17377205 IPS should not use M2Crypto
authorYiteng Zhang <yiteng.zhang@oracle.com>
Wed Mar 09 11:27:23 2016 -0800 (2016-03-09)
changeset 332152e8eec3014c
parent 3320 f727edff50bd
child 3322 a0e75b0ba097
17377205 IPS should not use M2Crypto
22332625 test suite should test signing certs with unsupported extensions
16718631 pkg verify traceback "AttributeError: 'int' object has no attribute 'check__ca'"
.hgignore
src/Makefile
src/modules/actions/signature.py
src/modules/client/api_errors.py
src/modules/client/image.py
src/modules/client/publisher.py
src/modules/misc.py
src/modules/server/repository.py
src/pkg/external_deps.txt
src/pkg/manifests/developer:opensolaris:pkg5.p5m
src/pkg/manifests/package:pkg.p5m
src/sign.py
src/tests/certgenerator.py
src/tests/cli/t_pkg_temp_sources.py
src/tests/cli/t_pkgsign.py
src/tests/pkg5unittest.py
src/tests/ro_data/signing_certs/generate_certs.py
src/tests/ro_data/signing_certs/produced/chain_certs/01.pem
src/tests/ro_data/signing_certs/produced/chain_certs/02.pem
src/tests/ro_data/signing_certs/produced/chain_certs/03.pem
src/tests/ro_data/signing_certs/produced/chain_certs/04.pem
src/tests/ro_data/signing_certs/produced/chain_certs/05.pem
src/tests/ro_data/signing_certs/produced/chain_certs/08.pem
src/tests/ro_data/signing_certs/produced/chain_certs/0A.pem
src/tests/ro_data/signing_certs/produced/chain_certs/0C.pem
src/tests/ro_data/signing_certs/produced/chain_certs/0D.pem
src/tests/ro_data/signing_certs/produced/chain_certs/10.pem
src/tests/ro_data/signing_certs/produced/chain_certs/1A.pem
src/tests/ro_data/signing_certs/produced/chain_certs/1B.pem
src/tests/ro_data/signing_certs/produced/chain_certs/1C.pem
src/tests/ro_data/signing_certs/produced/chain_certs/1D.pem
src/tests/ro_data/signing_certs/produced/chain_certs/1E.pem
src/tests/ro_data/signing_certs/produced/chain_certs/1F.pem
src/tests/ro_data/signing_certs/produced/chain_certs/20.pem
src/tests/ro_data/signing_certs/produced/chain_certs/21.pem
src/tests/ro_data/signing_certs/produced/chain_certs/22.pem
src/tests/ro_data/signing_certs/produced/chain_certs/23.pem
src/tests/ro_data/signing_certs/produced/chain_certs/26.pem
src/tests/ro_data/signing_certs/produced/chain_certs/27.pem
src/tests/ro_data/signing_certs/produced/chain_certs/28.pem
src/tests/ro_data/signing_certs/produced/chain_certs/29.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch1.1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch1.1_ta4_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch1.2_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch1.3_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch1.4_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta4_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta5_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch2_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch3_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch4.3_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch4_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch5.1_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch5.2_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch5.3_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/chain_certs/ch5_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/06.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/07.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/09.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/0B.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/0E.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/0F.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/11.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/12.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/13.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/14.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/15.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/16.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/17.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/18.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/19.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/1A.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/1B.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/1C.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/1D.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/1E.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/1F.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/20.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/21.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/22.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/23.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/24.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/25.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/26.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/27.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/28.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/29.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/2A.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/2B.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/2C.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/2D.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/2E.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/2F.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/30.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.1_ta4_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.2_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.3_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.4_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1_ta4_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1_ta5_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5.1_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5.2_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5.3_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_cs8_ch1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta10_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta11_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta2_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta6_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta7_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta8_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta9_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs2_ch1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs2_ch1_ta4_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs2_ch5_ta1_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs3_ch1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs3_ch1_ta4_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs4_ch1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs5_ch1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs6_ch1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs7_ch1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs8_ch1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cs9_ch1_ta3_cert.pem
src/tests/ro_data/signing_certs/produced/code_signing_certs/cust_cert.pem
src/tests/ro_data/signing_certs/produced/combined_cas.pem
src/tests/ro_data/signing_certs/produced/crl/ch1.1_ta4_crl.pem
src/tests/ro_data/signing_certs/produced/crl/ch1_ta4_crl.pem
src/tests/ro_data/signing_certs/produced/crl/ch5_ta1_crl.pem
src/tests/ro_data/signing_certs/produced/crl/ta5_crl.pem
src/tests/ro_data/signing_certs/produced/index
src/tests/ro_data/signing_certs/produced/keys/ch1.1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch1.1_ta4_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch1.2_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch1.3_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch1.4_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch1_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch1_ta4_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch1_ta5_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch2_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch3_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch4.3_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch4_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch5.1_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch5.2_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch5.3_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/ch5_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.1_ta4_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.2_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.3_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.4_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch1_ta4_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch1_ta5_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch5.1_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch5.2_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch5.3_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ch5_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_cs8_ch1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ta10_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ta11_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ta2_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ta6_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ta7_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ta7_reqpass_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ta8_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs1_ta9_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs2_ch1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs2_ch1_ta4_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs2_ch5_ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs3_ch1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs3_ch1_ta4_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs4_ch1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs5_ch1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs6_ch1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs7_ch1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs8_ch1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cs9_ch1_ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/cust_key.pem
src/tests/ro_data/signing_certs/produced/keys/ta10_key.pem
src/tests/ro_data/signing_certs/produced/keys/ta11_key.pem
src/tests/ro_data/signing_certs/produced/keys/ta1_key.pem
src/tests/ro_data/signing_certs/produced/keys/ta2_key.pem
src/tests/ro_data/signing_certs/produced/keys/ta3_key.pem
src/tests/ro_data/signing_certs/produced/keys/ta4_key.pem
src/tests/ro_data/signing_certs/produced/keys/ta5_key.pem
src/tests/ro_data/signing_certs/produced/keys/ta6_key.pem
src/tests/ro_data/signing_certs/produced/keys/ta7_key.pem
src/tests/ro_data/signing_certs/produced/keys/ta8_key.pem
src/tests/ro_data/signing_certs/produced/keys/ta9_key.pem
src/tests/ro_data/signing_certs/produced/serial
src/tests/ro_data/signing_certs/produced/ta1/ta1_cert.pem
src/tests/ro_data/signing_certs/produced/ta10/ta10_cert.pem
src/tests/ro_data/signing_certs/produced/ta11/ta11_cert.pem
src/tests/ro_data/signing_certs/produced/ta2/ta2_cert.pem
src/tests/ro_data/signing_certs/produced/ta3/ta3_cert.pem
src/tests/ro_data/signing_certs/produced/ta4/ta4_cert.pem
src/tests/ro_data/signing_certs/produced/ta5/ta5_cert.pem
src/tests/ro_data/signing_certs/produced/ta6/ta6_cert.pem
src/tests/ro_data/signing_certs/produced/ta7/ta7_cert.pem
src/tests/ro_data/signing_certs/produced/ta8/ta8_cert.pem
src/tests/ro_data/signing_certs/produced/ta9/ta9_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/cust_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/ta10_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/ta11_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/ta1_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/ta2_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/ta3_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/ta4_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/ta5_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/ta6_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/ta7_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/ta8_cert.pem
src/tests/ro_data/signing_certs/produced/trust_anchors/ta9_cert.pem
src/tests/run.py
src/util/mkcert/Makefile
src/util/mkcert/mkcert.c
     1.1 --- a/.hgignore	Tue Mar 08 11:12:06 2016 -0800
     1.2 +++ b/.hgignore	Wed Mar 09 11:27:23 2016 -0800
     1.3 @@ -42,4 +42,5 @@
     1.4  ^src/zoneproxy/zoneproxy-adm/zoneproxy-adm$
     1.5  ^src/zoneproxy/zoneproxy-client/zoneproxy-client$
     1.6  ^src/zoneproxy/zoneproxyd/zoneproxyd$
     1.7 +^src/util/mkcert/certgen$
     1.8  ^webrev
     2.1 --- a/src/Makefile	Tue Mar 08 11:12:06 2016 -0800
     2.2 +++ b/src/Makefile	Wed Mar 09 11:27:23 2016 -0800
     2.3 @@ -20,7 +20,7 @@
     2.4  #
     2.5  
     2.6  #
     2.7 -# Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
     2.8 +# Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
     2.9  #
    2.10  
    2.11  PYTHON27 = /usr/bin/python2.7
    2.12 @@ -50,7 +50,7 @@
    2.13  
    2.14  PEP8 = /usr/bin/pep8
    2.15  
    2.16 -SUBDIRS=zoneproxy
    2.17 +SUBDIRS=zoneproxy util/mkcert
    2.18  
    2.19  all: $(SUBDIRS)
    2.20  	$(PYTHON27) setup.py build
     3.1 --- a/src/modules/actions/signature.py	Tue Mar 08 11:12:06 2016 -0800
     3.2 +++ b/src/modules/actions/signature.py	Wed Mar 09 11:27:23 2016 -0800
     3.3 @@ -21,19 +21,24 @@
     3.4  #
     3.5  
     3.6  #
     3.7 -# Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
     3.8 +# Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
     3.9  #
    3.10  
    3.11 +import hashlib
    3.12  import os
    3.13  import shutil
    3.14  import tempfile
    3.15  
    3.16 +from cryptography.exceptions import InvalidSignature
    3.17 +from cryptography.hazmat.backends import default_backend
    3.18 +from cryptography.hazmat.primitives import serialization, hashes
    3.19 +from cryptography.hazmat.primitives.asymmetric import padding
    3.20 +
    3.21  import generic
    3.22  import pkg.actions
    3.23  import pkg.client.api_errors as apx
    3.24  import pkg.digest as digest
    3.25  import pkg.misc as misc
    3.26 -import M2Crypto as m2
    3.27  
    3.28  valid_hash_algs = ("sha256", "sha384", "sha512")
    3.29  valid_sig_algs = ("rsa",)
    3.30 @@ -171,6 +176,14 @@
    3.31                          for attr in digest.DEFAULT_CHAIN_CHASH_ATTRS:
    3.32                                  self.attrs[attr] = " ".join(chain_chshes[attr])
    3.33  
    3.34 +        def __get_hash_by_name(self, name):
    3.35 +                """Get the cryptopgraphy Hash() class based on the OpenSSL
    3.36 +                algorithm name."""
    3.37 +
    3.38 +                for h in hashes.HashAlgorithm._abc_registry:
    3.39 +                        if h.name == name:
    3.40 +                                return h
    3.41 +
    3.42          def get_size(self):
    3.43                  res = generic.Action.get_size(self)
    3.44                  for s in self.attrs.get("chain.sizes", "").split():
    3.45 @@ -418,11 +431,10 @@
    3.46                  # of the actions, not a signed value.
    3.47                  if self.hash is None:
    3.48                          assert self.sig_alg is None
    3.49 -                        dgst = m2.EVP.MessageDigest(self.hash_alg)
    3.50 -                        res = dgst.update(self.actions_to_str(acts, ver))
    3.51 -                        assert res == 1, \
    3.52 -                            "Res was expected to be 1, but was {0}".format(res)
    3.53 -                        computed_hash = dgst.final()
    3.54 +                        h = hashlib.new(self.hash_alg)
    3.55 +                        h.update(misc.force_bytes(self.actions_to_str(
    3.56 +                            acts, ver)))
    3.57 +                        computed_hash = h.digest()
    3.58                          # The attrs value is stored in hex so that it's easy
    3.59                          # to read.
    3.60                          if misc.hex_to_binary(self.attrs["value"]) != \
    3.61 @@ -456,15 +468,19 @@
    3.62                          e.act = self
    3.63                          raise
    3.64                  # Check that the certificate verifies against this signature.
    3.65 -                pub_key = cert.get_pubkey(md=self.hash_alg)
    3.66 -                pub_key.verify_init()
    3.67 -                pub_key.verify_update(self.actions_to_str(acts, ver))
    3.68 -                res = pub_key.verify_final(
    3.69 -                    misc.hex_to_binary(self.attrs["value"]))
    3.70 -                if not res:
    3.71 +                pub_key = cert.public_key()
    3.72 +                hhash = self.__get_hash_by_name(self.hash_alg)
    3.73 +                verifier = pub_key.verifier(
    3.74 +                    misc.hex_to_binary(self.attrs["value"]), padding.PKCS1v15(),
    3.75 +                    hhash())
    3.76 +                verifier.update(self.actions_to_str(acts, ver))
    3.77 +                try:
    3.78 +                        verifier.verify()
    3.79 +                except InvalidSignature:
    3.80                          raise apx.UnverifiedSignature(self,
    3.81                              _("The signature value did not match the expected "
    3.82 -                            "value. Res: {0}").format(res))
    3.83 +                            "value."))
    3.84 +
    3.85                  return True
    3.86  
    3.87          def set_signature(self, acts, key_path=None, chain_paths=misc.EmptyI,
    3.88 @@ -495,13 +511,10 @@
    3.89                          # If no private key is set, then no certificate should
    3.90                          # have been given.
    3.91                          assert self.data is None
    3.92 -                        dgst = m2.EVP.MessageDigest(self.hash_alg)
    3.93 -                        res = dgst.update(self.actions_to_str(acts,
    3.94 -                            generic.Action.sig_version))
    3.95 -                        assert res == 1, \
    3.96 -                            "Res was expected to be 1, it was {0}".format(res)
    3.97 -                        self.attrs["value"] = \
    3.98 -                            misc.binary_to_hex(dgst.final())
    3.99 +                        h = hashlib.new(self.hash_alg)
   3.100 +                        h.update(misc.force_bytes(self.actions_to_str(acts,
   3.101 +                            generic.Action.sig_version)))
   3.102 +                        self.attrs["value"] = h.hexdigest()
   3.103                  else:
   3.104                          # If a private key is used, then the certificate it's
   3.105                          # paired with must be provided.
   3.106 @@ -509,20 +522,21 @@
   3.107                          self.__set_chain_certs_data(chain_paths, chash_dir)
   3.108  
   3.109                          try:
   3.110 -                                priv_key = m2.RSA.load_key(key_path)
   3.111 -                        except m2.RSA.RSAError:
   3.112 +                                with open(key_path, "rb") as f:
   3.113 +                                        priv_key = serialization.load_pem_private_key(
   3.114 +                                            f.read(), password=None,
   3.115 +                                            backend=default_backend())
   3.116 +                        except ValueError:
   3.117                                  raise apx.BadFileFormat(_("{0} was expected to "
   3.118                                      "be a RSA key but could not be read "
   3.119                                      "correctly.").format(key_path))
   3.120 -                        signer = m2.EVP.PKey(md=self.hash_alg)
   3.121 -                        signer.assign_rsa(priv_key, 1)
   3.122 -                        del priv_key
   3.123 -                        signer.sign_init()
   3.124 -                        signer.sign_update(self.actions_to_str(acts,
   3.125 -                            generic.Action.sig_version))
   3.126  
   3.127 +                        hhash = self.__get_hash_by_name(self.hash_alg)
   3.128 +                        signer = priv_key.signer(padding.PKCS1v15(), hhash())
   3.129 +                        signer.update(misc.force_bytes(self.actions_to_str(acts,
   3.130 +                            generic.Action.sig_version)))
   3.131                          self.attrs["value"] = \
   3.132 -                            misc.binary_to_hex(signer.sign_final())
   3.133 +                            misc.binary_to_hex(signer.finalize())
   3.134  
   3.135          def generate_indices(self):
   3.136                  """Generates the indices needed by the search dictionary.  See
     4.1 --- a/src/modules/client/api_errors.py	Tue Mar 08 11:12:06 2016 -0800
     4.2 +++ b/src/modules/client/api_errors.py	Wed Mar 09 11:27:23 2016 -0800
     4.3 @@ -21,7 +21,7 @@
     4.4  #
     4.5  
     4.6  #
     4.7 -# Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
     4.8 +# Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
     4.9  #
    4.10  
    4.11  import errno
    4.12 @@ -2299,8 +2299,10 @@
    4.13                          "\n".join([str(e) for e in self.ext_exs])
    4.14                  return _("The certificate which issued this "
    4.15                      "certificate: {subj} could not be found. The issuer "
    4.16 -                    "is: {issuer}\n").format(subj=self.cert.get_subject(),
    4.17 -                    issuer=self.cert.get_issuer()) + s + \
    4.18 +                    "is: {issuer}\n").format(subj="/".join("{0}={1}".format(
    4.19 +                    sub.oid._name, sub.value) for sub in self.cert.subject),
    4.20 +                    issuer="/".join("{0}={1}".format(i.oid._name, i.value)
    4.21 +                    for i in self.cert.issuer)) + s + "\n" + \
    4.22                      CertificateException.__str__(self)
    4.23  
    4.24  
    4.25 @@ -2314,7 +2316,8 @@
    4.26  
    4.27          def __str__(self):
    4.28                  return _("This certificate was revoked:{cert} for this "
    4.29 -                    "reason:\n{reason}").format(cert=self.cert.get_subject(),
    4.30 +                    "reason:\n{reason}\n").format(cert="/".join("{0}={1}".format(
    4.31 +                    s.oid._name, s.value) for s in self.cert.subject),
    4.32                      reason=self.reason) + CertificateException.__str__(self)
    4.33  
    4.34  
    4.35 @@ -2385,7 +2388,7 @@
    4.36  
    4.37  class UnsupportedCriticalExtension(SigningException):
    4.38          """Exception used when a certificate in the chain of trust uses a
    4.39 -        critical extension pkg5 doesn't understand."""
    4.40 +        critical extension pkg doesn't understand."""
    4.41  
    4.42          def __init__(self, cert, ext):
    4.43                  SigningException.__init__(self)
    4.44 @@ -2394,31 +2397,50 @@
    4.45  
    4.46          def __str__(self):
    4.47                  return _("The certificate whose subject is {cert} could not "
    4.48 -                    "be verified "
    4.49 -                    "because it uses a critical extension that pkg5 cannot "
    4.50 -                    "handle yet.\nExtension name:{name}\nExtension "
    4.51 -                    "value:{val}").format(cert=self.cert.get_subject(),
    4.52 -                    name=self.ext.get_name(), val=self.ext.get_value())
    4.53 +                    "be verified because it uses an unsupported critical "
    4.54 +                    "extension.\nExtension name: {name}\nExtension "
    4.55 +                    "value: {val}").format(cert="/".join("{0}={1}".format(
    4.56 +                    s.oid._name, s.value) for s in self.cert.subject),
    4.57 +                    name=self.ext.oid._name, val=self.ext.value)
    4.58  
    4.59  class UnsupportedExtensionValue(SigningException):
    4.60          """Exception used when a certificate in the chain of trust has an
    4.61 -        extension with a value pkg5 doesn't understand."""
    4.62 -
    4.63 -        def __init__(self, cert, ext, bad_val=None):
    4.64 +        extension with a value pkg doesn't understand."""
    4.65 +
    4.66 +        def __init__(self, cert, ext, val, bad_val=None):
    4.67                  SigningException.__init__(self)
    4.68                  self.cert = cert
    4.69                  self.ext = ext
    4.70 +                self.val = val
    4.71                  self.bad_val = bad_val
    4.72  
    4.73          def __str__(self):
    4.74                  s = _("The certificate whose subject is {cert} could not be "
    4.75                      "verified because it has an extension with a value that "
    4.76                      "pkg(5) does not understand."
    4.77 -                    "\nExtension name:{name}\nExtension value:{val}").format(
    4.78 -                    cert=self.cert.get_subject(),
    4.79 -                    name=self.ext.get_name(), val=self.ext.get_value())
    4.80 +                    "\nExtension name: {name}\nExtension value: {val}").format(
    4.81 +                    cert="/".join("{0}={1}".format(
    4.82 +                    s.oid._name, s.value) for s in self.cert.subject),
    4.83 +                    name=self.ext.oid._name, val=self.val)
    4.84                  if self.bad_val:
    4.85 -                        s += _("\nProblematic Value:{0}").format(self.bad_val)
    4.86 +                        s += _("\nProblematic value: {0}").format(self.bad_val)
    4.87 +                return s
    4.88 +
    4.89 +class InvalidCertificateExtensions(SigningException):
    4.90 +        """Exception used when a certificate in the chain of trust has
    4.91 +        invalid extensions."""
    4.92 +
    4.93 +        def __init__(self, cert, error):
    4.94 +                SigningException.__init__(self)
    4.95 +                self.cert = cert
    4.96 +                self.error = error
    4.97 +
    4.98 +        def __str__(self):
    4.99 +                s = _("The certificate whose subject is {cert} could not be "
   4.100 +                    "verified because it has invalid extensions:\n{error}"
   4.101 +                    ).format(cert="/".join("{0}={1}".format(
   4.102 +                    s.oid._name, s.value) for s in self.cert.subject),
   4.103 +                    error=self.error)
   4.104                  return s
   4.105  
   4.106  class InappropriateCertificateUse(SigningException):
   4.107 @@ -2427,20 +2449,22 @@
   4.108          supposed to be used to sign code being used to sign other certificates.
   4.109          """
   4.110  
   4.111 -        def __init__(self, cert, ext, use):
   4.112 +        def __init__(self, cert, ext, use, val):
   4.113                  SigningException.__init__(self)
   4.114                  self.cert = cert
   4.115                  self.ext = ext
   4.116                  self.use = use
   4.117 +                self.val = val
   4.118  
   4.119          def __str__(self):
   4.120                  return _("The certificate whose subject is {cert} could not "
   4.121                      "be verified because it has been used inappropriately.  "
   4.122                      "The way it is used means that the value for extension "
   4.123                      "{name} must include '{use}' but the value was "
   4.124 -                    "'{val}'.").format(cert=self.cert.get_subject(),
   4.125 -                    use=self.use, name=self.ext.get_name(),
   4.126 -                    val=self.ext.get_value())
   4.127 +                    "'{val}'.").format(cert="/".join("{0}={1}".format(
   4.128 +                    s.oid._name, s.value) for s in self.cert.subject),
   4.129 +                    use=self.use, name=self.ext.oid._name,
   4.130 +                    val=self.val)
   4.131  
   4.132  class PathlenTooShort(InappropriateCertificateUse):
   4.133          """Exception used when a certificate in the chain of trust has been used
   4.134 @@ -2461,7 +2485,8 @@
   4.135                      "certificate and the leaf certificate.  There are {al} "
   4.136                      "certificates between this certificate and the leaf in "
   4.137                      "this chain.").format(
   4.138 -                        cert=self.cert.get_subject(),
   4.139 +                        cert="/".join("{0}={1}".format(
   4.140 +                        s.oid._name, s.value) for s in self.cert.subject),
   4.141                          al=self.al,
   4.142                          cl=self.cl
   4.143                     )
     5.1 --- a/src/modules/client/image.py	Tue Mar 08 11:12:06 2016 -0800
     5.2 +++ b/src/modules/client/image.py	Wed Mar 09 11:27:23 2016 -0800
     5.3 @@ -24,7 +24,6 @@
     5.4  # Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
     5.5  #
     5.6  
     5.7 -import M2Crypto as m2
     5.8  import atexit
     5.9  import calendar
    5.10  import collections
    5.11 @@ -43,6 +42,8 @@
    5.12  import time
    5.13  
    5.14  from contextlib import contextmanager
    5.15 +from cryptography import x509
    5.16 +from cryptography.hazmat.backends import default_backend
    5.17  from six.moves.urllib.parse import quote, unquote
    5.18  
    5.19  import pkg.actions
    5.20 @@ -340,16 +341,19 @@
    5.21                                  if os.path.islink(pth):
    5.22                                          continue
    5.23                                  try:
    5.24 -                                        trusted_ca = m2.X509.load_cert(pth)
    5.25 -                                except m2.X509.X509Error as e:
    5.26 +                                        with open(pth, "rb") as f:
    5.27 +                                                raw = f.read()
    5.28 +                                        trusted_ca = \
    5.29 +                                            x509.load_pem_x509_certificate(
    5.30 +                                            raw, default_backend())
    5.31 +                                except (ValueError, IOError) as e:
    5.32                                          self.__bad_trust_anchors.append(
    5.33                                              (pth, str(e)))
    5.34                                  else:
    5.35 -                                        # M2Crypto's subject hash doesn't match
    5.36 -                                        # openssl's subject hash so recompute it
    5.37 -                                        # so all hashes are in the same
    5.38 -                                        # universe.
    5.39 -                                        s = trusted_ca.get_subject().as_hash()
    5.40 +                                        # We store certificates internally by
    5.41 +                                        # the SHA-1 hash of its subject.
    5.42 +                                        s = hashlib.sha1(misc.force_bytes(
    5.43 +                                            trusted_ca.subject)).hexdigest()
    5.44                                          self.__trust_anchors.setdefault(s, [])
    5.45                                          self.__trust_anchors[s].append(
    5.46                                              trusted_ca)
     6.1 --- a/src/modules/client/publisher.py	Tue Mar 08 11:12:06 2016 -0800
     6.2 +++ b/src/modules/client/publisher.py	Wed Mar 09 11:27:23 2016 -0800
     6.3 @@ -49,6 +49,10 @@
     6.4  import time
     6.5  import uuid
     6.6  
     6.7 +from cryptography import x509
     6.8 +from cryptography.hazmat.backends import default_backend
     6.9 +from cryptography.hazmat.primitives import serialization
    6.10 +from cryptography.hazmat.primitives.asymmetric import padding
    6.11  from six.moves.urllib.parse import quote, urlsplit, urlparse, urlunparse, \
    6.12      ParseResult
    6.13  from six.moves.urllib.request import url2pathname
    6.14 @@ -61,7 +65,6 @@
    6.15  import pkg.misc as misc
    6.16  import pkg.portable as portable
    6.17  import pkg.server.catalog as old_catalog
    6.18 -import M2Crypto as m2
    6.19  
    6.20  from pkg.client import global_settings
    6.21  from pkg.client.debugvalues import DebugValues
    6.22 @@ -101,24 +104,37 @@
    6.23      URI_SORT_PRIORITY: lambda obj: (obj.priority, obj.uri),
    6.24  }
    6.25  
    6.26 -# This dictionary records the recognized values of extensions.
    6.27 +# The strings in the value field refer to the boolean properties of the
    6.28 +# Cryptography extension classes. If a property has a value True set, it means
    6.29 +# this property is added as an extension value in the certificate generation,
    6.30 +# and vice versa.
    6.31 +EXTENSIONS_VALUES = {
    6.32 +    x509.BasicConstraints: ["ca", "path_length"],
    6.33 +    x509.KeyUsage: ["digital_signature", "content_commitment",
    6.34 +    "key_encipherment", "data_encipherment", "key_agreement", "key_cert_sign",
    6.35 +    "crl_sign", "encipher_only", "decipher_only"]
    6.36 +}
    6.37 +
    6.38 +# Only listed extension values (properties) here can have a value True set in a
    6.39 +# certificate extension; any other properties with a value True set will be
    6.40 +# treated as unsupported.
    6.41  SUPPORTED_EXTENSION_VALUES = {
    6.42 -    "basicConstraints": ("CA:TRUE", "CA:FALSE", "PATHLEN:"),
    6.43 -    "keyUsage": ("DIGITAL SIGNATURE", "CERTIFICATE SIGN", "CRL SIGN")
    6.44 +    x509.BasicConstraints: ("ca", "path_length"),
    6.45 +    x509.KeyUsage: ("digital_signature", "key_cert_sign", "crl_sign")
    6.46  }
    6.47  
    6.48  # These dictionaries map uses into their extensions.
    6.49  CODE_SIGNING_USE = {
    6.50 -    "keyUsage": ["DIGITAL SIGNATURE"]
    6.51 +    x509.KeyUsage: ["digital_signature"],
    6.52  }
    6.53  
    6.54  CERT_SIGNING_USE = {
    6.55 -    "basicConstraints": ["CA:TRUE"],
    6.56 -    "keyUsage": ["CERTIFICATE SIGN"]
    6.57 +    x509.BasicConstraints: ["ca"],
    6.58 +    x509.KeyUsage: ["key_cert_sign"],
    6.59  }
    6.60  
    6.61  CRL_SIGNING_USE = {
    6.62 -    "keyUsage": ["CRL SIGN"]
    6.63 +    x509.KeyUsage: ["crl_sign"],
    6.64  }
    6.65  
    6.66  POSSIBLE_USES = [CODE_SIGNING_USE, CERT_SIGNING_USE, CRL_SIGNING_USE]
    6.67 @@ -2444,15 +2460,17 @@
    6.68          def __hash_cert(c):
    6.69                  # In order to interoperate with older images, we must use SHA-1
    6.70                  # here.
    6.71 -                return hashlib.sha1(c.as_pem()).hexdigest()
    6.72 +                return hashlib.sha1(
    6.73 +                    c.public_bytes(serialization.Encoding.PEM)).hexdigest()
    6.74  
    6.75          @staticmethod
    6.76          def __string_to_cert(s, pkg_hash=None):
    6.77                  """Convert a string to a X509 cert."""
    6.78  
    6.79                  try:
    6.80 -                        return m2.X509.load_cert_string(s)
    6.81 -                except m2.X509.X509Error as e:
    6.82 +                        return x509.load_pem_x509_certificate(
    6.83 +                            misc.force_bytes(s), default_backend())
    6.84 +                except ValueError:
    6.85                          if pkg_hash is not None:
    6.86                                  raise api_errors.BadFileFormat(_("The file "
    6.87                                      "with hash {0} was expected to be a PEM "
    6.88 @@ -2473,14 +2491,20 @@
    6.89                  file_problem = False
    6.90                  try:
    6.91                          with open(pkg_hash_pth, "wb") as fh:
    6.92 -                                fh.write(cert.as_pem())
    6.93 +                                fh.write(cert.public_bytes(
    6.94 +                                    serialization.Encoding.PEM))
    6.95                  except EnvironmentError as e:
    6.96 +                        if e.errno == errno.EACCES:
    6.97 +                                raise api_errors.PermissionsException(
    6.98 +                                    e.filename)
    6.99                          file_problem = True
   6.100  
   6.101                  # Note that while we store certs by their subject hashes,
   6.102 -                # M2Crypto's subject hashes differ from what openssl reports
   6.103 -                # the subject hash to be.
   6.104 -                subj_hsh = cert.get_subject().as_hash()
   6.105 +                # we use our own hashing since cryptography has no interface
   6.106 +                # for the subject hash and other crypto frameworks have been
   6.107 +                # inconsistent with OpenSSL.
   6.108 +                subj_hsh = hashlib.sha1(misc.force_bytes(
   6.109 +                    cert.subject)).hexdigest()
   6.110                  c = 0
   6.111                  made_link = False
   6.112                  while not made_link:
   6.113 @@ -2544,21 +2568,59 @@
   6.114                                      pth)
   6.115                  return c
   6.116  
   6.117 +        def __rebuild_subj_root(self):
   6.118 +                """Rebuild subject hash metadata."""
   6.119 +
   6.120 +                # clean up the old subject hash files to prevent
   6.121 +                # junk files residing in the directory
   6.122 +                try:
   6.123 +                        shutil.rmtree(self.__subj_root)
   6.124 +                except EnvironmentError:
   6.125 +                        # if unprivileged user, we can't add
   6.126 +                        # certs to it
   6.127 +                        pass
   6.128 +                else:
   6.129 +                        for p in os.listdir(self.cert_root):
   6.130 +                                path = os.path.join(self.cert_root, p)
   6.131 +                                if not os.path.isfile(path):
   6.132 +                                        continue
   6.133 +                                with open(path, "rb") as fh:
   6.134 +                                        s = fh.read()
   6.135 +                                cert = self.__string_to_cert(s)
   6.136 +                                self.__add_cert(cert)
   6.137 +
   6.138          def __get_certs_by_name(self, name):
   6.139 -                """Given 'name', a M2Crypto X509_Name, return the certs with
   6.140 -                that name as a subject."""
   6.141 +                """Given 'name', a Cryptograhy 'Name' object, return the certs
   6.142 +                with that name as a subject."""
   6.143  
   6.144                  res = []
   6.145 -                c = 0
   6.146 -                name_hsh = name.as_hash()
   6.147 +                count = 0
   6.148 +                name_hsh = hashlib.sha1(misc.force_bytes(name)).hexdigest()
   6.149 +
   6.150 +                def load_cert(pth):
   6.151 +                        with open(pth, "rb") as f:
   6.152 +                                return x509.load_pem_x509_certificate(
   6.153 +                                    f.read(), default_backend())
   6.154 +
   6.155                  try:
   6.156                          while True:
   6.157                                  pth = os.path.join(self.__subj_root,
   6.158 -                                    "{0}.{1}".format(name_hsh, c))
   6.159 -                                cert = m2.X509.load_cert(pth)
   6.160 -                                res.append(cert)
   6.161 -                                c += 1
   6.162 +                                    "{0}.{1}".format(name_hsh, count))
   6.163 +                                res.append(load_cert(pth))
   6.164 +                                count += 1
   6.165                  except EnvironmentError as e:
   6.166 +                        # When switching to a different hash algorithm, the hash
   6.167 +                        # name of file changes so that we couldn't find the
   6.168 +                        # file. We try harder to rebuild the subject's metadata
   6.169 +                        # if it's the first time we fail (count == 0).
   6.170 +                        if count == 0 and e.errno == errno.ENOENT:
   6.171 +                                self.__rebuild_subj_root()
   6.172 +                                try:
   6.173 +                                        res.append(load_cert(pth))
   6.174 +                                except EnvironmentError as e:
   6.175 +                                        if e.errno != errno.ENOENT:
   6.176 +                                                raise
   6.177 +
   6.178                          t = api_errors._convert_error(e,
   6.179                              [errno.ENOENT])
   6.180                          if t:
   6.181 @@ -2578,7 +2640,8 @@
   6.182                  # have or have not been approved.
   6.183                  for h in set(self.approved_ca_certs):
   6.184                          c = self.get_cert_by_hash(h, verify_hash=True)
   6.185 -                        s = c.get_subject().as_hash()
   6.186 +                        s = hashlib.sha1(misc.force_bytes(
   6.187 +                            c.subject)).hexdigest()
   6.188                          self.ca_dict.setdefault(s, [])
   6.189                          self.ca_dict[s].append(c)
   6.190                  return self.ca_dict
   6.191 @@ -2652,13 +2715,16 @@
   6.192                  """CRLs seem to frequently come in DER format, so try reading
   6.193                  the CRL using both of the formats before giving up."""
   6.194  
   6.195 +                with open(pth, "rb") as f:
   6.196 +                        raw = f.read()
   6.197 +
   6.198                  try:
   6.199 -                        return m2.X509.load_crl(pth)
   6.200 -                except m2.X509.X509Error:
   6.201 +                        return x509.load_pem_x509_crl(raw, default_backend())
   6.202 +                except ValueError:
   6.203                          try:
   6.204 -                                return m2.X509.load_crl(pth,
   6.205 -                                    format=m2.X509.FORMAT_DER)
   6.206 -                        except m2.X509.X509Error:
   6.207 +                                return x509.load_der_x509_crl(raw,
   6.208 +                                    default_backend())
   6.209 +                        except ValueError:
   6.210                                  raise api_errors.BadFileFormat(_("The CRL file "
   6.211                                      "{0} is not in a recognized "
   6.212                                      "format.").format(pth))
   6.213 @@ -2703,14 +2769,9 @@
   6.214                          except EnvironmentError:
   6.215                                  pass
   6.216                          else:
   6.217 -                                nu = crl.get_next_update().get_datetime()
   6.218 -                                # get_datetime is supposed to return a UTC time,
   6.219 -                                # so assert that's the case.
   6.220 -                                assert nu.tzinfo.utcoffset(nu) == \
   6.221 -                                    dt.timedelta(0)
   6.222 -                                # Add timezone info to cur_time so that cur_time
   6.223 -                                # and nu can be compared.
   6.224 -                                cur_time = dt.datetime.now(nu.tzinfo)
   6.225 +                                nu = crl.next_update
   6.226 +                                cur_time = dt.datetime.utcnow()
   6.227 +
   6.228                                  if cur_time < nu:
   6.229                                          self.__tmp_crls[uri] = crl
   6.230                                          return crl
   6.231 @@ -2765,23 +2826,41 @@
   6.232                                  pass
   6.233                  return ncrl
   6.234  
   6.235 -        def __check_crls(self, cert, ca_dict):
   6.236 -                """Determines whether the certificate has been revoked by its
   6.237 -                CRL.
   6.238 +
   6.239 +        def __verify_x509_signature(self, c, key):
   6.240 +                """Verify the signature of a certificate or CRL 'c' against a
   6.241 +                provided public key 'key'."""
   6.242 +
   6.243 +                verifier = key.verifier(
   6.244 +                    c.signature, padding.PKCS1v15(),
   6.245 +                    c.signature_hash_algorithm)
   6.246 +
   6.247 +                if isinstance(c, x509.Certificate):
   6.248 +                        data = c.tbs_certificate_bytes
   6.249 +                elif isinstance(c, x509.CertificateRevocationList):
   6.250 +                        data = c.tbs_certlist_bytes
   6.251 +                else:
   6.252 +                        raise AssertionError("Invalid x509 object for "
   6.253 +                            "signature verification: {0}".format(type(c)))
   6.254 +
   6.255 +                verifier.update(data)
   6.256 +                try:
   6.257 +                        verifier.verify()
   6.258 +                        return True
   6.259 +                except Exception:
   6.260 +                        return False
   6.261 +
   6.262 +        def __check_crl(self, cert, ca_dict, crl_uri):
   6.263 +                """Determines whether the certificate has been revoked by the
   6.264 +                CRL located at 'crl_uri'.
   6.265  
   6.266                  The 'cert' parameter is the certificate to check for revocation.
   6.267  
   6.268                  The 'ca_dict' is a dictionary which maps subject hashes to
   6.269                  certs treated as trust anchors."""
   6.270  
   6.271 -                # If the certificate doesn't have a CRL location listed, treat
   6.272 -                # it as valid.
   6.273 -                try:
   6.274 -                        ext = cert.get_ext("crlDistributionPoints")
   6.275 -                except LookupError as e:
   6.276 -                        return True
   6.277 -                uri = ext.get_value()
   6.278 -                crl = self.__get_crl(uri)
   6.279 +                crl = self.__get_crl(crl_uri)
   6.280 +
   6.281                  # If we couldn't retrieve a CRL from the distribution point
   6.282                  # and no CRL is cached on disk, assume the cert has not been
   6.283                  # revoked.  It's possible that this should be an image or
   6.284 @@ -2792,11 +2871,13 @@
   6.285                  # A CRL has been found, now it needs to be validated like
   6.286                  # a certificate is.
   6.287                  verified_crl = False
   6.288 -                crl_issuer = crl.get_issuer()
   6.289 -                tas = ca_dict.get(crl_issuer.as_hash(), [])
   6.290 +                crl_issuer = crl.issuer
   6.291 +                tas = ca_dict.get(hashlib.sha1(misc.force_bytes(
   6.292 +                    crl_issuer)).hexdigest(), [])
   6.293                  for t in tas:
   6.294                          try:
   6.295 -                                if crl.verify(t.get_pubkey()):
   6.296 +                                if self.__verify_x509_signature(crl,
   6.297 +                                    t.public_key()):
   6.298                                          # If t isn't approved for signing crls,
   6.299                                          # the exception __check_extensions
   6.300                                          # raises will take the code to the
   6.301 @@ -2809,7 +2890,8 @@
   6.302                  if not verified_crl:
   6.303                          crl_cas = self.__get_certs_by_name(crl_issuer)
   6.304                          for c in crl_cas:
   6.305 -                                if crl.verify(c.get_pubkey()):
   6.306 +                                if self.__verify_x509_signature(crl,
   6.307 +                                    c.public_key()):
   6.308                                          try:
   6.309                                                  self.verify_chain(c, ca_dict, 0,
   6.310                                                      True,
   6.311 @@ -2821,11 +2903,69 @@
   6.312                                                  break
   6.313                  if not verified_crl:
   6.314                          return True
   6.315 +
   6.316                  # For a certificate to be revoked, its CRL must be validated
   6.317                  # and revoked the certificate.
   6.318 -                rev = crl.is_revoked(cert)
   6.319 -                if rev:
   6.320 -                        raise api_errors.RevokedCertificate(cert, rev[1])
   6.321 +
   6.322 +                assert crl.issuer == cert.issuer
   6.323 +                for rev in crl:
   6.324 +                        if rev.serial_number != cert.serial:
   6.325 +                                continue
   6.326 +                        try:
   6.327 +                                reason = rev.extensions.get_extension_for_oid(
   6.328 +                                    x509.OID_CRL_REASON).value
   6.329 +                        except x509.ExtensionNotFound:
   6.330 +                                reason = None
   6.331 +                        raise api_errors.RevokedCertificate(cert, reason)
   6.332 +
   6.333 +        def __check_crls(self, cert, ca_dict):
   6.334 +                """Determines whether the certificate has been revoked by one of
   6.335 +                its CRLs.
   6.336 +
   6.337 +                The 'cert' parameter is the certificate to check for revocation.
   6.338 +
   6.339 +                The 'ca_dict' is a dictionary which maps subject hashes to
   6.340 +                certs treated as trust anchors."""
   6.341 +
   6.342 +                # If the certificate doesn't have a CRL location listed, treat
   6.343 +                # it as valid.
   6.344 +
   6.345 +                # The CRLs to be retrieved are stored in the
   6.346 +                # CRLDistributionPoints extensions which is structured like
   6.347 +                # this:
   6.348 +                #
   6.349 +                # CRLDitsributionPoints = [
   6.350 +                #     CRLDistributionPoint = [
   6.351 +                #         union  {
   6.352 +                #             full_name     = [ GeneralName, ... ]
   6.353 +                #             relative_name = [ GeneralName, ... ]
   6.354 +                #         }, ... ]
   6.355 +                #     , ... ]
   6.356 +                # 
   6.357 +                # Relative names are a feature in X509 certs which allow to
   6.358 +                # specify a location relative to another certificate. We are not
   6.359 +                # supporting this and I'm not sure anybody is using this for
   6.360 +                # CRLs.
   6.361 +                # Full names are absolute locations but can be in different
   6.362 +                # formats (refer to RFC5280) but in general only the URI type is
   6.363 +                # used for CRLs. So this is the only thing we support here.
   6.364 +
   6.365 +                try:
   6.366 +                        dps = cert.extensions.get_extension_for_oid(
   6.367 +                            x509.oid.ExtensionOID.CRL_DISTRIBUTION_POINTS).value
   6.368 +                except x509.ExtensionNotFound:
   6.369 +                        return
   6.370 +
   6.371 +                for dp in dps:
   6.372 +                        if not dp.full_name:
   6.373 +                                # we don't support relative names
   6.374 +                                continue
   6.375 +                        for uri in dp.full_name:
   6.376 +                                if not isinstance(uri,
   6.377 +                                    x509.UniformResourceIdentifier):
   6.378 +                                        # we only support URIs
   6.379 +                                        continue
   6.380 +                                self.__check_crl(cert, ca_dict, str(uri.value))
   6.381  
   6.382          def __check_revocation(self, cert, ca_dict, use_crls):
   6.383                  hsh = self.__hash_cert(cert)
   6.384 @@ -2839,51 +2979,67 @@
   6.385                  """Check whether the critical extensions in this certificate
   6.386                  are supported and allow the provided use(s)."""
   6.387  
   6.388 +                try:
   6.389 +                        exts = cert.extensions
   6.390 +                except (ValueError, x509.UnsupportedExtension) as e:
   6.391 +                        raise api_errors.InvalidCertificateExtensions(
   6.392 +                            cert, e)
   6.393 +
   6.394                  def check_values(vs):
   6.395                          for v in vs:
   6.396                                  if v in supported_vs:
   6.397                                          continue
   6.398 -                                if v.startswith("PATHLEN:") and \
   6.399 -                                    "PATHLEN:" in supported_vs:
   6.400 -                                        try:
   6.401 -                                                cert_pathlen = int(v[len("PATHLEN:"):])
   6.402 -                                        except ValueError as e:
   6.403 -                                                raise api_errors.UnsupportedExtensionValue(cert, ext, v)
   6.404 -                                        if cur_pathlen > cert_pathlen:
   6.405 -                                                raise api_errors.PathlenTooShort(cert, cur_pathlen, cert_pathlen)
   6.406 -                                        continue
   6.407 +                                # If there is only one extension value, it must
   6.408 +                                # be the problematic one. Otherwise, we also
   6.409 +                                # output the first unsupported value as the
   6.410 +                                # problematic value following extension value.
   6.411                                  if len(vs) < 2:
   6.412 -                                        raise api_errors.UnsupportedExtensionValue(cert, ext)
   6.413 -                                else:
   6.414 -                                        raise api_errors.UnsupportedExtensionValue(cert, ext, v)
   6.415 -
   6.416 -
   6.417 -                for i in range(0, cert.get_ext_count()):
   6.418 -                        ext = cert.get_ext_at(i)
   6.419 -                        name = ext.get_name()
   6.420 -                        if name == "UNDEF":
   6.421 -                                continue
   6.422 -                        v = ext.get_value().upper()
   6.423 -                        # Check whether the extension name is recognized.
   6.424 -                        if name in SUPPORTED_EXTENSION_VALUES:
   6.425 -                                supported_vs = \
   6.426 -                                    SUPPORTED_EXTENSION_VALUES[name]
   6.427 -                                vs = [s.strip() for s in v.split(",")]
   6.428 +                                        raise api_errors.UnsupportedExtensionValue(
   6.429 +                                            cert, ext, ", ".join(vs))
   6.430 +                                raise api_errors.UnsupportedExtensionValue(
   6.431 +                                    cert, ext, ", ".join(vs), v)
   6.432 +
   6.433 +                for ext in exts:
   6.434 +                        etype = type(ext.value)
   6.435 +                        if etype in SUPPORTED_EXTENSION_VALUES:
   6.436 +                                supported_vs = SUPPORTED_EXTENSION_VALUES[etype]
   6.437 +                                keys = EXTENSIONS_VALUES[etype]
   6.438 +                                if etype == x509.BasicConstraints:
   6.439 +                                        pathlen = ext.value.path_length
   6.440 +                                        if pathlen is not None and \
   6.441 +                                            cur_pathlen > pathlen:
   6.442 +                                                raise api_errors.PathlenTooShort(cert,
   6.443 +                                                    cur_pathlen, pathlen)
   6.444 +                                elif etype == x509.KeyUsage:
   6.445 +                                        keys = list(EXTENSIONS_VALUES[etype])
   6.446 +                                        if not getattr(ext.value,
   6.447 +                                            "key_agreement"):
   6.448 +                                                # Cryptography error:
   6.449 +                                                # encipher_only/decipher_only is
   6.450 +                                                # undefined unless key_agreement
   6.451 +                                                # is true
   6.452 +                                                keys.remove("encipher_only")
   6.453 +                                                keys.remove("decipher_only")
   6.454 +                                vs = [
   6.455 +                                    key
   6.456 +                                    for key in keys
   6.457 +                                    if getattr(ext.value, key)
   6.458 +                                ]
   6.459                                  # Check whether the values for the extension are
   6.460                                  # recognized.
   6.461                                  check_values(vs)
   6.462 -                                uses = usages.get(name, [])
   6.463 -                                if isinstance(uses, six.string_types):
   6.464 -                                        uses = [uses]
   6.465                                  # For each use, check to see whether it's
   6.466                                  # permitted by the certificate's extension
   6.467                                  # values.
   6.468 -                                for u in uses:
   6.469 +                                if etype not in usages:
   6.470 +                                        continue
   6.471 +                                for u in usages[etype]:
   6.472                                          if u not in vs:
   6.473 -                                                raise api_errors.InappropriateCertificateUse(cert, ext, u)
   6.474 +                                                raise api_errors.InappropriateCertificateUse(
   6.475 +                                                    cert, ext, u, ", ".join(vs))
   6.476                          # If the extension name is unrecognized and critical,
   6.477                          # then the chain cannot be verified.
   6.478 -                        elif ext.get_critical():
   6.479 +                        elif ext.critical:
   6.480                                  raise api_errors.UnsupportedCriticalExtension(
   6.481                                      cert, ext)
   6.482  
   6.483 @@ -2930,10 +3086,10 @@
   6.484  
   6.485                  def discard_names(cert, required_names):
   6.486                          for cert_cn in [
   6.487 -                            str(c.get_data())
   6.488 +                            str(c.value)
   6.489                              for c
   6.490 -                            in cert.get_subject().get_entries_by_nid(
   6.491 -                                m2.X509.X509_Name.nid["CN"])
   6.492 +                            in cert.subject.get_attributes_for_oid(
   6.493 +                                x509.oid.NameOID.COMMON_NAME)
   6.494                          ]:
   6.495                                  required_names.discard(cert_cn)
   6.496  
   6.497 @@ -2954,13 +3110,15 @@
   6.498                          discard_names(cert, required_names)
   6.499  
   6.500                          # Find the certificate that issued this certificate.
   6.501 -                        issuer = cert.get_issuer()
   6.502 -                        issuer_hash = issuer.as_hash()
   6.503 +                        issuer = cert.issuer
   6.504 +                        issuer_hash = hashlib.sha1(misc.force_bytes(
   6.505 +                            issuer)).hexdigest()
   6.506  
   6.507                          # See whether this certificate was issued by any of the
   6.508                          # given trust anchors.
   6.509                          for c in ca_dict.get(issuer_hash, []):
   6.510 -                                if cert.verify(c.get_pubkey()):
   6.511 +                                if self.__verify_x509_signature(cert,
   6.512 +                                    c.public_key()):
   6.513                                          verified = True
   6.514                                          # Remove any required names found in the
   6.515                                          # trust anchor.
   6.516 @@ -2976,7 +3134,8 @@
   6.517                          # identical and the certificate hasn't been verified
   6.518                          # then this is an untrusted self-signed cert and should
   6.519                          # be rejected.
   6.520 -                        if cert.get_subject().as_hash() == issuer_hash:
   6.521 +                        if hashlib.sha1(misc.force_bytes(
   6.522 +                            cert.subject)).hexdigest() == issuer_hash:
   6.523                                  if not verified:
   6.524                                          raise \
   6.525                                              api_errors.UntrustedSelfSignedCert(
   6.526 @@ -3002,8 +3161,9 @@
   6.527                                          # next link in the chain.  check_ca
   6.528                                          # checks both the basicConstraints
   6.529                                          # extension and the keyUsage extension.
   6.530 -                                        if c.check_ca() and \
   6.531 -                                            cert.verify(c.get_pubkey()):
   6.532 +                                        if misc.check_ca(c) and \
   6.533 +                                            self.__verify_x509_signature(cert,
   6.534 +                                            c.public_key()):
   6.535                                                  problem = False
   6.536                                                  # Check whether this certificate
   6.537                                                  # has a critical extension we
     7.1 --- a/src/modules/misc.py	Tue Mar 08 11:12:06 2016 -0800
     7.2 +++ b/src/modules/misc.py	Wed Mar 09 11:27:23 2016 -0800
     7.3 @@ -2964,3 +2964,23 @@
     7.4          # 'path' as relative to 'root', that is, 'root' will be prepended to
     7.5          # 'path', so we need to call os.path.relpath here.
     7.6          return os.fdopen(ar_open(root, os.path.relpath(path, root), flag, mode))
     7.7 +
     7.8 +
     7.9 +def check_ca(cert):
    7.10 +        """Check if 'cert' is a proper CA. For this the BasicConstraints need to
    7.11 +        identify it as a CA cert and it needs to have the CertSign
    7.12 +        (key_cert_sign in Cryptography) KeyUsage flag. Based loosely on
    7.13 +        OpenSSL's check_ca()"""
    7.14 +
    7.15 +        from cryptography import x509
    7.16 +
    7.17 +        bconst_ca = None
    7.18 +        kuse_sign = None
    7.19 +
    7.20 +        for e in cert.extensions:
    7.21 +                if isinstance(e.value, x509.BasicConstraints):
    7.22 +                        bconst_ca = e.value.ca
    7.23 +                elif isinstance(e.value, x509.KeyUsage):
    7.24 +                        kuse_sign = e.value.key_cert_sign
    7.25 +
    7.26 +        return kuse_sign is not False and bconst_ca
     8.1 --- a/src/modules/server/repository.py	Tue Mar 08 11:12:06 2016 -0800
     8.2 +++ b/src/modules/server/repository.py	Wed Mar 09 11:27:23 2016 -0800
     8.3 @@ -19,12 +19,13 @@
     8.4  #
     8.5  # CDDL HEADER END
     8.6  #
     8.7 -# Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
     8.8 +# Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
     8.9  
    8.10  import cStringIO
    8.11  import codecs
    8.12  import datetime
    8.13  import errno
    8.14 +import hashlib
    8.15  import logging
    8.16  import os
    8.17  import os.path
    8.18 @@ -34,8 +35,9 @@
    8.19  import sys
    8.20  import tempfile
    8.21  import zlib
    8.22 -import M2Crypto as m2
    8.23 -
    8.24 +
    8.25 +from cryptography import x509
    8.26 +from cryptography.hazmat.backends import default_backend
    8.27  from six.moves.urllib.parse import unquote
    8.28  
    8.29  import pkg.actions as actions
    8.30 @@ -2439,11 +2441,16 @@
    8.31                          pth = os.path.join(trust_anchor_dir, fn)
    8.32                          if os.path.islink(pth):
    8.33                                  continue
    8.34 -                        trusted_ca = m2.X509.load_cert(pth)
    8.35 -                        # M2Crypto's subject hash doesn't match
    8.36 -                        # openssl's subject hash so recompute it so all
    8.37 -                        # hashes are in the same universe.
    8.38 -                        s = trusted_ca.get_subject().as_hash()
    8.39 +                        with open(pth, "rb") as f:
    8.40 +                                trusted_ca = x509.load_pem_x509_certificate(
    8.41 +                                    f.read(), default_backend())
    8.42 +
    8.43 +                        # Note that while we store certs by their subject
    8.44 +                        # hashes, we use our own hashing since cryptography has
    8.45 +                        # no interface for the subject hash and other crypto
    8.46 +                        # frameworks have been inconsistent with OpenSSL.
    8.47 +                        s = hashlib.sha1(misc.force_bytes(
    8.48 +                            trusted_ca.subject)).hexdigest()
    8.49                          trust_anchors.setdefault(s, [])
    8.50                          trust_anchors[s].append(trusted_ca)
    8.51  
     9.1 --- a/src/pkg/external_deps.txt	Tue Mar 08 11:12:06 2016 -0800
     9.2 +++ b/src/pkg/external_deps.txt	Wed Mar 09 11:27:23 2016 -0800
     9.3 @@ -10,11 +10,11 @@
     9.4      pkg:/developer/versioning/mercurial
     9.5      pkg:/library/python/cffi-27
     9.6      pkg:/library/python/cherrypy-27
     9.7 +    pkg:/library/python/cryptography-27
     9.8      pkg:/library/python/coverage-27
     9.9      pkg:/library/python/jsonrpclib-27
    9.10      pkg:/library/python/jsonschema-27
    9.11      pkg:/library/python/locale-services
    9.12 -    pkg:/library/python/m2crypto-27
    9.13      pkg:/library/python/mako-27
    9.14      pkg:/library/python/pep8
    9.15      pkg:/library/python/ply-27
    10.1 --- a/src/pkg/manifests/developer:opensolaris:pkg5.p5m	Tue Mar 08 11:12:06 2016 -0800
    10.2 +++ b/src/pkg/manifests/developer:opensolaris:pkg5.p5m	Wed Mar 09 11:27:23 2016 -0800
    10.3 @@ -18,7 +18,7 @@
    10.4  #
    10.5  # CDDL HEADER END
    10.6  #
    10.7 -# Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
    10.8 +# Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
    10.9  #
   10.10  
   10.11  set name=pkg.fmri value=pkg:/developer/opensolaris/pkg5@$(PKGVERS)
   10.12 @@ -36,8 +36,9 @@
   10.13  depend type=require fmri=pkg:/developer/gnome/gnome-doc-utils
   10.14  depend type=require fmri=pkg:/developer/python/pylint
   10.15  depend type=require fmri=pkg:/developer/versioning/mercurial
   10.16 -depend type=require fmri=pkg:/library/python/cffi-27@1.1.2
   10.17 +depend type=require fmri=pkg:/library/python/cffi-27@1.4.2
   10.18  depend type=require fmri=pkg:/library/python/coverage-27
   10.19 +depend type=require fmri=pkg:/library/python/cryptography-27
   10.20  depend type=require fmri=pkg:/library/python/jsonrpclib-27
   10.21  depend type=require fmri=pkg:/library/python/jsonschema-27
   10.22  depend type=require fmri=pkg:/library/python/locale-services
    11.1 --- a/src/pkg/manifests/package:pkg.p5m	Tue Mar 08 11:12:06 2016 -0800
    11.2 +++ b/src/pkg/manifests/package:pkg.p5m	Wed Mar 09 11:27:23 2016 -0800
    11.3 @@ -18,7 +18,7 @@
    11.4  #
    11.5  # CDDL HEADER END
    11.6  #
    11.7 -# Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
    11.8 +# Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
    11.9  #
   11.10  
   11.11  set name=pkg.fmri value=pkg:/package/pkg@$(PKGVERS)
   11.12 @@ -487,4 +487,4 @@
   11.13      variant.opensolaris.zone=nonglobal
   11.14  depend type=require fmri=crypto/ca-certificates
   11.15  # CFFI import is done in C code, so it isn't picked up by pkgdepend
   11.16 -depend type=require fmri=library/python/cffi-27@1.1.2
   11.17 +depend type=require fmri=library/python/cffi-27@1.4.2
    12.1 --- a/src/sign.py	Tue Mar 08 11:12:06 2016 -0800
    12.2 +++ b/src/sign.py	Wed Mar 09 11:27:23 2016 -0800
    12.3 @@ -21,7 +21,7 @@
    12.4  #
    12.5  
    12.6  #
    12.7 -# Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
    12.8 +# Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
    12.9  #
   12.10  
   12.11  import getopt
   12.12 @@ -33,6 +33,10 @@
   12.13  import sys
   12.14  import tempfile
   12.15  import traceback
   12.16 +
   12.17 +from cryptography import x509
   12.18 +from cryptography.hazmat.backends import default_backend
   12.19 +from cryptography.hazmat.primitives import serialization
   12.20  from imp import reload
   12.21  
   12.22  import pkg
   12.23 @@ -47,7 +51,6 @@
   12.24  from pkg.client import global_settings
   12.25  from pkg.client.debugvalues import DebugValues
   12.26  from pkg.misc import emsg, msg, PipeError
   12.27 -import M2Crypto as m2
   12.28  
   12.29  PKG_CLIENT_NAME = "pkgsign"
   12.30  
   12.31 @@ -107,14 +110,16 @@
   12.32  
   12.33  def __make_tmp_cert(d, pth):
   12.34          try:
   12.35 -                cert = m2.X509.load_cert(pth)
   12.36 -        except m2.X509.X509Error as e:
   12.37 +                with open(pth, "rb") as f:
   12.38 +                        cert = x509.load_pem_x509_certificate(f.read(),
   12.39 +                            default_backend())
   12.40 +        except (ValueError, IOError) as e:
   12.41                  raise api_errors.BadFileFormat(_("The file {0} was expected to "
   12.42                      "be a PEM certificate but it could not be read.").format(
   12.43                      pth))
   12.44          fd, fp = tempfile.mkstemp(dir=d)
   12.45          with os.fdopen(fd, "wb") as fh:
   12.46 -                fh.write(cert.as_pem())
   12.47 +                fh.write(cert.public_bytes(serialization.Encoding.PEM))
   12.48          return fp
   12.49  
   12.50  def main_func():
    13.1 --- a/src/tests/certgenerator.py	Tue Mar 08 11:12:06 2016 -0800
    13.2 +++ b/src/tests/certgenerator.py	Wed Mar 09 11:27:23 2016 -0800
    13.3 @@ -21,7 +21,7 @@
    13.4  #
    13.5  
    13.6  #
    13.7 -# Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
    13.8 +# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
    13.9  #
   13.10  
   13.11  import os
   13.12 @@ -435,14 +435,24 @@
   13.13  # Used to test a recognized non-critical extension with an unrecognized value.
   13.14  
   13.15  basicConstraints = critical,CA:FALSE
   13.16 -keyUsage = encipherOnly
   13.17 +keyUsage = keyAgreement
   13.18  
   13.19  [ issuer_ext_bad_val ]
   13.20  
   13.21  # Used to test a recognized critical extension with an unrecognized value.
   13.22 +# keyAgreement needs to be set because otherwise Cryptography complains that
   13.23 +# encipherOnly requires keyAgreement.
   13.24  
   13.25  basicConstraints = critical,CA:FALSE
   13.26 -keyUsage = critical, encipherOnly
   13.27 +keyUsage = critical, encipherOnly, keyAgreement
   13.28 +
   13.29 +[ invalid_ext ]
   13.30 +
   13.31 +# Used to test an invalid extension. Cryptography complains that enciperOnly
   13.32 +# requires keyAgreement, so this is an invalid extension.
   13.33 +
   13.34 +basicConstraints = critical,CA:FALSE
   13.35 +keyUsage = encipherOnly
   13.36  
   13.37  [ crl_ext ]
   13.38  
    14.1 --- a/src/tests/cli/t_pkg_temp_sources.py	Tue Mar 08 11:12:06 2016 -0800
    14.2 +++ b/src/tests/cli/t_pkg_temp_sources.py	Wed Mar 09 11:27:23 2016 -0800
    14.3 @@ -21,7 +21,7 @@
    14.4  #
    14.5  
    14.6  #
    14.7 -# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
    14.8 +# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
    14.9  #
   14.10  
   14.11  import testutils
   14.12 @@ -519,7 +519,7 @@
   14.13         Version: 1.0
   14.14          Branch: None
   14.15  Packaging Date: {signed10_pkg_date}
   14.16 -          Size: 7.81 kB
   14.17 +          Size: 10.05 kB
   14.18            FMRI: {signed10_pkg_fmri}
   14.19  """.format(**{"foo10_pkg_date": pd(self.foo10), "foo10_pkg_fmri": \
   14.20          self.foo10.get_fmri(include_build=False),
    15.1 --- a/src/tests/cli/t_pkgsign.py	Tue Mar 08 11:12:06 2016 -0800
    15.2 +++ b/src/tests/cli/t_pkgsign.py	Wed Mar 09 11:27:23 2016 -0800
    15.3 @@ -21,7 +21,7 @@
    15.4  #
    15.5  
    15.6  #
    15.7 -# Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
    15.8 +# Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
    15.9  #
   15.10  
   15.11  import testutils
   15.12 @@ -36,6 +36,10 @@
   15.13  import tempfile
   15.14  import unittest
   15.15  
   15.16 +from cryptography import x509
   15.17 +from cryptography.hazmat.backends import default_backend
   15.18 +from cryptography.hazmat.primitives import serialization
   15.19 +
   15.20  import pkg.actions as action
   15.21  import pkg.actions.signature as signature
   15.22  import pkg.client.api_errors as apx
   15.23 @@ -44,7 +48,6 @@
   15.24  import pkg.fmri as fmri
   15.25  import pkg.misc as misc
   15.26  import pkg.portable as portable
   15.27 -import M2Crypto as m2
   15.28  
   15.29  from pkg.client.debugvalues import DebugValues
   15.30  from pkg.pkggzip import PkgGzipFile
   15.31 @@ -1287,15 +1290,13 @@
   15.32                          i1=os.path.join(self.chain_certs_dir,
   15.33                              "ch1_ta3_cert.pem"))
   15.34                  self.pkgsign(self.rurl1, sign_args)
   15.35 -
   15.36                  self.pkg_image_create(self.rurl1)
   15.37                  self.seed_ta_dir("ta3")
   15.38 -
   15.39                  self.pkg("set-property signature-policy verify")
   15.40                  api_obj = self.get_img_api_obj()
   15.41                  self.assertRaises(apx.UnsupportedExtensionValue,
   15.42                      self._api_install, api_obj, ["example_pkg"])
   15.43 -                # Tests that the cli can handle an UnsupportedCriticalExtension.
   15.44 +                # Tests that the cli can handle an UnsupportedExtensionValue.
   15.45                  self.pkg("install example_pkg", exit=1)
   15.46                  self.pkg("set-property signature-policy ignore")
   15.47                  self.pkg("set-publisher --set-property signature-policy=ignore "
   15.48 @@ -1308,7 +1309,7 @@
   15.49                  extension causes an exception to be raised."""
   15.50  
   15.51                  plist = self.pkgsend_bulk(self.rurl1, self.example_pkg10)
   15.52 -                sign_args = "-k {key} -c {cert} {name}".format(
   15.53 +                sign_args = "-k {key} -c {cert} -i {i1} {name}".format(
   15.54                          name=plist[0],
   15.55                          key=os.path.join(self.keys_dir,
   15.56                              "cs6_ch1_ta3_key.pem"),
   15.57 @@ -1325,6 +1326,66 @@
   15.58                  api_obj = self.get_img_api_obj()
   15.59                  self.assertRaises(apx.UnsupportedExtensionValue,
   15.60                      self._api_install, api_obj, ["example_pkg"])
   15.61 +                # Tests that the cli can handle an UnsupportedExtensionValue.
   15.62 +                self.pkg("install example_pkg", exit=1)
   15.63 +                self.pkg("set-property signature-policy ignore")
   15.64 +                self.pkg("set-publisher --set-property signature-policy=ignore "
   15.65 +                    "test")
   15.66 +                api_obj = self.get_img_api_obj()
   15.67 +                self._api_install(api_obj, ["example_pkg"])
   15.68 +
   15.69 +        def test_invalid_extension_1(self):
   15.70 +                """Test that an invalid value in the extension causes an
   15.71 +                exception to be raised."""
   15.72 +
   15.73 +                plist = self.pkgsend_bulk(self.rurl1, self.example_pkg10)
   15.74 +                sign_args = "-k {key} -c {cert} -i {i1} {name}".format(
   15.75 +                        name=plist[0],
   15.76 +                        key=os.path.join(self.keys_dir,
   15.77 +                            "cs9_ch1_ta3_key.pem"),
   15.78 +                        cert=os.path.join(self.cs_dir,
   15.79 +                            "cs9_ch1_ta3_cert.pem"),
   15.80 +                        i1=os.path.join(self.chain_certs_dir,
   15.81 +                            "ch1_ta3_cert.pem"))
   15.82 +                self.pkgsign(self.rurl1, sign_args)
   15.83 +
   15.84 +                self.pkg_image_create(self.rurl1)
   15.85 +                self.seed_ta_dir("ta3")
   15.86 +
   15.87 +                self.pkg("set-property signature-policy verify")
   15.88 +                api_obj = self.get_img_api_obj()
   15.89 +                self.assertRaises(apx.InvalidCertificateExtensions,
   15.90 +                    self._api_install, api_obj, ["example_pkg"])
   15.91 +                # Tests that the cli can handle an InvalidCertificateExtensions.
