0x8f,0x8d,0x1a,0x44,0x89,0x0a,0xce,0x3c,0x00,0x9c,0x76,0x76,
746 0xa5,0x0b,0x40,0x52,0xf2,0xb9,0x30,0xae,0xab,0x04,0x41,0xa1,0x30,0x2f,0x43,0x1b,
747 0x68,0xdb,0x7c,0x4d,0x6c,0xe6,0x05,0xfc,0xa4,0xab,0xd2,0x0a,0x75,0x0c,0xd9,0x40,
748 0x09,0xf1,0xcb,0x5e,0x0a,0x09,0x2c,0x75,0xbc,0x79,0xa5,0xd5,0xb5,0xde,0x07,0xfd,
749 0x27,0x31,0x96,0xad,0x66,0xc6,0xa6,0x5e,0x0a,0x57,0x06,0x39,0x03,0xe4,0x84,0x61,
750 0xcf,0x25,0x6c,0xcd,0x56,0xf4,0xe7,0xd1,0xff,0x93,0x6c,0x2d,0xd6,0xcf,0x0d,0xe6,
751 0x1e,0xe5,0x57,0x37,0xa6,0x6d,0xec,0xa1,0xde,0xe8,0x1f,0x64,0x90,0x5e,0x70,0xe2,
752 0xe8,0x05,0x24,0xac,0x36,0xe1,0xea,0x75,0xdf,0x60,0xe2,0xbf,0xc2,0x30,0x82,0x05,
753 0x82,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x82,0x05,0x73,
754 0x04,0x82,0x05,0x6f,0x30,0x82,0x05,0x6b,0x30,0x82,0x05,0x67,0x06,0x0b,0x2a,0x86,
755 0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x02,0xa0,0x82,0x04,0xee,0x30,0x82,0x04,
756 0xea,0x30,0x1c,0x06,0x0a,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x01,0x03,0x30,
757 0x0e,0x04,0x08,0xf4,0xa6,0x0f,0xb4,0x2e,0x8e,0x48,0xa6,0x02,0x02,0x08,0x00,0x04,
758 0x82,0x04,0xc8,0x0a,0x64,0x3b,0x68,0x4a,0x9a,0xf0,0xf6,0x80,0x65,0x2d,0xca,0xa6,
759 0x74,0x33,0x32,0xf3,0x71,0x97,0x27,0x24,0x3c,0xd1,0xaf,0x8b,0xfb,0xee,0x69,0x40,
760 0xfc,0xff,0x45,0x32,0x3a,0x1a,0xd1,0x35,0x2d,0xae,0xce,0xd6,0x84,0x5b,0x2b,0x20,
761 0x91,0xf8,0x26,0xa6,0x13,0x19,0x21,0x3e,0x8d,0xbb,0x30,0xef,0xdd,0x99,0x58,0x00,
762 0x61,0x57,0xe5,0x1b,0xc6,0x96,0xbe,0x7f,0x9e,0x95,0x47,0x7c,0xdf,0xf1,0x09,0x8f,
763 0xb9,0xa8,0x99,0x0d,0xf1,0x2a,0xe0,0xfd,0x08,0x92,0xf7,0x56,0x45,0x2e,0xb0,0xf4,
764 0x2b,0xf9,0x36,0x43,0xb2,0xbf,0x63,0x82,0x59,0x41,0x25,0x70,0xd6,0x49,0xe8,0x15,
765 0x7f,0x77,0x7c,0x7c,0xb3,0xab,0x7e,0xb6,0x16,0xd9,0xf7,0x22,0xa6,0x23,0x00,0x6a,
766 0x0e,0x62,0xfa,0xd6,0xe2,0x51,0x13,0x0e,0x99,0x9e,0x12,0x48,0xfa,0x71,0xea,0x47,
767 0xeb,0xf7,0xd9,0x9d,0x6f,0xa1,0x77,0x55,0xff,0x30,0xf7,0x68,0x33,0xee,0x26,0x16,
768 0xf6,0x43,0x63,0x4e,0xb7,0x16,0x97,0xd3,0x49,0x1c,0xf1,0x9e,0xe0,0xe5,0x77,0x52,
769 0xca,0x13,0x48,0x8f,0x11,0x23,0x0d,0x87,0x38,0xa7,0xf3,0x81,0x65,0x96,0xff,0xc7,
770 0xb4,0x0f,0x39,0x59,0xff,0x39,0x5a,0x55,0x2b,0x7b,0xab,0x34,0x11,0x42,0x47,0x42,
771 0x0c,0xb0,0x71,0x64,0x73,0xa5,0x1d,0x88,0x6e,0xa4,0x61,0x3c,0x67,0x18,0x67,0x2b,
772 0x42,0xa1,0x2e,0x60,0xae,0x82,0x3e,0x37,0xc8,0x2e,0x8a,0x80,0x2e,0x9c,0x5d,0xe4,
773 0x37,0x58,0xcb,0x6e,0x38,0x75,0x76,0x9a,0xaf,0x25,0xd3,0xb2,0xbe,0xf5,0x36,0x4f,
774 0x09,0x05,0xe2,0xe3,0x20,0x03,0x64,0x6f,0x94,0x3b,0xec,0x40,0x8c,0xe1,0x7e,0xed,
775 0x94,0xfa,0xed,0x9c,0x4d,0x1d,0xd7,0x31,0x1b,0x9d,0xf3,0xf5,0x1b,0xa0,0xf9,0xc8,
776 0xd6,0xf0,0x5e,0xe5,0x26,0x17,0x42,0x18,0xd8,0xe3,0x04,0x65,0xdf,0xa3,0xe6,0x16,
777 0x16,0xd5,0xfb,0xbe,0x08,0x1e,0xbf,0xd2,0x0e,0xd5,0x2b,0x4b,0x78,0xb2,0x80,0xf3,
778 0x8c,0xe6,0x74,0x89,0xe8,0xce,0xa6,0x2b,0xa5,0x38,0x1f,0x2f,0x87,0x93,0x51,0x35,
779 0xe8,0xad,0x6c,0x8d,0x95,0xbd,0xc0,0x24,0xa5,0x14,0x25,0x2d,0xdf,0x4e,0x77,0x32,
780 0x68,0xc0,0x91,0xad,0x51,0x95,0x25,0x44,0x7a,0xd7,0x4c,0x75,0xdf,0x73,0xe5,0x2b,
781 0xeb,0x1c,0xd3,0xe9,0x42,0xa7,0x5a,0x58,0x85,0x06,0xf0,0xcb,0x38,0x51,0x6d,0x09,
782 0x57,0x14,0x6f,0xd8,0x55,0x0c,0x7a,0x77,0x7f,0xb5,0x20,0xe8,0xd0,0xbd,0x88,0x5a,
783 0xad,0xe6,0xf5,0x02,0x2c,0x7d,0x0b,0xfb,0xe4,0x07,0xad,0xa2,0xd5,0x0c,0xc5,0xbc,
784 0x66,0xc4,0x19,0x48,0xe8,0xa2,0x60,0xdd,0xd2,0xf8,0x03,0x9a,0xd9,0x68,0x4d,0xa9,
785 0xd8,0xfa,0xda,0xa3,0x6f,0xcc,0x53,0xea,0x11,0x7e,0xa0,0xa8,0x8f,0xec,0xdb,0xc0,
786 0x2a,0x40,0xc6,0x84,0x58,0x4f,0x2a,0x23,0x4c,0xbc,0xfe,0xaa,0x78,0x58,0x9c,0xdd,
787 0x6c,0xd5,0x63,0xe9,0xe6,0x78,0xc2,0x73,0x14,0xd5,0x11,0xc3,0x2a,0xf5,0x8a,0x46,
788 0x78,0xfc,0x5a,0x59,0xc9,0x9a,0x7f,0xba,0x94,0x44,0xb3,0x45,0x83,0x08,0x94,0x4d,
789 0x72,0x0b,0x0f,0xd6,0x89,0x9a,0x75,0x6b,0x31,0xcb,0xeb,0x55,0x85,0x38,0x2c,0x3e,
790 0x9b,0x86,0xf0,0x58,0x0f,0x4c,0x93,0x24,0xec,0xd5,0xa3,0x61,0x3a,0x79,0x76,0xab,
791 0x37,0x63,0x2d,0x79,0xde,0x6d,0xa3,0x7f,0xf2,0xf0,0x8c,0x45,0xe6,0xce,0x97,0xc6,
792 0x88,0xfd,0x93,0xe0,0xf9,0xd0,0x93,0x6a,0x77,0xa4,0x28,0xc3,0x02,0x77,0x87,0xf6,
793 0x22,0xfa,0x2b,0x0b,0x31,0xcf,0xe2,0xce,0xaa,0xd9,0x65,0xa6,0x96,0x53,0x8d,0xc7,
794 0x67,0xaf,0x0c,0x0f,0xbc,0x51,0xdf,0x0b,0xc4,0xf8,0x06,0x46,0x07,0x12,0x95,0xce,
795 0x38,0x8e,0xe7,0x8f,0x8d,0x46,0x68,0xbe,0xa5,0x40,0xdc,0xed,0xab,0x76,0x5c,0x87,
796 0xac,0xb3,0x5f,0xb9,0xfd,0x9d,0x79,0x54,0x28,0xc2,0x19,0x2e,0x46,0x3f,0x1f,0x67,
797 0xe2,0x58,0x30,0x4e,0x89,0xdd,0x2f,0x44,0x59,0xde,0xe4,0xf4,0x0d,0x4c,0x33,0xe4,
798 0x98,0x6d,0xb4,0x1f,0x03,0x6b,0x0f,0x8e,0xde,0x86,0x1b,0x33,0x37,0x74,0x14,0xbe,
799 0xa9,0x4a,0xac,0xf4,0x9b,0xa7,0x37,0xe8,0xdd,0x94,0x67,0x25,0x5c,0xb4,0x5b,0x79,
800 0xfd,0xd3,0x24,0x21,0x11,0xbe,0x76,0x1f,0x98,0x8b,0x73,0x87,0x0c,0x96,0x82,0x59,
801 0x04,0x22,0x8c,0x9b,0x57,0x0c,0xca,0x16,0xb3,0x02,0xc6,0xdc,0x6f,0xd2,0x9c,0xcd,
802 0x0f,0x31,0xea,0x97,0x94,0xf7,0x43,0xfe,0xe2,0x8f,0xc7,0x07,0x98,0x57,0x30,0x72,
803 0x55,0x43,0xca,0xfa,0xde,0x92,0xf9,0x06,0x9e,0x56,0x73,0x80,0x84,0xbb,0x44,0xe5,
804 0x7d,0x04,0xfc,0x49,0x8d,0x28,0xfa,0x91,0xe3,0x50,0x76,0xc2,0xf8,0x87,0x29,0x04,
805 0xa4,0xfd,0xfb,0x28,0x20,0xe3,0x07,0xb6,0xf4,0xbf,0xe7,0xc4,0x6a,0x93,0x8c,0x12,
806 0xda,0x9d,0x9a,0x5d,0x8c,0x0a,0xd7,0xf5,0x9f,0xbd,0x71,0x00,0xfc,0x22,0xea,0xa4,
807 0x45,0x6f,0xd4,0xc6,0x7d,0x7a,0x47,0x38,0x15,0x17,0xc6,0xde,0xb3,0xeb,0x1b,0x9a,
808 0xea,0x94,0xc1,0x74,0xd1,0x65,0x25,0xc1,0x11,0x82,0x5d,0xb3,0x66,0x7f,0x05,0xd3,
809 0xe1,0x0a,0xfe,0x29,0xcf,0xdd,0x18,0x30,0xff,0x00,0x7f,0xef,0xc1,0x50,0x54,0x7c,
810 0x8b,0x89,0x3c,0x6a,0x12,0x9d,0xd4,0x5a,0xcc,0x48,0x76,0xab,0x64,0xd3,0x54,0x36,
811 0x70,0x9e,0x04,0x69,0x3d,0x20,0x9d,0x62,0x5d,0xe6,0x55,0x8e,0xd0,0x53,0x5c,0xb4,
812 0x54,0x79,0x73,0x69,0x6f,0x56,0xfa,0x60,0x1d,0x61,0xeb,0xeb,0x76,0xb4,0xd5,0x7a,
813 0xc9,0x51,0xfc,0xa9,0xed,0x4a,0xfa,0x5c,0x5c,0xb5,0x20,0x6a,0x44,0xf7,0xaa,0xf0,
814 0x27,0x90,0x55,0xda,0x2d,0xb4,0x11,0x59,0x21,0x65,0x0e,0x87,0xd2,0x53,0x21,0xd2,
815 0x81,0x93,0xf7,0xfe,0x3b,0xec,0x49,0x7e,0x1c,0xdc,0xc2,0x8f,0xdb,0xef,0x3c,0x0a,
816 0x40,0x89,0x94,0xf3,0x2d,0x77,0x84,0x15,0x03,0x00,0x29,0xfa,0x1b,0xea,0x55,0x7d,
817 0xdc,0xdb,0x69,0x95,0xe5,0x72,0xa5,0x17,0x8f,0xfb,0xfc,0x86,0xfc,0x72,0x91,0x09,
818 0x9b,0x32,0x1a,0x06,0x5c,0xa5,0x26,0x4b,0x61,0x40,0x97,0x40,0xce,0x17,0xca,0xe7,
819 0x79,0xe6,0xcc,0x6c,0xa3,0x81,0x9c,0x9f,0x36,0x74,0x36,0x9f,0xd9,0x5d,0x3e,0x29,
820 0xa0,0xce,0xa1,0x84,0xf6,0xaf,0x33,0x2b,0x8b,0x32,0xb4,0x45,0xb1,0x3d,0x72,0x87,
821 0x20,0x8c,0x88,0x02,0x0d,0x93,0x50,0xcc,0x31,0xce,0x03,0xf8,0x85,0x4a,0xdc,0xed,
822 0xc0,0xcc,0xb3,0xda,0x06,0xbd,0x12,0xd5,0xfc,0xd2,0xbb,0x75,0x4b,0xca,0xb2,0x77,
823 0x18,0xe1,0x5e,0xf5,0x9f,0x0c,0x8c,0xe2,0x17,0x73,0xe5,0xa3,0x80,0x40,0xd8,0x42,
824 0xb1,0xf7,0xd0,0x04,0x9f,0x2e,0xc2,0x2b,0x9b,0x5e,0xcb,0xae,0xb4,0x5f,0x95,0x53,
825 0xf5,0xc1,0x72,0xf1,0xff,0xa2,0x5a,0xcf,0x1b,0x78,0x5c,0x99,0xdf,0x09,0x24,0xbf,
826 0xbf,0x86,0xc3,0x0e,0x65,0x9a,0xe6,0xdc,0xde,0x88,0x28,0x94,0xd7,0xc0,0x6d,0xf6,
827 0x93,0x52,0xa6,0x7f,0x74,0x92,0x9b,0x0b,0x62,0xd5,0x2c,0xb4,0xad,0x7c,0xc0,0xc6,
828 0x3b,0x1b,0xd2,0xbd,0x89,0xa8,0x64,0x02,0x9c,0x81,0x9a,0xd8,0x51,0x04,0x22,0x10,
829 0x62,0x46,0x38,0xaa,0xaa,0x3b,0x00,0x5c,0xe8,0x58,0x09,0x25,0xf7,0x53,0x1d,0x72,
830 0xab,0x44,0x80,0xb4,0x33,0x91,0xf8,0x8e,0xe1,0x00,0x5c,0x07,0xdb,0x81,0x71,0x25,
831 0x86,0x3b,0xa7,0x8e,0x31,0x02,0x89,0x43,0x8f,0x0a,0xa8,0xac,0x6b,0x2a,0xe3,0xba,
832 0x4d,0xdf,0x8c,0x20,0x46,0xea,0xd4,0x98,0x2f,0x47,0x98,0xfb,0x03,0x5e,0xdd,0x92,
833 0xc5,0x73,0xa2,0x54,0xf7,0x9f,0x5f,0xda,0xb5,0x1d,0xb5,0xab,0x78,0x2b,0x72,0x43,
834 0x07,0x0a,0x34,0x22,0xb6,0x23,0xde,0x90,0x0f,0x85,0x7b,0x31,0x66,0x30,0x3f,0x06,
835 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x14,0x31,0x32,0x1e,0x30,0x00,0x54,
836 0x00,0x65,0x00,0x73,0x00,0x74,0x00,0x20,0x00,0x49,0x00,0x64,0x00,0x65,0x00,0x6e,
837 0x00,0x74,0x00,0x69,0x00,0x74,0x00,0x79,0x00,0x20,0x00,0x53,0x00,0x4d,0x00,0x49,
838 0x00,0x4d,0x00,0x45,0x00,0x20,0x00,0x32,0x00,0x30,0x00,0x30,0x00,0x37,0x30,0x23,
839 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x15,0x31,0x16,0x04,0x14,0x69,
840 0x6e,0x3e,0x79,0x39,0x9b,0x28,0xf4,0x29,0xd4,0x38,0x78,0xcd,0xbd,0x11,0x46,0xb5,
841 0x73,0xec,0x96,0x30,0x30,0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,
842 0x05,0x00,0x04,0x14,0x5b,0xc7,0xc7,0x83,0x6c,0xc1,0x23,0xf1,0xeb,0xe8,0xd7,0xc8,
843 0x3f,0x4c,0x59,0x18,0x49,0x61,0xdb,0x72,0x04,0x08,0xde,0xab,0x8d,0x3a,0xff,0xf8,
844 0x2d,0x69,0x02,0x01,0x01
845 };
846
847 /* Test identity (PKCS12 data), SSL cert, expired in 2008
848 */
849 unsigned char TestIDSSL2007_p12[2753] = {
850 0x30,0x82,0x0a,0xbd,0x02,0x01,0x03,0x30,0x82,0x0a,0x84,0x06,0x09,0x2a,0x86,0x48,
851 0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x82,0x0a,0x75,0x04,0x82,0x0a,0x71,0x30,0x82,
852 0x0a,0x6d,0x30,0x82,0x04,0xe7,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,
853 0x06,0xa0,0x82,0x04,0xd8,0x30,0x82,0x04,0xd4,0x02,0x01,0x00,0x30,0x82,0x04,0xcd,
854 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0x30,0x1c,0x06,0x0a,0x2a,
855 0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x01,0x06,0x30,0x0e,0x04,0x08,0x7a,0xe7,0xca,
856 0x1b,0x57,0x26,0xac,0x5e,0x02,0x02,0x08,0x00,0x80,0x82,0x04,0xa0,0x1a,0x44,0x31,
857 0x1c,0x4d,0xa9,0x00,0x7f,0x14,0x71,0x83,0x3b,0x68,0xf8,0xf0,0x6e,0x42,0xd0,0x6a,
858 0x8c,0x02,0xbf,0x6e,0x0c,0xcd,0xee,0x7e,0x48,0xab,0x8b,0x7e,0xc7,0xe4,0x66,0x3f,
859 0x4d,0x3f,0x05,0xcd,0xa5,0x41,0x5c,0xa2,0x2e,0x59,0x4c,0x62,0x4c,0xa7,0xca,0x31,
860 0x10,0xd8,0xc7,0x8c,0xa1,0x6c,0x1d,0x9b,0x27,0x7a,0xa8,0x00,0x7a,0xb9,0xd3,0x4b,
861 0x09,0xf0,0xf7,0x75,0xb6,0x53,0xdf,0x54,0xba,0x2e,0x26,0xf5,0x1c,0x49,0x94,0x72,
862 0xcb,0x06,0xf3,0xa3,0x28,0xcb,0x48,0xb4,0x70,0x4a,0x0a,0xf8,0xfb,0x82,0xad,0x7f,
863 0x50,0x78,0xb7,0x11,0x41,0xd5,0x2b,0x11,0x5c,0x95,0x90,0x0f,0xcb,0xd8,0x95,0xe6,
864 0x77,0x74,0x84,0xe5,0x4c,0x24,0xa0,0xd4,0x7a,0x0a,0xd6,0xc8,0x10,0xa4,0x7a,0xcb,
865 0x5d,0x81,0x61,0x33,0xb7,0x75,0x6a,0x98,0xbe,0xd4,0xaf,0x3c,0x8c,0x61,0x66,0x43,
866 0x6f,0x12,0x4b,0x1e,0x72,0x10,0x76,0xbb,0xc6,0x57,0xbd,0xdb,0x2c,0x99,0xa7,0x53,
867 0x1e,0xe5,0x6a,0x42,0x80,0xb9,0x24,0x4f,0x1a,0x2c,0x96,0x0b,0x64,0xd3,0x63,0x36,
868 0x6f,0x75,0x74,0x8e,0xd0,0x50,0x5d,0xab,0x4b,0xec,0x59,0x04,0xdb,0x23,0xfb,0x9a,
869 0xbf,0xe0,0x88,0x24,0xc6,0x00,0x7e,0xd9,0x12,0x11,0xf0,0xe5,0xe2,0x96,0xb7,0x85,
870 0x6b,0x90,0x03,0xab,0x18,0xa4,0x07,0xcc,0xda,0x19,0x76,0x49,0xde,0x41,0x32,0xda,
871 0x0f,0x9c,0x8d,0xca,0x96,0xbb,0x39,0xbe,0xeb,0x3d,0xb8,0xe6,0xc1,0xea,0xc5,0xa6,
872 0xc3,0x69,0x72,0x96,0x53,0xde,0x36,0x8b,0xee,0x2c,0x6b,0x2e,0x3d,0xad,0xdd,0x9b,
873 0x8a,0xd9,0x1c,0xdd,0x92,0xf3,0x38,0xa7,0xec,0x5d,0xa6,0x46,0x54,0x70,0x71,0x0b,
874 0xa9,0x1a,0x2a,0x54,0x67,0x6e,0x82,0x8e,0xcb,0x5c,0x2d,0x23,0x2f,0x9b,0x0a,0xc8,
875 0xb1,0xf8,0xea,0x9b,0x16,0x72,0xc5,0xf5,0x2c,0x94,0x10,0xdf,0x3f,0xde,0x84,0xa0,
876 0x97,0x96,0xfc,0xd7,0x49,0x4e,0xa6,0x37,0x0c,0x2a,0x39,0x08,0x5e,0xbe,0x58,0x9c,
877 0x94,0x59,0x98,0x71,0x5b,0x30,0x16,0xcc,0x6f,0x64,0xb5,0xe1,0x1e,0x31,0x34,0x6d,
878 0x4a,0xe6,0xb0,0x20,0x31,0x81,0xe4,0x0e,0x48,0x7e,0x4c,0xc4,0xfa,0x9c,0x57,0xf9,
879 0xee,0x58,0xfb,0xc2,0x1b,0xd7,0x96,0xdd,0x91,0x0f,0x86,0x40,0xc9,0x45,0x29,0x07,
880 0x65,0x48,0xd1,0x1d,0xf8,0x1c,0x6d,0x1d,0x5d,0xce,0x76,0xce,0x70,0x33,0x4f,0x1d,
881 0xcc,0x4a,0x87,0xd0,0x9a,0xf3,0xb5,0x40,0xf3,0x35,0xcc,0x89,0x26,0x72,0x94,0x53,
882 0x79,0x59,0xbb,0xe6,0xc4,0x24,0x63,0x46,0x83,0x27,0xb7,0xf8,0xff,0x80,0x4c,0x0a,
883 0x98,0xee,0xe7,0x4a,0x73,0x11,0x90,0xbf,0x94,0x1c,0x03,0x91,0x78,0xe8,0x01,0x3a,
884 0xa1,0xf3,0x53,0xea,0x78,0xb1,0x09,0x4e,0xea,0x2d,0xaa,0xb4,0xce,0xce,0xb1,0xc6,
885 0x51,0xb6,0x59,0x52,0x89,0x7e,0xab,0x4c,0xe3,0xd3,0x9b,0x6b,0xa7,0xf2,0xca,0x70,
886 0x53,0x95,0x8a,0x13,0xfc,0xc0,0xa2,0x24,0xd2,0x94,0xb5,0xe5,0x95,0x38,0x01,0x39,
887 0x0a,0x28,0x1d,0x83,0xd1,0x2a,0x03,0xfa,0xf6,0x6e,0x63,0x80,0x17,0x05,0x18,0x33,
888 0x11,0x56,0xe1,0x7e,0x66,0x94,0xbf,0x1b,0x8b,0x11,0xcf,0x41,0xbf,0x71,0xd9,0xa3,
889 0x6f,0xbb,0xf5,0xae,0x43,0x1d,0x2f,0xf1,0x88,0x00,0x72,0xca,0x49,0x83,0x3e,0xe3,
890 0x87,0x5e,0x0f,0x58,0x97,0xaa,0x2b,0x92,0x40,0xdd,0x8b,0x17,0xce,0xd8,0x11,0x05,
891 0xa4,0x03,0x51,0x0b,0xfa,0x35,0x4c,0xde,0x5b,0xda,0x88,0xdd,0x3a,0xe7,0x93,0x60,
892 0xca,0xe2,0x8e,0x84,0xcd,0x5b,0x6d,0xb6,0x5c,0x53,0xbc,0x85,0x75,0x96,0xaa,0x00,
893 0x06,0x19,0x84,0x66,0x4d,0x41,0x89,0xdd,0x84,0x81,0xbe,0xb6,0xa3,0x69,0x71,0xf4,
894 0x3e,0x31,0x89,0xae,0x9e,0x77,0x68,0xff,0x21,0x78,0xa2,0x43,0xc9,0x0e,0x36,0xe0,
