"info",
"entitlement",
"exists",
+ "absent",
"leaf",
"root",
+ "timestamp",
#include "requirement.h"
#include "reqmaker.h"
#include "csutilities.h"
+#include <libDER/libDER.h>
+#include <libDER/asn1Types.h>
#include <security_utilities/cfutilities.h>
#include <security_utilities/hashing.h>
#include <security_cdsa_utilities/cssmdata.h> // OID coding
+#include <Security/SecCertificate.h>
using namespace CodeSigning;
typedef Requirement::Maker Maker;
+extern "C" {
+
+/* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
+an absoluteTime if the date was valid and properly decoded. Return
+NULL_TIME otherwise. */
+CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes,
+ size_t length);
+
+}
+
+
ANTLR_BEGIN_NAMESPACE(Security_CodeSigning)
RequirementLexer::RequirementLexer(std::istream& in)
: antlr::CharScanner(new antlr::CharBuffer(in),true)
literals["cdhash"] = 20;
literals["entitlement"] = 30;
literals["library"] = 8;
+ literals["timestamp"] = 52;
literals["never"] = 17;
literals["cert"] = 27;
literals["plugin"] = 9;
+ literals["absent"] = 32;
literals["or"] = 10;
- literals["leaf"] = 43;
+ literals["leaf"] = 44;
literals["info"] = 29;
literals["designated"] = 7;
literals["apple"] = 24;
literals["true"] = 16;
literals["notarized"] = 22;
literals["and"] = 11;
- literals["root"] = 44;
+ literals["root"] = 45;
literals["platform"] = 21;
literals["anchor"] = 23;
literals["false"] = 18;
}
default:
{
- goto _loop47;
+ goto _loop49;
}
}
}
- _loop47:;
+ _loop49:;
} // ( ... )*
_ttype = testLiteralsTable(text.substr(_begin, text.length()-_begin),_ttype);
if ( _createToken && _token==antlr::nullToken && _ttype!=antlr::Token::SKIP ) {
}
}
else {
- goto _loop51;
+ goto _loop53;
}
}
- _loop51:;
+ _loop53:;
} // ( ... )*
_ttype = testLiteralsTable(_ttype);
if ( _createToken && _token==antlr::nullToken && _ttype!=antlr::Token::SKIP ) {
std::string::size_type _saveIndex;
{ // ( ... )+
- int _cnt69=0;
+ int _cnt71=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
matchRange('0','9');
}
else {
- if ( _cnt69>=1 ) { goto _loop69; } else {throw antlr::NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+ if ( _cnt71>=1 ) { goto _loop71; } else {throw antlr::NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
- _cnt69++;
+ _cnt71++;
}
- _loop69:;
+ _loop71:;
} // ( ... )+
if ( _createToken && _token==antlr::nullToken && _ttype!=antlr::Token::SKIP ) {
_token = makeToken(_ttype);
match("/");
mIDENT(false);
{ // ( ... )+
- int _cnt54=0;
+ int _cnt56=0;
for (;;) {
if ((LA(1) == 0x2f /* '/' */ )) {
match("/");
mIDENT(false);
}
else {
- if ( _cnt54>=1 ) { goto _loop54; } else {throw antlr::NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+ if ( _cnt56>=1 ) { goto _loop56; } else {throw antlr::NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
- _cnt54++;
+ _cnt56++;
}
- _loop54:;
+ _loop56:;
} // ( ... )+
if ( _createToken && _token==antlr::nullToken && _ttype!=antlr::Token::SKIP ) {
_token = makeToken(_ttype);
match('\"' /* charlit */ );
text.erase(_saveIndex);
{ // ( ... )+
- int _cnt57=0;
+ int _cnt59=0;
for (;;) {
if ((_tokenSet_1.member(LA(1)))) {
mHEX(false);
}
else {
- if ( _cnt57>=1 ) { goto _loop57; } else {throw antlr::NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+ if ( _cnt59>=1 ) { goto _loop59; } else {throw antlr::NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
- _cnt57++;
+ _cnt59++;
}
- _loop57:;
+ _loop59:;
} // ( ... )+
_saveIndex = text.length();
match('\"' /* charlit */ );
match('x' /* charlit */ );
text.erase(_saveIndex);
{ // ( ... )+
- int _cnt60=0;
+ int _cnt62=0;
for (;;) {
if ((_tokenSet_1.member(LA(1)))) {
mHEX(false);
}
else {
- if ( _cnt60>=1 ) { goto _loop60; } else {throw antlr::NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+ if ( _cnt62>=1 ) { goto _loop62; } else {throw antlr::NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
- _cnt60++;
+ _cnt62++;
}
- _loop60:;
+ _loop62:;
} // ( ... )+
if ( _createToken && _token==antlr::nullToken && _ttype!=antlr::Token::SKIP ) {
_token = makeToken(_ttype);
}
}
else {
- goto _loop66;
+ goto _loop68;
}
}
- _loop66:;
+ _loop68:;
} // ( ... )*
_saveIndex = text.length();
match('\"' /* charlit */ );
std::string::size_type _saveIndex;
{ // ( ... )+
- int _cnt90=0;
+ int _cnt92=0;
for (;;) {
switch ( LA(1)) {
case 0x20 /* ' ' */ :
}
default:
{
- if ( _cnt90>=1 ) { goto _loop90; } else {throw antlr::NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+ if ( _cnt92>=1 ) { goto _loop92; } else {throw antlr::NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
}
- _cnt90++;
+ _cnt92++;
}
- _loop90:;
+ _loop92:;
} // ( ... )+
_ttype = antlr::Token::SKIP;
if ( _createToken && _token==antlr::nullToken && _ttype!=antlr::Token::SKIP ) {
matchNot('\n' /* charlit */ );
}
else {
- goto _loop93;
+ goto _loop95;
}
}
- _loop93:;
+ _loop95:;
} // ( ... )*
_ttype = antlr::Token::SKIP;
if ( _createToken && _token==antlr::nullToken && _ttype!=antlr::Token::SKIP ) {
}
}
else {
- goto _loop99;
+ goto _loop101;
}
}
- _loop99:;
+ _loop101:;
} // ( ... )*
match("*/");
_ttype = antlr::Token::SKIP;
matchNot('\n' /* charlit */ );
}
else {
- goto _loop102;
+ goto _loop104;
}
}
- _loop102:;
+ _loop104:;
} // ( ... )*
_ttype = antlr::Token::SKIP;
if ( _createToken && _token==antlr::nullToken && _ttype!=antlr::Token::SKIP ) {
const unsigned long RequirementLexer::_tokenSet_2_data_[] = { 4294967295UL, 4294967291UL, 4026531839UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967292UL, 2097151UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10
// 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e
-// 0x1f ! # $ % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 :
+// 0x1f ! # $ % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; <
const antlr::BitSet RequirementLexer::_tokenSet_2(_tokenSet_2_data_,16);
const unsigned long RequirementLexer::_tokenSet_3_data_[] = { 4294966271UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967292UL, 2097151UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xd 0xe 0xf 0x10 0x11
// 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f
-// ! \" # $ % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 :
+// ! \" # $ % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; <
const antlr::BitSet RequirementLexer::_tokenSet_3(_tokenSet_3_data_,16);
const unsigned long RequirementLexer::_tokenSet_4_data_[] = { 4294967295UL, 4294934527UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967292UL, 2097151UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10
// 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e
-// 0x1f ! \" # $ % & \' ( ) * + , - . 0 1 2 3 4 5 6 7 8 9 :
+// 0x1f ! \" # $ % & \' ( ) * + , - . 0 1 2 3 4 5 6 7 8 9 : ; <
const antlr::BitSet RequirementLexer::_tokenSet_4(_tokenSet_4_data_,16);
const unsigned long RequirementLexer::_tokenSet_5_data_[] = { 4294967295UL, 4294966271UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967292UL, 2097151UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10
// 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e
-// 0x1f ! \" # $ % & \' ( ) + , - . / 0 1 2 3 4 5 6 7 8 9 :
+// 0x1f ! \" # $ % & \' ( ) + , - . / 0 1 2 3 4 5 6 7 8 9 : ; <
const antlr::BitSet RequirementLexer::_tokenSet_5(_tokenSet_5_data_,16);
ANTLR_END_NAMESPACE
#include "requirement.h"
#include "reqmaker.h"
#include "csutilities.h"
+#include <libDER/libDER.h>
+#include <libDER/asn1Types.h>
#include <security_utilities/cfutilities.h>
#include <security_utilities/hashing.h>
#include <security_cdsa_utilities/cssmdata.h> // OID coding
+#include <Security/SecCertificate.h>
using namespace CodeSigning;
typedef Requirement::Maker Maker;
+extern "C" {
+
+/* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
+an absoluteTime if the date was valid and properly decoded. Return
+NULL_TIME otherwise. */
+CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes,
+ size_t length);
+
+}
+
+
ANTLR_BEGIN_NAMESPACE(Security_CodeSigning)
//
void RequirementParser::certMatchOperation(Maker &maker, int32_t slot, string key)
{
- if (matchPrefix(key, "subject.")) {
+ if (const char *oids = matchPrefix(key, "timestamp.")) {
+ maker.put(opCertFieldDate);
+ maker.put(slot);
+ CssmAutoData oid(Allocator::standard()); oid.fromOid(oids);
+ maker.putData(oid.data(), oid.length());
+ } else if (matchPrefix(key, "subject.")) {
maker.put(opCertField);
maker.put(slot);
maker.put(key);
maker.put(matchExists);
break;
}
- case EQL:
- case EQQL:
+ case LITERAL_absent:
{
- {
- switch ( LA(1)) {
- case EQL:
- {
- match(EQL);
- break;
- }
- case EQQL:
- {
- match(EQQL);
- break;
- }
- default:
- {
- throw antlr::NoViableAltException(LT(1), getFilename());
- }
- }
- }
- MatchOperation mop = matchEqual; string value;
- {
- switch ( LA(1)) {
- case STAR:
- {
- match(STAR);
- mop = matchEndsWith;
- break;
- }
- case HEXCONSTANT:
- case DOTKEY:
- case STRING:
- {
- break;
- }
- default:
- {
- throw antlr::NoViableAltException(LT(1), getFilename());
- }
- }
- }
- value=datavalue();
- {
- switch ( LA(1)) {
- case STAR:
- {
- match(STAR);
- mop = (mop == matchEndsWith) ? matchContains : matchBeginsWith;
- break;
- }
- case antlr::Token::EOF_TYPE:
- case LITERAL_guest:
- case LITERAL_host:
- case LITERAL_designated:
- case LITERAL_library:
- case LITERAL_plugin:
- case LITERAL_or:
- case LITERAL_and:
- case RPAREN:
- case INTEGER:
- case SEMI:
- {
- break;
- }
- default:
- {
- throw antlr::NoViableAltException(LT(1), getFilename());
- }
- }
- }
- maker.put(mop); maker.put(value);
+ match(LITERAL_absent);
+ maker.put(matchAbsent);
break;
}
case SUBS:
maker.put(matchContains); maker.put(value);
break;
}
- case LESS:
- {
- match(LESS);
- string value;
- value=datavalue();
- maker.put(matchLessThan); maker.put(value);
- break;
- }
- case GT:
- {
- match(GT);
- string value;
- value=datavalue();
- maker.put(matchGreaterThan); maker.put(value);
- break;
- }
- case LE:
- {
- match(LE);
- string value;
- value=datavalue();
- maker.put(matchLessEqual); maker.put(value);
- break;
- }
- case GE:
- {
- match(GE);
- string value;
- value=datavalue();
- maker.put(matchGreaterEqual); maker.put(value);
- break;
- }
default:
- {
+ if ((LA(1) == EQL || LA(1) == EQQL) && (_tokenSet_16.member(LA(2)))) {
+ {
+ switch ( LA(1)) {
+ case EQL:
+ {
+ match(EQL);
+ break;
+ }
+ case EQQL:
+ {
+ match(EQQL);
+ break;
+ }
+ default:
+ {
+ throw antlr::NoViableAltException(LT(1), getFilename());
+ }
+ }
+ }
+ MatchOperation mop = matchEqual; string value;
+ {
+ switch ( LA(1)) {
+ case STAR:
+ {
+ match(STAR);
+ mop = matchEndsWith;
+ break;
+ }
+ case HEXCONSTANT:
+ case DOTKEY:
+ case STRING:
+ {
+ break;
+ }
+ default:
+ {
+ throw antlr::NoViableAltException(LT(1), getFilename());
+ }
+ }
+ }
+ value=datavalue();
+ {
+ switch ( LA(1)) {
+ case STAR:
+ {
+ match(STAR);
+ mop = (mop == matchEndsWith) ? matchContains : matchBeginsWith;
+ break;
+ }
+ case antlr::Token::EOF_TYPE:
+ case LITERAL_guest:
+ case LITERAL_host:
+ case LITERAL_designated:
+ case LITERAL_library:
+ case LITERAL_plugin:
+ case LITERAL_or:
+ case LITERAL_and:
+ case RPAREN:
+ case INTEGER:
+ case SEMI:
+ {
+ break;
+ }
+ default:
+ {
+ throw antlr::NoViableAltException(LT(1), getFilename());
+ }
+ }
+ }
+ maker.put(mop); maker.put(value);
+ }
+ else if ((LA(1) == EQL || LA(1) == EQQL) && (LA(2) == LITERAL_timestamp)) {
+ {
+ switch ( LA(1)) {
+ case EQL:
+ {
+ match(EQL);
+ break;
+ }
+ case EQQL:
+ {
+ match(EQQL);
+ break;
+ }
+ default:
+ {
+ throw antlr::NoViableAltException(LT(1), getFilename());
+ }
+ }
+ }
+ MatchOperation mop = matchOn; int64_t value;
+ value=timestamp();
+ maker.put(mop); maker.put(value);
+ }
+ else if ((LA(1) == LESS) && ((LA(2) >= HEXCONSTANT && LA(2) <= STRING))) {
+ match(LESS);
+ string value;
+ value=datavalue();
+ maker.put(matchLessThan); maker.put(value);
+ }
+ else if ((LA(1) == GT) && ((LA(2) >= HEXCONSTANT && LA(2) <= STRING))) {
+ match(GT);
+ string value;
+ value=datavalue();
+ maker.put(matchGreaterThan); maker.put(value);
+ }
+ else if ((LA(1) == LE) && ((LA(2) >= HEXCONSTANT && LA(2) <= STRING))) {
+ match(LE);
+ string value;
+ value=datavalue();
+ maker.put(matchLessEqual); maker.put(value);
+ }
+ else if ((LA(1) == GE) && ((LA(2) >= HEXCONSTANT && LA(2) <= STRING))) {
+ match(GE);
+ string value;
+ value=datavalue();
+ maker.put(matchGreaterEqual); maker.put(value);
+ }
+ else if ((LA(1) == LESS) && (LA(2) == LITERAL_timestamp)) {
+ match(LESS);
+ int64_t value;
+ value=timestamp();
+ maker.put(matchBefore); maker.put(value);
+ }
+ else if ((LA(1) == GT) && (LA(2) == LITERAL_timestamp)) {
+ match(GT);
+ int64_t value;
+ value=timestamp();
+ maker.put(matchAfter); maker.put(value);
+ }
+ else if ((LA(1) == LE) && (LA(2) == LITERAL_timestamp)) {
+ match(LE);
+ int64_t value;
+ value=timestamp();
+ maker.put(matchOnOrBefore); maker.put(value);
+ }
+ else if ((LA(1) == GE) && (LA(2) == LITERAL_timestamp)) {
+ match(GE);
+ int64_t value;
+ value=timestamp();
+ maker.put(matchOnOrAfter); maker.put(value);
+ }
+ else {
throw antlr::NoViableAltException(LT(1), getFilename());
}
}
}
catch (antlr::RecognitionException& ex) {
reportError(ex);
- recover(ex,_tokenSet_16);
+ recover(ex,_tokenSet_17);
+ }
+ return result;
+}
+
+int64_t RequirementParser::timestamp() {
+ int64_t result;
+ antlr::RefToken s = antlr::nullToken;
+
+ try { // for error handling
+ match(LITERAL_timestamp);
+ s = LT(1);
+ match(STRING);
+ result = (int64_t)SecAbsoluteTimeFromDateContent(ASN1_GENERALIZED_TIME, (uint8_t const *)s->getText().c_str(), s->getText().length());
+ }
+ catch (antlr::RecognitionException& ex) {
+ reportError(ex);
+ recover(ex,_tokenSet_9);
}
return result;
}
}
catch (antlr::RecognitionException& ex) {
reportError(ex);
- recover(ex,_tokenSet_17);
+ recover(ex,_tokenSet_18);
}
return result;
}
"\"info\"",
"\"entitlement\"",
"\"exists\"",
+ "\"absent\"",
"EQL",
"EQQL",
"STAR",
"STRING",
"PATHNAME",
"INTEGER",
+ "\"timestamp\"",
"SEMI",
"IDENT",
"HEX",
const unsigned long RequirementParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL };
// EOF
const antlr::BitSet RequirementParser::_tokenSet_0(_tokenSet_0_data_,4);
-const unsigned long RequirementParser::_tokenSet_1_data_[] = { 992UL, 262144UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_1_data_[] = { 992UL, 524288UL, 0UL, 0UL };
// "guest" "host" "designated" "library" "plugin" INTEGER
const antlr::BitSet RequirementParser::_tokenSet_1(_tokenSet_1_data_,4);
const unsigned long RequirementParser::_tokenSet_2_data_[] = { 16UL, 0UL, 0UL, 0UL };
// ARROW
const antlr::BitSet RequirementParser::_tokenSet_2(_tokenSet_2_data_,4);
-const unsigned long RequirementParser::_tokenSet_3_data_[] = { 994UL, 262144UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_3_data_[] = { 994UL, 524288UL, 0UL, 0UL };
// EOF "guest" "host" "designated" "library" "plugin" INTEGER
const antlr::BitSet RequirementParser::_tokenSet_3(_tokenSet_3_data_,4);
-const unsigned long RequirementParser::_tokenSet_4_data_[] = { 268447730UL, 1024259UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_4_data_[] = { 268447730UL, 3097094UL, 0UL, 0UL };
// EOF ARROW "guest" "host" "designated" "library" "plugin" "or" "and"
// RPAREN "trusted" EQL EQQL LBRACK HASHCONSTANT DOTKEY STRING PATHNAME
// INTEGER SEMI
const antlr::BitSet RequirementParser::_tokenSet_4(_tokenSet_4_data_,4);
-const unsigned long RequirementParser::_tokenSet_5_data_[] = { 9186UL, 786432UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_5_data_[] = { 9186UL, 2621440UL, 0UL, 0UL };
// EOF "guest" "host" "designated" "library" "plugin" RPAREN INTEGER SEMI
const antlr::BitSet RequirementParser::_tokenSet_5(_tokenSet_5_data_,4);
-const unsigned long RequirementParser::_tokenSet_6_data_[] = { 994UL, 786432UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_6_data_[] = { 994UL, 2621440UL, 0UL, 0UL };
// EOF "guest" "host" "designated" "library" "plugin" INTEGER SEMI
const antlr::BitSet RequirementParser::_tokenSet_6(_tokenSet_6_data_,4);
-const unsigned long RequirementParser::_tokenSet_7_data_[] = { 10210UL, 786432UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_7_data_[] = { 10210UL, 2621440UL, 0UL, 0UL };
// EOF "guest" "host" "designated" "library" "plugin" "or" RPAREN INTEGER
// SEMI
const antlr::BitSet RequirementParser::_tokenSet_7(_tokenSet_7_data_,4);
// LPAREN NOT "always" "true" "never" "false" "identifier" "cdhash" "platform"
// "notarized" "anchor" "certificate" "cert" "info" "entitlement"
const antlr::BitSet RequirementParser::_tokenSet_8(_tokenSet_8_data_,4);
-const unsigned long RequirementParser::_tokenSet_9_data_[] = { 12258UL, 786432UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_9_data_[] = { 12258UL, 2621440UL, 0UL, 0UL };
// EOF "guest" "host" "designated" "library" "plugin" "or" "and" RPAREN
// INTEGER SEMI
const antlr::BitSet RequirementParser::_tokenSet_9(_tokenSet_9_data_,4);
-const unsigned long RequirementParser::_tokenSet_10_data_[] = { 0UL, 269312UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_10_data_[] = { 0UL, 538624UL, 0UL, 0UL };
// NEG "leaf" "root" INTEGER
const antlr::BitSet RequirementParser::_tokenSet_10(_tokenSet_10_data_,4);
-const unsigned long RequirementParser::_tokenSet_11_data_[] = { 0UL, 237827UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_11_data_[] = { 0UL, 475654UL, 0UL, 0UL };
// EQL EQQL LBRACK HASHCONSTANT DOTKEY STRING PATHNAME
const antlr::BitSet RequirementParser::_tokenSet_11(_tokenSet_11_data_,4);
-const unsigned long RequirementParser::_tokenSet_12_data_[] = { 0UL, 499712UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_12_data_[] = { 0UL, 999424UL, 0UL, 0UL };
// HASHCONSTANT DOTKEY STRING PATHNAME INTEGER
const antlr::BitSet RequirementParser::_tokenSet_12(_tokenSet_12_data_,4);
-const unsigned long RequirementParser::_tokenSet_13_data_[] = { 268435456UL, 237827UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_13_data_[] = { 268435456UL, 475654UL, 0UL, 0UL };
// "trusted" EQL EQQL LBRACK HASHCONSTANT DOTKEY STRING PATHNAME
const antlr::BitSet RequirementParser::_tokenSet_13(_tokenSet_13_data_,4);
-const unsigned long RequirementParser::_tokenSet_14_data_[] = { 2147495906UL, 1024000UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_14_data_[] = { 2147495906UL, 3096576UL, 0UL, 0UL };
// EOF "guest" "host" "designated" "library" "plugin" "or" "and" RPAREN
// "exists" HASHCONSTANT DOTKEY STRING PATHNAME INTEGER SEMI
const antlr::BitSet RequirementParser::_tokenSet_14(_tokenSet_14_data_,4);
-const unsigned long RequirementParser::_tokenSet_15_data_[] = { 2147495906UL, 786683UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_15_data_[] = { 2147495906UL, 2621943UL, 0UL, 0UL };
// EOF "guest" "host" "designated" "library" "plugin" "or" "and" RPAREN
-// "exists" EQL EQQL SUBS LESS GT LE GE INTEGER SEMI
+// "exists" "absent" EQL EQQL SUBS LESS GT LE GE INTEGER SEMI
const antlr::BitSet RequirementParser::_tokenSet_15(_tokenSet_15_data_,4);
-const unsigned long RequirementParser::_tokenSet_16_data_[] = { 12258UL, 786436UL, 0UL, 0UL };
+const unsigned long RequirementParser::_tokenSet_16_data_[] = { 0UL, 229384UL, 0UL, 0UL };
+// STAR HEXCONSTANT DOTKEY STRING
+const antlr::BitSet RequirementParser::_tokenSet_16(_tokenSet_16_data_,4);
+const unsigned long RequirementParser::_tokenSet_17_data_[] = { 12258UL, 2621448UL, 0UL, 0UL };
// EOF "guest" "host" "designated" "library" "plugin" "or" "and" RPAREN
// STAR INTEGER SEMI
-const antlr::BitSet RequirementParser::_tokenSet_16(_tokenSet_16_data_,4);
-const unsigned long RequirementParser::_tokenSet_17_data_[] = { 12258UL, 786948UL, 0UL, 0UL };
+const antlr::BitSet RequirementParser::_tokenSet_17(_tokenSet_17_data_,4);
+const unsigned long RequirementParser::_tokenSet_18_data_[] = { 12258UL, 2622472UL, 0UL, 0UL };
// EOF "guest" "host" "designated" "library" "plugin" "or" "and" RPAREN
// STAR RBRACK INTEGER SEMI
-const antlr::BitSet RequirementParser::_tokenSet_17(_tokenSet_17_data_,4);
+const antlr::BitSet RequirementParser::_tokenSet_18(_tokenSet_18_data_,4);
ANTLR_END_NAMESPACE
Maker &maker
);
public: string datavalue();
+ public: int64_t timestamp();
public: string stringvalue();
public: string pathstring();
public:
private:
static const char* tokenNames[];
#ifndef NO_STATIC_CONSTS
- static const int NUM_TOKENS = 59;
+ static const int NUM_TOKENS = 61;
#else
enum {
- NUM_TOKENS = 59
+ NUM_TOKENS = 61
};
#endif
static const antlr::BitSet _tokenSet_16;
static const unsigned long _tokenSet_17_data_[];
static const antlr::BitSet _tokenSet_17;
+ static const unsigned long _tokenSet_18_data_[];
+ static const antlr::BitSet _tokenSet_18;
};
ANTLR_END_NAMESPACE
LITERAL_info = 29,
LITERAL_entitlement = 30,
LITERAL_exists = 31,
- EQL = 32,
- EQQL = 33,
- STAR = 34,
- SUBS = 35,
- LESS = 36,
- GT = 37,
- LE = 38,
- GE = 39,
- LBRACK = 40,
- RBRACK = 41,
- NEG = 42,
- LITERAL_leaf = 43,
- LITERAL_root = 44,
- HASHCONSTANT = 45,
- HEXCONSTANT = 46,
- DOTKEY = 47,
- STRING = 48,
- PATHNAME = 49,
- INTEGER = 50,
- SEMI = 51,
- IDENT = 52,
- HEX = 53,
- COMMA = 54,
- WS = 55,
- SHELLCOMMENT = 56,
- C_COMMENT = 57,
- CPP_COMMENT = 58,
+ LITERAL_absent = 32,
+ EQL = 33,
+ EQQL = 34,
+ STAR = 35,
+ SUBS = 36,
+ LESS = 37,
+ GT = 38,
+ LE = 39,
+ GE = 40,
+ LBRACK = 41,
+ RBRACK = 42,
+ NEG = 43,
+ LITERAL_leaf = 44,
+ LITERAL_root = 45,
+ HASHCONSTANT = 46,
+ HEXCONSTANT = 47,
+ DOTKEY = 48,
+ STRING = 49,
+ PATHNAME = 50,
+ INTEGER = 51,
+ LITERAL_timestamp = 52,
+ SEMI = 53,
+ IDENT = 54,
+ HEX = 55,
+ COMMA = 56,
+ WS = 57,
+ SHELLCOMMENT = 58,
+ C_COMMENT = 59,
+ CPP_COMMENT = 60,
NULL_TREE_LOOKAHEAD = 3
};
#ifdef __cplusplus
LITERAL_info="info"=29
LITERAL_entitlement="entitlement"=30
LITERAL_exists="exists"=31
-EQL=32
-EQQL=33
-STAR=34
-SUBS=35
-LESS=36
-GT=37
-LE=38
-GE=39
-LBRACK=40
-RBRACK=41
-NEG=42
-LITERAL_leaf="leaf"=43
-LITERAL_root="root"=44
-HASHCONSTANT=45
-HEXCONSTANT=46
-DOTKEY=47
-STRING=48
-PATHNAME=49
-INTEGER=50
-SEMI=51
-IDENT=52
-HEX=53
-COMMA=54
-WS=55
-SHELLCOMMENT=56
-C_COMMENT=57
-CPP_COMMENT=58
+LITERAL_absent="absent"=32
+EQL=33
+EQQL=34
+STAR=35
+SUBS=36
+LESS=37
+GT=38
+LE=39
+GE=40
+LBRACK=41
+RBRACK=42
+NEG=43
+LITERAL_leaf="leaf"=44
+LITERAL_root="root"=45
+HASHCONSTANT=46
+HEXCONSTANT=47
+DOTKEY=48
+STRING=49
+PATHNAME=50
+INTEGER=51
+LITERAL_timestamp="timestamp"=52
+SEMI=53
+IDENT=54
+HEX=55
+COMMA=56
+WS=57
+SHELLCOMMENT=58
+C_COMMENT=59
+CPP_COMMENT=60
//
// csutilities - miscellaneous utilities for the code signing implementation
//
+
#include "csutilities.h"
+#include <libDER/DER_Encode.h>
+#include <libDER/DER_Keys.h>
+#include <libDER/asn1Types.h>
+#include <libDER/oids.h>
+#include <security_asn1/SecAsn1Coder.h>
+#include <security_asn1/SecAsn1Templates.h>
#include <Security/SecCertificatePriv.h>
+#include <Security/SecCertificate.h>
#include <utilities/SecAppleAnchorPriv.h>
#include <utilities/SecInternalReleasePriv.h>
#include "requirement.h"
#include <security_utilities/errors.h>
#include <sys/utsname.h>
+extern "C" {
+
+/* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
+ an absoluteTime if the date was valid and properly decoded. Return
+ NULL_TIME otherwise. */
+CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes,
+ size_t length);
+
+}
+
namespace Security {
namespace CodeSigning {
SecCertificateReleaseFirstFieldValue(cert, &CSSMOID_PolicyConstraints, data);
return matched;
}
+
+
+CFDateRef certificateCopyFieldDate(SecCertificateRef cert, const CSSM_OID &policyOid)
+{
+ CFDataRef oidData = NULL;
+ CFDateRef value = NULL;
+ CFDataRef data = NULL;
+ SecAsn1CoderRef coder = NULL;
+ CSSM_DATA str = { 0 };
+ CFAbsoluteTime time = 0.0;
+ OSStatus status = 0;
+ bool isCritical;
+
+ oidData = CFDataCreateWithBytesNoCopy(NULL, policyOid.Data, policyOid.Length,
+ kCFAllocatorNull);
+
+ if (oidData == NULL) {
+ goto out;
+ }
+
+ data = SecCertificateCopyExtensionValue(cert, oidData, &isCritical);
+
+ if (data == NULL) {
+ goto out;
+ }
+
+ status = SecAsn1CoderCreate(&coder);
+ if (status != 0) {
+ goto out;
+ }
+
+ // We currently only support UTF8 strings.
+ status = SecAsn1Decode(coder, CFDataGetBytePtr(data), CFDataGetLength(data),
+ kSecAsn1UTF8StringTemplate, &str);
+ if (status != 0) {
+ goto out;
+ }
+
+ time = SecAbsoluteTimeFromDateContent(ASN1_GENERALIZED_TIME,
+ str.Data, str.Length);
+
+ if (time == 0.0) {
+ goto out;
+ }
+
+ value = CFDateCreate(NULL, time);
+out:
+ if (coder) {
+ SecAsn1CoderRelease(coder);
+ }
+ if (data) {
+ CFRelease(data);
+ }
+ if (oidData) {
+ CFRelease(oidData);
+ }
+
+ return value;
+}
#endif
//
#if TARGET_OS_OSX
bool certificateHasField(SecCertificateRef cert, const CSSM_OID &oid);
bool certificateHasPolicy(SecCertificateRef cert, const CSSM_OID &policyOid);
+CFDateRef certificateCopyFieldDate(SecCertificateRef cert, const CSSM_OID &policyOid);
#endif
//
void PolicyDatabase::simpleFeature(const char *feature, void (^perform)())
{
+ SQLite::Transaction update(*this);
if (!hasFeature(feature)) {
- SQLite::Transaction update(*this);
perform();
addFeature(feature, "upgraded", "upgraded");
- update.commit();
}
+ update.commit();
}
void PolicyDatabase::simpleFeature(const char *feature, const char *sql)
perform.execute();
});
}
+
+void PolicyDatabase::simpleFeatureNoTransaction(const char *feature, void (^perform)())
+{
+ if (!hasFeature(feature)) {
+ perform();
+ addFeature(feature, "upgraded", "upgraded");
+ }
+}
void PolicyDatabase::upgradeDatabase()
"UPDATE authority SET priority = 10.0 WHERE label = 'Mac App Store'");
bumpMacAppStorePriority.execute();
});
+
+ {
+ SQLite::Transaction devIdRequirementUpgrades(*this);
+
+ simpleFeatureNoTransaction("legacy_devid", ^{
+ auto migrateReq = [](auto db, int type, string req) {
+ const string legacy =
+ " and (certificate leaf[timestamp.1.2.840.113635.100.6.1.33] absent or "
+ "certificate leaf[timestamp.1.2.840.113635.100.6.1.33] < timestamp \"20190408000000Z\")";
+
+ const string unnotarized =
+ " and (certificate leaf[timestamp.1.2.840.113635.100.6.1.33] exists and "
+ "certificate leaf[timestamp.1.2.840.113635.100.6.1.33] >= timestamp \"20190408000000Z\")";
+
+ SQLite::Statement update(*db, "UPDATE OR IGNORE authority "
+ "SET requirement = :newreq "
+ "WHERE requirement = :oldreq "
+ " AND type = :type "
+ " AND label = 'Developer ID'");
+ update.bind(":oldreq") = req;
+ update.bind(":type") = type;
+ update.bind(":newreq") = req + legacy;
+ update.execute();
+
+ SQLite::Statement insert(*db, "INSERT OR IGNORE INTO authority "
+ "(type, requirement, allow, priority, label) "
+ "VALUES "
+ "(:type, :req, 0, 4.0, "
+ "'Unnotarized Developer ID')");
+ insert.bind(":type") = type;
+ insert.bind(":req") = req + unnotarized;
+ insert.execute();
+ };
+
+ migrateReq(this, 1, "anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists");
+ migrateReq(this, 2, "anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and (certificate leaf[field.1.2.840.113635.100.6.1.14] or certificate leaf[field.1.2.840.113635.100.6.1.13])");
+ migrateReq(this, 3, "anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists");
+ });
+
+ // Add simpleFeatureNoTransaction for going from the requirements create above, to add secure timestamps in requirements, here before the commit
+
+ devIdRequirementUpgrades.commit();
+ }
}
void addFeature(const char *feature, const char *value, const char *remarks);
void simpleFeature(const char *feature, const char *sql);
void simpleFeature(const char *feature, void (^perform)());
+ void simpleFeatureNoTransaction(const char *feature, void (^perform)());
void installExplicitSet(const char *auth, const char *sigs);
case opCertField:
print("certificate"); certSlot(); print("["); dotString(); print("]"); match();
break;
+ case opCertFieldDate:
+ print("certificate"); certSlot(); print("[");
+#if TARGET_OS_OSX
+ {
+ const unsigned char *data; size_t length;
+ getData(data, length);
+ print("timestamp.%s", CssmOid((unsigned char *)data, length).toOid().c_str());
+ }
+#endif
case opCertGeneric:
print("certificate"); certSlot(); print("[");
#if TARGET_OS_OSX
case matchExists:
print(" /* exists */");
break;
+ case matchAbsent:
+ print(" absent ");
+ break;
case matchEqual:
print(" = "); data();
break;
case matchGreaterThan:
print(" > "); data();
break;
+ case matchOn:
+ print(" = "); timestamp();
+ break;
+ case matchBefore:
+ print(" < "); timestamp();
+ break;
+ case matchAfter:
+ print(" > "); timestamp();
+ break;
+ case matchOnOrBefore:
+ print(" <= "); timestamp();
+ break;
+ case matchOnOrAfter:
+ print(" >= "); timestamp();
+ break;
default:
print("MATCH OPCODE %d NOT UNDERSTOOD", op);
break;
break;
}
}
+
+void Dumper::timestamp()
+{
+ CFAbsoluteTime at = static_cast<CFAbsoluteTime>(get<int64_t>());
+ CFRef<CFDateRef> date = CFDateCreate(NULL, at);
+
+ CFRef<CFStringRef> str = CFCopyDescription(date);
+
+ print("<%s>", cfString(str).c_str());
+}
void Dumper::printBytes(const Byte *data, size_t length)
{
isBinary // contains binary bytes (use 0xnnn form)
};
void data(PrintMode bestMode = isSimple, bool dotOkay = false);
+ void timestamp();
void dotString() { data(isSimple, true); }
void quotedString() { data(isPrintable); }
void hashData(); // H"bytes"
//
// reqinterp - Requirement language (exprOp) interpreter
//
+
#include "reqinterp.h"
#include "codesigning_dtrace.h"
#include <Security/SecTrustSettingsPriv.h>
Match match(*this);
return certFieldGeneric(key, match, cert);
}
+ case opCertFieldDate:
+ {
+ SecCertificateRef cert = mContext->cert(get<int32_t>());
+ string key = getString();
+ Match match(*this);
+ return certFieldDate(key, match, cert);
+ }
case opCertPolicy:
{
SecCertificateRef cert = mContext->cert(get<int32_t>());
if (mContext->info) // we have an Info.plist
if (CFTypeRef value = CFDictionaryGetValue(mContext->info, CFTempString(key)))
return match(value);
- return false;
+ return match(kCFNull);
}
if (mContext->entitlements) // we have an Info.plist
if (CFTypeRef value = CFDictionaryGetValue(mContext->entitlements, CFTempString(key)))
return match(value);
- return false;
+ return match(kCFNull);
}
bool Requirement::Interpreter::certFieldGeneric(const CssmOid &oid, const Match &match, SecCertificateRef cert)
{
- return cert && certificateHasField(cert, oid) && match(kCFBooleanTrue);
+ return cert && match(certificateHasField(cert, oid) ? (CFTypeRef)kCFBooleanTrue : (CFTypeRef)kCFNull);
+}
+
+bool Requirement::Interpreter::certFieldDate(const string &key, const Match &match, SecCertificateRef cert)
+{
+ // the key is actually a (binary) OID value
+ CssmOid oid((char *)key.data(), key.length());
+ return certFieldDate(oid, match, cert);
+}
+
+bool Requirement::Interpreter::certFieldDate(const CssmOid &oid, const Match &match, SecCertificateRef cert)
+{
+ CFTypeRef value = cert != NULL ? certificateCopyFieldDate(cert, oid) : NULL;
+ bool matching = match(value != NULL ? value : kCFNull);
+
+ if (value) {
+ CFRelease(value);
+ }
+
+ return matching;
}
bool Requirement::Interpreter::certFieldPolicy(const string &key, const Match &match, SecCertificateRef cert)
bool Requirement::Interpreter::certFieldPolicy(const CssmOid &oid, const Match &match, SecCertificateRef cert)
{
- return cert && certificateHasPolicy(cert, oid) && match(kCFBooleanTrue);
+ return cert && match(certificateHasPolicy(cert, oid) ? (CFTypeRef)kCFBooleanTrue : (CFTypeRef)kCFNull);
}
#endif
Requirement::Interpreter::Match::Match(Interpreter &interp)
{
switch (mOp = interp.get<MatchOperation>()) {
+ case matchAbsent:
case matchExists:
break;
case matchEqual:
case matchGreaterEqual:
mValue.take(makeCFString(interp.getString()));
break;
+ case matchOn:
+ case matchBefore:
+ case matchAfter:
+ case matchOnOrBefore:
+ case matchOnOrAfter: {
+ mValue.take(CFDateCreate(NULL, interp.getAbsoluteTime()));
+ break;
+ }
default:
// Assume this (unknown) match type has a single data argument.
