diff --git a/itext.tests/itext.sign.tests/itext/signatures/PdfPKCS7Test.cs b/itext.tests/itext.sign.tests/itext/signatures/PdfPKCS7Test.cs
index 904941e3f0..9369ce1a08 100644
--- a/itext.tests/itext.sign.tests/itext/signatures/PdfPKCS7Test.cs
+++ b/itext.tests/itext.sign.tests/itext/signatures/PdfPKCS7Test.cs
@@ -270,6 +270,21 @@ public virtual void GetEncodedPkcs7Test() {
NUnit.Framework.Assert.AreEqual(outStream, cmpStream);
}
+ [NUnit.Framework.Test]
+ public virtual void GetEncodedPkcs7WithRevocationInfoTest() {
+ String hashAlgorithm = DigestAlgorithms.SHA256;
+ PdfPKCS7 pkcs7 = new PdfPKCS7(pk, chain, hashAlgorithm, true);
+ pkcs7.GetSignedDataCRLs().Add(SignTestPortUtil.ParseCrlFromStream(new FileStream(SOURCE_FOLDER + "firstCrl.bin"
+ , FileMode.Open, FileAccess.Read)));
+ pkcs7.GetSignedDataOcsps().Add(BOUNCY_CASTLE_FACTORY.CreateBasicOCSPResponse(BOUNCY_CASTLE_FACTORY.CreateASN1InputStream
+ (File.ReadAllBytes(System.IO.Path.Combine(SOURCE_FOLDER, "simpleOCSPResponse.bin"))).ReadObject()));
+ byte[] bytes = pkcs7.GetEncodedPKCS7();
+ byte[] cmpBytes = File.ReadAllBytes(System.IO.Path.Combine(SOURCE_FOLDER + "cmpBytesPkcs7WithRevInfo.txt")
+ );
+ NUnit.Framework.Assert.AreEqual("SHA256withRSA", pkcs7.GetSignatureMechanismName());
+ NUnit.Framework.Assert.AreEqual(SerializedAsString(bytes), SerializedAsString(cmpBytes));
+ }
+
[NUnit.Framework.Test]
public virtual void VerifyEd448SignatureTest() {
// SHAKE256 is not available in BCFIPS
@@ -296,5 +311,11 @@ public virtual void VerifyBrainpoolSha2SignatureTest() {
private static PdfPKCS7 CreateSimplePdfPKCS7() {
return new PdfPKCS7(null, chain, DigestAlgorithms.SHA256, false);
}
+
+ private String SerializedAsString(byte[] serialized) {
+ IAsn1InputStream @is = BOUNCY_CASTLE_FACTORY.CreateASN1InputStream(serialized);
+ IAsn1Object obj1 = @is.ReadObject();
+ return BOUNCY_CASTLE_FACTORY.CreateASN1Dump().DumpAsString(obj1, true).Replace("\r\n", "\n");
+ }
}
}
diff --git a/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs b/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs
index b5d0dfdd9d..4ef946f7f7 100644
--- a/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs
+++ b/itext.tests/itext.sign.tests/itext/signatures/cms/CMSContainerTest.cs
@@ -22,6 +22,7 @@ You should have received a copy of the GNU Affero General Public License
*/
using System;
using System.Collections.Generic;
+using System.IO;
using System.Linq;
using iText.Bouncycastleconnector;
using iText.Commons.Bouncycastle;
@@ -30,25 +31,28 @@ You should have received a copy of the GNU Affero General Public License
using iText.Commons.Bouncycastle.Crypto;
using iText.Commons.Utils;
using iText.Kernel.Exceptions;
+using iText.Kernel.Pdf;
using iText.Signatures;
using iText.Signatures.Exceptions;
+using iText.Signatures.Logs;
using iText.Signatures.Testutils;
using iText.Signatures.Testutils.Builder;
using iText.Test;
+using iText.Test.Attributes;
namespace iText.Signatures.Cms {
[NUnit.Framework.Category("BouncyCastleUnitTest")]
public class CMSContainerTest : ExtendedITextTest {
private static readonly IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.GetFactory();
+ private static readonly String SOURCE_FOLDER = iText.Test.TestUtil.GetParentProjectDirectory(NUnit.Framework.TestContext
+ .CurrentContext.TestDirectory) + "/resources/itext/signatures/cms/CMSContainerTest/";
+
private static readonly String CERTS_SRC = iText.Test.TestUtil.GetParentProjectDirectory(NUnit.Framework.TestContext
.CurrentContext.TestDirectory) + "/resources/itext/signatures/certs/";
private static readonly char[] PASSWORD = "testpassphrase".ToCharArray();
- private static readonly byte[] EXPECTEDRESULT_1 = Convert.FromBase64String(CMSTestHelper.EXPECTED_RESULT_CMS_CONTAINER_TEST
- );
-
private IX509Certificate[] chain;
private IX509Certificate signCert;
@@ -87,7 +91,29 @@ public virtual void TestSerialize() {
si.SetSignature(new byte[256]);
sut.SetSignerInfo(si);
byte[] serRes = sut.Serialize();
- NUnit.Framework.Assert.AreEqual(SerializedAsString(EXPECTEDRESULT_1), SerializedAsString(serRes));
+ NUnit.Framework.Assert.AreEqual(SerializedAsString(Convert.FromBase64String(CMSTestHelper.EXPECTED_RESULT_CMS_CONTAINER_TEST
+ )), SerializedAsString(serRes));
+ }
+
+ [NUnit.Framework.Test]
+ public virtual void TestSerializationWithRevocationData() {
+ CMSContainer sut = new CMSContainer();
+ sut.AddCertificates((IX509Certificate[])chain);