   15.92 +                self.pkg("install example_pkg", exit=1)
   15.93 +                self.pkg("set-property signature-policy ignore")
   15.94 +                self.pkg("set-publisher --set-property signature-policy=ignore "
   15.95 +                    "test")
   15.96 +                api_obj = self.get_img_api_obj()
   15.97 +                self._api_install(api_obj, ["example_pkg"])
   15.98 +
   15.99 +        def test_invalid_extension_2(self):
  15.100 +                """Test that a critical extension that Cryptography can't
  15.101 +                understand causes an exception to be raised."""
  15.102 +
  15.103 +                plist = self.pkgsend_bulk(self.rurl1, self.example_pkg10)
  15.104 +                sign_args = "-k {key} -c {cert} {name}".format(
  15.105 +                        name=plist[0],
  15.106 +                        key=os.path.join(self.keys_dir,
  15.107 +                            "cust_key.pem"),
  15.108 +                        cert=os.path.join(self.cs_dir,
  15.109 +                            "cust_cert.pem"))
  15.110 +                self.pkgsign(self.rurl1, sign_args)
  15.111 +
  15.112 +                self.pkg_image_create(self.rurl1)
  15.113 +                self.seed_ta_dir("cust")
  15.114 +
  15.115 +                self.pkg("set-property signature-policy verify")
  15.116 +                api_obj = self.get_img_api_obj()
  15.117 +                self.assertRaises(apx.InvalidCertificateExtensions,
  15.118 +                    self._api_install, api_obj, ["example_pkg"])
  15.119 +                # Tests that the cli can handle an InvalidCertificateExtensions.
  15.120 +                self.pkg("install example_pkg", exit=1)
  15.121                  self.pkg("set-property signature-policy ignore")
  15.122                  self.pkg("set-publisher --set-property signature-policy=ignore "
  15.123                      "test")
  15.124 @@ -1472,11 +1533,23 @@
  15.125          def test_crl_0(self):
  15.126                  """Test that the X509 CRL revocation works correctly."""
  15.127  
  15.128 -                crl = m2.X509.load_crl(os.path.join(self.crl_dir,
  15.129 -                    "ch1_ta4_crl.pem"))
  15.130 -                revoked_cert = m2.X509.load_cert(os.path.join(self.cs_dir,
  15.131 -                    "cs1_ch1_ta4_cert.pem"))
  15.132 -                assert crl.is_revoked(revoked_cert)[0]
  15.133 +                with open(os.path.join(self.crl_dir, "ch1_ta4_crl.pem"),
  15.134 +                    "rb") as f:
  15.135 +                        crl = x509.load_pem_x509_crl(
  15.136 +                            f.read(), default_backend())
  15.137 +
  15.138 +                with open(os.path.join(self.cs_dir,
  15.139 +                    "cs1_ch1_ta4_cert.pem"), "rb") as f:
  15.140 +                        cert = x509.load_pem_x509_certificate(
  15.141 +                            f.read(), default_backend())
  15.142 +
  15.143 +                self.assertTrue(crl.issuer == cert.issuer)
  15.144 +                for rev in crl:
  15.145 +                        if rev.serial_number == cert.serial:
  15.146 +                                break
  15.147 +                else:
  15.148 +                        self.assertTrue(False, "Can not find revoked "
  15.149 +                            "certificate in CRL!")
  15.150  
  15.151          def test_bogus_inter_certs(self):
  15.152                  """Test that if SignatureAction.set_signature is given invalid
  15.153 @@ -2266,7 +2339,7 @@
  15.154  
  15.155          def test_small_pathlen(self):
  15.156                  """Test that a chain cert which has a smaller pathlen value than
  15.157 -                is needed is allowed."""
  15.158 +                is needed is disallowed."""
  15.159  
  15.160                  plist = self.pkgsend_bulk(self.rurl1, self.example_pkg10)
  15.161                  sign_args = "-k {key} -c {cert} -i {i1} -i {i2} " \
  15.162 @@ -2934,10 +3007,15 @@
  15.163                  repo_location = self.dcs[1].get_repodir()
  15.164                  cache_dir = os.path.join(self.test_root, "cache")
  15.165                  os.mkdir(cache_dir)
  15.166 -                cert = m2.X509.load_cert(cert_path)
  15.167 +
  15.168 +                with open(cert_path, "rb") as f:
  15.169 +                        cert = x509.load_pem_x509_certificate(
  15.170 +                            f.read(), default_backend())
  15.171 +
  15.172                  fd, new_cert = tempfile.mkstemp(dir=self.test_root)
  15.173                  with os.fdopen(fd, "wb") as fh:
  15.174 -                        fh.write(cert.as_pem())
  15.175 +                        fh.write(cert.public_bytes(
  15.176 +                            serialization.Encoding.PEM))
  15.177  
  15.178                  # the file-store uses the least-preferred hash when storing
  15.179                  # content
  15.180 @@ -2948,7 +3026,7 @@
  15.181                  os.mkdir(subdir)
  15.182                  fp = os.path.join(subdir, file_name)
  15.183                  fh = PkgGzipFile(fp, "wb")
  15.184 -                fh.write(cert.as_pem())
  15.185 +                fh.write(cert.public_bytes(serialization.Encoding.PEM))
  15.186                  fh.close()
  15.187  
  15.188                  self.pkgrecv(self.rurl2, "-c {0} -d {1} '*'".format(
  15.189 @@ -2982,10 +3060,16 @@
  15.190                  repo_location = self.dcs[1].get_repodir()
  15.191                  cache_dir = os.path.join(self.test_root, "cache")
  15.192                  os.mkdir(cache_dir)
  15.193 -                cert = m2.X509.load_cert(ta_path)
  15.194 +
  15.195 +                with open(ta_path, "rb") as f:
  15.196 +                        cert = x509.load_pem_x509_certificate(
  15.197 +                            f.read(), default_backend())
  15.198 +
  15.199                  fd, new_cert = tempfile.mkstemp(dir=self.test_root)
  15.200                  with os.fdopen(fd, "wb") as fh:
  15.201 -                        fh.write(cert.as_pem())
  15.202 +                        fh.write(cert.public_bytes(
  15.203 +                            serialization.Encoding.PEM))
  15.204 +
  15.205                  for attr in digest.DEFAULT_HASH_ATTRS:
  15.206                          alg = digest.HASH_ALGS[attr]
  15.207                          file_name = misc.get_data_digest(new_cert,
  15.208 @@ -2994,7 +3078,8 @@
  15.209                          os.mkdir(subdir)
  15.210                          fp = os.path.join(subdir, file_name)
  15.211                          fh = PkgGzipFile(fp, "wb")
  15.212 -                        fh.write(cert.as_pem())
  15.213 +                        fh.write(cert.public_bytes(
  15.214 +                            serialization.Encoding.PEM))
  15.215                          fh.close()
  15.216  
  15.217                  self.pkgrecv(self.rurl2, "-c {0} -d {1} '*'".format(
    16.1 --- a/src/tests/pkg5unittest.py	Tue Mar 08 11:12:06 2016 -0800
    16.2 +++ b/src/tests/pkg5unittest.py	Wed Mar 09 11:27:23 2016 -0800
    16.3 @@ -67,6 +67,9 @@
    16.4  import traceback
    16.5  import types
    16.6  
    16.7 +from cryptography import x509
    16.8 +from cryptography.hazmat.backends import default_backend
    16.9 +from cryptography.hazmat.primitives import serialization
   16.10  from imp import reload
   16.11  from six.moves import configparser, http_client
   16.12  from six.moves.urllib.error import HTTPError, URLError
   16.13 @@ -79,7 +82,6 @@
   16.14  import pkg.client.publisher as publisher
   16.15  import pkg.portable as portable
   16.16  import pkg.server.repository as sr
   16.17 -import M2Crypto as m2
   16.18  
   16.19  from pkg.client.debugvalues import DebugValues
   16.20  
   16.21 @@ -922,9 +924,12 @@
   16.22  
   16.23          @staticmethod
   16.24          def calc_pem_hash(pth):
   16.25 -                # Find the hash of pem representation the file.
   16.26 -                cert = m2.X509.load_cert(pth)
   16.27 -                return hashlib.sha1(cert.as_pem()).hexdigest()
   16.28 +                """Find the hash of pem representation the file."""
   16.29 +                with open(pth) as f:
   16.30 +                        cert = x509.load_pem_x509_certificate(
   16.31 +                            f.read(), default_backend())
   16.32 +                return hashlib.sha1(
   16.33 +                    cert.public_bytes(serialization.Encoding.PEM)).hexdigest()
   16.34  
   16.35          def reduceSpaces(self, string):
   16.36                  """Reduce runs of spaces down to a single space."""
    17.1 --- a/src/tests/ro_data/signing_certs/generate_certs.py	Tue Mar 08 11:12:06 2016 -0800
    17.2 +++ b/src/tests/ro_data/signing_certs/generate_certs.py	Wed Mar 09 11:27:23 2016 -0800
    17.3 @@ -21,12 +21,13 @@
    17.4  #
    17.5  
    17.6  #
    17.7 -# Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
    17.8 +# Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
    17.9  #
   17.10  
   17.11 +from __future__ import print_function
   17.12  import os
   17.13 +import pkg.pkgsubprocess as subprocess
   17.14  import shutil
   17.15 -import subprocess
   17.16  import sys
   17.17  
   17.18  sys.path.append("../../")
   17.19 @@ -109,6 +110,9 @@
   17.20              ext="v3_confused_cs")
   17.21          cg.make_cs_cert("cs1_cs8_ch1_ta3", "cs8_ch1_ta3",
   17.22              parent_loc="code_signing_certs")
   17.23 +        # Add a certificate to the length 3 chain that has an invalid extension.
   17.24 +        cg.make_cs_cert("cs9_ch1_ta3", "ch1_ta3", parent_loc="chain_certs",
   17.25 +            ext="invalid_ext")
   17.26          # Make a chain where the CA has an unsupported critical extension.
   17.27          cg.make_ca_cert("ch1.1_ta3", "ta3", ext="issuer_ext_ca")
   17.28          cg.make_cs_cert("cs1_ch1.1_ta3", "ch1.1_ta3", parent_loc="chain_certs")
   17.29 @@ -164,7 +168,7 @@
   17.30          fhw = open(os.path.join(output_dir, "combined_cas.pem"), "w")
   17.31          for x in range(6,12):
   17.32                  if x == 7:
   17.33 -                        # ta requires a password to unlock cert, don't use 
   17.34 +                        # ta requires a password to unlock cert, don't use
   17.35                          continue
   17.36                  fn = "{0}/ta{1:d}/ta{2:d}_cert.pem".format(output_dir, x, x)
   17.37                  fhr = open(fn, "r")
   17.38 @@ -172,3 +176,28 @@
   17.39                  fhr.close()
   17.40          fhw.close()
   17.41  
   17.42 +        # Create a certificate with an extension that Cryptography can't
   17.43 +        # understand. We can't do it by the OpenSSL CLI, but we can use a C
   17.44 +        # program that calls OpenSSL libraries to do it.
   17.45 +        os.chdir("../../../util/mkcert")
   17.46 +        cmdline = "./certgen"
   17.47 +        p = subprocess.Popen(cmdline, stdout=subprocess.PIPE,
   17.48 +            stderr=subprocess.PIPE, shell=True)
   17.49 +        p.wait()
   17.50 +
   17.51 +        output, error = p.communicate()
   17.52 +        if p.returncode == 127:
   17.53 +                print("certgen not found; execute 'make' in the mkcert "
   17.54 +                    "directory first")
   17.55 +                sys.exit(p.returncode)
   17.56 +        elif p.returncode != 0:
   17.57 +                print("failed: {0} {1}".format(output, error))
   17.58 +                sys.exit(p.returncode)
   17.59 +
   17.60 +        # copy the generated cert files from util/mkcert to the ro_data area
   17.61 +        shutil.copy("cust_key.pem",
   17.62 +            "../../tests/ro_data/signing_certs/produced/keys/")
   17.63 +        shutil.copy("cust_cert.pem",
   17.64 +            "../../tests/ro_data/signing_certs/produced/code_signing_certs/")
   17.65 +        shutil.copy("cust_cert.pem",
   17.66 +            "../../tests/ro_data/signing_certs/produced/trust_anchors/")
    18.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/01.pem	Tue Mar 08 11:12:06 2016 -0800
    18.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/01.pem	Wed Mar 09 11:27:23 2016 -0800
    18.3 @@ -5,61 +5,82 @@
    18.4      Signature Algorithm: sha256WithRSAEncryption
    18.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta1/emailAddress=ta1
    18.6          Validity
    18.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    18.8 -            Not After : Sep  8 00:13:34 2016 GMT
    18.9 +            Not Before: Jan 22 01:57:53 2016 GMT
   18.10 +            Not After : Oct 18 01:57:53 2018 GMT
   18.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta1/emailAddress=ch1_ta1
   18.12          Subject Public Key Info:
   18.13              Public Key Algorithm: rsaEncryption
   18.14 -                Public-Key: (1024 bit)
   18.15 +                Public-Key: (2048 bit)
   18.16                  Modulus:
   18.17 -                    00:da:3a:b2:74:16:5c:38:7c:93:3a:48:cb:9f:71:
   18.18 -                    7c:aa:b9:ff:d7:25:5f:cd:90:6c:e6:87:6d:ed:34:
   18.19 -                    0f:12:19:00:a8:36:fe:51:4b:b2:38:76:55:2a:d1:
   18.20 -                    ce:3b:a3:78:75:db:c8:ba:85:8b:ad:80:0e:84:ab:
   18.21 -                    1f:4b:80:90:20:56:49:7b:71:a0:16:f8:15:8a:cd:
   18.22 -                    70:ee:45:1f:53:34:3c:85:df:10:75:e2:b1:68:97:
   18.23 -                    c5:0d:66:7f:bf:e7:b3:d1:09:03:1b:50:14:dc:e3:
   18.24 -                    3e:a9:b6:6a:63:e6:0f:51:3e:06:59:50:43:da:10:
   18.25 -                    99:0d:79:a3:b4:76:89:a2:01
   18.26 +                    00:ef:e4:87:59:74:82:97:b8:fa:7e:12:4a:e8:48:
   18.27 +                    fe:95:28:15:6a:c7:07:ac:10:27:fb:58:9e:2c:9a:
   18.28 +                    43:84:2b:1d:e4:04:68:e1:64:cd:3d:be:97:4a:f1:
   18.29 +                    c0:e5:3f:b9:04:70:eb:02:7f:e2:f4:3c:23:44:80:
   18.30 +                    b0:9f:ab:02:09:37:10:c6:25:53:f2:9b:24:d8:7e:
   18.31 +                    c6:0a:71:56:95:72:71:e9:97:d6:70:5f:76:2b:bf:
   18.32 +                    f4:c4:43:93:9c:62:ad:60:3c:27:3a:19:e6:64:db:
   18.33 +                    1d:56:60:a5:32:8c:91:61:15:b9:9a:ef:89:4e:bf:
   18.34 +                    4b:ca:90:7b:01:05:1c:1f:51:ec:33:43:66:f2:eb:
   18.35 +                    45:17:e9:dc:fa:f3:d3:73:82:ae:9b:cc:fb:c8:44:
   18.36 +                    29:3a:c8:24:5c:b7:52:d2:fa:30:0d:42:7a:8c:e1:
   18.37 +                    0a:4c:5a:0c:6e:57:7b:0f:9f:e3:ae:84:bd:1b:10:
   18.38 +                    ee:63:f2:5e:0d:91:bd:9a:b6:e4:f6:a6:85:92:e8:
   18.39 +                    bc:3c:b4:da:13:6e:0b:9b:f9:6f:4b:1d:61:57:44:
   18.40 +                    23:a7:78:35:72:ef:51:a8:98:14:2a:78:d0:55:da:
   18.41 +                    fe:f1:93:e0:fd:6c:e6:42:6b:3b:eb:4f:f8:b1:ac:
   18.42 +                    dd:78:9b:9f:f8:c1:51:28:fe:04:aa:8b:c8:40:f7:
   18.43 +                    f6:73
   18.44                  Exponent: 65537 (0x10001)
   18.45          X509v3 extensions:
   18.46              X509v3 Subject Key Identifier: 
   18.47 -                36:46:2D:8A:1B:8B:CE:C1:1D:02:37:B9:EC:A5:FF:BA:73:AE:E5:48
   18.48 +                2E:B3:14:E2:95:4C:93:07:05:A4:87:64:EA:C4:57:2D:52:3B:8C:F9
   18.49              X509v3 Authority Key Identifier: 
   18.50 -                keyid:81:54:6B:06:08:DD:44:4F:08:81:21:7A:7C:D5:96:EA:53:2B:E3:0A
   18.51 +                keyid:D6:A2:C9:8F:BE:AC:C1:F3:E7:8A:8D:01:1C:0A:7D:C1:EE:88:E5:A6
   18.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta1/emailAddress=ta1
   18.53 -                serial:F6:A8:B6:5C:10:8D:04:4F
   18.54 +                serial:B8:ED:CE:51:42:C8:90:81
   18.55  
   18.56              X509v3 Basic Constraints: critical
   18.57                  CA:TRUE, pathlen:4
   18.58              X509v3 Key Usage: critical
   18.59                  Certificate Sign, CRL Sign
   18.60      Signature Algorithm: sha256WithRSAEncryption
   18.61 -         38:4a:69:9d:14:fa:51:b9:35:9c:c8:ae:e5:c0:e2:2e:4c:d4:
   18.62 -         57:ad:64:05:99:e4:94:b3:d3:97:e0:0e:bd:1c:b4:64:c8:2b:
   18.63 -         07:18:26:7f:99:ef:9c:48:e6:23:b3:96:37:92:54:85:8b:29:
   18.64 -         19:60:12:11:fc:d8:62:84:5c:75:73:76:9e:0f:f8:a7:95:79:
   18.65 -         c8:3c:75:f7:13:73:1f:be:fa:60:79:5c:6c:12:8d:ca:f9:58:
   18.66 -         4b:1f:ed:0a:52:4c:61:95:6f:9a:a7:57:0c:20:9a:19:73:dc:
   18.67 -         3d:42:aa:47:29:ac:92:a9:cc:4a:eb:85:6d:ab:cd:ed:2b:9a:
   18.68 -         e5:c1
   18.69 +         32:8d:c5:57:e8:49:29:70:35:e7:5a:4f:c7:78:70:ad:9e:6e:
   18.70 +         2d:27:e2:a6:95:eb:30:a8:b5:71:6b:0e:5b:de:ca:9b:3e:be:
   18.71 +         8d:34:d4:98:68:67:2f:8a:63:50:66:71:5b:3b:5b:1e:b4:37:
   18.72 +         6b:6b:df:7c:1e:9e:24:01:8d:0a:ea:b0:e5:1f:31:1e:d1:ed:
   18.73 +         68:cf:73:00:56:36:cc:e5:83:3f:c4:c0:00:d5:3f:3c:f8:2f:
   18.74 +         dd:4e:c6:68:08:b5:80:ef:d0:ab:4c:55:a1:7b:4a:1e:67:02:
   18.75 +         5d:fb:56:68:88:f2:49:2f:e5:f5:4c:3a:2d:54:b7:9a:79:38:
   18.76 +         f1:87:b4:d9:8d:b6:0c:88:ec:a1:ce:00:e0:9a:13:3b:57:d6:
   18.77 +         80:17:a0:e8:1b:3e:e6:25:d8:bd:8e:1d:bb:45:36:9f:4b:a7:
   18.78 +         4e:3e:f5:fb:60:73:85:2e:4e:35:10:9a:a8:44:ea:22:8f:6f:
   18.79 +         27:84:3f:e8:02:05:7c:fd:57:61:76:1b:6b:52:6b:b9:c4:6c:
   18.80 +         9b:84:e3:c5:91:16:14:03:a0:80:e8:80:35:bc:92:97:35:13:
   18.81 +         e5:d9:1b:4e:4b:0c:ba:15:cf:d8:5f:c9:86:fd:44:74:88:34:
   18.82 +         76:12:85:90:a1:d9:3a:cf:d3:63:3f:be:91:d1:66:04:fc:5b:
   18.83 +         84:8d:f8:a7
   18.84  -----BEGIN CERTIFICATE-----
   18.85 -MIIDNTCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   18.86 +MIIEOjCCAyKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   18.87  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   18.88 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhMTESMBAGCSqGSIb3DQEJARYDdGExMB4XDTEz
   18.89 -MTIxMzAwMTMzNFoXDTE2MDkwODAwMTMzNFowcTELMAkGA1UEBhMCVVMxEzARBgNV
   18.90 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhMTESMBAGCSqGSIb3DQEJARYDdGExMB4XDTE2
   18.91 +MDEyMjAxNTc1M1oXDTE4MTAxODAxNTc1M1owcTELMAkGA1UEBhMCVVMxEzARBgNV
   18.92  BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   18.93 -a2c1MRAwDgYDVQQDDAdjaDFfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDFfdGExMIGf
   18.94 -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaOrJ0Flw4fJM6SMufcXyquf/XJV/N
   18.95 -kGzmh23tNA8SGQCoNv5RS7I4dlUq0c47o3h128i6hYutgA6Eqx9LgJAgVkl7caAW
   18.96 -+BWKzXDuRR9TNDyF3xB14rFol8UNZn+/57PRCQMbUBTc4z6ptmpj5g9RPgZZUEPa
   18.97 -EJkNeaO0domiAQIDAQABo4HkMIHhMB0GA1UdDgQWBBQ2Ri2KG4vOwR0CN7nspf+6
   18.98 -c67lSDCBmwYDVR0jBIGTMIGQgBSBVGsGCN1ETwiBIXp81ZbqUyvjCqFtpGswaTEL
   18.99 -MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRh
  18.100 -IENsYXJhMQ0wCwYDVQQKDARwa2c1MQwwCgYDVQQDDAN0YTExEjAQBgkqhkiG9w0B
  18.101 -CQEWA3RhMYIJAPaotlwQjQRPMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0PAQH/
  18.102 -BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADhKaZ0U+lG5NZzIruXA4i5M1FetZAWZ
  18.103 -5JSz05fgDr0ctGTIKwcYJn+Z75xI5iOzljeSVIWLKRlgEhH82GKEXHVzdp4P+KeV
  18.104 -ecg8dfcTcx+++mB5XGwSjcr5WEsf7QpSTGGVb5qnVwwgmhlz3D1CqkcprJKpzErr
  18.105 -hW2rze0rmuXB
  18.106 +a2c1MRAwDgYDVQQDDAdjaDFfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDFfdGExMIIB
  18.107 +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7+SHWXSCl7j6fhJK6Ej+lSgV
  18.108 +ascHrBAn+1ieLJpDhCsd5ARo4WTNPb6XSvHA5T+5BHDrAn/i9DwjRICwn6sCCTcQ
  18.109 +xiVT8psk2H7GCnFWlXJx6ZfWcF92K7/0xEOTnGKtYDwnOhnmZNsdVmClMoyRYRW5
  18.110 +mu+JTr9LypB7AQUcH1HsM0Nm8utFF+nc+vPTc4Kum8z7yEQpOsgkXLdS0vowDUJ6
  18.111 +jOEKTFoMbld7D5/jroS9GxDuY/JeDZG9mrbk9qaFkui8PLTaE24Lm/lvSx1hV0Qj
  18.112 +p3g1cu9RqJgUKnjQVdr+8ZPg/WzmQms760/4sazdeJuf+MFRKP4EqovIQPf2cwID
  18.113 +AQABo4HkMIHhMB0GA1UdDgQWBBQusxTilUyTBwWkh2TqxFctUjuM+TCBmwYDVR0j
  18.114 +BIGTMIGQgBTWosmPvqzB8+eKjQEcCn3B7ojlpqFtpGswaTELMAkGA1UEBhMCVVMx
  18.115 +EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYD
  18.116 +VQQKDARwa2c1MQwwCgYDVQQDDAN0YTExEjAQBgkqhkiG9w0BCQEWA3RhMYIJALjt
  18.117 +zlFCyJCBMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
  18.118 +SIb3DQEBCwUAA4IBAQAyjcVX6EkpcDXnWk/HeHCtnm4tJ+KmleswqLVxaw5b3sqb
  18.119 +Pr6NNNSYaGcvimNQZnFbO1setDdra998Hp4kAY0K6rDlHzEe0e1oz3MAVjbM5YM/
  18.120 +xMAA1T88+C/dTsZoCLWA79CrTFWhe0oeZwJd+1ZoiPJJL+X1TDotVLeaeTjxh7TZ
  18.121 +jbYMiOyhzgDgmhM7V9aAF6DoGz7mJdi9jh27RTafS6dOPvX7YHOFLk41EJqoROoi
  18.122 +j28nhD/oAgV8/VdhdhtrUmu5xGybhOPFkRYUA6CA6IA1vJKXNRPl2RtOSwy6Fc/Y
  18.123 +X8mG/UR0iDR2EoWQodk6z9NjP76R0WYE/FuEjfin
  18.124  -----END CERTIFICATE-----
    19.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/02.pem	Tue Mar 08 11:12:06 2016 -0800
    19.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/02.pem	Wed Mar 09 11:27:23 2016 -0800
    19.3 @@ -5,28 +5,37 @@
    19.4      Signature Algorithm: sha256WithRSAEncryption
    19.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta1/emailAddress=ch1_ta1
    19.6          Validity
    19.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    19.8 -            Not After : Sep  8 00:13:34 2016 GMT
    19.9 +            Not Before: Jan 22 01:57:53 2016 GMT
   19.10 +            Not After : Oct 18 01:57:53 2018 GMT
   19.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch2_ta1/emailAddress=ch2_ta1
   19.12          Subject Public Key Info:
   19.13              Public Key Algorithm: rsaEncryption
   19.14 -                Public-Key: (1024 bit)
   19.15 +                Public-Key: (2048 bit)
   19.16                  Modulus:
   19.17 -                    00:be:c1:86:30:d2:a3:02:f4:00:33:fc:54:f3:6f:
   19.18 -                    d7:27:99:7b:57:e2:f1:93:f8:58:1c:eb:9a:cc:6b:
   19.19 -                    23:9b:b8:a9:11:27:50:9b:d7:a7:c2:fe:8b:ee:54:
   19.20 -                    d0:5d:e2:24:04:47:1c:cc:54:b5:89:bb:a6:26:de:
   19.21 -                    b9:3b:73:19:67:5e:9a:88:12:de:87:de:0e:26:c9:
   19.22 -                    0c:44:13:65:23:cd:7f:34:d6:bb:45:20:87:7e:ba:
   19.23 -                    48:d5:2f:3f:fc:d6:8d:d7:b7:b2:9f:42:ef:76:9a:
   19.24 -                    cf:c3:01:ae:b9:8f:00:33:ea:28:15:ca:30:da:8f:
   19.25 -                    25:76:a4:55:2a:2c:7a:b8:eb
   19.26 +                    00:ac:2b:63:c0:6d:3e:96:73:cf:d9:f6:76:40:27:
   19.27 +                    72:6b:c9:d4:10:27:d9:b1:b5:7b:f1:98:aa:d3:39:
   19.28 +                    78:eb:98:40:95:81:6c:0b:d8:b7:ea:14:76:4b:36:
   19.29 +                    f9:d6:c2:d2:2a:d7:01:2b:f6:1a:77:6f:dd:b8:01:
   19.30 +                    0b:f5:89:cd:3b:94:5a:76:43:94:79:b5:62:a0:f7:
   19.31 +                    b1:4e:3e:8a:9a:41:38:cf:ff:b4:e2:b8:97:ae:1f:
   19.32 +                    55:5a:2c:bf:4b:c0:ba:25:66:4f:d3:c1:06:62:f8:
   19.33 +                    b9:3f:a8:52:c0:55:a8:cc:8a:7e:ee:4a:1a:70:60:
   19.34 +                    20:ee:66:88:9d:af:c9:58:13:bd:1b:59:cc:23:b4:
   19.35 +                    94:56:88:ef:02:e1:da:45:28:7e:ba:6b:90:65:1b:
   19.36 +                    b8:79:e8:6f:2e:92:5b:7f:e1:d2:f3:f0:26:64:64:
   19.37 +                    b6:01:3f:78:73:6f:52:b3:26:e2:c9:be:0a:b8:13:
   19.38 +                    72:e5:05:cc:bb:b8:68:93:2d:63:0b:f8:66:44:68:
   19.39 +                    98:60:eb:a4:36:52:11:0d:eb:db:cf:a5:2d:dc:1d:
   19.40 +                    ab:ff:cc:99:fc:1d:e8:82:3a:d6:a5:55:37:a3:96:
   19.41 +                    12:e4:44:a3:bd:ec:4a:48:11:f6:95:17:31:1f:fc:
   19.42 +                    00:ac:32:33:86:97:7e:8c:2f:09:8e:9e:08:22:56:
   19.43 +                    9a:3d
   19.44                  Exponent: 65537 (0x10001)
   19.45          X509v3 extensions:
   19.46              X509v3 Subject Key Identifier: 
   19.47 -                12:30:0A:74:FD:DE:71:CF:4A:77:1E:1E:57:5E:F8:76:71:D7:5B:9E
   19.48 +                36:30:72:96:D2:F9:D4:7A:AE:CF:C2:4B:3F:EE:52:AA:DF:9B:F3:12
   19.49              X509v3 Authority Key Identifier: 
   19.50 -                keyid:36:46:2D:8A:1B:8B:CE:C1:1D:02:37:B9:EC:A5:FF:BA:73:AE:E5:48
   19.51 +                keyid:2E:B3:14:E2:95:4C:93:07:05:A4:87:64:EA:C4:57:2D:52:3B:8C:F9
   19.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta1/emailAddress=ta1
   19.53                  serial:01
   19.54  
   19.55 @@ -35,31 +44,43 @@
   19.56              X509v3 Key Usage: critical
   19.57                  Certificate Sign, CRL Sign
   19.58      Signature Algorithm: sha256WithRSAEncryption
   19.59 -         8e:a5:2a:c9:3f:e0:1f:a9:8c:a3:45:b8:0d:0e:35:43:c3:d6:
   19.60 -         fe:f6:bc:0d:76:f0:26:d6:ab:e7:39:30:92:6f:cc:8e:0e:5f:
   19.61 -         b0:92:29:41:39:41:14:2a:43:b1:bb:e5:d4:8c:b3:6e:b7:7b:
   19.62 -         89:ab:3d:a4:e1:98:45:40:b9:1e:86:7b:b6:3f:55:e3:46:ab:
   19.63 -         ed:41:45:6a:cc:af:a4:63:54:c8:ab:27:3f:59:67:8a:f5:60:
   19.64 -         1b:63:b7:bb:27:94:00:8f:ee:f9:31:53:59:98:85:76:77:db:
   19.65 -         dd:39:6f:1a:61:fe:0d:68:88:20:a8:d5:2b:c7:6a:08:5b:f1:
   19.66 -         ac:9a
   19.67 +         66:4a:2f:69:a3:d8:4f:31:e6:3b:89:bd:3e:9e:5a:b9:e7:f1:
   19.68 +         a8:ba:dd:ef:e3:f5:73:b8:50:05:aa:65:50:01:db:14:47:d2:
   19.69 +         03:f8:83:a0:ae:79:53:00:89:da:46:00:c7:31:b7:54:6d:17:
   19.70 +         98:01:60:34:12:c0:df:1b:fb:c2:8e:74:34:74:76:1a:48:cf:
   19.71 +         01:8f:45:ea:91:bb:39:73:9d:cb:3f:21:46:60:00:e8:5c:08:
   19.72 +         cf:16:40:00:4b:b3:37:54:92:38:6f:bf:77:eb:78:71:3f:5f:
   19.73 +         85:81:12:57:77:17:69:fc:5a:0e:ea:ca:50:29:0b:e2:b5:de:
   19.74 +         20:bd:9c:bd:24:e4:c8:13:d4:04:de:f2:91:c5:ce:3a:7a:26:
   19.75 +         a0:70:e0:d7:1b:60:43:61:c2:51:76:5a:4a:c4:9f:31:71:68:
   19.76 +         55:9f:95:61:7b:bd:e2:bf:1f:b0:bb:4a:e7:01:48:10:3e:ea:
   19.77 +         33:a5:75:0a:d6:96:c2:3b:fc:77:64:e4:79:fd:29:4d:00:24:
   19.78 +         bb:57:41:ec:7f:69:e5:f5:92:ff:2c:1d:7a:43:06:04:7a:60:
   19.79 +         e0:c0:65:f6:d5:cd:21:8d:3a:38:55:da:7f:5b:04:f2:5c:ab:
   19.80 +         68:ba:9d:83:ef:71:21:6f:3b:60:e2:d4:50:40:0b:81:9b:4e:
   19.81 +         1c:7b:c4:57
   19.82  -----BEGIN CERTIFICATE-----
   19.83 -MIIDNTCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   19.84 +MIIEOjCCAyKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   19.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   19.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoMV90YTExFjAUBgkqhkiG9w0BCQEWB2NoMV90
   19.87 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjBxMQswCQYDVQQGEwJV
   19.88 +YTEwHhcNMTYwMTIyMDE1NzUzWhcNMTgxMDE4MDE1NzUzWjBxMQswCQYDVQQGEwJV
   19.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   19.90  BgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoMl90YTExFjAUBgkqhkiG9w0BCQEWB2No
   19.91 -Ml90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7BhjDSowL0ADP8VPNv
   19.92 -1yeZe1fi8ZP4WBzrmsxrI5u4qREnUJvXp8L+i+5U0F3iJARHHMxUtYm7pibeuTtz
   19.93 -GWdemogS3ofeDibJDEQTZSPNfzTWu0Ugh366SNUvP/zWjde3sp9C73aaz8MBrrmP
   19.94 -ADPqKBXKMNqPJXakVSoserjrAgMBAAGjgdwwgdkwHQYDVR0OBBYEFBIwCnT93nHP
   19.95 -SnceHlde+HZx11ueMIGTBgNVHSMEgYswgYiAFDZGLYobi87BHQI3ueyl/7pzruVI
   19.96 -oW2kazBpMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UE
   19.97 -BwwLU2FudGEgQ2xhcmExDTALBgNVBAoMBHBrZzUxDDAKBgNVBAMMA3RhMTESMBAG
   19.98 -CSqGSIb3DQEJARYDdGExggEBMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/
   19.99 -BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAI6lKsk/4B+pjKNFuA0ONUPD1v72vA12
  19.100 -8CbWq+c5MJJvzI4OX7CSKUE5QRQqQ7G75dSMs263e4mrPaThmEVAuR6Ge7Y/VeNG
  19.101 -q+1BRWrMr6RjVMirJz9ZZ4r1YBtjt7snlACP7vkxU1mYhXZ32905bxph/g1oiCCo
  19.102 -1SvHaghb8aya
  19.103 +Ml90YTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsK2PAbT6Wc8/Z
  19.104 +9nZAJ3JrydQQJ9mxtXvxmKrTOXjrmECVgWwL2LfqFHZLNvnWwtIq1wEr9hp3b924
  19.105 +AQv1ic07lFp2Q5R5tWKg97FOPoqaQTjP/7TiuJeuH1VaLL9LwLolZk/TwQZi+Lk/
  19.106 +qFLAVajMin7uShpwYCDuZoidr8lYE70bWcwjtJRWiO8C4dpFKH66a5BlG7h56G8u
  19.107 +klt/4dLz8CZkZLYBP3hzb1KzJuLJvgq4E3LlBcy7uGiTLWML+GZEaJhg66Q2UhEN
  19.108 +69vPpS3cHav/zJn8HeiCOtalVTejlhLkRKO97EpIEfaVFzEf/ACsMjOGl36MLwmO
  19.109 +nggiVpo9AgMBAAGjgdwwgdkwHQYDVR0OBBYEFDYwcpbS+dR6rs/CSz/uUqrfm/MS
  19.110 +MIGTBgNVHSMEgYswgYiAFC6zFOKVTJMHBaSHZOrEVy1SO4z5oW2kazBpMQswCQYD
  19.111 +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xh
  19.112 +cmExDTALBgNVBAoMBHBrZzUxDDAKBgNVBAMMA3RhMTESMBAGCSqGSIb3DQEJARYD
  19.113 +dGExggEBMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
  19.114 +SIb3DQEBCwUAA4IBAQBmSi9po9hPMeY7ib0+nlq55/Gout3v4/VzuFAFqmVQAdsU
  19.115 +R9ID+IOgrnlTAInaRgDHMbdUbReYAWA0EsDfG/vCjnQ0dHYaSM8Bj0Xqkbs5c53L
  19.116 +PyFGYADoXAjPFkAAS7M3VJI4b79363hxP1+FgRJXdxdp/FoO6spQKQvitd4gvZy9
  19.117 +JOTIE9QE3vKRxc46eiagcODXG2BDYcJRdlpKxJ8xcWhVn5Vhe73ivx+wu0rnAUgQ
  19.118 +PuozpXUK1pbCO/x3ZOR5/SlNACS7V0Hsf2nl9ZL/LB16QwYEemDgwGX21c0hjTo4
  19.119 +Vdp/WwTyXKtoup2D73Ehbztg4tRQQAuBm04ce8RX
  19.120  -----END CERTIFICATE-----
    20.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/03.pem	Tue Mar 08 11:12:06 2016 -0800
    20.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/03.pem	Wed Mar 09 11:27:23 2016 -0800
    20.3 @@ -5,28 +5,37 @@
    20.4      Signature Algorithm: sha256WithRSAEncryption
    20.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch2_ta1/emailAddress=ch2_ta1
    20.6          Validity
    20.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    20.8 -            Not After : Sep  8 00:13:34 2016 GMT
    20.9 +            Not Before: Jan 22 01:57:54 2016 GMT
   20.10 +            Not After : Oct 18 01:57:54 2018 GMT
   20.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
   20.12          Subject Public Key Info:
   20.13              Public Key Algorithm: rsaEncryption
   20.14 -                Public-Key: (1024 bit)
   20.15 +                Public-Key: (2048 bit)
   20.16                  Modulus:
   20.17 -                    00:d3:5b:f1:93:8f:01:0f:c0:25:d9:07:f1:70:29:
   20.18 -                    1e:56:0b:ff:93:70:1d:45:02:ef:52:22:8a:04:c9:
   20.19 -                    08:85:33:db:77:c3:33:d9:5c:fe:30:2a:a8:ac:9d:
   20.20 -                    d8:97:dc:b4:69:51:5e:d1:c9:86:68:a7:e3:ab:35:
   20.21 -                    e2:8f:d0:36:1b:67:be:50:88:66:7c:4b:4f:d3:86:
   20.22 -                    78:92:d9:c5:62:c7:04:a3:d7:9e:8c:c3:ca:48:41:
   20.23 -                    52:3f:a1:82:dc:f2:bb:d2:9c:a9:58:25:3a:0b:73:
   20.24 -                    b6:41:ab:6a:c3:6a:70:ce:a1:20:0f:b6:db:e0:91:
   20.25 -                    0b:0a:1f:dc:02:f4:ed:32:0f
   20.26 +                    00:b6:d0:0d:56:d4:83:c8:22:08:fd:38:bd:e2:34:
   20.27 +                    1e:1a:4e:8a:ca:b8:97:9b:69:75:be:78:1b:45:ae:
   20.28 +                    aa:60:19:86:eb:4b:9a:9f:4b:76:4b:0e:20:e3:bf:
   20.29 +                    31:89:b0:36:9e:b2:7f:70:17:50:d5:f3:5a:84:ee:
   20.30 +                    57:3d:86:83:6e:34:47:bf:9a:3a:cb:a3:f1:e9:00:
   20.31 +                    5a:82:cd:b9:61:63:ac:fa:dd:1a:23:9e:79:a0:13:
   20.32 +                    1c:5b:9c:20:8f:a4:73:09:0b:6e:40:82:e1:13:98:
   20.33 +                    8c:71:27:8b:4b:f9:20:a2:14:17:69:3c:ef:ba:68:
   20.34 +                    8e:4d:61:b8:f4:fd:92:fc:5c:10:9c:12:5f:91:63:
   20.35 +                    ae:57:a4:31:a2:67:46:60:c8:d9:10:ba:86:33:6f:
   20.36 +                    99:a7:14:3a:42:5d:b2:77:f5:e5:52:9e:e9:f6:f5:
   20.37 +                    01:ea:63:b1:71:97:cd:83:18:5c:07:40:44:b3:43:
   20.38 +                    c7:af:f7:ad:d7:61:0f:7c:c7:60:5e:df:d4:06:f5:
   20.39 +                    1d:ee:c1:19:0e:4b:13:e3:51:b6:b7:cc:3f:35:8f:
   20.40 +                    6c:99:56:42:eb:86:8a:42:fa:4a:5c:60:06:75:a4:
   20.41 +                    b1:6b:ea:eb:0c:eb:21:5d:2d:0f:0c:a0:fd:3e:67:
   20.42 +                    42:b4:a1:da:57:3c:a6:50:a4:df:0a:8e:ca:fc:10:
   20.43 +                    2c:bd
   20.44                  Exponent: 65537 (0x10001)
   20.45          X509v3 extensions:
   20.46              X509v3 Subject Key Identifier: 
   20.47 -                8F:2A:82:4C:1E:39:97:C3:4A:6A:52:FC:D4:CB:E6:37:CE:12:91:59
   20.48 +                EE:A0:C0:54:B5:84:89:28:80:79:49:CE:D0:A9:C6:8B:B9:8E:85:20
   20.49              X509v3 Authority Key Identifier: 
   20.50 -                keyid:12:30:0A:74:FD:DE:71:CF:4A:77:1E:1E:57:5E:F8:76:71:D7:5B:9E
   20.51 +                keyid:36:30:72:96:D2:F9:D4:7A:AE:CF:C2:4B:3F:EE:52:AA:DF:9B:F3:12
   20.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch1_ta1/emailAddress=ch1_ta1
   20.53                  serial:02
   20.54  
   20.55 @@ -35,31 +44,43 @@
   20.56              X509v3 Key Usage: critical
   20.57                  Certificate Sign, CRL Sign
   20.58      Signature Algorithm: sha256WithRSAEncryption
   20.59 -         94:2a:c9:c9:21:b7:bd:3a:72:31:65:89:16:11:00:e1:46:38:
   20.60 -         16:b6:cd:d4:04:b3:18:71:3d:8d:4a:0a:ec:02:4e:ee:58:2c:
   20.61 -         7d:d2:0b:6f:c6:d2:be:a6:f9:1c:e7:c2:76:2a:09:87:d2:06:
   20.62 -         8e:0d:aa:66:70:e8:8f:ff:7d:1d:e4:4e:9b:58:71:f7:40:46:
   20.63 -         a8:79:9d:86:6c:bf:64:3b:76:66:6c:08:21:62:09:6d:7b:f4:
   20.64 -         5d:e2:8e:1c:e6:e3:56:71:de:b7:fe:92:07:f0:7e:13:e0:ad:
   20.65 -         62:b3:08:9f:06:7e:9b:f6:8b:76:96:df:86:30:0e:bb:ef:9b:
   20.66 -         b3:07
   20.67 +         a6:cf:99:19:6d:0e:6c:46:8b:9a:79:e7:12:d9:3b:13:6f:c9:
   20.68 +         98:05:09:5c:a4:14:42:de:2d:bf:cc:85:39:a7:ec:e3:fb:1c:
   20.69 +         73:76:0c:8f:ab:1a:e7:f3:4a:cb:44:8e:33:a0:3c:3d:6a:21:
   20.70 +         88:87:e2:52:d7:27:23:05:c9:f5:59:a8:b7:c3:e6:00:01:6c:
   20.71 +         85:98:cd:37:30:f9:f9:d7:6f:07:56:5d:f0:c6:a6:d7:aa:ec:
   20.72 +         a6:f4:40:97:aa:45:f3:3e:25:22:fa:fb:4a:04:42:3c:77:36:
   20.73 +         96:91:2d:49:8a:ba:07:cb:70:69:71:6d:4f:5e:9c:f0:1d:8f:
   20.74 +         ed:22:fd:5b:c6:c6:87:b0:e9:0c:20:51:17:09:a3:2f:fd:da:
   20.75 +         e9:84:5e:5e:d4:9a:39:b9:e4:75:e2:4f:8e:35:71:97:46:2d:
   20.76 +         3c:6e:30:dd:92:5a:86:29:b4:7a:27:aa:cf:1e:d2:31:6e:f7:
   20.77 +         d7:7f:f3:d6:17:e3:dd:4d:13:d3:d4:3e:d4:3a:ab:46:f7:68:
   20.78 +         e7:b9:9f:28:26:f2:ec:f4:f1:96:ea:09:d0:fe:ed:08:8c:52:
   20.79 +         98:ff:ad:47:0d:2f:c5:24:9b:58:17:5c:4e:a2:bb:11:29:84:
   20.80 +         03:91:d8:a6:31:a7:cf:b3:f7:3b:e0:f1:6e:4b:90:13:77:ba:
   20.81 +         7f:0b:cc:ea
   20.82  -----BEGIN CERTIFICATE-----
   20.83 -MIIDPTCCAqagAwIBAgIBAzANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   20.84 +MIIEQjCCAyqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   20.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   20.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoMl90YTExFjAUBgkqhkiG9w0BCQEWB2NoMl90
   20.87 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjBxMQswCQYDVQQGEwJV
   20.88 +YTEwHhcNMTYwMTIyMDE1NzU0WhcNMTgxMDE4MDE1NzU0WjBxMQswCQYDVQQGEwJV
   20.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   20.90  BgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoM190YTExFjAUBgkqhkiG9w0BCQEWB2No
   20.91 -M190YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANNb8ZOPAQ/AJdkH8XAp
   20.92 -HlYL/5NwHUUC71IiigTJCIUz23fDM9lc/jAqqKyd2JfctGlRXtHJhmin46s14o/Q
   20.93 -NhtnvlCIZnxLT9OGeJLZxWLHBKPXnozDykhBUj+hgtzyu9KcqVglOgtztkGrasNq
   20.94 -cM6hIA+22+CRCwof3AL07TIPAgMBAAGjgeQwgeEwHQYDVR0OBBYEFI8qgkweOZfD
   20.95 -SmpS/NTL5jfOEpFZMIGbBgNVHSMEgZMwgZCAFBIwCnT93nHPSnceHlde+HZx11ue
   20.96 -oXWkczBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UE
   20.97 -BwwLU2FudGEgQ2xhcmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoMV90YTEx
   20.98 -FjAUBgkqhkiG9w0BCQEWB2NoMV90YTGCAQIwEgYDVR0TAQH/BAgwBgEB/wIBAjAO
   20.99 -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAlCrJySG3vTpyMWWJFhEA
  20.100 -4UY4FrbN1ASzGHE9jUoK7AJO7lgsfdILb8bSvqb5HOfCdioJh9IGjg2qZnDoj/99
  20.101 -HeROm1hx90BGqHmdhmy/ZDt2ZmwIIWIJbXv0XeKOHObjVnHet/6SB/B+E+CtYrMI
  20.102 -nwZ+m/aLdpbfhjAOu++bswc=
  20.103 +M190YTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC20A1W1IPIIgj9
  20.104 +OL3iNB4aTorKuJebaXW+eBtFrqpgGYbrS5qfS3ZLDiDjvzGJsDaesn9wF1DV81qE
  20.105 +7lc9hoNuNEe/mjrLo/HpAFqCzblhY6z63RojnnmgExxbnCCPpHMJC25AguETmIxx
  20.106 +J4tL+SCiFBdpPO+6aI5NYbj0/ZL8XBCcEl+RY65XpDGiZ0ZgyNkQuoYzb5mnFDpC
  20.107 +XbJ39eVSnun29QHqY7Fxl82DGFwHQESzQ8ev963XYQ98x2Be39QG9R3uwRkOSxPj
  20.108 +Uba3zD81j2yZVkLrhopC+kpcYAZ1pLFr6usM6yFdLQ8MoP0+Z0K0odpXPKZQpN8K
  20.109 +jsr8ECy9AgMBAAGjgeQwgeEwHQYDVR0OBBYEFO6gwFS1hIkogHlJztCpxou5joUg
  20.110 +MIGbBgNVHSMEgZMwgZCAFDYwcpbS+dR6rs/CSz/uUqrfm/MSoXWkczBxMQswCQYD
  20.111 +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xh
  20.112 +cmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoMV90YTExFjAUBgkqhkiG9w0B
  20.113 +CQEWB2NoMV90YTGCAQIwEgYDVR0TAQH/BAgwBgEB/wIBAjAOBgNVHQ8BAf8EBAMC
  20.114 +AQYwDQYJKoZIhvcNAQELBQADggEBAKbPmRltDmxGi5p55xLZOxNvyZgFCVykFELe
  20.115 +Lb/MhTmn7OP7HHN2DI+rGufzSstEjjOgPD1qIYiH4lLXJyMFyfVZqLfD5gABbIWY
  20.116 +zTcw+fnXbwdWXfDGpteq7Kb0QJeqRfM+JSL6+0oEQjx3NpaRLUmKugfLcGlxbU9e
  20.117 +nPAdj+0i/VvGxoew6QwgURcJoy/92umEXl7Umjm55HXiT441cZdGLTxuMN2SWoYp
  20.118 +tHonqs8e0jFu99d/89YX491NE9PUPtQ6q0b3aOe5nygm8uz08ZbqCdD+7QiMUpj/
  20.119 +rUcNL8Ukm1gXXE6iuxEphAOR2KYxp8+z9zvg8W5LkBN3un8LzOo=
  20.120  -----END CERTIFICATE-----
    21.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/04.pem	Tue Mar 08 11:12:06 2016 -0800
    21.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/04.pem	Wed Mar 09 11:27:23 2016 -0800
    21.3 @@ -5,28 +5,37 @@
    21.4      Signature Algorithm: sha256WithRSAEncryption
    21.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
    21.6          Validity
    21.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    21.8 -            Not After : Sep  8 00:13:34 2016 GMT
    21.9 +            Not Before: Jan 22 01:57:54 2016 GMT
   21.10 +            Not After : Oct 18 01:57:54 2018 GMT
   21.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
   21.12          Subject Public Key Info:
   21.13              Public Key Algorithm: rsaEncryption
   21.14 -                Public-Key: (1024 bit)
   21.15 +                Public-Key: (2048 bit)
   21.16                  Modulus:
   21.17 -                    00:af:c3:8b:39:3e:21:56:8a:d6:97:1b:c7:aa:c7:
   21.18 -                    51:9e:e9:cf:15:1f:24:e6:91:92:81:b3:7d:30:eb:
   21.19 -                    ea:12:30:13:03:d0:b9:60:41:8b:eb:88:f4:1f:e5:
   21.20 -                    43:cf:b5:ae:47:7a:4d:46:6e:f8:16:42:67:db:20:
   21.21 -                    e4:0d:1f:96:4f:21:59:95:f6:70:33:32:45:81:18:
   21.22 -                    5e:a5:5b:fd:4a:e6:d7:97:cf:45:65:e7:74:79:5f:
   21.23 -                    a5:9f:e1:c7:a5:d0:5d:24:a7:32:18:68:13:57:4c:
   21.24 -                    cf:78:12:6f:9f:5c:e6:4d:be:89:24:4b:29:d8:02:
   21.25 -                    b2:f9:f9:13:cf:92:43:0f:e5
   21.26 +                    00:f0:be:9f:7c:fb:8e:9a:93:80:30:b8:43:a6:70:
   21.27 +                    13:a9:0b:fb:0c:f7:02:6d:4e:75:db:4a:19:9c:4a:
   21.28 +                    29:c3:e8:58:ba:7b:39:66:4e:d0:04:d6:e4:4c:73:
   21.29 +                    0b:9b:c1:e2:c5:fa:e7:4d:19:c6:e3:ec:ae:13:23:
   21.30 +                    54:ab:12:42:d0:fc:ef:10:5c:8b:2c:c7:00:b8:35:
   21.31 +                    ad:d8:f6:af:cc:9d:6f:19:1c:20:f9:14:f3:1e:69:
   21.32 +                    ce:85:c0:3d:2d:25:6d:79:01:1c:89:fb:2b:f6:2a:
   21.33 +                    c7:ea:89:3f:b8:6a:c5:20:60:79:cd:c5:3d:2f:d4:
   21.34 +                    57:54:63:04:69:fc:fa:0c:a6:23:ee:e4:6e:e3:e2:
   21.35 +                    60:ac:91:01:a2:64:a4:f5:44:8a:7c:90:f3:b7:69:
   21.36 +                    31:14:0e:53:f5:81:08:0b:50:0d:1c:43:f6:92:59:
   21.37 +                    a5:fa:3a:98:72:38:c7:5f:e1:4e:a8:54:64:a9:d4:
   21.38 +                    93:0e:e9:27:88:4a:b9:98:ba:aa:c8:31:0d:dc:fb:
   21.39 +                    70:0d:06:63:1b:d0:ee:61:2f:9b:cf:18:d5:74:bc:
   21.40 +                    53:63:b9:0d:0d:b9:f2:bc:6d:b2:c3:3d:0b:4c:84:
   21.41 +                    09:28:9e:80:94:74:58:b7:af:97:9b:55:ed:a5:c7:
   21.42 +                    c5:79:f9:df:a0:6d:ca:40:c0:a5:dc:09:c4:cd:ed:
   21.43 +                    39:1b
   21.44                  Exponent: 65537 (0x10001)
   21.45          X509v3 extensions:
   21.46              X509v3 Subject Key Identifier: 
   21.47 -                54:8A:14:10:0B:AF:89:DC:1E:65:8A:17:37:6A:AC:D2:2B:6C:27:5C
   21.48 +                44:81:49:A3:5B:7C:85:F2:A7:56:19:FF:64:98:AB:61:89:3E:E1:B7
   21.49              X509v3 Authority Key Identifier: 
   21.50 -                keyid:8F:2A:82:4C:1E:39:97:C3:4A:6A:52:FC:D4:CB:E6:37:CE:12:91:59
   21.51 +                keyid:EE:A0:C0:54:B5:84:89:28:80:79:49:CE:D0:A9:C6:8B:B9:8E:85:20
   21.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch2_ta1/emailAddress=ch2_ta1
   21.53                  serial:03
   21.54  
   21.55 @@ -35,31 +44,43 @@
   21.56              X509v3 Key Usage: critical
   21.57                  Certificate Sign, CRL Sign
   21.58      Signature Algorithm: sha256WithRSAEncryption
   21.59 -         6a:17:96:16:a6:3f:96:b7:8e:fb:e5:d7:14:f9:a8:8e:52:16:
   21.60 -         04:0d:58:4b:f7:c6:70:c4:3f:d3:2b:13:24:7b:47:2d:cf:89:
   21.61 -         59:bf:5c:6c:17:31:46:c4:17:e5:41:fe:5e:3f:ec:44:2e:92:
   21.62 -         94:eb:3b:c9:ff:d1:5e:c0:ad:d3:51:2b:12:11:87:b2:17:2f:
   21.63 -         40:5a:ac:76:f0:0f:ed:cd:ca:be:b6:b2:ef:bf:d4:79:04:e0:
   21.64 -         ed:88:33:96:b0:a4:27:41:a7:31:0b:c4:d9:6a:ad:7d:82:bb:
   21.65 -         63:15:2a:00:8e:60:af:ee:a6:8a:d3:65:6a:b8:f9:7e:0e:cd:
   21.66 -         bf:d5
   21.67 +         36:66:82:04:35:26:cc:ce:07:00:e7:19:db:4e:05:22:af:98:
   21.68 +         9f:8f:88:84:1b:75:57:3b:f7:0f:2a:da:ae:fe:36:e4:35:a9:
   21.69 +         ff:57:7a:3f:4a:ec:71:ba:c6:4a:b5:6a:c7:e3:46:27:52:5b:
   21.70 +         d0:dd:a3:c4:3a:78:8b:ac:21:5c:2a:68:71:ec:d8:cb:0f:f3:
   21.71 +         35:07:82:53:3c:01:1b:69:34:cb:2a:85:3b:da:f1:b7:11:fe:
   21.72 +         ec:12:3a:a2:c8:b1:80:fd:bd:40:b1:f2:b2:ed:1b:b3:83:87:
   21.73 +         60:12:21:b9:e1:3a:ff:4a:3c:d0:6e:b5:07:4c:a8:db:e8:f4:
   21.74 +         81:50:14:3c:4b:09:3a:fe:85:88:1a:72:d6:3c:2a:e2:67:c4:
   21.75 +         51:cb:21:7e:22:78:30:34:dc:e9:41:fe:15:f5:cc:fc:85:64:
   21.76 +         de:8f:89:c3:de:de:56:bb:a8:7f:4f:8c:98:27:e5:de:d0:4c:
   21.77 +         13:f5:56:d9:7b:18:d4:09:21:99:6e:cd:27:c2:0f:e2:45:58:
   21.78 +         a9:b1:b9:89:92:58:dd:94:a6:be:c5:3f:99:86:ca:15:74:00:
   21.79 +         63:85:3f:ce:2a:d6:6d:04:03:91:c8:1f:de:dd:cc:0b:49:c3:
   21.80 +         ea:76:e3:2f:87:4d:2e:75:86:ea:19:49:0f:a2:78:e5:7d:bb:
   21.81 +         ef:bf:1c:b2
   21.82  -----BEGIN CERTIFICATE-----
   21.83 -MIIDPTCCAqagAwIBAgIBBDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   21.84 +MIIEQjCCAyqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   21.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   21.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoM190YTExFjAUBgkqhkiG9w0BCQEWB2NoM190
   21.87 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjBxMQswCQYDVQQGEwJV
   21.88 +YTEwHhcNMTYwMTIyMDE1NzU0WhcNMTgxMDE4MDE1NzU0WjBxMQswCQYDVQQGEwJV
   21.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   21.90  BgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoNF90YTExFjAUBgkqhkiG9w0BCQEWB2No
   21.91 -NF90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/Dizk+IVaK1pcbx6rH
   21.92 -UZ7pzxUfJOaRkoGzfTDr6hIwEwPQuWBBi+uI9B/lQ8+1rkd6TUZu+BZCZ9sg5A0f
   21.93 -lk8hWZX2cDMyRYEYXqVb/Urm15fPRWXndHlfpZ/hx6XQXSSnMhhoE1dMz3gSb59c
   21.94 -5k2+iSRLKdgCsvn5E8+SQw/lAgMBAAGjgeQwgeEwHQYDVR0OBBYEFFSKFBALr4nc
   21.95 -HmWKFzdqrNIrbCdcMIGbBgNVHSMEgZMwgZCAFI8qgkweOZfDSmpS/NTL5jfOEpFZ
   21.96 -oXWkczBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UE
   21.97 -BwwLU2FudGEgQ2xhcmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoMl90YTEx
   21.98 -FjAUBgkqhkiG9w0BCQEWB2NoMl90YTGCAQMwEgYDVR0TAQH/BAgwBgEB/wIBATAO
   21.99 -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAaheWFqY/lreO++XXFPmo
  21.100 -jlIWBA1YS/fGcMQ/0ysTJHtHLc+JWb9cbBcxRsQX5UH+Xj/sRC6SlOs7yf/RXsCt
  21.101 -01ErEhGHshcvQFqsdvAP7c3Kvray77/UeQTg7YgzlrCkJ0GnMQvE2WqtfYK7YxUq
  21.102 -AI5gr+6mitNlarj5fg7Nv9U=
  21.103 +NF90YTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwvp98+46ak4Aw
  21.104 +uEOmcBOpC/sM9wJtTnXbShmcSinD6Fi6ezlmTtAE1uRMcwubweLF+udNGcbj7K4T
  21.105 +I1SrEkLQ/O8QXIssxwC4Na3Y9q/MnW8ZHCD5FPMeac6FwD0tJW15ARyJ+yv2Ksfq
  21.106 +iT+4asUgYHnNxT0v1FdUYwRp/PoMpiPu5G7j4mCskQGiZKT1RIp8kPO3aTEUDlP1
  21.107 +gQgLUA0cQ/aSWaX6OphyOMdf4U6oVGSp1JMO6SeISrmYuqrIMQ3c+3ANBmMb0O5h
  21.108 +L5vPGNV0vFNjuQ0NufK8bbLDPQtMhAkonoCUdFi3r5ebVe2lx8V5+d+gbcpAwKXc
  21.109 +CcTN7TkbAgMBAAGjgeQwgeEwHQYDVR0OBBYEFESBSaNbfIXyp1YZ/2SYq2GJPuG3
  21.110 +MIGbBgNVHSMEgZMwgZCAFO6gwFS1hIkogHlJztCpxou5joUgoXWkczBxMQswCQYD
  21.111 +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xh
  21.112 +cmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoMl90YTExFjAUBgkqhkiG9w0B
  21.113 +CQEWB2NoMl90YTGCAQMwEgYDVR0TAQH/BAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMC
  21.114 +AQYwDQYJKoZIhvcNAQELBQADggEBADZmggQ1JszOBwDnGdtOBSKvmJ+PiIQbdVc7
  21.115 +9w8q2q7+NuQ1qf9Xej9K7HG6xkq1asfjRidSW9Ddo8Q6eIusIVwqaHHs2MsP8zUH
  21.116 +glM8ARtpNMsqhTva8bcR/uwSOqLIsYD9vUCx8rLtG7ODh2ASIbnhOv9KPNButQdM
  21.117 +qNvo9IFQFDxLCTr+hYgactY8KuJnxFHLIX4ieDA03OlB/hX1zPyFZN6PicPe3la7
  21.118 +qH9PjJgn5d7QTBP1Vtl7GNQJIZluzSfCD+JFWKmxuYmSWN2Upr7FP5mGyhV0AGOF
  21.119 +P84q1m0EA5HIH97dzAtJw+p24y+HTS51huoZSQ+ieOV9u++/HLI=
  21.120  -----END CERTIFICATE-----
    22.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/05.pem	Tue Mar 08 11:12:06 2016 -0800
    22.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/05.pem	Wed Mar 09 11:27:23 2016 -0800
    22.3 @@ -5,28 +5,37 @@
    22.4      Signature Algorithm: sha256WithRSAEncryption
    22.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
    22.6          Validity
