From 000f55fd2f6b3f7217715c0b319b6af746005756 Mon Sep 17 00:00:00 2001 From: Apple Date: Wed, 29 Apr 2020 23:34:44 +0000 Subject: [PATCH] Security-59306.80.4.tar.gz --- .../Regressions/secitem/si-23-sectrust-ocsp.c | 278 ---- .../GoogleInternetAuthorityG3.cer | Bin 1120 -> 0 bytes .../GoogleTrustServicesCA101.cer | Bin 0 -> 1102 bytes .../PinningPolicyTrustTest.plist | 12 +- .../googleapis.cer | Bin 1251 -> 2510 bytes Security.xcodeproj/project.pbxproj | 24 + .../DaemonTests/LoggingServerTests.m | 5 +- tests/TrustTests/DaemonTests/OCSPCacheTests.m | 184 +++ .../DaemonTests/OCSPCacheTests_data.h | 476 ++++++ .../DaemonTests/TrustDaemonTestCase.h | 33 + .../DaemonTests/TrustDaemonTestCase.m | 75 + .../EvaluationTests/RevocationTests.m | 806 +++++++++++ .../EvaluationTests/RevocationTests_data.h | 1287 +++++++++++++++++ .../EvaluationTests/TrustEvaluationTestCase.m | 5 + .../TestCopyProperties_ios.plist | 28 +- tests/TrustTests/TrustEvaluationTestHelpers.h | 2 + tests/TrustTests/TrustEvaluationTestHelpers.m | 48 + trust/trustd/SecOCSPCache.c | 184 ++- trust/trustd/SecOCSPCache.h | 185 +-- trust/trustd/SecRevocationDb.c | 24 +- 20 files changed, 3120 insertions(+), 536 deletions(-) delete mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/GoogleInternetAuthorityG3.cer create mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/GoogleTrustServicesCA101.cer create mode 100644 tests/TrustTests/DaemonTests/OCSPCacheTests.m create mode 100644 tests/TrustTests/DaemonTests/OCSPCacheTests_data.h create mode 100644 tests/TrustTests/DaemonTests/TrustDaemonTestCase.h create mode 100644 tests/TrustTests/DaemonTests/TrustDaemonTestCase.m create mode 100644 tests/TrustTests/EvaluationTests/RevocationTests.m create mode 100644 tests/TrustTests/EvaluationTests/RevocationTests_data.h diff --git a/OSX/sec/Security/Regressions/secitem/si-23-sectrust-ocsp.c b/OSX/sec/Security/Regressions/secitem/si-23-sectrust-ocsp.c index 95761683..bf63ea1b 100644 --- a/OSX/sec/Security/Regressions/secitem/si-23-sectrust-ocsp.c +++ b/OSX/sec/Security/Regressions/secitem/si-23-sectrust-ocsp.c @@ -492,280 +492,6 @@ errOut: CFReleaseNull(error); } -static void test_set_fetch_allowed(void) { - SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; - SecPolicyRef policy = NULL; - SecTrustRef trust = NULL; - CFArrayRef certs = NULL, anchors = NULL; - CFDateRef verifyDate = NULL; - CFErrorRef error = NULL; - - leaf = SecCertificateCreateWithBytes(NULL, _probablyRevokedLeaf, sizeof(_probablyRevokedLeaf)); - subCA = SecCertificateCreateWithBytes(NULL, _digiCertSha2SubCA, sizeof(_digiCertSha2SubCA)); - root = SecCertificateCreateWithBytes(NULL, _digiCertGlobalRoot, sizeof(_digiCertGlobalRoot)); - - const void *v_certs[] = { leaf, subCA }; - const void *v_anchors[] = { root }; - - certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); - policy = SecPolicyCreateSSL(true, CFSTR("revoked.badssl.com")); - require_noerr_action(SecTrustCreateWithCertificates(certs, policy, &trust), errOut, fail("failed to create trust object")); - - anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); - require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); - - verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT - require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); - - /* Clear the OCSP cache in case there are old responses for this cert. */ - ok(SecTrustFlushResponseCache(&error), "OCSP cache flush failed"); - CFReleaseNull(error); - - /* Set no fetch allowed */ - require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, false), errOut, fail("failed to set network fetch disallowed")); - -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wunguarded-availability-new" - /* Evaluate trust. This cert is revoked, but is only listed as "probably revoked" by valid.apple.com. - * Since network fetch is not allowed and we fail open, this cert should come back as trusted. */ - ok(SecTrustEvaluateWithError(trust, &error), "non-definitive revoked cert without network failed"); - CFReleaseNull(error); - - /* Set fetch allowed */ - require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, true), errOut, fail("failed to set network fetch allowed")); - - /* Evaluate trust. SetFetchAllowed should have reset the trust result, so now we should re-do the evaluation and get a revoked failure. */ - is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with network succeeded"); - if (error) { - is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", - (long)CFErrorGetCode(error), errSecCertificateRevoked); - } else { - fail("expected trust evaluation to fail and it did not."); - } - -#pragma clang diagnostic pop - -errOut: - CFReleaseNull(leaf); - CFReleaseNull(subCA); - CFReleaseNull(root); - CFReleaseNull(policy); - CFReleaseNull(trust); - CFReleaseNull(certs); - CFReleaseNull(anchors); - CFReleaseNull(verifyDate); - CFReleaseNull(error); -} - -static void test_check_if_trusted(void) { - SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; - SecPolicyRef sslPolicy = NULL, revocationPolicy = NULL; - SecTrustRef trust = NULL; - CFArrayRef certs = NULL, anchors = NULL, policies = NULL; - CFDateRef verifyDate = NULL, badVerifyDate = NULL; - CFErrorRef error = NULL; - - leaf = SecCertificateCreateWithBytes(NULL, _probablyRevokedLeaf, sizeof(_probablyRevokedLeaf)); - subCA = SecCertificateCreateWithBytes(NULL, _digiCertSha2SubCA, sizeof(_digiCertSha2SubCA)); - root = SecCertificateCreateWithBytes(NULL, _digiCertGlobalRoot, sizeof(_digiCertGlobalRoot)); - - sslPolicy = SecPolicyCreateSSL(true, CFSTR("revoked.badssl.com")); - revocationPolicy = SecPolicyCreateRevocation(kSecRevocationCheckIfTrusted); - - const void *v_certs[] = { leaf, subCA }; - const void *v_anchors[] = { root }; - const void *v_policies[] = { sslPolicy, revocationPolicy }; - - certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); - policies = CFArrayCreate(NULL, v_policies, 2, &kCFTypeArrayCallBacks); - require_noerr_action(SecTrustCreateWithCertificates(certs, policies, &trust), errOut, fail("failed to create trust object")); - - anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); - require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); - badVerifyDate = CFDateCreate(NULL, 490000000.0); // July 12, 2016 at 12:06:40 AM PDT (before cert issued) - require_noerr_action(SecTrustSetVerifyDate(trust, badVerifyDate), errOut, fail("failed to set verify date")); - - /* Clear the OCSP cache in case there are old responses for this cert. */ - ok(SecTrustFlushResponseCache(&error), "OCSP cache flush failed"); - CFReleaseNull(error); - - /* Set no fetch allowed */ - require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, false), errOut, fail("failed to set network fetch disallowed")); - -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wunguarded-availability-new" - /* Evaluate trust. This cert is revoked, but is only listed as "probably revoked" by valid.apple.com. - * Since we are evaluating it at a time before it was issued, it should come back as untrusted - * due to the temporal validity failure, but not due to revocation since we couldn't check for this - * untrusted chain. */ - is(SecTrustEvaluateWithError(trust, &error), false, "not yet valid cert succeeded trust evaluation"); - if (error) { - is(CFErrorGetCode(error), errSecCertificateExpired, "got wrong error code for expired cert"); - } else { - fail("expected trust evaluation to fail and it did not."); - } - CFReleaseNull(error); - - /* Set verify date within validity period */ - verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT - require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); - - /* Evaluate trust. Now that we trust the chain, we should do a revocation check and get a revocation failure. */ - is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with network succeeded"); - if (error) { - is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", - (long)CFErrorGetCode(error), errSecCertificateRevoked); - } else { - fail("expected trust evaluation to fail and it did not."); - } -#pragma clang diagnostic pop - -errOut: - CFReleaseNull(leaf); - CFReleaseNull(subCA); - CFReleaseNull(root); - CFReleaseNull(sslPolicy); - CFReleaseNull(revocationPolicy); - CFReleaseNull(trust); - CFReleaseNull(certs); - CFReleaseNull(anchors); - CFReleaseNull(policies); - CFReleaseNull(verifyDate); - CFReleaseNull(badVerifyDate); - CFReleaseNull(error); -} - -static void test_cache(void) { - SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; - SecPolicyRef policy = NULL; - SecTrustRef trust = NULL; - CFArrayRef certs = NULL, anchors = NULL; - CFDateRef verifyDate = NULL; - CFErrorRef error = NULL; - - leaf = SecCertificateCreateWithBytes(NULL, _probablyRevokedLeaf, sizeof(_probablyRevokedLeaf)); - subCA = SecCertificateCreateWithBytes(NULL, _digiCertSha2SubCA, sizeof(_digiCertSha2SubCA)); - root = SecCertificateCreateWithBytes(NULL, _digiCertGlobalRoot, sizeof(_digiCertGlobalRoot)); - - const void *v_certs[] = { leaf, subCA }; - const void *v_anchors[] = { root }; - - certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); - policy = SecPolicyCreateSSL(true, CFSTR("revoked.badssl.com")); - require_noerr_action(SecTrustCreateWithCertificates(certs, policy, &trust), errOut, fail("failed to create trust object")); - - anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); - require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); - - verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT - require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); - - /* Clear the OCSP cache in case there are old responses for this cert. */ - ok(SecTrustFlushResponseCache(&error), "OCSP cache flush failed"); - CFReleaseNull(error); - -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wunguarded-availability-new" - /* Evaluate trust. This cert is revoked, but is only listed as "probably revoked" by valid.apple.com. - * This cert should come back as revoked after a network-based fetch. */ - is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with network succeeded"); - if (error) { - is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", - (long)CFErrorGetCode(error), errSecCertificateRevoked); - } else { - fail("expected trust evaluation to fail and it did not."); - } - - /* Set no fetch allowed, so we're relying on the cached response from above */ - require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, false), errOut, fail("failed to set network fetch disallowed")); - - /* Evaluate trust. Cached response should tell us that it's revoked. */ - is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with cached response succeeded"); - if (error) { - is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", - (long)CFErrorGetCode(error), errSecCertificateRevoked); - } else { - fail("expected trust evaluation to fail and it did not."); - } - -#pragma clang diagnostic pop - -errOut: - CFReleaseNull(leaf); - CFReleaseNull(subCA); - CFReleaseNull(root); - CFReleaseNull(policy); - CFReleaseNull(trust); - CFReleaseNull(certs); - CFReleaseNull(anchors); - CFReleaseNull(verifyDate); - CFReleaseNull(error); -} - -static void test_stapled_revoked_response(void) { - SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; - SecPolicyRef policy = NULL; - SecTrustRef trust = NULL; - CFArrayRef certs = NULL, anchors = NULL; - CFDateRef verifyDate = NULL; - CFErrorRef error = NULL; - CFDataRef ocspResponse = NULL; - - leaf = SecCertificateCreateWithBytes(NULL, _probablyRevokedLeaf, sizeof(_probablyRevokedLeaf)); - subCA = SecCertificateCreateWithBytes(NULL, _digiCertSha2SubCA, sizeof(_digiCertSha2SubCA)); - root = SecCertificateCreateWithBytes(NULL, _digiCertGlobalRoot, sizeof(_digiCertGlobalRoot)); - - const void *v_certs[] = { leaf, subCA }; - const void *v_anchors[] = { root }; - - certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); - policy = SecPolicyCreateSSL(true, CFSTR("revoked.badssl.com")); - require_noerr_action(SecTrustCreateWithCertificates(certs, policy, &trust), errOut, fail("failed to create trust object")); - - anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); - require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); - - verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT - require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); - - /* Set the stapled response */ - ocspResponse = CFDataCreate(NULL, _digicertOCSPResponse, sizeof(_digicertOCSPResponse)); - ok_status(SecTrustSetOCSPResponse(trust, ocspResponse), "failed to set OCSP response"); - - /* Clear the OCSP cache in case there are old responses for this cert. */ - ok(SecTrustFlushResponseCache(&error), "OCSP cache flush failed"); - CFReleaseNull(error); - - /* Set no fetch allowed, so we're relying on the stapled response from above */ - require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, false), errOut, fail("failed to set network fetch disallowed")); - -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wunguarded-availability-new" - /* Evaluate trust. This cert is revoked, but is only listed as "probably revoked" by valid.apple.com. - * This cert should come back as revoked because of the stapled revoked response. */ - is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with stapled response succeeded"); - if (error) { - is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", - (long)CFErrorGetCode(error), errSecCertificateRevoked); - } else { - fail("expected trust evaluation to fail and it did not."); - } - -#pragma clang diagnostic pop - -errOut: - CFReleaseNull(leaf); - CFReleaseNull(subCA); - CFReleaseNull(root); - CFReleaseNull(policy); - CFReleaseNull(trust); - CFReleaseNull(certs); - CFReleaseNull(anchors); - CFReleaseNull(verifyDate); - CFReleaseNull(error); - CFReleaseNull(ocspResponse); -} - static void test_results_dictionary_revocation_reason(void) { SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; SecPolicyRef policy = NULL; @@ -963,10 +689,6 @@ int si_23_sectrust_ocsp(int argc, char *const *argv) test_aia_https(); test_revocation(); test_forced_revocation(); - test_set_fetch_allowed(); - test_check_if_trusted(); - test_cache(); - test_stapled_revoked_response(); test_results_dictionary_revocation_reason(); test_results_dictionary_revocation_checked(); diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/GoogleInternetAuthorityG3.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/GoogleInternetAuthorityG3.cer deleted file mode 100644 index ffb1a0ff9ae57f1cd25324a04d5bf82fe7937c23..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1120 zcmXqLVu>+mVs=@;%*4pV#LM`2rGd6II z*qB3ExP`^tbMliCbAmI|^Av*e^Gg(*9TjvHf{YA>4Fo|dxP-Y7Dqw=l$btrP;=G3D z24;q)20&n96eZ4UWN2sv=Ng0fHT%r)1 zT2z*qoLX$CYM=~~XBL)$%6sOOq!#6+mMA!umSp4?WtLPbxEmWZF)AT@i;n7 zny>veMLHU|`z_=evLtF`_fEI2sCD%;^LISE=s{VyO@?7*%E`RzfpTew7p3S_9(bO5 zIIJZ&$~pJ+EGC6Z@1-&?ZkSuV=z&&3YJlPS-<$RK3wAi@ZS@r3=gPY?{nvh-`K*@Q z5h3f@roA}Y$0)XEg_N)3(a94R$t~>u^zUGYisxc?@1w$ucbA6?WhQCA{-^Lh^S9N~ z4|SUF-cA$yzEOU`lL@L1jG34j85kEgF@i!$-+&Joq_X^sjQ?3!fa#;nKo-PTWf3zF zVdKzdV`ODzXJ&-6m<)tK(!wC+90qJaiiwc{qJ@t|j76mU(2jsv>1Aabbq}>&XkJja ztZtXLfjmfyGK++PScAyyN9^J0GI9s9*zQGcnWcOGj%1sjfho*y+K(8P>Q!gEuH1yMpi;N76K<3J`Xd3|aEKpsb+@=Usn_QHGsuZkV z4=8M457MK+VqsurV8X_h-pB*Y5e8ZY8ZaA~7{z2jrW6CMgxgk>T999yS(0B=sgInn zfcXWOuoxL+ws%f@68v`eo7*dl80YIOKAXGNNvM4Dj%O#CgAx>~!_|)oZnaP6ov9NY zbxMir?!4Xd-X8Y-Ot#&MEv~Y;U;nSk=scV9=-Rb7heLf@-`|T|He2Fg@YP6EbW+*x zx_QB`4we0}T-)(4ZIaqcnIjfwJ%2g3e~7&n=G%C^{^Oy$8+`vA*2=4ypBM8s$!X@p z?`H2rdUO;XyG@TOXFjmtm{-SN2c`C+D2Z2dmL8Ad=y}4rq;_YEX?&+y7@vc!(2L!s zMQ_)0g!ygQt+#Uali#v-+{q_qdrx#p3qK&TW!i^3I^p&~ENiE(s`b6_iD&*ChZomE Vi+9=FpKzKXT2V0l&|4$9djL9mhAIF6 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/GoogleTrustServicesCA101.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/GoogleTrustServicesCA101.cer new file mode 100644 index 0000000000000000000000000000000000000000..29c5c22e590e1663d666da8281b6422200c6fbfd GIT binary patch literal 1102 zcmXqLV(~I)Vm4a9%*4pV#LM`2%dCaHT`L<^GXr)Q@Un4gwRyCC=VfH%W@Rw&F;p;+ zV`C0w;T9Hm&&f|p%n8m+&r=A>&o5DMc2v++2r@DhHV_1<;1cFSsDKGFBMTbHiSrto z8<-iI8UTTbQIt5Zk)fdxoNM4@$Zfz0GK)=^DKywn&OioYu&8@}etJ%-LP$|*afw23 zYEfBca%wTM9U;LW=NS4M8ZEQ~^CQGm{u#{YE-4S4 zEbIN<_u-@_fp39pcn)t;n!<0AJww3rIrrRV%exB4WOUzOlt@f{uH3A!LRsklC6)Rs z`p;dmqJ6Iiq-|I~&ncPp_XC+D$%*UdXBq!bn!eZL=H(iZ^gE?@^fF)k$gRk{uw8(4 z$4A3M)+&Fcj7xqfKX{WZ*(G-D@!2J3xo>Y?5}9DpVZBy%=dqsU!P0;B++4DH&t03u z>yt%iyldRs|0u;>!GX>1`kLu4b{>cnTIi{&{N!zciO$k3$u&P0+csZ3o2#;hor#%| zfpKvYqcJc<^bPoc0W8bU$oQXy1(+Jz3}iukRTeP=5jGBOHbz!fc4kI6i^)I;BrOb5 z&SAg?q?i~PAX@lX#8^aTT>OzI@cR7hHwp74CP*)MUCa4b+dv+qMVUpyK&(Mz_9OQ2 zbQ!q=S#0+rx6IPLe@C)S&%hLBJ|iQGrh&SFDvWQy*e01#Qc_^0ub-b>T%cEwovD`& zObGhv#YIL2Mj&(LS+os+dKRcIP;OI%s!cA+K~)M?uLl%1um|Z;V6iYTGcaLeOK;=> zrhfx10}YssOpIbOAXAEgR>Ey7N-fAQ&Me6!Xm$ zzjWFyUa=oJ*0=LnlsmGmatTlOd#>5dKIIhA zeMU@C++ok6YiaLq9TAN_+qr5sr`mI)OT2mM3QW-g8zykh;gO%W_J;MVg@1Bh2*hv% zNd{^a?p{;1^{(h!?UNi@I$c|qDXvcbe?7=E;6ms2wV&4i4p^uEa4PR-x3zQUd_4sK DT+W24 literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/PinningPolicyTrustTest.plist b/OSX/shared_regressions/si-20-sectrust-policies-data/PinningPolicyTrustTest.plist index 2f480cf6..8f960ce7 100644 --- a/OSX/shared_regressions/si-20-sectrust-policies-data/PinningPolicyTrustTest.plist +++ b/OSX/shared_regressions/si-20-sectrust-policies-data/PinningPolicyTrustTest.plist @@ -2317,13 +2317,13 @@ Leaf googleapis Intermediates - GoogleInternetAuthorityG3 + GoogleTrustServicesCA101 Anchors GlobalSignRootCAR2 ExpectedResult 4 VerifyDate - 2018-04-14T19:00:00Z + 2019-11-14T20:00:00Z CertDirectory @@ -3164,13 +3164,13 @@ Leaf googleapis Intermediates - GoogleInternetAuthorityG3 + GoogleTrustServicesCA101 Anchors GlobalSignRootCAR2 ExpectedResult 5 VerifyDate - 2018-04-14T19:00:00Z + 2019-11-14T20:00:00Z CertDirectory @@ -3192,13 +3192,13 @@ Leaf googleapis Intermediates - GoogleInternetAuthorityG3 + GoogleTrustServicesCA101 Anchors GlobalSignRootCAR2 ExpectedResult 4 VerifyDate - 2018-04-14T19:00:00Z + 2019-11-14T20:00:00Z CertDirectory diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/googleapis.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/googleapis.cer index 14b15dc8004a743d52b42763eb5599dbe67c1cd8..a3d82d6b452028e3895c7a2bbd0053aaff8c293b 100644 GIT binary patch literal 2510 zcmZ`*X;2eq7~b7%4nh)<00}B_m5L4-!nZUiU{M4?C|*+zr6M(M4wl61ngcaeMphb2 zJn^cER1_^gba09n3_6wRHAAuWu2rgNTX6;}))TMV4GlWAyZM#(dEWPZzW3Yxo^JsY z)BzYtbG-n85hNsc>(vtHUTw1kVt-M-U?3L-#d@>7PvkHhEQCNh9t?s+f&x^eL<;h7 z4H)4Mq{{GV6lJlQuzZKx>B90%j&hPPIdLTz>gNSY>9qVjEMp3W&%%L5CC8I-93+AX zdVPZaLzO%M06ZZn5Q4J*Y6N;nl+p}?jWkmZJ88fpK$yR=SSg=Dx$Q0kX~zml(~?0! zDJ%Hzf~HT;z$1ZbU=^~ESe<16HqfL~M^KAE5m1W6?0`R}BCtp@@J9fP1?doaEl$7s zqNIKHguY|in0GyY%qT)HclyTbt4|U4XQyR^7e7{aEjQb}_{lr#s~<&d>)JG~R3Z6d zeeu~B=bwlZBO4g;e87l{fP&SI8Un+wP*i}3SF(a^JO-5ksYs#~!9t-}00WsHRQi(; z0D&lfq(CFkFm3CO8KMv&z<1Z8X6C@0G}W@DV5FapM%5r@(C64i{jAqx=gQiZVhq8-y|c+g>ItR!7)KlilSUAJ}=F!NiHWxX^{1 zxrBi$mnh{#ZH(&wYal2cY2+h#E9^WKWi$_Ab?^{&4-etC@(|@F9>QZ_!np=q#Hcx8 zox#D&xcQicyfp;HS7Wm9G1et~%%Y`y48=PSZQ`q;OZk|^20q5g&+yLU;@uq=@1$;C zopL+pd+gytjhyGhXywW^Ik`|X$%#6+P?A%P22eVu`~h;kcEb|X!ZtYr;e5=>~Uj(+RnU?K<`XRhL{3ueF~F?1ME1Bpmvsg$v| zEbI1C*7;HR(lSIS0P%ho9f^(uG2os0(e;>D6L4O_VSD4yuZ`CR7+CP80g9lN57ElM zpgyP^YSsul*X%v*!)C5FKh?JS#$Xofm1lHMb534d-f9r-eAMTh`-tizV@4VT7ucM9P;RluPr6QP}3~k?XQeJgB zrXlOAkn*sS+u5Jgezs8j;P|&4;WAItTc0KZ28N;3?1~dR8%lnO96hI@t@Gm>Q;wwf z+`ARKTG4cQXMVxdeq&)r+y2&{Efw|EsmT*32fgfHHDLjji9Yvg6Xyq4`DSaPmZRN9 zb-|}WdoIz^#@|0r8K$`qeJx*=vcELErptIYYsk9exx@%*#iY%1@6{c;njP19`e0(w zlKmHN$_`Afn|c4x!G{$?TiQRWZZqw>mYZ2~_-G|jF|q8)zgA==aNti^tu*)v{4hMho`MN;>jq(sy~gPPEy6jrw6jj%S|ngI9-pTi32F p($K@Mx@z2=xi`~vozdI-Vroao8=GPZ#vZxw;5j9IajUD{{0}G6Xt@9Y literal 1251 zcmXqLV!3b7#C&`KGZP~d6GxOnY**p)RlWwiY@Awc9&O)w85y}*84N-UxeYkkm_u3E zgqcEv4do1EKpZY%QTP1(^qf?MkfPG!5{2N@qO#27)M7(b17(mrv#<A4TEY?fT&oyXbR6_PNBP#=Q6C*zZP@IdYiII_Ew(gc)o4+w#3VE45ciN?M zvInK=zOuJYoOIx=@^#hE;fz&|PJ*+A4)+~ZnA4rC8h7QAy5q*FYjHlCW_lrWw#s4G*Uhs!Jhj&Jomi}3 zrgF*fQMy~mo(}(~6P$Ooe@+YRHCngCZ=Sf+%j~r43hnQ?cHEh^q3FvL#j55zGtYg$ zR<2h4+*V$>{+^IGvHbAcf;(?A#)jIydMJO*5B9NKJ*tgP(Jj0PnjK|z*WgX|`Z@NE*+(o4?COwB7P zHiHH|DA=1MK*IT@DXDoW1^JmkSy+TLiQy3ELyNc!m^RMi<66U}{s$C@Cqh z($_D@&IDVkpI%&Kr0*UQ?C$C4ZmgGFRAQhBSI*cb3ss(xMAVX*0lyaAZcMn#{Vo#1`G!BAf7Udgn?LtNco{10khJ} z$~NjAYP-<9pl(^+E^h-xkOBo3DFX?hPA*^|vM^q&WMXAD;9z4*Z{z{yMgv2T5_uLa z0}TVU1u6@a+7zG;OfJg7bRW<=Imk&Em~Vken2|y1xxqD;ozAWHef<~rU-;GIY7oXV zLD;s7qdki?^tJFeuHcI|=FOR)S={{P&a%!x=JPKC*pydJ3$8I-<#SdtZKJiN%Ztcd z@hR`ML_Swpu|JZ~>~uQax*^;9eNswO^Nl&?Qx#U5v#fZgb@JwfPxGE0>HU*BP5RmN zxTi{Wk6&d4J)6`p^^NKZp~@^)@s>H49^B{htK9mB_ojAGtlO*OPo8wW+*q+`aayTN zhG&|WvV-RY=5F)3n{$69J}laJyaVT(NbmTLvgO>qz1 tK1ttN{CC&Ax`k_BoHO)&R#z|9dgsdi^#%ShCv?nB5B%?6_Idm1BLJxH%9H>A diff --git a/Security.xcodeproj/project.pbxproj b/Security.xcodeproj/project.pbxproj index 63d915ed..fbfb182c 100644 --- a/Security.xcodeproj/project.pbxproj +++ b/Security.xcodeproj/project.pbxproj @@ -2475,6 +2475,12 @@ D4911172209559630066A1E4 /* CoreData.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = D4911167209558900066A1E4 /* CoreData.framework */; settings = {ATTRIBUTES = (Weak, ); }; }; D4911173209559630066A1E4 /* CoreData.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = D4911167209558900066A1E4 /* CoreData.framework */; settings = {ATTRIBUTES = (Weak, ); }; }; D4961BC42079424200F16DA7 /* TrustURLSessionDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = D4961BBD2079423300F16DA7 /* TrustURLSessionDelegate.m */; }; + D49A370323873A580065719F /* RevocationTests.m in Sources */ = {isa = PBXBuildFile; fileRef = D49A370023873A570065719F /* RevocationTests.m */; }; + D49A370423873A580065719F /* RevocationTests.m in Sources */ = {isa = PBXBuildFile; fileRef = D49A370023873A570065719F /* RevocationTests.m */; }; + D49A370623873BD30065719F /* TrustDaemonTestCase.m in Sources */ = {isa = PBXBuildFile; fileRef = D49A370523873BD30065719F /* TrustDaemonTestCase.m */; }; + D49A370723873BD30065719F /* TrustDaemonTestCase.m in Sources */ = {isa = PBXBuildFile; fileRef = D49A370523873BD30065719F /* TrustDaemonTestCase.m */; }; + D49A370C23877ECC0065719F /* OCSPCacheTests.m in Sources */ = {isa = PBXBuildFile; fileRef = D49A370B23877ECC0065719F /* OCSPCacheTests.m */; }; + D49A370D23877ECC0065719F /* OCSPCacheTests.m in Sources */ = {isa = PBXBuildFile; fileRef = D49A370B23877ECC0065719F /* OCSPCacheTests.m */; }; D4A0F8C2211E6A2F00443CA1 /* si-82-sectrust-ct-data in Resources */ = {isa = PBXBuildFile; fileRef = D4A0F8C1211E6A2F00443CA1 /* si-82-sectrust-ct-data */; }; D4A0F8C7211E6A5800443CA1 /* TrustFrameworkTestCase.m in Sources */ = {isa = PBXBuildFile; fileRef = D4A0F8C4211E6A5700443CA1 /* TrustFrameworkTestCase.m */; }; D4A0F8C8211E6A5800443CA1 /* CertificateInterfaceTests.m in Sources */ = {isa = PBXBuildFile; fileRef = D4A0F8C6211E6A5700443CA1 /* CertificateInterfaceTests.m */; }; @@ -12655,6 +12661,11 @@ D4911167209558900066A1E4 /* CoreData.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreData.framework; path = System/Library/Frameworks/CoreData.framework; sourceTree = SDKROOT; }; D4961BBD2079423300F16DA7 /* TrustURLSessionDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = TrustURLSessionDelegate.m; sourceTree = ""; }; D4961BC52079426000F16DA7 /* TrustURLSessionDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TrustURLSessionDelegate.h; sourceTree = ""; }; + D49A370023873A570065719F /* RevocationTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = RevocationTests.m; path = tests/TrustTests/EvaluationTests/RevocationTests.m; sourceTree = ""; }; + D49A370223873A570065719F /* RevocationTests_data.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = RevocationTests_data.h; path = tests/TrustTests/EvaluationTests/RevocationTests_data.h; sourceTree = ""; }; + D49A370523873BD30065719F /* TrustDaemonTestCase.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = TrustDaemonTestCase.m; path = tests/TrustTests/DaemonTests/TrustDaemonTestCase.m; sourceTree = ""; }; + D49A370823873BF10065719F /* TrustDaemonTestCase.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = TrustDaemonTestCase.h; path = tests/TrustTests/DaemonTests/TrustDaemonTestCase.h; sourceTree = ""; }; + D49A370B23877ECC0065719F /* OCSPCacheTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = OCSPCacheTests.m; path = tests/TrustTests/DaemonTests/OCSPCacheTests.m; sourceTree = ""; }; D4A0F8BA211E69CB00443CA1 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = Info.plist; path = tests/TrustTests/Info.plist; sourceTree = ""; }; D4A0F8BB211E69CB00443CA1 /* TestMacroConversions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = TestMacroConversions.h; path = tests/TrustTests/TestMacroConversions.h; sourceTree = ""; }; D4A0F8C1211E6A2F00443CA1 /* si-82-sectrust-ct-data */ = {isa = PBXFileReference; lastKnownFileType = folder; name = "si-82-sectrust-ct-data"; path = "OSX/shared_regressions/si-82-sectrust-ct-data"; sourceTree = ""; }; @@ -12693,6 +12704,7 @@ D4B6D57B2069D8450099FBEF /* si-34-cms-timestamp.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "si-34-cms-timestamp.m"; sourceTree = ""; }; D4B6D5822069D85B0099FBEF /* si-34-cms-timestamp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "si-34-cms-timestamp.h"; sourceTree = ""; }; D4B858661D370D9A003B2D95 /* MobileCoreServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = MobileCoreServices.framework; path = Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS10.0.Internal.sdk/System/Library/Frameworks/MobileCoreServices.framework; sourceTree = DEVELOPER_DIR; }; + D4BA4FD22388687A000B9E64 /* OCSPCacheTests_data.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = OCSPCacheTests_data.h; path = tests/TrustTests/DaemonTests/OCSPCacheTests_data.h; sourceTree = ""; }; D4BEECE61E93093A00F76D1A /* trustd.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = trustd.c; sourceTree = ""; }; D4C263C51F8FF2A9001317EA /* generateErrStrings.pl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.perl; name = generateErrStrings.pl; path = OSX/lib/generateErrStrings.pl; sourceTree = ""; usesTabs = 1; }; D4C263C81F952E64001317EA /* SecDebugErrorMessages.strings */ = {isa = PBXFileReference; explicitFileType = text.plist.strings; fileEncoding = 10; name = SecDebugErrorMessages.strings; path = derived_src/SecDebugErrorMessages.strings; sourceTree = BUILT_PRODUCTS_DIR; }; @@ -19654,6 +19666,10 @@ isa = PBXGroup; children = ( D4EA5CF622B225C000883439 /* LoggingServerTests.m */, + D49A370B23877ECC0065719F /* OCSPCacheTests.m */, + D4BA4FD22388687A000B9E64 /* OCSPCacheTests_data.h */, + D49A370523873BD30065719F /* TrustDaemonTestCase.m */, + D49A370823873BF10065719F /* TrustDaemonTestCase.h */, ); name = DaemonTests; sourceTree = ""; @@ -19683,6 +19699,8 @@ D458C4B6214E19AE0043D982 /* SignatureAlgorithmTests_data.h */, D4056A1922712A650026E24E /* SSLPolicyTests.m */, D4056A1C22712AD80026E24E /* SSLPolicyTests_data.h */, + D49A370023873A570065719F /* RevocationTests.m */, + D49A370223873A570065719F /* RevocationTests_data.h */, D4AC5764214E195200A32C01 /* VerifyDateTests.m */, D4AC5765214E195300A32C01 /* VerifyDateTests_data.h */, D4A0F8CB211E6A8200443CA1 /* TrustEvaluationTestCase.h */, @@ -33924,6 +33942,8 @@ isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( + D49A370723873BD30065719F /* TrustDaemonTestCase.m in Sources */, + D49A370423873A580065719F /* RevocationTests.m in Sources */, D40881F5217573C900180E81 /* SecTrustStatusCodes.c in Sources */, D4FD421D217D789C002B7EE2 /* NameConstraintsTests.m in Sources */, D4FD4221217D7B2E002B7EE2 /* PathScoringTests.m in Sources */, @@ -33947,6 +33967,7 @@ D442830022D68564001746B3 /* TrustEvaluationTestHelpers.m in Sources */, D453A4AB2122236D00850A26 /* TrustEvaluationTestCase.m in Sources */, D453A4AD2122236D00850A26 /* TrustFrameworkTestCase.m in Sources */, + D49A370D23877ECC0065719F /* OCSPCacheTests.m in Sources */, D4EA5CF922B225D100883439 /* LoggingServerTests.m in Sources */, D4056A1B22712A650026E24E /* SSLPolicyTests.m in Sources */, D458C4C4214E19FC0043D982 /* TrustInterfaceTests.m in Sources */, @@ -33977,6 +33998,7 @@ isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( + D49A370C23877ECC0065719F /* OCSPCacheTests.m in Sources */, D40881FA217573F800180E81 /* SecPolicy.c in Sources */, D40881FB217573F800180E81 /* SecPolicyLeafCallbacks.c in Sources */, D40881F9217573EF00180E81 /* SecSignatureVerificationSupport.c in Sources */, @@ -33998,9 +34020,11 @@ D4A0F8C8211E6A5800443CA1 /* CertificateInterfaceTests.m in Sources */, D458C4B0214E198F0043D982 /* CTTests.m in Sources */, D458C4B2214E198F0043D982 /* EvaluationBasicTests.m in Sources */, + D49A370323873A580065719F /* RevocationTests.m in Sources */, D458C4BA214E19AF0043D982 /* iAPTests.m in Sources */, D458C4B8214E19AF0043D982 /* PathParseTests.m in Sources */, D458C525214E33440043D982 /* VerifyDateTests.m in Sources */, + D49A370623873BD30065719F /* TrustDaemonTestCase.m in Sources */, D458C515214E286C0043D982 /* PolicyTests.m in Sources */, D4EF32182156DDEB000A31A5 /* TrustSettingsInterfaceTests.m in Sources */, D44282FF22D68564001746B3 /* TrustEvaluationTestHelpers.m in Sources */, diff --git a/tests/TrustTests/DaemonTests/LoggingServerTests.m b/tests/TrustTests/DaemonTests/LoggingServerTests.m index 6f7b6f53..bbcbd5b1 100644 --- a/tests/TrustTests/DaemonTests/LoggingServerTests.m +++ b/tests/TrustTests/DaemonTests/LoggingServerTests.m @@ -2,7 +2,6 @@ // LoggingServerTests.m // Security // -// Created by Bailey Basile on 6/11/19. // #include @@ -10,7 +9,9 @@ #import "trust/trustd/SecTrustLoggingServer.h" -@interface LoggingServerTests : XCTestCase +#import "TrustDaemonTestCase.h" + +@interface LoggingServerTests : TrustDaemonTestCase @end @implementation LoggingServerTests diff --git a/tests/TrustTests/DaemonTests/OCSPCacheTests.m b/tests/TrustTests/DaemonTests/OCSPCacheTests.m new file mode 100644 index 00000000..1261412b --- /dev/null +++ b/tests/TrustTests/DaemonTests/OCSPCacheTests.m @@ -0,0 +1,184 @@ +// +// OCSPCacheUpgradeTests.m +// Security +// +// + +#include +#import +#import +#include +#include +#import "trust/trustd/SecOCSPRequest.h" +#import "trust/trustd/SecOCSPResponse.h" +#import "trust/trustd/SecOCSPCache.h" + +#import "TrustDaemonTestCase.h" +#import "OCSPCacheTests_data.h" + +@interface OCSPCacheTests : TrustDaemonTestCase +@end + +@implementation OCSPCacheTests + +- (void)setUp +{ + /* Delete the OCSP cache DB so we can start fresh */ + SecOCSPCacheDeleteCache(); +} + +- (BOOL)canReadDB +{ + SecCertificateRef leaf = SecCertificateCreateWithBytes(NULL, _leaf_cert, sizeof(_leaf_cert)); + SecCertificateRef issuer = SecCertificateCreateWithBytes(NULL, _issuer, sizeof(_issuer)); + SecOCSPRequestRef request = SecOCSPRequestCreate(leaf, issuer); + SecOCSPResponseRef response = SecOCSPCacheCopyMatching(request, NULL); + CFReleaseNull(leaf); + CFReleaseNull(issuer); + SecOCSPRequestFinalize(request); + + if (response) { + SecOCSPResponseFinalize(response); + return YES; + } + return NO; +} + +- (void)writeResponse1ToDB +{ + NSData *responseData = [NSData dataWithBytes:_ocsp_response1 length:sizeof(_ocsp_response1)]; + SecOCSPResponseRef response = SecOCSPResponseCreate((__bridge CFDataRef)responseData); + /* use a verifyTime within the validity of the ocsp response */ + (void)SecOCSPResponseCalculateValidity(response, 0, 60, 595602000.0); // as a side effect, populates the expire time + SecOCSPCacheReplaceResponse(NULL, response, NULL, 595602000.0); + SecOCSPResponseFinalize(response); +} + +- (void)writeResponse2ToDB +{ + NSData *responseData = [NSData dataWithBytes:_ocsp_response2 length:sizeof(_ocsp_response2)]; + SecOCSPResponseRef response = SecOCSPResponseCreate((__bridge CFDataRef)responseData); + (void)SecOCSPResponseCalculateValidity(response, 0, 60, 596180000.0); // as a side effect, populates the expire time + SecOCSPCacheReplaceResponse(NULL, response, NULL,596180000.0); + SecOCSPResponseFinalize(response); +} + +- (void)replaceResponse +{ + NSData *responseData = [NSData dataWithBytes:_ocsp_response1 length:sizeof(_ocsp_response1)]; + SecOCSPResponseRef response1 = SecOCSPResponseCreate((__bridge CFDataRef)responseData); + (void)SecOCSPResponseCalculateValidity(response1, 0, 60, 595602000.0); // populate the expire time + + responseData = [NSData dataWithBytes:_ocsp_response2 length:sizeof(_ocsp_response2)]; + SecOCSPResponseRef response2 = SecOCSPResponseCreate((__bridge CFDataRef)responseData); + (void)SecOCSPResponseCalculateValidity(response2, 0, 60, 596180000.0); // populate the expire time + + SecOCSPCacheReplaceResponse(response1, response2, NULL, 596180000.0); + SecOCSPResponseFinalize(response1); + SecOCSPResponseFinalize(response2); +} + +- (void)createDBFromSQL:(NSString *)sql +{ + CFStringRef cf_path = SecOCSPCacheCopyPath(); + CFStringPerformWithCString(cf_path, ^(const char *path) { + /* Create ocsp cahche */ + sqlite3 *db; + XCTAssertEqual(sqlite3_open(path, &db), SQLITE_OK, "create ocsp cache"); + XCTAssertEqual(sqlite3_exec(db, [sql cStringUsingEncoding:NSUTF8StringEncoding], NULL, NULL, NULL), SQLITE_OK, + "populate ocsp cache"); + XCTAssertEqual(sqlite3_close_v2(db), SQLITE_OK); + + }); + CFReleaseNull(cf_path); +} + +- (int)countEntries +{ + CFStringRef cf_path = SecOCSPCacheCopyPath(); + __block int result = 0; + CFStringPerformWithCString(cf_path, ^(const char *path) { + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + XCTAssertEqual(sqlite3_open(path, &db), SQLITE_OK); + NSString *countResponses = @"SELECT COUNT(responseId) FROM responses;"; + XCTAssertEqual(sqlite3_prepare_v2(db, [countResponses cStringUsingEncoding:NSUTF8StringEncoding], + (int)[countResponses length], &stmt, NULL), + SQLITE_OK); + XCTAssertEqual(sqlite3_step(stmt), SQLITE_ROW); + result = sqlite3_column_int(stmt, 0); + XCTAssertEqual(sqlite3_finalize(stmt), SQLITE_OK); + XCTAssertEqual(sqlite3_close_v2(db), SQLITE_OK); + }); + CFReleaseNull(cf_path); + return result; +} + +- (void)testNewDatabase +{ + [self writeResponse1ToDB]; + XCTAssert([self canReadDB]); +} + +- (void)testNewDatabaseReOpen +{ + [self writeResponse1ToDB]; + XCTAssert([self canReadDB]); + SecOCSPCacheCloseDB(); + XCTAssert([self canReadDB]); + [self replaceResponse]; + XCTAssert([self canReadDB]); +} + +- (void)testOldDatabaseUpgradeNoContent +{ + [self createDBFromSQL:_oldDBSchema]; + [self writeResponse1ToDB]; + XCTAssert([self canReadDB]); +} + +- (void)testOldDatabaseUpgradeWithContent +{ + [self createDBFromSQL:_oldDBSchemaWithContent]; + XCTAssert([self canReadDB]); + [self replaceResponse]; + XCTAssert([self canReadDB]); +} + +- (void)testUpgradedDatabaseNoContent +{ + [self createDBFromSQL:_oldDBSchema]; + XCTAssertFalse([self canReadDB]); // should upgrade the DB + SecOCSPCacheCloseDB(); + [self writeResponse1ToDB]; + XCTAssert([self canReadDB]); +} + +- (void)testUpgradedDatabaseWithContent +{ + [self createDBFromSQL:_oldDBSchemaWithContent]; + XCTAssert([self canReadDB]); // should upgrade the DB + SecOCSPCacheCloseDB(); + [self replaceResponse]; + XCTAssert([self canReadDB]); +} + +- (void)testGCExpiredResponses +{ + [self createDBFromSQL:_oldDBSchemaWithContent]; // since this is an old schema, the certStatus will be CS_NotParsed + /* don't replace response 1, just add response 2 a week after response 1 expired */ + [self writeResponse2ToDB]; // as a side effect, should GC the expired non-revoked response + SecOCSPCacheCloseDB(); + XCTAssertEqual([self countEntries], 1); +} + +- (void)testNoGCExpiredRevokedResponses +{ + [self writeResponse1ToDB]; + /* don't replace response 1, just add response 2 a week after response 1 expired */ + [self writeResponse2ToDB]; // should not GC the expired revoked response 1 + SecOCSPCacheCloseDB(); + XCTAssertEqual([self countEntries], 2); +} + +@end diff --git a/tests/TrustTests/DaemonTests/OCSPCacheTests_data.h b/tests/TrustTests/DaemonTests/OCSPCacheTests_data.h new file mode 100644 index 00000000..ef56050a --- /dev/null +++ b/tests/TrustTests/DaemonTests/OCSPCacheTests_data.h @@ -0,0 +1,476 @@ +/* +* Copyright (c) 2019 Apple Inc. All Rights Reserved. +* +* @APPLE_LICENSE_HEADER_START@ +* +* This file contains Original Code and/or Modifications of Original Code +* as defined in and that are subject to the Apple Public Source License +* Version 2.0 (the 'License'). You may not use this file except in +* compliance with the License. Please obtain a copy of the License at +* http://www.opensource.apple.com/apsl/ and read it before using this +* file. +* +* The Original Code and all software distributed under the License are +* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER +* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, +* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, +* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. +* Please see the License for the specific language governing rights and +* limitations under the License. +* +* @APPLE_LICENSE_HEADER_END@ +* +*/ + +#ifndef _TRUSTTESTS_DAEMON_OCSP_CACHE_TESTS_H_ +#define _TRUSTTESTS_DAEMON_OCSP_CACHE_TESTS_H_ + +const uint8_t _ocsp_response1[] = { + 0x30,0x82,0x09,0xcb,0x0a,0x01,0x00,0xa0,0x82,0x09,0xc4,0x30,0x82,0x09,0xc0,0x06,0x09,0x2b,0x06,0x01, + 0x05,0x05,0x07,0x30,0x01,0x01,0x04,0x82,0x09,0xb1,0x30,0x82,0x09,0xad,0x30,0x81,0xb2,0xa2,0x16,0x04, + 0x14,0xd5,0x02,0x45,0x68,0xa0,0x3d,0x2c,0x63,0x40,0x22,0x62,0xb7,0x9c,0x0e,0x85,0x69,0x74,0xb4,0x30, + 0xe8,0x18,0x0f,0x32,0x30,0x31,0x39,0x31,0x31,0x31,0x36,0x30,0x31,0x31,0x32,0x32,0x31,0x5a,0x30,0x81, + 0x86,0x30,0x81,0x83,0x30,0x41,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x05,0x00,0x04,0x14,0x33, + 0x81,0xd1,0xef,0xdb,0x68,0xb0,0x85,0x21,0x4d,0x2e,0xef,0xaf,0x8c,0x4a,0x69,0x64,0x3c,0x2a,0x6c,0x04, + 0x14,0x57,0x17,0xed,0xa2,0xcf,0xdc,0x7c,0x98,0xa1,0x10,0xe0,0xfc,0xbe,0x87,0x2d,0x2c,0xf2,0xe3,0x17, + 0x54,0x02,0x08,0x03,0xb5,0x01,0x60,0xcb,0x4d,0x00,0xde,0xa1,0x16,0x18,0x0f,0x32,0x30,0x31,0x37,0x30, + 0x36,0x31,0x36,0x30,0x34,0x35,0x34,0x30,0x30,0x5a,0xa0,0x03,0x0a,0x01,0x04,0x18,0x0f,0x32,0x30,0x31, + 0x39,0x31,0x31,0x31,0x36,0x30,0x31,0x31,0x32,0x32,0x31,0x5a,0xa0,0x11,0x18,0x0f,0x32,0x30,0x31,0x39, + 0x31,0x31,0x31,0x36,0x31,0x33,0x31,0x32,0x32,0x31,0x5a,0xa1,0x02,0x30,0x00,0x30,0x0d,0x06,0x09,0x2a, + 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x83,0x4f,0x47,0x06,0xe9, + 0x00,0x22,0xf6,0x8c,0xed,0xea,0x79,0xc3,0xa3,0xb5,0xcd,0x9d,0xbf,0x49,0xec,0xea,0x78,0xff,0xda,0xcd, + 0xa8,0xd0,0xdd,0xeb,0x0c,0x4d,0x6d,0x68,0x6a,0x98,0xb4,0xaf,0x6c,0x35,0x1b,0xcb,0x7e,0xf2,0x99,0x24, + 0x88,0x87,0xce,0x2b,0x6e,0xba,0x97,0xfe,0x01,0xc9,0x14,0x5e,0xac,0x69,0x9b,0xb8,0x99,0x6c,0x4b,0xe1, + 0x9e,0x6b,0xe3,0x3f,0xd7,0xf5,0xc7,0x9b,0x49,0x37,0x6a,0xa8,0x63,0x24,0x12,0x2d,0xd0,0xf8,0x2f,0xb3, + 0x59,0xe8,0x77,0xb0,0x2b,0x83,0x04,0x7f,0x77,0x38,0x72,0x13,0x1a,0xa1,0xfc,0x53,0x28,0x50,0xc1,0x21, + 0x9c,0xba,0xf0,0xd0,0xee,0xb2,0x13,0xd9,0x72,0xee,0x89,0xd6,0x78,0xdd,0x42,0x0b,0x62,0xf5,0x6c,0x8a, + 0xdd,0x11,0xf6,0x55,0x69,0x35,0xf9,0x9b,0x4c,0x36,0x39,0x37,0xf7,0xe5,0x4a,0x91,0x9a,0x8e,0x84,0x59, + 0x2a,0xbb,0x20,0xd3,0x1d,0xce,0x95,0x5c,0x77,0xd5,0x15,0x5a,0x1f,0x86,0xec,0xa9,0xaf,0xaa,0x34,0xda, + 0xa7,0xb7,0x7d,0xc1,0x61,0xb2,0x45,0xd9,0xc2,0x79,0x55,0x6c,0xe1,0xba,0xfd,0x47,0x44,0x27,0xc3,0x74, + 0xfd,0x1e,0xeb,0x90,0xb6,0xe6,0x49,0x0f,0x28,0xa8,0x88,0x8c,0xcb,0x4a,0x87,0xaa,0x05,0xf7,0x9b,0x05, + 0xe0,0xd2,0xca,0xb7,0x72,0x20,0x46,0x97,0xb5,0x37,0xd8,0x20,0x4d,0x3e,0x56,0x45,0x93,0xf1,0xe6,0x83, + 0x89,0xd6,0x3c,0x53,0x7c,0xea,0xcb,0xb1,0x3e,0x99,0x05,0x8e,0xa3,0x1a,0x98,0x88,0x95,0xe7,0x04,0xcc, + 0xb3,0x8f,0x57,0x0b,0x4a,0x67,0x2f,0xc2,0x93,0x52,0xe2,0xa0,0x82,0x07,0xe0,0x30,0x82,0x07,0xdc,0x30, + 0x82,0x03,0xd0,0x30,0x82,0x02,0xb8,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x6f,0x0d,0x6c,0x67,0x66,0x49, + 0x04,0xc5,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,0x79,0x31, + 0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x0c,0x24,0x44,0x65,0x76,0x65,0x6c,0x6f,0x70,0x65,0x72,0x20, + 0x49,0x44,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74, + 0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0b,0x0c,0x1d,0x41,0x70,0x70, + 0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74, + 0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70, + 0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, + 0x30,0x1e,0x17,0x0d,0x31,0x39,0x31,0x30,0x31,0x38,0x30,0x35,0x32,0x39,0x31,0x36,0x5a,0x17,0x0d,0x31, + 0x39,0x31,0x31,0x32,0x39,0x30,0x35,0x32,0x39,0x31,0x36,0x5a,0x30,0x4d,0x31,0x29,0x30,0x27,0x06,0x03, + 0x55,0x04,0x03,0x0c,0x20,0x44,0x65,0x76,0x65,0x6c,0x6f,0x70,0x65,0x72,0x20,0x49,0x44,0x20,0x4f,0x43, + 0x53,0x50,0x20,0x52,0x65,0x73,0x70,0x6f,0x6e,0x64,0x65,0x72,0x20,0x4e,0x4c,0x30,0x37,0x31,0x13,0x30, + 0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x0b, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a, + 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02, + 0x82,0x01,0x01,0x00,0xa0,0xb8,0xae,0xe4,0x5b,0xe6,0xdd,0x9e,0x87,0xd6,0x27,0x4b,0xbc,0x8e,0xcf,0x79, + 0x34,0x49,0xa5,0xea,0xf0,0x72,0x4d,0xdc,0xe7,0x5e,0x07,0xc2,0x0a,0xd0,0xd1,0xab,0x36,0xe1,0x37,0x91, + 0x9c,0x60,0xc0,0xd1,0xff,0x4a,0x84,0x13,0xec,0xf1,0x11,0x1b,0x3f,0xb9,0x94,0x83,0xe5,0x22,0x22,0xdf, + 0x31,0x79,0xf8,0x3f,0x41,0xc6,0xfe,0x76,0xb0,0x68,0xe1,0x6d,0xb8,0x2f,0xb0,0x62,0x64,0xef,0xf4,0x9b, + 0xcc,0xd1,0xea,0x8f,0xd4,0xdf,0x2e,0x8f,0xc1,0x8e,0xff,0x02,0x67,0xdb,0xc6,0xd8,0x12,0x42,0x87,0x34, + 0x37,0x6d,0xbd,0xdc,0x7c,0xb7,0xfe,0xd5,0x3e,0x7e,0x0a,0x7e,0x82,0x9d,0x07,0x87,0x28,0xf7,0x9b,0xbd, + 0x0f,0x27,0x9c,0xbf,0xfb,0x39,0xd9,0xd5,0x3c,0xf6,0x63,0xae,0xc8,0xe8,0x19,0x27,0x28,0xab,0x94,0xc5, + 0x15,0x53,0xad,0x61,0x77,0xb2,0x5d,0x85,0x1b,0x21,0x80,0x4a,0xae,0x48,0xdb,0x7d,0xd0,0x74,0xd4,0xde, + 0x84,0xa4,0x50,0xd4,0x69,0x04,0x3f,0xee,0x17,0x8b,0x69,0x21,0x9f,0xe4,0x0b,0x80,0x43,0xb6,0x92,0x8d, + 0x87,0x83,0xdd,0xa7,0x12,0x63,0x34,0x47,0xea,0xfb,0x6b,0x7b,0x47,0xfb,0x28,0x17,0x5c,0x4b,0x01,0x8f, + 0x56,0x5f,0x35,0xc1,0x00,0xef,0x92,0x57,0x81,0x4b,0x2e,0x62,0x61,0xe8,0x14,0x5a,0x6b,0x44,0xf7,0x43, + 0x7e,0x88,0x61,0xd2,0xf7,0xd0,0x4f,0x39,0x2f,0xdc,0xa2,0x21,0x28,0xd3,0x43,0x22,0xf1,0x7a,0xed,0x36, + 0x0c,0x4e,0xf5,0xfb,0x64,0x10,0x95,0xb9,0x2b,0x91,0xb9,0xec,0x20,0xda,0x92,0x5d,0xf9,0xf5,0x61,0x1d, + 0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0x87,0x30,0x81,0x84,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01, + 0xff,0x04,0x02,0x30,0x00,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x57,0x17, + 0xed,0xa2,0xcf,0xdc,0x7c,0x98,0xa1,0x10,0xe0,0xfc,0xbe,0x87,0x2d,0x2c,0xf2,0xe3,0x17,0x54,0x30,0x0f, + 0x06,0x09,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,0x04,0x02,0x05,0x00,0x30,0x13,0x06,0x03,0x55, + 0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x09,0x30,0x1d,0x06,0x03, + 0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0xd5,0x02,0x45,0x68,0xa0,0x3d,0x2c,0x63,0x40,0x22,0x62,0xb7,0x9c, + 0x0e,0x85,0x69,0x74,0xb4,0x30,0xe8,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03, + 0x02,0x07,0x80,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82, + 0x01,0x01,0x00,0x65,0x0c,0x41,0xf8,0xe1,0x16,0xb7,0xd7,0x61,0xe1,0x6a,0xaf,0x12,0x2e,0x70,0xef,0x0a, + 0x40,0xa4,0xd0,0xe2,0x91,0x70,0xbd,0xdb,0xda,0x65,0x62,0x8b,0x40,0x45,0x23,0xc9,0xe8,0xa4,0xd0,0x33, + 0xf7,0xd1,0xa5,0x80,0x4a,0x3a,0xc8,0x76,0x2d,0x20,0xfe,0x27,0x4b,0x30,0xdf,0xa4,0x00,0x35,0x3d,0x1c, + 0x80,0x7c,0xc5,0x09,0x89,0x47,0xd4,0x78,0x7d,0x14,0xdf,0xa1,0xef,0x16,0xad,0xb1,0xca,0xf4,0xf6,0x09, + 0xab,0xc4,0xdc,0x4d,0x72,0x69,0x87,0x9b,0x5b,0x82,0xbb,0xa7,0x68,0x5e,0xfd,0x80,0x29,0x68,0x2d,0xd5, + 0xa0,0x78,0x04,0x57,0x77,0xd0,0x69,0x57,0xfa,0x83,0xb9,0xf0,0x42,0x42,0x71,0xae,0xfe,0xff,0x0b,0xbd, + 0xd3,0xfb,0x3c,0x17,0x01,0x71,0xe2,0x5e,0x81,0xbe,0x72,0xe0,0x75,0xba,0x41,0x0d,0xf0,0x10,0x71,0x02, + 0x36,0xf3,0x26,0x4a,0x01,0x5c,0xa8,0x21,0xe0,0xb2,0x86,0x27,0x1b,0x5e,0xc1,0xb0,0xb0,0x4f,0xdc,0x77, + 0x89,0xe5,0x5c,0x15,0x9a,0x72,0x39,0xaf,0x57,0xe1,0x94,0x2c,0xa3,0x46,0x44,0xce,0x0d,0xe9,0xf1,0xe6, + 0xfa,0xd9,0x6f,0x1e,0x01,0x28,0x1a,0x0e,0x68,0xf4,0x6c,0xf3,0xbd,0x4a,0xf8,0x3a,0xdf,0x93,0x72,0x05, + 0x4f,0x88,0x4b,0x7e,0x13,0xb6,0x92,0xe3,0x28,0xd0,0x14,0x3c,0x13,0x28,0x6d,0x11,0x27,0x36,0xbc,0x73, + 0x27,0xab,0xfc,0x3f,0xb1,0x00,0xab,0x9b,0x35,0x7a,0x87,0x71,0x0e,0x54,0x03,0x68,0x02,0xb2,0xfc,0x8c, + 0x17,0xf3,0x73,0x7e,0xea,0x75,0x64,0x19,0x56,0x9c,0xac,0xb8,0xe6,0x50,0x7c,0x48,0x94,0xec,0x0e,0x30, + 0x82,0x04,0x04,0x30,0x82,0x02,0xec,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x18,0x7a,0xa9,0xa8,0xc2,0x96, + 0x21,0x0c,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,0x62,0x31, + 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, + 0x0a,0x13,0x0a,0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x26,0x30,0x24,0x06,0x03,0x55, + 0x04,0x0b,0x13,0x1d,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74, + 0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x16,0x30,0x14,0x06,0x03,0x55, + 0x04,0x03,0x13,0x0d,0x41,0x70,0x70,0x6c,0x65,0x20,0x52,0x6f,0x6f,0x74,0x20,0x43,0x41,0x30,0x1e,0x17, + 0x0d,0x31,0x32,0x30,0x32,0x30,0x31,0x32,0x32,0x31,0x32,0x31,0x35,0x5a,0x17,0x0d,0x32,0x37,0x30,0x32, + 0x30,0x31,0x32,0x32,0x31,0x32,0x31,0x35,0x5a,0x30,0x79,0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03, + 0x0c,0x24,0x44,0x65,0x76,0x65,0x6c,0x6f,0x70,0x65,0x72,0x20,0x49,0x44,0x20,0x43,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x26, + 0x30,0x24,0x06,0x03,0x55,0x04,0x0b,0x0c,0x1d,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x13, + 0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31, + 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09, + 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a, + 0x02,0x82,0x01,0x01,0x00,0x89,0x76,0x4f,0x06,0x5b,0x9a,0x41,0xee,0xa5,0x23,0x2b,0x02,0xa3,0x5f,0xd7, + 0x73,0x3f,0xc0,0x35,0xb0,0x8b,0x84,0x0a,0x3f,0x06,0x24,0x7f,0xa7,0x95,0x3f,0xeb,0x4f,0x0e,0x93,0xaf, + 0xb4,0x0e,0xd0,0xc8,0x3e,0xe5,0x6d,0x18,0xb3,0x1f,0xe8,0x89,0x47,0xbf,0xd7,0x09,0x08,0xe4,0xff,0x56, + 0x98,0x29,0x15,0xe7,0x94,0x9d,0xb9,0x35,0xa3,0x0a,0xcd,0xb4,0xc0,0xe1,0xe2,0x60,0xf4,0xca,0xec,0x29, + 0x78,0x45,0x69,0x69,0x60,0x6b,0x5f,0x8a,0x92,0xfc,0x9e,0x23,0xe6,0x3a,0xc2,0x22,0xb3,0x31,0x4f,0x1c, + 0xba,0xf2,0xb6,0x34,0x59,0x42,0xee,0xb0,0xa9,0x02,0x03,0x18,0x91,0x04,0xb6,0xb3,0x78,0x2e,0x33,0x1f, + 0x80,0x45,0x0d,0x45,0x6f,0xbb,0x0e,0x5a,0x5b,0x7f,0x3a,0xe7,0xd8,0x08,0xd7,0x0b,0x0e,0x32,0x6d,0xfb, + 0x86,0x36,0xe4,0x6c,0xab,0xc4,0x11,0x8a,0x70,0x84,0x26,0xaa,0x9f,0x44,0xd1,0xf1,0xb8,0xc6,0x7b,0x94, + 0x17,0x9b,0x48,0xf7,0x0b,0x58,0x16,0xba,0x23,0xc5,0x9f,0x15,0x39,0x7e,0xca,0x5d,0xc3,0x32,0x5f,0x0f, + 0xe0,0x52,0x7f,0x40,0xea,0xbe,0xac,0x08,0x64,0x95,0x5b,0xc9,0x1a,0x9c,0xe5,0x80,0xca,0x1f,0x6a,0x44, + 0x1c,0x6c,0x3e,0xc4,0xb0,0x26,0x1f,0x1d,0xec,0x7b,0xaf,0x5e,0xa0,0x6a,0x3d,0x47,0xa9,0x58,0x12,0x31, + 0x3f,0x20,0x76,0x28,0x6d,0x1d,0x1c,0xb0,0xc2,0x4e,0x11,0x69,0x26,0x8b,0xcb,0xd6,0xd0,0x11,0x82,0xc9, + 0x4e,0x0f,0xf1,0x56,0x74,0xd0,0xd9,0x08,0x4b,0x66,0x78,0xa2,0xab,0xac,0xa7,0xe2,0xd2,0x4c,0x87,0x59, + 0xc9,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xa6,0x30,0x81,0xa3,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04, + 0x16,0x04,0x14,0x57,0x17,0xed,0xa2,0xcf,0xdc,0x7c,0x98,0xa1,0x10,0xe0,0xfc,0xbe,0x87,0x2d,0x2c,0xf2, + 0xe3,0x17,0x54,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff, + 0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x2b,0xd0,0x69,0x47,0x94,0x76,0x09, + 0xfe,0xf4,0x6b,0x8d,0x2e,0x40,0xa6,0xf7,0x47,0x4d,0x7f,0x08,0x5e,0x30,0x2e,0x06,0x03,0x55,0x1d,0x1f, + 0x04,0x27,0x30,0x25,0x30,0x23,0xa0,0x21,0xa0,0x1f,0x86,0x1d,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x63, + 0x72,0x6c,0x2e,0x61,0x70,0x70,0x6c,0x65,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x6f,0x6f,0x74,0x2e,0x63,0x72, + 0x6c,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x10,0x06, + 0x0a,0x2a,0x86,0x48,0x86,0xf7,0x63,0x64,0x06,0x02,0x06,0x04,0x02,0x05,0x00,0x30,0x0d,0x06,0x09,0x2a, + 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x42,0x39,0x74,0x6b,0xa1, + 0xdc,0xc6,0xa4,0x8f,0x37,0x2a,0x8c,0xb3,0x1d,0x0a,0x44,0xbc,0x95,0x2c,0x7f,0xbc,0x59,0xb8,0xac,0x61, + 0xfb,0x07,0x90,0x92,0x32,0xb9,0xd4,0xbf,0x3b,0xc1,0x50,0x39,0x6a,0x44,0x74,0xa2,0xec,0x5b,0x1f,0x70, + 0xe5,0xaa,0xdd,0x4b,0x6c,0x1c,0x23,0x71,0x2d,0x5f,0xd1,0xc5,0x93,0xbe,0xee,0x9b,0x8a,0x70,0x65,0x82, + 0x9d,0x16,0xe3,0x1a,0x10,0x17,0x89,0x2d,0xa8,0xcd,0xfd,0x0c,0x78,0x58,0x49,0x0c,0x28,0x7f,0x33,0xee, + 0x00,0x7a,0x1b,0xb4,0x76,0xac,0xb6,0xb5,0xbb,0x4f,0xdf,0xa8,0x1b,0x9d,0xc8,0x19,0x97,0x4a,0x0b,0x56, + 0x67,0x2f,0xc2,0x3e,0xb6,0xb3,0xc4,0x83,0x3a,0xf0,0x77,0x6d,0x74,0xc4,0x2e,0x23,0x51,0xee,0x9a,0xa5, + 0x03,0x6f,0x60,0xf4,0xa5,0x48,0xa7,0x06,0xc2,0xbb,0x5a,0xe2,0x1f,0x1f,0x46,0x45,0x7e,0xe4,0x97,0xf5, + 0x27,0x10,0xb7,0x20,0x22,0x72,0x6f,0x72,0xda,0xc6,0x50,0x75,0xc5,0x3d,0x25,0x8f,0x5d,0xa3,0x00,0xe9, + 0x9f,0x36,0x8c,0x48,0x39,0x8f,0xb3,0x3b,0xea,0x90,0x80,0x2e,0x95,0x9a,0x60,0xf4,0x78,0xce,0xf4,0x0e, + 0x0a,0x53,0x3e,0xa2,0xfa,0x4f,0xd8,0x1e,0xae,0x84,0x95,0x8d,0x32,0xbc,0x56,0x4d,0x89,0xe9,0x78,0x18, + 0xe0,0xac,0x9a,0x42,0xba,0x7a,0x46,0x1b,0x84,0xa2,0x89,0xce,0x14,0xe8,0x88,0xd1,0x58,0x8b,0xf6,0xae, + 0x56,0xc4,0x2c,0x05,0x2a,0x45,0xaf,0x0b,0xd9,0x4b,0xa9,0x02,0x0f,0x34,0xac,0x88,0xc7,0x61,0x55,0x89, + 0x44,0xc9,0x27,0x73,0x07,0xee,0x82,0xe5,0x4e,0xf5,0x70 +}; + +const uint8_t _ocsp_response2[] = { + 0x30,0x82,0x09,0xcb,0x0a,0x01,0x00,0xa0,0x82,0x09,0xc4,0x30,0x82,0x09,0xc0,0x06,0x09,0x2b,0x06,0x01, + 0x05,0x05,0x07,0x30,0x01,0x01,0x04,0x82,0x09,0xb1,0x30,0x82,0x09,0xad,0x30,0x81,0xb2,0xa2,0x16,0x04, + 0x14,0x5d,0xbe,0xc7,0xf0,0xf1,0x0e,0x9e,0x8c,0x06,0xce,0xad,0xa6,0x49,0xfb,0xc1,0xfc,0x01,0x90,0x27, + 0x97,0x18,0x0f,0x32,0x30,0x31,0x39,0x31,0x31,0x32,0x32,0x31,0x39,0x30,0x30,0x32,0x36,0x5a,0x30,0x81, + 0x86,0x30,0x81,0x83,0x30,0x41,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x05,0x00,0x04,0x14,0x33, + 0x81,0xd1,0xef,0xdb,0x68,0xb0,0x85,0x21,0x4d,0x2e,0xef,0xaf,0x8c,0x4a,0x69,0x64,0x3c,0x2a,0x6c,0x04, + 0x14,0x57,0x17,0xed,0xa2,0xcf,0xdc,0x7c,0x98,0xa1,0x10,0xe0,0xfc,0xbe,0x87,0x2d,0x2c,0xf2,0xe3,0x17, + 0x54,0x02,0x08,0x03,0xb5,0x01,0x60,0xcb,0x4d,0x00,0xde,0xa1,0x16,0x18,0x0f,0x32,0x30,0x31,0x37,0x30, + 0x36,0x31,0x36,0x30,0x34,0x35,0x34,0x30,0x30,0x5a,0xa0,0x03,0x0a,0x01,0x04,0x18,0x0f,0x32,0x30,0x31, + 0x39,0x31,0x31,0x32,0x32,0x31,0x39,0x30,0x30,0x32,0x36,0x5a,0xa0,0x11,0x18,0x0f,0x32,0x30,0x31,0x39, + 0x31,0x31,0x32,0x33,0x30,0x37,0x30,0x30,0x32,0x36,0x5a,0xa1,0x02,0x30,0x00,0x30,0x0d,0x06,0x09,0x2a, + 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x00,0xb2,0x91,0x33,0x70, + 0xd3,0xb5,0x9d,0x66,0x76,0xdc,0xea,0x78,0x1c,0x80,0xfa,0x9c,0x5b,0x16,0x7e,0xb2,0xeb,0x7b,0xd7,0x3f, + 0xeb,0x55,0xfc,0x1a,0xa3,0xea,0xfb,0xc0,0xc2,0x89,0x94,0x48,0xee,0x8c,0xd2,0xbc,0xa2,0x67,0xe9,0xff, + 0x89,0x6f,0x31,0x6d,0x6b,0x59,0x93,0xdf,0x01,0xda,0x74,0x35,0x39,0x55,0x8b,0x62,0x28,0x2f,0xfa,0x76, + 0x46,0x5c,0x4a,0xce,0x9f,0x27,0x84,0x83,0x7b,0xae,0xcd,0xa3,0x0c,0x5b,0x2d,0xbe,0x43,0x5b,0x8f,0xf7, + 0x8c,0xb1,0x5a,0x45,0xce,0x65,0x93,0x84,0xbd,0x26,0x79,0x5a,0xf6,0x0c,0x65,0x2b,0xf0,0xf5,0xe1,0x1f, + 0xeb,0xfd,0x22,0x8a,0xcd,0xaa,0x3d,0xd8,0x5e,0xf8,0xd2,0x3f,0xdb,0xd6,0x4f,0xb6,0xa9,0x01,0xfe,0x1b, + 0x63,0xb5,0xbe,0x55,0x28,0xf8,0xa3,0x07,0x5c,0xd4,0x8e,0x45,0xbf,0x36,0xe9,0x23,0xa8,0x06,0xfa,0xe2, + 0x4a,0x2f,0x09,0x18,0x8b,0x90,0x3e,0x1f,0xba,0x11,0x52,0x10,0xed,0x69,0xa9,0xbb,0xe4,0x94,0xa0,0x10, + 0x4b,0xf4,0xb5,0xad,0xc6,0x26,0xee,0xee,0x81,0xa8,0x61,0xe6,0x1a,0xbf,0x6b,0xbd,0x76,0xcc,0xfb,0xa1, + 0xa1,0xcb,0x97,0x6b,0xe6,0x39,0xad,0x57,0xa3,0xeb,0x94,0x43,0x8a,0x26,0x5e,0x89,0x2c,0xd9,0x19,0x52, + 0xe7,0x85,0x54,0xaf,0x9d,0xa7,0x44,0xf5,0xf0,0xef,0x07,0x38,0x2a,0x75,0x3a,0x4d,0xb0,0xd4,0xc7,0xe0, + 0xa2,0x39,0x24,0x75,0x30,0x2b,0xac,0x12,0x7e,0x01,0xcf,0x29,0x09,0x83,0x96,0xe3,0xbe,0x7e,0x06,0x53, + 0x02,0x49,0x16,0xca,0xa5,0xc3,0xfc,0x6e,0x2a,0xed,0xf6,0xa0,0x82,0x07,0xe0,0x30,0x82,0x07,0xdc,0x30, + 0x82,0x03,0xd0,0x30,0x82,0x02,0xb8,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x26,0xfa,0xf5,0x12,0x8f,0xf8, + 0x97,0x82,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,0x79,0x31, + 0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x0c,0x24,0x44,0x65,0x76,0x65,0x6c,0x6f,0x70,0x65,0x72,0x20, + 0x49,0x44,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74, + 0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0b,0x0c,0x1d,0x41,0x70,0x70, + 0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74, + 0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70, + 0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, + 0x30,0x1e,0x17,0x0d,0x31,0x39,0x31,0x31,0x32,0x31,0x32,0x32,0x34,0x31,0x30,0x39,0x5a,0x17,0x0d,0x32, + 0x30,0x30,0x31,0x30,0x32,0x32,0x32,0x34,0x31,0x30,0x39,0x5a,0x30,0x4d,0x31,0x29,0x30,0x27,0x06,0x03, + 0x55,0x04,0x03,0x0c,0x20,0x44,0x65,0x76,0x65,0x6c,0x6f,0x70,0x65,0x72,0x20,0x49,0x44,0x20,0x4f,0x43, + 0x53,0x50,0x20,0x52,0x65,0x73,0x70,0x6f,0x6e,0x64,0x65,0x72,0x20,0x4e,0x4c,0x30,0x37,0x31,0x13,0x30, + 0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x0b, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a, + 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02, + 0x82,0x01,0x01,0x00,0xb0,0xd4,0x51,0x76,0xdb,0xd6,0xb8,0xee,0x65,0x96,0x19,0x3f,0x9e,0xa0,0x30,0x23, + 0xfa,0xbf,0x31,0x48,0x44,0x6a,0x8c,0x1e,0xcb,0x4d,0x2a,0x1c,0x6f,0x31,0x24,0x9c,0x72,0x4e,0x1f,0xab, + 0xe8,0xde,0x6a,0xaa,0x90,0x07,0x9c,0x38,0xcb,0x7a,0x22,0x6c,0xec,0x0d,0x6d,0x56,0x69,0x69,0x87,0xd3, + 0x59,0xc2,0x03,0x17,0xb1,0x9f,0xb0,0x40,0x4b,0xfe,0x12,0x46,0xc4,0xc1,0xa2,0x8c,0x11,0x4f,0x46,0x81, + 0xf3,0x12,0x68,0x66,0xd9,0xa1,0x0d,0x73,0x69,0xca,0x27,0xe4,0x30,0xbd,0xaa,0x1f,0x16,0xf9,0x7c,0x40, + 0x38,0xbc,0x1b,0x6b,0x31,0xf1,0xc8,0xc1,0x4a,0x69,0x0e,0x38,0xb5,0xda,0x66,0x37,0xc3,0x85,0xfd,0x34, + 0x16,0x0f,0xdd,0x0f,0x2d,0x85,0xf3,0xf7,0xe8,0x48,0x65,0xbc,0xd0,0x44,0xa2,0x1d,0x48,0x41,0xd1,0x40, + 0x2c,0xdd,0x71,0xf4,0x9d,0xd3,0x2f,0xf3,0xe1,0xca,0xe5,0x1b,0x24,0xb5,0x54,0xac,0x1f,0x16,0x62,0x24, + 0x62,0xbe,0xe4,0x5f,0x90,0x63,0xc3,0xf0,0xcd,0x68,0xd4,0x51,0x94,0x96,0x4d,0x96,0x40,0x18,0x18,0xd6, + 0x50,0xa9,0x77,0xb9,0x04,0x79,0xf2,0x6f,0xe4,0x0e,0x3e,0xd6,0xbf,0xaf,0xe6,0x70,0x6d,0x2d,0x6a,0x15, + 0x05,0x95,0x35,0xb3,0x1d,0x97,0xa0,0x4e,0xd8,0xb1,0x27,0xfe,0xf8,0xc2,0x3f,0x02,0xa4,0x2c,0xe7,0x73, + 0x29,0x9b,0x24,0x28,0x59,0x24,0x38,0x69,0x07,0xa7,0x55,0x63,0x90,0x46,0xf8,0xae,0x64,0xe7,0x09,0x88, + 0xce,0x47,0xe8,0x50,0x52,0x87,0xbc,0x5f,0xec,0xa4,0xc0,0x2d,0x8d,0x5e,0xbd,0xa5,0x16,0xf7,0x73,0xdb, + 0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0x87,0x30,0x81,0x84,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01, + 0xff,0x04,0x02,0x30,0x00,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x57,0x17, + 0xed,0xa2,0xcf,0xdc,0x7c,0x98,0xa1,0x10,0xe0,0xfc,0xbe,0x87,0x2d,0x2c,0xf2,0xe3,0x17,0x54,0x30,0x0f, + 0x06,0x09,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,0x04,0x02,0x05,0x00,0x30,0x13,0x06,0x03,0x55, + 0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x09,0x30,0x1d,0x06,0x03, + 0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x5d,0xbe,0xc7,0xf0,0xf1,0x0e,0x9e,0x8c,0x06,0xce,0xad,0xa6,0x49, + 0xfb,0xc1,0xfc,0x01,0x90,0x27,0x97,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03, + 0x02,0x07,0x80,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82, + 0x01,0x01,0x00,0x16,0x9d,0x0a,0x5f,0xca,0x08,0xec,0xb8,0xaa,0xb0,0x43,0xaf,0x74,0xd9,0xac,0x0d,0xd0, + 0x09,0x24,0x10,0x31,0x94,0x73,0x77,0xb0,0xbc,0x9d,0xfd,0x52,0x18,0xf2,0x88,0xdc,0x7e,0xfd,0x47,0x69, + 0xf3,0x5f,0xb7,0x51,0xc7,0xe9,0xd1,0x2e,0x1b,0x7b,0x71,0xc3,0x88,0xaf,0xe4,0x45,0xbd,0x24,0xea,0x7f, + 0xeb,0xe6,0x4d,0x8b,0xe7,0xc7,0xfa,0xf7,0xe6,0xa3,0xbb,0x40,0x0d,0xfe,0xf7,0x08,0xe0,0x8f,0xce,0xd0, + 0x9c,0x4d,0xb4,0x75,0xe4,0xac,0xe8,0x32,0xe0,0x3e,0xd9,0x4a,0xf2,0x95,0xa9,0xc3,0xe1,0x4f,0xf4,0x39, + 0x55,0x76,0xdf,0xc5,0x01,0x73,0xb6,0x99,0x5b,0x4a,0x20,0xd8,0xe2,0x5a,0xa0,0xcb,0x11,0xaa,0xb9,0x4b, + 0x6c,0x6d,0xcf,0x01,0x7e,0x21,0x32,0xd3,0x06,0x84,0x48,0xe4,0xc9,0xfc,0x72,0xe0,0xc1,0xff,0x58,0x93, + 0xec,0x31,0x81,0x50,0x16,0x6e,0x5c,0xde,0x87,0x99,0x60,0x57,0xa6,0x2b,0xac,0x2f,0x7d,0x74,0x2e,0x4d, + 0x97,0x5d,0xe3,0xe3,0xe8,0x76,0x95,0xc1,0xeb,0x25,0x29,0xd5,0xc1,0x03,0x85,0x2d,0x11,0xb0,0xdf,0xb1, + 0x29,0x55,0x56,0x00,0xda,0xe0,0xf6,0x95,0xd2,0x8b,0xf4,0x44,0x5d,0xf5,0xbc,0x22,0xc1,0x71,0x02,0x03, + 0x16,0xf0,0x77,0xd9,0x29,0xa8,0xe8,0xdf,0x75,0x13,0x1b,0xb6,0x76,0x8c,0x1d,0x37,0x1f,0x68,0xb7,0xa0, + 0x7f,0xaa,0x41,0x96,0x80,0xf6,0x1b,0x97,0x0e,0x64,0x9e,0x19,0xb7,0x27,0x78,0x1e,0x8b,0x8c,0x31,0x79, + 0xa6,0xb8,0x99,0x57,0xc8,0x6d,0x5d,0x80,0x50,0xd4,0x60,0xec,0xac,0xdb,0x35,0x05,0x8a,0xe2,0xa0,0x30, + 0x82,0x04,0x04,0x30,0x82,0x02,0xec,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x18,0x7a,0xa9,0xa8,0xc2,0x96, + 0x21,0x0c,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,0x62,0x31, + 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, + 0x0a,0x13,0x0a,0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x26,0x30,0x24,0x06,0x03,0x55, + 0x04,0x0b,0x13,0x1d,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74, + 0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x16,0x30,0x14,0x06,0x03,0x55, + 0x04,0x03,0x13,0x0d,0x41,0x70,0x70,0x6c,0x65,0x20,0x52,0x6f,0x6f,0x74,0x20,0x43,0x41,0x30,0x1e,0x17, + 0x0d,0x31,0x32,0x30,0x32,0x30,0x31,0x32,0x32,0x31,0x32,0x31,0x35,0x5a,0x17,0x0d,0x32,0x37,0x30,0x32, + 0x30,0x31,0x32,0x32,0x31,0x32,0x31,0x35,0x5a,0x30,0x79,0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03, + 0x0c,0x24,0x44,0x65,0x76,0x65,0x6c,0x6f,0x70,0x65,0x72,0x20,0x49,0x44,0x20,0x43,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x26, + 0x30,0x24,0x06,0x03,0x55,0x04,0x0b,0x0c,0x1d,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x13, + 0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31, + 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09, + 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a, + 0x02,0x82,0x01,0x01,0x00,0x89,0x76,0x4f,0x06,0x5b,0x9a,0x41,0xee,0xa5,0x23,0x2b,0x02,0xa3,0x5f,0xd7, + 0x73,0x3f,0xc0,0x35,0xb0,0x8b,0x84,0x0a,0x3f,0x06,0x24,0x7f,0xa7,0x95,0x3f,0xeb,0x4f,0x0e,0x93,0xaf, + 0xb4,0x0e,0xd0,0xc8,0x3e,0xe5,0x6d,0x18,0xb3,0x1f,0xe8,0x89,0x47,0xbf,0xd7,0x09,0x08,0xe4,0xff,0x56, + 0x98,0x29,0x15,0xe7,0x94,0x9d,0xb9,0x35,0xa3,0x0a,0xcd,0xb4,0xc0,0xe1,0xe2,0x60,0xf4,0xca,0xec,0x29, + 0x78,0x45,0x69,0x69,0x60,0x6b,0x5f,0x8a,0x92,0xfc,0x9e,0x23,0xe6,0x3a,0xc2,0x22,0xb3,0x31,0x4f,0x1c, + 0xba,0xf2,0xb6,0x34,0x59,0x42,0xee,0xb0,0xa9,0x02,0x03,0x18,0x91,0x04,0xb6,0xb3,0x78,0x2e,0x33,0x1f, + 0x80,0x45,0x0d,0x45,0x6f,0xbb,0x0e,0x5a,0x5b,0x7f,0x3a,0xe7,0xd8,0x08,0xd7,0x0b,0x0e,0x32,0x6d,0xfb, + 0x86,0x36,0xe4,0x6c,0xab,0xc4,0x11,0x8a,0x70,0x84,0x26,0xaa,0x9f,0x44,0xd1,0xf1,0xb8,0xc6,0x7b,0x94, + 0x17,0x9b,0x48,0xf7,0x0b,0x58,0x16,0xba,0x23,0xc5,0x9f,0x15,0x39,0x7e,0xca,0x5d,0xc3,0x32,0x5f,0x0f, + 0xe0,0x52,0x7f,0x40,0xea,0xbe,0xac,0x08,0x64,0x95,0x5b,0xc9,0x1a,0x9c,0xe5,0x80,0xca,0x1f,0x6a,0x44, + 0x1c,0x6c,0x3e,0xc4,0xb0,0x26,0x1f,0x1d,0xec,0x7b,0xaf,0x5e,0xa0,0x6a,0x3d,0x47,0xa9,0x58,0x12,0x31, + 0x3f,0x20,0x76,0x28,0x6d,0x1d,0x1c,0xb0,0xc2,0x4e,0x11,0x69,0x26,0x8b,0xcb,0xd6,0xd0,0x11,0x82,0xc9, + 0x4e,0x0f,0xf1,0x56,0x74,0xd0,0xd9,0x08,0x4b,0x66,0x78,0xa2,0xab,0xac,0xa7,0xe2,0xd2,0x4c,0x87,0x59, + 0xc9,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xa6,0x30,0x81,0xa3,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04, + 0x16,0x04,0x14,0x57,0x17,0xed,0xa2,0xcf,0xdc,0x7c,0x98,0xa1,0x10,0xe0,0xfc,0xbe,0x87,0x2d,0x2c,0xf2, + 0xe3,0x17,0x54,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff, + 0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x2b,0xd0,0x69,0x47,0x94,0x76,0x09, + 0xfe,0xf4,0x6b,0x8d,0x2e,0x40,0xa6,0xf7,0x47,0x4d,0x7f,0x08,0x5e,0x30,0x2e,0x06,0x03,0x55,0x1d,0x1f, + 0x04,0x27,0x30,0x25,0x30,0x23,0xa0,0x21,0xa0,0x1f,0x86,0x1d,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x63, + 0x72,0x6c,0x2e,0x61,0x70,0x70,0x6c,0x65,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x6f,0x6f,0x74,0x2e,0x63,0x72, + 0x6c,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x10,0x06, + 0x0a,0x2a,0x86,0x48,0x86,0xf7,0x63,0x64,0x06,0x02,0x06,0x04,0x02,0x05,0x00,0x30,0x0d,0x06,0x09,0x2a, + 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x42,0x39,0x74,0x6b,0xa1, + 0xdc,0xc6,0xa4,0x8f,0x37,0x2a,0x8c,0xb3,0x1d,0x0a,0x44,0xbc,0x95,0x2c,0x7f,0xbc,0x59,0xb8,0xac,0x61, + 0xfb,0x07,0x90,0x92,0x32,0xb9,0xd4,0xbf,0x3b,0xc1,0x50,0x39,0x6a,0x44,0x74,0xa2,0xec,0x5b,0x1f,0x70, + 0xe5,0xaa,0xdd,0x4b,0x6c,0x1c,0x23,0x71,0x2d,0x5f,0xd1,0xc5,0x93,0xbe,0xee,0x9b,0x8a,0x70,0x65,0x82, + 0x9d,0x16,0xe3,0x1a,0x10,0x17,0x89,0x2d,0xa8,0xcd,0xfd,0x0c,0x78,0x58,0x49,0x0c,0x28,0x7f,0x33,0xee, + 0x00,0x7a,0x1b,0xb4,0x76,0xac,0xb6,0xb5,0xbb,0x4f,0xdf,0xa8,0x1b,0x9d,0xc8,0x19,0x97,0x4a,0x0b,0x56, + 