// This gives us a chance to keep the instruction stream aligned.
if (!candidate)
return false;
+ if (candidate == kCFNull) {
+ return mOp == matchAbsent; // only 'absent' matches
+ }
+
// interpret an array as matching alternatives (any one succeeds)
if (CFGetTypeID(candidate) == CFArrayGetTypeID()) {
CFArrayRef array = CFArrayRef(candidate);
}
switch (mOp) {
+ case matchAbsent:
+ return false; // it exists, so it cannot be absent
case matchExists: // anything but NULL and boolean false "exists"
return !CFEqual(candidate, kCFBooleanFalse);
case matchEqual: // equality works for all CF types
return CFEqual(candidate, mValue);
case matchContains:
- if (CFGetTypeID(candidate) == CFStringGetTypeID()) {
+ if (isStringValue() && CFGetTypeID(candidate) == CFStringGetTypeID()) {
CFStringRef value = CFStringRef(candidate);
- if (CFStringFindWithOptions(value, mValue, CFRangeMake(0, CFStringGetLength(value)), 0, NULL))
+ if (CFStringFindWithOptions(value, cfStringValue(), CFRangeMake(0, CFStringGetLength(value)), 0, NULL))
return true;
}
return false;
case matchBeginsWith:
- if (CFGetTypeID(candidate) == CFStringGetTypeID()) {
+ if (isStringValue() && CFGetTypeID(candidate) == CFStringGetTypeID()) {
CFStringRef value = CFStringRef(candidate);
- if (CFStringFindWithOptions(value, mValue, CFRangeMake(0, CFStringGetLength(mValue)), 0, NULL))
+ if (CFStringFindWithOptions(value, cfStringValue(), CFRangeMake(0, CFStringGetLength(cfStringValue())), 0, NULL))
return true;
}
return false;
case matchEndsWith:
- if (CFGetTypeID(candidate) == CFStringGetTypeID()) {
+ if (isStringValue() && CFGetTypeID(candidate) == CFStringGetTypeID()) {
CFStringRef value = CFStringRef(candidate);
- CFIndex matchLength = CFStringGetLength(mValue);
+ CFIndex matchLength = CFStringGetLength(cfStringValue());
CFIndex start = CFStringGetLength(value) - matchLength;
if (start >= 0)
- if (CFStringFindWithOptions(value, mValue, CFRangeMake(start, matchLength), 0, NULL))
+ if (CFStringFindWithOptions(value, cfStringValue(), CFRangeMake(start, matchLength), 0, NULL))
return true;
}
return false;
return inequality(candidate, kCFCompareNumerically, kCFCompareGreaterThan, false);
case matchGreaterEqual:
return inequality(candidate, kCFCompareNumerically, kCFCompareLessThan, false);
+ case matchOn:
+ case matchBefore:
+ case matchAfter:
+ case matchOnOrBefore:
+ case matchOnOrAfter: {
+ if (!isDateValue() || CFGetTypeID(candidate) != CFDateGetTypeID()) {
+ return false;
+ }
+
+ CFComparisonResult res = CFDateCompare((CFDateRef)candidate, cfDateValue(), NULL);
+
+ switch (mOp) {
+ case matchOn: return res == 0;
+ case matchBefore: return res < 0;
+ case matchAfter: return res > 0;
+ case matchOnOrBefore: return res <= 0;
+ case matchOnOrAfter: return res >= 0;
+ default: abort();
+ }
+ }
default:
// unrecognized match types can never match
return false;
bool Requirement::Interpreter::Match::inequality(CFTypeRef candidate, CFStringCompareFlags flags,
CFComparisonResult outcome, bool negate) const
{
- if (CFGetTypeID(candidate) == CFStringGetTypeID()) {
+ if (isStringValue() && CFGetTypeID(candidate) == CFStringGetTypeID()) {
CFStringRef value = CFStringRef(candidate);
- if ((CFStringCompare(value, mValue, flags) == outcome) == negate)
+ if ((CFStringCompare(value, cfStringValue(), flags) == outcome) == negate)
return true;
}
return false;
bool inequality(CFTypeRef candidate, CFStringCompareFlags flags, CFComparisonResult outcome, bool negate) const;
private:
- CFCopyRef<CFStringRef> mValue; // match value
+ CFCopyRef<CFTypeRef> mValue; // match value
MatchOperation mOp; // type of match
+
+ bool isStringValue() const { return CFGetTypeID(mValue) == CFStringGetTypeID(); }
+ bool isDateValue() const { return CFGetTypeID(mValue) == CFDateGetTypeID(); }
+ CFStringRef cfStringValue() const { return isStringValue() ? (CFStringRef)mValue.get() : NULL; }
+ CFDateRef cfDateValue() const { return isDateValue() ? (CFDateRef)mValue.get() : NULL; }
};
protected:
bool certFieldGeneric(const CssmOid &oid, const Match &match, SecCertificateRef cert);
bool certFieldPolicy(const string &key, const Match &match, SecCertificateRef cert);
bool certFieldPolicy(const CssmOid &oid, const Match &match, SecCertificateRef cert);
+ bool certFieldDate(const string &key, const Match &match, SecCertificateRef cert);
+ bool certFieldDate(const CssmOid &oid, const Match &match, SecCertificateRef cert);
#endif
bool verifyAnchor(SecCertificateRef cert, const unsigned char *digest);
bool appleSigned();
return makeCFData(s, length);
}
+CFAbsoluteTime Requirement::Reader::getAbsoluteTime()
+{
+ // timestamps are saved as 64bit ints internally for
+ // portability, but CoreFoundation wants CFAbsoluteTimes,
+ // which are doubles.
+ // This cuts off subseconds.
+ return static_cast<CFAbsoluteTime>(get<int64_t>());
+}
+
const unsigned char *Requirement::Reader::getSHA1()
{
const unsigned char *digest; size_t length;
std::string getString();
CFDataRef getHash();
+ CFAbsoluteTime getAbsoluteTime();
const unsigned char *getSHA1();
template <class T> void getData(T *&data, size_t &length)
opCDHash, // match hash of CodeDirectory directly [cd hash]
opNot, // logical inverse [expr]
opInfoKeyField, // Info.plist key field [string; match suffix]
- opCertField, // Certificate field [cert index; field name; match suffix]
+ opCertField, // Certificate field, existence only [cert index; field name; match suffix]
opTrustedCert, // require trust settings to approve one particular cert [cert index]
opTrustedCerts, // require trust settings to approve the cert chain
opCertGeneric, // Certificate component by OID [cert index; oid; match suffix]
opNamedCode, // named subroutine
opPlatform, // platform constraint [integer]
opNotarized, // has a developer id+ ticket
+ opCertFieldDate, // extension value as timestamp [cert index; field name; match suffix]
exprOpCount // (total opcode count in use)
};
matchGreaterThan, // greater than (string with numeric comparison)
matchLessEqual, // less or equal (string with numeric comparison)
matchGreaterEqual, // greater or equal (string with numeric comparison)
+ matchOn, // on (timestamp comparison)
+ matchBefore, // before (timestamp comparison)
+ matchAfter, // after (timestamp comparison)
+ matchOnOrBefore, // on or before (timestamp comparison)
+ matchOnOrAfter, // on or after (timestamp comparison)
+ matchAbsent, // not present (kCFNull)
};
#include "requirement.h"
#include "reqmaker.h"
#include "csutilities.h"
+#include <libDER/libDER.h>
+#include <libDER/asn1Types.h>
#include <security_utilities/cfutilities.h>
#include <security_utilities/hashing.h>
#include <security_cdsa_utilities/cssmdata.h> // OID coding
+#include <Security/SecCertificate.h>
using namespace CodeSigning;
typedef Requirement::Maker Maker;
+
+extern "C" {
+
+/* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
+an absoluteTime if the date was valid and properly decoded. Return
+NULL_TIME otherwise. */
+CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes,
+ size_t length);
+
+}
+
}
options {
void RequirementParser::certMatchOperation(Maker &maker, int32_t slot, string key)
{
- if (matchPrefix(key, "subject.")) {
+ if (const char *oids = matchPrefix(key, "timestamp.")) {
+ maker.put(opCertFieldDate);
+ maker.put(slot);
+ CssmAutoData oid(Allocator::standard()); oid.fromOid(oids);
+ maker.putData(oid.data(), oid.length());
+ } else if (matchPrefix(key, "subject.")) {
maker.put(opCertField);
maker.put(slot);
maker.put(key);
match_suffix[Maker &maker]
: empty ( "exists" ) ?
{ maker.put(matchExists); }
+ | "absent"
+ { maker.put(matchAbsent); }
| ( EQL | EQQL )
{ MatchOperation mop = matchEqual; string value; }
( STAR { mop = matchEndsWith; } ) ?
value=datavalue
( STAR { mop = (mop == matchEndsWith) ? matchContains : matchBeginsWith; } ) ?
{ maker.put(mop); maker.put(value); }
+ | ( EQL | EQQL )
+ { MatchOperation mop = matchOn; int64_t value; }
+ value=timestamp
+ { maker.put(mop); maker.put(value); }
| SUBS { string value; } value=datavalue
{ maker.put(matchContains); maker.put(value); }
| LESS { string value; } value=datavalue
{ maker.put(matchLessEqual); maker.put(value); }
| GE { string value; } value=datavalue
{ maker.put(matchGreaterEqual); maker.put(value); }
+ | LESS { int64_t value; } value=timestamp
+ { maker.put(matchBefore); maker.put(value); }
+ | GT { int64_t value; } value=timestamp
+ { maker.put(matchAfter); maker.put(value); }
+ | LE { int64_t value; } value=timestamp
+ { maker.put(matchOnOrBefore); maker.put(value); }
+ | GE { int64_t value; } value=timestamp
+ { maker.put(matchOnOrAfter); maker.put(value); }
;
bracketKey returns [string key]
: s:INTEGER { result = int32_t(atol(s->getText().c_str())); }
;
+// timestamps
+timestamp returns [int64_t result]
+ : "timestamp" s:STRING { result = (int64_t)SecAbsoluteTimeFromDateContent(ASN1_GENERALIZED_TIME, (uint8_t const *)s->getText().c_str(), s->getText().length()); }
+ ;
+
// syntactic cavity generators
fluff
: SEMI
k=2;
testLiterals=false;
- // Pass through valid UTF-8 (which excludes hex C0-C1 and F5-FF),
- // but also exclude ASCII control characters below 0x20 (space).
+ // Pass through valid UTF-8 (which excludes hex C0-C1 and F5-FF).
// Byte ranges according to Unicode 11.0, paragraph 3.9 D92.
charVocabulary='\000'..'\277' | '\302'..'\364';
}
return errSecParam;
}
- CFDataRef desiredHash = getPubKeyHashWrap(context);
+ CFDataRef desiredHash = getPubKeyHashWrap(context);
+ if (!desiredHash) {
+ os_log_error(TL_LOG, "No wrap key in context");
+ return errSecParam;
+ }
+
CFIndex idx, count = CFArrayGetCount(identities);
for (idx = 0; idx < count; ++idx) {
SecIdentityRef identity = (SecIdentityRef)CFArrayGetValueAtIndex(identities, idx);
return aks_retval;
}
+// context = data wrapped in password variable, loginData = dictionary from stored plist
OSStatus TokenLoginUnlockKeybag(CFDictionaryRef context, CFDictionaryRef loginData)
{
if (!loginData || !context) {
return errSecInternal;
}
+ CFDataRef pubKeyWrapFromPlist = (CFDataRef)CFDictionaryGetValue(loginData, kSecAttrPublicKeyHash);
+ if (pubKeyWrapFromPlist == NULL) {
+ os_log_error(TL_LOG, "Failed to get wrapkey");
+ return errSecInternal;
+ }
+
+ CFRef<CFDictionaryRef> ctx = makeCFDictionary(4,
+ kSecAttrTokenID, getTokenId(context),
+ kSecAttrService, getPin(context),
+ kSecAttrPublicKeyHash, getPubKeyHash(context),
+ kSecAttrAccount, pubKeyWrapFromPlist
+ );
+
CFRef<CFErrorRef> error;
CFRef<SecKeyRef> privKey;
CFRef<CFTypeRef> LAContext;
- OSStatus retval = privKeyForPubKeyHash(context, privKey.take(), LAContext.take());
+ OSStatus retval = privKeyForPubKeyHash(ctx, privKey.take(), LAContext.take());
if (retval != errSecSuccess) {
os_log_error(TL_LOG, "Failed to get private key for public key hash: %d", (int) retval);
return retval;
(CFDataRef)wrappedUsk.get(),
error.take());
if (!unwrappedUsk) {
- os_log_error(TL_LOG, "TokenLoginUnlockKeybag failed to unwrap blob: %@", error.get());
+ os_log_error(TL_LOG, "TokenLoginUnlockKeybag failed to unwrap blob: %{public}@", error.get());
return errSecInternal;
}
ok(SOSGenerateDeviceBackupFullKey(fullKey3, cp, entropy3, &error), "Generate key 3 (%@)", error);
CFReleaseNull(error);
- size_t comparisonSize = ccec_full_ctx_size(ccec_ccn_size(cp));
+ size_t ex_size = ccec_x963_export_size(true, ccec_ctx_pub(fullKey1));
+ uint8_t buf1[ex_size];
+ ccec_x963_export(true, buf1, fullKey1);
+ uint8_t buf1a[ex_size];
+ ccec_x963_export(true, buf1a, fullKey1a);
- ok(memcmp(fullKey1, fullKey1a, comparisonSize), "Two derivations match");
+ ok(0 == memcmp(buf1, buf1a, ex_size), "Two derivations match");
CFDataRef publicKeyData = SOSCopyDeviceBackupPublicKey(entropy1, &error);
ok(publicKeyData, "Public key copy");
CFReleaseNull(cert);
}
+/* subject:/UID=372S63A2R8/CN=Developer ID Application: John Brayton/OU=372S63A2R8/O=John Brayton/C=US */
+/* issuer :/CN=Developer ID Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=US */
+const uint8_t _old_developer_cert[] = {
+ 0x30,0x82,0x05,0x65,0x30,0x82,0x04,0x4D,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x3B,
+ 0x8B,0xC9,0x83,0xCC,0x57,0x54,0x95,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x79,0x31,0x2D,0x30,0x2B,0x06,0x03,0x55,0x04,
+ 0x03,0x0C,0x24,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20,0x49,0x44,0x20,
+ 0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,
+ 0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,
+ 0x0C,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
+ 0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,
+ 0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,
+ 0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
+ 0x53,0x30,0x1E,0x17,0x0D,0x31,0x32,0x30,0x34,0x32,0x31,0x31,0x39,0x33,0x39,0x33,
+ 0x30,0x5A,0x17,0x0D,0x31,0x37,0x30,0x34,0x32,0x32,0x31,0x39,0x33,0x39,0x33,0x30,
+ 0x5A,0x30,0x81,0x86,0x31,0x1A,0x30,0x18,0x06,0x0A,0x09,0x92,0x26,0x89,0x93,0xF2,
+ 0x2C,0x64,0x01,0x01,0x0C,0x0A,0x33,0x37,0x32,0x53,0x36,0x33,0x41,0x32,0x52,0x38,
+ 0x31,0x2F,0x30,0x2D,0x06,0x03,0x55,0x04,0x03,0x0C,0x26,0x44,0x65,0x76,0x65,0x6C,
+ 0x6F,0x70,0x65,0x72,0x20,0x49,0x44,0x20,0x41,0x70,0x70,0x6C,0x69,0x63,0x61,0x74,
+ 0x69,0x6F,0x6E,0x3A,0x20,0x4A,0x6F,0x68,0x6E,0x20,0x42,0x72,0x61,0x79,0x74,0x6F,
+ 0x6E,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0A,0x33,0x37,0x32,0x53,
+ 0x36,0x33,0x41,0x32,0x52,0x38,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x0C,
+ 0x0C,0x4A,0x6F,0x68,0x6E,0x20,0x42,0x72,0x61,0x79,0x74,0x6F,0x6E,0x31,0x0B,0x30,
+ 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,
+ 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,
+ 0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xDE,0x02,0xD5,0xBC,0x79,
+ 0x03,0x44,0x44,0xA0,0xCC,0x53,0xB9,0x4D,0xF6,0xF7,0x59,0xCF,0xA4,0x71,0x8A,0x20,
+ 0x72,0xA2,0x60,0xEA,0x45,0x26,0x52,0x39,0xA7,0xBD,0xFF,0x0A,0x45,0x0E,0xA2,0xE4,
+ 0x42,0x8C,0x0D,0x4B,0xF5,0x96,0x73,0xB3,0x56,0x0E,0xAA,0x2B,0x3F,0xBB,0x69,0x93,
+ 0xD5,0xC1,0x20,0xF2,0x40,0x38,0xB6,0x6C,0xB1,0xA0,0x4C,0x1B,0xA6,0xF1,0xE5,0x34,
+ 0xD4,0xD8,0xB0,0xF0,0x34,0x8C,0x2B,0xA4,0xBF,0x1E,0x8F,0x64,0xF0,0x25,0x9F,0x5D,
+ 0x65,0x1E,0x61,0xBA,0x63,0x68,0x16,0x67,0xDE,0x0B,0x76,0x25,0xFD,0xAF,0xB3,0xBF,
+ 0x1D,0xEA,0x82,0x85,0xE5,0x80,0xC7,0x62,0x1B,0x17,0xB3,0x5E,0x56,0xEA,0xD4,0x39,
+ 0x9C,0xA7,0x39,0x9B,0x1F,0xAD,0xD7,0xE1,0x7D,0x71,0x48,0xE5,0x19,0x53,0x98,0x6A,
+ 0x01,0x14,0x21,0x53,0xE4,0x69,0x69,0x3F,0xF3,0xC0,0x6C,0x2D,0x82,0x78,0x63,0x4E,
+ 0xAA,0xE4,0x0C,0xEF,0xC3,0x99,0x53,0xCA,0x1A,0x08,0xF4,0x95,0x48,0x23,0x8F,0xC9,
+ 0x13,0xCA,0xA7,0x0C,0xDC,0xB8,0x34,0x67,0x46,0x68,0x72,0x04,0x7E,0x17,0xC1,0x73,
+ 0x38,0x21,0xB8,0x52,0x35,0x3F,0x15,0x4D,0x60,0x82,0x63,0xEE,0x37,0xCC,0xF6,0x1F,
+ 0xF8,0xBC,0xA3,0xF6,0x1F,0xE1,0x9F,0x45,0xFA,0x5A,0xF6,0xC1,0x06,0x16,0xF8,0x03,
+ 0x84,0x7E,0x2F,0xE3,0x0D,0xEC,0x3E,0x05,0xF5,0xC0,0x0C,0x57,0x84,0x4C,0xCB,0x25,
+ 0x81,0x4C,0x59,0x2C,0xDC,0x63,0xA7,0xA0,0xA6,0x6C,0xC3,0xDC,0x7F,0x1E,0xAA,0x1E,
+ 0xD8,0x31,0x7D,0x08,0x8C,0x2F,0x85,0xB9,0x09,0xFF,0xD9,0x02,0x03,0x01,0x00,0x01,
+ 0xA3,0x82,0x01,0xE1,0x30,0x82,0x01,0xDD,0x30,0x3E,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x01,0x01,0x04,0x32,0x30,0x30,0x30,0x2E,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x30,0x01,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,
+ 0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x6F,0x63,0x73,0x70,
+ 0x2D,0x64,0x65,0x76,0x69,0x64,0x30,0x31,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,
+ 0x16,0x04,0x14,0xB1,0x95,0xE5,0x40,0x5D,0xE0,0x7B,0x76,0xF6,0x2B,0xD4,0x5B,0x16,
+ 0x6F,0x90,0x52,0x43,0x9C,0x8E,0xEA,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,
+ 0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,
+ 0x80,0x14,0x57,0x17,0xED,0xA2,0xCF,0xDC,0x7C,0x98,0xA1,0x10,0xE0,0xFC,0xBE,0x87,
+ 0x2D,0x2C,0xF2,0xE3,0x17,0x54,0x30,0x82,0x01,0x0E,0x06,0x03,0x55,0x1D,0x20,0x04,
+ 0x82,0x01,0x05,0x30,0x82,0x01,0x01,0x30,0x81,0xFE,0x06,0x09,0x2A,0x86,0x48,0x86,
+ 0xF7,0x63,0x64,0x05,0x01,0x30,0x81,0xF0,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x02,0x01,0x16,0x1C,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,
+ 0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,0x70,0x6C,0x65,
+ 0x63,0x61,0x30,0x81,0xC3,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,
+ 0x81,0xB6,0x0C,0x81,0xB3,0x52,0x65,0x6C,0x69,0x61,0x6E,0x63,0x65,0x20,0x6F,0x6E,
+ 0x20,0x74,0x68,0x69,0x73,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,
+ 0x65,0x20,0x62,0x79,0x20,0x61,0x6E,0x79,0x20,0x70,0x61,0x72,0x74,0x79,0x20,0x61,
+ 0x73,0x73,0x75,0x6D,0x65,0x73,0x20,0x61,0x63,0x63,0x65,0x70,0x74,0x61,0x6E,0x63,
+ 0x65,0x20,0x6F,0x66,0x20,0x74,0x68,0x65,0x20,0x74,0x68,0x65,0x6E,0x20,0x61,0x70,
+ 0x70,0x6C,0x69,0x63,0x61,0x62,0x6C,0x65,0x20,0x73,0x74,0x61,0x6E,0x64,0x61,0x72,
+ 0x64,0x20,0x74,0x65,0x72,0x6D,0x73,0x20,0x61,0x6E,0x64,0x20,0x63,0x6F,0x6E,0x64,
+ 0x69,0x74,0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x2C,0x20,0x63,
+ 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x70,0x6F,0x6C,0x69,0x63,
+ 0x79,0x20,0x61,0x6E,0x64,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,
+ 0x69,0x6F,0x6E,0x20,0x70,0x72,0x61,0x63,0x74,0x69,0x63,0x65,0x20,0x73,0x74,0x61,
+ 0x74,0x65,0x6D,0x65,0x6E,0x74,0x73,0x2E,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,
+ 0x01,0xFF,0x04,0x04,0x03,0x02,0x07,0x80,0x30,0x16,0x06,0x03,0x55,0x1D,0x25,0x01,
+ 0x01,0xFF,0x04,0x0C,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,
+ 0x30,0x13,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x06,0x01,0x0D,0x01,0x01,
+ 0xFF,0x04,0x02,0x05,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,
+ 0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x53,0x09,0xBD,0xA3,0xB5,0xE0,0x63,
+ 0x49,0x02,0x71,0x3C,0x3A,0xF3,0xC9,0x08,0xF0,0xF9,0xCA,0x4E,0x70,0xD4,0x8D,0x3F,
+ 0xE5,0x9C,0x67,0xED,0x49,0xB4,0x7C,0xA3,0x5D,0x44,0xDE,0xF0,0x48,0xB9,0xDD,0x54,
+ 0x4F,0x56,0x7D,0xFD,0x08,0x14,0x3C,0x15,0xB8,0xFF,0x54,0x23,0x9A,0x48,0xC5,0x6C,
+ 0x48,0x72,0xE4,0x30,0xA6,0xC6,0xE8,0x42,0x62,0x29,0xA5,0x13,0x72,0x1C,0x04,0x6C,
+ 0x91,0x92,0xC3,0x3A,0x53,0x0A,0x52,0xDC,0x26,0x88,0xDE,0x42,0xA1,0x57,0xC2,0x03,
+ 0x3A,0xD7,0xE3,0x9B,0x2A,0x1F,0x48,0x65,0xFD,0x7F,0x81,0xEF,0x8E,0x39,0x64,0xB8,
+ 0x36,0x2B,0x60,0xCC,0x6A,0x50,0x0C,0x79,0xAD,0x75,0xD2,0x44,0x43,0xA1,0x31,0x5A,
+ 0x27,0xEC,0xB1,0xF5,0xC2,0x32,0x0D,0x35,0xF8,0x70,0x45,0x66,0xA3,0x6A,0x29,0x1F,
+ 0x60,0x7E,0xEE,0x34,0xF7,0x0F,0xBE,0x23,0x1D,0x97,0x3F,0x6C,0xE4,0xA6,0xF6,0x59,
+ 0x73,0x51,0x1B,0x13,0x38,0x04,0x98,0x59,0x8F,0xBF,0x8D,0xB8,0x0E,0xC7,0x57,0x00,
+ 0x8D,0x14,0x3A,0xA5,0xD9,0x4F,0xD9,0x4E,0xFF,0x75,0x83,0x15,0xA6,0x0E,0x1A,0xD3,
+ 0x0D,0xBC,0x0B,0x7E,0x99,0x3A,0xB9,0x73,0xAE,0x84,0x49,0xEE,0x8B,0x26,0x8E,0xD3,
+ 0xE9,0x36,0xCD,0xAD,0xC1,0xA9,0x00,0xC0,0x91,0x8B,0x3E,0x7E,0x7B,0x25,0x7F,0x7F,
+ 0x0D,0x4B,0xA4,0xE4,0xAD,0x67,0x4D,0x6A,0xF1,0xF7,0xF4,0xC0,0x5F,0x4B,0x9A,0xB4,
+ 0x2D,0x9B,0x91,0x3B,0x5A,0x67,0x9B,0xC5,0x64,0x99,0x04,0xA0,0x01,0xCF,0x52,0xE0,
+ 0xBB,0xA1,0xC9,0xDD,0xD6,0x75,0x2E,0xE8,0x04,
+};
+
+/* subject:/UID=PV45XFU466/CN=Developer ID Application: T Solanki (PV45XFU466)/OU=PV45XFU466/O=T Solanki/C=US */
+/* issuer :/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Test Apple Caspian Certification Authority */
+const uint8_t _new_developer_cert[] = {
+ 0x30,0x82,0x05,0xBF,0x30,0x82,0x04,0xA7,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x69,
+ 0x87,0x9F,0x89,0x35,0xB9,0x9C,0xD7,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x7F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
+ 0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,
+ 0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,
+ 0x55,0x04,0x0B,0x0C,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,
+ 0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,
+ 0x74,0x79,0x31,0x33,0x30,0x31,0x06,0x03,0x55,0x04,0x03,0x0C,0x2A,0x54,0x65,0x73,
+ 0x74,0x20,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x61,0x73,0x70,0x69,0x61,0x6E,0x20,
+ 0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,
+ 0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x1E,0x17,0x0D,0x31,0x39,0x30,0x33,0x30,
+ 0x35,0x32,0x32,0x30,0x32,0x32,0x31,0x5A,0x17,0x0D,0x32,0x34,0x30,0x33,0x30,0x35,
+ 0x32,0x32,0x30,0x32,0x32,0x31,0x5A,0x30,0x81,0x8D,0x31,0x1A,0x30,0x18,0x06,0x0A,
+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,0x0C,0x0A,0x50,0x56,0x34,0x35,
+ 0x58,0x46,0x55,0x34,0x36,0x36,0x31,0x39,0x30,0x37,0x06,0x03,0x55,0x04,0x03,0x0C,
+ 0x30,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20,0x49,0x44,0x20,0x41,0x70,
+ 0x70,0x6C,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x3A,0x20,0x54,0x20,0x53,0x6F,0x6C,
+ 0x61,0x6E,0x6B,0x69,0x20,0x28,0x50,0x56,0x34,0x35,0x58,0x46,0x55,0x34,0x36,0x36,
+ 0x29,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0A,0x50,0x56,0x34,0x35,
+ 0x58,0x46,0x55,0x34,0x36,0x36,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x0C,
+ 0x09,0x54,0x20,0x53,0x6F,0x6C,0x61,0x6E,0x6B,0x69,0x31,0x0B,0x30,0x09,0x06,0x03,
+ 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,
+ 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,
+ 0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xC8,0xA7,0xFD,0xE0,0x5C,0xBD,0x35,0x6D,
+ 0x73,0x44,0xE1,0x9A,0xDA,0x70,0xE9,0x6E,0x99,0xDB,0x9C,0x0A,0x47,0x9B,0x71,0xBC,
+ 0xCF,0xE2,0x2A,0x1D,0x6C,0x11,0x5A,0x45,0x27,0xD5,0x3B,0x42,0x4C,0x1B,0xE2,0x43,
+ 0x5D,0xCA,0x37,0x48,0xB1,0xCD,0xA5,0xDC,0x2B,0x46,0xE9,0xD5,0xEE,0xCE,0xE1,0xF2,
+ 0x9C,0xD0,0x55,0x14,0x42,0x7A,0x9A,0xFB,0x2C,0xF0,0x20,0xD5,0x53,0x6B,0x3E,0x76,
+ 0x45,0x59,0xB6,0x16,0x41,0x52,0x61,0x64,0x2E,0xFA,0x69,0x43,0x95,0xD7,0x75,0x63,
+ 0x24,0xF8,0xFD,0x62,0x99,0xE9,0x5B,0xF8,0x72,0xE9,0x85,0x06,0x73,0x60,0x9C,0x83,
+ 0xD7,0xD6,0x1D,0xEC,0xC5,0x85,0x48,0xE0,0x55,0x71,0xFE,0xE0,0x54,0xAF,0x06,0xE7,
+ 0xD6,0x39,0x87,0xFB,0x5A,0xE7,0x7F,0x02,0x7C,0x80,0x2B,0x8B,0xA6,0x6A,0x06,0xF0,
+ 0xBE,0xDF,0xB3,0x1D,0x4D,0x40,0x9F,0x05,0x36,0x55,0xA4,0x09,0x58,0xB1,0xD2,0xB8,
+ 0xC0,0x8B,0xDE,0x25,0xD8,0xEB,0x80,0x07,0x34,0x64,0xE5,0x77,0x9A,0x39,0xD6,0xE1,
+ 0x7F,0x8A,0xF2,0xE4,0x56,0x15,0x84,0xB2,0x8A,0x54,0x31,0xCB,0xC3,0xAD,0xB6,0x63,
+ 0x72,0x64,0x53,0x8F,0xE5,0x74,0xD3,0xAA,0x91,0x0D,0xF0,0xEF,0x03,0x24,0x21,0x8C,
+ 0x0D,0x45,0xE4,0x18,0x0E,0xE0,0xDB,0x8C,0x20,0xF1,0x4A,0xD6,0x8B,0x60,0x84,0x3D,
+ 0x14,0x0D,0xCA,0x46,0x20,0x1F,0x13,0x07,0x7E,0x23,0x90,0x5B,0x8F,0xCF,0xD0,0x1E,
+ 0x48,0x56,0xF5,0xED,0xF3,0x96,0x52,0x03,0x40,0xF7,0x47,0x4A,0xAF,0xD0,0x67,0x0F,
+ 0xC1,0x5F,0xB1,0xA8,0xCD,0x29,0xDD,0x91,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,
+ 0x2E,0x30,0x82,0x02,0x2A,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,
+ 0x02,0x30,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,
+ 0xF8,0x7A,0x23,0x8A,0xD2,0xE7,0xD2,0xDF,0x21,0xDB,0x7A,0xF4,0x12,0x31,0x6E,0x28,
+ 0xF6,0xF9,0xF0,0x8E,0x30,0x49,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,
+ 0x04,0x3D,0x30,0x3B,0x30,0x39,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,
+ 0x86,0x2D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2D,0x75,0x61,
+ 0x74,0x2E,0x63,0x6F,0x72,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,
+ 0x2F,0x6F,0x63,0x73,0x70,0x30,0x33,0x2D,0x64,0x65,0x76,0x69,0x64,0x30,0x39,0x30,
+ 0x82,0x01,0x1D,0x06,0x03,0x55,0x1D,0x20,0x04,0x82,0x01,0x14,0x30,0x82,0x01,0x10,
+ 0x30,0x82,0x01,0x0C,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x05,0x01,0x30,
+ 0x81,0xFE,0x30,0x81,0xC3,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,
+ 0x81,0xB6,0x0C,0x81,0xB3,0x52,0x65,0x6C,0x69,0x61,0x6E,0x63,0x65,0x20,0x6F,0x6E,
+ 0x20,0x74,0x68,0x69,0x73,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,
+ 0x65,0x20,0x62,0x79,0x20,0x61,0x6E,0x79,0x20,0x70,0x61,0x72,0x74,0x79,0x20,0x61,
+ 0x73,0x73,0x75,0x6D,0x65,0x73,0x20,0x61,0x63,0x63,0x65,0x70,0x74,0x61,0x6E,0x63,
+ 0x65,0x20,0x6F,0x66,0x20,0x74,0x68,0x65,0x20,0x74,0x68,0x65,0x6E,0x20,0x61,0x70,
+ 0x70,0x6C,0x69,0x63,0x61,0x62,0x6C,0x65,0x20,0x73,0x74,0x61,0x6E,0x64,0x61,0x72,
+ 0x64,0x20,0x74,0x65,0x72,0x6D,0x73,0x20,0x61,0x6E,0x64,0x20,0x63,0x6F,0x6E,0x64,