    22.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    22.8 -            Not After : Sep  8 00:13:34 2016 GMT
    22.9 +            Not Before: Jan 22 01:57:54 2016 GMT
   22.10 +            Not After : Oct 18 01:57:54 2018 GMT
   22.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch5_ta1/emailAddress=ch5_ta1
   22.12          Subject Public Key Info:
   22.13              Public Key Algorithm: rsaEncryption
   22.14 -                Public-Key: (1024 bit)
   22.15 +                Public-Key: (2048 bit)
   22.16                  Modulus:
   22.17 -                    00:df:c0:ed:cc:df:82:ab:d3:9b:54:8d:56:f7:0d:
   22.18 -                    e4:d8:b4:ba:03:ef:a3:82:f6:b6:e6:4d:0f:b4:e5:
   22.19 -                    61:98:88:bd:32:b3:47:21:4b:2c:e8:c3:9a:22:9c:
   22.20 -                    35:63:a8:4f:2a:c1:47:1a:3a:b2:46:d6:61:4e:87:
   22.21 -                    2a:13:3a:d8:35:3e:3c:ae:67:43:b8:3d:a9:95:df:
   22.22 -                    7b:ba:e9:71:ec:31:99:b3:fa:00:96:8c:80:4b:1d:
   22.23 -                    d9:77:e5:d2:14:9d:95:a2:ce:32:21:d5:2e:67:ae:
   22.24 -                    b1:08:04:fb:9d:fb:70:16:74:5f:1a:d1:36:77:e8:
   22.25 -                    4b:68:c3:d8:d4:fb:18:20:31
   22.26 +                    00:a8:92:25:84:36:2c:16:5b:7e:99:d4:a8:ac:bf:
   22.27 +                    2b:63:99:2c:65:69:ec:f3:13:3f:fb:b3:c9:33:0c:
   22.28 +                    43:1a:e9:04:a3:8c:27:5e:e5:f8:47:a5:4d:5f:39:
   22.29 +                    2f:9b:b9:5f:3e:2e:9c:18:8b:16:d4:4c:0c:f7:02:
   22.30 +                    35:37:a1:81:c6:d1:0d:43:eb:7d:1c:e4:d4:81:73:
   22.31 +                    58:fc:b2:94:a2:4e:04:a5:bb:b2:f4:64:d0:c6:54:
   22.32 +                    91:71:33:45:8e:22:a4:f2:35:1e:b3:69:e4:fc:5e:
   22.33 +                    a9:5b:7a:8c:7c:6a:e2:7b:2d:d0:ad:d8:d1:76:47:
   22.34 +                    c6:99:a6:2e:8d:1b:56:f8:8c:f7:04:2f:99:c5:3d:
   22.35 +                    81:67:cc:73:ec:c1:d6:97:41:73:04:1c:8b:45:eb:
   22.36 +                    60:f9:60:d6:11:f6:c6:5c:19:5d:d2:18:a8:2e:53:
   22.37 +                    78:33:46:3b:5c:43:b0:54:7d:e4:57:5a:36:08:84:
   22.38 +                    50:a5:c0:1e:1d:21:11:6d:63:c4:df:fc:ee:0f:a8:
   22.39 +                    8f:ca:7c:2a:5c:0a:2d:ad:17:64:c8:5d:e2:9b:e1:
   22.40 +                    d4:57:a3:8e:0f:1d:4f:60:1e:79:bf:9f:39:94:6a:
   22.41 +                    73:e6:19:0d:ef:74:c2:a3:fc:85:a2:03:a4:99:13:
   22.42 +                    9e:85:5e:f3:8c:31:f1:7d:91:50:98:6f:18:ec:fc:
   22.43 +                    98:2f
   22.44                  Exponent: 65537 (0x10001)
   22.45          X509v3 extensions:
   22.46              X509v3 Subject Key Identifier: 
   22.47 -                B7:43:D6:5A:46:C2:2F:15:50:05:D5:FB:5E:BE:EC:F8:33:9E:EC:EC
   22.48 +                64:B3:47:B8:70:CE:F3:CD:0F:95:A6:B0:0F:5F:D5:66:E1:1B:30:E7
   22.49              X509v3 Authority Key Identifier: 
   22.50 -                keyid:54:8A:14:10:0B:AF:89:DC:1E:65:8A:17:37:6A:AC:D2:2B:6C:27:5C
   22.51 +                keyid:44:81:49:A3:5B:7C:85:F2:A7:56:19:FF:64:98:AB:61:89:3E:E1:B7
   22.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
   22.53                  serial:04
   22.54  
   22.55 @@ -35,31 +44,43 @@
   22.56              X509v3 Key Usage: critical
   22.57                  Certificate Sign, CRL Sign
   22.58      Signature Algorithm: sha256WithRSAEncryption
   22.59 -         96:fb:63:43:cf:70:0a:14:7b:47:4e:37:4b:2f:7c:7f:8c:75:
   22.60 -         85:bb:e3:44:af:9c:2c:08:c5:9c:4d:c7:59:f1:70:3a:67:82:
   22.61 -         1c:4c:3c:f7:8b:e7:00:f0:05:db:af:29:79:53:6f:09:a2:ac:
   22.62 -         ae:4d:e2:df:4a:7d:4e:56:79:8c:85:97:47:14:4e:2f:7e:bd:
   22.63 -         07:2c:70:01:85:43:3c:18:32:ed:24:36:24:1c:29:e0:0b:ce:
   22.64 -         86:4d:a7:a9:88:b8:de:f1:0e:a3:13:c1:5c:d7:1b:76:81:c2:
   22.65 -         3f:63:c3:76:1d:60:f7:e5:43:1f:25:3b:ae:d2:a5:1f:02:fa:
   22.66 -         8c:a3
   22.67 +         b6:f5:d5:78:23:16:4f:ca:8f:3a:a7:fd:a8:91:2a:c5:3e:e2:
   22.68 +         bf:32:ca:b3:38:6b:2f:64:9c:1d:99:d8:d2:b5:a8:2c:a4:db:
   22.69 +         8e:9d:31:5c:40:b9:05:32:a0:1c:b6:21:72:46:69:d1:eb:49:
   22.70 +         50:20:f9:e8:95:6f:e7:91:34:f9:e1:bb:3f:e7:b6:a4:f9:d3:
   22.71 +         12:36:3a:40:c6:76:35:a5:c9:b7:71:70:50:55:19:b4:ff:51:
   22.72 +         ef:40:3e:41:4f:f3:1a:70:f5:fd:3b:0a:4d:d9:43:a6:57:e4:
   22.73 +         42:9c:77:3d:26:7a:c2:e2:54:7f:76:6f:fd:af:52:31:29:07:
   22.74 +         ac:ae:78:4c:76:d9:f9:80:b5:4c:79:60:a0:e9:59:5f:bf:fe:
   22.75 +         cd:6a:fe:ee:92:ca:79:0e:5c:e6:1d:8f:59:a9:62:51:a1:2e:
   22.76 +         d9:b2:37:fa:e1:ef:7c:88:b5:29:d2:5f:13:74:76:ef:ed:fe:
   22.77 +         7f:e9:81:5d:9c:62:91:8f:21:ef:45:95:7c:12:a6:d5:46:45:
   22.78 +         8e:9e:d1:a8:9a:aa:a8:5e:fd:65:55:d2:f9:08:d0:3c:66:f9:
   22.79 +         69:ee:c1:0f:a9:15:06:a9:8e:ac:e0:08:06:13:0c:7e:9c:81:
   22.80 +         94:60:1b:ad:3a:7d:3e:ed:b4:79:d2:51:0c:80:8c:42:69:fe:
   22.81 +         f3:99:56:1c
   22.82  -----BEGIN CERTIFICATE-----
   22.83 -MIIDPTCCAqagAwIBAgIBBTANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   22.84 +MIIEQjCCAyqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   22.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   22.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoNF90YTExFjAUBgkqhkiG9w0BCQEWB2NoNF90
   22.87 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjBxMQswCQYDVQQGEwJV
   22.88 +YTEwHhcNMTYwMTIyMDE1NzU0WhcNMTgxMDE4MDE1NzU0WjBxMQswCQYDVQQGEwJV
   22.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   22.90  BgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoNV90YTExFjAUBgkqhkiG9w0BCQEWB2No
   22.91 -NV90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/A7czfgqvTm1SNVvcN
   22.92 -5Ni0ugPvo4L2tuZND7TlYZiIvTKzRyFLLOjDmiKcNWOoTyrBRxo6skbWYU6HKhM6
   22.93 -2DU+PK5nQ7g9qZXfe7rpcewxmbP6AJaMgEsd2Xfl0hSdlaLOMiHVLmeusQgE+537
   22.94 -cBZ0XxrRNnfoS2jD2NT7GCAxAgMBAAGjgeQwgeEwHQYDVR0OBBYEFLdD1lpGwi8V
   22.95 -UAXV+16+7PgznuzsMIGbBgNVHSMEgZMwgZCAFFSKFBALr4ncHmWKFzdqrNIrbCdc
   22.96 -oXWkczBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UE
   22.97 -BwwLU2FudGEgQ2xhcmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoM190YTEx
   22.98 -FjAUBgkqhkiG9w0BCQEWB2NoM190YTGCAQQwEgYDVR0TAQH/BAgwBgEB/wIBADAO
   22.99 -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAlvtjQ89wChR7R043Sy98
  22.100 -f4x1hbvjRK+cLAjFnE3HWfFwOmeCHEw894vnAPAF268peVNvCaKsrk3i30p9TlZ5
  22.101 -jIWXRxROL369ByxwAYVDPBgy7SQ2JBwp4AvOhk2nqYi43vEOoxPBXNcbdoHCP2PD
  22.102 -dh1g9+VDHyU7rtKlHwL6jKM=
  22.103 +NV90YTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCokiWENiwWW36Z
  22.104 +1KisvytjmSxlaezzEz/7s8kzDEMa6QSjjCde5fhHpU1fOS+buV8+LpwYixbUTAz3
  22.105 +AjU3oYHG0Q1D630c5NSBc1j8spSiTgSlu7L0ZNDGVJFxM0WOIqTyNR6zaeT8Xqlb
  22.106 +eox8auJ7LdCt2NF2R8aZpi6NG1b4jPcEL5nFPYFnzHPswdaXQXMEHItF62D5YNYR
  22.107 +9sZcGV3SGKguU3gzRjtcQ7BUfeRXWjYIhFClwB4dIRFtY8Tf/O4PqI/KfCpcCi2t
  22.108 +F2TIXeKb4dRXo44PHU9gHnm/nzmUanPmGQ3vdMKj/IWiA6SZE56FXvOMMfF9kVCY
  22.109 +bxjs/JgvAgMBAAGjgeQwgeEwHQYDVR0OBBYEFGSzR7hwzvPND5WmsA9f1WbhGzDn
  22.110 +MIGbBgNVHSMEgZMwgZCAFESBSaNbfIXyp1YZ/2SYq2GJPuG3oXWkczBxMQswCQYD
  22.111 +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xh
  22.112 +cmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoM190YTExFjAUBgkqhkiG9w0B
  22.113 +CQEWB2NoM190YTGCAQQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMC
  22.114 +AQYwDQYJKoZIhvcNAQELBQADggEBALb11XgjFk/Kjzqn/aiRKsU+4r8yyrM4ay9k
  22.115 +nB2Z2NK1qCyk246dMVxAuQUyoBy2IXJGadHrSVAg+eiVb+eRNPnhuz/ntqT50xI2
  22.116 +OkDGdjWlybdxcFBVGbT/Ue9APkFP8xpw9f07Ck3ZQ6ZX5EKcdz0mesLiVH92b/2v
  22.117 +UjEpB6yueEx22fmAtUx5YKDpWV+//s1q/u6SynkOXOYdj1mpYlGhLtmyN/rh73yI
  22.118 +tSnSXxN0du/t/n/pgV2cYpGPIe9FlXwSptVGRY6e0aiaqqhe/WVV0vkI0Dxm+Wnu
  22.119 +wQ+pFQapjqzgCAYTDH6cgZRgG606fT7ttHnSUQyAjEJp/vOZVhw=
  22.120  -----END CERTIFICATE-----
    23.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/08.pem	Tue Mar 08 11:12:06 2016 -0800
    23.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/08.pem	Wed Mar 09 11:27:23 2016 -0800
    23.3 @@ -5,22 +5,31 @@
    23.4      Signature Algorithm: sha256WithRSAEncryption
    23.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
    23.6          Validity
    23.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    23.8 -            Not After : Sep  8 00:13:34 2016 GMT
    23.9 +            Not Before: Jan 22 01:57:54 2016 GMT
   23.10 +            Not After : Oct 18 01:57:54 2018 GMT
   23.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch5.1_ta1/emailAddress=ch5.1_ta1
   23.12          Subject Public Key Info:
   23.13              Public Key Algorithm: rsaEncryption
   23.14 -                Public-Key: (1024 bit)
   23.15 +                Public-Key: (2048 bit)
   23.16                  Modulus:
   23.17 -                    00:9d:91:87:82:56:78:7f:64:32:62:7e:ee:6c:38:
   23.18 -                    f2:a2:f6:34:ba:a9:ec:bb:6e:0f:87:ab:46:a4:37:
   23.19 -                    ce:80:f1:b5:8b:9b:0a:4b:2a:b6:46:9b:f1:47:c0:
   23.20 -                    6b:85:7f:64:08:61:ac:53:d4:3b:ce:54:2a:6d:a4:
   23.21 -                    65:cd:a7:dc:a5:3a:33:bf:86:2b:f6:d0:fb:24:80:
   23.22 -                    56:8f:4f:d4:f9:96:71:f3:86:74:4b:47:38:da:18:
   23.23 -                    79:ae:d9:5b:9d:09:9e:f7:cb:b4:a7:85:33:85:20:
   23.24 -                    d3:2a:fc:72:c1:37:62:01:d6:b1:cb:4a:a0:09:c2:
   23.25 -                    72:ea:fd:b8:5d:03:68:33:7d
   23.26 +                    00:f8:99:82:00:c1:73:68:ee:ab:3e:93:5c:b8:fa:
   23.27 +                    1c:2d:94:58:4a:a7:ab:b7:0b:d5:6e:02:b5:2f:b0:
   23.28 +                    e1:6c:c7:6f:aa:63:2d:1a:30:a3:2f:88:6d:21:be:
   23.29 +                    e1:36:23:e4:22:19:99:3a:1d:2a:9e:ec:a6:2c:a2:
   23.30 +                    5c:a1:26:96:70:22:80:04:0a:6b:c6:3f:b2:8c:ce:
   23.31 +                    6a:32:e0:ae:4f:43:73:9a:db:0e:9e:b7:e5:92:a0:
   23.32 +                    06:ac:48:a0:c8:fe:16:27:96:14:27:64:38:8a:78:
   23.33 +                    a3:20:60:d4:9b:ed:47:14:b9:08:6b:7a:4f:ba:dc:
   23.34 +                    db:c9:1c:c9:92:df:0a:37:01:7e:8e:1f:30:b0:fb:
   23.35 +                    35:32:41:2d:65:c9:3f:65:b1:20:e7:e4:8a:1d:e1:
   23.36 +                    10:b5:e8:57:14:59:bd:b8:2d:2b:d6:e8:7f:3c:c3:
   23.37 +                    e2:7c:c6:f7:d3:08:d6:75:06:c7:56:32:fe:80:8e:
   23.38 +                    f6:fd:c5:25:ac:49:c7:ad:1b:eb:de:aa:67:50:92:
   23.39 +                    a3:2c:e5:09:81:07:44:b5:cf:9b:16:10:29:f8:98:
   23.40 +                    05:3e:49:fc:e6:58:1f:93:b1:dd:82:67:e5:6b:dd:
   23.41 +                    50:2f:0f:a1:ec:5a:34:83:b9:33:9d:65:37:c3:a7:
   23.42 +                    03:e1:2a:56:48:3d:0f:d5:06:88:60:e6:3e:cb:ef:
   23.43 +                    98:27
   23.44                  Exponent: 65537 (0x10001)
   23.45          X509v3 extensions:
   23.46              X509v3 Basic Constraints: critical
   23.47 @@ -29,27 +38,39 @@
   23.48                  <EMPTY>
   23.49  
   23.50      Signature Algorithm: sha256WithRSAEncryption
   23.51 -         11:3c:6b:22:14:f6:1a:18:8b:59:a4:8d:38:d6:6f:48:8a:01:
   23.52 -         e2:d3:9d:6a:26:40:61:d3:9b:ce:8a:ab:b9:25:c4:89:c4:f9:
   23.53 -         98:1e:6c:f5:1c:d7:f7:6a:c9:7b:48:ba:d7:e0:03:59:41:4d:
   23.54 -         29:28:7d:2d:61:c5:7f:7f:8c:2f:30:2b:c6:6e:16:31:7d:45:
   23.55 -         d2:2a:83:ea:fc:25:92:1f:cb:85:28:0a:f4:2c:a0:c4:c2:fc:
   23.56 -         52:43:53:d1:46:e7:fd:3c:0a:9b:11:45:0f:09:2e:c6:93:26:
   23.57 -         72:c9:20:28:7a:db:18:55:1b:15:70:1f:bc:0e:ab:18:c1:f8:
   23.58 -         64:03
   23.59 +         ed:1f:86:cd:a6:67:a8:48:fa:9a:c4:ad:a8:de:08:14:96:f5:
   23.60 +         16:44:e3:a1:b2:d5:06:6b:bb:0e:9d:f3:59:84:84:f1:a5:0d:
   23.61 +         f3:38:50:af:43:fe:91:c5:08:54:1d:2d:59:fd:1d:1b:bd:18:
   23.62 +         71:97:b3:d7:ba:21:f8:90:05:4d:9e:79:13:7a:12:40:0b:3d:
   23.63 +         97:00:ac:b1:fd:70:9b:e3:80:89:e6:8d:0f:07:56:15:e4:ed:
   23.64 +         99:9a:8b:85:27:a1:9c:c4:f9:19:8e:f1:d3:c3:76:0a:5d:51:
   23.65 +         a5:f9:2c:81:ef:76:c1:75:b9:50:96:2a:f0:65:9d:7e:aa:2f:
   23.66 +         16:30:8c:e6:82:83:67:cf:2d:53:89:f8:82:f1:c6:0d:a9:77:
   23.67 +         fe:3a:50:6b:34:1a:b4:f8:16:94:8b:59:4d:e1:d8:da:a9:5c:
   23.68 +         06:84:6b:23:0d:d0:d5:41:5d:02:ec:5a:c2:5a:a8:41:3e:fb:
   23.69 +         cf:42:76:c9:96:ed:c9:c6:16:50:5a:dc:ef:be:4c:a8:5b:f5:
   23.70 +         9f:fe:31:9c:c7:55:38:ac:a1:72:3b:4b:55:92:16:40:10:86:
   23.71 +         fe:40:99:ba:ee:b1:65:48:6f:34:75:bc:f0:af:c0:b6:be:81:
   23.72 +         8f:0f:41:7d:ba:b7:26:e7:9f:75:55:8b:94:95:b0:ef:23:fb:
   23.73 +         9b:5a:14:6b
   23.74  -----BEGIN CERTIFICATE-----
   23.75 -MIICfTCCAeagAwIBAgIBCDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   23.76 +MIIDgjCCAmqgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   23.77  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   23.78  BAoMBHBrZzUxEDAOBgNVBAMMB2NoNF90YTExFjAUBgkqhkiG9w0BCQEWB2NoNF90
   23.79 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjB1MQswCQYDVQQGEwJV
   23.80 +YTEwHhcNMTYwMTIyMDE1NzU0WhcNMTgxMDE4MDE1NzU0WjB1MQswCQYDVQQGEwJV
   23.81  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   23.82  BgNVBAoMBHBrZzUxEjAQBgNVBAMMCWNoNS4xX3RhMTEYMBYGCSqGSIb3DQEJARYJ
   23.83 -Y2g1LjFfdGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdkYeCVnh/ZDJi
   23.84 -fu5sOPKi9jS6qey7bg+Hq0akN86A8bWLmwpLKrZGm/FHwGuFf2QIYaxT1DvOVCpt
   23.85 -pGXNp9ylOjO/hiv20PskgFaPT9T5lnHzhnRLRzjaGHmu2VudCZ73y7SnhTOFINMq
   23.86 -/HLBN2IB1rHLSqAJwnLq/bhdA2gzfQIDAQABoyEwHzAPBgNVHRMBAf8EBTADAQH/
   23.87 -MAwGA1UdEgEB/wQCMAAwDQYJKoZIhvcNAQELBQADgYEAETxrIhT2GhiLWaSNONZv
   23.88 -SIoB4tOdaiZAYdObzoqruSXEicT5mB5s9RzX92rJe0i61+ADWUFNKSh9LWHFf3+M
   23.89 -LzArxm4WMX1F0iqD6vwlkh/LhSgK9CygxML8UkNT0Ubn/TwKmxFFDwkuxpMmcskg
   23.90 -KHrbGFUbFXAfvA6rGMH4ZAM=
   23.91 +Y2g1LjFfdGExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+JmCAMFz
   23.92 +aO6rPpNcuPocLZRYSqertwvVbgK1L7DhbMdvqmMtGjCjL4htIb7hNiPkIhmZOh0q
   23.93 +nuymLKJcoSaWcCKABAprxj+yjM5qMuCuT0NzmtsOnrflkqAGrEigyP4WJ5YUJ2Q4
   23.94 +inijIGDUm+1HFLkIa3pPutzbyRzJkt8KNwF+jh8wsPs1MkEtZck/ZbEg5+SKHeEQ
   23.95 +tehXFFm9uC0r1uh/PMPifMb30wjWdQbHVjL+gI72/cUlrEnHrRvr3qpnUJKjLOUJ
   23.96 +gQdEtc+bFhAp+JgFPkn85lgfk7Hdgmfla91QLw+h7Fo0g7kznWU3w6cD4SpWSD0P
   23.97 +1QaIYOY+y++YJwIDAQABoyEwHzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdEgEB/wQC
   23.98 +MAAwDQYJKoZIhvcNAQELBQADggEBAO0fhs2mZ6hI+prErajeCBSW9RZE46Gy1QZr
   23.99 +uw6d81mEhPGlDfM4UK9D/pHFCFQdLVn9HRu9GHGXs9e6IfiQBU2eeRN6EkALPZcA
  23.100 +rLH9cJvjgInmjQ8HVhXk7Zmai4UnoZzE+RmO8dPDdgpdUaX5LIHvdsF1uVCWKvBl
  23.101 +nX6qLxYwjOaCg2fPLVOJ+ILxxg2pd/46UGs0GrT4FpSLWU3h2NqpXAaEayMN0NVB
  23.102 +XQLsWsJaqEE++89CdsmW7cnGFlBa3O++TKhb9Z/+MZzHVTisoXI7S1WSFkAQhv5A
  23.103 +mbrusWVIbzR1vPCvwLa+gY8PQX26tybnn3VVi5SVsO8j+5taFGs=
  23.104  -----END CERTIFICATE-----
    24.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/0A.pem	Tue Mar 08 11:12:06 2016 -0800
    24.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/0A.pem	Wed Mar 09 11:27:23 2016 -0800
    24.3 @@ -5,28 +5,37 @@
    24.4      Signature Algorithm: sha256WithRSAEncryption
    24.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
    24.6          Validity
    24.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    24.8 -            Not After : Sep  8 00:13:34 2016 GMT
    24.9 +            Not Before: Jan 22 01:57:55 2016 GMT
   24.10 +            Not After : Oct 18 01:57:55 2018 GMT
   24.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch5.2_ta1/emailAddress=ch5.2_ta1
   24.12          Subject Public Key Info:
   24.13              Public Key Algorithm: rsaEncryption
   24.14 -                Public-Key: (1024 bit)
   24.15 +                Public-Key: (2048 bit)
   24.16                  Modulus:
   24.17 -                    00:a0:b5:e8:50:6e:0b:2e:be:8a:39:95:a1:f3:8f:
   24.18 -                    03:1c:da:d3:74:5c:9d:ed:34:54:5e:3f:ac:e2:91:
   24.19 -                    40:50:5e:d7:e3:bc:b1:8e:a6:62:d1:0b:33:e2:59:
   24.20 -                    d7:67:f1:b7:af:f9:61:37:b1:24:aa:6f:67:e0:4f:
   24.21 -                    ef:5d:a2:72:42:70:41:1e:32:e5:1a:94:4f:de:60:
   24.22 -                    6c:e7:e1:96:99:82:d0:35:f2:40:03:de:92:10:f3:
   24.23 -                    4f:91:e8:78:24:a1:ef:92:da:7b:49:4b:57:03:80:
   24.24 -                    57:d8:fc:41:60:8a:f0:e6:55:fe:67:55:5e:68:bf:
   24.25 -                    fe:fd:23:2b:ab:94:cb:12:c3
   24.26 +                    00:9e:9d:c2:a0:df:34:68:63:c6:f3:28:8b:68:8d:
   24.27 +                    0e:9c:04:a3:31:bf:95:37:9b:00:49:81:7f:35:8d:
   24.28 +                    a3:7d:4a:6c:0f:35:14:1d:2a:f9:99:eb:8b:84:6e:
   24.29 +                    65:5d:b9:d9:66:c6:11:57:bf:83:49:04:f1:35:d3:
   24.30 +                    75:22:30:bc:22:b1:a7:91:af:25:b9:f3:5e:6f:7b:
   24.31 +                    74:c2:25:f4:a7:1a:a6:c2:88:3c:db:31:fd:42:79:
   24.32 +                    53:87:10:d4:ad:bf:a7:23:55:4d:b6:9f:9c:e5:31:
   24.33 +                    0f:72:d6:fc:0e:b8:2c:46:7a:4f:cf:de:61:3e:39:
   24.34 +                    0e:fc:0e:fd:a4:08:05:e8:aa:c8:7c:a5:33:a9:c9:
   24.35 +                    9e:ae:35:51:10:85:06:cc:c1:ae:41:d3:0f:c9:2f:
   24.36 +                    8f:01:0a:6d:a2:06:bb:7c:40:96:ff:a4:cb:3f:5e:
   24.37 +                    11:2f:aa:2b:59:f9:8d:d0:ff:b4:0f:3f:a5:58:f5:
   24.38 +                    cf:a9:20:aa:e6:fe:f4:6b:5d:09:24:9f:26:00:18:
   24.39 +                    a5:f2:9c:e8:79:de:4d:f9:fb:d1:e5:89:6b:d8:de:
   24.40 +                    27:de:f8:0b:28:6f:b3:d1:2e:01:9e:e1:ba:00:0f:
   24.41 +                    21:b2:43:b1:96:b0:46:d9:a3:14:08:a1:6d:1c:e7:
   24.42 +                    a0:9e:84:74:45:91:a8:d9:24:14:f7:a9:3f:8f:95:
   24.43 +                    cb:35
   24.44                  Exponent: 65537 (0x10001)
   24.45          X509v3 extensions:
   24.46              X509v3 Subject Key Identifier: 
   24.47 -                A4:07:01:64:2E:FC:65:F5:BC:44:82:AB:87:E5:17:5F:91:F5:8A:DD
   24.48 +                29:4E:31:FF:45:35:28:B4:BE:69:AE:55:E5:CE:F3:89:B2:BF:DA:2F
   24.49              X509v3 Authority Key Identifier: 
   24.50 -                keyid:54:8A:14:10:0B:AF:89:DC:1E:65:8A:17:37:6A:AC:D2:2B:6C:27:5C
   24.51 +                keyid:44:81:49:A3:5B:7C:85:F2:A7:56:19:FF:64:98:AB:61:89:3E:E1:B7
   24.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
   24.53                  serial:04
   24.54  
   24.55 @@ -35,31 +44,43 @@
   24.56              X509v3 Key Usage: critical
   24.57                  Certificate Sign, CRL Sign
   24.58      Signature Algorithm: sha256WithRSAEncryption
   24.59 -         04:21:55:e4:d4:f9:07:b1:55:dd:d3:6c:5e:17:f5:84:36:49:
   24.60 -         08:3f:96:1b:79:f6:1f:c8:aa:0a:e2:64:bd:90:e1:00:89:23:
   24.61 -         94:1c:d9:c8:7d:a6:5e:48:4f:e4:6a:9d:c1:2a:b9:6c:6b:ed:
   24.62 -         24:14:54:9f:87:bf:a1:d3:fd:73:39:eb:c4:88:85:7e:f5:35:
   24.63 -         91:3d:85:ad:9e:c5:1f:fc:f6:06:71:ce:3f:dc:12:e8:6c:a6:
   24.64 -         61:07:b8:d0:78:03:de:e6:be:e9:67:59:2f:70:24:c3:54:4e:
   24.65 -         b3:5c:6e:54:8e:04:c3:b6:f1:83:1b:8d:7f:e8:b7:5b:3d:b2:
   24.66 -         26:fe
   24.67 +         1b:01:5a:d2:0c:c2:a9:cf:84:c1:9e:42:98:bb:fc:3f:b7:b3:
   24.68 +         33:c9:c1:4b:1b:5c:02:86:4b:d9:37:0e:1b:26:10:68:84:68:
   24.69 +         ed:54:94:69:5d:b8:01:5d:f7:1f:d8:57:ec:e1:f3:b4:7e:81:
   24.70 +         ae:71:f0:79:8a:52:60:81:55:77:c8:a7:20:1a:48:bb:cb:b4:
   24.71 +         cb:26:a9:0b:1a:45:62:0c:b5:d2:0d:ec:75:8c:50:3d:2d:25:
   24.72 +         6c:96:a6:6e:b0:f3:8b:27:7c:ed:ac:44:6e:5b:ef:01:49:6d:
   24.73 +         b4:7a:30:26:cf:73:2a:79:91:60:1a:5e:a1:ba:50:e3:cc:93:
   24.74 +         68:53:6f:8e:fe:d0:48:4a:41:db:6a:15:cc:59:dc:a5:a7:79:
   24.75 +         fc:e5:f9:d1:0e:2b:f4:45:6b:2b:56:e7:69:2a:b2:a1:e2:16:
   24.76 +         79:74:45:7c:ab:3a:49:40:52:1b:5b:ef:29:f9:1f:48:16:31:
   24.77 +         61:aa:17:a2:6f:36:a4:49:d8:d6:c5:ff:4a:33:2e:be:cd:3e:
   24.78 +         9a:38:c6:12:42:9c:1f:08:53:7a:c2:61:88:43:86:17:95:8c:
   24.79 +         f2:4f:dd:b4:b3:66:fa:ef:ac:51:a4:70:f6:4c:a4:6d:70:6f:
   24.80 +         dc:5a:a5:c7:da:94:4f:d6:71:2a:5b:fe:0f:f2:25:72:3d:e4:
   24.81 +         62:c5:3d:87
   24.82  -----BEGIN CERTIFICATE-----
   24.83 -MIIDQTCCAqqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   24.84 +MIIERjCCAy6gAwIBAgIBCjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   24.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   24.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoNF90YTExFjAUBgkqhkiG9w0BCQEWB2NoNF90
   24.87 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjB1MQswCQYDVQQGEwJV
   24.88 +YTEwHhcNMTYwMTIyMDE1NzU1WhcNMTgxMDE4MDE1NzU1WjB1MQswCQYDVQQGEwJV
   24.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   24.90  BgNVBAoMBHBrZzUxEjAQBgNVBAMMCWNoNS4yX3RhMTEYMBYGCSqGSIb3DQEJARYJ
   24.91 -Y2g1LjJfdGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgtehQbgsuvoo5
   24.92 -laHzjwMc2tN0XJ3tNFReP6zikUBQXtfjvLGOpmLRCzPiWddn8bev+WE3sSSqb2fg
   24.93 -T+9donJCcEEeMuUalE/eYGzn4ZaZgtA18kAD3pIQ80+R6Hgkoe+S2ntJS1cDgFfY
   24.94 -/EFgivDmVf5nVV5ov/79IyurlMsSwwIDAQABo4HkMIHhMB0GA1UdDgQWBBSkBwFk
   24.95 -Lvxl9bxEgquH5RdfkfWK3TCBmwYDVR0jBIGTMIGQgBRUihQQC6+J3B5lihc3aqzS
   24.96 -K2wnXKF1pHMwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDAS
   24.97 -BgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARwa2c1MRAwDgYDVQQDDAdjaDNf
   24.98 -dGExMRYwFAYJKoZIhvcNAQkBFgdjaDNfdGExggEEMBIGA1UdEwEB/wQIMAYBAf8C
   24.99 -AQEwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAAQhVeTU+QexVd3T
  24.100 -bF4X9YQ2SQg/lht59h/IqgriZL2Q4QCJI5Qc2ch9pl5IT+RqncEquWxr7SQUVJ+H
  24.101 -v6HT/XM568SIhX71NZE9ha2exR/89gZxzj/cEuhspmEHuNB4A97mvulnWS9wJMNU
  24.102 -TrNcblSOBMO28YMbjX/ot1s9sib+
  24.103 +Y2g1LjJfdGExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnp3CoN80
  24.104 +aGPG8yiLaI0OnASjMb+VN5sASYF/NY2jfUpsDzUUHSr5meuLhG5lXbnZZsYRV7+D
  24.105 +SQTxNdN1IjC8IrGnka8lufNeb3t0wiX0pxqmwog82zH9QnlThxDUrb+nI1VNtp+c
  24.106 +5TEPctb8DrgsRnpPz95hPjkO/A79pAgF6KrIfKUzqcmerjVREIUGzMGuQdMPyS+P
  24.107 +AQptoga7fECW/6TLP14RL6orWfmN0P+0Dz+lWPXPqSCq5v70a10JJJ8mABil8pzo
  24.108 +ed5N+fvR5Ylr2N4n3vgLKG+z0S4BnuG6AA8hskOxlrBG2aMUCKFtHOegnoR0RZGo
  24.109 +2SQU96k/j5XLNQIDAQABo4HkMIHhMB0GA1UdDgQWBBQpTjH/RTUotL5prlXlzvOJ
  24.110 +sr/aLzCBmwYDVR0jBIGTMIGQgBREgUmjW3yF8qdWGf9kmKthiT7ht6F1pHMwcTEL
  24.111 +MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRh
  24.112 +IENsYXJhMQ0wCwYDVQQKDARwa2c1MRAwDgYDVQQDDAdjaDNfdGExMRYwFAYJKoZI
  24.113 +hvcNAQkBFgdjaDNfdGExggEEMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
  24.114 +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAbAVrSDMKpz4TBnkKYu/w/t7MzycFL
  24.115 +G1wChkvZNw4bJhBohGjtVJRpXbgBXfcf2Ffs4fO0foGucfB5ilJggVV3yKcgGki7
  24.116 +y7TLJqkLGkViDLXSDex1jFA9LSVslqZusPOLJ3ztrERuW+8BSW20ejAmz3MqeZFg
  24.117 +Gl6hulDjzJNoU2+O/tBISkHbahXMWdylp3n85fnRDiv0RWsrVudpKrKh4hZ5dEV8
  24.118 +qzpJQFIbW+8p+R9IFjFhqheibzakSdjWxf9KMy6+zT6aOMYSQpwfCFN6wmGIQ4YX
  24.119 +lYzyT920s2b676xRpHD2TKRtcG/cWqXH2pRP1nEqW/4P8iVyPeRixT2H
  24.120  -----END CERTIFICATE-----
    25.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/0C.pem	Tue Mar 08 11:12:06 2016 -0800
    25.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/0C.pem	Wed Mar 09 11:27:23 2016 -0800
    25.3 @@ -5,28 +5,37 @@
    25.4      Signature Algorithm: sha256WithRSAEncryption
    25.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
    25.6          Validity
    25.7 -            Not Before: Dec 13 00:13:35 2013 GMT
    25.8 -            Not After : Sep  8 00:13:35 2016 GMT
    25.9 +            Not Before: Jan 22 01:57:55 2016 GMT
   25.10 +            Not After : Oct 18 01:57:55 2018 GMT
   25.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4.3_ta1/emailAddress=ch4.3_ta1
   25.12          Subject Public Key Info:
   25.13              Public Key Algorithm: rsaEncryption
   25.14 -                Public-Key: (1024 bit)
   25.15 +                Public-Key: (2048 bit)
   25.16                  Modulus:
   25.17 -                    00:dd:ec:30:ee:2a:39:ec:cf:6d:c0:b9:04:f2:e0:
   25.18 -                    0f:04:7a:e9:ab:f0:27:28:d9:6b:70:e5:c4:9b:c6:
   25.19 -                    1b:bb:71:16:42:d5:47:80:60:2c:f6:26:90:9d:0b:
   25.20 -                    cc:1b:18:bf:54:98:c7:e8:ba:bf:a2:5d:60:c9:b3:
   25.21 -                    09:79:de:ee:02:d9:b9:70:22:c3:cd:60:04:5f:1e:
   25.22 -                    df:a3:8f:43:73:ea:68:5e:df:70:86:aa:67:75:5a:
   25.23 -                    59:ef:cd:0d:e4:f1:6d:ee:d3:bb:04:c7:52:e5:72:
   25.24 -                    53:2a:e2:f3:02:65:7f:53:46:c3:15:e4:cb:8d:1b:
   25.25 -                    cf:8f:1e:8d:6d:04:07:09:77
   25.26 +                    00:b1:69:ee:17:3e:0a:15:50:23:89:d7:d7:87:ee:
   25.27 +                    b7:6d:ec:73:ba:42:9f:ea:ba:f5:89:74:b7:be:8d:
   25.28 +                    4b:42:9b:7b:30:37:1a:62:fa:39:05:38:95:c2:72:
   25.29 +                    3f:99:ed:73:6f:f0:e9:4a:20:7b:6c:e8:bf:b3:7a:
   25.30 +                    78:95:50:3e:95:25:6d:fb:ac:90:7d:48:82:87:1f:
   25.31 +                    9f:37:7b:58:51:19:3e:1f:a7:14:42:04:84:12:06:
   25.32 +                    4e:29:c9:25:45:8c:fc:08:c9:c9:8a:16:0d:55:ec:
   25.33 +                    45:b5:80:6e:aa:82:a3:4d:fd:d1:cf:80:d3:b6:e6:
   25.34 +                    01:7a:17:3a:fa:51:90:de:05:02:44:ba:c5:c2:4d:
   25.35 +                    ba:d1:25:1a:7c:2e:ad:d1:84:c2:ce:0e:78:c2:8f:
   25.36 +                    d8:42:ce:52:b1:3e:7f:b1:e4:14:bc:95:7d:16:b9:
   25.37 +                    4a:a8:1d:b5:bd:15:b8:7e:89:5d:11:f9:b6:3a:c0:
   25.38 +                    f2:ec:01:6e:8a:79:a6:5c:ac:c1:bb:d8:1c:b3:c7:
   25.39 +                    2a:ed:4a:1d:83:9f:94:da:ac:f8:c7:29:ce:23:5b:
   25.40 +                    e5:17:62:ec:14:86:a2:a1:22:81:55:b7:22:ef:a2:
   25.41 +                    a7:e0:77:be:a9:c8:b0:e5:fe:87:93:fe:47:68:dc:
   25.42 +                    eb:bc:57:b0:b4:cb:5c:d8:97:0d:49:01:d6:71:fe:
   25.43 +                    7a:d7
   25.44                  Exponent: 65537 (0x10001)
   25.45          X509v3 extensions:
   25.46              X509v3 Subject Key Identifier: 
   25.47 -                16:06:DB:79:36:82:5D:96:BA:FD:0F:C3:3D:E2:64:BA:E6:03:E6:3A
   25.48 +                CA:50:20:B6:70:62:DE:6B:28:77:63:00:64:FE:D0:58:9E:50:16:24
   25.49              X509v3 Authority Key Identifier: 
   25.50 -                keyid:8F:2A:82:4C:1E:39:97:C3:4A:6A:52:FC:D4:CB:E6:37:CE:12:91:59
   25.51 +                keyid:EE:A0:C0:54:B5:84:89:28:80:79:49:CE:D0:A9:C6:8B:B9:8E:85:20
   25.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch2_ta1/emailAddress=ch2_ta1
   25.53                  serial:03
   25.54  
   25.55 @@ -35,31 +44,43 @@
   25.56              X509v3 Key Usage: critical
   25.57                  Certificate Sign, CRL Sign
   25.58      Signature Algorithm: sha256WithRSAEncryption
   25.59 -         26:70:cc:69:5b:26:cf:cc:1d:19:b6:61:20:59:22:d7:fa:a3:
   25.60 -         d9:fa:e2:e3:87:07:24:5a:41:5b:7e:21:4c:f5:32:d2:d8:fd:
   25.61 -         a5:17:b5:c4:0f:9a:d2:a6:dd:45:9f:13:2a:30:8a:75:5b:69:
   25.62 -         9b:dd:06:85:3e:19:06:7d:5d:0f:3f:15:64:76:41:e9:a8:30:
   25.63 -         bd:d7:26:66:07:60:da:e2:ec:80:44:6d:a5:8b:fd:9a:3a:0b:
   25.64 -         92:b9:6c:f8:72:cc:7e:24:78:a2:a3:f7:ef:47:7a:aa:8b:89:
   25.65 -         45:33:ff:01:bd:a0:d0:18:ea:a1:46:98:b5:7f:00:e1:00:8e:
   25.66 -         7e:68
   25.67 +         25:89:18:a4:a1:6c:3e:e3:f0:0f:a9:9c:3e:4e:15:a6:42:34:
   25.68 +         22:b6:27:35:b0:d1:88:96:c3:3e:05:4a:26:dc:3f:65:a1:09:
   25.69 +         64:b1:60:d8:af:2f:5c:4b:fe:d1:48:d5:b7:84:83:30:f8:e6:
   25.70 +         42:7f:d2:a0:e4:a7:77:5c:92:87:64:20:b7:48:df:0b:ef:de:
   25.71 +         eb:84:83:4b:5c:60:0e:89:85:1e:5e:9a:65:bc:c5:ac:96:85:
   25.72 +         83:17:85:dd:2f:0a:e8:f5:80:89:a6:4a:55:c6:1a:69:0f:1b:
   25.73 +         3f:25:da:42:31:91:92:87:c7:07:40:9f:20:5a:ac:c5:c5:5d:
   25.74 +         9c:fc:82:4b:2e:ea:8e:b3:fd:94:85:dd:0b:10:09:de:16:4d:
   25.75 +         47:af:59:86:ca:e8:84:c0:75:ac:2a:9c:9e:c7:16:c9:64:75:
   25.76 +         04:87:35:a9:89:b3:a8:92:01:c8:11:fd:79:27:69:16:52:bf:
   25.77 +         23:ff:2f:91:31:e6:b0:e8:66:54:fe:99:c4:7c:bd:d2:53:bf:
   25.78 +         22:14:e2:4e:15:f3:f1:c6:f7:2e:6d:07:95:09:69:66:01:d7:
   25.79 +         89:ce:f9:92:3c:25:fb:84:9a:16:fd:c0:b8:bf:65:6d:b2:34:
   25.80 +         a4:61:79:21:13:62:c6:72:97:aa:64:42:ab:8f:ce:83:84:2a:
   25.81 +         1e:b0:4f:bc
   25.82  -----BEGIN CERTIFICATE-----
   25.83 -MIIDQTCCAqqgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   25.84 +MIIERjCCAy6gAwIBAgIBDDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   25.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   25.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoM190YTExFjAUBgkqhkiG9w0BCQEWB2NoM190
   25.87 -YTEwHhcNMTMxMjEzMDAxMzM1WhcNMTYwOTA4MDAxMzM1WjB1MQswCQYDVQQGEwJV
   25.88 +YTEwHhcNMTYwMTIyMDE1NzU1WhcNMTgxMDE4MDE1NzU1WjB1MQswCQYDVQQGEwJV
   25.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   25.90  BgNVBAoMBHBrZzUxEjAQBgNVBAMMCWNoNC4zX3RhMTEYMBYGCSqGSIb3DQEJARYJ
   25.91 -Y2g0LjNfdGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDd7DDuKjnsz23A
   25.92 -uQTy4A8Eeumr8Cco2Wtw5cSbxhu7cRZC1UeAYCz2JpCdC8wbGL9UmMfour+iXWDJ
   25.93 -swl53u4C2blwIsPNYARfHt+jj0Nz6mhe33CGqmd1WlnvzQ3k8W3u07sEx1LlclMq
   25.94 -4vMCZX9TRsMV5MuNG8+PHo1tBAcJdwIDAQABo4HkMIHhMB0GA1UdDgQWBBQWBtt5
   25.95 -NoJdlrr9D8M94mS65gPmOjCBmwYDVR0jBIGTMIGQgBSPKoJMHjmXw0pqUvzUy+Y3
   25.96 -zhKRWaF1pHMwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDAS
   25.97 -BgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARwa2c1MRAwDgYDVQQDDAdjaDJf
   25.98 -dGExMRYwFAYJKoZIhvcNAQkBFgdjaDJfdGExggEDMBIGA1UdEwEB/wQIMAYBAf8C
   25.99 -AQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBACZwzGlbJs/MHRm2
  25.100 -YSBZItf6o9n64uOHByRaQVt+IUz1MtLY/aUXtcQPmtKm3UWfEyowinVbaZvdBoU+
  25.101 -GQZ9XQ8/FWR2QemoML3XJmYHYNri7IBEbaWL/Zo6C5K5bPhyzH4keKKj9+9HeqqL
  25.102 -iUUz/wG9oNAY6qFGmLV/AOEAjn5o
  25.103 +Y2g0LjNfdGExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWnuFz4K
  25.104 +FVAjidfXh+63bexzukKf6rr1iXS3vo1LQpt7MDcaYvo5BTiVwnI/me1zb/DpSiB7
  25.105 +bOi/s3p4lVA+lSVt+6yQfUiChx+fN3tYURk+H6cUQgSEEgZOKcklRYz8CMnJihYN
  25.106 +VexFtYBuqoKjTf3Rz4DTtuYBehc6+lGQ3gUCRLrFwk260SUafC6t0YTCzg54wo/Y
  25.107 +Qs5SsT5/seQUvJV9FrlKqB21vRW4foldEfm2OsDy7AFuinmmXKzBu9gcs8cq7Uod
  25.108 +g5+U2qz4xynOI1vlF2LsFIaioSKBVbci76Kn4He+qciw5f6Hk/5HaNzrvFewtMtc
  25.109 +2JcNSQHWcf561wIDAQABo4HkMIHhMB0GA1UdDgQWBBTKUCC2cGLeayh3YwBk/tBY
  25.110 +nlAWJDCBmwYDVR0jBIGTMIGQgBTuoMBUtYSJKIB5Sc7QqcaLuY6FIKF1pHMwcTEL
  25.111 +MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRh
  25.112 +IENsYXJhMQ0wCwYDVQQKDARwa2c1MRAwDgYDVQQDDAdjaDJfdGExMRYwFAYJKoZI
  25.113 +hvcNAQkBFgdjaDJfdGExggEDMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/
  25.114 +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAliRikoWw+4/APqZw+ThWmQjQitic1
  25.115 +sNGIlsM+BUom3D9loQlksWDYry9cS/7RSNW3hIMw+OZCf9Kg5Kd3XJKHZCC3SN8L
  25.116 +797rhINLXGAOiYUeXpplvMWsloWDF4XdLwro9YCJpkpVxhppDxs/JdpCMZGSh8cH
  25.117 +QJ8gWqzFxV2c/IJLLuqOs/2Uhd0LEAneFk1Hr1mGyuiEwHWsKpyexxbJZHUEhzWp
  25.118 +ibOokgHIEf15J2kWUr8j/y+RMeaw6GZU/pnEfL3SU78iFOJOFfPxxvcubQeVCWlm
  25.119 +AdeJzvmSPCX7hJoW/cC4v2VtsjSkYXkhE2LGcpeqZEKrj86DhCoesE+8
  25.120  -----END CERTIFICATE-----
    26.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/0D.pem	Tue Mar 08 11:12:06 2016 -0800
    26.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/0D.pem	Wed Mar 09 11:27:23 2016 -0800
    26.3 @@ -5,28 +5,37 @@
    26.4      Signature Algorithm: sha256WithRSAEncryption
    26.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4.3_ta1/emailAddress=ch4.3_ta1
    26.6          Validity
    26.7 -            Not Before: Dec 13 00:13:35 2013 GMT
    26.8 -            Not After : Sep  8 00:13:35 2016 GMT
    26.9 +            Not Before: Jan 22 01:57:55 2016 GMT
   26.10 +            Not After : Oct 18 01:57:55 2018 GMT
   26.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch5.3_ta1/emailAddress=ch5.3_ta1
   26.12          Subject Public Key Info:
   26.13              Public Key Algorithm: rsaEncryption
   26.14 -                Public-Key: (1024 bit)
   26.15 +                Public-Key: (2048 bit)
   26.16                  Modulus:
   26.17 -                    00:9a:0b:35:00:7e:06:fd:e2:50:97:7e:d2:c2:b8:
   26.18 -                    20:2a:d9:bb:b8:3f:14:f9:aa:e3:98:dc:b9:49:62:
   26.19 -                    32:9e:e7:51:16:ef:6b:69:59:7e:0f:c3:50:08:3d:
   26.20 -                    dc:23:18:37:fa:70:cc:45:b8:47:1e:49:ef:18:15:
   26.21 -                    47:8e:e6:c9:65:64:02:a8:f5:2a:d1:ef:3a:91:8f:
   26.22 -                    5a:52:21:46:8f:61:87:55:c9:61:ea:e8:98:18:c5:
   26.23 -                    99:1f:bd:43:02:13:a6:bf:c0:cd:d9:a5:ee:40:a3:
   26.24 -                    05:bf:18:28:57:f6:4e:21:d0:89:a1:21:1c:39:ed:
   26.25 -                    2d:ed:45:f0:da:75:37:da:7b
   26.26 +                    00:c1:91:a3:1f:3a:14:29:24:3c:d6:fa:ad:16:b9:
   26.27 +                    a4:c4:df:4a:04:c9:d6:01:16:03:54:de:36:4a:db:
   26.28 +                    69:1c:b1:c0:f9:ee:64:3d:f3:63:5f:de:fd:4f:91:
   26.29 +                    95:c4:86:99:07:d6:f3:3d:80:7e:5a:ef:16:84:05:
   26.30 +                    d5:66:f7:ee:f8:e1:6b:d9:eb:78:1d:10:5e:85:28:
   26.31 +                    6f:80:97:90:1f:cb:52:36:1d:c6:2a:30:f6:64:63:
   26.32 +                    4f:3a:9f:b1:e3:36:98:92:62:df:d3:ec:6e:99:dd:
   26.33 +                    37:16:e1:92:24:18:e2:53:e9:8c:38:84:50:c7:8d:
   26.34 +                    3c:ae:21:b0:79:69:3b:f4:17:46:78:1b:d6:00:16:
   26.35 +                    9a:46:61:e6:78:2d:75:2d:eb:d9:e0:93:c7:50:b1:
   26.36 +                    43:a6:76:32:97:24:ea:98:8e:f0:08:31:9d:c7:81:
   26.37 +                    be:66:65:eb:30:fd:c2:98:f8:6d:64:e6:6b:7b:19:
   26.38 +                    e4:97:c3:31:20:8d:1a:f4:0c:4f:96:14:8b:64:cb:
   26.39 +                    f4:75:31:3b:cd:b8:27:d5:25:3e:a3:f7:73:db:b9:
   26.40 +                    ac:dd:e8:be:14:dc:2f:ca:e5:f6:f6:8d:c1:83:60:
   26.41 +                    72:45:1d:e9:cd:e9:d5:a4:67:1c:df:56:3b:00:3b:
   26.42 +                    fd:7a:3f:fc:78:ad:47:b0:53:ca:7d:17:57:fe:4c:
   26.43 +                    de:cb
   26.44                  Exponent: 65537 (0x10001)
   26.45          X509v3 extensions:
   26.46              X509v3 Subject Key Identifier: 
   26.47 -                A5:4B:BC:BC:6C:A7:1D:7E:CB:31:E5:DF:BE:24:BE:B9:86:28:DE:68
   26.48 +                E3:AC:5A:33:E4:E3:9B:18:66:7B:0F:13:2A:89:91:5E:64:42:D3:05
   26.49              X509v3 Authority Key Identifier: 
   26.50 -                keyid:16:06:DB:79:36:82:5D:96:BA:FD:0F:C3:3D:E2:64:BA:E6:03:E6:3A
   26.51 +                keyid:CA:50:20:B6:70:62:DE:6B:28:77:63:00:64:FE:D0:58:9E:50:16:24
   26.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
   26.53                  serial:0C
   26.54  
   26.55 @@ -35,31 +44,43 @@
   26.56              X509v3 Key Usage: critical
   26.57                  Certificate Sign, CRL Sign
   26.58      Signature Algorithm: sha256WithRSAEncryption
   26.59 -         4b:1b:27:81:60:e8:9c:ca:e9:2b:c6:94:9e:64:d5:1a:44:18:
   26.60 -         e7:fb:98:cf:a0:10:e3:ae:ad:b3:fa:a6:21:9d:be:35:46:17:
   26.61 -         e6:42:3f:8c:79:81:c5:46:f4:f8:04:72:02:a5:5c:6a:1f:cf:
   26.62 -         62:e1:f9:6f:3a:26:5c:7b:13:27:bd:27:e7:8d:e4:75:b0:04:
   26.63 -         05:84:44:8b:cf:2c:8b:8b:44:35:c7:60:79:91:04:69:cc:35:
   26.64 -         90:5b:e5:9a:71:cb:6d:65:dd:a1:09:2c:d0:35:69:cc:cf:0a:
   26.65 -         62:41:8f:18:ac:9e:8f:52:4c:fa:77:14:98:45:ce:06:c5:f9:
   26.66 -         5d:6a
   26.67 +         1c:ac:db:1d:7e:66:ab:bd:02:09:67:5b:cf:c3:d4:2f:04:48:
   26.68 +         63:3f:80:02:74:80:d9:77:a5:25:eb:c3:08:74:10:48:2d:8d:
   26.69 +         b4:7b:1a:fb:66:ea:fe:bf:4d:19:7c:42:54:e2:6e:65:19:59:
   26.70 +         60:3d:bf:ea:79:d3:c3:cd:3a:f7:4b:ac:31:fc:6f:40:25:2e:
   26.71 +         41:eb:7b:54:36:78:f4:73:cb:7b:73:fa:d0:28:ca:65:a1:be:
   26.72 +         b4:7c:c6:17:8b:d9:b1:5e:e5:ab:00:29:fc:78:bf:32:09:51:
   26.73 +         41:fe:4c:ec:df:50:76:73:9e:b6:b3:9a:8a:ca:4d:0c:59:7c:
   26.74 +         41:76:7b:5b:77:cd:71:74:ca:88:1a:0f:dc:20:62:be:dc:6a:
   26.75 +         f9:d5:5f:26:7b:f5:6a:ed:22:9f:01:66:04:9e:45:71:37:da:
   26.76 +         53:3a:4a:76:93:86:49:3b:6e:8e:87:dd:6a:28:0f:cc:fe:ce:
   26.77 +         7f:1d:91:8b:20:94:8f:4a:66:5a:ab:e2:e8:1e:41:f3:d6:6e:
   26.78 +         a1:4d:9c:c8:e6:57:cf:61:67:ab:bd:c7:39:f9:58:9a:18:05:
   26.79 +         44:80:49:44:ff:3e:4f:ca:e3:09:1c:d3:cb:4f:7a:8b:78:72:
   26.80 +         76:23:02:79:ef:70:8e:5f:f8:c2:ae:08:b0:b8:ba:84:39:37:
   26.81 +         73:30:90:e8
   26.82  -----BEGIN CERTIFICATE-----
   26.83 -MIIDRTCCAq6gAwIBAgIBDTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzET
   26.84 +MIIESjCCAzKgAwIBAgIBDTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzET
   26.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   26.86  BAoMBHBrZzUxEjAQBgNVBAMMCWNoNC4zX3RhMTEYMBYGCSqGSIb3DQEJARYJY2g0
   26.87 -LjNfdGExMB4XDTEzMTIxMzAwMTMzNVoXDTE2MDkwODAwMTMzNVowdTELMAkGA1UE
   26.88 +LjNfdGExMB4XDTE2MDEyMjAxNTc1NVoXDTE4MTAxODAxNTc1NVowdTELMAkGA1UE
   26.89  BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJh
   26.90  MQ0wCwYDVQQKDARwa2c1MRIwEAYDVQQDDAljaDUuM190YTExGDAWBgkqhkiG9w0B
   26.91 -CQEWCWNoNS4zX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmgs1AH4G
   26.92 -/eJQl37SwrggKtm7uD8U+arjmNy5SWIynudRFu9raVl+D8NQCD3cIxg3+nDMRbhH
   26.93 -HknvGBVHjubJZWQCqPUq0e86kY9aUiFGj2GHVclh6uiYGMWZH71DAhOmv8DN2aXu
   26.94 -QKMFvxgoV/ZOIdCJoSEcOe0t7UXw2nU32nsCAwEAAaOB5DCB4TAdBgNVHQ4EFgQU
   26.95 -pUu8vGynHX7LMeXfviS+uYYo3mgwgZsGA1UdIwSBkzCBkIAUFgbbeTaCXZa6/Q/D
   26.96 -PeJkuuYD5jqhdaRzMHExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
   26.97 -MRQwEgYDVQQHDAtTYW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEQMA4GA1UEAwwH
   26.98 -Y2gzX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gzX3RhMYIBDDASBgNVHRMBAf8ECDAG
   26.99 -AQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOBgQBLGyeBYOic
  26.100 -yukrxpSeZNUaRBjn+5jPoBDjrq2z+qYhnb41RhfmQj+MeYHFRvT4BHICpVxqH89i
  26.101 -4flvOiZcexMnvSfnjeR1sAQFhESLzyyLi0Q1x2B5kQRpzDWQW+WaccttZd2hCSzQ
  26.102 -NWnMzwpiQY8YrJ6PUkz6dxSYRc4Gxfldag==
  26.103 +CQEWCWNoNS4zX3RhMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGR
  26.104 +ox86FCkkPNb6rRa5pMTfSgTJ1gEWA1TeNkrbaRyxwPnuZD3zY1/e/U+RlcSGmQfW
  26.105 +8z2AflrvFoQF1Wb37vjha9nreB0QXoUob4CXkB/LUjYdxiow9mRjTzqfseM2mJJi
  26.106 +39PsbpndNxbhkiQY4lPpjDiEUMeNPK4hsHlpO/QXRngb1gAWmkZh5ngtdS3r2eCT
  26.107 +x1CxQ6Z2Mpck6piO8AgxnceBvmZl6zD9wpj4bWTma3sZ5JfDMSCNGvQMT5YUi2TL
  26.108 +9HUxO824J9UlPqP3c9u5rN3ovhTcL8rl9vaNwYNgckUd6c3p1aRnHN9WOwA7/Xo/
  26.109 +/HitR7BTyn0XV/5M3ssCAwEAAaOB5DCB4TAdBgNVHQ4EFgQU46xaM+Tjmxhmew8T
  26.110 +KomRXmRC0wUwgZsGA1UdIwSBkzCBkIAUylAgtnBi3msod2MAZP7QWJ5QFiShdaRz
  26.111 +MHExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtT
  26.112 +YW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEQMA4GA1UEAwwHY2gzX3RhMTEWMBQG
  26.113 +CSqGSIb3DQEJARYHY2gzX3RhMYIBDDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud
  26.114 +DwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAHKzbHX5mq70CCWdbz8PULwRI
  26.115 +Yz+AAnSA2XelJevDCHQQSC2NtHsa+2bq/r9NGXxCVOJuZRlZYD2/6nnTw80690us
  26.116 +MfxvQCUuQet7VDZ49HPLe3P60CjKZaG+tHzGF4vZsV7lqwAp/Hi/MglRQf5M7N9Q
  26.117 +dnOetrOaispNDFl8QXZ7W3fNcXTKiBoP3CBivtxq+dVfJnv1au0inwFmBJ5FcTfa
  26.118 +UzpKdpOGSTtujofdaigPzP7Ofx2RiyCUj0pmWqvi6B5B89ZuoU2cyOZXz2Fnq73H
  26.119 +OflYmhgFRIBJRP8+T8rjCRzTy096i3hydiMCee9wjl/4wq4IsLi6hDk3czCQ6A==
  26.120  -----END CERTIFICATE-----
    27.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/10.pem	Tue Mar 08 11:12:06 2016 -0800
    27.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/10.pem	Wed Mar 09 11:27:23 2016 -0800
    27.3 @@ -5,61 +5,82 @@
    27.4      Signature Algorithm: sha256WithRSAEncryption
    27.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
    27.6          Validity
    27.7 -            Not Before: Dec 13 00:13:35 2013 GMT
    27.8 -            Not After : Sep  8 00:13:35 2016 GMT
    27.9 +            Not Before: Jan 22 01:57:56 2016 GMT
   27.10 +            Not After : Oct 18 01:57:56 2018 GMT
   27.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
   27.12          Subject Public Key Info:
   27.13              Public Key Algorithm: rsaEncryption
   27.14 -                Public-Key: (1024 bit)
   27.15 +                Public-Key: (2048 bit)
   27.16                  Modulus:
   27.17 -                    00:ba:0e:36:90:a0:6b:75:19:6b:30:76:54:9e:20:
   27.18 -                    b0:81:70:21:47:97:9c:c1:15:7c:9e:2d:50:3c:db:
   27.19 -                    dc:8c:d0:31:9c:b9:78:c6:2a:5c:53:ca:ed:d3:44:
   27.20 -                    e2:f9:93:d8:b5:b6:a6:8a:c2:bd:be:4f:8b:f5:a0:
   27.21 -                    28:68:cf:ec:f9:e3:e9:57:a8:ab:cd:a5:45:0d:82:
   27.22 -                    eb:f0:5b:aa:2d:1b:88:65:30:9f:a1:74:59:1f:e5:
   27.23 -                    d2:25:f9:d6:31:3f:0a:a2:4a:92:5d:2a:30:2e:3f:
   27.24 -                    2f:72:48:93:f8:8d:7c:bf:79:21:e3:e1:91:9a:a7:
   27.25 -                    03:01:ba:20:95:a6:da:56:35
   27.26 +                    00:ad:c4:ce:08:be:18:a7:5c:74:34:46:19:29:0b:
   27.27 +                    0e:09:7e:42:b2:ac:a4:40:2e:ee:2e:c8:0a:11:a8:
   27.28 +                    88:85:73:a5:d8:15:65:9a:d6:4e:d4:8b:49:c1:32:
   27.29 +                    dc:c3:f9:3d:99:87:d6:df:98:be:f6:71:db:f9:3d:
   27.30 +                    63:98:65:7f:b9:a8:99:3c:f4:28:39:59:bf:e1:ff:
   27.31 +                    7a:ef:a6:54:6e:43:31:33:95:72:d9:7d:11:24:e0:
   27.32 +                    e0:47:24:df:84:27:a4:ee:19:6f:e8:f9:61:42:82:
   27.33 +                    45:78:10:22:29:d5:b2:b8:1a:e6:7a:db:6d:d7:76:
   27.34 +                    aa:27:bb:e7:cc:2b:60:39:8e:ac:3a:1c:b3:62:20:
   27.35 +                    c4:db:10:5c:1d:22:fe:3d:36:ae:14:10:1f:81:d9:
   27.36 +                    ce:bb:bc:93:4a:5f:1c:fc:1a:08:55:a6:4a:84:3b:
   27.37 +                    0b:ca:89:8f:1e:f1:00:fe:6e:5b:9e:a3:57:dd:97:
   27.38 +                    7c:fa:90:e7:ca:8d:9e:f2:b6:24:3e:f5:85:e8:77:
   27.39 +                    53:1e:f5:c8:ba:37:53:05:43:dc:d8:56:c4:f9:cd:
   27.40 +                    56:d3:3b:1a:16:c7:3d:e9:09:26:ef:6a:6a:b1:6b:
   27.41 +                    28:77:14:69:d8:f5:67:a3:2e:04:d2:98:39:91:aa:
   27.42 +                    c8:63:8f:55:56:f4:49:c9:67:84:82:a4:dd:d5:37:
   27.43 +                    b9:8f
   27.44                  Exponent: 65537 (0x10001)
   27.45          X509v3 extensions:
   27.46              X509v3 Subject Key Identifier: 
   27.47 -                A7:11:90:E6:5F:5F:79:74:A3:1D:B5:9E:0C:15:F1:16:C5:D4:FB:6B
   27.48 +                2B:95:76:FC:68:FE:EC:2A:19:A1:FC:D3:30:D9:C8:26:24:79:BE:9B
   27.49              X509v3 Authority Key Identifier: 
   27.50 -                keyid:B4:D4:36:9F:F8:CB:A2:5F:50:89:DA:21:E3:27:C4:91:F7:84:88:45
   27.51 +                keyid:29:6E:FA:0C:C3:3A:D4:13:5F:93:39:0F:10:08:27:C7:BF:62:56:E5
   27.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta3/emailAddress=ta3
   27.53 -                serial:C0:C4:B4:7D:88:D6:E3:3E
   27.54 +                serial:8A:15:23:60:8D:FB:3E:84
   27.55  
   27.56              X509v3 Basic Constraints: critical
   27.57                  CA:TRUE
   27.58              X509v3 Key Usage: critical
   27.59                  Certificate Sign, CRL Sign
   27.60      Signature Algorithm: sha256WithRSAEncryption
   27.61 -         5f:db:a1:d4:03:bc:a0:f9:d7:80:88:ac:94:2b:22:cc:1c:88:
   27.62 -         56:65:bd:0d:57:d6:d4:ae:5c:a2:27:44:7c:5e:4d:23:8c:ba:
   27.63 -         fe:1c:a6:49:96:20:c2:f5:45:cf:52:0e:0a:80:40:5b:1c:e7:
   27.64 -         83:2b:d4:72:6c:95:10:c6:a7:44:27:85:6b:e5:37:f5:a4:25:
   27.65 -         70:e4:e0:0e:de:1d:c1:72:1f:05:be:0f:4b:23:61:38:e3:52:
   27.66 -         cb:05:c3:f4:41:26:80:58:ea:02:c6:6b:7d:f8:9f:41:40:76:
   27.67 -         94:44:59:2e:da:bc:a8:54:11:22:bc:58:ff:61:85:3c:60:e7:
   27.68 -         67:e6
   27.69 +         82:73:57:62:96:05:6f:f0:f1:22:b0:e7:f7:4f:c8:a7:20:9e:
   27.70 +         94:cc:80:fa:9f:4f:98:24:75:49:5d:e7:cf:51:11:de:0d:64:
   27.71 +         3c:24:8c:2b:5d:84:7c:40:6a:d2:27:81:2e:19:f4:16:c0:d3:
   27.72 +         e1:d3:fa:23:e9:25:cc:f8:e2:f5:e8:b7:2b:ae:c5:70:19:f7:
   27.73 +         0e:d4:ac:35:16:56:ad:7c:dc:f6:39:f2:80:b4:d3:d3:67:f7:
   27.74 +         d9:cd:58:bf:17:01:94:50:af:a4:17:b9:49:50:1a:73:d7:f9:
   27.75 +         1e:f4:6b:43:01:53:cf:a1:da:66:9d:e4:1c:fc:48:41:24:83:
   27.76 +         ae:ce:18:d2:a7:95:5f:70:c6:24:e0:72:ec:08:c4:49:67:ac:
   27.77 +         73:dc:f0:ad:2c:1c:f6:6c:e2:e9:44:2f:38:d4:80:03:71:41:
   27.78 +         be:7c:04:b9:07:3e:a5:9d:6a:3c:b1:46:d9:d2:4d:76:28:ee:
   27.79 +         37:da:5b:53:30:30:31:23:0b:95:47:c3:41:d3:45:1b:08:47:
   27.80 +         22:14:e7:84:11:da:b2:95:c8:ea:98:94:d0:d1:33:8a:36:71:
   27.81 +         a1:2f:fe:65:2e:91:39:16:6e:5e:1c:ff:0a:57:d5:eb:88:50:
   27.82 +         b3:f2:89:68:c2:ff:a9:bd:af:de:c6:0f:57:af:15:4e:c1:31:
   27.83 +         1e:67:16:2c
   27.84  -----BEGIN CERTIFICATE-----
   27.85 -MIIDMjCCApugAwIBAgIBEDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   27.86 +MIIENzCCAx+gAwIBAgIBEDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   27.87  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   27.88 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTEz
   27.89 -MTIxMzAwMTMzNVoXDTE2MDkwODAwMTMzNVowcTELMAkGA1UEBhMCVVMxEzARBgNV
   27.90 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTE2