0x67,0x2f,0xc2,0x3e,0xb6,0xb3,0xc4,0x83,0x3a,0xf0,0x77,0x6d,0x74,0xc4,0x2e,0x23,0x51,0xee,0x9a,0xa5, + 0x03,0x6f,0x60,0xf4,0xa5,0x48,0xa7,0x06,0xc2,0xbb,0x5a,0xe2,0x1f,0x1f,0x46,0x45,0x7e,0xe4,0x97,0xf5, + 0x27,0x10,0xb7,0x20,0x22,0x72,0x6f,0x72,0xda,0xc6,0x50,0x75,0xc5,0x3d,0x25,0x8f,0x5d,0xa3,0x00,0xe9, + 0x9f,0x36,0x8c,0x48,0x39,0x8f,0xb3,0x3b,0xea,0x90,0x80,0x2e,0x95,0x9a,0x60,0xf4,0x78,0xce,0xf4,0x0e, + 0x0a,0x53,0x3e,0xa2,0xfa,0x4f,0xd8,0x1e,0xae,0x84,0x95,0x8d,0x32,0xbc,0x56,0x4d,0x89,0xe9,0x78,0x18, + 0xe0,0xac,0x9a,0x42,0xba,0x7a,0x46,0x1b,0x84,0xa2,0x89,0xce,0x14,0xe8,0x88,0xd1,0x58,0x8b,0xf6,0xae, + 0x56,0xc4,0x2c,0x05,0x2a,0x45,0xaf,0x0b,0xd9,0x4b,0xa9,0x02,0x0f,0x34,0xac,0x88,0xc7,0x61,0x55,0x89, + 0x44,0xc9,0x27,0x73,0x07,0xee,0x82,0xe5,0x4e,0xf5,0x70 +}; + +/* subject:/UID=398C878YJ2/ */ +/* issuer :/CN=Developer ID Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=US */ +uint8_t _leaf_cert[]={ + 0x30,0x82,0x05,0x7A,0x30,0x82,0x04,0x62,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x03, + 0xB5,0x01,0x60,0xCB,0x4D,0x00,0xDE,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x79,0x31,0x2D,0x30,0x2B,0x06,0x03,0x55,0x04, + 0x03,0x0C,0x24,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20,0x49,0x44,0x20, + 0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75, + 0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B, + 0x0C,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, + 0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31, + 0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20, + 0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55, + 0x53,0x30,0x1E,0x17,0x0D,0x31,0x37,0x30,0x31,0x31,0x36,0x31,0x30,0x31,0x30,0x30, + 0x30,0x5A,0x17,0x0D,0x32,0x32,0x30,0x31,0x31,0x37,0x31,0x30,0x31,0x30,0x30,0x30, + 0x5A,0x30,0x81,0x9B,0x31,0x1A,0x30,0x18,0x06,0x0A,0x09,0x92,0x26,0x89,0x93,0xF2, + 0x2C,0x64,0x01,0x01,0x0C,0x0A,0x33,0x39,0x38,0x43,0x38,0x37,0x38,0x59,0x4A,0x32, + 0x31,0x40,0x30,0x3E,0x06,0x03,0x55,0x04,0x03,0x0C,0x37,0x44,0x65,0x76,0x65,0x6C, + 0x6F,0x70,0x65,0x72,0x20,0x49,0x44,0x20,0x41,0x70,0x70,0x6C,0x69,0x63,0x61,0x74, + 0x69,0x6F,0x6E,0x3A,0x20,0x52,0x75,0x73,0x6C,0x61,0x6E,0x20,0x47,0x61,0x72,0x69, + 0x66,0x75,0x6C,0x69,0x6E,0x20,0x28,0x33,0x39,0x38,0x43,0x38,0x37,0x38,0x59,0x4A, + 0x32,0x29,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0A,0x33,0x39,0x38, + 0x43,0x38,0x37,0x38,0x59,0x4A,0x32,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A, + 0x0C,0x10,0x52,0x75,0x73,0x6C,0x61,0x6E,0x20,0x47,0x61,0x72,0x69,0x66,0x75,0x6C, + 0x69,0x6E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30, + 0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01, + 0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00, + 0xC3,0xDB,0x84,0xA2,0xF1,0x89,0xA3,0x17,0xC6,0xF0,0x96,0xAA,0xE3,0xCF,0x16,0x71, + 0x7F,0x97,0x96,0xEF,0x95,0x27,0x73,0x49,0xCC,0x53,0xF0,0x1D,0x73,0x67,0xA7,0x58, + 0xC5,0x27,0xA9,0xEC,0x40,0x41,0xF6,0x6F,0x87,0x65,0x9D,0xD9,0xE1,0x16,0xF5,0xB5, + 0xBA,0xAF,0x39,0xC8,0xA0,0xA5,0x10,0x9D,0x6F,0x9A,0xD7,0xED,0x1F,0xB4,0xF6,0x90, + 0x55,0x73,0x60,0x0B,0xD4,0xEE,0xC6,0x39,0x33,0x02,0xAE,0xD9,0xEE,0x7F,0xFE,0x49, + 0x82,0x05,0x7D,0x0D,0x6E,0xA6,0x2C,0xF6,0x75,0xBD,0xBA,0xB4,0x5F,0x5E,0x9B,0x4F, + 0x85,0x3A,0x02,0x37,0xA8,0xB5,0xE1,0x42,0x57,0x97,0xA3,0x20,0xC3,0xFF,0xF5,0xC7, + 0x2F,0x0A,0xC2,0x06,0xA4,0x4E,0x24,0x7E,0xE2,0x72,0x20,0xC7,0x0E,0xC4,0x32,0xE8, + 0x0C,0x69,0xD7,0x99,0xF5,0xC5,0xDB,0xB7,0x4F,0x84,0xFB,0xAB,0x97,0x90,0x0A,0x6A, + 0x17,0xAD,0xD9,0x41,0xDD,0xE1,0x35,0x06,0x50,0x5B,0x79,0x6E,0x3A,0xC3,0x2C,0x92, + 0xE1,0x14,0x6F,0xAE,0xEC,0xC2,0xA6,0x5A,0x7F,0xB8,0x9D,0xE8,0x3A,0x6B,0x59,0x36, + 0xC3,0x56,0xA7,0x16,0x77,0xF3,0x91,0x61,0x33,0x05,0x23,0x04,0x96,0xAF,0x14,0x5F, + 0x2F,0x82,0x87,0xCE,0xDC,0x39,0x4E,0xD5,0xC5,0x1A,0x29,0xF9,0xE6,0xB8,0xAB,0xB8, + 0x62,0x39,0x2E,0x55,0x8E,0xA1,0x70,0xF9,0xE9,0x6D,0xA9,0x96,0xB9,0x59,0x22,0x1C, + 0x6E,0x8E,0x7D,0x30,0xB7,0xEA,0x1C,0xB2,0x1F,0x8D,0x59,0xF1,0x94,0x40,0x95,0xEA, + 0x4F,0xFE,0x53,0x50,0xA1,0xE0,0xC4,0x79,0x91,0x40,0x49,0x23,0x8D,0x96,0x4F,0x6D, + 0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0xE1,0x30,0x82,0x01,0xDD,0x30,0x3E,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x32,0x30,0x30,0x30,0x2E,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x22,0x68,0x74,0x74,0x70,0x3A, + 0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D, + 0x2F,0x6F,0x63,0x73,0x70,0x2D,0x64,0x65,0x76,0x69,0x64,0x30,0x31,0x30,0x1D,0x06, + 0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x79,0x35,0xB6,0x17,0xF0,0x11,0x85,0x00, + 0xFE,0xBA,0x56,0xF3,0x0C,0xA0,0x03,0xBE,0x71,0x64,0x0C,0x9C,0x30,0x0C,0x06,0x03, + 0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D, + 0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x57,0x17,0xED,0xA2,0xCF,0xDC,0x7C,0x98,0xA1, + 0x10,0xE0,0xFC,0xBE,0x87,0x2D,0x2C,0xF2,0xE3,0x17,0x54,0x30,0x82,0x01,0x0E,0x06, + 0x03,0x55,0x1D,0x20,0x04,0x82,0x01,0x05,0x30,0x82,0x01,0x01,0x30,0x81,0xFE,0x06, + 0x09,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x05,0x01,0x30,0x81,0xF0,0x30,0x28,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C,0x68,0x74,0x74,0x70,0x3A, + 0x2F,0x2F,0x77,0x77,0x77,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F, + 0x61,0x70,0x70,0x6C,0x65,0x63,0x61,0x30,0x81,0xC3,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x02,0x02,0x30,0x81,0xB6,0x0C,0x81,0xB3,0x52,0x65,0x6C,0x69,0x61,0x6E, + 0x63,0x65,0x20,0x6F,0x6E,0x20,0x74,0x68,0x69,0x73,0x20,0x63,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x62,0x79,0x20,0x61,0x6E,0x79,0x20,0x70,0x61, + 0x72,0x74,0x79,0x20,0x61,0x73,0x73,0x75,0x6D,0x65,0x73,0x20,0x61,0x63,0x63,0x65, + 0x70,0x74,0x61,0x6E,0x63,0x65,0x20,0x6F,0x66,0x20,0x74,0x68,0x65,0x20,0x74,0x68, + 0x65,0x6E,0x20,0x61,0x70,0x70,0x6C,0x69,0x63,0x61,0x62,0x6C,0x65,0x20,0x73,0x74, + 0x61,0x6E,0x64,0x61,0x72,0x64,0x20,0x74,0x65,0x72,0x6D,0x73,0x20,0x61,0x6E,0x64, + 0x20,0x63,0x6F,0x6E,0x64,0x69,0x74,0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66,0x20,0x75, + 0x73,0x65,0x2C,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20, + 0x70,0x6F,0x6C,0x69,0x63,0x79,0x20,0x61,0x6E,0x64,0x20,0x63,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x70,0x72,0x61,0x63,0x74,0x69,0x63, + 0x65,0x20,0x73,0x74,0x61,0x74,0x65,0x6D,0x65,0x6E,0x74,0x73,0x2E,0x30,0x0E,0x06, + 0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x07,0x80,0x30,0x16,0x06, + 0x03,0x55,0x1D,0x25,0x01,0x01,0xFF,0x04,0x0C,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01, + 0x05,0x05,0x07,0x03,0x03,0x30,0x13,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64, + 0x06,0x01,0x0D,0x01,0x01,0xFF,0x04,0x02,0x05,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86, + 0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x3F,0x66, + 0xE8,0xD2,0x30,0x23,0x41,0x7A,0xD9,0x4E,0x3E,0xCF,0xFE,0x89,0x30,0xB2,0x7C,0x32, + 0x84,0xE1,0xAE,0x95,0x8C,0xBE,0xA7,0x7A,0x42,0x67,0x4B,0x27,0x13,0x0A,0xA7,0x31, + 0xE7,0xEF,0x8F,0x6C,0xBD,0x26,0x09,0x75,0xC6,0xF1,0xD6,0x6D,0xCC,0x55,0x43,0x1E, + 0x80,0xC0,0x7B,0x31,0x42,0x72,0x80,0xA3,0x94,0xC2,0xB8,0x68,0xC6,0x5E,0xD6,0x10, + 0xFB,0x8C,0x52,0xE8,0xAD,0x0A,0xCE,0x11,0x20,0x5D,0xF4,0xFC,0xFA,0xE5,0x3F,0x96, + 0x02,0xDF,0xA7,0x22,0x11,0xF6,0xE6,0xF2,0xCE,0x5F,0x42,0xCF,0x13,0xED,0xCB,0xEE, + 0xEC,0xB0,0x01,0x76,0x4F,0xDC,0xD6,0x84,0x37,0x82,0x18,0x43,0x9F,0x17,0x61,0x88, + 0xBD,0x4B,0xEE,0xB8,0x2B,0xF8,0x37,0xC2,0x64,0x79,0xF5,0x63,0xBC,0x3A,0x41,0x80, + 0x2B,0x92,0x91,0x3D,0x4E,0x86,0x48,0xFE,0x66,0x4D,0xC0,0xCA,0xFB,0x77,0x68,0x3D, + 0x18,0xFA,0x5C,0xD2,0x4F,0xBC,0x23,0xC5,0xF2,0x8C,0xA6,0xAA,0x55,0x0B,0xDE,0xF7, + 0xD5,0x6E,0x88,0xBC,0x22,0x8E,0x45,0x8A,0x14,0x73,0xCF,0x69,0xAC,0xDE,0x2E,0xB8, + 0x24,0xEB,0x5C,0xC3,0x4C,0xC4,0xF0,0xCE,0xFC,0x94,0x9F,0x22,0x73,0x57,0x30,0x33, + 0x7A,0xB3,0x6C,0x43,0x1A,0x6C,0x79,0xFA,0x8E,0x14,0xF4,0x68,0x12,0x6F,0xCC,0xE8, + 0x2B,0x77,0xA5,0x6A,0xFE,0x9A,0xD4,0x3A,0x57,0x66,0x49,0x37,0x97,0xC8,0x38,0x91, + 0x14,0x4B,0x46,0x50,0xCF,0xF1,0x61,0x46,0x8C,0x9C,0xEB,0x99,0xD3,0x85,0x1B,0x53, + 0xED,0x60,0x88,0x79,0xEB,0xEA,0x2B,0xE3,0x33,0xEF,0x0D,0x58,0xEF,0xF5, +}; + +/* subject:/CN=Developer ID Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=US */ +/* issuer :/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA */ +uint8_t _issuer[] ={ + 0x30,0x82,0x04,0x04,0x30,0x82,0x02,0xEC,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x18, + 0x7A,0xA9,0xA8,0xC2,0x96,0x21,0x0C,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x62,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04, + 0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A, + 0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03, + 0x55,0x04,0x0B,0x13,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69, + 0x74,0x79,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x03,0x13,0x0D,0x41,0x70,0x70, + 0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x32, + 0x30,0x32,0x30,0x31,0x32,0x32,0x31,0x32,0x31,0x35,0x5A,0x17,0x0D,0x32,0x37,0x30, + 0x32,0x30,0x31,0x32,0x32,0x31,0x32,0x31,0x35,0x5A,0x30,0x79,0x31,0x2D,0x30,0x2B, + 0x06,0x03,0x55,0x04,0x03,0x0C,0x24,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72, + 0x20,0x49,0x44,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F, + 0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06, + 0x03,0x55,0x04,0x0B,0x0C,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74, + 0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72, + 0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70, + 0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04, + 0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01, + 0x0A,0x02,0x82,0x01,0x01,0x00,0x89,0x76,0x4F,0x06,0x5B,0x9A,0x41,0xEE,0xA5,0x23, + 0x2B,0x02,0xA3,0x5F,0xD7,0x73,0x3F,0xC0,0x35,0xB0,0x8B,0x84,0x0A,0x3F,0x06,0x24, + 0x7F,0xA7,0x95,0x3F,0xEB,0x4F,0x0E,0x93,0xAF,0xB4,0x0E,0xD0,0xC8,0x3E,0xE5,0x6D, + 0x18,0xB3,0x1F,0xE8,0x89,0x47,0xBF,0xD7,0x09,0x08,0xE4,0xFF,0x56,0x98,0x29,0x15, + 0xE7,0x94,0x9D,0xB9,0x35,0xA3,0x0A,0xCD,0xB4,0xC0,0xE1,0xE2,0x60,0xF4,0xCA,0xEC, + 0x29,0x78,0x45,0x69,0x69,0x60,0x6B,0x5F,0x8A,0x92,0xFC,0x9E,0x23,0xE6,0x3A,0xC2, + 0x22,0xB3,0x31,0x4F,0x1C,0xBA,0xF2,0xB6,0x34,0x59,0x42,0xEE,0xB0,0xA9,0x02,0x03, + 0x18,0x91,0x04,0xB6,0xB3,0x78,0x2E,0x33,0x1F,0x80,0x45,0x0D,0x45,0x6F,0xBB,0x0E, + 0x5A,0x5B,0x7F,0x3A,0xE7,0xD8,0x08,0xD7,0x0B,0x0E,0x32,0x6D,0xFB,0x86,0x36,0xE4, + 0x6C,0xAB,0xC4,0x11,0x8A,0x70,0x84,0x26,0xAA,0x9F,0x44,0xD1,0xF1,0xB8,0xC6,0x7B, + 0x94,0x17,0x9B,0x48,0xF7,0x0B,0x58,0x16,0xBA,0x23,0xC5,0x9F,0x15,0x39,0x7E,0xCA, + 0x5D,0xC3,0x32,0x5F,0x0F,0xE0,0x52,0x7F,0x40,0xEA,0xBE,0xAC,0x08,0x64,0x95,0x5B, + 0xC9,0x1A,0x9C,0xE5,0x80,0xCA,0x1F,0x6A,0x44,0x1C,0x6C,0x3E,0xC4,0xB0,0x26,0x1F, + 0x1D,0xEC,0x7B,0xAF,0x5E,0xA0,0x6A,0x3D,0x47,0xA9,0x58,0x12,0x31,0x3F,0x20,0x76, + 0x28,0x6D,0x1D,0x1C,0xB0,0xC2,0x4E,0x11,0x69,0x26,0x8B,0xCB,0xD6,0xD0,0x11,0x82, + 0xC9,0x4E,0x0F,0xF1,0x56,0x74,0xD0,0xD9,0x08,0x4B,0x66,0x78,0xA2,0xAB,0xAC,0xA7, + 0xE2,0xD2,0x4C,0x87,0x59,0xC9,0x02,0x03,0x01,0x00,0x01,0xA3,0x81,0xA6,0x30,0x81, + 0xA3,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x57,0x17,0xED,0xA2, + 0xCF,0xDC,0x7C,0x98,0xA1,0x10,0xE0,0xFC,0xBE,0x87,0x2D,0x2C,0xF2,0xE3,0x17,0x54, + 0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01, + 0xFF,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x2B,0xD0, + 0x69,0x47,0x94,0x76,0x09,0xFE,0xF4,0x6B,0x8D,0x2E,0x40,0xA6,0xF7,0x47,0x4D,0x7F, + 0x08,0x5E,0x30,0x2E,0x06,0x03,0x55,0x1D,0x1F,0x04,0x27,0x30,0x25,0x30,0x23,0xA0, + 0x21,0xA0,0x1F,0x86,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E, + 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x6F,0x6F,0x74,0x2E,0x63, + 0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02, + 0x01,0x86,0x30,0x10,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x06,0x02,0x06, + 0x04,0x02,0x05,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, + 0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x42,0x39,0x74,0x6B,0xA1,0xDC,0xC6,0xA4, + 0x8F,0x37,0x2A,0x8C,0xB3,0x1D,0x0A,0x44,0xBC,0x95,0x2C,0x7F,0xBC,0x59,0xB8,0xAC, + 0x61,0xFB,0x07,0x90,0x92,0x32,0xB9,0xD4,0xBF,0x3B,0xC1,0x50,0x39,0x6A,0x44,0x74, + 0xA2,0xEC,0x5B,0x1F,0x70,0xE5,0xAA,0xDD,0x4B,0x6C,0x1C,0x23,0x71,0x2D,0x5F,0xD1, + 0xC5,0x93,0xBE,0xEE,0x9B,0x8A,0x70,0x65,0x82,0x9D,0x16,0xE3,0x1A,0x10,0x17,0x89, + 0x2D,0xA8,0xCD,0xFD,0x0C,0x78,0x58,0x49,0x0C,0x28,0x7F,0x33,0xEE,0x00,0x7A,0x1B, + 0xB4,0x76,0xAC,0xB6,0xB5,0xBB,0x4F,0xDF,0xA8,0x1B,0x9D,0xC8,0x19,0x97,0x4A,0x0B, + 0x56,0x67,0x2F,0xC2,0x3E,0xB6,0xB3,0xC4,0x83,0x3A,0xF0,0x77,0x6D,0x74,0xC4,0x2E, + 0x23,0x51,0xEE,0x9A,0xA5,0x03,0x6F,0x60,0xF4,0xA5,0x48,0xA7,0x06,0xC2,0xBB,0x5A, + 0xE2,0x1F,0x1F,0x46,0x45,0x7E,0xE4,0x97,0xF5,0x27,0x10,0xB7,0x20,0x22,0x72,0x6F, + 0x72,0xDA,0xC6,0x50,0x75,0xC5,0x3D,0x25,0x8F,0x5D,0xA3,0x00,0xE9,0x9F,0x36,0x8C, + 0x48,0x39,0x8F,0xB3,0x3B,0xEA,0x90,0x80,0x2E,0x95,0x9A,0x60,0xF4,0x78,0xCE,0xF4, + 0x0E,0x0A,0x53,0x3E,0xA2,0xFA,0x4F,0xD8,0x1E,0xAE,0x84,0x95,0x8D,0x32,0xBC,0x56, + 0x4D,0x89,0xE9,0x78,0x18,0xE0,0xAC,0x9A,0x42,0xBA,0x7A,0x46,0x1B,0x84,0xA2,0x89, + 0xCE,0x14,0xE8,0x88,0xD1,0x58,0x8B,0xF6,0xAE,0x56,0xC4,0x2C,0x05,0x2A,0x45,0xAF, + 0x0B,0xD9,0x4B,0xA9,0x02,0x0F,0x34,0xAC,0x88,0xC7,0x61,0x55,0x89,0x44,0xC9,0x27, + 0x73,0x07,0xEE,0x82,0xE5,0x4E,0xF5,0x70, +}; + +NSString * _oldDBSchema = +@"PRAGMA foreign_keys=OFF;" +"BEGIN TRANSACTION;" +"CREATE TABLE ocsp(issuerNameHash BLOB NOT NULL,issuerPubKeyHash BLOB NOT NULL,serialNum BLOB NOT NULL,hashAlgorithm BLOB NOT NULL,responseId INTEGER NOT NULL);" +"CREATE TABLE responses(responseId INTEGER PRIMARY KEY,ocspResponse BLOB NOT NULL,responderURI BLOB,expires DOUBLE NOT NULL,lastUsed DOUBLE NOT NULL);" +"CREATE INDEX iResponseId ON ocsp(responseId);" +"CREATE INDEX iserialNum ON ocsp(serialNum);" +"CREATE INDEX iSNumDAlg ON ocsp(serialNum,hashAlgorithm);" +"CREATE INDEX iexpires ON responses(expires);" +"CREATE TRIGGER tocspdel BEFORE DELETE ON responses FOR EACH ROW BEGIN DELETE FROM ocsp WHERE responseId=OLD.responseId; END;" +"COMMIT;"; + +NSString * _oldDBSchemaWithContent = +@"PRAGMA foreign_keys=OFF;" +"BEGIN TRANSACTION;" +"CREATE TABLE ocsp(issuerNameHash BLOB NOT NULL,issuerPubKeyHash BLOB NOT NULL,serialNum BLOB NOT NULL,hashAlgorithm BLOB NOT NULL,responseId INTEGER NOT NULL);" +"INSERT INTO ocsp VALUES(X'3381d1efdb68b085214d2eefaf8c4a69643c2a6c',X'5717eda2cfdc7c98a110e0fcbe872d2cf2e31754',X'03b50160cb4d00de',X'2b0e03021a',1);" +"CREATE TABLE responses(responseId INTEGER PRIMARY KEY,ocspResponse BLOB NOT NULL,responderURI BLOB,expires DOUBLE NOT NULL,lastUsed DOUBLE NOT NULL);" +"INSERT INTO responses VALUES(1,X'308209cb0a0100a08209c4308209c006092b0601050507300101048209b1308209ad3081b2a2160414d5024568a03d2c63402262b79c0e856974b430e8180f32303139313131363031313232315a3081863081833041300906052b0e03021a050004143381d1efdb68b085214d2eefaf8c4a69643c2a6c04145717eda2cfdc7c98a110e0fcbe872d2cf2e31754020803b50160cb4d00dea116180f32303137303631363034353430305aa0030a0104180f32303139313131363031313232315aa011180f32303139313131363133313232315aa1023000300d06092a864886f70d01010b05000382010100834f4706e90022f68cedea79c3a3b5cd9dbf49ecea78ffdacda8d0ddeb0c4d6d686a98b4af6c351bcb7ef299248887ce2b6eba97fe01c9145eac699bb8996c4be19e6be33fd7f5c79b49376aa86324122dd0f82fb359e877b02b83047f773872131aa1fc532850c1219cbaf0d0eeb213d972ee89d678dd420b62f56c8add11f6556935f99b4c363937f7e54a919a8e84592abb20d31dce955c77d5155a1f86eca9afaa34daa7b77dc161b245d9c279556ce1bafd474427c374fd1eeb90b6e6490f28a8888ccb4a87aa05f79b05e0d2cab772204697b537d8204d3e564593f1e68389d63c537ceacbb13e99058ea31a988895e704ccb38f570b4a672fc29352e2a08207e0308207dc308203d0308202b8a00302010202086f0d6c67664904c5300d06092a864886f70d01010b05003079312d302b06035504030c24446576656c6f7065722049442043657274696669636174696f6e20417574686f7269747931263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b3009060355040613025553301e170d3139313031383035323931365a170d3139313132393035323931365a304d3129302706035504030c20446576656c6f706572204944204f43535020526573706f6e646572204e4c303731133011060355040a0c0a4170706c6520496e632e310b300906035504061302555330820122300d06092a864886f70d01010105000382010f003082010a0282010100a0b8aee45be6dd9e87d6274bbc8ecf793449a5eaf0724ddce75e07c20ad0d1ab36e137919c60c0d1ff4a8413ecf1111b3fb99483e52222df3179f83f41c6fe76b068e16db82fb06264eff49bccd1ea8fd4df2e8fc18eff0267dbc6d812428734376dbddc7cb7fed53e7e0a7e829d078728f79bbd0f279cbffb39d9d53cf663aec8e8192728ab94c51553ad6177b25d851b21804aae48db7dd074d4de84a450d469043fee178b69219fe40b8043b6928d8783dda712633447eafb6b7b47fb28175c4b018f565f35c100ef9257814b2e6261e8145a6b44f7437e8861d2f7d04f392fdca22128d34322f17aed360c4ef5fb641095b92b91b9ec20da925df9f5611d0203010001a38187308184300c0603551d130101ff04023000301f0603551d230418301680145717eda2cfdc7c98a110e0fcbe872d2cf2e31754300f06092b06010505073001050402050030130603551d25040c300a06082b06010505070309301d0603551d0e04160414d5024568a03d2c63402262b79c0e856974b430e8300e0603551d0f0101ff040403020780300d06092a864886f70d01010b05000382010100650c41f8e116b7d761e16aaf122e70ef0a40a4d0e29170bddbda65628b404523c9e8a4d033f7d1a5804a3ac8762d20fe274b30dfa400353d1c807cc5098947d4787d14dfa1ef16adb1caf4f609abc4dc4d7269879b5b82bba7685efd8029682dd5a078045777d06957fa83b9f0424271aefeff0bbdd3fb3c170171e25e81be72e075ba410df010710236f3264a015ca821e0b286271b5ec1b0b04fdc7789e55c159a7239af57e1942ca34644ce0de9f1e6fad96f1e01281a0e68f46cf3bd4af83adf9372054f884b7e13b692e328d0143c13286d112736bc7327abfc3fb100ab9b357a87710e54036802b2fc8c17f3737eea756419569cacb8e6507c4894ec0e30820404308202eca0030201020208187aa9a8c296210c300d06092a864886f70d01010b05003062310b300906035504061302555331133011060355040a130a4170706c6520496e632e31263024060355040b131d4170706c652043657274696669636174696f6e20417574686f72697479311630140603550403130d4170706c6520526f6f74204341301e170d3132303230313232313231355a170d3237303230313232313231355a3079312d302b06035504030c24446576656c6f7065722049442043657274696669636174696f6e20417574686f7269747931263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b300906035504061302555330820122300d06092a864886f70d01010105000382010f003082010a028201010089764f065b9a41eea5232b02a35fd7733fc035b08b840a3f06247fa7953feb4f0e93afb40ed0c83ee56d18b31fe88947bfd70908e4ff56982915e7949db935a30acdb4c0e1e260f4caec2978456969606b5f8a92fc9e23e63ac222b3314f1cbaf2b6345942eeb0a90203189104b6b3782e331f80450d456fbb0e5a5b7f3ae7d808d70b0e326dfb8636e46cabc4118a708426aa9f44d1f1b8c67b94179b48f70b5816ba23c59f15397eca5dc3325f0fe0527f40eabeac0864955bc91a9ce580ca1f6a441c6c3ec4b0261f1dec7baf5ea06a3d47a95812313f2076286d1d1cb0c24e1169268bcbd6d01182c94e0ff15674d0d9084b6678a2abaca7e2d24c8759c90203010001a381a63081a3301d0603551d0e041604145717eda2cfdc7c98a110e0fcbe872d2cf2e31754300f0603551d130101ff040530030101ff301f0603551d230418301680142bd06947947609fef46b8d2e40a6f7474d7f085e302e0603551d1f042730253023a021a01f861d687474703a2f2f63726c2e6170706c652e636f6d2f726f6f742e63726c300e0603551d0f0101ff0404030201863010060a2a864886f7636406020604020500300d06092a864886f70d01010b050003820101004239746ba1dcc6a48f372a8cb31d0a44bc952c7fbc59b8ac61fb07909232b9d4bf3bc150396a4474a2ec5b1f70e5aadd4b6c1c23712d5fd1c593beee9b8a7065829d16e31a1017892da8cdfd0c7858490c287f33ee007a1bb476acb6b5bb4fdfa81b9dc819974a0b56672fc23eb6b3c4833af0776d74c42e2351ee9aa5036f60f4a548a706c2bb5ae21f1f46457ee497f52710b72022726f72dac65075c53d258f5da300e99f368c48398fb33bea90802e959a60f478cef40e0a533ea2fa4fd81eae84958d32bc564d89e97818e0ac9a42ba7a461b84a289ce14e888d1588bf6ae56c42c052a45af0bd94ba9020f34ac88c761558944c9277307ee82e54ef570',NULL,595602740.99999999108,595601999.99999996478);" +"CREATE INDEX iResponseId ON ocsp(responseId);" +"CREATE INDEX iserialNum ON ocsp(serialNum);" +"CREATE INDEX iSNumDAlg ON ocsp(serialNum,hashAlgorithm);" +"CREATE INDEX iexpires ON responses(expires);" +"CREATE TRIGGER tocspdel BEFORE DELETE ON responses FOR EACH ROW BEGIN DELETE FROM ocsp WHERE responseId=OLD.responseId; END;" +"COMMIT;"; + + +#endif /* _TRUSTTESTS_DAEMON_OCSP_CACHE_TESTS_H_ */ diff --git a/tests/TrustTests/DaemonTests/TrustDaemonTestCase.h b/tests/TrustTests/DaemonTests/TrustDaemonTestCase.h new file mode 100644 index 00000000..95ac24f0 --- /dev/null +++ b/tests/TrustTests/DaemonTests/TrustDaemonTestCase.h @@ -0,0 +1,33 @@ +/* +* Copyright (c) 2019 Apple Inc. All Rights Reserved. +* +* @APPLE_LICENSE_HEADER_START@ +* +* This file contains Original Code and/or Modifications of Original Code +* as defined in and that are subject to the Apple Public Source License +* Version 2.0 (the 'License'). You may not use this file except in +* compliance with the License. Please obtain a copy of the License at +* http://www.opensource.apple.com/apsl/ and read it before using this +* file. +* +* The Original Code and all software distributed under the License are +* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER +* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, +* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, +* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. +* Please see the License for the specific language governing rights and +* limitations under the License. +* +* @APPLE_LICENSE_HEADER_END@ +* +*/ + +#ifndef _TRUSTTESTS_DAEMON_TESTCASE_H_ +#define _TRUSTTESTS_DAEMON_TESTCASE_H_ + +#import + +@interface TrustDaemonTestCase : XCTestCase +@end + +#endif /* _TRUSTTESTS_DAEMON_TESTCASE_H_ */ diff --git a/tests/TrustTests/DaemonTests/TrustDaemonTestCase.m b/tests/TrustTests/DaemonTests/TrustDaemonTestCase.m new file mode 100644 index 00000000..26bddd56 --- /dev/null +++ b/tests/TrustTests/DaemonTests/TrustDaemonTestCase.m @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2019 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + * + */ + +#import +#include "trust/trustd/trustd_spi.h" + +#import "TrustDaemonTestCase.h" + +@implementation TrustDaemonTestCase + +static int current_dir = -1; +static char *home_var = NULL; + +/* Build in trustd functionality to the tests */ ++ (void) setUp { + /* Set up TMP directory for trustd's files */ + int ok = 0; + NSError* error = nil; + NSString* pid = [NSString stringWithFormat: @"tst-%d", [[NSProcessInfo processInfo] processIdentifier]]; + NSURL* tmpDirURL = [[NSURL fileURLWithPath:NSTemporaryDirectory() isDirectory:YES] URLByAppendingPathComponent:pid]; + ok = (bool)tmpDirURL; + + if (current_dir == -1 && home_var == NULL) { + ok = ok && [[NSFileManager defaultManager] createDirectoryAtURL:tmpDirURL + withIntermediateDirectories:NO + attributes:NULL + error:&error]; + + NSURL* libraryURL = [tmpDirURL URLByAppendingPathComponent:@"Library"]; + NSURL* preferencesURL = [tmpDirURL URLByAppendingPathComponent:@"Preferences"]; + + ok = (ok && (current_dir = open(".", O_RDONLY) >= 0) + && (chdir([tmpDirURL fileSystemRepresentation]) >= 0) + && (setenv("HOME", [tmpDirURL fileSystemRepresentation], 1) >= 0) + && (bool)(home_var = getenv("HOME"))); + + ok = ok && [[NSFileManager defaultManager] createDirectoryAtURL:libraryURL + withIntermediateDirectories:NO + attributes:NULL + error:&error]; + + ok = ok && [[NSFileManager defaultManager] createDirectoryAtURL:preferencesURL + withIntermediateDirectories:NO + attributes:NULL + error:&error]; + } + + if (ok > 0) { + /* Be trustd */ + trustd_init((__bridge CFURLRef) tmpDirURL); + } +} + +@end diff --git a/tests/TrustTests/EvaluationTests/RevocationTests.m b/tests/TrustTests/EvaluationTests/RevocationTests.m new file mode 100644 index 00000000..1bdff251 --- /dev/null +++ b/tests/TrustTests/EvaluationTests/RevocationTests.m @@ -0,0 +1,806 @@ +/* +* Copyright (c) 2006-2019 Apple Inc. All Rights Reserved. +*/ + +#include +#import +#include +#include +#include +#include +#include +#include +#include +#include "trust/trustd/SecOCSPCache.h" + +#import "../TestMacroConversions.h" +#import "../TrustEvaluationTestHelpers.h" +#import "TrustEvaluationTestCase.h" + +#include "RevocationTests_data.h" + +@interface RevocationTests : TrustEvaluationTestCase +@end + +@implementation RevocationTests + +- (void)setUp +{ + // Delete the OCSP cache between each test + [super setUp]; + SecOCSPCacheDeleteContent(nil); +} + +#if !TARGET_OS_WATCH && !TARGET_OS_BRIDGE +/* watchOS and bridgeOS don't support networking in trustd */ +- (void)testRevocation +{ + if (!ping_host("ocsp.digicert.com")) { + XCTAssert(false, "Unable to contact required network resource"); + return; + } + + SecTrustRef trust; + SecCertificateRef cert0, cert1; + isnt(cert0 = SecCertificateCreateWithBytes(NULL, _ocsp_c0, sizeof(_ocsp_c0)), + NULL, "create cert0"); + isnt(cert1 = SecCertificateCreateWithBytes(NULL, _ocsp_c1, sizeof(_ocsp_c1)), + NULL, "create cert1"); + CFMutableArrayRef certs = CFArrayCreateMutable(kCFAllocatorDefault, 0, + &kCFTypeArrayCallBacks); + CFArrayAppendValue(certs, cert0); + CFArrayAppendValue(certs, cert1); + + SecPolicyRef sslPolicy = SecPolicyCreateSSL(true, CFSTR("www.apple.com")); + SecPolicyRef ocspPolicy = SecPolicyCreateRevocation(kSecRevocationOCSPMethod); + const void *v_policies[] = { sslPolicy, ocspPolicy }; + CFArrayRef policies = CFArrayCreate(NULL, v_policies, + array_size(v_policies), &kCFTypeArrayCallBacks); + CFRelease(sslPolicy); + CFRelease(ocspPolicy); + ok_status(SecTrustCreateWithCertificates(certs, policies, &trust), + "create trust"); + /* April 14, 2019 at 10:46:40 PM PDT */ + CFDateRef date = CFDateCreate(NULL, 577000000.0); + ok_status(SecTrustSetVerifyDate(trust, date), "set date"); + + is(SecTrustGetVerifyTime(trust), 577000000.0, "get date"); + + SecTrustResultType trustResult; + ok_status(SecTrustGetTrustResult(trust, &trustResult), "evaluate trust"); + is_status(trustResult, kSecTrustResultUnspecified, + "trust is kSecTrustResultUnspecified"); + + /* Certificates are only EV if they are also CT. */ + CFDictionaryRef info = SecTrustCopyInfo(trust); + CFBooleanRef ev = (CFBooleanRef)CFDictionaryGetValue(info, + kSecTrustInfoExtendedValidationKey); + ok(ev, "extended validation succeeded"); + + CFReleaseSafe(info); + CFReleaseSafe(trust); + CFReleaseSafe(policies); + CFReleaseSafe(certs); + CFReleaseSafe(cert0); + CFReleaseSafe(cert1); + CFReleaseSafe(date); +} + +- (void) test_ocsp_responder_policy +{ + SecCertificateRef leaf = NULL, subCA = NULL, responderCert = NULL; + CFMutableArrayRef certs = CFArrayCreateMutable(kCFAllocatorDefault, 0, + &kCFTypeArrayCallBacks); + SecTrustRef trust = NULL; + SecPolicyRef ocspSignerPolicy = NULL; + SecTrustResultType trustResult = kSecTrustResultInvalid; + + /* August 14, 2018 at 9:26:40 PM PDT */ + CFDateRef date = CFDateCreate(NULL, 556000000.0); + + isnt(leaf = SecCertificateCreateWithBytes(NULL, valid_ist_certificate, + sizeof(valid_ist_certificate)), NULL, "create ist leaf"); + isnt(subCA = SecCertificateCreateWithBytes(NULL, ist_intermediate_certificate, + sizeof(ist_intermediate_certificate)), NULL, "create ist subCA"); + CFArrayAppendValue(certs, leaf); + CFArrayAppendValue(certs, subCA); + + ok(ocspSignerPolicy = SecPolicyCreateOCSPSigner(), + "create ocspSigner policy"); + + ok_status(SecTrustCreateWithCertificates(certs, ocspSignerPolicy, &trust), + "create trust for c0 -> c1"); + ok_status(SecTrustSetVerifyDate(trust, date), "set date"); + ok_status(SecTrustGetTrustResult(trust, &trustResult), "evaluate trust"); + is_status(trustResult, kSecTrustResultRecoverableTrustFailure, + "trust is kSecTrustResultRecoverableTrustFailure"); + + isnt(responderCert = SecCertificateCreateWithBytes(NULL, _responderCert, + sizeof(_responderCert)), NULL, "create responderCert"); + CFArraySetValueAtIndex(certs, 0, responderCert); + ok_status(SecTrustCreateWithCertificates(certs, ocspSignerPolicy, &trust), + "create trust for ocspResponder -> c1"); + ok_status(SecTrustSetVerifyDate(trust, date), "set date"); + ok_status(SecTrustGetTrustResult(trust, &trustResult), "evaluate trust"); + is_status(trustResult, kSecTrustResultUnspecified, + "trust is kSecTrustResultUnspecified"); + + CFReleaseNull(leaf); + CFReleaseNull(subCA); + CFReleaseNull(responderCert); + CFReleaseNull(certs); + CFReleaseNull(trust); + CFReleaseSafe(ocspSignerPolicy); + CFReleaseNull(date); +} + +- (void)test_always_honor_cached_revoked_responses { + if (!ping_host("ocsp.apple.com")) { + XCTAssert(false, "Unable to contact required network resource"); + return; + } + + SecTrustRef trust; + SecCertificateRef rcert0, rcert1; + isnt(rcert0 = SecCertificateCreateWithBytes(NULL, + revoked_ist_certificate, sizeof(revoked_ist_certificate)), + NULL, "create rcert0"); + isnt(rcert1 = SecCertificateCreateWithBytes(NULL, + ist_intermediate_certificate, sizeof(ist_intermediate_certificate)), + NULL, "create rcert1"); + CFMutableArrayRef rcerts = CFArrayCreateMutable(kCFAllocatorDefault, 0, + &kCFTypeArrayCallBacks); + CFArrayAppendValue(rcerts, rcert0); + CFArrayAppendValue(rcerts, rcert1); + + SecPolicyRef sslPolicy = SecPolicyCreateSSL(true, CFSTR("revoked.geotrust-global-ca.test-pages.certificatemanager.apple.com")); + SecPolicyRef ocspPolicy = SecPolicyCreateRevocation(kSecRevocationOCSPMethod); + const void *v_policies[] = { sslPolicy, ocspPolicy }; + CFArrayRef policies = CFArrayCreate(NULL, v_policies, + array_size(v_policies), &kCFTypeArrayCallBacks); + CFRelease(sslPolicy); + CFRelease(ocspPolicy); + ok_status(SecTrustCreateWithCertificates(rcerts, policies, &trust), + "create trust"); + /* Feb 5th 2015. */ + CFDateRef date = CFDateCreate(NULL, 444900000); + ok_status(SecTrustSetVerifyDate(trust, date), "set date"); + CFReleaseSafe(date); + + is(SecTrustGetVerifyTime(trust), 444900000, "get date"); + + SecTrustResultType trustResult; + ok_status(SecTrustGetTrustResult(trust, &trustResult), "evaluate trust"); + is(trustResult, kSecTrustResultFatalTrustFailure); + CFDictionaryRef results = SecTrustCopyResult(trust); + CFTypeRef revoked = NULL; + if (results) { + CFArrayRef perCertResults = CFDictionaryGetValue(results, CFSTR("TrustResultDetails")); + if (perCertResults) { + CFDictionaryRef leafResults = CFArrayGetValueAtIndex(perCertResults, 0); + if (leafResults) { + revoked = CFDictionaryGetValue(leafResults, CFSTR("Revocation")); + } + } + } + is(revoked != NULL, true, "revoked result is %@", revoked); + CFReleaseSafe(results); + + + /* Now verify the cert at a date in the past relative to the previous + date, but still within the cert's validity period. Although the + cached response from our prior attempt will appear to have been + produced in the future, it should still be honored since it's + validly signed. + */ + /* Dec 11th 2014. */ + date = CFDateCreate(NULL, 440000000); + ok_status(SecTrustSetVerifyDate(trust, date), "set date"); + CFReleaseSafe(date); + + is(SecTrustGetVerifyTime(trust), 440000000, "get date"); + + ok_status(SecTrustGetTrustResult(trust, &trustResult), "evaluate trust"); + is(trustResult, kSecTrustResultFatalTrustFailure); + results = SecTrustCopyResult(trust); + revoked = NULL; + if (results) { + CFArrayRef perCertResults = CFDictionaryGetValue(results, CFSTR("TrustResultDetails")); + if (perCertResults) { + CFDictionaryRef leafResults = CFArrayGetValueAtIndex(perCertResults, 0); + if (leafResults) { + revoked = CFDictionaryGetValue(leafResults, CFSTR("Revocation")); + } + } + } + is(revoked != NULL, true, "revoked result is %@", revoked); + CFReleaseSafe(results); + + CFReleaseSafe(trust); + CFReleaseSafe(policies); + CFReleaseSafe(rcerts); + CFReleaseSafe(rcert0); + CFReleaseSafe(rcert1); +} + +- (void) test_require_positive_response +{ + if (!ping_host("ocsp.apple.com")) { + XCTAssert(false, "Unable to contact required network resource"); + return; + } + + SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; + SecPolicyRef policy = NULL, revocationPolicy = NULL; + SecTrustRef trust = NULL; + CFArrayRef certs = NULL, anchors = NULL; + CFDateRef verifyDate = NULL; + CFErrorRef error = NULL; + + leaf = SecCertificateCreateWithBytes(NULL, _probablyNotRevokedLeaf, sizeof(_probablyNotRevokedLeaf)); + subCA = SecCertificateCreateWithBytes(NULL, _devIDCA, sizeof(_devIDCA)); + root = SecCertificateCreateWithBytes(NULL, _appleRoot, sizeof(_appleRoot)); + + const void *v_certs[] = { leaf, subCA }; + const void *v_anchors[] = { root }; + + certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); + policy = SecPolicyCreateAppleExternalDeveloper(); + revocationPolicy = SecPolicyCreateRevocation(kSecRevocationRequirePositiveResponse | kSecRevocationOCSPMethod); + NSArray *policies = @[ (__bridge id)policy, (__bridge id)revocationPolicy ]; + require_noerr_action(SecTrustCreateWithCertificates(certs, (__bridge CFArrayRef)policies, &trust), errOut, + fail("failed to create trust object")); + + anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); + require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); + + verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT + require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); + + /* Set no fetch allowed */ + require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, false), errOut, fail("failed to set network fetch disallowed")); + + /* Evaluate trust. Since we required a response but disabled networking, should fail. */ + is(SecTrustEvaluateWithError(trust, &error), false, "non-definitive revoked cert without network failed"); + if (error) { + is(CFErrorGetCode(error), errSecIncompleteCertRevocationCheck, "got wrong error code for revoked cert, got %ld, expected %d", + (long)CFErrorGetCode(error), errSecIncompleteCertRevocationCheck); + } else { + fail("expected trust evaluation to fail and it did not."); + } + CFReleaseNull(error); + + /* Set fetch allowed */ + require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, true), errOut, fail("failed to set network fetch allowed")); + + /* Evaluate trust. We should re-do the evaluation and get a revoked failure from the OCSP check. */ + is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with network succeeded"); + if (error) { + is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", + (long)CFErrorGetCode(error), errSecCertificateRevoked); + } else { + fail("expected trust evaluation to fail and it did not."); + } + +errOut: + CFReleaseNull(leaf); + CFReleaseNull(subCA); + CFReleaseNull(root); + CFReleaseNull(policy); + CFReleaseNull(trust); + CFReleaseNull(certs); + CFReleaseNull(anchors); + CFReleaseNull(verifyDate); + CFReleaseNull(error); +} + +- (void) test_set_fetch_allowed { + if (!ping_host("ocsp.apple.com")) { + XCTAssert(false, "Unable to contact required network resource"); + return; + } + + SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; + SecPolicyRef policy = NULL; + SecTrustRef trust = NULL; + CFArrayRef certs = NULL, anchors = NULL; + CFDateRef verifyDate = NULL; + CFErrorRef error = NULL; + + leaf = SecCertificateCreateWithBytes(NULL, _probablyNotRevokedLeaf, sizeof(_probablyNotRevokedLeaf)); + subCA = SecCertificateCreateWithBytes(NULL, _devIDCA, sizeof(_devIDCA)); + root = SecCertificateCreateWithBytes(NULL, _appleRoot, sizeof(_appleRoot)); + + const void *v_certs[] = { leaf, subCA }; + const void *v_anchors[] = { root }; + + certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); + policy = SecPolicyCreateAppleExternalDeveloper(); + require_noerr_action(SecTrustCreateWithCertificates(certs, policy, &trust), errOut, fail("failed to create trust object")); + + anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); + require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); + + verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT + require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); + + /* Set no fetch allowed */ + require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, false), errOut, fail("failed to set network fetch disallowed")); + + /* Evaluate trust. This cert is revoked, but is only listed as "probably not revoked" by valid.apple.com. + * Since network fetch is not allowed and we fail open, this cert should come back as trusted. */ + ok(SecTrustEvaluateWithError(trust, &error), "non-definitive revoked cert without network failed"); + CFReleaseNull(error); + + /* Set fetch allowed */ + require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, true), errOut, fail("failed to set network fetch allowed")); + + /* Evaluate trust. SetFetchAllowed should have reset the trust result, so now we should re-do the evaluation and get a revoked failure. */ + is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with network succeeded"); + if (error) { + is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", + (long)CFErrorGetCode(error), errSecCertificateRevoked); + } else { + fail("expected trust evaluation to fail and it did not."); + } + +errOut: + CFReleaseNull(leaf); + CFReleaseNull(subCA); + CFReleaseNull(root); + CFReleaseNull(policy); + CFReleaseNull(trust); + CFReleaseNull(certs); + CFReleaseNull(anchors); + CFReleaseNull(verifyDate); + CFReleaseNull(error); +} + +- (void) test_check_if_trusted { + if (!ping_host("ocsp.apple.com")) { + XCTAssert(false, "Unable to contact required network resource"); + return; + } + + SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; + SecPolicyRef codesigningPolicy = NULL, revocationPolicy = NULL; + SecTrustRef trust = NULL; + CFArrayRef certs = NULL, anchors = NULL, policies = NULL; + CFDateRef verifyDate = NULL, badVerifyDate = NULL; + CFErrorRef error = NULL; + + leaf = SecCertificateCreateWithBytes(NULL, _probablyNotRevokedLeaf, sizeof(_probablyNotRevokedLeaf)); + subCA = SecCertificateCreateWithBytes(NULL, _devIDCA, sizeof(_devIDCA)); + root = SecCertificateCreateWithBytes(NULL, _appleRoot, sizeof(_appleRoot)); + + codesigningPolicy = SecPolicyCreateAppleExternalDeveloper(); + revocationPolicy = SecPolicyCreateRevocation(kSecRevocationCheckIfTrusted); + + const void *v_certs[] = { leaf, subCA }; + const void *v_anchors[] = { root }; + const void *v_policies[] = { codesigningPolicy, revocationPolicy }; + + certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); + policies = CFArrayCreate(NULL, v_policies, 2, &kCFTypeArrayCallBacks); + require_noerr_action(SecTrustCreateWithCertificates(certs, policies, &trust), errOut, fail("failed to create trust object")); + + anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); + require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); + badVerifyDate = CFDateCreate(NULL, 490000000.0); // July 12, 2016 at 12:06:40 AM PDT (before cert issued) + require_noerr_action(SecTrustSetVerifyDate(trust, badVerifyDate), errOut, fail("failed to set verify date")); + + /* Set no fetch allowed */ + require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, false), errOut, fail("failed to set network fetch disallowed")); + + /* Evaluate trust. This cert is revoked, but is only listed as "probably not revoked" by valid.apple.com. + * Since we are evaluating it at a time before it was issued, it should come back as untrusted + * due to the temporal validity failure, but not due to revocation since we couldn't check for this + * untrusted chain. */ + is(SecTrustEvaluateWithError(trust, &error), false, "not yet valid cert succeeded trust evaluation"); + if (error) { + is(CFErrorGetCode(error), errSecCertificateExpired, "got wrong error code for expired cert"); + } else { + fail("expected trust evaluation to fail and it did not."); + } + CFReleaseNull(error); + + /* Set verify date within validity period */ + verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT + require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); + + /* Evaluate trust. Now that we trust the chain, we should do a revocation check and get a revocation failure. */ + is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with network succeeded"); + if (error) { + is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", + (long)CFErrorGetCode(error), errSecCertificateRevoked); + } else { + fail("expected trust evaluation to fail and it did not."); + } + +errOut: + CFReleaseNull(leaf); + CFReleaseNull(subCA); + CFReleaseNull(root); + CFReleaseNull(codesigningPolicy); + CFReleaseNull(revocationPolicy); + CFReleaseNull(trust); + CFReleaseNull(certs); + CFReleaseNull(anchors); + CFReleaseNull(policies); + CFReleaseNull(verifyDate); + CFReleaseNull(badVerifyDate); + CFReleaseNull(error); +} + +- (void) test_cache { + if (!ping_host("ocsp.apple.com")) { + XCTAssert(false, "Unable to contact required network resource"); + return; + } + + SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; + SecPolicyRef policy = NULL; + SecTrustRef trust = NULL; + CFArrayRef certs = NULL, anchors = NULL; + CFDateRef verifyDate = NULL; + CFErrorRef error = NULL; + + leaf = SecCertificateCreateWithBytes(NULL, _probablyNotRevokedLeaf, sizeof(_probablyNotRevokedLeaf)); + subCA = SecCertificateCreateWithBytes(NULL, _devIDCA, sizeof(_devIDCA)); + root = SecCertificateCreateWithBytes(NULL, _appleRoot, sizeof(_appleRoot)); + + const void *v_certs[] = { leaf, subCA }; + const void *v_anchors[] = { root }; + + certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); + policy = SecPolicyCreateAppleExternalDeveloper(); + require_noerr_action(SecTrustCreateWithCertificates(certs, policy, &trust), errOut, fail("failed to create trust object")); + + anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); + require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); + + verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT + require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); + + /* Evaluate trust. This cert is revoked, but is only listed as "probably not revoked" by valid.apple.com. + * This cert should come back as revoked after a network-based fetch. */ + is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with network succeeded"); + if (error) { + is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", + (long)CFErrorGetCode(error), errSecCertificateRevoked); + } else { + fail("expected trust evaluation to fail and it did not."); + } + + /* Set no fetch allowed, so we're relying on the cached response from above */ + require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, false), errOut, fail("failed to set network fetch disallowed")); + + /* Evaluate trust. Cached response should tell us that it's revoked. */ + is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with cached response succeeded"); + if (error) { + is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", + (long)CFErrorGetCode(error), errSecCertificateRevoked); + } else { + fail("expected trust evaluation to fail and it did not."); + } + +errOut: + CFReleaseNull(leaf); + CFReleaseNull(subCA); + CFReleaseNull(root); + CFReleaseNull(policy); + CFReleaseNull(trust); + CFReleaseNull(certs); + CFReleaseNull(anchors); + CFReleaseNull(verifyDate); + CFReleaseNull(error); +} + +- (void)test_revoked_responses_not_flushed_from_cache +{ + if (!ping_host("ocsp.apple.com")) { + XCTAssert(false, "Unable to contact required network resource"); + return; + } + + SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; + SecPolicyRef policy = NULL; + SecTrustRef trust = NULL; + CFArrayRef certs = NULL, anchors = NULL; + CFDateRef verifyDate = NULL; + CFErrorRef error = NULL; + + leaf = SecCertificateCreateWithBytes(NULL, _probablyNotRevokedLeaf, sizeof(_probablyNotRevokedLeaf)); + subCA = SecCertificateCreateWithBytes(NULL, _devIDCA, sizeof(_devIDCA)); + root = SecCertificateCreateWithBytes(NULL, _appleRoot, sizeof(_appleRoot)); + + const void *v_certs[] = { leaf, subCA }; + const void *v_anchors[] = { root }; + + certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); + policy = SecPolicyCreateAppleExternalDeveloper(); + require_noerr_action(SecTrustCreateWithCertificates(certs, policy, &trust), errOut, fail("failed to create trust object")); + + anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); + require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); + + verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT + require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); + + /* Evaluate trust. This cert is revoked, but is only listed as "probably not revoked" by valid.apple.com. + * This cert should come back as revoked after a network-based fetch. */ + is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with network succeeded"); + if (error) { + is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", + (long)CFErrorGetCode(error), errSecCertificateRevoked); + } else { + fail("expected trust evaluation to fail and it did not."); + } + + /* Set no fetch allowed, so we're relying on the cached response from above */ + require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, false), errOut, fail("failed to set network fetch disallowed")); + + /* Evaluate trust. Cached response should tell us that it's revoked. */ + is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with cached response succeeded"); + if (error) { + is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", + (long)CFErrorGetCode(error), errSecCertificateRevoked); + } else { + fail("expected trust evaluation to fail and it did not."); + } + + /* flush the cache and reset the turst, the revoked response should still be present afterwards */ + XCTAssert(SecTrustFlushResponseCache(NULL)); + SecTrustSetNeedsEvaluation(trust); + + is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with cached response succeeded"); + if (error) { + is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", + (long)CFErrorGetCode(error), errSecCertificateRevoked); + } else { + fail("expected trust evaluation to fail and it did not."); + } + +errOut: + CFReleaseNull(leaf); + CFReleaseNull(subCA); + CFReleaseNull(root); + CFReleaseNull(policy); + CFReleaseNull(trust); + CFReleaseNull(certs); + CFReleaseNull(anchors); + CFReleaseNull(verifyDate); + CFReleaseNull(error); +} + +- (void) test_results_dictionary_revocation_checked { + if (!ping_host("ocsp.digicert.com")) { + XCTAssert(false, "Unable to contact required network resource"); + return; + } + + SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; + SecPolicyRef sslPolicy = NULL, ocspPolicy = NULL; + SecTrustRef trust = NULL; + CFArrayRef certs = NULL, anchors = NULL, policies = NULL; + CFDateRef verifyDate = NULL; + CFErrorRef error = NULL; + + leaf = SecCertificateCreateWithBytes(NULL, _ocsp_c0, sizeof(_ocsp_c0)); + subCA = SecCertificateCreateWithBytes(NULL, _ocsp_c1, sizeof(_ocsp_c1)); + root = SecCertificateCreateWithBytes(NULL, _ocsp_c2, sizeof(_ocsp_c2)); + + sslPolicy = SecPolicyCreateSSL(true, CFSTR("www.apple.com")); + ocspPolicy = SecPolicyCreateRevocation(kSecRevocationOCSPMethod); + + const void *v_certs[] = { leaf, subCA }; + const void *v_anchors[] = { root }; + const void *v_policies[] = { sslPolicy, ocspPolicy }; + + certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); + policies = CFArrayCreate(NULL, v_policies, 2, &kCFTypeArrayCallBacks); + require_noerr_action(SecTrustCreateWithCertificates(certs, policies, &trust), errOut, fail("failed to create trust object")); + + anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); + require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); + + verifyDate = CFDateCreate(NULL, 577000000.0); // April 14, 2019 at 10:46:40 PM PDT + require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); + + is(SecTrustEvaluateWithError(trust, &error), true, "valid cert failed"); + + /* Verify that the results dictionary contains all the right keys for a valid cert where revocation checked */ + CFDictionaryRef result = SecTrustCopyResult(trust); + isnt(result, NULL, "failed to copy result dictionary"); + if (result) { + is(CFDictionaryGetValue(result, kSecTrustRevocationChecked), kCFBooleanTrue, "expected revocation checked flag"); + CFDateRef validUntil = CFDictionaryGetValue(result, kSecTrustRevocationValidUntilDate); + isnt(validUntil, NULL, "expected revocation valid until date"); + if (validUntil) { + ok(CFDateGetAbsoluteTime(validUntil) > CFAbsoluteTimeGetCurrent(), "expected valid until date in the future"); + } else { + fail("did not get valid until date"); + } + } + CFReleaseNull(result); + +errOut: + CFReleaseNull(leaf); + CFReleaseNull(subCA); + CFReleaseNull(root); + CFReleaseNull(ocspPolicy); + CFReleaseNull(sslPolicy); + CFReleaseNull(trust); + CFReleaseNull(certs); + CFReleaseNull(anchors); + CFReleaseNull(policies); + CFReleaseNull(verifyDate); + CFReleaseNull(error); +} + +#else /* TARGET_OS_WATCH || TARGET_OS_BRIDGE */ +- (void)testNoNetworking +{ + SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; + SecPolicyRef policy = NULL; + SecTrustRef trust = NULL; + CFArrayRef certs = NULL, anchors = NULL; + CFDateRef verifyDate = NULL; + CFErrorRef error = NULL; + + leaf = SecCertificateCreateWithBytes(NULL, _probablyNotRevokedLeaf, sizeof(_probablyNotRevokedLeaf)); + subCA = SecCertificateCreateWithBytes(NULL, _devIDCA, sizeof(_devIDCA)); + root = SecCertificateCreateWithBytes(NULL, _appleRoot, sizeof(_appleRoot)); + + const void *v_certs[] = { leaf, subCA }; + const void *v_anchors[] = { root }; + + certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); + policy = SecPolicyCreateAppleExternalDeveloper(); + require_noerr_action(SecTrustCreateWithCertificates(certs, policy, &trust), errOut, fail("failed to create trust object")); + + anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); + require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); + + verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT + require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); + + /* Evaluate trust. Since we aren't allowed to do networking (and this cert is only "Probably Not Revoked" in Valid), + * we shouldn't see this cert as revoked */ + is(SecTrustEvaluateWithError(trust, &error), true, "revoked cert with no network failed"); + +errOut: + CFReleaseNull(leaf); + CFReleaseNull(subCA); + CFReleaseNull(root); + CFReleaseNull(policy); + CFReleaseNull(trust); + CFReleaseNull(certs); + CFReleaseNull(anchors); + CFReleaseNull(verifyDate); + CFReleaseNull(error); +} +#endif + +/* bridgeOS and watchOS do not support networked OCSP but do support stapling */ +- (void) test_stapled_revoked_response { + SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; + SecPolicyRef policy = NULL; + SecTrustRef trust = NULL; + CFArrayRef certs = NULL, anchors = NULL; + CFDateRef verifyDate = NULL; + CFErrorRef error = NULL; + CFDataRef ocspResponse = NULL; + + leaf = SecCertificateCreateWithBytes(NULL, _probablyNotRevokedLeaf, sizeof(_probablyNotRevokedLeaf)); + subCA = SecCertificateCreateWithBytes(NULL, _devIDCA, sizeof(_devIDCA)); + root = SecCertificateCreateWithBytes(NULL, _appleRoot, sizeof(_appleRoot)); + + const void *v_certs[] = { leaf, subCA }; + const void *v_anchors[] = { root }; + + certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); + policy = SecPolicyCreateAppleExternalDeveloper(); + require_noerr_action(SecTrustCreateWithCertificates(certs, policy, &trust), errOut, fail("failed to create trust object")); + + anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); + require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); + + verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT + require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); + + /* Set the stapled response */ + ocspResponse = CFDataCreate(NULL, _devID_OCSPResponse, sizeof(_devID_OCSPResponse)); + ok_status(SecTrustSetOCSPResponse(trust, ocspResponse), "failed to set OCSP response"); + + /* Set no fetch allowed, so we're relying on the stapled response from above */ + require_noerr_action(SecTrustSetNetworkFetchAllowed(trust, false), errOut, fail("failed to set network fetch disallowed")); + + /* Evaluate trust. This cert is revoked, but is only listed as "probably not revoked" by valid.apple.com. + * This cert should come back as revoked because of the stapled revoked response. */ + is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert with stapled response succeeded"); + if (error) { + is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", + (long)CFErrorGetCode(error), errSecCertificateRevoked); + } else { + fail("expected trust evaluation to fail and it did not."); + } + +errOut: + CFReleaseNull(leaf); + CFReleaseNull(subCA); + CFReleaseNull(root); + CFReleaseNull(policy); + CFReleaseNull(trust); + CFReleaseNull(certs); + CFReleaseNull(anchors); + CFReleaseNull(verifyDate); + CFReleaseNull(error); + CFReleaseNull(ocspResponse); +} + +- (void) test_results_dictionary_revocation_reason { + SecCertificateRef leaf = NULL, subCA = NULL, root = NULL; + SecPolicyRef policy = NULL; + SecTrustRef trust = NULL; + CFArrayRef certs = NULL, anchors = NULL; + CFDateRef verifyDate = NULL; + CFErrorRef error = NULL; + CFDataRef ocspResponse = NULL; + + leaf = SecCertificateCreateWithBytes(NULL, _probablyNotRevokedLeaf, sizeof(_probablyNotRevokedLeaf)); + subCA = SecCertificateCreateWithBytes(NULL, _devIDCA, sizeof(_devIDCA)); + root = SecCertificateCreateWithBytes(NULL, _appleRoot, sizeof(_appleRoot)); + + const void *v_certs[] = { leaf, subCA }; + const void *v_anchors[] = { root }; + + certs = CFArrayCreate(NULL, v_certs, 2, &kCFTypeArrayCallBacks); + policy = SecPolicyCreateAppleExternalDeveloper(); + require_noerr_action(SecTrustCreateWithCertificates(certs, policy, &trust), errOut, fail("failed to create trust object")); + + anchors = CFArrayCreate(NULL, v_anchors, 1, &kCFTypeArrayCallBacks); + require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut, fail("failed to set anchors")); + + verifyDate = CFDateCreate(NULL, 543000000.0); // March 17, 2018 at 10:20:00 AM PDT + require_noerr_action(SecTrustSetVerifyDate(trust, verifyDate), errOut, fail("failed to set verify date")); + + /* Set the stapled response */ + ocspResponse = CFDataCreate(NULL, _devID_OCSPResponse, sizeof(_devID_OCSPResponse)); + ok_status(SecTrustSetOCSPResponse(trust, ocspResponse), "failed to set OCSP response"); + + /* Evaluate trust. This cert is revoked, but is only listed as "probably revoked" by valid.apple.com. + * This cert should come back as revoked. */ + is(SecTrustEvaluateWithError(trust, &error), false, "revoked cert succeeded"); + if (error) { + is(CFErrorGetCode(error), errSecCertificateRevoked, "got wrong error code for revoked cert, got %ld, expected %d", + (long)CFErrorGetCode(error), errSecCertificateRevoked); + + /* Verify that the results dictionary contains all the right keys for a revoked cert */ + CFDictionaryRef result = SecTrustCopyResult(trust); + isnt(result, NULL, "failed to copy result dictionary"); + if (result) { + int64_t reason = 4; // superceded + CFNumberRef cfreason = CFNumberCreate(NULL, kCFNumberSInt64Type, &reason); + is(CFNumberCompare(cfreason, CFDictionaryGetValue(result, kSecTrustRevocationReason), NULL), kCFCompareEqualTo, "expected revocation reason 4"); + CFReleaseNull(cfreason); + } + CFReleaseNull(result); + } else { + fail("expected trust evaluation to fail and it did not."); + } + +errOut: + CFReleaseNull(leaf); + CFReleaseNull(subCA); + CFReleaseNull(root); + CFReleaseNull(policy); + CFReleaseNull(trust); + CFReleaseNull(certs); + CFReleaseNull(anchors); + CFReleaseNull(verifyDate); + CFReleaseNull(error); + CFReleaseNull(ocspResponse); +} + +@end diff --git a/tests/TrustTests/EvaluationTests/RevocationTests_data.h b/tests/TrustTests/EvaluationTests/RevocationTests_data.h new file mode 100644 index 00000000..90d87845 --- /dev/null +++ b/tests/TrustTests/EvaluationTests/RevocationTests_data.h @@ -0,0 +1,1287 @@ +/* + * Copyright (c) 2018 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + + +#ifndef _TRUSTTESTS_REVOCATION_TESTS_H_ +#define _TRUSTTESTS_REVOCATION_TESTS_H_ + +/* subject:/businessCategory=Private Organization/jurisdictionCountryName=US/jurisdictionStateOrProvinceName=California/serialNumber=C0806592/C=US/ST=California/L=Cupertino/O=Apple Inc./OU=Internet Services for Akamai/CN=www.apple.com */ +/* issuer :/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA */ +static const uint8_t _ocsp_c0[]={ + 0x30,0x82,0x06,0xF1,0x30,0x82,0x05,0xD9,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x0F, + 0x8E,0x4E,0x4C,0x9C,0xF5,0x5E,0xA5,0xFE,0x2E,0x9B,0x2B,0x7E,0xFF,0xDE,0x8F,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x75, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30, + 0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74, + 0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77, + 0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31, + 0x34,0x30,0x32,0x06,0x03,0x55,0x04,0x03,0x13,0x2B,0x44,0x69,0x67,0x69,0x43,0x65, + 0x72,0x74,0x20,0x53,0x48,0x41,0x32,0x20,0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64, + 0x20,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x72,0x76, + 0x65,0x72,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x39,0x30,0x33,0x30,0x37,0x30, + 0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x32,0x30,0x30,0x33,0x30,0x37,0x31,0x32, + 0x30,0x30,0x30,0x30,0x5A,0x30,0x81,0xEE,0x31,0x1D,0x30,0x1B,0x06,0x03,0x55,0x04, + 0x0F,0x0C,0x14,0x50,0x72,0x69,0x76,0x61,0x74,0x65,0x20,0x4F,0x72,0x67,0x61,0x6E, + 0x69,0x7A,0x61,0x74,0x69,0x6F,0x6E,0x31,0x13,0x30,0x11,0x06,0x0B,0x2B,0x06,0x01, + 0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,0x13,0x02,0x55,0x53,0x31,0x1B,0x30,0x19, + 0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,0x13,0x0A,0x43, + 0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x11,0x30,0x0F,0x06,0x03,0x55, + 0x04,0x05,0x13,0x08,0x43,0x30,0x38,0x30,0x36,0x35,0x39,0x32,0x31,0x0B,0x30,0x09, + 0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55, + 0x04,0x08,0x13,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x12, + 0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69, + 0x6E,0x6F,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70, + 0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B, + 0x13,0x1C,0x49,0x6E,0x74,0x65,0x72,0x6E,0x65,0x74,0x20,0x53,0x65,0x72,0x76,0x69, + 0x63,0x65,0x73,0x20,0x66,0x6F,0x72,0x20,0x41,0x6B,0x61,0x6D,0x61,0x69,0x31,0x16, + 0x30,0x14,0x06,0x03,0x55,0x04,0x03,0x13,0x0D,0x77,0x77,0x77,0x2E,0x61,0x70,0x70, + 0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86, + 0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82, + 0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xED,0x5E,0x5D,0xC6,0x85,0xBE,0xE5,0x2A,0x78, + 0x7A,0x1F,0x77,0x1F,0x42,0x17,0xEA,0xC1,0xE3,0x75,0xAE,0xC9,0x38,0x7A,0xE0,0xCF, + 0x9F,0xEB,0xBA,0x47,0x42,0xCF,0x63,0x75,0x26,0xD3,0x4C,0x8E,0x6C,0x2F,0xC7,0xBC, + 0x1C,0xBB,0x37,0xC9,0xA5,0xA0,0xD3,0x8F,0xEA,0x3D,0x02,0xC8,0xE8,0x06,0xA1,0xA7, + 0x2B,0x4C,0x7B,0x91,0x55,0xBC,0x51,0xAB,0xE7,0xC8,0xB8,0xA8,0xA6,0x49,0x3E,0x94, + 0x45,0xF1,0x00,0x90,0x26,0xB9,0xB5,0xAF,0xB5,0xA0,0x22,0x41,0x2C,0x10,0x52,0x8B, + 0xD9,0xF0,0x91,0xE5,0x40,0x76,0x60,0xFD,0xC2,0xB1,0xFE,0xD0,0x55,0xC3,0x4F,0x18, + 0x7D,0x20,0x00,0x0C,0x8B,0x41,0x2C,0x2D,0xC1,0x0A,0xC0,0xE1,0x2E,0xDE,0xF8,0x47, + 0x84,0xB2,0x36,0x4E,0x03,0x5F,0x77,0x90,0xF6,0xF5,0x60,0xD8,0xAA,0x25,0x10,0xEB, + 0x37,0x38,0x03,0x7F,0x4B,0x46,0x36,0x76,0x2E,0x66,0xFE,0x18,0xE4,0x9B,0x31,0xEC, + 0xD5,0x2A,0xDB,0x60,0x90,0xD7,0xA0,0xD5,0xAB,0x79,0x9C,0x01,0xF6,0xAC,0x87,0x88, + 0x73,0x43,0x08,0xE0,0x48,0xF0,0x09,0xAC,0x41,0x40,0x60,0xE4,0x9C,0xA7,0xCC,0xBD, + 0x2F,0xC7,0x5D,0x32,0x32,0x2E,0x42,0xD7,0x69,0x2F,0x46,0x30,0xD3,0x6E,0x17,0xBA, + 0x1C,0xA6,0xBA,0xBC,0xB5,0x62,0x53,0x89,0xC7,0x4A,0xEF,0xB9,0xF8,0x0F,0x25,0x2F, + 0xB4,0x7A,0x5C,0x05,0xFB,0xE4,0xFD,0x13,0x47,0x1B,0xFF,0x60,0x6F,0x40,0xF2,0x0F, + 0x2D,0x53,0x38,0x3F,0x21,0x87,0x4D,0x08,0xB1,0x1B,0xD3,0xDA,0xAB,0xD5,0x9E,0x94, + 0x69,0x43,0xA3,0xA2,0x5E,0xF1,0xE9,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,0x01, + 0x30,0x82,0x02,0xFD,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80, + 0x14,0x3D,0xD3,0x50,0xA5,0xD6,0xA0,0xAD,0xEE,0xF3,0x4A,0x60,0x0A,0x65,0xD3,0x21, + 0xD4,0xF8,0xF8,0xD6,0x0F,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14, + 0xD8,0xF5,0xFF,0x6D,0xDC,0x96,0x30,0x5C,0xAD,0x80,0x75,0xFF,0xCE,0xC5,0xF7,0x9D, + 0x16,0x73,0xCB,0x16,0x30,0x2A,0x06,0x03,0x55,0x1D,0x11,0x04,0x23,0x30,0x21,0x82, + 0x10,0x69,0x6D,0x61,0x67,0x65,0x73,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F, + 0x6D,0x82,0x0D,0x77,0x77,0x77,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D, + 0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0, + 0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01, + 0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30, + 0x75,0x06,0x03,0x55,0x1D,0x1F,0x04,0x6E,0x30,0x6C,0x30,0x34,0xA0,0x32,0xA0,0x30, + 0x86,0x2E,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x33,0x2E,0x64,0x69, + 0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x68,0x61,0x32,0x2D, + 0x65,0x76,0x2D,0x73,0x65,0x72,0x76,0x65,0x72,0x2D,0x67,0x32,0x2E,0x63,0x72,0x6C, + 0x30,0x34,0xA0,0x32,0xA0,0x30,0x86,0x2E,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63, + 