+ 0x69,0x74,0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x2C,0x20,0x63,
+ 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x70,0x6F,0x6C,0x69,0x63,
+ 0x79,0x20,0x61,0x6E,0x64,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,
+ 0x69,0x6F,0x6E,0x20,0x70,0x72,0x61,0x63,0x74,0x69,0x63,0x65,0x20,0x73,0x74,0x61,
+ 0x74,0x65,0x6D,0x65,0x6E,0x74,0x73,0x2E,0x30,0x36,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x02,0x01,0x16,0x2A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,
+ 0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x65,0x72,0x74,0x69,
+ 0x66,0x69,0x63,0x61,0x74,0x65,0x61,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x2F,
+ 0x30,0x16,0x06,0x03,0x55,0x1D,0x25,0x01,0x01,0xFF,0x04,0x0C,0x30,0x0A,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,
+ 0x16,0x04,0x14,0x6A,0x2A,0x84,0xE8,0xAF,0x4B,0x33,0x37,0xB3,0x09,0xD5,0x8D,0x49,
+ 0x5B,0xF1,0xA9,0x3D,0x6E,0xCD,0x71,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,
+ 0xFF,0x04,0x04,0x03,0x02,0x07,0x80,0x30,0x13,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,
+ 0x63,0x64,0x06,0x01,0x0D,0x01,0x01,0xFF,0x04,0x02,0x05,0x00,0x30,0x1F,0x06,0x0A,
+ 0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x06,0x01,0x21,0x04,0x11,0x0C,0x0F,0x32,0x30,
+ 0x31,0x39,0x30,0x33,0x30,0x35,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x30,0x10,0x06,
+ 0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x06,0x01,0x20,0x04,0x02,0x05,0x00,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,
+ 0x01,0x01,0x00,0x64,0x2D,0x1E,0xE4,0x1A,0x98,0xEF,0x62,0xF9,0xD8,0xEE,0xF8,0xCA,
+ 0x87,0xD7,0x71,0x55,0xDB,0x0D,0x9E,0x8F,0xDE,0x6E,0xBA,0x7D,0xBE,0xE7,0x2E,0xE3,
+ 0x48,0x09,0x09,0x11,0x54,0x3C,0x6F,0x79,0x61,0xF6,0x18,0xAB,0xE6,0xF4,0x87,0x59,
+ 0x20,0x97,0xC3,0xC2,0x47,0x25,0x03,0x47,0xA0,0xD6,0x95,0x08,0x67,0xA4,0x25,0xB1,
+ 0x94,0x0A,0x17,0x90,0xA7,0x64,0xD1,0xB6,0x35,0x59,0xF8,0x9D,0x0E,0x1E,0xF2,0x5D,
+ 0x2A,0x68,0x90,0x30,0xDF,0xC0,0xF6,0xBE,0x82,0x96,0x9C,0x26,0xAA,0x23,0xFB,0x05,
+ 0xC0,0xC2,0xE5,0xED,0x91,0xEF,0x44,0x93,0xC2,0x1D,0x53,0xE8,0x73,0xB7,0xBC,0xDB,
+ 0x3F,0x06,0x19,0xE5,0x40,0x2A,0xA2,0xE0,0x6F,0xA7,0xF7,0x08,0xB5,0xCB,0x90,0x19,
+ 0x4E,0x94,0xCF,0xD0,0x06,0x90,0xD7,0x60,0x2A,0x12,0x8A,0x54,0xE7,0x0B,0x67,0xEA,
+ 0x7B,0x02,0x42,0xAF,0xFE,0xA0,0x70,0x0D,0x7E,0xC6,0x28,0x96,0x41,0x55,0x34,0x83,
+ 0x5A,0x8C,0xBB,0x85,0x67,0xBC,0x0F,0x18,0x81,0x22,0xA4,0x66,0xCA,0x17,0x54,0xF3,
+ 0x2D,0xFE,0xBE,0xC7,0xAC,0x21,0x7A,0x6A,0x52,0x2E,0xAD,0x45,0x8B,0x39,0xF7,0x57,
+ 0x67,0x35,0x86,0xB8,0x3C,0x78,0x40,0xE0,0x28,0xD5,0xE9,0x80,0xA2,0xC2,0x07,0xFA,
+ 0xAC,0x63,0x1B,0xB6,0x8B,0x47,0xAB,0xC4,0xF1,0x29,0x75,0xE4,0x18,0xF6,0xBB,0x5E,
+ 0x37,0xD9,0x20,0xEA,0x1F,0xBD,0xA2,0xB6,0x1D,0x22,0x67,0x7C,0x13,0x6D,0xFD,0x91,
+ 0x01,0x34,0x43,0xB8,0xAA,0x8D,0xEA,0x1A,0xB0,0x31,0xCE,0xF1,0xCB,0x0B,0xC4,0x38,
+ 0xA4,0x85,0x74,
+};
+
+static void test_developer_id_date(void) {
+ SecCertificateRef old_devid = SecCertificateCreateWithBytes(NULL, _old_developer_cert, sizeof(_old_developer_cert));
+ SecCertificateRef new_devid = SecCertificateCreateWithBytes(NULL, _new_developer_cert, sizeof(_new_developer_cert));
+
+ CFErrorRef error = NULL;
+ CFAbsoluteTime time;
+ is(SecCertificateGetDeveloperIDDate(old_devid, &time, &error), false, "old Developer ID cert returned date");
+ is(CFErrorGetCode(error), errSecMissingRequiredExtension, "old Developer ID cert failed with wrong error code");
+ CFReleaseNull(error);
+
+ ok(SecCertificateGetDeveloperIDDate(new_devid, &time, &error), "new developer ID cert failed to copy date");
+ is(time, 573436800.0, "date in certificate wasn't 2019-03-05 00:00:00Z");
+
+ CFReleaseNull(old_devid);
+ CFReleaseNull(new_devid);
+}
+
int si_15_certificate(int argc, char *const *argv)
{
- plan_tests(45);
+ plan_tests(49);
tests();
test_common_name();
test_copy_email_addresses();
test_copy_extension_value();
+ test_developer_id_date();
return 0;
}
static void tests(void)
{
SecTrustRef trust;
- SecCertificateRef cert0, cert1, responderCert;
+ SecCertificateRef cert0, cert1;
isnt(cert0 = SecCertificateCreateWithBytes(NULL, _ocsp_c0, sizeof(_ocsp_c0)),
NULL, "create cert0");
isnt(cert1 = SecCertificateCreateWithBytes(NULL, _ocsp_c1, sizeof(_ocsp_c1)),
CFArrayAppendValue(certs, cert0);
CFArrayAppendValue(certs, cert1);
- SecPolicyRef sslPolicy = SecPolicyCreateSSL(true, CFSTR("www.paypal.com"));
+ SecPolicyRef sslPolicy = SecPolicyCreateSSL(true, CFSTR("www.apple.com"));
SecPolicyRef ocspPolicy = SecPolicyCreateRevocation(kSecRevocationOCSPMethod);
const void *v_policies[] = { sslPolicy, ocspPolicy };
CFArrayRef policies = CFArrayCreate(NULL, v_policies,
CFRelease(ocspPolicy);
ok_status(SecTrustCreateWithCertificates(certs, policies, &trust),
"create trust");
- /* April 9, 2018 at 1:53:20 PM PDT */
- CFDateRef date = CFDateCreate(NULL, 545000000.0);
+ /* August 14, 2018 at 9:26:40 PM PDT */
+ CFDateRef date = CFDateCreate(NULL, 556000000.0);
ok_status(SecTrustSetVerifyDate(trust, date), "set date");
- is(SecTrustGetVerifyTime(trust), 545000000.0, "get date");
+ is(SecTrustGetVerifyTime(trust), 556000000.0, "get date");
SecTrustResultType trustResult;
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
kSecTrustInfoExtendedValidationKey);
ok(ev, "extended validation succeeded");
- SecPolicyRef ocspSignerPolicy;
+ CFReleaseSafe(info);
+ CFReleaseSafe(trust);
+ CFReleaseSafe(policies);
+ CFReleaseSafe(certs);
+ CFReleaseSafe(cert0);
+ CFReleaseSafe(cert1);
+ CFReleaseSafe(date);
+}
+
+static void test_ocsp_responder_policy() {
+ SecCertificateRef leaf = NULL, subCA = NULL, responderCert = NULL;
+ CFMutableArrayRef certs = CFArrayCreateMutable(kCFAllocatorDefault, 0,
+ &kCFTypeArrayCallBacks);
+ SecTrustRef trust = NULL;
+ SecPolicyRef ocspSignerPolicy = NULL;
+ SecTrustResultType trustResult = kSecTrustResultInvalid;
+
+ /* August 14, 2018 at 9:26:40 PM PDT */
+ CFDateRef date = CFDateCreate(NULL, 556000000.0);
+
+ isnt(leaf = SecCertificateCreateWithBytes(NULL, valid_ist_certificate,
+ sizeof(valid_ist_certificate)), NULL, "create ist leaf");
+ isnt(subCA = SecCertificateCreateWithBytes(NULL, ist_intermediate_certificate,
+ sizeof(ist_intermediate_certificate)), NULL, "create ist subCA");
+ CFArrayAppendValue(certs, leaf);
+ CFArrayAppendValue(certs, subCA);
+
ok(ocspSignerPolicy = SecPolicyCreateOCSPSigner(),
- "create ocspSigner policy");
+ "create ocspSigner policy");
- CFReleaseNull(trust);
ok_status(SecTrustCreateWithCertificates(certs, ocspSignerPolicy, &trust),
- "create trust for c0 -> c1");
+ "create trust for c0 -> c1");
ok_status(SecTrustSetVerifyDate(trust, date), "set date");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultRecoverableTrustFailure,
- "trust is kSecTrustResultRecoverableTrustFailure");
+ "trust is kSecTrustResultRecoverableTrustFailure");
isnt(responderCert = SecCertificateCreateWithBytes(NULL, _responderCert,
- sizeof(_responderCert)), NULL, "create responderCert");
+ sizeof(_responderCert)), NULL, "create responderCert");
CFArraySetValueAtIndex(certs, 0, responderCert);
- CFReleaseNull(trust);
ok_status(SecTrustCreateWithCertificates(certs, ocspSignerPolicy, &trust),
- "create trust for ocspResponder -> c1");
- CFReleaseNull(date);
- date = CFDateCreate(NULL, 525000000.0); // August 21, 2017 at 2:20:00 AM PDT
+ "create trust for ocspResponder -> c1");
ok_status(SecTrustSetVerifyDate(trust, date), "set date");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultUnspecified,
- "trust is kSecTrustResultUnspecified");
+ "trust is kSecTrustResultUnspecified");
+ CFReleaseNull(leaf);
+ CFReleaseNull(subCA);
+ CFReleaseNull(responderCert);
+ CFReleaseNull(certs);
+ CFReleaseNull(trust);
CFReleaseSafe(ocspSignerPolicy);
- CFReleaseSafe(info);
- CFReleaseSafe(trust);
- CFReleaseSafe(policies);
- CFReleaseSafe(certs);
- CFReleaseSafe(cert0);
- CFReleaseSafe(cert1);
- CFReleaseSafe(responderCert);
- CFReleaseSafe(date);
+ CFReleaseNull(date);
}
static void test_revocation() {
unsigned host_cnt = 0;
- plan_tests(93);
+ plan_tests(95);
for (host_cnt = 0; host_cnt < sizeof(hosts)/sizeof(hosts[0]); host_cnt ++) {
if(!ping_host(hosts[host_cnt])) {
}
tests();
+ test_ocsp_responder_policy();
test_aia();
test_aia_https();
test_revocation();
#ifndef _SECURITY_SI_23_SECTRUST_OCSP_H_
#define _SECURITY_SI_23_SECTRUST_OCSP_H_
-/* subject:/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=3014267/C=US/postalCode=95131-2021/ST=California/L=San Jose/street=2211 N 1st St/O=PayPal, Inc./OU=CDN Support/CN=www.paypal.com */
-/* issuer :/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3 */
+/* subject:/businessCategory=Private Organization/jurisdictionCountryName=US/jurisdictionStateOrProvinceName=California/serialNumber=C0806592/C=US/ST=California/L=Cupertino/O=Apple Inc./OU=Internet Services for Akamai/CN=www.apple.com */
+/* issuer :/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA */
static const uint8_t _ocsp_c0[]={
- 0x30,0x82,0x07,0x64,0x30,0x82,0x06,0x4C,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x57,
- 0xCB,0x7E,0x15,0xE2,0xE3,0xE2,0x44,0xD8,0x2B,0x01,0x63,0x29,0x46,0xEB,0xF0,0x30,
- 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x77,
- 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1D,0x30,
- 0x1B,0x06,0x03,0x55,0x04,0x0A,0x13,0x14,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,
- 0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1F,0x30,0x1D,
- 0x06,0x03,0x55,0x04,0x0B,0x13,0x16,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,0x20,
- 0x54,0x72,0x75,0x73,0x74,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x28,0x30,
- 0x26,0x06,0x03,0x55,0x04,0x03,0x13,0x1F,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,
- 0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x45,0x56,0x20,0x53,0x53,0x4C,0x20,
- 0x43,0x41,0x20,0x2D,0x20,0x47,0x33,0x30,0x1E,0x17,0x0D,0x31,0x37,0x30,0x39,0x32,
- 0x32,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x39,0x31,0x30,0x33,0x30,
- 0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x82,0x01,0x09,0x31,0x13,0x30,0x11,0x06,
- 0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,0x13,0x02,0x55,0x53,
- 0x31,0x19,0x30,0x17,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,
- 0x02,0x0C,0x08,0x44,0x65,0x6C,0x61,0x77,0x61,0x72,0x65,0x31,0x1D,0x30,0x1B,0x06,
- 0x03,0x55,0x04,0x0F,0x13,0x14,0x50,0x72,0x69,0x76,0x61,0x74,0x65,0x20,0x4F,0x72,
- 0x67,0x61,0x6E,0x69,0x7A,0x61,0x74,0x69,0x6F,0x6E,0x31,0x10,0x30,0x0E,0x06,0x03,
- 0x55,0x04,0x05,0x13,0x07,0x33,0x30,0x31,0x34,0x32,0x36,0x37,0x31,0x0B,0x30,0x09,
+ 0x30,0x82,0x06,0xF0,0x30,0x82,0x05,0xD8,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x05,
+ 0x43,0xF9,0xBA,0x21,0xAD,0xC4,0x65,0x39,0x19,0x20,0x14,0xC9,0x77,0x24,0xD1,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x75,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30,
+ 0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,
+ 0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77,
+ 0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31,
+ 0x34,0x30,0x32,0x06,0x03,0x55,0x04,0x03,0x13,0x2B,0x44,0x69,0x67,0x69,0x43,0x65,
+ 0x72,0x74,0x20,0x53,0x48,0x41,0x32,0x20,0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64,
+ 0x20,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x72,0x76,
+ 0x65,0x72,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x38,0x30,0x35,0x30,0x39,0x30,
+ 0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x39,0x30,0x33,0x32,0x35,0x31,0x32,
+ 0x30,0x30,0x30,0x30,0x5A,0x30,0x81,0xEE,0x31,0x1D,0x30,0x1B,0x06,0x03,0x55,0x04,
+ 0x0F,0x0C,0x14,0x50,0x72,0x69,0x76,0x61,0x74,0x65,0x20,0x4F,0x72,0x67,0x61,0x6E,
+ 0x69,0x7A,0x61,0x74,0x69,0x6F,0x6E,0x31,0x13,0x30,0x11,0x06,0x0B,0x2B,0x06,0x01,
+ 0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,0x13,0x02,0x55,0x53,0x31,0x1B,0x30,0x19,
+ 0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,0x13,0x0A,0x43,
+ 0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,
+ 0x04,0x05,0x13,0x08,0x43,0x30,0x38,0x30,0x36,0x35,0x39,0x32,0x31,0x0B,0x30,0x09,
0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,
- 0x04,0x11,0x0C,0x0A,0x39,0x35,0x31,0x33,0x31,0x2D,0x32,0x30,0x32,0x31,0x31,0x13,
- 0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,
- 0x6E,0x69,0x61,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x07,0x0C,0x08,0x53,0x61,
- 0x6E,0x20,0x4A,0x6F,0x73,0x65,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x09,0x0C,
- 0x0D,0x32,0x32,0x31,0x31,0x20,0x4E,0x20,0x31,0x73,0x74,0x20,0x53,0x74,0x31,0x15,
- 0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0C,0x50,0x61,0x79,0x50,0x61,0x6C,0x2C,
- 0x20,0x49,0x6E,0x63,0x2E,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,
- 0x43,0x44,0x4E,0x20,0x53,0x75,0x70,0x70,0x6F,0x72,0x74,0x31,0x17,0x30,0x15,0x06,
- 0x03,0x55,0x04,0x03,0x0C,0x0E,0x77,0x77,0x77,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,
- 0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
- 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,
- 0x02,0x82,0x01,0x01,0x00,0xBF,0xF7,0x98,0x4B,0x4E,0xAA,0xF2,0x2F,0xC6,0x77,0xAB,
- 0x26,0x76,0x60,0x2E,0xAB,0x50,0xBD,0x47,0xFF,0x8B,0x7C,0xB7,0x4A,0x75,0x0D,0x81,
- 0xF7,0x46,0xE2,0x6B,0x03,0x9F,0xE4,0x07,0xFF,0xC0,0xAC,0xE5,0x15,0x7C,0x0B,0x81,
- 0xAA,0xD0,0x32,0x88,0xB0,0x58,0x4E,0xEB,0xC1,0x13,0xCC,0x27,0xDD,0x1A,0x27,0x40,
- 0xE8,0xF8,0x16,0x39,0x9A,0x4D,0x55,0xD5,0x0D,0x47,0x7C,0xD1,0x58,0xDB,0x41,0x8E,
- 0x41,0x0E,0x3E,0xF2,0x3B,0x05,0x78,0x5D,0x8B,0xBF,0x28,0x71,0x41,0x11,0xC9,0x14,
- 0xDB,0xE5,0xE2,0xAA,0x80,0x84,0xD0,0xE8,0xA7,0x2C,0xAA,0xC2,0x06,0xC8,0xDC,0xD3,
- 0x18,0x35,0x42,0xA0,0x47,0xD5,0xB5,0xBA,0x57,0x66,0xC3,0x01,0x1F,0xC1,0x3A,0x58,
- 0xE8,0x39,0x94,0xF5,0x5E,0x50,0x73,0x7E,0xB6,0x84,0x45,0x27,0xFC,0x52,0x4C,0xEF,
- 0x1E,0x32,0x30,0x13,0x0C,0xF5,0x93,0xE5,0xB9,0xA8,0xA0,0x1C,0x05,0xA9,0x69,0xB7,
- 0xA4,0x07,0x27,0xB9,0x6E,0x30,0x99,0x3A,0x6F,0x33,0xD7,0xFF,0x24,0xAE,0x02,0x12,
- 0x08,0xF8,0x55,0x3F,0x30,0xEC,0xA2,0x5F,0x93,0x34,0x8B,0xAB,0x05,0xE6,0x8D,0xD5,
- 0x93,0xBE,0x93,0x78,0x3E,0x97,0xA8,0x66,0xDC,0xA9,0x25,0x9B,0xF0,0x18,0x1A,0xFA,
- 0xAE,0x80,0x99,0xC6,0x0F,0xE2,0x67,0xAA,0x26,0xA8,0xED,0xE8,0xFF,0x45,0x8F,0x45,
- 0x0E,0xC8,0xC3,0x28,0x51,0x12,0xA6,0x17,0x1E,0x27,0xC8,0x61,0x71,0xC7,0x34,0x40,
- 0xD0,0xC9,0xBA,0x49,0x72,0x9B,0xBD,0x57,0xCD,0xEA,0xD5,0x86,0x63,0x51,0x1D,0x48,
- 0x14,0x70,0xBE,0xD4,0xD5,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,0x56,0x30,0x82,
- 0x03,0x52,0x30,0x7C,0x06,0x03,0x55,0x1D,0x11,0x04,0x75,0x30,0x73,0x82,0x12,0x68,
- 0x69,0x73,0x74,0x6F,0x72,0x79,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,
- 0x6D,0x82,0x0C,0x74,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,0x82,
- 0x0C,0x63,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x0D,0x63,
- 0x36,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x14,0x64,0x65,
- 0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,
- 0x6F,0x6D,0x82,0x0C,0x70,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,
- 0x82,0x0E,0x77,0x77,0x77,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,
- 0x30,0x09,0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,
- 0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,0x03,0x55,
- 0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,
- 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x6F,0x06,0x03,0x55,0x1D,
- 0x20,0x04,0x68,0x30,0x66,0x30,0x5B,0x06,0x0B,0x60,0x86,0x48,0x01,0x86,0xF8,0x45,
- 0x01,0x07,0x17,0x06,0x30,0x4C,0x30,0x23,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
- 0x02,0x01,0x16,0x17,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,
- 0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x25,0x06,0x08,0x2B,
- 0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x19,0x0C,0x17,0x68,0x74,0x74,0x70,0x73,
- 0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x72,
- 0x70,0x61,0x30,0x07,0x06,0x05,0x67,0x81,0x0C,0x01,0x01,0x30,0x1F,0x06,0x03,0x55,
- 0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x01,0x59,0xAB,0xE7,0xDD,0x3A,0x0B,0x59,
- 0xA6,0x64,0x63,0xD6,0xCF,0x20,0x07,0x57,0xD5,0x91,0xE7,0x6A,0x30,0x2B,0x06,0x03,
- 0x55,0x1D,0x1F,0x04,0x24,0x30,0x22,0x30,0x20,0xA0,0x1E,0xA0,0x1C,0x86,0x1A,0x68,
- 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x72,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,
- 0x6F,0x6D,0x2F,0x73,0x72,0x2E,0x63,0x72,0x6C,0x30,0x57,0x06,0x08,0x2B,0x06,0x01,
- 0x05,0x05,0x07,0x01,0x01,0x04,0x4B,0x30,0x49,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,
- 0x05,0x05,0x07,0x30,0x01,0x86,0x13,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x72,
- 0x2E,0x73,0x79,0x6D,0x63,0x64,0x2E,0x63,0x6F,0x6D,0x30,0x26,0x06,0x08,0x2B,0x06,
- 0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,
- 0x72,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x72,0x2E,0x63,
- 0x72,0x74,0x30,0x82,0x01,0x7E,0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,
- 0x04,0x02,0x04,0x82,0x01,0x6E,0x04,0x82,0x01,0x6A,0x01,0x68,0x00,0x75,0x00,0xDD,
- 0xEB,0x1D,0x2B,0x7A,0x0D,0x4F,0xA6,0x20,0x8B,0x81,0xAD,0x81,0x68,0x70,0x7E,0x2E,
- 0x8E,0x9D,0x01,0xD5,0x5C,0x88,0x8D,0x3D,0x11,0xC4,0xCD,0xB6,0xEC,0xBE,0xCC,0x00,
- 0x00,0x01,0x5E,0xAB,0x85,0x57,0xB1,0x00,0x00,0x04,0x03,0x00,0x46,0x30,0x44,0x02,
- 0x20,0x07,0xE3,0x40,0xE7,0x2A,0x3C,0x38,0xEC,0xF4,0xFB,0x7D,0xBC,0x99,0x23,0xBA,
- 0xD6,0x39,0x0D,0x7B,0x87,0x4C,0xF0,0x8B,0xAC,0x88,0x76,0x16,0x98,0xAD,0xED,0xAC,
- 0x34,0x02,0x20,0x5E,0xA4,0x5A,0xF6,0xBD,0xD0,0xF2,0x4D,0x77,0x31,0x31,0x65,0x94,
- 0xC1,0x2C,0x2D,0x16,0x2D,0x4C,0x8A,0xF3,0xAA,0x2C,0x63,0x3A,0x26,0x94,0x8F,0x5C,
- 0x04,0x32,0xB4,0x00,0x77,0x00,0xA4,0xB9,0x09,0x90,0xB4,0x18,0x58,0x14,0x87,0xBB,
- 0x13,0xA2,0xCC,0x67,0x70,0x0A,0x3C,0x35,0x98,0x04,0xF9,0x1B,0xDF,0xB8,0xE3,0x77,
- 0xCD,0x0E,0xC8,0x0D,0xDC,0x10,0x00,0x00,0x01,0x5E,0xAB,0x85,0x57,0xEC,0x00,0x00,
- 0x04,0x03,0x00,0x48,0x30,0x46,0x02,0x21,0x00,0xE4,0x54,0x30,0xB7,0x22,0x75,0x2E,
- 0x6B,0x3F,0xE9,0x65,0x5D,0x59,0x8B,0x0E,0x9F,0x44,0x9D,0x8C,0x05,0xB1,0xFB,0x11,
- 0xD7,0x59,0x98,0x3C,0x35,0xEA,0x52,0xEA,0x9E,0x02,0x21,0x00,0xBD,0x07,0x6C,0x78,
- 0x5B,0x81,0xFF,0x45,0x6E,0x8C,0x68,0x99,0x41,0x72,0xC1,0xE5,0x36,0x71,0x81,0x00,
- 0x85,0x1D,0x2A,0xC4,0xFD,0x9E,0x7D,0x85,0xC0,0xD5,0x8F,0x6A,0x00,0x76,0x00,0xEE,
- 0x4B,0xBD,0xB7,0x75,0xCE,0x60,0xBA,0xE1,0x42,0x69,0x1F,0xAB,0xE1,0x9E,0x66,0xA3,
- 0x0F,0x7E,0x5F,0xB0,0x72,0xD8,0x83,0x00,0xC4,0x7B,0x89,0x7A,0xA8,0xFD,0xCB,0x00,
- 0x00,0x01,0x5E,0xAB,0x85,0x59,0xB0,0x00,0x00,0x04,0x03,0x00,0x47,0x30,0x45,0x02,
- 0x21,0x00,0xD5,0x8C,0xD3,0x11,0xE6,0x08,0xAA,0xCC,0x98,0x35,0xFC,0xED,0x49,0xF0,
- 0x34,0x8B,0xE2,0x68,0x0D,0x66,0x65,0x8F,0x1D,0x56,0x7A,0x7E,0xC7,0x35,0x19,0xD1,
- 0xB7,0x0A,0x02,0x20,0x6A,0x96,0x22,0xEC,0x63,0x63,0x79,0xE5,0x5E,0x27,0x98,0x19,
- 0xDE,0x4F,0xFC,0x69,0x0A,0x22,0x64,0x97,0x70,0x92,0x67,0x9C,0x7C,0xF4,0x00,0xD1,
- 0xDF,0xC2,0x61,0xE6,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,
- 0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x88,0x75,0x7C,0xEE,0x8C,0x6F,0x9E,0xE3,
- 0xDA,0xB9,0x40,0x53,0x78,0xED,0x57,0x11,0x4C,0xE4,0x3F,0x11,0x4A,0xC3,0xDA,0x80,
- 0x97,0xF4,0xF8,0x8E,0x0F,0x8E,0xB1,0x73,0x67,0x83,0xDE,0x3E,0x9E,0x2C,0x85,0x6B,
- 0x02,0xB5,0x73,0x48,0x26,0x4D,0x43,0xD7,0x04,0xBD,0xC7,0x7D,0xC4,0xDC,0x03,0xB8,
- 0x0B,0x35,0x7C,0x39,0x2C,0x42,0x24,0xB3,0xDC,0x15,0x78,0xF6,0x54,0x70,0xFC,0xE0,
- 0x9B,0xF5,0x9F,0x30,0x08,0xB0,0x2F,0x4B,0xF1,0xA1,0x49,0x96,0x08,0x76,0x5C,0xAE,
- 0xDC,0x3E,0x95,0x0D,0x1A,0x89,0x0C,0xDA,0x32,0xAD,0x2A,0x4B,0xD7,0x63,0x50,0x8C,
- 0x0C,0xE3,0x08,0xEC,0x6F,0x78,0x55,0x67,0x05,0x68,0x65,0x22,0x39,0xE3,0x7E,0x36,
- 0xD9,0x90,0xD2,0x3D,0x06,0x36,0xC7,0xDE,0xEE,0xF4,0xD6,0xDD,0xDA,0xC3,0xFB,0xAC,
- 0x43,0xFE,0x2F,0x1C,0x64,0x9B,0xE2,0xDD,0xC0,0x89,0x8B,0x52,0x98,0x8D,0x0E,0xF6,
- 0x09,0x2D,0xE4,0x4D,0x62,0x9C,0x16,0x22,0x96,0xFB,0x68,0x5B,0x94,0x87,0x87,0xCE,
- 0x18,0x7E,0x41,0x60,0x79,0xA4,0x17,0x3E,0x71,0xF2,0xB1,0xA2,0x06,0xD8,0x71,0xD8,
- 0x33,0x0B,0x6A,0xD4,0x67,0x68,0x24,0x3E,0xBA,0xC6,0x21,0x94,0x5D,0x6A,0xF6,0x21,
- 0x84,0x5F,0xD0,0xFF,0xAC,0xE4,0x3D,0xAA,0xAD,0x95,0x85,0xFC,0x4B,0x69,0x30,0x72,
- 0xB7,0xBA,0x4D,0xDA,0x3A,0xED,0xD9,0x7D,0x40,0x1D,0x02,0x29,0xB8,0xD5,0x0C,0x09,
- 0x9E,0x0D,0x74,0x8B,0xFA,0x62,0x02,0x4A,0x88,0x6E,0x7C,0x13,0x56,0xBA,0x99,0x3F,
- 0x13,0x78,0x48,0x82,0xAC,0x43,0x8E,0x61,
+ 0x04,0x08,0x13,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x12,
+ 0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,
+ 0x6E,0x6F,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,
+ 0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,
+ 0x13,0x1C,0x49,0x6E,0x74,0x65,0x72,0x6E,0x65,0x74,0x20,0x53,0x65,0x72,0x76,0x69,
+ 0x63,0x65,0x73,0x20,0x66,0x6F,0x72,0x20,0x41,0x6B,0x61,0x6D,0x61,0x69,0x31,0x16,
+ 0x30,0x14,0x06,0x03,0x55,0x04,0x03,0x13,0x0D,0x77,0x77,0x77,0x2E,0x61,0x70,0x70,
+ 0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,
+ 0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,
+ 0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xC0,0x14,0x0E,0x40,0xB0,0xFB,0x3A,0xB4,0x6D,
+ 0x4A,0xA6,0x24,0xCC,0x18,0x79,0x74,0x11,0x88,0x85,0x12,0x79,0xFF,0xA2,0x15,0xA1,
+ 0x05,0x43,0xF0,0xC2,0x1E,0xAC,0x3C,0xE2,0x26,0x3A,0x05,0x40,0x96,0xAD,0x48,0x59,
+ 0x04,0x06,0x0C,0x76,0x84,0x50,0xF7,0x94,0x5C,0xF0,0xD8,0xAE,0xEA,0xFE,0x0B,0xE0,
+ 0x4A,0xBB,0x58,0x08,0x12,0x99,0x9F,0xB7,0x31,0xB2,0xFC,0xF7,0x2C,0x63,0x3E,0x92,
+ 0xF0,0x10,0xF5,0x88,0x3C,0x65,0x27,0x42,0x0E,0x5F,0xBB,0x7E,0x5F,0xC5,0x94,0x1C,
+ 0x7D,0x56,0xA3,0xB4,0x50,0x2F,0x45,0x45,0x40,0xA1,0xAF,0x11,0x47,0x63,0x64,0x8C,
+ 0xFC,0xAB,0xE7,0x13,0x39,0xAD,0xDD,0x1B,0x3C,0x50,0x11,0x56,0x0F,0x26,0x33,0x94,
+ 0x9F,0xF4,0x97,0x25,0xCE,0xBA,0x42,0x16,0xC2,0xB2,0x10,0xC3,0x14,0xD1,0x14,0x15,
+ 0x1F,0x32,0x17,0x00,0x6C,0x24,0x65,0x26,0x36,0xA7,0xEE,0xC2,0x52,0xD3,0xD2,0xB0,
+ 0xA6,0xCD,0x56,0x47,0x71,0xF5,0xEC,0xE3,0xCE,0xA2,0x0A,0xC5,0xAF,0xD6,0x5B,0x15,
+ 0xD9,0x52,0xE3,0x17,0x85,0x98,0x7D,0xEF,0x52,0xC2,0x09,0x82,0x75,0x36,0xAE,0x2C,
+ 0x6D,0xD4,0xC3,0x8A,0x85,0x12,0x1F,0x79,0x1E,0xAB,0x1E,0xCC,0xBA,0x3D,0x6E,0x99,
+ 0x41,0x95,0x20,0x8F,0xF2,0x56,0xF8,0x7A,0x53,0x07,0xC9,0x02,0x97,0x77,0x5E,0x62,
+ 0x19,0xB4,0xAA,0xF6,0xEB,0x68,0xB1,0x20,0x4F,0x55,0x1F,0x46,0x67,0xF0,0xCF,0xEF,
+ 0xAD,0xE9,0x6E,0x4A,0x57,0xB1,0x23,0xF2,0xB7,0xB6,0xEB,0xD4,0xCC,0x9C,0x82,0xE7,
+ 0xAB,0xC6,0x25,0xA4,0x7B,0x48,0x8D,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,0x00,
+ 0x30,0x82,0x02,0xFC,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,
+ 0x14,0x3D,0xD3,0x50,0xA5,0xD6,0xA0,0xAD,0xEE,0xF3,0x4A,0x60,0x0A,0x65,0xD3,0x21,
+ 0xD4,0xF8,0xF8,0xD6,0x0F,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,
+ 0xC9,0xBC,0xFC,0x9B,0x14,0x87,0xFE,0xE9,0xC1,0x53,0x82,0xA7,0xE4,0x4F,0xD1,0x74,
+ 0xC2,0xA5,0x79,0x13,0x30,0x2A,0x06,0x03,0x55,0x1D,0x11,0x04,0x23,0x30,0x21,0x82,
+ 0x0D,0x77,0x77,0x77,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x10,
+ 0x69,0x6D,0x61,0x67,0x65,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,
+ 0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,
+ 0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,
+ 0x75,0x06,0x03,0x55,0x1D,0x1F,0x04,0x6E,0x30,0x6C,0x30,0x34,0xA0,0x32,0xA0,0x30,
+ 0x86,0x2E,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x33,0x2E,0x64,0x69,
+ 0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x68,0x61,0x32,0x2D,
+ 0x65,0x76,0x2D,0x73,0x65,0x72,0x76,0x65,0x72,0x2D,0x67,0x32,0x2E,0x63,0x72,0x6C,
+ 0x30,0x34,0xA0,0x32,0xA0,0x30,0x86,0x2E,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,
+ 0x72,0x6C,0x34,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,
+ 0x2F,0x73,0x68,0x61,0x32,0x2D,0x65,0x76,0x2D,0x73,0x65,0x72,0x76,0x65,0x72,0x2D,
+ 0x67,0x32,0x2E,0x63,0x72,0x6C,0x30,0x4B,0x06,0x03,0x55,0x1D,0x20,0x04,0x44,0x30,
+ 0x42,0x30,0x37,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xFD,0x6C,0x02,0x01,0x30,0x2A,
+ 0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C,0x68,0x74,
+ 0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,
+ 0x72,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x50,0x53,0x30,0x07,0x06,0x05,0x67,0x81,