   27.91 +MDEyMjAxNTc1NloXDTE4MTAxODAxNTc1NlowcTELMAkGA1UEBhMCVVMxEzARBgNV
   27.92  BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   27.93 -a2c1MRAwDgYDVQQDDAdjaDFfdGEzMRYwFAYJKoZIhvcNAQkBFgdjaDFfdGEzMIGf
   27.94 -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6DjaQoGt1GWswdlSeILCBcCFHl5zB
   27.95 -FXyeLVA829yM0DGcuXjGKlxTyu3TROL5k9i1tqaKwr2+T4v1oChoz+z54+lXqKvN
   27.96 -pUUNguvwW6otG4hlMJ+hdFkf5dIl+dYxPwqiSpJdKjAuPy9ySJP4jXy/eSHj4ZGa
   27.97 -pwMBuiCVptpWNQIDAQABo4HhMIHeMB0GA1UdDgQWBBSnEZDmX195dKMdtZ4MFfEW
   27.98 -xdT7azCBmwYDVR0jBIGTMIGQgBS01Daf+MuiX1CJ2iHjJ8SR94SIRaFtpGswaTEL
   27.99 -MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRh
  27.100 -IENsYXJhMQ0wCwYDVQQKDARwa2c1MQwwCgYDVQQDDAN0YTMxEjAQBgkqhkiG9w0B
  27.101 -CQEWA3RhM4IJAMDEtH2I1uM+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
  27.102 -AgEGMA0GCSqGSIb3DQEBCwUAA4GBAF/bodQDvKD514CIrJQrIswciFZlvQ1X1tSu
  27.103 -XKInRHxeTSOMuv4cpkmWIML1Rc9SDgqAQFsc54Mr1HJslRDGp0QnhWvlN/WkJXDk
  27.104 -4A7eHcFyHwW+D0sjYTjjUssFw/RBJoBY6gLGa334n0FAdpREWS7avKhUESK8WP9h
  27.105 -hTxg52fm
  27.106 +a2c1MRAwDgYDVQQDDAdjaDFfdGEzMRYwFAYJKoZIhvcNAQkBFgdjaDFfdGEzMIIB
  27.107 +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcTOCL4Yp1x0NEYZKQsOCX5C
  27.108 +sqykQC7uLsgKEaiIhXOl2BVlmtZO1ItJwTLcw/k9mYfW35i+9nHb+T1jmGV/uaiZ
  27.109 +PPQoOVm/4f9676ZUbkMxM5Vy2X0RJODgRyTfhCek7hlv6PlhQoJFeBAiKdWyuBrm
  27.110 +ettt13aqJ7vnzCtgOY6sOhyzYiDE2xBcHSL+PTauFBAfgdnOu7yTSl8c/BoIVaZK
  27.111 +hDsLyomPHvEA/m5bnqNX3Zd8+pDnyo2e8rYkPvWF6HdTHvXIujdTBUPc2FbE+c1W
  27.112 +0zsaFsc96Qkm72pqsWsodxRp2PVnoy4E0pg5karIY49VVvRJyWeEgqTd1Te5jwID
  27.113 +AQABo4HhMIHeMB0GA1UdDgQWBBQrlXb8aP7sKhmh/NMw2cgmJHm+mzCBmwYDVR0j
  27.114 +BIGTMIGQgBQpbvoMwzrUE1+TOQ8QCCfHv2JW5aFtpGswaTELMAkGA1UEBhMCVVMx
  27.115 +EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYD
  27.116 +VQQKDARwa2c1MQwwCgYDVQQDDAN0YTMxEjAQBgkqhkiG9w0BCQEWA3RhM4IJAIoV
  27.117 +I2CN+z6EMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
  27.118 +DQEBCwUAA4IBAQCCc1dilgVv8PEisOf3T8inIJ6UzID6n0+YJHVJXefPURHeDWQ8
  27.119 +JIwrXYR8QGrSJ4EuGfQWwNPh0/oj6SXM+OL16LcrrsVwGfcO1Kw1FlatfNz2OfKA
  27.120 +tNPTZ/fZzVi/FwGUUK+kF7lJUBpz1/ke9GtDAVPPodpmneQc/EhBJIOuzhjSp5Vf
  27.121 +cMYk4HLsCMRJZ6xz3PCtLBz2bOLpRC841IADcUG+fAS5Bz6lnWo8sUbZ0k12KO43
  27.122 +2ltTMDAxIwuVR8NB00UbCEciFOeEEdqylcjqmJTQ0TOKNnGhL/5lLpE5Fm5eHP8K
  27.123 +V9XriFCz8olowv+pva/exg9XrxVOwTEeZxYs
  27.124  -----END CERTIFICATE-----
    28.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/1A.pem	Tue Mar 08 11:12:06 2016 -0800
    28.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    28.3 @@ -1,55 +0,0 @@
    28.4 -Certificate:
    28.5 -    Data:
    28.6 -        Version: 3 (0x2)
    28.7 -        Serial Number: 26 (0x1a)
    28.8 -    Signature Algorithm: sha256WithRSAEncryption
    28.9 -        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   28.10 -        Validity
   28.11 -            Not Before: Dec 13 00:13:36 2013 GMT
   28.12 -            Not After : Sep  8 00:13:36 2016 GMT
   28.13 -        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.1_ta3/emailAddress=ch1.1_ta3
   28.14 -        Subject Public Key Info:
   28.15 -            Public Key Algorithm: rsaEncryption
   28.16 -                Public-Key: (1024 bit)
   28.17 -                Modulus:
   28.18 -                    00:df:da:60:8b:c6:d6:55:f7:d0:5b:a7:5a:87:d2:
   28.19 -                    90:7b:9c:46:31:96:5e:15:a0:c7:44:b3:79:ce:ae:
   28.20 -                    d7:af:99:a9:fe:6d:c6:69:23:09:45:68:64:01:dc:
   28.21 -                    a0:7e:8c:ed:c9:bc:14:d3:84:62:2a:8a:21:30:48:
   28.22 -                    30:97:94:99:84:69:f0:c0:46:a4:72:82:51:30:fe:
   28.23 -                    f0:fc:60:6c:ea:b8:7d:52:ce:fd:e5:20:b7:9f:4b:
   28.24 -                    03:21:74:f3:58:35:3a:ef:f7:e0:84:64:06:84:36:
   28.25 -                    62:e8:82:65:82:1e:56:c7:ea:1e:eb:65:7d:b3:83:
   28.26 -                    9c:fc:e6:ba:65:c4:82:e3:5f
   28.27 -                Exponent: 65537 (0x10001)
   28.28 -        X509v3 extensions:
   28.29 -            X509v3 Basic Constraints: critical
   28.30 -                CA:TRUE
   28.31 -            X509v3 Issuer Alternative Name: critical
   28.32 -                <EMPTY>
   28.33 -
   28.34 -    Signature Algorithm: sha256WithRSAEncryption
   28.35 -         ae:2b:af:4b:e6:7b:a1:28:27:46:1e:10:55:c2:2c:e4:6b:e9:
   28.36 -         f2:6c:38:87:ed:f1:da:d5:92:39:89:22:53:3e:b4:da:3d:ae:
   28.37 -         8d:ea:42:15:bb:4d:c6:ef:50:9c:1d:8b:93:92:7d:33:31:bd:
   28.38 -         48:79:76:15:d4:8a:fd:bd:ae:1d:61:43:8d:88:ec:83:8d:15:
   28.39 -         c9:50:73:e0:07:1a:41:e7:b2:a0:ac:9b:33:ed:bd:73:c5:32:
   28.40 -         25:dd:ad:01:4b:90:62:25:e8:75:8e:19:e8:f5:4b:b8:89:2a:
   28.41 -         c6:eb:d6:9c:31:f5:83:dd:1d:f9:71:11:ce:3b:0c:f5:e3:e4:
   28.42 -         89:0a
   28.43 ------BEGIN CERTIFICATE-----
   28.44 -MIICdTCCAd6gAwIBAgIBGjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   28.45 -MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   28.46 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTEz
   28.47 -MTIxMzAwMTMzNloXDTE2MDkwODAwMTMzNlowdTELMAkGA1UEBhMCVVMxEzARBgNV
   28.48 -BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   28.49 -a2c1MRIwEAYDVQQDDAljaDEuMV90YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS4xX3Rh
   28.50 -MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA39pgi8bWVffQW6dah9KQe5xG
   28.51 -MZZeFaDHRLN5zq7Xr5mp/m3GaSMJRWhkAdygfoztybwU04RiKoohMEgwl5SZhGnw
   28.52 -wEakcoJRMP7w/GBs6rh9Us795SC3n0sDIXTzWDU67/fghGQGhDZi6IJlgh5Wx+oe
   28.53 -62V9s4Oc/Oa6ZcSC418CAwEAAaMhMB8wDwYDVR0TAQH/BAUwAwEB/zAMBgNVHRIB
   28.54 -Af8EAjAAMA0GCSqGSIb3DQEBCwUAA4GBAK4rr0vme6EoJ0YeEFXCLORr6fJsOIft
   28.55 -8drVkjmJIlM+tNo9ro3qQhW7TcbvUJwdi5OSfTMxvUh5dhXUiv29rh1hQ42I7ION
   28.56 -FclQc+AHGkHnsqCsmzPtvXPFMiXdrQFLkGIl6HWOGej1S7iJKsbr1pwx9YPdHflx
   28.57 -Ec47DPXj5IkK
   28.58 ------END CERTIFICATE-----
    29.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    29.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/1B.pem	Wed Mar 09 11:27:23 2016 -0800
    29.3 @@ -0,0 +1,76 @@
    29.4 +Certificate:
    29.5 +    Data:
    29.6 +        Version: 3 (0x2)
    29.7 +        Serial Number: 27 (0x1b)
    29.8 +    Signature Algorithm: sha256WithRSAEncryption
    29.9 +        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   29.10 +        Validity
   29.11 +            Not Before: Jan 22 01:57:57 2016 GMT
   29.12 +            Not After : Oct 18 01:57:57 2018 GMT
   29.13 +        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.1_ta3/emailAddress=ch1.1_ta3
   29.14 +        Subject Public Key Info:
   29.15 +            Public Key Algorithm: rsaEncryption
   29.16 +                Public-Key: (2048 bit)
   29.17 +                Modulus:
   29.18 +                    00:9f:68:52:eb:ed:18:33:43:ef:ec:5d:7a:a7:a7:
   29.19 +                    06:d7:86:ce:0d:52:d6:da:ab:34:ad:9f:cd:0a:79:
   29.20 +                    20:47:a9:3d:8f:f8:6b:e3:1a:9d:df:88:5c:c4:ad:
   29.21 +                    06:66:22:d9:d7:f0:c2:ca:b3:ae:9c:78:e6:2d:18:
   29.22 +                    20:c9:cc:e1:1a:27:12:32:b3:0b:eb:ba:e2:0e:ce:
   29.23 +                    dd:fa:22:0b:ae:00:03:ee:89:1e:03:14:d4:86:80:
   29.24 +                    b9:a2:98:be:60:25:63:2a:16:b4:63:1a:3f:0b:53:
   29.25 +                    13:c6:53:77:1c:ed:b2:11:e6:f4:d5:1a:51:c0:f5:
   29.26 +                    0f:3c:f7:b7:85:cf:66:f4:88:b0:e3:ea:35:fd:bc:
   29.27 +                    35:e0:82:16:a8:08:b0:9b:c9:2e:88:94:bb:ac:5d:
   29.28 +                    76:2f:b5:cf:da:e7:4e:72:d3:dc:8e:df:aa:0b:ed:
   29.29 +                    55:ac:41:01:4f:fd:68:87:ee:ee:32:90:d6:95:b0:
   29.30 +                    f7:78:1c:82:34:31:46:44:fa:f4:1a:63:88:ee:14:
   29.31 +                    96:b1:bf:bd:41:82:77:4e:bb:5f:06:2b:dc:2f:4c:
   29.32 +                    d3:42:96:0c:c2:82:a8:fb:3b:9f:4b:9f:d5:0a:74:
   29.33 +                    44:62:4f:9f:55:ce:ed:72:7e:26:ee:22:12:6f:69:
   29.34 +                    87:53:b8:79:aa:ee:21:e2:5f:bc:dd:c1:2a:2a:75:
   29.35 +                    86:45
   29.36 +                Exponent: 65537 (0x10001)
   29.37 +        X509v3 extensions:
   29.38 +            X509v3 Basic Constraints: critical
   29.39 +                CA:TRUE
   29.40 +            X509v3 Issuer Alternative Name: critical
   29.41 +                <EMPTY>
   29.42 +
   29.43 +    Signature Algorithm: sha256WithRSAEncryption
   29.44 +         0e:01:13:03:6b:ee:cc:3f:ef:73:4b:8e:5e:a9:4d:67:34:05:
   29.45 +         a7:58:5e:58:cf:09:25:77:74:82:da:76:03:79:cf:65:83:c5:
   29.46 +         97:2c:dc:37:b8:d6:c9:bb:a9:5d:57:17:5b:da:c3:8d:18:11:
   29.47 +         e4:47:d4:e5:a2:72:0d:15:eb:1c:de:82:ff:cc:30:98:0b:4c:
   29.48 +         46:96:63:f0:00:87:db:ac:1d:88:b3:c4:3b:ea:ac:20:4b:b1:
   29.49 +         e3:71:28:8f:a6:bb:b4:0d:b8:6f:8d:eb:e9:9a:0f:53:03:1a:
   29.50 +         ab:a0:c7:db:0c:e8:6e:05:a3:90:26:00:68:65:67:b7:a1:8e:
   29.51 +         0c:08:96:2e:27:03:4b:df:b6:c8:a1:53:ce:3c:83:b0:7b:d8:
   29.52 +         5f:8f:cf:61:d9:7c:8a:79:e4:a6:3a:79:0a:a7:82:c1:d3:d4:
   29.53 +         a4:01:a2:82:08:f0:01:77:0f:2c:dc:40:73:81:35:83:ff:56:
   29.54 +         4e:70:65:89:4e:17:9a:ff:7d:c4:9f:eb:62:f3:d3:44:87:c2:
   29.55 +         d5:41:28:2d:72:69:d9:f9:94:9a:c9:0a:f1:02:9a:47:04:3e:
   29.56 +         80:d6:c8:14:ab:e2:c7:3a:24:86:01:77:58:af:2b:e4:6a:73:
   29.57 +         81:96:7f:5d:0b:34:ff:ef:98:88:f9:ea:2b:43:a4:2c:56:65:
   29.58 +         c1:2c:f5:48
   29.59 +-----BEGIN CERTIFICATE-----
   29.60 +MIIDejCCAmKgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   29.61 +MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   29.62 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTE2
   29.63 +MDEyMjAxNTc1N1oXDTE4MTAxODAxNTc1N1owdTELMAkGA1UEBhMCVVMxEzARBgNV
   29.64 +BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   29.65 +a2c1MRIwEAYDVQQDDAljaDEuMV90YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS4xX3Rh
   29.66 +MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ9oUuvtGDND7+xdeqen
   29.67 +BteGzg1S1tqrNK2fzQp5IEepPY/4a+Mand+IXMStBmYi2dfwwsqzrpx45i0YIMnM
   29.68 +4RonEjKzC+u64g7O3foiC64AA+6JHgMU1IaAuaKYvmAlYyoWtGMaPwtTE8ZTdxzt
   29.69 +shHm9NUaUcD1Dzz3t4XPZvSIsOPqNf28NeCCFqgIsJvJLoiUu6xddi+1z9rnTnLT
   29.70 +3I7fqgvtVaxBAU/9aIfu7jKQ1pWw93gcgjQxRkT69BpjiO4UlrG/vUGCd067XwYr
   29.71 +3C9M00KWDMKCqPs7n0uf1Qp0RGJPn1XO7XJ+Ju4iEm9ph1O4earuIeJfvN3BKip1
   29.72 +hkUCAwEAAaMhMB8wDwYDVR0TAQH/BAUwAwEB/zAMBgNVHRIBAf8EAjAAMA0GCSqG
   29.73 +SIb3DQEBCwUAA4IBAQAOARMDa+7MP+9zS45eqU1nNAWnWF5Yzwkld3SC2nYDec9l
   29.74 +g8WXLNw3uNbJu6ldVxdb2sONGBHkR9TlonINFesc3oL/zDCYC0xGlmPwAIfbrB2I
   29.75 +s8Q76qwgS7HjcSiPpru0Dbhvjevpmg9TAxqroMfbDOhuBaOQJgBoZWe3oY4MCJYu
   29.76 +JwNL37bIoVPOPIOwe9hfj89h2XyKeeSmOnkKp4LB09SkAaKCCPABdw8s3EBzgTWD
   29.77 +/1ZOcGWJThea/33En+ti89NEh8LVQSgtcmnZ+ZSayQrxAppHBD6A1sgUq+LHOiSG
   29.78 +AXdYryvkanOBln9dCzT/75iI+eorQ6QsVmXBLPVI
   29.79 +-----END CERTIFICATE-----
    30.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/1C.pem	Tue Mar 08 11:12:06 2016 -0800
    30.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    30.3 @@ -1,65 +0,0 @@
    30.4 -Certificate:
    30.5 -    Data:
    30.6 -        Version: 3 (0x2)
    30.7 -        Serial Number: 28 (0x1c)
    30.8 -    Signature Algorithm: sha256WithRSAEncryption
    30.9 -        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   30.10 -        Validity
   30.11 -            Not Before: Jan  1 01:01:01 2009 GMT
   30.12 -            Not After : Jan  2 01:01:01 2009 GMT
   30.13 -        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.2_ta3/emailAddress=ch1.2_ta3
   30.14 -        Subject Public Key Info:
   30.15 -            Public Key Algorithm: rsaEncryption
   30.16 -                Public-Key: (1024 bit)
   30.17 -                Modulus:
   30.18 -                    00:db:7e:41:d8:93:1f:35:e5:6b:38:25:93:e5:99:
   30.19 -                    cf:fe:c7:b8:ab:0b:14:47:23:66:52:c7:d4:18:58:
   30.20 -                    ff:39:a6:c4:a3:44:2e:46:be:24:7b:9d:71:26:12:
   30.21 -                    6a:99:bd:92:01:5a:dc:a9:36:3c:2d:f8:42:b8:5f:
   30.22 -                    db:87:8f:09:9a:83:32:5c:b6:1d:c5:e4:aa:47:6d:
   30.23 -                    46:11:16:72:44:d7:49:ea:d3:4a:a4:52:9a:f4:8a:
   30.24 -                    b5:e4:ef:32:7b:71:a0:d7:8e:71:86:22:34:44:4a:
   30.25 -                    95:5a:37:ef:c4:7f:57:1f:99:32:39:ef:ab:94:05:
   30.26 -                    1b:9a:88:de:39:85:56:4c:f7
   30.27 -                Exponent: 65537 (0x10001)
   30.28 -        X509v3 extensions:
   30.29 -            X509v3 Subject Key Identifier: 
   30.30 -                91:8B:82:B9:57:2C:1B:DB:4B:F6:16:04:D7:3F:04:10:DD:8B:3B:05
   30.31 -            X509v3 Authority Key Identifier: 
   30.32 -                keyid:B4:D4:36:9F:F8:CB:A2:5F:50:89:DA:21:E3:27:C4:91:F7:84:88:45
   30.33 -                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta3/emailAddress=ta3
   30.34 -                serial:C0:C4:B4:7D:88:D6:E3:3E
   30.35 -
   30.36 -            X509v3 Basic Constraints: critical
   30.37 -                CA:TRUE
   30.38 -            X509v3 Key Usage: critical
   30.39 -                Certificate Sign, CRL Sign
   30.40 -    Signature Algorithm: sha256WithRSAEncryption
   30.41 -         8a:bc:bf:7b:28:d4:bd:a2:a9:91:e8:24:cf:1e:1b:05:7c:32:
   30.42 -         68:71:40:9a:ef:48:3c:58:43:6c:ae:90:7a:50:a3:49:86:12:
   30.43 -         57:21:00:0c:49:28:ec:31:fb:04:58:a4:24:c6:7e:14:9d:5a:
   30.44 -         96:bd:ba:cd:c1:31:cd:c8:f0:77:de:3f:81:0a:d0:31:65:f2:
   30.45 -         d5:11:c9:6f:cc:5a:f8:f3:c1:8f:31:37:75:3a:c6:6d:6d:6e:
   30.46 -         d7:16:0a:9b:b0:ce:07:d7:97:36:61:37:5e:4a:16:df:8d:97:
   30.47 -         f4:71:fe:9b:32:4b:b6:d2:27:f4:9a:7c:b8:83:b3:92:48:2c:
   30.48 -         ec:0c
   30.49 ------BEGIN CERTIFICATE-----
   30.50 -MIIDNjCCAp+gAwIBAgIBHDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   30.51 -MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   30.52 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTA5
   30.53 -MDEwMTAxMDEwMVoXDTA5MDEwMjAxMDEwMVowdTELMAkGA1UEBhMCVVMxEzARBgNV
   30.54 -BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   30.55 -a2c1MRIwEAYDVQQDDAljaDEuMl90YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS4yX3Rh
   30.56 -MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA235B2JMfNeVrOCWT5ZnP/se4
   30.57 -qwsURyNmUsfUGFj/OabEo0QuRr4ke51xJhJqmb2SAVrcqTY8LfhCuF/bh48JmoMy
   30.58 -XLYdxeSqR21GERZyRNdJ6tNKpFKa9Iq15O8ye3Gg145xhiI0REqVWjfvxH9XH5ky
   30.59 -Oe+rlAUbmojeOYVWTPcCAwEAAaOB4TCB3jAdBgNVHQ4EFgQUkYuCuVcsG9tL9hYE
   30.60 -1z8EEN2LOwUwgZsGA1UdIwSBkzCBkIAUtNQ2n/jLol9Qidoh4yfEkfeEiEWhbaRr
   30.61 -MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtT
   30.62 -YW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZI
   30.63 -hvcNAQkBFgN0YTOCCQDAxLR9iNbjPjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
   30.64 -/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOBgQCKvL97KNS9oqmR6CTPHhsFfDJocUCa
   30.65 -70g8WENsrpB6UKNJhhJXIQAMSSjsMfsEWKQkxn4UnVqWvbrNwTHNyPB33j+BCtAx
   30.66 -ZfLVEclvzFr488GPMTd1OsZtbW7XFgqbsM4H15c2YTdeShbfjZf0cf6bMku20if0
   30.67 -mny4g7OSSCzsDA==
   30.68 ------END CERTIFICATE-----
    31.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    31.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/1D.pem	Wed Mar 09 11:27:23 2016 -0800
    31.3 @@ -0,0 +1,86 @@
    31.4 +Certificate:
    31.5 +    Data:
    31.6 +        Version: 3 (0x2)
    31.7 +        Serial Number: 29 (0x1d)
    31.8 +    Signature Algorithm: sha256WithRSAEncryption
    31.9 +        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   31.10 +        Validity
   31.11 +            Not Before: Jan  1 01:01:01 2009 GMT
   31.12 +            Not After : Jan  2 01:01:01 2009 GMT
   31.13 +        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.2_ta3/emailAddress=ch1.2_ta3
   31.14 +        Subject Public Key Info:
   31.15 +            Public Key Algorithm: rsaEncryption
   31.16 +                Public-Key: (2048 bit)
   31.17 +                Modulus:
   31.18 +                    00:d6:9f:34:ff:2a:8c:3f:a8:9d:6a:bf:0b:d9:66:
   31.19 +                    57:2b:ba:9d:bd:88:b8:60:57:c9:b1:a8:2d:f1:74:
   31.20 +                    e6:84:29:6c:93:9d:ed:12:03:f9:48:ee:8c:f0:5d:
   31.21 +                    b0:da:9c:a6:2e:4b:64:f1:38:b8:cb:b9:d3:24:57:
   31.22 +                    e1:57:b6:f1:79:4b:ee:d7:30:5c:89:67:43:1a:e1:
   31.23 +                    aa:a2:b3:fb:f5:63:69:5b:55:98:3c:f9:2a:5f:56:
   31.24 +                    f1:b9:6d:a6:4b:8b:9e:c4:2d:30:a2:0e:98:92:0d:
   31.25 +                    c3:f7:80:69:d3:4b:a6:0a:5b:e8:d8:3d:0e:16:1b:
   31.26 +                    09:12:b3:95:55:1b:b3:c8:5a:71:45:4d:05:30:ba:
   31.27 +                    34:8d:86:a0:4a:0f:c3:e5:aa:19:3b:4c:5b:e6:20:
   31.28 +                    03:7b:d5:c4:90:ec:b4:06:8b:55:ec:37:81:f7:f6:
   31.29 +                    6d:f8:1e:01:7c:8f:45:08:25:2f:ab:eb:bb:c6:da:
   31.30 +                    91:6a:f3:c2:21:6c:33:be:ce:56:2e:36:6c:bb:8c:
   31.31 +                    12:3c:fc:1d:8b:33:14:d4:a0:4b:8e:0d:5b:3a:7c:
   31.32 +                    47:32:93:03:48:66:6a:a4:1b:a4:b5:43:19:b9:79:
   31.33 +                    cd:b5:f7:63:a9:5c:8f:ca:99:94:e3:d1:eb:15:a9:
   31.34 +                    16:3b:92:73:a0:fb:2b:16:8b:31:42:28:6f:0a:6d:
   31.35 +                    90:3f
   31.36 +                Exponent: 65537 (0x10001)
   31.37 +        X509v3 extensions:
   31.38 +            X509v3 Subject Key Identifier: 
   31.39 +                41:31:30:65:46:6B:1C:63:B9:C8:23:8E:02:37:E2:FF:FF:7C:C4:53
   31.40 +            X509v3 Authority Key Identifier: 
   31.41 +                keyid:29:6E:FA:0C:C3:3A:D4:13:5F:93:39:0F:10:08:27:C7:BF:62:56:E5
   31.42 +                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta3/emailAddress=ta3
   31.43 +                serial:8A:15:23:60:8D:FB:3E:84
   31.44 +
   31.45 +            X509v3 Basic Constraints: critical
   31.46 +                CA:TRUE
   31.47 +            X509v3 Key Usage: critical
   31.48 +                Certificate Sign, CRL Sign
   31.49 +    Signature Algorithm: sha256WithRSAEncryption
   31.50 +         8c:b9:ed:07:b3:f1:6f:53:7a:1d:62:ef:57:ba:ab:a5:46:93:
   31.51 +         d0:af:3a:67:2d:50:b0:5a:3b:b0:90:e2:f6:71:5e:fd:d6:fc:
   31.52 +         70:ce:6c:bf:51:ba:94:db:84:5d:c6:0b:d9:87:79:ea:bf:40:
   31.53 +         fd:a9:0b:c3:dd:81:ba:7a:40:7e:71:54:89:8b:e4:b2:85:e4:
   31.54 +         d6:93:d2:a4:9a:02:66:f9:7e:aa:48:e3:0c:ad:3c:f7:2e:55:
   31.55 +         fa:a1:10:f9:17:d0:2b:36:8a:36:57:f4:6c:42:2f:cf:4a:dc:
   31.56 +         f2:73:de:8b:08:e7:54:d6:8c:cf:83:ac:de:e0:b4:b5:f3:26:
   31.57 +         9f:9c:a0:6e:1e:29:77:bf:7e:d4:1d:1a:51:77:e1:82:e4:6d:
   31.58 +         fe:04:b4:23:8d:26:2b:9f:3f:f1:d9:98:35:b0:fe:b6:61:3c:
   31.59 +         21:2d:54:e4:2d:f1:3f:88:3d:cb:7d:57:11:98:4b:01:68:0b:
   31.60 +         af:79:a3:f4:8a:5d:11:c7:63:78:ac:94:e7:82:f0:4c:90:b1:
   31.61 +         89:49:f0:8c:50:a3:38:04:98:38:14:49:cc:1d:69:57:84:5a:
   31.62 +         4e:2d:10:f7:0c:88:73:48:de:83:90:0f:a0:53:b9:03:f6:f0:
   31.63 +         bf:cc:d6:91:73:b3:9c:13:0a:dc:24:52:d9:d0:ac:6d:cf:11:
   31.64 +         53:bc:d2:75
   31.65 +-----BEGIN CERTIFICATE-----
   31.66 +MIIEOzCCAyOgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   31.67 +MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   31.68 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTA5
   31.69 +MDEwMTAxMDEwMVoXDTA5MDEwMjAxMDEwMVowdTELMAkGA1UEBhMCVVMxEzARBgNV
   31.70 +BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   31.71 +a2c1MRIwEAYDVQQDDAljaDEuMl90YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS4yX3Rh
   31.72 +MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANafNP8qjD+onWq/C9lm
   31.73 +Vyu6nb2IuGBXybGoLfF05oQpbJOd7RID+UjujPBdsNqcpi5LZPE4uMu50yRX4Ve2
   31.74 +8XlL7tcwXIlnQxrhqqKz+/VjaVtVmDz5Kl9W8bltpkuLnsQtMKIOmJINw/eAadNL
   31.75 +pgpb6Ng9DhYbCRKzlVUbs8hacUVNBTC6NI2GoEoPw+WqGTtMW+YgA3vVxJDstAaL
   31.76 +Vew3gff2bfgeAXyPRQglL6vru8bakWrzwiFsM77OVi42bLuMEjz8HYszFNSgS44N
   31.77 +Wzp8RzKTA0hmaqQbpLVDGbl5zbX3Y6lcj8qZlOPR6xWpFjuSc6D7KxaLMUIobwpt
   31.78 +kD8CAwEAAaOB4TCB3jAdBgNVHQ4EFgQUQTEwZUZrHGO5yCOOAjfi//98xFMwgZsG
   31.79 +A1UdIwSBkzCBkIAUKW76DMM61BNfkzkPEAgnx79iVuWhbaRrMGkxCzAJBgNVBAYT
   31.80 +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEN
   31.81 +MAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZIhvcNAQkBFgN0YTOC
   31.82 +CQCKFSNgjfs+hDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq
   31.83 +hkiG9w0BAQsFAAOCAQEAjLntB7Pxb1N6HWLvV7qrpUaT0K86Zy1QsFo7sJDi9nFe
   31.84 +/db8cM5sv1G6lNuEXcYL2Yd56r9A/akLw92BunpAfnFUiYvksoXk1pPSpJoCZvl+
   31.85 +qkjjDK089y5V+qEQ+RfQKzaKNlf0bEIvz0rc8nPeiwjnVNaMz4Os3uC0tfMmn5yg
   31.86 +bh4pd79+1B0aUXfhguRt/gS0I40mK58/8dmYNbD+tmE8IS1U5C3xP4g9y31XEZhL
   31.87 +AWgLr3mj9IpdEcdjeKyU54LwTJCxiUnwjFCjOASYOBRJzB1pV4RaTi0Q9wyIc0je
   31.88 +g5APoFO5A/bwv8zWkXOznBMK3CRS2dCsbc8RU7zSdQ==
   31.89 +-----END CERTIFICATE-----
    32.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/1E.pem	Tue Mar 08 11:12:06 2016 -0800
    32.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    32.3 @@ -1,65 +0,0 @@
    32.4 -Certificate:
    32.5 -    Data:
    32.6 -        Version: 3 (0x2)
    32.7 -        Serial Number: 30 (0x1e)
    32.8 -    Signature Algorithm: sha256WithRSAEncryption
    32.9 -        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   32.10 -        Validity
   32.11 -            Not Before: Jan  1 01:01:01 2035 GMT
   32.12 -            Not After : Jan  2 01:01:01 2035 GMT
   32.13 -        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.3_ta3/emailAddress=ch1.3_ta3
   32.14 -        Subject Public Key Info:
   32.15 -            Public Key Algorithm: rsaEncryption
   32.16 -                Public-Key: (1024 bit)
   32.17 -                Modulus:
   32.18 -                    00:ce:58:8a:05:67:47:a9:62:99:37:13:35:4c:74:
   32.19 -                    75:9b:2f:d7:4c:23:7a:cd:60:35:0c:95:4b:58:b3:
   32.20 -                    dd:c8:2d:69:ad:3c:8d:d3:27:0d:02:06:d0:4b:6c:
   32.21 -                    6e:57:e9:1f:3c:dc:f3:88:22:25:86:35:13:91:3c:
   32.22 -                    9f:76:67:a4:ae:98:63:d2:73:4d:2f:07:d5:7f:80:
   32.23 -                    7e:27:92:25:16:aa:32:fe:7a:17:65:d5:9f:ee:39:
   32.24 -                    9f:c8:a1:57:6a:9b:2d:e3:61:d9:35:d5:94:fb:fa:
   32.25 -                    95:21:c3:31:33:50:d6:2f:e5:c0:7a:bb:a7:61:a4:
   32.26 -                    e0:9b:5e:ca:99:2a:5d:6a:db
   32.27 -                Exponent: 65537 (0x10001)
   32.28 -        X509v3 extensions:
   32.29 -            X509v3 Subject Key Identifier: 
   32.30 -                28:44:43:26:57:0F:45:87:1A:A5:36:FB:0F:49:91:4B:A1:38:F3:ED
   32.31 -            X509v3 Authority Key Identifier: 
   32.32 -                keyid:B4:D4:36:9F:F8:CB:A2:5F:50:89:DA:21:E3:27:C4:91:F7:84:88:45
   32.33 -                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta3/emailAddress=ta3
   32.34 -                serial:C0:C4:B4:7D:88:D6:E3:3E
   32.35 -
   32.36 -            X509v3 Basic Constraints: critical
   32.37 -                CA:TRUE
   32.38 -            X509v3 Key Usage: critical
   32.39 -                Certificate Sign, CRL Sign
   32.40 -    Signature Algorithm: sha256WithRSAEncryption
   32.41 -         b8:a1:7b:ba:b7:10:91:c0:21:86:fe:4d:01:f7:14:34:d9:aa:
   32.42 -         dc:f3:04:56:c2:08:e6:66:f5:77:55:7e:dd:ea:b5:49:ff:d9:
   32.43 -         32:39:2c:c9:9f:2f:9c:b3:cc:68:25:3e:d4:92:ef:be:b7:a1:
   32.44 -         a5:d6:8c:31:3d:3a:7f:f4:5d:e8:ca:a3:30:29:ff:89:82:63:
   32.45 -         cb:46:47:34:e8:ce:25:dd:a4:09:61:0b:08:7b:fd:24:1b:2b:
   32.46 -         2d:9b:b9:84:ba:9e:fe:c1:2a:bd:df:e5:86:08:9c:74:ca:51:
   32.47 -         c8:2e:b8:24:13:49:8c:a4:3e:c1:48:44:bd:30:18:40:88:43:
   32.48 -         c1:a6
   32.49 ------BEGIN CERTIFICATE-----
   32.50 -MIIDNjCCAp+gAwIBAgIBHjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   32.51 -MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   32.52 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTM1
   32.53 -MDEwMTAxMDEwMVoXDTM1MDEwMjAxMDEwMVowdTELMAkGA1UEBhMCVVMxEzARBgNV
   32.54 -BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   32.55 -a2c1MRIwEAYDVQQDDAljaDEuM190YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS4zX3Rh
   32.56 -MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzliKBWdHqWKZNxM1THR1my/X
   32.57 -TCN6zWA1DJVLWLPdyC1prTyN0ycNAgbQS2xuV+kfPNzziCIlhjUTkTyfdmekrphj
   32.58 -0nNNLwfVf4B+J5IlFqoy/noXZdWf7jmfyKFXapst42HZNdWU+/qVIcMxM1DWL+XA
   32.59 -erunYaTgm17KmSpdatsCAwEAAaOB4TCB3jAdBgNVHQ4EFgQUKERDJlcPRYcapTb7
   32.60 -D0mRS6E48+0wgZsGA1UdIwSBkzCBkIAUtNQ2n/jLol9Qidoh4yfEkfeEiEWhbaRr
   32.61 -MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtT
   32.62 -YW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZI
   32.63 -hvcNAQkBFgN0YTOCCQDAxLR9iNbjPjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
   32.64 -/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOBgQC4oXu6txCRwCGG/k0B9xQ02arc8wRW
   32.65 -wgjmZvV3VX7d6rVJ/9kyOSzJny+cs8xoJT7Uku++t6Gl1owxPTp/9F3oyqMwKf+J
   32.66 -gmPLRkc06M4l3aQJYQsIe/0kGystm7mEup7+wSq93+WGCJx0ylHILrgkE0mMpD7B
   32.67 -SES9MBhAiEPBpg==
   32.68 ------END CERTIFICATE-----
    33.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    33.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/1F.pem	Wed Mar 09 11:27:23 2016 -0800
    33.3 @@ -0,0 +1,86 @@
    33.4 +Certificate:
    33.5 +    Data:
    33.6 +        Version: 3 (0x2)
    33.7 +        Serial Number: 31 (0x1f)
    33.8 +    Signature Algorithm: sha256WithRSAEncryption
    33.9 +        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   33.10 +        Validity
   33.11 +            Not Before: Jan  1 01:01:01 2035 GMT
   33.12 +            Not After : Jan  2 01:01:01 2035 GMT
   33.13 +        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.3_ta3/emailAddress=ch1.3_ta3
   33.14 +        Subject Public Key Info:
   33.15 +            Public Key Algorithm: rsaEncryption
   33.16 +                Public-Key: (2048 bit)
   33.17 +                Modulus:
   33.18 +                    00:a5:a2:9a:58:4a:0e:d7:07:3b:38:52:04:65:eb:
   33.19 +                    e5:9e:7c:eb:2e:d6:22:89:1e:a8:b2:5c:d2:8b:6e:
   33.20 +                    76:3b:7c:66:dd:ec:d9:ee:2a:6e:d0:b8:47:e2:cf:
   33.21 +                    30:c8:13:9c:60:2b:6a:e1:9e:62:65:71:77:fb:50:
   33.22 +                    8f:08:95:55:05:86:93:ed:38:f6:b8:5d:bf:07:a1:
   33.23 +                    d9:66:7d:da:80:7b:09:c3:02:74:9c:33:44:6d:cd:
   33.24 +                    7a:0e:be:46:54:14:65:f8:11:75:1f:d7:f4:6c:c8:
   33.25 +                    97:76:fb:20:0c:86:ff:31:bd:c4:7b:86:38:4c:ee:
   33.26 +                    96:c6:c2:b4:c1:ca:ce:9f:43:16:ef:86:d4:fe:fd:
   33.27 +                    04:06:a6:a7:99:30:8e:aa:a8:d3:93:b2:b2:cd:0f:
   33.28 +                    56:50:1a:02:8d:71:c9:2d:b5:97:b7:d2:ca:c8:b1:
   33.29 +                    9d:9b:bd:a6:9c:5a:da:7d:22:2c:41:34:2d:b9:5f:
   33.30 +                    06:d8:ad:26:20:98:f2:d7:48:71:5f:c7:9f:bb:02:
   33.31 +                    6a:64:65:7b:ec:d6:80:ab:a3:c6:45:55:8a:e6:b2:
   33.32 +                    1d:f6:d0:b9:c4:26:85:88:7b:ea:84:3a:3c:f1:c7:
   33.33 +                    e6:b0:47:f6:5f:99:85:b1:cd:5c:20:6a:cc:e4:2c:
   33.34 +                    7d:72:23:92:21:85:37:c5:20:e5:ff:07:36:35:d5:
   33.35 +                    b7:2f
   33.36 +                Exponent: 65537 (0x10001)
   33.37 +        X509v3 extensions:
   33.38 +            X509v3 Subject Key Identifier: 
   33.39 +                8B:2B:21:B0:6C:71:E6:F0:68:6D:FC:32:0C:DB:53:38:EC:B3:43:A6
   33.40 +            X509v3 Authority Key Identifier: 
   33.41 +                keyid:29:6E:FA:0C:C3:3A:D4:13:5F:93:39:0F:10:08:27:C7:BF:62:56:E5
   33.42 +                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta3/emailAddress=ta3
   33.43 +                serial:8A:15:23:60:8D:FB:3E:84
   33.44 +
   33.45 +            X509v3 Basic Constraints: critical
   33.46 +                CA:TRUE
   33.47 +            X509v3 Key Usage: critical
   33.48 +                Certificate Sign, CRL Sign
   33.49 +    Signature Algorithm: sha256WithRSAEncryption
   33.50 +         84:66:26:74:86:86:ab:62:33:c4:6e:69:75:7c:54:be:52:f6:
   33.51 +         0a:4e:3a:36:9c:11:a9:f0:7c:65:0d:eb:c5:f4:f7:bf:28:64:
   33.52 +         9f:de:ac:f7:cb:cd:3b:eb:57:a1:2b:3f:d4:e9:d1:f9:2c:7b:
   33.53 +         75:c8:5b:9c:a6:22:cc:fd:04:5e:48:f3:0f:22:a0:f7:75:a8:
   33.54 +         56:b7:4a:95:ee:a0:be:29:c4:8b:9d:ef:d9:65:f6:ac:a8:37:
   33.55 +         41:cc:79:cd:ea:b2:dd:d0:e8:b3:2d:80:36:dd:eb:31:62:7f:
   33.56 +         7e:1a:15:ae:3b:14:cf:ae:aa:1d:8d:42:1e:aa:b7:28:4c:ae:
   33.57 +         30:b2:ab:ac:b4:48:50:e6:ec:35:94:fb:7f:94:de:f8:ea:f9:
   33.58 +         e5:7d:d4:3e:db:58:79:49:59:25:85:33:20:f0:b1:e0:7c:44:
   33.59 +         79:4a:61:e3:39:d4:06:c8:87:05:a5:ce:ff:13:4d:ba:3a:2e:
   33.60 +         9e:78:15:f3:d3:85:9c:41:e1:2d:6d:e2:ce:d1:1d:cc:4f:ee:
   33.61 +         6e:3f:3d:d1:16:df:e2:fe:2a:fc:6b:1f:cc:e1:45:57:0b:b7:
   33.62 +         26:3d:ca:14:ee:5d:81:cd:69:28:4b:d6:25:30:6f:68:39:ea:
   33.63 +         b6:5c:e7:37:05:55:a6:c4:9b:72:42:f8:f1:46:fe:a0:56:27:
   33.64 +         e1:c6:85:e8
   33.65 +-----BEGIN CERTIFICATE-----
   33.66 +MIIEOzCCAyOgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   33.67 +MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   33.68 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTM1
   33.69 +MDEwMTAxMDEwMVoXDTM1MDEwMjAxMDEwMVowdTELMAkGA1UEBhMCVVMxEzARBgNV
   33.70 +BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   33.71 +a2c1MRIwEAYDVQQDDAljaDEuM190YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS4zX3Rh
   33.72 +MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWimlhKDtcHOzhSBGXr
   33.73 +5Z586y7WIokeqLJc0otudjt8Zt3s2e4qbtC4R+LPMMgTnGArauGeYmVxd/tQjwiV
   33.74 +VQWGk+049rhdvweh2WZ92oB7CcMCdJwzRG3Neg6+RlQUZfgRdR/X9GzIl3b7IAyG
   33.75 +/zG9xHuGOEzulsbCtMHKzp9DFu+G1P79BAamp5kwjqqo05Oyss0PVlAaAo1xyS21
   33.76 +l7fSysixnZu9ppxa2n0iLEE0LblfBtitJiCY8tdIcV/Hn7sCamRle+zWgKujxkVV
   33.77 +iuayHfbQucQmhYh76oQ6PPHH5rBH9l+ZhbHNXCBqzOQsfXIjkiGFN8Ug5f8HNjXV
   33.78 +ty8CAwEAAaOB4TCB3jAdBgNVHQ4EFgQUiyshsGxx5vBobfwyDNtTOOyzQ6YwgZsG
   33.79 +A1UdIwSBkzCBkIAUKW76DMM61BNfkzkPEAgnx79iVuWhbaRrMGkxCzAJBgNVBAYT
   33.80 +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEN
   33.81 +MAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZIhvcNAQkBFgN0YTOC
   33.82 +CQCKFSNgjfs+hDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq
   33.83 +hkiG9w0BAQsFAAOCAQEAhGYmdIaGq2IzxG5pdXxUvlL2Ck46NpwRqfB8ZQ3rxfT3
   33.84 +vyhkn96s98vNO+tXoSs/1OnR+Sx7dchbnKYizP0EXkjzDyKg93WoVrdKle6gvinE
   33.85 +i53v2WX2rKg3Qcx5zeqy3dDosy2ANt3rMWJ/fhoVrjsUz66qHY1CHqq3KEyuMLKr
   33.86 +rLRIUObsNZT7f5Te+Or55X3UPttYeUlZJYUzIPCx4HxEeUph4znUBsiHBaXO/xNN
   33.87 +ujounngV89OFnEHhLW3iztEdzE/ubj890Rbf4v4q/GsfzOFFVwu3Jj3KFO5dgc1p
   33.88 +KEvWJTBvaDnqtlznNwVVpsSbckL48Ub+oFYn4caF6A==
   33.89 +-----END CERTIFICATE-----
    34.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/20.pem	Tue Mar 08 11:12:06 2016 -0800
    34.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    34.3 @@ -1,62 +0,0 @@
    34.4 -Certificate:
    34.5 -    Data:
    34.6 -        Version: 3 (0x2)
    34.7 -        Serial Number: 32 (0x20)
    34.8 -    Signature Algorithm: sha256WithRSAEncryption
    34.9 -        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   34.10 -        Validity
   34.11 -            Not Before: Jan  1 01:01:01 2035 GMT
   34.12 -            Not After : Jan  2 01:01:01 2035 GMT
   34.13 -        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.4_ta3/emailAddress=ch1.4_ta3
   34.14 -        Subject Public Key Info:
   34.15 -            Public Key Algorithm: rsaEncryption
   34.16 -                Public-Key: (1024 bit)
   34.17 -                Modulus:
   34.18 -                    00:e9:3c:28:6e:b8:7a:e3:7a:f2:ee:5e:69:7a:71:
   34.19 -                    b8:bb:97:d5:d3:c4:77:3e:90:f3:29:69:b8:51:ba:
   34.20 -                    8b:27:4d:3f:b2:10:76:86:6e:38:4a:49:be:ce:01:
   34.21 -                    c5:d2:0e:6e:0e:a9:51:e9:94:57:ce:67:4b:99:ca:
   34.22 -                    84:93:a9:f9:e6:35:1c:0f:d6:3d:b1:c1:c7:00:d7:
   34.23 -                    fa:2c:05:a0:20:0d:86:6d:32:c0:54:0f:e8:b9:6e:
   34.24 -                    b5:dd:1a:00:4c:89:bf:d4:6d:79:0e:e7:4e:10:d2:
   34.25 -                    fb:75:2c:03:da:75:c8:e1:b7:dc:2e:42:c5:9b:ec:
   34.26 -                    b2:f1:15:6d:db:56:f9:20:a3
   34.27 -                Exponent: 65537 (0x10001)
   34.28 -        X509v3 extensions:
   34.29 -            X509v3 Subject Key Identifier: 
   34.30 -                33:65:69:5E:6D:D8:12:02:E9:68:A2:6C:7D:77:F1:38:D8:7B:97:E6
   34.31 -            X509v3 Authority Key Identifier: 
   34.32 -                keyid:B4:D4:36:9F:F8:CB:A2:5F:50:89:DA:21:E3:27:C4:91:F7:84:88:45
   34.33 -                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta3/emailAddress=ta3
   34.34 -                serial:C0:C4:B4:7D:88:D6:E3:3E
   34.35 -
   34.36 -            X509v3 Basic Constraints: critical
   34.37 -                CA:TRUE
   34.38 -    Signature Algorithm: sha256WithRSAEncryption
   34.39 -         5c:06:87:8e:6c:26:b3:5d:7c:94:c0:e3:7d:9e:8c:7c:bf:86:
   34.40 -         e0:07:8a:65:95:af:8f:93:0c:a6:72:e5:cb:36:a5:69:03:95:
   34.41 -         03:7f:e0:18:c8:f2:da:ce:99:b8:54:7a:49:75:f2:61:00:d4:
   34.42 -         f4:63:e1:5c:cc:f0:91:e7:85:92:0d:7e:91:4b:3a:8b:76:e6:
   34.43 -         a0:c8:51:28:06:44:d2:c8:a8:4c:da:be:7e:78:88:45:d3:f7:
   34.44 -         07:92:90:fc:96:4d:7d:ce:5a:c9:9a:21:d9:66:98:3e:9b:5d:
   34.45 -         18:9a:0c:b8:c4:10:86:4d:06:15:d9:ea:19:9b:e7:f7:e2:74:
   34.46 -         25:eb
   34.47 ------BEGIN CERTIFICATE-----
   34.48 -MIIDJjCCAo+gAwIBAgIBIDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   34.49 -MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   34.50 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTM1
   34.51 -MDEwMTAxMDEwMVoXDTM1MDEwMjAxMDEwMVowdTELMAkGA1UEBhMCVVMxEzARBgNV
   34.52 -BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   34.53 -a2c1MRIwEAYDVQQDDAljaDEuNF90YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS40X3Rh
   34.54 -MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Twobrh643ry7l5penG4u5fV
   34.55 -08R3PpDzKWm4UbqLJ00/shB2hm44Skm+zgHF0g5uDqlR6ZRXzmdLmcqEk6n55jUc
   34.56 -D9Y9scHHANf6LAWgIA2GbTLAVA/ouW613RoATIm/1G15DudOENL7dSwD2nXI4bfc
   34.57 -LkLFm+yy8RVt21b5IKMCAwEAAaOB0TCBzjAdBgNVHQ4EFgQUM2VpXm3YEgLpaKJs
   34.58 -fXfxONh7l+YwgZsGA1UdIwSBkzCBkIAUtNQ2n/jLol9Qidoh4yfEkfeEiEWhbaRr
   34.59 -MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtT
   34.60 -YW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZI
   34.61 -hvcNAQkBFgN0YTOCCQDAxLR9iNbjPjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
   34.62 -DQEBCwUAA4GBAFwGh45sJrNdfJTA432ejHy/huAHimWVr4+TDKZy5cs2pWkDlQN/
   34.63 -4BjI8trOmbhUekl18mEA1PRj4VzM8JHnhZINfpFLOot25qDIUSgGRNLIqEzavn54
   34.64 -iEXT9weSkPyWTX3OWsmaIdlmmD6bXRiaDLjEEIZNBhXZ6hmb5/fidCXr
   34.65 ------END CERTIFICATE-----
    35.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    35.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/21.pem	Wed Mar 09 11:27:23 2016 -0800
    35.3 @@ -0,0 +1,84 @@
    35.4 +Certificate:
    35.5 +    Data:
    35.6 +        Version: 3 (0x2)
    35.7 +        Serial Number: 33 (0x21)
    35.8 +    Signature Algorithm: sha256WithRSAEncryption
    35.9 +        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   35.10 +        Validity
   35.11 +            Not Before: Jan  1 01:01:01 2035 GMT
   35.12 +            Not After : Jan  2 01:01:01 2035 GMT
   35.13 +        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.4_ta3/emailAddress=ch1.4_ta3
   35.14 +        Subject Public Key Info:
   35.15 +            Public Key Algorithm: rsaEncryption
   35.16 +                Public-Key: (2048 bit)
   35.17 +                Modulus:
   35.18 +                    00:c1:a0:1e:ec:bd:27:9e:d7:47:3d:4d:78:63:df:
   35.19 +                    b7:54:05:09:1b:22:65:15:de:2a:98:ef:b4:28:f0:
   35.20 +                    2a:92:87:2e:93:7f:0f:3d:ca:ce:d1:b5:23:26:8e:
   35.21 +                    65:4c:c2:57:82:3a:45:8c:5e:77:ac:68:ef:ce:e5:
   35.22 +                    1b:ba:b5:ba:f2:7d:73:04:d0:28:d8:27:74:bb:93:
   35.23 +                    ec:9d:2a:8c:a3:52:95:c0:4b:1a:76:e9:c1:6a:d4:
   35.24 +                    11:84:57:f2:9c:e9:4c:90:ba:7b:ac:cd:8b:a5:7f:
   35.25 +                    ed:43:d7:c3:a0:9e:7b:c6:07:f9:e2:10:46:b9:1e:
   35.26 +                    d6:87:aa:1c:e0:92:89:76:2c:ca:ab:5b:99:92:35:
   35.27 +                    b0:28:88:2d:08:76:99:ed:27:1b:e9:5f:ba:3a:ef:
   35.28 +                    fd:c5:09:43:74:ec:9d:7c:01:cf:db:37:43:3f:c8:
   35.29 +                    6b:9c:8f:f9:c9:04:cb:28:5a:70:ee:19:da:b0:f8:
   35.30 +                    65:5f:c1:d8:09:d0:9e:5e:94:e5:93:79:ad:25:ec:
   35.31 +                    73:1e:4c:43:30:e8:62:bf:a1:f5:ba:3a:21:10:d0:
   35.32 +                    5d:38:a8:fd:a0:4e:e8:b2:13:da:d3:da:b0:85:86:
   35.33 +                    94:36:be:13:4a:66:ad:89:ac:41:0e:e5:47:dc:d4:
   35.34 +                    bd:19:b2:9d:8b:58:27:e4:90:8c:77:09:62:c5:a9:
   35.35 +                    55:c9
   35.36 +                Exponent: 65537 (0x10001)
   35.37 +        X509v3 extensions:
   35.38 +            X509v3 Subject Key Identifier: 
   35.39 +                5F:F9:18:9C:13:FA:0C:6D:68:90:7F:A8:63:2E:5F:68:8D:27:9D:A5
   35.40 +            X509v3 Authority Key Identifier: 
   35.41 +                keyid:29:6E:FA:0C:C3:3A:D4:13:5F:93:39:0F:10:08:27:C7:BF:62:56:E5
   35.42 +                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta3/emailAddress=ta3
   35.43 +                serial:8A:15:23:60:8D:FB:3E:84
   35.44 +
   35.45 +            X509v3 Basic Constraints: critical
   35.46 +                CA:TRUE
   35.47 +    Signature Algorithm: sha256WithRSAEncryption
   35.48 +         24:b0:07:7a:c9:05:ad:8b:61:44:b4:79:c6:5e:3f:af:82:d8:
   35.49 +         ee:71:fb:a2:78:c8:40:aa:69:c0:66:76:31:20:62:e4:22:1e:
   35.50 +         7f:db:47:50:76:f5:0c:09:c2:ef:c7:5f:18:7d:2f:a8:37:4f:
   35.51 +         a8:aa:07:2c:5f:f1:e4:7d:6e:02:de:ae:6a:29:22:e5:d9:4e:
   35.52 +         b7:5b:5f:fa:9c:e2:86:f3:4e:89:46:95:8a:70:3a:a3:da:a7:
   35.53 +         5c:ad:c2:d0:35:cf:6b:8a:eb:8b:55:78:29:fe:c5:a8:71:fd:
   35.54 +         96:e2:7f:05:8f:1e:eb:7c:c2:dd:cb:4c:94:05:a2:76:11:fe:
   35.55 +         ed:d7:7a:df:92:13:7e:12:bb:e4:ff:11:19:b9:04:54:19:6f:
   35.56 +         f0:e3:42:f1:d4:48:d2:5c:0d:83:b8:7d:04:49:ec:c1:6f:a0:
   35.57 +         a7:41:68:8a:e8:78:2d:42:ad:58:b9:0e:0c:a9:14:5a:ce:2e:
   35.58 +         2c:ba:4a:18:98:87:65:d3:8f:cd:23:11:22:35:ea:76:7a:a3:
   35.59 +         33:74:a7:03:aa:84:df:6f:26:d5:e1:4a:e5:91:76:f8:79:2d:
   35.60 +         e0:4d:18:f3:8c:95:5c:6f:c8:f8:03:3a:ab:d6:59:55:17:2b:
   35.61 +         f8:6d:6d:1b:cd:e8:08:92:4c:ea:0d:98:f8:3f:e8:a8:12:fa:
   35.62 +         bb:cb:13:de
   35.63 +-----BEGIN CERTIFICATE-----
   35.64 +MIIEKzCCAxOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   35.65 +MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   35.66 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTM1
   35.67 +MDEwMTAxMDEwMVoXDTM1MDEwMjAxMDEwMVowdTELMAkGA1UEBhMCVVMxEzARBgNV
   35.68 +BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   35.69 +a2c1MRIwEAYDVQQDDAljaDEuNF90YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS40X3Rh
   35.70 +MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGgHuy9J57XRz1NeGPf
   35.71 +t1QFCRsiZRXeKpjvtCjwKpKHLpN/Dz3KztG1IyaOZUzCV4I6RYxed6xo787lG7q1
   35.72 +uvJ9cwTQKNgndLuT7J0qjKNSlcBLGnbpwWrUEYRX8pzpTJC6e6zNi6V/7UPXw6Ce
   35.73 +e8YH+eIQRrke1oeqHOCSiXYsyqtbmZI1sCiILQh2me0nG+lfujrv/cUJQ3TsnXwB
   35.74 +z9s3Qz/Ia5yP+ckEyyhacO4Z2rD4ZV/B2AnQnl6U5ZN5rSXscx5MQzDoYr+h9bo6
   35.75 +IRDQXTio/aBO6LIT2tPasIWGlDa+E0pmrYmsQQ7lR9zUvRmynYtYJ+SQjHcJYsWp
   35.76 +VckCAwEAAaOB0TCBzjAdBgNVHQ4EFgQUX/kYnBP6DG1okH+oYy5faI0nnaUwgZsG
   35.77 +A1UdIwSBkzCBkIAUKW76DMM61BNfkzkPEAgnx79iVuWhbaRrMGkxCzAJBgNVBAYT
   35.78 +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEN
   35.79 +MAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZIhvcNAQkBFgN0YTOC
   35.80 +CQCKFSNgjfs+hDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAk
   35.81 +sAd6yQWti2FEtHnGXj+vgtjucfuieMhAqmnAZnYxIGLkIh5/20dQdvUMCcLvx18Y
   35.82 +fS+oN0+oqgcsX/HkfW4C3q5qKSLl2U63W1/6nOKG806JRpWKcDqj2qdcrcLQNc9r
   35.83 +iuuLVXgp/sWocf2W4n8Fjx7rfMLdy0yUBaJ2Ef7t13rfkhN+Ervk/xEZuQRUGW/w
   35.84 +40Lx1EjSXA2DuH0ESezBb6CnQWiK6HgtQq1YuQ4MqRRazi4sukoYmIdl04/NIxEi
   35.85 +Nep2eqMzdKcDqoTfbybV4UrlkXb4eS3gTRjzjJVcb8j4Azqr1llVFyv4bW0bzegI
   35.86 +kkzqDZj4P+ioEvq7yxPe
   35.87 +-----END CERTIFICATE-----
    36.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/22.pem	Tue Mar 08 11:12:06 2016 -0800
    36.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    36.3 @@ -1,65 +0,0 @@
    36.4 -Certificate:
    36.5 -    Data:
    36.6 -        Version: 3 (0x2)
    36.7 -        Serial Number: 34 (0x22)
    36.8 -    Signature Algorithm: sha256WithRSAEncryption
    36.9 -        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta4/emailAddress=ta4
   36.10 -        Validity
   36.11 -            Not Before: Dec 13 00:13:37 2013 GMT
   36.12 -            Not After : Sep  8 00:13:37 2016 GMT
   36.13 -        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta4/emailAddress=ch1_ta4
   36.14 -        Subject Public Key Info:
   36.15 -            Public Key Algorithm: rsaEncryption
   36.16 -                Public-Key: (1024 bit)
   36.17 -                Modulus:
   36.18 -                    00:b4:25:1c:3a:c2:26:af:8d:82:4d:29:e3:e0:78:
   36.19 -                    6f:2b:7f:3c:b1:8c:c0:37:96:71:d2:42:21:df:2e:
   36.20 -                    c4:c0:5a:60:e4:71:6f:05:df:88:a8:4b:ec:87:54:
   36.21 -                    8d:08:c9:f7:19:84:a5:d0:cc:cb:43:c3:70:69:67:
   36.22 -                    2e:4c:be:e6:2d:93:90:f9:02:30:a7:43:d2:1f:e5:
   36.23 -                    d4:cf:5b:5c:74:88:06:0e:ee:cd:78:2c:2f:27:4c:
   36.24 -                    99:2f:be:9a:73:5b:9b:1c:e3:67:54:b6:74:a7:c9:
   36.25 -                    31:d3:63:6a:c5:4a:50:22:eb:af:e2:cd:7a:de:59:
   36.26 -                    68:6a:a6:0e:26:d6:52:b6:a1
   36.27 -                Exponent: 65537 (0x10001)
   36.28 -        X509v3 extensions:
   36.29 -            X509v3 Subject Key Identifier: 
   36.30 -                29:7A:F9:B4:E3:1B:8F:19:63:52:FA:19:A0:AB:DA:37:E4:70:A9:71
   36.31 -            X509v3 Authority Key Identifier: 
   36.32 -                keyid:84:46:29:88:74:31:EF:A6:CC:3C:E3:58:29:DE:BE:FD:1B:F4:59:98
   36.33 -                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta4/emailAddress=ta4
   36.34 -                serial:E8:F7:8D:38:FA:4B:55:DD
   36.35 -
   36.36 -            X509v3 Basic Constraints: critical
   36.37 -                CA:TRUE
   36.38 -            X509v3 Key Usage: critical
   36.39 -                Certificate Sign, CRL Sign
   36.40 -    Signature Algorithm: sha256WithRSAEncryption
   36.41 -         91:d2:2e:6f:55:ce:c6:39:d8:b4:1f:7a:df:7f:bd:8f:4e:66:
   36.42 -         ec:10:3d:35:f1:36:22:90:ae:b7:16:e4:48:f5:ec:63:27:e8:
   36.43 -         88:32:78:ac:21:cc:71:f9:46:6a:73:b7:09:24:a7:44:68:41:
   36.44 -         a5:07:f9:a3:ec:c7:53:ca:68:e4:09:68:b7:ee:11:f2:8c:08:
   36.45 -         80:3c:a5:56:e2:f3:a8:aa:1e:34:99:49:26:8a:1f:50:36:d2:
   36.46 -         0e:ee:b6:a0:a6:e6:b0:94:41:a6:bc:de:93:6f:af:b3:fa:f4:
   36.47 -         a3:c3:46:83:f8:27:67:8e:9e:40:ec:79:08:0b:e2:46:73:61:
   36.48 -         0d:c6
   36.49 ------BEGIN CERTIFICATE-----
   36.50 -MIIDMjCCApugAwIBAgIBIjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   36.51 -MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   36.52 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhNDESMBAGCSqGSIb3DQEJARYDdGE0MB4XDTEz
   36.53 -MTIxMzAwMTMzN1oXDTE2MDkwODAwMTMzN1owcTELMAkGA1UEBhMCVVMxEzARBgNV
   36.54 -BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   36.55 -a2c1MRAwDgYDVQQDDAdjaDFfdGE0MRYwFAYJKoZIhvcNAQkBFgdjaDFfdGE0MIGf
   36.56 -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0JRw6wiavjYJNKePgeG8rfzyxjMA3
   36.57 -lnHSQiHfLsTAWmDkcW8F34ioS+yHVI0IyfcZhKXQzMtDw3BpZy5MvuYtk5D5AjCn
   36.58 -Q9If5dTPW1x0iAYO7s14LC8nTJkvvppzW5sc42dUtnSnyTHTY2rFSlAi66/izXre
   36.59 -WWhqpg4m1lK2oQIDAQABo4HhMIHeMB0GA1UdDgQWBBQpevm04xuPGWNS+hmgq9o3
   36.60 -5HCpcTCBmwYDVR0jBIGTMIGQgBSERimIdDHvpsw841gp3r79G/RZmKFtpGswaTEL
   36.61 -MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRh
   36.62 -IENsYXJhMQ0wCwYDVQQKDARwa2c1MQwwCgYDVQQDDAN0YTQxEjAQBgkqhkiG9w0B
   36.63 -CQEWA3RhNIIJAOj3jTj6S1XdMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
   36.64 -AgEGMA0GCSqGSIb3DQEBCwUAA4GBAJHSLm9VzsY52LQfet9/vY9OZuwQPTXxNiKQ
   36.65 -rrcW5Ej17GMn6IgyeKwhzHH5Rmpztwkkp0RoQaUH+aPsx1PKaOQJaLfuEfKMCIA8
   36.66 -pVbi86iqHjSZSSaKH1A20g7utqCm5rCUQaa83pNvr7P69KPDRoP4J2eOnkDseQgL
   36.67 -4kZzYQ3G
   36.68 ------END CERTIFICATE-----
    37.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    37.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/23.pem	Wed Mar 09 11:27:23 2016 -0800
    37.3 @@ -0,0 +1,86 @@
    37.4 +Certificate:
    37.5 +    Data:
    37.6 +        Version: 3 (0x2)
    37.7 +        Serial Number: 35 (0x23)
    37.8 +    Signature Algorithm: sha256WithRSAEncryption
    37.9 +        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta4/emailAddress=ta4