+ sut.AddCrl(SignTestPortUtil.ParseCrlFromStream(new MemoryStream(testCrlResponse)));
+ sut.AddOcsp(FACTORY.CreateBasicOCSPResponse(FACTORY.CreateASN1InputStream(File.ReadAllBytes(System.IO.Path.Combine
+ (SOURCE_FOLDER, "simpleOCSPResponse.bin"))).ReadObject()));
+ SignerInfo si = new SignerInfo();
+ si.SetSigningCertificate(signCert);
+ si.SetMessageDigest(new byte[256]);
+ si.SetDigestAlgorithm(new AlgorithmIdentifier(SecurityIDs.ID_SHA512));
+ si.SetSigningCertificateAndAddToSignedAttributes(signCert, SecurityIDs.ID_SHA512);
+ si.SetSignatureAlgorithm(new AlgorithmIdentifier(SignatureMechanisms.GetSignatureMechanismOid("RSA", DigestAlgorithms
+ .SHA512)));
+ si.SetSignature(new byte[256]);
+ sut.SetSignerInfo(si);
+ byte[] serRes = sut.Serialize();
+ NUnit.Framework.Assert.AreEqual(SerializedAsString(Convert.FromBase64String(CMSTestHelper.CMS_CONTAINER_WITH_OCSP_AND_CRL
+ )), SerializedAsString(serRes));
}
[NUnit.Framework.Test]
@@ -112,36 +138,55 @@ public virtual void TestGetSizeEstimation() {
}
[NUnit.Framework.Test]
- public virtual void TestDeserialisation() {
- byte[] rawData = Convert.FromBase64String(CMSTestHelper.SERIALIZED_B64_CASE1);
+ public virtual void TestDeserialization() {
+ byte[] rawData = Convert.FromBase64String(CMSTestHelper.EXPECTED_RESULT_CMS_CONTAINER_TEST);
CMSContainer sd = new CMSContainer(rawData);
- NUnit.Framework.Assert.AreEqual("2.16.840.1.101.3.4.2.1", sd.GetDigestAlgorithm().GetAlgorithmOid());
+ NUnit.Framework.Assert.AreEqual("2.16.840.1.101.3.4.2.3", sd.GetDigestAlgorithm().GetAlgorithmOid());
NUnit.Framework.Assert.AreEqual("1.2.840.113549.1.7.1", sd.GetEncapContentInfo().GetContentType());
NUnit.Framework.Assert.AreEqual(3, sd.GetCertificates().Count);
- NUnit.Framework.Assert.IsTrue(sd.GetCertificates().Any((c) => "140282000747862710817410059465802198354".Equals
- (c.GetSerialNumber().ToString())));
- NUnit.Framework.Assert.IsTrue(sd.GetCertificates().Any((c) => "151118660848720701053205649823964411794".Equals
- (c.GetSerialNumber().ToString())));
- NUnit.Framework.Assert.IsTrue(sd.GetCertificates().Any((c) => "8380897714609953925".Equals(c.GetSerialNumber
- ().ToString())));
- NUnit.Framework.Assert.AreEqual("8380897714609953925", sd.GetSignerInfo().GetSigningCertificate().GetSerialNumber
- ().ToString());
+ NUnit.Framework.Assert.AreEqual(0, sd.GetCrls().Count);
+ NUnit.Framework.Assert.AreEqual(0, sd.GetOcsps().Count);
+ foreach (IX509Certificate certificate in chain) {
+ NUnit.Framework.Assert.IsTrue(sd.GetCertificates().Any((c) => certificate.GetSerialNumber().ToString().Equals
+ (c.GetSerialNumber().ToString())));
+ }
+ NUnit.Framework.Assert.AreEqual(chain[0].GetSerialNumber().ToString(), sd.GetSignerInfo().GetSigningCertificate
+ ().GetSerialNumber().ToString());
}
[NUnit.Framework.Test]
- public virtual void TestDeserialisationWithRevocationData() {
- byte[] rawData = Convert.FromBase64String(CMSTestHelper.SERIALIZED_B64_CASE2);
+ public virtual void TestDeserializationWithRevocationData() {
+ byte[] rawData = Convert.FromBase64String(CMSTestHelper.CMS_CONTAINER_WITH_OCSP_AND_CRL);
CMSContainer sd = new CMSContainer(rawData);
- NUnit.Framework.Assert.AreEqual("2.16.840.1.101.3.4.2.1", sd.GetDigestAlgorithm().GetAlgorithmOid());
+ NUnit.Framework.Assert.AreEqual("2.16.840.1.101.3.4.2.3", sd.GetDigestAlgorithm().GetAlgorithmOid());
NUnit.Framework.Assert.AreEqual("1.2.840.113549.1.7.1", sd.GetEncapContentInfo().GetContentType());
NUnit.Framework.Assert.AreEqual(3, sd.GetCertificates().Count);
- NUnit.Framework.Assert.IsTrue(sd.GetCertificates().Any((c) => "3081".Equals(c.GetSerialNumber().ToString()
- )));
- NUnit.Framework.Assert.IsTrue(sd.GetCertificates().Any((c) => "2776".Equals(c.GetSerialNumber().ToString()
- )));
- NUnit.Framework.Assert.IsTrue(sd.GetCertificates().Any((c) => "1".Equals(c.GetSerialNumber().ToString())));
- NUnit.Framework.Assert.AreEqual("3081", sd.GetSignerInfo().GetSigningCertificate().GetSerialNumber().ToString
- ());
+ NUnit.Framework.Assert.AreEqual(1, sd.GetCrls().Count);
+ NUnit.Framework.Assert.AreEqual(1, sd.GetOcsps().Count);
+ foreach (IX509Certificate certificate in chain) {
+ NUnit.Framework.Assert.IsTrue(sd.GetCertificates().Any((c) => certificate.GetSerialNumber().ToString().Equals
+ (c.GetSerialNumber().ToString())));
+ }
+ NUnit.Framework.Assert.AreEqual(chain[0].GetSerialNumber().ToString(), sd.GetSignerInfo().GetSigningCertificate
+ ().GetSerialNumber().ToString());