+ 0x0C,0x01,0x01,0x30,0x81,0x88,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,
+ 0x04,0x7C,0x30,0x7A,0x30,0x24,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,
+ 0x86,0x18,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x64,0x69,
+ 0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x30,0x52,0x06,0x08,0x2B,0x06,
+ 0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x46,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,
+ 0x61,0x63,0x65,0x72,0x74,0x73,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,
+ 0x63,0x6F,0x6D,0x2F,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x53,0x48,0x41,0x32,
+ 0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69,
+ 0x6F,0x6E,0x53,0x65,0x72,0x76,0x65,0x72,0x43,0x41,0x2E,0x63,0x72,0x74,0x30,0x09,
+ 0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x82,0x01,0x03,0x06,0x0A,0x2B,
+ 0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,0x04,0x81,0xF4,0x04,0x81,0xF1,0x00,
+ 0xEF,0x00,0x76,0x00,0xBB,0xD9,0xDF,0xBC,0x1F,0x8A,0x71,0xB5,0x93,0x94,0x23,0x97,
+ 0xAA,0x92,0x7B,0x47,0x38,0x57,0x95,0x0A,0xAB,0x52,0xE8,0x1A,0x90,0x96,0x64,0x36,
+ 0x8E,0x1E,0xD1,0x85,0x00,0x00,0x01,0x63,0x46,0x25,0xD6,0x3A,0x00,0x00,0x04,0x03,
+ 0x00,0x47,0x30,0x45,0x02,0x21,0x00,0xCD,0x06,0x70,0xA1,0x82,0x9D,0x94,0x7C,0xFD,
+ 0xBA,0x24,0xF6,0xD1,0x32,0x3C,0x0E,0x6B,0x08,0x27,0xD7,0x40,0xF1,0x3D,0x69,0x0D,
+ 0x97,0x67,0x94,0xFC,0xC8,0x04,0x9A,0x02,0x20,0x29,0xEB,0x04,0x1E,0xEB,0xB0,0x8A,
+ 0x4B,0xE0,0xA6,0xCF,0x95,0xCD,0x05,0x74,0x7F,0x18,0xD8,0x6B,0x76,0xE2,0xC2,0x45,
+ 0x45,0x66,0x1E,0x40,0xEF,0xFB,0xEF,0x89,0x1F,0x00,0x75,0x00,0x56,0x14,0x06,0x9A,
+ 0x2F,0xD7,0xC2,0xEC,0xD3,0xF5,0xE1,0xBD,0x44,0xB2,0x3E,0xC7,0x46,0x76,0xB9,0xBC,
+ 0x99,0x11,0x5C,0xC0,0xEF,0x94,0x98,0x55,0xD6,0x89,0xD0,0xDD,0x00,0x00,0x01,0x63,
+ 0x46,0x25,0xD5,0xC3,0x00,0x00,0x04,0x03,0x00,0x46,0x30,0x44,0x02,0x20,0x0B,0x27,
+ 0x52,0x85,0x46,0x02,0x37,0x41,0x10,0x05,0x4E,0x0E,0xD4,0x99,0x0A,0x38,0x93,0xFD,
+ 0xFE,0xCB,0x93,0xD2,0x73,0x6D,0x19,0x45,0x4D,0x91,0x1C,0xDA,0xFB,0x59,0x02,0x20,
+ 0x64,0xCD,0x18,0x8D,0xA4,0x20,0xEE,0x9A,0x61,0xE0,0x5E,0x42,0x3E,0x0F,0xA9,0x22,
+ 0x16,0x24,0xE4,0xD8,0xB0,0x6F,0x5F,0xFC,0xA3,0x0F,0xA7,0x45,0xFA,0xC1,0xB8,0x3F,
+ 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,
+ 0x82,0x01,0x01,0x00,0x04,0x71,0x4E,0x20,0xBF,0xD1,0x77,0x37,0x21,0x1E,0x02,0x82,
+ 0x70,0x87,0xA1,0x94,0xA0,0xF9,0x65,0xCE,0xE6,0x2A,0xC5,0x07,0xDF,0x1F,0xE4,0x0E,
+ 0x8B,0xB2,0x0A,0xD4,0xB9,0x3C,0x12,0x70,0x35,0xA2,0xF9,0xF9,0x0B,0x12,0x7E,0x4E,
+ 0xEE,0x18,0x2E,0x36,0xF2,0x3E,0x46,0x09,0xC5,0x4A,0x8C,0xBA,0xCA,0x5D,0xD7,0x72,
+ 0x06,0x6C,0x39,0xF8,0x6B,0x62,0x76,0x1A,0xC1,0xB3,0xA3,0x07,0xB2,0x5C,0x88,0xA1,
+ 0xA9,0x7D,0x77,0x11,0x9D,0x69,0x4D,0xBC,0x81,0xB6,0xA2,0x18,0x53,0x67,0xBA,0x7D,
+ 0xD0,0xFC,0xD1,0xBB,0x28,0x7B,0xBC,0x83,0x17,0x96,0x8B,0x1E,0xFF,0x17,0x36,0x72,
+ 0xC9,0x60,0xB7,0x19,0xE7,0xDC,0xF5,0x25,0x48,0x33,0x60,0xB1,0xFE,0x1A,0x92,0x8B,
+ 0xF5,0x84,0xE0,0xD8,0xDC,0x33,0x7F,0xD7,0x8F,0x56,0xDB,0x11,0x31,0xA5,0xAD,0x38,
+ 0xA0,0x8B,0x40,0x21,0xFA,0x64,0x7A,0xCA,0x44,0xF0,0xD8,0x39,0x38,0x10,0xDC,0x3D,
+ 0x35,0x0E,0x1E,0x01,0x49,0xDC,0xE9,0xA2,0x3C,0xD0,0x0D,0xFD,0x69,0x93,0x83,0x9E,
+ 0x80,0xCD,0xEE,0x0C,0x6B,0x2E,0xF1,0x27,0xFD,0x09,0xC0,0x44,0x0B,0xA9,0x7D,0xE6,
+ 0x24,0xA1,0x32,0xC4,0xAD,0xB9,0x25,0xC5,0x00,0xB8,0x1E,0x8A,0xFA,0x03,0x58,0xEA,
+ 0x02,0xE6,0x03,0x17,0xFA,0x4B,0xBE,0x74,0x1A,0x8E,0xBF,0xC5,0xC3,0xBD,0x89,0x5E,
+ 0x76,0xE3,0x7E,0x6B,0x2B,0x06,0x7E,0xA3,0xEC,0x12,0x39,0x90,0x7E,0xC1,0x00,0x51,
+ 0xA8,0x64,0x00,0x57,0x9B,0x27,0xD9,0x91,0x5F,0x75,0x53,0xDC,0x24,0x0C,0xD3,0x55,
+ 0x62,0x3A,0x5F,0xD1,
};
-
-/* subject:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3 */
-/* issuer :/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 */
+/* subject:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA */
+/* issuer :/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA */
static const uint8_t _ocsp_c1[]= {
- 0x30,0x82,0x05,0x2B,0x30,0x82,0x04,0x13,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x7E,
- 0xE1,0x4A,0x6F,0x6F,0xEF,0xF2,0xD3,0x7F,0x3F,0xAD,0x65,0x4D,0x3A,0xDA,0xB4,0x30,
- 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x81,
- 0xCA,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
- 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
- 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,
- 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,
- 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,
- 0x0B,0x13,0x31,0x28,0x63,0x29,0x20,0x32,0x30,0x30,0x36,0x20,0x56,0x65,0x72,0x69,
- 0x53,0x69,0x67,0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x20,0x2D,0x20,0x46,0x6F,0x72,
- 0x20,0x61,0x75,0x74,0x68,0x6F,0x72,0x69,0x7A,0x65,0x64,0x20,0x75,0x73,0x65,0x20,
- 0x6F,0x6E,0x6C,0x79,0x31,0x45,0x30,0x43,0x06,0x03,0x55,0x04,0x03,0x13,0x3C,0x56,
- 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,
- 0x50,0x75,0x62,0x6C,0x69,0x63,0x20,0x50,0x72,0x69,0x6D,0x61,0x72,0x79,0x20,0x43,
- 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,
- 0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x2D,0x20,0x47,0x35,0x30,0x1E,0x17,0x0D,0x31,
- 0x33,0x31,0x30,0x33,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x32,0x33,
- 0x31,0x30,0x33,0x30,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x77,0x31,0x0B,0x30,
- 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1D,0x30,0x1B,0x06,0x03,
- 0x55,0x04,0x0A,0x13,0x14,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,0x20,0x43,0x6F,
- 0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,
- 0x04,0x0B,0x13,0x16,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,0x20,0x54,0x72,0x75,
- 0x73,0x74,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x28,0x30,0x26,0x06,0x03,
- 0x55,0x04,0x03,0x13,0x1F,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,0x20,0x43,0x6C,
- 0x61,0x73,0x73,0x20,0x33,0x20,0x45,0x56,0x20,0x53,0x53,0x4C,0x20,0x43,0x41,0x20,
- 0x2D,0x20,0x47,0x33,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
- 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,
- 0x02,0x82,0x01,0x01,0x00,0xD8,0xA1,0x65,0x74,0x23,0xE8,0x2B,0x64,0xE2,0x32,0xD7,
- 0x33,0x37,0x3D,0x8E,0xF5,0x34,0x16,0x48,0xDD,0x4F,0x7F,0x87,0x1C,0xF8,0x44,0x23,
- 0x13,0x8E,0xFB,0x11,0xD8,0x44,0x5A,0x18,0x71,0x8E,0x60,0x16,0x26,0x92,0x9B,0xFD,
- 0x17,0x0B,0xE1,0x71,0x70,0x42,0xFE,0xBF,0xFA,0x1C,0xC0,0xAA,0xA3,0xA7,0xB5,0x71,
- 0xE8,0xFF,0x18,0x83,0xF6,0xDF,0x10,0x0A,0x13,0x62,0xC8,0x3D,0x9C,0xA7,0xDE,0x2E,
- 0x3F,0x0C,0xD9,0x1D,0xE7,0x2E,0xFB,0x2A,0xCE,0xC8,0x9A,0x7F,0x87,0xBF,0xD8,0x4C,
- 0x04,0x15,0x32,0xC9,0xD1,0xCC,0x95,0x71,0xA0,0x4E,0x28,0x4F,0x84,0xD9,0x35,0xFB,
- 0xE3,0x86,0x6F,0x94,0x53,0xE6,0x72,0x8A,0x63,0x67,0x2E,0xBE,0x69,0xF6,0xF7,0x6E,
- 0x8E,0x9C,0x60,0x04,0xEB,0x29,0xFA,0xC4,0x47,0x42,0xD2,0x78,0x98,0xE3,0xEC,0x0B,
- 0xA5,0x92,0xDC,0xB7,0x9A,0xBD,0x80,0x64,0x2B,0x38,0x7C,0x38,0x09,0x5B,0x66,0xF6,
- 0x2D,0x95,0x7A,0x86,0xB2,0x34,0x2E,0x85,0x9E,0x90,0x0E,0x5F,0xB7,0x5D,0xA4,0x51,
- 0x72,0x46,0x70,0x13,0xBF,0x67,0xF2,0xB6,0xA7,0x4D,0x14,0x1E,0x6C,0xB9,0x53,0xEE,
- 0x23,0x1A,0x4E,0x8D,0x48,0x55,0x43,0x41,0xB1,0x89,0x75,0x6A,0x40,0x28,0xC5,0x7D,
- 0xDD,0xD2,0x6E,0xD2,0x02,0x19,0x2F,0x7B,0x24,0x94,0x4B,0xEB,0xF1,0x1A,0xA9,0x9B,
- 0xE3,0x23,0x9A,0xEA,0xFA,0x33,0xAB,0x0A,0x2C,0xB7,0xF4,0x60,0x08,0xDD,0x9F,0x1C,
- 0xCD,0xDD,0x2D,0x01,0x66,0x80,0xAF,0xB3,0x2F,0x29,0x1D,0x23,0xB8,0x8A,0xE1,0xA1,
- 0x70,0x07,0x0C,0x34,0x0F,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x5D,0x30,0x82,
- 0x01,0x59,0x30,0x2F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x23,
- 0x30,0x21,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x13,
- 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x32,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,
- 0x63,0x6F,0x6D,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,
- 0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x65,0x06,0x03,0x55,0x1D,0x20,0x04,0x5E,
- 0x30,0x5C,0x30,0x5A,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x52,0x30,0x26,0x06,0x08,
- 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,
- 0x2F,0x77,0x77,0x77,0x2E,0x73,0x79,0x6D,0x61,0x75,0x74,0x68,0x2E,0x63,0x6F,0x6D,
- 0x2F,0x63,0x70,0x73,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,
- 0x30,0x1C,0x1A,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x73,
- 0x79,0x6D,0x61,0x75,0x74,0x68,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x30,0x30,
- 0x06,0x03,0x55,0x1D,0x1F,0x04,0x29,0x30,0x27,0x30,0x25,0xA0,0x23,0xA0,0x21,0x86,
- 0x1F,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x31,0x2E,0x73,0x79,0x6D,0x63,0x62,
- 0x2E,0x63,0x6F,0x6D,0x2F,0x70,0x63,0x61,0x33,0x2D,0x67,0x35,0x2E,0x63,0x72,0x6C,
- 0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,
- 0x30,0x29,0x06,0x03,0x55,0x1D,0x11,0x04,0x22,0x30,0x20,0xA4,0x1E,0x30,0x1C,0x31,
- 0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x53,0x79,0x6D,0x61,0x6E,0x74,
- 0x65,0x63,0x50,0x4B,0x49,0x2D,0x31,0x2D,0x35,0x33,0x33,0x30,0x1D,0x06,0x03,0x55,
- 0x1D,0x0E,0x04,0x16,0x04,0x14,0x01,0x59,0xAB,0xE7,0xDD,0x3A,0x0B,0x59,0xA6,0x64,
- 0x63,0xD6,0xCF,0x20,0x07,0x57,0xD5,0x91,0xE7,0x6A,0x30,0x1F,0x06,0x03,0x55,0x1D,
- 0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x7F,0xD3,0x65,0xA7,0xC2,0xDD,0xEC,0xBB,0xF0,
- 0x30,0x09,0xF3,0x43,0x39,0xFA,0x02,0xAF,0x33,0x31,0x33,0x30,0x0D,0x06,0x09,0x2A,
- 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x42,
- 0x01,0x55,0x7B,0xD0,0x16,0x1A,0x5D,0x58,0xE8,0xBB,0x9B,0xA8,0x4D,0xD7,0xF3,0xD7,
- 0xEB,0x13,0x94,0x86,0xD6,0x7F,0x21,0x0B,0x47,0xBC,0x57,0x9B,0x92,0x5D,0x4F,0x05,
- 0x9F,0x38,0xA4,0x10,0x7C,0xCF,0x83,0xBE,0x06,0x43,0x46,0x8D,0x08,0xBC,0x6A,0xD7,
- 0x10,0xA6,0xFA,0xAB,0xAF,0x2F,0x61,0xA8,0x63,0xF2,0x65,0xDF,0x7F,0x4C,0x88,0x12,
- 0x88,0x4F,0xB3,0x69,0xD9,0xFF,0x27,0xC0,0x0A,0x97,0x91,0x8F,0x56,0xFB,0x89,0xC4,
- 0xA8,0xBB,0x92,0x2D,0x1B,0x73,0xB0,0xC6,0xAB,0x36,0xF4,0x96,0x6C,0x20,0x08,0xEF,
- 0x0A,0x1E,0x66,0x24,0x45,0x4F,0x67,0x00,0x40,0xC8,0x07,0x54,0x74,0x33,0x3B,0xA6,
- 0xAD,0xBB,0x23,0x9F,0x66,0xED,0xA2,0x44,0x70,0x34,0xFB,0x0E,0xEA,0x01,0xFD,0xCF,
- 0x78,0x74,0xDF,0xA7,0xAD,0x55,0xB7,0x5F,0x4D,0xF6,0xD6,0x3F,0xE0,0x86,0xCE,0x24,
- 0xC7,0x42,0xA9,0x13,0x14,0x44,0x35,0x4B,0xB6,0xDF,0xC9,0x60,0xAC,0x0C,0x7F,0xD9,
- 0x93,0x21,0x4B,0xEE,0x9C,0xE4,0x49,0x02,0x98,0xD3,0x60,0x7B,0x5C,0xBC,0xD5,0x30,
- 0x2F,0x07,0xCE,0x44,0x42,0xC4,0x0B,0x99,0xFE,0xE6,0x9F,0xFC,0xB0,0x78,0x86,0x51,
- 0x6D,0xD1,0x2C,0x9D,0xC6,0x96,0xFB,0x85,0x82,0xBB,0x04,0x2F,0xF7,0x62,0x80,0xEF,
- 0x62,0xDA,0x7F,0xF6,0x0E,0xAC,0x90,0xB8,0x56,0xBD,0x79,0x3F,0xF2,0x80,0x6E,0xA3,
- 0xD9,0xB9,0x0F,0x5D,0x3A,0x07,0x1D,0x91,0x93,0x86,0x4B,0x29,0x4C,0xE1,0xDC,0xB5,
- 0xE1,0xE0,0x33,0x9D,0xB3,0xCB,0x36,0x91,0x4B,0xFE,0xA1,0xB4,0xEE,0xF0,0xF9,
+ 0x30,0x82,0x04,0xB6,0x30,0x82,0x03,0x9E,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x0C,
+ 0x79,0xA9,0x44,0xB0,0x8C,0x11,0x95,0x20,0x92,0x61,0x5F,0xE2,0x6B,0x1D,0x83,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x6C,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30,
+ 0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,
+ 0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77,
+ 0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31,
+ 0x2B,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x44,0x69,0x67,0x69,0x43,0x65,
+ 0x72,0x74,0x20,0x48,0x69,0x67,0x68,0x20,0x41,0x73,0x73,0x75,0x72,0x61,0x6E,0x63,
+ 0x65,0x20,0x45,0x56,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,
+ 0x31,0x33,0x31,0x30,0x32,0x32,0x31,0x32,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x32,
+ 0x38,0x31,0x30,0x32,0x32,0x31,0x32,0x30,0x30,0x30,0x30,0x5A,0x30,0x75,0x31,0x0B,
+ 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30,0x13,0x06,
+ 0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x20,0x49,
+ 0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77,0x77,0x77,
+ 0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31,0x34,0x30,
+ 0x32,0x06,0x03,0x55,0x04,0x03,0x13,0x2B,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,
+ 0x20,0x53,0x48,0x41,0x32,0x20,0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,
+ 0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x72,0x76,0x65,0x72,
+ 0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,
+ 0x82,0x01,0x01,0x00,0xD7,0x53,0xA4,0x04,0x51,0xF8,0x99,0xA6,0x16,0x48,0x4B,0x67,
+ 0x27,0xAA,0x93,0x49,0xD0,0x39,0xED,0x0C,0xB0,0xB0,0x00,0x87,0xF1,0x67,0x28,0x86,
+ 0x85,0x8C,0x8E,0x63,0xDA,0xBC,0xB1,0x40,0x38,0xE2,0xD3,0xF5,0xEC,0xA5,0x05,0x18,
+ 0xB8,0x3D,0x3E,0xC5,0x99,0x17,0x32,0xEC,0x18,0x8C,0xFA,0xF1,0x0C,0xA6,0x64,0x21,
+ 0x85,0xCB,0x07,0x10,0x34,0xB0,0x52,0x88,0x2B,0x1F,0x68,0x9B,0xD2,0xB1,0x8F,0x12,
+ 0xB0,0xB3,0xD2,0xE7,0x88,0x1F,0x1F,0xEF,0x38,0x77,0x54,0x53,0x5F,0x80,0x79,0x3F,
+ 0x2E,0x1A,0xAA,0xA8,0x1E,0x4B,0x2B,0x0D,0xAB,0xB7,0x63,0xB9,0x35,0xB7,0x7D,0x14,
+ 0xBC,0x59,0x4B,0xDF,0x51,0x4A,0xD2,0xA1,0xE2,0x0C,0xE2,0x90,0x82,0x87,0x6A,0xAE,
+ 0xEA,0xD7,0x64,0xD6,0x98,0x55,0xE8,0xFD,0xAF,0x1A,0x50,0x6C,0x54,0xBC,0x11,0xF2,
+ 0xFD,0x4A,0xF2,0x9D,0xBB,0x7F,0x0E,0xF4,0xD5,0xBE,0x8E,0x16,0x89,0x12,0x55,0xD8,
+ 0xC0,0x71,0x34,0xEE,0xF6,0xDC,0x2D,0xEC,0xC4,0x87,0x25,0x86,0x8D,0xD8,0x21,0xE4,
+ 0xB0,0x4D,0x0C,0x89,0xDC,0x39,0x26,0x17,0xDD,0xF6,0xD7,0x94,0x85,0xD8,0x04,0x21,
+ 0x70,0x9D,0x6F,0x6F,0xFF,0x5C,0xBA,0x19,0xE1,0x45,0xCB,0x56,0x57,0x28,0x7E,0x1C,
+ 0x0D,0x41,0x57,0xAA,0xB7,0xB8,0x27,0xBB,0xB1,0xE4,0xFA,0x2A,0xEF,0x21,0x23,0x75,
+ 0x1A,0xAD,0x2D,0x9B,0x86,0x35,0x8C,0x9C,0x77,0xB5,0x73,0xAD,0xD8,0x94,0x2D,0xE4,
+ 0xF3,0x0C,0x9D,0xEE,0xC1,0x4E,0x62,0x7E,0x17,0xC0,0x71,0x9E,0x2C,0xDE,0xF1,0xF9,
+ 0x10,0x28,0x19,0x33,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x49,0x30,0x82,0x01,
+ 0x45,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,
+ 0x01,0xFF,0x02,0x01,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,
+ 0x04,0x03,0x02,0x01,0x86,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x03,0x02,0x30,0x34,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,
+ 0x04,0x28,0x30,0x26,0x30,0x24,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,
+ 0x86,0x18,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x64,0x69,
+ 0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x30,0x4B,0x06,0x03,0x55,0x1D,
+ 0x1F,0x04,0x44,0x30,0x42,0x30,0x40,0xA0,0x3E,0xA0,0x3C,0x86,0x3A,0x68,0x74,0x74,
+ 0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x34,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,
+ 0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x48,0x69,
+ 0x67,0x68,0x41,0x73,0x73,0x75,0x72,0x61,0x6E,0x63,0x65,0x45,0x56,0x52,0x6F,0x6F,
+ 0x74,0x43,0x41,0x2E,0x63,0x72,0x6C,0x30,0x3D,0x06,0x03,0x55,0x1D,0x20,0x04,0x36,
+ 0x30,0x34,0x30,0x32,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x2A,0x30,0x28,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C,0x68,0x74,0x74,0x70,0x73,0x3A,
+ 0x2F,0x2F,0x77,0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,
+ 0x6F,0x6D,0x2F,0x43,0x50,0x53,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,
+ 0x14,0x3D,0xD3,0x50,0xA5,0xD6,0xA0,0xAD,0xEE,0xF3,0x4A,0x60,0x0A,0x65,0xD3,0x21,
+ 0xD4,0xF8,0xF8,0xD6,0x0F,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,
+ 0x80,0x14,0xB1,0x3E,0xC3,0x69,0x03,0xF8,0xBF,0x47,0x01,0xD4,0x98,0x26,0x1A,0x08,
+ 0x02,0xEF,0x63,0x64,0x2B,0xC3,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
+ 0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x9D,0xB6,0xD0,0x90,0x86,0xE1,
+ 0x86,0x02,0xED,0xC5,0xA0,0xF0,0x34,0x1C,0x74,0xC1,0x8D,0x76,0xCC,0x86,0x0A,0xA8,
+ 0xF0,0x4A,0x8A,0x42,0xD6,0x3F,0xC8,0xA9,0x4D,0xAD,0x7C,0x08,0xAD,0xE6,0xB6,0x50,
+ 0xB8,0xA2,0x1A,0x4D,0x88,0x07,0xB1,0x29,0x21,0xDC,0xE7,0xDA,0xC6,0x3C,0x21,0xE0,
+ 0xE3,0x11,0x49,0x70,0xAC,0x7A,0x1D,0x01,0xA4,0xCA,0x11,0x3A,0x57,0xAB,0x7D,0x57,
+ 0x2A,0x40,0x74,0xFD,0xD3,0x1D,0x85,0x18,0x50,0xDF,0x57,0x47,0x75,0xA1,0x7D,0x55,
+ 0x20,0x2E,0x47,0x37,0x50,0x72,0x8C,0x7F,0x82,0x1B,0xD2,0x62,0x8F,0x2D,0x03,0x5A,
+ 0xDA,0xC3,0xC8,0xA1,0xCE,0x2C,0x52,0xA2,0x00,0x63,0xEB,0x73,0xBA,0x71,0xC8,0x49,
+ 0x27,0x23,0x97,0x64,0x85,0x9E,0x38,0x0E,0xAD,0x63,0x68,0x3C,0xBA,0x52,0x81,0x58,
+ 0x79,0xA3,0x2C,0x0C,0xDF,0xDE,0x6D,0xEB,0x31,0xF2,0xBA,0xA0,0x7C,0x6C,0xF1,0x2C,
+ 0xD4,0xE1,0xBD,0x77,0x84,0x37,0x03,0xCE,0x32,0xB5,0xC8,0x9A,0x81,0x1A,0x4A,0x92,
+ 0x4E,0x3B,0x46,0x9A,0x85,0xFE,0x83,0xA2,0xF9,0x9E,0x8C,0xA3,0xCC,0x0D,0x5E,0xB3,
+ 0x3D,0xCF,0x04,0x78,0x8F,0x14,0x14,0x7B,0x32,0x9C,0xC7,0x00,0xA6,0x5C,0xC4,0xB5,
+ 0xA1,0x55,0x8D,0x5A,0x56,0x68,0xA4,0x22,0x70,0xAA,0x3C,0x81,0x71,0xD9,0x9D,0xA8,
+ 0x45,0x3B,0xF4,0xE5,0xF6,0xA2,0x51,0xDD,0xC7,0x7B,0x62,0xE8,0x6F,0x0C,0x74,0xEB,
+ 0xB8,0xDA,0xF8,0xBF,0x87,0x0D,0x79,0x50,0x91,0x90,0x9B,0x18,0x3B,0x91,0x59,0x27,
+ 0xF1,0x35,0x28,0x13,0xAB,0x26,0x7E,0xD5,0xF7,0x7A,
};
+/* subject:/CN=Apple IST CA 2 OCSP Responder NL01/O=Apple Inc./C=US */
+/* issuer :/CN=Apple IST CA 2 - G1/OU=Certification Authority/O=Apple Inc./C=US */
static const uint8_t _responderCert[]= {
- 0x30,0x82,0x04,0x58,0x30,0x82,0x03,0x40,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x03,
- 0x56,0x99,0xC9,0x07,0x45,0xC1,0xA9,0x4C,0x50,0x3A,0x24,0x28,0xD6,0x04,0x5D,0x30,
- 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x77,
- 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1D,0x30,
- 0x1B,0x06,0x03,0x55,0x04,0x0A,0x13,0x14,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,
- 0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1F,0x30,0x1D,
- 0x06,0x03,0x55,0x04,0x0B,0x13,0x16,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,0x20,
- 0x54,0x72,0x75,0x73,0x74,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x28,0x30,
- 0x26,0x06,0x03,0x55,0x04,0x03,0x13,0x1F,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,
- 0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x45,0x56,0x20,0x53,0x53,0x4C,0x20,
- 0x43,0x41,0x20,0x2D,0x20,0x47,0x33,0x30,0x1E,0x17,0x0D,0x31,0x37,0x30,0x37,0x31,
- 0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x37,0x31,0x30,0x31,0x36,
- 0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x39,0x31,0x37,0x30,0x35,0x06,0x03,0x55,
- 0x04,0x03,0x13,0x2E,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,0x20,0x43,0x6C,0x61,
- 0x73,0x73,0x20,0x33,0x20,0x45,0x56,0x20,0x53,0x53,0x4C,0x20,0x43,0x41,0x20,0x2D,
- 0x20,0x47,0x33,0x20,0x4F,0x43,0x53,0x50,0x20,0x52,0x65,0x73,0x70,0x6F,0x6E,0x64,
- 0x65,0x72,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
- 0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,
- 0x01,0x01,0x00,0xA1,0x49,0x87,0x17,0x74,0x89,0x30,0x97,0x77,0x0D,0x11,0x51,0x51,
- 0x3A,0x80,0x2D,0x7C,0xEC,0xB2,0x4C,0xB1,0xE5,0x46,0x51,0x1C,0xF5,0x7A,0x02,0xB3,
- 0x77,0x19,0x3B,0x7B,0x94,0x00,0x1A,0xA4,0xD1,0xB8,0xF0,0x07,0xF2,0x1B,0x8D,0x70,
- 0xC0,0x81,0x44,0xB5,0x58,0xD8,0x34,0xEC,0x62,0xF7,0x8B,0x4B,0x3C,0x44,0x7D,0xD0,
- 0x35,0xAE,0xEF,0x2B,0xFB,0x75,0xAF,0xB3,0x10,0x32,0xC8,0xF9,0x08,0x2C,0x5C,0x1B,
- 0x07,0x56,0x7C,0x88,0x6D,0xEE,0x4C,0xD5,0x8F,0xD4,0x48,0x41,0xBB,0x03,0xA8,0xBF,
- 0x20,0xE8,0x52,0xFB,0x24,0x5F,0x90,0x78,0xB8,0x87,0x0D,0xD5,0x17,0xAB,0xA8,0xF0,
- 0xDB,0xF8,0x61,0x9F,0xF8,0x09,0x88,0x79,0x19,0x6F,0x57,0xC6,0x69,0x01,0x08,0xAA,
- 0xC6,0xBF,0x8D,0x0C,0x2D,0xD3,0x54,0x89,0x03,0xC8,0xA8,0x55,0x00,0xC2,0x89,0xEC,
- 0x8E,0xD8,0xD8,0x12,0x15,0x26,0x67,0x8E,0x88,0x0F,0x94,0xFA,0x57,0x50,0xE7,0xE9,
- 0x7B,0x1B,0x94,0xF6,0xF1,0xE2,0x91,0x02,0x42,0x4F,0x3B,0x3E,0xB6,0xDD,0x3C,0x78,
- 0xE7,0xC8,0x45,0x4F,0x7B,0x7D,0x41,0xD5,0x95,0x3C,0xD6,0x16,0x84,0xF5,0x16,0xF2,
- 0x45,0x6C,0xBF,0x05,0x00,0x7E,0x92,0x70,0xB7,0x01,0x14,0x86,0x89,0x89,0x9D,0x6B,
- 0xDC,0x5D,0xDF,0x30,0x25,0x7F,0xAA,0x93,0xC0,0xC7,0xC7,0x80,0x12,0xEE,0x47,0xF7,
- 0x90,0x69,0x82,0x86,0xFA,0x22,0x11,0x45,0xAB,0xD1,0x50,0x4F,0xED,0x87,0xCA,0x99,
- 0x20,0xB5,0xC1,0x8D,0xAC,0x01,0x41,0x5C,0x70,0x3C,0x4D,0xD7,0x8E,0xD6,0x8F,0x51,
- 0x19,0x79,0xAB,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x1C,0x30,0x82,0x01,0x18,
- 0x30,0x0F,0x06,0x09,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,0x04,0x02,0x05,
- 0x00,0x30,0x22,0x06,0x03,0x55,0x1D,0x11,0x04,0x1B,0x30,0x19,0xA4,0x17,0x30,0x15,
- 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0A,0x54,0x47,0x56,0x2D,0x45,
- 0x2D,0x32,0x31,0x35,0x32,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,
- 0x80,0x14,0x01,0x59,0xAB,0xE7,0xDD,0x3A,0x0B,0x59,0xA6,0x64,0x63,0xD6,0xCF,0x20,
- 0x07,0x57,0xD5,0x91,0xE7,0x6A,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,
- 0x14,0xE3,0x5E,0x00,0x73,0xB3,0x6F,0xFB,0x26,0x90,0x5A,0xE3,0xE5,0xF4,0xB5,0x99,
- 0x95,0xEA,0x80,0xFA,0x9F,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,
- 0x02,0x30,0x00,0x30,0x6E,0x06,0x03,0x55,0x1D,0x20,0x04,0x67,0x30,0x65,0x30,0x63,
- 0x06,0x0B,0x60,0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x07,0x17,0x03,0x30,0x54,0x30,
- 0x26,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1A,0x68,0x74,0x74,
- 0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x73,0x79,0x6D,0x61,0x75,0x74,0x68,0x2E,
- 0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x2A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,
- 0x07,0x02,0x02,0x30,0x1E,0x1A,0x1C,0x20,0x20,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,
- 0x77,0x77,0x77,0x2E,0x73,0x79,0x6D,0x61,0x75,0x74,0x68,0x2E,0x63,0x6F,0x6D,0x2F,
- 0x72,0x70,0x61,0x30,0x13,0x06,0x03,0x55,0x1D,0x25,0x04,0x0C,0x30,0x0A,0x06,0x08,
- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,
- 0x01,0xFF,0x04,0x04,0x03,0x02,0x07,0x80,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
- 0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x3B,0x57,0xAB,0x23,
- 0x8E,0x31,0x91,0x87,0x0E,0x02,0xC1,0x55,0xD4,0x53,0x58,0x16,0xEA,0x1B,0x77,0x61,
- 0x68,0x88,0x96,0xC6,0x8D,0x4F,0x57,0xD8,0x80,0x04,0xD2,0xCB,0x41,0x84,0xE9,0x78,
- 0xB1,0x21,0xD0,0xFD,0xB6,0x68,0x8C,0xB0,0xD5,0xED,0x28,0xB3,0xA9,0x9A,0x8A,0xBB,
- 0x88,0x09,0x30,0x04,0xB1,0x29,0xC6,0xC9,0x13,0x4F,0xDB,0xDA,0x52,0x00,0x3A,0x61,
- 0xEE,0xD5,0x6F,0xAB,0xDE,0x71,0x1B,0x8E,0xFA,0xE0,0x1F,0x09,0x9D,0x00,0xF1,0x1F,
- 0xAC,0x88,0x73,0x86,0x37,0xDA,0x7A,0x05,0x3F,0xDB,0xD2,0xEB,0x47,0x0B,0xC9,0x39,
- 0x74,0xA4,0x06,0xBD,0x50,0x63,0x52,0xEE,0x9F,0xE7,0x58,0x07,0x95,0x85,0x6D,0x43,
- 0xE8,0x3B,0x7E,0x0D,0x36,0x65,0x2A,0xB1,0x62,0xB5,0xDB,0x31,0x49,0x38,0x7F,0x6D,
- 0x4E,0xE0,0x9D,0x84,0x79,0x68,0xC3,0x1B,0xFB,0x89,0x54,0xFB,0x3C,0xEC,0xD1,0xF9,
- 0xF1,0xC2,0x57,0xD4,0xBF,0xBE,0xA6,0x22,0xD2,0x84,0xC3,0xC2,0x0E,0x9E,0x0E,0x54,
- 0x25,0x79,0x91,0x16,0x4E,0xBC,0x2B,0xD4,0x4F,0x63,0xB3,0x5B,0x7C,0x70,0x91,0xDE,
- 0xE2,0x70,0x34,0xB9,0x21,0xB4,0x89,0xF6,0x98,0x12,0x9E,0x38,0xF8,0x36,0x29,0x9D,
- 0x0A,0xEC,0xC6,0x69,0xD6,0xC6,0x2E,0xB8,0x38,0x07,0x3F,0xC5,0x52,0x8A,0xEE,0x6F,
- 0x20,0xDE,0x62,0xA7,0x85,0xEC,0x05,0x4A,0x15,0x1B,0x3D,0xA6,0x79,0x09,0x76,0xB0,
- 0x8B,0xDC,0x13,0xD1,0xD2,0x5E,0xAB,0x65,0x99,0x4D,0xA6,0x49,0x66,0xB8,0x2C,0x77,
- 0xAC,0x85,0x71,0xA4,0x69,0x59,0xA6,0xD4,0xAD,0x61,0xA1,0xCE,
+ 0x30,0x82,0x03,0xBB,0x30,0x82,0x02,0xA3,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x5B,
+ 0x1B,0xA7,0xF8,0x9D,0xF4,0x7B,0x7C,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x62,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,
+ 0x03,0x13,0x13,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x53,0x54,0x20,0x43,0x41,0x20,
+ 0x32,0x20,0x2D,0x20,0x47,0x31,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x13,
+ 0x17,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,
+ 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
+ 0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,
+ 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,0x31,0x38,
+ 0x30,0x38,0x31,0x31,0x30,0x30,0x34,0x36,0x35,0x33,0x5A,0x17,0x0D,0x31,0x38,0x30,
+ 0x39,0x32,0x32,0x30,0x30,0x34,0x36,0x35,0x33,0x5A,0x30,0x4F,0x31,0x2B,0x30,0x29,
+ 0x06,0x03,0x55,0x04,0x03,0x0C,0x22,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x53,0x54,
+ 0x20,0x43,0x41,0x20,0x32,0x20,0x4F,0x43,0x53,0x50,0x20,0x52,0x65,0x73,0x70,0x6F,
+ 0x6E,0x64,0x65,0x72,0x20,0x4E,0x4C,0x30,0x31,0x31,0x13,0x30,0x11,0x06,0x03,0x55,
+ 0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,
+ 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,
+ 0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA5,0x35,0xB2,0xC4,