   37.10 +        Validity
   37.11 +            Not Before: Jan 22 01:57:59 2016 GMT
   37.12 +            Not After : Oct 18 01:57:59 2018 GMT
   37.13 +        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta4/emailAddress=ch1_ta4
   37.14 +        Subject Public Key Info:
   37.15 +            Public Key Algorithm: rsaEncryption
   37.16 +                Public-Key: (2048 bit)
   37.17 +                Modulus:
   37.18 +                    00:bb:fd:5f:54:54:fb:49:01:62:e3:f9:cb:c6:a1:
   37.19 +                    e4:26:2c:7d:8e:44:0c:d3:2a:de:7c:6d:c0:e3:7e:
   37.20 +                    52:ac:7c:19:8e:6d:18:bd:76:2f:2c:89:d1:5b:e6:
   37.21 +                    e4:cb:58:b4:19:8d:d4:16:c9:23:83:f7:48:7f:dd:
   37.22 +                    4e:0f:8d:56:21:43:7b:69:3f:ec:13:dc:34:6e:f0:
   37.23 +                    28:e5:21:eb:45:2c:0f:50:c1:17:0d:f7:81:ee:bb:
   37.24 +                    6c:ee:f8:e7:3d:b9:62:d9:45:92:f1:52:f8:d3:e0:
   37.25 +                    0c:fc:cc:db:98:6a:21:15:71:7e:a4:11:45:e2:bb:
   37.26 +                    d5:bb:2a:6c:d2:ec:81:e0:92:59:e6:db:d9:c4:c2:
   37.27 +                    36:e1:55:73:73:94:cb:c3:b5:1f:a4:27:2e:a3:60:
   37.28 +                    a5:aa:52:3b:55:89:04:f8:f2:c8:4a:a0:04:c1:d1:
   37.29 +                    4b:cb:ea:d9:d0:78:b4:48:db:47:24:bb:45:5b:17:
   37.30 +                    6c:bd:70:0a:88:d7:0b:85:c0:3a:96:3d:ae:ac:da:
   37.31 +                    c7:95:4a:8b:02:1a:42:bf:b1:8d:0d:67:96:75:74:
   37.32 +                    d7:ea:58:4a:d7:f7:74:c2:38:19:94:18:95:a6:04:
   37.33 +                    38:d9:38:24:81:91:d2:07:e1:3e:51:f4:57:83:b0:
   37.34 +                    45:e2:34:e7:67:8e:0e:bd:d9:71:41:40:52:3b:7e:
   37.35 +                    6e:91
   37.36 +                Exponent: 65537 (0x10001)
   37.37 +        X509v3 extensions:
   37.38 +            X509v3 Subject Key Identifier: 
   37.39 +                59:7F:0E:5C:5B:04:78:41:DB:55:AC:9E:07:50:E4:FB:9E:26:28:C8
   37.40 +            X509v3 Authority Key Identifier: 
   37.41 +                keyid:B1:21:EA:DF:EB:EB:ED:BB:BE:BE:0F:FA:69:1D:B6:28:E9:6F:8F:45
   37.42 +                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta4/emailAddress=ta4
   37.43 +                serial:98:F5:DE:E5:E8:5C:CD:26
   37.44 +
   37.45 +            X509v3 Basic Constraints: critical
   37.46 +                CA:TRUE
   37.47 +            X509v3 Key Usage: critical
   37.48 +                Certificate Sign, CRL Sign
   37.49 +    Signature Algorithm: sha256WithRSAEncryption
   37.50 +         4b:d5:d6:af:df:60:18:e2:66:8c:5e:87:2c:bb:50:8d:4b:c0:
   37.51 +         85:63:c3:c4:6f:00:fb:3c:fa:5e:3f:8e:a6:b0:4c:91:ef:29:
   37.52 +         c7:30:82:e6:25:68:44:b5:a8:d0:8a:37:e1:50:e2:2a:ce:37:
   37.53 +         8d:d9:70:84:f0:90:c6:8f:2e:eb:09:f5:5a:5f:e6:4c:1c:24:
   37.54 +         8a:32:17:50:51:47:e5:23:bb:c0:47:47:71:58:36:3a:4e:91:
   37.55 +         79:06:0d:c8:00:e7:20:15:12:bb:28:e3:85:bd:55:dc:78:d5:
   37.56 +         10:79:f8:f0:fb:62:af:81:50:0f:3d:fe:d4:36:4c:60:92:54:
   37.57 +         3a:31:d0:6d:62:b4:29:dd:bd:33:c2:82:ba:00:5b:7a:b4:6d:
   37.58 +         12:d0:0b:fc:dc:65:68:98:d1:73:2a:f1:c0:36:cd:16:b2:e6:
   37.59 +         f5:8e:fc:b9:35:66:43:cb:2e:01:c7:73:4b:75:95:b8:4f:b4:
   37.60 +         58:8c:f7:44:7e:cc:3b:26:39:8f:ad:10:e5:ad:16:f1:8b:1b:
   37.61 +         17:bb:79:16:e6:c7:53:f5:7c:6b:4c:a8:fb:95:63:8f:69:ff:
   37.62 +         67:39:7a:a0:33:67:00:e3:8f:49:77:e5:90:61:1f:da:7d:d8:
   37.63 +         7f:f3:95:b6:74:fc:a0:36:5c:4d:99:39:d2:5f:62:2e:7b:78:
   37.64 +         46:89:76:1a
   37.65 +-----BEGIN CERTIFICATE-----
   37.66 +MIIENzCCAx+gAwIBAgIBIzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   37.67 +MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   37.68 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhNDESMBAGCSqGSIb3DQEJARYDdGE0MB4XDTE2
   37.69 +MDEyMjAxNTc1OVoXDTE4MTAxODAxNTc1OVowcTELMAkGA1UEBhMCVVMxEzARBgNV
   37.70 +BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   37.71 +a2c1MRAwDgYDVQQDDAdjaDFfdGE0MRYwFAYJKoZIhvcNAQkBFgdjaDFfdGE0MIIB
   37.72 +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/1fVFT7SQFi4/nLxqHkJix9
   37.73 +jkQM0yrefG3A435SrHwZjm0YvXYvLInRW+bky1i0GY3UFskjg/dIf91OD41WIUN7
   37.74 +aT/sE9w0bvAo5SHrRSwPUMEXDfeB7rts7vjnPbli2UWS8VL40+AM/MzbmGohFXF+
   37.75 +pBFF4rvVuyps0uyB4JJZ5tvZxMI24VVzc5TLw7UfpCcuo2ClqlI7VYkE+PLISqAE
   37.76 +wdFLy+rZ0Hi0SNtHJLtFWxdsvXAKiNcLhcA6lj2urNrHlUqLAhpCv7GNDWeWdXTX
   37.77 +6lhK1/d0wjgZlBiVpgQ42TgkgZHSB+E+UfRXg7BF4jTnZ44OvdlxQUBSO35ukQID
   37.78 +AQABo4HhMIHeMB0GA1UdDgQWBBRZfw5cWwR4QdtVrJ4HUOT7niYoyDCBmwYDVR0j
   37.79 +BIGTMIGQgBSxIerf6+vtu76+D/ppHbYo6W+PRaFtpGswaTELMAkGA1UEBhMCVVMx
   37.80 +EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYD
   37.81 +VQQKDARwa2c1MQwwCgYDVQQDDAN0YTQxEjAQBgkqhkiG9w0BCQEWA3RhNIIJAJj1
   37.82 +3uXoXM0mMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
   37.83 +DQEBCwUAA4IBAQBL1dav32AY4maMXocsu1CNS8CFY8PEbwD7PPpeP46msEyR7ynH
   37.84 +MILmJWhEtajQijfhUOIqzjeN2XCE8JDGjy7rCfVaX+ZMHCSKMhdQUUflI7vAR0dx
   37.85 +WDY6TpF5Bg3IAOcgFRK7KOOFvVXceNUQefjw+2KvgVAPPf7UNkxgklQ6MdBtYrQp
   37.86 +3b0zwoK6AFt6tG0S0Av83GVomNFzKvHANs0Wsub1jvy5NWZDyy4Bx3NLdZW4T7RY
   37.87 +jPdEfsw7JjmPrRDlrRbxixsXu3kW5sdT9XxrTKj7lWOPaf9nOXqgM2cA449Jd+WQ
   37.88 +YR/afdh/85W2dPygNlxNmTnSX2Iue3hGiXYa
   37.89 +-----END CERTIFICATE-----
    38.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/26.pem	Tue Mar 08 11:12:06 2016 -0800
    38.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    38.3 @@ -1,65 +0,0 @@
    38.4 -Certificate:
    38.5 -    Data:
    38.6 -        Version: 3 (0x2)
    38.7 -        Serial Number: 38 (0x26)
    38.8 -    Signature Algorithm: sha256WithRSAEncryption
    38.9 -        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta4/emailAddress=ta4
   38.10 -        Validity
   38.11 -            Not Before: Dec 13 00:13:37 2013 GMT
   38.12 -            Not After : Sep  8 00:13:37 2016 GMT
   38.13 -        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.1_ta4/emailAddress=ch1.1_ta4
   38.14 -        Subject Public Key Info:
   38.15 -            Public Key Algorithm: rsaEncryption
   38.16 -                Public-Key: (1024 bit)
   38.17 -                Modulus:
   38.18 -                    00:ba:40:be:7e:1b:2f:92:11:cc:dc:44:14:76:87:
   38.19 -                    8a:6a:94:b6:28:4e:87:5b:bc:57:46:75:63:38:4d:
   38.20 -                    90:3e:7a:46:0e:87:e9:a9:04:1a:7d:e5:20:dc:81:
   38.21 -                    9a:79:7e:1b:ab:ce:50:ce:47:54:04:98:16:d5:a6:
   38.22 -                    6d:16:3c:52:ef:ed:43:c5:9b:d3:c8:48:cb:47:5d:
   38.23 -                    08:1d:d1:44:fd:7c:c7:54:41:11:3b:3e:ae:bb:7f:
   38.24 -                    94:a6:13:8f:89:6c:24:b3:a8:5e:e2:5d:20:40:85:
   38.25 -                    2b:a0:ac:ed:a3:a8:b2:15:59:fc:ad:e8:5d:72:ee:
   38.26 -                    64:eb:9c:30:8c:0a:97:32:f9
   38.27 -                Exponent: 65537 (0x10001)
   38.28 -        X509v3 extensions:
   38.29 -            X509v3 Subject Key Identifier: 
   38.30 -                D1:74:80:71:CE:2E:24:57:71:C0:CA:50:42:8B:B3:99:0C:C7:6B:AD
   38.31 -            X509v3 Authority Key Identifier: 
   38.32 -                keyid:84:46:29:88:74:31:EF:A6:CC:3C:E3:58:29:DE:BE:FD:1B:F4:59:98
   38.33 -                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta4/emailAddress=ta4
   38.34 -                serial:E8:F7:8D:38:FA:4B:55:DD
   38.35 -
   38.36 -            X509v3 Basic Constraints: critical
   38.37 -                CA:TRUE
   38.38 -            X509v3 Key Usage: critical
   38.39 -                Certificate Sign
   38.40 -    Signature Algorithm: sha256WithRSAEncryption
   38.41 -         25:f7:af:7c:b8:de:50:02:c2:31:ed:50:89:5e:85:bc:e5:f4:
   38.42 -         a0:03:7e:35:85:d5:2c:4c:bb:62:39:45:e9:50:9b:db:7a:4b:
   38.43 -         91:e1:dd:e7:dc:b6:da:36:69:d7:2d:68:5c:96:a9:7b:e8:33:
   38.44 -         17:4c:28:75:c2:6c:53:a8:11:8f:8f:23:89:59:25:8b:26:75:
   38.45 -         4c:ee:9a:13:eb:78:28:52:dc:b2:fd:96:04:73:a8:78:9e:24:
   38.46 -         b2:b2:85:88:84:10:ec:83:42:65:22:f1:b5:15:76:14:db:5c:
   38.47 -         28:43:a4:62:df:27:4a:c5:4b:00:d5:44:83:24:37:f5:c5:4d:
   38.48 -         b0:4a
   38.49 ------BEGIN CERTIFICATE-----
   38.50 -MIIDNjCCAp+gAwIBAgIBJjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   38.51 -MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   38.52 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhNDESMBAGCSqGSIb3DQEJARYDdGE0MB4XDTEz
   38.53 -MTIxMzAwMTMzN1oXDTE2MDkwODAwMTMzN1owdTELMAkGA1UEBhMCVVMxEzARBgNV
   38.54 -BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   38.55 -a2c1MRIwEAYDVQQDDAljaDEuMV90YTQxGDAWBgkqhkiG9w0BCQEWCWNoMS4xX3Rh
   38.56 -NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAukC+fhsvkhHM3EQUdoeKapS2
   38.57 -KE6HW7xXRnVjOE2QPnpGDofpqQQafeUg3IGaeX4bq85QzkdUBJgW1aZtFjxS7+1D
   38.58 -xZvTyEjLR10IHdFE/XzHVEEROz6uu3+UphOPiWwks6he4l0gQIUroKzto6iyFVn8
   38.59 -rehdcu5k65wwjAqXMvkCAwEAAaOB4TCB3jAdBgNVHQ4EFgQU0XSAcc4uJFdxwMpQ
   38.60 -QouzmQzHa60wgZsGA1UdIwSBkzCBkIAUhEYpiHQx76bMPONYKd6+/Rv0WZihbaRr
   38.61 -MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtT
   38.62 -YW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGE0MRIwEAYJKoZI
   38.63 -hvcNAQkBFgN0YTSCCQDo9404+ktV3TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
   38.64 -/wQEAwICBDANBgkqhkiG9w0BAQsFAAOBgQAl9698uN5QAsIx7VCJXoW85fSgA341
   38.65 -hdUsTLtiOUXpUJvbekuR4d3n3LbaNmnXLWhclql76DMXTCh1wmxTqBGPjyOJWSWL
   38.66 -JnVM7poT63goUtyy/ZYEc6h4niSysoWIhBDsg0JlIvG1FXYU21woQ6Ri3ydKxUsA
   38.67 -1USDJDf1xU2wSg==
   38.68 ------END CERTIFICATE-----
    39.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    39.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/27.pem	Wed Mar 09 11:27:23 2016 -0800
    39.3 @@ -0,0 +1,86 @@
    39.4 +Certificate:
    39.5 +    Data:
    39.6 +        Version: 3 (0x2)
    39.7 +        Serial Number: 39 (0x27)
    39.8 +    Signature Algorithm: sha256WithRSAEncryption
    39.9 +        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta4/emailAddress=ta4
   39.10 +        Validity
   39.11 +            Not Before: Jan 22 01:57:59 2016 GMT
   39.12 +            Not After : Oct 18 01:57:59 2018 GMT
   39.13 +        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.1_ta4/emailAddress=ch1.1_ta4
   39.14 +        Subject Public Key Info:
   39.15 +            Public Key Algorithm: rsaEncryption
   39.16 +                Public-Key: (2048 bit)
   39.17 +                Modulus:
   39.18 +                    00:c7:65:56:1d:48:8d:ff:08:42:35:57:38:6b:5a:
   39.19 +                    12:0f:c8:73:a8:13:df:96:ce:9e:7c:bc:d7:09:1f:
   39.20 +                    3e:31:7d:56:4b:0b:e8:51:5c:69:64:a2:43:96:6d:
   39.21 +                    6a:96:d9:2c:6c:68:73:2e:40:5a:f6:51:5a:6b:e6:
   39.22 +                    e4:78:4d:fd:5e:82:53:b8:98:0b:ce:66:37:14:8e:
   39.23 +                    6b:6d:8d:53:a9:9b:cc:88:08:b5:77:c9:48:d9:b5:
   39.24 +                    9d:9f:05:b9:2e:97:77:96:c5:f3:c5:a1:65:d0:f1:
   39.25 +                    77:b2:98:d1:ee:6b:56:16:ab:23:65:11:ad:2c:16:
   39.26 +                    6a:cb:eb:d8:87:5e:8e:f2:37:27:f0:9f:1f:ae:73:
   39.27 +                    9b:0f:b0:06:1c:cf:da:9d:ac:c7:76:dd:30:94:69:
   39.28 +                    7d:27:ce:62:d8:18:64:30:59:8c:1c:54:aa:74:c9:
   39.29 +                    8c:a3:11:b0:04:3c:50:c5:27:1a:eb:51:fa:b8:92:
   39.30 +                    10:ed:51:4a:65:e6:73:c7:97:4e:5a:6e:76:e2:61:
   39.31 +                    cc:26:61:f1:c9:d6:4f:db:81:cb:69:6a:d0:91:16:
   39.32 +                    c3:dd:70:9c:6a:8d:75:ea:a1:39:65:9f:86:16:ed:
   39.33 +                    fa:c8:f1:f9:58:79:1e:4d:27:51:29:68:90:af:0a:
   39.34 +                    08:54:1b:3c:4b:96:21:33:6f:a1:80:ed:b0:01:ff:
   39.35 +                    92:19
   39.36 +                Exponent: 65537 (0x10001)
   39.37 +        X509v3 extensions:
   39.38 +            X509v3 Subject Key Identifier: 
   39.39 +                74:B1:C8:A0:9B:91:9E:DB:63:C3:A6:D4:AC:15:76:3A:16:50:A7:AF
   39.40 +            X509v3 Authority Key Identifier: 
   39.41 +                keyid:B1:21:EA:DF:EB:EB:ED:BB:BE:BE:0F:FA:69:1D:B6:28:E9:6F:8F:45
   39.42 +                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta4/emailAddress=ta4
   39.43 +                serial:98:F5:DE:E5:E8:5C:CD:26
   39.44 +
   39.45 +            X509v3 Basic Constraints: critical
   39.46 +                CA:TRUE
   39.47 +            X509v3 Key Usage: critical
   39.48 +                Certificate Sign
   39.49 +    Signature Algorithm: sha256WithRSAEncryption
   39.50 +         8c:be:94:6b:34:4c:b7:a7:c0:a6:33:3e:44:ea:88:43:16:71:
   39.51 +         80:af:85:38:5f:5d:89:f0:bb:ca:3b:1a:48:75:ec:86:48:7b:
   39.52 +         e7:c6:18:01:87:43:ee:26:22:a9:66:1a:af:d0:c5:4e:c3:f9:
   39.53 +         b8:b6:30:34:c4:47:5c:75:fd:b4:b1:0a:95:52:87:3a:9c:bf:
   39.54 +         7f:8e:94:b7:52:69:d5:cc:20:cd:0f:ab:fb:39:8a:5b:c0:94:
   39.55 +         43:08:e1:ff:57:43:f1:73:82:2c:66:e5:8d:18:0d:69:1f:d4:
   39.56 +         f8:04:40:df:46:81:58:e3:1f:8d:e1:ee:9b:35:39:89:16:ca:
   39.57 +         d3:41:f6:6d:91:a5:18:bb:c3:59:a0:c2:58:e6:a5:d5:ca:3b:
   39.58 +         8e:25:f2:ca:4d:81:7e:e3:0e:9b:98:22:ec:8f:15:19:fa:36:
   39.59 +         66:76:52:b0:f3:37:87:0b:17:45:5a:0f:ad:40:63:4a:4c:59:
   39.60 +         0d:3e:44:16:50:8f:42:ed:5d:16:be:41:c3:75:cc:bb:73:f3:
   39.61 +         18:ad:25:37:c1:58:2f:53:b0:aa:14:f7:d9:e1:8d:ba:a5:f9:
   39.62 +         28:fb:04:57:4a:41:13:7f:cb:bc:d6:f5:69:85:d9:f4:ed:8c:
   39.63 +         95:ff:57:24:d5:3e:4b:84:7e:40:05:c1:1d:53:fa:ce:6b:5e:
   39.64 +         05:e5:f1:10
   39.65 +-----BEGIN CERTIFICATE-----
   39.66 +MIIEOzCCAyOgAwIBAgIBJzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   39.67 +MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   39.68 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhNDESMBAGCSqGSIb3DQEJARYDdGE0MB4XDTE2
   39.69 +MDEyMjAxNTc1OVoXDTE4MTAxODAxNTc1OVowdTELMAkGA1UEBhMCVVMxEzARBgNV
   39.70 +BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   39.71 +a2c1MRIwEAYDVQQDDAljaDEuMV90YTQxGDAWBgkqhkiG9w0BCQEWCWNoMS4xX3Rh
   39.72 +NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdlVh1Ijf8IQjVXOGta
   39.73 +Eg/Ic6gT35bOnny81wkfPjF9VksL6FFcaWSiQ5ZtapbZLGxocy5AWvZRWmvm5HhN
   39.74 +/V6CU7iYC85mNxSOa22NU6mbzIgItXfJSNm1nZ8FuS6Xd5bF88WhZdDxd7KY0e5r
   39.75 +VharI2URrSwWasvr2IdejvI3J/CfH65zmw+wBhzP2p2sx3bdMJRpfSfOYtgYZDBZ
   39.76 +jBxUqnTJjKMRsAQ8UMUnGutR+riSEO1RSmXmc8eXTlpuduJhzCZh8cnWT9uBy2lq
   39.77 +0JEWw91wnGqNdeqhOWWfhhbt+sjx+Vh5Hk0nUSlokK8KCFQbPEuWITNvoYDtsAH/
   39.78 +khkCAwEAAaOB4TCB3jAdBgNVHQ4EFgQUdLHIoJuRnttjw6bUrBV2OhZQp68wgZsG
   39.79 +A1UdIwSBkzCBkIAUsSHq3+vr7bu+vg/6aR22KOlvj0WhbaRrMGkxCzAJBgNVBAYT
   39.80 +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEN
   39.81 +MAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGE0MRIwEAYJKoZIhvcNAQkBFgN0YTSC
   39.82 +CQCY9d7l6FzNJjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkq
   39.83 +hkiG9w0BAQsFAAOCAQEAjL6UazRMt6fApjM+ROqIQxZxgK+FOF9difC7yjsaSHXs
   39.84 +hkh758YYAYdD7iYiqWYar9DFTsP5uLYwNMRHXHX9tLEKlVKHOpy/f46Ut1Jp1cwg
   39.85 +zQ+r+zmKW8CUQwjh/1dD8XOCLGbljRgNaR/U+ARA30aBWOMfjeHumzU5iRbK00H2
   39.86 +bZGlGLvDWaDCWOal1co7jiXyyk2BfuMOm5gi7I8VGfo2ZnZSsPM3hwsXRVoPrUBj
   39.87 +SkxZDT5EFlCPQu1dFr5Bw3XMu3PzGK0lN8FYL1OwqhT32eGNuqX5KPsEV0pBE3/L
   39.88 +vNb1aYXZ9O2Mlf9XJNU+S4R+QAXBHVP6zmteBeXxEA==
   39.89 +-----END CERTIFICATE-----
    40.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/28.pem	Tue Mar 08 11:12:06 2016 -0800
    40.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    40.3 @@ -1,71 +0,0 @@
    40.4 -Certificate:
    40.5 -    Data:
    40.6 -        Version: 3 (0x2)
    40.7 -        Serial Number: 40 (0x28)
    40.8 -    Signature Algorithm: sha256WithRSAEncryption
    40.9 -        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta5/emailAddress=ta5
   40.10 -        Validity
   40.11 -            Not Before: Dec 13 00:13:38 2013 GMT
   40.12 -            Not After : Sep  8 00:13:38 2016 GMT
   40.13 -        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta5/emailAddress=ch1_ta5
   40.14 -        Subject Public Key Info:
   40.15 -            Public Key Algorithm: rsaEncryption
   40.16 -                Public-Key: (1024 bit)
   40.17 -                Modulus:
   40.18 -                    00:c6:67:76:93:23:82:9f:2f:70:27:4f:64:9e:c3:
   40.19 -                    80:4d:e3:9d:bb:f9:ea:2e:f1:02:e1:e1:a8:5b:f6:
   40.20 -                    dc:c9:7b:ef:be:5a:41:11:bd:c4:51:e1:d8:74:6a:
   40.21 -                    16:89:83:f7:3a:fd:0b:cc:9b:e6:96:d8:13:e3:ef:
   40.22 -                    78:65:97:ff:81:90:97:e8:77:fd:ed:9c:56:2e:c7:
   40.23 -                    a4:ec:f7:2c:fc:a0:f6:de:ab:ec:d6:e7:9e:35:e6:
   40.24 -                    b7:dc:65:1b:c8:e4:5a:a2:9d:d8:5b:b9:fa:26:8c:
   40.25 -                    8d:00:66:c4:05:28:9c:a8:3c:b1:81:c7:75:0a:51:
   40.26 -                    ed:4f:49:d7:96:b5:8b:34:f9
   40.27 -                Exponent: 65537 (0x10001)
   40.28 -        X509v3 extensions:
   40.29 -            X509v3 Subject Key Identifier: 
   40.30 -                8E:29:B3:96:C1:67:FE:34:F3:55:99:68:C4:DA:2A:C0:24:8A:19:C6
   40.31 -            X509v3 Authority Key Identifier: 
   40.32 -                keyid:29:DA:B1:46:E3:61:51:AC:3C:3E:F6:78:5B:95:7B:6D:B2:F9:17:21
   40.33 -                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta5/emailAddress=ta5
   40.34 -                serial:A7:8F:F0:5E:6B:64:C2:46
   40.35 -
   40.36 -            X509v3 Basic Constraints: critical
   40.37 -                CA:TRUE
   40.38 -            X509v3 CRL Distribution Points: 
   40.39 -
   40.40 -                Full Name:
   40.41 -                  URI:http://localhost:12001/file/0/ta5_crl.pem
   40.42 -
   40.43 -            X509v3 Key Usage: critical
   40.44 -                Certificate Sign, CRL Sign
   40.45 -    Signature Algorithm: sha256WithRSAEncryption
   40.46 -         9d:32:27:d7:4e:4e:8b:e4:9f:d0:0d:11:f3:e5:be:5f:7f:7e:
   40.47 -         cf:ef:98:41:33:ba:04:ba:d9:7a:11:88:b8:13:66:74:44:1c:
   40.48 -         fb:1e:f3:fa:d4:18:85:cd:ed:f0:f8:c2:be:ab:75:cf:65:da:
   40.49 -         1a:77:01:0e:aa:49:ea:af:a7:db:39:84:f2:01:1d:28:e7:df:
   40.50 -         22:a9:59:5a:21:f9:f9:30:84:64:52:50:01:9b:b2:bf:ca:8a:
   40.51 -         b4:8b:36:96:e3:1a:ea:51:53:36:82:ba:88:8f:15:8c:e6:79:
   40.52 -         59:aa:71:9b:4c:58:a2:68:f0:43:36:15:af:69:af:32:ed:49:
   40.53 -         c8:9c
   40.54 ------BEGIN CERTIFICATE-----
   40.55 -MIIDcDCCAtmgAwIBAgIBKDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   40.56 -MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   40.57 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhNTESMBAGCSqGSIb3DQEJARYDdGE1MB4XDTEz
   40.58 -MTIxMzAwMTMzOFoXDTE2MDkwODAwMTMzOFowcTELMAkGA1UEBhMCVVMxEzARBgNV
   40.59 -BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   40.60 -a2c1MRAwDgYDVQQDDAdjaDFfdGE1MRYwFAYJKoZIhvcNAQkBFgdjaDFfdGE1MIGf
   40.61 -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGZ3aTI4KfL3AnT2Sew4BN4527+eou
   40.62 -8QLh4ahb9tzJe+++WkERvcRR4dh0ahaJg/c6/QvMm+aW2BPj73hll/+BkJfod/3t
   40.63 -nFYux6Ts9yz8oPbeq+zW55415rfcZRvI5FqindhbufomjI0AZsQFKJyoPLGBx3UK
   40.64 -Ue1PSdeWtYs0+QIDAQABo4IBHjCCARowHQYDVR0OBBYEFI4ps5bBZ/4081WZaMTa
   40.65 -KsAkihnGMIGbBgNVHSMEgZMwgZCAFCnasUbjYVGsPD72eFuVe22y+RchoW2kazBp
   40.66 -MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2Fu
   40.67 -dGEgQ2xhcmExDTALBgNVBAoMBHBrZzUxDDAKBgNVBAMMA3RhNTESMBAGCSqGSIb3
   40.68 -DQEJARYDdGE1ggkAp4/wXmtkwkYwDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAx
   40.69 -MC+gLaArhilodHRwOi8vbG9jYWxob3N0OjEyMDAxL2ZpbGUvMC90YTVfY3JsLnBl
   40.70 -bTAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAnTIn105Oi+Sf0A0R
   40.71 -8+W+X39+z++YQTO6BLrZehGIuBNmdEQc+x7z+tQYhc3t8PjCvqt1z2XaGncBDqpJ
   40.72 -6q+n2zmE8gEdKOffIqlZWiH5+TCEZFJQAZuyv8qKtIs2luMa6lFTNoK6iI8VjOZ5
   40.73 -Wapxm0xYomjwQzYVr2mvMu1JyJw=
   40.74 ------END CERTIFICATE-----
    41.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    41.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/29.pem	Wed Mar 09 11:27:23 2016 -0800
    41.3 @@ -0,0 +1,92 @@
    41.4 +Certificate:
    41.5 +    Data:
    41.6 +        Version: 3 (0x2)
    41.7 +        Serial Number: 41 (0x29)
    41.8 +    Signature Algorithm: sha256WithRSAEncryption
    41.9 +        Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta5/emailAddress=ta5
   41.10 +        Validity
   41.11 +            Not Before: Jan 22 01:57:59 2016 GMT
   41.12 +            Not After : Oct 18 01:57:59 2018 GMT
   41.13 +        Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta5/emailAddress=ch1_ta5
   41.14 +        Subject Public Key Info:
   41.15 +            Public Key Algorithm: rsaEncryption
   41.16 +                Public-Key: (2048 bit)
   41.17 +                Modulus:
   41.18 +                    00:c4:30:ef:b0:77:4e:44:58:ca:72:ac:ea:37:5e:
   41.19 +                    8d:4e:a1:89:7b:b1:ff:ee:da:e1:fb:3a:3c:b7:44:
   41.20 +                    37:af:79:c9:ae:21:c6:d2:6d:27:68:a8:ac:b3:77:
   41.21 +                    4f:9a:b9:51:af:f9:47:bf:49:6c:f6:21:f9:b9:78:
   41.22 +                    2e:b4:a5:29:db:96:06:6a:2c:c6:25:6e:e9:eb:59:
   41.23 +                    01:c1:c6:34:ef:1d:61:8f:5f:55:d8:fc:42:ac:12:
   41.24 +                    5f:8c:b1:51:da:f6:82:7a:49:f4:2a:72:15:b0:1a:
   41.25 +                    2c:7e:e5:4a:33:64:ca:ad:a2:7b:37:aa:7e:9a:ab:
   41.26 +                    ce:e6:18:de:93:58:47:33:be:e7:48:da:c5:95:aa:
   41.27 +                    fc:ff:83:b9:00:74:39:dd:21:b8:d3:5b:3d:e3:28:
   41.28 +                    ef:11:59:65:9b:96:59:a5:fe:08:ab:8e:80:ba:32:
   41.29 +                    09:38:1c:a1:b1:99:db:3e:90:0e:e6:cd:51:d4:4f:
   41.30 +                    75:98:67:c3:42:71:76:0a:b4:e1:fb:44:c0:8a:35:
   41.31 +                    d9:a2:d3:7b:e0:0c:4d:4b:67:06:ee:5c:06:72:81:
   41.32 +                    25:bd:b1:5c:db:19:55:e3:9a:ee:ae:58:46:60:5c:
   41.33 +                    a2:df:f5:89:09:48:3f:cd:7f:9b:20:0e:84:ef:8c:
   41.34 +                    5a:ea:5e:99:59:4b:91:af:18:5d:0a:08:c3:0c:38:
   41.35 +                    87:6f
   41.36 +                Exponent: 65537 (0x10001)
   41.37 +        X509v3 extensions:
   41.38 +            X509v3 Subject Key Identifier: 
   41.39 +                AB:85:31:3F:5E:AA:BD:C0:59:AC:A2:04:AA:D7:29:E8:19:AE:FB:F4
   41.40 +            X509v3 Authority Key Identifier: 
   41.41 +                keyid:DC:66:15:EE:AB:F6:53:B7:63:E5:B0:CB:B8:F0:D4:61:B5:27:94:3F
   41.42 +                DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta5/emailAddress=ta5
   41.43 +                serial:A9:DD:14:32:D5:19:7A:EA
   41.44 +
   41.45 +            X509v3 Basic Constraints: critical
   41.46 +                CA:TRUE
   41.47 +            X509v3 CRL Distribution Points: 
   41.48 +
   41.49 +                Full Name:
   41.50 +                  URI:http://localhost:12001/file/0/ta5_crl.pem
   41.51 +
   41.52 +            X509v3 Key Usage: critical
   41.53 +                Certificate Sign, CRL Sign
   41.54 +    Signature Algorithm: sha256WithRSAEncryption
   41.55 +         13:bc:5b:b0:af:1c:17:88:8d:4f:2b:ee:1c:3b:b2:fd:2f:b9:
   41.56 +         c3:18:d6:08:1d:3f:46:31:56:ca:97:ec:d6:96:18:b4:f0:9e:
   41.57 +         9a:c6:c9:52:bc:b3:e9:f2:6c:27:a9:29:54:33:fa:15:59:16:
   41.58 +         b7:e8:0c:d7:4a:a9:34:02:19:72:43:56:c0:ad:d2:b4:c0:61:
   41.59 +         be:22:e5:e5:cf:68:8a:5c:50:b1:ee:5d:38:3d:83:65:27:58:
   41.60 +         a6:10:ee:46:17:54:94:85:da:5e:da:1c:a4:0c:5a:31:78:47:
   41.61 +         07:37:c1:c7:fa:49:84:84:5e:a5:e3:67:83:66:55:b1:9b:06:
   41.62 +         c2:4f:75:83:19:4a:1f:86:33:14:08:10:90:fa:6a:5d:a8:d0:
   41.63 +         69:8c:8b:9b:36:9a:80:2e:bc:f8:ec:8f:12:22:75:78:b9:eb:
   41.64 +         ff:02:90:d3:77:32:16:ab:78:c8:62:46:22:78:c6:c1:22:30:
   41.65 +         8e:a0:7a:78:1d:9f:14:fe:bf:39:f3:d2:d3:4f:65:32:5d:26:
   41.66 +         8c:02:c1:9d:55:94:dd:ec:e1:b8:ab:0a:08:ff:7f:9f:ba:55:
   41.67 +         88:23:72:d5:79:1d:e7:b0:54:9c:a6:bf:fa:7f:73:bc:19:ac:
   41.68 +         b3:38:ab:d0:00:33:c2:dd:cb:30:69:98:4b:d5:5b:a6:f8:cd:
   41.69 +         00:19:9c:dd
   41.70 +-----BEGIN CERTIFICATE-----
   41.71 +MIIEdTCCA12gAwIBAgIBKTANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   41.72 +MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   41.73 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhNTESMBAGCSqGSIb3DQEJARYDdGE1MB4XDTE2
   41.74 +MDEyMjAxNTc1OVoXDTE4MTAxODAxNTc1OVowcTELMAkGA1UEBhMCVVMxEzARBgNV
   41.75 +BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   41.76 +a2c1MRAwDgYDVQQDDAdjaDFfdGE1MRYwFAYJKoZIhvcNAQkBFgdjaDFfdGE1MIIB
   41.77 +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDDvsHdORFjKcqzqN16NTqGJ
   41.78 +e7H/7trh+zo8t0Q3r3nJriHG0m0naKiss3dPmrlRr/lHv0ls9iH5uXgutKUp25YG
   41.79 +aizGJW7p61kBwcY07x1hj19V2PxCrBJfjLFR2vaCekn0KnIVsBosfuVKM2TKraJ7
   41.80 +N6p+mqvO5hjek1hHM77nSNrFlar8/4O5AHQ53SG401s94yjvEVllm5ZZpf4Iq46A
   41.81 +ujIJOByhsZnbPpAO5s1R1E91mGfDQnF2CrTh+0TAijXZotN74AxNS2cG7lwGcoEl
   41.82 +vbFc2xlV45rurlhGYFyi3/WJCUg/zX+bIA6E74xa6l6ZWUuRrxhdCgjDDDiHbwID
   41.83 +AQABo4IBHjCCARowHQYDVR0OBBYEFKuFMT9eqr3AWayiBKrXKegZrvv0MIGbBgNV
   41.84 +HSMEgZMwgZCAFNxmFe6r9lO3Y+Wwy7jw1GG1J5Q/oW2kazBpMQswCQYDVQQGEwJV
   41.85 +UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   41.86 +BgNVBAoMBHBrZzUxDDAKBgNVBAMMA3RhNTESMBAGCSqGSIb3DQEJARYDdGE1ggkA
   41.87 +qd0UMtUZeuowDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAxMC+gLaArhilodHRw
   41.88 +Oi8vbG9jYWxob3N0OjEyMDAxL2ZpbGUvMC90YTVfY3JsLnBlbTAOBgNVHQ8BAf8E
   41.89 +BAMCAQYwDQYJKoZIhvcNAQELBQADggEBABO8W7CvHBeIjU8r7hw7sv0vucMY1ggd
   41.90 +P0YxVsqX7NaWGLTwnprGyVK8s+nybCepKVQz+hVZFrfoDNdKqTQCGXJDVsCt0rTA
   41.91 +Yb4i5eXPaIpcULHuXTg9g2UnWKYQ7kYXVJSF2l7aHKQMWjF4Rwc3wcf6SYSEXqXj
   41.92 +Z4NmVbGbBsJPdYMZSh+GMxQIEJD6al2o0GmMi5s2moAuvPjsjxIidXi56/8CkNN3
   41.93 +MhareMhiRiJ4xsEiMI6gengdnxT+vznz0tNPZTJdJowCwZ1VlN3s4birCgj/f5+6
   41.94 +VYgjctV5HeewVJymv/p/c7wZrLM4q9AAM8LdyzBpmEvVW6b4zQAZnN0=
   41.95 +-----END CERTIFICATE-----
    42.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.1_ta3_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    42.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.1_ta3_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    42.3 @@ -1,26 +1,35 @@
    42.4  Certificate:
    42.5      Data:
    42.6          Version: 3 (0x2)
    42.7 -        Serial Number: 26 (0x1a)
    42.8 +        Serial Number: 27 (0x1b)
    42.9      Signature Algorithm: sha256WithRSAEncryption
   42.10          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   42.11          Validity
   42.12 -            Not Before: Dec 13 00:13:36 2013 GMT
   42.13 -            Not After : Sep  8 00:13:36 2016 GMT
   42.14 +            Not Before: Jan 22 01:57:57 2016 GMT
   42.15 +            Not After : Oct 18 01:57:57 2018 GMT
   42.16          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.1_ta3/emailAddress=ch1.1_ta3
   42.17          Subject Public Key Info:
   42.18              Public Key Algorithm: rsaEncryption
   42.19 -                Public-Key: (1024 bit)
   42.20 +                Public-Key: (2048 bit)
   42.21                  Modulus:
   42.22 -                    00:df:da:60:8b:c6:d6:55:f7:d0:5b:a7:5a:87:d2:
   42.23 -                    90:7b:9c:46:31:96:5e:15:a0:c7:44:b3:79:ce:ae:
   42.24 -                    d7:af:99:a9:fe:6d:c6:69:23:09:45:68:64:01:dc:
   42.25 -                    a0:7e:8c:ed:c9:bc:14:d3:84:62:2a:8a:21:30:48:
   42.26 -                    30:97:94:99:84:69:f0:c0:46:a4:72:82:51:30:fe:
   42.27 -                    f0:fc:60:6c:ea:b8:7d:52:ce:fd:e5:20:b7:9f:4b:
   42.28 -                    03:21:74:f3:58:35:3a:ef:f7:e0:84:64:06:84:36:
   42.29 -                    62:e8:82:65:82:1e:56:c7:ea:1e:eb:65:7d:b3:83:
   42.30 -                    9c:fc:e6:ba:65:c4:82:e3:5f
   42.31 +                    00:9f:68:52:eb:ed:18:33:43:ef:ec:5d:7a:a7:a7:
   42.32 +                    06:d7:86:ce:0d:52:d6:da:ab:34:ad:9f:cd:0a:79:
   42.33 +                    20:47:a9:3d:8f:f8:6b:e3:1a:9d:df:88:5c:c4:ad:
   42.34 +                    06:66:22:d9:d7:f0:c2:ca:b3:ae:9c:78:e6:2d:18:
   42.35 +                    20:c9:cc:e1:1a:27:12:32:b3:0b:eb:ba:e2:0e:ce:
   42.36 +                    dd:fa:22:0b:ae:00:03:ee:89:1e:03:14:d4:86:80:
   42.37 +                    b9:a2:98:be:60:25:63:2a:16:b4:63:1a:3f:0b:53:
   42.38 +                    13:c6:53:77:1c:ed:b2:11:e6:f4:d5:1a:51:c0:f5:
   42.39 +                    0f:3c:f7:b7:85:cf:66:f4:88:b0:e3:ea:35:fd:bc:
   42.40 +                    35:e0:82:16:a8:08:b0:9b:c9:2e:88:94:bb:ac:5d:
   42.41 +                    76:2f:b5:cf:da:e7:4e:72:d3:dc:8e:df:aa:0b:ed:
   42.42 +                    55:ac:41:01:4f:fd:68:87:ee:ee:32:90:d6:95:b0:
   42.43 +                    f7:78:1c:82:34:31:46:44:fa:f4:1a:63:88:ee:14:
   42.44 +                    96:b1:bf:bd:41:82:77:4e:bb:5f:06:2b:dc:2f:4c:
   42.45 +                    d3:42:96:0c:c2:82:a8:fb:3b:9f:4b:9f:d5:0a:74:
   42.46 +                    44:62:4f:9f:55:ce:ed:72:7e:26:ee:22:12:6f:69:
   42.47 +                    87:53:b8:79:aa:ee:21:e2:5f:bc:dd:c1:2a:2a:75:
   42.48 +                    86:45
   42.49                  Exponent: 65537 (0x10001)
   42.50          X509v3 extensions:
   42.51              X509v3 Basic Constraints: critical
   42.52 @@ -29,27 +38,39 @@
   42.53                  <EMPTY>
   42.54  
   42.55      Signature Algorithm: sha256WithRSAEncryption
   42.56 -         ae:2b:af:4b:e6:7b:a1:28:27:46:1e:10:55:c2:2c:e4:6b:e9:
   42.57 -         f2:6c:38:87:ed:f1:da:d5:92:39:89:22:53:3e:b4:da:3d:ae:
   42.58 -         8d:ea:42:15:bb:4d:c6:ef:50:9c:1d:8b:93:92:7d:33:31:bd:
   42.59 -         48:79:76:15:d4:8a:fd:bd:ae:1d:61:43:8d:88:ec:83:8d:15:
   42.60 -         c9:50:73:e0:07:1a:41:e7:b2:a0:ac:9b:33:ed:bd:73:c5:32:
   42.61 -         25:dd:ad:01:4b:90:62:25:e8:75:8e:19:e8:f5:4b:b8:89:2a:
   42.62 -         c6:eb:d6:9c:31:f5:83:dd:1d:f9:71:11:ce:3b:0c:f5:e3:e4:
   42.63 -         89:0a
   42.64 +         0e:01:13:03:6b:ee:cc:3f:ef:73:4b:8e:5e:a9:4d:67:34:05:
   42.65 +         a7:58:5e:58:cf:09:25:77:74:82:da:76:03:79:cf:65:83:c5:
   42.66 +         97:2c:dc:37:b8:d6:c9:bb:a9:5d:57:17:5b:da:c3:8d:18:11:
   42.67 +         e4:47:d4:e5:a2:72:0d:15:eb:1c:de:82:ff:cc:30:98:0b:4c:
   42.68 +         46:96:63:f0:00:87:db:ac:1d:88:b3:c4:3b:ea:ac:20:4b:b1:
   42.69 +         e3:71:28:8f:a6:bb:b4:0d:b8:6f:8d:eb:e9:9a:0f:53:03:1a:
   42.70 +         ab:a0:c7:db:0c:e8:6e:05:a3:90:26:00:68:65:67:b7:a1:8e:
   42.71 +         0c:08:96:2e:27:03:4b:df:b6:c8:a1:53:ce:3c:83:b0:7b:d8:
   42.72 +         5f:8f:cf:61:d9:7c:8a:79:e4:a6:3a:79:0a:a7:82:c1:d3:d4:
   42.73 +         a4:01:a2:82:08:f0:01:77:0f:2c:dc:40:73:81:35:83:ff:56:
   42.74 +         4e:70:65:89:4e:17:9a:ff:7d:c4:9f:eb:62:f3:d3:44:87:c2:
   42.75 +         d5:41:28:2d:72:69:d9:f9:94:9a:c9:0a:f1:02:9a:47:04:3e:
   42.76 +         80:d6:c8:14:ab:e2:c7:3a:24:86:01:77:58:af:2b:e4:6a:73:
   42.77 +         81:96:7f:5d:0b:34:ff:ef:98:88:f9:ea:2b:43:a4:2c:56:65:
   42.78 +         c1:2c:f5:48
   42.79  -----BEGIN CERTIFICATE-----
   42.80 -MIICdTCCAd6gAwIBAgIBGjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   42.81 +MIIDejCCAmKgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   42.82  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   42.83 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTEz
   42.84 -MTIxMzAwMTMzNloXDTE2MDkwODAwMTMzNlowdTELMAkGA1UEBhMCVVMxEzARBgNV
   42.85 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTE2
   42.86 +MDEyMjAxNTc1N1oXDTE4MTAxODAxNTc1N1owdTELMAkGA1UEBhMCVVMxEzARBgNV
   42.87  BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   42.88  a2c1MRIwEAYDVQQDDAljaDEuMV90YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS4xX3Rh
   42.89 -MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA39pgi8bWVffQW6dah9KQe5xG
   42.90 -MZZeFaDHRLN5zq7Xr5mp/m3GaSMJRWhkAdygfoztybwU04RiKoohMEgwl5SZhGnw
   42.91 -wEakcoJRMP7w/GBs6rh9Us795SC3n0sDIXTzWDU67/fghGQGhDZi6IJlgh5Wx+oe
   42.92 -62V9s4Oc/Oa6ZcSC418CAwEAAaMhMB8wDwYDVR0TAQH/BAUwAwEB/zAMBgNVHRIB
   42.93 -Af8EAjAAMA0GCSqGSIb3DQEBCwUAA4GBAK4rr0vme6EoJ0YeEFXCLORr6fJsOIft
   42.94 -8drVkjmJIlM+tNo9ro3qQhW7TcbvUJwdi5OSfTMxvUh5dhXUiv29rh1hQ42I7ION
   42.95 -FclQc+AHGkHnsqCsmzPtvXPFMiXdrQFLkGIl6HWOGej1S7iJKsbr1pwx9YPdHflx
   42.96 -Ec47DPXj5IkK
   42.97 +MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ9oUuvtGDND7+xdeqen
   42.98 +BteGzg1S1tqrNK2fzQp5IEepPY/4a+Mand+IXMStBmYi2dfwwsqzrpx45i0YIMnM
   42.99 +4RonEjKzC+u64g7O3foiC64AA+6JHgMU1IaAuaKYvmAlYyoWtGMaPwtTE8ZTdxzt
  42.100 +shHm9NUaUcD1Dzz3t4XPZvSIsOPqNf28NeCCFqgIsJvJLoiUu6xddi+1z9rnTnLT
  42.101 +3I7fqgvtVaxBAU/9aIfu7jKQ1pWw93gcgjQxRkT69BpjiO4UlrG/vUGCd067XwYr
  42.102 +3C9M00KWDMKCqPs7n0uf1Qp0RGJPn1XO7XJ+Ju4iEm9ph1O4earuIeJfvN3BKip1
  42.103 +hkUCAwEAAaMhMB8wDwYDVR0TAQH/BAUwAwEB/zAMBgNVHRIBAf8EAjAAMA0GCSqG
  42.104 +SIb3DQEBCwUAA4IBAQAOARMDa+7MP+9zS45eqU1nNAWnWF5Yzwkld3SC2nYDec9l
  42.105 +g8WXLNw3uNbJu6ldVxdb2sONGBHkR9TlonINFesc3oL/zDCYC0xGlmPwAIfbrB2I
  42.106 +s8Q76qwgS7HjcSiPpru0Dbhvjevpmg9TAxqroMfbDOhuBaOQJgBoZWe3oY4MCJYu
  42.107 +JwNL37bIoVPOPIOwe9hfj89h2XyKeeSmOnkKp4LB09SkAaKCCPABdw8s3EBzgTWD
  42.108 +/1ZOcGWJThea/33En+ti89NEh8LVQSgtcmnZ+ZSayQrxAppHBD6A1sgUq+LHOiSG
  42.109 +AXdYryvkanOBln9dCzT/75iI+eorQ6QsVmXBLPVI
  42.110  -----END CERTIFICATE-----
    43.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.1_ta4_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    43.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.1_ta4_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    43.3 @@ -1,65 +1,86 @@
    43.4  Certificate:
    43.5      Data:
    43.6          Version: 3 (0x2)
    43.7 -        Serial Number: 38 (0x26)
    43.8 +        Serial Number: 39 (0x27)
    43.9      Signature Algorithm: sha256WithRSAEncryption
   43.10          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta4/emailAddress=ta4
   43.11          Validity
   43.12 -            Not Before: Dec 13 00:13:37 2013 GMT
   43.13 -            Not After : Sep  8 00:13:37 2016 GMT
   43.14 +            Not Before: Jan 22 01:57:59 2016 GMT
   43.15 +            Not After : Oct 18 01:57:59 2018 GMT
   43.16          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.1_ta4/emailAddress=ch1.1_ta4
   43.17          Subject Public Key Info:
   43.18              Public Key Algorithm: rsaEncryption
   43.19 -                Public-Key: (1024 bit)
   43.20 +                Public-Key: (2048 bit)
   43.21                  Modulus:
   43.22 -                    00:ba:40:be:7e:1b:2f:92:11:cc:dc:44:14:76:87:
   43.23 -                    8a:6a:94:b6:28:4e:87:5b:bc:57:46:75:63:38:4d:
   43.24 -                    90:3e:7a:46:0e:87:e9:a9:04:1a:7d:e5:20:dc:81:
   43.25 -                    9a:79:7e:1b:ab:ce:50:ce:47:54:04:98:16:d5:a6:
   43.26 -                    6d:16:3c:52:ef:ed:43:c5:9b:d3:c8:48:cb:47:5d:
   43.27 -                    08:1d:d1:44:fd:7c:c7:54:41:11:3b:3e:ae:bb:7f:
   43.28 -                    94:a6:13:8f:89:6c:24:b3:a8:5e:e2:5d:20:40:85:
   43.29 -                    2b:a0:ac:ed:a3:a8:b2:15:59:fc:ad:e8:5d:72:ee:
   43.30 -                    64:eb:9c:30:8c:0a:97:32:f9
   43.31 +                    00:c7:65:56:1d:48:8d:ff:08:42:35:57:38:6b:5a:
   43.32 +                    12:0f:c8:73:a8:13:df:96:ce:9e:7c:bc:d7:09:1f:
   43.33 +                    3e:31:7d:56:4b:0b:e8:51:5c:69:64:a2:43:96:6d:
   43.34 +                    6a:96:d9:2c:6c:68:73:2e:40:5a:f6:51:5a:6b:e6:
   43.35 +                    e4:78:4d:fd:5e:82:53:b8:98:0b:ce:66:37:14:8e:
   43.36 +                    6b:6d:8d:53:a9:9b:cc:88:08:b5:77:c9:48:d9:b5:
   43.37 +                    9d:9f:05:b9:2e:97:77:96:c5:f3:c5:a1:65:d0:f1:
   43.38 +                    77:b2:98:d1:ee:6b:56:16:ab:23:65:11:ad:2c:16:
   43.39 +                    6a:cb:eb:d8:87:5e:8e:f2:37:27:f0:9f:1f:ae:73:
   43.40 +                    9b:0f:b0:06:1c:cf:da:9d:ac:c7:76:dd:30:94:69:
   43.41 +                    7d:27:ce:62:d8:18:64:30:59:8c:1c:54:aa:74:c9:
   43.42 +                    8c:a3:11:b0:04:3c:50:c5:27:1a:eb:51:fa:b8:92:
   43.43 +                    10:ed:51:4a:65:e6:73:c7:97:4e:5a:6e:76:e2:61:
   43.44 +                    cc:26:61:f1:c9:d6:4f:db:81:cb:69:6a:d0:91:16:
   43.45 +                    c3:dd:70:9c:6a:8d:75:ea:a1:39:65:9f:86:16:ed:
   43.46 +                    fa:c8:f1:f9:58:79:1e:4d:27:51:29:68:90:af:0a:
   43.47 +                    08:54:1b:3c:4b:96:21:33:6f:a1:80:ed:b0:01:ff:
   43.48 +                    92:19
   43.49                  Exponent: 65537 (0x10001)
   43.50          X509v3 extensions:
   43.51              X509v3 Subject Key Identifier: 
   43.52 -                D1:74:80:71:CE:2E:24:57:71:C0:CA:50:42:8B:B3:99:0C:C7:6B:AD
   43.53 +                74:B1:C8:A0:9B:91:9E:DB:63:C3:A6:D4:AC:15:76:3A:16:50:A7:AF
   43.54              X509v3 Authority Key Identifier: 
   43.55 -                keyid:84:46:29:88:74:31:EF:A6:CC:3C:E3:58:29:DE:BE:FD:1B:F4:59:98
   43.56 +                keyid:B1:21:EA:DF:EB:EB:ED:BB:BE:BE:0F:FA:69:1D:B6:28:E9:6F:8F:45
   43.57                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta4/emailAddress=ta4
   43.58 -                serial:E8:F7:8D:38:FA:4B:55:DD
   43.59 +                serial:98:F5:DE:E5:E8:5C:CD:26
   43.60  
   43.61              X509v3 Basic Constraints: critical
   43.62                  CA:TRUE
   43.63              X509v3 Key Usage: critical
   43.64                  Certificate Sign
   43.65      Signature Algorithm: sha256WithRSAEncryption
   43.66 -         25:f7:af:7c:b8:de:50:02:c2:31:ed:50:89:5e:85:bc:e5:f4:
   43.67 -         a0:03:7e:35:85:d5:2c:4c:bb:62:39:45:e9:50:9b:db:7a:4b:
   43.68 -         91:e1:dd:e7:dc:b6:da:36:69:d7:2d:68:5c:96:a9:7b:e8:33:
   43.69 -         17:4c:28:75:c2:6c:53:a8:11:8f:8f:23:89:59:25:8b:26:75:
   43.70 -         4c:ee:9a:13:eb:78:28:52:dc:b2:fd:96:04:73:a8:78:9e:24:
   43.71 -         b2:b2:85:88:84:10:ec:83:42:65:22:f1:b5:15:76:14:db:5c:
   43.72 -         28:43:a4:62:df:27:4a:c5:4b:00:d5:44:83:24:37:f5:c5:4d:
   43.73 -         b0:4a
   43.74 +         8c:be:94:6b:34:4c:b7:a7:c0:a6:33:3e:44:ea:88:43:16:71:
   43.75 +         80:af:85:38:5f:5d:89:f0:bb:ca:3b:1a:48:75:ec:86:48:7b:
   43.76 +         e7:c6:18:01:87:43:ee:26:22:a9:66:1a:af:d0:c5:4e:c3:f9:
   43.77 +         b8:b6:30:34:c4:47:5c:75:fd:b4:b1:0a:95:52:87:3a:9c:bf:
   43.78 +         7f:8e:94:b7:52:69:d5:cc:20:cd:0f:ab:fb:39:8a:5b:c0:94:
   43.79 +         43:08:e1:ff:57:43:f1:73:82:2c:66:e5:8d:18:0d:69:1f:d4:
   43.80 +         f8:04:40:df:46:81:58:e3:1f:8d:e1:ee:9b:35:39:89:16:ca:
   43.81 +         d3:41:f6:6d:91:a5:18:bb:c3:59:a0:c2:58:e6:a5:d5:ca:3b:
   43.82 +         8e:25:f2:ca:4d:81:7e:e3:0e:9b:98:22:ec:8f:15:19:fa:36:
   43.83 +         66:76:52:b0:f3:37:87:0b:17:45:5a:0f:ad:40:63:4a:4c:59:
   43.84 +         0d:3e:44:16:50:8f:42:ed:5d:16:be:41:c3:75:cc:bb:73:f3:
   43.85 +         18:ad:25:37:c1:58:2f:53:b0:aa:14:f7:d9:e1:8d:ba:a5:f9:
   43.86 +         28:fb:04:57:4a:41:13:7f:cb:bc:d6:f5:69:85:d9:f4:ed:8c:
   43.87 +         95:ff:57:24:d5:3e:4b:84:7e:40:05:c1:1d:53:fa:ce:6b:5e:
   43.88 +         05:e5:f1:10
   43.89  -----BEGIN CERTIFICATE-----
   43.90 -MIIDNjCCAp+gAwIBAgIBJjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   43.91 +MIIEOzCCAyOgAwIBAgIBJzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   43.92  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   43.93 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhNDESMBAGCSqGSIb3DQEJARYDdGE0MB4XDTEz
   43.94 -MTIxMzAwMTMzN1oXDTE2MDkwODAwMTMzN1owdTELMAkGA1UEBhMCVVMxEzARBgNV
   43.95 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhNDESMBAGCSqGSIb3DQEJARYDdGE0MB4XDTE2
   43.96 +MDEyMjAxNTc1OVoXDTE4MTAxODAxNTc1OVowdTELMAkGA1UEBhMCVVMxEzARBgNV
   43.97  BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   43.98  a2c1MRIwEAYDVQQDDAljaDEuMV90YTQxGDAWBgkqhkiG9w0BCQEWCWNoMS4xX3Rh
   43.99 -NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAukC+fhsvkhHM3EQUdoeKapS2
  43.100 -KE6HW7xXRnVjOE2QPnpGDofpqQQafeUg3IGaeX4bq85QzkdUBJgW1aZtFjxS7+1D
  43.101 -xZvTyEjLR10IHdFE/XzHVEEROz6uu3+UphOPiWwks6he4l0gQIUroKzto6iyFVn8
  43.102 -rehdcu5k65wwjAqXMvkCAwEAAaOB4TCB3jAdBgNVHQ4EFgQU0XSAcc4uJFdxwMpQ
  43.103 -QouzmQzHa60wgZsGA1UdIwSBkzCBkIAUhEYpiHQx76bMPONYKd6+/Rv0WZihbaRr
  43.104 -MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtT
  43.105 -YW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGE0MRIwEAYJKoZI
  43.106 -hvcNAQkBFgN0YTSCCQDo9404+ktV3TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
  43.107 -/wQEAwICBDANBgkqhkiG9w0BAQsFAAOBgQAl9698uN5QAsIx7VCJXoW85fSgA341
  43.108 -hdUsTLtiOUXpUJvbekuR4d3n3LbaNmnXLWhclql76DMXTCh1wmxTqBGPjyOJWSWL
  43.109 -JnVM7poT63goUtyy/ZYEc6h4niSysoWIhBDsg0JlIvG1FXYU21woQ6Ri3ydKxUsA
  43.110 -1USDJDf1xU2wSg==
  43.111 +NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdlVh1Ijf8IQjVXOGta
  43.112 +Eg/Ic6gT35bOnny81wkfPjF9VksL6FFcaWSiQ5ZtapbZLGxocy5AWvZRWmvm5HhN
  43.113 +/V6CU7iYC85mNxSOa22NU6mbzIgItXfJSNm1nZ8FuS6Xd5bF88WhZdDxd7KY0e5r
  43.114 +VharI2URrSwWasvr2IdejvI3J/CfH65zmw+wBhzP2p2sx3bdMJRpfSfOYtgYZDBZ
  43.115 +jBxUqnTJjKMRsAQ8UMUnGutR+riSEO1RSmXmc8eXTlpuduJhzCZh8cnWT9uBy2lq
  43.116 +0JEWw91wnGqNdeqhOWWfhhbt+sjx+Vh5Hk0nUSlokK8KCFQbPEuWITNvoYDtsAH/
  43.117 +khkCAwEAAaOB4TCB3jAdBgNVHQ4EFgQUdLHIoJuRnttjw6bUrBV2OhZQp68wgZsG
  43.118 +A1UdIwSBkzCBkIAUsSHq3+vr7bu+vg/6aR22KOlvj0WhbaRrMGkxCzAJBgNVBAYT
  43.119 +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEN
  43.120 +MAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGE0MRIwEAYJKoZIhvcNAQkBFgN0YTSC
  43.121 +CQCY9d7l6FzNJjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkq
  43.122 +hkiG9w0BAQsFAAOCAQEAjL6UazRMt6fApjM+ROqIQxZxgK+FOF9difC7yjsaSHXs
  43.123 +hkh758YYAYdD7iYiqWYar9DFTsP5uLYwNMRHXHX9tLEKlVKHOpy/f46Ut1Jp1cwg
  43.124 +zQ+r+zmKW8CUQwjh/1dD8XOCLGbljRgNaR/U+ARA30aBWOMfjeHumzU5iRbK00H2
  43.125 +bZGlGLvDWaDCWOal1co7jiXyyk2BfuMOm5gi7I8VGfo2ZnZSsPM3hwsXRVoPrUBj
  43.126 +SkxZDT5EFlCPQu1dFr5Bw3XMu3PzGK0lN8FYL1OwqhT32eGNuqX5KPsEV0pBE3/L
  43.127 +vNb1aYXZ9O2Mlf9XJNU+S4R+QAXBHVP6zmteBeXxEA==
  43.128  -----END CERTIFICATE-----
    44.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.2_ta3_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    44.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.2_ta3_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    44.3 @@ -1,7 +1,7 @@
    44.4  Certificate:
    44.5      Data:
    44.6          Version: 3 (0x2)
    44.7 -        Serial Number: 28 (0x1c)
    44.8 +        Serial Number: 29 (0x1d)
    44.9      Signature Algorithm: sha256WithRSAEncryption
   44.10          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   44.11          Validity
   44.12 @@ -10,56 +10,77 @@
   44.13          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.2_ta3/emailAddress=ch1.2_ta3
   44.14          Subject Public Key Info:
   44.15              Public Key Algorithm: rsaEncryption
   44.16 -                Public-Key: (1024 bit)
   44.17 +                Public-Key: (2048 bit)
   44.18                  Modulus:
   44.19 -                    00:db:7e:41:d8:93:1f:35:e5:6b:38:25:93:e5:99:
   44.20 -                    cf:fe:c7:b8:ab:0b:14:47:23:66:52:c7:d4:18:58:
   44.21 -                    ff:39:a6:c4:a3:44:2e:46:be:24:7b:9d:71:26:12:
   44.22 -                    6a:99:bd:92:01:5a:dc:a9:36:3c:2d:f8:42:b8:5f:
   44.23 -                    db:87:8f:09:9a:83:32:5c:b6:1d:c5:e4:aa:47:6d:
   44.24 -                    46:11:16:72:44:d7:49:ea:d3:4a:a4:52:9a:f4:8a:
   44.25 -                    b5:e4:ef:32:7b:71:a0:d7:8e:71:86:22:34:44:4a:
   44.26 -                    95:5a:37:ef:c4:7f:57:1f:99:32:39:ef:ab:94:05:
   44.27 -                    1b:9a:88:de:39:85:56:4c:f7
   44.28 +                    00:d6:9f:34:ff:2a:8c:3f:a8:9d:6a:bf:0b:d9:66:
   44.29 +                    57:2b:ba:9d:bd:88:b8:60:57:c9:b1:a8:2d:f1:74:
   44.30 +                    e6:84:29:6c:93:9d:ed:12:03:f9:48:ee:8c:f0:5d:
   44.31 +                    b0:da:9c:a6:2e:4b:64:f1:38:b8:cb:b9:d3:24:57:
   44.32 +                    e1:57:b6:f1:79:4b:ee:d7:30:5c:89:67:43:1a:e1:
   44.33 +                    aa:a2:b3:fb:f5:63:69:5b:55:98:3c:f9:2a:5f:56:
   44.34 +                    f1:b9:6d:a6:4b:8b:9e:c4:2d:30:a2:0e:98:92:0d:
   44.35 +                    c3:f7:80:69:d3:4b:a6:0a:5b:e8:d8:3d:0e:16:1b:
   44.36 +                    09:12:b3:95:55:1b:b3:c8:5a:71:45:4d:05:30:ba:
   44.37 +                    34:8d:86:a0:4a:0f:c3:e5:aa:19:3b:4c:5b:e6:20:
   44.38 +                    03:7b:d5:c4:90:ec:b4:06:8b:55:ec:37:81:f7:f6:
   44.39 +                    6d:f8:1e:01:7c:8f:45:08:25:2f:ab:eb:bb:c6:da:
   44.40 +                    91:6a:f3:c2:21:6c:33:be:ce:56:2e:36:6c:bb:8c:
   44.41 +                    12:3c:fc:1d:8b:33:14:d4:a0:4b:8e:0d:5b:3a:7c:
   44.42 +                    47:32:93:03:48:66:6a:a4:1b:a4:b5:43:19:b9:79:
   44.43 +                    cd:b5:f7:63:a9:5c:8f:ca:99:94:e3:d1:eb:15:a9:
   44.44 +                    16:3b:92:73:a0:fb:2b:16:8b:31:42:28:6f:0a:6d:
   44.45 +                    90:3f
   44.46                  Exponent: 65537 (0x10001)
   44.47          X509v3 extensions:
   44.48              X509v3 Subject Key Identifier: 
   44.49 -                91:8B:82:B9:57:2C:1B:DB:4B:F6:16:04:D7:3F:04:10:DD:8B:3B:05
   44.50 +                41:31:30:65:46:6B:1C:63:B9:C8:23:8E:02:37:E2:FF:FF:7C:C4:53
   44.51              X509v3 Authority Key Identifier: 
   44.52 -                keyid:B4:D4:36:9F:F8:CB:A2:5F:50:89:DA:21:E3:27:C4:91:F7:84:88:45