0x72,0x6C,0x34,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D, + 0x2F,0x73,0x68,0x61,0x32,0x2D,0x65,0x76,0x2D,0x73,0x65,0x72,0x76,0x65,0x72,0x2D, + 0x67,0x32,0x2E,0x63,0x72,0x6C,0x30,0x4B,0x06,0x03,0x55,0x1D,0x20,0x04,0x44,0x30, + 0x42,0x30,0x37,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xFD,0x6C,0x02,0x01,0x30,0x2A, + 0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C,0x68,0x74, + 0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65, + 0x72,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x50,0x53,0x30,0x07,0x06,0x05,0x67,0x81, + 0x0C,0x01,0x01,0x30,0x81,0x88,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, + 0x04,0x7C,0x30,0x7A,0x30,0x24,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, + 0x86,0x18,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x64,0x69, + 0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x30,0x52,0x06,0x08,0x2B,0x06, + 0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x46,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63, + 0x61,0x63,0x65,0x72,0x74,0x73,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E, + 0x63,0x6F,0x6D,0x2F,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x53,0x48,0x41,0x32, + 0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69, + 0x6F,0x6E,0x53,0x65,0x72,0x76,0x65,0x72,0x43,0x41,0x2E,0x63,0x72,0x74,0x30,0x09, + 0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x82,0x01,0x04,0x06,0x0A,0x2B, + 0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,0x04,0x81,0xF5,0x04,0x81,0xF2,0x00, + 0xF0,0x00,0x76,0x00,0xBB,0xD9,0xDF,0xBC,0x1F,0x8A,0x71,0xB5,0x93,0x94,0x23,0x97, + 0xAA,0x92,0x7B,0x47,0x38,0x57,0x95,0x0A,0xAB,0x52,0xE8,0x1A,0x90,0x96,0x64,0x36, + 0x8E,0x1E,0xD1,0x85,0x00,0x00,0x01,0x69,0x58,0x42,0xD1,0x06,0x00,0x00,0x04,0x03, + 0x00,0x47,0x30,0x45,0x02,0x20,0x68,0x81,0x0C,0x54,0x88,0x45,0x7A,0xC6,0x84,0xB8, + 0x65,0x9B,0xFD,0x9C,0x34,0x80,0xF6,0x38,0x91,0xEF,0xCF,0x58,0xF9,0xFD,0xF3,0x50, + 0x6F,0xAD,0x8E,0xA0,0xAD,0xE8,0x02,0x21,0x00,0xCE,0x32,0x9D,0x5B,0x3D,0xA2,0x8B, + 0xB6,0x04,0x48,0xEE,0x01,0x26,0x6C,0xD3,0x50,0xA1,0xEA,0x7F,0x25,0x0C,0x00,0x2A, + 0x42,0x6D,0x42,0x0D,0x13,0xC0,0xA9,0x85,0xBC,0x00,0x76,0x00,0x56,0x14,0x06,0x9A, + 0x2F,0xD7,0xC2,0xEC,0xD3,0xF5,0xE1,0xBD,0x44,0xB2,0x3E,0xC7,0x46,0x76,0xB9,0xBC, + 0x99,0x11,0x5C,0xC0,0xEF,0x94,0x98,0x55,0xD6,0x89,0xD0,0xDD,0x00,0x00,0x01,0x69, + 0x58,0x42,0xD1,0x44,0x00,0x00,0x04,0x03,0x00,0x47,0x30,0x45,0x02,0x20,0x4B,0xD4, + 0x64,0x52,0xD3,0x52,0xF0,0x3E,0xD8,0xD4,0x3D,0xC5,0x40,0x72,0xED,0xC3,0x04,0x8C, + 0x3C,0x16,0x46,0x5D,0x38,0x02,0xBA,0xA2,0x1E,0x52,0xAA,0xE1,0xDA,0xB6,0x02,0x21, + 0x00,0xA3,0x5E,0x2F,0x6B,0xCC,0xB9,0x34,0xD9,0xA4,0x00,0x70,0xE1,0x3A,0x99,0xB4, + 0x0D,0x25,0x6D,0xD3,0x59,0x77,0xC2,0x98,0x8C,0x6A,0xA0,0xAE,0xA7,0xE1,0x06,0x73, + 0x32,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00, + 0x03,0x82,0x01,0x01,0x00,0x3F,0xD9,0xA1,0x19,0xB3,0x7C,0x56,0xA5,0x89,0xE5,0xA2, + 0x33,0x33,0xE3,0xFC,0xBB,0x29,0xDB,0xD7,0x69,0x76,0x31,0x2F,0x69,0x97,0x90,0xA1, + 0x0C,0x11,0x0B,0x5A,0xCB,0xAB,0x41,0x66,0xB2,0x9B,0xDF,0x71,0xD6,0xDC,0x92,0x91, + 0xB6,0x17,0x8B,0xD3,0x9C,0x83,0x3C,0xDC,0x7C,0xA7,0x29,0x5D,0xBA,0x38,0x97,0x9B, + 0x0D,0x07,0xE0,0x46,0xCA,0x27,0x5F,0x41,0xA0,0xC0,0x84,0x1E,0x47,0x00,0xDC,0x87, + 0x79,0xFD,0xAF,0x3E,0x34,0xC2,0x6D,0xB1,0x47,0x0C,0x52,0x14,0x81,0xAC,0xB2,0x6C, + 0xB4,0x30,0xB2,0x41,0x61,0x77,0x07,0x96,0x05,0x5B,0x26,0x36,0xA2,0x94,0xC2,0x70, + 0xC3,0xCD,0xC1,0x15,0xAC,0x33,0x0D,0x60,0x68,0xFA,0x19,0x95,0x3E,0x28,0x14,0xDE, + 0x19,0x15,0xF2,0x4B,0x43,0xAB,0x00,0xBF,0x54,0xE3,0xAF,0x5A,0x29,0x0F,0x32,0xCB, + 0xCC,0xBE,0x7F,0x07,0x30,0xF6,0xD9,0x49,0xE6,0x27,0x1F,0xC0,0x3B,0x9C,0x3D,0x2E, + 0xD1,0x6C,0xC5,0xB6,0x0E,0x8D,0x17,0xDC,0x48,0x5C,0x1F,0xC1,0x7E,0x4B,0xBA,0x8C, + 0x43,0xCA,0xAF,0x99,0x76,0x88,0x9B,0xA4,0x68,0x60,0xFA,0xC2,0xD3,0x87,0xEF,0x39, + 0x16,0x8C,0x49,0x36,0x2C,0x09,0xF9,0x07,0x2A,0x2E,0x7B,0x61,0x3E,0x76,0x76,0xEF, + 0x74,0x96,0xA5,0xAE,0xFF,0x6B,0x4C,0xF7,0x7F,0x96,0x41,0xBE,0x9C,0x09,0x41,0xBA, + 0x8A,0x1C,0xFD,0xC2,0x4A,0xE1,0x0A,0xA8,0x7E,0x7B,0xA8,0x98,0xA8,0x01,0x5D,0xAB, + 0xEF,0xDB,0x36,0xB3,0xE6,0x93,0x5D,0x27,0x0C,0x26,0xC3,0x33,0x93,0x74,0xAF,0x79, + 0x81,0xE5,0xD4,0x46,0x4E, +}; + +/* subject:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA */ +/* issuer :/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA */ +static const uint8_t _ocsp_c1[]= { + 0x30,0x82,0x04,0xB6,0x30,0x82,0x03,0x9E,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x0C, + 0x79,0xA9,0x44,0xB0,0x8C,0x11,0x95,0x20,0x92,0x61,0x5F,0xE2,0x6B,0x1D,0x83,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x6C, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30, + 0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74, + 0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77, + 0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31, + 0x2B,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x44,0x69,0x67,0x69,0x43,0x65, + 0x72,0x74,0x20,0x48,0x69,0x67,0x68,0x20,0x41,0x73,0x73,0x75,0x72,0x61,0x6E,0x63, + 0x65,0x20,0x45,0x56,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D, + 0x31,0x33,0x31,0x30,0x32,0x32,0x31,0x32,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x32, + 0x38,0x31,0x30,0x32,0x32,0x31,0x32,0x30,0x30,0x30,0x30,0x5A,0x30,0x75,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30,0x13,0x06, + 0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x20,0x49, + 0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77,0x77,0x77, + 0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31,0x34,0x30, + 0x32,0x06,0x03,0x55,0x04,0x03,0x13,0x2B,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74, + 0x20,0x53,0x48,0x41,0x32,0x20,0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56, + 0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x72,0x76,0x65,0x72, + 0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02, + 0x82,0x01,0x01,0x00,0xD7,0x53,0xA4,0x04,0x51,0xF8,0x99,0xA6,0x16,0x48,0x4B,0x67, + 0x27,0xAA,0x93,0x49,0xD0,0x39,0xED,0x0C,0xB0,0xB0,0x00,0x87,0xF1,0x67,0x28,0x86, + 0x85,0x8C,0x8E,0x63,0xDA,0xBC,0xB1,0x40,0x38,0xE2,0xD3,0xF5,0xEC,0xA5,0x05,0x18, + 0xB8,0x3D,0x3E,0xC5,0x99,0x17,0x32,0xEC,0x18,0x8C,0xFA,0xF1,0x0C,0xA6,0x64,0x21, + 0x85,0xCB,0x07,0x10,0x34,0xB0,0x52,0x88,0x2B,0x1F,0x68,0x9B,0xD2,0xB1,0x8F,0x12, + 0xB0,0xB3,0xD2,0xE7,0x88,0x1F,0x1F,0xEF,0x38,0x77,0x54,0x53,0x5F,0x80,0x79,0x3F, + 0x2E,0x1A,0xAA,0xA8,0x1E,0x4B,0x2B,0x0D,0xAB,0xB7,0x63,0xB9,0x35,0xB7,0x7D,0x14, + 0xBC,0x59,0x4B,0xDF,0x51,0x4A,0xD2,0xA1,0xE2,0x0C,0xE2,0x90,0x82,0x87,0x6A,0xAE, + 0xEA,0xD7,0x64,0xD6,0x98,0x55,0xE8,0xFD,0xAF,0x1A,0x50,0x6C,0x54,0xBC,0x11,0xF2, + 0xFD,0x4A,0xF2,0x9D,0xBB,0x7F,0x0E,0xF4,0xD5,0xBE,0x8E,0x16,0x89,0x12,0x55,0xD8, + 0xC0,0x71,0x34,0xEE,0xF6,0xDC,0x2D,0xEC,0xC4,0x87,0x25,0x86,0x8D,0xD8,0x21,0xE4, + 0xB0,0x4D,0x0C,0x89,0xDC,0x39,0x26,0x17,0xDD,0xF6,0xD7,0x94,0x85,0xD8,0x04,0x21, + 0x70,0x9D,0x6F,0x6F,0xFF,0x5C,0xBA,0x19,0xE1,0x45,0xCB,0x56,0x57,0x28,0x7E,0x1C, + 0x0D,0x41,0x57,0xAA,0xB7,0xB8,0x27,0xBB,0xB1,0xE4,0xFA,0x2A,0xEF,0x21,0x23,0x75, + 0x1A,0xAD,0x2D,0x9B,0x86,0x35,0x8C,0x9C,0x77,0xB5,0x73,0xAD,0xD8,0x94,0x2D,0xE4, + 0xF3,0x0C,0x9D,0xEE,0xC1,0x4E,0x62,0x7E,0x17,0xC0,0x71,0x9E,0x2C,0xDE,0xF1,0xF9, + 0x10,0x28,0x19,0x33,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x49,0x30,0x82,0x01, + 0x45,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01, + 0x01,0xFF,0x02,0x01,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04, + 0x04,0x03,0x02,0x01,0x86,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x03,0x02,0x30,0x34,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, + 0x04,0x28,0x30,0x26,0x30,0x24,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, + 0x86,0x18,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x64,0x69, + 0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x30,0x4B,0x06,0x03,0x55,0x1D, + 0x1F,0x04,0x44,0x30,0x42,0x30,0x40,0xA0,0x3E,0xA0,0x3C,0x86,0x3A,0x68,0x74,0x74, + 0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x34,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72, + 0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x48,0x69, + 0x67,0x68,0x41,0x73,0x73,0x75,0x72,0x61,0x6E,0x63,0x65,0x45,0x56,0x52,0x6F,0x6F, + 0x74,0x43,0x41,0x2E,0x63,0x72,0x6C,0x30,0x3D,0x06,0x03,0x55,0x1D,0x20,0x04,0x36, + 0x30,0x34,0x30,0x32,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x2A,0x30,0x28,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C,0x68,0x74,0x74,0x70,0x73,0x3A, + 0x2F,0x2F,0x77,0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63, + 0x6F,0x6D,0x2F,0x43,0x50,0x53,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04, + 0x14,0x3D,0xD3,0x50,0xA5,0xD6,0xA0,0xAD,0xEE,0xF3,0x4A,0x60,0x0A,0x65,0xD3,0x21, + 0xD4,0xF8,0xF8,0xD6,0x0F,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16, + 0x80,0x14,0xB1,0x3E,0xC3,0x69,0x03,0xF8,0xBF,0x47,0x01,0xD4,0x98,0x26,0x1A,0x08, + 0x02,0xEF,0x63,0x64,0x2B,0xC3,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D, + 0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x9D,0xB6,0xD0,0x90,0x86,0xE1, + 0x86,0x02,0xED,0xC5,0xA0,0xF0,0x34,0x1C,0x74,0xC1,0x8D,0x76,0xCC,0x86,0x0A,0xA8, + 0xF0,0x4A,0x8A,0x42,0xD6,0x3F,0xC8,0xA9,0x4D,0xAD,0x7C,0x08,0xAD,0xE6,0xB6,0x50, + 0xB8,0xA2,0x1A,0x4D,0x88,0x07,0xB1,0x29,0x21,0xDC,0xE7,0xDA,0xC6,0x3C,0x21,0xE0, + 0xE3,0x11,0x49,0x70,0xAC,0x7A,0x1D,0x01,0xA4,0xCA,0x11,0x3A,0x57,0xAB,0x7D,0x57, + 0x2A,0x40,0x74,0xFD,0xD3,0x1D,0x85,0x18,0x50,0xDF,0x57,0x47,0x75,0xA1,0x7D,0x55, + 0x20,0x2E,0x47,0x37,0x50,0x72,0x8C,0x7F,0x82,0x1B,0xD2,0x62,0x8F,0x2D,0x03,0x5A, + 0xDA,0xC3,0xC8,0xA1,0xCE,0x2C,0x52,0xA2,0x00,0x63,0xEB,0x73,0xBA,0x71,0xC8,0x49, + 0x27,0x23,0x97,0x64,0x85,0x9E,0x38,0x0E,0xAD,0x63,0x68,0x3C,0xBA,0x52,0x81,0x58, + 0x79,0xA3,0x2C,0x0C,0xDF,0xDE,0x6D,0xEB,0x31,0xF2,0xBA,0xA0,0x7C,0x6C,0xF1,0x2C, + 0xD4,0xE1,0xBD,0x77,0x84,0x37,0x03,0xCE,0x32,0xB5,0xC8,0x9A,0x81,0x1A,0x4A,0x92, + 0x4E,0x3B,0x46,0x9A,0x85,0xFE,0x83,0xA2,0xF9,0x9E,0x8C,0xA3,0xCC,0x0D,0x5E,0xB3, + 0x3D,0xCF,0x04,0x78,0x8F,0x14,0x14,0x7B,0x32,0x9C,0xC7,0x00,0xA6,0x5C,0xC4,0xB5, + 0xA1,0x55,0x8D,0x5A,0x56,0x68,0xA4,0x22,0x70,0xAA,0x3C,0x81,0x71,0xD9,0x9D,0xA8, + 0x45,0x3B,0xF4,0xE5,0xF6,0xA2,0x51,0xDD,0xC7,0x7B,0x62,0xE8,0x6F,0x0C,0x74,0xEB, + 0xB8,0xDA,0xF8,0xBF,0x87,0x0D,0x79,0x50,0x91,0x90,0x9B,0x18,0x3B,0x91,0x59,0x27, + 0xF1,0x35,0x28,0x13,0xAB,0x26,0x7E,0xD5,0xF7,0x7A, +}; + +/* subject:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA */ +/* issuer :/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA */ +static const uint8_t _ocsp_c2[]= { + 0x30,0x82,0x03,0xC5,0x30,0x82,0x02,0xAD,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x02, + 0xAC,0x5C,0x26,0x6A,0x0B,0x40,0x9B,0x8F,0x0B,0x79,0xF2,0xAE,0x46,0x25,0x77,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x6C, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30, + 0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74, + 0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77, + 0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31, + 0x2B,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x44,0x69,0x67,0x69,0x43,0x65, + 0x72,0x74,0x20,0x48,0x69,0x67,0x68,0x20,0x41,0x73,0x73,0x75,0x72,0x61,0x6E,0x63, + 0x65,0x20,0x45,0x56,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D, + 0x30,0x36,0x31,0x31,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x33, + 0x31,0x31,0x31,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x30,0x6C,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30,0x13,0x06, + 0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x20,0x49, + 0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77,0x77,0x77, + 0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31,0x2B,0x30, + 0x29,0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74, + 0x20,0x48,0x69,0x67,0x68,0x20,0x41,0x73,0x73,0x75,0x72,0x61,0x6E,0x63,0x65,0x20, + 0x45,0x56,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D, + 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01, + 0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xC6,0xCC,0xE5,0x73,0xE6, + 0xFB,0xD4,0xBB,0xE5,0x2D,0x2D,0x32,0xA6,0xDF,0xE5,0x81,0x3F,0xC9,0xCD,0x25,0x49, + 0xB6,0x71,0x2A,0xC3,0xD5,0x94,0x34,0x67,0xA2,0x0A,0x1C,0xB0,0x5F,0x69,0xA6,0x40, + 0xB1,0xC4,0xB7,0xB2,0x8F,0xD0,0x98,0xA4,0xA9,0x41,0x59,0x3A,0xD3,0xDC,0x94,0xD6, + 0x3C,0xDB,0x74,0x38,0xA4,0x4A,0xCC,0x4D,0x25,0x82,0xF7,0x4A,0xA5,0x53,0x12,0x38, + 0xEE,0xF3,0x49,0x6D,0x71,0x91,0x7E,0x63,0xB6,0xAB,0xA6,0x5F,0xC3,0xA4,0x84,0xF8, + 0x4F,0x62,0x51,0xBE,0xF8,0xC5,0xEC,0xDB,0x38,0x92,0xE3,0x06,0xE5,0x08,0x91,0x0C, + 0xC4,0x28,0x41,0x55,0xFB,0xCB,0x5A,0x89,0x15,0x7E,0x71,0xE8,0x35,0xBF,0x4D,0x72, + 0x09,0x3D,0xBE,0x3A,0x38,0x50,0x5B,0x77,0x31,0x1B,0x8D,0xB3,0xC7,0x24,0x45,0x9A, + 0xA7,0xAC,0x6D,0x00,0x14,0x5A,0x04,0xB7,0xBA,0x13,0xEB,0x51,0x0A,0x98,0x41,0x41, + 0x22,0x4E,0x65,0x61,0x87,0x81,0x41,0x50,0xA6,0x79,0x5C,0x89,0xDE,0x19,0x4A,0x57, + 0xD5,0x2E,0xE6,0x5D,0x1C,0x53,0x2C,0x7E,0x98,0xCD,0x1A,0x06,0x16,0xA4,0x68,0x73, + 0xD0,0x34,0x04,0x13,0x5C,0xA1,0x71,0xD3,0x5A,0x7C,0x55,0xDB,0x5E,0x64,0xE1,0x37, + 0x87,0x30,0x56,0x04,0xE5,0x11,0xB4,0x29,0x80,0x12,0xF1,0x79,0x39,0x88,0xA2,0x02, + 0x11,0x7C,0x27,0x66,0xB7,0x88,0xB7,0x78,0xF2,0xCA,0x0A,0xA8,0x38,0xAB,0x0A,0x64, + 0xC2,0xBF,0x66,0x5D,0x95,0x84,0xC1,0xA1,0x25,0x1E,0x87,0x5D,0x1A,0x50,0x0B,0x20, + 0x12,0xCC,0x41,0xBB,0x6E,0x0B,0x51,0x38,0xB8,0x4B,0xCB,0x02,0x03,0x01,0x00,0x01, + 0xA3,0x63,0x30,0x61,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04, + 0x03,0x02,0x01,0x86,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05, + 0x30,0x03,0x01,0x01,0xFF,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14, + 0xB1,0x3E,0xC3,0x69,0x03,0xF8,0xBF,0x47,0x01,0xD4,0x98,0x26,0x1A,0x08,0x02,0xEF, + 0x63,0x64,0x2B,0xC3,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80, + 0x14,0xB1,0x3E,0xC3,0x69,0x03,0xF8,0xBF,0x47,0x01,0xD4,0x98,0x26,0x1A,0x08,0x02, + 0xEF,0x63,0x64,0x2B,0xC3,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, + 0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x1C,0x1A,0x06,0x97,0xDC,0xD7,0x9C, + 0x9F,0x3C,0x88,0x66,0x06,0x08,0x57,0x21,0xDB,0x21,0x47,0xF8,0x2A,0x67,0xAA,0xBF, + 0x18,0x32,0x76,0x40,0x10,0x57,0xC1,0x8A,0xF3,0x7A,0xD9,0x11,0x65,0x8E,0x35,0xFA, + 0x9E,0xFC,0x45,0xB5,0x9E,0xD9,0x4C,0x31,0x4B,0xB8,0x91,0xE8,0x43,0x2C,0x8E,0xB3, + 0x78,0xCE,0xDB,0xE3,0x53,0x79,0x71,0xD6,0xE5,0x21,0x94,0x01,0xDA,0x55,0x87,0x9A, + 0x24,0x64,0xF6,0x8A,0x66,0xCC,0xDE,0x9C,0x37,0xCD,0xA8,0x34,0xB1,0x69,0x9B,0x23, + 0xC8,0x9E,0x78,0x22,0x2B,0x70,0x43,0xE3,0x55,0x47,0x31,0x61,0x19,0xEF,0x58,0xC5, + 0x85,0x2F,0x4E,0x30,0xF6,0xA0,0x31,0x16,0x23,0xC8,0xE7,0xE2,0x65,0x16,0x33,0xCB, + 0xBF,0x1A,0x1B,0xA0,0x3D,0xF8,0xCA,0x5E,0x8B,0x31,0x8B,0x60,0x08,0x89,0x2D,0x0C, + 0x06,0x5C,0x52,0xB7,0xC4,0xF9,0x0A,0x98,0xD1,0x15,0x5F,0x9F,0x12,0xBE,0x7C,0x36, + 0x63,0x38,0xBD,0x44,0xA4,0x7F,0xE4,0x26,0x2B,0x0A,0xC4,0x97,0x69,0x0D,0xE9,0x8C, + 0xE2,0xC0,0x10,0x57,0xB8,0xC8,0x76,0x12,0x91,0x55,0xF2,0x48,0x69,0xD8,0xBC,0x2A, + 0x02,0x5B,0x0F,0x44,0xD4,0x20,0x31,0xDB,0xF4,0xBA,0x70,0x26,0x5D,0x90,0x60,0x9E, + 0xBC,0x4B,0x17,0x09,0x2F,0xB4,0xCB,0x1E,0x43,0x68,0xC9,0x07,0x27,0xC1,0xD2,0x5C, + 0xF7,0xEA,0x21,0xB9,0x68,0x12,0x9C,0x3C,0x9C,0xBF,0x9E,0xFC,0x80,0x5C,0x9B,0x63, + 0xCD,0xEC,0x47,0xAA,0x25,0x27,0x67,0xA0,0x37,0xF3,0x00,0x82,0x7D,0x54,0xD7,0xA9, + 0xF8,0xE9,0x2E,0x13,0xA3,0x77,0xE8,0x1F,0x4A, +}; + +/* subject:/CN=Apple IST CA 2 OCSP Responder NL01/O=Apple Inc./C=US */ +/* issuer :/CN=Apple IST CA 2 - G1/OU=Certification Authority/O=Apple Inc./C=US */ +static const uint8_t _responderCert[]= { + 0x30,0x82,0x03,0xBB,0x30,0x82,0x02,0xA3,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x5B, + 0x1B,0xA7,0xF8,0x9D,0xF4,0x7B,0x7C,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x62,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04, + 0x03,0x13,0x13,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x53,0x54,0x20,0x43,0x41,0x20, + 0x32,0x20,0x2D,0x20,0x47,0x31,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x13, + 0x17,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41, + 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, + 0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30, + 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,0x31,0x38, + 0x30,0x38,0x31,0x31,0x30,0x30,0x34,0x36,0x35,0x33,0x5A,0x17,0x0D,0x31,0x38,0x30, + 0x39,0x32,0x32,0x30,0x30,0x34,0x36,0x35,0x33,0x5A,0x30,0x4F,0x31,0x2B,0x30,0x29, + 0x06,0x03,0x55,0x04,0x03,0x0C,0x22,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x53,0x54, + 0x20,0x43,0x41,0x20,0x32,0x20,0x4F,0x43,0x53,0x50,0x20,0x52,0x65,0x73,0x70,0x6F, + 0x6E,0x64,0x65,0x72,0x20,0x4E,0x4C,0x30,0x31,0x31,0x13,0x30,0x11,0x06,0x03,0x55, + 0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82, + 0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA5,0x35,0xB2,0xC4, + 0xF2,0xAB,0x4C,0xFE,0xAA,0x5D,0xC7,0x23,0x52,0x68,0x42,0xC7,0x77,0x27,0x78,0x4E, + 0x80,0xFD,0x06,0xA3,0x51,0xA2,0x4F,0xF7,0x7A,0xD0,0x19,0x78,0xFD,0xEA,0x94,0xD8, + 0xE3,0x0C,0x3C,0x50,0x17,0x30,0xDB,0x84,0x38,0x13,0xE1,0xCF,0x6C,0xA0,0x1F,0x01, + 0xC7,0x12,0xC7,0x96,0x64,0x09,0x45,0x2F,0xA2,0x83,0xFE,0x4E,0x2C,0xF2,0x39,0x6F, + 0x20,0x34,0x6D,0xEC,0xBE,0xF9,0x86,0xA3,0xEF,0x40,0x1B,0x61,0x2D,0xE1,0xA4,0xB9, + 0xD4,0x3E,0x8E,0x65,0x7B,0x2F,0x26,0xD5,0x54,0xA6,0x12,0xC7,0x50,0xC8,0x89,0x94, + 0x86,0xFA,0x41,0x48,0xCF,0xE2,0xF1,0xF8,0xF2,0x0E,0xCC,0x25,0x43,0x0C,0x66,0x85, + 0xDC,0x88,0xA0,0x76,0x90,0x45,0xFC,0x4E,0x95,0x8F,0xA2,0x17,0x2F,0xAF,0x7C,0x41, + 0x59,0xA0,0xA1,0x36,0x98,0x18,0x20,0x4D,0x07,0xF5,0x7F,0xD1,0x66,0x65,0xC6,0x74, + 0xEA,0xBE,0xB8,0x20,0x88,0x29,0x27,0x5D,0x06,0x55,0xD0,0xB2,0x11,0xAF,0x52,0x58, + 0xD1,0x8A,0x57,0x6E,0x85,0x8D,0x0C,0xBD,0x6A,0xD3,0x87,0x09,0xF6,0x0F,0x07,0x7B, + 0x5C,0x8F,0x96,0x16,0xB5,0x89,0xB7,0x63,0xC4,0x33,0xDA,0x67,0x63,0xA3,0xC4,0x4B, + 0x73,0xEF,0x57,0x96,0x4F,0x15,0x2F,0x1B,0xF7,0x8E,0x35,0x24,0x18,0x68,0x87,0x16, + 0x0A,0x76,0x71,0x8B,0x94,0x11,0xB9,0xCC,0x02,0x97,0x2D,0x6F,0x94,0x00,0x1A,0x31, + 0xA6,0x9A,0x6B,0x4A,0xD3,0x64,0xB0,0x0F,0xA2,0xB0,0x5E,0xC0,0x2A,0x13,0xD6,0x7C, + 0x90,0xA6,0x5C,0xEE,0x7F,0x78,0xCA,0x7F,0x62,0x2F,0xF9,0x47,0x02,0x03,0x01,0x00, + 0x01,0xA3,0x81,0x87,0x30,0x81,0x84,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01, + 0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16, + 0x80,0x14,0xD8,0x7A,0x94,0x44,0x7C,0x90,0x70,0x90,0x16,0x9E,0xDD,0x17,0x9C,0x01, + 0x44,0x03,0x86,0xD6,0x2A,0x29,0x30,0x0F,0x06,0x09,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x30,0x01,0x05,0x04,0x02,0x05,0x00,0x30,0x13,0x06,0x03,0x55,0x1D,0x25,0x04,0x0C, + 0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,0x30,0x1D,0x06,0x03, + 0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x75,0xDB,0x74,0x13,0x4A,0xCB,0xCB,0x5A,0x6B, + 0x78,0x40,0x5A,0x81,0x67,0x42,0xA5,0xD9,0xD0,0x4E,0x38,0x30,0x0E,0x06,0x03,0x55, + 0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x07,0x80,0x30,0x0D,0x06,0x09,0x2A, + 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x3A, + 0x7E,0x84,0xE2,0x58,0xED,0x07,0xDD,0xE5,0xBD,0x5E,0x88,0x55,0x06,0x23,0x16,0x20, + 0xD1,0x85,0x89,0x60,0x83,0x19,0x21,0x04,0x9C,0x57,0xFE,0x91,0x30,0xBD,0x7C,0x83, + 0x45,0xA3,0xA1,0x11,0x0A,0x29,0xCF,0x6C,0x55,0x47,0xC3,0x7B,0x8C,0xEE,0x43,0xFE, + 0x42,0x0F,0xE6,0xCE,0xC7,0x24,0xAF,0x21,0x2E,0xC7,0xFD,0xFA,0xBA,0x7E,0xCE,0xA3, + 0x9D,0x92,0x5B,0x54,0x4C,0x4F,0x14,0x55,0xD6,0x5F,0xB0,0xB0,0x73,0xFD,0x78,0x61, + 0xDC,0xF6,0xA1,0xB6,0xFF,0xAF,0x3B,0x49,0x6F,0x62,0x95,0xD0,0x4E,0xA9,0x3F,0xE8, + 0x5C,0xCD,0x36,0xEA,0xED,0x57,0x04,0x32,0xB6,0xB0,0x91,0xDC,0x32,0xA6,0xC7,0x84, + 0x9C,0x3F,0x24,0x3A,0x64,0x56,0x62,0xA2,0x02,0x15,0xC9,0x63,0x96,0x8E,0x6C,0xF5, + 0x3E,0xB1,0xE4,0x3C,0x79,0x63,0xE0,0x94,0xE8,0xD0,0x73,0x31,0x7B,0x3C,0x99,0x66, + 0x82,0x2D,0x47,0x49,0x22,0x33,0xD4,0xD1,0x80,0x35,0xF1,0xB1,0xFD,0x01,0x92,0x07, + 0x6B,0x1E,0xF1,0xD0,0x02,0x84,0x24,0xD6,0xDF,0x2F,0x10,0x06,0x0F,0x36,0x5D,0x4B, + 0x1A,0xE3,0xDB,0x1F,0x8C,0x54,0x07,0x63,0x41,0x9E,0x74,0x6E,0x6F,0x9D,0xCE,0xCC, + 0x36,0x7B,0xE0,0xC5,0xCB,0x04,0x12,0xFF,0xF3,0x09,0xD7,0x36,0x5D,0x09,0xD0,0xCD, + 0xF2,0x73,0xAA,0x10,0x5D,0x0D,0xC2,0x12,0x21,0x00,0x89,0xE5,0x34,0x17,0x6C,0x76, + 0xE2,0x2F,0xDA,0xBD,0xCA,0xFB,0x9D,0xF2,0x1C,0x3B,0x62,0xCA,0xC0,0x97,0x82,0x54, + 0x92,0x4E,0x0C,0xD0,0x3B,0x79,0xD0,0x41,0x29,0x84,0xF5,0x75,0x40,0xB4,0xE8, +}; + +static unsigned char valid_ist_certificate[] = { + 0x30,0x82,0x08,0x51,0x30,0x82,0x07,0x39,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x3A, + 0xFC,0x35,0x65,0x26,0x40,0x12,0xAF,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x62,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04, + 0x03,0x13,0x13,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x53,0x54,0x20,0x43,0x41,0x20, + 0x32,0x20,0x2D,0x20,0x47,0x31,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x13, + 0x17,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41, + 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, + 0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30, + 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,0x31,0x38, + 0x30,0x37,0x31,0x36,0x32,0x32,0x31,0x31,0x30,0x38,0x5A,0x17,0x0D,0x32,0x30,0x30, + 0x38,0x31,0x34,0x32,0x32,0x31,0x31,0x30,0x38,0x5A,0x30,0x79,0x31,0x18,0x30,0x16, + 0x06,0x03,0x55,0x04,0x03,0x0C,0x0F,0x76,0x61,0x6C,0x69,0x64,0x2E,0x61,0x70,0x70, + 0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x0C, + 0x1D,0x6D,0x61,0x6E,0x61,0x67,0x65,0x6D,0x65,0x6E,0x74,0x3A,0x69,0x64,0x6D,0x73, + 0x2E,0x67,0x72,0x6F,0x75,0x70,0x2E,0x31,0x32,0x30,0x38,0x39,0x32,0x30,0x31,0x13, + 0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49, + 0x6E,0x63,0x2E,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61, + 0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04, + 0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01, + 0x0A,0x02,0x82,0x01,0x01,0x00,0xC7,0x5F,0xAC,0x4A,0xAC,0x71,0xFC,0xF1,0x80,0x8D, + 0x57,0xA1,0xDC,0x3B,0x48,0x4F,0x02,0x83,0xBA,0xE0,0x57,0x36,0xAB,0x53,0xB5,0x14, + 0x47,0x8F,0x87,0x24,0xA6,0x7A,0x40,0x5C,0xC3,0x28,0x6E,0x29,0x6D,0x54,0x35,0x89, + 0x79,0xA9,0x12,0xF3,0xD7,0x0A,0x4E,0xBE,0xC7,0xFB,0x75,0xF3,0x1B,0x92,0x6D,0x3F, + 0x7B,0xCC,0x72,0x63,0xF5,0xE8,0x57,0xC8,0xD2,0x7A,0x36,0x98,0x6E,0x61,0x0F,0x48, + 0xD1,0xC3,0x37,0xA4,0xB9,0x94,0x1C,0x66,0x18,0x75,0x97,0x34,0xED,0xFA,0x96,0x00, + 0x24,0x1A,0x8D,0x2E,0xFB,0x98,0x48,0x85,0xA5,0x73,0x9E,0xED,0x7D,0x8E,0x3C,0xCF, + 0xED,0xE9,0xE1,0x5F,0x1C,0x36,0xFF,0x20,0x2D,0x62,0x5C,0x0E,0x3D,0xCC,0x6E,0x3D, + 0xDB,0xF8,0x5A,0x8A,0x5A,0x2A,0x75,0xDC,0x09,0xC4,0x21,0x45,0x55,0x04,0xE3,0xEC, + 0x20,0xF0,0x5E,0xE3,0xC7,0x1A,0xD3,0x16,0x78,0x07,0xF1,0x65,0xF3,0xAD,0xB5,0x68, + 0x4B,0x0E,0x5D,0xA9,0x37,0xEA,0x58,0xAA,0x19,0x1F,0xF4,0xB4,0xF3,0x01,0xB0,0xE0, + 0xDC,0x25,0x4D,0x8A,0x2E,0xB1,0xC4,0xD3,0xE6,0x05,0x9E,0x23,0x8B,0x1E,0x8B,0xD0, + 0x14,0xA1,0x7E,0xC7,0x98,0xF1,0x68,0x9C,0x2D,0x10,0xDE,0xF9,0x79,0x14,0x3E,0x98, + 0x73,0x19,0x94,0x4B,0x4A,0xF7,0x52,0xDA,0x4D,0x98,0x26,0xAC,0xB2,0x76,0x1A,0x71, + 0xB5,0xFA,0x0D,0xE8,0x93,0xEB,0x92,0xF8,0x77,0x82,0xE5,0xE9,0xD4,0x07,0x8C,0xFD, + 0x20,0x8D,0xA0,0x25,0xD2,0x8A,0x6F,0xE2,0x33,0xA7,0x24,0x56,0x14,0x30,0x29,0x9D, + 0x6B,0xAB,0x2A,0x33,0xF9,0xD3,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x04,0xF2,0x30, + 0x82,0x04,0xEE,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30, + 0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xD8,0x7A, + 0x94,0x44,0x7C,0x90,0x70,0x90,0x16,0x9E,0xDD,0x17,0x9C,0x01,0x44,0x03,0x86,0xD6, + 0x2A,0x29,0x30,0x7E,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x72, + 0x30,0x70,0x30,0x34,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x28, + 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x73,0x2E,0x61,0x70,0x70, + 0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,0x70,0x6C,0x65,0x69,0x73,0x74,0x63, + 0x61,0x32,0x67,0x31,0x2E,0x64,0x65,0x72,0x30,0x38,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x30,0x01,0x86,0x2C,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73, + 0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x6F,0x63,0x73,0x70, + 0x30,0x33,0x2D,0x61,0x70,0x70,0x6C,0x65,0x69,0x73,0x74,0x63,0x61,0x32,0x67,0x31, + 0x32,0x30,0x30,0x43,0x06,0x03,0x55,0x1D,0x11,0x04,0x3C,0x30,0x3A,0x82,0x0F,0x76, + 0x61,0x6C,0x69,0x64,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x13, + 0x76,0x61,0x6C,0x69,0x64,0x2D,0x75,0x61,0x74,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E, + 0x63,0x6F,0x6D,0x82,0x12,0x76,0x61,0x6C,0x69,0x64,0x2D,0x71,0x61,0x2E,0x61,0x70, + 0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x81,0xFF,0x06,0x03,0x55,0x1D,0x20,0x04, + 0x81,0xF7,0x30,0x81,0xF4,0x30,0x81,0xF1,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63, + 0x64,0x05,0x0B,0x04,0x30,0x81,0xE2,0x30,0x81,0xA4,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x02,0x02,0x30,0x81,0x97,0x0C,0x81,0x94,0x52,0x65,0x6C,0x69,0x61,0x6E, + 0x63,0x65,0x20,0x6F,0x6E,0x20,0x74,0x68,0x69,0x73,0x20,0x63,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x62,0x79,0x20,0x61,0x6E,0x79,0x20,0x70,0x61, + 0x72,0x74,0x79,0x20,0x61,0x73,0x73,0x75,0x6D,0x65,0x73,0x20,0x61,0x63,0x63,0x65, + 0x70,0x74,0x61,0x6E,0x63,0x65,0x20,0x6F,0x66,0x20,0x61,0x6E,0x79,0x20,0x61,0x70, + 0x70,0x6C,0x69,0x63,0x61,0x62,0x6C,0x65,0x20,0x74,0x65,0x72,0x6D,0x73,0x20,0x61, + 0x6E,0x64,0x20,0x63,0x6F,0x6E,0x64,0x69,0x74,0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66, + 0x20,0x75,0x73,0x65,0x20,0x61,0x6E,0x64,0x2F,0x6F,0x72,0x20,0x63,0x65,0x72,0x74, + 0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x70,0x72,0x61,0x63,0x74,0x69, + 0x63,0x65,0x20,0x73,0x74,0x61,0x74,0x65,0x6D,0x65,0x6E,0x74,0x73,0x2E,0x30,0x39, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x2D,0x68,0x74,0x74,0x70, + 0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D, + 0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x61,0x75,0x74,0x68, + 0x6F,0x72,0x69,0x74,0x79,0x2F,0x72,0x70,0x61,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25, + 0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x37,0x06,0x03,0x55,0x1D,0x1F,0x04, + 0x30,0x30,0x2E,0x30,0x2C,0xA0,0x2A,0xA0,0x28,0x86,0x26,0x68,0x74,0x74,0x70,0x3A, + 0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F, + 0x61,0x70,0x70,0x6C,0x65,0x69,0x73,0x74,0x63,0x61,0x32,0x67,0x31,0x2E,0x63,0x72, + 0x6C,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x55,0xF7,0x8E,0xC8, + 0x40,0x19,0x7D,0x8B,0x19,0x80,0xA5,0xF5,0xC6,0x44,0x75,0x8A,0x04,0x1E,0x7D,0x48, + 0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0, + 0x30,0x82,0x02,0x6D,0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02, + 0x04,0x82,0x02,0x5D,0x04,0x82,0x02,0x59,0x02,0x57,0x00,0x75,0x00,0xBB,0xD9,0xDF, + 0xBC,0x1F,0x8A,0x71,0xB5,0x93,0x94,0x23,0x97,0xAA,0x92,0x7B,0x47,0x38,0x57,0x95, + 0x0A,0xAB,0x52,0xE8,0x1A,0x90,0x96,0x64,0x36,0x8E,0x1E,0xD1,0x85,0x00,0x00,0x01, + 0x64,0xA5,0x2E,0xD8,0xFD,0x00,0x00,0x04,0x03,0x00,0x46,0x30,0x44,0x02,0x20,0x3E, + 0xD8,0xAB,0x26,0x35,0xFC,0xAC,0xE8,0x97,0xE8,0x84,0x28,0x73,0x0D,0xFB,0x6F,0x7B, + 0x02,0xF6,0x8E,0xB8,0xD1,0xAC,0xF3,0x9C,0xDF,0x37,0x2E,0x42,0x53,0x6B,0x3A,0x02, + 0x20,0x73,0x9A,0xED,0x05,0x2C,0x5C,0xDD,0x5A,0x60,0x2D,0xF9,0xB3,0x5C,0x7B,0xB3, + 0x95,0x0F,0xF1,0x21,0xD3,0xB5,0x1C,0x40,0xBC,0x50,0x79,0xE2,0xF3,0x19,0x89,0xAC, + 0xE7,0x00,0x75,0x00,0x56,0x14,0x06,0x9A,0x2F,0xD7,0xC2,0xEC,0xD3,0xF5,0xE1,0xBD, + 0x44,0xB2,0x3E,0xC7,0x46,0x76,0xB9,0xBC,0x99,0x11,0x5C,0xC0,0xEF,0x94,0x98,0x55, + 0xD6,0x89,0xD0,0xDD,0x00,0x00,0x01,0x64,0xA5,0x2E,0xD9,0xA9,0x00,0x00,0x04,0x03, + 0x00,0x46,0x30,0x44,0x02,0x20,0x2E,0x5B,0x93,0xD3,0xCA,0x9A,0x1E,0x80,0xC3,0x50, + 0x1C,0xC1,0x37,0x6B,0x11,0x76,0x34,0xE8,0xE3,0xC7,0x8D,0x17,0xD0,0x4D,0x2E,0xA7, + 0xD9,0x98,0x6E,0x15,0x3A,0xC3,0x02,0x20,0x18,0x2B,0xD6,0x7A,0x11,0x46,0xC0,0xE1, + 0x99,0xDA,0x51,0x9C,0xBA,0xC5,0xC3,0x4C,0x3F,0x9A,0xB2,0xD1,0xDA,0xB7,0x6B,0x69, + 0x33,0x81,0x23,0x46,0x6F,0x54,0xFF,0x3F,0x00,0x76,0x00,0xEE,0x4B,0xBD,0xB7,0x75, + 0xCE,0x60,0xBA,0xE1,0x42,0x69,0x1F,0xAB,0xE1,0x9E,0x66,0xA3,0x0F,0x7E,0x5F,0xB0, + 0x72,0xD8,0x83,0x00,0xC4,0x7B,0x89,0x7A,0xA8,0xFD,0xCB,0x00,0x00,0x01,0x64,0xA5, + 0x2E,0xD9,0x25,0x00,0x00,0x04,0x03,0x00,0x47,0x30,0x45,0x02,0x20,0x5E,0x30,0x51, + 0x55,0x80,0x59,0xEA,0x60,0x45,0x10,0x9D,0x8E,0x61,0x07,0x34,0xD4,0xC2,0x08,0x46, + 0xEB,0xAC,0x4A,0xC3,0x72,0xC6,0x04,0x8E,0xF4,0x5D,0xF6,0xAF,0x51,0x02,0x21,0x00, + 0xC0,0x20,0xF0,0x01,0x1F,0x74,0xD4,0x33,0x24,0xE3,0x70,0xB3,0x80,0x47,0xE9,0x8A, + 0xB6,0x47,0xE4,0x65,0xA4,0x98,0x8D,0x6A,0xD8,0x75,0xE4,0xFE,0xC7,0x7A,0x89,0x5E, + 0x00,0x77,0x00,0x55,0x81,0xD4,0xC2,0x16,0x90,0x36,0x01,0x4A,0xEA,0x0B,0x9B,0x57, + 0x3C,0x53,0xF0,0xC0,0xE4,0x38,0x78,0x70,0x25,0x08,0x17,0x2F,0xA3,0xAA,0x1D,0x07, + 0x13,0xD3,0x0C,0x00,0x00,0x01,0x64,0xA5,0x2E,0xD9,0x74,0x00,0x00,0x04,0x03,0x00, + 0x48,0x30,0x46,0x02,0x21,0x00,0x94,0x79,0x39,0x0B,0x5F,0x59,0x89,0x4D,0xD4,0x09, + 0x28,0xB4,0xE1,0x07,0xC0,0x58,0xDC,0xA3,0x86,0x07,0x68,0x29,0x02,0xDA,0x86,0xE6, + 0x70,0xBE,0x32,0xB7,0xC6,0x33,0x02,0x21,0x00,0xA6,0x72,0x28,0x8B,0xC9,0x61,0xC4, + 0xFB,0x53,0x98,0x8F,0x99,0x3F,0x92,0x7E,0x06,0x21,0x10,0xA1,0x58,0x1D,0x28,0x44, + 0x80,0x29,0x91,0xC2,0xE6,0xBB,0xCE,0xCC,0x0E,0x00,0x76,0x00,0x87,0x75,0xBF,0xE7, + 0x59,0x7C,0xF8,0x8C,0x43,0x99,0x5F,0xBD,0xF3,0x6E,0xFF,0x56,0x8D,0x47,0x56,0x36, + 0xFF,0x4A,0xB5,0x60,0xC1,0xB4,0xEA,0xFF,0x5E,0xA0,0x83,0x0F,0x00,0x00,0x01,0x64, + 0xA5,0x2E,0xD9,0x12,0x00,0x00,0x04,0x03,0x00,0x47,0x30,0x45,0x02,0x20,0x37,0x9C, + 0x18,0xFC,0x24,0x63,0xAD,0x19,0xD6,0xA2,0x82,0xD9,0x47,0x82,0xAE,0x94,0x66,0x97, + 0xE4,0x73,0xCC,0x36,0x40,0x8A,0x6F,0xA5,0xAA,0x3C,0x99,0x92,0x8D,0x8F,0x02,0x21, + 0x00,0xF4,0x44,0x4A,0x8D,0x3A,0x18,0x31,0xDA,0xF5,0xDD,0xF4,0x37,0x4F,0xB3,0x1D, + 0xF6,0x15,0xBD,0x8B,0xF5,0x75,0x53,0x12,0x35,0xE5,0xD5,0x4D,0x08,0x0E,0xA7,0xC2, + 0x69,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00, + 0x03,0x82,0x01,0x01,0x00,0x8F,0x46,0xED,0x04,0x6F,0xED,0xF7,0xAA,0xB9,0xE3,0x29, + 0xF7,0x4A,0x9F,0x69,0xEB,0xB2,0x61,0xD0,0x37,0x68,0x8F,0xC8,0xCF,0xB2,0x4F,0x1F, + 0x02,0x3E,0xF3,0x78,0x38,0x67,0xDB,0xD1,0xFA,0x60,0x16,0x70,0xDD,0xB7,0x44,0x12, + 0x54,0x0A,0x8C,0x3E,0xEC,0xF2,0xE9,0xBC,0x78,0x11,0x8D,0x7F,0x44,0x16,0xF0,0x87, + 0xD6,0xD8,0xA2,0x65,0xBC,0x11,0x32,0x4A,0xED,0xA9,0xF9,0xD7,0xB6,0xF7,0x9B,0x0F, + 0xFF,0x82,0x06,0x12,0x04,0x77,0xB9,0x13,0x08,0xAB,0x98,0x5D,0x07,0x04,0x7C,0xDC, + 0x43,0x1E,0x86,0x16,0x8C,0xF7,0xB2,0x67,0x42,0x65,0x43,0x40,0x9B,0x1F,0xC6,0x97, + 0x18,0x41,0xCF,0x2F,0xA9,0xC8,0x4D,0x57,0x4E,0x84,0x28,0x0F,0xC9,0x3A,0xEF,0xB6, + 