+ 0xF2,0xAB,0x4C,0xFE,0xAA,0x5D,0xC7,0x23,0x52,0x68,0x42,0xC7,0x77,0x27,0x78,0x4E,
+ 0x80,0xFD,0x06,0xA3,0x51,0xA2,0x4F,0xF7,0x7A,0xD0,0x19,0x78,0xFD,0xEA,0x94,0xD8,
+ 0xE3,0x0C,0x3C,0x50,0x17,0x30,0xDB,0x84,0x38,0x13,0xE1,0xCF,0x6C,0xA0,0x1F,0x01,
+ 0xC7,0x12,0xC7,0x96,0x64,0x09,0x45,0x2F,0xA2,0x83,0xFE,0x4E,0x2C,0xF2,0x39,0x6F,
+ 0x20,0x34,0x6D,0xEC,0xBE,0xF9,0x86,0xA3,0xEF,0x40,0x1B,0x61,0x2D,0xE1,0xA4,0xB9,
+ 0xD4,0x3E,0x8E,0x65,0x7B,0x2F,0x26,0xD5,0x54,0xA6,0x12,0xC7,0x50,0xC8,0x89,0x94,
+ 0x86,0xFA,0x41,0x48,0xCF,0xE2,0xF1,0xF8,0xF2,0x0E,0xCC,0x25,0x43,0x0C,0x66,0x85,
+ 0xDC,0x88,0xA0,0x76,0x90,0x45,0xFC,0x4E,0x95,0x8F,0xA2,0x17,0x2F,0xAF,0x7C,0x41,
+ 0x59,0xA0,0xA1,0x36,0x98,0x18,0x20,0x4D,0x07,0xF5,0x7F,0xD1,0x66,0x65,0xC6,0x74,
+ 0xEA,0xBE,0xB8,0x20,0x88,0x29,0x27,0x5D,0x06,0x55,0xD0,0xB2,0x11,0xAF,0x52,0x58,
+ 0xD1,0x8A,0x57,0x6E,0x85,0x8D,0x0C,0xBD,0x6A,0xD3,0x87,0x09,0xF6,0x0F,0x07,0x7B,
+ 0x5C,0x8F,0x96,0x16,0xB5,0x89,0xB7,0x63,0xC4,0x33,0xDA,0x67,0x63,0xA3,0xC4,0x4B,
+ 0x73,0xEF,0x57,0x96,0x4F,0x15,0x2F,0x1B,0xF7,0x8E,0x35,0x24,0x18,0x68,0x87,0x16,
+ 0x0A,0x76,0x71,0x8B,0x94,0x11,0xB9,0xCC,0x02,0x97,0x2D,0x6F,0x94,0x00,0x1A,0x31,
+ 0xA6,0x9A,0x6B,0x4A,0xD3,0x64,0xB0,0x0F,0xA2,0xB0,0x5E,0xC0,0x2A,0x13,0xD6,0x7C,
+ 0x90,0xA6,0x5C,0xEE,0x7F,0x78,0xCA,0x7F,0x62,0x2F,0xF9,0x47,0x02,0x03,0x01,0x00,
+ 0x01,0xA3,0x81,0x87,0x30,0x81,0x84,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,
+ 0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,
+ 0x80,0x14,0xD8,0x7A,0x94,0x44,0x7C,0x90,0x70,0x90,0x16,0x9E,0xDD,0x17,0x9C,0x01,
+ 0x44,0x03,0x86,0xD6,0x2A,0x29,0x30,0x0F,0x06,0x09,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x30,0x01,0x05,0x04,0x02,0x05,0x00,0x30,0x13,0x06,0x03,0x55,0x1D,0x25,0x04,0x0C,
+ 0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,0x30,0x1D,0x06,0x03,
+ 0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x75,0xDB,0x74,0x13,0x4A,0xCB,0xCB,0x5A,0x6B,
+ 0x78,0x40,0x5A,0x81,0x67,0x42,0xA5,0xD9,0xD0,0x4E,0x38,0x30,0x0E,0x06,0x03,0x55,
+ 0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x07,0x80,0x30,0x0D,0x06,0x09,0x2A,
+ 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x3A,
+ 0x7E,0x84,0xE2,0x58,0xED,0x07,0xDD,0xE5,0xBD,0x5E,0x88,0x55,0x06,0x23,0x16,0x20,
+ 0xD1,0x85,0x89,0x60,0x83,0x19,0x21,0x04,0x9C,0x57,0xFE,0x91,0x30,0xBD,0x7C,0x83,
+ 0x45,0xA3,0xA1,0x11,0x0A,0x29,0xCF,0x6C,0x55,0x47,0xC3,0x7B,0x8C,0xEE,0x43,0xFE,
+ 0x42,0x0F,0xE6,0xCE,0xC7,0x24,0xAF,0x21,0x2E,0xC7,0xFD,0xFA,0xBA,0x7E,0xCE,0xA3,
+ 0x9D,0x92,0x5B,0x54,0x4C,0x4F,0x14,0x55,0xD6,0x5F,0xB0,0xB0,0x73,0xFD,0x78,0x61,
+ 0xDC,0xF6,0xA1,0xB6,0xFF,0xAF,0x3B,0x49,0x6F,0x62,0x95,0xD0,0x4E,0xA9,0x3F,0xE8,
+ 0x5C,0xCD,0x36,0xEA,0xED,0x57,0x04,0x32,0xB6,0xB0,0x91,0xDC,0x32,0xA6,0xC7,0x84,
+ 0x9C,0x3F,0x24,0x3A,0x64,0x56,0x62,0xA2,0x02,0x15,0xC9,0x63,0x96,0x8E,0x6C,0xF5,
+ 0x3E,0xB1,0xE4,0x3C,0x79,0x63,0xE0,0x94,0xE8,0xD0,0x73,0x31,0x7B,0x3C,0x99,0x66,
+ 0x82,0x2D,0x47,0x49,0x22,0x33,0xD4,0xD1,0x80,0x35,0xF1,0xB1,0xFD,0x01,0x92,0x07,
+ 0x6B,0x1E,0xF1,0xD0,0x02,0x84,0x24,0xD6,0xDF,0x2F,0x10,0x06,0x0F,0x36,0x5D,0x4B,
+ 0x1A,0xE3,0xDB,0x1F,0x8C,0x54,0x07,0x63,0x41,0x9E,0x74,0x6E,0x6F,0x9D,0xCE,0xCC,
+ 0x36,0x7B,0xE0,0xC5,0xCB,0x04,0x12,0xFF,0xF3,0x09,0xD7,0x36,0x5D,0x09,0xD0,0xCD,
+ 0xF2,0x73,0xAA,0x10,0x5D,0x0D,0xC2,0x12,0x21,0x00,0x89,0xE5,0x34,0x17,0x6C,0x76,
+ 0xE2,0x2F,0xDA,0xBD,0xCA,0xFB,0x9D,0xF2,0x1C,0x3B,0x62,0xCA,0xC0,0x97,0x82,0x54,
+ 0x92,0x4E,0x0C,0xD0,0x3B,0x79,0xD0,0x41,0x29,0x84,0xF5,0x75,0x40,0xB4,0xE8,
};
/* subject:/serialNumber=424761419/jurisdictionC=FR/businessCategory=Private Organization/C=FR/postalCode=59100/ST=Nord/L=Roubaix/street=2 rue Kellermann/O=OVH SAS/OU=IT/OU=COMODO EV SSL/CN=ovh.com */
0xB4,0x1E,0x4D,0x5E,0xEA,0x9A,0x1E,0xE9,0x42,0x87,0x9F,
};
+static unsigned char valid_ist_certificate[] = {
+ 0x30,0x82,0x08,0x51,0x30,0x82,0x07,0x39,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x3A,
+ 0xFC,0x35,0x65,0x26,0x40,0x12,0xAF,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x62,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,
+ 0x03,0x13,0x13,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x53,0x54,0x20,0x43,0x41,0x20,
+ 0x32,0x20,0x2D,0x20,0x47,0x31,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x13,
+ 0x17,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,
+ 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
+ 0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,
+ 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,0x31,0x38,
+ 0x30,0x37,0x31,0x36,0x32,0x32,0x31,0x31,0x30,0x38,0x5A,0x17,0x0D,0x32,0x30,0x30,
+ 0x38,0x31,0x34,0x32,0x32,0x31,0x31,0x30,0x38,0x5A,0x30,0x79,0x31,0x18,0x30,0x16,
+ 0x06,0x03,0x55,0x04,0x03,0x0C,0x0F,0x76,0x61,0x6C,0x69,0x64,0x2E,0x61,0x70,0x70,
+ 0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x0C,
+ 0x1D,0x6D,0x61,0x6E,0x61,0x67,0x65,0x6D,0x65,0x6E,0x74,0x3A,0x69,0x64,0x6D,0x73,
+ 0x2E,0x67,0x72,0x6F,0x75,0x70,0x2E,0x31,0x32,0x30,0x38,0x39,0x32,0x30,0x31,0x13,
+ 0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,
+ 0x6E,0x63,0x2E,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,
+ 0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
+ 0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,
+ 0x0A,0x02,0x82,0x01,0x01,0x00,0xC7,0x5F,0xAC,0x4A,0xAC,0x71,0xFC,0xF1,0x80,0x8D,
+ 0x57,0xA1,0xDC,0x3B,0x48,0x4F,0x02,0x83,0xBA,0xE0,0x57,0x36,0xAB,0x53,0xB5,0x14,
+ 0x47,0x8F,0x87,0x24,0xA6,0x7A,0x40,0x5C,0xC3,0x28,0x6E,0x29,0x6D,0x54,0x35,0x89,
+ 0x79,0xA9,0x12,0xF3,0xD7,0x0A,0x4E,0xBE,0xC7,0xFB,0x75,0xF3,0x1B,0x92,0x6D,0x3F,
+ 0x7B,0xCC,0x72,0x63,0xF5,0xE8,0x57,0xC8,0xD2,0x7A,0x36,0x98,0x6E,0x61,0x0F,0x48,
+ 0xD1,0xC3,0x37,0xA4,0xB9,0x94,0x1C,0x66,0x18,0x75,0x97,0x34,0xED,0xFA,0x96,0x00,
+ 0x24,0x1A,0x8D,0x2E,0xFB,0x98,0x48,0x85,0xA5,0x73,0x9E,0xED,0x7D,0x8E,0x3C,0xCF,
+ 0xED,0xE9,0xE1,0x5F,0x1C,0x36,0xFF,0x20,0x2D,0x62,0x5C,0x0E,0x3D,0xCC,0x6E,0x3D,
+ 0xDB,0xF8,0x5A,0x8A,0x5A,0x2A,0x75,0xDC,0x09,0xC4,0x21,0x45,0x55,0x04,0xE3,0xEC,
+ 0x20,0xF0,0x5E,0xE3,0xC7,0x1A,0xD3,0x16,0x78,0x07,0xF1,0x65,0xF3,0xAD,0xB5,0x68,
+ 0x4B,0x0E,0x5D,0xA9,0x37,0xEA,0x58,0xAA,0x19,0x1F,0xF4,0xB4,0xF3,0x01,0xB0,0xE0,
+ 0xDC,0x25,0x4D,0x8A,0x2E,0xB1,0xC4,0xD3,0xE6,0x05,0x9E,0x23,0x8B,0x1E,0x8B,0xD0,
+ 0x14,0xA1,0x7E,0xC7,0x98,0xF1,0x68,0x9C,0x2D,0x10,0xDE,0xF9,0x79,0x14,0x3E,0x98,
+ 0x73,0x19,0x94,0x4B,0x4A,0xF7,0x52,0xDA,0x4D,0x98,0x26,0xAC,0xB2,0x76,0x1A,0x71,
+ 0xB5,0xFA,0x0D,0xE8,0x93,0xEB,0x92,0xF8,0x77,0x82,0xE5,0xE9,0xD4,0x07,0x8C,0xFD,
+ 0x20,0x8D,0xA0,0x25,0xD2,0x8A,0x6F,0xE2,0x33,0xA7,0x24,0x56,0x14,0x30,0x29,0x9D,
+ 0x6B,0xAB,0x2A,0x33,0xF9,0xD3,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x04,0xF2,0x30,
+ 0x82,0x04,0xEE,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,
+ 0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xD8,0x7A,
+ 0x94,0x44,0x7C,0x90,0x70,0x90,0x16,0x9E,0xDD,0x17,0x9C,0x01,0x44,0x03,0x86,0xD6,
+ 0x2A,0x29,0x30,0x7E,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x72,
+ 0x30,0x70,0x30,0x34,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x28,
+ 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x73,0x2E,0x61,0x70,0x70,
+ 0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,0x70,0x6C,0x65,0x69,0x73,0x74,0x63,
+ 0x61,0x32,0x67,0x31,0x2E,0x64,0x65,0x72,0x30,0x38,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x30,0x01,0x86,0x2C,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,
+ 0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x6F,0x63,0x73,0x70,
+ 0x30,0x33,0x2D,0x61,0x70,0x70,0x6C,0x65,0x69,0x73,0x74,0x63,0x61,0x32,0x67,0x31,
+ 0x32,0x30,0x30,0x43,0x06,0x03,0x55,0x1D,0x11,0x04,0x3C,0x30,0x3A,0x82,0x0F,0x76,
+ 0x61,0x6C,0x69,0x64,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x13,
+ 0x76,0x61,0x6C,0x69,0x64,0x2D,0x75,0x61,0x74,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,
+ 0x63,0x6F,0x6D,0x82,0x12,0x76,0x61,0x6C,0x69,0x64,0x2D,0x71,0x61,0x2E,0x61,0x70,
+ 0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x81,0xFF,0x06,0x03,0x55,0x1D,0x20,0x04,
+ 0x81,0xF7,0x30,0x81,0xF4,0x30,0x81,0xF1,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,
+ 0x64,0x05,0x0B,0x04,0x30,0x81,0xE2,0x30,0x81,0xA4,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x02,0x02,0x30,0x81,0x97,0x0C,0x81,0x94,0x52,0x65,0x6C,0x69,0x61,0x6E,
+ 0x63,0x65,0x20,0x6F,0x6E,0x20,0x74,0x68,0x69,0x73,0x20,0x63,0x65,0x72,0x74,0x69,
+ 0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x62,0x79,0x20,0x61,0x6E,0x79,0x20,0x70,0x61,
+ 0x72,0x74,0x79,0x20,0x61,0x73,0x73,0x75,0x6D,0x65,0x73,0x20,0x61,0x63,0x63,0x65,
+ 0x70,0x74,0x61,0x6E,0x63,0x65,0x20,0x6F,0x66,0x20,0x61,0x6E,0x79,0x20,0x61,0x70,
+ 0x70,0x6C,0x69,0x63,0x61,0x62,0x6C,0x65,0x20,0x74,0x65,0x72,0x6D,0x73,0x20,0x61,
+ 0x6E,0x64,0x20,0x63,0x6F,0x6E,0x64,0x69,0x74,0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66,
+ 0x20,0x75,0x73,0x65,0x20,0x61,0x6E,0x64,0x2F,0x6F,0x72,0x20,0x63,0x65,0x72,0x74,
+ 0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x70,0x72,0x61,0x63,0x74,0x69,
+ 0x63,0x65,0x20,0x73,0x74,0x61,0x74,0x65,0x6D,0x65,0x6E,0x74,0x73,0x2E,0x30,0x39,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x2D,0x68,0x74,0x74,0x70,
+ 0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,
+ 0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x61,0x75,0x74,0x68,
+ 0x6F,0x72,0x69,0x74,0x79,0x2F,0x72,0x70,0x61,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,
+ 0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x37,0x06,0x03,0x55,0x1D,0x1F,0x04,
+ 0x30,0x30,0x2E,0x30,0x2C,0xA0,0x2A,0xA0,0x28,0x86,0x26,0x68,0x74,0x74,0x70,0x3A,
+ 0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,
+ 0x61,0x70,0x70,0x6C,0x65,0x69,0x73,0x74,0x63,0x61,0x32,0x67,0x31,0x2E,0x63,0x72,
+ 0x6C,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x55,0xF7,0x8E,0xC8,
+ 0x40,0x19,0x7D,0x8B,0x19,0x80,0xA5,0xF5,0xC6,0x44,0x75,0x8A,0x04,0x1E,0x7D,0x48,
+ 0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,
+ 0x30,0x82,0x02,0x6D,0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,
+ 0x04,0x82,0x02,0x5D,0x04,0x82,0x02,0x59,0x02,0x57,0x00,0x75,0x00,0xBB,0xD9,0xDF,
+ 0xBC,0x1F,0x8A,0x71,0xB5,0x93,0x94,0x23,0x97,0xAA,0x92,0x7B,0x47,0x38,0x57,0x95,
+ 0x0A,0xAB,0x52,0xE8,0x1A,0x90,0x96,0x64,0x36,0x8E,0x1E,0xD1,0x85,0x00,0x00,0x01,
+ 0x64,0xA5,0x2E,0xD8,0xFD,0x00,0x00,0x04,0x03,0x00,0x46,0x30,0x44,0x02,0x20,0x3E,
+ 0xD8,0xAB,0x26,0x35,0xFC,0xAC,0xE8,0x97,0xE8,0x84,0x28,0x73,0x0D,0xFB,0x6F,0x7B,
+ 0x02,0xF6,0x8E,0xB8,0xD1,0xAC,0xF3,0x9C,0xDF,0x37,0x2E,0x42,0x53,0x6B,0x3A,0x02,
+ 0x20,0x73,0x9A,0xED,0x05,0x2C,0x5C,0xDD,0x5A,0x60,0x2D,0xF9,0xB3,0x5C,0x7B,0xB3,
+ 0x95,0x0F,0xF1,0x21,0xD3,0xB5,0x1C,0x40,0xBC,0x50,0x79,0xE2,0xF3,0x19,0x89,0xAC,
+ 0xE7,0x00,0x75,0x00,0x56,0x14,0x06,0x9A,0x2F,0xD7,0xC2,0xEC,0xD3,0xF5,0xE1,0xBD,
+ 0x44,0xB2,0x3E,0xC7,0x46,0x76,0xB9,0xBC,0x99,0x11,0x5C,0xC0,0xEF,0x94,0x98,0x55,
+ 0xD6,0x89,0xD0,0xDD,0x00,0x00,0x01,0x64,0xA5,0x2E,0xD9,0xA9,0x00,0x00,0x04,0x03,
+ 0x00,0x46,0x30,0x44,0x02,0x20,0x2E,0x5B,0x93,0xD3,0xCA,0x9A,0x1E,0x80,0xC3,0x50,
+ 0x1C,0xC1,0x37,0x6B,0x11,0x76,0x34,0xE8,0xE3,0xC7,0x8D,0x17,0xD0,0x4D,0x2E,0xA7,
+ 0xD9,0x98,0x6E,0x15,0x3A,0xC3,0x02,0x20,0x18,0x2B,0xD6,0x7A,0x11,0x46,0xC0,0xE1,
+ 0x99,0xDA,0x51,0x9C,0xBA,0xC5,0xC3,0x4C,0x3F,0x9A,0xB2,0xD1,0xDA,0xB7,0x6B,0x69,
+ 0x33,0x81,0x23,0x46,0x6F,0x54,0xFF,0x3F,0x00,0x76,0x00,0xEE,0x4B,0xBD,0xB7,0x75,
+ 0xCE,0x60,0xBA,0xE1,0x42,0x69,0x1F,0xAB,0xE1,0x9E,0x66,0xA3,0x0F,0x7E,0x5F,0xB0,
+ 0x72,0xD8,0x83,0x00,0xC4,0x7B,0x89,0x7A,0xA8,0xFD,0xCB,0x00,0x00,0x01,0x64,0xA5,
+ 0x2E,0xD9,0x25,0x00,0x00,0x04,0x03,0x00,0x47,0x30,0x45,0x02,0x20,0x5E,0x30,0x51,
+ 0x55,0x80,0x59,0xEA,0x60,0x45,0x10,0x9D,0x8E,0x61,0x07,0x34,0xD4,0xC2,0x08,0x46,
+ 0xEB,0xAC,0x4A,0xC3,0x72,0xC6,0x04,0x8E,0xF4,0x5D,0xF6,0xAF,0x51,0x02,0x21,0x00,
+ 0xC0,0x20,0xF0,0x01,0x1F,0x74,0xD4,0x33,0x24,0xE3,0x70,0xB3,0x80,0x47,0xE9,0x8A,
+ 0xB6,0x47,0xE4,0x65,0xA4,0x98,0x8D,0x6A,0xD8,0x75,0xE4,0xFE,0xC7,0x7A,0x89,0x5E,
+ 0x00,0x77,0x00,0x55,0x81,0xD4,0xC2,0x16,0x90,0x36,0x01,0x4A,0xEA,0x0B,0x9B,0x57,
+ 0x3C,0x53,0xF0,0xC0,0xE4,0x38,0x78,0x70,0x25,0x08,0x17,0x2F,0xA3,0xAA,0x1D,0x07,
+ 0x13,0xD3,0x0C,0x00,0x00,0x01,0x64,0xA5,0x2E,0xD9,0x74,0x00,0x00,0x04,0x03,0x00,
+ 0x48,0x30,0x46,0x02,0x21,0x00,0x94,0x79,0x39,0x0B,0x5F,0x59,0x89,0x4D,0xD4,0x09,
+ 0x28,0xB4,0xE1,0x07,0xC0,0x58,0xDC,0xA3,0x86,0x07,0x68,0x29,0x02,0xDA,0x86,0xE6,
+ 0x70,0xBE,0x32,0xB7,0xC6,0x33,0x02,0x21,0x00,0xA6,0x72,0x28,0x8B,0xC9,0x61,0xC4,
+ 0xFB,0x53,0x98,0x8F,0x99,0x3F,0x92,0x7E,0x06,0x21,0x10,0xA1,0x58,0x1D,0x28,0x44,
+ 0x80,0x29,0x91,0xC2,0xE6,0xBB,0xCE,0xCC,0x0E,0x00,0x76,0x00,0x87,0x75,0xBF,0xE7,
+ 0x59,0x7C,0xF8,0x8C,0x43,0x99,0x5F,0xBD,0xF3,0x6E,0xFF,0x56,0x8D,0x47,0x56,0x36,
+ 0xFF,0x4A,0xB5,0x60,0xC1,0xB4,0xEA,0xFF,0x5E,0xA0,0x83,0x0F,0x00,0x00,0x01,0x64,
+ 0xA5,0x2E,0xD9,0x12,0x00,0x00,0x04,0x03,0x00,0x47,0x30,0x45,0x02,0x20,0x37,0x9C,
+ 0x18,0xFC,0x24,0x63,0xAD,0x19,0xD6,0xA2,0x82,0xD9,0x47,0x82,0xAE,0x94,0x66,0x97,
+ 0xE4,0x73,0xCC,0x36,0x40,0x8A,0x6F,0xA5,0xAA,0x3C,0x99,0x92,0x8D,0x8F,0x02,0x21,
+ 0x00,0xF4,0x44,0x4A,0x8D,0x3A,0x18,0x31,0xDA,0xF5,0xDD,0xF4,0x37,0x4F,0xB3,0x1D,
+ 0xF6,0x15,0xBD,0x8B,0xF5,0x75,0x53,0x12,0x35,0xE5,0xD5,0x4D,0x08,0x0E,0xA7,0xC2,
+ 0x69,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,
+ 0x03,0x82,0x01,0x01,0x00,0x8F,0x46,0xED,0x04,0x6F,0xED,0xF7,0xAA,0xB9,0xE3,0x29,
+ 0xF7,0x4A,0x9F,0x69,0xEB,0xB2,0x61,0xD0,0x37,0x68,0x8F,0xC8,0xCF,0xB2,0x4F,0x1F,
+ 0x02,0x3E,0xF3,0x78,0x38,0x67,0xDB,0xD1,0xFA,0x60,0x16,0x70,0xDD,0xB7,0x44,0x12,
+ 0x54,0x0A,0x8C,0x3E,0xEC,0xF2,0xE9,0xBC,0x78,0x11,0x8D,0x7F,0x44,0x16,0xF0,0x87,
+ 0xD6,0xD8,0xA2,0x65,0xBC,0x11,0x32,0x4A,0xED,0xA9,0xF9,0xD7,0xB6,0xF7,0x9B,0x0F,
+ 0xFF,0x82,0x06,0x12,0x04,0x77,0xB9,0x13,0x08,0xAB,0x98,0x5D,0x07,0x04,0x7C,0xDC,
+ 0x43,0x1E,0x86,0x16,0x8C,0xF7,0xB2,0x67,0x42,0x65,0x43,0x40,0x9B,0x1F,0xC6,0x97,
+ 0x18,0x41,0xCF,0x2F,0xA9,0xC8,0x4D,0x57,0x4E,0x84,0x28,0x0F,0xC9,0x3A,0xEF,0xB6,
+ 0x3D,0x9C,0xE9,0x96,0x12,0xFA,0xF2,0x35,0xA0,0xF1,0xDB,0x9D,0x0A,0x65,0x23,0xBB,
+ 0xC9,0x38,0xCC,0x39,0x7E,0x6B,0x17,0x80,0x48,0xF1,0xAC,0xF3,0x12,0x33,0x7B,0xBE,
+ 0x5E,0x7B,0xC4,0x8D,0xC6,0xB9,0x9B,0x85,0x0A,0x8A,0x52,0x4F,0x5E,0xC7,0x1F,0x12,
+ 0xDB,0xA5,0xBA,0x33,0x9E,0xA2,0x3A,0x9E,0x11,0x82,0x4E,0x42,0x0E,0x3F,0x82,0xDF,
+ 0x36,0x91,0xF7,0x24,0xB6,0xFC,0x6D,0x00,0x19,0xF2,0xD0,0x31,0x70,0x1F,0xED,0xE6,
+ 0x37,0xED,0x1D,0xB3,0xDB,0x06,0x01,0x90,0x0E,0x95,0x9B,0xD6,0x34,0x5F,0xFA,0xE6,
+ 0xD1,0x34,0xA6,0xD9,0x61,0x63,0x3E,0x2D,0x59,0x7B,0xD4,0xA5,0x9E,0x3F,0xFE,0xFE,
+ 0x58,0xC9,0x60,0xAE,0xA4,0xC2,0xCB,0xA6,0x50,0x9D,0x50,0xDB,0x38,0x80,0x2F,0xC9,
+ 0x2A,0xC5,0xEF,0x98,0xCF,
+};
+
static unsigned char ist_intermediate_certificate[1092]={
0x30,0x82,0x04,0x40,0x30,0x82,0x03,0x28,0xA0,0x03,0x02,0x01,0x02,0x02,0x03,0x02,
0x3A,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,
0xDB,0xC4,0x65,0xDE,0x57,0xFB,0x6D,0x49,0xC8,0x7A,0xF8,
};
-/* subject:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3 */
-/* issuer :/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 */
-
+/* subject:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA */
+/* issuer :/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA */
static unsigned char _c1[]={
- 0x30,0x82,0x05,0x2B,0x30,0x82,0x04,0x13,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x7E,
- 0xE1,0x4A,0x6F,0x6F,0xEF,0xF2,0xD3,0x7F,0x3F,0xAD,0x65,0x4D,0x3A,0xDA,0xB4,0x30,
- 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x81,
- 0xCA,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
- 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
- 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,
- 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,
- 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,
- 0x0B,0x13,0x31,0x28,0x63,0x29,0x20,0x32,0x30,0x30,0x36,0x20,0x56,0x65,0x72,0x69,
- 0x53,0x69,0x67,0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x20,0x2D,0x20,0x46,0x6F,0x72,
- 0x20,0x61,0x75,0x74,0x68,0x6F,0x72,0x69,0x7A,0x65,0x64,0x20,0x75,0x73,0x65,0x20,
- 0x6F,0x6E,0x6C,0x79,0x31,0x45,0x30,0x43,0x06,0x03,0x55,0x04,0x03,0x13,0x3C,0x56,
- 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,
- 0x50,0x75,0x62,0x6C,0x69,0x63,0x20,0x50,0x72,0x69,0x6D,0x61,0x72,0x79,0x20,0x43,
- 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,
- 0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x2D,0x20,0x47,0x35,0x30,0x1E,0x17,0x0D,0x31,
- 0x33,0x31,0x30,0x33,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x32,0x33,
- 0x31,0x30,0x33,0x30,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x77,0x31,0x0B,0x30,
- 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1D,0x30,0x1B,0x06,0x03,
- 0x55,0x04,0x0A,0x13,0x14,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,0x20,0x43,0x6F,
- 0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,
- 0x04,0x0B,0x13,0x16,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,0x20,0x54,0x72,0x75,
- 0x73,0x74,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x28,0x30,0x26,0x06,0x03,
- 0x55,0x04,0x03,0x13,0x1F,0x53,0x79,0x6D,0x61,0x6E,0x74,0x65,0x63,0x20,0x43,0x6C,
- 0x61,0x73,0x73,0x20,0x33,0x20,0x45,0x56,0x20,0x53,0x53,0x4C,0x20,0x43,0x41,0x20,
- 0x2D,0x20,0x47,0x33,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
- 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,
- 0x02,0x82,0x01,0x01,0x00,0xD8,0xA1,0x65,0x74,0x23,0xE8,0x2B,0x64,0xE2,0x32,0xD7,
- 0x33,0x37,0x3D,0x8E,0xF5,0x34,0x16,0x48,0xDD,0x4F,0x7F,0x87,0x1C,0xF8,0x44,0x23,
- 0x13,0x8E,0xFB,0x11,0xD8,0x44,0x5A,0x18,0x71,0x8E,0x60,0x16,0x26,0x92,0x9B,0xFD,
- 0x17,0x0B,0xE1,0x71,0x70,0x42,0xFE,0xBF,0xFA,0x1C,0xC0,0xAA,0xA3,0xA7,0xB5,0x71,
- 0xE8,0xFF,0x18,0x83,0xF6,0xDF,0x10,0x0A,0x13,0x62,0xC8,0x3D,0x9C,0xA7,0xDE,0x2E,
- 0x3F,0x0C,0xD9,0x1D,0xE7,0x2E,0xFB,0x2A,0xCE,0xC8,0x9A,0x7F,0x87,0xBF,0xD8,0x4C,
- 0x04,0x15,0x32,0xC9,0xD1,0xCC,0x95,0x71,0xA0,0x4E,0x28,0x4F,0x84,0xD9,0x35,0xFB,
- 0xE3,0x86,0x6F,0x94,0x53,0xE6,0x72,0x8A,0x63,0x67,0x2E,0xBE,0x69,0xF6,0xF7,0x6E,
- 0x8E,0x9C,0x60,0x04,0xEB,0x29,0xFA,0xC4,0x47,0x42,0xD2,0x78,0x98,0xE3,0xEC,0x0B,
- 0xA5,0x92,0xDC,0xB7,0x9A,0xBD,0x80,0x64,0x2B,0x38,0x7C,0x38,0x09,0x5B,0x66,0xF6,
- 0x2D,0x95,0x7A,0x86,0xB2,0x34,0x2E,0x85,0x9E,0x90,0x0E,0x5F,0xB7,0x5D,0xA4,0x51,
- 0x72,0x46,0x70,0x13,0xBF,0x67,0xF2,0xB6,0xA7,0x4D,0x14,0x1E,0x6C,0xB9,0x53,0xEE,
- 0x23,0x1A,0x4E,0x8D,0x48,0x55,0x43,0x41,0xB1,0x89,0x75,0x6A,0x40,0x28,0xC5,0x7D,
- 0xDD,0xD2,0x6E,0xD2,0x02,0x19,0x2F,0x7B,0x24,0x94,0x4B,0xEB,0xF1,0x1A,0xA9,0x9B,
- 0xE3,0x23,0x9A,0xEA,0xFA,0x33,0xAB,0x0A,0x2C,0xB7,0xF4,0x60,0x08,0xDD,0x9F,0x1C,
- 0xCD,0xDD,0x2D,0x01,0x66,0x80,0xAF,0xB3,0x2F,0x29,0x1D,0x23,0xB8,0x8A,0xE1,0xA1,
- 0x70,0x07,0x0C,0x34,0x0F,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x5D,0x30,0x82,
- 0x01,0x59,0x30,0x2F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x23,
- 0x30,0x21,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x13,
- 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x32,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,
- 0x63,0x6F,0x6D,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,
- 0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x65,0x06,0x03,0x55,0x1D,0x20,0x04,0x5E,
- 0x30,0x5C,0x30,0x5A,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x52,0x30,0x26,0x06,0x08,
- 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,
- 0x2F,0x77,0x77,0x77,0x2E,0x73,0x79,0x6D,0x61,0x75,0x74,0x68,0x2E,0x63,0x6F,0x6D,
- 0x2F,0x63,0x70,0x73,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,
- 0x30,0x1C,0x1A,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x73,
- 0x79,0x6D,0x61,0x75,0x74,0x68,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x30,0x30,
- 0x06,0x03,0x55,0x1D,0x1F,0x04,0x29,0x30,0x27,0x30,0x25,0xA0,0x23,0xA0,0x21,0x86,
- 0x1F,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x31,0x2E,0x73,0x79,0x6D,0x63,0x62,
- 0x2E,0x63,0x6F,0x6D,0x2F,0x70,0x63,0x61,0x33,0x2D,0x67,0x35,0x2E,0x63,0x72,0x6C,
- 0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,
- 0x30,0x29,0x06,0x03,0x55,0x1D,0x11,0x04,0x22,0x30,0x20,0xA4,0x1E,0x30,0x1C,0x31,
- 0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x53,0x79,0x6D,0x61,0x6E,0x74,
- 0x65,0x63,0x50,0x4B,0x49,0x2D,0x31,0x2D,0x35,0x33,0x33,0x30,0x1D,0x06,0x03,0x55,
- 0x1D,0x0E,0x04,0x16,0x04,0x14,0x01,0x59,0xAB,0xE7,0xDD,0x3A,0x0B,0x59,0xA6,0x64,
- 0x63,0xD6,0xCF,0x20,0x07,0x57,0xD5,0x91,0xE7,0x6A,0x30,0x1F,0x06,0x03,0x55,0x1D,
- 0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x7F,0xD3,0x65,0xA7,0xC2,0xDD,0xEC,0xBB,0xF0,
- 0x30,0x09,0xF3,0x43,0x39,0xFA,0x02,0xAF,0x33,0x31,0x33,0x30,0x0D,0x06,0x09,0x2A,
- 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x42,
- 0x01,0x55,0x7B,0xD0,0x16,0x1A,0x5D,0x58,0xE8,0xBB,0x9B,0xA8,0x4D,0xD7,0xF3,0xD7,
- 0xEB,0x13,0x94,0x86,0xD6,0x7F,0x21,0x0B,0x47,0xBC,0x57,0x9B,0x92,0x5D,0x4F,0x05,
- 0x9F,0x38,0xA4,0x10,0x7C,0xCF,0x83,0xBE,0x06,0x43,0x46,0x8D,0x08,0xBC,0x6A,0xD7,
- 0x10,0xA6,0xFA,0xAB,0xAF,0x2F,0x61,0xA8,0x63,0xF2,0x65,0xDF,0x7F,0x4C,0x88,0x12,
- 0x88,0x4F,0xB3,0x69,0xD9,0xFF,0x27,0xC0,0x0A,0x97,0x91,0x8F,0x56,0xFB,0x89,0xC4,
- 0xA8,0xBB,0x92,0x2D,0x1B,0x73,0xB0,0xC6,0xAB,0x36,0xF4,0x96,0x6C,0x20,0x08,0xEF,
- 0x0A,0x1E,0x66,0x24,0x45,0x4F,0x67,0x00,0x40,0xC8,0x07,0x54,0x74,0x33,0x3B,0xA6,
- 0xAD,0xBB,0x23,0x9F,0x66,0xED,0xA2,0x44,0x70,0x34,0xFB,0x0E,0xEA,0x01,0xFD,0xCF,
- 0x78,0x74,0xDF,0xA7,0xAD,0x55,0xB7,0x5F,0x4D,0xF6,0xD6,0x3F,0xE0,0x86,0xCE,0x24,
- 0xC7,0x42,0xA9,0x13,0x14,0x44,0x35,0x4B,0xB6,0xDF,0xC9,0x60,0xAC,0x0C,0x7F,0xD9,
- 0x93,0x21,0x4B,0xEE,0x9C,0xE4,0x49,0x02,0x98,0xD3,0x60,0x7B,0x5C,0xBC,0xD5,0x30,
- 0x2F,0x07,0xCE,0x44,0x42,0xC4,0x0B,0x99,0xFE,0xE6,0x9F,0xFC,0xB0,0x78,0x86,0x51,
- 0x6D,0xD1,0x2C,0x9D,0xC6,0x96,0xFB,0x85,0x82,0xBB,0x04,0x2F,0xF7,0x62,0x80,0xEF,
- 0x62,0xDA,0x7F,0xF6,0x0E,0xAC,0x90,0xB8,0x56,0xBD,0x79,0x3F,0xF2,0x80,0x6E,0xA3,
- 0xD9,0xB9,0x0F,0x5D,0x3A,0x07,0x1D,0x91,0x93,0x86,0x4B,0x29,0x4C,0xE1,0xDC,0xB5,
- 0xE1,0xE0,0x33,0x9D,0xB3,0xCB,0x36,0x91,0x4B,0xFE,0xA1,0xB4,0xEE,0xF0,0xF9,
+ 0x30,0x82,0x04,0xB6,0x30,0x82,0x03,0x9E,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x0C,
+ 0x79,0xA9,0x44,0xB0,0x8C,0x11,0x95,0x20,0x92,0x61,0x5F,0xE2,0x6B,0x1D,0x83,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x6C,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30,
+ 0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,
+ 0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77,
+ 0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31,
+ 0x2B,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x44,0x69,0x67,0x69,0x43,0x65,
+ 0x72,0x74,0x20,0x48,0x69,0x67,0x68,0x20,0x41,0x73,0x73,0x75,0x72,0x61,0x6E,0x63,
+ 0x65,0x20,0x45,0x56,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,
+ 0x31,0x33,0x31,0x30,0x32,0x32,0x31,0x32,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x32,
+ 0x38,0x31,0x30,0x32,0x32,0x31,0x32,0x30,0x30,0x30,0x30,0x5A,0x30,0x75,0x31,0x0B,
+ 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30,0x13,0x06,
+ 0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x20,0x49,
+ 0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77,0x77,0x77,
+ 0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31,0x34,0x30,
+ 0x32,0x06,0x03,0x55,0x04,0x03,0x13,0x2B,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,
+ 0x20,0x53,0x48,0x41,0x32,0x20,0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,
+ 0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x72,0x76,0x65,0x72,
+ 0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,
+ 0x82,0x01,0x01,0x00,0xD7,0x53,0xA4,0x04,0x51,0xF8,0x99,0xA6,0x16,0x48,0x4B,0x67,
+ 0x27,0xAA,0x93,0x49,0xD0,0x39,0xED,0x0C,0xB0,0xB0,0x00,0x87,0xF1,0x67,0x28,0x86,
+ 0x85,0x8C,0x8E,0x63,0xDA,0xBC,0xB1,0x40,0x38,0xE2,0xD3,0xF5,0xEC,0xA5,0x05,0x18,
+ 0xB8,0x3D,0x3E,0xC5,0x99,0x17,0x32,0xEC,0x18,0x8C,0xFA,0xF1,0x0C,0xA6,0x64,0x21,
+ 0x85,0xCB,0x07,0x10,0x34,0xB0,0x52,0x88,0x2B,0x1F,0x68,0x9B,0xD2,0xB1,0x8F,0x12,
+ 0xB0,0xB3,0xD2,0xE7,0x88,0x1F,0x1F,0xEF,0x38,0x77,0x54,0x53,0x5F,0x80,0x79,0x3F,
+ 0x2E,0x1A,0xAA,0xA8,0x1E,0x4B,0x2B,0x0D,0xAB,0xB7,0x63,0xB9,0x35,0xB7,0x7D,0x14,