+ }
+
+ [NUnit.Framework.Test]
+ [LogMessage(SignLogMessageConstant.UNABLE_TO_PARSE_REV_INFO)]
+ public virtual void TestDeserializationWithIncorrectRevocationData() {
+ byte[] rawData = Convert.FromBase64String(CMSTestHelper.CMS_CONTAINER_WITH_INCORRECT_REV_INFO);
+ CMSContainer sd = new CMSContainer(rawData);
+ NUnit.Framework.Assert.AreEqual(1, sd.GetCrls().Count);
+ NUnit.Framework.Assert.AreEqual(1, sd.GetOcsps().Count);
+ NUnit.Framework.Assert.AreEqual(1, sd.otherRevocationInfo.Count);
+ }
+
+ [NUnit.Framework.Test]
+ public virtual void CreatePkcs7WithRevocationInfoTest() {
+ PdfPKCS7 pkcs7 = new PdfPKCS7(Convert.FromBase64String(CMSTestHelper.CMS_CONTAINER_WITH_OCSP_AND_CRL), PdfName
+ .Adbe_pkcs7_detached);
+ NUnit.Framework.Assert.AreEqual(1, pkcs7.GetSignedDataCRLs().Count);
+ NUnit.Framework.Assert.AreEqual(1, pkcs7.GetSignedDataOcsps().Count);
}
[NUnit.Framework.Test]
diff --git a/itext.tests/itext.sign.tests/itext/signatures/cms/CMSTestHelper.cs b/itext.tests/itext.sign.tests/itext/signatures/cms/CMSTestHelper.cs
index 5fa275ee16..1514110e0a 100644
--- a/itext.tests/itext.sign.tests/itext/signatures/cms/CMSTestHelper.cs
+++ b/itext.tests/itext.sign.tests/itext/signatures/cms/CMSTestHelper.cs
@@ -30,418 +30,6 @@ namespace iText.Signatures.Cms {
/// .
///
internal class CMSTestHelper {
- internal const String SERIALIZED_B64_CASE1 = "MIId9gYJKoZIhvcNAQcCoIId5zCCHeMCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGgghMt"
- + "MIIFzTCCBLWgAwIBAgIQaYlUoYntXRAHRVirF9EtUjANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMC" + "RVMxMzAxBgNVBAoMKkNPTlNPUkNJIEFETUlOSVNUUkFDSU8gT0JFUlRBIERFIENBVEFMVU5ZQTEqMCgG"
- + "A1UECwwhU2VydmVpcyBQw7pibGljcyBkZSBDZXJ0aWZpY2FjacOzMRgwFgYDVQQDDA9FQy1TZWN0b3JQ" + "dWJsaWMwHhcNMjEwNjE2MTUxNjIxWhcNMjIwNjE2MTUxNjIwWjCBojELMAkGA1UEBhMCRVMxNDAyBgNV"
- + "BAoMK0NvbnNvcmNpIEFkbWluaXN0cmFjacOzIE9iZXJ0YSBkZSBDYXRhbHVueWExNDAyBgNVBAsMK1Zl" + "Z2V1IGh0dHBzOi8vd3d3LmFvYy5jYXQvQ0FUQ2VydC9SZWd1bGFjaW8xJzAlBgNVBAMMHlNlcnZlaSBP"
- + "Q1NQIGRlIEVDLVNlY3RvclB1YmxpYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMVUaAi" + "SI4UFurSFP4h4UvPEWvCIEJvZFYTrc5FW5vUOiL5juyMcVzIRLZ9Zai6xLcsOKCywJsP2ZL7StHJOOQC"
- + "IQoYOmcSee5RuuGmxHjhCy5BUgWNB5YVUR+ltJjwbkqrc1g8kdIbz3NhJlDZt8Q7c85ODC8rGYE5InWP" + "crU4hNk7qF3nooFPj3+Mbwp9W7dk0LagrTME5hrhHdaXyz+K2tUeZI9Ok3/9/sw+9J/w3vmyE9qfaFr5"
- + "bIb7attwfzBgbB2YOLFsFy0Lot7vdKs7aMQonkqMtdEVZLrHmBe7uOJFRxl9NSDcwXMphVPGISc4wHba" + "90zTlIqZE5cOkpsCAwEAAaOCAhUwggIRMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAURzzeFHe7ak9H"
- + "kakC/9QG4XPc4tkwdgYIKwYBBQUHAQEEajBoMEEGCCsGAQUFBzAChjVodHRwOi8vd3d3LmNhdGNlcnQu" + "Y2F0L2Rlc2NhcnJlZ2EvZWMtc2VjdG9ycHVibGljLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au"
- + "Y2F0Y2VydC5jYXQwgc8GA1UdIASBxzCBxDCBwQYLKwYBBAH1eAEDARMwgbEwMQYIKwYBBQUHAgEWJWh0" + "dHBzOi8vd3d3LmFvYy5jYXQvQ0FUQ2VydC9SZWd1bGFjaW8wfAYIKwYBBQUHAgIwcAxuQ2VydGlmaWNh"
- + "dCBkZSBzZXJ2ZWkgT0NTUCwgZGUgY2xhc3NlIDEuIEFkcmXDp2EgaSBOSUYgZGVsIHByZXN0YWRvcjog" + "VmlhIExhaWV0YW5hIDI2IDA4MDAzIEJhcmNlbG9uYSBRMDgwMTE3NUEwDwYJKwYBBQUHMAEFBAIFADAT"
- + "BgNVHSUEDDAKBggrBgEFBQcDCTBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vZXBzY2QuY2F0Y2VydC5u" + "ZXQvY3JsL2VjLXNlY3RvcnB1YmxpYy5jcmwwHQYDVR0OBBYEFBWYlt4CY6CNoa/hjqqs/C8oB9/VMA4G"
- + "A1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQsFAAOCAQEAOcvn4Mocc6V5ezU8BVd1tueHvti071VJ9vX5" + "DIKC/9icc+W+amQ5ZrE4S7QBQIppxvZPzjIpYWtsOHrk7c4bOfTbiOTgFXszjMqpwJhTmdUbZ+N3tTG1"
- + "3/BIoMvEdZjGrfX6T8Tzn956w1lB99cI811UDdJqzp3u3ImFxvLAWR1SaDlFgmVqetU+hh9nsh6ORlDI" + "2InJN962jnx0HdxuS7cXyg4Z1hgPJEjrTKHL6IcC0s/QFeHThJ6XrCmSjcXrnMj2fN95Wbt5PaVvnaqb"
- + "OHzYfmB7jBKngUyyU8ph/92jO8k8UGs6Z2pWwCTvNYU57RZ00jj9DFRfIXdNhQV4MDCCBeMwggTLoAMC" + "AQICEHGwZTl8jgfSVBqWf3VZN5IwDQYJKoZIhvcNAQELBQAwgfMxCzAJBgNVBAYTAkVTMTswOQYDVQQK"
- + "EzJBZ2VuY2lhIENhdGFsYW5hIGRlIENlcnRpZmljYWNpbyAoTklGIFEtMDgwMTE3Ni1JKTEoMCYGA1UE" + "CxMfU2VydmVpcyBQdWJsaWNzIGRlIENlcnRpZmljYWNpbzE1MDMGA1UECxMsVmVnZXUgaHR0cHM6Ly93"
- + "d3cuY2F0Y2VydC5uZXQvdmVyYXJyZWwgKGMpMDMxNTAzBgNVBAsTLEplcmFycXVpYSBFbnRpdGF0cyBk" + "ZSBDZXJ0aWZpY2FjaW8gQ2F0YWxhbmVzMQ8wDQYDVQQDEwZFQy1BQ0MwHhcNMTQwOTE4MDgyMzI3WhcN"
- + "MzAwOTE4MDgyMzI3WjCBiDELMAkGA1UEBhMCRVMxMzAxBgNVBAoMKkNPTlNPUkNJIEFETUlOSVNUUkFD" + "SU8gT0JFUlRBIERFIENBVEFMVU5ZQTEqMCgGA1UECwwhU2VydmVpcyBQw7pibGljcyBkZSBDZXJ0aWZp"
- + "Y2FjacOzMRgwFgYDVQQDDA9FQy1TZWN0b3JQdWJsaWMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK" + "AoIBAQDLrk4xMbzx2xHxidzFPUc50nBCC/OkxE8GUztRmbBdb0axgCQVd0HF0l6ff6+Ye3MqtfQyi04q"
