11684 desire option to not propagate certs to non-global zones
17522 system repository should provide basic functionality
17523 Need a functioning sysdepo
17524 system depot should auto generate its configuration based on system image
17525 system depot should respond to versions/0
17526 system depot should provide publisher configuration
17527 caching should be enabled for system depot
17528 system depot should proxy http repositories
17529 system depot should proxy https repositories
17530 pkg client needs to be aware of the system repository
17531 pkg needs to cache system publisher information
17532 pkg should retrieve publisher information from the system repository when configured
17533 pkg needs to use the system repository as a proxy for http repositories
17534 pkg needs to use the system repository as a proxy for https repositories
17535 need an image property to indicate whether to use the system repository
17536 an image shouldn't require any configured publishers
17537 notion of preferred publisher should be removed
17538 pkg should be able to merge system publisher info with locally configured publishers
17539 pkg should notify that users cannot modify system publishers in certain ways
17540 pkg publisher needs to be updated to include information about system publishers
17541 pkg will need a way to specify alternate system repository urls
17547 file repositories need to be proxied by the system repository
17594 pkg set-publisher in GZ should refresh sysdepo service
17604 converting an imageconfig object to a string causes an infinite loop
17847 pkg set-publisher shouldn't allow -P along with --search-*
17911 pkg image-create should allow an image to be created without a publisher
18200 need a manpage for the sysrepo service
--- a/doc/client_api_versions.txt Wed Apr 27 16:39:43 2011 -0700
+++ b/doc/client_api_versions.txt Wed Apr 27 20:30:32 2011 -0700
@@ -1,3 +1,48 @@
+Version 57:
+Incompatible with clients using versions 0-56:
+ pkg.client.api.ImageInterface has changed as follows:
+ * get_preferred_publisher has been replaced with
+ get_highest_ranked_publisher
+
+ * set_pub_search_after has been removed
+
+ * set_pub_search_before has been removed
+
+ * search_after, search_before, and search_first have been added as
+ options to add_publisher and update_publisher
+
+ * The write_syspub_0 function has been added.
+
+ pkg.client.publisher.RepositoryURI has changed as follows:
+ * proxy and system attributes have been added
+
+ * The get_host function has been added.
+
+ * The change_scheme function has been added.
+
+ pkg.client.publisher.Repository has changed as follows:
+ * a proxy attribute has been added and may be set during initialization
+
+ pkg.client.publisher.Publisher has changed as follows:
+ * The repositories attribute which contained a list of Repository
+ objects has been replaced by the repository attribute which contains a
+ single Repository object.
+
+ * The selected_repository attribute has been removed.
+
+ * A sys_pub attribute has been added which indicates whether a publisher
+ is a system publisher.
+
+ * The add_repository function has been replaced with the set_repository
+ function.
+
+ * The has_configuration function has been added which attempts to
+ determine whether a publisher has been configured by a user.
+
+ * The remove_repository function has had its arguments removed.
+
+ * The set_selected_repository function has been removed.
+
Version 56:
Compatible with clients using version 55:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/system_repository.txt Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,63 @@
+System Repository and Publishers
+
+Introduction:
+
+Linked images, and zones in particular, must keep certain packages
+in sync with the global zone in order to be functional. The global zone will
+constrain packages within the non-global zones and configure special publishers
+in the non-global zone (NGZ). These publishers (henceforth called system
+publishers) are special because the non-global zone cannot make certain kinds of
+modifications to them. Among the forbidden operations for the non-global zone on
+the system publishers are deleting, disabling, removing or replacing origins
+provided by the system repository, and any other operations which might prevent
+the solver from meeting the constraints imposed by the constraint package. The
+global zone must provide the means for the non-global zone to configure itself
+with system publishers by providing information like origins. The global zone
+also has to provide a connection to the system publishers' repositories which is
+available even in a scratch zone.
+
+
+The Data path:
+
+The pkg client in the NGZ uses the system repository in the global zone as a
+proxy to the system publishers. To ensure that a communication path between the
+pkg client in the NGZ and the system repository in the global zone always
+exists, the zone proxy client and the zone proxy daemon were created.
+
+The zone proxy client runs in the NGZ. When started, it creates a socket which
+listens on an inet port on 127.0.0.1 in the NGZ. It passes the file descriptor
+for this socket to the zone proxy daemon in the global zone via a door call. The
+zone proxy daemon listens for connections on the file descriptor. When zone
+proxy daemon receives a connection, it proxies the connection to the system
+depot. The system depot is an Apache instance running in the global zone which
+provides connectivity to and configuration of publishers.
+
+The system depot acts as a proxy for the http and https repositories for
+the publishers it provides. When proxying to https repositories, it uses the
+keys and certificates in the global zone to identify itself and verify the
+server's identity. It also provides a http interface to the file repositories
+for the publishers it provides as well as serving publisher and image
+configuration via the syspub/0 response.
+
+
+Configuration:
+
+The syspub/0 response is a p5s file. The p5s file contains publisher
+configuration and image configuration. Currently, the only image configuration
+it contains is the publisher search order for the provided publishers, but other
+information may be added to the response as needed. In addition to the basic
+collection of publisher information, the p5s file also contains a list of urls
+which the pkg client should proxy to via the system depot instead of contacting
+them directly. When creating a p5s file, the urls for origins and mirrors can
+be transformed. HTTPS urls are transformed to HTTP urls since the system depot
+will be doing the SSL communication, not the pkg client. File urls are
+transformed into HTTP urls with a special format. The urls contain the special
+token "<sysrepo>" which the p5s parser knows to replace with the url of the zone
+proxy client. The rest of the url contains the prefix of the publisher, then
+the sha1 hash of the global zone path to the file repository.
+
+The information for the syspub/0 response comes from the global zone's image's
+configuration. The pkg/sysrepo service is responsible transforming the image
+configuration into an Apache configuration file and causing the system depot to
+reread its configuration. The global zone pkg client restarts the pkg/sysrepo
+servvice whenever the image's publisher configuration changes.
--- a/src/brand/Makefile Wed Apr 27 16:39:43 2011 -0700
+++ b/src/brand/Makefile Wed Apr 27 20:30:32 2011 -0700
@@ -51,10 +51,12 @@
$(ROOTETCBRAND)/smf_disable.conf \
$(ROOTETCZONES)/SUNWipkg.xml \
$(ROOTBRANDPKG)/attach \
+ $(ROOTBRANDPKG)/boot \
$(ROOTBRANDPKG)/clone \
$(ROOTBRANDPKG)/common.ksh \
$(ROOTBRANDPKG)/detach \
$(ROOTBRANDPKG)/fmri_compare \
+ $(ROOTBRANDPKG)/halt \
$(ROOTBRANDPKG)/image_install \
$(ROOTBRANDPKG)/p2v \
$(ROOTBRANDPKG)/pkgcreatezone \
--- a/src/brand/attach Wed Apr 27 16:39:43 2011 -0700
+++ b/src/brand/attach Wed Apr 27 20:30:32 2011 -0700
@@ -34,7 +34,6 @@
m_gzinc=$(gettext " Global zone version: %s")
m_zinc=$(gettext " Non-Global zone version: %s")
m_need_update=$(gettext " Evaluation: Packages in zone %s are out of sync with the global zone. To proceed, retry with the -u flag.")
-m_need_nonsticky=$(gettext " Evaluation: Publisher %s in zone %s needs to be set to non-sticky")
m_cache=$(gettext " Cache: Using %s.")
m_updating=$(gettext " Updating non-global zone: Output follows")
m_sync_done=$(gettext " Updating non-global zone: Zone updated.")
@@ -51,9 +50,6 @@
f_sanity_variant=$(gettext " Sanity Check: FAILED, couldn't determine %s from image.")
f_sanity_global=$(gettext " Sanity Check: FAILED, appears to be a global zone (%s=%s).")
f_update=$(gettext "Could not update attaching zone")
-f_no_pref_publisher=$(gettext "Unable to get preferred publisher information for zone '%s'.")
-f_nosuch_key=$(gettext "Failed to find key %s for global zone publisher")
-f_nosuch_cert=$(gettext "Failed to find cert %s for global zone publisher")
f_ds_config=$(gettext "Failed to configure dataset %s: could not set %s.")
f_no_active_ds_mounted=$(gettext "Failed to locate any dataset mounted at %s. Attach requires a mounted dataset.")
f_nonsticky=$(gettext "Could not set legacy publisher to non-sticky")
@@ -148,129 +144,9 @@
# to store information about the global zone publishers and
# incorporations.
-typeset -A gz_publishers
typeset gz_incorporations=""
#
-# Gather the zone publisher details. $1 is the location of the image we
-# are processing and $2 is an associative array used to store publisher
-# details.
-#
-gather_zone_publisher_details() {
- STORED_IMAGE=$PKG_IMAGE
- PKG_IMAGE=$1;export PKG_IMAGE
- typeset -n publishers=$2
- typeset -li publisher_count=0
- typeset -li url_count=0
- typeset line=
- typeset name=
- typeset mirror=
- typeset origin=
- typeset opublisher=
-
- #
- # Store publisher, origin and security details. It is assumed
- # that mirrors all use the same key as the origins.
- #
- for line in $(get_publisher_urls all origin); do
- print $line | IFS="=" read name origin
- # When a publisher has multiple origins, the
- # additional origins don't contain the publisher
- # name. Correct for this by checking if origin is not
- # set by get_publisher_urls() and, if so, use the
- # "name" as the origin and set the name to the value
- # we have already saved.
- if [[ -z $origin ]]; then
- origin=$name
- name=${publisher.name}
- elif [[ "$origin" == "None" ]]; then
- # Publisher with no origins.
- origin=""
- fi
-
- # Use a compound variable to store all the data
- # relating to a publisher.
- if [[ -z ${publishers[$name]} ]]; then
- typeset -C publisher_$publisher_count
- typeset -n publisher=publisher_$publisher_count
- typeset publisher.sticky=""
- typeset publisher.preferred=""
- typeset publisher.enabled=""
- typeset -a publisher.origins
- typeset -a publisher.mirrors
- typeset publisher.name=$name
- typeset publisher.keyfile=""
- typeset publisher.certfile=""
-
- get_publisher_attrs ${publisher.name} origin | \
- IFS=" " read publisher.sticky publisher.preferred \
- publisher.enabled
- if [[ -n "$origin" ]]; then
- get_pub_secinfo ${publisher.name} | \
- read publisher.keyfile publisher.certfile
- [[ ${publisher.keyfile} != "None" && \
- ! -f ${PKG_IMAGE}/${publisher.keyfile} ]] && \
- fail_usage "$f_nosuch_key" \
- ${publisher.keyfile}
- [[ ${publisher.certfile} != "None" && \
- ! -f ${PKG_IMAGE}/${publisher.certfile} ]] && \
- fail_usage "$f_nosuch_cert" \
- ${publisher.certfile}
- else
- # Publisher has no origins.
- publisher.keyfile="None"
- publisher.certfile="None"
- fi
- publisher_count=publisher_count+1
- url_count=0
- fi
- publisher.origins[$url_count]=$origin
- publishers[$name]=${publisher}
- url_count=url_count+1
- done
-
- #
- # Store mirror details
- #
- url_count=0
- for line in $(get_publisher_urls all mirror); do
- print $line | IFS="=" read name mirror
- if [[ -z $mirror ]]; then
- mirror=$name
- name=${publisher.name}
- fi
- if [[ -z $opublisher || $opublisher != $name ]]; then
- opublisher=$name
- eval publisher="${publishers[$name]}"
- url_count=0
- fi
- publisher.mirrors[$url_count]=$mirror
- publishers[$name]=${publisher}
- url_count=url_count+1
- done
-
- PKG_IMAGE=$STORED_IMAGE;export PKG_IMAGE
-}
-
-#
-# $1 is an associative array of publishers. Search this array and
-# return the preferred publisher.
-#
-get_preferred_publisher() {
- typeset -n publishers=$1
- typeset publisher=
-
- for key in ${!publishers[*]}; do
- eval publisher="${publishers[$key]}"
- if [[ ${publisher.preferred} == "true" ]]; then
- print ${key}
- return 0
- fi
- done
- return 1
-}
-
-#
# $1 is an empty string to be populated with a list of incorporation
# fmris.
#
@@ -285,47 +161,6 @@
done
}
-#
-# Print the pkg(1) command which defines a publisher. $1 is an associative
-# array of publisher details and $2 is the publisher to be printed.
-#
-print_publisher_pkg_defn() {
- typeset -n publishers=$1
- typeset pname=$2
- typeset publisher=
- typeset args=""
- typeset origin=
- typeset mirror=
-
- eval publisher="${publishers[$pname]}"
-
- if [[ ${publisher.preferred} == "true" ]]; then
- args="$args -P"
- fi
-
- for origin in "${publisher.origins[@]}"; do
- args="$args -g $origin"
- done
-
- for mirror in "${publisher.mirrors[@]}"; do
- args="$args -m $mirror"
- done
-
- if [[ ${publisher.sticky} == "true" ]]; then
- args="$args --sticky"
- else
- args="$args --non-sticky"
- fi
-
- if [[ ${publisher.enabled} == "true" ]]; then
- args="$args --enable"
- else
- args="$args --disable"
- fi
-
- echo "$args"
-}
-
# Other brand attach options are invalid for this brand.
while getopts "a:d:nr:u" opt; do
case $opt in
@@ -376,6 +211,11 @@
exit $ZONE_SUBPROC_OK
fi
+enable_zones_services
+if [[ $? -ne 0 ]]; then
+ exit $ZONE_SUBPROC_NOTCOMPLETE
+fi
+
LOGFILE=$(/usr/bin/mktemp -t -p /var/tmp ${zone.name}.attach_log.XXXXXX)
if [[ -z "$LOGFILE" ]]; then
fatal "$e_tmpfile"
@@ -404,28 +244,6 @@
# Check that the variant is non-global, else fail
[[ $variantval = "nonglobal" ]] || fatal "$f_sanity_global" $VARIANT $variantval
-# We would like to ensure that our NGZ publishers are a superset of
-# those in the GZ. We do this by building a list of all publishers in
-# the GZ. We then process this list in the NGZ, first removing (if
-# present) and then installing all publishers in this list. Other
-# publisher, i.e. those not in the GZ list, are left as is.
-
-#
-# Gather all the publisher details for the global zone
-#
-gather_zone_publisher_details $PKG_IMAGE gz_publishers
-
-#
-# Get the preferred publisher for the global zone
-# If we were not able to get the zone's preferred publisher, complain.
-#
-gz_publisher_pref=$(get_preferred_publisher gz_publishers)
-
-if [[ $? -ne 0 ]]; then
- fail_usage "$f_no_pref_publisher" "global"
-fi
-
-vlog "Preferred global publisher: $gz_publisher_pref"
#
# Try to find the "entire" incorporation's FMRI in the gz.
@@ -486,69 +304,9 @@
fi
#
-# The NGZ publishers must be a superset of the GZ publisher. Process
-# the GZ publishers and make the NGZ publishers match them.
-# You can't remove a preferred publisher, so temporarily create
-# a preferred publisher
-RANDOM=$$
-
-ZNAME=za$RANDOM
-
-LC_ALL=C $PKG set-publisher --no-refresh -P -g http://localhost:10000 $ZNAME
-for key in ${!gz_publishers[*]}; do
- typeset newloc=""
-
- args=$(print_publisher_pkg_defn gz_publishers $key)
-
- # Copy credentials from global zone.
- safe_dir var
- safe_dir var/pkg
-
- eval publisher="${gz_publishers[$key]}"
- if [[ ${publisher.keyfile} != "None" || \
- ${publisher.certfile} != "None" ]]; then
- if [[ -e $ZONEROOT/$KEYDIR ]]; then
- safe_dir $KEYDIR
- else
- mkdir -m 755 $ZONEROOT/$KEYDIR
- fi
- fi
-
- if [[ ${publisher.keyfile} != "None" ]]; then
- relnewloc="$KEYDIR/$(basename ${publisher.keyfile})"
- newloc="$ZONEROOT/$relnewloc"
- safe_copy ${publisher.keyfile} $newloc
- chmod 644 $newloc
- chown -h root:root $newloc
- args="$args -k $relnewloc"
- fi
- if [[ ${publisher.certfile} != "None" ]]; then
- relnewloc="$KEYDIR/$(basename ${publisher.certfile})"
- newloc="$ZONEROOT/$relnewloc"
- safe_copy ${publisher.certfile} $newloc
- chmod 644 $newloc
- chown -h root:root $newloc
- args="$args -c $relnewloc"
- fi
- LC_ALL=C $PKG unset-publisher $key >/dev/null 2>&1
- LC_ALL=C $PKG set-publisher $args $key
-
-done
-
+# Set the use-system-repo property.
#
-# Now remove our temporary publisher
-#
-LC_ALL=C $PKG unset-publisher $ZNAME
-
-#
-# Make sure that the solaris publisher can update packages that first
-# came from opensolaris.org.
-#
-if [[ $allow_update == 1 ]] && \
- $PKG publisher opensolaris.org >/dev/null 2>&1; then
- LC_ALL=C $PKG set-publisher --no-refresh --non-sticky \
- opensolaris.org || pkg_err_check "$f_nonsticky"
-fi
+LC_ALL=C $PKG set-property use-system-repo true
#
# Bring the ngz entire incorporation into sync with the gz as follows:
@@ -571,7 +329,7 @@
fi
if [[ $allow_update == 0 ]]; then
- LC_ALL=C $PKG install --accept --no-refresh -n $incorp_list
+ LC_ALL=C $PKG install --accept -n $incorp_list
if [[ $? == 4 ]]; then
log "\n$m_complete"
EXIT_CODE=$ZONE_SUBPROC_OK
@@ -590,11 +348,11 @@
# same version as we have in the GZ.
#
if [[ -n $gz_entire_fmri && -z $ngz_entire_fmri ]]; then
- LC_ALL=C $PKG install --accept --no-refresh entire || \
+ LC_ALL=C $PKG install --accept entire || \
pkg_err_check "$f_update"
fi
-LC_ALL=C $PKG install --accept --no-refresh $incorp_list || \
+LC_ALL=C $PKG install --accept $incorp_list || \
pkg_err_check "$f_update"
log "\n$m_sync_done"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/brand/boot Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,40 @@
+#!/bin/ksh -p
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+. /usr/lib/brand/ipkg/common.ksh
+
+ZONENAME=$1
+ZONEPATH=$2
+
+enable_zones_services
+if [[ $? -ne 0 ]]; then
+ exit $ZONE_SUBPROC_NOTCOMPLETE
+fi
+
+/usr/lib/zones/zpadm $ZONENAME
+if [[ $? -ne 0 ]]; then
+ exit $ZONE_SUBPROC_NOTCOMPLETE
+fi
--- a/src/brand/common.ksh Wed Apr 27 16:39:43 2011 -0700
+++ b/src/brand/common.ksh Wed Apr 27 20:30:32 2011 -0700
@@ -57,6 +57,9 @@
f_cp=$(gettext "Failed to cp %s %s.")
f_cp_unsafe=$(gettext "Failed to safely copy %s to %s.")
+f_sysrepo_fail=$(gettext "Unable to enable svc:/system/pkg/sysrepo, please enable the service manually.")
+f_zones_proxyd_fail=$(gettext "Unable to enable svc:/system/zones-proxyd, please enable the service manually.")
+
m_brnd_usage=$(gettext "brand-specific usage: ")
v_unconfig=$(gettext "Performing zone sys-unconfig")
@@ -284,130 +287,6 @@
}
#
-# Emits to stdout the extended attributes for a publisher. The
-# attributes are emitted in the order "sticky preferred enabled". It
-# expects two parameters: publisher name and URL type which can be
-# ("mirror" or "origin").
-#
-get_publisher_attrs() {
- typeset pname=$1
- typeset utype=$2
-
- LC_ALL=C $PKG publisher -HF tsv| \
- nawk '($5 == "'"$utype"'" || \
- ("'"$utype"'" == "origin" && $5 == "")) \
- && $1 == "'"$pname"'" \
- {printf "%s %s %s\n", $2, $3, $4;}'
- return 0
-}
-
-#
-# Emits to stdout the extended attribute arguments for a publisher. It
-# expects two parameters: publisher name and URL type which can be
-# ("mirror" or "origin").
-#
-get_publisher_attr_args() {
- typeset args=
- typeset sticky=
- typeset preferred=
- typeset enabled=
-
- get_publisher_attrs $1 $2 |
- while IFS=" " read sticky preferred enabled; do
- if [ $sticky == "true" ]; then
- args="--sticky"
- else
- args="--non-sticky"
- fi
-
- if [ $preferred == "true" ]; then
- args="$args -P"
- fi
-
- if [ $enabled == "true" ]; then
- args="$args --enable"
- else
- args="$args --disable"
- fi
- done
- echo $args
-
- return 0
-}
-
-#
-# Emits to stdout the publisher's prefix followed by a '=', and then
-# the list of the requested URLs separated by spaces, followed by a
-# newline after each unique publisher. It expects two parameters,
-# publisher type ("all", "preferred", "non-preferred") and URL type
-# ("mirror" or "origin".)
-#
-get_publisher_urls() {
- typeset ptype=$1
- typeset utype=$2
- typeset __pub_prefix=
- typeset __publisher_urls=
- typeset ptype_filter=
-
- if [ "$ptype" == "all" ]
- then
- ptype_filter=""
- elif [ "$ptype" == "preferred" ]
- then
- ptype_filter="true"
- elif [ "$ptype" == "non-preferred" ]
- then
- ptype_filter="false"
- fi
-
- LC_ALL=C $PKG publisher -HF tsv | \
- nawk '($5 == "'"$utype"'" || \
- ("'"$utype"'" == "origin" && $5 == "")) && \
- ( "'"$ptype_filter"'" == "" || $3 == "'"$ptype_filter"'" ) \
- {printf "%s %s\n", $1, $7;}' |
- while IFS=" " read __publisher __publisher_url; do
- if [[ "$utype" == "origin" && \
- -z "$__publisher_url" ]]; then
- # Publisher without origins.
- __publisher_url="None"
- fi
-
- if [[ -n "$__pub_prefix" && \
- "$__pub_prefix" != "$__publisher" ]]; then
- # Different publisher so emit accumulation and
- # clear existing data.
- echo $__pub_prefix=$__publisher_urls
- __publisher_urls=""
- fi
- __pub_prefix=$__publisher
- __publisher_urls="$__publisher_urls$__publisher_url "
- done
-
- if [[ -n "$__pub_prefix" && -n "$__publisher_urls" ]]; then
- echo $__pub_prefix=$__publisher_urls
- fi
-
- return 0
-}
-
-#
-# Emit to stdout the key and cert associated with the publisher
-# name provided. Returns 'None' if no information is present.
-# For now we assume that the mirrors all use the same key and cert
-# as the main publisher.
-#
-get_pub_secinfo() {
- typeset key=
- typeset cert=
-
- key=$(LC_ALL=C $PKG publisher $1 |
- nawk -F': ' '/SSL Key/ {print $2; exit 0}')
- cert=$(LC_ALL=C $PKG publisher $1 |
- nawk -F': ' '/SSL Cert/ {print $2; exit 0}')
- print $key $cert
-}
-
-#
# Handle pkg exit code. Exit 0 means Command succeeded, exit 4 means
# No changes were made - nothing to do. Any other exit code is an error.
#
@@ -415,3 +294,20 @@
typeset res=$?
(( $res != 0 && $res != 4 )) && fail_fatal "$1"
}
+
+#
+# Enable the services needed to perform packaging operations inside a zone.
+#
+enable_zones_services() {
+ /usr/sbin/svcadm enable -t -s /system/pkg/sysrepo
+ if [[ $? -ne 0 ]]; then
+ error "$f_sysrepo_fail"
+ return 1
+ fi
+ /usr/sbin/svcadm enable -t -s /system/zones-proxyd
+ if [[ $? -ne 0 ]]; then
+ error "$f_zones_proxyd_fail"
+ return 1
+ fi
+ return 0
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/brand/halt Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,35 @@
+#!/bin/ksh -p
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+. /usr/lib/brand/ipkg/common.ksh
+
+ZONENAME=$1
+ZONEPATH=$2
+
+/usr/lib/zones/zpadm -R $ZONENAME
+if [[ $? -ne 0 ]]; then
+ exit $ZONE_SUBPROC_NOTCOMPLETE
+fi
--- a/src/brand/p2v Wed Apr 27 16:39:43 2011 -0700
+++ b/src/brand/p2v Wed Apr 27 20:30:32 2011 -0700
@@ -477,6 +477,8 @@
log "$v_change_var"
pkg -R $ZONEROOT change-variant variant.opensolaris.zone=nonglobal || \
fatal "$e_change_var"
+# Set the property which tells the image to use the system publisher.
+pkg -R $ZONEROOT set-property use-system-repo true
#
# Run update on attach. State is currently 'incomplete' so use the private
--- a/src/brand/pkgcreatezone Wed Apr 27 16:39:43 2011 -0700
+++ b/src/brand/pkgcreatezone Wed Apr 27 20:30:32 2011 -0700
@@ -35,34 +35,20 @@
. /usr/lib/brand/ipkg/common.ksh
-f_a_obs=$(gettext "-a publisher=uri option is obsolete, use -P instead.")
+f_a_obs=$(gettext "-a publisher=uri option is obsolete.")
f_pkg5_missing=$(gettext "pkg(5) does not seem to be present on this system.\n")
-f_no_pref_publisher=$(gettext "Unable to get global zone preferred publisher information, and none was supplied.\nYou must specify one using the -P option.")
-f_key_file=$(gettext "Key file not allowed without -P")
-f_cert_file=$(gettext "Cert file not allowed without -P")
f_img=$(gettext "failed to create image\n")
f_pkg=$(gettext "failed to install package\n")
f_interrupted=$(gettext "Installation cancelled due to interrupt.\n")
f_bad_publisher=$(gettext "Syntax error in publisher information.")
-f_no_entire_in_pref=$(gettext "Unable to locate the incorporation '%s' in the preferred publisher '%s'.\nUse -P to supply a publisher which contains this package.\n")
-f_key_prop=$(gettext "Unable to propagate key %s to %s")
-f_cert_prop=$(gettext "Unable to propagate cert %s to %s")
-f_get_secinfo=$(gettext "Failed to get key/cert information for publisher %s")
-f_nosuch_key=$(gettext "Failed to find key %s")
-f_nosuch_cert=$(gettext "Failed to find cert %s")
-m_publisher=$(gettext " Publisher: Using %s (%s).")
-m_cache=$(gettext " Cache: Using %s.")
m_image=$(gettext " Image: Preparing at %s.")
-m_incorp=$(gettext "Sanity Check: Looking for 'entire' incorporation.\n")
-m_key_prop=$(gettext " Credentials: Propagating %s\n")
-m_cert_prop=$(gettext " Credentials: Propagating %s\n")
m_core=$(gettext " Installing: Packages (output follows)\n")
m_smf=$(gettext " Postinstall: Copying SMF seed repository ...")
m_more_brokenness=$(gettext " Postinstall: Applying workarounds.")
m_mannote=$(gettext " Note: Man pages can be obtained by installing pkg:/system/manual")
-m_usage=$(gettext "\n install [-h]\n install [-c certificate_file] [-k key_file] [-P publisher=uri]\n [-e extrapkg [...]]\n install {-a archive|-d path} {-p|-u} [-s|-v]")
+m_usage=$(gettext "\n install [-h]\n install\n [-e extrapkg [...]]\n install {-a archive|-d path} {-p|-u} [-s|-v]")
m_done=$(gettext " done.")
@@ -77,30 +63,26 @@
extra_packages=""
ZONENAME=""
ZONEPATH=""
-pub_and_origins=""
-pub_and_mirrors=""
# Setup i18n output
TEXTDOMAIN="SUNW_OST_OSCMD"
export TEXTDOMAIN
-KEYDIR=/var/pkg/ssl
PKG=/usr/bin/pkg
+export PKG
#
# Just in case. This should probably be removed later.
#
[[ ! -x $PKG ]] && fail_incomplete "$f_pkg5_missing"
-certfile="None"
-keyfile="None"
unset install_archive
unset source_dir
unset msg
unset silent_mode
unset verbose_mode
-while getopts "a:c:d:e:hk:P:pR:suvz:" opt; do
+while getopts "a:d:e:hpR:suvz:" opt; do
case $opt in
a) # We're expecting a path to an archive
if [[ ! -f $OPTARG ]]; then
@@ -111,12 +93,9 @@
fi
fi
install_archive="-a $OPTARG";;
- c) certfile="$OPTARG" ;;
d) source_dir="-d $OPTARG";;
e) extra_packages="$extra_packages $OPTARG" ;;
h) fail_usage "";;
- k) keyfile="$OPTARG" ;;
- P) pub_and_origins="$OPTARG" ;;
p) preserve_zone="-p";;
R) ZONEPATH="$OPTARG" ;;
s) silent_mode=1;;
@@ -139,8 +118,6 @@
is_brand_labeled
brand_labeled=$?
-secinfo=""
-
# An image install can't use both -a AND -d...
[[ -n "$install_archive" && -n "$source_dir" ]] &&
fail_usage "$f_incompat_options" "-a" "-d"
@@ -155,14 +132,8 @@
# IPS options aren't allowed when installing from a system image.
if [[ -n "$install_archive" || -n "$source_dir" ]]; then
- [[ -n $pub_and_origins ]] && fail_usage "$f_incompat_options" \
- "-a|-d" "-P"
[[ -n "$extra_packages" ]] && \
fail_usage "$f_incompat_options" "-a|-d" "-e"
- [[ "$certfile" != "None" ]] && \
- fail_usage "$f_incompat_options" "-a|-d" "-c"
- [[ "$keyfile" != "None" ]] && \
- fail_usage "$f_incompat_options" "-a|-d" "-k"
fi
# p2v options aren't allowed when installing from a repo.
@@ -172,113 +143,6 @@
fi
#
-# If the user didn't give us a publisher, and there's a preferred publisher set
-# for the system, set that as the default.
-#
-propagate_secinfo=
-propagate_extra=
-if [[ -z $pub_and_origins ]]; then
- if [[ $keyfile != "None" ]]; then
- fail_usage "$f_key_file"
- fi
- if [[ $certfile != "None" ]]; then
- fail_usage "$f_cert_file"
- fi
-
- # Look for a preferred online origin.
- tpub_and_origins=$(get_publisher_urls preferred origin)
- [[ $? -eq 0 && -n $tpub_and_origins ]] && \
- pub_and_origins="$tpub_and_origins"
-
- # Get preferred mirror information as well if the above succeeded.
- if [[ -n "$tpub_and_origins" ]]; then
- tpub_and_mirrors=$(get_publisher_urls preferred mirror)
- [[ $? -eq 0 && -n $tpub_and_mirrors ]] && \
- pub_and_mirrors="$tpub_and_mirrors"
- fi
-
- # Note that later we need to propagate key & cert.
- propagate_secinfo=1
-
- #
- # since the user didn't specify a publisher, propagate all the
- # publishers that don't have a key.
- #
- propagate_extra=1
-fi
-[[ -z $pub_and_origins ]] && fail_usage "$f_no_pref_publisher"
-
-# find the remaining publishers in the global zone
-publishers_extra_origins=""
-publishers_extra_mirrors=""
-
-if [[ -n $propagate_extra ]]; then
-
- # If cert and key information are ever allowed at the origin or
- # mirror level, then this will have to be changed.
- get_publisher_urls non-preferred origin | \
- while IFS="=" read pub pub_urls; do
- if [[ "$pub_urls" != "None" ]]; then
- # skip extra publishers that need a key/cert
- [[ "`get_pub_secinfo $pub`" != "None None" ]] && \
- continue
- else
- pub_urls=""
- fi
-
- if [[ -z "$publishers_extra_origins" ]]; then
- publishers_extra_origins="$pub=$pub_urls"
- else
- publishers_extra_origins=$(printf "%s\n%s" \
- "$publishers_extra_origins" \
- "$pub=$pub_urls")
- fi
- done
-
- get_publisher_urls non-preferred mirror | \
- while IFS="=" read pub pub_urls; do
- # skip extra publishers that need a key/cert
- [[ "`get_pub_secinfo $pub`" != "None None" ]] && \
- continue
-
- if [[ -z "$publishers_extra_mirrors" ]]; then
- publishers_extra_mirrors="$pub=$pub_urls"
- else
- publishers_extra_mirrors=$(printf "%s\n%s" \
- "$publishers_extra_mirrors" \
- "$pub=$pub_urls")
- fi
- done
-fi
-
-#
-# Crack pub=url into two pieces.
-#
-echo $pub_and_origins | IFS="=" read publisher pub_origins
-if [[ -z $publisher || -z $pub_origins ]]; then
- fail_usage "$f_bad_publisher"
-fi
-echo $pub_and_mirrors | IFS="=" read ignored pub_mirrors
-
-if [[ -n $propagate_secinfo ]]; then
- #
- # Get the global zone's cert and key (if any) so that we can propagate
- # them into the new image.
- #
- get_pub_secinfo $publisher | read keyfile certfile
- if [[ $? -ne 0 ]]; then
- fail_usage "$f_get_secinfo" $publisher
- fi
-fi
-#
-# Do some sanity checks on key and cert.
-#
-[[ $keyfile != "None" && ! -f $keyfile ]] && \
- fail_usage "$f_nosuch_key" $keyfile
-[[ $certfile != "None" && ! -f $certfile ]] && \
- fail_usage "$f_nosuch_cert" $certfile
-
-#
# Look for the 'entire' incorporation's FMRI in the current image; due to users
# doing weird machinations with their publishers, we strip off the publisher
# from the FMRI if it is present.
@@ -309,182 +173,26 @@
exit $ZONE_SUBPROC_OK
fi
-# Display preferred publisher origin and mirror information.
-printf "$m_publisher\n" $publisher "$pub_origins $pub_mirrors"
-
-# Display extra publisher origin and mirror information. This does mean that
-# the extras have to be displayed twice to show mirror information.
-if [[ -n "$publishers_extra_origins" ]]; then
- echo "$publishers_extra_origins" | while IFS="=" read pub pub_urls; do
- printf "$m_publisher\n" $pub "$pub_urls"
- done
- if [[ -n "$publishers_extra_mirrors" ]]; then
- echo "$publishers_extra_mirrors" | while IFS="=" read pub pub_urls; do
- printf "$m_publisher\n" $pub "$pub_urls"
- done
- fi
-fi
-
printf "$m_image\n" $ZONEROOT
-#
-# We copy the credentials from the global zone into the new image
-# we're about to create.
-#
-if [[ $keyfile != "None" ]]; then
- newkeylocation="$KEYDIR/$(basename $keyfile)"
- secinfo="$secinfo -k $newkeylocation"
- printf "$m_key_prop\n" $(basename $keyfile)
- mkdir -p -m 755 $ZONEROOT/$KEYDIR || fail_fatal "$f_key_prop"
- cp $keyfile $ZONEROOT/$newkeylocation || fail_fatal "$f_key_prop"
- chmod 644 $ZONEROOT/$newkeylocation
- chown -h root:root $ZONEROOT/$newkeylocation
-fi
-if [[ $certfile != "None" ]]; then
- newcertlocation="$KEYDIR/$(basename $certfile)"
- secinfo="$secinfo -c $newcertlocation"
- printf "$m_cert_prop\n" $(basename $certfile)
- mkdir -p -m 755 $ZONEROOT/$KEYDIR || fail_fatal "$f_cert_prop"
- cp $certfile $ZONEROOT/$newcertlocation || fail_fatal "$f_cert_prop"
- chmod 644 $ZONEROOT/$newcertlocation
- chown -h root:root $ZONEROOT/$newcertlocation
+enable_zones_services
+if [[ $? -ne 0 ]]; then
+ exit $ZONE_SUBPROC_NOTCOMPLETE
fi
#
-# Regrettably, since we already copied the key information into place,
-# we must pass the -f (force) option to image-create, since it thinks that
-# something must be wrong, as the image exists.
+# The image is created.
#
-pub_first_origin=""
-pub_add_origins=""
-for origin in $pub_origins; do
- if [[ -z "$pub_first_origin" ]]; then
- # The first origin is semi-special in that the publisher
- # argument to image-create requires it to be specified
- # by itself and then any additional origins after that.
- # Technically, image-create doesn't care if you specify
- # the first one again using -g, but there's no point in
- # doing so.
- pub_first_origin=$origin
- continue
- fi
- pub_add_origins="${pub_add_origins}-g $origin "
-done
-
-pub_add_mirrors=""
-for mirror in $pub_mirrors; do
- pub_add_mirrors="${pub_add_mirrors}-m $mirror "
-done
-
-#
-# The image is created with --no-refresh so that all of the publisher
-# configuration can be put into place first before attempting to retrieve
-# and build catalog information. This substantially reduces the amount of
-# time needed to create a zone.
-#
-LC_ALL=C $PKG image-create -f --no-refresh --zone --full \
- -p $publisher=$pub_first_origin $pub_add_origins $pub_add_mirrors $secinfo \
+LC_ALL=C $PKG image-create --zone --full \
+ --set-property use-system-repo=true \
$ZONEROOT || fail_incomplete "$f_img"
-# Retrieve publisher attributes and update our new publisher
-attrs=$(get_publisher_attr_args $publisher "origin")
-
# Change the value of PKG_IMAGE so that future PKG operation will work
# on the newly created zone rather than the global zone
PKG_IMAGE="$ZONEROOT"
export PKG_IMAGE
-# --no-refresh is used here so that update operations can be
-# coalesced.
-# Update our new publisher
-LC_ALL=C $PKG set-publisher --no-refresh $attrs $publisher \
- || fail_incomplete "$f_img"
-
-# add extra publishers
-# If cert and key information are ever allowed at the origin or
-# mirror level, then this will have to be changed.
-if [[ -n "$publishers_extra_origins" ]]; then
- echo "$publishers_extra_origins" | while IFS="=" read pub pub_urls; do
- pub_prefix=$pub
- pub_add_origins=""
- for origin in $pub_urls; do
- pub_add_origins="${pub_add_origins}-g $origin "
- done
-
- # Retrieve publisher attributes. Since we are retrieving
- # these attributes from the GLOBAL zone, we must reset
- # PKG_IMAGE temporarily
- SAVE_PKG_IMAGE=$PKG_IMAGE
- PKG_IMAGE=$GZ_IMAGE
- export PKG_IMAGE
- attrs=$(get_publisher_attr_args $pub_prefix "origin")
- # Now restore the save PKG_IMAGE value
- PKG_IMAGE=$SAVE_PKG_IMAGE
- export PKG_IMAGE
- # --no-refresh is used here so that update operations can be
- # coalesced.
- LC_ALL=C $PKG set-publisher --no-refresh $attrs \
- ${pub_add_origins}${pub_prefix} || fail_incomplete "$f_img"
- done
-
- if [[ -n "$publishers_extra_mirrors" ]]; then
- echo "$publishers_extra_mirrors" | \
- while IFS="=" read pub pub_urls; do
- pub_prefix=$pub
- pub_add_mirrors=""
- for mirror in $pub_urls; do
- pub_add_mirrors="${pub_add_mirrors}-m $mirror "
- done
-
- # Retrieve publisher attributes. Since we are retrieving
- # these attributes from the GLOBAL zone, we must reset
- # PKG_IMAGE temporarily
- SAVE_PKG_IMAGE=$PKG_IMAGE
- PKG_IMAGE=$GZ_IMAGE
- export PKG_IMAGE
- attrs=$(get_publisher_attr_args $pub_prefix "mirror")
- PKG_IMAGE=$SAVE_PKG_IMAGE
- export PKG_IMAGE
- # --no-refresh is used here so that update operations
- # can be coalesced.
- LC_ALL=C $PKG set-publisher --no-refresh $attrs \
- ${pub_add_mirrors}${pub_prefix} || \
- fail_incomplete "$f_img"
- done
- fi
-fi
-
-# Now that all of the publisher configurations are in place, attempt a refresh.
-# If this fails, assume the image is incomplete.
-LC_ALL=C $PKG refresh || fail_incomplete "$f_img"
-
-if [[ -f /var/pkg/pkg5.image && -d /var/pkg/publisher ]]; then
- PKG_CACHEROOT=/var/pkg/publisher
- export PKG_CACHEROOT
- printf "$m_cache\n" $PKG_CACHEROOT
-fi
-
-#
-# If we found an "entire" incorporation in the current image, then
-# check to see if the user's choice of preferred publisher contains the
-# version of the 'entire' incorporation needed. This helps us to prevent
-# mishaps in the event the user selected some weirdo publisher as their
-# preferred one, or passed a preferred pub on the command line which doesn't
-# have a suitable 'entire' in it.
-#
-# n.b. it would be nice to do this before we provision the zfs dataset, etc.
-# but since the publisher specified by the user might not be known to
-# the system, we can't do this test without first configuring the image.
-#
-if [[ -n $entire_fmri ]]; then
- printf "$m_incorp\n"
- LC_ALL=C $PKG list -af pkg://$publisher/$entire_fmri > /dev/null 2>&1
- if [[ $? -ne 0 ]]; then
- fail_fatal "$f_no_entire_in_pref" $entire_fmri $publisher
- fi
-fi
-
printf "$m_core\n"
pkglist=""
if [[ -n $entire_fmri ]]; then
@@ -502,7 +210,9 @@
pkg:///compress/gzip
pkg:///compress/zip
pkg:///compress/unzip
- pkg:///package/pkg"
+ pkg:///package/pkg
+ pkg:///package/sysrepo
+ pkg:///package/sysrepo-K"
#
# Get some diagnostic tools, truss, dtrace, etc.
--- a/src/client.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/client.py Wed Apr 27 20:30:32 2011 -0700
@@ -86,7 +86,7 @@
import sys
sys.exit(1)
-CLIENT_API_VERSION = 56
+CLIENT_API_VERSION = 57
PKG_CLIENT_NAME = "pkg"
JUST_UNKNOWN = 0
@@ -232,6 +232,7 @@
" [--reset-uuid] [--non-sticky] [--sticky]\n"
" [--search-after=publisher]\n"
" [--search-before=publisher]\n"
+ " [--search-first=publisher]\n"
" [--approve-ca-cert=path_to_CA]\n"
" [--revoke-ca-cert=hash_of_CA_to_revoke]\n"
" [--unset-ca-cert=hash_of_CA_to_unset]\n"
@@ -449,7 +450,9 @@
# Now get the matching list of packages and display it.
found = False
- ppub = api_inst.get_preferred_publisher().prefix
+ ppub = api_inst.get_highest_ranked_publisher()
+ if ppub:
+ ppub = ppub.prefix
try:
res = api_inst.get_pkg_list(pkg_list, patterns=pargs,
raise_unmatched=True, repos=origins, variants=variants)
@@ -2932,7 +2935,6 @@
cmd_name = "set-publisher"
- preferred = False
ssl_key = None
ssl_cert = None
origin_uri = None
@@ -2946,6 +2948,7 @@
sticky = None
search_before = None
search_after = None
+ search_first = False
repo_uri = None
approved_ca_certs = []
@@ -2959,9 +2962,10 @@
opts, pargs = getopt.getopt(args, "Pedk:c:O:G:g:M:m:p:",
["add-mirror=", "remove-mirror=", "add-origin=", "remove-origin=",
"no-refresh", "reset-uuid", "enable", "disable", "sticky",
- "non-sticky", "search-before=", "search-after=", "approve-ca-cert=",
- "revoke-ca-cert=", "unset-ca-cert=", "set-property=",
- "add-property-value=", "remove-property-value=", "unset-property="])
+ "non-sticky", "search-after=", "search-before=", "search-first",
+ "approve-ca-cert=", "revoke-ca-cert=", "unset-ca-cert=",
+ "set-property=", "add-property-value=", "remove-property-value=",
+ "unset-property="])
for opt, arg in opts:
if opt == "-c":
@@ -2996,8 +3000,8 @@
cwd=orig_cwd))
elif opt == "-p":
repo_uri = misc.parse_uri(arg, cwd=orig_cwd)
- elif opt == "-P":
- preferred = True
+ elif opt in ("-P", "--search-first"):
+ search_first = True
elif opt == "--reset-uuid":
reset_uuid = True
elif opt == "--no-refresh":
@@ -3055,17 +3059,14 @@
elif pargs:
name = pargs[0]
- if preferred and disable:
- usage(_("the -P and -d options may not be combined"),
- cmd="set-publisher")
-
if origin_uri and (add_origins or remove_origins):
usage(_("the -O and -g, --add-origin, -G, or --remove-origin "
"options may not be combined"), cmd="set-publisher")
- if search_before and search_after:
- usage(_("--search-before and --search-after may not be "
- "combined"), cmd="set-publisher")
+ if (search_before and search_after) or \
+ (search_before and search_first) or (search_after and search_first):
+ usage(_("search-before, search-after, and search-first (-P) "
+ "may not be combined"), cmd="set-publisher")
if repo_uri and (add_origins or add_mirrors or remove_origins or
remove_mirrors or disable != None or not refresh_allowed or
@@ -3087,8 +3088,8 @@
remove_mirrors=remove_mirrors, add_origins=add_origins,
remove_origins=remove_origins, ssl_cert=ssl_cert,
ssl_key=ssl_key, search_before=search_before,
- search_after=search_after, reset_uuid=reset_uuid,
- refresh_allowed=refresh_allowed, preferred=preferred,
+ search_after=search_after, search_first=search_first,
+ reset_uuid=reset_uuid, refresh_allowed=refresh_allowed,
set_props=set_props, add_prop_values=add_prop_values,
remove_prop_values=remove_prop_values,
unset_props=unset_props, approved_cas=approved_ca_certs,
@@ -3150,14 +3151,13 @@
updated = []
failed = []
- last_pub = None
- for src_pub in pubs:
+ for src_pub in sorted(pubs):
prefix = src_pub.prefix
if name and prefix != name:
# User didn't request this one.
continue
- src_repo = src_pub.selected_repository
+ src_repo = src_pub.repository
if not api_inst.has_publisher(prefix=prefix):
add_origins = []
if not src_repo or not src_repo.origins:
@@ -3167,12 +3167,14 @@
# that the origin for the new publisher
# matches the URI provided.
add_origins.append(repo_uri)
+
rval, rmsg = _set_pub_error_wrap(_add_update_pub, name,
[], api_inst, prefix, pub=src_pub,
add_origins=add_origins, ssl_cert=ssl_cert,
ssl_key=ssl_key, sticky=sticky,
search_after=search_after,
search_before=search_before,
+ search_first=search_first,
set_props=set_props,
add_prop_values=add_prop_values,
remove_prop_values=remove_prop_values,
@@ -3180,14 +3182,11 @@
if rval == EXIT_OK:
added.append(prefix)
- if preferred:
- if not last_pub:
- api_inst.set_preferred_publisher(
- prefix=prefix)
- else:
- api_inst.set_pub_search_after(prefix,
- last_pub)
- last_pub = prefix
+ # When multiple publishers result from a single -p
+ # operation, this ensures that the new publishers are
+ # ordered correctly.
+ search_first = False
+ search_after = prefix
else:
# The update case is special and requires some
# finesse. In particular, the update should
@@ -3198,7 +3197,7 @@
# publishers.
dest_pub = api_inst.get_publisher(prefix=prefix,
duplicate=True)
- dest_repo = dest_pub.selected_repository
+ dest_repo = dest_pub.repository
if dest_repo.origins and \
not dest_repo.has_origin(repo_uri):
@@ -3304,8 +3303,8 @@
def _add_update_pub(api_inst, prefix, pub=None, disable=None, sticky=None,
origin_uri=None, add_mirrors=EmptyI, remove_mirrors=EmptyI,
add_origins=EmptyI, remove_origins=EmptyI, ssl_cert=None, ssl_key=None,
- search_before=None, search_after=None,
- reset_uuid=None, refresh_allowed=False, preferred=False,
+ search_before=None, search_after=None, search_first=False,
+ reset_uuid=None, refresh_allowed=False,
set_props=EmptyI, add_prop_values=EmptyI,
remove_prop_values=EmptyI, unset_props=EmptyI, approved_cas=EmptyI,
revoked_cas=EmptyI, unset_cas=EmptyI):
@@ -3318,7 +3317,7 @@
alias=prefix, duplicate=True)
if reset_uuid:
pub.reset_client_uuid()
- repo = pub.selected_repository
+ repo = pub.repository
except api_errors.UnknownPublisher, e:
if not origin_uri and not add_origins and \
(remove_origins or remove_mirrors or
@@ -3327,19 +3326,19 @@
# No pre-existing, so create a new one.
repo = publisher.Repository()
- pub = publisher.Publisher(prefix, repositories=[repo])
+ pub = publisher.Publisher(prefix, repository=repo)
new_pub = True
elif not api_inst.has_publisher(prefix=pub.prefix):
new_pub = True
if not repo:
- repo = pub.selected_repository
+ repo = pub.repository
if not repo:
# Could be a new publisher from auto-configuration
# case where no origin was provided in repository
# configuration.
repo = publisher.Repository()
- pub.add_repository(repo)
+ pub.repository = repo
if disable is not None:
# Set disabled property only if provided.
@@ -3428,7 +3427,9 @@
if new_pub:
api_inst.add_publisher(pub,
refresh_allowed=refresh_allowed, approved_cas=approved_cas,
- revoked_cas=revoked_cas, unset_cas=unset_cas)
+ revoked_cas=revoked_cas, unset_cas=unset_cas,
+ search_after=search_after, search_before=search_before,
+ search_first=search_first)
else:
for ca in approved_cas:
try:
@@ -3453,16 +3454,8 @@
pub.unset_ca_cert(hsh)
api_inst.update_publisher(pub,
- refresh_allowed=refresh_allowed)
-
- if preferred:
- api_inst.set_preferred_publisher(prefix=pub.prefix)
-
- if search_before:
- api_inst.set_pub_search_before(pub.prefix, search_before)
-
- if search_after:
- api_inst.set_pub_search_after(pub.prefix, search_after)
+ refresh_allowed=refresh_allowed, search_after=search_after,
+ search_before=search_before, search_first=search_first)
return EXIT_OK, None
@@ -3481,7 +3474,8 @@
format_update_error(e)
return EXIT_OOPS
except (api_errors.PermissionsException,
- api_errors.PublisherError), e:
+ api_errors.PublisherError,
+ api_errors.ModifyingSyspubException), e:
errors.append((name, e))
retcode = EXIT_OK
@@ -3520,12 +3514,12 @@
"status" : [("default", "tsv"), _("STATUS"), ""],
"uri" : [("default", "tsv"), _("URI"), ""],
"sticky" : [("tsv"), _("STICKY"), ""],
- "preferred" : [("tsv"), _("PREFERRED"), ""],
- "enabled" : [("tsv"), _("ENABLED"), ""]
+ "enabled" : [("tsv"), _("ENABLED"), ""],
+ "syspub" : [("tsv"), _("SYSPUB"), ""]
}
desired_field_order = (_("PUBLISHER"), "", _("STICKY"),
- _("PREFERRED"), _("ENABLED"), _("TYPE"),
+ _("SYSPUB"), _("ENABLED"), _("TYPE"),
_("STATUS"), _("URI"))
# Custom sort function for preserving field ordering
@@ -3609,7 +3603,7 @@
retcode = EXIT_OK
if len(pargs) == 0:
- pref_pub = api_inst.get_preferred_publisher()
+ pref_pub = api_inst.get_highest_ranked_publisher()
if preferred_only:
pubs = [pref_pub]
else:
@@ -3617,16 +3611,6 @@
p for p in api_inst.get_publishers()
if inc_disabled or not p.disabled
]
-
- # if more than one, list in publisher search order
- if len(pubs) > 1:
- so = api_inst.get_pub_search_order()
- pub_dict = dict([(p.prefix, p) for p in pubs])
- pubs = [
- pub_dict[name]
- for name in so
- if name in pub_dict
- ]
# Create a formatting string for the default output
# format
if format == "default":
@@ -3664,10 +3648,10 @@
else:
pstatus_list = []
- if not preferred_only and p == pref_pub:
- pstatus_list.append(_("preferred"))
if p.disabled:
pstatus_list.append(_("disabled"))
+ if p.sys_pub:
+ pstatus_list.append(_("syspub"))
if pstatus_list:
pstatus = "(%s)" % \
", ".join(pstatus_list)
@@ -3677,23 +3661,22 @@
set_value(field_data["sticky"], _("true"))
else:
set_value(field_data["sticky"], _("false"))
- if p == pref_pub:
- set_value(field_data["preferred"], _("true"))
- else:
- set_value(field_data["preferred"], _("false"))
if not p.disabled:
set_value(field_data["enabled"], _("true"))
else:
set_value(field_data["enabled"], _("false"))
-
+ if p.sys_pub:
+ set_value(field_data["syspub"], _("true"))
+ else:
+ set_value(field_data["syspub"], _("false"))
# Only show the selected repository's information in
# summary view.
- r = p.selected_repository
+ r = p.repository
# Update field_data for each origin and output
# a publisher record in our desired format.
- for uri in r.origins:
+ for uri in sorted(r.origins):
# XXX get the real origin status
set_value(field_data["type"], _("origin"))
set_value(field_data["status"], _("online"))
@@ -3703,7 +3686,6 @@
field_data.values()), sort_fields)
)
msg(fmt % tuple(values))
-
# Update field_data for each mirror and output
# a publisher record in our desired format.
for uri in r.mirrors:
@@ -3788,13 +3770,12 @@
msg(_(" Publisher:"), pub.prefix)
msg(_(" Alias:"), pub.alias)
- for r in pub.repositories:
- rval = display_repository(r)
- if rval != 0:
- # There was an error in displaying some
- # of the information about a repository.
- # However, continue on.
- retcode = rval
+ rval = display_repository(pub.repository)
+ if rval != 0:
+ # There was an error in displaying some
+ # of the information about a repository.
+ # However, continue on.
+ retcode = rval
msg(_(" Client UUID:"), pub.client_uuid)
msg(_(" Catalog Updated:"), dt)
@@ -3816,11 +3797,6 @@
except ValueError:
usage(_("requires a property name and value"), cmd=subcommand)
- if propname == "preferred-publisher":
- error(_("set-publisher must be used to change the preferred "
- "publisher"), cmd=subcommand)
- return EXIT_OOPS
-
# XXX image property management should be in pkg.client.api
try:
img.add_property_value(propname, propvalue)
@@ -3843,11 +3819,6 @@
except ValueError:
usage(_("requires a property name and value"), cmd=subcommand)
- if propname == "preferred-publisher":
- error(_("set-publisher must be used to change the preferred "
- "publisher"), cmd=subcommand)
- return EXIT_OOPS
-
# XXX image property management should be in pkg.client.api
try:
img.remove_property_value(propname, propvalue)
@@ -3882,11 +3853,6 @@
# configuration classes can re-raise the appropriate error.
propvalues = propvalues[0]
- if propname == "preferred-publisher":
- error(_("set-publisher must be used to change the preferred "
- "publisher"), cmd=subcommand)
- return EXIT_OOPS
-
props = { propname: propvalues }
if propname == "signature-policy":
policy = propvalues[0]
@@ -3925,11 +3891,6 @@
# XXX image property management should be in pkg.client.api
for p in pargs:
- if p == "preferred-publisher":
- error(_("set-publisher must be used to change the "
- "preferred publisher"), cmd=subcommand)
- return EXIT_OOPS
-
try:
img.delete_property(p)
except api_errors.ImageFormatUpdateNeeded, e:
@@ -4145,10 +4106,7 @@
cmd=cmd_name)
image_dir = pargs[0]
- if not pub_name and not pub_url:
- usage(_("publisher argument must be of the form "
- "'<prefix>=<uri> or '<uri>''."), cmd=cmd_name)
- elif not pub_name and not refresh_allowed:
+ if not pub_name and not refresh_allowed:
usage(_("--no-refresh cannot be used with -p unless a "
"publisher prefix is provided."), cmd=cmd_name)
--- a/src/gui/modules/misc.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/gui/modules/misc.py Wed Apr 27 20:30:32 2011 -0700
@@ -86,7 +86,7 @@
publisher_str = ""
fmt = "\n%s\t%s\t%s (%s)"
try:
- pref_pub = api_o.get_preferred_publisher()
+ pref_pub = api_o.get_highest_ranked_publisher()
for pub in api_o.get_publishers():
pstatus = " "
if pub == pref_pub:
@@ -98,7 +98,7 @@
else:
# Enabled, but not preferred
pstatus = "E"
- r = pub.selected_repository
+ r = pub.repository
for uri in r.origins:
# Origin
publisher_str += fmt % \
--- a/src/gui/modules/misc_non_gui.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/gui/modules/misc_non_gui.py Wed Apr 27 20:30:32 2011 -0700
@@ -40,7 +40,7 @@
# The current version of the Client API the PM, UM and
# WebInstall GUIs have been tested against and are known to work with.
-CLIENT_API_VERSION = 56
+CLIENT_API_VERSION = 57
LOG_DIR = "/var/tmp"
LOG_ERROR_EXT = "_error.log"
LOG_INFO_EXT = "_info.log"
--- a/src/gui/modules/repository.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/gui/modules/repository.py Wed Apr 27 20:30:32 2011 -0700
@@ -667,7 +667,7 @@
if not self.repository_modify_publisher:
return False
pub = self.repository_modify_publisher
- selected_repo = pub.selected_repository
+ selected_repo = pub.repository
prefix = ""
ssl_cert = ""
ssl_key = ""
@@ -740,7 +740,7 @@
def __add_mirror(self, new_mirror):
pub = self.repository_modify_publisher
- repo = pub.selected_repository
+ repo = pub.repository
try:
repo.add_mirror(new_mirror)
self.w_addmirror_entry.set_text("")
@@ -754,7 +754,7 @@
if itr and model:
remove_mirror = model.get_value(itr, 0)
pub = self.repository_modify_publisher
- repo = pub.selected_repository
+ repo = pub.repository
try:
repo.remove_mirror(remove_mirror)
except api_errors.ApiException, e:
@@ -763,7 +763,7 @@
def __add_origin(self, new_origin):
pub = self.repository_modify_publisher
- repo = pub.selected_repository
+ repo = pub.repository
try:
repo.add_origin(new_origin)
self.w_addorigin_entry.set_text("")
@@ -777,7 +777,7 @@
if itr and model:
remove_origin = model.get_value(itr, 0)
pub = self.repository_modify_publisher
- repo = pub.selected_repository
+ repo = pub.repository
try:
repo.remove_origin(remove_origin)
except api_errors.ApiException, e:
@@ -897,7 +897,7 @@
return
name = alias
else:
- repo = pub.selected_repository
+ repo = pub.repository
new_pub = True
name = pub.prefix
errors_ssl = self.__update_ssl_creds(pub, repo, ssl_cert, ssl_key)
@@ -980,7 +980,7 @@
def __afteradd_confirmation(self, pub):
self.new_pub = pub
- repo = pub.selected_repository
+ repo = pub.repository
origin = repo.origins[0]
# Descriptions not available at the moment
self.w_add_publisher_c_desc.hide()
@@ -1161,12 +1161,16 @@
image_lock_err = False
for row in self.priority_changes:
try:
+ pub1 = self.api_o.get_publisher(row[1],
+ duplicate=True)
+ pub2 = self.api_o.get_publisher(row[2],
+ duplicate=True)
if row[0] == enumerations.PUBLISHER_MOVE_BEFORE:
- self.api_o.set_pub_search_before(row[1],
- row[2])
+ self.api_o.update_publisher(pub1,
+ search_before=pub2.prefix)
else:
- self.api_o.set_pub_search_after(row[1],
- row[2])
+ self.api_o.update_publisher(pub1,
+ search_after=pub2.prefix)
self.no_changes += 1
self.__g_update_details_text(
_("Changing priority for publisher %s\n")
@@ -1234,7 +1238,7 @@
ssl_key = self.w_repositorymodify_key_entry.get_text()
ssl_cert = self.w_repositorymodify_cert_entry.get_text()
pub = self.repository_modify_publisher
- repo = pub.selected_repository
+ repo = pub.repository
pub.alias = alias
errors += self.__update_ssl_creds(pub, repo, ssl_cert, ssl_key)
try:
@@ -1662,7 +1666,7 @@
details_buffer = details_view.get_buffer()
details_buffer.set_text("")
uri_s_itr = details_buffer.get_start_iter()
- repo = pub.selected_repository
+ repo = pub.repository
num = len(repo.origins)
origin_txt = ngettext("Origin:\n", "Origins:\n", num)
details_buffer.insert_with_tags_by_name(uri_s_itr,
@@ -1931,7 +1935,7 @@
if pub == None:
return
self.repository_modify_publisher = pub
- repo = pub.selected_repository
+ repo = pub.repository
origin_uri = ""
if repo != None and repo.origins != None and len(repo.origins) > 0:
origin_uri = repo.origins[0].uri
--- a/src/gui/modules/webinstall.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/gui/modules/webinstall.py Wed Apr 27 20:30:32 2011 -0700
@@ -164,7 +164,7 @@
continue
infobuffer.insert_with_tags_by_name(textiter,
_("\t%s ") % pub_info.prefix, "bold")
- repo = pub_info.selected_repository
+ repo = pub_info.repository
if repo != None and repo.origins != None and \
len(repo.origins) > 0:
infobuffer.insert(textiter,
@@ -274,7 +274,7 @@
if not pub_info:
continue
- repo = pub_info.repositories
+ repo = pub_info.repository
pub_registered = self.__is_publisher_registered(pub_info.prefix)
if pub_registered and packages != None and len(packages) > 0 and \
@@ -282,9 +282,10 @@
self.disabled_pubs[pub_info.prefix] = True
if not pub_registered:
- if len(repo) > 0 and repo[0].origins != None and \
- len(repo[0].origins) > 0 and \
- repo[0].origins[0].scheme == "https":
+ if repo and repo.origins and \
+ repo.origins[0] != None and \
+ repo.origins[0].scheme in \
+ pkg.client.publisher.SSL_SCHEMES:
#TBD: check for registration uri as well as scheme
# repo.registration_uri.uri != None:
pub_new_reg_ssl_tasks.append(pub_info)
@@ -404,12 +405,12 @@
pub = self.pub_new_tasks[0]
if debug:
print("Add New Publisher:\n\tName: %s" % pub.prefix)
- repo = pub.selected_repository
+ repo = pub.repository
if repo != None and repo.origins != None and \
len(repo.origins) > 0:
print("\tURL: %s" % repo.origins[0].uri)
- repo = pub.selected_repository
+ repo = pub.repository
if repo and len(repo.origins) > 0 and self.repo_gui:
self.repo_gui.webinstall_new_pub(self.w_webinstall_dialog, pub)
else:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/man/pkg.sysrepo.1m.txt Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,135 @@
+System Administration Commands pkg.sysrepo(1M)
+
+
+NAME
+ pkg.sysrepo - image packaging system system repository con-
+ figuration
+
+SYNOPSIS
+ pkg.sysrepo -p <port> [ -c cache_dir] [-s cache_size]
+
+DESCRIPTION
+ pkg.sysrepo(1M) is used to generate the configuration files
+ for the IPS System Repository. This command is called by
+ the svc:/system/pkg/sysrepo SMF service. Changes in confi-
+ guration should be made to the properties in the SMF ser-
+ vice.
+
+ The system repository is responsible for providing access to
+ the package repositories configured in a reference image
+ through a centralized proxy. Publisher configuration
+ changes made to that reference image will be seen immedi-
+ ately by any clients configured to use the system reposi-
+ tory.
+
+ The system repository is primarily used in the global zone
+ to allow non-global zones to access the repositories config-
+ ured in the global zone. The SMF services
+ svc:/system/zones-proxyd and svc:/system/zones-proxy-client
+ are also involved in providing this support.
+
+ Note that only http, https and v4 file repositories are sup-
+ ported: p5p-based file repositories or older file-repository
+ formats are not supported. See pkgrepo(1) for more informa-
+ tion about repository versions.
+
+OPTIONS
+ The following options are supported:
+
+
+ -c cache_dir The absolute path to a directory that
+ should be used by the system repository
+ for caching responses from the publish-
+ ers configured.
+
+ By default, a file-cache is used, how-
+ ever, the special value 'memory' can be
+ used to indicate that an in-memory
+ cache should be used. The special
+ value 'None' can be used to indicate
+ that the system repository should not
+ perform any caching. This setting
+ should be configured using the
+ 'config/cache_dir' SMF property.
+
+
+SunOS 5.11 Last change: 22 Apr 2011 1
+
+
+System Administration Commands pkg.sysrepo(1M)
+
+
+
+ -p port The port which the system repository
+ should use on which to listen for
+ requests. This setting should be con-
+ figured using the 'config/port' SMF
+ property.
+
+
+ -s cache_size An integer value, expressed in mega-
+ bytes which defines the maximum cache
+ size of the system repository. This
+ setting should be configured using the
+ 'config/cache_max' SMF property.
+
+
+
+EXAMPLES
+ Example 1: Enabling the system repository
+
+
+ $ svcadm enable svc:/system/pkg/sysrepo
+
+
+EXIT STATUS
+ The following exit values are returned:
+
+ 0 Command succeeded.
+
+
+ 1 Command failed to write a valid configuration.
+
+
+ 2 Invalid command line options were specified.
+
+ATTRIBUTES
+ See attributes(5) for descriptions of the following attri-
+ butes:
+
+SunOS 5.11 Last change: 22 Apr 2011 2
+
+
+System Administration Commands pkg.sysrepo(1M)
+
+
+
+ /usr/lib/pkg.sysrepo
+ ____________________________________________________________
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ |_____________________________|_____________________________|
+ | Availability | pkg:/package/pkg |
+ |_____________________________|_____________________________|
+ | Interface Stability | None / Under Development |
+ |_____________________________|_____________________________|
+
+
+SEE ALSO
+ pkg(1), pkg.depotd(1M), pkg(5)
+
+
+NOTES
+ The image packaging system is an under-development feature.
+ Command names, invocation, formats, and operations are all
+ subject to change. Development is hosted in the OpenSolaris
+ community at:
+
+
+ http://hub.opensolaris.org/bin/view/Project+pkg/
+
+
+
+SunOS 5.11 Last change: 22 Apr 2011 3
+
+
+
--- a/src/modules/client/actuator.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/client/actuator.py Wed Apr 27 20:30:32 2011 -0700
@@ -21,46 +21,12 @@
#
#
-# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
#
-import os
-import pkg.pkgsubprocess as subprocess
-from pkg.client import global_settings
-from pkg.client.debugvalues import DebugValues
-
-
-# range of possible SMF service states
-SMF_SVC_UNKNOWN = 0
-SMF_SVC_DISABLED = 1
-SMF_SVC_MAINTENANCE = 2
-SMF_SVC_TMP_DISABLED = 3
-SMF_SVC_TMP_ENABLED = 4
-SMF_SVC_ENABLED = 5
-
-logger = global_settings.logger
+import pkg.smf as smf
-svcprop_path = "/usr/bin/svcprop"
-svcadm_path = "/usr/sbin/svcadm"
-svcs_path = "/usr/bin/svcs"
-
-
-class NonzeroExitException(Exception):
- def __init__(self, cmd, return_code, output):
- self.cmd = cmd
- self.return_code = return_code
- self.output = output
-
- def __unicode__(self):
- # To workaround python issues 6108 and 2517, this provides a
- # a standard wrapper for this class' exceptions so that they
- # have a chance of being stringified correctly.
- return str(self)
-
- def __str__(self):
- return "Cmd %s exited with status %d, and output '%s'" %\
- (self.cmd, self.return_code, self.output)
-
+from pkg.client.debugvalues import DebugValues
class GenericActuator(object):
"""Actuators are action attributes that cause side effects
@@ -179,10 +145,8 @@
def exec_prep(self, image):
if not image.is_liveroot():
- cmds_dir = DebugValues.get_value("actuator_cmds_dir")
- if not cmds_dir:
+ if not DebugValues.get_value("smf_cmds_dir"):
return
- self.cmd_path = cmds_dir
self.do_nothing = False
def exec_pre_actuators(self, image):
@@ -196,37 +160,34 @@
disable_fmris = self.removal.get("disable_fmri", set())
- suspend_fmris = self.__smf_svc_check_fmris("suspend_fmri", suspend_fmris)
- disable_fmris = self.__smf_svc_check_fmris("disable_fmri", disable_fmris)
+ suspend_fmris = smf.check_fmris("suspend_fmri", suspend_fmris)
+ disable_fmris = smf.check_fmris("disable_fmri", disable_fmris)
# eliminate services not loaded or not running
# remember those services enabled only temporarily
for fmri in suspend_fmris.copy():
- state = self.__smf_svc_get_state(fmri)
- if state <= SMF_SVC_TMP_ENABLED:
+ state = smf.get_state(fmri)
+ if state <= smf.SMF_SVC_TMP_ENABLED:
suspend_fmris.remove(fmri)
- if state == SMF_SVC_TMP_ENABLED:
+ if state == smf.SMF_SVC_TMP_ENABLED:
tmp_suspend_fmris.add(fmri)
for fmri in disable_fmris.copy():
- if self.__smf_svc_is_disabled(fmri):
+ if smf.is_disabled(fmri):
disable_fmris.remove(fmri)
self.suspend_fmris = suspend_fmris
self.tmp_suspend_fmris = tmp_suspend_fmris
- args = (svcadm_path, "disable", "-st")
-
params = tuple(suspend_fmris | tmp_suspend_fmris)
if params:
- self.__call(args + params)
+ smf.disable(params, temporary=True)
- args = (svcadm_path, "disable", "-s")
params = tuple(disable_fmris)
if params:
- self.__call(args + params)
+ smf.disable(params)
def exec_fail_actuators(self, image):
"""handle a failed install"""
@@ -234,12 +195,11 @@
if self.do_nothing:
return
- args = (svcadm_path, "mark", "maintenance")
params = tuple(self.suspend_fmris |
self.tmp_suspend_fmris)
if params:
- self.__call(args + params)
+ smf.mark("maintenance", params)
def exec_post_actuators(self, image):
"""do post execution actuator processing"""
@@ -270,139 +230,38 @@
self.update.get("restart_fmri", set()) | \
self.install.get("restart_fmri", set())
- refresh_fmris = self.__smf_svc_check_fmris("refresh_fmri", refresh_fmris)
- restart_fmris = self.__smf_svc_check_fmris("restart_fmri", restart_fmris)
+ refresh_fmris = smf.check_fmris("refresh_fmri", refresh_fmris)
+ restart_fmris = smf.check_fmris("restart_fmri", restart_fmris)
# ignore services not present or not
# enabled
for fmri in refresh_fmris.copy():
- if self.__smf_svc_is_disabled(fmri):
+ if smf.is_disabled(fmri):
refresh_fmris.remove(fmri)
- args = (svcadm_path, "refresh")
params = tuple(refresh_fmris)
if params:
- self.__call(args + params)
+ smf.refresh(params)
for fmri in restart_fmris.copy():
- if self.__smf_svc_is_disabled(fmri):
+ if smf.is_disabled(fmri):
restart_fmris.remove(fmri)
- args = (svcadm_path, "restart")
params = tuple(restart_fmris)
if params:
- self.__call(args + params)
+ smf.restart(params)
# reenable suspended services that were running
# be sure to not enable services that weren't running
# and temp. enable those services that were in that
# state.
- args = (svcadm_path, "enable")
params = tuple(self.suspend_fmris)
if params:
- self.__call(args + params)
+ smf.enable(params)
- args = (svcadm_path, "enable", "-t")
params = tuple(self.tmp_suspend_fmris)
if params:
- self.__call(args + params)
-
- def __smf_svc_get_state(self, fmri):
- """ return state of smf service """
-
- props = self.__get_smf_props(fmri)
- if not props:
- return SMF_SVC_UNKNOWN
-
- if "maintenance" in props["restarter/state"]:
- return SMF_SVC_MAINTENANCE
-
- if "true" not in props["general/enabled"]:
- if "general_ovr/enabled" not in props:
- return SMF_SVC_DISABLED
- elif "true" in props["general_ovr/enabled"]:
- return SMF_SVC_TMP_ENABLED
- else:
- if "general_ovr/enabled" not in props:
- return SMF_SVC_ENABLED
- elif "false" in props["general_ovr/enabled"]:
- return SMF_SVC_TMP_DISABLED
-
- def __smf_svc_is_disabled(self, fmri):
- return self.__smf_svc_get_state(fmri) < SMF_SVC_TMP_ENABLED
-
- def __smf_svc_check_fmris(self, attr, fmris):
- """ Walk a set of fmris checking that each is fully specifed with
- an instance.
- If an FMRI is not fully specified and does not contain at least
- one special match character from fnmatch(5) the fmri is dropped
- from the set that is returned and an error message is logged.
- """
-
- chars = "*?[!^"
- for fmri in fmris.copy():
- is_glob = False
- for c in chars:
- if c in fmri:
- is_glob = True
-
- tmp_fmri = fmri
- if fmri.startswith("svc:"):
- tmp_fmri = fmri.replace("svc:", "", 1)
-
- # check to see if we've got an instance already
- if ":" in tmp_fmri and not is_glob:
- continue
-
- if is_glob:
- cmd = (svcs_path, "-H", "-o", "fmri", "%s" % fmri)
- try:
- instances = self.__call(cmd)
- except NonzeroExitException:
- continue # non-zero exit == not installed
-
- else:
- instances = []
- logger.error(_("FMRI pattern might implicitly match " \
- "more than one service instance."))
- logger.error(_("Actuators for %(attr)s will not be run " \
- "for %(fmri)s.") % locals())
-
- fmris.remove(fmri)
- for instance in instances:
- fmris.add(instance.rstrip())
- return fmris
-
- def __get_smf_props(self, svcfmri):
- args = (svcprop_path, "-c", svcfmri)
-
- try:
- buf = self.__call(args)
- except NonzeroExitException:
- return {} # empty output == not installed
-
- return dict([
- l.strip().split(None, 1)
- for l in buf
- ])
-
- def __call(self, args):
- # a way to invoke a separate executable for testing
- if self.cmd_path:
- args = (
- os.path.join(self.cmd_path,
- args[0].lstrip("/")),) + args[1:]
- try:
- proc = subprocess.Popen(args, stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT)
- buf = proc.stdout.readlines()
- ret = proc.wait()
- except OSError, e:
- raise RuntimeError, "cannot execute %s: %s" % (args, e)
-
- if ret != 0:
- raise NonzeroExitException(args, ret, buf)
- return buf
+ smf.enable(params, temporary=True)
--- a/src/modules/client/api.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/client/api.py Wed Apr 27 20:30:32 2011 -0700
@@ -39,6 +39,7 @@
import datetime
import errno
import fnmatch
+import operator
import os
import shutil
import sys
@@ -46,7 +47,6 @@
import threading
import urllib
-import pkg.client.actuator as actuator
import pkg.client.api_errors as apx
import pkg.client.bootenv as bootenv
import pkg.client.history as history
@@ -60,6 +60,8 @@
import pkg.misc as misc
import pkg.nrlock
import pkg.p5i as p5i
+import pkg.p5s as p5s
+import pkg.portable as portable
import pkg.search_errors as search_errors
import pkg.version
@@ -67,8 +69,9 @@
_get_pkg_cat_data)
from pkg.client.debugvalues import DebugValues
from pkg.client import global_settings
-
-CURRENT_API_VERSION = 56
+from pkg.smf import NonzeroExitException
+
+CURRENT_API_VERSION = 57
CURRENT_P5I_VERSION = 1
# Image type constants.
@@ -249,7 +252,7 @@
other platforms, a value of False will allow any image location.
"""
- compatible_versions = set([55, CURRENT_API_VERSION])
+ compatible_versions = set([CURRENT_API_VERSION])
if version_id not in compatible_versions:
raise apx.VersionException(CURRENT_API_VERSION,
@@ -1113,7 +1116,7 @@
error = apx.CorruptedIndexException(e)
self.log_operation_end(error=error)
raise error
- except actuator.NonzeroExitException, e:
+ except NonzeroExitException, e:
# Won't happen during update
be.restore_install_uninstall()
error = apx.ActuatorException(e)
@@ -1518,13 +1521,13 @@
location=str(repo))
for p in pubs:
- psrepo = p.selected_repository
+ psrepo = p.repository
if not psrepo:
# Repository configuration info wasn't
# provided, so assume origin is
# repo_uri.
- p.add_repository(publisher.Repository(
- origins=[repo_uri]))
+ p.repository = publisher.Repository(
+ origins=[repo_uri])
elif not psrepo.origins:
# Repository configuration was provided,
# but without an origin. Assume the
@@ -1574,7 +1577,7 @@
misc.makedirs(meta_root)
pub.meta_root = meta_root
pub.transport = self._img.transport
- repo = pub.selected_repository
+ repo = pub.repository
pkg_repos[id(repo)] = repo
# Retrieve each publisher's catalog.
@@ -1806,7 +1809,7 @@
origins=origins)
npub = \
copy.copy(pub_map[pub])
- npub.add_repository(nrepo)
+ npub.repository = nrepo
rid_map[rids] = npub
pkg_pub_map[pub][stem][ver] = \
@@ -1816,11 +1819,11 @@
# a single repository object for the caller.
for pub in pubs:
npub = pub_map[pub.prefix]
- nrepo = npub.selected_repository
+ nrepo = npub.repository
if not nrepo:
nrepo = publisher.Repository()
- npub.add_repository(nrepo)
- for o in pub.selected_repository.origins:
+ npub.repository = nrepo
+ for o in pub.repository.origins:
if not nrepo.has_origin(o):
nrepo.add_origin(o)
@@ -3080,6 +3083,7 @@
def add_publisher(self, pub, refresh_allowed=True,
approved_cas=misc.EmptyI, revoked_cas=misc.EmptyI,
+ search_after=None, search_before=None, search_first=None,
unset_cas=misc.EmptyI):
"""Add the provided publisher object to the image
configuration."""
@@ -3088,32 +3092,16 @@
refresh_allowed=refresh_allowed,
progtrack=self.__progresstracker,
approved_cas=approved_cas, revoked_cas=revoked_cas,
+ search_after=search_after,
+ search_before=search_before,
+ search_first=search_first,
unset_cas=unset_cas)
finally:
self._img.cleanup_downloads()
- def get_pub_search_order(self):
- """Return current search order of publishers; includes
- disabled publishers"""
- return self._img.cfg.get_property("property",
- "publisher-search-order")
-
- def set_pub_search_after(self, being_moved_prefix, staying_put_prefix):
- """Change the publisher search order so that being_moved is
- searched after staying_put"""
- self._img.pub_search_after(being_moved_prefix,
- staying_put_prefix)
-
- def set_pub_search_before(self, being_moved_prefix, staying_put_prefix):
- """Change the publisher search order so that being_moved is
- searched before staying_put"""
- self._img.pub_search_before(being_moved_prefix,
- staying_put_prefix)
-
- def get_preferred_publisher(self):
- """Returns the preferred publisher object for the image."""
- return self.get_publisher(
- prefix=self._img.get_preferred_publisher())
+ def get_highest_ranked_publisher(self):
+ """Returns the highest ranked publisher object for the image."""
+ return self._img.get_highest_ranked_publisher()
def get_publisher(self, prefix=None, alias=None, duplicate=False):
"""Retrieves a publisher object matching the provided prefix
@@ -3165,18 +3153,17 @@
copies of the publisher objects should be returned instead
of the originals.
"""
+
+ names = self._img.cfg.get_property("property",
+ "publisher-search-order")
+ d = self._img.get_publishers()
+ missing_names = set(d) - set(names)
+ res = [d[n] for n in names] + \
+ [d[n] for n in sorted(missing_names)]
if duplicate:
- # Return a copy so that changes to the retrieved objects
- # are not reflected until update_publisher is called.
- pubs = [
- copy.copy(p)
- for p in self._img.get_publishers().values()
- ]
- else:
- pubs = self._img.get_publishers().values()
- return misc.get_sorted_publishers(pubs,
- preferred=self._img.get_preferred_publisher())
-
+ return [copy.copy(p) for p in res]
+ return res
+
def get_publisher_last_update_time(self, prefix=None, alias=None):
"""Returns a datetime object representing the last time the
catalog for a publisher was modified or None."""
@@ -3218,11 +3205,8 @@
self._img.remove_publisher(prefix=prefix, alias=alias,
progtrack=self.__progresstracker)
- def set_preferred_publisher(self, prefix=None, alias=None):
- """Sets the preferred publisher for the image."""
- self._img.set_preferred_publisher(prefix=prefix, alias=alias)
-
- def update_publisher(self, pub, refresh_allowed=True):
+ def update_publisher(self, pub, refresh_allowed=True, search_after=None,
+ search_before=None, search_first=None):
"""Replaces an existing publisher object with the provided one
using the _source_object_id identifier set during copy.
@@ -3237,7 +3221,10 @@
self._disable_cancel()
with self._img.locked_op("update-publisher"):
return self.__update_publisher(pub,
- refresh_allowed=refresh_allowed)
+ refresh_allowed=refresh_allowed,
+ search_after=search_after,
+ search_before=search_before,
+ search_first=search_first)
except apx.CanceledException, e:
self._cancel_done()
raise
@@ -3245,14 +3232,14 @@
self._img.cleanup_downloads()
self._activity_lock.release()
- def __update_publisher(self, pub, refresh_allowed=True):
+ def __update_publisher(self, pub, refresh_allowed=True,
+ search_after=None, search_before=None, search_first=None):
"""Private publisher update method; caller responsible for
locking."""
- if pub.disabled and \
- pub.prefix == self._img.get_preferred_publisher():
- raise apx.SetPreferredPublisherDisabled(
- pub.prefix)
+ assert (not search_after and not search_before) or \
+ (not search_after and not search_first) or \
+ (not search_before and not search_first)
def origins_changed(oldr, newr):
old_origins = set([
@@ -3278,13 +3265,8 @@
# retrieve the catalog.
return True
- if len(newo.repositories) != len(oldo.repositories):
- # If there are an unequal number of repositories
- # then some have been added or removed.
- return True
-
- oldr = oldo.selected_repository
- newr = newo.selected_repository
+ oldr = oldo.repository
+ newr = newo.repository
if newr._source_object_id != id(oldr):
# Selected repository has changed.
return True
@@ -3356,17 +3338,17 @@
new_id, old_pub = orig_pub
for new_pfx, new_pub in publishers.iteritems():
if id(new_pub) == new_id:
- del publishers[new_pfx]
publishers[old_pub.prefix] = old_pub
break
- repo = pub.selected_repository
- validate = origins_changed(orig_pub[-1].selected_repository,
- pub.selected_repository)
+ repo = pub.repository
+
+ validate = origins_changed(orig_pub[-1].repository,
+ pub.repository)
try:
if disable or (not repo.origins and
- orig_pub[-1].selected_repository.origins):
+ orig_pub[-1].repository.origins):
# Remove the publisher's metadata (such as
# catalogs, etc.). This only needs to be done
# in the event that a publisher is disabled or
@@ -3416,6 +3398,15 @@
cleanup()
raise
+ if search_first:
+ self._img.set_highest_ranked_publisher(
+ prefix=pub.prefix)
+ elif search_before:
+ self._img.pub_search_before(pub.prefix, search_before)
+ elif search_after:
+ self._img.pub_search_after(pub.prefix, search_after)
+
+ # Successful; so save configuration.
self._img.save_config()
def log_operation_end(self, error=None, result=None):
@@ -3596,6 +3587,26 @@
new_pkg_names[pub] = pkglist
p5i.write(fileobj, plist, pkg_names=new_pkg_names)
+ def write_syspub(self, path, prefixes, version):
+ """Write the syspub/version response to the provided path."""
+ if version != 0:
+ raise apx.UnsupportedP5SVersion(version)
+
+ pubs = [
+ p for p in self.get_publishers()
+ if p.prefix in prefixes
+ ]
+ fd, fp = tempfile.mkstemp()
+ try:
+ fh = os.fdopen(fd, "wb")
+ p5s.write(fh, pubs, self._img.cfg)
+ fh.close()
+ portable.rename(fp, path)
+ except:
+ if os.path.exists(fp):
+ portable.remove(fp)
+ raise
+
class Query(query_p.Query):
"""This class is the object used to pass queries into the api functions.
@@ -3826,15 +3837,17 @@
the image creation process.
Callers must provide one of the following when calling this function:
+ * no 'prefix' and no 'origins'
* a 'prefix' and 'repo_uri' (origins and mirrors are optional)
* no 'prefix' and a 'repo_uri' (origins and mirrors are optional)
* a 'prefix' and 'origins'
"""
# Caller must provide a prefix and repository, or no prefix and a
- # repository, or a prefix and origins.
+ # repository, or a prefix and origins, or no prefix and no origins.
assert (prefix and repo_uri) or (not prefix and repo_uri) or (prefix and
- origins)
+ origins or (not prefix and not origins))
+
# If prefix isn't provided, and refresh isn't allowed, then auto-config
# cannot be done.
@@ -3853,11 +3866,13 @@
# needed to retrieve publisher configuration information.
img = image.Image(root, force=force, imgtype=imgtype,
progtrack=progtrack, should_exist=False,
- user_provided_dir=user_provided_dir)
+ user_provided_dir=user_provided_dir, props=props)
api_inst = ImageInterface(img, version_id,
progtrack, cancel_state_callable, pkg_client_name)
+ pubs = []
+
try:
if repo_uri:
# Assume auto configuration.
@@ -3888,14 +3903,14 @@
if repo_uri:
for p in pubs:
- psrepo = p.selected_repository
+ psrepo = p.repository
if not psrepo:
# Repository configuration info
# was not provided, so assume
# origin is repo_uri.
- p.add_repository(
+ p.repository = \
publisher.Repository(
- origins=[repo_uri]))
+ origins=[repo_uri])
elif not psrepo.origins:
# Repository configuration was
# provided, but without an
@@ -3920,7 +3935,7 @@
for m in mirrors:
repo.add_mirror(m)
pub = publisher.Publisher(prefix,
- repositories=[repo])
+ repository=repo)
pubs = [pub]
if prefix and prefix not in pubs:
@@ -3940,7 +3955,7 @@
# Add additional origins and mirrors that weren't found in the
# publisher configuration if provided.
for p in pubs:
- pr = p.selected_repository
+ pr = p.repository
for o in origins:
if not pr.has_origin(o):
pr.add_origin(o)
@@ -3950,7 +3965,7 @@
# Set provided SSL Cert/Key for all configured publishers.
for p in pubs:
- repo = p.selected_repository
+ repo = p.repository
for o in repo.origins:
if o.scheme not in publisher.SSL_SCHEMES:
continue
--- a/src/modules/client/api_errors.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/client/api_errors.py Wed Apr 27 20:30:32 2011 -0700
@@ -1214,6 +1214,19 @@
"or does not contain valid publisher information.")
+class InvalidP5SFile(DataError):
+ """Used to indicate that the specified location does not contain a
+ valid p5i-formatted file."""
+
+ def __str__(self):
+ if self.data:
+ return _("The provided p5s data is in an unrecognized "
+ "format or does not contain valid publisher "
+ "information: %s") % self.data
+ return _("The provided p5s data is in an unrecognized format "
+ "or does not contain valid publisher information.")
+
+
class UnsupportedP5IFile(DataError):
"""Used to indicate that an attempt to read an unsupported version
of pkg(5) info file was attempted."""
@@ -1223,6 +1236,27 @@
"format.")
+class UnsupportedP5SFile(DataError):
+ """Used to indicate that an attempt to read an unsupported version
+ of pkg(5) info file was attempted."""
+
+ def __str__(self):
+ return _("Unsupported pkg(5) publisher and image information "
+ "data format.")
+
+
+class UnsupportedP5SVersion(ApiException):
+ """Used to indicate that an attempt to read an unsupported version
+ of pkg(5) info file was attempted."""
+
+ def __init__(self, v):
+ self.version = v
+
+ def __str__(self):
+ return _("%s is not a supported version for creating a "
+ "syspub response.") % self.version
+
+
class TransportError(ApiException):
"""Abstract exception class for all transport exceptions.
Specific transport exceptions should be implemented in the
@@ -1500,14 +1534,6 @@
"for use with this publisher.") % self.data
-class RemovePreferredPublisher(PublisherError):
- """Used to indicate an attempt to remove the preferred publisher was
- made."""
-
- def __str__(self):
- return _("The preferred publisher cannot be removed.")
-
-
class MoveRelativeToSelf(PublisherError):
"""Used to indicate an attempt to search a repo before or after itself"""
@@ -1524,25 +1550,6 @@
"publisher.")
-class SetDisabledPublisherPreferred(PublisherError):
- """Used to indicate an attempt to set a disabled publisher as the
- preferred publisher was made."""
-
- def __str__(self):
- return _("Publisher '%s' is disabled and cannot be set as the "
- "preferred publisher.") % self.data
-
-
-class SetPreferredPublisherDisabled(PublisherError):
- """Used to indicate that an attempt was made to set the preferred
- publisher as disabled."""
-
- def __str__(self):
- return _("The preferred publisher may not be disabled."
- " Another publisher must be set as the preferred "
- "publisher before this publisher can be disabled.")
-
-
class UnknownLegalURI(PublisherError):
"""Used to indicate that no matching legal URI could be found using the
provided criteria."""
@@ -1694,6 +1701,31 @@
"attr": self.data, "scheme": self._args["scheme"] }
+class UnknownSysrepoConfiguration(ApiException):
+ """Used when a pkg client needs to communicate with the system
+ repository but can't find the configuration for it."""
+
+ def __str__(self):
+ return _("""\
+pkg is configured to use the system repository (via the use-system-repo
+property) but it could not get the host and port from
+smf:/system/zones-proxy-client nor smf:/system/pkg/sysrepo, and the
+PKG_SYSREPO_URL environment variable was not set. Please try enabling one of
+those services or setting the PKG_SYSREPO_URL environment variable.
+""")
+
+
+class ModifyingSyspubException(ApiException):
+ """This exception is raised when a user attempts to modify a system
+ publisher."""
+
+ def __init__(self, s):
+ self.s = s
+
+ def __str__(self):
+ return self.s
+
+
class SigningException(ApiException):
"""The base class for exceptions related to manifest signing."""
--- a/src/modules/client/image.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/client/image.py Wed Apr 27 20:30:32 2011 -0700
@@ -60,6 +60,7 @@
import pkg.nrlock
import pkg.portable as portable
import pkg.server.catalog
+import pkg.smf as smf
import pkg.pkgsubprocess as subprocess
import pkg.version
import M2Crypto as m2
@@ -152,7 +153,7 @@
def __init__(self, root, user_provided_dir=False, progtrack=None,
should_exist=True, imgtype=None, force=False,
augment_ta_from_parent_image=True, allow_ondisk_upgrade=None,
- allow_ambiguous=False):
+ allow_ambiguous=False, props=misc.EmptyDict):
if should_exist:
assert(imgtype is None)
assert(not force)
@@ -221,6 +222,8 @@
# dependency but removed because obsolete
self.__group_obsolete = None
+ self.__property_overrides = { "property": props }
+
# Transport operations for this image
self.transport = transport.Transport(
transport.ImageTransportCfg(self))
@@ -537,13 +540,25 @@
version = self.version
self.cfg = imageconfig.ImageConfig(self.__cfgpathname,
- self.root, version=version)
+ self.root, version=version,
+ overrides=self.__property_overrides)
+
+ if self.__upgraded:
+ self.cfg = imageconfig.BlendedConfig(self.cfg,
+ self.get_catalog(self.IMG_CATALOG_INSTALLED).\
+ get_package_counts_by_pub(),
+ self.imgdir, self.transport,
+ self.cfg.get_policy("use-system-repo"))
def save_config(self):
# First, create the image directories if they haven't been, so
# the configuration file can be written.
self.mkdirs()
self.cfg.write()
+ if self.is_liveroot() and \
+ smf.get_state("svc:/system/pkg/sysrepo:default") in \
+ (smf.SMF_SVC_TMP_ENABLED, smf.SMF_SVC_ENABLED):
+ smf.refresh(["svc:/system/pkg/sysrepo:default"])
self.transport.cfg.reset_caches()
def mkdirs(self, root=None, version=None):
@@ -708,7 +723,6 @@
"tmp")
else:
self.__tmpdir = os.path.join(self.imgdir, "tmp")
-
self._statedir = os.path.join(self.imgdir, "state")
self.update_index_dir()
@@ -802,12 +816,44 @@
# Prepare publishers for transport usage; this must be done
# just before configuration is written and transport caches
# are reset, but after all of the directory setup work done
- # above.
+ # above. This must be done before the format is updated.
for pub in self.gen_publishers(inc_disabled=True):
pub.meta_root = self._get_publisher_meta_root(
pub.prefix)
pub.transport = self.transport
+ # Upgrade the image's format if needed.
+ self.update_format(allow_unprivileged=True,
+ progtrack=progtrack)
+
+ # If we haven't loaded the system publisher configuration, do
+ # that now.
+ if isinstance(self.cfg, imageconfig.ImageConfig):
+ self.cfg = imageconfig.BlendedConfig(self.cfg,
+ self.get_catalog(self.IMG_CATALOG_INSTALLED).\
+ get_package_counts_by_pub(),
+ self.imgdir, self.transport,
+ self.cfg.get_policy("use-system-repo"))
+
+ # This must be done again because new publishers may
+ # have been added.
+ for pub in self.gen_publishers(inc_disabled=True):
+ pub.meta_root = self._get_publisher_meta_root(
+ pub.prefix)
+ pub.transport = self.transport
+
+ # Check to see if any system publishers have been
+ # removed. If they have, remove their metadata and
+ # rebuild the catalogs.
+ changed = False
+ for p in self.cfg.removed_pubs:
+ p.meta_root = self._get_publisher_meta_root(
+ p.prefix)
+ self.remove_publisher_metadata(p, rebuild=False)
+ changed = True
+ if changed:
+ self.__rebuild_image_catalogs()
+
if purge:
# Configuration shouldn't be written again unless this
# is an image creation operation (hence the purge).
@@ -817,10 +863,6 @@
# to be reset first.
self.transport.cfg.reset_caches()
- # Finally, upgrade the image's format if needed.
- self.update_format(allow_unprivileged=True,
- progtrack=progtrack)
-
# load image avoid pkg set
self.__avoid_set_load()
@@ -906,8 +948,8 @@
# If ValueError occurs, the installed file is of
# a previous format. For upgrades to work, it's
# necessary to assume that the package was
- # installed from the preferred publisher. Here,
- # the publisher is setup to record that.
+ # installed from the highest ranked publisher.
+ # Here, the publisher is setup to record that.
if flines:
pub = flines[0]
pub = pub.strip()
@@ -916,7 +958,7 @@
else:
newpub = "%s_%s" % (
pkg.fmri.PREF_PUB_PFX,
- self.get_preferred_publisher())
+ self.get_highest_ranked_publisher())
pub = newpub
assert pub
return pub
@@ -1462,7 +1504,7 @@
# Discard origins and mirrors to prevent
# their accidental use.
- repo = new_pub.selected_repository
+ repo = new_pub.repository
repo.reset_origins()
repo.reset_mirrors()
except KeyError:
@@ -1511,6 +1553,19 @@
ret.setdefault(pub, (len(ret) + 1, False, False))
return ret
+ def get_highest_ranked_publisher(self):
+ """Return the highest ranked publisher."""
+
+ pubs = self.cfg.get_property("property",
+ "publisher-search-order")
+ if pubs:
+ return self.get_publisher(prefix=pubs[0])
+ for p in self.gen_publishers():
+ return p
+ for p in self.get_installed_pubs():
+ return p
+ return None
+
def check_cert_validity(self):
"""Look through the publishers defined for the image. Print
a message and exit with an error if one of the certificates
@@ -1518,12 +1573,12 @@
print a warning instead."""
for p in self.gen_publishers():
- for r in p.repositories:
- for uri in r.origins:
- if uri.ssl_cert:
- misc.validate_ssl_cert(
- uri.ssl_cert,
- prefix=p.prefix, uri=uri)
+ r = p.repository
+ for uri in r.origins:
+ if uri.ssl_cert:
+ misc.validate_ssl_cert(
+ uri.ssl_cert,
+ prefix=p.prefix, uri=uri)
return True
def has_publisher(self, prefix=None, alias=None):
@@ -1547,11 +1602,6 @@
pub = self.get_publisher(prefix=prefix,
alias=alias)
- ppub = self.cfg.get_property("property",
- "preferred-publisher")
- if pub.prefix == ppub:
- raise apx.RemovePreferredPublisher()
-
self.cfg.remove_publisher(pub.prefix)
self.remove_publisher_metadata(pub, progtrack=progtrack)
self.save_config()
@@ -1568,47 +1618,28 @@
return pub
elif alias and alias == pub.alias:
return pub
- elif origin and pub.selected_repository and \
- pub.selected_repository.has_origin(origin):
+ elif origin and pub.repository and \
+ pub.repository.has_origin(origin):
return pub
raise apx.UnknownPublisher(max(prefix, alias, origin))
def pub_search_before(self, being_moved, staying_put):
"""Moves publisher "being_moved" to before "staying_put"
- in search order."""
- with self.locked_op("search-before"):
- self.__pub_search_common(being_moved, staying_put,
- after=False)
+ in search order.
+
+ The caller is responsible for locking the image."""
+
+ self.cfg.change_publisher_search_order(being_moved, staying_put,
+ after=False)
def pub_search_after(self, being_moved, staying_put):
"""Moves publisher "being_moved" to after "staying_put"
- in search order."""
- with self.locked_op("search-after"):
- self.__pub_search_common(being_moved, staying_put,
- after=True)
-
- def __pub_search_common(self, being_moved, staying_put, after=True):
- """Shared logic for altering publisher search order."""
-
- bm = self.get_publisher(being_moved).prefix
- sp = self.get_publisher(staying_put).prefix
-
- if bm == sp:
- raise apx.MoveRelativeToSelf()
-
- # compute new order and set it
- so = self.cfg.get_property("property", "publisher-search-order")
- so.remove(bm)
- if after:
- so.insert(so.index(sp) + 1, bm)
- else:
- so.insert(so.index(sp), bm)
- self.cfg.change_publisher_search_order(so)
- self.save_config()
-
- def get_preferred_publisher(self):
- """Returns the prefix of the preferred publisher."""
- return self.cfg.get_property("property", "preferred-publisher")
+ in search order.
+
+ The caller is responsible for locking the image."""
+
+ self.cfg.change_publisher_search_order(being_moved, staying_put,
+ after=True)
def __apply_alt_pkg_sources(self, img_kcat):
pkg_pub_map = self.__alt_pkg_pub_map
@@ -1680,7 +1711,8 @@
self.__alt_pubs = alt_pubs
self.__alt_known_cat = alt_kcat
- def set_preferred_publisher(self, prefix=None, alias=None, pub=None):
+ def set_highest_ranked_publisher(self, prefix=None, alias=None,
+ pub=None):
"""Sets the preferred publisher for packaging operations.
'prefix' is an optional string value specifying the name of
@@ -1692,28 +1724,42 @@
'pub' is an optional Publisher object identifying the
publisher to set as the preferred publisher.
- One of the above parameters must be provided."""
-
- with self.locked_op("set-preferred-publisher"):
- if not pub:
- pub = self.get_publisher(prefix=prefix,
- alias=alias)
-
- if pub.disabled:
- raise apx.SetDisabledPublisherPreferred(pub)
- self.cfg.set_property("property", "preferred-publisher",
- pub.prefix)
- self.save_config()
+ One of the above parameters must be provided.
+
+ The caller is responsible for locking the image."""
+
+ if not pub:
+ pub = self.get_publisher(prefix=prefix, alias=alias)
+ if not self.cfg.allowed_to_move(pub):
+ raise apx.ModifyingSyspubException(_("Publisher '%s' "
+ "is a system publisher and cannot be moved.") % pub)
+ relative = None
+ ranks = self.get_publisher_ranks()
+ rel_rank = None
+ for p in ranks:
+ rel_pub = self.get_publisher(p)
+ if not self.cfg.allowed_to_move(rel_pub):
+ continue
+ rank = ranks[p][0]
+ if rel_rank is None or rank < rel_rank:
+ rel_rank = rank
+ relative = rel_pub
+ assert relative, "Expected %s to already be part of the " + \
+ "search order:%s" % (relative, ranks)
+ if relative == pub:
+ # It's already first in the list of non-system
+ # publishers, so nothing to do.
+ return
+ self.cfg.change_publisher_search_order(pub.prefix,
+ relative.prefix, after=False)
def set_property(self, prop_name, prop_value):
- assert prop_name != "preferred-publisher"
with self.locked_op("set-property"):
self.cfg.set_property("property", prop_name,
prop_value)
self.save_config()
def set_properties(self, properties):
- assert "preferred-publisher" not in properties
properties = { "property": properties }
with self.locked_op("set-property"):
self.cfg.set_properties(properties)
@@ -1730,20 +1776,17 @@
return False
def delete_property(self, prop_name):
- assert prop_name != "preferred-publisher"
with self.locked_op("unset-property"):
self.cfg.remove_property("property", prop_name)
self.save_config()
def add_property_value(self, prop_name, prop_value):
- assert prop_name != "preferred-publisher"
with self.locked_op("add-property-value"):
self.cfg.add_property_value("property", prop_name,
prop_value)
self.save_config()
def remove_property_value(self, prop_name, prop_value):
- assert prop_name != "preferred-publisher"
with self.locked_op("remove-property-value"):
self.cfg.remove_property_value("property", prop_name,
prop_value)
@@ -1771,7 +1814,8 @@
return self.cfg.get_index()["property"].keys()
def add_publisher(self, pub, refresh_allowed=True, progtrack=None,
- approved_cas=EmptyI, revoked_cas=EmptyI, unset_cas=EmptyI):
+ approved_cas=EmptyI, revoked_cas=EmptyI, search_after=None,
+ search_before=None, search_first=None, unset_cas=EmptyI):
"""Adds the provided publisher object to the image
configuration.
@@ -1785,13 +1829,50 @@
return self.__add_publisher(pub,
refresh_allowed=refresh_allowed,
progtrack=progtrack, approved_cas=EmptyI,
- revoked_cas=EmptyI, unset_cas=EmptyI)
+ revoked_cas=EmptyI, search_after=search_after,
+ search_before=search_before,
+ search_first=search_first, unset_cas=EmptyI)
+
+ def __update_publisher_catalogs(self, pub, progtrack=None,
+ refresh_allowed=True):
+ # Ensure that if the publisher's meta directory already
+ # exists for some reason that the data within is not
+ # used.
+ self.remove_publisher_metadata(pub, progtrack=progtrack,
+ rebuild=False)
+
+ repo = pub.repository
+ if refresh_allowed and repo.origins:
+ try:
+ # First, verify that the publisher has a
+ # valid pkg(5) repository.
+ self.transport.valid_publisher_test(pub)
+ pub.validate_config()
+ self.refresh_publishers(pubs=[pub],
+ progtrack=progtrack)
+ except Exception, e:
+ # Remove the newly added publisher since
+ # it is invalid or the retrieval failed.
+ if not pub.sys_pub:
+ self.cfg.remove_publisher(pub.prefix)
+ raise
+ except:
+ # Remove the newly added publisher since
+ # the retrieval failed.
+ if not pub.sys_pub:
+ self.cfg.remove_publisher(pub.prefix)
+ raise
def __add_publisher(self, pub, refresh_allowed=True, progtrack=None,
- approved_cas=EmptyI, revoked_cas=EmptyI, unset_cas=EmptyI):
+ approved_cas=EmptyI, revoked_cas=EmptyI, search_after=None,
+ search_before=None, search_first=None, unset_cas=EmptyI):
"""Private version of add_publisher(); caller is responsible
for locking."""
+ assert (not search_after and not search_before) or \
+ (not search_after and not search_first) or \
+ (not search_before and not search_first)
+
if self.version < self.CURRENT_VERSION:
raise apx.ImageFormatUpdateNeeded(self.root)
@@ -1811,31 +1892,8 @@
pub.transport = self.transport
self.cfg.publishers[pub.prefix] = pub
- # Ensure that if the publisher's meta directory already
- # exists for some reason that the data within is not
- # used.
- self.remove_publisher_metadata(pub, progtrack=progtrack,
- rebuild=False)
-
- repo = pub.selected_repository
- if refresh_allowed and repo.origins:
- try:
- # First, verify that the publisher has a
- # valid pkg(5) repository.
- self.transport.valid_publisher_test(pub)
- pub.validate_config()
- self.refresh_publishers(pubs=[pub],
- progtrack=progtrack)
- except Exception, e:
- # Remove the newly added publisher since
- # it is invalid or the retrieval failed.
- self.cfg.remove_publisher(pub.prefix)
- raise
- except:
- # Remove the newly added publisher since
- # the retrieval failed.
- self.cfg.remove_publisher(pub.prefix)
- raise
+ self.__update_publisher_catalogs(pub, progtrack=progtrack,
+ refresh_allowed=refresh_allowed)
for ca in approved_cas:
try:
@@ -1848,7 +1906,7 @@
raise apx.MissingFileArgumentException(
ca)
raise apx._convert_error(e)
- pub.approve_ca_cert(s)
+ pub.approve_ca_cert(s, manual=True)
for hsh in revoked_cas:
pub.revoke_ca_cert(hsh)
@@ -1856,6 +1914,13 @@
for hsh in unset_cas:
pub.unset_ca_cert(hsh)
+ if search_first:
+ self.set_highest_ranked_publisher(prefix=pub.prefix)
+ elif search_before:
+ self.pub_search_before(pub.prefix, search_before)
+ elif search_after:
+ self.pub_search_after(pub.prefix, search_after)
+
# Only after success should the configuration be saved.
self.save_config()
@@ -2143,7 +2208,7 @@
if intent:
alt_repo = None
if alt_pub:
- alt_repo = alt_pub.selected_repository
+ alt_repo = alt_pub.repository
try:
self.transport.touch_manifest(fmri,
intent, alt_repo=alt_repo)
@@ -2293,7 +2358,7 @@
newpubs = (instpubs & altpubs) - cfgpubs
for pfx in newpubs:
npub = publisher.Publisher(pfx,
- repositories=[publisher.Repository()])
+ repository=publisher.Repository())
self.__add_publisher(npub,
refresh_allowed=False)
@@ -2468,15 +2533,6 @@
return fmris[0]
return None
- def fmri_set_default_publisher(self, fmri):
- """If the FMRI supplied as an argument does not have
- a publisher, set it to the image's preferred publisher."""
-
- if fmri.has_publisher():
- return
-
- fmri.set_publisher(self.get_preferred_publisher(), True)
-
def has_version_installed(self, fmri):
"""Check that the version given in the FMRI or a successor is
installed in the current image."""
@@ -2486,7 +2542,8 @@
if v and not fmri.publisher:
fmri.set_publisher(v.get_publisher_str())
elif not fmri.publisher:
- fmri.set_publisher(self.get_preferred_publisher(), True)
+ fmri.set_publisher(self.get_highest_ranked_publisher(),
+ True)
if v and v.is_successor(fmri):
return True
@@ -2560,11 +2617,6 @@
progtrack.cache_catalogs_start()
publist = list(self.gen_publishers())
- if not publist:
- # No publishers, so nothing can be known or installed.
- self.__remove_catalogs()
- progtrack.cache_catalogs_done()
- return
be_name, be_uuid = bootenv.BootEnv.get_be_name(self.root)
self.history.log_operation_start("rebuild-image-catalogs",
@@ -2876,6 +2928,11 @@
if not pubs:
# Omit disabled publishers.
pubs = [p for p in self.gen_publishers()]
+
+ if not pubs:
+ self.__rebuild_image_catalogs(progtrack=progtrack)
+ return
+
for pub in pubs:
p = pub
if not isinstance(p, publisher.Publisher):
--- a/src/modules/client/imageconfig.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/client/imageconfig.py Wed Apr 27 20:30:32 2011 -0700
@@ -34,14 +34,18 @@
import pkg.client.api_errors as apx
import pkg.client.publisher as publisher
+import pkg.client.sigpolicy as sigpolicy
import pkg.config as cfg
import pkg.facet as facet
import pkg.misc as misc
+import pkg.pkgsubprocess as subprocess
import pkg.portable as portable
-import pkg.client.sigpolicy as sigpolicy
+import pkg.smf as smf
import pkg.variant as variant
from pkg.misc import DictProperty, SIGNATURE_POLICY
+from pkg.client.debugvalues import DebugValues
+from pkg.client.transport.exception import TransportFailures
# The default_policies dictionary defines the policies that are supported by
# pkg(5) and their default values. Calls to the ImageConfig.get_policy method
# should use the constants defined here.
@@ -49,12 +53,14 @@
FLUSH_CONTENT_CACHE = "flush-content-cache-on-success"
MIRROR_DISCOVERY = "mirror-discovery"
SEND_UUID = "send-uuid"
+USE_SYSTEM_REPO = "use-system-repo"
default_policies = {
FLUSH_CONTENT_CACHE: False,
MIRROR_DISCOVERY: False,
SEND_UUID: True,
- SIGNATURE_POLICY: sigpolicy.DEFAULT_POLICY
+ SIGNATURE_POLICY: sigpolicy.DEFAULT_POLICY,
+ USE_SYSTEM_REPO: False
}
CA_PATH = "ca-path"
@@ -140,6 +146,8 @@
cfg.PropertySection("image", properties=[
cfg.PropInt("version"),
]),
+ # The preferred-authority property should be removed from
+ # version 4 of image config.
cfg.PropertySection("property", properties=[
cfg.PropPublisher("preferred-authority"),
cfg.PropList("publisher-search-order"),
@@ -152,6 +160,8 @@
cfg.PropDefined(SIGNATURE_POLICY,
allowed=list(sigpolicy.Policy.policies()) + [DEF_TOKEN],
default=DEF_TOKEN),
+ cfg.PropBool(USE_SYSTEM_REPO,
+ default=default_policies[USE_SYSTEM_REPO]),
cfg.Property(CA_PATH,
default=default_properties[CA_PATH]),
cfg.Property("trust-anchor-directory",
@@ -182,6 +192,7 @@
allowed=list(sigpolicy.Policy.policies()) + [DEF_TOKEN],
default=DEF_TOKEN),
cfg.PropList("property.signature-required-names"),
+ cfg.PropList("property.proxied-urls"),
cfg.PropList("intermediate_certs"),
cfg.PropList("approved_ca_certs"),
cfg.PropList("revoked_ca_certs"),
@@ -221,23 +232,26 @@
version=version)
def __str__(self):
- return "%s\n%s" % (self.__publishers, self)
+ return "%s\n%s" % (self.__publishers, self.__defs)
def remove_publisher(self, prefix):
"""External functional interface - use property interface"""
del self.publishers[prefix]
- try:
- self.remove_section("authority_%s" % prefix)
- except cfg.UnknownSectionError:
- pass
+
+ def change_publisher_search_order(self, being_moved, staying_put,
+ after):
+ """Change the publisher search order by moving the publisher
+ 'being_moved' relative to the publisher 'staying put.' The
+ boolean 'after' determins whether 'being_moved' is placed before
+ or after 'staying_put'."""
- def change_publisher_search_order(self, new_world_order):
- """Change search order to desired value"""
- pval = self.get_property("property", "publisher-search-order")
- if sorted(new_world_order) != sorted(pval):
- raise ValueError, "publishers added or removed"
- self.set_property("property", "publisher-search-order",
- new_world_order)
+ so = self.get_property("property", "publisher-search-order")
+ so.remove(being_moved)
+ if after:
+ so.insert(so.index(staying_put) + 1, being_moved)
+ else:
+ so.insert(so.index(staying_put), being_moved)
+ self.set_property("property", "publisher-search-order", so)
def __get_publisher(self, prefix):
"""Accessor method for publishers dictionary"""
@@ -257,6 +271,10 @@
if prefix in pval:
self.remove_property_value("property",
"publisher-search-order", prefix)
+ try:
+ self.remove_section("authority_%s" % prefix)
+ except cfg.UnknownSectionError:
+ pass
del self.__publishers[prefix]
def __publisher_iter(self):
@@ -295,8 +313,6 @@
section and name. Raises UnknownPropertyError if it does not
exist.
"""
- if name == "preferred-publisher":
- name = "preferred-authority"
rval = cfg.FileConfig.get_property(self, section, name)
if name in default_policies and rval == DEF_TOKEN:
return default_policies[name]
@@ -352,14 +368,10 @@
# Get updated configuration index.
idx = self.get_index()
- preferred_publisher = None
for s, v in idx.iteritems():
if re.match("authority_.*", s):
k, a = self.read_publisher(s, v)
self.publishers[k] = a
- # just in case there's no other indication
- if preferred_publisher is None:
- preferred_publisher = k
# Move any properties found in policy section (from older
# images) to the property section.
@@ -373,10 +385,6 @@
default_properties[CA_PATH])
pso = self.get_property("property", "publisher-search-order")
- if not pso and preferred_publisher:
- # make up the default - preferred, then the rest in
- # alpha order
- pso = [preferred_publisher]
# Ensure that all configured publishers are present in
# search order (add them in alpha order to the end).
@@ -407,18 +415,6 @@
exist, it will be added. Raises InvalidPropertyValueError if
the value is not valid for the given property."""
- if name == "preferred-publisher":
- # Ensure that whenever preferred-publisher is changed,
- # search order is updated as well. In addition, ensure
- # that 'preferred-publisher' is always stored as
- # 'preferred-authority' internally for compatibility
- # with older clients.
- name = "preferred-authority"
- pso = self.get_property("property",
- "publisher-search-order")
- if value in pso:
- pso.remove(value)
- pso.insert(0, value)
cfg.FileConfig.set_property(self, section, name, value)
if self.__validate:
@@ -456,21 +452,6 @@
def write(self, ignore_unprivileged=False):
"""Write the image configuration."""
- # Force preferred-authority to match publisher-search-order.
- pso = self.get_property("property", "publisher-search-order")
- ppub = None
- for p in pso:
- if not self.__publishers[p].disabled:
- ppub = p
- break
- else:
- if pso:
- # Fallback to first publisher in the unlikley
- # case that all publishers in search order are
- # disabled.
- ppub = pso[0]
- self.set_property("property", "preferred-authority", ppub)
-
# The variant and facet sections must be removed so that the
# private variant and facet objects can have their information
# transferred to the configuration object verbatim.
@@ -513,7 +494,7 @@
# not. So we have a different policy: ssl_key and
# ssl_cert are treated as zone root relative.
#
- repo = pub.selected_repository
+ repo = pub.repository
ngz = self.variants.get("variant.opensolaris.zone",
"global") == "nonglobal"
@@ -717,7 +698,7 @@
pub = publisher.Publisher(prefix, alias=sec_idx["alias"],
client_uuid=sec_idx["uuid"], disabled=sec_idx["disabled"],
- repositories=[r], sticky=sec_idx.get("sticky", True),
+ repository=r, sticky=sec_idx.get("sticky", True),
props=props,
revoked_ca_certs=sec_idx.get("revoked_ca_certs", []),
approved_ca_certs=sec_idx.get("approved_ca_certs", []))
@@ -747,8 +728,412 @@
"At least one name must be provided for "
"the signature-required-names policy."))
+ def __publisher_getdefault(self, name, value):
+ """Support getdefault() on properties"""
+ return self.__publishers.get(name, value)
+
# properties so we can enforce rules
publishers = DictProperty(__get_publisher, __set_publisher,
__del_publisher, __publisher_iteritems, __publisher_keys,
__publisher_values, __publisher_iter,
+ doc="A dict mapping publisher prefixes to publisher objects",
+ fgetdefault=__publisher_getdefault, )
+
+
+class NullSystemPublisher(object):
+ """Dummy system publisher object for use when an image doesn't use a
+ system publisher."""
+
+ def __init__(self):
+ self.publishers = {}
+
+ def write(self):
+ return
+
+ def get_property(self, section, name):
+ """Return the value of the property if the NullSystemPublisher
+ has any knowledge of it."""
+
+ if section == "property" and \
+ name in ("publisher-search-order", "property.proxied-urls"):
+ return []
+ raise NotImplementedError()
+
+
+class BlendedConfig(object):
+ """Class which handles combining the system repository configuration
+ with the image configuration."""
+
+ def __init__(self, img_cfg, pkg_counts, imgdir, transport,
+ use_system_pub):
+ """The 'img_cfg' parameter is the ImageConfig object for the
+ image.
+
+ The 'pkg_counts' parameter is a list of tuples which contains
+ the number of packages each publisher has installed.
+
+ The 'imgdir' parameter is the directory the current image
+ resides in.
+
+ The 'transport' object is the image's transport.
+
+ The 'use_system_pub' parameter is a boolean which indicates
+ whether the system publisher should be used."""
+
+ self.img_cfg = img_cfg
+ self.__pkg_counts = pkg_counts
+
+ self.__proxy_url = None
+
+ syscfg_path = os.path.join(imgdir, "pkg5.syspub")
+ # load the existing system repo config
+ if os.path.exists(syscfg_path):
+ old_sysconfig = ImageConfig(syscfg_path, None)
+ else:
+ old_sysconfig = NullSystemPublisher()
+
+ if use_system_pub:
+ # get new syspub data from sysdepot
+ try:
+ self.__proxy_url = os.environ["PKG_SYSREPO_URL"]
+ if not self.__proxy_url.startswith("http://"):
+ self.__proxy_url = "http://" + \
+ self.__proxy_url
+ except KeyError:
+ try:
+ host = smf.get_prop(
+ "system/zones-proxy-client",
+ "config/listen_host")
+ port = smf.get_prop(
+ "system/zones-proxy-client",
+ "config/listen_port")
+ except smf.NonzeroExitException, e:
+ # If we can't get information out of
+ # smf, try using pkg/sysrepo.
+ try:
+ host = smf.get_prop(
+ "system/pkg/sysrepo:default",
+ "config/host")
+ host = "localhost"
+ port = smf.get_prop(
+ "system/pkg/sysrepo:default",
+ "config/port")
+ except smf.NonzeroExitException, e:
+ raise apx.UnknownSysrepoConfiguration()
+ self.__proxy_url = "http://%s:%s" % (host, port)
+ sysdepot_uri = publisher.RepositoryURI(self.__proxy_url)
+ assert sysdepot_uri.get_host()
+ try:
+ pubs, props = transport.get_syspub_data(
+ sysdepot_uri)
+ except TransportFailures:
+ self.sys_cfg = old_sysconfig
+ else:
+ try:
+ # Remove any previous system repository
+ # configuration.
+ portable.remove(syscfg_path)
+ except OSError, e:
+ if e.errno != errno.ENOENT:
+ raise
+ self.sys_cfg = ImageConfig(syscfg_path, None)
+ for p in pubs:
+ assert not p.disabled, "System " \
+ "publisher %s was unexpectedly " \
+ "marked disabled in system " \
+ "configuration." % p.prefix
+ self.sys_cfg.publishers[p.prefix] = p
+
+ self.sys_cfg.set_property("property",
+ "publisher-search-order",
+ props["publisher-search-order"])
+ else:
+ self.sys_cfg = NullSystemPublisher()
+ self.__publishers, self.added_pubs, self.removed_pubs = \
+ self.__merge_publishers(self.img_cfg, self.sys_cfg,
+ pkg_counts, old_sysconfig, self.__proxy_url)
+
+ @staticmethod
+ def __merge_publishers(img_cfg, sys_cfg, pkg_counts, old_sysconfig,
+ proxy_url):
+ """This funcion merges an old publisher configuration from the
+ system repository with the new publisher configuration from the
+ system repository. It retuns a tuple containing a dictionary
+ mapping prefix to publisher, the publisher objects for the newly
+ added system publishers, and the publisher objects for the
+ system publishers which were removed.
+
+ The 'img_cfg' parameter is the ImageConfig object for the
+ image.
+
+ The 'sys_cfg' parameter is the ImageConfig object containing the
+ publisher configuration from the system repository.
+
+ The 'pkg_counts' parameter is a list of tuples which contains
+ the number of packages each publisher has installed.
+
+ The 'old_sysconfig' parameter is ImageConfig object containing
+ the previous publisher configuration from the system repository.
+
+ The 'use_system_pub' parameter is a boolean which indicates
+ whether the system publisher should be used.
+
+ The 'proxy_url' parameter is the url for the system repository.
+ """
+
+ pubs_with_installed_pkgs = set()
+
+ added_pubs = set()
+ removed_pubs = set()
+
+ for prefix, cnt, ver_cnt in pkg_counts:
+ if cnt > 0:
+ pubs_with_installed_pkgs.add(prefix)
+
+ # Merge in previously existing system publishers which have
+ # installed packages.
+ for prefix in old_sysconfig.get_property("property",
+ "publisher-search-order"):
+ if prefix in sys_cfg.publishers or \
+ prefix in img_cfg.publishers or \
+ prefix not in pubs_with_installed_pkgs:
+ continue
+ sys_cfg.publishers[prefix] = \
+ old_sysconfig.publishers[prefix]
+ sys_cfg.publishers[prefix].disabled = True
+
+ # Write out the new system publisher configuration.
+ sys_cfg.write()
+ for p in sys_cfg.publishers.values():
+ for o in p.repository.origins:
+ o.system = True
+ if o.uri in p.properties["proxied-urls"]:
+ o.proxy = proxy_url
+ for o in p.repository.mirrors:
+ o.system = True
+ if o.uri in p.properties["proxied-urls"]:
+ o.proxy = proxy_url
+ p.sys_pub = True
+
+ # Create a dictionary mapping publisher prefix to publisher
+ # object while merging user configured origins into system
+ # publishers.
+ res = {}
+ for p in sys_cfg.publishers:
+ res[p] = sys_cfg.publishers[p]
+ for p in img_cfg.publishers.values():
+ assert isinstance(p, publisher.Publisher)
+ if p.prefix in res:
+ repo = p.repository
+ for o in repo.origins:
+ res[p.prefix].repository.add_origin(o)
+ else:
+ res[p.prefix] = p
+
+ new_pubs = set(sys_cfg.publishers.keys())
+ old_pubs = set(old_sysconfig.publishers.keys())
+
+ # Find the system publishers which appeared or vanished. This
+ # is needed so that the catalog information can be rebuilt.
+ added_pubs = new_pubs - old_pubs
+ removed_pubs = old_pubs - new_pubs
+
+ return res, [res[p] for p in added_pubs], \
+ [old_sysconfig.publishers[p] for p in removed_pubs]
+
+ def write(self):
+ """Update the image configuration to reflect any changes made,
+ then write it."""
+
+ for p in self.__publishers.values():
+ repo = p.repository
+ user_origins = [o for o in repo.origins if not o.system]
+ sys_origins = [o for o in repo.origins if o.system]
+ # If there aren't any origins configured from the system
+ # repository, then make sure the publisher is configured
+ # in the image.
+ if not sys_origins:
+ self.img_cfg.publishers[p.prefix] = p
+ continue
+
+ user_pub = self.img_cfg.publishers.get(p.prefix, None)
+ # If there aren't any user origins and the publisher has
+ # not been configured manually, then remove the
+ # publisher from the image.
+ if not user_origins and \
+ (not user_pub or not user_pub.has_configuration()):
+ if user_pub:
+ del self.img_cfg.publishers[p.prefix]
+ continue
+
+ # If there isn't a publisher in the image configuration,
+ # then create one and give it the right set of origins.
+ if not user_pub:
+ user_pub = publisher.Publisher(prefix=p.prefix)
+ self.img_cfg.publishers[p.prefix] = user_pub
+ if not user_pub.repository:
+ user_pub.repository = publisher.Repository()
+ user_pub.repository.origins = user_origins
+
+ # Write out the image configuration.
+ self.img_cfg.write()
+
+ def allowed_to_move(self, pub):
+ """Return whether a publisher is allowed to move in the search
+ order."""
+
+ return not self.__is_sys_pub(pub)
+
+ def add_property_value(self, *args, **kwargs):
+ return self.img_cfg.add_property_value(*args, **kwargs)
+
+ def remove_property_value(self, *args, **kwargs):
+ return self.img_cfg.remove_property_value(*args, **kwargs)
+
+ def get_index(self):
+ return self.img_cfg.get_index()
+
+ def get_policy(self, *args, **kwargs):
+ return self.img_cfg.get_policy(*args, **kwargs)
+
+ def get_policy_str(self, *args, **kwargs):
+ return self.img_cfg.get_policy_str(*args, **kwargs)
+
+ def get_property(self, section, name):
+ # If the property being retrieved is the publisher search order,
+ # it's necessary to merge the information from the image
+ # configuration and the system configuration.
+ if section == "property" and name == "publisher-search-order":
+ res = self.sys_cfg.get_property(section, name)
+ enabled_sys_pubs = [
+ p for p in res
+ if not self.sys_cfg.publishers[p].disabled
+ ]
+ img_pubs = [
+ s for s in self.img_cfg.get_property(section, name)
+ if s not in enabled_sys_pubs
+ ]
+ disabled_sys_pubs = [
+ p for p in res
+ if self.sys_cfg.publishers[p].disabled and \
+ p not in img_pubs
+ ]
+ return enabled_sys_pubs + img_pubs + disabled_sys_pubs
+ return self.img_cfg.get_property(section, name)
+
+ def remove_property(self, *args, **kwargs):
+ return self.img_cfg.remove_property(*args, **kwargs)
+
+ def set_property(self, *args, **kwargs):
+ return self.img_cfg.set_property(*args, **kwargs)
+
+ def set_properties(self, *args, **kwargs):
+ return self.img_cfg.set_properties(*args, **kwargs)
+
+ @property
+ def target(self):
+ return self.img_cfg.target
+
+ @property
+ def variants(self):
+ return self.img_cfg.variants
+
+ def __get_facets(self):
+ return self.img_cfg.facets
+
+ def __set_facets(self, facets):
+ self.img_cfg.facets = facets
+
+ facets = property(__get_facets, __set_facets)
+
+ def __is_sys_pub(self, prefix):
+ """Return whether the publisher with the prefix 'prefix' is a
+ system publisher."""
+
+ return prefix in self.sys_cfg.publishers
+
+ def remove_publisher(self, prefix):
+ try:
+ del self.publishers[prefix]
+ except KeyError:
+ pass
+
+ def change_publisher_search_order(self, being_moved, staying_put,
+ after):
+ """Change the publisher search order by moving the publisher
+ 'being_moved' relative to the publisher 'staying put.' The
+ boolean 'after' determins whether 'being_moved' is placed before
+ or after 'staying_put'."""
+
+ if being_moved == staying_put:
+ raise apx.MoveRelativeToSelf()
+
+ if self.__is_sys_pub(being_moved):
+ raise apx.ModifyingSyspubException(_("Publisher '%s' "
+ "is a system publisher and cannot be moved.") %
+ being_moved)
+ if self.__is_sys_pub(staying_put):
+ raise apx.ModifyingSyspubException(_("Publisher '%s' "
+ "is a system publisher and other publishers cannot "
+ "be moved relative to it.") % staying_put)
+ self.img_cfg.change_publisher_search_order(being_moved,
+ staying_put, after)
+
+ def reset(self, overrides=misc.EmptyDict):
+ """Discards current configuration state and returns the
+ configuration object to its initial state.
+
+ 'overrides' is an optional dictionary of property values indexed
+ by section name and property name. If provided, it will be used
+ to override any default values initially assigned during reset.
+ """
+
+ self.img_cfg.reset(overrides)
+ self.sys_cfg.reset()
+ old_sysconfig = ImageConfig(os.path.join(imgdir, "pkg5.syspub"),
+ None)
+ self.__publishers = self.__merge_publishers(self.img_cfg,
+ self.sys_cfg, self.__pkg_counts, old_sysconfig)
+
+ def __get_publisher(self, prefix):
+ """Accessor method for publishers dictionary"""
+ return self.__publishers[prefix]
+
+ def __set_publisher(self, prefix, pubobj):
+ """Accessor method to keep search order correct on insert"""
+ pval = self.get_property("property", "publisher-search-order")
+ if prefix not in pval:
+ self.add_property_value("property",
+ "publisher-search-order", prefix)
+ self.__publishers[prefix] = pubobj
+
+ def __del_publisher(self, prefix):
+ """Accessor method for publishers"""
+ if self.__is_sys_pub(prefix):
+ raise apx.ModifyingSyspubException(_("%s is a system "
+ "publisher and cannot be unset.") % prefix)
+
+ del self.img_cfg.publishers[prefix]
+ del self.__publishers[prefix]
+
+ def __publisher_iter(self):
+ return self.__publishers.__iter__()
+
+ def __publisher_iteritems(self):
+ """Support iteritems on publishers"""
+ return self.__publishers.iteritems()
+
+ def __publisher_keys(self):
+ """Support keys() on publishers"""
+ return self.__publishers.keys()
+
+ def __publisher_values(self):
+ """Support values() on publishers"""
+ return self.__publishers.values()
+
+ # properties so we can enforce rules and manage two potentially
+ # overlapping sets of publishers
+ publishers = DictProperty(__get_publisher, __set_publisher,
+ __del_publisher, __publisher_iteritems, __publisher_keys,
+ __publisher_values, __publisher_iter,
doc="A dict mapping publisher prefixes to publisher objects")
--- a/src/modules/client/publisher.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/client/publisher.py Wed Apr 27 20:30:32 2011 -0700
@@ -124,6 +124,7 @@
# documentation as private, and for clarity in the property declarations
# found near the end of the class definition.
__priority = None
+ __proxy = None
__ssl_cert = None
__ssl_key = None
__trailing_slash = None
@@ -134,7 +135,7 @@
_source_object_id = None
def __init__(self, uri, priority=None, ssl_cert=None, ssl_key=None,
- trailing_slash=True):
+ trailing_slash=True, proxy=None, system=False):
# Must set first.
self.__trailing_slash = trailing_slash
@@ -146,28 +147,43 @@
self.uri = uri
self.ssl_cert = ssl_cert
self.ssl_key = ssl_key
+ self.proxy = proxy
+ self.system = system
def __copy__(self):
uri = RepositoryURI(self.__uri, priority=self.__priority,
ssl_cert=self.__ssl_cert, ssl_key=self.__ssl_key,
- trailing_slash=self.__trailing_slash)
+ trailing_slash=self.__trailing_slash, proxy=self.__proxy,
+ system=self.system)
uri._source_object_id = id(self)
return uri
def __eq__(self, other):
if isinstance(other, RepositoryURI):
- return self.uri == other.uri
+ return self.uri == other.uri and \
+ self.proxy == other.proxy
if isinstance(other, str):
- return self.uri == other
+ return self.proxy is None and self.uri == other
return False
def __ne__(self, other):
if isinstance(other, RepositoryURI):
- return self.uri != other.uri
+ return self.uri != other.uri or \
+ self.proxy != other.proxy
if isinstance(other, str):
- return self.uri != other
+ return self.proxy is not None or self.uri != other
return True
+ def __cmp__(self, other):
+ if not other:
+ return 1
+ if not isinstance(other, RepositoryURI):
+ other = RepositoryURI(other)
+ res = cmp(self.uri, other.uri)
+ if res != 0:
+ return res
+ return cmp(self.proxy, other.proxy)
+
def __set_priority(self, value):
if value is not None:
try:
@@ -176,6 +192,13 @@
raise api_errors.BadRepositoryURIPriority(value)
self.__priority = value
+ def __set_proxy(self, proxy):
+ if not proxy:
+ return
+ self.__proxy = proxy
+ assert not self.__ssl_cert
+ assert not self.__ssl_key
+
def __set_ssl_cert(self, filename):
if self.scheme not in SSL_SCHEMES and filename:
raise api_errors.UnsupportedRepositoryURIAttribute(
@@ -250,7 +273,29 @@
self.__uri = uri
def __str__(self):
- return self.__uri
+ if not self.__proxy:
+ return self.__uri
+ return "proxy://%s" % self.__uri
+
+ def change_scheme(self, new_scheme):
+ """Change the scheme of this uri."""
+
+ assert self.__uri
+ scheme, netloc, path, params, query, fragment = \
+ urlparse.urlparse(self.__uri, allow_fragments=False)
+ if new_scheme == scheme:
+ return
+ self.uri = urlparse.urlunparse(
+ (new_scheme, netloc, path, params, query, fragment))
+
+ def get_host(self):
+ """Get the host and port of this URI if it's a http uri."""
+
+ scheme, netloc, path, params, query, fragment = \
+ urlparse.urlparse(self.__uri, allow_fragments=0)
+ if scheme != "file":
+ return netloc
+ return ""
def get_pathname(self):
"""Returns the URI path as a pathname if the URI is a file
@@ -275,6 +320,9 @@
"An integer value representing the importance of this repository "
"URI relative to others.")
+ proxy = property(lambda self: self.__proxy, __set_proxy, None, "The "
+ "proxy to use to access this repository.")
+
@property
def scheme(self):
"""The URI scheme."""
@@ -405,6 +453,7 @@
cmirrors = [copy.copy(u) for u in self.mirrors]
cruris = [copy.copy(u) for u in self.related_uris]
corigins = [copy.copy(u) for u in self.origins]
+
repo = Repository(collection_type=self.collection_type,
description=self.description,
legal_uris=cluris,
@@ -562,7 +611,7 @@
'mirror' can be a RepositoryURI object or a URI string."""
if not isinstance(mirror, RepositoryURI):
- mirror = misc.url_affix_trailing_slash(mirror)
+ mirror = RepositoryURI(mirror)
return mirror in self.mirrors
def has_origin(self, origin):
@@ -572,7 +621,7 @@
'origin' can be a RepositoryURI object or a URI string."""
if not isinstance(origin, RepositoryURI):
- origin = misc.url_affix_trailing_slash(origin)
+ origin = RepositoryURI(origin)
return origin in self.origins
def remove_legal_uri(self, uri):
@@ -609,9 +658,9 @@
'origin' can be a RepositoryURI object or a URI string."""
if not isinstance(origin, RepositoryURI):
- origin = misc.url_affix_trailing_slash(origin)
+ origin = RepositoryURI(origin)
for i, o in enumerate(self.origins):
- if origin == o.uri:
+ if origin == o.uri and origin.proxy == o.proxy:
# Immediate return as the index into the array
# changes with each removal.
del self.origins[i]
@@ -754,8 +803,7 @@
__disabled = False
__meta_root = None
__prefix = None
- __selected_repository = None
- __repositories = []
+ __repository = None
__sticky = True
transport = None
@@ -764,10 +812,9 @@
_source_object_id = None
def __init__(self, prefix, alias=None, catalog=None, client_uuid=None,
- disabled=False, meta_root=None, repositories=None,
- selected_repository=None, transport=None, sticky=True,
- ca_certs=EmptyI, intermediate_certs=EmptyI, props=None,
- revoked_ca_certs=EmptyI, approved_ca_certs=EmptyI):
+ disabled=False, meta_root=None, repository=None,
+ transport=None, sticky=True, props=None, revoked_ca_certs=EmptyI,
+ approved_ca_certs=EmptyI, sys_pub=False):
"""Initialize a new publisher object.
'catalog' is an optional Catalog object to use in place of
@@ -782,7 +829,7 @@
else:
self.__client_uuid = client_uuid
- self.__repositories = []
+ self.sys_pub = False
# Note that the properties set here are intentionally lacking
# the '__' prefix which means assignment will occur using the
@@ -795,12 +842,6 @@
self.meta_root = meta_root
self.sticky = sticky
- if repositories:
- for r in repositories:
- self.add_repository(r)
-
- if selected_repository:
- self.selected_repository = selected_repository
self.__sig_policy = None
self.__delay_validation = False
@@ -829,6 +870,10 @@
self.ca_dict = None
+ if repository:
+ self.repository = repository
+ self.sys_pub = sys_pub
+
# Must be done last.
self.__catalog = catalog
@@ -848,20 +893,15 @@
def __copy__(self):
selected = None
- repositories = []
- for r in self.__repositories:
- repo = copy.copy(r)
- if r == self.selected_repository:
- selected = repo
- repositories.append(repo)
pub = Publisher(self.__prefix, alias=self.__alias,
client_uuid=self.__client_uuid, disabled=self.__disabled,
- meta_root=self.meta_root, repositories=repositories,
- selected_repository=selected, transport=self.transport,
- sticky=self.__sticky,
+ meta_root=self.meta_root,
+ repository=copy.copy(self.repository),
+ transport=self.transport, sticky=self.__sticky,
props=self.properties,
revoked_ca_certs=self.revoked_ca_certs,
- approved_ca_certs=self.approved_ca_certs)
+ approved_ca_certs=self.approved_ca_certs,
+ sys_pub=self.sys_pub)
pub._source_object_id = id(self)
return pub
@@ -883,7 +923,7 @@
if key == "prefix":
return self.__prefix
- repo = self.selected_repository
+ repo = self.repository
if key == "mirrors":
return [str(m) for m in repo.mirrors]
if key == "origin":
@@ -920,6 +960,9 @@
return True
def __set_alias(self, value):
+ if self.sys_pub:
+ raise api_errors.ModifyingSyspubException(
+ "Cannot set the alias of a system publisher")
# Aliases must comply with the same restrictions that prefixes
# have as they are intended to be useable in any case where
# a prefix may be used.
@@ -929,6 +972,10 @@
self.__alias = value
def __set_disabled(self, disabled):
+ if self.sys_pub:
+ raise api_errors.ModifyingSyspubException(_("Cannot "
+ "enable or disable a system publisher"))
+
if disabled:
self.__disabled = True
else:
@@ -1012,17 +1059,19 @@
raise api_errors.BadPublisherPrefix(prefix)
self.__prefix = prefix
- def __set_selected_repository(self, value):
- if not isinstance(value, Repository) or \
- value not in self.repositories:
+ def __set_repository(self, value):
+ if not isinstance(value, Repository):
raise api_errors.UnknownRepository(value)
- self.__selected_repository = value
+ self.__repository = value
self.__catalog = None
def __set_client_uuid(self, value):
self.__client_uuid = value
def __set_stickiness(self, value):
+ if self.sys_pub:
+ raise api_errors.ModifyingSyspubException(_("Cannot "
+ "change the stickiness of a system publisher"))
self.__sticky = bool(value)
def __str__(self):
@@ -1050,7 +1099,7 @@
pubs = self.catalog.publishers()
if self.prefix not in pubs:
- origins = self.selected_repository.origins
+ origins = self.repository.origins
origin = origins[0]
logger.error(_("""
Unable to retrieve package data for publisher '%(prefix)s' from one
@@ -1107,23 +1156,6 @@
pkg unset-publisher %s
""") % self.prefix)
- def add_repository(self, repository):
- """Adds the provided repository object to the publisher and
- sets it as the selected one if no repositories exist."""
-
- for r in self.__repositories:
- if repository.name == r.name:
- raise api_errors.DuplicateRepository(
- self.prefix)
- for o in repository.origins:
- if o.uri in r.origins:
- raise api_errors.DuplicateRepository(
- self.prefix)
-
- self.__repositories.append(repository)
- if len(self.__repositories) == 1:
- self.selected_repository = repository
-
@property
def catalog(self):
"""A reference to the Catalog object for the publisher's
@@ -1189,16 +1221,13 @@
# Otherwise, raise the exception.
raise
- def get_repository(self, name=None, origin=None):
- """Returns the repository object matching the name or that has
- a matching origin URI."""
+ def has_configuration(self):
+ """Returns whether this publisher has any configuration which
+ should prevent its removal."""
- assert not (name and origin)
- for r in self.__repositories:
- if (name and r.name == name) or (origin and
- r.has_origin(origin)):
- return r
- raise api_errors.UnknownRepository(max(name, origin))
+ return bool(self.__repository.origins or
+ self.__repository.mirrors or self.__sig_policy or
+ self.approved_ca_certs or self.revoked_ca_certs)
@property
def needs_refresh(self):
@@ -1206,7 +1235,7 @@
metadata for the currently selected repository needs to be
refreshed."""
- if not self.selected_repository or not self.meta_root:
+ if not self.repository or not self.meta_root:
# Nowhere to obtain metadata from; this should rarely
# occur except during publisher initialization.
return False
@@ -1220,7 +1249,7 @@
ts_now = time.time()
ts_last = calendar.timegm(lc.utctimetuple())
- rs = self.selected_repository.refresh_seconds
+ rs = self.repository.refresh_seconds
if not rs:
# There is no indicator of how often often publisher
# metadata should be refreshed, so assume it should be
@@ -1232,7 +1261,6 @@
# publisher metadata was last refreshed exceeds or
# equals the specified interval.
return True
-
return False
def __convert_v0_catalog(self, v0_cat):
@@ -1310,7 +1338,7 @@
new_cat = True
v0_lm = None
if v0_cat.exists:
- repo = self.selected_repository
+ repo = self.repository
if full_refresh or v0_cat.origin() not in repo.origins:
try:
v0_cat.destroy(root=self.catalog_root)
@@ -1497,7 +1525,7 @@
# No refresh needed.
return False
- if not self.selected_repository.origins:
+ if not self.repository.origins:
# Nothing to do.
return False
@@ -1619,34 +1647,11 @@
if e.errno not in (errno.ENOENT, errno.ESRCH):
raise
- def remove_repository(self, name=None, origin=None):
- """Removes the repository object matching the name or that has
- a matching origin URI from the publisher."""
-
- assert not (name and origin)
- for i, r in enumerate(self.__repositories):
- if (name and r.name == name) or (origin and
- r.has_origin(origin)):
- if r != self.selected_repository:
- # Immediate return as the index into the
- # array changes with each removal.
- del self.__repositories[i]
- return
- raise api_errors.SelectedRepositoryRemoval(r)
-
def reset_client_uuid(self):
"""Replaces the current client_uuid with a new UUID."""
self.__client_uuid = str(uuid.uuid1())
- def set_selected_repository(self, name=None, origin=None):
- """Sets the selected repository for the publisher to the
- repository object matching the name or that has a matching
- origin URI."""
-
- self.__selected_repository = self.get_repository(name=name,
- origin=origin)
-
def validate_config(self, repo_uri=None):
"""Verify that the publisher's configuration (such as prefix)
matches that provided by the repository. If the configuration
@@ -1655,7 +1660,7 @@
'repo_uri' is an optional RepositoryURI object or URI string
containing the location of the repository. If not provided,
- the publisher's selected_repository will be used instead."""
+ the publisher's repository will be used instead."""
if repo_uri and not isinstance(repo_uri, RepositoryURI):
repo = RepositoryURI(repo_uri)
@@ -1687,18 +1692,13 @@
location=repo_uri)
raise api_errors.UnknownRepositoryPublishers(
known=known, unknown=[self.prefix],
- origins=self.selected_repository.origins)
+ origins=self.repository.origins)
- def approve_ca_cert(self, cert, trust_anchors=None, img_policy=None):
+ def approve_ca_cert(self, cert):
"""Add the cert as a CA for manifest signing for this publisher.
- The 'cert' parameter as a string of the certificate to add.
-
- The 'trust_anchors' parameter is a dictionary which contains
- the trust anchors to use to validate the certificate.
-
- The 'img_policy' parameter is the signature policy for the
- image."""
+ The 'cert' parameter is a string of the certificate to add.
+ """
hsh = self.__add_cert(cert)
# If the user had previously revoked this certificate, remove
@@ -2289,11 +2289,8 @@
prefix = property(lambda self: self.__prefix, __set_prefix,
doc="The name of the publisher.")
- repositories = property(lambda self: self.__repositories,
- doc="A list of repository objects that belong to the publisher.")
-
- selected_repository = property(lambda self: self.__selected_repository,
- __set_selected_repository,
+ repository = property(lambda self: self.__repository,
+ __set_repository,
doc="A reference to the selected repository object.")
sticky = property(lambda self: self.__sticky, __set_stickiness,
@@ -2323,6 +2320,10 @@
def __set_prop(self, name, values):
"""Accessor method to add a property"""
+ if self.sys_pub:
+ raise api_errors.ModifyingSyspubException(_("Cannot "
+ "set a property for a system publisher. The "
+ "property was:%s") % name)
if name == SIGNATURE_POLICY:
self.__sig_policy = None
@@ -2366,6 +2367,10 @@
def __del_prop(self, name):
"""Accessor method for properties"""
+ if self.sys_pub:
+ raise api_errors.ModifyingSyspubException(_("Cannot "
+ "unset a property for a system publisher. The "
+ "property was:%s") % name)
del self.__properties[name]
def __prop_iter(self):
@@ -2407,6 +2412,9 @@
def __prop_pop(self, d, default):
"""Support pop() on properties"""
+ if self.sys_pub:
+ raise api_errors.ModifyingSyspubException(_("Cannot "
+ "unset a property for a system publisher."))
return self.__properties.pop(d, default)
properties = DictProperty(__get_prop, __set_prop, __del_prop,
--- a/src/modules/client/transport/engine.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/client/transport/engine.py Wed Apr 27 20:30:32 2011 -0700
@@ -21,7 +21,7 @@
#
#
-# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
#
import errno
@@ -45,6 +45,7 @@
from collections import deque
from pkg.client import global_settings
+from pkg.client.debugvalues import DebugValues
pipelined_protocols = ()
response_protocols = ("ftp", "http", "https")
@@ -118,7 +119,7 @@
def add_url(self, url, filepath=None, writefunc=None, header=None,
progclass=None, progtrack=None, sslcert=None, sslkey=None,
- repourl=None, compressible=False, failonerror=True):
+ repourl=None, compressible=False, failonerror=True, proxy=None):
"""Add a URL to the transport engine. Caller must supply
either a filepath where the file should be downloaded,
or a callback to a function that will peform the write.
@@ -131,7 +132,7 @@
writefunc=writefunc, header=header, progclass=progclass,
progtrack=progtrack, sslcert=sslcert, sslkey=sslkey,
repourl=repourl, compressible=compressible,
- failonerror=failonerror)
+ failonerror=failonerror, proxy=proxy)
self.__req_q.appendleft(t)
@@ -501,7 +502,7 @@
def get_url(self, url, header=None, sslcert=None, sslkey=None,
repourl=None, compressible=False, ccancel=None,
- failonerror=True):
+ failonerror=True, proxy=None):
"""Invoke the engine to retrieve a single URL. Callers
wishing to obtain multiple URLs at once should use
addUrl() and run().
@@ -519,14 +520,14 @@
hdrfunc=fobj.get_header_func(), header=header,
sslcert=sslcert, sslkey=sslkey, repourl=repourl,
compressible=compressible, progfunc=progfunc,
- uuid=fobj.uuid, failonerror=failonerror)
+ uuid=fobj.uuid, failonerror=failonerror, proxy=proxy)
self.__req_q.appendleft(t)
return fobj
def get_url_header(self, url, header=None, sslcert=None, sslkey=None,
- repourl=None, ccancel=None, failonerror=True):
+ repourl=None, ccancel=None, failonerror=True, proxy=None):
"""Invoke the engine to retrieve a single URL's headers.
getUrlHeader will return a read-only file object that
@@ -542,7 +543,7 @@
hdrfunc=fobj.get_header_func(), header=header,
httpmethod="HEAD", sslcert=sslcert, sslkey=sslkey,
repourl=repourl, progfunc=progfunc, uuid=fobj.uuid,
- failonerror=failonerror)
+ failonerror=failonerror, proxy=proxy)
self.__req_q.appendleft(t)
@@ -677,7 +678,7 @@
def send_data(self, url, data=None, header=None, sslcert=None,
sslkey=None, repourl=None, ccancel=None,
data_fobj=None, data_fp=None, failonerror=True,
- progclass=None, progtrack=None):
+ progclass=None, progtrack=None, proxy=None):
"""Invoke the engine to retrieve a single URL.
This routine sends the data in data, and returns the
server's response.
@@ -700,7 +701,7 @@
repourl=repourl, progfunc=progfunc, uuid=fobj.uuid,
read_fobj=data_fobj, read_filepath=data_fp,
failonerror=failonerror, progclass=progclass,
- progtrack=progtrack)
+ progtrack=progtrack, proxy=proxy)
self.__req_q.appendleft(t)
@@ -764,9 +765,14 @@
hdl.setopt(pycurl.MAXREDIRS,
global_settings.PKG_CLIENT_MAX_REDIRECT)
- # Make sure that we don't use a proxy if the destination
- # is localhost.
- hdl.setopt(pycurl.NOPROXY, "localhost")
+ # If the TransportRequest has proxy information set, use it
+ # even if it's set to localhost.
+ if treq.proxy:
+ hdl.setopt(pycurl.PROXY, treq.proxy)
+ else:
+ # Make sure that we don't use a proxy if the destination
+ # is localhost.
+ hdl.setopt(pycurl.NOPROXY, "localhost")
# Set user agent, if client has defined it
if self.__user_agent:
@@ -912,11 +918,15 @@
if proto == "https":
# Verify that peer's CN matches CN on certificate
hdl.setopt(pycurl.SSL_VERIFYHOST, 2)
-
+ hdl.setopt(pycurl.SSL_VERIFYPEER, 1)
cadir = self.__xport.get_ca_dir()
- hdl.setopt(pycurl.SSL_VERIFYPEER, 1)
hdl.setopt(pycurl.CAPATH, cadir)
- hdl.unsetopt(pycurl.CAINFO)
+ if "ssl_ca_file" in DebugValues:
+ cafile = DebugValues["ssl_ca_file"]
+ hdl.setopt(pycurl.CAINFO, cafile)
+ hdl.unsetopt(pycurl.CAPATH)
+ else:
+ hdl.unsetopt(pycurl.CAINFO)
def shutdown(self):
"""Shutdown the transport engine, perform cleanup."""
@@ -991,7 +1001,7 @@
hdrfunc=None, header=None, data=None, httpmethod="GET",
progclass=None, progtrack=None, sslcert=None, sslkey=None,
repourl=None, compressible=False, progfunc=None, uuid=None,
- read_fobj=None, read_filepath=None, failonerror=False):
+ read_fobj=None, read_filepath=None, failonerror=False, proxy=None):
"""Create a TransportRequest with the following parameters:
url - The url that the transport engine should retrieve
@@ -1077,3 +1087,4 @@
self.read_fobj = read_fobj
self.read_filepath = read_filepath
self.failonerror = failonerror
+ self.proxy = proxy
--- a/src/modules/client/transport/repo.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/client/transport/repo.py Wed Apr 27 20:30:32 2011 -0700
@@ -303,23 +303,28 @@
self._engine = engine
self._verdata = None
+ def __str__(self):
+ return "HTTPRepo url: %s repouri: %s" % (self._url,
+ self._repouri)
+
def _add_file_url(self, url, filepath=None, progclass=None,
progtrack=None, header=None, compress=False):
self._engine.add_url(url, filepath=filepath,
progclass=progclass, progtrack=progtrack, repourl=self._url,
- header=header, compressible=compress)
+ header=header, compressible=compress,
+ proxy=self._repouri.proxy)
def _fetch_url(self, url, header=None, compress=False, ccancel=None,
failonerror=True):
return self._engine.get_url(url, header, repourl=self._url,
compressible=compress, ccancel=ccancel,
- failonerror=failonerror)
+ failonerror=failonerror, proxy=self._repouri.proxy)
def _fetch_url_header(self, url, header=None, ccancel=None,
failonerror=True):
return self._engine.get_url_header(url, header,
repourl=self._url, ccancel=ccancel,
- failonerror=failonerror)
+ failonerror=failonerror, proxy=self._repouri.proxy)
def _post_url(self, url, data=None, header=None, ccancel=None,
data_fobj=None, data_fp=None, failonerror=True, progclass=None,
@@ -328,7 +333,7 @@
repourl=self._url, ccancel=ccancel,
data_fobj=data_fobj, data_fp=data_fp,
failonerror=failonerror, progclass=progclass,
- progtrack=progtrack)
+ progtrack=progtrack, proxy=self._repouri.proxy)
def __check_response_body(self, fobj):
"""Parse the response body found accessible using the provided
@@ -512,6 +517,12 @@
requesturl = self.__get_request_url("publisher/0/")
return self._fetch_url(requesturl, header, ccancel=ccancel)
+ def get_syspub_info(self, header=None, ccancel=None):
+ """Get configuration from the system depot."""
+
+ requesturl = self.__get_request_url("syspub/0/")
+ return self._fetch_url(requesturl, header, ccancel=ccancel)
+
def get_status(self, header=None, ccancel=None):
"""Get status/0 information from the repository."""
--- a/src/modules/client/transport/transport.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/client/transport/transport.py Wed Apr 27 20:30:32 2011 -0700
@@ -49,6 +49,7 @@
import pkg.misc as misc
import pkg.nrlock as nrlock
import pkg.p5i as p5i
+import pkg.p5s as p5s
import pkg.portable as portable
import pkg.server.repository as sr
import pkg.updatelog as updatelog
@@ -207,7 +208,7 @@
# Automatically add any publisher repository origins
# or mirrors that are filesystem-based as read-only caches.
for pub in self.gen_publishers():
- repo = pub.selected_repository
+ repo = pub.repository
if not repo:
continue
@@ -904,6 +905,39 @@
raise failures
@LockedTransport()
+ def get_syspub_data(self, repo_uri, ccancel=None):
+ """Get the publisher and image configuration from the system
+ repo given in repo_uri."""
+
+ retry_count = global_settings.PKG_CLIENT_MAX_TIMEOUT
+ failures = tx.TransportFailures()
+ header = None
+
+ assert isinstance(self.cfg, ImageTransportCfg)
+ assert isinstance(repo_uri, publisher.RepositoryURI)
+
+ for d, v in self.__gen_repo(repo_uri, retry_count,
+ origin_only=True, operation="syspub", versions=[0],
+ ccancel=ccancel):
+ try:
+ resp = d.get_syspub_info(header,
+ ccancel=ccancel)
+ infostr = resp.read()
+ return p5s.parse(repo_uri.get_host(), infostr)
+ except tx.ExcessiveTransientFailure, e:
+ # If an endpoint experienced so many failures
+ # that we just gave up, grab the list of
+ # failures that it contains
+ failures.extend(e.failures)
+ except tx.TransportException, e:
+ if e.retryable:
+ failures.append(e)
+ else:
+ raise
+
+ raise failures
+
+ @LockedTransport()
def get_content(self, pub, fhash, fmri=None, ccancel=None):
"""Given a fhash, return the uncompressed content content from
the remote object. This is similar to get_datastream, except
@@ -925,7 +959,7 @@
# that composites the repository information returned
# from the image with the alternate sources for this
# publisher.
- alt_repo = pub.selected_repository
+ alt_repo = pub.repository
if alt_repo:
alt_repo = copy.copy(alt_repo)
else:
@@ -934,7 +968,7 @@
for tpub in self.cfg.alt_pubs:
if tpub.prefix != pub.prefix:
continue
- for o in tpub.selected_repository.origins:
+ for o in tpub.repository.origins:
if not alt_repo.has_origin(o):
alt_repo.add_origin(o)
elif self.cfg.pkg_pub_map:
@@ -1170,7 +1204,7 @@
sver = str(ver)
if pfx in pmap and stem in pmap[pfx] and \
sver in pmap[pfx][stem]:
- return pmap[pfx][stem][sver].selected_repository
+ return pmap[pfx][stem][sver].repository
@LockedTransport()
def prefetch_manifests(self, fetchlist, excludes=misc.EmptyI,
@@ -1792,7 +1826,7 @@
def __gen_repo(self, pub, count, prefer_remote=False, origin_only=False,
single_repository=False, operation=None, versions=None,
ccancel=None, alt_repo=None):
- """An internal method tha returns the list of Repo objects
+ """An internal method that returns the list of Repo objects
for a given Publisher. Callers use this method to generate
lists of endpoints for transport operations, and to retry
operations to a single endpoint.
@@ -1830,7 +1864,7 @@
passed in the 'ccancel' argument.
By default, this routine looks at a Publisher's
- selected_repository. If the caller would like to use a
+ repository. If the caller would like to use a
different Repository object, it should pass one in
'alt_repo.'
@@ -1843,12 +1877,12 @@
# If alt_repo supplied, use that as the Repository.
# Otherwise, check that a Publisher was passed, and use
- # its selected_repository.
+ # its repository.
repo = None
if alt_repo:
repo = alt_repo
elif isinstance(pub, publisher.Publisher):
- repo = pub.selected_repository
+ repo = pub.repository
assert repo
if repo and origin_only:
@@ -1958,7 +1992,7 @@
if not origin_only:
repolist.extend(alt_repo.mirrors)
elif isinstance(pub, publisher.Publisher):
- repo = pub.selected_repository
+ repo = pub.repository
repolist = repo.origins[:]
if not origin_only:
repolist.extend(repo.mirrors)
@@ -2139,7 +2173,8 @@
self.__setup()
mfile = MultiFileNI(publisher, self, final_dir,
- decompress=decompress, progtrack=progtrack, ccancel=ccancel)
+ decompress=decompress, progtrack=progtrack, ccancel=ccancel,
+ alt_repo=alt_repo)
return mfile
@@ -2593,7 +2628,7 @@
if not self.__engine:
self.__setup()
- origins = [pub.selected_repository.origins[0]]
+ origins = [pub.repository.origins[0]]
rslist = self.stats.get_repostats(origins, origins)
rs, ruri = rslist[0]
@@ -2606,7 +2641,7 @@
if not self.__engine:
self.__setup()
- originuri = pub.selected_repository.origins[0].uri
+ originuri = pub.repository.origins[0].uri
return originuri in self.__repo_cache
@@ -2954,7 +2989,7 @@
origin.ssl_key = ssl_key
origin.ssl_cert = ssl_cert
- pub = publisher.Publisher(prefix=prefix, repositories=[repo])
+ pub = publisher.Publisher(prefix=prefix, repository=repo)
if not remote_prefix and not remote_publishers:
xport_cfg.add_publisher(pub)
@@ -2970,10 +3005,10 @@
return pub
for p in newpubs:
- psr = p.selected_repository
+ psr = p.repository
if not psr:
- p.add_repository(repo)
+ p.repository = repo
elif remote_publishers:
if not psr.origins:
for r in repouri_list:
@@ -2984,9 +3019,10 @@
else:
psr.origins = repouri_list
- for newrepo in p.repositories:
- for origin in newrepo.origins:
- if origin.scheme == "https":
+ if p.repository:
+ for origin in p.repository.origins:
+ if origin.scheme == \
+ pkg.client.publisher.SSL_SCHEMES:
origin.ssl_key = ssl_key
origin.ssl_cert = ssl_cert
--- a/src/modules/lint/engine.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/lint/engine.py Wed Apr 27 20:30:32 2011 -0700
@@ -39,7 +39,7 @@
import sys
PKG_CLIENT_NAME = "pkglint"
-CLIENT_API_VERSION = 56
+CLIENT_API_VERSION = 57
pkg.client.global_settings.client_name = PKG_CLIENT_NAME
class LintEngineException(Exception):
--- a/src/modules/misc.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/misc.py Wed Apr 27 20:30:32 2011 -0700
@@ -626,15 +626,6 @@
self.__update, self.__pop)
-def get_sorted_publishers(pubs, preferred=None):
- spubs = []
- for p in sorted(pubs, key=operator.attrgetter("prefix")):
- if preferred and preferred == p.prefix:
- spubs.insert(0, p)
- else:
- spubs.append(p)
- return spubs
-
def build_cert(path, uri=None, pub=None):
"""Take the file given in path, open it, and use it to create
an X509 certificate object.
@@ -861,3 +852,13 @@
if path and start and start == "/" and path[0] == "/":
return path.lstrip("/")
return os.path.relpath(path, start=start)
+
+def recursive_chown_dir(d, uid, gid):
+ """Change the ownership of all files under directory d to uid:gid."""
+ for dirpath, dirnames, filenames in os.walk(d):
+ for name in dirnames:
+ path = os.path.join(dirpath, name)
+ portable.chown(path, uid, gid)
+ for name in filenames:
+ path = os.path.join(dirpath, name)
+ portable.chown(path, uid, gid)
--- a/src/modules/p5i.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/p5i.py Wed Apr 27 20:30:32 2011 -0700
@@ -130,7 +130,7 @@
rargs[prop] = val
repo = publisher.Repository(**rargs)
- pub.add_repository(repo)
+ pub.repository = repo
pkglist = dump_struct.get("packages", [])
if pkglist:
@@ -192,7 +192,8 @@
pass
drepos = dpub["repositories"]
- for r in p.repositories:
+ if p.repository:
+ r = p.repository
reg_uri = ""
if r.registration_uri:
reg_uri = r.registration_uri.uri
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/modules/p5s.py Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,226 @@
+#!/usr/bin/python
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+import copy
+import hashlib
+import os
+import pkg.client.api_errors as api_errors
+import pkg.client.publisher as publisher
+import pkg.fmri as fmri
+import simplejson as json
+import urllib
+import urllib2
+import urlparse
+
+CURRENT_VERSION = 0
+
+def parse(proxy_host, data):
+ """Reads the pkg(5) publisher JSON formatted data at 'location'
+ or from the provided file-like object 'fileobj' and returns a
+ tuple. The first element of the tuple is a list of publisher objects.
+ The second element is a dictionary of image properties.
+
+ 'proxy_host' is the string to replace the special string
+ 'http://<sysrepo>' with when it starts any uri.
+
+ 'data' is a string containing the p5s data.
+ """
+
+ def transform_urls(urls):
+ res = []
+ for val in urls:
+ # If the url is an http url, then we need to proxy it
+ # through the system repository.
+ if val.startswith("http://<sysrepo>"):
+ scheme, netloc, path, params, query, fragment =\
+ urlparse.urlparse(val)
+ val = urlparse.urlunparse((scheme, proxy_host,
+ path, params, query, fragment))
+ res.append(val)
+ return res
+
+ try:
+ dump_struct = json.loads(data)
+ except ValueError, e:
+ # Not a valid JSON file.
+ raise api_errors.InvalidP5SFile(e)
+
+ try:
+ ver = int(dump_struct["version"])
+ except KeyError:
+ raise api_errors.InvalidP5SFile(_("missing version"))
+ except ValueError:
+ raise api_errors.InvalidP5SFile(_("invalid version"))
+
+ if ver > CURRENT_VERSION:
+ raise api_errors.UnsupportedP5SFile()
+
+ pubs = []
+ props = {}
+ try:
+ plist = dump_struct.get("publishers", [])
+
+ # For each set of publisher information in the parsed p5s file,
+ # build a Publisher object.
+ for p in plist:
+ alias = p.get("alias", None)
+ prefix = p.get("name", None)
+ sticky = p.get("sticky", True)
+
+ if not prefix:
+ prefix = "Unknown"
+
+ pub = publisher.Publisher(prefix, alias=alias,
+ sticky=sticky)
+ pub.properties["proxied-urls"] = \
+ p.get("proxied-urls", [])
+
+ r = p.get("repository", None)
+ if r:
+ rargs = {}
+ for prop in ("collection_type",
+ "description", "name",
+ "refresh_seconds", "sticky"):
+ val = r.get(prop, None)
+ if val is None or val == "None":
+ continue
+ rargs[prop] = val
+
+ for prop in ("legal_uris", "related_uris"):
+ val = r.get(prop, [])
+ if not isinstance(val, list):
+ continue
+ rargs[prop] = val
+
+ for prop in ("mirrors", "origins"):
+ urls = r.get(prop, [])
+ if not isinstance(urls, list):
+ continue
+ rargs[prop] = transform_urls(urls)
+ repo = publisher.Repository(**rargs)
+ pub.repository = repo
+ pubs.append(pub)
+
+ props["publisher-search-order"] = \
+ dump_struct["image_properties"]["publisher-search-order"]
+ except (api_errors.PublisherError, TypeError, ValueError), e:
+ raise api_errors.InvalidP5SFile(str(e))
+ return pubs, props
+
+def write(fileobj, pubs, cfg):
+ """Writes the publisher, repository, and provided package names to the
+ provided file-like object 'fileobj' in JSON p5i format.