+ 0xBC,0x59,0x4B,0xDF,0x51,0x4A,0xD2,0xA1,0xE2,0x0C,0xE2,0x90,0x82,0x87,0x6A,0xAE,
+ 0xEA,0xD7,0x64,0xD6,0x98,0x55,0xE8,0xFD,0xAF,0x1A,0x50,0x6C,0x54,0xBC,0x11,0xF2,
+ 0xFD,0x4A,0xF2,0x9D,0xBB,0x7F,0x0E,0xF4,0xD5,0xBE,0x8E,0x16,0x89,0x12,0x55,0xD8,
+ 0xC0,0x71,0x34,0xEE,0xF6,0xDC,0x2D,0xEC,0xC4,0x87,0x25,0x86,0x8D,0xD8,0x21,0xE4,
+ 0xB0,0x4D,0x0C,0x89,0xDC,0x39,0x26,0x17,0xDD,0xF6,0xD7,0x94,0x85,0xD8,0x04,0x21,
+ 0x70,0x9D,0x6F,0x6F,0xFF,0x5C,0xBA,0x19,0xE1,0x45,0xCB,0x56,0x57,0x28,0x7E,0x1C,
+ 0x0D,0x41,0x57,0xAA,0xB7,0xB8,0x27,0xBB,0xB1,0xE4,0xFA,0x2A,0xEF,0x21,0x23,0x75,
+ 0x1A,0xAD,0x2D,0x9B,0x86,0x35,0x8C,0x9C,0x77,0xB5,0x73,0xAD,0xD8,0x94,0x2D,0xE4,
+ 0xF3,0x0C,0x9D,0xEE,0xC1,0x4E,0x62,0x7E,0x17,0xC0,0x71,0x9E,0x2C,0xDE,0xF1,0xF9,
+ 0x10,0x28,0x19,0x33,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x49,0x30,0x82,0x01,
+ 0x45,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,
+ 0x01,0xFF,0x02,0x01,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,
+ 0x04,0x03,0x02,0x01,0x86,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x03,0x02,0x30,0x34,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,
+ 0x04,0x28,0x30,0x26,0x30,0x24,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,
+ 0x86,0x18,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x64,0x69,
+ 0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x30,0x4B,0x06,0x03,0x55,0x1D,
+ 0x1F,0x04,0x44,0x30,0x42,0x30,0x40,0xA0,0x3E,0xA0,0x3C,0x86,0x3A,0x68,0x74,0x74,
+ 0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x34,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,
+ 0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x48,0x69,
+ 0x67,0x68,0x41,0x73,0x73,0x75,0x72,0x61,0x6E,0x63,0x65,0x45,0x56,0x52,0x6F,0x6F,
+ 0x74,0x43,0x41,0x2E,0x63,0x72,0x6C,0x30,0x3D,0x06,0x03,0x55,0x1D,0x20,0x04,0x36,
+ 0x30,0x34,0x30,0x32,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x2A,0x30,0x28,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C,0x68,0x74,0x74,0x70,0x73,0x3A,
+ 0x2F,0x2F,0x77,0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,
+ 0x6F,0x6D,0x2F,0x43,0x50,0x53,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,
+ 0x14,0x3D,0xD3,0x50,0xA5,0xD6,0xA0,0xAD,0xEE,0xF3,0x4A,0x60,0x0A,0x65,0xD3,0x21,
+ 0xD4,0xF8,0xF8,0xD6,0x0F,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,
+ 0x80,0x14,0xB1,0x3E,0xC3,0x69,0x03,0xF8,0xBF,0x47,0x01,0xD4,0x98,0x26,0x1A,0x08,
+ 0x02,0xEF,0x63,0x64,0x2B,0xC3,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
+ 0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x9D,0xB6,0xD0,0x90,0x86,0xE1,
+ 0x86,0x02,0xED,0xC5,0xA0,0xF0,0x34,0x1C,0x74,0xC1,0x8D,0x76,0xCC,0x86,0x0A,0xA8,
+ 0xF0,0x4A,0x8A,0x42,0xD6,0x3F,0xC8,0xA9,0x4D,0xAD,0x7C,0x08,0xAD,0xE6,0xB6,0x50,
+ 0xB8,0xA2,0x1A,0x4D,0x88,0x07,0xB1,0x29,0x21,0xDC,0xE7,0xDA,0xC6,0x3C,0x21,0xE0,
+ 0xE3,0x11,0x49,0x70,0xAC,0x7A,0x1D,0x01,0xA4,0xCA,0x11,0x3A,0x57,0xAB,0x7D,0x57,
+ 0x2A,0x40,0x74,0xFD,0xD3,0x1D,0x85,0x18,0x50,0xDF,0x57,0x47,0x75,0xA1,0x7D,0x55,
+ 0x20,0x2E,0x47,0x37,0x50,0x72,0x8C,0x7F,0x82,0x1B,0xD2,0x62,0x8F,0x2D,0x03,0x5A,
+ 0xDA,0xC3,0xC8,0xA1,0xCE,0x2C,0x52,0xA2,0x00,0x63,0xEB,0x73,0xBA,0x71,0xC8,0x49,
+ 0x27,0x23,0x97,0x64,0x85,0x9E,0x38,0x0E,0xAD,0x63,0x68,0x3C,0xBA,0x52,0x81,0x58,
+ 0x79,0xA3,0x2C,0x0C,0xDF,0xDE,0x6D,0xEB,0x31,0xF2,0xBA,0xA0,0x7C,0x6C,0xF1,0x2C,
+ 0xD4,0xE1,0xBD,0x77,0x84,0x37,0x03,0xCE,0x32,0xB5,0xC8,0x9A,0x81,0x1A,0x4A,0x92,
+ 0x4E,0x3B,0x46,0x9A,0x85,0xFE,0x83,0xA2,0xF9,0x9E,0x8C,0xA3,0xCC,0x0D,0x5E,0xB3,
+ 0x3D,0xCF,0x04,0x78,0x8F,0x14,0x14,0x7B,0x32,0x9C,0xC7,0x00,0xA6,0x5C,0xC4,0xB5,
+ 0xA1,0x55,0x8D,0x5A,0x56,0x68,0xA4,0x22,0x70,0xAA,0x3C,0x81,0x71,0xD9,0x9D,0xA8,
+ 0x45,0x3B,0xF4,0xE5,0xF6,0xA2,0x51,0xDD,0xC7,0x7B,0x62,0xE8,0x6F,0x0C,0x74,0xEB,
+ 0xB8,0xDA,0xF8,0xBF,0x87,0x0D,0x79,0x50,0x91,0x90,0x9B,0x18,0x3B,0x91,0x59,0x27,
+ 0xF1,0x35,0x28,0x13,0xAB,0x26,0x7E,0xD5,0xF7,0x7A,
};
/* subject:/CN=self-signed.ssltest.apple.com/C=US */
#ifndef _SECURITY_SI_32_SECTRUST_PINNING_REQUIRED_H_
#define _SECURITY_SI_32_SECTRUST_PINNING_REQUIRED_H_
-/* subject:/CN=query.ess.apple.com/OU=IDS SRE/O=Apple Inc./C=US */
-/* issuer :/CN=Apple Server Authentication CA/OU=Certification Authority/O=Apple Inc./C=US */
-uint8_t _ids_prod[]={
- 0x30,0x82,0x07,0x86,0x30,0x82,0x06,0x6E,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x1A,
- 0xFE,0x9C,0x01,0x42,0x80,0xFB,0xAE,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
- 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x6D,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,
- 0x03,0x0C,0x1E,0x41,0x70,0x70,0x6C,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72,0x20,
- 0x41,0x75,0x74,0x68,0x65,0x6E,0x74,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x43,
- 0x41,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x0C,0x17,0x43,0x65,0x72,0x74,
- 0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,
- 0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,
- 0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
- 0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,0x31,0x37,0x30,0x39,0x31,0x39,0x32,
- 0x30,0x35,0x36,0x31,0x35,0x5A,0x17,0x0D,0x31,0x38,0x31,0x30,0x31,0x39,0x32,0x30,
- 0x35,0x36,0x31,0x35,0x5A,0x30,0x52,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x03,
- 0x0C,0x13,0x71,0x75,0x65,0x72,0x79,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,
- 0x65,0x2E,0x63,0x6F,0x6D,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x0B,0x0C,0x07,
- 0x49,0x44,0x53,0x20,0x53,0x52,0x45,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,
- 0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,
- 0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,
- 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,
- 0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xBE,0x9A,0x0A,0x7E,0x25,0xE0,
- 0x09,0xD1,0xC4,0x0E,0xC6,0xCB,0x15,0xB6,0xE0,0xB2,0xF8,0xB6,0xDB,0x9D,0xC7,0x5D,
- 0x40,0xA3,0x82,0x03,0xE6,0x8A,0x66,0x0F,0x87,0x10,0xA9,0x58,0x2B,0xCB,0x94,0x60,
- 0xB6,0x13,0x8B,0x78,0xB0,0xE6,0x9B,0xA6,0xEF,0x1E,0xE2,0xF2,0xC2,0xC6,0x69,0x67,
- 0xA2,0xB6,0x5C,0xA7,0x6C,0xA8,0x3C,0xC7,0xBC,0x3B,0x6E,0x96,0xEE,0x65,0x19,0x8D,
- 0x37,0x9A,0xAF,0x35,0xBF,0x51,0xB0,0xD6,0xEC,0x9D,0xBF,0x05,0x44,0xBD,0x2F,0x70,
- 0x9D,0x3B,0x84,0xEC,0x2C,0x74,0x48,0x8E,0x68,0x00,0x7E,0x9B,0x19,0xA2,0xE9,0x11,
- 0xF7,0x35,0x16,0x3E,0x03,0xD0,0x42,0x4E,0x97,0xC2,0xA9,0x48,0x9F,0x13,0xD8,0x74,
- 0x5C,0xD6,0x3D,0xC3,0x8B,0x59,0x76,0xD6,0xC4,0x9D,0x60,0x1D,0xE8,0x8B,0x0D,0x5D,
- 0x38,0xB6,0x7F,0xC7,0xE4,0x55,0xCC,0x29,0x52,0x92,0xB8,0x79,0x60,0x3A,0x25,0xE4,
- 0xE9,0xA0,0xAE,0xAB,0xF2,0x0F,0x15,0x6C,0xD3,0x10,0x01,0x33,0x18,0x91,0x68,0x49,
- 0x37,0x7C,0x61,0x26,0x44,0xE9,0xDE,0x4E,0x8B,0xE5,0x3C,0x2E,0xBE,0x3F,0x8C,0x0D,
- 0x4D,0x7E,0x8B,0x43,0x4F,0x5E,0x09,0xF3,0xD2,0x6B,0xA2,0x27,0xAF,0xDE,0x9C,0x9A,
- 0xEB,0xD4,0x76,0x40,0x69,0x82,0xB7,0x94,0xF3,0x2B,0x2E,0xA8,0xA4,0x97,0x38,0x02,
- 0xEE,0x3B,0x8C,0x82,0x16,0x9E,0x12,0x42,0x57,0x05,0x9F,0xC7,0x07,0x82,0x78,0x3D,
- 0x47,0xB8,0x11,0xDD,0x81,0x25,0x24,0xF2,0x49,0x7B,0x34,0x7A,0xC1,0x16,0xE4,0x34,
- 0x36,0x67,0xAF,0x75,0x4F,0xB3,0x3D,0xEF,0x83,0xF7,0x02,0x03,0x01,0x00,0x01,0xA3,
- 0x82,0x04,0x43,0x30,0x82,0x04,0x3F,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,
- 0x04,0x14,0x6F,0xD8,0x77,0x83,0x70,0xEB,0x9F,0xB6,0x01,0x22,0xDB,0x03,0x56,0x6B,
- 0x20,0x12,0xAC,0x2F,0x3F,0x9A,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,
- 0x04,0x02,0x30,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,
- 0x14,0x2C,0xC5,0x6D,0x52,0xDD,0x31,0xEF,0x8C,0xEC,0x08,0x81,0xED,0xDF,0xDC,0xCA,
- 0x43,0x00,0x45,0x01,0xD0,0x30,0x3C,0x06,0x03,0x55,0x1D,0x1F,0x04,0x35,0x30,0x33,
- 0x30,0x31,0xA0,0x2F,0xA0,0x2D,0x86,0x2B,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,
- 0x72,0x6C,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,0x70,
- 0x6C,0x65,0x73,0x65,0x72,0x76,0x65,0x72,0x61,0x75,0x74,0x68,0x63,0x61,0x31,0x2E,
- 0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,
- 0x02,0x05,0xA0,0x30,0x13,0x06,0x03,0x55,0x1D,0x25,0x04,0x0C,0x30,0x0A,0x06,0x08,
- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x82,0x03,0x77,0x06,0x03,0x55,0x1D,
- 0x11,0x04,0x82,0x03,0x6E,0x30,0x82,0x03,0x6A,0x82,0x13,0x71,0x75,0x65,0x72,0x79,
- 0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x16,
- 0x73,0x6D,0x73,0x2D,0x74,0x65,0x73,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,
- 0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x16,0x71,0x75,0x65,0x72,0x79,0x2D,0x70,0x76,
- 0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x18,
- 0x6F,0x70,0x65,0x6E,0x6D,0x61,0x72,0x6B,0x65,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,
- 0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x1B,0x69,0x6E,0x76,0x69,0x74,0x61,
- 0x74,0x69,0x6F,0x6E,0x2D,0x73,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,
- 0x65,0x2E,0x63,0x6F,0x6D,0x82,0x1B,0x70,0x72,0x6F,0x66,0x69,0x6C,0x65,0x2D,0x63,
- 0x61,0x72,0x72,0x79,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,
- 0x6F,0x6D,0x82,0x1F,0x72,0x65,0x67,0x69,0x73,0x74,0x72,0x61,0x74,0x69,0x6F,0x6E,
- 0x2D,0x74,0x65,0x73,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,
- 0x63,0x6F,0x6D,0x82,0x16,0x69,0x64,0x65,0x6E,0x74,0x69,0x74,0x79,0x2E,0x65,0x73,
- 0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x1E,0x69,0x6E,0x76,
- 0x69,0x74,0x61,0x74,0x69,0x6F,0x6E,0x2D,0x63,0x61,0x72,0x72,0x79,0x2E,0x65,0x73,
- 0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x1E,0x61,0x67,0x67,
- 0x72,0x65,0x67,0x61,0x74,0x6F,0x72,0x2D,0x63,0x61,0x72,0x72,0x79,0x2E,0x65,0x73,
- 0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x1B,0x69,0x64,0x65,
- 0x6E,0x74,0x69,0x74,0x79,0x2D,0x74,0x65,0x73,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,
- 0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x18,0x61,0x67,0x67,0x72,0x65,0x67,
- 0x61,0x74,0x6F,0x72,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,
- 0x6F,0x6D,0x82,0x1C,0x69,0x64,0x65,0x6E,0x74,0x69,0x74,0x79,0x2D,0x63,0x61,0x72,
- 0x72,0x79,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,
- 0x82,0x16,0x71,0x75,0x65,0x72,0x79,0x2D,0x6D,0x72,0x2E,0x65,0x73,0x73,0x2E,0x61,
- 0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x1A,0x70,0x72,0x6F,0x66,0x69,0x6C,
- 0x65,0x2D,0x74,0x65,0x73,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,
- 0x2E,0x63,0x6F,0x6D,0x82,0x1B,0x61,0x67,0x67,0x72,0x65,0x67,0x61,0x74,0x6F,0x72,
- 0x2D,0x73,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,
- 0x6D,0x82,0x1A,0x72,0x65,0x67,0x69,0x73,0x74,0x72,0x61,0x74,0x69,0x6F,0x6E,0x2E,
- 0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x20,0x72,
- 0x65,0x67,0x69,0x73,0x74,0x72,0x61,0x74,0x69,0x6F,0x6E,0x2D,0x63,0x61,0x72,0x72,
- 0x79,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,
- 0x17,0x73,0x6D,0x73,0x2D,0x63,0x61,0x72,0x72,0x79,0x2E,0x65,0x73,0x73,0x2E,0x61,
- 0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x18,0x71,0x75,0x65,0x72,0x79,0x2D,
- 0x74,0x65,0x73,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,
- 0x6F,0x6D,0x82,0x16,0x6A,0x75,0x6E,0x63,0x74,0x69,0x6F,0x6E,0x2E,0x65,0x73,0x73,
- 0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x11,0x73,0x6D,0x73,0x2E,
- 0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x1B,0x61,
- 0x67,0x67,0x72,0x65,0x67,0x61,0x74,0x6F,0x72,0x2D,0x70,0x76,0x2E,0x65,0x73,0x73,
- 0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x16,0x71,0x75,0x65,0x72,
- 0x79,0x2D,0x73,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,
- 0x6F,0x6D,0x82,0x15,0x70,0x72,0x6F,0x66,0x69,0x6C,0x65,0x2E,0x65,0x73,0x73,0x2E,
- 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x19,0x71,0x75,0x65,0x72,0x79,
- 0x2D,0x63,0x61,0x72,0x72,0x79,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,
- 0x2E,0x63,0x6F,0x6D,0x82,0x1B,0x69,0x6E,0x76,0x69,0x74,0x61,0x74,0x69,0x6F,0x6E,
- 0x2D,0x6D,0x72,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,
- 0x6D,0x82,0x1B,0x61,0x67,0x67,0x72,0x65,0x67,0x61,0x74,0x6F,0x72,0x2D,0x6D,0x72,
- 0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x1B,
- 0x69,0x6E,0x76,0x69,0x74,0x61,0x74,0x69,0x6F,0x6E,0x2D,0x70,0x76,0x2E,0x65,0x73,
- 0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x18,0x69,0x6E,0x76,
- 0x69,0x74,0x61,0x74,0x69,0x6F,0x6E,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,
- 0x65,0x2E,0x63,0x6F,0x6D,0x82,0x1D,0x61,0x67,0x67,0x72,0x65,0x67,0x61,0x74,0x6F,
- 0x72,0x2D,0x74,0x65,0x73,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,
- 0x2E,0x63,0x6F,0x6D,0x82,0x1D,0x69,0x6E,0x76,0x69,0x74,0x61,0x74,0x69,0x6F,0x6E,
- 0x2D,0x74,0x65,0x73,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,
- 0x63,0x6F,0x6D,0x30,0x11,0x06,0x0B,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x06,0x1B,
+/* subject:/CN=profile.ess.apple.com/O=Apple Inc./ST=California/C=US */
+/* issuer :/CN=Test Apple Server Authentication CA/OU=Certification Authority/O=Apple Inc./C=US */
+uint8_t _ids_test[]={
+ 0x30,0x82,0x04,0x76,0x30,0x82,0x03,0x5E,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x24,
+ 0x1F,0x1C,0x82,0xF4,0x25,0x42,0xB4,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x72,0x31,0x2C,0x30,0x2A,0x06,0x03,0x55,0x04,
+ 0x03,0x0C,0x23,0x54,0x65,0x73,0x74,0x20,0x41,0x70,0x70,0x6C,0x65,0x20,0x53,0x65,
+ 0x72,0x76,0x65,0x72,0x20,0x41,0x75,0x74,0x68,0x65,0x6E,0x74,0x69,0x63,0x61,0x74,
+ 0x69,0x6F,0x6E,0x20,0x43,0x41,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x0C,
+ 0x17,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,
+ 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
+ 0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,
+ 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,0x31,0x38,
+ 0x30,0x38,0x30,0x37,0x30,0x31,0x30,0x35,0x33,0x37,0x5A,0x17,0x0D,0x31,0x39,0x30,
+ 0x39,0x30,0x36,0x30,0x31,0x30,0x35,0x33,0x37,0x5A,0x30,0x57,0x31,0x1E,0x30,0x1C,
+ 0x06,0x03,0x55,0x04,0x03,0x0C,0x15,0x70,0x72,0x6F,0x66,0x69,0x6C,0x65,0x2E,0x65,
+ 0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x13,0x30,0x11,
+ 0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,
+ 0x2E,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,
+ 0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
+ 0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,
+ 0x82,0x01,0x01,0x00,0xDA,0xEE,0xCE,0x4F,0x0A,0x31,0xF5,0x6A,0x6C,0xD8,0xD8,0xF9,
+ 0x1E,0x4D,0x85,0x38,0x17,0x42,0x45,0xBA,0xF2,0x8C,0x16,0xC2,0xEC,0x29,0x84,0x88,
+ 0xC2,0xC2,0x45,0xCB,0x79,0xF6,0x7F,0x89,0x65,0x3D,0x98,0xED,0xE7,0x21,0xA8,0xAB,
+ 0x4C,0xE2,0x75,0x7C,0x5B,0x26,0x00,0xC4,0x4C,0x81,0xE4,0xFF,0xA4,0xBB,0xA6,0x0F,
+ 0x80,0x9D,0xD9,0xD5,0xA3,0xD2,0x5C,0xA1,0x25,0xE1,0x9F,0xB5,0x53,0xF3,0x31,0x3B,
+ 0xCB,0x55,0xC2,0x75,0xFB,0xC7,0x3B,0x3C,0x07,0x6B,0x29,0xAF,0x43,0x90,0x1E,0x9B,
+ 0xC3,0x47,0x0C,0x09,0xDF,0x07,0x9C,0xA8,0x12,0x3E,0x9E,0xFE,0x29,0xE7,0x11,0x06,
+ 0xA1,0x1D,0x8C,0xEA,0x99,0x73,0xD5,0x13,0x66,0x51,0x0D,0x3D,0x6B,0x67,0x38,0x68,
+ 0x04,0x40,0xE8,0x1E,0x50,0x56,0x59,0x77,0x5A,0xF3,0x12,0xAC,0x2B,0x93,0xF8,0xBC,
+ 0x87,0xA6,0x70,0x3F,0xB8,0x8F,0xE2,0xEC,0x38,0x5F,0xB4,0x73,0xE6,0x95,0x38,0xD1,
+ 0x31,0x16,0xFE,0xFF,0x77,0x01,0xD2,0xD0,0x2F,0xF4,0xF7,0x3A,0x21,0x5B,0xA8,0x36,
+ 0xC4,0xE4,0x58,0x26,0x3D,0x6F,0xFF,0xA0,0x39,0x45,0x83,0xCB,0x66,0xF5,0x4C,0xC6,
+ 0x43,0x67,0x1C,0x58,0x72,0x5B,0xCC,0xAA,0x15,0x91,0x4D,0xE6,0x24,0xF6,0x18,0xFE,
+ 0xF5,0xEF,0x75,0xB4,0x5B,0xF1,0x86,0x2F,0x67,0x0A,0x5B,0x7D,0x8E,0x22,0x1B,0x2F,
+ 0xFA,0xE2,0xB1,0x41,0x37,0x4D,0x26,0xD6,0x9B,0x13,0x66,0x5F,0xE5,0xCD,0x4B,0xC9,
+ 0x91,0x62,0xF9,0x98,0x8E,0x7F,0xB6,0x6F,0x7A,0xFF,0x95,0xF1,0x0B,0x1C,0x1F,0xFB,
+ 0xD1,0x49,0xB7,0xFD,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x29,0x30,0x82,0x01,
+ 0x25,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,
+ 0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xA8,0xCA,0x7A,0x9B,
+ 0xA8,0x37,0x71,0x9E,0x3D,0xEC,0x5A,0xAB,0x66,0x2E,0xDC,0xD7,0x14,0x3D,0x7B,0xF2,
+ 0x30,0x52,0x06,0x03,0x55,0x1D,0x11,0x04,0x4B,0x30,0x49,0x82,0x18,0x6F,0x70,0x65,
+ 0x6E,0x6D,0x61,0x72,0x6B,0x65,0x74,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,
+ 0x65,0x2E,0x63,0x6F,0x6D,0x82,0x16,0x69,0x64,0x65,0x6E,0x74,0x69,0x74,0x79,0x2E,
+ 0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x15,0x70,
+ 0x72,0x6F,0x66,0x69,0x6C,0x65,0x2E,0x65,0x73,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,
+ 0x2E,0x63,0x6F,0x6D,0x30,0x13,0x06,0x03,0x55,0x1D,0x25,0x04,0x0C,0x30,0x0A,0x06,
+ 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x49,0x06,0x03,0x55,0x1D,0x1F,
+ 0x04,0x42,0x30,0x40,0x30,0x3E,0xA0,0x3C,0xA0,0x3A,0x86,0x38,0x68,0x74,0x74,0x70,
+ 0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x75,0x61,0x74,0x2E,0x63,0x6F,0x72,0x70,0x2E,
+ 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x74,0x65,0x73,0x74,0x61,0x70,
+ 0x70,0x6C,0x65,0x73,0x65,0x72,0x76,0x65,0x72,0x61,0x75,0x74,0x68,0x63,0x61,0x31,
+ 0x2E,0x63,0x72,0x6C,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x3F,
+ 0x0C,0x0D,0xC7,0x17,0x81,0x02,0x61,0x50,0x18,0xFC,0xAF,0xBD,0xA0,0xA8,0x4E,0x78,
+ 0xA7,0xFB,0xF1,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,
+ 0x02,0x05,0xA0,0x30,0x11,0x06,0x0B,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x06,0x1B,
0x04,0x02,0x04,0x02,0x05,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
- 0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x2D,0x0C,0xCF,0x60,0xD4,0xBF,
- 0xAE,0x51,0x01,0xF9,0xDF,0x46,0xBD,0xDE,0x39,0xEF,0xCA,0x36,0x6F,0xD0,0x31,0xCE,
- 0x2C,0x04,0x05,0x46,0x7E,0xB5,0xC8,0x16,0xAD,0xCF,0xC2,0x3F,0xFB,0xB7,0x44,0x06,
- 0xB2,0x73,0x09,0xBE,0x30,0x78,0xD9,0x90,0xED,0x73,0x7B,0x6B,0xF9,0xDC,0x7F,0x16,
- 0xE7,0x6F,0x55,0x9E,0x6F,0x4B,0xD9,0x77,0x53,0xAA,0xCB,0xAA,0x98,0x76,0x07,0xE9,
- 0x49,0x3C,0x52,0x91,0x22,0xEA,0x9A,0x57,0x0D,0x7E,0x2E,0x1B,0xA8,0xD5,0x55,0x70,
- 0xE1,0x47,0x2B,0x55,0x04,0x9A,0x98,0x79,0x30,0x08,0xEF,0x1D,0xB7,0x2C,0x0B,0xB0,
- 0x42,0x11,0x4A,0xB5,0xB5,0xB7,0xCE,0xAC,0xD1,0x8C,0x0B,0x52,0x62,0xBB,0x32,0x4A,
- 0xAB,0x22,0x40,0x37,0x10,0x1B,0x67,0x51,0x4A,0x06,0x00,0x70,0xB5,0x6F,0x0B,0x45,
- 0x7F,0xA0,0x8A,0x30,0xF5,0xF1,0x70,0x1F,0x61,0xBC,0xB0,0xDD,0x38,0xC1,0xAF,0xCA,
- 0x26,0x79,0x90,0xFC,0x7D,0x59,0xA5,0x75,0xB4,0x89,0x11,0x2B,0xAD,0x93,0xB5,0xFE,
- 0xD4,0x1A,0xC1,0xDC,0x19,0x01,0xC7,0xF6,0x6C,0xFA,0x36,0xDD,0x7F,0xBD,0x28,0x70,
- 0x8E,0xC9,0xE5,0xF3,0xEB,0xC2,0xA9,0x5A,0x9D,0xBB,0x2F,0xCE,0xE6,0x8B,0x28,0xEA,
- 0x8D,0x28,0x37,0x0A,0x65,0x1F,0x4E,0x03,0xC6,0xCE,0x22,0x56,0x46,0x1E,0xAF,0xC9,
- 0x38,0x99,0xCA,0xE4,0x5E,0x50,0xEF,0xCE,0x63,0x29,0x1A,0x9E,0xCA,0xE2,0xAE,0x30,
- 0xD4,0x99,0xC0,0x49,0x38,0xA3,0x51,0xDD,0xF2,0xA8,0x4C,0x81,0x4A,0xF7,0x36,0x9C,
- 0xC2,0x18,0xC5,0xCF,0x22,0xF2,0xE9,0x8A,0xD2,0x87,
+ 0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x53,0x88,0x1A,0x2C,0x60,0xFB,
+ 0x15,0x08,0x83,0x06,0xE4,0xF7,0x23,0x38,0x50,0xA6,0xD3,0xA7,0xBD,0x06,0xB4,0xAF,
+ 0x87,0x4F,0x13,0xC6,0x1B,0x79,0x2C,0x80,0x30,0x7E,0x23,0x0D,0x4E,0x6A,0xC3,0x9B,
+ 0xF8,0x73,0x1E,0x7B,0xD7,0x14,0xB0,0x5F,0xA8,0xEC,0xB4,0x0D,0xBD,0x3B,0x40,0x87,
+ 0x9A,0x4D,0x1D,0x2D,0x8F,0x00,0xCE,0x72,0xDE,0xAF,0x2E,0x73,0x82,0x54,0xBA,0x0E,
+ 0x3A,0xC2,0xAB,0x7C,0x09,0xE8,0xBE,0x0B,0x26,0x0F,0xC3,0x80,0xCD,0x9C,0x85,0x09,
+ 0xA3,0xD3,0xB5,0xCE,0x7D,0x63,0xB3,0x33,0x32,0x06,0xD9,0xAE,0xA9,0x7D,0x1E,0x2F,
+ 0xF9,0x1B,0x60,0x3F,0x1F,0xFA,0x57,0x17,0xC6,0x5A,0x28,0x44,0x24,0x36,0xF4,0x77,
+ 0xE6,0x91,0x7D,0xED,0x45,0x28,0x59,0x3E,0xA1,0x03,0x3E,0x45,0x3F,0x41,0x8E,0x62,
+ 0x0A,0x21,0xD8,0x47,0xED,0xFA,0x53,0x4F,0x07,0x7D,0xF6,0xFC,0xE1,0x98,0xC0,0x0C,
+ 0xAA,0x68,0xD2,0xB7,0xCD,0x7D,0xF5,0x55,0xD7,0x56,0x55,0x78,0x56,0x80,0x8A,0x30,
+ 0x89,0x30,0x2C,0xA9,0x8A,0x71,0xD1,0x4E,0x05,0x4A,0x5E,0xDB,0x23,0x2F,0xC9,0xA1,
+ 0x45,0xF9,0xF1,0x16,0xE1,0x72,0xA5,0xD7,0xB1,0x32,0xB3,0x90,0x4B,0xF8,0x72,0xD6,
+ 0xF3,0x65,0x84,0x0F,0xB6,0x23,0x41,0x4D,0xE3,0xDD,0xC0,0x5B,0xB7,0xF8,0x1C,0xF2,
+ 0x1F,0xB5,0x5D,0xD0,0xFB,0xB9,0x7D,0x0D,0x34,0xC4,0x61,0x42,0x8E,0xD4,0xED,0x4C,
+ 0xA4,0x83,0x9C,0x8D,0xBA,0xE3,0x49,0x45,0x07,0xE4,0x0E,0x0E,0x01,0x10,0x93,0xCF,
+ 0x49,0x39,0x4C,0x1C,0x0A,0x88,0xC3,0x2E,0x7C,0x64,
};
-/* subject:/CN=Apple Server Authentication CA/OU=Certification Authority/O=Apple Inc./C=US */
-/* issuer :/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA */
-uint8_t _AppleServerAuth[1020]={
- 0x30,0x82,0x03,0xF8,0x30,0x82,0x02,0xE0,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x23,
- 0x69,0x74,0x04,0xAD,0xCB,0x83,0x14,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
- 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x62,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
- 0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,
+/* subject:/CN=Test Apple Server Authentication CA/OU=Certification Authority/O=Apple Inc./C=US */
+/* issuer :/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Test Apple Root CA */
+uint8_t _TestAppleServerAuth[]={
+ 0x30,0x82,0x04,0x0F,0x30,0x82,0x02,0xF7,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x4B,
+ 0x28,0xA9,0x3B,0x57,0x8B,0xF6,0x26,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x67,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
+ 0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,
0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,
- 0x55,0x04,0x0B,0x13,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,
+ 0x55,0x04,0x0B,0x0C,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,
0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,
- 0x74,0x79,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x03,0x13,0x0D,0x41,0x70,0x70,
- 0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x34,
- 0x30,0x33,0x30,0x38,0x30,0x31,0x35,0x33,0x30,0x34,0x5A,0x17,0x0D,0x32,0x39,0x30,
- 0x33,0x30,0x38,0x30,0x31,0x35,0x33,0x30,0x34,0x5A,0x30,0x6D,0x31,0x27,0x30,0x25,
- 0x06,0x03,0x55,0x04,0x03,0x0C,0x1E,0x41,0x70,0x70,0x6C,0x65,0x20,0x53,0x65,0x72,
- 0x76,0x65,0x72,0x20,0x41,0x75,0x74,0x68,0x65,0x6E,0x74,0x69,0x63,0x61,0x74,0x69,
- 0x6F,0x6E,0x20,0x43,0x41,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x0C,0x17,
- 0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,
- 0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,
- 0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,
- 0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,
- 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,
- 0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xB9,0x26,0x16,0xB0,0xCB,0x87,
- 0xAB,0x71,0x15,0x92,0x8E,0xDF,0xAA,0x3E,0xE1,0x80,0xD7,0x53,0xBA,0xA4,0x60,0xCC,
- 0x7C,0x85,0x72,0xF7,0x30,0x7C,0x09,0x4F,0x57,0x0D,0x4A,0xFF,0xE1,0x5E,0xC9,0x4B,
- 0x50,0x13,0x02,0x64,0xB1,0xBD,0x39,0x35,0xD1,0xD7,0x04,0x51,0xC1,0x18,0xFA,0x22,
- 0xFA,0xAE,0xDF,0x98,0x18,0xD6,0xBF,0x4E,0x4D,0x43,0x10,0xFA,0x25,0x88,0x9F,0xD3,
- 0x40,0x85,0x76,0xE5,0x22,0x81,0xB6,0x54,0x45,0x73,0x9A,0x8B,0xE3,0x9C,0x48,0x1A,
- 0x86,0x7A,0xC3,0x51,0xE2,0xDA,0x95,0xF8,0xA4,0x7D,0xDB,0x30,0xDE,0x6C,0x0E,0xC4,
- 0xC5,0xF5,0x6C,0x98,0xE7,0xA6,0xFA,0x57,0x20,0x1D,0x19,0x73,0x7A,0x0E,0xCD,0x63,
- 0x0F,0xB7,0x27,0x88,0x2E,0xE1,0x9A,0x68,0x82,0xB8,0x40,0x6C,0x63,0x16,0x24,0x66,
- 0x2B,0xE7,0xB2,0xE2,0x54,0x7D,0xE7,0x88,0x39,0xA2,0x1B,0x81,0x3E,0x02,0xD3,0x39,
- 0xD8,0x97,0x77,0x4A,0x32,0x0C,0xD6,0x0A,0x0A,0xB3,0x04,0x9B,0xF1,0x72,0x6F,0x63,
- 0xA8,0x15,0x1E,0x6C,0x37,0xE8,0x0F,0xDB,0x53,0x90,0xD6,0x29,0x5C,0xBC,0x6A,0x57,
- 0x9B,0x46,0x78,0x0A,0x3E,0x24,0xEA,0x9A,0x3F,0xA1,0xD8,0x3F,0xF5,0xDB,0x6E,0xA8,
- 0x6C,0x82,0xB5,0xDD,0x99,0x38,0xEC,0x92,0x56,0x94,0xA6,0xC5,0x73,0x26,0xD1,0xAE,
- 0x08,0xB2,0xC6,0x52,0xE7,0x8E,0x76,0x4B,0x89,0xB8,0x54,0x0F,0x6E,0xE0,0xD9,0x42,
- 0xDB,0x2A,0x65,0x87,0x46,0x14,0xBB,0x96,0xB8,0x57,0xBB,0x51,0xE6,0x84,0x13,0xF7,
- 0x0D,0xA1,0xB6,0x89,0xAC,0x7C,0xD1,0x21,0x74,0xAB,0x02,0x03,0x01,0x00,0x01,0xA3,
- 0x81,0xA6,0x30,0x81,0xA3,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,
- 0x2C,0xC5,0x6D,0x52,0xDD,0x31,0xEF,0x8C,0xEC,0x08,0x81,0xED,0xDF,0xDC,0xCA,0x43,
- 0x00,0x45,0x01,0xD0,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,
- 0x30,0x03,0x01,0x01,0xFF,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,
- 0x80,0x14,0x2B,0xD0,0x69,0x47,0x94,0x76,0x09,0xFE,0xF4,0x6B,0x8D,0x2E,0x40,0xA6,