- + "kbSpp8Eg30Ah27b+JiCVnPJmxGQkcENn6dU0VdWBhZ1GYIS4d9j40q45XGXEx+awGkvLhl3SE3+AJprP" + "cGvgMe9OVxQnedrI4geKlCbaeoTAuxAgh41my8NAJKeLz4j324SwMYONNPOvXmjMhHZELEGMYM8qxBPZ"
- + "qDRUVeust4gfHp79UJjfzZDKnSpYMvOhz9tj60nneHzjRkgdps/04uKnxmNXqK6D55uUPCIlrb3w2gSo" + "vw1uY/qIFCe/tsOnzAG1WVLB1qPDAgMBAAGjggHaMIIB1jASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud"
- + "DwEB/wQEAwIBBjAdBgNVHQ4EFgQURzzeFHe7ak9HkakC/9QG4XPc4tkwHwYDVR0jBBgwFoAUoMOLRKo3" + "pUW/l4Ba0fF4opvpXY0wgdYGA1UdIASBzjCByzCByAYEVR0gADCBvzAxBggrBgEFBQcCARYlaHR0cHM6"
- + "Ly93d3cuYW9jLmNhdC9DQVRDZXJ0L1JlZ3VsYWNpbzCBiQYIKwYBBQUHAgIwfQx7QXF1ZXN0IGNlcnRp" + "ZmljYXQgw6lzIGVtw6hzIMO6bmljYSBpIGV4Y2x1c2l2YW1lbnQgYSBFbnRpdGF0cyBkZSBDZXJ0aWZp"
- + "Y2FjacOzLiBWZWdldSBodHRwczovL3d3dy5hb2MuY2F0L0NBVENlcnQvUmVndWxhY2lvMDMGCCsGAQUF" + "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuY2F0Y2VydC5jYXQwYgYDVR0fBFswWTBXoFWg"
- + "U4YnaHR0cDovL2Vwc2NkLmNhdGNlcnQubmV0L2NybC9lYy1hY2MuY3JshihodHRwOi8vZXBzY2QyLmNh" + "dGNlcnQubmV0L2NybC9lYy1hY2MuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAzETtHqhoqlHSBRW8asCl4"
- + "fiuq1xiQJ34GCOGwATG2yAGWg5JX8F49twTvCcSzzM4CIpU14LMAUmU201RLo2EHz/pa1Iz9WRtlxTzP" + "rys7MheCt7Nxcn43UZo9HIbp9BZWqPoHfZ5eo+8ksx7KWW9bv4tC0s+P+PJmPqU8U9RwlcOM785vRPV9"
- + "urisZ/1IpCPQeRBAhxgoccOQsdUUhe0x74RAV3wkOsLGOt9rr4Yvx+EAJM5jmZIdT1c83oZbCtrXpSRn" + "wLfsSMSx2L0VDkwuTEaUrdhM6r043bAvICsxr4KmBIWQaq6u1T521F/S7hfWniZWVz7HzUWiJACVvLJq"
- + "MIIHcTCCBlmgAwIBAgIIdE7uEUo1nIUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAkVTMTMwMQYD" + "VQQKDCpDT05TT1JDSSBBRE1JTklTVFJBQ0lPIE9CRVJUQSBERSBDQVRBTFVOWUExKjAoBgNVBAsMIVNl"
- + "cnZlaXMgUMO6YmxpY3MgZGUgQ2VydGlmaWNhY2nDszEYMBYGA1UEAwwPRUMtU2VjdG9yUHVibGljMB4X" + "DTE5MDMxOTA4Mzg1OFoXDTIzMDMxOTA4Mzg1OFowggFrMQswCQYDVQQGEwJFUzE/MD0GA1UECgw2RnVu"
- + "ZGFjacOzIFVuaXZlcnNpdMOgcmlhIEJhbG1lcy5Vbml2ZXJzaXRhdCBkZSBWaWMtVUNDMRgwFgYDVQRh" + "DA9WQVRFUy1HNTgwMjAxMjQxMzAxBgNVBAsMKlJlcHJlc2VudGFudCBkYXZhbnQgbGVzIEFBUFAgZGUg"
- + "bml2ZWxsIGFsdDEVMBMGA1UEBAwMQmHDsW9zIETDrWV6MRQwEgYDVQQqDAtKb3NlcCBFbGFkaTEYMBYG" + "A1UEBRMPSURDRVMtMzM4NjI1NjREMTkwNwYDVQQDDDAzMzg2MjU2NEQgSm9zZXAgRWxhZGkgQmHDsW9z"
- + "IETDrWV6IChSOkc1ODAyMDEyNCkxSjBIBgNVBA0MQUJ1dGxsZXTDrTo3Nzc2L0RhdGE6MjgtMTItMjAx" + "OC9Ow7ptZXJvIHJlc29sdWNpw7M6QS0xODM1NDA0OS0yMDE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A"
- + "MIIBCgKCAQEAp+Omr4s7sLRKCY0q+BbTT1kX9flmmfFdIjR05penmOWAOy81gdJ2nikfXQXBldUI2fQQ" + "NuUCPWO7fq0wsaTcsdPpF4BrP2Wf9wnIK94ck+nK5RVKqijtEYnVAmHtRPIMDbo4UBuymgLY5k2JRVON"
- + "HLWytLqs9msNjUzPTFghmRne6YsFMes1KmIa36Zom8ZjbpJOZGliRRlO/XhM9H3K0F5p1H1C7aV7amIv" + "a0cP+xbyskkpk+T3gexVFVehzhGbS3nycTO9yTvRLR9urjlmYIht4xhR7orE+7RXtVyn6yQU3gK9239/"
- + "uNkbGInG/BNiQfHV1Dl7uTVmBiqYQuvXxQIDAQABo4IC9zCCAvMwdgYIKwYBBQUHAQEEajBoMEEGCCsG" + "AQUFBzAChjVodHRwOi8vd3d3LmNhdGNlcnQuY2F0L2Rlc2NhcnJlZ2EvZWMtc2VjdG9ycHVibGljLmNy"
- + "dDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuY2F0Y2VydC5jYXQwHQYDVR0OBBYEFFXoRqtROFLAXvY/" + "ZZfuaRFV2sP1MAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAURzzeFHe7ak9HkakC/9QG4XPc4tkwegYI"
- + "KwYBBQUHAQMEbjBsMAgGBgQAjkYBATALBgYEAI5GAQMCAQ8wCAYGBACORgEEMBMGBgQAjkYBBjAJBgcE" + "AI5GAQYBMDQGBgQAjkYBBTAqMCgWImh0dHBzOi8vd3d3LmFvYy5jYXQvY2F0Y2VydC9wZHNfZW4TAmVu"
- + "MIIBCQYDVR0gBIIBADCB/TCB5AYNKwYBBAH1eAEDAggBATCB0jAxBggrBgEFBQcCARYlaHR0cHM6Ly93" + "d3cuYW9jLmNhdC9DQVRDZXJ0L1JlZ3VsYWNpbzCBnAYIKwYBBQUHAgIwgY8MgYxDZXJ0aWZpY2F0IGVs"
- + "ZWN0csOybmljIGRlIHJlcHJlc2VudGFudCBkYXZhbnQgbGVzIEFBUFAgZGUgbml2ZWxsIGFsdC4gQWRy" + "ZcOnYSBpIE5JRiBkZWwgcHJlc3RhZG9yOiBWaWEgTGFpZXRhbmEgMjYgMDgwMDMgQmFyY2Vsb25hIFEw"
- + "ODAxMTc1QTAJBgdghVQBAwUIMAkGBwQAi+xAAQIwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2Vwc2Nk" + "LmNhdGNlcnQubmV0L2NybC9lYy1zZWN0b3JwdWJsaWMuY3JsMA4GA1UdDwEB/wQEAwIF4DApBgNVHSUE"
- + "IjAgBggrBgEFBQcDAgYIKwYBBQUHAwQGCisGAQQBgjcUAgIwJAYDVR0RBB0wG4EZam9zZXBlbGFkaS5i" + "YW5vc0B1dmljLmNhdDANBgkqhkiG9w0BAQsFAAOCAQEAkQNfW7iZXxsfpwynCoBbxtT2UK8jqX02aeUC"
- + "m1r8kBV7s8pq5+EicxrFAh3/GlIscm3qYwASqIl6s8gnWAvZtW4olAVnqYjE5+Ze4dKBiurjrhLG66oQ" + "/VrxNf8CN9kxpdwN4X2VUvtORHTieNUXmFTYhsYdZkIUTvX6vHeONre8eWdBjp22aoQQJ7TEqWW4Cnjl"
- + "k7M7DJGUAp08nAmpUXJjg3Ubb+OIJnaYG9vhBf6ytCRzyYgVd4sa320yXxEp6WG769EfrALumUmr20dw" + "VQKIyiuc6lHEUuQ4grz8B5EIx2upMJn+gYjvm/ve0NeioLaKaTDnATDzyD9+mnBV7zGCCo0wggqJAgEB"