895 0xa0,0xb6,0xae,0x40,0xf1,0xf4,0xe3,0xc8,0xa9,0x89,0x80,0x32,0x45,0x07,0x37,0xf1,
896 0x1d,0xc3,0x1e,0x79,0x0b,0x8b,0x1d,0x7d,0xc9,0xd6,0xa2,0x91,0xc8,0xd8,0x05,0xc0,
897 0xc0,0x25,0x27,0x97,0x5f,0x60,0x3f,0xc7,0xc9,0x3e,0xf2,0xac,0x7e,0x4c,0x4b,0x42,
898 0x15,0x85,0x1a,0xe0,0xe1,0xfa,0xf9,0x27,0xaf,0x8d,0x6f,0x90,0x52,0x33,0x6c,0x55,
899 0xa7,0x9d,0x9c,0x0b,0xc1,0xf8,0xe5,0xa9,0xd7,0x9c,0x81,0xce,0x08,0x49,0x9c,0xb1,
900 0x91,0x00,0xdd,0x6f,0xaf,0x17,0xf8,0x01,0xb5,0x9e,0x53,0x2a,0xa0,0xdd,0x47,0x6e,
901 0xb3,0x1b,0xd3,0x9d,0xc1,0x8c,0x07,0x9b,0x78,0x8c,0x2e,0xad,0xbb,0x7d,0xe1,0x0a,
902 0x11,0x35,0xf7,0xfa,0xf4,0x00,0xf3,0xc2,0xa6,0xf1,0x3f,0xa1,0xdc,0xe1,0xc2,0x2a,
903 0x4b,0x22,0x31,0x20,0x45,0x93,0xbb,0x5e,0xfc,0xe5,0xd7,0xcb,0x69,0x1b,0xad,0x3a,
904 0x48,0x59,0x9c,0xc7,0x74,0xbb,0x79,0x56,0xb7,0x73,0x92,0x54,0x49,0xc9,0xbc,0x5d,
905 0xf2,0x74,0xc8,0x63,0xa8,0x9c,0x99,0x67,0x4d,0x75,0x64,0x10,0x46,0xe7,0x0f,0xf1,
906 0xb0,0x4e,0x8b,0x9d,0x4f,0xa7,0x67,0xe9,0xec,0xbf,0x1b,0x0a,0xfd,0xde,0xe4,0xf6,
907 0xcd,0xba,0x12,0xce,0x4e,0xb5,0x29,0xbf,0x59,0x0b,0xf7,0xea,0xc7,0x7c,0xfb,0xe4,
908 0xe6,0x36,0x86,0x52,0x18,0xf6,0xe5,0x14,0xe1,0x92,0x02,0x98,0x08,0x0f,0xbc,0xd0,
909 0x40,0xf3,0xb1,0x87,0xcc,0x6b,0xee,0xee,0x1a,0x8c,0x40,0x13,0x53,0x9e,0x61,0xb3,
910 0x17,0x02,0x7e,0x97,0x22,0x90,0x6f,0xf0,0x64,0x75,0x42,0xf4,0xf9,0x8f,0x38,0x46,
911 0x27,0x5c,0x14,0x82,0x80,0x71,0xe9,0x7d,0xe9,0xc8,0x32,0xb2,0xae,0xbd,0x90,0x28,
912 0xda,0xc0,0xc1,0x6d,0x06,0x03,0x6c,0x83,0x68,0x3b,0xdf,0xb4,0xb4,0x48,0x04,0x0e,
913 0xbb,0x6e,0xa8,0xa5,0xa5,0x1b,0x36,0xbe,0xfc,0x40,0xd3,0x97,0xc3,0x62,0xb9,0x34,
914 0x94,0xbf,0x01,0xfb,0x21,0xae,0xbb,0xd9,0xdd,0x0d,0xe0,0xf4,0xce,0x25,0x9a,0x7c,
915 0xc4,0x10,0xfc,0xac,0x53,0x1d,0x11,0xdc,0x5c,0x4c,0x6e,0x65,0xb3,0x9c,0xca,0x76,
916 0x3d,0x5d,0x2d,0x21,0x64,0xa6,0x3c,0xc1,0xa1,0x35,0xe7,0x38,0x8b,0x39,0x9f,0x7f,
917 0x93,0x68,0x6f,0xeb,0x96,0x4f,0x7c,0xd3,0x49,0xbe,0x65,0xdb,0x82,0x91,0x2a,0xb4,
918 0x62,0x38,0xdd,0x73,0xa7,0x7f,0x66,0x54,0xfa,0x92,0x65,0xbf,0x71,0xc6,0x62,0x38,
919 0x96,0xe2,0xf4,0x16,0xc6,0xf7,0x7e,0x9d,0x7a,0x4f,0x35,0x5f,0x0e,0x29,0xe6,0x38,
920 0x7b,0x05,0x02,0x61,0xfb,0x16,0xb4,0x43,0xe9,0xb1,0x74,0x3d,0x50,0xe3,0x51,0x5c,
921 0x54,0x5e,0x3e,0xe0,0xb1,0xfe,0x20,0x2d,0xe0,0x05,0x25,0x2f,0x1f,0x9a,0x25,0xe9,
922 0xec,0xb6,0xb8,0x9a,0xe9,0xff,0x3a,0x7a,0xc8,0x53,0xfd,0xc4,0x61,0xb1,0xa1,0x22,
923 0xc6,0x85,0x7a,0x11,0x07,0x84,0xe9,0x58,0x15,0x74,0x33,0x08,0x1f,0x59,0xe9,0x0d,
924 0x7f,0x7e,0x38,0xd9,0x77,0x22,0x46,0xb5,0xfc,0xd5,0x3b,0x1d,0x47,0x7a,0x4a,0x16,
925 0x35,0xa8,0x67,0x99,0x6d,0x72,0x66,0x0d,0xd4,0xb3,0x3b,0xdf,0xb8,0x9f,0x7f,0x59,
926 0x37,0x97,0x65,0xdf,0x79,0x0c,0x15,0xe3,0x14,0x99,0xc0,0x1a,0xcc,0x9a,0x98,0x6a,
927 0xb7,0x59,0x35,0x21,0x31,0x3e,0xf4,0xa2,0xce,0xc4,0xca,0x60,0xf8,0xa0,0x43,0xb6,
928 0xbe,0x8a,0x0a,0x95,0xea,0xe7,0xa0,0xdb,0x4f,0x36,0x22,0xf8,0xb6,0x60,0xff,0x15,
929 0x69,0x45,0x84,0x53,0xad,0x48,0x00,0x0e,0x20,0xb3,0x62,0x07,0xbd,0x02,0x46,0x19,
930 0xf6,0x3d,0xb8,0x55,0x4b,0x5f,0xac,0x3a,0x6a,0x86,0xcf,0x07,0x79,0x30,0x82,0x05,
931 0x7e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x82,0x05,0x6f,
932 0x04,0x82,0x05,0x6b,0x30,0x82,0x05,0x67,0x30,0x82,0x05,0x63,0x06,0x0b,0x2a,0x86,
933 0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x02,0xa0,0x82,0x04,0xee,0x30,0x82,0x04,
934 0xea,0x30,0x1c,0x06,0x0a,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x01,0x03,0x30,
935 0x0e,0x04,0x08,0xd3,0x22,0x2a,0xd2,0xd9,0xd0,0xd6,0xd3,0x02,0x02,0x08,0x00,0x04,
936 0x82,0x04,0xc8,0x7b,0x88,0x0e,0x83,0x90,0x25,0x3f,0x51,0xab,0x13,0xf1,0x35,0x1f,
937 0xec,0x56,0xcb,0xfc,0x31,0x6b,0xd1,0x1a,0x6c,0x35,0x51,0x31,0xb7,0x27,0x2e,0xe6,
938 0x8c,0x75,0x7d,0xa6,0x58,0xfd,0x08,0x0b,0xe4,0x39,0x63,0xc6,0x3e,0x2d,0xee,0x2b,
939 0xe5,0x58,0x90,0x48,0xb5,0x57,0x38,0x97,0x48,0xf3,0x2c,0xac,0xf1,0xf8,0x10,0x9c,
940 0x56,0x02,0xc7,0x9d,0x7f,0x9e,0xe0,0x9c,0x96,0xe7,0x0c,0x9f,0x54,0xab,0x9f,0x26,
941 0x17,0xac,0x86,0x88,0x5e,0x4a,0x9c,0xce,0xea,0xc8,0x48,0x83,0x0c,0x2e,0xf0,0xa0,
942 0x6c,0x96,0x07,0x26,0x47,0x63,0xc1,0xac,0x27,0xd1,0x1a,0x25,0x88,0x43,0x8e,0x9d,
943 0xe0,0x5f,0x80,0xd9,0xd1,0x1a,0x86,0x92,0x12,0x80,0xe1,0x99,0x13,0xc3,0xab,0x53,
944 0x97,0xbe,0x51,0x17,0xc4,0x5a,0x9d,0xc0,0xcd,0xe4,0xc5,0xd6,0x44,0x56,0xaa,0x8d,
945 0x5b,0x3d,0xc8,0x66,0xaf,0x6c,0xd2,0x96,0xc6,0x83,0x57,0x7a,0x0e,0x66,0x68,0xd6,
946 0x30,0xf0,0xaa,0xde,0x13,0x92,0x5e,0x21,0x2c,0x36,0x96,0x77,0x1f,0xd0,0xaa,0x4b,
947 0x14,0x9f,0x9f,0xe5,0xa4,0x3f,0xbf,0x7a,0x9b,0x38,0xff,0x91,0x1d,0x0d,0xd4,0x32,
948 0x34,0x2b,0x3f,0xd8,0xfb,0x09,0x71,0xdf,0x1b,0x61,0xa3,0x36,0x81,0xaa,0x49,0xa3,
949 0xe4,0x5c,0xc4,0x8d,0xc5,0xab,0xc0,0x43,0xbe,0xc1,0x41,0xa2,0xcc,0x28,0x36,0x65,
950 0xa6,0xb6,0x73,0x96,0x6a,0x5f,0x1a,0xd9,0xb8,0x48,0x49,0x7b,0x12,0xda,0x2a,0xdb,
951 0xaa,0xaf,0x46,0x8b,0x39,0x7e,0xa7,0x78,0x88,0x15,0x95,0x32,0x13,0x76,0xbb,0x2d,
952 0xf5,0xd5,0x41,0x6a,0x9b,0xb8,0xe6,0x6d,0x43,0xa6,0xc3,0x53,0xb7,0xc5,0x68,0x9d,
953 0xa9,0x84,0x30,0x42,0x59,0x33,0x81,0x79,0x22,0x91,0x1e,0x34,0x31,0x9b,0xd4,0xf3,
954 0x2a,0xda,0xe2,0xa3,0x95,0x7a,0x2a,0x9c,0x67,0x57,0xee,0x2b,0x89,0xfc,0x64,0x67,
955 0x00,0x98,0x21,0x63,0xc7,0x19,0x95,0x69,0x9b,0x42,0x73,0x5c,0x68,0x59,0xfc,0x64,
956 0xe5,0x22,0x57,0x54,0x58,0x06,0xff,0xa3,0x87,0x7d,0x05,0xc8,0xc4,0xfd,0xc7,0x29,
957 0x1b,0x1d,0x88,0x0b,0x08,0x96,0x94,0x9b,0xd8,0xee,0x47,0x99,0x06,0xfa,0x64,0x67,
958 0xfd,0xb0,0xb1,0xa1,0xf5,0x26,0x7e,0xb1,0x46,0xb1,0x0c,0x82,0x52,0x5f,0xc5,0x94,
959 0x23,0x75,0xff,0xb3,0x42,0x18,0xa2,0x9f,0x65,0xfb,0x06,0xb0,0x8a,0x29,0xc1,0x6e,
960 0x84,0xd9,0xd4,0x39,0x77,0x02,0x47,0xe3,0x5f,0xf2,0xb4,0x84,0xc0,0x75,0x48,0x4b,
961 0x3a,0xef,0x48,0x2e,0x8d,0xa1,0xe5,0xc6,0x86,0x44,0x00,0xd9,0x4d,0x73,0xed,0x68,
962 0x8c,0x91,0x56,0x3e,0x2c,0x18,0xd0,0x58,0xd8,0x04,0x15,0xe0,0xd8,0xa8,0xe6,0x46,
963 0x36,0x54,0xc5,0x8c,0x2b,0x98,0xa5,0x01,0x73,0xf0,0x67,0x95,0x41,0x4e,0xa3,0xd6,
964 0x8d,0x24,0xc4,0xc3,0x8f,0x28,0x7c,0x76,0x76,0x84,0x6c,0x95,0x94,0x22,0xde,0xe2,
965 0x9d,0xcb,0x37,0xb6,0x97,0x6b,0xf3,0x58,0x1d,0x5a,0x98,0x88,0xac,0xd9,0xb1,0x59,
966 0x16,0x11,0xd8,0x0b,0x68,0xce,0xdf,0x4b,0x1a,0x28,0x3c,0xeb,0x14,0xb2,0x28,0xa7,
967 0xad,0x54,0x55,0xa1,0x6b,0x50,0x86,0x55,0x00,0xae,0xf6,0xdf,0x6b,0xb3,0x42,0xb3,
968 0x7b,0xbb,0x0d,0x91,0x14,0xdb,0x82,0xea,0xe9,0x08,0x9f,0xf6,0x6f,0xd0,0x10,0xd7,
969 0x83,0x1e,0xfc,0x5e,0x58,0xca,0x01,0xdd,0xb4,0xc8,0xbe,0x80,0xe3,0x07,0x71,0x0a,
970 0x74,0x01,0xd4,0xf1,0x50,0xe1,0x51,0x22,0xb1,0x43,0x98,0xf1,0x5e,0xdd,0xb4,0x65,
971 0x5a,0x18,0x0c,0x8b,0x1b,0x4e,0xe1,0xce,0xb1,0x0e,0x81,0xda,0x6b,0x98,0xc4,0xcb,
972 0xd9,0xd2,0xb2,0x1e,0xea,0xac,0x0c,0x08,0x86,0xa4,0x60,0xab,0x84,0x50,0x13,0xf8,
973 0x48,0xfb,0x64,0xf3,0x33,0x88,0x83,0x72,0x22,0xe8,0x6a,0x43,0xd3,0xb4,0xc7,0xd2,
974 0x04,0xed,0x07,0x75,0x26,0x96,0x2d,0x84,0xb9,0x10,0x02,0xd2,0xda,0xc8,0xc8,0x0b,
975 0x95,0xe3,0x69,0x1e,0x57,0x16,0x7a,0xb5,0x1c,0xe7,0x46,0x89,0xfc,0xed,0x49,0x69,
976 0x47,0xb8,0x07,0xe4,0xcb,0xd1,0x52,0xd6,0x8c,0x32,0xaa,0x91,0x8d,0x45,0x19,0xf1,
977 0x54,0x23,0x3c,0x5f,0xcc,0xc7,0x60,0xfc,0x89,0x00,0x9a,0xa3,0xc2,0xf0,0x48,0xda,
978 0xbf,0xe4,0xfd,0x78,0x3b,0x6c,0x2d,0x34,0x91,0x6b,0x0d,0x21,0xb4,0xba,0xe8,0x6d,
979 0x80,0xbc,0xfb,0x91,0xcb,0xce,0x77,0x01,0x4e,0xfe,0x7b,0xf2,0x08,0x78,0x2e,0x3f,
980 0x16,0xd4,0xfd,0xf0,0x76,0x68,0xce,0x43,0xdc,0xb2,0xe2,0x82,0x64,0x8f,0xc8,0x71,
981 0x0f,0x6e,0xc6,0x3b,0x4a,0x6b,0x6a,0xd7,0xf6,0x21,0x46,0xcd,0x05,0xce,0x19,0xab,
982 0x28,0x28,0x55,0x19,0x1d,0x07,0xaf,0x38,0xd9,0x9c,0xdf,0xe8,0x91,0x68,0x16,0xdd,
983 0x36,0x19,0x71,0x46,0x86,0x08,0x0a,0x08,0x34,0xc5,0x3b,0x53,0xaa,0x35,0x27,0x6e,
984 0xe4,0xf3,0xa1,0xd6,0x04,0x78,0xf9,0x63,0xec,0x1e,0xfe,0x30,0x38,0xb3,0xe7,0xd8,
985 0x27,0x9f,0x98,0xd5,0xb9,0x4d,0xb9,0x80,0x4f,0xb0,0x81,0xc6,0xaa,0xc2,0xe6,0xbf,
986 0x98,0x63,0x05,0xc6,0xab,0x4e,0xc8,0x7e,0xf4,0x37,0x68,0xad,0x63,0x08,0x6e,0x8f,
987 0xe5,0xd9,0x62,0x43,0xa3,0x0d,0x61,0x84,0x41,0x02,0xd0,0xc6,0x33,0x19,0x76,0xb8,
988 0x31,0xb1,0x27,0x2f,0x81,0x40,0x71,0x35,0x3c,0xf6,0xf2,0xc7,0x9b,0x85,0x9c,0x2e,
989 0xa0,0xf6,0xd2,0x3a,0xd9,0x7e,0xdd,0x82,0x56,0xf4,0x61,0x97,0x79,0xdb,0x27,0x5d,
990 0xa7,0x5b,0x8d,0x01,0x9d,0x68,0x9b,0x3a,0x4e,0xe1,0x3c,0xaf,0x61,0x0f,0xbf,0xfa,
991 0x61,0x12,0x2f,0xde,0x7a,0x71,0x0a,0xdd,0x6e,0x29,0x11,0x8e,0xa4,0x93,0x31,0x85,
992 0x2a,0x31,0xa8,0xd7,0x3f,0xfb,0xf4,0xd2,0xd4,0x7f,0x0c,0xb2,0x8d,0x63,0x25,0x47,
993 0x18,0x04,0x00,0x28,0x90,0xd3,0xc0,0x7e,0xca,0xfa,0x0d,0xc4,0xab,0xd4,0x7a,0x17,
994 0xb7,0xdc,0xce,0x7d,0xc2,0xe8,0x5b,0x68,0x7c,0xa9,0x3c,0xac,0x4e,0x2c,0xde,0x0c,
995 0x4a,0x09,0x09,0x03,0x77,0x12,0xb9,0x31,0xc9,0x0d,0x6e,0x2b,0xac,0x96,0x7b,0xb0,
996 0x3d,0x37,0x03,0x32,0xc6,0xe1,0x64,0x16,0xc1,0x1b,0xfa,0xa3,0x32,0xe9,0xea,0x25,
997 0x0c,0xa1,0xbf,0xae,0xaa,0xba,0xbd,0x24,0xba,0x9d,0x5f,0x15,0x20,0x59,0x2d,0xe5,
998 0x09,0xe6,0x71,0x70,0xcd,0xf5,0x44,0x12,0xcf,0x17,0x8b,0x33,0x4b,0x67,0x86,0x53,
999 0xd3,0x66,0x80,0x2e,0xfb,0x6b,0x95,0x38,0x35,0x2d,0x39,0xb8,0x19,0xb7,0x01,0xe0,
1000 0xe2,0x7d,0x29,0xd3,0x89,0xc7,0xc9,0x4f,0xb4,0xf9,0x48,0x20,0x6a,0x40,0xd3,0x71,
1001 0x28,0xf4,0xdf,0x3a,0xff,0xf0,0xd1,0x7a,0x78,0xbd,0x92,0xe4,0xa2,0x05,0x47,0xf5,
1002 0xfa,0x25,0x4f,0x22,0x3f,0x8f,0x85,0x72,0xaa,0x0f,0xfa,0x21,0x84,0x63,0xbc,0xb6,
1003 0xe0,0x49,0x1e,0xdf,0x0a,0xee,0x4b,0xa8,0x96,0xbf,0x2f,0xa7,0x31,0x64,0xc3,0xa1,
1004 0x19,0xe1,0x2b,0x69,0xbf,0x0f,0xcc,0x76,0x49,0x9f,0xdd,0x4e,0xf0,0x77,0xf0,0xae,
1005 0x83,0x20,0xe2,0xd6,0x21,0x1a,0x3a,0x1a,0xb4,0xbf,0x57,0x02,0x9c,0xf6,0xb1,0x47,
1006 0x83,0x59,0x0c,0x43,0xce,0x9a,0x3d,0xb3,0x9b,0x9c,0xd2,0x30,0xcd,0x40,0x58,0xfe,
1007 0xec,0xa9,0x59,0xa8,0xf6,0x28,0x31,0xbf,0xc3,0xfb,0xad,0x37,0x07,0xd4,0x34,0xe7,
1008 0x58,0xfa,0xca,0xe7,0xe3,0xbb,0x3d,0xd8,0xf6,0xd7,0x9c,0xf5,0x6f,0xc0,0xbd,0x9e,
1009 0x3a,0x91,0x30,0x7c,0xe4,0xff,0x8d,0xbe,0x85,0x91,0x27,0x92,0x51,0xdc,0xd6,0x66,
1010 0x7e,0x5a,0xfb,0xf7,0xbe,0x34,0xce,0x5e,0xa4,0x50,0xf1,0x6d,0xc0,0x32,0x3b,0xaa,
1011 0x8c,0x52,0x25,0xcc,0x75,0x26,0x2b,0xa8,0x2f,0x6f,0x02,0x81,0x18,0x07,0x5f,0xbe,
1012 0xc3,0xed,0xa3,0x93,0x73,0xc9,0xd4,0x79,0xec,0x34,0x78,0x31,0x62,0x30,0x3b,0x06,
1013 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x14,0x31,0x2e,0x1e,0x2c,0x00,0x54,
1014 0x00,0x65,0x00,0x73,0x00,0x74,0x00,0x20,0x00,0x49,0x00,0x64,0x00,0x65,0x00,0x6e,
1015 0x00,0x74,0x00,0x69,0x00,0x74,0x00,0x79,0x00,0x20,0x00,0x53,0x00,0x53,0x00,0x4c,
1016 0x00,0x20,0x00,0x32,0x00,0x30,0x00,0x30,0x00,0x37,0x30,0x23,0x06,0x09,0x2a,0x86,
1017 0x48,0x86,0xf7,0x0d,0x01,0x09,0x15,0x31,0x16,0x04,0x14,0xd0,0xcb,0xd6,0x5c,0xe1,
1018 0x73,0x7a,0xb8,0xa8,0x2a,0xf8,0xc9,0xe6,0xdc,0xbb,0xc2,0xec,0x00,0x2e,0x6a,0x30,
1019 0x30,0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x05,0x00,0x04,0x14,
1020 0x47,0x2e,0x9e,0xca,0x71,0x3b,0x36,0xcf,0x34,0x59,0x7e,0x0a,0x6e,0xe0,0xeb,0x79,
1021 0xcb,0x82,0x47,0x76,0x04,0x08,0xff,0xe9,0xf7,0xee,0x2f,0x48,0xcc,0x24,0x02,0x01,
1022 0x01
1023 };
1024
1025
1026 static int quiet = 0;
1027 static int debug = 0;
1028
1029 #define MAXNAMELEN MAXPATHLEN
1030 #define MAXITEMS INT32_MAX
1031
1032 #pragma mark -- Utility Functions --
1033
1034
1035 static void PrintTestResult(char *testStr, OSStatus status, OSStatus expected)
1036 {
1037 is(status, expected, "%s", testStr);
1038 fflush(stdout);
1039 }
1040
1041
1042 static void PrintStringToMatch(CFStringRef nameStr)
1043 {
1044 char *buf = (char*)malloc(MAXNAMELEN);
1045 if (buf) {
1046 if (CFStringGetCString(nameStr, buf, (CFIndex)MAXNAMELEN, kCFStringEncodingUTF8)) {
1047 fprintf(stdout, "### String to match is \"%s\"\n", buf);
1048 fflush(stdout);
1049 }
1050 free(buf);
1051 }
1052 }
1053
1054
1055 static void PrintSecCertificate(SecCertificateRef certificate)
1056 {
1057 CFStringRef nameStr;
1058 OSStatus status = SecCertificateCopyCommonName(certificate, &nameStr);
1059 if (status) {
1060 fprintf(stderr, "### SecCertificateCopyCommonName error %d\n", (int)status);
1061 }
1062 else {
1063 char *buf = (char*)malloc(MAXNAMELEN);
1064 if (buf) {
1065 if (CFStringGetCString(nameStr, buf, (CFIndex)MAXNAMELEN, kCFStringEncodingUTF8)) {
1066 fprintf(stdout, "### Found certificate name: \"%s\"\n", buf);
1067 }
1068 free(buf);
1069 }
1070 CFRelease(nameStr);
1071 }
1072 }
1073
1074
1075 static void PrintSecIdentity(SecIdentityRef identity)
1076 {
1077 SecCertificateRef certRef;
1078 OSStatus status = SecIdentityCopyCertificate(identity, &certRef);
1079 if (status) {
1080 fprintf(stderr, "### SecIdentityCopyCertificate error %d\n", (int)status);
1081 }
1082 else {