- 0xF7,0x47,0x4D,0x7F,0x08,0x5E,0x30,0x2E,0x06,0x03,0x55,0x1D,0x1F,0x04,0x27,0x30,
- 0x25,0x30,0x23,0xA0,0x21,0xA0,0x1F,0x86,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,
- 0x63,0x72,0x6C,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x6F,
- 0x6F,0x74,0x2E,0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,
- 0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x10,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,
- 0x64,0x06,0x02,0x0C,0x04,0x02,0x05,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
- 0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x23,0xF1,0x06,0x7E,
- 0x50,0x41,0x81,0xA2,0x5E,0xD3,0x70,0xA4,0x49,0x91,0xAF,0xD8,0xCC,0x67,0x8C,0xA1,
- 0x25,0x7D,0xC4,0x9A,0x93,0x39,0x2F,0xD8,0x69,0xFB,0x1B,0x41,0x5B,0x44,0xD7,0xD9,
- 0x6B,0xCB,0x3B,0x25,0x09,0x1A,0xF2,0xF4,0xE3,0xC7,0x9C,0xE8,0xB0,0x5B,0xF0,0xDF,
- 0xDD,0x22,0x25,0x11,0x15,0x93,0xB9,0x49,0x5E,0xDA,0x0C,0x66,0x7A,0x5E,0xD7,0x6F,
- 0xF0,0x63,0xD4,0x65,0x8C,0xC4,0x7A,0x54,0x7D,0x56,0x4F,0x65,0x9A,0xFD,0xDA,0xC4,
- 0xB2,0xC8,0xB0,0xB8,0xA1,0xCB,0x7D,0xE0,0x47,0xA8,0x40,0x15,0xB8,0x16,0x19,0xED,
- 0x5B,0x61,0x8E,0xDF,0xAA,0xD0,0xCD,0xD2,0x3A,0xC0,0x7E,0x3A,0x9F,0x22,0x4E,0xDF,
- 0xDF,0xF4,0x4E,0x1A,0xCD,0x93,0xFF,0xD0,0xF0,0x45,0x55,0x64,0x33,0x3E,0xD4,0xE5,
- 0xDA,0x68,0xA0,0x13,0x8A,0x76,0x30,0x27,0xD4,0xBF,0xF8,0x1E,0x76,0xF6,0xF9,0xC3,
- 0x00,0xEF,0xB1,0x83,0xEA,0x53,0x6D,0x5C,0x35,0xC7,0x0D,0x07,0x01,0xBA,0xF8,0x61,
- 0xB9,0xFE,0xC5,0x9A,0x6B,0x43,0x61,0x81,0x03,0xEB,0xBA,0x5F,0x70,0x9D,0xE8,0x6F,
- 0x94,0x24,0x4B,0xDC,0xCE,0x92,0xA8,0x2E,0xA2,0x35,0x3C,0xE3,0x49,0xE0,0x16,0x77,
- 0xA2,0xDC,0x6B,0xB9,0x8D,0x18,0x42,0xB9,0x36,0x96,0x43,0x32,0xC6,0xCB,0x76,0x99,
- 0x35,0x36,0xD8,0x56,0xC6,0x98,0x5D,0xC3,0x6F,0xA5,0x7E,0x95,0xC2,0xD5,0x7A,0x0A,
- 0x02,0x20,0x66,0x78,0x92,0xF2,0x67,0xA4,0x23,0x0D,0xE8,0x09,0xBD,0xCC,0x21,0x31,
- 0x10,0xA0,0xBD,0xBE,0xB5,0xDD,0x4C,0xDD,0x46,0x03,0x99,0x99,
+ 0x74,0x79,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x0C,0x12,0x54,0x65,0x73,
+ 0x74,0x20,0x41,0x70,0x70,0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,
+ 0x1E,0x17,0x0D,0x31,0x35,0x30,0x36,0x30,0x38,0x30,0x37,0x35,0x38,0x34,0x35,0x5A,
+ 0x17,0x0D,0x32,0x39,0x30,0x33,0x30,0x38,0x30,0x31,0x35,0x33,0x30,0x34,0x5A,0x30,
+ 0x72,0x31,0x2C,0x30,0x2A,0x06,0x03,0x55,0x04,0x03,0x0C,0x23,0x54,0x65,0x73,0x74,
+ 0x20,0x41,0x70,0x70,0x6C,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x41,0x75,
+ 0x74,0x68,0x65,0x6E,0x74,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x43,0x41,0x31,
+ 0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x0C,0x17,0x43,0x65,0x72,0x74,0x69,0x66,
+ 0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,
+ 0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,
+ 0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
+ 0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,
+ 0x82,0x01,0x01,0x00,0xC5,0x7B,0x3F,0x48,0xD3,0x62,0x93,0x93,0x7C,0x0C,0x37,0x69,
+ 0xDB,0x28,0x05,0x40,0x12,0xD7,0x1F,0x0A,0xB8,0xC3,0xBA,0x24,0x39,0x22,0xDC,0x39,
+ 0x42,0x1F,0xFD,0x93,0x45,0x3C,0x23,0x0B,0x3E,0xB4,0x96,0xA6,0x55,0x59,0xBA,0xC4,
+ 0x99,0xE7,0x8A,0x5F,0x8F,0xAE,0x66,0xA7,0x28,0xE2,0x9E,0x68,0xD9,0xEC,0x52,0x67,
+ 0xFE,0xDD,0xBE,0x59,0xB4,0xAD,0x97,0x63,0x64,0xB0,0x08,0x3C,0xBB,0x6E,0xD1,0x29,
+ 0xD8,0x58,0xA1,0x99,0x6C,0x2F,0x2F,0xB3,0xF5,0x5C,0x59,0xCA,0xA1,0xE6,0x67,0x44,
+ 0x3C,0x13,0xB4,0xAE,0x0D,0x00,0xC7,0x53,0xB7,0xF5,0x61,0x58,0xD5,0xC8,0x42,0xFC,
+ 0xE2,0xFD,0xD5,0x39,0x18,0x80,0xE2,0x72,0xBC,0xF8,0xC3,0x9F,0xCB,0xD8,0x2F,0x83,
+ 0x40,0x9A,0x3E,0x55,0x5E,0x61,0xA9,0xC4,0x81,0x14,0x2B,0x7B,0x19,0x15,0xAD,0x84,
+ 0x5E,0x80,0xA8,0x67,0x79,0x05,0x16,0x48,0x5C,0xAE,0x1A,0x2B,0x59,0x9F,0xAA,0x62,
+ 0x0B,0x2F,0x57,0xCD,0xE8,0xA8,0x5D,0x38,0xAD,0x7C,0x90,0x79,0x50,0xAC,0x4D,0x13,
+ 0xA4,0xA7,0xF3,0x73,0xED,0xD6,0x93,0x45,0xDD,0xA8,0xC6,0xFE,0x03,0x28,0x4D,0x58,
+ 0xC1,0x8B,0xC1,0x03,0x0E,0xE7,0xDF,0x78,0xDD,0x21,0xC6,0x6D,0x1E,0xA0,0x38,0xD7,
+ 0xA7,0xD7,0x04,0x8C,0x7F,0xCA,0x15,0xEA,0x88,0xE9,0xAE,0x8D,0x46,0xE0,0x87,0x94,
+ 0x3E,0x8F,0x53,0x11,0x88,0x23,0x99,0x7B,0x9D,0xD8,0x69,0x1A,0x22,0xAE,0xB5,0x18,
+ 0xA5,0x9F,0xEA,0x71,0x31,0x0B,0x27,0x93,0x85,0x1D,0xF7,0xA0,0xC3,0x82,0x0A,0x3F,
+ 0xEE,0xD2,0xD4,0xEF,0x02,0x03,0x01,0x00,0x01,0xA3,0x81,0xB3,0x30,0x81,0xB0,0x30,
+ 0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xA8,0xCA,0x7A,0x9B,0xA8,0x37,
+ 0x71,0x9E,0x3D,0xEC,0x5A,0xAB,0x66,0x2E,0xDC,0xD7,0x14,0x3D,0x7B,0xF2,0x30,0x0F,
+ 0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,
+ 0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x59,0xB8,0x2B,0x94,
+ 0x3A,0x1B,0xBA,0xF1,0x00,0xAE,0xEE,0x50,0x52,0x23,0x33,0xC9,0x59,0xC3,0x54,0x98,
+ 0x30,0x3B,0x06,0x03,0x55,0x1D,0x1F,0x04,0x34,0x30,0x32,0x30,0x30,0xA0,0x2E,0xA0,
+ 0x2C,0x86,0x2A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x75,0x61,
+ 0x74,0x2E,0x63,0x6F,0x72,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,
+ 0x2F,0x74,0x65,0x73,0x74,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x72,0x6C,0x30,0x0E,0x06,
+ 0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x10,0x06,
+ 0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x06,0x02,0x0C,0x04,0x02,0x05,0x00,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,
+ 0x01,0x01,0x00,0x11,0x24,0x61,0x2B,0x7C,0x5E,0x67,0x29,0x94,0x14,0x19,0x16,0xD5,
+ 0xD4,0x7A,0xEE,0x53,0x1A,0x64,0xA2,0x6A,0x2B,0x04,0xE6,0x2C,0xA1,0x08,0xBA,0xCA,
+ 0x81,0xF5,0x28,0x2A,0xCE,0xD5,0x6B,0x52,0xAC,0xE7,0xBD,0xB3,0x23,0xB9,0x67,0x2C,
+ 0xC7,0x9E,0x61,0xA1,0xD9,0x6C,0x3F,0x4F,0x55,0xD4,0x75,0xAF,0x44,0xAD,0xF8,0xCE,
+ 0x58,0xA7,0x2E,0xF8,0x6A,0xF0,0x76,0x51,0x31,0x75,0x4C,0xCA,0xF6,0xC3,0x59,0xC7,
+ 0xE6,0xAE,0x4A,0x20,0x4E,0x5F,0xB9,0xAB,0x1C,0xB6,0x36,0x25,0x60,0x02,0x32,0x47,
+ 0x7D,0xA0,0xE2,0x36,0xB3,0x3B,0x40,0x20,0x9E,0x38,0x40,0x1C,0x7E,0x83,0x35,0x9C,
+ 0x9D,0x8B,0xD1,0xF9,0xEA,0xD4,0xF2,0x83,0xE0,0x30,0xEA,0xC3,0xEE,0x3D,0x76,0x98,
+ 0x9E,0x0A,0x07,0xB5,0xB6,0xFC,0x38,0x32,0xF6,0x41,0xEF,0x8E,0x25,0x2C,0xE3,0xC7,
+ 0xA7,0xAD,0x88,0x77,0x4D,0x10,0x1D,0x67,0x50,0x64,0xB0,0x02,0x04,0x2C,0xEA,0x4C,
+ 0x81,0x33,0xBE,0xF3,0xCD,0x43,0x63,0x97,0x44,0xDF,0xBB,0xC6,0xE2,0x37,0x32,0xF1,
+ 0xE4,0x19,0x1F,0xF5,0xAE,0xDA,0x05,0xC4,0x0B,0xFA,0x30,0xCA,0x77,0x78,0x65,0xD6,
+ 0x4F,0x2D,0xFE,0x63,0xD3,0x4C,0x3D,0xA9,0x0E,0xC4,0x0F,0xD6,0xCC,0x2A,0x2D,0x06,
+ 0x9B,0xDE,0x94,0xF6,0x22,0x2E,0x89,0xCB,0x68,0x4E,0xDE,0x79,0xE5,0x83,0xDE,0x64,
+ 0x63,0xE9,0x77,0x88,0xF1,0x57,0xF2,0x5C,0xB4,0x77,0x3A,0xC8,0x1F,0x6D,0x80,0x4C,
+ 0x8B,0x68,0xA5,0xFA,0xAD,0x1F,0x5C,0x8C,0x50,0x27,0xED,0xF7,0x43,0x68,0xAD,0x34,
+ 0x5E,0xF6,0x74,
};
-/* subject:/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA */
-/* issuer :/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA */
-uint8_t _AppleRootCA[1215]={
- 0x30,0x82,0x04,0xBB,0x30,0x82,0x03,0xA3,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x02,
- 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,
- 0x62,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,
- 0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,
- 0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,0x70,
+/* subject:/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Test Apple Root CA */
+/* issuer :/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Test Apple Root CA */
+uint8_t _TestAppleRootCA[]={
+ 0x30,0x82,0x04,0xCC,0x30,0x82,0x03,0xB4,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x3D,
+ 0x00,0x4B,0x90,0x3E,0xDE,0xE0,0xD0,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x67,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
+ 0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,
+ 0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,
+ 0x55,0x04,0x0B,0x0C,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,
+ 0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,
+ 0x74,0x79,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x0C,0x12,0x54,0x65,0x73,
+ 0x74,0x20,0x41,0x70,0x70,0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,
+ 0x1E,0x17,0x0D,0x31,0x35,0x30,0x34,0x32,0x32,0x30,0x32,0x31,0x35,0x34,0x38,0x5A,
+ 0x17,0x0D,0x33,0x35,0x30,0x32,0x30,0x39,0x32,0x31,0x34,0x30,0x33,0x36,0x5A,0x30,
+ 0x67,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,
+ 0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,
+ 0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x0C,0x1D,0x41,0x70,
0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,
- 0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x16,0x30,0x14,0x06,
- 0x03,0x55,0x04,0x03,0x13,0x0D,0x41,0x70,0x70,0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74,
- 0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x30,0x36,0x30,0x34,0x32,0x35,0x32,0x31,0x34,
- 0x30,0x33,0x36,0x5A,0x17,0x0D,0x33,0x35,0x30,0x32,0x30,0x39,0x32,0x31,0x34,0x30,
- 0x33,0x36,0x5A,0x30,0x62,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
- 0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,
- 0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,
- 0x13,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
- 0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,
- 0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x03,0x13,0x0D,0x41,0x70,0x70,0x6C,0x65,0x20,
- 0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,
- 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,
- 0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xE4,0x91,0xA9,0x09,0x1F,0x91,0xDB,0x1E,
- 0x47,0x50,0xEB,0x05,0xED,0x5E,0x79,0x84,0x2D,0xEB,0x36,0xA2,0x57,0x4C,0x55,0xEC,
- 0x8B,0x19,0x89,0xDE,0xF9,0x4B,0x6C,0xF5,0x07,0xAB,0x22,0x30,0x02,0xE8,0x18,0x3E,
- 0xF8,0x50,0x09,0xD3,0x7F,0x41,0xA8,0x98,0xF9,0xD1,0xCA,0x66,0x9C,0x24,0x6B,0x11,
- 0xD0,0xA3,0xBB,0xE4,0x1B,0x2A,0xC3,0x1F,0x95,0x9E,0x7A,0x0C,0xA4,0x47,0x8B,0x5B,
- 0xD4,0x16,0x37,0x33,0xCB,0xC4,0x0F,0x4D,0xCE,0x14,0x69,0xD1,0xC9,0x19,0x72,0xF5,
- 0x5D,0x0E,0xD5,0x7F,0x5F,0x9B,0xF2,0x25,0x03,0xBA,0x55,0x8F,0x4D,0x5D,0x0D,0xF1,
- 0x64,0x35,0x23,0x15,0x4B,0x15,0x59,0x1D,0xB3,0x94,0xF7,0xF6,0x9C,0x9E,0xCF,0x50,
- 0xBA,0xC1,0x58,0x50,0x67,0x8F,0x08,0xB4,0x20,0xF7,0xCB,0xAC,0x2C,0x20,0x6F,0x70,
- 0xB6,0x3F,0x01,0x30,0x8C,0xB7,0x43,0xCF,0x0F,0x9D,0x3D,0xF3,0x2B,0x49,0x28,0x1A,
- 0xC8,0xFE,0xCE,0xB5,0xB9,0x0E,0xD9,0x5E,0x1C,0xD6,0xCB,0x3D,0xB5,0x3A,0xAD,0xF4,
- 0x0F,0x0E,0x00,0x92,0x0B,0xB1,0x21,0x16,0x2E,0x74,0xD5,0x3C,0x0D,0xDB,0x62,0x16,
- 0xAB,0xA3,0x71,0x92,0x47,0x53,0x55,0xC1,0xAF,0x2F,0x41,0xB3,0xF8,0xFB,0xE3,0x70,
- 0xCD,0xE6,0xA3,0x4C,0x45,0x7E,0x1F,0x4C,0x6B,0x50,0x96,0x41,0x89,0xC4,0x74,0x62,
- 0x0B,0x10,0x83,0x41,0x87,0x33,0x8A,0x81,0xB1,0x30,0x58,0xEC,0x5A,0x04,0x32,0x8C,
- 0x68,0xB3,0x8F,0x1D,0xDE,0x65,0x73,0xFF,0x67,0x5E,0x65,0xBC,0x49,0xD8,0x76,0x9F,
- 0x33,0x14,0x65,0xA1,0x77,0x94,0xC9,0x2D,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,
- 0x7A,0x30,0x82,0x01,0x76,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,
- 0x04,0x03,0x02,0x01,0x06,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,
- 0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,
- 0x14,0x2B,0xD0,0x69,0x47,0x94,0x76,0x09,0xFE,0xF4,0x6B,0x8D,0x2E,0x40,0xA6,0xF7,
- 0x47,0x4D,0x7F,0x08,0x5E,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,
- 0x80,0x14,0x2B,0xD0,0x69,0x47,0x94,0x76,0x09,0xFE,0xF4,0x6B,0x8D,0x2E,0x40,0xA6,
- 0xF7,0x47,0x4D,0x7F,0x08,0x5E,0x30,0x82,0x01,0x11,0x06,0x03,0x55,0x1D,0x20,0x04,
- 0x82,0x01,0x08,0x30,0x82,0x01,0x04,0x30,0x82,0x01,0x00,0x06,0x09,0x2A,0x86,0x48,
- 0x86,0xF7,0x63,0x64,0x05,0x01,0x30,0x81,0xF2,0x30,0x2A,0x06,0x08,0x2B,0x06,0x01,
- 0x05,0x05,0x07,0x02,0x01,0x16,0x1E,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,
- 0x77,0x77,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,0x70,
- 0x6C,0x65,0x63,0x61,0x2F,0x30,0x81,0xC3,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
- 0x02,0x02,0x30,0x81,0xB6,0x1A,0x81,0xB3,0x52,0x65,0x6C,0x69,0x61,0x6E,0x63,0x65,
- 0x20,0x6F,0x6E,0x20,0x74,0x68,0x69,0x73,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,
- 0x63,0x61,0x74,0x65,0x20,0x62,0x79,0x20,0x61,0x6E,0x79,0x20,0x70,0x61,0x72,0x74,
- 0x79,0x20,0x61,0x73,0x73,0x75,0x6D,0x65,0x73,0x20,0x61,0x63,0x63,0x65,0x70,0x74,
- 0x61,0x6E,0x63,0x65,0x20,0x6F,0x66,0x20,0x74,0x68,0x65,0x20,0x74,0x68,0x65,0x6E,
- 0x20,0x61,0x70,0x70,0x6C,0x69,0x63,0x61,0x62,0x6C,0x65,0x20,0x73,0x74,0x61,0x6E,
- 0x64,0x61,0x72,0x64,0x20,0x74,0x65,0x72,0x6D,0x73,0x20,0x61,0x6E,0x64,0x20,0x63,
- 0x6F,0x6E,0x64,0x69,0x74,0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,
- 0x2C,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x70,0x6F,
- 0x6C,0x69,0x63,0x79,0x20,0x61,0x6E,0x64,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,
- 0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x70,0x72,0x61,0x63,0x74,0x69,0x63,0x65,0x20,
- 0x73,0x74,0x61,0x74,0x65,0x6D,0x65,0x6E,0x74,0x73,0x2E,0x30,0x0D,0x06,0x09,0x2A,
- 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x5C,
- 0x36,0x99,0x4C,0x2D,0x78,0xB7,0xED,0x8C,0x9B,0xDC,0xF3,0x77,0x9B,0xF2,0x76,0xD2,
- 0x77,0x30,0x4F,0xC1,0x1F,0x85,0x83,0x85,0x1B,0x99,0x3D,0x47,0x37,0xF2,0xA9,0x9B,
- 0x40,0x8E,0x2C,0xD4,0xB1,0x90,0x12,0xD8,0xBE,0xF4,0x73,0x9B,0xEE,0xD2,0x64,0x0F,
- 0xCB,0x79,0x4F,0x34,0xD8,0xA2,0x3E,0xF9,0x78,0xFF,0x6B,0xC8,0x07,0xEC,0x7D,0x39,
- 0x83,0x8B,0x53,0x20,0xD3,0x38,0xC4,0xB1,0xBF,0x9A,0x4F,0x0A,0x6B,0xFF,0x2B,0xFC,
- 0x59,0xA7,0x05,0x09,0x7C,0x17,0x40,0x56,0x11,0x1E,0x74,0xD3,0xB7,0x8B,0x23,0x3B,
- 0x47,0xA3,0xD5,0x6F,0x24,0xE2,0xEB,0xD1,0xB7,0x70,0xDF,0x0F,0x45,0xE1,0x27,0xCA,
- 0xF1,0x6D,0x78,0xED,0xE7,0xB5,0x17,0x17,0xA8,0xDC,0x7E,0x22,0x35,0xCA,0x25,0xD5,
- 0xD9,0x0F,0xD6,0x6B,0xD4,0xA2,0x24,0x23,0x11,0xF7,0xA1,0xAC,0x8F,0x73,0x81,0x60,
- 0xC6,0x1B,0x5B,0x09,0x2F,0x92,0xB2,0xF8,0x44,0x48,0xF0,0x60,0x38,0x9E,0x15,0xF5,
- 0x3D,0x26,0x67,0x20,0x8A,0x33,0x6A,0xF7,0x0D,0x82,0xCF,0xDE,0xEB,0xA3,0x2F,0xF9,
- 0x53,0x6A,0x5B,0x64,0xC0,0x63,0x33,0x77,0xF7,0x3A,0x07,0x2C,0x56,0xEB,0xDA,0x0F,
- 0x21,0x0E,0xDA,0xBA,0x73,0x19,0x4F,0xB5,0xD9,0x36,0x7F,0xC1,0x87,0x55,0xD9,0xA7,
- 0x99,0xB9,0x32,0x42,0xFB,0xD8,0xD5,0x71,0x9E,0x7E,0xA1,0x52,0xB7,0x1B,0xBD,0x93,
- 0x42,0x24,0x12,0x2A,0xC7,0x0F,0x1D,0xB6,0x4D,0x9C,0x5E,0x63,0xC8,0x4B,0x80,0x17,
- 0x50,0xAA,0x8A,0xD5,0xDA,0xE4,0xFC,0xD0,0x09,0x07,0x37,0xB0,0x75,0x75,0x21,
+ 0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x1B,0x30,0x19,0x06,
+ 0x03,0x55,0x04,0x03,0x0C,0x12,0x54,0x65,0x73,0x74,0x20,0x41,0x70,0x70,0x6C,0x65,
+ 0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,
+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,
+ 0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xC7,0xD1,0x43,0x53,0x7F,0x0D,0x88,
+ 0x6B,0xE6,0xB1,0x67,0x9D,0xEE,0x67,0xB6,0xE7,0x77,0x12,0x81,0xC4,0xDF,0x24,0x6B,
+ 0x7A,0x75,0x24,0xF7,0x01,0x09,0xCE,0x34,0x92,0xF5,0x38,0x08,0x42,0x7E,0xEC,0x9D,
+ 0xF2,0x5D,0x38,0x91,0xB4,0x93,0x98,0x35,0x11,0x3C,0x98,0x00,0x77,0xD9,0xD7,0xF3,
+ 0x4A,0xF8,0xF0,0xBC,0xEB,0x97,0x5D,0x4B,0x61,0x2E,0xFB,0xC5,0xCC,0x68,0xB7,0x6D,
+ 0x69,0x10,0xCC,0xA5,0x61,0x78,0xA8,0x81,0x02,0x9E,0xE7,0x63,0xC5,0xFF,0x29,0x22,
+ 0x82,0x68,0xAA,0xAA,0x0E,0xFB,0xA9,0xD8,0x16,0x73,0x25,0xBF,0x9D,0x08,0x62,0x2F,
+ 0x78,0x04,0xF6,0xF6,0x44,0x07,0x37,0x6E,0x99,0x1B,0x93,0xD8,0x7F,0xEE,0x72,0xDE,
+ 0xE8,0x32,0xF6,0x6D,0x78,0x04,0xA0,0xA8,0x21,0x26,0x8A,0x32,0xE3,0xB1,0x65,0x85,
+ 0xA1,0x7B,0x1A,0xA9,0x02,0xB2,0xBB,0xEE,0xDD,0xDD,0x8F,0x41,0x49,0xC8,0x3F,0xDC,
+ 0x1E,0xDF,0x21,0xA3,0x95,0x99,0xBB,0xFC,0x29,0xBA,0x40,0x43,0xB9,0x1C,0xCD,0xC9,
+ 0x21,0x45,0x73,0xAD,0xFF,0xFD,0xA2,0x6C,0x5C,0x3B,0x1C,0x37,0x91,0x34,0x8E,0x5C,
+ 0xD3,0xD5,0x03,0x58,0x28,0xC7,0xF2,0x76,0x6F,0x11,0xC0,0xB5,0xBD,0x7E,0xEF,0x23,
+ 0xB3,0x3D,0xB8,0xBD,0x38,0x66,0x8C,0xF2,0x78,0x95,0xC1,0x8B,0x32,0x65,0x3A,0x9B,
+ 0x49,0x1A,0x5C,0x41,0x3C,0xC6,0x85,0x50,0xEC,0x85,0xF0,0x59,0x17,0x81,0xE8,0x96,
+ 0xE8,0x6A,0xCC,0xB3,0xC7,0x46,0xBF,0x81,0x48,0xD1,0x09,0x1B,0xBC,0x73,0x1E,0xD7,
+ 0xE8,0x27,0xA8,0x49,0x48,0xA2,0x1C,0x41,0x1D,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,
+ 0x01,0x7A,0x30,0x82,0x01,0x76,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,
+ 0x14,0x59,0xB8,0x2B,0x94,0x3A,0x1B,0xBA,0xF1,0x00,0xAE,0xEE,0x50,0x52,0x23,0x33,
+ 0xC9,0x59,0xC3,0x54,0x98,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,
+ 0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,
+ 0x16,0x80,0x14,0x59,0xB8,0x2B,0x94,0x3A,0x1B,0xBA,0xF1,0x00,0xAE,0xEE,0x50,0x52,
+ 0x23,0x33,0xC9,0x59,0xC3,0x54,0x98,0x30,0x82,0x01,0x11,0x06,0x03,0x55,0x1D,0x20,
+ 0x04,0x82,0x01,0x08,0x30,0x82,0x01,0x04,0x30,0x82,0x01,0x00,0x06,0x09,0x2A,0x86,
+ 0x48,0x86,0xF7,0x63,0x64,0x05,0x01,0x30,0x81,0xF2,0x30,0x2A,0x06,0x08,0x2B,0x06,
+ 0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1E,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,
+ 0x77,0x77,0x77,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,
+ 0x70,0x6C,0x65,0x63,0x61,0x2F,0x30,0x81,0xC3,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,
+ 0x07,0x02,0x02,0x30,0x81,0xB6,0x0C,0x81,0xB3,0x52,0x65,0x6C,0x69,0x61,0x6E,0x63,
+ 0x65,0x20,0x6F,0x6E,0x20,0x74,0x68,0x69,0x73,0x20,0x63,0x65,0x72,0x74,0x69,0x66,
+ 0x69,0x63,0x61,0x74,0x65,0x20,0x62,0x79,0x20,0x61,0x6E,0x79,0x20,0x70,0x61,0x72,
+ 0x74,0x79,0x20,0x61,0x73,0x73,0x75,0x6D,0x65,0x73,0x20,0x61,0x63,0x63,0x65,0x70,
+ 0x74,0x61,0x6E,0x63,0x65,0x20,0x6F,0x66,0x20,0x74,0x68,0x65,0x20,0x74,0x68,0x65,
+ 0x6E,0x20,0x61,0x70,0x70,0x6C,0x69,0x63,0x61,0x62,0x6C,0x65,0x20,0x73,0x74,0x61,
+ 0x6E,0x64,0x61,0x72,0x64,0x20,0x74,0x65,0x72,0x6D,0x73,0x20,0x61,0x6E,0x64,0x20,
+ 0x63,0x6F,0x6E,0x64,0x69,0x74,0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,
+ 0x65,0x2C,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x70,
+ 0x6F,0x6C,0x69,0x63,0x79,0x20,0x61,0x6E,0x64,0x20,0x63,0x65,0x72,0x74,0x69,0x66,
+ 0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x70,0x72,0x61,0x63,0x74,0x69,0x63,0x65,
+ 0x20,0x73,0x74,0x61,0x74,0x65,0x6D,0x65,0x6E,0x74,0x73,0x2E,0x30,0x0E,0x06,0x03,
+ 0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0D,0x06,0x09,
+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,
+ 0x10,0x5E,0x6C,0x69,0xFC,0xA6,0x0F,0xE2,0x09,0xD5,0x94,0x90,0xA6,0x7C,0x22,0xDC,
+ 0xEE,0xB0,0x8F,0x24,0x22,0x4F,0xB3,0x67,0xDB,0x32,0xB0,0xD6,0x24,0x87,0xE6,0xF3,
+ 0xEA,0x9E,0xD0,0x95,0x75,0xAA,0xA7,0x08,0xFF,0xB0,0x35,0xD7,0x1F,0xA3,0xBF,0x89,
+ 0x55,0x0C,0x1C,0xA4,0xD0,0xF8,0x00,0x17,0x44,0x94,0x36,0x63,0x3B,0x83,0xFE,0x4E,
+ 0xE5,0xB3,0xEC,0x7B,0x7D,0xCE,0xFE,0xA9,0x54,0xED,0xBB,0x12,0xA6,0x72,0x2B,0xB3,
+ 0x48,0x00,0xC7,0x8E,0xF5,0x5B,0x68,0xC9,0x24,0x22,0x7F,0xA1,0x4D,0xFC,0x54,0xD9,
+ 0xD0,0x5D,0x82,0x53,0x71,0x29,0x66,0xCF,0x0F,0x6D,0x32,0xA6,0x3F,0xAE,0x54,0x27,
+ 0xC2,0x8C,0x12,0x4C,0xF0,0xD6,0xC1,0x80,0x75,0xC3,0x33,0x19,0xD1,0x8B,0x58,0xE6,
+ 0x00,0x69,0x76,0xE7,0xE5,0x3D,0x47,0xF9,0xC0,0x9C,0xE7,0x19,0x1E,0x95,0xBC,0x52,
+ 0x15,0xCE,0x94,0xF8,0x30,0x14,0x0B,0x39,0x0E,0x8B,0xAF,0x29,0x30,0x56,0xAF,0x5A,
+ 0x28,0xAC,0xE1,0x0F,0x51,0x76,0x76,0x9A,0xE7,0xB9,0x7D,0xA3,0x30,0xE8,0xE3,0x71,
+ 0x15,0xE8,0xBF,0x0D,0x4F,0x12,0x9B,0x65,0xAB,0xEF,0xA4,0xE9,0x42,0xF0,0xD2,0x4D,
+ 0x20,0x55,0x29,0x88,0x58,0x5C,0x82,0x67,0x63,0x20,0x50,0xC6,0xCA,0x04,0xE8,0xBC,
+ 0x3D,0x93,0x06,0x21,0xB2,0xC0,0xBF,0x53,0x1E,0xE1,0x8B,0x48,0xA9,0xB9,0xD7,0xE6,
+ 0x5F,0x4E,0x5A,0x2F,0x43,0xAC,0x35,0xBD,0x26,0x60,0x2F,0x01,0xD5,0x86,0x6B,0x64,
+ 0xFA,0x67,0x05,0x44,0x55,0x83,0x5B,0x93,0x9C,0x7C,0xA7,0x26,0x4E,0x02,0x2B,0x48,
};
static NSDate *verifyDate = nil;
static void setup_globals(void) {
- SecCertificateRef leaf = SecCertificateCreateWithBytes(NULL, _ids_prod, sizeof(_ids_prod));
- SecCertificateRef intermediate = SecCertificateCreateWithBytes(NULL, _AppleServerAuth, sizeof(_AppleServerAuth));
- SecCertificateRef rootcert = SecCertificateCreateWithBytes(NULL, _AppleRootCA, sizeof(_AppleRootCA));
+ SecCertificateRef leaf = SecCertificateCreateWithBytes(NULL, _ids_test, sizeof(_ids_test));
+ SecCertificateRef intermediate = SecCertificateCreateWithBytes(NULL, _TestAppleServerAuth, sizeof(_TestAppleServerAuth));
+ SecCertificateRef rootcert = SecCertificateCreateWithBytes(NULL, _TestAppleRootCA, sizeof(_TestAppleRootCA));
certs = @[(__bridge id)leaf,(__bridge id)intermediate];
root = @[(__bridge id)rootcert];
- verifyDate = [NSDate dateWithTimeIntervalSinceReferenceDate:528000000.0]; //September 24, 2017 at 7:40:00 PM PDT
+ verifyDate = [NSDate dateWithTimeIntervalSinceReferenceDate:560000000.0]; //September 30, 2018 at 4:33:20 AM PDT
CFReleaseNull(leaf);
CFReleaseNull(intermediate);
CFReleaseNull(appleRoot);
return result;
}
+
+bool SecCertificateGetDeveloperIDDate(SecCertificateRef certificate, CFAbsoluteTime *time, CFErrorRef *error) {
+ if (!certificate || !time) {
+ return SecError(errSecParam, error, CFSTR("DeveloperID Date parsing: missing required input"));
+ }
+ DERItem *extensionValue = SecCertificateGetExtensionValue(certificate, CFSTR("1.2.840.113635.100.6.1.33"));
+ if (!extensionValue) {
+ return SecError(errSecMissingRequiredExtension, error, CFSTR("DeveloperID Date parsing: extension not found"));
+ }
+ DERDecodedInfo decodedValue;
+ if (DERDecodeItem(extensionValue, &decodedValue) != DR_Success) {
+ return SecError(errSecDecode, error, CFSTR("DeveloperID Date parsing: extension value failed to decode"));
+ }
+ /* The extension value is a DERGeneralizedTime encoded in a UTF8String */
+ CFErrorRef localError = NULL;
+ if (decodedValue.tag == ASN1_UTF8_STRING) {
+ *time = SecAbsoluteTimeFromDateContentWithError(ASN1_GENERALIZED_TIME, decodedValue.content.data, decodedValue.content.length, &localError);
+ } else {
+ return SecError(errSecDecode, error, CFSTR("DeveloperID Date parsing: extension value wrong tag"));
+ }
+ return CFErrorPropagate(localError, error);
+}
_SecCertificateCopyCommonNames
_SecCertificateCopyCompanyName
_SecCertificateCopyCountry
+_SecCertificateGetDeveloperIDDate
_SecCertificateCopyDNSNames
_SecCertificateCopyDNSNamesFromSAN
_SecCertificateCopyDNSNamesFromSubject
CFArrayRef SecOTAPKICopyAppleCertificateAuthorities(SecOTAPKIRef otapkiRef);
+extern const CFStringRef kOTAPKIKillSwitchCT;
+bool SecOTAPKIKillSwitchEnabled(SecOTAPKIRef otapkiRef, CFStringRef switchKey);
+
// SPI to return the array of currently trusted Escrow certificates
CF_EXPORT
CFArrayRef SecOTAPKICopyCurrentEscrowCertificates(uint32_t escrowRootType, CFErrorRef* error);
#if !TARGET_OS_BRIDGE
static BOOL UpdateFromAsset(NSURL *localURL, NSNumber *asset_version, NSError **error);
static BOOL UpdateOTACheckInDate(void);
+static void UpdateKillSwitch(NSString *key, bool value);
#endif
#if TARGET_OS_IPHONE
static void TriggerUnlockNotificationOTATrustAssetCheck(dispatch_queue_t queue);
NSString *kOTATrustTrustedCTLogsFilename = @"TrustedCTLogs.plist";
NSString *kOTATrustAnalyticsSamplingRatesFilename = @"AnalyticsSamplingRates.plist";
NSString *kOTATrustAppleCertifcateAuthoritiesFilename = @"AppleCertificateAuthorities.plist";
+NSString *kOTATrustCTKillSwitch = @"CTKillSwitch";
+
+const CFStringRef kOTAPKIKillSwitchCT = CFSTR("CTKillSwitch");
#if !TARGET_OS_BRIDGE
const NSString *OTATrustMobileAssetType = @"com.apple.MobileAsset.PKITrustSupplementals";
#define kOTATrustMobileAssetNotification "com.apple.MobileAsset.PKITrustSupplementals.cached-metadata-updated"
#define kOTATrustOnDiskAssetNotification "com.apple.trustd.asset-updated"
#define kOTATrustCheckInNotification "com.apple.trustd.asset-check-in"
+#define kOTATrustKillSwitchNotification "com.apple.trustd.kill-switch"
const NSUInteger OTATrustMobileAssetCompatibilityVersion = 1;
#define kOTATrustDefaultUpdatePeriod 60*60*12 // 12 hours
#define kOTATrustMinimumUpdatePeriod 60*5 // 5 min
return NO;
}
+static void GetKillSwitchAttributes(NSDictionary *attributes) {
+ bool killSwitchEnabled = false;
+
+ // CT Kill Switch
+ NSNumber *ctKillSwitch = [attributes objectForKey:kOTATrustCTKillSwitch];
+ if (isNSNumber(ctKillSwitch)) {
+ NSError *error = nil;
+ UpdateOTAContextOnDisk(kOTATrustCTKillSwitch, ctKillSwitch, &error);
+ UpdateKillSwitch(kOTATrustCTKillSwitch, [ctKillSwitch boolValue]);
+ secnotice("OTATrust", "got CT kill switch = %d", [ctKillSwitch boolValue]);
+ killSwitchEnabled = true;
+ }
+
+ /* Other kill switches TBD.