- + "MIGVMIGIMQswCQYDVQQGEwJFUzEzMDEGA1UECgwqQ09OU09SQ0kgQURNSU5JU1RSQUNJTyBPQkVSVEEg" + "REUgQ0FUQUxVTllBMSowKAYDVQQLDCFTZXJ2ZWlzIFDDumJsaWNzIGRlIENlcnRpZmljYWNpw7MxGDAW"
- + "BgNVBAMMD0VDLVNlY3RvclB1YmxpYwIIdE7uEUo1nIUwDQYJYIZIAWUDBAIBBQCgggjIMBgGCSqGSIb3" + "DQEJAzELBgkqhkiG9w0BBwEwLwYJKoZIhvcNAQkEMSIEICJ3ranF419TEnQQ9yFEvWVcoVAc1GXhaKqg"
- + "zzM2sdndMIIIeQYJKoZIhvcvAQEIMYIIajCCCGahgghiMIIIXjCCCFoKAQCggghTMIIITwYJKwYBBQUH" + "MAEBBIIIQDCCCDwwggFLoYGlMIGiMQswCQYDVQQGEwJFUzE0MDIGA1UECgwrQ29uc29yY2kgQWRtaW5p"
- + "c3RyYWNpw7MgT2JlcnRhIGRlIENhdGFsdW55YTE0MDIGA1UECwwrVmVnZXUgaHR0cHM6Ly93d3cuYW9j" + "LmNhdC9DQVRDZXJ0L1JlZ3VsYWNpbzEnMCUGA1UEAwweU2VydmVpIE9DU1AgZGUgRUMtU2VjdG9yUHVi"
- + "bGljGA8yMDIyMDQyMTE1NTkzMlowazBpMEEwCQYFKw4DAhoFAAQULM0qepNxMuWZ4NYlqgUuKj/csfIE" + "FEc83hR3u2pPR5GpAv/UBuFz3OLZAgh0Tu4RSjWchYAAGA8yMDIyMDQyMTE1NTkzMlqgERgPMjAyMjA0"
- + "MjExNjA0MzFaoSMwITAfBgkrBgEFBQcwAQIEEgQQPotpF5elSJ4KTZM7Ei3OZjANBgkqhkiG9w0BAQsF" + "AAOCAQEAci1WvetiQ38gKWo6LjTaGvXq0rWvQ8yUQTC/hyk3ZtY7DpBqJqElkNyhTCfCyGddhh4WClWp"
- + "IjPCiSBB1SzIB2fzItD1LOW7UbCDcv3fmK9Wg6S8pQ9u30Jb+haqKUbUnuJa+LlZsTc9SOrYdl3EIqnc" + "rSvOm0o8B5t6EQBWI7WKqPujGdcmCjcnmBDTJdicLr58tkw/B79eSNhSxJ63/pRrcVqQipwpWoxIS2W2"
- + "XlqZ615v61A5tbAIw1/CfTfZJPPwhbe+LRBZoDC9dXWVB3HhUZSw8au2cP2AbB9hadsNeXGq1oaORJ+Q" + "WS07qlIj7aMgxdbDz4u0efTk+bnJBKCCBdUwggXRMIIFzTCCBLWgAwIBAgIQaYlUoYntXRAHRVirF9Et"
- + "UjANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCRVMxMzAxBgNVBAoMKkNPTlNPUkNJIEFETUlOSVNU" + "UkFDSU8gT0JFUlRBIERFIENBVEFMVU5ZQTEqMCgGA1UECwwhU2VydmVpcyBQw7pibGljcyBkZSBDZXJ0"
- + "aWZpY2FjacOzMRgwFgYDVQQDDA9FQy1TZWN0b3JQdWJsaWMwHhcNMjEwNjE2MTUxNjIxWhcNMjIwNjE2" + "MTUxNjIwWjCBojELMAkGA1UEBhMCRVMxNDAyBgNVBAoMK0NvbnNvcmNpIEFkbWluaXN0cmFjacOzIE9i"
- + "ZXJ0YSBkZSBDYXRhbHVueWExNDAyBgNVBAsMK1ZlZ2V1IGh0dHBzOi8vd3d3LmFvYy5jYXQvQ0FUQ2Vy" + "dC9SZWd1bGFjaW8xJzAlBgNVBAMMHlNlcnZlaSBPQ1NQIGRlIEVDLVNlY3RvclB1YmxpYzCCASIwDQYJ"
- + "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMVUaAiSI4UFurSFP4h4UvPEWvCIEJvZFYTrc5FW5vUOiL5" + "juyMcVzIRLZ9Zai6xLcsOKCywJsP2ZL7StHJOOQCIQoYOmcSee5RuuGmxHjhCy5BUgWNB5YVUR+ltJjw"
- + "bkqrc1g8kdIbz3NhJlDZt8Q7c85ODC8rGYE5InWPcrU4hNk7qF3nooFPj3+Mbwp9W7dk0LagrTME5hrh" + "HdaXyz+K2tUeZI9Ok3/9/sw+9J/w3vmyE9qfaFr5bIb7attwfzBgbB2YOLFsFy0Lot7vdKs7aMQonkqM"
- + "tdEVZLrHmBe7uOJFRxl9NSDcwXMphVPGISc4wHba90zTlIqZE5cOkpsCAwEAAaOCAhUwggIRMAwGA1Ud" + "EwEB/wQCMAAwHwYDVR0jBBgwFoAURzzeFHe7ak9HkakC/9QG4XPc4tkwdgYIKwYBBQUHAQEEajBoMEEG"
- + "CCsGAQUFBzAChjVodHRwOi8vd3d3LmNhdGNlcnQuY2F0L2Rlc2NhcnJlZ2EvZWMtc2VjdG9ycHVibGlj" + "LmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuY2F0Y2VydC5jYXQwgc8GA1UdIASBxzCBxDCBwQYL"
- + "KwYBBAH1eAEDARMwgbEwMQYIKwYBBQUHAgEWJWh0dHBzOi8vd3d3LmFvYy5jYXQvQ0FUQ2VydC9SZWd1" + "bGFjaW8wfAYIKwYBBQUHAgIwcAxuQ2VydGlmaWNhdCBkZSBzZXJ2ZWkgT0NTUCwgZGUgY2xhc3NlIDEu"
- + "IEFkcmXDp2EgaSBOSUYgZGVsIHByZXN0YWRvcjogVmlhIExhaWV0YW5hIDI2IDA4MDAzIEJhcmNlbG9u" + "YSBRMDgwMTE3NUEwDwYJKwYBBQUHMAEFBAIFADATBgNVHSUEDDAKBggrBgEFBQcDCTBBBgNVHR8EOjA4"
- + "MDagNKAyhjBodHRwOi8vZXBzY2QuY2F0Y2VydC5uZXQvY3JsL2VjLXNlY3RvcnB1YmxpYy5jcmwwHQYD" + "VR0OBBYEFBWYlt4CY6CNoa/hjqqs/C8oB9/VMA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQsFAAOC"
- + "AQEAOcvn4Mocc6V5ezU8BVd1tueHvti071VJ9vX5DIKC/9icc+W+amQ5ZrE4S7QBQIppxvZPzjIpYWts" + "OHrk7c4bOfTbiOTgFXszjMqpwJhTmdUbZ+N3tTG13/BIoMvEdZjGrfX6T8Tzn956w1lB99cI811UDdJq"
- + "zp3u3ImFxvLAWR1SaDlFgmVqetU+hh9nsh6ORlDI2InJN962jnx0HdxuS7cXyg4Z1hgPJEjrTKHL6IcC" + "0s/QFeHThJ6XrCmSjcXrnMj2fN95Wbt5PaVvnaqbOHzYfmB7jBKngUyyU8ph/92jO8k8UGs6Z2pWwCTv"
- + "NYU57RZ00jj9DFRfIXdNhQV4MDANBgkqhkiG9w0BAQsFAASCAQA/zbiTRgCfAbR0jWku39AHpc2BTuk2" + "LlHtzuogd/CNH7BcR3AmQ8vpIDad1ZVjh9l06xspbU04dPeFW1kISERqQYms1DKF7HnxY/IfI7iK7zRD"
- + "Z6V0DBAVjc4dEGM/REULrERHtGasePl/tfkHeeNNBh/Sju6KjEhNoqQU9MeVD7uQ/y3GK+18YcagA71x" + "cI69GhIviAvsNPqzXKTKA4S+HU3/VdxiRIg3X4iUQ94zljNlmucE6U3YgdYkKdLTqKOFHm1INZo5YCMZ"
- + "1ITGAjBkAmHqDXksRZe9d6EXhxoTnRx5OplbSCmrfiZYQ65mWS+Ur221VJthnoNTRmkSpcFm";
-
- internal const String SERIALIZED_B64_CASE2 = "MII3WgYJKoZIhvcNAQcCoII3SzCCN0cCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGgghOhMIIHZDCCBUygAwIBAgIC"
- + "DAkwDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNVBAYTAklUMRgwFgYDVQQKDA9JbmZvQ2VydCBTLnAuQS4xHzAdBgNVBAsMFlRydXN0"
- + "IFNlcnZpY2UgUHJvdmlkZXIxGjAYBgNVBGEMEVZBVElULTA3OTQ1MjExMDA2MTAwLgYDVQQDDCdJbmZvQ2VydCBDZXJ0aWZpY2F0"
- + "aW9uIFNlcnZpY2VzIENBIDMgQ0wwHhcNMjMxMDI0MDgwMDU4WhcNMjQxMDI0MDAwMDAwWjCBsDEYMBYGA1UELhMPMjAyMzk5OTg1"