1083 PrintSecCertificate(certRef);
1084 CFRelease(certRef);
1085 }
1086 }
1087
1088
1089 static void PrintCFStringWithFormat(const char *formatStr, CFStringRef inStr)
1090 {
1091 char *buf = (char*)malloc(MAXNAMELEN);
1092 if (buf) {
1093 if (CFStringGetCString(inStr, buf, (CFIndex)MAXNAMELEN, kCFStringEncodingUTF8)) {
1094 fprintf(stdout, formatStr, buf);
1095 fflush(stdout);
1096 }
1097 free(buf);
1098 }
1099 }
1100
1101
1102 static void PrintCFThing(CFTypeRef thing)
1103 {
1104 fprintf(stderr, "### Results: %p\n", (void*)thing);
1105
1106 CFTypeID thingID = (thing) ? CFGetTypeID(thing) : 0;
1107 if (thingID == SecCertificateGetTypeID()) {
1108 // print a SecCertificateRef
1109 PrintSecCertificate((SecCertificateRef)thing);
1110 }
1111 else if (thingID == SecIdentityGetTypeID()) {
1112 // print a SecIdentityRef
1113 PrintSecIdentity((SecIdentityRef)thing);
1114 }
1115 else if (thingID == SecKeychainItemGetTypeID() ||
1116 thingID == SecIdentityGetTypeID() ||
1117 thingID == CFDictionaryGetTypeID() ||
1118 thingID == CFArrayGetTypeID() ||
1119 thingID == CFStringGetTypeID() ||
1120 thingID == CFDataGetTypeID()) {
1121 CFShow(thing);
1122 }
1123 else {
1124 fprintf(stderr, "### ERROR: result is not a supported CFType! (%ld)\n",
1125 thingID);
1126 }
1127 }
1128
1129 //%%% FIXME need to break this up into separate functions
1130 static int TestAddItems(SecKeychainRef keychain)
1131 {
1132 SecCertificateRef certs[5];
1133 CFDataRef tmpData;
1134 OSStatus status;
1135
1136 /* add test leaf */
1137 tmpData = CFDataCreateWithBytesNoCopy(NULL, LEAF_CERT, sizeof(LEAF_CERT), kCFAllocatorNull);
1138 certs[0] = SecCertificateCreateWithData(NULL, tmpData);
1139 CFRelease(tmpData);
1140
1141 /* add test intermediate */
1142 tmpData = CFDataCreateWithBytesNoCopy(NULL, INTERMEDIATE_CERT, sizeof(INTERMEDIATE_CERT), kCFAllocatorNull);
1143 certs[1] = SecCertificateCreateWithData(NULL, tmpData);
1144 CFRelease(tmpData);
1145
1146 /* add test root */
1147 tmpData = CFDataCreateWithBytesNoCopy(NULL, ROOT_CERT, sizeof(ROOT_CERT), kCFAllocatorNull);
1148 certs[2] = SecCertificateCreateWithData(NULL, tmpData);
1149 CFRelease(tmpData);
1150 // will add this below using SecItemAdd instead of SecCertificateAddToKeychain
1151
1152 /* use SecItemAdd to add an array containing certs 1-3 */
1153 CFArrayRef certArray = CFArrayCreate(NULL, (const void**) certs, 3, &kCFTypeArrayCallBacks);
1154 CFMutableDictionaryRef attrs = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
1155 CFDictionaryAddValue(attrs, kSecClass, kSecClassCertificate); // we are adding certificates
1156 CFDictionaryAddValue(attrs, kSecUseItemList, certArray); // add these items (to default keychain, since we aren't specifying one)
1157 CFDictionaryAddValue(attrs, kSecUseKeychain, keychain); // add these to the test keychain
1158 status = SecItemAdd(attrs, NULL);
1159 CFRelease(attrs);
1160 CFRelease(certArray);
1161 ok_status(status, "Unable to add 3 test certificates: error %d\n", (int)status);
1162 if (status && status != errSecDuplicateItem) {
1163 goto error_exit;
1164 }
1165
1166 /* add test cert for S/MIME policy (encrypt only, no sign) */
1167 tmpData = CFDataCreateWithBytesNoCopy(NULL, Test_smime_encryptonly, sizeof(Test_smime_encryptonly), kCFAllocatorNull);
1168 certs[3] = SecCertificateCreateWithData(NULL, tmpData);
1169 CFRelease(tmpData);
1170 status = SecCertificateAddToKeychain(certs[3], keychain);
1171 ok_status(status, "Unable to add test S/MIME certificate: error %d\n", (int)status);
1172 if (status && status != errSecDuplicateItem) {
1173 goto error_exit;
1174 }
1175
1176 /* add test cert for Code Signing policy */
1177 tmpData = CFDataCreateWithBytesNoCopy(NULL, Test_codesign, sizeof(Test_codesign), kCFAllocatorNull);
1178 certs[4] = SecCertificateCreateWithData(NULL, tmpData);
1179 CFRelease(tmpData);
1180 status = SecCertificateAddToKeychain(certs[4], keychain);
1181 ok_status(status, "Unable to add test Code Signing certificate: error %d\n", (int)status);
1182 if (status && status != errSecDuplicateItem) {
1183 goto error_exit;
1184 }
1185
1186 /* import test SSL identity */
1187 {
1188 CFDataRef p12DataRef = CFDataCreateWithBytesNoCopy(NULL, Test_ssl_user_p12, (CFIndex)sizeof(Test_ssl_user_p12), kCFAllocatorNull);
1189 SecExternalFormat format = kSecFormatPKCS12;
1190 SecExternalItemType itemType = kSecItemTypeAggregate;
1191 SecItemImportExportFlags flags = 0;
1192 #if 0
1193 /* deprecated method, using CDSA constants */
1194 SecKeyImportExportParameters keyParams = {
1195 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1196 0, // SecKeyImportExportFlags flags
1197 CFSTR("test"), // CFTypeRef passphrase
1198 CFSTR("title"), // CFStringRef alertTitle
1199 CFSTR("pw:"), // CFStringRef alertPrompt
1200 NULL, // SecAccessRef accessRef (unspecified, use default)
1201 CSSM_KEYUSE_SIGN, // CSSM_KEYUSE keyUsage (0=unspecified)
1202 CSSM_KEYATTR_PERMANENT // CSSM_KEYATTR_FLAGS keyAttributes
1203 };
1204 status = SecKeychainItemImport(p12DataRef,
1205 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1206 #else
1207 CFTypeRef keyUsages[1] = { kSecAttrCanSign };
1208 CFArrayRef keyUsagesArray = CFArrayCreate(NULL, keyUsages, 1, &kCFTypeArrayCallBacks);
1209 CFTypeRef keyAttrs[1] = { kSecAttrIsPermanent };
1210 CFArrayRef keyAttrsArray = CFArrayCreate(NULL, keyAttrs, 1, &kCFTypeArrayCallBacks);
1211 SecItemImportExportKeyParameters keyParams = {
1212 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1213 0, // SecKeyImportExportFlags flags
1214 CFSTR("test"), // CFTypeRef passphrase
1215 CFSTR("title"), // CFStringRef alertTitle
1216 CFSTR("pw:"), // CFStringRef alertPrompt
1217 NULL, // SecAccessRef accessRef (unspecified, use default)
1218 keyUsagesArray, // CFArrayRef keyUsages
1219 keyAttrsArray // CFArrayRef keyAttributes
1220 };
1221 status = SecItemImport(p12DataRef,
1222 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1223 CFRelease(keyUsagesArray);
1224 CFRelease(keyAttrsArray);
1225 #endif
1226 ok_status(status, "Unable to import test SSL identity: error %d\n", (int)status);
1227 if (status && status != errSecDuplicateItem) {
1228 goto error_exit;
1229 }
1230 }
1231
1232 /* import test S/MIME signing identity */
1233 {
1234 CFDataRef p12DataRef = CFDataCreateWithBytesNoCopy(NULL, Test_smime_signonly_p12, (CFIndex)sizeof(Test_smime_signonly_p12), kCFAllocatorNull);
1235 SecExternalFormat format = kSecFormatPKCS12;
1236 SecExternalItemType itemType = kSecItemTypeAggregate;
1237 SecItemImportExportFlags flags = 0;
1238 #if 0
1239 /* deprecated method, using CDSA constants */
1240 SecKeyImportExportParameters keyParams = {
1241 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1242 0, // SecKeyImportExportFlags flags
1243 CFSTR("test"), // CFTypeRef passphrase
1244 CFSTR("title"), // CFStringRef alertTitle
1245 CFSTR("pw:"), // CFStringRef alertPrompt
1246 NULL, // SecAccessRef accessRef (unspecified, use default)
1247 CSSM_KEYUSE_SIGN, // CSSM_KEYUSE keyUsage (0=unspecified)
1248 CSSM_KEYATTR_PERMANENT // CSSM_KEYATTR_FLAGS keyAttributes
1249 };
1250 status = SecKeychainItemImport(p12DataRef,
1251 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1252 #else
1253 CFTypeRef keyUsages[1] = { kSecAttrCanSign };
1254 CFArrayRef keyUsagesArray = CFArrayCreate(NULL, keyUsages, 1, &kCFTypeArrayCallBacks);
1255 CFTypeRef keyAttrs[1] = { kSecAttrIsPermanent };
1256 CFArrayRef keyAttrsArray = CFArrayCreate(NULL, keyAttrs, 1, &kCFTypeArrayCallBacks);
1257 SecItemImportExportKeyParameters keyParams = {
1258 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1259 0, // SecKeyImportExportFlags flags
1260 CFSTR("test"), // CFTypeRef passphrase
1261 CFSTR("title"), // CFStringRef alertTitle
1262 CFSTR("pw:"), // CFStringRef alertPrompt
1263 NULL, // SecAccessRef accessRef (unspecified, use default)
1264 keyUsagesArray, // CFArrayRef keyUsages
1265 keyAttrsArray // CFArrayRef keyAttributes
1266 };
1267 status = SecItemImport(p12DataRef,
1268 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1269 CFRelease(keyUsagesArray);
1270 CFRelease(keyAttrsArray);
1271 #endif
1272 ok_status(status, "Unable to import test S/MIME identity: error %d\n", (int)status);
1273 if (status && status != errSecDuplicateItem) {
1274 goto error_exit;
1275 }
1276 }
1277
1278 /* import expired SSL identity */
1279 {
1280 CFDataRef p12DataRef = CFDataCreateWithBytesNoCopy(NULL, TestIDSSL2007_p12, (CFIndex)sizeof(TestIDSSL2007_p12), kCFAllocatorNull);
1281 SecExternalFormat format = kSecFormatPKCS12;
1282 SecExternalItemType itemType = kSecItemTypeAggregate;
1283 SecItemImportExportFlags flags = 0;
1284 CFTypeRef keyUsages[1] = { kSecAttrCanSign };
1285 CFArrayRef keyUsagesArray = CFArrayCreate(NULL, keyUsages, 1, &kCFTypeArrayCallBacks);
1286 CFTypeRef keyAttrs[1] = { kSecAttrIsPermanent };
1287 CFArrayRef keyAttrsArray = CFArrayCreate(NULL, keyAttrs, 1, &kCFTypeArrayCallBacks);
1288 SecItemImportExportKeyParameters keyParams = {
1289 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1290 0, // SecKeyImportExportFlags flags
1291 CFSTR("test"), // CFTypeRef passphrase
1292 CFSTR("title"), // CFStringRef alertTitle
1293 CFSTR("pw:"), // CFStringRef alertPrompt
1294 NULL, // SecAccessRef accessRef (unspecified, use default)
1295 keyUsagesArray, // CFArrayRef keyUsages
1296 keyAttrsArray // CFArrayRef keyAttributes
1297 };
1298 status = SecItemImport(p12DataRef,
1299 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1300 CFRelease(keyUsagesArray);
1301 CFRelease(keyAttrsArray);
1302 ok_status(status, "Unable to import TestIDSSL2007_p12 identity: error %d\n", (int)status);
1303 if (status && status != errSecDuplicateItem) {
1304 goto error_exit;
1305 }
1306 }
1307
1308 /* import expired S/MIME identity */
1309 {
1310 CFDataRef p12DataRef = CFDataCreateWithBytesNoCopy(NULL, TestIDSMIME2007_p12, (CFIndex)sizeof(TestIDSMIME2007_p12), kCFAllocatorNull);
1311 SecExternalFormat format = kSecFormatPKCS12;
1312 SecExternalItemType itemType = kSecItemTypeAggregate;
1313 SecItemImportExportFlags flags = 0;
1314 CFTypeRef keyUsages[1] = { kSecAttrCanSign };
1315 CFArrayRef keyUsagesArray = CFArrayCreate(NULL, keyUsages, 1, &kCFTypeArrayCallBacks);
1316 CFTypeRef keyAttrs[1] = { kSecAttrIsPermanent };
1317 CFArrayRef keyAttrsArray = CFArrayCreate(NULL, keyAttrs, 1, &kCFTypeArrayCallBacks);
1318 SecItemImportExportKeyParameters keyParams = {
1319 SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, // uint32_t version
1320 0, // SecKeyImportExportFlags flags
1321 CFSTR("test"), // CFTypeRef passphrase
1322 CFSTR("title"), // CFStringRef alertTitle
1323 CFSTR("pw:"), // CFStringRef alertPrompt
1324 NULL, // SecAccessRef accessRef (unspecified, use default)
1325 keyUsagesArray, // CFArrayRef keyUsages
1326 keyAttrsArray // CFArrayRef keyAttributes
1327 };
1328 status = SecItemImport(p12DataRef,
1329 NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
1330 CFRelease(keyUsagesArray);
1331 CFRelease(keyAttrsArray);
1332 ok_status(status, "Unable to import TestIDSMIME2007_p12 identity: error %d\n", (int)status);
1333 if (status && status != errSecDuplicateItem) {
1334 goto error_exit;
1335 }
1336 }
1337
1338 /* add generic password items */
1339 status = SecKeychainAddGenericPassword(keychain,
1340 strlen("Test Service 42"), "Test Service 42",
1341 strlen("nobody"), "nobody",
1342 strlen("weakpass"), "weakpass",
1343 NULL);
1344 ok_status(status, "Unable to add \"Test Service 42\" generic password: error %d\n", (int)status);
1345 if (status && status != errSecDuplicateItem) {
1346 goto error_exit;
1347 }
1348 status = SecKeychainAddGenericPassword(keychain,
1349 strlen("Test Service 69"), "Test Service 69",
1350 strlen("nobody"), "nobody",
1351 strlen("weakpass"), "weakpass",
1352 NULL);
1353 ok_status(status, "Unable to add \"Test Service 69\" generic password: error %d\n", (int)status);
1354 if (status && status != errSecDuplicateItem) {
1355 goto error_exit;
1356 }
1357
1358 /* add internet password items */
1359 status = SecKeychainAddInternetPassword(keychain,
1360 strlen("test1.subdomain.apple.com"), "test1.subdomain.apple.com",
1361 0, NULL,
1362 strlen("nobody"), "nobody",
1363 0, NULL,
1364 80, kSecProtocolTypeHTTP, kSecAuthenticationTypeDefault,
1365 strlen("weakpass"), "weakpass",
1366 NULL);
1367 ok_status(status, "Unable to add \"test1.subdomain.apple.com\" internet password: error %d\n", (int)status);
1368 if (status && status != errSecDuplicateItem) {