   44.53 +                keyid:29:6E:FA:0C:C3:3A:D4:13:5F:93:39:0F:10:08:27:C7:BF:62:56:E5
   44.54                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta3/emailAddress=ta3
   44.55 -                serial:C0:C4:B4:7D:88:D6:E3:3E
   44.56 +                serial:8A:15:23:60:8D:FB:3E:84
   44.57  
   44.58              X509v3 Basic Constraints: critical
   44.59                  CA:TRUE
   44.60              X509v3 Key Usage: critical
   44.61                  Certificate Sign, CRL Sign
   44.62      Signature Algorithm: sha256WithRSAEncryption
   44.63 -         8a:bc:bf:7b:28:d4:bd:a2:a9:91:e8:24:cf:1e:1b:05:7c:32:
   44.64 -         68:71:40:9a:ef:48:3c:58:43:6c:ae:90:7a:50:a3:49:86:12:
   44.65 -         57:21:00:0c:49:28:ec:31:fb:04:58:a4:24:c6:7e:14:9d:5a:
   44.66 -         96:bd:ba:cd:c1:31:cd:c8:f0:77:de:3f:81:0a:d0:31:65:f2:
   44.67 -         d5:11:c9:6f:cc:5a:f8:f3:c1:8f:31:37:75:3a:c6:6d:6d:6e:
   44.68 -         d7:16:0a:9b:b0:ce:07:d7:97:36:61:37:5e:4a:16:df:8d:97:
   44.69 -         f4:71:fe:9b:32:4b:b6:d2:27:f4:9a:7c:b8:83:b3:92:48:2c:
   44.70 -         ec:0c
   44.71 +         8c:b9:ed:07:b3:f1:6f:53:7a:1d:62:ef:57:ba:ab:a5:46:93:
   44.72 +         d0:af:3a:67:2d:50:b0:5a:3b:b0:90:e2:f6:71:5e:fd:d6:fc:
   44.73 +         70:ce:6c:bf:51:ba:94:db:84:5d:c6:0b:d9:87:79:ea:bf:40:
   44.74 +         fd:a9:0b:c3:dd:81:ba:7a:40:7e:71:54:89:8b:e4:b2:85:e4:
   44.75 +         d6:93:d2:a4:9a:02:66:f9:7e:aa:48:e3:0c:ad:3c:f7:2e:55:
   44.76 +         fa:a1:10:f9:17:d0:2b:36:8a:36:57:f4:6c:42:2f:cf:4a:dc:
   44.77 +         f2:73:de:8b:08:e7:54:d6:8c:cf:83:ac:de:e0:b4:b5:f3:26:
   44.78 +         9f:9c:a0:6e:1e:29:77:bf:7e:d4:1d:1a:51:77:e1:82:e4:6d:
   44.79 +         fe:04:b4:23:8d:26:2b:9f:3f:f1:d9:98:35:b0:fe:b6:61:3c:
   44.80 +         21:2d:54:e4:2d:f1:3f:88:3d:cb:7d:57:11:98:4b:01:68:0b:
   44.81 +         af:79:a3:f4:8a:5d:11:c7:63:78:ac:94:e7:82:f0:4c:90:b1:
   44.82 +         89:49:f0:8c:50:a3:38:04:98:38:14:49:cc:1d:69:57:84:5a:
   44.83 +         4e:2d:10:f7:0c:88:73:48:de:83:90:0f:a0:53:b9:03:f6:f0:
   44.84 +         bf:cc:d6:91:73:b3:9c:13:0a:dc:24:52:d9:d0:ac:6d:cf:11:
   44.85 +         53:bc:d2:75
   44.86  -----BEGIN CERTIFICATE-----
   44.87 -MIIDNjCCAp+gAwIBAgIBHDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   44.88 +MIIEOzCCAyOgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   44.89  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   44.90  BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTA5
   44.91  MDEwMTAxMDEwMVoXDTA5MDEwMjAxMDEwMVowdTELMAkGA1UEBhMCVVMxEzARBgNV
   44.92  BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   44.93  a2c1MRIwEAYDVQQDDAljaDEuMl90YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS4yX3Rh
   44.94 -MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA235B2JMfNeVrOCWT5ZnP/se4
   44.95 -qwsURyNmUsfUGFj/OabEo0QuRr4ke51xJhJqmb2SAVrcqTY8LfhCuF/bh48JmoMy
   44.96 -XLYdxeSqR21GERZyRNdJ6tNKpFKa9Iq15O8ye3Gg145xhiI0REqVWjfvxH9XH5ky
   44.97 -Oe+rlAUbmojeOYVWTPcCAwEAAaOB4TCB3jAdBgNVHQ4EFgQUkYuCuVcsG9tL9hYE
   44.98 -1z8EEN2LOwUwgZsGA1UdIwSBkzCBkIAUtNQ2n/jLol9Qidoh4yfEkfeEiEWhbaRr
   44.99 -MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtT
  44.100 -YW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZI
  44.101 -hvcNAQkBFgN0YTOCCQDAxLR9iNbjPjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
  44.102 -/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOBgQCKvL97KNS9oqmR6CTPHhsFfDJocUCa
  44.103 -70g8WENsrpB6UKNJhhJXIQAMSSjsMfsEWKQkxn4UnVqWvbrNwTHNyPB33j+BCtAx
  44.104 -ZfLVEclvzFr488GPMTd1OsZtbW7XFgqbsM4H15c2YTdeShbfjZf0cf6bMku20if0
  44.105 -mny4g7OSSCzsDA==
  44.106 +MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANafNP8qjD+onWq/C9lm
  44.107 +Vyu6nb2IuGBXybGoLfF05oQpbJOd7RID+UjujPBdsNqcpi5LZPE4uMu50yRX4Ve2
  44.108 +8XlL7tcwXIlnQxrhqqKz+/VjaVtVmDz5Kl9W8bltpkuLnsQtMKIOmJINw/eAadNL
  44.109 +pgpb6Ng9DhYbCRKzlVUbs8hacUVNBTC6NI2GoEoPw+WqGTtMW+YgA3vVxJDstAaL
  44.110 +Vew3gff2bfgeAXyPRQglL6vru8bakWrzwiFsM77OVi42bLuMEjz8HYszFNSgS44N
  44.111 +Wzp8RzKTA0hmaqQbpLVDGbl5zbX3Y6lcj8qZlOPR6xWpFjuSc6D7KxaLMUIobwpt
  44.112 +kD8CAwEAAaOB4TCB3jAdBgNVHQ4EFgQUQTEwZUZrHGO5yCOOAjfi//98xFMwgZsG
  44.113 +A1UdIwSBkzCBkIAUKW76DMM61BNfkzkPEAgnx79iVuWhbaRrMGkxCzAJBgNVBAYT
  44.114 +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEN
  44.115 +MAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZIhvcNAQkBFgN0YTOC
  44.116 +CQCKFSNgjfs+hDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq
  44.117 +hkiG9w0BAQsFAAOCAQEAjLntB7Pxb1N6HWLvV7qrpUaT0K86Zy1QsFo7sJDi9nFe
  44.118 +/db8cM5sv1G6lNuEXcYL2Yd56r9A/akLw92BunpAfnFUiYvksoXk1pPSpJoCZvl+
  44.119 +qkjjDK089y5V+qEQ+RfQKzaKNlf0bEIvz0rc8nPeiwjnVNaMz4Os3uC0tfMmn5yg
  44.120 +bh4pd79+1B0aUXfhguRt/gS0I40mK58/8dmYNbD+tmE8IS1U5C3xP4g9y31XEZhL
  44.121 +AWgLr3mj9IpdEcdjeKyU54LwTJCxiUnwjFCjOASYOBRJzB1pV4RaTi0Q9wyIc0je
  44.122 +g5APoFO5A/bwv8zWkXOznBMK3CRS2dCsbc8RU7zSdQ==
  44.123  -----END CERTIFICATE-----
    45.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.3_ta3_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    45.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.3_ta3_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    45.3 @@ -1,7 +1,7 @@
    45.4  Certificate:
    45.5      Data:
    45.6          Version: 3 (0x2)
    45.7 -        Serial Number: 30 (0x1e)
    45.8 +        Serial Number: 31 (0x1f)
    45.9      Signature Algorithm: sha256WithRSAEncryption
   45.10          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   45.11          Validity
   45.12 @@ -10,56 +10,77 @@
   45.13          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.3_ta3/emailAddress=ch1.3_ta3
   45.14          Subject Public Key Info:
   45.15              Public Key Algorithm: rsaEncryption
   45.16 -                Public-Key: (1024 bit)
   45.17 +                Public-Key: (2048 bit)
   45.18                  Modulus:
   45.19 -                    00:ce:58:8a:05:67:47:a9:62:99:37:13:35:4c:74:
   45.20 -                    75:9b:2f:d7:4c:23:7a:cd:60:35:0c:95:4b:58:b3:
   45.21 -                    dd:c8:2d:69:ad:3c:8d:d3:27:0d:02:06:d0:4b:6c:
   45.22 -                    6e:57:e9:1f:3c:dc:f3:88:22:25:86:35:13:91:3c:
   45.23 -                    9f:76:67:a4:ae:98:63:d2:73:4d:2f:07:d5:7f:80:
   45.24 -                    7e:27:92:25:16:aa:32:fe:7a:17:65:d5:9f:ee:39:
   45.25 -                    9f:c8:a1:57:6a:9b:2d:e3:61:d9:35:d5:94:fb:fa:
   45.26 -                    95:21:c3:31:33:50:d6:2f:e5:c0:7a:bb:a7:61:a4:
   45.27 -                    e0:9b:5e:ca:99:2a:5d:6a:db
   45.28 +                    00:a5:a2:9a:58:4a:0e:d7:07:3b:38:52:04:65:eb:
   45.29 +                    e5:9e:7c:eb:2e:d6:22:89:1e:a8:b2:5c:d2:8b:6e:
   45.30 +                    76:3b:7c:66:dd:ec:d9:ee:2a:6e:d0:b8:47:e2:cf:
   45.31 +                    30:c8:13:9c:60:2b:6a:e1:9e:62:65:71:77:fb:50:
   45.32 +                    8f:08:95:55:05:86:93:ed:38:f6:b8:5d:bf:07:a1:
   45.33 +                    d9:66:7d:da:80:7b:09:c3:02:74:9c:33:44:6d:cd:
   45.34 +                    7a:0e:be:46:54:14:65:f8:11:75:1f:d7:f4:6c:c8:
   45.35 +                    97:76:fb:20:0c:86:ff:31:bd:c4:7b:86:38:4c:ee:
   45.36 +                    96:c6:c2:b4:c1:ca:ce:9f:43:16:ef:86:d4:fe:fd:
   45.37 +                    04:06:a6:a7:99:30:8e:aa:a8:d3:93:b2:b2:cd:0f:
   45.38 +                    56:50:1a:02:8d:71:c9:2d:b5:97:b7:d2:ca:c8:b1:
   45.39 +                    9d:9b:bd:a6:9c:5a:da:7d:22:2c:41:34:2d:b9:5f:
   45.40 +                    06:d8:ad:26:20:98:f2:d7:48:71:5f:c7:9f:bb:02:
   45.41 +                    6a:64:65:7b:ec:d6:80:ab:a3:c6:45:55:8a:e6:b2:
   45.42 +                    1d:f6:d0:b9:c4:26:85:88:7b:ea:84:3a:3c:f1:c7:
   45.43 +                    e6:b0:47:f6:5f:99:85:b1:cd:5c:20:6a:cc:e4:2c:
   45.44 +                    7d:72:23:92:21:85:37:c5:20:e5:ff:07:36:35:d5:
   45.45 +                    b7:2f
   45.46                  Exponent: 65537 (0x10001)
   45.47          X509v3 extensions:
   45.48              X509v3 Subject Key Identifier: 
   45.49 -                28:44:43:26:57:0F:45:87:1A:A5:36:FB:0F:49:91:4B:A1:38:F3:ED
   45.50 +                8B:2B:21:B0:6C:71:E6:F0:68:6D:FC:32:0C:DB:53:38:EC:B3:43:A6
   45.51              X509v3 Authority Key Identifier: 
   45.52 -                keyid:B4:D4:36:9F:F8:CB:A2:5F:50:89:DA:21:E3:27:C4:91:F7:84:88:45
   45.53 +                keyid:29:6E:FA:0C:C3:3A:D4:13:5F:93:39:0F:10:08:27:C7:BF:62:56:E5
   45.54                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta3/emailAddress=ta3
   45.55 -                serial:C0:C4:B4:7D:88:D6:E3:3E
   45.56 +                serial:8A:15:23:60:8D:FB:3E:84
   45.57  
   45.58              X509v3 Basic Constraints: critical
   45.59                  CA:TRUE
   45.60              X509v3 Key Usage: critical
   45.61                  Certificate Sign, CRL Sign
   45.62      Signature Algorithm: sha256WithRSAEncryption
   45.63 -         b8:a1:7b:ba:b7:10:91:c0:21:86:fe:4d:01:f7:14:34:d9:aa:
   45.64 -         dc:f3:04:56:c2:08:e6:66:f5:77:55:7e:dd:ea:b5:49:ff:d9:
   45.65 -         32:39:2c:c9:9f:2f:9c:b3:cc:68:25:3e:d4:92:ef:be:b7:a1:
   45.66 -         a5:d6:8c:31:3d:3a:7f:f4:5d:e8:ca:a3:30:29:ff:89:82:63:
   45.67 -         cb:46:47:34:e8:ce:25:dd:a4:09:61:0b:08:7b:fd:24:1b:2b:
   45.68 -         2d:9b:b9:84:ba:9e:fe:c1:2a:bd:df:e5:86:08:9c:74:ca:51:
   45.69 -         c8:2e:b8:24:13:49:8c:a4:3e:c1:48:44:bd:30:18:40:88:43:
   45.70 -         c1:a6
   45.71 +         84:66:26:74:86:86:ab:62:33:c4:6e:69:75:7c:54:be:52:f6:
   45.72 +         0a:4e:3a:36:9c:11:a9:f0:7c:65:0d:eb:c5:f4:f7:bf:28:64:
   45.73 +         9f:de:ac:f7:cb:cd:3b:eb:57:a1:2b:3f:d4:e9:d1:f9:2c:7b:
   45.74 +         75:c8:5b:9c:a6:22:cc:fd:04:5e:48:f3:0f:22:a0:f7:75:a8:
   45.75 +         56:b7:4a:95:ee:a0:be:29:c4:8b:9d:ef:d9:65:f6:ac:a8:37:
   45.76 +         41:cc:79:cd:ea:b2:dd:d0:e8:b3:2d:80:36:dd:eb:31:62:7f:
   45.77 +         7e:1a:15:ae:3b:14:cf:ae:aa:1d:8d:42:1e:aa:b7:28:4c:ae:
   45.78 +         30:b2:ab:ac:b4:48:50:e6:ec:35:94:fb:7f:94:de:f8:ea:f9:
   45.79 +         e5:7d:d4:3e:db:58:79:49:59:25:85:33:20:f0:b1:e0:7c:44:
   45.80 +         79:4a:61:e3:39:d4:06:c8:87:05:a5:ce:ff:13:4d:ba:3a:2e:
   45.81 +         9e:78:15:f3:d3:85:9c:41:e1:2d:6d:e2:ce:d1:1d:cc:4f:ee:
   45.82 +         6e:3f:3d:d1:16:df:e2:fe:2a:fc:6b:1f:cc:e1:45:57:0b:b7:
   45.83 +         26:3d:ca:14:ee:5d:81:cd:69:28:4b:d6:25:30:6f:68:39:ea:
   45.84 +         b6:5c:e7:37:05:55:a6:c4:9b:72:42:f8:f1:46:fe:a0:56:27:
   45.85 +         e1:c6:85:e8
   45.86  -----BEGIN CERTIFICATE-----
   45.87 -MIIDNjCCAp+gAwIBAgIBHjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   45.88 +MIIEOzCCAyOgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   45.89  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   45.90  BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTM1
   45.91  MDEwMTAxMDEwMVoXDTM1MDEwMjAxMDEwMVowdTELMAkGA1UEBhMCVVMxEzARBgNV
   45.92  BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   45.93  a2c1MRIwEAYDVQQDDAljaDEuM190YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS4zX3Rh
   45.94 -MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzliKBWdHqWKZNxM1THR1my/X
   45.95 -TCN6zWA1DJVLWLPdyC1prTyN0ycNAgbQS2xuV+kfPNzziCIlhjUTkTyfdmekrphj
   45.96 -0nNNLwfVf4B+J5IlFqoy/noXZdWf7jmfyKFXapst42HZNdWU+/qVIcMxM1DWL+XA
   45.97 -erunYaTgm17KmSpdatsCAwEAAaOB4TCB3jAdBgNVHQ4EFgQUKERDJlcPRYcapTb7
   45.98 -D0mRS6E48+0wgZsGA1UdIwSBkzCBkIAUtNQ2n/jLol9Qidoh4yfEkfeEiEWhbaRr
   45.99 -MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtT
  45.100 -YW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZI
  45.101 -hvcNAQkBFgN0YTOCCQDAxLR9iNbjPjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
  45.102 -/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOBgQC4oXu6txCRwCGG/k0B9xQ02arc8wRW
  45.103 -wgjmZvV3VX7d6rVJ/9kyOSzJny+cs8xoJT7Uku++t6Gl1owxPTp/9F3oyqMwKf+J
  45.104 -gmPLRkc06M4l3aQJYQsIe/0kGystm7mEup7+wSq93+WGCJx0ylHILrgkE0mMpD7B
  45.105 -SES9MBhAiEPBpg==
  45.106 +MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWimlhKDtcHOzhSBGXr
  45.107 +5Z586y7WIokeqLJc0otudjt8Zt3s2e4qbtC4R+LPMMgTnGArauGeYmVxd/tQjwiV
  45.108 +VQWGk+049rhdvweh2WZ92oB7CcMCdJwzRG3Neg6+RlQUZfgRdR/X9GzIl3b7IAyG
  45.109 +/zG9xHuGOEzulsbCtMHKzp9DFu+G1P79BAamp5kwjqqo05Oyss0PVlAaAo1xyS21
  45.110 +l7fSysixnZu9ppxa2n0iLEE0LblfBtitJiCY8tdIcV/Hn7sCamRle+zWgKujxkVV
  45.111 +iuayHfbQucQmhYh76oQ6PPHH5rBH9l+ZhbHNXCBqzOQsfXIjkiGFN8Ug5f8HNjXV
  45.112 +ty8CAwEAAaOB4TCB3jAdBgNVHQ4EFgQUiyshsGxx5vBobfwyDNtTOOyzQ6YwgZsG
  45.113 +A1UdIwSBkzCBkIAUKW76DMM61BNfkzkPEAgnx79iVuWhbaRrMGkxCzAJBgNVBAYT
  45.114 +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEN
  45.115 +MAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZIhvcNAQkBFgN0YTOC
  45.116 +CQCKFSNgjfs+hDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq
  45.117 +hkiG9w0BAQsFAAOCAQEAhGYmdIaGq2IzxG5pdXxUvlL2Ck46NpwRqfB8ZQ3rxfT3
  45.118 +vyhkn96s98vNO+tXoSs/1OnR+Sx7dchbnKYizP0EXkjzDyKg93WoVrdKle6gvinE
  45.119 +i53v2WX2rKg3Qcx5zeqy3dDosy2ANt3rMWJ/fhoVrjsUz66qHY1CHqq3KEyuMLKr
  45.120 +rLRIUObsNZT7f5Te+Or55X3UPttYeUlZJYUzIPCx4HxEeUph4znUBsiHBaXO/xNN
  45.121 +ujounngV89OFnEHhLW3iztEdzE/ubj890Rbf4v4q/GsfzOFFVwu3Jj3KFO5dgc1p
  45.122 +KEvWJTBvaDnqtlznNwVVpsSbckL48Ub+oFYn4caF6A==
  45.123  -----END CERTIFICATE-----
    46.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.4_ta3_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    46.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.4_ta3_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    46.3 @@ -1,7 +1,7 @@
    46.4  Certificate:
    46.5      Data:
    46.6          Version: 3 (0x2)
    46.7 -        Serial Number: 32 (0x20)
    46.8 +        Serial Number: 33 (0x21)
    46.9      Signature Algorithm: sha256WithRSAEncryption
   46.10          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
   46.11          Validity
   46.12 @@ -10,53 +10,75 @@
   46.13          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1.4_ta3/emailAddress=ch1.4_ta3
   46.14          Subject Public Key Info:
   46.15              Public Key Algorithm: rsaEncryption
   46.16 -                Public-Key: (1024 bit)
   46.17 +                Public-Key: (2048 bit)
   46.18                  Modulus:
   46.19 -                    00:e9:3c:28:6e:b8:7a:e3:7a:f2:ee:5e:69:7a:71:
   46.20 -                    b8:bb:97:d5:d3:c4:77:3e:90:f3:29:69:b8:51:ba:
   46.21 -                    8b:27:4d:3f:b2:10:76:86:6e:38:4a:49:be:ce:01:
   46.22 -                    c5:d2:0e:6e:0e:a9:51:e9:94:57:ce:67:4b:99:ca:
   46.23 -                    84:93:a9:f9:e6:35:1c:0f:d6:3d:b1:c1:c7:00:d7:
   46.24 -                    fa:2c:05:a0:20:0d:86:6d:32:c0:54:0f:e8:b9:6e:
   46.25 -                    b5:dd:1a:00:4c:89:bf:d4:6d:79:0e:e7:4e:10:d2:
   46.26 -                    fb:75:2c:03:da:75:c8:e1:b7:dc:2e:42:c5:9b:ec:
   46.27 -                    b2:f1:15:6d:db:56:f9:20:a3
   46.28 +                    00:c1:a0:1e:ec:bd:27:9e:d7:47:3d:4d:78:63:df:
   46.29 +                    b7:54:05:09:1b:22:65:15:de:2a:98:ef:b4:28:f0:
   46.30 +                    2a:92:87:2e:93:7f:0f:3d:ca:ce:d1:b5:23:26:8e:
   46.31 +                    65:4c:c2:57:82:3a:45:8c:5e:77:ac:68:ef:ce:e5:
   46.32 +                    1b:ba:b5:ba:f2:7d:73:04:d0:28:d8:27:74:bb:93:
   46.33 +                    ec:9d:2a:8c:a3:52:95:c0:4b:1a:76:e9:c1:6a:d4:
   46.34 +                    11:84:57:f2:9c:e9:4c:90:ba:7b:ac:cd:8b:a5:7f:
   46.35 +                    ed:43:d7:c3:a0:9e:7b:c6:07:f9:e2:10:46:b9:1e:
   46.36 +                    d6:87:aa:1c:e0:92:89:76:2c:ca:ab:5b:99:92:35:
   46.37 +                    b0:28:88:2d:08:76:99:ed:27:1b:e9:5f:ba:3a:ef:
   46.38 +                    fd:c5:09:43:74:ec:9d:7c:01:cf:db:37:43:3f:c8:
   46.39 +                    6b:9c:8f:f9:c9:04:cb:28:5a:70:ee:19:da:b0:f8:
   46.40 +                    65:5f:c1:d8:09:d0:9e:5e:94:e5:93:79:ad:25:ec:
   46.41 +                    73:1e:4c:43:30:e8:62:bf:a1:f5:ba:3a:21:10:d0:
   46.42 +                    5d:38:a8:fd:a0:4e:e8:b2:13:da:d3:da:b0:85:86:
   46.43 +                    94:36:be:13:4a:66:ad:89:ac:41:0e:e5:47:dc:d4:
   46.44 +                    bd:19:b2:9d:8b:58:27:e4:90:8c:77:09:62:c5:a9:
   46.45 +                    55:c9
   46.46                  Exponent: 65537 (0x10001)
   46.47          X509v3 extensions:
   46.48              X509v3 Subject Key Identifier: 
   46.49 -                33:65:69:5E:6D:D8:12:02:E9:68:A2:6C:7D:77:F1:38:D8:7B:97:E6
   46.50 +                5F:F9:18:9C:13:FA:0C:6D:68:90:7F:A8:63:2E:5F:68:8D:27:9D:A5
   46.51              X509v3 Authority Key Identifier: 
   46.52 -                keyid:B4:D4:36:9F:F8:CB:A2:5F:50:89:DA:21:E3:27:C4:91:F7:84:88:45
   46.53 +                keyid:29:6E:FA:0C:C3:3A:D4:13:5F:93:39:0F:10:08:27:C7:BF:62:56:E5
   46.54                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta3/emailAddress=ta3
   46.55 -                serial:C0:C4:B4:7D:88:D6:E3:3E
   46.56 +                serial:8A:15:23:60:8D:FB:3E:84
   46.57  
   46.58              X509v3 Basic Constraints: critical
   46.59                  CA:TRUE
   46.60      Signature Algorithm: sha256WithRSAEncryption
   46.61 -         5c:06:87:8e:6c:26:b3:5d:7c:94:c0:e3:7d:9e:8c:7c:bf:86:
   46.62 -         e0:07:8a:65:95:af:8f:93:0c:a6:72:e5:cb:36:a5:69:03:95:
   46.63 -         03:7f:e0:18:c8:f2:da:ce:99:b8:54:7a:49:75:f2:61:00:d4:
   46.64 -         f4:63:e1:5c:cc:f0:91:e7:85:92:0d:7e:91:4b:3a:8b:76:e6:
   46.65 -         a0:c8:51:28:06:44:d2:c8:a8:4c:da:be:7e:78:88:45:d3:f7:
   46.66 -         07:92:90:fc:96:4d:7d:ce:5a:c9:9a:21:d9:66:98:3e:9b:5d:
   46.67 -         18:9a:0c:b8:c4:10:86:4d:06:15:d9:ea:19:9b:e7:f7:e2:74:
   46.68 -         25:eb
   46.69 +         24:b0:07:7a:c9:05:ad:8b:61:44:b4:79:c6:5e:3f:af:82:d8:
   46.70 +         ee:71:fb:a2:78:c8:40:aa:69:c0:66:76:31:20:62:e4:22:1e:
   46.71 +         7f:db:47:50:76:f5:0c:09:c2:ef:c7:5f:18:7d:2f:a8:37:4f:
   46.72 +         a8:aa:07:2c:5f:f1:e4:7d:6e:02:de:ae:6a:29:22:e5:d9:4e:
   46.73 +         b7:5b:5f:fa:9c:e2:86:f3:4e:89:46:95:8a:70:3a:a3:da:a7:
   46.74 +         5c:ad:c2:d0:35:cf:6b:8a:eb:8b:55:78:29:fe:c5:a8:71:fd:
   46.75 +         96:e2:7f:05:8f:1e:eb:7c:c2:dd:cb:4c:94:05:a2:76:11:fe:
   46.76 +         ed:d7:7a:df:92:13:7e:12:bb:e4:ff:11:19:b9:04:54:19:6f:
   46.77 +         f0:e3:42:f1:d4:48:d2:5c:0d:83:b8:7d:04:49:ec:c1:6f:a0:
   46.78 +         a7:41:68:8a:e8:78:2d:42:ad:58:b9:0e:0c:a9:14:5a:ce:2e:
   46.79 +         2c:ba:4a:18:98:87:65:d3:8f:cd:23:11:22:35:ea:76:7a:a3:
   46.80 +         33:74:a7:03:aa:84:df:6f:26:d5:e1:4a:e5:91:76:f8:79:2d:
   46.81 +         e0:4d:18:f3:8c:95:5c:6f:c8:f8:03:3a:ab:d6:59:55:17:2b:
   46.82 +         f8:6d:6d:1b:cd:e8:08:92:4c:ea:0d:98:f8:3f:e8:a8:12:fa:
   46.83 +         bb:cb:13:de
   46.84  -----BEGIN CERTIFICATE-----
   46.85 -MIIDJjCCAo+gAwIBAgIBIDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   46.86 +MIIEKzCCAxOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   46.87  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   46.88  BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTM1
   46.89  MDEwMTAxMDEwMVoXDTM1MDEwMjAxMDEwMVowdTELMAkGA1UEBhMCVVMxEzARBgNV
   46.90  BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   46.91  a2c1MRIwEAYDVQQDDAljaDEuNF90YTMxGDAWBgkqhkiG9w0BCQEWCWNoMS40X3Rh
   46.92 -MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Twobrh643ry7l5penG4u5fV
   46.93 -08R3PpDzKWm4UbqLJ00/shB2hm44Skm+zgHF0g5uDqlR6ZRXzmdLmcqEk6n55jUc
   46.94 -D9Y9scHHANf6LAWgIA2GbTLAVA/ouW613RoATIm/1G15DudOENL7dSwD2nXI4bfc
   46.95 -LkLFm+yy8RVt21b5IKMCAwEAAaOB0TCBzjAdBgNVHQ4EFgQUM2VpXm3YEgLpaKJs
   46.96 -fXfxONh7l+YwgZsGA1UdIwSBkzCBkIAUtNQ2n/jLol9Qidoh4yfEkfeEiEWhbaRr
   46.97 -MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtT
   46.98 -YW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZI
   46.99 -hvcNAQkBFgN0YTOCCQDAxLR9iNbjPjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
  46.100 -DQEBCwUAA4GBAFwGh45sJrNdfJTA432ejHy/huAHimWVr4+TDKZy5cs2pWkDlQN/
  46.101 -4BjI8trOmbhUekl18mEA1PRj4VzM8JHnhZINfpFLOot25qDIUSgGRNLIqEzavn54
  46.102 -iEXT9weSkPyWTX3OWsmaIdlmmD6bXRiaDLjEEIZNBhXZ6hmb5/fidCXr
  46.103 +MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGgHuy9J57XRz1NeGPf
  46.104 +t1QFCRsiZRXeKpjvtCjwKpKHLpN/Dz3KztG1IyaOZUzCV4I6RYxed6xo787lG7q1
  46.105 +uvJ9cwTQKNgndLuT7J0qjKNSlcBLGnbpwWrUEYRX8pzpTJC6e6zNi6V/7UPXw6Ce
  46.106 +e8YH+eIQRrke1oeqHOCSiXYsyqtbmZI1sCiILQh2me0nG+lfujrv/cUJQ3TsnXwB
  46.107 +z9s3Qz/Ia5yP+ckEyyhacO4Z2rD4ZV/B2AnQnl6U5ZN5rSXscx5MQzDoYr+h9bo6
  46.108 +IRDQXTio/aBO6LIT2tPasIWGlDa+E0pmrYmsQQ7lR9zUvRmynYtYJ+SQjHcJYsWp
  46.109 +VckCAwEAAaOB0TCBzjAdBgNVHQ4EFgQUX/kYnBP6DG1okH+oYy5faI0nnaUwgZsG
  46.110 +A1UdIwSBkzCBkIAUKW76DMM61BNfkzkPEAgnx79iVuWhbaRrMGkxCzAJBgNVBAYT
  46.111 +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEN
  46.112 +MAsGA1UECgwEcGtnNTEMMAoGA1UEAwwDdGEzMRIwEAYJKoZIhvcNAQkBFgN0YTOC
  46.113 +CQCKFSNgjfs+hDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAk
  46.114 +sAd6yQWti2FEtHnGXj+vgtjucfuieMhAqmnAZnYxIGLkIh5/20dQdvUMCcLvx18Y
  46.115 +fS+oN0+oqgcsX/HkfW4C3q5qKSLl2U63W1/6nOKG806JRpWKcDqj2qdcrcLQNc9r
  46.116 +iuuLVXgp/sWocf2W4n8Fjx7rfMLdy0yUBaJ2Ef7t13rfkhN+Ervk/xEZuQRUGW/w
  46.117 +40Lx1EjSXA2DuH0ESezBb6CnQWiK6HgtQq1YuQ4MqRRazi4sukoYmIdl04/NIxEi
  46.118 +Nep2eqMzdKcDqoTfbybV4UrlkXb4eS3gTRjzjJVcb8j4Azqr1llVFyv4bW0bzegI
  46.119 +kkzqDZj4P+ioEvq7yxPe
  46.120  -----END CERTIFICATE-----
    47.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta1_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    47.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta1_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    47.3 @@ -5,61 +5,82 @@
    47.4      Signature Algorithm: sha256WithRSAEncryption
    47.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta1/emailAddress=ta1
    47.6          Validity
    47.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    47.8 -            Not After : Sep  8 00:13:34 2016 GMT
    47.9 +            Not Before: Jan 22 01:57:53 2016 GMT
   47.10 +            Not After : Oct 18 01:57:53 2018 GMT
   47.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta1/emailAddress=ch1_ta1
   47.12          Subject Public Key Info:
   47.13              Public Key Algorithm: rsaEncryption
   47.14 -                Public-Key: (1024 bit)
   47.15 +                Public-Key: (2048 bit)
   47.16                  Modulus:
   47.17 -                    00:da:3a:b2:74:16:5c:38:7c:93:3a:48:cb:9f:71:
   47.18 -                    7c:aa:b9:ff:d7:25:5f:cd:90:6c:e6:87:6d:ed:34:
   47.19 -                    0f:12:19:00:a8:36:fe:51:4b:b2:38:76:55:2a:d1:
   47.20 -                    ce:3b:a3:78:75:db:c8:ba:85:8b:ad:80:0e:84:ab:
   47.21 -                    1f:4b:80:90:20:56:49:7b:71:a0:16:f8:15:8a:cd:
   47.22 -                    70:ee:45:1f:53:34:3c:85:df:10:75:e2:b1:68:97:
   47.23 -                    c5:0d:66:7f:bf:e7:b3:d1:09:03:1b:50:14:dc:e3:
   47.24 -                    3e:a9:b6:6a:63:e6:0f:51:3e:06:59:50:43:da:10:
   47.25 -                    99:0d:79:a3:b4:76:89:a2:01
   47.26 +                    00:ef:e4:87:59:74:82:97:b8:fa:7e:12:4a:e8:48:
   47.27 +                    fe:95:28:15:6a:c7:07:ac:10:27:fb:58:9e:2c:9a:
   47.28 +                    43:84:2b:1d:e4:04:68:e1:64:cd:3d:be:97:4a:f1:
   47.29 +                    c0:e5:3f:b9:04:70:eb:02:7f:e2:f4:3c:23:44:80:
   47.30 +                    b0:9f:ab:02:09:37:10:c6:25:53:f2:9b:24:d8:7e:
   47.31 +                    c6:0a:71:56:95:72:71:e9:97:d6:70:5f:76:2b:bf:
   47.32 +                    f4:c4:43:93:9c:62:ad:60:3c:27:3a:19:e6:64:db:
   47.33 +                    1d:56:60:a5:32:8c:91:61:15:b9:9a:ef:89:4e:bf:
   47.34 +                    4b:ca:90:7b:01:05:1c:1f:51:ec:33:43:66:f2:eb:
   47.35 +                    45:17:e9:dc:fa:f3:d3:73:82:ae:9b:cc:fb:c8:44:
   47.36 +                    29:3a:c8:24:5c:b7:52:d2:fa:30:0d:42:7a:8c:e1:
   47.37 +                    0a:4c:5a:0c:6e:57:7b:0f:9f:e3:ae:84:bd:1b:10:
   47.38 +                    ee:63:f2:5e:0d:91:bd:9a:b6:e4:f6:a6:85:92:e8:
   47.39 +                    bc:3c:b4:da:13:6e:0b:9b:f9:6f:4b:1d:61:57:44:
   47.40 +                    23:a7:78:35:72:ef:51:a8:98:14:2a:78:d0:55:da:
   47.41 +                    fe:f1:93:e0:fd:6c:e6:42:6b:3b:eb:4f:f8:b1:ac:
   47.42 +                    dd:78:9b:9f:f8:c1:51:28:fe:04:aa:8b:c8:40:f7:
   47.43 +                    f6:73
   47.44                  Exponent: 65537 (0x10001)
   47.45          X509v3 extensions:
   47.46              X509v3 Subject Key Identifier: 
   47.47 -                36:46:2D:8A:1B:8B:CE:C1:1D:02:37:B9:EC:A5:FF:BA:73:AE:E5:48
   47.48 +                2E:B3:14:E2:95:4C:93:07:05:A4:87:64:EA:C4:57:2D:52:3B:8C:F9
   47.49              X509v3 Authority Key Identifier: 
   47.50 -                keyid:81:54:6B:06:08:DD:44:4F:08:81:21:7A:7C:D5:96:EA:53:2B:E3:0A
   47.51 +                keyid:D6:A2:C9:8F:BE:AC:C1:F3:E7:8A:8D:01:1C:0A:7D:C1:EE:88:E5:A6
   47.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta1/emailAddress=ta1
   47.53 -                serial:F6:A8:B6:5C:10:8D:04:4F
   47.54 +                serial:B8:ED:CE:51:42:C8:90:81
   47.55  
   47.56              X509v3 Basic Constraints: critical
   47.57                  CA:TRUE, pathlen:4
   47.58              X509v3 Key Usage: critical
   47.59                  Certificate Sign, CRL Sign
   47.60      Signature Algorithm: sha256WithRSAEncryption
   47.61 -         38:4a:69:9d:14:fa:51:b9:35:9c:c8:ae:e5:c0:e2:2e:4c:d4:
   47.62 -         57:ad:64:05:99:e4:94:b3:d3:97:e0:0e:bd:1c:b4:64:c8:2b:
   47.63 -         07:18:26:7f:99:ef:9c:48:e6:23:b3:96:37:92:54:85:8b:29:
   47.64 -         19:60:12:11:fc:d8:62:84:5c:75:73:76:9e:0f:f8:a7:95:79:
   47.65 -         c8:3c:75:f7:13:73:1f:be:fa:60:79:5c:6c:12:8d:ca:f9:58:
   47.66 -         4b:1f:ed:0a:52:4c:61:95:6f:9a:a7:57:0c:20:9a:19:73:dc:
   47.67 -         3d:42:aa:47:29:ac:92:a9:cc:4a:eb:85:6d:ab:cd:ed:2b:9a:
   47.68 -         e5:c1
   47.69 +         32:8d:c5:57:e8:49:29:70:35:e7:5a:4f:c7:78:70:ad:9e:6e:
   47.70 +         2d:27:e2:a6:95:eb:30:a8:b5:71:6b:0e:5b:de:ca:9b:3e:be:
   47.71 +         8d:34:d4:98:68:67:2f:8a:63:50:66:71:5b:3b:5b:1e:b4:37:
   47.72 +         6b:6b:df:7c:1e:9e:24:01:8d:0a:ea:b0:e5:1f:31:1e:d1:ed:
   47.73 +         68:cf:73:00:56:36:cc:e5:83:3f:c4:c0:00:d5:3f:3c:f8:2f:
   47.74 +         dd:4e:c6:68:08:b5:80:ef:d0:ab:4c:55:a1:7b:4a:1e:67:02:
   47.75 +         5d:fb:56:68:88:f2:49:2f:e5:f5:4c:3a:2d:54:b7:9a:79:38:
   47.76 +         f1:87:b4:d9:8d:b6:0c:88:ec:a1:ce:00:e0:9a:13:3b:57:d6:
   47.77 +         80:17:a0:e8:1b:3e:e6:25:d8:bd:8e:1d:bb:45:36:9f:4b:a7:
   47.78 +         4e:3e:f5:fb:60:73:85:2e:4e:35:10:9a:a8:44:ea:22:8f:6f:
   47.79 +         27:84:3f:e8:02:05:7c:fd:57:61:76:1b:6b:52:6b:b9:c4:6c:
   47.80 +         9b:84:e3:c5:91:16:14:03:a0:80:e8:80:35:bc:92:97:35:13:
   47.81 +         e5:d9:1b:4e:4b:0c:ba:15:cf:d8:5f:c9:86:fd:44:74:88:34:
   47.82 +         76:12:85:90:a1:d9:3a:cf:d3:63:3f:be:91:d1:66:04:fc:5b:
   47.83 +         84:8d:f8:a7
   47.84  -----BEGIN CERTIFICATE-----
   47.85 -MIIDNTCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   47.86 +MIIEOjCCAyKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   47.87  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   47.88 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhMTESMBAGCSqGSIb3DQEJARYDdGExMB4XDTEz
   47.89 -MTIxMzAwMTMzNFoXDTE2MDkwODAwMTMzNFowcTELMAkGA1UEBhMCVVMxEzARBgNV
   47.90 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhMTESMBAGCSqGSIb3DQEJARYDdGExMB4XDTE2
   47.91 +MDEyMjAxNTc1M1oXDTE4MTAxODAxNTc1M1owcTELMAkGA1UEBhMCVVMxEzARBgNV
   47.92  BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   47.93 -a2c1MRAwDgYDVQQDDAdjaDFfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDFfdGExMIGf
   47.94 -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaOrJ0Flw4fJM6SMufcXyquf/XJV/N
   47.95 -kGzmh23tNA8SGQCoNv5RS7I4dlUq0c47o3h128i6hYutgA6Eqx9LgJAgVkl7caAW
   47.96 -+BWKzXDuRR9TNDyF3xB14rFol8UNZn+/57PRCQMbUBTc4z6ptmpj5g9RPgZZUEPa
   47.97 -EJkNeaO0domiAQIDAQABo4HkMIHhMB0GA1UdDgQWBBQ2Ri2KG4vOwR0CN7nspf+6
   47.98 -c67lSDCBmwYDVR0jBIGTMIGQgBSBVGsGCN1ETwiBIXp81ZbqUyvjCqFtpGswaTEL
   47.99 -MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRh
  47.100 -IENsYXJhMQ0wCwYDVQQKDARwa2c1MQwwCgYDVQQDDAN0YTExEjAQBgkqhkiG9w0B
  47.101 -CQEWA3RhMYIJAPaotlwQjQRPMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0PAQH/
  47.102 -BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADhKaZ0U+lG5NZzIruXA4i5M1FetZAWZ
  47.103 -5JSz05fgDr0ctGTIKwcYJn+Z75xI5iOzljeSVIWLKRlgEhH82GKEXHVzdp4P+KeV
  47.104 -ecg8dfcTcx+++mB5XGwSjcr5WEsf7QpSTGGVb5qnVwwgmhlz3D1CqkcprJKpzErr
  47.105 -hW2rze0rmuXB
  47.106 +a2c1MRAwDgYDVQQDDAdjaDFfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDFfdGExMIIB
  47.107 +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7+SHWXSCl7j6fhJK6Ej+lSgV
  47.108 +ascHrBAn+1ieLJpDhCsd5ARo4WTNPb6XSvHA5T+5BHDrAn/i9DwjRICwn6sCCTcQ
  47.109 +xiVT8psk2H7GCnFWlXJx6ZfWcF92K7/0xEOTnGKtYDwnOhnmZNsdVmClMoyRYRW5
  47.110 +mu+JTr9LypB7AQUcH1HsM0Nm8utFF+nc+vPTc4Kum8z7yEQpOsgkXLdS0vowDUJ6
  47.111 +jOEKTFoMbld7D5/jroS9GxDuY/JeDZG9mrbk9qaFkui8PLTaE24Lm/lvSx1hV0Qj
  47.112 +p3g1cu9RqJgUKnjQVdr+8ZPg/WzmQms760/4sazdeJuf+MFRKP4EqovIQPf2cwID
  47.113 +AQABo4HkMIHhMB0GA1UdDgQWBBQusxTilUyTBwWkh2TqxFctUjuM+TCBmwYDVR0j
  47.114 +BIGTMIGQgBTWosmPvqzB8+eKjQEcCn3B7ojlpqFtpGswaTELMAkGA1UEBhMCVVMx
  47.115 +EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYD
  47.116 +VQQKDARwa2c1MQwwCgYDVQQDDAN0YTExEjAQBgkqhkiG9w0BCQEWA3RhMYIJALjt
  47.117 +zlFCyJCBMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
  47.118 +SIb3DQEBCwUAA4IBAQAyjcVX6EkpcDXnWk/HeHCtnm4tJ+KmleswqLVxaw5b3sqb
  47.119 +Pr6NNNSYaGcvimNQZnFbO1setDdra998Hp4kAY0K6rDlHzEe0e1oz3MAVjbM5YM/
  47.120 +xMAA1T88+C/dTsZoCLWA79CrTFWhe0oeZwJd+1ZoiPJJL+X1TDotVLeaeTjxh7TZ
  47.121 +jbYMiOyhzgDgmhM7V9aAF6DoGz7mJdi9jh27RTafS6dOPvX7YHOFLk41EJqoROoi
  47.122 +j28nhD/oAgV8/VdhdhtrUmu5xGybhOPFkRYUA6CA6IA1vJKXNRPl2RtOSwy6Fc/Y
  47.123 +X8mG/UR0iDR2EoWQodk6z9NjP76R0WYE/FuEjfin
  47.124  -----END CERTIFICATE-----
    48.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta3_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    48.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta3_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    48.3 @@ -5,61 +5,82 @@
    48.4      Signature Algorithm: sha256WithRSAEncryption
    48.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta3/emailAddress=ta3
    48.6          Validity
    48.7 -            Not Before: Dec 13 00:13:35 2013 GMT
    48.8 -            Not After : Sep  8 00:13:35 2016 GMT
    48.9 +            Not Before: Jan 22 01:57:56 2016 GMT
   48.10 +            Not After : Oct 18 01:57:56 2018 GMT
   48.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
   48.12          Subject Public Key Info:
   48.13              Public Key Algorithm: rsaEncryption
   48.14 -                Public-Key: (1024 bit)
   48.15 +                Public-Key: (2048 bit)
   48.16                  Modulus:
   48.17 -                    00:ba:0e:36:90:a0:6b:75:19:6b:30:76:54:9e:20:
   48.18 -                    b0:81:70:21:47:97:9c:c1:15:7c:9e:2d:50:3c:db:
   48.19 -                    dc:8c:d0:31:9c:b9:78:c6:2a:5c:53:ca:ed:d3:44:
   48.20 -                    e2:f9:93:d8:b5:b6:a6:8a:c2:bd:be:4f:8b:f5:a0:
   48.21 -                    28:68:cf:ec:f9:e3:e9:57:a8:ab:cd:a5:45:0d:82:
   48.22 -                    eb:f0:5b:aa:2d:1b:88:65:30:9f:a1:74:59:1f:e5:
   48.23 -                    d2:25:f9:d6:31:3f:0a:a2:4a:92:5d:2a:30:2e:3f:
   48.24 -                    2f:72:48:93:f8:8d:7c:bf:79:21:e3:e1:91:9a:a7:
   48.25 -                    03:01:ba:20:95:a6:da:56:35
   48.26 +                    00:ad:c4:ce:08:be:18:a7:5c:74:34:46:19:29:0b:
   48.27 +                    0e:09:7e:42:b2:ac:a4:40:2e:ee:2e:c8:0a:11:a8:
   48.28 +                    88:85:73:a5:d8:15:65:9a:d6:4e:d4:8b:49:c1:32:
   48.29 +                    dc:c3:f9:3d:99:87:d6:df:98:be:f6:71:db:f9:3d:
   48.30 +                    63:98:65:7f:b9:a8:99:3c:f4:28:39:59:bf:e1:ff:
   48.31 +                    7a:ef:a6:54:6e:43:31:33:95:72:d9:7d:11:24:e0:
   48.32 +                    e0:47:24:df:84:27:a4:ee:19:6f:e8:f9:61:42:82:
   48.33 +                    45:78:10:22:29:d5:b2:b8:1a:e6:7a:db:6d:d7:76:
   48.34 +                    aa:27:bb:e7:cc:2b:60:39:8e:ac:3a:1c:b3:62:20:
   48.35 +                    c4:db:10:5c:1d:22:fe:3d:36:ae:14:10:1f:81:d9:
   48.36 +                    ce:bb:bc:93:4a:5f:1c:fc:1a:08:55:a6:4a:84:3b:
   48.37 +                    0b:ca:89:8f:1e:f1:00:fe:6e:5b:9e:a3:57:dd:97:
   48.38 +                    7c:fa:90:e7:ca:8d:9e:f2:b6:24:3e:f5:85:e8:77:
   48.39 +                    53:1e:f5:c8:ba:37:53:05:43:dc:d8:56:c4:f9:cd:
   48.40 +                    56:d3:3b:1a:16:c7:3d:e9:09:26:ef:6a:6a:b1:6b:
   48.41 +                    28:77:14:69:d8:f5:67:a3:2e:04:d2:98:39:91:aa:
   48.42 +                    c8:63:8f:55:56:f4:49:c9:67:84:82:a4:dd:d5:37:
   48.43 +                    b9:8f
   48.44                  Exponent: 65537 (0x10001)
   48.45          X509v3 extensions:
   48.46              X509v3 Subject Key Identifier: 
   48.47 -                A7:11:90:E6:5F:5F:79:74:A3:1D:B5:9E:0C:15:F1:16:C5:D4:FB:6B
   48.48 +                2B:95:76:FC:68:FE:EC:2A:19:A1:FC:D3:30:D9:C8:26:24:79:BE:9B
   48.49              X509v3 Authority Key Identifier: 
   48.50 -                keyid:B4:D4:36:9F:F8:CB:A2:5F:50:89:DA:21:E3:27:C4:91:F7:84:88:45
   48.51 +                keyid:29:6E:FA:0C:C3:3A:D4:13:5F:93:39:0F:10:08:27:C7:BF:62:56:E5
   48.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta3/emailAddress=ta3
   48.53 -                serial:C0:C4:B4:7D:88:D6:E3:3E
   48.54 +                serial:8A:15:23:60:8D:FB:3E:84
   48.55  
   48.56              X509v3 Basic Constraints: critical
   48.57                  CA:TRUE
   48.58              X509v3 Key Usage: critical
   48.59                  Certificate Sign, CRL Sign
   48.60      Signature Algorithm: sha256WithRSAEncryption
   48.61 -         5f:db:a1:d4:03:bc:a0:f9:d7:80:88:ac:94:2b:22:cc:1c:88:
   48.62 -         56:65:bd:0d:57:d6:d4:ae:5c:a2:27:44:7c:5e:4d:23:8c:ba:
   48.63 -         fe:1c:a6:49:96:20:c2:f5:45:cf:52:0e:0a:80:40:5b:1c:e7:
   48.64 -         83:2b:d4:72:6c:95:10:c6:a7:44:27:85:6b:e5:37:f5:a4:25:
   48.65 -         70:e4:e0:0e:de:1d:c1:72:1f:05:be:0f:4b:23:61:38:e3:52:
   48.66 -         cb:05:c3:f4:41:26:80:58:ea:02:c6:6b:7d:f8:9f:41:40:76:
   48.67 -         94:44:59:2e:da:bc:a8:54:11:22:bc:58:ff:61:85:3c:60:e7:
   48.68 -         67:e6
   48.69 +         82:73:57:62:96:05:6f:f0:f1:22:b0:e7:f7:4f:c8:a7:20:9e:
   48.70 +         94:cc:80:fa:9f:4f:98:24:75:49:5d:e7:cf:51:11:de:0d:64:
   48.71 +         3c:24:8c:2b:5d:84:7c:40:6a:d2:27:81:2e:19:f4:16:c0:d3:
   48.72 +         e1:d3:fa:23:e9:25:cc:f8:e2:f5:e8:b7:2b:ae:c5:70:19:f7:
   48.73 +         0e:d4:ac:35:16:56:ad:7c:dc:f6:39:f2:80:b4:d3:d3:67:f7:
   48.74 +         d9:cd:58:bf:17:01:94:50:af:a4:17:b9:49:50:1a:73:d7:f9:
   48.75 +         1e:f4:6b:43:01:53:cf:a1:da:66:9d:e4:1c:fc:48:41:24:83:
   48.76 +         ae:ce:18:d2:a7:95:5f:70:c6:24:e0:72:ec:08:c4:49:67:ac:
   48.77 +         73:dc:f0:ad:2c:1c:f6:6c:e2:e9:44:2f:38:d4:80:03:71:41:
   48.78 +         be:7c:04:b9:07:3e:a5:9d:6a:3c:b1:46:d9:d2:4d:76:28:ee:
   48.79 +         37:da:5b:53:30:30:31:23:0b:95:47:c3:41:d3:45:1b:08:47:
   48.80 +         22:14:e7:84:11:da:b2:95:c8:ea:98:94:d0:d1:33:8a:36:71:
   48.81 +         a1:2f:fe:65:2e:91:39:16:6e:5e:1c:ff:0a:57:d5:eb:88:50:
   48.82 +         b3:f2:89:68:c2:ff:a9:bd:af:de:c6:0f:57:af:15:4e:c1:31:
   48.83 +         1e:67:16:2c
   48.84  -----BEGIN CERTIFICATE-----
   48.85 -MIIDMjCCApugAwIBAgIBEDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   48.86 +MIIENzCCAx+gAwIBAgIBEDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   48.87  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   48.88 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTEz
   48.89 -MTIxMzAwMTMzNVoXDTE2MDkwODAwMTMzNVowcTELMAkGA1UEBhMCVVMxEzARBgNV
   48.90 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhMzESMBAGCSqGSIb3DQEJARYDdGEzMB4XDTE2
   48.91 +MDEyMjAxNTc1NloXDTE4MTAxODAxNTc1NlowcTELMAkGA1UEBhMCVVMxEzARBgNV
   48.92  BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   48.93 -a2c1MRAwDgYDVQQDDAdjaDFfdGEzMRYwFAYJKoZIhvcNAQkBFgdjaDFfdGEzMIGf
   48.94 -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6DjaQoGt1GWswdlSeILCBcCFHl5zB
   48.95 -FXyeLVA829yM0DGcuXjGKlxTyu3TROL5k9i1tqaKwr2+T4v1oChoz+z54+lXqKvN
   48.96 -pUUNguvwW6otG4hlMJ+hdFkf5dIl+dYxPwqiSpJdKjAuPy9ySJP4jXy/eSHj4ZGa
   48.97 -pwMBuiCVptpWNQIDAQABo4HhMIHeMB0GA1UdDgQWBBSnEZDmX195dKMdtZ4MFfEW
   48.98 -xdT7azCBmwYDVR0jBIGTMIGQgBS01Daf+MuiX1CJ2iHjJ8SR94SIRaFtpGswaTEL
   48.99 -MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRh
  48.100 -IENsYXJhMQ0wCwYDVQQKDARwa2c1MQwwCgYDVQQDDAN0YTMxEjAQBgkqhkiG9w0B
  48.101 -CQEWA3RhM4IJAMDEtH2I1uM+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
  48.102 -AgEGMA0GCSqGSIb3DQEBCwUAA4GBAF/bodQDvKD514CIrJQrIswciFZlvQ1X1tSu
  48.103 -XKInRHxeTSOMuv4cpkmWIML1Rc9SDgqAQFsc54Mr1HJslRDGp0QnhWvlN/WkJXDk
  48.104 -4A7eHcFyHwW+D0sjYTjjUssFw/RBJoBY6gLGa334n0FAdpREWS7avKhUESK8WP9h
  48.105 -hTxg52fm
  48.106 +a2c1MRAwDgYDVQQDDAdjaDFfdGEzMRYwFAYJKoZIhvcNAQkBFgdjaDFfdGEzMIIB
  48.107 +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcTOCL4Yp1x0NEYZKQsOCX5C
  48.108 +sqykQC7uLsgKEaiIhXOl2BVlmtZO1ItJwTLcw/k9mYfW35i+9nHb+T1jmGV/uaiZ
  48.109 +PPQoOVm/4f9676ZUbkMxM5Vy2X0RJODgRyTfhCek7hlv6PlhQoJFeBAiKdWyuBrm
  48.110 +ettt13aqJ7vnzCtgOY6sOhyzYiDE2xBcHSL+PTauFBAfgdnOu7yTSl8c/BoIVaZK
  48.111 +hDsLyomPHvEA/m5bnqNX3Zd8+pDnyo2e8rYkPvWF6HdTHvXIujdTBUPc2FbE+c1W
  48.112 +0zsaFsc96Qkm72pqsWsodxRp2PVnoy4E0pg5karIY49VVvRJyWeEgqTd1Te5jwID
  48.113 +AQABo4HhMIHeMB0GA1UdDgQWBBQrlXb8aP7sKhmh/NMw2cgmJHm+mzCBmwYDVR0j
  48.114 +BIGTMIGQgBQpbvoMwzrUE1+TOQ8QCCfHv2JW5aFtpGswaTELMAkGA1UEBhMCVVMx
  48.115 +EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYD
  48.116 +VQQKDARwa2c1MQwwCgYDVQQDDAN0YTMxEjAQBgkqhkiG9w0BCQEWA3RhM4IJAIoV
  48.117 +I2CN+z6EMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
  48.118 +DQEBCwUAA4IBAQCCc1dilgVv8PEisOf3T8inIJ6UzID6n0+YJHVJXefPURHeDWQ8
  48.119 +JIwrXYR8QGrSJ4EuGfQWwNPh0/oj6SXM+OL16LcrrsVwGfcO1Kw1FlatfNz2OfKA
  48.120 +tNPTZ/fZzVi/FwGUUK+kF7lJUBpz1/ke9GtDAVPPodpmneQc/EhBJIOuzhjSp5Vf
  48.121 +cMYk4HLsCMRJZ6xz3PCtLBz2bOLpRC841IADcUG+fAS5Bz6lnWo8sUbZ0k12KO43
  48.122 +2ltTMDAxIwuVR8NB00UbCEciFOeEEdqylcjqmJTQ0TOKNnGhL/5lLpE5Fm5eHP8K
  48.123 +V9XriFCz8olowv+pva/exg9XrxVOwTEeZxYs
  48.124  -----END CERTIFICATE-----
    49.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta4_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    49.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta4_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    49.3 @@ -1,65 +1,86 @@
    49.4  Certificate:
    49.5      Data:
    49.6          Version: 3 (0x2)
    49.7 -        Serial Number: 34 (0x22)
    49.8 +        Serial Number: 35 (0x23)
    49.9      Signature Algorithm: sha256WithRSAEncryption
   49.10          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta4/emailAddress=ta4
   49.11          Validity
   49.12 -            Not Before: Dec 13 00:13:37 2013 GMT
   49.13 -            Not After : Sep  8 00:13:37 2016 GMT
   49.14 +            Not Before: Jan 22 01:57:59 2016 GMT
   49.15 +            Not After : Oct 18 01:57:59 2018 GMT
   49.16          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta4/emailAddress=ch1_ta4
   49.17          Subject Public Key Info:
   49.18              Public Key Algorithm: rsaEncryption
   49.19 -                Public-Key: (1024 bit)
   49.20 +                Public-Key: (2048 bit)
   49.21                  Modulus:
   49.22 -                    00:b4:25:1c:3a:c2:26:af:8d:82:4d:29:e3:e0:78:
   49.23 -                    6f:2b:7f:3c:b1:8c:c0:37:96:71:d2:42:21:df:2e:
   49.24 -                    c4:c0:5a:60:e4:71:6f:05:df:88:a8:4b:ec:87:54:
   49.25 -                    8d:08:c9:f7:19:84:a5:d0:cc:cb:43:c3:70:69:67:
   49.26 -                    2e:4c:be:e6:2d:93:90:f9:02:30:a7:43:d2:1f:e5:
   49.27 -                    d4:cf:5b:5c:74:88:06:0e:ee:cd:78:2c:2f:27:4c:
   49.28 -                    99:2f:be:9a:73:5b:9b:1c:e3:67:54:b6:74:a7:c9:
   49.29 -                    31:d3:63:6a:c5:4a:50:22:eb:af:e2:cd:7a:de:59:
   49.30 -                    68:6a:a6:0e:26:d6:52:b6:a1
   49.31 +                    00:bb:fd:5f:54:54:fb:49:01:62:e3:f9:cb:c6:a1:
   49.32 +                    e4:26:2c:7d:8e:44:0c:d3:2a:de:7c:6d:c0:e3:7e:
   49.33 +                    52:ac:7c:19:8e:6d:18:bd:76:2f:2c:89:d1:5b:e6:
   49.34 +                    e4:cb:58:b4:19:8d:d4:16:c9:23:83:f7:48:7f:dd:
   49.35 +                    4e:0f:8d:56:21:43:7b:69:3f:ec:13:dc:34:6e:f0:
   49.36 +                    28:e5:21:eb:45:2c:0f:50:c1:17:0d:f7:81:ee:bb:
   49.37 +                    6c:ee:f8:e7:3d:b9:62:d9:45:92:f1:52:f8:d3:e0:
   49.38 +                    0c:fc:cc:db:98:6a:21:15:71:7e:a4:11:45:e2:bb:
   49.39 +                    d5:bb:2a:6c:d2:ec:81:e0:92:59:e6:db:d9:c4:c2:
   49.40 +                    36:e1:55:73:73:94:cb:c3:b5:1f:a4:27:2e:a3:60:
   49.41 +                    a5:aa:52:3b:55:89:04:f8:f2:c8:4a:a0:04:c1:d1:
   49.42 +                    4b:cb:ea:d9:d0:78:b4:48:db:47:24:bb:45:5b:17:
   49.43 +                    6c:bd:70:0a:88:d7:0b:85:c0:3a:96:3d:ae:ac:da:
   49.44 +                    c7:95:4a:8b:02:1a:42:bf:b1:8d:0d:67:96:75:74:
   49.45 +                    d7:ea:58:4a:d7:f7:74:c2:38:19:94:18:95:a6:04:
   49.46 +                    38:d9:38:24:81:91:d2:07:e1:3e:51:f4:57:83:b0:
   49.47 +                    45:e2:34:e7:67:8e:0e:bd:d9:71:41:40:52:3b:7e:
   49.48 +                    6e:91
   49.49                  Exponent: 65537 (0x10001)
   49.50          X509v3 extensions:
   49.51              X509v3 Subject Key Identifier: 
   49.52 -                29:7A:F9:B4:E3:1B:8F:19:63:52:FA:19:A0:AB:DA:37:E4:70:A9:71
   49.53 +                59:7F:0E:5C:5B:04:78:41:DB:55:AC:9E:07:50:E4:FB:9E:26:28:C8
   49.54              X509v3 Authority Key Identifier: 
   49.55 -                keyid:84:46:29:88:74:31:EF:A6:CC:3C:E3:58:29:DE:BE:FD:1B:F4:59:98
   49.56 +                keyid:B1:21:EA:DF:EB:EB:ED:BB:BE:BE:0F:FA:69:1D:B6:28:E9:6F:8F:45
   49.57                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta4/emailAddress=ta4
   49.58 -                serial:E8:F7:8D:38:FA:4B:55:DD
   49.59 +                serial:98:F5:DE:E5:E8:5C:CD:26
   49.60  
   49.61              X509v3 Basic Constraints: critical
   49.62                  CA:TRUE
   49.63              X509v3 Key Usage: critical
   49.64                  Certificate Sign, CRL Sign
   49.65      Signature Algorithm: sha256WithRSAEncryption
   49.66 -         91:d2:2e:6f:55:ce:c6:39:d8:b4:1f:7a:df:7f:bd:8f:4e:66:
   49.67 -         ec:10:3d:35:f1:36:22:90:ae:b7:16:e4:48:f5:ec:63:27:e8:
   49.68 -         88:32:78:ac:21:cc:71:f9:46:6a:73:b7:09:24:a7:44:68:41:
   49.69 -         a5:07:f9:a3:ec:c7:53:ca:68:e4:09:68:b7:ee:11:f2:8c:08:
   49.70 -         80:3c:a5:56:e2:f3:a8:aa:1e:34:99:49:26:8a:1f:50:36:d2:
   49.71 -         0e:ee:b6:a0:a6:e6:b0:94:41:a6:bc:de:93:6f:af:b3:fa:f4:
   49.72 -         a3:c3:46:83:f8:27:67:8e:9e:40:ec:79:08:0b:e2:46:73:61:
   49.73 -         0d:c6
   49.74 +         4b:d5:d6:af:df:60:18:e2:66:8c:5e:87:2c:bb:50:8d:4b:c0:
   49.75 +         85:63:c3:c4:6f:00:fb:3c:fa:5e:3f:8e:a6:b0:4c:91:ef:29:
   49.76 +         c7:30:82:e6:25:68:44:b5:a8:d0:8a:37:e1:50:e2:2a:ce:37:
   49.77 +         8d:d9:70:84:f0:90:c6:8f:2e:eb:09:f5:5a:5f:e6:4c:1c:24:
   49.78 +         8a:32:17:50:51:47:e5:23:bb:c0:47:47:71:58:36:3a:4e:91:
   49.79 +         79:06:0d:c8:00:e7:20:15:12:bb:28:e3:85:bd:55:dc:78:d5:
   49.80 +         10:79:f8:f0:fb:62:af:81:50:0f:3d:fe:d4:36:4c:60:92:54:
   49.81 +         3a:31:d0:6d:62:b4:29:dd:bd:33:c2:82:ba:00:5b:7a:b4:6d:
   49.82 +         12:d0:0b:fc:dc:65:68:98:d1:73:2a:f1:c0:36:cd:16:b2:e6:
   49.83 +         f5:8e:fc:b9:35:66:43:cb:2e:01:c7:73:4b:75:95:b8:4f:b4:
   49.84 +         58:8c:f7:44:7e:cc:3b:26:39:8f:ad:10:e5:ad:16:f1:8b:1b:
   49.85 +         17:bb:79:16:e6:c7:53:f5:7c:6b:4c:a8:fb:95:63:8f:69:ff:
   49.86 +         67:39:7a:a0:33:67:00:e3:8f:49:77:e5:90:61:1f:da:7d:d8:
   49.87 +         7f:f3:95:b6:74:fc:a0:36:5c:4d:99:39:d2:5f:62:2e:7b:78:
   49.88 +         46:89:76:1a
   49.89  -----BEGIN CERTIFICATE-----
   49.90 -MIIDMjCCApugAwIBAgIBIjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   49.91 +MIIENzCCAx+gAwIBAgIBIzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   49.92  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   49.93 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhNDESMBAGCSqGSIb3DQEJARYDdGE0MB4XDTEz
   49.94 -MTIxMzAwMTMzN1oXDTE2MDkwODAwMTMzN1owcTELMAkGA1UEBhMCVVMxEzARBgNV
   49.95 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhNDESMBAGCSqGSIb3DQEJARYDdGE0MB4XDTE2
   49.96 +MDEyMjAxNTc1OVoXDTE4MTAxODAxNTc1OVowcTELMAkGA1UEBhMCVVMxEzARBgNV
   49.97  BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   49.98 -a2c1MRAwDgYDVQQDDAdjaDFfdGE0MRYwFAYJKoZIhvcNAQkBFgdjaDFfdGE0MIGf
   49.99 -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0JRw6wiavjYJNKePgeG8rfzyxjMA3
  49.100 -lnHSQiHfLsTAWmDkcW8F34ioS+yHVI0IyfcZhKXQzMtDw3BpZy5MvuYtk5D5AjCn
  49.101 -Q9If5dTPW1x0iAYO7s14LC8nTJkvvppzW5sc42dUtnSnyTHTY2rFSlAi66/izXre
  49.102 -WWhqpg4m1lK2oQIDAQABo4HhMIHeMB0GA1UdDgQWBBQpevm04xuPGWNS+hmgq9o3
  49.103 -5HCpcTCBmwYDVR0jBIGTMIGQgBSERimIdDHvpsw841gp3r79G/RZmKFtpGswaTEL
  49.104 -MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRh
  49.105 -IENsYXJhMQ0wCwYDVQQKDARwa2c1MQwwCgYDVQQDDAN0YTQxEjAQBgkqhkiG9w0B
  49.106 -CQEWA3RhNIIJAOj3jTj6S1XdMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
  49.107 -AgEGMA0GCSqGSIb3DQEBCwUAA4GBAJHSLm9VzsY52LQfet9/vY9OZuwQPTXxNiKQ