- + "MEEyNTIzMQ8wDQYDVQQEDAZJdmFub3YxDDAKBgNVBCoMA0tlbjEkMCIGCSqGSIb3DQEJARYVaXZhbm92QGFsbGllZGJpdHMuY29t"
- + "MRMwEQYDVQQDDApLZW4gSXZhbm92MRgwFgYDVQQKDA9BbGxpZWQgQml0cyBMdGQxEzARBgNVBAcMCkNoZWx0ZW5oYW0xCzAJBgNV"
- + "BAYTAkdCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTWSmSwv955zvlCbfLtArNlFs5d7Vm7+eU6Hcfa4OUgQj75Q"
- + "aIBgJn5P2DU00vrTVjtLS9zIUXroWKRhhUf0bTW3KhUX1l5THN1tT8Fy6Qef2lfZT/cUG1FviOQONuveX/hvZE9BdjRoIG/ceSL/"
- + "CANrLVQ+w+3HXxlbzffWenIaHE/Fhsg+rpGci6T7nEWqS6iy0SErXgrKBZJ1gcDw0QVWyoIdZSBcZ4h5CK8YjzNbRHop1tFrx35x"
- + "7iXZG5wL+dAFGwjD+8I4JjbkJv3t8OINkwR3gcLAZ1fODzPv24RM1DafC/dFYmCegLiZekjCrto36Bj+1t4zc2iBeDWrgwIDAQAB"
- + "o4ICnjCCApowHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMIGhBgNVHSAEgZkwgZYwgZMGBitMJAEBCDCBiDBBBggrBgEF"
- + "BQcCAjA1DDNTU0wsIFNNSU1FIGFuZCBEaWdpdGFsIFNpZ25hdHVyZSBDbGllbnQgQ2VydGlmaWNhdGUwQwYIKwYBBQUHAgEWN2h0"
- + "dHA6Ly93d3cuZmlybWEuaW5mb2NlcnQuaXQvZG9jdW1lbnRhemlvbmUvbWFudWFsaS5waHAwcgYIKwYBBQUHAQEEZjBkMC0GCCsG"
- + "AQUFBzABhiFodHRwOi8vb2NzcGNsLmNzLmNhMy5pbmZvY2VydC5pdC8wMwYIKwYBBQUHMAKGJ2h0dHA6Ly9jZXJ0Y2wuaW5mb2Nl"
- + "cnQuaXQvY2EzL2NzL0NBLmNydDCB7gYDVR0fBIHmMIHjMIHgoIHdoIHahilodHRwOi8vY3JsY2wuaW5mb2NlcnQuaXQvY2EzL2Nz"
- + "L0NSTDAxLmNybIaBrGxkYXA6Ly9sZGFwY2wuaW5mb2NlcnQuaXQvY24lM0RJbmZvQ2VydCUyMENlcnRpZmljYXRpb24lMjBTZXJ2"
- + "aWNlcyUyMENBJTIwMyUyMENMJTIwQ1JMMDEsb3UlM0RUcnVzdCUyMFNlcnZpY2UlMjBQcm92aWRlcixvJTNESU5GT0NFUlQlMjBT"
- + "UEEsYyUzRElUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3QwDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFWl2YW5vdkBhbGxp"
- + "ZWRiaXRzLmNvbTAfBgNVHSMEGDAWgBSKt+EIOuxJR6TEC9yMHqtLdN4XhTAdBgNVHQ4EFgQUoNLMA2794xfqMT/tVQcd/2Zn9Osw"
- + "DQYJKoZIhvcNAQELBQADggIBABMpLL3BRMuyl3SqYumWpAB5Qhhdu7C/gFEeUXyiQZCiD9qfl26clrOCXCk4StFVWayrhy7tx3Ah"
- + "yD3jNm568o0kCga8YcacFh44vXiG8c25lLowbHs6pDHsxqN6fIEbrT7eaWzgmWBbHCSPmDSchZ1zIh2sKP8ZyTPQAyAdDSwbhtgM"
- + "bBno3t1boKB4sElA5pSPGNa8C7pPclqE9jrU1GI9wmL5FiBdwc5NKrZfv9fmSH+q5sukmVkak7a2fKW6Nj3tm68aF/nhtRro56U1"
- + "/ymgfmqtWQCsmk7gHdQW0MqcXsiNZYrBf/2GV7IOC78xTnHtT06Ql9noRkrYoHZqgITz5/kEnHZHfblZmIRA3lbtqgkWnpMB+3rg"
- + "bYNH5iunCIITgpDqPssAfYKCnj3Szg++dxHYhYaKpc9WFUCNZEVIvdFb6RHJSW2Et3XgGgR1PT9QmWUjv00HKSylC6bAyGRBKBWq"
- + "eXjFTEfm/DPdI92oXbMYpsF/FQvwg/F2n4Cl6lAfDkJmQppYZ6aam9GVq2piIVgKZUGXU1Ur1c+J+BifDTagCmo3KpG1MPsmewEL"
- + "QkMCmG/+DT0vC/tQu3PsU2wWVbWNHfXzZvb8ukmIhNK/6UFvgzyA1BQwZPq5qTSJ0/TUbtFZphws7xjStpi/v5pCbpt48ipcR9bz"
- + "bOSEbypHMIIFAzCCAuugAwIBAgICCtgwDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNVBAYTAklUMRgwFgYDVQQKDA9JbmZvQ2VydCBT"
- + "LnAuQS4xHzAdBgNVBAsMFlRydXN0IFNlcnZpY2UgUHJvdmlkZXIxGjAYBgNVBGEMEVZBVElULTA3OTQ1MjExMDA2MTAwLgYDVQQD"
- + "DCdJbmZvQ2VydCBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIENBIDMgQ0wwHhcNMjMwMjE0MTYwMjM5WhcNMjYwMjE0MTYwMjM5WjBr"
- + "MQswCQYDVQQGEwJJVDEYMBYGA1UECgwPSW5mb0NlcnQgUy5wLkEuMR8wHQYDVQQLDBZUcnVzdCBTZXJ2aWNlIFByb3ZpZGVyMSEw"
- + "HwYDVQQDDBhPQ1NQIFJlc3BvbmRlciBDUyBDQTMgQ0wwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4E4jNB8W8PS9x"
- + "ua2T/EIez+LKBssGuG/+btUsCRwcr2SLKHLDZquWG1uqJZEElulzY1x2u46+PgO1ZtGoeCRazZt7NdYaU4kQBsrkmKRc72WITR7b"
- + "cA8f2DelArlivtYswLO/RrgTO0CcrhTNy8njB17nGyJwn6pPrHAWii7i+5qaHnTfs97Y/uyghUBh5yfpLZD5CneT0085R5wDQCzA"
- + "SCu7TO9cAkT84Ax5P8NvIutVLpfXVw2DYdx5gRsvtZMFdb00wBwFlj66PEonTvZ3SUb4JU/NPEpA80q59lBGKJd9vccrGJoiUf7d"
- + "agVl9fpqayNO5hkFv3bfqtuqUr3nAgMBAAGjgYQwgYEwCQYDVR0TBAIwADAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQMMAoGCCsG"
- + "AQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSKt+EIOuxJR6TEC9yMHqtLdN4XhTAdBgNVHQ4EFgQUxMdBvrytW0xO"
- + "nDzFvSjgFqO58rowDQYJKoZIhvcNAQELBQADggIBADXer+pOSAXKtUVBYEtmV2cEWARXQhvn77Yu+r8NCfAqKX7ND9N7up9eYYyq"
- + "7huuyHgBUACrhoxDVLBJiefSC/NSN72vI/wfSbo6RjZWlz+OnySEsD6Qw3IPk+bivFyP3gAHq++nMZwOH/oeuHZCYDHvvUzsmwed"
- + "zMTbX2QjgXlb/qfxAQmHYgMuyAcLE7+o9zXP7cqhxOX5+/XFexWjtOr5P4ngVlJezwi4ouT1RpgpEZr3o9JlOGAUxFhTHlE7jZ2/"
- + "o4VRPuFY47ufMh3wJPo3DrKaGeLR4w+d7JiLFMMO0rq8E1MCFUHgbLjUDlprwwZDY9yFQgtt0pQ8yrqHDqpNALcVYxTTTcoqnF64"
- + "Dbb//qHBfyKs+wJ+y+dzNWmFyQEr9Kng/6/orNHhSbmyRkE3aXcVvmlfUnBaK53zkP5m7Dr3XYxyJnzAZLw2LdUTmPVXjwvPARGl"
- + "oxYJwOsdyDUgAKPJlNWU/7X1HLqzKm2TRcq7zs4tpwdYkRAf0NhUm733ITNsnRepxc7NCi0L+sDLZXwq+to8bad53HJodVcZBeCS"
- + "nE9xm1bFQ9pdtvXueDCDH1SHUdSGdzTa3stnEJ40hGiqpDrb7MWwSgrH/NReZVxF7Rngnk70FGgu0udxoWWHUm85rK8enT7yDizn"
- + "BZI3aQvMSHvkmYzlNQ7omGokMIIHLjCCBRagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMCSVQxGDAWBgNVBAoM"
- + "D0luZm9DZXJ0IFMucC5BLjEfMB0GA1UECwwWVHJ1c3QgU2VydmljZSBQcm92aWRlcjEaMBgGA1UEYQwRVkFUSVQtMDc5NDUyMTEw"
- + "MDYxMDAuBgNVBAMMJ0luZm9DZXJ0IENlcnRpZmljYXRpb24gU2VydmljZXMgQ0EgMyBDTDAeFw0xNjEyMDExNjA5MDhaFw0zMjEy"
- + "MDExNzA5MDhaMIGWMQswCQYDVQQGEwJJVDEYMBYGA1UECgwPSW5mb0NlcnQgUy5wLkEuMR8wHQYDVQQLDBZUcnVzdCBTZXJ2aWNl"
- + "IFByb3ZpZGVyMRowGAYDVQRhDBFWQVRJVC0wNzk0NTIxMTAwNjEwMC4GA1UEAwwnSW5mb0NlcnQgQ2VydGlmaWNhdGlvbiBTZXJ2"
- + "aWNlcyBDQSAzIENMMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuH6H2wNQ5jPehDSGh96J0nmb+RmXl3nfaGs9XIpn"
- + "2wVRpa1G2UD2Uax1qhy7PVW+VCPbSQwCfWRNGj6y0tFrNLtGNIqD7HUaN9AXtbpCWzq9WMw+KdrE5b7tSA5mXfTeLQZo0+kxwJdB"
- + "XABsXAZoO+Ev620omIMKNK2xuHd4Q9B3rrjFd6Q8boZHaBnFlx61aWv8RZ1KoAattuuCYa1ANq2v0iN/I0+HGV8yFQyAaBgt328z"
- + "XxTHJy9/+Xb7EbLbQLSgNKCFphtKNS12WXwD/hPJnIwr6Jj+UCqqt7EZVOhkwKClSj3xBydzHhRn6LJiX+Z+U5jESrjv5OrK96zJ"
- + "BInZPGL9KyWpyIzGw2edtbhaXytDwUi0cCq3rBiR8AJ+57PtuGvhWLcWa3mITrGSO++h1vkv4H6OoX6Qm4dydxlYPw9ZMA0TZx+n"
- + "dX+HAS8xfsbf2NXnOySd5tX8cyLNL8k8jgw8SYY2yVlH6/esSzPDUBzOJQGIqrhs0Q9bfg0JUdVIapJ5uYkhnHuxt7aQ26bAOu+1"
- + "gKOSsGk1g9cJGBch/Q52z0K7+UCb9nDotvrS1yfriJW9CxZ9Jy0la4Jm1QpCujTtWK/QCL9DcIcYcd7sDXAAJHJ7h2NgrUraE6i3"
- + "Oc/U7/op5E0NPAbR1Fm2STU25UDgfmry1Gyr8Rxcun8CAwEAAaOCAYMwggF/MA8GA1UdEwEB/wQFMAMBAf8wWAYDVR0gBFEwTzBN"
- + "BgRVHSAAMEUwQwYIKwYBBQUHAgEWN2h0dHA6Ly93d3cuZmlybWEuaW5mb2NlcnQuaXQvZG9jdW1lbnRhemlvbmUvbWFudWFsaS5w"
- + "aHAwgeIGA1UdHwSB2jCB1zCB1KCB0aCBzoYnaHR0cDovL2NybGNsLmluZm9jZXJ0Lml0L2NhMy9jcy9BUkwuY3JshoGibGRhcDov"
- + "L2xkYXBjbC5pbmZvY2VydC5pdC9jbiUzREluZm9DZXJ0JTIwQ2VydGlmaWNhdGlvbiUyMFNlcnZpY2VzJTIwQ0ElMjAzJTIwQ0ws"
- + "b3UlM0RUcnVzdCUyMFNlcnZpY2UlMjBQcm92aWRlcixvJTNESU5GT0NFUlQlMjBTUEEsYyUzRElUP2F1dGhvcml0eVJldm9jYXRp"
- + "b25MaXN0MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUirfhCDrsSUekxAvcjB6rS3TeF4UwDQYJKoZIhvcNAQELBQADggIBAJcj"
- + "CVmg3VcALFzYJ44fOztCMvXi86BhBPN2xSE6reAMWPbjuD4pEKZTmlVC9DxYnBb4kn+p/PUayjHopQh/4WBpbc6agmsZP+JYWTbg"
- + "7FEeAIgLCEMsUpNChqnb9TMN0CPofC4xNtRl21ZItypYbiwKIFiEU013M9uYdb6hsYKj0LZpFP2xbPcCae26Bh+L0UeWpzSgsLzi"
- + "ojgXJWwTEU93sdoUeo9hUlYTc1dNIWNeTiudYLkIu8uPJzJ0hfLMysdl6MYMiucKnv/nwebQ/Wsu2rzgyCOr1nnDCOocIhKLEj+Y"
- + "qoZNNbhrQk1rgtG3VZV5wrMjvtC2wQxSS2Vsbz+neD2UBFB2/KHKf2rtLNlgRUG99xdpMtzk0ln70Y4XSX9tm7HvAE9g1PGvi+71"
- + "d9RSBT3hW0Ex5as/FAUkcnHyllBDMRA7IFoSR0RaXjeYypypk2a+2Igqe0i88/eida9u1WE5qTkNr0igwthRYQZ2D4ICL0AX6pGt"
- + "u8d1HzSpuK+0VH63LGbL7hjuuz3wnlrwD9SU1teOHiRACQHyPB6czziFV1l1avHwxUnGD6XYp3i5SYZADj6QUfSBfOlYkEDJ7FJ0"
- + "HSATCkY3+SN5rPkbZ0Rx1iHBZDmrzIQX5n2xfLvqvXz5NTzNmyA0dPMSsb6vRBcjPdqFfMt6uvGwONH2oYIDdDCCA3AwggFYAgEB"
- + "MA0GCSqGSIb3DQEBCwUAMIGWMQswCQYDVQQGEwJJVDEYMBYGA1UECgwPSW5mb0NlcnQgUy5wLkEuMR8wHQYDVQQLDBZUcnVzdCBT"
- + "ZXJ2aWNlIFByb3ZpZGVyMRowGAYDVQRhDBFWQVRJVC0wNzk0NTIxMTAwNjEwMC4GA1UEAwwnSW5mb0NlcnQgQ2VydGlmaWNhdGlv"
- + "biBTZXJ2aWNlcyBDQSAzIENMFw0yMzEyMDMxMjAwMDBaFw0yMzEyMDUxMTAwMDBaMACggYowgYcwHwYDVR0jBBgwFoAUirfhCDrs"
- + "SUekxAvcjB6rS3TeF4UwDAYDVR0UBAUCAwDl2DAYBgNVHTwEERgPMjAxNjEyMDExNjA5MDhaMDwGA1UdHAEB/wQyMDCgK6Aphido"
- + "dHRwOi8vY3JsY2wuaW5mb2NlcnQuaXQvY2EzL2NzL0FSTC5jcmyCAf8wDQYJKoZIhvcNAQELBQADggIBADLZNz/PHJ3qTPCy/A54"
- + "GXr+W4LXraERbO6lM4KumJneQRPgKTBB39brYiFrTZUKGGyn6aIESmEkVByNTreKiGBxEKN0HjVtWhyirtzjcqorXizS6njOL5PA"
- + "UqpPM9ZgXmfUQdNhNSGXB+9Aejzhf2IULjRgNp7JsztPvwHzCo6ZVeOoPRaYOyViVmAfVAOJV/5dKvAaaDQqMFfs9EyWM3pwU/+Q"
- + "1L6LcPxYpSaqi5iFNmtFsWxTCmBdWknqEJRnhTvAtjNSGkhRXfDpXCvFCfpOYaCrRv1tpHCK8KkkiF5mEhKpc4wcsdMEG+NF7cZp"
- + "aKZPHTOd4HZ9kSrXewQN7Mq0ZD8Jw/JooiRWB+Wp20qbFTp3xiPhV80Dwb38oWyG6eOZs5WmHnqffcG61Okyq1QdJ/vXgYY27W2h"
- + "1D5jFpVFMOFRDzSw6WreIIDSrYiQ0zYDQ03v2W3YeG9Lr/Y/qeVB+UwlumZtBhAlpGAUSmQHmPOZmZRTCzPi2hQ4f0hRMzqC/FjW"
- + "6xA+2q5xCgf1MDcvo0boam/sDzzJOsRiye+dM3BRVSxaxHti4qN2f2TxECl97BMy41SsD1a7wBt6P40X37Lz30qymJlw1Jk2xWED"
- + "TidrT7fKo9K4bjLX1sKR5vEoU5nX+0+6F1CYOJy6BV8l9aNwJK1kHeoiV+ro3fITMYIgBTCCIAECAQEwgZ0wgZYxCzAJBgNVBAYT"
- + "AklUMRgwFgYDVQQKDA9JbmZvQ2VydCBTLnAuQS4xHzAdBgNVBAsMFlRydXN0IFNlcnZpY2UgUHJvdmlkZXIxGjAYBgNVBGEMEVZB"
- + "VElULTA3OTQ1MjExMDA2MTAwLgYDVQQDDCdJbmZvQ2VydCBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIENBIDMgQ0wCAgwJMA0GCWCG"
- + "SAFlAwQCAQUAoIIMIDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMC8GCSqGSIb3DQEJBDEiBCBdwh0LxpVqiecZrkUCGuxU8Grn"
- + "j75SoN+cicILAFXq9DCB4QYLKoZIhvcNAQkQAi8xgdEwgc4wgcswgcgEIFyNoq6d8kE+4qnuvVOX66fpLOum5PMkyuqYyxsW+iUI"
- + "MIGjMIGcpIGZMIGWMQswCQYDVQQGEwJJVDEYMBYGA1UECgwPSW5mb0NlcnQgUy5wLkEuMR8wHQYDVQQLDBZUcnVzdCBTZXJ2aWNl"