1369 goto error_exit;
1370 }
1371 status = SecKeychainAddInternetPassword(keychain,
1372 strlen("test2.subdomain.apple.com"), "test2.subdomain.apple.com",
1373 0, NULL,
1374 strlen("nobody"), "nobody",
1375 0, NULL,
1376 443, kSecProtocolTypeHTTPS, kSecAuthenticationTypeDefault,
1377 strlen("weakpass"), "weakpass",
1378 NULL);
1379 ok_status(status, "Unable to add \"test2.subdomain.apple.com\" internet password: error %d\n", (int)status);
1380 if (status && status != errSecDuplicateItem) {
1381 goto error_exit;
1382 }
1383
1384 /* add a Mail password */
1385 status = SecKeychainAddInternetPassword(keychain,
1386 strlen("mail.apple.com"), "mail.apple.com",
1387 0, NULL,
1388 strlen("testacct"), "testacct",
1389 0, NULL,
1390 143, kSecProtocolTypeIMAP, kSecAuthenticationTypeDefault,
1391 strlen("testpass"), "testpass",
1392 NULL);
1393 ok_status(status, "Unable to add \"mail.apple.com\" internet password: error %d\n", (int)status);
1394 if (status && status != errSecDuplicateItem) {
1395 goto error_exit;
1396 }
1397
1398 /* if an item was already in the keychain from a previous run, we can ignore the error */
1399 if (status == errSecDuplicateItem)
1400 status = noErr;
1401
1402 error_exit:
1403
1404 if (keychain) CFRelease(keychain);
1405 PrintTestResult("TestAddItems", status, noErr);
1406
1407 return (int)status;
1408 }
1409
1410
1411 static int CheckResults(CFTypeRef results, CFIndex minMatchesExpected, CFIndex maxMatchesExpected)
1412 {
1413 OSStatus status = noErr;
1414 if (debug) {
1415 PrintCFThing(results);
1416 }
1417 if (minMatchesExpected > 0) {
1418 CFIndex matchesFound;
1419 if (CFGetTypeID(results) == CFArrayGetTypeID()) {
1420 // multiple items returned as an array
1421 matchesFound = CFArrayGetCount(results);
1422 }
1423 else {
1424 // single item returned as either a dictionary or an item reference
1425 matchesFound = (results) ? 1 : 0;
1426 }
1427 if (debug) {
1428 fprintf(stdout, "### Items matched: %d (minimum expected: %d",
1429 (int)matchesFound, (int)minMatchesExpected);
1430 if (maxMatchesExpected < MAXITEMS)
1431 fprintf(stdout, ", maximum expected: %d", (int)minMatchesExpected);
1432 fprintf(stdout, ")\n");
1433 fflush(stdout);
1434 }
1435 if (matchesFound < minMatchesExpected ||
1436 matchesFound > maxMatchesExpected) {
1437 /* should not happen, unless SecItemCopyMatching has a bug */
1438 status = errSecInternalError;
1439 }
1440 if(matchesFound < minMatchesExpected) {
1441 fail("CheckResults: %ld < %ld (minimum required)", matchesFound, minMatchesExpected);
1442 } else if(matchesFound > maxMatchesExpected) {
1443 fail("CheckResults: %ld > %ld (maximum allowed", matchesFound, maxMatchesExpected);
1444 } else {
1445 pass("CheckResults: matches found fall within requirements: %ld <= %ld <= %ld", minMatchesExpected, matchesFound, maxMatchesExpected);
1446 }
1447 }
1448 return (int)status;
1449 }
1450
1451
1452 #pragma mark -- Individual Test Cases --
1453
1454
1455 static int FindCertificateByEmail(SecKeychainRef keychain,
1456 CFStringRef emailStr,
1457 CFTypeRef returnType,
1458 CFTypeRef matchLimit,
1459 CFIndex minMatchesExpected,
1460 OSStatus expected)
1461 {
1462 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1463 &kCFTypeDictionaryKeyCallBacks,
1464 &kCFTypeDictionaryValueCallBacks);
1465
1466 /* set up the query */
1467 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1468 CFDictionaryAddValue( query, kSecMatchEmailAddressIfPresent, emailStr );
1469 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
1470 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
1471
1472 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1473 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1474 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1475
1476 CFTypeRef results = NULL;
1477 if (debug) {
1478 PrintStringToMatch(emailStr);
1479 }
1480
1481 OSStatus status = SecItemCopyMatching(query, &results);
1482
1483 if (!status && results) {
1484 status = CheckResults(results, minMatchesExpected, MAXITEMS);
1485 CFRelease(results);
1486 }
1487 if (query)
1488 CFRelease(query);
1489
1490 PrintTestResult("FindCertificateByEmail", status, expected);
1491
1492 return (status==expected) ? (int)noErr : (int)status;
1493 }
1494
1495
1496 static int FindCertificateByLabel(SecKeychainRef keychain,
1497 CFStringRef labelStr,
1498 CFTypeRef returnType,
1499 CFTypeRef matchLimit,
1500 CFIndex minMatchesExpected,
1501 CFIndex maxMatchesExpected,
1502 OSStatus expected)
1503 {
1504 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1505 &kCFTypeDictionaryKeyCallBacks,
1506 &kCFTypeDictionaryValueCallBacks);
1507
1508 /* set up the query */
1509 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1510 CFDictionaryAddValue( query, kSecAttrLabel, labelStr );
1511 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
1512 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
1513
1514 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1515 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1516 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1517
1518 CFTypeRef results = NULL;
1519 if (debug) {
1520 PrintStringToMatch(labelStr);
1521 }
1522
1523 OSStatus status = SecItemCopyMatching(query, &results);
1524
1525 if (!status && results) {
1526 status = CheckResults(results, minMatchesExpected, maxMatchesExpected);
1527 CFRelease(results);
1528 }
1529 if (query)
1530 CFRelease(query);
1531
1532 PrintTestResult("FindCertificateByLabel", status, expected);
1533
1534 return (status==expected) ? (int)noErr : (int)status;
1535 }
1536
1537
1538 static int FindCertificateByNameInSubject(SecKeychainRef keychain,
1539 CFStringRef nameStr,
1540 CFTypeRef matchType,
1541 CFTypeRef returnType,
1542 CFTypeRef matchLimit,
1543 CFIndex minMatchesExpected,
1544 OSStatus expected)
1545 {
1546 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1547 &kCFTypeDictionaryKeyCallBacks,
1548 &kCFTypeDictionaryValueCallBacks);
1549
1550 /* set up the query */
1551 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1552 CFDictionaryAddValue( query, matchType, nameStr );
1553 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
1554 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
1555
1556 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1557 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1558 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1559
1560 CFTypeRef results = NULL;
1561 if (debug) {
1562 PrintStringToMatch(nameStr);
1563 }
1564
1565 OSStatus status = SecItemCopyMatching(query, &results);
1566
1567 if (!status && results) {
1568 status = CheckResults(results, minMatchesExpected, MAXITEMS);
1569 CFRelease(results);
1570 }
1571 if (query)
1572 CFRelease(query);
1573
1574 PrintTestResult("FindCertificateByNameInSubject", status, expected);
1575
1576 return (status==expected) ? (int)noErr : (int)status;
1577 }
1578
1579
1580 static int FindCertificateByNameAndPolicy(SecKeychainRef keychain,
1581 CFStringRef nameStr,
1582 SecPolicyRef policy,
1583 CFTypeRef returnType,
1584 CFTypeRef matchLimit,
1585 CFIndex matchesExpected,
1586 OSStatus expected)
1587 {
1588 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1589 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1590
1591 const void *keys[] = {
1592 kSecMatchSearchList,
1593 kSecClass,
1594 kSecMatchSubjectContains,
1595 kSecMatchPolicy,
1596 kSecMatchLimit,
1597 returnType
1598 };
1599 const void *values[] = {
1600 searchList,
1601 kSecClassCertificate,
1602 nameStr,
1603 policy,
1604 matchLimit,
1605 kCFBooleanTrue
1606 };
1607
1608 OSStatus status = noErr;
1609 CFTypeRef results = NULL;
1610 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
1611 sizeof(keys) / sizeof(*keys),
1612 &kCFTypeDictionaryKeyCallBacks,
1613 &kCFTypeDictionaryValueCallBacks);
1614
1615 if (debug) {
1616 PrintStringToMatch(nameStr);
1617 PrintStringToMatch(SecPolicyGetName(policy));
1618 }
1619
1620 status = SecItemCopyMatching(query, &results);
1621
1622 if (!status && results) {
1623 status = CheckResults(results, matchesExpected, matchesExpected);
1624 CFRelease(results);
1625 }
1626 if (query)
1627 CFRelease(query);
1628
1629 PrintTestResult("FindCertificateByNameAndPolicy", status, expected);
1630
1631 return (status==expected) ? (int)noErr : (int)status;
1632 }
1633
1634
1635 static int FindCertificateByNameAndValidDate(SecKeychainRef keychain,
1636 CFStringRef nameStr,
1637 CFTypeRef validOnDate,
1638 CFTypeRef returnType,
1639 CFTypeRef matchLimit,
1640 CFIndex minMatchesExpected,
1641 OSStatus expected)
1642 {
1643 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1644 &kCFTypeDictionaryKeyCallBacks,
1645 &kCFTypeDictionaryValueCallBacks);
1646
1647 /* set up the query */
1648 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1649 CFDictionaryAddValue( query, kSecMatchSubjectContains, nameStr );
1650 CFDictionaryAddValue( query, kSecMatchValidOnDate, validOnDate ); // value may be a CFDateRef or a CFNullRef
1651 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
1652 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
1653
1654 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1655 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1656 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1657
1658 CFTypeRef results = NULL;
1659 if (debug) {
1660 PrintStringToMatch(nameStr);
1661 PrintStringToMatch(CFCopyDescription(validOnDate));
1662 }
1663
1664 OSStatus status = SecItemCopyMatching(query, &results);
1665
1666 if (!status && results) {
1667 status = CheckResults(results, minMatchesExpected, MAXITEMS);
1668 CFRelease(results);
1669 }
1670 if (query)
1671 CFRelease(query);
1672
1673 PrintTestResult("FindCertificateByNameAndValidDate", status, expected);
1674
1675 return (status==expected) ? (int)noErr : (int)status;
1676 }
1677
1678
1679 static int FindCertificateForSMIMEEncryption(SecKeychainRef keychain,
1680 CFStringRef emailAddr,
1681 CFTypeRef validOnDate,
1682 CFTypeRef returnType,
1683 CFTypeRef matchLimit,
1684 CFIndex minMatchesExpected,
1685 OSStatus expected)
1686 {
1687 /* create a SecPolicyRef for S/MIME */
1688 SecPolicyRef policy = SecPolicyCreateWithOID(kSecPolicyAppleSMIME);
1689 if (policy == NULL)
1690 return errSecPolicyNotFound;
1691
1692 CFMutableDictionaryRef properties = CFDictionaryCreateMutable(NULL, 0,
1693 &kCFTypeDictionaryKeyCallBacks,
1694 &kCFTypeDictionaryValueCallBacks);
1695
1696 /* property 1: must match email address */
1697 CFDictionaryAddValue( properties, kSecPolicyName, emailAddr );
1698 /* property 2: must have "key encipherment" key usage to be used for encryption */
1699 CFDictionaryAddValue( properties, kSecPolicyKU_KeyEncipherment, kCFBooleanTrue );
1700
1701 SecPolicySetProperties(policy, properties);
1702
1703 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1704 &kCFTypeDictionaryKeyCallBacks,
1705 &kCFTypeDictionaryValueCallBacks);
1706
1707 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1708 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1709 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1710
1711 /* set up the query */
1712 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1713 CFDictionaryAddValue( query, kSecMatchPolicy, policy );
1714 CFDictionaryAddValue( query, kSecMatchValidOnDate, validOnDate );
1715 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
1716 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
1717
1718 CFTypeRef results = NULL;
1719 if (debug) {
1720 PrintStringToMatch(emailAddr);
1721 PrintStringToMatch(CFCopyDescription(kSecPolicyAppleSMIME));
1722 PrintStringToMatch(CFCopyDescription(validOnDate));
1723 }
1724
1725 OSStatus status = SecItemCopyMatching(query, &results);
1726
1727 if (!status && results) {
1728 status = CheckResults(results, minMatchesExpected, MAXITEMS);
1729 CFRelease(results);
1730 }
1731 if (query)
1732 CFRelease(query);
1733 if (policy)
1734 CFRelease(policy);
1735 if (properties)
1736 CFRelease(properties);
1737
1738 PrintTestResult("FindCertificateForSMIMEEncryption", status, expected);
1739
1740 return (status==expected) ? (int)noErr : (int)status;
1741 }
1742
1743
1744 static int FindPreferredCertificateForSMIMEEncryption(SecKeychainRef keychain,
1745 CFStringRef emailAddr, CFTypeRef validOnDate)
1746 {
1747 // Note: this function assumes that a preferred certificate has been set up
1748 // previously for the given email address. This is handled in the calling
1749 // function.