+
+ 'fileobj' is an object that has a 'write' method that accepts data to be
+ written as a parameter.
+
+ 'pubs' is a list of Publisher objects.
+
+ 'cfg' is an ImageConfig which contains the properties of the image on
+ which the generated p5s file is based."""
+
+ def transform_uris(urls, prefix):
+ res = []
+ proxied = []
+
+ for u in urls:
+ m = copy.copy(u)
+ if m.scheme == "http":
+ res.append(m.uri)
+ proxied.append(m.uri)
+ elif m.scheme == "https":
+ # The system depot handles connecting to the
+ # proxied https repositories, so the client
+ # should communicate over http to prevent it
+ # from doing tunneling.
+ m.change_scheme("http")
+ res.append(m.uri)
+ proxied.append(m.uri)
+ elif m.scheme == "file":
+ # The system depot provides direct access to
+ # file repositories. The token <sysrepo> will
+ # be replaced in the client with the url it uses
+ # to communicate with the system repository.
+ res.append("http://<sysrepo>/%s/%s" %
+ (prefix,
+ hashlib.sha1(m.uri.rstrip("/")).hexdigest()
+ ))
+ else:
+ assert False, "%s is an unknown scheme." % \
+ u.scheme
+ return res, proxied
+
+ dump_struct = {
+ "publishers": [],
+ "image_properties": {},
+ "version": CURRENT_VERSION,
+ }
+
+ dpubs = dump_struct["publishers"]
+ prefixes = set()
+ for p in pubs:
+
+ d = None
+ proxied_urls = []
+ if p.repository:
+ r = p.repository
+ reg_uri = ""
+
+ mirrors, t = transform_uris(r.mirrors, p.prefix)
+ proxied_urls.extend(t)
+ origins, t = transform_uris(r.origins, p.prefix)
+ proxied_urls.extend(t)
+ d = {
+ "collection_type": r.collection_type,
+ "description": r.description,
+ "legal_uris": [u.uri for u in r.legal_uris],
+ "mirrors": mirrors,
+ "name": r.name,
+ "origins": origins,
+ "refresh_seconds": r.refresh_seconds,
+ "related_uris": [
+ u.uri for u in r.related_uris
+ ],
+ }
+
+ dpub = {
+ "alias": p.alias,
+ "name": p.prefix,
+ "proxied-urls" : proxied_urls,
+ "repository": d,
+ "sticky": p.sticky,
+ }
+ dpubs.append(dpub)
+ prefixes.add(p.prefix)
+
+ dump_struct["image_properties"]["publisher-search-order"] = [
+ p for p in cfg.get_property("property", "publisher-search-order")
+ if p in prefixes
+ ]
+
+ json.dump(dump_struct, fileobj, ensure_ascii=False,
+ allow_nan=False, indent=2, sort_keys=True)
+ fileobj.write("\n")
--- a/src/modules/server/depot.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/server/depot.py Wed Apr 27 20:30:32 2011 -0700
@@ -391,7 +391,7 @@
# Couldn't get pub.
pass
else:
- repo = pub.selected_repository
+ repo = pub.repository
if repo:
rs = repo.refresh_seconds
if rs is None:
--- a/src/modules/server/repository.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/modules/server/repository.py Wed Apr 27 20:30:32 2011 -0700
@@ -2366,7 +2366,7 @@
repo = publisher.Repository(**rargs)
return publisher.Publisher(pub, alias=alias,
- repositories=[repo])
+ repository=repo)
def get_publishers(self):
"""Return publisher objects for all publishers known by the
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/modules/smf.py Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,211 @@
+#!/usr/bin/python
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+# This module provides a basic interface to smf.
+
+import os
+
+import pkg.pkgsubprocess as subprocess
+
+from pkg.client import global_settings
+from pkg.client.debugvalues import DebugValues
+
+logger = global_settings.logger
+
+# range of possible SMF service states
+SMF_SVC_UNKNOWN = 0
+SMF_SVC_DISABLED = 1
+SMF_SVC_MAINTENANCE = 2
+SMF_SVC_TMP_DISABLED = 3
+SMF_SVC_TMP_ENABLED = 4
+SMF_SVC_ENABLED = 5
+
+svcprop_path = "/usr/bin/svcprop"
+svcadm_path = "/usr/sbin/svcadm"
+svcs_path = "/usr/bin/svcs"
+
+class NonzeroExitException(Exception):
+ def __init__(self, cmd, return_code, output):
+ self.cmd = cmd
+ self.return_code = return_code
+ self.output = output
+
+ def __unicode__(self):
+ # To workaround python issues 6108 and 2517, this provides a
+ # a standard wrapper for this class' exceptions so that they
+ # have a chance of being stringified correctly.
+ return str(self)
+
+ def __str__(self):
+ return "Cmd %s exited with status %d, and output '%s'" %\
+ (self.cmd, self.return_code, self.output)
+
+
+def __call(args):
+ # a way to invoke a separate executable for testing
+ cmds_dir = DebugValues.get_value("smf_cmds_dir")
+ if cmds_dir:
+ args = (
+ os.path.join(cmds_dir,
+ args[0].lstrip("/")),) + args[1:]
+ try:
+ proc = subprocess.Popen(args, stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT)
+ buf = proc.stdout.readlines()
+ ret = proc.wait()
+ except OSError, e:
+ raise RuntimeError, "cannot execute %s: %s" % (args, e)
+
+ if ret != 0:
+ raise NonzeroExitException(args, ret, buf)
+ return buf
+
+def get_state(fmri):
+ """ return state of smf service """
+
+ props = get_props(fmri)
+ if not props:
+ return SMF_SVC_UNKNOWN
+
+ if "maintenance" in props.get("restarter/state", []):
+ return SMF_SVC_MAINTENANCE
+
+ if "true" not in props.get("general/enabled", []) :
+ if "general_ovr/enabled" not in props:
+ return SMF_SVC_DISABLED
+ elif "true" in props.get("general_ovr/enabled", []):
+ return SMF_SVC_TMP_ENABLED
+ else:
+ if "general_ovr/enabled" not in props:
+ return SMF_SVC_ENABLED
+ elif "false" in props.get("general_ovr/enabled", []):
+ return SMF_SVC_TMP_DISABLED
+
+def is_disabled(fmri):
+ return get_state(fmri) < SMF_SVC_TMP_ENABLED
+
+def check_fmris(attr, fmris):
+ """ Walk a set of fmris checking that each is fully specifed with
+ an instance.
+ If an FMRI is not fully specified and does not contain at least
+ one special match character from fnmatch(5) the fmri is dropped
+ from the set that is returned and an error message is logged.
+ """
+
+ if isinstance(fmris, basestring):
+ fmris = set([fmris])
+ chars = "*?[!^"
+ for fmri in fmris.copy():
+ is_glob = False
+ for c in chars:
+ if c in fmri:
+ is_glob = True
+
+ tmp_fmri = fmri
+ if fmri.startswith("svc:"):
+ tmp_fmri = fmri.replace("svc:", "", 1)
+
+ # check to see if we've got an instance already
+ if ":" in tmp_fmri and not is_glob:
+ continue
+
+ fmris.remove(fmri)
+ if is_glob:
+ cmd = (svcs_path, "-H", "-o", "fmri", "%s" % fmri)
+ try:
+ instances = __call(cmd)
+ for instance in instances:
+ fmris.add(instance.rstrip())
+ except NonzeroExitException:
+ continue # non-zero exit == not installed
+
+ else:
+ logger.error(_("FMRI pattern might implicitly match " \
+ "more than one service instance."))
+ logger.error(_("Actuators for %(attr)s will not be run " \
+ "for %(fmri)s.") % locals())
+ return fmris
+
+def get_props(svcfmri):
+ args = (svcprop_path, "-c", svcfmri)
+
+ try:
+ buf = __call(args)
+ except NonzeroExitException:
+ return {} # empty output == not installed
+
+ return dict([
+ l.strip().split(None, 1)
+ for l in buf
+ ])
+
+def get_prop(fmri, prop):
+ args = (svcprop_path, "-c", "-p", prop, fmri)
+ buf = __call(args)
+ assert len(buf) == 1, "Was expecting one entry, got:%s" % buf
+ buf = buf[0].rstrip("\n")
+ return buf
+
+def enable(fmris, temporary=False):
+ if not fmris:
+ return
+ if isinstance(fmris, basestring):
+ fmris = (fmris,)
+ args = [svcadm_path, "enable"]
+ if temporary:
+ args.append("-t")
+ __call(tuple(args) + fmris)
+
+def disable(fmris, temporary=False):
+ if not fmris:
+ return
+ if isinstance(fmris, basestring):
+ fmris = (fmris,)
+ args = [svcadm_path, "disable", "-s"]
+ if temporary:
+ args.append("-t")
+ __call(tuple(args) + fmris)
+
+def mark(state, fmris):
+ if not fmris:
+ return
+ if isinstance(fmris, basestring):
+ fmris = (fmris,)
+ __call((svcadm_path, "mark", state) + tuple(fmris))
+
+def refresh(fmris):
+ if not fmris:
+ return
+ if isinstance(fmris, basestring):
+ fmris = (fmris,)
+ __call((svcadm_path, "refresh") + tuple(fmris))
+
+def restart(fmris):
+ if not fmris:
+ return
+ if isinstance(fmris, basestring):
+ fmris = (fmris,)
+ __call((svcadm_path, "restart") + tuple(fmris))
--- a/src/packagemanager.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/packagemanager.py Wed Apr 27 20:30:32 2011 -0700
@@ -1777,14 +1777,14 @@
if pub_prefix != None:
pub = self.api_o.get_publisher(prefix=pub_prefix)
else:
- pub = self.api_o.get_preferred_publisher()
+ pub = self.api_o.get_highest_ranked_publisher()
except api_errors.ApiException, ex:
err = str(ex)
gobject.idle_add(self.error_occurred, err,
None, gtk.MESSAGE_INFO)
gobject.idle_add(self.unset_busy_cursor)
return
- origin_uri = gui_misc.get_origin_uri(pub.selected_repository)
+ origin_uri = gui_misc.get_origin_uri(pub.repository)
servers.append({"origin": origin_uri})
self.publisher_being_searched = \
self.get_publisher_display_name_from_prefix(pub.prefix)
@@ -3131,7 +3131,7 @@
enumerations.REPOSITORY_PREFIX)
self.__disconnect_repository_model()
self.repositories_list = self.__get_new_repositories_liststore()
- default_pub = api_o.get_preferred_publisher().prefix
+ default_pub = api_o.get_highest_ranked_publisher().prefix
if self.default_publisher != default_pub:
self.__clear_pkg_selections()
self.default_publisher = default_pub
--- a/src/pkg/manifests/developer%2Fopensolaris%2Fpkg5.p5m Wed Apr 27 16:39:43 2011 -0700
+++ b/src/pkg/manifests/developer%2Fopensolaris%2Fpkg5.p5m Wed Apr 27 20:30:32 2011 -0700
@@ -38,4 +38,5 @@
depend fmri=pkg:/runtime/perl-584/extra type=require
depend fmri=pkg:/system/zones/internal type=require
depend fmri=pkg:/text/tidy type=require
+depend fmri=pkg:/web/server/apache-22 type=require
depend fmri=pkg:/x11/library/libx11 type=require
--- a/src/pkg/manifests/package%2Fpkg.p5m Wed Apr 27 16:39:43 2011 -0700
+++ b/src/pkg/manifests/package%2Fpkg.p5m Wed Apr 27 20:30:32 2011 -0700
@@ -158,6 +158,7 @@
file path=$(PYDIRVP)/pkg/nrlock.py
file path=$(PYDIRVP)/pkg/p5i.py
file path=$(PYDIRVP)/pkg/p5p.py
+file path=$(PYDIRVP)/pkg/p5s.py
file path=$(PYDIRVP)/pkg/pkggzip.py
file path=$(PYDIRVP)/pkg/pkgsubprocess.py
file path=$(PYDIRVP)/pkg/pkgtarfile.py
@@ -189,6 +190,7 @@
file path=$(PYDIRVP)/pkg/server/query_parser.py
file path=$(PYDIRVP)/pkg/server/repository.py
file path=$(PYDIRVP)/pkg/server/transaction.py
+file path=$(PYDIRVP)/pkg/smf.py
file path=$(PYDIRVP)/pkg/solver.so
file path=$(PYDIRVP)/pkg/sysvpkg.py
file path=$(PYDIRVP)/pkg/updatelog.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/pkg/manifests/package%2Fsysrepo.p5m Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,64 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+#
+set name=pkg.fmri value=pkg:/package/sysrepo@$(PKGVERS)
+set name=pkg.description \
+ value="A service that provides a publisher proxy to pkg(5) clients."
+set name=pkg.summary value="IPS System Repository"
+set name=info.classification \
+ value=org.opensolaris.category.2008:System/Packaging
+set name=opensolaris.smf.fmri value=svc:/system/pkg/sysrepo:default
+set name=variant.arch value=$(ARCH)
+dir path=etc
+dir path=etc/pkg
+dir path=etc/pkg/sysrepo
+dir path=lib
+dir path=lib/svc
+dir path=lib/svc/manifest
+dir path=lib/svc/manifest/system
+dir path=usr
+dir path=usr/lib
+dir path=usr/share/man/cat1m
+file path=usr/share/man/cat1m/pkg.sysrepo.1m
+dir path=var
+dir path=var/cache
+dir path=var/cache/pkg owner=pkg5srv
+dir path=var/cache/pkg/sysrepo owner=pkg5srv
+dir path=var/log
+dir path=var/log/pkg
+dir path=var/log/pkg/sysrepo
+file path=lib/svc/manifest/system/pkg-sysrepo.xml
+file path=lib/svc/method/svc-pkg-sysrepo
+file path=usr/lib/pkg.sysrepo mode=0755
+file path=etc/pkg/sysrepo/sysrepo_httpd.conf.mako
+file path=etc/pkg/sysrepo/sysrepo_publisher_response.mako
+# we deliver 0-byte log file stubs
+file path=var/log/pkg/sysrepo/access_log preserve=renamenew
+file path=var/log/pkg/sysrepo/error_log preserve=renamenew
+license cr_Oracle license=cr_Oracle
+# manual dependencies on pkg and python can be detected by
+# pkgdepend once in use on our gate. The manual dependency
+# on apache results from our calling apachectl from our
+# method script, and can't be detected by pkgdepend.
+depend fmri=package/pkg type=require
+depend fmri=runtime/[email protected] type=require
+depend fmri=web/server/apache-22 type=require
--- a/src/pkg/manifests/system%2Fzones%2Fbrand%2Fipkg.p5m Wed Apr 27 16:39:43 2011 -0700
+++ b/src/pkg/manifests/system%2Fzones%2Fbrand%2Fipkg.p5m Wed Apr 27 20:30:32 2011 -0700
@@ -41,10 +41,12 @@
dir path=usr/lib/brand
dir path=usr/lib/brand/ipkg
file path=usr/lib/brand/ipkg/attach mode=0755
+file path=usr/lib/brand/ipkg/boot mode=0755
file path=usr/lib/brand/ipkg/clone mode=0755
file path=usr/lib/brand/ipkg/common.ksh
file path=usr/lib/brand/ipkg/detach mode=0755
file path=usr/lib/brand/ipkg/fmri_compare mode=0755
+file path=usr/lib/brand/ipkg/halt mode=0755
file path=usr/lib/brand/ipkg/image_install mode=0755
file path=usr/lib/brand/ipkg/p2v mode=0755
file path=usr/lib/brand/ipkg/pkgcreatezone mode=0755
--- a/src/pkg/pkglint_whitelist.txt Wed Apr 27 16:39:43 2011 -0700
+++ b/src/pkg/pkglint_whitelist.txt Wed Apr 27 20:30:32 2011 -0700
@@ -1,5 +1,5 @@
WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/SUNWcs for pkg://pkg5-nightly/package/pkg
-WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/SUNWcs for pkg://pkg5-nightly/package/pkg/update-manager
+WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/SUNWcs for pkg://pkg5-nightly/system/desktop/ldtp
WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/SUNWcs for pkg://pkg5-nightly/system/zones/brand/ipkg
WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/archiver/gnu-tar for pkg://pkg5-nightly/package/pkg/update-manager
WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/communication/im/pidgin for pkg://pkg5-nightly/system/trusted/trusted-nonglobal
@@ -94,6 +94,7 @@
WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/text/gnu-grep for pkg://pkg5-nightly/package/pkg/update-manager
WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/text/tidy for pkg://pkg5-nightly/developer/opensolaris/pkg5
WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/web/curl for pkg://pkg5-nightly/library/python-2/pycurl
+WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/web/server/apache-22 for pkg://pkg5-nightly/package/sysrepo
WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/web/wget for pkg://pkg5-nightly/package/pkg/update-manager
WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/x11/library/libx11 for pkg://pkg5-nightly/developer/opensolaris/pkg5
WARNING pkglint.action005.1 obsolete dependency check skipped: unable to find dependency pkg:/x11/trusted/libxtsol for pkg://pkg5-nightly/system/trusted/trusted-nonglobal
--- a/src/pkg/transforms/defaults Wed Apr 27 16:39:43 2011 -0700
+++ b/src/pkg/transforms/defaults Wed Apr 27 20:30:32 2011 -0700
@@ -23,7 +23,9 @@
# Set some specific permissions
<transform dir path=(etc|usr|var)$ -> set group sys>
-<transform dir path=etc/(brand|gconf|zones)$ -> set group sys>
+<transform dir path=etc/(brand|gconf|pkg|zones)$ -> set group sys>
+<transform dir path=var/log$ -> set group sys>
+<transform dir path=var/cache$ -> set group bin>
<transform dir file path=etc/gconf/schemas -> set group sys>
<transform dir file path=etc/(security|xdg) -> set group sys>
<transform dir path=usr/share$ -> set group sys>
--- a/src/pkgdep.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/pkgdep.py Wed Apr 27 20:30:32 2011 -0700
@@ -41,7 +41,7 @@
import pkg.publish.dependencies as dependencies
from pkg.misc import msg, emsg, PipeError
-CLIENT_API_VERSION = 56
+CLIENT_API_VERSION = 57
PKG_CLIENT_NAME = "pkgdepend"
DEFAULT_SUFFIX = ".res"
--- a/src/pkgrepo.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/pkgrepo.py Wed Apr 27 20:30:32 2011 -0700
@@ -21,7 +21,7 @@
#
#
-# Copyright (c) 2010, 2011 Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
#
PKG_CLIENT_NAME = "pkgrepo"
@@ -646,7 +646,7 @@
},
}
- pub_repo = pub.selected_repository
+ pub_repo = pub.repository
if pub_repo:
pub_idx[pub.prefix]["repository"] = {
"collection-type": pub_repo.collection_type,
@@ -1067,10 +1067,10 @@
if sname == "publisher":
target = pub
elif sname == "repository":
- target = pub.selected_repository
+ target = pub.repository
if not target:
target = publisher.Repository()
- pub.repositories.append(target)
+ pub.repository = target
for pname, val in sprops.iteritems():
attrname = pname.replace("-", "_")
--- a/src/pull.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/pull.py Wed Apr 27 20:30:32 2011 -0700
@@ -337,7 +337,7 @@
"""Fetch the catalog from src_uri."""
global complete_catalog
- src_uri = src_pub.selected_repository.origins[0].uri
+ src_uri = src_pub.repository.origins[0].uri
tracker.catalog_start(src_uri)
if not src_pub.meta_root:
--- a/src/setup.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/setup.py Wed Apr 27 20:30:32 2011 -0700
@@ -178,12 +178,17 @@
man1m_dir = 'usr/share/man/cat1m'
man5_dir = 'usr/share/man/cat5'
resource_dir = 'usr/share/lib/pkg'
-smf_dir = 'lib/svc/manifest/application'
+smf_app_dir = 'lib/svc/manifest/application'
+smf_sys_dir = 'lib/svc/manifest/system'
zones_dir = 'etc/zones'
etcbrand_dir = 'etc/brand/ipkg'
brand_dir = 'usr/lib/brand/ipkg'
execattrd_dir = 'etc/security/exec_attr.d'
authattrd_dir = 'etc/security/auth_attr.d'
+sysrepo_dir = 'etc/pkg/sysrepo'
+sysrepo_logs_dir = 'var/log/pkg/sysrepo'
+sysrepo_cache_dir = 'var/cache/pkg/sysrepo'
+
# A list of source, destination tuples of modules which should be hardlinked
# together if the os supports it and otherwise copied.
@@ -210,10 +215,12 @@
['checkforupdates.py', 'pm-checkforupdates'],
['updatemanagernotifier.py', 'updatemanagernotifier'],
['launch.py', 'pm-launch'],
+ ['sysrepo.py', 'pkg.sysrepo'],
],
svc_method_dir: [
['svc/svc-pkg-depot', 'svc-pkg-depot'],
['svc/svc-pkg-mdns', 'svc-pkg-mdns'],
+ ['svc/svc-pkg-sysrepo', 'svc-pkg-sysrepo'],
],
}
@@ -278,7 +285,8 @@
'man/pm-updatemanager.1',
]
man1m_files = [
- 'man/pkg.depotd.1m'
+ 'man/pkg.depotd.1m',
+ 'man/pkg.sysrepo.1m'
]
man5_files = [
'man/pkg.5'
@@ -324,15 +332,26 @@
'brand/pkgrm.conf',
'brand/smf_disable.conf',
]
-smf_files = [
+smf_app_files = [
'svc/pkg-mdns.xml',
'svc/pkg-server.xml',
'svc/pkg-update.xml',
]
+smf_sys_files = [
+ 'svc/pkg-sysrepo.xml',
+ ]
resource_files = [
'util/opensolaris.org.sections',
'util/pkglintrc',
]
+sysrepo_files = [
+ 'util/apache2/sysrepo/sysrepo_httpd.conf.mako',
+ 'util/apache2/sysrepo/sysrepo_publisher_response.mako',
+ ]
+sysrepo_log_stubs = [
+ 'util/apache2/sysrepo/logs/access_log',
+ 'util/apache2/sysrepo/logs/error_log',
+ ]
execattrd_files = ['util/misc/exec_attr.d/SUNWipkg']
authattrd_files = ['util/misc/auth_attr.d/SUNWipkg']
pspawn_srcs = [
@@ -907,9 +926,13 @@
(zones_dir, zones_files),
(brand_dir, brand_files),
(etcbrand_dir, etcbrand_files),
- (smf_dir, smf_files),
+ (smf_app_dir, smf_app_files),
+ (smf_sys_dir, smf_sys_files),
(execattrd_dir, execattrd_files),
(authattrd_dir, authattrd_files),
+ (sysrepo_dir, sysrepo_files),
+ (sysrepo_logs_dir, sysrepo_log_stubs),
+ (sysrepo_cache_dir, {})
]
if osname == 'sunos' or osname == "linux":
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/svc/pkg-sysrepo.xml Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,156 @@
+<?xml version="1.0"?>
+<!--
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+ Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+
+ NOTE: This service manifest is not editable; its contents will
+ be overwritten by package or patch operations, including
+ operating system upgrade. Make customizations in a different
+ file.
+-->
+
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+
+<service_bundle type='manifest' name='pkg:sysrepo'>
+
+<service
+ name='system/pkg/sysrepo'
+ type='service'
+ version='1'>
+
+ <instance name='default' enabled='false'>
+ <!--
+ Wait for network interfaces to be initialized.
+ -->
+ <dependency name='network'
+ grouping='require_all'
+ restart_on='error'
+ type='service'>
+ <service_fmri value='svc:/milestone/network:default'/>
+ </dependency>
+
+ <!--
+ Wait for all local filesystems to be mounted.
+ -->
+ <dependency name='filesystem-local'
+ grouping='require_all'
+ restart_on='none'
+ type='service'>
+ <service_fmri
+ value='svc:/system/filesystem/local:default'/>
+ </dependency>
+
+ <!--
+ Wait for automounting to be available, as we may be
+ serving data from home directories or other remote
+ filesystems.
+ -->
+ <dependency name='autofs'
+ grouping='optional_all'
+ restart_on='error'
+ type='service'>
+ <service_fmri
+ value='svc:/system/filesystem/autofs:default'/>
+ </dependency>
+
+ <exec_method
+ type='method'
+ name='start'
+ exec='/lib/svc/method/svc-pkg-sysrepo start'
+ timeout_seconds='60' />
+
+ <exec_method
+ type='method'
+ name='stop'
+ exec='/lib/svc/method/svc-pkg-sysrepo stop'
+ timeout_seconds='60' />
+
+ <exec_method
+ type='method'
+ name='refresh'
+ exec='/lib/svc/method/svc-pkg-sysrepo refresh'
+ timeout_seconds='60' />
+
+ <property_group name='config' type='application'>
+ <stability value='Evolving' />
+ <!-- The port we listen on -->
+ <propval name='port' type='count' value='1008' />
+ <!-- The host we're running on -->
+ <propval name='host' type='astring' value='127.0.0.1' />
+ <!-- Where we store apache logs -->
+ <propval name='log_dir' type='astring'
+ value='/var/log/pkg/sysrepo' />
+ <!-- Where we store runtime versions of our
+ configuration -->
+ <propval name='runtime_dir' type='astring'
+ value='/system/volatile/pkg/sysrepo' />
+ <!-- Where we store our Mako templates for generating
+ runtime configuration -->
+ <propval name='template_dir' type='astring'
+ value='/etc/pkg/sysrepo' />
+ <!-- Where we store our sysrepo apache cache
+ If cache_dir is set to the special value "None" then we
+ do not perform caching. If cache_dir is set to the
+ special value "memory" we use an in-memory cache.
+ -->
+ <propval name='cache_dir' type='astring'
+ value='/var/cache/pkg/sysrepo' />
+ <!-- Our maximum cache size, expressed in MB -->
+ <propval name='cache_max' type='count' value='1024' />
+
+ <propval name='value_authorization' type='astring'
+ value='solaris.smf.value.pkg-sysrepo' />
+ </property_group>
+
+ <property_group name='general' type='framework'>
+ <propval name='action_authorization'
+ type='astring'
+ value='solaris.smf.manage.pkg-sysrepo' />
+ <propval name='value_authorization'
+ type='astring'
+ value='solaris.smf.value.pkg-sysrepo' />
+ </property_group>
+
+ <property_group name='startd' type='framework'>
+ <!-- sub-process core dumps shouldn't restart
+ session -->
+ <propval name='ignore_error' type='astring'
+ value='core,signal' />
+ </property_group>
+
+ <template>
+ <common_name>
+ <loctext xml:lang='C'>
+ IPS System Repository
+ </loctext>
+ </common_name>
+ <documentation>
+ <manpage title='pkg.sysrepo' section='1M' />
+ </documentation>
+ </template>
+
+ </instance>
+
+ <stability value='Evolving' />
+
+</service>
+
+</service_bundle>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/svc/svc-pkg-sysrepo Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,161 @@
+#!/sbin/sh
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+. /lib/svc/share/smf_include.sh
+
+APACHE_HOME=/usr/apache2/2.2
+APACHE_ETC_ROOT=/etc/pkg/sysrepo
+APACHE_BIN=${APACHE_HOME}/bin/64
+HTTPD=${APACHE_BIN}/httpd
+LD_LIBRARY_PATH=${APACHE_HOME}/lib/64:${LD_LIBRARY_PATH}
+export LD_LIBRARY_PATH
+
+getprop() {
+ PROPVAL=""
+ svcprop -q -p $1 ${SMF_FMRI}
+ if [ $? -eq 0 ] ; then
+ PROPVAL=`svcprop -p $1 ${SMF_FMRI}`
+ if [ "${PROPVAL}" = "\"\"" ] ; then
+ PROPVAL=""
+ fi
+ return
+ fi
+ return
+}
+
+check_failure() {
+ RESULT=$1
+ MESSAGE=$2
+ if [ $RESULT -ne 0 ]; then
+ echo $MESSAGE
+ exit $SMF_EXIT_ERR_FATAL
+ fi
+}
+
+run_sysrepo() {
+ /usr/lib/pkg.sysrepo \
+ -R / \
+ -c ${SYSREPO_CACHE_DIR} \
+ -h ${SYSREPO_HOST} \
+ -l ${SYSREPO_LOG_DIR} \
+ -p ${SYSREPO_PORT} \
+ -r ${SYSREPO_RUNTIME_DIR} \
+ -s ${SYSREPO_CACHE_MAX} \
+ -t ${SYSREPO_TEMPLATE_DIR}
+ check_failure $? "pkg.sysrepo failed to create Apache configuration"
+}
+
+run_htcacheclean() {
+ if [ "${SYSREPO_CACHE_DIR}" != "None" ] && \
+ [ "${SYSREPO_CACHE_DIR}" != "memory" ]; then
+ # Start a cache cleaning daemon, scanning every 120 minutes,
+ # being intelligent about only running if the cache has changed,
+ # limiting the cache to ${SYSREPO_CACHE_MAX} megabytes, being
+ # nice about scheduling and removing empty directories if
+ # necessary.
+ /usr/bin/su pkg5srv -c "/usr/apache2/2.2/bin/htcacheclean \
+ -d120 -i -l ${SYSREPO_CACHE_MAX}M -n \
+ -p ${SYSREPO_CACHE_DIR} \
+ -P ${SYSREPO_CACHE_DIR}/../sysrepo_htcacheclean.pid \
+ -t"
+ check_failure $? "htcacheclean failed to run cleanly"
+ fi
+}
+
+kill_htcacheclean() {
+ if [ -f ${SYSREPO_CACHE_DIR}/../sysrepo_htcacheclean.pid ]; then
+ PID=$(< ${SYSREPO_CACHE_DIR}/../sysrepo_htcacheclean.pid)
+ /usr/bin/kill -TERM $PID
+ check_failure $? "failed to kill htcacheclean process $PID"
+ fi
+}
+
+getprop config/host
+if [ "${PROPVAL}" != "" ] ; then
+ SYSREPO_HOST=${PROPVAL}
+fi
+
+getprop config/port
+if [ "${PROPVAL}" != "" ] ; then
+ SYSREPO_PORT=${PROPVAL}
+fi
+
+getprop config/log_dir
+if [ "${PROPVAL}" != "" ] ; then
+ SYSREPO_LOG_DIR=${PROPVAL}
+fi
+
+getprop config/template_dir
+if [ "${PROPVAL}" != "" ] ; then
+ SYSREPO_TEMPLATE_DIR=${PROPVAL}
+fi
+
+getprop config/runtime_dir
+if [ "${PROPVAL}" != "" ] ; then
+ SYSREPO_RUNTIME_DIR=${PROPVAL}
+fi
+
+getprop config/cache_dir
+if [ "${PROPVAL}" != "" ] ; then
+ SYSREPO_CACHE_DIR=${PROPVAL}
+fi
+
+getprop config/cache_max
+if [ "${PROPVAL}" != "" ] ; then
+ SYSREPO_CACHE_MAX=${PROPVAL}
+fi
+
+case "$1" in
+"start")
+ cmd="start"
+ run_sysrepo
+ run_htcacheclean
+ ${HTTPD} -f ${SYSREPO_RUNTIME_DIR}/sysrepo_httpd.conf \
+ ${STARTUP_OPTIONS} -k ${cmd} 2>&1
+ check_failure $? "Server failed to start. Check the SMF service log or the error log at ${SYSREPO_LOG_DIR}/error_log for more information, if any."
+ ;;
+"refresh")
+ cmd="graceful"
+ run_sysrepo
+ kill_htcacheclean
+ run_htcacheclean
+ ${HTTPD} -f ${SYSREPO_RUNTIME_DIR}/sysrepo_httpd.conf \
+ ${STARTUP_OPTIONS} -k ${cmd} 2>&1
+ check_failure $? "Server failed to refresh. Check the SMF service log or the error log at ${SYSREPO_LOG_DIR}/error_log for more information, if any."
+ ;;
+"stop")
+ cmd="stop"
+ kill_htcacheclean
+ ${HTTPD} -f ${SYSREPO_RUNTIME_DIR}/sysrepo_httpd.conf \
+ ${STARTUP_OPTIONS} -k ${cmd} 2>&1
+ check_failure $? "Server failed to stop. Check the SMF service log or the error log at ${SYSREPO_LOG_DIR}/error_log for more information, if any."
+ ;;
+*)
+ echo "Usage: $0 {start|stop|refresh}"
+ exit $SMF_EXIT_ERR_CONFIG
+ ;;
+esac
+
+exit $SMF_EXIT_OK
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/sysrepo.py Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,599 @@
+#!/usr/bin/python2.6
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+
+import atexit
+import errno
+import getopt
+import gettext
+import hashlib
+import locale
+import logging
+import os
+import shutil
+import socket
+import sys
+import traceback
+import urllib2
+import warnings
+
+from mako.template import Template
+
+from pkg.client import global_settings
+from pkg.misc import msg, PipeError
+
+import pkg
+import pkg.catalog
+import pkg.client.api
+import pkg.client.progress as progress
+import pkg.client.api_errors as apx
+import pkg.misc as misc
+import pkg.portable as portable
+
+logger = global_settings.logger
+orig_cwd = None
+
+PKG_CLIENT_NAME = "pkg.sysrepo"
+CLIENT_API_VERSION = 57
+pkg.client.global_settings.client_name = PKG_CLIENT_NAME
+
+# exit codes
+EXIT_OK = 0
+EXIT_OOPS = 1
+EXIT_BADOPT = 2
+
+#
+# This is a simple python script, run from the method script that starts
+# svc:/system/pkg/sysrepo:default.
+#
+# It writes an Apache configuration that is used to serve responses to pkg
+# clients querying the system repository, as well as providing http/https proxy
+# services to those clients, accessing external repositories.
+# file:// repositories on the system running the system repository are also
+# exposed to pkg clients, via Alias directives.
+#
+# See src/util/apache2/sysrepo/*.mako for the templates used to create the
+# Apache configuration.
+#
+# The following filesystem locations are used:
+#
+# variable default install path description
+# --------- --------------------- ------------
+# runtime_dir system/volatile/pkg/sysrepo runtime .conf, htdocs, pid files
+# template_dir etc/pkg/sysrepo mako templates
+# log_dir var/log/pkg/sysrepo log files
+# cache_dir var/cache/pkg/sysrepo apache proxy cache
+#
+# all of the above can be modified with command line arguments.
+#
+
+SYSREPO_CRYPTO_FILENAME = "crypto.txt"
+SYSREPO_HTTP_TEMPLATE = "sysrepo_httpd.conf.mako"
+SYSREPO_HTTP_FILENAME = "sysrepo_httpd.conf"
+
+SYSREPO_PUB_TEMPLATE = "sysrepo_publisher_response.mako"
+SYSREPO_PUB_FILENAME = "index.html"
+
+SYSREPO_HTDOCS_DIRNAME = "htdocs"
+
+SYSREPO_VERSIONS_DIRNAME = ["versions", "0"]
+SYSREPO_SYSPUB_DIRNAME = ["syspub", "0"]
+SYSREPO_PUB_DIRNAME = ["publisher", "0"]
+
+# static string with our versions response
+SYSREPO_VERSIONS_STR = """\
+pkg-server %s
+publisher 0
+versions 0
+catalog 1
+file 1
+syspub 0
+manifest 0
+""" % pkg.VERSION
+
+SYSREPO_USER = "pkg5srv"
+SYSREPO_GROUP = "pkg5srv"
+
+class SysrepoException(Exception):
+ def __unicode__(self):
+ # To workaround python issues 6108 and 2517, this provides a
+ # a standard wrapper for this class' exceptions so that they
+ # have a chance of being stringified correctly.
+ return str(self)
+
[email protected]
+def cleanup():
+ """To be called at program finish."""
+ pass
+
+def error(text, cmd=None):
+ """Emit an error message prefixed by the command name """
+
+ if cmd:
+ text = "%s: %s" % (cmd, text)
+ pkg_cmd = "pkg.sysrepo "
+ else:
+ pkg_cmd = "pkg.sysrepo: "
+
+ # If we get passed something like an Exception, we can convert
+ # it down to a string.
+ text = str(text)
+
+ # If the message starts with whitespace, assume that it should come
+ # *before* the command-name prefix.
+ text_nows = text.lstrip()
+ ws = text[:len(text) - len(text_nows)]
+
+ # This has to be a constant value as we can't reliably get our actual
+ # program name on all platforms.
+ logger.error(ws + pkg_cmd + text_nows)
+
+def usage(usage_error=None, cmd=None, retcode=EXIT_BADOPT):
+ """Emit a usage message and optionally prefix it with a more
+ specific error message. Causes program to exit.
+ """
+
+ if usage_error:
+ error(usage_error, cmd=cmd)
+
+ msg(_("""\
+Usage:
+ pkg.sysrepo -p <port> [-R image_root] [ -c cache_dir] [-h hostname] [-l logs_dir]
+ [-r runtime_dir] [-s cache_size] [-t template_dir]
+ """))
+ sys.exit(retcode)
+
+def _get_image(image_dir):
+ """Return a pkg.client.api.ImageInterface for the provided
+ image directory."""
+
+ cdir = os.getcwd()
+ if not image_dir:
+ image_dir = "/"
+ api_inst = None
+ tracker = progress.QuietProgressTracker()
+ try:
+ api_inst = pkg.client.api.ImageInterface(
+ image_dir, CLIENT_API_VERSION,
+ tracker, None, PKG_CLIENT_NAME)
+
+ if api_inst.root != image_dir:
+ print "Problem getting image at %s" % image_dir
+ except Exception, err:
+ raise SysrepoException(
+ _("Unable to get image at %(dir)s: %(reason)s") %
+ {"dir": image_dir,
+ "reason": str(err)})
+
+ # restore the current directory, which ImageInterace had changed
+ os.chdir(cdir)
+ return api_inst
+
+def _get_publisher_info(api_inst):
+ """Returns information about the publishers configured for the given
+ ImageInterface"""
+
+ # build a map of URI to (pub.prefix, cert, key, hash) tuples
+ uri_pub_map = {}
+
+ for pub in api_inst.get_publishers():
+ if pub.disabled:
+ continue
+
+ prefix = pub.prefix
+ repo = pub.repository
+ for repo_uri in repo.mirrors + repo.origins:
+ uri = repo_uri.uri.rstrip("/")
+ # we don't support p5p archives, only directory-based
+ # repositories. We also don't support file repositories
+ # of < version 4.
+ if uri.startswith("file:/"):
+ urlresult = urllib2.urlparse.urlparse(uri)
+ if not os.path.isdir(urlresult.path):
+ error(_("p5p-based file repository %s "
+ "cannot be proxied.") % uri)
+ continue
+ if not os.path.exists(os.path.join(
+ urlresult.path, "pkg5.repository")):
+ error(_("unable to proxy file "
+ "repository %s: only file "
+ "repositories of version 4 or "
+ "later are supported.") % uri)
+ continue
+
+ hash = _uri_hash(uri)
+ cert = repo_uri.ssl_cert
+ key = repo_uri.ssl_key
+ if uri in uri_pub_map:
+ uri_pub_map[uri].append((prefix, cert, key,
+ hash))
+ else:
+ uri_pub_map[uri] = [(prefix, cert, key, hash)]
+ return uri_pub_map
+
+def _write_httpd_conf(runtime_dir, log_dir, template_dir, host, port, cache_dir,
+ cache_size, uri_pub_map):
+ """Writes the apache configuration for the system repository."""
+
+ try:
+ # check our hostname
+ socket.gethostbyname(host)
+
+ # check our directories
+ dirs = [runtime_dir, log_dir]
+ if cache_dir not in ["None", "memory"]:
+ dirs.append(cache_dir)
+ for dir in dirs + [template_dir]:
+ if os.path.exists(dir) and not os.path.isdir(dir):
+ raise SysrepoException(
+ _("%s is not a directory") % dir)
+ for dir in dirs:
+ try:
+ os.makedirs(dir, 0700)
+ except OSError, err:
+ if err.errno != errno.EEXIST:
+ raise
+
+ # check our port
+ try:
+ num = int(port)
+ if num <= 0 or num >= 65635:
+ raise SysrepoException(_("invalid port: %s") %
+ port)
+ except ValueError:
+ raise SysrepoException(_("invalid port: %s") % port)
+
+ # check our cache size
+ try:
+ num = int(cache_size)
+ if num <= 0 or num >= 65635:
+ raise SysrepoException(_("invalid cache size: "
+ "%s") % num)
+ except ValueError:
+ raise SysrepoException(_("invalid cache size: %s") %
+ cache_size)
+
+ httpd_conf_template_path = os.path.join(template_dir,
+ SYSREPO_HTTP_TEMPLATE)
+ httpd_conf_template = Template(
+ filename=httpd_conf_template_path)
+
+ # our template expects cache size expressed in Kb
+ httpd_conf_text = httpd_conf_template.render(
+ sysrepo_log_dir=log_dir,
+ sysrepo_runtime_dir=runtime_dir,
+ uri_pub_map=uri_pub_map,
+ ipv6_addr="::1",
+ host=host,
+ port=port,
+ cache_dir=cache_dir,
+ cache_size=int(cache_size) * 1024)
+ httpd_conf_path = os.path.join(runtime_dir,
+ SYSREPO_HTTP_FILENAME)
+ httpd_conf_file = file(httpd_conf_path, "w")
+ httpd_conf_file.write(httpd_conf_text)
+ httpd_conf_file.close()
+ except socket.gaierror, err:
+ raise SysrepoException(
+ _("Unable to write sysrepo_httpd.conf: %(host)s: "
+ "%(err)s") % locals())
+ except (OSError, IOError), err:
+ raise SysrepoException(
+ _("Unable to write sysrepo_httpd.conf: %s") % err)
+
+def _write_crypto_conf(runtime_dir, uri_pub_map):
+ """Writes the crypto.txt file, containing keys and certificates
+ in order for the system repository to proxy to https repositories."""
+
+ try:
+ crypto_path = os.path.join(runtime_dir, SYSREPO_CRYPTO_FILENAME)
+ file(crypto_path, "w").close()
+ os.chmod(crypto_path, 0600)
+ written_crypto_content = False
+
+ for repo_list in uri_pub_map.values():
+ for (pub, cert_path, key_path, hash) in repo_list:
+ if cert_path and key_path:
+ crypto_file = file(crypto_path, "a")
+ crypto_file.writelines(file(cert_path))
+ crypto_file.writelines(file(key_path))
+ crypto_file.close()
+ written_crypto_content = True
+
+ # Apache needs us to have some content in this file
+ if not written_crypto_content:
+ crypto_file = file(crypto_path, "w")
+ crypto_file.write(
+ "# this space intentionally left blank\n")
+ crypto_file.close()
+ os.chmod(crypto_path, 0400)
+ except OSError, err:
+ raise SysrepoException(
+ _("unable to write crypto.txt file: %s") % err)
+
+def _write_publisher_response(uri_pub_map, htdocs_path, template_dir):
+ """Writes static html for all file-repository-based publishers that
+ is served as their publisher/0 responses. Responses for
+ non-file-based publishers are handled by rewrite rules in our
+ Apache configuration."""
+
+ try:
+ # build a version of our uri_pub_map, keyed by publisher
+ pub_uri_map = {}
+ for uri in uri_pub_map:
+ for (pub, key, cert, hash) in uri_pub_map[uri]:
+ if pub not in pub_uri_map:
+ pub_uri_map[pub] = []
+ pub_uri_map[pub].append((uri, key, cert, hash))
+
+ publisher_template_path = os.path.join(template_dir,
+ SYSREPO_PUB_TEMPLATE)
+ publisher_template = Template(filename=publisher_template_path)
+
+ for pub in pub_uri_map:
+ for (uri, cert_path, key_path, hash) in \
+ pub_uri_map[pub]:
+ if uri.startswith("file://"):
+ publisher_text = \
+ publisher_template.render(
+ uri=uri, pub=pub)
+ publisher_path = os.path.sep.join(
+ [htdocs_path, pub, hash] +
+ SYSREPO_PUB_DIRNAME)
+ os.makedirs(publisher_path)
+ publisher_file = file(
+ os.path.sep.join([publisher_path,
+ SYSREPO_PUB_FILENAME]), "w")
+ publisher_file.write(publisher_text)
+ publisher_file.close()
+ except OSError, err:
+ raise SysrepoException(
+ _("unable to write publisher response: %s") % err)
+
+def _write_versions_response(htdocs_path):
+ """Writes a static versions/0 response for the system repository."""
+
+ try:
+ versions_path = os.path.join(htdocs_path,
+ os.path.sep.join(SYSREPO_VERSIONS_DIRNAME))
+ os.makedirs(versions_path)
+
+ versions_file = file(os.path.join(versions_path, "index.html"),
+ "w")
+ versions_file.write(SYSREPO_VERSIONS_STR)
+ versions_file.close()
+ except OSError, err:
+ raise SysrepoException(
+ _("Unable to write versions response: %s") % err)
+
+def _write_sysrepo_response(api_inst, htdocs_path, uri_pub_map):
+ """Writes a static syspub/0 response for the system repository."""
+
+ try:
+ sysrepo_path = os.path.join(htdocs_path,
+ os.path.sep.join(SYSREPO_SYSPUB_DIRNAME))
+ os.makedirs(sysrepo_path)
+ pub_prefixes = [
+ info[0]
+ for uri in uri_pub_map.keys()
+ for info in uri_pub_map[uri]
+ ]
+ api_inst.write_syspub(os.path.join(sysrepo_path, "index.html"),
+ pub_prefixes, 0)
+ except (OSError, apx.ApiException), err:
+ raise SysrepoException(
+ _("Unable to write syspub response: %s") % err)
+
+def _uri_hash(uri):
+ """Returns a string hash of the given URI"""
+ return hashlib.sha1(uri).hexdigest()
+
+def _chown_runtime_dir(runtime_dir):
+ """Change the ownership of all files under runtime_dir to our sysrepo
+ user/group"""
+
+ uid = portable.get_user_by_name(SYSREPO_USER, None, False)
+ gid = portable.get_group_by_name(SYSREPO_GROUP, None, False)
+ try:
+ misc.recursive_chown_dir(runtime_dir, uid, gid)
+ except OSError, err:
+ if not os.environ.get("PKG5_TEST_ENV", None):
+ raise SysrepoException(
+ _("Unable to chown to %(user)s:%(group)s: "
+ "%(err)s") %
+ {"user": SYSREPO_USER, "group": SYSREPO_GROUP,
+ "err": err})
+
+def cleanup_conf(runtime_dir=None):
+ """Destroys an old configuration."""
+ try:
+ shutil.rmtree(runtime_dir, ignore_errors=True)
+ except OSError, err:
+ raise SysrepoException(
+ _("Unable to cleanup old configuration: %s") % err)
+
+def refresh_conf(image_root="/", port=None, runtime_dir=None,
+ log_dir=None, template_dir=None, host="127.0.0.1", cache_dir=None,
+ cache_size=1024):
+ """Creates a new configuration for the system repository.
+ That is, it copies /var/pkg/pkg5.image file the htdocs
+ directory and creates an apache .conf file.
+
+ TODO: a way to map only given zones to given publishers
+ """
+ try:
+ ret = EXIT_OK
+ cleanup_conf(runtime_dir=runtime_dir)
+ try:
+ api_inst = _get_image(image_root)
+ uri_pub_map = _get_publisher_info(api_inst)
+ except SysrepoException, err:
+ raise SysrepoException(
+ _("unable to get publisher information: %s") %
+ err)
+ try:
+ htdocs_path = os.path.join(runtime_dir,
+ SYSREPO_HTDOCS_DIRNAME)
+ os.makedirs(htdocs_path)
+ except OSError, err:
+ raise SysrepoException(
+ _("unable to create htdocs dir: %s") % err)
+
+ _write_httpd_conf(runtime_dir, log_dir, template_dir, host,
+ port, cache_dir, cache_size, uri_pub_map)
+ _write_crypto_conf(runtime_dir, uri_pub_map)
+ _write_publisher_response(uri_pub_map, htdocs_path,
+ template_dir)
+ _write_versions_response(htdocs_path)
+ _write_sysrepo_response(api_inst, htdocs_path, uri_pub_map)
+ _chown_runtime_dir(runtime_dir)
+ except SysrepoException, err:
+ error(err)
+ ret = EXIT_OOPS
+ return ret
+
+def main_func():
+ global_settings.client_name = PKG_CLIENT_NAME
+
+ global orig_cwd
+
+ try:
+ orig_cwd = os.getcwd()
+ except OSError, e:
+ try:
+ orig_cwd = os.environ["PWD"]
+ if not orig_cwd or orig_cwd[0] != "/":
+ orig_cwd = None
+ except KeyError:
+ orig_cwd = None
+
+ # some sensible defaults
+ host = "127.0.0.1"
+ port = None
+ # an empty image_root means we don't get '//' in the below
+ # _get_image() deals with "" in a sane manner.
+ image_root = ""
+ cache_dir = "%s/var/cache/pkg/sysrepo" % image_root
+ cache_size = "1024"
+ template_dir = "%s/etc/pkg/sysrepo" % image_root
+ runtime_dir = "%s/var/run/pkg/sysrepo" % image_root
+ log_dir = "%s/var/log/pkg/sysrepo" % image_root
+
+ try:
+ opts, pargs = getopt.getopt(sys.argv[1:], "c:h:l:p:r:R:s:t:?",
+ ["help"])
+ for opt, arg in opts:
+ if opt == "-c":
+ cache_dir = arg
+ elif opt == "-h":
+ host = arg
+ elif opt == "-l":
+ log_dir = arg
+ elif opt == "-p":
+ port = arg
+ elif opt == "-r":
+ runtime_dir = arg
+ elif opt == "-R":
+ image_root = arg
+ elif opt == "-s":
+ cache_size = arg
+ elif opt == "-t":
+ template_dir = arg
+ else:
+ usage()
+
+ except getopt.GetoptError, e:
+ usage(_("illegal global option -- %s") % e.opt)
+
+ if not port:
+ usage(_("required port option missing."))
+
+ ret = refresh_conf(image_root=image_root, log_dir=log_dir,
+ host=host, port=port, runtime_dir=runtime_dir,
+ template_dir=template_dir, cache_dir=cache_dir,
+ cache_size=cache_size)
+ return ret
+
+#
+# Establish a specific exit status which means: "python barfed an exception"
+# so that we can more easily detect these in testing of the CLI commands.
+#
+def handle_errors(func, *args, **kwargs):
+ """Catch exceptions raised by the main program function and then print
+ a message and/or exit with an appropriate return code.
+ """
+
+ traceback_str = _("""\n
+This is an internal error in pkg(5) version %(version)s. Please let the
+developers know about this problem by including the information above (and
+this message) when filing a bug at:
+
+%(bug_uri)s""") % { "version": pkg.VERSION, "bug_uri": misc.BUG_URI_CLI }
+
+ try:
+ # Out of memory errors can be raised as EnvironmentErrors with
+ # an errno of ENOMEM, so in order to handle those exceptions
+ # with other errnos, we nest this try block and have the outer
+ # one handle the other instances.
+ try:
+ __ret = func(*args, **kwargs)
+ except (MemoryError, EnvironmentError), __e:
+ if isinstance(__e, EnvironmentError) and \
+ __e.errno != errno.ENOMEM:
+ raise
+ error("\n" + misc.out_of_memory())
+ __ret = EXIT_OOPS
+ except SystemExit, __e:
+ raise __e
+ except (PipeError, KeyboardInterrupt):
+ # Don't display any messages here to prevent possible further
+ # broken pipe (EPIPE) errors.
+ __ret = EXIT_OOPS
+ except apx.VersionException, __e:
+ error(_("The sysrepo command appears out of sync with the "
+ "libraries provided\nby pkg:/package/pkg. The client "
+ "version is %(client)s while the library\nAPI version is "
+ "%(api)s.") % {'client': __e.received_version,
+ 'api': __e.expected_version
+ })
+ __ret = EXIT_OOPS
+ except:
+ traceback.print_exc()
+ error(traceback_str)
+ __ret = 99
+ return __ret
+
+
+if __name__ == "__main__":
+ misc.setlocale(locale.LC_ALL, "", error)
+ gettext.install("pkg", "/usr/share/locale")
+
+ # Make all warnings be errors.
+ warnings.simplefilter('error')
+
+ __retval = handle_errors(main_func)
+ try:
+ logging.shutdown()
+ except IOError:
+ # Ignore python's spurious pipe problems.
+ pass
+ sys.exit(__retval)
--- a/src/tests/api/t_api.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/api/t_api.py Wed Apr 27 20:30:32 2011 -0700
@@ -41,7 +41,7 @@
import time
import unittest
-CLIENT_API_VERSION = 56
+CLIENT_API_VERSION = 57
PKG_CLIENT_NAME = "pkg"
class TestPkgApi(pkg5unittest.SingleDepotTestCase):
@@ -485,9 +485,11 @@
self.assertTrue(api_obj.has_publisher("bobcat"))
# Verify preferred publisher prefix is returned correctly.
- self.assertEqual(api_obj.get_preferred_publisher(), "bobcat")
+ self.assertEqual(api_obj.get_highest_ranked_publisher(),
+ "bobcat")
- # Verify that get_publisher returned the correct publisher object.
+ # Verify that get_publisher returned the correct publisher
+ # object.
pub = api_obj.get_publisher(prefix="bobcat")
self.assertEqual(pub.prefix, "bobcat")
@@ -510,7 +512,7 @@
# Now modify publisher information and update.
cpub.alias = "cat"
- repo = cpub.selected_repository
+ repo = cpub.repository
repo.name = "source"
repo.description = "xkcd.net/325"
repo.legal_uris = ["http://xkcd.com/license.html"]
@@ -521,7 +523,7 @@
# Verify that the update happened.
pub = api_obj.get_publisher(prefix="bobcat")
self.assertEqual(pub.alias, "cat")
- repo = pub.selected_repository
+ repo = pub.repository
self.assertEqual(repo.name, "source")
self.assertEqual(repo.description, "xkcd.net/325")
self.assertEqual(repo.legal_uris[0],
@@ -538,8 +540,8 @@
"mirrors", "name", "origins", "refresh_seconds",
"registered", "registration_uri", "related_uris",
"sort_policy"):
- srepo = pub.selected_repository
- crepo = cpub.selected_repository
+ srepo = pub.repository
+ crepo = cpub.repository
self.assertEqual(getattr(srepo, p), getattr(crepo, p))
cpub = None
@@ -590,7 +592,7 @@
self.assertEqual(pub.prefix, "bobcat")
self.assertEqual(pub.alias, "cat")
- repo = pub.selected_repository
+ repo = pub.repository
self.assertEqual(repo.name, "source")
self.assertEqual(repo.description, "xkcd.net/325")
self.assertEqual(repo.legal_uris[0],
@@ -944,6 +946,15 @@
api_obj.execute_plan()
api_obj.reset()
+ def test_syspub_version_error(self):
+ api_obj = self.image_create()
+ try:
+ api_obj.write_syspub("", [], 999)
+ except api_errors.UnsupportedP5SVersion, e:
+ str(e)
+ else:
+ raise RuntimeError("Expected write_syspub to raise "
+ "an exception.")
if __name__ == "__main__":
unittest.main()
--- a/src/tests/api/t_api_list.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/api/t_api_list.py Wed Apr 27 20:30:32 2011 -0700
@@ -44,7 +44,7 @@
import pkg.misc as misc
import pkg.version as version
-CLIENT_API_VERSION = 56
+CLIENT_API_VERSION = 57
PKG_CLIENT_NAME = "pkg"
class TestApiList(pkg5unittest.ManyDepotTestCase):
@@ -1100,7 +1100,8 @@
self.assertPrettyEqual(returned, expected)
# Change test2 to be ranked higher than test1.
- api_obj.set_pub_search_before("test2", "test1")
+ pub = api_obj.get_publisher(prefix="test2", duplicate=True)
+ api_obj.update_publisher(pub, search_before="test1")
# Re-test; test2 should now have its entries listed in place
# of test1's for the non-filtered case.
@@ -1165,7 +1166,8 @@
self.assertPrettyEqual(returned, expected)
# Reset publisher search order and re-test.
- api_obj.set_pub_search_before("test1", "test2")
+ pub = api_obj.get_publisher(prefix="test1", duplicate=True)
+ api_obj.update_publisher(pub, search_before="test2")
returned = self.__get_returned(api_obj.LIST_INSTALLED_NEWEST,
api_obj=api_obj)
--- a/src/tests/api/t_imageconfig.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/api/t_imageconfig.py Wed Apr 27 20:30:32 2011 -0700
@@ -21,7 +21,7 @@
#
#
-# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
#
import testutils
@@ -76,7 +76,7 @@
pub = self.ic.publishers["sfbay.sun.com"]
self.assertEqual(pub.alias, "zruty")
- repo = pub.selected_repository
+ repo = pub.repository
origin = repo.origins[0]
self.assertEqual(origin.uri, "http://zruty.sfbay:10001/")
self.assertEqual(origin.ssl_key, None)
--- a/src/tests/api/t_p5i.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/api/t_p5i.py Wed Apr 27 20:30:32 2011 -0700
@@ -95,15 +95,14 @@
def __get_bobcat_pub(self, omit_repo=False):
# First build a publisher object matching our expected data.
- repos = []
+ repo = None
if not omit_repo:
repo = publisher.Repository(description="xkcd.net/325",
legal_uris=["http://xkcd.com/license.html"],
name="source", origins=["http://localhost:12001/"],
refresh_seconds=43200)
- repos.append(repo)
pub = publisher.Publisher("bobcat", alias="cat",
- repositories=repos)
+ repository=repo)
return pub
@@ -141,7 +140,7 @@
self.assertEqual(pub.prefix, "bobcat")
self.assertEqual(pub.alias, "cat")
- repo = pub.selected_repository
+ repo = pub.repository
self.assertEqual(repo.name, "source")
self.assertEqual(repo.description, "xkcd.net/325")
self.assertEqual(repo.legal_uris[0],
@@ -246,7 +245,7 @@
# Now parse the result and verify no repositories are defined.
pub, pkg_names = p5i.parse(data=output)[0]
- self.assert_(not pub.selected_repository)
+ self.assert_(not pub.repository)
# Next, test the partial repository configuration case. No
# origin is provided, but everything else is.
@@ -280,7 +279,7 @@
pub = self.__get_bobcat_pub()
# Nuke the origin data.
- pub.selected_repository.reset_origins()
+ pub.repository.reset_origins()
# Dump the p5i data.
fobj = cStringIO.StringIO()
@@ -294,7 +293,7 @@
# Now parse the result and verify that there is a repository,
# but without origins information.
pub, pkg_names = p5i.parse(data=output)[0]
- self.assertPrettyEqual(pub.selected_repository.origins, [])
+ self.assertPrettyEqual(pub.repository.origins, [])
if __name__ == "__main__":
--- a/src/tests/api/t_p5p.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/api/t_p5p.py Wed Apr 27 20:30:32 2011 -0700
@@ -192,27 +192,12 @@
"publisher/test/file",
"publisher/test/file/0a",
"publisher/test/file/0a/0acf1107d31f3bab406f8611b21b8fade78ac874",
- "publisher/test/file/34",
- "publisher/test/file/34/344f2a94afd12146336340d71962254f647874be",
- "publisher/test/file/65",
- "publisher/test/file/65/65154063c6988c4de879751bb112703b06ba5129",
- "publisher/test/file/6c",
- "publisher/test/file/6c/6cd1527a2e4a2926b05663e0a29f0fd5207a7119",
- "publisher/test/file/97",
- "publisher/test/file/97/97ff81591147d40444c8fea6e794fefda382d199",
- "publisher/test/file/9c",
- "publisher/test/file/9c/9cb9f772cc4a01801b983f199114cc7884b026e3",
-
"publisher/test/file/a2",
"publisher/test/file/a2/a285ada5f3cae14ea00e97a8d99bd3e357cb0dca",
"publisher/test/file/b2",
"publisher/test/file/b2/b265f2ec87c4a55eb2b6b4c926e7c65f7247a27e",
- "publisher/test/file/d0",
- "publisher/test/file/d0/d087434b648f50ab20107b6dfb03f754a06fa462",
"publisher/test/file/dc",
"publisher/test/file/dc/dc84bd4b606fe43fc892eb245d9602b67f8cba38",
- "publisher/test/file/f7",
- "publisher/test/file/f7/f72001172042e0afafef7cf5a1f90697866acf3d",
"publisher/test/pkg",
"publisher/test/pkg/foo",
"publisher/test/pkg/%s" % self.foo.get_dir_path(),
@@ -392,9 +377,24 @@
# Verify the result.
arc = ptf.PkgTarFile(name=arc_path, mode="r")
- expected = self.multi_expected
+ expected = self.multi_expected[:]
+ action_certs = [self.calc_file_hash(t) for t in (
+ os.path.join(self.cs_dir, "cs1_ch5_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch1_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch2_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch3_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch4_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch5_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch1_ta3_cert.pem"),
+ )]
+ for hsh in action_certs:
+ d = "publisher/test/file/%s" % hsh[0:2]
+ f = "%s/%s" % (d, hsh)
+ expected.append(d)
+ expected.append(f)
+
actual = sorted(m.name for m in arc.getmembers())
- self.assertEqualDiff(expected, actual)
+ self.assertEqualDiff(sorted(set(expected)), actual)
os.unlink(arc_path)
os.unlink(foo_path)
@@ -440,8 +440,22 @@
# packages created from a repo.
expected = sorted(self.multi_expected +
["publisher/test/pub.p5i"])
+ action_certs = [self.calc_file_hash(t) for t in (
+ os.path.join(self.cs_dir, "cs1_ch5_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch1_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch2_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch3_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch4_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch5_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch1_ta3_cert.pem"),
+ )]
+ for hsh in action_certs:
+ d = "publisher/test/file/%s" % hsh[0:2]
+ f = "%s/%s" % (d, hsh)
+ expected.append(d)
+ expected.append(f)
actual = sorted(m.name for m in arc.getmembers())
- self.assertEqualDiff(expected, actual)
+ self.assertEqualDiff(sorted(set(expected)), actual)
os.unlink(arc_path)
@@ -774,8 +788,22 @@
# packages created from a repo.
expected = sorted(self.multi_expected +
["publisher/test/pub.p5i"])
+ action_certs = [self.calc_file_hash(t) for t in (
+ os.path.join(self.cs_dir, "cs1_ch5_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch1_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch2_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch3_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch4_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch5_ta1_cert.pem"),
+ os.path.join(self.chain_certs_dir, "ch1_ta3_cert.pem"),
+ )]
+ for hsh in action_certs:
+ d = "publisher/test/file/%s" % hsh[0:2]
+ f = "%s/%s" % (d, hsh)
+ expected.append(d)
+ expected.append(f)
actual = sorted(m.name for m in arc.getmembers())
- self.assertEqualDiff(expected, actual)
+ self.assertEqualDiff(sorted(set(expected)), actual)
arc.close()
# Verify pkg(5) archive class extraction behaviour using
--- a/src/tests/api/t_pkg_api_install.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/api/t_pkg_api_install.py Wed Apr 27 20:30:32 2011 -0700
@@ -637,10 +637,8 @@
# Now add the new publisher and remove the old one.
api_obj.reset()
npub = publisher.Publisher("test2",
- repositories=[publisher.Repository(origins=[new_repo_uri])])
- api_obj.add_publisher(npub)
- api_obj.reset()
- api_obj.set_preferred_publisher(prefix="test2")
+ repository=publisher.Repository(origins=[new_repo_uri]))
+ api_obj.add_publisher(npub, search_first=True)
api_obj.reset()
api_obj.remove_publisher(prefix="test")
--- a/src/tests/api/t_publisher.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/api/t_publisher.py Wed Apr 27 20:30:32 2011 -0700
@@ -339,8 +339,7 @@
"client_uuid": "2c6a8ff8-20e5-11de-a818-001fd0979039",
"disabled": True,
"meta_root": os.path.join(self.test_root, "bobcat"),
- "repositories": [robj, r2obj],
- "selected_repository": r2obj,
+ "repository": r2obj,
}
# Check that all properties can be set at construction time.
@@ -354,23 +353,20 @@
# Verify that a copy matches its original.
cpobj = copy.copy(pobj)
for p in pprops:
- if p in ("repositories", "selected_repository"):
+ if p == "repository":
# These attributes can't be directly compared.
continue
self.assertEqual(getattr(pobj, p), getattr(cpobj, p))
# Assume that if the origins match, we have the right selected
# repository.
- self.assertEqual(cpobj.selected_repository.origins,
+ self.assertEqual(cpobj.repository.origins,
r2obj.origins)
- # Compare all of the repository objects individually. Assume
- # that if the source_object_id matches, that the copy happened
- # correctly.
- for i in range(0, len(pobj.repositories)):
- srepo = pobj.repositories[i]
- crepo = cpobj.repositories[i]
- self.assertEqual(id(srepo), crepo._source_object_id)
+ # Compare the source_object_id of the copied repository object
+ # with the id of the source repository object.
+ self.assertEqual(id(pobj), cpobj._source_object_id)
+
cpobj = None
# Verify that individual properties can be set.
@@ -386,24 +382,12 @@
setattr(pobj, p, pprops[p])
self.assertEqual(getattr(pobj, p), pprops[p])
- pobj.selected_repository = robj
- self.assertEqual(pobj.selected_repository, robj)
+ pobj.repository = robj
+ self.assertEqual(pobj.repository, robj)
# An invalid value shouldn't be allowed.
self.assertRaises(api_errors.UnknownRepository, setattr,
- pobj, "selected_repository", -1)
-
- # A repository object not already in the list of repositories
- # shouldn't be allowed.
- self.assertRaises(api_errors.UnknownRepository, setattr,
- pobj, "selected_repository", publisher.Repository())
-
- # Verify that management methods work as expected.
- pobj.set_selected_repository(origin=r2obj.origins[-1])
- self.assertEqual(pobj.selected_repository, r2obj)
-
- pobj.set_selected_repository(name=robj.name)
- self.assertEqual(pobj.selected_repository, robj)
+ pobj, "repository", -1)
pobj.reset_client_uuid()
self.assertNotEqual(pobj.client_uuid, None)
@@ -415,25 +399,6 @@
pobj.remove_meta_root()
self.assertFalse(os.path.exists(pobj.meta_root))
- # Verify that get and remove works as expected.
- for r in pprops["repositories"]:
- gr = pobj.get_repository(name=r.name)
- self.assertEqual(r, gr)
-
- gr = pobj.get_repository(origin=r.origins[-1])
- self.assertEqual(r, gr)
-
- if r == pobj.selected_repository:
- # Attempting to remove the selected repository
- # should raise an exception.
- ex = api_errors.SelectedRepositoryRemoval
- self.assertRaises(ex, pobj.remove_repository,
- name=r.name)
- else:
- pobj.remove_repository(name=r.name)
- self.assertRaises(api_errors.UnknownRepository,
- pobj.get_repository, name=r.name)
-
if __name__ == "__main__":
unittest.main()
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/api/t_smf.py Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,376 @@
+#!/usr/bin/python
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+
+import testutils
+if __name__ == "__main__":
+ testutils.setup_environment("../../../proto")
+
+import os
+import pkg5unittest
+import unittest
+
+import pkg.smf as smf
+
+class TestSMF(pkg5unittest.SingleDepotTestCase):
+ # Only start/stop the depot once (instead of for every test)
+ persistent_setup = True
+
+ smf_cmds = { \
+ "usr/bin/svcprop" : """\
+#!/usr/bin/python
+
+import getopt
+import os
+import sys
+
+if __name__ == "__main__":
+ try:
+ opts, pargs = getopt.getopt(sys.argv[1:], "cp:")
+ except getopt.GetoptError, e:
+ usage(_("illegal global option -- %s") % e.opt)
+
+ found_c = False
+ prop = None
+ for opt, arg in opts:
+ if opt == "-c":
+ found_c = True
+ elif opt == "-p":
+ prop = arg
+ with open(os.path.join(os.environ["PKG_TEST_DIR"],
+ os.environ["PKG_SVCPROP_OUTPUT"]), "rb") as fh:
+ s = fh.read()
+ if prop:
+ prop_dict = {}
+ for l in s.splitlines():
+ t = l.split(None, 2)
+ if len(t) == 3:
+ prop_dict[t[0]] = t[2]
+ prop = prop_dict.get(prop, None)
+ if not found_c or not prop:
+ sys.exit(1)
+ print prop
+ sys.exit(0)
+ print s
+ sys.exit(0)
+""",
+ "usr/sbin/svcadm" : \
+"""#!/bin/sh
+echo $0 "$@" >> $PKG_TEST_DIR/svcadm_arguments
+exit $PKG_SVCADM_EXIT_CODE
+""",
+ "usr/bin/svcs" : \
+"""#!/bin/sh
+
+# called from pkg.client.actuator using 'svcs -H -o fmri <string>'
+# so $4 is the FMRI pattern that we're interested in resolving
+RETURN=0
+
+case $4 in
+ svc:/system/test_refresh_svc:default)
+ FMRI=$4
+ ;;
+ svc:/system/test_multi_svc?:default)
+ FMRI=$4
+ ;;
+ # the following are too relaxed, eg.
+ # "svcs sys/foo/tZst_suspend_svc:defXX"
+ # would match, but is sufficient for this test case as we only
+ # ever resolve services that truely exist here.
+ *sy*t?st_suspend_svc:def*)
+ FMRI=svc:/system/test_suspend_svc:default
+ ;;
+ *test_disable_svc*)
+ FMRI=svc:/system/test_disable_svc:default
+ ;;
+ *test_restart_svc*)
+ FMRI=svc:/system/test_restart_svc:default
+ ;;
+ *)
+ FMRI="ERROR - t_actuators.py svcs wrapper failed to match $4"
+ RETURN=1
+ ;;
+esac
+echo $FMRI
+exit $RETURN
+"""
+}
+ misc_files = { \
+ "svcprop_enabled" :
+"""general/enabled boolean true
+general/entity_stability astring Unstable
+general/single_instance boolean true
+restarter/start_pid count 4172
+restarter/start_method_timestamp time 1222382991.639687000
+restarter/start_method_waitstatus integer 0
+restarter/transient_contract count
+restarter/auxiliary_state astring none
+restarter/next_state astring none
+restarter/state astring online
+restarter/state_timestamp time 1222382991.644413000
+restarter_actions/refresh integer
+restarter_actions/maint_on integer
+restarter_actions/maint_off integer
+restarter_actions/restart integer
+local-filesystems/entities fmri svc:/system/filesystem/local
+local-filesystems/grouping astring require_all
+local-filesystems/restart_on astring none
+local-filesystems/type astring service
+remote-filesystems/entities fmri svc:/network/nfs/client svc:/system/filesystem/autofs
+remote-filesystems/grouping astring optional_all
+remote-filesystems/restart_on astring none
+remote-filesystems/type astring service
+startd/duration astring transient
+start/timeout_seconds count 0
+start/type astring method
+stop/exec astring :true
+stop/timeout_seconds count 0
+stop/type astring method""",
+
+ "svcprop_disabled" :
+"""general/enabled boolean false
+general/entity_stability astring Unstable
+general/single_instance boolean true
+restarter/start_pid count 4172
+restarter/start_method_timestamp time 1222382991.639687000
+restarter/start_method_waitstatus integer 0
+restarter/transient_contract count
+restarter/auxiliary_state astring none
+restarter/next_state astring none
+restarter/state astring disabled
+restarter/state_timestamp time 1222992132.445811000
+restarter_actions/refresh integer
+restarter_actions/maint_on integer
+restarter_actions/maint_off integer
+restarter_actions/restart integer
+local-filesystems/entities fmri svc:/system/filesystem/local
+local-filesystems/grouping astring require_all
+local-filesystems/restart_on astring none
+local-filesystems/type astring service
+remote-filesystems/entities fmri svc:/network/nfs/client svc:/system/filesystem/autofs
+remote-filesystems/grouping astring optional_all
+remote-filesystems/restart_on astring none
+remote-filesystems/type astring service
+startd/duration astring transient
+start/timeout_seconds count 0
+start/type astring method
+stop/exec astring :true
+stop/timeout_seconds count 0
+stop/type astring method""",
+
+ "svcprop_temp_enabled" :
+"""general/enabled boolean false
+general/entity_stability astring Unstable
+general/single_instance boolean true
+restarter/start_pid count 7816
+restarter/start_method_timestamp time 1222992237.506096000
+restarter/start_method_waitstatus integer 0
+restarter/transient_contract count
+restarter/auxiliary_state astring none
+restarter/next_state astring none
+restarter/state astring online
+restarter/state_timestamp time 1222992237.527408000
+restarter_actions/refresh integer
+restarter_actions/maint_on integer
+restarter_actions/maint_off integer
+restarter_actions/restart integer
+general_ovr/enabled boolean true
+local-filesystems/entities fmri svc:/system/filesystem/local
+local-filesystems/grouping astring require_all
+local-filesystems/restart_on astring none
+local-filesystems/type astring service
+remote-filesystems/entities fmri svc:/network/nfs/client svc:/system/filesystem/autofs
+remote-filesystems/grouping astring optional_all
+remote-filesystems/restart_on astring none
+remote-filesystems/type astring service
+startd/duration astring transient
+start/timeout_seconds count 0
+start/type astring method
+stop/exec astring :true
+stop/timeout_seconds count 0
+stop/type astring method""",
+
+ "svcprop_temp_disabled" :
+"""general/enabled boolean true
+general/entity_stability astring Unstable
+general/single_instance boolean true
+restarter/start_pid count 7816
+restarter/start_method_timestamp time 1222992237.506096000
+restarter/start_method_waitstatus integer 0
+restarter/transient_contract count
+restarter/auxiliary_state astring none
+restarter/next_state astring none
+restarter/state astring disabled
+restarter/state_timestamp time 1222992278.822335000
+restarter_actions/refresh integer
+restarter_actions/maint_on integer
+restarter_actions/maint_off integer
+restarter_actions/restart integer
+general_ovr/enabled boolean false
+local-filesystems/entities fmri svc:/system/filesystem/local
+local-filesystems/grouping astring require_all
+local-filesystems/restart_on astring none
+local-filesystems/type astring service
+remote-filesystems/entities fmri svc:/network/nfs/client svc:/system/filesystem/autofs
+remote-filesystems/grouping astring optional_all
+remote-filesystems/restart_on astring none
+remote-filesystems/type astring service
+startd/duration astring transient
+start/timeout_seconds count 0
+start/type astring method
+stop/exec astring :true
+stop/timeout_seconds count 0
+stop/type astring method""",
+
+ "svcprop_maintenance":
+"""general/enabled boolean true
+general/entity_stability astring Unstable
+general/single_instance boolean true
+restarter/start_pid count 4172
+restarter/start_method_timestamp time 1222382991.639687000
+restarter/start_method_waitstatus integer 0
+restarter/transient_contract count
+restarter/auxiliary_state astring none
+restarter/next_state astring none
+restarter/state astring maintenance
+restarter/state_timestamp time 1222382991.644413000
+restarter_actions/refresh integer
+restarter_actions/maint_on integer
+restarter_actions/maint_off integer
+restarter_actions/restart integer
+local-filesystems/entities fmri svc:/system/filesystem/local
+local-filesystems/grouping astring require_all
+local-filesystems/restart_on astring none
+local-filesystems/type astring service
+remote-filesystems/entities fmri svc:/network/nfs/client svc:/system/filesystem/autofs
+remote-filesystems/grouping astring optional_all
+remote-filesystems/restart_on astring none
+remote-filesystems/type astring service
+startd/duration astring transient
+start/timeout_seconds count 0
+start/type astring method
+stop/exec astring :true
+stop/timeout_seconds count 0
+stop/type astring method""",
+
+
+ "empty": "",
+}
+ def setUp(self):
+ pkg5unittest.SingleDepotTestCase.setUp(self)
+ self.make_misc_files(self.misc_files, prefix="testdata")
+
+ def test_smf(self):
+ """Test that the smf interface performs as expected."""
+
+ testdata_dir = os.path.join(self.test_root, "testdata")
+ svcadm_output = os.path.join(testdata_dir,
+ "svcadm_arguments")
+ os.environ["PKG_TEST_DIR"] = testdata_dir
+ os.environ["PKG_SVCADM_EXIT_CODE"] = "0"
+ os.environ["PKG_SVCPROP_EXIT_CODE"] = "0"
+
+ smf.restart("svc:/system/test_restart_svc:default")
+ self.file_contains(svcadm_output,
+ "svcadm restart svc:/system/test_restart_svc:default")
+ os.unlink(svcadm_output)
+
+ smf.refresh("svc:/system/test_refresh_svc:default")
+ self.file_contains(svcadm_output,
+ "svcadm refresh svc:/system/test_refresh_svc:default")
+ os.unlink(svcadm_output)
+
+ smf.mark("maintenance", "svc:/system/test_mark_svc:default")
+ self.file_contains(svcadm_output,
+ "svcadm mark maintenance svc:/system/test_mark_svc:default")
+ os.unlink(svcadm_output)
+
+ smf.mark("degraded", "svc:/system/test_mark_svc:default")
+ self.file_contains(svcadm_output,
+ "svcadm mark degraded svc:/system/test_mark_svc:default")
+ os.unlink(svcadm_output)
+
+ smf.disable("svc:/system/test_disable_svc:default")
+ self.file_contains(svcadm_output,
+ "svcadm disable -s svc:/system/test_disable_svc:default")
+ os.unlink(svcadm_output)
+
+ smf.disable("svc:/system/test_disable_svc:default",
+ temporary=True)
+ self.file_contains(svcadm_output,
+ "svcadm disable -s -t svc:/system/test_disable_svc:default")
+ os.unlink(svcadm_output)
+
+ smf.enable("svc:/system/test_enable_svc:default")
+ self.file_contains(svcadm_output,
+ "svcadm enable svc:/system/test_enable_svc:default")
+ os.unlink(svcadm_output)
+
+ smf.enable("svc:/system/test_enable_svc:default",
+ temporary=True)
+ self.file_contains(svcadm_output,
+ "svcadm enable -t svc:/system/test_enable_svc:default")
+ os.unlink(svcadm_output)
+
+ os.environ["PKG_SVCPROP_OUTPUT"] = "svcprop_enabled"
+ self.assertEqual(smf.get_prop("foo", "start/timeout_seconds"),
+ "0")
+ self.assertEqual(smf.get_prop("foo", "stop/exec"), ":true")
+
+ p = smf.get_props("foo")
+ self.assert_("start/timeout_seconds" in p)
+ self.assert_("0" in p["start/timeout_seconds"])
+ self.assert_("stop/exec" in p)
+ self.assert_("true" in p["stop/exec"])
+
+ # "a" should be removed from the list of fmris since it's not
+ # an instance.
+ fmris = smf.check_fmris("foo", set(["a"]))
+ self.assertEqual(fmris, set([]))
+
+ fmris = smf.check_fmris("foo",
+ set(["test_disable_svc:default"]))
+ self.assertEqual(fmris, set(["test_disable_svc:default"]))
+
+ fmris = smf.check_fmris("foo", set(["test_disable_svc*"]))
+ self.assertEqual(fmris,
+ set(["svc:/system/test_disable_svc:default"]))
+
+ self.assertEqual(smf.get_state("foo"), smf.SMF_SVC_ENABLED)
+ self.assert_(not smf.is_disabled("foo"))
+
+ os.environ["PKG_SVCPROP_OUTPUT"] = "svcprop_disabled"
+ self.assertEqual(smf.get_state("foo"), smf.SMF_SVC_DISABLED)
+ self.assert_(smf.is_disabled("foo"))
+
+ os.environ["PKG_SVCPROP_OUTPUT"] = "svcprop_temp_enabled"
+ self.assertEqual(smf.get_state("foo"), smf.SMF_SVC_TMP_ENABLED)
+ self.assert_(not smf.is_disabled("foo"))
+
+ os.environ["PKG_SVCPROP_OUTPUT"] = "svcprop_temp_disabled"
+ self.assertEqual(smf.get_state("foo"), smf.SMF_SVC_TMP_DISABLED)
+ self.assert_(smf.is_disabled("foo"))
+
+ os.environ["PKG_SVCPROP_OUTPUT"] = "svcprop_maintenance"
+ self.assertEqual(smf.get_state("foo"), smf.SMF_SVC_MAINTENANCE)
+ self.assert_(smf.is_disabled("foo"))
--- a/src/tests/cli/t_actuators.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/cli/t_actuators.py Wed Apr 27 20:30:32 2011 -0700
@@ -20,7 +20,7 @@
# CDDL HEADER END
#
-# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
import testutils
if __name__ == "__main__":
@@ -34,6 +34,52 @@
# Only start/stop the depot once (instead of for every test)
persistent_setup = True
+ smf_cmds = { \
+ "usr/bin/svcprop" :
+"""#!/bin/sh
+cat $PKG_TEST_DIR/$PKG_SVCPROP_OUTPUT
+exit $PKG_SVCPROP_EXIT_CODE
+""",
+ "usr/sbin/svcadm" : \
+"""#!/bin/sh
+echo $0 "$@" >> $PKG_TEST_DIR/svcadm_arguments
+exit $PKG_SVCADM_EXIT_CODE
+""",
+ "usr/bin/svcs" : \
+"""#!/bin/sh
+
+# called from pkg.client.actuator using 'svcs -H -o fmri <string>'
+# so $4 is the FMRI pattern that we're interested in resolving
+RETURN=0
+
+case $4 in
+ svc:/system/test_refresh_svc:default)
+ FMRI=$4
+ ;;
+ svc:/system/test_multi_svc?:default)
+ FMRI=$4
+ ;;
+ # the following are too relaxed, eg. "svcs sys/foo/tZst_suspend_svc:defXX"
+ # would match, but is sufficient for this test case as we only
+ # ever resolve services that truely exist here.
+ *sy*t?st_suspend_svc:def*)
+ FMRI=svc:/system/test_suspend_svc:default
+ ;;
+ *test_disable_svc*)
+ FMRI=svc:/system/test_disable_svc:default
+ ;;
+ *test_restart_svc*)
+ FMRI=svc:/system/test_restart_svc:default
+ ;;
+ *)
+ FMRI="ERROR - t_actuators.py svcs wrapper failed to match $4"
+ RETURN=1
+ ;;
+esac
+echo $FMRI
+exit $RETURN
+"""
+}
misc_files = { \
"svcprop_enabled" :
"""general/enabled boolean true
@@ -165,50 +211,6 @@
""",
"empty": "",
- "usr/bin/svcprop" :
-"""#!/bin/sh
-cat $PKG_TEST_DIR/$PKG_SVCPROP_OUTPUT
-exit $PKG_SVCPROP_EXIT_CODE
-""",
- "usr/sbin/svcadm" : \
-"""#!/bin/sh
-echo $0 "$@" >> $PKG_TEST_DIR/svcadm_arguments
-exit $PKG_SVCADM_EXIT_CODE
-""",
- "usr/bin/svcs" : \
-"""#!/bin/sh
-
-# called from pkg.client.actuator using 'svcs -H -o fmri <string>'
-# so $4 is the FMRI pattern that we're interested in resolving
-RETURN=0
-
-case $4 in
- svc:/system/test_refresh_svc:default)
- FMRI=$4
- ;;
- svc:/system/test_multi_svc?:default)
- FMRI=$4
- ;;
- # the following are too relaxed, eg. "svcs sys/foo/tZst_suspend_svc:defXX"
- # would match, but is sufficient for this test case as we only
- # ever resolve services that truely exist here.
- *sy*t?st_suspend_svc:def*)
- FMRI=svc:/system/test_suspend_svc:default
- ;;
- *test_disable_svc*)
- FMRI=svc:/system/test_disable_svc:default
- ;;
- *test_restart_svc*)
- FMRI=svc:/system/test_restart_svc:default
- ;;
- *)
- FMRI="ERROR - t_actuators.py svcs wrapper failed to match $4"
- RETURN=1
- ;;
-esac
-echo $FMRI
-exit $RETURN
-"""
}
testdata_dir = None
@@ -294,8 +296,7 @@
os.environ["PKG_SVCPROP_OUTPUT"] = "svcprop_enabled"
# test to see if our test service is restarted on install
- cmdstr = "--debug actuator_cmds_dir=%s" % self.testdata_dir
- self.pkg(cmdstr + " install [email protected]")
+ self.pkg("install [email protected]")
self.pkg("verify")
self.file_contains(svcadm_output,
@@ -303,14 +304,14 @@
os.unlink(svcadm_output)
# test to see if our test service is restarted on upgrade
- self.pkg(cmdstr + " install [email protected]")
+ self.pkg("install [email protected]")
self.pkg("verify")
self.file_contains(svcadm_output,
"svcadm restart svc:/system/test_restart_svc:default")
os.unlink(svcadm_output)
# test to see if our test service is restarted on uninstall
- self.pkg(cmdstr + " uninstall basics")
+ self.pkg("uninstall basics")
self.pkg("verify")
self.file_contains(svcadm_output,
"svcadm restart svc:/system/test_restart_svc:default")
@@ -320,7 +321,7 @@
os.environ["PKG_SVCPROP_OUTPUT"] = "svcprop_disabled"
# test to see to make sure we don't restart disabled service
- self.pkg(cmdstr + " install [email protected]")
+ self.pkg("install [email protected]")
self.pkg("verify")
self.file_doesnt_exist(svcadm_output)
@@ -328,7 +329,7 @@
os.environ["PKG_SVCPROP_EXIT_CODE"] = "1"
self.pkg("uninstall basics")
self.pkg("verify")
- self.pkg(cmdstr + " install [email protected]")
+ self.pkg("install [email protected]")
self.pkg("verify")
self.file_doesnt_exist(svcadm_output)
os.environ["PKG_SVCPROP_EXIT_CODE"] = "0"
@@ -337,7 +338,7 @@
os.environ["PKG_SVCPROP_OUTPUT"] = "svcprop_enabled"
# test to see if refresh works as designed, along w/ restart
- self.pkg(cmdstr + " install [email protected]")
+ self.pkg("install [email protected]")
self.pkg("verify")
self.file_contains(svcadm_output,
"svcadm restart svc:/system/test_restart_svc:default")
@@ -346,10 +347,10 @@
os.unlink(svcadm_output)
# test if suspend works
- self.pkg(cmdstr + " install [email protected]")
+ self.pkg("install [email protected]")
self.pkg("verify")
self.file_contains(svcadm_output,
- "svcadm disable -st svc:/system/test_suspend_svc:default")
+ "svcadm disable -s -t svc:/system/test_suspend_svc:default")
self.file_contains(svcadm_output,
"svcadm enable svc:/system/test_suspend_svc:default")
os.unlink(svcadm_output)
@@ -357,16 +358,16 @@
# test if suspend works properly w/ temp. enabled service
# make it look like our test service(s) is/are temp enabled
os.environ["PKG_SVCPROP_OUTPUT"] = "svcprop_temp_enabled"
- self.pkg(cmdstr + " install [email protected]")
+ self.pkg("install [email protected]")
self.pkg("verify")
self.file_contains(svcadm_output,
- "svcadm disable -st svc:/system/test_suspend_svc:default")
+ "svcadm disable -s -t svc:/system/test_suspend_svc:default")
self.file_contains(svcadm_output,
"svcadm enable -t svc:/system/test_suspend_svc:default")
os.unlink(svcadm_output)
# test if service is disabled on uninstall
- self.pkg(cmdstr + " uninstall basics")
+ self.pkg("uninstall basics")
self.pkg("verify")
self.file_contains(svcadm_output,
"svcadm disable -s svc:/system/test_disable_svc:default")
@@ -377,33 +378,34 @@
os.environ["PKG_SVCPROP_EXIT_CODE"] = "0"
# test that we do nothing for FMRIs with no instance specified
- self.pkg(cmdstr + " install [email protected]")
+ self.pkg("install [email protected]")
self.pkg("verify")
self.file_doesnt_exist(svcadm_output)
- self.pkg(cmdstr + " uninstall basics")
+ self.pkg("uninstall basics")
self.file_doesnt_exist(svcadm_output)
- # test that we do the right thing for multiple FMRIs with globbing chars
- self.pkg(cmdstr + " install [email protected]")
- self.pkg(cmdstr + " install [email protected]")
+ # test that we do the right thing for multiple FMRIs with
+ # globbing chars
+ self.pkg("install [email protected]")
+ self.pkg("install [email protected]")
self.pkg("verify")
for text in [ "svcadm refresh svc:/system/test_refresh_svc:default",
"svcadm refresh svc:/system/test_refresh_svc:default",
"svcadm restart svc:/system/test_restart_svc:default",
- "svcadm disable -st svc:/system/test_suspend_svc:default",
+ "svcadm disable -s -t svc:/system/test_suspend_svc:default",
"svcadm enable svc:/system/test_suspend_svc:default" ]:
self.file_contains(svcadm_output, text)
# Next test will get muddled if prior actuators get
# run too, so we test removal here.
- self.pkg(cmdstr + " uninstall basics")
+ self.pkg("uninstall basics")
self.file_contains(svcadm_output,
"svcadm disable -s svc:/system/test_disable_svc:default")
os.unlink(svcadm_output)
# Test with multi-valued actuators
- self.pkg(cmdstr + " install [email protected]")
+ self.pkg("install [email protected]")
self.pkg("verify")
self.file_contains(svcadm_output,
"svcadm restart svc:/system/test_multi_svc1:default "
@@ -412,14 +414,13 @@
# make it look like our test service is enabled
os.environ["PKG_SVCPROP_OUTPUT"] = "svcprop_enabled"
- self.pkg(cmdstr + " install [email protected]")
+ self.pkg("install [email protected]")
self.pkg("verify")
- self.pkg(cmdstr + " uninstall basics")
+ self.pkg("uninstall basics")
self.file_contains(svcadm_output,
"svcadm disable -s svc:/system/test_multi_svc1:default "
"svc:/system/test_multi_svc2:default")
os.unlink(svcadm_output)
-
if __name__ == "__main__":
unittest.main()
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/cli/t_https.py Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,431 @@
+#!/usr/bin/python2.6
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+import sys
+
+import testutils
+if __name__ == "__main__":
+ testutils.setup_environment("../../../proto")
+import pkg5unittest
+
+import os
+
+import pkg.portable as portable
+from pkg.client.debugvalues import DebugValues
+from pkg.client.transport.exception import TransportFailures
+
+class TestHTTPS(pkg5unittest.SingleDepotTestCase):
+ # Tests in this suite use the read only data directory.
+ need_ro_data = True
+
+ example_pkg10 = """
+ open [email protected],5.11-0
+ add file tmp/example_file mode=0555 owner=root group=bin path=/usr/bin/example_path
+ close"""
+
+ misc_files = ["tmp/example_file"]
+
+ def pkg_image_create(self, *args, **kwargs):
+ pkg5unittest.SingleDepotTestCase.pkg_image_create(self,
+ *args, **kwargs)
+ self.ta_dir = os.path.join(self.img_path, "etc/certs/CA")
+ os.makedirs(self.ta_dir)
+
+ def image_create(self, *args, **kwargs):
+ pkg5unittest.SingleDepotTestCase.image_create(self,
+ *args, **kwargs)
+ self.ta_dir = os.path.join(self.img_path, "etc/certs/CA")
+ os.makedirs(self.ta_dir)
+
+ def pkg(self, command, *args, **kwargs):
+ # The value for ssl_ca_file is pulled from DebugValues because
+ # ssl_ca_file needs to be set there so the api object calls work
+ # as desired.
+ command = "--debug ssl_ca_file=%s %s" % \
+ (DebugValues["ssl_ca_file"], command)
+ return pkg5unittest.SingleDepotTestCase.pkg(self, command,
+ *args, **kwargs)
+
+ def seed_ta_dir(self, certs, dest_dir=None):
+ if isinstance(certs, basestring):
+ certs = [certs]
+ if not dest_dir:
+ dest_dir = self.ta_dir
+ self.assert_(dest_dir)
+ self.assert_(self.raw_trust_anchor_dir)
+ for c in certs:
+ name = "%s_cert.pem" % c
+ portable.copyfile(
+ os.path.join(self.raw_trust_anchor_dir, name),
+ os.path.join(dest_dir, name))
+ DebugValues["ssl_ca_file"] = os.path.join(dest_dir,
+ name)
+
+ def killalldepots(self):
+ try:
+ pkg5unittest.SingleDepotTestCase.killalldepots(self)
+ finally:
+ if self.ac:
+ self.debug("killing apache controller")
+ try:
+ self.ac.kill()
+ except Exception,e :
+ pass
+
+ def setUp(self):
+ self.ac = None
+ pkg5unittest.SingleDepotTestCase.setUp(self, start_depot=True)
+ self.testdata_dir = os.path.join(self.test_root, "testdata")
+ self.make_misc_files(self.misc_files)
+
+ self.durl1 = self.dcs[1].get_depot_url()
+ self.rurl1 = self.dcs[1].get_repo_url()
+
+ # Set up the directories that apache needs.
+ self.apache_dir = os.path.join(self.test_root, "apache")
+ os.makedirs(self.apache_dir)
+ self.apache_log_dir = os.path.join(self.apache_dir,
+ "apache_logs")
+ os.makedirs(self.apache_log_dir)
+ self.apache_content_dir = os.path.join(self.apache_dir,
+ "apache_content")
+ self.pidfile = os.path.join(self.apache_dir, "httpd.pid")
+ self.common_config_dir = os.path.join(self.test_root,
+ "apache-serve")
+ # Choose a port for apache to run on.
+ self.https_port = self.next_free_port
+ self.next_free_port += 1
+
+ # Set up the paths to the certificates that will be needed.
+ self.path_to_certs = os.path.join(self.ro_data_root,
+ "signing_certs", "produced")
+ self.keys_dir = os.path.join(self.path_to_certs, "keys")
+ self.cs_dir = os.path.join(self.path_to_certs,
+ "code_signing_certs")
+ self.chain_certs_dir = os.path.join(self.path_to_certs,
+ "chain_certs")
+ self.pub_cas_dir = os.path.join(self.path_to_certs,
+ "publisher_cas")
+ self.inter_certs_dir = os.path.join(self.path_to_certs,
+ "inter_certs")
+ self.raw_trust_anchor_dir = os.path.join(self.path_to_certs,
+ "trust_anchors")
+ self.crl_dir = os.path.join(self.path_to_certs, "crl")
+
+ self.pkgsend_bulk(self.rurl1, self.example_pkg10)
+
+ conf_dict = {
+ "common_log_format": "%h %l %u %t \\\"%r\\\" %>s %b",
+ "https_port": self.https_port,
+ "log_locs": self.apache_log_dir,
+ "pidfile": self.pidfile,
+ "port": self.https_port,
+ "proxied-server": self.durl1,
+ "serve_root": self.apache_content_dir,
+ "server-ssl-cert":os.path.join(self.cs_dir,
+ "cs1_ta7_cert.pem"),
+ "server-ssl-key":os.path.join(self.keys_dir,
+ "cs1_ta7_key.pem"),
+ "server-ca-cert":os.path.join(self.raw_trust_anchor_dir,
+ "ta6_cert.pem"),
+ "server-ca-taname": "ta6",
+ "ssl-special": "%{SSL_CLIENT_I_DN_OU}",
+ }
+
+ self.https_conf_path = os.path.join(self.test_root,
+ "https.conf")
+ with open(self.https_conf_path, "wb") as fh:
+ fh.write(self.https_conf % conf_dict)
+
+ self.ac = pkg5unittest.ApacheController(self.https_conf_path,
+ self.https_port, self.common_config_dir, https=True)
+ self.acurl = self.ac.url
+
+ def test_01_basics(self):
+ """Test that adding a https publisher works and that a package
+ can be installed from that publisher."""
+
+ self.ac.start()
+ # Test that creating an image using a HTTPS repo without
+ # providing any keys or certificates fails.
+ self.assertRaises(TransportFailures, self.image_create,
+ self.acurl)
+ self.pkg_image_create(repourl=self.acurl, exit=1)
+ api_obj = self.image_create()
+ # Test that adding a HTTPS repo fails if the image does not
+ # contain the trust anchor to verify the server's identity.
+ self.pkg("set-publisher -k %(key)s -c %(cert)s -p %(url)s" % {
+ "url": self.acurl,
+ "cert": os.path.join(self.cs_dir, "cs1_ta6_cert.pem"),
+ "key": os.path.join(self.keys_dir, "cs1_ta6_key.pem"),
+ }, exit=1)
+ # Add the trust anchor needed to verify the server's identity to
+ # the image.
+ self.seed_ta_dir("ta7")
+ self.pkg("set-publisher -k %(key)s -c %(cert)s -p %(url)s" % {
+ "url": self.acurl,
+ "cert": os.path.join(self.cs_dir, "cs1_ta6_cert.pem"),
+ "key": os.path.join(self.keys_dir, "cs1_ta6_key.pem"),
+ })
+ api_obj = self.get_img_api_obj()
+ self._api_install(api_obj, ["example_pkg"])
+
+ https_conf = """\
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path. If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "/var/apache2/2.2/logs/foo_log"
+# with ServerRoot set to "/usr/apache2/2.2" will be interpreted by the
+# server as "/usr/apache2/2.2//var/apache2/2.2/logs/foo_log".
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path. If you point
+# ServerRoot at a non-local disk, be sure to point the LockFile directive
+# at a local disk. If you wish to share the same ServerRoot for multiple
+# httpd daemons, you will need to change at least LockFile and PidFile.
+#
+ServerRoot "/usr/apache2/2.2"
+
+PidFile "%(pidfile)s"
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses.
+#
+Listen 0.0.0.0:%(https_port)s
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines within the appropriate
+# (32-bit or 64-bit module) /etc/apache2/2.2/conf.d/modules-*.load file so that
+# the directives contained in it are actually available _before_ they are used.
+#
+<IfDefine 64bit>
+Include /etc/apache2/2.2/conf.d/modules-64.load
+</IfDefine>
+<IfDefine !64bit>
+Include /etc/apache2/2.2/conf.d/modules-32.load
+</IfDefine>
+
+<IfModule !mpm_netware_module>
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User webservd
+Group webservd
+
+</IfModule>
+
+# 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition. These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+ServerName 127.0.0.1
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/"
+
+#
+# Each directory to which Apache has access can be configured with respect
+# to which services and features are allowed and/or disabled in that
+# directory (and its subdirectories).
+#
+# First, we configure the "default" to be a very restrictive set of
+# features.
+#
+<Directory />
+ Options None
+ AllowOverride None
+ Order deny,allow
+ Deny from all
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# This should be changed to whatever you set DocumentRoot to.
+#
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+<IfModule dir_module>
+ DirectoryIndex index.html
+</IfModule>
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+ Order allow,deny
+ Deny from all
+ Satisfy All
+</FilesMatch>
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog "%(log_locs)s/error_log"
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel debug
+
+
+
+<IfModule log_config_module>
+ #
+ # The following directives define some format nicknames for use with
+ # a CustomLog directive (see below).
+ #
+ LogFormat "%(common_log_format)s" common
+
+ #
+ # The location and format of the access logfile (Common Logfile Format).
+ # If you do not define any access logfiles within a <VirtualHost>
+ # container, they will be logged here. Contrariwise, if you *do*
+ # define per-<VirtualHost> access logfiles, transactions will be
+ # logged therein and *not* in this file.
+ #
+ CustomLog "%(log_locs)s/access_log" common
+</IfModule>
+
+#
+# DefaultType: the default MIME type the server will use for a document
+# if it cannot otherwise determine one, such as from filename extensions.
+# If your server contains mostly text or HTML documents, "text/plain" is
+# a good value. If most of your content is binary, such as applications
+# or images, you may want to use "application/octet-stream" instead to
+# keep browsers from trying to display binary files as though they are
+# text.
+#
+DefaultType text/plain
+
+<IfModule mime_module>
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/apache2/2.2/mime.types
+
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file specified in TypesConfig for specific file types.
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+
+ # Add a new mime.type for .p5i file extension so that clicking on
+ # this file type on a web page launches PackageManager in a Webinstall mode.
+ AddType application/vnd.pkg5.info .p5i
+</IfModule>
+
+#
+# Note: The following must must be present to support
+# starting without SSL on platforms with no /dev/random equivalent
+# but a statically compiled-in mod_ssl.
+#
+<IfModule ssl_module>
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+</IfModule>
+
+<VirtualHost 0.0.0.0:%(https_port)s>
+ AllowEncodedSlashes On
+ ProxyRequests Off
+ MaxKeepAliveRequests 10000
+
+ SSLEngine On
+
+ # Cert paths
+ SSLCertificateFile %(server-ssl-cert)s
+ SSLCertificateKeyFile %(server-ssl-key)s
+
+ # Combined product CA certs for client verification
+ SSLCACertificateFile %(server-ca-cert)s
+
+ SSLVerifyClient require
+
+ <Location />
+ SSLVerifyDepth 1
+
+ # The client's certificate must pass verification, and must have
+ # a CN which matches this repository.
+ SSLRequire ( %(ssl-special)s =~ m/%(server-ca-taname)s/ )
+
+ # set max to number of threads in depot
+ ProxyPass %(proxied-server)s/ nocanon max=500
+ </Location>
+</VirtualHost>
+
+
+"""
--- a/src/tests/cli/t_pkg_depotd.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/cli/t_pkg_depotd.py Wed Apr 27 20:30:32 2011 -0700
@@ -512,12 +512,10 @@
repo = self.__dc.get_repo()
pub = repo.get_publisher("test")
- pub_repo = pub.selected_repository
+ pub_repo = pub.repository
if not pub_repo:
pub_repo = publisher.Repository()
- while pub.repositories:
- pub.repositories.pop()
- pub.repositories.append(pub_repo)
+ pub.repository = pub_repo
pub_repo.origins = [durl]
repo.update_publisher(pub)
@@ -798,12 +796,10 @@
pub = publisher.Publisher("org.opensolaris.pending")
repo.add_publisher(pub)
- pub_repo = pub.selected_repository
+ pub_repo = pub.repository
if not pub_repo:
pub_repo = publisher.Repository()
- while pub.repositories:
- pub.repositories.pop()
- pub.repositories.append(pub_repo)
+ pub.repository = pub_repo
for attr, val in self.pub_repo_cfg.iteritems():
setattr(pub_repo, attr, val)
@@ -832,7 +828,7 @@
self.assertEqual(getattr(pub, prop),
cfgdata["publisher"][prop])
- repo = pub.selected_repository
+ repo = pub.repository
for prop, expected in self.pub_repo_cfg.iteritems():
returned = getattr(repo, prop)
if prop.endswith("uris") or prop == "origins":
--- a/src/tests/cli/t_pkg_history.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/cli/t_pkg_history.py Wed Apr 27 20:30:32 2011 -0700
@@ -21,7 +21,7 @@
#
#
-# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
#
import testutils
@@ -130,7 +130,6 @@
"uninstall",
"add-publisher",
"update-publisher",
- "set-preferred-publisher",
"remove-publisher",
"rebuild-index",
"fix"
--- a/src/tests/cli/t_pkg_image_create.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/cli/t_pkg_image_create.py Wed Apr 27 20:30:32 2011 -0700
@@ -21,7 +21,7 @@
#
#
-# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
#
import testutils
@@ -181,7 +181,7 @@
pub_val = getattr(pub, prop)
else:
pub_val = getattr(
- pub.selected_repository, prop)
+ pub.repository, prop)
if prop in ("legal_uris", "mirrors", "origins",
"related_uris"):
@@ -528,7 +528,7 @@
# Verify origin configuration is intact.
expected = """\
-test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\tfalse\ttrue\torigin\tonline\t%s/
test2\ttrue\tfalse\tfalse\torigin\tonline\t%s/
""" % (self.rurl1, self.rurl2)
self.pkg("publisher -HF tsv")
@@ -538,7 +538,7 @@
# Verify origin information matches expected if configuration
# changes are made.
expected = """\
-test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\tfalse\ttrue\torigin\tonline\t%s/
test2\ttrue\tfalse\tfalse\torigin\tonline\t%s/
""" % (self.rurl2, self.rurl2)
self.pkg("set-publisher --no-refresh -O %s test1" % self.rurl2)
--- a/src/tests/cli/t_pkg_property.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/cli/t_pkg_property.py Wed Apr 27 20:30:32 2011 -0700
@@ -21,7 +21,7 @@
#
#
-# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
#
import testutils
@@ -102,16 +102,6 @@
exit=1)
self.pkg("unset-property require-optional")
- def test_bug_4372(self):
- """Verify that preferred-publisher cannot be changed using the
- property commands, but can be read."""
-
- self.image_create(self.rurl)
-
- self.pkg("set-property preferred-publisher foo", exit=1)
- self.pkg("unset-property preferred-publisher", exit=1)
- self.pkg("property preferred-publisher")
-
if __name__ == "__main__":
unittest.main()
--- a/src/tests/cli/t_pkg_publisher.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/cli/t_pkg_publisher.py Wed Apr 27 20:30:32 2011 -0700
@@ -93,18 +93,10 @@
self.bogus_url)
self.pkg("unset-publisher test3 test4", exit=3)
- # ...when one of two provided is preferred (test2).
- self.pkg("set-publisher --no-refresh -O http://%s2 test3" %
- self.bogus_url)
- self.pkg("unset-publisher test2 test3", exit=3)
-
# ...when all provided are unknown.
self.pkg("unset-publisher test3 test4", exit=1)
self.pkg("unset-publisher test3", exit=1)
- # ...when all provided are preferred.
- self.pkg("unset-publisher test2", exit=1)
-
# Now verify that success occurs when attempting to remove
# one or more publishers:
@@ -316,7 +308,7 @@
self.pkg("set-publisher --no-refresh -O http://%s2 test2" %
self.bogus_url)
- base_string = ("test\ttrue\ttrue\ttrue\torigin\tonline\t"
+ base_string = ("test\ttrue\tfalse\ttrue\torigin\tonline\t"
"%s/\n"
"test1\ttrue\tfalse\ttrue\torigin\tonline\t"
"https://test.invalid1/\n"
@@ -324,7 +316,7 @@
"http://test.invalid2/\n" % self.rurl)
# With headers
self.pkg("publisher -F tsv")
- expected = "PUBLISHER\tSTICKY\tPREFERRED\tENABLED" \
+ expected = "PUBLISHER\tSTICKY\tSYSPUB\tENABLED" \
"\tTYPE\tSTATUS\tURI\n" + base_string
output = self.reduceSpaces(self.output)
self.assertEqualDiff(expected, output)
@@ -434,18 +426,18 @@
pkg5unittest.ManyDepotTestCase.setUp(self, ["test1", "test2",
"test3", "test1", "test1", "test3"], start_depots=True)
- durl1 = self.dcs[1].get_depot_url()
- self.pkgsend_bulk(durl1, self.foo1)
+ self.durl1 = self.dcs[1].get_depot_url()
+ self.pkgsend_bulk(self.durl1, self.foo1)
- durl2 = self.dcs[2].get_depot_url()
- self.pkgsend_bulk(durl2, self.bar1)
+ self.durl2 = self.dcs[2].get_depot_url()
+ self.pkgsend_bulk(self.durl2, self.bar1)
- durl3 = self.dcs[3].get_depot_url()
- self.pkgsend_bulk(durl3, self.baz1)
+ self.durl3 = self.dcs[3].get_depot_url()
+ self.pkgsend_bulk(self.durl3, self.baz1)
- self.image_create(durl1, prefix="test1")
- self.pkg("set-publisher -O " + durl2 + " test2")
- self.pkg("set-publisher -O " + durl3 + " test3")
+ self.image_create(self.durl1, prefix="test1")
+ self.pkg("set-publisher -O " + self.durl2 + " test2")
+ self.pkg("set-publisher -O " + self.durl3 + " test3")
self.path_to_certs = os.path.join(self.ro_data_root,
"signing_certs", "produced")
@@ -538,7 +530,7 @@
pub_val = getattr(pub, prop)
else:
pub_val = getattr(
- pub.selected_repository, prop)
+ pub.repository, prop)
if prop in ("legal_uris", "mirrors", "origins",
"related_uris"):
@@ -818,7 +810,7 @@
self.pkg("list -a bar", exit=1)
self.pkg("publisher -a | grep test2")
- self.pkg("set-publisher -P test2", exit=1)
+ self.pkg("set-publisher -P test2")
self.pkg("publisher test2")
self.pkg("set-publisher -e test2")
self.pkg("publisher -n | grep test2")
@@ -833,13 +825,14 @@
self.pkg("publisher -n | grep test2")
self.pkg("list -a bar")
- # should fail because test is the preferred publisher
- self.pkg("set-publisher -d test1", exit=1)
- self.pkg("set-publisher --disable test1", exit=1)
-
def test_search_order(self):
"""Test moving search order around"""
- # following should be order from above test
+
+ # The expected publisher order is test1, test2, test3, with all
+ # publishers enabled and sticky.
+ self.pkg("set-publisher -e -P test1")
+ self.pkg("set-publisher -e --search-after test1 test2")
+ self.pkg("set-publisher -e --search-after test2 test3")
self.pkg("publisher") # ease debugging
self.pkg("publisher -H | head -1 | egrep test1")
self.pkg("publisher -H | head -2 | egrep test2")
@@ -873,6 +866,32 @@
self.pkg("set-publisher --search-before=test3 test3", exit=1)
self.pkg("set-publisher --search-after=test3 test3", exit=1)
+ # make sure that setting search order while adding a publisher
+ # works
+ self.pkg("unset-publisher test2")
+ self.pkg("unset-publisher test3")
+ self.pkg("set-publisher --search-before=test1 test2")
+ self.pkg("set-publisher --search-after=test2 test3")
+ self.pkg("publisher") # ease debugging
+ self.pkg("publisher -H | head -1 | egrep test2")
+ self.pkg("publisher -H | head -2 | egrep test3")
+ self.pkg("publisher -H | head -3 | egrep test1")
+
+ def test_publishers_only_from_installed_packages(self):
+ """Test that get_highest_rank_publisher works when there are
+ installed packages but no configured publishers."""
+
+ self.pkg("install foo bar baz")
+ self.pkg("unset-publisher test1")
+ self.pkg("unset-publisher test2")
+ self.pkg("unset-publisher test3")
+ self.pkg("publisher")
+
+ # set publishers to expected configuration
+ self.pkg("set-publisher -p %s" % self.durl1)
+ self.pkg("set-publisher -p %s" % self.durl2)
+ self.pkg("set-publisher -p %s" % self.durl3)
+
class TestPkgPublisherCACerts(pkg5unittest.ManyDepotTestCase):
# Tests in this suite use the read only data directory.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/cli/t_pkg_sysrepo.py Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,1567 @@
+#!/usr/bin/python2.6
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+import testutils
+if __name__ == "__main__":
+ testutils.setup_environment("../../../proto")
+import pkg5unittest
+
+import copy
+import hashlib
+import os
+import shutil
+import signal
+import sys
+import time
+
+import pkg.client.api as api
+import pkg.client.api_errors as apx
+import pkg.client.transport.exception as tx
+import pkg.misc as misc
+
+class PC(object):
+ """This class contains publisher configuration used for setting up the
+ depots and https apache instances needed by the tests."""
+
+ def __init__(self, url, sticky=True, mirrors=misc.EmptyI, https=False,
+ server_ta=None, client_ta=None, disabled=False, name=None):
+ assert (https and server_ta and client_ta) or \
+ not (https or server_ta or client_ta)
+ assert not disabled or name
+ self.url= url
+ self.sticky = sticky
+ self.https = https
+ self.mirrors = mirrors
+ self.server_ta = server_ta
+ self.client_ta = client_ta
+ self.disabled = disabled
+ self.name = name
+
+class TestSysrepo(pkg5unittest.ManyDepotTestCase):
+ # Tests in this suite use the read only data directory.
+ need_ro_data = True
+
+ example_pkg10 = """
+ open [email protected],5.11-0
+ add file tmp/example_file mode=0555 owner=root group=bin path=/usr/bin/example_path
+ close"""
+
+ foo10 = """
+ open [email protected],5.11-0
+ close"""
+
+ bar10 = """
+ open [email protected],5.11-0
+ close"""
+
+ misc_files = ["tmp/example_file"]
+
+ def killalldepots(self):
+ try:
+ pkg5unittest.ManyDepotTestCase.killalldepots(self)
+ finally:
+ if self.sc:
+ self.debug("stopping sysrepo")
+ try:
+ self.sc.stop()
+ except Exception, e:
+ try:
+ self.debug("killing sysrepo")
+ self.sc.kill()
+ except Exception, e:
+ pass
+ for ac in self.acs.values():
+ self.debug("stopping https apache proxy")
+ try:
+ ac.stop()
+ except Exception,e :
+ try:
+ self.debug(
+ "killing apache instance")
+ self.ac.kill()
+ except Exception, e:
+ pass
+
+ def setUp(self):
+ # These need to be set before calling setUp in case setUp fails.
+ self.sc = None
+ self.acs = {}
+ self.smf_cmds = {}
+
+ # These need to set to allow the smf commands to give the right
+ # responses.
+ self.sysrepo_port = self.next_free_port
+ self.next_free_port += 1
+ self.sysrepo_alt_port = self.next_free_port
+ self.next_free_port += 1
+
+ # Set up the smf commands that these tests use.
+ smf_conf_dict = {"proxy_port": self.sysrepo_port}
+ for n in self.__smf_cmds_template:
+ self.smf_cmds[n] = self.__smf_cmds_template[n] % \
+ smf_conf_dict
+
+ pkg5unittest.ManyDepotTestCase.setUp(self, ["test1", "test12",
+ "test3"], start_depots=True)
+ self.testdata_dir = os.path.join(self.test_root, "testdata")
+ self.make_misc_files(self.misc_files)
+
+ self.durl1 = self.dcs[1].get_depot_url()
+ self.durl2 = self.dcs[2].get_depot_url()
+ self.durl3 = self.dcs[3].get_depot_url()
+ self.rurl1 = self.dcs[1].get_repo_url()
+ self.rurl2 = self.dcs[2].get_repo_url()
+ self.rurl3 = self.dcs[3].get_repo_url()
+ self.apache_dir = os.path.join(self.test_root, "apache")
+ self.apache_log_dir = os.path.join(self.apache_dir,
+ "apache_logs")
+
+ self.pkgsend_bulk(self.rurl1, self.example_pkg10)
+ self.pkgsend_bulk(self.rurl2, self.foo10)
+ self.pkgsend_bulk(self.rurl3, self.bar10)
+
+ self.common_config_dir = os.path.join(self.test_root,
+ "apache-serve")
+ self.htdocs_dir = os.path.join(self.common_config_dir, "htdocs")
+ self.apache_confs = {}
+
+ self.rurl2_old = self.rurl2.rstrip("/") + ".old"
+ self.pkgsend(self.rurl2_old, "create-repository "
+ "--set-property publisher.prefix=test12")
+
+ # Establish the different publisher configurations that tests
+ # will need.
+ self.configs = {
+ "all-access": ([
+ PC(self.durl1),
+ PC(self.durl2, sticky=False),
+ PC(self.durl3)]),
+ "all-access-f": ([
+ PC(self.rurl1),
+ PC(self.rurl2, sticky=False),
+ PC(self.rurl3)]),
+ "disabled": ([
+ PC(self.durl1, disabled=True, name="test1"),
+ PC(self.durl2, sticky=False),
+ PC(self.durl3)]),
+ "https-access": ([
+ PC(self.durl1, https=True, server_ta="ta11",
+ client_ta="ta6"),
+ PC(self.durl2, sticky=False, https=True,
+ server_ta="ta7", client_ta="ta8"),
+ PC(self.durl3, https=True, server_ta="ta9",
+ client_ta="ta10")]),
+ "mirror-access": ([
+ PC(self.durl1, mirrors=[("test1", self.rurl1)]),
+ PC(self.durl2, sticky=False,
+ mirrors=[("test12", self.rurl2)]),
+ PC(self.durl3, mirrors=[("test3", self.rurl3)])]),
+ "mirror-access-f": ([
+ PC(self.rurl1, mirrors=[("test1", self.durl1)]),
+ PC(self.rurl2, sticky=False,
+ mirrors=[("test12", self.durl2)]),
+ PC(self.rurl3, mirrors=[("test3", self.durl3)])]),
+ "none": [],
+ "old-file": ([
+ PC(self.rurl1),
+ PC(self.rurl2_old, sticky=False),
+ PC(self.rurl3)]),
+ "test1": ([PC(self.durl1)]),
+ "test1-test12": ([
+ PC(self.durl1),
+ PC(self.durl2, sticky=False)]),
+ "test1-test3": ([
+ PC(self.durl1),
+ PC(self.durl3)]),
+ "test12": ([
+ PC(self.durl2, sticky=False)]),
+ "test12-test3": ([
+ PC(self.durl2, sticky=False),
+ PC(self.durl3)]),
+ "test3": ([PC(self.durl3)]),
+ }
+
+ # Config needed for https apache instances.
+ self.path_to_certs = os.path.join(self.ro_data_root,
+ "signing_certs", "produced")
+ self.keys_dir = os.path.join(self.path_to_certs, "keys")
+ self.cs_dir = os.path.join(self.path_to_certs,
+ "code_signing_certs")
+ self.chain_certs_dir = os.path.join(self.path_to_certs,
+ "chain_certs")
+ self.pub_cas_dir = os.path.join(self.path_to_certs,
+ "publisher_cas")
+ self.inter_certs_dir = os.path.join(self.path_to_certs,
+ "inter_certs")
+ self.raw_trust_anchor_dir = os.path.join(self.path_to_certs,
+ "trust_anchors")
+ self.crl_dir = os.path.join(self.path_to_certs, "crl")
+
+ self.base_conf_dict = {
+ "common_log_format": "%h %l %u %t \\\"%r\\\" %>s %b",
+ "ssl-special": "%{SSL_CLIENT_I_DN_OU}",
+ }
+ # Pick a directory to store all the https apache configuration
+ # in.
+ self.base_https_dir = os.path.join(self.test_root, "https")
+
+ def __start_https(self, pc):
+ # Start up an https apache config
+ cd = copy.copy(self.base_conf_dict)
+
+ # This apache instance will need a free port.
+ https_port = self.next_free_port
+ self.next_free_port += 1
+
+ # Set up the directories and configuration this instance of
+ # apache will need.
+ instance_dir = os.path.join(self.base_https_dir,
+ str(https_port))
+ log_dir = os.path.join(instance_dir, "https_logs")
+ content_dir = os.path.join(instance_dir, "content")
+ os.makedirs(instance_dir)
+ os.makedirs(log_dir)
+ os.makedirs(content_dir)
+ cd.update({
+ "https_port": https_port,
+ "log_locs": log_dir,
+ "pidfile": os.path.join(instance_dir, "httpd.pid"),
+ "port": https_port,
+ "proxied-server": pc.url,
+ "server-ca-cert":os.path.join(self.raw_trust_anchor_dir,
+ "%s_cert.pem" % pc.client_ta),
+ "server-ca-taname": pc.client_ta,
+ "serve_root": content_dir,
+ "server-ssl-cert":os.path.join(self.cs_dir,
+ "cs1_%s_cert.pem" % pc.server_ta),
+ "server-ssl-key":os.path.join(self.keys_dir,
+ "cs1_%s_key.pem" % pc.server_ta),
+ })
+ conf_path = os.path.join(instance_dir, "https.conf")
+ with open(conf_path, "wb") as fh:
+ fh.write(self.https_conf % cd)
+
+ ac = pkg5unittest.ApacheController(conf_path, https_port,
+ instance_dir, https=True)
+ self.acs[pc.url] = ac
+ ac.start()
+ return ac
+
+ def __prep_configuration(self, names, port=None):
+ if not port:
+ port = self.sysrepo_port
+ self.__configured_names = []
+ if isinstance(names, basestring):
+ names = [names]
+ for name in names:
+ pcs = self.configs[name]
+ self.image_create()
+ for pc in pcs:
+ cmd = "set-publisher"
+ if not pc.sticky:
+ cmd += " --non-sticky"
+ if not pc.https:
+ cmd += " -p %s" % pc.url
+ else:
+ if pc.url in self.acs:
+ ac = self.acs[pc.url]
+ else:
+ ac = self.__start_https(pc)
+ # Configure image to use apache instance
+ cmd = " --debug " \
+ "ssl_ca_file=%(ca_file)s %(cmd)s " \
+ "-k %(key)s -c %(cert)s " \
+ "-p %(url)s" % {
+ "ca_file": os.path.join(
+ self.raw_trust_anchor_dir,
+ "%s_cert.pem" %
+ pc.server_ta),
+ "cert": os.path.join(
+ self.cs_dir,
+ "cs1_%s_cert.pem" %
+ pc.client_ta),
+ "cmd": cmd,
+ "key": os.path.join(
+ self.keys_dir,
+ "cs1_%s_key.pem" %
+ pc.client_ta),
+ "url": ac.url,
+ }
+ self.pkg(cmd, debug_smf=False)
+ for pub, m in pc.mirrors:
+ self.pkg(
+ "set-publisher -m %s %s" % (m, pub))
+ if pc.disabled:
+ self.pkg("set-publisher -d %s" %
+ pc.name)
+
+ self.sysrepo("-l %(log_locs)s -p %(port)s "
+ "-r %(common_serve)s" % {
+ "log_locs": self.apache_log_dir,
+ "port": port,
+ "common_serve": self.common_config_dir
+ })
+ st = os.stat(os.path.join(self.common_config_dir,
+ "htdocs"))
+ uid = st.st_uid
+ gid = st.st_gid
+ conf_dir = os.path.join(self.test_root, "apache-conf",
+ name)
+ shutil.move(self.common_config_dir, conf_dir)
+ st2 = os.stat(conf_dir)
+ new_uid = st2.st_uid
+ new_gid = st2.st_gid
+ if new_uid != uid or new_gid != gid:
+ misc.recursive_chown_dir(conf_dir, uid, gid)
+ self.apache_confs[name] = os.path.join(self.test_root,
+ "apache-conf", name, "sysrepo_httpd.conf")
+ self.__configured_names.append(name)
+ self.image_destroy()
+
+ def __set_responses(self, name, update_conf=True):
+ if name not in self.__configured_names:
+ raise RuntimeError("%s hasn't been prepared for this "
+ "test." % name)
+ base_dir = os.path.join(self.test_root, "apache-conf", name,
+ "htdocs")
+ if not os.path.isdir(base_dir):
+ raise RuntimeError("Expected %s to already exist and "
+ "be a directory but it's not." % base_dir)
+ if os.path.isdir(self.htdocs_dir):
+ shutil.rmtree(self.htdocs_dir)
+ shutil.copytree(base_dir, self.htdocs_dir)
+ crypto_path = os.path.join(self.common_config_dir, "crypto.txt")
+ if os.path.exists(crypto_path):
+ os.chmod(crypto_path, 0600)
+ shutil.copy(os.path.join(self.test_root, "apache-conf", name,
+ "crypto.txt"), self.common_config_dir)
+ os.chmod(crypto_path, 0400)
+ st = os.stat(base_dir)
+ uid = st.st_uid
+ gid = st.st_gid
+ st2 = os.stat(self.htdocs_dir)
+ new_uid = st2.st_uid
+ new_gid = st2.st_gid
+ if uid != new_gid or gid != new_gid:
+ misc.recursive_chown_dir(self.common_config_dir, uid,
+ gid)
+ if update_conf and self.sc:
+ self.sc.conf = self.apache_confs[name]
+
+ def __check_publisher_info(self, expected, set_debug_value=True):
+ self.pkg("publisher -F tsv", debug_smf=set_debug_value)
+ output = self.reduceSpaces(self.output)
+ self.assertEqualDiff(expected, output, bound_white_space=True)
+
+ def __check_package_lists(self, expected):
+ self.pkg("list -a")
+ output = self.reduceSpaces(self.output)
+ self.assertEqualDiff(expected, output)
+
+ def __check_publisher_dirs(self, pubs):
+ pub_dir = os.path.join(self.img_path, "var/pkg/publisher")
+ for p in pubs:
+ if not os.path.isdir(os.path.join(pub_dir, p)):
+ raise RuntimeError("Publisher %s was expected "
+ "to exist but its directory is missing "
+ "from the image directory." % p)
+ for d in os.listdir(pub_dir):
+ if d not in pubs:
+ raise RuntimeError("%s was not expected in the "
+ "publisher directory but was found." % d)
+
+ def test_01_basics(self):
+ """Test that an image with no publishers can be created and that
+ it can pick up its publisher configuration from the system
+ repository."""
+
+ self.__prep_configuration("all-access")
+ self.__set_responses("all-access")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["all-access"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+ self.sc.start()
+ api_obj = self.image_create(props={"use-system-repo": True})
+ # Make sure that the publisher catalogs were created.
+ for n in ("test1", "test12", "test3"):
+ self.assert_(os.path.isdir(os.path.join(self.img_path,
+ "var/pkg/publisher/%s" % n)))
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.durl1, self.durl2, self.durl3)
+ self.__check_publisher_info(expected)
+
+ self.pkg("publisher test1")
+ # Test that the publishers have the right uris.
+ self.pkg(
+ "publisher test1 | grep 'proxy://%s'" % self.durl1)
+ self.pkg(
+ "publisher test12 | grep 'proxy://%s'" % self.durl2)
+ self.pkg(
+ "publisher test3 | grep 'proxy://%s'" % self.durl3)
+ # Test that a new pkg process will pick up the right catalog.
+ self.pkg("list -a")
+ self.pkg("install example_pkg")
+
+ # Test that the current api object has the right catalog.
+ self._api_install(api_obj, ["foo", "bar"])
+
+ def test_02_communication(self):
+ """Test that the transport for communicating with the depots is
+ actually going through the proxy. This is done by
+ "misconfiguring" the system repository so that it refuses to
+ proxy to certain depots then operations which would communicate
+ with those depots fail."""
+
+ self.__prep_configuration(["all-access", "none", "test12-test3",
+ "test3"])
+ self.__set_responses("all-access")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["none"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+
+ self.sc.start()
+ self.assertRaises(apx.CatalogRefreshException,
+ self.image_create, props={"use-system-repo": True})
+ self.sc.conf = self.apache_confs["all-access"]
+ api_obj = self.image_create(props={"use-system-repo": True})
+ self.sc.conf = self.apache_confs["none"]
+
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.durl1, self.durl2, self.durl3)
+ self.__check_publisher_info(expected)
+
+ self.pkg("list -a")
+ self.pkg("contents -rm example_pkg", exit=1)
+ self.pkg("contents -rm foo", exit=1)
+ self.pkg("contents -rm bar", exit=1)
+ self.pkg("install --no-refresh example_pkg", exit=1)
+ self.pkg("install --no-refresh foo", exit=1)
+ self.pkg("install --no-refresh bar", exit=1)
+ self.assertRaises(tx.TransportFailures, self._api_install,
+ api_obj, ["example_pkg"], refresh_catalogs=False)
+ self.assertRaises(tx.TransportFailures, self._api_install,
+ api_obj, ["foo"], refresh_catalogs=False)
+ self.assertRaises(tx.TransportFailures, self._api_install,
+ api_obj, ["bar"], refresh_catalogs=False)
+
+ self.sc.conf = self.apache_confs["test3"]
+ self.pkg("list -a")
+ self.pkg("contents -rm example_pkg", exit=1)
+ self.pkg("contents -rm foo", exit=1)
+ self.pkg("contents -rm bar")
+ self.assertRaises(tx.TransportFailures, self._api_install,
+ api_obj, ["example_pkg"], refresh_catalogs=False)
+ self.assertRaises(tx.TransportFailures, self._api_install,
+ api_obj, ["foo"], refresh_catalogs=False)
+ self._api_install(api_obj, ["bar"], refresh_catalogs=False)
+
+
+ self.sc.conf = self.apache_confs["test12-test3"]
+ self.pkg("list -a")
+ self.pkg("contents -rm example_pkg", exit=1)
+ self.pkg("contents -rm foo")
+ self.assertRaises(tx.TransportFailures, self._api_install,
+ api_obj, ["example_pkg"], refresh_catalogs=False)
+ self._api_install(api_obj, ["foo"], refresh_catalogs=False)
+
+ self.sc.conf = self.apache_confs["all-access"]
+ self.pkg("list -a")
+ self.pkg("contents -rm example_pkg")
+ self._api_install(api_obj, ["example_pkg"])
+
+ def test_03_user_modifying_configuration(self):
+ """Test that adding and removing origins to a system publisher
+ works as expected and that modifying other configuration of a
+ system publisher fails."""
+
+ self.__prep_configuration(["test1", "none"])
+ self.__set_responses("test1")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["test1"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+ self.sc.start()
+ api_obj = self.image_create(props={"use-system-repo": True})
+
+ # Test that most modifications to a system publisher fail.
+ self.pkg("set-publisher -d test1", exit=1)
+ self.pkg("set-publisher -e test1", exit=1)
+ self.pkg("set-publisher --non-sticky test1", exit=1)
+ self.pkg("set-publisher --sticky test1", exit=1)
+ self.pkg("set-publisher --set-property foo=bar test1", exit=1)
+ self.pkg("set-publisher --unset-property test-property test1",
+ exit=1)
+ self.pkg("set-publisher --add-property-value test-property=bar "
+ "test1", exit=1)
+ self.pkg("set-publisher --remove-property-value "
+ "test-property=test test1", exit=1)
+ self.pkg("unset-publisher test1", exit=1)
+ self.pkg("set-publisher --search-first test1", exit=1)
+ self.pkg("set-publisher -m %s test1" % self.rurl1)
+
+ # Add an origin to an existing system publisher.
+ self.pkg("set-publisher -g %s test1" % self.rurl1)
+
+ # Check that the publisher information is shown correctly.
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.rurl1, self.durl1)
+ self.__check_publisher_info(expected)
+
+ # Check that the publisher specific information has information
+ # for both origins.
+ self.pkg("publisher test1 | grep %s" % self.rurl1)
+ self.pkg("publisher test1 | grep proxy://%s/" % self.durl1)
+
+ # Change the proxy configuration so that the image can't use it
+ # to communicate with the depot. This forces communication to
+ # go through the user configured origin.
+ self.sc.conf = self.apache_confs["none"]
+
+ # Check that the catalog can be refreshed and that the
+ # communcation with the repository works.
+ self.pkg("contents -rm example_pkg")
+ self.pkg("refresh --full")
+
+ # Check that removing the system configured origin fails.
+ self.pkg("set-publisher -G %s test1" % self.durl1, exit=1)
+ self.pkg("set-publisher -G proxy://%s test1" % self.durl1,
+ exit=1)
+ # Check that removing the user configured origin succeeds.
+ self.pkg("set-publisher -G %s test1" % self.rurl1)
+
+ # Check that the user configured origin is gone.
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % self.durl1
+ self.__check_publisher_info(expected)
+
+ # Ensure that previous communication was going through the file
+ # repo by confirming that communication to the depot is still
+ # refused.
+ self.pkg("refresh --full", exit=1)
+
+ # Reenable access to the depot to make sure nothing has been
+ # broken in the image.
+ self.sc.conf = self.apache_confs["test1"]
+ self.pkg("refresh --full")
+
+ def test_04_changing_syspub_configuration(self):
+ """Test that changes to the syspub/0 response are handled
+ correctly by the client."""
+
+ # Check that a syspub/0 response with no configured publisers
+ # works.
+ self.__prep_configuration(["none", "test1-test12",
+ "test1-test3", "test12"])
+ self.__set_responses("none")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["none"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+ self.sc.start()
+ api_obj = self.image_create(props={"use-system-repo": True})
+
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+"""
+ self.__check_publisher_info(expected)
+
+ # The user configures test1 as a publisher.
+ self.pkg("set-publisher --non-sticky -p %s" % self.durl1)
+ self.__check_publisher_dirs(["test1"])
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\tfalse\tfalse\ttrue\torigin\tonline\t%s/
+""" % self.durl1
+ self.__check_publisher_info(expected)
+
+ self.pkg("set-publisher -d test1")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\tfalse\tfalse\tfalse\torigin\tonline\t%s/
+""" % self.durl1
+ self.__check_publisher_info(expected)
+ self.__check_publisher_dirs([])
+
+ # Now the syspub/0 response configures two publishers. The
+ # test12 publisher is totally new while the test1 publisher
+ # overlaps with the publisher the user configured.
+ self.__set_responses("test1-test12")
+
+ # Check that the syspub/0 sticky setting has overriden the user
+ # configuration and that the other publisher information is as
+ # expected.
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.durl1, self.durl1, self.durl2)
+ self.__check_publisher_info(expected)
+ self.__check_publisher_dirs([])
+
+ expected = """\
+NAME (PUBLISHER) VERSION STATE UFOXI
+example_pkg 1.0-0 known -----
+foo (test12) 1.0-0 known -----
+"""
+ self.__check_package_lists(expected)
+ self.pkg("refresh --full")
+
+ self.pkg("contents -rm example_pkg")
+ self.pkg("contents -rm foo")
+ self.pkg("contents -rm bar", exit=1)
+
+ # Now the syspub/0 response configures two publishers, test1 and
+ # test 3.
+ self.__set_responses("test1-test3")
+
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.durl1, self.durl1, self.durl3)
+ self.__check_publisher_info(expected)
+ # Only test1 is expected to exist because only it was present in
+ # both the old configuration and the current configuration.
+ self.__check_publisher_dirs(["test1"])
+
+ expected = """\
+NAME (PUBLISHER) VERSION STATE UFOXI
+bar (test3) 1.0-0 known -----
+example_pkg 1.0-0 known -----
+"""
+ self.__check_package_lists(expected)
+
+ self.pkg("contents -rm example_pkg")
+ self.pkg("contents -rm foo", exit=1)
+ self.pkg("contents -m foo", exit=1)
+ self.pkg("contents -rm bar")
+ self.pkg("refresh --full")
+
+ # The user adds an origin to the system publisher test3.
+ self.pkg("set-publisher -g %s test3" % self.durl3)
+
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.durl1, self.durl1, self.durl3, self.durl3)
+ self.__check_publisher_info(expected)
+ self.__check_publisher_dirs(["test1", "test3"])
+
+
+ expected = """\
+NAME (PUBLISHER) VERSION STATE UFOXI
+bar (test3) 1.0-0 known -----
+example_pkg 1.0-0 known -----
+"""
+ self.__check_package_lists(expected)
+ self.pkg("refresh --full")
+
+ # Now syspub/0 removes test1 and test3 as publishers and returns
+ # test12 as a publisher.
+ self.__set_responses("test12")
+
+ # test1 and test3 should be retained as a publisher because the
+ # user addded an origin for them. test1 should also return to
+ # the settings the user had previously configured. test12 should
+ # be listed first since, because it's a system publisher, it's
+ # higher ranked.
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test1\tfalse\tfalse\tfalse\torigin\tonline\t%s/
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.durl2, self.durl1, self.durl3)
+ self.__check_publisher_info(expected)
+
+ self.pkg("refresh --full")
+
+ expected = """\
+NAME (PUBLISHER) VERSION STATE UFOXI
+bar (test3) 1.0-0 known -----
+foo 1.0-0 known -----
+"""
+ self.__check_package_lists(expected)
+
+ # Install a package from test12.
+ self.pkg("install foo")
+
+ # Now syspub/0 removes test12 as a publisher as well.
+ self.__set_responses("none")
+
+ # test12 should be disabled and at the bottom of the list
+ # because a package was installed from it prior to its removal
+ # as a system publisher.
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\tfalse\tfalse\tfalse\torigin\tonline\t%s/
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test12\tfalse\ttrue\tfalse\torigin\tonline\tproxy://%s/
+""" % (self.durl1, self.durl3, self.durl2)
+ self.__check_publisher_info(expected)
+
+ # Uninstalling foo should remove test12 from the list of
+ # publishers.
+ self.pkg("uninstall foo")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\tfalse\tfalse\tfalse\torigin\tonline\t%s/
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.durl1, self.durl3)
+ self.__check_publisher_info(expected)
+
+ def test_05_simultaneous_change(self):
+ """Test that simultaneous changes in both user configuration and
+ system publisher state are handled correctly."""
+
+ self.__prep_configuration(["none", "test1", "test12"])
+ # Create an image with no user configured publishers and no
+ # system configured publishers.
+ self.__set_responses("none")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["none"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+ self.sc.start()
+ api_obj = self.image_create(props={"use-system-repo": True})
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+"""
+ self.__check_publisher_info(expected)
+
+ # Have the user configure test1 at the same time that test1 is
+ # made a system publisher.
+ self.__set_responses("test1")
+ # This fails in the same way that doing set-publisher -p for a
+ # repository which provides packages for an already configured
+ # publisher fails.
+ self.pkg("set-publisher -p %s" % self.rurl1, exit=1)
+ # Adding the origin to the publisher which now exists should
+ # work fine.
+ self.pkg("set-publisher -g %s test1" % self.rurl1)
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.rurl1, self.durl1)
+ self.__check_publisher_info(expected)
+
+ # The user adds an origin to test12 at the same time that test12
+ # first becomes known to the image.
+ self.__set_responses("test12")
+ self.pkg("set-publisher -g %s test12" % self.rurl2)
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test12\tfalse\ttrue\ttrue\torigin\tonline\t%s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test1\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.rurl2, self.durl2, self.rurl1)
+ self.__check_publisher_info(expected)
+
+ self.pkg("publisher")
+ self.debug(self.output)
+ # The user removes the origin for test12 at the same time that
+ # test12 stops being a system publisher and test1 is added as a
+ # system publisher.
+ self.__set_responses("test1")
+ self.pkg("set-publisher -G %s test12" % self.rurl2)
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test12\ttrue\tfalse\ttrue\t\t\t
+""" % (self.rurl1, self.durl1)
+ self.__check_publisher_info(expected)
+
+ # The user now removes the originless publisher
+ self.pkg("unset-publisher test12")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.rurl1, self.durl1)
+ self.__check_publisher_info(expected)
+
+ # The user now unsets test1 at the same time that test1 stops
+ # being a system publisher.
+ self.__set_responses("none")
+ self.pkg("unset-publisher test1")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+"""
+ self.__check_publisher_info(expected)
+
+ def test_06_ordering(self):
+ """Test that publishers have the right search order given both
+ user configuration and whether a publisher is a system
+ publisher."""
+
+ self.__prep_configuration(["all-access", "none", "test1"])
+ self.__set_responses("none")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["none"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+ self.sc.start()
+ api_obj = self.image_create(props={"use-system-repo": True})
+
+ self.pkg("set-publisher -p %s" % self.rurl3)
+ self.pkg("set-publisher -p %s" % self.rurl2)
+ self.pkg("set-publisher -p %s" % self.rurl1)
+
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test12\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test1\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.rurl3, self.rurl2, self.rurl1)
+ self.__check_publisher_info(expected)
+
+ self.__set_responses("all-access")
+
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\t%s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.rurl1, self.durl1, self.rurl2, self.durl2, self.rurl3, self.durl3)
+ self.__check_publisher_info(expected)
+
+ self.pkg("set-property use-system-repo False")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test12\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test1\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.rurl3, self.rurl2, self.rurl1)
+ self.__check_publisher_info(expected)
+
+ self.pkg("set-property use-system-repo True")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\t%s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.rurl1, self.durl1, self.rurl2, self.durl2, self.rurl3, self.durl3)
+ self.__check_publisher_info(expected)
+
+ self.__set_responses("test1")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test12\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.rurl1, self.durl1, self.rurl3, self.rurl2)
+ self.__check_publisher_info(expected)
+
+ self.pkg("set-publisher --search-before test3 test12")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test12\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.rurl1, self.durl1, self.rurl2, self.rurl3)
+ self.__check_publisher_info(expected)
+
+ self.pkg("set-publisher --search-after test3 test12")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test12\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.rurl1, self.durl1, self.rurl3, self.rurl2)
+ self.__check_publisher_info(expected)
+
+ self.pkg("set-publisher --search-before test1 test12", exit=1)
+ self.pkg("set-publisher -d --search-before test1 test12",
+ exit=1)
+ # Ensure that test12 is not disabled.
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test12\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.rurl1, self.durl1, self.rurl3, self.rurl2)
+ self.__check_publisher_info(expected)
+ self.pkg("set-publisher --search-after test1 test12", exit=1)
+ self.pkg("set-publisher --non-sticky --search-after test1 "
+ "test12", exit=1)
+ # Ensure that test12 is still sticky.
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test12\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.rurl1, self.durl1, self.rurl3, self.rurl2)
+ self.__check_publisher_info(expected)
+
+ # Check that attempting to change test12 relative to test1
+ # fails.
+ self.pkg("set-publisher --search-before test12 test1", exit=1)
+ self.pkg("set-publisher --search-after test12 test1", exit=1)
+ self.pkg("set-publisher --search-first test12")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\t%s/
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test12\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.rurl1, self.durl1, self.rurl2, self.rurl3)
+ self.__check_publisher_info(expected)
+
+ self.pkg("set-property use-system-repo False")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test12\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test3\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+test1\ttrue\tfalse\ttrue\torigin\tonline\t%s/
+""" % (self.rurl2, self.rurl3, self.rurl1)
+ self.__check_publisher_info(expected)
+
+ def test_07_environment_variable(self):
+ """Test that setting the environment variable PKG_SYSREPO_URL
+ sets the url that pkg uses to communicate with the system
+ repository."""
+
+ self.__prep_configuration(["all-access"],
+ port=self.sysrepo_alt_port)
+ self.__set_responses("all-access")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["all-access"],
+ self.sysrepo_alt_port, self.common_config_dir,
+ testcase=self)
+ self.sc.start()
+ old_psu = os.environ.get("PKG_SYSREPO_URL", None)
+ os.environ["PKG_SYSREPO_URL"] = "localhost:%s" % \
+ self.sysrepo_alt_port
+ api_obj = self.image_create(props={"use-system-repo": True})
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.durl1, self.durl2, self.durl3)
+ self.__check_publisher_info(expected, set_debug_value=False)
+ if old_psu:
+ os.environ["PKG_SYSREPO_URL"] = old_psu
+ else:
+ del os.environ["PKG_SYSREPO_URL"]
+
+ def test_08_file_repos(self):
+ """Test that proxied file repos work correctly."""
+
+ for i in self.dcs:
+ self.dcs[i].kill(now=True)
+ self.__prep_configuration(["all-access-f", "none"])
+ self.__set_responses("all-access-f")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["all-access-f"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+ self.sc.start()
+ api_obj = self.image_create(props={"use-system-repo": True})
+
+ # Find the hashes that will be included in the urls of the
+ # proxied file repos.
+ hash1 = hashlib.sha1("file://" +
+ self.dcs[1].get_repodir().rstrip("/")).hexdigest()
+ hash2 = hashlib.sha1("file://" +
+ self.dcs[2].get_repodir().rstrip("/")).hexdigest()
+ hash3 = hashlib.sha1("file://" +
+ self.dcs[3].get_repodir().rstrip("/")).hexdigest()
+
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test1/%(hash1)s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test12/%(hash2)s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test3/%(hash3)s/
+""" % {"port": self.sysrepo_port, "hash1": hash1, "hash2": hash2,
+ "hash3": hash3
+}
+ self.__check_publisher_info(expected)
+
+ # Check connectivity with the proxied repos.
+ self.pkg("install example_pkg")
+ self.pkg("contents -rm foo")
+ self.pkg("contents -rm bar")
+
+ # Check that proxied file repos that disappear vanish correctly,
+ # and that those with installed packages remain as disabled
+ # publishers.
+ self.__set_responses("none")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\tfalse\torigin\tonline\thttp://localhost:%(port)s/test1/%(hash1)s/
+""" % {"port": self.sysrepo_port, "hash1": hash1}
+ self.__check_publisher_info(expected)
+
+ # Check that when the user adds an origin to a former system
+ # publisher with an installed package, the publisher becomes
+ # enabled and is not a system publisher.
+ self.pkg("set-publisher -g %s test1" % self.rurl1)
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\tfalse\ttrue\torigin\tonline\t%(rurl1)s/
+""" % {"rurl1":self.rurl1}
+ self.__check_publisher_info(expected)
+
+ def test_09_test_file_http_transitions(self):
+ """Test that changing publishers from http to file repos and
+ back in the sysrepo works as expected."""
+
+ self.__prep_configuration(["all-access", "all-access-f",
+ "none"])
+ self.__set_responses("all-access-f")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["all-access-f"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+ self.sc.start()
+ api_obj = self.image_create(props={"use-system-repo": True})
+
+ # Find the hashes that will be included in the urls of the
+ # proxied file repos.
+ hash1 = hashlib.sha1("file://" +
+ self.dcs[1].get_repodir().rstrip("/")).hexdigest()
+ hash2 = hashlib.sha1("file://" +
+ self.dcs[2].get_repodir().rstrip("/")).hexdigest()
+ hash3 = hashlib.sha1("file://" +
+ self.dcs[3].get_repodir().rstrip("/")).hexdigest()
+
+ self.__set_responses("all-access-f")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test1/%(hash1)s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test12/%(hash2)s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test3/%(hash3)s/
+""" % {"port": self.sysrepo_port, "hash1": hash1, "hash2": hash2,
+ "hash3": hash3
+}
+ self.__check_publisher_info(expected)
+
+ self.__set_responses("all-access")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%s/
+""" % (self.durl1, self.durl2, self.durl3)
+ self.__check_publisher_info(expected)
+
+ def test_10_test_mirrors(self):
+ """Test that mirror information from the sysrepo is handled
+ correctly."""
+
+ self.__prep_configuration(["all-access", "all-access-f",
+ "mirror-access", "mirror-access-f", "none"])
+ self.__set_responses("mirror-access")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["mirror-access"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+ self.sc.start()
+ api_obj = self.image_create(props={"use-system-repo": True})
+
+ # Find the hashes that will be included in the urls of the
+ # proxied file repos.
+ hash1 = hashlib.sha1("file://" +
+ self.dcs[1].get_repodir().rstrip("/")).hexdigest()
+ hash2 = hashlib.sha1("file://" +
+ self.dcs[2].get_repodir().rstrip("/")).hexdigest()
+ hash3 = hashlib.sha1("file://" +
+ self.dcs[3].get_repodir().rstrip("/")).hexdigest()
+
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%(durl1)s/
+test1\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:%(port)s/test1/%(hash1)s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%(durl2)s/
+test12\tfalse\ttrue\ttrue\tmirror\tonline\thttp://localhost:%(port)s/test12/%(hash2)s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%(durl3)s/
+test3\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:%(port)s/test3/%(hash3)s/
+""" % {"port": self.sysrepo_port, "hash1": hash1, "hash2": hash2,
+ "hash3": hash3, "durl1": self.durl1, "durl2": self.durl2,
+ "durl3": self.durl3
+}
+ self.__check_publisher_info(expected)
+
+ self.__set_responses("mirror-access-f")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test1/%(hash1)s/
+test1\ttrue\ttrue\ttrue\tmirror\tonline\tproxy://%(durl1)s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test12/%(hash2)s/
+test12\tfalse\ttrue\ttrue\tmirror\tonline\tproxy://%(durl2)s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test3/%(hash3)s/
+test3\ttrue\ttrue\ttrue\tmirror\tonline\tproxy://%(durl3)s/
+""" % {"port": self.sysrepo_port, "hash1": hash1, "hash2": hash2,
+ "hash3": hash3, "durl1": self.durl1, "durl2": self.durl2,
+ "durl3": self.durl3
+}
+ self.__check_publisher_info(expected)
+
+ self.__set_responses("none")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+"""
+ self.__check_publisher_info(expected)
+
+ self.__set_responses("mirror-access-f")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test1/%(hash1)s/
+test1\ttrue\ttrue\ttrue\tmirror\tonline\tproxy://%(durl1)s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test12/%(hash2)s/
+test12\tfalse\ttrue\ttrue\tmirror\tonline\tproxy://%(durl2)s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test3/%(hash3)s/
+test3\ttrue\ttrue\ttrue\tmirror\tonline\tproxy://%(durl3)s/
+""" % {"port": self.sysrepo_port, "hash1": hash1, "hash2": hash2,
+ "hash3": hash3, "durl1": self.durl1, "durl2": self.durl2,
+ "durl3": self.durl3
+}
+ self.__check_publisher_info(expected)
+
+ self.__set_responses("all-access")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%(durl1)s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%(durl2)s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%(durl3)s/
+""" % {"durl1": self.durl1, "durl2": self.durl2, "durl3": self.durl3}
+ self.__check_publisher_info(expected)
+
+ self.__set_responses("mirror-access")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%(durl1)s/
+test1\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:%(port)s/test1/%(hash1)s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%(durl2)s/
+test12\tfalse\ttrue\ttrue\tmirror\tonline\thttp://localhost:%(port)s/test12/%(hash2)s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%(durl3)s/
+test3\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:%(port)s/test3/%(hash3)s/
+""" % {"port": self.sysrepo_port, "hash1": hash1, "hash2": hash2,
+ "hash3": hash3, "durl1": self.durl1, "durl2": self.durl2,
+ "durl3": self.durl3
+}
+ self.__check_publisher_info(expected)
+
+ def test_11_https_repos(self):
+ """Test that https repos are proxied correctly."""
+
+ self.__prep_configuration(["https-access", "none"])
+ self.__set_responses("https-access")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["https-access"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+ self.sc.start()
+ api_obj = self.image_create(props={"use-system-repo": True})
+
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%(ac1url)s/
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%(ac2url)s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%(ac3url)s/
+""" % {
+ "ac1url": self.acs[self.durl1].url.replace("https", "http"),
+ "ac2url": self.acs[self.durl2].url.replace("https", "http"),
+ "ac3url": self.acs[self.durl3].url.replace("https", "http")
+}
+ self.__check_publisher_info(expected)
+
+ api_obj = self.get_img_api_obj()
+ self._api_install(api_obj, ["example_pkg", "foo", "bar"])
+ api_obj = self.get_img_api_obj()
+ self._api_uninstall(api_obj, ["example_pkg", "foo", "bar"])
+ self.__set_responses("none")
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+"""
+ self.__check_publisher_info(expected)
+ self.pkg("contents -rm example_pkg", exit=1)
+
+ def test_12_disabled_repos(self):
+ """Test that repos which are disabled in the global zone do not
+ create problems."""
+
+ self.__prep_configuration(["disabled"])
+ self.__set_responses("disabled")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["disabled"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+ self.sc.start()
+ api_obj = self.image_create(props={"use-system-repo": True})
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test12\tfalse\ttrue\ttrue\torigin\tonline\tproxy://%(durl2)s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\tproxy://%(durl3)s/
+""" % {"durl2": self.durl2, "durl3": self.durl3}
+ self.__check_publisher_info(expected)
+
+ def test_13_old_file_repos(self):
+ """Test that file repos created with pkgsend are not configured
+ for the system repository."""
+
+ self.__prep_configuration(["old-file"])
+ self.__set_responses("old-file")
+ self.sc = pkg5unittest.SysrepoController(
+ self.apache_confs["old-file"], self.sysrepo_port,
+ self.common_config_dir, testcase=self)
+ self.sc.start()
+ api_obj = self.image_create(props={"use-system-repo": True})
+
+ # Find the hashes that will be included in the urls of the
+ # proxied file repos.
+ hash1 = hashlib.sha1("file://" +
+ self.dcs[1].get_repodir().rstrip("/")).hexdigest()
+ hash3 = hashlib.sha1("file://" +
+ self.dcs[3].get_repodir().rstrip("/")).hexdigest()
+
+ expected = """\
+PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI
+test1\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test1/%(hash1)s/
+test3\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:%(port)s/test3/%(hash3)s/
+""" % {"port": self.sysrepo_port, "hash1": hash1, "hash3": hash3}
+
+
+
+ __smf_cmds_template = { \
+ "usr/bin/svcprop" : """\
+#!/usr/bin/python
+
+import getopt
+import sys
+
+if __name__ == "__main__":
+ try:
+ opts, pargs = getopt.getopt(sys.argv[1:], "cp:")
+ except getopt.GetoptError, e:
+ usage(_("illegal global option -- %%s") %% e.opt)
+
+ prop_dict = {
+ "config/listen_host" : "localhost",
+ "config/listen_port" : "%(proxy_port)s",
+ "general/enabled" : "true",
+ }
+
+ found_c = False
+ prop = None
+ for opt, arg in opts:
+ if opt == "-c":
+ found_c = True
+ elif opt == "-p":
+ prop = arg
+ if prop:
+ prop = prop_dict.get(prop, None)
+ if not found_c or not prop:
+ sys.exit(1)
+ print prop
+ sys.exit(0)
+ for k, v in prop_dict.iteritems():
+ print "%%s %%s" %% (k, v)
+ sys.exit(0)
+""",
+
+ "usr/sbin/svcadm" : """\
+#!/usr/bin/python
+
+import getopt
+import sys
+
+if __name__ == "__main__":
+ try:
+ opts, pargs = getopt.getopt(sys.argv[1:], "cp:")
+ except getopt.GetoptError, e:
+ usage(_("illegal global option -- %%s") %% e.opt)
+
+ prop_dict = {
+ "config/proxy_host" : "localhost",
+ "config/proxy_port" : "%(proxy_port)s"
+ }
+
+ if len(pargs) != 2 or pargs[0] != "restart" or \
+ pargs[1] != "svc:/system/pkg/sysrepo":
+ sys.exit(1)
+ sys.exit(0)
+"""}
+
+ https_conf = """\
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path. If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "/var/apache2/2.2/logs/foo_log"
+# with ServerRoot set to "/usr/apache2/2.2" will be interpreted by the
+# server as "/usr/apache2/2.2//var/apache2/2.2/logs/foo_log".
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path. If you point
+# ServerRoot at a non-local disk, be sure to point the LockFile directive
+# at a local disk. If you wish to share the same ServerRoot for multiple
+# httpd daemons, you will need to change at least LockFile and PidFile.
+#
+ServerRoot "/usr/apache2/2.2"
+
+PidFile "%(pidfile)s"
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses.
+#
+Listen 0.0.0.0:%(https_port)s
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines within the appropriate
+# (32-bit or 64-bit module) /etc/apache2/2.2/conf.d/modules-*.load file so that
+# the directives contained in it are actually available _before_ they are used.
+#
+<IfDefine 64bit>
+Include /etc/apache2/2.2/conf.d/modules-64.load
+</IfDefine>
+<IfDefine !64bit>
+Include /etc/apache2/2.2/conf.d/modules-32.load
+</IfDefine>
+
+<IfModule !mpm_netware_module>
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User webservd
+Group webservd
+
+</IfModule>
+
+# 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition. These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+ServerName 127.0.0.1
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/"
+
+#
+# Each directory to which Apache has access can be configured with respect
+# to which services and features are allowed and/or disabled in that
+# directory (and its subdirectories).
+#
+# First, we configure the "default" to be a very restrictive set of
+# features.
+#
+<Directory />
+ Options None
+ AllowOverride None
+ Order deny,allow
+ Deny from all
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# This should be changed to whatever you set DocumentRoot to.
+#
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+<IfModule dir_module>
+ DirectoryIndex index.html
+</IfModule>
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+ Order allow,deny
+ Deny from all
+ Satisfy All
+</FilesMatch>
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog "%(log_locs)s/error_log"
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel debug
+
+
+
+<IfModule log_config_module>
+ #
+ # The following directives define some format nicknames for use with
+ # a CustomLog directive (see below).
+ #
+ LogFormat "%(common_log_format)s" common
+
+ #
+ # The location and format of the access logfile (Common Logfile Format).
+ # If you do not define any access logfiles within a <VirtualHost>
+ # container, they will be logged here. Contrariwise, if you *do*
+ # define per-<VirtualHost> access logfiles, transactions will be
+ # logged therein and *not* in this file.
+ #
+ CustomLog "%(log_locs)s/access_log" common
+</IfModule>
+
+#
+# DefaultType: the default MIME type the server will use for a document
+# if it cannot otherwise determine one, such as from filename extensions.
+# If your server contains mostly text or HTML documents, "text/plain" is
+# a good value. If most of your content is binary, such as applications
+# or images, you may want to use "application/octet-stream" instead to
+# keep browsers from trying to display binary files as though they are
+# text.
+#
+DefaultType text/plain
+
+<IfModule mime_module>
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/apache2/2.2/mime.types
+
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file specified in TypesConfig for specific file types.
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+
+ # Add a new mime.type for .p5i file extension so that clicking on
+ # this file type on a web page launches PackageManager in a Webinstall mode.
+ AddType application/vnd.pkg5.info .p5i
+</IfModule>
+
+#
+# Note: The following must must be present to support
+# starting without SSL on platforms with no /dev/random equivalent
+# but a statically compiled-in mod_ssl.
+#
+<IfModule ssl_module>
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+</IfModule>
+
+<VirtualHost 0.0.0.0:%(https_port)s>
+ AllowEncodedSlashes On
+ ProxyRequests Off
+ MaxKeepAliveRequests 10000
+
+ SSLEngine On
+
+ # Cert paths
+ SSLCertificateFile %(server-ssl-cert)s
+ SSLCertificateKeyFile %(server-ssl-key)s
+
+ # Combined product CA certs for client verification
+ SSLCACertificateFile %(server-ca-cert)s
+
+ SSLVerifyClient require
+
+ <Location />
+ SSLVerifyDepth 1
+
+ # The client's certificate must pass verification, and must have
+ # a CN which matches this repository.
+ SSLRequire ( %(ssl-special)s =~ m/%(server-ca-taname)s/ )
+
+ # set max to number of threads in depot
+ ProxyPass %(proxied-server)s/ nocanon max=500
+ </Location>
+</VirtualHost>
+
+
+"""
--- a/src/tests/cli/t_pkg_temp_sources.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/cli/t_pkg_temp_sources.py Wed Apr 27 20:30:32 2011 -0700
@@ -687,7 +687,7 @@
# and is enabled and sticky (-n omits disabled publishers).
self.pkg("publisher -nH")
expected = """\
-empty (preferred) origin online %s/
+empty origin online %s/
test
""" % self.empty_rurl
output = self.reduceSpaces(self.output)
@@ -754,7 +754,7 @@
# origins.
self.pkg("publisher -H")
expected = """\
-empty (preferred) origin online %s/
+empty origin online %s/
test
test2
""" % self.empty_rurl
--- a/src/tests/cli/t_publish_api.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/cli/t_publish_api.py Wed Apr 27 20:30:32 2011 -0700
@@ -21,7 +21,7 @@
#
#
-# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
#
import testutils
@@ -54,7 +54,7 @@
durl = self.dc.get_depot_url()
repouriobj = publisher.RepositoryURI(durl)
repo = publisher.Repository(origins=[repouriobj])
- pub = publisher.Publisher(prefix="repo1", repositories=[repo])
+ pub = publisher.Publisher(prefix="repo1", repository=repo)
xport_cfg = transport.GenericTransportCfg()
xport_cfg.add_publisher(pub)
xport = transport.Transport(xport_cfg)
@@ -80,7 +80,7 @@
repouriobj = publisher.RepositoryURI(location)
repo = publisher.Repository(origins=[repouriobj])
- pub = publisher.Publisher(prefix="repo1", repositories=[repo])
+ pub = publisher.Publisher(prefix="repo1", repository=repo)
xport_cfg = transport.GenericTransportCfg()
xport_cfg.add_publisher(pub)
xport = transport.Transport(xport_cfg)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/cli/t_sysrepo.py Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,391 @@
+#!/usr/bin/python
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+
+import testutils
+if __name__ == "__main__":
+ testutils.setup_environment("../../../proto")
+import pkg5unittest
+
+import hashlib
+import os
+import os.path
+import unittest
+import urllib2
+
+class TestBasicSysrepoCli(pkg5unittest.CliTestCase):
+ """Some basic tests checking that we can deal with all of our arguments
+ and that we handle invalid input correctly."""
+
+ def setUp(self):
+ self.sc = None
+ pkg5unittest.CliTestCase.setUp(self)
+ self.image_create()
+ self.default_sc_runtime = os.path.join(self.test_root,
+ "sysrepo_runtime")
+ self.default_sc_conf = os.path.join(self.default_sc_runtime,
+ "sysrepo_httpd.conf")
+
+ def tearDown(self):
+ try:
+ pkg5unittest.CliTestCase.tearDown(self)
+ finally:
+ if self.sc:
+ self.debug("stopping sysrepo")
+ try:
+ self.sc.stop()
+ except Exception, e:
+ try:
+ self.debug("killing sysrepo")
+ self.sc.kill()
+ except Exception, e:
+ pass
+
+ def _start_sysrepo(self, runtime_dir=None):
+ if not runtime_dir:
+ runtime_dir = self.default_sc_runtime
+ self.sysrepo_port = self.next_free_port
+ self.next_free_port += 1
+ self.sc = pkg5unittest.SysrepoController(self.default_sc_conf,
+ self.sysrepo_port, runtime_dir, testcase=self)
+ started = True
+ try:
+ self.sc.start()
+ except pkg5unittest.SysrepoStateException:
+ started = False
+ return started
+
+ def test_0_sysrepo(self):
+ """A very basic test to see that we can start the sysrepo."""
+
+ # ensure we fail when not supplying the required argument
+ self.sysrepo("", exit=2, fill_missing_args=False)
+
+ self.sysrepo("")
+ started = self._start_sysrepo()
+ self.assert_(started, "sysrepo was unable to start.")
+ self.sc.stop()
+
+ def test_1_sysrepo_usage(self):
+ """Tests that we show a usage message."""