  49.108 -rrcW5Ej17GMn6IgyeKwhzHH5Rmpztwkkp0RoQaUH+aPsx1PKaOQJaLfuEfKMCIA8
  49.109 -pVbi86iqHjSZSSaKH1A20g7utqCm5rCUQaa83pNvr7P69KPDRoP4J2eOnkDseQgL
  49.110 -4kZzYQ3G
  49.111 +a2c1MRAwDgYDVQQDDAdjaDFfdGE0MRYwFAYJKoZIhvcNAQkBFgdjaDFfdGE0MIIB
  49.112 +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/1fVFT7SQFi4/nLxqHkJix9
  49.113 +jkQM0yrefG3A435SrHwZjm0YvXYvLInRW+bky1i0GY3UFskjg/dIf91OD41WIUN7
  49.114 +aT/sE9w0bvAo5SHrRSwPUMEXDfeB7rts7vjnPbli2UWS8VL40+AM/MzbmGohFXF+
  49.115 +pBFF4rvVuyps0uyB4JJZ5tvZxMI24VVzc5TLw7UfpCcuo2ClqlI7VYkE+PLISqAE
  49.116 +wdFLy+rZ0Hi0SNtHJLtFWxdsvXAKiNcLhcA6lj2urNrHlUqLAhpCv7GNDWeWdXTX
  49.117 +6lhK1/d0wjgZlBiVpgQ42TgkgZHSB+E+UfRXg7BF4jTnZ44OvdlxQUBSO35ukQID
  49.118 +AQABo4HhMIHeMB0GA1UdDgQWBBRZfw5cWwR4QdtVrJ4HUOT7niYoyDCBmwYDVR0j
  49.119 +BIGTMIGQgBSxIerf6+vtu76+D/ppHbYo6W+PRaFtpGswaTELMAkGA1UEBhMCVVMx
  49.120 +EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYD
  49.121 +VQQKDARwa2c1MQwwCgYDVQQDDAN0YTQxEjAQBgkqhkiG9w0BCQEWA3RhNIIJAJj1
  49.122 +3uXoXM0mMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
  49.123 +DQEBCwUAA4IBAQBL1dav32AY4maMXocsu1CNS8CFY8PEbwD7PPpeP46msEyR7ynH
  49.124 +MILmJWhEtajQijfhUOIqzjeN2XCE8JDGjy7rCfVaX+ZMHCSKMhdQUUflI7vAR0dx
  49.125 +WDY6TpF5Bg3IAOcgFRK7KOOFvVXceNUQefjw+2KvgVAPPf7UNkxgklQ6MdBtYrQp
  49.126 +3b0zwoK6AFt6tG0S0Av83GVomNFzKvHANs0Wsub1jvy5NWZDyy4Bx3NLdZW4T7RY
  49.127 +jPdEfsw7JjmPrRDlrRbxixsXu3kW5sdT9XxrTKj7lWOPaf9nOXqgM2cA449Jd+WQ
  49.128 +YR/afdh/85W2dPygNlxNmTnSX2Iue3hGiXYa
  49.129  -----END CERTIFICATE-----
    50.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta5_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    50.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta5_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    50.3 @@ -1,34 +1,43 @@
    50.4  Certificate:
    50.5      Data:
    50.6          Version: 3 (0x2)
    50.7 -        Serial Number: 40 (0x28)
    50.8 +        Serial Number: 41 (0x29)
    50.9      Signature Algorithm: sha256WithRSAEncryption
   50.10          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ta5/emailAddress=ta5
   50.11          Validity
   50.12 -            Not Before: Dec 13 00:13:38 2013 GMT
   50.13 -            Not After : Sep  8 00:13:38 2016 GMT
   50.14 +            Not Before: Jan 22 01:57:59 2016 GMT
   50.15 +            Not After : Oct 18 01:57:59 2018 GMT
   50.16          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta5/emailAddress=ch1_ta5
   50.17          Subject Public Key Info:
   50.18              Public Key Algorithm: rsaEncryption
   50.19 -                Public-Key: (1024 bit)
   50.20 +                Public-Key: (2048 bit)
   50.21                  Modulus:
   50.22 -                    00:c6:67:76:93:23:82:9f:2f:70:27:4f:64:9e:c3:
   50.23 -                    80:4d:e3:9d:bb:f9:ea:2e:f1:02:e1:e1:a8:5b:f6:
   50.24 -                    dc:c9:7b:ef:be:5a:41:11:bd:c4:51:e1:d8:74:6a:
   50.25 -                    16:89:83:f7:3a:fd:0b:cc:9b:e6:96:d8:13:e3:ef:
   50.26 -                    78:65:97:ff:81:90:97:e8:77:fd:ed:9c:56:2e:c7:
   50.27 -                    a4:ec:f7:2c:fc:a0:f6:de:ab:ec:d6:e7:9e:35:e6:
   50.28 -                    b7:dc:65:1b:c8:e4:5a:a2:9d:d8:5b:b9:fa:26:8c:
   50.29 -                    8d:00:66:c4:05:28:9c:a8:3c:b1:81:c7:75:0a:51:
   50.30 -                    ed:4f:49:d7:96:b5:8b:34:f9
   50.31 +                    00:c4:30:ef:b0:77:4e:44:58:ca:72:ac:ea:37:5e:
   50.32 +                    8d:4e:a1:89:7b:b1:ff:ee:da:e1:fb:3a:3c:b7:44:
   50.33 +                    37:af:79:c9:ae:21:c6:d2:6d:27:68:a8:ac:b3:77:
   50.34 +                    4f:9a:b9:51:af:f9:47:bf:49:6c:f6:21:f9:b9:78:
   50.35 +                    2e:b4:a5:29:db:96:06:6a:2c:c6:25:6e:e9:eb:59:
   50.36 +                    01:c1:c6:34:ef:1d:61:8f:5f:55:d8:fc:42:ac:12:
   50.37 +                    5f:8c:b1:51:da:f6:82:7a:49:f4:2a:72:15:b0:1a:
   50.38 +                    2c:7e:e5:4a:33:64:ca:ad:a2:7b:37:aa:7e:9a:ab:
   50.39 +                    ce:e6:18:de:93:58:47:33:be:e7:48:da:c5:95:aa:
   50.40 +                    fc:ff:83:b9:00:74:39:dd:21:b8:d3:5b:3d:e3:28:
   50.41 +                    ef:11:59:65:9b:96:59:a5:fe:08:ab:8e:80:ba:32:
   50.42 +                    09:38:1c:a1:b1:99:db:3e:90:0e:e6:cd:51:d4:4f:
   50.43 +                    75:98:67:c3:42:71:76:0a:b4:e1:fb:44:c0:8a:35:
   50.44 +                    d9:a2:d3:7b:e0:0c:4d:4b:67:06:ee:5c:06:72:81:
   50.45 +                    25:bd:b1:5c:db:19:55:e3:9a:ee:ae:58:46:60:5c:
   50.46 +                    a2:df:f5:89:09:48:3f:cd:7f:9b:20:0e:84:ef:8c:
   50.47 +                    5a:ea:5e:99:59:4b:91:af:18:5d:0a:08:c3:0c:38:
   50.48 +                    87:6f
   50.49                  Exponent: 65537 (0x10001)
   50.50          X509v3 extensions:
   50.51              X509v3 Subject Key Identifier: 
   50.52 -                8E:29:B3:96:C1:67:FE:34:F3:55:99:68:C4:DA:2A:C0:24:8A:19:C6
   50.53 +                AB:85:31:3F:5E:AA:BD:C0:59:AC:A2:04:AA:D7:29:E8:19:AE:FB:F4
   50.54              X509v3 Authority Key Identifier: 
   50.55 -                keyid:29:DA:B1:46:E3:61:51:AC:3C:3E:F6:78:5B:95:7B:6D:B2:F9:17:21
   50.56 +                keyid:DC:66:15:EE:AB:F6:53:B7:63:E5:B0:CB:B8:F0:D4:61:B5:27:94:3F
   50.57                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta5/emailAddress=ta5
   50.58 -                serial:A7:8F:F0:5E:6B:64:C2:46
   50.59 +                serial:A9:DD:14:32:D5:19:7A:EA
   50.60  
   50.61              X509v3 Basic Constraints: critical
   50.62                  CA:TRUE
   50.63 @@ -40,32 +49,44 @@
   50.64              X509v3 Key Usage: critical
   50.65                  Certificate Sign, CRL Sign
   50.66      Signature Algorithm: sha256WithRSAEncryption
   50.67 -         9d:32:27:d7:4e:4e:8b:e4:9f:d0:0d:11:f3:e5:be:5f:7f:7e:
   50.68 -         cf:ef:98:41:33:ba:04:ba:d9:7a:11:88:b8:13:66:74:44:1c:
   50.69 -         fb:1e:f3:fa:d4:18:85:cd:ed:f0:f8:c2:be:ab:75:cf:65:da:
   50.70 -         1a:77:01:0e:aa:49:ea:af:a7:db:39:84:f2:01:1d:28:e7:df:
   50.71 -         22:a9:59:5a:21:f9:f9:30:84:64:52:50:01:9b:b2:bf:ca:8a:
   50.72 -         b4:8b:36:96:e3:1a:ea:51:53:36:82:ba:88:8f:15:8c:e6:79:
   50.73 -         59:aa:71:9b:4c:58:a2:68:f0:43:36:15:af:69:af:32:ed:49:
   50.74 -         c8:9c
   50.75 +         13:bc:5b:b0:af:1c:17:88:8d:4f:2b:ee:1c:3b:b2:fd:2f:b9:
   50.76 +         c3:18:d6:08:1d:3f:46:31:56:ca:97:ec:d6:96:18:b4:f0:9e:
   50.77 +         9a:c6:c9:52:bc:b3:e9:f2:6c:27:a9:29:54:33:fa:15:59:16:
   50.78 +         b7:e8:0c:d7:4a:a9:34:02:19:72:43:56:c0:ad:d2:b4:c0:61:
   50.79 +         be:22:e5:e5:cf:68:8a:5c:50:b1:ee:5d:38:3d:83:65:27:58:
   50.80 +         a6:10:ee:46:17:54:94:85:da:5e:da:1c:a4:0c:5a:31:78:47:
   50.81 +         07:37:c1:c7:fa:49:84:84:5e:a5:e3:67:83:66:55:b1:9b:06:
   50.82 +         c2:4f:75:83:19:4a:1f:86:33:14:08:10:90:fa:6a:5d:a8:d0:
   50.83 +         69:8c:8b:9b:36:9a:80:2e:bc:f8:ec:8f:12:22:75:78:b9:eb:
   50.84 +         ff:02:90:d3:77:32:16:ab:78:c8:62:46:22:78:c6:c1:22:30:
   50.85 +         8e:a0:7a:78:1d:9f:14:fe:bf:39:f3:d2:d3:4f:65:32:5d:26:
   50.86 +         8c:02:c1:9d:55:94:dd:ec:e1:b8:ab:0a:08:ff:7f:9f:ba:55:
   50.87 +         88:23:72:d5:79:1d:e7:b0:54:9c:a6:bf:fa:7f:73:bc:19:ac:
   50.88 +         b3:38:ab:d0:00:33:c2:dd:cb:30:69:98:4b:d5:5b:a6:f8:cd:
   50.89 +         00:19:9c:dd
   50.90  -----BEGIN CERTIFICATE-----
   50.91 -MIIDcDCCAtmgAwIBAgIBKDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   50.92 +MIIEdTCCA12gAwIBAgIBKTANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzET
   50.93  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   50.94 -BAoMBHBrZzUxDDAKBgNVBAMMA3RhNTESMBAGCSqGSIb3DQEJARYDdGE1MB4XDTEz
   50.95 -MTIxMzAwMTMzOFoXDTE2MDkwODAwMTMzOFowcTELMAkGA1UEBhMCVVMxEzARBgNV
   50.96 +BAoMBHBrZzUxDDAKBgNVBAMMA3RhNTESMBAGCSqGSIb3DQEJARYDdGE1MB4XDTE2
   50.97 +MDEyMjAxNTc1OVoXDTE4MTAxODAxNTc1OVowcTELMAkGA1UEBhMCVVMxEzARBgNV
   50.98  BAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARw
   50.99 -a2c1MRAwDgYDVQQDDAdjaDFfdGE1MRYwFAYJKoZIhvcNAQkBFgdjaDFfdGE1MIGf
  50.100 -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGZ3aTI4KfL3AnT2Sew4BN4527+eou
  50.101 -8QLh4ahb9tzJe+++WkERvcRR4dh0ahaJg/c6/QvMm+aW2BPj73hll/+BkJfod/3t
  50.102 -nFYux6Ts9yz8oPbeq+zW55415rfcZRvI5FqindhbufomjI0AZsQFKJyoPLGBx3UK
  50.103 -Ue1PSdeWtYs0+QIDAQABo4IBHjCCARowHQYDVR0OBBYEFI4ps5bBZ/4081WZaMTa
  50.104 -KsAkihnGMIGbBgNVHSMEgZMwgZCAFCnasUbjYVGsPD72eFuVe22y+RchoW2kazBp
  50.105 -MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2Fu
  50.106 -dGEgQ2xhcmExDTALBgNVBAoMBHBrZzUxDDAKBgNVBAMMA3RhNTESMBAGCSqGSIb3
  50.107 -DQEJARYDdGE1ggkAp4/wXmtkwkYwDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAx
  50.108 -MC+gLaArhilodHRwOi8vbG9jYWxob3N0OjEyMDAxL2ZpbGUvMC90YTVfY3JsLnBl
  50.109 -bTAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAnTIn105Oi+Sf0A0R
  50.110 -8+W+X39+z++YQTO6BLrZehGIuBNmdEQc+x7z+tQYhc3t8PjCvqt1z2XaGncBDqpJ
  50.111 -6q+n2zmE8gEdKOffIqlZWiH5+TCEZFJQAZuyv8qKtIs2luMa6lFTNoK6iI8VjOZ5
  50.112 -Wapxm0xYomjwQzYVr2mvMu1JyJw=
  50.113 +a2c1MRAwDgYDVQQDDAdjaDFfdGE1MRYwFAYJKoZIhvcNAQkBFgdjaDFfdGE1MIIB
  50.114 +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDDvsHdORFjKcqzqN16NTqGJ
  50.115 +e7H/7trh+zo8t0Q3r3nJriHG0m0naKiss3dPmrlRr/lHv0ls9iH5uXgutKUp25YG
  50.116 +aizGJW7p61kBwcY07x1hj19V2PxCrBJfjLFR2vaCekn0KnIVsBosfuVKM2TKraJ7
  50.117 +N6p+mqvO5hjek1hHM77nSNrFlar8/4O5AHQ53SG401s94yjvEVllm5ZZpf4Iq46A
  50.118 +ujIJOByhsZnbPpAO5s1R1E91mGfDQnF2CrTh+0TAijXZotN74AxNS2cG7lwGcoEl
  50.119 +vbFc2xlV45rurlhGYFyi3/WJCUg/zX+bIA6E74xa6l6ZWUuRrxhdCgjDDDiHbwID
  50.120 +AQABo4IBHjCCARowHQYDVR0OBBYEFKuFMT9eqr3AWayiBKrXKegZrvv0MIGbBgNV
  50.121 +HSMEgZMwgZCAFNxmFe6r9lO3Y+Wwy7jw1GG1J5Q/oW2kazBpMQswCQYDVQQGEwJV
  50.122 +UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
  50.123 +BgNVBAoMBHBrZzUxDDAKBgNVBAMMA3RhNTESMBAGCSqGSIb3DQEJARYDdGE1ggkA
  50.124 +qd0UMtUZeuowDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAxMC+gLaArhilodHRw
  50.125 +Oi8vbG9jYWxob3N0OjEyMDAxL2ZpbGUvMC90YTVfY3JsLnBlbTAOBgNVHQ8BAf8E
  50.126 +BAMCAQYwDQYJKoZIhvcNAQELBQADggEBABO8W7CvHBeIjU8r7hw7sv0vucMY1ggd
  50.127 +P0YxVsqX7NaWGLTwnprGyVK8s+nybCepKVQz+hVZFrfoDNdKqTQCGXJDVsCt0rTA
  50.128 +Yb4i5eXPaIpcULHuXTg9g2UnWKYQ7kYXVJSF2l7aHKQMWjF4Rwc3wcf6SYSEXqXj
  50.129 +Z4NmVbGbBsJPdYMZSh+GMxQIEJD6al2o0GmMi5s2moAuvPjsjxIidXi56/8CkNN3
  50.130 +MhareMhiRiJ4xsEiMI6gengdnxT+vznz0tNPZTJdJowCwZ1VlN3s4birCgj/f5+6
  50.131 +VYgjctV5HeewVJymv/p/c7wZrLM4q9AAM8LdyzBpmEvVW6b4zQAZnN0=
  50.132  -----END CERTIFICATE-----
    51.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch2_ta1_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    51.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch2_ta1_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    51.3 @@ -5,28 +5,37 @@
    51.4      Signature Algorithm: sha256WithRSAEncryption
    51.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch1_ta1/emailAddress=ch1_ta1
    51.6          Validity
    51.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    51.8 -            Not After : Sep  8 00:13:34 2016 GMT
    51.9 +            Not Before: Jan 22 01:57:53 2016 GMT
   51.10 +            Not After : Oct 18 01:57:53 2018 GMT
   51.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch2_ta1/emailAddress=ch2_ta1
   51.12          Subject Public Key Info:
   51.13              Public Key Algorithm: rsaEncryption
   51.14 -                Public-Key: (1024 bit)
   51.15 +                Public-Key: (2048 bit)
   51.16                  Modulus:
   51.17 -                    00:be:c1:86:30:d2:a3:02:f4:00:33:fc:54:f3:6f:
   51.18 -                    d7:27:99:7b:57:e2:f1:93:f8:58:1c:eb:9a:cc:6b:
   51.19 -                    23:9b:b8:a9:11:27:50:9b:d7:a7:c2:fe:8b:ee:54:
   51.20 -                    d0:5d:e2:24:04:47:1c:cc:54:b5:89:bb:a6:26:de:
   51.21 -                    b9:3b:73:19:67:5e:9a:88:12:de:87:de:0e:26:c9:
   51.22 -                    0c:44:13:65:23:cd:7f:34:d6:bb:45:20:87:7e:ba:
   51.23 -                    48:d5:2f:3f:fc:d6:8d:d7:b7:b2:9f:42:ef:76:9a:
   51.24 -                    cf:c3:01:ae:b9:8f:00:33:ea:28:15:ca:30:da:8f:
   51.25 -                    25:76:a4:55:2a:2c:7a:b8:eb
   51.26 +                    00:ac:2b:63:c0:6d:3e:96:73:cf:d9:f6:76:40:27:
   51.27 +                    72:6b:c9:d4:10:27:d9:b1:b5:7b:f1:98:aa:d3:39:
   51.28 +                    78:eb:98:40:95:81:6c:0b:d8:b7:ea:14:76:4b:36:
   51.29 +                    f9:d6:c2:d2:2a:d7:01:2b:f6:1a:77:6f:dd:b8:01:
   51.30 +                    0b:f5:89:cd:3b:94:5a:76:43:94:79:b5:62:a0:f7:
   51.31 +                    b1:4e:3e:8a:9a:41:38:cf:ff:b4:e2:b8:97:ae:1f:
   51.32 +                    55:5a:2c:bf:4b:c0:ba:25:66:4f:d3:c1:06:62:f8:
   51.33 +                    b9:3f:a8:52:c0:55:a8:cc:8a:7e:ee:4a:1a:70:60:
   51.34 +                    20:ee:66:88:9d:af:c9:58:13:bd:1b:59:cc:23:b4:
   51.35 +                    94:56:88:ef:02:e1:da:45:28:7e:ba:6b:90:65:1b:
   51.36 +                    b8:79:e8:6f:2e:92:5b:7f:e1:d2:f3:f0:26:64:64:
   51.37 +                    b6:01:3f:78:73:6f:52:b3:26:e2:c9:be:0a:b8:13:
   51.38 +                    72:e5:05:cc:bb:b8:68:93:2d:63:0b:f8:66:44:68:
   51.39 +                    98:60:eb:a4:36:52:11:0d:eb:db:cf:a5:2d:dc:1d:
   51.40 +                    ab:ff:cc:99:fc:1d:e8:82:3a:d6:a5:55:37:a3:96:
   51.41 +                    12:e4:44:a3:bd:ec:4a:48:11:f6:95:17:31:1f:fc:
   51.42 +                    00:ac:32:33:86:97:7e:8c:2f:09:8e:9e:08:22:56:
   51.43 +                    9a:3d
   51.44                  Exponent: 65537 (0x10001)
   51.45          X509v3 extensions:
   51.46              X509v3 Subject Key Identifier: 
   51.47 -                12:30:0A:74:FD:DE:71:CF:4A:77:1E:1E:57:5E:F8:76:71:D7:5B:9E
   51.48 +                36:30:72:96:D2:F9:D4:7A:AE:CF:C2:4B:3F:EE:52:AA:DF:9B:F3:12
   51.49              X509v3 Authority Key Identifier: 
   51.50 -                keyid:36:46:2D:8A:1B:8B:CE:C1:1D:02:37:B9:EC:A5:FF:BA:73:AE:E5:48
   51.51 +                keyid:2E:B3:14:E2:95:4C:93:07:05:A4:87:64:EA:C4:57:2D:52:3B:8C:F9
   51.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ta1/emailAddress=ta1
   51.53                  serial:01
   51.54  
   51.55 @@ -35,31 +44,43 @@
   51.56              X509v3 Key Usage: critical
   51.57                  Certificate Sign, CRL Sign
   51.58      Signature Algorithm: sha256WithRSAEncryption
   51.59 -         8e:a5:2a:c9:3f:e0:1f:a9:8c:a3:45:b8:0d:0e:35:43:c3:d6:
   51.60 -         fe:f6:bc:0d:76:f0:26:d6:ab:e7:39:30:92:6f:cc:8e:0e:5f:
   51.61 -         b0:92:29:41:39:41:14:2a:43:b1:bb:e5:d4:8c:b3:6e:b7:7b:
   51.62 -         89:ab:3d:a4:e1:98:45:40:b9:1e:86:7b:b6:3f:55:e3:46:ab:
   51.63 -         ed:41:45:6a:cc:af:a4:63:54:c8:ab:27:3f:59:67:8a:f5:60:
   51.64 -         1b:63:b7:bb:27:94:00:8f:ee:f9:31:53:59:98:85:76:77:db:
   51.65 -         dd:39:6f:1a:61:fe:0d:68:88:20:a8:d5:2b:c7:6a:08:5b:f1:
   51.66 -         ac:9a
   51.67 +         66:4a:2f:69:a3:d8:4f:31:e6:3b:89:bd:3e:9e:5a:b9:e7:f1:
   51.68 +         a8:ba:dd:ef:e3:f5:73:b8:50:05:aa:65:50:01:db:14:47:d2:
   51.69 +         03:f8:83:a0:ae:79:53:00:89:da:46:00:c7:31:b7:54:6d:17:
   51.70 +         98:01:60:34:12:c0:df:1b:fb:c2:8e:74:34:74:76:1a:48:cf:
   51.71 +         01:8f:45:ea:91:bb:39:73:9d:cb:3f:21:46:60:00:e8:5c:08:
   51.72 +         cf:16:40:00:4b:b3:37:54:92:38:6f:bf:77:eb:78:71:3f:5f:
   51.73 +         85:81:12:57:77:17:69:fc:5a:0e:ea:ca:50:29:0b:e2:b5:de:
   51.74 +         20:bd:9c:bd:24:e4:c8:13:d4:04:de:f2:91:c5:ce:3a:7a:26:
   51.75 +         a0:70:e0:d7:1b:60:43:61:c2:51:76:5a:4a:c4:9f:31:71:68:
   51.76 +         55:9f:95:61:7b:bd:e2:bf:1f:b0:bb:4a:e7:01:48:10:3e:ea:
   51.77 +         33:a5:75:0a:d6:96:c2:3b:fc:77:64:e4:79:fd:29:4d:00:24:
   51.78 +         bb:57:41:ec:7f:69:e5:f5:92:ff:2c:1d:7a:43:06:04:7a:60:
   51.79 +         e0:c0:65:f6:d5:cd:21:8d:3a:38:55:da:7f:5b:04:f2:5c:ab:
   51.80 +         68:ba:9d:83:ef:71:21:6f:3b:60:e2:d4:50:40:0b:81:9b:4e:
   51.81 +         1c:7b:c4:57
   51.82  -----BEGIN CERTIFICATE-----
   51.83 -MIIDNTCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   51.84 +MIIEOjCCAyKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   51.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   51.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoMV90YTExFjAUBgkqhkiG9w0BCQEWB2NoMV90
   51.87 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjBxMQswCQYDVQQGEwJV
   51.88 +YTEwHhcNMTYwMTIyMDE1NzUzWhcNMTgxMDE4MDE1NzUzWjBxMQswCQYDVQQGEwJV
   51.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   51.90  BgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoMl90YTExFjAUBgkqhkiG9w0BCQEWB2No
   51.91 -Ml90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7BhjDSowL0ADP8VPNv
   51.92 -1yeZe1fi8ZP4WBzrmsxrI5u4qREnUJvXp8L+i+5U0F3iJARHHMxUtYm7pibeuTtz
   51.93 -GWdemogS3ofeDibJDEQTZSPNfzTWu0Ugh366SNUvP/zWjde3sp9C73aaz8MBrrmP
   51.94 -ADPqKBXKMNqPJXakVSoserjrAgMBAAGjgdwwgdkwHQYDVR0OBBYEFBIwCnT93nHP
   51.95 -SnceHlde+HZx11ueMIGTBgNVHSMEgYswgYiAFDZGLYobi87BHQI3ueyl/7pzruVI
   51.96 -oW2kazBpMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UE
   51.97 -BwwLU2FudGEgQ2xhcmExDTALBgNVBAoMBHBrZzUxDDAKBgNVBAMMA3RhMTESMBAG
   51.98 -CSqGSIb3DQEJARYDdGExggEBMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/
   51.99 -BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAI6lKsk/4B+pjKNFuA0ONUPD1v72vA12
  51.100 -8CbWq+c5MJJvzI4OX7CSKUE5QRQqQ7G75dSMs263e4mrPaThmEVAuR6Ge7Y/VeNG
  51.101 -q+1BRWrMr6RjVMirJz9ZZ4r1YBtjt7snlACP7vkxU1mYhXZ32905bxph/g1oiCCo
  51.102 -1SvHaghb8aya
  51.103 +Ml90YTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsK2PAbT6Wc8/Z
  51.104 +9nZAJ3JrydQQJ9mxtXvxmKrTOXjrmECVgWwL2LfqFHZLNvnWwtIq1wEr9hp3b924
  51.105 +AQv1ic07lFp2Q5R5tWKg97FOPoqaQTjP/7TiuJeuH1VaLL9LwLolZk/TwQZi+Lk/
  51.106 +qFLAVajMin7uShpwYCDuZoidr8lYE70bWcwjtJRWiO8C4dpFKH66a5BlG7h56G8u
  51.107 +klt/4dLz8CZkZLYBP3hzb1KzJuLJvgq4E3LlBcy7uGiTLWML+GZEaJhg66Q2UhEN
  51.108 +69vPpS3cHav/zJn8HeiCOtalVTejlhLkRKO97EpIEfaVFzEf/ACsMjOGl36MLwmO
  51.109 +nggiVpo9AgMBAAGjgdwwgdkwHQYDVR0OBBYEFDYwcpbS+dR6rs/CSz/uUqrfm/MS
  51.110 +MIGTBgNVHSMEgYswgYiAFC6zFOKVTJMHBaSHZOrEVy1SO4z5oW2kazBpMQswCQYD
  51.111 +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xh
  51.112 +cmExDTALBgNVBAoMBHBrZzUxDDAKBgNVBAMMA3RhMTESMBAGCSqGSIb3DQEJARYD
  51.113 +dGExggEBMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
  51.114 +SIb3DQEBCwUAA4IBAQBmSi9po9hPMeY7ib0+nlq55/Gout3v4/VzuFAFqmVQAdsU
  51.115 +R9ID+IOgrnlTAInaRgDHMbdUbReYAWA0EsDfG/vCjnQ0dHYaSM8Bj0Xqkbs5c53L
  51.116 +PyFGYADoXAjPFkAAS7M3VJI4b79363hxP1+FgRJXdxdp/FoO6spQKQvitd4gvZy9
  51.117 +JOTIE9QE3vKRxc46eiagcODXG2BDYcJRdlpKxJ8xcWhVn5Vhe73ivx+wu0rnAUgQ
  51.118 +PuozpXUK1pbCO/x3ZOR5/SlNACS7V0Hsf2nl9ZL/LB16QwYEemDgwGX21c0hjTo4
  51.119 +Vdp/WwTyXKtoup2D73Ehbztg4tRQQAuBm04ce8RX
  51.120  -----END CERTIFICATE-----
    52.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch3_ta1_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    52.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch3_ta1_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    52.3 @@ -5,28 +5,37 @@
    52.4      Signature Algorithm: sha256WithRSAEncryption
    52.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch2_ta1/emailAddress=ch2_ta1
    52.6          Validity
    52.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    52.8 -            Not After : Sep  8 00:13:34 2016 GMT
    52.9 +            Not Before: Jan 22 01:57:54 2016 GMT
   52.10 +            Not After : Oct 18 01:57:54 2018 GMT
   52.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
   52.12          Subject Public Key Info:
   52.13              Public Key Algorithm: rsaEncryption
   52.14 -                Public-Key: (1024 bit)
   52.15 +                Public-Key: (2048 bit)
   52.16                  Modulus:
   52.17 -                    00:d3:5b:f1:93:8f:01:0f:c0:25:d9:07:f1:70:29:
   52.18 -                    1e:56:0b:ff:93:70:1d:45:02:ef:52:22:8a:04:c9:
   52.19 -                    08:85:33:db:77:c3:33:d9:5c:fe:30:2a:a8:ac:9d:
   52.20 -                    d8:97:dc:b4:69:51:5e:d1:c9:86:68:a7:e3:ab:35:
   52.21 -                    e2:8f:d0:36:1b:67:be:50:88:66:7c:4b:4f:d3:86:
   52.22 -                    78:92:d9:c5:62:c7:04:a3:d7:9e:8c:c3:ca:48:41:
   52.23 -                    52:3f:a1:82:dc:f2:bb:d2:9c:a9:58:25:3a:0b:73:
   52.24 -                    b6:41:ab:6a:c3:6a:70:ce:a1:20:0f:b6:db:e0:91:
   52.25 -                    0b:0a:1f:dc:02:f4:ed:32:0f
   52.26 +                    00:b6:d0:0d:56:d4:83:c8:22:08:fd:38:bd:e2:34:
   52.27 +                    1e:1a:4e:8a:ca:b8:97:9b:69:75:be:78:1b:45:ae:
   52.28 +                    aa:60:19:86:eb:4b:9a:9f:4b:76:4b:0e:20:e3:bf:
   52.29 +                    31:89:b0:36:9e:b2:7f:70:17:50:d5:f3:5a:84:ee:
   52.30 +                    57:3d:86:83:6e:34:47:bf:9a:3a:cb:a3:f1:e9:00:
   52.31 +                    5a:82:cd:b9:61:63:ac:fa:dd:1a:23:9e:79:a0:13:
   52.32 +                    1c:5b:9c:20:8f:a4:73:09:0b:6e:40:82:e1:13:98:
   52.33 +                    8c:71:27:8b:4b:f9:20:a2:14:17:69:3c:ef:ba:68:
   52.34 +                    8e:4d:61:b8:f4:fd:92:fc:5c:10:9c:12:5f:91:63:
   52.35 +                    ae:57:a4:31:a2:67:46:60:c8:d9:10:ba:86:33:6f:
   52.36 +                    99:a7:14:3a:42:5d:b2:77:f5:e5:52:9e:e9:f6:f5:
   52.37 +                    01:ea:63:b1:71:97:cd:83:18:5c:07:40:44:b3:43:
   52.38 +                    c7:af:f7:ad:d7:61:0f:7c:c7:60:5e:df:d4:06:f5:
   52.39 +                    1d:ee:c1:19:0e:4b:13:e3:51:b6:b7:cc:3f:35:8f:
   52.40 +                    6c:99:56:42:eb:86:8a:42:fa:4a:5c:60:06:75:a4:
   52.41 +                    b1:6b:ea:eb:0c:eb:21:5d:2d:0f:0c:a0:fd:3e:67:
   52.42 +                    42:b4:a1:da:57:3c:a6:50:a4:df:0a:8e:ca:fc:10:
   52.43 +                    2c:bd
   52.44                  Exponent: 65537 (0x10001)
   52.45          X509v3 extensions:
   52.46              X509v3 Subject Key Identifier: 
   52.47 -                8F:2A:82:4C:1E:39:97:C3:4A:6A:52:FC:D4:CB:E6:37:CE:12:91:59
   52.48 +                EE:A0:C0:54:B5:84:89:28:80:79:49:CE:D0:A9:C6:8B:B9:8E:85:20
   52.49              X509v3 Authority Key Identifier: 
   52.50 -                keyid:12:30:0A:74:FD:DE:71:CF:4A:77:1E:1E:57:5E:F8:76:71:D7:5B:9E
   52.51 +                keyid:36:30:72:96:D2:F9:D4:7A:AE:CF:C2:4B:3F:EE:52:AA:DF:9B:F3:12
   52.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch1_ta1/emailAddress=ch1_ta1
   52.53                  serial:02
   52.54  
   52.55 @@ -35,31 +44,43 @@
   52.56              X509v3 Key Usage: critical
   52.57                  Certificate Sign, CRL Sign
   52.58      Signature Algorithm: sha256WithRSAEncryption
   52.59 -         94:2a:c9:c9:21:b7:bd:3a:72:31:65:89:16:11:00:e1:46:38:
   52.60 -         16:b6:cd:d4:04:b3:18:71:3d:8d:4a:0a:ec:02:4e:ee:58:2c:
   52.61 -         7d:d2:0b:6f:c6:d2:be:a6:f9:1c:e7:c2:76:2a:09:87:d2:06:
   52.62 -         8e:0d:aa:66:70:e8:8f:ff:7d:1d:e4:4e:9b:58:71:f7:40:46:
   52.63 -         a8:79:9d:86:6c:bf:64:3b:76:66:6c:08:21:62:09:6d:7b:f4:
   52.64 -         5d:e2:8e:1c:e6:e3:56:71:de:b7:fe:92:07:f0:7e:13:e0:ad:
   52.65 -         62:b3:08:9f:06:7e:9b:f6:8b:76:96:df:86:30:0e:bb:ef:9b:
   52.66 -         b3:07
   52.67 +         a6:cf:99:19:6d:0e:6c:46:8b:9a:79:e7:12:d9:3b:13:6f:c9:
   52.68 +         98:05:09:5c:a4:14:42:de:2d:bf:cc:85:39:a7:ec:e3:fb:1c:
   52.69 +         73:76:0c:8f:ab:1a:e7:f3:4a:cb:44:8e:33:a0:3c:3d:6a:21:
   52.70 +         88:87:e2:52:d7:27:23:05:c9:f5:59:a8:b7:c3:e6:00:01:6c:
   52.71 +         85:98:cd:37:30:f9:f9:d7:6f:07:56:5d:f0:c6:a6:d7:aa:ec:
   52.72 +         a6:f4:40:97:aa:45:f3:3e:25:22:fa:fb:4a:04:42:3c:77:36:
   52.73 +         96:91:2d:49:8a:ba:07:cb:70:69:71:6d:4f:5e:9c:f0:1d:8f:
   52.74 +         ed:22:fd:5b:c6:c6:87:b0:e9:0c:20:51:17:09:a3:2f:fd:da:
   52.75 +         e9:84:5e:5e:d4:9a:39:b9:e4:75:e2:4f:8e:35:71:97:46:2d:
   52.76 +         3c:6e:30:dd:92:5a:86:29:b4:7a:27:aa:cf:1e:d2:31:6e:f7:
   52.77 +         d7:7f:f3:d6:17:e3:dd:4d:13:d3:d4:3e:d4:3a:ab:46:f7:68:
   52.78 +         e7:b9:9f:28:26:f2:ec:f4:f1:96:ea:09:d0:fe:ed:08:8c:52:
   52.79 +         98:ff:ad:47:0d:2f:c5:24:9b:58:17:5c:4e:a2:bb:11:29:84:
   52.80 +         03:91:d8:a6:31:a7:cf:b3:f7:3b:e0:f1:6e:4b:90:13:77:ba:
   52.81 +         7f:0b:cc:ea
   52.82  -----BEGIN CERTIFICATE-----
   52.83 -MIIDPTCCAqagAwIBAgIBAzANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   52.84 +MIIEQjCCAyqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   52.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   52.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoMl90YTExFjAUBgkqhkiG9w0BCQEWB2NoMl90
   52.87 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjBxMQswCQYDVQQGEwJV
   52.88 +YTEwHhcNMTYwMTIyMDE1NzU0WhcNMTgxMDE4MDE1NzU0WjBxMQswCQYDVQQGEwJV
   52.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   52.90  BgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoM190YTExFjAUBgkqhkiG9w0BCQEWB2No
   52.91 -M190YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANNb8ZOPAQ/AJdkH8XAp
   52.92 -HlYL/5NwHUUC71IiigTJCIUz23fDM9lc/jAqqKyd2JfctGlRXtHJhmin46s14o/Q
   52.93 -NhtnvlCIZnxLT9OGeJLZxWLHBKPXnozDykhBUj+hgtzyu9KcqVglOgtztkGrasNq
   52.94 -cM6hIA+22+CRCwof3AL07TIPAgMBAAGjgeQwgeEwHQYDVR0OBBYEFI8qgkweOZfD
   52.95 -SmpS/NTL5jfOEpFZMIGbBgNVHSMEgZMwgZCAFBIwCnT93nHPSnceHlde+HZx11ue
   52.96 -oXWkczBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UE
   52.97 -BwwLU2FudGEgQ2xhcmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoMV90YTEx
   52.98 -FjAUBgkqhkiG9w0BCQEWB2NoMV90YTGCAQIwEgYDVR0TAQH/BAgwBgEB/wIBAjAO
   52.99 -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAlCrJySG3vTpyMWWJFhEA
  52.100 -4UY4FrbN1ASzGHE9jUoK7AJO7lgsfdILb8bSvqb5HOfCdioJh9IGjg2qZnDoj/99
  52.101 -HeROm1hx90BGqHmdhmy/ZDt2ZmwIIWIJbXv0XeKOHObjVnHet/6SB/B+E+CtYrMI
  52.102 -nwZ+m/aLdpbfhjAOu++bswc=
  52.103 +M190YTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC20A1W1IPIIgj9
  52.104 +OL3iNB4aTorKuJebaXW+eBtFrqpgGYbrS5qfS3ZLDiDjvzGJsDaesn9wF1DV81qE
  52.105 +7lc9hoNuNEe/mjrLo/HpAFqCzblhY6z63RojnnmgExxbnCCPpHMJC25AguETmIxx
  52.106 +J4tL+SCiFBdpPO+6aI5NYbj0/ZL8XBCcEl+RY65XpDGiZ0ZgyNkQuoYzb5mnFDpC
  52.107 +XbJ39eVSnun29QHqY7Fxl82DGFwHQESzQ8ev963XYQ98x2Be39QG9R3uwRkOSxPj
  52.108 +Uba3zD81j2yZVkLrhopC+kpcYAZ1pLFr6usM6yFdLQ8MoP0+Z0K0odpXPKZQpN8K
  52.109 +jsr8ECy9AgMBAAGjgeQwgeEwHQYDVR0OBBYEFO6gwFS1hIkogHlJztCpxou5joUg
  52.110 +MIGbBgNVHSMEgZMwgZCAFDYwcpbS+dR6rs/CSz/uUqrfm/MSoXWkczBxMQswCQYD
  52.111 +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xh
  52.112 +cmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoMV90YTExFjAUBgkqhkiG9w0B
  52.113 +CQEWB2NoMV90YTGCAQIwEgYDVR0TAQH/BAgwBgEB/wIBAjAOBgNVHQ8BAf8EBAMC
  52.114 +AQYwDQYJKoZIhvcNAQELBQADggEBAKbPmRltDmxGi5p55xLZOxNvyZgFCVykFELe
  52.115 +Lb/MhTmn7OP7HHN2DI+rGufzSstEjjOgPD1qIYiH4lLXJyMFyfVZqLfD5gABbIWY
  52.116 +zTcw+fnXbwdWXfDGpteq7Kb0QJeqRfM+JSL6+0oEQjx3NpaRLUmKugfLcGlxbU9e
  52.117 +nPAdj+0i/VvGxoew6QwgURcJoy/92umEXl7Umjm55HXiT441cZdGLTxuMN2SWoYp
  52.118 +tHonqs8e0jFu99d/89YX491NE9PUPtQ6q0b3aOe5nygm8uz08ZbqCdD+7QiMUpj/
  52.119 +rUcNL8Ukm1gXXE6iuxEphAOR2KYxp8+z9zvg8W5LkBN3un8LzOo=
  52.120  -----END CERTIFICATE-----
    53.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch4.3_ta1_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    53.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch4.3_ta1_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    53.3 @@ -5,28 +5,37 @@
    53.4      Signature Algorithm: sha256WithRSAEncryption
    53.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
    53.6          Validity
    53.7 -            Not Before: Dec 13 00:13:35 2013 GMT
    53.8 -            Not After : Sep  8 00:13:35 2016 GMT
    53.9 +            Not Before: Jan 22 01:57:55 2016 GMT
   53.10 +            Not After : Oct 18 01:57:55 2018 GMT
   53.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4.3_ta1/emailAddress=ch4.3_ta1
   53.12          Subject Public Key Info:
   53.13              Public Key Algorithm: rsaEncryption
   53.14 -                Public-Key: (1024 bit)
   53.15 +                Public-Key: (2048 bit)
   53.16                  Modulus:
   53.17 -                    00:dd:ec:30:ee:2a:39:ec:cf:6d:c0:b9:04:f2:e0:
   53.18 -                    0f:04:7a:e9:ab:f0:27:28:d9:6b:70:e5:c4:9b:c6:
   53.19 -                    1b:bb:71:16:42:d5:47:80:60:2c:f6:26:90:9d:0b:
   53.20 -                    cc:1b:18:bf:54:98:c7:e8:ba:bf:a2:5d:60:c9:b3:
   53.21 -                    09:79:de:ee:02:d9:b9:70:22:c3:cd:60:04:5f:1e:
   53.22 -                    df:a3:8f:43:73:ea:68:5e:df:70:86:aa:67:75:5a:
   53.23 -                    59:ef:cd:0d:e4:f1:6d:ee:d3:bb:04:c7:52:e5:72:
   53.24 -                    53:2a:e2:f3:02:65:7f:53:46:c3:15:e4:cb:8d:1b:
   53.25 -                    cf:8f:1e:8d:6d:04:07:09:77
   53.26 +                    00:b1:69:ee:17:3e:0a:15:50:23:89:d7:d7:87:ee:
   53.27 +                    b7:6d:ec:73:ba:42:9f:ea:ba:f5:89:74:b7:be:8d:
   53.28 +                    4b:42:9b:7b:30:37:1a:62:fa:39:05:38:95:c2:72:
   53.29 +                    3f:99:ed:73:6f:f0:e9:4a:20:7b:6c:e8:bf:b3:7a:
   53.30 +                    78:95:50:3e:95:25:6d:fb:ac:90:7d:48:82:87:1f:
   53.31 +                    9f:37:7b:58:51:19:3e:1f:a7:14:42:04:84:12:06:
   53.32 +                    4e:29:c9:25:45:8c:fc:08:c9:c9:8a:16:0d:55:ec:
   53.33 +                    45:b5:80:6e:aa:82:a3:4d:fd:d1:cf:80:d3:b6:e6:
   53.34 +                    01:7a:17:3a:fa:51:90:de:05:02:44:ba:c5:c2:4d:
   53.35 +                    ba:d1:25:1a:7c:2e:ad:d1:84:c2:ce:0e:78:c2:8f:
   53.36 +                    d8:42:ce:52:b1:3e:7f:b1:e4:14:bc:95:7d:16:b9:
   53.37 +                    4a:a8:1d:b5:bd:15:b8:7e:89:5d:11:f9:b6:3a:c0:
   53.38 +                    f2:ec:01:6e:8a:79:a6:5c:ac:c1:bb:d8:1c:b3:c7:
   53.39 +                    2a:ed:4a:1d:83:9f:94:da:ac:f8:c7:29:ce:23:5b:
   53.40 +                    e5:17:62:ec:14:86:a2:a1:22:81:55:b7:22:ef:a2:
   53.41 +                    a7:e0:77:be:a9:c8:b0:e5:fe:87:93:fe:47:68:dc:
   53.42 +                    eb:bc:57:b0:b4:cb:5c:d8:97:0d:49:01:d6:71:fe:
   53.43 +                    7a:d7
   53.44                  Exponent: 65537 (0x10001)
   53.45          X509v3 extensions:
   53.46              X509v3 Subject Key Identifier: 
   53.47 -                16:06:DB:79:36:82:5D:96:BA:FD:0F:C3:3D:E2:64:BA:E6:03:E6:3A
   53.48 +                CA:50:20:B6:70:62:DE:6B:28:77:63:00:64:FE:D0:58:9E:50:16:24
   53.49              X509v3 Authority Key Identifier: 
   53.50 -                keyid:8F:2A:82:4C:1E:39:97:C3:4A:6A:52:FC:D4:CB:E6:37:CE:12:91:59
   53.51 +                keyid:EE:A0:C0:54:B5:84:89:28:80:79:49:CE:D0:A9:C6:8B:B9:8E:85:20
   53.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch2_ta1/emailAddress=ch2_ta1
   53.53                  serial:03
   53.54  
   53.55 @@ -35,31 +44,43 @@
   53.56              X509v3 Key Usage: critical
   53.57                  Certificate Sign, CRL Sign
   53.58      Signature Algorithm: sha256WithRSAEncryption
   53.59 -         26:70:cc:69:5b:26:cf:cc:1d:19:b6:61:20:59:22:d7:fa:a3:
   53.60 -         d9:fa:e2:e3:87:07:24:5a:41:5b:7e:21:4c:f5:32:d2:d8:fd:
   53.61 -         a5:17:b5:c4:0f:9a:d2:a6:dd:45:9f:13:2a:30:8a:75:5b:69:
   53.62 -         9b:dd:06:85:3e:19:06:7d:5d:0f:3f:15:64:76:41:e9:a8:30:
   53.63 -         bd:d7:26:66:07:60:da:e2:ec:80:44:6d:a5:8b:fd:9a:3a:0b:
   53.64 -         92:b9:6c:f8:72:cc:7e:24:78:a2:a3:f7:ef:47:7a:aa:8b:89:
   53.65 -         45:33:ff:01:bd:a0:d0:18:ea:a1:46:98:b5:7f:00:e1:00:8e:
   53.66 -         7e:68
   53.67 +         25:89:18:a4:a1:6c:3e:e3:f0:0f:a9:9c:3e:4e:15:a6:42:34:
   53.68 +         22:b6:27:35:b0:d1:88:96:c3:3e:05:4a:26:dc:3f:65:a1:09:
   53.69 +         64:b1:60:d8:af:2f:5c:4b:fe:d1:48:d5:b7:84:83:30:f8:e6:
   53.70 +         42:7f:d2:a0:e4:a7:77:5c:92:87:64:20:b7:48:df:0b:ef:de:
   53.71 +         eb:84:83:4b:5c:60:0e:89:85:1e:5e:9a:65:bc:c5:ac:96:85:
   53.72 +         83:17:85:dd:2f:0a:e8:f5:80:89:a6:4a:55:c6:1a:69:0f:1b:
   53.73 +         3f:25:da:42:31:91:92:87:c7:07:40:9f:20:5a:ac:c5:c5:5d:
   53.74 +         9c:fc:82:4b:2e:ea:8e:b3:fd:94:85:dd:0b:10:09:de:16:4d:
   53.75 +         47:af:59:86:ca:e8:84:c0:75:ac:2a:9c:9e:c7:16:c9:64:75:
   53.76 +         04:87:35:a9:89:b3:a8:92:01:c8:11:fd:79:27:69:16:52:bf:
   53.77 +         23:ff:2f:91:31:e6:b0:e8:66:54:fe:99:c4:7c:bd:d2:53:bf:
   53.78 +         22:14:e2:4e:15:f3:f1:c6:f7:2e:6d:07:95:09:69:66:01:d7:
   53.79 +         89:ce:f9:92:3c:25:fb:84:9a:16:fd:c0:b8:bf:65:6d:b2:34:
   53.80 +         a4:61:79:21:13:62:c6:72:97:aa:64:42:ab:8f:ce:83:84:2a:
   53.81 +         1e:b0:4f:bc
   53.82  -----BEGIN CERTIFICATE-----
   53.83 -MIIDQTCCAqqgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   53.84 +MIIERjCCAy6gAwIBAgIBDDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   53.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   53.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoM190YTExFjAUBgkqhkiG9w0BCQEWB2NoM190
   53.87 -YTEwHhcNMTMxMjEzMDAxMzM1WhcNMTYwOTA4MDAxMzM1WjB1MQswCQYDVQQGEwJV
   53.88 +YTEwHhcNMTYwMTIyMDE1NzU1WhcNMTgxMDE4MDE1NzU1WjB1MQswCQYDVQQGEwJV
   53.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   53.90  BgNVBAoMBHBrZzUxEjAQBgNVBAMMCWNoNC4zX3RhMTEYMBYGCSqGSIb3DQEJARYJ
   53.91 -Y2g0LjNfdGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDd7DDuKjnsz23A
   53.92 -uQTy4A8Eeumr8Cco2Wtw5cSbxhu7cRZC1UeAYCz2JpCdC8wbGL9UmMfour+iXWDJ
   53.93 -swl53u4C2blwIsPNYARfHt+jj0Nz6mhe33CGqmd1WlnvzQ3k8W3u07sEx1LlclMq
   53.94 -4vMCZX9TRsMV5MuNG8+PHo1tBAcJdwIDAQABo4HkMIHhMB0GA1UdDgQWBBQWBtt5
   53.95 -NoJdlrr9D8M94mS65gPmOjCBmwYDVR0jBIGTMIGQgBSPKoJMHjmXw0pqUvzUy+Y3
   53.96 -zhKRWaF1pHMwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDAS
   53.97 -BgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARwa2c1MRAwDgYDVQQDDAdjaDJf
   53.98 -dGExMRYwFAYJKoZIhvcNAQkBFgdjaDJfdGExggEDMBIGA1UdEwEB/wQIMAYBAf8C
   53.99 -AQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBACZwzGlbJs/MHRm2
  53.100 -YSBZItf6o9n64uOHByRaQVt+IUz1MtLY/aUXtcQPmtKm3UWfEyowinVbaZvdBoU+
  53.101 -GQZ9XQ8/FWR2QemoML3XJmYHYNri7IBEbaWL/Zo6C5K5bPhyzH4keKKj9+9HeqqL
  53.102 -iUUz/wG9oNAY6qFGmLV/AOEAjn5o
  53.103 +Y2g0LjNfdGExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWnuFz4K
  53.104 +FVAjidfXh+63bexzukKf6rr1iXS3vo1LQpt7MDcaYvo5BTiVwnI/me1zb/DpSiB7
  53.105 +bOi/s3p4lVA+lSVt+6yQfUiChx+fN3tYURk+H6cUQgSEEgZOKcklRYz8CMnJihYN
  53.106 +VexFtYBuqoKjTf3Rz4DTtuYBehc6+lGQ3gUCRLrFwk260SUafC6t0YTCzg54wo/Y
  53.107 +Qs5SsT5/seQUvJV9FrlKqB21vRW4foldEfm2OsDy7AFuinmmXKzBu9gcs8cq7Uod
  53.108 +g5+U2qz4xynOI1vlF2LsFIaioSKBVbci76Kn4He+qciw5f6Hk/5HaNzrvFewtMtc
  53.109 +2JcNSQHWcf561wIDAQABo4HkMIHhMB0GA1UdDgQWBBTKUCC2cGLeayh3YwBk/tBY
  53.110 +nlAWJDCBmwYDVR0jBIGTMIGQgBTuoMBUtYSJKIB5Sc7QqcaLuY6FIKF1pHMwcTEL
  53.111 +MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRh
  53.112 +IENsYXJhMQ0wCwYDVQQKDARwa2c1MRAwDgYDVQQDDAdjaDJfdGExMRYwFAYJKoZI
  53.113 +hvcNAQkBFgdjaDJfdGExggEDMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/
  53.114 +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAliRikoWw+4/APqZw+ThWmQjQitic1
  53.115 +sNGIlsM+BUom3D9loQlksWDYry9cS/7RSNW3hIMw+OZCf9Kg5Kd3XJKHZCC3SN8L
  53.116 +797rhINLXGAOiYUeXpplvMWsloWDF4XdLwro9YCJpkpVxhppDxs/JdpCMZGSh8cH
  53.117 +QJ8gWqzFxV2c/IJLLuqOs/2Uhd0LEAneFk1Hr1mGyuiEwHWsKpyexxbJZHUEhzWp
  53.118 +ibOokgHIEf15J2kWUr8j/y+RMeaw6GZU/pnEfL3SU78iFOJOFfPxxvcubQeVCWlm
  53.119 +AdeJzvmSPCX7hJoW/cC4v2VtsjSkYXkhE2LGcpeqZEKrj86DhCoesE+8
  53.120  -----END CERTIFICATE-----
    54.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch4_ta1_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    54.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch4_ta1_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    54.3 @@ -5,28 +5,37 @@
    54.4      Signature Algorithm: sha256WithRSAEncryption
    54.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
    54.6          Validity
    54.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    54.8 -            Not After : Sep  8 00:13:34 2016 GMT
    54.9 +            Not Before: Jan 22 01:57:54 2016 GMT
   54.10 +            Not After : Oct 18 01:57:54 2018 GMT
   54.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
   54.12          Subject Public Key Info:
   54.13              Public Key Algorithm: rsaEncryption
   54.14 -                Public-Key: (1024 bit)
   54.15 +                Public-Key: (2048 bit)
   54.16                  Modulus:
   54.17 -                    00:af:c3:8b:39:3e:21:56:8a:d6:97:1b:c7:aa:c7:
   54.18 -                    51:9e:e9:cf:15:1f:24:e6:91:92:81:b3:7d:30:eb:
   54.19 -                    ea:12:30:13:03:d0:b9:60:41:8b:eb:88:f4:1f:e5:
   54.20 -                    43:cf:b5:ae:47:7a:4d:46:6e:f8:16:42:67:db:20:
   54.21 -                    e4:0d:1f:96:4f:21:59:95:f6:70:33:32:45:81:18:
   54.22 -                    5e:a5:5b:fd:4a:e6:d7:97:cf:45:65:e7:74:79:5f:
   54.23 -                    a5:9f:e1:c7:a5:d0:5d:24:a7:32:18:68:13:57:4c:
   54.24 -                    cf:78:12:6f:9f:5c:e6:4d:be:89:24:4b:29:d8:02:
   54.25 -                    b2:f9:f9:13:cf:92:43:0f:e5
   54.26 +                    00:f0:be:9f:7c:fb:8e:9a:93:80:30:b8:43:a6:70:
   54.27 +                    13:a9:0b:fb:0c:f7:02:6d:4e:75:db:4a:19:9c:4a:
   54.28 +                    29:c3:e8:58:ba:7b:39:66:4e:d0:04:d6:e4:4c:73:
   54.29 +                    0b:9b:c1:e2:c5:fa:e7:4d:19:c6:e3:ec:ae:13:23:
   54.30 +                    54:ab:12:42:d0:fc:ef:10:5c:8b:2c:c7:00:b8:35:
   54.31 +                    ad:d8:f6:af:cc:9d:6f:19:1c:20:f9:14:f3:1e:69:
   54.32 +                    ce:85:c0:3d:2d:25:6d:79:01:1c:89:fb:2b:f6:2a:
   54.33 +                    c7:ea:89:3f:b8:6a:c5:20:60:79:cd:c5:3d:2f:d4:
   54.34 +                    57:54:63:04:69:fc:fa:0c:a6:23:ee:e4:6e:e3:e2:
   54.35 +                    60:ac:91:01:a2:64:a4:f5:44:8a:7c:90:f3:b7:69:
   54.36 +                    31:14:0e:53:f5:81:08:0b:50:0d:1c:43:f6:92:59:
   54.37 +                    a5:fa:3a:98:72:38:c7:5f:e1:4e:a8:54:64:a9:d4:
   54.38 +                    93:0e:e9:27:88:4a:b9:98:ba:aa:c8:31:0d:dc:fb:
   54.39 +                    70:0d:06:63:1b:d0:ee:61:2f:9b:cf:18:d5:74:bc:
   54.40 +                    53:63:b9:0d:0d:b9:f2:bc:6d:b2:c3:3d:0b:4c:84:
   54.41 +                    09:28:9e:80:94:74:58:b7:af:97:9b:55:ed:a5:c7:
   54.42 +                    c5:79:f9:df:a0:6d:ca:40:c0:a5:dc:09:c4:cd:ed:
   54.43 +                    39:1b
   54.44                  Exponent: 65537 (0x10001)
   54.45          X509v3 extensions:
   54.46              X509v3 Subject Key Identifier: 
   54.47 -                54:8A:14:10:0B:AF:89:DC:1E:65:8A:17:37:6A:AC:D2:2B:6C:27:5C
   54.48 +                44:81:49:A3:5B:7C:85:F2:A7:56:19:FF:64:98:AB:61:89:3E:E1:B7
   54.49              X509v3 Authority Key Identifier: 
   54.50 -                keyid:8F:2A:82:4C:1E:39:97:C3:4A:6A:52:FC:D4:CB:E6:37:CE:12:91:59
   54.51 +                keyid:EE:A0:C0:54:B5:84:89:28:80:79:49:CE:D0:A9:C6:8B:B9:8E:85:20
   54.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch2_ta1/emailAddress=ch2_ta1
   54.53                  serial:03
   54.54  
   54.55 @@ -35,31 +44,43 @@
   54.56              X509v3 Key Usage: critical
   54.57                  Certificate Sign, CRL Sign
   54.58      Signature Algorithm: sha256WithRSAEncryption
   54.59 -         6a:17:96:16:a6:3f:96:b7:8e:fb:e5:d7:14:f9:a8:8e:52:16:
   54.60 -         04:0d:58:4b:f7:c6:70:c4:3f:d3:2b:13:24:7b:47:2d:cf:89:
   54.61 -         59:bf:5c:6c:17:31:46:c4:17:e5:41:fe:5e:3f:ec:44:2e:92:
   54.62 -         94:eb:3b:c9:ff:d1:5e:c0:ad:d3:51:2b:12:11:87:b2:17:2f:
   54.63 -         40:5a:ac:76:f0:0f:ed:cd:ca:be:b6:b2:ef:bf:d4:79:04:e0:
   54.64 -         ed:88:33:96:b0:a4:27:41:a7:31:0b:c4:d9:6a:ad:7d:82:bb:
   54.65 -         63:15:2a:00:8e:60:af:ee:a6:8a:d3:65:6a:b8:f9:7e:0e:cd:
   54.66 -         bf:d5
   54.67 +         36:66:82:04:35:26:cc:ce:07:00:e7:19:db:4e:05:22:af:98:
   54.68 +         9f:8f:88:84:1b:75:57:3b:f7:0f:2a:da:ae:fe:36:e4:35:a9:
   54.69 +         ff:57:7a:3f:4a:ec:71:ba:c6:4a:b5:6a:c7:e3:46:27:52:5b:
   54.70 +         d0:dd:a3:c4:3a:78:8b:ac:21:5c:2a:68:71:ec:d8:cb:0f:f3:
   54.71 +         35:07:82:53:3c:01:1b:69:34:cb:2a:85:3b:da:f1:b7:11:fe:
   54.72 +         ec:12:3a:a2:c8:b1:80:fd:bd:40:b1:f2:b2:ed:1b:b3:83:87:
   54.73 +         60:12:21:b9:e1:3a:ff:4a:3c:d0:6e:b5:07:4c:a8:db:e8:f4:
   54.74 +         81:50:14:3c:4b:09:3a:fe:85:88:1a:72:d6:3c:2a:e2:67:c4:
   54.75 +         51:cb:21:7e:22:78:30:34:dc:e9:41:fe:15:f5:cc:fc:85:64:
   54.76 +         de:8f:89:c3:de:de:56:bb:a8:7f:4f:8c:98:27:e5:de:d0:4c:
   54.77 +         13:f5:56:d9:7b:18:d4:09:21:99:6e:cd:27:c2:0f:e2:45:58:
   54.78 +         a9:b1:b9:89:92:58:dd:94:a6:be:c5:3f:99:86:ca:15:74:00:
   54.79 +         63:85:3f:ce:2a:d6:6d:04:03:91:c8:1f:de:dd:cc:0b:49:c3:
   54.80 +         ea:76:e3:2f:87:4d:2e:75:86:ea:19:49:0f:a2:78:e5:7d:bb:
   54.81 +         ef:bf:1c:b2
   54.82  -----BEGIN CERTIFICATE-----
   54.83 -MIIDPTCCAqagAwIBAgIBBDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   54.84 +MIIEQjCCAyqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   54.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   54.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoM190YTExFjAUBgkqhkiG9w0BCQEWB2NoM190
   54.87 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjBxMQswCQYDVQQGEwJV
   54.88 +YTEwHhcNMTYwMTIyMDE1NzU0WhcNMTgxMDE4MDE1NzU0WjBxMQswCQYDVQQGEwJV
   54.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   54.90  BgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoNF90YTExFjAUBgkqhkiG9w0BCQEWB2No
   54.91 -NF90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/Dizk+IVaK1pcbx6rH
   54.92 -UZ7pzxUfJOaRkoGzfTDr6hIwEwPQuWBBi+uI9B/lQ8+1rkd6TUZu+BZCZ9sg5A0f
   54.93 -lk8hWZX2cDMyRYEYXqVb/Urm15fPRWXndHlfpZ/hx6XQXSSnMhhoE1dMz3gSb59c
   54.94 -5k2+iSRLKdgCsvn5E8+SQw/lAgMBAAGjgeQwgeEwHQYDVR0OBBYEFFSKFBALr4nc
   54.95 -HmWKFzdqrNIrbCdcMIGbBgNVHSMEgZMwgZCAFI8qgkweOZfDSmpS/NTL5jfOEpFZ
   54.96 -oXWkczBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UE
   54.97 -BwwLU2FudGEgQ2xhcmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoMl90YTEx
   54.98 -FjAUBgkqhkiG9w0BCQEWB2NoMl90YTGCAQMwEgYDVR0TAQH/BAgwBgEB/wIBATAO
   54.99 -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAaheWFqY/lreO++XXFPmo
  54.100 -jlIWBA1YS/fGcMQ/0ysTJHtHLc+JWb9cbBcxRsQX5UH+Xj/sRC6SlOs7yf/RXsCt
  54.101 -01ErEhGHshcvQFqsdvAP7c3Kvray77/UeQTg7YgzlrCkJ0GnMQvE2WqtfYK7YxUq
  54.102 -AI5gr+6mitNlarj5fg7Nv9U=
  54.103 +NF90YTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwvp98+46ak4Aw
  54.104 +uEOmcBOpC/sM9wJtTnXbShmcSinD6Fi6ezlmTtAE1uRMcwubweLF+udNGcbj7K4T
  54.105 +I1SrEkLQ/O8QXIssxwC4Na3Y9q/MnW8ZHCD5FPMeac6FwD0tJW15ARyJ+yv2Ksfq
  54.106 +iT+4asUgYHnNxT0v1FdUYwRp/PoMpiPu5G7j4mCskQGiZKT1RIp8kPO3aTEUDlP1
  54.107 +gQgLUA0cQ/aSWaX6OphyOMdf4U6oVGSp1JMO6SeISrmYuqrIMQ3c+3ANBmMb0O5h
  54.108 +L5vPGNV0vFNjuQ0NufK8bbLDPQtMhAkonoCUdFi3r5ebVe2lx8V5+d+gbcpAwKXc
  54.109 +CcTN7TkbAgMBAAGjgeQwgeEwHQYDVR0OBBYEFESBSaNbfIXyp1YZ/2SYq2GJPuG3
  54.110 +MIGbBgNVHSMEgZMwgZCAFO6gwFS1hIkogHlJztCpxou5joUgoXWkczBxMQswCQYD
  54.111 +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xh
  54.112 +cmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoMl90YTExFjAUBgkqhkiG9w0B
  54.113 +CQEWB2NoMl90YTGCAQMwEgYDVR0TAQH/BAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMC
  54.114 +AQYwDQYJKoZIhvcNAQELBQADggEBADZmggQ1JszOBwDnGdtOBSKvmJ+PiIQbdVc7
  54.115 +9w8q2q7+NuQ1qf9Xej9K7HG6xkq1asfjRidSW9Ddo8Q6eIusIVwqaHHs2MsP8zUH
  54.116 +glM8ARtpNMsqhTva8bcR/uwSOqLIsYD9vUCx8rLtG7ODh2ASIbnhOv9KPNButQdM
  54.117 +qNvo9IFQFDxLCTr+hYgactY8KuJnxFHLIX4ieDA03OlB/hX1zPyFZN6PicPe3la7
  54.118 +qH9PjJgn5d7QTBP1Vtl7GNQJIZluzSfCD+JFWKmxuYmSWN2Upr7FP5mGyhV0AGOF
  54.119 +P84q1m0EA5HIH97dzAtJw+p24y+HTS51huoZSQ+ieOV9u++/HLI=
  54.120  -----END CERTIFICATE-----
    55.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.1_ta1_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    55.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.1_ta1_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    55.3 @@ -5,22 +5,31 @@
    55.4      Signature Algorithm: sha256WithRSAEncryption
    55.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
    55.6          Validity
    55.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    55.8 -            Not After : Sep  8 00:13:34 2016 GMT
    55.9 +            Not Before: Jan 22 01:57:54 2016 GMT
   55.10 +            Not After : Oct 18 01:57:54 2018 GMT
   55.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch5.1_ta1/emailAddress=ch5.1_ta1
   55.12          Subject Public Key Info:
   55.13              Public Key Algorithm: rsaEncryption
   55.14 -                Public-Key: (1024 bit)
   55.15 +                Public-Key: (2048 bit)
   55.16                  Modulus:
   55.17 -                    00:9d:91:87:82:56:78:7f:64:32:62:7e:ee:6c:38:
   55.18 -                    f2:a2:f6:34:ba:a9:ec:bb:6e:0f:87:ab:46:a4:37:
   55.19 -                    ce:80:f1:b5:8b:9b:0a:4b:2a:b6:46:9b:f1:47:c0:
   55.20 -                    6b:85:7f:64:08:61:ac:53:d4:3b:ce:54:2a:6d:a4:
   55.21 -                    65:cd:a7:dc:a5:3a:33:bf:86:2b:f6:d0:fb:24:80:
   55.22 -                    56:8f:4f:d4:f9:96:71:f3:86:74:4b:47:38:da:18:
   55.23 -                    79:ae:d9:5b:9d:09:9e:f7:cb:b4:a7:85:33:85:20:
   55.24 -                    d3:2a:fc:72:c1:37:62:01:d6:b1:cb:4a:a0:09:c2:
   55.25 -                    72:ea:fd:b8:5d:03:68:33:7d
   55.26 +                    00:f8:99:82:00:c1:73:68:ee:ab:3e:93:5c:b8:fa:
   55.27 +                    1c:2d:94:58:4a:a7:ab:b7:0b:d5:6e:02:b5:2f:b0:
   55.28 +                    e1:6c:c7:6f:aa:63:2d:1a:30:a3:2f:88:6d:21:be:
   55.29 +                    e1:36:23:e4:22:19:99:3a:1d:2a:9e:ec:a6:2c:a2:
   55.30 +                    5c:a1:26:96:70:22:80:04:0a:6b:c6:3f:b2:8c:ce:
   55.31 +                    6a:32:e0:ae:4f:43:73:9a:db:0e:9e:b7:e5:92:a0:
   55.32 +                    06:ac:48:a0:c8:fe:16:27:96:14:27:64:38:8a:78:
   55.33 +                    a3:20:60:d4:9b:ed:47:14:b9:08:6b:7a:4f:ba:dc:
   55.34 +                    db:c9:1c:c9:92:df:0a:37:01:7e:8e:1f:30:b0:fb:
   55.35 +                    35:32:41:2d:65:c9:3f:65:b1:20:e7:e4:8a:1d:e1:
   55.36 +                    10:b5:e8:57:14:59:bd:b8:2d:2b:d6:e8:7f:3c:c3:
   55.37 +                    e2:7c:c6:f7:d3:08:d6:75:06:c7:56:32:fe:80:8e:
   55.38 +                    f6:fd:c5:25:ac:49:c7:ad:1b:eb:de:aa:67:50:92:
   55.39 +                    a3:2c:e5:09:81:07:44:b5:cf:9b:16:10:29:f8:98:
   55.40 +                    05:3e:49:fc:e6:58:1f:93:b1:dd:82:67:e5:6b:dd:
   55.41 +                    50:2f:0f:a1:ec:5a:34:83:b9:33:9d:65:37:c3:a7:
   55.42 +                    03:e1:2a:56:48:3d:0f:d5:06:88:60:e6:3e:cb:ef:
   55.43 +                    98:27
   55.44                  Exponent: 65537 (0x10001)
   55.45          X509v3 extensions:
   55.46              X509v3 Basic Constraints: critical
   55.47 @@ -29,27 +38,39 @@
   55.48                  <EMPTY>
   55.49  
   55.50      Signature Algorithm: sha256WithRSAEncryption
   55.51 -         11:3c:6b:22:14:f6:1a:18:8b:59:a4:8d:38:d6:6f:48:8a:01:
   55.52 -         e2:d3:9d:6a:26:40:61:d3:9b:ce:8a:ab:b9:25:c4:89:c4:f9:
   55.53 -         98:1e:6c:f5:1c:d7:f7:6a:c9:7b:48:ba:d7:e0:03:59:41:4d:
   55.54 -         29:28:7d:2d:61:c5:7f:7f:8c:2f:30:2b:c6:6e:16:31:7d:45:
   55.55 -         d2:2a:83:ea:fc:25:92:1f:cb:85:28:0a:f4:2c:a0:c4:c2:fc:
   55.56 -         52:43:53:d1:46:e7:fd:3c:0a:9b:11:45:0f:09:2e:c6:93:26:
   55.57 -         72:c9:20:28:7a:db:18:55:1b:15:70:1f:bc:0e:ab:18:c1:f8:
   55.58 -         64:03
   55.59 +         ed:1f:86:cd:a6:67:a8:48:fa:9a:c4:ad:a8:de:08:14:96:f5:
   55.60 +         16:44:e3:a1:b2:d5:06:6b:bb:0e:9d:f3:59:84:84:f1:a5:0d:
   55.61 +         f3:38:50:af:43:fe:91:c5:08:54:1d:2d:59:fd:1d:1b:bd:18:
   55.62 +         71:97:b3:d7:ba:21:f8:90:05:4d:9e:79:13:7a:12:40:0b:3d:
   55.63 +         97:00:ac:b1:fd:70:9b:e3:80:89:e6:8d:0f:07:56:15:e4:ed:
   55.64 +         99:9a:8b:85:27:a1:9c:c4:f9:19:8e:f1:d3:c3:76:0a:5d:51:
   55.65 +         a5:f9:2c:81:ef:76:c1:75:b9:50:96:2a:f0:65:9d:7e:aa:2f:
   55.66 +         16:30:8c:e6:82:83:67:cf:2d:53:89:f8:82:f1:c6:0d:a9:77:
   55.67 +         fe:3a:50:6b:34:1a:b4:f8:16:94:8b:59:4d:e1:d8:da:a9:5c:
   55.68 +         06:84:6b:23:0d:d0:d5:41:5d:02:ec:5a:c2:5a:a8:41:3e:fb:
   55.69 +         cf:42:76:c9:96:ed:c9:c6:16:50:5a:dc:ef:be:4c:a8:5b:f5:
   55.70 +         9f:fe:31:9c:c7:55:38:ac:a1:72:3b:4b:55:92:16:40:10:86:
   55.71 +         fe:40:99:ba:ee:b1:65:48:6f:34:75:bc:f0:af:c0:b6:be:81:
   55.72 +         8f:0f:41:7d:ba:b7:26:e7:9f:75:55:8b:94:95:b0:ef:23:fb:
   55.73 +         9b:5a:14:6b
   55.74  -----BEGIN CERTIFICATE-----
   55.75 -MIICfTCCAeagAwIBAgIBCDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   55.76 +MIIDgjCCAmqgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   55.77  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   55.78  BAoMBHBrZzUxEDAOBgNVBAMMB2NoNF90YTExFjAUBgkqhkiG9w0BCQEWB2NoNF90
   55.79 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjB1MQswCQYDVQQGEwJV
   55.80 +YTEwHhcNMTYwMTIyMDE1NzU0WhcNMTgxMDE4MDE1NzU0WjB1MQswCQYDVQQGEwJV
   55.81  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   55.82  BgNVBAoMBHBrZzUxEjAQBgNVBAMMCWNoNS4xX3RhMTEYMBYGCSqGSIb3DQEJARYJ
   55.83 -Y2g1LjFfdGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdkYeCVnh/ZDJi
   55.84 -fu5sOPKi9jS6qey7bg+Hq0akN86A8bWLmwpLKrZGm/FHwGuFf2QIYaxT1DvOVCpt
   55.85 -pGXNp9ylOjO/hiv20PskgFaPT9T5lnHzhnRLRzjaGHmu2VudCZ73y7SnhTOFINMq
   55.86 -/HLBN2IB1rHLSqAJwnLq/bhdA2gzfQIDAQABoyEwHzAPBgNVHRMBAf8EBTADAQH/
   55.87 -MAwGA1UdEgEB/wQCMAAwDQYJKoZIhvcNAQELBQADgYEAETxrIhT2GhiLWaSNONZv
   55.88 -SIoB4tOdaiZAYdObzoqruSXEicT5mB5s9RzX92rJe0i61+ADWUFNKSh9LWHFf3+M
   55.89 -LzArxm4WMX1F0iqD6vwlkh/LhSgK9CygxML8UkNT0Ubn/TwKmxFFDwkuxpMmcskg
   55.90 -KHrbGFUbFXAfvA6rGMH4ZAM=
   55.91 +Y2g1LjFfdGExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+JmCAMFz
   55.92 +aO6rPpNcuPocLZRYSqertwvVbgK1L7DhbMdvqmMtGjCjL4htIb7hNiPkIhmZOh0q
   55.93 +nuymLKJcoSaWcCKABAprxj+yjM5qMuCuT0NzmtsOnrflkqAGrEigyP4WJ5YUJ2Q4
   55.94 +inijIGDUm+1HFLkIa3pPutzbyRzJkt8KNwF+jh8wsPs1MkEtZck/ZbEg5+SKHeEQ
   55.95 +tehXFFm9uC0r1uh/PMPifMb30wjWdQbHVjL+gI72/cUlrEnHrRvr3qpnUJKjLOUJ
   55.96 +gQdEtc+bFhAp+JgFPkn85lgfk7Hdgmfla91QLw+h7Fo0g7kznWU3w6cD4SpWSD0P
   55.97 +1QaIYOY+y++YJwIDAQABoyEwHzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdEgEB/wQC
   55.98 +MAAwDQYJKoZIhvcNAQELBQADggEBAO0fhs2mZ6hI+prErajeCBSW9RZE46Gy1QZr
   55.99 +uw6d81mEhPGlDfM4UK9D/pHFCFQdLVn9HRu9GHGXs9e6IfiQBU2eeRN6EkALPZcA
  55.100 +rLH9cJvjgInmjQ8HVhXk7Zmai4UnoZzE+RmO8dPDdgpdUaX5LIHvdsF1uVCWKvBl
  55.101 +nX6qLxYwjOaCg2fPLVOJ+ILxxg2pd/46UGs0GrT4FpSLWU3h2NqpXAaEayMN0NVB
  55.102 +XQLsWsJaqEE++89CdsmW7cnGFlBa3O++TKhb9Z/+MZzHVTisoXI7S1WSFkAQhv5A
  55.103 +mbrusWVIbzR1vPCvwLa+gY8PQX26tybnn3VVi5SVsO8j+5taFGs=
  55.104  -----END CERTIFICATE-----
    56.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.2_ta1_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    56.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.2_ta1_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    56.3 @@ -5,28 +5,37 @@
    56.4      Signature Algorithm: sha256WithRSAEncryption
    56.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
    56.6          Validity
    56.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    56.8 -            Not After : Sep  8 00:13:34 2016 GMT
    56.9 +            Not Before: Jan 22 01:57:55 2016 GMT
   56.10 +            Not After : Oct 18 01:57:55 2018 GMT
   56.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch5.2_ta1/emailAddress=ch5.2_ta1
   56.12          Subject Public Key Info:
   56.13              Public Key Algorithm: rsaEncryption
   56.14 -                Public-Key: (1024 bit)
   56.15 +                Public-Key: (2048 bit)
   56.16                  Modulus:
   56.17 -                    00:a0:b5:e8:50:6e:0b:2e:be:8a:39:95:a1:f3:8f:
   56.18 -                    03:1c:da:d3:74:5c:9d:ed:34:54:5e:3f:ac:e2:91:
   56.19 -                    40:50:5e:d7:e3:bc:b1:8e:a6:62:d1:0b:33:e2:59:
   56.20 -                    d7:67:f1:b7:af:f9:61:37:b1:24:aa:6f:67:e0:4f:
   56.21 -                    ef:5d:a2:72:42:70:41:1e:32:e5:1a:94:4f:de:60:
   56.22 -                    6c:e7:e1:96:99:82:d0:35:f2:40:03:de:92:10:f3:
   56.23 -                    4f:91:e8:78:24:a1:ef:92:da:7b:49:4b:57:03:80:
   56.24 -                    57:d8:fc:41:60:8a:f0:e6:55:fe:67:55:5e:68:bf:
   56.25 -                    fe:fd:23:2b:ab:94:cb:12:c3
   56.26 +                    00:9e:9d:c2:a0:df:34:68:63:c6:f3:28:8b:68:8d:
   56.27 +                    0e:9c:04:a3:31:bf:95:37:9b:00:49:81:7f:35:8d:
   56.28 +                    a3:7d:4a:6c:0f:35:14:1d:2a:f9:99:eb:8b:84:6e:
   56.29 +                    65:5d:b9:d9:66:c6:11:57:bf:83:49:04:f1:35:d3:
   56.30 +                    75:22:30:bc:22:b1:a7:91:af:25:b9:f3:5e:6f:7b:
   56.31 +                    74:c2:25:f4:a7:1a:a6:c2:88:3c:db:31:fd:42:79:
   56.32 +                    53:87:10:d4:ad:bf:a7:23:55:4d:b6:9f:9c:e5:31:
   56.33 +                    0f:72:d6:fc:0e:b8:2c:46:7a:4f:cf:de:61:3e:39:
   56.34 +                    0e:fc:0e:fd:a4:08:05:e8:aa:c8:7c:a5:33:a9:c9:
   56.35 +                    9e:ae:35:51:10:85:06:cc:c1:ae:41:d3:0f:c9:2f:
   56.36 +                    8f:01:0a:6d:a2:06:bb:7c:40:96:ff:a4:cb:3f:5e:
   56.37 +                    11:2f:aa:2b:59:f9:8d:d0:ff:b4:0f:3f:a5:58:f5:
   56.38 +                    cf:a9:20:aa:e6:fe:f4:6b:5d:09:24:9f:26:00:18:
   56.39 +                    a5:f2:9c:e8:79:de:4d:f9:fb:d1:e5:89:6b:d8:de:
   56.40 +                    27:de:f8:0b:28:6f:b3:d1:2e:01:9e:e1:ba:00:0f:
   56.41 +                    21:b2:43:b1:96:b0:46:d9:a3:14:08:a1:6d:1c:e7:
   56.42 +                    a0:9e:84:74:45:91:a8:d9:24:14:f7:a9:3f:8f:95:
   56.43 +                    cb:35
   56.44                  Exponent: 65537 (0x10001)
   56.45          X509v3 extensions:
   56.46              X509v3 Subject Key Identifier: 
   56.47 -                A4:07:01:64:2E:FC:65:F5:BC:44:82:AB:87:E5:17:5F:91:F5:8A:DD
   56.48 +                29:4E:31:FF:45:35:28:B4:BE:69:AE:55:E5:CE:F3:89:B2:BF:DA:2F
   56.49              X509v3 Authority Key Identifier: 
   56.50 -                keyid:54:8A:14:10:0B:AF:89:DC:1E:65:8A:17:37:6A:AC:D2:2B:6C:27:5C
   56.51 +                keyid:44:81:49:A3:5B:7C:85:F2:A7:56:19:FF:64:98:AB:61:89:3E:E1:B7
   56.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
   56.53                  serial:04
   56.54  
   56.55 @@ -35,31 +44,43 @@
   56.56              X509v3 Key Usage: critical
   56.57                  Certificate Sign, CRL Sign
   56.58      Signature Algorithm: sha256WithRSAEncryption
   56.59 -         04:21:55:e4:d4:f9:07:b1:55:dd:d3:6c:5e:17:f5:84:36:49:
   56.60 -         08:3f:96:1b:79:f6:1f:c8:aa:0a:e2:64:bd:90:e1:00:89:23:
   56.61 -         94:1c:d9:c8:7d:a6:5e:48:4f:e4:6a:9d:c1:2a:b9:6c:6b:ed:
   56.62 -         24:14:54:9f:87:bf:a1:d3:fd:73:39:eb:c4:88:85:7e:f5:35:
   56.63 -         91:3d:85:ad:9e:c5:1f:fc:f6:06:71:ce:3f:dc:12:e8:6c:a6:
   56.64 -         61:07:b8:d0:78:03:de:e6:be:e9:67:59:2f:70:24:c3:54:4e:
   56.65 -         b3:5c:6e:54:8e:04:c3:b6:f1:83:1b:8d:7f:e8:b7:5b:3d:b2:
   56.66 -         26:fe
   56.67 +         1b:01:5a:d2:0c:c2:a9:cf:84:c1:9e:42:98:bb:fc:3f:b7:b3:
   56.68 +         33:c9:c1:4b:1b:5c:02:86:4b:d9:37:0e:1b:26:10:68:84:68:
   56.69 +         ed:54:94:69:5d:b8:01:5d:f7:1f:d8:57:ec:e1:f3:b4:7e:81:
   56.70 +         ae:71:f0:79:8a:52:60:81:55:77:c8:a7:20:1a:48:bb:cb:b4:
   56.71 +         cb:26:a9:0b:1a:45:62:0c:b5:d2:0d:ec:75:8c:50:3d:2d:25:
   56.72 +         6c:96:a6:6e:b0:f3:8b:27:7c:ed:ac:44:6e:5b:ef:01:49:6d:
   56.73 +         b4:7a:30:26:cf:73:2a:79:91:60:1a:5e:a1:ba:50:e3:cc:93:
   56.74 +         68:53:6f:8e:fe:d0:48:4a:41:db:6a:15:cc:59:dc:a5:a7:79:
   56.75 +         fc:e5:f9:d1:0e:2b:f4:45:6b:2b:56:e7:69:2a:b2:a1:e2:16:
   56.76 +         79:74:45:7c:ab:3a:49:40:52:1b:5b:ef:29:f9:1f:48:16:31:
   56.77 +         61:aa:17:a2:6f:36:a4:49:d8:d6:c5:ff:4a:33:2e:be:cd:3e:
   56.78 +         9a:38:c6:12:42:9c:1f:08:53:7a:c2:61:88:43:86:17:95:8c:
   56.79 +         f2:4f:dd:b4:b3:66:fa:ef:ac:51:a4:70:f6:4c:a4:6d:70:6f:
   56.80 +         dc:5a:a5:c7:da:94:4f:d6:71:2a:5b:fe:0f:f2:25:72:3d:e4:
   56.81 +         62:c5:3d:87
   56.82  -----BEGIN CERTIFICATE-----
   56.83 -MIIDQTCCAqqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   56.84 +MIIERjCCAy6gAwIBAgIBCjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   56.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   56.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoNF90YTExFjAUBgkqhkiG9w0BCQEWB2NoNF90
   56.87 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjB1MQswCQYDVQQGEwJV
   56.88 +YTEwHhcNMTYwMTIyMDE1NzU1WhcNMTgxMDE4MDE1NzU1WjB1MQswCQYDVQQGEwJV
   56.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   56.90  BgNVBAoMBHBrZzUxEjAQBgNVBAMMCWNoNS4yX3RhMTEYMBYGCSqGSIb3DQEJARYJ
   56.91 -Y2g1LjJfdGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgtehQbgsuvoo5
   56.92 -laHzjwMc2tN0XJ3tNFReP6zikUBQXtfjvLGOpmLRCzPiWddn8bev+WE3sSSqb2fg
   56.93 -T+9donJCcEEeMuUalE/eYGzn4ZaZgtA18kAD3pIQ80+R6Hgkoe+S2ntJS1cDgFfY
   56.94 -/EFgivDmVf5nVV5ov/79IyurlMsSwwIDAQABo4HkMIHhMB0GA1UdDgQWBBSkBwFk
   56.95 -Lvxl9bxEgquH5RdfkfWK3TCBmwYDVR0jBIGTMIGQgBRUihQQC6+J3B5lihc3aqzS
   56.96 -K2wnXKF1pHMwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDAS
   56.97 -BgNVBAcMC1NhbnRhIENsYXJhMQ0wCwYDVQQKDARwa2c1MRAwDgYDVQQDDAdjaDNf
   56.98 -dGExMRYwFAYJKoZIhvcNAQkBFgdjaDNfdGExggEEMBIGA1UdEwEB/wQIMAYBAf8C
   56.99 -AQEwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAAQhVeTU+QexVd3T
  56.100 -bF4X9YQ2SQg/lht59h/IqgriZL2Q4QCJI5Qc2ch9pl5IT+RqncEquWxr7SQUVJ+H
  56.101 -v6HT/XM568SIhX71NZE9ha2exR/89gZxzj/cEuhspmEHuNB4A97mvulnWS9wJMNU
  56.102 -TrNcblSOBMO28YMbjX/ot1s9sib+
  56.103 +Y2g1LjJfdGExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnp3CoN80
  56.104 +aGPG8yiLaI0OnASjMb+VN5sASYF/NY2jfUpsDzUUHSr5meuLhG5lXbnZZsYRV7+D
  56.105 +SQTxNdN1IjC8IrGnka8lufNeb3t0wiX0pxqmwog82zH9QnlThxDUrb+nI1VNtp+c
  56.106 +5TEPctb8DrgsRnpPz95hPjkO/A79pAgF6KrIfKUzqcmerjVREIUGzMGuQdMPyS+P
  56.107 +AQptoga7fECW/6TLP14RL6orWfmN0P+0Dz+lWPXPqSCq5v70a10JJJ8mABil8pzo
  56.108 +ed5N+fvR5Ylr2N4n3vgLKG+z0S4BnuG6AA8hskOxlrBG2aMUCKFtHOegnoR0RZGo
  56.109 +2SQU96k/j5XLNQIDAQABo4HkMIHhMB0GA1UdDgQWBBQpTjH/RTUotL5prlXlzvOJ
  56.110 +sr/aLzCBmwYDVR0jBIGTMIGQgBREgUmjW3yF8qdWGf9kmKthiT7ht6F1pHMwcTEL
  56.111 +MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRh
  56.112 +IENsYXJhMQ0wCwYDVQQKDARwa2c1MRAwDgYDVQQDDAdjaDNfdGExMRYwFAYJKoZI
  56.113 +hvcNAQkBFgdjaDNfdGExggEEMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
  56.114 +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAbAVrSDMKpz4TBnkKYu/w/t7MzycFL
  56.115 +G1wChkvZNw4bJhBohGjtVJRpXbgBXfcf2Ffs4fO0foGucfB5ilJggVV3yKcgGki7
  56.116 +y7TLJqkLGkViDLXSDex1jFA9LSVslqZusPOLJ3ztrERuW+8BSW20ejAmz3MqeZFg
  56.117 +Gl6hulDjzJNoU2+O/tBISkHbahXMWdylp3n85fnRDiv0RWsrVudpKrKh4hZ5dEV8
  56.118 +qzpJQFIbW+8p+R9IFjFhqheibzakSdjWxf9KMy6+zT6aOMYSQpwfCFN6wmGIQ4YX
  56.119 +lYzyT920s2b676xRpHD2TKRtcG/cWqXH2pRP1nEqW/4P8iVyPeRixT2H
  56.120  -----END CERTIFICATE-----
    57.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.3_ta1_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    57.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.3_ta1_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    57.3 @@ -5,28 +5,37 @@
    57.4      Signature Algorithm: sha256WithRSAEncryption
    57.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4.3_ta1/emailAddress=ch4.3_ta1
    57.6          Validity
    57.7 -            Not Before: Dec 13 00:13:35 2013 GMT
    57.8 -            Not After : Sep  8 00:13:35 2016 GMT
    57.9 +            Not Before: Jan 22 01:57:55 2016 GMT
   57.10 +            Not After : Oct 18 01:57:55 2018 GMT
   57.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch5.3_ta1/emailAddress=ch5.3_ta1
   57.12          Subject Public Key Info:
   57.13              Public Key Algorithm: rsaEncryption
   57.14 -                Public-Key: (1024 bit)
   57.15 +                Public-Key: (2048 bit)
   57.16                  Modulus:
   57.17 -                    00:9a:0b:35:00:7e:06:fd:e2:50:97:7e:d2:c2:b8:
   57.18 -                    20:2a:d9:bb:b8:3f:14:f9:aa:e3:98:dc:b9:49:62:
   57.19 -                    32:9e:e7:51:16:ef:6b:69:59:7e:0f:c3:50:08:3d:
   57.20 -                    dc:23:18:37:fa:70:cc:45:b8:47:1e:49:ef:18:15:
   57.21 -                    47:8e:e6:c9:65:64:02:a8:f5:2a:d1:ef:3a:91:8f:
   57.22 -                    5a:52:21:46:8f:61:87:55:c9:61:ea:e8:98:18:c5:
   57.23 -                    99:1f:bd:43:02:13:a6:bf:c0:cd:d9:a5:ee:40:a3:
   57.24 -                    05:bf:18:28:57:f6:4e:21:d0:89:a1:21:1c:39:ed:
   57.25 -                    2d:ed:45:f0:da:75:37:da:7b
   57.26 +                    00:c1:91:a3:1f:3a:14:29:24:3c:d6:fa:ad:16:b9:
   57.27 +                    a4:c4:df:4a:04:c9:d6:01:16:03:54:de:36:4a:db:
   57.28 +                    69:1c:b1:c0:f9:ee:64:3d:f3:63:5f:de:fd:4f:91:
   57.29 +                    95:c4:86:99:07:d6:f3:3d:80:7e:5a:ef:16:84:05:
   57.30 +                    d5:66:f7:ee:f8:e1:6b:d9:eb:78:1d:10:5e:85:28:
   57.31 +                    6f:80:97:90:1f:cb:52:36:1d:c6:2a:30:f6:64:63:
   57.32 +                    4f:3a:9f:b1:e3:36:98:92:62:df:d3:ec:6e:99:dd:
   57.33 +                    37:16:e1:92:24:18:e2:53:e9:8c:38:84:50:c7:8d:
   57.34 +                    3c:ae:21:b0:79:69:3b:f4:17:46:78:1b:d6:00:16:
   57.35 +                    9a:46:61:e6:78:2d:75:2d:eb:d9:e0:93:c7:50:b1:
   57.36 +                    43:a6:76:32:97:24:ea:98:8e:f0:08:31:9d:c7:81:
   57.37 +                    be:66:65:eb:30:fd:c2:98:f8:6d:64:e6:6b:7b:19:
   57.38 +                    e4:97:c3:31:20:8d:1a:f4:0c:4f:96:14:8b:64:cb:
   57.39 +                    f4:75:31:3b:cd:b8:27:d5:25:3e:a3:f7:73:db:b9:
   57.40 +                    ac:dd:e8:be:14:dc:2f:ca:e5:f6:f6:8d:c1:83:60:
   57.41 +                    72:45:1d:e9:cd:e9:d5:a4:67:1c:df:56:3b:00:3b:
   57.42 +                    fd:7a:3f:fc:78:ad:47:b0:53:ca:7d:17:57:fe:4c:
   57.43 +                    de:cb
   57.44                  Exponent: 65537 (0x10001)
   57.45          X509v3 extensions:
   57.46              X509v3 Subject Key Identifier: 
   57.47 -                A5:4B:BC:BC:6C:A7:1D:7E:CB:31:E5:DF:BE:24:BE:B9:86:28:DE:68
   57.48 +                E3:AC:5A:33:E4:E3:9B:18:66:7B:0F:13:2A:89:91:5E:64:42:D3:05
   57.49              X509v3 Authority Key Identifier: 
   57.50 -                keyid:16:06:DB:79:36:82:5D:96:BA:FD:0F:C3:3D:E2:64:BA:E6:03:E6:3A
   57.51 +                keyid:CA:50:20:B6:70:62:DE:6B:28:77:63:00:64:FE:D0:58:9E:50:16:24
   57.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
   57.53                  serial:0C
   57.54  
   57.55 @@ -35,31 +44,43 @@
   57.56              X509v3 Key Usage: critical
   57.57                  Certificate Sign, CRL Sign
   57.58      Signature Algorithm: sha256WithRSAEncryption
   57.59 -         4b:1b:27:81:60:e8:9c:ca:e9:2b:c6:94:9e:64:d5:1a:44:18:
   57.60 -         e7:fb:98:cf:a0:10:e3:ae:ad:b3:fa:a6:21:9d:be:35:46:17:
   57.61 -         e6:42:3f:8c:79:81:c5:46:f4:f8:04:72:02:a5:5c:6a:1f:cf:
   57.62 -         62:e1:f9:6f:3a:26:5c:7b:13:27:bd:27:e7:8d:e4:75:b0:04:
   57.63 -         05:84:44:8b:cf:2c:8b:8b:44:35:c7:60:79:91:04:69:cc:35:
   57.64 -         90:5b:e5:9a:71:cb:6d:65:dd:a1:09:2c:d0:35:69:cc:cf:0a:
   57.65 -         62:41:8f:18:ac:9e:8f:52:4c:fa:77:14:98:45:ce:06:c5:f9:
   57.66 -         5d:6a
   57.67 +         1c:ac:db:1d:7e:66:ab:bd:02:09:67:5b:cf:c3:d4:2f:04:48:
   57.68 +         63:3f:80:02:74:80:d9:77:a5:25:eb:c3:08:74:10:48:2d:8d:
   57.69 +         b4:7b:1a:fb:66:ea:fe:bf:4d:19:7c:42:54:e2:6e:65:19:59:
   57.70 +         60:3d:bf:ea:79:d3:c3:cd:3a:f7:4b:ac:31:fc:6f:40:25:2e:
   57.71 +         41:eb:7b:54:36:78:f4:73:cb:7b:73:fa:d0:28:ca:65:a1:be:
   57.72 +         b4:7c:c6:17:8b:d9:b1:5e:e5:ab:00:29:fc:78:bf:32:09:51:
   57.73 +         41:fe:4c:ec:df:50:76:73:9e:b6:b3:9a:8a:ca:4d:0c:59:7c:
   57.74 +         41:76:7b:5b:77:cd:71:74:ca:88:1a:0f:dc:20:62:be:dc:6a:
   57.75 +         f9:d5:5f:26:7b:f5:6a:ed:22:9f:01:66:04:9e:45:71:37:da:
   57.76 +         53:3a:4a:76:93:86:49:3b:6e:8e:87:dd:6a:28:0f:cc:fe:ce:
   57.77 +         7f:1d:91:8b:20:94:8f:4a:66:5a:ab:e2:e8:1e:41:f3:d6:6e:
   57.78 +         a1:4d:9c:c8:e6:57:cf:61:67:ab:bd:c7:39:f9:58:9a:18:05:
   57.79 +         44:80:49:44:ff:3e:4f:ca:e3:09:1c:d3:cb:4f:7a:8b:78:72:
   57.80 +         76:23:02:79:ef:70:8e:5f:f8:c2:ae:08:b0:b8:ba:84:39:37:
   57.81 +         73:30:90:e8
   57.82  -----BEGIN CERTIFICATE-----
   57.83 -MIIDRTCCAq6gAwIBAgIBDTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzET
   57.84 +MIIESjCCAzKgAwIBAgIBDTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzET
   57.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   57.86  BAoMBHBrZzUxEjAQBgNVBAMMCWNoNC4zX3RhMTEYMBYGCSqGSIb3DQEJARYJY2g0
   57.87 -LjNfdGExMB4XDTEzMTIxMzAwMTMzNVoXDTE2MDkwODAwMTMzNVowdTELMAkGA1UE
   57.88 +LjNfdGExMB4XDTE2MDEyMjAxNTc1NVoXDTE4MTAxODAxNTc1NVowdTELMAkGA1UE
   57.89  BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC1NhbnRhIENsYXJh
   57.90  MQ0wCwYDVQQKDARwa2c1MRIwEAYDVQQDDAljaDUuM190YTExGDAWBgkqhkiG9w0B
   57.91 -CQEWCWNoNS4zX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmgs1AH4G
   57.92 -/eJQl37SwrggKtm7uD8U+arjmNy5SWIynudRFu9raVl+D8NQCD3cIxg3+nDMRbhH
   57.93 -HknvGBVHjubJZWQCqPUq0e86kY9aUiFGj2GHVclh6uiYGMWZH71DAhOmv8DN2aXu
   57.94 -QKMFvxgoV/ZOIdCJoSEcOe0t7UXw2nU32nsCAwEAAaOB5DCB4TAdBgNVHQ4EFgQU
   57.95 -pUu8vGynHX7LMeXfviS+uYYo3mgwgZsGA1UdIwSBkzCBkIAUFgbbeTaCXZa6/Q/D
   57.96 -PeJkuuYD5jqhdaRzMHExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
   57.97 -MRQwEgYDVQQHDAtTYW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEQMA4GA1UEAwwH
   57.98 -Y2gzX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gzX3RhMYIBDDASBgNVHRMBAf8ECDAG
   57.99 -AQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOBgQBLGyeBYOic
  57.100 -yukrxpSeZNUaRBjn+5jPoBDjrq2z+qYhnb41RhfmQj+MeYHFRvT4BHICpVxqH89i
  57.101 -4flvOiZcexMnvSfnjeR1sAQFhESLzyyLi0Q1x2B5kQRpzDWQW+WaccttZd2hCSzQ
  57.102 -NWnMzwpiQY8YrJ6PUkz6dxSYRc4Gxfldag==
  57.103 +CQEWCWNoNS4zX3RhMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGR
  57.104 +ox86FCkkPNb6rRa5pMTfSgTJ1gEWA1TeNkrbaRyxwPnuZD3zY1/e/U+RlcSGmQfW
  57.105 +8z2AflrvFoQF1Wb37vjha9nreB0QXoUob4CXkB/LUjYdxiow9mRjTzqfseM2mJJi
  57.106 +39PsbpndNxbhkiQY4lPpjDiEUMeNPK4hsHlpO/QXRngb1gAWmkZh5ngtdS3r2eCT
  57.107 +x1CxQ6Z2Mpck6piO8AgxnceBvmZl6zD9wpj4bWTma3sZ5JfDMSCNGvQMT5YUi2TL
  57.108 +9HUxO824J9UlPqP3c9u5rN3ovhTcL8rl9vaNwYNgckUd6c3p1aRnHN9WOwA7/Xo/
  57.109 +/HitR7BTyn0XV/5M3ssCAwEAAaOB5DCB4TAdBgNVHQ4EFgQU46xaM+Tjmxhmew8T
  57.110 +KomRXmRC0wUwgZsGA1UdIwSBkzCBkIAUylAgtnBi3msod2MAZP7QWJ5QFiShdaRz
  57.111 +MHExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtT
  57.112 +YW50YSBDbGFyYTENMAsGA1UECgwEcGtnNTEQMA4GA1UEAwwHY2gzX3RhMTEWMBQG
  57.113 +CSqGSIb3DQEJARYHY2gzX3RhMYIBDDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud
  57.114 +DwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAHKzbHX5mq70CCWdbz8PULwRI
  57.115 +Yz+AAnSA2XelJevDCHQQSC2NtHsa+2bq/r9NGXxCVOJuZRlZYD2/6nnTw80690us
  57.116 +MfxvQCUuQet7VDZ49HPLe3P60CjKZaG+tHzGF4vZsV7lqwAp/Hi/MglRQf5M7N9Q
  57.117 +dnOetrOaispNDFl8QXZ7W3fNcXTKiBoP3CBivtxq+dVfJnv1au0inwFmBJ5FcTfa
  57.118 +UzpKdpOGSTtujofdaigPzP7Ofx2RiyCUj0pmWqvi6B5B89ZuoU2cyOZXz2Fnq73H
  57.119 +OflYmhgFRIBJRP8+T8rjCRzTy096i3hydiMCee9wjl/4wq4IsLi6hDk3czCQ6A==
  57.120  -----END CERTIFICATE-----
    58.1 --- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch5_ta1_cert.pem	Tue Mar 08 11:12:06 2016 -0800
    58.2 +++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch5_ta1_cert.pem	Wed Mar 09 11:27:23 2016 -0800
    58.3 @@ -5,28 +5,37 @@
    58.4      Signature Algorithm: sha256WithRSAEncryption
    58.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
    58.6          Validity
    58.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    58.8 -            Not After : Sep  8 00:13:34 2016 GMT
    58.9 +            Not Before: Jan 22 01:57:54 2016 GMT
   58.10 +            Not After : Oct 18 01:57:54 2018 GMT
   58.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch5_ta1/emailAddress=ch5_ta1
   58.12          Subject Public Key Info:
   58.13              Public Key Algorithm: rsaEncryption
   58.14 -                Public-Key: (1024 bit)
   58.15 +                Public-Key: (2048 bit)
   58.16                  Modulus:
   58.17 -                    00:df:c0:ed:cc:df:82:ab:d3:9b:54:8d:56:f7:0d:
   58.18 -                    e4:d8:b4:ba:03:ef:a3:82:f6:b6:e6:4d:0f:b4:e5:
   58.19 -                    61:98:88:bd:32:b3:47:21:4b:2c:e8:c3:9a:22:9c:
   58.20 -                    35:63:a8:4f:2a:c1:47:1a:3a:b2:46:d6:61:4e:87:
   58.21 -                    2a:13:3a:d8:35:3e:3c:ae:67:43:b8:3d:a9:95:df:
   58.22 -                    7b:ba:e9:71:ec:31:99:b3:fa:00:96:8c:80:4b:1d:
   58.23 -                    d9:77:e5:d2:14:9d:95:a2:ce:32:21:d5:2e:67:ae:
   58.24 -                    b1:08:04:fb:9d:fb:70:16:74:5f:1a:d1:36:77:e8:
   58.25 -                    4b:68:c3:d8:d4:fb:18:20:31
   58.26 +                    00:a8:92:25:84:36:2c:16:5b:7e:99:d4:a8:ac:bf:
   58.27 +                    2b:63:99:2c:65:69:ec:f3:13:3f:fb:b3:c9:33:0c:
   58.28 +                    43:1a:e9:04:a3:8c:27:5e:e5:f8:47:a5:4d:5f:39:
   58.29 +                    2f:9b:b9:5f:3e:2e:9c:18:8b:16:d4:4c:0c:f7:02:
   58.30 +                    35:37:a1:81:c6:d1:0d:43:eb:7d:1c:e4:d4:81:73:
   58.31 +                    58:fc:b2:94:a2:4e:04:a5:bb:b2:f4:64:d0:c6:54:
   58.32 +                    91:71:33:45:8e:22:a4:f2:35:1e:b3:69:e4:fc:5e:
   58.33 +                    a9:5b:7a:8c:7c:6a:e2:7b:2d:d0:ad:d8:d1:76:47:
   58.34 +                    c6:99:a6:2e:8d:1b:56:f8:8c:f7:04:2f:99:c5:3d:
   58.35 +                    81:67:cc:73:ec:c1:d6:97:41:73:04:1c:8b:45:eb:
   58.36 +                    60:f9:60:d6:11:f6:c6:5c:19:5d:d2:18:a8:2e:53:
   58.37 +                    78:33:46:3b:5c:43:b0:54:7d:e4:57:5a:36:08:84:
   58.38 +                    50:a5:c0:1e:1d:21:11:6d:63:c4:df:fc:ee:0f:a8:
   58.39 +                    8f:ca:7c:2a:5c:0a:2d:ad:17:64:c8:5d:e2:9b:e1:
   58.40 +                    d4:57:a3:8e:0f:1d:4f:60:1e:79:bf:9f:39:94:6a:
   58.41 +                    73:e6:19:0d:ef:74:c2:a3:fc:85:a2:03:a4:99:13:
   58.42 +                    9e:85:5e:f3:8c:31:f1:7d:91:50:98:6f:18:ec:fc:
   58.43 +                    98:2f
   58.44                  Exponent: 65537 (0x10001)
   58.45          X509v3 extensions:
   58.46              X509v3 Subject Key Identifier: 
   58.47 -                B7:43:D6:5A:46:C2:2F:15:50:05:D5:FB:5E:BE:EC:F8:33:9E:EC:EC
   58.48 +                64:B3:47:B8:70:CE:F3:CD:0F:95:A6:B0:0F:5F:D5:66:E1:1B:30:E7
   58.49              X509v3 Authority Key Identifier: 
   58.50 -                keyid:54:8A:14:10:0B:AF:89:DC:1E:65:8A:17:37:6A:AC:D2:2B:6C:27:5C
   58.51 +                keyid:44:81:49:A3:5B:7C:85:F2:A7:56:19:FF:64:98:AB:61:89:3E:E1:B7
   58.52                  DirName:/C=US/ST=California/L=Santa Clara/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
   58.53                  serial:04
   58.54  
   58.55 @@ -35,31 +44,43 @@
   58.56              X509v3 Key Usage: critical
   58.57                  Certificate Sign, CRL Sign
   58.58      Signature Algorithm: sha256WithRSAEncryption
   58.59 -         96:fb:63:43:cf:70:0a:14:7b:47:4e:37:4b:2f:7c:7f:8c:75:
   58.60 -         85:bb:e3:44:af:9c:2c:08:c5:9c:4d:c7:59:f1:70:3a:67:82:
   58.61 -         1c:4c:3c:f7:8b:e7:00:f0:05:db:af:29:79:53:6f:09:a2:ac:
   58.62 -         ae:4d:e2:df:4a:7d:4e:56:79:8c:85:97:47:14:4e:2f:7e:bd:
   58.63 -         07:2c:70:01:85:43:3c:18:32:ed:24:36:24:1c:29:e0:0b:ce:
   58.64 -         86:4d:a7:a9:88:b8:de:f1:0e:a3:13:c1:5c:d7:1b:76:81:c2:
   58.65 -         3f:63:c3:76:1d:60:f7:e5:43:1f:25:3b:ae:d2:a5:1f:02:fa:
   58.66 -         8c:a3
   58.67 +         b6:f5:d5:78:23:16:4f:ca:8f:3a:a7:fd:a8:91:2a:c5:3e:e2:
   58.68 +         bf:32:ca:b3:38:6b:2f:64:9c:1d:99:d8:d2:b5:a8:2c:a4:db:
   58.69 +         8e:9d:31:5c:40:b9:05:32:a0:1c:b6:21:72:46:69:d1:eb:49:
   58.70 +         50:20:f9:e8:95:6f:e7:91:34:f9:e1:bb:3f:e7:b6:a4:f9:d3:
   58.71 +         12:36:3a:40:c6:76:35:a5:c9:b7:71:70:50:55:19:b4:ff:51:
   58.72 +         ef:40:3e:41:4f:f3:1a:70:f5:fd:3b:0a:4d:d9:43:a6:57:e4:
   58.73 +         42:9c:77:3d:26:7a:c2:e2:54:7f:76:6f:fd:af:52:31:29:07:
   58.74 +         ac:ae:78:4c:76:d9:f9:80:b5:4c:79:60:a0:e9:59:5f:bf:fe:
   58.75 +         cd:6a:fe:ee:92:ca:79:0e:5c:e6:1d:8f:59:a9:62:51:a1:2e:
   58.76 +         d9:b2:37:fa:e1:ef:7c:88:b5:29:d2:5f:13:74:76:ef:ed:fe:
   58.77 +         7f:e9:81:5d:9c:62:91:8f:21:ef:45:95:7c:12:a6:d5:46:45:
   58.78 +         8e:9e:d1:a8:9a:aa:a8:5e:fd:65:55:d2:f9:08:d0:3c:66:f9:
   58.79 +         69:ee:c1:0f:a9:15:06:a9:8e:ac:e0:08:06:13:0c:7e:9c:81:
   58.80 +         94:60:1b:ad:3a:7d:3e:ed:b4:79:d2:51:0c:80:8c:42:69:fe:
   58.81 +         f3:99:56:1c
   58.82  -----BEGIN CERTIFICATE-----
   58.83 -MIIDPTCCAqagAwIBAgIBBTANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   58.84 +MIIEQjCCAyqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   58.85  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   58.86  BAoMBHBrZzUxEDAOBgNVBAMMB2NoNF90YTExFjAUBgkqhkiG9w0BCQEWB2NoNF90
   58.87 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjBxMQswCQYDVQQGEwJV
   58.88 +YTEwHhcNMTYwMTIyMDE1NzU0WhcNMTgxMDE4MDE1NzU0WjBxMQswCQYDVQQGEwJV
   58.89  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   58.90  BgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoNV90YTExFjAUBgkqhkiG9w0BCQEWB2No
   58.91 -NV90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/A7czfgqvTm1SNVvcN
   58.92 -5Ni0ugPvo4L2tuZND7TlYZiIvTKzRyFLLOjDmiKcNWOoTyrBRxo6skbWYU6HKhM6
   58.93 -2DU+PK5nQ7g9qZXfe7rpcewxmbP6AJaMgEsd2Xfl0hSdlaLOMiHVLmeusQgE+537
   58.94 -cBZ0XxrRNnfoS2jD2NT7GCAxAgMBAAGjgeQwgeEwHQYDVR0OBBYEFLdD1lpGwi8V
   58.95 -UAXV+16+7PgznuzsMIGbBgNVHSMEgZMwgZCAFFSKFBALr4ncHmWKFzdqrNIrbCdc
   58.96 -oXWkczBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UE
   58.97 -BwwLU2FudGEgQ2xhcmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoM190YTEx
   58.98 -FjAUBgkqhkiG9w0BCQEWB2NoM190YTGCAQQwEgYDVR0TAQH/BAgwBgEB/wIBADAO
   58.99 -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAlvtjQ89wChR7R043Sy98
  58.100 -f4x1hbvjRK+cLAjFnE3HWfFwOmeCHEw894vnAPAF268peVNvCaKsrk3i30p9TlZ5
  58.101 -jIWXRxROL369ByxwAYVDPBgy7SQ2JBwp4AvOhk2nqYi43vEOoxPBXNcbdoHCP2PD
  58.102 -dh1g9+VDHyU7rtKlHwL6jKM=
  58.103 +NV90YTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCokiWENiwWW36Z
  58.104 +1KisvytjmSxlaezzEz/7s8kzDEMa6QSjjCde5fhHpU1fOS+buV8+LpwYixbUTAz3
  58.105 +AjU3oYHG0Q1D630c5NSBc1j8spSiTgSlu7L0ZNDGVJFxM0WOIqTyNR6zaeT8Xqlb
  58.106 +eox8auJ7LdCt2NF2R8aZpi6NG1b4jPcEL5nFPYFnzHPswdaXQXMEHItF62D5YNYR
  58.107 +9sZcGV3SGKguU3gzRjtcQ7BUfeRXWjYIhFClwB4dIRFtY8Tf/O4PqI/KfCpcCi2t
  58.108 +F2TIXeKb4dRXo44PHU9gHnm/nzmUanPmGQ3vdMKj/IWiA6SZE56FXvOMMfF9kVCY
  58.109 +bxjs/JgvAgMBAAGjgeQwgeEwHQYDVR0OBBYEFGSzR7hwzvPND5WmsA9f1WbhGzDn
  58.110 +MIGbBgNVHSMEgZMwgZCAFESBSaNbfIXyp1YZ/2SYq2GJPuG3oXWkczBxMQswCQYD
  58.111 +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xh
  58.112 +cmExDTALBgNVBAoMBHBrZzUxEDAOBgNVBAMMB2NoM190YTExFjAUBgkqhkiG9w0B
  58.113 +CQEWB2NoM190YTGCAQQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMC
  58.114 +AQYwDQYJKoZIhvcNAQELBQADggEBALb11XgjFk/Kjzqn/aiRKsU+4r8yyrM4ay9k
  58.115 +nB2Z2NK1qCyk246dMVxAuQUyoBy2IXJGadHrSVAg+eiVb+eRNPnhuz/ntqT50xI2
  58.116 +OkDGdjWlybdxcFBVGbT/Ue9APkFP8xpw9f07Ck3ZQ6ZX5EKcdz0mesLiVH92b/2v
  58.117 +UjEpB6yueEx22fmAtUx5YKDpWV+//s1q/u6SynkOXOYdj1mpYlGhLtmyN/rh73yI
  58.118 +tSnSXxN0du/t/n/pgV2cYpGPIe9FlXwSptVGRY6e0aiaqqhe/WVV0vkI0Dxm+Wnu
  58.119 +wQ+pFQapjqzgCAYTDH6cgZRgG606fT7ttHnSUQyAjEJp/vOZVhw=
  58.120  -----END CERTIFICATE-----
    59.1 --- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/06.pem	Tue Mar 08 11:12:06 2016 -0800
    59.2 +++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/06.pem	Wed Mar 09 11:27:23 2016 -0800
    59.3 @@ -5,22 +5,22 @@
    59.4      Signature Algorithm: sha256WithRSAEncryption
    59.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch5_ta1/emailAddress=ch5_ta1
    59.6          Validity
    59.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    59.8 -            Not After : Sep  8 00:13:34 2016 GMT
    59.9 +            Not Before: Jan 22 01:57:54 2016 GMT
   59.10 +            Not After : Oct 18 01:57:54 2018 GMT
   59.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=cs1_ch5_ta1/emailAddress=cs1_ch5_ta1
   59.12          Subject Public Key Info:
   59.13              Public Key Algorithm: rsaEncryption
   59.14                  Public-Key: (1024 bit)
   59.15                  Modulus:
   59.16 -                    00:ba:a7:a1:60:33:eb:59:84:e6:2f:b0:30:38:b8:
   59.17 -                    49:97:86:3b:82:4e:51:6a:28:bf:2a:6d:d3:46:77:
   59.18 -                    67:ec:10:70:69:22:7f:e1:5d:7a:45:b5:81:2b:d2:
   59.19 -                    ea:7d:41:5c:e2:4d:e8:2d:06:89:1c:4c:17:aa:3c:
   59.20 -                    f5:2f:32:12:04:80:69:52:80:4a:ce:a1:4f:dc:76:
   59.21 -                    a1:5a:d2:53:43:8f:7c:fb:82:eb:96:06:cd:05:89:
   59.22 -                    74:34:7d:99:62:bc:09:67:e9:27:80:5b:78:65:05:
   59.23 -                    57:c8:b6:b4:b7:83:5a:46:b2:80:6c:3f:05:3c:c6:
   59.24 -                    49:2d:75:7c:48:2e:22:35:b7
   59.25 +                    00:cf:e4:e6:a1:10:93:8b:7b:2a:9e:01:bb:ce:24:
   59.26 +                    a4:42:74:51:7d:d9:c2:f5:4b:5c:9b:5b:c0:4c:a2:
   59.27 +                    e2:e2:bf:9f:64:24:e9:bd:22:56:62:3b:f1:f2:49:
   59.28 +                    c0:91:63:0a:48:a6:68:cb:36:b9:b1:9c:57:b1:5e:
   59.29 +                    12:80:f8:26:c3:6e:c8:74:39:4a:23:39:bc:47:63:
   59.30 +                    e5:ab:18:b7:22:be:d7:5c:00:f5:a6:ec:0d:fb:0d:
   59.31 +                    cb:bd:fd:ae:b0:f2:e1:4c:c7:33:3b:50:1c:01:86:
   59.32 +                    e7:1d:34:5e:d8:72:19:c5:87:78:06:f2:f5:af:d7:
   59.33 +                    93:33:12:3a:4a:8a:4b:43:23
   59.34                  Exponent: 65537 (0x10001)
   59.35          X509v3 extensions:
   59.36              X509v3 Basic Constraints: critical
   59.37 @@ -28,27 +28,37 @@
   59.38              X509v3 Key Usage: critical
   59.39                  Digital Signature
   59.40      Signature Algorithm: sha256WithRSAEncryption
   59.41 -         c2:d0:56:dd:4a:bb:8f:f9:de:49:4c:0c:41:af:29:73:07:f5:
   59.42 -         da:44:4a:aa:0b:9c:80:33:56:cc:eb:c5:58:14:f9:c2:c9:cc:
   59.43 -         93:2f:75:eb:6c:fd:b8:79:de:0d:35:db:46:8b:a6:d7:0b:59:
   59.44 -         3d:35:c9:ac:68:76:63:85:bd:b1:03:21:c7:53:a5:f5:22:9f:
   59.45 -         f0:c2:23:7e:de:32:6f:4a:7b:d8:d5:2d:b1:ee:db:ad:5a:f9:
   59.46 -         35:46:55:11:5a:bb:6b:53:21:1d:ea:c4:4d:16:5c:01:f5:af:
   59.47 -         91:47:bb:16:c1:9b:71:4e:5b:52:b5:ea:f9:d8:7a:53:c0:ef:
   59.48 -         e7:f4
   59.49 +         7a:3f:1c:dd:05:05:04:00:12:66:28:10:1f:df:70:2b:5a:31:
   59.50 +         1e:a4:c7:59:59:45:45:0e:f7:1e:99:2f:a2:fe:c5:a9:93:c6:
   59.51 +         a8:a1:2b:b2:1d:56:a8:47:87:e7:46:25:f9:4c:bf:c2:65:cf:
   59.52 +         62:d9:e9:cc:91:11:98:43:81:e1:45:de:49:03:06:d0:b3:60:
   59.53 +         5a:d7:07:06:2e:fa:7b:32:24:b0:b2:6a:49:b1:aa:86:75:cf:
   59.54 +         9a:91:d7:b2:8b:ce:7a:22:6c:18:d7:87:51:2b:1d:86:fb:28:
   59.55 +         d4:64:37:59:68:70:73:07:8b:61:b9:74:fc:1a:cc:16:4b:5a:
   59.56 +         e8:98:7e:f7:0a:d7:6c:28:7a:06:3e:9f:55:d7:19:d9:03:b4:
   59.57 +         f2:a5:60:b0:34:c1:53:7b:0d:1c:fa:1c:80:7b:f1:9d:fd:38:
   59.58 +         33:2b:c9:cc:ec:b8:73:24:db:22:81:34:f5:e7:ca:73:eb:e2:
   59.59 +         ed:16:52:87:cc:92:e4:25:cb:19:9c:3f:2d:ec:2d:63:9d:24:
   59.60 +         35:0e:09:eb:9e:eb:22:10:df:98:b4:62:2f:3e:bd:d2:0d:7f:
   59.61 +         a4:d6:19:f2:80:64:7e:bf:e5:33:70:b1:d7:22:5e:b6:b2:f5:
   59.62 +         33:3a:3a:b6:e7:e4:c0:03:5e:b0:2f:1b:5b:fc:6b:37:d0:68:
   59.63 +         13:9d:ca:6f
   59.64  -----BEGIN CERTIFICATE-----
   59.65 -MIICgDCCAemgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   59.66 +MIIDATCCAemgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   59.67  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   59.68  BAoMBHBrZzUxEDAOBgNVBAMMB2NoNV90YTExFjAUBgkqhkiG9w0BCQEWB2NoNV90
   59.69 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjB5MQswCQYDVQQGEwJV
   59.70 +YTEwHhcNMTYwMTIyMDE1NzU0WhcNMTgxMDE4MDE1NzU0WjB5MQswCQYDVQQGEwJV
   59.71  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   59.72  BgNVBAoMBHBrZzUxFDASBgNVBAMMC2NzMV9jaDVfdGExMRowGAYJKoZIhvcNAQkB
   59.73 -FgtjczFfY2g1X3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuqehYDPr
   59.74 -WYTmL7AwOLhJl4Y7gk5Raii/Km3TRndn7BBwaSJ/4V16RbWBK9LqfUFc4k3oLQaJ
   59.75 -HEwXqjz1LzISBIBpUoBKzqFP3HahWtJTQ498+4LrlgbNBYl0NH2ZYrwJZ+kngFt4
   59.76 -ZQVXyLa0t4NaRrKAbD8FPMZJLXV8SC4iNbcCAwEAAaMgMB4wDAYDVR0TAQH/BAIw
   59.77 -ADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAwtBW3Uq7j/neSUwM
   59.78 -Qa8pcwf12kRKqgucgDNWzOvFWBT5wsnMky9162z9uHneDTXbRoum1wtZPTXJrGh2
   59.79 -Y4W9sQMhx1Ol9SKf8MIjft4yb0p72NUtse7brVr5NUZVEVq7a1MhHerETRZcAfWv
   59.80 -kUe7FsGbcU5bUrXq+dh6U8Dv5/Q=
   59.81 +FgtjczFfY2g1X3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz+TmoRCT
   59.82 +i3sqngG7ziSkQnRRfdnC9Utcm1vATKLi4r+fZCTpvSJWYjvx8knAkWMKSKZoyza5
   59.83 +sZxXsV4SgPgmw27IdDlKIzm8R2Plqxi3Ir7XXAD1puwN+w3Lvf2usPLhTMczO1Ac
   59.84 +AYbnHTRe2HIZxYd4BvL1r9eTMxI6SopLQyMCAwEAAaMgMB4wDAYDVR0TAQH/BAIw
   59.85 +ADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAHo/HN0FBQQAEmYo
   59.86 +EB/fcCtaMR6kx1lZRUUO9x6ZL6L+xamTxqihK7IdVqhHh+dGJflMv8Jlz2LZ6cyR
   59.87 +EZhDgeFF3kkDBtCzYFrXBwYu+nsyJLCyakmxqoZ1z5qR17KLznoibBjXh1ErHYb7
   59.88 +KNRkN1locHMHi2G5dPwazBZLWuiYfvcK12woegY+n1XXGdkDtPKlYLA0wVN7DRz6
   59.89 +HIB78Z39ODMryczsuHMk2yKBNPXnynPr4u0WUofMkuQlyxmcPy3sLWOdJDUOCeue
   59.90 +6yIQ35i0Yi8+vdINf6TWGfKAZH6/5TNwsdciXray9TM6Orbn5MADXrAvG1v8azfQ
   59.91 +aBOdym8=
   59.92  -----END CERTIFICATE-----
    60.1 --- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/07.pem	Tue Mar 08 11:12:06 2016 -0800
    60.2 +++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/07.pem	Wed Mar 09 11:27:23 2016 -0800
    60.3 @@ -5,22 +5,22 @@
    60.4      Signature Algorithm: sha256WithRSAEncryption
    60.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch5_ta1/emailAddress=ch5_ta1
    60.6          Validity
    60.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    60.8 -            Not After : Sep  8 00:13:34 2016 GMT
    60.9 +            Not Before: Jan 22 01:57:54 2016 GMT
   60.10 +            Not After : Oct 18 01:57:54 2018 GMT
   60.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=cs2_ch5_ta1/emailAddress=cs2_ch5_ta1
   60.12          Subject Public Key Info:
   60.13              Public Key Algorithm: rsaEncryption
   60.14                  Public-Key: (1024 bit)
   60.15                  Modulus:
   60.16 -                    00:cc:51:a3:86:48:a6:81:11:01:ba:be:40:6d:dc:
   60.17 -                    f7:b6:0a:f8:9a:11:71:ea:09:42:3a:ed:ee:4e:0f:
   60.18 -                    87:10:99:6f:c8:ef:41:bd:f6:d0:17:a7:db:7b:fe:
   60.19 -                    51:dd:de:3a:f2:3b:d7:de:7d:96:71:4e:7f:4e:d0:
   60.20 -                    cf:dd:3b:d8:6b:ce:ca:83:3a:7d:6e:65:cd:b5:fb:
   60.21 -                    4b:32:9a:e6:20:f8:ed:8e:4c:99:f4:02:de:c5:d4:
   60.22 -                    3b:6e:35:a8:3c:b4:9f:3f:5e:3b:85:33:4a:4d:b3:
   60.23 -                    35:a3:d0:76:78:74:d2:72:99:9e:c1:69:1f:d1:8f:
   60.24 -                    2a:11:eb:35:32:7b:ba:8f:99
   60.25 +                    00:d3:d4:82:0b:9b:af:f0:23:6b:b4:ad:ca:d8:b1:
   60.26 +                    56:19:16:d9:49:67:f7:e5:cc:c1:d4:68:6a:75:30:
   60.27 +                    f5:3f:02:02:31:3f:65:da:c3:f4:89:f1:d7:b8:17:
   60.28 +                    39:d0:5f:83:a1:08:07:bf:61:42:96:e6:c8:a7:06:
   60.29 +                    e8:22:cb:61:b3:73:87:6d:c6:f0:b6:1c:12:f7:7b:
   60.30 +                    d2:4f:2f:25:03:ef:27:50:c2:15:b9:5c:36:c2:43:
   60.31 +                    80:74:95:c6:be:9c:3e:83:72:11:d7:6a:1c:ea:71:
   60.32 +                    32:b8:13:d2:75:3c:9b:df:f8:59:5c:1e:a6:c8:51:
   60.33 +                    8b:87:e7:c7:3b:0e:d1:65:15
   60.34                  Exponent: 65537 (0x10001)
   60.35          X509v3 extensions:
   60.36              X509v3 Basic Constraints: critical
   60.37 @@ -31,28 +31,38 @@
   60.38                    URI:http://localhost:12001/file/0/ch5_ta1_crl.pem
   60.39  
   60.40      Signature Algorithm: sha256WithRSAEncryption
   60.41 -         2c:76:2d:19:cd:d6:f0:88:16:6c:99:6c:19:1b:5e:d3:ca:b1:
   60.42 -         6d:3c:f1:5b:2c:3b:52:cd:7f:f5:1b:4f:e0:49:9e:48:5c:5e:
   60.43 -         16:55:57:a3:0d:c6:eb:f5:a7:13:8d:57:c4:ff:df:3d:66:00:
   60.44 -         a3:b9:18:c3:19:5c:ba:1c:ae:83:bd:90:a6:c8:6e:5a:c6:b5:
   60.45 -         51:b5:33:69:59:7a:5a:00:24:61:02:41:c5:c2:ff:cc:12:a1:
   60.46 -         d7:d4:d5:29:b9:22:94:e0:5c:5c:29:ec:82:ba:ff:1a:40:50:
   60.47 -         88:58:98:a8:b3:2b:86:3c:a2:21:8b:b4:b2:fc:3a:b0:c7:f1:
   60.48 -         03:e8
   60.49 +         58:fb:c7:b9:31:27:7a:ac:c0:0d:82:11:6f:d9:8f:7c:0f:90:
   60.50 +         b6:2b:13:bb:77:52:95:45:61:51:07:02:32:c6:01:19:15:47:
   60.51 +         43:60:99:e8:49:1b:10:e3:ee:d3:4f:45:4a:86:2e:74:53:cb:
   60.52 +         01:bb:7e:bf:7c:f2:b6:a3:d7:b0:5c:3c:56:fc:ea:01:ae:28:
   60.53 +         7a:3c:68:01:b1:10:de:af:08:76:1c:46:78:62:40:44:5f:25:
   60.54 +         17:c4:f9:ac:7b:d7:21:ea:86:f9:b1:0c:1b:97:1b:fe:9b:12:
   60.55 +         b3:75:50:95:ca:8f:c4:07:a0:13:a0:f5:b5:7e:00:05:43:5d:
   60.56 +         72:e5:aa:57:80:49:b7:cc:3f:5c:d1:5b:87:8e:58:5e:35:12:
   60.57 +         10:60:e1:1b:69:fd:50:21:fc:29:00:01:3b:b0:64:43:eb:62:
   60.58 +         02:56:e9:26:37:28:70:52:18:43:b9:49:e3:6e:bb:d6:3b:f5:
   60.59 +         9c:2c:d7:e9:ab:d4:a9:1a:e7:af:35:a4:d6:d9:be:60:eb:80:
   60.60 +         8d:bc:b8:63:5a:44:0b:0f:6a:5b:b4:04:5a:24:cd:0e:c3:b7:
   60.61 +         45:03:fd:62:d1:0d:b8:d1:2c:76:67:a8:00:22:20:55:29:d2:
   60.62 +         77:4f:36:af:81:60:24:22:8d:de:e4:b8:e4:e3:d0:44:52:39:
   60.63 +         fa:33:98:b7
   60.64  -----BEGIN CERTIFICATE-----
   60.65 -MIICsDCCAhmgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   60.66 +MIIDMTCCAhmgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJVUzET
   60.67  MBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTALBgNV
   60.68  BAoMBHBrZzUxEDAOBgNVBAMMB2NoNV90YTExFjAUBgkqhkiG9w0BCQEWB2NoNV90
   60.69 -YTEwHhcNMTMxMjEzMDAxMzM0WhcNMTYwOTA4MDAxMzM0WjB5MQswCQYDVQQGEwJV
   60.70 +YTEwHhcNMTYwMTIyMDE1NzU0WhcNMTgxMDE4MDE1NzU0WjB5MQswCQYDVQQGEwJV
   60.71  UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExDTAL
   60.72  BgNVBAoMBHBrZzUxFDASBgNVBAMMC2NzMl9jaDVfdGExMRowGAYJKoZIhvcNAQkB
   60.73 -FgtjczJfY2g1X3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzFGjhkim
   60.74 -gREBur5Abdz3tgr4mhFx6glCOu3uTg+HEJlvyO9BvfbQF6fbe/5R3d468jvX3n2W
   60.75 -cU5/TtDP3TvYa87Kgzp9bmXNtftLMprmIPjtjkyZ9ALexdQ7bjWoPLSfP147hTNK
   60.76 -TbM1o9B2eHTScpmewWkf0Y8qEes1Mnu6j5kCAwEAAaNQME4wDAYDVR0TAQH/BAIw
   60.77 +FgtjczJfY2g1X3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA09SCC5uv
   60.78 +8CNrtK3K2LFWGRbZSWf35czB1GhqdTD1PwICMT9l2sP0ifHXuBc50F+DoQgHv2FC
   60.79 +lubIpwboIsths3OHbcbwthwS93vSTy8lA+8nUMIVuVw2wkOAdJXGvpw+g3IR12oc
   60.80 +6nEyuBPSdTyb3/hZXB6myFGLh+fHOw7RZRUCAwEAAaNQME4wDAYDVR0TAQH/BAIw
   60.81  ADA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vbG9jYWxob3N0OjEyMDAxL2ZpbGUv
   60.82 -MC9jaDVfdGExX2NybC5wZW0wDQYJKoZIhvcNAQELBQADgYEALHYtGc3W8IgWbJls
   60.83 -GRte08qxbTzxWyw7Us1/9RtP4EmeSFxeFlVXow3G6/WnE41XxP/fPWYAo7kYwxlc
   60.84 -uhyug72QpshuWsa1UbUzaVl6WgAkYQJBxcL/zBKh19TVKbkilOBcXCnsgrr/GkBQ
   60.85 -iFiYqLMrhjyiIYu0svw6sMfxA+g=
   60.86 +MC9jaDVfdGExX2NybC5wZW0wDQYJKoZIhvcNAQELBQADggEBAFj7x7kxJ3qswA2C
   60.87 +EW/Zj3wPkLYrE7t3UpVFYVEHAjLGARkVR0NgmehJGxDj7tNPRUqGLnRTywG7fr98
   60.88 +8raj17BcPFb86gGuKHo8aAGxEN6vCHYcRnhiQERfJRfE+ax71yHqhvmxDBuXG/6b
   60.89 +ErN1UJXKj8QHoBOg9bV+AAVDXXLlqleASbfMP1zRW4eOWF41EhBg4Rtp/VAh/CkA
   60.90 +ATuwZEPrYgJW6SY3KHBSGEO5SeNuu9Y79Zws1+mr1Kka5681pNbZvmDrgI28uGNa
   60.91 +RAsPalu0BFokzQ7Dt0UD/WLRDbjRLHZnqAAiIFUp0ndPNq+BYCQijd7kuOTj0ERS
   60.92 +OfozmLc=
   60.93  -----END CERTIFICATE-----
    61.1 --- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/09.pem	Tue Mar 08 11:12:06 2016 -0800
    61.2 +++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/09.pem	Wed Mar 09 11:27:23 2016 -0800
    61.3 @@ -5,22 +5,22 @@
    61.4      Signature Algorithm: sha256WithRSAEncryption
    61.5          Issuer: C=US, ST=California, L=Santa Clara, O=pkg5, CN=ch5.1_ta1/emailAddress=ch5.1_ta1
    61.6          Validity
    61.7 -            Not Before: Dec 13 00:13:34 2013 GMT
    61.8 -            Not After : Sep  8 00:13:34 2016 GMT
    61.9 +            Not Before: Jan 22 01:57:55 2016 GMT
   61.10 +            Not After : Oct 18 01:57:55 2018 GMT
   61.11          Subject: C=US, ST=California, L=Santa Clara, O=pkg5, CN=cs1_ch5.1_ta1/emailAddress=cs1_ch5.1_ta1
   61.12          Subject Public Key Info:
   61.13              Public Key Algorithm: rsaEncryption
   61.14                  Public-Key: (1024 bit)
   61.15                  Modulus:
   61.16 -                    00:d5:b5:6f:9a:de:79:48:1e:9e:7c:61:b5:05:3f:
   61.17 -                    f1:ef:a2:74:ac:83:92:f7:fa:6f:bc:ea:bf:7d:ac:
   61.18 -                    d8:c9:ef:a3:50:01:2c:db:17:7c:68:6c:34:04:77:
   61.19 -                    89:f6:77:db:63:08:2b:e7:59:6a:7a:d9:13:ef:d0:
   61.20 -                    b1:1c:13:e0:3a:ee:0f:b6:e9:74:98:ce:30:25:dd:
   61.21 -                    57:05:ed:55:f8:d2:5e:7a:c9:37:9d:29:87:a4:c8:
   61.22 -                    55:f2:e7:a4:d8:cf:19:ee:af:d9:0d:35:e7:67:ae:
   61.23 -                    87:70:f6:d2:98:1d:62:c6:aa:b6:ed:d0:50:77:79:
   61.24 -                    ad:2e:5f:ef:a7:22:81:b3:2f
   61.25 +                    00:a6:e7:4d:9e:5e:83:9a:ff:3d:49:f8:2f:68:50:
   61.26 +                    a6:fb:5b:cd:53:53:02:25:34:3b:5c:26:f5:68:b4:
   61.27 +                    c6:97:3c:69:1c:d6:b1:42:67:61:68:ad:f9:17:5e:
   61.28 +                    4b:28:24:54:9d:de:05:9b:97:e1:22:d4:dc:cf:63:
   61.29 +                    29:f6:0d:40:f4:de:7c:1a:81:e3:37:d8:26:ac:74:
   61.30 +                    94:cc:a7:cb:e8:83:74:b7:23:9d:9f:2c:08:01:52:
   61.31 +                    12:a1:99:79:df:a7:a5:00:c8:01:8e:d2:46:26:40:
   61.32 +                    1f:79:0d:92:2d:c9:49:8e:26:17:59:34:3c:80:92:
   61.33 +                    1b:43:80:96:89:a2:94:d0:81
   61.34                  Exponent: 65537 (0x10001)
   61.35          X509v3 extensions:
   61.36              X509v3 Basic Constraints: critical
   61.37 @@ -28,27 +28,37 @@
   61.38              X509v3 Key Usage: critical
   61.39                  Digital Signature
   61.40      Signature Algorithm: sha256WithRSAEncryption
   61.41 -         75:2d:87:c6:b6:d7:5c:e7:bd:77:6f:d7:63:e4:f4:04:d1:df:
   61.42 -         37:6f:80:99:9d:fe:b3:81:30:b4:1d:0b:3b:c7:f6:6c:15:a5:
   61.43 -         ad:c2:2e:dc:5a:87:88:e0:b0:c9:81:99:33:c3:6a:f1:8d:4b:
   61.44 -         8f:8c:cd:99:d4:ff:86:fe:3e:6e:b1:00:f0:15:16:d7:01:16:
   61.45 -         13:8e:0e:31:35:ca:00:3c:88:7e:ca:8f:e3:32:6e:74:02:35:
   61.46 -         66:3a:db:c8:83:37:b7:8c:7b:ba:bf:0d:aa:b8:d4:d8:28:03:
   61.47 -         f5:f7:6f:c9:aa:d0:3c:03:cf:3d:da:aa:ae:1a:04:c6:7e:58:
   61.48 -         ff:fe
   61.49 +         2e:6c:ea:2c:69:5e:54:16:4f:ad:8c:48:af:e0:60:0d:4f:2d:
   61.50