1750
1751 OSStatus status = noErr;
1752 SecCertificateRef preferredCertificate = NULL;
1753 SecCertificateRef validatedCertificate = NULL;
1754
1755 // Pass an explicit key usage value to SecCertificateCopyPreferred to test <rdar://8192797>
1756 CFArrayRef keyUsage = CFArrayCreate(kCFAllocatorDefault, (const void **)&kSecAttrCanEncrypt, 1, &kCFTypeArrayCallBacks);
1757
1758 preferredCertificate = SecCertificateCopyPreferred(emailAddr, keyUsage);
1759 if (!preferredCertificate)
1760 status = errSecItemNotFound; // our test expects a preferred certificate to exist, so we return an error
1761 if (keyUsage)
1762 CFRelease(keyUsage);
1763
1764 if (!status && preferredCertificate) {
1765 // We found a preferred certificate, but it may have expired.
1766 // Verify the preferred certificate by looking up all certificates which
1767 // are valid for SMIME encryption, and using the kSecMatchItemList query
1768 // parameter to filter out everything but our preferred certificate. If
1769 // we end up with 0 results, the preferred certificate wasn't valid.
1770
1771 // set up the S/MIME policy first to check for the Key Encipherment key usage (needed for encryption)
1772 SecPolicyRef policy = SecPolicyCreateWithOID(kSecPolicyAppleSMIME);
1773 CFDictionaryRef properties = CFDictionaryCreate(kCFAllocatorDefault, (const void **)&kSecPolicyKU_KeyEncipherment, (const void **)&kCFBooleanTrue, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
1774 status = SecPolicySetProperties(policy, properties);
1775 CFRelease(properties);
1776
1777 // set up an item list consisting of just our preferred certificate
1778 CFArrayRef itemList = CFArrayCreate(kCFAllocatorDefault, (const void **)&preferredCertificate, 1, &kCFTypeArrayCallBacks);
1779
1780 // set up the query
1781 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
1782 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1783 CFDictionaryAddValue( query, kSecMatchPolicy, policy );
1784 CFDictionaryAddValue( query, kSecMatchValidOnDate, validOnDate );
1785 CFDictionaryAddValue( query, kSecMatchItemList, itemList );
1786 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne ); // only need to match one item!
1787 CFDictionaryAddValue( query, kSecReturnRef, kCFBooleanTrue );
1788
1789 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1790 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1791 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1792
1793 if (debug) {
1794 PrintStringToMatch(emailAddr);
1795 PrintStringToMatch(CFCopyDescription(validOnDate));
1796 }
1797
1798 status = SecItemCopyMatching(query, (CFTypeRef*)&validatedCertificate);
1799
1800 if (!status && validatedCertificate) {
1801 status = CheckResults(validatedCertificate, 1, 1); // expect exactly 1 result
1802 CFRelease(validatedCertificate);
1803 }
1804 if (query)
1805 CFRelease(query);
1806 if (policy)
1807 CFRelease(policy);
1808 if (itemList)
1809 CFRelease(itemList);
1810 }
1811 else if (!quiet)
1812 fprintf(stderr, "FindPreferredCertificateForSMIMEEncryption: unexpected error %d\n", (int)status);
1813
1814 if (preferredCertificate)
1815 CFRelease(preferredCertificate);
1816
1817 PrintTestResult("FindPreferredCertificateForSMIMEEncryption", status, noErr);
1818
1819 return (status==noErr) ? (int)noErr : (int)status;
1820 }
1821
1822
1823 static int SetPreferredCertificateForSMIMEEncryption(SecKeychainRef keychain, CFStringRef nameStr,
1824 CFStringRef emailAddr)
1825 {
1826 // find the certificate exactly matching the given common name
1827 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
1828 &kCFTypeDictionaryKeyCallBacks,
1829 &kCFTypeDictionaryValueCallBacks);
1830
1831 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1832 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1833 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
1834
1835 CFDictionaryAddValue( query, kSecClass, kSecClassCertificate );
1836 CFDictionaryAddValue( query, kSecMatchSubjectWholeString, nameStr );
1837 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne );
1838 CFDictionaryAddValue( query, kSecReturnRef, kCFBooleanTrue );
1839
1840 CFTypeRef results = NULL;
1841 OSStatus status = SecItemCopyMatching(query, &results);
1842
1843 if (!quiet && status)
1844 fprintf(stderr, "SetPreferredCertificateForSMIMEEncryption: SecItemCopyMatching error %d\n", (int)status);
1845
1846 if (!status && results) {
1847 // since we asked for kSecMatchLimitOne, the result is a single item
1848 SecCertificateRef certificate = (SecCertificateRef) results;
1849 if (SecCertificateGetTypeID() != CFGetTypeID(certificate)) {
1850 fprintf(stderr, "SetPreferredCertificateForSMIMEEncryption: unexpected result type!\n");
1851 }
1852 else {
1853 // Pass an explicit key usage value to SecCertificateSetPreferred to test <rdar://8192797>
1854 CFArrayRef keyUsage = CFArrayCreate(kCFAllocatorDefault, (const void **)&kSecAttrCanEncrypt, 1, &kCFTypeArrayCallBacks);
1855 status = SecCertificateSetPreferred(certificate, emailAddr, keyUsage);
1856 if (!quiet && status)
1857 fprintf(stderr, "SetPreferredCertificateForSMIMEEncryption: SecCertificateSetPreferred error %d\n", (int)status);
1858 if (keyUsage)
1859 CFRelease(keyUsage);
1860 }
1861 CFRelease(results);
1862 }
1863 if (query)
1864 CFRelease(query);
1865
1866 return (status==noErr) ? (int)noErr : (int)status;
1867 }
1868
1869
1870 static int FindIdentityByName(SecKeychainRef keychain,
1871 CFStringRef nameStr,
1872 CFTypeRef returnType,
1873 CFTypeRef matchLimit,
1874 CFIndex matchesExpected,
1875 OSStatus expected)
1876 {
1877 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1878 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1879
1880 const void *keys[] = {
1881 kSecMatchSearchList,
1882 kSecClass,
1883 kSecMatchSubjectContains,
1884 kSecMatchLimit,
1885 returnType
1886 };
1887 const void *values[] = {
1888 searchList,
1889 kSecClassIdentity,
1890 nameStr,
1891 matchLimit,
1892 kCFBooleanTrue
1893 };
1894
1895 OSStatus status = noErr;
1896 CFTypeRef results = NULL;
1897 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
1898 sizeof(keys) / sizeof(*keys),
1899 &kCFTypeDictionaryKeyCallBacks,
1900 &kCFTypeDictionaryValueCallBacks);
1901
1902 if (debug) PrintStringToMatch(nameStr);
1903
1904 status = SecItemCopyMatching(query, &results);
1905
1906 if (!status && results) {
1907 status = CheckResults(results, matchesExpected, matchesExpected);
1908 CFRelease(results);
1909 }
1910 if (query)
1911 CFRelease(query);
1912
1913 PrintTestResult("FindIdentityByName", status, expected);
1914
1915 return (status==expected) ? (int)noErr : (int)status;
1916 }
1917
1918
1919 static int FindIdentityByPolicy(SecKeychainRef keychain,
1920 SecPolicyRef policy,
1921 CFTypeRef returnType,
1922 CFTypeRef matchLimit,
1923 CFIndex minMatchesExpected,
1924 OSStatus expected)
1925 {
1926 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1927 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1928
1929 const void *keys[] = {
1930 kSecMatchSearchList,
1931 kSecClass,
1932 kSecMatchPolicy,
1933 kSecMatchLimit,
1934 returnType
1935 };
1936 const void *values[] = {
1937 searchList,
1938 kSecClassIdentity,
1939 policy,
1940 matchLimit,
1941 kCFBooleanTrue
1942 };
1943
1944 OSStatus status = noErr;
1945 CFTypeRef results = NULL;
1946 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
1947 sizeof(keys) / sizeof(*keys),
1948 &kCFTypeDictionaryKeyCallBacks,
1949 &kCFTypeDictionaryValueCallBacks);
1950
1951 if (debug) PrintStringToMatch(SecPolicyGetName(policy));
1952
1953 status = SecItemCopyMatching(query, &results);
1954
1955 if (!status && results) {
1956 status = CheckResults(results, minMatchesExpected, MAXITEMS);
1957 CFRelease(results);
1958 }
1959 if (query)
1960 CFRelease(query);
1961
1962 PrintTestResult("FindIdentityByPolicy", status, expected);
1963
1964 return (status==expected) ? (int)noErr : (int)status;
1965 }
1966
1967
1968 static int FindIdentityByPolicyAndValidDate(SecKeychainRef keychain,
1969 CFTypeRef policyIdentifier,
1970 Boolean isClientPolicy,
1971 CFTypeRef validOnDate,
1972 CFStringRef forbidStr,
1973 CFTypeRef returnType,
1974 CFTypeRef matchLimit,
1975 CFIndex matchesExpected,
1976 OSStatus expected)
1977 {
1978 /* given the policy OID, create a SecPolicyRef */
1979 SecPolicyRef policy = SecPolicyCreateWithOID(policyIdentifier);
1980 if (policy == NULL)
1981 return errSecPolicyNotFound;
1982 if (isClientPolicy == TRUE) {
1983 /* specify the kSecPolicyClient property key for this policy */
1984 const void *keys[] = { kSecPolicyClient };
1985 const void *values[] = { kCFBooleanTrue };
1986 CFDictionaryRef properties = CFDictionaryCreate(NULL, keys, values,
1987 sizeof(keys) / sizeof(*keys),
1988 &kCFTypeDictionaryKeyCallBacks,
1989 &kCFTypeDictionaryValueCallBacks);
1990 SecPolicySetProperties(policy, properties);
1991 }
1992
1993 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
1994 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
1995
1996 const void *keys[] = {
1997 kSecMatchSearchList,
1998 kSecClass,
1999 kSecMatchPolicy,
2000 kSecMatchValidOnDate,
2001 kSecMatchLimit,
2002 returnType
2003 };
2004 const void *values[] = {
2005 searchList,
2006 kSecClassIdentity,
2007 policy,
2008 validOnDate,
2009 matchLimit,
2010 kCFBooleanTrue
2011 };
2012
2013 OSStatus status = noErr;
2014 CFTypeRef results = NULL;
2015 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
2016 sizeof(keys) / sizeof(*keys),
2017 &kCFTypeDictionaryKeyCallBacks,
2018 &kCFTypeDictionaryValueCallBacks);
2019
2020 if (debug) PrintStringToMatch(CFCopyDescription(policyIdentifier));
2021
2022 status = SecItemCopyMatching(query, &results);
2023
2024 // check returned items for forbidStr as a substring in the label attribute;
2025 // return errSecInternalError if found
2026 if (!status && results && forbidStr) {
2027 if (CFArrayGetTypeID() == CFGetTypeID(results)) {
2028 CFArrayRef items = (CFArrayRef) results;
2029 CFIndex ix, count = CFArrayGetCount(results);
2030 for (ix=0; ix<count; ix++) {
2031 CFTypeRef anItem = (CFTypeRef) CFArrayGetValueAtIndex(items, ix);
2032 if (anItem && CFDictionaryGetTypeID() == CFGetTypeID(anItem)) {
2033 CFDictionaryRef item = (CFDictionaryRef) anItem;
2034 CFStringRef label = NULL;
2035 if (CFDictionaryGetValueIfPresent(item, kSecAttrLabel, (const void **)&label) && label) {
2036 CFRange range = CFStringFind(label, forbidStr, 0);
2037 if (!(range.length < 1)) {
2038 status = errSecInternalError; // shouldn't have found this, but we did.
2039 break;
2040 } // found forbidStr
2041 } // found label attribute
2042 } // item is a dictionary
2043 } // item for-loop
2044 } // result is an array
2045 } // check forbidStr
2046
2047
2048 if (!status && results) {
2049 status = CheckResults(results, matchesExpected, matchesExpected);
2050 CFRelease(results);
2051 }
2052 if (query)
2053 CFRelease(query);
2054 if (policy)
2055 CFRelease(policy);
2056
2057 PrintTestResult("FindIdentityByPolicyAndValidDate", status, expected);
2058
2059 return (status==expected) ? (int)noErr : (int)status;
2060 }
2061
2062
2063 static int FindIdentityByNameAndValidDate(SecKeychainRef keychain,
2064 CFStringRef nameStr,
2065 CFTypeRef validOnDate,
2066 CFTypeRef returnType,
2067 CFTypeRef matchLimit,
2068 CFIndex minMatchesExpected,
2069 OSStatus expected)
2070 {
2071 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
2072 &kCFTypeDictionaryKeyCallBacks,
2073 &kCFTypeDictionaryValueCallBacks);
2074
2075 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2076 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2077 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
2078
2079 /* set up the query */
2080 CFDictionaryAddValue( query, kSecClass, kSecClassIdentity );
2081 CFDictionaryAddValue( query, kSecMatchSubjectContains, nameStr );
2082 CFDictionaryAddValue( query, kSecMatchValidOnDate, validOnDate ); // value may be a CFDateRef or a CFNullRef
2083 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit );
2084 CFDictionaryAddValue( query, returnType, kCFBooleanTrue );
2085
2086 CFTypeRef results = NULL;
2087 if (debug) {
2088 PrintStringToMatch(nameStr);
2089 PrintStringToMatch(CFCopyDescription(validOnDate));
2090 }
2091
2092 OSStatus status = SecItemCopyMatching(query, &results);
2093
2094 if (!status && results) {
2095 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2096 CFRelease(results);
2097 }
2098 if (query)
2099 CFRelease(query);
2100
2101 PrintTestResult("FindIdentityByNameAndValidDate", status, expected);
2102
2103 return (status==expected) ? (int)noErr : (int)status;
2104 }
2105
2106
2107 static int FindPreferredIdentityForSMIMESigning(SecKeychainRef keychain, CFStringRef emailAddr,
2108 CFTypeRef validOnDate)
2109 {
2110 // Note: this function assumes that a preferred identity has been set up
2111 // previously for the given email address. This is handled in the calling
2112 // function.