+
+ ret, output = self.sysrepo("--help", out=True, exit=2)
+ self.assert_("Usage:" in output,
+ "No usage string printed: %s" % output)
+
+ def test_2_invalid_root(self):
+ """We return an error given an invalid image root"""
+
+ for invalid_root in ["/dev/null", "/etc/passwd", "/proc"]:
+ ret, output, err = self.sysrepo("-R %s" % invalid_root,
+ out=True, stderr=True, exit=1)
+ self.assert_(invalid_root in err, "error message "
+ "did not contain %s: %s" % (invalid_root, err))
+
+ def test_3_invalid_cache_dir(self):
+ """We return an error given an invalid cache_dir"""
+
+ for invalid_cache in ["/dev/null", "/etc/passwd"]:
+ ret, output, err = self.sysrepo("-c %s" % invalid_cache,
+ out=True, stderr=True, exit=1)
+ self.assert_(invalid_cache in err, "error message "
+ "did not contain %s: %s" % (invalid_cache, err))
+
+ def test_4_invalid_hostname(self):
+ """We return an error given an invalid hostname"""
+
+ for invalid_host in ["1.2.3.4.5.6", "pkgsysrepotestname", "."]:
+ ret, output, err = self.sysrepo("-h %s" % invalid_host,
+ out=True, stderr=True, exit=1)
+ self.assert_(invalid_host in err, "error message "
+ "did not contain %s: %s" % (invalid_host, err))
+
+ def test_5_invalid_logs_dir(self):
+ """We return an error given an invalid logs_dir"""
+
+ for invalid_log in ["/dev/null", "/etc/passwd"]:
+ ret, output, err = self.sysrepo("-l %s" % invalid_log,
+ out=True, stderr=True, exit=1)
+ self.assert_(invalid_log in err, "error message "
+ "did not contain %s: %s" % (invalid_log, err))
+
+ for invalid_log in ["/proc"]:
+ port = self.next_free_port
+ ret, output, err = self.sysrepo("-l %s -p %s" %
+ (invalid_log, port), out=True, stderr=True, exit=0)
+ started = self._start_sysrepo()
+ self.assertFalse(started, "sysrepo unexpectedly started"
+ " with invalid logdir %s" % invalid_log)
+ self.sc.stop()
+
+ def test_6_invalid_port(self):
+ """We return an error given an invalid port"""
+
+ for invalid_port in [999999, "bobcat", "-1234"]:
+ ret, output, err = self.sysrepo("-p %s" % invalid_port,
+ out=True, stderr=True, exit=1)
+ self.assert_(str(invalid_port) in err, "error message "
+ "did not contain %s: %s" % (invalid_port, err))
+
+ def test_7_invalid_runtime_dir(self):
+ """We return an error given an invalid runtime_dir"""
+
+ for invalid_runtime in ["/dev/null", "/etc/passwd", "/proc"]:
+ ret, output, err = self.sysrepo("-r %s" %
+ invalid_runtime, out=True, stderr=True, exit=1)
+ self.assert_(invalid_runtime in err, "error message "
+ "did not contain %s: %s" % (invalid_runtime, err))
+
+ def test_8_invalid_cache_size(self):
+ """We return an error given an invalid cache_size"""
+
+ for invalid_csize in [0, "cats", "-1234"]:
+ ret, output, err = self.sysrepo("-s %s" % invalid_csize,
+ out=True, stderr=True, exit=1)
+ self.assert_(str(invalid_csize) in err, "error message "
+ "did not contain %s: %s" % (invalid_csize, err))
+
+ def test_9_invalid_templates_dir(self):
+ """We return an error given an invalid templates_dir"""
+
+ for invalid_tmp in ["/dev/null", "/etc/passwd", "/proc"]:
+ ret, output, err = self.sysrepo("-t %s" % invalid_tmp,
+ out=True, stderr=True, exit=1)
+ self.assert_(invalid_tmp in err, "error message "
+ "did not contain %s: %s" % (invalid_tmp, err))
+
+class TestDetailedSysrepoCli(pkg5unittest.ManyDepotTestCase):
+
+ persistent_setup = True
+
+ sample_pkg = """
+ open [email protected],5.11-0
+ add file tmp/sample_file mode=0444 owner=root group=bin path=/usr/bin/sample
+ close"""
+
+ misc_files = ["tmp/sample_file"]
+
+ def setUp(self):
+ self.sc = None
+ # see test_7_response_overlaps
+ self.overlap_pubs = ["versions", "versionsX", "syspub",
+ "Xsyspub"]
+ pubs = ["test1", "test2"]
+ pubs.extend(self.overlap_pubs)
+ pkg5unittest.ManyDepotTestCase.setUp(self, pubs,
+ start_depots=True)
+ self.sc = None
+ self.default_sc_runtime = os.path.join(self.test_root,
+ "sysrepo_runtime")
+ self.default_sc_conf = os.path.join(self.default_sc_runtime,
+ "sysrepo_httpd.conf")
+ self.make_misc_files(self.misc_files)
+ self.durl1 = self.dcs[1].get_depot_url()
+ self.rurl1 = self.dcs[1].get_repo_url()
+ for dc_num in self.dcs:
+ durl = self.dcs[dc_num].get_depot_url()
+ self.pkgsend_bulk(durl, self.sample_pkg)
+ self.image_create(prefix="test1", repourl=self.durl1)
+
+ def killalldepots(self):
+ try:
+ pkg5unittest.ManyDepotTestCase.killalldepots(self)
+ finally:
+ if self.sc:
+ self.debug("stopping sysrepo")
+ try:
+ self.sc.stop()
+ except Exception, e:
+ try:
+ self.debug("killing sysrepo")
+ self.sc.kill()
+ except Exception, e:
+ pass
+
+ def _start_sysrepo(self, runtime_dir=None):
+ if not runtime_dir:
+ runtime_dir = self.default_sc_runtime
+ self.sysrepo_port = self.next_free_port
+ self.next_free_port += 1
+ self.sc = pkg5unittest.SysrepoController(self.default_sc_conf,
+ self.sysrepo_port, runtime_dir, testcase=self)
+ started = True
+ try:
+ self.sc.start()
+ except pkg5unittest.SysrepoStateException:
+ started = False
+ self.assert_(started, "Unable to start sysrepo!")
+
+ def test_1_substring_proxy(self):
+ """We can proxy publishers that are substrings of each other"""
+ # XXX not implemented yet
+ pass
+
+ def test_2_invalid_proxy(self):
+ """We return an invalid response for urls we don't proxy"""
+ # XXX not implemented yet
+ pass
+
+ def test_3_cache_dir(self):
+ """Our cache_dir value is used"""
+
+ cache_dir = os.path.join(self.test_root, "t_sysrepo_cache")
+ port = self.next_free_port
+ self.sysrepo("-R %s -c %s -p %s" % (self.get_img_path(),
+ cache_dir, port))
+ self._start_sysrepo()
+
+ # 1. grep for the Cache keyword in the httpd.conf
+ self.file_contains(self.default_sc_conf, "CacheEnable disk /")
+ self.file_doesnt_contain(self.default_sc_conf,
+ "CacheEnable mem")
+ self.file_doesnt_contain(self.default_sc_conf, "MCacheSize")
+ self.file_contains(self.default_sc_conf, "CacheRoot %s" %
+ cache_dir)
+
+ # 2. publish a file, then install using the proxy
+ # check that the proxy has written some content into the cache
+ # XXX not implemented yet.
+ self.sc.stop()
+
+ # 3. use urllib to pull the url for the file again, verify
+ # we've got a cache header on the HTTP response
+ # XXX not implemented yet.
+
+ # 4. ensure memory and None settings are written
+ cache_dir = "None"
+ self.sysrepo("-c %s -p %s" % (cache_dir, port))
+ self.file_doesnt_contain(self.default_sc_conf, "CacheEnable")
+
+ cache_dir = "memory"
+ self.sysrepo("-c %s -p %s" % (cache_dir, port))
+ self.file_doesnt_contain(self.default_sc_conf,
+ "CacheEnable disk")
+ self.file_contains(self.default_sc_conf, "CacheEnable mem")
+ self.file_contains(self.default_sc_conf, "MCacheSize")
+
+ def test_4_logs_dir(self):
+ """Our logs_dir value is used"""
+
+ logs_dir = os.path.join(self.test_root, "t_sysrepo_logs")
+ port = self.next_free_port
+ self.sysrepo("-l %s -p %s" % (logs_dir, port))
+ self._start_sysrepo()
+
+ # 1. grep for the logs dir in the httpd.conf
+ self.file_contains(self.default_sc_conf,
+ "ErrorLog \"%s/error_log\"" % logs_dir)
+ self.file_contains(self.default_sc_conf,
+ "CustomLog \"%s/access_log\"" % logs_dir)
+ # 2. verify our log files exist once the sysrepo has started
+ for name in ["error_log", "access_log"]:
+ os.path.exists(os.path.join(logs_dir, name))
+ self.sc.stop()
+
+ def test_5_port_host(self):
+ """Our port value is used"""
+
+ port = self.next_free_port
+ self.sysrepo("-p %s -h localhost" % port)
+ self._start_sysrepo()
+ self.file_contains(self.default_sc_conf, "Listen localhost:%s" %
+ port)
+ self.sc.stop()
+
+ def test_6_permissions(self):
+ """Our permissions are correct on all generated files"""
+
+ # 1. check the permissions
+ # XXX not implemented yet.
+ pass
+
+ def test_7_response_overlaps(self):
+ """We can proxy publishers that are == or substrings of our
+ known responses"""
+
+ overlap_dcs = []
+ # identify the interesting repos, those that we've configured
+ # using publisher prefixes that match our responses
+ for dc_num in [num for num in self.dcs if
+ (self.dcs[num].get_property("publisher", "prefix")
+ in self.overlap_pubs)]:
+ dc = self.dcs[dc_num]
+ name = dc.get_property("publisher", "prefix")
+ overlap_dcs.append(dc)
+ # we need to use -R here since it doesn't get added
+ # automatically by self.pkg() because we've got
+ # "versions" as one of the CLI args (it being an
+ # overlapping publisher name)
+ self.pkg("-R %(img)s set-publisher -g %(url)s %(pub)s" %
+ {"img": self.get_img_path(),
+ "url": dc.get_repo_url(), "pub": name})
+
+ # Start a system repo based on the configuration above
+ self.sysrepo("")
+ self._start_sysrepo()
+
+ # attempt to create images using the sysrepo
+ for dc in overlap_dcs:
+ pub = dc.get_property("publisher", "prefix")
+ hash = hashlib.sha1("file://" +
+ dc.get_repodir().rstrip("/")).hexdigest()
+ url = "http://localhost:%(port)s/%(pub)s/%(hash)s/" % \
+ {"port": self.sysrepo_port, "hash": hash,
+ "pub": pub}
+ self.img_path = os.path.join(self.test_root, "sysrepo_image")
+ self.pkg_image_create(prefix=pub, repourl=url)
+ self.pkg("-R %s install sample" % self.get_img_path())
+
+ self.sc.stop()
+
+ def test_8_file_publisher(self):
+ """A proxied file publisher works as a normal file publisher."""
+ #
+ # The standard system publisher client code does not use the
+ # "publisher/0" response, so we need this test to exercise that.
+
+ # create a version of this url with a symlink, to ensure we
+ # can follow links in urls
+ urlresult = urllib2.urlparse.urlparse(self.rurl1)
+ symlink_path = os.path.join(self.test_root, "repo_symlink")
+ os.symlink(urlresult.path, symlink_path)
+ symlinked_url="file://%s" % symlink_path
+
+ for file_url in [self.rurl1, symlinked_url]:
+ self.image_create(prefix="test1", repourl=self.durl1)
+ self.pkg("set-publisher -g %s test1" % file_url)
+ self.sysrepo("")
+ self._start_sysrepo()
+
+ hash = hashlib.sha1(file_url.rstrip("/")).hexdigest()
+ url = "http://localhost:%(port)s/test1/%(hash)s/" % \
+ {"port": self.sysrepo_port, "hash": hash}
+ self.pkg_image_create(prefix="test1", repourl=url)
+ self.pkg("install sample")
+ self.pkg("contents -rm sample")
+ # the sysrepo doesn't support search operations for file repos
+ self.pkg("search -r sample", exit=1)
+ self.sc.stop()
+
+if __name__ == "__main__":
+ unittest.main()
--- a/src/tests/pkg5unittest.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/pkg5unittest.py Wed Apr 27 20:30:32 2011 -0700
@@ -29,6 +29,7 @@
import errno
import gettext
import hashlib
+import httplib
import logging
import os
import pprint
@@ -40,9 +41,12 @@
import tempfile
import time
import unittest
+import urllib2
+import urlparse
import platform
import pwd
import re
+import ssl
import textwrap
EmptyI = tuple()
@@ -100,9 +104,11 @@
import pkg.client.api
import pkg.client.progress
+from pkg.client.debugvalues import DebugValues
+
# Version test suite is known to work with.
PKG_CLIENT_NAME = "pkg"
-CLIENT_API_VERSION = 56
+CLIENT_API_VERSION = 57
ELIDABLE_ERRORS = [ TestSkippedException, depotcontroller.DepotStateException ]
@@ -200,6 +206,17 @@
bogus_url = "test.invalid"
__debug_buf = ""
+ smf_cmds = { \
+ "usr/bin/svcprop" : """\
+#!/usr/bin/python
+
+import sys
+
+if __name__ == "__main__":
+ sys.exit(1)
+"""}
+
+
def __init__(self, methodName='runTest'):
super(Pkg5TestCase, self).__init__(methodName)
assert g_base_port
@@ -241,7 +258,7 @@
def cmdline_run(self, cmdline, comment="", coverage=True, exit=0,
handle=False, out=False, prefix="", raise_error=True, su_wrap=None,
- stderr=False):
+ stderr=False, env_arg=None):
wrapper = ""
if coverage:
wrapper = self.coverage_cmd
@@ -254,6 +271,8 @@
newenv = os.environ.copy()
if coverage:
newenv.update(self.coverage_env)
+ if env_arg:
+ newenv.update(env_arg)
p = subprocess.Popen(cmdline,
env=newenv,
@@ -377,6 +396,12 @@
"%s/usr/share/lib/pkg/opensolaris.org.sections" %
g_proto_area}, self.test_root, section="pkglint")
+ self.template_dir = "%s/etc/pkg/sysrepo" % g_proto_area
+ self.make_misc_files(self.smf_cmds, prefix="smf_cmds",
+ mode=0755)
+ DebugValues["smf_cmds_dir"] = \
+ os.path.join(self.test_root, "smf_cmds")
+
def impl_tearDown(self):
# impl_tearDown exists so that we can ensure that this class's
# teardown is actually called. Sometimes, subclasses will
@@ -641,7 +666,7 @@
"""Reduce runs of spaces down to a single space."""
return re.sub(" +", " ", string)
- def assertEqualDiff(self, expected, actual):
+ def assertEqualDiff(self, expected, actual, bound_white_space=False):
"""Compare two strings."""
if not isinstance(expected, basestring):
@@ -649,10 +674,14 @@
if not isinstance(actual, basestring):
actual = pprint.pformat(actual)
+ expected_lines = expected.splitlines()
+ actual_lines = actual.splitlines()
+ if bound_white_space:
+ expected_lines = ["'%s'" % l for l in expected_lines]
+ actual_lines = ["'%s'" % l for l in actual_lines]
self.assertEqual(expected, actual,
"Actual output differed from expected output.\n" +
- "\n".join(difflib.unified_diff(
- expected.splitlines(), actual.splitlines(),
+ "\n".join(difflib.unified_diff(expected_lines, actual_lines,
"Expected output", "Actual output", lineterm="")))
def configure_rcfile(self, rcfile, config, test_root, section="DEFAULT",
@@ -1411,8 +1440,8 @@
global_settings.client_args = old_val
return res
- def image_create(self, repourl, prefix="test", variants=EmptyDict,
- destroy=True):
+ def image_create(self, repourl=None, prefix=None, variants=EmptyDict,
+ destroy=True, ssl_cert=None, ssl_key=None, props=EmptyDict):
"""A convenience wrapper for callers that only need basic image
creation functionality. This wrapper creates a full (as opposed
to user) image using the pkg.client.api and returns the related
@@ -1429,14 +1458,15 @@
api_inst = pkg.client.api.image_create(PKG_CLIENT_NAME,
CLIENT_API_VERSION, self.img_path,
pkg.client.api.IMG_TYPE_ENTIRE, False, repo_uri=repourl,
- prefix=prefix, progtrack=progtrack, variants=variants)
+ prefix=prefix, progtrack=progtrack, variants=variants,
+ ssl_cert=ssl_cert, ssl_key=ssl_key, props=props)
shutil.copy("%s/usr/bin/pkg" % g_proto_area,
os.path.join(self.img_path, "pkg"))
self.image_created = True
return api_inst
- def pkg_image_create(self, repourl, prefix="test", additional_args="",
- exit=0):
+ def pkg_image_create(self, repourl=None, prefix=None,
+ additional_args="", exit=0):
"""Executes pkg(1) client to create a full (as opposed to user)
image; returns exit code of client or raises an exception if
exit code doesn't match 'exit' or equals 99.."""
@@ -1444,10 +1474,16 @@
assert self.img_path
assert self.img_path != "/"
+ if repourl and prefix is None:
+ prefix = "test"
+
self.image_destroy()
os.mkdir(self.img_path)
- cmdline = "pkg image-create -F -p %s=%s %s %s" % \
- (prefix, repourl, additional_args, self.img_path)
+ cmdline = "pkg image-create -F "
+ if repourl:
+ cmdline = "%s -p %s=%s " % (cmdline, prefix, repourl)
+ cmdline += additional_args
+ cmdline = "%s %s" % (cmdline, self.img_path)
self.debugcmd(cmdline)
p = subprocess.Popen(cmdline, shell=True,
@@ -1480,12 +1516,16 @@
shutil.rmtree(self.img_path)
def pkg(self, command, exit=0, comment="", prefix="", su_wrap=None,
- out=False, stderr=False, alt_img_path=None, use_img_root=True):
+ out=False, stderr=False, alt_img_path=None, use_img_root=True,
+ debug_smf=True):
pth = self.img_path
if alt_img_path:
pth = alt_img_path
elif not self.image_created:
pth = "%s/usr/bin" % g_proto_area
+ if debug_smf and "smf_cmds_dir" not in command:
+ command = "--debug smf_cmds_dir=%s %s" % \
+ (DebugValues["smf_cmds_dir"], command)
if use_img_root and "-R" not in command and \
"image-create" not in command and "version" not in command:
command = "-R %s %s" % (self.get_img_path(), command)
@@ -1686,6 +1726,31 @@
cmd = "%s %s" % (prog, " ".join(args))
self.cmdline_run(cmd, exit=exit)
+ def sysrepo(self, args, exit=0, out=False, stderr=False, comment="",
+ fill_missing_args=True):
+ ops = ""
+ if "-R" not in args:
+ args += " -R %s" % self.get_img_path()
+ if "-c" not in args:
+ args += " -c %s" % os.path.join(self.test_root,
+ "sysrepo_cache")
+ if "-l" not in args:
+ args += " -l %s" % os.path.join(self.test_root,
+ "sysrepo_logs")
+ if "-p" not in args and fill_missing_args:
+ args += " -p %s" % self.next_free_port
+ if "-r" not in args:
+ args += " -r %s" % os.path.join(self.test_root,
+ "sysrepo_runtime")
+ if "-t" not in args:
+ args += " -t %s" % self.template_dir
+
+ cmdline = "%s/usr/lib/pkg.sysrepo %s" % (
+ g_proto_area, args)
+ e = {"PKG5_TEST_ENV": "1"}
+ return self.cmdline_run(cmdline, comment=comment, exit=exit,
+ out=out, stderr=stderr, env_arg=e)
+
def copy_repository(self, src, dest, pub_map):
"""Copies the packages from the src repository to a new
destination repository that will be created at dest. In
@@ -2115,7 +2180,7 @@
# We pick an arbitrary base port. This could be more
# automated in the future.
repodir = os.path.join(testdir, "repo_contents%d" % i)
- self.dcs[i] = self.prep_depot(self.next_free_port + n,
+ self.dcs[i] = self.prep_depot(self.next_free_port,
repodir,
depot_logfile, debug_features=debug_features,
properties=props, start=start_depots)
@@ -2348,3 +2413,205 @@
raise
else:
raise RuntimeError("Function did not raise exception.")
+
+class SysrepoStateException(Exception):
+ pass
+
+class ApacheController(object):
+
+ def __init__(self, conf, port, work_dir, testcase=None, https=False):
+ """
+ The 'conf' parameter is a path to a httpd.conf file. The 'port'
+ parameter is a port to run on. The 'work_dir' is a temporary
+ directory to store runtime state. The 'testcase' parameter is
+ the Pkg5TestCase to use when writing output. The 'https'
+ parameter is a boolean indicating whether this instance expects
+ to be contacted via https or not.
+ """
+
+ self.apachectl = "/usr/apache2/2.2/bin/httpd"
+ if not os.path.exists(work_dir):
+ os.makedirs(work_dir)
+ self.__conf_path = os.path.join(work_dir, "sysrepo.conf")
+ self.__port = port
+ self.__repo_hdl = None
+ self.__starttime = 0
+ self.__state = None
+ self.__tc = testcase
+ prefix = "http"
+ if https:
+ prefix = "https"
+ self.__url = "%s://localhost:%d" % (prefix, self.__port)
+ portable.copyfile(conf, self.__conf_path)
+
+ def __set_conf(self, path):
+ portable.copyfile(path, self.__conf_path)
+ if self.__state == "started":
+ self.restart()
+
+ def __get_conf(self):
+ return self.__conf_path
+
+ conf = property(__get_conf, __set_conf)
+
+ def _network_ping(self):
+ try:
+ urllib2.urlopen(self.__url)
+ except urllib2.HTTPError, e:
+ if e.code == httplib.FORBIDDEN:
+ return True
+ return False
+ except urllib2.URLError, e:
+ if isinstance(e.reason, ssl.SSLError):
+ return True
+ return False
+ return True
+
+ def debug(self, msg):
+ if self.__tc:
+ self.__tc.debug(msg)
+
+ def debugresult(self, result, expected, msg):
+ if self.__tc:
+ self.__tc.debugresult(result, expected, msg)
+
+ def start(self):
+ if self._network_ping():
+ raise SysrepoStateException("A depot (or some " +
+ "other network process) seems to be " +
+ "running on port %d already!" % self.__port)
+ cmdline = ["/usr/bin/setpgrp", self.apachectl, "-f",
+ self.__conf_path, "-k", "start", "-DFOREGROUND"]
+ try:
+ self.__starttime = time.time()
+ self.debug(" ".join(cmdline))
+ self.__repo_hdl = subprocess.Popen(cmdline, shell=False,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ if self.__repo_hdl is None:
+ raise SysrepoStateException("Could not start "
+ "sysrepo")
+ begintime = time.time()
+
+ sleeptime = 0.0
+ check_interval = 0.20
+ contact = False
+ while (time.time() - begintime) <= 40.0:
+ rc = self.__repo_hdl.poll()
+ if rc is not None:
+ raise SysrepoStateException("Sysrepo "
+ "exited unexpectedly while "
+ "starting (exit code %d)" % rc)
+
+ if self.is_alive():
+ contact = True
+ break
+ time.sleep(check_interval)
+
+ if contact == False:
+ self.stop()
+ raise SysrepoStateException("Sysrepo did not "
+ "respond to repeated attempts to make "
+ "contact")
+ self.__state = "started"
+ except KeyboardInterrupt:
+ if self.__repo_hdl:
+ self.kill(now=True)
+ raise
+
+ def kill(self, now=False):
+ if not self.__repo_hdl:
+ return
+ try:
+ lifetime = time.time() - self.__starttime
+ if now == False and lifetime < 1.0:
+ time.sleep(1.0 - lifetime)
+ finally:
+ try:
+ os.kill(-1 * self.__repo_hdl.pid,
+ signal.SIGKILL)
+ except OSError:
+ pass
+ self.__repo_hdl.wait()
+ self.__state = "killed"
+
+ def stop(self):
+ if self.__state == "stopped":
+ return
+ cmdline = [self.apachectl, "-f", self.__conf_path, "-k",
+ "stop"]
+
+ try:
+ hdl = subprocess.Popen(cmdline, shell=False,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ stop_output, stop_errout = hdl.communicate()
+ stop_retcode = hdl.returncode
+
+ # retrieve output from the apache process we've just
+ # stopped
+ output, errout = self.__repo_hdl.communicate()
+ self.debug(errout)
+ self.debugresult(stop_retcode, 0, output)
+
+ if stop_errout != "":
+ self.debug(stop_errout)
+ if stop_output != "":
+ self.debug(stop_output)
+
+ ret = hdl.wait()
+ if ret != 0:
+ self.kill(now=True)
+ else:
+ self.__state = "stopped"
+ except KeyboardInterrupt:
+ self.kill(now=True)
+ raise
+
+ def restart(self):
+ self.stop()
+ self.start()
+
+ def chld_sighandler(self, signum, frame):
+ pass
+
+ def killall_sighandler(self, signum, frame):
+ print >> sys.stderr, \
+ "Ctrl-C: I'm killing depots, please wait.\n"
+ print self
+ self.signalled = True
+
+ def is_alive(self):
+ """ First, check that the depot process seems to be alive.
+ Then make a little HTTP request to see if the depot is
+ responsive to requests """
+
+ if self.__repo_hdl == None:
+ return False
+
+ status = self.__repo_hdl.poll()
+ if status != None:
+ return False
+ return self._network_ping()
+
+ @property
+ def url(self):
+ return self.__url
+
+class SysrepoController(ApacheController):
+
+ def __init__(self, conf, port, work_dir, testcase=None, https=False):
+ ApacheController.__init__(self, conf, port, work_dir,
+ testcase=None, https=False)
+ self.apachectl = "/usr/apache2/2.2/bin/64/httpd"
+
+ def _network_ping(self):
+ try:
+ urllib2.urlopen(urlparse.urljoin(self.url, "syspub/0"))
+ except urllib2.HTTPError, e:
+ if e.code == httplib.FORBIDDEN:
+ return True
+ return False
+ except urllib2.URLError:
+ return False
+ return True
--- a/src/tests/ro_data/signing_certs/generate_certs.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/generate_certs.py Wed Apr 27 20:30:32 2011 -0700
@@ -35,12 +35,14 @@
mk_file = "Makefile"
subj_str = "/C=US/ST=California/L=Menlo Park/O=pkg5/CN=%s/emailAddress=%s"
+https_subj_str = "/C=US/ST=California/L=Menlo Park/O=pkg5/OU=%s/" \
+ "CN=localhost/emailAddress=%s"
def convert_pem_to_text(tmp_pth, out_pth, kind="x509"):
"""Convert a pem file to a human friendly text file."""
assert not os.path.exists(out_pth)
-
+
cmd = ["openssl", kind, "-in", tmp_pth,
"-text"]
@@ -50,13 +52,16 @@
fh.close()
def make_ca_cert(new_loc, new_name, parent_loc, parent_name, ext="v3_ca",
- expired=False, future=False):
+ expired=False, future=False, https=False):
"""Create a new CA cert."""
+ subj_str_to_use = subj_str
+ if https:
+ subj_str_to_use = https_subj_str
cmd = ["openssl", "req", "-new", "-nodes",
"-keyout", "./keys/%s_key.pem" % new_name,
"-out", "./%s/%s.csr" % (new_loc, new_name),
- "-sha256", "-subj", subj_str % (new_name, new_name)]
+ "-sha256", "-subj", subj_str_to_use % (new_name, new_name)]
p = subprocess.Popen(cmd)
assert p.wait() == 0
@@ -86,13 +91,16 @@
def make_cs_cert(new_loc, new_name, parent_loc, parent_name, ext="v3_req",
- expired=False, future=False):
+ expired=False, future=False, https=False):
"""Create a new code signing cert."""
+ subj_str_to_use = subj_str
+ if https:
+ subj_str_to_use = https_subj_str
cmd = ["openssl", "req", "-new", "-nodes",
"-keyout", "./keys/%s_key.pem" % new_name,
"-out", "./%s/%s.csr" % (new_loc, new_name),
- "-sha256", "-subj", subj_str % (new_name, new_name)]
+ "-sha256", "-subj", subj_str_to_use % (new_name, new_name)]
p = subprocess.Popen(cmd)
assert p.wait() == 0
@@ -120,12 +128,15 @@
p = subprocess.Popen(cmd)
assert p.wait() == 0
-def make_trust_anchor(name):
+def make_trust_anchor(name, https=False):
"""Make a new trust anchor."""
+ subj_str_to_use = subj_str
+ if https:
+ subj_str_to_use = https_subj_str
cmd = ["openssl", "req", "-new", "-x509", "-nodes",
"-keyout", "./keys/%s_key.pem" % name,
- "-subj", subj_str % (name, name),
+ "-subj", subj_str_to_use % (name, name),
"-out", "./%s/%s_cert.tmp" % (name, name), "-days", "1000",
"-sha256"]
@@ -166,7 +177,7 @@
convert_pem_to_text("crl/%s_crl.tmp" % ca, "crl/%s_crl.pem" % ca,
kind="crl")
-
+
if __name__ == "__main__":
# Remove any existing output from previous runs of this program.
if os.path.isdir(output_dir):
@@ -309,5 +320,25 @@
"chain_certs", "ch1_ta5")
revoke_cert("ta5", "ch1_ta5", cert_dir="chain_certs")
+ # Make more length 2 chains for testing https repos.
+ make_trust_anchor("ta6", https=True)
+ make_cs_cert("code_signing_certs", "cs1_ta6", "trust_anchors", "ta6",
+ https=True)
+ make_trust_anchor("ta7", https=True)
+ make_cs_cert("code_signing_certs", "cs1_ta7", "trust_anchors", "ta7",
+ https=True)
+ make_trust_anchor("ta8", https=True)
+ make_cs_cert("code_signing_certs", "cs1_ta8", "trust_anchors", "ta8",
+ https=True)
+ make_trust_anchor("ta9", https=True)
+ make_cs_cert("code_signing_certs", "cs1_ta9", "trust_anchors", "ta9",
+ https=True)
+ make_trust_anchor("ta10", https=True)
+ make_cs_cert("code_signing_certs", "cs1_ta10", "trust_anchors", "ta10",
+ https=True)
+ make_trust_anchor("ta11", https=True)
+ make_cs_cert("code_signing_certs", "cs1_ta11", "trust_anchors", "ta11",
+ https=True)
+
os.remove(cnf_file)
os.chdir("../")
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/01.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/01.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,61 +5,61 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta1/emailAddress=ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:38 2011 GMT
+ Not After : Jan 5 22:37:38 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta1/emailAddress=ch1_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ac:0e:d4:ba:18:4f:d2:22:6d:1e:0e:c5:31:18:
- 76:c2:cd:70:f7:ab:97:60:94:39:69:c9:d5:98:d8:
- c9:84:a6:1c:93:92:00:e0:fd:79:d2:ee:84:95:b5:
- a1:38:3a:c0:76:61:fe:fe:be:44:9b:77:a0:bf:17:
- d1:45:91:1d:ba:a0:7b:e6:7c:5d:3b:ad:50:2c:e7:
- b9:41:08:d9:c5:ad:09:91:65:d1:72:57:42:2f:fb:
- 1d:a0:d3:60:39:8c:7f:d2:91:59:d0:9b:0b:0b:85:
- 77:7c:7a:4e:e3:de:f8:c2:1b:9d:29:19:a6:e4:7b:
- e3:08:d8:c3:ee:fd:c0:13:1b
+ 00:b1:ac:f5:20:5c:bf:44:a0:a0:ff:0b:28:02:1b:
+ 9d:dd:1f:3c:6a:f7:16:c0:8e:ec:af:a1:a4:c4:cf:
+ 26:8e:43:ca:8a:aa:05:8f:a2:10:03:32:41:d0:6e:
+ b4:52:45:47:a8:46:8b:c5:f3:cd:55:56:f5:d0:c3:
+ ec:e4:a4:63:8b:9a:87:fa:74:78:ff:2c:f7:66:77:
+ 3f:05:c3:31:d0:46:5f:b6:17:af:b5:76:9f:d8:8d:
+ 22:d3:76:ac:ad:55:6f:4c:76:2a:27:8e:e9:22:74:
+ 42:ce:db:42:b9:00:54:01:fe:18:c6:4a:96:b5:b9:
+ 88:32:6d:c5:d9:56:fc:87:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- DE:23:2E:B1:97:E8:21:FB:05:0A:EB:ED:50:A7:96:15:27:BE:77:92
+ C0:9E:26:BD:D6:FB:FB:BF:FA:CE:33:92:CA:4E:25:CF:EC:9E:BA:66
X509v3 Authority Key Identifier:
- keyid:06:D0:C0:FB:C5:79:67:F9:F9:10:92:CA:81:5B:5F:92:D8:D8:9F:A6
+ keyid:75:A9:2B:02:E8:FB:31:09:2A:F2:16:21:24:D8:B2:A5:D0:14:93:5B
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta1/emailAddress=ta1
- serial:DE:88:28:EC:1B:64:08:9C
+ serial:A1:49:EA:78:5A:F4:55:8D
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:4
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 58:36:94:f1:3b:54:9f:0d:3b:90:64:d6:b9:f4:6f:3f:60:85:
- 13:a1:80:f3:6e:2b:1a:3a:4f:9a:08:e2:d9:da:14:9f:e2:3f:
- 9b:10:75:0b:7e:c7:bc:c5:91:78:1d:8d:51:b4:7e:4a:ea:d4:
- 9f:e9:20:1e:59:8b:8f:13:30:a6:90:fd:be:18:bc:07:39:89:
- bb:66:65:4a:2a:4a:97:ae:bf:91:32:b6:4c:9d:9e:2d:5d:40:
- d7:d0:28:f9:f2:89:ee:40:0a:a7:99:d2:ac:08:8b:54:9c:8d:
- 3a:8c:94:71:76:22:f9:0d:7b:0a:96:31:f5:7d:7c:3b:17:d1:
- d9:a7
+ 94:eb:ef:96:17:47:57:5e:c2:4f:4c:67:8b:bd:d7:14:22:1e:
+ d7:09:cc:b7:b2:f2:cf:df:51:e3:a6:ea:5a:7b:3a:5f:47:b1:
+ db:37:91:a3:ae:75:d2:d0:9e:9c:49:fc:ec:1f:2e:9b:b4:96:
+ 43:60:c8:99:a7:a8:fb:93:c1:68:2e:c8:09:42:23:0c:8a:25:
+ 08:67:e9:0e:6a:44:e9:18:08:d0:a0:ce:60:6c:d3:e8:c1:ec:
+ 2d:f0:db:47:04:36:f3:27:86:69:c5:10:06:3b:93:65:ea:19:
+ e4:6d:cd:fb:8a:ee:21:58:de:f3:17:7a:ee:ce:80:06:cc:1f:
+ 48:dd
-----BEGIN CERTIFICATE-----
MIIDMjCCApugAwIBAgIBATANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGExMRIwEAYJKoZIhvcNAQkBFgN0YTEwHhcNMTEw
-MzIxMDA0OTIzWhcNMTMxMjE1MDA0OTIzWjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzM4WhcNMTQwMTA1MjIzNzM4WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTEQMA4GA1UEAxQHY2gxX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gxX3RhMTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArA7UuhhP0iJtHg7FMRh2ws1w96uXYJQ5
-acnVmNjJhKYck5IA4P150u6ElbWhODrAdmH+/r5Em3egvxfRRZEduqB75nxdO61Q
-LOe5QQjZxa0JkWXRcldCL/sdoNNgOYx/0pFZ0JsLC4V3fHpO4974whudKRmm5Hvj
-CNjD7v3AExsCAwEAAaOB4zCB4DAdBgNVHQ4EFgQU3iMusZfoIfsFCuvtUKeWFSe+
-d5IwgZoGA1UdIwSBkjCBj4AUBtDA+8V5Z/n5EJLKgVtfktjYn6ahbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsaz1IFy/RKCg/wsoAhud3R88avcWwI7s
+r6GkxM8mjkPKiqoFj6IQAzJB0G60UkVHqEaLxfPNVVb10MPs5KRji5qH+nR4/yz3
+Znc/BcMx0EZfthevtXaf2I0i03asrVVvTHYqJ47pInRCzttCuQBUAf4YxkqWtbmI
+Mm3F2Vb8h5UCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUwJ4mvdb7+7/6zjOSyk4lz+ye
+umYwgZoGA1UdIwSBkjCBj4AUdakrAuj7MQkq8hYhJNiypdAUk1uhbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTExEjAQBgkqhkiG9w0BCQEW
-A3RhMYIJAN6IKOwbZAicMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0PAQH/BAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4GBAFg2lPE7VJ8NO5Bk1rn0bz9ghROhgPNuKxo6
-T5oI4tnaFJ/iP5sQdQt+x7zFkXgdjVG0fkrq1J/pIB5Zi48TMKaQ/b4YvAc5ibtm
-ZUoqSpeuv5Eytkydni1dQNfQKPnyie5ACqeZ0qwIi1ScjTqMlHF2IvkNewqWMfV9
-fDsX0dmn
+A3RhMYIJAKFJ6nha9FWNMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBCwUAA4GBAJTr75YXR1dewk9MZ4u91xQiHtcJzLey8s/f
+UeOm6lp7Ol9Hsds3kaOuddLQnpxJ/OwfLpu0lkNgyJmnqPuTwWguyAlCIwyKJQhn
+6Q5qROkYCNCgzmBs0+jB7C3w20cENvMnhmnFEAY7k2XqGeRtzfuK7iFY3vMXeu7O
+gAbMH0jd
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/02.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/02.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta1/emailAddress=ch1_ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:39 2011 GMT
+ Not After : Jan 5 22:37:39 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch2_ta1/emailAddress=ch2_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b2:2e:64:17:3d:dd:32:ab:60:b1:07:9e:8d:da:
- 3c:50:91:b7:d2:c0:b2:bc:af:74:3b:c1:4e:6c:f3:
- d0:98:91:32:34:fb:dd:48:04:3a:86:9f:e7:31:2e:
- 19:b3:49:59:0b:20:19:b1:bb:52:91:45:57:ba:36:
- 49:62:82:61:3b:8d:63:11:c8:a6:fa:9a:20:b8:34:
- 4e:0e:4d:31:73:6b:ea:5e:d9:2d:fb:b5:f9:04:7c:
- f9:9d:b0:0d:4f:74:2b:35:b1:4d:63:5d:11:48:7e:
- 72:cd:f4:07:35:5f:e7:59:5e:16:e2:99:3a:b4:7f:
- 4a:cc:bc:86:53:bd:55:bc:57
+ 00:f4:24:ed:3d:fe:70:c8:51:b6:8d:26:78:90:6a:
+ 77:ff:de:7d:58:1f:00:fe:63:b0:88:de:46:18:d2:
+ 16:84:af:65:a1:9a:97:b1:38:14:6b:e7:98:c1:79:
+ 6f:0a:db:b2:92:6e:d6:7e:cd:cb:55:39:a0:27:e9:
+ 06:c8:45:19:2c:16:c3:4f:f5:af:cd:f6:14:cb:85:
+ 59:5c:1b:83:dc:f6:b6:4d:30:06:28:66:f6:2b:19:
+ 03:3f:00:de:09:77:50:a2:98:b1:73:3d:d5:79:f0:
+ 7e:79:2b:8e:76:96:c9:43:cf:44:9a:15:2e:09:00:
+ 47:a6:5a:f0:35:8b:88:b7:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 79:04:42:77:11:18:EC:24:43:48:52:11:99:DE:86:84:23:B1:50:77
+ C2:62:F6:27:E6:91:FB:98:5F:55:6E:11:EE:6E:E0:04:76:A0:E7:01
X509v3 Authority Key Identifier:
- keyid:DE:23:2E:B1:97:E8:21:FB:05:0A:EB:ED:50:A7:96:15:27:BE:77:92
+ keyid:C0:9E:26:BD:D6:FB:FB:BF:FA:CE:33:92:CA:4E:25:CF:EC:9E:BA:66
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta1/emailAddress=ta1
serial:01
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 24:59:ab:c0:7d:fe:62:1b:1a:98:45:78:80:ef:a3:0e:6a:cd:
- f9:ed:8a:4f:9b:18:59:ad:2b:d5:3d:db:7d:3f:ab:c3:4a:c7:
- 33:95:33:43:4b:16:44:50:1a:6e:38:ad:7b:8f:f9:06:f4:72:
- 7b:15:75:59:0d:db:11:a7:86:b4:e9:de:28:c9:39:d0:d7:25:
- 46:51:26:16:bd:15:70:d1:b2:87:e2:2c:48:aa:28:96:0a:f8:
- 4e:d4:44:99:66:62:04:6d:8d:2c:0f:f0:08:8d:d2:5c:fa:4e:
- 62:1a:25:f1:5c:ef:44:56:83:35:a7:e3:a9:ca:c0:18:90:18:
- 54:42
+ a0:f7:c7:f9:6b:cf:6e:6c:36:74:b2:47:8d:76:04:74:88:de:
+ 3b:cb:2d:e7:6c:fd:78:43:0f:29:9c:ba:92:97:dd:62:89:88:
+ 31:c7:9b:b2:46:42:4a:e0:c1:3f:a8:5f:63:86:d1:75:d9:47:
+ 46:d1:d3:87:dc:3e:7a:22:ce:8c:05:51:95:19:c5:2b:83:0f:
+ 02:4c:54:a6:e8:a9:c9:79:bd:0b:f0:e7:4d:31:77:e6:07:ea:
+ 1d:b1:35:48:30:15:28:c2:2d:36:42:fd:e9:11:85:7f:b0:9f:
+ 7b:9a:b6:0e:1d:94:02:3a:3b:c1:b8:bd:c8:c9:8d:c6:b6:9a:
+ 11:17
-----BEGIN CERTIFICATE-----
MIIDMjCCApugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MTAeFw0xMTAzMjEwMDQ5MjNaFw0xMzEyMTUwMDQ5MjNaMHAxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3MzlaFw0xNDAxMDUyMjM3MzlaMHAxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRAwDgYDVQQDFAdjaDJfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDJf
-dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyLmQXPd0yq2CxB56N2jxQ
-kbfSwLK8r3Q7wU5s89CYkTI0+91IBDqGn+cxLhmzSVkLIBmxu1KRRVe6NkligmE7
-jWMRyKb6miC4NE4OTTFza+pe2S37tfkEfPmdsA1PdCs1sU1jXRFIfnLN9Ac1X+dZ
-XhbimTq0f0rMvIZTvVW8VwIDAQABo4HbMIHYMB0GA1UdDgQWBBR5BEJ3ERjsJENI
-UhGZ3oaEI7FQdzCBkgYDVR0jBIGKMIGHgBTeIy6xl+gh+wUK6+1Qp5YVJ753kqFs
+dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0JO09/nDIUbaNJniQanf/
+3n1YHwD+Y7CI3kYY0haEr2WhmpexOBRr55jBeW8K27KSbtZ+zctVOaAn6QbIRRks
+FsNP9a/N9hTLhVlcG4Pc9rZNMAYoZvYrGQM/AN4Jd1CimLFzPdV58H55K452lslD
+z0SaFS4JAEemWvA1i4i3YQIDAQABo4HbMIHYMB0GA1UdDgQWBBTCYvYn5pH7mF9V
+bhHubuAEdqDnATCBkgYDVR0jBIGKMIGHgBTAnia91vv7v/rOM5LKTiXP7J66ZqFs
pGowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcT
Ck1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAMTA3RhMTESMBAGCSqG
SIb3DQEJARYDdGExggEBMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4GBACRZq8B9/mIbGphFeIDvow5qzfntik+bGFmt
-K9U9230/q8NKxzOVM0NLFkRQGm44rXuP+Qb0cnsVdVkN2xGnhrTp3ijJOdDXJUZR
-Jha9FXDRsofiLEiqKJYK+E7URJlmYgRtjSwP8AiN0lz6TmIaJfFc70RWgzWn46nK
-wBiQGFRC
+AgEGMA0GCSqGSIb3DQEBCwUAA4GBAKD3x/lrz25sNnSyR412BHSI3jvLLeds/XhD
+DymcupKX3WKJiDHHm7JGQkrgwT+oX2OG0XXZR0bR04fcPnoizowFUZUZxSuDDwJM
+VKboqcl5vQvw500xd+YH6h2xNUgwFSjCLTZC/ekRhX+wn3uatg4dlAI6O8G4vcjJ
+jca2mhEX
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/03.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/03.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch2_ta1/emailAddress=ch2_ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:39 2011 GMT
+ Not After : Jan 5 22:37:39 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ab:d1:d5:d2:6a:72:f2:b9:20:07:53:98:e6:14:
- fc:de:66:e7:0e:1d:ab:35:c7:f5:80:5c:fb:e7:03:
- 4a:97:15:b7:da:3a:18:5f:50:39:1c:9a:aa:ad:f8:
- 64:d3:76:a1:c7:e2:f8:56:c9:1d:af:3f:bb:d0:98:
- f4:2c:c3:1c:ea:e3:18:f2:60:35:6e:3b:99:67:35:
- 27:cb:64:7e:3c:1c:cb:64:d3:bc:60:f1:8a:37:47:
- 9c:02:6e:7c:e3:d3:38:1a:f0:3d:93:31:83:57:ae:
- 36:17:b4:20:e8:44:72:7f:d4:65:25:a5:42:b3:02:
- 55:69:18:9b:fa:5f:7f:62:f3
+ 00:ec:46:7e:e1:35:25:1c:92:37:51:fb:99:13:70:
+ e7:89:d6:3e:3b:28:59:98:96:e2:81:87:3f:99:85:
+ 5d:06:0a:d0:df:04:3e:fe:8a:00:f5:aa:91:93:a9:
+ 48:5c:59:b9:cb:f2:94:dd:fe:71:11:af:9c:7e:71:
+ ce:96:21:cc:fd:27:e9:7e:82:2b:84:d5:73:3a:89:
+ c0:09:2b:aa:16:d6:5f:7a:ac:81:d1:9b:18:4d:85:
+ 1e:33:2f:86:a8:c3:7a:2d:68:24:30:1d:7f:db:c5:
+ 30:0c:bf:d9:72:04:98:9d:ff:2f:cf:94:e7:2e:88:
+ b2:47:fd:ee:c1:d2:e0:e9:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 9D:49:C0:40:BE:F9:2D:9D:38:CF:BB:7C:6C:33:70:E3:13:2C:F9:05
+ D0:F9:37:92:54:28:C0:40:AE:62:94:51:42:6A:7C:8E:37:5F:AC:A8
X509v3 Authority Key Identifier:
- keyid:79:04:42:77:11:18:EC:24:43:48:52:11:99:DE:86:84:23:B1:50:77
+ keyid:C2:62:F6:27:E6:91:FB:98:5F:55:6E:11:EE:6E:E0:04:76:A0:E7:01
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta1/emailAddress=ch1_ta1
serial:02
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 41:ff:9f:2c:11:ef:c9:51:0d:5a:68:82:16:89:b4:ab:7e:91:
- 0e:ef:c9:86:d7:d9:47:8d:63:9a:a4:66:2e:d4:bc:58:c0:6a:
- 23:e3:8e:ab:0b:44:c0:19:20:eb:96:bc:d2:39:b4:60:3f:3f:
- 7c:d7:6d:39:09:ff:fb:bd:9f:35:de:54:64:85:fc:ee:86:91:
- aa:95:11:a4:38:c5:28:71:ae:a8:4b:d7:b2:8f:24:59:da:57:
- 92:31:ae:34:b3:21:cc:32:02:3c:b5:00:64:c4:1e:be:0d:af:
- bd:e7:a6:3d:6f:77:84:62:04:21:cf:26:6b:8f:c5:1c:0b:4c:
- 5c:dd
+ 3e:60:a3:23:dc:e2:bc:b9:60:14:1b:e5:dd:af:bd:f2:8b:cb:
+ f1:55:8a:03:e1:ee:82:f2:d2:7b:3d:0d:4a:56:f5:61:80:97:
+ 27:90:c0:05:e4:e9:18:e8:29:97:eb:aa:6b:d2:4a:0c:b8:c0:
+ f3:cf:a5:4f:95:dd:46:03:96:eb:29:e4:bb:22:fe:5b:34:da:
+ 02:8c:36:12:b6:9c:3e:a4:e4:d7:33:a3:ac:d8:45:65:75:37:
+ 68:55:63:eb:d8:d1:6f:28:66:fc:ac:ad:15:08:67:41:41:32:
+ 3f:ed:60:fc:01:e1:b9:88:24:95:1e:9c:ee:69:3b:d2:91:f8:
+ ef:81
-----BEGIN CERTIFICATE-----
MIIDOjCCAqOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gyX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gyX3Rh
-MTAeFw0xMTAzMjEwMDQ5MjNaFw0xMzEyMTUwMDQ5MjNaMHAxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3MzlaFw0xNDAxMDUyMjM3MzlaMHAxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRAwDgYDVQQDFAdjaDNfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDNf
-dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr0dXSanLyuSAHU5jmFPze
-ZucOHas1x/WAXPvnA0qXFbfaOhhfUDkcmqqt+GTTdqHH4vhWyR2vP7vQmPQswxzq
-4xjyYDVuO5lnNSfLZH48HMtk07xg8Yo3R5wCbnzj0zga8D2TMYNXrjYXtCDoRHJ/
-1GUlpUKzAlVpGJv6X39i8wIDAQABo4HjMIHgMB0GA1UdDgQWBBSdScBAvvktnTjP
-u3xsM3DjEyz5BTCBmgYDVR0jBIGSMIGPgBR5BEJ3ERjsJENIUhGZ3oaEI7FQd6F0
+dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDsRn7hNSUckjdR+5kTcOeJ
+1j47KFmYluKBhz+ZhV0GCtDfBD7+igD1qpGTqUhcWbnL8pTd/nERr5x+cc6WIcz9
+J+l+giuE1XM6icAJK6oW1l96rIHRmxhNhR4zL4aow3otaCQwHX/bxTAMv9lyBJid
+/y/PlOcuiLJH/e7B0uDpOQIDAQABo4HjMIHgMB0GA1UdDgQWBBTQ+TeSVCjAQK5i
+lFFCanyON1+sqDCBmgYDVR0jBIGSMIGPgBTCYvYn5pH7mF9VbhHubuAEdqDnAaF0
pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcT
Ck1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxEDAOBgNVBAMUB2NoMV90YTExFjAU
BgkqhkiG9w0BCQEWB2NoMV90YTGCAQIwEgYDVR0TAQH/BAgwBgEB/wIBAjAOBgNV
-HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAQf+fLBHvyVENWmiCFom0q36R
-Du/JhtfZR41jmqRmLtS8WMBqI+OOqwtEwBkg65a80jm0YD8/fNdtOQn/+72fNd5U
-ZIX87oaRqpURpDjFKHGuqEvXso8kWdpXkjGuNLMhzDICPLUAZMQevg2vveemPW93
-hGIEIc8ma4/FHAtMXN0=
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAPmCjI9zivLlgFBvl3a+98ovL
+8VWKA+HugvLSez0NSlb1YYCXJ5DABeTpGOgpl+uqa9JKDLjA88+lT5XdRgOW6ynk
+uyL+WzTaAow2EracPqTk1zOjrNhFZXU3aFVj69jRbyhm/KytFQhnQUEyP+1g/AHh
+uYgklR6c7mk70pH474E=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/04.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/04.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:39 2011 GMT
+ Not After : Jan 5 22:37:39 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bc:b0:1a:27:f4:c4:84:a7:3e:96:d8:95:a1:35:
- 16:b8:82:cc:de:c1:b5:3e:66:0d:0e:cd:3f:5f:38:
- f1:aa:ae:0b:63:56:87:52:e5:b0:b0:6e:6b:fb:47:
- 97:03:db:50:04:25:d8:f9:75:9b:81:4f:d9:99:bd:
- 53:47:0a:97:7c:d4:02:40:b8:92:5d:77:d2:2d:64:
- 88:f7:a9:dc:c2:ba:96:f0:74:fa:61:53:9e:a6:84:
- 97:ed:97:49:08:36:29:d5:2c:f4:05:d3:81:e2:f8:
- 7f:f0:05:96:05:29:b0:2f:29:66:6d:32:3d:1e:b7:
- 79:b5:67:e7:34:4b:00:79:47
+ 00:f5:af:af:99:95:f3:52:3b:eb:be:62:e6:eb:9f:
+ c5:f8:ff:8f:0c:d2:e3:c7:06:b1:45:ca:ff:8c:fc:
+ 3d:bc:f4:6d:e3:f9:ac:12:69:d5:a1:6f:02:52:ad:
+ 50:34:7e:cc:a7:ee:82:04:b3:5b:e6:be:cc:44:e6:
+ b8:d2:fc:1d:2a:80:d8:0c:c1:3c:4f:95:31:68:8a:
+ fb:2b:e2:aa:b2:54:7c:3a:d3:86:6d:5f:20:b6:29:
+ 23:ae:74:09:fd:9a:d3:45:e2:e3:2a:62:1f:91:fd:
+ a2:b1:2f:26:68:fb:4d:69:fb:66:1f:0b:4b:1a:52:
+ ac:e1:8b:69:b1:16:96:89:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 52:80:D6:40:50:47:FD:82:5A:83:A4:24:CE:3E:DC:C7:E1:6F:56:00
+ B2:A1:C2:1D:B7:20:56:20:8C:64:DA:BA:06:C6:5A:E4:0A:23:6E:01
X509v3 Authority Key Identifier:
- keyid:9D:49:C0:40:BE:F9:2D:9D:38:CF:BB:7C:6C:33:70:E3:13:2C:F9:05
+ keyid:D0:F9:37:92:54:28:C0:40:AE:62:94:51:42:6A:7C:8E:37:5F:AC:A8
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch2_ta1/emailAddress=ch2_ta1
serial:03
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 65:cf:99:2f:0c:5c:87:4b:5c:8e:19:82:57:a8:a2:f9:51:a0:
- 89:24:0b:6e:ca:8b:68:4c:1f:28:ee:8d:95:44:9d:23:52:76:
- 6d:90:cb:7f:ab:0a:46:87:0c:69:94:41:4b:2e:04:ef:e9:72:
- f4:17:ab:6f:86:76:dd:19:e3:65:cb:df:31:e5:2b:10:fb:04:
- 6e:b8:60:e4:59:98:09:2b:13:31:2f:8d:c6:28:24:1f:39:ae:
- 2e:39:8c:8f:8f:d1:0c:6b:cd:be:db:16:c9:8d:aa:f0:94:c5:
- da:cd:85:08:fc:02:2b:f2:6e:e4:d6:9a:ef:55:0c:c2:d0:ba:
- c0:27
+ d5:54:78:2a:2c:5f:82:26:03:07:71:54:04:2d:81:e5:dd:a6:
+ b1:92:8a:37:5f:52:f0:13:cd:35:4a:2b:a7:24:9c:44:7b:ac:
+ 1d:3c:52:82:e4:15:85:a9:d4:19:4d:55:c6:85:74:ac:2a:6c:
+ 42:9f:92:d9:86:02:d8:90:a8:53:28:31:e1:e2:33:1b:d5:05:
+ c3:f7:94:86:10:5d:78:62:96:a7:d1:e3:b4:be:0e:e6:8c:03:
+ ef:4c:03:96:4e:6d:9a:b2:32:55:46:20:cf:41:d1:4f:db:c6:
+ 57:34:df:51:d4:b9:9d:bf:d1:20:a5:e6:a0:34:ef:ab:e8:e9:
+ 93:ce
-----BEGIN CERTIFICATE-----
MIIDOjCCAqOgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gzX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gzX3Rh
-MTAeFw0xMTAzMjEwMDQ5MjNaFw0xMzEyMTUwMDQ5MjNaMHAxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3MzlaFw0xNDAxMDUyMjM3MzlaMHAxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRAwDgYDVQQDFAdjaDRfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDRf
-dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8sBon9MSEpz6W2JWhNRa4
-gszewbU+Zg0OzT9fOPGqrgtjVodS5bCwbmv7R5cD21AEJdj5dZuBT9mZvVNHCpd8
-1AJAuJJdd9ItZIj3qdzCupbwdPphU56mhJftl0kINinVLPQF04Hi+H/wBZYFKbAv
-KWZtMj0et3m1Z+c0SwB5RwIDAQABo4HjMIHgMB0GA1UdDgQWBBRSgNZAUEf9glqD
-pCTOPtzH4W9WADCBmgYDVR0jBIGSMIGPgBSdScBAvvktnTjPu3xsM3DjEyz5BaF0
+dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD1r6+ZlfNSO+u+Yubrn8X4
+/48M0uPHBrFFyv+M/D289G3j+awSadWhbwJSrVA0fsyn7oIEs1vmvsxE5rjS/B0q
+gNgMwTxPlTFoivsr4qqyVHw604ZtXyC2KSOudAn9mtNF4uMqYh+R/aKxLyZo+01p
++2YfC0saUqzhi2mxFpaJEwIDAQABo4HjMIHgMB0GA1UdDgQWBBSyocIdtyBWIIxk
+2roGxlrkCiNuATCBmgYDVR0jBIGSMIGPgBTQ+TeSVCjAQK5ilFFCanyON1+sqKF0
pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcT
Ck1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxEDAOBgNVBAMUB2NoMl90YTExFjAU
BgkqhkiG9w0BCQEWB2NoMl90YTGCAQMwEgYDVR0TAQH/BAgwBgEB/wIBATAOBgNV
-HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAZc+ZLwxch0tcjhmCV6ii+VGg
-iSQLbsqLaEwfKO6NlUSdI1J2bZDLf6sKRocMaZRBSy4E7+ly9Berb4Z23RnjZcvf
-MeUrEPsEbrhg5FmYCSsTMS+NxigkHzmuLjmMj4/RDGvNvtsWyY2q8JTF2s2FCPwC
-K/Ju5Naa71UMwtC6wCc=
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEA1VR4KixfgiYDB3FUBC2B5d2m
+sZKKN19S8BPNNUorpyScRHusHTxSguQVhanUGU1VxoV0rCpsQp+S2YYC2JCoUygx
+4eIzG9UFw/eUhhBdeGKWp9HjtL4O5owD70wDlk5tmrIyVUYgz0HRT9vGVzTfUdS5
+nb/RIKXmoDTvq+jpk84=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/05.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/05.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:39 2011 GMT
+ Not After : Jan 5 22:37:39 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5_ta1/emailAddress=ch5_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d3:82:fa:b8:50:8a:e0:df:3b:22:76:0f:c1:a2:
- 7b:fa:c3:09:fc:49:9f:ac:e3:9e:f1:60:66:8f:04:
- ec:80:fd:1b:5c:a0:b1:3c:14:e0:79:d6:f9:49:d1:
- 69:21:af:c6:37:7b:f0:e1:29:9e:a5:85:45:ec:e0:
- 2b:5b:79:4b:39:28:0a:ab:5a:38:46:48:4e:c2:95:
- b0:ff:77:50:b0:32:25:95:11:c6:52:ff:27:d0:e6:
- 83:5a:3e:6a:58:11:66:ba:84:ac:7a:d3:db:b4:75:
- fa:41:ea:ad:af:13:5b:12:b4:c3:3b:46:38:13:5d:
- 53:b2:59:33:fc:76:5e:e9:d7
+ 00:c3:8d:d0:ab:25:75:ba:f5:20:df:7c:8a:d4:cd:
+ 40:f6:c3:ca:25:11:b5:30:d6:27:fa:e4:a0:11:d6:
+ aa:32:7d:c8:15:9d:d7:6f:7f:ae:80:de:28:c3:ae:
+ 77:a8:7f:f1:05:e9:6b:bc:63:a9:a6:91:04:3b:79:
+ 6b:96:f2:e0:9a:17:79:d3:04:0a:5f:46:09:b5:6f:
+ 3e:a9:f4:34:47:62:18:f4:28:f7:d9:09:cd:4f:8a:
+ 33:df:9b:69:9b:61:ce:72:c7:35:ed:61:a0:5b:0c:
+ c1:61:00:0a:ac:83:9a:6a:3c:6d:30:96:eb:77:8c:
+ 28:3f:fc:62:8a:fa:60:8e:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- ED:B5:69:19:79:F6:9F:B1:40:1F:75:72:AD:B9:B6:7B:EF:65:4A:E9
+ 69:C7:BA:72:9C:7F:C3:92:8D:F6:A6:D0:20:48:5A:8E:A7:B6:E7:82
X509v3 Authority Key Identifier:
- keyid:52:80:D6:40:50:47:FD:82:5A:83:A4:24:CE:3E:DC:C7:E1:6F:56:00
+ keyid:B2:A1:C2:1D:B7:20:56:20:8C:64:DA:BA:06:C6:5A:E4:0A:23:6E:01
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
serial:04
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 13:d3:94:3b:b2:b5:f4:74:4d:09:85:d8:53:0a:c9:b5:54:ab:
- 83:3b:55:9c:a6:28:33:35:fb:ba:1b:86:4c:19:39:35:f4:91:
- 4c:9b:78:1e:30:73:58:41:da:b9:5b:7f:54:b1:39:5d:47:56:
- d8:cc:3a:4b:7a:1c:32:32:b8:9b:90:be:a3:f6:04:87:ea:4c:
- 81:95:0a:aa:09:03:86:db:d8:61:4f:4b:ea:40:ac:09:eb:7b:
- 8a:39:07:4d:6a:54:b5:fc:9b:72:52:79:9a:a5:89:01:0d:00:
- aa:6c:ab:7a:4e:1b:d8:63:c4:a2:dc:7c:51:df:7c:1c:36:ad:
- a6:ec
+ e7:9a:14:6b:dc:a5:fa:da:15:2a:f0:b5:87:ef:82:df:2c:b1:
+ 8b:f9:f6:a5:a0:e6:d2:86:da:46:69:68:6f:68:26:5c:79:73:
+ 21:31:ea:b4:a7:e6:58:c9:12:cd:8c:c0:d0:e2:05:f0:6f:1d:
+ 56:e5:3f:4a:32:eb:02:39:b6:6e:cb:c4:e1:d5:21:0f:63:1e:
+ 4f:0b:3d:af:ca:5a:7b:2b:9c:7f:51:44:7a:39:73:e5:f2:ba:
+ 48:85:20:f9:36:b5:c2:14:44:da:7d:ae:83:2e:b4:d8:f1:77:
+ 19:97:c0:c7:8b:e7:62:81:93:75:ed:93:dd:19:4b:36:00:ba:
+ c6:2d
-----BEGIN CERTIFICATE-----
MIIDOjCCAqOgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2g0X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g0X3Rh
-MTAeFw0xMTAzMjEwMDQ5MjNaFw0xMzEyMTUwMDQ5MjNaMHAxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3MzlaFw0xNDAxMDUyMjM3MzlaMHAxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRAwDgYDVQQDFAdjaDVfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDVf
-dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTgvq4UIrg3zsidg/Bonv6
-wwn8SZ+s457xYGaPBOyA/RtcoLE8FOB51vlJ0Wkhr8Y3e/DhKZ6lhUXs4CtbeUs5
-KAqrWjhGSE7ClbD/d1CwMiWVEcZS/yfQ5oNaPmpYEWa6hKx609u0dfpB6q2vE1sS
-tMM7RjgTXVOyWTP8dl7p1wIDAQABo4HjMIHgMB0GA1UdDgQWBBTttWkZefafsUAf
-dXKtubZ772VK6TCBmgYDVR0jBIGSMIGPgBRSgNZAUEf9glqDpCTOPtzH4W9WAKF0
+dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDjdCrJXW69SDffIrUzUD2
+w8olEbUw1if65KAR1qoyfcgVnddvf66A3ijDrneof/EF6Wu8Y6mmkQQ7eWuW8uCa
+F3nTBApfRgm1bz6p9DRHYhj0KPfZCc1PijPfm2mbYc5yxzXtYaBbDMFhAAqsg5pq
+PG0wlut3jCg//GKK+mCOFwIDAQABo4HjMIHgMB0GA1UdDgQWBBRpx7pynH/Dko32
+ptAgSFqOp7bngjCBmgYDVR0jBIGSMIGPgBSyocIdtyBWIIxk2roGxlrkCiNuAaF0
pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcT
Ck1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxEDAOBgNVBAMUB2NoM190YTExFjAU
BgkqhkiG9w0BCQEWB2NoM190YTGCAQQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV
-HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAE9OUO7K19HRNCYXYUwrJtVSr
-gztVnKYoMzX7uhuGTBk5NfSRTJt4HjBzWEHauVt/VLE5XUdW2Mw6S3ocMjK4m5C+
-o/YEh+pMgZUKqgkDhtvYYU9L6kCsCet7ijkHTWpUtfybclJ5mqWJAQ0Aqmyrek4b
-2GPEotx8Ud98HDatpuw=
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEA55oUa9yl+toVKvC1h++C3yyx
+i/n2paDm0obaRmlob2gmXHlzITHqtKfmWMkSzYzA0OIF8G8dVuU/SjLrAjm2bsvE
+4dUhD2MeTws9r8paeyucf1FEejlz5fK6SIUg+Ta1whRE2n2ugy602PF3GZfAx4vn
+YoGTde2T3RlLNgC6xi0=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/08.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/08.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
Validity
- Not Before: Mar 21 00:49:24 2011 GMT
- Not After : Dec 15 00:49:24 2013 GMT
+ Not Before: Apr 11 22:37:40 2011 GMT
+ Not After : Jan 5 22:37:40 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.1_ta1/emailAddress=ch5.1_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d7:b9:78:e1:ad:bd:98:ac:da:90:68:26:db:d7:
- ed:5b:e4:0f:d7:ef:c1:4d:84:20:4b:7c:ef:27:50:
- 4b:ab:e0:61:10:10:ae:6b:d6:ed:96:b3:04:18:b2:
- 4d:30:b8:23:97:24:a9:92:6a:19:95:fc:bc:7a:70:
- ab:65:55:26:4a:62:dd:09:df:9b:03:e1:38:f8:ba:
- ac:2d:26:f3:76:84:c9:5d:f8:21:a0:57:d0:6c:ad:
- 2e:60:cc:af:15:03:8f:e5:e0:e2:86:df:ed:07:a5:
- 4a:35:fe:65:78:94:5f:07:bd:d0:f7:7a:28:8e:5d:
- 98:21:7b:c5:6d:fe:43:5c:57
+ 00:cc:de:54:ed:78:31:c0:7c:e4:25:98:a3:0d:fa:
+ 77:08:f3:39:c4:9f:88:41:ee:00:a3:35:ed:b6:f0:
+ cc:a3:fd:0f:ce:3c:70:b5:aa:1e:42:4e:5c:ae:d8:
+ cb:99:53:ef:1e:49:f9:4c:5f:47:be:d0:e6:e2:f1:
+ 12:29:d5:77:75:88:79:4c:3b:64:05:ba:08:5d:dc:
+ ed:1f:7f:15:92:69:ec:b9:c9:84:f0:7d:3f:db:66:
+ 34:a5:35:8c:22:9b:5f:4b:19:83:15:35:49:7c:4b:
+ 77:35:2c:c4:58:34:15:f1:66:99:ce:65:d3:06:b7:
+ d2:35:d7:96:39:ee:d8:08:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,27 +29,27 @@
<EMPTY>
Signature Algorithm: sha256WithRSAEncryption
- 57:9c:5a:4b:ab:37:f1:61:c6:ab:27:91:f0:8b:68:aa:8d:81:
- 0b:6f:4c:ae:9b:05:91:e6:f3:1a:91:6f:8a:e8:5c:a4:9e:dd:
- a9:aa:2f:2a:85:e9:77:6d:d4:04:d5:07:e4:ad:3d:db:90:8f:
- 08:99:ca:c2:4c:c5:8c:c9:6b:01:e8:98:2f:6e:ad:17:46:59:
- 15:3a:72:ee:16:30:3e:14:82:6a:7f:ea:89:ce:b8:9d:00:14:
- af:c7:bf:06:54:04:c5:3c:ab:f6:96:48:1a:a5:60:b5:3d:94:
- 41:91:24:8a:98:bb:8d:ea:be:f3:4b:2d:fc:8d:de:06:48:9e:
- 35:55
+ 22:ec:49:fd:44:5e:9a:b1:55:f7:29:4c:cf:66:ff:1f:ce:d7:
+ e6:31:ae:b5:f3:3b:c9:d8:e4:d4:4a:59:ff:db:9a:88:23:28:
+ 14:62:78:03:b8:36:d8:32:56:c6:d2:09:0f:e4:33:ea:02:7f:
+ 24:02:fc:4c:58:5c:e7:3a:4c:b6:69:55:bc:5e:c8:3e:c2:97:
+ 66:82:74:6a:1c:1e:ae:ae:3d:35:f5:6e:a3:a5:9b:9d:23:d5:
+ da:de:e2:47:ee:ea:78:8a:36:19:73:f5:7f:38:bd:0e:bb:56:
+ 3c:c8:21:0e:5a:57:a0:cf:08:50:e6:80:ef:3e:e5:ed:64:69:
+ d6:6d
-----BEGIN CERTIFICATE-----
MIICezCCAeSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2g0X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g0X3Rh
-MTAeFw0xMTAzMjEwMDQ5MjRaFw0xMzEyMTUwMDQ5MjRaMHQxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3NDBaFw0xNDAxMDUyMjM3NDBaMHQxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRIwEAYDVQQDFAljaDUuMV90YTExGDAWBgkqhkiG9w0BCQEWCWNo
-NS4xX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA17l44a29mKzakGgm
-29ftW+QP1+/BTYQgS3zvJ1BLq+BhEBCua9btlrMEGLJNMLgjlySpkmoZlfy8enCr
-ZVUmSmLdCd+bA+E4+LqsLSbzdoTJXfghoFfQbK0uYMyvFQOP5eDiht/tB6VKNf5l
-eJRfB73Q93oojl2YIXvFbf5DXFcCAwEAAaMhMB8wDwYDVR0TAQH/BAUwAwEB/zAM
-BgNVHRIBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4GBAFecWkurN/FhxqsnkfCLaKqN
-gQtvTK6bBZHm8xqRb4roXKSe3amqLyqF6Xdt1ATVB+StPduQjwiZysJMxYzJawHo
-mC9urRdGWRU6cu4WMD4Ugmp/6onOuJ0AFK/HvwZUBMU8q/aWSBqlYLU9lEGRJIqY
-u43qvvNLLfyN3gZInjVV
+NS4xX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzN5U7XgxwHzkJZij
+Dfp3CPM5xJ+IQe4AozXttvDMo/0PzjxwtaoeQk5crtjLmVPvHkn5TF9HvtDm4vES
+KdV3dYh5TDtkBboIXdztH38VkmnsucmE8H0/22Y0pTWMIptfSxmDFTVJfEt3NSzE
+WDQV8WaZzmXTBrfSNdeWOe7YCJECAwEAAaMhMB8wDwYDVR0TAQH/BAUwAwEB/zAM
+BgNVHRIBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4GBACLsSf1EXpqxVfcpTM9m/x/O
+1+YxrrXzO8nY5NRKWf/bmogjKBRieAO4NtgyVsbSCQ/kM+oCfyQC/ExYXOc6TLZp
+VbxeyD7Cl2aCdGocHq6uPTX1bqOlm50j1dre4kfu6niKNhlz9X84vQ67VjzIIQ5a
+V6DPCFDmgO8+5e1kadZt
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/0A.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/0A.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
Validity
- Not Before: Mar 21 00:49:24 2011 GMT
- Not After : Dec 15 00:49:24 2013 GMT
+ Not Before: Apr 11 22:37:41 2011 GMT
+ Not After : Jan 5 22:37:41 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.2_ta1/emailAddress=ch5.2_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ae:6a:8e:9d:ec:f8:54:be:fb:5c:ae:02:f6:32:
- dc:e0:8c:a7:3a:26:62:27:93:68:2d:c5:7d:84:0a:
- ae:c5:d6:a6:61:a5:d4:0b:6c:e2:b8:43:6a:a4:af:
- 78:a7:dc:4d:b4:d5:b1:85:67:57:d2:a8:61:c4:08:
- 21:34:07:4c:d5:87:71:65:8b:d3:af:44:87:3f:f5:
- d5:2d:45:83:3e:52:4d:0a:6d:cb:68:55:8e:f4:bc:
- 2b:50:6d:e6:69:50:68:6c:a1:be:ec:cd:e2:96:96:
- 96:04:8d:ba:32:b9:0d:90:87:0f:ff:f0:ab:77:92:
- 51:ac:ef:36:b3:6b:2d:17:93
+ 00:c5:27:9b:4d:c3:41:cf:96:d4:f0:21:59:1b:77:
+ ce:54:81:dc:05:57:1f:56:69:8c:5f:58:3f:88:4a:
+ c6:73:bd:a9:4a:d0:f8:a3:33:1b:4f:d8:94:b5:d3:
+ 95:bd:00:06:d1:18:e8:ea:9e:41:ad:06:ea:c6:cc:
+ 9f:93:a7:c4:a0:3e:05:62:4c:3f:1c:88:79:a0:a1:
+ eb:f3:94:d0:1b:8c:a8:9f:4c:3b:37:80:06:6b:00:
+ e7:30:6c:d4:c2:51:27:7f:1a:e5:95:a7:1c:15:d6:
+ 98:0e:1f:2f:28:b7:a7:75:60:56:8e:74:a0:86:9a:
+ 06:d5:23:0f:11:83:02:95:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 51:52:C7:88:A6:9D:32:EF:AC:95:BF:79:10:0B:6E:F7:65:94:A7:F9
+ 89:81:B5:75:FE:47:C0:C6:F5:28:97:38:D7:FC:58:E9:62:8D:31:C0
X509v3 Authority Key Identifier:
- keyid:52:80:D6:40:50:47:FD:82:5A:83:A4:24:CE:3E:DC:C7:E1:6F:56:00
+ keyid:B2:A1:C2:1D:B7:20:56:20:8C:64:DA:BA:06:C6:5A:E4:0A:23:6E:01
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
serial:04
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 61:86:a8:a9:d8:9f:08:19:cc:fd:ad:24:65:2e:67:dc:39:79:
- 35:75:d5:c4:06:4b:e2:84:ce:86:9a:b8:b9:d6:00:a4:47:41:
- a8:57:4f:09:2d:b4:cb:7f:40:73:8a:a3:fe:9d:eb:14:00:f0:
- e8:f5:23:b2:30:19:31:d9:15:98:96:f2:6b:80:9e:11:52:b2:
- f5:d3:ed:30:38:c7:a0:d1:21:fc:7a:99:cd:1f:a8:fc:6b:0b:
- 31:29:02:1a:1e:77:c8:75:70:5f:13:cf:92:02:79:a9:e1:d7:
- d9:2a:38:f7:ff:0a:8d:21:1a:5a:8e:25:1e:8c:a7:02:f0:ff:
- ef:02
+ 63:3d:1b:46:ff:99:65:19:01:e8:fc:b1:a4:22:30:8c:da:43:
+ c5:79:05:0c:60:3a:0f:4b:3f:53:63:f0:12:63:a9:ee:63:10:
+ 15:aa:f4:ae:13:10:4f:43:b4:31:8c:84:f5:c1:0b:86:ab:7b:
+ 78:7e:7c:9b:3c:26:56:8e:aa:54:3b:ad:7e:be:23:3e:8f:8c:
+ cf:47:22:7d:f6:83:53:ca:72:f1:02:9a:07:4a:f7:94:00:1b:
+ d2:57:80:6d:c9:37:ab:58:d6:54:71:90:de:c9:3f:ee:c3:b5:
+ 5c:0e:46:09:30:cf:95:58:2f:07:64:fe:27:70:9e:d0:29:dd:
+ f5:25
-----BEGIN CERTIFICATE-----
MIIDPjCCAqegAwIBAgIBCjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2g0X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g0X3Rh
-MTAeFw0xMTAzMjEwMDQ5MjRaFw0xMzEyMTUwMDQ5MjRaMHQxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3NDFaFw0xNDAxMDUyMjM3NDFaMHQxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRIwEAYDVQQDFAljaDUuMl90YTExGDAWBgkqhkiG9w0BCQEWCWNo
-NS4yX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArmqOnez4VL77XK4C
-9jLc4IynOiZiJ5NoLcV9hAquxdamYaXUC2ziuENqpK94p9xNtNWxhWdX0qhhxAgh
-NAdM1YdxZYvTr0SHP/XVLUWDPlJNCm3LaFWO9LwrUG3maVBobKG+7M3ilpaWBI26
-MrkNkIcP//Crd5JRrO82s2stF5MCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUUVLHiKad
-Mu+slb95EAtu92WUp/kwgZoGA1UdIwSBkjCBj4AUUoDWQFBH/YJag6Qkzj7cx+Fv
-VgChdKRyMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYD
+NS4yX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxSebTcNBz5bU8CFZ
+G3fOVIHcBVcfVmmMX1g/iErGc72pStD4ozMbT9iUtdOVvQAG0Rjo6p5BrQbqxsyf
+k6fEoD4FYkw/HIh5oKHr85TQG4yon0w7N4AGawDnMGzUwlEnfxrllaccFdaYDh8v
+KLendWBWjnSghpoG1SMPEYMClXMCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUiYG1df5H
+wMb1KJc41/xY6WKNMcAwgZoGA1UdIwSBkjCBj4AUsqHCHbcgViCMZNq6BsZa5Aoj
+bgGhdKRyMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYD
VQQHEwpNZW5sbyBQYXJrMQ0wCwYDVQQKEwRwa2c1MRAwDgYDVQQDFAdjaDNfdGEx
MRYwFAYJKoZIhvcNAQkBFgdjaDNfdGExggEEMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAGGGqKnYnwgZzP2tJGUu
-Z9w5eTV11cQGS+KEzoaauLnWAKRHQahXTwkttMt/QHOKo/6d6xQA8Oj1I7IwGTHZ
-FZiW8muAnhFSsvXT7TA4x6DRIfx6mc0fqPxrCzEpAhoed8h1cF8Tz5ICeanh19kq
-OPf/Co0hGlqOJR6MpwLw/+8C
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAGM9G0b/mWUZAej8saQi
+MIzaQ8V5BQxgOg9LP1Nj8BJjqe5jEBWq9K4TEE9DtDGMhPXBC4are3h+fJs8JlaO
+qlQ7rX6+Iz6PjM9HIn32g1PKcvECmgdK95QAG9JXgG3JN6tY1lRxkN7JP+7DtVwO
+Rgkwz5VYLwdk/idwntAp3fUl
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/0C.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/0C.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:42 2011 GMT
+ Not After : Jan 5 22:37:42 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4.3_ta1/emailAddress=ch4.3_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bf:bb:29:f0:2f:1e:74:b0:bc:ea:4d:fe:c7:9b:
- d3:4c:ce:d5:46:d1:11:ef:56:6f:9a:be:1a:53:c3:
- 04:3b:cd:10:14:87:67:c5:87:39:8e:a3:17:aa:42:
- f4:09:cc:31:68:2a:6e:1c:50:2c:70:5a:de:59:10:
- c0:74:ea:73:2b:06:1c:d9:20:29:f4:48:d5:c9:1e:
- 29:0a:9d:47:73:68:50:f4:75:34:06:93:d5:a9:7e:
- b8:20:2e:6d:ef:79:c3:92:83:79:53:4b:26:9e:80:
- 32:19:5f:39:fe:44:7b:89:09:dc:63:7a:4c:ad:d6:
- 77:31:1a:9c:26:3c:af:3c:7b
+ 00:e2:d0:ba:91:89:c2:26:21:4c:9d:68:63:7e:87:
+ 9b:9e:31:52:4d:30:b3:2b:9c:26:85:40:63:69:66:
+ 7c:5d:52:73:d3:61:01:78:18:0e:46:21:6d:34:1f:
+ 84:e2:42:72:9c:ef:68:7e:49:a6:3d:62:82:f3:0f:
+ 95:74:13:88:a1:d1:bf:00:93:10:24:d2:fc:bd:1a:
+ a7:4f:f2:24:b2:60:d5:57:96:62:09:c8:94:5f:b6:
+ 57:38:f1:00:62:97:d9:a2:35:d6:95:47:97:78:48:
+ 17:77:2b:c4:62:fa:00:0c:f1:d4:6e:e1:74:25:38:
+ 0f:5c:57:af:92:37:e7:18:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- B2:F9:FB:5A:A8:19:23:A0:E6:D5:C5:4C:B0:2D:8B:01:65:7F:9E:49
+ 9E:F5:29:85:12:A6:F3:26:1C:25:81:F4:75:82:9E:80:B1:33:8D:BE
X509v3 Authority Key Identifier:
- keyid:9D:49:C0:40:BE:F9:2D:9D:38:CF:BB:7C:6C:33:70:E3:13:2C:F9:05
+ keyid:D0:F9:37:92:54:28:C0:40:AE:62:94:51:42:6A:7C:8E:37:5F:AC:A8
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch2_ta1/emailAddress=ch2_ta1
serial:03
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 44:f7:b5:6e:5f:59:fc:8f:11:6f:c8:52:14:e2:f6:e2:13:36:
- 03:88:ab:7f:86:bc:56:a6:d8:f1:94:bd:ac:48:36:f5:af:5d:
- 63:f5:47:1e:03:ac:64:2d:08:ee:1c:4f:0b:08:3d:cf:48:0a:
- 2b:94:12:d7:b7:96:00:d0:76:e6:3b:63:fa:ea:2a:c8:46:04:
- 94:9e:a2:51:88:b5:54:96:63:6d:a5:10:f2:6c:3b:fb:2b:ef:
- cc:ee:8a:d4:c1:a0:05:e4:c0:4f:23:dc:2b:5b:c3:18:37:68:
- 90:98:3d:12:17:e0:b8:e4:38:75:34:58:08:03:05:15:3d:b7:
- b6:64
+ 87:45:e7:89:11:9c:2a:47:8e:63:84:93:80:3f:03:27:65:dd:
+ 19:50:aa:1f:e5:50:67:c9:d8:3f:1e:74:85:fb:46:b2:c8:1c:
+ 22:cb:a9:d0:d4:26:60:06:6e:9e:15:7e:d3:5a:06:8d:95:26:
+ 36:10:16:e9:08:92:fb:9a:45:14:99:b5:ac:ee:06:d2:6b:c4:
+ 21:63:13:b4:55:1f:c3:35:02:56:9e:7d:d1:4a:1f:45:91:f6:
+ c1:28:c3:f9:aa:e0:31:63:cc:c0:5d:77:7f:54:65:98:a3:39:
+ eb:73:83:ab:74:f3:c2:3e:be:9b:fe:18:75:3c:44:ad:a2:fc:
+ c2:42
-----BEGIN CERTIFICATE-----
MIIDPjCCAqegAwIBAgIBDDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gzX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gzX3Rh
-MTAeFw0xMTAzMjEwMDQ5MjZaFw0xMzEyMTUwMDQ5MjZaMHQxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3NDJaFw0xNDAxMDUyMjM3NDJaMHQxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRIwEAYDVQQDFAljaDQuM190YTExGDAWBgkqhkiG9w0BCQEWCWNo
-NC4zX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv7sp8C8edLC86k3+
-x5vTTM7VRtER71Zvmr4aU8MEO80QFIdnxYc5jqMXqkL0CcwxaCpuHFAscFreWRDA
-dOpzKwYc2SAp9EjVyR4pCp1Hc2hQ9HU0BpPVqX64IC5t73nDkoN5U0smnoAyGV85
-/kR7iQncY3pMrdZ3MRqcJjyvPHsCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUsvn7WqgZ
-I6Dm1cVMsC2LAWV/nkkwgZoGA1UdIwSBkjCBj4AUnUnAQL75LZ04z7t8bDNw4xMs
-+QWhdKRyMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYD
+NC4zX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4tC6kYnCJiFMnWhj
+foebnjFSTTCzK5wmhUBjaWZ8XVJz02EBeBgORiFtNB+E4kJynO9ofkmmPWKC8w+V
+dBOIodG/AJMQJNL8vRqnT/IksmDVV5ZiCciUX7ZXOPEAYpfZojXWlUeXeEgXdyvE
+YvoADPHUbuF0JTgPXFevkjfnGCECAwEAAaOB4zCB4DAdBgNVHQ4EFgQUnvUphRKm
+8yYcJYH0dYKegLEzjb4wgZoGA1UdIwSBkjCBj4AU0Pk3klQowECuYpRRQmp8jjdf
+rKihdKRyMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYD
VQQHEwpNZW5sbyBQYXJrMQ0wCwYDVQQKEwRwa2c1MRAwDgYDVQQDFAdjaDJfdGEx
MRYwFAYJKoZIhvcNAQkBFgdjaDJfdGExggEDMBIGA1UdEwEB/wQIMAYBAf8CAQAw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAET3tW5fWfyPEW/IUhTi
-9uITNgOIq3+GvFam2PGUvaxINvWvXWP1Rx4DrGQtCO4cTwsIPc9ICiuUEte3lgDQ
-duY7Y/rqKshGBJSeolGItVSWY22lEPJsO/sr78zuitTBoAXkwE8j3Ctbwxg3aJCY
-PRIX4LjkOHU0WAgDBRU9t7Zk
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIdF54kRnCpHjmOEk4A/
+Aydl3RlQqh/lUGfJ2D8edIX7RrLIHCLLqdDUJmAGbp4VftNaBo2VJjYQFukIkvua
+RRSZtazuBtJrxCFjE7RVH8M1AlaefdFKH0WR9sEow/mq4DFjzMBdd39UZZijOetz
+g6t088I+vpv+GHU8RK2i/MJC
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/0D.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/0D.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4.3_ta1/emailAddress=ch4.3_ta1
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:42 2011 GMT
+ Not After : Jan 5 22:37:42 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.3_ta1/emailAddress=ch5.3_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b6:f8:e3:58:93:ea:62:c9:34:62:40:97:14:c7:
- 2e:45:45:56:a8:05:4b:da:9d:6e:7f:0e:54:92:00:
- 9a:0d:c7:cf:5f:65:49:35:1a:d3:9d:e3:53:62:59:
- ab:94:9e:01:8b:df:d6:7f:ea:d9:c9:f8:ff:cb:a3:
- 43:4e:4b:ba:d4:8c:fb:e7:4d:0b:ac:d3:c2:1b:54:
- eb:9a:17:95:d9:9d:38:e6:e9:b6:7f:d6:da:1a:33:
- d0:2e:f7:93:67:9c:1e:7f:12:1f:71:37:a0:e5:ac:
- f6:18:81:5e:bc:a0:75:a6:96:18:01:6e:7a:e2:42:
- 2a:90:d1:31:64:f1:06:31:f5
+ 00:be:99:38:81:c2:5f:37:c3:d2:cc:7f:01:19:61:
+ 8d:8b:57:70:3a:2c:36:c1:c8:e4:a6:33:2a:bc:27:
+ e9:cf:d7:ca:49:90:d2:e0:f1:82:0e:7d:50:aa:e3:
+ 8c:ca:07:61:bf:d3:fd:1e:f3:af:ec:00:dd:d2:ab:
+ 70:6a:1a:5a:00:32:ec:04:a3:a4:25:b1:82:1d:90:
+ 3c:f9:ae:91:90:d7:d6:c2:0e:8d:31:55:62:e2:6b:
+ 10:e0:10:6f:33:93:78:2f:58:b7:46:f4:b9:1a:4c:
+ fd:81:b2:66:42:95:4b:a1:ff:46:9e:9d:f6:32:56:
+ 63:88:bc:83:43:54:bb:ce:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 63:11:18:64:5B:58:88:7E:89:2C:0C:88:B4:3F:5C:02:58:7B:4A:E7
+ 9F:45:5B:75:2A:5E:64:78:D2:D9:6F:34:3C:19:AE:27:DE:D7:6C:98
X509v3 Authority Key Identifier:
- keyid:B2:F9:FB:5A:A8:19:23:A0:E6:D5:C5:4C:B0:2D:8B:01:65:7F:9E:49
+ keyid:9E:F5:29:85:12:A6:F3:26:1C:25:81:F4:75:82:9E:80:B1:33:8D:BE
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
serial:0C
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 90:9a:37:9a:90:06:27:6c:4a:27:9e:c4:b5:e0:28:50:27:b2:
- 0c:d0:64:74:de:79:3f:b8:c1:10:76:a9:5a:04:2e:78:3d:e7:
- d7:f8:64:aa:0e:1a:a0:bb:0e:3b:23:f0:e8:68:0d:9d:f4:1b:
- c0:4e:2c:90:b2:5d:de:41:4b:56:6a:85:26:05:83:3a:cf:e2:
- b0:2a:f7:99:d9:37:6e:df:2a:24:3f:1e:22:6b:a3:cd:b4:4a:
- da:64:32:a3:5b:f5:02:44:12:65:cd:f3:15:29:71:77:b1:93:
- 9b:ea:67:5d:de:c0:32:f6:f2:aa:a1:f0:d8:36:d9:5e:d7:50:
- e6:cc
+ 62:7d:64:11:6a:5f:cd:6d:09:ae:5c:5f:d7:ef:5e:08:1f:c0:
+ 6d:b0:b5:a1:28:74:88:95:10:93:2b:50:a4:7f:f3:92:3c:75:
+ 23:ad:4b:e6:bd:ae:62:35:74:1c:0f:fd:00:e4:e7:e2:53:80:
+ b9:c5:30:1e:47:83:39:a5:88:3d:9b:a2:ee:86:27:94:cb:f5:
+ 57:ba:91:ce:70:d7:12:a0:61:39:64:af:70:91:12:41:5e:4c:
+ 7e:5d:5e:b0:42:05:31:e5:13:fd:bc:86:cc:b6:bc:4e:4c:69:
+ b6:2f:0e:63:80:16:c2:6d:7c:68:07:b6:a7:b4:04:ff:0b:97:
+ 51:ee
-----BEGIN CERTIFICATE-----
MIIDQjCCAqugAwIBAgIBDTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2g0LjNfdGExMRgwFgYJKoZIhvcNAQkBFgljaDQu
-M190YTEwHhcNMTEwMzIxMDA0OTI2WhcNMTMxMjE1MDA0OTI2WjB0MQswCQYDVQQG
+M190YTEwHhcNMTEwNDExMjIzNzQyWhcNMTQwMTA1MjIzNzQyWjB0MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTESMBAGA1UEAxQJY2g1LjNfdGExMRgwFgYJKoZIhvcNAQkB
-FgljaDUuM190YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALb441iT6mLJ
-NGJAlxTHLkVFVqgFS9qdbn8OVJIAmg3Hz19lSTUa053jU2JZq5SeAYvf1n/q2cn4
-/8ujQ05LutSM++dNC6zTwhtU65oXldmdOObptn/W2hoz0C73k2ecHn8SH3E3oOWs
-9hiBXrygdaaWGAFueuJCKpDRMWTxBjH1AgMBAAGjgeMwgeAwHQYDVR0OBBYEFGMR
-GGRbWIh+iSwMiLQ/XAJYe0rnMIGaBgNVHSMEgZIwgY+AFLL5+1qoGSOg5tXFTLAt
-iwFlf55JoXSkcjBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTET
+FgljaDUuM190YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6ZOIHCXzfD
+0sx/ARlhjYtXcDosNsHI5KYzKrwn6c/XykmQ0uDxgg59UKrjjMoHYb/T/R7zr+wA
+3dKrcGoaWgAy7ASjpCWxgh2QPPmukZDX1sIOjTFVYuJrEOAQbzOTeC9Yt0b0uRpM
+/YGyZkKVS6H/Rp6d9jJWY4i8g0NUu86hAgMBAAGjgeMwgeAwHQYDVR0OBBYEFJ9F
+W3UqXmR40tlvNDwZrife12yYMIGaBgNVHSMEgZIwgY+AFJ71KYUSpvMmHCWB9HWC
+noCxM42+oXSkcjBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTET
MBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTEQMA4GA1UEAxQHY2gz
X3RhMTEWMBQGCSqGSIb3DQEJARYHY2gzX3RhMYIBDDASBgNVHRMBAf8ECDAGAQH/
-AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOBgQCQmjeakAYnbEon
-nsS14ChQJ7IM0GR03nk/uMEQdqlaBC54PefX+GSqDhqguw47I/DoaA2d9BvATiyQ
-sl3eQUtWaoUmBYM6z+KwKveZ2Tdu3yokPx4ia6PNtEraZDKjW/UCRBJlzfMVKXF3
-sZOb6mdd3sAy9vKqofDYNtle11DmzA==
+AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOBgQBifWQRal/NbQmu
+XF/X714IH8BtsLWhKHSIlRCTK1Ckf/OSPHUjrUvmva5iNXQcD/0A5OfiU4C5xTAe
+R4M5pYg9m6LuhieUy/VXupHOcNcSoGE5ZK9wkRJBXkx+XV6wQgUx5RP9vIbMtrxO
+TGm2Lw5jgBbCbXxoB7antAT/C5dR7g==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/10.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/10.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,61 +5,61 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta3/emailAddress=ta3
Validity
- Not Before: Mar 21 00:49:27 2011 GMT
- Not After : Dec 15 00:49:27 2013 GMT
+ Not Before: Apr 11 22:37:44 2011 GMT
+ Not After : Jan 5 22:37:44 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ce:60:c2:15:27:ff:ef:55:03:7a:1a:95:17:7f:
- 93:80:b9:a8:64:3f:96:0f:5e:b2:b6:0b:c0:85:02:
- 7a:25:96:e0:e7:31:07:f7:4a:b9:8b:a7:87:7c:34:
- 65:9b:08:b3:26:05:13:c4:d3:2e:88:e7:a7:d8:c7:
- 05:56:a4:8b:57:b6:12:2e:c4:68:6f:7c:b6:5d:38:
- 7d:a2:93:6f:30:9f:ef:bf:db:81:ee:7b:7f:3a:2e:
- 19:7e:b9:0d:9d:e2:0a:e3:56:36:8d:cb:54:d9:c3:
- fd:67:59:58:19:8b:60:65:1d:9c:70:e8:c3:18:ae:
- ec:af:56:ef:19:26:e6:94:fd
+ 00:e1:a3:d0:51:dc:0b:73:6f:44:f2:c7:6b:f2:9d:
+ da:56:de:d4:41:61:75:48:78:10:2c:53:f1:c1:28:
+ 01:4a:10:53:7d:32:bc:e2:01:a2:75:59:0b:cf:3a:
+ fc:41:b8:2c:36:fb:fe:3d:d9:a2:41:7b:6e:3c:0a:
+ a9:7e:74:5a:86:ea:06:6a:2b:ad:3c:7e:32:8b:97:
+ a4:ba:53:c1:b8:bc:f0:8f:80:22:53:97:66:bb:80:
+ 15:05:96:dc:df:62:29:4d:15:df:85:e6:90:30:4d:
+ 29:d3:04:b7:4f:22:40:b8:a1:22:ed:0e:4b:e6:00:
+ 82:df:89:48:63:87:b5:80:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 0A:B2:12:2B:7E:04:40:9E:1A:C1:B4:A8:96:B9:C3:A1:0A:83:6D:3B
+ D9:77:48:13:09:B0:17:15:2A:95:47:CA:4C:13:2E:A9:AC:18:5D:AD
X509v3 Authority Key Identifier:
- keyid:E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ keyid:7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta3/emailAddress=ta3
- serial:EE:77:7E:6A:C1:1E:57:ED
+ serial:F4:58:54:6A:83:22:66:E9
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 35:2f:59:d9:6d:8f:bd:bc:f0:1a:f9:40:91:f3:f9:d7:4e:29:
- e5:cc:44:92:d1:13:cd:f7:e1:cb:a2:06:d3:ba:f2:c5:cf:c2:
- 4c:ad:5c:3b:91:a6:2a:35:ed:ae:cb:fc:b9:78:90:fb:6b:8b:
- fd:20:ef:0a:69:61:5e:76:49:07:3b:11:fe:29:8f:fd:14:4d:
- be:72:79:aa:49:68:47:22:3e:88:56:71:58:f2:e7:3a:6c:52:
- 66:73:98:28:41:e4:32:39:a6:c9:3e:40:12:de:4f:9a:fa:b1:
- 9d:b8:75:5b:c3:05:0b:bc:da:33:a1:a4:6d:c6:4c:21:e6:74:
- 87:36
+ a5:b4:3f:fe:d9:aa:36:19:da:97:ab:60:50:43:50:e0:26:2e:
+ 23:af:39:d9:d6:60:0a:41:5d:6a:2f:6f:f2:4c:4f:a8:22:40:
+ 04:40:84:4e:0a:34:10:21:a5:9a:36:f6:7c:aa:e3:29:88:ce:
+ 8c:1f:4a:cd:db:19:db:25:0c:04:46:28:67:ba:74:ff:74:78:
+ 4e:20:9b:ef:31:95:c9:ab:46:53:f3:02:bb:25:78:3e:43:6a:
+ 87:d6:86:61:a6:3e:8a:91:91:a6:88:f2:32:2d:b2:51:22:46:
+ 9a:b3:b6:c9:45:90:83:c2:0f:d7:a2:4a:1b:61:30:3f:55:3d:
+ 47:1f
-----BEGIN CERTIFICATE-----
MIIDLzCCApigAwIBAgIBEDANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGEzMRIwEAYJKoZIhvcNAQkBFgN0YTMwHhcNMTEw
-MzIxMDA0OTI3WhcNMTMxMjE1MDA0OTI3WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzQ0WhcNMTQwMTA1MjIzNzQ0WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3RhMzCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzmDCFSf/71UDehqVF3+TgLmoZD+WD16y
-tgvAhQJ6JZbg5zEH90q5i6eHfDRlmwizJgUTxNMuiOen2McFVqSLV7YSLsRob3y2
-XTh9opNvMJ/vv9uB7nt/Oi4ZfrkNneIK41Y2jctU2cP9Z1lYGYtgZR2ccOjDGK7s
-r1bvGSbmlP0CAwEAAaOB4DCB3TAdBgNVHQ4EFgQUCrISK34EQJ4awbSolrnDoQqD
-bTswgZoGA1UdIwSBkjCBj4AU4p6hi9fTsPHD6XekSV1qTqtzrF2hbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4aPQUdwLc29E8sdr8p3aVt7UQWF1SHgQ
+LFPxwSgBShBTfTK84gGidVkLzzr8QbgsNvv+PdmiQXtuPAqpfnRahuoGaiutPH4y
+i5ekulPBuLzwj4AiU5dmu4AVBZbc32IpTRXfheaQME0p0wS3TyJAuKEi7Q5L5gCC
+34lIY4e1gFUCAwEAAaOB4DCB3TAdBgNVHQ4EFgQU2XdIEwmwFxUqlUfKTBMuqawY
+Xa0wgZoGA1UdIwSBkjCBj4AUevZRen+bqzc9TpMDkG1qhAl8Ot2hbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTMxEjAQBgkqhkiG9w0BCQEW
-A3RhM4IJAO53fmrBHlftMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
-MA0GCSqGSIb3DQEBCwUAA4GBADUvWdltj7288Br5QJHz+ddOKeXMRJLRE8334cui
-BtO68sXPwkytXDuRpio17a7L/Ll4kPtri/0g7wppYV52SQc7Ef4pj/0UTb5yeapJ
-aEciPohWcVjy5zpsUmZzmChB5DI5psk+QBLeT5r6sZ24dVvDBQu82jOhpG3GTCHm
-dIc2
+A3RhM4IJAPRYVGqDImbpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBCwUAA4GBAKW0P/7ZqjYZ2perYFBDUOAmLiOvOdnWYApBXWov
+b/JMT6giQARAhE4KNBAhpZo29nyq4ymIzowfSs3bGdslDARGKGe6dP90eE4gm+8x
+lcmrRlPzArsleD5DaofWhmGmPoqRkaaI8jItslEiRpqztslFkIPCD9eiShthMD9V
+PUcf
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/1A.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/1A.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta3/emailAddress=ta3
Validity
- Not Before: Mar 21 00:49:29 2011 GMT
- Not After : Dec 15 00:49:29 2013 GMT
+ Not Before: Apr 11 22:37:47 2011 GMT
+ Not After : Jan 5 22:37:47 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.1_ta3/emailAddress=ch1.1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b1:2b:53:b9:59:1d:7a:5f:9b:1e:8f:62:91:94:
- a7:05:dc:e8:3b:87:d0:e4:3c:76:b8:60:a5:30:bd:
- 0f:24:a5:5f:9e:cc:4f:cc:e3:b2:23:23:4b:37:3b:
- 97:25:48:00:0e:1c:31:ae:8f:1d:cd:32:f8:25:a2:
- fe:d9:50:c5:ec:7e:ef:d8:09:1d:6f:bb:e0:60:b0:
- 33:fd:66:39:b4:ff:2f:54:6b:7d:88:d8:e8:6a:1e:
- cd:54:0a:da:ed:c3:5f:89:c5:1d:b4:4f:9e:3c:11:
- 3c:1d:0b:8a:88:b0:64:c2:79:88:e7:2d:e4:3f:c8:
- a4:eb:d4:f3:3e:9b:9a:98:7d
+ 00:a1:1f:54:43:20:65:63:b2:fc:8b:d7:f6:a8:90:
+ f0:1e:b8:e9:06:37:cb:1b:c9:47:56:3a:3f:ec:7e:
+ e6:ee:c6:9a:d4:15:0d:64:f7:d5:77:2f:52:31:6c:
+ 36:8d:2f:07:7f:0d:a7:cf:79:af:68:70:2b:74:a7:
+ 30:92:1e:55:fc:2a:f4:b7:c3:47:01:57:4f:65:ba:
+ 58:bf:75:73:02:4c:4c:a8:51:3d:82:ee:57:fa:93:
+ 64:d6:53:05:12:10:36:c9:9c:c3:af:6c:56:9d:20:
+ 44:4b:b4:bc:67:d8:06:99:8e:fa:32:4c:c1:4f:09:
+ 5a:46:ec:06:cf:ac:e1:fa:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,27 +29,27 @@
<EMPTY>
Signature Algorithm: sha256WithRSAEncryption
- 0a:d2:4f:8e:74:ec:43:44:20:84:14:8b:11:02:10:f1:a0:d3:
- 93:4f:dc:be:fe:cc:33:ec:f7:7e:2b:58:45:94:d0:03:e4:a3:
- 58:13:aa:81:f1:6d:d7:f7:64:09:7f:d8:68:e5:97:25:7a:65:
- 70:e8:b1:60:9a:55:4b:d5:26:fd:0f:7b:36:88:6e:5f:98:ee:
- 77:cb:df:ce:62:cd:ae:70:14:91:66:ee:e5:a3:9f:72:89:bf:
- 8f:66:86:4b:71:27:6a:d0:d2:15:20:d5:11:35:4a:e5:28:6f:
- e2:8a:dc:29:08:e0:da:7d:fa:df:1e:b5:ea:66:80:18:d3:4f:
- 1d:a8
+ 34:ad:5e:5d:7a:64:12:a2:c0:f9:85:cb:e4:5c:43:0a:e9:f7:
+ 68:be:c5:96:93:83:04:ca:dc:2c:93:f6:a6:ec:fb:26:a7:9d:
+ dc:d3:e7:ee:f2:d2:93:90:10:3c:4f:8f:ce:0e:63:60:d7:5d:
+ 6a:af:97:4d:3d:1b:4b:5c:e6:ed:24:19:c7:d9:20:27:0d:8e:
+ d2:e2:85:68:c2:45:ba:2e:70:9b:78:bd:91:b6:29:0e:75:93:
+ f3:c2:38:14:ee:37:c2:66:1b:cf:de:81:b1:64:eb:8d:19:c4:
+ b2:1d:33:66:47:83:dc:e3:5b:14:d9:69:30:d8:5c:90:5f:34:
+ 48:d5
-----BEGIN CERTIFICATE-----
MIICczCCAdygAwIBAgIBGjANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGEzMRIwEAYJKoZIhvcNAQkBFgN0YTMwHhcNMTEw
-MzIxMDA0OTI5WhcNMTMxMjE1MDA0OTI5WjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzQ3WhcNMTQwMTA1MjIzNzQ3WjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTESMBAGA1UEAxQJY2gxLjFfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEuMV90YTMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALErU7lZHXpfmx6PYpGUpwXc6DuH
-0OQ8drhgpTC9DySlX57MT8zjsiMjSzc7lyVIAA4cMa6PHc0y+CWi/tlQxex+79gJ
-HW+74GCwM/1mObT/L1RrfYjY6GoezVQK2u3DX4nFHbRPnjwRPB0LioiwZMJ5iOct
-5D/IpOvU8z6bmph9AgMBAAGjITAfMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0SAQH/
-BAIwADANBgkqhkiG9w0BAQsFAAOBgQAK0k+OdOxDRCCEFIsRAhDxoNOTT9y+/swz
-7Pd+K1hFlNAD5KNYE6qB8W3X92QJf9ho5ZclemVw6LFgmlVL1Sb9D3s2iG5fmO53
-y9/OYs2ucBSRZu7lo59yib+PZoZLcSdq0NIVINURNUrlKG/iitwpCODaffrfHrXq
-ZoAY008dqA==
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKEfVEMgZWOy/IvX9qiQ8B646QY3
+yxvJR1Y6P+x+5u7GmtQVDWT31XcvUjFsNo0vB38Np895r2hwK3SnMJIeVfwq9LfD
+RwFXT2W6WL91cwJMTKhRPYLuV/qTZNZTBRIQNsmcw69sVp0gREu0vGfYBpmO+jJM
+wU8JWkbsBs+s4fohAgMBAAGjITAfMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0SAQH/
+BAIwADANBgkqhkiG9w0BAQsFAAOBgQA0rV5demQSosD5hcvkXEMK6fdovsWWk4ME
+ytwsk/am7Psmp53c0+fu8tKTkBA8T4/ODmNg111qr5dNPRtLXObtJBnH2SAnDY7S
+4oVowkW6LnCbeL2RtikOdZPzwjgU7jfCZhvP3oGxZOuNGcSyHTNmR4Pc41sU2Wkw
+2FyQXzRI1Q==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/1C.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/1C.pem Wed Apr 27 20:30:32 2011 -0700
@@ -12,37 +12,37 @@
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:c1:e1:d0:e9:31:7d:20:8f:e8:b6:4e:1c:d2:8a:
- 1f:b7:70:52:97:50:b5:ea:04:27:50:5f:69:40:42:
- b9:85:30:ca:ff:d5:b6:c5:c3:fb:c0:58:43:fd:15:
- ab:3a:0b:a1:21:e5:dc:ef:64:4d:ba:f4:4a:27:ed:
- 31:dc:be:2f:53:9d:01:7b:72:b3:f4:94:37:8d:45:
- 88:16:58:4d:dd:83:cd:45:d2:12:41:f0:9a:fb:ab:
- ae:a5:8e:d2:94:1b:0b:7c:84:f2:a4:9b:de:92:48:
- 1d:11:44:5f:53:d9:8e:73:a7:6e:03:b8:ed:3d:d5:
- 30:ee:8b:45:8e:ef:33:06:6b
+ 00:c7:97:bd:7a:78:72:f6:bb:6f:5b:ca:07:34:d8:
+ 70:93:94:39:d6:9c:73:b2:58:c6:fa:10:eb:8e:c7:
+ 54:39:fd:9a:35:f5:2c:a4:ae:e6:ca:a2:9c:07:0c:
+ 57:05:78:cc:8b:98:2e:39:e8:74:73:28:bf:f7:bf:
+ d1:fb:5d:10:9d:f0:19:75:9d:35:fe:50:97:76:70:
+ 6d:00:79:66:1a:2f:af:c6:12:45:16:45:ea:3e:f0:
+ 90:3b:56:9d:ed:f7:70:ba:de:f7:ec:55:2b:ee:b1:
+ 9b:fb:1d:55:46:65:86:c3:1b:9e:50:b9:8c:b9:d3:
+ 02:73:aa:e6:1e:4d:11:2b:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 3E:1B:50:98:42:E7:84:35:1D:A0:3A:DE:FE:61:87:FF:3D:5A:44:BD
+ 5A:E6:5A:C4:85:7D:C2:25:75:F9:C2:6A:93:15:18:69:7F:57:47:7C
X509v3 Authority Key Identifier:
- keyid:E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ keyid:7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta3/emailAddress=ta3
- serial:EE:77:7E:6A:C1:1E:57:ED
+ serial:F4:58:54:6A:83:22:66:E9
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 3f:59:fa:c1:b5:d6:f4:05:31:0c:ac:e3:c2:a6:fd:df:da:01:
- 6d:70:e9:f2:23:8c:e6:79:57:53:f9:37:50:93:b1:82:0b:4d:
- e3:73:1d:ba:4e:f5:b7:de:8a:a0:84:65:ee:de:c0:ae:5d:34:
- ed:9b:79:07:3f:8e:9f:82:4b:10:00:d6:67:98:ae:86:6c:47:
- 8a:7a:81:4e:bc:96:85:23:e5:a4:a8:80:4e:24:82:b2:3b:3b:
- 0e:a0:79:bd:96:52:4b:85:55:4c:5e:fd:86:85:ce:e2:85:bc:
- fb:25:4a:7d:74:dc:8e:aa:93:d3:bd:23:b9:34:50:fb:4d:2d:
- 57:38
+ 23:82:0a:78:02:e9:9f:de:a1:62:2d:47:42:8d:f8:88:26:cf:
+ 3b:31:64:91:56:e1:50:eb:46:12:61:6b:e4:bd:97:43:f5:f7:
+ 33:b4:92:34:62:31:8b:df:7c:13:44:ed:04:24:73:4a:35:17:
+ 98:15:ad:75:3f:33:bf:86:84:e2:29:34:7e:de:90:a1:99:f5:
+ 8a:37:85:98:7d:8e:71:64:6a:1d:aa:47:57:9d:ad:e3:07:90:
+ 0a:06:7c:08:e2:97:25:20:38:c9:41:62:d5:96:fb:fe:0e:b4:
+ 1c:e1:20:75:7d:6a:f3:62:1d:cc:72:90:a6:13:58:48:af:e4:
+ c9:b1
-----BEGIN CERTIFICATE-----
MIIDMzCCApygAwIBAgIBHDANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
@@ -50,16 +50,16 @@
MTAxMDEwMTAxWhcNMDkwMTAyMDEwMTAxWjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTESMBAGA1UEAxQJY2gxLjJfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEuMl90YTMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMHh0OkxfSCP6LZOHNKKH7dwUpdQ
-teoEJ1BfaUBCuYUwyv/VtsXD+8BYQ/0VqzoLoSHl3O9kTbr0SiftMdy+L1OdAXty
-s/SUN41FiBZYTd2DzUXSEkHwmvurrqWO0pQbC3yE8qSb3pJIHRFEX1PZjnOnbgO4
-7T3VMO6LRY7vMwZrAgMBAAGjgeAwgd0wHQYDVR0OBBYEFD4bUJhC54Q1HaA63v5h
-h/89WkS9MIGaBgNVHSMEgZIwgY+AFOKeoYvX07Dxw+l3pEldak6rc6xdoWykajBo
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMeXvXp4cva7b1vKBzTYcJOUOdac
+c7JYxvoQ647HVDn9mjX1LKSu5sqinAcMVwV4zIuYLjnodHMov/e/0ftdEJ3wGXWd
+Nf5Ql3ZwbQB5Zhovr8YSRRZF6j7wkDtWne33cLre9+xVK+6xm/sdVUZlhsMbnlC5
+jLnTAnOq5h5NESu/AgMBAAGjgeAwgd0wHQYDVR0OBBYEFFrmWsSFfcIldfnCapMV
+GGl/V0d8MIGaBgNVHSMEgZIwgY+AFHr2UXp/m6s3PU6TA5BtaoQJfDrdoWykajBo
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
bG8gUGFyazENMAsGA1UEChMEcGtnNTEMMAoGA1UEAxMDdGEzMRIwEAYJKoZIhvcN
-AQkBFgN0YTOCCQDud35qwR5X7TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOBgQA/WfrBtdb0BTEMrOPCpv3f2gFtcOnyI4zm
-eVdT+TdQk7GCC03jcx26TvW33oqghGXu3sCuXTTtm3kHP46fgksQANZnmK6GbEeK
-eoFOvJaFI+WkqIBOJIKyOzsOoHm9llJLhVVMXv2Ghc7ihbz7JUp9dNyOqpPTvSO5
-NFD7TS1XOA==
+AQkBFgN0YTOCCQD0WFRqgyJm6TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjANBgkqhkiG9w0BAQsFAAOBgQAjggp4Aumf3qFiLUdCjfiIJs87MWSRVuFQ
+60YSYWvkvZdD9fcztJI0YjGL33wTRO0EJHNKNReYFa11PzO/hoTiKTR+3pChmfWK
+N4WYfY5xZGodqkdXna3jB5AKBnwI4pclIDjJQWLVlvv+DrQc4SB1fWrzYh3McpCm
+E1hIr+TJsQ==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/1E.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/1E.pem Wed Apr 27 20:30:32 2011 -0700
@@ -12,37 +12,37 @@
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b0:ce:aa:d1:c2:56:6f:4f:cb:8d:95:8c:65:fd:
- 26:2f:42:d1:8a:4e:5f:aa:6b:79:c9:d9:f1:ce:85:
- c0:ab:fe:28:b9:84:12:4a:d7:d8:a9:19:80:c8:0f:
- c2:1f:45:66:64:d2:df:04:e3:16:4d:93:79:b5:dd:
- 75:c7:8e:9b:7d:cf:81:1e:3a:45:a1:34:b5:52:e7:
- 76:e9:9b:5b:71:4f:91:41:72:d2:f4:d2:e4:b5:1a:
- 1d:87:d1:31:15:56:39:12:71:46:f9:47:0f:e8:2b:
- 83:78:e8:ee:11:92:17:cb:4a:66:42:85:0b:d8:a7:
- f5:c4:20:f2:e1:6a:a9:20:cf
+ 00:d9:34:eb:28:22:6a:51:f8:11:2c:ee:1f:6d:c9:
+ f1:12:5a:04:33:dd:d6:27:ca:9a:40:ae:df:5c:78:
+ 53:28:c8:37:d2:47:14:e1:fc:22:ea:90:d9:19:05:
+ 08:fd:b7:99:20:97:28:23:fd:3d:62:87:0d:29:a0:
+ de:95:61:33:6c:d6:e0:65:db:c1:8b:8c:70:c3:ce:
+ 66:e9:93:ee:92:9f:87:2c:d4:6f:1d:e1:92:cb:8a:
+ 38:a4:95:0a:6a:a2:94:c6:41:25:17:ce:a6:01:fb:
+ cf:03:52:40:93:34:37:b5:74:48:15:d4:e7:64:82:
+ 46:ee:b3:bd:b5:1f:3b:42:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 57:94:FF:CF:71:C0:54:64:35:16:AF:CC:33:F3:BF:54:84:E7:D3:3D
+ E0:C8:F3:4A:A9:FE:FA:63:97:C7:CE:EE:A8:27:45:F4:C5:11:8F:A6
X509v3 Authority Key Identifier:
- keyid:E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ keyid:7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta3/emailAddress=ta3
- serial:EE:77:7E:6A:C1:1E:57:ED
+ serial:F4:58:54:6A:83:22:66:E9
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 0a:29:20:8b:d5:51:eb:d8:bb:c6:d0:c3:c1:c9:b9:e2:9f:13:
- b5:4f:67:fd:cc:4f:16:66:0e:b0:db:a8:42:f3:0c:72:25:42:
- b5:71:87:a1:2a:a6:71:69:98:e5:42:70:10:34:66:87:de:d1:
- 03:0e:6c:df:35:bc:f5:23:18:26:7f:44:f5:d4:48:f0:0b:24:
- 9a:d4:0c:e8:8d:6c:cb:7a:5b:55:a3:5e:de:87:35:02:b2:ba:
- 01:02:7f:f4:b3:fd:57:87:59:5b:d2:2d:10:27:e0:4a:a5:9c:
- b1:d0:d9:55:a5:9a:50:c3:65:97:d6:29:9f:22:7a:6c:8f:13:
- 64:ed
+ 8d:45:1b:e3:e0:58:10:d4:92:66:aa:50:1a:ee:7a:d9:99:82:
+ 7b:6e:3b:9b:88:9e:7c:a2:35:34:bb:77:9d:1f:79:d2:5d:aa:
+ b6:91:f8:07:ff:dc:63:81:d5:f3:e2:47:27:cc:79:2a:33:c8:
+ 77:d5:9b:9a:f0:2e:58:64:d3:cb:fb:e4:f9:55:bb:89:9c:36:
+ 8f:dd:84:95:a9:8c:8c:d3:6b:81:f8:64:b1:8a:15:20:59:10:
+ e3:5c:b3:05:c6:cd:d1:cb:03:3c:39:84:1c:93:f3:67:5c:10:
+ 09:e9:99:1a:a0:45:21:ea:16:31:a1:3d:74:4d:27:75:f9:3d:
+ aa:df
-----BEGIN CERTIFICATE-----
MIIDMzCCApygAwIBAgIBHjANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
@@ -50,16 +50,16 @@
MTAxMDEwMTAxWhcNMzUwMTAyMDEwMTAxWjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTESMBAGA1UEAxQJY2gxLjNfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEuM190YTMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALDOqtHCVm9Py42VjGX9Ji9C0YpO
-X6precnZ8c6FwKv+KLmEEkrX2KkZgMgPwh9FZmTS3wTjFk2TebXddceOm33PgR46
-RaE0tVLndumbW3FPkUFy0vTS5LUaHYfRMRVWORJxRvlHD+grg3jo7hGSF8tKZkKF
-C9in9cQg8uFqqSDPAgMBAAGjgeAwgd0wHQYDVR0OBBYEFFeU/89xwFRkNRavzDPz
-v1SE59M9MIGaBgNVHSMEgZIwgY+AFOKeoYvX07Dxw+l3pEldak6rc6xdoWykajBo
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANk06ygialH4ESzuH23J8RJaBDPd
+1ifKmkCu31x4UyjIN9JHFOH8IuqQ2RkFCP23mSCXKCP9PWKHDSmg3pVhM2zW4GXb
+wYuMcMPOZumT7pKfhyzUbx3hksuKOKSVCmqilMZBJRfOpgH7zwNSQJM0N7V0SBXU
+52SCRu6zvbUfO0KBAgMBAAGjgeAwgd0wHQYDVR0OBBYEFODI80qp/vpjl8fO7qgn
+RfTFEY+mMIGaBgNVHSMEgZIwgY+AFHr2UXp/m6s3PU6TA5BtaoQJfDrdoWykajBo
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
bG8gUGFyazENMAsGA1UEChMEcGtnNTEMMAoGA1UEAxMDdGEzMRIwEAYJKoZIhvcN
-AQkBFgN0YTOCCQDud35qwR5X7TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOBgQAKKSCL1VHr2LvG0MPBybninxO1T2f9zE8W
-Zg6w26hC8wxyJUK1cYehKqZxaZjlQnAQNGaH3tEDDmzfNbz1Ixgmf0T11EjwCySa
-1AzojWzLeltVo17ehzUCsroBAn/0s/1Xh1lb0i0QJ+BKpZyx0NlVpZpQw2WX1imf
-InpsjxNk7Q==
+AQkBFgN0YTOCCQD0WFRqgyJm6TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjANBgkqhkiG9w0BAQsFAAOBgQCNRRvj4FgQ1JJmqlAa7nrZmYJ7bjubiJ58
+ojU0u3edH3nSXaq2kfgH/9xjgdXz4kcnzHkqM8h31Zua8C5YZNPL++T5VbuJnDaP
+3YSVqYyM02uB+GSxihUgWRDjXLMFxs3RywM8OYQck/NnXBAJ6ZkaoEUh6hYxoT10
+TSd1+T2q3w==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/20.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/20.pem Wed Apr 27 20:30:32 2011 -0700
@@ -12,35 +12,35 @@
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d4:73:3a:40:f9:03:81:b2:0a:4c:a4:d9:45:f7:
- 81:c0:bb:53:ee:6f:9c:3d:a0:98:89:86:84:8d:33:
- 1f:02:a6:ed:2a:14:9a:5f:84:11:06:9d:82:28:fb:
- cf:92:bd:bf:f9:f0:6b:fe:3d:06:5e:65:7c:35:96:
- 4f:e8:44:2c:83:d5:b8:32:16:8c:e0:7c:ed:8b:96:
- 79:a6:14:e5:12:87:e0:55:2a:45:3e:e7:fd:bd:0e:
- 94:70:93:e4:61:82:d3:06:9a:38:ef:e2:22:be:1a:
- 10:b1:8b:5e:16:60:f3:9a:5c:2d:ff:06:01:cb:5f:
- 24:cb:e7:c7:27:a7:3a:58:f1
+ 00:cc:54:a0:55:75:b1:69:33:96:b6:97:29:82:06:
+ 06:46:f2:43:2f:19:57:bf:92:f0:4e:b5:01:65:d3:
+ dc:e3:cf:5e:a9:f5:99:8e:91:e9:ad:88:15:8b:25:
+ 5e:92:c6:fd:d6:9e:e5:27:56:59:4a:09:e0:84:b8:
+ 86:af:bb:9d:e9:d2:99:f9:84:48:d6:b6:35:e8:aa:
+ e0:b3:ac:94:09:7f:b8:67:53:75:26:65:16:b7:cf:
+ 92:52:be:5f:07:da:dd:f8:b1:1c:7c:54:37:7f:66:
+ f7:dc:97:cd:d2:0d:fa:58:a4:2e:96:b8:83:fe:e2:
+ 3d:b6:fb:c5:08:46:ba:1b:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 91:D7:D6:98:F3:B9:7A:A3:30:35:78:02:00:01:14:2D:0E:FD:90:57
+ F8:0C:60:C6:C6:4D:79:11:F2:CD:D2:91:28:DF:F6:26:6C:BB:B0:ED
X509v3 Authority Key Identifier:
- keyid:E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ keyid:7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta3/emailAddress=ta3
- serial:EE:77:7E:6A:C1:1E:57:ED
+ serial:F4:58:54:6A:83:22:66:E9
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- cc:45:03:b6:88:a7:29:26:ca:08:af:dd:0a:6f:6a:b4:86:35:
- f7:01:15:32:e5:7c:70:0b:01:01:de:2b:c3:73:66:29:25:97:
- 0d:28:84:16:7d:fb:97:18:26:a4:07:08:90:00:d2:a4:c4:4e:
- 7f:53:77:87:da:34:56:0b:38:85:57:e4:e3:24:d4:54:5b:c9:
- 74:65:9b:6e:d9:79:53:0e:3f:81:7a:61:d2:00:4c:ea:49:9c:
- 01:02:3f:6e:28:5d:b7:f7:3d:85:4a:78:9d:39:a2:2b:10:25:
- d1:55:04:46:9f:40:9f:bc:c2:6a:68:3d:cc:6f:18:a7:cf:7e:
- 67:7a
+ c8:ba:31:b9:ed:17:ae:ac:ca:cd:4d:48:f6:b6:66:1c:17:c5:
+ 8a:18:96:e8:9b:47:de:b3:7e:23:21:78:cc:f9:63:09:4e:56:
+ 64:a1:de:33:16:8b:6a:94:c1:68:0a:72:dd:8e:b6:8c:dd:61:
+ cf:05:07:12:e3:4f:41:52:bc:73:33:a5:3e:94:ca:40:53:74:
+ a7:9c:46:f2:73:5b:b7:7f:df:18:7f:60:2f:2d:4b:41:8c:78:
+ c4:5f:4c:a8:85:a4:2c:84:91:b3:ab:60:61:ca:93:67:1b:2a:
+ 0e:9a:e1:e8:a5:dc:5e:78:18:a3:b3:4b:86:4d:03:08:78:9b:
+ 70:bc
-----BEGIN CERTIFICATE-----
MIIDIzCCAoygAwIBAgIBIDANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
@@ -48,15 +48,15 @@
MTAxMDEwMTAxWhcNMzUwMTAyMDEwMTAxWjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTESMBAGA1UEAxQJY2gxLjRfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEuNF90YTMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANRzOkD5A4GyCkyk2UX3gcC7U+5v
-nD2gmImGhI0zHwKm7SoUml+EEQadgij7z5K9v/nwa/49Bl5lfDWWT+hELIPVuDIW
-jOB87YuWeaYU5RKH4FUqRT7n/b0OlHCT5GGC0waaOO/iIr4aELGLXhZg85pcLf8G
-ActfJMvnxyenOljxAgMBAAGjgdAwgc0wHQYDVR0OBBYEFJHX1pjzuXqjMDV4AgAB
-FC0O/ZBXMIGaBgNVHSMEgZIwgY+AFOKeoYvX07Dxw+l3pEldak6rc6xdoWykajBo
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMxUoFV1sWkzlraXKYIGBkbyQy8Z
+V7+S8E61AWXT3OPPXqn1mY6R6a2IFYslXpLG/dae5SdWWUoJ4IS4hq+7nenSmfmE
+SNa2Neiq4LOslAl/uGdTdSZlFrfPklK+Xwfa3fixHHxUN39m99yXzdIN+likLpa4
+g/7iPbb7xQhGuhtHAgMBAAGjgdAwgc0wHQYDVR0OBBYEFPgMYMbGTXkR8s3SkSjf
+9iZsu7DtMIGaBgNVHSMEgZIwgY+AFHr2UXp/m6s3PU6TA5BtaoQJfDrdoWykajBo
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
bG8gUGFyazENMAsGA1UEChMEcGtnNTEMMAoGA1UEAxMDdGEzMRIwEAYJKoZIhvcN
-AQkBFgN0YTOCCQDud35qwR5X7TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-CwUAA4GBAMxFA7aIpykmygiv3QpvarSGNfcBFTLlfHALAQHeK8NzZikllw0ohBZ9
-+5cYJqQHCJAA0qTETn9Td4faNFYLOIVX5OMk1FRbyXRlm27ZeVMOP4F6YdIATOpJ
-nAECP24oXbf3PYVKeJ05oisQJdFVBEafQJ+8wmpoPcxvGKfPfmd6
+AQkBFgN0YTOCCQD0WFRqgyJm6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4GBAMi6MbntF66sys1NSPa2ZhwXxYoYluibR96zfiMheMz5YwlOVmSh3jMW
+i2qUwWgKct2OtozdYc8FBxLjT0FSvHMzpT6UykBTdKecRvJzW7d/3xh/YC8tS0GM
+eMRfTKiFpCyEkbOrYGHKk2cbKg6a4eil3F54GKOzS4ZNAwh4m3C8
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/22.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/22.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,61 +5,61 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta4/emailAddress=ta4
Validity
- Not Before: Mar 21 00:49:32 2011 GMT
- Not After : Dec 15 00:49:32 2013 GMT
+ Not Before: Apr 11 22:37:49 2011 GMT
+ Not After : Jan 5 22:37:49 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta4/emailAddress=ch1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ad:9c:0a:58:1d:2c:e7:a7:fd:de:8c:0e:99:5d:
- d0:b2:67:ff:59:40:86:7a:d5:13:cc:5e:a5:e4:81:
- 95:45:b5:6b:ad:2b:d5:26:bc:b2:53:03:94:57:61:
- 16:5d:60:df:2e:6a:15:3a:04:88:77:3f:cb:01:20:
- 10:20:e0:ab:49:6d:44:58:d9:c6:9b:44:73:ed:d9:
- 1a:f3:eb:ca:74:de:90:06:ff:cb:18:9c:43:f7:4e:
- e0:cb:06:af:fe:4e:2c:9b:bf:6a:c2:ae:50:c3:e7:
- fd:d9:c1:f1:18:ad:b7:ae:f7:56:8a:50:f6:13:1b:
- 47:0d:c2:cf:c4:3f:31:f1:2b
+ 00:b6:ab:16:bb:1d:ee:25:5a:2f:58:e7:db:d8:0a:
+ e7:36:63:d5:ca:de:60:b5:90:c2:82:e3:ec:7d:49:
+ 0c:a9:b6:95:c8:a1:ab:04:0c:a9:09:e1:93:a6:be:
+ 43:36:7e:1b:61:28:1b:38:03:a2:06:19:88:72:a9:
+ b9:a2:71:ff:db:e1:3c:85:98:01:b2:5f:93:a0:4a:
+ b8:e7:36:ad:8f:50:8c:d6:a1:14:29:b0:ee:ec:e2:
+ 08:3f:7d:34:a1:c4:5f:3a:e9:4f:b0:c0:d6:5f:f2:
+ 10:78:2b:ae:f4:ee:28:c8:29:21:9f:ce:70:d5:fb:
+ ea:33:fc:e2:5a:5c:e2:1b:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- AB:0B:EF:CE:AA:F0:43:97:3A:CD:58:D0:D9:C2:F9:C4:EB:8D:7C:FF
+ 2A:94:C1:FF:E0:11:A0:91:F1:71:46:35:9A:37:3C:BC:C4:21:4A:8F
X509v3 Authority Key Identifier:
- keyid:0A:1C:BA:A6:5B:C6:83:32:60:E5:9B:00:85:37:74:D1:8D:30:BA:8A
+ keyid:3E:5F:64:E9:63:CB:9C:10:D0:91:F4:45:61:F2:F1:EA:42:69:EC:A5
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta4/emailAddress=ta4
- serial:C5:19:14:97:E3:27:2E:9B
+ serial:BA:06:FD:EC:89:18:B5:7F
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 00:09:60:76:36:5d:a6:ae:0b:a0:94:ad:78:be:a0:18:7c:96:
- 13:6c:8b:04:2c:bc:29:d8:f0:93:d8:86:d9:07:71:fb:0f:05:
- 72:65:fe:ed:e3:1c:ac:bf:22:c2:db:03:c5:2e:3f:f2:cf:98:
- 00:7b:ee:de:96:11:90:bf:22:03:7a:c3:c3:22:dc:1a:ea:7e:
- f5:7e:a7:64:70:18:e2:13:be:b0:3e:d8:57:a6:de:28:5b:06:
- 4e:90:c6:22:e0:3a:e9:2c:9a:de:f4:bf:d8:b7:da:b7:e3:24:
- f6:11:69:18:e5:64:fd:94:22:7b:b5:ef:e4:4d:6c:1a:eb:8f:
- 5c:7d
+ 9d:2d:ff:a2:d2:42:31:72:9e:6f:8d:45:2c:21:9b:15:cf:89:
+ 06:70:3b:5f:3e:2c:73:b9:08:d9:be:48:d8:6b:dc:23:86:3a:
+ ab:3c:16:80:13:62:a4:12:f8:ee:e7:6f:d6:e8:4f:ad:36:eb:
+ 1e:81:c8:03:1c:65:ba:be:55:6d:07:8f:bc:fa:ba:d2:14:90:
+ 1d:02:35:bd:5d:bd:0b:fb:48:57:94:6d:fe:71:85:ce:9f:65:
+ 9c:31:80:13:56:b2:6f:2a:03:b6:1d:7f:5a:4a:dd:50:63:7a:
+ 46:40:4b:1d:c3:71:5d:72:72:f0:50:f8:db:60:56:97:c8:cd:
+ 73:83
-----BEGIN CERTIFICATE-----
MIIDLzCCApigAwIBAgIBIjANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGE0MRIwEAYJKoZIhvcNAQkBFgN0YTQwHhcNMTEw
-MzIxMDA0OTMyWhcNMTMxMjE1MDA0OTMyWjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzQ5WhcNMTQwMTA1MjIzNzQ5WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTEQMA4GA1UEAxQHY2gxX3RhNDEWMBQGCSqGSIb3DQEJARYHY2gxX3RhNDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArZwKWB0s56f93owOmV3Qsmf/WUCGetUT
-zF6l5IGVRbVrrSvVJryyUwOUV2EWXWDfLmoVOgSIdz/LASAQIOCrSW1EWNnGm0Rz
-7dka8+vKdN6QBv/LGJxD907gywav/k4sm79qwq5Qw+f92cHxGK23rvdWilD2ExtH
-DcLPxD8x8SsCAwEAAaOB4DCB3TAdBgNVHQ4EFgQUqwvvzqrwQ5c6zVjQ2cL5xOuN
-fP8wgZoGA1UdIwSBkjCBj4AUChy6plvGgzJg5ZsAhTd00Y0wuoqhbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtqsWux3uJVovWOfb2ArnNmPVyt5gtZDC
+guPsfUkMqbaVyKGrBAypCeGTpr5DNn4bYSgbOAOiBhmIcqm5onH/2+E8hZgBsl+T
+oEq45zatj1CM1qEUKbDu7OIIP300ocRfOulPsMDWX/IQeCuu9O4oyCkhn85w1fvq
+M/ziWlziG9kCAwEAAaOB4DCB3TAdBgNVHQ4EFgQUKpTB/+ARoJHxcUY1mjc8vMQh
+So8wgZoGA1UdIwSBkjCBj4AUPl9k6WPLnBDQkfRFYfLx6kJp7KWhbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTQxEjAQBgkqhkiG9w0BCQEW
-A3RhNIIJAMUZFJfjJy6bMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
-MA0GCSqGSIb3DQEBCwUAA4GBAAAJYHY2XaauC6CUrXi+oBh8lhNsiwQsvCnY8JPY
-htkHcfsPBXJl/u3jHKy/IsLbA8UuP/LPmAB77t6WEZC/IgN6w8Mi3BrqfvV+p2Rw
-GOITvrA+2Fem3ihbBk6QxiLgOuksmt70v9i32rfjJPYRaRjlZP2UInu17+RNbBrr
-j1x9
+A3RhNIIJALoG/eyJGLV/MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBCwUAA4GBAJ0t/6LSQjFynm+NRSwhmxXPiQZwO18+LHO5CNm+
+SNhr3COGOqs8FoATYqQS+O7nb9boT6026x6ByAMcZbq+VW0Hj7z6utIUkB0CNb1d
+vQv7SFeUbf5xhc6fZZwxgBNWsm8qA7Ydf1pK3VBjekZASx3DcV1ycvBQ+NtgVpfI
+zXOD
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/26.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/26.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,61 +5,61 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta4/emailAddress=ta4
Validity
- Not Before: Mar 21 00:49:33 2011 GMT
- Not After : Dec 15 00:49:33 2013 GMT
+ Not Before: Apr 11 22:37:51 2011 GMT
+ Not After : Jan 5 22:37:51 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.1_ta4/emailAddress=ch1.1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:cb:56:c6:1b:db:76:5c:37:f8:f4:b3:8c:10:c3:
- 0b:41:85:cb:be:cb:05:4c:1b:6a:26:d3:05:4a:9c:
- 34:ca:5d:18:de:64:ad:77:29:ae:80:ab:d6:60:45:
- 62:4f:99:ad:d8:e4:55:40:fc:fd:9d:73:36:67:eb:
- 8e:71:ff:5c:08:41:c7:d2:37:4a:91:55:e3:eb:0d:
- 4c:b2:66:7f:35:f2:0b:ad:2b:d1:ad:cc:9d:0d:67:
- cd:d2:96:c0:71:89:8b:71:34:2a:47:50:15:84:45:
- 8a:0c:c7:f3:48:b2:de:59:d6:e7:a1:ec:ab:89:32:
- c4:3d:08:7c:00:21:46:d3:07
+ 00:b8:6a:e3:b5:bf:65:66:f4:b3:32:73:a9:64:b7:
+ dd:a0:4a:e9:70:d3:7b:5c:1b:5b:76:e7:56:a3:72:
+ 0e:9d:fa:9f:b2:a5:47:eb:3f:db:9a:7b:45:d2:17:
+ 77:ca:05:b3:95:22:15:78:9e:ab:f3:4b:fa:83:89:
+ e6:19:54:22:69:18:67:ba:bb:37:2a:b4:93:5a:bb:
+ 9c:68:5b:ec:b1:7e:ac:01:7b:b3:d9:91:57:93:eb:
+ 43:e6:a6:35:e1:b5:c2:2d:ca:bb:63:af:35:d6:b4:
+ 16:9a:a3:7a:1c:ad:e1:f4:fb:63:4a:fd:3d:57:99:
+ 33:b8:1e:41:e9:f9:42:80:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 7A:68:F2:3A:FB:F5:1C:A2:2C:1F:9D:CF:22:ED:77:F0:BE:A9:AC:80
+ C9:2D:8D:6C:97:26:48:F8:6F:14:66:05:ED:06:D8:BF:21:8A:6F:FD
X509v3 Authority Key Identifier:
- keyid:0A:1C:BA:A6:5B:C6:83:32:60:E5:9B:00:85:37:74:D1:8D:30:BA:8A
+ keyid:3E:5F:64:E9:63:CB:9C:10:D0:91:F4:45:61:F2:F1:EA:42:69:EC:A5
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta4/emailAddress=ta4
- serial:C5:19:14:97:E3:27:2E:9B
+ serial:BA:06:FD:EC:89:18:B5:7F
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign
Signature Algorithm: sha256WithRSAEncryption
- b0:8b:36:e9:f5:39:51:a6:a4:2e:d3:68:d6:10:0b:0c:8e:64:
- 23:6f:44:5f:be:6c:53:bb:b8:de:2a:36:cd:e5:82:6e:12:da:
- 3d:5b:9b:3f:ff:9f:a3:8e:f5:b1:5e:29:a9:ea:b6:ac:1c:ae:
- 75:54:a8:f4:26:21:ae:47:f5:54:72:71:5d:4a:f8:4e:20:25:
- ae:e4:f2:9f:5f:5b:2e:df:71:dd:58:b5:a2:37:41:f2:4c:c9:
- 24:06:fe:e6:c0:f4:39:1e:32:da:99:12:53:b0:30:6d:c1:63:
- 66:11:58:79:fa:40:f1:75:5b:37:01:1a:0b:20:b7:25:a0:a9:
- 9e:9f
+ 8e:ea:a2:87:02:69:a4:9f:44:22:c3:62:83:9c:fb:e2:3f:59:
+ d0:09:0f:57:81:8f:59:37:21:c5:59:81:36:8d:9c:4e:c0:0f:
+ 4b:40:e6:db:ba:9f:d4:b8:86:2f:1b:1b:fd:2d:5d:4e:df:1b:
+ d4:b4:04:d0:07:b8:ad:25:52:1c:0b:ec:07:6c:21:b7:1d:65:
+ d3:a2:dc:a0:96:03:9d:2e:13:7a:a7:8a:29:55:95:5a:dc:ff:
+ 6a:a4:4b:7a:26:7f:eb:ad:88:e9:80:5d:53:5e:0f:48:6a:21:
+ 18:c9:89:be:83:38:51:40:b6:ad:5d:71:b2:2e:45:60:b3:1d:
+ 69:9b
-----BEGIN CERTIFICATE-----
MIIDMzCCApygAwIBAgIBJjANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGE0MRIwEAYJKoZIhvcNAQkBFgN0YTQwHhcNMTEw
-MzIxMDA0OTMzWhcNMTMxMjE1MDA0OTMzWjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzUxWhcNMTQwMTA1MjIzNzUxWjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTESMBAGA1UEAxQJY2gxLjFfdGE0MRgwFgYJKoZIhvcNAQkBFgljaDEuMV90YTQw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMtWxhvbdlw3+PSzjBDDC0GFy77L
-BUwbaibTBUqcNMpdGN5krXcproCr1mBFYk+ZrdjkVUD8/Z1zNmfrjnH/XAhBx9I3
-SpFV4+sNTLJmfzXyC60r0a3MnQ1nzdKWwHGJi3E0KkdQFYRFigzH80iy3lnW56Hs
-q4kyxD0IfAAhRtMHAgMBAAGjgeAwgd0wHQYDVR0OBBYEFHpo8jr79RyiLB+dzyLt
-d/C+qayAMIGaBgNVHSMEgZIwgY+AFAocuqZbxoMyYOWbAIU3dNGNMLqKoWykajBo
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALhq47W/ZWb0szJzqWS33aBK6XDT
+e1wbW3bnVqNyDp36n7KlR+s/25p7RdIXd8oFs5UiFXieq/NL+oOJ5hlUImkYZ7q7
+Nyq0k1q7nGhb7LF+rAF7s9mRV5PrQ+amNeG1wi3Ku2OvNda0Fpqjehyt4fT7Y0r9
+PVeZM7geQen5QoAzAgMBAAGjgeAwgd0wHQYDVR0OBBYEFMktjWyXJkj4bxRmBe0G
+2L8him/9MIGaBgNVHSMEgZIwgY+AFD5fZOljy5wQ0JH0RWHy8epCaeyloWykajBo
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
bG8gUGFyazENMAsGA1UEChMEcGtnNTEMMAoGA1UEAxMDdGE0MRIwEAYJKoZIhvcN
-AQkBFgN0YTSCCQDFGRSX4ycumzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwICBDANBgkqhkiG9w0BAQsFAAOBgQCwizbp9TlRpqQu02jWEAsMjmQjb0RfvmxT
-u7jeKjbN5YJuEto9W5s//5+jjvWxXimp6rasHK51VKj0JiGuR/VUcnFdSvhOICWu
-5PKfX1su33HdWLWiN0HyTMkkBv7mwPQ5HjLamRJTsDBtwWNmEVh5+kDxdVs3ARoL
-ILcloKmenw==
+AQkBFgN0YTSCCQC6Bv3siRi1fzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwICBDANBgkqhkiG9w0BAQsFAAOBgQCO6qKHAmmkn0Qiw2KDnPviP1nQCQ9XgY9Z
+NyHFWYE2jZxOwA9LQObbup/UuIYvGxv9LV1O3xvUtATQB7itJVIcC+wHbCG3HWXT
+otyglgOdLhN6p4opVZVa3P9qpEt6Jn/rrYjpgF1TXg9IaiEYyYm+gzhRQLatXXGy
+LkVgsx1pmw==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/28.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/28.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,30 +5,30 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta5/emailAddress=ta5
Validity
- Not Before: Mar 21 00:49:34 2011 GMT
- Not After : Dec 15 00:49:34 2013 GMT
+ Not Before: Apr 11 22:37:52 2011 GMT
+ Not After : Jan 5 22:37:52 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta5/emailAddress=ch1_ta5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d2:0e:3e:0c:53:ef:ad:91:13:5e:b6:01:7f:c6:
- 16:4e:da:7d:c8:26:1b:85:38:e0:98:d4:b2:61:0b:
- 43:bb:2e:92:d5:9a:0e:db:ab:ad:8f:6e:9d:c8:25:
- 36:e2:db:ca:fa:ab:4b:5a:25:91:46:c9:66:11:0d:
- 66:9e:f7:11:82:02:e1:2e:ef:df:f4:ed:9f:0f:a4:
- 6f:60:41:20:32:8c:10:90:4c:9c:ad:55:cc:40:03:
- 89:f5:15:53:13:7d:ab:be:53:8b:14:44:88:f8:54:
- 50:db:31:f5:ae:5c:0d:78:68:aa:3f:9b:4a:fa:1a:
- b1:47:53:bf:72:1d:89:f9:43
+ 00:e7:14:d9:dc:4c:60:0f:ad:49:9f:14:f8:2f:d9:
+ 0e:65:93:a4:c4:e5:6b:13:93:c1:79:40:14:4f:19:
+ 56:d7:88:07:9b:de:45:40:ce:24:91:44:b0:14:6b:
+ 8b:4d:f5:d1:b2:75:cc:5c:d7:ed:73:2c:d2:75:aa:
+ 50:6f:94:00:8d:0e:bb:15:8c:ef:a1:5d:2c:23:73:
+ 95:f7:48:b5:4a:3b:de:2a:a1:7c:03:aa:28:17:f0:
+ a7:46:b9:86:f3:98:a7:31:ff:e1:75:b4:28:b4:11:
+ b4:4b:ca:64:e4:cd:2a:f7:d8:6f:6b:73:64:ab:55:
+ 0b:5b:60:76:5f:ea:86:57:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 08:00:AB:E5:4A:60:83:0C:49:32:88:DC:48:8D:79:30:7A:72:E4:A3
+ 59:7D:00:A7:48:7C:5E:D9:A2:26:D0:9A:83:3F:D0:03:9C:36:D5:50
X509v3 Authority Key Identifier:
- keyid:8A:83:E9:51:D7:32:B4:6F:3B:85:AF:1A:11:94:5C:B6:21:E5:5D:0F
+ keyid:E7:E6:72:5B:A0:5F:2C:A6:40:45:1A:66:E4:45:A5:0F:1D:67:5D:93
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta5/emailAddress=ta5
- serial:EC:86:C3:65:F9:7F:14:08
+ serial:9C:19:39:11:06:1A:55:91
X509v3 Basic Constraints: critical
CA:TRUE
@@ -38,32 +38,32 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 1e:0c:b3:a3:63:49:b5:3d:0e:4d:ed:d1:31:fc:06:39:8c:30:
- 8d:f8:f1:0f:2e:ae:27:f2:57:d4:64:ff:ac:05:cc:2d:3d:0d:
- de:b3:e6:be:9c:51:9b:1a:08:b1:e7:9f:6d:3e:a6:af:c0:9c:
- d0:e6:57:de:d3:61:9c:0f:a9:c9:bc:0d:59:03:e2:d4:4d:f4:
- 0d:48:49:ad:64:a2:33:71:3e:07:2f:61:a5:02:46:61:1c:c0:
- b5:f0:3c:f8:4f:42:ff:72:3c:7a:63:5a:16:68:7d:2b:08:aa:
- 3b:bd:e5:25:9f:19:3e:22:42:cd:4b:e7:0f:17:c3:a9:1d:d6:
- 9e:53
+ a0:48:28:f4:94:07:dd:08:f2:c6:74:0d:a9:31:10:71:64:f8:
+ b5:c3:fb:82:8e:46:9d:30:fb:fd:9d:4b:c9:92:5b:c4:06:d2:
+ d0:5e:aa:91:f5:19:7c:c3:11:b2:26:ef:e6:01:cf:3e:ea:07:
+ d6:d2:f8:22:e6:a0:50:86:40:53:cc:ed:81:73:33:b1:a8:2b:
+ 92:1a:10:f9:fc:30:43:84:4b:ca:ef:8c:d3:be:0a:63:f0:40:
+ 99:be:80:88:c9:8f:2b:9a:82:9f:7b:56:9a:f1:08:e1:67:88:
+ 30:fa:a1:12:bc:c8:ea:22:60:64:0f:91:80:48:cd:2a:5d:05:
+ ca:f7
-----BEGIN CERTIFICATE-----
MIIDbTCCAtagAwIBAgIBKDANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGE1MRIwEAYJKoZIhvcNAQkBFgN0YTUwHhcNMTEw
-MzIxMDA0OTM0WhcNMTMxMjE1MDA0OTM0WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzUyWhcNMTQwMTA1MjIzNzUyWjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTEQMA4GA1UEAxQHY2gxX3RhNTEWMBQGCSqGSIb3DQEJARYHY2gxX3RhNTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0g4+DFPvrZETXrYBf8YWTtp9yCYbhTjg
-mNSyYQtDuy6S1ZoO26utj26dyCU24tvK+qtLWiWRRslmEQ1mnvcRggLhLu/f9O2f
-D6RvYEEgMowQkEycrVXMQAOJ9RVTE32rvlOLFESI+FRQ2zH1rlwNeGiqP5tK+hqx
-R1O/ch2J+UMCAwEAAaOCAR0wggEZMB0GA1UdDgQWBBQIAKvlSmCDDEkyiNxIjXkw
-enLkozCBmgYDVR0jBIGSMIGPgBSKg+lR1zK0bzuFrxoRlFy2IeVdD6FspGowaDEL
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5xTZ3ExgD61JnxT4L9kOZZOkxOVrE5PB
+eUAUTxlW14gHm95FQM4kkUSwFGuLTfXRsnXMXNftcyzSdapQb5QAjQ67FYzvoV0s
+I3OV90i1SjveKqF8A6ooF/CnRrmG85inMf/hdbQotBG0S8pk5M0q99hva3Nkq1UL
+W2B2X+qGVx8CAwEAAaOCAR0wggEZMB0GA1UdDgQWBBRZfQCnSHxe2aIm0JqDP9AD
+nDbVUDCBmgYDVR0jBIGSMIGPgBTn5nJboF8spkBFGmbkRaUPHWddk6FspGowaDEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCk1lbmxv
IFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAMTA3RhNTESMBAGCSqGSIb3DQEJ
-ARYDdGE1ggkA7IbDZfl/FAgwDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAxMC+g
+ARYDdGE1ggkAnBk5EQYaVZEwDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vbG9jYWxob3N0OjEyMDAxL2ZpbGUvMC90YTVfY3JsLnBlbTAO
-BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAHgyzo2NJtT0OTe3RMfwG
-OYwwjfjxDy6uJ/JX1GT/rAXMLT0N3rPmvpxRmxoIseefbT6mr8Cc0OZX3tNhnA+p
-ybwNWQPi1E30DUhJrWSiM3E+By9hpQJGYRzAtfA8+E9C/3I8emNaFmh9KwiqO73l
-JZ8ZPiJCzUvnDxfDqR3WnlM=
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAoEgo9JQH3QjyxnQNqTEQ
+cWT4tcP7go5GnTD7/Z1LyZJbxAbS0F6qkfUZfMMRsibv5gHPPuoH1tL4IuagUIZA
+U8ztgXMzsagrkhoQ+fwwQ4RLyu+M074KY/BAmb6AiMmPK5qCn3tWmvEI4WeIMPqh
+ErzI6iJgZA+RgEjNKl0Fyvc=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta3/emailAddress=ta3
Validity
- Not Before: Mar 21 00:49:29 2011 GMT
- Not After : Dec 15 00:49:29 2013 GMT
+ Not Before: Apr 11 22:37:47 2011 GMT
+ Not After : Jan 5 22:37:47 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.1_ta3/emailAddress=ch1.1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b1:2b:53:b9:59:1d:7a:5f:9b:1e:8f:62:91:94:
- a7:05:dc:e8:3b:87:d0:e4:3c:76:b8:60:a5:30:bd:
- 0f:24:a5:5f:9e:cc:4f:cc:e3:b2:23:23:4b:37:3b:
- 97:25:48:00:0e:1c:31:ae:8f:1d:cd:32:f8:25:a2:
- fe:d9:50:c5:ec:7e:ef:d8:09:1d:6f:bb:e0:60:b0:
- 33:fd:66:39:b4:ff:2f:54:6b:7d:88:d8:e8:6a:1e:
- cd:54:0a:da:ed:c3:5f:89:c5:1d:b4:4f:9e:3c:11:
- 3c:1d:0b:8a:88:b0:64:c2:79:88:e7:2d:e4:3f:c8:
- a4:eb:d4:f3:3e:9b:9a:98:7d
+ 00:a1:1f:54:43:20:65:63:b2:fc:8b:d7:f6:a8:90:
+ f0:1e:b8:e9:06:37:cb:1b:c9:47:56:3a:3f:ec:7e:
+ e6:ee:c6:9a:d4:15:0d:64:f7:d5:77:2f:52:31:6c:
+ 36:8d:2f:07:7f:0d:a7:cf:79:af:68:70:2b:74:a7:
+ 30:92:1e:55:fc:2a:f4:b7:c3:47:01:57:4f:65:ba:
+ 58:bf:75:73:02:4c:4c:a8:51:3d:82:ee:57:fa:93:
+ 64:d6:53:05:12:10:36:c9:9c:c3:af:6c:56:9d:20:
+ 44:4b:b4:bc:67:d8:06:99:8e:fa:32:4c:c1:4f:09:
+ 5a:46:ec:06:cf:ac:e1:fa:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,27 +29,27 @@
<EMPTY>
Signature Algorithm: sha256WithRSAEncryption
- 0a:d2:4f:8e:74:ec:43:44:20:84:14:8b:11:02:10:f1:a0:d3:
- 93:4f:dc:be:fe:cc:33:ec:f7:7e:2b:58:45:94:d0:03:e4:a3:
- 58:13:aa:81:f1:6d:d7:f7:64:09:7f:d8:68:e5:97:25:7a:65:
- 70:e8:b1:60:9a:55:4b:d5:26:fd:0f:7b:36:88:6e:5f:98:ee:
- 77:cb:df:ce:62:cd:ae:70:14:91:66:ee:e5:a3:9f:72:89:bf:
- 8f:66:86:4b:71:27:6a:d0:d2:15:20:d5:11:35:4a:e5:28:6f:
- e2:8a:dc:29:08:e0:da:7d:fa:df:1e:b5:ea:66:80:18:d3:4f:
- 1d:a8
+ 34:ad:5e:5d:7a:64:12:a2:c0:f9:85:cb:e4:5c:43:0a:e9:f7:
+ 68:be:c5:96:93:83:04:ca:dc:2c:93:f6:a6:ec:fb:26:a7:9d:
+ dc:d3:e7:ee:f2:d2:93:90:10:3c:4f:8f:ce:0e:63:60:d7:5d:
+ 6a:af:97:4d:3d:1b:4b:5c:e6:ed:24:19:c7:d9:20:27:0d:8e:
+ d2:e2:85:68:c2:45:ba:2e:70:9b:78:bd:91:b6:29:0e:75:93:
+ f3:c2:38:14:ee:37:c2:66:1b:cf:de:81:b1:64:eb:8d:19:c4:
+ b2:1d:33:66:47:83:dc:e3:5b:14:d9:69:30:d8:5c:90:5f:34:
+ 48:d5
-----BEGIN CERTIFICATE-----
MIICczCCAdygAwIBAgIBGjANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGEzMRIwEAYJKoZIhvcNAQkBFgN0YTMwHhcNMTEw
-MzIxMDA0OTI5WhcNMTMxMjE1MDA0OTI5WjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzQ3WhcNMTQwMTA1MjIzNzQ3WjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTESMBAGA1UEAxQJY2gxLjFfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEuMV90YTMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALErU7lZHXpfmx6PYpGUpwXc6DuH
-0OQ8drhgpTC9DySlX57MT8zjsiMjSzc7lyVIAA4cMa6PHc0y+CWi/tlQxex+79gJ
-HW+74GCwM/1mObT/L1RrfYjY6GoezVQK2u3DX4nFHbRPnjwRPB0LioiwZMJ5iOct
-5D/IpOvU8z6bmph9AgMBAAGjITAfMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0SAQH/
-BAIwADANBgkqhkiG9w0BAQsFAAOBgQAK0k+OdOxDRCCEFIsRAhDxoNOTT9y+/swz
-7Pd+K1hFlNAD5KNYE6qB8W3X92QJf9ho5ZclemVw6LFgmlVL1Sb9D3s2iG5fmO53
-y9/OYs2ucBSRZu7lo59yib+PZoZLcSdq0NIVINURNUrlKG/iitwpCODaffrfHrXq
-ZoAY008dqA==
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKEfVEMgZWOy/IvX9qiQ8B646QY3
+yxvJR1Y6P+x+5u7GmtQVDWT31XcvUjFsNo0vB38Np895r2hwK3SnMJIeVfwq9LfD
+RwFXT2W6WL91cwJMTKhRPYLuV/qTZNZTBRIQNsmcw69sVp0gREu0vGfYBpmO+jJM
+wU8JWkbsBs+s4fohAgMBAAGjITAfMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0SAQH/
+BAIwADANBgkqhkiG9w0BAQsFAAOBgQA0rV5demQSosD5hcvkXEMK6fdovsWWk4ME
+ytwsk/am7Psmp53c0+fu8tKTkBA8T4/ODmNg111qr5dNPRtLXObtJBnH2SAnDY7S
+4oVowkW6LnCbeL2RtikOdZPzwjgU7jfCZhvP3oGxZOuNGcSyHTNmR4Pc41sU2Wkw
+2FyQXzRI1Q==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.1_ta4_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.1_ta4_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,61 +5,61 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta4/emailAddress=ta4
Validity
- Not Before: Mar 21 00:49:33 2011 GMT
- Not After : Dec 15 00:49:33 2013 GMT
+ Not Before: Apr 11 22:37:51 2011 GMT
+ Not After : Jan 5 22:37:51 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.1_ta4/emailAddress=ch1.1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:cb:56:c6:1b:db:76:5c:37:f8:f4:b3:8c:10:c3:
- 0b:41:85:cb:be:cb:05:4c:1b:6a:26:d3:05:4a:9c:
- 34:ca:5d:18:de:64:ad:77:29:ae:80:ab:d6:60:45:
- 62:4f:99:ad:d8:e4:55:40:fc:fd:9d:73:36:67:eb:
- 8e:71:ff:5c:08:41:c7:d2:37:4a:91:55:e3:eb:0d:
- 4c:b2:66:7f:35:f2:0b:ad:2b:d1:ad:cc:9d:0d:67:
- cd:d2:96:c0:71:89:8b:71:34:2a:47:50:15:84:45:
- 8a:0c:c7:f3:48:b2:de:59:d6:e7:a1:ec:ab:89:32:
- c4:3d:08:7c:00:21:46:d3:07
+ 00:b8:6a:e3:b5:bf:65:66:f4:b3:32:73:a9:64:b7:
+ dd:a0:4a:e9:70:d3:7b:5c:1b:5b:76:e7:56:a3:72:
+ 0e:9d:fa:9f:b2:a5:47:eb:3f:db:9a:7b:45:d2:17:
+ 77:ca:05:b3:95:22:15:78:9e:ab:f3:4b:fa:83:89:
+ e6:19:54:22:69:18:67:ba:bb:37:2a:b4:93:5a:bb:
+ 9c:68:5b:ec:b1:7e:ac:01:7b:b3:d9:91:57:93:eb:
+ 43:e6:a6:35:e1:b5:c2:2d:ca:bb:63:af:35:d6:b4:
+ 16:9a:a3:7a:1c:ad:e1:f4:fb:63:4a:fd:3d:57:99:
+ 33:b8:1e:41:e9:f9:42:80:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 7A:68:F2:3A:FB:F5:1C:A2:2C:1F:9D:CF:22:ED:77:F0:BE:A9:AC:80
+ C9:2D:8D:6C:97:26:48:F8:6F:14:66:05:ED:06:D8:BF:21:8A:6F:FD
X509v3 Authority Key Identifier:
- keyid:0A:1C:BA:A6:5B:C6:83:32:60:E5:9B:00:85:37:74:D1:8D:30:BA:8A
+ keyid:3E:5F:64:E9:63:CB:9C:10:D0:91:F4:45:61:F2:F1:EA:42:69:EC:A5
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta4/emailAddress=ta4
- serial:C5:19:14:97:E3:27:2E:9B
+ serial:BA:06:FD:EC:89:18:B5:7F
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign
Signature Algorithm: sha256WithRSAEncryption
- b0:8b:36:e9:f5:39:51:a6:a4:2e:d3:68:d6:10:0b:0c:8e:64:
- 23:6f:44:5f:be:6c:53:bb:b8:de:2a:36:cd:e5:82:6e:12:da:
- 3d:5b:9b:3f:ff:9f:a3:8e:f5:b1:5e:29:a9:ea:b6:ac:1c:ae:
- 75:54:a8:f4:26:21:ae:47:f5:54:72:71:5d:4a:f8:4e:20:25:
- ae:e4:f2:9f:5f:5b:2e:df:71:dd:58:b5:a2:37:41:f2:4c:c9:
- 24:06:fe:e6:c0:f4:39:1e:32:da:99:12:53:b0:30:6d:c1:63:
- 66:11:58:79:fa:40:f1:75:5b:37:01:1a:0b:20:b7:25:a0:a9:
- 9e:9f
+ 8e:ea:a2:87:02:69:a4:9f:44:22:c3:62:83:9c:fb:e2:3f:59:
+ d0:09:0f:57:81:8f:59:37:21:c5:59:81:36:8d:9c:4e:c0:0f:
+ 4b:40:e6:db:ba:9f:d4:b8:86:2f:1b:1b:fd:2d:5d:4e:df:1b:
+ d4:b4:04:d0:07:b8:ad:25:52:1c:0b:ec:07:6c:21:b7:1d:65:
+ d3:a2:dc:a0:96:03:9d:2e:13:7a:a7:8a:29:55:95:5a:dc:ff:
+ 6a:a4:4b:7a:26:7f:eb:ad:88:e9:80:5d:53:5e:0f:48:6a:21:
+ 18:c9:89:be:83:38:51:40:b6:ad:5d:71:b2:2e:45:60:b3:1d:
+ 69:9b
-----BEGIN CERTIFICATE-----
MIIDMzCCApygAwIBAgIBJjANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGE0MRIwEAYJKoZIhvcNAQkBFgN0YTQwHhcNMTEw
-MzIxMDA0OTMzWhcNMTMxMjE1MDA0OTMzWjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzUxWhcNMTQwMTA1MjIzNzUxWjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTESMBAGA1UEAxQJY2gxLjFfdGE0MRgwFgYJKoZIhvcNAQkBFgljaDEuMV90YTQw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMtWxhvbdlw3+PSzjBDDC0GFy77L
-BUwbaibTBUqcNMpdGN5krXcproCr1mBFYk+ZrdjkVUD8/Z1zNmfrjnH/XAhBx9I3
-SpFV4+sNTLJmfzXyC60r0a3MnQ1nzdKWwHGJi3E0KkdQFYRFigzH80iy3lnW56Hs
-q4kyxD0IfAAhRtMHAgMBAAGjgeAwgd0wHQYDVR0OBBYEFHpo8jr79RyiLB+dzyLt
-d/C+qayAMIGaBgNVHSMEgZIwgY+AFAocuqZbxoMyYOWbAIU3dNGNMLqKoWykajBo
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALhq47W/ZWb0szJzqWS33aBK6XDT
+e1wbW3bnVqNyDp36n7KlR+s/25p7RdIXd8oFs5UiFXieq/NL+oOJ5hlUImkYZ7q7
+Nyq0k1q7nGhb7LF+rAF7s9mRV5PrQ+amNeG1wi3Ku2OvNda0Fpqjehyt4fT7Y0r9
+PVeZM7geQen5QoAzAgMBAAGjgeAwgd0wHQYDVR0OBBYEFMktjWyXJkj4bxRmBe0G
+2L8him/9MIGaBgNVHSMEgZIwgY+AFD5fZOljy5wQ0JH0RWHy8epCaeyloWykajBo
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
bG8gUGFyazENMAsGA1UEChMEcGtnNTEMMAoGA1UEAxMDdGE0MRIwEAYJKoZIhvcN
-AQkBFgN0YTSCCQDFGRSX4ycumzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwICBDANBgkqhkiG9w0BAQsFAAOBgQCwizbp9TlRpqQu02jWEAsMjmQjb0RfvmxT
-u7jeKjbN5YJuEto9W5s//5+jjvWxXimp6rasHK51VKj0JiGuR/VUcnFdSvhOICWu
-5PKfX1su33HdWLWiN0HyTMkkBv7mwPQ5HjLamRJTsDBtwWNmEVh5+kDxdVs3ARoL
-ILcloKmenw==
+AQkBFgN0YTSCCQC6Bv3siRi1fzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwICBDANBgkqhkiG9w0BAQsFAAOBgQCO6qKHAmmkn0Qiw2KDnPviP1nQCQ9XgY9Z
+NyHFWYE2jZxOwA9LQObbup/UuIYvGxv9LV1O3xvUtATQB7itJVIcC+wHbCG3HWXT
+otyglgOdLhN6p4opVZVa3P9qpEt6Jn/rrYjpgF1TXg9IaiEYyYm+gzhRQLatXXGy
+LkVgsx1pmw==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.2_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.2_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -12,37 +12,37 @@
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:c1:e1:d0:e9:31:7d:20:8f:e8:b6:4e:1c:d2:8a:
- 1f:b7:70:52:97:50:b5:ea:04:27:50:5f:69:40:42:
- b9:85:30:ca:ff:d5:b6:c5:c3:fb:c0:58:43:fd:15:
- ab:3a:0b:a1:21:e5:dc:ef:64:4d:ba:f4:4a:27:ed:
- 31:dc:be:2f:53:9d:01:7b:72:b3:f4:94:37:8d:45:
- 88:16:58:4d:dd:83:cd:45:d2:12:41:f0:9a:fb:ab:
- ae:a5:8e:d2:94:1b:0b:7c:84:f2:a4:9b:de:92:48:
- 1d:11:44:5f:53:d9:8e:73:a7:6e:03:b8:ed:3d:d5:
- 30:ee:8b:45:8e:ef:33:06:6b
+ 00:c7:97:bd:7a:78:72:f6:bb:6f:5b:ca:07:34:d8:
+ 70:93:94:39:d6:9c:73:b2:58:c6:fa:10:eb:8e:c7:
+ 54:39:fd:9a:35:f5:2c:a4:ae:e6:ca:a2:9c:07:0c:
+ 57:05:78:cc:8b:98:2e:39:e8:74:73:28:bf:f7:bf:
+ d1:fb:5d:10:9d:f0:19:75:9d:35:fe:50:97:76:70:
+ 6d:00:79:66:1a:2f:af:c6:12:45:16:45:ea:3e:f0:
+ 90:3b:56:9d:ed:f7:70:ba:de:f7:ec:55:2b:ee:b1:
+ 9b:fb:1d:55:46:65:86:c3:1b:9e:50:b9:8c:b9:d3:
+ 02:73:aa:e6:1e:4d:11:2b:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 3E:1B:50:98:42:E7:84:35:1D:A0:3A:DE:FE:61:87:FF:3D:5A:44:BD
+ 5A:E6:5A:C4:85:7D:C2:25:75:F9:C2:6A:93:15:18:69:7F:57:47:7C
X509v3 Authority Key Identifier:
- keyid:E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ keyid:7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta3/emailAddress=ta3
- serial:EE:77:7E:6A:C1:1E:57:ED
+ serial:F4:58:54:6A:83:22:66:E9
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 3f:59:fa:c1:b5:d6:f4:05:31:0c:ac:e3:c2:a6:fd:df:da:01:
- 6d:70:e9:f2:23:8c:e6:79:57:53:f9:37:50:93:b1:82:0b:4d:
- e3:73:1d:ba:4e:f5:b7:de:8a:a0:84:65:ee:de:c0:ae:5d:34:
- ed:9b:79:07:3f:8e:9f:82:4b:10:00:d6:67:98:ae:86:6c:47:
- 8a:7a:81:4e:bc:96:85:23:e5:a4:a8:80:4e:24:82:b2:3b:3b:
- 0e:a0:79:bd:96:52:4b:85:55:4c:5e:fd:86:85:ce:e2:85:bc:
- fb:25:4a:7d:74:dc:8e:aa:93:d3:bd:23:b9:34:50:fb:4d:2d:
- 57:38
+ 23:82:0a:78:02:e9:9f:de:a1:62:2d:47:42:8d:f8:88:26:cf:
+ 3b:31:64:91:56:e1:50:eb:46:12:61:6b:e4:bd:97:43:f5:f7:
+ 33:b4:92:34:62:31:8b:df:7c:13:44:ed:04:24:73:4a:35:17:
+ 98:15:ad:75:3f:33:bf:86:84:e2:29:34:7e:de:90:a1:99:f5:
+ 8a:37:85:98:7d:8e:71:64:6a:1d:aa:47:57:9d:ad:e3:07:90:
+ 0a:06:7c:08:e2:97:25:20:38:c9:41:62:d5:96:fb:fe:0e:b4:
+ 1c:e1:20:75:7d:6a:f3:62:1d:cc:72:90:a6:13:58:48:af:e4:
+ c9:b1
-----BEGIN CERTIFICATE-----
MIIDMzCCApygAwIBAgIBHDANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
@@ -50,16 +50,16 @@
MTAxMDEwMTAxWhcNMDkwMTAyMDEwMTAxWjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTESMBAGA1UEAxQJY2gxLjJfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEuMl90YTMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMHh0OkxfSCP6LZOHNKKH7dwUpdQ
-teoEJ1BfaUBCuYUwyv/VtsXD+8BYQ/0VqzoLoSHl3O9kTbr0SiftMdy+L1OdAXty
-s/SUN41FiBZYTd2DzUXSEkHwmvurrqWO0pQbC3yE8qSb3pJIHRFEX1PZjnOnbgO4
-7T3VMO6LRY7vMwZrAgMBAAGjgeAwgd0wHQYDVR0OBBYEFD4bUJhC54Q1HaA63v5h
-h/89WkS9MIGaBgNVHSMEgZIwgY+AFOKeoYvX07Dxw+l3pEldak6rc6xdoWykajBo
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMeXvXp4cva7b1vKBzTYcJOUOdac
+c7JYxvoQ647HVDn9mjX1LKSu5sqinAcMVwV4zIuYLjnodHMov/e/0ftdEJ3wGXWd
+Nf5Ql3ZwbQB5Zhovr8YSRRZF6j7wkDtWne33cLre9+xVK+6xm/sdVUZlhsMbnlC5
+jLnTAnOq5h5NESu/AgMBAAGjgeAwgd0wHQYDVR0OBBYEFFrmWsSFfcIldfnCapMV
+GGl/V0d8MIGaBgNVHSMEgZIwgY+AFHr2UXp/m6s3PU6TA5BtaoQJfDrdoWykajBo
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
bG8gUGFyazENMAsGA1UEChMEcGtnNTEMMAoGA1UEAxMDdGEzMRIwEAYJKoZIhvcN
-AQkBFgN0YTOCCQDud35qwR5X7TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOBgQA/WfrBtdb0BTEMrOPCpv3f2gFtcOnyI4zm
-eVdT+TdQk7GCC03jcx26TvW33oqghGXu3sCuXTTtm3kHP46fgksQANZnmK6GbEeK
-eoFOvJaFI+WkqIBOJIKyOzsOoHm9llJLhVVMXv2Ghc7ihbz7JUp9dNyOqpPTvSO5
-NFD7TS1XOA==
+AQkBFgN0YTOCCQD0WFRqgyJm6TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjANBgkqhkiG9w0BAQsFAAOBgQAjggp4Aumf3qFiLUdCjfiIJs87MWSRVuFQ
+60YSYWvkvZdD9fcztJI0YjGL33wTRO0EJHNKNReYFa11PzO/hoTiKTR+3pChmfWK
+N4WYfY5xZGodqkdXna3jB5AKBnwI4pclIDjJQWLVlvv+DrQc4SB1fWrzYh3McpCm
+E1hIr+TJsQ==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.3_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.3_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -12,37 +12,37 @@
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b0:ce:aa:d1:c2:56:6f:4f:cb:8d:95:8c:65:fd:
- 26:2f:42:d1:8a:4e:5f:aa:6b:79:c9:d9:f1:ce:85:
- c0:ab:fe:28:b9:84:12:4a:d7:d8:a9:19:80:c8:0f:
- c2:1f:45:66:64:d2:df:04:e3:16:4d:93:79:b5:dd:
- 75:c7:8e:9b:7d:cf:81:1e:3a:45:a1:34:b5:52:e7:
- 76:e9:9b:5b:71:4f:91:41:72:d2:f4:d2:e4:b5:1a:
- 1d:87:d1:31:15:56:39:12:71:46:f9:47:0f:e8:2b:
- 83:78:e8:ee:11:92:17:cb:4a:66:42:85:0b:d8:a7:
- f5:c4:20:f2:e1:6a:a9:20:cf
+ 00:d9:34:eb:28:22:6a:51:f8:11:2c:ee:1f:6d:c9:
+ f1:12:5a:04:33:dd:d6:27:ca:9a:40:ae:df:5c:78:
+ 53:28:c8:37:d2:47:14:e1:fc:22:ea:90:d9:19:05:
+ 08:fd:b7:99:20:97:28:23:fd:3d:62:87:0d:29:a0:
+ de:95:61:33:6c:d6:e0:65:db:c1:8b:8c:70:c3:ce:
+ 66:e9:93:ee:92:9f:87:2c:d4:6f:1d:e1:92:cb:8a:
+ 38:a4:95:0a:6a:a2:94:c6:41:25:17:ce:a6:01:fb:
+ cf:03:52:40:93:34:37:b5:74:48:15:d4:e7:64:82:
+ 46:ee:b3:bd:b5:1f:3b:42:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 57:94:FF:CF:71:C0:54:64:35:16:AF:CC:33:F3:BF:54:84:E7:D3:3D
+ E0:C8:F3:4A:A9:FE:FA:63:97:C7:CE:EE:A8:27:45:F4:C5:11:8F:A6
X509v3 Authority Key Identifier:
- keyid:E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ keyid:7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta3/emailAddress=ta3
- serial:EE:77:7E:6A:C1:1E:57:ED
+ serial:F4:58:54:6A:83:22:66:E9
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 0a:29:20:8b:d5:51:eb:d8:bb:c6:d0:c3:c1:c9:b9:e2:9f:13:
- b5:4f:67:fd:cc:4f:16:66:0e:b0:db:a8:42:f3:0c:72:25:42:
- b5:71:87:a1:2a:a6:71:69:98:e5:42:70:10:34:66:87:de:d1:
- 03:0e:6c:df:35:bc:f5:23:18:26:7f:44:f5:d4:48:f0:0b:24:
- 9a:d4:0c:e8:8d:6c:cb:7a:5b:55:a3:5e:de:87:35:02:b2:ba:
- 01:02:7f:f4:b3:fd:57:87:59:5b:d2:2d:10:27:e0:4a:a5:9c:
- b1:d0:d9:55:a5:9a:50:c3:65:97:d6:29:9f:22:7a:6c:8f:13:
- 64:ed
+ 8d:45:1b:e3:e0:58:10:d4:92:66:aa:50:1a:ee:7a:d9:99:82:
+ 7b:6e:3b:9b:88:9e:7c:a2:35:34:bb:77:9d:1f:79:d2:5d:aa:
+ b6:91:f8:07:ff:dc:63:81:d5:f3:e2:47:27:cc:79:2a:33:c8:
+ 77:d5:9b:9a:f0:2e:58:64:d3:cb:fb:e4:f9:55:bb:89:9c:36:
+ 8f:dd:84:95:a9:8c:8c:d3:6b:81:f8:64:b1:8a:15:20:59:10:
+ e3:5c:b3:05:c6:cd:d1:cb:03:3c:39:84:1c:93:f3:67:5c:10:
+ 09:e9:99:1a:a0:45:21:ea:16:31:a1:3d:74:4d:27:75:f9:3d:
+ aa:df
-----BEGIN CERTIFICATE-----
MIIDMzCCApygAwIBAgIBHjANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
@@ -50,16 +50,16 @@
MTAxMDEwMTAxWhcNMzUwMTAyMDEwMTAxWjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTESMBAGA1UEAxQJY2gxLjNfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEuM190YTMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALDOqtHCVm9Py42VjGX9Ji9C0YpO
-X6precnZ8c6FwKv+KLmEEkrX2KkZgMgPwh9FZmTS3wTjFk2TebXddceOm33PgR46
-RaE0tVLndumbW3FPkUFy0vTS5LUaHYfRMRVWORJxRvlHD+grg3jo7hGSF8tKZkKF
-C9in9cQg8uFqqSDPAgMBAAGjgeAwgd0wHQYDVR0OBBYEFFeU/89xwFRkNRavzDPz
-v1SE59M9MIGaBgNVHSMEgZIwgY+AFOKeoYvX07Dxw+l3pEldak6rc6xdoWykajBo
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANk06ygialH4ESzuH23J8RJaBDPd
+1ifKmkCu31x4UyjIN9JHFOH8IuqQ2RkFCP23mSCXKCP9PWKHDSmg3pVhM2zW4GXb
+wYuMcMPOZumT7pKfhyzUbx3hksuKOKSVCmqilMZBJRfOpgH7zwNSQJM0N7V0SBXU
+52SCRu6zvbUfO0KBAgMBAAGjgeAwgd0wHQYDVR0OBBYEFODI80qp/vpjl8fO7qgn
+RfTFEY+mMIGaBgNVHSMEgZIwgY+AFHr2UXp/m6s3PU6TA5BtaoQJfDrdoWykajBo
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
bG8gUGFyazENMAsGA1UEChMEcGtnNTEMMAoGA1UEAxMDdGEzMRIwEAYJKoZIhvcN
-AQkBFgN0YTOCCQDud35qwR5X7TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOBgQAKKSCL1VHr2LvG0MPBybninxO1T2f9zE8W
-Zg6w26hC8wxyJUK1cYehKqZxaZjlQnAQNGaH3tEDDmzfNbz1Ixgmf0T11EjwCySa
-1AzojWzLeltVo17ehzUCsroBAn/0s/1Xh1lb0i0QJ+BKpZyx0NlVpZpQw2WX1imf
-InpsjxNk7Q==
+AQkBFgN0YTOCCQD0WFRqgyJm6TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjANBgkqhkiG9w0BAQsFAAOBgQCNRRvj4FgQ1JJmqlAa7nrZmYJ7bjubiJ58
+ojU0u3edH3nSXaq2kfgH/9xjgdXz4kcnzHkqM8h31Zua8C5YZNPL++T5VbuJnDaP
+3YSVqYyM02uB+GSxihUgWRDjXLMFxs3RywM8OYQck/NnXBAJ6ZkaoEUh6hYxoT10
+TSd1+T2q3w==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.4_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1.4_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -12,35 +12,35 @@
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d4:73:3a:40:f9:03:81:b2:0a:4c:a4:d9:45:f7:
- 81:c0:bb:53:ee:6f:9c:3d:a0:98:89:86:84:8d:33:
- 1f:02:a6:ed:2a:14:9a:5f:84:11:06:9d:82:28:fb:
- cf:92:bd:bf:f9:f0:6b:fe:3d:06:5e:65:7c:35:96:
- 4f:e8:44:2c:83:d5:b8:32:16:8c:e0:7c:ed:8b:96:
- 79:a6:14:e5:12:87:e0:55:2a:45:3e:e7:fd:bd:0e:
- 94:70:93:e4:61:82:d3:06:9a:38:ef:e2:22:be:1a:
- 10:b1:8b:5e:16:60:f3:9a:5c:2d:ff:06:01:cb:5f:
- 24:cb:e7:c7:27:a7:3a:58:f1
+ 00:cc:54:a0:55:75:b1:69:33:96:b6:97:29:82:06:
+ 06:46:f2:43:2f:19:57:bf:92:f0:4e:b5:01:65:d3:
+ dc:e3:cf:5e:a9:f5:99:8e:91:e9:ad:88:15:8b:25:
+ 5e:92:c6:fd:d6:9e:e5:27:56:59:4a:09:e0:84:b8:
+ 86:af:bb:9d:e9:d2:99:f9:84:48:d6:b6:35:e8:aa:
+ e0:b3:ac:94:09:7f:b8:67:53:75:26:65:16:b7:cf:
+ 92:52:be:5f:07:da:dd:f8:b1:1c:7c:54:37:7f:66:
+ f7:dc:97:cd:d2:0d:fa:58:a4:2e:96:b8:83:fe:e2:
+ 3d:b6:fb:c5:08:46:ba:1b:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 91:D7:D6:98:F3:B9:7A:A3:30:35:78:02:00:01:14:2D:0E:FD:90:57
+ F8:0C:60:C6:C6:4D:79:11:F2:CD:D2:91:28:DF:F6:26:6C:BB:B0:ED
X509v3 Authority Key Identifier:
- keyid:E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ keyid:7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta3/emailAddress=ta3
- serial:EE:77:7E:6A:C1:1E:57:ED
+ serial:F4:58:54:6A:83:22:66:E9
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- cc:45:03:b6:88:a7:29:26:ca:08:af:dd:0a:6f:6a:b4:86:35:
- f7:01:15:32:e5:7c:70:0b:01:01:de:2b:c3:73:66:29:25:97:
- 0d:28:84:16:7d:fb:97:18:26:a4:07:08:90:00:d2:a4:c4:4e:
- 7f:53:77:87:da:34:56:0b:38:85:57:e4:e3:24:d4:54:5b:c9:
- 74:65:9b:6e:d9:79:53:0e:3f:81:7a:61:d2:00:4c:ea:49:9c:
- 01:02:3f:6e:28:5d:b7:f7:3d:85:4a:78:9d:39:a2:2b:10:25:
- d1:55:04:46:9f:40:9f:bc:c2:6a:68:3d:cc:6f:18:a7:cf:7e:
- 67:7a
+ c8:ba:31:b9:ed:17:ae:ac:ca:cd:4d:48:f6:b6:66:1c:17:c5:
+ 8a:18:96:e8:9b:47:de:b3:7e:23:21:78:cc:f9:63:09:4e:56:
+ 64:a1:de:33:16:8b:6a:94:c1:68:0a:72:dd:8e:b6:8c:dd:61:
+ cf:05:07:12:e3:4f:41:52:bc:73:33:a5:3e:94:ca:40:53:74:
+ a7:9c:46:f2:73:5b:b7:7f:df:18:7f:60:2f:2d:4b:41:8c:78:
+ c4:5f:4c:a8:85:a4:2c:84:91:b3:ab:60:61:ca:93:67:1b:2a:
+ 0e:9a:e1:e8:a5:dc:5e:78:18:a3:b3:4b:86:4d:03:08:78:9b:
+ 70:bc
-----BEGIN CERTIFICATE-----
MIIDIzCCAoygAwIBAgIBIDANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
@@ -48,15 +48,15 @@
MTAxMDEwMTAxWhcNMzUwMTAyMDEwMTAxWjB0MQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTESMBAGA1UEAxQJY2gxLjRfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEuNF90YTMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANRzOkD5A4GyCkyk2UX3gcC7U+5v
-nD2gmImGhI0zHwKm7SoUml+EEQadgij7z5K9v/nwa/49Bl5lfDWWT+hELIPVuDIW
-jOB87YuWeaYU5RKH4FUqRT7n/b0OlHCT5GGC0waaOO/iIr4aELGLXhZg85pcLf8G
-ActfJMvnxyenOljxAgMBAAGjgdAwgc0wHQYDVR0OBBYEFJHX1pjzuXqjMDV4AgAB
-FC0O/ZBXMIGaBgNVHSMEgZIwgY+AFOKeoYvX07Dxw+l3pEldak6rc6xdoWykajBo
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMxUoFV1sWkzlraXKYIGBkbyQy8Z
+V7+S8E61AWXT3OPPXqn1mY6R6a2IFYslXpLG/dae5SdWWUoJ4IS4hq+7nenSmfmE
+SNa2Neiq4LOslAl/uGdTdSZlFrfPklK+Xwfa3fixHHxUN39m99yXzdIN+likLpa4
+g/7iPbb7xQhGuhtHAgMBAAGjgdAwgc0wHQYDVR0OBBYEFPgMYMbGTXkR8s3SkSjf
+9iZsu7DtMIGaBgNVHSMEgZIwgY+AFHr2UXp/m6s3PU6TA5BtaoQJfDrdoWykajBo
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
bG8gUGFyazENMAsGA1UEChMEcGtnNTEMMAoGA1UEAxMDdGEzMRIwEAYJKoZIhvcN
-AQkBFgN0YTOCCQDud35qwR5X7TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-CwUAA4GBAMxFA7aIpykmygiv3QpvarSGNfcBFTLlfHALAQHeK8NzZikllw0ohBZ9
-+5cYJqQHCJAA0qTETn9Td4faNFYLOIVX5OMk1FRbyXRlm27ZeVMOP4F6YdIATOpJ
-nAECP24oXbf3PYVKeJ05oisQJdFVBEafQJ+8wmpoPcxvGKfPfmd6
+AQkBFgN0YTOCCQD0WFRqgyJm6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4GBAMi6MbntF66sys1NSPa2ZhwXxYoYluibR96zfiMheMz5YwlOVmSh3jMW
+i2qUwWgKct2OtozdYc8FBxLjT0FSvHMzpT6UykBTdKecRvJzW7d/3xh/YC8tS0GM
+eMRfTKiFpCyEkbOrYGHKk2cbKg6a4eil3F54GKOzS4ZNAwh4m3C8
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,61 +5,61 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta1/emailAddress=ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:38 2011 GMT
+ Not After : Jan 5 22:37:38 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta1/emailAddress=ch1_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ac:0e:d4:ba:18:4f:d2:22:6d:1e:0e:c5:31:18:
- 76:c2:cd:70:f7:ab:97:60:94:39:69:c9:d5:98:d8:
- c9:84:a6:1c:93:92:00:e0:fd:79:d2:ee:84:95:b5:
- a1:38:3a:c0:76:61:fe:fe:be:44:9b:77:a0:bf:17:
- d1:45:91:1d:ba:a0:7b:e6:7c:5d:3b:ad:50:2c:e7:
- b9:41:08:d9:c5:ad:09:91:65:d1:72:57:42:2f:fb:
- 1d:a0:d3:60:39:8c:7f:d2:91:59:d0:9b:0b:0b:85:
- 77:7c:7a:4e:e3:de:f8:c2:1b:9d:29:19:a6:e4:7b:
- e3:08:d8:c3:ee:fd:c0:13:1b
+ 00:b1:ac:f5:20:5c:bf:44:a0:a0:ff:0b:28:02:1b:
+ 9d:dd:1f:3c:6a:f7:16:c0:8e:ec:af:a1:a4:c4:cf:
+ 26:8e:43:ca:8a:aa:05:8f:a2:10:03:32:41:d0:6e:
+ b4:52:45:47:a8:46:8b:c5:f3:cd:55:56:f5:d0:c3:
+ ec:e4:a4:63:8b:9a:87:fa:74:78:ff:2c:f7:66:77:
+ 3f:05:c3:31:d0:46:5f:b6:17:af:b5:76:9f:d8:8d:
+ 22:d3:76:ac:ad:55:6f:4c:76:2a:27:8e:e9:22:74:
+ 42:ce:db:42:b9:00:54:01:fe:18:c6:4a:96:b5:b9:
+ 88:32:6d:c5:d9:56:fc:87:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- DE:23:2E:B1:97:E8:21:FB:05:0A:EB:ED:50:A7:96:15:27:BE:77:92
+ C0:9E:26:BD:D6:FB:FB:BF:FA:CE:33:92:CA:4E:25:CF:EC:9E:BA:66
X509v3 Authority Key Identifier:
- keyid:06:D0:C0:FB:C5:79:67:F9:F9:10:92:CA:81:5B:5F:92:D8:D8:9F:A6
+ keyid:75:A9:2B:02:E8:FB:31:09:2A:F2:16:21:24:D8:B2:A5:D0:14:93:5B
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta1/emailAddress=ta1
- serial:DE:88:28:EC:1B:64:08:9C
+ serial:A1:49:EA:78:5A:F4:55:8D
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:4
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 58:36:94:f1:3b:54:9f:0d:3b:90:64:d6:b9:f4:6f:3f:60:85:
- 13:a1:80:f3:6e:2b:1a:3a:4f:9a:08:e2:d9:da:14:9f:e2:3f:
- 9b:10:75:0b:7e:c7:bc:c5:91:78:1d:8d:51:b4:7e:4a:ea:d4:
- 9f:e9:20:1e:59:8b:8f:13:30:a6:90:fd:be:18:bc:07:39:89:
- bb:66:65:4a:2a:4a:97:ae:bf:91:32:b6:4c:9d:9e:2d:5d:40:
- d7:d0:28:f9:f2:89:ee:40:0a:a7:99:d2:ac:08:8b:54:9c:8d:
- 3a:8c:94:71:76:22:f9:0d:7b:0a:96:31:f5:7d:7c:3b:17:d1:
- d9:a7
+ 94:eb:ef:96:17:47:57:5e:c2:4f:4c:67:8b:bd:d7:14:22:1e:
+ d7:09:cc:b7:b2:f2:cf:df:51:e3:a6:ea:5a:7b:3a:5f:47:b1:
+ db:37:91:a3:ae:75:d2:d0:9e:9c:49:fc:ec:1f:2e:9b:b4:96:
+ 43:60:c8:99:a7:a8:fb:93:c1:68:2e:c8:09:42:23:0c:8a:25:
+ 08:67:e9:0e:6a:44:e9:18:08:d0:a0:ce:60:6c:d3:e8:c1:ec:
+ 2d:f0:db:47:04:36:f3:27:86:69:c5:10:06:3b:93:65:ea:19:
+ e4:6d:cd:fb:8a:ee:21:58:de:f3:17:7a:ee:ce:80:06:cc:1f:
+ 48:dd
-----BEGIN CERTIFICATE-----
MIIDMjCCApugAwIBAgIBATANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGExMRIwEAYJKoZIhvcNAQkBFgN0YTEwHhcNMTEw
-MzIxMDA0OTIzWhcNMTMxMjE1MDA0OTIzWjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzM4WhcNMTQwMTA1MjIzNzM4WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTEQMA4GA1UEAxQHY2gxX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gxX3RhMTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArA7UuhhP0iJtHg7FMRh2ws1w96uXYJQ5
-acnVmNjJhKYck5IA4P150u6ElbWhODrAdmH+/r5Em3egvxfRRZEduqB75nxdO61Q
-LOe5QQjZxa0JkWXRcldCL/sdoNNgOYx/0pFZ0JsLC4V3fHpO4974whudKRmm5Hvj
-CNjD7v3AExsCAwEAAaOB4zCB4DAdBgNVHQ4EFgQU3iMusZfoIfsFCuvtUKeWFSe+
-d5IwgZoGA1UdIwSBkjCBj4AUBtDA+8V5Z/n5EJLKgVtfktjYn6ahbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsaz1IFy/RKCg/wsoAhud3R88avcWwI7s
+r6GkxM8mjkPKiqoFj6IQAzJB0G60UkVHqEaLxfPNVVb10MPs5KRji5qH+nR4/yz3
+Znc/BcMx0EZfthevtXaf2I0i03asrVVvTHYqJ47pInRCzttCuQBUAf4YxkqWtbmI
+Mm3F2Vb8h5UCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUwJ4mvdb7+7/6zjOSyk4lz+ye
+umYwgZoGA1UdIwSBkjCBj4AUdakrAuj7MQkq8hYhJNiypdAUk1uhbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTExEjAQBgkqhkiG9w0BCQEW
-A3RhMYIJAN6IKOwbZAicMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0PAQH/BAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4GBAFg2lPE7VJ8NO5Bk1rn0bz9ghROhgPNuKxo6
-T5oI4tnaFJ/iP5sQdQt+x7zFkXgdjVG0fkrq1J/pIB5Zi48TMKaQ/b4YvAc5ibtm
-ZUoqSpeuv5Eytkydni1dQNfQKPnyie5ACqeZ0qwIi1ScjTqMlHF2IvkNewqWMfV9
-fDsX0dmn
+A3RhMYIJAKFJ6nha9FWNMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBCwUAA4GBAJTr75YXR1dewk9MZ4u91xQiHtcJzLey8s/f
+UeOm6lp7Ol9Hsds3kaOuddLQnpxJ/OwfLpu0lkNgyJmnqPuTwWguyAlCIwyKJQhn
+6Q5qROkYCNCgzmBs0+jB7C3w20cENvMnhmnFEAY7k2XqGeRtzfuK7iFY3vMXeu7O
+gAbMH0jd
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,61 +5,61 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta3/emailAddress=ta3
Validity
- Not Before: Mar 21 00:49:27 2011 GMT
- Not After : Dec 15 00:49:27 2013 GMT
+ Not Before: Apr 11 22:37:44 2011 GMT
+ Not After : Jan 5 22:37:44 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ce:60:c2:15:27:ff:ef:55:03:7a:1a:95:17:7f:
- 93:80:b9:a8:64:3f:96:0f:5e:b2:b6:0b:c0:85:02:
- 7a:25:96:e0:e7:31:07:f7:4a:b9:8b:a7:87:7c:34:
- 65:9b:08:b3:26:05:13:c4:d3:2e:88:e7:a7:d8:c7:
- 05:56:a4:8b:57:b6:12:2e:c4:68:6f:7c:b6:5d:38:
- 7d:a2:93:6f:30:9f:ef:bf:db:81:ee:7b:7f:3a:2e:
- 19:7e:b9:0d:9d:e2:0a:e3:56:36:8d:cb:54:d9:c3:
- fd:67:59:58:19:8b:60:65:1d:9c:70:e8:c3:18:ae:
- ec:af:56:ef:19:26:e6:94:fd
+ 00:e1:a3:d0:51:dc:0b:73:6f:44:f2:c7:6b:f2:9d:
+ da:56:de:d4:41:61:75:48:78:10:2c:53:f1:c1:28:
+ 01:4a:10:53:7d:32:bc:e2:01:a2:75:59:0b:cf:3a:
+ fc:41:b8:2c:36:fb:fe:3d:d9:a2:41:7b:6e:3c:0a:
+ a9:7e:74:5a:86:ea:06:6a:2b:ad:3c:7e:32:8b:97:
+ a4:ba:53:c1:b8:bc:f0:8f:80:22:53:97:66:bb:80:
+ 15:05:96:dc:df:62:29:4d:15:df:85:e6:90:30:4d:
+ 29:d3:04:b7:4f:22:40:b8:a1:22:ed:0e:4b:e6:00:
+ 82:df:89:48:63:87:b5:80:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 0A:B2:12:2B:7E:04:40:9E:1A:C1:B4:A8:96:B9:C3:A1:0A:83:6D:3B
+ D9:77:48:13:09:B0:17:15:2A:95:47:CA:4C:13:2E:A9:AC:18:5D:AD
X509v3 Authority Key Identifier:
- keyid:E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ keyid:7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta3/emailAddress=ta3
- serial:EE:77:7E:6A:C1:1E:57:ED
+ serial:F4:58:54:6A:83:22:66:E9
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 35:2f:59:d9:6d:8f:bd:bc:f0:1a:f9:40:91:f3:f9:d7:4e:29:
- e5:cc:44:92:d1:13:cd:f7:e1:cb:a2:06:d3:ba:f2:c5:cf:c2:
- 4c:ad:5c:3b:91:a6:2a:35:ed:ae:cb:fc:b9:78:90:fb:6b:8b:
- fd:20:ef:0a:69:61:5e:76:49:07:3b:11:fe:29:8f:fd:14:4d:
- be:72:79:aa:49:68:47:22:3e:88:56:71:58:f2:e7:3a:6c:52:
- 66:73:98:28:41:e4:32:39:a6:c9:3e:40:12:de:4f:9a:fa:b1:
- 9d:b8:75:5b:c3:05:0b:bc:da:33:a1:a4:6d:c6:4c:21:e6:74:
- 87:36
+ a5:b4:3f:fe:d9:aa:36:19:da:97:ab:60:50:43:50:e0:26:2e:
+ 23:af:39:d9:d6:60:0a:41:5d:6a:2f:6f:f2:4c:4f:a8:22:40:
+ 04:40:84:4e:0a:34:10:21:a5:9a:36:f6:7c:aa:e3:29:88:ce:
+ 8c:1f:4a:cd:db:19:db:25:0c:04:46:28:67:ba:74:ff:74:78:
+ 4e:20:9b:ef:31:95:c9:ab:46:53:f3:02:bb:25:78:3e:43:6a:
+ 87:d6:86:61:a6:3e:8a:91:91:a6:88:f2:32:2d:b2:51:22:46:
+ 9a:b3:b6:c9:45:90:83:c2:0f:d7:a2:4a:1b:61:30:3f:55:3d:
+ 47:1f
-----BEGIN CERTIFICATE-----
MIIDLzCCApigAwIBAgIBEDANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGEzMRIwEAYJKoZIhvcNAQkBFgN0YTMwHhcNMTEw
-MzIxMDA0OTI3WhcNMTMxMjE1MDA0OTI3WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzQ0WhcNMTQwMTA1MjIzNzQ0WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3RhMzCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzmDCFSf/71UDehqVF3+TgLmoZD+WD16y
-tgvAhQJ6JZbg5zEH90q5i6eHfDRlmwizJgUTxNMuiOen2McFVqSLV7YSLsRob3y2
-XTh9opNvMJ/vv9uB7nt/Oi4ZfrkNneIK41Y2jctU2cP9Z1lYGYtgZR2ccOjDGK7s
-r1bvGSbmlP0CAwEAAaOB4DCB3TAdBgNVHQ4EFgQUCrISK34EQJ4awbSolrnDoQqD
-bTswgZoGA1UdIwSBkjCBj4AU4p6hi9fTsPHD6XekSV1qTqtzrF2hbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4aPQUdwLc29E8sdr8p3aVt7UQWF1SHgQ
+LFPxwSgBShBTfTK84gGidVkLzzr8QbgsNvv+PdmiQXtuPAqpfnRahuoGaiutPH4y
+i5ekulPBuLzwj4AiU5dmu4AVBZbc32IpTRXfheaQME0p0wS3TyJAuKEi7Q5L5gCC
+34lIY4e1gFUCAwEAAaOB4DCB3TAdBgNVHQ4EFgQU2XdIEwmwFxUqlUfKTBMuqawY
+Xa0wgZoGA1UdIwSBkjCBj4AUevZRen+bqzc9TpMDkG1qhAl8Ot2hbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTMxEjAQBgkqhkiG9w0BCQEW
-A3RhM4IJAO53fmrBHlftMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
-MA0GCSqGSIb3DQEBCwUAA4GBADUvWdltj7288Br5QJHz+ddOKeXMRJLRE8334cui
-BtO68sXPwkytXDuRpio17a7L/Ll4kPtri/0g7wppYV52SQc7Ef4pj/0UTb5yeapJ
-aEciPohWcVjy5zpsUmZzmChB5DI5psk+QBLeT5r6sZ24dVvDBQu82jOhpG3GTCHm
-dIc2
+A3RhM4IJAPRYVGqDImbpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBCwUAA4GBAKW0P/7ZqjYZ2perYFBDUOAmLiOvOdnWYApBXWov
+b/JMT6giQARAhE4KNBAhpZo29nyq4ymIzowfSs3bGdslDARGKGe6dP90eE4gm+8x
+lcmrRlPzArsleD5DaofWhmGmPoqRkaaI8jItslEiRpqztslFkIPCD9eiShthMD9V
+PUcf
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta4_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta4_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,61 +5,61 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta4/emailAddress=ta4
Validity
- Not Before: Mar 21 00:49:32 2011 GMT
- Not After : Dec 15 00:49:32 2013 GMT
+ Not Before: Apr 11 22:37:49 2011 GMT
+ Not After : Jan 5 22:37:49 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta4/emailAddress=ch1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ad:9c:0a:58:1d:2c:e7:a7:fd:de:8c:0e:99:5d:
- d0:b2:67:ff:59:40:86:7a:d5:13:cc:5e:a5:e4:81:
- 95:45:b5:6b:ad:2b:d5:26:bc:b2:53:03:94:57:61:
- 16:5d:60:df:2e:6a:15:3a:04:88:77:3f:cb:01:20:
- 10:20:e0:ab:49:6d:44:58:d9:c6:9b:44:73:ed:d9:
- 1a:f3:eb:ca:74:de:90:06:ff:cb:18:9c:43:f7:4e:
- e0:cb:06:af:fe:4e:2c:9b:bf:6a:c2:ae:50:c3:e7:
- fd:d9:c1:f1:18:ad:b7:ae:f7:56:8a:50:f6:13:1b:
- 47:0d:c2:cf:c4:3f:31:f1:2b
+ 00:b6:ab:16:bb:1d:ee:25:5a:2f:58:e7:db:d8:0a:
+ e7:36:63:d5:ca:de:60:b5:90:c2:82:e3:ec:7d:49:
+ 0c:a9:b6:95:c8:a1:ab:04:0c:a9:09:e1:93:a6:be:
+ 43:36:7e:1b:61:28:1b:38:03:a2:06:19:88:72:a9:
+ b9:a2:71:ff:db:e1:3c:85:98:01:b2:5f:93:a0:4a:
+ b8:e7:36:ad:8f:50:8c:d6:a1:14:29:b0:ee:ec:e2:
+ 08:3f:7d:34:a1:c4:5f:3a:e9:4f:b0:c0:d6:5f:f2:
+ 10:78:2b:ae:f4:ee:28:c8:29:21:9f:ce:70:d5:fb:
+ ea:33:fc:e2:5a:5c:e2:1b:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- AB:0B:EF:CE:AA:F0:43:97:3A:CD:58:D0:D9:C2:F9:C4:EB:8D:7C:FF
+ 2A:94:C1:FF:E0:11:A0:91:F1:71:46:35:9A:37:3C:BC:C4:21:4A:8F
X509v3 Authority Key Identifier:
- keyid:0A:1C:BA:A6:5B:C6:83:32:60:E5:9B:00:85:37:74:D1:8D:30:BA:8A
+ keyid:3E:5F:64:E9:63:CB:9C:10:D0:91:F4:45:61:F2:F1:EA:42:69:EC:A5
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta4/emailAddress=ta4
- serial:C5:19:14:97:E3:27:2E:9B
+ serial:BA:06:FD:EC:89:18:B5:7F
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 00:09:60:76:36:5d:a6:ae:0b:a0:94:ad:78:be:a0:18:7c:96:
- 13:6c:8b:04:2c:bc:29:d8:f0:93:d8:86:d9:07:71:fb:0f:05:
- 72:65:fe:ed:e3:1c:ac:bf:22:c2:db:03:c5:2e:3f:f2:cf:98:
- 00:7b:ee:de:96:11:90:bf:22:03:7a:c3:c3:22:dc:1a:ea:7e:
- f5:7e:a7:64:70:18:e2:13:be:b0:3e:d8:57:a6:de:28:5b:06:
- 4e:90:c6:22:e0:3a:e9:2c:9a:de:f4:bf:d8:b7:da:b7:e3:24:
- f6:11:69:18:e5:64:fd:94:22:7b:b5:ef:e4:4d:6c:1a:eb:8f:
- 5c:7d
+ 9d:2d:ff:a2:d2:42:31:72:9e:6f:8d:45:2c:21:9b:15:cf:89:
+ 06:70:3b:5f:3e:2c:73:b9:08:d9:be:48:d8:6b:dc:23:86:3a:
+ ab:3c:16:80:13:62:a4:12:f8:ee:e7:6f:d6:e8:4f:ad:36:eb:
+ 1e:81:c8:03:1c:65:ba:be:55:6d:07:8f:bc:fa:ba:d2:14:90:
+ 1d:02:35:bd:5d:bd:0b:fb:48:57:94:6d:fe:71:85:ce:9f:65:
+ 9c:31:80:13:56:b2:6f:2a:03:b6:1d:7f:5a:4a:dd:50:63:7a:
+ 46:40:4b:1d:c3:71:5d:72:72:f0:50:f8:db:60:56:97:c8:cd:
+ 73:83
-----BEGIN CERTIFICATE-----
MIIDLzCCApigAwIBAgIBIjANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGE0MRIwEAYJKoZIhvcNAQkBFgN0YTQwHhcNMTEw
-MzIxMDA0OTMyWhcNMTMxMjE1MDA0OTMyWjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzQ5WhcNMTQwMTA1MjIzNzQ5WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTEQMA4GA1UEAxQHY2gxX3RhNDEWMBQGCSqGSIb3DQEJARYHY2gxX3RhNDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArZwKWB0s56f93owOmV3Qsmf/WUCGetUT
-zF6l5IGVRbVrrSvVJryyUwOUV2EWXWDfLmoVOgSIdz/LASAQIOCrSW1EWNnGm0Rz
-7dka8+vKdN6QBv/LGJxD907gywav/k4sm79qwq5Qw+f92cHxGK23rvdWilD2ExtH
-DcLPxD8x8SsCAwEAAaOB4DCB3TAdBgNVHQ4EFgQUqwvvzqrwQ5c6zVjQ2cL5xOuN
-fP8wgZoGA1UdIwSBkjCBj4AUChy6plvGgzJg5ZsAhTd00Y0wuoqhbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtqsWux3uJVovWOfb2ArnNmPVyt5gtZDC
+guPsfUkMqbaVyKGrBAypCeGTpr5DNn4bYSgbOAOiBhmIcqm5onH/2+E8hZgBsl+T
+oEq45zatj1CM1qEUKbDu7OIIP300ocRfOulPsMDWX/IQeCuu9O4oyCkhn85w1fvq
+M/ziWlziG9kCAwEAAaOB4DCB3TAdBgNVHQ4EFgQUKpTB/+ARoJHxcUY1mjc8vMQh
+So8wgZoGA1UdIwSBkjCBj4AUPl9k6WPLnBDQkfRFYfLx6kJp7KWhbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTQxEjAQBgkqhkiG9w0BCQEW
-A3RhNIIJAMUZFJfjJy6bMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
-MA0GCSqGSIb3DQEBCwUAA4GBAAAJYHY2XaauC6CUrXi+oBh8lhNsiwQsvCnY8JPY
-htkHcfsPBXJl/u3jHKy/IsLbA8UuP/LPmAB77t6WEZC/IgN6w8Mi3BrqfvV+p2Rw
-GOITvrA+2Fem3ihbBk6QxiLgOuksmt70v9i32rfjJPYRaRjlZP2UInu17+RNbBrr
-j1x9
+A3RhNIIJALoG/eyJGLV/MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBCwUAA4GBAJ0t/6LSQjFynm+NRSwhmxXPiQZwO18+LHO5CNm+
+SNhr3COGOqs8FoATYqQS+O7nb9boT6026x6ByAMcZbq+VW0Hj7z6utIUkB0CNb1d
+vQv7SFeUbf5xhc6fZZwxgBNWsm8qA7Ydf1pK3VBjekZASx3DcV1ycvBQ+NtgVpfI
+zXOD
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta5_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch1_ta5_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,30 +5,30 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta5/emailAddress=ta5
Validity
- Not Before: Mar 21 00:49:34 2011 GMT
- Not After : Dec 15 00:49:34 2013 GMT
+ Not Before: Apr 11 22:37:52 2011 GMT
+ Not After : Jan 5 22:37:52 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta5/emailAddress=ch1_ta5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d2:0e:3e:0c:53:ef:ad:91:13:5e:b6:01:7f:c6:
- 16:4e:da:7d:c8:26:1b:85:38:e0:98:d4:b2:61:0b:
- 43:bb:2e:92:d5:9a:0e:db:ab:ad:8f:6e:9d:c8:25:
- 36:e2:db:ca:fa:ab:4b:5a:25:91:46:c9:66:11:0d:
- 66:9e:f7:11:82:02:e1:2e:ef:df:f4:ed:9f:0f:a4:
- 6f:60:41:20:32:8c:10:90:4c:9c:ad:55:cc:40:03:
- 89:f5:15:53:13:7d:ab:be:53:8b:14:44:88:f8:54:
- 50:db:31:f5:ae:5c:0d:78:68:aa:3f:9b:4a:fa:1a:
- b1:47:53:bf:72:1d:89:f9:43
+ 00:e7:14:d9:dc:4c:60:0f:ad:49:9f:14:f8:2f:d9:
+ 0e:65:93:a4:c4:e5:6b:13:93:c1:79:40:14:4f:19:
+ 56:d7:88:07:9b:de:45:40:ce:24:91:44:b0:14:6b:
+ 8b:4d:f5:d1:b2:75:cc:5c:d7:ed:73:2c:d2:75:aa:
+ 50:6f:94:00:8d:0e:bb:15:8c:ef:a1:5d:2c:23:73:
+ 95:f7:48:b5:4a:3b:de:2a:a1:7c:03:aa:28:17:f0:
+ a7:46:b9:86:f3:98:a7:31:ff:e1:75:b4:28:b4:11:
+ b4:4b:ca:64:e4:cd:2a:f7:d8:6f:6b:73:64:ab:55:
+ 0b:5b:60:76:5f:ea:86:57:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 08:00:AB:E5:4A:60:83:0C:49:32:88:DC:48:8D:79:30:7A:72:E4:A3
+ 59:7D:00:A7:48:7C:5E:D9:A2:26:D0:9A:83:3F:D0:03:9C:36:D5:50
X509v3 Authority Key Identifier:
- keyid:8A:83:E9:51:D7:32:B4:6F:3B:85:AF:1A:11:94:5C:B6:21:E5:5D:0F
+ keyid:E7:E6:72:5B:A0:5F:2C:A6:40:45:1A:66:E4:45:A5:0F:1D:67:5D:93
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta5/emailAddress=ta5
- serial:EC:86:C3:65:F9:7F:14:08
+ serial:9C:19:39:11:06:1A:55:91
X509v3 Basic Constraints: critical
CA:TRUE
@@ -38,32 +38,32 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 1e:0c:b3:a3:63:49:b5:3d:0e:4d:ed:d1:31:fc:06:39:8c:30:
- 8d:f8:f1:0f:2e:ae:27:f2:57:d4:64:ff:ac:05:cc:2d:3d:0d:
- de:b3:e6:be:9c:51:9b:1a:08:b1:e7:9f:6d:3e:a6:af:c0:9c:
- d0:e6:57:de:d3:61:9c:0f:a9:c9:bc:0d:59:03:e2:d4:4d:f4:
- 0d:48:49:ad:64:a2:33:71:3e:07:2f:61:a5:02:46:61:1c:c0:
- b5:f0:3c:f8:4f:42:ff:72:3c:7a:63:5a:16:68:7d:2b:08:aa:
- 3b:bd:e5:25:9f:19:3e:22:42:cd:4b:e7:0f:17:c3:a9:1d:d6:
- 9e:53
+ a0:48:28:f4:94:07:dd:08:f2:c6:74:0d:a9:31:10:71:64:f8:
+ b5:c3:fb:82:8e:46:9d:30:fb:fd:9d:4b:c9:92:5b:c4:06:d2:
+ d0:5e:aa:91:f5:19:7c:c3:11:b2:26:ef:e6:01:cf:3e:ea:07:
+ d6:d2:f8:22:e6:a0:50:86:40:53:cc:ed:81:73:33:b1:a8:2b:
+ 92:1a:10:f9:fc:30:43:84:4b:ca:ef:8c:d3:be:0a:63:f0:40:
+ 99:be:80:88:c9:8f:2b:9a:82:9f:7b:56:9a:f1:08:e1:67:88:
+ 30:fa:a1:12:bc:c8:ea:22:60:64:0f:91:80:48:cd:2a:5d:05:
+ ca:f7
-----BEGIN CERTIFICATE-----
MIIDbTCCAtagAwIBAgIBKDANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGE1MRIwEAYJKoZIhvcNAQkBFgN0YTUwHhcNMTEw
-MzIxMDA0OTM0WhcNMTMxMjE1MDA0OTM0WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzUyWhcNMTQwMTA1MjIzNzUyWjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTEQMA4GA1UEAxQHY2gxX3RhNTEWMBQGCSqGSIb3DQEJARYHY2gxX3RhNTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0g4+DFPvrZETXrYBf8YWTtp9yCYbhTjg
-mNSyYQtDuy6S1ZoO26utj26dyCU24tvK+qtLWiWRRslmEQ1mnvcRggLhLu/f9O2f
-D6RvYEEgMowQkEycrVXMQAOJ9RVTE32rvlOLFESI+FRQ2zH1rlwNeGiqP5tK+hqx
-R1O/ch2J+UMCAwEAAaOCAR0wggEZMB0GA1UdDgQWBBQIAKvlSmCDDEkyiNxIjXkw
-enLkozCBmgYDVR0jBIGSMIGPgBSKg+lR1zK0bzuFrxoRlFy2IeVdD6FspGowaDEL
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5xTZ3ExgD61JnxT4L9kOZZOkxOVrE5PB
+eUAUTxlW14gHm95FQM4kkUSwFGuLTfXRsnXMXNftcyzSdapQb5QAjQ67FYzvoV0s
+I3OV90i1SjveKqF8A6ooF/CnRrmG85inMf/hdbQotBG0S8pk5M0q99hva3Nkq1UL
+W2B2X+qGVx8CAwEAAaOCAR0wggEZMB0GA1UdDgQWBBRZfQCnSHxe2aIm0JqDP9AD
+nDbVUDCBmgYDVR0jBIGSMIGPgBTn5nJboF8spkBFGmbkRaUPHWddk6FspGowaDEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCk1lbmxv
IFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAMTA3RhNTESMBAGCSqGSIb3DQEJ
-ARYDdGE1ggkA7IbDZfl/FAgwDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAxMC+g
+ARYDdGE1ggkAnBk5EQYaVZEwDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vbG9jYWxob3N0OjEyMDAxL2ZpbGUvMC90YTVfY3JsLnBlbTAO
-BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAHgyzo2NJtT0OTe3RMfwG
-OYwwjfjxDy6uJ/JX1GT/rAXMLT0N3rPmvpxRmxoIseefbT6mr8Cc0OZX3tNhnA+p
-ybwNWQPi1E30DUhJrWSiM3E+By9hpQJGYRzAtfA8+E9C/3I8emNaFmh9KwiqO73l
-JZ8ZPiJCzUvnDxfDqR3WnlM=
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAoEgo9JQH3QjyxnQNqTEQ
+cWT4tcP7go5GnTD7/Z1LyZJbxAbS0F6qkfUZfMMRsibv5gHPPuoH1tL4IuagUIZA
+U8ztgXMzsagrkhoQ+fwwQ4RLyu+M074KY/BAmb6AiMmPK5qCn3tWmvEI4WeIMPqh
+ErzI6iJgZA+RgEjNKl0Fyvc=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch2_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch2_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta1/emailAddress=ch1_ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:39 2011 GMT
+ Not After : Jan 5 22:37:39 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch2_ta1/emailAddress=ch2_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b2:2e:64:17:3d:dd:32:ab:60:b1:07:9e:8d:da:
- 3c:50:91:b7:d2:c0:b2:bc:af:74:3b:c1:4e:6c:f3:
- d0:98:91:32:34:fb:dd:48:04:3a:86:9f:e7:31:2e:
- 19:b3:49:59:0b:20:19:b1:bb:52:91:45:57:ba:36:
- 49:62:82:61:3b:8d:63:11:c8:a6:fa:9a:20:b8:34:
- 4e:0e:4d:31:73:6b:ea:5e:d9:2d:fb:b5:f9:04:7c:
- f9:9d:b0:0d:4f:74:2b:35:b1:4d:63:5d:11:48:7e:
- 72:cd:f4:07:35:5f:e7:59:5e:16:e2:99:3a:b4:7f:
- 4a:cc:bc:86:53:bd:55:bc:57
+ 00:f4:24:ed:3d:fe:70:c8:51:b6:8d:26:78:90:6a:
+ 77:ff:de:7d:58:1f:00:fe:63:b0:88:de:46:18:d2:
+ 16:84:af:65:a1:9a:97:b1:38:14:6b:e7:98:c1:79:
+ 6f:0a:db:b2:92:6e:d6:7e:cd:cb:55:39:a0:27:e9:
+ 06:c8:45:19:2c:16:c3:4f:f5:af:cd:f6:14:cb:85:
+ 59:5c:1b:83:dc:f6:b6:4d:30:06:28:66:f6:2b:19:
+ 03:3f:00:de:09:77:50:a2:98:b1:73:3d:d5:79:f0:
+ 7e:79:2b:8e:76:96:c9:43:cf:44:9a:15:2e:09:00:
+ 47:a6:5a:f0:35:8b:88:b7:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 79:04:42:77:11:18:EC:24:43:48:52:11:99:DE:86:84:23:B1:50:77
+ C2:62:F6:27:E6:91:FB:98:5F:55:6E:11:EE:6E:E0:04:76:A0:E7:01
X509v3 Authority Key Identifier:
- keyid:DE:23:2E:B1:97:E8:21:FB:05:0A:EB:ED:50:A7:96:15:27:BE:77:92
+ keyid:C0:9E:26:BD:D6:FB:FB:BF:FA:CE:33:92:CA:4E:25:CF:EC:9E:BA:66
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta1/emailAddress=ta1
serial:01
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 24:59:ab:c0:7d:fe:62:1b:1a:98:45:78:80:ef:a3:0e:6a:cd:
- f9:ed:8a:4f:9b:18:59:ad:2b:d5:3d:db:7d:3f:ab:c3:4a:c7:
- 33:95:33:43:4b:16:44:50:1a:6e:38:ad:7b:8f:f9:06:f4:72:
- 7b:15:75:59:0d:db:11:a7:86:b4:e9:de:28:c9:39:d0:d7:25:
- 46:51:26:16:bd:15:70:d1:b2:87:e2:2c:48:aa:28:96:0a:f8:
- 4e:d4:44:99:66:62:04:6d:8d:2c:0f:f0:08:8d:d2:5c:fa:4e:
- 62:1a:25:f1:5c:ef:44:56:83:35:a7:e3:a9:ca:c0:18:90:18:
- 54:42
+ a0:f7:c7:f9:6b:cf:6e:6c:36:74:b2:47:8d:76:04:74:88:de:
+ 3b:cb:2d:e7:6c:fd:78:43:0f:29:9c:ba:92:97:dd:62:89:88:
+ 31:c7:9b:b2:46:42:4a:e0:c1:3f:a8:5f:63:86:d1:75:d9:47:
+ 46:d1:d3:87:dc:3e:7a:22:ce:8c:05:51:95:19:c5:2b:83:0f:
+ 02:4c:54:a6:e8:a9:c9:79:bd:0b:f0:e7:4d:31:77:e6:07:ea:
+ 1d:b1:35:48:30:15:28:c2:2d:36:42:fd:e9:11:85:7f:b0:9f:
+ 7b:9a:b6:0e:1d:94:02:3a:3b:c1:b8:bd:c8:c9:8d:c6:b6:9a:
+ 11:17
-----BEGIN CERTIFICATE-----
MIIDMjCCApugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MTAeFw0xMTAzMjEwMDQ5MjNaFw0xMzEyMTUwMDQ5MjNaMHAxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3MzlaFw0xNDAxMDUyMjM3MzlaMHAxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRAwDgYDVQQDFAdjaDJfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDJf
-dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyLmQXPd0yq2CxB56N2jxQ
-kbfSwLK8r3Q7wU5s89CYkTI0+91IBDqGn+cxLhmzSVkLIBmxu1KRRVe6NkligmE7
-jWMRyKb6miC4NE4OTTFza+pe2S37tfkEfPmdsA1PdCs1sU1jXRFIfnLN9Ac1X+dZ
-XhbimTq0f0rMvIZTvVW8VwIDAQABo4HbMIHYMB0GA1UdDgQWBBR5BEJ3ERjsJENI
-UhGZ3oaEI7FQdzCBkgYDVR0jBIGKMIGHgBTeIy6xl+gh+wUK6+1Qp5YVJ753kqFs
+dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0JO09/nDIUbaNJniQanf/
+3n1YHwD+Y7CI3kYY0haEr2WhmpexOBRr55jBeW8K27KSbtZ+zctVOaAn6QbIRRks
+FsNP9a/N9hTLhVlcG4Pc9rZNMAYoZvYrGQM/AN4Jd1CimLFzPdV58H55K452lslD
+z0SaFS4JAEemWvA1i4i3YQIDAQABo4HbMIHYMB0GA1UdDgQWBBTCYvYn5pH7mF9V
+bhHubuAEdqDnATCBkgYDVR0jBIGKMIGHgBTAnia91vv7v/rOM5LKTiXP7J66ZqFs
pGowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcT
Ck1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAMTA3RhMTESMBAGCSqG
SIb3DQEJARYDdGExggEBMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4GBACRZq8B9/mIbGphFeIDvow5qzfntik+bGFmt
-K9U9230/q8NKxzOVM0NLFkRQGm44rXuP+Qb0cnsVdVkN2xGnhrTp3ijJOdDXJUZR
-Jha9FXDRsofiLEiqKJYK+E7URJlmYgRtjSwP8AiN0lz6TmIaJfFc70RWgzWn46nK
-wBiQGFRC
+AgEGMA0GCSqGSIb3DQEBCwUAA4GBAKD3x/lrz25sNnSyR412BHSI3jvLLeds/XhD
+DymcupKX3WKJiDHHm7JGQkrgwT+oX2OG0XXZR0bR04fcPnoizowFUZUZxSuDDwJM
+VKboqcl5vQvw500xd+YH6h2xNUgwFSjCLTZC/ekRhX+wn3uatg4dlAI6O8G4vcjJ
+jca2mhEX
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch3_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch3_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch2_ta1/emailAddress=ch2_ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:39 2011 GMT
+ Not After : Jan 5 22:37:39 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ab:d1:d5:d2:6a:72:f2:b9:20:07:53:98:e6:14:
- fc:de:66:e7:0e:1d:ab:35:c7:f5:80:5c:fb:e7:03:
- 4a:97:15:b7:da:3a:18:5f:50:39:1c:9a:aa:ad:f8:
- 64:d3:76:a1:c7:e2:f8:56:c9:1d:af:3f:bb:d0:98:
- f4:2c:c3:1c:ea:e3:18:f2:60:35:6e:3b:99:67:35:
- 27:cb:64:7e:3c:1c:cb:64:d3:bc:60:f1:8a:37:47:
- 9c:02:6e:7c:e3:d3:38:1a:f0:3d:93:31:83:57:ae:
- 36:17:b4:20:e8:44:72:7f:d4:65:25:a5:42:b3:02:
- 55:69:18:9b:fa:5f:7f:62:f3
+ 00:ec:46:7e:e1:35:25:1c:92:37:51:fb:99:13:70:
+ e7:89:d6:3e:3b:28:59:98:96:e2:81:87:3f:99:85:
+ 5d:06:0a:d0:df:04:3e:fe:8a:00:f5:aa:91:93:a9:
+ 48:5c:59:b9:cb:f2:94:dd:fe:71:11:af:9c:7e:71:
+ ce:96:21:cc:fd:27:e9:7e:82:2b:84:d5:73:3a:89:
+ c0:09:2b:aa:16:d6:5f:7a:ac:81:d1:9b:18:4d:85:
+ 1e:33:2f:86:a8:c3:7a:2d:68:24:30:1d:7f:db:c5:
+ 30:0c:bf:d9:72:04:98:9d:ff:2f:cf:94:e7:2e:88:
+ b2:47:fd:ee:c1:d2:e0:e9:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 9D:49:C0:40:BE:F9:2D:9D:38:CF:BB:7C:6C:33:70:E3:13:2C:F9:05
+ D0:F9:37:92:54:28:C0:40:AE:62:94:51:42:6A:7C:8E:37:5F:AC:A8
X509v3 Authority Key Identifier:
- keyid:79:04:42:77:11:18:EC:24:43:48:52:11:99:DE:86:84:23:B1:50:77
+ keyid:C2:62:F6:27:E6:91:FB:98:5F:55:6E:11:EE:6E:E0:04:76:A0:E7:01
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta1/emailAddress=ch1_ta1
serial:02
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 41:ff:9f:2c:11:ef:c9:51:0d:5a:68:82:16:89:b4:ab:7e:91:
- 0e:ef:c9:86:d7:d9:47:8d:63:9a:a4:66:2e:d4:bc:58:c0:6a:
- 23:e3:8e:ab:0b:44:c0:19:20:eb:96:bc:d2:39:b4:60:3f:3f:
- 7c:d7:6d:39:09:ff:fb:bd:9f:35:de:54:64:85:fc:ee:86:91:
- aa:95:11:a4:38:c5:28:71:ae:a8:4b:d7:b2:8f:24:59:da:57:
- 92:31:ae:34:b3:21:cc:32:02:3c:b5:00:64:c4:1e:be:0d:af:
- bd:e7:a6:3d:6f:77:84:62:04:21:cf:26:6b:8f:c5:1c:0b:4c:
- 5c:dd
+ 3e:60:a3:23:dc:e2:bc:b9:60:14:1b:e5:dd:af:bd:f2:8b:cb:
+ f1:55:8a:03:e1:ee:82:f2:d2:7b:3d:0d:4a:56:f5:61:80:97:
+ 27:90:c0:05:e4:e9:18:e8:29:97:eb:aa:6b:d2:4a:0c:b8:c0:
+ f3:cf:a5:4f:95:dd:46:03:96:eb:29:e4:bb:22:fe:5b:34:da:
+ 02:8c:36:12:b6:9c:3e:a4:e4:d7:33:a3:ac:d8:45:65:75:37:
+ 68:55:63:eb:d8:d1:6f:28:66:fc:ac:ad:15:08:67:41:41:32:
+ 3f:ed:60:fc:01:e1:b9:88:24:95:1e:9c:ee:69:3b:d2:91:f8:
+ ef:81
-----BEGIN CERTIFICATE-----
MIIDOjCCAqOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gyX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gyX3Rh
-MTAeFw0xMTAzMjEwMDQ5MjNaFw0xMzEyMTUwMDQ5MjNaMHAxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3MzlaFw0xNDAxMDUyMjM3MzlaMHAxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRAwDgYDVQQDFAdjaDNfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDNf
-dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr0dXSanLyuSAHU5jmFPze
-ZucOHas1x/WAXPvnA0qXFbfaOhhfUDkcmqqt+GTTdqHH4vhWyR2vP7vQmPQswxzq
-4xjyYDVuO5lnNSfLZH48HMtk07xg8Yo3R5wCbnzj0zga8D2TMYNXrjYXtCDoRHJ/
-1GUlpUKzAlVpGJv6X39i8wIDAQABo4HjMIHgMB0GA1UdDgQWBBSdScBAvvktnTjP
-u3xsM3DjEyz5BTCBmgYDVR0jBIGSMIGPgBR5BEJ3ERjsJENIUhGZ3oaEI7FQd6F0
+dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDsRn7hNSUckjdR+5kTcOeJ
+1j47KFmYluKBhz+ZhV0GCtDfBD7+igD1qpGTqUhcWbnL8pTd/nERr5x+cc6WIcz9
+J+l+giuE1XM6icAJK6oW1l96rIHRmxhNhR4zL4aow3otaCQwHX/bxTAMv9lyBJid
+/y/PlOcuiLJH/e7B0uDpOQIDAQABo4HjMIHgMB0GA1UdDgQWBBTQ+TeSVCjAQK5i
+lFFCanyON1+sqDCBmgYDVR0jBIGSMIGPgBTCYvYn5pH7mF9VbhHubuAEdqDnAaF0
pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcT
Ck1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxEDAOBgNVBAMUB2NoMV90YTExFjAU
BgkqhkiG9w0BCQEWB2NoMV90YTGCAQIwEgYDVR0TAQH/BAgwBgEB/wIBAjAOBgNV
-HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAQf+fLBHvyVENWmiCFom0q36R
-Du/JhtfZR41jmqRmLtS8WMBqI+OOqwtEwBkg65a80jm0YD8/fNdtOQn/+72fNd5U
-ZIX87oaRqpURpDjFKHGuqEvXso8kWdpXkjGuNLMhzDICPLUAZMQevg2vveemPW93
-hGIEIc8ma4/FHAtMXN0=
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAPmCjI9zivLlgFBvl3a+98ovL
+8VWKA+HugvLSez0NSlb1YYCXJ5DABeTpGOgpl+uqa9JKDLjA88+lT5XdRgOW6ynk
+uyL+WzTaAow2EracPqTk1zOjrNhFZXU3aFVj69jRbyhm/KytFQhnQUEyP+1g/AHh
+uYgklR6c7mk70pH474E=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch4.3_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch4.3_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:42 2011 GMT
+ Not After : Jan 5 22:37:42 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4.3_ta1/emailAddress=ch4.3_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bf:bb:29:f0:2f:1e:74:b0:bc:ea:4d:fe:c7:9b:
- d3:4c:ce:d5:46:d1:11:ef:56:6f:9a:be:1a:53:c3:
- 04:3b:cd:10:14:87:67:c5:87:39:8e:a3:17:aa:42:
- f4:09:cc:31:68:2a:6e:1c:50:2c:70:5a:de:59:10:
- c0:74:ea:73:2b:06:1c:d9:20:29:f4:48:d5:c9:1e:
- 29:0a:9d:47:73:68:50:f4:75:34:06:93:d5:a9:7e:
- b8:20:2e:6d:ef:79:c3:92:83:79:53:4b:26:9e:80:
- 32:19:5f:39:fe:44:7b:89:09:dc:63:7a:4c:ad:d6:
- 77:31:1a:9c:26:3c:af:3c:7b
+ 00:e2:d0:ba:91:89:c2:26:21:4c:9d:68:63:7e:87:
+ 9b:9e:31:52:4d:30:b3:2b:9c:26:85:40:63:69:66:
+ 7c:5d:52:73:d3:61:01:78:18:0e:46:21:6d:34:1f:
+ 84:e2:42:72:9c:ef:68:7e:49:a6:3d:62:82:f3:0f:
+ 95:74:13:88:a1:d1:bf:00:93:10:24:d2:fc:bd:1a:
+ a7:4f:f2:24:b2:60:d5:57:96:62:09:c8:94:5f:b6:
+ 57:38:f1:00:62:97:d9:a2:35:d6:95:47:97:78:48:
+ 17:77:2b:c4:62:fa:00:0c:f1:d4:6e:e1:74:25:38:
+ 0f:5c:57:af:92:37:e7:18:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- B2:F9:FB:5A:A8:19:23:A0:E6:D5:C5:4C:B0:2D:8B:01:65:7F:9E:49
+ 9E:F5:29:85:12:A6:F3:26:1C:25:81:F4:75:82:9E:80:B1:33:8D:BE
X509v3 Authority Key Identifier:
- keyid:9D:49:C0:40:BE:F9:2D:9D:38:CF:BB:7C:6C:33:70:E3:13:2C:F9:05
+ keyid:D0:F9:37:92:54:28:C0:40:AE:62:94:51:42:6A:7C:8E:37:5F:AC:A8
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch2_ta1/emailAddress=ch2_ta1
serial:03
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 44:f7:b5:6e:5f:59:fc:8f:11:6f:c8:52:14:e2:f6:e2:13:36:
- 03:88:ab:7f:86:bc:56:a6:d8:f1:94:bd:ac:48:36:f5:af:5d:
- 63:f5:47:1e:03:ac:64:2d:08:ee:1c:4f:0b:08:3d:cf:48:0a:
- 2b:94:12:d7:b7:96:00:d0:76:e6:3b:63:fa:ea:2a:c8:46:04:
- 94:9e:a2:51:88:b5:54:96:63:6d:a5:10:f2:6c:3b:fb:2b:ef:
- cc:ee:8a:d4:c1:a0:05:e4:c0:4f:23:dc:2b:5b:c3:18:37:68:
- 90:98:3d:12:17:e0:b8:e4:38:75:34:58:08:03:05:15:3d:b7:
- b6:64
+ 87:45:e7:89:11:9c:2a:47:8e:63:84:93:80:3f:03:27:65:dd:
+ 19:50:aa:1f:e5:50:67:c9:d8:3f:1e:74:85:fb:46:b2:c8:1c:
+ 22:cb:a9:d0:d4:26:60:06:6e:9e:15:7e:d3:5a:06:8d:95:26:
+ 36:10:16:e9:08:92:fb:9a:45:14:99:b5:ac:ee:06:d2:6b:c4:
+ 21:63:13:b4:55:1f:c3:35:02:56:9e:7d:d1:4a:1f:45:91:f6:
+ c1:28:c3:f9:aa:e0:31:63:cc:c0:5d:77:7f:54:65:98:a3:39:
+ eb:73:83:ab:74:f3:c2:3e:be:9b:fe:18:75:3c:44:ad:a2:fc:
+ c2:42
-----BEGIN CERTIFICATE-----
MIIDPjCCAqegAwIBAgIBDDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gzX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gzX3Rh
-MTAeFw0xMTAzMjEwMDQ5MjZaFw0xMzEyMTUwMDQ5MjZaMHQxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3NDJaFw0xNDAxMDUyMjM3NDJaMHQxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRIwEAYDVQQDFAljaDQuM190YTExGDAWBgkqhkiG9w0BCQEWCWNo
-NC4zX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv7sp8C8edLC86k3+
-x5vTTM7VRtER71Zvmr4aU8MEO80QFIdnxYc5jqMXqkL0CcwxaCpuHFAscFreWRDA
-dOpzKwYc2SAp9EjVyR4pCp1Hc2hQ9HU0BpPVqX64IC5t73nDkoN5U0smnoAyGV85
-/kR7iQncY3pMrdZ3MRqcJjyvPHsCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUsvn7WqgZ
-I6Dm1cVMsC2LAWV/nkkwgZoGA1UdIwSBkjCBj4AUnUnAQL75LZ04z7t8bDNw4xMs
-+QWhdKRyMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYD
+NC4zX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4tC6kYnCJiFMnWhj
+foebnjFSTTCzK5wmhUBjaWZ8XVJz02EBeBgORiFtNB+E4kJynO9ofkmmPWKC8w+V
+dBOIodG/AJMQJNL8vRqnT/IksmDVV5ZiCciUX7ZXOPEAYpfZojXWlUeXeEgXdyvE
+YvoADPHUbuF0JTgPXFevkjfnGCECAwEAAaOB4zCB4DAdBgNVHQ4EFgQUnvUphRKm
+8yYcJYH0dYKegLEzjb4wgZoGA1UdIwSBkjCBj4AU0Pk3klQowECuYpRRQmp8jjdf
+rKihdKRyMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYD
VQQHEwpNZW5sbyBQYXJrMQ0wCwYDVQQKEwRwa2c1MRAwDgYDVQQDFAdjaDJfdGEx
MRYwFAYJKoZIhvcNAQkBFgdjaDJfdGExggEDMBIGA1UdEwEB/wQIMAYBAf8CAQAw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAET3tW5fWfyPEW/IUhTi
-9uITNgOIq3+GvFam2PGUvaxINvWvXWP1Rx4DrGQtCO4cTwsIPc9ICiuUEte3lgDQ
-duY7Y/rqKshGBJSeolGItVSWY22lEPJsO/sr78zuitTBoAXkwE8j3Ctbwxg3aJCY
-PRIX4LjkOHU0WAgDBRU9t7Zk
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIdF54kRnCpHjmOEk4A/
+Aydl3RlQqh/lUGfJ2D8edIX7RrLIHCLLqdDUJmAGbp4VftNaBo2VJjYQFukIkvua
+RRSZtazuBtJrxCFjE7RVH8M1AlaefdFKH0WR9sEow/mq4DFjzMBdd39UZZijOetz
+g6t088I+vpv+GHU8RK2i/MJC
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch4_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch4_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch3_ta1/emailAddress=ch3_ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:39 2011 GMT
+ Not After : Jan 5 22:37:39 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bc:b0:1a:27:f4:c4:84:a7:3e:96:d8:95:a1:35:
- 16:b8:82:cc:de:c1:b5:3e:66:0d:0e:cd:3f:5f:38:
- f1:aa:ae:0b:63:56:87:52:e5:b0:b0:6e:6b:fb:47:
- 97:03:db:50:04:25:d8:f9:75:9b:81:4f:d9:99:bd:
- 53:47:0a:97:7c:d4:02:40:b8:92:5d:77:d2:2d:64:
- 88:f7:a9:dc:c2:ba:96:f0:74:fa:61:53:9e:a6:84:
- 97:ed:97:49:08:36:29:d5:2c:f4:05:d3:81:e2:f8:
- 7f:f0:05:96:05:29:b0:2f:29:66:6d:32:3d:1e:b7:
- 79:b5:67:e7:34:4b:00:79:47
+ 00:f5:af:af:99:95:f3:52:3b:eb:be:62:e6:eb:9f:
+ c5:f8:ff:8f:0c:d2:e3:c7:06:b1:45:ca:ff:8c:fc:
+ 3d:bc:f4:6d:e3:f9:ac:12:69:d5:a1:6f:02:52:ad:
+ 50:34:7e:cc:a7:ee:82:04:b3:5b:e6:be:cc:44:e6:
+ b8:d2:fc:1d:2a:80:d8:0c:c1:3c:4f:95:31:68:8a:
+ fb:2b:e2:aa:b2:54:7c:3a:d3:86:6d:5f:20:b6:29:
+ 23:ae:74:09:fd:9a:d3:45:e2:e3:2a:62:1f:91:fd:
+ a2:b1:2f:26:68:fb:4d:69:fb:66:1f:0b:4b:1a:52:
+ ac:e1:8b:69:b1:16:96:89:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 52:80:D6:40:50:47:FD:82:5A:83:A4:24:CE:3E:DC:C7:E1:6F:56:00
+ B2:A1:C2:1D:B7:20:56:20:8C:64:DA:BA:06:C6:5A:E4:0A:23:6E:01
X509v3 Authority Key Identifier:
- keyid:9D:49:C0:40:BE:F9:2D:9D:38:CF:BB:7C:6C:33:70:E3:13:2C:F9:05
+ keyid:D0:F9:37:92:54:28:C0:40:AE:62:94:51:42:6A:7C:8E:37:5F:AC:A8
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch2_ta1/emailAddress=ch2_ta1
serial:03
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 65:cf:99:2f:0c:5c:87:4b:5c:8e:19:82:57:a8:a2:f9:51:a0:
- 89:24:0b:6e:ca:8b:68:4c:1f:28:ee:8d:95:44:9d:23:52:76:
- 6d:90:cb:7f:ab:0a:46:87:0c:69:94:41:4b:2e:04:ef:e9:72:
- f4:17:ab:6f:86:76:dd:19:e3:65:cb:df:31:e5:2b:10:fb:04:
- 6e:b8:60:e4:59:98:09:2b:13:31:2f:8d:c6:28:24:1f:39:ae:
- 2e:39:8c:8f:8f:d1:0c:6b:cd:be:db:16:c9:8d:aa:f0:94:c5:
- da:cd:85:08:fc:02:2b:f2:6e:e4:d6:9a:ef:55:0c:c2:d0:ba:
- c0:27
+ d5:54:78:2a:2c:5f:82:26:03:07:71:54:04:2d:81:e5:dd:a6:
+ b1:92:8a:37:5f:52:f0:13:cd:35:4a:2b:a7:24:9c:44:7b:ac:
+ 1d:3c:52:82:e4:15:85:a9:d4:19:4d:55:c6:85:74:ac:2a:6c:
+ 42:9f:92:d9:86:02:d8:90:a8:53:28:31:e1:e2:33:1b:d5:05:
+ c3:f7:94:86:10:5d:78:62:96:a7:d1:e3:b4:be:0e:e6:8c:03:
+ ef:4c:03:96:4e:6d:9a:b2:32:55:46:20:cf:41:d1:4f:db:c6:
+ 57:34:df:51:d4:b9:9d:bf:d1:20:a5:e6:a0:34:ef:ab:e8:e9:
+ 93:ce
-----BEGIN CERTIFICATE-----
MIIDOjCCAqOgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gzX3RhMTEWMBQGCSqGSIb3DQEJARYHY2gzX3Rh
-MTAeFw0xMTAzMjEwMDQ5MjNaFw0xMzEyMTUwMDQ5MjNaMHAxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3MzlaFw0xNDAxMDUyMjM3MzlaMHAxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRAwDgYDVQQDFAdjaDRfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDRf
-dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8sBon9MSEpz6W2JWhNRa4
-gszewbU+Zg0OzT9fOPGqrgtjVodS5bCwbmv7R5cD21AEJdj5dZuBT9mZvVNHCpd8
-1AJAuJJdd9ItZIj3qdzCupbwdPphU56mhJftl0kINinVLPQF04Hi+H/wBZYFKbAv
-KWZtMj0et3m1Z+c0SwB5RwIDAQABo4HjMIHgMB0GA1UdDgQWBBRSgNZAUEf9glqD
-pCTOPtzH4W9WADCBmgYDVR0jBIGSMIGPgBSdScBAvvktnTjPu3xsM3DjEyz5BaF0
+dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD1r6+ZlfNSO+u+Yubrn8X4
+/48M0uPHBrFFyv+M/D289G3j+awSadWhbwJSrVA0fsyn7oIEs1vmvsxE5rjS/B0q
+gNgMwTxPlTFoivsr4qqyVHw604ZtXyC2KSOudAn9mtNF4uMqYh+R/aKxLyZo+01p
++2YfC0saUqzhi2mxFpaJEwIDAQABo4HjMIHgMB0GA1UdDgQWBBSyocIdtyBWIIxk
+2roGxlrkCiNuATCBmgYDVR0jBIGSMIGPgBTQ+TeSVCjAQK5ilFFCanyON1+sqKF0
pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcT
Ck1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxEDAOBgNVBAMUB2NoMl90YTExFjAU
BgkqhkiG9w0BCQEWB2NoMl90YTGCAQMwEgYDVR0TAQH/BAgwBgEB/wIBATAOBgNV
-HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAZc+ZLwxch0tcjhmCV6ii+VGg
-iSQLbsqLaEwfKO6NlUSdI1J2bZDLf6sKRocMaZRBSy4E7+ly9Berb4Z23RnjZcvf
-MeUrEPsEbrhg5FmYCSsTMS+NxigkHzmuLjmMj4/RDGvNvtsWyY2q8JTF2s2FCPwC
-K/Ju5Naa71UMwtC6wCc=
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEA1VR4KixfgiYDB3FUBC2B5d2m
+sZKKN19S8BPNNUorpyScRHusHTxSguQVhanUGU1VxoV0rCpsQp+S2YYC2JCoUygx
+4eIzG9UFw/eUhhBdeGKWp9HjtL4O5owD70wDlk5tmrIyVUYgz0HRT9vGVzTfUdS5
+nb/RIKXmoDTvq+jpk84=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.1_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.1_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
Validity
- Not Before: Mar 21 00:49:24 2011 GMT
- Not After : Dec 15 00:49:24 2013 GMT
+ Not Before: Apr 11 22:37:40 2011 GMT
+ Not After : Jan 5 22:37:40 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.1_ta1/emailAddress=ch5.1_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d7:b9:78:e1:ad:bd:98:ac:da:90:68:26:db:d7:
- ed:5b:e4:0f:d7:ef:c1:4d:84:20:4b:7c:ef:27:50:
- 4b:ab:e0:61:10:10:ae:6b:d6:ed:96:b3:04:18:b2:
- 4d:30:b8:23:97:24:a9:92:6a:19:95:fc:bc:7a:70:
- ab:65:55:26:4a:62:dd:09:df:9b:03:e1:38:f8:ba:
- ac:2d:26:f3:76:84:c9:5d:f8:21:a0:57:d0:6c:ad:
- 2e:60:cc:af:15:03:8f:e5:e0:e2:86:df:ed:07:a5:
- 4a:35:fe:65:78:94:5f:07:bd:d0:f7:7a:28:8e:5d:
- 98:21:7b:c5:6d:fe:43:5c:57
+ 00:cc:de:54:ed:78:31:c0:7c:e4:25:98:a3:0d:fa:
+ 77:08:f3:39:c4:9f:88:41:ee:00:a3:35:ed:b6:f0:
+ cc:a3:fd:0f:ce:3c:70:b5:aa:1e:42:4e:5c:ae:d8:
+ cb:99:53:ef:1e:49:f9:4c:5f:47:be:d0:e6:e2:f1:
+ 12:29:d5:77:75:88:79:4c:3b:64:05:ba:08:5d:dc:
+ ed:1f:7f:15:92:69:ec:b9:c9:84:f0:7d:3f:db:66:
+ 34:a5:35:8c:22:9b:5f:4b:19:83:15:35:49:7c:4b:
+ 77:35:2c:c4:58:34:15:f1:66:99:ce:65:d3:06:b7:
+ d2:35:d7:96:39:ee:d8:08:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,27 +29,27 @@
<EMPTY>
Signature Algorithm: sha256WithRSAEncryption
- 57:9c:5a:4b:ab:37:f1:61:c6:ab:27:91:f0:8b:68:aa:8d:81:
- 0b:6f:4c:ae:9b:05:91:e6:f3:1a:91:6f:8a:e8:5c:a4:9e:dd:
- a9:aa:2f:2a:85:e9:77:6d:d4:04:d5:07:e4:ad:3d:db:90:8f:
- 08:99:ca:c2:4c:c5:8c:c9:6b:01:e8:98:2f:6e:ad:17:46:59:
- 15:3a:72:ee:16:30:3e:14:82:6a:7f:ea:89:ce:b8:9d:00:14:
- af:c7:bf:06:54:04:c5:3c:ab:f6:96:48:1a:a5:60:b5:3d:94:
- 41:91:24:8a:98:bb:8d:ea:be:f3:4b:2d:fc:8d:de:06:48:9e:
- 35:55
+ 22:ec:49:fd:44:5e:9a:b1:55:f7:29:4c:cf:66:ff:1f:ce:d7:
+ e6:31:ae:b5:f3:3b:c9:d8:e4:d4:4a:59:ff:db:9a:88:23:28:
+ 14:62:78:03:b8:36:d8:32:56:c6:d2:09:0f:e4:33:ea:02:7f:
+ 24:02:fc:4c:58:5c:e7:3a:4c:b6:69:55:bc:5e:c8:3e:c2:97:
+ 66:82:74:6a:1c:1e:ae:ae:3d:35:f5:6e:a3:a5:9b:9d:23:d5:
+ da:de:e2:47:ee:ea:78:8a:36:19:73:f5:7f:38:bd:0e:bb:56:
+ 3c:c8:21:0e:5a:57:a0:cf:08:50:e6:80:ef:3e:e5:ed:64:69:
+ d6:6d
-----BEGIN CERTIFICATE-----
MIICezCCAeSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2g0X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g0X3Rh
-MTAeFw0xMTAzMjEwMDQ5MjRaFw0xMzEyMTUwMDQ5MjRaMHQxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3NDBaFw0xNDAxMDUyMjM3NDBaMHQxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRIwEAYDVQQDFAljaDUuMV90YTExGDAWBgkqhkiG9w0BCQEWCWNo
-NS4xX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA17l44a29mKzakGgm
-29ftW+QP1+/BTYQgS3zvJ1BLq+BhEBCua9btlrMEGLJNMLgjlySpkmoZlfy8enCr
-ZVUmSmLdCd+bA+E4+LqsLSbzdoTJXfghoFfQbK0uYMyvFQOP5eDiht/tB6VKNf5l
-eJRfB73Q93oojl2YIXvFbf5DXFcCAwEAAaMhMB8wDwYDVR0TAQH/BAUwAwEB/zAM
-BgNVHRIBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4GBAFecWkurN/FhxqsnkfCLaKqN
-gQtvTK6bBZHm8xqRb4roXKSe3amqLyqF6Xdt1ATVB+StPduQjwiZysJMxYzJawHo
-mC9urRdGWRU6cu4WMD4Ugmp/6onOuJ0AFK/HvwZUBMU8q/aWSBqlYLU9lEGRJIqY
-u43qvvNLLfyN3gZInjVV
+NS4xX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzN5U7XgxwHzkJZij
+Dfp3CPM5xJ+IQe4AozXttvDMo/0PzjxwtaoeQk5crtjLmVPvHkn5TF9HvtDm4vES
+KdV3dYh5TDtkBboIXdztH38VkmnsucmE8H0/22Y0pTWMIptfSxmDFTVJfEt3NSzE
+WDQV8WaZzmXTBrfSNdeWOe7YCJECAwEAAaMhMB8wDwYDVR0TAQH/BAUwAwEB/zAM
+BgNVHRIBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4GBACLsSf1EXpqxVfcpTM9m/x/O
+1+YxrrXzO8nY5NRKWf/bmogjKBRieAO4NtgyVsbSCQ/kM+oCfyQC/ExYXOc6TLZp
+VbxeyD7Cl2aCdGocHq6uPTX1bqOlm50j1dre4kfu6niKNhlz9X84vQ67VjzIIQ5a
+V6DPCFDmgO8+5e1kadZt
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.2_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.2_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
Validity
- Not Before: Mar 21 00:49:24 2011 GMT
- Not After : Dec 15 00:49:24 2013 GMT
+ Not Before: Apr 11 22:37:41 2011 GMT
+ Not After : Jan 5 22:37:41 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.2_ta1/emailAddress=ch5.2_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ae:6a:8e:9d:ec:f8:54:be:fb:5c:ae:02:f6:32:
- dc:e0:8c:a7:3a:26:62:27:93:68:2d:c5:7d:84:0a:
- ae:c5:d6:a6:61:a5:d4:0b:6c:e2:b8:43:6a:a4:af:
- 78:a7:dc:4d:b4:d5:b1:85:67:57:d2:a8:61:c4:08:
- 21:34:07:4c:d5:87:71:65:8b:d3:af:44:87:3f:f5:
- d5:2d:45:83:3e:52:4d:0a:6d:cb:68:55:8e:f4:bc:
- 2b:50:6d:e6:69:50:68:6c:a1:be:ec:cd:e2:96:96:
- 96:04:8d:ba:32:b9:0d:90:87:0f:ff:f0:ab:77:92:
- 51:ac:ef:36:b3:6b:2d:17:93
+ 00:c5:27:9b:4d:c3:41:cf:96:d4:f0:21:59:1b:77:
+ ce:54:81:dc:05:57:1f:56:69:8c:5f:58:3f:88:4a:
+ c6:73:bd:a9:4a:d0:f8:a3:33:1b:4f:d8:94:b5:d3:
+ 95:bd:00:06:d1:18:e8:ea:9e:41:ad:06:ea:c6:cc:
+ 9f:93:a7:c4:a0:3e:05:62:4c:3f:1c:88:79:a0:a1:
+ eb:f3:94:d0:1b:8c:a8:9f:4c:3b:37:80:06:6b:00:
+ e7:30:6c:d4:c2:51:27:7f:1a:e5:95:a7:1c:15:d6:
+ 98:0e:1f:2f:28:b7:a7:75:60:56:8e:74:a0:86:9a:
+ 06:d5:23:0f:11:83:02:95:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 51:52:C7:88:A6:9D:32:EF:AC:95:BF:79:10:0B:6E:F7:65:94:A7:F9
+ 89:81:B5:75:FE:47:C0:C6:F5:28:97:38:D7:FC:58:E9:62:8D:31:C0
X509v3 Authority Key Identifier:
- keyid:52:80:D6:40:50:47:FD:82:5A:83:A4:24:CE:3E:DC:C7:E1:6F:56:00
+ keyid:B2:A1:C2:1D:B7:20:56:20:8C:64:DA:BA:06:C6:5A:E4:0A:23:6E:01
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
serial:04
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 61:86:a8:a9:d8:9f:08:19:cc:fd:ad:24:65:2e:67:dc:39:79:
- 35:75:d5:c4:06:4b:e2:84:ce:86:9a:b8:b9:d6:00:a4:47:41:
- a8:57:4f:09:2d:b4:cb:7f:40:73:8a:a3:fe:9d:eb:14:00:f0:
- e8:f5:23:b2:30:19:31:d9:15:98:96:f2:6b:80:9e:11:52:b2:
- f5:d3:ed:30:38:c7:a0:d1:21:fc:7a:99:cd:1f:a8:fc:6b:0b:
- 31:29:02:1a:1e:77:c8:75:70:5f:13:cf:92:02:79:a9:e1:d7:
- d9:2a:38:f7:ff:0a:8d:21:1a:5a:8e:25:1e:8c:a7:02:f0:ff:
- ef:02
+ 63:3d:1b:46:ff:99:65:19:01:e8:fc:b1:a4:22:30:8c:da:43:
+ c5:79:05:0c:60:3a:0f:4b:3f:53:63:f0:12:63:a9:ee:63:10:
+ 15:aa:f4:ae:13:10:4f:43:b4:31:8c:84:f5:c1:0b:86:ab:7b:
+ 78:7e:7c:9b:3c:26:56:8e:aa:54:3b:ad:7e:be:23:3e:8f:8c:
+ cf:47:22:7d:f6:83:53:ca:72:f1:02:9a:07:4a:f7:94:00:1b:
+ d2:57:80:6d:c9:37:ab:58:d6:54:71:90:de:c9:3f:ee:c3:b5:
+ 5c:0e:46:09:30:cf:95:58:2f:07:64:fe:27:70:9e:d0:29:dd:
+ f5:25
-----BEGIN CERTIFICATE-----
MIIDPjCCAqegAwIBAgIBCjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2g0X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g0X3Rh
-MTAeFw0xMTAzMjEwMDQ5MjRaFw0xMzEyMTUwMDQ5MjRaMHQxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3NDFaFw0xNDAxMDUyMjM3NDFaMHQxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRIwEAYDVQQDFAljaDUuMl90YTExGDAWBgkqhkiG9w0BCQEWCWNo
-NS4yX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArmqOnez4VL77XK4C
-9jLc4IynOiZiJ5NoLcV9hAquxdamYaXUC2ziuENqpK94p9xNtNWxhWdX0qhhxAgh
-NAdM1YdxZYvTr0SHP/XVLUWDPlJNCm3LaFWO9LwrUG3maVBobKG+7M3ilpaWBI26
-MrkNkIcP//Crd5JRrO82s2stF5MCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUUVLHiKad
-Mu+slb95EAtu92WUp/kwgZoGA1UdIwSBkjCBj4AUUoDWQFBH/YJag6Qkzj7cx+Fv
-VgChdKRyMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYD
+NS4yX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxSebTcNBz5bU8CFZ
+G3fOVIHcBVcfVmmMX1g/iErGc72pStD4ozMbT9iUtdOVvQAG0Rjo6p5BrQbqxsyf
+k6fEoD4FYkw/HIh5oKHr85TQG4yon0w7N4AGawDnMGzUwlEnfxrllaccFdaYDh8v
+KLendWBWjnSghpoG1SMPEYMClXMCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUiYG1df5H
+wMb1KJc41/xY6WKNMcAwgZoGA1UdIwSBkjCBj4AUsqHCHbcgViCMZNq6BsZa5Aoj
+bgGhdKRyMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYD
VQQHEwpNZW5sbyBQYXJrMQ0wCwYDVQQKEwRwa2c1MRAwDgYDVQQDFAdjaDNfdGEx
MRYwFAYJKoZIhvcNAQkBFgdjaDNfdGExggEEMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAGGGqKnYnwgZzP2tJGUu
-Z9w5eTV11cQGS+KEzoaauLnWAKRHQahXTwkttMt/QHOKo/6d6xQA8Oj1I7IwGTHZ
-FZiW8muAnhFSsvXT7TA4x6DRIfx6mc0fqPxrCzEpAhoed8h1cF8Tz5ICeanh19kq
-OPf/Co0hGlqOJR6MpwLw/+8C
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAGM9G0b/mWUZAej8saQi
+MIzaQ8V5BQxgOg9LP1Nj8BJjqe5jEBWq9K4TEE9DtDGMhPXBC4are3h+fJs8JlaO
+qlQ7rX6+Iz6PjM9HIn32g1PKcvECmgdK95QAG9JXgG3JN6tY1lRxkN7JP+7DtVwO
+Rgkwz5VYLwdk/idwntAp3fUl
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.3_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch5.3_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4.3_ta1/emailAddress=ch4.3_ta1
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:42 2011 GMT
+ Not After : Jan 5 22:37:42 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.3_ta1/emailAddress=ch5.3_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b6:f8:e3:58:93:ea:62:c9:34:62:40:97:14:c7:
- 2e:45:45:56:a8:05:4b:da:9d:6e:7f:0e:54:92:00:
- 9a:0d:c7:cf:5f:65:49:35:1a:d3:9d:e3:53:62:59:
- ab:94:9e:01:8b:df:d6:7f:ea:d9:c9:f8:ff:cb:a3:
- 43:4e:4b:ba:d4:8c:fb:e7:4d:0b:ac:d3:c2:1b:54:
- eb:9a:17:95:d9:9d:38:e6:e9:b6:7f:d6:da:1a:33:
- d0:2e:f7:93:67:9c:1e:7f:12:1f:71:37:a0:e5:ac:
- f6:18:81:5e:bc:a0:75:a6:96:18:01:6e:7a:e2:42:
- 2a:90:d1:31:64:f1:06:31:f5
+ 00:be:99:38:81:c2:5f:37:c3:d2:cc:7f:01:19:61:
+ 8d:8b:57:70:3a:2c:36:c1:c8:e4:a6:33:2a:bc:27:
+ e9:cf:d7:ca:49:90:d2:e0:f1:82:0e:7d:50:aa:e3:
+ 8c:ca:07:61:bf:d3:fd:1e:f3:af:ec:00:dd:d2:ab:
+ 70:6a:1a:5a:00:32:ec:04:a3:a4:25:b1:82:1d:90:
+ 3c:f9:ae:91:90:d7:d6:c2:0e:8d:31:55:62:e2:6b:
+ 10:e0:10:6f:33:93:78:2f:58:b7:46:f4:b9:1a:4c:
+ fd:81:b2:66:42:95:4b:a1:ff:46:9e:9d:f6:32:56:
+ 63:88:bc:83:43:54:bb:ce:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 63:11:18:64:5B:58:88:7E:89:2C:0C:88:B4:3F:5C:02:58:7B:4A:E7
+ 9F:45:5B:75:2A:5E:64:78:D2:D9:6F:34:3C:19:AE:27:DE:D7:6C:98
X509v3 Authority Key Identifier:
- keyid:B2:F9:FB:5A:A8:19:23:A0:E6:D5:C5:4C:B0:2D:8B:01:65:7F:9E:49
+ keyid:9E:F5:29:85:12:A6:F3:26:1C:25:81:F4:75:82:9E:80:B1:33:8D:BE
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
serial:0C
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 90:9a:37:9a:90:06:27:6c:4a:27:9e:c4:b5:e0:28:50:27:b2:
- 0c:d0:64:74:de:79:3f:b8:c1:10:76:a9:5a:04:2e:78:3d:e7:
- d7:f8:64:aa:0e:1a:a0:bb:0e:3b:23:f0:e8:68:0d:9d:f4:1b:
- c0:4e:2c:90:b2:5d:de:41:4b:56:6a:85:26:05:83:3a:cf:e2:
- b0:2a:f7:99:d9:37:6e:df:2a:24:3f:1e:22:6b:a3:cd:b4:4a:
- da:64:32:a3:5b:f5:02:44:12:65:cd:f3:15:29:71:77:b1:93:
- 9b:ea:67:5d:de:c0:32:f6:f2:aa:a1:f0:d8:36:d9:5e:d7:50:
- e6:cc
+ 62:7d:64:11:6a:5f:cd:6d:09:ae:5c:5f:d7:ef:5e:08:1f:c0:
+ 6d:b0:b5:a1:28:74:88:95:10:93:2b:50:a4:7f:f3:92:3c:75:
+ 23:ad:4b:e6:bd:ae:62:35:74:1c:0f:fd:00:e4:e7:e2:53:80:
+ b9:c5:30:1e:47:83:39:a5:88:3d:9b:a2:ee:86:27:94:cb:f5:
+ 57:ba:91:ce:70:d7:12:a0:61:39:64:af:70:91:12:41:5e:4c:
+ 7e:5d:5e:b0:42:05:31:e5:13:fd:bc:86:cc:b6:bc:4e:4c:69:
+ b6:2f:0e:63:80:16:c2:6d:7c:68:07:b6:a7:b4:04:ff:0b:97:
+ 51:ee
-----BEGIN CERTIFICATE-----
MIIDQjCCAqugAwIBAgIBDTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2g0LjNfdGExMRgwFgYJKoZIhvcNAQkBFgljaDQu
-M190YTEwHhcNMTEwMzIxMDA0OTI2WhcNMTMxMjE1MDA0OTI2WjB0MQswCQYDVQQG
+M190YTEwHhcNMTEwNDExMjIzNzQyWhcNMTQwMTA1MjIzNzQyWjB0MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTESMBAGA1UEAxQJY2g1LjNfdGExMRgwFgYJKoZIhvcNAQkB
-FgljaDUuM190YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALb441iT6mLJ
-NGJAlxTHLkVFVqgFS9qdbn8OVJIAmg3Hz19lSTUa053jU2JZq5SeAYvf1n/q2cn4
-/8ujQ05LutSM++dNC6zTwhtU65oXldmdOObptn/W2hoz0C73k2ecHn8SH3E3oOWs
-9hiBXrygdaaWGAFueuJCKpDRMWTxBjH1AgMBAAGjgeMwgeAwHQYDVR0OBBYEFGMR
-GGRbWIh+iSwMiLQ/XAJYe0rnMIGaBgNVHSMEgZIwgY+AFLL5+1qoGSOg5tXFTLAt
-iwFlf55JoXSkcjBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTET
+FgljaDUuM190YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6ZOIHCXzfD
+0sx/ARlhjYtXcDosNsHI5KYzKrwn6c/XykmQ0uDxgg59UKrjjMoHYb/T/R7zr+wA
+3dKrcGoaWgAy7ASjpCWxgh2QPPmukZDX1sIOjTFVYuJrEOAQbzOTeC9Yt0b0uRpM
+/YGyZkKVS6H/Rp6d9jJWY4i8g0NUu86hAgMBAAGjgeMwgeAwHQYDVR0OBBYEFJ9F
+W3UqXmR40tlvNDwZrife12yYMIGaBgNVHSMEgZIwgY+AFJ71KYUSpvMmHCWB9HWC
+noCxM42+oXSkcjBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTET
MBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTEQMA4GA1UEAxQHY2gz
X3RhMTEWMBQGCSqGSIb3DQEJARYHY2gzX3RhMYIBDDASBgNVHRMBAf8ECDAGAQH/
-AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOBgQCQmjeakAYnbEon
-nsS14ChQJ7IM0GR03nk/uMEQdqlaBC54PefX+GSqDhqguw47I/DoaA2d9BvATiyQ
-sl3eQUtWaoUmBYM6z+KwKveZ2Tdu3yokPx4ia6PNtEraZDKjW/UCRBJlzfMVKXF3
-sZOb6mdd3sAy9vKqofDYNtle11DmzA==
+AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOBgQBifWQRal/NbQmu
+XF/X714IH8BtsLWhKHSIlRCTK1Ckf/OSPHUjrUvmva5iNXQcD/0A5OfiU4C5xTAe
+R4M5pYg9m6LuhieUy/VXupHOcNcSoGE5ZK9wkRJBXkx+XV6wQgUx5RP9vIbMtrxO
+TGm2Lw5jgBbCbXxoB7antAT/C5dR7g==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/chain_certs/ch5_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/chain_certs/ch5_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch4_ta1/emailAddress=ch4_ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:39 2011 GMT
+ Not After : Jan 5 22:37:39 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5_ta1/emailAddress=ch5_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d3:82:fa:b8:50:8a:e0:df:3b:22:76:0f:c1:a2:
- 7b:fa:c3:09:fc:49:9f:ac:e3:9e:f1:60:66:8f:04:
- ec:80:fd:1b:5c:a0:b1:3c:14:e0:79:d6:f9:49:d1:
- 69:21:af:c6:37:7b:f0:e1:29:9e:a5:85:45:ec:e0:
- 2b:5b:79:4b:39:28:0a:ab:5a:38:46:48:4e:c2:95:
- b0:ff:77:50:b0:32:25:95:11:c6:52:ff:27:d0:e6:
- 83:5a:3e:6a:58:11:66:ba:84:ac:7a:d3:db:b4:75:
- fa:41:ea:ad:af:13:5b:12:b4:c3:3b:46:38:13:5d:
- 53:b2:59:33:fc:76:5e:e9:d7
+ 00:c3:8d:d0:ab:25:75:ba:f5:20:df:7c:8a:d4:cd:
+ 40:f6:c3:ca:25:11:b5:30:d6:27:fa:e4:a0:11:d6:
+ aa:32:7d:c8:15:9d:d7:6f:7f:ae:80:de:28:c3:ae:
+ 77:a8:7f:f1:05:e9:6b:bc:63:a9:a6:91:04:3b:79:
+ 6b:96:f2:e0:9a:17:79:d3:04:0a:5f:46:09:b5:6f:
+ 3e:a9:f4:34:47:62:18:f4:28:f7:d9:09:cd:4f:8a:
+ 33:df:9b:69:9b:61:ce:72:c7:35:ed:61:a0:5b:0c:
+ c1:61:00:0a:ac:83:9a:6a:3c:6d:30:96:eb:77:8c:
+ 28:3f:fc:62:8a:fa:60:8e:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- ED:B5:69:19:79:F6:9F:B1:40:1F:75:72:AD:B9:B6:7B:EF:65:4A:E9
+ 69:C7:BA:72:9C:7F:C3:92:8D:F6:A6:D0:20:48:5A:8E:A7:B6:E7:82
X509v3 Authority Key Identifier:
- keyid:52:80:D6:40:50:47:FD:82:5A:83:A4:24:CE:3E:DC:C7:E1:6F:56:00
+ keyid:B2:A1:C2:1D:B7:20:56:20:8C:64:DA:BA:06:C6:5A:E4:0A:23:6E:01
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
serial:04
@@ -35,31 +35,31 @@
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
- 13:d3:94:3b:b2:b5:f4:74:4d:09:85:d8:53:0a:c9:b5:54:ab:
- 83:3b:55:9c:a6:28:33:35:fb:ba:1b:86:4c:19:39:35:f4:91:
- 4c:9b:78:1e:30:73:58:41:da:b9:5b:7f:54:b1:39:5d:47:56:
- d8:cc:3a:4b:7a:1c:32:32:b8:9b:90:be:a3:f6:04:87:ea:4c:
- 81:95:0a:aa:09:03:86:db:d8:61:4f:4b:ea:40:ac:09:eb:7b:
- 8a:39:07:4d:6a:54:b5:fc:9b:72:52:79:9a:a5:89:01:0d:00:
- aa:6c:ab:7a:4e:1b:d8:63:c4:a2:dc:7c:51:df:7c:1c:36:ad:
- a6:ec
+ e7:9a:14:6b:dc:a5:fa:da:15:2a:f0:b5:87:ef:82:df:2c:b1:
+ 8b:f9:f6:a5:a0:e6:d2:86:da:46:69:68:6f:68:26:5c:79:73:
+ 21:31:ea:b4:a7:e6:58:c9:12:cd:8c:c0:d0:e2:05:f0:6f:1d:
+ 56:e5:3f:4a:32:eb:02:39:b6:6e:cb:c4:e1:d5:21:0f:63:1e:
+ 4f:0b:3d:af:ca:5a:7b:2b:9c:7f:51:44:7a:39:73:e5:f2:ba:
+ 48:85:20:f9:36:b5:c2:14:44:da:7d:ae:83:2e:b4:d8:f1:77:
+ 19:97:c0:c7:8b:e7:62:81:93:75:ed:93:dd:19:4b:36:00:ba:
+ c6:2d
-----BEGIN CERTIFICATE-----
MIIDOjCCAqOgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2g0X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g0X3Rh
-MTAeFw0xMTAzMjEwMDQ5MjNaFw0xMzEyMTUwMDQ5MjNaMHAxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3MzlaFw0xNDAxMDUyMjM3MzlaMHAxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRAwDgYDVQQDFAdjaDVfdGExMRYwFAYJKoZIhvcNAQkBFgdjaDVf
-dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTgvq4UIrg3zsidg/Bonv6
-wwn8SZ+s457xYGaPBOyA/RtcoLE8FOB51vlJ0Wkhr8Y3e/DhKZ6lhUXs4CtbeUs5
-KAqrWjhGSE7ClbD/d1CwMiWVEcZS/yfQ5oNaPmpYEWa6hKx609u0dfpB6q2vE1sS
-tMM7RjgTXVOyWTP8dl7p1wIDAQABo4HjMIHgMB0GA1UdDgQWBBTttWkZefafsUAf
-dXKtubZ772VK6TCBmgYDVR0jBIGSMIGPgBRSgNZAUEf9glqDpCTOPtzH4W9WAKF0
+dGExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDjdCrJXW69SDffIrUzUD2
+w8olEbUw1if65KAR1qoyfcgVnddvf66A3ijDrneof/EF6Wu8Y6mmkQQ7eWuW8uCa
+F3nTBApfRgm1bz6p9DRHYhj0KPfZCc1PijPfm2mbYc5yxzXtYaBbDMFhAAqsg5pq
+PG0wlut3jCg//GKK+mCOFwIDAQABo4HjMIHgMB0GA1UdDgQWBBRpx7pynH/Dko32
+ptAgSFqOp7bngjCBmgYDVR0jBIGSMIGPgBSyocIdtyBWIIxk2roGxlrkCiNuAaF0
pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcT
Ck1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxEDAOBgNVBAMUB2NoM190YTExFjAU
BgkqhkiG9w0BCQEWB2NoM190YTGCAQQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV
-HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAE9OUO7K19HRNCYXYUwrJtVSr
-gztVnKYoMzX7uhuGTBk5NfSRTJt4HjBzWEHauVt/VLE5XUdW2Mw6S3ocMjK4m5C+
-o/YEh+pMgZUKqgkDhtvYYU9L6kCsCet7ijkHTWpUtfybclJ5mqWJAQ0Aqmyrek4b
-2GPEotx8Ud98HDatpuw=
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEA55oUa9yl+toVKvC1h++C3yyx
+i/n2paDm0obaRmlob2gmXHlzITHqtKfmWMkSzYzA0OIF8G8dVuU/SjLrAjm2bsvE
+4dUhD2MeTws9r8paeyucf1FEejlz5fK6SIUg+Ta1whRE2n2ugy602PF3GZfAx4vn
+YoGTde2T3RlLNgC6xi0=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/06.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/06.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5_ta1/emailAddress=ch5_ta1
Validity
- Not Before: Mar 21 00:49:24 2011 GMT
- Not After : Dec 15 00:49:24 2013 GMT
+ Not Before: Apr 11 22:37:40 2011 GMT
+ Not After : Jan 5 22:37:40 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch5_ta1/emailAddress=cs1_ch5_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b3:a4:c0:9b:2d:3a:3d:41:21:47:c3:96:e2:60:
- e4:dd:24:83:4a:1c:91:4e:c0:30:f7:c1:8f:7b:87:
- 58:9a:ce:09:6f:9e:85:0d:cf:a9:33:ea:aa:4e:c8:
- e6:60:1e:14:25:66:80:c9:e9:9c:1b:60:4a:dc:cb:
- 66:b0:03:38:bc:42:dc:0e:e1:da:d5:e8:25:20:75:
- e9:3f:58:20:09:91:b0:b6:da:6f:aa:26:69:50:87:
- 3b:37:eb:a7:e7:66:b1:de:ad:57:78:98:cf:17:59:
- 7e:10:b6:da:ca:58:7d:45:14:8a:f1:0f:f1:af:5b:
- 00:26:36:af:1e:0d:29:47:65
+ 00:e9:6c:6d:b5:1a:ef:fa:b5:f6:42:f6:7e:e6:f3:
+ 3f:11:2f:a7:c9:10:14:67:c9:fb:4b:c4:2f:c4:25:
+ 0d:a3:3c:66:0f:a0:1a:86:d5:19:48:e6:54:a3:a6:
+ 8d:6a:a2:89:a9:a5:ed:e7:49:ae:20:95:39:0c:19:
+ 41:87:e0:63:af:27:92:1d:55:b1:10:ea:b4:6d:5a:
+ e6:21:78:93:94:e2:06:e6:7d:c6:53:4e:d5:af:82:
+ 08:a1:82:64:c1:57:78:7e:52:18:f6:38:f0:5e:8e:
+ 09:ea:fa:fc:7d:f3:2d:87:5d:a9:8e:ef:87:7a:e5:
+ 97:ef:7b:fb:b4:96:09:6b:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- cb:cf:66:b0:f1:ff:e3:9f:6a:e8:36:19:07:ee:4a:88:72:25:
- 41:e5:27:33:e1:2d:81:e0:23:d8:16:1a:db:b7:a2:ad:30:81:
- b4:19:e6:0d:7a:30:c6:11:8e:c0:e3:89:b9:c8:67:66:17:fa:
- 28:96:74:30:7b:74:0e:1e:71:b9:fb:6a:34:24:7b:f6:69:bb:
- 36:c9:00:63:86:4b:49:16:74:6c:64:69:55:ce:bb:15:fb:fd:
- 89:78:72:d3:47:d2:12:ad:c0:43:f6:56:c2:77:9e:68:04:6c:
- 30:4a:28:06:7b:a7:74:2a:3a:8a:b8:7d:41:2b:aa:61:93:28:
- 97:75
+ 14:9a:25:22:78:e5:77:2e:7f:28:cb:57:a9:d8:22:b1:7a:f1:
+ 75:b9:79:3f:f3:7e:bc:eb:49:1e:35:0f:7a:20:f0:0a:f6:a1:
+ eb:08:a1:be:4c:c7:98:22:5b:9f:f9:a6:9a:e2:4a:85:13:2a:
+ f1:7f:da:cc:04:b1:13:d5:52:90:59:17:a8:f8:77:f8:ba:02:
+ 88:62:fb:9d:28:3f:0d:15:ad:79:3f:d0:a2:cb:a2:87:b7:e0:
+ 10:3a:a1:1b:4b:0c:79:f6:1e:b0:20:dc:0f:01:7e:c0:9c:86:
+ 91:6d:c4:06:4b:fb:3b:da:70:e0:1b:9b:f3:9d:2d:57:cb:16:
+ 26:4f
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBBjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2g1X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g1X3Rh
-MTAeFw0xMTAzMjEwMDQ5MjRaFw0xMzEyMTUwMDQ5MjRaMHgxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3NDBaFw0xNDAxMDUyMjM3NDBaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczFfY2g1X3RhMTEaMBgGCSqGSIb3DQEJARYL
-Y3MxX2NoNV90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALOkwJstOj1B
-IUfDluJg5N0kg0ockU7AMPfBj3uHWJrOCW+ehQ3PqTPqqk7I5mAeFCVmgMnpnBtg
-StzLZrADOLxC3A7h2tXoJSB16T9YIAmRsLbab6omaVCHOzfrp+dmsd6tV3iYzxdZ
-fhC22spYfUUUivEP8a9bACY2rx4NKUdlAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBAMvPZrDx/+Ofaug2GQfu
-SohyJUHlJzPhLYHgI9gWGtu3oq0wgbQZ5g16MMYRjsDjibnIZ2YX+iiWdDB7dA4e
-cbn7ajQke/ZpuzbJAGOGS0kWdGxkaVXOuxX7/Yl4ctNH0hKtwEP2VsJ3nmgEbDBK
-KAZ7p3QqOoq4fUErqmGTKJd1
+Y3MxX2NoNV90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOlsbbUa7/q1
+9kL2fubzPxEvp8kQFGfJ+0vEL8QlDaM8Zg+gGobVGUjmVKOmjWqiiaml7edJriCV
+OQwZQYfgY68nkh1VsRDqtG1a5iF4k5TiBuZ9xlNO1a+CCKGCZMFXeH5SGPY48F6O
+Cer6/H3zLYddqY7vh3rll+97+7SWCWsXAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBABSaJSJ45XcufyjLV6nY
+IrF68XW5eT/zfrzrSR41D3og8Ar2oesIob5Mx5giW5/5ppriSoUTKvF/2swEsRPV
+UpBZF6j4d/i6Aohi+50oPw0VrXk/0KLLooe34BA6oRtLDHn2HrAg3A8BfsCchpFt
+xAZL+zvacOAbm/OdLVfLFiZP
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/07.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/07.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5_ta1/emailAddress=ch5_ta1
Validity
- Not Before: Mar 21 00:49:24 2011 GMT
- Not After : Dec 15 00:49:24 2013 GMT
+ Not Before: Apr 11 22:37:40 2011 GMT
+ Not After : Jan 5 22:37:40 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs2_ch5_ta1/emailAddress=cs2_ch5_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:de:1f:a8:50:7e:6c:fc:18:0a:4a:ef:9e:9e:ef:
- 1a:1c:87:54:8c:2f:09:55:b5:9d:2b:ae:be:ee:ca:
- 30:bf:ed:97:c2:8e:4e:6a:29:e6:d0:98:1a:57:72:
- 19:6d:b3:ad:2c:d0:f0:da:c4:f2:e1:81:27:b5:6a:
- 35:4c:30:d3:d5:54:e7:b5:3b:04:04:63:b5:05:0a:
- 50:35:44:19:14:7f:a9:ff:e1:24:e4:63:ef:81:f4:
- 9e:42:4a:14:b2:b4:ef:ae:36:94:a3:ad:23:3f:67:
- 2e:69:61:28:3a:2f:1b:9f:d8:f3:e3:76:f0:6c:88:
- 95:41:33:71:51:f1:90:8f:1d
+ 00:cd:c9:ab:ee:a1:89:01:60:89:00:7c:93:1f:fe:
+ 4c:54:75:58:52:81:b0:cb:be:4c:a7:a7:23:18:86:
+ 0e:9f:e1:41:99:dd:ff:e7:f3:66:1d:41:dd:aa:9e:
+ f7:23:2d:c4:0e:24:16:e2:4d:54:8b:38:72:55:b4:
+ 11:26:f9:fc:04:fe:de:9b:83:02:01:98:36:8e:41:
+ 42:f2:0b:a7:07:00:f9:0e:66:96:a0:e4:f3:32:06:
+ 26:9d:41:fb:91:bf:7e:a8:c0:c7:62:e1:c9:ce:37:
+ de:07:b5:df:55:87:9a:a5:3b:d4:c5:b6:24:4b:2a:
+ e4:88:50:85:e9:d9:13:12:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,28 +29,28 @@
URI:http://localhost:12001/file/0/ch5_ta1_crl.pem
Signature Algorithm: sha256WithRSAEncryption
- 67:d1:ca:3f:b4:bc:18:78:03:7b:48:ce:90:a0:01:b9:44:f4:
- 2a:08:25:94:f0:62:dc:4d:62:dc:8d:36:44:db:63:87:af:21:
- 06:56:89:b8:e1:6b:31:58:e4:b3:94:57:86:ea:7c:89:0e:38:
- 69:eb:9f:75:c2:79:55:b4:fc:e8:d9:45:0c:a1:52:8e:f2:d0:
- b5:35:51:b9:e1:10:50:5a:f3:50:e7:93:76:11:a4:00:e6:38:
- 59:0d:0d:0d:2e:e8:66:30:20:0e:b0:5b:00:aa:ac:7d:14:ec:
- 60:02:c1:b9:38:28:1b:42:f9:20:c8:43:13:cc:7e:86:33:eb:
- 10:70
+ 58:ba:80:0f:56:d9:4e:90:97:38:a2:f5:b7:3d:98:ff:32:ec:
+ 63:01:79:25:5a:5b:d4:ac:bc:aa:e1:2d:c8:ea:34:32:b0:aa:
+ ce:9f:de:e7:f2:f7:35:f8:e5:71:97:27:d1:66:80:e8:22:c7:
+ bc:23:31:2b:98:60:b4:76:7b:62:38:ff:14:57:24:64:37:6b:
+ 9d:22:2a:f9:16:90:91:01:d7:f3:91:24:29:c3:c6:53:7a:0b:
+ e9:af:2b:3b:5e:77:61:83:48:e8:e2:f2:a6:44:cc:5e:90:36:
+ f2:8e:dd:59:b6:c8:21:92:17:30:87:66:c9:08:2d:b9:5b:3a:
+ f2:4e
-----BEGIN CERTIFICATE-----
MIICrjCCAhegAwIBAgIBBzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2g1X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g1X3Rh
-MTAeFw0xMTAzMjEwMDQ5MjRaFw0xMzEyMTUwMDQ5MjRaMHgxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3NDBaFw0xNDAxMDUyMjM3NDBaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczJfY2g1X3RhMTEaMBgGCSqGSIb3DQEJARYL
-Y3MyX2NoNV90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN4fqFB+bPwY
-Ckrvnp7vGhyHVIwvCVW1nSuuvu7KML/tl8KOTmop5tCYGldyGW2zrSzQ8NrE8uGB
-J7VqNUww09VU57U7BARjtQUKUDVEGRR/qf/hJORj74H0nkJKFLK07642lKOtIz9n
-LmlhKDovG5/Y8+N28GyIlUEzcVHxkI8dAgMBAAGjUDBOMAwGA1UdEwEB/wQCMAAw
+Y3MyX2NoNV90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3Jq+6hiQFg
+iQB8kx/+TFR1WFKBsMu+TKenIxiGDp/hQZnd/+fzZh1B3aqe9yMtxA4kFuJNVIs4
+clW0ESb5/AT+3puDAgGYNo5BQvILpwcA+Q5mlqDk8zIGJp1B+5G/fqjAx2Lhyc43
+3ge131WHmqU71MW2JEsq5IhQhenZExJHAgMBAAGjUDBOMAwGA1UdEwEB/wQCMAAw
PgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL2xvY2FsaG9zdDoxMjAwMS9maWxlLzAv
-Y2g1X3RhMV9jcmwucGVtMA0GCSqGSIb3DQEBCwUAA4GBAGfRyj+0vBh4A3tIzpCg
-AblE9CoIJZTwYtxNYtyNNkTbY4evIQZWibjhazFY5LOUV4bqfIkOOGnrn3XCeVW0
-/OjZRQyhUo7y0LU1UbnhEFBa81Dnk3YRpADmOFkNDQ0u6GYwIA6wWwCqrH0U7GAC
-wbk4KBtC+SDIQxPMfoYz6xBw
+Y2g1X3RhMV9jcmwucGVtMA0GCSqGSIb3DQEBCwUAA4GBAFi6gA9W2U6Qlzii9bc9
+mP8y7GMBeSVaW9SsvKrhLcjqNDKwqs6f3ufy9zX45XGXJ9FmgOgix7wjMSuYYLR2
+e2I4/xRXJGQ3a50iKvkWkJEB1/ORJCnDxlN6C+mvKzted2GDSOji8qZEzF6QNvKO
+3Vm2yCGSFzCHZskILblbOvJO
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/09.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/09.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.1_ta1/emailAddress=ch5.1_ta1
Validity
- Not Before: Mar 21 00:49:24 2011 GMT
- Not After : Dec 15 00:49:24 2013 GMT
+ Not Before: Apr 11 22:37:41 2011 GMT
+ Not After : Jan 5 22:37:41 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch5.1_ta1/emailAddress=cs1_ch5.1_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bf:ce:74:08:89:5a:78:fe:33:bc:42:8f:19:79:
- 0f:76:ce:ff:da:f1:32:62:4a:34:ee:54:3a:81:61:
- 9a:02:81:02:4b:77:c7:7c:ef:50:99:68:f4:40:4d:
- fa:41:a3:a4:86:a4:9c:6a:45:2b:99:15:ba:d8:d5:
- 97:f5:30:25:c0:f3:7c:a1:eb:50:58:8e:23:04:b0:
- 72:ea:bb:21:fc:6c:37:37:ab:85:c3:36:8c:42:dc:
- 83:12:6a:a1:b1:3e:8b:f9:b6:4c:43:8e:38:15:c1:
- 40:22:f8:7d:59:c0:9c:f6:75:85:0d:ed:43:4c:d8:
- 7f:84:c8:dd:a4:7d:66:c4:63
+ 00:9d:74:cf:25:35:26:cd:52:2e:9a:fc:8d:0b:4f:
+ 85:33:83:61:7a:f1:f1:c1:55:3d:dc:2e:20:77:8e:
+ 20:de:eb:e4:37:b6:6a:a4:c8:94:09:6c:f8:36:bd:
+ 78:a6:3f:2c:64:c3:23:d3:c7:fa:1c:36:a3:24:51:
+ c0:ac:2d:20:6f:15:bf:aa:d8:94:5f:5f:8e:0a:c5:
+ e0:aa:24:02:a5:f9:e4:cc:97:7f:74:b1:f1:a1:ab:
+ 30:6c:70:74:a4:5a:bd:5e:d7:69:64:6a:42:8d:c5:
+ d0:b9:21:66:5a:9b:37:25:fa:34:cc:08:21:45:cb:
+ 23:10:eb:66:66:d2:9b:bc:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 35:e5:fc:ad:b3:07:3c:23:cc:b9:a1:82:8c:2e:97:3a:65:e1:
- 25:03:16:50:e7:a3:69:cb:bf:e3:5e:be:59:60:ba:96:af:44:
- 01:18:de:2e:c7:5f:cf:19:ca:59:fc:01:f5:86:e0:5e:e9:c6:
- 70:9e:4c:e7:e1:ad:41:1b:be:11:a8:bb:cd:28:67:a8:7d:81:
- ec:55:25:5e:c6:c7:c3:f2:42:3e:07:e8:68:ca:5c:41:dd:34:
- b4:de:b2:f4:cb:dd:b3:e9:76:07:4c:d3:87:b1:4f:56:39:40:
- 77:03:42:ae:80:be:d3:ae:cb:75:80:09:82:87:7c:3b:2a:e0:
- bd:04
+ 3d:79:e6:0f:d3:33:eb:e7:fb:d4:39:f7:41:1e:f2:47:56:01:
+ d3:8b:bd:0d:0c:d5:ae:f1:85:6d:34:74:78:b3:27:20:88:4d:
+ bd:3a:b1:ac:d2:5c:f6:f3:87:f9:af:76:3a:93:60:a4:f5:97:
+ 4c:c3:a6:aa:2a:f1:22:61:ea:2d:e4:97:f4:57:f7:30:84:85:
+ 81:a1:aa:12:5a:37:82:96:11:d0:53:40:6c:5e:28:9f:42:1c:
+ 3c:89:ae:d5:88:5d:cc:3e:4d:5c:ab:94:03:de:95:4a:b1:f2:
+ 6b:cd:c1:cd:08:fa:87:88:80:e4:97:0f:36:55:3b:5d:60:a6:
+ 1e:e3
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBCTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2g1LjFfdGExMRgwFgYJKoZIhvcNAQkBFgljaDUu
-MV90YTEwHhcNMTEwMzIxMDA0OTI0WhcNMTMxMjE1MDA0OTI0WjB8MQswCQYDVQQG
+MV90YTEwHhcNMTEwNDExMjIzNzQxWhcNMTQwMTA1MjIzNzQxWjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoNS4xX3RhMTEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoNS4xX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-v850CIlaeP4zvEKPGXkPds7/2vEyYko07lQ6gWGaAoECS3fHfO9QmWj0QE36QaOk
-hqScakUrmRW62NWX9TAlwPN8oetQWI4jBLBy6rsh/Gw3N6uFwzaMQtyDEmqhsT6L
-+bZMQ444FcFAIvh9WcCc9nWFDe1DTNh/hMjdpH1mxGMCAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEANeX8rbMH
-PCPMuaGCjC6XOmXhJQMWUOejacu/416+WWC6lq9EARjeLsdfzxnKWfwB9YbgXunG
-cJ5M5+GtQRu+Eai7zShnqH2B7FUlXsbHw/JCPgfoaMpcQd00tN6y9Mvds+l2B0zT
-h7FPVjlAdwNCroC+067LdYAJgod8OyrgvQQ=
+nXTPJTUmzVIumvyNC0+FM4NhevHxwVU93C4gd44g3uvkN7ZqpMiUCWz4Nr14pj8s
+ZMMj08f6HDajJFHArC0gbxW/qtiUX1+OCsXgqiQCpfnkzJd/dLHxoaswbHB0pFq9
+XtdpZGpCjcXQuSFmWps3Jfo0zAghRcsjEOtmZtKbvBkCAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAPXnmD9Mz
+6+f71Dn3QR7yR1YB04u9DQzVrvGFbTR0eLMnIIhNvTqxrNJc9vOH+a92OpNgpPWX
+TMOmqirxImHqLeSX9Ff3MISFgaGqElo3gpYR0FNAbF4on0IcPImu1YhdzD5NXKuU
+A96VSrHya83BzQj6h4iA5JcPNlU7XWCmHuM=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/0B.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/0B.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.2_ta1/emailAddress=ch5.2_ta1
Validity
- Not Before: Mar 21 00:49:25 2011 GMT
- Not After : Dec 15 00:49:25 2013 GMT
+ Not Before: Apr 11 22:37:42 2011 GMT
+ Not After : Jan 5 22:37:42 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch5.2_ta1/emailAddress=cs1_ch5.2_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b9:44:f7:70:52:8f:e0:c5:7b:7e:68:01:46:0b:
- e1:54:1a:91:82:96:5d:d9:60:a7:a6:c2:2d:cf:f6:
- b1:e6:bc:fe:b5:02:49:20:5e:b7:2e:88:07:05:4e:
- 88:9e:96:f5:51:22:b1:72:23:88:21:7d:70:d4:51:
- c1:38:26:87:3c:d2:59:b4:0a:b4:0c:99:fb:eb:89:
- a8:15:fa:ff:2a:40:52:e2:b3:d1:79:61:4b:a5:f3:
- 8a:0a:18:4b:76:26:9d:68:c7:83:03:88:77:38:ab:
- d6:2d:95:17:20:43:cc:6b:c5:d2:1d:85:b7:c0:b4:
- b7:8c:f7:cc:3e:cc:79:8d:3d
+ 00:c8:74:f3:2f:47:e9:02:0e:f4:93:b9:c2:65:ae:
+ 74:a2:90:3e:2c:36:bd:86:b1:44:f9:ac:ce:ac:0d:
+ 8f:c6:fa:b4:94:62:39:25:63:12:77:4e:4b:26:ca:
+ 7b:ad:7e:e2:1c:9a:18:6d:10:cf:6d:82:b6:00:db:
+ 57:d6:ca:56:bb:af:bd:72:76:19:5f:18:f3:ce:55:
+ 3e:c9:9f:a0:a5:65:6d:01:d4:0b:fe:a0:8e:ba:d2:
+ 2d:19:5f:72:93:ab:50:a7:91:ba:3d:e6:d7:5f:07:
+ 4a:61:c2:3a:7b:22:77:9e:93:73:16:b9:b8:e4:d6:
+ a4:9f:95:1d:f3:54:69:19:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 15:39:6a:5e:1b:b7:b0:9d:56:ed:4e:0f:28:5e:ba:84:d0:14:
- 92:4b:51:1f:3f:a7:2b:dc:ac:3d:6a:d6:79:7d:16:e6:db:04:
- a2:4b:03:c9:d0:d0:4d:09:60:c8:92:ae:cf:ec:39:0e:fb:a2:
- 17:bf:0d:1b:ff:99:b6:c8:2a:cb:f9:25:bc:b1:8e:94:2b:dc:
- e1:47:43:a0:21:9c:b3:f3:62:d0:ae:49:e0:aa:a9:a8:23:c5:
- 7f:60:9a:ce:cc:4b:48:6a:98:2a:58:68:df:89:88:fe:d3:17:
- 50:82:3b:33:45:4a:08:56:2e:e4:5e:4f:3b:6f:c5:e1:c0:53:
- 28:a8
+ 13:49:e0:c1:04:5e:6e:af:74:a7:15:5c:2d:b4:0d:26:fb:00:
+ ca:f3:ed:0a:87:fb:5f:1a:c9:d4:48:fd:30:96:eb:c2:f4:34:
+ af:09:ef:71:ad:1d:d0:dd:5d:53:12:cd:63:7f:09:2a:10:f7:
+ 12:7d:61:78:29:5b:80:c3:c7:5f:e7:16:af:c4:11:72:1e:45:
+ 82:0b:67:3b:76:8e:33:f0:d1:3a:b6:ca:5a:e9:8f:33:c9:79:
+ b6:7e:ac:b6:ef:c3:36:f8:a0:ae:88:0c:7e:ed:74:f9:44:b2:
+ 1b:e3:de:36:d4:9e:dd:5b:99:86:b3:7e:13:19:31:6d:6d:ff:
+ bf:f7
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBCzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2g1LjJfdGExMRgwFgYJKoZIhvcNAQkBFgljaDUu
-Ml90YTEwHhcNMTEwMzIxMDA0OTI1WhcNMTMxMjE1MDA0OTI1WjB8MQswCQYDVQQG
+Ml90YTEwHhcNMTEwNDExMjIzNzQyWhcNMTQwMTA1MjIzNzQyWjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoNS4yX3RhMTEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoNS4yX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-uUT3cFKP4MV7fmgBRgvhVBqRgpZd2WCnpsItz/ax5rz+tQJJIF63LogHBU6Inpb1
-USKxciOIIX1w1FHBOCaHPNJZtAq0DJn764moFfr/KkBS4rPReWFLpfOKChhLdiad
-aMeDA4h3OKvWLZUXIEPMa8XSHYW3wLS3jPfMPsx5jT0CAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAFTlqXhu3
-sJ1W7U4PKF66hNAUkktRHz+nK9ysPWrWeX0W5tsEoksDydDQTQlgyJKuz+w5Dvui
-F78NG/+Ztsgqy/klvLGOlCvc4UdDoCGcs/Ni0K5J4KqpqCPFf2CazsxLSGqYKlho
-34mI/tMXUII7M0VKCFYu5F5PO2/F4cBTKKg=
+yHTzL0fpAg70k7nCZa50opA+LDa9hrFE+azOrA2Pxvq0lGI5JWMSd05LJsp7rX7i
+HJoYbRDPbYK2ANtX1spWu6+9cnYZXxjzzlU+yZ+gpWVtAdQL/qCOutItGV9yk6tQ
+p5G6PebXXwdKYcI6eyJ3npNzFrm45Nakn5Ud81RpGT8CAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAE0ngwQRe
+bq90pxVcLbQNJvsAyvPtCof7XxrJ1Ej9MJbrwvQ0rwnvca0d0N1dUxLNY38JKhD3
+En1heClbgMPHX+cWr8QRch5FggtnO3aOM/DROrbKWumPM8l5tn6stu/DNvigrogM
+fu10+USyG+PeNtSe3VuZhrN+ExkxbW3/v/c=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/0E.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/0E.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.3_ta1/emailAddress=ch5.3_ta1
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:42 2011 GMT
+ Not After : Jan 5 22:37:42 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch5.3_ta1/emailAddress=cs1_ch5.3_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ba:d5:66:e3:d0:cd:3b:08:d4:e6:6a:9e:7f:22:
- 39:47:94:a9:77:5a:dd:26:6a:35:fc:d5:e0:1b:41:
- cf:0d:ff:6f:66:09:96:8b:32:36:ea:68:69:82:5a:
- c9:6f:20:ea:ff:1c:83:29:11:d8:f2:99:f8:5c:d4:
- 85:32:bb:c6:69:ca:dc:f7:d7:89:d4:72:2c:89:8a:
- 36:22:71:48:bc:fa:e0:f9:03:3c:14:7c:c2:48:92:
- 10:9f:21:db:2a:3b:01:f2:6f:96:18:61:b4:45:56:
- 27:81:aa:42:fd:d8:92:84:4e:fd:5d:65:ad:67:67:
- 4d:06:48:10:88:bb:77:af:23
+ 00:b5:76:e5:90:97:10:d5:aa:02:02:eb:87:f5:96:
+ 3a:94:31:a6:d9:1b:99:36:6b:62:13:36:cd:75:bf:
+ 5d:b9:19:02:15:79:e8:0c:95:12:80:a8:97:85:60:
+ 30:6f:4a:3d:cb:b4:bc:d8:a6:4d:a0:42:64:28:d3:
+ 07:2e:0a:f3:35:c3:35:10:08:f9:1e:e9:07:63:4b:
+ 7d:36:cc:65:7e:be:65:cb:a2:ad:8b:4a:1c:ec:9e:
+ f6:f5:14:e7:93:42:5c:0b:a3:7e:73:ae:18:42:32:
+ 32:a0:45:96:2d:d5:d7:5c:75:f2:e3:48:23:34:20:
+ 88:4f:7e:1a:21:8c:45:30:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 7e:14:ca:ef:10:0b:0d:a4:e4:7d:ba:39:5b:7c:63:b7:9a:d2:
- b7:cb:25:87:b3:fe:9f:34:55:d2:45:a6:b3:68:27:6d:a7:14:
- 5c:68:43:0b:81:aa:0b:21:6d:1f:ad:ec:72:de:4b:99:b5:a4:
- f0:24:15:73:f1:eb:dd:6f:41:2f:3c:4b:06:44:eb:ec:f0:9d:
- 29:79:ce:d2:ea:e2:55:1b:9f:cf:7c:ca:98:35:6f:98:ec:70:
- de:f1:04:fa:f1:89:ee:bf:af:a4:f8:35:92:b7:f9:27:a7:5e:
- 76:cc:c0:79:ad:6b:46:d7:d1:a7:60:35:32:9f:26:b3:b2:e7:
- 21:a5
+ 76:78:0e:96:48:35:42:08:26:68:65:9d:49:c6:3b:b7:f2:c7:
+ 3b:41:e1:94:2b:30:ec:65:1d:90:bd:3e:6a:ec:66:f1:3d:e6:
+ 76:b7:e7:a3:c7:96:b0:61:39:0b:e1:4e:15:cd:f7:95:48:c7:
+ ee:21:ce:81:5e:04:85:5b:2e:66:9f:2a:c1:6e:6f:4d:e3:c8:
+ 32:1f:35:53:7d:4f:ff:0f:0f:07:25:6a:f9:da:74:0c:8d:cf:
+ 86:3b:c1:30:bc:dd:a4:80:37:78:a3:03:1e:58:29:16:1b:d5:
+ b0:12:4e:8f:f4:da:c4:46:f4:28:4e:36:ac:d7:8a:95:c3:18:
+ e8:2e
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBDjANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2g1LjNfdGExMRgwFgYJKoZIhvcNAQkBFgljaDUu
-M190YTEwHhcNMTEwMzIxMDA0OTI2WhcNMTMxMjE1MDA0OTI2WjB8MQswCQYDVQQG
+M190YTEwHhcNMTEwNDExMjIzNzQyWhcNMTQwMTA1MjIzNzQyWjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoNS4zX3RhMTEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoNS4zX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-utVm49DNOwjU5mqefyI5R5Spd1rdJmo1/NXgG0HPDf9vZgmWizI26mhpglrJbyDq
-/xyDKRHY8pn4XNSFMrvGacrc99eJ1HIsiYo2InFIvPrg+QM8FHzCSJIQnyHbKjsB
-8m+WGGG0RVYngapC/diShE79XWWtZ2dNBkgQiLt3ryMCAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAfhTK7xAL
-DaTkfbo5W3xjt5rSt8slh7P+nzRV0kWms2gnbacUXGhDC4GqCyFtH63sct5LmbWk
-8CQVc/Hr3W9BLzxLBkTr7PCdKXnO0uriVRufz3zKmDVvmOxw3vEE+vGJ7r+vpPg1
-krf5J6dedszAea1rRtfRp2A1Mp8ms7LnIaU=
+tXblkJcQ1aoCAuuH9ZY6lDGm2RuZNmtiEzbNdb9duRkCFXnoDJUSgKiXhWAwb0o9
+y7S82KZNoEJkKNMHLgrzNcM1EAj5HukHY0t9Nsxlfr5ly6Kti0oc7J729RTnk0Jc
+C6N+c64YQjIyoEWWLdXXXHXy40gjNCCIT34aIYxFMA0CAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAdngOlkg1
+QggmaGWdScY7t/LHO0HhlCsw7GUdkL0+auxm8T3mdrfno8eWsGE5C+FOFc33lUjH
+7iHOgV4EhVsuZp8qwW5vTePIMh81U31P/w8PByVq+dp0DI3PhjvBMLzdpIA3eKMD
+HlgpFhvVsBJOj/TaxEb0KE42rNeKlcMY6C4=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/0F.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/0F.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta2/emailAddress=ta2
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:43 2011 GMT
+ Not After : Jan 5 22:37:43 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ta2/emailAddress=cs1_ta2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d1:4a:70:39:c8:22:72:ed:59:a6:45:f9:9a:cb:
- 75:6d:95:17:d1:d5:fc:4c:98:77:5b:2b:18:94:98:
- 0c:94:72:d5:52:76:65:ed:c7:84:a9:5d:37:fb:1b:
- 54:f3:0a:e5:1f:fe:7f:9b:b2:30:7a:1a:4b:c1:9c:
- 46:84:0d:9b:f9:59:c1:83:ce:9d:95:ec:f2:34:8f:
- 2b:a7:07:fb:3c:58:64:4f:89:0d:ac:e3:92:03:dd:
- 50:05:15:65:77:7f:ba:06:dc:f9:7b:e9:11:9a:16:
- 55:a1:ce:6e:c7:d9:f5:ca:54:f3:da:40:08:dd:45:
- f5:27:09:95:7e:51:ba:f7:bb
+ 00:e7:3a:08:5d:d7:3d:c8:50:43:ad:92:87:40:58:
+ 59:5c:fa:34:ba:c9:bd:5b:d7:9f:17:b8:4f:d2:15:
+ fd:86:d9:f0:3a:07:48:14:f3:c0:a4:9e:e3:ee:00:
+ 45:ba:aa:de:3a:5c:53:d6:0d:dd:46:88:d3:b6:13:
+ aa:ee:f8:c0:3e:fa:eb:0a:6d:4a:0d:f7:39:21:ff:
+ 5d:dc:d7:13:5b:2a:e9:e4:c0:1e:31:2b:5b:00:ce:
+ b0:55:44:72:97:66:06:ab:41:71:05:4a:83:6b:3b:
+ cf:a7:ce:5d:61:43:3b:bb:60:19:c4:33:ac:23:72:
+ 66:9d:e9:72:be:bd:6c:ad:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 5d:98:9c:96:be:80:58:ef:e7:53:c2:79:29:8c:e1:40:18:63:
- 22:09:e6:ee:c2:a1:22:f9:50:ce:f2:9d:72:21:1d:0d:f9:2a:
- 2d:a8:eb:9f:03:5d:df:45:88:a8:52:e2:b9:0c:b0:27:7f:42:
- 8a:1c:45:a1:3b:24:ab:38:b4:e5:b2:ab:7c:d1:57:80:9e:be:
- 18:3a:ff:49:57:b0:61:cc:cc:63:98:e8:7b:79:de:2b:db:39:
- 44:df:8a:0d:ad:9c:ce:6e:b6:1f:3c:fa:ad:f7:ac:02:eb:08:
- 59:34:e9:74:bd:2d:bb:5d:8d:80:5d:bb:3b:18:3d:d6:3b:d2:
- 9d:47
+ 49:7b:52:fd:1f:be:ee:30:38:0d:93:6b:07:01:95:14:35:6e:
+ 5b:dd:74:9e:a0:a7:1a:bd:a8:cd:35:a9:7f:21:af:d7:a2:0c:
+ 69:f9:d4:d0:eb:45:93:e2:48:fd:86:b4:70:fb:b5:dd:e5:48:
+ 5f:93:d4:41:7a:cb:a5:73:02:d8:d9:e8:5f:9c:f8:4f:ad:50:
+ fb:88:24:b3:f5:e0:cf:d9:3e:bf:3f:5b:0c:db:a0:20:51:5d:
+ ea:13:0b:5b:44:6d:af:0f:6a:72:b6:25:8c:9f:bd:d0:a9:0e:
+ 38:60:39:53:7e:9d:6e:ac:65:21:9a:32:f4:57:65:39:dc:f7:
+ 36:9a
-----BEGIN CERTIFICATE-----
MIICbjCCAdegAwIBAgIBDzANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGEyMRIwEAYJKoZIhvcNAQkBFgN0YTIwHhcNMTEw
-MzIxMDA0OTI2WhcNMTMxMjE1MDA0OTI2WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzQzWhcNMTQwMTA1MjIzNzQzWjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTEQMA4GA1UEAxQHY3MxX3RhMjEWMBQGCSqGSIb3DQEJARYHY3MxX3RhMjCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0UpwOcgicu1ZpkX5mst1bZUX0dX8TJh3
-WysYlJgMlHLVUnZl7ceEqV03+xtU8wrlH/5/m7IwehpLwZxGhA2b+VnBg86dlezy
-NI8rpwf7PFhkT4kNrOOSA91QBRVld3+6Btz5e+kRmhZVoc5ux9n1ylTz2kAI3UX1
-JwmVflG697sCAwEAAaMgMB4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4Aw
-DQYJKoZIhvcNAQELBQADgYEAXZiclr6AWO/nU8J5KYzhQBhjIgnm7sKhIvlQzvKd
-ciEdDfkqLajrnwNd30WIqFLiuQywJ39CihxFoTskqzi05bKrfNFXgJ6+GDr/SVew
-YczMY5joe3neK9s5RN+KDa2czm62Hzz6rfesAusIWTTpdL0tu12NgF27Oxg91jvS
-nUc=
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5zoIXdc9yFBDrZKHQFhZXPo0usm9W9ef
+F7hP0hX9htnwOgdIFPPApJ7j7gBFuqreOlxT1g3dRojTthOq7vjAPvrrCm1KDfc5
+If9d3NcTWyrp5MAeMStbAM6wVURyl2YGq0FxBUqDazvPp85dYUM7u2AZxDOsI3Jm
+nelyvr1srSsCAwEAAaMgMB4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4Aw
+DQYJKoZIhvcNAQELBQADgYEASXtS/R++7jA4DZNrBwGVFDVuW910nqCnGr2ozTWp
+fyGv16IMafnU0OtFk+JI/Ya0cPu13eVIX5PUQXrLpXMC2NnoX5z4T61Q+4gks/Xg
+z9k+vz9bDNugIFFd6hMLW0Rtrw9qcrYljJ+90KkOOGA5U36dbqxlIZoy9FdlOdz3
+Npo=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/11.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/11.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:28 2011 GMT
- Not After : Dec 15 00:49:28 2013 GMT
+ Not Before: Apr 11 22:37:44 2011 GMT
+ Not After : Jan 5 22:37:44 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1_ta3/emailAddress=cs1_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:c0:f4:07:51:f9:0b:0f:11:0a:28:50:d3:7a:43:
- 1f:24:71:ac:79:35:17:3c:44:b2:f9:67:b6:b3:ee:
- 73:27:f6:7d:7b:e9:21:66:33:73:54:5e:98:f9:72:
- 87:cf:e4:6f:4e:d8:65:76:74:65:41:2d:4c:99:d6:
- 69:82:c9:ca:35:c3:d7:5e:6a:ec:c5:cd:a6:e0:3e:
- da:00:b6:ae:e6:a6:0f:f1:2d:1a:bd:92:1a:d8:14:
- ae:92:90:fb:e9:16:e2:38:85:20:df:dd:8a:11:af:
- c2:3b:37:9b:ce:99:4e:89:ff:32:c7:53:e1:e0:ad:
- ed:a6:12:96:9d:97:40:96:b5
+ 00:cc:26:a7:16:78:9a:fb:e2:da:da:e3:c4:ef:7e:
+ cb:5c:21:1c:aa:c1:53:35:df:cc:dc:f5:e2:98:0b:
+ e6:8e:05:f4:e5:97:28:98:54:95:15:11:c9:1e:97:
+ ed:ee:f4:49:4e:2f:0a:a2:16:83:0d:f5:49:65:78:
+ 6d:ba:a2:19:1b:74:27:64:1a:22:0b:85:47:d0:e1:
+ 85:25:1e:5c:fd:00:7a:37:9e:7e:83:43:cf:17:4e:
+ 2f:ea:7d:c9:5a:b8:70:7a:82:2c:74:0f:77:47:10:
+ 1a:a4:51:16:08:9e:71:b5:7c:54:53:60:92:a8:0c:
+ 1c:b3:b1:0f:ab:c3:0e:46:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 29:26:20:2c:c3:ae:e3:84:28:2a:15:af:48:cc:a4:87:d2:8b:
- 7e:dd:76:80:11:f8:4c:e3:97:0c:34:42:96:78:9f:44:97:b6:
- 61:3f:66:be:24:60:b4:40:0d:8d:56:3b:ec:d3:31:8d:ae:ac:
- 1a:cb:cf:e5:68:67:21:87:1a:9b:b1:06:18:c4:d8:9b:d0:1a:
- 4f:ed:8f:8e:5a:d5:4d:24:ea:d0:55:5b:2f:2c:d7:e8:8d:ff:
- 99:5b:c1:32:55:f2:f4:d3:72:0b:b5:80:0c:8d:ce:8d:83:29:
- 6f:2e:e1:e0:d7:99:fe:37:b5:3a:14:71:3e:ec:0c:ec:31:7d:
- 2c:f0
+ 39:fc:dd:ed:5b:f5:75:d9:01:ed:86:33:11:21:27:c9:ad:78:
+ d3:e7:48:8a:3e:11:71:71:0f:d5:10:5b:5a:f0:16:a2:ac:70:
+ e9:3c:db:b9:30:c0:0d:2e:b4:8a:97:c3:50:d7:00:53:d3:4f:
+ b7:24:ff:38:64:e0:ff:87:01:18:6f:7c:bd:3c:2a:bc:fe:9b:
+ 0a:d8:66:ce:9e:4e:fa:4c:5c:b5:62:ae:dc:1b:c4:ef:84:da:
+ 45:3f:c2:a9:6d:74:a5:f0:44:7e:14:70:a4:4d:e3:dc:92:bb:
+ 49:de:68:35:bb:59:a0:24:ba:d6:89:44:28:6b:b8:69:ca:64:
+ 7f:f4
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBETANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjhaFw0xMzEyMTUwMDQ5MjhaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDRaFw0xNDAxMDUyMjM3NDRaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczFfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3MxX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMD0B1H5Cw8R
-CihQ03pDHyRxrHk1FzxEsvlntrPucyf2fXvpIWYzc1RemPlyh8/kb07YZXZ0ZUEt
-TJnWaYLJyjXD115q7MXNpuA+2gC2ruamD/EtGr2SGtgUrpKQ++kW4jiFIN/dihGv
-wjs3m86ZTon/MsdT4eCt7aYSlp2XQJa1AgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBACkmICzDruOEKCoVr0jM
-pIfSi37ddoAR+Ezjlww0QpZ4n0SXtmE/Zr4kYLRADY1WO+zTMY2urBrLz+VoZyGH
-GpuxBhjE2JvQGk/tj45a1U0k6tBVWy8s1+iN/5lbwTJV8vTTcgu1gAyNzo2DKW8u
-4eDXmf43tToUcT7sDOwxfSzw
+Y3MxX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMwmpxZ4mvvi
+2trjxO9+y1whHKrBUzXfzNz14pgL5o4F9OWXKJhUlRURyR6X7e70SU4vCqIWgw31
+SWV4bbqiGRt0J2QaIguFR9DhhSUeXP0AejeefoNDzxdOL+p9yVq4cHqCLHQPd0cQ
+GqRRFgiecbV8VFNgkqgMHLOxD6vDDkbFAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBADn83e1b9XXZAe2GMxEh
+J8mteNPnSIo+EXFxD9UQW1rwFqKscOk827kwwA0utIqXw1DXAFPTT7ck/zhk4P+H
+ARhvfL08Krz+mwrYZs6eTvpMXLVirtwbxO+E2kU/wqltdKXwRH4UcKRN49ySu0ne
+aDW7WaAkutaJRChruGnKZH/0
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/12.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/12.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:28 2011 GMT
- Not After : Dec 15 00:49:28 2013 GMT
+ Not Before: Apr 11 22:37:44 2011 GMT
+ Not After : Jan 5 22:37:44 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs2_ch1_ta3/emailAddress=cs2_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d4:90:83:34:09:3e:04:2e:62:40:f3:44:99:9a:
- 7b:07:be:79:f3:c6:f6:28:0a:51:df:da:aa:fe:b8:
- d1:9b:1c:b5:73:6a:31:ba:d2:9f:22:44:b7:3b:d8:
- f6:80:96:c0:4c:e4:6f:48:90:69:81:6c:84:94:68:
- 33:74:62:9a:04:b0:1e:93:2c:4d:88:cd:9a:72:ce:
- e9:53:3d:15:3e:73:2c:c9:f0:ed:87:a5:eb:cf:66:
- 3c:40:3c:a0:76:ac:c8:69:20:b8:f5:a8:fd:17:7a:
- 3c:eb:62:c9:a2:cc:56:6b:d8:b7:0c:ff:ed:f9:b1:
- 13:af:c0:69:aa:8d:0f:50:f1
+ 00:c5:b6:f8:33:c7:cd:e9:6d:d9:aa:77:60:23:86:
+ 71:56:dc:22:a3:cf:36:d7:b3:59:f7:5d:ae:82:ed:
+ 3f:17:12:62:09:3e:3e:ec:fa:a6:92:df:05:ce:9a:
+ a2:6d:93:b9:7e:16:f9:c5:b3:83:1d:9a:96:6a:1b:
+ 35:df:f6:b8:82:55:45:5b:43:0a:71:66:4f:bc:df:
+ 00:13:25:22:df:79:76:b6:98:42:25:b2:a1:5c:47:
+ 72:7b:96:9f:65:3f:37:02:97:29:16:9c:75:22:7b:
+ 5d:31:53:80:0a:eb:cc:73:13:da:8e:61:f5:ca:f7:
+ af:fc:53:cd:b9:11:95:3c:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,27 +29,27 @@
<EMPTY>
Signature Algorithm: sha256WithRSAEncryption
- 94:86:69:18:74:54:9a:9e:e3:69:24:c4:78:73:6c:e9:e5:b3:
- 0f:22:4d:54:06:28:c3:bb:d5:ef:18:1c:ce:a1:d0:22:27:c8:
- e3:79:29:7d:c4:32:73:a2:d4:03:f8:1d:ce:cc:08:87:e2:26:
- b8:39:02:c0:e2:53:39:37:ad:76:d6:3c:54:87:71:ce:8e:df:
- 01:2a:1d:96:6b:42:d5:0a:b6:0f:c7:9d:11:91:56:27:bf:2a:
- 4e:14:72:22:21:96:be:7e:42:a1:59:27:3c:30:8d:bb:a9:4b:
- 2b:75:d8:75:31:c4:e8:5b:cd:bc:2c:51:d4:62:72:45:29:e1:
- c5:08
+ 2e:40:56:59:03:e3:5b:62:73:0c:57:dc:12:d8:4b:97:00:8b:
+ 66:c8:a6:10:29:78:3b:7a:52:fb:f9:63:94:44:b2:1b:eb:3f:
+ 13:e9:40:9b:24:01:38:f6:b2:f7:99:1e:d9:17:57:e3:df:ff:
+ 01:8b:00:02:7e:a0:f5:e5:3a:f0:72:4c:72:6f:76:07:26:ac:
+ 97:6d:c2:12:e1:64:99:29:ff:25:fd:21:c7:43:41:87:c5:bb:
+ ce:06:c4:b1:f9:64:ad:e8:d8:90:ac:89:26:8a:1e:a3:d4:45:
+ 2d:8a:27:a4:88:8c:f3:97:5f:f7:82:d7:c4:76:98:f5:20:af:
+ 5e:23
-----BEGIN CERTIFICATE-----
MIICfDCCAeWgAwIBAgIBEjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjhaFw0xMzEyMTUwMDQ5MjhaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDRaFw0xNDAxMDUyMjM3NDRaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczJfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3MyX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANSQgzQJPgQu
-YkDzRJmaewe+efPG9igKUd/aqv640ZsctXNqMbrSnyJEtzvY9oCWwEzkb0iQaYFs
-hJRoM3RimgSwHpMsTYjNmnLO6VM9FT5zLMnw7Yel689mPEA8oHasyGkguPWo/Rd6
-POtiyaLMVmvYtwz/7fmxE6/AaaqND1DxAgMBAAGjHjAcMAwGA1UdEwEB/wQCMAAw
-DAYDVR0SAQH/BAIwADANBgkqhkiG9w0BAQsFAAOBgQCUhmkYdFSanuNpJMR4c2zp
-5bMPIk1UBijDu9XvGBzOodAiJ8jjeSl9xDJzotQD+B3OzAiH4ia4OQLA4lM5N612
-1jxUh3HOjt8BKh2Wa0LVCrYPx50RkVYnvypOFHIiIZa+fkKhWSc8MI27qUsrddh1
-McToW828LFHUYnJFKeHFCA==
+Y3MyX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMW2+DPHzelt
+2ap3YCOGcVbcIqPPNtezWfddroLtPxcSYgk+Puz6ppLfBc6aom2TuX4W+cWzgx2a
+lmobNd/2uIJVRVtDCnFmT7zfABMlIt95draYQiWyoVxHcnuWn2U/NwKXKRacdSJ7
+XTFTgArrzHMT2o5h9cr3r/xTzbkRlTw/AgMBAAGjHjAcMAwGA1UdEwEB/wQCMAAw
+DAYDVR0SAQH/BAIwADANBgkqhkiG9w0BAQsFAAOBgQAuQFZZA+NbYnMMV9wS2EuX
+AItmyKYQKXg7elL7+WOURLIb6z8T6UCbJAE49rL3mR7ZF1fj3/8BiwACfqD15Trw
+ckxyb3YHJqyXbcIS4WSZKf8l/SHHQ0GHxbvOBsSx+WSt6NiQrIkmih6j1EUtiiek
+iIzzl1/3gtfEdpj1IK9eIw==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/13.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/13.pem Wed Apr 27 20:30:32 2011 -0700
@@ -12,15 +12,15 @@
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bb:c7:fd:cb:1f:d5:2b:00:7f:dc:00:fe:45:5c:
- 7d:27:a3:8b:18:da:3f:d2:36:0c:57:2b:c4:48:be:
- 97:01:f1:71:ce:b9:80:e6:0f:d2:3b:36:2d:25:57:
- 41:1e:e7:7b:2e:5c:d2:ac:17:fc:ae:45:11:7f:bc:
- d0:32:a0:e3:09:01:29:27:7a:dd:d2:fc:13:9a:ea:
- d8:d1:6c:be:73:b3:05:a8:fc:39:05:f7:cd:b0:f9:
- f2:b8:a4:5c:f9:c3:23:2b:05:4e:fe:da:22:42:80:
- 70:36:66:b9:f4:6a:00:ae:eb:90:60:ee:e8:fc:40:
- 6f:3c:38:b5:41:5b:bd:3a:ed
+ 00:b7:60:7b:08:47:0a:05:c1:6c:80:9a:84:e2:de:
+ c6:11:65:df:a6:c7:30:bb:37:e9:ae:9e:37:9d:f9:
+ f3:3a:18:38:ee:be:e0:fb:6b:84:fb:93:2c:5b:1e:
+ 9f:7a:78:da:26:28:c7:fb:6e:9f:2e:8f:f9:5a:1c:
+ e8:0b:e0:f1:5c:45:f6:a0:0e:58:01:4e:86:20:bd:
+ ff:7d:0c:41:4b:b2:50:5c:78:89:3c:4a:83:cf:59:
+ 9f:e4:17:27:de:ea:aa:ff:c8:19:f5:b7:c3:67:bd:
+ 5e:78:79:8e:46:33:1a:ef:36:40:f8:f2:7e:bc:ca:
+ 54:85:57:56:e5:e7:b8:52:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,14 +28,14 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 0f:9a:2f:85:f1:58:fd:7f:5b:bf:af:dd:ea:c2:fb:6e:8f:ca:
- 8f:0b:26:91:01:66:20:df:5c:39:e8:97:c3:7c:fa:c4:8f:13:
- d6:06:7e:6e:51:49:2b:8a:e7:03:b5:6d:68:2a:18:88:a6:05:
- 07:c2:9c:28:5b:43:60:32:4e:3e:7d:a0:6e:3f:43:b4:c9:a9:
- 77:7e:bb:01:68:04:96:18:9e:48:c5:0c:d1:f4:3d:3b:69:ed:
- 57:29:3d:aa:d1:64:5f:f0:07:a7:74:72:11:d8:0b:62:69:c4:
- 7d:ca:0c:5d:07:0d:b0:06:62:bc:53:32:e9:5f:a5:5b:28:11:
- bc:bc
+ 27:40:ae:0c:a2:ad:5d:28:30:53:fe:e4:35:31:02:e4:1a:ef:
+ 6d:ec:95:1e:3e:a0:15:15:32:e8:88:46:68:45:a7:60:9f:93:
+ 79:ab:ef:78:f6:2c:23:ef:a1:f4:71:b3:9a:f1:c6:4d:ac:34:
+ a1:24:d8:4e:38:36:3c:bb:90:30:9b:e4:b3:8e:55:e0:06:c4:
+ 5a:c4:f1:23:90:fd:b3:ef:40:dd:4d:4c:2b:55:50:11:64:6b:
+ 64:3f:e3:67:3c:6c:c1:da:55:6c:7d:8d:87:18:40:6a:cb:13:
+ 17:3b:75:35:09:71:0b:e9:c4:7e:b1:a1:db:80:78:93:b3:5b:
+ d0:4e
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBEzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
@@ -43,12 +43,12 @@
MzAeFw0wOTAxMDEwMTAxMDFaFw0wOTAxMDIwMTAxMDFaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczNfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3MzX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvH/csf1SsA
-f9wA/kVcfSejixjaP9I2DFcrxEi+lwHxcc65gOYP0js2LSVXQR7ney5c0qwX/K5F
-EX+80DKg4wkBKSd63dL8E5rq2NFsvnOzBaj8OQX3zbD58rikXPnDIysFTv7aIkKA
-cDZmufRqAK7rkGDu6PxAbzw4tUFbvTrtAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBAA+aL4XxWP1/W7+v3erC
-+26Pyo8LJpEBZiDfXDnol8N8+sSPE9YGfm5RSSuK5wO1bWgqGIimBQfCnChbQ2Ay
-Tj59oG4/Q7TJqXd+uwFoBJYYnkjFDNH0PTtp7VcpParRZF/wB6d0chHYC2JpxH3K
-DF0HDbAGYrxTMulfpVsoEby8
+Y3MzX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALdgewhHCgXB
+bICahOLexhFl36bHMLs36a6eN5358zoYOO6+4PtrhPuTLFsen3p42iYox/tuny6P
++Voc6Avg8VxF9qAOWAFOhiC9/30MQUuyUFx4iTxKg89Zn+QXJ97qqv/IGfW3w2e9
+Xnh5jkYzGu82QPjyfrzKVIVXVuXnuFJNAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBACdArgyirV0oMFP+5DUx
+AuQa723slR4+oBUVMuiIRmhFp2Cfk3mr73j2LCPvofRxs5rxxk2sNKEk2E44Njy7
+kDCb5LOOVeAGxFrE8SOQ/bPvQN1NTCtVUBFka2Q/42c8bMHaVWx9jYcYQGrLExc7
+dTUJcQvpxH6xoduAeJOzW9BO
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/14.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/14.pem Wed Apr 27 20:30:32 2011 -0700
@@ -12,15 +12,15 @@
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:e2:a3:68:41:2d:e9:bf:94:11:27:37:94:63:8c:
- 27:88:88:90:7c:76:b7:61:8a:e4:00:39:5d:b3:7a:
- 27:a4:1b:25:7a:d6:4c:79:f2:82:c5:8d:93:0a:21:
- 5c:f5:37:fc:c3:c5:86:0c:02:37:8d:0f:ed:80:ad:
- 8f:3b:1d:9d:9b:99:03:52:99:7d:c0:9e:e7:7a:4e:
- 81:e9:fe:06:9e:94:78:38:29:97:a6:02:8a:35:ee:
- bc:d9:99:3c:c0:93:11:53:71:35:57:fd:2d:ea:b0:
- a6:43:d8:04:d8:ef:55:61:fe:b6:33:23:aa:c5:fb:
- 43:61:ff:ac:02:90:b9:a3:7d
+ 00:d7:42:45:a6:d0:f4:a9:54:6d:c8:4d:42:e8:05:
+ a4:33:25:f1:b7:eb:20:df:33:26:6e:ca:30:63:57:
+ df:d3:a9:02:b0:29:f3:cb:7b:64:77:34:7e:1d:c7:
+ a8:2c:ca:73:23:22:43:71:6c:33:9e:89:0e:89:ce:
+ 6d:db:2b:f3:5a:af:e3:dc:f3:1c:48:64:60:5d:57:
+ e6:17:6b:e6:61:4b:cb:e0:a9:e3:1c:aa:f6:70:34:
+ b4:8b:d8:19:e6:26:06:60:24:82:c6:d8:5d:87:de:
+ 99:2b:0d:78:db:92:f2:c2:24:65:8b:f8:07:b6:fe:
+ 17:8d:bb:4f:c7:c0:ae:24:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,14 +28,14 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 2c:43:e8:be:8b:6f:45:f2:ae:4a:ce:f8:dc:5f:bb:0f:86:db:
- 5b:a7:81:30:2e:92:a8:15:3a:4a:97:cf:48:48:c6:d4:d6:ce:
- 4c:7f:b0:fe:74:36:9b:7c:0c:27:9c:af:4e:51:1a:7e:aa:52:
- 5e:f8:06:10:6f:38:d1:47:8b:dd:08:53:e8:66:e5:34:84:d1:
- 5b:6c:9d:ff:38:c1:af:17:3a:c9:bd:91:c7:f1:f0:b1:35:38:
- 36:5b:45:44:12:9c:a4:36:d7:4a:2a:34:3a:c2:20:ec:a3:99:
- e1:e8:b4:e5:1c:38:16:30:e7:cf:4d:92:0d:9b:9f:71:5e:9f:
- 31:1e
+ b9:09:ff:d1:80:e1:9e:05:e8:27:40:d0:d3:76:d7:b6:72:cd:
+ 4a:e4:d8:b7:e2:14:90:3a:74:61:b3:c8:3c:7c:bd:2e:9c:9d:
+ 62:0d:cd:9b:e9:36:ba:aa:87:f7:c7:e4:3a:6c:5d:d9:99:d5:
+ 33:a0:5a:3f:fd:5e:06:62:11:ad:ca:33:9d:0a:59:8a:a9:0e:
+ 6e:4a:d8:6f:da:ff:96:89:e3:8a:3b:5e:a6:b4:8c:93:ff:70:
+ 4d:d2:32:f8:44:c0:ff:84:65:b0:1f:59:4a:2c:10:d7:5e:a6:
+ ed:5b:a8:e2:eb:42:e0:0d:7b:f5:43:ca:1a:9a:cd:df:e6:f8:
+ 4d:d5
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBFDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
@@ -43,12 +43,12 @@
MzAeFw0zNTAxMDEwMTAxMDFaFw0zNTAxMDIwMTAxMDFaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczRfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3M0X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOKjaEEt6b+U
-ESc3lGOMJ4iIkHx2t2GK5AA5XbN6J6QbJXrWTHnygsWNkwohXPU3/MPFhgwCN40P
-7YCtjzsdnZuZA1KZfcCe53pOgen+Bp6UeDgpl6YCijXuvNmZPMCTEVNxNVf9Leqw
-pkPYBNjvVWH+tjMjqsX7Q2H/rAKQuaN9AgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBACxD6L6Lb0XyrkrO+Nxf
-uw+G21ungTAukqgVOkqXz0hIxtTWzkx/sP50Npt8DCecr05RGn6qUl74BhBvONFH
-i90IU+hm5TSE0Vtsnf84wa8XOsm9kcfx8LE1ODZbRUQSnKQ210oqNDrCIOyjmeHo
-tOUcOBYw589Nkg2bn3FenzEe
+Y3M0X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdCRabQ9KlU
+bchNQugFpDMl8bfrIN8zJm7KMGNX39OpArAp88t7ZHc0fh3HqCzKcyMiQ3FsM56J
+DonObdsr81qv49zzHEhkYF1X5hdr5mFLy+Cp4xyq9nA0tIvYGeYmBmAkgsbYXYfe
+mSsNeNuS8sIkZYv4B7b+F427T8fAriTJAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBALkJ/9GA4Z4F6CdA0NN2
+17ZyzUrk2LfiFJA6dGGzyDx8vS6cnWINzZvpNrqqh/fH5DpsXdmZ1TOgWj/9XgZi
+Ea3KM50KWYqpDm5K2G/a/5aJ44o7Xqa0jJP/cE3SMvhEwP+EZbAfWUosENdepu1b
+qOLrQuANe/VDyhqazd/m+E3V
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/15.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/15.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:28 2011 GMT
- Not After : Dec 15 00:49:28 2013 GMT
+ Not Before: Apr 11 22:37:45 2011 GMT
+ Not After : Jan 5 22:37:45 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs5_ch1_ta3/emailAddress=cs5_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bc:38:5a:89:55:f2:97:d1:61:2a:da:f0:93:31:
- 58:82:70:d0:fd:23:09:38:82:02:d4:f7:cb:a6:27:
- c0:cf:76:6e:67:03:78:f5:6c:92:77:b6:8a:f4:a8:
- 36:6e:de:e3:7c:bd:0d:09:c9:7c:92:3a:be:c9:b1:
- 2b:18:2a:8c:39:6b:b1:18:a7:34:dc:95:8d:cd:4d:
- 66:78:56:38:56:2c:a2:9f:5e:4d:14:c3:aa:f8:7f:
- 20:98:1a:53:4b:f5:20:42:f5:b4:30:d7:62:ea:6d:
- 54:e4:71:55:0c:1c:1c:41:54:7a:2a:48:b1:d0:8e:
- a6:82:7c:2b:81:cb:a5:b3:53
+ 00:c0:be:66:e6:55:cb:9e:d6:d2:7b:d3:b2:34:fb:
+ c9:74:d5:30:4f:62:1c:68:bd:13:97:08:b7:8c:b6:
+ 4e:dd:7f:98:a5:e2:2f:2e:9c:74:92:01:43:62:8e:
+ 9c:62:23:3e:b6:e4:e2:18:2b:3f:ae:fb:17:e7:d8:
+ c4:28:27:27:d9:3e:5c:d1:8f:51:b7:10:4c:44:f6:
+ bb:6b:24:7c:2e:09:bc:fb:8a:af:fa:e4:ce:94:2f:
+ 27:cd:3d:e7:be:93:4b:62:37:f5:f1:a8:8e:7e:76:
+ 92:62:7b:02:41:98:c2:f6:ff:68:8e:d2:1d:fb:9e:
+ f1:45:f5:6a:9c:8d:28:23:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage:
Encipher Only
Signature Algorithm: sha256WithRSAEncryption
- 3b:c7:de:1c:36:d2:6d:85:e3:8e:2d:4c:fa:74:f7:2a:75:0b:
- 1b:b4:79:2f:26:0a:3e:7f:b0:44:12:67:e8:89:f1:6e:ca:2d:
- e6:18:21:27:cb:e2:7f:61:63:ba:f5:0b:91:40:98:22:cd:51:
- 16:54:c1:00:a9:89:39:79:20:a4:6b:e5:59:ed:9e:ef:c0:2f:
- e0:3c:2c:8b:ed:fb:1c:2a:8d:87:5b:b7:49:14:bb:b1:5a:36:
- 13:9d:b4:2a:99:1f:b5:02:9b:07:70:62:aa:c0:92:98:6b:f7:
- 4a:73:c5:17:a4:5e:b0:09:b2:61:6a:af:62:64:d5:b9:a6:ac:
- 09:34
+ 26:c1:64:ae:88:f7:19:f6:4f:f6:89:c9:d4:4e:46:cc:8f:51:
+ d3:b0:1c:d5:54:08:b0:5c:a7:51:48:24:be:e5:9f:d1:79:8b:
+ fb:92:84:aa:92:c6:2f:b1:76:e2:f2:21:f7:f1:5d:05:c3:5c:
+ 01:90:20:8c:46:9e:a2:b9:dd:71:4f:a4:b9:3a:15:d3:74:98:
+ 59:bf:f8:44:c5:a4:99:67:01:e7:d6:52:8d:2f:02:3a:f4:e8:
+ c8:b3:9c:f3:35:18:4e:41:03:a7:b6:b3:5c:84:61:43:6b:95:
+ b4:84:d1:c1:72:29:ac:d5:6f:e4:6c:f1:86:b6:eb:09:77:1e:
+ 89:92
-----BEGIN CERTIFICATE-----
MIICezCCAeSgAwIBAgIBFTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjhaFw0xMzEyMTUwMDQ5MjhaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDVaFw0xNDAxMDUyMjM3NDVaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczVfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3M1X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALw4WolV8pfR
-YSra8JMxWIJw0P0jCTiCAtT3y6YnwM92bmcDePVskne2ivSoNm7e43y9DQnJfJI6
-vsmxKxgqjDlrsRinNNyVjc1NZnhWOFYsop9eTRTDqvh/IJgaU0v1IEL1tDDXYupt
-VORxVQwcHEFUeipIsdCOpoJ8K4HLpbNTAgMBAAGjHTAbMAwGA1UdEwEB/wQCMAAw
-CwYDVR0PBAQDAgABMA0GCSqGSIb3DQEBCwUAA4GBADvH3hw20m2F444tTPp09yp1
-Cxu0eS8mCj5/sEQSZ+iJ8W7KLeYYISfL4n9hY7r1C5FAmCLNURZUwQCpiTl5IKRr
-5Vntnu/AL+A8LIvt+xwqjYdbt0kUu7FaNhOdtCqZH7UCmwdwYqrAkphr90pzxRek
-XrAJsmFqr2Jk1bmmrAk0
+Y3M1X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMC+ZuZVy57W
+0nvTsjT7yXTVME9iHGi9E5cIt4y2Tt1/mKXiLy6cdJIBQ2KOnGIjPrbk4hgrP677
+F+fYxCgnJ9k+XNGPUbcQTET2u2skfC4JvPuKr/rkzpQvJ809576TS2I39fGojn52
+kmJ7AkGYwvb/aI7SHfue8UX1apyNKCPBAgMBAAGjHTAbMAwGA1UdEwEB/wQCMAAw
+CwYDVR0PBAQDAgABMA0GCSqGSIb3DQEBCwUAA4GBACbBZK6I9xn2T/aJydRORsyP
+UdOwHNVUCLBcp1FIJL7ln9F5i/uShKqSxi+xduLyIffxXQXDXAGQIIxGnqK53XFP
+pLk6FdN0mFm/+ETFpJlnAefWUo0vAjr06MiznPM1GE5BA6e2s1yEYUNrlbSE0cFy
+KazVb+Rs8Ya26wl3HomS
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/16.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/16.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:28 2011 GMT
- Not After : Dec 15 00:49:28 2013 GMT
+ Not Before: Apr 11 22:37:45 2011 GMT
+ Not After : Jan 5 22:37:45 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs6_ch1_ta3/emailAddress=cs6_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:af:e7:4a:85:57:4a:4a:33:36:44:2a:8c:34:c1:
- 49:47:13:f6:c7:2e:b3:e5:92:c0:be:b6:74:ba:61:
- 1b:90:cf:09:1e:2f:d4:3a:d1:fa:1d:76:63:5d:2d:
- 8f:0d:78:c5:93:a1:bf:ec:51:99:7f:90:57:2d:9e:
- 41:46:fc:6a:e1:03:63:41:78:d7:84:cf:5e:d4:dd:
- 37:11:1e:cc:37:05:b7:19:ce:9a:5e:eb:75:8b:19:
- 95:1f:94:d3:d2:b2:ff:88:26:c5:6f:33:59:ad:7b:
- 70:8e:c9:95:dd:cc:31:f0:a7:69:d0:97:e0:cb:7b:
- 42:f1:ea:e5:ed:0d:b7:b3:db
+ 00:c7:77:32:f6:35:5a:29:de:dc:61:89:a9:7e:d3:
+ 4f:ac:a1:db:f1:7f:58:1c:d3:46:a8:eb:61:62:80:
+ d0:cf:40:6b:a4:39:ac:fb:f3:e4:a2:47:53:78:d4:
+ cd:5a:5f:b1:c0:e8:2c:81:2d:00:98:d5:2f:6b:e9:
+ e7:85:e6:0e:1e:46:d6:22:b9:f3:a7:e0:6c:18:ea:
+ 42:33:cd:c0:9c:e0:98:ec:29:67:39:c4:a3:f7:69:
+ 8b:04:66:f5:a2:3c:08:1b:24:e5:ba:d4:57:5b:14:
+ f1:f2:c8:2b:0f:22:ae:6e:d1:ca:85:01:e6:75:82:
+ 03:df:7a:ed:96:8a:64:2f:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Encipher Only
Signature Algorithm: sha256WithRSAEncryption
- 7d:42:18:30:29:c0:f1:62:57:00:97:dd:b3:b6:87:f5:af:5e:
- c6:32:71:5e:06:6b:e2:04:04:89:f2:3d:cc:e2:07:92:8a:90:
- be:47:58:6e:dc:9a:c6:f0:85:88:a0:a9:38:58:ee:32:65:a8:
- e8:71:c3:9a:1f:f4:d2:b1:f6:01:46:46:cb:69:1a:9a:c1:7c:
- d0:ca:93:fd:e0:60:22:db:d6:82:03:2e:d7:f8:23:0d:e1:a3:
- 4e:5b:6e:61:b2:41:b0:96:78:d8:ae:5e:be:6a:7a:28:b6:83:
- 0d:f2:a8:dc:92:89:6c:55:ae:25:98:8a:0d:0c:1f:9d:72:85:
- 3c:2d
+ 7b:52:05:af:d4:77:41:4d:3f:cf:39:bd:33:a2:82:96:38:df:
+ a5:f7:ab:44:a3:b4:fc:13:ad:f5:d0:48:81:34:10:12:e9:c7:
+ 47:3f:13:1d:0a:20:8c:a7:df:23:a1:f5:5c:05:58:7a:ff:58:
+ 61:57:25:2c:36:22:10:e6:a4:d4:e3:f4:ad:b3:35:a9:91:93:
+ 24:52:f6:28:4c:90:12:98:31:9b:31:8c:64:2f:79:df:d1:f1:
+ 6e:d2:43:84:fe:bf:e5:ea:a9:74:6c:ce:cd:44:89:6b:df:bf:
+ 7c:dd:77:24:0b:18:07:42:89:41:b3:2c:60:30:db:75:05:82:
+ 15:85
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBFjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjhaFw0xMzEyMTUwMDQ5MjhaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDVaFw0xNDAxMDUyMjM3NDVaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczZfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3M2X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/nSoVXSkoz
-NkQqjDTBSUcT9scus+WSwL62dLphG5DPCR4v1DrR+h12Y10tjw14xZOhv+xRmX+Q
-Vy2eQUb8auEDY0F414TPXtTdNxEezDcFtxnOml7rdYsZlR+U09Ky/4gmxW8zWa17
-cI7Jld3MMfCnadCX4Mt7QvHq5e0Nt7PbAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgABMA0GCSqGSIb3DQEBCwUAA4GBAH1CGDApwPFiVwCX3bO2
-h/WvXsYycV4Ga+IEBInyPcziB5KKkL5HWG7cmsbwhYigqThY7jJlqOhxw5of9NKx
-9gFGRstpGprBfNDKk/3gYCLb1oIDLtf4Iw3ho05bbmGyQbCWeNiuXr5qeii2gw3y
-qNySiWxVriWYig0MH51yhTwt
+Y3M2X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMd3MvY1Wine
+3GGJqX7TT6yh2/F/WBzTRqjrYWKA0M9Aa6Q5rPvz5KJHU3jUzVpfscDoLIEtAJjV
+L2vp54XmDh5G1iK586fgbBjqQjPNwJzgmOwpZznEo/dpiwRm9aI8CBsk5brUV1sU
+8fLIKw8irm7RyoUB5nWCA9967ZaKZC9fAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgABMA0GCSqGSIb3DQEBCwUAA4GBAHtSBa/Ud0FNP885vTOi
+gpY436X3q0SjtPwTrfXQSIE0EBLpx0c/Ex0KIIyn3yOh9VwFWHr/WGFXJSw2IhDm
+pNTj9K2zNamRkyRS9ihMkBKYMZsxjGQved/R8W7SQ4T+v+XqqXRszs1EiWvfv3zd
+dyQLGAdCiUGzLGAw23UFghWF
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/17.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/17.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,48 +5,48 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:28 2011 GMT
- Not After : Dec 15 00:49:28 2013 GMT
+ Not Before: Apr 11 22:37:46 2011 GMT
+ Not After : Jan 5 22:37:46 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs7_ch1_ta3/emailAddress=cs7_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bb:2d:57:4a:c4:d9:24:b6:78:a5:dc:9d:7b:b9:
- 68:c6:63:fc:d4:8a:90:b8:24:50:8d:b9:34:5b:c0:
- ec:16:bf:c9:30:e0:80:70:7a:6c:9e:55:48:95:13:
- 16:20:5b:a1:7b:10:de:e8:12:65:21:c5:bf:b9:36:
- 35:76:4f:79:66:49:82:76:69:a1:22:8e:d1:4c:d9:
- 21:e6:50:b8:31:f1:66:54:20:cc:98:a9:22:bd:53:
- d2:af:f6:f0:09:ca:1b:a9:85:a5:61:51:66:1d:54:
- 58:12:6f:35:5b:ac:4c:7a:8b:4f:63:38:49:e5:d8:
- 02:88:46:75:73:f2:40:fe:c9
+ 00:c8:97:06:72:77:82:e7:03:53:56:f7:71:5c:f4:
+ b5:ae:e1:22:08:f7:a7:70:47:2f:ad:6f:af:a9:39:
+ c3:73:ca:f5:d5:54:e9:3d:46:f8:a4:a1:1a:27:d5:
+ 1a:c6:90:c9:4b:c1:21:32:06:9b:56:d7:23:3c:23:
+ d9:aa:2a:17:15:61:0c:cc:08:e7:60:af:55:e6:9e:
+ e2:24:bd:1f:e9:04:e8:09:ed:f4:a3:d8:5e:24:91:
+ 95:3e:9f:7e:f7:64:66:60:08:7d:cf:ac:b6:f4:6b:
+ 72:28:61:8c:dc:51:4d:00:3e:4d:67:70:0e:ae:3c:
+ 37:99:28:47:e7:61:fe:a3:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
- 6f:28:9e:58:6f:5f:79:47:4e:4c:cc:16:0b:d7:7b:f7:47:bd:
- 3c:2c:0a:5c:7b:9f:18:15:ae:5f:77:85:7e:9b:a5:0b:67:86:
- 6f:b6:1b:a1:18:c8:c2:1d:e9:5d:1b:af:31:0f:59:18:95:4a:
- 1b:0c:59:1d:99:3a:63:53:95:b5:f2:8f:3d:52:5d:9c:9d:e0:
- 25:0e:1b:b6:38:e8:d6:8b:a6:f0:43:c9:c3:9f:f1:6f:6a:de:
- 4d:24:aa:06:44:8a:c5:ab:8f:d4:53:64:30:44:e2:23:2c:ae:
- 80:b0:ca:f2:56:7d:bd:23:62:fa:70:25:eb:0c:79:20:98:f9:
- 54:25
+ 7a:58:f4:9c:bc:64:08:aa:dc:9c:e2:d3:a0:92:cb:1a:b3:75:
+ c9:c7:39:07:84:cb:4a:0f:07:2c:b8:5d:8a:a3:22:69:2e:63:
+ 04:d8:16:5f:8d:e8:11:de:fc:f5:df:a3:6c:c9:f0:c2:d7:5d:
+ 6c:43:3c:e2:ae:ed:b2:01:cf:e1:77:b3:85:76:bb:76:f7:c9:
+ cd:50:7f:17:b7:82:22:ed:d9:1c:82:bf:da:3f:28:72:c5:45:
+ e3:08:96:ba:45:22:76:bb:b4:9d:f6:e1:a0:64:36:9b:a2:e2:
+ 83:64:b1:76:1d:09:2f:6c:4b:a9:9b:00:e3:79:cf:7d:0b:91:
+ b3:95
-----BEGIN CERTIFICATE-----
MIICbjCCAdegAwIBAgIBFzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjhaFw0xMzEyMTUwMDQ5MjhaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDZaFw0xNDAxMDUyMjM3NDZaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczdfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3M3X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALstV0rE2SS2
-eKXcnXu5aMZj/NSKkLgkUI25NFvA7Ba/yTDggHB6bJ5VSJUTFiBboXsQ3ugSZSHF
-v7k2NXZPeWZJgnZpoSKO0UzZIeZQuDHxZlQgzJipIr1T0q/28AnKG6mFpWFRZh1U
-WBJvNVusTHqLT2M4SeXYAohGdXPyQP7JAgMBAAGjEDAOMAwGA1UdEwEB/wQCMAAw
-DQYJKoZIhvcNAQELBQADgYEAbyieWG9feUdOTMwWC9d790e9PCwKXHufGBWuX3eF
-fpulC2eGb7YboRjIwh3pXRuvMQ9ZGJVKGwxZHZk6Y1OVtfKPPVJdnJ3gJQ4btjjo
-1oum8EPJw5/xb2reTSSqBkSKxauP1FNkMETiIyyugLDK8lZ9vSNi+nAl6wx5IJj5
-VCU=
+Y3M3X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMiXBnJ3gucD
+U1b3cVz0ta7hIgj3p3BHL61vr6k5w3PK9dVU6T1G+KShGifVGsaQyUvBITIGm1bX
+Izwj2aoqFxVhDMwI52CvVeae4iS9H+kE6Ant9KPYXiSRlT6ffvdkZmAIfc+stvRr
+cihhjNxRTQA+TWdwDq48N5koR+dh/qNzAgMBAAGjEDAOMAwGA1UdEwEB/wQCMAAw
+DQYJKoZIhvcNAQELBQADgYEAelj0nLxkCKrcnOLToJLLGrN1ycc5B4TLSg8HLLhd
+iqMiaS5jBNgWX43oEd789d+jbMnwwtddbEM84q7tsgHP4XezhXa7dvfJzVB/F7eC
+Iu3ZHIK/2j8ocsVF4wiWukUidru0nfbhoGQ2m6Lig2Sxdh0JL2xLqZsA43nPfQuR
+s5U=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/18.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/18.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:29 2011 GMT
- Not After : Dec 15 00:49:29 2013 GMT
+ Not Before: Apr 11 22:37:46 2011 GMT
+ Not After : Jan 5 22:37:46 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs8_ch1_ta3/emailAddress=cs8_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d8:42:22:89:49:49:9b:1f:c3:68:43:93:5b:e7:
- be:cd:d6:0d:24:cb:d8:6a:bd:64:c3:8f:31:6f:4f:
- 38:c4:ca:39:4e:16:35:32:88:bb:03:f0:04:06:aa:
- e4:e1:11:24:db:b1:e2:d1:1b:3a:45:49:da:0f:36:
- b6:79:85:4a:42:e4:01:83:75:4d:1e:81:69:30:f0:
- 64:20:19:63:c0:d4:5d:50:76:bb:a8:e4:56:b7:bb:
- e0:54:64:f9:73:c7:eb:84:a6:da:4a:58:16:00:a8:
- cb:e5:c5:b0:1f:ad:eb:fc:2c:08:93:ee:2e:a3:26:
- 13:3c:a6:46:64:a5:df:f6:57
+ 00:c4:da:c4:d3:72:c2:65:ec:7f:b8:41:e3:c7:14:
+ 83:bb:fc:9e:d5:87:15:5f:eb:52:da:cb:f4:c7:db:
+ 2f:58:65:01:0e:0e:d5:27:cf:c5:e5:2c:ce:99:7f:
+ 0f:48:8c:4f:54:47:6b:4b:5e:90:3f:95:96:60:b8:
+ 8e:39:1f:a9:cc:38:b6:9f:21:6d:4e:69:2e:14:c5:
+ 71:fe:e1:e1:44:24:d4:74:45:4a:9f:88:64:36:96:
+ f7:ba:74:1e:88:f9:6d:ac:e9:25:f0:74:58:c6:13:
+ b9:05:ab:fa:0e:5c:77:fc:a1:3d:48:9c:78:90:f8:
+ 67:41:99:7c:bf:45:6a:67:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 30:5f:8a:7d:24:03:2b:2a:c1:cf:07:27:e0:f6:d4:1e:fe:8a:
- cf:57:06:6b:60:70:41:b2:53:75:14:b9:f8:1c:b7:f0:02:44:
- 4d:89:78:51:7d:3a:b9:b2:f9:54:76:67:ab:53:11:ac:b2:ac:
- 75:5d:48:f7:55:c4:0a:e4:03:3d:ba:30:75:f1:a1:28:71:3e:
- 9e:e5:35:84:70:54:a4:d7:f0:ca:5b:29:33:3e:6b:32:88:eb:
- 49:9d:46:c7:12:75:96:ec:81:91:b8:5e:01:a6:c1:ec:05:a2:
- 84:46:9b:39:60:7b:91:d1:9e:4f:c8:dd:00:15:f3:aa:1a:e4:
- 32:85
+ 1d:d4:91:76:de:42:bb:70:5b:57:39:fe:bd:50:85:66:ee:7c:
+ c7:7c:7c:00:18:71:73:50:5a:70:04:43:ca:81:23:2a:42:c8:
+ 8e:34:91:b9:8b:b8:f7:37:b0:08:3f:ee:b2:5f:a2:fd:03:b1:
+ 59:d1:ff:cf:b6:73:f6:82:51:0a:73:a0:43:79:36:a2:c4:fb:
+ 98:6c:64:bc:3a:f5:b9:c5:e7:c1:cf:76:fb:73:23:d3:47:e2:
+ a9:19:60:08:a7:c8:1b:c3:73:24:f9:8d:dc:bf:ae:5d:5b:fe:
+ 48:d0:06:a7:33:e5:d8:db:4c:c9:82:a0:32:c1:1e:45:67:67:
+ ce:54
-----BEGIN CERTIFICATE-----
MIICgTCCAeqgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjlaFw0xMzEyMTUwMDQ5MjlaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDZaFw0xNDAxMDUyMjM3NDZaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczhfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3M4X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANhCIolJSZsf
-w2hDk1vnvs3WDSTL2Gq9ZMOPMW9POMTKOU4WNTKIuwPwBAaq5OERJNux4tEbOkVJ
-2g82tnmFSkLkAYN1TR6BaTDwZCAZY8DUXVB2u6jkVre74FRk+XPH64Sm2kpYFgCo
-y+XFsB+t6/wsCJPuLqMmEzymRmSl3/ZXAgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMB
-Af8wDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBADBfin0kAysqwc8H
-J+D21B7+is9XBmtgcEGyU3UUufgct/ACRE2JeFF9Ormy+VR2Z6tTEayyrHVdSPdV
-xArkAz26MHXxoShxPp7lNYRwVKTX8MpbKTM+azKI60mdRscSdZbsgZG4XgGmwewF
-ooRGmzlge5HRnk/I3QAV86oa5DKF
+Y3M4X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTaxNNywmXs
+f7hB48cUg7v8ntWHFV/rUtrL9MfbL1hlAQ4O1SfPxeUszpl/D0iMT1RHa0tekD+V
+lmC4jjkfqcw4tp8hbU5pLhTFcf7h4UQk1HRFSp+IZDaW97p0Hoj5bazpJfB0WMYT
+uQWr+g5cd/yhPUiceJD4Z0GZfL9FamfvAgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBAB3UkXbeQrtwW1c5
+/r1QhWbufMd8fAAYcXNQWnAEQ8qBIypCyI40kbmLuPc3sAg/7rJfov0DsVnR/8+2
+c/aCUQpzoEN5NqLE+5hsZLw69bnF58HPdvtzI9NH4qkZYAinyBvDcyT5jdy/rl1b
+/kjQBqcz5djbTMmCoDLBHkVnZ85U
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/19.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/19.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs8_ch1_ta3/emailAddress=cs8_ch1_ta3
Validity
- Not Before: Mar 21 00:49:29 2011 GMT
- Not After : Dec 15 00:49:29 2013 GMT
+ Not Before: Apr 11 22:37:46 2011 GMT
+ Not After : Jan 5 22:37:46 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_cs8_ch1_ta3/emailAddress=cs1_cs8_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b7:e1:e5:53:8b:fe:2e:f4:82:1a:1a:10:f8:1d:
- 3f:0f:04:e4:35:8b:19:20:11:af:ad:c2:ff:5a:12:
- 04:f0:4e:4d:3a:b3:ce:42:c3:c5:ad:2a:ca:87:04:
- c2:f3:8a:5c:22:c9:b9:d5:08:ba:5c:9c:1a:06:d8:
- db:ea:70:6c:0a:8c:22:0a:9c:9b:ea:4d:0f:d9:98:
- da:df:d8:cd:26:82:f8:ae:77:93:6a:16:3f:54:eb:
- c1:c7:fc:94:bb:05:dc:9d:cf:ae:bc:71:e9:f0:4a:
- 09:d7:06:14:d4:db:63:d6:b2:bc:84:9f:90:a0:21:
- 75:45:2b:f3:2c:fa:e8:98:cd
+ 00:a8:89:d6:f6:e1:32:a9:bc:a5:c2:c8:00:1c:a1:
+ 04:fc:93:5a:5c:29:1d:37:7e:29:e1:7f:69:79:24:
+ ab:05:5a:83:71:d8:3c:bb:e5:1c:b8:e0:5e:a8:bd:
+ 41:06:cb:69:f6:d2:b9:48:c4:93:7c:ae:c6:38:bc:
+ d7:9a:f2:db:8d:f9:5f:51:c4:1b:d2:c5:0e:57:6d:
+ 0b:73:19:a8:34:e6:5b:81:80:43:77:3a:8e:54:59:
+ 91:69:a9:aa:9f:2b:24:24:1e:06:e8:bc:f2:3f:c3:
+ ee:33:3f:f4:5f:76:fd:24:05:48:a8:98:2f:15:eb:
+ 16:d5:24:6b:ea:59:e6:06:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 80:df:ac:6d:f0:f0:d8:14:72:fa:cc:20:8d:9b:58:f2:1e:bf:
- a1:31:02:e6:2c:09:fe:2e:c2:d9:02:b4:14:57:9a:60:ea:20:
- 69:5e:ea:ff:30:86:fe:57:6b:f0:39:68:23:d3:0c:aa:82:dc:
- 2e:47:91:66:a2:05:14:c8:f9:a1:21:7b:77:19:16:fb:6f:52:
- a6:04:a1:13:cb:89:b3:1e:fe:d0:f4:e4:9b:4a:65:4a:59:a6:
- 12:1f:0b:ed:82:bb:06:4b:da:73:52:d5:3f:c7:8a:b2:ba:3f:
- 78:73:d6:11:ae:94:62:18:db:86:da:1d:87:75:47:df:66:89:
- 6e:3d
+ 27:04:6d:7c:c0:89:81:f7:16:04:e2:f7:f1:4a:3b:60:17:4d:
+ f2:c3:0b:78:32:a5:f0:b4:e4:4e:2e:8e:06:d6:2d:3a:65:33:
+ a1:16:60:47:78:1f:f3:d3:72:c5:c7:43:f8:bb:0e:22:2a:7b:
+ a6:3e:9c:1e:40:c8:71:ff:28:82:0b:d9:93:8c:b9:f6:a2:ca:
+ d5:52:81:b6:b7:a1:20:09:e8:8a:68:e5:24:d1:dd:da:dc:1a:
+ 01:3d:e5:77:77:fe:64:f5:b6:14:f9:8b:04:3f:11:7e:62:f5:
+ ee:01:7c:d9:d5:b7:00:19:a9:49:05:94:0b:30:22:63:d2:0d:
+ 3e:7a
-----BEGIN CERTIFICATE-----
MIICjzCCAfigAwIBAgIBGTANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEUMBIGA1UEAxQLY3M4X2NoMV90YTMxGjAYBgkqhkiG9w0BCQEWC2Nz
-OF9jaDFfdGEzMB4XDTExMDMyMTAwNDkyOVoXDTEzMTIxNTAwNDkyOVowgYAxCzAJ
+OF9jaDFfdGEzMB4XDTExMDQxMTIyMzc0NloXDTE0MDEwNTIyMzc0NlowgYAxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MRgwFgYDVQQDFA9jczFfY3M4X2NoMV90YTMxHjAc
BgkqhkiG9w0BCQEWD2NzMV9jczhfY2gxX3RhMzCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAt+HlU4v+LvSCGhoQ+B0/DwTkNYsZIBGvrcL/WhIE8E5NOrPOQsPF
-rSrKhwTC84pcIsm51Qi6XJwaBtjb6nBsCowiCpyb6k0P2Zja39jNJoL4rneTahY/
-VOvBx/yUuwXcnc+uvHHp8EoJ1wYU1Ntj1rK8hJ+QoCF1RSvzLPromM0CAwEAAaMg
+jQAwgYkCgYEAqInW9uEyqbylwsgAHKEE/JNaXCkdN34p4X9peSSrBVqDcdg8u+Uc
+uOBeqL1BBstp9tK5SMSTfK7GOLzXmvLbjflfUcQb0sUOV20LcxmoNOZbgYBDdzqO
+VFmRaamqnyskJB4G6LzyP8PuMz/0X3b9JAVIqJgvFesW1SRr6lnmBlECAwEAAaMg
MB4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQAD
-gYEAgN+sbfDw2BRy+swgjZtY8h6/oTEC5iwJ/i7C2QK0FFeaYOogaV7q/zCG/ldr
-8DloI9MMqoLcLkeRZqIFFMj5oSF7dxkW+29SpgShE8uJsx7+0PTkm0plSlmmEh8L
-7YK7Bkvac1LVP8eKsro/eHPWEa6UYhjbhtodh3VH32aJbj0=
+gYEAJwRtfMCJgfcWBOL38Uo7YBdN8sMLeDKl8LTkTi6OBtYtOmUzoRZgR3gf89Ny
+xcdD+LsOIip7pj6cHkDIcf8oggvZk4y59qLK1VKBtrehIAnoimjlJNHd2twaAT3l
+d3f+ZPW2FPmLBD8RfmL17gF82dW3ABmpSQWUCzAiY9INPno=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/1B.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/1B.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.1_ta3/emailAddress=ch1.1_ta3
Validity
- Not Before: Mar 21 00:49:29 2011 GMT
- Not After : Dec 15 00:49:29 2013 GMT
+ Not Before: Apr 11 22:37:47 2011 GMT
+ Not After : Jan 5 22:37:47 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1.1_ta3/emailAddress=cs1_ch1.1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:9e:9e:a5:8e:28:f4:bd:9e:0d:46:b9:af:dc:80:
- 5a:72:49:2f:c8:27:3c:66:ba:13:cb:57:04:0c:0b:
- a1:71:e2:a0:97:ba:08:79:8c:43:8a:c8:49:5c:8d:
- a9:b9:79:11:17:68:ea:ca:01:1b:68:0f:98:f6:86:
- eb:e6:3f:d6:c8:96:a0:b8:5b:93:89:9c:d7:bc:b7:
- 62:80:68:74:f8:bd:76:33:77:7c:13:ea:f3:53:dc:
- 30:ce:80:46:93:51:2e:6a:49:bd:bd:48:a7:44:0b:
- bf:a2:f7:79:b1:34:27:72:b0:e7:1e:13:3e:ec:0e:
- 7e:bf:00:eb:e3:ac:77:62:1f
+ 00:eb:05:16:da:3a:66:0f:5c:d8:26:83:38:fa:4f:
+ 60:0f:8c:42:06:b6:45:be:2e:ca:6c:fd:d8:a7:5f:
+ 14:70:e9:04:ee:f2:c7:40:b2:28:f4:d9:99:65:b0:
+ 2e:a2:e6:2c:df:42:72:12:92:ca:c1:6e:4d:2f:76:
+ 41:aa:22:bc:8d:f4:e8:40:78:61:b5:92:a7:43:ef:
+ 1c:55:19:31:a8:45:23:0f:b6:d5:32:44:35:dd:78:
+ d4:f1:80:39:68:d1:ac:c1:4d:18:e2:e5:4d:eb:a9:
+ cb:95:51:6c:c7:3a:50:ba:d3:4a:dc:7d:21:ad:ee:
+ 5a:36:5b:ce:34:1c:58:a7:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- ac:d1:6e:7d:ab:d7:f2:e1:83:3d:79:74:3f:c3:64:61:81:b0:
- 68:84:57:1d:3a:21:e4:93:ac:82:e2:11:e0:15:c6:bb:a1:b9:
- 7f:59:96:00:63:31:99:e9:77:d9:b1:cd:b5:87:3d:1e:96:ab:
- c1:1b:90:05:1c:b2:0b:f3:42:26:87:61:79:a7:0f:dc:fb:f3:
- e6:4f:65:ff:a1:2b:64:06:9e:82:82:45:a3:4f:0b:3c:67:31:
- c2:ea:6f:dd:06:d3:b5:a0:e0:d1:a0:a9:fd:1e:cb:e2:0b:82:
- 7d:aa:08:5f:bd:12:18:d4:1d:77:7e:35:1c:6e:67:68:bb:0b:
- a4:2c
+ 1d:bc:1d:73:ed:03:34:4b:73:87:24:58:03:61:5a:67:fc:64:
+ f5:5e:a0:db:84:be:f0:9d:91:37:36:fc:db:86:90:99:3a:c3:
+ 07:23:07:90:e5:5a:68:97:8f:b1:e8:d1:57:e5:a8:7e:b0:19:
+ 2b:b6:25:b0:42:56:da:0c:3c:a9:82:4d:af:8f:f0:b7:c0:c3:
+ d7:d2:4d:9f:c9:40:5c:72:c4:95:86:de:28:5d:64:fe:7d:fd:
+ 3d:51:33:90:7b:c0:9f:2b:5c:2f:36:29:a8:72:4f:4f:ad:44:
+ 0a:d5:b4:fe:1f:d4:01:82:07:ed:36:81:8b:b3:1d:1d:42:ab:
+ 53:bc
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBGzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2gxLjFfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEu
-MV90YTMwHhcNMTEwMzIxMDA0OTI5WhcNMTMxMjE1MDA0OTI5WjB8MQswCQYDVQQG
+MV90YTMwHhcNMTEwNDExMjIzNzQ3WhcNMTQwMTA1MjIzNzQ3WjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoMS4xX3RhMzEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoMS4xX3RhMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-np6ljij0vZ4NRrmv3IBackkvyCc8ZroTy1cEDAuhceKgl7oIeYxDishJXI2puXkR
-F2jqygEbaA+Y9obr5j/WyJaguFuTiZzXvLdigGh0+L12M3d8E+rzU9wwzoBGk1Eu
-akm9vUinRAu/ovd5sTQncrDnHhM+7A5+vwDr46x3Yh8CAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEArNFufavX
-8uGDPXl0P8NkYYGwaIRXHToh5JOsguIR4BXGu6G5f1mWAGMxmel32bHNtYc9Hpar
-wRuQBRyyC/NCJodheacP3Pvz5k9l/6ErZAaegoJFo08LPGcxwupv3QbTtaDg0aCp
-/R7L4guCfaoIX70SGNQdd341HG5naLsLpCw=
+6wUW2jpmD1zYJoM4+k9gD4xCBrZFvi7KbP3Yp18UcOkE7vLHQLIo9NmZZbAuouYs
+30JyEpLKwW5NL3ZBqiK8jfToQHhhtZKnQ+8cVRkxqEUjD7bVMkQ13XjU8YA5aNGs
+wU0Y4uVN66nLlVFsxzpQutNK3H0hre5aNlvONBxYp9MCAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAHbwdc+0D
+NEtzhyRYA2FaZ/xk9V6g24S+8J2RNzb824aQmTrDByMHkOVaaJePsejRV+WofrAZ
+K7YlsEJW2gw8qYJNr4/wt8DD19JNn8lAXHLElYbeKF1k/n39PVEzkHvAnytcLzYp
+qHJPT61ECtW0/h/UAYIH7TaBi7MdHUKrU7w=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/1D.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/1D.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.2_ta3/emailAddress=ch1.2_ta3
Validity
- Not Before: Mar 21 00:49:30 2011 GMT
- Not After : Dec 15 00:49:30 2013 GMT
+ Not Before: Apr 11 22:37:48 2011 GMT
+ Not After : Jan 5 22:37:48 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1.2_ta3/emailAddress=cs1_ch1.2_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:a1:cf:9c:66:1e:c9:07:ed:2b:39:8a:5f:e5:f2:
- f1:d3:f2:ad:01:f1:81:85:63:04:7f:b8:65:35:05:
- e6:bd:3d:28:97:96:54:bc:ae:1b:46:b5:5c:f5:c0:
- ac:75:63:4f:52:80:8b:4c:30:81:8e:85:96:a4:f1:
- 46:e7:77:1e:7f:3e:80:10:41:cc:e7:92:73:ad:fb:
- fb:0d:3a:2b:e2:d6:43:0e:ef:b9:54:06:2e:f7:1d:
- 1d:aa:57:49:06:3e:65:8e:a9:9d:09:0e:83:55:12:
- de:39:91:44:86:ba:d4:69:be:b8:89:a1:7b:8c:60:
- 39:30:ea:95:f9:03:3e:c4:53
+ 00:d7:e5:0a:18:00:54:5b:ee:5a:de:78:35:85:4f:
+ db:06:0c:e0:87:10:97:78:78:dc:2b:ab:95:86:3c:
+ 35:c4:42:1a:e8:c3:98:c8:5d:a1:25:a5:94:d6:8b:
+ 8e:73:e5:75:82:0a:e7:a0:47:3d:d3:16:86:3d:55:
+ 4c:2e:65:75:1b:6f:90:48:a6:4b:84:ee:76:81:56:
+ a0:36:17:9b:58:0c:45:a6:0c:b3:0c:f1:34:11:df:
+ 14:8e:99:be:22:a2:a5:62:65:f0:a8:57:57:39:b9:
+ 13:1c:8b:97:6d:fd:56:b7:ce:1b:cb:ff:ad:80:c6:
+ a3:0d:42:fe:bc:82:8f:4a:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 25:86:6a:6e:7a:be:f5:54:95:b2:ce:49:56:50:fa:ad:e3:34:
- 84:fe:d9:9e:fb:0e:73:f7:62:3c:c7:29:95:54:91:68:32:cb:
- 74:91:91:cc:68:a8:e4:12:07:b3:33:d9:f4:5e:bc:8e:0c:35:
- bf:cb:fa:fc:07:75:c1:35:1e:ea:03:2d:60:a8:d3:39:5b:af:
- 2f:67:d9:2d:98:da:48:4e:12:ee:87:1c:e5:db:42:7e:ca:45:
- 4c:23:3d:21:53:fc:ee:66:77:9d:09:08:44:55:9b:2a:0d:10:
- da:67:77:89:70:00:97:9b:eb:3a:b4:41:98:16:31:cf:bc:b5:
- 88:bf
+ 6b:92:5b:ba:16:e4:ff:58:0a:03:6e:d0:db:10:cb:1d:b3:b1:
+ 0f:b5:b7:51:52:82:41:8c:0f:c2:3a:75:9c:26:bf:1d:25:91:
+ bc:b4:ca:17:79:ee:d8:61:89:1c:de:b1:23:4f:35:58:4f:2d:
+ d9:f4:e8:9f:56:d1:83:cc:ac:70:cd:3c:51:6f:45:e1:50:47:
+ 06:17:61:cb:85:ed:d2:61:da:72:c6:79:4c:b9:7c:44:3a:c6:
+ a0:91:27:67:e5:e7:be:47:ee:fc:f4:c7:49:11:e5:65:3e:87:
+ f2:54:10:a9:41:24:6e:fb:ad:e5:4c:c8:e6:3f:9c:1c:61:41:
+ cd:a0
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBHTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2gxLjJfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEu
-Ml90YTMwHhcNMTEwMzIxMDA0OTMwWhcNMTMxMjE1MDA0OTMwWjB8MQswCQYDVQQG
+Ml90YTMwHhcNMTEwNDExMjIzNzQ4WhcNMTQwMTA1MjIzNzQ4WjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoMS4yX3RhMzEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoMS4yX3RhMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-oc+cZh7JB+0rOYpf5fLx0/KtAfGBhWMEf7hlNQXmvT0ol5ZUvK4bRrVc9cCsdWNP
-UoCLTDCBjoWWpPFG53cefz6AEEHM55Jzrfv7DTor4tZDDu+5VAYu9x0dqldJBj5l
-jqmdCQ6DVRLeOZFEhrrUab64iaF7jGA5MOqV+QM+xFMCAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAJYZqbnq+
-9VSVss5JVlD6reM0hP7ZnvsOc/diPMcplVSRaDLLdJGRzGio5BIHszPZ9F68jgw1
-v8v6/Ad1wTUe6gMtYKjTOVuvL2fZLZjaSE4S7occ5dtCfspFTCM9IVP87mZ3nQkI
-RFWbKg0Q2md3iXAAl5vrOrRBmBYxz7y1iL8=
+1+UKGABUW+5a3ng1hU/bBgzghxCXeHjcK6uVhjw1xEIa6MOYyF2hJaWU1ouOc+V1
+ggrnoEc90xaGPVVMLmV1G2+QSKZLhO52gVagNhebWAxFpgyzDPE0Ed8Ujpm+IqKl
+YmXwqFdXObkTHIuXbf1Wt84by/+tgMajDUL+vIKPSgMCAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAa5Jbuhbk
+/1gKA27Q2xDLHbOxD7W3UVKCQYwPwjp1nCa/HSWRvLTKF3nu2GGJHN6xI081WE8t
+2fTon1bRg8yscM08UW9F4VBHBhdhy4Xt0mHacsZ5TLl8RDrGoJEnZ+Xnvkfu/PTH
+SRHlZT6H8lQQqUEkbvut5UzI5j+cHGFBzaA=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/1F.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/1F.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.3_ta3/emailAddress=ch1.3_ta3
Validity
- Not Before: Mar 21 00:49:31 2011 GMT
- Not After : Dec 15 00:49:31 2013 GMT
+ Not Before: Apr 11 22:37:48 2011 GMT
+ Not After : Jan 5 22:37:48 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1.3_ta3/emailAddress=cs1_ch1.3_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:aa:61:a0:81:fa:99:8a:7d:cb:3e:99:2a:83:5b:
- 29:10:80:63:6c:51:35:6b:ed:fa:fe:09:07:bc:f1:
- c7:01:58:63:05:a9:1f:69:4c:36:c0:90:f6:e5:02:
- ba:d3:2d:ae:ee:53:80:61:18:d6:d6:60:58:8f:07:
- 14:ec:c2:3d:89:7b:33:90:1c:92:2f:91:fc:77:6b:
- 52:fa:cf:97:9e:22:69:62:de:25:b4:9b:52:bc:51:
- c7:04:9d:37:8b:cf:ec:3e:e5:62:76:bb:62:f8:34:
- 10:6b:28:86:0a:c5:20:e7:3e:e5:76:9f:97:31:2a:
- 04:0b:02:10:85:c8:48:bc:65
+ 00:b3:bb:8d:94:21:ec:dd:1d:bd:c4:ab:b9:04:17:
+ f2:ac:58:db:4b:93:f9:17:2d:16:fc:d1:a5:ea:ee:
+ e9:2e:4e:05:43:c2:4b:35:2e:ba:bc:70:f2:20:d7:
+ 53:64:ec:7f:84:ca:ce:eb:4d:ac:12:f0:55:6a:a9:
+ be:17:a9:ae:63:61:37:3a:72:91:b2:82:b6:c1:7e:
+ 07:39:28:5a:20:a3:db:a4:24:34:ca:78:c8:9e:26:
+ db:26:da:4f:b6:a6:cf:3f:23:d9:06:be:ad:d3:8f:
+ 23:41:51:49:f5:e3:63:91:68:a1:34:b9:3e:fd:da:
+ 22:07:86:a9:bd:58:93:84:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 76:14:29:01:64:51:13:47:26:13:73:43:4e:ac:a9:6b:6e:46:
- 04:32:7f:b7:f7:6c:6e:73:d1:d2:10:a3:4a:98:7f:c2:57:19:
- 18:d7:d6:a0:2d:e2:2b:17:4a:49:cc:d8:1e:63:0f:82:88:03:
- 2e:c2:cf:26:56:24:22:2a:48:73:54:08:97:a0:24:91:6a:05:
- 63:4a:1f:01:28:06:0b:03:93:b8:75:9e:44:2d:7e:45:6c:a6:
- c5:35:e0:0f:98:0c:a5:5a:2b:8a:c2:c1:83:f0:b6:b9:84:58:
- f5:de:d4:b8:68:7d:de:b5:a3:9a:a0:33:91:23:fa:6c:b8:32:
- 55:fb
+ 28:69:b9:22:7b:ff:dd:7f:a5:95:f6:67:73:2d:f0:85:e9:22:
+ 6e:ce:5e:f4:0e:39:90:56:a9:23:28:4a:73:d1:2f:4a:d5:dc:
+ fb:42:f2:c8:3c:a2:d7:97:08:ec:86:cc:72:65:23:21:88:e1:
+ be:67:8e:f8:44:7b:0e:b7:3f:04:75:db:4a:3f:32:e6:5a:e1:
+ 6a:8e:f7:e9:20:ae:2c:62:51:34:d4:b1:c0:3b:20:64:d0:8f:
+ b3:86:4b:e1:82:ff:a2:61:eb:3f:1d:bf:2f:11:d2:01:96:a0:
+ a5:0f:df:1f:c9:1c:34:64:97:7d:3e:97:70:bf:2b:68:2f:cf:
+ 91:52
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBHzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2gxLjNfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEu
-M190YTMwHhcNMTEwMzIxMDA0OTMxWhcNMTMxMjE1MDA0OTMxWjB8MQswCQYDVQQG
+M190YTMwHhcNMTEwNDExMjIzNzQ4WhcNMTQwMTA1MjIzNzQ4WjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoMS4zX3RhMzEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoMS4zX3RhMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-qmGggfqZin3LPpkqg1spEIBjbFE1a+36/gkHvPHHAVhjBakfaUw2wJD25QK60y2u
-7lOAYRjW1mBYjwcU7MI9iXszkBySL5H8d2tS+s+XniJpYt4ltJtSvFHHBJ03i8/s
-PuVidrti+DQQayiGCsUg5z7ldp+XMSoECwIQhchIvGUCAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAdhQpAWRR
-E0cmE3NDTqypa25GBDJ/t/dsbnPR0hCjSph/wlcZGNfWoC3iKxdKSczYHmMPgogD
-LsLPJlYkIipIc1QIl6AkkWoFY0ofASgGCwOTuHWeRC1+RWymxTXgD5gMpVorisLB
-g/C2uYRY9d7UuGh93rWjmqAzkSP6bLgyVfs=
+s7uNlCHs3R29xKu5BBfyrFjbS5P5Fy0W/NGl6u7pLk4FQ8JLNS66vHDyINdTZOx/
+hMrO602sEvBVaqm+F6muY2E3OnKRsoK2wX4HOShaIKPbpCQ0ynjInibbJtpPtqbP
+PyPZBr6t048jQVFJ9eNjkWihNLk+/doiB4apvViThCsCAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAKGm5Inv/
+3X+llfZncy3whekibs5e9A45kFapIyhKc9EvStXc+0LyyDyi15cI7IbMcmUjIYjh
+vmeO+ER7Drc/BHXbSj8y5lrhao736SCuLGJRNNSxwDsgZNCPs4ZL4YL/omHrPx2/
+LxHSAZagpQ/fH8kcNGSXfT6XcL8raC/PkVI=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/21.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/21.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.4_ta3/emailAddress=ch1.4_ta3
Validity
- Not Before: Mar 21 00:49:31 2011 GMT
- Not After : Dec 15 00:49:31 2013 GMT
+ Not Before: Apr 11 22:37:49 2011 GMT
+ Not After : Jan 5 22:37:49 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1.4_ta3/emailAddress=cs1_ch1.4_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:c6:b7:dc:6a:06:a3:1f:5a:98:5f:cd:0e:f1:c3:
- 40:bd:b3:9e:73:68:16:78:a1:5e:e9:a2:0c:32:68:
- 56:db:cb:9f:b8:dd:89:c1:f3:7b:b9:61:0e:9e:e1:
- ff:ad:b3:43:4d:c3:c9:9e:9a:5e:58:48:50:7b:b7:
- f8:20:0e:54:ce:4c:41:b8:b2:73:0a:6f:f1:0c:40:
- 3b:81:4a:a1:42:da:01:6a:cd:03:65:a6:83:ff:29:
- 41:40:45:31:d9:fd:7f:f4:e4:09:38:9f:66:a9:a4:
- d4:9a:a5:80:6a:9e:43:11:cc:7a:4f:13:84:cc:7f:
- 21:f9:4c:93:ec:d0:9c:f6:55
+ 00:ae:be:e2:6c:c9:bb:11:1a:16:90:72:55:8c:f5:
+ d6:64:e7:2d:5f:18:27:c7:1d:b5:6e:10:a4:8a:b9:
+ 0e:71:ef:d5:05:42:2b:12:da:79:51:58:08:2a:37:
+ e9:3d:47:93:4f:0f:d2:2b:29:b3:de:84:02:86:a2:
+ 75:40:59:ef:26:7b:e5:23:f2:db:91:62:e0:d7:08:
+ 02:4c:c8:05:bf:f1:fc:d3:1a:cb:59:f9:86:a0:7f:
+ 99:c8:3a:08:82:ba:5f:4f:62:d7:74:a5:2d:3e:b8:
+ 17:d5:ca:25:0b:59:34:d0:f0:a0:ec:3a:cc:8a:e0:
+ 22:1d:fb:d0:b2:cf:62:db:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 95:16:43:f9:f7:e3:76:6f:54:ff:74:78:05:e4:85:ae:b0:94:
- 72:db:f0:d9:99:f7:6d:b6:f7:35:f3:db:c5:87:65:0f:88:65:
- 8f:06:6f:f2:d7:5f:be:4f:e0:56:02:8e:f5:d5:42:22:48:74:
- 3b:23:f9:76:82:3d:b0:d6:51:cd:d9:76:bd:22:4d:6d:24:c7:
- 77:89:c5:9c:38:a9:db:f1:2b:16:16:11:e9:64:71:e3:a4:34:
- 9a:83:dd:d4:14:38:b6:bf:06:46:b3:a6:e3:d9:8b:e9:cb:5b:
- e1:fb:c1:30:34:aa:cf:1a:4d:66:39:5f:06:7e:39:ac:6e:01:
- 81:b7
+ 7a:92:69:a9:a5:d2:40:46:78:cf:22:7b:5c:36:44:e6:6b:00:
+ 78:ab:ca:ff:45:ad:77:d7:87:fc:92:5b:23:3c:dc:27:c2:0f:
+ ee:fe:40:f4:3c:46:46:8f:86:c1:94:ff:60:31:db:24:0c:9c:
+ 46:bb:fb:c6:80:55:61:dc:4d:b9:6c:d4:67:b1:a0:35:f1:a4:
+ 94:30:25:9d:c2:16:d5:82:cd:a3:eb:fc:1c:44:b8:bb:44:ef:
+ 5f:00:bd:68:04:57:a6:5a:03:a6:fd:44:72:22:28:7f:e3:85:
+ 4a:0f:c6:45:a9:ae:8a:bd:b0:49:73:c3:e1:30:ad:c2:9f:f7:
+ 04:4d
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBITANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2gxLjRfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEu
-NF90YTMwHhcNMTEwMzIxMDA0OTMxWhcNMTMxMjE1MDA0OTMxWjB8MQswCQYDVQQG
+NF90YTMwHhcNMTEwNDExMjIzNzQ5WhcNMTQwMTA1MjIzNzQ5WjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoMS40X3RhMzEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoMS40X3RhMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-xrfcagajH1qYX80O8cNAvbOec2gWeKFe6aIMMmhW28ufuN2JwfN7uWEOnuH/rbND
-TcPJnppeWEhQe7f4IA5UzkxBuLJzCm/xDEA7gUqhQtoBas0DZaaD/ylBQEUx2f1/
-9OQJOJ9mqaTUmqWAap5DEcx6TxOEzH8h+UyT7NCc9lUCAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAlRZD+ffj
-dm9U/3R4BeSFrrCUctvw2Zn3bbb3NfPbxYdlD4hljwZv8tdfvk/gVgKO9dVCIkh0
-OyP5doI9sNZRzdl2vSJNbSTHd4nFnDip2/ErFhYR6WRx46Q0moPd1BQ4tr8GRrOm
-49mL6ctb4fvBMDSqzxpNZjlfBn45rG4Bgbc=
+rr7ibMm7ERoWkHJVjPXWZOctXxgnxx21bhCkirkOce/VBUIrEtp5UVgIKjfpPUeT
+Tw/SKymz3oQChqJ1QFnvJnvlI/LbkWLg1wgCTMgFv/H80xrLWfmGoH+ZyDoIgrpf
+T2LXdKUtPrgX1colC1k00PCg7DrMiuAiHfvQss9i2xMCAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAepJpqaXS
+QEZ4zyJ7XDZE5msAeKvK/0Wtd9eH/JJbIzzcJ8IP7v5A9DxGRo+GwZT/YDHbJAyc
+Rrv7xoBVYdxNuWzUZ7GgNfGklDAlncIW1YLNo+v8HES4u0TvXwC9aARXploDpv1E
+ciIof+OFSg/GRamuir2wSXPD4TCtwp/3BE0=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/23.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/23.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta4/emailAddress=ch1_ta4
Validity
- Not Before: Mar 21 00:49:32 2011 GMT
- Not After : Dec 15 00:49:32 2013 GMT
+ Not Before: Apr 11 22:37:50 2011 GMT
+ Not After : Jan 5 22:37:50 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1_ta4/emailAddress=cs1_ch1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:af:be:de:74:2a:a1:34:39:6a:e5:7d:9a:a5:a1:
- 4a:0c:e0:e5:4f:46:71:e4:5a:54:56:05:f1:ab:a5:
- 7e:17:b6:aa:d4:4e:9c:b7:46:fc:ef:9a:4a:f5:3b:
- 3b:b0:3a:67:d2:89:6d:3f:f7:6d:8d:59:1f:2b:b9:
- a4:55:08:b6:76:c5:2e:71:eb:f9:4a:43:7c:db:13:
- b2:a2:08:f3:b2:f1:1b:66:ef:ef:2d:a6:e6:0a:37:
- 8a:b3:f9:da:0c:fe:da:23:0c:ef:b6:88:a2:6d:62:
- 2d:76:42:5c:f3:2c:f8:3f:76:c3:e3:6e:f5:e4:3c:
- 6e:48:c6:2a:cd:c7:e8:d9:dd
+ 00:b2:8c:40:a3:36:97:32:f7:20:68:e2:f4:f5:76:
+ a3:13:03:4c:1e:32:7c:47:2f:16:32:14:4e:df:0b:
+ 7a:6a:22:54:78:cf:69:c9:ea:a7:e6:82:17:6a:31:
+ 11:38:7e:e4:f9:ed:be:a2:89:42:df:f4:df:f6:e4:
+ 23:bd:ad:4a:c2:ba:a3:a9:26:39:60:ee:02:07:74:
+ 25:6c:b0:7e:9f:6b:33:e1:e7:37:13:77:7b:a6:7f:
+ 4e:e8:75:61:d4:6b:89:19:6b:e5:a5:df:52:5c:71:
+ 25:37:d6:a7:e2:c8:7f:cd:4f:c4:44:b5:15:7c:62:
+ f3:d2:54:d2:9f:c5:99:7a:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,28 +29,28 @@
URI:http://localhost:12001/file/0/ch1_ta4_crl.pem
Signature Algorithm: sha256WithRSAEncryption
- ad:09:e5:e2:0a:c7:01:40:b0:d1:ff:83:9a:f7:b7:ac:58:00:
- dd:a3:36:24:fb:65:f7:85:68:90:86:67:fb:f4:7e:1e:dd:8e:
- b6:78:ff:a0:5a:12:2a:6f:2c:2b:c0:e3:d7:80:09:25:72:e0:
- 6b:3a:c3:e4:dd:72:76:05:05:b2:55:f2:38:3e:07:24:2d:47:
- 4a:db:b2:c6:4e:9c:c4:43:c9:95:23:44:61:db:da:d6:84:9c:
- 12:dd:63:87:99:7f:7b:00:aa:77:dd:50:76:66:a7:ea:7f:fc:
- e4:66:ae:08:d0:70:66:0f:23:d3:b4:cb:38:20:de:27:df:12:
- 3d:b5
+ 53:4e:93:21:c0:2f:46:e1:aa:bc:11:25:b1:ee:1a:6d:df:b8:
+ ef:5d:0e:59:3d:fb:1f:1e:62:83:66:98:cb:71:26:b9:87:df:
+ 49:5f:8e:fb:ec:d5:4d:70:d7:57:64:7a:58:08:54:dd:2a:86:
+ 26:b7:9b:a1:dd:1b:00:45:b3:c2:f9:8a:06:17:cf:28:c3:00:
+ 13:7a:6c:83:52:ea:a3:0e:6e:3e:1e:98:56:c4:68:d9:1f:99:
+ af:11:00:e5:5f:42:4d:54:4f:88:c4:43:ee:24:ee:ce:ce:17:
+ 9f:13:5a:f3:1c:e8:a6:76:7c:70:6e:63:1a:3b:52:1c:c0:83:
+ 01:7b
-----BEGIN CERTIFICATE-----
MIICrjCCAhegAwIBAgIBIzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhNDEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-NDAeFw0xMTAzMjEwMDQ5MzJaFw0xMzEyMTUwMDQ5MzJaMHgxCzAJBgNVBAYTAlVT
+NDAeFw0xMTA0MTEyMjM3NTBaFw0xNDAxMDUyMjM3NTBaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczFfY2gxX3RhNDEaMBgGCSqGSIb3DQEJARYL
-Y3MxX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK++3nQqoTQ5
-auV9mqWhSgzg5U9GceRaVFYF8aulfhe2qtROnLdG/O+aSvU7O7A6Z9KJbT/3bY1Z
-Hyu5pFUItnbFLnHr+UpDfNsTsqII87LxG2bv7y2m5go3irP52gz+2iMM77aIom1i
-LXZCXPMs+D92w+Nu9eQ8bkjGKs3H6NndAgMBAAGjUDBOMAwGA1UdEwEB/wQCMAAw
+Y3MxX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALKMQKM2lzL3
+IGji9PV2oxMDTB4yfEcvFjIUTt8LemoiVHjPacnqp+aCF2oxETh+5PntvqKJQt/0
+3/bkI72tSsK6o6kmOWDuAgd0JWywfp9rM+HnNxN3e6Z/Tuh1YdRriRlr5aXfUlxx
+JTfWp+LIf81PxES1FXxi89JU0p/FmXqtAgMBAAGjUDBOMAwGA1UdEwEB/wQCMAAw
PgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL2xvY2FsaG9zdDoxMjAwMS9maWxlLzAv
-Y2gxX3RhNF9jcmwucGVtMA0GCSqGSIb3DQEBCwUAA4GBAK0J5eIKxwFAsNH/g5r3
-t6xYAN2jNiT7ZfeFaJCGZ/v0fh7djrZ4/6BaEipvLCvA49eACSVy4Gs6w+TdcnYF
-BbJV8jg+ByQtR0rbssZOnMRDyZUjRGHb2taEnBLdY4eZf3sAqnfdUHZmp+p//ORm
-rgjQcGYPI9O0yzgg3iffEj21
+Y2gxX3RhNF9jcmwucGVtMA0GCSqGSIb3DQEBCwUAA4GBAFNOkyHAL0bhqrwRJbHu
+Gm3fuO9dDlk9+x8eYoNmmMtxJrmH30lfjvvs1U1w11dkelgIVN0qhia3m6HdGwBF
+s8L5igYXzyjDABN6bINS6qMObj4emFbEaNkfma8RAOVfQk1UT4jEQ+4k7s7OF58T
+WvMc6KZ2fHBuYxo7UhzAgwF7
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/24.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/24.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta4/emailAddress=ch1_ta4
Validity
- Not Before: Mar 21 00:49:33 2011 GMT
- Not After : Dec 15 00:49:33 2013 GMT
+ Not Before: Apr 11 22:37:50 2011 GMT
+ Not After : Jan 5 22:37:50 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs2_ch1_ta4/emailAddress=cs2_ch1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b9:d6:fb:d3:60:e9:bc:e3:70:c9:6d:1b:26:94:
- ae:f4:76:b6:aa:d8:ef:1a:b6:17:3c:f5:9c:35:8b:
- 28:55:c1:36:53:5a:1a:67:66:ee:34:4e:b7:f5:68:
- 8c:8a:1c:af:b4:52:c2:5b:22:d2:d6:0c:ad:d3:40:
- 89:a6:f5:d0:b9:12:1a:55:85:45:94:c6:3e:ac:b2:
- 51:8a:75:05:d5:60:c8:c0:f9:fb:d8:0b:0b:7c:ad:
- e1:b4:78:f4:fb:84:34:bb:1a:66:6e:e6:a6:90:4d:
- 40:88:32:13:c3:cb:76:ac:02:eb:bb:04:24:9b:c5:
- f8:b3:be:d1:44:ea:1f:f9:51
+ 00:bf:ac:9d:17:06:fb:0f:06:2b:8f:e1:70:02:28:
+ 81:03:f5:1f:f4:4a:41:87:c5:4c:e1:4c:5b:9d:89:
+ 2f:a2:d4:5e:1a:4b:b6:93:c7:10:41:d9:e9:e0:d5:
+ 43:64:9f:39:1d:c8:2a:93:52:23:08:92:78:a3:5f:
+ 3b:98:50:e8:72:3a:73:12:4f:99:4b:4d:0e:e8:5d:
+ 92:f3:0b:5d:78:f6:5b:4b:c8:36:23:e3:ca:ab:8a:
+ aa:52:33:d1:1e:61:d1:3e:91:5d:ee:38:bc:c4:0e:
+ ee:54:f9:aa:00:a3:51:55:95:7a:c0:7b:0e:b2:d8:
+ 55:9d:f8:ae:1f:32:a7:87:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 24:E7:DA:6E:C1:38:4D:41:8C:B0:C1:B2:D1:D2:C6:32:21:4F:57:52
+ 4E:1B:1F:2F:80:BA:AC:13:47:60:30:A5:43:F6:01:7D:54:3C:9B:24
X509v3 Authority Key Identifier:
- keyid:AB:0B:EF:CE:AA:F0:43:97:3A:CD:58:D0:D9:C2:F9:C4:EB:8D:7C:FF
+ keyid:2A:94:C1:FF:E0:11:A0:91:F1:71:46:35:9A:37:3C:BC:C4:21:4A:8F
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta4/emailAddress=ta4
serial:22
@@ -36,32 +36,32 @@
URI:http://localhost:12001/file/0/example_file
Signature Algorithm: sha256WithRSAEncryption
- 5e:7f:21:56:d9:dc:06:15:22:71:7c:3a:a6:37:dc:ba:e9:25:
- c1:9e:8a:14:31:71:74:9d:bf:db:dd:88:db:da:ff:b1:05:bc:
- 5b:1a:26:e0:f4:7d:c7:27:21:6c:e3:50:88:4f:2d:df:19:16:
- 11:bf:5a:8e:fe:d6:ee:2c:53:cf:76:46:90:df:d3:e7:8c:94:
- b1:b3:11:a8:4b:56:d3:22:85:13:39:92:cb:69:5f:3e:e6:66:
- de:b1:b7:b1:6b:a8:60:cd:05:0a:6d:42:4e:f5:17:5d:62:e8:
- f5:46:0a:51:3f:52:aa:aa:d6:a9:3a:6c:a9:af:98:da:fa:99:
- 74:c1
+ 6d:40:ad:c1:79:65:fc:25:80:f7:52:d5:6f:16:3c:b2:77:f8:
+ 35:e2:b5:d4:3c:49:f1:1c:02:d7:5a:61:aa:c2:c7:bd:53:4a:
+ 96:58:8e:3e:14:d3:38:89:43:70:f0:5c:73:e1:c0:36:5e:10:
+ 73:f4:93:c3:de:0c:61:49:be:2d:d0:1e:37:b4:03:49:a9:a4:
+ 37:42:77:6a:97:15:45:2f:7d:b2:dd:9d:b2:98:56:0a:70:14:
+ 83:ac:6f:e1:1e:97:31:9e:0a:30:ca:7d:5f:87:30:41:05:63:
+ 4b:38:cb:f0:c0:cd:4d:a6:d2:11:34:30:ba:f4:8a:74:73:70:
+ ee:45
-----BEGIN CERTIFICATE-----
MIIDYjCCAsugAwIBAgIBJDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhNDEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-NDAeFw0xMTAzMjEwMDQ5MzNaFw0xMzEyMTUwMDQ5MzNaMHgxCzAJBgNVBAYTAlVT
+NDAeFw0xMTA0MTEyMjM3NTBaFw0xNDAxMDUyMjM3NTBaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczJfY2gxX3RhNDEaMBgGCSqGSIb3DQEJARYL
-Y3MyX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALnW+9Ng6bzj
-cMltGyaUrvR2tqrY7xq2Fzz1nDWLKFXBNlNaGmdm7jROt/VojIocr7RSwlsi0tYM
-rdNAiab10LkSGlWFRZTGPqyyUYp1BdVgyMD5+9gLC3yt4bR49PuENLsaZm7mppBN
-QIgyE8PLdqwC67sEJJvF+LO+0UTqH/lRAgMBAAGjggECMIH/MB0GA1UdDgQWBBQk
-59puwThNQYywwbLR0sYyIU9XUjCBkgYDVR0jBIGKMIGHgBSrC+/OqvBDlzrNWNDZ
-wvnE6418/6FspGowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
+Y3MyX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL+snRcG+w8G
+K4/hcAIogQP1H/RKQYfFTOFMW52JL6LUXhpLtpPHEEHZ6eDVQ2SfOR3IKpNSIwiS
+eKNfO5hQ6HI6cxJPmUtNDuhdkvMLXXj2W0vINiPjyquKqlIz0R5h0T6RXe44vMQO
+7lT5qgCjUVWVesB7DrLYVZ34rh8yp4frAgMBAAGjggECMIH/MB0GA1UdDgQWBBRO
+Gx8vgLqsE0dgMKVD9gF9VDybJDCBkgYDVR0jBIGKMIGHgBQqlMH/4BGgkfFxRjWa
+Nzy8xCFKj6FspGowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
EzARBgNVBAcTCk1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAMTA3Rh
NDESMBAGCSqGSIb3DQEJARYDdGE0ggEiMAwGA1UdEwEB/wQCMAAwOwYDVR0fBDQw
MjAwoC6gLIYqaHR0cDovL2xvY2FsaG9zdDoxMjAwMS9maWxlLzAvZXhhbXBsZV9m
-aWxlMA0GCSqGSIb3DQEBCwUAA4GBAF5/IVbZ3AYVInF8OqY33LrpJcGeihQxcXSd
-v9vdiNva/7EFvFsaJuD0fccnIWzjUIhPLd8ZFhG/Wo7+1u4sU892RpDf0+eMlLGz
-EahLVtMihRM5kstpXz7mZt6xt7FrqGDNBQptQk71F11i6PVGClE/Uqqq1qk6bKmv
-mNr6mXTB
+aWxlMA0GCSqGSIb3DQEBCwUAA4GBAG1ArcF5ZfwlgPdS1W8WPLJ3+DXitdQ8SfEc
+AtdaYarCx71TSpZYjj4U0ziJQ3DwXHPhwDZeEHP0k8PeDGFJvi3QHje0A0mppDdC
+d2qXFUUvfbLdnbKYVgpwFIOsb+EelzGeCjDKfV+HMEEFY0s4y/DAzU2m0hE0MLr0
+inRzcO5F
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/25.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/25.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta4/emailAddress=ch1_ta4
Validity
- Not Before: Mar 21 00:49:33 2011 GMT
- Not After : Dec 15 00:49:33 2013 GMT
+ Not Before: Apr 11 22:37:50 2011 GMT
+ Not After : Jan 5 22:37:50 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs3_ch1_ta4/emailAddress=cs3_ch1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:aa:7f:01:31:5c:b9:d2:b5:8d:5c:1c:7f:e9:66:
- f3:6b:2f:68:cb:3c:8a:4b:28:5e:e6:fb:45:1a:75:
- d9:0e:cb:a3:41:19:05:05:dd:98:1d:51:f9:78:37:
- 2a:7f:fa:26:06:27:38:6d:8d:85:5a:b1:8d:08:6a:
- e2:ac:43:2f:44:f7:02:93:c9:89:c9:83:09:d1:04:
- 06:0a:2d:c7:28:fa:77:c9:24:7a:6a:44:ac:c6:dd:
- a2:a0:78:42:0d:d4:c0:5f:a1:b5:b6:e0:5a:f0:5f:
- 54:83:fe:5d:26:a2:93:3d:94:f8:eb:8b:1c:11:45:
- e8:e7:08:77:f4:ec:cd:94:d1
+ 00:c3:0c:75:ca:f7:a7:94:08:4a:72:f4:27:88:98:
+ 9f:d7:cc:7b:41:e4:54:86:11:d1:c2:d8:a1:ce:68:
+ b0:8f:6a:6e:78:bf:f9:08:c9:a3:44:99:27:24:da:
+ c2:76:e8:59:76:be:b2:04:46:1c:f4:1a:77:76:73:
+ cb:dd:53:b6:9f:c7:5e:04:0a:35:43:e1:5d:5d:62:
+ 9b:73:13:06:d3:96:8f:64:4e:34:0d:bf:31:33:3c:
+ 05:24:26:d7:71:a6:83:65:1f:cf:01:25:c1:87:49:
+ 35:b9:12:a1:9c:af:4c:4f:da:26:59:e4:13:ee:c1:
+ 72:52:1a:f5:49:84:92:18:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 54:C5:1A:1B:47:F4:1C:20:E1:32:B5:40:10:AB:8B:D6:40:28:99:08
+ 90:5E:20:89:14:A6:9B:2F:BD:21:FA:EC:07:E1:37:24:59:70:10:C1
X509v3 Authority Key Identifier:
- keyid:AB:0B:EF:CE:AA:F0:43:97:3A:CD:58:D0:D9:C2:F9:C4:EB:8D:7C:FF
+ keyid:2A:94:C1:FF:E0:11:A0:91:F1:71:46:35:9A:37:3C:BC:C4:21:4A:8F
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta4/emailAddress=ta4
serial:22
@@ -36,31 +36,31 @@
URI:foo://bar/baz
Signature Algorithm: sha256WithRSAEncryption
- 19:a0:c3:d1:c4:07:ec:73:8c:57:b0:5a:f9:29:b2:d0:89:62:
- 25:9a:f0:95:fc:dc:99:6d:d6:2d:d0:22:3f:64:14:af:c8:1f:
- 60:09:3e:ca:7b:2a:9a:32:71:bc:0c:85:24:81:15:14:b0:2a:
- 97:93:ee:e3:c8:6e:c6:5d:69:84:f2:27:49:45:06:18:8b:82:
- b8:ca:ad:6a:48:c2:4f:5a:1a:93:6d:f0:56:ca:60:9c:42:f6:
- 6e:9a:c8:a9:5b:ca:7f:c3:1c:96:9a:3a:60:2d:64:7a:29:1e:
- 59:c0:bc:63:ff:aa:1f:06:74:ce:26:81:cd:67:b6:b2:79:3d:
- 30:c0
+ 95:ab:fa:7f:38:e3:de:4d:db:7f:a4:ea:49:f6:99:0c:57:76:
+ 36:df:e3:68:50:0d:b7:af:78:ea:e4:07:ad:63:75:15:48:34:
+ ca:81:6a:0b:64:6d:c5:ca:9b:3b:a2:fd:dd:19:90:8f:d4:4d:
+ 35:a0:a2:18:84:bf:89:0d:22:cc:03:67:57:15:f7:70:16:2b:
+ f7:14:82:3e:a9:74:50:e5:22:11:13:5b:69:d1:d5:87:c2:44:
+ a6:b8:9c:73:d6:51:ec:20:89:1a:11:44:07:8f:e7:6d:df:a8:
+ 0f:5e:71:36:9c:7b:0b:e4:2b:5a:94:77:06:c6:fb:f7:e5:dc:
+ 77:a3
-----BEGIN CERTIFICATE-----
MIIDRDCCAq2gAwIBAgIBJTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhNDEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-NDAeFw0xMTAzMjEwMDQ5MzNaFw0xMzEyMTUwMDQ5MzNaMHgxCzAJBgNVBAYTAlVT
+NDAeFw0xMTA0MTEyMjM3NTBaFw0xNDAxMDUyMjM3NTBaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczNfY2gxX3RhNDEaMBgGCSqGSIb3DQEJARYL
-Y3MzX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKp/ATFcudK1
-jVwcf+lm82svaMs8iksoXub7RRp12Q7Lo0EZBQXdmB1R+Xg3Kn/6JgYnOG2NhVqx
-jQhq4qxDL0T3ApPJicmDCdEEBgotxyj6d8kkempErMbdoqB4Qg3UwF+htbbgWvBf
-VIP+XSaikz2U+OuLHBFF6OcId/TszZTRAgMBAAGjgeUwgeIwHQYDVR0OBBYEFFTF
-GhtH9Bwg4TK1QBCri9ZAKJkIMIGSBgNVHSMEgYowgYeAFKsL786q8EOXOs1Y0NnC
-+cTrjXz/oWykajBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTET
+Y3MzX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMMMdcr3p5QI
+SnL0J4iYn9fMe0HkVIYR0cLYoc5osI9qbni/+QjJo0SZJyTawnboWXa+sgRGHPQa
+d3Zzy91Ttp/HXgQKNUPhXV1im3MTBtOWj2RONA2/MTM8BSQm13Gmg2UfzwElwYdJ
+NbkSoZyvTE/aJlnkE+7BclIa9UmEkhg7AgMBAAGjgeUwgeIwHQYDVR0OBBYEFJBe
+IIkUppsvvSH67AfhNyRZcBDBMIGSBgNVHSMEgYowgYeAFCqUwf/gEaCR8XFGNZo3
+PLzEIUqPoWykajBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTET
MBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTEMMAoGA1UEAxMDdGE0
MRIwEAYJKoZIhvcNAQkBFgN0YTSCASIwDAYDVR0TAQH/BAIwADAeBgNVHR8EFzAV
-MBOgEaAPhg1mb286Ly9iYXIvYmF6MA0GCSqGSIb3DQEBCwUAA4GBABmgw9HEB+xz
-jFewWvkpstCJYiWa8JX83Jlt1i3QIj9kFK/IH2AJPsp7KpoycbwMhSSBFRSwKpeT
-7uPIbsZdaYTyJ0lFBhiLgrjKrWpIwk9aGpNt8FbKYJxC9m6ayKlbyn/DHJaaOmAt
-ZHopHlnAvGP/qh8GdM4mgc1ntrJ5PTDA
+MBOgEaAPhg1mb286Ly9iYXIvYmF6MA0GCSqGSIb3DQEBCwUAA4GBAJWr+n84495N
+23+k6kn2mQxXdjbf42hQDbeveOrkB61jdRVINMqBagtkbcXKmzui/d0ZkI/UTTWg
+ohiEv4kNIswDZ1cV93AWK/cUgj6pdFDlIhETW2nR1YfCRKa4nHPWUewgiRoRRAeP
+523fqA9ecTacewvkK1qUdwbG+/fl3Hej
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/27.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/27.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.1_ta4/emailAddress=ch1.1_ta4
Validity
- Not Before: Mar 21 00:49:33 2011 GMT
- Not After : Dec 15 00:49:33 2013 GMT
+ Not Before: Apr 11 22:37:51 2011 GMT
+ Not After : Jan 5 22:37:51 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1.1_ta4/emailAddress=cs1_ch1.1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b1:85:77:87:f1:8e:bc:79:3e:8c:58:50:41:f3:
- e8:26:07:80:e2:80:5f:41:ab:2c:fe:15:60:5e:fc:
- 50:47:ba:19:65:e0:4e:42:28:18:67:61:55:3f:a4:
- 3f:e8:e0:10:60:7d:94:72:d7:e7:25:43:61:16:29:
- 06:7c:7f:e2:a6:c7:b7:ec:b5:9f:bf:98:8a:e7:f3:
- 55:7f:8e:d9:2a:c7:ac:be:f3:0a:4e:90:39:fd:a3:
- 9e:b1:2b:dd:cf:fc:61:d0:cb:b6:52:7e:34:eb:8b:
- 01:6c:a9:cd:37:75:ae:2f:7c:61:6c:a0:c6:53:6a:
- a6:1a:24:cd:93:72:ec:94:cf
+ 00:ad:e1:a3:b5:65:8f:6f:53:61:4b:15:7a:d7:c6:
+ 0a:a3:b0:ee:20:0b:11:d7:9c:99:ad:63:e4:8d:22:
+ 6d:13:7b:10:d3:73:fa:a8:0a:14:44:3d:fb:88:be:
+ d1:27:79:d8:6b:b1:ba:8a:35:29:2d:99:21:3b:65:
+ 20:d5:3d:bf:e6:fc:b6:01:e2:b3:8d:f5:9f:73:63:
+ ca:48:9b:92:d6:34:84:fb:7c:87:1e:f5:8e:48:bd:
+ 96:5c:ce:e0:69:ab:f4:17:e5:22:1a:68:81:15:40:
+ 52:75:c5:b0:47:16:93:23:8b:4d:59:10:d0:e3:46:
+ 3e:ab:fd:09:6a:69:fc:6f:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,28 +29,28 @@
URI:http://localhost:12001/file/0/ch1.1_ta4_crl.pem
Signature Algorithm: sha256WithRSAEncryption
- a5:fb:3c:71:a7:fb:45:a2:a5:f0:42:3a:9f:25:40:e5:d1:c6:
- 03:90:a0:4b:ca:83:21:8c:fc:3f:53:9c:1a:2e:bf:69:28:0d:
- f1:bb:fd:bc:b8:66:5a:b9:c8:59:1e:1a:94:8a:c8:07:14:23:
- f8:ec:a3:40:c8:67:aa:ae:bf:a3:f4:13:bc:80:76:f0:8b:5c:
- 99:99:e3:f2:0a:7d:a0:5b:24:16:a1:64:02:f1:5c:2c:1c:9a:
- f0:6d:9e:20:6d:54:2b:d7:5e:84:1d:a6:85:e2:17:1f:ed:cb:
- 82:96:1b:f4:1d:c5:2f:ee:cd:5c:19:6b:59:25:1e:c6:a5:51:
- 9e:74
+ 57:fb:2f:75:3a:7a:68:6d:65:67:9a:c0:28:9e:c8:12:bf:b5:
+ 63:c2:b8:9e:d0:78:07:6a:91:69:9f:a2:93:e1:90:8b:5a:25:
+ ec:3f:37:25:93:a2:f6:58:91:f1:f5:1a:67:44:2a:aa:ee:6e:
+ 7c:dd:02:5c:82:8d:4e:7f:ea:de:42:0a:ef:83:c2:ec:78:74:
+ db:a8:e1:ba:0d:b8:e8:2a:b1:9b:d8:c6:df:28:75:34:85:78:
+ 7d:f2:dd:68:63:63:4f:18:8e:66:65:73:1c:30:b0:a9:9e:df:
+ ae:ef:be:d2:99:28:bd:2c:9e:d9:d8:20:06:49:89:bb:0c:8c:
+ 00:0e
-----BEGIN CERTIFICATE-----
MIICuDCCAiGgAwIBAgIBJzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2gxLjFfdGE0MRgwFgYJKoZIhvcNAQkBFgljaDEu
-MV90YTQwHhcNMTEwMzIxMDA0OTMzWhcNMTMxMjE1MDA0OTMzWjB8MQswCQYDVQQG
+MV90YTQwHhcNMTEwNDExMjIzNzUxWhcNMTQwMTA1MjIzNzUxWjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoMS4xX3RhNDEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoMS4xX3RhNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-sYV3h/GOvHk+jFhQQfPoJgeA4oBfQass/hVgXvxQR7oZZeBOQigYZ2FVP6Q/6OAQ
-YH2UctfnJUNhFikGfH/ipse37LWfv5iK5/NVf47ZKsesvvMKTpA5/aOesSvdz/xh
-0Mu2Un4064sBbKnNN3WuL3xhbKDGU2qmGiTNk3LslM8CAwEAAaNSMFAwDAYDVR0T
+reGjtWWPb1NhSxV618YKo7DuIAsR15yZrWPkjSJtE3sQ03P6qAoURD37iL7RJ3nY
+a7G6ijUpLZkhO2Ug1T2/5vy2AeKzjfWfc2PKSJuS1jSE+3yHHvWOSL2WXM7gaav0
+F+UiGmiBFUBSdcWwRxaTI4tNWRDQ40Y+q/0Jamn8b50CAwEAAaNSMFAwDAYDVR0T
AQH/BAIwADBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vbG9jYWxob3N0OjEyMDAx
-L2ZpbGUvMC9jaDEuMV90YTRfY3JsLnBlbTANBgkqhkiG9w0BAQsFAAOBgQCl+zxx
-p/tFoqXwQjqfJUDl0cYDkKBLyoMhjPw/U5waLr9pKA3xu/28uGZauchZHhqUisgH
-FCP47KNAyGeqrr+j9BO8gHbwi1yZmePyCn2gWyQWoWQC8VwsHJrwbZ4gbVQr116E
-HaaF4hcf7cuClhv0HcUv7s1cGWtZJR7GpVGedA==
+L2ZpbGUvMC9jaDEuMV90YTRfY3JsLnBlbTANBgkqhkiG9w0BAQsFAAOBgQBX+y91
+OnpobWVnmsAonsgSv7Vjwrie0HgHapFpn6KT4ZCLWiXsPzclk6L2WJHx9RpnRCqq
+7m583QJcgo1Of+reQgrvg8LseHTbqOG6DbjoKrGb2MbfKHU0hXh98t1oY2NPGI5m
+ZXMcMLCpnt+u777SmSi9LJ7Z2CAGSYm7DIwADg==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/29.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/29.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta5/emailAddress=ch1_ta5
Validity
- Not Before: Mar 21 00:49:34 2011 GMT
- Not After : Dec 15 00:49:34 2013 GMT
+ Not Before: Apr 11 22:37:52 2011 GMT
+ Not After : Jan 5 22:37:52 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1_ta5/emailAddress=cs1_ch1_ta5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:9f:3b:31:69:28:44:86:2e:06:eb:0a:fe:f8:f4:
- a4:e0:ab:ea:c9:9e:9a:9e:c6:57:9d:c8:31:20:ec:
- 20:d8:02:77:14:98:d9:34:9b:cd:4e:ab:20:bf:a8:
- fb:2f:e3:09:fe:5c:93:8b:41:b9:2f:f6:22:a8:29:
- ba:a3:5e:6a:73:47:cc:f1:45:cf:36:c1:90:9b:ee:
- b9:d0:e7:d3:cc:c1:9e:34:02:03:67:78:81:41:9c:
- e6:3a:b5:62:a4:01:af:b1:71:4a:e9:29:ec:15:2a:
- d7:cc:04:a5:f7:55:11:c3:b8:6e:5d:0f:7a:18:4a:
- 4c:db:d6:34:37:aa:3d:d5:53
+ 00:bc:a1:03:22:dd:57:7e:99:4b:58:8c:04:98:41:
+ f9:77:26:01:6f:24:72:d0:7f:82:33:d5:8f:5f:a6:
+ 20:6c:02:b2:2c:56:8d:4d:fc:0d:a6:19:29:23:2f:
+ 88:8c:67:49:c3:e9:90:a6:17:0e:1a:62:28:44:49:
+ 68:80:aa:5e:24:e0:97:38:58:45:c1:45:59:38:e0:
+ 33:00:7c:65:63:b9:ea:a1:81:d0:92:5f:fe:50:1b:
+ 92:85:79:c9:91:96:51:0a:bf:1c:c8:a6:52:4f:b0:
+ 3e:1c:08:09:3b:a1:6a:af:ef:40:7b:df:8b:e3:bd:
+ de:41:9c:1b:9b:f7:85:9c:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 6f:c1:70:68:66:e9:5f:02:f8:f2:9e:60:dc:51:56:4f:32:ee:
- 62:72:8d:cb:3e:19:ea:03:1e:92:2a:b4:84:a0:b6:ee:0e:c4:
- f3:87:b5:75:bd:91:17:96:fe:44:55:0e:33:99:ef:bb:7e:f8:
- 83:a4:df:e8:90:c1:fe:ef:96:05:aa:c8:ce:6e:38:1b:d1:af:
- 90:0d:88:21:7e:e6:58:ad:b6:b6:8c:8a:c4:9b:ec:19:1e:55:
- c2:9f:03:e4:47:49:46:c5:a9:79:78:8f:fa:b5:c6:aa:bc:f0:
- c2:cb:6a:f0:d7:76:b4:0e:b4:6b:20:53:55:15:1a:39:a7:3f:
- 1a:bd
+ 9f:43:a8:af:30:0a:8a:ca:fb:ac:58:e1:f7:d4:76:f6:08:2d:
+ b3:3a:cb:62:48:90:06:6e:bb:d3:7f:cc:3c:cc:57:3f:88:87:
+ a1:fd:d1:db:5a:a1:73:c6:c5:5a:d9:b9:bc:ba:43:43:ee:bf:
+ 6b:c5:bc:5c:a3:2a:a4:01:9b:2f:60:b0:86:99:00:d4:1b:d6:
+ 74:22:e8:9a:8e:06:b3:4e:33:34:3c:f4:96:ab:58:66:68:f1:
+ f4:75:a4:09:2e:4c:15:17:6d:9f:e0:e9:9f:45:4c:1f:24:7f:
+ b7:af:70:76:4c:38:20:8e:00:6e:eb:bf:84:e7:6f:b0:98:b7:
+ 4a:67
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBKTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhNTEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-NTAeFw0xMTAzMjEwMDQ5MzRaFw0xMzEyMTUwMDQ5MzRaMHgxCzAJBgNVBAYTAlVT
+NTAeFw0xMTA0MTEyMjM3NTJaFw0xNDAxMDUyMjM3NTJaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczFfY2gxX3RhNTEaMBgGCSqGSIb3DQEJARYL
-Y3MxX2NoMV90YTUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ87MWkoRIYu
-BusK/vj0pOCr6smemp7GV53IMSDsINgCdxSY2TSbzU6rIL+o+y/jCf5ck4tBuS/2
-IqgpuqNeanNHzPFFzzbBkJvuudDn08zBnjQCA2d4gUGc5jq1YqQBr7FxSukp7BUq
-18wEpfdVEcO4bl0PehhKTNvWNDeqPdVTAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBAG/BcGhm6V8C+PKeYNxR
-Vk8y7mJyjcs+GeoDHpIqtISgtu4OxPOHtXW9kReW/kRVDjOZ77t++IOk3+iQwf7v
-lgWqyM5uOBvRr5ANiCF+5littraMisSb7BkeVcKfA+RHSUbFqXl4j/q1xqq88MLL
-avDXdrQOtGsgU1UVGjmnPxq9
+Y3MxX2NoMV90YTUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALyhAyLdV36Z
+S1iMBJhB+XcmAW8kctB/gjPVj1+mIGwCsixWjU38DaYZKSMviIxnScPpkKYXDhpi
+KERJaICqXiTglzhYRcFFWTjgMwB8ZWO56qGB0JJf/lAbkoV5yZGWUQq/HMimUk+w
+PhwICTuhaq/vQHvfi+O93kGcG5v3hZwlAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBAJ9DqK8wCorK+6xY4ffU
+dvYILbM6y2JIkAZuu9N/zDzMVz+Ih6H90dtaoXPGxVrZuby6Q0Puv2vFvFyjKqQB
+my9gsIaZANQb1nQi6JqOBrNOMzQ89JarWGZo8fR1pAkuTBUXbZ/g6Z9FTB8kf7ev
+cHZMOCCOAG7rv4Tnb7CYt0pn
-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/2A.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,54 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 42 (0x2a)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta6, CN=localhost/emailAddress=ta6
+ Validity
+ Not Before: Apr 11 22:37:54 2011 GMT
+ Not After : Jan 5 22:37:54 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=cs1_ta6, CN=localhost/emailAddress=cs1_ta6
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e1:f0:66:24:db:fa:5f:00:b6:c4:f6:63:f0:51:
+ 7d:49:f9:92:71:e1:b3:8c:e7:fc:e9:e4:4f:79:76:
+ 52:51:06:65:c1:5f:d4:51:26:30:46:c9:70:98:5a:
+ c5:a9:9e:6a:67:24:25:7a:68:5b:63:af:90:e7:b1:
+ fb:42:f9:15:9c:d4:41:c6:90:fd:c3:d3:d7:cf:fe:
+ 00:c6:39:cb:6c:ae:9c:cb:74:c4:b6:1f:be:1b:58:
+ 9f:c9:8a:33:66:ec:32:08:fc:d9:23:e1:29:e2:f3:
+ 3e:3d:53:a7:78:e7:69:49:2b:39:72:8b:74:33:46:
+ b1:f7:3b:26:4f:8d:06:64:e7
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ 6b:e1:7e:83:a6:a1:f8:46:a6:85:bb:c7:25:20:83:bb:b4:e0:
+ 58:63:36:5a:97:1c:4c:76:24:a2:9d:c3:45:73:1f:22:39:97:
+ 2c:47:b1:f5:3e:ac:b4:00:6d:c5:32:49:0c:83:e9:94:44:fa:
+ d6:e1:2d:a7:ae:66:34:9c:85:3e:a4:43:af:c0:2a:6c:f9:22:
+ 64:d2:bb:54:67:e8:99:df:41:f2:7c:87:77:67:b5:3d:14:37:
+ 75:32:56:69:21:f2:53:f2:d2:83:a1:fc:c0:3d:b5:4e:b5:d8:
+ 06:d8:4e:71:f8:cc:3c:3a:93:a4:a0:05:a3:4f:7b:b1:83:21:
+ 96:60
+-----BEGIN CERTIFICATE-----
+MIIClzCCAgCgAwIBAgIBKjANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
+ChMEcGtnNTEMMAoGA1UECxMDdGE2MRIwEAYDVQQDEwlsb2NhbGhvc3QxEjAQBgkq
+hkiG9w0BCQEWA3RhNjAeFw0xMTA0MTEyMjM3NTRaFw0xNDAxMDUyMjM3NTRaMIGE
+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
+bG8gUGFyazENMAsGA1UEChMEcGtnNTEQMA4GA1UECxQHY3MxX3RhNjESMBAGA1UE
+AxMJbG9jYWxob3N0MRYwFAYJKoZIhvcNAQkBFgdjczFfdGE2MIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDh8GYk2/pfALbE9mPwUX1J+ZJx4bOM5/zp5E95dlJR
+BmXBX9RRJjBGyXCYWsWpnmpnJCV6aFtjr5DnsftC+RWc1EHGkP3D09fP/gDGOcts
+rpzLdMS2H74bWJ/JijNm7DII/Nkj4Sni8z49U6d452lJKzlyi3QzRrH3OyZPjQZk
+5wIDAQABoyAwHjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
+9w0BAQsFAAOBgQBr4X6DpqH4RqaFu8clIIO7tOBYYzZalxxMdiSincNFcx8iOZcs
+R7H1Pqy0AG3FMkkMg+mURPrW4S2nrmY0nIU+pEOvwCps+SJk0rtUZ+iZ30HyfId3
+Z7U9FDd1MlZpIfJT8tKDofzAPbVOtdgG2E5x+Mw8OpOkoAWjT3uxgyGWYA==
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/2B.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,54 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 43 (0x2b)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta7, CN=localhost/emailAddress=ta7
+ Validity
+ Not Before: Apr 11 22:37:54 2011 GMT
+ Not After : Jan 5 22:37:54 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=cs1_ta7, CN=localhost/emailAddress=cs1_ta7
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c1:8e:b8:0a:bd:17:40:c0:8d:b3:6f:c3:ca:97:
+ ca:b0:b6:95:01:9c:d8:a0:f3:9f:af:2e:c8:3f:0b:
+ 54:f3:f0:c6:ae:41:d0:b5:73:4d:6e:b3:93:f9:58:
+ 99:86:b4:66:21:2d:9f:78:ad:47:eb:81:78:5d:21:
+ 2e:19:38:7a:73:64:5e:c9:8f:5c:1c:f5:92:b9:5f:
+ 2f:f3:de:e7:a3:8c:8a:cb:d1:b2:00:ed:7c:24:a8:
+ 10:d2:2c:eb:32:7c:48:23:fe:c2:9d:41:b5:07:d7:
+ 52:aa:e9:20:d3:2a:63:60:c4:1a:60:27:05:28:ae:
+ 4f:88:fd:ba:8e:ff:02:c7:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ b5:06:5c:d4:ad:4f:c3:e4:99:0c:07:e7:dd:33:09:94:42:7d:
+ 8a:c8:04:56:c8:63:a0:be:4b:a7:60:52:e4:13:ef:82:bd:ce:
+ 9f:4f:91:ee:e8:0e:09:35:e6:eb:c2:e3:da:78:8d:4e:a2:b4:
+ e5:f0:4c:99:29:02:0f:a8:b8:49:56:f8:d9:a3:4b:c7:bb:ce:
+ ba:63:78:ed:36:f9:34:6a:b8:9d:06:9b:ff:5e:e9:48:0e:b3:
+ 39:d7:64:e5:c9:28:c8:3c:8f:42:52:08:56:ad:6d:f0:63:aa:
+ 30:45:d4:40:17:34:be:24:4e:21:7a:b5:b3:2a:c7:ce:75:1b:
+ a5:eb
+-----BEGIN CERTIFICATE-----
+MIIClzCCAgCgAwIBAgIBKzANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
+ChMEcGtnNTEMMAoGA1UECxMDdGE3MRIwEAYDVQQDEwlsb2NhbGhvc3QxEjAQBgkq
+hkiG9w0BCQEWA3RhNzAeFw0xMTA0MTEyMjM3NTRaFw0xNDAxMDUyMjM3NTRaMIGE
+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
+bG8gUGFyazENMAsGA1UEChMEcGtnNTEQMA4GA1UECxQHY3MxX3RhNzESMBAGA1UE
+AxMJbG9jYWxob3N0MRYwFAYJKoZIhvcNAQkBFgdjczFfdGE3MIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDBjrgKvRdAwI2zb8PKl8qwtpUBnNig85+vLsg/C1Tz
+8MauQdC1c01us5P5WJmGtGYhLZ94rUfrgXhdIS4ZOHpzZF7Jj1wc9ZK5Xy/z3uej
+jIrL0bIA7XwkqBDSLOsyfEgj/sKdQbUH11Kq6SDTKmNgxBpgJwUork+I/bqO/wLH
+RwIDAQABoyAwHjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
+9w0BAQsFAAOBgQC1BlzUrU/D5JkMB+fdMwmUQn2KyARWyGOgvkunYFLkE++Cvc6f
+T5Hu6A4JNebrwuPaeI1OorTl8EyZKQIPqLhJVvjZo0vHu866Y3jtNvk0aridBpv/
+XulIDrM512TlySjIPI9CUghWrW3wY6owRdRAFzS+JE4herWzKsfOdRul6w==
+-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.1_ta3/emailAddress=ch1.1_ta3
Validity
- Not Before: Mar 21 00:49:29 2011 GMT
- Not After : Dec 15 00:49:29 2013 GMT
+ Not Before: Apr 11 22:37:47 2011 GMT
+ Not After : Jan 5 22:37:47 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1.1_ta3/emailAddress=cs1_ch1.1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:9e:9e:a5:8e:28:f4:bd:9e:0d:46:b9:af:dc:80:
- 5a:72:49:2f:c8:27:3c:66:ba:13:cb:57:04:0c:0b:
- a1:71:e2:a0:97:ba:08:79:8c:43:8a:c8:49:5c:8d:
- a9:b9:79:11:17:68:ea:ca:01:1b:68:0f:98:f6:86:
- eb:e6:3f:d6:c8:96:a0:b8:5b:93:89:9c:d7:bc:b7:
- 62:80:68:74:f8:bd:76:33:77:7c:13:ea:f3:53:dc:
- 30:ce:80:46:93:51:2e:6a:49:bd:bd:48:a7:44:0b:
- bf:a2:f7:79:b1:34:27:72:b0:e7:1e:13:3e:ec:0e:
- 7e:bf:00:eb:e3:ac:77:62:1f
+ 00:eb:05:16:da:3a:66:0f:5c:d8:26:83:38:fa:4f:
+ 60:0f:8c:42:06:b6:45:be:2e:ca:6c:fd:d8:a7:5f:
+ 14:70:e9:04:ee:f2:c7:40:b2:28:f4:d9:99:65:b0:
+ 2e:a2:e6:2c:df:42:72:12:92:ca:c1:6e:4d:2f:76:
+ 41:aa:22:bc:8d:f4:e8:40:78:61:b5:92:a7:43:ef:
+ 1c:55:19:31:a8:45:23:0f:b6:d5:32:44:35:dd:78:
+ d4:f1:80:39:68:d1:ac:c1:4d:18:e2:e5:4d:eb:a9:
+ cb:95:51:6c:c7:3a:50:ba:d3:4a:dc:7d:21:ad:ee:
+ 5a:36:5b:ce:34:1c:58:a7:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- ac:d1:6e:7d:ab:d7:f2:e1:83:3d:79:74:3f:c3:64:61:81:b0:
- 68:84:57:1d:3a:21:e4:93:ac:82:e2:11:e0:15:c6:bb:a1:b9:
- 7f:59:96:00:63:31:99:e9:77:d9:b1:cd:b5:87:3d:1e:96:ab:
- c1:1b:90:05:1c:b2:0b:f3:42:26:87:61:79:a7:0f:dc:fb:f3:
- e6:4f:65:ff:a1:2b:64:06:9e:82:82:45:a3:4f:0b:3c:67:31:
- c2:ea:6f:dd:06:d3:b5:a0:e0:d1:a0:a9:fd:1e:cb:e2:0b:82:
- 7d:aa:08:5f:bd:12:18:d4:1d:77:7e:35:1c:6e:67:68:bb:0b:
- a4:2c
+ 1d:bc:1d:73:ed:03:34:4b:73:87:24:58:03:61:5a:67:fc:64:
+ f5:5e:a0:db:84:be:f0:9d:91:37:36:fc:db:86:90:99:3a:c3:
+ 07:23:07:90:e5:5a:68:97:8f:b1:e8:d1:57:e5:a8:7e:b0:19:
+ 2b:b6:25:b0:42:56:da:0c:3c:a9:82:4d:af:8f:f0:b7:c0:c3:
+ d7:d2:4d:9f:c9:40:5c:72:c4:95:86:de:28:5d:64:fe:7d:fd:
+ 3d:51:33:90:7b:c0:9f:2b:5c:2f:36:29:a8:72:4f:4f:ad:44:
+ 0a:d5:b4:fe:1f:d4:01:82:07:ed:36:81:8b:b3:1d:1d:42:ab:
+ 53:bc
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBGzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2gxLjFfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEu
-MV90YTMwHhcNMTEwMzIxMDA0OTI5WhcNMTMxMjE1MDA0OTI5WjB8MQswCQYDVQQG
+MV90YTMwHhcNMTEwNDExMjIzNzQ3WhcNMTQwMTA1MjIzNzQ3WjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoMS4xX3RhMzEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoMS4xX3RhMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-np6ljij0vZ4NRrmv3IBackkvyCc8ZroTy1cEDAuhceKgl7oIeYxDishJXI2puXkR
-F2jqygEbaA+Y9obr5j/WyJaguFuTiZzXvLdigGh0+L12M3d8E+rzU9wwzoBGk1Eu
-akm9vUinRAu/ovd5sTQncrDnHhM+7A5+vwDr46x3Yh8CAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEArNFufavX
-8uGDPXl0P8NkYYGwaIRXHToh5JOsguIR4BXGu6G5f1mWAGMxmel32bHNtYc9Hpar
-wRuQBRyyC/NCJodheacP3Pvz5k9l/6ErZAaegoJFo08LPGcxwupv3QbTtaDg0aCp
-/R7L4guCfaoIX70SGNQdd341HG5naLsLpCw=
+6wUW2jpmD1zYJoM4+k9gD4xCBrZFvi7KbP3Yp18UcOkE7vLHQLIo9NmZZbAuouYs
+30JyEpLKwW5NL3ZBqiK8jfToQHhhtZKnQ+8cVRkxqEUjD7bVMkQ13XjU8YA5aNGs
+wU0Y4uVN66nLlVFsxzpQutNK3H0hre5aNlvONBxYp9MCAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAHbwdc+0D
+NEtzhyRYA2FaZ/xk9V6g24S+8J2RNzb824aQmTrDByMHkOVaaJePsejRV+WofrAZ
+K7YlsEJW2gw8qYJNr4/wt8DD19JNn8lAXHLElYbeKF1k/n39PVEzkHvAnytcLzYp
+qHJPT61ECtW0/h/UAYIH7TaBi7MdHUKrU7w=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.1_ta4_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.1_ta4_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.1_ta4/emailAddress=ch1.1_ta4
Validity
- Not Before: Mar 21 00:49:33 2011 GMT
- Not After : Dec 15 00:49:33 2013 GMT
+ Not Before: Apr 11 22:37:51 2011 GMT
+ Not After : Jan 5 22:37:51 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1.1_ta4/emailAddress=cs1_ch1.1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b1:85:77:87:f1:8e:bc:79:3e:8c:58:50:41:f3:
- e8:26:07:80:e2:80:5f:41:ab:2c:fe:15:60:5e:fc:
- 50:47:ba:19:65:e0:4e:42:28:18:67:61:55:3f:a4:
- 3f:e8:e0:10:60:7d:94:72:d7:e7:25:43:61:16:29:
- 06:7c:7f:e2:a6:c7:b7:ec:b5:9f:bf:98:8a:e7:f3:
- 55:7f:8e:d9:2a:c7:ac:be:f3:0a:4e:90:39:fd:a3:
- 9e:b1:2b:dd:cf:fc:61:d0:cb:b6:52:7e:34:eb:8b:
- 01:6c:a9:cd:37:75:ae:2f:7c:61:6c:a0:c6:53:6a:
- a6:1a:24:cd:93:72:ec:94:cf
+ 00:ad:e1:a3:b5:65:8f:6f:53:61:4b:15:7a:d7:c6:
+ 0a:a3:b0:ee:20:0b:11:d7:9c:99:ad:63:e4:8d:22:
+ 6d:13:7b:10:d3:73:fa:a8:0a:14:44:3d:fb:88:be:
+ d1:27:79:d8:6b:b1:ba:8a:35:29:2d:99:21:3b:65:
+ 20:d5:3d:bf:e6:fc:b6:01:e2:b3:8d:f5:9f:73:63:
+ ca:48:9b:92:d6:34:84:fb:7c:87:1e:f5:8e:48:bd:
+ 96:5c:ce:e0:69:ab:f4:17:e5:22:1a:68:81:15:40:
+ 52:75:c5:b0:47:16:93:23:8b:4d:59:10:d0:e3:46:
+ 3e:ab:fd:09:6a:69:fc:6f:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,28 +29,28 @@
URI:http://localhost:12001/file/0/ch1.1_ta4_crl.pem
Signature Algorithm: sha256WithRSAEncryption
- a5:fb:3c:71:a7:fb:45:a2:a5:f0:42:3a:9f:25:40:e5:d1:c6:
- 03:90:a0:4b:ca:83:21:8c:fc:3f:53:9c:1a:2e:bf:69:28:0d:
- f1:bb:fd:bc:b8:66:5a:b9:c8:59:1e:1a:94:8a:c8:07:14:23:
- f8:ec:a3:40:c8:67:aa:ae:bf:a3:f4:13:bc:80:76:f0:8b:5c:
- 99:99:e3:f2:0a:7d:a0:5b:24:16:a1:64:02:f1:5c:2c:1c:9a:
- f0:6d:9e:20:6d:54:2b:d7:5e:84:1d:a6:85:e2:17:1f:ed:cb:
- 82:96:1b:f4:1d:c5:2f:ee:cd:5c:19:6b:59:25:1e:c6:a5:51:
- 9e:74
+ 57:fb:2f:75:3a:7a:68:6d:65:67:9a:c0:28:9e:c8:12:bf:b5:
+ 63:c2:b8:9e:d0:78:07:6a:91:69:9f:a2:93:e1:90:8b:5a:25:
+ ec:3f:37:25:93:a2:f6:58:91:f1:f5:1a:67:44:2a:aa:ee:6e:
+ 7c:dd:02:5c:82:8d:4e:7f:ea:de:42:0a:ef:83:c2:ec:78:74:
+ db:a8:e1:ba:0d:b8:e8:2a:b1:9b:d8:c6:df:28:75:34:85:78:
+ 7d:f2:dd:68:63:63:4f:18:8e:66:65:73:1c:30:b0:a9:9e:df:
+ ae:ef:be:d2:99:28:bd:2c:9e:d9:d8:20:06:49:89:bb:0c:8c:
+ 00:0e
-----BEGIN CERTIFICATE-----
MIICuDCCAiGgAwIBAgIBJzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2gxLjFfdGE0MRgwFgYJKoZIhvcNAQkBFgljaDEu
-MV90YTQwHhcNMTEwMzIxMDA0OTMzWhcNMTMxMjE1MDA0OTMzWjB8MQswCQYDVQQG
+MV90YTQwHhcNMTEwNDExMjIzNzUxWhcNMTQwMTA1MjIzNzUxWjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoMS4xX3RhNDEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoMS4xX3RhNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-sYV3h/GOvHk+jFhQQfPoJgeA4oBfQass/hVgXvxQR7oZZeBOQigYZ2FVP6Q/6OAQ
-YH2UctfnJUNhFikGfH/ipse37LWfv5iK5/NVf47ZKsesvvMKTpA5/aOesSvdz/xh
-0Mu2Un4064sBbKnNN3WuL3xhbKDGU2qmGiTNk3LslM8CAwEAAaNSMFAwDAYDVR0T
+reGjtWWPb1NhSxV618YKo7DuIAsR15yZrWPkjSJtE3sQ03P6qAoURD37iL7RJ3nY
+a7G6ijUpLZkhO2Ug1T2/5vy2AeKzjfWfc2PKSJuS1jSE+3yHHvWOSL2WXM7gaav0
+F+UiGmiBFUBSdcWwRxaTI4tNWRDQ40Y+q/0Jamn8b50CAwEAAaNSMFAwDAYDVR0T
AQH/BAIwADBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vbG9jYWxob3N0OjEyMDAx
-L2ZpbGUvMC9jaDEuMV90YTRfY3JsLnBlbTANBgkqhkiG9w0BAQsFAAOBgQCl+zxx
-p/tFoqXwQjqfJUDl0cYDkKBLyoMhjPw/U5waLr9pKA3xu/28uGZauchZHhqUisgH
-FCP47KNAyGeqrr+j9BO8gHbwi1yZmePyCn2gWyQWoWQC8VwsHJrwbZ4gbVQr116E
-HaaF4hcf7cuClhv0HcUv7s1cGWtZJR7GpVGedA==
+L2ZpbGUvMC9jaDEuMV90YTRfY3JsLnBlbTANBgkqhkiG9w0BAQsFAAOBgQBX+y91
+OnpobWVnmsAonsgSv7Vjwrie0HgHapFpn6KT4ZCLWiXsPzclk6L2WJHx9RpnRCqq
+7m583QJcgo1Of+reQgrvg8LseHTbqOG6DbjoKrGb2MbfKHU0hXh98t1oY2NPGI5m
+ZXMcMLCpnt+u777SmSi9LJ7Z2CAGSYm7DIwADg==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.2_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.2_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.2_ta3/emailAddress=ch1.2_ta3
Validity
- Not Before: Mar 21 00:49:30 2011 GMT
- Not After : Dec 15 00:49:30 2013 GMT
+ Not Before: Apr 11 22:37:48 2011 GMT
+ Not After : Jan 5 22:37:48 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1.2_ta3/emailAddress=cs1_ch1.2_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:a1:cf:9c:66:1e:c9:07:ed:2b:39:8a:5f:e5:f2:
- f1:d3:f2:ad:01:f1:81:85:63:04:7f:b8:65:35:05:
- e6:bd:3d:28:97:96:54:bc:ae:1b:46:b5:5c:f5:c0:
- ac:75:63:4f:52:80:8b:4c:30:81:8e:85:96:a4:f1:
- 46:e7:77:1e:7f:3e:80:10:41:cc:e7:92:73:ad:fb:
- fb:0d:3a:2b:e2:d6:43:0e:ef:b9:54:06:2e:f7:1d:
- 1d:aa:57:49:06:3e:65:8e:a9:9d:09:0e:83:55:12:
- de:39:91:44:86:ba:d4:69:be:b8:89:a1:7b:8c:60:
- 39:30:ea:95:f9:03:3e:c4:53
+ 00:d7:e5:0a:18:00:54:5b:ee:5a:de:78:35:85:4f:
+ db:06:0c:e0:87:10:97:78:78:dc:2b:ab:95:86:3c:
+ 35:c4:42:1a:e8:c3:98:c8:5d:a1:25:a5:94:d6:8b:
+ 8e:73:e5:75:82:0a:e7:a0:47:3d:d3:16:86:3d:55:
+ 4c:2e:65:75:1b:6f:90:48:a6:4b:84:ee:76:81:56:
+ a0:36:17:9b:58:0c:45:a6:0c:b3:0c:f1:34:11:df:
+ 14:8e:99:be:22:a2:a5:62:65:f0:a8:57:57:39:b9:
+ 13:1c:8b:97:6d:fd:56:b7:ce:1b:cb:ff:ad:80:c6:
+ a3:0d:42:fe:bc:82:8f:4a:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 25:86:6a:6e:7a:be:f5:54:95:b2:ce:49:56:50:fa:ad:e3:34:
- 84:fe:d9:9e:fb:0e:73:f7:62:3c:c7:29:95:54:91:68:32:cb:
- 74:91:91:cc:68:a8:e4:12:07:b3:33:d9:f4:5e:bc:8e:0c:35:
- bf:cb:fa:fc:07:75:c1:35:1e:ea:03:2d:60:a8:d3:39:5b:af:
- 2f:67:d9:2d:98:da:48:4e:12:ee:87:1c:e5:db:42:7e:ca:45:
- 4c:23:3d:21:53:fc:ee:66:77:9d:09:08:44:55:9b:2a:0d:10:
- da:67:77:89:70:00:97:9b:eb:3a:b4:41:98:16:31:cf:bc:b5:
- 88:bf
+ 6b:92:5b:ba:16:e4:ff:58:0a:03:6e:d0:db:10:cb:1d:b3:b1:
+ 0f:b5:b7:51:52:82:41:8c:0f:c2:3a:75:9c:26:bf:1d:25:91:
+ bc:b4:ca:17:79:ee:d8:61:89:1c:de:b1:23:4f:35:58:4f:2d:
+ d9:f4:e8:9f:56:d1:83:cc:ac:70:cd:3c:51:6f:45:e1:50:47:
+ 06:17:61:cb:85:ed:d2:61:da:72:c6:79:4c:b9:7c:44:3a:c6:
+ a0:91:27:67:e5:e7:be:47:ee:fc:f4:c7:49:11:e5:65:3e:87:
+ f2:54:10:a9:41:24:6e:fb:ad:e5:4c:c8:e6:3f:9c:1c:61:41:
+ cd:a0
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBHTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2gxLjJfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEu
-Ml90YTMwHhcNMTEwMzIxMDA0OTMwWhcNMTMxMjE1MDA0OTMwWjB8MQswCQYDVQQG
+Ml90YTMwHhcNMTEwNDExMjIzNzQ4WhcNMTQwMTA1MjIzNzQ4WjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoMS4yX3RhMzEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoMS4yX3RhMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-oc+cZh7JB+0rOYpf5fLx0/KtAfGBhWMEf7hlNQXmvT0ol5ZUvK4bRrVc9cCsdWNP
-UoCLTDCBjoWWpPFG53cefz6AEEHM55Jzrfv7DTor4tZDDu+5VAYu9x0dqldJBj5l
-jqmdCQ6DVRLeOZFEhrrUab64iaF7jGA5MOqV+QM+xFMCAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAJYZqbnq+
-9VSVss5JVlD6reM0hP7ZnvsOc/diPMcplVSRaDLLdJGRzGio5BIHszPZ9F68jgw1
-v8v6/Ad1wTUe6gMtYKjTOVuvL2fZLZjaSE4S7occ5dtCfspFTCM9IVP87mZ3nQkI
-RFWbKg0Q2md3iXAAl5vrOrRBmBYxz7y1iL8=
+1+UKGABUW+5a3ng1hU/bBgzghxCXeHjcK6uVhjw1xEIa6MOYyF2hJaWU1ouOc+V1
+ggrnoEc90xaGPVVMLmV1G2+QSKZLhO52gVagNhebWAxFpgyzDPE0Ed8Ujpm+IqKl
+YmXwqFdXObkTHIuXbf1Wt84by/+tgMajDUL+vIKPSgMCAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAa5Jbuhbk
+/1gKA27Q2xDLHbOxD7W3UVKCQYwPwjp1nCa/HSWRvLTKF3nu2GGJHN6xI081WE8t
+2fTon1bRg8yscM08UW9F4VBHBhdhy4Xt0mHacsZ5TLl8RDrGoJEnZ+Xnvkfu/PTH
+SRHlZT6H8lQQqUEkbvut5UzI5j+cHGFBzaA=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.3_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.3_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.3_ta3/emailAddress=ch1.3_ta3
Validity
- Not Before: Mar 21 00:49:31 2011 GMT
- Not After : Dec 15 00:49:31 2013 GMT
+ Not Before: Apr 11 22:37:48 2011 GMT
+ Not After : Jan 5 22:37:48 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1.3_ta3/emailAddress=cs1_ch1.3_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:aa:61:a0:81:fa:99:8a:7d:cb:3e:99:2a:83:5b:
- 29:10:80:63:6c:51:35:6b:ed:fa:fe:09:07:bc:f1:
- c7:01:58:63:05:a9:1f:69:4c:36:c0:90:f6:e5:02:
- ba:d3:2d:ae:ee:53:80:61:18:d6:d6:60:58:8f:07:
- 14:ec:c2:3d:89:7b:33:90:1c:92:2f:91:fc:77:6b:
- 52:fa:cf:97:9e:22:69:62:de:25:b4:9b:52:bc:51:
- c7:04:9d:37:8b:cf:ec:3e:e5:62:76:bb:62:f8:34:
- 10:6b:28:86:0a:c5:20:e7:3e:e5:76:9f:97:31:2a:
- 04:0b:02:10:85:c8:48:bc:65
+ 00:b3:bb:8d:94:21:ec:dd:1d:bd:c4:ab:b9:04:17:
+ f2:ac:58:db:4b:93:f9:17:2d:16:fc:d1:a5:ea:ee:
+ e9:2e:4e:05:43:c2:4b:35:2e:ba:bc:70:f2:20:d7:
+ 53:64:ec:7f:84:ca:ce:eb:4d:ac:12:f0:55:6a:a9:
+ be:17:a9:ae:63:61:37:3a:72:91:b2:82:b6:c1:7e:
+ 07:39:28:5a:20:a3:db:a4:24:34:ca:78:c8:9e:26:
+ db:26:da:4f:b6:a6:cf:3f:23:d9:06:be:ad:d3:8f:
+ 23:41:51:49:f5:e3:63:91:68:a1:34:b9:3e:fd:da:
+ 22:07:86:a9:bd:58:93:84:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 76:14:29:01:64:51:13:47:26:13:73:43:4e:ac:a9:6b:6e:46:
- 04:32:7f:b7:f7:6c:6e:73:d1:d2:10:a3:4a:98:7f:c2:57:19:
- 18:d7:d6:a0:2d:e2:2b:17:4a:49:cc:d8:1e:63:0f:82:88:03:
- 2e:c2:cf:26:56:24:22:2a:48:73:54:08:97:a0:24:91:6a:05:
- 63:4a:1f:01:28:06:0b:03:93:b8:75:9e:44:2d:7e:45:6c:a6:
- c5:35:e0:0f:98:0c:a5:5a:2b:8a:c2:c1:83:f0:b6:b9:84:58:
- f5:de:d4:b8:68:7d:de:b5:a3:9a:a0:33:91:23:fa:6c:b8:32:
- 55:fb
+ 28:69:b9:22:7b:ff:dd:7f:a5:95:f6:67:73:2d:f0:85:e9:22:
+ 6e:ce:5e:f4:0e:39:90:56:a9:23:28:4a:73:d1:2f:4a:d5:dc:
+ fb:42:f2:c8:3c:a2:d7:97:08:ec:86:cc:72:65:23:21:88:e1:
+ be:67:8e:f8:44:7b:0e:b7:3f:04:75:db:4a:3f:32:e6:5a:e1:
+ 6a:8e:f7:e9:20:ae:2c:62:51:34:d4:b1:c0:3b:20:64:d0:8f:
+ b3:86:4b:e1:82:ff:a2:61:eb:3f:1d:bf:2f:11:d2:01:96:a0:
+ a5:0f:df:1f:c9:1c:34:64:97:7d:3e:97:70:bf:2b:68:2f:cf:
+ 91:52
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBHzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2gxLjNfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEu
-M190YTMwHhcNMTEwMzIxMDA0OTMxWhcNMTMxMjE1MDA0OTMxWjB8MQswCQYDVQQG
+M190YTMwHhcNMTEwNDExMjIzNzQ4WhcNMTQwMTA1MjIzNzQ4WjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoMS4zX3RhMzEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoMS4zX3RhMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-qmGggfqZin3LPpkqg1spEIBjbFE1a+36/gkHvPHHAVhjBakfaUw2wJD25QK60y2u
-7lOAYRjW1mBYjwcU7MI9iXszkBySL5H8d2tS+s+XniJpYt4ltJtSvFHHBJ03i8/s
-PuVidrti+DQQayiGCsUg5z7ldp+XMSoECwIQhchIvGUCAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAdhQpAWRR
-E0cmE3NDTqypa25GBDJ/t/dsbnPR0hCjSph/wlcZGNfWoC3iKxdKSczYHmMPgogD
-LsLPJlYkIipIc1QIl6AkkWoFY0ofASgGCwOTuHWeRC1+RWymxTXgD5gMpVorisLB
-g/C2uYRY9d7UuGh93rWjmqAzkSP6bLgyVfs=
+s7uNlCHs3R29xKu5BBfyrFjbS5P5Fy0W/NGl6u7pLk4FQ8JLNS66vHDyINdTZOx/
+hMrO602sEvBVaqm+F6muY2E3OnKRsoK2wX4HOShaIKPbpCQ0ynjInibbJtpPtqbP
+PyPZBr6t048jQVFJ9eNjkWihNLk+/doiB4apvViThCsCAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAKGm5Inv/
+3X+llfZncy3whekibs5e9A45kFapIyhKc9EvStXc+0LyyDyi15cI7IbMcmUjIYjh
+vmeO+ER7Drc/BHXbSj8y5lrhao736SCuLGJRNNSxwDsgZNCPs4ZL4YL/omHrPx2/
+LxHSAZagpQ/fH8kcNGSXfT6XcL8raC/PkVI=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.4_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1.4_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1.4_ta3/emailAddress=ch1.4_ta3
Validity
- Not Before: Mar 21 00:49:31 2011 GMT
- Not After : Dec 15 00:49:31 2013 GMT
+ Not Before: Apr 11 22:37:49 2011 GMT
+ Not After : Jan 5 22:37:49 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1.4_ta3/emailAddress=cs1_ch1.4_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:c6:b7:dc:6a:06:a3:1f:5a:98:5f:cd:0e:f1:c3:
- 40:bd:b3:9e:73:68:16:78:a1:5e:e9:a2:0c:32:68:
- 56:db:cb:9f:b8:dd:89:c1:f3:7b:b9:61:0e:9e:e1:
- ff:ad:b3:43:4d:c3:c9:9e:9a:5e:58:48:50:7b:b7:
- f8:20:0e:54:ce:4c:41:b8:b2:73:0a:6f:f1:0c:40:
- 3b:81:4a:a1:42:da:01:6a:cd:03:65:a6:83:ff:29:
- 41:40:45:31:d9:fd:7f:f4:e4:09:38:9f:66:a9:a4:
- d4:9a:a5:80:6a:9e:43:11:cc:7a:4f:13:84:cc:7f:
- 21:f9:4c:93:ec:d0:9c:f6:55
+ 00:ae:be:e2:6c:c9:bb:11:1a:16:90:72:55:8c:f5:
+ d6:64:e7:2d:5f:18:27:c7:1d:b5:6e:10:a4:8a:b9:
+ 0e:71:ef:d5:05:42:2b:12:da:79:51:58:08:2a:37:
+ e9:3d:47:93:4f:0f:d2:2b:29:b3:de:84:02:86:a2:
+ 75:40:59:ef:26:7b:e5:23:f2:db:91:62:e0:d7:08:
+ 02:4c:c8:05:bf:f1:fc:d3:1a:cb:59:f9:86:a0:7f:
+ 99:c8:3a:08:82:ba:5f:4f:62:d7:74:a5:2d:3e:b8:
+ 17:d5:ca:25:0b:59:34:d0:f0:a0:ec:3a:cc:8a:e0:
+ 22:1d:fb:d0:b2:cf:62:db:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 95:16:43:f9:f7:e3:76:6f:54:ff:74:78:05:e4:85:ae:b0:94:
- 72:db:f0:d9:99:f7:6d:b6:f7:35:f3:db:c5:87:65:0f:88:65:
- 8f:06:6f:f2:d7:5f:be:4f:e0:56:02:8e:f5:d5:42:22:48:74:
- 3b:23:f9:76:82:3d:b0:d6:51:cd:d9:76:bd:22:4d:6d:24:c7:
- 77:89:c5:9c:38:a9:db:f1:2b:16:16:11:e9:64:71:e3:a4:34:
- 9a:83:dd:d4:14:38:b6:bf:06:46:b3:a6:e3:d9:8b:e9:cb:5b:
- e1:fb:c1:30:34:aa:cf:1a:4d:66:39:5f:06:7e:39:ac:6e:01:
- 81:b7
+ 7a:92:69:a9:a5:d2:40:46:78:cf:22:7b:5c:36:44:e6:6b:00:
+ 78:ab:ca:ff:45:ad:77:d7:87:fc:92:5b:23:3c:dc:27:c2:0f:
+ ee:fe:40:f4:3c:46:46:8f:86:c1:94:ff:60:31:db:24:0c:9c:
+ 46:bb:fb:c6:80:55:61:dc:4d:b9:6c:d4:67:b1:a0:35:f1:a4:
+ 94:30:25:9d:c2:16:d5:82:cd:a3:eb:fc:1c:44:b8:bb:44:ef:
+ 5f:00:bd:68:04:57:a6:5a:03:a6:fd:44:72:22:28:7f:e3:85:
+ 4a:0f:c6:45:a9:ae:8a:bd:b0:49:73:c3:e1:30:ad:c2:9f:f7:
+ 04:4d
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBITANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2gxLjRfdGEzMRgwFgYJKoZIhvcNAQkBFgljaDEu
-NF90YTMwHhcNMTEwMzIxMDA0OTMxWhcNMTMxMjE1MDA0OTMxWjB8MQswCQYDVQQG
+NF90YTMwHhcNMTEwNDExMjIzNzQ5WhcNMTQwMTA1MjIzNzQ5WjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoMS40X3RhMzEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoMS40X3RhMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-xrfcagajH1qYX80O8cNAvbOec2gWeKFe6aIMMmhW28ufuN2JwfN7uWEOnuH/rbND
-TcPJnppeWEhQe7f4IA5UzkxBuLJzCm/xDEA7gUqhQtoBas0DZaaD/ylBQEUx2f1/
-9OQJOJ9mqaTUmqWAap5DEcx6TxOEzH8h+UyT7NCc9lUCAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAlRZD+ffj
-dm9U/3R4BeSFrrCUctvw2Zn3bbb3NfPbxYdlD4hljwZv8tdfvk/gVgKO9dVCIkh0
-OyP5doI9sNZRzdl2vSJNbSTHd4nFnDip2/ErFhYR6WRx46Q0moPd1BQ4tr8GRrOm
-49mL6ctb4fvBMDSqzxpNZjlfBn45rG4Bgbc=
+rr7ibMm7ERoWkHJVjPXWZOctXxgnxx21bhCkirkOce/VBUIrEtp5UVgIKjfpPUeT
+Tw/SKymz3oQChqJ1QFnvJnvlI/LbkWLg1wgCTMgFv/H80xrLWfmGoH+ZyDoIgrpf
+T2LXdKUtPrgX1colC1k00PCg7DrMiuAiHfvQss9i2xMCAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAepJpqaXS
+QEZ4zyJ7XDZE5msAeKvK/0Wtd9eH/JJbIzzcJ8IP7v5A9DxGRo+GwZT/YDHbJAyc
+Rrv7xoBVYdxNuWzUZ7GgNfGklDAlncIW1YLNo+v8HES4u0TvXwC9aARXploDpv1E
+ciIof+OFSg/GRamuir2wSXPD4TCtwp/3BE0=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:28 2011 GMT
- Not After : Dec 15 00:49:28 2013 GMT
+ Not Before: Apr 11 22:37:44 2011 GMT
+ Not After : Jan 5 22:37:44 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1_ta3/emailAddress=cs1_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:c0:f4:07:51:f9:0b:0f:11:0a:28:50:d3:7a:43:
- 1f:24:71:ac:79:35:17:3c:44:b2:f9:67:b6:b3:ee:
- 73:27:f6:7d:7b:e9:21:66:33:73:54:5e:98:f9:72:
- 87:cf:e4:6f:4e:d8:65:76:74:65:41:2d:4c:99:d6:
- 69:82:c9:ca:35:c3:d7:5e:6a:ec:c5:cd:a6:e0:3e:
- da:00:b6:ae:e6:a6:0f:f1:2d:1a:bd:92:1a:d8:14:
- ae:92:90:fb:e9:16:e2:38:85:20:df:dd:8a:11:af:
- c2:3b:37:9b:ce:99:4e:89:ff:32:c7:53:e1:e0:ad:
- ed:a6:12:96:9d:97:40:96:b5
+ 00:cc:26:a7:16:78:9a:fb:e2:da:da:e3:c4:ef:7e:
+ cb:5c:21:1c:aa:c1:53:35:df:cc:dc:f5:e2:98:0b:
+ e6:8e:05:f4:e5:97:28:98:54:95:15:11:c9:1e:97:
+ ed:ee:f4:49:4e:2f:0a:a2:16:83:0d:f5:49:65:78:
+ 6d:ba:a2:19:1b:74:27:64:1a:22:0b:85:47:d0:e1:
+ 85:25:1e:5c:fd:00:7a:37:9e:7e:83:43:cf:17:4e:
+ 2f:ea:7d:c9:5a:b8:70:7a:82:2c:74:0f:77:47:10:
+ 1a:a4:51:16:08:9e:71:b5:7c:54:53:60:92:a8:0c:
+ 1c:b3:b1:0f:ab:c3:0e:46:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 29:26:20:2c:c3:ae:e3:84:28:2a:15:af:48:cc:a4:87:d2:8b:
- 7e:dd:76:80:11:f8:4c:e3:97:0c:34:42:96:78:9f:44:97:b6:
- 61:3f:66:be:24:60:b4:40:0d:8d:56:3b:ec:d3:31:8d:ae:ac:
- 1a:cb:cf:e5:68:67:21:87:1a:9b:b1:06:18:c4:d8:9b:d0:1a:
- 4f:ed:8f:8e:5a:d5:4d:24:ea:d0:55:5b:2f:2c:d7:e8:8d:ff:
- 99:5b:c1:32:55:f2:f4:d3:72:0b:b5:80:0c:8d:ce:8d:83:29:
- 6f:2e:e1:e0:d7:99:fe:37:b5:3a:14:71:3e:ec:0c:ec:31:7d:
- 2c:f0
+ 39:fc:dd:ed:5b:f5:75:d9:01:ed:86:33:11:21:27:c9:ad:78:
+ d3:e7:48:8a:3e:11:71:71:0f:d5:10:5b:5a:f0:16:a2:ac:70:
+ e9:3c:db:b9:30:c0:0d:2e:b4:8a:97:c3:50:d7:00:53:d3:4f:
+ b7:24:ff:38:64:e0:ff:87:01:18:6f:7c:bd:3c:2a:bc:fe:9b:
+ 0a:d8:66:ce:9e:4e:fa:4c:5c:b5:62:ae:dc:1b:c4:ef:84:da:
+ 45:3f:c2:a9:6d:74:a5:f0:44:7e:14:70:a4:4d:e3:dc:92:bb:
+ 49:de:68:35:bb:59:a0:24:ba:d6:89:44:28:6b:b8:69:ca:64:
+ 7f:f4
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBETANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjhaFw0xMzEyMTUwMDQ5MjhaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDRaFw0xNDAxMDUyMjM3NDRaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczFfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3MxX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMD0B1H5Cw8R
-CihQ03pDHyRxrHk1FzxEsvlntrPucyf2fXvpIWYzc1RemPlyh8/kb07YZXZ0ZUEt
-TJnWaYLJyjXD115q7MXNpuA+2gC2ruamD/EtGr2SGtgUrpKQ++kW4jiFIN/dihGv
-wjs3m86ZTon/MsdT4eCt7aYSlp2XQJa1AgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBACkmICzDruOEKCoVr0jM
-pIfSi37ddoAR+Ezjlww0QpZ4n0SXtmE/Zr4kYLRADY1WO+zTMY2urBrLz+VoZyGH
-GpuxBhjE2JvQGk/tj45a1U0k6tBVWy8s1+iN/5lbwTJV8vTTcgu1gAyNzo2DKW8u
-4eDXmf43tToUcT7sDOwxfSzw
+Y3MxX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMwmpxZ4mvvi
+2trjxO9+y1whHKrBUzXfzNz14pgL5o4F9OWXKJhUlRURyR6X7e70SU4vCqIWgw31
+SWV4bbqiGRt0J2QaIguFR9DhhSUeXP0AejeefoNDzxdOL+p9yVq4cHqCLHQPd0cQ
+GqRRFgiecbV8VFNgkqgMHLOxD6vDDkbFAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBADn83e1b9XXZAe2GMxEh
+J8mteNPnSIo+EXFxD9UQW1rwFqKscOk827kwwA0utIqXw1DXAFPTT7ck/zhk4P+H
+ARhvfL08Krz+mwrYZs6eTvpMXLVirtwbxO+E2kU/wqltdKXwRH4UcKRN49ySu0ne
+aDW7WaAkutaJRChruGnKZH/0
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1_ta4_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1_ta4_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta4/emailAddress=ch1_ta4
Validity
- Not Before: Mar 21 00:49:32 2011 GMT
- Not After : Dec 15 00:49:32 2013 GMT
+ Not Before: Apr 11 22:37:50 2011 GMT
+ Not After : Jan 5 22:37:50 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1_ta4/emailAddress=cs1_ch1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:af:be:de:74:2a:a1:34:39:6a:e5:7d:9a:a5:a1:
- 4a:0c:e0:e5:4f:46:71:e4:5a:54:56:05:f1:ab:a5:
- 7e:17:b6:aa:d4:4e:9c:b7:46:fc:ef:9a:4a:f5:3b:
- 3b:b0:3a:67:d2:89:6d:3f:f7:6d:8d:59:1f:2b:b9:
- a4:55:08:b6:76:c5:2e:71:eb:f9:4a:43:7c:db:13:
- b2:a2:08:f3:b2:f1:1b:66:ef:ef:2d:a6:e6:0a:37:
- 8a:b3:f9:da:0c:fe:da:23:0c:ef:b6:88:a2:6d:62:
- 2d:76:42:5c:f3:2c:f8:3f:76:c3:e3:6e:f5:e4:3c:
- 6e:48:c6:2a:cd:c7:e8:d9:dd
+ 00:b2:8c:40:a3:36:97:32:f7:20:68:e2:f4:f5:76:
+ a3:13:03:4c:1e:32:7c:47:2f:16:32:14:4e:df:0b:
+ 7a:6a:22:54:78:cf:69:c9:ea:a7:e6:82:17:6a:31:
+ 11:38:7e:e4:f9:ed:be:a2:89:42:df:f4:df:f6:e4:
+ 23:bd:ad:4a:c2:ba:a3:a9:26:39:60:ee:02:07:74:
+ 25:6c:b0:7e:9f:6b:33:e1:e7:37:13:77:7b:a6:7f:
+ 4e:e8:75:61:d4:6b:89:19:6b:e5:a5:df:52:5c:71:
+ 25:37:d6:a7:e2:c8:7f:cd:4f:c4:44:b5:15:7c:62:
+ f3:d2:54:d2:9f:c5:99:7a:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,28 +29,28 @@
URI:http://localhost:12001/file/0/ch1_ta4_crl.pem
Signature Algorithm: sha256WithRSAEncryption
- ad:09:e5:e2:0a:c7:01:40:b0:d1:ff:83:9a:f7:b7:ac:58:00:
- dd:a3:36:24:fb:65:f7:85:68:90:86:67:fb:f4:7e:1e:dd:8e:
- b6:78:ff:a0:5a:12:2a:6f:2c:2b:c0:e3:d7:80:09:25:72:e0:
- 6b:3a:c3:e4:dd:72:76:05:05:b2:55:f2:38:3e:07:24:2d:47:
- 4a:db:b2:c6:4e:9c:c4:43:c9:95:23:44:61:db:da:d6:84:9c:
- 12:dd:63:87:99:7f:7b:00:aa:77:dd:50:76:66:a7:ea:7f:fc:
- e4:66:ae:08:d0:70:66:0f:23:d3:b4:cb:38:20:de:27:df:12:
- 3d:b5
+ 53:4e:93:21:c0:2f:46:e1:aa:bc:11:25:b1:ee:1a:6d:df:b8:
+ ef:5d:0e:59:3d:fb:1f:1e:62:83:66:98:cb:71:26:b9:87:df:
+ 49:5f:8e:fb:ec:d5:4d:70:d7:57:64:7a:58:08:54:dd:2a:86:
+ 26:b7:9b:a1:dd:1b:00:45:b3:c2:f9:8a:06:17:cf:28:c3:00:
+ 13:7a:6c:83:52:ea:a3:0e:6e:3e:1e:98:56:c4:68:d9:1f:99:
+ af:11:00:e5:5f:42:4d:54:4f:88:c4:43:ee:24:ee:ce:ce:17:
+ 9f:13:5a:f3:1c:e8:a6:76:7c:70:6e:63:1a:3b:52:1c:c0:83:
+ 01:7b
-----BEGIN CERTIFICATE-----
MIICrjCCAhegAwIBAgIBIzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhNDEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-NDAeFw0xMTAzMjEwMDQ5MzJaFw0xMzEyMTUwMDQ5MzJaMHgxCzAJBgNVBAYTAlVT
+NDAeFw0xMTA0MTEyMjM3NTBaFw0xNDAxMDUyMjM3NTBaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczFfY2gxX3RhNDEaMBgGCSqGSIb3DQEJARYL
-Y3MxX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK++3nQqoTQ5
-auV9mqWhSgzg5U9GceRaVFYF8aulfhe2qtROnLdG/O+aSvU7O7A6Z9KJbT/3bY1Z
-Hyu5pFUItnbFLnHr+UpDfNsTsqII87LxG2bv7y2m5go3irP52gz+2iMM77aIom1i
-LXZCXPMs+D92w+Nu9eQ8bkjGKs3H6NndAgMBAAGjUDBOMAwGA1UdEwEB/wQCMAAw
+Y3MxX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALKMQKM2lzL3
+IGji9PV2oxMDTB4yfEcvFjIUTt8LemoiVHjPacnqp+aCF2oxETh+5PntvqKJQt/0
+3/bkI72tSsK6o6kmOWDuAgd0JWywfp9rM+HnNxN3e6Z/Tuh1YdRriRlr5aXfUlxx
+JTfWp+LIf81PxES1FXxi89JU0p/FmXqtAgMBAAGjUDBOMAwGA1UdEwEB/wQCMAAw
PgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL2xvY2FsaG9zdDoxMjAwMS9maWxlLzAv
-Y2gxX3RhNF9jcmwucGVtMA0GCSqGSIb3DQEBCwUAA4GBAK0J5eIKxwFAsNH/g5r3
-t6xYAN2jNiT7ZfeFaJCGZ/v0fh7djrZ4/6BaEipvLCvA49eACSVy4Gs6w+TdcnYF
-BbJV8jg+ByQtR0rbssZOnMRDyZUjRGHb2taEnBLdY4eZf3sAqnfdUHZmp+p//ORm
-rgjQcGYPI9O0yzgg3iffEj21
+Y2gxX3RhNF9jcmwucGVtMA0GCSqGSIb3DQEBCwUAA4GBAFNOkyHAL0bhqrwRJbHu
+Gm3fuO9dDlk9+x8eYoNmmMtxJrmH30lfjvvs1U1w11dkelgIVN0qhia3m6HdGwBF
+s8L5igYXzyjDABN6bINS6qMObj4emFbEaNkfma8RAOVfQk1UT4jEQ+4k7s7OF58T
+WvMc6KZ2fHBuYxo7UhzAgwF7
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1_ta5_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch1_ta5_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta5/emailAddress=ch1_ta5
Validity
- Not Before: Mar 21 00:49:34 2011 GMT
- Not After : Dec 15 00:49:34 2013 GMT
+ Not Before: Apr 11 22:37:52 2011 GMT
+ Not After : Jan 5 22:37:52 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch1_ta5/emailAddress=cs1_ch1_ta5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:9f:3b:31:69:28:44:86:2e:06:eb:0a:fe:f8:f4:
- a4:e0:ab:ea:c9:9e:9a:9e:c6:57:9d:c8:31:20:ec:
- 20:d8:02:77:14:98:d9:34:9b:cd:4e:ab:20:bf:a8:
- fb:2f:e3:09:fe:5c:93:8b:41:b9:2f:f6:22:a8:29:
- ba:a3:5e:6a:73:47:cc:f1:45:cf:36:c1:90:9b:ee:
- b9:d0:e7:d3:cc:c1:9e:34:02:03:67:78:81:41:9c:
- e6:3a:b5:62:a4:01:af:b1:71:4a:e9:29:ec:15:2a:
- d7:cc:04:a5:f7:55:11:c3:b8:6e:5d:0f:7a:18:4a:
- 4c:db:d6:34:37:aa:3d:d5:53
+ 00:bc:a1:03:22:dd:57:7e:99:4b:58:8c:04:98:41:
+ f9:77:26:01:6f:24:72:d0:7f:82:33:d5:8f:5f:a6:
+ 20:6c:02:b2:2c:56:8d:4d:fc:0d:a6:19:29:23:2f:
+ 88:8c:67:49:c3:e9:90:a6:17:0e:1a:62:28:44:49:
+ 68:80:aa:5e:24:e0:97:38:58:45:c1:45:59:38:e0:
+ 33:00:7c:65:63:b9:ea:a1:81:d0:92:5f:fe:50:1b:
+ 92:85:79:c9:91:96:51:0a:bf:1c:c8:a6:52:4f:b0:
+ 3e:1c:08:09:3b:a1:6a:af:ef:40:7b:df:8b:e3:bd:
+ de:41:9c:1b:9b:f7:85:9c:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 6f:c1:70:68:66:e9:5f:02:f8:f2:9e:60:dc:51:56:4f:32:ee:
- 62:72:8d:cb:3e:19:ea:03:1e:92:2a:b4:84:a0:b6:ee:0e:c4:
- f3:87:b5:75:bd:91:17:96:fe:44:55:0e:33:99:ef:bb:7e:f8:
- 83:a4:df:e8:90:c1:fe:ef:96:05:aa:c8:ce:6e:38:1b:d1:af:
- 90:0d:88:21:7e:e6:58:ad:b6:b6:8c:8a:c4:9b:ec:19:1e:55:
- c2:9f:03:e4:47:49:46:c5:a9:79:78:8f:fa:b5:c6:aa:bc:f0:
- c2:cb:6a:f0:d7:76:b4:0e:b4:6b:20:53:55:15:1a:39:a7:3f:
- 1a:bd
+ 9f:43:a8:af:30:0a:8a:ca:fb:ac:58:e1:f7:d4:76:f6:08:2d:
+ b3:3a:cb:62:48:90:06:6e:bb:d3:7f:cc:3c:cc:57:3f:88:87:
+ a1:fd:d1:db:5a:a1:73:c6:c5:5a:d9:b9:bc:ba:43:43:ee:bf:
+ 6b:c5:bc:5c:a3:2a:a4:01:9b:2f:60:b0:86:99:00:d4:1b:d6:
+ 74:22:e8:9a:8e:06:b3:4e:33:34:3c:f4:96:ab:58:66:68:f1:
+ f4:75:a4:09:2e:4c:15:17:6d:9f:e0:e9:9f:45:4c:1f:24:7f:
+ b7:af:70:76:4c:38:20:8e:00:6e:eb:bf:84:e7:6f:b0:98:b7:
+ 4a:67
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBKTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhNTEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-NTAeFw0xMTAzMjEwMDQ5MzRaFw0xMzEyMTUwMDQ5MzRaMHgxCzAJBgNVBAYTAlVT
+NTAeFw0xMTA0MTEyMjM3NTJaFw0xNDAxMDUyMjM3NTJaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczFfY2gxX3RhNTEaMBgGCSqGSIb3DQEJARYL
-Y3MxX2NoMV90YTUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ87MWkoRIYu
-BusK/vj0pOCr6smemp7GV53IMSDsINgCdxSY2TSbzU6rIL+o+y/jCf5ck4tBuS/2
-IqgpuqNeanNHzPFFzzbBkJvuudDn08zBnjQCA2d4gUGc5jq1YqQBr7FxSukp7BUq
-18wEpfdVEcO4bl0PehhKTNvWNDeqPdVTAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBAG/BcGhm6V8C+PKeYNxR
-Vk8y7mJyjcs+GeoDHpIqtISgtu4OxPOHtXW9kReW/kRVDjOZ77t++IOk3+iQwf7v
-lgWqyM5uOBvRr5ANiCF+5littraMisSb7BkeVcKfA+RHSUbFqXl4j/q1xqq88MLL
-avDXdrQOtGsgU1UVGjmnPxq9
+Y3MxX2NoMV90YTUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALyhAyLdV36Z
+S1iMBJhB+XcmAW8kctB/gjPVj1+mIGwCsixWjU38DaYZKSMviIxnScPpkKYXDhpi
+KERJaICqXiTglzhYRcFFWTjgMwB8ZWO56qGB0JJf/lAbkoV5yZGWUQq/HMimUk+w
+PhwICTuhaq/vQHvfi+O93kGcG5v3hZwlAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBAJ9DqK8wCorK+6xY4ffU
+dvYILbM6y2JIkAZuu9N/zDzMVz+Ih6H90dtaoXPGxVrZuby6Q0Puv2vFvFyjKqQB
+my9gsIaZANQb1nQi6JqOBrNOMzQ89JarWGZo8fR1pAkuTBUXbZ/g6Z9FTB8kf7ev
+cHZMOCCOAG7rv4Tnb7CYt0pn
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5.1_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5.1_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.1_ta1/emailAddress=ch5.1_ta1
Validity
- Not Before: Mar 21 00:49:24 2011 GMT
- Not After : Dec 15 00:49:24 2013 GMT
+ Not Before: Apr 11 22:37:41 2011 GMT
+ Not After : Jan 5 22:37:41 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch5.1_ta1/emailAddress=cs1_ch5.1_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bf:ce:74:08:89:5a:78:fe:33:bc:42:8f:19:79:
- 0f:76:ce:ff:da:f1:32:62:4a:34:ee:54:3a:81:61:
- 9a:02:81:02:4b:77:c7:7c:ef:50:99:68:f4:40:4d:
- fa:41:a3:a4:86:a4:9c:6a:45:2b:99:15:ba:d8:d5:
- 97:f5:30:25:c0:f3:7c:a1:eb:50:58:8e:23:04:b0:
- 72:ea:bb:21:fc:6c:37:37:ab:85:c3:36:8c:42:dc:
- 83:12:6a:a1:b1:3e:8b:f9:b6:4c:43:8e:38:15:c1:
- 40:22:f8:7d:59:c0:9c:f6:75:85:0d:ed:43:4c:d8:
- 7f:84:c8:dd:a4:7d:66:c4:63
+ 00:9d:74:cf:25:35:26:cd:52:2e:9a:fc:8d:0b:4f:
+ 85:33:83:61:7a:f1:f1:c1:55:3d:dc:2e:20:77:8e:
+ 20:de:eb:e4:37:b6:6a:a4:c8:94:09:6c:f8:36:bd:
+ 78:a6:3f:2c:64:c3:23:d3:c7:fa:1c:36:a3:24:51:
+ c0:ac:2d:20:6f:15:bf:aa:d8:94:5f:5f:8e:0a:c5:
+ e0:aa:24:02:a5:f9:e4:cc:97:7f:74:b1:f1:a1:ab:
+ 30:6c:70:74:a4:5a:bd:5e:d7:69:64:6a:42:8d:c5:
+ d0:b9:21:66:5a:9b:37:25:fa:34:cc:08:21:45:cb:
+ 23:10:eb:66:66:d2:9b:bc:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 35:e5:fc:ad:b3:07:3c:23:cc:b9:a1:82:8c:2e:97:3a:65:e1:
- 25:03:16:50:e7:a3:69:cb:bf:e3:5e:be:59:60:ba:96:af:44:
- 01:18:de:2e:c7:5f:cf:19:ca:59:fc:01:f5:86:e0:5e:e9:c6:
- 70:9e:4c:e7:e1:ad:41:1b:be:11:a8:bb:cd:28:67:a8:7d:81:
- ec:55:25:5e:c6:c7:c3:f2:42:3e:07:e8:68:ca:5c:41:dd:34:
- b4:de:b2:f4:cb:dd:b3:e9:76:07:4c:d3:87:b1:4f:56:39:40:
- 77:03:42:ae:80:be:d3:ae:cb:75:80:09:82:87:7c:3b:2a:e0:
- bd:04
+ 3d:79:e6:0f:d3:33:eb:e7:fb:d4:39:f7:41:1e:f2:47:56:01:
+ d3:8b:bd:0d:0c:d5:ae:f1:85:6d:34:74:78:b3:27:20:88:4d:
+ bd:3a:b1:ac:d2:5c:f6:f3:87:f9:af:76:3a:93:60:a4:f5:97:
+ 4c:c3:a6:aa:2a:f1:22:61:ea:2d:e4:97:f4:57:f7:30:84:85:
+ 81:a1:aa:12:5a:37:82:96:11:d0:53:40:6c:5e:28:9f:42:1c:
+ 3c:89:ae:d5:88:5d:cc:3e:4d:5c:ab:94:03:de:95:4a:b1:f2:
+ 6b:cd:c1:cd:08:fa:87:88:80:e4:97:0f:36:55:3b:5d:60:a6:
+ 1e:e3
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBCTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2g1LjFfdGExMRgwFgYJKoZIhvcNAQkBFgljaDUu
-MV90YTEwHhcNMTEwMzIxMDA0OTI0WhcNMTMxMjE1MDA0OTI0WjB8MQswCQYDVQQG
+MV90YTEwHhcNMTEwNDExMjIzNzQxWhcNMTQwMTA1MjIzNzQxWjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoNS4xX3RhMTEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoNS4xX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-v850CIlaeP4zvEKPGXkPds7/2vEyYko07lQ6gWGaAoECS3fHfO9QmWj0QE36QaOk
-hqScakUrmRW62NWX9TAlwPN8oetQWI4jBLBy6rsh/Gw3N6uFwzaMQtyDEmqhsT6L
-+bZMQ444FcFAIvh9WcCc9nWFDe1DTNh/hMjdpH1mxGMCAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEANeX8rbMH
-PCPMuaGCjC6XOmXhJQMWUOejacu/416+WWC6lq9EARjeLsdfzxnKWfwB9YbgXunG
-cJ5M5+GtQRu+Eai7zShnqH2B7FUlXsbHw/JCPgfoaMpcQd00tN6y9Mvds+l2B0zT
-h7FPVjlAdwNCroC+067LdYAJgod8OyrgvQQ=
+nXTPJTUmzVIumvyNC0+FM4NhevHxwVU93C4gd44g3uvkN7ZqpMiUCWz4Nr14pj8s
+ZMMj08f6HDajJFHArC0gbxW/qtiUX1+OCsXgqiQCpfnkzJd/dLHxoaswbHB0pFq9
+XtdpZGpCjcXQuSFmWps3Jfo0zAghRcsjEOtmZtKbvBkCAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAPXnmD9Mz
+6+f71Dn3QR7yR1YB04u9DQzVrvGFbTR0eLMnIIhNvTqxrNJc9vOH+a92OpNgpPWX
+TMOmqirxImHqLeSX9Ff3MISFgaGqElo3gpYR0FNAbF4on0IcPImu1YhdzD5NXKuU
+A96VSrHya83BzQj6h4iA5JcPNlU7XWCmHuM=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5.2_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5.2_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.2_ta1/emailAddress=ch5.2_ta1
Validity
- Not Before: Mar 21 00:49:25 2011 GMT
- Not After : Dec 15 00:49:25 2013 GMT
+ Not Before: Apr 11 22:37:42 2011 GMT
+ Not After : Jan 5 22:37:42 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch5.2_ta1/emailAddress=cs1_ch5.2_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b9:44:f7:70:52:8f:e0:c5:7b:7e:68:01:46:0b:
- e1:54:1a:91:82:96:5d:d9:60:a7:a6:c2:2d:cf:f6:
- b1:e6:bc:fe:b5:02:49:20:5e:b7:2e:88:07:05:4e:
- 88:9e:96:f5:51:22:b1:72:23:88:21:7d:70:d4:51:
- c1:38:26:87:3c:d2:59:b4:0a:b4:0c:99:fb:eb:89:
- a8:15:fa:ff:2a:40:52:e2:b3:d1:79:61:4b:a5:f3:
- 8a:0a:18:4b:76:26:9d:68:c7:83:03:88:77:38:ab:
- d6:2d:95:17:20:43:cc:6b:c5:d2:1d:85:b7:c0:b4:
- b7:8c:f7:cc:3e:cc:79:8d:3d
+ 00:c8:74:f3:2f:47:e9:02:0e:f4:93:b9:c2:65:ae:
+ 74:a2:90:3e:2c:36:bd:86:b1:44:f9:ac:ce:ac:0d:
+ 8f:c6:fa:b4:94:62:39:25:63:12:77:4e:4b:26:ca:
+ 7b:ad:7e:e2:1c:9a:18:6d:10:cf:6d:82:b6:00:db:
+ 57:d6:ca:56:bb:af:bd:72:76:19:5f:18:f3:ce:55:
+ 3e:c9:9f:a0:a5:65:6d:01:d4:0b:fe:a0:8e:ba:d2:
+ 2d:19:5f:72:93:ab:50:a7:91:ba:3d:e6:d7:5f:07:
+ 4a:61:c2:3a:7b:22:77:9e:93:73:16:b9:b8:e4:d6:
+ a4:9f:95:1d:f3:54:69:19:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 15:39:6a:5e:1b:b7:b0:9d:56:ed:4e:0f:28:5e:ba:84:d0:14:
- 92:4b:51:1f:3f:a7:2b:dc:ac:3d:6a:d6:79:7d:16:e6:db:04:
- a2:4b:03:c9:d0:d0:4d:09:60:c8:92:ae:cf:ec:39:0e:fb:a2:
- 17:bf:0d:1b:ff:99:b6:c8:2a:cb:f9:25:bc:b1:8e:94:2b:dc:
- e1:47:43:a0:21:9c:b3:f3:62:d0:ae:49:e0:aa:a9:a8:23:c5:
- 7f:60:9a:ce:cc:4b:48:6a:98:2a:58:68:df:89:88:fe:d3:17:
- 50:82:3b:33:45:4a:08:56:2e:e4:5e:4f:3b:6f:c5:e1:c0:53:
- 28:a8
+ 13:49:e0:c1:04:5e:6e:af:74:a7:15:5c:2d:b4:0d:26:fb:00:
+ ca:f3:ed:0a:87:fb:5f:1a:c9:d4:48:fd:30:96:eb:c2:f4:34:
+ af:09:ef:71:ad:1d:d0:dd:5d:53:12:cd:63:7f:09:2a:10:f7:
+ 12:7d:61:78:29:5b:80:c3:c7:5f:e7:16:af:c4:11:72:1e:45:
+ 82:0b:67:3b:76:8e:33:f0:d1:3a:b6:ca:5a:e9:8f:33:c9:79:
+ b6:7e:ac:b6:ef:c3:36:f8:a0:ae:88:0c:7e:ed:74:f9:44:b2:
+ 1b:e3:de:36:d4:9e:dd:5b:99:86:b3:7e:13:19:31:6d:6d:ff:
+ bf:f7
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBCzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2g1LjJfdGExMRgwFgYJKoZIhvcNAQkBFgljaDUu
-Ml90YTEwHhcNMTEwMzIxMDA0OTI1WhcNMTMxMjE1MDA0OTI1WjB8MQswCQYDVQQG
+Ml90YTEwHhcNMTEwNDExMjIzNzQyWhcNMTQwMTA1MjIzNzQyWjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoNS4yX3RhMTEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoNS4yX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-uUT3cFKP4MV7fmgBRgvhVBqRgpZd2WCnpsItz/ax5rz+tQJJIF63LogHBU6Inpb1