0x3D,0x9C,0xE9,0x96,0x12,0xFA,0xF2,0x35,0xA0,0xF1,0xDB,0x9D,0x0A,0x65,0x23,0xBB, + 0xC9,0x38,0xCC,0x39,0x7E,0x6B,0x17,0x80,0x48,0xF1,0xAC,0xF3,0x12,0x33,0x7B,0xBE, + 0x5E,0x7B,0xC4,0x8D,0xC6,0xB9,0x9B,0x85,0x0A,0x8A,0x52,0x4F,0x5E,0xC7,0x1F,0x12, + 0xDB,0xA5,0xBA,0x33,0x9E,0xA2,0x3A,0x9E,0x11,0x82,0x4E,0x42,0x0E,0x3F,0x82,0xDF, + 0x36,0x91,0xF7,0x24,0xB6,0xFC,0x6D,0x00,0x19,0xF2,0xD0,0x31,0x70,0x1F,0xED,0xE6, + 0x37,0xED,0x1D,0xB3,0xDB,0x06,0x01,0x90,0x0E,0x95,0x9B,0xD6,0x34,0x5F,0xFA,0xE6, + 0xD1,0x34,0xA6,0xD9,0x61,0x63,0x3E,0x2D,0x59,0x7B,0xD4,0xA5,0x9E,0x3F,0xFE,0xFE, + 0x58,0xC9,0x60,0xAE,0xA4,0xC2,0xCB,0xA6,0x50,0x9D,0x50,0xDB,0x38,0x80,0x2F,0xC9, + 0x2A,0xC5,0xEF,0x98,0xCF, +}; + +static unsigned char revoked_ist_certificate[1515]={ + 0x30,0x82,0x05,0xE7,0x30,0x82,0x04,0xCF,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x7F, + 0x00,0xCE,0x8A,0xD6,0x3F,0x5B,0x34,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x62,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04, + 0x03,0x13,0x13,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x53,0x54,0x20,0x43,0x41,0x20, + 0x32,0x20,0x2D,0x20,0x47,0x31,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x13, + 0x17,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41, + 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, + 0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30, + 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,0x31,0x34, + 0x31,0x31,0x32,0x38,0x31,0x35,0x30,0x36,0x31,0x34,0x5A,0x17,0x0D,0x31,0x36,0x31, + 0x32,0x32,0x37,0x31,0x35,0x30,0x36,0x31,0x34,0x5A,0x30,0x81,0xAB,0x31,0x4B,0x30, + 0x49,0x06,0x03,0x55,0x04,0x03,0x0C,0x42,0x72,0x65,0x76,0x6F,0x6B,0x65,0x64,0x2E, + 0x67,0x65,0x6F,0x74,0x72,0x75,0x73,0x74,0x2D,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x2D, + 0x63,0x61,0x2E,0x74,0x65,0x73,0x74,0x2D,0x70,0x61,0x67,0x65,0x73,0x2E,0x63,0x65, + 0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x6D,0x61,0x6E,0x61,0x67,0x65,0x72, + 0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x25,0x30,0x23,0x06,0x03, + 0x55,0x04,0x0B,0x0C,0x1C,0x6D,0x61,0x6E,0x61,0x67,0x65,0x6D,0x65,0x6E,0x74,0x3A, + 0x69,0x64,0x6D,0x73,0x2E,0x67,0x72,0x6F,0x75,0x70,0x2E,0x31,0x37,0x36,0x33,0x39, + 0x39,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C, + 0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C, + 0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09, + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00, + 0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA9,0xD7,0xE0,0x65,0x48,0x36,0x8A, + 0x4B,0x6C,0xBB,0x16,0xAF,0xFD,0x09,0xA5,0x9C,0x30,0xDA,0xC5,0x9B,0x3D,0xD6,0xB4, + 0x8E,0x6B,0xC2,0xF4,0xBF,0x30,0xA7,0xCC,0xF7,0xA1,0x23,0x58,0xA0,0x16,0xE8,0x31, + 0x5F,0xE7,0xD2,0x21,0x3D,0x24,0x3D,0xF4,0x1E,0x82,0x46,0x45,0xA0,0xB8,0x2E,0xD7, + 0xB6,0x86,0xD3,0x2A,0xBC,0x93,0x74,0x44,0xAB,0x1C,0x9F,0x86,0xBF,0x19,0xCE,0xA4, + 0xD0,0xC9,0xB9,0x65,0x84,0x89,0x87,0xDE,0x77,0xDC,0xAE,0x85,0xA9,0xDE,0x5A,0xCF, + 0xAF,0x46,0x80,0x45,0x72,0x68,0x87,0x55,0x5B,0x4D,0x49,0xE2,0x7B,0x25,0x31,0x22, + 0x00,0x87,0xAB,0x72,0xEB,0x9A,0x2D,0x81,0x35,0x0E,0x76,0x82,0x5C,0x99,0x10,0xFB, + 0xD6,0x3F,0x29,0xE8,0xFD,0x2E,0xAD,0xF6,0xF8,0xCF,0xC1,0x99,0x5F,0xDA,0xC1,0xB3, + 0x90,0x70,0xA5,0x4B,0x23,0x4D,0xD6,0x1D,0xC9,0x73,0x27,0xD1,0xAE,0x38,0xA3,0xD0, + 0x71,0x92,0xFF,0x89,0xA8,0xE5,0x51,0x3E,0x2F,0xB6,0xB4,0x02,0x20,0x54,0x62,0xA0, + 0x69,0x6D,0xB6,0x10,0x8D,0xB7,0x13,0x2A,0x94,0x4E,0xED,0x73,0x8C,0x78,0x39,0xF6, + 0x04,0xC0,0xF8,0x7A,0x75,0x2D,0x1E,0x82,0x7E,0x55,0x7B,0xE7,0xA7,0xFA,0x6E,0xB1, + 0x53,0x81,0x75,0xB6,0x19,0xD8,0xD2,0xD3,0x8E,0x30,0x95,0x0D,0xD8,0xC9,0xBA,0x3F, + 0x70,0x23,0xC3,0x7B,0xE2,0x6E,0xA9,0xA8,0x91,0x69,0x89,0x8D,0xEA,0x64,0x5D,0x8E, + 0x49,0x43,0x30,0x99,0xBC,0x54,0x97,0xAC,0xEB,0x98,0x09,0x8C,0xE9,0xA7,0xE8,0xDC, + 0xFC,0xE4,0xBE,0x20,0xDA,0xA1,0x88,0xB6,0x99,0x02,0x03,0x01,0x00,0x01,0xA3,0x82, + 0x02,0x55,0x30,0x82,0x02,0x51,0x30,0x48,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x01,0x01,0x04,0x3C,0x30,0x3A,0x30,0x38,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x30,0x01,0x86,0x2C,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E, + 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x6F,0x63,0x73,0x70,0x30,0x34, + 0x2D,0x61,0x70,0x70,0x6C,0x65,0x69,0x73,0x74,0x63,0x61,0x32,0x67,0x31,0x30,0x31, + 0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x75,0x81,0x7F,0xDF,0xDE, + 0x90,0xE2,0xFB,0x67,0xA8,0x04,0xC9,0x82,0xE1,0x2A,0x13,0x08,0x3D,0xCE,0x8E,0x30, + 0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,0x06, + 0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xD8,0x7A,0x94,0x44,0x7C,0x90, + 0x70,0x90,0x16,0x9E,0xDD,0x17,0x9C,0x01,0x44,0x03,0x86,0xD6,0x2A,0x29,0x30,0x81, + 0xFF,0x06,0x03,0x55,0x1D,0x20,0x04,0x81,0xF7,0x30,0x81,0xF4,0x30,0x81,0xF1,0x06, + 0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x05,0x0B,0x04,0x30,0x81,0xE2,0x30,0x81, + 0xA4,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x81,0x97,0x0C,0x81, + 0x94,0x52,0x65,0x6C,0x69,0x61,0x6E,0x63,0x65,0x20,0x6F,0x6E,0x20,0x74,0x68,0x69, + 0x73,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x62,0x79, + 0x20,0x61,0x6E,0x79,0x20,0x70,0x61,0x72,0x74,0x79,0x20,0x61,0x73,0x73,0x75,0x6D, + 0x65,0x73,0x20,0x61,0x63,0x63,0x65,0x70,0x74,0x61,0x6E,0x63,0x65,0x20,0x6F,0x66, + 0x20,0x61,0x6E,0x79,0x20,0x61,0x70,0x70,0x6C,0x69,0x63,0x61,0x62,0x6C,0x65,0x20, + 0x74,0x65,0x72,0x6D,0x73,0x20,0x61,0x6E,0x64,0x20,0x63,0x6F,0x6E,0x64,0x69,0x74, + 0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20,0x61,0x6E,0x64,0x2F, + 0x6F,0x72,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E, + 0x20,0x70,0x72,0x61,0x63,0x74,0x69,0x63,0x65,0x20,0x73,0x74,0x61,0x74,0x65,0x6D, + 0x65,0x6E,0x74,0x73,0x2E,0x30,0x39,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02, + 0x01,0x16,0x2D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x61,0x70, + 0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63, + 0x61,0x74,0x65,0x61,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x2F,0x72,0x70,0x61, + 0x30,0x37,0x06,0x03,0x55,0x1D,0x1F,0x04,0x30,0x30,0x2E,0x30,0x2C,0xA0,0x2A,0xA0, + 0x28,0x86,0x26,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x61,0x70, + 0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,0x70,0x6C,0x65,0x69,0x73,0x74, + 0x63,0x61,0x32,0x67,0x31,0x2E,0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F, + 0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25, + 0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x4D,0x06,0x03,0x55,0x1D,0x11,0x04, + 0x46,0x30,0x44,0x82,0x42,0x72,0x65,0x76,0x6F,0x6B,0x65,0x64,0x2E,0x67,0x65,0x6F, + 0x74,0x72,0x75,0x73,0x74,0x2D,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x2D,0x63,0x61,0x2E, + 0x74,0x65,0x73,0x74,0x2D,0x70,0x61,0x67,0x65,0x73,0x2E,0x63,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x65,0x6D,0x61,0x6E,0x61,0x67,0x65,0x72,0x2E,0x61,0x70, + 0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0xC0,0x5B,0xA6,0xAF,0x2C, + 0x27,0xBA,0x49,0x8D,0x41,0xF6,0xC4,0x02,0xEE,0x9D,0xB1,0x48,0xC3,0x34,0x7B,0xF2, + 0xD2,0x82,0x49,0xA5,0x13,0x5A,0x66,0xAD,0xC9,0x73,0xBF,0x6B,0xC9,0x30,0x86,0xBA, + 0x7A,0xD2,0x9D,0x61,0xFE,0x04,0x07,0x15,0x66,0xC2,0x25,0xF7,0x6C,0x88,0xB1,0x0E, + 0x22,0x11,0xF9,0x26,0xA7,0x4E,0x88,0x96,0x20,0x99,0xA6,0x51,0xEE,0x02,0x96,0xC7, + 0xA4,0xCA,0xD4,0xAB,0xFC,0x5F,0x96,0x16,0x0D,0x8D,0xA0,0xA1,0x17,0x6E,0x77,0x92, + 0xC9,0x64,0xD9,0xA2,0x5A,0x00,0x08,0xA6,0x55,0x73,0x2C,0xDD,0xD3,0x0C,0xA5,0xCA, + 0x68,0x48,0xAE,0xCE,0x5F,0xF2,0x56,0x4A,0x66,0x57,0xB2,0x2D,0xB5,0xC6,0xFF,0x50, + 0xD8,0x36,0x9C,0x31,0x31,0xE8,0xB2,0x07,0xE2,0x7B,0xC0,0xCE,0x72,0xA4,0x60,0x91, + 0xBB,0x84,0xA7,0xA8,0xC0,0x1D,0x42,0xE8,0x1D,0xF5,0xD9,0x6B,0x85,0x67,0x23,0x20, + 0xA6,0xF8,0x0F,0xBA,0x83,0x63,0x49,0xE2,0x79,0x23,0x90,0xFF,0x6B,0xEF,0xFA,0xB4, + 0x04,0xA8,0x99,0x1E,0x5D,0x5A,0xCD,0x8C,0xBC,0x8E,0x30,0x41,0x7E,0xE7,0x4E,0xDB, + 0x6F,0x4E,0xB7,0xBA,0xE0,0x5B,0x31,0xC4,0xD2,0x2D,0xD3,0x5D,0x82,0x95,0x44,0x7D, + 0x11,0x60,0x75,0xCE,0x6D,0x12,0xDA,0x89,0x71,0x23,0x80,0x75,0xC0,0x13,0x67,0x27, + 0xE8,0xE8,0xCA,0xE0,0xE3,0xFC,0x72,0x23,0x98,0xFA,0xF0,0x96,0x05,0x23,0xC9,0x03, + 0xC8,0x29,0xA4,0xB1,0xE5,0x07,0xE6,0xE8,0x09,0x26,0xD1,0x8C,0xAF,0xE0,0x53,0xBB, + 0xB4,0x1E,0x4D,0x5E,0xEA,0x9A,0x1E,0xE9,0x42,0x87,0x9F, +}; + +static unsigned char ist_intermediate_certificate[1092]={ + 0x30,0x82,0x04,0x40,0x30,0x82,0x03,0x28,0xA0,0x03,0x02,0x01,0x02,0x02,0x03,0x02, + 0x3A,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05, + 0x00,0x30,0x42,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, + 0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0A,0x13,0x0D,0x47,0x65,0x6F,0x54,0x72, + 0x75,0x73,0x74,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04, + 0x03,0x13,0x12,0x47,0x65,0x6F,0x54,0x72,0x75,0x73,0x74,0x20,0x47,0x6C,0x6F,0x62, + 0x61,0x6C,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x34,0x30,0x36,0x31,0x36,0x31, + 0x35,0x34,0x32,0x30,0x32,0x5A,0x17,0x0D,0x32,0x32,0x30,0x35,0x32,0x30,0x31,0x35, + 0x34,0x32,0x30,0x32,0x5A,0x30,0x62,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x03, + 0x13,0x13,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x53,0x54,0x20,0x43,0x41,0x20,0x32, + 0x20,0x2D,0x20,0x47,0x31,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x13,0x17, + 0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75, + 0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A, + 0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09, + 0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06, + 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F, + 0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xD0,0x93,0xA1,0x1D,0x47,0x43, + 0x20,0x16,0xB2,0x0B,0x6B,0xEB,0xC3,0xD5,0xB4,0xE8,0xC7,0x98,0xCD,0xF3,0xDE,0xBF, + 0xE8,0x4D,0xE9,0xE3,0x36,0x80,0x07,0xFC,0x45,0x1B,0x6A,0x7C,0x45,0x86,0xAE,0x56, + 0xD3,0xA4,0x09,0x7F,0x61,0x0D,0x6B,0x5D,0x7E,0x52,0x6B,0x7D,0xB4,0xC8,0x39,0xC4, + 0xF4,0x67,0x3A,0xF7,0x83,0xCE,0x19,0x6F,0x86,0x2F,0x7E,0x45,0x7E,0x47,0x1C,0x67, + 0x52,0xCA,0x95,0x05,0x5D,0xE2,0x36,0x51,0x85,0xC0,0xD4,0x67,0x80,0x35,0x6F,0x15, + 0xDD,0x3E,0xFD,0x1D,0xD2,0xFD,0x8F,0x34,0x50,0xD8,0xEC,0x76,0x2A,0xBE,0xE3,0xD3, + 0xDA,0xE4,0xFD,0xC8,0xEB,0x28,0x02,0x96,0x11,0x97,0x17,0x61,0x1C,0xE9,0xC4,0x59, + 0x3B,0x42,0xDC,0x32,0xD1,0x09,0x1D,0xDA,0xA6,0xD1,0x43,0x86,0xFF,0x5E,0xB2,0xBC, + 0x8C,0xCF,0x66,0xDB,0x01,0x8B,0x02,0xAE,0x94,0x48,0xF3,0x38,0x8F,0xFD,0xEA,0x32, + 0xA8,0x08,0xEC,0x86,0x97,0x51,0x94,0x24,0x3E,0x49,0x49,0x96,0x53,0xE8,0x79,0xA1, + 0x40,0x81,0xE9,0x05,0xBB,0x93,0x95,0x51,0xFC,0xE3,0xFD,0x7C,0x11,0x4B,0xF7,0x9E, + 0x08,0xB3,0x15,0x49,0x15,0x07,0xF9,0xD1,0x37,0xA0,0x9B,0x4B,0x32,0xF6,0xB5,0xC4, + 0xDC,0x6A,0xD1,0xFC,0x0A,0xED,0xF6,0xE0,0xC5,0x29,0xA0,0xA8,0x8B,0x71,0xFE,0x0D, + 0x92,0xBC,0xFE,0x54,0x70,0x18,0x0A,0x6D,0xC7,0xED,0x0C,0xFB,0xC9,0x2D,0x06,0xC3, + 0x8C,0x85,0xFC,0xCB,0x86,0x5C,0xD6,0x36,0x8E,0x12,0x8B,0x09,0x7F,0xFB,0x19,0x1A, + 0x38,0xD5,0xF0,0x94,0x30,0x7A,0x0F,0xA6,0x8C,0xF3,0x02,0x03,0x01,0x00,0x01,0xA3, + 0x82,0x01,0x1D,0x30,0x82,0x01,0x19,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18, + 0x30,0x16,0x80,0x14,0xC0,0x7A,0x98,0x68,0x8D,0x89,0xFB,0xAB,0x05,0x64,0x0C,0x11, + 0x7D,0xAA,0x7D,0x65,0xB8,0xCA,0xCC,0x4E,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04, + 0x16,0x04,0x14,0xD8,0x7A,0x94,0x44,0x7C,0x90,0x70,0x90,0x16,0x9E,0xDD,0x17,0x9C, + 0x01,0x44,0x03,0x86,0xD6,0x2A,0x29,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01, + 0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x0E,0x06,0x03,0x55, + 0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x35,0x06,0x03,0x55, + 0x1D,0x1F,0x04,0x2E,0x30,0x2C,0x30,0x2A,0xA0,0x28,0xA0,0x26,0x86,0x24,0x68,0x74, + 0x74,0x70,0x3A,0x2F,0x2F,0x67,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D, + 0x2F,0x63,0x72,0x6C,0x73,0x2F,0x67,0x74,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x2E,0x63, + 0x72,0x6C,0x30,0x2E,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x22, + 0x30,0x20,0x30,0x1E,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x12, + 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x67,0x2E,0x73,0x79,0x6D,0x63,0x64,0x2E,0x63, + 0x6F,0x6D,0x30,0x4C,0x06,0x03,0x55,0x1D,0x20,0x04,0x45,0x30,0x43,0x30,0x41,0x06, + 0x0A,0x60,0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x07,0x36,0x30,0x33,0x30,0x31,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x25,0x68,0x74,0x74,0x70,0x3A, + 0x2F,0x2F,0x77,0x77,0x77,0x2E,0x67,0x65,0x6F,0x74,0x72,0x75,0x73,0x74,0x2E,0x63, + 0x6F,0x6D,0x2F,0x72,0x65,0x73,0x6F,0x75,0x72,0x63,0x65,0x73,0x2F,0x63,0x70,0x73, + 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03, + 0x82,0x01,0x01,0x00,0x16,0x47,0x73,0x6F,0x85,0xA2,0x62,0xE1,0xE7,0x2A,0x76,0xBB, + 0x89,0x95,0x42,0x26,0x97,0xBC,0x4A,0xAC,0xAC,0x70,0x53,0x3A,0x3F,0x31,0x83,0x3D, + 0x3C,0x1C,0xAB,0x9A,0xE2,0xB1,0x5D,0x1C,0x76,0x1A,0xA0,0x3C,0x0C,0x72,0x57,0xBE, + 0xD3,0x9E,0x50,0xE0,0xC8,0x99,0xD6,0x58,0xD7,0x02,0xEA,0xCE,0x0D,0x29,0x54,0x7C, + 0xCD,0xF5,0xC2,0xC6,0x90,0x29,0x55,0xA3,0x6F,0x14,0xA8,0x0B,0x42,0x0D,0x3A,0x98, + 0x6D,0x06,0x78,0x9E,0xF0,0x6A,0xA3,0x1D,0x02,0x0A,0xA2,0x28,0xA4,0x8D,0xC2,0x81, + 0x46,0x3E,0x6D,0x67,0xDA,0xDE,0x3F,0xFE,0x85,0x0E,0x42,0x2A,0x12,0xDE,0xB5,0xB7, + 0xFB,0xB8,0x1B,0xA7,0x96,0xEC,0x77,0x9F,0xEC,0xD4,0x53,0x95,0x7A,0xFF,0x07,0xF4, + 0xF2,0x0A,0x14,0xC0,0x51,0x52,0xB1,0xD6,0x8E,0x50,0x0B,0x1A,0x99,0x5C,0xBC,0x0B, + 0xC9,0xBD,0xED,0xED,0xF8,0x5E,0xC1,0x56,0xDB,0x4D,0x7E,0x23,0xA4,0x11,0xA1,0x2C, + 0xD4,0x1B,0x05,0x9A,0xE4,0x1B,0x52,0xF6,0x7C,0x38,0x99,0x05,0x4B,0xBA,0x72,0x8D, + 0x42,0x89,0x60,0x04,0x66,0x2A,0xF4,0xFD,0x68,0xD7,0x6B,0xF7,0x99,0x41,0x28,0xD6, + 0x6C,0x24,0xAB,0xE6,0x25,0x53,0x2E,0xC8,0x82,0x99,0xE2,0xA2,0x8F,0x23,0xBE,0x30, + 0x83,0xB1,0x27,0x8B,0xFA,0x68,0x7F,0x01,0x49,0xE8,0xC6,0x98,0x6B,0x10,0x2E,0x98, + 0x5E,0x8A,0xD7,0xCA,0x4B,0xB1,0xC7,0xC9,0x58,0x9A,0xD0,0x36,0xDB,0x96,0x95,0xEC, + 0xB6,0x81,0xE4,0xF2,0xCD,0x6F,0x1B,0x79,0x87,0x4C,0x10,0x3C,0x89,0xE4,0x4D,0xFA, + 0x54,0xDC,0xAA,0xA6, +}; + +unsigned char ocsp_smime_leaf_certificate[1338]={ + 0x30,0x82,0x05,0x36,0x30,0x82,0x04,0x1E,0xA0,0x03,0x02,0x01,0x02,0x02,0x0D,0x14, + 0x00,0x01,0x00,0x02,0x9C,0xE1,0xB9,0xE0,0x7C,0xD1,0x7B,0xEC,0x30,0x0D,0x06,0x09, + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x7C,0x31,0x0B,0x30, + 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x1C,0x30,0x1A,0x06,0x03, + 0x55,0x04,0x0A,0x13,0x13,0x54,0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6E, + 0x74,0x65,0x72,0x20,0x47,0x6D,0x62,0x48,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04, + 0x0B,0x13,0x1C,0x54,0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6E,0x74,0x65, + 0x72,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x31,0x20,0x4C,0x31,0x20,0x43,0x41,0x31, + 0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x03,0x13,0x1F,0x54,0x43,0x20,0x54,0x72,0x75, + 0x73,0x74,0x43,0x65,0x6E,0x74,0x65,0x72,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x31, + 0x20,0x4C,0x31,0x20,0x43,0x41,0x20,0x49,0x58,0x30,0x1E,0x17,0x0D,0x31,0x30,0x31, + 0x31,0x31,0x32,0x30,0x36,0x33,0x36,0x34,0x35,0x5A,0x17,0x0D,0x31,0x31,0x31,0x31, + 0x31,0x33,0x30,0x36,0x33,0x36,0x34,0x35,0x5A,0x30,0x24,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04, + 0x03,0x13,0x0C,0x51,0x75,0x69,0x6E,0x6E,0x20,0x54,0x61,0x79,0x6C,0x6F,0x72,0x30, + 0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01, + 0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00, + 0xC1,0x11,0xAA,0x04,0xCF,0x04,0xA0,0x07,0xF3,0x43,0x2A,0xB2,0x27,0x1A,0x13,0x35, + 0x97,0x9A,0xBA,0x34,0xE5,0x84,0xF3,0xD5,0xE5,0xD9,0xAB,0x23,0x8D,0xB4,0x7E,0x68, + 0x5C,0xF2,0x9A,0xF1,0x08,0x9B,0x04,0x34,0xC1,0x09,0x14,0x68,0xD8,0x9C,0xC1,0x6C, + 0x27,0xF5,0x92,0x54,0xAF,0x66,0x65,0xF1,0x50,0xAA,0x7E,0xE3,0xFC,0xC1,0xB0,0x3E, + 0xEF,0xAA,0x86,0x58,0x4F,0xE7,0x86,0x0A,0x74,0xA6,0x97,0xBD,0x7D,0xF6,0xCE,0xA6, + 0x8B,0xF7,0xC0,0x90,0x6E,0x50,0x69,0x36,0x65,0x82,0x0F,0x65,0xA7,0x2C,0x16,0xFA, + 0x6C,0xCA,0x54,0x45,0x7C,0x06,0x20,0x72,0xF0,0x00,0x7B,0xD7,0x17,0xCD,0x94,0x64, + 0x6A,0xB7,0x28,0xF3,0x62,0xB1,0x29,0xAE,0x0C,0x8A,0x2F,0x3C,0x06,0x89,0xE8,0x81, + 0x77,0xAD,0x1F,0x65,0xED,0x6F,0x51,0x64,0x65,0x68,0x76,0xD8,0xEE,0xEC,0xA6,0x28, + 0xA9,0x1C,0x4F,0x98,0x4A,0x6D,0xD0,0xC8,0x5C,0x59,0x17,0x9B,0xF8,0x6D,0xF5,0x93, + 0xD3,0x4C,0x2A,0x37,0x80,0x65,0xB4,0x34,0xBA,0x64,0x2F,0xA1,0x8E,0x1C,0x6A,0x88, + 0x7C,0xA3,0xDB,0xDD,0x00,0x9B,0x78,0x51,0x7B,0xA6,0x8D,0xDD,0x43,0x9B,0xB2,0x2E, + 0x4B,0x1E,0xB3,0x34,0x37,0x3F,0x63,0x08,0x8C,0xC8,0xCF,0xD0,0xB0,0x8C,0xBF,0x8F, + 0xA7,0x49,0xBD,0x48,0x1D,0xB5,0x1E,0x6A,0x42,0x48,0x16,0x9A,0x7C,0xD3,0x55,0x6B, + 0xFF,0xD6,0xBA,0x70,0xF3,0x5F,0x1F,0x57,0x16,0xE0,0x1C,0xF1,0x73,0x22,0xD9,0x33, + 0xA7,0x20,0xE8,0xED,0x52,0x2A,0xE9,0x6F,0xCF,0xFB,0x76,0xAC,0xB8,0x5D,0x9B,0xAB, + 0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0x0D,0x30,0x82,0x02,0x09,0x30,0x81,0xA5, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0x98,0x30,0x81,0x95, + 0x30,0x51,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x45,0x68,0x74, + 0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x74,0x72,0x75,0x73,0x74,0x63,0x65, + 0x6E,0x74,0x65,0x72,0x2E,0x64,0x65,0x2F,0x63,0x65,0x72,0x74,0x73,0x65,0x72,0x76, + 0x69,0x63,0x65,0x73,0x2F,0x63,0x61,0x63,0x65,0x72,0x74,0x73,0x2F,0x74,0x63,0x5F, + 0x63,0x6C,0x61,0x73,0x73,0x31,0x5F,0x4C,0x31,0x5F,0x43,0x41,0x5F,0x49,0x58,0x2E, + 0x63,0x72,0x74,0x30,0x40,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86, + 0x34,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x69,0x78,0x2E, + 0x74,0x63,0x63,0x6C,0x61,0x73,0x73,0x31,0x2E,0x74,0x63,0x75,0x6E,0x69,0x76,0x65, + 0x72,0x73,0x61,0x6C,0x2D,0x69,0x2E,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6E,0x74, + 0x65,0x72,0x2E,0x64,0x65,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16, + 0x80,0x14,0xE9,0xB8,0x28,0x1D,0x46,0xCF,0xFC,0xCD,0xF8,0x4E,0x9B,0xC5,0xEE,0x4B, + 0x60,0xEB,0xD8,0x3B,0x3F,0xD1,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF, + 0x04,0x02,0x30,0x00,0x30,0x4A,0x06,0x03,0x55,0x1D,0x20,0x04,0x43,0x30,0x41,0x30, + 0x3F,0x06,0x09,0x2A,0x82,0x14,0x00,0x2C,0x01,0x01,0x01,0x01,0x30,0x32,0x30,0x30, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x24,0x68,0x74,0x74,0x70, + 0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6E,0x74, + 0x65,0x72,0x2E,0x64,0x65,0x2F,0x67,0x75,0x69,0x64,0x65,0x6C,0x69,0x6E,0x65,0x73, + 0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x04,0xF0, + 0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xF8,0x4D,0x7F,0xDE,0xFA, + 0x21,0x2E,0xAF,0x96,0xBB,0xAA,0x9B,0x22,0x56,0x80,0xF0,0x8E,0xD4,0x6A,0x52,0x30, + 0x62,0x06,0x03,0x55,0x1D,0x1F,0x04,0x5B,0x30,0x59,0x30,0x57,0xA0,0x55,0xA0,0x53, + 0x86,0x51,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x69,0x78,0x2E, + 0x74,0x63,0x63,0x6C,0x61,0x73,0x73,0x31,0x2E,0x74,0x63,0x75,0x6E,0x69,0x76,0x65, + 0x72,0x73,0x61,0x6C,0x2D,0x69,0x2E,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6E,0x74, + 0x65,0x72,0x2E,0x64,0x65,0x2F,0x63,0x72,0x6C,0x2F,0x76,0x32,0x2F,0x74,0x63,0x5F, + 0x43,0x6C,0x61,0x73,0x73,0x31,0x5F,0x4C,0x31,0x5F,0x43,0x41,0x5F,0x49,0x58,0x2E, + 0x63,0x72,0x6C,0x30,0x33,0x06,0x03,0x55,0x1D,0x25,0x04,0x2C,0x30,0x2A,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x03,0x04,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,0x06,0x0A,0x2B,0x06, + 0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,0x30,0x1C,0x06,0x03,0x55,0x1D,0x11,0x04, + 0x15,0x30,0x13,0x81,0x11,0x71,0x74,0x61,0x79,0x6C,0x6F,0x72,0x40,0x61,0x70,0x70, + 0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D, + 0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x0D,0xCF,0x33,0xAB,0x3D,0xD3, + 0xD2,0x06,0x2C,0x20,0x3C,0xEC,0x0C,0xE4,0xA5,0x19,0x86,0xB3,0xA7,0xA9,0xA6,0xE9, + 0xDC,0xB4,0x35,0xBB,0x0D,0x67,0xD5,0xBD,0x5F,0x93,0xD9,0x2E,0xA0,0x05,0x2A,0xED, + 0xAE,0x41,0xD9,0xEE,0x30,0xA8,0x82,0x50,0xD0,0x4B,0x04,0x6B,0x37,0xAE,0xC0,0x10, + 0x89,0x05,0x68,0x82,0x91,0x2B,0x5B,0xE2,0x7D,0xA6,0x87,0xF7,0x26,0x96,0xBA,0x2A, + 0x52,0x03,0x97,0xF6,0x2E,0x0D,0x81,0x65,0x24,0x10,0xD5,0x8C,0xB3,0xCD,0x19,0x58, + 0xAF,0x3A,0x3D,0x2F,0x10,0x30,0x79,0x6A,0xD6,0x08,0x8F,0x8B,0x9D,0x1D,0xF8,0x19, + 0xE4,0x24,0x2B,0xE0,0x7F,0x73,0xE1,0x50,0x9C,0x53,0xE1,0x46,0xC7,0xA7,0xBD,0x71, + 0xCD,0xFF,0x39,0xA0,0x50,0xA5,0xA8,0xD9,0x50,0x39,0x6C,0x36,0x1C,0x13,0x89,0x8A, + 0x0D,0x9D,0x06,0x1B,0xAA,0x59,0x40,0xC1,0xAF,0xED,0x66,0x31,0xB8,0xA0,0x9F,0xCF, + 0xA6,0x8A,0x2E,0xC2,0x1A,0x4B,0xDB,0x62,0x15,0x6E,0x10,0x2F,0x82,0x3C,0xF8,0xA2, + 0x18,0x63,0xCC,0x67,0x13,0x42,0x07,0x43,0xDB,0x20,0x13,0xC7,0xAC,0xCE,0xCB,0xEA, + 0x7E,0x53,0xA6,0x01,0x81,0xB2,0x6E,0x92,0x2B,0x0C,0xF9,0x01,0x2C,0x11,0xC9,0x00, + 0x10,0x58,0x64,0x56,0x91,0xAC,0xAA,0xF6,0xE0,0x73,0xC7,0x59,0xEC,0xCE,0x51,0x7E, + 0xAD,0x9F,0x04,0xA4,0x38,0x74,0x65,0xD0,0x23,0xBD,0x6E,0xDF,0x64,0x79,0xE2,0xA3, + 0x37,0x19,0x2F,0x8C,0x41,0x8B,0x5F,0x6D,0x84,0x61,0x54,0xD1,0x26,0x18,0x70,0xAD, + 0xE5,0xF4,0xCD,0x59,0xED,0x9E,0xE0,0xC9,0x9F,0xD3, +}; + +unsigned char ocsp_smime_CA_certificate[1500]={ + 0x30,0x82,0x05,0xD8,0x30,0x82,0x04,0xC0,0xA0,0x03,0x02,0x01,0x02,0x02,0x0E,0x06, + 0xE8,0x00,0x01,0x00,0x02,0x4A,0x96,0x2D,0x24,0x0C,0xFE,0xC5,0xC9,0x30,0x0D,0x06, + 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x79,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x1C,0x30,0x1A,0x06, + 0x03,0x55,0x04,0x0A,0x13,0x13,0x54,0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65, + 0x6E,0x74,0x65,0x72,0x20,0x47,0x6D,0x62,0x48,0x31,0x24,0x30,0x22,0x06,0x03,0x55, + 0x04,0x0B,0x13,0x1B,0x54,0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6E,0x74, + 0x65,0x72,0x20,0x55,0x6E,0x69,0x76,0x65,0x72,0x73,0x61,0x6C,0x20,0x43,0x41,0x31, + 0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x03,0x13,0x1D,0x54,0x43,0x20,0x54,0x72,0x75, + 0x73,0x74,0x43,0x65,0x6E,0x74,0x65,0x72,0x20,0x55,0x6E,0x69,0x76,0x65,0x72,0x73, + 0x61,0x6C,0x20,0x43,0x41,0x20,0x49,0x30,0x1E,0x17,0x0D,0x30,0x39,0x31,0x31,0x30, + 0x33,0x31,0x34,0x30,0x38,0x31,0x39,0x5A,0x17,0x0D,0x32,0x35,0x31,0x32,0x33,0x31, + 0x32,0x31,0x35,0x39,0x35,0x39,0x5A,0x30,0x7C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55, + 0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,0x13, + 0x13,0x54,0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6E,0x74,0x65,0x72,0x20, + 0x47,0x6D,0x62,0x48,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x13,0x1C,0x54, + 0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6E,0x74,0x65,0x72,0x20,0x43,0x6C, + 0x61,0x73,0x73,0x20,0x31,0x20,0x4C,0x31,0x20,0x43,0x41,0x31,0x28,0x30,0x26,0x06, + 0x03,0x55,0x04,0x03,0x13,0x1F,0x54,0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65, + 0x6E,0x74,0x65,0x72,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x31,0x20,0x4C,0x31,0x20, + 0x43,0x41,0x20,0x49,0x58,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01, + 0x0A,0x02,0x82,0x01,0x01,0x00,0xBB,0xE6,0x90,0x6E,0xCF,0x62,0xE9,0xE9,0x0B,0xAA, + 0xB6,0x10,0xD5,0x47,0xE5,0x7C,0x5D,0x2B,0x27,0x71,0x9A,0x68,0xCD,0x55,0x6D,0xE4, + 0xA2,0xEF,0xE4,0xFE,0xF2,0x7A,0x63,0x11,0xC2,0x57,0x8A,0xC8,0x7D,0xCF,0x8E,0x66, + 0x1F,0x65,0x45,0x4B,0xEB,0x80,0x62,0x69,0xBD,0x46,0x8E,0x8B,0xC5,0x6E,0x5A,0x95, + 0x18,0x2A,0xDE,0xA7,0xF1,0x1F,0x75,0x1A,0x27,0xAB,0x6D,0x32,0x53,0xE3,0xFB,0x4D, + 0x58,0x62,0x2C,0xFF,0x19,0xE5,0xC7,0xA0,0x0D,0x9A,0x2D,0x21,0x88,0x59,0x84,0xCD, + 0x1D,0xF1,0xC3,0xC8,0x8A,0x3E,0xB0,0xE5,0xDE,0x08,0x24,0xCF,0xFC,0x40,0x2C,0xBA, + 0x41,0x23,0x94,0xBB,0x80,0x12,0x89,0x35,0x48,0xB6,0x86,0x04,0xE0,0x01,0x4F,0x8C, + 0xBA,0xA9,0x98,0xFC,0x1C,0x89,0xED,0x1F,0x8A,0xA1,0xC7,0x86,0x98,0x26,0x1E,0x72, + 0x65,0x6B,0xFE,0xCF,0x65,0xD9,0x0C,0x64,0x4B,0x1A,0x09,0xF5,0x43,0x11,0x60,0x66, + 0x26,0xE3,0x33,0x56,0x9A,0xC9,0x3D,0x3E,0x34,0x6A,0x78,0xC6,0xE5,0x50,0x4B,0xC8, + 0xCD,0x88,0xE4,0x39,0x6C,0x50,0x26,0x9E,0x40,0x2C,0xB6,0x3B,0x7C,0x37,0xB2,0xA7, + 0xF5,0xDD,0xDC,0xB3,0x51,0xCB,0xF4,0xDC,0x82,0x02,0xB8,0xD7,0x3A,0xDE,0xDA,0x30, + 0x5C,0x0D,0xF5,0x42,0xDD,0x13,0x69,0x53,0x54,0xE9,0x80,0x26,0x42,0x33,0x1E,0xA5, + 0xD7,0xCC,0x6E,0xCA,0x66,0x09,0x9F,0x86,0xF0,0x3D,0xBE,0xC6,0x8A,0x61,0x10,0xF3, + 0xD1,0xFF,0x5B,0xE4,0xB2,0xDB,0x2D,0xB2,0x65,0x0C,0xA9,0x7D,0x17,0xAC,0xBA,0x27, + 0x4D,0x42,0x5C,0xCE,0x09,0x4F,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0x59,0x30, + 0x82,0x02,0x55,0x30,0x81,0x9A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, + 0x04,0x81,0x8D,0x30,0x81,0x8A,0x30,0x52,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x30,0x02,0x86,0x46,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x74, + 0x72,0x75,0x73,0x74,0x63,0x65,0x6E,0x74,0x65,0x72,0x2E,0x64,0x65,0x2F,0x63,0x65, + 0x72,0x74,0x73,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x2F,0x63,0x61,0x63,0x65,0x72, + 0x74,0x73,0x2F,0x74,0x63,0x5F,0x75,0x6E,0x69,0x76,0x65,0x72,0x73,0x61,0x6C,0x5F, + 0x72,0x6F,0x6F,0x74,0x5F,0x49,0x2E,0x63,0x72,0x74,0x30,0x34,0x06,0x08,0x2B,0x06, + 0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x28,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F, + 0x63,0x73,0x70,0x2E,0x74,0x63,0x75,0x6E,0x69,0x76,0x65,0x72,0x73,0x61,0x6C,0x2D, + 0x49,0x2E,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6E,0x74,0x65,0x72,0x2E,0x64,0x65, + 0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x92,0xA4,0x75, + 0x2C,0xA4,0x9E,0xBE,0x81,0x44,0xEB,0x79,0xFC,0x8A,0xC5,0x95,0xA5,0xEB,0x10,0x75, + 0x73,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01, + 0x01,0xFF,0x02,0x01,0x00,0x30,0x52,0x06,0x03,0x55,0x1D,0x20,0x04,0x4B,0x30,0x49, + 0x30,0x06,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x3F,0x06,0x09,0x2A,0x82,0x14,0x00, + 0x2C,0x01,0x01,0x01,0x01,0x30,0x32,0x30,0x30,0x06,0x08,0x2B,0x06,0x01,0x05,0x05, + 0x07,0x02,0x01,0x16,0x24,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E, + 0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6E,0x74,0x65,0x72,0x2E,0x64,0x65,0x2F,0x67, + 0x75,0x69,0x64,0x65,0x6C,0x69,0x6E,0x65,0x73,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F, + 0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E, + 0x04,0x16,0x04,0x14,0xE9,0xB8,0x28,0x1D,0x46,0xCF,0xFC,0xCD,0xF8,0x4E,0x9B,0xC5, + 0xEE,0x4B,0x60,0xEB,0xD8,0x3B,0x3F,0xD1,0x30,0x81,0xFD,0x06,0x03,0x55,0x1D,0x1F, + 0x04,0x81,0xF5,0x30,0x81,0xF2,0x30,0x81,0xEF,0xA0,0x81,0xEC,0xA0,0x81,0xE9,0x86, + 0x46,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x74,0x63,0x75,0x6E, + 0x69,0x76,0x65,0x72,0x73,0x61,0x6C,0x2D,0x49,0x2E,0x74,0x72,0x75,0x73,0x74,0x63, + 0x65,0x6E,0x74,0x65,0x72,0x2E,0x64,0x65,0x2F,0x63,0x72,0x6C,0x2F,0x76,0x32,0x2F, + 0x74,0x63,0x5F,0x75,0x6E,0x69,0x76,0x65,0x72,0x73,0x61,0x6C,0x5F,0x72,0x6F,0x6F, + 0x74,0x5F,0x49,0x2E,0x63,0x72,0x6C,0x86,0x81,0x9E,0x6C,0x64,0x61,0x70,0x3A,0x2F, + 0x2F,0x77,0x77,0x77,0x2E,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6E,0x74,0x65,0x72, + 0x2E,0x64,0x65,0x2F,0x43,0x4E,0x3D,0x54,0x43,0x25,0x32,0x30,0x54,0x72,0x75,0x73, + 0x74,0x43,0x65,0x6E,0x74,0x65,0x72,0x25,0x32,0x30,0x55,0x6E,0x69,0x76,0x65,0x72, + 0x73,0x61,0x6C,0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x49,0x2C,0x4F,0x3D,0x54, + 0x43,0x25,0x32,0x30,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6E,0x74,0x65,0x72,0x25, + 0x32,0x30,0x47,0x6D,0x62,0x48,0x2C,0x4F,0x55,0x3D,0x72,0x6F,0x6F,0x74,0x63,0x65, + 0x72,0x74,0x73,0x2C,0x44,0x43,0x3D,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6E,0x74, + 0x65,0x72,0x2C,0x44,0x43,0x3D,0x64,0x65,0x3F,0x63,0x65,0x72,0x74,0x69,0x66,0x69, + 0x63,0x61,0x74,0x65,0x52,0x65,0x76,0x6F,0x63,0x61,0x74,0x69,0x6F,0x6E,0x4C,0x69, + 0x73,0x74,0x3F,0x62,0x61,0x73,0x65,0x3F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86, + 0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x39,0xC8,0xC4,0x9B, + 0xEE,0xBE,0x98,0xEE,0x48,0x72,0x6F,0x8D,0xE7,0x71,0xB6,0x0E,0x90,0x8C,0xD3,0xB2, + 0xC1,0x15,0x21,0xA8,0x46,0x90,0x68,0x5F,0x4A,0x04,0xF1,0x3A,0xC9,0x68,0x84,0x21, + 0xD8,0xA5,0xE6,0x04,0x75,0x5D,0x9F,0xD2,0xD4,0xF2,0x4B,0x77,0x43,0x32,0xDC,0x95, + 0xCB,0x60,0xBF,0x02,0x55,0xD0,0xAC,0x1C,0xB0,0xC5,0x14,0x97,0x9B,0x65,0x0A,0xC3, + 0x0F,0xA5,0x1D,0xEC,0xD8,0x49,0x39,0x95,0xB5,0xA9,0xBE,0xFA,0xF4,0x1E,0xAB,0x56, + 0xE7,0xA6,0xE5,0x01,0x08,0x88,0x35,0x5F,0x67,0x05,0xDD,0x44,0x24,0x50,0x12,0x22, + 0x44,0x63,0x79,0xF1,0x9B,0x57,0x69,0xCE,0xAB,0xD6,0x33,0x51,0x4F,0x8D,0xF0,0x70, + 0x3B,0x8E,0xAD,0x51,0x3A,0x17,0x7F,0x35,0x96,0x6B,0x68,0x68,0x63,0xB6,0x1C,0x0A, + 0xC9,0xF8,0xDF,0x1D,0x5E,0xCF,0x2B,0x11,0xA5,0x63,0xED,0xCC,0xD0,0xC6,0xD3,0x20, + 0x6F,0xAA,0xFC,0x68,0x48,0x7E,0x6D,0x1E,0xB8,0x3A,0x45,0xAA,0x12,0x86,0xF3,0xC7, + 0xBD,0x00,0xB5,0xEB,0xFE,0xEA,0x12,0x9F,0x73,0x33,0x78,0xE7,0x28,0x39,0x68,0xD3, + 0xA5,0x6D,0xDA,0x76,0xD1,0x4E,0xE1,0x55,0x95,0x80,0xA6,0xE0,0x1B,0xB8,0xCD,0xAC, + 0x56,0xEF,0x45,0x59,0x47,0x98,0x52,0xDB,0x3A,0x6E,0x26,0xB2,0x31,0x39,0x69,0x75, + 0xB1,0x2E,0x24,0xF0,0xA4,0x9D,0x97,0x88,0x5E,0x33,0x29,0xC6,0xB5,0xBC,0x07,0x40, + 0x3A,0x0C,0x3D,0xBA,0xCF,0x74,0x8C,0x4B,0x4E,0x7A,0x21,0xFA,0x1B,0x38,0xCD,0xC4, + 0x43,0x2F,0x6F,0xB4,0xDF,0x78,0xEE,0x99,0x92,0xE7,0x3A,0x1C, +}; + +unsigned char ocsp_smime_root_certificate[993]={ + 0x30,0x82,0x03,0xDD,0x30,0x82,0x02,0xC5,0xA0,0x03,0x02,0x01,0x02,0x02,0x0E,0x1D, + 0xA2,0x00,0x01,0x00,0x02,0xEC,0xB7,0x60,0x80,0x78,0x8D,0xB6,0x06,0x30,0x0D,0x06, + 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x79,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x1C,0x30,0x1A,0x06, + 0x03,0x55,0x04,0x0A,0x13,0x13,0x54,0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65, + 0x6E,0x74,0x65,0x72,0x20,0x47,0x6D,0x62,0x48,0x31,0x24,0x30,0x22,0x06,0x03,0x55, + 0x04,0x0B,0x13,0x1B,0x54,0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6E,0x74, + 0x65,0x72,0x20,0x55,0x6E,0x69,0x76,0x65,0x72,0x73,0x61,0x6C,0x20,0x43,0x41,0x31, + 0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x03,0x13,0x1D,0x54,0x43,0x20,0x54,0x72,0x75, + 0x73,0x74,0x43,0x65,0x6E,0x74,0x65,0x72,0x20,0x55,0x6E,0x69,0x76,0x65,0x72,0x73, + 0x61,0x6C,0x20,0x43,0x41,0x20,0x49,0x30,0x1E,0x17,0x0D,0x30,0x36,0x30,0x33,0x32, + 0x32,0x31,0x35,0x35,0x34,0x32,0x38,0x5A,0x17,0x0D,0x32,0x35,0x31,0x32,0x33,0x31, + 0x32,0x32,0x35,0x39,0x35,0x39,0x5A,0x30,0x79,0x31,0x0B,0x30,0x09,0x06,0x03,0x55, + 0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,0x13, + 0x13,0x54,0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6E,0x74,0x65,0x72,0x20, + 0x47,0x6D,0x62,0x48,0x31,0x24,0x30,0x22,0x06,0x03,0x55,0x04,0x0B,0x13,0x1B,0x54, + 0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6E,0x74,0x65,0x72,0x20,0x55,0x6E, + 