2113
2114 OSStatus status = noErr;
2115 SecIdentityRef preferredIdentity = NULL;
2116 SecIdentityRef validatedIdentity = NULL;
2117
2118 // Pass an explicit key usage value to SecIdentityCopyPreferred to test <rdar://8192797>
2119 CFArrayRef keyUsage = CFArrayCreate(kCFAllocatorDefault, (const void **)&kSecAttrCanSign, 1, &kCFTypeArrayCallBacks);
2120
2121 preferredIdentity = SecIdentityCopyPreferred(emailAddr, keyUsage, NULL);
2122 isnt(preferredIdentity, NULL, "FindPreferredIdentityForSMIMESigning: SecIdentityCopyPreferred");
2123
2124 if (!preferredIdentity)
2125 status = errSecItemNotFound; // our test expects a preferred identity to exist, so we return an error
2126 if (keyUsage)
2127 CFRelease(keyUsage);
2128
2129 if (!status && preferredIdentity) {
2130 pass("FindPreferredIdentityForSMIMESigning: found a preferred identity");
2131
2132 // We found a preferred identity, but it may have expired.
2133 // Verify the preferred identity by looking up all identities which
2134 // are valid for SMIME signing, and using the kSecMatchItemList query
2135 // parameter to filter out everything but our preferred identity. If
2136 // we end up with 0 results, the preferred identity wasn't valid.
2137
2138 // set up the S/MIME policy first to check for Digital Signature key usage
2139 SecPolicyRef policy = SecPolicyCreateSMIME(kSecSignSMIMEUsage, emailAddr);
2140
2141 // set up an item list consisting of just our preferred identity
2142 CFArrayRef itemList = CFArrayCreate(kCFAllocatorDefault, (const void **)&preferredIdentity, 1, &kCFTypeArrayCallBacks);
2143
2144 // set up the query
2145 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
2146 CFDictionaryAddValue( query, kSecClass, kSecClassIdentity );
2147 CFDictionaryAddValue( query, kSecMatchPolicy, policy );
2148 CFDictionaryAddValue( query, kSecMatchValidOnDate, validOnDate );
2149 CFDictionaryAddValue( query, kSecMatchItemList, itemList );
2150 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne ); // only need to match one item!
2151 CFDictionaryAddValue( query, kSecReturnRef, kCFBooleanTrue );
2152
2153 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2154 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2155 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
2156
2157 if (debug) {
2158 PrintStringToMatch(emailAddr);
2159 PrintStringToMatch(CFCopyDescription(validOnDate));
2160 }
2161
2162 status = SecItemCopyMatching(query, (CFTypeRef*)&validatedIdentity);
2163 ok_status(status, "FindPreferredIdentityForSMIMESigning: SecItemCopyMatching");
2164
2165 if (!status && validatedIdentity) {
2166 status = CheckResults(validatedIdentity, 1, 1); // expect exactly 1 result
2167 CFRelease(validatedIdentity);
2168 }
2169 if (query)
2170 CFRelease(query);
2171 if (policy)
2172 CFRelease(policy);
2173 if (itemList)
2174 CFRelease(itemList);
2175 }
2176 else {
2177 fail("FindPreferredIdentityForSMIMESigning: unexpected error %d\n", (int)status);
2178 }
2179
2180 if (preferredIdentity)
2181 CFRelease(preferredIdentity);
2182
2183 PrintTestResult("FindPreferredIdentityForSMIMESigning", status, noErr);
2184
2185 return (status==noErr) ? (int)noErr : (int)status;
2186 }
2187
2188
2189 static int SetPreferredIdentityForSMIMESigning(SecKeychainRef keychain, CFStringRef nameStr,
2190 CFStringRef emailAddr)
2191 {
2192 // find the identity exactly matching the given common name
2193 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
2194 &kCFTypeDictionaryKeyCallBacks,
2195 &kCFTypeDictionaryValueCallBacks);
2196
2197 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2198 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2199 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
2200
2201 CFDictionaryAddValue( query, kSecClass, kSecClassIdentity );
2202 CFDictionaryAddValue( query, kSecMatchSubjectWholeString, nameStr );
2203 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne );
2204 CFDictionaryAddValue( query, kSecReturnRef, kCFBooleanTrue );
2205
2206 CFTypeRef results = NULL;
2207 OSStatus status = SecItemCopyMatching(query, &results);
2208
2209 ok_status(status, "SetPreferredIdentityForSMIMESigning: SecItemCopyMatching error %d\n", (int)status);
2210
2211 if (!status && results) {
2212 // since we asked for kSecMatchLimitOne, the result is a single SecIdentityRef
2213 SecIdentityRef identity = (SecIdentityRef) results;
2214
2215 is(SecIdentityGetTypeID(),CFGetTypeID(identity), "SetPreferredCertificateForSMIMEEncryption: unexpected result type!\n");
2216
2217 // Pass an explicit key usage value to SecIdentitySetPreferred to test <rdar://8192797>
2218 CFArrayRef keyUsage = CFArrayCreate(kCFAllocatorDefault, (const void **)&kSecAttrCanSign, 1, &kCFTypeArrayCallBacks);
2219 status = SecIdentitySetPreferred(identity, emailAddr, keyUsage);
2220 ok_status(status, "SetPreferredIdentityForSMIMESigning: SecIdentitySetPreferred error %d\n", (int)status);
2221 if (keyUsage)
2222 CFRelease(keyUsage);
2223
2224 CFRelease(results);
2225 }
2226 if (query)
2227 CFRelease(query);
2228
2229 return (status==noErr) ? (int)noErr : (int)status;
2230 }
2231
2232
2233 static int FindGenericPasswordByAccount(SecKeychainRef keychain,
2234 CFStringRef accountStr,
2235 CFTypeRef returnType,
2236 CFTypeRef matchLimit,
2237 CFIndex minMatchesExpected,
2238 OSStatus expected)
2239 {
2240 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2241 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2242
2243 const void *keys[] = {
2244 kSecMatchSearchList,
2245 kSecClass,
2246 kSecAttrAccount,
2247 kSecMatchLimit,
2248 returnType
2249 };
2250 const void *values[] = {
2251 searchList,
2252 kSecClassGenericPassword,
2253 accountStr,
2254 matchLimit,
2255 kCFBooleanTrue
2256 };
2257
2258 OSStatus status = noErr;
2259 CFTypeRef results = NULL;
2260 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
2261 sizeof(keys) / sizeof(*keys),
2262 &kCFTypeDictionaryKeyCallBacks,
2263 &kCFTypeDictionaryValueCallBacks);
2264
2265 if (debug) PrintStringToMatch(accountStr);
2266
2267 status = SecItemCopyMatching(query, &results);
2268 ok_status(status, "FindGenericPasswordByAccount: SecItemCopyMatching");
2269
2270 if (!status && results) {
2271 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2272 CFRelease(results);
2273 }
2274 if (query)
2275 CFRelease(query);
2276
2277 PrintTestResult("FindGenericPasswordByAccount", status, expected);
2278
2279 return (status==expected) ? (int)noErr : (int)status;
2280 }
2281
2282
2283 static int FindGenericPasswordByAccountAndService(SecKeychainRef keychain,
2284 CFStringRef accountStr,
2285 CFStringRef serviceStr,
2286 CFTypeRef returnType,
2287 CFTypeRef matchLimit,
2288 CFIndex minMatchesExpected,
2289 OSStatus expected)
2290 {
2291 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2292 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2293
2294 const void *keys[] = {
2295 kSecMatchSearchList,
2296 kSecClass,
2297 kSecAttrAccount,
2298 kSecAttrService,
2299 kSecMatchLimit,
2300 returnType
2301 };
2302 const void *values[] = {
2303 searchList,
2304 kSecClassGenericPassword,
2305 accountStr,
2306 serviceStr,
2307 matchLimit,
2308 kCFBooleanTrue
2309 };
2310
2311 OSStatus status = noErr;
2312 CFTypeRef results = NULL;
2313 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
2314 sizeof(keys) / sizeof(*keys),
2315 &kCFTypeDictionaryKeyCallBacks,
2316 &kCFTypeDictionaryValueCallBacks);
2317
2318 if (debug) {
2319 PrintStringToMatch(accountStr);
2320 PrintStringToMatch(serviceStr);
2321 }
2322 status = SecItemCopyMatching(query, &results);
2323 ok_status(status, "FindGenericPasswordByAccountAndService: SecItemCopyMatching");
2324
2325 if (!status && results) {
2326 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2327 CFRelease(results);
2328 }
2329 if (query)
2330 CFRelease(query);
2331
2332 PrintTestResult("FindGenericPasswordByAccountAndService", status, expected);
2333
2334 return (status==expected) ? (int)noErr : (int)status;
2335 }
2336
2337
2338 static int FindInternetPasswordByAccount(SecKeychainRef keychain,
2339 CFStringRef accountStr,
2340 CFTypeRef returnType,
2341 CFTypeRef matchLimit,
2342 CFIndex minMatchesExpected,
2343 OSStatus expected)
2344 {
2345 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2346 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2347
2348 const void *keys[] = {
2349 kSecMatchSearchList,
2350 kSecClass,
2351 kSecAttrAccount,
2352 kSecMatchLimit,
2353 returnType
2354 };
2355 const void *values[] = {
2356 searchList,
2357 kSecClassInternetPassword,
2358 accountStr,
2359 matchLimit,
2360 kCFBooleanTrue
2361 };
2362
2363 OSStatus status = noErr;
2364 CFTypeRef results = NULL;
2365 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
2366 sizeof(keys) / sizeof(*keys),
2367 &kCFTypeDictionaryKeyCallBacks,
2368 &kCFTypeDictionaryValueCallBacks);
2369
2370 if (debug) PrintStringToMatch(accountStr);
2371
2372 status = SecItemCopyMatching(query, &results);
2373 ok_status(status, "FindInternetPasswordByAccount: SecItemCopyMatching");
2374
2375 if (!status && results) {
2376 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2377 CFRelease(results);
2378 }
2379 if (query)
2380 CFRelease(query);
2381
2382 PrintTestResult("FindInternetPasswordByAccount", status, expected);
2383
2384 return (status==expected) ? (int)noErr : (int)status;
2385 }
2386
2387
2388 static int FindInternetPasswordByAccountAndServer(SecKeychainRef keychain,
2389 CFStringRef accountStr,
2390 CFStringRef serverStr,
2391 CFTypeRef returnType,
2392 CFTypeRef matchLimit,
2393 CFIndex minMatchesExpected,
2394 OSStatus expected)
2395 {
2396 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2397 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2398
2399 const void *keys[] = {
2400 kSecMatchSearchList,
2401 kSecClass,
2402 kSecAttrAccount,
2403 kSecAttrServer,
2404 kSecMatchLimit,
2405 returnType
2406 };
2407 const void *values[] = {
2408 searchList,
2409 kSecClassInternetPassword,
2410 accountStr,
2411 serverStr,
2412 matchLimit,
2413 kCFBooleanTrue
2414 };
2415
2416 OSStatus status = noErr;
2417 CFTypeRef results = NULL;
2418 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
2419 sizeof(keys) / sizeof(*keys),
2420 &kCFTypeDictionaryKeyCallBacks,
2421 &kCFTypeDictionaryValueCallBacks);
2422
2423 if (debug) {
2424 PrintStringToMatch(accountStr);
2425 PrintStringToMatch(serverStr);
2426 }
2427 status = SecItemCopyMatching(query, &results);
2428 ok_status(status, "FindInternetPasswordByAccountAndServer: SecItemCopyMatching");
2429
2430 if (!status && results) {
2431 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2432 CFRelease(results);
2433 }
2434 if (query)
2435 CFRelease(query);
2436
2437 PrintTestResult("FindInternetPasswordByAccountAndServer", status, expected);
2438
2439 return (status==expected) ? (int)noErr : (int)status;
2440 }
2441
2442
2443 static int FindMailPassword(SecKeychainRef keychain,
2444 CFStringRef account,
2445 CFStringRef server)
2446 {
2447 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
2448 &kCFTypeDictionaryKeyCallBacks,
2449 &kCFTypeDictionaryValueCallBacks);
2450
2451 SInt16 port = 143;
2452 CFNumberRef portNumber = CFNumberCreate(NULL, kCFNumberSInt16Type, &port);
2453
2454 // set up query for a Mail password (IMAP, port 143) for given account and server
2455 CFDictionaryAddValue( query, kSecClass, kSecClassInternetPassword );
2456 CFDictionaryAddValue( query, kSecAttrAccount, account );
2457 CFDictionaryAddValue( query, kSecAttrServer, server );
2458 CFDictionaryAddValue( query, kSecAttrProtocol, kSecAttrProtocolIMAP );
2459 CFDictionaryAddValue( query, kSecAttrPort, portNumber );
2460 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne );
2461 CFDictionaryAddValue( query, kSecReturnData, kCFBooleanTrue );
2462
2463 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2464 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2465 CFDictionaryAddValue(query, kSecMatchSearchList, searchList);
2466
2467 CFTypeRef results = NULL;
2468 OSStatus status = SecItemCopyMatching(query, &results);
2469 ok_status(status, "FindMailPassword: SecItemCopyMatching error %d\n", (int)status);
2470
2471 if (!status && results) {
2472 // since we asked for kSecMatchLimitOne w/kSecReturnData, the result is the found password
2473 CFDataRef password = (CFDataRef) results;
2474 is(CFDataGetTypeID(), CFGetTypeID(password), "FindMailPassword: unexpected result type!\n");
2475
2476 if (debug) CFShow(password);
2477
2478 CFRelease(results);
2479 }
2480 if (query)
2481 CFRelease(query);
2482 if (portNumber)
2483 CFRelease(portNumber);
2484
2485 return (status==noErr) ? (int)noErr : (int)status;
2486 }
2487
2488
2489
2490 const CFStringRef gPrefix = CFSTR("Test Key");
2491 const CFStringRef gLabel = CFSTR("Test AES Encryption Key");
2492 const CFStringRef gUUID = CFSTR("550e8400-e29b-41d4-a716-446655441234");
2493
2494 // CreateSymmetricKey will create a new AES-128 symmetric encryption key
2495 // with the provided label, application label, and application tag.
2496 // Each of those attributes is optional, but only the latter two
2497 // (application label and application tag) are considered part of the
2498 // key's "unique" attribute set. Previously, if you attempted to create a
2499 // key which differs only in the label attribute (but not in the other two)
2500 // then the attempt would fail and leave a "turd" key with no label in your
2501 // keychain: <rdar://8289559>, fixed in 11A268a.
2502
2503 static int CreateSymmetricKey(
2504 SecKeychainRef keychain,
2505 CFStringRef keyLabel,
2506 CFStringRef keyAppLabel,
2507 CFStringRef keyAppTag,
2508 OSStatus expected)
2509 {
2510 OSStatus status;
2511 int keySizeValue = 128;
2512 CFNumberRef keySize = CFNumberCreate(NULL, kCFNumberIntType, &keySizeValue);
2513
2514 // create a SecAccessRef to set up the initial access control settings for this key
2515 // (this step is optional; if omitted, the creating application has access to the key)
2516 // note: the access descriptor should be the same string as will be used for the item's label,
2517 // since it's the string that is displayed by the access confirmation dialog to describe the item.