-USKxciOIIX1w1FHBOCaHPNJZtAq0DJn764moFfr/KkBS4rPReWFLpfOKChhLdiad
-aMeDA4h3OKvWLZUXIEPMa8XSHYW3wLS3jPfMPsx5jT0CAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAFTlqXhu3
-sJ1W7U4PKF66hNAUkktRHz+nK9ysPWrWeX0W5tsEoksDydDQTQlgyJKuz+w5Dvui
-F78NG/+Ztsgqy/klvLGOlCvc4UdDoCGcs/Ni0K5J4KqpqCPFf2CazsxLSGqYKlho
-34mI/tMXUII7M0VKCFYu5F5PO2/F4cBTKKg=
+yHTzL0fpAg70k7nCZa50opA+LDa9hrFE+azOrA2Pxvq0lGI5JWMSd05LJsp7rX7i
+HJoYbRDPbYK2ANtX1spWu6+9cnYZXxjzzlU+yZ+gpWVtAdQL/qCOutItGV9yk6tQ
+p5G6PebXXwdKYcI6eyJ3npNzFrm45Nakn5Ud81RpGT8CAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAE0ngwQRe
+bq90pxVcLbQNJvsAyvPtCof7XxrJ1Ej9MJbrwvQ0rwnvca0d0N1dUxLNY38JKhD3
+En1heClbgMPHX+cWr8QRch5FggtnO3aOM/DROrbKWumPM8l5tn6stu/DNvigrogM
+fu10+USyG+PeNtSe3VuZhrN+ExkxbW3/v/c=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5.3_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5.3_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5.3_ta1/emailAddress=ch5.3_ta1
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:42 2011 GMT
+ Not After : Jan 5 22:37:42 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch5.3_ta1/emailAddress=cs1_ch5.3_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:ba:d5:66:e3:d0:cd:3b:08:d4:e6:6a:9e:7f:22:
- 39:47:94:a9:77:5a:dd:26:6a:35:fc:d5:e0:1b:41:
- cf:0d:ff:6f:66:09:96:8b:32:36:ea:68:69:82:5a:
- c9:6f:20:ea:ff:1c:83:29:11:d8:f2:99:f8:5c:d4:
- 85:32:bb:c6:69:ca:dc:f7:d7:89:d4:72:2c:89:8a:
- 36:22:71:48:bc:fa:e0:f9:03:3c:14:7c:c2:48:92:
- 10:9f:21:db:2a:3b:01:f2:6f:96:18:61:b4:45:56:
- 27:81:aa:42:fd:d8:92:84:4e:fd:5d:65:ad:67:67:
- 4d:06:48:10:88:bb:77:af:23
+ 00:b5:76:e5:90:97:10:d5:aa:02:02:eb:87:f5:96:
+ 3a:94:31:a6:d9:1b:99:36:6b:62:13:36:cd:75:bf:
+ 5d:b9:19:02:15:79:e8:0c:95:12:80:a8:97:85:60:
+ 30:6f:4a:3d:cb:b4:bc:d8:a6:4d:a0:42:64:28:d3:
+ 07:2e:0a:f3:35:c3:35:10:08:f9:1e:e9:07:63:4b:
+ 7d:36:cc:65:7e:be:65:cb:a2:ad:8b:4a:1c:ec:9e:
+ f6:f5:14:e7:93:42:5c:0b:a3:7e:73:ae:18:42:32:
+ 32:a0:45:96:2d:d5:d7:5c:75:f2:e3:48:23:34:20:
+ 88:4f:7e:1a:21:8c:45:30:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 7e:14:ca:ef:10:0b:0d:a4:e4:7d:ba:39:5b:7c:63:b7:9a:d2:
- b7:cb:25:87:b3:fe:9f:34:55:d2:45:a6:b3:68:27:6d:a7:14:
- 5c:68:43:0b:81:aa:0b:21:6d:1f:ad:ec:72:de:4b:99:b5:a4:
- f0:24:15:73:f1:eb:dd:6f:41:2f:3c:4b:06:44:eb:ec:f0:9d:
- 29:79:ce:d2:ea:e2:55:1b:9f:cf:7c:ca:98:35:6f:98:ec:70:
- de:f1:04:fa:f1:89:ee:bf:af:a4:f8:35:92:b7:f9:27:a7:5e:
- 76:cc:c0:79:ad:6b:46:d7:d1:a7:60:35:32:9f:26:b3:b2:e7:
- 21:a5
+ 76:78:0e:96:48:35:42:08:26:68:65:9d:49:c6:3b:b7:f2:c7:
+ 3b:41:e1:94:2b:30:ec:65:1d:90:bd:3e:6a:ec:66:f1:3d:e6:
+ 76:b7:e7:a3:c7:96:b0:61:39:0b:e1:4e:15:cd:f7:95:48:c7:
+ ee:21:ce:81:5e:04:85:5b:2e:66:9f:2a:c1:6e:6f:4d:e3:c8:
+ 32:1f:35:53:7d:4f:ff:0f:0f:07:25:6a:f9:da:74:0c:8d:cf:
+ 86:3b:c1:30:bc:dd:a4:80:37:78:a3:03:1e:58:29:16:1b:d5:
+ b0:12:4e:8f:f4:da:c4:46:f4:28:4e:36:ac:d7:8a:95:c3:18:
+ e8:2e
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIBDjANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTESMBAGA1UEAxQJY2g1LjNfdGExMRgwFgYJKoZIhvcNAQkBFgljaDUu
-M190YTEwHhcNMTEwMzIxMDA0OTI2WhcNMTMxMjE1MDA0OTI2WjB8MQswCQYDVQQG
+M190YTEwHhcNMTEwNDExMjIzNzQyWhcNMTQwMTA1MjIzNzQyWjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEN
MAsGA1UEChMEcGtnNTEWMBQGA1UEAxQNY3MxX2NoNS4zX3RhMTEcMBoGCSqGSIb3
DQEJARYNY3MxX2NoNS4zX3RhMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-utVm49DNOwjU5mqefyI5R5Spd1rdJmo1/NXgG0HPDf9vZgmWizI26mhpglrJbyDq
-/xyDKRHY8pn4XNSFMrvGacrc99eJ1HIsiYo2InFIvPrg+QM8FHzCSJIQnyHbKjsB
-8m+WGGG0RVYngapC/diShE79XWWtZ2dNBkgQiLt3ryMCAwEAAaMgMB4wDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAfhTK7xAL
-DaTkfbo5W3xjt5rSt8slh7P+nzRV0kWms2gnbacUXGhDC4GqCyFtH63sct5LmbWk
-8CQVc/Hr3W9BLzxLBkTr7PCdKXnO0uriVRufz3zKmDVvmOxw3vEE+vGJ7r+vpPg1
-krf5J6dedszAea1rRtfRp2A1Mp8ms7LnIaU=
+tXblkJcQ1aoCAuuH9ZY6lDGm2RuZNmtiEzbNdb9duRkCFXnoDJUSgKiXhWAwb0o9
+y7S82KZNoEJkKNMHLgrzNcM1EAj5HukHY0t9Nsxlfr5ly6Kti0oc7J729RTnk0Jc
+C6N+c64YQjIyoEWWLdXXXHXy40gjNCCIT34aIYxFMA0CAwEAAaMgMB4wDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAdngOlkg1
+QggmaGWdScY7t/LHO0HhlCsw7GUdkL0+auxm8T3mdrfno8eWsGE5C+FOFc33lUjH
+7iHOgV4EhVsuZp8qwW5vTePIMh81U31P/w8PByVq+dp0DI3PhjvBMLzdpIA3eKMD
+HlgpFhvVsBJOj/TaxEb0KE42rNeKlcMY6C4=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ch5_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5_ta1/emailAddress=ch5_ta1
Validity
- Not Before: Mar 21 00:49:24 2011 GMT
- Not After : Dec 15 00:49:24 2013 GMT
+ Not Before: Apr 11 22:37:40 2011 GMT
+ Not After : Jan 5 22:37:40 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ch5_ta1/emailAddress=cs1_ch5_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b3:a4:c0:9b:2d:3a:3d:41:21:47:c3:96:e2:60:
- e4:dd:24:83:4a:1c:91:4e:c0:30:f7:c1:8f:7b:87:
- 58:9a:ce:09:6f:9e:85:0d:cf:a9:33:ea:aa:4e:c8:
- e6:60:1e:14:25:66:80:c9:e9:9c:1b:60:4a:dc:cb:
- 66:b0:03:38:bc:42:dc:0e:e1:da:d5:e8:25:20:75:
- e9:3f:58:20:09:91:b0:b6:da:6f:aa:26:69:50:87:
- 3b:37:eb:a7:e7:66:b1:de:ad:57:78:98:cf:17:59:
- 7e:10:b6:da:ca:58:7d:45:14:8a:f1:0f:f1:af:5b:
- 00:26:36:af:1e:0d:29:47:65
+ 00:e9:6c:6d:b5:1a:ef:fa:b5:f6:42:f6:7e:e6:f3:
+ 3f:11:2f:a7:c9:10:14:67:c9:fb:4b:c4:2f:c4:25:
+ 0d:a3:3c:66:0f:a0:1a:86:d5:19:48:e6:54:a3:a6:
+ 8d:6a:a2:89:a9:a5:ed:e7:49:ae:20:95:39:0c:19:
+ 41:87:e0:63:af:27:92:1d:55:b1:10:ea:b4:6d:5a:
+ e6:21:78:93:94:e2:06:e6:7d:c6:53:4e:d5:af:82:
+ 08:a1:82:64:c1:57:78:7e:52:18:f6:38:f0:5e:8e:
+ 09:ea:fa:fc:7d:f3:2d:87:5d:a9:8e:ef:87:7a:e5:
+ 97:ef:7b:fb:b4:96:09:6b:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- cb:cf:66:b0:f1:ff:e3:9f:6a:e8:36:19:07:ee:4a:88:72:25:
- 41:e5:27:33:e1:2d:81:e0:23:d8:16:1a:db:b7:a2:ad:30:81:
- b4:19:e6:0d:7a:30:c6:11:8e:c0:e3:89:b9:c8:67:66:17:fa:
- 28:96:74:30:7b:74:0e:1e:71:b9:fb:6a:34:24:7b:f6:69:bb:
- 36:c9:00:63:86:4b:49:16:74:6c:64:69:55:ce:bb:15:fb:fd:
- 89:78:72:d3:47:d2:12:ad:c0:43:f6:56:c2:77:9e:68:04:6c:
- 30:4a:28:06:7b:a7:74:2a:3a:8a:b8:7d:41:2b:aa:61:93:28:
- 97:75
+ 14:9a:25:22:78:e5:77:2e:7f:28:cb:57:a9:d8:22:b1:7a:f1:
+ 75:b9:79:3f:f3:7e:bc:eb:49:1e:35:0f:7a:20:f0:0a:f6:a1:
+ eb:08:a1:be:4c:c7:98:22:5b:9f:f9:a6:9a:e2:4a:85:13:2a:
+ f1:7f:da:cc:04:b1:13:d5:52:90:59:17:a8:f8:77:f8:ba:02:
+ 88:62:fb:9d:28:3f:0d:15:ad:79:3f:d0:a2:cb:a2:87:b7:e0:
+ 10:3a:a1:1b:4b:0c:79:f6:1e:b0:20:dc:0f:01:7e:c0:9c:86:
+ 91:6d:c4:06:4b:fb:3b:da:70:e0:1b:9b:f3:9d:2d:57:cb:16:
+ 26:4f
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBBjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2g1X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g1X3Rh
-MTAeFw0xMTAzMjEwMDQ5MjRaFw0xMzEyMTUwMDQ5MjRaMHgxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3NDBaFw0xNDAxMDUyMjM3NDBaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczFfY2g1X3RhMTEaMBgGCSqGSIb3DQEJARYL
-Y3MxX2NoNV90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALOkwJstOj1B
-IUfDluJg5N0kg0ockU7AMPfBj3uHWJrOCW+ehQ3PqTPqqk7I5mAeFCVmgMnpnBtg
-StzLZrADOLxC3A7h2tXoJSB16T9YIAmRsLbab6omaVCHOzfrp+dmsd6tV3iYzxdZ
-fhC22spYfUUUivEP8a9bACY2rx4NKUdlAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBAMvPZrDx/+Ofaug2GQfu
-SohyJUHlJzPhLYHgI9gWGtu3oq0wgbQZ5g16MMYRjsDjibnIZ2YX+iiWdDB7dA4e
-cbn7ajQke/ZpuzbJAGOGS0kWdGxkaVXOuxX7/Yl4ctNH0hKtwEP2VsJ3nmgEbDBK
-KAZ7p3QqOoq4fUErqmGTKJd1
+Y3MxX2NoNV90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOlsbbUa7/q1
+9kL2fubzPxEvp8kQFGfJ+0vEL8QlDaM8Zg+gGobVGUjmVKOmjWqiiaml7edJriCV
+OQwZQYfgY68nkh1VsRDqtG1a5iF4k5TiBuZ9xlNO1a+CCKGCZMFXeH5SGPY48F6O
+Cer6/H3zLYddqY7vh3rll+97+7SWCWsXAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBABSaJSJ45XcufyjLV6nY
+IrF68XW5eT/zfrzrSR41D3og8Ar2oesIob5Mx5giW5/5ppriSoUTKvF/2swEsRPV
+UpBZF6j4d/i6Aohi+50oPw0VrXk/0KLLooe34BA6oRtLDHn2HrAg3A8BfsCchpFt
+xAZL+zvacOAbm/OdLVfLFiZP
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_cs8_ch1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_cs8_ch1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs8_ch1_ta3/emailAddress=cs8_ch1_ta3
Validity
- Not Before: Mar 21 00:49:29 2011 GMT
- Not After : Dec 15 00:49:29 2013 GMT
+ Not Before: Apr 11 22:37:46 2011 GMT
+ Not After : Jan 5 22:37:46 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_cs8_ch1_ta3/emailAddress=cs1_cs8_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b7:e1:e5:53:8b:fe:2e:f4:82:1a:1a:10:f8:1d:
- 3f:0f:04:e4:35:8b:19:20:11:af:ad:c2:ff:5a:12:
- 04:f0:4e:4d:3a:b3:ce:42:c3:c5:ad:2a:ca:87:04:
- c2:f3:8a:5c:22:c9:b9:d5:08:ba:5c:9c:1a:06:d8:
- db:ea:70:6c:0a:8c:22:0a:9c:9b:ea:4d:0f:d9:98:
- da:df:d8:cd:26:82:f8:ae:77:93:6a:16:3f:54:eb:
- c1:c7:fc:94:bb:05:dc:9d:cf:ae:bc:71:e9:f0:4a:
- 09:d7:06:14:d4:db:63:d6:b2:bc:84:9f:90:a0:21:
- 75:45:2b:f3:2c:fa:e8:98:cd
+ 00:a8:89:d6:f6:e1:32:a9:bc:a5:c2:c8:00:1c:a1:
+ 04:fc:93:5a:5c:29:1d:37:7e:29:e1:7f:69:79:24:
+ ab:05:5a:83:71:d8:3c:bb:e5:1c:b8:e0:5e:a8:bd:
+ 41:06:cb:69:f6:d2:b9:48:c4:93:7c:ae:c6:38:bc:
+ d7:9a:f2:db:8d:f9:5f:51:c4:1b:d2:c5:0e:57:6d:
+ 0b:73:19:a8:34:e6:5b:81:80:43:77:3a:8e:54:59:
+ 91:69:a9:aa:9f:2b:24:24:1e:06:e8:bc:f2:3f:c3:
+ ee:33:3f:f4:5f:76:fd:24:05:48:a8:98:2f:15:eb:
+ 16:d5:24:6b:ea:59:e6:06:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 80:df:ac:6d:f0:f0:d8:14:72:fa:cc:20:8d:9b:58:f2:1e:bf:
- a1:31:02:e6:2c:09:fe:2e:c2:d9:02:b4:14:57:9a:60:ea:20:
- 69:5e:ea:ff:30:86:fe:57:6b:f0:39:68:23:d3:0c:aa:82:dc:
- 2e:47:91:66:a2:05:14:c8:f9:a1:21:7b:77:19:16:fb:6f:52:
- a6:04:a1:13:cb:89:b3:1e:fe:d0:f4:e4:9b:4a:65:4a:59:a6:
- 12:1f:0b:ed:82:bb:06:4b:da:73:52:d5:3f:c7:8a:b2:ba:3f:
- 78:73:d6:11:ae:94:62:18:db:86:da:1d:87:75:47:df:66:89:
- 6e:3d
+ 27:04:6d:7c:c0:89:81:f7:16:04:e2:f7:f1:4a:3b:60:17:4d:
+ f2:c3:0b:78:32:a5:f0:b4:e4:4e:2e:8e:06:d6:2d:3a:65:33:
+ a1:16:60:47:78:1f:f3:d3:72:c5:c7:43:f8:bb:0e:22:2a:7b:
+ a6:3e:9c:1e:40:c8:71:ff:28:82:0b:d9:93:8c:b9:f6:a2:ca:
+ d5:52:81:b6:b7:a1:20:09:e8:8a:68:e5:24:d1:dd:da:dc:1a:
+ 01:3d:e5:77:77:fe:64:f5:b6:14:f9:8b:04:3f:11:7e:62:f5:
+ ee:01:7c:d9:d5:b7:00:19:a9:49:05:94:0b:30:22:63:d2:0d:
+ 3e:7a
-----BEGIN CERTIFICATE-----
MIICjzCCAfigAwIBAgIBGTANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEUMBIGA1UEAxQLY3M4X2NoMV90YTMxGjAYBgkqhkiG9w0BCQEWC2Nz
-OF9jaDFfdGEzMB4XDTExMDMyMTAwNDkyOVoXDTEzMTIxNTAwNDkyOVowgYAxCzAJ
+OF9jaDFfdGEzMB4XDTExMDQxMTIyMzc0NloXDTE0MDEwNTIyMzc0NlowgYAxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MRgwFgYDVQQDFA9jczFfY3M4X2NoMV90YTMxHjAc
BgkqhkiG9w0BCQEWD2NzMV9jczhfY2gxX3RhMzCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAt+HlU4v+LvSCGhoQ+B0/DwTkNYsZIBGvrcL/WhIE8E5NOrPOQsPF
-rSrKhwTC84pcIsm51Qi6XJwaBtjb6nBsCowiCpyb6k0P2Zja39jNJoL4rneTahY/
-VOvBx/yUuwXcnc+uvHHp8EoJ1wYU1Ntj1rK8hJ+QoCF1RSvzLPromM0CAwEAAaMg
+jQAwgYkCgYEAqInW9uEyqbylwsgAHKEE/JNaXCkdN34p4X9peSSrBVqDcdg8u+Uc
+uOBeqL1BBstp9tK5SMSTfK7GOLzXmvLbjflfUcQb0sUOV20LcxmoNOZbgYBDdzqO
+VFmRaamqnyskJB4G6LzyP8PuMz/0X3b9JAVIqJgvFesW1SRr6lnmBlECAwEAAaMg
MB4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQAD
-gYEAgN+sbfDw2BRy+swgjZtY8h6/oTEC5iwJ/i7C2QK0FFeaYOogaV7q/zCG/ldr
-8DloI9MMqoLcLkeRZqIFFMj5oSF7dxkW+29SpgShE8uJsx7+0PTkm0plSlmmEh8L
-7YK7Bkvac1LVP8eKsro/eHPWEa6UYhjbhtodh3VH32aJbj0=
+gYEAJwRtfMCJgfcWBOL38Uo7YBdN8sMLeDKl8LTkTi6OBtYtOmUzoRZgR3gf89Ny
+xcdD+LsOIip7pj6cHkDIcf8oggvZk4y59qLK1VKBtrehIAnoimjlJNHd2twaAT3l
+d3f+ZPW2FPmLBD8RfmL17gF82dW3ABmpSQWUCzAiY9INPno=
-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta10_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,54 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 46 (0x2e)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta10, CN=localhost/emailAddress=ta10
+ Validity
+ Not Before: Apr 11 22:37:55 2011 GMT
+ Not After : Jan 5 22:37:55 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=cs1_ta10, CN=localhost/emailAddress=cs1_ta10
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b2:6d:bc:ff:c2:ff:ef:b8:49:75:6b:8c:d4:5a:
+ 8c:de:94:66:55:60:46:1e:dc:0d:fd:e1:95:62:91:
+ 5c:11:1e:0e:2c:19:e2:e5:97:93:e5:dc:91:28:ac:
+ 83:69:8d:3a:86:2d:a1:e9:e6:17:b1:49:e8:98:49:
+ af:5d:bb:0e:12:66:53:a2:d7:11:25:cf:1b:71:c2:
+ f7:ad:50:7b:67:d1:2a:44:99:21:25:44:5f:f4:2d:
+ a5:15:69:a2:12:ab:41:38:1c:c0:f0:9e:cc:49:30:
+ 91:38:6a:1e:e9:72:0d:f9:aa:0a:b9:32:dd:01:f2:
+ 6b:91:72:f6:4e:84:ab:fa:73
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ 09:46:77:32:eb:db:bb:3a:3f:98:4c:b7:3b:ae:ed:1e:dc:d8:
+ e6:cd:ea:e7:1d:33:e0:a0:b3:14:18:45:1d:a2:dd:62:ea:6b:
+ 47:0d:26:a5:fa:17:10:94:5f:87:1a:3b:97:e1:72:3b:9c:71:
+ a8:b6:1e:33:28:cf:a7:ea:c1:d0:7e:8f:f0:de:80:1b:9f:3f:
+ 23:4a:3c:0c:f5:6e:ad:9b:9b:87:32:93:43:c1:5f:4d:3b:23:
+ 89:22:27:7d:89:67:f7:e4:e5:3d:48:ae:4d:53:6e:85:81:30:
+ 6b:be:d1:dd:4d:f4:16:7d:3f:07:42:fc:f4:6e:86:14:f3:c7:
+ cd:45
+-----BEGIN CERTIFICATE-----
+MIICmzCCAgSgAwIBAgIBLjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
+ChMEcGtnNTENMAsGA1UECxMEdGExMDESMBAGA1UEAxMJbG9jYWxob3N0MRMwEQYJ
+KoZIhvcNAQkBFgR0YTEwMB4XDTExMDQxMTIyMzc1NVoXDTE0MDEwNTIyMzc1NVow
+gYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN
+ZW5sbyBQYXJrMQ0wCwYDVQQKEwRwa2c1MREwDwYDVQQLFAhjczFfdGExMDESMBAG
+A1UEAxMJbG9jYWxob3N0MRcwFQYJKoZIhvcNAQkBFghjczFfdGExMDCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAsm28/8L/77hJdWuM1FqM3pRmVWBGHtwN/eGV
+YpFcER4OLBni5ZeT5dyRKKyDaY06hi2h6eYXsUnomEmvXbsOEmZTotcRJc8bccL3
+rVB7Z9EqRJkhJURf9C2lFWmiEqtBOBzA8J7MSTCROGoe6XIN+aoKuTLdAfJrkXL2
+ToSr+nMCAwEAAaMgMB4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJ
+KoZIhvcNAQELBQADgYEACUZ3Muvbuzo/mEy3O67tHtzY5s3q5x0z4KCzFBhFHaLd
+YuprRw0mpfoXEJRfhxo7l+FyO5xxqLYeMyjPp+rB0H6P8N6AG58/I0o8DPVurZub
+hzKTQ8FfTTsjiSInfYln9+TlPUiuTVNuhYEwa77R3U30Fn0/B0L89G6GFPPHzUU=
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta11_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,54 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 47 (0x2f)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta11, CN=localhost/emailAddress=ta11
+ Validity
+ Not Before: Apr 11 22:37:55 2011 GMT
+ Not After : Jan 5 22:37:55 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=cs1_ta11, CN=localhost/emailAddress=cs1_ta11
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d0:21:b2:10:04:9f:9c:ed:82:b7:0e:98:3f:b6:
+ 27:97:24:74:1d:88:1e:42:29:bc:3b:1b:91:a5:92:
+ 4f:80:2a:81:05:71:2f:1b:3f:49:92:d1:9e:bf:e8:
+ 39:a8:6f:81:0d:53:20:04:fa:33:32:b7:96:3e:66:
+ f7:85:d4:4d:32:e7:11:3e:aa:2f:3a:40:3f:28:97:
+ b3:ee:9f:5d:b2:4c:e1:5e:7d:2e:d1:4f:ec:ff:b4:
+ 34:b4:64:b9:56:ed:2b:59:5c:e0:c5:e1:91:66:20:
+ f2:56:9d:6e:55:69:60:38:6d:8a:c3:8d:d6:b9:30:
+ 37:ac:ed:eb:bf:ed:46:b7:5f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ 6a:b0:56:90:12:50:3d:5b:96:88:2c:f3:fc:67:2b:ed:07:84:
+ f7:f6:34:e6:51:b4:fb:67:15:0f:88:65:f5:34:3c:53:9b:ab:
+ a4:fc:fd:06:96:f3:de:8f:2c:89:fd:26:41:20:cf:21:03:3b:
+ 17:0c:8b:7b:f1:a9:85:8d:a7:f5:58:5a:58:a1:e4:fa:dc:b2:
+ 3b:23:d6:ae:bc:f9:b9:34:5c:f2:00:49:9e:e7:f6:a7:60:ff:
+ 1b:22:50:db:80:1a:c8:81:40:bc:00:ee:4b:44:ef:4b:d0:13:
+ b0:a2:e7:fb:03:e9:aa:39:7a:aa:00:f0:75:30:9c:31:8e:c8:
+ 75:13
+-----BEGIN CERTIFICATE-----
+MIICmzCCAgSgAwIBAgIBLzANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
+ChMEcGtnNTENMAsGA1UECxMEdGExMTESMBAGA1UEAxMJbG9jYWxob3N0MRMwEQYJ
+KoZIhvcNAQkBFgR0YTExMB4XDTExMDQxMTIyMzc1NVoXDTE0MDEwNTIyMzc1NVow
+gYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN
+ZW5sbyBQYXJrMQ0wCwYDVQQKEwRwa2c1MREwDwYDVQQLFAhjczFfdGExMTESMBAG
+A1UEAxMJbG9jYWxob3N0MRcwFQYJKoZIhvcNAQkBFghjczFfdGExMTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEA0CGyEASfnO2Ctw6YP7YnlyR0HYgeQim8OxuR
+pZJPgCqBBXEvGz9JktGev+g5qG+BDVMgBPozMreWPmb3hdRNMucRPqovOkA/KJez
+7p9dskzhXn0u0U/s/7Q0tGS5Vu0rWVzgxeGRZiDyVp1uVWlgOG2Kw43WuTA3rO3r
+v+1Gt18CAwEAAaMgMB4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJ
+KoZIhvcNAQELBQADgYEAarBWkBJQPVuWiCzz/Gcr7QeE9/Y05lG0+2cVD4hl9TQ8
+U5urpPz9Bpbz3o8sif0mQSDPIQM7FwyLe/GphY2n9VhaWKHk+tyyOyPWrrz5uTRc
+8gBJnuf2p2D/GyJQ24AayIFAvADuS0TvS9ATsKLn+wPpqjl6qgDwdTCcMY7IdRM=
+-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta2_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta2_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta2/emailAddress=ta2
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:43 2011 GMT
+ Not After : Jan 5 22:37:43 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs1_ta2/emailAddress=cs1_ta2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d1:4a:70:39:c8:22:72:ed:59:a6:45:f9:9a:cb:
- 75:6d:95:17:d1:d5:fc:4c:98:77:5b:2b:18:94:98:
- 0c:94:72:d5:52:76:65:ed:c7:84:a9:5d:37:fb:1b:
- 54:f3:0a:e5:1f:fe:7f:9b:b2:30:7a:1a:4b:c1:9c:
- 46:84:0d:9b:f9:59:c1:83:ce:9d:95:ec:f2:34:8f:
- 2b:a7:07:fb:3c:58:64:4f:89:0d:ac:e3:92:03:dd:
- 50:05:15:65:77:7f:ba:06:dc:f9:7b:e9:11:9a:16:
- 55:a1:ce:6e:c7:d9:f5:ca:54:f3:da:40:08:dd:45:
- f5:27:09:95:7e:51:ba:f7:bb
+ 00:e7:3a:08:5d:d7:3d:c8:50:43:ad:92:87:40:58:
+ 59:5c:fa:34:ba:c9:bd:5b:d7:9f:17:b8:4f:d2:15:
+ fd:86:d9:f0:3a:07:48:14:f3:c0:a4:9e:e3:ee:00:
+ 45:ba:aa:de:3a:5c:53:d6:0d:dd:46:88:d3:b6:13:
+ aa:ee:f8:c0:3e:fa:eb:0a:6d:4a:0d:f7:39:21:ff:
+ 5d:dc:d7:13:5b:2a:e9:e4:c0:1e:31:2b:5b:00:ce:
+ b0:55:44:72:97:66:06:ab:41:71:05:4a:83:6b:3b:
+ cf:a7:ce:5d:61:43:3b:bb:60:19:c4:33:ac:23:72:
+ 66:9d:e9:72:be:bd:6c:ad:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 5d:98:9c:96:be:80:58:ef:e7:53:c2:79:29:8c:e1:40:18:63:
- 22:09:e6:ee:c2:a1:22:f9:50:ce:f2:9d:72:21:1d:0d:f9:2a:
- 2d:a8:eb:9f:03:5d:df:45:88:a8:52:e2:b9:0c:b0:27:7f:42:
- 8a:1c:45:a1:3b:24:ab:38:b4:e5:b2:ab:7c:d1:57:80:9e:be:
- 18:3a:ff:49:57:b0:61:cc:cc:63:98:e8:7b:79:de:2b:db:39:
- 44:df:8a:0d:ad:9c:ce:6e:b6:1f:3c:fa:ad:f7:ac:02:eb:08:
- 59:34:e9:74:bd:2d:bb:5d:8d:80:5d:bb:3b:18:3d:d6:3b:d2:
- 9d:47
+ 49:7b:52:fd:1f:be:ee:30:38:0d:93:6b:07:01:95:14:35:6e:
+ 5b:dd:74:9e:a0:a7:1a:bd:a8:cd:35:a9:7f:21:af:d7:a2:0c:
+ 69:f9:d4:d0:eb:45:93:e2:48:fd:86:b4:70:fb:b5:dd:e5:48:
+ 5f:93:d4:41:7a:cb:a5:73:02:d8:d9:e8:5f:9c:f8:4f:ad:50:
+ fb:88:24:b3:f5:e0:cf:d9:3e:bf:3f:5b:0c:db:a0:20:51:5d:
+ ea:13:0b:5b:44:6d:af:0f:6a:72:b6:25:8c:9f:bd:d0:a9:0e:
+ 38:60:39:53:7e:9d:6e:ac:65:21:9a:32:f4:57:65:39:dc:f7:
+ 36:9a
-----BEGIN CERTIFICATE-----
MIICbjCCAdegAwIBAgIBDzANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEMMAoGA1UEAxMDdGEyMRIwEAYJKoZIhvcNAQkBFgN0YTIwHhcNMTEw
-MzIxMDA0OTI2WhcNMTMxMjE1MDA0OTI2WjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
+NDExMjIzNzQzWhcNMTQwMTA1MjIzNzQzWjBwMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtn
NTEQMA4GA1UEAxQHY3MxX3RhMjEWMBQGCSqGSIb3DQEJARYHY3MxX3RhMjCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0UpwOcgicu1ZpkX5mst1bZUX0dX8TJh3
-WysYlJgMlHLVUnZl7ceEqV03+xtU8wrlH/5/m7IwehpLwZxGhA2b+VnBg86dlezy
-NI8rpwf7PFhkT4kNrOOSA91QBRVld3+6Btz5e+kRmhZVoc5ux9n1ylTz2kAI3UX1
-JwmVflG697sCAwEAAaMgMB4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4Aw
-DQYJKoZIhvcNAQELBQADgYEAXZiclr6AWO/nU8J5KYzhQBhjIgnm7sKhIvlQzvKd
-ciEdDfkqLajrnwNd30WIqFLiuQywJ39CihxFoTskqzi05bKrfNFXgJ6+GDr/SVew
-YczMY5joe3neK9s5RN+KDa2czm62Hzz6rfesAusIWTTpdL0tu12NgF27Oxg91jvS
-nUc=
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5zoIXdc9yFBDrZKHQFhZXPo0usm9W9ef
+F7hP0hX9htnwOgdIFPPApJ7j7gBFuqreOlxT1g3dRojTthOq7vjAPvrrCm1KDfc5
+If9d3NcTWyrp5MAeMStbAM6wVURyl2YGq0FxBUqDazvPp85dYUM7u2AZxDOsI3Jm
+nelyvr1srSsCAwEAAaMgMB4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4Aw
+DQYJKoZIhvcNAQELBQADgYEASXtS/R++7jA4DZNrBwGVFDVuW910nqCnGr2ozTWp
+fyGv16IMafnU0OtFk+JI/Ya0cPu13eVIX5PUQXrLpXMC2NnoX5z4T61Q+4gks/Xg
+z9k+vz9bDNugIFFd6hMLW0Rtrw9qcrYljJ+90KkOOGA5U36dbqxlIZoy9FdlOdz3
+Npo=
-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta6_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,54 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 42 (0x2a)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta6, CN=localhost/emailAddress=ta6
+ Validity
+ Not Before: Apr 11 22:37:54 2011 GMT
+ Not After : Jan 5 22:37:54 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=cs1_ta6, CN=localhost/emailAddress=cs1_ta6
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e1:f0:66:24:db:fa:5f:00:b6:c4:f6:63:f0:51:
+ 7d:49:f9:92:71:e1:b3:8c:e7:fc:e9:e4:4f:79:76:
+ 52:51:06:65:c1:5f:d4:51:26:30:46:c9:70:98:5a:
+ c5:a9:9e:6a:67:24:25:7a:68:5b:63:af:90:e7:b1:
+ fb:42:f9:15:9c:d4:41:c6:90:fd:c3:d3:d7:cf:fe:
+ 00:c6:39:cb:6c:ae:9c:cb:74:c4:b6:1f:be:1b:58:
+ 9f:c9:8a:33:66:ec:32:08:fc:d9:23:e1:29:e2:f3:
+ 3e:3d:53:a7:78:e7:69:49:2b:39:72:8b:74:33:46:
+ b1:f7:3b:26:4f:8d:06:64:e7
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ 6b:e1:7e:83:a6:a1:f8:46:a6:85:bb:c7:25:20:83:bb:b4:e0:
+ 58:63:36:5a:97:1c:4c:76:24:a2:9d:c3:45:73:1f:22:39:97:
+ 2c:47:b1:f5:3e:ac:b4:00:6d:c5:32:49:0c:83:e9:94:44:fa:
+ d6:e1:2d:a7:ae:66:34:9c:85:3e:a4:43:af:c0:2a:6c:f9:22:
+ 64:d2:bb:54:67:e8:99:df:41:f2:7c:87:77:67:b5:3d:14:37:
+ 75:32:56:69:21:f2:53:f2:d2:83:a1:fc:c0:3d:b5:4e:b5:d8:
+ 06:d8:4e:71:f8:cc:3c:3a:93:a4:a0:05:a3:4f:7b:b1:83:21:
+ 96:60
+-----BEGIN CERTIFICATE-----
+MIIClzCCAgCgAwIBAgIBKjANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
+ChMEcGtnNTEMMAoGA1UECxMDdGE2MRIwEAYDVQQDEwlsb2NhbGhvc3QxEjAQBgkq
+hkiG9w0BCQEWA3RhNjAeFw0xMTA0MTEyMjM3NTRaFw0xNDAxMDUyMjM3NTRaMIGE
+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
+bG8gUGFyazENMAsGA1UEChMEcGtnNTEQMA4GA1UECxQHY3MxX3RhNjESMBAGA1UE
+AxMJbG9jYWxob3N0MRYwFAYJKoZIhvcNAQkBFgdjczFfdGE2MIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDh8GYk2/pfALbE9mPwUX1J+ZJx4bOM5/zp5E95dlJR
+BmXBX9RRJjBGyXCYWsWpnmpnJCV6aFtjr5DnsftC+RWc1EHGkP3D09fP/gDGOcts
+rpzLdMS2H74bWJ/JijNm7DII/Nkj4Sni8z49U6d452lJKzlyi3QzRrH3OyZPjQZk
+5wIDAQABoyAwHjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
+9w0BAQsFAAOBgQBr4X6DpqH4RqaFu8clIIO7tOBYYzZalxxMdiSincNFcx8iOZcs
+R7H1Pqy0AG3FMkkMg+mURPrW4S2nrmY0nIU+pEOvwCps+SJk0rtUZ+iZ30HyfId3
+Z7U9FDd1MlZpIfJT8tKDofzAPbVOtdgG2E5x+Mw8OpOkoAWjT3uxgyGWYA==
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta7_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,54 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 43 (0x2b)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta7, CN=localhost/emailAddress=ta7
+ Validity
+ Not Before: Apr 11 22:37:54 2011 GMT
+ Not After : Jan 5 22:37:54 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=cs1_ta7, CN=localhost/emailAddress=cs1_ta7
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c1:8e:b8:0a:bd:17:40:c0:8d:b3:6f:c3:ca:97:
+ ca:b0:b6:95:01:9c:d8:a0:f3:9f:af:2e:c8:3f:0b:
+ 54:f3:f0:c6:ae:41:d0:b5:73:4d:6e:b3:93:f9:58:
+ 99:86:b4:66:21:2d:9f:78:ad:47:eb:81:78:5d:21:
+ 2e:19:38:7a:73:64:5e:c9:8f:5c:1c:f5:92:b9:5f:
+ 2f:f3:de:e7:a3:8c:8a:cb:d1:b2:00:ed:7c:24:a8:
+ 10:d2:2c:eb:32:7c:48:23:fe:c2:9d:41:b5:07:d7:
+ 52:aa:e9:20:d3:2a:63:60:c4:1a:60:27:05:28:ae:
+ 4f:88:fd:ba:8e:ff:02:c7:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ b5:06:5c:d4:ad:4f:c3:e4:99:0c:07:e7:dd:33:09:94:42:7d:
+ 8a:c8:04:56:c8:63:a0:be:4b:a7:60:52:e4:13:ef:82:bd:ce:
+ 9f:4f:91:ee:e8:0e:09:35:e6:eb:c2:e3:da:78:8d:4e:a2:b4:
+ e5:f0:4c:99:29:02:0f:a8:b8:49:56:f8:d9:a3:4b:c7:bb:ce:
+ ba:63:78:ed:36:f9:34:6a:b8:9d:06:9b:ff:5e:e9:48:0e:b3:
+ 39:d7:64:e5:c9:28:c8:3c:8f:42:52:08:56:ad:6d:f0:63:aa:
+ 30:45:d4:40:17:34:be:24:4e:21:7a:b5:b3:2a:c7:ce:75:1b:
+ a5:eb
+-----BEGIN CERTIFICATE-----
+MIIClzCCAgCgAwIBAgIBKzANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
+ChMEcGtnNTEMMAoGA1UECxMDdGE3MRIwEAYDVQQDEwlsb2NhbGhvc3QxEjAQBgkq
+hkiG9w0BCQEWA3RhNzAeFw0xMTA0MTEyMjM3NTRaFw0xNDAxMDUyMjM3NTRaMIGE
+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
+bG8gUGFyazENMAsGA1UEChMEcGtnNTEQMA4GA1UECxQHY3MxX3RhNzESMBAGA1UE
+AxMJbG9jYWxob3N0MRYwFAYJKoZIhvcNAQkBFgdjczFfdGE3MIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDBjrgKvRdAwI2zb8PKl8qwtpUBnNig85+vLsg/C1Tz
+8MauQdC1c01us5P5WJmGtGYhLZ94rUfrgXhdIS4ZOHpzZF7Jj1wc9ZK5Xy/z3uej
+jIrL0bIA7XwkqBDSLOsyfEgj/sKdQbUH11Kq6SDTKmNgxBpgJwUork+I/bqO/wLH
+RwIDAQABoyAwHjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
+9w0BAQsFAAOBgQC1BlzUrU/D5JkMB+fdMwmUQn2KyARWyGOgvkunYFLkE++Cvc6f
+T5Hu6A4JNebrwuPaeI1OorTl8EyZKQIPqLhJVvjZo0vHu866Y3jtNvk0aridBpv/
+XulIDrM512TlySjIPI9CUghWrW3wY6owRdRAFzS+JE4herWzKsfOdRul6w==
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta8_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,54 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 44 (0x2c)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta8, CN=localhost/emailAddress=ta8
+ Validity
+ Not Before: Apr 11 22:37:54 2011 GMT
+ Not After : Jan 5 22:37:54 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=cs1_ta8, CN=localhost/emailAddress=cs1_ta8
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e7:a7:dd:2e:a7:89:c3:cc:da:a2:8b:bd:3b:ba:
+ bc:66:6a:cd:65:00:60:70:55:8c:f0:b7:89:c3:fc:
+ 97:42:5c:cb:2c:f5:0a:1c:55:c7:79:b7:b9:28:30:
+ f4:9a:a4:e0:31:e5:52:df:f4:40:85:49:8e:fc:08:
+ a5:05:44:ed:b7:6e:00:0b:a7:2d:a1:2c:47:95:18:
+ dc:5e:d0:c4:24:3d:4c:a7:cb:76:91:fb:00:89:2a:
+ 3f:7f:ab:f1:5e:b7:cb:24:6e:42:19:4d:d8:a7:12:
+ 83:c1:8c:b6:fb:02:f0:9c:1f:51:c3:c5:49:ed:a7:
+ 6e:09:bb:11:2f:a5:3f:00:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ b3:c8:ea:1e:23:23:a9:77:46:ae:c3:1c:cf:43:81:80:aa:a6:
+ fb:25:ec:a2:fa:d5:c3:e9:1e:c7:78:e1:cc:a4:d7:3f:08:2f:
+ 5f:58:05:b8:d4:0b:c7:87:2e:93:f6:c5:cb:17:31:e3:fa:88:
+ a3:0d:8d:4b:39:2b:96:dd:4d:21:91:37:e9:e7:f5:87:12:0f:
+ 4e:77:8f:f2:e0:ab:ed:39:76:69:e4:ee:bb:1a:eb:cf:50:a5:
+ 3b:23:42:74:1e:e0:00:56:ff:8f:7e:7d:97:04:9e:fc:25:a7:
+ 2a:ee:e7:6c:44:21:68:d3:39:79:e2:ac:02:38:a0:ad:dc:c1:
+ 32:f0
+-----BEGIN CERTIFICATE-----
+MIIClzCCAgCgAwIBAgIBLDANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
+ChMEcGtnNTEMMAoGA1UECxMDdGE4MRIwEAYDVQQDEwlsb2NhbGhvc3QxEjAQBgkq
+hkiG9w0BCQEWA3RhODAeFw0xMTA0MTEyMjM3NTRaFw0xNDAxMDUyMjM3NTRaMIGE
+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
+bG8gUGFyazENMAsGA1UEChMEcGtnNTEQMA4GA1UECxQHY3MxX3RhODESMBAGA1UE
+AxMJbG9jYWxob3N0MRYwFAYJKoZIhvcNAQkBFgdjczFfdGE4MIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDnp90up4nDzNqii707urxmas1lAGBwVYzwt4nD/JdC
+XMss9QocVcd5t7koMPSapOAx5VLf9ECFSY78CKUFRO23bgALpy2hLEeVGNxe0MQk
+PUyny3aR+wCJKj9/q/Fet8skbkIZTdinEoPBjLb7AvCcH1HDxUntp24JuxEvpT8A
+1QIDAQABoyAwHjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
+9w0BAQsFAAOBgQCzyOoeIyOpd0auwxzPQ4GAqqb7Jeyi+tXD6R7HeOHMpNc/CC9f
+WAW41AvHhy6T9sXLFzHj+oijDY1LOSuW3U0hkTfp5/WHEg9Od4/y4KvtOXZp5O67
+GuvPUKU7I0J0HuAAVv+Pfn2XBJ78Jacq7udsRCFo0zl54qwCOKCt3MEy8A==
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs1_ta9_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,54 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 45 (0x2d)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta9, CN=localhost/emailAddress=ta9
+ Validity
+ Not Before: Apr 11 22:37:55 2011 GMT
+ Not After : Jan 5 22:37:55 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=cs1_ta9, CN=localhost/emailAddress=cs1_ta9
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a6:51:e1:02:04:84:16:9a:a9:17:63:51:f6:f2:
+ b9:d4:54:53:8d:71:8b:2f:98:f8:0e:a8:fb:41:f4:
+ 7a:d3:74:9d:35:5b:58:e3:c8:46:13:86:67:8f:aa:
+ 9d:b0:c0:9e:0d:17:4a:f4:48:76:43:3e:ce:34:b6:
+ d3:90:6d:77:42:ad:dc:50:aa:17:82:a4:0e:17:67:
+ d7:b7:a2:11:ce:23:90:b2:24:1c:13:4d:f1:fb:33:
+ e6:f1:e7:54:09:ae:ad:cb:27:e8:ae:0b:fc:d9:14:
+ cd:c5:93:db:95:1f:13:cb:16:c0:a7:46:a3:66:53:
+ 8e:24:df:26:85:f1:72:27:03
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage: critical
+ Digital Signature
+ Signature Algorithm: sha256WithRSAEncryption
+ cb:2d:8d:51:65:6e:b3:e4:70:dd:e3:ac:40:35:41:f2:b2:69:
+ 35:50:32:f1:04:6d:94:f6:ff:32:5a:77:22:d3:6f:8f:57:87:
+ 7f:5a:ac:99:a4:8c:2a:e9:b5:1c:5b:58:ea:f7:63:b6:e3:8a:
+ c7:b2:9e:e3:37:e7:8c:c5:01:0a:0c:a6:48:31:6e:0a:d4:6d:
+ ec:da:77:07:a9:3c:ea:87:b7:5a:58:39:a7:37:00:ee:5b:8c:
+ a6:53:d9:b9:59:85:48:51:ea:49:cd:5b:ec:a6:ea:e7:07:dc:
+ 5e:7e:79:db:e7:d6:be:94:ec:91:64:3c:ae:16:8d:a5:80:29:
+ 48:39
+-----BEGIN CERTIFICATE-----
+MIIClzCCAgCgAwIBAgIBLTANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
+ChMEcGtnNTEMMAoGA1UECxMDdGE5MRIwEAYDVQQDEwlsb2NhbGhvc3QxEjAQBgkq
+hkiG9w0BCQEWA3RhOTAeFw0xMTA0MTEyMjM3NTVaFw0xNDAxMDUyMjM3NTVaMIGE
+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVu
+bG8gUGFyazENMAsGA1UEChMEcGtnNTEQMA4GA1UECxQHY3MxX3RhOTESMBAGA1UE
+AxMJbG9jYWxob3N0MRYwFAYJKoZIhvcNAQkBFgdjczFfdGE5MIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQCmUeECBIQWmqkXY1H28rnUVFONcYsvmPgOqPtB9HrT
+dJ01W1jjyEYThmePqp2wwJ4NF0r0SHZDPs40ttOQbXdCrdxQqheCpA4XZ9e3ohHO
+I5CyJBwTTfH7M+bx51QJrq3LJ+iuC/zZFM3Fk9uVHxPLFsCnRqNmU44k3yaF8XIn
+AwIDAQABoyAwHjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
+9w0BAQsFAAOBgQDLLY1RZW6z5HDd46xANUHysmk1UDLxBG2U9v8yWnci02+PV4d/
+WqyZpIwq6bUcW1jq92O244rHsp7jN+eMxQEKDKZIMW4K1G3s2ncHqTzqh7daWDmn
+NwDuW4ymU9m5WYVIUepJzVvspurnB9xefnnb59a+lOyRZDyuFo2lgClIOQ==
+-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs2_ch1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs2_ch1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:28 2011 GMT
- Not After : Dec 15 00:49:28 2013 GMT
+ Not Before: Apr 11 22:37:44 2011 GMT
+ Not After : Jan 5 22:37:44 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs2_ch1_ta3/emailAddress=cs2_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d4:90:83:34:09:3e:04:2e:62:40:f3:44:99:9a:
- 7b:07:be:79:f3:c6:f6:28:0a:51:df:da:aa:fe:b8:
- d1:9b:1c:b5:73:6a:31:ba:d2:9f:22:44:b7:3b:d8:
- f6:80:96:c0:4c:e4:6f:48:90:69:81:6c:84:94:68:
- 33:74:62:9a:04:b0:1e:93:2c:4d:88:cd:9a:72:ce:
- e9:53:3d:15:3e:73:2c:c9:f0:ed:87:a5:eb:cf:66:
- 3c:40:3c:a0:76:ac:c8:69:20:b8:f5:a8:fd:17:7a:
- 3c:eb:62:c9:a2:cc:56:6b:d8:b7:0c:ff:ed:f9:b1:
- 13:af:c0:69:aa:8d:0f:50:f1
+ 00:c5:b6:f8:33:c7:cd:e9:6d:d9:aa:77:60:23:86:
+ 71:56:dc:22:a3:cf:36:d7:b3:59:f7:5d:ae:82:ed:
+ 3f:17:12:62:09:3e:3e:ec:fa:a6:92:df:05:ce:9a:
+ a2:6d:93:b9:7e:16:f9:c5:b3:83:1d:9a:96:6a:1b:
+ 35:df:f6:b8:82:55:45:5b:43:0a:71:66:4f:bc:df:
+ 00:13:25:22:df:79:76:b6:98:42:25:b2:a1:5c:47:
+ 72:7b:96:9f:65:3f:37:02:97:29:16:9c:75:22:7b:
+ 5d:31:53:80:0a:eb:cc:73:13:da:8e:61:f5:ca:f7:
+ af:fc:53:cd:b9:11:95:3c:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,27 +29,27 @@
<EMPTY>
Signature Algorithm: sha256WithRSAEncryption
- 94:86:69:18:74:54:9a:9e:e3:69:24:c4:78:73:6c:e9:e5:b3:
- 0f:22:4d:54:06:28:c3:bb:d5:ef:18:1c:ce:a1:d0:22:27:c8:
- e3:79:29:7d:c4:32:73:a2:d4:03:f8:1d:ce:cc:08:87:e2:26:
- b8:39:02:c0:e2:53:39:37:ad:76:d6:3c:54:87:71:ce:8e:df:
- 01:2a:1d:96:6b:42:d5:0a:b6:0f:c7:9d:11:91:56:27:bf:2a:
- 4e:14:72:22:21:96:be:7e:42:a1:59:27:3c:30:8d:bb:a9:4b:
- 2b:75:d8:75:31:c4:e8:5b:cd:bc:2c:51:d4:62:72:45:29:e1:
- c5:08
+ 2e:40:56:59:03:e3:5b:62:73:0c:57:dc:12:d8:4b:97:00:8b:
+ 66:c8:a6:10:29:78:3b:7a:52:fb:f9:63:94:44:b2:1b:eb:3f:
+ 13:e9:40:9b:24:01:38:f6:b2:f7:99:1e:d9:17:57:e3:df:ff:
+ 01:8b:00:02:7e:a0:f5:e5:3a:f0:72:4c:72:6f:76:07:26:ac:
+ 97:6d:c2:12:e1:64:99:29:ff:25:fd:21:c7:43:41:87:c5:bb:
+ ce:06:c4:b1:f9:64:ad:e8:d8:90:ac:89:26:8a:1e:a3:d4:45:
+ 2d:8a:27:a4:88:8c:f3:97:5f:f7:82:d7:c4:76:98:f5:20:af:
+ 5e:23
-----BEGIN CERTIFICATE-----
MIICfDCCAeWgAwIBAgIBEjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjhaFw0xMzEyMTUwMDQ5MjhaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDRaFw0xNDAxMDUyMjM3NDRaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczJfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3MyX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANSQgzQJPgQu
-YkDzRJmaewe+efPG9igKUd/aqv640ZsctXNqMbrSnyJEtzvY9oCWwEzkb0iQaYFs
-hJRoM3RimgSwHpMsTYjNmnLO6VM9FT5zLMnw7Yel689mPEA8oHasyGkguPWo/Rd6
-POtiyaLMVmvYtwz/7fmxE6/AaaqND1DxAgMBAAGjHjAcMAwGA1UdEwEB/wQCMAAw
-DAYDVR0SAQH/BAIwADANBgkqhkiG9w0BAQsFAAOBgQCUhmkYdFSanuNpJMR4c2zp
-5bMPIk1UBijDu9XvGBzOodAiJ8jjeSl9xDJzotQD+B3OzAiH4ia4OQLA4lM5N612
-1jxUh3HOjt8BKh2Wa0LVCrYPx50RkVYnvypOFHIiIZa+fkKhWSc8MI27qUsrddh1
-McToW828LFHUYnJFKeHFCA==
+Y3MyX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMW2+DPHzelt
+2ap3YCOGcVbcIqPPNtezWfddroLtPxcSYgk+Puz6ppLfBc6aom2TuX4W+cWzgx2a
+lmobNd/2uIJVRVtDCnFmT7zfABMlIt95draYQiWyoVxHcnuWn2U/NwKXKRacdSJ7
+XTFTgArrzHMT2o5h9cr3r/xTzbkRlTw/AgMBAAGjHjAcMAwGA1UdEwEB/wQCMAAw
+DAYDVR0SAQH/BAIwADANBgkqhkiG9w0BAQsFAAOBgQAuQFZZA+NbYnMMV9wS2EuX
+AItmyKYQKXg7elL7+WOURLIb6z8T6UCbJAE49rL3mR7ZF1fj3/8BiwACfqD15Trw
+ckxyb3YHJqyXbcIS4WSZKf8l/SHHQ0GHxbvOBsSx+WSt6NiQrIkmih6j1EUtiiek
+iIzzl1/3gtfEdpj1IK9eIw==
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs2_ch1_ta4_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs2_ch1_ta4_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta4/emailAddress=ch1_ta4
Validity
- Not Before: Mar 21 00:49:33 2011 GMT
- Not After : Dec 15 00:49:33 2013 GMT
+ Not Before: Apr 11 22:37:50 2011 GMT
+ Not After : Jan 5 22:37:50 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs2_ch1_ta4/emailAddress=cs2_ch1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b9:d6:fb:d3:60:e9:bc:e3:70:c9:6d:1b:26:94:
- ae:f4:76:b6:aa:d8:ef:1a:b6:17:3c:f5:9c:35:8b:
- 28:55:c1:36:53:5a:1a:67:66:ee:34:4e:b7:f5:68:
- 8c:8a:1c:af:b4:52:c2:5b:22:d2:d6:0c:ad:d3:40:
- 89:a6:f5:d0:b9:12:1a:55:85:45:94:c6:3e:ac:b2:
- 51:8a:75:05:d5:60:c8:c0:f9:fb:d8:0b:0b:7c:ad:
- e1:b4:78:f4:fb:84:34:bb:1a:66:6e:e6:a6:90:4d:
- 40:88:32:13:c3:cb:76:ac:02:eb:bb:04:24:9b:c5:
- f8:b3:be:d1:44:ea:1f:f9:51
+ 00:bf:ac:9d:17:06:fb:0f:06:2b:8f:e1:70:02:28:
+ 81:03:f5:1f:f4:4a:41:87:c5:4c:e1:4c:5b:9d:89:
+ 2f:a2:d4:5e:1a:4b:b6:93:c7:10:41:d9:e9:e0:d5:
+ 43:64:9f:39:1d:c8:2a:93:52:23:08:92:78:a3:5f:
+ 3b:98:50:e8:72:3a:73:12:4f:99:4b:4d:0e:e8:5d:
+ 92:f3:0b:5d:78:f6:5b:4b:c8:36:23:e3:ca:ab:8a:
+ aa:52:33:d1:1e:61:d1:3e:91:5d:ee:38:bc:c4:0e:
+ ee:54:f9:aa:00:a3:51:55:95:7a:c0:7b:0e:b2:d8:
+ 55:9d:f8:ae:1f:32:a7:87:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 24:E7:DA:6E:C1:38:4D:41:8C:B0:C1:B2:D1:D2:C6:32:21:4F:57:52
+ 4E:1B:1F:2F:80:BA:AC:13:47:60:30:A5:43:F6:01:7D:54:3C:9B:24
X509v3 Authority Key Identifier:
- keyid:AB:0B:EF:CE:AA:F0:43:97:3A:CD:58:D0:D9:C2:F9:C4:EB:8D:7C:FF
+ keyid:2A:94:C1:FF:E0:11:A0:91:F1:71:46:35:9A:37:3C:BC:C4:21:4A:8F
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta4/emailAddress=ta4
serial:22
@@ -36,32 +36,32 @@
URI:http://localhost:12001/file/0/example_file
Signature Algorithm: sha256WithRSAEncryption
- 5e:7f:21:56:d9:dc:06:15:22:71:7c:3a:a6:37:dc:ba:e9:25:
- c1:9e:8a:14:31:71:74:9d:bf:db:dd:88:db:da:ff:b1:05:bc:
- 5b:1a:26:e0:f4:7d:c7:27:21:6c:e3:50:88:4f:2d:df:19:16:
- 11:bf:5a:8e:fe:d6:ee:2c:53:cf:76:46:90:df:d3:e7:8c:94:
- b1:b3:11:a8:4b:56:d3:22:85:13:39:92:cb:69:5f:3e:e6:66:
- de:b1:b7:b1:6b:a8:60:cd:05:0a:6d:42:4e:f5:17:5d:62:e8:
- f5:46:0a:51:3f:52:aa:aa:d6:a9:3a:6c:a9:af:98:da:fa:99:
- 74:c1
+ 6d:40:ad:c1:79:65:fc:25:80:f7:52:d5:6f:16:3c:b2:77:f8:
+ 35:e2:b5:d4:3c:49:f1:1c:02:d7:5a:61:aa:c2:c7:bd:53:4a:
+ 96:58:8e:3e:14:d3:38:89:43:70:f0:5c:73:e1:c0:36:5e:10:
+ 73:f4:93:c3:de:0c:61:49:be:2d:d0:1e:37:b4:03:49:a9:a4:
+ 37:42:77:6a:97:15:45:2f:7d:b2:dd:9d:b2:98:56:0a:70:14:
+ 83:ac:6f:e1:1e:97:31:9e:0a:30:ca:7d:5f:87:30:41:05:63:
+ 4b:38:cb:f0:c0:cd:4d:a6:d2:11:34:30:ba:f4:8a:74:73:70:
+ ee:45
-----BEGIN CERTIFICATE-----
MIIDYjCCAsugAwIBAgIBJDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhNDEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-NDAeFw0xMTAzMjEwMDQ5MzNaFw0xMzEyMTUwMDQ5MzNaMHgxCzAJBgNVBAYTAlVT
+NDAeFw0xMTA0MTEyMjM3NTBaFw0xNDAxMDUyMjM3NTBaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczJfY2gxX3RhNDEaMBgGCSqGSIb3DQEJARYL
-Y3MyX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALnW+9Ng6bzj
-cMltGyaUrvR2tqrY7xq2Fzz1nDWLKFXBNlNaGmdm7jROt/VojIocr7RSwlsi0tYM
-rdNAiab10LkSGlWFRZTGPqyyUYp1BdVgyMD5+9gLC3yt4bR49PuENLsaZm7mppBN
-QIgyE8PLdqwC67sEJJvF+LO+0UTqH/lRAgMBAAGjggECMIH/MB0GA1UdDgQWBBQk
-59puwThNQYywwbLR0sYyIU9XUjCBkgYDVR0jBIGKMIGHgBSrC+/OqvBDlzrNWNDZ
-wvnE6418/6FspGowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
+Y3MyX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL+snRcG+w8G
+K4/hcAIogQP1H/RKQYfFTOFMW52JL6LUXhpLtpPHEEHZ6eDVQ2SfOR3IKpNSIwiS
+eKNfO5hQ6HI6cxJPmUtNDuhdkvMLXXj2W0vINiPjyquKqlIz0R5h0T6RXe44vMQO
+7lT5qgCjUVWVesB7DrLYVZ34rh8yp4frAgMBAAGjggECMIH/MB0GA1UdDgQWBBRO
+Gx8vgLqsE0dgMKVD9gF9VDybJDCBkgYDVR0jBIGKMIGHgBQqlMH/4BGgkfFxRjWa
+Nzy8xCFKj6FspGowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
EzARBgNVBAcTCk1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAMTA3Rh
NDESMBAGCSqGSIb3DQEJARYDdGE0ggEiMAwGA1UdEwEB/wQCMAAwOwYDVR0fBDQw
MjAwoC6gLIYqaHR0cDovL2xvY2FsaG9zdDoxMjAwMS9maWxlLzAvZXhhbXBsZV9m
-aWxlMA0GCSqGSIb3DQEBCwUAA4GBAF5/IVbZ3AYVInF8OqY33LrpJcGeihQxcXSd
-v9vdiNva/7EFvFsaJuD0fccnIWzjUIhPLd8ZFhG/Wo7+1u4sU892RpDf0+eMlLGz
-EahLVtMihRM5kstpXz7mZt6xt7FrqGDNBQptQk71F11i6PVGClE/Uqqq1qk6bKmv
-mNr6mXTB
+aWxlMA0GCSqGSIb3DQEBCwUAA4GBAG1ArcF5ZfwlgPdS1W8WPLJ3+DXitdQ8SfEc
+AtdaYarCx71TSpZYjj4U0ziJQ3DwXHPhwDZeEHP0k8PeDGFJvi3QHje0A0mppDdC
+d2qXFUUvfbLdnbKYVgpwFIOsb+EelzGeCjDKfV+HMEEFY0s4y/DAzU2m0hE0MLr0
+inRzcO5F
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs2_ch5_ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs2_ch5_ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch5_ta1/emailAddress=ch5_ta1
Validity
- Not Before: Mar 21 00:49:24 2011 GMT
- Not After : Dec 15 00:49:24 2013 GMT
+ Not Before: Apr 11 22:37:40 2011 GMT
+ Not After : Jan 5 22:37:40 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs2_ch5_ta1/emailAddress=cs2_ch5_ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:de:1f:a8:50:7e:6c:fc:18:0a:4a:ef:9e:9e:ef:
- 1a:1c:87:54:8c:2f:09:55:b5:9d:2b:ae:be:ee:ca:
- 30:bf:ed:97:c2:8e:4e:6a:29:e6:d0:98:1a:57:72:
- 19:6d:b3:ad:2c:d0:f0:da:c4:f2:e1:81:27:b5:6a:
- 35:4c:30:d3:d5:54:e7:b5:3b:04:04:63:b5:05:0a:
- 50:35:44:19:14:7f:a9:ff:e1:24:e4:63:ef:81:f4:
- 9e:42:4a:14:b2:b4:ef:ae:36:94:a3:ad:23:3f:67:
- 2e:69:61:28:3a:2f:1b:9f:d8:f3:e3:76:f0:6c:88:
- 95:41:33:71:51:f1:90:8f:1d
+ 00:cd:c9:ab:ee:a1:89:01:60:89:00:7c:93:1f:fe:
+ 4c:54:75:58:52:81:b0:cb:be:4c:a7:a7:23:18:86:
+ 0e:9f:e1:41:99:dd:ff:e7:f3:66:1d:41:dd:aa:9e:
+ f7:23:2d:c4:0e:24:16:e2:4d:54:8b:38:72:55:b4:
+ 11:26:f9:fc:04:fe:de:9b:83:02:01:98:36:8e:41:
+ 42:f2:0b:a7:07:00:f9:0e:66:96:a0:e4:f3:32:06:
+ 26:9d:41:fb:91:bf:7e:a8:c0:c7:62:e1:c9:ce:37:
+ de:07:b5:df:55:87:9a:a5:3b:d4:c5:b6:24:4b:2a:
+ e4:88:50:85:e9:d9:13:12:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -29,28 +29,28 @@
URI:http://localhost:12001/file/0/ch5_ta1_crl.pem
Signature Algorithm: sha256WithRSAEncryption
- 67:d1:ca:3f:b4:bc:18:78:03:7b:48:ce:90:a0:01:b9:44:f4:
- 2a:08:25:94:f0:62:dc:4d:62:dc:8d:36:44:db:63:87:af:21:
- 06:56:89:b8:e1:6b:31:58:e4:b3:94:57:86:ea:7c:89:0e:38:
- 69:eb:9f:75:c2:79:55:b4:fc:e8:d9:45:0c:a1:52:8e:f2:d0:
- b5:35:51:b9:e1:10:50:5a:f3:50:e7:93:76:11:a4:00:e6:38:
- 59:0d:0d:0d:2e:e8:66:30:20:0e:b0:5b:00:aa:ac:7d:14:ec:
- 60:02:c1:b9:38:28:1b:42:f9:20:c8:43:13:cc:7e:86:33:eb:
- 10:70
+ 58:ba:80:0f:56:d9:4e:90:97:38:a2:f5:b7:3d:98:ff:32:ec:
+ 63:01:79:25:5a:5b:d4:ac:bc:aa:e1:2d:c8:ea:34:32:b0:aa:
+ ce:9f:de:e7:f2:f7:35:f8:e5:71:97:27:d1:66:80:e8:22:c7:
+ bc:23:31:2b:98:60:b4:76:7b:62:38:ff:14:57:24:64:37:6b:
+ 9d:22:2a:f9:16:90:91:01:d7:f3:91:24:29:c3:c6:53:7a:0b:
+ e9:af:2b:3b:5e:77:61:83:48:e8:e2:f2:a6:44:cc:5e:90:36:
+ f2:8e:dd:59:b6:c8:21:92:17:30:87:66:c9:08:2d:b9:5b:3a:
+ f2:4e
-----BEGIN CERTIFICATE-----
MIICrjCCAhegAwIBAgIBBzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2g1X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g1X3Rh
-MTAeFw0xMTAzMjEwMDQ5MjRaFw0xMzEyMTUwMDQ5MjRaMHgxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3NDBaFw0xNDAxMDUyMjM3NDBaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczJfY2g1X3RhMTEaMBgGCSqGSIb3DQEJARYL
-Y3MyX2NoNV90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN4fqFB+bPwY
-Ckrvnp7vGhyHVIwvCVW1nSuuvu7KML/tl8KOTmop5tCYGldyGW2zrSzQ8NrE8uGB
-J7VqNUww09VU57U7BARjtQUKUDVEGRR/qf/hJORj74H0nkJKFLK07642lKOtIz9n
-LmlhKDovG5/Y8+N28GyIlUEzcVHxkI8dAgMBAAGjUDBOMAwGA1UdEwEB/wQCMAAw
+Y3MyX2NoNV90YTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3Jq+6hiQFg
+iQB8kx/+TFR1WFKBsMu+TKenIxiGDp/hQZnd/+fzZh1B3aqe9yMtxA4kFuJNVIs4
+clW0ESb5/AT+3puDAgGYNo5BQvILpwcA+Q5mlqDk8zIGJp1B+5G/fqjAx2Lhyc43
+3ge131WHmqU71MW2JEsq5IhQhenZExJHAgMBAAGjUDBOMAwGA1UdEwEB/wQCMAAw
PgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL2xvY2FsaG9zdDoxMjAwMS9maWxlLzAv
-Y2g1X3RhMV9jcmwucGVtMA0GCSqGSIb3DQEBCwUAA4GBAGfRyj+0vBh4A3tIzpCg
-AblE9CoIJZTwYtxNYtyNNkTbY4evIQZWibjhazFY5LOUV4bqfIkOOGnrn3XCeVW0
-/OjZRQyhUo7y0LU1UbnhEFBa81Dnk3YRpADmOFkNDQ0u6GYwIA6wWwCqrH0U7GAC
-wbk4KBtC+SDIQxPMfoYz6xBw
+Y2g1X3RhMV9jcmwucGVtMA0GCSqGSIb3DQEBCwUAA4GBAFi6gA9W2U6Qlzii9bc9
+mP8y7GMBeSVaW9SsvKrhLcjqNDKwqs6f3ufy9zX45XGXJ9FmgOgix7wjMSuYYLR2
+e2I4/xRXJGQ3a50iKvkWkJEB1/ORJCnDxlN6C+mvKzted2GDSOji8qZEzF6QNvKO
+3Vm2yCGSFzCHZskILblbOvJO
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs3_ch1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs3_ch1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -12,15 +12,15 @@
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bb:c7:fd:cb:1f:d5:2b:00:7f:dc:00:fe:45:5c:
- 7d:27:a3:8b:18:da:3f:d2:36:0c:57:2b:c4:48:be:
- 97:01:f1:71:ce:b9:80:e6:0f:d2:3b:36:2d:25:57:
- 41:1e:e7:7b:2e:5c:d2:ac:17:fc:ae:45:11:7f:bc:
- d0:32:a0:e3:09:01:29:27:7a:dd:d2:fc:13:9a:ea:
- d8:d1:6c:be:73:b3:05:a8:fc:39:05:f7:cd:b0:f9:
- f2:b8:a4:5c:f9:c3:23:2b:05:4e:fe:da:22:42:80:
- 70:36:66:b9:f4:6a:00:ae:eb:90:60:ee:e8:fc:40:
- 6f:3c:38:b5:41:5b:bd:3a:ed
+ 00:b7:60:7b:08:47:0a:05:c1:6c:80:9a:84:e2:de:
+ c6:11:65:df:a6:c7:30:bb:37:e9:ae:9e:37:9d:f9:
+ f3:3a:18:38:ee:be:e0:fb:6b:84:fb:93:2c:5b:1e:
+ 9f:7a:78:da:26:28:c7:fb:6e:9f:2e:8f:f9:5a:1c:
+ e8:0b:e0:f1:5c:45:f6:a0:0e:58:01:4e:86:20:bd:
+ ff:7d:0c:41:4b:b2:50:5c:78:89:3c:4a:83:cf:59:
+ 9f:e4:17:27:de:ea:aa:ff:c8:19:f5:b7:c3:67:bd:
+ 5e:78:79:8e:46:33:1a:ef:36:40:f8:f2:7e:bc:ca:
+ 54:85:57:56:e5:e7:b8:52:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,14 +28,14 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 0f:9a:2f:85:f1:58:fd:7f:5b:bf:af:dd:ea:c2:fb:6e:8f:ca:
- 8f:0b:26:91:01:66:20:df:5c:39:e8:97:c3:7c:fa:c4:8f:13:
- d6:06:7e:6e:51:49:2b:8a:e7:03:b5:6d:68:2a:18:88:a6:05:
- 07:c2:9c:28:5b:43:60:32:4e:3e:7d:a0:6e:3f:43:b4:c9:a9:
- 77:7e:bb:01:68:04:96:18:9e:48:c5:0c:d1:f4:3d:3b:69:ed:
- 57:29:3d:aa:d1:64:5f:f0:07:a7:74:72:11:d8:0b:62:69:c4:
- 7d:ca:0c:5d:07:0d:b0:06:62:bc:53:32:e9:5f:a5:5b:28:11:
- bc:bc
+ 27:40:ae:0c:a2:ad:5d:28:30:53:fe:e4:35:31:02:e4:1a:ef:
+ 6d:ec:95:1e:3e:a0:15:15:32:e8:88:46:68:45:a7:60:9f:93:
+ 79:ab:ef:78:f6:2c:23:ef:a1:f4:71:b3:9a:f1:c6:4d:ac:34:
+ a1:24:d8:4e:38:36:3c:bb:90:30:9b:e4:b3:8e:55:e0:06:c4:
+ 5a:c4:f1:23:90:fd:b3:ef:40:dd:4d:4c:2b:55:50:11:64:6b:
+ 64:3f:e3:67:3c:6c:c1:da:55:6c:7d:8d:87:18:40:6a:cb:13:
+ 17:3b:75:35:09:71:0b:e9:c4:7e:b1:a1:db:80:78:93:b3:5b:
+ d0:4e
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBEzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
@@ -43,12 +43,12 @@
MzAeFw0wOTAxMDEwMTAxMDFaFw0wOTAxMDIwMTAxMDFaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczNfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3MzX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvH/csf1SsA
-f9wA/kVcfSejixjaP9I2DFcrxEi+lwHxcc65gOYP0js2LSVXQR7ney5c0qwX/K5F
-EX+80DKg4wkBKSd63dL8E5rq2NFsvnOzBaj8OQX3zbD58rikXPnDIysFTv7aIkKA
-cDZmufRqAK7rkGDu6PxAbzw4tUFbvTrtAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBAA+aL4XxWP1/W7+v3erC
-+26Pyo8LJpEBZiDfXDnol8N8+sSPE9YGfm5RSSuK5wO1bWgqGIimBQfCnChbQ2Ay
-Tj59oG4/Q7TJqXd+uwFoBJYYnkjFDNH0PTtp7VcpParRZF/wB6d0chHYC2JpxH3K
-DF0HDbAGYrxTMulfpVsoEby8
+Y3MzX2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALdgewhHCgXB
+bICahOLexhFl36bHMLs36a6eN5358zoYOO6+4PtrhPuTLFsen3p42iYox/tuny6P
++Voc6Avg8VxF9qAOWAFOhiC9/30MQUuyUFx4iTxKg89Zn+QXJ97qqv/IGfW3w2e9
+Xnh5jkYzGu82QPjyfrzKVIVXVuXnuFJNAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBACdArgyirV0oMFP+5DUx
+AuQa723slR4+oBUVMuiIRmhFp2Cfk3mr73j2LCPvofRxs5rxxk2sNKEk2E44Njy7
+kDCb5LOOVeAGxFrE8SOQ/bPvQN1NTCtVUBFka2Q/42c8bMHaVWx9jYcYQGrLExc7
+dTUJcQvpxH6xoduAeJOzW9BO
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs3_ch1_ta4_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs3_ch1_ta4_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,28 +5,28 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta4/emailAddress=ch1_ta4
Validity
- Not Before: Mar 21 00:49:33 2011 GMT
- Not After : Dec 15 00:49:33 2013 GMT
+ Not Before: Apr 11 22:37:50 2011 GMT
+ Not After : Jan 5 22:37:50 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs3_ch1_ta4/emailAddress=cs3_ch1_ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:aa:7f:01:31:5c:b9:d2:b5:8d:5c:1c:7f:e9:66:
- f3:6b:2f:68:cb:3c:8a:4b:28:5e:e6:fb:45:1a:75:
- d9:0e:cb:a3:41:19:05:05:dd:98:1d:51:f9:78:37:
- 2a:7f:fa:26:06:27:38:6d:8d:85:5a:b1:8d:08:6a:
- e2:ac:43:2f:44:f7:02:93:c9:89:c9:83:09:d1:04:
- 06:0a:2d:c7:28:fa:77:c9:24:7a:6a:44:ac:c6:dd:
- a2:a0:78:42:0d:d4:c0:5f:a1:b5:b6:e0:5a:f0:5f:
- 54:83:fe:5d:26:a2:93:3d:94:f8:eb:8b:1c:11:45:
- e8:e7:08:77:f4:ec:cd:94:d1
+ 00:c3:0c:75:ca:f7:a7:94:08:4a:72:f4:27:88:98:
+ 9f:d7:cc:7b:41:e4:54:86:11:d1:c2:d8:a1:ce:68:
+ b0:8f:6a:6e:78:bf:f9:08:c9:a3:44:99:27:24:da:
+ c2:76:e8:59:76:be:b2:04:46:1c:f4:1a:77:76:73:
+ cb:dd:53:b6:9f:c7:5e:04:0a:35:43:e1:5d:5d:62:
+ 9b:73:13:06:d3:96:8f:64:4e:34:0d:bf:31:33:3c:
+ 05:24:26:d7:71:a6:83:65:1f:cf:01:25:c1:87:49:
+ 35:b9:12:a1:9c:af:4c:4f:da:26:59:e4:13:ee:c1:
+ 72:52:1a:f5:49:84:92:18:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 54:C5:1A:1B:47:F4:1C:20:E1:32:B5:40:10:AB:8B:D6:40:28:99:08
+ 90:5E:20:89:14:A6:9B:2F:BD:21:FA:EC:07:E1:37:24:59:70:10:C1
X509v3 Authority Key Identifier:
- keyid:AB:0B:EF:CE:AA:F0:43:97:3A:CD:58:D0:D9:C2:F9:C4:EB:8D:7C:FF
+ keyid:2A:94:C1:FF:E0:11:A0:91:F1:71:46:35:9A:37:3C:BC:C4:21:4A:8F
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta4/emailAddress=ta4
serial:22
@@ -36,31 +36,31 @@
URI:foo://bar/baz
Signature Algorithm: sha256WithRSAEncryption
- 19:a0:c3:d1:c4:07:ec:73:8c:57:b0:5a:f9:29:b2:d0:89:62:
- 25:9a:f0:95:fc:dc:99:6d:d6:2d:d0:22:3f:64:14:af:c8:1f:
- 60:09:3e:ca:7b:2a:9a:32:71:bc:0c:85:24:81:15:14:b0:2a:
- 97:93:ee:e3:c8:6e:c6:5d:69:84:f2:27:49:45:06:18:8b:82:
- b8:ca:ad:6a:48:c2:4f:5a:1a:93:6d:f0:56:ca:60:9c:42:f6:
- 6e:9a:c8:a9:5b:ca:7f:c3:1c:96:9a:3a:60:2d:64:7a:29:1e:
- 59:c0:bc:63:ff:aa:1f:06:74:ce:26:81:cd:67:b6:b2:79:3d:
- 30:c0
+ 95:ab:fa:7f:38:e3:de:4d:db:7f:a4:ea:49:f6:99:0c:57:76:
+ 36:df:e3:68:50:0d:b7:af:78:ea:e4:07:ad:63:75:15:48:34:
+ ca:81:6a:0b:64:6d:c5:ca:9b:3b:a2:fd:dd:19:90:8f:d4:4d:
+ 35:a0:a2:18:84:bf:89:0d:22:cc:03:67:57:15:f7:70:16:2b:
+ f7:14:82:3e:a9:74:50:e5:22:11:13:5b:69:d1:d5:87:c2:44:
+ a6:b8:9c:73:d6:51:ec:20:89:1a:11:44:07:8f:e7:6d:df:a8:
+ 0f:5e:71:36:9c:7b:0b:e4:2b:5a:94:77:06:c6:fb:f7:e5:dc:
+ 77:a3
-----BEGIN CERTIFICATE-----
MIIDRDCCAq2gAwIBAgIBJTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhNDEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-NDAeFw0xMTAzMjEwMDQ5MzNaFw0xMzEyMTUwMDQ5MzNaMHgxCzAJBgNVBAYTAlVT
+NDAeFw0xMTA0MTEyMjM3NTBaFw0xNDAxMDUyMjM3NTBaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczNfY2gxX3RhNDEaMBgGCSqGSIb3DQEJARYL
-Y3MzX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKp/ATFcudK1
-jVwcf+lm82svaMs8iksoXub7RRp12Q7Lo0EZBQXdmB1R+Xg3Kn/6JgYnOG2NhVqx
-jQhq4qxDL0T3ApPJicmDCdEEBgotxyj6d8kkempErMbdoqB4Qg3UwF+htbbgWvBf
-VIP+XSaikz2U+OuLHBFF6OcId/TszZTRAgMBAAGjgeUwgeIwHQYDVR0OBBYEFFTF
-GhtH9Bwg4TK1QBCri9ZAKJkIMIGSBgNVHSMEgYowgYeAFKsL786q8EOXOs1Y0NnC
-+cTrjXz/oWykajBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTET
+Y3MzX2NoMV90YTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMMMdcr3p5QI
+SnL0J4iYn9fMe0HkVIYR0cLYoc5osI9qbni/+QjJo0SZJyTawnboWXa+sgRGHPQa
+d3Zzy91Ttp/HXgQKNUPhXV1im3MTBtOWj2RONA2/MTM8BSQm13Gmg2UfzwElwYdJ
+NbkSoZyvTE/aJlnkE+7BclIa9UmEkhg7AgMBAAGjgeUwgeIwHQYDVR0OBBYEFJBe
+IIkUppsvvSH67AfhNyRZcBDBMIGSBgNVHSMEgYowgYeAFCqUwf/gEaCR8XFGNZo3
+PLzEIUqPoWykajBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTET
MBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTEMMAoGA1UEAxMDdGE0
MRIwEAYJKoZIhvcNAQkBFgN0YTSCASIwDAYDVR0TAQH/BAIwADAeBgNVHR8EFzAV
-MBOgEaAPhg1mb286Ly9iYXIvYmF6MA0GCSqGSIb3DQEBCwUAA4GBABmgw9HEB+xz
-jFewWvkpstCJYiWa8JX83Jlt1i3QIj9kFK/IH2AJPsp7KpoycbwMhSSBFRSwKpeT
-7uPIbsZdaYTyJ0lFBhiLgrjKrWpIwk9aGpNt8FbKYJxC9m6ayKlbyn/DHJaaOmAt
-ZHopHlnAvGP/qh8GdM4mgc1ntrJ5PTDA
+MBOgEaAPhg1mb286Ly9iYXIvYmF6MA0GCSqGSIb3DQEBCwUAA4GBAJWr+n84495N
+23+k6kn2mQxXdjbf42hQDbeveOrkB61jdRVINMqBagtkbcXKmzui/d0ZkI/UTTWg
+ohiEv4kNIswDZ1cV93AWK/cUgj6pdFDlIhETW2nR1YfCRKa4nHPWUewgiRoRRAeP
+523fqA9ecTacewvkK1qUdwbG+/fl3Hej
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs4_ch1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs4_ch1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -12,15 +12,15 @@
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:e2:a3:68:41:2d:e9:bf:94:11:27:37:94:63:8c:
- 27:88:88:90:7c:76:b7:61:8a:e4:00:39:5d:b3:7a:
- 27:a4:1b:25:7a:d6:4c:79:f2:82:c5:8d:93:0a:21:
- 5c:f5:37:fc:c3:c5:86:0c:02:37:8d:0f:ed:80:ad:
- 8f:3b:1d:9d:9b:99:03:52:99:7d:c0:9e:e7:7a:4e:
- 81:e9:fe:06:9e:94:78:38:29:97:a6:02:8a:35:ee:
- bc:d9:99:3c:c0:93:11:53:71:35:57:fd:2d:ea:b0:
- a6:43:d8:04:d8:ef:55:61:fe:b6:33:23:aa:c5:fb:
- 43:61:ff:ac:02:90:b9:a3:7d
+ 00:d7:42:45:a6:d0:f4:a9:54:6d:c8:4d:42:e8:05:
+ a4:33:25:f1:b7:eb:20:df:33:26:6e:ca:30:63:57:
+ df:d3:a9:02:b0:29:f3:cb:7b:64:77:34:7e:1d:c7:
+ a8:2c:ca:73:23:22:43:71:6c:33:9e:89:0e:89:ce:
+ 6d:db:2b:f3:5a:af:e3:dc:f3:1c:48:64:60:5d:57:
+ e6:17:6b:e6:61:4b:cb:e0:a9:e3:1c:aa:f6:70:34:
+ b4:8b:d8:19:e6:26:06:60:24:82:c6:d8:5d:87:de:
+ 99:2b:0d:78:db:92:f2:c2:24:65:8b:f8:07:b6:fe:
+ 17:8d:bb:4f:c7:c0:ae:24:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,14 +28,14 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 2c:43:e8:be:8b:6f:45:f2:ae:4a:ce:f8:dc:5f:bb:0f:86:db:
- 5b:a7:81:30:2e:92:a8:15:3a:4a:97:cf:48:48:c6:d4:d6:ce:
- 4c:7f:b0:fe:74:36:9b:7c:0c:27:9c:af:4e:51:1a:7e:aa:52:
- 5e:f8:06:10:6f:38:d1:47:8b:dd:08:53:e8:66:e5:34:84:d1:
- 5b:6c:9d:ff:38:c1:af:17:3a:c9:bd:91:c7:f1:f0:b1:35:38:
- 36:5b:45:44:12:9c:a4:36:d7:4a:2a:34:3a:c2:20:ec:a3:99:
- e1:e8:b4:e5:1c:38:16:30:e7:cf:4d:92:0d:9b:9f:71:5e:9f:
- 31:1e
+ b9:09:ff:d1:80:e1:9e:05:e8:27:40:d0:d3:76:d7:b6:72:cd:
+ 4a:e4:d8:b7:e2:14:90:3a:74:61:b3:c8:3c:7c:bd:2e:9c:9d:
+ 62:0d:cd:9b:e9:36:ba:aa:87:f7:c7:e4:3a:6c:5d:d9:99:d5:
+ 33:a0:5a:3f:fd:5e:06:62:11:ad:ca:33:9d:0a:59:8a:a9:0e:
+ 6e:4a:d8:6f:da:ff:96:89:e3:8a:3b:5e:a6:b4:8c:93:ff:70:
+ 4d:d2:32:f8:44:c0:ff:84:65:b0:1f:59:4a:2c:10:d7:5e:a6:
+ ed:5b:a8:e2:eb:42:e0:0d:7b:f5:43:ca:1a:9a:cd:df:e6:f8:
+ 4d:d5
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBFDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
@@ -43,12 +43,12 @@
MzAeFw0zNTAxMDEwMTAxMDFaFw0zNTAxMDIwMTAxMDFaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczRfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3M0X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOKjaEEt6b+U
-ESc3lGOMJ4iIkHx2t2GK5AA5XbN6J6QbJXrWTHnygsWNkwohXPU3/MPFhgwCN40P
-7YCtjzsdnZuZA1KZfcCe53pOgen+Bp6UeDgpl6YCijXuvNmZPMCTEVNxNVf9Leqw
-pkPYBNjvVWH+tjMjqsX7Q2H/rAKQuaN9AgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBACxD6L6Lb0XyrkrO+Nxf
-uw+G21ungTAukqgVOkqXz0hIxtTWzkx/sP50Npt8DCecr05RGn6qUl74BhBvONFH
-i90IU+hm5TSE0Vtsnf84wa8XOsm9kcfx8LE1ODZbRUQSnKQ210oqNDrCIOyjmeHo
-tOUcOBYw589Nkg2bn3FenzEe
+Y3M0X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdCRabQ9KlU
+bchNQugFpDMl8bfrIN8zJm7KMGNX39OpArAp88t7ZHc0fh3HqCzKcyMiQ3FsM56J
+DonObdsr81qv49zzHEhkYF1X5hdr5mFLy+Cp4xyq9nA0tIvYGeYmBmAkgsbYXYfe
+mSsNeNuS8sIkZYv4B7b+F427T8fAriTJAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBALkJ/9GA4Z4F6CdA0NN2
+17ZyzUrk2LfiFJA6dGGzyDx8vS6cnWINzZvpNrqqh/fH5DpsXdmZ1TOgWj/9XgZi
+Ea3KM50KWYqpDm5K2G/a/5aJ44o7Xqa0jJP/cE3SMvhEwP+EZbAfWUosENdepu1b
+qOLrQuANe/VDyhqazd/m+E3V
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs5_ch1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs5_ch1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:28 2011 GMT
- Not After : Dec 15 00:49:28 2013 GMT
+ Not Before: Apr 11 22:37:45 2011 GMT
+ Not After : Jan 5 22:37:45 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs5_ch1_ta3/emailAddress=cs5_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bc:38:5a:89:55:f2:97:d1:61:2a:da:f0:93:31:
- 58:82:70:d0:fd:23:09:38:82:02:d4:f7:cb:a6:27:
- c0:cf:76:6e:67:03:78:f5:6c:92:77:b6:8a:f4:a8:
- 36:6e:de:e3:7c:bd:0d:09:c9:7c:92:3a:be:c9:b1:
- 2b:18:2a:8c:39:6b:b1:18:a7:34:dc:95:8d:cd:4d:
- 66:78:56:38:56:2c:a2:9f:5e:4d:14:c3:aa:f8:7f:
- 20:98:1a:53:4b:f5:20:42:f5:b4:30:d7:62:ea:6d:
- 54:e4:71:55:0c:1c:1c:41:54:7a:2a:48:b1:d0:8e:
- a6:82:7c:2b:81:cb:a5:b3:53
+ 00:c0:be:66:e6:55:cb:9e:d6:d2:7b:d3:b2:34:fb:
+ c9:74:d5:30:4f:62:1c:68:bd:13:97:08:b7:8c:b6:
+ 4e:dd:7f:98:a5:e2:2f:2e:9c:74:92:01:43:62:8e:
+ 9c:62:23:3e:b6:e4:e2:18:2b:3f:ae:fb:17:e7:d8:
+ c4:28:27:27:d9:3e:5c:d1:8f:51:b7:10:4c:44:f6:
+ bb:6b:24:7c:2e:09:bc:fb:8a:af:fa:e4:ce:94:2f:
+ 27:cd:3d:e7:be:93:4b:62:37:f5:f1:a8:8e:7e:76:
+ 92:62:7b:02:41:98:c2:f6:ff:68:8e:d2:1d:fb:9e:
+ f1:45:f5:6a:9c:8d:28:23:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage:
Encipher Only
Signature Algorithm: sha256WithRSAEncryption
- 3b:c7:de:1c:36:d2:6d:85:e3:8e:2d:4c:fa:74:f7:2a:75:0b:
- 1b:b4:79:2f:26:0a:3e:7f:b0:44:12:67:e8:89:f1:6e:ca:2d:
- e6:18:21:27:cb:e2:7f:61:63:ba:f5:0b:91:40:98:22:cd:51:
- 16:54:c1:00:a9:89:39:79:20:a4:6b:e5:59:ed:9e:ef:c0:2f:
- e0:3c:2c:8b:ed:fb:1c:2a:8d:87:5b:b7:49:14:bb:b1:5a:36:
- 13:9d:b4:2a:99:1f:b5:02:9b:07:70:62:aa:c0:92:98:6b:f7:
- 4a:73:c5:17:a4:5e:b0:09:b2:61:6a:af:62:64:d5:b9:a6:ac:
- 09:34
+ 26:c1:64:ae:88:f7:19:f6:4f:f6:89:c9:d4:4e:46:cc:8f:51:
+ d3:b0:1c:d5:54:08:b0:5c:a7:51:48:24:be:e5:9f:d1:79:8b:
+ fb:92:84:aa:92:c6:2f:b1:76:e2:f2:21:f7:f1:5d:05:c3:5c:
+ 01:90:20:8c:46:9e:a2:b9:dd:71:4f:a4:b9:3a:15:d3:74:98:
+ 59:bf:f8:44:c5:a4:99:67:01:e7:d6:52:8d:2f:02:3a:f4:e8:
+ c8:b3:9c:f3:35:18:4e:41:03:a7:b6:b3:5c:84:61:43:6b:95:
+ b4:84:d1:c1:72:29:ac:d5:6f:e4:6c:f1:86:b6:eb:09:77:1e:
+ 89:92
-----BEGIN CERTIFICATE-----
MIICezCCAeSgAwIBAgIBFTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjhaFw0xMzEyMTUwMDQ5MjhaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDVaFw0xNDAxMDUyMjM3NDVaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczVfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3M1X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALw4WolV8pfR
-YSra8JMxWIJw0P0jCTiCAtT3y6YnwM92bmcDePVskne2ivSoNm7e43y9DQnJfJI6
-vsmxKxgqjDlrsRinNNyVjc1NZnhWOFYsop9eTRTDqvh/IJgaU0v1IEL1tDDXYupt
-VORxVQwcHEFUeipIsdCOpoJ8K4HLpbNTAgMBAAGjHTAbMAwGA1UdEwEB/wQCMAAw
-CwYDVR0PBAQDAgABMA0GCSqGSIb3DQEBCwUAA4GBADvH3hw20m2F444tTPp09yp1
-Cxu0eS8mCj5/sEQSZ+iJ8W7KLeYYISfL4n9hY7r1C5FAmCLNURZUwQCpiTl5IKRr
-5Vntnu/AL+A8LIvt+xwqjYdbt0kUu7FaNhOdtCqZH7UCmwdwYqrAkphr90pzxRek
-XrAJsmFqr2Jk1bmmrAk0
+Y3M1X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMC+ZuZVy57W
+0nvTsjT7yXTVME9iHGi9E5cIt4y2Tt1/mKXiLy6cdJIBQ2KOnGIjPrbk4hgrP677
+F+fYxCgnJ9k+XNGPUbcQTET2u2skfC4JvPuKr/rkzpQvJ809576TS2I39fGojn52
+kmJ7AkGYwvb/aI7SHfue8UX1apyNKCPBAgMBAAGjHTAbMAwGA1UdEwEB/wQCMAAw
+CwYDVR0PBAQDAgABMA0GCSqGSIb3DQEBCwUAA4GBACbBZK6I9xn2T/aJydRORsyP
+UdOwHNVUCLBcp1FIJL7ln9F5i/uShKqSxi+xduLyIffxXQXDXAGQIIxGnqK53XFP
+pLk6FdN0mFm/+ETFpJlnAefWUo0vAjr06MiznPM1GE5BA6e2s1yEYUNrlbSE0cFy
+KazVb+Rs8Ya26wl3HomS
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs6_ch1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs6_ch1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:28 2011 GMT
- Not After : Dec 15 00:49:28 2013 GMT
+ Not Before: Apr 11 22:37:45 2011 GMT
+ Not After : Jan 5 22:37:45 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs6_ch1_ta3/emailAddress=cs6_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:af:e7:4a:85:57:4a:4a:33:36:44:2a:8c:34:c1:
- 49:47:13:f6:c7:2e:b3:e5:92:c0:be:b6:74:ba:61:
- 1b:90:cf:09:1e:2f:d4:3a:d1:fa:1d:76:63:5d:2d:
- 8f:0d:78:c5:93:a1:bf:ec:51:99:7f:90:57:2d:9e:
- 41:46:fc:6a:e1:03:63:41:78:d7:84:cf:5e:d4:dd:
- 37:11:1e:cc:37:05:b7:19:ce:9a:5e:eb:75:8b:19:
- 95:1f:94:d3:d2:b2:ff:88:26:c5:6f:33:59:ad:7b:
- 70:8e:c9:95:dd:cc:31:f0:a7:69:d0:97:e0:cb:7b:
- 42:f1:ea:e5:ed:0d:b7:b3:db
+ 00:c7:77:32:f6:35:5a:29:de:dc:61:89:a9:7e:d3:
+ 4f:ac:a1:db:f1:7f:58:1c:d3:46:a8:eb:61:62:80:
+ d0:cf:40:6b:a4:39:ac:fb:f3:e4:a2:47:53:78:d4:
+ cd:5a:5f:b1:c0:e8:2c:81:2d:00:98:d5:2f:6b:e9:
+ e7:85:e6:0e:1e:46:d6:22:b9:f3:a7:e0:6c:18:ea:
+ 42:33:cd:c0:9c:e0:98:ec:29:67:39:c4:a3:f7:69:
+ 8b:04:66:f5:a2:3c:08:1b:24:e5:ba:d4:57:5b:14:
+ f1:f2:c8:2b:0f:22:ae:6e:d1:ca:85:01:e6:75:82:
+ 03:df:7a:ed:96:8a:64:2f:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Encipher Only
Signature Algorithm: sha256WithRSAEncryption
- 7d:42:18:30:29:c0:f1:62:57:00:97:dd:b3:b6:87:f5:af:5e:
- c6:32:71:5e:06:6b:e2:04:04:89:f2:3d:cc:e2:07:92:8a:90:
- be:47:58:6e:dc:9a:c6:f0:85:88:a0:a9:38:58:ee:32:65:a8:
- e8:71:c3:9a:1f:f4:d2:b1:f6:01:46:46:cb:69:1a:9a:c1:7c:
- d0:ca:93:fd:e0:60:22:db:d6:82:03:2e:d7:f8:23:0d:e1:a3:
- 4e:5b:6e:61:b2:41:b0:96:78:d8:ae:5e:be:6a:7a:28:b6:83:
- 0d:f2:a8:dc:92:89:6c:55:ae:25:98:8a:0d:0c:1f:9d:72:85:
- 3c:2d
+ 7b:52:05:af:d4:77:41:4d:3f:cf:39:bd:33:a2:82:96:38:df:
+ a5:f7:ab:44:a3:b4:fc:13:ad:f5:d0:48:81:34:10:12:e9:c7:
+ 47:3f:13:1d:0a:20:8c:a7:df:23:a1:f5:5c:05:58:7a:ff:58:
+ 61:57:25:2c:36:22:10:e6:a4:d4:e3:f4:ad:b3:35:a9:91:93:
+ 24:52:f6:28:4c:90:12:98:31:9b:31:8c:64:2f:79:df:d1:f1:
+ 6e:d2:43:84:fe:bf:e5:ea:a9:74:6c:ce:cd:44:89:6b:df:bf:
+ 7c:dd:77:24:0b:18:07:42:89:41:b3:2c:60:30:db:75:05:82:
+ 15:85
-----BEGIN CERTIFICATE-----
MIICfjCCAeegAwIBAgIBFjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjhaFw0xMzEyMTUwMDQ5MjhaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDVaFw0xNDAxMDUyMjM3NDVaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczZfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3M2X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/nSoVXSkoz
-NkQqjDTBSUcT9scus+WSwL62dLphG5DPCR4v1DrR+h12Y10tjw14xZOhv+xRmX+Q
-Vy2eQUb8auEDY0F414TPXtTdNxEezDcFtxnOml7rdYsZlR+U09Ky/4gmxW8zWa17
-cI7Jld3MMfCnadCX4Mt7QvHq5e0Nt7PbAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
-DgYDVR0PAQH/BAQDAgABMA0GCSqGSIb3DQEBCwUAA4GBAH1CGDApwPFiVwCX3bO2
-h/WvXsYycV4Ga+IEBInyPcziB5KKkL5HWG7cmsbwhYigqThY7jJlqOhxw5of9NKx
-9gFGRstpGprBfNDKk/3gYCLb1oIDLtf4Iw3ho05bbmGyQbCWeNiuXr5qeii2gw3y
-qNySiWxVriWYig0MH51yhTwt
+Y3M2X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMd3MvY1Wine
+3GGJqX7TT6yh2/F/WBzTRqjrYWKA0M9Aa6Q5rPvz5KJHU3jUzVpfscDoLIEtAJjV
+L2vp54XmDh5G1iK586fgbBjqQjPNwJzgmOwpZznEo/dpiwRm9aI8CBsk5brUV1sU
+8fLIKw8irm7RyoUB5nWCA9967ZaKZC9fAgMBAAGjIDAeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgABMA0GCSqGSIb3DQEBCwUAA4GBAHtSBa/Ud0FNP885vTOi
+gpY436X3q0SjtPwTrfXQSIE0EBLpx0c/Ex0KIIyn3yOh9VwFWHr/WGFXJSw2IhDm
+pNTj9K2zNamRkyRS9ihMkBKYMZsxjGQved/R8W7SQ4T+v+XqqXRszs1EiWvfv3zd
+dyQLGAdCiUGzLGAw23UFghWF
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs7_ch1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs7_ch1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,48 +5,48 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:28 2011 GMT
- Not After : Dec 15 00:49:28 2013 GMT
+ Not Before: Apr 11 22:37:46 2011 GMT
+ Not After : Jan 5 22:37:46 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs7_ch1_ta3/emailAddress=cs7_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:bb:2d:57:4a:c4:d9:24:b6:78:a5:dc:9d:7b:b9:
- 68:c6:63:fc:d4:8a:90:b8:24:50:8d:b9:34:5b:c0:
- ec:16:bf:c9:30:e0:80:70:7a:6c:9e:55:48:95:13:
- 16:20:5b:a1:7b:10:de:e8:12:65:21:c5:bf:b9:36:
- 35:76:4f:79:66:49:82:76:69:a1:22:8e:d1:4c:d9:
- 21:e6:50:b8:31:f1:66:54:20:cc:98:a9:22:bd:53:
- d2:af:f6:f0:09:ca:1b:a9:85:a5:61:51:66:1d:54:
- 58:12:6f:35:5b:ac:4c:7a:8b:4f:63:38:49:e5:d8:
- 02:88:46:75:73:f2:40:fe:c9
+ 00:c8:97:06:72:77:82:e7:03:53:56:f7:71:5c:f4:
+ b5:ae:e1:22:08:f7:a7:70:47:2f:ad:6f:af:a9:39:
+ c3:73:ca:f5:d5:54:e9:3d:46:f8:a4:a1:1a:27:d5:
+ 1a:c6:90:c9:4b:c1:21:32:06:9b:56:d7:23:3c:23:
+ d9:aa:2a:17:15:61:0c:cc:08:e7:60:af:55:e6:9e:
+ e2:24:bd:1f:e9:04:e8:09:ed:f4:a3:d8:5e:24:91:
+ 95:3e:9f:7e:f7:64:66:60:08:7d:cf:ac:b6:f4:6b:
+ 72:28:61:8c:dc:51:4d:00:3e:4d:67:70:0e:ae:3c:
+ 37:99:28:47:e7:61:fe:a3:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
- 6f:28:9e:58:6f:5f:79:47:4e:4c:cc:16:0b:d7:7b:f7:47:bd:
- 3c:2c:0a:5c:7b:9f:18:15:ae:5f:77:85:7e:9b:a5:0b:67:86:
- 6f:b6:1b:a1:18:c8:c2:1d:e9:5d:1b:af:31:0f:59:18:95:4a:
- 1b:0c:59:1d:99:3a:63:53:95:b5:f2:8f:3d:52:5d:9c:9d:e0:
- 25:0e:1b:b6:38:e8:d6:8b:a6:f0:43:c9:c3:9f:f1:6f:6a:de:
- 4d:24:aa:06:44:8a:c5:ab:8f:d4:53:64:30:44:e2:23:2c:ae:
- 80:b0:ca:f2:56:7d:bd:23:62:fa:70:25:eb:0c:79:20:98:f9:
- 54:25
+ 7a:58:f4:9c:bc:64:08:aa:dc:9c:e2:d3:a0:92:cb:1a:b3:75:
+ c9:c7:39:07:84:cb:4a:0f:07:2c:b8:5d:8a:a3:22:69:2e:63:
+ 04:d8:16:5f:8d:e8:11:de:fc:f5:df:a3:6c:c9:f0:c2:d7:5d:
+ 6c:43:3c:e2:ae:ed:b2:01:cf:e1:77:b3:85:76:bb:76:f7:c9:
+ cd:50:7f:17:b7:82:22:ed:d9:1c:82:bf:da:3f:28:72:c5:45:
+ e3:08:96:ba:45:22:76:bb:b4:9d:f6:e1:a0:64:36:9b:a2:e2:
+ 83:64:b1:76:1d:09:2f:6c:4b:a9:9b:00:e3:79:cf:7d:0b:91:
+ b3:95
-----BEGIN CERTIFICATE-----
MIICbjCCAdegAwIBAgIBFzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjhaFw0xMzEyMTUwMDQ5MjhaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDZaFw0xNDAxMDUyMjM3NDZaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczdfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3M3X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALstV0rE2SS2
-eKXcnXu5aMZj/NSKkLgkUI25NFvA7Ba/yTDggHB6bJ5VSJUTFiBboXsQ3ugSZSHF
-v7k2NXZPeWZJgnZpoSKO0UzZIeZQuDHxZlQgzJipIr1T0q/28AnKG6mFpWFRZh1U
-WBJvNVusTHqLT2M4SeXYAohGdXPyQP7JAgMBAAGjEDAOMAwGA1UdEwEB/wQCMAAw
-DQYJKoZIhvcNAQELBQADgYEAbyieWG9feUdOTMwWC9d790e9PCwKXHufGBWuX3eF
-fpulC2eGb7YboRjIwh3pXRuvMQ9ZGJVKGwxZHZk6Y1OVtfKPPVJdnJ3gJQ4btjjo
-1oum8EPJw5/xb2reTSSqBkSKxauP1FNkMETiIyyugLDK8lZ9vSNi+nAl6wx5IJj5
-VCU=
+Y3M3X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMiXBnJ3gucD
+U1b3cVz0ta7hIgj3p3BHL61vr6k5w3PK9dVU6T1G+KShGifVGsaQyUvBITIGm1bX
+Izwj2aoqFxVhDMwI52CvVeae4iS9H+kE6Ant9KPYXiSRlT6ffvdkZmAIfc+stvRr
+cihhjNxRTQA+TWdwDq48N5koR+dh/qNzAgMBAAGjEDAOMAwGA1UdEwEB/wQCMAAw
+DQYJKoZIhvcNAQELBQADgYEAelj0nLxkCKrcnOLToJLLGrN1ycc5B4TLSg8HLLhd
+iqMiaS5jBNgWX43oEd789d+jbMnwwtddbEM84q7tsgHP4XezhXa7dvfJzVB/F7eC
+Iu3ZHIK/2j8ocsVF4wiWukUidru0nfbhoGQ2m6Lig2Sxdh0JL2xLqZsA43nPfQuR
+s5U=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs8_ch1_ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/code_signing_certs/cs8_ch1_ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -5,22 +5,22 @@
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ch1_ta3/emailAddress=ch1_ta3
Validity
- Not Before: Mar 21 00:49:29 2011 GMT
- Not After : Dec 15 00:49:29 2013 GMT
+ Not Before: Apr 11 22:37:46 2011 GMT
+ Not After : Jan 5 22:37:46 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=cs8_ch1_ta3/emailAddress=cs8_ch1_ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d8:42:22:89:49:49:9b:1f:c3:68:43:93:5b:e7:
- be:cd:d6:0d:24:cb:d8:6a:bd:64:c3:8f:31:6f:4f:
- 38:c4:ca:39:4e:16:35:32:88:bb:03:f0:04:06:aa:
- e4:e1:11:24:db:b1:e2:d1:1b:3a:45:49:da:0f:36:
- b6:79:85:4a:42:e4:01:83:75:4d:1e:81:69:30:f0:
- 64:20:19:63:c0:d4:5d:50:76:bb:a8:e4:56:b7:bb:
- e0:54:64:f9:73:c7:eb:84:a6:da:4a:58:16:00:a8:
- cb:e5:c5:b0:1f:ad:eb:fc:2c:08:93:ee:2e:a3:26:
- 13:3c:a6:46:64:a5:df:f6:57
+ 00:c4:da:c4:d3:72:c2:65:ec:7f:b8:41:e3:c7:14:
+ 83:bb:fc:9e:d5:87:15:5f:eb:52:da:cb:f4:c7:db:
+ 2f:58:65:01:0e:0e:d5:27:cf:c5:e5:2c:ce:99:7f:
+ 0f:48:8c:4f:54:47:6b:4b:5e:90:3f:95:96:60:b8:
+ 8e:39:1f:a9:cc:38:b6:9f:21:6d:4e:69:2e:14:c5:
+ 71:fe:e1:e1:44:24:d4:74:45:4a:9f:88:64:36:96:
+ f7:ba:74:1e:88:f9:6d:ac:e9:25:f0:74:58:c6:13:
+ b9:05:ab:fa:0e:5c:77:fc:a1:3d:48:9c:78:90:f8:
+ 67:41:99:7c:bf:45:6a:67:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
@@ -28,27 +28,27 @@
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
- 30:5f:8a:7d:24:03:2b:2a:c1:cf:07:27:e0:f6:d4:1e:fe:8a:
- cf:57:06:6b:60:70:41:b2:53:75:14:b9:f8:1c:b7:f0:02:44:
- 4d:89:78:51:7d:3a:b9:b2:f9:54:76:67:ab:53:11:ac:b2:ac:
- 75:5d:48:f7:55:c4:0a:e4:03:3d:ba:30:75:f1:a1:28:71:3e:
- 9e:e5:35:84:70:54:a4:d7:f0:ca:5b:29:33:3e:6b:32:88:eb:
- 49:9d:46:c7:12:75:96:ec:81:91:b8:5e:01:a6:c1:ec:05:a2:
- 84:46:9b:39:60:7b:91:d1:9e:4f:c8:dd:00:15:f3:aa:1a:e4:
- 32:85
+ 1d:d4:91:76:de:42:bb:70:5b:57:39:fe:bd:50:85:66:ee:7c:
+ c7:7c:7c:00:18:71:73:50:5a:70:04:43:ca:81:23:2a:42:c8:
+ 8e:34:91:b9:8b:b8:f7:37:b0:08:3f:ee:b2:5f:a2:fd:03:b1:
+ 59:d1:ff:cf:b6:73:f6:82:51:0a:73:a0:43:79:36:a2:c4:fb:
+ 98:6c:64:bc:3a:f5:b9:c5:e7:c1:cf:76:fb:73:23:d3:47:e2:
+ a9:19:60:08:a7:c8:1b:c3:73:24:f9:8d:dc:bf:ae:5d:5b:fe:
+ 48:d0:06:a7:33:e5:d8:db:4c:c9:82:a0:32:c1:1e:45:67:67:
+ ce:54
-----BEGIN CERTIFICATE-----
MIICgTCCAeqgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UE
ChMEcGtnNTEQMA4GA1UEAxQHY2gxX3RhMzEWMBQGCSqGSIb3DQEJARYHY2gxX3Rh
-MzAeFw0xMTAzMjEwMDQ5MjlaFw0xMzEyMTUwMDQ5MjlaMHgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDZaFw0xNDAxMDUyMjM3NDZaMHgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MRQwEgYDVQQDFAtjczhfY2gxX3RhMzEaMBgGCSqGSIb3DQEJARYL
-Y3M4X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANhCIolJSZsf
-w2hDk1vnvs3WDSTL2Gq9ZMOPMW9POMTKOU4WNTKIuwPwBAaq5OERJNux4tEbOkVJ
-2g82tnmFSkLkAYN1TR6BaTDwZCAZY8DUXVB2u6jkVre74FRk+XPH64Sm2kpYFgCo
-y+XFsB+t6/wsCJPuLqMmEzymRmSl3/ZXAgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMB
-Af8wDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBADBfin0kAysqwc8H
-J+D21B7+is9XBmtgcEGyU3UUufgct/ACRE2JeFF9Ormy+VR2Z6tTEayyrHVdSPdV
-xArkAz26MHXxoShxPp7lNYRwVKTX8MpbKTM+azKI60mdRscSdZbsgZG4XgGmwewF
-ooRGmzlge5HRnk/I3QAV86oa5DKF
+Y3M4X2NoMV90YTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTaxNNywmXs
+f7hB48cUg7v8ntWHFV/rUtrL9MfbL1hlAQ4O1SfPxeUszpl/D0iMT1RHa0tekD+V
+lmC4jjkfqcw4tp8hbU5pLhTFcf7h4UQk1HRFSp+IZDaW97p0Hoj5bazpJfB0WMYT
+uQWr+g5cd/yhPUiceJD4Z0GZfL9FamfvAgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBAB3UkXbeQrtwW1c5
+/r1QhWbufMd8fAAYcXNQWnAEQ8qBIypCyI40kbmLuPc3sAg/7rJfov0DsVnR/8+2
+c/aCUQpzoEN5NqLE+5hsZLw69bnF58HPdvtzI9NH4qkZYAinyBvDcyT5jdy/rl1b
+/kjQBqcz5djbTMmCoDLBHkVnZ85U
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/crl/ch1.1_ta4_crl.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/crl/ch1.1_ta4_crl.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,31 +2,31 @@
Version 1 (0x0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1.1_ta4/emailAddress=ch1.1_ta4
- Last Update: Mar 21 00:49:34 2011 GMT
- Next Update: Dec 15 00:49:34 2013 GMT
+ Last Update: Apr 11 22:37:52 2011 GMT
+ Next Update: Jan 5 22:37:52 2014 GMT
Revoked Certificates:
Serial Number: 07
- Revocation Date: Mar 21 00:49:24 2011 GMT
+ Revocation Date: Apr 11 22:37:40 2011 GMT
Serial Number: 23
- Revocation Date: Mar 21 00:49:32 2011 GMT
+ Revocation Date: Apr 11 22:37:50 2011 GMT
Serial Number: 27
- Revocation Date: Mar 21 00:49:34 2011 GMT
+ Revocation Date: Apr 11 22:37:51 2011 GMT
Signature Algorithm: sha256WithRSAEncryption
- 31:4b:ae:a8:e4:93:46:5d:3a:10:72:b5:d0:c0:44:d9:3d:aa:
- cc:a1:19:b9:8a:80:64:5e:95:71:67:ed:cd:99:1c:05:0b:af:
- ee:68:a6:ee:dd:b9:cb:c8:7a:36:da:a5:3a:34:60:62:7c:38:
- 91:37:4b:36:61:87:2d:b3:d9:95:40:25:ab:e2:1d:4c:27:0f:
- fb:01:cb:14:6a:c7:d3:60:ef:54:2c:d9:f5:a7:57:d1:1d:9d:
- fe:28:ef:f3:2c:37:91:08:51:eb:e6:9a:f1:35:8a:bc:00:20:
- 64:74:e5:a1:7d:c4:19:ad:54:2e:52:71:c8:70:44:a6:53:7b:
- 2e:88
+ 43:11:2b:b7:e3:53:78:1d:44:94:46:89:65:a1:5a:92:32:97:
+ 7a:77:06:4f:c0:49:01:c2:ad:32:d5:c8:f4:03:db:cb:71:5c:
+ 7d:4c:b9:48:ae:7f:3d:18:11:9d:5d:f2:c0:75:a5:88:eb:0d:
+ b3:05:ed:0e:94:a0:19:2b:69:cf:6e:9a:04:bd:81:25:e8:aa:
+ 7c:82:8d:37:c7:01:5f:21:79:5f:ed:ae:ff:79:e3:26:98:a9:
+ 54:ba:53:3b:9c:bd:c4:67:24:5d:ec:a7:4f:d3:93:7e:1c:73:
+ 48:79:e5:55:06:f5:88:49:10:4a:da:0a:66:05:5c:b2:0f:81:
+ 37:c6
-----BEGIN X509 CRL-----
MIIBdzCB4TANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMK
Q2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTES
MBAGA1UEAxQJY2gxLjFfdGE0MRgwFgYJKoZIhvcNAQkBFgljaDEuMV90YTQXDTEx
-MDMyMTAwNDkzNFoXDTEzMTIxNTAwNDkzNFowPDASAgEHFw0xMTAzMjEwMDQ5MjRa
-MBICASMXDTExMDMyMTAwNDkzMlowEgIBJxcNMTEwMzIxMDA0OTM0WjANBgkqhkiG
-9w0BAQsFAAOBgQAxS66o5JNGXToQcrXQwETZParMoRm5ioBkXpVxZ+3NmRwFC6/u
-aKbu3bnLyHo22qU6NGBifDiRN0s2YYcts9mVQCWr4h1MJw/7AcsUasfTYO9ULNn1
-p1fRHZ3+KO/zLDeRCFHr5prxNYq8ACBkdOWhfcQZrVQuUnHIcESmU3suiA==
+MDQxMTIyMzc1MloXDTE0MDEwNTIyMzc1MlowPDASAgEHFw0xMTA0MTEyMjM3NDBa
+MBICASMXDTExMDQxMTIyMzc1MFowEgIBJxcNMTEwNDExMjIzNzUxWjANBgkqhkiG
+9w0BAQsFAAOBgQBDESu341N4HUSURolloVqSMpd6dwZPwEkBwq0y1cj0A9vLcVx9
+TLlIrn89GBGdXfLAdaWI6w2zBe0OlKAZK2nPbpoEvYEl6Kp8go03xwFfIXlf7a7/
+eeMmmKlUulM7nL3EZyRd7KdP05N+HHNIeeVVBvWISRBK2gpmBVyyD4E3xg==
-----END X509 CRL-----
--- a/src/tests/ro_data/signing_certs/produced/crl/ch1_ta4_crl.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/crl/ch1_ta4_crl.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,29 +2,29 @@
Version 1 (0x0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta4/emailAddress=ch1_ta4
- Last Update: Mar 21 00:49:32 2011 GMT
- Next Update: Dec 15 00:49:32 2013 GMT
+ Last Update: Apr 11 22:37:50 2011 GMT
+ Next Update: Jan 5 22:37:50 2014 GMT
Revoked Certificates:
Serial Number: 07
- Revocation Date: Mar 21 00:49:24 2011 GMT
+ Revocation Date: Apr 11 22:37:40 2011 GMT
Serial Number: 23
- Revocation Date: Mar 21 00:49:32 2011 GMT
+ Revocation Date: Apr 11 22:37:50 2011 GMT
Signature Algorithm: sha256WithRSAEncryption
- a5:ad:ec:47:89:19:2e:6e:0e:1e:04:a6:1b:7d:1d:64:cb:68:
- df:cb:51:98:24:5a:a0:1b:5f:3a:22:31:7e:78:bf:7e:fe:28:
- f6:a4:fd:92:16:ed:07:59:fa:f4:9b:ed:e3:f9:67:35:f0:b8:
- 83:65:f3:52:f8:ee:98:c1:8f:36:53:dc:8d:23:ee:d9:35:07:
- 72:64:dd:e6:2c:5b:b8:1a:4a:40:70:a7:2f:a4:ce:c3:77:ca:
- 1f:16:1d:6e:aa:46:9a:b4:7b:f2:0c:f0:9a:35:25:6f:e8:40:
- cd:61:ec:e3:8b:07:d7:51:8d:3f:af:d2:12:bc:5e:68:81:60:
- a6:e7
+ 9b:df:54:93:58:08:f4:fc:9b:4c:1c:91:ba:dd:15:38:3c:47:
+ d3:68:e8:ed:0d:cd:f5:0e:56:59:e3:55:ac:9d:5a:57:e8:36:
+ ea:60:30:f3:cb:79:93:0c:65:ba:44:9a:b1:b4:56:1e:98:bd:
+ c8:b9:34:7f:ec:79:13:da:2d:37:65:02:5b:29:a6:39:5f:55:
+ a3:00:a2:a0:0a:0b:c7:81:9d:13:da:0c:3e:09:ab:a9:80:3c:
+ ef:99:1d:1c:88:e2:c7:c2:de:4c:a0:f6:5b:a2:0e:7e:08:7f:
+ 06:25:03:ec:0e:d0:ce:be:25:0b:52:34:68:94:e3:d1:f3:6f:
+ 0b:d6
-----BEGIN X509 CRL-----
MIIBXzCByTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
Q2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTEQ
-MA4GA1UEAxQHY2gxX3RhNDEWMBQGCSqGSIb3DQEJARYHY2gxX3RhNBcNMTEwMzIx
-MDA0OTMyWhcNMTMxMjE1MDA0OTMyWjAoMBICAQcXDTExMDMyMTAwNDkyNFowEgIB
-IxcNMTEwMzIxMDA0OTMyWjANBgkqhkiG9w0BAQsFAAOBgQClrexHiRkubg4eBKYb
-fR1ky2jfy1GYJFqgG186IjF+eL9+/ij2pP2SFu0HWfr0m+3j+Wc18LiDZfNS+O6Y
-wY82U9yNI+7ZNQdyZN3mLFu4GkpAcKcvpM7Dd8ofFh1uqkaatHvyDPCaNSVv6EDN
-YezjiwfXUY0/r9ISvF5ogWCm5w==
+MA4GA1UEAxQHY2gxX3RhNDEWMBQGCSqGSIb3DQEJARYHY2gxX3RhNBcNMTEwNDEx
+MjIzNzUwWhcNMTQwMTA1MjIzNzUwWjAoMBICAQcXDTExMDQxMTIyMzc0MFowEgIB
+IxcNMTEwNDExMjIzNzUwWjANBgkqhkiG9w0BAQsFAAOBgQCb31STWAj0/JtMHJG6
+3RU4PEfTaOjtDc31DlZZ41WsnVpX6DbqYDDzy3mTDGW6RJqxtFYemL3IuTR/7HkT
+2i03ZQJbKaY5X1WjAKKgCgvHgZ0T2gw+CaupgDzvmR0ciOLHwt5MoPZbog5+CH8G
+JQPsDtDOviULUjRolOPR828L1g==
-----END X509 CRL-----
--- a/src/tests/ro_data/signing_certs/produced/crl/ch5_ta1_crl.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/crl/ch5_ta1_crl.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,26 +2,26 @@
Version 1 (0x0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch5_ta1/emailAddress=ch5_ta1
- Last Update: Mar 21 00:49:24 2011 GMT
- Next Update: Dec 15 00:49:24 2013 GMT
+ Last Update: Apr 11 22:37:40 2011 GMT
+ Next Update: Jan 5 22:37:40 2014 GMT
Revoked Certificates:
Serial Number: 07
- Revocation Date: Mar 21 00:49:24 2011 GMT
+ Revocation Date: Apr 11 22:37:40 2011 GMT
Signature Algorithm: sha256WithRSAEncryption
- a0:ce:1d:25:10:90:84:12:77:2d:77:d0:78:40:e5:6f:0f:46:
- 42:d8:55:6a:1d:ca:3f:e0:67:da:3b:ad:aa:62:18:43:f8:1c:
- ef:1e:79:3f:90:ee:82:4c:6f:81:9b:20:3c:bb:81:7e:ed:db:
- 40:41:00:c9:29:77:25:87:b7:7b:b5:2b:b1:a8:c1:d4:f2:6b:
- 9e:67:56:b2:bc:69:9b:ef:62:a7:26:05:7e:e7:7e:24:3a:21:
- 90:ce:cf:4a:47:b5:59:68:6e:01:88:a8:5f:81:02:fc:4e:7d:
- 07:67:41:7b:42:eb:3d:4c:de:94:0b:89:78:fc:bc:0e:b4:fe:
- 2d:fd
+ 08:22:74:6f:ef:f6:1a:81:8a:04:6e:50:87:c8:95:f5:ba:de:
+ a9:f8:03:68:2b:c9:de:39:58:03:a9:cc:4d:04:ed:82:05:fa:
+ a7:54:2d:a5:a6:55:e9:37:1b:56:50:c4:ef:75:50:d1:d6:da:
+ 42:dc:90:b2:e3:6f:4b:4e:29:45:70:ec:72:38:05:05:0e:0c:
+ 3e:a0:a5:06:2e:57:50:d4:ea:b8:3e:cd:3e:20:a1:36:d6:d5:
+ 81:a5:4c:ab:89:28:f5:d6:36:bf:42:4a:8d:50:12:79:ae:67:
+ 24:7a:12:c7:73:76:b7:8b:1e:f7:fa:ee:25:f9:8e:8e:8e:66:
+ 5d:21
-----BEGIN X509 CRL-----
MIIBSzCBtTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
Q2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTEQ
-MA4GA1UEAxQHY2g1X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g1X3RhMRcNMTEwMzIx
-MDA0OTI0WhcNMTMxMjE1MDA0OTI0WjAUMBICAQcXDTExMDMyMTAwNDkyNFowDQYJ
-KoZIhvcNAQELBQADgYEAoM4dJRCQhBJ3LXfQeEDlbw9GQthVah3KP+Bn2jutqmIY
-Q/gc7x55P5DugkxvgZsgPLuBfu3bQEEAySl3JYe3e7UrsajB1PJrnmdWsrxpm+9i
-pyYFfud+JDohkM7PSke1WWhuAYioX4EC/E59B2dBe0LrPUzelAuJePy8DrT+Lf0=
+MA4GA1UEAxQHY2g1X3RhMTEWMBQGCSqGSIb3DQEJARYHY2g1X3RhMRcNMTEwNDEx
+MjIzNzQwWhcNMTQwMTA1MjIzNzQwWjAUMBICAQcXDTExMDQxMTIyMzc0MFowDQYJ
+KoZIhvcNAQELBQADgYEACCJ0b+/2GoGKBG5Qh8iV9breqfgDaCvJ3jlYA6nMTQTt
+ggX6p1QtpaZV6TcbVlDE73VQ0dbaQtyQsuNvS04pRXDscjgFBQ4MPqClBi5XUNTq
+uD7NPiChNtbVgaVMq4ko9dY2v0JKjVASea5nJHoSx3N2t4se9/ruJfmOjo5mXSE=
-----END X509 CRL-----
--- a/src/tests/ro_data/signing_certs/produced/crl/ta5_crl.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/crl/ta5_crl.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,34 +2,34 @@
Version 1 (0x0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta5/emailAddress=ta5
- Last Update: Mar 21 00:49:35 2011 GMT
- Next Update: Dec 15 00:49:35 2013 GMT
+ Last Update: Apr 11 22:37:52 2011 GMT
+ Next Update: Jan 5 22:37:52 2014 GMT
Revoked Certificates:
Serial Number: 07
- Revocation Date: Mar 21 00:49:24 2011 GMT
+ Revocation Date: Apr 11 22:37:40 2011 GMT
Serial Number: 23
- Revocation Date: Mar 21 00:49:32 2011 GMT
+ Revocation Date: Apr 11 22:37:50 2011 GMT
Serial Number: 27
- Revocation Date: Mar 21 00:49:34 2011 GMT
+ Revocation Date: Apr 11 22:37:51 2011 GMT
Serial Number: 28
- Revocation Date: Mar 21 00:49:35 2011 GMT
+ Revocation Date: Apr 11 22:37:52 2011 GMT
Signature Algorithm: sha256WithRSAEncryption
- 81:8c:4a:60:d8:d7:48:e8:ef:57:75:bf:0f:12:1f:a2:f3:5b:
- f4:78:d8:a8:6b:b9:72:c1:80:60:a5:1b:e1:82:71:88:2d:38:
- ff:2f:c6:be:36:16:d1:76:6c:e1:d9:ad:b4:c3:a2:c9:64:11:
- ee:d6:32:0a:b8:14:a7:73:7c:59:2f:86:8c:9a:83:80:35:79:
- 3c:59:9e:7b:75:b6:8e:ef:15:2a:5d:f4:d0:69:04:f9:58:2f:
- b4:85:b9:5e:49:e9:8a:ae:72:94:34:28:87:6d:cd:ec:d6:86:
- 79:17:a3:31:e0:9c:21:fb:b4:6d:84:ac:3d:86:47:f5:c8:c8:
- 89:ca
+ 58:70:11:73:97:29:40:34:77:df:1e:5d:b1:77:6b:9a:6b:00:
+ 33:d1:a3:50:34:05:f6:ba:ed:eb:c7:23:81:e5:da:56:3f:ac:
+ 3a:32:e6:ff:e2:45:da:68:7d:03:70:ea:00:f4:f2:6d:52:f9:
+ 5e:fc:0f:a9:83:1a:dd:a0:17:9b:6e:ee:9e:42:b5:25:e1:9f:
+ e1:38:db:99:21:71:53:fe:b6:ce:b4:57:1c:b7:d7:99:eb:6e:
+ a8:ba:65:e2:6d:16:53:7e:6c:6d:93:b0:0c:f7:48:ec:16:71:
+ ce:84:a6:27:c5:88:82:8d:76:09:c5:74:8f:5d:b9:29:46:6a:
+ e3:ae
-----BEGIN X509 CRL-----
MIIBfzCB6TANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
Q2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTEM
-MAoGA1UEAxMDdGE1MRIwEAYJKoZIhvcNAQkBFgN0YTUXDTExMDMyMTAwNDkzNVoX
-DTEzMTIxNTAwNDkzNVowUDASAgEHFw0xMTAzMjEwMDQ5MjRaMBICASMXDTExMDMy
-MTAwNDkzMlowEgIBJxcNMTEwMzIxMDA0OTM0WjASAgEoFw0xMTAzMjEwMDQ5MzVa
-MA0GCSqGSIb3DQEBCwUAA4GBAIGMSmDY10jo71d1vw8SH6LzW/R42KhruXLBgGCl
-G+GCcYgtOP8vxr42FtF2bOHZrbTDoslkEe7WMgq4FKdzfFkvhoyag4A1eTxZnnt1
-to7vFSpd9NBpBPlYL7SFuV5J6YqucpQ0KIdtzezWhnkXozHgnCH7tG2ErD2GR/XI
-yInK
+MAoGA1UEAxMDdGE1MRIwEAYJKoZIhvcNAQkBFgN0YTUXDTExMDQxMTIyMzc1MloX
+DTE0MDEwNTIyMzc1MlowUDASAgEHFw0xMTA0MTEyMjM3NDBaMBICASMXDTExMDQx
+MTIyMzc1MFowEgIBJxcNMTEwNDExMjIzNzUxWjASAgEoFw0xMTA0MTEyMjM3NTJa
+MA0GCSqGSIb3DQEBCwUAA4GBAFhwEXOXKUA0d98eXbF3a5prADPRo1A0Bfa67evH
+I4Hl2lY/rDoy5v/iRdpofQNw6gD08m1S+V78D6mDGt2gF5tu7p5CtSXhn+E425kh
+cVP+ts60Vxy315nrbqi6ZeJtFlN+bG2TsAz3SOwWcc6EpifFiIKNdgnFdI9duSlG
+auOu
-----END X509 CRL-----
--- a/src/tests/ro_data/signing_certs/produced/index Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/index Wed Apr 27 20:30:32 2011 -0700
@@ -1,41 +1,47 @@
-V 131215004923Z 01 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta1/emailAddress=ch1_ta1
-V 131215004923Z 02 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch2_ta1/emailAddress=ch2_ta1
-V 131215004923Z 03 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
-V 131215004923Z 04 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch4_ta1/emailAddress=ch4_ta1
-V 131215004923Z 05 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch5_ta1/emailAddress=ch5_ta1
-V 131215004924Z 06 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch5_ta1/emailAddress=cs1_ch5_ta1
-R 131215004924Z 110321004924Z 07 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs2_ch5_ta1/emailAddress=cs2_ch5_ta1
-V 131215004924Z 08 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch5.1_ta1/emailAddress=ch5.1_ta1
-V 131215004924Z 09 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch5.1_ta1/emailAddress=cs1_ch5.1_ta1
-V 131215004924Z 0A unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch5.2_ta1/emailAddress=ch5.2_ta1
-V 131215004925Z 0B unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch5.2_ta1/emailAddress=cs1_ch5.2_ta1
-V 131215004926Z 0C unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch4.3_ta1/emailAddress=ch4.3_ta1
-V 131215004926Z 0D unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch5.3_ta1/emailAddress=ch5.3_ta1
-V 131215004926Z 0E unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch5.3_ta1/emailAddress=cs1_ch5.3_ta1
-V 131215004926Z 0F unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ta2/emailAddress=cs1_ta2
-V 131215004927Z 10 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta3/emailAddress=ch1_ta3
-V 131215004928Z 11 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1_ta3/emailAddress=cs1_ch1_ta3
-V 131215004928Z 12 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs2_ch1_ta3/emailAddress=cs2_ch1_ta3
+V 140105223738Z 01 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta1/emailAddress=ch1_ta1
+V 140105223739Z 02 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch2_ta1/emailAddress=ch2_ta1
+V 140105223739Z 03 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch3_ta1/emailAddress=ch3_ta1
+V 140105223739Z 04 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch4_ta1/emailAddress=ch4_ta1
+V 140105223739Z 05 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch5_ta1/emailAddress=ch5_ta1
+V 140105223740Z 06 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch5_ta1/emailAddress=cs1_ch5_ta1
+R 140105223740Z 110411223740Z 07 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs2_ch5_ta1/emailAddress=cs2_ch5_ta1
+V 140105223740Z 08 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch5.1_ta1/emailAddress=ch5.1_ta1
+V 140105223741Z 09 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch5.1_ta1/emailAddress=cs1_ch5.1_ta1
+V 140105223741Z 0A unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch5.2_ta1/emailAddress=ch5.2_ta1
+V 140105223742Z 0B unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch5.2_ta1/emailAddress=cs1_ch5.2_ta1
+V 140105223742Z 0C unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch4.3_ta1/emailAddress=ch4.3_ta1
+V 140105223742Z 0D unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch5.3_ta1/emailAddress=ch5.3_ta1
+V 140105223742Z 0E unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch5.3_ta1/emailAddress=cs1_ch5.3_ta1
+V 140105223743Z 0F unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ta2/emailAddress=cs1_ta2
+V 140105223744Z 10 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta3/emailAddress=ch1_ta3
+V 140105223744Z 11 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1_ta3/emailAddress=cs1_ch1_ta3
+V 140105223744Z 12 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs2_ch1_ta3/emailAddress=cs2_ch1_ta3
V 090102010101Z 13 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs3_ch1_ta3/emailAddress=cs3_ch1_ta3
V 350102010101Z 14 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs4_ch1_ta3/emailAddress=cs4_ch1_ta3
-V 131215004928Z 15 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs5_ch1_ta3/emailAddress=cs5_ch1_ta3
-V 131215004928Z 16 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs6_ch1_ta3/emailAddress=cs6_ch1_ta3
-V 131215004928Z 17 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs7_ch1_ta3/emailAddress=cs7_ch1_ta3
-V 131215004929Z 18 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs8_ch1_ta3/emailAddress=cs8_ch1_ta3
-V 131215004929Z 19 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_cs8_ch1_ta3/emailAddress=cs1_cs8_ch1_ta3
-V 131215004929Z 1A unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1.1_ta3/emailAddress=ch1.1_ta3
-V 131215004929Z 1B unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1.1_ta3/emailAddress=cs1_ch1.1_ta3
+V 140105223745Z 15 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs5_ch1_ta3/emailAddress=cs5_ch1_ta3
+V 140105223745Z 16 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs6_ch1_ta3/emailAddress=cs6_ch1_ta3
+V 140105223746Z 17 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs7_ch1_ta3/emailAddress=cs7_ch1_ta3
+V 140105223746Z 18 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs8_ch1_ta3/emailAddress=cs8_ch1_ta3
+V 140105223746Z 19 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_cs8_ch1_ta3/emailAddress=cs1_cs8_ch1_ta3
+V 140105223747Z 1A unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1.1_ta3/emailAddress=ch1.1_ta3
+V 140105223747Z 1B unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1.1_ta3/emailAddress=cs1_ch1.1_ta3
V 090102010101Z 1C unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1.2_ta3/emailAddress=ch1.2_ta3
-V 131215004930Z 1D unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1.2_ta3/emailAddress=cs1_ch1.2_ta3
+V 140105223748Z 1D unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1.2_ta3/emailAddress=cs1_ch1.2_ta3
V 350102010101Z 1E unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1.3_ta3/emailAddress=ch1.3_ta3
-V 131215004931Z 1F unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1.3_ta3/emailAddress=cs1_ch1.3_ta3
+V 140105223748Z 1F unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1.3_ta3/emailAddress=cs1_ch1.3_ta3
V 350102010101Z 20 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1.4_ta3/emailAddress=ch1.4_ta3
-V 131215004931Z 21 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1.4_ta3/emailAddress=cs1_ch1.4_ta3
-V 131215004932Z 22 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta4/emailAddress=ch1_ta4
-R 131215004932Z 110321004932Z 23 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1_ta4/emailAddress=cs1_ch1_ta4
-V 131215004933Z 24 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs2_ch1_ta4/emailAddress=cs2_ch1_ta4
-V 131215004933Z 25 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs3_ch1_ta4/emailAddress=cs3_ch1_ta4
-V 131215004933Z 26 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1.1_ta4/emailAddress=ch1.1_ta4
-R 131215004933Z 110321004934Z 27 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1.1_ta4/emailAddress=cs1_ch1.1_ta4
-R 131215004934Z 110321004935Z 28 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta5/emailAddress=ch1_ta5
-V 131215004934Z 29 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1_ta5/emailAddress=cs1_ch1_ta5
+V 140105223749Z 21 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1.4_ta3/emailAddress=cs1_ch1.4_ta3
+V 140105223749Z 22 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta4/emailAddress=ch1_ta4
+R 140105223750Z 110411223750Z 23 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1_ta4/emailAddress=cs1_ch1_ta4
+V 140105223750Z 24 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs2_ch1_ta4/emailAddress=cs2_ch1_ta4
+V 140105223750Z 25 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs3_ch1_ta4/emailAddress=cs3_ch1_ta4
+V 140105223751Z 26 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1.1_ta4/emailAddress=ch1.1_ta4
+R 140105223751Z 110411223751Z 27 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1.1_ta4/emailAddress=cs1_ch1.1_ta4
+R 140105223752Z 110411223752Z 28 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=ch1_ta5/emailAddress=ch1_ta5
+V 140105223752Z 29 unknown /C=US/ST=California/L=Menlo Park/O=pkg5/CN=cs1_ch1_ta5/emailAddress=cs1_ch1_ta5
+V 140105223754Z 2A unknown /C=US/ST=California/L=Menlo Park/O=pkg5/OU=cs1_ta6/CN=localhost/emailAddress=cs1_ta6
+V 140105223754Z 2B unknown /C=US/ST=California/L=Menlo Park/O=pkg5/OU=cs1_ta7/CN=localhost/emailAddress=cs1_ta7
+V 140105223754Z 2C unknown /C=US/ST=California/L=Menlo Park/O=pkg5/OU=cs1_ta8/CN=localhost/emailAddress=cs1_ta8
+V 140105223755Z 2D unknown /C=US/ST=California/L=Menlo Park/O=pkg5/OU=cs1_ta9/CN=localhost/emailAddress=cs1_ta9
+V 140105223755Z 2E unknown /C=US/ST=California/L=Menlo Park/O=pkg5/OU=cs1_ta10/CN=localhost/emailAddress=cs1_ta10
+V 140105223755Z 2F unknown /C=US/ST=California/L=Menlo Park/O=pkg5/OU=cs1_ta11/CN=localhost/emailAddress=cs1_ta11
--- a/src/tests/ro_data/signing_certs/produced/keys/ch1.1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch1.1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCxK1O5WR16X5sej2KRlKcF3Og7h9DkPHa4YKUwvQ8kpV+ezE/M
-47IjI0s3O5clSAAOHDGujx3NMvglov7ZUMXsfu/YCR1vu+BgsDP9Zjm0/y9Ua32I
-2OhqHs1UCtrtw1+JxR20T548ETwdC4qIsGTCeYjnLeQ/yKTr1PM+m5qYfQIDAQAB
-AoGAIqNS6iDnJ367qBzma4oBoZ7P9JuYFpdPqrqScVX1OPfwGu7dBzTZJg+HbBQF
-d+98u0V93R/z9qNpaopUgw5Ms511c6KlTMz2sYdPwzZYcc3BT1ccwgkGI8MREiV6
-GL4Ue8b7igHn2PaUD6FIGcq6U3yNl04lfTjLud47bXRUcW0CQQDp58qbqfkCyAmm
-bS8laVUbecTf5tTWxq/q7qqTUNLWNyFr3BEGmVkJg3a3OpKO9sKOPMq0wRXVSPTw
-7H1c5BDbAkEAweeQRdAFVToEFRRL50WSkvLvvTdghHnSeU13FlA4No8L1VL131ls
-cSx3yi2TLK0ICIassSUDvmTh0B7liHCvhwJAO3QRSbPQeWaDHWxPOYEmgs9WvVqc
-6uKhwGNdtAgtLwngUtwi77x2pzZlLHmU2wXZufG1zG/vrsDWkY5q5vuJVQJBALrc
-IJhmYv1Cr3Rw3sS8sweRvZ6mowiHLWFgWYbTP5i0OT8Wd4MJdguKQtY/HTlMdhVh
-U0JS3Uy5gzNA0wmtLjkCQDqZT6YlC7avgH51Xrhx9gbXcatEA0dk52MsdMK6zz7D
-+1NtdXVUSQb1Yq/ZTKMT63kljIu/EVKnhOgIsjHPt44=
+MIICXAIBAAKBgQChH1RDIGVjsvyL1/aokPAeuOkGN8sbyUdWOj/sfubuxprUFQ1k
+99V3L1IxbDaNLwd/DafPea9ocCt0pzCSHlX8KvS3w0cBV09luli/dXMCTEyoUT2C
+7lf6k2TWUwUSEDbJnMOvbFadIERLtLxn2AaZjvoyTMFPCVpG7AbPrOH6IQIDAQAB
+AoGAEQmRDXAViI9aqSbzDCwXWAhRi7jGn2+PPYz3SXi5zrHtmVOIkQ6r4eh9FoDM
+2+0HK+Yzwnqpk6+YyMMNHcZbbR3agEnwfL0TXE/WLR7x0FKq7jkEYo4o8F2+WaNf
+6EFd+3YFjWyN4HO4cDm6zVNu/YK7itBbBuWdXzKi3/J9bskCQQDSw6lKBlmPangw
+Q0odz7HNaTuFmyM7z4mxTAK6lWGgiLwgLV49/k/pajAo9E+ljg1cJ5aNcIY2wK7s
+V8fN4m1PAkEAw7QeC+EHB8xZER8Z+7HSgnZXvbjZghXUvvoKbQK6NybRkYg554Sq
+1lRiPpx3IFuy7DoPOmiHMSiZQSPj1x2ljwJBAMz9CmD57g+D0SO3vpViFR+g0whu
+TAV3JAex0xGgCpT1iGuPVJLdDuIJqo+alwCBOdNAmbg1EgScwUUTVzySlhcCQCDr
+W2KEJ7qYFSNcJ/K+prprTbcMMQpAwdieFsLfgpNkZDwmvhbDqjkDWMNPbnpy8lXq
+LkWU76jFO4JJlznIMuECQFcJ2+S+WaaS8CHkGclA/NF/YzciQMBZbbi8eRMED3iW
+DoWvdWM+TOJJ+2uEG62lssrJb668GnEY8M6ZdI5jWNc=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch1.1_ta4_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch1.1_ta4_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDLVsYb23ZcN/j0s4wQwwtBhcu+ywVMG2om0wVKnDTKXRjeZK13
-Ka6Aq9ZgRWJPma3Y5FVA/P2dczZn645x/1wIQcfSN0qRVePrDUyyZn818gutK9Gt
-zJ0NZ83SlsBxiYtxNCpHUBWERYoMx/NIst5Z1ueh7KuJMsQ9CHwAIUbTBwIDAQAB
-AoGAIq2s4cle+UFOgyUv6RfqjoUsB2EGiUFPrElm6J+VXUHdYOhYsS75pNYpnIeY
-yayS+p+ObqP2+OhSSgzhYU3EuxGyZTvzMtbH1ExaA3Trf4HqL9zR4ihur1/mYQLG
-lp9wxTrbA7soUaUItRiabIeblkCV4cFk9V8zfyV+MiGY7SkCQQD3LqF2Mx5wPnT8
-Rm9nP0BnKWYBnuCsxdMiulKcQeX2kUzYzCQLmsa1qB0J+rmuvD/FqM2OG/hA0XQG
-kvBPNJ9bAkEA0pe/wpIJbH2m5OGHHZlSS4PZYoxtAt7b7+DWgcaL/Fmo9S/EKlg6
-eS0sehIvdY1Ryg5hIdNSdXeZOsYMx3E2xQJAJhb+dItuDlfhiRqFgkCB+SOs/2Tv
-NFCLt5dEsaWJ/VPopqPWjh88rbOJPgdv45hIr3nSqypuN/bOzVCJTXtLbwJBAIFO
-C8A8Su0CeecvUvcpnQ4g9uk7r/ODQygWtZ8ZefqIUuW5XolhgwXEZvrND7bt/rpB
-+gH67zaRKNSdplsPeMECQH4wfbw6RwU/pgA1HBikDAF7+muNE/NTtKZ8tyfx2u/e
-EmFm2wK37zMz3qr9u/NShCgHZt9HdU6443Dsc7lm/Ls=
+MIICXgIBAAKBgQC4auO1v2Vm9LMyc6lkt92gSulw03tcG1t251ajcg6d+p+ypUfr
+P9uae0XSF3fKBbOVIhV4nqvzS/qDieYZVCJpGGe6uzcqtJNau5xoW+yxfqwBe7PZ
+kVeT60PmpjXhtcItyrtjrzXWtBaao3ocreH0+2NK/T1XmTO4HkHp+UKAMwIDAQAB
+AoGATJ2Dqq8wVnyUsgIhPsmwVnao0wnZNyPadOSZNuAcuH81t4c5AMAP4PcTw7ui
+NZj2yZ9WYj0xXKuVEO7KXH16qY8skQkH9ooVIOyy3V7r+/vmgJ+ey5R1AlkalJ+U
+7y/juiu4og9g8WwFqbu5zvUEVcwHE4qRpuaIzpcYdftClWECQQDyeuWwe5Uv4Jek
+o0sZuEr9VfjnXtcMkPSWP9ZPVXuyo4Kgx94f4m94IOuwWAZFEWIGDEgB5dBM+VgZ
+Kc3gOlsDAkEAwrM4tiObcQNBl3f9c8L2AZcOSRlqVBp00DA6x8j9FSxbpK7bmfW8
+9N37b1Mkm9bICoPuXZhyqF198uGVltcnEQJBALRqEKBhMz1uRCYxgV1frBwWbZ3p
+COTGrdVlJhXdKq5dzoHGdFUQ65NcG0EYHYIiTublGGahEX1UQOJoIlBl2vUCQQCw
+eJM5e3Kjb0kfSfGe4CHr9QdMuE2Ip2YjYOOWO5UwgMEbtiVzGanH4//GunxfB8DO
+zx/ZE5kxA3RqFY9pZd+RAkEA6eaGhnvreUcQQfRTSnyXf8AQPa5LzF/Dx9bUO/HU
+Un1M6et1+/bxf3ViW67Z0IX/+z+h+S8Nzk0ajIgmgv8qgQ==
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch1.2_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch1.2_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDB4dDpMX0gj+i2ThzSih+3cFKXULXqBCdQX2lAQrmFMMr/1bbF
-w/vAWEP9Fas6C6Eh5dzvZE269Eon7THcvi9TnQF7crP0lDeNRYgWWE3dg81F0hJB
-8Jr7q66ljtKUGwt8hPKkm96SSB0RRF9T2Y5zp24DuO091TDui0WO7zMGawIDAQAB
-AoGBALFi4tnITpxRLnBFjXdPqm8SFG6fCKFgRXvyn4CMy+JBXymtJflRM2+rEiFn
-Bu8nnrg97+MTGU8YnRRknv9A/lhfqSb1jkVPAqkLiiBr3U50I+lhRjbQyGbF0avU
-brR29ts6fd/Wiomi/ACpHzG7wZtUCeBeX8cfCY6uNEm5qFPJAkEA8mv41KQsy1dS
-na6F2CdSaGXeJA3er2AdOra4nNu5X51IrizjuNti8F5J886yBJo/y3D7QenWh547
-mpaNFl3jDQJBAMy92GMyp16vvI+lSiG2L/lRxP8Dsy/zWne2WBuThIvc/mJRmP3H
-vaDSkabMvgO/8+nD2K87kOAX1qWC/mxTEVcCQQCpbteKX3jDYjPm62y2x7zsJI6f
-KmaCsq2bNMxRLa0ha7+5pLxAnm1HTM9pLQT0/I4r9bpWtkXvoaNNB35yrIodAkBS
-WBBNZTP3WwqlYz77bADDb2WhguVwZZl/CDFLdfsbHViaRmMXvlu/8LBvu2y4qVz6
-KbBeWcCcwDmt+49EFeylAkBmpEGzeITqIl0c1WKGEMqj8CqpHsqpx3FSx4JjlUsn
-26ahZDW4SWpU9RyQ009mHfZ8WPr3nqZ1JRlGJa4XD77N
+MIICXgIBAAKBgQDHl716eHL2u29bygc02HCTlDnWnHOyWMb6EOuOx1Q5/Zo19Syk
+rubKopwHDFcFeMyLmC456HRzKL/3v9H7XRCd8Bl1nTX+UJd2cG0AeWYaL6/GEkUW
+Reo+8JA7Vp3t93C63vfsVSvusZv7HVVGZYbDG55QuYy50wJzquYeTRErvwIDAQAB
+AoGBALu8ktE7soc5zoj8AsNGQr3N0ol3J6w9rQtSFv95plPVotPWBWPxz8wSH8jR
+ZpkTAvLa9cAqUj5vugGDQDO7WgBJ+2VWA+PbzRoL3QHcouiP+8ZuM5vM+gWczThg
+PxawMfH8N0L2Tq/F0LjMGyf5jMzSN2QOIfTYpSys2mUb6sPBAkEA91vupkbiVr+Q
+Yyg/J+60YPQO0gIo2gk1SCehyhAbNlX6edoFLrPMDVFkEaSNvJTdgTFIW/VqLlNE
+V2XxnkGQeQJBAM6QpU7WSK3Gdyp9/cK8siid41zsp9EV3kHBGd3rXfp2H1ZgkX6r
+aArmC9q4QzrwtSbK1BU002DeI99XGk0JP/cCQCJ0utyMmTCuRIWbcJi2Zofu1zWn
+uVsN108yvhWwgqnh9h8NIJWt0+mzAbZ3borrTaOWYtb0a5MCZE2sVKjPxzkCQQCv
+yw3EID1OFp8HvJ2fgzMjuerrBER1fmTeFNZMtKgQJULaIejwojMzQ0BHbZVZrcyd
+LPR8764MvEBPLDOn5/1VAkEAzmStPUqA2sqy6jwuVxhcUzHukPsdZ95ybQ/wC6dJ
+ZB9uXYprFvXTSt4l3h7a5d/+k4ARCd5YAhFZrId8fDy9Dg==
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch1.3_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch1.3_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCwzqrRwlZvT8uNlYxl/SYvQtGKTl+qa3nJ2fHOhcCr/ii5hBJK
-19ipGYDID8IfRWZk0t8E4xZNk3m13XXHjpt9z4EeOkWhNLVS53bpm1txT5FBctL0
-0uS1Gh2H0TEVVjkScUb5Rw/oK4N46O4RkhfLSmZChQvYp/XEIPLhaqkgzwIDAQAB
-AoGBAJyrBIJKCf0oX95dncLhxmwqcTJ0sCB6i7ho/vNZYZkF5WA9v1fCW6G7j3m3
-PPQossq0cBoMfz7OZxLX4f2qR+yA8pWS2NqaU22c5wF2/bvpv5T1eY7cQbYX2AfK
-6drCc9UIn3VTorTwPTmn/xMsvIBwzoI4JqIu4JL7dBqJnSDBAkEA6BkIdJVDT2CK
-vf1FhQNmP/sZ+wETpgwEzqe/FftifzZ9c7baSEKI7fhe1fgkcVWoJm0iFJIqP2lX
-AxQEH/fMJQJBAMMD+EPzPlF3lxrRtXJ/vZUgKG7naImzZsrZ6FEw8qdD7uaMo4Nw
-jENIQ2sxwnlQaj/xtRgF5A9P3YdbXT+57OMCQHDK4ZIOi8SCjUphUCyhB0rmk6yo
-zEywoJFxceqT3T0nVPYsEY52Tycewa/IRKWTVAFAngRTOBbS8Yc8bfi/KsUCQBef
-rHx2w+7UgN6D1uom5U1iVuOQbs53iBU8rnLfbhWrGg6drNUoViV0ZI5gucE+Z5CV
-dC2T0Ru1vg0+mR42JKcCQEpa1BGEed85ogDqYCT0UMmJdS+iCk1KWPq1gWnbq7BQ
-JB79qrdxCNsiedY2FZaYc4T41KTXzVfrFfredffN0/M=
+MIICXAIBAAKBgQDZNOsoImpR+BEs7h9tyfESWgQz3dYnyppArt9ceFMoyDfSRxTh
+/CLqkNkZBQj9t5kglygj/T1ihw0poN6VYTNs1uBl28GLjHDDzmbpk+6Sn4cs1G8d
+4ZLLijiklQpqopTGQSUXzqYB+88DUkCTNDe1dEgV1Odkgkbus721HztCgQIDAQAB
+AoGAKsOPdORpuF+1yfnL+EqlCu7sGuYXLthlzExhr4wFG2doDh9ujhudKD+Cbrme
+Do3iORdpkMRgHJDoV4TTredoPy1d/eCdEROIuRpCpn15a+LcLzI1l3V1Q8CsCe8R
+RYvnt9hOnJy+UuVWSPJe3KYV+cA0IQI9mnmTqdEVHtOvzNECQQD/QK7GifbUTfvk
+g+n/30zSs1M7+iHB5edQgIWfN0tjS/EjiBXrKlvLU/JXcY9w2Iu535h69epMu35E
++HGhnPoVAkEA2de4OLuBbCvQw0MwdmZslRg3/PPZwl8nIN0IJEll5SoVvDU+dEJg
+k4o9EmH92g6D5iOAJDkqi+1Dnk8s+cldvQJBAPiuohjYTVxmZeUrCA28FnKpN4yV
+k9H/FS//JzAJhS9Gy7acXQ5yhGBCdzbucpu0vdznlP0nHZCIkurLSpn0AEkCQEnC
+PsAGzOWBWGgk4c3VFELPNnXRYxPq/+aisFUI/RVA0KcvJ/xZVTXfgposz7T7YTGV
+J5gcOwmxxkld6Y6R3ckCQHvkKIxyxgYRWM7whI4+1IYj/uyi6au0QHL33YegIGrV
+8PiPu1pHaHhUOdAZ/eezCOG5s716VW4Y74cAuLXm8Yk=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch1.4_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch1.4_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDUczpA+QOBsgpMpNlF94HAu1Pub5w9oJiJhoSNMx8Cpu0qFJpf
-hBEGnYIo+8+Svb/58Gv+PQZeZXw1lk/oRCyD1bgyFozgfO2LlnmmFOUSh+BVKkU+
-5/29DpRwk+RhgtMGmjjv4iK+GhCxi14WYPOaXC3/BgHLXyTL58cnpzpY8QIDAQAB
-AoGAJQ5AH+sPIIUUZM/wEdMc76f8+L7A6sLjOEGdRx+ejhDdlxRm5LgdXCEG/e0G
-BJtSK98yhvLP9JEQ/CvOnj2d4cN0yemVVTxuYngqFlEo8dO4+2fsaG34dgO7k4Si
-Nr8jGk7FCx6SKRKxhRyuoMWcqyyIIpUvehU3A3eh0hmG3/0CQQDw0CjVEsArMb4N
-Ss/hftusdstcrXK/jEJxA3icKB4X4idm2YIXwddmse3Dben4UmmLAQRT0f1LDTn5
-Ol5/kVvnAkEA4dkoT0Rb/Egn9J9znIRE3I8GaY697bP4hGc34QhalsWSaQYef2Sa
-t4W8oeT88qRDfYAKaQrkQbWCJrA4lfrJZwJATERg6jqqCgQTAPq0o+IdiJ2HAq8c
-LHYrhMdop2w9O6swd25juUp3AdtQRhjFhRP0wUVtLW7QHbjup3RJAXXz+QJBAMdJ
-HGWdl2Fstj0HujdBC5ZnaiwYtYUbSk5i2g7qlSz3V3Lu4FhfCJqqGsHsUjs1MQx7
-wDPiVXmZ1SeYVcYZzj8CQANUL6NgN0cuz2bx3D+aTjEexpvg67+0aN9N4Dv8+p1n
-g1BoGxm3NvU29DAIkNxxOJ63mzfmTuFauaJw9cuOxO0=
+MIICXAIBAAKBgQDMVKBVdbFpM5a2lymCBgZG8kMvGVe/kvBOtQFl09zjz16p9ZmO
+kemtiBWLJV6Sxv3WnuUnVllKCeCEuIavu53p0pn5hEjWtjXoquCzrJQJf7hnU3Um
+ZRa3z5JSvl8H2t34sRx8VDd/Zvfcl83SDfpYpC6WuIP+4j22+8UIRrobRwIDAQAB
+AoGBAMZEN2+1S/iwvkVeWEB6aAzfdqF1DdguVE+LA1gzQ9splMmGLwJQQ1bG/WCP
+Wj1CKXzfoauR9gIJo3olM0vB2W8Vg67Sfi3PQnmXxfQU7rRV2/A8jCz/wjbIuQq4
+wYtq+7fyZnC4cv//+PUvw5n7fSTel594FG38b4yKLpF57UbBAkEA69e2W0ZAcS98
+KROaDAPVSs9RGQAghDaoZ8kXlPrFD53ejzfEtFvp0evuhdaoti4eurqKFiieSXUT
+azOQ5gkPvQJBAN3LbGPs+dvXZpJ8P8+i4L6ODNKLhzs22/5xdTA79IyM1eWckJiY
+uWotb1bhtKqynx5AfxfTgsudF+pgVqe1lVMCQF5n+Q1Mb9tfALqIqC+LEURi/Lmf
+PWTvZDY3XwM55sw7i62Uy17PNCfd45sbtGlIyPBCX6hDFimdfep5t9T9Z5kCQFE0
+mMPhUP4P2ItLmKVyMi0ynzk7QtEIXfXEHq8BVKFdMzd1Ym+sgz5/0iMSUm6pJZ8S
+6DWWCG56XvY+PZv73OcCQD5PKZHpX7FbHsQZ6Pz4LjJN4si5VjkPVpDCH5QN8kyp
+7L5BFk8UVp+jDP2T66H5brfa31a5MEq6NzDZjsgh3sk=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch1_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch1_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCsDtS6GE/SIm0eDsUxGHbCzXD3q5dglDlpydWY2MmEphyTkgDg
-/XnS7oSVtaE4OsB2Yf7+vkSbd6C/F9FFkR26oHvmfF07rVAs57lBCNnFrQmRZdFy
-V0Iv+x2g02A5jH/SkVnQmwsLhXd8ek7j3vjCG50pGabke+MI2MPu/cATGwIDAQAB
-AoGAHD+zHXqwYEfWsoCqT408sm8YhRFfITQ02PGSaC3vqB+9wVzPWCFFxyPyEMJp
-XdoHj2g3fYuvp/bUJYu7iDhzMNPVvBcd68toP3sfmuXe7bA1gqfge+BREAID613O
-0hwedOCGkbxWaqzYaFAMC9ddd3cG063HYXue+GF5Tg2T74ECQQDjUrw+gEZJmRla
-+BZiLDR+DJb9+bt9yF3Nx1I7cPH0Q0l5kpRT/H+acgfDdMJYGODOkLfbTNJkj4yJ
-YxN+OdBzAkEAwcNWeWPWJJ5Dn89MZn3mF+GxMGFtXH+2shjkJ8aMznflber27Tcc
-fqXJBYwAU9VwhBiPNPPg6dNLkugyUTnQuQJAWl44kUwjJPzk1IINO+fA0l8k40AU
-5dLyX2yeZxzmQqlBG0BHEQAupfIw3eWboLP7IoLrZBWtCeb7Al7Nj/9huwJBAIVd
-IcPjh50koX75e6h/t0NwwDiAlnk4HlNu9nq6Gmhx9aQ2OUcEy8QP79C1j/Qj0JHb
-JZZY1dGa8UVoNFnb5WECQCOwhohOXWQES9BWLICr8fQ3ihGH2R2Sz+r+tpCuoA1h
-qTDIScm43GwqOOUv+EAcE0nrwnzJMK9XhPPLo96nmsk=
+MIICXAIBAAKBgQCxrPUgXL9EoKD/CygCG53dHzxq9xbAjuyvoaTEzyaOQ8qKqgWP
+ohADMkHQbrRSRUeoRovF881VVvXQw+zkpGOLmof6dHj/LPdmdz8FwzHQRl+2F6+1
+dp/YjSLTdqytVW9MdionjukidELO20K5AFQB/hjGSpa1uYgybcXZVvyHlQIDAQAB
+AoGAIqJLWhaaNh91oqGjF94YRK09EsC9j6WMn6PLwY17v4mZZrRDxz7ZDjZyu9WI
+kuzsTfIKdvjSUstTuXEnsV4WBSJeVrflxkOMWI5tuGEn/7l9Ywsc6Ajpp9UIbVlY
+Cpy/yZnznqaoiVObmkkrxZArImwUjRgaltA6Z03IWQWUZEECQQDZJQAvT9bt0wS7
+2jZIV56qQRCPjdGfboPb0CZ80urPxwFnCBe63OARcnG2psYd5V557xoynXCT2EXy
+QYW+odHlAkEA0Xf09H5M3ymXACR9Gfm83z+j8Ev9QPxK1vOFrw6GFpeseX8SSZ0f
+X+4A/M9vRMUyK6ukgXdRZREQFptV3GtD8QJABcqq2pgyj11Vfv0u/Xb40Gmz22BY
++vujoLVIkYO+p5QTQYBBwcYqY8y9o7WHCz0W7AGonTj9y7O1CeUdgBwo0QJAc9r9
+SR1yNxwxwIpuByfyJyhz7DybXo4sdqdKkYBe+a/6XVjDLKQS7mQdd7bjvA21qiHN
+Yy4zfsrpMxfHbZqGgQJBAKwzkCzcCMAQK3P0jkGblsK8iBPsOiySRuH+7InuKKfs
+R/nPaeSdE/RCEFPsO1gbhAJPEd009sNktR3mlscBXqo=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDOYMIVJ//vVQN6GpUXf5OAuahkP5YPXrK2C8CFAnolluDnMQf3
-SrmLp4d8NGWbCLMmBRPE0y6I56fYxwVWpItXthIuxGhvfLZdOH2ik28wn++/24Hu
-e386Lhl+uQ2d4grjVjaNy1TZw/1nWVgZi2BlHZxw6MMYruyvVu8ZJuaU/QIDAQAB
-AoGAZn0CpUMCBLbxTRgaZlsCw3BvwakaOnPKyEE50FQUmMo+0lE1JYfEcSg3TmUu
-+DjvzrfCw4Ikn/R7FFpxuj9ourfltLVfma1BPHWI8oorUJbFpa4XziifvU5nXaV7
-jdvolrv7i2vaJjIHA0dxc4OVxUi2848a97pq/i4O51CzPkECQQDquihAb2xf6Y4A
-TShkF/VTHUai7qwboeJty1qITHZIcn13lZQeh9O8JoRjr2STSontuJvtxfn0WpQ+
-CCKiMmzpAkEA4RTg2Hr2ZQhC50lZK9l3qVZ1OisNIqtpSnBfddqZC2ztMC3bNSpj
-3jxQQlAxihB4GxNCsSgDdH8g/QRu4kFK9QJANgVv/Bxouc47wy/+ysKE0IMdXaRG
-cfmY7iHuDQ5j7pqC68G+HCSwg03uDC8ym399LPvezyNQOn+aPIiMx/2I+QJAas95
-k8FmQ7OT7CXGhyR/wIAiySO87ALjyEtjQY4mqmFafU6Fg8lF8yQ0AgQEPjxqgo61
-S1Rtr07U3LzJ0dyiMQJAFa16FJ57hVfg/u8Gpr6sCkO/jGHgcZXatPgK3p+2B5PE
-sRA+l8UcB2DPjeRa8J7ukG8rPxU/I7BUI+3yaTFTGw==
+MIICXQIBAAKBgQDho9BR3Atzb0Tyx2vyndpW3tRBYXVIeBAsU/HBKAFKEFN9Mrzi
+AaJ1WQvPOvxBuCw2+/492aJBe248Cql+dFqG6gZqK608fjKLl6S6U8G4vPCPgCJT
+l2a7gBUFltzfYilNFd+F5pAwTSnTBLdPIkC4oSLtDkvmAILfiUhjh7WAVQIDAQAB
+AoGAWMh3QK5/hvVCQPD85aL89W+KPwuU9WXgn0CMgH84Oqc/4qRjM96GyPu3rNu9
+xDIum5f9yuJmeLOThWaAmLQ5pd0Dirig+p19yQRZzZkFfUgtKY7MWqNbDF5PXjfv
+eNRE2ahH9I0R7925iRDiOpCDpHQrGgk9VTodEESvZHDX9QECQQD6pqxSmCfH7wVO
+DCfEaFD4Omxop2zRFpD+cSKTHQa35gRz2fE8iqYlbW4dQwISJ63C9eKmeKrHfO6V
+0kSHHcjBAkEA5nSAqcfm+Ky2DBjWCe7Ur6afgNnsSYwzRNEuPfonHVhriWAuO2y0
+6o8MKH8JwdFL/nl123Tve0a+eOZrZuGolQJBAOo0lS4z+G/sGoPb/cibRJU9WhDL
+6HTS5jaqFglqhN2O8zghPDU6xJaSUuLKuwOlycozIU410DXIudKKf/fUz8ECQQDD
+lhrgfVUstkAnEikN8xG1Jd/3Vnywivm0LShm11i9Eh7qT6PNMVx2OgOilvbr9Lrf
+dawuHhdl88uSBlUe0uPlAkBm2Vz/wge+qFNiaaBBzp7/PBbhv4+bzhPNyUR33F8h
+++iQhJPCY82FZUjz2i36JGjyT3Tmm6AcSL81fWwxo9Wx
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch1_ta4_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch1_ta4_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCtnApYHSznp/3ejA6ZXdCyZ/9ZQIZ61RPMXqXkgZVFtWutK9Um