+ * When adding one, make sure to add to the Analytics Samplers since these kill switches
+ * are installed before the full asset is downloaded and installed. (A device can have the
+ * kill switches without having the asset version that contained them.) */
+
+ // notify the other trustds if any kill switch was read
+ if (SecOTAPKIIsSystemTrustd() && killSwitchEnabled) {
+ notify_post(kOTATrustKillSwitchNotification);
+ }
+}
+
// MARK: Fetch and Update Functions
#if TARGET_OS_IPHONE
static NSNumber *UpdateAndPurgeAsset(MAAsset *asset, NSNumber *asset_version, NSError **error) {
continue;
}
+ GetKillSwitchAttributes(asset.attributes);
+
switch (asset.state) {
default:
MakeOTATrustError(&ma_error, OTATrustLogLevelError, NSOSStatusErrorDomain, errSecInternal,
continue;
}
+ GetKillSwitchAttributes(attributes);
+
ASProgressHandler OTATrustHandler = ^(NSDictionary *state, NSError *progressError){
NSString *operationState = nil;
if (progressError) {
began_async_job = true;
}
break;
+ case ASAssetStateStalled:
+ secdebug("OTATrust", "OTATrust asset stalled");
+ // drop through
case ASAssetStateDownloading:
secdebug("OTATrust", "OTATrust asset downloading");
asset.progressHandler = OTATrustHandler;
}
#endif /* !TARGET_OS_IPHONE */
+static bool InitializeKillSwitch(NSString *key) {
+#if !TARGET_OS_BRIDGE
+ NSError *error = nil;
+ NSDictionary *OTAPKIContext = [NSDictionary dictionaryWithContentsOfURL:GetAssetFileURL(kOTATrustContextFilename) error:&error];
+ if (isNSDictionary(OTAPKIContext)) {
+ NSNumber *killSwitchValue = OTAPKIContext[key];
+ if (isNSNumber(killSwitchValue)) {
+ secinfo("OTATrust", "found on-disk kill switch %{public}@ with value %d", key, [killSwitchValue boolValue]);
+ return [killSwitchValue boolValue];
+ } else {
+ MakeOTATrustError(&error, OTATrustLogLevelNotice, NSOSStatusErrorDomain, errSecInvalidValue,
+ @"OTAContext.plist missing check-in");
+ }
+ } else {
+ MakeOTATrustError(&error, OTATrustLogLevelNotice, NSOSStatusErrorDomain, errSecMissingValue,
+ @"OTAContext.plist missing dictionary");
+ }
+#endif
+ return false;
+}
+
static void InitializeOTATrustAsset(dispatch_queue_t queue) {
/* Only the "system" trustd does updates */
if (SecOTAPKIIsSystemTrustd()) {
secinfo("OTATrust", "Got notification about successful PKITrustSupplementals asset check-in");
(void)UpdateOTACheckInDate();
});
+ int out_token3 = 0;
+ notify_register_dispatch(kOTATrustKillSwitchNotification, &out_token3, queue, ^(int __unused token) {
+ UpdateKillSwitch(kOTATrustCTKillSwitch, InitializeKillSwitch(kOTATrustCTKillSwitch));
+ });
}
}
CFDateRef _lastAssetCheckIn;
CFDictionaryRef _eventSamplingRates;
CFArrayRef _appleCAs;
+ bool _ctKillSwitch;
};
CFGiblisFor(SecOTAPKI)
#if !TARGET_OS_BRIDGE
/* Initialize our update handling */
InitializeOTATrustAsset(kOTABackgroundQueue);
-#endif
+ otapkiref->_ctKillSwitch = InitializeKillSwitch(kOTATrustCTKillSwitch);
+#else // TARGET_OS_BRIDGE
+ otapkiref->_ctKillSwitch = true; // bridgeOS never enforces CT
+#endif // TARGET_OS_BRIDGE
return otapkiref;
}
QOS_CLASS_BACKGROUND, 0);
attr = dispatch_queue_attr_make_with_autorelease_frequency(attr, DISPATCH_AUTORELEASE_FREQUENCY_WORK_ITEM);
kOTABackgroundQueue = dispatch_queue_create("com.apple.security.OTAPKIBackgroundQueue", attr);
- kCurrentOTAPKIRef = SecOTACreate();
if (!kOTAQueue || !kOTABackgroundQueue) {
secerror("Failed to create OTAPKI Queues. May crash later.");
}
+ dispatch_sync(kOTAQueue, ^{
+ kCurrentOTAPKIRef = SecOTACreate();
+ });
}
});
}
}
+static void UpdateKillSwitch(NSString *key, bool value) {
+ dispatch_sync(kOTAQueue, ^{
+ if ([key isEqualToString:kOTATrustCTKillSwitch]) {
+ kCurrentOTAPKIRef->_ctKillSwitch = value;
+ }
+ });
+}
+
static BOOL UpdateFromAsset(NSURL *localURL, NSNumber *asset_version, NSError **error) {
if (!localURL || !asset_version) {
MakeOTATrustError(error, OTATrustLogLevelError, NSOSStatusErrorDomain, errSecInternal,
return CFRetainSafe(otapkiRef->_appleCAs);
}
+bool SecOTAPKIKillSwitchEnabled(SecOTAPKIRef otapkiRef, CFStringRef key) {
+ if (NULL == otapkiRef || NULL == key) {
+ return false;
+ }
+ if (CFEqualSafe(key, kOTAPKIKillSwitchCT)) {
+ return otapkiRef->_ctKillSwitch;
+ }
+ return false;
+}
+
/* Returns an array of certificate data (CFDataRef) */
CFArrayRef SecOTAPKICopyCurrentEscrowCertificates(uint32_t escrowRootType, CFErrorRef* error) {
SecOTAPKIRef otapkiref = SecOTAPKICopyCurrentOTAPKIRef();
result = SecAKSDoWhileUserBagLocked(&localError, ^{
do_with_account(^(SOSAccountTransaction* txn) {
SOSAccount *account = txn.account;
- if(![SOSAuthKitHelpers peerinfoHasMID: account]) {
- // This is the first good opportunity to update our FullPeerInfo and
- // push the resulting circle.
- [SOSAuthKitHelpers updateMIDInPeerInfo: account];
+ if([account isInCircle: NULL]) {
+ if(![SOSAuthKitHelpers peerinfoHasMID: account]) {
+ // This is the first good opportunity to update our FullPeerInfo and
+ // push the resulting circle.
+ [SOSAuthKitHelpers updateMIDInPeerInfo: account];
+ }
}
attempted_action = true;
action_result = action(txn, error);
secdebug("backup", "found exact sys_bound item: %@", item);
return true;
}
+ if (isString(service) && CFStringHasPrefix(service, CFSTR("com.apple.gs."))) {
+ secdebug("backup", "found exact sys_bound item: %@", item);
+ return true;
+ }
if (isString(service) && CFEqual(service, CFSTR("com.apple.facetime"))) {
CFStringRef account = CFDictionaryGetValue(item, kSecAttrAccount);
if (isString(account) && CFEqual(account, CFSTR("registrationV1"))) {
require_quiet(SecCertificatePathVCIsPathValidated(path), out);
/* We only enforce this check when all of the following are true:
- * 0. Not a pinning policy */
+ * 0. Kill Switch not enabled */
+ require_quiet(!SecOTAPKIKillSwitchEnabled(otaref, kOTAPKIKillSwitchCT), out);
+
+ /* 1. Not a pinning policy */
SecPolicyRef policy = SecPVCGetPolicy(pvc);
require_quiet(CFEqualSafe(SecPolicyGetName(policy),kSecPolicyNameSSLServer), out);
- /* 1. Device has checked in to MobileAsset for a current log list within the last 60 days.
+ /* 2. Device has checked in to MobileAsset for a current log list within the last 60 days.
* Or the caller passed in the trusted log list. */
require_quiet(SecOTAPKIAssetStalenessLessThanSeconds(otaref, kSecOTAPKIAssetStalenessDisable) || trustedLogs, out);
- /* 2. Leaf issuance date is on or after 16 Oct 2018 at 00:00:00 AM UTC and not expired. */
+ /* 3. Leaf issuance date is on or after 16 Oct 2018 at 00:00:00 AM UTC and not expired. */
SecCertificateRef leaf = SecPVCGetCertificateAtIndex(pvc, 0);
require_quiet(SecCertificateNotValidBefore(leaf) >= 561340800.0 &&
SecCertificateIsValid(leaf, SecPVCGetVerifyTime(pvc)), out);
- /* 3. Chain is anchored with root in the system anchor source but not the Apple anchor source */
+ /* 4. Chain is anchored with root in the system anchor source but not the Apple anchor source
+ * with certain excepted CAs and configurable included CAs. */
CFIndex count = SecPVCGetCertificateCount(pvc);
SecCertificateRef root = SecPVCGetCertificateAtIndex(pvc, count - 1);
appleAnchorSource = SecMemoryCertificateSourceCreate(SecGetAppleTrustAnchors(false));
if (ctp <= kSecPathCTNotRequired || !SecPVCIsSSLServerAuthenticationPolicy(pvc)) {
return;
}
- /* CT was required. Error is always set on leaf certificate. */
- SecPVCSetResultForced(pvc, kSecPolicyCheckCTRequired,
- 0, kCFBooleanFalse, true);
- if (ctp != kSecPathCTRequiredOverridable) {
- /* Normally kSecPolicyCheckCTRequired is recoverable,
- so need to manually change trust result here. */
- pvc->result = kSecTrustResultFatalTrustFailure;
+
+ /* We need to have a recent log list or the CT check may have failed due to the list being out of date.
+ * Also, honor the CT kill switch. */
+ SecOTAPKIRef otaref = SecOTAPKICopyCurrentOTAPKIRef();
+ if (!SecOTAPKIKillSwitchEnabled(otaref, kOTAPKIKillSwitchCT) &&
+ SecOTAPKIAssetStalenessLessThanSeconds(otaref, kSecOTAPKIAssetStalenessDisable)) {
+ /* CT was required. Error is always set on leaf certificate. */
+ SecPVCSetResultForced(pvc, kSecPolicyCheckCTRequired,
+ 0, kCFBooleanFalse, true);
+ if (ctp != kSecPathCTRequiredOverridable) {
+ /* Normally kSecPolicyCheckCTRequired is recoverable,
+ so need to manually change trust result here. */
+ pvc->result = kSecTrustResultFatalTrustFailure;
+ }
}
+ CFReleaseNull(otaref);
}
/* AUDIT[securityd](done):
/* This call will set the value of pvc->is_ct, but won't change the result (pvc->result) */
SecPolicyCheckCT(pvc);
- /* Certs are only EV if they are also CT verified */
- if (ev_check_ok && SecCertificatePathVCIsCT(path)) {
+ /* Certs are only EV if they are also CT verified (when the Kill Switch isn't enabled and against a recent log list) */
+ SecOTAPKIRef otaref = SecOTAPKICopyCurrentOTAPKIRef();
+ if (ev_check_ok && (SecCertificatePathVCIsCT(path) || SecOTAPKIKillSwitchEnabled(otaref, kOTAPKIKillSwitchCT) ||
+ !SecOTAPKIAssetStalenessLessThanSeconds(otaref, kSecOTAPKIAssetStalenessDisable))) {
SecCertificatePathVCSetIsEV(path, true);
}
+ CFReleaseNull(otaref);
}
/* Say that we did the expensive path checks (that we want to skip on the second call) */
/*
- * Copyright (c) 2017-2018 Apple Inc. All Rights Reserved.
+ * Copyright (c) 2017-2019 Apple Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
completionHandler:(void (^)(NSURLSessionResponseDisposition disposition))completionHandler {
/* nsurlsessiond started our download. Create a transaction since we're going to be working for a little bit */
self->_transaction = os_transaction_create("com.apple.trustd.valid.download");
- secinfo("validupdate", "Session %@ data task %@ returned response %ld, expecting %lld bytes", session, dataTask,
- (long)[(NSHTTPURLResponse *)response statusCode],[response expectedContentLength]);
+ secinfo("validupdate", "Session %@ data task %@ returned response %ld (%@), expecting %lld bytes",
+ session, dataTask, (long)[(NSHTTPURLResponse *)response statusCode],
+ [response MIMEType], [response expectedContentLength]);
- (void)checkBasePath(kSecRevocationBasePath);
+ WithPathInRevocationInfoDirectory(NULL, ^(const char *utf8String) {
+ (void)checkBasePath(utf8String);
+ });
CFURLRef updateFileURL = SecCopyURLForFileInRevocationInfoDirectory(CFSTR("update-current"));
self->_currentUpdateFileURL = (updateFileURL) ? CFBridgingRelease(updateFileURL) : nil;
const char *updateFilePath = [self->_currentUpdateFileURL fileSystemRepresentation];
@"Accept-Encoding" : @"gzip,deflate,br"};
config.TLSMinimumSupportedProtocol = kTLSProtocol12;
- config.TLSMaximumSupportedProtocol = kTLSProtocol13;
return config;
}
/* Callbacks should be on a separate NSOperationQueue.
We'll then dispatch the work on updateQueue and return from the callback. */
NSOperationQueue *queue = [[NSOperationQueue alloc] init];
+ queue.maxConcurrentOperationCount = 1;
_backgroundSession = [NSURLSession sessionWithConfiguration:config delegate:delegate delegateQueue:queue];
}
* after system boot before trying to initiate network activity, to avoid the possibility
* of a performance regression in the boot path. */
dispatch_async(updateQueue, ^{
- /* Take a transaction while we work */
- os_transaction_t transaction = os_transaction_create("com.apple.trustd.valid.scheduleUpdate");
CFAbsoluteTime now = CFAbsoluteTimeGetCurrent();
if (self.updateScheduled != 0.0) {
secdebug("validupdate", "update in progress (scheduled %f)", (double)self.updateScheduled);
gNextUpdate = now + (minUptime - uptime);
gUpdateStarted = 0;
secnotice("validupdate", "postponing update until %f", gNextUpdate);
+ return;
} else {
self.updateScheduled = now;
secnotice("validupdate", "scheduling update at %f", (double)self.updateScheduled);
}
}
- NSURL *validUrl = [NSURL URLWithString:[NSString stringWithFormat:@"https://%@/g3/v%ld",
- server, (unsigned long)version]];
- if (!validUrl) {
- secnotice("validupdate", "invalid update url");
- return;
- }
+ /* we have an update to schedule, so take a transaction while we work */
+ os_transaction_t transaction = os_transaction_create("com.apple.trustd.valid.scheduleUpdate");
/* clear all old sessions and cleanup disk (for previous download tasks) */
static dispatch_once_t onceToken;
@"version" : @(version)
});
+ NSURL *validUrl = [NSURL URLWithString:[NSString stringWithFormat:@"https://%@/g3/v%ld",
+ server, (unsigned long)version]];
NSURLSessionDataTask *dataTask = [self.backgroundSession dataTaskWithURL:validUrl];
dataTask.taskDescription = [NSString stringWithFormat:@"%lu",(unsigned long)version];
[dataTask resume];
secnotice("validupdate", "scheduled background data task %@ at %f", dataTask, CFAbsoluteTimeGetCurrent());
(void) transaction; // dead store
- transaction = nil;
+ transaction = nil; // ARC releases the transaction
});
return YES;
</dict>
</dict>
<key>Leaf</key>
- <string>ids_prod</string>
+ <string>ids_test</string>
<key>Intermediates</key>
- <string>AppleServerAuthentication</string>
+ <string>TestAppleServerAuthentication</string>
<key>Anchors</key>
- <string>AppleRootCA</string>
+ <string>TestAppleRootCA</string>
<key>ExpectedResult</key>
<integer>4</integer>
<key>ChainLength</key>
<integer>3</integer>
<key>VerifyDate</key>
- <date>2018-02-08T21:00:00Z</date>
+ <date>2019-02-08T21:00:00Z</date>
</dict>
<dict>
<key>MajorTestName</key>
</dict>
</dict>
<key>Leaf</key>
- <string>ids_prod</string>
+ <string>ids_test</string>
<key>Intermediates</key>
- <string>AppleServerAuthentication</string>
+ <string>TestAppleServerAuthentication</string>
<key>Anchors</key>
- <string>AppleRootCA</string>
+ <string>TestAppleRootCA</string>
<key>ExpectedResult</key>
<integer>4</integer>
<key>ChainLength</key>
<integer>3</integer>
<key>VerifyDate</key>
- <date>2018-02-08T21:00:00Z</date>
+ <date>2019-02-08T21:00:00Z</date>
</dict>
<dict>
<key>MajorTestName</key>
</dict>
</dict>
<key>Leaf</key>
- <string>ids_prod</string>
+ <string>ids_test</string>
<key>Intermediates</key>
- <string>AppleServerAuthentication</string>
+ <string>TestAppleServerAuthentication</string>
<key>Anchors</key>
- <string>AppleRootCA</string>
+ <string>TestAppleRootCA</string>
<key>ExpectedResult</key>
<integer>4</integer>
<key>ChainLength</key>
<integer>3</integer>
<key>VerifyDate</key>
- <date>2018-02-08T21:00:00Z</date>
+ <date>2019-02-08T21:00:00Z</date>
</dict>
<dict>
<key>MajorTestName</key>
</dict>
</dict>
<key>Leaf</key>
- <string>ids_prod</string>
+ <string>ids_test</string>
<key>Intermediates</key>
- <string>AppleServerAuthentication</string>
+ <string>TestAppleServerAuthentication</string>
<key>Anchors</key>
- <string>AppleRootCA</string>
+ <string>TestAppleRootCA</string>
<key>ExpectedResult</key>
<integer>4</integer>
<key>ChainLength</key>
<integer>3</integer>
<key>VerifyDate</key>
- <date>2018-02-08T21:00:00Z</date>
+ <date>2019-02-08T21:00:00Z</date>
</dict>
<dict>
<key>MajorTestName</key>
<key>Properties</key>
<dict>
<key>SecPolicyName</key>
- <string>hls-svod.itunes.apple.com</string>
+ <string>hls-slive.itunes.apple.com</string>
</dict>
</dict>
<key>Leaf</key>
<key>Properties</key>
<dict>
<key>SecPolicyName</key>
- <string>hls-svod.itunes.apple.com</string>
+ <string>hls-slive.itunes.apple.com</string>
</dict>
</dict>
<key>Leaf</key>
// Encrypt message with SEP key.
NSData *message = [@"message" dataUsingEncoding:NSUTF8StringEncoding];
id pubKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key));
- NSData *encrypted = CFBridgingRelease(SecKeyCreateEncryptedDataWithParameters((__bridge SecKeyRef)pubKey, kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM, (__bridge CFDataRef)message, (__bridge CFDictionaryRef)@{(id)kSecKeyEncryptionParameterSymmetricKeySizeInBits: @256}, (void *)&error));
+ NSData *encrypted = CFBridgingRelease(SecKeyCreateEncryptedDataWithParameters((__bridge SecKeyRef)pubKey, kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM, (__bridge CFDataRef)message, (__bridge CFDictionaryRef)@{(id)kSecKeyEncryptionParameterSymmetricKeySizeInBits: @128}, (void *)&error));
ok(encrypted, "failed to encrypt with public key, %@", error);
NSData *cert = [NSData dataWithBytes:satori_test_cert length:sizeof(satori_test_cert)];
NSDictionary *recryptParams = @{
(id)kSecKeyEncryptionParameterRecryptCertificate: cert,
- (id)kSecKeyEncryptionParameterSymmetricKeySizeInBits: @256,
+ (id)kSecKeyEncryptionParameterSymmetricKeySizeInBits: @128,
(id)kSecKeyEncryptionParameterRecryptParameters: @{
- (id)kSecKeyEncryptionParameterSymmetricKeySizeInBits: @256
+ (id)kSecKeyEncryptionParameterSymmetricKeySizeInBits: @128
},
};
NSData *recrypted = CFBridgingRelease(SecKeyCreateDecryptedDataWithParameters((__bridge SecKeyRef)key, kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM, (__bridge CFDataRef)encrypted, (__bridge CFDictionaryRef)recryptParams, (void *)&error));
ok(recrypted, "failed to recrypt, %@", error);
id recryptKey = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)[NSData dataWithBytes:satori_priv length:sizeof(satori_priv)], (CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate}, (void *)&error));
- NSData *decrypted = CFBridgingRelease(SecKeyCreateDecryptedDataWithParameters((__bridge SecKeyRef)recryptKey, kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM, (__bridge CFDataRef)recrypted, (__bridge CFDictionaryRef)@{(id)kSecKeyEncryptionParameterSymmetricKeySizeInBits: @256}, (void *)&error));
+ NSData *decrypted = CFBridgingRelease(SecKeyCreateDecryptedData((__bridge SecKeyRef)recryptKey, kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM, (__bridge CFDataRef)recrypted, (void *)&error));
ok(decrypted, "failed to decrypt, %@", error);
ok([decrypted isEqualToData:message], "Decrypted data differs: %@ vs %@", decrypted, message);
}
SecCertificateRef certA=NULL, certD=NULL, certF=NULL, certCA_alpha=NULL, certCA_beta=NULL;
CFDataRef proofD=NULL, proofA_1=NULL, proofA_2=NULL;
SecCertificateRef www_digicert_com_2015_cert=NULL, www_digicert_com_2016_cert=NULL, digicert_sha2_ev_server_ca=NULL;
- SecCertificateRef www_paypal_com_cert=NULL, www_paypal_com_issuer_cert=NULL;
SecCertificateRef pilot_cert_3055998=NULL, pilot_cert_3055998_issuer=NULL;
SecCertificateRef whitelist_00008013=NULL, whitelist_5555bc4f=NULL, whitelist_aaaae152=NULL, whitelist_fff9b5f6=NULL;
SecCertificateRef whitelist_00008013_issuer=NULL, whitelist_5555bc4f_issuer=NULL, whitelist_fff9b5f6_issuer=NULL;
isnt(www_digicert_com_2015_cert = SecCertificateCreateFromResource(@"www_digicert_com_2015"), NULL, "create www.digicert.com 2015 cert");
isnt(www_digicert_com_2016_cert = SecCertificateCreateFromResource(@"www_digicert_com_2016"), NULL, "create www.digicert.com 2016 cert");
isnt(digicert_sha2_ev_server_ca = SecCertificateCreateFromResource(@"digicert_sha2_ev_server_ca"), NULL, "create digicert.com subCA cert");
- isnt(www_paypal_com_cert = SecCertificateCreateFromResource(@"www_paypal_com"), NULL, "create www.paypal.com cert");
- isnt(www_paypal_com_issuer_cert = SecCertificateCreateFromResource(@"www_paypal_com_issuer"), NULL, "create www.paypal.com issuer cert");
isnt(valid_ocsp = CFDataCreateFromResource(@"valid_ocsp_response"), NULL, "create valid_ocsp");
isnt(invalid_ocsp = CFDataCreateFromResource(@"invalid_ocsp_response"), NULL, "create invalid_ocsp");
isnt(bad_hash_ocsp = CFDataCreateFromResource(@"bad_hash_ocsp_response"), NULL, "create bad_hash_ocsp");
CFReleaseNull(certs);
CFReleaseNull(scts);
- /* case 8: Current (April 2016) www.digicert.com cert: 3 embedded SCTs, CT qualified */
+ /* case 8: April 2016 www.digicert.com cert: 3 embedded SCTs, CT qualified, but OCSP doesn't respond */
isnt(certs = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks), NULL, "create cert array");
CFArrayAppendValue(certs, www_digicert_com_2016_cert);
CFArrayAppendValue(certs, digicert_sha2_ev_server_ca);
+
+ /* WatchOS doesn't require OCSP for EV flag, so even though the OCSP responder no longer responds for this cert,
+ * it is EV on watchOS. */
+#if TARGET_OS_WATCH
test_ct_trust(certs, NULL, NULL, NULL, NULL, CFSTR("www.digicert.com"), date_20160422,
true, true, false, "digicert 2016");
+#else
+ test_ct_trust(certs, NULL, NULL, NULL, NULL, CFSTR("www.digicert.com"), date_20160422,
+ true, false, false, "digicert 2016");
+#endif
CFReleaseNull(certs);
CFReleaseSafe(www_digicert_com_2015_cert);
CFReleaseSafe(www_digicert_com_2016_cert);
CFReleaseSafe(digicert_sha2_ev_server_ca);
- CFReleaseSafe(www_paypal_com_cert);
- CFReleaseSafe(www_paypal_com_issuer_cert);
CFReleaseSafe(pilot_cert_3055998);
CFReleaseSafe(pilot_cert_3055998_issuer);
CFReleaseSafe(whitelist_00008013);
static void test_apple_enforcement_exceptions(void) {
SecCertificateRef appleRoot = NULL, appleServerAuthCA = NULL, apple_server_after = NULL;
- SecCertificateRef geoTrustRoot = NULL, appleISTCA8G1 = NULL, livability = NULL;
+ SecCertificateRef geoTrustRoot = NULL, appleISTCA8G1 = NULL, deprecatedSSLServer = NULL;
CFArrayRef trustedLogs = CTTestsCopyTrustedLogs();
SecTrustRef trust = NULL;
SecPolicyRef policy = NULL;
NSArray *anchors = nil, *certs = nil;
- NSDate *date = [NSDate dateWithTimeIntervalSinceReferenceDate:562340800.0]; // October 27, 2018 at 6:46:40 AM PDT
+ NSDate *date1 = [NSDate dateWithTimeIntervalSinceReferenceDate:562340800.0]; // October 27, 2018 at 6:46:40 AM PDT
+ NSDate *date2 = [NSDate dateWithTimeIntervalSinceReferenceDate:576000000.0]; // April 3, 2019 at 9:00:00 AM PDT
require_action(appleRoot = SecCertificateCreateFromResource(@"enforcement_apple_root"),
errOut, fail("failed to create apple root"));
errOut, fail("failed to create GeoTrust root"));
require_action(appleISTCA8G1 = SecCertificateCreateFromResource(@"AppleISTCA8G1"),
errOut, fail("failed to create apple IST CA"));
- require_action(livability = SecCertificateCreateFromResource(@"livability"),
+ require_action(deprecatedSSLServer = SecCertificateCreateFromResource(@"deprecatedSSLServer"),
errOut, fail("failed to create livability cert"));
// test apple anchor after date without CT passes
policy = SecPolicyCreateSSL(true, CFSTR("bbasile-test.scv.apple.com"));
certs = @[ (__bridge id)apple_server_after, (__bridge id)appleServerAuthCA ];
require_noerr_action(SecTrustCreateWithCertificates((__bridge CFArrayRef)certs, policy, &trust), errOut, fail("failed to create trust"));
- require_noerr_action(SecTrustSetVerifyDate(trust, (__bridge CFDateRef)date), errOut, fail("failed to set verify date"));
+ require_noerr_action(SecTrustSetVerifyDate(trust, (__bridge CFDateRef)date1), errOut, fail("failed to set verify date"));
require_noerr_action(SecTrustSetTrustedLogs(trust, trustedLogs), errOut, fail("failed to set trusted logs"));
ok(SecTrustEvaluateWithError(trust, NULL), "apple root post-flag-date non-CT cert failed");
CFReleaseNull(trust);
CFReleaseNull(policy);
// test apple ca after date without CT passes
- policy = SecPolicyCreateSSL(true, CFSTR("livability.swe.apple.com"));
- certs = @[ (__bridge id)livability, (__bridge id)appleISTCA8G1 ];
+ policy = SecPolicyCreateSSL(true, CFSTR("bbasile-test.scv.apple.com"));
+ certs = @[ (__bridge id)deprecatedSSLServer, (__bridge id)appleISTCA8G1 ];
anchors = @[ (__bridge id)geoTrustRoot ];
require_noerr_action(SecTrustCreateWithCertificates((__bridge CFArrayRef)certs, policy, &trust), errOut, fail("failed to create trust"));
- require_noerr_action(SecTrustSetVerifyDate(trust, (__bridge CFDateRef)date), errOut, fail("failed to set verify date"));
+ require_noerr_action(SecTrustSetVerifyDate(trust, (__bridge CFDateRef)date2), errOut, fail("failed to set verify date"));
require_noerr_action(SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)anchors), errOut, fail("failed to set anchors"));
require_noerr_action(SecTrustSetTrustedLogs(trust, trustedLogs), errOut, fail("failed to set trusted logs"));
ok(SecTrustEvaluateWithError(trust, NULL), "apple public post-flag-date non-CT cert failed");
CFReleaseNull(apple_server_after);
CFReleaseNull(geoTrustRoot);
CFReleaseNull(appleISTCA8G1);
- CFReleaseNull(livability);
+ CFReleaseNull(deprecatedSSLServer);
CFReleaseNull(trustedLogs);
CFReleaseNull(trust);
CFReleaseNull(policy);
int si_82_sectrust_ct(int argc, char *const *argv)
{
- plan_tests(433);
+ plan_tests(431);
tests();
test_sct_serialization();
F6AF96681E646CAF00917214 /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */; };
F93C493B1AB8FF530047E01A /* ckcdiagnose.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = F93C493A1AB8FF530047E01A /* ckcdiagnose.sh */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; };
F964772C1E5832540019E4EB /* SecCodePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0678E1D8CDF7E007602F1 /* SecCodePriv.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ F9C8AFCD223740C800E7D6AE /* requirement.h in Headers */ = {isa = PBXBuildFile; fileRef = F9C8AFCB223740C800E7D6AE /* requirement.h */; };
+ F9C8AFD222374D1100E7D6AE /* requirement.c in Sources */ = {isa = PBXBuildFile; fileRef = F9C8AFC5223740C700E7D6AE /* requirement.c */; };
/* End PBXBuildFile section */
/* Begin PBXBuildRule section */
6C9AA79E1F7C1D8F00D08296 /* supdctl */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = supdctl; sourceTree = BUILT_PRODUCTS_DIR; };
6C9AA7A01F7C1D9000D08296 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = "<group>"; };
6CA2B9431E9F9F5700C43444 /* RateLimiter.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = RateLimiter.h; sourceTree = "<group>"; };
- 6CA557FE219E214200993CF4 /* securityuploadd-sim.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = "securityuploadd-sim.plist"; sourceTree = "<group>"; };
6CA837612210C5E7002770F1 /* kc-45-change-password.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; name = "kc-45-change-password.c"; path = "regressions/kc-45-change-password.c"; sourceTree = "<group>"; };
6CAA8D201F842FB3007B6E03 /* securityuploadd */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = securityuploadd; sourceTree = BUILT_PRODUCTS_DIR; };
6CB5F4751E4025AB00DBF3F0 /* CKKSCloudKitTestsInfo.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = CKKSCloudKitTestsInfo.plist; sourceTree = "<group>"; };
F6A3CB0D1E7062BA00E7821F /* authd-Entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = "authd-Entitlements.plist"; path = "OSX/authd/authd-Entitlements.plist"; sourceTree = "<group>"; };
F93C493A1AB8FF530047E01A /* ckcdiagnose.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = ckcdiagnose.sh; sourceTree = "<group>"; };
F9B458272183E01100F6BCEB /* SignatureEditing.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; name = SignatureEditing.sh; path = OSX/codesign_tests/SignatureEditing.sh; sourceTree = "<group>"; };
+ F9C8AFC5223740C700E7D6AE /* requirement.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = requirement.c; sourceTree = "<group>"; };
+ F9C8AFCB223740C800E7D6AE /* requirement.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = requirement.h; sourceTree = "<group>"; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
DC5ABDBE1D832D5800CF422C /* Source */ = {
isa = PBXGroup;
children = (
+ F9C8AFC5223740C700E7D6AE /* requirement.c */,
+ F9C8AFCB223740C800E7D6AE /* requirement.h */,
DC5ABD781D832D5800CF422C /* srCdsaUtils.cpp */,
DC5ABD791D832D5800CF422C /* srCdsaUtils.h */,
DC5ABD7A1D832D5800CF422C /* createFVMaster.c */,
isa = PBXHeadersBuildPhase;
buildActionMask = 2147483647;
files = (
+ F9C8AFCD223740C800E7D6AE /* requirement.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
};
DC5ABDEB1D832E4000CF422C /* verify_cert.c in Sources */,
DC5ABDEC1D832E4000CF422C /* access_utils.c in Sources */,
DC5ABDED1D832E4000CF422C /* translocate.c in Sources */,
+ F9C8AFD222374D1100E7D6AE /* requirement.c in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
--- /dev/null
+/*
+ * Copyright (c) 2019 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#include <stdio.h>
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <Security/SecRequirement.h>
+#include <Security/SecRequirementPriv.h>
+
+#include "security_tool.h"
+#include "trusted_cert_utils.h"
+#include "requirement.h"
+
+#define CFReleaseSafe(CF) { CFTypeRef _cf = (CF); if (_cf) { CFRelease(_cf); } }
+
+int requirement_evaluate(int argc, char * const *argv)
+{
+ int err = 0;
+ CFErrorRef error = NULL;
+ CFStringRef reqStr = NULL;
+ SecRequirementRef req = NULL;
+ CFMutableArrayRef certs = NULL;
+
+ if (argc < 3) {
+ return SHOW_USAGE_MESSAGE;
+ }
+
+ // Create Requirement
+
+ reqStr = CFStringCreateWithCString(NULL, argv[1], kCFStringEncodingUTF8);
+
+ OSStatus status = SecRequirementCreateWithStringAndErrors(reqStr,
+ kSecCSDefaultFlags, &error, &req);
+
+ if (status != errSecSuccess) {
+ CFStringRef errorDesc = CFErrorCopyDescription(error);
+ CFIndex errorLength = CFStringGetMaximumSizeForEncoding(CFStringGetLength(errorDesc),
+ kCFStringEncodingUTF8);
+ char *errorStr = malloc(errorLength+1);
+
+ CFStringGetCString(errorDesc, errorStr, errorLength+1, kCFStringEncodingUTF8);
+
+ fprintf(stderr, "parsing requirement failed (%d): %s\n", status, errorStr);
+
+ free(errorStr);
+
+ err = 1;
+ }
+
+ // Create cert chain
+
+ const int num_certs = argc - 2;
+
+ certs = CFArrayCreateMutable(NULL, num_certs, &kCFTypeArrayCallBacks);
+
+ for (int i = 0; i < num_certs; ++i) {
+ SecCertificateRef cert = NULL;
+
+ if (readCertFile(argv[2 + i], &cert) != 0) {
+ fprintf(stderr, "Error reading certificate at '%s'\n", argv[2 + i]);
+ err = 2;
+ goto out;
+ }
+
+ CFArrayAppendValue(certs, cert);
+ CFRelease(cert);
+ }
+
+ // Evaluate!
+
+ if (req != NULL) {
+ status = SecRequirementEvaluate(req, certs, NULL, kSecCSDefaultFlags);
+ printf("%d\n", status);
+ err = status == 0 ? 0 : 3;
+ }
+
+out:
+ CFReleaseSafe(certs);
+ CFReleaseSafe(req);
+ CFReleaseSafe(reqStr);
+ CFReleaseSafe(error);
+
+ return err;
+}
--- /dev/null
+/*
+ * Copyright (c) 2019 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+#ifndef _REQUIREMENT_H_
+#define _REQUIREMENT_H_ 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern int requirement_evaluate(int argc, char * const *argv);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _REQUIREMENT_H_ */
#include "createFVMaster.h"
#include "smartcards.h"
#include "translocate.h"
+#include "requirement.h"
#include <ctype.h>
#include <stdio.h>
"If the provided path is translocated, display the original path\n"
"If the provided path is not translocated, display the passed in path",
"Find the original path for a translocated path." },
- {}
+
+ { "requirement-evaluate", requirement_evaluate,
+ "<requirements> [<DER certificate file> ...]\n"
+ "Evaluates the given requirement string against the given cert chain.",
+ "Evaluate a requirement against a cert chain." },
+
+ {}
};
/* Global variables. */
return Server::optionalDatabase(noDb);
}
+static void checkPathLength(char const *str) {
+ if (strlen(str) >= PATH_MAX) {
+ secerror("SecServer: path too long");
+ CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR);
+ }
+}
+
//
// Setup/Teardown functions.
//
{
BEGIN_IPC(getDbName)
string result = Server::database(db)->dbName();
- assert(result.length() < PATH_MAX);
- memcpy(name, result.c_str(), result.length() + 1);
+ checkPathLength(result.c_str());
+ memcpy(name, result.c_str(), result.length() + 1);
END_IPC(DL)
}
kern_return_t ucsp_server_setDbName(UCSP_ARGS, DbHandle db, const char *name)
{
BEGIN_IPC(setDbName)
- Server::database(db)->dbName(name);
+ checkPathLength(name);
+ Server::database(db)->dbName(name);
END_IPC(DL)
}
CopyOutAccessCredentials creds(cred, credLength);
CopyOutEntryAcl owneracl(owner, ownerLength);
CopyOut flatident(ident, identLength, reinterpret_cast<xdrproc_t>(xdr_DLDbFlatIdentifierRef));
+ checkPathLength((*reinterpret_cast<DLDbFlatIdentifier*>(flatident.data())).name);
#ifndef __clang_analyzer__
*db = (new KeychainDatabase(*reinterpret_cast<DLDbFlatIdentifier*>(flatident.data()), params, connection.process(), creds, owneracl))->handle();
#endif
CopyOut flatident(ident, identLength, reinterpret_cast<xdrproc_t>(xdr_DLDbFlatIdentifierRef));
+ checkPathLength((*reinterpret_cast<DLDbFlatIdentifier*>(flatident.data())).name);
+
RefPointer<KeychainDatabase> srcKC = Server::keychain(srcDb);
secnotice("integrity", "cloning db %d", srcKC->handle());
DLDbFlatIdentifier* flatID = (DLDbFlatIdentifier*) flatident.data();
DLDbIdentifier id = *flatID; // invokes a casting operator
+ checkPathLength(id.dbName());
+
#ifndef __clang_analyzer__
*db = (new KeychainDatabase(id, SSBLOB(DbBlob, blob),
connection.process(), creds))->handle();
SecCSFlags flags, SecGuestRef *newGuest)
{
BEGIN_IPC(createGuest)
+ checkPathLength(path);
*newGuest = connection.process().createGuest(host, status, path, DATA(cdhash), DATA(attributes), flags);
END_IPC(CSSM)
}
CFTypeRef extensionOID, bool *isCritical)
__OSX_AVAILABLE_STARTING(__MAC_10_13_4, __IPHONE_11_3);
+bool SecCertificateGetDeveloperIDDate(SecCertificateRef certificate, CFAbsoluteTime *time, CFErrorRef * CF_RETURNS_RETAINED error);
+
/*
* Legacy functions (OS X only)
*/
projects / apple / security.git / commitdiff