2518 SecAccessRef access = NULL;
2519 status = SecAccessCreate(gLabel, NULL, &access);
2520
2521 // create a dictionary of parameters describing the key we want to create
2522 CFMutableDictionaryRef params = CFDictionaryCreateMutable(NULL, 0,
2523 &kCFTypeDictionaryKeyCallBacks,
2524 &kCFTypeDictionaryValueCallBacks);
2525
2526 CFDictionaryAddValue( params, kSecClass, kSecClassKey );
2527 CFDictionaryAddValue( params, kSecUseKeychain, keychain );
2528 CFDictionaryAddValue( params, kSecAttrAccess, access );
2529 CFDictionaryAddValue( params, kSecAttrKeyClass, kSecAttrKeyClassSymmetric );
2530 CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeAES );
2531 CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize );
2532 CFDictionaryAddValue( params, kSecAttrIsPermanent, kCFBooleanTrue );
2533 CFDictionaryAddValue( params, kSecAttrCanEncrypt, kCFBooleanTrue );
2534 CFDictionaryAddValue( params, kSecAttrCanDecrypt, kCFBooleanTrue );
2535 CFDictionaryAddValue( params, kSecAttrCanWrap, kCFBooleanFalse );
2536 CFDictionaryAddValue( params, kSecAttrCanUnwrap, kCFBooleanFalse );
2537 if (keyLabel)
2538 CFDictionaryAddValue( params, kSecAttrLabel, keyLabel );
2539 if (keyAppLabel)
2540 CFDictionaryAddValue( params, kSecAttrApplicationLabel, keyAppLabel );
2541 if (keyAppTag)
2542 CFDictionaryAddValue( params, kSecAttrApplicationTag, keyAppTag );
2543
2544 // generate the key
2545 CFErrorRef error = NULL;
2546 SecKeyRef key = SecKeyGenerateSymmetric(params, &error);
2547
2548 // print result and clean up
2549 if (debug) {
2550 if (key == NULL) {
2551 CFStringRef desc = (error) ? CFErrorCopyDescription(error) : CFRetain(CFSTR("(no result!"));
2552 PrintCFStringWithFormat("SecKeyGenerateSymmetric failed: %s\n", desc);
2553 CFRelease(desc);
2554 }
2555 else {
2556 CFStringRef desc = CFCopyDescription(key);
2557 PrintCFStringWithFormat("SecKeyGenerateSymmetric succeeded: %s\n", desc);
2558 CFRelease(desc);
2559 }
2560 }
2561 status = (error) ? (OSStatus) CFErrorGetCode(error) : noErr;
2562 // if (status == errSecDuplicateItem)
2563 // status = noErr; // it's OK if the key already exists
2564
2565 if (key) CFRelease(key);
2566 if (error) CFRelease(error);
2567 if (params) CFRelease(params);
2568 if (keychain) CFRelease(keychain);
2569 if (access) CFRelease(access);
2570
2571 PrintTestResult("CreateSymmetricKey", status, expected);
2572
2573 return status;
2574 }
2575
2576
2577 static int FindSymmetricKey(
2578 SecKeychainRef keychain,
2579 CFStringRef keyLabel,
2580 CFStringRef keyAppLabel,
2581 CFStringRef keyAppTag,
2582 OSStatus expected)
2583 {
2584 // create a dictionary of parameters describing the key we want to find,
2585 // and how we want the result to be returned
2586 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
2587 &kCFTypeDictionaryKeyCallBacks,
2588 &kCFTypeDictionaryValueCallBacks);
2589
2590 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2591 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2592 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
2593
2594 CFDictionaryAddValue( query, kSecClass, kSecClassKey );
2595 CFDictionaryAddValue( query, kSecAttrKeyClass, kSecAttrKeyClassSymmetric );
2596 CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitOne ); // we only want the first match
2597 CFDictionaryAddValue( query, kSecReturnRef, kCFBooleanTrue ); // we want the result as a SecKeyRef
2598 CFDictionaryAddValue( query, kSecReturnAttributes, kCFBooleanTrue ); // we also want the found item's attributes
2599 if (keyLabel)
2600 CFDictionaryAddValue( query, kSecAttrLabel, keyLabel );
2601 if (keyAppLabel)
2602 CFDictionaryAddValue( query, kSecAttrApplicationLabel, keyAppLabel );
2603 if (keyAppTag)
2604 CFDictionaryAddValue( query, kSecAttrApplicationLabel, keyAppTag );
2605
2606 CFTypeRef result = NULL;
2607 OSStatus status = SecItemCopyMatching(query, &result);
2608 if(expected == errSecSuccess) {
2609 ok_status(status, "FindSymmetricKey: SecItemCopyMatching");
2610 } else {
2611 is(status, expected, "FindSymmetricKey: SecItemCopyMatching");
2612 }
2613
2614 // print result and clean up
2615 if (debug) {
2616 if (status == noErr) {
2617 fprintf(stdout, "SecItemCopyMatching succeeded; found key\n");
2618 PrintCFThing(result);
2619 }
2620 else if (status == errSecItemNotFound) {
2621 fprintf(stdout, "SecItemCopyMatching: item not found\n");
2622 }
2623 else {
2624 fprintf(stdout, "SecItemCopyMatching: failed! (error %d)\n", (int)status);
2625 }
2626 }
2627
2628 SecKeyRef key = NULL;
2629 if (result) {
2630 // since we asked for both the item reference and the item attributes,
2631 // we expect a dictionary to be returned...
2632 if (CFDictionaryGetTypeID() == CFGetTypeID(result)) {
2633 if (CFDictionaryGetValueIfPresent(result, kSecValueRef, (CFTypeRef*)&key))
2634 CFRetain(key);
2635 }
2636 CFRelease(result); // all done with result dictionary
2637 }
2638
2639 if (key) CFRelease(key);
2640 if (query) CFRelease(query);
2641
2642 PrintTestResult("FindSymmetricKey", status, expected);
2643
2644 return status;
2645 }
2646
2647
2648 static int FindAndDeleteItemsByName(
2649 SecKeychainRef keychain,
2650 CFStringRef nameStr,
2651 CFStringRef accountStr,
2652 CFTypeRef itemClass,
2653 CFTypeRef matchLimit,
2654 CFIndex minMatchesExpected,
2655 OSStatus expected)
2656 {
2657 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
2658 &kCFTypeDictionaryKeyCallBacks,
2659 &kCFTypeDictionaryValueCallBacks);
2660
2661 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
2662 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
2663 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
2664
2665 CFTypeRef nameMatchKey;
2666 if (CFEqual(itemClass, kSecClassCertificate) ||
2667 CFEqual(itemClass, kSecClassIdentity)) {
2668 nameMatchKey = kSecMatchSubjectStartsWith; /* must start with nameStr */
2669 }
2670 else {
2671 nameMatchKey = kSecAttrLabel; /* nameStr must exactly match label */
2672 }
2673
2674 /* set up the query */
2675 CFDictionaryAddValue( query, kSecClass, itemClass );
2676 CFDictionaryAddValue( query, nameMatchKey, nameStr);
2677 CFDictionaryAddValue( query, kSecMatchLimit, matchLimit);
2678 if (accountStr) {
2679 CFDictionaryAddValue( query, kSecAttrAccount, accountStr);
2680 }
2681
2682 CFTypeRef results = NULL;
2683 if (debug) {
2684 PrintStringToMatch(nameStr);
2685 }
2686
2687 OSStatus status = SecItemCopyMatching(query, &results);
2688 ok_status(status, "FindAndDeleteItemsByName: SecItemCopyMatching");
2689
2690 if (!status) {
2691 /* Make sure that we found the items we expected to find */
2692 status = CheckResults(results, minMatchesExpected, MAXITEMS);
2693 CFRelease(results);
2694 }
2695
2696 if (!status) {
2697 /* OK, now the real reason we're here... the same query must work for SecItemDelete */
2698 status = SecItemDelete(query);
2699
2700 PrintTestResult("FindAndDeleteItemsByName: deleting items", status, expected);
2701 }
2702
2703 if (!status) {
2704 /* re-run the same query... should find no matching items this time */
2705 status = SecItemCopyMatching(query, &results);
2706 if (!status) {
2707 /* oops... we still found matches using this query */
2708 int count = (int)CFArrayGetCount(results);
2709 is(count, 0, "### FindAndDeleteItemsByName: still found %d items, expected 0\n", count);
2710 CFRelease(results);
2711 }
2712 PrintTestResult("FindAndDeleteItemsByName: find after delete", status, errSecItemNotFound);
2713
2714 status = (status == errSecItemNotFound) ? expected : errSecInternalError;
2715 }
2716
2717 if (query)
2718 CFRelease(query);
2719
2720 return (status==expected) ? (int)noErr : (int)status;
2721 }
2722
2723
2724 #pragma mark -- Test Functions --
2725
2726
2727 static int TestIdentityLookup(SecKeychainRef keychain)
2728 {
2729 int result = 0;
2730
2731 // look up identity by name, want first result as a SecIdentityRef
2732 result += FindIdentityByName(keychain, CFSTR("Test SSL User"), kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2733
2734 // look up existing non-identity certificate by name, expect errSecItemNotFound error
2735 result += FindIdentityByName(keychain, CFSTR("Test-5685316-LEAF"), kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2736
2737 // look up non-existent identity by name, expect errSecItemNotFound error
2738 result += FindIdentityByName(keychain, CFSTR("myxlpytk"), kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2739
2740 /* given the policy OID, create a SecPolicyRef */
2741 const void *keys[] = { kSecPolicyClient };
2742 const void *values[] = { kCFBooleanTrue };
2743 CFDictionaryRef properties = CFDictionaryCreate(NULL, keys, values,
2744 sizeof(keys) / sizeof(*keys),
2745 &kCFTypeDictionaryKeyCallBacks,
2746 &kCFTypeDictionaryValueCallBacks);
2747
2748 SecPolicyRef sslPolicy = SecPolicyCreateWithProperties(kSecPolicyAppleSSL, properties);
2749 SecPolicyRef codeSigningPolicy = SecPolicyCreateWithProperties(kSecPolicyAppleCodeSigning, NULL);
2750
2751 // look up identity by policy, want first result as a SecIdentityRef (should find "Test SSL User" identity)
2752 result += FindIdentityByPolicy(keychain, sslPolicy, kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2753
2754 // look up identity by policy, want first result as a CFDictionary of attributes (should find "Test SSL User" identity)
2755 result += FindIdentityByPolicy(keychain, sslPolicy, kSecReturnAttributes, kSecMatchLimitOne, 1, noErr);
2756
2757 // look up identity by policy, expect errSecItemNotFound error (this assumes no code signing identity is present!)
2758 result += FindIdentityByPolicy(keychain, codeSigningPolicy, kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2759
2760 // -------------------------
2761 // test kSecMatchValidOnDate
2762 // -------------------------
2763
2764 // make a valid date which will match at least some identities we used to populate the keychain
2765 CFGregorianDate aCurrentGDate = { 2016, 7, 20, 12, 0, 0 }; // Jul 20 2016 12:00 PM
2766 CFDateRef aCurrentDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aCurrentGDate, NULL));
2767 if (FindIdentityByNameAndValidDate(keychain, CFSTR("Test SSL User"), aCurrentDate, kSecReturnRef, kSecMatchLimitAll, 1, noErr))
2768 ++result;
2769 if(aCurrentDate) CFRelease(aCurrentDate);
2770
2771 // make a date in the past which should NOT match any identities (expect errSecItemNotFound)
2772 CFGregorianDate aPastGDate = { 1984, 7, 20, 12, 0, 0 }; // Jul 20 1984 12:00 PM
2773 CFDateRef aPastDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aPastGDate, NULL));
2774 if (FindIdentityByNameAndValidDate(keychain, CFSTR("Test SSL User"), aPastDate, kSecReturnRef, kSecMatchLimitAll, 0, errSecItemNotFound))
2775 ++result;
2776 if(aPastDate) CFRelease(aPastDate);
2777
2778 // make a date in the future which should NOT match any identities yet (expect errSecItemNotFound)
2779 CFGregorianDate aFutureGDate = { 2034, 7, 20, 12, 0, 0 }; // Jul 20 2034 12:00 PM
2780 CFDateRef aFutureDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aFutureGDate, NULL));
2781 if (FindIdentityByNameAndValidDate(keychain, CFSTR("Test SSL User"), aFutureDate, kSecReturnRef, kSecMatchLimitAll, 0, errSecItemNotFound))
2782 ++result;
2783 if(aFutureDate) CFRelease(aFutureDate);
2784
2785 // make a date in the past which SHOULD match 2 identities we used to populate the keychain
2786 CFGregorianDate aPastValidGDate = { 2007, 12, 20, 12, 0, 0 }; // Dec 20 2007 12:00 PM
2787 CFDateRef aPastValidDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aPastValidGDate, NULL));
2788 if (FindIdentityByNameAndValidDate(keychain, CFSTR(" 2007"), aPastValidDate, kSecReturnRef, kSecMatchLimitAll, 0, noErr))
2789 ++result;
2790
2791 // test the ability of kCFNull to denote "currently valid" (should not find anything, since the " 2007" certs are expired)
2792 if (FindIdentityByNameAndValidDate(keychain, CFSTR(" 2007"), kCFNull, kSecReturnRef, kSecMatchLimitAll, 0, errSecItemNotFound))
2793 ++result;
2794
2795 // test Ian's bug: <rdar://8197632>; the 4th argument is a string which should NOT be present in any found items
2796 if (FindIdentityByPolicyAndValidDate(keychain, kSecPolicyAppleSMIME, FALSE, kCFNull, CFSTR(" 2007"), kSecReturnAttributes, kSecMatchLimitAll, 0, errSecSuccess))
2797 ++result;
2798
2799 return result;
2800 }
2801
2802
2803 static int TestCertificateLookup(SecKeychainRef keychain)
2804 {
2805 int result = 0;
2806
2807 //======================================================================
2808 // item attribute tests (kSecItemAttr* keys)
2809 //======================================================================
2810
2811 // %%%TBA: need to flesh out this section with all certificate attributes
2812
2813 // ------------------------------------------
2814 // test kSecAttrIssuer & kSecAttrSerialNumber
2815 // ------------------------------------------
2816
2817 // look up cert by issuer & serial
2818 // %%%TBA -- underlying support was added in <rdar://8131491>; need to implement these keys
2819 //CFDictionarySetValue(query, (const void *)kSecAttrIssuer, (const void *)nameStr);
2820 //CFDictionarySetValue(query, (const void *)kSecAttrSerialNumber, (const void *)nameStr);
2821
2822 // -------------------------
2823 // test kSecAttrSubjectKeyID
2824 // -------------------------
2825
2826 // look up cert by subject key ID
2827 // %%%TBA -- can we get the subject key ID from SecCertificateCopyValues??
2828 //CFDictionarySetValue(query, (const void *)kSecAttrSubjectKeyID, (const void *)nameStr);
2829
2830 // ------------------
2831 // test kSecAttrLabel
2832 // ------------------
2833
2834 // look up cert by label, want array of all results (expect only 1) as SecCertificateRef
2835 result += FindCertificateByLabel(keychain, CFSTR("Test-5685316-LEAF"),
2836 kSecReturnRef, kSecMatchLimitAll, 1, 1, noErr);
2837
2838
2839 //======================================================================
2840 // search attribute tests (kSecMatch* keys)
2841 //======================================================================
2842
2843 // -----------------------------------
2844 // test kSecMatchEmailAddressIfPresent
2845 // -----------------------------------
2846
2847 // look up cert by email, want first result as a SecCertificateRef
2848 result += FindCertificateByEmail(keychain, CFSTR("security-dev@group.apple.com"),
2849 kSecReturnRef, kSecMatchLimitOne, 0, noErr);
2850
2851 // look up cert by email, want first result as a CFDictionaryRef of attributes
2852 result += FindCertificateByEmail(keychain, CFSTR("security-dev@group.apple.com"),
2853 kSecReturnAttributes, kSecMatchLimitOne, 0, noErr);
2854
2855 // -----------------------------
2856 // test kSecMatchSubjectContains
2857 // -----------------------------
2858
2859 // look up cert containing name, want array of all results (expect at least 3) as SecCertificateRef
2860 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-5685316"),
2861 kSecMatchSubjectContains, kSecReturnRef, kSecMatchLimitAll, 3, noErr);
2862
2863 // look up non-existent cert by name, expect errSecItemNotFound error
2864 result += FindCertificateByNameInSubject(keychain, CFSTR("myxlpytk"),
2865 kSecMatchSubjectContains, kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2866
2867 // look up cert by name, want array of all results (expect at least 2) as CFDataRef
2868 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-5685316"),
2869 kSecMatchSubjectContains, kSecReturnData, kSecMatchLimitAll, 2, noErr);
2870
2871 // look up cert by name, want array of all results (expect at least 2) as CFDictionaryRef of attributes
2872 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-5685316"),
2873 kSecMatchSubjectContains, kSecReturnAttributes, kSecMatchLimitAll, 2, noErr);
2874
2875 // -------------------------------
2876 // test kSecMatchSubjectStartsWith
2877 // -------------------------------
2878
2879 // look up cert starting with name, want array of all results (expect at least 3) as SecCertificateRef
2880 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-568"),
2881 kSecMatchSubjectStartsWith, kSecReturnRef, kSecMatchLimitAll, 3, noErr);
2882
2883 // look up cert starting with a name which isn't at start, expect errSecItemNotFound error
2884 result += FindCertificateByNameInSubject(keychain, CFSTR("5685316"),
2885 kSecMatchSubjectStartsWith, kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2886
2887 // -----------------------------
2888 // test kSecMatchSubjectEndsWith
2889 // -----------------------------
2890
2891 // look up cert ending with name, want array of all results (expect at least 1) as SecCertificateRef
2892 result += FindCertificateByNameInSubject(keychain, CFSTR("LEAF"),
2893 kSecMatchSubjectEndsWith, kSecReturnRef, kSecMatchLimitAll, 1, noErr);
2894
2895 // look up cert ending with a name which isn't at end, expect errSecItemNotFound error
2896 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-"),
2897 kSecMatchSubjectEndsWith, kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2898
2899 // --------------------------------
2900 // test kSecMatchSubjectWholeString
2901 // --------------------------------
2902
2903 // look up cert by whole name, want first result (expecting 1) as a SecCertificateRef
2904 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-5685316-LEAF"),
2905 kSecMatchSubjectWholeString, kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2906
2907 // look up cert by whole name (which is a substring in other certs), expect errSecItemNotFound error
2908 result += FindCertificateByNameInSubject(keychain, CFSTR("Test-568"),
2909 kSecMatchSubjectWholeString, kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
2910
2911 // --------------------
2912 // test kSecMatchPolicy
2913 // --------------------
2914
2915 const void *keys[] = { kSecPolicyClient };
2916 const void *values[] = { kCFBooleanTrue };
2917 CFDictionaryRef properties = CFDictionaryCreate(NULL, keys, values,
2918 sizeof(keys) / sizeof(*keys),
2919 &kCFTypeDictionaryKeyCallBacks,
2920 &kCFTypeDictionaryValueCallBacks);
2921
2922 SecPolicyRef sslPolicy = SecPolicyCreateWithProperties(kSecPolicyAppleSSL, properties);
2923 SecPolicyRef codeSigningPolicy = SecPolicyCreateWithProperties(kSecPolicyAppleCodeSigning, NULL);
2924 SecPolicyRef smimePolicy = SecPolicyCreateWithProperties(kSecPolicyAppleSMIME, NULL);
2925
2926 // look up cert by name and policy (Code Signing), want first result as a SecCertificateRef
2927 result += FindCertificateByNameAndPolicy(keychain, CFSTR("Test-7875801"),
2928 codeSigningPolicy,
2929 kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2930
2931 // look up cert by name and policy (S/MIME), want first result as a SecCertificateRef
2932 result += FindCertificateByNameAndPolicy(keychain, CFSTR("Test-"),
2933 smimePolicy,
2934 kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2935
2936 // look up cert by name and policy (SSL), want first result as a SecCertificateRef
2937 result += FindCertificateByNameAndPolicy(keychain, CFSTR("Test "),
2938 sslPolicy,
2939 kSecReturnRef, kSecMatchLimitOne, 1, noErr);
2940
2941 // look up cert by name and policy, want array of all results as SecCertificateRef
2942 result += FindCertificateByNameAndPolicy(keychain, CFSTR("Test-7875801"),
2943 codeSigningPolicy,
2944 kSecReturnAttributes, kSecMatchLimitAll, 1, noErr);
2945
2946 // look up cert by email address for SMIME encryption, date valid today, want array of all results as SecCertificateRef
2947 // (note that a date value of kCFNull is interpreted as the current date)
2948 result += FindCertificateForSMIMEEncryption(keychain, CFSTR("smime-test@apple.com"), kCFNull,
2949 kSecReturnRef, kSecMatchLimitAll, 1, noErr);
2950
2951 CFReleaseSafe(sslPolicy);
2952 CFReleaseSafe(codeSigningPolicy);
2953 CFReleaseSafe(smimePolicy);
2954 CFReleaseSafe(properties);
2955
2956 // -------------------------
2957 // test kSecMatchValidOnDate
2958 // -------------------------
2959
2960 // make a valid date which will match at least 2 certificates we used to populate the keychain
2961 CFGregorianDate aCurrentGDate = { 2010, 7, 20, 12, 0, 0 }; // Jul 20 2010 12:00 PM
2962 CFDateRef aCurrentDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aCurrentGDate, NULL));
2963 if (FindCertificateByNameAndValidDate(keychain, CFSTR("Test-"), aCurrentDate, kSecReturnRef, kSecMatchLimitAll, 2, noErr))
2964 ++result;
2965 if(aCurrentDate) CFRelease(aCurrentDate);
2966
2967 // make a date in the past which should NOT match any certificates (expect errSecItemNotFound)
2968 CFGregorianDate aPastGDate = { 1984, 7, 20, 12, 0, 0 }; // Jul 20 1984 12:00 PM
2969 CFDateRef aPastDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aPastGDate, NULL));
2970 if (FindCertificateByNameAndValidDate(keychain, CFSTR("Test-"), aPastDate, kSecReturnRef, kSecMatchLimitAll, 2, errSecItemNotFound))
2971 ++result;
2972 if(aPastDate) CFRelease(aPastDate);
2973
2974 // make a date in the future which should NOT match any certificates yet (expect errSecItemNotFound)
2975 CFGregorianDate aFutureGDate = { 2034, 7, 20, 12, 0, 0 }; // Jul 20 2034 12:00 PM
2976 CFDateRef aFutureDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aFutureGDate, NULL));
2977 if (FindCertificateByNameAndValidDate(keychain, CFSTR("Test-"), aFutureDate, kSecReturnRef, kSecMatchLimitAll, 2, errSecItemNotFound))
2978 ++result;
2979 if(aFutureDate) CFRelease(aFutureDate);
2980
2981 return result;
2982 }
2983
2984
2985 static int TestPreferredIdentityLookup(SecKeychainRef keychain)
2986 {
2987 int result = 0;
2988
2989 // set a preferred identity first
2990 if (SetPreferredIdentityForSMIMESigning(keychain, CFSTR("Test-SignOnly (S/MIME)"), CFSTR("smime-test@apple.com")))
2991 ++result;
2992
2993 // define a valid date for this preferred identity (typically this would just be kCFNull in a real program, meaning "now")
2994 CFGregorianDate aCurrentGDate = { 2016, 7, 27, 21, 0, 0 }; // Jul 27 2016 9:00 PM
2995 CFDateRef aCurrentDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aCurrentGDate, NULL));
2996 if (FindPreferredIdentityForSMIMESigning(keychain, CFSTR("smime-test@apple.com"), aCurrentDate))
2997 ++result;
2998 if(aCurrentDate) CFRelease(aCurrentDate);
2999
3000 // delete identity preference(s) for this email address by setting a NULL identity
3001 ok_status(SecIdentitySetPreferred(NULL, CFSTR("smime-test@apple.com"), 0), "TestPreferredIdentityLookup: SecIdentitySetPreferred");
3002
3003 return result;
3004 }
3005
3006
3007 static int TestPreferredCertificateLookup(SecKeychainRef keychain)
3008 {
3009 int result = 0;
3010
3011 // set a preferred certificate first
3012 if (SetPreferredCertificateForSMIMEEncryption(keychain, CFSTR("Test-Encryption (S/MIME)"), CFSTR("smime-test@apple.com")))
3013 ++result;
3014
3015 // define a valid date for this preferred certificate (typically this would just be kCFNull in a real program, meaning "now")
3016 CFGregorianDate aCurrentGDate = { 2016, 7, 27, 21, 0, 0 }; // Jul 27 2016 9:00 PM
3017 CFDateRef aCurrentDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aCurrentGDate, NULL));
3018 if (FindPreferredCertificateForSMIMEEncryption(keychain, CFSTR("smime-test@apple.com"), aCurrentDate))
3019 ++result;
3020 if(aCurrentDate) CFRelease(aCurrentDate);
3021
3022 // delete certificate preference(s) for this email address by setting a NULL identity
3023 ok_status(SecCertificateSetPreferred(NULL, CFSTR("smime-test@apple.com"), 0), "TestPreferredCertificateLookup: SecCertificateSetPreferred");
3024
3025 return result;
3026 }
3027
3028
3029 static int TestSymmetricKeyLookup(SecKeychainRef keychain)
3030 {
3031 int result = 0;
3032
3033 // look up our symmetric key by label and UUID (it might not exist yet)
3034 if (FindSymmetricKey(keychain, gLabel, gUUID, NULL, errSecItemNotFound) != errSecSuccess) {
3035 // create test key (unique by UUID only)
3036 if (CreateSymmetricKey(keychain, gLabel, gUUID, NULL, errSecSuccess) != errSecSuccess)
3037 ++result;
3038 // look it up again (it should exist now!)