-vLJTA5RXYRZdYN8uahU6BIh3P8sBIBAg4KtJbURY2cabRHPt2Rrz68p03pAG/8sY
-nEP3TuDLBq/+Tiybv2rCrlDD5/3ZwfEYrbeu91aKUPYTG0cNws/EPzHxKwIDAQAB
-AoGAMDvKI/D3KOVjgxEmfTWzZd2+8+0Zb8cDWSRysqnN7zAYWmRzM+/5G1dDP4OZ
-0xe26g5PF29q+raekBF4aaoB7E9eXWGUoTmdt5H9hE1L0VdkEDjCK7taHpjbihef
-yJfTBjiBuXAfkO70najMivc7+d9jHYiSk5oaZiYYmW0ilQECQQDY5xkvJW4UtUKL
-1TZUzbCS4hhGHaxkKCENJc0+6tfnYY0Cd0ZI5yRNJfn5Kku+UXe1KH5bdqQDBi/t
-K/gWOrXHAkEAzOcxRSVpRkFaGMlAXLjZZXkvjq1cDqJyHAUvc39pG0UC4NUW6jwq
-35oPD7ggHaSDW94BcljLmS5qpmqqVgNZfQJBANG8xfF89DE6BRtKFLt0GmYuEuLa
-FrTSyQL5prpMRHINNllIFMKyH7wqGMoDSDLEfEjE20p+MqJp/TYN6ls0ckkCQCMj
-lsB77PTeajwL71y3WpjbUnuOYVYlJ5qEjSGqfPTvPdIe2QIsdVHJUsHoWqGav+g2
-R1s7vRa07hdB/ZookuUCQQDGXVeL9hko83p1x6cZBpb/xq1BCPVP/i8O7RXt/p+B
-ghnG6sNAolPqdxTuCM/hbPtIntqvTPAfZYarJ/EuJpt+
+MIICXAIBAAKBgQC2qxa7He4lWi9Y59vYCuc2Y9XK3mC1kMKC4+x9SQyptpXIoasE
+DKkJ4ZOmvkM2fhthKBs4A6IGGYhyqbmicf/b4TyFmAGyX5OgSrjnNq2PUIzWoRQp
+sO7s4gg/fTShxF866U+wwNZf8hB4K6707ijIKSGfznDV++oz/OJaXOIb2QIDAQAB
+AoGAXmVdcsbNyTmonA39OtCvmRjQY2y1lz4+djtoe3njdFRpZOu+n3IXbIbIsXNC
+8ocKiRObtT+TXAmXzIFO79ZvfAYx721ww+RaUah+X5UKtHqe3QWsAaFmwrkNqJ6v
+vNkSCHP5BSIn8m9t5OGrhPUkyBePu5GTkVgWHwx0yP3ucbECQQDlJq0V3U4MxuaM
+XEN83U06LzAm5Ro4Jy5nt7ooMHcsWZrdSWSDlQLOG/8PeAZ91PS355xBfDP6oVxm
+m1QLZYilAkEAzBIsx9Wh4gSjpm4ODB0PnwO1bMYjti+7ZSdws3aJiywv6NGgQ3nL
+ciChW4aLn23u0X3W8VZ8BCVYGbbZToUsJQJACkiDCfEleINQg0n8qVTRC2Rkt8oe
+NBjmBzeCfh02q+HVhkqt3Q3J03AEMTCEsg7lcH9PTs0BFCU7nUspKV3EFQJAOUdk
+sFaDUKhSstUzNi02BEELPFPFFE8Df1n5pTXBV4H4lJW6MRZPh2InSERUjlRR8xUq
+LqVCu/srZlRPXF2+zQJBALG9X8lDFV6jvaBZq7/upwL6KgvVf14jMaDWA8a1eL0y
+RdwfXtdb2igXabexV+yBLebkACCKO+veN7NuO/KQk20=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch1_ta5_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch1_ta5_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDSDj4MU++tkRNetgF/xhZO2n3IJhuFOOCY1LJhC0O7LpLVmg7b
-q62Pbp3IJTbi28r6q0taJZFGyWYRDWae9xGCAuEu79/07Z8PpG9gQSAyjBCQTJyt
-VcxAA4n1FVMTfau+U4sURIj4VFDbMfWuXA14aKo/m0r6GrFHU79yHYn5QwIDAQAB
-AoGAQ5FTQjHpwgINogSXvNsiJ+E+Xphrd9IQ5PheHLs74UUc9Fqm9uBlZuLlHBFk
-c1rSEwnwpiG5dnSoQUn3PaEp3vuGpCSnYLRIA2Ts3WxAhxv/bqpnW2/2+0rJObjk
-TRPw1TTfHP40tlQ9z3iSTbGYUR2sGVBadE+cr5UndxZUpeECQQD8c2Nzn2IoyEcS
-FQNBps0py7XCD31hhp8z3bm4mU29Nf1I2n0XGt7AaSmANHe4oKzydA3wkQg7yziV
-t2mmjfBzAkEA1QJEWO6l4xq4C4HD4J4pnl+V/gyi/8RU7a+BJne2IdQoK0qld3YV
-fGSuDwt+KmbAMU5cKgTNYNXqlJvd5ESv8QJBALbMWuQbMfmz4/qM6pm8TW0JS+hk
-TPa0g00MLXIk1+y9TlVVmCSF2Wvb+igSVeqDthetv3ZFnn+ljKikccUfnE8CQQDG
-RpHwZlSsDZb7vxLh5te+wCMSlBi2E78qcI+7ivtSifXKNnXHuXdOjzkmcABE39hP
-DS3lPwsd9IGjS2NEtFtBAkEA8jx7z0NHTRNoBRBUrhP5YhnB5bXtRSNtlw37tjwL
-iZEFw4gGRrkvoru4/3qIq8FqnzOMRyinNbp60cub2zhHyA==
+MIICXQIBAAKBgQDnFNncTGAPrUmfFPgv2Q5lk6TE5WsTk8F5QBRPGVbXiAeb3kVA
+ziSRRLAUa4tN9dGydcxc1+1zLNJ1qlBvlACNDrsVjO+hXSwjc5X3SLVKO94qoXwD
+qigX8KdGuYbzmKcx/+F1tCi0EbRLymTkzSr32G9rc2SrVQtbYHZf6oZXHwIDAQAB
+AoGBAMWDpAfR3FXqB0CLeuvi+pRGE5MciV6Nb9TEudc2UG0fX2mSHd2bldP5Qwvh
+NIvpbli8qXY+Nj649BcRAXmtpp1LPXkd5zc9rAPsbY942a/4mw6JTYbDDl2x9nFm
+4FeaEou5tsNy+ukrodJSgEMyz/iWzg9ELBfMZQXoErmfq8EJAkEA93BZ3tjruxyL
+Bz+BZU+9GgaFH9yKoNcC/a21rhEMwW4xF+pe8dyR7mAOcJkEye3WZGvQ6UU28KdS
+Wc17TlU/swJBAO8TneZhhmXKQF7EXtXJT8FVBTcOz/qQZXVByQfn/sR+dJPGDmId
+Wo18kN8R4DDHSlL3E60za9pj2eBfpVFcNOUCQQC2XvFuJTVBWJ1Dv1Owhx/aQbn2
+rMbkGvUSYejJHbnoCz5V4SEPZEGOju+1n6J+7jQZGboFZEVFBB3XIHLkXkKvAkB4
+zHaqI3jfEdR4jcxFRVSxIR5jdW6M8kzxdG35OrW13xdUW2yFEsPgXaJttACNZQUe
+6ozcpPDIBk/eWTWU6HwpAkB/8uXEvZw9jF0B0S3u/5voLqM8ExVsFqZpbS4EZcO4
+8QAaG/C41RufSKhqX67tc4lZWSs4PUa6VCuyrtQSuIDY
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch2_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch2_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCyLmQXPd0yq2CxB56N2jxQkbfSwLK8r3Q7wU5s89CYkTI0+91I
-BDqGn+cxLhmzSVkLIBmxu1KRRVe6NkligmE7jWMRyKb6miC4NE4OTTFza+pe2S37
-tfkEfPmdsA1PdCs1sU1jXRFIfnLN9Ac1X+dZXhbimTq0f0rMvIZTvVW8VwIDAQAB
-AoGBAJ+k/xrv2+ONN4oF+KLCOS47EUesTbjPP0ZW0Yy++1PnK+PbEo129HUwifU/
-h9liS3yzWzIqUzVDuvFluGShyrkQnN9807oh+CR45uZl/aKRkbN10Z3hbdkCwM9z
-/72eR09QeddrVmsJx+i2Jd+p9EPsvGrl91JVmyXa25g7xzDhAkEA4QE6qn7HUqaN
-tTbGSFpg2vW7iLg8puyWQycSocpyP5IYavbjHGdbcUxNDbWCUviUvOIx4wpymEBN
-bgWw7h5CBwJBAMq57tPRa3J4ym7/W6s0HaXXjLGTzKOiYLd9EuSnwBPxpAtQoP05
-Oq88wOaI2d24pqyDdZ0Wpr1KOv1IZRQB3zECQAWYoDrpWE/H8LJXIGtgRBRuFDH8
-UxXbwIj/CcmYXWsTWSQf69oi//U7bpcusoUZxalE/vSkp+D9iG96GMJzYjUCQEKt
-IrryLwfIaLRXMpw9mN655WFmfjD3sB3JelRQRCGLIWxDSZ/fmciXD88DBb0iBVfK
-KP3QvGiXqI0zqWMKNpECQEnozhu5Cd5JAtQqgc82ElN/Ogjhs4VC9lUBfsk8ak/+
-soD2wXyAv+WHWX/g199NsdFQcd1mQ+x0zS3McL4+fik=
+MIICXwIBAAKBgQD0JO09/nDIUbaNJniQanf/3n1YHwD+Y7CI3kYY0haEr2Whmpex
+OBRr55jBeW8K27KSbtZ+zctVOaAn6QbIRRksFsNP9a/N9hTLhVlcG4Pc9rZNMAYo
+ZvYrGQM/AN4Jd1CimLFzPdV58H55K452lslDz0SaFS4JAEemWvA1i4i3YQIDAQAB
+AoGBAKGrikaRJRIhuicCILhRKKGRLaOa9EeAsDgSKIzrIeo/U6eN/YFnR26k8Gy+
+AyBHl5qMNxHFKS6IeFu1Xb5ks2NJkmcAwpPQ8eaj8aP5fAiKNuYlGveDp2RIlyUP
+CS38SyR18V+00656/HUbzvHuk+TjYxmRl0E5gEalR0Ig8Op5AkEA/gcI7do/dy6Y
+pMWNHjA0D7pCc7goDlGFj5LBQ/DU1g/xyDOwt6Cf/F0iyCzNx0KKQ1V2jfeqMMJt
+aE1xwvc4kwJBAPYKPt8ZVNrFKtsN6oHT3bgvoaoeJVor6JVw7gQyEC2Ijuy/drjq
+uuLaTW6f29zJuj82l6BEGSDkgyKGB2U2jLsCQQD8RIo2gyXBuvF1uIXS8/XPpJ43
+gyusRIMJuKjbSsBisMTgl4yoXwhiOy++cNgOSOM7yRSKGejWsU6rZTVTc+WnAkEA
+vPQTYs0WgMjpZ7/hOIGYhqp18qsiLoUIIzTOZoR4Li/w69sC93K1wiC7VNkKRh7a
+nU901Q1Xaw5zs2DRbyacnwJBAPBdIt4sy14Hhl5aLcHdup6wRrqnFZBfgZog5MQU
+9E4hhYKL5AS8kWPo1GbqSDNxp+RH7nLB14RHloIhHmqGZYM=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch3_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch3_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCr0dXSanLyuSAHU5jmFPzeZucOHas1x/WAXPvnA0qXFbfaOhhf
-UDkcmqqt+GTTdqHH4vhWyR2vP7vQmPQswxzq4xjyYDVuO5lnNSfLZH48HMtk07xg
-8Yo3R5wCbnzj0zga8D2TMYNXrjYXtCDoRHJ/1GUlpUKzAlVpGJv6X39i8wIDAQAB
-AoGANl/djw1o+y9i1265QHb731YpYOo6uHZjVxAWF/GOtWmGGWWxONimekroIM4u
-+kzcvekyNiTHZCKDSWxeOZw1lgsq5Wwxtw4VDH/xTsGaEL4Isw45EHH6st0/pY4Y
-q3gJCIRZVkka62Euqi9VoTrWC0+L+hQbNpZ+J0lbWJ6ssOECQQDWCCgItYqR8H0+
-XOlGQD7S2fJPlas1AyI1jyWrtkdw56cbK2Gb1Pwzz7oFMXwavmTmAqVgu1breuqh
-QddZqI21AkEAzYK8h02voDpvKSF/+knPXtwOJ2CkHzw43eGTqsDD+P67pzrYPQqU
-mgXZY0w8taLY8u+W7dBALB/KwPwB0a9XBwJAWdYKl707cI40w5xT/byxoecBIg58
-UkACd+ChuzVDP0y8g1buHW6EfWrPdaaTpNYNm824hKWdkjGBkjYEoglxkQJAVUGL
-XMZJubsEKpgPM5IzSTMZXBSngZ3GKaZPUGMv6bgjuTicRJaDF3KdwKf7945bWk0y
-2+2s8aEux+jECG0pOQJBALyPNOK7NHn+iEu2HYSfKD0f1M0mL9cGxtzAaqGvZHsQ
-XLuZqxz8S8BHzoJDHEMT2H0CW921qYFowrmq8EY5ivo=
+MIICXQIBAAKBgQDsRn7hNSUckjdR+5kTcOeJ1j47KFmYluKBhz+ZhV0GCtDfBD7+
+igD1qpGTqUhcWbnL8pTd/nERr5x+cc6WIcz9J+l+giuE1XM6icAJK6oW1l96rIHR
+mxhNhR4zL4aow3otaCQwHX/bxTAMv9lyBJid/y/PlOcuiLJH/e7B0uDpOQIDAQAB
+AoGAY/C5sHbzWK98WOAscq26MnJ95jX+F+4SpylXPI/NtkWS7hJ0tuQW3dMlOqlL
+I00MqvjUAUaj+xAmCNIIyTZI5yfux9nxkC3Fvl9CkfozzgXuey0pNgqONURR+osA
+NzshguNUmUN5cGeSd3Mgkvn7K84UIjisighYrres3sWmEwUCQQD+1oLiLHVblLd9
+rdoLLQP7JGsCepevHXQQjtT8xL9rBsG2g6+3lvql5bhM5b9WB9298fo0JKHK7FnD
+2WDJE6XrAkEA7VpQqYqWzQLxMQUymfA9Xe+9lCNTfHBRlkF90/H6FcvAiT9h0hu1
+kgjtpBJwnqSlF7/zPHD/0XIyhlSYzYuwawJBAN98O/ghySHxgCGlz2yxo6Yhv/7C
+iDe4esryl/K8kKpJmKR5RCabL2FB3qkBaxUFfP9RMH1+Cq2tLOPGxUxSANUCQCsb
+zzCr0i3UDfhoSEN7RboM8/K248/jGn5e0Lqw5UoWIpcK4vplO/oVEwxMqRW3M6D3
+pPbiUyQ4SILrVIFokJcCQQDyqLCgF7gr6xiP58th58/14ggZPm2vKTtiOrBxdV0e
+KVlv47uA25B/kd5BT7jwDPqoRQ1+4VFz2YcMDONr3GLV
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch4.3_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch4.3_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC/uynwLx50sLzqTf7Hm9NMztVG0RHvVm+avhpTwwQ7zRAUh2fF
-hzmOoxeqQvQJzDFoKm4cUCxwWt5ZEMB06nMrBhzZICn0SNXJHikKnUdzaFD0dTQG
-k9WpfrggLm3vecOSg3lTSyaegDIZXzn+RHuJCdxjekyt1ncxGpwmPK88ewIDAQAB
-AoGBAKRskxOqpPi3lNtvFd8C0FufSSIZK8NQIhfXjeZlaR0LyA2C7chlJkQfs6zN
-DFHWrkxBjvpy+xlDpElHZ3UclrRDty5P/G7y7NC1ElQVpk4LluN3MyO7CiQY0ea8
-Mg1oiQUzrrXH3vNMdPerl0OGhnvTi/UtNeBzN4zqN7Qxv2S5AkEA5GleGFvTZmke
-dDN4X4FSK8X/53rYk7qwcqll3m2xiPGwODeWltuyyK/IqTU6JcXk+8PRqLb3oOCw
-4tz0EmOBFwJBANbjnL2cfmsF4KUNryyazOAXiboLZEanClxK2s6NGZp76BNU+G4k
-w3HooJMKrYdN1lUEWywujt9lK6XN87calj0CQDtihbtRjHnw1KEjjKVQCxwkY288
-ijiGbj+xeTHGVUUkiUtkcHuSbT4uLb6IfzC47drjQ4xY3bLvGC4zgiWRx0sCQFJX
-y+MYiZTHHssAkGSeOO2R93O0E8vDDIRLJsdJaEs7ObXWtI+4RLBsfMN7rv0PBZd0
-YN9wQ800vmH9pms+o90CQDzQnNYtY8aQaKo2rDpcaB+UGxgUqNBT5FEKC060ky3Z
-cWc5wy8jMOFJIuxdJVo+Q6/yImHqUrigPGeyQ1+diCw=
+MIICXQIBAAKBgQDi0LqRicImIUydaGN+h5ueMVJNMLMrnCaFQGNpZnxdUnPTYQF4
+GA5GIW00H4TiQnKc72h+SaY9YoLzD5V0E4ih0b8AkxAk0vy9GqdP8iSyYNVXlmIJ
+yJRftlc48QBil9miNdaVR5d4SBd3K8Ri+gAM8dRu4XQlOA9cV6+SN+cYIQIDAQAB
+AoGBAI2hHs7gQY6Dvo6P74jD7uVyEN1IaqjxoZAVa74WE9RGNzMn4L3373nVR5aD
+k/ug2GasjAhHvvmXuQNDmORZijesfsJ42vmBlIoXIRkqWD6lsaWpXIrgdReB7nco
+NPyOro+YXcnd8ntyu0Ik3zQFmZ1A+GLwBWuDAYlzK+zMhYSdAkEA9Z5PP8WqMe2v
+pQN1Ld8dERu9oJpMlvMCQENFXFHp0u8MLVhFf2n8q6/ZwvQr5n9zA5lq9u8WdoOm
+Em7xlnZe+wJBAOxm9m18nz8J6ZkTv17T3jpI+PIhxNT/MZ2AT7KB8HK4/VIYUWwu
+DLWd6ipa0OXJz+T5c005thRblZyRBN5OSpMCQQCpOT4+oNBHAAzQ8xXr2dmr7OH0
+Yfq80YbOgcqq9aDU/G/2WefgBkTYgRrWb+ZDM7IpW61PnqBqXP+xmZCHaty7AkBw
+JJPH8nNUoy4mSMDiih0EhzNZIX3PENQHhCPKaWuX8HtzI0gUym+LBENeHkC0kRzG
+4TK6MqNWWu/JGt41WuxzAkAig54QT8lO28bjQlsQJC+cNRNy2EMf45VUuzreGQUE
+XBsoCuSEfFLqZzaKNN3R5v+Hd/LVikGWQTK+6TVGRfc4
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch4_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch4_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQC8sBon9MSEpz6W2JWhNRa4gszewbU+Zg0OzT9fOPGqrgtjVodS
-5bCwbmv7R5cD21AEJdj5dZuBT9mZvVNHCpd81AJAuJJdd9ItZIj3qdzCupbwdPph
-U56mhJftl0kINinVLPQF04Hi+H/wBZYFKbAvKWZtMj0et3m1Z+c0SwB5RwIDAQAB
-AoGAPuz7zBd08khUNzpDrF9oFGCKsj8nkoe2Exmf6MG01pb0dUyGFL9FDZHFsSdO
-1ZpuNPPqSEdQdO+MQhlBjI+btRLKK8SdDrl57BQW6p3jtTMZ1L+bsavSsfQpbngf
-KbaVWifa2U8pKVnJWIOaLT4Oyg436jKH4+9sCEAveqfdkwECQQDkoYPB0pqcheP3
-7aaxYx9gt1lBvrZ4x4OXQwW/u6JjLd21W2X+cu1V5Q8yTjHCv3gAWa9C/+jx+osq
-dSEZWo5VAkEA00aEkXHykbuK2mSbsLeiVZMJOKmpRHzU4oQaDJ3eQrDOpRPs7WSB
-aEoUBgloq5QKZ58CZ1fvCGbmQUpnoQ9NKwJANi139XQcoz6vGM8+Ewb0Jo0MH6I7
-xz8wFaYSNK8X+fyibxlrf/Jn/1S6Vydkb0vD+gFGoM/XuY+vbq4227UzyQJAGQAQ
-MdHE/V+u15buIWQpbmzeu3jAEd2fp0owduu7YDLh0QDhmVm6Qmf5pJk6bIsxC//x
-3d6250yd1H4EczeHTwJAXyfA6QoPpK913zEu+2hVetfe7I5wCnSC5wSUXCCqvz65
-L42wm+hI8HtwJiyTZruZV3gPF2HLGzbvvmObVFAE6A==
+MIICXgIBAAKBgQD1r6+ZlfNSO+u+Yubrn8X4/48M0uPHBrFFyv+M/D289G3j+awS
+adWhbwJSrVA0fsyn7oIEs1vmvsxE5rjS/B0qgNgMwTxPlTFoivsr4qqyVHw604Zt
+XyC2KSOudAn9mtNF4uMqYh+R/aKxLyZo+01p+2YfC0saUqzhi2mxFpaJEwIDAQAB
+AoGBAI/cYt90/Xhum9jsgrj/4mWuBy6EIlo9IfpzJnaAkQoeumYeoVJa5HvVy69r
+yqYihWXj9AAaojqYCHZj/1+TvuMpvatcl1H/pgcxL7hRg959chvh035eyJTCkEcg
+LqfJeYjWh9h/iRFEUvnx56aYzmRyT6OBCD9aFYYqH3t+7yyhAkEA/RYKtBlqyA1O
+e78kc760xLSc82UzOi0tAGcWgZlJZy7eVrd5pev48N3OVLdETXSWuOMcliijw5fA
+XauPwTyJMQJBAPiD1WFoGEnUJOYCG6Nho+8853opMOV/OtIL8oC/aJ//TTQKxMyM
+ZaCLLhwWFPqp6brQ8Qqv3a8Qbnpf/Bs8ZYMCQQDZB3XWS5WOSBrtc1RHDVrm9BtD
+fZ0YXnUgy0Y5jMGtgjuYEW54IosvwoWVkDM6WKiHk/qHqgIFULTdnqmAA/GBAkBz
+vhrUWgHt6LMiuNqcdm4+jzQT7jlKub3wdAYGtp8I3YPceCN+TOlMI2ZfSF2O/THR
+g1ywKIZr8ZAyyJ+HI9L3AkEA3oaUTA0xibu69MLgGBdGUtxxrnlA8iUqaEz0y7r6
+UdTgDUhSb1WYfTfB+VaFGdcd2utfiWBfbgH+0BwxeFhijg==
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch5.1_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch5.1_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDXuXjhrb2YrNqQaCbb1+1b5A/X78FNhCBLfO8nUEur4GEQEK5r
-1u2WswQYsk0wuCOXJKmSahmV/Lx6cKtlVSZKYt0J35sD4Tj4uqwtJvN2hMld+CGg
-V9BsrS5gzK8VA4/l4OKG3+0HpUo1/mV4lF8HvdD3eiiOXZghe8Vt/kNcVwIDAQAB
-AoGAOm07djQuQ6mdULtEuwpSeS7ds6h1/F6quIdP5p/yvsx4vXcnJoIBu20k0OOJ
-0IYu7YK6grNF1r+q9KaLZViYk9F1I8gftmnLvZvQyNZ6pkJiail6eJjWFQAarSDu
-hCWaboZO5IR9LvuDEFBPhU2sZWhKHtTOEieJFMnDNihfKyECQQD7z3AznNT/Xkvg
-nWHEIzXblrRsL3h/TuejMtp5e/0XoG1Op8ibVZR7T2C/lidgsc3c113HseQlaLyl
-HR/lRQv/AkEA21BUdEzkweulCopqPxTzbYH6dWimbYnjGZ8Hld2cJUzIbrrGS7h8
-LrWxoXZdVBLyctKOjLE8RIq2dTgDKgWPqQJBALts70q7VR6uhTOucPKYcqH7Tleo
-DbxUcr1aQJtj2kIXusRsxjg4Psh5kL2Jec3TCjNyae8VTYc6qg8L2o3AEukCQQDG
-lguTL9loGwdb7w/bxQ3TmAGBdNxWjafdGFpXAs8UG13WnjtWb1vLM+z/Zl2F9o4h
-GLXJgecvrWcf5zM+RsDZAkApQYiEiWIqjQDw/8sPyCkBEKWcehRtlb1c9EtNkxIS
-RP0e2lOfdnxpDXJgUyYSf/MPDrtfrVKM4skGYRVunSae
+MIICWwIBAAKBgQDM3lTteDHAfOQlmKMN+ncI8znEn4hB7gCjNe228Myj/Q/OPHC1
+qh5CTlyu2MuZU+8eSflMX0e+0Obi8RIp1Xd1iHlMO2QFughd3O0ffxWSaey5yYTw
+fT/bZjSlNYwim19LGYMVNUl8S3c1LMRYNBXxZpnOZdMGt9I115Y57tgIkQIDAQAB
+AoGABKxhtZUTVXfD4JOtzIjVJFAgFjspaY+bVh3J0W2GzYrdTHAWhh5eWFbfSGHL
+qzC9+KvpUvOteE3dpnmnV2r2MZ67kt76VQvWf26EAAaGNZp0rSZ7LOP8ipndQcMb
+KRykm81UuqC0ClJp8qSQ9/8HnFv1kZlglHnz2/XbaXkkSH0CQQDljwvofHrFEWMN
+8lchh3ESPOhZx1xjTp1zIDK4s8zz0Qv1JnXRJK+Zuvo/UPRUNrVAzYbxyo8wcTxF
+xtHXNntHAkEA5Hc/X4qOhhS6l5iSKiTMH6TtJmUoBdVmonOMSEnT4+EMoyhm+uO5
+m/EiApRXt4b7Jqqe9v/CRLXAmJiN10mZZwJAd0H0Xshkg4K/4hv3Nh0GGgJ4d0PB
+9HmABLJCh4ApRrVgr/BWHtwfOg9QOJqXBDUTvuHHbE/eSb1aIanjlBniuwJAMBDW
+iGdCLPtXdmVm+u7a8x1jt1w422FWQn9E2ECQD7VdT0ZExCv89M36dch32+jOFgh3
+gUe1u3bxmikeTljxqQJAOCV/Eex12RSZxgb4szTqdT+3PvsaIWhUMlhsra22d2GD
+9/WIh55SayJ/wPLO9u9m/f6EsJCkBg2fsYAN9gIN9Q==
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch5.2_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch5.2_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCuao6d7PhUvvtcrgL2MtzgjKc6JmInk2gtxX2ECq7F1qZhpdQL
-bOK4Q2qkr3in3E201bGFZ1fSqGHECCE0B0zVh3Fli9OvRIc/9dUtRYM+Uk0Kbcto
-VY70vCtQbeZpUGhsob7szeKWlpYEjboyuQ2Qhw//8Kt3klGs7zazay0XkwIDAQAB
-AoGAGx/XLhg8RnGtBazKKR+f2gwFtbVibmUuPnAIJRDEPWA0X9s6LsywNZfGbfYb
-/X71Vrok8Wow7kHhcmsRPtYjzI9xiP6hta2/Ry4eRF6mHqKHZTFCzzsSa7MsmPz5
-3q1tlV47VFOWhPKmwGDRwFHv8Q94EArrO8cHpsceJ0KOzIECQQDikVXTQkU4Af/p
-oNYRxL8xs21Hn+GIXkK5vUCIUwBNVlogMuEScYVtPqwytb1Fv5/ZLvpfeXdgM5i3
-PmWXWaafAkEAxRLjgnJcZgQfKJn0aonrBFEUsWw3rwHoH48c6yFiZgcmtJGbokCg
-Z1bd/iD2w6y1nfnzaFJimbenVsqHrkxujQJBAMw8ILa4ZXcwbkVnA7Guvn8J9Dd9
-iyuHdPTEAdkhoQMWFVYzJyqeBJ3OwiFQLJckPu7jZzULZK3mtQJyD9gYK5cCQF16
-Piwr7qP9JIJvtD2suatMglI+EJOUhfQiQAdPyIq4raVMw9PMb8lUrOvT2vipvWP3
-oXtESLy9HkTOwFjurCkCQDH54djMWWfwsw9baAHSmHGeterR+xOYbnvlKM2pZWy2
-KXIWeHV8uYyL1cSKgSOROC+/ZSwhTv/aWg16zwmywxc=
+MIICWwIBAAKBgQDFJ5tNw0HPltTwIVkbd85UgdwFVx9WaYxfWD+ISsZzvalK0Pij
+MxtP2JS105W9AAbRGOjqnkGtBurGzJ+Tp8SgPgViTD8ciHmgoevzlNAbjKifTDs3
+gAZrAOcwbNTCUSd/GuWVpxwV1pgOHy8ot6d1YFaOdKCGmgbVIw8RgwKVcwIDAQAB
+AoGAXA0FBwa+iHUNEN0RJLEIZg6HsvqdiBQZ1T5302POSqXoECWHoXMwMlSWAls6
+05bal/BAd6LSWT4cihtp+l/ffnv3kUIFHbvZJg/AJXwWjMLa3LiRlXrNsooZ5Rov
+CMwP04rQDskjChLv+PC4oNgrveKfcUiqBgg9sMmeIvtjnuECQQDnF2q3+J4liHmj
+3y2/aPl2FvtNOEWsmj5bzGd00LMTh5D7hFS8wf92Qe034bRIwOWpqW7Av2SMyD4c
+Ol+PZARDAkEA2mfC+balVPRdoAT7V6hEFdpBUg+iyUxBD3QGyWGLaY8q3WX5u8Ly
+3JNNyGjTF08fbTWLl+iKKv9Qw5d1DrIvEQJAXMeCCSrAE8GfVLOd4mN7BHZlnrMh
+BhNHRgPi5XuE6ipbgx+2BbK9pfUCEJWFlFAd5OgplylAbWVXym2FQESfkQJAYkRT
+XqWGJ/427duv9tW3pJlp0HFGjgmoMDrFHvCrmFgZMjpCre9d9E62rZg0egVYn3t7
+DmNLX2M2xHot6enT8QJAe09HhlcbFOThQA5vCgK3OVXXSFkcE+i3tTWZqkKCwIlq
+S5WRuIQ2NzRGzBdpLaXaHa0EbDr2k1hd2E3z0bRC2A==
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch5.3_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch5.3_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC2+ONYk+piyTRiQJcUxy5FRVaoBUvanW5/DlSSAJoNx89fZUk1
-GtOd41NiWauUngGL39Z/6tnJ+P/Lo0NOS7rUjPvnTQus08IbVOuaF5XZnTjm6bZ/
-1toaM9Au95NnnB5/Eh9xN6DlrPYYgV68oHWmlhgBbnriQiqQ0TFk8QYx9QIDAQAB
-AoGAWhBKv/gXIEcP3OkUNOsSMJC/5fatbs+dazcfk7puGihnP/q4PUaWMZqLGdcv
-qPjZpAMrL03npA5HwvH7GFgYfuAkZA3pB51lNbJtLXcTqBIum80XIe873F3L1bET
-A3kOgIuAiqquW3tdamH3lFksVTyMpxDepTGWTYnb9lSOOqECQQDhdI9w5/sYlLWM
-ANdFGrMB4oqfbJSwDTjd5pcDQ12j3/aMoLOIdfWFLpXLEzpB/yFJGRQ1E0IDSAab
-5yCuZCEpAkEAz8LkQ94Bj8crFDJdyC3xSaIZgVDevrt02TE73EcNIrFiBmctpfRA
-XUqCIz7VVNz77vtLjXZ3IOpfGYrtAJxn7QJADccWwPqcQKtN0Ol4PlPcXqAegpGb
-IIseT4k4700dmtcj9QIZFpzGzUXEh618IO5bdWEf+AJeRV8QcFSWjbG2yQJBAMPo
-fKJaZ5KSNlb3H2OxnsLWLcK45TFpRke/mzidbw91wH9VL8A7T64oogpmJ3e8YXv6
-TkX4nWDWYBKP4+gdlAkCQQCnNqwL/24l6ZYyJt3PoN/eu4fr5BxGpVx2M0TGzH3q
-lYZ/+U84+cjj+mGNlTRcYLWMfogCFbZrddexCC+9a0bd
+MIICXAIBAAKBgQC+mTiBwl83w9LMfwEZYY2LV3A6LDbByOSmMyq8J+nP18pJkNLg
+8YIOfVCq44zKB2G/0/0e86/sAN3Sq3BqGloAMuwEo6QlsYIdkDz5rpGQ19bCDo0x
+VWLiaxDgEG8zk3gvWLdG9LkaTP2BsmZClUuh/0aenfYyVmOIvINDVLvOoQIDAQAB
+AoGAcb3yUM10EU1VUSBBwanL1Gnb2XtlOgPvH5fNWvfeumAmofxBPGgjmw4Bw9mD
+vVTmapnRplT6mTZzKjORJGCRcCAY9Mxzdn7v4b03MWkxfSOuWOjflKUSlrHK2+gu
+0jmsb0dZlbWlDVRySPahA1lzYkwWE+t9A7GLSZ9Hv1BFqnkCQQDzFm5NepMpYaAf
+XdaVsO8LEk7LwEjB0FJB1MePBrJXdq9XtOSLYm+2ZpPIx2aNH6jdzYK/jW+A73tr
+5hUgTT7bAkEAyLkHgGFLt+hZpGSPMHmkB+QWhwQQsmurox4UUpNxCYje52+3Qthe
+TwJLeFDPNmfGmhSiHBAjcZzgRvTtbdSrMwJBAJectuEWATD/FapakZq9RupF2eVU
+oUxYjOVIO8rl51eLy6LNTPnuRDSkV6oTS8/bHixwoAquwQvO0dCjKSwDYZ8CQEkw
+ttyIHc0Ei1NXW6MIZ9h8wf4fbFsyyZYkDLMDkk8wul7XrJJSRSk4I/7OMJCdDJz4
+cxgahmISGvGks8K9rmMCQDyQSDB/BTykXIE3cZH8i8Sn8Z0SiwlQcxPtebuiynYH
+DmrUQs2BRy7cO8LG4rxTykqjH9JtAReI1Hry7Ny+QrI=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ch5_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ch5_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDTgvq4UIrg3zsidg/Bonv6wwn8SZ+s457xYGaPBOyA/RtcoLE8
-FOB51vlJ0Wkhr8Y3e/DhKZ6lhUXs4CtbeUs5KAqrWjhGSE7ClbD/d1CwMiWVEcZS
-/yfQ5oNaPmpYEWa6hKx609u0dfpB6q2vE1sStMM7RjgTXVOyWTP8dl7p1wIDAQAB
-AoGAG7dyO2zyhf06to1aCznLnVSpnlHXhsRdM6w6REuU4mJIj57PGtxxfgXZrP6w
-FCYAh4zKR/c4PuB0BVJq3BXM8XdZvsKc89ltk39AS/NeVnKX9QtRXvSM6cbJk1vf
-85zGrzg5XnzAv0KR0elTLLk6HChbh/zsIyhUjOb323D8kAECQQD4962oRhKLuC1O
-nYDof+3WzhFys7Xrq1xq3VbEnyu8wHcqWMBL0XGwM2s+sHQynJZ41mXN9YTdUHja
-1BtFWfIBAkEA2XxzumuhXOsYDhZhPFrmVp61e9N4S0rnE+6vA2mnPc6QpoBcgpP6
-aqXqQIZo5B4SR2GORbM7f2zUwOK6py6r1wJAXdgGJjqbfPzkXxCxaXHnNaOhIgop
-VXbXNBTQQvb4ZoJpqJWhjjKZVuBa2VtrwTQS5+NwpkyYU0+k7l8rFF4OAQJBAJhs
-U4NkqWvAzFQbNTyijGpKwvCsrdM/BKKAlqHyqyZzHgfDUJKneUrDS2C7ksnFlZP3
-eEm7KsjMknM4tA41dHMCQQDNFesAJlmM0xR4MmJtDlqg8i3A61sueaAaJA+vk/r+
-35cWi6l9JS3PdlqeCH6D0fgJ/z24z2rXMKe8Ah97LYgq
+MIICXQIBAAKBgQDDjdCrJXW69SDffIrUzUD2w8olEbUw1if65KAR1qoyfcgVnddv
+f66A3ijDrneof/EF6Wu8Y6mmkQQ7eWuW8uCaF3nTBApfRgm1bz6p9DRHYhj0KPfZ
+Cc1PijPfm2mbYc5yxzXtYaBbDMFhAAqsg5pqPG0wlut3jCg//GKK+mCOFwIDAQAB
+AoGAZo17rhViDV66E5nbsMfHVuHMo+4KaIcWxmOZcmFyNjJyeKujLGz4Vcqr9BsN
+04btHl2QS2a0tI5+erYtbycGE73NY7f8GFM99FckrlghBoARycoOo0gjXfO1FLub
+/nCgXktcs+OcS2axSioR/L3m5tg4wpLAFJDTmPveTSg2UqkCQQDzsqH6n6OXFgfN
+/S10ZRobR++BWjgw8t7PqemM8DSgeKiGBHjeZaOPqM7qZ7W432grrqGRefnwiSja
+pHM/pGiFAkEAzW0B/wreIWthQks15Ukv72Ai2E+y5YpzDzyD23nTWc0nbk1AVymI
+ZhyrHdJJRVJfVeR1Yw1XnQkT1/ChjdLs6wJBANn3Rwt753zGFpr2PMajevM1pxGC
+GUomoIUKyzrkyZ1R7iFYNKduLxnZ+aAMvKurHmgbnKUafSPX+fN9LRuaOGUCQFFx
+mWwDZAP97aZ56RlJhe6yv73hAz1MQcfVpzVZvHiLBMoPaKXl+oT5csI1AAWy3cdQ
+91VZEdZZpftkFLkE2hcCQQDzW4qLmaX1u4MTMtXeqtFdK/ohFw3dDK9wuqGVQlWZ
+7bBC1Ojb2QLr63TOSfv2t6GtY77Xp5BQ/rjR8oJIwO4X
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCenqWOKPS9ng1Gua/cgFpySS/IJzxmuhPLVwQMC6Fx4qCXugh5
-jEOKyElcjam5eREXaOrKARtoD5j2huvmP9bIlqC4W5OJnNe8t2KAaHT4vXYzd3wT
-6vNT3DDOgEaTUS5qSb29SKdEC7+i93mxNCdysOceEz7sDn6/AOvjrHdiHwIDAQAB
-AoGAEtM9Tsvpj/+MD9LF3mOVWG77LsQJVR/MbZucLVnMBVoiOR+pFdPhyDzRCB0A
-AbUupBqdku/issz3GHsW0DLPaLsq8HqFFpgQH5ETp79gobi2qK20GBswM++7Yx/g
-sQibJcGREI8IGZR3T0oID1gLgfQSbGgj3WfvXJOia27+3wECQQDQ4C7weqzw2iT5
-nUUmUoGJe7GBvUdNUaL2w7ZsvaD+anBROsjTnCDtEbdEtvcdJ6cbKMOlIS86mEnO
-ns0iyMhBAkEAwmfhP7tJHcgFoeKx2BNKEUZ93eP/ZElQhy9BLSXIFe+KszwfCz0D
-gSB3mgf/RS53aAwlBrGIkWPXPtda0cCSXwJBAIxN6nnSjZSDk86wG6DwTt8A3W1e
-rSR8r9C+Ci3k+t2qtaN6ryelemCEQ+y+UiOdXRxbN4AWWFktrnZCKV0yLYECQQCL
-EksmD3HP1z6IP6bgH3R2BUqXiLoz4Oq1uo1SoduQLau4asL+hChUoIhO7Xek4wfS
-rBV0w14iPB1IPEEhGjTbAkEAjz7iUU2DeHJ9n+JA9WF8q/9SawTBpSD+rJFQOPA0
-nFCS8PIqUUQbOQgcNvqvZgajw+VaJnyK0H1XUEG4hoIvLw==
+MIICXgIBAAKBgQDrBRbaOmYPXNgmgzj6T2APjEIGtkW+Lsps/dinXxRw6QTu8sdA
+sij02ZllsC6i5izfQnISksrBbk0vdkGqIryN9OhAeGG1kqdD7xxVGTGoRSMPttUy
+RDXdeNTxgDlo0azBTRji5U3rqcuVUWzHOlC600rcfSGt7lo2W840HFin0wIDAQAB
+AoGBAN1q/gy72EvA/SPLnXK2NZpwWgRY1XxIOQ5WWjfVrDx0TOGSeYbKUyvbllnn
+kwiGMuBkiXRWOA/lC3MbxuGzuE93omfKCDawQoOCG97uF1nio2Bq3ocS8Kk99Uem
+EMcZ4BVT1dAfB3qwrcfdnZuZKxGHyo7Dy6dkP944OyzHpn4BAkEA+Ka4h7J7YHyz
+yWHppgeC/KXpIO9EvgQLuBfkNlgSYCg323SEKGvJXegW2QnA/UpA/tq32iwIyxKR
+WpwE2Wa3UQJBAPH3O/9YYyhxVJ9lPKPUvCljMyF6hJIae+qrpeLjVu4STi/8t2mH
+35etqHtIc2dBVw6AGn5dJylaV3zg1TqBq+MCQHUDOEmbg5YHeS/m5OZeGJU+mnQG
+RUpKax1qGNo+Hf+kTYz3yw2ek7eedcoTXf+Uhvun/+cq28R862xBicKpJNECQQDu
+ESQN8wf0xbTN84x7YRcU3Y50NRh0q+waE3JuzuE78fTN0CchhNcgZHNtgPZStH4U
+PURT6hFa5ZFIw+nn26ejAkEAweh2Jq7y09O1h47pAJn6rqwggslw/6bohoEDyKon
+MdCHyMiejE0DwlHQ4j/p8TxwMjv6yBS0PKQdh/YoWtQEgw==
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.1_ta4_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.1_ta4_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCxhXeH8Y68eT6MWFBB8+gmB4DigF9Bqyz+FWBe/FBHuhll4E5C
-KBhnYVU/pD/o4BBgfZRy1+clQ2EWKQZ8f+Kmx7fstZ+/mIrn81V/jtkqx6y+8wpO
-kDn9o56xK93P/GHQy7ZSfjTriwFsqc03da4vfGFsoMZTaqYaJM2TcuyUzwIDAQAB
-AoGBAJgneWg/lsPcd8v69e9RiyztSX7Z4Mt8WDf/QnandHfF/nbfZrQ1gZU6S8Mc
-mNqVEfRiLpawjyHVOqWvzCtxwWUcYLSqbFOSDZ79M8CYaj3GibUmlQ9N+wCocNJe
-pZUNj3uOdzTh44ToXoUHY3tzEUSJp989b4fhg2XLFfEtVSRBAkEA1b2i1AJtn3ab
-jdJkMc81z46qVOnzert/PQqJmdkhjR4LndugT3jv0wLiwqc7mY/DBOV4fJZmg5Ej
-UmVx5CncSQJBANSem0fu9kjriDIE1vJPJZ7r/JbvDdStS7AqViGrMWtJx+xE9cX8
-B5+NBA01r1aL4HL6xhZNQEMuhn9MdQjs+FcCQH2FQ1VMI8KM7ecIkiyqKki82IzL
-Y2BFMgDP6mT+HXT5GwtWSjvBot2BiVeUzCxvP7Dlba+Ex6kmF98wkgTTDHkCQEGX
-tJvacoxIbTnRGGakWBzQ/Jmrof6sf58XUH8Oiy5oEo8nLxMnD0r/e/J/T1pJyLJv
-/tA+gMa5AbEf6zMXt/0CQQC19+RZIYsilkJ+4JlbKFOTH211Iiu1nwsdqxPxkaXV
-mtb57cwzv9qW2Nx1Cf6K4G1E1mML1Zs1DBtWdhVPKWXf
+MIICXQIBAAKBgQCt4aO1ZY9vU2FLFXrXxgqjsO4gCxHXnJmtY+SNIm0TexDTc/qo
+ChREPfuIvtEnedhrsbqKNSktmSE7ZSDVPb/m/LYB4rON9Z9zY8pIm5LWNIT7fIce
+9Y5IvZZczuBpq/QX5SIaaIEVQFJ1xbBHFpMji01ZENDjRj6r/QlqafxvnQIDAQAB
+AoGAVD0KWKkZMi/M5NlFKB/Tq7XdxzxVqoU9lljcsttIyLVIU4jOmHY5l04H/Bml
+rmBDTvlNjANxLZwQE3xMycIeo3ZtQapvDQjGMWQjNH3iIx0wMbFHuiwQ5VfBuOR8
+JZUBelH11FgRhERe4q8TQUZZEL1iUMZS4dpEnqkDZfMh7oECQQDfQ8zhKzn1VsbJ
+fEdzxKcPv7SggPC0TLhwWu0W3K0cd9VRm2gp+C57qLseq1nkXDBhL9h2NrWRiYMh
+MV7ZuEqNAkEAx2A98Tkvo2/LZpV4RPTD/e2+9DOgzKgY8rE7QmIfFLnRgWIanMrS
+XqgoCQiRdWiscs1749VHYqOCopSAdN59UQJBAL38+yaNWze8TVL9z+vi52sObo26
+y5oSQ01RArpWtXUpQDy+q0gzqpKORhVWKRubm4vIZEJMUfvz8cNYOOe63K0CQQDA
+u1eFratQicyNUSZfOmGQQdhbBuGFlWXwjcVkSagUCADv2t8w/JvaJyH0gZTjc5lo
+rRz7RHxqbPfmpDl9QGrRAkA956+1yVojJHr03V20V4n4PkH6+4o8UpV2RYbSPpOQ
+NRFQCCzw/XK223UmJ7XOkb2s7045NA2ZRDsXzZpMqHyb
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.2_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.2_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQChz5xmHskH7Ss5il/l8vHT8q0B8YGFYwR/uGU1Bea9PSiXllS8
-rhtGtVz1wKx1Y09SgItMMIGOhZak8Ubndx5/PoAQQcznknOt+/sNOivi1kMO77lU
-Bi73HR2qV0kGPmWOqZ0JDoNVEt45kUSGutRpvriJoXuMYDkw6pX5Az7EUwIDAQAB
-AoGAPOrtZaDXbE2ExW/r9KVHF9U3/xBOA8qoafEg4RpsqPf6bT9ifXpKuI8VBUxZ
-YQRXW6cbSj7Et8RhV42idQfqicGoGkHUYNPLIFqeK5+z0/5s5Dmh1MFU075ykFqn
-3+Gwdxc6lMA+Cl/hy9sQMB3yonudfbAtWv9FU6K+ukz7C/ECQQDWaYTSuTB6cy1n
-wu26IVXo8Hsk+EYruqMHcW2nK13m9vwyityQeDYXfvumjKXQFPYvroeWiaxEHbRP
-i2K3FwmZAkEAwTI3s9yFHLaIQnlST7TZqcchn2IPeGMyhtkP7MJwaRvJXb9NnQxZ
-bdscH+dbIZC5n5QIcAjy/1pYAn5rzTRoywJAeRN8/cG1rm/74+wfckwAx1mFMItC
-lM7/4OQcl5nVnOc74w6nHq3DXeFHGfWybJ5ppuNXjZqQvKZJe+GqDNnlgQJBAJbv
-ZcdWNIS/MmtEn4L4FslmcqUzlkSGs1XYxXFCY1IqzEI6kCdvG3sRIMLoHDF4AR1k
-KMdmpnnLGlEwdYZHOMsCQG8pSKhIDHK11WAdKxsAFYjH+mrXqiYET/Do+7cIRTDh
-QNg3gq1IlrxtXRito3iIwAo5P3KfGOpG/78Q4w3iPEM=
+MIICXQIBAAKBgQDX5QoYAFRb7lreeDWFT9sGDOCHEJd4eNwrq5WGPDXEQhrow5jI
+XaElpZTWi45z5XWCCuegRz3TFoY9VUwuZXUbb5BIpkuE7naBVqA2F5tYDEWmDLMM
+8TQR3xSOmb4ioqViZfCoV1c5uRMci5dt/Va3zhvL/62AxqMNQv68go9KAwIDAQAB
+AoGALnIMuNshSuG9VM0BnptuYB/XEdeE7pr5qr9wHH/JhV4/UcH6lWhnKaU0nu9J
+By/fFsnnyLhq2YWn/XvjNrwG9CnWiLiGL0YK9Ly09IRu79r1DJ8Wr5xINPLindwO
+GCqLSo7KIJY6E79PjGNAzig8OI6EChqjZY6MMLouax2aFVkCQQDzVkEi6lC6UICU
+vacrJmRcb+UE7uCG6ZkqqPVKxLk3KKwVLIo/n4pYzpTUkURL+Za6JewpBcf3XAfh
+/7hXEFQfAkEA4yEyuf+l+StYX151sjMuTPOz/apOBmSF50luce2NEbosPuxURISJ
+T69IUC1ype+bqazDArIatwYahoGrwvXtnQJBAIM9F/BO069Iz7BpAQoCsMoyByC7
+/RiGUHdznKfwpbwcEYNx/DYIQ8NV12s11dHsEODgpxgQ6CJ+3jmDg9ZhFh0CQDCf
+lMp4zkFPZDXWdP/XMRxMN8YgRV/c+UWQVNKS9lZLMtmtokSg0vx6G9L+R8L6Tqq+
+T2kuU8XGyrrs26Z7G4kCQQDtMTiM8b8Qg9p3t9Wj0qUlECTUpeC+okFxFO7zHzSX
+zaPOQNgusuqT79nES2DOYgYDkkjj+leuFBzRnyqNtDSF
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.3_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.3_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCqYaCB+pmKfcs+mSqDWykQgGNsUTVr7fr+CQe88ccBWGMFqR9p
-TDbAkPblArrTLa7uU4BhGNbWYFiPBxTswj2JezOQHJIvkfx3a1L6z5eeImli3iW0
-m1K8UccEnTeLz+w+5WJ2u2L4NBBrKIYKxSDnPuV2n5cxKgQLAhCFyEi8ZQIDAQAB
-AoGBAIBsccVHFLBUvPuEC41TCxLLEyWz2GZvzH3qZJDAVNXov0qm/Wwq7CIdoltf
-wV4n0vEEs4F8bYLMwDOejOEgT6yzTBUEeW++SJjkX7lXKGCHEK2UenfS/oCqPJ2D
-y1/V3Lq63pIO/irj4aV+roxB+gus6XbU4JCvHiENSTWfueJBAkEA3z6cklxln/Qy
-KklsaqFloUSXNeVDJxe9YETUVULh8aNY6e0QByvLhBRkwhkaENAfN+ppms2GxNo/
-Ov2kar42HQJBAMNhZYIc5Di9OSyNpYjOAcgAZsKmjjgXnLuwGx0yQ2/gRekV39w7
-mda8U4MwCCg7200CeS8USLVp5Bix9FamrOkCQF9IlgNSNH3k+FRcKk4IvRvr7q4u
-QE87LrUcK5SIi29bTOPrLuAgrSiem7LMi/eJHQn8nz5XYqI6lKpVAAwfS3ECQFEs
-Odwg3MCl/QcBonCABkVtxUPBpvyu8rMXq2wp4dKtPt5j9CmvqW6Jt7idUAZHOAl6
-qZZhuwOEBvwrkvQdM2ECQElLZwFAT95tY8+F3fq2FlbWjUasr7KocgXPsocCr8Jp
-oEJFD3R6Z87oyNszpI6tHhv2/85iqeGVcBPDjHRYCEM=
+MIICXQIBAAKBgQCzu42UIezdHb3Eq7kEF/KsWNtLk/kXLRb80aXq7ukuTgVDwks1
+Lrq8cPIg11Nk7H+Eys7rTawS8FVqqb4Xqa5jYTc6cpGygrbBfgc5KFogo9ukJDTK
+eMieJtsm2k+2ps8/I9kGvq3TjyNBUUn142ORaKE0uT792iIHhqm9WJOEKwIDAQAB
+AoGAV4oR+wRLCaditletVYEUgT0GElmQCOm9OIYj+blDeXomtkn7t3t7GC0qwTQf
+Ohi2Q0dEYPcDyHWmJL1oCL5sYMoEmISCGadNwP8NPfcPaKS305pwhsTM9f0G7aEz
+7jRGJkJ1AGtbIyyIwhKYdRokCvYk4c8Spro7yiOnehLtlwECQQDb5go+X8fV6V60
+2MxYSEgdKiVtw5Cy9WM0mYNTslXZsmRX/D/t3TAVh1h0jpMdIKHC7qe6NPQDwMB0
+5U0WGclzAkEA0T1oFChvijl+ZoRLq+eAl+JyYC12bP9JPPa+BeV/yf+DV0G99WwL
+/rXXcqeQDQVt9ifmiE6D5T65aF70eZeMaQJBAL9TFmSQt3FR3Bnja2AAe+YMLoaj
+GjnqsUcprg7bYkDIKvA2xHSz90sz+G1pQ2ybYMMXHI4x1oGRaqIKhBiPlSsCQGDR
+jjhNoZcPFXrwWmd33pvpL01rm/HBiq0H61OlJyVb8vVMOU63qTE6CTBHcrNjwMb3
+HYgS9Jr+FCLEVVFyG4kCQQCicDltXxevyE3BNZ7kcyiEstq3UM3xQYY9iyXT8P2J
+EoMWjUnVw/EaH5X1i4G7tp+S4MMBq1YeiNOTpScEnYBQ
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.4_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1.4_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDGt9xqBqMfWphfzQ7xw0C9s55zaBZ4oV7pogwyaFbby5+43YnB
-83u5YQ6e4f+ts0NNw8meml5YSFB7t/ggDlTOTEG4snMKb/EMQDuBSqFC2gFqzQNl
-poP/KUFARTHZ/X/05Ak4n2appNSapYBqnkMRzHpPE4TMfyH5TJPs0Jz2VQIDAQAB
-AoGBAIOu8VQdY9lyKolJlL6m+e776WNmtYVowkGmTdjVhcGPVR+nRxOMqw90fsDQ
-2KKdqVsOBDyi5SQxf4wMpFNxy8XiJV8WtcONs2jukLtsG/85Yy/UK91kwby1NpZE
-8TZMYtoepDQ10rCEIJneN73KSFnZvcNj+utVbsWhtXyUnN4BAkEA7mOQJGat23H8
-ahsBqZR/QJj/N/UtwHouboEhYdutEzGR0mKuqh+sq6mbNfRRJLaugpuP/Z1RaCTV
-UwQH7FJE1QJBANVmConnuwWZBjFg6OcxrjMFUtKOeLBxcmu7BlnsRS4cnwJPiMjw
-KFXtCfJvXOdlF9eOj3I/mTiomsR5Ull2q4ECQQDSZRsFlX3iDOMa/oTkF0SMTbwK
-tiBQHUW3j85XoNtK8lfh1+iSC2yJASMUZnHrNjQk34kg6+S6Rq/kGc2oXB+VAkA0
-rMBzM/ktM42cyLAUyWWXgHvmL3bJDufQgdTag4C8FiKF3n4EI4vBUgZ/ik+jaofN
-FIqCCALZQn0ZfF0AalOBAkAQGoCdKNWoPTI6mB0dKlrGc3unw9USTOFwVoMv7R1V
-oZ+476aIa94U00XTQvmKx5QSxGPlljfx4Hl5xf8BHxT3
+MIICXQIBAAKBgQCuvuJsybsRGhaQclWM9dZk5y1fGCfHHbVuEKSKuQ5x79UFQisS
+2nlRWAgqN+k9R5NPD9IrKbPehAKGonVAWe8me+Uj8tuRYuDXCAJMyAW/8fzTGstZ
++Yagf5nIOgiCul9PYtd0pS0+uBfVyiULWTTQ8KDsOsyK4CId+9Cyz2LbEwIDAQAB
+AoGALk3aheU2sqNtEz2Yuc9yzi4L8cTe1X5j0xSJ5VCAKWTZ15je/RHzT8C5+SXz
+og9TU4HnuRRF21KzsKVf2Ht8SRAwM4Ml7Idy4HbQJvFjYDvOjspkIivHpI3UOn8M
+bvjLSuuEhOoq0ZUDOI4L85zwYY8y7Gz1bBYLp5APRkTZ83ECQQDYgSvrgs6rZ1wH
+cTOmSHJqybw9m4gqjj+1hFkzA3As7aIBpB6ptzKEDXOyxmz4owPKsMfwGp1Jji13
+BcDE1AR/AkEAzp+O5vuZcyvh/ZR2ez6t63WQfxffBKHAndkMRTcLscNZXvfVP/Qt
+4A+519shRKY5xPYw+J3sW5YghWZJOGaPbQJBANFlNS5FyE8c23RTNyoXHZpM3OQU
+/kBybgnIJGFjbOX3O14s9n8csR3oyMLaiOB9AZjTG70McJ2Ihk58YPG9QU8CQCwA
+Bmphwbeo7KMXbnOoUVkG3BJ0fuV5nI8AnYBPzIm6U9nJZPwNf4drUeQJofgAfeTX
+mG4ZEzAdtCc0NPtxu7ECQQCJiPY7V3Oqg3xfOAdL1GWwzeZo8dg22srzlmYWwmM+
+32gArO/ipkoiQp8B8xOTWDGHVjQFINhsmZs0nPvb5cvk
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDA9AdR+QsPEQooUNN6Qx8kcax5NRc8RLL5Z7az7nMn9n176SFm
-M3NUXpj5cofP5G9O2GV2dGVBLUyZ1mmCyco1w9deauzFzabgPtoAtq7mpg/xLRq9
-khrYFK6SkPvpFuI4hSDf3YoRr8I7N5vOmU6J/zLHU+Hgre2mEpadl0CWtQIDAQAB
-AoGBAKkdOM0/2dF6vcxYCwI9ki3+84vIXHUWQUcW/6r0czmzcIgJ7JwGvC5WOv1m
-xGIRdP1F7KfFnHljmp+6rP9UnUS7aQXKpYK8r+1HTHzAla2UD+9ZZHA0OHmSodAv
-x3VYTl5h4sGpDcjMZLCTofnK9SJPqEItt/zAl3qpYEwadUwBAkEA8MwkWnYUzHty
-SeVytyGrxS/RI2Sf6CFdva9pKgb2EQWdzoQ2KQBTn8qPKP9r5QWoe1ZrI0AKZ5u9
-fJ2GcqJX3QJBAM0inGIiM6IaRVmHbv3mlq5mUFgQNTqNBsT5304JLaPdyWtybpvL
-1nnfcMMVRCBSqZZao/jAdAsvjwSGVFmF+LkCQCtGZNolEoPVQ6roI3+p+3bKqylT
-MjHDnVczqRC2g453le7BcAJaXqz++E+D594W8DqKQ2LoZXZNVPaKUNlVN7kCQHQM
-5JPP7Y4DdsBTkkMptI0tbL6lTLe3GOFOyzoGjz9pNY4HyvNwugFwmwaCfWwb170r
-wh/0ILJDUZGpvQZ4eGECQQDlXkvFG5po44D5LXf+RwG5fWSp0xTvf0dU3vDtAD6Q
-9rX3IFoF1h6m+48jas3xvOvrWAL7twwKIsTT0duWGyCG
+MIICXAIBAAKBgQDMJqcWeJr74tra48TvfstcIRyqwVM138zc9eKYC+aOBfTllyiY
+VJUVEckel+3u9ElOLwqiFoMN9UlleG26ohkbdCdkGiILhUfQ4YUlHlz9AHo3nn6D
+Q88XTi/qfclauHB6gix0D3dHEBqkURYInnG1fFRTYJKoDByzsQ+rww5GxQIDAQAB
+AoGAc4/lwXif8rnlvUZ1skSKBSrROW+aFMMNCn89t2f1KKwChvxcBG7MvVKGEIVc
+MImj/VfvovUvVnVlCMV1B9K+dqLXUFRe6wOd8KstqXWoxl9K9dZYTcE7nA69fWOC
+w07MlxkMhJHE/ihO3wEFuCEBso/6fR+6Gava5ags26iD8rkCQQDwBvaIPcPKWgkf
+We2P/6dfyY3Zjpe2pKEEImpseK6Bk0eFza1MQN+x/31klJOZwlKZpA3j7KzuWupd
+vvI5r+ZzAkEA2byDL1QBfeSZuTWh8Or9mkbwAkFcXcbSWu9Q41B81mhYK0F+I2IE
+Lr8r1nzW62qI3m41/JBi1UvbmtD0IJsX5wJAKTmI7i1tizubhX70hl7qaFE9w7fx
+5rSv0v32OVsg3bBmAF0q/oXF5dRzvOqnzyjI9wpuOE9WBDopNqCtCatkcQJAChYt
+jZe6qfZZGLdfVSXNscPvgms8uCtpu0Sy3pTv847J5tcV3NXBk9jPUxRdcHJy/Lrm
+TVjy+yaUecuMQ6ZrqQJBALxFiCUCBFCPHMb8f9qztsKonszK+0lifQaebpdID9Qi
+EG8s3wYxC31p6KAfWomT0oxITb/3zmOt5kUoXCBy+VI=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1_ta4_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1_ta4_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCvvt50KqE0OWrlfZqloUoM4OVPRnHkWlRWBfGrpX4XtqrUTpy3
-Rvzvmkr1OzuwOmfSiW0/922NWR8ruaRVCLZ2xS5x6/lKQ3zbE7KiCPOy8Rtm7+8t
-puYKN4qz+doM/tojDO+2iKJtYi12QlzzLPg/dsPjbvXkPG5IxirNx+jZ3QIDAQAB
-AoGAQEBv49iSBx3WzwAUwektwXeXXlxK10mO+8RAjph6eQD3g5caBIeXgaHPNcjq
-EYvI2VgU8QXsr3idxMaiJdSBoF7QiD5dYMk2Q35rE8F8hTyGI5YB+Dvw1TJwU//z
-etdQswYip33bQ9LfpNAohotXuRuNQa+Zs/CTY2pF7DuKmaECQQDn3ufzMaajMI5p
-kd/MWPjOiI0yLuoDnZH/MhjI3iZqOXlj/hKipYnES5MaiUSLy1QzqTk2ZAKLaYt0
-7OM589izAkEAwgjGajtMB054uFUL9B4z12eDXcmvcfPAPcHt1+x8OAT8f5kyuRVn
-GS/YN39U1rOqsWKqQSqsrBFuykLjyUorLwJBAN7GRWhczdOAdXNsme8FlJcqjy4l
-8ORkYb8kbLeg6JuqeLzfgRwPm9ujGMSoGdmOE2pHLhbZ46/6SeifKHmnlQ0CQH6E
-Eju6JjytYfFvIrgt6UeOaw2AMDFw6exawqaDwAsW1Tytu3ELD4pQs/6bu8mypJ28
-455SIPyg8UhYjQX2omkCQFjbdoDToVP9SByNIdgN/310VcliznPXxrMuG5HzUjV+
-wZ6IKLW7lMexIq2nZNsfe9mUG6jpy++9V0rumNj8uxk=
+MIICXQIBAAKBgQCyjECjNpcy9yBo4vT1dqMTA0weMnxHLxYyFE7fC3pqIlR4z2nJ
+6qfmghdqMRE4fuT57b6iiULf9N/25CO9rUrCuqOpJjlg7gIHdCVssH6fazPh5zcT
+d3umf07odWHUa4kZa+Wl31JccSU31qfiyH/NT8REtRV8YvPSVNKfxZl6rQIDAQAB
+AoGBAKnH4mMRMx+8jS4Put17LcCTnxsL6M+Lv/BpDULdWE96S5cBrFfb8kKoK/nH
+pNdzGutqHp/SJCxwX1QXRsFD+tSuJUcDqmer7fGBR9dpxMzUAprl2c5Y3ulCBfLu
+Qn2W+j1SYll229IMO+dPHuplOSrtlaQPla6OYJF3FZ5z8eBFAkEA7C7Ik8UBeKs4
+eKeU7Eng18dnFmHm/OAK5thVyNl6FZoX4Xykb8K/l/yOV4ikbN3tfthW+O7qtcmI
+cfNKQMhjhwJBAMGHeAr0Mmjn9IT5JY8sFi6A1r+kcvz6pcZzQhBYNX1yu5KJdWer
+Jfcs6VqNeQa+k1YX2P5GynKDGykLC0IP5SsCQQDC7v4XkJNdUBxk4RP2TieokOjR
+vW5Tqmr1CvsKsgykhbFOJ3zkzV0rCYVGU/456JXbip2GClNoRPU776yKeZpDAkBZ
+EhNy3y9wTwmgRdc+jOjsoEm2TGbL/kRcEOIgCakcwriH2hIaE5BWsen4zlIcg4vm
+PPWXGlfE2oienEGjNxOfAkAYgUs7S579o+PcA+OdJx+wfSyK7W+xQNRDcDFkvcXj
+1A0VNfuJMZQ6JHgkkeWTQcYHCI4HWkQIpOh0SAOev0nA
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1_ta5_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch1_ta5_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCfOzFpKESGLgbrCv749KTgq+rJnpqexledyDEg7CDYAncUmNk0
-m81OqyC/qPsv4wn+XJOLQbkv9iKoKbqjXmpzR8zxRc82wZCb7rnQ59PMwZ40AgNn
-eIFBnOY6tWKkAa+xcUrpKewVKtfMBKX3VRHDuG5dD3oYSkzb1jQ3qj3VUwIDAQAB
-AoGAeMyYXLW+3qjWeMRb0RUQbJ4gPhtEJEZGvB3fH6Hj/NxJ6OdYiS/V3uO2sZCK
-F7c/oqgrCw+uZXNusXMO89eyG1anXYNZUZp66d234YbgDvQ9Dkkq9iS4SU8F4frI
-gdx27bTGOZNzQsZ9/xWzZiSmEVnhqfYxNBjgOUXD5xaRipkCQQDOcvwgaPgsoq9l
-CWzwqDCFzyH0rbCaenoTBtQQ2koY/b2TOOF4dILUpH1xPA6x73OTi6Htvi7fOzHk
-fJ832ettAkEAxXL1wVCyR4ck7k+UM7a0XXudJPJSonN5LjHhutHij9iddvVKwoLK
-PXC7FLi8EAnB/hP7O0wy7zG4aavKLD+LvwJAW963bATKS7KpsqCbJgzyatleFvAk
-ItpV8JmdTVKWnsBr2FP7ogrXHaGFYRqEv5H7MLF2gcGcQiKpdTAv+j6zkQJAeH/c
-M4pIAxcbFsVCMP1Dvfl+wdmRTMskHWkb1aPZnOgZ0UuJwIOJYU23HsJPI4qQ9brE
-DEBIpWm2nebVj4OIiQJBALj11iZzj22cr/FLSU2de7v3NaoyjpwH8+zQcQCLjybE
-i+uanwaCToAYyjdMfUv5ylKDTpbfx0Q4xEHTRDckzLY=
+MIICXQIBAAKBgQC8oQMi3Vd+mUtYjASYQfl3JgFvJHLQf4Iz1Y9fpiBsArIsVo1N
+/A2mGSkjL4iMZ0nD6ZCmFw4aYihESWiAql4k4Jc4WEXBRVk44DMAfGVjueqhgdCS
+X/5QG5KFecmRllEKvxzIplJPsD4cCAk7oWqv70B734vjvd5BnBub94WcJQIDAQAB
+AoGBAJRcJ7VSVjDSrTpV1n9S1L1r/RDHoC5xO509SWk3pqSNckoBQV6m8q1DeOGd
+z05vJsuadxTLaWJC9dzPyAv689O/NNvC1duMD94zgiXG9oDZRchwZ1wXsBCyUtpb
+06w2Awey/IXNOyOyLZG+TlRdOf/lK/w/gES73jezcvH3VorBAkEA6QMIkJ6HTZlA
+cJGKdZ5Sip8PkECNJtbCK88VKfHDlTBvFvp5huXRzCI1tr/D+DfvpFai2AwHGiZd
+KVRYaQPk/QJBAM89CmyC1Jpp3vikn4zhRV+JOZHj3wvHxRJw+4cW6HeXMrS3xmr1
+aW7Gi/+eVyw2CIneXkV866rTVswZ/N93kEkCQQDX6B2pk5sfxh81r0Yy0i79j4Fm
+Usn38QseeNXNdd2agbSOAC1XV+BcXF6VJX+6omoFRtnBgvOZwW6VezgoppkpAkAR
+kNf4WKKSsBShOLr5YwLRVT1W+1ylj/pJVOBNFAkCUgOPQ+CComicZiHpuc8jxTS2
+Eu4kr7D+GsnJpQ5FFspZAkBen0kL6QyqrpJMIa30XV7OmGVTwwdhfJmuy//uhMt4
+nOvhP+HJHzd4y3ddTyBP12wZI1ijRwe4kEZddDfdjrbA
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch5.1_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch5.1_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC/znQIiVp4/jO8Qo8ZeQ92zv/a8TJiSjTuVDqBYZoCgQJLd8d8
-71CZaPRATfpBo6SGpJxqRSuZFbrY1Zf1MCXA83yh61BYjiMEsHLquyH8bDc3q4XD
-NoxC3IMSaqGxPov5tkxDjjgVwUAi+H1ZwJz2dYUN7UNM2H+EyN2kfWbEYwIDAQAB
-AoGAe6TTydj5OHvtz9M8Ohh/LoB8EKBhcVkSy/wCBvtq82hEmW+qalA/LdWpdnaN
-95hM6/rbVeonE7UdUMBIB+e0vZLEMRTxdTRQBfOUyN+ThqZy9nBoN10c4/JKljk0
-o1OBKFkxBb1pxYGUXWjEfGolkiKFcZe3uiRF9Npz0WLBRjkCQQDfqS5H8pCJ9/yU
-9Pjb/hybylhtcNJLL/+bISXExB3iNWp91xRHpj1B5nTIUP+ZMR4yiz17njAWEm68
-cNH1ZwCfAkEA24ouD5yeVWt/iEy+gJDFHywSQxnq25d+tgt4DOEtiMa8VpV27xJv
-3sik1+2LFNlC5FJD+zt7cmJdrTZqCTdRvQJATvlpCySeXuk+ucYqXVvD9EqloLc2
-ui/PnJI+yNTLDIX5/UdFtOsBNFTQpa7cIdaTKBu8cPrxVcnaahWYPYPKVwJBANBN
-DWMWsUxPENRcLKyDr+ThxfoQzzvHRByqSR+/T5rlJbHpYs13atmw+mc+JaaEdel4
-/LOVPo3LMyKz7GwOJukCQQC5KIVWx55fieVjr6mR95VWoU+JV6VoLNVrYMphZ2rJ
-jejM/1oYfr6ZT3mDnv+bmnrpFLKz4sr6DQZTJfTGKFzp
+MIICWwIBAAKBgQCddM8lNSbNUi6a/I0LT4Uzg2F68fHBVT3cLiB3jiDe6+Q3tmqk
+yJQJbPg2vXimPyxkwyPTx/ocNqMkUcCsLSBvFb+q2JRfX44KxeCqJAKl+eTMl390
+sfGhqzBscHSkWr1e12lkakKNxdC5IWZamzcl+jTMCCFFyyMQ62Zm0pu8GQIDAQAB
+AoGABTw0AvWwc5Uu7YJGIkEjmaHdpNvUgOwXoXF7LN5x41eOf/e1tgLhQSr5WcCU
++VoSXMtMLqdwfm2moPeC43agpGOH4NBW9JhHGKoaLfiiSqleMiqlqrF/+MK0/0D2
++1TR963duGwGuTFw1fjMU5ARIIssnKsYTGmy5oLXwI1XoTECQQDJ0+dYj6dr8QIq
+cR3U+gBvgrhx5Mpu/EPt+hnuKPBLBTuLzfkJb7hBUKwjMCO9bt1dCYktUXji/ExQ
+xBXNkwQVAkEAx7gHnabbDWEBatCzGcg653Ky4z6iXtd+jiEP5j9zO5+kblXzsNBX
+Ub5E9XubCO+RxZDJaNrm3xF6gElVeRaE9QJASVAeEz9rc3xCayRXz8tYaSk00rpn
+BlXAXyugS7C3SKkH7krNka3xYlhpjwanlOI2qtsR51JW9Szsk9IGkXw72QJAA8zV
+oENPgbapzz1/Wus7a7H8A2TqtAFHsC6i3c+xQp4sA8lw5JliP/Tt3PnoHkhorqit
+nGgl4nKzsQM0NCSgjQJAJxhdwFACB/G2abV/Ghy5jPwl4R/ux7panMX2jrdzEoUK
+jBXQZAn9XtJ6Z2SdoqhGct6jRMPi0Z6Vom5HHkNPvw==
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch5.2_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch5.2_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC5RPdwUo/gxXt+aAFGC+FUGpGCll3ZYKemwi3P9rHmvP61Akkg
-XrcuiAcFToielvVRIrFyI4ghfXDUUcE4Joc80lm0CrQMmfvriagV+v8qQFLis9F5
-YUul84oKGEt2Jp1ox4MDiHc4q9YtlRcgQ8xrxdIdhbfAtLeM98w+zHmNPQIDAQAB
-AoGAdFqq5+ECOVDtYRLikeJOLmrNLe1PnYDFacaTzQMK8XWKpZV85ZZ2hwOpHR0Y
-UjlOchlOxfcovJeyb7W0mpYf4fJI78UqS07nxMgUYLkhOYBtNWObGHMNXkl/nFAm
-TumWQzpmQPF1eamT54WK+y5o8OdaTxm/tccegliejITB2qUCQQDdE8l4C2AVsqrr
-ZIvtsMGD8VqEdWmPgF2aT2ezDuD01JmVadumot90yuNiXQzgCJ0XcSuDa0Ud641P
-2QRxv1fPAkEA1okiFXRLTnjcTngg9ZpfpQvRfHz1N3HyHkqAj7OSs3QNtOQcggk4
-3ABqwxwYUc6++XGkhDAJU5WJDNxJ3VjBMwJBAI1mQ3zpYapfHVzzcWA0poE6lJeV
-9U9YXgX9dakcAhv2AsmC7H9XOy8bOXZHZ52/RKKiup8StCFf8IE6n9IU/RcCQQDR
-77gOzpKy48qSbzOxo7Ncy0fgTleYPkT0J2vPM6anPTX8ggzzoxqlDzNqYp/ZzjtL
-1k1rnaZCyN4oW5lcpXHJAkAJHeWB4XVr9Bk6g2082oFbTHb9q9WB28KJB2WBmW8u
-j/l2FG3e0L/dJ5KGC3nAzgH9dudzAK1wsAK/VOZHVa1h
+MIICXQIBAAKBgQDIdPMvR+kCDvSTucJlrnSikD4sNr2GsUT5rM6sDY/G+rSUYjkl
+YxJ3TksmynutfuIcmhhtEM9tgrYA21fWyla7r71ydhlfGPPOVT7Jn6ClZW0B1Av+
+oI660i0ZX3KTq1Cnkbo95tdfB0phwjp7Ineek3MWubjk1qSflR3zVGkZPwIDAQAB
+AoGBALsFIb4DAUmCWn1Y2h2z3e2tVdQ6XijESu4GY+vx2ypxzPiDi31uKVRWH5dZ
+YnpD3wGAYzmebWhmgxfZjOJAdRmOCM0upjKdpL7N+zReXVCAU6swkU0dcGkliE7X
+CAZuAI3iOBqtQz9Ysu/DgfGIKX8qimAa8DlGDC4THUb1Q3qBAkEA+Rmk69C7hf7T
+6jNRmSPQisIpfKzU/8X49MSmQIxLj7C9xv/kfPl+zmn0LZr06ntAGqCvyaBkegoF
+v42g1NrfqQJBAM4CYOK6pk315b2RPKH2hb/jPEWRNqEYlMGRXKYFnB7x5Fqpv7em
+bD87Kcs2XQLq4zphnUcL7FsbeKTZMrN+4qcCQFLHreHb7OV7qMrUoRJGL6BdI9JV
+0TbqgHA/BYy/0sB+mKKQGUta0kQgO9AIBcoCiWwP6DsV/S39NKnSlBcIYXkCQETO
+VI/FqYAGbipHlQm/beKuQdY2bxmVPTH9nAUzgHZxckS5x3fOVP81gnsF+EDeNPCt
+47r0B4hSf5QHm0CKU6cCQQCEO+tctu6RPuBk8ghRABeS3PgZLuJABabTg2Mt7Np2
+Pw0hyZ5PVERGMXOVPPvYgaidUPhEHmF2SaH2uJ27rCKr
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch5.3_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch5.3_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC61Wbj0M07CNTmap5/IjlHlKl3Wt0majX81eAbQc8N/29mCZaL
-MjbqaGmCWslvIOr/HIMpEdjymfhc1IUyu8Zpytz314nUciyJijYicUi8+uD5AzwU
-fMJIkhCfIdsqOwHyb5YYYbRFVieBqkL92JKETv1dZa1nZ00GSBCIu3evIwIDAQAB
-AoGBAJ78pB6u+0YGQO2GwzNakzWnewJXLyPWc/Sgp6FqQeEegdRpylLPO04D5e0I
-hqtrbq4CvFZBmsTvYxrTujku8ypyYlwS/D72VCOJ8BC3QVblHBc2PDexeBLeKUGX
-Jv9UHXCPiAbqFrieVWGHugOGERE/86kM1gRjFD0+qkj2Y3eRAkEA95svk6eKta62
-8ZHze+RwAjt/kEpWUhfDkAJOvnIOakZh9GEmkZKyAqb/tqHmguniNWX6YA8tM4t4
-IxBZQjuS6QJBAMEqz1w7/j/tSoKN6HHLhNap+w1FNt8pB0gO8tk+FecHdVatuDeZ
-gTLWQsYlO5kdsfkt4JWgbNQvuPWUcALQsisCQEzbr/X+YLEqrYDo1BKWAyq+O0eX
-u5m55Ktz++tjzhOxC0DnUyiGx5jJK8EOGlZysRPwNrrQmzBPz5fawEot4dkCQGz9
-rLaMGy8SwoHbdBYREUjV7BNWxFkyGyurU5cEEvOiH7DioBivAlkez9phU7lXKf5A
-xoFmXUF0E9ZtBK5x9rUCQCzfEUVk5Iac475MpH+iOzYmUrx9xi7iYO0705j9CBUq
-sA7QCX8M2rSJAv3IF86K5gZj6V+MOM14xeD0WQVcz/M=
+MIICXQIBAAKBgQC1duWQlxDVqgIC64f1ljqUMabZG5k2a2ITNs11v125GQIVeegM
+lRKAqJeFYDBvSj3LtLzYpk2gQmQo0wcuCvM1wzUQCPke6QdjS302zGV+vmXLoq2L
+Shzsnvb1FOeTQlwLo35zrhhCMjKgRZYt1ddcdfLjSCM0IIhPfhohjEUwDQIDAQAB
+AoGBAJf5zsNssW2wp2SYq9JTkhXhC5KS2ZtJDed3o1V1AuJtfmBMK7q18rwL9nJ+
+n7HlJKIBaZOsnCCW2dmS+1VlWFAJN9QFnEpunjZvQ0J1SGNfksvEj5sJUyVcuPEl
+TrBUKliwLTu31auUj9nZwEcIqKfBEiw1PH5IcozYOwrXbNhlAkEA6ks2pC5pbHMU
+Z3AD7oyzpH+MUQ/do1Pg7pRFo5RrQlubXkESn7hJycwRfJiSiPxMLyd7zM19ckhz
+K0LQuhSHWwJBAMZGuF6hChb1fo5V7E9OoSb1Ss8/RNgd8Y53bpY5OIHNHq2t5aSb
++1OT86h3kxin/7AA7a98X0QOr3SpRDUCqrcCQBHbZ6+9xdU5NC3qELKm0K5R9lzb
+S7Y+F1+3t1MPZdlp5/6YERZRUnZp8k8/xbNhH2FcrgffBZenQ/fhIM198Q8CQG/y
+OeJjthikXuHqLVPRpzchwy0kIbCLp3iygeObRwYyU6HnzwKTduEHZci2SnzfTYOH
+4qrz462/RNzvPK1ZZh0CQQC3MCNFx6/85xbZB7lkwFXYWLd9yFSMOviGBVHWIJ3v
+FugIEWF4wktkRZtDq1wXBJbaO6vmpfAbgHICDDRTRXue
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ch5_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ch5_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCzpMCbLTo9QSFHw5biYOTdJINKHJFOwDD3wY97h1iazglvnoUN
-z6kz6qpOyOZgHhQlZoDJ6ZwbYErcy2awAzi8QtwO4drV6CUgdek/WCAJkbC22m+q
-JmlQhzs366fnZrHerVd4mM8XWX4QttrKWH1FFIrxD/GvWwAmNq8eDSlHZQIDAQAB
-AoGAaQDdABcgmptOO6dMs4fVXpmwEArAuJpIRRkjqB3Fob7a7x5mQVtnWIxK/gAa
-AIa0WeQfVWYyNCJFv+c4X5uSdiWMn1/VdeLcnoB+IAP60iw/f0DqVcT3hMLdK4WD
-gz+TgPGVUYw1Mu+IjVhcGvZQMma7mMu3rl21Dqg5vndU7qUCQQDbsZG5qWu7Negk
-NsH3gLGZRq1nz1h1SryWN0fSacPTlInV/ZSahAkOANmrb/jFUmb6MT/pMeiGNZEx
-YBgeWXPPAkEA0VTP2PnBUViPMglPWhgpcaL8HNrGr8EUdqjVrT2t75LP/gJ6X8A7
-ZH47S6Skqc7R5NIbVUWeyqn7EOThqh26iwJATZVfyRkzmmFnIaLUzPr9vQtgoZBv
-xLwn7USIcJ45Mbb7Fj7/A7ItIGzccdaRG94Fz8UktM2TOBIivDUbT1x3sQJAX3Y8
-/ycOyQkI7HmgbWa9Z6w7KvF+UGJN8bsXDtUlAC9EmQMKSaZBr5d9dQaVbTb7M025
-105Tlvqjm1W1r7209wJAdrZBQ7qfpESRfpp/RBeaYSXehtWBWlGvd0bOGJfxb9hU
-uB4/bX6/X/n7yBPL+bsE4m4nRhsqvOsVIpVpAvNZcw==
+MIICXQIBAAKBgQDpbG21Gu/6tfZC9n7m8z8RL6fJEBRnyftLxC/EJQ2jPGYPoBqG
+1RlI5lSjpo1qoomppe3nSa4glTkMGUGH4GOvJ5IdVbEQ6rRtWuYheJOU4gbmfcZT
+TtWvggihgmTBV3h+Uhj2OPBejgnq+vx98y2HXamO74d65Zfve/u0lglrFwIDAQAB
+AoGBAIQjqYdYlHmtAJevyu8azJ0CCU29GJAYu3WMvi2ffDToQC6gR+QERqgKG+f4
+pR20nZG4KRFBmJ1BXGYI9hvhXwv36ZTY0hzJ0WpwnBAh/AHq91h1L3hfL4KgHMw6
+9kN9+7JGjxOq95rLzlHS+KVkEQS8HAKLwD9LUoSPINiWAdmhAkEA9VE7gGLEIZ5X
+Zp7tkazr69AXTX63X8TPutnVDL6bNAGWWcPNluSEsJ6Q7VE3SPSL27ToPKXCBIQf
+mL7+zRHsAwJBAPOWmxpJwyOvdpJVDakLyLzZr/DFJ9pdrOlwkdYnHKRd+wbefH+h
+/R2ViuX9P61MGr6I7vXEeLy96xdIeFpaOl0CQGeWx8Ns8Vko3ctNrQ/ory7CjjSB
+H7nnB7jlJxvcmPka+nwpPHVNReK28ofj1a6O5Uf/WlnRvN3fVOBRNpMt0DUCQQDj
+Va+zvRut9lgHAfIZzrGt7sxRPO+Q0NRLmY/B+ga1MDDTnFk9FQWR0rsrIkuHhPuA
+z3OVU6QLIoSB2lTYnlTRAkBl4GdYElu/XS5mVrupO8hDpiPOLfKBTjMpKXCMuTMz
+In4MwPAfaYeAFO2fu2wCzqrs8ii1tZS+8SXWm2piKWxe
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_cs8_ch1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_cs8_ch1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC34eVTi/4u9IIaGhD4HT8PBOQ1ixkgEa+twv9aEgTwTk06s85C
-w8WtKsqHBMLzilwiybnVCLpcnBoG2NvqcGwKjCIKnJvqTQ/ZmNrf2M0mgviud5Nq
-Fj9U68HH/JS7Bdydz668cenwSgnXBhTU22PWsryEn5CgIXVFK/Ms+uiYzQIDAQAB
-AoGAeMwYaAsmX1hXA6iuDyC/ZTF0bcxEJDIaM89PCq+duPPnfjHSxT9w4/Khe5Ng
-MrdpEZ1tzApgyyftXSQnTFqwThxx7ADVb1vXgpDgdtU1bTk1YIFJemJMps7iPRJb
-/lICBsjRpL45W4jViBIcpUTh5XXXvK4Ox7HMDkqaPHcRnI0CQQDZpSEQj/VRyWpL
-lCWnlvCaozqpqb2enaUFJw18+kUsA0HCrd/5qsX/jLTWwVM7xvH20SMf7R0jvxaD
-OM86irHLAkEA2EmYIjnrbKa+BtaAUHOK6oAlwc53TdRy5uO5TLpGMs0x6UnGjxRT
-FiBkUHEp3GlO+0lYS488m+ABzB9R2GysxwJBAJXHMvr/5vZy4wjCGiu8DzaMMHnE
-C29V09O47WpdnS7Nyvqbx/A8Wugjv+uuvYX8wlV11XNKLWyFO4vwk4QZIIMCQDMY
-H6JmQGFoepeu8J0Qzo5bO5AvMCvotkQpI8smbhLuOo476XY/fOlLOadvNE5nakse
-pocjDVRddM89zt3rvl0CQQCTMsJZ3mladfA8IReVSMyGuuKO5+Z9fxy2cDLOYwIs
-1urgZgB1iB+wg2bzNOhKrvaiQINqUue1iaL2skGEH9cu
+MIICWwIBAAKBgQCoidb24TKpvKXCyAAcoQT8k1pcKR03finhf2l5JKsFWoNx2Dy7
+5Ry44F6ovUEGy2n20rlIxJN8rsY4vNea8tuN+V9RxBvSxQ5XbQtzGag05luBgEN3
+Oo5UWZFpqaqfKyQkHgbovPI/w+4zP/Rfdv0kBUiomC8V6xbVJGvqWeYGUQIDAQAB
+AoGAGpKpFwHIuCRrSju4cMseeyhMfe1pkt9MgSZSnewfHtf3k5KReNqV3bxakGZO
+g2C9E1KELin4SxdPX5C+ucqCvS086jIgEi+quRiqz1PmGm2aXQbXAskdMFaUUJ6U
+XVIzQKqROX0MqeTT8gZVy0LnWMeolFo8TvBg6Od+6JEi9GUCQQDZDbS8PHR1e35v
+W27Wz09CrsaOw1ea8PcshJfCkrHmwRs50hFqLJj9dYBm8HZYTUbfh0x54/vbfYEM
+9eI7J7bTAkEAxsebH0DmW1gP+1YVY0q0iueng8VnWBCuK9Hma0S49ACoE0G/W+9f
+u7LGXQuzMTQe4BqZXd/Ytlagj99GOtmfywI/WQZGGu6w1X7RXNsjmvdsiu0kg2mb
+hPFQb/HyTNveG8cYY57FhcbE+TA4egAmihEoAIZ914CqzFutkqNHJvwjAkEAqDDk
+VAF55/gPLb6cwjLHqHByENDKrH0QogssR78SL4MOs5yB6awU+KA/ryLjL9LF/SEE
+e6WXnFCX8qQcrFbPGQJAShAwR9+Jue0Zvbtp5tR4u2sAqFtQUSFKr9Krc8kcpgjs
+bJVeaWMeCmjF4KZnnWB3glVaDTSenOH/Q5L8I4gTWA==
-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ta10_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCybbz/wv/vuEl1a4zUWozelGZVYEYe3A394ZVikVwRHg4sGeLl
+l5Pl3JEorINpjTqGLaHp5hexSeiYSa9duw4SZlOi1xElzxtxwvetUHtn0SpEmSEl
+RF/0LaUVaaISq0E4HMDwnsxJMJE4ah7pcg35qgq5Mt0B8muRcvZOhKv6cwIDAQAB
+AoGAIJr9Fp/DtUKv6c0lhwilBWeI68EUDz+XLvWyHrkBYf9kB5sTY3E3jaGoxQ4B
+VaCBOVPNaripS7R91JZifXZZM6VJdpdKRyOQRt5h4rm+Iqro1Qgpqlhgfo/qXPpE
+TXPxIMmgs3Y+I8M41CxEtrTaLy/2AWLr4fjo3ChBtdxc58ECQQDj6wzkx/l/RkLn
+CZBYQm+RRtobZWVNnqOlQGBpdVh2Tr+gbvguPUCjT0Mq1avaFAVlf/xFKAc9AwDE
+zrm5H1F1AkEAyGmzLD08bsw9FNwiMX32hGNU7DucWbVd3NoV3Rcvrz+qXHsTI73Y
+z66PuugLSJv76tKIaLh3RYIbr71BCsN3RwJAVQlp8iI6kKYiaBlFZejDv6xzzCz0
+sxUxcYKndjF2JA4VqUI+DuKDr2rvYJgAWomFye0KrrLUoIrySnvnB48L0QJAXif6
+u8ARUmS2FcTOc74gQVaBoXLoI+VnscjsGLE5//XDTiusdFBPOlNix4cZNgXCtzIu
+UDTKJGfaJhieJDZtJQJBAMOEN++kynQ7Wc0crjSN1mGxj0ls8n1VNjO1+YH6yqQQ
+7NWOMU6j7DE35eAtSSnPtDH9iqr0RzoklOp/XZsFQGs=
+-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ta11_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDQIbIQBJ+c7YK3Dpg/tieXJHQdiB5CKbw7G5Glkk+AKoEFcS8b
+P0mS0Z6/6Dmob4ENUyAE+jMyt5Y+ZveF1E0y5xE+qi86QD8ol7Pun12yTOFefS7R
+T+z/tDS0ZLlW7StZXODF4ZFmIPJWnW5VaWA4bYrDjda5MDes7eu/7Ua3XwIDAQAB
+AoGBAKejHDqOnsjU/L3YwYQ/gS/ZqrTGmCiOWQ/6qpsDd4kxsu3hNiHqHaZltEm6
+EAa8mONUmqunomktOZRVdvSSBQKPrB3phXGo4ngw9WD/YEIuyOyGZXUZMaJN8YmX
+v0wVshmKr1BKaCrxtXaaD1s2Hg96u7OB56nMmoDih6NGAuMhAkEA+2Tk1m1/FV+v
+uQreykAGJs4eJFWH3HFXrqIYmrqiA++ZcEgni6sY7PpLKdl0aLQmSFkS/Plzb4pd
+1om7hSZemQJBANPx44/6v7563QA7i2amxJYl5bBRv3tOmD4fLTLGV+0rpvQq2BQJ
+mfJFnsK/2fabiP1rlcmP64kxs1JGpWRI2LcCQQDA3KiKsLo8RYpkJajB9NhDUQHi
+0hNG1VV1TjoeCmxdJKXMdC6SghK/S036ry8VXI+6FUvx89XRjo9rFYNdJRCRAkA2
+nLKNbAgyVchSggVWiwxGwDciKr5TUJosD65+0drgMwpPCicpapvvcH8LIZJRWByB
+aFJtYJdJf7P8NFXztE2bAkEAqNQ9zutNLQi5PHKLZfEDz+AA+Fa7HXQeY2n+2gsv
+BB7f9KMyVxLbM822/45na7s2RO+JjK9jvPEPz2/zfuUvsA==
+-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs1_ta2_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ta2_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDRSnA5yCJy7VmmRfmay3VtlRfR1fxMmHdbKxiUmAyUctVSdmXt
-x4SpXTf7G1TzCuUf/n+bsjB6GkvBnEaEDZv5WcGDzp2V7PI0jyunB/s8WGRPiQ2s
-45ID3VAFFWV3f7oG3Pl76RGaFlWhzm7H2fXKVPPaQAjdRfUnCZV+Ubr3uwIDAQAB
-AoGAWkumXZeWHUV/3zfjd8B+Glgv3a1X2+gP3rqaMUnka4ubs6c3VL424yc/xsvE
-+9Lghcw0XAUl2xhLRO3akpCYkNU9Z5apligufEvUyUvGPmoB1suuv4myNj6eAcZv
-oj3ERa7y+fUZqQAWrAt57KLoPNVLv/li/hUrqiDNt0xsI9kCQQDsSOCDbPgouwwt
-0LL8v6M6THCIxVtDvXsx16RflY733edWgOhiotykEyt5fTuokOCnhUfSUEMeSQcQ
-Mibi9IbnAkEA4sD2VfZmrzasbdcEqW1knt109zuRpAPw2I55kXvq+w62Y5SJIWmI
-eVoQi8+H7hjxjwFjXXFDEE5zP357+3EyDQJBAKER0NJmfwgs8dFtegXnkRqVrwTd
-HCiiSw+gA3IRHqODBkcmmsNaZ/QFCVbI8tkm4a3wohQRGJ/VglYdCfseW7MCQQDc
-qSsPPFlw6KOjwDqpJetlLd1FOpLgKXWXSA7FpPFmn0qeXU2VVj2Y2ix/4dVFvsBT
-ieZIaI/6rl04zL2aUu2BAkBS3nVnsuTmyPKys5S5gQPcMAyJD+3Lqm4zmU09Ydt0
-9Iaqp18iDhnfRyM4fEckWUIYx7M15Swx3fXql/Er9MR0
+MIICXQIBAAKBgQDnOghd1z3IUEOtkodAWFlc+jS6yb1b158XuE/SFf2G2fA6B0gU
+88CknuPuAEW6qt46XFPWDd1GiNO2E6ru+MA++usKbUoN9zkh/13c1xNbKunkwB4x
+K1sAzrBVRHKXZgarQXEFSoNrO8+nzl1hQzu7YBnEM6wjcmad6XK+vWytKwIDAQAB
+AoGAREGbSqhJMqKO9+PzTQlHh+zMN/9piH0EF6pu1aNsLayT/2062ASEb5P/0Lf/
+3XSnGS88CEobccDeTjdMFDMV/HHLp7Uu2OnCOeuogs9yhTiogEYuW8dz7MvxSdES
+4pSIWMNBZLIjTyoaom1CxaECwgXVaChfmhvD9Y5zJ3wPgFECQQD1lqNMkGliyyXx
+eAXtsqjxsEw5g+8tzwMVDf/wddkQ48d6pDXV3rzyzaBLfj7NIgfqTi4BPU0/P3AI
+EmHBYORHAkEA8QeHAfBEKIPZaZ8JziCPxsQGKbofZxGBf4qY1ilQ2lMQ7oyNkB1E
+ODR96zxBMMhHmxDtHMLOHBnL8/Ib8WTV/QJAR+ZhSsIgyHa3VhmQisW6pn+54UDa
+Hmwz988QdmLaORKmzSYUSNgcM222F0QPuNjUvmlDGMPMwM6eyw4upoHqcwJBAOUH
+ZBBBgGKHNtYYWzbU1gnnRnvr8d78UXMh/ayywbNTbyldwT6JsMM/jc8zCDcUeIYu
+hUDpEvS8xoJdMpQkXvkCQQCalOILTCDd10+NPQwa9q5o6EcfsULyvzd5CfaO/rIO
+aF8cGnI++bXAQipz025/mU7Dye/xsJYolWV0++rCFQW+
-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ta6_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDh8GYk2/pfALbE9mPwUX1J+ZJx4bOM5/zp5E95dlJRBmXBX9RR
+JjBGyXCYWsWpnmpnJCV6aFtjr5DnsftC+RWc1EHGkP3D09fP/gDGOctsrpzLdMS2
+H74bWJ/JijNm7DII/Nkj4Sni8z49U6d452lJKzlyi3QzRrH3OyZPjQZk5wIDAQAB
+AoGAOjw4V6/LbMlGUqYfREX8wSBuuqOuH9d7vN14DpqMxQ2dFKaalv/82YH6X4ql
+//4w9ry+XDqhs6QA+XdKiAyjoPiam1mG8rsVGIVTLd+Nfih843GfECo2fUMos0+P
+bCgRI4l5p4EaLYEEH5HrxvjLVqjoVbZtriUxJO7eJjtTdKECQQD4JPyXgJERB4Or
+p0bPL9/uQppOB0vwR+QtgreY6Od3/VNLvQBMxoQ1IomR0ezWH5qu2CvXj2CHiMzx
++hK5PvItAkEA6Rd0f2zjMjySe8IE+4AAkSS5z/Q/ytovv2wFY+H+GQNe54dsGbpC
+oIAzsiS0MIhulpVPNVPfAlbHt4QPVu+j4wJBAN7/3kAIulWjeyD34xqu238zO5iD
+1irJcLW1k2lHZTzf28tkvrBAdu+Jajgxf7WuEUSv4DaIEye6OPP82HbBqsECQQC3
+DLdtVoq5qf3zeLPG+of3dBsEJ7FtUZmLv34gKZsN86q1MpF/RtoKB4QRk2d6cbo/
+QXRZ0crhoFrpUKlnQXy3AkEA8qxGlRED2Ngr0rZk7KPgwpGc7jDe1vylwLkVfQ7C
+5MZBpxTL0HA9fnrsHiPg2WVOokJ52zBNNS4nKkspwcH0Rg==
+-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ta7_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDBjrgKvRdAwI2zb8PKl8qwtpUBnNig85+vLsg/C1Tz8MauQdC1
+c01us5P5WJmGtGYhLZ94rUfrgXhdIS4ZOHpzZF7Jj1wc9ZK5Xy/z3uejjIrL0bIA
+7XwkqBDSLOsyfEgj/sKdQbUH11Kq6SDTKmNgxBpgJwUork+I/bqO/wLHRwIDAQAB
+AoGAUINKYQUo8AFosBQ0kEg1wu4f60zP+5t7eAZwu3C+RL6KFqA/7cppkjvWuKi3
+LAZMWU6+ABesS/VOGQcdQtZwcGb64AlP2pwxEOU0bvmXgjVBIEw/WmEGKq56N1CB
+LQQXvJTSFYs9WV5YNBcZv8CEGPOSFGHhIx4JoQy9hY42UJkCQQD6hdKxmhD5zeBf
+lpYtjg7/ym3w4hvj2XApX+371VemphYfZCeEzPWZEO0qlJmQeVD5xXZMLm7Yb+SG
+HFAupFgzAkEAxcoPpYSh4KIB36YZHLpkE8SRjTzz0w+hb2KVkOTlbLju2YzFfXkr
+tErnBeP0UGon6KdrsOxVfn7XnW3clvSQnQJAEIV2yaOhbvf2zhb+PG7b6l6NNY+T
+y0jxrqjW5v7A0wqs9tECEi36HGgTW/WE0xRNFMvC6288fCWU6os/dnP8JQJAPixj
+OLt1i0BB6IS01iP9O32J52TmnE0IiRPrQg3B1KhZZIdsuSFyzIzTDDX44aJNA0RF
+hOr1gPrsWi9jrQwZvQJACGfFgsRY+W0mUhyBa4znyanuYbFZee0BfvBHe35IHa28
+KvIl4c6hO0HQ46z2ikPwJyTKRfcxt7WLa4kkGQQojQ==
+-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ta8_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDnp90up4nDzNqii707urxmas1lAGBwVYzwt4nD/JdCXMss9Qoc
+Vcd5t7koMPSapOAx5VLf9ECFSY78CKUFRO23bgALpy2hLEeVGNxe0MQkPUyny3aR
++wCJKj9/q/Fet8skbkIZTdinEoPBjLb7AvCcH1HDxUntp24JuxEvpT8A1QIDAQAB
+AoGAU3u5SBD0ou12dVGqtpXLQ5WFw7ppBtKt4ioiqdCjqjTKu77rD98R7hl5zrQl
+0n1Mlm6weSkK/33M26M55TY7/Ek8rKGbeuyRkipuhvmtffo1cD4PuCNzfHaTF5Zq
+c12YEMrHhQVu125xiVO9HxWNZ9BeL3Ohyw0gmB0r7TmSYAECQQD6zBg9CSwzPQnu
+XfE4V5FM/Ywyme1BBIGe1yjszS4ShADVSUltWnO+a7P5xqgQDUzM0ynEC1Y20vLi
+FfYi2JTVAkEA7HYdW/aqmsc5arKdSR6Zv7vtqoItau1w24OWOe1jsp3C/VFZQ6Ez
+o8XwE9rwse8nMrE+himvqpPg6hA/lbK8AQJAUmAzHekjYXkNCARHNPBeQ2GMaRpx
++UcXpCqbwJvsJBzDgUrfGVH6bnNF3CbKEOutbCF3uHLY0I0dRfFctTlaOQJABXHO
+yUBLu1ac/tTwBC/9MEn+de+bZhvjflpwShMqOYGibLzDxmfezYWQOpTO9/neuC8W
+lnY9Qjs3cYxAOo0sAQJBANGpCsweW3ExlJJGiV3J9M8RIh6cS2uGd3CE93pus5YX
+7bNV7W4OWpzebjnm5hiDRj4C+5Q+b5ZehzEuOb0zcWE=
+-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs1_ta9_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCmUeECBIQWmqkXY1H28rnUVFONcYsvmPgOqPtB9HrTdJ01W1jj
+yEYThmePqp2wwJ4NF0r0SHZDPs40ttOQbXdCrdxQqheCpA4XZ9e3ohHOI5CyJBwT
+TfH7M+bx51QJrq3LJ+iuC/zZFM3Fk9uVHxPLFsCnRqNmU44k3yaF8XInAwIDAQAB
+AoGAKam/JMM+1268xugRYzwggujw2TDFPhIiqYF5F2eH0SqYKwKL/NtxenijvqBt
+yhYmQX9BPnpcbbHw89GMo9RYGEuHAiKj1fPzIi/RqcX7wbshlfUg81ympTyH58lU
+I6wBvFgR2On+nGQ2OgANhsg/YLqZjk6scY/ZcHcnP3Ec4akCQQDVZYXdk0GAWtYf
+svJyj0r4O8MDP+M2CXeegxW9qULDKnl+qwRvjFWprUXd+yuLUF3L0OhWzEKUB95c
+GtgmC0HPAkEAx4ZQJSqo9wXyGSmYVA2MnugS544aZLDktpoq5CLs90+a7D5ZUniN
+uoUW/sC6kuc67P8La3xhmnVh9oVIthSYjQJBAJLfvGJD/xpL6wKIVMy6iVwPLern
+pwfDPlyQVn9ipzvS2SpwpK3uBeuyAduGC3NojhZBJBjRn6VpQQddxpVwvAsCQQCc
+pLovM7rLlQNo9dr9wlVwPEr7N/lIrAgjxA2AZlscHodGifyeXr8GfI59GtpfkuIU
+Rne0v0Xxec6bODDJoonRAkEArSCKAs5Q8BhzOSczjK0VrXrjOj3iTgnCxsTs0aNi
+1Agm/bwby4V993eNI0xOC/FoPnIbyYWzk++vxrZzBDCEPw==
+-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs2_ch1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs2_ch1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDUkIM0CT4ELmJA80SZmnsHvnnzxvYoClHf2qr+uNGbHLVzajG6
-0p8iRLc72PaAlsBM5G9IkGmBbISUaDN0YpoEsB6TLE2IzZpyzulTPRU+cyzJ8O2H
-pevPZjxAPKB2rMhpILj1qP0XejzrYsmizFZr2LcM/+35sROvwGmqjQ9Q8QIDAQAB
-AoGALkBTjBsGt3owPtmv74xBgOndN0Hvhb7ZGdBGrK4iTZHtmXNd5ry1i4tQI2GO
-IWSr6w85d5yUmGi4YGJb79MUl9ME3fIl/9HWhWzW9pkzk4rg5zmGcRGOt2HH1Pu/
-cPZOjNXMIqXZcnT+4U8eOi1TRXid53JKaLPj5IpQ/1YT6FECQQDr3gTtFVEaTxUW
-DuMLL68A9sHA8krQuCg8WyILc/7oM9N4UG3nKWuB0h2+4Ir18YBlLEdF3HiAPG+D
-h9GDKmJfAkEA5rVM2K1Nmui2oieSTSUrg/CgYSQM76Gl3LLSumTA6P8X139t8SW+
-hm6RWz901qfLtrHoQ3pdPrB3WQD7vTcurwJAez2Hb2U6+jcl+l+O7DJfC27jL/Cp
-fMMsatTnRfq2zxb9QJktw6HVxYBHAIwMr5MfFj37g5o98CsjzSLzKsjDmwJAHDU8
-oR2HaJJdijQGalJKIMayBU6QGliMXBCtPUcGYzaVZq7Y9WwlAHDSavK2SWyYtszH
-1kBG2FxhK0u4e+kcVwJBAMoEQPEmQDmX8GiWoqV9k66U5zShtrZxyT75OKMKwXJl
-cIWMQm32gEbzVkYPz9R5xNEus4XjRINLiaxhMIDeByQ=
+MIICXQIBAAKBgQDFtvgzx83pbdmqd2AjhnFW3CKjzzbXs1n3Xa6C7T8XEmIJPj7s
++qaS3wXOmqJtk7l+FvnFs4MdmpZqGzXf9riCVUVbQwpxZk+83wATJSLfeXa2mEIl
+sqFcR3J7lp9lPzcClykWnHUie10xU4AK68xzE9qOYfXK96/8U825EZU8PwIDAQAB
+AoGBAKhpgmIY/7ymZZJevPWFv2VNffQqvXxeuXOLyOqdS/BLKFbXPqJ9nwXcEwY5
+kcHk40wUJg3RKw48b4NSSkHL1r0rpmHCGYBtBvippTLAiRqdxwk/WxsMisy1Bx/9
+m3AFdyDpG8ljB8Tc0HLQ4Ry1TZDuwG3At77AW/6u90hDdGeBAkEA/3IJ9Ao5sjYJ
+IXn/f5Oxwizoajt8u0F+IV7+Y1TEv+cPKneEVTtK9gqLuP9i2ksSilydlPqpb1pS
++Dj5RfixGwJBAMYk2O/uOsFY2b61ICrTEj4kIfFmSpKt5QvwBtPHvVQ1lJ//MGdI
+661vC0sFZnFuRXqqDdnxX++rJWHKWh+2d60CQQCz4FTb8Rthv6U8WpEtAA7LYh4j
+OFKD9gFgdGkD/1wwmf9W8yRPdFo72X88PTIZ74VVwxQAJWaMj/ke69e0iwQDAkBI
+u9PqVv+4Y54idChnr+09ZFQVYeAz8aNne2d2LBbip3x0Mt+YulrQ4jc6BbRyJPFa
+Mrw86W628pMZT4c/puJNAkB8TFaqmEoERQp0l8fcTtFePcfbwDC0ltLVk2FsPO5S
+9VwKivuPZrFSkCSopBLT73TdbQCsfAmc7uNVJTEMiGAB
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs2_ch1_ta4_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs2_ch1_ta4_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC51vvTYOm843DJbRsmlK70draq2O8athc89Zw1iyhVwTZTWhpn
-Zu40Trf1aIyKHK+0UsJbItLWDK3TQImm9dC5EhpVhUWUxj6sslGKdQXVYMjA+fvY
-Cwt8reG0ePT7hDS7GmZu5qaQTUCIMhPDy3asAuu7BCSbxfizvtFE6h/5UQIDAQAB
-AoGAN5fFS42BPp03PzphVeBCmiTtLhypIm94cibzLN1NGqIq8zJQFcCn34Pw6fv1
-ltdQBHyBYawAMEIoubpjs0tzvXaPaJwabvBtK25KtUdD2mLx1ZTIHkVBF/8rCHuR
-W3rTF0Et8Mfym3hIM04QV3cpu2FVhRLDI3/q7UwcUFFUqsUCQQDpNehc8iVqR5Ea
-mjBjD3tesWRNGdvoQhBViHQYvO8nN4p4Q5GpvMc8xQdlNlhvRKJ8I5aIGi3eQrHh
-htSHvnmrAkEAzAAHT/TAbKo2MteY7mQRjXSMoQEF2JmkIADhVSk2woUOawrZ7DXa
-8SyFdV5b8frfosrTvm/2zaenYsK1rJN08wJBAMxv2GmaUFhRso86eY5tZP4GzeGU
-+KUrPLxuaS/CeHfNhZKV0RyWA6ZvJmOAd5fa+AGRBQX8xRbhKqSEmM0Cmg8CQEEF
-rU796yt3oWjZMWSivrmAsaZL5iog5qBQx4HWbh7YPD1AKy/QBqYik7NSTSo21XtU
-/OLRWzA3xPGEsFV+dqMCQFyUdlbyHTX1z/V/2MZUbNaUgeLoWWqtZsWgweLOti/r
-GWXjVHnvqAKhOhZukQGT39NBh/4XZNEttWV4wlZDwus=
+MIICXAIBAAKBgQC/rJ0XBvsPBiuP4XACKIED9R/0SkGHxUzhTFudiS+i1F4aS7aT
+xxBB2eng1UNknzkdyCqTUiMIknijXzuYUOhyOnMST5lLTQ7oXZLzC1149ltLyDYj
+48qriqpSM9EeYdE+kV3uOLzEDu5U+aoAo1FVlXrAew6y2FWd+K4fMqeH6wIDAQAB
+AoGAC0WNX2NLtFB6k1WAjr/vBlqN7IHJZMCXitBAuvzsTjkK56T4MayNKjI0bMJd
+2jb61uOEjXFRGhny+jiJeqWXZbYijxJd22+nW/5vgDV3zVBIloshwVS1Z2cEe21d
+6+o9Uum83S7Ogfqo2ecE9Aa8MlTtF+uu/dbK3qZsBYWMq7ECQQDwQYaMjRjTA28U
+WgLR5qbaZeGdmNeiZDMnMIPvA5bdbt4Uw1nVj63+oLJb8VPWU5u9t73LHY6j2RyR
+C1Gk/evHAkEAzDwX/Sx+Ga0spVIBCC0rpMy1PqehHXtz+gBaKzTM/IfDhYT/OElU
+sNzPIQ1c+q0mCkhVqpFBlDkwJfbEak/avQJAdjG2MJUFXmH1Fo0FkB+pfA3dBXv4
+sVIb/C6Y6U/Zu0vcg1hrbG3HylliBWtetDTjjFzFSRRcZOzdadmoq8OjZwJBAL7m
+ZN3m2q+RaSvWLNTBtAvEtJ0t/rEaFdvWvHGqVvisxhtlp1GraZgvrQQOA5zkf6wY
+1MosIAo2MkUqFYnxvlkCQA0ouzbLD+HVZDpREo+vwijUfyOJ03aV5U8mbL60GnnN
+qT8pTnPDSvYbVm6ds7Rz2MqIB9pQ44hlrL8fnySZfCE=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs2_ch5_ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs2_ch5_ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDeH6hQfmz8GApK756e7xoch1SMLwlVtZ0rrr7uyjC/7ZfCjk5q
-KebQmBpXchlts60s0PDaxPLhgSe1ajVMMNPVVOe1OwQEY7UFClA1RBkUf6n/4STk
-Y++B9J5CShSytO+uNpSjrSM/Zy5pYSg6Lxuf2PPjdvBsiJVBM3FR8ZCPHQIDAQAB
-AoGARlWf5l0iBXFXUQMvJwRvMDlp/DmoqwsnCX3714EOjredJm4JRnSeMc74CFiI
-1MPgQiCnI57Zia5r9HX9CnMrn/pr5T/g+/D7Nj8GbtdDcqJj0vAYDlC7SN9TMRoW
-QKc/6plOAeT1awbAxQ/1kZG5ZZhIb57NYmTyW4s7lLsX9cECQQD4tnMAUp5S+x5M
-U8dLgvDe2zZoL+OS0oYTjJASLxMHFIwRlq6P5cpAQLGtsMLfO4N5HqjUWbIuAqAW
-k2f7g2c3AkEA5KHEv6YzHg9G78Qz+Fxh7YIjbcSqQbKs/obvC2VkfxH7WDRLuhDZ
-qjy4e0eufPCZsGM+fk7eDPHCf9ztbn4+SwJAX+g7QIybcPRVIqnL2FqN9+IggNy2
-rQ9xlGhHxjtQ4xIRUVcByYubClvoKEpZWyvf7vzbrcdI5mUsxofhOSPa0QJAFf/C
-0LYLQR8zMirs3T72ZUYaZpt/zmaE4tDU+4G8E8YFK02M49BvQUQqdCJHldoIz8Ic
-50Zrc09n6am2ZuVa1QJBAKFQaEbBpLQ8rTmD8IYqMz+3PGTzrSlFNkx3fOXF5EMd
-qTWp0wPV79ZghiZaYozwuJO7fxUSZeD7bCjDCE8/LjI=
+MIICXgIBAAKBgQDNyavuoYkBYIkAfJMf/kxUdVhSgbDLvkynpyMYhg6f4UGZ3f/n
+82YdQd2qnvcjLcQOJBbiTVSLOHJVtBEm+fwE/t6bgwIBmDaOQULyC6cHAPkOZpag
+5PMyBiadQfuRv36owMdi4cnON94Htd9Vh5qlO9TFtiRLKuSIUIXp2RMSRwIDAQAB
+AoGBAJU9NFsS+vDsuW6I6YnCOkjl8O+k7jpT//N12pXmYqTAD3su7G+irON66O7b
+6g6xGgXHVnE386Ajh4dv1yCVGpaXyi6O6EJZBbyzRi6UDrIHadcq/E/SLGyFmkAT
+wa6jpHA+RPLSf7q9FFCfzYsgraSmlRNl1ZHCKgaySVe7Ex6BAkEA7QK1jnRPuepU
+nFTsvu/qkbkQkdZDImO9R8lr1IUrwBaQRBQs/04TIrIGp5y1lo9EZ229eIH76ZDZ
+P0+ZYt4+/wJBAN5Gjk22wNBWBNpjsMmQFNxgiEwt4wv2qh8m01QzuYVxuhrFTXVH
+Tf66FeOnWrR0iH5BZ1NYq5ltJUi2XjoUdLkCQQDhRYjxjKXWrN6c9K9NUFYhCcix
+BPksb6aR2+XMyoLqAcg/nPmj9D6F5LYki/Og1i2LLShAqTOaLZ3/6hV9foZbAkEA
+mDR+S28CV2cfyaAMNenorwOXMXsWh2GwGsbOXVFSD7PRuXUz1kQuf2hThuFZdkp6
+EOKea29Dijs4FbNzkJfjWQJAOrDi5DycnrN+YB5LE/u19fCOdPJIJZ2igpBZeBoM
+LwiKycV71vjX3g9j6ODBmIspSnBREkORaIj1CKpL6iBT0w==
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs3_ch1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs3_ch1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC7x/3LH9UrAH/cAP5FXH0no4sY2j/SNgxXK8RIvpcB8XHOuYDm
-D9I7Ni0lV0Ee53suXNKsF/yuRRF/vNAyoOMJASknet3S/BOa6tjRbL5zswWo/DkF
-982w+fK4pFz5wyMrBU7+2iJCgHA2Zrn0agCu65Bg7uj8QG88OLVBW7067QIDAQAB
-AoGARuDREfec/ZM9r6wMTeAAOZMIcMQIbO8Lr2eMuix+UTRyUaZBWhVEtCbZ2Yta
-wDB9lV1iA6U2Mg1N8poxN7r0lo50SrWFnODp6fQBk1ddL8Dao+KPB7zWBU1Crlmo
-8Zmacjt9kVQuuOjo/0en7WgeAEZ2Co/hjyqLvHoSTVpXWGECQQDtq7ik/nCgRRAo
-p3AQIn+pjuqb77ORVGGQp7keGvHpxih9zWnamhLgu5ifa94v8MceyujxCp1feg4g
-3DOY+gDVAkEAykNP36DU3QkJA/7yWZzndnGXte8+A6+hRz7PqvEO8/2QXyCASuxH
-g0na/D9pVo8G5LnI28neeAgTrKq6UlCduQJAI615hFslsQltCY1JB0MGgv+PPGVZ
-QWG3W62x3lERK5Sxk2D4mPY0C0Rd/uCEdBHi8j5nhXegdCqwYEJuBHLTGQJBAJCB
-AsG8gBfi6qQGM1M+vEds5HzBDkdH5Sunfmqcipha4hh0efQNVxI/Y8qv6yxCRySG
-bzBHyz9qVdQYrcE9g1ECQBiK+8qoayAioh7YR14BfZ/VWI5foKipCJpsqdjeO9Dy
-PhgK/hmPhtzlkPCNcWhtp2S7NTP0Hys7wLPxmeqgdDo=
+MIICXgIBAAKBgQC3YHsIRwoFwWyAmoTi3sYRZd+mxzC7N+munjed+fM6GDjuvuD7
+a4T7kyxbHp96eNomKMf7bp8uj/laHOgL4PFcRfagDlgBToYgvf99DEFLslBceIk8
+SoPPWZ/kFyfe6qr/yBn1t8NnvV54eY5GMxrvNkD48n68ylSFV1bl57hSTQIDAQAB
+AoGAAV79TICLeKOLliKRn8ienn6uf2a53Ix8eMvCCrJVuTd5JX/T2s1g/yiIil3e
+P2Ir72EarayUEBsPeDcDHSOfalfwRdkUDD5pZWO0ll5VdiYuQF0C/FaQFbbY8jb8
+DXFtrL48doq7DeylZTzpHDeKUlMpckItVsSBPnL52Q4YIRkCQQD0Bjd6bs4jIQkZ
+Mtvvm78dZy696+yngy34363ewCQDZPSEPN7pMQf3Dxdag5e6jum5eHLb8Lk29ewQ
+9CF3N3dvAkEAwGBS+VILOSqulBfSySTGPO4ecMRP32K0vnJVmnxnlTAC89I7zLFg
++d2LzVuYMCrqlwZ5vv5ekDqS5AKe2nbUAwJBAMicy8M1kPZEVGyI6VME4YtUppKw
+gC/+oi62BQTZRUIdHwAP4tom2vt7RqG9CWHv16oIobS7JClQ56/QZCrUSLUCQQCG
+JaU2fmOdJYo/cq1l3eLusg1ADWS1HRt0gj33UDDa83PbmgphHn/FPRwzw19Il2Sm
+k7lp2e8PHAk6PimPpbUJAkEAonNbmJmyGdLyxj6gKb9vt37vMXmU0B/tQjHXGmT2
+OmBb/wT01cYRsOWqaPpb4d7yQWmSgZhXROZRzXwPQXBcCA==
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs3_ch1_ta4_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs3_ch1_ta4_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCqfwExXLnStY1cHH/pZvNrL2jLPIpLKF7m+0UaddkOy6NBGQUF
-3ZgdUfl4Nyp/+iYGJzhtjYVasY0IauKsQy9E9wKTyYnJgwnRBAYKLcco+nfJJHpq
-RKzG3aKgeEIN1MBfobW24FrwX1SD/l0mopM9lPjrixwRRejnCHf07M2U0QIDAQAB
-AoGAOn91E1CzWT59j/sfUB/IqSANHp5Y/MyPM0VHQnrozJDGJNHGzWpohLbZl4um
-A176qOXQEJacCLAeqaKyv1QV5U5CmOsx7NjmkiwoP1ItCTLqpH8fSKzFSc8aItrA
-L/utLlAhDdHEcMgjVhKEhIhD5OwSDyovdFzCIpRqz2zpzqECQQDXzzdPePCLz1YV
-/1nfdcs0/UIfUk4uaEK9eqAtqMhwmnM46TgmhmBl40KyKNpjP1A2bERYV42bzR9B
-Zz95F2jVAkEAyj92GFnwFyKschXzSiWcKTY5lT75CzO0mRBpheEUEtL/CvjUCOJD
-diadD7LLYnToM3U7VdlGKTnpie99U+k6DQJBAIUFiQZHeZ3z8xAkEXWX2eWTpcpA
-pUgdo+W/TDRYsRQXX6ZYuu+kLI8hAd9nJxW91Od23LnHXdYHHZjm100AjPECQHFb
-wpiBiIWfJKLJVNThYbbjssDJTBOQRpBoV4z3jCXE57jBoS7di0xk9jF/WGn19tQo
-yDolDyM6V4C9oDRxC90CQQC6dpLixfoDUF67yBnrujAONgGe4voUe4V2m9KN2bUZ
-MaaSGnUZ7E1E4gH4QiQRL/ZiyUp/qX3Qs0/Knr7Mbp94
+MIICXQIBAAKBgQDDDHXK96eUCEpy9CeImJ/XzHtB5FSGEdHC2KHOaLCPam54v/kI
+yaNEmSck2sJ26Fl2vrIERhz0Gnd2c8vdU7afx14ECjVD4V1dYptzEwbTlo9kTjQN
+vzEzPAUkJtdxpoNlH88BJcGHSTW5EqGcr0xP2iZZ5BPuwXJSGvVJhJIYOwIDAQAB
+AoGAb8picPREjem6kewyBG5Fnu/J7VgqwbTQ3rY+9wi1uV0s9/Q/jbPT6etFri/b
+qT8+l3pwmVZ+HcJVmgSAYdgrIKLDXgPwqb2r9PMYxxBUejme6kVnnqBa0930O2JV
+YEJ4mFAM0PZHN3sTI6cRQtmkgIZKVoLd9BpgUBzQOsy8R5ECQQD7K3zct7bMpwcS
+P6lWUJVZuKcSIShG6ETIJrEPHoVLfQJZaRRNUwWnwbGIdVzfXlC/cNBgtyGQ91Z4
+GRKeikV3AkEAxsyv4kxflDr844E+jyWyx8GSQSwnbfFdnry0SPAfuyg5y+I3r0dx
+MKB897eja4CbtAJCa5nR6sGL16LmSwcEXQJBAL/XyoonhGcyWJNWrrev2zNpd6rA
+SqxGMmsSKoEa1cL/27CBMzGQbSxiJIDO673sow5mU7LbjbbVRGV8+RzBDicCQQCr
+P0sLPwreX2nUeFLxcGHu3PollelpNY+V26vZYK+UwvP2gynAnWQNpVHA+bmWMzTs
+/T1F/zzqYksaN8L1QlgpAkA7i4L/XULip10VMWcxH+L0ACOlI+ZSUbLUda88eIQO
+ZPnvLqJXE3cyvanTWDTVEFOkLpFI38413VX5L2tSNJN9
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs4_ch1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs4_ch1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDio2hBLem/lBEnN5RjjCeIiJB8drdhiuQAOV2zeiekGyV61kx5
-8oLFjZMKIVz1N/zDxYYMAjeND+2ArY87HZ2bmQNSmX3Anud6ToHp/gaelHg4KZem
-Aoo17rzZmTzAkxFTcTVX/S3qsKZD2ATY71Vh/rYzI6rF+0Nh/6wCkLmjfQIDAQAB
-AoGBAJ4XJDsLHtlPHKQBhhXmhxEbScY4PXTiIGbznSP72rkDYqKL567M9mF9fwr6
-+M/o7P1WxEmOJlfUu3QeHSI8Z1n5V8rLPBzigZDtPKcD7SNZ4vpRWK6bYqLvmc3i
-siJYiHDtYh/fK90z0l79iJ+y/CkonDBcYM6F9R7k3/YnvNm1AkEA8X386RDEzNuZ
-njHMZCa7zGL6pq0lIOFeoZUhxBixWjeN8yVi+7zfV6R95ygrvk44lSOaGuy/GiN6
-o6HJVnu6vwJBAPBA+c+t6fs25M+1WuONPxRGBovjGFM8UBtic+5LqWxSFq5SdF+9
-b61vACQrqudBaUfah2FK8wBDGwqItWbSnMMCQQCZ1m2Ht0P3UKmCqiyPXFFkOWV9
-Sm2NjaQwAQW6mxRX6W4HB7kPrtkERuhhmiiLmd7Xuw9PuaNfrlxQ4x6UdkuXAkBE
-vHI8RqeQpe3ktyAfxkNry3UIBJrrBXBtxUchwCfiw8GVciW1Vn9jAUTrFEs7Cm3S
-juT4ovbO9mQAKYisuEj9AkBAalLsf5mTMEwf0wxwucjBXw5l48Gg2YidDp+kwX1D
-i+aUWseGOYYS/aP/xNA4RMp33f50QGWBpUWXUvK+Xgdz
+MIICXgIBAAKBgQDXQkWm0PSpVG3ITULoBaQzJfG36yDfMyZuyjBjV9/TqQKwKfPL
+e2R3NH4dx6gsynMjIkNxbDOeiQ6Jzm3bK/Nar+Pc8xxIZGBdV+YXa+ZhS8vgqeMc
+qvZwNLSL2BnmJgZgJILG2F2H3pkrDXjbkvLCJGWL+Ae2/heNu0/HwK4kyQIDAQAB
+AoGBAKXdsBPpYQz1PJ6iQhLM/ghXjZk9eZfjLxMhgwWZmaPb0HFz8iJyEyjzbtZ9
+mS3iVbPV3AgS6veW/nfbc7T1ec6WI9ddCuP1EhzbCu7KNJ3GfcS+EylHFYVsV2Ky
+RsOJILsk92pfMy9KTOnuqJCSZxPb/39lZ/gz3uKu6YR0MHKNAkEA9ZqCT1NbT9oK
+X2morprP50aKvjS2FQLDdIZtcRSS6+wYOv56MbftPuCUldQur7CvWUYYvUq9vr58
+KCQYUJg1YwJBAOBe7pYBQy3fExhndMqmqQP7OoQmNEktPEBI+KHJwWVX5e6k6g2N
+k90qknwnC0ujk7p2hS+O64fLXFbrcvDmWuMCQDffT3e2UdaHlsZ/5eTaySMm9Bcz
+LJz5BPf0QN9xu7659gUtsSSwX+Nm+cZf/8LuIeXgQW6Gm0XSVbJYC8QB7FsCQQDa
+q6rbh19x1XdG0Y2B8+vFdZQSNym+J9gQzw2CoJ9bpc7yRsfVbaYuZs9dMLBRh5ry
+n5AuSZxDPG9CRzY+kkMBAkEAl+F+hF5cNS0QPoM+AKSOlmexMQmWa0R7+cxGYeZn
+kQBcY6tJuqjb2Q1OyiEwoZTDnLV8Hr2GbuNavry8SQQ7tQ==
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs5_ch1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs5_ch1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC8OFqJVfKX0WEq2vCTMViCcND9Iwk4ggLU98umJ8DPdm5nA3j1
-bJJ3tor0qDZu3uN8vQ0JyXySOr7JsSsYKow5a7EYpzTclY3NTWZ4VjhWLKKfXk0U
-w6r4fyCYGlNL9SBC9bQw12LqbVTkcVUMHBxBVHoqSLHQjqaCfCuBy6WzUwIDAQAB
-AoGAPncdZPLHPidY7hYXPWJlE3VJhpk4GC7drbxHM++Bh9iwLzPx0tGjkmNcnnGt
-DwKd0OoVB6h81TL12o4X1T9ZpaowgOqOhgYbiFRpWfeAxmqMZULYJYIvzrORNHpU
-XfrAZO/yZT9nNxOBK9Uw0I2ebmcF6PLPAfCTHb/84nFCVWECQQD2b+yHOz1sF1fa
-S7/qBe14HeC3dBpOAJ5pjHFpacgdYEO5fV9RJHvOgj0sp19NdUmuzekPU3QiXUiA
-bbTFINapAkEAw4Yb0pTW08IKk+BKAkfa6CH44CzNC+5HTnn/VlfMHySimbNC95Wq
-o7dgyNlkanoZdRUIXbESlQuYJ6LvuNnDmwJAMoXnvCHNCegPPtXg1p24fbPCaloH
-Oo6t6327kpz5ReyCdfjaHcyZBVF2MT1vMHYnUQsuCNJXMORnBM15DiEZYQJAb8kT
-zSCVdjohTAxWo9krGb6aiKh0jtarY/2x8059AG00nYV0yxKBndpw9kP7+jhWp67f
-uplLU3Vuh3LLdbbi8wJBAJllcyFrvrFEtAJpb103g9MOPg0cwnsVxsLtKPnawD9x
-OwG5EXwJXeIn6iHmGSiLc7vPOoUBwHyOro2c1KyR0d0=
+MIICXgIBAAKBgQDAvmbmVcue1tJ707I0+8l01TBPYhxovROXCLeMtk7df5il4i8u
+nHSSAUNijpxiIz625OIYKz+u+xfn2MQoJyfZPlzRj1G3EExE9rtrJHwuCbz7iq/6
+5M6ULyfNPee+k0tiN/XxqI5+dpJiewJBmML2/2iO0h37nvFF9WqcjSgjwQIDAQAB
+AoGAOnqKZeAqA2tSOVelfgXWvafhHHS8Ads8ElsGtZ6qlvGbstjJT+8QPyw68bAr
+KmtfH8aaApM8oy5ztlhCS5x1riC4PxUshCVhMX7/AsyN8GXyzTfE4gOuQmbOTRQi
+p6w+3uMo7Hdpl4iotuOu23SDiwPCWbGZ/s8c9t59WiCjRAECQQDypSwxLWoseJcc
+n7eKOQhpLtv+yqdCRKGOVS/xVtCpfwM/xNJy25pzcyr8iMklJn1+ZSsBeZk1mS56
+vS6y3mzRAkEAy1oge5qtyTx+UPXuDyeiaPJm4/und7A8aYEKwQITDtg6Ef7C0Rho
+fUYNd0svLVQS0xWnOjfsQlzN19XzXPlD8QJBANMAK0PAeFmfq9hqU1LRcaz14Lza
+QURxJgP9tCksE1uxZYPohhD3QoIunizoTfIOXIazNwibU022nSKCrL9CiGECQQDE
+uKPD75c/ni301HVAY+9R525yDvmrZ+qJhjSJEyCss7E5x2NgNGShDCvqw+kXyMWN
+Pt1QDNmaOX1I18leoCWBAkEAzfJZUAiRWIpkI6pnAXGbLSQRuC8VrxvMTY70Q6El
+0SrhKr9MgBSDiKLWpIYoA9E6InOyzr0wQEXiCSXbpirqcQ==
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs6_ch1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs6_ch1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCv50qFV0pKMzZEKow0wUlHE/bHLrPlksC+tnS6YRuQzwkeL9Q6
-0foddmNdLY8NeMWTob/sUZl/kFctnkFG/GrhA2NBeNeEz17U3TcRHsw3BbcZzppe
-63WLGZUflNPSsv+IJsVvM1mte3COyZXdzDHwp2nQl+DLe0Lx6uXtDbez2wIDAQAB
-AoGASuc/iWYxQUVrbz169J/11yl+JTUS78g9ATjqnc7qERDIPi15vw5Y5iDakPvs
-dX0fDQ2Mj1Hz/ij1pnxEKbkkvTTbrnDsmVugOf5Sm02R72jjlsMM0ezXK2/YKcsW
-0UHLukAA8Yb0AAiXyRK03E3dOhCAj5f+6UXdSA3CYlj/A5kCQQDohqxyooRfqFGZ
-LyCP/knesBXZvfkz3gknHNk2voj0fk6zgZbWULfyVRZ4fSlWE700MpkKgX8gtFwL
-DBNsxx8nAkEAwalIOpFpRF9vEfnQ8ebSrgpZPCtFEokJ6f9Rl+WjfYe/COFT9OKp
-HcfzLgcJeR84SXGdDySFtRoOtIDEV9M2LQJBAKOn1cvBEoX5A6VbBAIUqY0wRdDA
-4ppc1fhPV5ouNFpQY7f3p2Aj47ONq4kWHnfU4L/SNOCuD/nGt1mXIDzZUNUCQQCd
-K4nXHpRUTS+TYy/UYwSxAu0RC/zu4hENu4y4vkJFapn71wOQRzQBW3lc7ZEen9vK
-n05cL8PkCtXMYIT40g2xAkBS9HQg4pz365lX1eKvsPTGtiM53qcHfrgijxfxmXfc
-qHViK+ZFgZ64KXsyiTClw7M6Bb9i9pOGMwRsO7hqmBxa
+MIICXAIBAAKBgQDHdzL2NVop3txhial+00+sodvxf1gc00ao62FigNDPQGukOaz7
+8+SiR1N41M1aX7HA6CyBLQCY1S9r6eeF5g4eRtYiufOn4GwY6kIzzcCc4JjsKWc5
+xKP3aYsEZvWiPAgbJOW61FdbFPHyyCsPIq5u0cqFAeZ1ggPfeu2WimQvXwIDAQAB
+AoGAKoihhlz0IA+U4Puw+AlpaP+O3h1wlZz76VNgDdg4LqmnCnr+BzAH5g7dntuJ
++qaDSgZ4TwdgpDZ5iUJ0i1n2UmAa5UcZ+OUQSkTZvXR4lG3L6dzFB3pX1SxPNWF1
+D2A/c6cxdeFud0+RfD8y1XiOfRPp/W0wL1xPgdqD81INOVkCQQDiy8AALoAUWetu
+L2jaxy2kkOHkHBcSD/OOa1Q4Qtf5lCfRM+C/YCmVfraayja4vALuQ/n82xjoL7pQ
+ndT+cdm1AkEA4SaEB1Nl6g4MyKA993Y0AQ7hD120tPjimvvmUcnWdDotDgcWDvNn
++emcs+z4FEpuCwAib8GeuKk422+dYtSBQwJBAKvnelno5SYH3j6/ar/hl0QUmVP4
+wrfrJVY/HjAi4meHmAKnSuRkNEDfMfPz8DRoNeR52+OAAsoDWzq913Mhwr0CQATC
+FJ43A/tbSqfewxB8vgKbtuPlPhFpBRjzY92sn0ybgiI+wheUy0i7yCUBSAjdvc+b
+tB6af+k1Ik9432GcThMCQFrYEoUHWhaD3SkSiuA7NRfwAKNSv2Us4nfwIXkzVW2i
+/3091BWmOmlM/lsIQe5rIG3d/mYEDnNh6FuquX05Ngc=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs7_ch1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs7_ch1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC7LVdKxNkktnil3J17uWjGY/zUipC4JFCNuTRbwOwWv8kw4IBw
-emyeVUiVExYgW6F7EN7oEmUhxb+5NjV2T3lmSYJ2aaEijtFM2SHmULgx8WZUIMyY
-qSK9U9Kv9vAJyhuphaVhUWYdVFgSbzVbrEx6i09jOEnl2AKIRnVz8kD+yQIDAQAB
-AoGBAKIvDV4Z5tTqzutYl5Rm+SQ96wr27aLAxJOokHeYWHj1wQx62o+bZJZk6zlQ
-inGLNAaAfcS0e7Chuhhvoi9beaHr3+FkqFb+eefic7/ucOMhi+QDjTlBk3R4VMDR
-889yqNJgTay/r+NN/eabvV+UulKsAHgvwzMg7UgAI8jHTXZpAkEA9ZUm9fXin3nM
-OM7ftvpxFqBPKT3YapyEHT26QYJV074lhh9olazslkSbNCyW1RnzX2p4dE8t4FZt
-EUNVTEfj5wJBAMMd8pcoiGwfmYcW3gRtcCEvrvjVFWGxl3rLMlu0VJXz5NiiwYUy
-7JIbalkRUcYoMGNW35D1d5TaCklrmoJrsc8CQHLYZXfwnSJnGxIV7JjtVaV3Io3u
-1h5FQ6NJEqlAAlMbQQEP/yC/1YQQYWRs1byifiXI7Lu3q4SV5juEeYdKt1ECQEkX
-4/QafBi9Mb94oo1YDgRwn4SaFpt1cwDONDxEbteJ+XXqasKiVBtb59gb891e2tms
-Bq6ANl7t26Kri8NF4uMCQGzrv8B+bO1tXbUoYgPJYlhtpXamII135OQ7sYQyefoO
-m0bMCIBbngulUHAQnSZrbvP7jRLB9SVgG2bv96lUCdQ=
+MIICXQIBAAKBgQDIlwZyd4LnA1NW93Fc9LWu4SII96dwRy+tb6+pOcNzyvXVVOk9
+RvikoRon1RrGkMlLwSEyBptW1yM8I9mqKhcVYQzMCOdgr1XmnuIkvR/pBOgJ7fSj
+2F4kkZU+n373ZGZgCH3PrLb0a3IoYYzcUU0APk1ncA6uPDeZKEfnYf6jcwIDAQAB
+AoGAFcI0I9SM8YwtzSA4PtIYpyiqrXhXxFkkddbIoj2u0u+wLPzx9ACv1gPXt3xp
+VCK+gyYm+Ks4zHm3y71Dzi6UpD6KGJ46zxX0JeYjewvoZF9CKUtfz9tuazxVJEqA
+9Hg1SlLdwlrZRfV2K0RlIJJRMcTD+67ubBU/STW3LtfzOukCQQD/DmcxQ+fw0CxU
+ypSSBIELL2/x6Hy/gbSvqjVnod58/fvHBWKj9zlaH7DN6tigI7eoL3BIb+V98wcS
+hhnMFMVvAkEAyVUHq8MdGwaB2bBix+r2MbwJ4vG2aTDk4+KWSOyCxP1+JEx8IwOe
+KR7foJUfsT3g6b4pLTvvLbUo3JgL6lHoPQJAMxRqXDZyTAsU5cJQcNHQGjJc5ACg
+gyXxzsByw5dqXHPtKZWNhLLtXHw+R28CBUhB7r/ZZ9hpCIlUYERVBEcgpwJBAKXF
+95z7+Nkp0H03+P33f2OQGuvcbn/KnIzvIyNEaqBcwSKOP6Bs+CuPmj6UyxWbh7eu
+tiTitpuCEPUh1J3Jd1kCQQDspev2/mMg5KNQFs8vrPoSZ5V/QKXmfss0QbXnqLW7
+cn8ZfkjzTN24/usQRbJ60ZiVXtojEubNxtECfjd5eZqt
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/cs8_ch1_ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/cs8_ch1_ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDYQiKJSUmbH8NoQ5Nb577N1g0ky9hqvWTDjzFvTzjEyjlOFjUy
-iLsD8AQGquThESTbseLRGzpFSdoPNrZ5hUpC5AGDdU0egWkw8GQgGWPA1F1Qdruo
-5Fa3u+BUZPlzx+uEptpKWBYAqMvlxbAfrev8LAiT7i6jJhM8pkZkpd/2VwIDAQAB
-AoGAGdSsc2GBnTnKCWYo781aiROMNlzy2K0OoB02dmksCrVs6trUN9kFHY9Jq9I1
-zHxTvrocsYVjDGup1C9g1FsLZ4HG7sCBOzJe5Nj3sfF8DI9DVsj+Ite3nZeLezz0
-rs/ADZ0vbLiUx93gQageXATzLsb2PrRGu5Esto/pbqGocgECQQDrawls9VL6A9su
-6MczxfCt90epHuf339Vf1kvceBjsDB5Mtf5+ES0ytPKoWbzD/gGSf/XtJkDkJyqt
-ZRWgqsgXAkEA6ypHCLxmSwXeESD90BkaNlxrCFEmPiRMedRPKFxXtIkE2zg/jhk3
-1qAOcTANxwddjf0d2y5TFhc/Nn4zUV7rwQJAYLm+yqzVZfIVqWVtC2GlrOSv5dXT
-+21VLyZOTwxtOPcVr/EK2mNWTcI4/WC5hVGk9btroP+Zo+RPzaR9yWDCCwJADLTD
-E8jCKimN/xTuQdEpZmiF6/QegdsKOsbq4/5hSsLgfUvDu1THfJQ3U4xKIkfWmTZk
-55PQL3BgHPyinzHmwQJAB7Hodce/vDl9srDnq0q+s5RdsV72VnloInu2hzYoY20Y
-e6zlDNasAJ6va5LQ5yk8+EsuFxS/kK47wDDZtsnIcg==
+MIICWwIBAAKBgQDE2sTTcsJl7H+4QePHFIO7/J7VhxVf61Lay/TH2y9YZQEODtUn
+z8XlLM6Zfw9IjE9UR2tLXpA/lZZguI45H6nMOLafIW1OaS4UxXH+4eFEJNR0RUqf
+iGQ2lve6dB6I+W2s6SXwdFjGE7kFq/oOXHf8oT1InHiQ+GdBmXy/RWpn7wIDAQAB
+AoGAV3lnMRazr5rx/iy5TMOe7jAJXJUUOHVXcgZjlVOerEbluxt4OKKpK3dHrwm4
+/uHqdmbuFKXGr5qHIh+gg13Ak0kObYXDRtuk52e04MrNB5LY7oudDPLQU7aj7vh5
+MrBgc1Y6OqB0xfg+BDaR6WrLCPpf7dhiSYezGid6SzMGNfECQQDzad0Se1eKCgcw
+yNqoFQADalW+Khyovg061Eak0LYE3LcmSor7BQSje1g/7PItCUhBHrRq9ymDZozA
+6aZH6jtrAkEAzwiXMZc45gjmAAJTnCYV0pxxJ5yhL1De151LKI/0T4V7Y9Wayq5C
+i8Fx0Q3dv4qpJXFm60RzaZHFMQEP6CCKjQJAQcQpmfO/XCmHddPe2CkMXt/dGMsy
+ARmQY4O1LpTBiSDFT1A2qsnZTf5mgqcXa7mlTwrnvjrXeYw8nWbDqYyMzwJAQyec
+M1/D+wnj4RjgGgRYi8pnAdxShFCNGA9Tc8LOEoVPsuB0p03DFCYZTyBaT2kg2J5i
+Leo0LYg1GGIp0LfNeQJAKdPxQ1qY+jDe2y3a7FS/mR6DQvwGtqZLsdZ/akjPVIpr
+wQVD0Wa9QjW47ZvfD225x+xni870aXIivRJBJdDHIQ==
-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/ta10_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC2UENzZBJAJlQM+Wfkau0fGOVziRMPyV9ubsYFrSy+5Gv9xk/q
+828N9Bo0fwOXsKTRbpjSNvozXVE33o9bPaAHUsi3cTBx+8On+mH2tCi+ntqLi3Dd
+jtClGgBwHDnhz2T47LSDuStn+k2uMIQvLJ1sd34JlUN3a+GdK8mJ2anljwIDAQAB
+AoGASKdByglWMJRVqHn3yhJGfr8IKXu1yfPBARxJ89coXsZettpB3Oq4FgJyMvtu
+7hNqC0AczKE2IiQNCsu5q22qiLNfwhlDoqckECZ48CuVpg31ZEuiX6o75duvEjNl
+RIo9Cwp7Vo22Uq/6R9rAJP09B84NdMSMTMij6BDIxiSInSECQQDxAwG9wyfI01eP
+ZzK71lB79RO0T6t9NPF2z8Ed0VbA2OKBAufh4LNqxvxc5ZyUNaqEU10MA8NT+PMk
+srew7FyxAkEAwabClJ8nVdY33ko5cUBoZWsgVlWEFhoRmp00AMGa7mGIvyAExXkQ
+qF/o2uH73ZQA7Vx/4MLF7wcNqyNCrH32PwJACt3y1yaUhaaZ3RpvHC8Wo/Ax+kBZ
+YCTh+lR1xa1ptvpQhDaoU/P4wwjD2kB0Je6hiKPlnyQQS5n/BJmWVMDjkQJATLat
+Goc54+0q0KqCuvSS5qpbcxgJbWACXUetVCdeItUMgPpEKZ5eFPV5n0wqpIp/G4ir
+N/SwyJH4vjUHsqFrrQJBAJsIRffGRMmMEC60E+KJTqWs18j2/igGt8W4KsRbzeSQ
+Ncw9f3QXgfNIXnmyW/L3i+8XxHzLlD+oT78Csuu8xCY=
+-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/ta11_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCjxdQj+OikAh84zVPcfOg8Sb0UwceitwB60tHIAXyb93hQlQdp
+kKB6JQ9VVfeyM66uZmRcTIZm4CjiY4wRX+6kr3eGwsAYDSQYXyb/Z8z0+X0M59cM
+AeiFV/So2Czx7C/HjDTUPdMbXC1EvdGmNdIhNvkxrCTL7HtwyBCXyI43GQIDAQAB
+AoGAID+vU1oLLWiBj2TXM56g+GYoxnKWBhN1E7p5tqGcUPX9ChkeeYoSH5s2lr4z
+5TJKHmtpLcef25geVN33UeCLFDAU6wIRCzFFV5gzssHsTIB+Gl3GR28BPvbQU6jZ
+1C+FIq0tbCDPXgOW5Mh06y5gilSehLNK+w6wsveWCUfMtcUCQQDRDSWbm9V3lptR
+oaTqL4phHXAy6VNZ8GSqxeoFdbKJ0CH8atsazrmYyyyQ95indnf5e4eZl9k3qmHx
+PeP4wrurAkEAyI2CcK1o7GPA58PIPOyoaYunV4qwhGhJxzQNajQQH/3ift2lTMPG
+f2wqFNCeGrtr4V6c2EFSSfAwf1Ierae0SwJBAIiDylRUrlDa8/CZ22TmyLnkjHli
+rwCjoEl41vrbwkyGszrv2McnykGCJEdCuNha37v2tDVT2RCl3jG4ld/D4uMCQQCx
+DQSn9t9XOaV2tkfTSVZQf2LHjP/SlML1YsWpCbdmlttbBs/Eml1l5par85Rwox9V
+QhKTc+9yqOIXtOayhghLAkEAtlEde/1Gatz3itdyAvNRt4XZ4TBiVnvnK1cAULG9
+s86415CqQeI9BRZHG+B4lpFcV6J4ssRr1byXrs3jftzQWg==
+-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ta1_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ta1_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDW6VX1hgHVK91SboKJ3HojoosyKK8JKzf0mNktPbbTWG1N+eWv
-QKpBjspqEShuvRfuF18iwxWZZT38tha8Wvu9pxWw//ZdGSA89XhUGXXMYYJvvLsa
-X8g3erDAXjAnoaqyh00QV/wt1hdtsDm9BrUPztEAL4U1rchyOeUs5AYqGwIDAQAB
-AoGATy1eNvutFy1299SxETuCYDiVUeB9REKA9gOOF8Xh4pF0i8LipSOM1mRWHKe/
-nrTZ6SUBLtxyy7XqFX28eJ6ImhRSKBq0887g4Bx+r5ULLU1mKjNROuUjmrqveKZb
-S/hkBhTxi5nlKb+ZhAHlchi4tR0xyR9eHAMWpHmr4q7dM5ECQQD++4L3bW+Qk7iB
-GsO0c2yitNsFIPjKo0WWUkaDBdlbHz0AZ4Y6TwyOnrCxLhndMibs76IKM6QgDL1v
-ZixN1x1DAkEA18TjTr6oC7IoIjquPmhgxzzewr2ohKF5U6QsizC6PBHHTiJcZI6m
-ueRmvVuEefdOj/nrh6p9FqizSu6qS2/GSQJBAMRenrY/KbSGj4meOyo12mxULHj+
-s5wbsfPa2UL+ti5fGHO/RriROHJ99EX/4xtfDGtdAcYpjzS/mwS4A1bPXFECQQCT
-GQg6W+JmrtuLkmPN6gzoZ4gaTYBAg3EaY5d2gQ7F+vzcOLKyX0os+xhLycOD/uTR
-ZPl8cO98biBlWlZAvX/5AkAhetIzZgQqUhk/irz0U96O6LiYEgz5sBYTzXlQS3/s
-fbmqP++KW7ShlPMTHUSkMe3sAx77r7RoRNSOD+5hSlA+
+MIICXQIBAAKBgQDgSjjGSBOrcavKbm7O6fwsaM3uefbCfh8Z7lt1GT26T4+jeflc
+690MMA/QdwUN/7ko5HQaZ7P/NuomYexRJeHAzZdY4GWNTFS8k5k3K/OH07jXhxXZ
+zxy2h/RtVL31ZVNgQ7IEcnmwv3ETEf28RTgUgtkFi/6fjn3RLLk2YcAKEQIDAQAB
+AoGANTiHdk1eFX14lSVVN9X/143a566bJhWFTcLogsXFhvMgE1t7F1iEcELrTb0g
+Pu0iQ5jKEAXxiSq/rvHngG3rvkFWnPkoF6rDqvzPRkMEKap+4siCGUcyY35haDgA
+OJmjJn1QjlmvZLt2VzUMgWR1VH0zmG4OMhJe5XcV8zpcbRECQQD/fth1Z3lCVNXz
+nKKTIjv9tAHQi/lrqLY6H8oCSq1qQ6Itsz1nDBs6b/kEtZLNYr+pDUT+V+3ZL61x
+80wxAnzVAkEA4LuaBSQoXze6PFJUY/e5Q6m2l+vYXdyOZBr0IIv/RUJ56MYBdtSD
+i6MkbtcYDUvK6D+EzVlBR7ftRhFBjIWGTQJBAKRAU8AGaXovN+yJQir80zxiwNfl
+ZM/FgoETdrbKc3nhSR3AITViHw8OdTSF1n6bgUOY+EXbGVmKwSKEmvLW+pECQQDM
+7SUQhR0vXpC7itObaPyOX8a6F/zv8jwBurZcq2x2Sp0CDvSs2DKv9W82h3tOPIvl
+Zm6CFl65uFVsLDYannONAkBN74frdwuxVHMwyT7t+EuEPe6oGzuc9tg8a7dd9bxD
+fszzNiA3q/mvM7Zd22ezuhUSOh+cbWuDGHVqSI/o/VKQ
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ta2_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ta2_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCkRPuU5JKrLMAioe19TN5SkaZw5Il1VaQB72ZjtP5prLeD5kNf
-kET2zGYhab7TBj2CLdxt8dJt47Ay1jLns9Y5dhMaFPUcoMyNsHq1Y7MQuTfMNO4Y
-sTVZhpYc1LQacSXnqspWV9XqirZK/NjWllRc2sSzPfkl5eW9vI5Hv+nH/QIDAQAB
-AoGAfCAH/kUNMr0Y3dJ/ssuPvtKB8xItb/Trfe7Y7oSILW+uJ8Opqx9HjTl7/sl5
-wNkZRzHCO22b9R80N+W1B3HTb9f0SUE/QMWRoc0//II5xHnErazEDGCcImqsSx8L
-CZztAL7A/WZAwhNOk8YTJI0T1+zPioqzGDakiRStSD2yRiECQQDRufDxGNC75qDO
-jtE5NySmiv9ZXifBBePlAJyzXEu983w6K1CdEmLUeqn29iJZqfy6fyn57YC4RVwo
-xYk/6Yy1AkEAyIN7hia3glAwKhrHtOWK0OBidh3xLDDJtZYckD/IAB8XsJHO68Z1
-pN7LVQldGn+D1B3w5JD2aIeDEx+H0R+jKQJAIunPYHN/HCiykHBaCCpT4Z22EIyK
-FaoDXDYT4A/3U/HatlxLmTpcVX7uGHy1DzQrLGjK9h5BlWuGggsQZCFfGQJBAMSx
-/l1143SI9waGqLtypT8LrmrSKoBAB88Cx1hVyPsdhR6nmgU99K/cAjiT6+oPhqFx
-EZsV/TJDJLiAqLnjQCkCQF3GW3TyFO34Fj456oKyb8C6j8bEqRtDGKoFOxYEvjmR
-T8GGz8JpT23qHquHwx/K3MVCIRNKok0Y1ivnvuAodto=
+MIICXAIBAAKBgQDjdeFEbWix3GRrowYKO5GtEM5FmfPqMjySvLGF1cVipv0+M2T7
+hG4J4cZ2NENjf3uTvGwOMViwwMjHtG6q20CGZ7AseYL7MR9xbBCkuQvd2Hjks6Ov
+3sYPIf1c5gG2h4KbBBZuQqVXOf6F41dYzf6Qx9M1fZETvwXyIaxC5w/k4wIDAQAB
+AoGBAN8qzPYCEnJPNgeVT1vCzk7q6jbHsdTZrSybDeGtt5fvFxBsBGvxprTzW3Cm
+HmgEsA5nE+1o5QemXlfx45Kmw0pBiAKyYZDJFsbc9ABSWfJq0axIMg/Ta5XTQ7lU
+AE/ZPSOqlgJIuBl391j84zb9QTarIybMRjcFH0fF7oIyiuNhAkEA+8eg7SZb5fXG
+KiWdvtDM0gwqrG/sSglYYnEZSF4lzTbCB+mlvPCyyXY9xS9U089PHwiPL5i3b5EY
+T3rM8nUO3wJBAOdF5grjPhczOXCp2wvFfJDhHNp5eBrYzRysVd4I1dJW8aeOj7zQ
+U+u2MNFtWuFK3xBpHXXX3BkYFQbVVQSGnn0CQGvbwgG1vAqQNfsaMDBtLEETOzix
+nay9wiIxxx3sTw9RVN+k5P5CsqSBRcbyFsnB9mgZ95TxPCvMIXjy51c6dEsCQE2h
+0gGPnDUPddWSvrup1BGR7yyLH7zrT5azZrN8hcHwe3fCTA+WYsU5yBNUwO/lQRFy
+J3h6OCCYS96aV8qIIcUCQDQ0QUOQ5HNbCiUd2VnT6hWOBm+5WqLOaCr30adUuuBW
+09QfAz6cUfxYnkSMugGuMqyguJ+38PpwbPTtaG0kX4U=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ta3_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ta3_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDYkDhD03lMAWnceLDljByQhXLVMGoDLajkaq0nxFnojKZReWL/
-GCaH5yloLj0gsXhAVsCCBCpKN+E4nwrODcat54yxjiVhoXIJmCylpLtWYYfwLhKN
-2oto4TmayC+q3MmE/xvrzimCVbNMyZj92HwT6sDVchd+kgv01HGgIvrF9wIDAQAB
-AoGAAOOOp5Cdpdc3pQUFzNtnXpx9nSxmsv6j+9QIQ+qFZ/Pz1s/FvUBPIC2tuNS/
-wXuY/8KbZa04szdJgF7+v1vFHf2uV4Ihhi7Ys4tO/RlJpDfL8YKoX/U5VNH8Zcb6
-DcHyBovEkB7eW7QVevrYxpt7VjsRLm3wZNRBSjxTAgZylDkCQQD8CpZJC7YM8OT1
-9362IvHmX+Hv2xq+RSjHn4QMQ5x3kHNeLnmAF6ACRScvs8qYAboX7LiOmOYTlghq
-lY33iILtAkEA2/b7ai9CixkJ+jTDse93GPsI6aB/3TBR4T70Hhrw5PQUriWzj0eV
-xXS/dfbZjKo1RopciUD1I/A46hqMgIWb8wJBAKtDsm1+ZL2Ub7Dn9ZVkV4XYv5mS
-BDEoo5ZKQZtn0gm5AXwNDojJBPSl8wPKIy95dO/O7nYPVcAXYi6y415Bx90CQBa8
-YqRJGkGyZtub1JZxwAeu+u7bDhxYwD3d+fGaq0efCvwtHXAz4AE23gtdZoMpnLQb
-3RC6zBvY2qkn8VnfdY0CQEzdcnWs9TeOXwA3pc6cy/QzP2DtimSQtV0Ii4qYD6ec
-e+LVK2cONKNskdhgVA0S6opNslTjs4Ay/Yd7Jwuekl4=
+MIICXAIBAAKBgQDQsOfAJ5bW/xaJ9Exn1SNXpq/+877ZHihEpqMOZwkfsvxw/SxK
+nBOgzzeXLDl8QqT3ZH6+SWcFAbP3RjSb2L1LrNZAllptoDOuAzMifQY5bgpeOT/m
+68f54xqn3RYUbY63hNmvt0PbXQ8r6D3+ZteeOgahn8M1gdTNvBY8osHdiQIDAQAB
+AoGBAMjOgKEYNv93guOJq/95SkGsBctoFOrsJskwItPX9yKGYnwCUJ0WI5jn61DO
+YB4eLohSLdbB4JwjsFyuNC8F1dX/QKJBwJJXQIr5e+UOSaybcX1cpYgGwDOd3SJb
+OVJVBWBnFUszRs3ATLJblRu8C2L0pPFWrQIlDbFE6I23gKGBAkEA79wRX0yt9HIc
+zytWbhWGmxl8svvLvdDO7UOEHHGxQrTPUebA/RmyZ5OelIeG9uSH+M7h0gCDN+3V
+QYXfG5nNkQJBAN676apCvN/lySLB7xVhOdcojwJgGSHkNUqoZqowpJkW+z2VCawZ
+KZmTjsE84q2Y+hK6Y9ooMsklUfL1hNpKdHkCQHfY8+00OS8M3Yw+UT9MDiftQjuE
+SLcdYGd49sfnnvR/t59qtz8/2b6bKf95AFzYr4AIjxkJHIeTlJzasTHvVaECQE7S
+AOaXp280SfFa39iZB3b0i2czyrELqTA6V9pyTE1ArLgmPb4BSY9ngGUxvqXgNN7b
+xuo0v4QfCNkJuXHmV0ECQEJLPASsU1sG6PPPawxI63/d98m8Ro8RLE8cvf7ZKiuX
+EDjWYXyVIdrmZFG7z2EnHyDj1maqD7LWmNaZnRrByUQ=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ta4_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ta4_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCxS4iVsx6MCJUhQ04Z9sHgSmhJ2ChIuiAiLavYYhXVTiG9wK8A
-0AlK2jsALRMMbuE9NwD1CV3NaYFOKz04jPBkZg6g1mixJ1c+AcMnKsGoNbJUp04X
-PYOFQ234B7o7QAW1w5unZvVfpfiwXz09lyVMT4ljUX1KvkgaHHGj+mqHEwIDAQAB
-AoGAcXKz45bKZTDYvIAk6dhMFwmF0jrPDDqNdVFkNQIOln94d8NkOFDmoU8jkelF
-1x7cYh9gLWvg6iAo7awdcKI+7+43+cjXeJ1+mYSzFyWMuWAfqDAUu130OeLFM5Wu
-2sdmfo0ShuR1T8vywsaQ2VtEcrKVEHpCvIjUJye+kO1RPQECQQDlcLQekOxj2rgB
-MLYdJwkr0JcLxMTzoesFdAnjVC3C4dn6hlvURq6ZHTmvcoDjIX2Mp7F2bS8zW3Qk
-Z3yE1vfbAkEAxdGLbmKmdGzaXwrMtwrail0l7G2cNdxgxJMjy7JuDIQHnmTGyxAL
-lcdZ0Pp/4Hgl8KSIclaV9B0YE1pjW5UPKQJBAKz7FbFdzftSsRukoAjGn3F7KAXl
-ah/M2aYY4EOV+ZJOOMtadO1MBOLHV/Bgwa98Vm2vGGqS0t1DfALeStDUSbUCQERU
-w6MXtIPW7f+SjXBU8XSGBImMuz7npw1//gdo1RbBrJgMG5cdLcNJHz9OqElzdzeO
-vgsw2Y9/VUeqG1QRQzECQE/6eNC5Ec/7mtAW+qyHOmTRXXT16s0mIA3dawQcLvmc
-6NdPcGO+5Af/BzteNPLBk1DGjLhiJD1eKv9AbJHaKts=
+MIICXAIBAAKBgQDPwCWn+t+k5AIzhE2gP04JxK4KWNNFFdNelFZatdo+J2hmPbGD
+FLwTlPOoOJzomkZOBngNKZVpoCwSGTtrpj1G61aK94Ut2ZzwMGsKA42u2M+e38ml
+19OxqxN06B6ivjE/F3giTIOLJO9PXcRuJviw2SutnrDE/MIAEJnpORdoBQIDAQAB
+AoGAc0AwY7kMOsh25CeAfObBny+qMXlHcysBgJWgNmBuO07XXujYwlRNZjua1Hbb
+rTpwyDZUgVDRX7CI4l13Fmg5006nKDVmg0JU3KKIDhPKrDzwSIwZZPRh80R95/aE
+ieUpFm+FgAZYipFiI3PyxxHdEdHilyNa97SxvKt/idWv3GECQQD2iHoj5vLVqW1D
+0JCyobYNde7C+Ky1vXRveDLnenmOPQZhE2NMl/ATRdhwvpJek3i3ApYfjH9tmgvT
+t/h0cNAJAkEA17pr6KU0LCKN8repq3ByRfh8kx/XnHVBuqayW3hleheAT56QthwO
+s5Xeq+rj6TTwfRpVRS1VWu2AdNEsQFjfHQJBAOpl0nNmNwZMw5WRrLIarMRZl7yK
+wXM+gYEmcIfD2+UQQotz6pq9b0ZzxxlTKEmBv2mJrQCsDdBAgfQ326OiSzkCQC6l
+jc3JYyWj9yOjmRmL//mnSHCbswiOxj6w6uIif3bN/B27QLlQCdHFN1ffO5birpmu
+hv+lVM6Lino3/KSRUvUCQFNknvds2O6qGKHSpFu9JTXeiOCjQe0zxY/3nXE4T/da
+n0NGzS56tMTIxvmGEMvMZd22uhSxVUorl5av38nuP+k=
-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/keys/ta5_key.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/keys/ta5_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDMJ7TCwYg2653EAnkEjY49hHIykn13XoenGxl9CT7/g97eZJsD
-xJVkoxbvtjMr1yg/cI2BwwOvTgTe6IZRgnWBTh+X4VN2WCdh8gwvLrrSt/VqsWaH
-gSx4z4x0kiwuvY3uaOyS4w1zG4InPkRnlxxCRiBliWGuGwcfIGA8whYnDwIDAQAB
-AoGAMtUYHv4NKo+UIr/y3f1ZE1wtCwaKkvRIloUa3ZU1yG1PStSF/HQwNnSdO2aE
-a0ARV2pw8YRbIIUulUoUV6tCElRG2wZWtI+HGr5A7cqoO78VmUcyRZoqt2To3UHQ
-heSNks/4dwg2fj7qoeEf1xRWtrPgqr6pXKiZ3gXjwk4DMBECQQDlAFGj7PZkGMIQ
-vPLMnSks8zGvPjdi5CSNYuVXg4DbmUXr7rIcorFBTjRwNBhbmSwm2Eavjunc/f1J
-fMqau9ZLAkEA5Dl8ECDkkuPCl6ycfuM7rG9QDr8YaxZCYTiOBrP6tOBOCYm09oZE
-Yy2xK1miCC77OS1YwDfvSpP2gy3+QL6HzQJADKuJ2NIBh+Q+yIJLxLplTtFdzF5a
-3iPVSeVQ3xithnjif31DaYYu3HghOpwHRPoikTuiHZCAq/N5khlPdGQ0JQJBAMU9
-6TsHMoTA0yzCwX3oZWphyY71GOV0F2putlCUu9gXA1q66Osmn3QXyUbt8FuiPvzr
-dAisTuLlfedhmJvcDwECQQChSwcnOzWUV+tzyOtTCRvYzCcGkPJpVURd+CRNMsxC
-JY33rwhvxHSHdrOc6mo5NSg+NvIFHaCudqPLrNbMur9g
+MIICXAIBAAKBgQDEZXB6DgOuhfPWA2/5oq9Ors3UmbZtFKQSYlQfi8bTjOh+hYKl
+9ckDZvbdSFhaeiDGHXtHeFJkPwpn0MwDqisAtYl7sVD7eeHVMozDSd+6KiFDy8U5
+ORK9Orp7KfJIMjeExq9m26KkAOxACMGoNgy2SMY5sf2+4mCkPca2sai+VQIDAQAB
+AoGADHB8Yk627vvvCNQo6H/kaLBruxaNVnVjOwLdXy4kRsv7AeCE+OwLclq4MiXd
+6sUnhETjxRAa79yKVS8FbQn/NSzcfThHZgoAaClHpZzRQ07rG+h3n3G1t6Pl+7WP
+BFxvhWCrS2MsZnynmOZki84um8dSVyXRBmjrCV5BnwDmmCECQQDpycFGHgPmRmX/
+H4CgI6SmZWyqjBrErezdKz15nzmjlXm4NMe28Itg8e4sdc//h5dLfRJV/ujPLPbO
+FnFxEjtpAkEA1w47Q//STVXbw0HpZSnKYxVmDLcevhTtX/zq9A6bJCIGHG/jI3mv
+9t5JWbWZgmmeKUAe5o/ATu80O6NddQiqDQJAfJGsEhhcK47HOjEm8C0Nxju0swsE
+GFg0JYSstOlKZQd4W9aDs85n9bfzGG2N7rHow6hY5Ml2cy2aNCVxPLZiQQJAcnGE
+YH93LuiN9q7QwaEnruroT8PzfDwuxnIVpqNPND9W+TMhsPNFDR7l8fOOKbSDEnio
++RFuyZLKPSKGzY060QJBAJOnRcAqnpU4sg4TMecnsaaVHUJPjWUr6CMkSyCWZVi3
+jAkSrx2cv7F9yEhTWgDR/Klcvycip7Dg1D0IEOjtmCU=
-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/ta6_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDFQaI9AK/icSnmGMJzZfxKneP3Gm569QmBh83PqXSp5Efa4vq9
+DgquugboG2bjil67h5Be0Th9EpNyoEuId93OAmefxb5Jy7foDr3weDdVu8WRbsd7
+nLOUoiR9CSV0UiJtSjT4knGx6XSbjofUKkb4+o+GXLVrICTRN+qKhwfjrQIDAQAB
+AoGANRQjNu0PZwxybNMux+SijeWMqTp4jiePpkZH0GBV3z1pRHIdbG/x2fB+2Ug+
+WG4sbaPd6lW8MJOmD4soqBExIrwqOLQygoaiLlJrp1LAsJQ11wuwSyGi/q2qNVhp
+DB/1zF2cG80dEOq+TwImPB6qcIS2FuDZRNU3JUF3DRKm8oECQQDoqdRxtbD9nSnf
+Cm6JachsUx1xneB5YHTjQJQrM8sLOQOQD2mgHriS1V3lKEw+hm41N5kyQsDb6kqD
+x7803t+hAkEA2Qqln2LWBPs+GQbSa+CuFxolHNUx1e9Y0LfhdFvxpF7kGJWxa5VF
+UimD1AE95vuI6Rp/iZZlIao5d3AHd6u4jQJBALUWYizy7sQmzE02cFxxwjZV5qfk
+6q9uHOw3+ls538JnaNd6t4qR/rUCbyeKWvWbajHviURuYm+IhuDU2oTLJ6ECQAch
+U2mWDKPjQRn/YGBM5Es7/6Yf1uBJWaiZsd1pu9mDiIjKOibno3xcgskvNUJmVwwZ
+Y8E4YKAngHXNB2HGEW0CQDY8gCLeMukl6J1XTvvSH6IjoktNZ7Apf2r4vxzDi1xD
+/d4dVVIeV8lxkO1Mh6Z64FGH7c/lKR70ufy9l0WFyk4=
+-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/ta7_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDI3lI2e25LbXqDc61Bza82AmI2PvdVBxEkQ8LrQ+RvHTzsc0uB
+WKIqfuDE8JquBNgqSTm/nuit8JZSXjxncX89QNc24xwl2gsp6YuBZhm8NDgaTstj
+9TDPgmz1FMzfu8ztcIbkum7bhc5g0Wk3SOgMwHaCD19lCWINcslas0ks/QIDAQAB
+AoGAXd+oxFWDAjUz4GMbQXmCvNb4VymuJUqcNDqGybR8+YDMjCSF0Pk/MGUDXoaj
+g1g4Peri1i7JxyB84BmyWRWtxHpqZAj2SIllnqupFCZpRAF274+DlTKX8YYOvnCu
+aZ0nECNafFNXcctRTtl4UefaOvEN9afAK/sGg8X1LDDKLYECQQDt4OvwNdZxMaLo
+rtAleu8MDka5rXqoocrZQWZp4nixbkzRiKR3YNVxSNXOd4kVIon+YjTKdkVNMG3d
+tkJYiDqFAkEA2Cuh0HosgflBUTz7ep2T3NAuzUrOd5yGO3B1oXrzGM6m9AalP8e8
+tD2kmSrj7akRqKEAKEa9af5Ysw52ntZ+GQJBAL5a6vNCYeQa8F565Z3Yjkp7ciVL
+qYggUI8iQq4gyKxTs61JRzMwjh0lR9L83PnItdyXAd+yXSqzwndVTipCeXECQAT+
+bQyN5f1SrsmbqQuaHFJblNk1QzPML+WroWwLlRYboAu/I44npRpc2jKXpRBWeYv1
+vDUx/So3sADi8qaUufECQE3cC815swdJZUYM0VrqsPHo1D50xrxWg2yxNAsB4EKe
+3HtXhk/wCM6b30mSiBt3Yh5TxEWe2yrBXWWi3Q09Qb0=
+-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/ta8_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDaXoXgFxQ1wej0tpcV0fXDNiZXhVwM6I7XKxBmsmGSo9+kT2FS
+QZw7Lw68vZKb4kzsaDR2LIZU5YuerC9+TwdS7H9RMe2elO1+FdpP+2XQB4XCYGnO
+rHRyikUx5Gw+XgW80y83VhTCLnh4a5MU5WEIIu9N+bsbHzEJEnqt5c8YWwIDAQAB
+AoGBAKkGkUmrk5Eoz1DcJIZXRowb1gHY0C+Ns0MJqmBTowMGpY1hhEtPTcbh3d5q
+Ppk6yaAT6MewHyqHo1LmpLx4H4m6OIfBsO/X7HDs3EWrAksSagjvsgJU+rdwKf30
+odr1hDeO5ngT6KEiBLiUMw6Fb4spxzOw7svGd9pBTseKBw2BAkEA8aMEW4vslpfD
+f5NsazVwZTCi2kVW+XOg7Gdf1ou1WDAajo4kK/KLKoBesDf2i7oxu4nBiXVIx/31
+ZZdTzAi2swJBAOdZcaVJGdOPIkGXGH6q6a7nIeWwRCYo2IF6Ra/kQGV6+QMdd3o6
+flb8NJMgfALcfTcPKjZd0b+0bPkGWbFhK7kCQQDOUZjo6eKK+u5sQd5y8+ASJqMG
+p+oJeJdRAzsrn4Kp1/j0+50bAS+ejJlM8ZvL1qGcNZVQ3xnT2Z3srndYYaBNAkBA
+T4Lh+YIuZzmUlhX/EC/JqQKpQOiQ2wXkaEL69C5ah2a1UPmnhp8cOxu6UmtmuDgu
+mA6Z8laePd+VEgjY4DQxAkEA3k9Ts4dilPVpMZn3su19okzQuXcESOW7Y4xVarel
+TGJ+UBsG/nL4v+IfwPPHaiXIamvRKJ3veW6kh2twH37RNw==
+-----END RSA PRIVATE KEY-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/keys/ta9_key.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDoq++RygVKGKKYxNiT0M6ZqV4CjV1c4/OESWunbe84dy4ywpwJ
+Hfa+bMbEscjDMnIrhIf2ur/8z1wFwk9iI34CP85sxraVhoTXl58ch3ApYmopfAaj
+txgSZwc6iarwmf7fRgCxL6owHqIe+Cs3mSG4hVNCmEq9xfm0YWAKc7wO0QIDAQAB
+AoGBAMrWyb5BbqcQHwAr69vBl7tiafCzqQcIOw3CrDWEo56IWCAshLd2BdwxHH/x
+teJmIh5KJfY1DJard8AVi/s0ke5edIjAUT/PcVtcPfqYxa4Uyb2JX29B9JWk3wa+
+oR4xXVLcYpr6BCDth1dUVGbMqkIvesH9/gpvENhytHANol8hAkEA+Et6+2mNWAsf
+JKD/uztHlebzKh3fAAEYw3Zrp8YBzDNIDlK06ackVzO5/BnwDz7aRMiQTLpPcXui
+0ibg7bjhrQJBAO/kVycQxmbfi5A6RocKlJgrfNmdvagGv3R/WBd+Mh6jXKyOdANF
+f9uA56SmfY/itkbK6D1Hkq5zOjy6z+sRbjUCQQDxyTbyWmAMq4/hMHK3lcto+yQy
+EDKXI3pE5S2CjDw16H4zjHCl02B9Fl73Ux7FCdStBI4YWZmBDf+JG9kPRWllAkEA
+keZrhyvxrxGYvVBkIq+xrlcMqQICHlZ0TPNCbY9oBjBPJffB4Vd8qtDckcxco408
+VRQFaXfFY2pbaiIoYIyKXQJAGKbTNdkyNLZEqRXkV0g5rznU2y8almz01MPanoKp
+tlLYl5S/dkDVJYXJjABul6s/BOVsuuycPxdQ40G2LB5D/w==
+-----END RSA PRIVATE KEY-----
--- a/src/tests/ro_data/signing_certs/produced/serial Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/serial Wed Apr 27 20:30:32 2011 -0700
@@ -1,1 +1,1 @@
-2A
+30
--- a/src/tests/ro_data/signing_certs/produced/ta1/ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/ta1/ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,62 +2,62 @@
Data:
Version: 3 (0x2)
Serial Number:
- de:88:28:ec:1b:64:08:9c
+ a1:49:ea:78:5a:f4:55:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta1/emailAddress=ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:38 2011 GMT
+ Not After : Jan 5 22:37:38 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta1/emailAddress=ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d6:e9:55:f5:86:01:d5:2b:dd:52:6e:82:89:dc:
- 7a:23:a2:8b:32:28:af:09:2b:37:f4:98:d9:2d:3d:
- b6:d3:58:6d:4d:f9:e5:af:40:aa:41:8e:ca:6a:11:
- 28:6e:bd:17:ee:17:5f:22:c3:15:99:65:3d:fc:b6:
- 16:bc:5a:fb:bd:a7:15:b0:ff:f6:5d:19:20:3c:f5:
- 78:54:19:75:cc:61:82:6f:bc:bb:1a:5f:c8:37:7a:
- b0:c0:5e:30:27:a1:aa:b2:87:4d:10:57:fc:2d:d6:
- 17:6d:b0:39:bd:06:b5:0f:ce:d1:00:2f:85:35:ad:
- c8:72:39:e5:2c:e4:06:2a:1b
+ 00:e0:4a:38:c6:48:13:ab:71:ab:ca:6e:6e:ce:e9:
+ fc:2c:68:cd:ee:79:f6:c2:7e:1f:19:ee:5b:75:19:
+ 3d:ba:4f:8f:a3:79:f9:5c:eb:dd:0c:30:0f:d0:77:
+ 05:0d:ff:b9:28:e4:74:1a:67:b3:ff:36:ea:26:61:
+ ec:51:25:e1:c0:cd:97:58:e0:65:8d:4c:54:bc:93:
+ 99:37:2b:f3:87:d3:b8:d7:87:15:d9:cf:1c:b6:87:
+ f4:6d:54:bd:f5:65:53:60:43:b2:04:72:79:b0:bf:
+ 71:13:11:fd:bc:45:38:14:82:d9:05:8b:fe:9f:8e:
+ 7d:d1:2c:b9:36:61:c0:0a:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 06:D0:C0:FB:C5:79:67:F9:F9:10:92:CA:81:5B:5F:92:D8:D8:9F:A6
+ 75:A9:2B:02:E8:FB:31:09:2A:F2:16:21:24:D8:B2:A5:D0:14:93:5B
X509v3 Authority Key Identifier:
- keyid:06:D0:C0:FB:C5:79:67:F9:F9:10:92:CA:81:5B:5F:92:D8:D8:9F:A6
+ keyid:75:A9:2B:02:E8:FB:31:09:2A:F2:16:21:24:D8:B2:A5:D0:14:93:5B
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta1/emailAddress=ta1
- serial:DE:88:28:EC:1B:64:08:9C
+ serial:A1:49:EA:78:5A:F4:55:8D
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- a5:e8:f1:e8:94:a3:87:7b:60:62:54:0b:7d:b6:02:16:6f:cf:
- 05:10:1e:fc:99:36:f2:a7:22:40:41:9b:a5:c2:6a:c7:2d:87:
- 6b:1d:4d:d6:9e:1c:15:20:5f:62:f2:51:b8:6a:f5:2b:75:b7:
- aa:21:aa:9c:e2:88:e0:74:ce:4e:84:a1:28:fb:24:c7:bb:6f:
- d5:e3:f6:36:57:fe:1e:ba:98:ab:82:51:fa:33:75:93:a5:bb:
- fb:8f:00:54:fd:e4:fd:00:f7:e2:84:ed:71:3e:e8:66:3a:82:
- f2:70:d6:ee:2b:d9:b9:07:50:6f:d6:86:04:5a:bf:64:07:bd:
- 2f:70
+ 82:9d:88:f6:27:64:f1:c4:9f:18:10:ac:d3:6c:81:b9:25:34:
+ f8:74:1c:83:b3:94:65:1f:25:cd:5e:a7:e4:ad:d8:b2:6e:f1:
+ 43:56:25:75:d5:db:02:d6:f2:7a:3f:12:a3:60:04:77:49:99:
+ 37:d7:af:60:ff:d7:ee:d0:df:cd:4a:fb:75:ee:05:b0:af:00:
+ da:e2:80:6e:85:81:72:75:a5:3b:01:8c:00:3f:bb:8a:21:47:
+ 0d:d4:bb:51:a5:4c:58:2a:d8:09:1f:fb:b1:e7:56:00:53:a8:
+ 25:3e:ab:3d:f6:1b:28:7d:ef:76:68:62:be:28:a9:63:44:d1:
+ 68:6a
-----BEGIN CERTIFICATE-----
-MIIDHDCCAoWgAwIBAgIJAN6IKOwbZAicMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+MIIDHDCCAoWgAwIBAgIJAKFJ6nha9FWNMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTExEjAQBgkqhkiG9w0BCQEWA3Rh
-MTAeFw0xMTAzMjEwMDQ5MjNaFw0xMzEyMTUwMDQ5MjNaMGgxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3MzhaFw0xNDAxMDUyMjM3MzhaMGgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MQwwCgYDVQQDEwN0YTExEjAQBgkqhkiG9w0BCQEWA3RhMTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1ulV9YYB1SvdUm6Cidx6I6KLMiivCSs3
-9JjZLT2201htTfnlr0CqQY7KahEobr0X7hdfIsMVmWU9/LYWvFr7vacVsP/2XRkg
-PPV4VBl1zGGCb7y7Gl/IN3qwwF4wJ6GqsodNEFf8LdYXbbA5vQa1D87RAC+FNa3I
-cjnlLOQGKhsCAwEAAaOBzTCByjAdBgNVHQ4EFgQUBtDA+8V5Z/n5EJLKgVtfktjY
-n6YwgZoGA1UdIwSBkjCBj4AUBtDA+8V5Z/n5EJLKgVtfktjYn6ahbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4Eo4xkgTq3Grym5uzun8LGjN7nn2wn4f
+Ge5bdRk9uk+Po3n5XOvdDDAP0HcFDf+5KOR0Gmez/zbqJmHsUSXhwM2XWOBljUxU
+vJOZNyvzh9O414cV2c8ctof0bVS99WVTYEOyBHJ5sL9xExH9vEU4FILZBYv+n459
+0Sy5NmHAChECAwEAAaOBzTCByjAdBgNVHQ4EFgQUdakrAuj7MQkq8hYhJNiypdAU
+k1swgZoGA1UdIwSBkjCBj4AUdakrAuj7MQkq8hYhJNiypdAUk1uhbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTExEjAQBgkqhkiG9w0BCQEW
-A3RhMYIJAN6IKOwbZAicMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
-pejx6JSjh3tgYlQLfbYCFm/PBRAe/Jk28qciQEGbpcJqxy2Hax1N1p4cFSBfYvJR
-uGr1K3W3qiGqnOKI4HTOToShKPskx7tv1eP2Nlf+HrqYq4JR+jN1k6W7+48AVP3k
-/QD34oTtcT7oZjqC8nDW7ivZuQdQb9aGBFq/ZAe9L3A=
+A3RhMYIJAKFJ6nha9FWNMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
+gp2I9idk8cSfGBCs02yBuSU0+HQcg7OUZR8lzV6n5K3Ysm7xQ1YlddXbAtbyej8S
+o2AEd0mZN9evYP/X7tDfzUr7de4FsK8A2uKAboWBcnWlOwGMAD+7iiFHDdS7UaVM
+WCrYCR/7sedWAFOoJT6rPfYbKH3vdmhiviipY0TRaGo=
-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/ta10/ta10_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,65 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 86:f1:45:12:31:c7:2b:2a
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta10, CN=localhost/emailAddress=ta10
+ Validity
+ Not Before: Apr 11 22:37:55 2011 GMT
+ Not After : Jan 5 22:37:55 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta10, CN=localhost/emailAddress=ta10
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b6:50:43:73:64:12:40:26:54:0c:f9:67:e4:6a:
+ ed:1f:18:e5:73:89:13:0f:c9:5f:6e:6e:c6:05:ad:
+ 2c:be:e4:6b:fd:c6:4f:ea:f3:6f:0d:f4:1a:34:7f:
+ 03:97:b0:a4:d1:6e:98:d2:36:fa:33:5d:51:37:de:
+ 8f:5b:3d:a0:07:52:c8:b7:71:30:71:fb:c3:a7:fa:
+ 61:f6:b4:28:be:9e:da:8b:8b:70:dd:8e:d0:a5:1a:
+ 00:70:1c:39:e1:cf:64:f8:ec:b4:83:b9:2b:67:fa:
+ 4d:ae:30:84:2f:2c:9d:6c:77:7e:09:95:43:77:6b:
+ e1:9d:2b:c9:89:d9:a9:e5:8f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ B7:F0:DB:5F:BA:CC:10:6D:A6:64:62:10:84:A5:C9:39:4C:3C:27:86
+ X509v3 Authority Key Identifier:
+ keyid:B7:F0:DB:5F:BA:CC:10:6D:A6:64:62:10:84:A5:C9:39:4C:3C:27:86
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta10/CN=localhost/emailAddress=ta10
+ serial:86:F1:45:12:31:C7:2B:2A
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 5b:6d:71:b8:4e:e3:27:06:d9:2a:47:ab:21:a3:df:94:a9:d8:
+ 62:f1:6a:97:33:cc:1c:52:55:9a:f8:ec:6d:b4:91:17:4d:2a:
+ 0e:03:b4:4b:00:83:10:8e:12:c1:05:67:56:9a:30:90:91:ad:
+ 8b:dc:0a:eb:3f:28:5d:f9:d4:87:0d:f7:3a:5a:f6:47:52:9e:
+ af:4e:21:d4:2f:b8:40:4f:7f:81:1f:93:ca:bc:e6:04:c5:18:
+ 65:5e:b1:dd:0b:3c:5e:3a:6f:48:e3:fc:b2:c8:37:8d:9f:14:
+ 1b:a7:12:79:bb:2d:b9:fc:7a:01:ef:66:c6:d4:c2:44:01:49:
+ 23:a9
+-----BEGIN CERTIFICATE-----
+MIIDYDCCAsmgAwIBAgIJAIbxRRIxxysqMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQ0wCwYDVQQLEwR0YTEwMRIwEAYDVQQDEwlsb2NhbGhv
+c3QxEzARBgkqhkiG9w0BCQEWBHRhMTAwHhcNMTEwNDExMjIzNzU1WhcNMTQwMTA1
+MjIzNzU1WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEG
+A1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTENMAsGA1UECxMEdGExMDES
+MBAGA1UEAxMJbG9jYWxob3N0MRMwEQYJKoZIhvcNAQkBFgR0YTEwMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC2UENzZBJAJlQM+Wfkau0fGOVziRMPyV9ubsYF
+rSy+5Gv9xk/q828N9Bo0fwOXsKTRbpjSNvozXVE33o9bPaAHUsi3cTBx+8On+mH2
+tCi+ntqLi3DdjtClGgBwHDnhz2T47LSDuStn+k2uMIQvLJ1sd34JlUN3a+GdK8mJ
+2anljwIDAQABo4HlMIHiMB0GA1UdDgQWBBS38NtfuswQbaZkYhCEpck5TDwnhjCB
+sgYDVR0jBIGqMIGngBS38NtfuswQbaZkYhCEpck5TDwnhqGBg6SBgDB+MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFy
+azENMAsGA1UEChMEcGtnNTENMAsGA1UECxMEdGExMDESMBAGA1UEAxMJbG9jYWxo
+b3N0MRMwEQYJKoZIhvcNAQkBFgR0YTEwggkAhvFFEjHHKyowDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOBgQBbbXG4TuMnBtkqR6sho9+Uqdhi8WqXM8wcUlWa
++OxttJEXTSoOA7RLAIMQjhLBBWdWmjCQka2L3ArrPyhd+dSHDfc6WvZHUp6vTiHU
+L7hAT3+BH5PKvOYExRhlXrHdCzxeOm9I4/yyyDeNnxQbpxJ5uy25/HoB72bG1MJE
+AUkjqQ==
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/ta11/ta11_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,65 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d7:f1:84:58:4b:42:ce:33
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta11, CN=localhost/emailAddress=ta11
+ Validity
+ Not Before: Apr 11 22:37:55 2011 GMT
+ Not After : Jan 5 22:37:55 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta11, CN=localhost/emailAddress=ta11
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a3:c5:d4:23:f8:e8:a4:02:1f:38:cd:53:dc:7c:
+ e8:3c:49:bd:14:c1:c7:a2:b7:00:7a:d2:d1:c8:01:
+ 7c:9b:f7:78:50:95:07:69:90:a0:7a:25:0f:55:55:
+ f7:b2:33:ae:ae:66:64:5c:4c:86:66:e0:28:e2:63:
+ 8c:11:5f:ee:a4:af:77:86:c2:c0:18:0d:24:18:5f:
+ 26:ff:67:cc:f4:f9:7d:0c:e7:d7:0c:01:e8:85:57:
+ f4:a8:d8:2c:f1:ec:2f:c7:8c:34:d4:3d:d3:1b:5c:
+ 2d:44:bd:d1:a6:35:d2:21:36:f9:31:ac:24:cb:ec:
+ 7b:70:c8:10:97:c8:8e:37:19
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ CE:A0:CF:69:A4:17:A0:54:BE:C3:CB:28:70:86:6A:BD:3B:DE:E4:CC
+ X509v3 Authority Key Identifier:
+ keyid:CE:A0:CF:69:A4:17:A0:54:BE:C3:CB:28:70:86:6A:BD:3B:DE:E4:CC
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta11/CN=localhost/emailAddress=ta11
+ serial:D7:F1:84:58:4B:42:CE:33
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 89:34:9b:f9:55:53:63:83:82:0e:d0:f1:e5:0c:e3:4e:4b:2f:
+ 54:20:2b:70:00:56:08:b4:18:88:59:e2:66:3e:5c:b6:0a:74:
+ 16:bc:43:61:35:1e:df:e5:f6:f6:7e:de:87:18:61:b7:70:b0:
+ 93:e8:5a:19:1d:01:a7:43:ca:38:ea:d2:e2:75:0e:3e:d2:b5:
+ 91:57:1e:30:29:aa:2a:26:53:1b:9e:56:ad:61:41:3c:04:bb:
+ a5:af:da:75:63:5e:bb:31:21:f9:4c:dc:d0:c2:4c:90:07:45:
+ ed:32:0d:c0:c8:e9:6f:72:b5:ae:19:f2:88:9e:50:5c:5a:34:
+ 47:a9
+-----BEGIN CERTIFICATE-----
+MIIDYDCCAsmgAwIBAgIJANfxhFhLQs4zMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQ0wCwYDVQQLEwR0YTExMRIwEAYDVQQDEwlsb2NhbGhv
+c3QxEzARBgkqhkiG9w0BCQEWBHRhMTEwHhcNMTEwNDExMjIzNzU1WhcNMTQwMTA1
+MjIzNzU1WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEG
+A1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTENMAsGA1UECxMEdGExMTES
+MBAGA1UEAxMJbG9jYWxob3N0MRMwEQYJKoZIhvcNAQkBFgR0YTExMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQCjxdQj+OikAh84zVPcfOg8Sb0UwceitwB60tHI
+AXyb93hQlQdpkKB6JQ9VVfeyM66uZmRcTIZm4CjiY4wRX+6kr3eGwsAYDSQYXyb/
+Z8z0+X0M59cMAeiFV/So2Czx7C/HjDTUPdMbXC1EvdGmNdIhNvkxrCTL7HtwyBCX
+yI43GQIDAQABo4HlMIHiMB0GA1UdDgQWBBTOoM9ppBegVL7Dyyhwhmq9O97kzDCB
+sgYDVR0jBIGqMIGngBTOoM9ppBegVL7Dyyhwhmq9O97kzKGBg6SBgDB+MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFy
+azENMAsGA1UEChMEcGtnNTENMAsGA1UECxMEdGExMTESMBAGA1UEAxMJbG9jYWxo
+b3N0MRMwEQYJKoZIhvcNAQkBFgR0YTExggkA1/GEWEtCzjMwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOBgQCJNJv5VVNjg4IO0PHlDONOSy9UICtwAFYItBiI
+WeJmPly2CnQWvENhNR7f5fb2ft6HGGG3cLCT6FoZHQGnQ8o46tLidQ4+0rWRVx4w
+KaoqJlMbnlatYUE8BLulr9p1Y167MSH5TNzQwkyQB0XtMg3AyOlvcrWuGfKInlBc
+WjRHqQ==
+-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/ta2/ta2_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/ta2/ta2_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,62 +2,62 @@
Data:
Version: 3 (0x2)
Serial Number:
- a8:5c:e8:7d:2f:86:1f:3c
+ e4:2c:84:25:53:01:eb:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta2/emailAddress=ta2
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:43 2011 GMT
+ Not After : Jan 5 22:37:43 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta2/emailAddress=ta2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:a4:44:fb:94:e4:92:ab:2c:c0:22:a1:ed:7d:4c:
- de:52:91:a6:70:e4:89:75:55:a4:01:ef:66:63:b4:
- fe:69:ac:b7:83:e6:43:5f:90:44:f6:cc:66:21:69:
- be:d3:06:3d:82:2d:dc:6d:f1:d2:6d:e3:b0:32:d6:
- 32:e7:b3:d6:39:76:13:1a:14:f5:1c:a0:cc:8d:b0:
- 7a:b5:63:b3:10:b9:37:cc:34:ee:18:b1:35:59:86:
- 96:1c:d4:b4:1a:71:25:e7:aa:ca:56:57:d5:ea:8a:
- b6:4a:fc:d8:d6:96:54:5c:da:c4:b3:3d:f9:25:e5:
- e5:bd:bc:8e:47:bf:e9:c7:fd
+ 00:e3:75:e1:44:6d:68:b1:dc:64:6b:a3:06:0a:3b:
+ 91:ad:10:ce:45:99:f3:ea:32:3c:92:bc:b1:85:d5:
+ c5:62:a6:fd:3e:33:64:fb:84:6e:09:e1:c6:76:34:
+ 43:63:7f:7b:93:bc:6c:0e:31:58:b0:c0:c8:c7:b4:
+ 6e:aa:db:40:86:67:b0:2c:79:82:fb:31:1f:71:6c:
+ 10:a4:b9:0b:dd:d8:78:e4:b3:a3:af:de:c6:0f:21:
+ fd:5c:e6:01:b6:87:82:9b:04:16:6e:42:a5:57:39:
+ fe:85:e3:57:58:cd:fe:90:c7:d3:35:7d:91:13:bf:
+ 05:f2:21:ac:42:e7:0f:e4:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- FF:24:E8:06:21:CA:81:14:44:D5:85:07:EF:FB:A2:E7:C0:72:E3:AF
+ 41:D6:E0:DA:6C:87:A3:44:65:CC:AB:12:C8:6C:0C:72:3A:39:90:2E
X509v3 Authority Key Identifier:
- keyid:FF:24:E8:06:21:CA:81:14:44:D5:85:07:EF:FB:A2:E7:C0:72:E3:AF
+ keyid:41:D6:E0:DA:6C:87:A3:44:65:CC:AB:12:C8:6C:0C:72:3A:39:90:2E
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta2/emailAddress=ta2
- serial:A8:5C:E8:7D:2F:86:1F:3C
+ serial:E4:2C:84:25:53:01:EB:E0
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- 24:2b:df:0f:66:4c:23:88:18:45:08:26:65:c1:65:6b:d8:0d:
- 74:c8:2a:c6:6c:77:60:f2:41:1a:8f:23:42:5a:5b:53:5d:33:
- fe:07:41:13:a9:a2:c4:62:22:08:13:30:57:60:fe:f5:55:ca:
- 09:59:0d:b1:f9:27:49:a5:7d:2b:6d:52:f8:0e:1e:4f:04:27:
- 6e:c4:98:31:b5:db:c2:c5:c3:09:29:28:d3:01:c7:5d:4a:a1:
- 92:27:3d:2c:ef:94:ac:19:94:ff:24:5b:18:85:7d:a8:f9:8d:
- b1:1f:46:a1:d6:30:4b:0d:d1:a3:0f:05:82:ae:4c:e2:53:b3:
- de:1b
+ b1:c5:14:e7:5f:ca:f0:de:3b:c5:f6:10:7c:5c:8a:63:a1:f6:
+ 07:4b:9d:9f:53:a9:c8:5c:d7:01:d1:df:6c:20:5c:f5:13:a2:
+ bc:5a:65:4a:b2:f9:25:7a:28:1b:4a:03:14:d5:e9:df:36:58:
+ e9:2e:d1:48:f9:89:7f:2c:04:a5:80:01:38:b5:b9:68:01:f8:
+ 78:65:38:af:33:2f:fa:17:61:e4:fd:73:f8:a4:f7:b5:f5:f5:
+ d6:b9:94:3a:32:70:37:b1:e8:58:84:58:92:6c:6a:57:da:84:
+ a5:f5:a9:7e:c1:10:6d:54:fb:82:f9:59:8a:6b:23:5d:33:3a:
+ 97:2d
-----BEGIN CERTIFICATE-----
-MIIDHDCCAoWgAwIBAgIJAKhc6H0vhh88MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+MIIDHDCCAoWgAwIBAgIJAOQshCVTAevgMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTIxEjAQBgkqhkiG9w0BCQEWA3Rh
-MjAeFw0xMTAzMjEwMDQ5MjZaFw0xMzEyMTUwMDQ5MjZaMGgxCzAJBgNVBAYTAlVT
+MjAeFw0xMTA0MTEyMjM3NDNaFw0xNDAxMDUyMjM3NDNaMGgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MQwwCgYDVQQDEwN0YTIxEjAQBgkqhkiG9w0BCQEWA3RhMjCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApET7lOSSqyzAIqHtfUzeUpGmcOSJdVWk
-Ae9mY7T+aay3g+ZDX5BE9sxmIWm+0wY9gi3cbfHSbeOwMtYy57PWOXYTGhT1HKDM
-jbB6tWOzELk3zDTuGLE1WYaWHNS0GnEl56rKVlfV6oq2SvzY1pZUXNrEsz35JeXl
-vbyOR7/px/0CAwEAAaOBzTCByjAdBgNVHQ4EFgQU/yToBiHKgRRE1YUH7/ui58By
-468wgZoGA1UdIwSBkjCBj4AU/yToBiHKgRRE1YUH7/ui58By46+hbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA43XhRG1osdxka6MGCjuRrRDORZnz6jI8
+kryxhdXFYqb9PjNk+4RuCeHGdjRDY397k7xsDjFYsMDIx7RuqttAhmewLHmC+zEf
+cWwQpLkL3dh45LOjr97GDyH9XOYBtoeCmwQWbkKlVzn+heNXWM3+kMfTNX2RE78F
+8iGsQucP5OMCAwEAAaOBzTCByjAdBgNVHQ4EFgQUQdbg2myHo0RlzKsSyGwMcjo5
+kC4wgZoGA1UdIwSBkjCBj4AUQdbg2myHo0RlzKsSyGwMcjo5kC6hbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTIxEjAQBgkqhkiG9w0BCQEW
-A3RhMoIJAKhc6H0vhh88MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
-JCvfD2ZMI4gYRQgmZcFla9gNdMgqxmx3YPJBGo8jQlpbU10z/gdBE6mixGIiCBMw
-V2D+9VXKCVkNsfknSaV9K21S+A4eTwQnbsSYMbXbwsXDCSko0wHHXUqhkic9LO+U
-rBmU/yRbGIV9qPmNsR9GodYwSw3Row8Fgq5M4lOz3hs=
+A3RhMoIJAOQshCVTAevgMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
+scUU51/K8N47xfYQfFyKY6H2B0udn1OpyFzXAdHfbCBc9ROivFplSrL5JXooG0oD