0x69,0x76,0x65,0x72,0x73,0x61,0x6C,0x20,0x43,0x41,0x31,0x26,0x30,0x24,0x06,0x03, + 0x55,0x04,0x03,0x13,0x1D,0x54,0x43,0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6E, + 0x74,0x65,0x72,0x20,0x55,0x6E,0x69,0x76,0x65,0x72,0x73,0x61,0x6C,0x20,0x43,0x41, + 0x20,0x49,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D, + 0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82, + 0x01,0x01,0x00,0xA4,0x77,0x23,0x96,0x44,0xAF,0x90,0xF4,0x31,0xA7,0x10,0xF4,0x26, + 0x87,0x9C,0xF3,0x38,0xD9,0x0F,0x5E,0xDE,0xCF,0x41,0xE8,0x31,0xAD,0xC6,0x74,0x91, + 0x24,0x96,0x78,0x1E,0x09,0xA0,0x9B,0x9A,0x95,0x4A,0x4A,0xF5,0x62,0x7C,0x02,0xA8, + 0xCA,0xAC,0xFB,0x5A,0x04,0x76,0x39,0xDE,0x5F,0xF1,0xF9,0xB3,0xBF,0xF3,0x03,0x58, + 0x55,0xD2,0xAA,0xB7,0xE3,0x04,0x22,0xD1,0xF8,0x94,0xDA,0x22,0x08,0x00,0x8D,0xD3, + 0x7C,0x26,0x5D,0xCC,0x77,0x79,0xE7,0x2C,0x78,0x39,0xA8,0x26,0x73,0x0E,0xA2,0x5D, + 0x25,0x69,0x85,0x4F,0x55,0x0E,0x9A,0xEF,0xC6,0xB9,0x44,0xE1,0x57,0x3D,0xDF,0x1F, + 0x54,0x22,0xE5,0x6F,0x65,0xAA,0x33,0x84,0x3A,0xF3,0xCE,0x7A,0xBE,0x55,0x97,0xAE, + 0x8D,0x12,0x0F,0x14,0x33,0xE2,0x50,0x70,0xC3,0x49,0x87,0x13,0xBC,0x51,0xDE,0xD7, + 0x98,0x12,0x5A,0xEF,0x3A,0x83,0x33,0x92,0x06,0x75,0x8B,0x92,0x7C,0x12,0x68,0x7B, + 0x70,0x6A,0x0F,0xB5,0x9B,0xB6,0x77,0x5B,0x48,0x59,0x9D,0xE4,0xEF,0x5A,0xAD,0xF3, + 0xC1,0x9E,0xD4,0xD7,0x45,0x4E,0xCA,0x56,0x34,0x21,0xBC,0x3E,0x17,0x5B,0x6F,0x77, + 0x0C,0x48,0x01,0x43,0x29,0xB0,0xDD,0x3F,0x96,0x6E,0xE6,0x95,0xAA,0x0C,0xC0,0x20, + 0xB6,0xFD,0x3E,0x36,0x27,0x9C,0xE3,0x5C,0xCF,0x4E,0x81,0xDC,0x19,0xBB,0x91,0x90, + 0x7D,0xEC,0xE6,0x97,0x04,0x1E,0x93,0xCC,0x22,0x49,0xD7,0x97,0x86,0xB6,0x13,0x0A, + 0x3C,0x43,0x23,0x77,0x7E,0xF0,0xDC,0xE6,0xCD,0x24,0x1F,0x3B,0x83,0x9B,0x34,0x3A, + 0x83,0x34,0xE3,0x02,0x03,0x01,0x00,0x01,0xA3,0x63,0x30,0x61,0x30,0x1F,0x06,0x03, + 0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x92,0xA4,0x75,0x2C,0xA4,0x9E,0xBE, + 0x81,0x44,0xEB,0x79,0xFC,0x8A,0xC5,0x95,0xA5,0xEB,0x10,0x75,0x73,0x30,0x0F,0x06, + 0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x0E, + 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x1D, + 0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x92,0xA4,0x75,0x2C,0xA4,0x9E,0xBE, + 0x81,0x44,0xEB,0x79,0xFC,0x8A,0xC5,0x95,0xA5,0xEB,0x10,0x75,0x73,0x30,0x0D,0x06, + 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01, + 0x00,0x28,0xD2,0xE0,0x86,0xD5,0xE6,0xF8,0x7B,0xF0,0x97,0xDC,0x22,0x6B,0x3B,0x95, + 0x14,0x56,0x0F,0x11,0x30,0xA5,0x9A,0x4F,0x3A,0xB0,0x3A,0xE0,0x06,0xCB,0x65,0xF5, + 0xED,0xC6,0x97,0x27,0xFE,0x25,0xF2,0x57,0xE6,0x5E,0x95,0x8C,0x3E,0x64,0x60,0x15, + 0x5A,0x7F,0x2F,0x0D,0x01,0xC5,0xB1,0x60,0xFD,0x45,0x35,0xCF,0xF0,0xB2,0xBF,0x06, + 0xD9,0xEF,0x5A,0xBE,0xB3,0x62,0x21,0xB4,0xD7,0xAB,0x35,0x7C,0x53,0x3E,0xA6,0x27, + 0xF1,0xA1,0x2D,0xDA,0x1A,0x23,0x9D,0xCC,0xDD,0xEC,0x3C,0x2D,0x9E,0x27,0x34,0x5D, + 0x0F,0xC2,0x36,0x79,0xBC,0xC9,0x4A,0x62,0x2D,0xED,0x6B,0xD9,0x7D,0x41,0x43,0x7C, + 0xB6,0xAA,0xCA,0xED,0x61,0xB1,0x37,0x82,0x15,0x09,0x1A,0x8A,0x16,0x30,0xD8,0xEC, + 0xC9,0xD6,0x47,0x72,0x78,0x4B,0x10,0x46,0x14,0x8E,0x5F,0x0E,0xAF,0xEC,0xC7,0x2F, + 0xAB,0x10,0xD7,0xB6,0xF1,0x6E,0xEC,0x86,0xB2,0xC2,0xE8,0x0D,0x92,0x73,0xDC,0xA2, + 0xF4,0x0F,0x3A,0xBF,0x61,0x23,0x10,0x89,0x9C,0x48,0x40,0x6E,0x70,0x00,0xB3,0xD3, + 0xBA,0x37,0x44,0x58,0x11,0x7A,0x02,0x6A,0x88,0xF0,0x37,0x34,0xF0,0x19,0xE9,0xAC, + 0xD4,0x65,0x73,0xF6,0x69,0x8C,0x64,0x94,0x3A,0x79,0x85,0x29,0xB0,0x16,0x2B,0x0C, + 0x82,0x3F,0x06,0x9C,0xC7,0xFD,0x10,0x2B,0x9E,0x0F,0x2C,0xB6,0x9E,0xE3,0x15,0xBF, + 0xD9,0x36,0x1C,0xBA,0x25,0x1A,0x52,0x3D,0x1A,0xEC,0x22,0x0C,0x1C,0xE0,0xA4,0xA2, + 0x3D,0xF0,0xE8,0x39,0xCF,0x81,0xC0,0x7B,0xED,0x5D,0x1F,0x6F,0xC5,0xD0,0x0B,0xD7, + 0x98, +}; + +/* subject:/UID=398C878YJ2/ */ +/* issuer :/CN=Developer ID Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=US */ +uint8_t _probablyNotRevokedLeaf[]={ + 0x30,0x82,0x05,0x7A,0x30,0x82,0x04,0x62,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x03, + 0xB5,0x01,0x60,0xCB,0x4D,0x00,0xDE,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x79,0x31,0x2D,0x30,0x2B,0x06,0x03,0x55,0x04, + 0x03,0x0C,0x24,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20,0x49,0x44,0x20, + 0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75, + 0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B, + 0x0C,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, + 0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31, + 0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20, + 0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55, + 0x53,0x30,0x1E,0x17,0x0D,0x31,0x37,0x30,0x31,0x31,0x36,0x31,0x30,0x31,0x30,0x30, + 0x30,0x5A,0x17,0x0D,0x32,0x32,0x30,0x31,0x31,0x37,0x31,0x30,0x31,0x30,0x30,0x30, + 0x5A,0x30,0x81,0x9B,0x31,0x1A,0x30,0x18,0x06,0x0A,0x09,0x92,0x26,0x89,0x93,0xF2, + 0x2C,0x64,0x01,0x01,0x0C,0x0A,0x33,0x39,0x38,0x43,0x38,0x37,0x38,0x59,0x4A,0x32, + 0x31,0x40,0x30,0x3E,0x06,0x03,0x55,0x04,0x03,0x0C,0x37,0x44,0x65,0x76,0x65,0x6C, + 0x6F,0x70,0x65,0x72,0x20,0x49,0x44,0x20,0x41,0x70,0x70,0x6C,0x69,0x63,0x61,0x74, + 0x69,0x6F,0x6E,0x3A,0x20,0x52,0x75,0x73,0x6C,0x61,0x6E,0x20,0x47,0x61,0x72,0x69, + 0x66,0x75,0x6C,0x69,0x6E,0x20,0x28,0x33,0x39,0x38,0x43,0x38,0x37,0x38,0x59,0x4A, + 0x32,0x29,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0A,0x33,0x39,0x38, + 0x43,0x38,0x37,0x38,0x59,0x4A,0x32,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A, + 0x0C,0x10,0x52,0x75,0x73,0x6C,0x61,0x6E,0x20,0x47,0x61,0x72,0x69,0x66,0x75,0x6C, + 0x69,0x6E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30, + 0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01, + 0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00, + 0xC3,0xDB,0x84,0xA2,0xF1,0x89,0xA3,0x17,0xC6,0xF0,0x96,0xAA,0xE3,0xCF,0x16,0x71, + 0x7F,0x97,0x96,0xEF,0x95,0x27,0x73,0x49,0xCC,0x53,0xF0,0x1D,0x73,0x67,0xA7,0x58, + 0xC5,0x27,0xA9,0xEC,0x40,0x41,0xF6,0x6F,0x87,0x65,0x9D,0xD9,0xE1,0x16,0xF5,0xB5, + 0xBA,0xAF,0x39,0xC8,0xA0,0xA5,0x10,0x9D,0x6F,0x9A,0xD7,0xED,0x1F,0xB4,0xF6,0x90, + 0x55,0x73,0x60,0x0B,0xD4,0xEE,0xC6,0x39,0x33,0x02,0xAE,0xD9,0xEE,0x7F,0xFE,0x49, + 0x82,0x05,0x7D,0x0D,0x6E,0xA6,0x2C,0xF6,0x75,0xBD,0xBA,0xB4,0x5F,0x5E,0x9B,0x4F, + 0x85,0x3A,0x02,0x37,0xA8,0xB5,0xE1,0x42,0x57,0x97,0xA3,0x20,0xC3,0xFF,0xF5,0xC7, + 0x2F,0x0A,0xC2,0x06,0xA4,0x4E,0x24,0x7E,0xE2,0x72,0x20,0xC7,0x0E,0xC4,0x32,0xE8, + 0x0C,0x69,0xD7,0x99,0xF5,0xC5,0xDB,0xB7,0x4F,0x84,0xFB,0xAB,0x97,0x90,0x0A,0x6A, + 0x17,0xAD,0xD9,0x41,0xDD,0xE1,0x35,0x06,0x50,0x5B,0x79,0x6E,0x3A,0xC3,0x2C,0x92, + 0xE1,0x14,0x6F,0xAE,0xEC,0xC2,0xA6,0x5A,0x7F,0xB8,0x9D,0xE8,0x3A,0x6B,0x59,0x36, + 0xC3,0x56,0xA7,0x16,0x77,0xF3,0x91,0x61,0x33,0x05,0x23,0x04,0x96,0xAF,0x14,0x5F, + 0x2F,0x82,0x87,0xCE,0xDC,0x39,0x4E,0xD5,0xC5,0x1A,0x29,0xF9,0xE6,0xB8,0xAB,0xB8, + 0x62,0x39,0x2E,0x55,0x8E,0xA1,0x70,0xF9,0xE9,0x6D,0xA9,0x96,0xB9,0x59,0x22,0x1C, + 0x6E,0x8E,0x7D,0x30,0xB7,0xEA,0x1C,0xB2,0x1F,0x8D,0x59,0xF1,0x94,0x40,0x95,0xEA, + 0x4F,0xFE,0x53,0x50,0xA1,0xE0,0xC4,0x79,0x91,0x40,0x49,0x23,0x8D,0x96,0x4F,0x6D, + 0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0xE1,0x30,0x82,0x01,0xDD,0x30,0x3E,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x32,0x30,0x30,0x30,0x2E,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x22,0x68,0x74,0x74,0x70,0x3A, + 0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D, + 0x2F,0x6F,0x63,0x73,0x70,0x2D,0x64,0x65,0x76,0x69,0x64,0x30,0x31,0x30,0x1D,0x06, + 0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x79,0x35,0xB6,0x17,0xF0,0x11,0x85,0x00, + 0xFE,0xBA,0x56,0xF3,0x0C,0xA0,0x03,0xBE,0x71,0x64,0x0C,0x9C,0x30,0x0C,0x06,0x03, + 0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D, + 0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x57,0x17,0xED,0xA2,0xCF,0xDC,0x7C,0x98,0xA1, + 0x10,0xE0,0xFC,0xBE,0x87,0x2D,0x2C,0xF2,0xE3,0x17,0x54,0x30,0x82,0x01,0x0E,0x06, + 0x03,0x55,0x1D,0x20,0x04,0x82,0x01,0x05,0x30,0x82,0x01,0x01,0x30,0x81,0xFE,0x06, + 0x09,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x05,0x01,0x30,0x81,0xF0,0x30,0x28,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C,0x68,0x74,0x74,0x70,0x3A, + 0x2F,0x2F,0x77,0x77,0x77,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F, + 0x61,0x70,0x70,0x6C,0x65,0x63,0x61,0x30,0x81,0xC3,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x02,0x02,0x30,0x81,0xB6,0x0C,0x81,0xB3,0x52,0x65,0x6C,0x69,0x61,0x6E, + 0x63,0x65,0x20,0x6F,0x6E,0x20,0x74,0x68,0x69,0x73,0x20,0x63,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x62,0x79,0x20,0x61,0x6E,0x79,0x20,0x70,0x61, + 0x72,0x74,0x79,0x20,0x61,0x73,0x73,0x75,0x6D,0x65,0x73,0x20,0x61,0x63,0x63,0x65, + 0x70,0x74,0x61,0x6E,0x63,0x65,0x20,0x6F,0x66,0x20,0x74,0x68,0x65,0x20,0x74,0x68, + 0x65,0x6E,0x20,0x61,0x70,0x70,0x6C,0x69,0x63,0x61,0x62,0x6C,0x65,0x20,0x73,0x74, + 0x61,0x6E,0x64,0x61,0x72,0x64,0x20,0x74,0x65,0x72,0x6D,0x73,0x20,0x61,0x6E,0x64, + 0x20,0x63,0x6F,0x6E,0x64,0x69,0x74,0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66,0x20,0x75, + 0x73,0x65,0x2C,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20, + 0x70,0x6F,0x6C,0x69,0x63,0x79,0x20,0x61,0x6E,0x64,0x20,0x63,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x70,0x72,0x61,0x63,0x74,0x69,0x63, + 0x65,0x20,0x73,0x74,0x61,0x74,0x65,0x6D,0x65,0x6E,0x74,0x73,0x2E,0x30,0x0E,0x06, + 0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x07,0x80,0x30,0x16,0x06, + 0x03,0x55,0x1D,0x25,0x01,0x01,0xFF,0x04,0x0C,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01, + 0x05,0x05,0x07,0x03,0x03,0x30,0x13,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64, + 0x06,0x01,0x0D,0x01,0x01,0xFF,0x04,0x02,0x05,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86, + 0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x3F,0x66, + 0xE8,0xD2,0x30,0x23,0x41,0x7A,0xD9,0x4E,0x3E,0xCF,0xFE,0x89,0x30,0xB2,0x7C,0x32, + 0x84,0xE1,0xAE,0x95,0x8C,0xBE,0xA7,0x7A,0x42,0x67,0x4B,0x27,0x13,0x0A,0xA7,0x31, + 0xE7,0xEF,0x8F,0x6C,0xBD,0x26,0x09,0x75,0xC6,0xF1,0xD6,0x6D,0xCC,0x55,0x43,0x1E, + 0x80,0xC0,0x7B,0x31,0x42,0x72,0x80,0xA3,0x94,0xC2,0xB8,0x68,0xC6,0x5E,0xD6,0x10, + 0xFB,0x8C,0x52,0xE8,0xAD,0x0A,0xCE,0x11,0x20,0x5D,0xF4,0xFC,0xFA,0xE5,0x3F,0x96, + 0x02,0xDF,0xA7,0x22,0x11,0xF6,0xE6,0xF2,0xCE,0x5F,0x42,0xCF,0x13,0xED,0xCB,0xEE, + 0xEC,0xB0,0x01,0x76,0x4F,0xDC,0xD6,0x84,0x37,0x82,0x18,0x43,0x9F,0x17,0x61,0x88, + 0xBD,0x4B,0xEE,0xB8,0x2B,0xF8,0x37,0xC2,0x64,0x79,0xF5,0x63,0xBC,0x3A,0x41,0x80, + 0x2B,0x92,0x91,0x3D,0x4E,0x86,0x48,0xFE,0x66,0x4D,0xC0,0xCA,0xFB,0x77,0x68,0x3D, + 0x18,0xFA,0x5C,0xD2,0x4F,0xBC,0x23,0xC5,0xF2,0x8C,0xA6,0xAA,0x55,0x0B,0xDE,0xF7, + 0xD5,0x6E,0x88,0xBC,0x22,0x8E,0x45,0x8A,0x14,0x73,0xCF,0x69,0xAC,0xDE,0x2E,0xB8, + 0x24,0xEB,0x5C,0xC3,0x4C,0xC4,0xF0,0xCE,0xFC,0x94,0x9F,0x22,0x73,0x57,0x30,0x33, + 0x7A,0xB3,0x6C,0x43,0x1A,0x6C,0x79,0xFA,0x8E,0x14,0xF4,0x68,0x12,0x6F,0xCC,0xE8, + 0x2B,0x77,0xA5,0x6A,0xFE,0x9A,0xD4,0x3A,0x57,0x66,0x49,0x37,0x97,0xC8,0x38,0x91, + 0x14,0x4B,0x46,0x50,0xCF,0xF1,0x61,0x46,0x8C,0x9C,0xEB,0x99,0xD3,0x85,0x1B,0x53, + 0xED,0x60,0x88,0x79,0xEB,0xEA,0x2B,0xE3,0x33,0xEF,0x0D,0x58,0xEF,0xF5, +}; + +/* subject:/CN=Developer ID Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=US */ +/* issuer :/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA */ +uint8_t _devIDCA[] ={ + 0x30,0x82,0x04,0x04,0x30,0x82,0x02,0xEC,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x18, + 0x7A,0xA9,0xA8,0xC2,0x96,0x21,0x0C,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x62,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04, + 0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A, + 0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03, + 0x55,0x04,0x0B,0x13,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69, + 0x74,0x79,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x03,0x13,0x0D,0x41,0x70,0x70, + 0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x32, + 0x30,0x32,0x30,0x31,0x32,0x32,0x31,0x32,0x31,0x35,0x5A,0x17,0x0D,0x32,0x37,0x30, + 0x32,0x30,0x31,0x32,0x32,0x31,0x32,0x31,0x35,0x5A,0x30,0x79,0x31,0x2D,0x30,0x2B, + 0x06,0x03,0x55,0x04,0x03,0x0C,0x24,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72, + 0x20,0x49,0x44,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F, + 0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06, + 0x03,0x55,0x04,0x0B,0x0C,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74, + 0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72, + 0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70, + 0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04, + 0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01, + 0x0A,0x02,0x82,0x01,0x01,0x00,0x89,0x76,0x4F,0x06,0x5B,0x9A,0x41,0xEE,0xA5,0x23, + 0x2B,0x02,0xA3,0x5F,0xD7,0x73,0x3F,0xC0,0x35,0xB0,0x8B,0x84,0x0A,0x3F,0x06,0x24, + 0x7F,0xA7,0x95,0x3F,0xEB,0x4F,0x0E,0x93,0xAF,0xB4,0x0E,0xD0,0xC8,0x3E,0xE5,0x6D, + 0x18,0xB3,0x1F,0xE8,0x89,0x47,0xBF,0xD7,0x09,0x08,0xE4,0xFF,0x56,0x98,0x29,0x15, + 0xE7,0x94,0x9D,0xB9,0x35,0xA3,0x0A,0xCD,0xB4,0xC0,0xE1,0xE2,0x60,0xF4,0xCA,0xEC, + 0x29,0x78,0x45,0x69,0x69,0x60,0x6B,0x5F,0x8A,0x92,0xFC,0x9E,0x23,0xE6,0x3A,0xC2, + 0x22,0xB3,0x31,0x4F,0x1C,0xBA,0xF2,0xB6,0x34,0x59,0x42,0xEE,0xB0,0xA9,0x02,0x03, + 0x18,0x91,0x04,0xB6,0xB3,0x78,0x2E,0x33,0x1F,0x80,0x45,0x0D,0x45,0x6F,0xBB,0x0E, + 0x5A,0x5B,0x7F,0x3A,0xE7,0xD8,0x08,0xD7,0x0B,0x0E,0x32,0x6D,0xFB,0x86,0x36,0xE4, + 0x6C,0xAB,0xC4,0x11,0x8A,0x70,0x84,0x26,0xAA,0x9F,0x44,0xD1,0xF1,0xB8,0xC6,0x7B, + 0x94,0x17,0x9B,0x48,0xF7,0x0B,0x58,0x16,0xBA,0x23,0xC5,0x9F,0x15,0x39,0x7E,0xCA, + 0x5D,0xC3,0x32,0x5F,0x0F,0xE0,0x52,0x7F,0x40,0xEA,0xBE,0xAC,0x08,0x64,0x95,0x5B, + 0xC9,0x1A,0x9C,0xE5,0x80,0xCA,0x1F,0x6A,0x44,0x1C,0x6C,0x3E,0xC4,0xB0,0x26,0x1F, + 0x1D,0xEC,0x7B,0xAF,0x5E,0xA0,0x6A,0x3D,0x47,0xA9,0x58,0x12,0x31,0x3F,0x20,0x76, + 0x28,0x6D,0x1D,0x1C,0xB0,0xC2,0x4E,0x11,0x69,0x26,0x8B,0xCB,0xD6,0xD0,0x11,0x82, + 0xC9,0x4E,0x0F,0xF1,0x56,0x74,0xD0,0xD9,0x08,0x4B,0x66,0x78,0xA2,0xAB,0xAC,0xA7, + 0xE2,0xD2,0x4C,0x87,0x59,0xC9,0x02,0x03,0x01,0x00,0x01,0xA3,0x81,0xA6,0x30,0x81, + 0xA3,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x57,0x17,0xED,0xA2, + 0xCF,0xDC,0x7C,0x98,0xA1,0x10,0xE0,0xFC,0xBE,0x87,0x2D,0x2C,0xF2,0xE3,0x17,0x54, + 0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01, + 0xFF,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x2B,0xD0, + 0x69,0x47,0x94,0x76,0x09,0xFE,0xF4,0x6B,0x8D,0x2E,0x40,0xA6,0xF7,0x47,0x4D,0x7F, + 0x08,0x5E,0x30,0x2E,0x06,0x03,0x55,0x1D,0x1F,0x04,0x27,0x30,0x25,0x30,0x23,0xA0, + 0x21,0xA0,0x1F,0x86,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E, + 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x6F,0x6F,0x74,0x2E,0x63, + 0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02, + 0x01,0x86,0x30,0x10,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x06,0x02,0x06, + 0x04,0x02,0x05,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, + 0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x42,0x39,0x74,0x6B,0xA1,0xDC,0xC6,0xA4, + 0x8F,0x37,0x2A,0x8C,0xB3,0x1D,0x0A,0x44,0xBC,0x95,0x2C,0x7F,0xBC,0x59,0xB8,0xAC, + 0x61,0xFB,0x07,0x90,0x92,0x32,0xB9,0xD4,0xBF,0x3B,0xC1,0x50,0x39,0x6A,0x44,0x74, + 0xA2,0xEC,0x5B,0x1F,0x70,0xE5,0xAA,0xDD,0x4B,0x6C,0x1C,0x23,0x71,0x2D,0x5F,0xD1, + 0xC5,0x93,0xBE,0xEE,0x9B,0x8A,0x70,0x65,0x82,0x9D,0x16,0xE3,0x1A,0x10,0x17,0x89, + 0x2D,0xA8,0xCD,0xFD,0x0C,0x78,0x58,0x49,0x0C,0x28,0x7F,0x33,0xEE,0x00,0x7A,0x1B, + 0xB4,0x76,0xAC,0xB6,0xB5,0xBB,0x4F,0xDF,0xA8,0x1B,0x9D,0xC8,0x19,0x97,0x4A,0x0B, + 0x56,0x67,0x2F,0xC2,0x3E,0xB6,0xB3,0xC4,0x83,0x3A,0xF0,0x77,0x6D,0x74,0xC4,0x2E, + 0x23,0x51,0xEE,0x9A,0xA5,0x03,0x6F,0x60,0xF4,0xA5,0x48,0xA7,0x06,0xC2,0xBB,0x5A, + 0xE2,0x1F,0x1F,0x46,0x45,0x7E,0xE4,0x97,0xF5,0x27,0x10,0xB7,0x20,0x22,0x72,0x6F, + 0x72,0xDA,0xC6,0x50,0x75,0xC5,0x3D,0x25,0x8F,0x5D,0xA3,0x00,0xE9,0x9F,0x36,0x8C, + 0x48,0x39,0x8F,0xB3,0x3B,0xEA,0x90,0x80,0x2E,0x95,0x9A,0x60,0xF4,0x78,0xCE,0xF4, + 0x0E,0x0A,0x53,0x3E,0xA2,0xFA,0x4F,0xD8,0x1E,0xAE,0x84,0x95,0x8D,0x32,0xBC,0x56, + 0x4D,0x89,0xE9,0x78,0x18,0xE0,0xAC,0x9A,0x42,0xBA,0x7A,0x46,0x1B,0x84,0xA2,0x89, + 0xCE,0x14,0xE8,0x88,0xD1,0x58,0x8B,0xF6,0xAE,0x56,0xC4,0x2C,0x05,0x2A,0x45,0xAF, + 0x0B,0xD9,0x4B,0xA9,0x02,0x0F,0x34,0xAC,0x88,0xC7,0x61,0x55,0x89,0x44,0xC9,0x27, + 0x73,0x07,0xEE,0x82,0xE5,0x4E,0xF5,0x70, +}; + +/* subject:/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA */ +/* issuer :/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA */ +uint8_t _appleRoot[] ={ + 0x30,0x82,0x04,0xBB,0x30,0x82,0x03,0xA3,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x02, + 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30, + 0x62,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13, + 0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49, + 0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,0x70, + 0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F, + 0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x16,0x30,0x14,0x06, + 0x03,0x55,0x04,0x03,0x13,0x0D,0x41,0x70,0x70,0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74, + 0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x30,0x36,0x30,0x34,0x32,0x35,0x32,0x31,0x34, + 0x30,0x33,0x36,0x5A,0x17,0x0D,0x33,0x35,0x30,0x32,0x30,0x39,0x32,0x31,0x34,0x30, + 0x33,0x36,0x5A,0x30,0x62,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02, + 0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70, + 0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B, + 0x13,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, + 0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31, + 0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x03,0x13,0x0D,0x41,0x70,0x70,0x6C,0x65,0x20, + 0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A, + 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30, + 0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xE4,0x91,0xA9,0x09,0x1F,0x91,0xDB,0x1E, + 0x47,0x50,0xEB,0x05,0xED,0x5E,0x79,0x84,0x2D,0xEB,0x36,0xA2,0x57,0x4C,0x55,0xEC, + 0x8B,0x19,0x89,0xDE,0xF9,0x4B,0x6C,0xF5,0x07,0xAB,0x22,0x30,0x02,0xE8,0x18,0x3E, + 0xF8,0x50,0x09,0xD3,0x7F,0x41,0xA8,0x98,0xF9,0xD1,0xCA,0x66,0x9C,0x24,0x6B,0x11, + 0xD0,0xA3,0xBB,0xE4,0x1B,0x2A,0xC3,0x1F,0x95,0x9E,0x7A,0x0C,0xA4,0x47,0x8B,0x5B, + 0xD4,0x16,0x37,0x33,0xCB,0xC4,0x0F,0x4D,0xCE,0x14,0x69,0xD1,0xC9,0x19,0x72,0xF5, + 0x5D,0x0E,0xD5,0x7F,0x5F,0x9B,0xF2,0x25,0x03,0xBA,0x55,0x8F,0x4D,0x5D,0x0D,0xF1, + 0x64,0x35,0x23,0x15,0x4B,0x15,0x59,0x1D,0xB3,0x94,0xF7,0xF6,0x9C,0x9E,0xCF,0x50, + 0xBA,0xC1,0x58,0x50,0x67,0x8F,0x08,0xB4,0x20,0xF7,0xCB,0xAC,0x2C,0x20,0x6F,0x70, + 0xB6,0x3F,0x01,0x30,0x8C,0xB7,0x43,0xCF,0x0F,0x9D,0x3D,0xF3,0x2B,0x49,0x28,0x1A, + 0xC8,0xFE,0xCE,0xB5,0xB9,0x0E,0xD9,0x5E,0x1C,0xD6,0xCB,0x3D,0xB5,0x3A,0xAD,0xF4, + 0x0F,0x0E,0x00,0x92,0x0B,0xB1,0x21,0x16,0x2E,0x74,0xD5,0x3C,0x0D,0xDB,0x62,0x16, + 0xAB,0xA3,0x71,0x92,0x47,0x53,0x55,0xC1,0xAF,0x2F,0x41,0xB3,0xF8,0xFB,0xE3,0x70, + 0xCD,0xE6,0xA3,0x4C,0x45,0x7E,0x1F,0x4C,0x6B,0x50,0x96,0x41,0x89,0xC4,0x74,0x62, + 0x0B,0x10,0x83,0x41,0x87,0x33,0x8A,0x81,0xB1,0x30,0x58,0xEC,0x5A,0x04,0x32,0x8C, + 0x68,0xB3,0x8F,0x1D,0xDE,0x65,0x73,0xFF,0x67,0x5E,0x65,0xBC,0x49,0xD8,0x76,0x9F, + 0x33,0x14,0x65,0xA1,0x77,0x94,0xC9,0x2D,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01, + 0x7A,0x30,0x82,0x01,0x76,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04, + 0x04,0x03,0x02,0x01,0x06,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04, + 0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04, + 0x14,0x2B,0xD0,0x69,0x47,0x94,0x76,0x09,0xFE,0xF4,0x6B,0x8D,0x2E,0x40,0xA6,0xF7, + 0x47,0x4D,0x7F,0x08,0x5E,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16, + 0x80,0x14,0x2B,0xD0,0x69,0x47,0x94,0x76,0x09,0xFE,0xF4,0x6B,0x8D,0x2E,0x40,0xA6, + 0xF7,0x47,0x4D,0x7F,0x08,0x5E,0x30,0x82,0x01,0x11,0x06,0x03,0x55,0x1D,0x20,0x04, + 0x82,0x01,0x08,0x30,0x82,0x01,0x04,0x30,0x82,0x01,0x00,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x63,0x64,0x05,0x01,0x30,0x81,0xF2,0x30,0x2A,0x06,0x08,0x2B,0x06,0x01, + 0x05,0x05,0x07,0x02,0x01,0x16,0x1E,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77, + 0x77,0x77,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,0x70, + 0x6C,0x65,0x63,0x61,0x2F,0x30,0x81,0xC3,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x02,0x02,0x30,0x81,0xB6,0x1A,0x81,0xB3,0x52,0x65,0x6C,0x69,0x61,0x6E,0x63,0x65, + 0x20,0x6F,0x6E,0x20,0x74,0x68,0x69,0x73,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69, + 0x63,0x61,0x74,0x65,0x20,0x62,0x79,0x20,0x61,0x6E,0x79,0x20,0x70,0x61,0x72,0x74, + 0x79,0x20,0x61,0x73,0x73,0x75,0x6D,0x65,0x73,0x20,0x61,0x63,0x63,0x65,0x70,0x74, + 0x61,0x6E,0x63,0x65,0x20,0x6F,0x66,0x20,0x74,0x68,0x65,0x20,0x74,0x68,0x65,0x6E, + 0x20,0x61,0x70,0x70,0x6C,0x69,0x63,0x61,0x62,0x6C,0x65,0x20,0x73,0x74,0x61,0x6E, + 0x64,0x61,0x72,0x64,0x20,0x74,0x65,0x72,0x6D,0x73,0x20,0x61,0x6E,0x64,0x20,0x63, + 0x6F,0x6E,0x64,0x69,0x74,0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65, + 0x2C,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x70,0x6F, + 0x6C,0x69,0x63,0x79,0x20,0x61,0x6E,0x64,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69, + 0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x70,0x72,0x61,0x63,0x74,0x69,0x63,0x65,0x20, + 0x73,0x74,0x61,0x74,0x65,0x6D,0x65,0x6E,0x74,0x73,0x2E,0x30,0x0D,0x06,0x09,0x2A, + 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x5C, + 0x36,0x99,0x4C,0x2D,0x78,0xB7,0xED,0x8C,0x9B,0xDC,0xF3,0x77,0x9B,0xF2,0x76,0xD2, + 0x77,0x30,0x4F,0xC1,0x1F,0x85,0x83,0x85,0x1B,0x99,0x3D,0x47,0x37,0xF2,0xA9,0x9B, + 0x40,0x8E,0x2C,0xD4,0xB1,0x90,0x12,0xD8,0xBE,0xF4,0x73,0x9B,0xEE,0xD2,0x64,0x0F, + 0xCB,0x79,0x4F,0x34,0xD8,0xA2,0x3E,0xF9,0x78,0xFF,0x6B,0xC8,0x07,0xEC,0x7D,0x39, + 0x83,0x8B,0x53,0x20,0xD3,0x38,0xC4,0xB1,0xBF,0x9A,0x4F,0x0A,0x6B,0xFF,0x2B,0xFC, + 0x59,0xA7,0x05,0x09,0x7C,0x17,0x40,0x56,0x11,0x1E,0x74,0xD3,0xB7,0x8B,0x23,0x3B, + 0x47,0xA3,0xD5,0x6F,0x24,0xE2,0xEB,0xD1,0xB7,0x70,0xDF,0x0F,0x45,0xE1,0x27,0xCA, + 0xF1,0x6D,0x78,0xED,0xE7,0xB5,0x17,0x17,0xA8,0xDC,0x7E,0x22,0x35,0xCA,0x25,0xD5, + 0xD9,0x0F,0xD6,0x6B,0xD4,0xA2,0x24,0x23,0x11,0xF7,0xA1,0xAC,0x8F,0x73,0x81,0x60, + 0xC6,0x1B,0x5B,0x09,0x2F,0x92,0xB2,0xF8,0x44,0x48,0xF0,0x60,0x38,0x9E,0x15,0xF5, + 0x3D,0x26,0x67,0x20,0x8A,0x33,0x6A,0xF7,0x0D,0x82,0xCF,0xDE,0xEB,0xA3,0x2F,0xF9, + 0x53,0x6A,0x5B,0x64,0xC0,0x63,0x33,0x77,0xF7,0x3A,0x07,0x2C,0x56,0xEB,0xDA,0x0F, + 0x21,0x0E,0xDA,0xBA,0x73,0x19,0x4F,0xB5,0xD9,0x36,0x7F,0xC1,0x87,0x55,0xD9,0xA7, + 0x99,0xB9,0x32,0x42,0xFB,0xD8,0xD5,0x71,0x9E,0x7E,0xA1,0x52,0xB7,0x1B,0xBD,0x93, + 0x42,0x24,0x12,0x2A,0xC7,0x0F,0x1D,0xB6,0x4D,0x9C,0x5E,0x63,0xC8,0x4B,0x80,0x17, + 0x50,0xAA,0x8A,0xD5,0xDA,0xE4,0xFC,0xD0,0x09,0x07,0x37,0xB0,0x75,0x75,0x21, +}; + +uint8_t _devID_OCSPResponse[] = { + 0x30,0x82,0x09,0xcb,0x0a,0x01,0x00,0xa0,0x82,0x09,0xc4,0x30,0x82,0x09,0xc0,0x06,0x09,0x2b,0x06,0x01, + 0x05,0x05,0x07,0x30,0x01,0x01,0x04,0x82,0x09,0xb1,0x30,0x82,0x09,0xad,0x30,0x81,0xb2,0xa2,0x16,0x04, + 0x14,0xd5,0x02,0x45,0x68,0xa0,0x3d,0x2c,0x63,0x40,0x22,0x62,0xb7,0x9c,0x0e,0x85,0x69,0x74,0xb4,0x30, + 0xe8,0x18,0x0f,0x32,0x30,0x31,0x39,0x31,0x31,0x31,0x36,0x30,0x31,0x31,0x32,0x32,0x31,0x5a,0x30,0x81, + 0x86,0x30,0x81,0x83,0x30,0x41,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x05,0x00,0x04,0x14,0x33, + 0x81,0xd1,0xef,0xdb,0x68,0xb0,0x85,0x21,0x4d,0x2e,0xef,0xaf,0x8c,0x4a,0x69,0x64,0x3c,0x2a,0x6c,0x04, + 0x14,0x57,0x17,0xed,0xa2,0xcf,0xdc,0x7c,0x98,0xa1,0x10,0xe0,0xfc,0xbe,0x87,0x2d,0x2c,0xf2,0xe3,0x17, + 0x54,0x02,0x08,0x03,0xb5,0x01,0x60,0xcb,0x4d,0x00,0xde,0xa1,0x16,0x18,0x0f,0x32,0x30,0x31,0x37,0x30, + 0x36,0x31,0x36,0x30,0x34,0x35,0x34,0x30,0x30,0x5a,0xa0,0x03,0x0a,0x01,0x04,0x18,0x0f,0x32,0x30,0x31, + 0x39,0x31,0x31,0x31,0x36,0x30,0x31,0x31,0x32,0x32,0x31,0x5a,0xa0,0x11,0x18,0x0f,0x32,0x30,0x31,0x39, + 0x31,0x31,0x31,0x36,0x31,0x33,0x31,0x32,0x32,0x31,0x5a,0xa1,0x02,0x30,0x00,0x30,0x0d,0x06,0x09,0x2a, + 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x83,0x4f,0x47,0x06,0xe9, + 0x00,0x22,0xf6,0x8c,0xed,0xea,0x79,0xc3,0xa3,0xb5,0xcd,0x9d,0xbf,0x49,0xec,0xea,0x78,0xff,0xda,0xcd, + 0xa8,0xd0,0xdd,0xeb,0x0c,0x4d,0x6d,0x68,0x6a,0x98,0xb4,0xaf,0x6c,0x35,0x1b,0xcb,0x7e,0xf2,0x99,0x24, + 0x88,0x87,0xce,0x2b,0x6e,0xba,0x97,0xfe,0x01,0xc9,0x14,0x5e,0xac,0x69,0x9b,0xb8,0x99,0x6c,0x4b,0xe1, + 0x9e,0x6b,0xe3,0x3f,0xd7,0xf5,0xc7,0x9b,0x49,0x37,0x6a,0xa8,0x63,0x24,0x12,0x2d,0xd0,0xf8,0x2f,0xb3, + 0x59,0xe8,0x77,0xb0,0x2b,0x83,0x04,0x7f,0x77,0x38,0x72,0x13,0x1a,0xa1,0xfc,0x53,0x28,0x50,0xc1,0x21, + 0x9c,0xba,0xf0,0xd0,0xee,0xb2,0x13,0xd9,0x72,0xee,0x89,0xd6,0x78,0xdd,0x42,0x0b,0x62,0xf5,0x6c,0x8a, + 0xdd,0x11,0xf6,0x55,0x69,0x35,0xf9,0x9b,0x4c,0x36,0x39,0x37,0xf7,0xe5,0x4a,0x91,0x9a,0x8e,0x84,0x59, + 0x2a,0xbb,0x20,0xd3,0x1d,0xce,0x95,0x5c,0x77,0xd5,0x15,0x5a,0x1f,0x86,0xec,0xa9,0xaf,0xaa,0x34,0xda, + 0xa7,0xb7,0x7d,0xc1,0x61,0xb2,0x45,0xd9,0xc2,0x79,0x55,0x6c,0xe1,0xba,0xfd,0x47,0x44,0x27,0xc3,0x74, + 0xfd,0x1e,0xeb,0x90,0xb6,0xe6,0x49,0x0f,0x28,0xa8,0x88,0x8c,0xcb,0x4a,0x87,0xaa,0x05,0xf7,0x9b,0x05, + 0xe0,0xd2,0xca,0xb7,0x72,0x20,0x46,0x97,0xb5,0x37,0xd8,0x20,0x4d,0x3e,0x56,0x45,0x93,0xf1,0xe6,0x83, + 0x89,0xd6,0x3c,0x53,0x7c,0xea,0xcb,0xb1,0x3e,0x99,0x05,0x8e,0xa3,0x1a,0x98,0x88,0x95,0xe7,0x04,0xcc, + 0xb3,0x8f,0x57,0x0b,0x4a,0x67,0x2f,0xc2,0x93,0x52,0xe2,0xa0,0x82,0x07,0xe0,0x30,0x82,0x07,0xdc,0x30, + 0x82,0x03,0xd0,0x30,0x82,0x02,0xb8,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x6f,0x0d,0x6c,0x67,0x66,0x49, + 0x04,0xc5,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,0x79,0x31, + 0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x0c,0x24,0x44,0x65,0x76,0x65,0x6c,0x6f,0x70,0x65,0x72,0x20, + 0x49,0x44,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74, + 0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0b,0x0c,0x1d,0x41,0x70,0x70, + 0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74, + 0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70, + 0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, + 0x30,0x1e,0x17,0x0d,0x31,0x39,0x31,0x30,0x31,0x38,0x30,0x35,0x32,0x39,0x31,0x36,0x5a,0x17,0x0d,0x31, + 0x39,0x31,0x31,0x32,0x39,0x30,0x35,0x32,0x39,0x31,0x36,0x5a,0x30,0x4d,0x31,0x29,0x30,0x27,0x06,0x03, + 0x55,0x04,0x03,0x0c,0x20,0x44,0x65,0x76,0x65,0x6c,0x6f,0x70,0x65,0x72,0x20,0x49,0x44,0x20,0x4f,0x43, + 0x53,0x50,0x20,0x52,0x65,0x73,0x70,0x6f,0x6e,0x64,0x65,0x72,0x20,0x4e,0x4c,0x30,0x37,0x31,0x13,0x30, + 0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x0b, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a, + 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02, + 0x82,0x01,0x01,0x00,0xa0,0xb8,0xae,0xe4,0x5b,0xe6,0xdd,0x9e,0x87,0xd6,0x27,0x4b,0xbc,0x8e,0xcf,0x79, + 0x34,0x49,0xa5,0xea,0xf0,0x72,0x4d,0xdc,0xe7,0x5e,0x07,0xc2,0x0a,0xd0,0xd1,0xab,0x36,0xe1,0x37,0x91, + 0x9c,0x60,0xc0,0xd1,0xff,0x4a,0x84,0x13,0xec,0xf1,0x11,0x1b,0x3f,0xb9,0x94,0x83,0xe5,0x22,0x22,0xdf, + 0x31,0x79,0xf8,0x3f,0x41,0xc6,0xfe,0x76,0xb0,0x68,0xe1,0x6d,0xb8,0x2f,0xb0,0x62,0x64,0xef,0xf4,0x9b, + 0xcc,0xd1,0xea,0x8f,0xd4,0xdf,0x2e,0x8f,0xc1,0x8e,0xff,0x02,0x67,0xdb,0xc6,0xd8,0x12,0x42,0x87,0x34, + 0x37,0x6d,0xbd,0xdc,0x7c,0xb7,0xfe,0xd5,0x3e,0x7e,0x0a,0x7e,0x82,0x9d,0x07,0x87,0x28,0xf7,0x9b,0xbd, + 0x0f,0x27,0x9c,0xbf,0xfb,0x39,0xd9,0xd5,0x3c,0xf6,0x63,0xae,0xc8,0xe8,0x19,0x27,0x28,0xab,0x94,0xc5, + 0x15,0x53,0xad,0x61,0x77,0xb2,0x5d,0x85,0x1b,0x21,0x80,0x4a,0xae,0x48,0xdb,0x7d,0xd0,0x74,0xd4,0xde, + 0x84,0xa4,0x50,0xd4,0x69,0x04,0x3f,0xee,0x17,0x8b,0x69,0x21,0x9f,0xe4,0x0b,0x80,0x43,0xb6,0x92,0x8d, + 0x87,0x83,0xdd,0xa7,0x12,0x63,0x34,0x47,0xea,0xfb,0x6b,0x7b,0x47,0xfb,0x28,0x17,0x5c,0x4b,0x01,0x8f, + 0x56,0x5f,0x35,0xc1,0x00,0xef,0x92,0x57,0x81,0x4b,0x2e,0x62,0x61,0xe8,0x14,0x5a,0x6b,0x44,0xf7,0x43, + 0x7e,0x88,0x61,0xd2,0xf7,0xd0,0x4f,0x39,0x2f,0xdc,0xa2,0x21,0x28,0xd3,0x43,0x22,0xf1,0x7a,0xed,0x36, + 0x0c,0x4e,0xf5,0xfb,0x64,0x10,0x95,0xb9,0x2b,0x91,0xb9,0xec,0x20,0xda,0x92,0x5d,0xf9,0xf5,0x61,0x1d, + 0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0x87,0x30,0x81,0x84,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01, + 0xff,0x04,0x02,0x30,0x00,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x57,0x17, + 0xed,0xa2,0xcf,0xdc,0x7c,0x98,0xa1,0x10,0xe0,0xfc,0xbe,0x87,0x2d,0x2c,0xf2,0xe3,0x17,0x54,0x30,0x0f, + 0x06,0x09,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,0x04,0x02,0x05,0x00,0x30,0x13,0x06,0x03,0x55, + 0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x09,0x30,0x1d,0x06,0x03, + 0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0xd5,0x02,0x45,0x68,0xa0,0x3d,0x2c,0x63,0x40,0x22,0x62,0xb7,0x9c, + 0x0e,0x85,0x69,0x74,0xb4,0x30,0xe8,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03, + 0x02,0x07,0x80,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82, + 0x01,0x01,0x00,0x65,0x0c,0x41,0xf8,0xe1,0x16,0xb7,0xd7,0x61,0xe1,0x6a,0xaf,0x12,0x2e,0x70,0xef,0x0a, + 0x40,0xa4,0xd0,0xe2,0x91,0x70,0xbd,0xdb,0xda,0x65,0x62,0x8b,0x40,0x45,0x23,0xc9,0xe8,0xa4,0xd0,0x33, + 0xf7,0xd1,0xa5,0x80,0x4a,0x3a,0xc8,0x76,0x2d,0x20,0xfe,0x27,0x4b,0x30,0xdf,0xa4,0x00,0x35,0x3d,0x1c, + 0x80,0x7c,0xc5,0x09,0x89,0x47,0xd4,0x78,0x7d,0x14,0xdf,0xa1,0xef,0x16,0xad,0xb1,0xca,0xf4,0xf6,0x09, + 0xab,0xc4,0xdc,0x4d,0x72,0x69,0x87,0x9b,0x5b,0x82,0xbb,0xa7,0x68,0x5e,0xfd,0x80,0x29,0x68,0x2d,0xd5, + 0xa0,0x78,0x04,0x57,0x77,0xd0,0x69,0x57,0xfa,0x83,0xb9,0xf0,0x42,0x42,0x71,0xae,0xfe,0xff,0x0b,0xbd, + 0xd3,0xfb,0x3c,0x17,0x01,0x71,0xe2,0x5e,0x81,0xbe,0x72,0xe0,0x75,0xba,0x41,0x0d,0xf0,0x10,0x71,0x02, + 0x36,0xf3,0x26,0x4a,0x01,0x5c,0xa8,0x21,0xe0,0xb2,0x86,0x27,0x1b,0x5e,0xc1,0xb0,0xb0,0x4f,0xdc,0x77, + 0x89,0xe5,0x5c,0x15,0x9a,0x72,0x39,0xaf,0x57,0xe1,0x94,0x2c,0xa3,0x46,0x44,0xce,0x0d,0xe9,0xf1,0xe6, + 0xfa,0xd9,0x6f,0x1e,0x01,0x28,0x1a,0x0e,0x68,0xf4,0x6c,0xf3,0xbd,0x4a,0xf8,0x3a,0xdf,0x93,0x72,0x05, + 0x4f,0x88,0x4b,0x7e,0x13,0xb6,0x92,0xe3,0x28,0xd0,0x14,0x3c,0x13,0x28,0x6d,0x11,0x27,0x36,0xbc,0x73, + 0x27,0xab,0xfc,0x3f,0xb1,0x00,0xab,0x9b,0x35,0x7a,0x87,0x71,0x0e,0x54,0x03,0x68,0x02,0xb2,0xfc,0x8c, + 0x17,0xf3,0x73,0x7e,0xea,0x75,0x64,0x19,0x56,0x9c,0xac,0xb8,0xe6,0x50,0x7c,0x48,0x94,0xec,0x0e,0x30, + 0x82,0x04,0x04,0x30,0x82,0x02,0xec,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x18,0x7a,0xa9,0xa8,0xc2,0x96, + 0x21,0x0c,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,0x62,0x31, + 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, + 0x0a,0x13,0x0a,0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x26,0x30,0x24,0x06,0x03,0x55, + 0x04,0x0b,0x13,0x1d,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74, + 0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x16,0x30,0x14,0x06,0x03,0x55, + 