3039 if (FindSymmetricKey(keychain, gLabel, gUUID, NULL, errSecSuccess) != errSecSuccess)
3040 ++result;
3041 }
3042
3043 // now look up a key whose name is derived from today's date
3044 // (so we can make sure on a daily basis that SecKeyGenerateSymmetric is still working)
3045 CFGregorianDate curGDate = CFAbsoluteTimeGetGregorianDate(CFAbsoluteTimeGetCurrent(), NULL);
3046 CFStringRef curDateLabel = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@ (%4d-%02d-%02d)"),
3047 gPrefix, (int32_t) curGDate.year, (int8_t) curGDate.month, (int8_t) curGDate.day);
3048
3049 //
3050 //%%% FIXME Creating a symmetric key with attributes that would duplicate an existing
3051 // key item currently results in a broken <unknown> key which can't be found: <rdar://8289559>
3052 //
3053 //CFStringRef curAppTag = curDateLabel; // i.e. make sure it will be unique, for now
3054 CFStringRef curAppTag = CFSTR("SecItemFind");
3055
3056 // look up our date-based symmetric key by label, UUID, and tag (it might not exist yet)
3057 if (FindSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecItemNotFound) != errSecSuccess) {
3058 // create test key (unique by combination of UUID and application tag)
3059 if (CreateSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecSuccess) != errSecSuccess)
3060 ++result;
3061 // look it up again (it should exist now!)
3062 if (FindSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecSuccess) != errSecSuccess)
3063 ++result;
3064 }
3065
3066 // test handling of duplicate symmetric key items (<rdar://8289559>)
3067 if (CreateSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecDuplicateItem) != errSecDuplicateItem)
3068 ++result;
3069
3070 CFRelease(curDateLabel);
3071
3072 return result;
3073 }
3074
3075
3076 static int TestInternetPasswordLookup(SecKeychainRef keychain)
3077 {
3078 int result = 0;
3079
3080 // look up internet password by account and server, want first result as data
3081 if (FindInternetPasswordByAccountAndServer(keychain, CFSTR("nobody"),
3082 CFSTR("test2.subdomain.apple.com"), kSecReturnData, kSecMatchLimitOne, 1, noErr))
3083 ++result;
3084
3085 // look up internet password by account and server, want dictionary of the item's attributes
3086 if (FindInternetPasswordByAccountAndServer(keychain, CFSTR("nobody"),
3087 CFSTR("test2.subdomain.apple.com"), kSecReturnAttributes, kSecMatchLimitOne, 1, noErr))
3088 ++result;
3089
3090 // look up internet passwords by account, want array of SecKeychainItemRef results
3091 if (FindInternetPasswordByAccount(keychain, CFSTR("nobody"),
3092 kSecReturnRef, kSecMatchLimitAll, 1, noErr))
3093 ++result;
3094
3095 // look up a Mail password for an IMAP account, replacing SecKeychainFindInternetPassword
3096 // (see <rdar://8347516>)
3097 if (FindMailPassword(keychain, CFSTR("testacct"), CFSTR("mail.apple.com")))
3098 ++result;
3099
3100 return result;
3101 }
3102
3103
3104 static int TestGenericPasswordLookup(SecKeychainRef keychain)
3105 {
3106 int result = 0;
3107
3108 // look up generic password by account and service, want first result as data
3109 if (FindGenericPasswordByAccountAndService(keychain, CFSTR("nobody"),
3110 CFSTR("Test Service 42"), kSecReturnData, kSecMatchLimitOne, 1, noErr))
3111 ++result;
3112
3113 // look up generic password by account and service, dictionary of the item's attributes
3114 if (FindGenericPasswordByAccountAndService(keychain, CFSTR("nobody"),
3115 CFSTR("Test Service 42"), kSecReturnAttributes, kSecMatchLimitOne, 1, noErr))
3116 ++result;
3117
3118 // look up generic passwords by account, want array of SecKeychainItemRef results
3119 if (FindGenericPasswordByAccount(keychain, CFSTR("nobody"),
3120 kSecReturnRef, kSecMatchLimitAll, 1, noErr))
3121 ++result;
3122
3123 return result;
3124 }
3125
3126
3127 static int TestUpdateItems(SecKeychainRef keychain)
3128 {
3129 int result = 0;
3130
3131 // test for <rdar://8658820>
3132 // create a new 1024-bit RSA key pair
3133 SecKeyRef publicKey = NULL;
3134 SecKeyRef privateKey = NULL;
3135 CFMutableDictionaryRef params = CFDictionaryCreateMutable(NULL, 0,
3136 &kCFTypeDictionaryKeyCallBacks,
3137 &kCFTypeDictionaryValueCallBacks);
3138 int keySizeValue = 1024;
3139 CFNumberRef keySize = CFNumberCreate(NULL, kCFNumberIntType, &keySizeValue);
3140 CFStringRef keyLabel = CFSTR("AppleID 8658820 test key");
3141 CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeRSA );
3142 CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize );
3143 CFDictionaryAddValue( params, kSecAttrLabel, keyLabel );
3144 CFDictionaryAddValue( params, kSecUseKeychain, keychain );
3145 // CFDictionaryAddValue( params, kSecAttrAccess, access );
3146 // %%% note that SecKeyGeneratePair will create the key pair in the default keychain
3147 // if a keychain is not given via the kSecUseKeychain parameter.
3148 OSStatus status = SecKeyGeneratePair(params, &publicKey, &privateKey);
3149 if (status != noErr) {
3150 ++result;
3151 }
3152 PrintTestResult("TestUpdateItems: generating key pair", status, noErr);
3153
3154 // create a query which will match just the private key item (based on its known reference)
3155 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
3156 &kCFTypeDictionaryKeyCallBacks,
3157 &kCFTypeDictionaryValueCallBacks);
3158 CFArrayRef itemList = CFArrayCreate(NULL, (const void**) &privateKey, 1, &kCFTypeArrayCallBacks);
3159 // %%% note that kSecClass seems to be a required query parameter even though
3160 // kSecMatchItemList is provided; that looks like it could be a bug...
3161 CFDictionaryAddValue( query, kSecClass, kSecClassKey );
3162 // CFDictionaryAddValue( query, kSecAttrKeyClass, kSecAttrKeyClassPrivate );
3163 CFDictionaryAddValue( query, kSecMatchItemList, itemList );
3164
3165 CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
3166 CFArrayAppendValue((CFMutableArrayRef)searchList, keychain);
3167 CFDictionarySetValue(query, kSecMatchSearchList, searchList);
3168
3169 // create dictionary of changed attributes for the private key
3170 CFMutableDictionaryRef attrs = CFDictionaryCreateMutable(NULL, 0,
3171 &kCFTypeDictionaryKeyCallBacks,
3172 &kCFTypeDictionaryValueCallBacks);
3173 SecAccessRef access = NULL;
3174 CFStringRef newLabel = CFSTR("AppleID 8658820 test PRIVATE key");
3175 status = SecAccessCreate(newLabel, NULL, &access);
3176 if (status != noErr) {
3177 ++result;
3178 }
3179 PrintTestResult("TestUpdateItems: creating access", status, noErr);
3180 //%%% note that changing the access for this key causes a dialog,
3181 // so leave this out for the moment (uncomment to test that access change works).
3182 // Normally the desired access should be passed into the SecKeyGeneratePair function.
3183 // so there is no need for a dialog later.
3184 // CFDictionaryAddValue( attrs, kSecAttrAccess, access );
3185 CFDictionaryAddValue( attrs, kSecAttrLabel, newLabel );
3186
3187 // update the private key with the new attributes
3188 status = SecItemUpdate( query, attrs );
3189 if (status != noErr) {
3190 ++result;
3191 }
3192 PrintTestResult("TestUpdateItems: updating item", status, noErr);
3193
3194 if (publicKey)
3195 CFRelease(publicKey);
3196 if (privateKey)
3197 CFRelease(privateKey);
3198 if (access)
3199 CFRelease(access);
3200
3201 if (params)
3202 CFRelease(params);
3203 if (query)
3204 CFRelease(query);
3205 if (attrs)
3206 CFRelease(attrs);
3207
3208 return result;
3209 }
3210
3211
3212 static int TestDeleteItems(SecKeychainRef keychain)
3213 {
3214 int result = 0;
3215
3216 // delete our 3 test certificates that start with "Test-5685316-"
3217 if (FindAndDeleteItemsByName(keychain, CFSTR("Test-5685316-"), NULL, kSecClassCertificate, kSecMatchLimitAll, 3, noErr))
3218 ++result;
3219
3220 // delete our 2 test identities that start with "Test Identity S" (fixed by <rdar://8317856>)
3221 if (FindAndDeleteItemsByName(keychain, CFSTR("Test Identity S"), NULL, kSecClassIdentity, kSecMatchLimitAll, 2, noErr))
3222 ++result;
3223
3224 // delete the "Test-SignOnly (S/MIME)" identity
3225 if (FindAndDeleteItemsByName(keychain, CFSTR("Test-SignOnly (S/MIME)"), NULL, kSecClassIdentity, kSecMatchLimitAll, 1, noErr))
3226 ++result;
3227
3228 // delete the "Test-Encryption (S/MIME)" certificate
3229 if (FindAndDeleteItemsByName(keychain, CFSTR("Test-Encryption (S/MIME)"), NULL, kSecClassCertificate, kSecMatchLimitAll, 1, noErr))
3230 ++result;
3231
3232 // delete the "Test-7875801 (Code Signing)" certificate
3233 if (FindAndDeleteItemsByName(keychain, CFSTR("Test-7875801 (Code Signing)"), NULL, kSecClassCertificate, kSecMatchLimitAll, 1, noErr))
3234 ++result;
3235
3236 // delete our test passwords (no partial string matching for password items! need an ER Radar...)
3237 if (FindAndDeleteItemsByName(keychain, CFSTR("Test Service 42"), NULL, kSecClassGenericPassword, kSecMatchLimitAll, 1, noErr))
3238 ++result;
3239 if (FindAndDeleteItemsByName(keychain, CFSTR("Test Service 69"), NULL, kSecClassGenericPassword, kSecMatchLimitAll, 1, noErr))
3240 ++result;
3241 if (FindAndDeleteItemsByName(keychain, CFSTR("test1.subdomain.apple.com"), NULL, kSecClassInternetPassword, kSecMatchLimitAll, 1, noErr))
3242 ++result;
3243 if (FindAndDeleteItemsByName(keychain, CFSTR("test2.subdomain.apple.com"), NULL, kSecClassInternetPassword, kSecMatchLimitAll, 1, noErr))
3244 ++result;
3245 if (FindAndDeleteItemsByName(keychain, CFSTR("mail.apple.com"), CFSTR("testacct"), kSecClassInternetPassword, kSecMatchLimitAll, 1, noErr))
3246 ++result;
3247
3248 // delete our test symmetric keys (no partial string matching for key items! need an ER Radar...)
3249 if (FindAndDeleteItemsByName(keychain, gLabel, NULL, kSecClassKey, kSecMatchLimitAll, 1, noErr))
3250 ++result;
3251 CFGregorianDate curGDate = CFAbsoluteTimeGetGregorianDate(CFAbsoluteTimeGetCurrent(), NULL);
3252 CFStringRef curDateLabel = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@ (%4d-%02d-%02d)"),
3253 gPrefix, (int32_t) curGDate.year, (int8_t) curGDate.month, (int8_t) curGDate.day);
3254 if (FindAndDeleteItemsByName(keychain, curDateLabel, NULL, kSecClassKey, kSecMatchLimitAll, 1, noErr))
3255 ++result;
3256 CFRelease(curDateLabel);
3257
3258 // delete our test asymmetric key pair (remember we renamed the private key...)
3259 if (FindAndDeleteItemsByName(keychain, CFSTR("AppleID 8658820 test key"), NULL, kSecClassKey, kSecMatchLimitAll, 1, noErr))
3260 ++result;
3261 if (FindAndDeleteItemsByName(keychain, CFSTR("AppleID 8658820 test PRIVATE key"), NULL, kSecClassKey, kSecMatchLimitAll, 1, noErr))
3262 ++result;
3263
3264 return result;
3265 }
3266
3267
3268 int kc_18_find_combined (int argc, char *const *argv)
3269 {
3270 plan_tests(167);
3271
3272 printf("Getting -25308 or -25293? Try unlocking your default keychain; that's where identity and certificate preferences are stored (with no other option).\n");
3273
3274 debug = test_verbose;
3275
3276 SecKeychainRef keychain = createNewKeychain("SecItemTest.keychain", "test");
3277 addToSearchList(keychain);
3278
3279 TestAddItems(keychain);
3280 TestGenericPasswordLookup(keychain);
3281 TestInternetPasswordLookup(keychain);
3282 TestSymmetricKeyLookup(keychain);
3283 TestCertificateLookup(keychain);
3284 TestIdentityLookup(keychain);
3285 TestPreferredIdentityLookup(keychain);
3286 TestPreferredCertificateLookup(keychain);
3287 TestUpdateItems(keychain);
3288 TestDeleteItems(keychain);
3289
3290 ok_status(SecKeychainDelete(keychain), "SecKeychainDelete");
3291 CFReleaseNull(keychain);
3292
3293 deleteTestFiles();
3294 return 0;
3295 }
mirror of Security