+FNXp3zZY6S7RSPmJfywEpYABOLW5aAH4eGU4rzMv+hdh5P1z+KT3tfX11rmUOjJw
+N7HoWIRYkmxqV9qEpfWpfsEQbVT7gvlZimsjXTM6ly0=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/ta3/ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/ta3/ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,62 +2,62 @@
Data:
Version: 3 (0x2)
Serial Number:
- ee:77:7e:6a:c1:1e:57:ed
+ f4:58:54:6a:83:22:66:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta3/emailAddress=ta3
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:43 2011 GMT
+ Not After : Jan 5 22:37:43 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta3/emailAddress=ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d8:90:38:43:d3:79:4c:01:69:dc:78:b0:e5:8c:
- 1c:90:85:72:d5:30:6a:03:2d:a8:e4:6a:ad:27:c4:
- 59:e8:8c:a6:51:79:62:ff:18:26:87:e7:29:68:2e:
- 3d:20:b1:78:40:56:c0:82:04:2a:4a:37:e1:38:9f:
- 0a:ce:0d:c6:ad:e7:8c:b1:8e:25:61:a1:72:09:98:
- 2c:a5:a4:bb:56:61:87:f0:2e:12:8d:da:8b:68:e1:
- 39:9a:c8:2f:aa:dc:c9:84:ff:1b:eb:ce:29:82:55:
- b3:4c:c9:98:fd:d8:7c:13:ea:c0:d5:72:17:7e:92:
- 0b:f4:d4:71:a0:22:fa:c5:f7
+ 00:d0:b0:e7:c0:27:96:d6:ff:16:89:f4:4c:67:d5:
+ 23:57:a6:af:fe:f3:be:d9:1e:28:44:a6:a3:0e:67:
+ 09:1f:b2:fc:70:fd:2c:4a:9c:13:a0:cf:37:97:2c:
+ 39:7c:42:a4:f7:64:7e:be:49:67:05:01:b3:f7:46:
+ 34:9b:d8:bd:4b:ac:d6:40:96:5a:6d:a0:33:ae:03:
+ 33:22:7d:06:39:6e:0a:5e:39:3f:e6:eb:c7:f9:e3:
+ 1a:a7:dd:16:14:6d:8e:b7:84:d9:af:b7:43:db:5d:
+ 0f:2b:e8:3d:fe:66:d7:9e:3a:06:a1:9f:c3:35:81:
+ d4:cd:bc:16:3c:a2:c1:dd:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ 7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
X509v3 Authority Key Identifier:
- keyid:E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ keyid:7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta3/emailAddress=ta3
- serial:EE:77:7E:6A:C1:1E:57:ED
+ serial:F4:58:54:6A:83:22:66:E9
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- 63:77:35:62:c5:a1:23:fb:3b:7f:05:54:98:94:b8:52:15:20:
- 56:e0:55:44:90:e0:bc:3c:f4:de:ad:f9:17:36:1e:c5:7a:0f:
- ac:b1:17:44:27:cd:cf:a0:d4:5a:a8:68:ca:22:04:8a:ac:9e:
- ae:fc:e4:8a:71:4b:2a:33:86:9e:6b:63:73:97:9c:8d:76:88:
- 08:87:31:cc:21:c5:c9:fb:db:c1:cd:64:b3:f5:09:cc:14:48:
- d6:38:0b:15:2e:d0:ca:d2:3c:d7:36:14:db:74:7c:7a:38:db:
- 2a:2c:50:ec:08:d4:f9:9b:24:3c:69:f1:a9:c1:46:6b:7b:84:
- aa:36
+ 26:1b:34:03:12:d5:13:94:0f:f8:57:6a:47:d8:d9:81:78:0b:
+ 65:f1:51:b7:4e:b2:89:c2:6a:30:5d:37:ad:35:91:16:48:5f:
+ 9b:b9:cd:30:1e:0e:f3:31:1e:7a:4e:72:13:c6:e4:66:0a:a9:
+ a4:66:5d:f6:fe:21:51:0f:ab:fd:d7:9d:5d:13:86:07:df:1d:
+ 9d:d8:19:ce:6d:e9:7e:7a:19:06:20:07:cc:d1:a3:c2:04:28:
+ b8:9b:41:23:65:92:47:86:ee:ac:a5:7f:b7:2c:92:67:87:83:
+ 5b:04:d0:e5:5d:3c:4c:a1:51:e0:9c:02:9a:d5:35:b4:7b:e0:
+ e4:c3
-----BEGIN CERTIFICATE-----
-MIIDHDCCAoWgAwIBAgIJAO53fmrBHlftMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+MIIDHDCCAoWgAwIBAgIJAPRYVGqDImbpMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTMxEjAQBgkqhkiG9w0BCQEWA3Rh
-MzAeFw0xMTAzMjEwMDQ5MjZaFw0xMzEyMTUwMDQ5MjZaMGgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDNaFw0xNDAxMDUyMjM3NDNaMGgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MQwwCgYDVQQDEwN0YTMxEjAQBgkqhkiG9w0BCQEWA3RhMzCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2JA4Q9N5TAFp3Hiw5YwckIVy1TBqAy2o
-5GqtJ8RZ6IymUXli/xgmh+cpaC49ILF4QFbAggQqSjfhOJ8Kzg3GreeMsY4lYaFy
-CZgspaS7VmGH8C4SjdqLaOE5msgvqtzJhP8b684pglWzTMmY/dh8E+rA1XIXfpIL
-9NRxoCL6xfcCAwEAAaOBzTCByjAdBgNVHQ4EFgQU4p6hi9fTsPHD6XekSV1qTqtz
-rF0wgZoGA1UdIwSBkjCBj4AU4p6hi9fTsPHD6XekSV1qTqtzrF2hbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LDnwCeW1v8WifRMZ9UjV6av/vO+2R4o
+RKajDmcJH7L8cP0sSpwToM83lyw5fEKk92R+vklnBQGz90Y0m9i9S6zWQJZabaAz
+rgMzIn0GOW4KXjk/5uvH+eMap90WFG2Ot4TZr7dD210PK+g9/mbXnjoGoZ/DNYHU
+zbwWPKLB3YkCAwEAAaOBzTCByjAdBgNVHQ4EFgQUevZRen+bqzc9TpMDkG1qhAl8
+Ot0wgZoGA1UdIwSBkjCBj4AUevZRen+bqzc9TpMDkG1qhAl8Ot2hbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTMxEjAQBgkqhkiG9w0BCQEW
-A3RhM4IJAO53fmrBHlftMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
-Y3c1YsWhI/s7fwVUmJS4UhUgVuBVRJDgvDz03q35FzYexXoPrLEXRCfNz6DUWqho
-yiIEiqyervzkinFLKjOGnmtjc5ecjXaICIcxzCHFyfvbwc1ks/UJzBRI1jgLFS7Q
-ytI81zYU23R8ejjbKixQ7AjU+ZskPGnxqcFGa3uEqjY=
+A3RhM4IJAPRYVGqDImbpMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
+Jhs0AxLVE5QP+FdqR9jZgXgLZfFRt06yicJqMF03rTWRFkhfm7nNMB4O8zEeek5y
+E8bkZgqppGZd9v4hUQ+r/dedXROGB98dndgZzm3pfnoZBiAHzNGjwgQouJtBI2WS
+R4burKV/tyySZ4eDWwTQ5V08TKFR4JwCmtU1tHvg5MM=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/ta4/ta4_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/ta4/ta4_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,62 +2,62 @@
Data:
Version: 3 (0x2)
Serial Number:
- c5:19:14:97:e3:27:2e:9b
+ ba:06:fd:ec:89:18:b5:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta4/emailAddress=ta4
Validity
- Not Before: Mar 21 00:49:31 2011 GMT
- Not After : Dec 15 00:49:31 2013 GMT
+ Not Before: Apr 11 22:37:49 2011 GMT
+ Not After : Jan 5 22:37:49 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta4/emailAddress=ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b1:4b:88:95:b3:1e:8c:08:95:21:43:4e:19:f6:
- c1:e0:4a:68:49:d8:28:48:ba:20:22:2d:ab:d8:62:
- 15:d5:4e:21:bd:c0:af:00:d0:09:4a:da:3b:00:2d:
- 13:0c:6e:e1:3d:37:00:f5:09:5d:cd:69:81:4e:2b:
- 3d:38:8c:f0:64:66:0e:a0:d6:68:b1:27:57:3e:01:
- c3:27:2a:c1:a8:35:b2:54:a7:4e:17:3d:83:85:43:
- 6d:f8:07:ba:3b:40:05:b5:c3:9b:a7:66:f5:5f:a5:
- f8:b0:5f:3d:3d:97:25:4c:4f:89:63:51:7d:4a:be:
- 48:1a:1c:71:a3:fa:6a:87:13
+ 00:cf:c0:25:a7:fa:df:a4:e4:02:33:84:4d:a0:3f:
+ 4e:09:c4:ae:0a:58:d3:45:15:d3:5e:94:56:5a:b5:
+ da:3e:27:68:66:3d:b1:83:14:bc:13:94:f3:a8:38:
+ 9c:e8:9a:46:4e:06:78:0d:29:95:69:a0:2c:12:19:
+ 3b:6b:a6:3d:46:eb:56:8a:f7:85:2d:d9:9c:f0:30:
+ 6b:0a:03:8d:ae:d8:cf:9e:df:c9:a5:d7:d3:b1:ab:
+ 13:74:e8:1e:a2:be:31:3f:17:78:22:4c:83:8b:24:
+ ef:4f:5d:c4:6e:26:f8:b0:d9:2b:ad:9e:b0:c4:fc:
+ c2:00:10:99:e9:39:17:68:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 0A:1C:BA:A6:5B:C6:83:32:60:E5:9B:00:85:37:74:D1:8D:30:BA:8A
+ 3E:5F:64:E9:63:CB:9C:10:D0:91:F4:45:61:F2:F1:EA:42:69:EC:A5
X509v3 Authority Key Identifier:
- keyid:0A:1C:BA:A6:5B:C6:83:32:60:E5:9B:00:85:37:74:D1:8D:30:BA:8A
+ keyid:3E:5F:64:E9:63:CB:9C:10:D0:91:F4:45:61:F2:F1:EA:42:69:EC:A5
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta4/emailAddress=ta4
- serial:C5:19:14:97:E3:27:2E:9B
+ serial:BA:06:FD:EC:89:18:B5:7F
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- 64:93:80:7e:ae:43:e2:e6:96:07:67:cf:34:c3:ef:cc:69:1c:
- 52:41:fb:ec:11:dc:f6:fe:88:e4:8e:3b:90:97:d5:e5:6e:b6:
- b7:8e:0b:40:3b:84:5b:36:73:e4:ce:39:8e:e7:7e:db:dc:cd:
- 0f:97:1c:bb:2a:31:56:28:6b:87:50:72:be:5f:47:68:4e:a1:
- 38:7e:bc:c6:11:4c:2e:46:e3:94:a1:04:a5:15:70:af:2f:a9:
- 8f:b3:26:be:c1:35:15:b2:fd:94:f1:5d:a7:06:4f:2d:37:c8:
- 47:eb:db:cb:a4:69:05:98:fb:5a:1a:d3:03:17:e2:90:54:5a:
- 7d:1d
+ c2:01:c5:40:3c:24:aa:8a:f3:be:31:f8:82:12:df:b8:e7:b4:
+ 92:b1:95:79:d4:f7:db:2a:81:a2:f6:5f:3a:1d:b1:e2:a1:bd:
+ f1:50:75:cc:d6:f7:ab:26:d6:eb:a8:c6:f8:44:25:53:94:ce:
+ 6e:a4:6e:4f:40:c2:13:00:b7:cb:b1:82:99:e9:1f:68:54:d0:
+ 69:ba:02:5f:07:be:c2:f8:e3:2c:40:73:61:c2:c3:ad:4c:91:
+ f0:ba:0a:61:df:95:d6:fc:d3:19:e3:98:8e:58:73:03:6f:04:
+ 9e:b6:f7:8c:3c:1e:60:43:27:96:6d:f5:e7:31:43:bb:22:da:
+ 07:9c
-----BEGIN CERTIFICATE-----
-MIIDHDCCAoWgAwIBAgIJAMUZFJfjJy6bMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+MIIDHDCCAoWgAwIBAgIJALoG/eyJGLV/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTQxEjAQBgkqhkiG9w0BCQEWA3Rh
-NDAeFw0xMTAzMjEwMDQ5MzFaFw0xMzEyMTUwMDQ5MzFaMGgxCzAJBgNVBAYTAlVT
+NDAeFw0xMTA0MTEyMjM3NDlaFw0xNDAxMDUyMjM3NDlaMGgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MQwwCgYDVQQDEwN0YTQxEjAQBgkqhkiG9w0BCQEWA3RhNDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsUuIlbMejAiVIUNOGfbB4EpoSdgoSLog
-Ii2r2GIV1U4hvcCvANAJSto7AC0TDG7hPTcA9QldzWmBTis9OIzwZGYOoNZosSdX
-PgHDJyrBqDWyVKdOFz2DhUNt+Ae6O0AFtcObp2b1X6X4sF89PZclTE+JY1F9Sr5I
-Ghxxo/pqhxMCAwEAAaOBzTCByjAdBgNVHQ4EFgQUChy6plvGgzJg5ZsAhTd00Y0w
-uoowgZoGA1UdIwSBkjCBj4AUChy6plvGgzJg5ZsAhTd00Y0wuoqhbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz8Alp/rfpOQCM4RNoD9OCcSuCljTRRXT
+XpRWWrXaPidoZj2xgxS8E5TzqDic6JpGTgZ4DSmVaaAsEhk7a6Y9RutWiveFLdmc
+8DBrCgONrtjPnt/JpdfTsasTdOgeor4xPxd4IkyDiyTvT13Ebib4sNkrrZ6wxPzC
+ABCZ6TkXaAUCAwEAAaOBzTCByjAdBgNVHQ4EFgQUPl9k6WPLnBDQkfRFYfLx6kJp
+7KUwgZoGA1UdIwSBkjCBj4AUPl9k6WPLnBDQkfRFYfLx6kJp7KWhbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTQxEjAQBgkqhkiG9w0BCQEW
-A3RhNIIJAMUZFJfjJy6bMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
-ZJOAfq5D4uaWB2fPNMPvzGkcUkH77BHc9v6I5I47kJfV5W62t44LQDuEWzZz5M45
-jud+29zND5ccuyoxVihrh1Byvl9HaE6hOH68xhFMLkbjlKEEpRVwry+pj7MmvsE1
-FbL9lPFdpwZPLTfIR+vby6RpBZj7WhrTAxfikFRafR0=
+A3RhNIIJALoG/eyJGLV/MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
+wgHFQDwkqorzvjH4ghLfuOe0krGVedT32yqBovZfOh2x4qG98VB1zNb3qybW66jG
++EQlU5TObqRuT0DCEwC3y7GCmekfaFTQaboCXwe+wvjjLEBzYcLDrUyR8LoKYd+V
+1vzTGeOYjlhzA28Enrb3jDweYEMnlm315zFDuyLaB5w=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/ta5/ta5_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/ta5/ta5_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,62 +2,62 @@
Data:
Version: 3 (0x2)
Serial Number:
- ec:86:c3:65:f9:7f:14:08
+ 9c:19:39:11:06:1a:55:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta5/emailAddress=ta5
Validity
- Not Before: Mar 21 00:49:34 2011 GMT
- Not After : Dec 15 00:49:34 2013 GMT
+ Not Before: Apr 11 22:37:52 2011 GMT
+ Not After : Jan 5 22:37:52 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta5/emailAddress=ta5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:cc:27:b4:c2:c1:88:36:eb:9d:c4:02:79:04:8d:
- 8e:3d:84:72:32:92:7d:77:5e:87:a7:1b:19:7d:09:
- 3e:ff:83:de:de:64:9b:03:c4:95:64:a3:16:ef:b6:
- 33:2b:d7:28:3f:70:8d:81:c3:03:af:4e:04:de:e8:
- 86:51:82:75:81:4e:1f:97:e1:53:76:58:27:61:f2:
- 0c:2f:2e:ba:d2:b7:f5:6a:b1:66:87:81:2c:78:cf:
- 8c:74:92:2c:2e:bd:8d:ee:68:ec:92:e3:0d:73:1b:
- 82:27:3e:44:67:97:1c:42:46:20:65:89:61:ae:1b:
- 07:1f:20:60:3c:c2:16:27:0f
+ 00:c4:65:70:7a:0e:03:ae:85:f3:d6:03:6f:f9:a2:
+ af:4e:ae:cd:d4:99:b6:6d:14:a4:12:62:54:1f:8b:
+ c6:d3:8c:e8:7e:85:82:a5:f5:c9:03:66:f6:dd:48:
+ 58:5a:7a:20:c6:1d:7b:47:78:52:64:3f:0a:67:d0:
+ cc:03:aa:2b:00:b5:89:7b:b1:50:fb:79:e1:d5:32:
+ 8c:c3:49:df:ba:2a:21:43:cb:c5:39:39:12:bd:3a:
+ ba:7b:29:f2:48:32:37:84:c6:af:66:db:a2:a4:00:
+ ec:40:08:c1:a8:36:0c:b6:48:c6:39:b1:fd:be:e2:
+ 60:a4:3d:c6:b6:b1:a8:be:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 8A:83:E9:51:D7:32:B4:6F:3B:85:AF:1A:11:94:5C:B6:21:E5:5D:0F
+ E7:E6:72:5B:A0:5F:2C:A6:40:45:1A:66:E4:45:A5:0F:1D:67:5D:93
X509v3 Authority Key Identifier:
- keyid:8A:83:E9:51:D7:32:B4:6F:3B:85:AF:1A:11:94:5C:B6:21:E5:5D:0F
+ keyid:E7:E6:72:5B:A0:5F:2C:A6:40:45:1A:66:E4:45:A5:0F:1D:67:5D:93
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta5/emailAddress=ta5
- serial:EC:86:C3:65:F9:7F:14:08
+ serial:9C:19:39:11:06:1A:55:91
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- 32:f3:a4:fc:a0:a8:a7:64:a5:6a:6d:63:f0:ee:95:2f:2c:93:
- f8:70:c8:d6:f7:ae:98:3a:c8:9b:bd:69:fa:26:87:f5:bd:1e:
- 28:80:0b:03:13:33:87:99:33:52:2e:1a:0a:78:be:e5:0a:7a:
- 1d:a0:44:1c:1c:7e:93:2e:dc:e6:f5:66:79:27:58:2f:ad:03:
- d4:12:78:fa:d8:d7:f2:25:45:88:cf:ee:2a:c4:8a:f0:f3:8c:
- 18:56:eb:4b:d5:58:53:77:24:53:7b:cd:75:fe:8c:1c:e0:d3:
- 09:6e:e6:be:43:5c:b1:e5:71:58:65:4d:78:6d:01:bd:68:6c:
- 72:64
+ 89:2d:87:d4:a5:2a:63:ce:4d:12:6f:ca:94:d3:e9:ac:3e:93:
+ 30:f3:1a:20:05:9d:8c:72:7c:70:ea:00:c9:b6:39:d8:5a:d1:
+ 87:1e:57:8f:2f:61:f1:ec:a8:f2:b9:2b:03:d5:0c:07:e4:f5:
+ 01:8d:00:95:fd:9c:12:d0:86:3f:8d:cf:3a:5b:ae:2d:a2:6f:
+ 2d:ee:a6:10:6f:f0:d0:5f:dd:78:02:3e:1f:0d:f3:ae:a2:fa:
+ c5:9d:96:ae:31:a8:a3:ba:a4:78:a8:ec:db:e7:61:de:d3:5c:
+ c4:c2:4d:5c:b4:cb:f8:27:6e:53:06:11:e0:e7:aa:41:7f:bd:
+ 9a:8a
-----BEGIN CERTIFICATE-----
-MIIDHDCCAoWgAwIBAgIJAOyGw2X5fxQIMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+MIIDHDCCAoWgAwIBAgIJAJwZOREGGlWRMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTUxEjAQBgkqhkiG9w0BCQEWA3Rh
-NTAeFw0xMTAzMjEwMDQ5MzRaFw0xMzEyMTUwMDQ5MzRaMGgxCzAJBgNVBAYTAlVT
+NTAeFw0xMTA0MTEyMjM3NTJaFw0xNDAxMDUyMjM3NTJaMGgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MQwwCgYDVQQDEwN0YTUxEjAQBgkqhkiG9w0BCQEWA3RhNTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzCe0wsGINuudxAJ5BI2OPYRyMpJ9d16H
-pxsZfQk+/4Pe3mSbA8SVZKMW77YzK9coP3CNgcMDr04E3uiGUYJ1gU4fl+FTdlgn
-YfIMLy660rf1arFmh4EseM+MdJIsLr2N7mjskuMNcxuCJz5EZ5ccQkYgZYlhrhsH
-HyBgPMIWJw8CAwEAAaOBzTCByjAdBgNVHQ4EFgQUioPpUdcytG87ha8aEZRctiHl
-XQ8wgZoGA1UdIwSBkjCBj4AUioPpUdcytG87ha8aEZRctiHlXQ+hbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxGVweg4DroXz1gNv+aKvTq7N1Jm2bRSk
+EmJUH4vG04zofoWCpfXJA2b23UhYWnogxh17R3hSZD8KZ9DMA6orALWJe7FQ+3nh
+1TKMw0nfuiohQ8vFOTkSvTq6eynySDI3hMavZtuipADsQAjBqDYMtkjGObH9vuJg
+pD3GtrGovlUCAwEAAaOBzTCByjAdBgNVHQ4EFgQU5+ZyW6BfLKZARRpm5EWlDx1n
+XZMwgZoGA1UdIwSBkjCBj4AU5+ZyW6BfLKZARRpm5EWlDx1nXZOhbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTUxEjAQBgkqhkiG9w0BCQEW
-A3RhNYIJAOyGw2X5fxQIMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
-MvOk/KCop2Slam1j8O6VLyyT+HDI1veumDrIm71p+iaH9b0eKIALAxMzh5kzUi4a
-Cni+5Qp6HaBEHBx+ky7c5vVmeSdYL60D1BJ4+tjX8iVFiM/uKsSK8POMGFbrS9VY
-U3ckU3vNdf6MHODTCW7mvkNcseVxWGVNeG0BvWhscmQ=
+A3RhNYIJAJwZOREGGlWRMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
+iS2H1KUqY85NEm/KlNPprD6TMPMaIAWdjHJ8cOoAybY52FrRhx5Xjy9h8eyo8rkr
+A9UMB+T1AY0Alf2cEtCGP43POluuLaJvLe6mEG/w0F/deAI+Hw3zrqL6xZ2WrjGo
+o7qkeKjs2+dh3tNcxMJNXLTL+CduUwYR4OeqQX+9moo=
-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/ta6/ta6_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 93:ae:7e:2d:c9:61:8f:4b
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta6, CN=localhost/emailAddress=ta6
+ Validity
+ Not Before: Apr 11 22:37:52 2011 GMT
+ Not After : Jan 5 22:37:52 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta6, CN=localhost/emailAddress=ta6
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c5:41:a2:3d:00:af:e2:71:29:e6:18:c2:73:65:
+ fc:4a:9d:e3:f7:1a:6e:7a:f5:09:81:87:cd:cf:a9:
+ 74:a9:e4:47:da:e2:fa:bd:0e:0a:ae:ba:06:e8:1b:
+ 66:e3:8a:5e:bb:87:90:5e:d1:38:7d:12:93:72:a0:
+ 4b:88:77:dd:ce:02:67:9f:c5:be:49:cb:b7:e8:0e:
+ bd:f0:78:37:55:bb:c5:91:6e:c7:7b:9c:b3:94:a2:
+ 24:7d:09:25:74:52:22:6d:4a:34:f8:92:71:b1:e9:
+ 74:9b:8e:87:d4:2a:46:f8:fa:8f:86:5c:b5:6b:20:
+ 24:d1:37:ea:8a:87:07:e3:ad
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 0C:08:1A:2C:FA:77:26:CE:37:0F:A5:85:98:85:0F:4D:48:BA:83:B3
+ X509v3 Authority Key Identifier:
+ keyid:0C:08:1A:2C:FA:77:26:CE:37:0F:A5:85:98:85:0F:4D:48:BA:83:B3
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta6/CN=localhost/emailAddress=ta6
+ serial:93:AE:7E:2D:C9:61:8F:4B
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 10:2c:ed:b9:a4:aa:bd:9e:4d:47:dd:02:64:52:a9:7a:73:a7:
+ f3:58:45:cf:da:5c:1e:80:30:d9:10:a7:e4:79:d2:eb:85:8b:
+ 70:4c:39:df:b6:40:fb:7f:11:cd:a8:85:d6:5c:d1:2f:29:9f:
+ 8d:fa:53:bc:20:f3:c8:97:9b:11:f4:7d:39:9a:2c:a6:6e:1e:
+ a4:0d:81:e0:65:59:89:f6:a9:66:65:38:05:44:e7:47:a2:9e:
+ a2:e3:82:07:2c:cb:8e:dc:47:a2:e9:cb:01:6a:54:c1:26:14:
+ 03:e9:c3:ac:fe:98:0e:76:52:f3:5b:67:ea:26:0d:98:6d:e4:
+ 23:ac
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIJAJOufi3JYY9LMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQLEwN0YTYxEjAQBgNVBAMTCWxvY2FsaG9z
+dDESMBAGCSqGSIb3DQEJARYDdGE2MB4XDTExMDQxMTIyMzc1MloXDTE0MDEwNTIy
+Mzc1MlowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNV
+BAcTCk1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhNjESMBAG
+A1UEAxMJbG9jYWxob3N0MRIwEAYJKoZIhvcNAQkBFgN0YTYwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAMVBoj0Ar+JxKeYYwnNl/Eqd4/cabnr1CYGHzc+pdKnk
+R9ri+r0OCq66BugbZuOKXruHkF7ROH0Sk3KgS4h33c4CZ5/FvknLt+gOvfB4N1W7
+xZFux3ucs5SiJH0JJXRSIm1KNPiScbHpdJuOh9QqRvj6j4ZctWsgJNE36oqHB+Ot
+AgMBAAGjgeIwgd8wHQYDVR0OBBYEFAwIGiz6dybONw+lhZiFD01IuoOzMIGvBgNV
+HSMEgacwgaSAFAwIGiz6dybONw+lhZiFD01IuoOzoYGApH4wfDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCk1lbmxvIFBhcmsxDTAL
+BgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhNjESMBAGA1UEAxMJbG9jYWxob3N0MRIw
+EAYJKoZIhvcNAQkBFgN0YTaCCQCTrn4tyWGPSzAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4GBABAs7bmkqr2eTUfdAmRSqXpzp/NYRc/aXB6AMNkQp+R50uuF
+i3BMOd+2QPt/Ec2ohdZc0S8pn436U7wg88iXmxH0fTmaLKZuHqQNgeBlWYn2qWZl
+OAVE50einqLjggcsy47cR6LpywFqVMEmFAPpw6z+mA52UvNbZ+omDZht5COs
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/ta7/ta7_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ e2:68:f4:95:eb:49:89:87
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta7, CN=localhost/emailAddress=ta7
+ Validity
+ Not Before: Apr 11 22:37:54 2011 GMT
+ Not After : Jan 5 22:37:54 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta7, CN=localhost/emailAddress=ta7
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c8:de:52:36:7b:6e:4b:6d:7a:83:73:ad:41:cd:
+ af:36:02:62:36:3e:f7:55:07:11:24:43:c2:eb:43:
+ e4:6f:1d:3c:ec:73:4b:81:58:a2:2a:7e:e0:c4:f0:
+ 9a:ae:04:d8:2a:49:39:bf:9e:e8:ad:f0:96:52:5e:
+ 3c:67:71:7f:3d:40:d7:36:e3:1c:25:da:0b:29:e9:
+ 8b:81:66:19:bc:34:38:1a:4e:cb:63:f5:30:cf:82:
+ 6c:f5:14:cc:df:bb:cc:ed:70:86:e4:ba:6e:db:85:
+ ce:60:d1:69:37:48:e8:0c:c0:76:82:0f:5f:65:09:
+ 62:0d:72:c9:5a:b3:49:2c:fd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 78:FA:1D:E8:35:33:AD:40:EB:A9:B4:3E:87:7A:B0:65:17:CF:36:35
+ X509v3 Authority Key Identifier:
+ keyid:78:FA:1D:E8:35:33:AD:40:EB:A9:B4:3E:87:7A:B0:65:17:CF:36:35
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta7/CN=localhost/emailAddress=ta7
+ serial:E2:68:F4:95:EB:49:89:87
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 07:20:33:b6:af:9e:b1:49:90:57:19:86:e9:8b:18:8a:e9:7b:
+ b1:b4:ff:29:5e:de:df:c9:f9:c8:7d:de:61:0d:36:fc:55:dc:
+ e7:51:ff:89:b5:69:07:72:60:b6:19:4e:c4:90:e6:e7:c1:0e:
+ 56:ba:d6:1c:c7:34:10:38:2d:c5:71:79:8a:de:a6:b2:d6:cf:
+ 98:dc:9a:3e:df:d3:57:67:bd:15:83:95:00:1c:2d:45:9c:73:
+ 6d:82:57:9d:ac:57:f1:d8:39:ae:92:3b:ff:36:a1:0e:08:46:
+ e6:00:a9:d6:3e:5b:fa:65:7f:8c:c6:ee:4e:84:e0:a8:81:b7:
+ 3c:a5
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIJAOJo9JXrSYmHMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQLEwN0YTcxEjAQBgNVBAMTCWxvY2FsaG9z
+dDESMBAGCSqGSIb3DQEJARYDdGE3MB4XDTExMDQxMTIyMzc1NFoXDTE0MDEwNTIy
+Mzc1NFowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNV
+BAcTCk1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhNzESMBAG
+A1UEAxMJbG9jYWxob3N0MRIwEAYJKoZIhvcNAQkBFgN0YTcwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAMjeUjZ7bktteoNzrUHNrzYCYjY+91UHESRDwutD5G8d
+POxzS4FYoip+4MTwmq4E2CpJOb+e6K3wllJePGdxfz1A1zbjHCXaCynpi4FmGbw0
+OBpOy2P1MM+CbPUUzN+7zO1whuS6btuFzmDRaTdI6AzAdoIPX2UJYg1yyVqzSSz9
+AgMBAAGjgeIwgd8wHQYDVR0OBBYEFHj6Heg1M61A66m0Pod6sGUXzzY1MIGvBgNV
+HSMEgacwgaSAFHj6Heg1M61A66m0Pod6sGUXzzY1oYGApH4wfDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCk1lbmxvIFBhcmsxDTAL
+BgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhNzESMBAGA1UEAxMJbG9jYWxob3N0MRIw
+EAYJKoZIhvcNAQkBFgN0YTeCCQDiaPSV60mJhzAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4GBAAcgM7avnrFJkFcZhumLGIrpe7G0/yle3t/J+ch93mENNvxV
+3OdR/4m1aQdyYLYZTsSQ5ufBDla61hzHNBA4LcVxeYreprLWz5jcmj7f01dnvRWD
+lQAcLUWcc22CV52sV/HYOa6SO/82oQ4IRuYAqdY+W/plf4zG7k6E4KiBtzyl
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/ta8/ta8_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ b8:9a:b1:4d:fa:a9:68:23
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta8, CN=localhost/emailAddress=ta8
+ Validity
+ Not Before: Apr 11 22:37:54 2011 GMT
+ Not After : Jan 5 22:37:54 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta8, CN=localhost/emailAddress=ta8
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:da:5e:85:e0:17:14:35:c1:e8:f4:b6:97:15:d1:
+ f5:c3:36:26:57:85:5c:0c:e8:8e:d7:2b:10:66:b2:
+ 61:92:a3:df:a4:4f:61:52:41:9c:3b:2f:0e:bc:bd:
+ 92:9b:e2:4c:ec:68:34:76:2c:86:54:e5:8b:9e:ac:
+ 2f:7e:4f:07:52:ec:7f:51:31:ed:9e:94:ed:7e:15:
+ da:4f:fb:65:d0:07:85:c2:60:69:ce:ac:74:72:8a:
+ 45:31:e4:6c:3e:5e:05:bc:d3:2f:37:56:14:c2:2e:
+ 78:78:6b:93:14:e5:61:08:22:ef:4d:f9:bb:1b:1f:
+ 31:09:12:7a:ad:e5:cf:18:5b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ BB:CA:54:46:B9:0F:22:DB:69:82:15:BB:66:36:9D:50:1D:0B:1B:F5
+ X509v3 Authority Key Identifier:
+ keyid:BB:CA:54:46:B9:0F:22:DB:69:82:15:BB:66:36:9D:50:1D:0B:1B:F5
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta8/CN=localhost/emailAddress=ta8
+ serial:B8:9A:B1:4D:FA:A9:68:23
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 7a:13:83:75:43:35:e1:4d:07:93:8d:1c:fd:4d:8f:5c:24:78:
+ f5:01:35:4c:a5:ad:5f:92:f3:23:21:0c:2d:dc:64:a5:7f:c2:
+ 3c:c9:e3:b0:4e:d8:17:4e:76:4c:4d:71:fb:b9:3d:d9:51:b8:
+ fc:e0:91:a6:5c:18:c8:06:55:cc:a9:ba:9e:59:92:c4:5c:04:
+ 11:e2:d9:99:1d:cb:bd:9d:6c:c2:0e:9e:f0:4c:20:69:6b:b1:
+ 76:b6:d4:c0:e6:6c:4b:1e:18:cb:71:4a:9b:13:ca:db:c8:a4:
+ 0e:35:c0:91:70:04:9c:32:bd:15:a2:36:72:97:d0:7b:d0:6c:
+ dc:03
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIJALiasU36qWgjMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQLEwN0YTgxEjAQBgNVBAMTCWxvY2FsaG9z
+dDESMBAGCSqGSIb3DQEJARYDdGE4MB4XDTExMDQxMTIyMzc1NFoXDTE0MDEwNTIy
+Mzc1NFowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNV
+BAcTCk1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhODESMBAG
+A1UEAxMJbG9jYWxob3N0MRIwEAYJKoZIhvcNAQkBFgN0YTgwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBANpeheAXFDXB6PS2lxXR9cM2JleFXAzojtcrEGayYZKj
+36RPYVJBnDsvDry9kpviTOxoNHYshlTli56sL35PB1Lsf1Ex7Z6U7X4V2k/7ZdAH
+hcJgac6sdHKKRTHkbD5eBbzTLzdWFMIueHhrkxTlYQgi7035uxsfMQkSeq3lzxhb
+AgMBAAGjgeIwgd8wHQYDVR0OBBYEFLvKVEa5DyLbaYIVu2Y2nVAdCxv1MIGvBgNV
+HSMEgacwgaSAFLvKVEa5DyLbaYIVu2Y2nVAdCxv1oYGApH4wfDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCk1lbmxvIFBhcmsxDTAL
+BgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhODESMBAGA1UEAxMJbG9jYWxob3N0MRIw
+EAYJKoZIhvcNAQkBFgN0YTiCCQC4mrFN+qloIzAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4GBAHoTg3VDNeFNB5ONHP1Nj1wkePUBNUylrV+S8yMhDC3cZKV/
+wjzJ47BO2BdOdkxNcfu5PdlRuPzgkaZcGMgGVcypup5ZksRcBBHi2Zkdy72dbMIO
+nvBMIGlrsXa21MDmbEseGMtxSpsTytvIpA41wJFwBJwyvRWiNnKX0HvQbNwD
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/ta9/ta9_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a1:62:e1:e5:c0:a2:38:0d
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta9, CN=localhost/emailAddress=ta9
+ Validity
+ Not Before: Apr 11 22:37:54 2011 GMT
+ Not After : Jan 5 22:37:54 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta9, CN=localhost/emailAddress=ta9
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e8:ab:ef:91:ca:05:4a:18:a2:98:c4:d8:93:d0:
+ ce:99:a9:5e:02:8d:5d:5c:e3:f3:84:49:6b:a7:6d:
+ ef:38:77:2e:32:c2:9c:09:1d:f6:be:6c:c6:c4:b1:
+ c8:c3:32:72:2b:84:87:f6:ba:bf:fc:cf:5c:05:c2:
+ 4f:62:23:7e:02:3f:ce:6c:c6:b6:95:86:84:d7:97:
+ 9f:1c:87:70:29:62:6a:29:7c:06:a3:b7:18:12:67:
+ 07:3a:89:aa:f0:99:fe:df:46:00:b1:2f:aa:30:1e:
+ a2:1e:f8:2b:37:99:21:b8:85:53:42:98:4a:bd:c5:
+ f9:b4:61:60:0a:73:bc:0e:d1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ A6:CF:35:00:96:15:AD:B4:24:DE:1D:5A:B9:56:A2:6E:B4:2D:46:C5
+ X509v3 Authority Key Identifier:
+ keyid:A6:CF:35:00:96:15:AD:B4:24:DE:1D:5A:B9:56:A2:6E:B4:2D:46:C5
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta9/CN=localhost/emailAddress=ta9
+ serial:A1:62:E1:E5:C0:A2:38:0D
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 44:02:da:cf:c3:07:27:84:e4:06:22:ff:fc:7e:c9:47:7a:79:
+ e1:9f:6a:84:68:a8:fb:48:18:80:58:0f:b0:5e:ef:43:bf:3a:
+ 69:23:b2:18:3e:78:3a:8e:ff:c5:d8:76:4c:99:d5:9f:be:8a:
+ fd:0e:79:b9:7e:62:c4:c2:4b:6f:78:01:e7:52:19:ff:08:86:
+ a7:b2:17:0c:11:03:ef:42:1f:b5:5b:40:0a:3a:9f:2a:4f:57:
+ 31:3d:b1:dd:a8:51:e1:2f:b2:e4:5b:2e:1b:9f:a7:d6:b7:6b:
+ 76:68:f9:2e:b1:38:6f:11:21:0e:81:a2:32:01:7b:bc:c3:1f:
+ 82:4e
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIJAKFi4eXAojgNMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQLEwN0YTkxEjAQBgNVBAMTCWxvY2FsaG9z
+dDESMBAGCSqGSIb3DQEJARYDdGE5MB4XDTExMDQxMTIyMzc1NFoXDTE0MDEwNTIy
+Mzc1NFowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNV
+BAcTCk1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhOTESMBAG
+A1UEAxMJbG9jYWxob3N0MRIwEAYJKoZIhvcNAQkBFgN0YTkwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAOir75HKBUoYopjE2JPQzpmpXgKNXVzj84RJa6dt7zh3
+LjLCnAkd9r5sxsSxyMMyciuEh/a6v/zPXAXCT2IjfgI/zmzGtpWGhNeXnxyHcCli
+ail8BqO3GBJnBzqJqvCZ/t9GALEvqjAeoh74KzeZIbiFU0KYSr3F+bRhYApzvA7R
+AgMBAAGjgeIwgd8wHQYDVR0OBBYEFKbPNQCWFa20JN4dWrlWom60LUbFMIGvBgNV
+HSMEgacwgaSAFKbPNQCWFa20JN4dWrlWom60LUbFoYGApH4wfDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCk1lbmxvIFBhcmsxDTAL
+BgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhOTESMBAGA1UEAxMJbG9jYWxob3N0MRIw
+EAYJKoZIhvcNAQkBFgN0YTmCCQChYuHlwKI4DTAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4GBAEQC2s/DByeE5AYi//x+yUd6eeGfaoRoqPtIGIBYD7Be70O/
+Omkjshg+eDqO/8XYdkyZ1Z++iv0Oebl+YsTCS294AedSGf8IhqeyFwwRA+9CH7Vb
+QAo6nypPVzE9sd2oUeEvsuRbLhufp9a3a3Zo+S6xOG8RIQ6BojIBe7zDH4JO
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/trust_anchors/ta10_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,65 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 86:f1:45:12:31:c7:2b:2a
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta10, CN=localhost/emailAddress=ta10
+ Validity
+ Not Before: Apr 11 22:37:55 2011 GMT
+ Not After : Jan 5 22:37:55 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta10, CN=localhost/emailAddress=ta10
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b6:50:43:73:64:12:40:26:54:0c:f9:67:e4:6a:
+ ed:1f:18:e5:73:89:13:0f:c9:5f:6e:6e:c6:05:ad:
+ 2c:be:e4:6b:fd:c6:4f:ea:f3:6f:0d:f4:1a:34:7f:
+ 03:97:b0:a4:d1:6e:98:d2:36:fa:33:5d:51:37:de:
+ 8f:5b:3d:a0:07:52:c8:b7:71:30:71:fb:c3:a7:fa:
+ 61:f6:b4:28:be:9e:da:8b:8b:70:dd:8e:d0:a5:1a:
+ 00:70:1c:39:e1:cf:64:f8:ec:b4:83:b9:2b:67:fa:
+ 4d:ae:30:84:2f:2c:9d:6c:77:7e:09:95:43:77:6b:
+ e1:9d:2b:c9:89:d9:a9:e5:8f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ B7:F0:DB:5F:BA:CC:10:6D:A6:64:62:10:84:A5:C9:39:4C:3C:27:86
+ X509v3 Authority Key Identifier:
+ keyid:B7:F0:DB:5F:BA:CC:10:6D:A6:64:62:10:84:A5:C9:39:4C:3C:27:86
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta10/CN=localhost/emailAddress=ta10
+ serial:86:F1:45:12:31:C7:2B:2A
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 5b:6d:71:b8:4e:e3:27:06:d9:2a:47:ab:21:a3:df:94:a9:d8:
+ 62:f1:6a:97:33:cc:1c:52:55:9a:f8:ec:6d:b4:91:17:4d:2a:
+ 0e:03:b4:4b:00:83:10:8e:12:c1:05:67:56:9a:30:90:91:ad:
+ 8b:dc:0a:eb:3f:28:5d:f9:d4:87:0d:f7:3a:5a:f6:47:52:9e:
+ af:4e:21:d4:2f:b8:40:4f:7f:81:1f:93:ca:bc:e6:04:c5:18:
+ 65:5e:b1:dd:0b:3c:5e:3a:6f:48:e3:fc:b2:c8:37:8d:9f:14:
+ 1b:a7:12:79:bb:2d:b9:fc:7a:01:ef:66:c6:d4:c2:44:01:49:
+ 23:a9
+-----BEGIN CERTIFICATE-----
+MIIDYDCCAsmgAwIBAgIJAIbxRRIxxysqMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQ0wCwYDVQQLEwR0YTEwMRIwEAYDVQQDEwlsb2NhbGhv
+c3QxEzARBgkqhkiG9w0BCQEWBHRhMTAwHhcNMTEwNDExMjIzNzU1WhcNMTQwMTA1
+MjIzNzU1WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEG
+A1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTENMAsGA1UECxMEdGExMDES
+MBAGA1UEAxMJbG9jYWxob3N0MRMwEQYJKoZIhvcNAQkBFgR0YTEwMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC2UENzZBJAJlQM+Wfkau0fGOVziRMPyV9ubsYF
+rSy+5Gv9xk/q828N9Bo0fwOXsKTRbpjSNvozXVE33o9bPaAHUsi3cTBx+8On+mH2
+tCi+ntqLi3DdjtClGgBwHDnhz2T47LSDuStn+k2uMIQvLJ1sd34JlUN3a+GdK8mJ
+2anljwIDAQABo4HlMIHiMB0GA1UdDgQWBBS38NtfuswQbaZkYhCEpck5TDwnhjCB
+sgYDVR0jBIGqMIGngBS38NtfuswQbaZkYhCEpck5TDwnhqGBg6SBgDB+MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFy
+azENMAsGA1UEChMEcGtnNTENMAsGA1UECxMEdGExMDESMBAGA1UEAxMJbG9jYWxo
+b3N0MRMwEQYJKoZIhvcNAQkBFgR0YTEwggkAhvFFEjHHKyowDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOBgQBbbXG4TuMnBtkqR6sho9+Uqdhi8WqXM8wcUlWa
++OxttJEXTSoOA7RLAIMQjhLBBWdWmjCQka2L3ArrPyhd+dSHDfc6WvZHUp6vTiHU
+L7hAT3+BH5PKvOYExRhlXrHdCzxeOm9I4/yyyDeNnxQbpxJ5uy25/HoB72bG1MJE
+AUkjqQ==
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/trust_anchors/ta11_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,65 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d7:f1:84:58:4b:42:ce:33
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta11, CN=localhost/emailAddress=ta11
+ Validity
+ Not Before: Apr 11 22:37:55 2011 GMT
+ Not After : Jan 5 22:37:55 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta11, CN=localhost/emailAddress=ta11
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a3:c5:d4:23:f8:e8:a4:02:1f:38:cd:53:dc:7c:
+ e8:3c:49:bd:14:c1:c7:a2:b7:00:7a:d2:d1:c8:01:
+ 7c:9b:f7:78:50:95:07:69:90:a0:7a:25:0f:55:55:
+ f7:b2:33:ae:ae:66:64:5c:4c:86:66:e0:28:e2:63:
+ 8c:11:5f:ee:a4:af:77:86:c2:c0:18:0d:24:18:5f:
+ 26:ff:67:cc:f4:f9:7d:0c:e7:d7:0c:01:e8:85:57:
+ f4:a8:d8:2c:f1:ec:2f:c7:8c:34:d4:3d:d3:1b:5c:
+ 2d:44:bd:d1:a6:35:d2:21:36:f9:31:ac:24:cb:ec:
+ 7b:70:c8:10:97:c8:8e:37:19
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ CE:A0:CF:69:A4:17:A0:54:BE:C3:CB:28:70:86:6A:BD:3B:DE:E4:CC
+ X509v3 Authority Key Identifier:
+ keyid:CE:A0:CF:69:A4:17:A0:54:BE:C3:CB:28:70:86:6A:BD:3B:DE:E4:CC
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta11/CN=localhost/emailAddress=ta11
+ serial:D7:F1:84:58:4B:42:CE:33
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 89:34:9b:f9:55:53:63:83:82:0e:d0:f1:e5:0c:e3:4e:4b:2f:
+ 54:20:2b:70:00:56:08:b4:18:88:59:e2:66:3e:5c:b6:0a:74:
+ 16:bc:43:61:35:1e:df:e5:f6:f6:7e:de:87:18:61:b7:70:b0:
+ 93:e8:5a:19:1d:01:a7:43:ca:38:ea:d2:e2:75:0e:3e:d2:b5:
+ 91:57:1e:30:29:aa:2a:26:53:1b:9e:56:ad:61:41:3c:04:bb:
+ a5:af:da:75:63:5e:bb:31:21:f9:4c:dc:d0:c2:4c:90:07:45:
+ ed:32:0d:c0:c8:e9:6f:72:b5:ae:19:f2:88:9e:50:5c:5a:34:
+ 47:a9
+-----BEGIN CERTIFICATE-----
+MIIDYDCCAsmgAwIBAgIJANfxhFhLQs4zMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQ0wCwYDVQQLEwR0YTExMRIwEAYDVQQDEwlsb2NhbGhv
+c3QxEzARBgkqhkiG9w0BCQEWBHRhMTEwHhcNMTEwNDExMjIzNzU1WhcNMTQwMTA1
+MjIzNzU1WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEG
+A1UEBxMKTWVubG8gUGFyazENMAsGA1UEChMEcGtnNTENMAsGA1UECxMEdGExMTES
+MBAGA1UEAxMJbG9jYWxob3N0MRMwEQYJKoZIhvcNAQkBFgR0YTExMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQCjxdQj+OikAh84zVPcfOg8Sb0UwceitwB60tHI
+AXyb93hQlQdpkKB6JQ9VVfeyM66uZmRcTIZm4CjiY4wRX+6kr3eGwsAYDSQYXyb/
+Z8z0+X0M59cMAeiFV/So2Czx7C/HjDTUPdMbXC1EvdGmNdIhNvkxrCTL7HtwyBCX
+yI43GQIDAQABo4HlMIHiMB0GA1UdDgQWBBTOoM9ppBegVL7Dyyhwhmq9O97kzDCB
+sgYDVR0jBIGqMIGngBTOoM9ppBegVL7Dyyhwhmq9O97kzKGBg6SBgDB+MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFy
+azENMAsGA1UEChMEcGtnNTENMAsGA1UECxMEdGExMTESMBAGA1UEAxMJbG9jYWxo
+b3N0MRMwEQYJKoZIhvcNAQkBFgR0YTExggkA1/GEWEtCzjMwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOBgQCJNJv5VVNjg4IO0PHlDONOSy9UICtwAFYItBiI
+WeJmPly2CnQWvENhNR7f5fb2ft6HGGG3cLCT6FoZHQGnQ8o46tLidQ4+0rWRVx4w
+KaoqJlMbnlatYUE8BLulr9p1Y167MSH5TNzQwkyQB0XtMg3AyOlvcrWuGfKInlBc
+WjRHqQ==
+-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/trust_anchors/ta1_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/trust_anchors/ta1_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,62 +2,62 @@
Data:
Version: 3 (0x2)
Serial Number:
- de:88:28:ec:1b:64:08:9c
+ a1:49:ea:78:5a:f4:55:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta1/emailAddress=ta1
Validity
- Not Before: Mar 21 00:49:23 2011 GMT
- Not After : Dec 15 00:49:23 2013 GMT
+ Not Before: Apr 11 22:37:38 2011 GMT
+ Not After : Jan 5 22:37:38 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta1/emailAddress=ta1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d6:e9:55:f5:86:01:d5:2b:dd:52:6e:82:89:dc:
- 7a:23:a2:8b:32:28:af:09:2b:37:f4:98:d9:2d:3d:
- b6:d3:58:6d:4d:f9:e5:af:40:aa:41:8e:ca:6a:11:
- 28:6e:bd:17:ee:17:5f:22:c3:15:99:65:3d:fc:b6:
- 16:bc:5a:fb:bd:a7:15:b0:ff:f6:5d:19:20:3c:f5:
- 78:54:19:75:cc:61:82:6f:bc:bb:1a:5f:c8:37:7a:
- b0:c0:5e:30:27:a1:aa:b2:87:4d:10:57:fc:2d:d6:
- 17:6d:b0:39:bd:06:b5:0f:ce:d1:00:2f:85:35:ad:
- c8:72:39:e5:2c:e4:06:2a:1b
+ 00:e0:4a:38:c6:48:13:ab:71:ab:ca:6e:6e:ce:e9:
+ fc:2c:68:cd:ee:79:f6:c2:7e:1f:19:ee:5b:75:19:
+ 3d:ba:4f:8f:a3:79:f9:5c:eb:dd:0c:30:0f:d0:77:
+ 05:0d:ff:b9:28:e4:74:1a:67:b3:ff:36:ea:26:61:
+ ec:51:25:e1:c0:cd:97:58:e0:65:8d:4c:54:bc:93:
+ 99:37:2b:f3:87:d3:b8:d7:87:15:d9:cf:1c:b6:87:
+ f4:6d:54:bd:f5:65:53:60:43:b2:04:72:79:b0:bf:
+ 71:13:11:fd:bc:45:38:14:82:d9:05:8b:fe:9f:8e:
+ 7d:d1:2c:b9:36:61:c0:0a:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 06:D0:C0:FB:C5:79:67:F9:F9:10:92:CA:81:5B:5F:92:D8:D8:9F:A6
+ 75:A9:2B:02:E8:FB:31:09:2A:F2:16:21:24:D8:B2:A5:D0:14:93:5B
X509v3 Authority Key Identifier:
- keyid:06:D0:C0:FB:C5:79:67:F9:F9:10:92:CA:81:5B:5F:92:D8:D8:9F:A6
+ keyid:75:A9:2B:02:E8:FB:31:09:2A:F2:16:21:24:D8:B2:A5:D0:14:93:5B
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta1/emailAddress=ta1
- serial:DE:88:28:EC:1B:64:08:9C
+ serial:A1:49:EA:78:5A:F4:55:8D
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- a5:e8:f1:e8:94:a3:87:7b:60:62:54:0b:7d:b6:02:16:6f:cf:
- 05:10:1e:fc:99:36:f2:a7:22:40:41:9b:a5:c2:6a:c7:2d:87:
- 6b:1d:4d:d6:9e:1c:15:20:5f:62:f2:51:b8:6a:f5:2b:75:b7:
- aa:21:aa:9c:e2:88:e0:74:ce:4e:84:a1:28:fb:24:c7:bb:6f:
- d5:e3:f6:36:57:fe:1e:ba:98:ab:82:51:fa:33:75:93:a5:bb:
- fb:8f:00:54:fd:e4:fd:00:f7:e2:84:ed:71:3e:e8:66:3a:82:
- f2:70:d6:ee:2b:d9:b9:07:50:6f:d6:86:04:5a:bf:64:07:bd:
- 2f:70
+ 82:9d:88:f6:27:64:f1:c4:9f:18:10:ac:d3:6c:81:b9:25:34:
+ f8:74:1c:83:b3:94:65:1f:25:cd:5e:a7:e4:ad:d8:b2:6e:f1:
+ 43:56:25:75:d5:db:02:d6:f2:7a:3f:12:a3:60:04:77:49:99:
+ 37:d7:af:60:ff:d7:ee:d0:df:cd:4a:fb:75:ee:05:b0:af:00:
+ da:e2:80:6e:85:81:72:75:a5:3b:01:8c:00:3f:bb:8a:21:47:
+ 0d:d4:bb:51:a5:4c:58:2a:d8:09:1f:fb:b1:e7:56:00:53:a8:
+ 25:3e:ab:3d:f6:1b:28:7d:ef:76:68:62:be:28:a9:63:44:d1:
+ 68:6a
-----BEGIN CERTIFICATE-----
-MIIDHDCCAoWgAwIBAgIJAN6IKOwbZAicMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+MIIDHDCCAoWgAwIBAgIJAKFJ6nha9FWNMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTExEjAQBgkqhkiG9w0BCQEWA3Rh
-MTAeFw0xMTAzMjEwMDQ5MjNaFw0xMzEyMTUwMDQ5MjNaMGgxCzAJBgNVBAYTAlVT
+MTAeFw0xMTA0MTEyMjM3MzhaFw0xNDAxMDUyMjM3MzhaMGgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MQwwCgYDVQQDEwN0YTExEjAQBgkqhkiG9w0BCQEWA3RhMTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1ulV9YYB1SvdUm6Cidx6I6KLMiivCSs3
-9JjZLT2201htTfnlr0CqQY7KahEobr0X7hdfIsMVmWU9/LYWvFr7vacVsP/2XRkg
-PPV4VBl1zGGCb7y7Gl/IN3qwwF4wJ6GqsodNEFf8LdYXbbA5vQa1D87RAC+FNa3I
-cjnlLOQGKhsCAwEAAaOBzTCByjAdBgNVHQ4EFgQUBtDA+8V5Z/n5EJLKgVtfktjY
-n6YwgZoGA1UdIwSBkjCBj4AUBtDA+8V5Z/n5EJLKgVtfktjYn6ahbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4Eo4xkgTq3Grym5uzun8LGjN7nn2wn4f
+Ge5bdRk9uk+Po3n5XOvdDDAP0HcFDf+5KOR0Gmez/zbqJmHsUSXhwM2XWOBljUxU
+vJOZNyvzh9O414cV2c8ctof0bVS99WVTYEOyBHJ5sL9xExH9vEU4FILZBYv+n459
+0Sy5NmHAChECAwEAAaOBzTCByjAdBgNVHQ4EFgQUdakrAuj7MQkq8hYhJNiypdAU
+k1swgZoGA1UdIwSBkjCBj4AUdakrAuj7MQkq8hYhJNiypdAUk1uhbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTExEjAQBgkqhkiG9w0BCQEW
-A3RhMYIJAN6IKOwbZAicMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
-pejx6JSjh3tgYlQLfbYCFm/PBRAe/Jk28qciQEGbpcJqxy2Hax1N1p4cFSBfYvJR
-uGr1K3W3qiGqnOKI4HTOToShKPskx7tv1eP2Nlf+HrqYq4JR+jN1k6W7+48AVP3k
-/QD34oTtcT7oZjqC8nDW7ivZuQdQb9aGBFq/ZAe9L3A=
+A3RhMYIJAKFJ6nha9FWNMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
+gp2I9idk8cSfGBCs02yBuSU0+HQcg7OUZR8lzV6n5K3Ysm7xQ1YlddXbAtbyej8S
+o2AEd0mZN9evYP/X7tDfzUr7de4FsK8A2uKAboWBcnWlOwGMAD+7iiFHDdS7UaVM
+WCrYCR/7sedWAFOoJT6rPfYbKH3vdmhiviipY0TRaGo=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/trust_anchors/ta2_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/trust_anchors/ta2_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,62 +2,62 @@
Data:
Version: 3 (0x2)
Serial Number:
- a8:5c:e8:7d:2f:86:1f:3c
+ e4:2c:84:25:53:01:eb:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta2/emailAddress=ta2
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:43 2011 GMT
+ Not After : Jan 5 22:37:43 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta2/emailAddress=ta2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:a4:44:fb:94:e4:92:ab:2c:c0:22:a1:ed:7d:4c:
- de:52:91:a6:70:e4:89:75:55:a4:01:ef:66:63:b4:
- fe:69:ac:b7:83:e6:43:5f:90:44:f6:cc:66:21:69:
- be:d3:06:3d:82:2d:dc:6d:f1:d2:6d:e3:b0:32:d6:
- 32:e7:b3:d6:39:76:13:1a:14:f5:1c:a0:cc:8d:b0:
- 7a:b5:63:b3:10:b9:37:cc:34:ee:18:b1:35:59:86:
- 96:1c:d4:b4:1a:71:25:e7:aa:ca:56:57:d5:ea:8a:
- b6:4a:fc:d8:d6:96:54:5c:da:c4:b3:3d:f9:25:e5:
- e5:bd:bc:8e:47:bf:e9:c7:fd
+ 00:e3:75:e1:44:6d:68:b1:dc:64:6b:a3:06:0a:3b:
+ 91:ad:10:ce:45:99:f3:ea:32:3c:92:bc:b1:85:d5:
+ c5:62:a6:fd:3e:33:64:fb:84:6e:09:e1:c6:76:34:
+ 43:63:7f:7b:93:bc:6c:0e:31:58:b0:c0:c8:c7:b4:
+ 6e:aa:db:40:86:67:b0:2c:79:82:fb:31:1f:71:6c:
+ 10:a4:b9:0b:dd:d8:78:e4:b3:a3:af:de:c6:0f:21:
+ fd:5c:e6:01:b6:87:82:9b:04:16:6e:42:a5:57:39:
+ fe:85:e3:57:58:cd:fe:90:c7:d3:35:7d:91:13:bf:
+ 05:f2:21:ac:42:e7:0f:e4:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- FF:24:E8:06:21:CA:81:14:44:D5:85:07:EF:FB:A2:E7:C0:72:E3:AF
+ 41:D6:E0:DA:6C:87:A3:44:65:CC:AB:12:C8:6C:0C:72:3A:39:90:2E
X509v3 Authority Key Identifier:
- keyid:FF:24:E8:06:21:CA:81:14:44:D5:85:07:EF:FB:A2:E7:C0:72:E3:AF
+ keyid:41:D6:E0:DA:6C:87:A3:44:65:CC:AB:12:C8:6C:0C:72:3A:39:90:2E
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta2/emailAddress=ta2
- serial:A8:5C:E8:7D:2F:86:1F:3C
+ serial:E4:2C:84:25:53:01:EB:E0
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- 24:2b:df:0f:66:4c:23:88:18:45:08:26:65:c1:65:6b:d8:0d:
- 74:c8:2a:c6:6c:77:60:f2:41:1a:8f:23:42:5a:5b:53:5d:33:
- fe:07:41:13:a9:a2:c4:62:22:08:13:30:57:60:fe:f5:55:ca:
- 09:59:0d:b1:f9:27:49:a5:7d:2b:6d:52:f8:0e:1e:4f:04:27:
- 6e:c4:98:31:b5:db:c2:c5:c3:09:29:28:d3:01:c7:5d:4a:a1:
- 92:27:3d:2c:ef:94:ac:19:94:ff:24:5b:18:85:7d:a8:f9:8d:
- b1:1f:46:a1:d6:30:4b:0d:d1:a3:0f:05:82:ae:4c:e2:53:b3:
- de:1b
+ b1:c5:14:e7:5f:ca:f0:de:3b:c5:f6:10:7c:5c:8a:63:a1:f6:
+ 07:4b:9d:9f:53:a9:c8:5c:d7:01:d1:df:6c:20:5c:f5:13:a2:
+ bc:5a:65:4a:b2:f9:25:7a:28:1b:4a:03:14:d5:e9:df:36:58:
+ e9:2e:d1:48:f9:89:7f:2c:04:a5:80:01:38:b5:b9:68:01:f8:
+ 78:65:38:af:33:2f:fa:17:61:e4:fd:73:f8:a4:f7:b5:f5:f5:
+ d6:b9:94:3a:32:70:37:b1:e8:58:84:58:92:6c:6a:57:da:84:
+ a5:f5:a9:7e:c1:10:6d:54:fb:82:f9:59:8a:6b:23:5d:33:3a:
+ 97:2d
-----BEGIN CERTIFICATE-----
-MIIDHDCCAoWgAwIBAgIJAKhc6H0vhh88MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+MIIDHDCCAoWgAwIBAgIJAOQshCVTAevgMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTIxEjAQBgkqhkiG9w0BCQEWA3Rh
-MjAeFw0xMTAzMjEwMDQ5MjZaFw0xMzEyMTUwMDQ5MjZaMGgxCzAJBgNVBAYTAlVT
+MjAeFw0xMTA0MTEyMjM3NDNaFw0xNDAxMDUyMjM3NDNaMGgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MQwwCgYDVQQDEwN0YTIxEjAQBgkqhkiG9w0BCQEWA3RhMjCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApET7lOSSqyzAIqHtfUzeUpGmcOSJdVWk
-Ae9mY7T+aay3g+ZDX5BE9sxmIWm+0wY9gi3cbfHSbeOwMtYy57PWOXYTGhT1HKDM
-jbB6tWOzELk3zDTuGLE1WYaWHNS0GnEl56rKVlfV6oq2SvzY1pZUXNrEsz35JeXl
-vbyOR7/px/0CAwEAAaOBzTCByjAdBgNVHQ4EFgQU/yToBiHKgRRE1YUH7/ui58By
-468wgZoGA1UdIwSBkjCBj4AU/yToBiHKgRRE1YUH7/ui58By46+hbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA43XhRG1osdxka6MGCjuRrRDORZnz6jI8
+kryxhdXFYqb9PjNk+4RuCeHGdjRDY397k7xsDjFYsMDIx7RuqttAhmewLHmC+zEf
+cWwQpLkL3dh45LOjr97GDyH9XOYBtoeCmwQWbkKlVzn+heNXWM3+kMfTNX2RE78F
+8iGsQucP5OMCAwEAAaOBzTCByjAdBgNVHQ4EFgQUQdbg2myHo0RlzKsSyGwMcjo5
+kC4wgZoGA1UdIwSBkjCBj4AUQdbg2myHo0RlzKsSyGwMcjo5kC6hbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTIxEjAQBgkqhkiG9w0BCQEW
-A3RhMoIJAKhc6H0vhh88MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
-JCvfD2ZMI4gYRQgmZcFla9gNdMgqxmx3YPJBGo8jQlpbU10z/gdBE6mixGIiCBMw
-V2D+9VXKCVkNsfknSaV9K21S+A4eTwQnbsSYMbXbwsXDCSko0wHHXUqhkic9LO+U
-rBmU/yRbGIV9qPmNsR9GodYwSw3Row8Fgq5M4lOz3hs=
+A3RhMoIJAOQshCVTAevgMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
+scUU51/K8N47xfYQfFyKY6H2B0udn1OpyFzXAdHfbCBc9ROivFplSrL5JXooG0oD
+FNXp3zZY6S7RSPmJfywEpYABOLW5aAH4eGU4rzMv+hdh5P1z+KT3tfX11rmUOjJw
+N7HoWIRYkmxqV9qEpfWpfsEQbVT7gvlZimsjXTM6ly0=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/trust_anchors/ta3_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/trust_anchors/ta3_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,62 +2,62 @@
Data:
Version: 3 (0x2)
Serial Number:
- ee:77:7e:6a:c1:1e:57:ed
+ f4:58:54:6a:83:22:66:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta3/emailAddress=ta3
Validity
- Not Before: Mar 21 00:49:26 2011 GMT
- Not After : Dec 15 00:49:26 2013 GMT
+ Not Before: Apr 11 22:37:43 2011 GMT
+ Not After : Jan 5 22:37:43 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta3/emailAddress=ta3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:d8:90:38:43:d3:79:4c:01:69:dc:78:b0:e5:8c:
- 1c:90:85:72:d5:30:6a:03:2d:a8:e4:6a:ad:27:c4:
- 59:e8:8c:a6:51:79:62:ff:18:26:87:e7:29:68:2e:
- 3d:20:b1:78:40:56:c0:82:04:2a:4a:37:e1:38:9f:
- 0a:ce:0d:c6:ad:e7:8c:b1:8e:25:61:a1:72:09:98:
- 2c:a5:a4:bb:56:61:87:f0:2e:12:8d:da:8b:68:e1:
- 39:9a:c8:2f:aa:dc:c9:84:ff:1b:eb:ce:29:82:55:
- b3:4c:c9:98:fd:d8:7c:13:ea:c0:d5:72:17:7e:92:
- 0b:f4:d4:71:a0:22:fa:c5:f7
+ 00:d0:b0:e7:c0:27:96:d6:ff:16:89:f4:4c:67:d5:
+ 23:57:a6:af:fe:f3:be:d9:1e:28:44:a6:a3:0e:67:
+ 09:1f:b2:fc:70:fd:2c:4a:9c:13:a0:cf:37:97:2c:
+ 39:7c:42:a4:f7:64:7e:be:49:67:05:01:b3:f7:46:
+ 34:9b:d8:bd:4b:ac:d6:40:96:5a:6d:a0:33:ae:03:
+ 33:22:7d:06:39:6e:0a:5e:39:3f:e6:eb:c7:f9:e3:
+ 1a:a7:dd:16:14:6d:8e:b7:84:d9:af:b7:43:db:5d:
+ 0f:2b:e8:3d:fe:66:d7:9e:3a:06:a1:9f:c3:35:81:
+ d4:cd:bc:16:3c:a2:c1:dd:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ 7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
X509v3 Authority Key Identifier:
- keyid:E2:9E:A1:8B:D7:D3:B0:F1:C3:E9:77:A4:49:5D:6A:4E:AB:73:AC:5D
+ keyid:7A:F6:51:7A:7F:9B:AB:37:3D:4E:93:03:90:6D:6A:84:09:7C:3A:DD
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta3/emailAddress=ta3
- serial:EE:77:7E:6A:C1:1E:57:ED
+ serial:F4:58:54:6A:83:22:66:E9
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- 63:77:35:62:c5:a1:23:fb:3b:7f:05:54:98:94:b8:52:15:20:
- 56:e0:55:44:90:e0:bc:3c:f4:de:ad:f9:17:36:1e:c5:7a:0f:
- ac:b1:17:44:27:cd:cf:a0:d4:5a:a8:68:ca:22:04:8a:ac:9e:
- ae:fc:e4:8a:71:4b:2a:33:86:9e:6b:63:73:97:9c:8d:76:88:
- 08:87:31:cc:21:c5:c9:fb:db:c1:cd:64:b3:f5:09:cc:14:48:
- d6:38:0b:15:2e:d0:ca:d2:3c:d7:36:14:db:74:7c:7a:38:db:
- 2a:2c:50:ec:08:d4:f9:9b:24:3c:69:f1:a9:c1:46:6b:7b:84:
- aa:36
+ 26:1b:34:03:12:d5:13:94:0f:f8:57:6a:47:d8:d9:81:78:0b:
+ 65:f1:51:b7:4e:b2:89:c2:6a:30:5d:37:ad:35:91:16:48:5f:
+ 9b:b9:cd:30:1e:0e:f3:31:1e:7a:4e:72:13:c6:e4:66:0a:a9:
+ a4:66:5d:f6:fe:21:51:0f:ab:fd:d7:9d:5d:13:86:07:df:1d:
+ 9d:d8:19:ce:6d:e9:7e:7a:19:06:20:07:cc:d1:a3:c2:04:28:
+ b8:9b:41:23:65:92:47:86:ee:ac:a5:7f:b7:2c:92:67:87:83:
+ 5b:04:d0:e5:5d:3c:4c:a1:51:e0:9c:02:9a:d5:35:b4:7b:e0:
+ e4:c3
-----BEGIN CERTIFICATE-----
-MIIDHDCCAoWgAwIBAgIJAO53fmrBHlftMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+MIIDHDCCAoWgAwIBAgIJAPRYVGqDImbpMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTMxEjAQBgkqhkiG9w0BCQEWA3Rh
-MzAeFw0xMTAzMjEwMDQ5MjZaFw0xMzEyMTUwMDQ5MjZaMGgxCzAJBgNVBAYTAlVT
+MzAeFw0xMTA0MTEyMjM3NDNaFw0xNDAxMDUyMjM3NDNaMGgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MQwwCgYDVQQDEwN0YTMxEjAQBgkqhkiG9w0BCQEWA3RhMzCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2JA4Q9N5TAFp3Hiw5YwckIVy1TBqAy2o
-5GqtJ8RZ6IymUXli/xgmh+cpaC49ILF4QFbAggQqSjfhOJ8Kzg3GreeMsY4lYaFy
-CZgspaS7VmGH8C4SjdqLaOE5msgvqtzJhP8b684pglWzTMmY/dh8E+rA1XIXfpIL
-9NRxoCL6xfcCAwEAAaOBzTCByjAdBgNVHQ4EFgQU4p6hi9fTsPHD6XekSV1qTqtz
-rF0wgZoGA1UdIwSBkjCBj4AU4p6hi9fTsPHD6XekSV1qTqtzrF2hbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LDnwCeW1v8WifRMZ9UjV6av/vO+2R4o
+RKajDmcJH7L8cP0sSpwToM83lyw5fEKk92R+vklnBQGz90Y0m9i9S6zWQJZabaAz
+rgMzIn0GOW4KXjk/5uvH+eMap90WFG2Ot4TZr7dD210PK+g9/mbXnjoGoZ/DNYHU
+zbwWPKLB3YkCAwEAAaOBzTCByjAdBgNVHQ4EFgQUevZRen+bqzc9TpMDkG1qhAl8
+Ot0wgZoGA1UdIwSBkjCBj4AUevZRen+bqzc9TpMDkG1qhAl8Ot2hbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTMxEjAQBgkqhkiG9w0BCQEW
-A3RhM4IJAO53fmrBHlftMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
-Y3c1YsWhI/s7fwVUmJS4UhUgVuBVRJDgvDz03q35FzYexXoPrLEXRCfNz6DUWqho
-yiIEiqyervzkinFLKjOGnmtjc5ecjXaICIcxzCHFyfvbwc1ks/UJzBRI1jgLFS7Q
-ytI81zYU23R8ejjbKixQ7AjU+ZskPGnxqcFGa3uEqjY=
+A3RhM4IJAPRYVGqDImbpMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
+Jhs0AxLVE5QP+FdqR9jZgXgLZfFRt06yicJqMF03rTWRFkhfm7nNMB4O8zEeek5y
+E8bkZgqppGZd9v4hUQ+r/dedXROGB98dndgZzm3pfnoZBiAHzNGjwgQouJtBI2WS
+R4burKV/tyySZ4eDWwTQ5V08TKFR4JwCmtU1tHvg5MM=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/trust_anchors/ta4_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/trust_anchors/ta4_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,62 +2,62 @@
Data:
Version: 3 (0x2)
Serial Number:
- c5:19:14:97:e3:27:2e:9b
+ ba:06:fd:ec:89:18:b5:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta4/emailAddress=ta4
Validity
- Not Before: Mar 21 00:49:31 2011 GMT
- Not After : Dec 15 00:49:31 2013 GMT
+ Not Before: Apr 11 22:37:49 2011 GMT
+ Not After : Jan 5 22:37:49 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta4/emailAddress=ta4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:b1:4b:88:95:b3:1e:8c:08:95:21:43:4e:19:f6:
- c1:e0:4a:68:49:d8:28:48:ba:20:22:2d:ab:d8:62:
- 15:d5:4e:21:bd:c0:af:00:d0:09:4a:da:3b:00:2d:
- 13:0c:6e:e1:3d:37:00:f5:09:5d:cd:69:81:4e:2b:
- 3d:38:8c:f0:64:66:0e:a0:d6:68:b1:27:57:3e:01:
- c3:27:2a:c1:a8:35:b2:54:a7:4e:17:3d:83:85:43:
- 6d:f8:07:ba:3b:40:05:b5:c3:9b:a7:66:f5:5f:a5:
- f8:b0:5f:3d:3d:97:25:4c:4f:89:63:51:7d:4a:be:
- 48:1a:1c:71:a3:fa:6a:87:13
+ 00:cf:c0:25:a7:fa:df:a4:e4:02:33:84:4d:a0:3f:
+ 4e:09:c4:ae:0a:58:d3:45:15:d3:5e:94:56:5a:b5:
+ da:3e:27:68:66:3d:b1:83:14:bc:13:94:f3:a8:38:
+ 9c:e8:9a:46:4e:06:78:0d:29:95:69:a0:2c:12:19:
+ 3b:6b:a6:3d:46:eb:56:8a:f7:85:2d:d9:9c:f0:30:
+ 6b:0a:03:8d:ae:d8:cf:9e:df:c9:a5:d7:d3:b1:ab:
+ 13:74:e8:1e:a2:be:31:3f:17:78:22:4c:83:8b:24:
+ ef:4f:5d:c4:6e:26:f8:b0:d9:2b:ad:9e:b0:c4:fc:
+ c2:00:10:99:e9:39:17:68:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 0A:1C:BA:A6:5B:C6:83:32:60:E5:9B:00:85:37:74:D1:8D:30:BA:8A
+ 3E:5F:64:E9:63:CB:9C:10:D0:91:F4:45:61:F2:F1:EA:42:69:EC:A5
X509v3 Authority Key Identifier:
- keyid:0A:1C:BA:A6:5B:C6:83:32:60:E5:9B:00:85:37:74:D1:8D:30:BA:8A
+ keyid:3E:5F:64:E9:63:CB:9C:10:D0:91:F4:45:61:F2:F1:EA:42:69:EC:A5
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta4/emailAddress=ta4
- serial:C5:19:14:97:E3:27:2E:9B
+ serial:BA:06:FD:EC:89:18:B5:7F
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- 64:93:80:7e:ae:43:e2:e6:96:07:67:cf:34:c3:ef:cc:69:1c:
- 52:41:fb:ec:11:dc:f6:fe:88:e4:8e:3b:90:97:d5:e5:6e:b6:
- b7:8e:0b:40:3b:84:5b:36:73:e4:ce:39:8e:e7:7e:db:dc:cd:
- 0f:97:1c:bb:2a:31:56:28:6b:87:50:72:be:5f:47:68:4e:a1:
- 38:7e:bc:c6:11:4c:2e:46:e3:94:a1:04:a5:15:70:af:2f:a9:
- 8f:b3:26:be:c1:35:15:b2:fd:94:f1:5d:a7:06:4f:2d:37:c8:
- 47:eb:db:cb:a4:69:05:98:fb:5a:1a:d3:03:17:e2:90:54:5a:
- 7d:1d
+ c2:01:c5:40:3c:24:aa:8a:f3:be:31:f8:82:12:df:b8:e7:b4:
+ 92:b1:95:79:d4:f7:db:2a:81:a2:f6:5f:3a:1d:b1:e2:a1:bd:
+ f1:50:75:cc:d6:f7:ab:26:d6:eb:a8:c6:f8:44:25:53:94:ce:
+ 6e:a4:6e:4f:40:c2:13:00:b7:cb:b1:82:99:e9:1f:68:54:d0:
+ 69:ba:02:5f:07:be:c2:f8:e3:2c:40:73:61:c2:c3:ad:4c:91:
+ f0:ba:0a:61:df:95:d6:fc:d3:19:e3:98:8e:58:73:03:6f:04:
+ 9e:b6:f7:8c:3c:1e:60:43:27:96:6d:f5:e7:31:43:bb:22:da:
+ 07:9c
-----BEGIN CERTIFICATE-----
-MIIDHDCCAoWgAwIBAgIJAMUZFJfjJy6bMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+MIIDHDCCAoWgAwIBAgIJALoG/eyJGLV/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTQxEjAQBgkqhkiG9w0BCQEWA3Rh
-NDAeFw0xMTAzMjEwMDQ5MzFaFw0xMzEyMTUwMDQ5MzFaMGgxCzAJBgNVBAYTAlVT
+NDAeFw0xMTA0MTEyMjM3NDlaFw0xNDAxMDUyMjM3NDlaMGgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MQwwCgYDVQQDEwN0YTQxEjAQBgkqhkiG9w0BCQEWA3RhNDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsUuIlbMejAiVIUNOGfbB4EpoSdgoSLog
-Ii2r2GIV1U4hvcCvANAJSto7AC0TDG7hPTcA9QldzWmBTis9OIzwZGYOoNZosSdX
-PgHDJyrBqDWyVKdOFz2DhUNt+Ae6O0AFtcObp2b1X6X4sF89PZclTE+JY1F9Sr5I
-Ghxxo/pqhxMCAwEAAaOBzTCByjAdBgNVHQ4EFgQUChy6plvGgzJg5ZsAhTd00Y0w
-uoowgZoGA1UdIwSBkjCBj4AUChy6plvGgzJg5ZsAhTd00Y0wuoqhbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz8Alp/rfpOQCM4RNoD9OCcSuCljTRRXT
+XpRWWrXaPidoZj2xgxS8E5TzqDic6JpGTgZ4DSmVaaAsEhk7a6Y9RutWiveFLdmc
+8DBrCgONrtjPnt/JpdfTsasTdOgeor4xPxd4IkyDiyTvT13Ebib4sNkrrZ6wxPzC
+ABCZ6TkXaAUCAwEAAaOBzTCByjAdBgNVHQ4EFgQUPl9k6WPLnBDQkfRFYfLx6kJp
+7KUwgZoGA1UdIwSBkjCBj4AUPl9k6WPLnBDQkfRFYfLx6kJp7KWhbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTQxEjAQBgkqhkiG9w0BCQEW
-A3RhNIIJAMUZFJfjJy6bMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
-ZJOAfq5D4uaWB2fPNMPvzGkcUkH77BHc9v6I5I47kJfV5W62t44LQDuEWzZz5M45
-jud+29zND5ccuyoxVihrh1Byvl9HaE6hOH68xhFMLkbjlKEEpRVwry+pj7MmvsE1
-FbL9lPFdpwZPLTfIR+vby6RpBZj7WhrTAxfikFRafR0=
+A3RhNIIJALoG/eyJGLV/MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
+wgHFQDwkqorzvjH4ghLfuOe0krGVedT32yqBovZfOh2x4qG98VB1zNb3qybW66jG
++EQlU5TObqRuT0DCEwC3y7GCmekfaFTQaboCXwe+wvjjLEBzYcLDrUyR8LoKYd+V
+1vzTGeOYjlhzA28Enrb3jDweYEMnlm315zFDuyLaB5w=
-----END CERTIFICATE-----
--- a/src/tests/ro_data/signing_certs/produced/trust_anchors/ta5_cert.pem Wed Apr 27 16:39:43 2011 -0700
+++ b/src/tests/ro_data/signing_certs/produced/trust_anchors/ta5_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -2,62 +2,62 @@
Data:
Version: 3 (0x2)
Serial Number:
- ec:86:c3:65:f9:7f:14:08
+ 9c:19:39:11:06:1a:55:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta5/emailAddress=ta5
Validity
- Not Before: Mar 21 00:49:34 2011 GMT
- Not After : Dec 15 00:49:34 2013 GMT
+ Not Before: Apr 11 22:37:52 2011 GMT
+ Not After : Jan 5 22:37:52 2014 GMT
Subject: C=US, ST=California, L=Menlo Park, O=pkg5, CN=ta5/emailAddress=ta5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:cc:27:b4:c2:c1:88:36:eb:9d:c4:02:79:04:8d:
- 8e:3d:84:72:32:92:7d:77:5e:87:a7:1b:19:7d:09:
- 3e:ff:83:de:de:64:9b:03:c4:95:64:a3:16:ef:b6:
- 33:2b:d7:28:3f:70:8d:81:c3:03:af:4e:04:de:e8:
- 86:51:82:75:81:4e:1f:97:e1:53:76:58:27:61:f2:
- 0c:2f:2e:ba:d2:b7:f5:6a:b1:66:87:81:2c:78:cf:
- 8c:74:92:2c:2e:bd:8d:ee:68:ec:92:e3:0d:73:1b:
- 82:27:3e:44:67:97:1c:42:46:20:65:89:61:ae:1b:
- 07:1f:20:60:3c:c2:16:27:0f
+ 00:c4:65:70:7a:0e:03:ae:85:f3:d6:03:6f:f9:a2:
+ af:4e:ae:cd:d4:99:b6:6d:14:a4:12:62:54:1f:8b:
+ c6:d3:8c:e8:7e:85:82:a5:f5:c9:03:66:f6:dd:48:
+ 58:5a:7a:20:c6:1d:7b:47:78:52:64:3f:0a:67:d0:
+ cc:03:aa:2b:00:b5:89:7b:b1:50:fb:79:e1:d5:32:
+ 8c:c3:49:df:ba:2a:21:43:cb:c5:39:39:12:bd:3a:
+ ba:7b:29:f2:48:32:37:84:c6:af:66:db:a2:a4:00:
+ ec:40:08:c1:a8:36:0c:b6:48:c6:39:b1:fd:be:e2:
+ 60:a4:3d:c6:b6:b1:a8:be:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- 8A:83:E9:51:D7:32:B4:6F:3B:85:AF:1A:11:94:5C:B6:21:E5:5D:0F
+ E7:E6:72:5B:A0:5F:2C:A6:40:45:1A:66:E4:45:A5:0F:1D:67:5D:93
X509v3 Authority Key Identifier:
- keyid:8A:83:E9:51:D7:32:B4:6F:3B:85:AF:1A:11:94:5C:B6:21:E5:5D:0F
+ keyid:E7:E6:72:5B:A0:5F:2C:A6:40:45:1A:66:E4:45:A5:0F:1D:67:5D:93
DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/CN=ta5/emailAddress=ta5
- serial:EC:86:C3:65:F9:7F:14:08
+ serial:9C:19:39:11:06:1A:55:91
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
- 32:f3:a4:fc:a0:a8:a7:64:a5:6a:6d:63:f0:ee:95:2f:2c:93:
- f8:70:c8:d6:f7:ae:98:3a:c8:9b:bd:69:fa:26:87:f5:bd:1e:
- 28:80:0b:03:13:33:87:99:33:52:2e:1a:0a:78:be:e5:0a:7a:
- 1d:a0:44:1c:1c:7e:93:2e:dc:e6:f5:66:79:27:58:2f:ad:03:
- d4:12:78:fa:d8:d7:f2:25:45:88:cf:ee:2a:c4:8a:f0:f3:8c:
- 18:56:eb:4b:d5:58:53:77:24:53:7b:cd:75:fe:8c:1c:e0:d3:
- 09:6e:e6:be:43:5c:b1:e5:71:58:65:4d:78:6d:01:bd:68:6c:
- 72:64
+ 89:2d:87:d4:a5:2a:63:ce:4d:12:6f:ca:94:d3:e9:ac:3e:93:
+ 30:f3:1a:20:05:9d:8c:72:7c:70:ea:00:c9:b6:39:d8:5a:d1:
+ 87:1e:57:8f:2f:61:f1:ec:a8:f2:b9:2b:03:d5:0c:07:e4:f5:
+ 01:8d:00:95:fd:9c:12:d0:86:3f:8d:cf:3a:5b:ae:2d:a2:6f:
+ 2d:ee:a6:10:6f:f0:d0:5f:dd:78:02:3e:1f:0d:f3:ae:a2:fa:
+ c5:9d:96:ae:31:a8:a3:ba:a4:78:a8:ec:db:e7:61:de:d3:5c:
+ c4:c2:4d:5c:b4:cb:f8:27:6e:53:06:11:e0:e7:aa:41:7f:bd:
+ 9a:8a
-----BEGIN CERTIFICATE-----
-MIIDHDCCAoWgAwIBAgIJAOyGw2X5fxQIMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+MIIDHDCCAoWgAwIBAgIJAJwZOREGGlWRMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTUxEjAQBgkqhkiG9w0BCQEWA3Rh
-NTAeFw0xMTAzMjEwMDQ5MzRaFw0xMzEyMTUwMDQ5MzRaMGgxCzAJBgNVBAYTAlVT
+NTAeFw0xMTA0MTEyMjM3NTJaFw0xNDAxMDUyMjM3NTJaMGgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJrMQ0wCwYD
VQQKEwRwa2c1MQwwCgYDVQQDEwN0YTUxEjAQBgkqhkiG9w0BCQEWA3RhNTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzCe0wsGINuudxAJ5BI2OPYRyMpJ9d16H
-pxsZfQk+/4Pe3mSbA8SVZKMW77YzK9coP3CNgcMDr04E3uiGUYJ1gU4fl+FTdlgn
-YfIMLy660rf1arFmh4EseM+MdJIsLr2N7mjskuMNcxuCJz5EZ5ccQkYgZYlhrhsH
-HyBgPMIWJw8CAwEAAaOBzTCByjAdBgNVHQ4EFgQUioPpUdcytG87ha8aEZRctiHl
-XQ8wgZoGA1UdIwSBkjCBj4AUioPpUdcytG87ha8aEZRctiHlXQ+hbKRqMGgxCzAJ
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxGVweg4DroXz1gNv+aKvTq7N1Jm2bRSk
+EmJUH4vG04zofoWCpfXJA2b23UhYWnogxh17R3hSZD8KZ9DMA6orALWJe7FQ+3nh
+1TKMw0nfuiohQ8vFOTkSvTq6eynySDI3hMavZtuipADsQAjBqDYMtkjGObH9vuJg
+pD3GtrGovlUCAwEAAaOBzTCByjAdBgNVHQ4EFgQU5+ZyW6BfLKZARRpm5EWlDx1n
+XZMwgZoGA1UdIwSBkjCBj4AU5+ZyW6BfLKZARRpm5EWlDx1nXZOhbKRqMGgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQ
YXJrMQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQDEwN0YTUxEjAQBgkqhkiG9w0BCQEW
-A3RhNYIJAOyGw2X5fxQIMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
-MvOk/KCop2Slam1j8O6VLyyT+HDI1veumDrIm71p+iaH9b0eKIALAxMzh5kzUi4a
-Cni+5Qp6HaBEHBx+ky7c5vVmeSdYL60D1BJ4+tjX8iVFiM/uKsSK8POMGFbrS9VY
-U3ckU3vNdf6MHODTCW7mvkNcseVxWGVNeG0BvWhscmQ=
+A3RhNYIJAJwZOREGGlWRMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
+iS2H1KUqY85NEm/KlNPprD6TMPMaIAWdjHJ8cOoAybY52FrRhx5Xjy9h8eyo8rkr
+A9UMB+T1AY0Alf2cEtCGP43POluuLaJvLe6mEG/w0F/deAI+Hw3zrqL6xZ2WrjGo
+o7qkeKjs2+dh3tNcxMJNXLTL+CduUwYR4OeqQX+9moo=
-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/trust_anchors/ta6_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 93:ae:7e:2d:c9:61:8f:4b
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta6, CN=localhost/emailAddress=ta6
+ Validity
+ Not Before: Apr 11 22:37:52 2011 GMT
+ Not After : Jan 5 22:37:52 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta6, CN=localhost/emailAddress=ta6
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c5:41:a2:3d:00:af:e2:71:29:e6:18:c2:73:65:
+ fc:4a:9d:e3:f7:1a:6e:7a:f5:09:81:87:cd:cf:a9:
+ 74:a9:e4:47:da:e2:fa:bd:0e:0a:ae:ba:06:e8:1b:
+ 66:e3:8a:5e:bb:87:90:5e:d1:38:7d:12:93:72:a0:
+ 4b:88:77:dd:ce:02:67:9f:c5:be:49:cb:b7:e8:0e:
+ bd:f0:78:37:55:bb:c5:91:6e:c7:7b:9c:b3:94:a2:
+ 24:7d:09:25:74:52:22:6d:4a:34:f8:92:71:b1:e9:
+ 74:9b:8e:87:d4:2a:46:f8:fa:8f:86:5c:b5:6b:20:
+ 24:d1:37:ea:8a:87:07:e3:ad
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 0C:08:1A:2C:FA:77:26:CE:37:0F:A5:85:98:85:0F:4D:48:BA:83:B3
+ X509v3 Authority Key Identifier:
+ keyid:0C:08:1A:2C:FA:77:26:CE:37:0F:A5:85:98:85:0F:4D:48:BA:83:B3
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta6/CN=localhost/emailAddress=ta6
+ serial:93:AE:7E:2D:C9:61:8F:4B
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 10:2c:ed:b9:a4:aa:bd:9e:4d:47:dd:02:64:52:a9:7a:73:a7:
+ f3:58:45:cf:da:5c:1e:80:30:d9:10:a7:e4:79:d2:eb:85:8b:
+ 70:4c:39:df:b6:40:fb:7f:11:cd:a8:85:d6:5c:d1:2f:29:9f:
+ 8d:fa:53:bc:20:f3:c8:97:9b:11:f4:7d:39:9a:2c:a6:6e:1e:
+ a4:0d:81:e0:65:59:89:f6:a9:66:65:38:05:44:e7:47:a2:9e:
+ a2:e3:82:07:2c:cb:8e:dc:47:a2:e9:cb:01:6a:54:c1:26:14:
+ 03:e9:c3:ac:fe:98:0e:76:52:f3:5b:67:ea:26:0d:98:6d:e4:
+ 23:ac
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIJAJOufi3JYY9LMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQLEwN0YTYxEjAQBgNVBAMTCWxvY2FsaG9z
+dDESMBAGCSqGSIb3DQEJARYDdGE2MB4XDTExMDQxMTIyMzc1MloXDTE0MDEwNTIy
+Mzc1MlowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNV
+BAcTCk1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhNjESMBAG
+A1UEAxMJbG9jYWxob3N0MRIwEAYJKoZIhvcNAQkBFgN0YTYwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAMVBoj0Ar+JxKeYYwnNl/Eqd4/cabnr1CYGHzc+pdKnk
+R9ri+r0OCq66BugbZuOKXruHkF7ROH0Sk3KgS4h33c4CZ5/FvknLt+gOvfB4N1W7
+xZFux3ucs5SiJH0JJXRSIm1KNPiScbHpdJuOh9QqRvj6j4ZctWsgJNE36oqHB+Ot
+AgMBAAGjgeIwgd8wHQYDVR0OBBYEFAwIGiz6dybONw+lhZiFD01IuoOzMIGvBgNV
+HSMEgacwgaSAFAwIGiz6dybONw+lhZiFD01IuoOzoYGApH4wfDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCk1lbmxvIFBhcmsxDTAL
+BgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhNjESMBAGA1UEAxMJbG9jYWxob3N0MRIw
+EAYJKoZIhvcNAQkBFgN0YTaCCQCTrn4tyWGPSzAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4GBABAs7bmkqr2eTUfdAmRSqXpzp/NYRc/aXB6AMNkQp+R50uuF
+i3BMOd+2QPt/Ec2ohdZc0S8pn436U7wg88iXmxH0fTmaLKZuHqQNgeBlWYn2qWZl
+OAVE50einqLjggcsy47cR6LpywFqVMEmFAPpw6z+mA52UvNbZ+omDZht5COs
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/trust_anchors/ta7_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ e2:68:f4:95:eb:49:89:87
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta7, CN=localhost/emailAddress=ta7
+ Validity
+ Not Before: Apr 11 22:37:54 2011 GMT
+ Not After : Jan 5 22:37:54 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta7, CN=localhost/emailAddress=ta7
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c8:de:52:36:7b:6e:4b:6d:7a:83:73:ad:41:cd:
+ af:36:02:62:36:3e:f7:55:07:11:24:43:c2:eb:43:
+ e4:6f:1d:3c:ec:73:4b:81:58:a2:2a:7e:e0:c4:f0:
+ 9a:ae:04:d8:2a:49:39:bf:9e:e8:ad:f0:96:52:5e:
+ 3c:67:71:7f:3d:40:d7:36:e3:1c:25:da:0b:29:e9:
+ 8b:81:66:19:bc:34:38:1a:4e:cb:63:f5:30:cf:82:
+ 6c:f5:14:cc:df:bb:cc:ed:70:86:e4:ba:6e:db:85:
+ ce:60:d1:69:37:48:e8:0c:c0:76:82:0f:5f:65:09:
+ 62:0d:72:c9:5a:b3:49:2c:fd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 78:FA:1D:E8:35:33:AD:40:EB:A9:B4:3E:87:7A:B0:65:17:CF:36:35
+ X509v3 Authority Key Identifier:
+ keyid:78:FA:1D:E8:35:33:AD:40:EB:A9:B4:3E:87:7A:B0:65:17:CF:36:35
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta7/CN=localhost/emailAddress=ta7
+ serial:E2:68:F4:95:EB:49:89:87
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 07:20:33:b6:af:9e:b1:49:90:57:19:86:e9:8b:18:8a:e9:7b:
+ b1:b4:ff:29:5e:de:df:c9:f9:c8:7d:de:61:0d:36:fc:55:dc:
+ e7:51:ff:89:b5:69:07:72:60:b6:19:4e:c4:90:e6:e7:c1:0e:
+ 56:ba:d6:1c:c7:34:10:38:2d:c5:71:79:8a:de:a6:b2:d6:cf:
+ 98:dc:9a:3e:df:d3:57:67:bd:15:83:95:00:1c:2d:45:9c:73:
+ 6d:82:57:9d:ac:57:f1:d8:39:ae:92:3b:ff:36:a1:0e:08:46:
+ e6:00:a9:d6:3e:5b:fa:65:7f:8c:c6:ee:4e:84:e0:a8:81:b7:
+ 3c:a5
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIJAOJo9JXrSYmHMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQLEwN0YTcxEjAQBgNVBAMTCWxvY2FsaG9z
+dDESMBAGCSqGSIb3DQEJARYDdGE3MB4XDTExMDQxMTIyMzc1NFoXDTE0MDEwNTIy
+Mzc1NFowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNV
+BAcTCk1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhNzESMBAG
+A1UEAxMJbG9jYWxob3N0MRIwEAYJKoZIhvcNAQkBFgN0YTcwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAMjeUjZ7bktteoNzrUHNrzYCYjY+91UHESRDwutD5G8d
+POxzS4FYoip+4MTwmq4E2CpJOb+e6K3wllJePGdxfz1A1zbjHCXaCynpi4FmGbw0
+OBpOy2P1MM+CbPUUzN+7zO1whuS6btuFzmDRaTdI6AzAdoIPX2UJYg1yyVqzSSz9
+AgMBAAGjgeIwgd8wHQYDVR0OBBYEFHj6Heg1M61A66m0Pod6sGUXzzY1MIGvBgNV
+HSMEgacwgaSAFHj6Heg1M61A66m0Pod6sGUXzzY1oYGApH4wfDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCk1lbmxvIFBhcmsxDTAL
+BgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhNzESMBAGA1UEAxMJbG9jYWxob3N0MRIw
+EAYJKoZIhvcNAQkBFgN0YTeCCQDiaPSV60mJhzAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4GBAAcgM7avnrFJkFcZhumLGIrpe7G0/yle3t/J+ch93mENNvxV
+3OdR/4m1aQdyYLYZTsSQ5ufBDla61hzHNBA4LcVxeYreprLWz5jcmj7f01dnvRWD
+lQAcLUWcc22CV52sV/HYOa6SO/82oQ4IRuYAqdY+W/plf4zG7k6E4KiBtzyl
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/trust_anchors/ta8_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ b8:9a:b1:4d:fa:a9:68:23
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta8, CN=localhost/emailAddress=ta8
+ Validity
+ Not Before: Apr 11 22:37:54 2011 GMT
+ Not After : Jan 5 22:37:54 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta8, CN=localhost/emailAddress=ta8
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:da:5e:85:e0:17:14:35:c1:e8:f4:b6:97:15:d1:
+ f5:c3:36:26:57:85:5c:0c:e8:8e:d7:2b:10:66:b2:
+ 61:92:a3:df:a4:4f:61:52:41:9c:3b:2f:0e:bc:bd:
+ 92:9b:e2:4c:ec:68:34:76:2c:86:54:e5:8b:9e:ac:
+ 2f:7e:4f:07:52:ec:7f:51:31:ed:9e:94:ed:7e:15:
+ da:4f:fb:65:d0:07:85:c2:60:69:ce:ac:74:72:8a:
+ 45:31:e4:6c:3e:5e:05:bc:d3:2f:37:56:14:c2:2e:
+ 78:78:6b:93:14:e5:61:08:22:ef:4d:f9:bb:1b:1f:
+ 31:09:12:7a:ad:e5:cf:18:5b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ BB:CA:54:46:B9:0F:22:DB:69:82:15:BB:66:36:9D:50:1D:0B:1B:F5
+ X509v3 Authority Key Identifier:
+ keyid:BB:CA:54:46:B9:0F:22:DB:69:82:15:BB:66:36:9D:50:1D:0B:1B:F5
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta8/CN=localhost/emailAddress=ta8
+ serial:B8:9A:B1:4D:FA:A9:68:23
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 7a:13:83:75:43:35:e1:4d:07:93:8d:1c:fd:4d:8f:5c:24:78:
+ f5:01:35:4c:a5:ad:5f:92:f3:23:21:0c:2d:dc:64:a5:7f:c2:
+ 3c:c9:e3:b0:4e:d8:17:4e:76:4c:4d:71:fb:b9:3d:d9:51:b8:
+ fc:e0:91:a6:5c:18:c8:06:55:cc:a9:ba:9e:59:92:c4:5c:04:
+ 11:e2:d9:99:1d:cb:bd:9d:6c:c2:0e:9e:f0:4c:20:69:6b:b1:
+ 76:b6:d4:c0:e6:6c:4b:1e:18:cb:71:4a:9b:13:ca:db:c8:a4:
+ 0e:35:c0:91:70:04:9c:32:bd:15:a2:36:72:97:d0:7b:d0:6c:
+ dc:03
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIJALiasU36qWgjMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQLEwN0YTgxEjAQBgNVBAMTCWxvY2FsaG9z
+dDESMBAGCSqGSIb3DQEJARYDdGE4MB4XDTExMDQxMTIyMzc1NFoXDTE0MDEwNTIy
+Mzc1NFowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNV
+BAcTCk1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhODESMBAG
+A1UEAxMJbG9jYWxob3N0MRIwEAYJKoZIhvcNAQkBFgN0YTgwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBANpeheAXFDXB6PS2lxXR9cM2JleFXAzojtcrEGayYZKj
+36RPYVJBnDsvDry9kpviTOxoNHYshlTli56sL35PB1Lsf1Ex7Z6U7X4V2k/7ZdAH
+hcJgac6sdHKKRTHkbD5eBbzTLzdWFMIueHhrkxTlYQgi7035uxsfMQkSeq3lzxhb
+AgMBAAGjgeIwgd8wHQYDVR0OBBYEFLvKVEa5DyLbaYIVu2Y2nVAdCxv1MIGvBgNV
+HSMEgacwgaSAFLvKVEa5DyLbaYIVu2Y2nVAdCxv1oYGApH4wfDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCk1lbmxvIFBhcmsxDTAL
+BgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhODESMBAGA1UEAxMJbG9jYWxob3N0MRIw
+EAYJKoZIhvcNAQkBFgN0YTiCCQC4mrFN+qloIzAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4GBAHoTg3VDNeFNB5ONHP1Nj1wkePUBNUylrV+S8yMhDC3cZKV/
+wjzJ47BO2BdOdkxNcfu5PdlRuPzgkaZcGMgGVcypup5ZksRcBBHi2Zkdy72dbMIO
+nvBMIGlrsXa21MDmbEseGMtxSpsTytvIpA41wJFwBJwyvRWiNnKX0HvQbNwD
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/tests/ro_data/signing_certs/produced/trust_anchors/ta9_cert.pem Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a1:62:e1:e5:c0:a2:38:0d
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta9, CN=localhost/emailAddress=ta9
+ Validity
+ Not Before: Apr 11 22:37:54 2011 GMT
+ Not After : Jan 5 22:37:54 2014 GMT
+ Subject: C=US, ST=California, L=Menlo Park, O=pkg5, OU=ta9, CN=localhost/emailAddress=ta9
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e8:ab:ef:91:ca:05:4a:18:a2:98:c4:d8:93:d0:
+ ce:99:a9:5e:02:8d:5d:5c:e3:f3:84:49:6b:a7:6d:
+ ef:38:77:2e:32:c2:9c:09:1d:f6:be:6c:c6:c4:b1:
+ c8:c3:32:72:2b:84:87:f6:ba:bf:fc:cf:5c:05:c2:
+ 4f:62:23:7e:02:3f:ce:6c:c6:b6:95:86:84:d7:97:
+ 9f:1c:87:70:29:62:6a:29:7c:06:a3:b7:18:12:67:
+ 07:3a:89:aa:f0:99:fe:df:46:00:b1:2f:aa:30:1e:
+ a2:1e:f8:2b:37:99:21:b8:85:53:42:98:4a:bd:c5:
+ f9:b4:61:60:0a:73:bc:0e:d1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ A6:CF:35:00:96:15:AD:B4:24:DE:1D:5A:B9:56:A2:6E:B4:2D:46:C5
+ X509v3 Authority Key Identifier:
+ keyid:A6:CF:35:00:96:15:AD:B4:24:DE:1D:5A:B9:56:A2:6E:B4:2D:46:C5
+ DirName:/C=US/ST=California/L=Menlo Park/O=pkg5/OU=ta9/CN=localhost/emailAddress=ta9
+ serial:A1:62:E1:E5:C0:A2:38:0D
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 44:02:da:cf:c3:07:27:84:e4:06:22:ff:fc:7e:c9:47:7a:79:
+ e1:9f:6a:84:68:a8:fb:48:18:80:58:0f:b0:5e:ef:43:bf:3a:
+ 69:23:b2:18:3e:78:3a:8e:ff:c5:d8:76:4c:99:d5:9f:be:8a:
+ fd:0e:79:b9:7e:62:c4:c2:4b:6f:78:01:e7:52:19:ff:08:86:
+ a7:b2:17:0c:11:03:ef:42:1f:b5:5b:40:0a:3a:9f:2a:4f:57:
+ 31:3d:b1:dd:a8:51:e1:2f:b2:e4:5b:2e:1b:9f:a7:d6:b7:6b:
+ 76:68:f9:2e:b1:38:6f:11:21:0e:81:a2:32:01:7b:bc:c3:1f:
+ 82:4e
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIJAKFi4eXAojgNMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpNZW5sbyBQYXJr
+MQ0wCwYDVQQKEwRwa2c1MQwwCgYDVQQLEwN0YTkxEjAQBgNVBAMTCWxvY2FsaG9z
+dDESMBAGCSqGSIb3DQEJARYDdGE5MB4XDTExMDQxMTIyMzc1NFoXDTE0MDEwNTIy
+Mzc1NFowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNV
+BAcTCk1lbmxvIFBhcmsxDTALBgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhOTESMBAG
+A1UEAxMJbG9jYWxob3N0MRIwEAYJKoZIhvcNAQkBFgN0YTkwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAOir75HKBUoYopjE2JPQzpmpXgKNXVzj84RJa6dt7zh3
+LjLCnAkd9r5sxsSxyMMyciuEh/a6v/zPXAXCT2IjfgI/zmzGtpWGhNeXnxyHcCli
+ail8BqO3GBJnBzqJqvCZ/t9GALEvqjAeoh74KzeZIbiFU0KYSr3F+bRhYApzvA7R
+AgMBAAGjgeIwgd8wHQYDVR0OBBYEFKbPNQCWFa20JN4dWrlWom60LUbFMIGvBgNV
+HSMEgacwgaSAFKbPNQCWFa20JN4dWrlWom60LUbFoYGApH4wfDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAcTCk1lbmxvIFBhcmsxDTAL
+BgNVBAoTBHBrZzUxDDAKBgNVBAsTA3RhOTESMBAGA1UEAxMJbG9jYWxob3N0MRIw
+EAYJKoZIhvcNAQkBFgN0YTmCCQChYuHlwKI4DTAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4GBAEQC2s/DByeE5AYi//x+yUd6eeGfaoRoqPtIGIBYD7Be70O/
+Omkjshg+eDqO/8XYdkyZ1Z++iv0Oebl+YsTCS294AedSGf8IhqeyFwwRA+9CH7Vb
+QAo6nypPVzE9sd2oUeEvsuRbLhufp9a3a3Zo+S6xOG8RIQ6BojIBe7zDH4JO
+-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/util/apache2/sysrepo/README.txt Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,35 @@
+System Publisher Apache Configuration
+-------------------------------------
+
+This directory contains templates for the system publisher Apache configuration.
+For more information, see pkg.sysrepo(1M).
+
+The files in this directory are as follows:
+
+./reference_httpd.conf The reference Apache config file used to
+ as a source for the content in
+ sysrepo_httpd.conf.mako.
+
+./sysrepo_publisher_response.mako The template used for the "publisher/0
+ response, served by the system publisher
+ for client queries to file:// publishers
+ (not normally used by syspub clients,
+ who obtain all their publisher
+ information from the "syspub/0"
+ response. This allows the system
+ publisher to serve file:// repositories
+ to standard pkg(5) clients over http.
+
+./logs/error_log Stub file used as an Apache log
+./logs/access_log Stub file used as an Apache log
+
+./sysrepo_httpd.conf.mako The main Apache httpd.conf file template
+ which is used by pkg.sysrepo(1M) in
+ conjunction with the publisher
+ information obtained from a pkg(5) image
+ to configure Apache to act as a
+ system publisher. This file was created
+ with reference to the
+ reference_httpd.conf file in this
+ directory.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/util/apache2/sysrepo/reference_httpd.conf Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,462 @@
+#
+# This is the main Apache HTTP server configuration file. It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
+# In particular, see
+# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
+# for a discussion of each configuration directive.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path. If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "/var/apache2/2.2/logs/foo_log"
+# with ServerRoot set to "/usr/apache2/2.2" will be interpreted by the
+# server as "/usr/apache2/2.2//var/apache2/2.2/logs/foo_log".
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path. If you point
+# ServerRoot at a non-local disk, be sure to point the LockFile directive
+# at a local disk. If you wish to share the same ServerRoot for multiple
+# httpd daemons, you will need to change at least LockFile and PidFile.
+#
+ServerRoot "/usr/apache2/2.2"
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses.
+#
+#Listen 12.34.56.78:80
+Listen 80
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines within the appropriate
+# (32-bit or 64-bit module) /etc/apache2/2.2/conf.d/modules-*.load file so that
+# the directives contained in it are actually available _before_ they are used.
+#
+<IfDefine 64bit>
+Include /etc/apache2/2.2/conf.d/modules-64.load
+</IfDefine>
+<IfDefine !64bit>
+Include /etc/apache2/2.2/conf.d/modules-32.load
+</IfDefine>
+
+LoadModule authn_file_module libexec/64/mod_authn_file.so
+LoadModule authn_dbm_module libexec/64/mod_authn_dbm.so
+LoadModule authn_anon_module libexec/64/mod_authn_anon.so
+LoadModule authn_dbd_module libexec/64/mod_authn_dbd.so
+LoadModule authn_default_module libexec/64/mod_authn_default.so
+LoadModule authz_host_module libexec/64/mod_authz_host.so
+LoadModule authz_groupfile_module libexec/64/mod_authz_groupfile.so
+LoadModule authz_user_module libexec/64/mod_authz_user.so
+LoadModule authz_dbm_module libexec/64/mod_authz_dbm.so
+LoadModule authz_owner_module libexec/64/mod_authz_owner.so
+LoadModule authnz_ldap_module libexec/64/mod_authnz_ldap.so
+LoadModule authz_default_module libexec/64/mod_authz_default.so
+LoadModule auth_basic_module libexec/64/mod_auth_basic.so
+LoadModule auth_digest_module libexec/64/mod_auth_digest.so
+LoadModule file_cache_module libexec/64/mod_file_cache.so
+LoadModule cache_module libexec/64/mod_cache.so
+LoadModule disk_cache_module libexec/64/mod_disk_cache.so
+LoadModule mem_cache_module libexec/64/mod_mem_cache.so
+LoadModule dbd_module libexec/64/mod_dbd.so
+LoadModule dumpio_module libexec/64/mod_dumpio.so
+LoadModule reqtimeout_module libexec/64/mod_reqtimeout.so
+LoadModule ext_filter_module libexec/64/mod_ext_filter.so
+LoadModule include_module libexec/64/mod_include.so
+LoadModule filter_module libexec/64/mod_filter.so
+LoadModule substitute_module libexec/64/mod_substitute.so
+LoadModule deflate_module libexec/64/mod_deflate.so
+LoadModule ldap_module libexec/64/mod_ldap.so
+LoadModule log_config_module libexec/64/mod_log_config.so
+LoadModule log_forensic_module libexec/64/mod_log_forensic.so
+LoadModule logio_module libexec/64/mod_logio.so
+LoadModule env_module libexec/64/mod_env.so
+LoadModule mime_magic_module libexec/64/mod_mime_magic.so
+LoadModule cern_meta_module libexec/64/mod_cern_meta.so
+LoadModule expires_module libexec/64/mod_expires.so
+LoadModule headers_module libexec/64/mod_headers.so
+LoadModule ident_module libexec/64/mod_ident.so
+LoadModule usertrack_module libexec/64/mod_usertrack.so
+LoadModule unique_id_module libexec/64/mod_unique_id.so
+LoadModule setenvif_module libexec/64/mod_setenvif.so
+LoadModule version_module libexec/64/mod_version.so
+LoadModule proxy_module libexec/64/mod_proxy.so
+LoadModule proxy_connect_module libexec/64/mod_proxy_connect.so
+LoadModule proxy_ftp_module libexec/64/mod_proxy_ftp.so
+LoadModule proxy_http_module libexec/64/mod_proxy_http.so
+LoadModule proxy_scgi_module libexec/64/mod_proxy_scgi.so
+LoadModule proxy_ajp_module libexec/64/mod_proxy_ajp.so
+LoadModule proxy_balancer_module libexec/64/mod_proxy_balancer.so
+LoadModule ssl_module libexec/64/mod_ssl.so
+LoadModule mime_module libexec/64/mod_mime.so
+LoadModule dav_module libexec/64/mod_dav.so
+LoadModule status_module libexec/64/mod_status.so
+LoadModule autoindex_module libexec/64/mod_autoindex.so
+LoadModule asis_module libexec/64/mod_asis.so
+LoadModule info_module libexec/64/mod_info.so
+LoadModule suexec_module libexec/64/mod_suexec.so
+LoadModule cgi_module libexec/64/mod_cgi.so
+LoadModule cgid_module libexec/64/mod_cgid.so
+LoadModule dav_fs_module libexec/64/mod_dav_fs.so
+LoadModule vhost_alias_module libexec/64/mod_vhost_alias.so
+LoadModule negotiation_module libexec/64/mod_negotiation.so
+LoadModule dir_module libexec/64/mod_dir.so
+LoadModule imagemap_module libexec/64/mod_imagemap.so
+LoadModule actions_module libexec/64/mod_actions.so
+LoadModule speling_module libexec/64/mod_speling.so
+LoadModule userdir_module libexec/64/mod_userdir.so
+LoadModule alias_module libexec/64/mod_alias.so
+LoadModule rewrite_module libexec/64/mod_rewrite.so
+
+<IfModule !mpm_netware_module>
+<IfModule !mpm_winnt_module>
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User daemon
+Group daemon
+
+</IfModule>
+</IfModule>
+
+# 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition. These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed. This address appears on some server-generated pages, such
+# as error documents. e.g. [email protected]
+#
+ServerAdmin [email protected]
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+#ServerName www.example.com:80
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/var/apache2/2.2/htdocs"
+
+#
+# Each directory to which Apache has access can be configured with respect
+# to which services and features are allowed and/or disabled in that
+# directory (and its subdirectories).
+#
+# First, we configure the "default" to be a very restrictive set of
+# features.
+#
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ Order deny,allow
+ Deny from all
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# This should be changed to whatever you set DocumentRoot to.
+#
+<Directory "/var/apache2/2.2/htdocs">
+ #
+ # Possible values for the Options directive are "None", "All",
+ # or any combination of:
+ # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+ #
+ # Note that "MultiViews" must be named *explicitly* --- "Options All"
+ # doesn't give it to you.
+ #
+ # The Options directive is both complicated and important. Please see
+ # http://httpd.apache.org/docs/2.2/mod/core.html#options
+ # for more information.
+ #
+ Options Indexes FollowSymLinks
+
+ #
+ # AllowOverride controls what directives may be placed in .htaccess files.
+ # It can be "All", "None", or any combination of the keywords:
+ # Options FileInfo AuthConfig Limit
+ #
+ AllowOverride None
+
+ #
+ # Controls who can get stuff from this server.
+ #
+ Order allow,deny
+ Allow from all
+
+</Directory>
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+<IfModule dir_module>
+ DirectoryIndex index.html
+</IfModule>
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+ Order allow,deny
+ Deny from all
+ Satisfy All
+</FilesMatch>
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog "/var/apache2/2.2/logs/error_log"
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+
+<IfModule log_config_module>
+ #
+ # The following directives define some format nicknames for use with
+ # a CustomLog directive (see below).
+ #
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+ <IfModule logio_module>
+ # You need to enable mod_logio.c to use %I and %O
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+ </IfModule>
+
+ #
+ # The location and format of the access logfile (Common Logfile Format).
+ # If you do not define any access logfiles within a <VirtualHost>
+ # container, they will be logged here. Contrariwise, if you *do*
+ # define per-<VirtualHost> access logfiles, transactions will be
+ # logged therein and *not* in this file.
+ #
+ CustomLog "/var/apache2/2.2/logs/access_log" common
+
+ #
+ # If you prefer a logfile with access, agent, and referer information
+ # (Combined Logfile Format) you can use the following directive.
+ #
+ #CustomLog "/var/apache2/2.2/logs/access_log" combined
+</IfModule>
+
+<IfModule alias_module>
+ #
+ # Redirect: Allows you to tell clients about documents that used to
+ # exist in your server's namespace, but do not anymore. The client
+ # will make a new request for the document at its new location.
+ # Example:
+ # Redirect permanent /foo http://www.example.com/bar
+
+ #
+ # Alias: Maps web paths into filesystem paths and is used to
+ # access content that does not live under the DocumentRoot.
+ # Example:
+ # Alias /webpath /full/filesystem/path
+ #
+ # If you include a trailing / on /webpath then the server will
+ # require it to be present in the URL. You will also likely
+ # need to provide a <Directory> section to allow access to
+ # the filesystem path.
+
+ #
+ # ScriptAlias: This controls which directories contain server scripts.
+ # ScriptAliases are essentially the same as Aliases, except that
+ # documents in the target directory are treated as applications and
+ # run by the server when requested rather than as documents sent to the
+ # client. The same rules about trailing "/" apply to ScriptAlias
+ # directives as to Alias.
+ #
+ ScriptAlias /cgi-bin/ "/var/apache2/2.2/cgi-bin/"
+
+</IfModule>
+
+<IfModule cgid_module>
+ #
+ # ScriptSock: On threaded servers, designate the path to the UNIX
+ # socket used to communicate with the CGI daemon of mod_cgid.
+ #
+ #Scriptsock /var/run/apache2/2.2/cgisock
+</IfModule>
+
+#
+# "/var/apache2/2.2/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+<Directory "/var/apache2/2.2/cgi-bin">
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+</Directory>
+
+#
+# DefaultType: the default MIME type the server will use for a document
+# if it cannot otherwise determine one, such as from filename extensions.
+# If your server contains mostly text or HTML documents, "text/plain" is
+# a good value. If most of your content is binary, such as applications
+# or images, you may want to use "application/octet-stream" instead to
+# keep browsers from trying to display binary files as though they are
+# text.
+#
+DefaultType text/plain
+
+<IfModule mime_module>
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/apache2/2.2/mime.types
+
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file specified in TypesConfig for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
+
+ # For type maps (negotiated resources):
+ #AddHandler type-map var
+
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ #AddType text/html .shtml
+ #AddOutputFilter INCLUDES .shtml
+
+ # Add a new mime.type for .p5i file extension so that clicking on
+ # this file type on a web page launches PackageManager in a Webinstall mode.
+ AddType application/vnd.pkg5.info .p5i
+</IfModule>
+
+#
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type. The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+#
+#MIMEMagicFile /etc/apache2/2.2/magic
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# EnableMMAP and EnableSendfile: On systems that support it,
+# memory-mapping or the sendfile syscall is used to deliver
+# files. This usually improves server performance, but must
+# be turned off when serving from networked-mounted
+# filesystems or if support for these functions is otherwise
+# broken on your system.
+#
+#EnableMMAP off
+#EnableSendfile off
+
+# Supplemental configuration
+#
+# Include all the .conf configuration files in the
+# /etc/apache2/2.2/conf.d/ directory.
+#
+# You can place additional configuration files in the
+# /etc/apache2/2.2/conf.d/ directory to add extra features
+# or to modify the default configuration of the server,
+# or you may simply copy their contents here and change as
+# necessary.
+#
+# Sample configuration files are in the
+# /etc/apache2/2.2/samples-conf.d directory. To use a
+# sample .conf file, copy it to /etc/apache2/2.2/conf.d
+# directory and modify as required.
+#
+Include /etc/apache2/2.2/conf.d/*.conf
+
+#
+# Note: The following must must be present to support
+# starting without SSL on platforms with no /dev/random equivalent
+# but a statically compiled-in mod_ssl.
+#
+<IfModule ssl_module>
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+</IfModule>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/util/apache2/sysrepo/sysrepo_httpd.conf.mako Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,474 @@
+<%doc>
+#
+# This file is the template for the IPS system publisher Apache configuration
+# file.
+#
+</%doc>
+<% context.write("""
+#
+# This is an automatically generated file for the IPS system publisher, and
+# should not be modified directly. Changes made to this file will be
+# overwritten the next time svc:/system/pkg/sysrepo:default is refreshed or
+# restarted.
+#
+""")
+%>
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path. If you point
+# ServerRoot at a non-local disk, be sure to point the LockFile directive
+# at a local disk. If you wish to share the same ServerRoot for multiple
+# httpd daemons, you will need to change at least LockFile and PidFile.
+#
+ServerRoot "/usr/apache2/2.2"
+PidFile "${sysrepo_runtime_dir}/../sysrepo_httpd.pid"
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses.
+#
+#Listen 12.34.56.78:80
+Listen ${host}:${port}
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to include a `LoadModule' line so that the directives contained in it
+# are actually available _before_ they are used.
+#
+
+LoadModule authn_file_module libexec/64/mod_authn_file.so
+LoadModule authn_dbm_module libexec/64/mod_authn_dbm.so
+LoadModule authn_anon_module libexec/64/mod_authn_anon.so
+LoadModule authn_dbd_module libexec/64/mod_authn_dbd.so
+LoadModule authn_default_module libexec/64/mod_authn_default.so
+LoadModule authz_host_module libexec/64/mod_authz_host.so
+LoadModule authz_groupfile_module libexec/64/mod_authz_groupfile.so
+LoadModule authz_user_module libexec/64/mod_authz_user.so
+LoadModule authz_dbm_module libexec/64/mod_authz_dbm.so
+LoadModule authz_owner_module libexec/64/mod_authz_owner.so
+LoadModule authnz_ldap_module libexec/64/mod_authnz_ldap.so
+LoadModule authz_default_module libexec/64/mod_authz_default.so
+LoadModule auth_basic_module libexec/64/mod_auth_basic.so
+LoadModule auth_digest_module libexec/64/mod_auth_digest.so
+LoadModule file_cache_module libexec/64/mod_file_cache.so
+LoadModule cache_module libexec/64/mod_cache.so
+LoadModule disk_cache_module libexec/64/mod_disk_cache.so
+LoadModule mem_cache_module libexec/64/mod_mem_cache.so
+LoadModule dbd_module libexec/64/mod_dbd.so
+LoadModule dumpio_module libexec/64/mod_dumpio.so
+LoadModule reqtimeout_module libexec/64/mod_reqtimeout.so
+LoadModule ext_filter_module libexec/64/mod_ext_filter.so
+LoadModule include_module libexec/64/mod_include.so
+LoadModule filter_module libexec/64/mod_filter.so
+LoadModule substitute_module libexec/64/mod_substitute.so
+LoadModule deflate_module libexec/64/mod_deflate.so
+LoadModule ldap_module libexec/64/mod_ldap.so
+LoadModule log_config_module libexec/64/mod_log_config.so
+LoadModule log_forensic_module libexec/64/mod_log_forensic.so
+LoadModule logio_module libexec/64/mod_logio.so
+LoadModule env_module libexec/64/mod_env.so
+LoadModule mime_magic_module libexec/64/mod_mime_magic.so
+LoadModule cern_meta_module libexec/64/mod_cern_meta.so
+LoadModule expires_module libexec/64/mod_expires.so
+LoadModule headers_module libexec/64/mod_headers.so
+LoadModule ident_module libexec/64/mod_ident.so
+LoadModule usertrack_module libexec/64/mod_usertrack.so
+LoadModule unique_id_module libexec/64/mod_unique_id.so
+LoadModule setenvif_module libexec/64/mod_setenvif.so
+LoadModule version_module libexec/64/mod_version.so
+LoadModule proxy_module libexec/64/mod_proxy.so
+LoadModule proxy_connect_module libexec/64/mod_proxy_connect.so
+LoadModule proxy_ftp_module libexec/64/mod_proxy_ftp.so
+LoadModule proxy_http_module libexec/64/mod_proxy_http.so
+LoadModule proxy_scgi_module libexec/64/mod_proxy_scgi.so
+LoadModule proxy_ajp_module libexec/64/mod_proxy_ajp.so
+LoadModule proxy_balancer_module libexec/64/mod_proxy_balancer.so
+LoadModule ssl_module libexec/64/mod_ssl.so
+LoadModule mime_module libexec/64/mod_mime.so
+LoadModule dav_module libexec/64/mod_dav.so
+LoadModule status_module libexec/64/mod_status.so
+LoadModule autoindex_module libexec/64/mod_autoindex.so
+LoadModule asis_module libexec/64/mod_asis.so
+LoadModule info_module libexec/64/mod_info.so
+LoadModule suexec_module libexec/64/mod_suexec.so
+<IfModule prefork.c>
+LoadModule cgi_module libexec/64/mod_cgi.so
+</IfModule>
+<IfModule worker.c>
+LoadModule cgid_module libexec/64/mod_cgid.so
+</IfModule>
+LoadModule dav_fs_module libexec/64/mod_dav_fs.so
+LoadModule vhost_alias_module libexec/64/mod_vhost_alias.so
+LoadModule negotiation_module libexec/64/mod_negotiation.so
+LoadModule dir_module libexec/64/mod_dir.so
+LoadModule imagemap_module libexec/64/mod_imagemap.so
+LoadModule actions_module libexec/64/mod_actions.so
+LoadModule speling_module libexec/64/mod_speling.so
+LoadModule userdir_module libexec/64/mod_userdir.so
+LoadModule alias_module libexec/64/mod_alias.so
+LoadModule rewrite_module libexec/64/mod_rewrite.so
+
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User pkg5srv
+Group pkg5srv
+
+# 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition. These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed. This address appears on some server-generated pages, such
+# as error documents. e.g. [email protected]
+#
+ServerAdmin [email protected]
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+ServerName ${host}
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "${sysrepo_runtime_dir}/htdocs"
+
+#
+# Each directory to which Apache has access can be configured with respect
+# to which services and features are allowed and/or disabled in that
+# directory (and its subdirectories).
+#
+# First, we configure the "default" to be a very restrictive set of
+# features.
+#
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ Order deny,allow
+ Deny from all
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# This should be changed to whatever you set DocumentRoot to.
+#
+<Directory "${sysrepo_runtime_dir}/htdocs">
+ #
+ # Possible values for the Options directive are "None", "All",
+ # or any combination of:
+ # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+ #
+ # Note that "MultiViews" must be named *explicitly* --- "Options All"
+ # doesn't give it to you.
+ #
+ # The Options directive is both complicated and important. Please see
+ # http://httpd.apache.org/docs/2.2/mod/core.html#options
+ # for more information.
+ #
+ Options FollowSymLinks
+
+ #
+ # AllowOverride controls what directives may be placed in .htaccess files.
+ # It can be "All", "None", or any combination of the keywords:
+ # Options FileInfo AuthConfig Limit
+ #
+ AllowOverride None
+
+ #
+ # Controls who can get stuff from this server.
+ #
+ Order allow,deny
+ Allow from 127.0.0.1
+
+</Directory>
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+<IfModule dir_module>
+ DirectoryIndex index.html
+</IfModule>
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+ Order allow,deny
+ Deny from all
+ Satisfy All
+</FilesMatch>
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog "${sysrepo_log_dir}/error_log"
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+
+<IfModule log_config_module>
+ #
+ # The following directives define some format nicknames for use with
+ # a CustomLog directive (see below).
+ #
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+ <IfModule logio_module>
+ # You need to enable mod_logio.c to use %I and %O
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+ </IfModule>
+
+ #
+ # The location and format of the access logfile (Common Logfile Format).
+ # If you do not define any access logfiles within a <VirtualHost>
+ # container, they will be logged here. Contrariwise, if you *do*
+ # define per-<VirtualHost> access logfiles, transactions will be
+ # logged therein and *not* in this file.
+ #
+ CustomLog "${sysrepo_log_dir}/access_log" common
+
+ #
+ # If you prefer a logfile with access, agent, and referer information
+ # (Combined Logfile Format) you can use the following directive.
+ #
+ #CustomLog "/var/apache2/2.2/logs/access_log" combined
+</IfModule>
+
+#
+# DefaultType: the default MIME type the server will use for a document
+# if it cannot otherwise determine one, such as from filename extensions.
+# If your server contains mostly text or HTML documents, "text/plain" is
+# a good value. If most of your content is binary, such as applications
+# or images, you may want to use "application/octet-stream" instead to
+# keep browsers from trying to display binary files as though they are
+# text.
+#
+DefaultType text/plain
+
+#
+# Note: The following must must be present to support
+# starting without SSL on platforms with no /dev/random equivalent
+# but a statically compiled-in mod_ssl.
+#
+<IfModule ssl_module>
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+</IfModule>
+
+LogLevel Info
+RewriteEngine on
+
+<%doc> #
+ # We only perform caching if cache_dir is set. It need to be set to
+ # an absolute path to a directory writable by the apache process.
+ # Alternatively, if set to 'memory', we enable mod_mem_cache.
+ #
+</%doc>
+% if cache_dir != None:
+<IfModule mod_cache.c>
+% if cache_dir.startswith("/"):
+<IfModule mod_disk_cache.c>
+CacheRoot ${cache_dir}
+CacheEnable disk /
+CacheDirLevels 5
+CacheDirLength 3
+# A 44mb seems like a reasonable size for the largest
+# file we will choose to cache.
+CacheMaxFileSize 45690876
+</IfModule>
+% elif cache_dir == "memory":
+CacheEnable mem /
+MCacheSize ${cache_size}
+# cache a suitably large number of files
+MCacheMaxObjectCount 200000
+MCacheMinObjectSize 1
+MCacheMaxObjectSize 45690876
+% endif
+</IfModule>
+% endif
+
+RewriteLog "${sysrepo_log_dir}/rewrite.log"
+RewriteLogLevel 0
+
+# We need to allow these as they're encoded in the package/manifest names
+# when looking up file:// repositories
+AllowEncodedSlashes On
+
+ProxyRequests On
+
+SSLProxyEngine on
+SSLProxyMachineCertificateFile ${sysrepo_runtime_dir}/crypto.txt
+SSLProxyProtocol all
+
+<Proxy *>
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1
+</Proxy>
+
+<%doc>
+# All of our rules specify the NE flag, 'noescape', that is
+# we don't want any rewritten URLs being decoded en-route through
+# the set of RewriteRule directives.
+#
+# We must be careful to iterate over the URIs in reverse order, since we're
+# applying regular expressions that would otherwise match any URIs that happen
+# to be substrings of another URI.
+#
+</%doc>
+
+% for uri in reversed(sorted(uri_pub_map.keys())):
+ % for pub, cert_path, key_path, hash in uri_pub_map[uri]:
+<%doc>
+ # for any https publishers, we want to allow proxy clients
+ # access the repos using the key/cert from the sysrepo
+ </%doc>
+ % if uri.startswith("https:"):
+<%
+ no_https = uri.replace("https:", "http:")
+ context.write("RewriteRule ^proxy:%(no_https)s/(.*)$ "
+ "%(uri)s/$1 [P,NE]" % locals())
+%>
+ % elif uri.startswith("file:"):
+<%doc>
+ # Point to our local versions/0 response or
+ # publisher-specific publisher/0, response, then stop.
+ </%doc>
+<%
+ context.write("RewriteRule ^/%(pub)s/%(hash)s/versions/0 "
+ "/versions/0/index.html [L,NE]\n" % locals())
+ context.write("RewriteRule ^/%(pub)s/%(hash)s/publisher/0 "
+ "/%(pub)s/%(hash)s/publisher/0/index.html [L,NE]" % locals())
+%><%doc>
+
+ # Modify the catalog and manifest URLs, then
+ # 'passthrough' (PT), letting the Alias below rewrite
+ # the URL instead.
+ </%doc>
+<% context.write(
+ "RewriteRule ^/%(pub)s/%(hash)s/catalog/1/(.*)$ "
+ "/%(pub)s/%(hash)s/publisher/%(pub)s/catalog/$1 [NE,PT]" %
+ locals())
+%><%doc>
+ # file responses are a little tricky - we need to index
+ # the first two characters of the filename and use that
+ # as an index into the directory of filenames.
+ #
+ # eg. the request
+ # http://localhost:15000/pkg5-nightly/abcdef/file/1/87ad645695abb22b2959f73d22022c5cffeccb13
+ # gets rewritten as:
+ # http://localhost:15000/pkg5-nightly/abcdef/publisher/pkg5-nightly/file/87/87ad645695abb22b2959f73d22022c5cffeccb13
+ </%doc>
+<% context.write("RewriteRule ^/%(pub)s/%(hash)s/file/1/(..)(.*)$ "
+ "/%(pub)s/%(hash)s/publisher/%(pub)s/file/$1/$1$2 [NE,PT]\n"
+ % locals())
+%><%doc>
+ # We need to use %THE_REQUEST here to get the undecoded
+ # URI from mod_rewrite. Hang on to your lunch.
+ # We chain the rule that produces THE_REQUEST to the
+ # following rule which picks apart the original http
+ # request to separate the package name from the package
+ # version.
+ #
+ # That is, mod_rewrite sees the pkg client asking for
+ # the initial decoded URI:
+ # '/pkg5-nightly/abcdef/manifest/0/package/[email protected],5.11-0.159:20110308T011843Z'
+ #
+ # which comes from the HTTP request:
+ # 'GET /pkg5-nightly/abcdef/manifest/0/package%[email protected]%2C5.11-0.159%3A20110308T011843Z HTTP/1.1'
+ #
+ # which we eventually rewrite as:
+ # -> '/pkg5-nightly/abcdef/publisher/pkg5-nightly/pkg/package%2Fsysrepo/0.5.11%2C5.11-0.159%3A20110308T011843Z'
+</%doc><%
+ context.write("RewriteRule ^/%(pub)s/%(hash)s/manifest/0/.*$ "
+ "%%{THE_REQUEST} [NE,C]\n" % locals())
+
+ context.write("RewriteRule ^GET\ "
+ "/%(pub)s/%(hash)s/manifest/0/([^@]+)@([^\ ]+)(\ HTTP/1.1)$ "
+ "/%(pub)s/%(hash)s/publisher/%(pub)s/pkg/$1/$2 [NE,PT,C]\n"
+ % locals())
+ context.write("RewriteRule ^/%(pub)s/%(hash)s/(.*)$ - [NE,L]"
+ % locals())
+%>
+ % else:
+<% context.write("RewriteRule ^proxy:%(uri)s/(.*)$ "
+ "%(uri)s/$1 [NE,P]" % locals())
+%>
+ % endif
+ % endfor uri
+% endfor pub
+
+# any non-file-based repositories get our local versions and syspub responses
+RewriteRule ^.*/versions/0/?$ - [L]
+RewriteRule ^.*/syspub/0/?$ - [L]
+# catch all, denying everything
+RewriteRule ^.*$ - [R=404]
+
+
+#
+# The following Aliases allow file-based repositories to function
+# correctly, in conjunction with the rewrites above
+#
+% for uri in reversed(sorted(uri_pub_map.keys())):
+ % for pub, cert_path, key_path, hash in uri_pub_map[uri]:
+ <%doc>
+ # we create an alias for the file repository under ${pub}
+ </%doc>
+ % if uri.startswith("file://"):
+ <% repo_path = uri.replace("file://", "") %>
+# a file repo alias to serve ${uri} content.
+<Directory "${repo_path}">
+ AllowOverride None
+ Order allow,deny
+ Allow from 127.0.0.1
+</Directory>
+Alias /${pub}/${hash} ${repo_path}
+ % endif
+ % endfor uri
+% endfor pub
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/util/apache2/sysrepo/sysrepo_publisher_response.mako Wed Apr 27 20:30:32 2011 -0700
@@ -0,0 +1,56 @@
+<%doc>
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+
+#
+# This file is a template for the IPS system publisher Apache configuration
+# file. It is used to serve the "publisher" response from proxied file://
+# repositories to pkg(5) clients that aren't using the "syspub" response
+# to obtain their publisher information.
+#
+</%doc>
+{
+ "packages": [],
+ "publishers": [
+ {
+ "alias": null,
+ "intermediate_certs": [],
+ "name": "${pub}",
+ "packages": [],
+ "repositories": [
+ {
+ "collection_type": "core",
+ "description": "This is an automatic response. This publisher is generated automatically by the IPS system repository, and serves content from a file-based repository.",
+ "legal_uris": [],
+ "mirrors": [],
+ "name": "IPS System Repository: ${pub}",
+ "origins": [],
+ "refresh_seconds": null,
+ "registration_uri": "",
+ "related_uris": []
+ }
+ ],
+ "signing_ca_certs": []
+ }
+ ],
+ "version": 1
+}
--- a/src/util/distro-import/importer.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/util/distro-import/importer.py Wed Apr 27 20:30:32 2011 -0700
@@ -56,7 +56,7 @@
from pkg.misc import emsg
from pkg.portable import PD_LOCAL_PATH, PD_PROTO_DIR, PD_PROTO_DIR_LIST
-CLIENT_API_VERSION = 56
+CLIENT_API_VERSION = 57
PKG_CLIENT_NAME = "importer.py"
pkg.client.global_settings.client_name = PKG_CLIENT_NAME
--- a/src/util/misc/auth_attr.d/SUNWipkg Wed Apr 27 16:39:43 2011 -0700
+++ b/src/util/misc/auth_attr.d/SUNWipkg Wed Apr 27 20:30:32 2011 -0700
@@ -1,1 +1,3 @@
solaris.smf.read.pkg-server:::Read permissions for protected pkg(5) Server Service Properties::
+solaris.smf.value.pkg-sysrepo:::Change pkg(5) System Repository Service values::
+solaris.smf.manage.pkg-sysrepo:::Manage pkg(5) System Repository Service states::
--- a/src/util/publish/merge.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/util/publish/merge.py Wed Apr 27 20:30:32 2011 -0700
@@ -117,7 +117,7 @@
pub.transport = xport
# Pull catalog only from this host
- pub.selected_repository.origins = [repouri]
+ pub.repository.origins = [repouri]
pub.refresh(True, True)
cat = pub.catalog
--- a/src/util/publish/pkgmerge.py Wed Apr 27 16:39:43 2011 -0700
+++ b/src/util/publish/pkgmerge.py Wed Apr 27 20:30:32 2011 -0700
@@ -148,7 +148,7 @@
def load_catalog(repouri, pub):
"""Load catalog from specified uri"""
# Pull catalog only from this host
- pub.selected_repository.origins = [repouri]
+ pub.repository.origins = [repouri]
pub.refresh(full_refresh=True, immediate=True)
catalog_dict[repouri.uri] = dict(
@@ -162,8 +162,8 @@
# Discard catalog.
pub.remove_meta_root()
# XXX At the moment, the only way to force the publisher object to
- # discard its copy of a catalog is to set selected_repository.
- pub.selected_repository = pub.selected_repository
+ # discard its copy of a catalog is to set repository.
+ pub.repository = pub.repository
def get_all_pkg_names(repouri):
return catalog_dict[repouri.uri].keys()
@@ -401,7 +401,7 @@
pkgdir = tempfile.mkdtemp(dir=tmpdir)
# Retrieve package data from each package source.
for i, uri in enumerate(source_list):
- pub.selected_repository.origins = [uri]
+ pub.repository.origins = [uri]
mfile = xport.multi_file_ni(pub, pkgdir,
decompress=True, progtrack=tracker)
for a in retrievals[i]:
--- a/src/web/en/index.shtml Wed Apr 27 16:39:43 2011 -0700
+++ b/src/web/en/index.shtml Wed Apr 27 20:30:32 2011 -0700
@@ -19,7 +19,7 @@
##
## CDDL HEADER END
##
-## Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+## Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
##
<%inherit file="layout.shtml"/>\
<%page args="g_vars"/>\
@@ -33,7 +33,7 @@
pub = req.publisher
rname = ""
if pub:
- repo = pub.selected_repository
+ repo = pub.repository
if repo and repo.name:
rname = repo.name
else:
@@ -54,7 +54,7 @@
pub = req.publisher
repo_desc = ""
if pub:
- repo = pub.selected_repository
+ repo = pub.repository
if repo and repo.description:
repo_desc = repo.description
%>