0x04,0x03,0x13,0x0d,0x41,0x70,0x70,0x6c,0x65,0x20,0x52,0x6f,0x6f,0x74,0x20,0x43,0x41,0x30,0x1e,0x17, + 0x0d,0x31,0x32,0x30,0x32,0x30,0x31,0x32,0x32,0x31,0x32,0x31,0x35,0x5a,0x17,0x0d,0x32,0x37,0x30,0x32, + 0x30,0x31,0x32,0x32,0x31,0x32,0x31,0x35,0x5a,0x30,0x79,0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03, + 0x0c,0x24,0x44,0x65,0x76,0x65,0x6c,0x6f,0x70,0x65,0x72,0x20,0x49,0x44,0x20,0x43,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x26, + 0x30,0x24,0x06,0x03,0x55,0x04,0x0b,0x0c,0x1d,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x13, + 0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31, + 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09, + 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a, + 0x02,0x82,0x01,0x01,0x00,0x89,0x76,0x4f,0x06,0x5b,0x9a,0x41,0xee,0xa5,0x23,0x2b,0x02,0xa3,0x5f,0xd7, + 0x73,0x3f,0xc0,0x35,0xb0,0x8b,0x84,0x0a,0x3f,0x06,0x24,0x7f,0xa7,0x95,0x3f,0xeb,0x4f,0x0e,0x93,0xaf, + 0xb4,0x0e,0xd0,0xc8,0x3e,0xe5,0x6d,0x18,0xb3,0x1f,0xe8,0x89,0x47,0xbf,0xd7,0x09,0x08,0xe4,0xff,0x56, + 0x98,0x29,0x15,0xe7,0x94,0x9d,0xb9,0x35,0xa3,0x0a,0xcd,0xb4,0xc0,0xe1,0xe2,0x60,0xf4,0xca,0xec,0x29, + 0x78,0x45,0x69,0x69,0x60,0x6b,0x5f,0x8a,0x92,0xfc,0x9e,0x23,0xe6,0x3a,0xc2,0x22,0xb3,0x31,0x4f,0x1c, + 0xba,0xf2,0xb6,0x34,0x59,0x42,0xee,0xb0,0xa9,0x02,0x03,0x18,0x91,0x04,0xb6,0xb3,0x78,0x2e,0x33,0x1f, + 0x80,0x45,0x0d,0x45,0x6f,0xbb,0x0e,0x5a,0x5b,0x7f,0x3a,0xe7,0xd8,0x08,0xd7,0x0b,0x0e,0x32,0x6d,0xfb, + 0x86,0x36,0xe4,0x6c,0xab,0xc4,0x11,0x8a,0x70,0x84,0x26,0xaa,0x9f,0x44,0xd1,0xf1,0xb8,0xc6,0x7b,0x94, + 0x17,0x9b,0x48,0xf7,0x0b,0x58,0x16,0xba,0x23,0xc5,0x9f,0x15,0x39,0x7e,0xca,0x5d,0xc3,0x32,0x5f,0x0f, + 0xe0,0x52,0x7f,0x40,0xea,0xbe,0xac,0x08,0x64,0x95,0x5b,0xc9,0x1a,0x9c,0xe5,0x80,0xca,0x1f,0x6a,0x44, + 0x1c,0x6c,0x3e,0xc4,0xb0,0x26,0x1f,0x1d,0xec,0x7b,0xaf,0x5e,0xa0,0x6a,0x3d,0x47,0xa9,0x58,0x12,0x31, + 0x3f,0x20,0x76,0x28,0x6d,0x1d,0x1c,0xb0,0xc2,0x4e,0x11,0x69,0x26,0x8b,0xcb,0xd6,0xd0,0x11,0x82,0xc9, + 0x4e,0x0f,0xf1,0x56,0x74,0xd0,0xd9,0x08,0x4b,0x66,0x78,0xa2,0xab,0xac,0xa7,0xe2,0xd2,0x4c,0x87,0x59, + 0xc9,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xa6,0x30,0x81,0xa3,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04, + 0x16,0x04,0x14,0x57,0x17,0xed,0xa2,0xcf,0xdc,0x7c,0x98,0xa1,0x10,0xe0,0xfc,0xbe,0x87,0x2d,0x2c,0xf2, + 0xe3,0x17,0x54,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff, + 0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x2b,0xd0,0x69,0x47,0x94,0x76,0x09, + 0xfe,0xf4,0x6b,0x8d,0x2e,0x40,0xa6,0xf7,0x47,0x4d,0x7f,0x08,0x5e,0x30,0x2e,0x06,0x03,0x55,0x1d,0x1f, + 0x04,0x27,0x30,0x25,0x30,0x23,0xa0,0x21,0xa0,0x1f,0x86,0x1d,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x63, + 0x72,0x6c,0x2e,0x61,0x70,0x70,0x6c,0x65,0x2e,0x63,0x6f,0x6d,0x2f,0x72,0x6f,0x6f,0x74,0x2e,0x63,0x72, + 0x6c,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x10,0x06, + 0x0a,0x2a,0x86,0x48,0x86,0xf7,0x63,0x64,0x06,0x02,0x06,0x04,0x02,0x05,0x00,0x30,0x0d,0x06,0x09,0x2a, + 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x42,0x39,0x74,0x6b,0xa1, + 0xdc,0xc6,0xa4,0x8f,0x37,0x2a,0x8c,0xb3,0x1d,0x0a,0x44,0xbc,0x95,0x2c,0x7f,0xbc,0x59,0xb8,0xac,0x61, + 0xfb,0x07,0x90,0x92,0x32,0xb9,0xd4,0xbf,0x3b,0xc1,0x50,0x39,0x6a,0x44,0x74,0xa2,0xec,0x5b,0x1f,0x70, + 0xe5,0xaa,0xdd,0x4b,0x6c,0x1c,0x23,0x71,0x2d,0x5f,0xd1,0xc5,0x93,0xbe,0xee,0x9b,0x8a,0x70,0x65,0x82, + 0x9d,0x16,0xe3,0x1a,0x10,0x17,0x89,0x2d,0xa8,0xcd,0xfd,0x0c,0x78,0x58,0x49,0x0c,0x28,0x7f,0x33,0xee, + 0x00,0x7a,0x1b,0xb4,0x76,0xac,0xb6,0xb5,0xbb,0x4f,0xdf,0xa8,0x1b,0x9d,0xc8,0x19,0x97,0x4a,0x0b,0x56, + 0x67,0x2f,0xc2,0x3e,0xb6,0xb3,0xc4,0x83,0x3a,0xf0,0x77,0x6d,0x74,0xc4,0x2e,0x23,0x51,0xee,0x9a,0xa5, + 0x03,0x6f,0x60,0xf4,0xa5,0x48,0xa7,0x06,0xc2,0xbb,0x5a,0xe2,0x1f,0x1f,0x46,0x45,0x7e,0xe4,0x97,0xf5, + 0x27,0x10,0xb7,0x20,0x22,0x72,0x6f,0x72,0xda,0xc6,0x50,0x75,0xc5,0x3d,0x25,0x8f,0x5d,0xa3,0x00,0xe9, + 0x9f,0x36,0x8c,0x48,0x39,0x8f,0xb3,0x3b,0xea,0x90,0x80,0x2e,0x95,0x9a,0x60,0xf4,0x78,0xce,0xf4,0x0e, + 0x0a,0x53,0x3e,0xa2,0xfa,0x4f,0xd8,0x1e,0xae,0x84,0x95,0x8d,0x32,0xbc,0x56,0x4d,0x89,0xe9,0x78,0x18, + 0xe0,0xac,0x9a,0x42,0xba,0x7a,0x46,0x1b,0x84,0xa2,0x89,0xce,0x14,0xe8,0x88,0xd1,0x58,0x8b,0xf6,0xae, + 0x56,0xc4,0x2c,0x05,0x2a,0x45,0xaf,0x0b,0xd9,0x4b,0xa9,0x02,0x0f,0x34,0xac,0x88,0xc7,0x61,0x55,0x89, + 0x44,0xc9,0x27,0x73,0x07,0xee,0x82,0xe5,0x4e,0xf5,0x70 +}; + +#endif /* _TRUSTTESTS_REVOCATION_TESTS_H_ */ diff --git a/tests/TrustTests/EvaluationTests/TrustEvaluationTestCase.m b/tests/TrustTests/EvaluationTests/TrustEvaluationTestCase.m index 76dfe001..7e8378c0 100644 --- a/tests/TrustTests/EvaluationTests/TrustEvaluationTestCase.m +++ b/tests/TrustTests/EvaluationTests/TrustEvaluationTestCase.m @@ -23,6 +23,7 @@ */ #import #include "trust/trustd/trustd_spi.h" +#include "trust/trustd/SecRevocationDb.h" #include #include #include @@ -81,6 +82,10 @@ static char *home_var = NULL; error:&error]; } + /* Use the production Valid DB by default (so we'll have data to test against) */ + CFPreferencesSetAppValue(CFSTR("ValidUpdateServer"), kValidUpdateProdServer, kSecurityPreferencesDomain); + CFPreferencesAppSynchronize(kSecurityPreferencesDomain); + if (ok > 0) { /* Be trustd */ trustd_init((__bridge CFURLRef) tmpDirURL); diff --git a/tests/TrustTests/TestData/TestCopyProperties_ios-data/TestCopyProperties_ios.plist b/tests/TrustTests/TestData/TestCopyProperties_ios-data/TestCopyProperties_ios.plist index 7305d055..d110b1ce 100644 --- a/tests/TrustTests/TestData/TestCopyProperties_ios-data/TestCopyProperties_ios.plist +++ b/tests/TrustTests/TestData/TestCopyProperties_ios-data/TestCopyProperties_ios.plist @@ -154,11 +154,11 @@ Leaf googleapis Intermediates - GoogleInternetAuthorityG3 + GoogleTrustServicesCA101 Anchors GlobalSignRootCAR2 VerifyDate - 2018-04-14T19:00:00Z + 2019-11-14T20:00:00Z CertDirectory @@ -182,11 +182,11 @@ Leaf googleapis Intermediates - GoogleInternetAuthorityG3 + GoogleTrustServicesCA101 Anchors AppleRootCA VerifyDate - 2018-04-14T19:00:00Z + 2019-11-14T20:00:00Z ExpectedProperties @@ -219,11 +219,11 @@ Leaf googleapis Intermediates - GoogleInternetAuthorityG3 + GoogleTrustServicesCA101 Anchors AppleRootCA VerifyDate - 2018-04-14T19:00:00Z + 2019-11-14T20:00:00Z ExpectedProperties @@ -260,11 +260,11 @@ Leaf googleapis Intermediates - GoogleInternetAuthorityG3 + GoogleTrustServicesCA101 Anchors GlobalSignRootCAR2 VerifyDate - 2018-04-14T19:00:00Z + 2019-11-14T20:00:00Z ExpectedProperties @@ -295,11 +295,11 @@ Leaf googleapis Intermediates - GoogleInternetAuthorityG3 + GoogleTrustServicesCA101 Anchors GlobalSignRootCAR2 VerifyDate - 2019-04-14T19:00:00Z + 2018-11-14T20:00:00Z ExpectedProperties @@ -330,11 +330,11 @@ Leaf googleapis Intermediates - GoogleInternetAuthorityG3 + GoogleTrustServicesCA101 Anchors GlobalSignRootCAR2 VerifyDate - 2019-04-14T19:00:00Z + 2018-11-14T20:00:00Z ExpectedProperties @@ -368,7 +368,7 @@ Anchors GlobalSignRootCAR2 VerifyDate - 2018-04-14T19:00:00Z + 2019-11-14T20:00:00Z ExpectedProperties @@ -396,7 +396,7 @@ Anchors GlobalSignRootCAR2 VerifyDate - 2019-04-14T19:00:00Z + 2018-11-14T20:00:00Z ExpectedProperties diff --git a/tests/TrustTests/TrustEvaluationTestHelpers.h b/tests/TrustTests/TrustEvaluationTestHelpers.h index 7eabecd0..c02a959c 100644 --- a/tests/TrustTests/TrustEvaluationTestHelpers.h +++ b/tests/TrustTests/TrustEvaluationTestHelpers.h @@ -30,6 +30,8 @@ NS_ASSUME_NONNULL_BEGIN +int ping_host(char *host_name); + @interface TestTrustEvaluation : NSObject @property (assign, nonnull) SecTrustRef trust; @property NSString *fullTestName; diff --git a/tests/TrustTests/TrustEvaluationTestHelpers.m b/tests/TrustTests/TrustEvaluationTestHelpers.m index 9bf277a0..b62f9112 100644 --- a/tests/TrustTests/TrustEvaluationTestHelpers.m +++ b/tests/TrustTests/TrustEvaluationTestHelpers.m @@ -15,6 +15,14 @@ #include #include #include +#include +#include +#include +#include +#include +#include +#include +#include #include "TrustEvaluationTestHelpers.h" @@ -502,3 +510,43 @@ errOut: } @end + +int ping_host(char *host_name) +{ + struct sockaddr_in pin; + struct hostent *nlp_host; + struct in_addr addr; + int sd = 0; + int port = 80; + int retries = 5; // we try 5 times, then give up + char **h_addr_list = NULL; + + while ((nlp_host=gethostbyname(host_name)) == 0 && retries--) { + printf("Resolve Error! (%s) %d\n", host_name, h_errno); + sleep(1); + } + if (nlp_host == 0) { + return 0; + } + + bzero(&pin,sizeof(pin)); + pin.sin_family=AF_INET; + pin.sin_addr.s_addr=htonl(INADDR_ANY); + h_addr_list = malloc(nlp_host->h_length * sizeof(char *)); + memcpy(h_addr_list, nlp_host->h_addr_list, nlp_host->h_length * sizeof(char *)); + memcpy(&addr, h_addr_list[0], sizeof(struct in_addr)); + pin.sin_addr.s_addr=addr.s_addr; + pin.sin_port=htons(port); + + sd=socket(AF_INET,SOCK_STREAM,0); + + if (connect(sd,(struct sockaddr*)&pin,sizeof(pin)) == -1) { + printf("connect error! (%s) %d\n", host_name, errno); + close(sd); + free(h_addr_list); + return 0; + } + close(sd); + free(h_addr_list); + return 1; +} diff --git a/trust/trustd/SecOCSPCache.c b/trust/trustd/SecOCSPCache.c index c16d9e21..0363c6c3 100644 --- a/trust/trustd/SecOCSPCache.c +++ b/trust/trustd/SecOCSPCache.c @@ -42,16 +42,19 @@ #include "utilities/SecDb.h" #include "utilities/SecFileLocations.h" #include "utilities/iOSforOSX.h" +#include /* Note that lastUsed is actually time of insert because we don't refresh lastUsed on each SELECT. */ -#define flushSQL CFSTR("DELETE FROM responses") -#define expireSQL CFSTR("DELETE FROM responses WHERE expires? AND responseId=(SELECT responseId FROM ocsp WHERE " \ "issuerNameHash=? AND issuerPubKeyHash=? AND serialNum=? AND hashAlgorithm=?)" \ " ORDER BY expires DESC") +#define hasCertStatusSQL CFSTR("SELECT issuerNameHash FROM ocsp WHERE certStatus=0 LIMIT 1") +#define alterOCSPTableSQL CFSTR("ALTER TABLE ocsp ADD COLUMN certStatus INTEGER NOT NULL DEFAULT 255") /* CS_NotParsed */ #define kSecOCSPCacheFileName CFSTR("ocspcache.sqlite3") @@ -66,6 +71,38 @@ // MARK; - // MARK: SecOCSPCacheDb +static bool SecOCSPCacheDbUpdateTables(SecDbRef db) { + __block bool ok = true; + __block CFErrorRef localError = NULL; + + ok &= SecDbPerformWrite(db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &localError, ^(bool *commit) { + CFErrorRef readColumnError = NULL; + if (!SecDbWithSQL(dbconn, hasCertStatusSQL, &readColumnError, NULL) && CFErrorGetCode(readColumnError) == SQLITE_ERROR) { + ok &= SecDbWithSQL(dbconn, alterOCSPTableSQL, &localError, ^bool(sqlite3_stmt *stmt) { + ok = SecDbStep(dbconn, stmt, &localError, NULL); + return ok; + }); + *commit = ok; + } + CFReleaseSafe(readColumnError); + }); + }); + + if (!ok) { + secerror("OCSP table update failed: %@", localError); + CFIndex errCode = errSecInternalComponent; + if (localError) { + errCode = CFErrorGetCode(localError); + } + TrustdHealthAnalyticsLogErrorCodeForDatabase(TAOCSPCache, + TAOperationWrite, + TAFatalError, errCode); + } + CFReleaseSafe(localError); + return ok; +} + static SecDbRef SecOCSPCacheDbCreate(CFStringRef path) { return SecDbCreate(path, 0600, true, true, true, true, 1, ^bool (SecDbRef db, SecDbConnectionRef dbconn, bool didCreate, bool *callMeAgainForNextConnection, CFErrorRef *error) { @@ -81,7 +118,8 @@ static SecDbRef SecOCSPCacheDbCreate(CFStringRef path) { "issuerPubKeyHash BLOB NOT NULL," "serialNum BLOB NOT NULL," "hashAlgorithm BLOB NOT NULL," - "responseId INTEGER NOT NULL" + "responseId INTEGER NOT NULL," + "certStatus INTEGER NOT NULL DEFAULT 255" // CS_NotParsed ");" "CREATE INDEX iResponseId ON ocsp(responseId);" "CREATE INDEX iserialNum ON ocsp(serialNum);" @@ -124,14 +162,12 @@ struct __SecOCSPCache { SecDbRef db; }; -static dispatch_once_t kSecOCSPCacheOnce; -static SecOCSPCacheRef kSecOCSPCache = NULL; - static SecOCSPCacheRef SecOCSPCacheCreate(CFStringRef db_name) { SecOCSPCacheRef this; require(this = (SecOCSPCacheRef)malloc(sizeof(struct __SecOCSPCache)), errOut); require(this->db = SecOCSPCacheDbCreate(db_name), errOut); + require(SecOCSPCacheDbUpdateTables(this->db), errOut); return this; @@ -144,7 +180,7 @@ errOut: return NULL; } -static CFStringRef SecOCSPCacheCopyPath(void) { +CFStringRef SecOCSPCacheCopyPath(void) { CFStringRef ocspRelPath = kSecOCSPCacheFileName; #if TARGET_OS_IPHONE CFURLRef ocspURL = SecCopyURLForFileInKeychainDirectory(ocspRelPath); @@ -163,17 +199,55 @@ static CFStringRef SecOCSPCacheCopyPath(void) { return ocspPath; } +static SecOCSPCacheRef kSecOCSPCache = NULL; +static os_unfair_lock cacheLock = OS_UNFAIR_LOCK_INIT; + +void SecOCSPCacheCloseDB(void) { + os_unfair_lock_lock(&cacheLock); + if (kSecOCSPCache) { + // Release the DB + SecDbReleaseAllConnections(kSecOCSPCache->db); + CFReleaseSafe(kSecOCSPCache->db); + + // free the cache struct + free(kSecOCSPCache); + kSecOCSPCache = NULL; + } + os_unfair_lock_unlock(&cacheLock); +} + +void SecOCSPCacheDeleteCache(void) { + os_unfair_lock_lock(&cacheLock); + if (kSecOCSPCache) { + // Release the DB + SecDbReleaseAllConnections(kSecOCSPCache->db); + CFReleaseSafe(kSecOCSPCache->db); + + // free the cache struct + free(kSecOCSPCache); + kSecOCSPCache = NULL; + } + + // remove the file + CFStringRef path = SecOCSPCacheCopyPath(); + CFStringPerformWithCStringAndLength(path, ^(const char *utf8Str, size_t utf8Length) { + remove(utf8Str); + }); + CFReleaseSafe(path); + os_unfair_lock_unlock(&cacheLock); +} + static void SecOCSPCacheWith(void(^cacheJob)(SecOCSPCacheRef cache)) { - dispatch_once(&kSecOCSPCacheOnce, ^{ + os_unfair_lock_lock(&cacheLock); + if (!kSecOCSPCache) { CFStringRef dbPath = SecOCSPCacheCopyPath(); if (dbPath) { kSecOCSPCache = SecOCSPCacheCreate(dbPath); CFRelease(dbPath); } - }); - // Do pre job run work here (cancel idle timers etc.) + } cacheJob(kSecOCSPCache); - // Do post job run work here (gc timer, etc.) + os_unfair_lock_unlock(&cacheLock); } static bool _SecOCSPCacheExpireWithTransaction(SecDbConnectionRef dbconn, CFAbsoluteTime now, CFErrorRef *error) { @@ -259,6 +333,7 @@ static void _SecOCSPCacheReplaceResponse(SecOCSPCacheRef this, *responses; ++responses) { SecAsn1OCSPSingleResponse *resp = *responses; SecAsn1OCSPCertID *certId = &resp->certID; + SecAsn1OCSPCertStatusTag certStatus = (SecAsn1OCSPCertStatusTag)(resp->certStatus.Data[0] & SEC_ASN1_TAGNUM_MASK); ok &= SecDbBindBlob(insertLink, 1, certId->algId.algorithm.Data, certId->algId.algorithm.Length, @@ -276,6 +351,7 @@ static void _SecOCSPCacheReplaceResponse(SecOCSPCacheRef this, certId->serialNumber.Length, SQLITE_TRANSIENT, &localError); ok &= SecDbBindInt64(insertLink, 5, responseId, &localError); + ok &= SecDbBindInt(insertLink, 6, certStatus, &localError); /* Execute the insert statement. */ ok &= SecDbStep(dbconn, insertLink, &localError, NULL); @@ -328,42 +404,34 @@ static SecOCSPResponseRef _SecOCSPCacheCopyMatching(SecOCSPCacheRef this, CFDataRef issuerPubKeyHash = SecDigestCreate(kCFAllocatorDefault, &algorithm, NULL, publicKey->data, publicKey->length); - if (issuerNameHash && issuerPubKeyHash && ok) ok &= SecDbWithSQL(dbconn, selectResponseSQL, &localError, ^bool(sqlite3_stmt *selectResponse) { - /* Now we have the serial, algorithm, issuerNameHash and - issuerPubKeyHash so let's lookup the db entry. */ - ok &= SecDbBindDouble(selectResponse, 1, minInsertTime, &localError); - ok &= SecDbBindBlob(selectResponse, 2, CFDataGetBytePtr(issuerNameHash), - CFDataGetLength(issuerNameHash), SQLITE_TRANSIENT, &localError); - ok &= SecDbBindBlob(selectResponse, 3, CFDataGetBytePtr(issuerPubKeyHash), - CFDataGetLength(issuerPubKeyHash), SQLITE_TRANSIENT, &localError); - ok &= SecDbBindBlob(selectResponse, 4, CFDataGetBytePtr(serial), - CFDataGetLength(serial), SQLITE_TRANSIENT, &localError); - ok &= SecDbBindBlob(selectResponse, 5, algorithm.Data, - algorithm.Length, SQLITE_TRANSIENT, &localError); - ok &= SecDbStep(dbconn, selectResponse, &localError, ^(bool *stopResponse) { - /* Found an entry! */ - secdebug("ocspcache", "found cached response"); - CFDataRef resp = CFDataCreate(kCFAllocatorDefault, - sqlite3_column_blob(selectResponse, 0), - sqlite3_column_bytes(selectResponse, 0)); - sqlite3_int64 responseID = sqlite3_column_int64(selectResponse, 1); - if (resp) { - SecOCSPResponseRef new_response = SecOCSPResponseCreateWithID(resp, responseID); - if (response) { - if (SecOCSPResponseProducedAt(response) < SecOCSPResponseProducedAt(new_response)) { - SecOCSPResponseFinalize(response); - response = new_response; - } else { - SecOCSPResponseFinalize(new_response); - } - } else { - response = new_response; + if (issuerNameHash && issuerPubKeyHash && ok) { + ok &= SecDbWithSQL(dbconn, selectResponseSQL, &localError, ^bool(sqlite3_stmt *selectResponse) { + /* Now we have the serial, algorithm, issuerNameHash and + issuerPubKeyHash so let's lookup the db entry. */ + ok &= SecDbBindDouble(selectResponse, 1, minInsertTime, &localError); + ok &= SecDbBindBlob(selectResponse, 2, CFDataGetBytePtr(issuerNameHash), + CFDataGetLength(issuerNameHash), SQLITE_TRANSIENT, &localError); + ok &= SecDbBindBlob(selectResponse, 3, CFDataGetBytePtr(issuerPubKeyHash), + CFDataGetLength(issuerPubKeyHash), SQLITE_TRANSIENT, &localError); + ok &= SecDbBindBlob(selectResponse, 4, CFDataGetBytePtr(serial), + CFDataGetLength(serial), SQLITE_TRANSIENT, &localError); + ok &= SecDbBindBlob(selectResponse, 5, algorithm.Data, + algorithm.Length, SQLITE_TRANSIENT, &localError); + ok &= SecDbStep(dbconn, selectResponse, &localError, ^(bool *stopResponse) { + /* Found an entry! */ + secdebug("ocspcache", "found cached response"); + CFDataRef resp = CFDataCreate(kCFAllocatorDefault, + sqlite3_column_blob(selectResponse, 0), + sqlite3_column_bytes(selectResponse, 0)); + sqlite3_int64 responseID = sqlite3_column_int64(selectResponse, 1); + if (resp) { + response = SecOCSPResponseCreateWithID(resp, responseID); + CFRelease(resp); } - CFRelease(resp); - } + }); + return ok; }); - return ok; - }); + } CFReleaseSafe(issuerNameHash); CFReleaseSafe(issuerPubKeyHash); @@ -408,6 +476,22 @@ static bool _SecOCSPCacheFlush(SecOCSPCacheRef cache, CFErrorRef *error) { return ok; } +static bool _SecOCSPCacheDeleteContent(SecOCSPCacheRef cache, CFErrorRef *error) { + __block CFErrorRef localError = NULL; + __block bool ok = true; + + ok &= SecDbPerformWrite(cache->db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbExec(dbconn, deleteAllSQL, &localError); + }); + if (!ok || localError) { + TrustdHealthAnalyticsLogErrorCodeForDatabase(TAOCSPCache, TAOperationWrite, TAFatalError, + localError ? CFErrorGetCode(localError) : errSecInternalComponent); + } + (void) CFErrorPropagate(localError, error); + + return ok; +} + /* Public API */ @@ -443,3 +527,11 @@ bool SecOCSPCacheFlush(CFErrorRef *error) { }); return result; } + +bool SecOCSPCacheDeleteContent(CFErrorRef *error) { + __block bool result = false; + SecOCSPCacheWith(^(SecOCSPCacheRef cache) { + result = _SecOCSPCacheDeleteContent(cache, error); + }); + return result; +} diff --git a/trust/trustd/SecOCSPCache.h b/trust/trustd/SecOCSPCache.h index 6fef3f36..7537c1c9 100644 --- a/trust/trustd/SecOCSPCache.h +++ b/trust/trustd/SecOCSPCache.h @@ -37,7 +37,6 @@ __BEGIN_DECLS - void SecOCSPCacheReplaceResponse(SecOCSPResponseRef old_response, SecOCSPResponseRef response, CFURLRef localResponderURI, CFAbsoluteTime verifyTime); @@ -49,184 +48,12 @@ SecOCSPResponseRef SecOCSPCacheCopyMatchingWithMinInsertTime(SecOCSPRequestRef r bool SecOCSPCacheFlush(CFErrorRef *error); +/* for testing purposes only */ +bool SecOCSPCacheDeleteContent(CFErrorRef *error); +void SecOCSPCacheDeleteCache(void); +void SecOCSPCacheCloseDB(void); +CFStringRef SecOCSPCacheCopyPath(void); + __END_DECLS #endif /* _SECURITY_SECOCSPCACHE_H_ */ - -#if 0 -/* -Experation policy assumptions: -- We never check revocation status of anchors, whether they be system anchors, - passed in anchors or anchors hardcoded in a policy. -- Revocation information is cached for positive reponses for a limited time. -- Revocation information can be cached for negative reponses for an unlimited time. -- Revocation information need never be kept around after the certificate has expired (unless we still check after the cert has expired like we were talking about for EERI). -- Revocation information records that are used and still valid should be kept longer. -- We can set an upper limit in number of records (or certificates) in the cache. -- We can set an upper limit on total space consumed by the cache. -Questions: -- Remember bad server responses too? some ocsp responders required signed requests which we don't support, so we could consider caching the 6 (Not Authorized or something) response. - -Data needed per type of revocation record to implement this policy. - -Caching policy: -- Deleting cache should not be user option. -- Cache should surrvive backups. -- Negative caching as long as possible. - -CRL certificate stati: -unspecified, keyCompromise, cACompromise, -affiliationChanged, superseded, cessationOfOperation, -certificateHold, removeFromCRL, privilegeWithdrawn, -aACompromise, the special value UNREVOKED, or the special -value UNDETERMINED. This variable is initialized to the -special value UNREVOKED. - -CRL Timestamp values: -- thisUpdate -- nextUpdate (optional but not really 5280 says CAs must provide it even though ASN.1 is optional) -(no producedAt in CRLs, that's what thisUpdate is by definition it seems). - - -OCSP Timestamp values: - thisUpdate = May 1, 2005 01:00:00 GMT - nextUpdate = May 3, 2005 01:00:00 GMT (optional abscence means update available any time) - productedAt = May 1, 2005 01:00:00 GMT - -PER CERTIFICATE RETURN in INFO - -Revocation object used: OCSP Response, mapping from -reasons-> (CRL + most current delta CRL), Error Object (with status code). - -- good - -- revoked - -- unknown - -other exceptions (unsigned responses): - -- malformedRequest - -- internalError - -- tryLater - -- sigRequired - -- unauthorized (5019 The response "unauthorized" is returned in cases where the client - is not authorized to make this query to this server or the server - is not capable of responding authoritatively. (Expired certs might get this answer too)) - - -CRL signer chain rules: -1) Must use same anchor as cert itself. -This implies that we can only cache the validity of a leaf or intermediate certificate for CRL checking based on the mapping: -(certificate, path anchor, use_deltas) -> Revocation_status (unspecified, keyCompromise, cACompromise, -affiliationChanged, superseded, cessationOfOperation,certificateHold, removeFromCRL, privilegeWithdrawn,aACompromise, UNREVOKED, UNDETERMINED). - -OCSP signer chain rules: -(Wikipedia confirmed in rfc): The key that signs a response need not be the same key that signed the certificate. The certificate's issuer may delegate another authority to be the OCSP responder. In this case, the responder's certificate (the one that is used to sign the response) must be issued by the issuer of the certificate in question, and must include a certain extension that marks it as an OCSP signing authority (more precisely, an extended key usage extension with the OID {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) keyPurpose(3) ocspSigning(9)}) - -rfc text of the wikipedia: Therefore, a certificate's issuer MUST either sign the OCSP - responses itself or it MUST explicitly designate this authority to - another entity. OCSP signing delegation SHALL be designated by the - inclusion of id-kp-OCSPSigning in an extendedKeyUsage certificate - extension included in the OCSP response signer's certificate. This - certificate MUST be issued directly by the CA that issued the - certificate in question. - -rfc: If ocsp signing cert has id-pkix-ocsp-nocheck extension we don't check it's revocation status. - -(certificate, direct issuer certificate) -> Revocation_status good (UNREVOKED) revoked revocationTime, CRLReason (unspecified, keyCompromise, cACompromise,affiliationChanged, superseded, cessationOfOperation,certificateHold, removeFromCRL, privilegeWithdrawn,aACompromise) unknown (UNDETERMINED). - -ocsp CertID ::= SEQUENCE { - hashAlgorithm AlgorithmIdentifier, - issuerNameHash OCTET STRING, -- Hash of Issuer's DN - issuerKeyHash OCTET STRING, -- Hash of Issuers public key - serialNumber CertificateSerialNumber } -) - -In order to accomadate the responder using a different hashAlgorithm than we used in the request we need to recalc these from the cert itself. - -If all we have is a list of ocspresponses without knowing where they came from, we have to calculate the hashes of our issuerName and issuerKey for each hashAlgorithm we have cached ocsp responses for (optionally after limiting our candidates to those with matching serialNumbers first). - -SELECT from ocsp_cache hashAlgorithm WHERE serialNumber = - -for hix = 0 hix < hashAlgorithms.count - ALG(hix).id = hashAlgorithms(hix) - -SELECT from ocsp_cache response WHERE serialNumber = hashAlgorithm = ALG(hix).id issuerNameHash = ALG(hix).hash(issuer) issuerKeyHash = ALG(hix).hash(key) - - - - - - -Notes for Matt: -- ttl in amfi cache (to force recheck when ocsp response is invalid)? -- Periodic check before launch to remove in band waiting for ocsp response? - -Notes on Nonces in ocsp request and responses. Only ask for nonce if we think server supports it (no way to know today). Fall back on time based validity checking if reponse has no nonce, even if we asked for one - -Note on CRL checking and experation and retries of OCSP checking. -Clients MAY attempt to retrieve the CRL if no - OCSPResponse is received from the responder after a locally - configured timeout and number of retries.. - - - -CRL/OCSP cache design idea: - -revocation status table: - -rowid certhash issuer-rowid lastUsed thisUpdate producedAt nextUpdate revocationTime revocationStatus - -cacheAddOCSP(path, index_of_cert_resp_is_for, ocspResp) -cacheAddCRLStatus(path, index_of_cert_in_path, nextUpdate, revocationTime, revocationStatus) -(revocationTime, revocationStatus) = cacheLookupStatus(path, ix) - -Return a list of parent certificate hashes for the current leaf. If a result is returned, we have a candiate path leading up to an anchor, for which we already trust the signature in the chain and revocation information has been checked. - -CFArrayRef cacheSuggestParentsHashesFor(cert) - -for crl based status root must match root of path. For ocsp status issuer must match issuer of leaf in path - -presence in the cache means cert chain leading to an anchor is valid, and signed properly and trusted by the ocsp or crl policy, revocation status for cert is valid until the time indicated by nextUpdate. Cert chain itself may or may not be valid but that's checked by the policy engine. - -If a chain isn't properly signed or fails to satisfy the crl policy, it should not be in the cache. - -ocsp cache - -rowid ocspResponse (responder) lastUsed nextUpdate - -hashAlgorithm->(issuerNameHash,issuerKeyHash,serialNumber)->response - - -crl cache () - -crlDistributionPoint (reasons) crl thisUpdate nextUpdate isDelta - - -crlEntry cache table -(certHash anchorHash) crlIssuer revocationStatus revocationTime expires lastUsed -crlTable -(crlIssuer anchorHash distributionPointURL?) crl sigVerified expires -ocspEntry cache table -(certHash parentHash ocspReponderID) hashAlg revocationStatus revocationTime expires lastUsed -ocspTable -((hashAlg, pubKeyHash, issuerHash, serialNum) anchorHash) ocspResponse sigVerified expires - -or -cert cache table -(certHash parentHash anchorHash) crlEntryID ocspID - -crlEntry cache table -(crlEntryID anchorHash) crlIssuer revocationStatus revocationTime - -crlIssuerTable -(crlIssuer anchorHash) crl sigVerified - -ocsp table -(ocspID) ocspResponse - - -but so does caching the raw response as a link to a blob table containing crls -and ocsp-responses -But also cache the revocationStatus for a (cert,parent) or (cert,anchor) via -a link to a cached ocspResponse or revocationStatus and revocationTime entry from crl -*/ - -#endif diff --git a/trust/trustd/SecRevocationDb.c b/trust/trustd/SecRevocationDb.c index fb0028ca..5672e48f 100644 --- a/trust/trustd/SecRevocationDb.c +++ b/trust/trustd/SecRevocationDb.c @@ -938,6 +938,16 @@ static CFStringRef SecRevocationDbGetDefaultServer(void) { #endif } +static CF_RETURNS_RETAINED CFStringRef SecRevocationDbCopyServer(void) { + /* Prefer a in-process setting for the update server, as used in testing */ + CFTypeRef value = CFPreferencesCopyAppValue(kUpdateServerKey, kSecPrefsDomain); + if (!value) { + value = (CFStringRef)CFPreferencesCopyValue(kUpdateServerKey, kSecPrefsDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost); + } + CFStringRef server = (isString(value)) ? (CFStringRef)value : CFRetainSafe(SecRevocationDbGetDefaultServer()); + return server; +} + void SecRevocationDbInitialize() { if (!isDbOwner()) { return; } os_transaction_t transaction = os_transaction_create("com.apple.trustd.valid.initialize"); @@ -983,8 +993,7 @@ void SecRevocationDbInitialize() { } /* initialize database from local asset */ - CFTypeRef value = (CFStringRef)CFPreferencesCopyValue(kUpdateServerKey, kSecPrefsDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost); - CFStringRef server = (isString(value)) ? (CFStringRef)value : (CFStringRef)SecRevocationDbGetDefaultServer(); + CFStringRef server = SecRevocationDbCopyServer(); CFIndex version = 0; secnotice("validupdate", "initializing database"); if (!SecValidUpdateSatisfiedLocally(server, version, true)) { @@ -993,7 +1002,7 @@ void SecRevocationDbInitialize() { (void)SecValidUpdateRequest(SecRevocationDbGetUpdateQueue(), server, version); #endif } - CFReleaseSafe(value); + CFReleaseSafe(server); os_release(transaction); } @@ -1172,14 +1181,7 @@ static bool _SecRevocationDbCheckNextUpdate(void) { gNextUpdate = minNextUpdate; // determine which server to query - CFStringRef server; - value = (CFStringRef)CFPreferencesCopyValue(kUpdateServerKey, kSecPrefsDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost); - if (isString(value)) { - server = (CFStringRef) CFRetain(value); - } else { - server = (CFStringRef) CFRetain(SecRevocationDbGetDefaultServer()); - } - CFReleaseNull(value); + CFStringRef server = SecRevocationDbCopyServer(); // determine version of our current database CFIndex version = SecRevocationDbGetVersion(); -- 2.45.2