- + "IFByb3ZpZGVyMRowGAYDVQRhDBFWQVRJVC0wNzk0NTIxMTAwNjEwMC4GA1UEAwwnSW5mb0NlcnQgQ2VydGlmaWNhdGlvbiBTZXJ2"
- + "aWNlcyBDQSAzIENMAgIMCTCCCu0GCSqGSIb3LwEBCDGCCt4wggraoIIDeDCCA3QwggNwMIIBWAIBATANBgkqhkiG9w0BAQsFADCB"
- + "ljELMAkGA1UEBhMCSVQxGDAWBgNVBAoMD0luZm9DZXJ0IFMucC5BLjEfMB0GA1UECwwWVHJ1c3QgU2VydmljZSBQcm92aWRlcjEa"
- + "MBgGA1UEYQwRVkFUSVQtMDc5NDUyMTEwMDYxMDAuBgNVBAMMJ0luZm9DZXJ0IENlcnRpZmljYXRpb24gU2VydmljZXMgQ0EgMyBD"
- + "TBcNMjMxMjAzMTIwMDAwWhcNMjMxMjA1MTEwMDAwWjAAoIGKMIGHMB8GA1UdIwQYMBaAFIq34Qg67ElHpMQL3Iweq0t03heFMAwG"
- + "A1UdFAQFAgMA5dgwGAYDVR08BBEYDzIwMTYxMjAxMTYwOTA4WjA8BgNVHRwBAf8EMjAwoCugKYYnaHR0cDovL2NybGNsLmluZm9j"
- + "ZXJ0Lml0L2NhMy9jcy9BUkwuY3JsggH/MA0GCSqGSIb3DQEBCwUAA4ICAQAy2Tc/zxyd6kzwsvwOeBl6/luC162hEWzupTOCrpiZ"
- + "3kET4CkwQd/W62Iha02VChhsp+miBEphJFQcjU63iohgcRCjdB41bVocoq7c43KqK14s0up4zi+TwFKqTzPWYF5n1EHTYTUhlwfv"
- + "QHo84X9iFC40YDaeybM7T78B8wqOmVXjqD0WmDslYlZgH1QDiVf+XSrwGmg0KjBX7PRMljN6cFP/kNS+i3D8WKUmqouYhTZrRbFs"
- + "UwpgXVpJ6hCUZ4U7wLYzUhpIUV3w6VwrxQn6TmGgq0b9baRwivCpJIheZhISqXOMHLHTBBvjRe3GaWimTx0zneB2fZEq13sEDezK"
- + "tGQ/CcPyaKIkVgflqdtKmxU6d8Yj4VfNA8G9/KFshunjmbOVph56n33ButTpMqtUHSf714GGNu1todQ+YxaVRTDhUQ80sOlq3iCA"
- + "0q2IkNM2A0NN79lt2HhvS6/2P6nlQflMJbpmbQYQJaRgFEpkB5jzmZmUUwsz4toUOH9IUTM6gvxY1usQPtqucQoH9TA3L6NG6Gpv"
- + "7A88yTrEYsnvnTNwUVUsWsR7YuKjdn9k8RApfewTMuNUrA9Wu8Abej+NF9+y899KspiZcNSZNsVhA04na0+3yqPSuG4y19bCkebx"
- + "KFOZ1/tPuhdQmDicugVfJfWjcCStZB3qIlfq6N3yE6GCB1owggdWMIIHUgoBAKCCB0swggdHBgkrBgEFBQcwAQEEggc4MIIHNDCC"
- + "AQ2hbTBrMQswCQYDVQQGEwJJVDEYMBYGA1UECgwPSW5mb0NlcnQgUy5wLkEuMR8wHQYDVQQLDBZUcnVzdCBTZXJ2aWNlIFByb3Zp"
- + "ZGVyMSEwHwYDVQQDDBhPQ1NQIFJlc3BvbmRlciBDUyBDQTMgQ0wYDzIwMjMxMjAzMTkzMDQ4WjCBijCBhzA7MAkGBSsOAwIaBQAE"
- + "FFigVvdYJdDb+3ks6nkddybm/1tfBBSKt+EIOuxJR6TEC9yMHqtLdN4XhQICDAmAABgPMjAyMzEyMDMxOTMwNDhaoBEYDzIwMjMx"
- + "MjAzMjAzMDQ4WqEiMCAwHgYJKwYBBQUHMAEGBBEYDzIwMTYxMjAxMTYwOTA4WjANBgkqhkiG9w0BAQsFAAOCAQEAdA/n/yxYD/We"
- + "XT+aAOiZbmQ8aEVj3FgX6n3tAZZwB8QDzsFfmLmWsTbk9u4pdZ3v/k8X4psDKEXpzZVzNW/eBrV7oxSNgGjJN/7yZ8WJNgmXrehh"
- + "5jll369s5x0cqNOgD3qR7EVEqS6GsPXmB43wB/ops41zDLXksi7jPwvRnlS0sV31w5amUqb5IQnxpCLVxHDi4xs0SjXgWcc3CEv3"
- + "Rtqb1CQlqsXdQ3RJtKdkYcxfghxYM+zSob7w9IqfIAID4A72vNCYP5vM7RO9vIzang68ds+ajP8Jm2aHzdfF6kGo44GdGLdya+g0"
- + "hD74Gbe1LPFCywTfXR8ZR6eWkmwp3KCCBQswggUHMIIFAzCCAuugAwIBAgICCtgwDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNVBAYT"
- + "AklUMRgwFgYDVQQKDA9JbmZvQ2VydCBTLnAuQS4xHzAdBgNVBAsMFlRydXN0IFNlcnZpY2UgUHJvdmlkZXIxGjAYBgNVBGEMEVZB"
- + "VElULTA3OTQ1MjExMDA2MTAwLgYDVQQDDCdJbmZvQ2VydCBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIENBIDMgQ0wwHhcNMjMwMjE0"
- + "MTYwMjM5WhcNMjYwMjE0MTYwMjM5WjBrMQswCQYDVQQGEwJJVDEYMBYGA1UECgwPSW5mb0NlcnQgUy5wLkEuMR8wHQYDVQQLDBZU"
- + "cnVzdCBTZXJ2aWNlIFByb3ZpZGVyMSEwHwYDVQQDDBhPQ1NQIFJlc3BvbmRlciBDUyBDQTMgQ0wwggEiMA0GCSqGSIb3DQEBAQUA"
- + "A4IBDwAwggEKAoIBAQC4E4jNB8W8PS9xua2T/EIez+LKBssGuG/+btUsCRwcr2SLKHLDZquWG1uqJZEElulzY1x2u46+PgO1ZtGo"
- + "eCRazZt7NdYaU4kQBsrkmKRc72WITR7bcA8f2DelArlivtYswLO/RrgTO0CcrhTNy8njB17nGyJwn6pPrHAWii7i+5qaHnTfs97Y"
- + "/uyghUBh5yfpLZD5CneT0085R5wDQCzASCu7TO9cAkT84Ax5P8NvIutVLpfXVw2DYdx5gRsvtZMFdb00wBwFlj66PEonTvZ3SUb4"
- + "JU/NPEpA80q59lBGKJd9vccrGJoiUf7dagVl9fpqayNO5hkFv3bfqtuqUr3nAgMBAAGjgYQwgYEwCQYDVR0TBAIwADAPBgkrBgEF"
- + "BQcwAQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSKt+EIOuxJR6TEC9yMHqtL"
- + "dN4XhTAdBgNVHQ4EFgQUxMdBvrytW0xOnDzFvSjgFqO58rowDQYJKoZIhvcNAQELBQADggIBADXer+pOSAXKtUVBYEtmV2cEWARX"
- + "Qhvn77Yu+r8NCfAqKX7ND9N7up9eYYyq7huuyHgBUACrhoxDVLBJiefSC/NSN72vI/wfSbo6RjZWlz+OnySEsD6Qw3IPk+bivFyP"
- + "3gAHq++nMZwOH/oeuHZCYDHvvUzsmwedzMTbX2QjgXlb/qfxAQmHYgMuyAcLE7+o9zXP7cqhxOX5+/XFexWjtOr5P4ngVlJezwi4"
- + "ouT1RpgpEZr3o9JlOGAUxFhTHlE7jZ2/o4VRPuFY47ufMh3wJPo3DrKaGeLR4w+d7JiLFMMO0rq8E1MCFUHgbLjUDlprwwZDY9yF"
- + "Qgtt0pQ8yrqHDqpNALcVYxTTTcoqnF64Dbb//qHBfyKs+wJ+y+dzNWmFyQEr9Kng/6/orNHhSbmyRkE3aXcVvmlfUnBaK53zkP5m"
- + "7Dr3XYxyJnzAZLw2LdUTmPVXjwvPARGloxYJwOsdyDUgAKPJlNWU/7X1HLqzKm2TRcq7zs4tpwdYkRAf0NhUm733ITNsnRepxc7N"
- + "Ci0L+sDLZXwq+to8bad53HJodVcZBeCSnE9xm1bFQ9pdtvXueDCDH1SHUdSGdzTa3stnEJ40hGiqpDrb7MWwSgrH/NReZVxF7Rng"
- + "nk70FGgu0udxoWWHUm85rK8enT7yDiznBZI3aQvMSHvkmYzlNQ7omGokMA0GCSqGSIb3DQEBCwUABIIBAF8QT+Rm471jw+1YK3d7"
- + "JjAFnG61u8gmvKKP6WrGsg6+WThoGr2LoKjX8igUBvqfCi+JZCdQE4CPDIfRbtb7qLNo+vIwtK18jPZ0LUwPI6Ji9De8oGt38b91"
- + "3BbYqizYXbX/NvTGxoXDoC/05vkcW4ptzAueONGhNCgziC6ulOcY3qBZQgFn+/tMdFaFXxM+rSPjHn5Ad13bBsjCWOJeXunOJxoc"
- + "I8b/uQoK3IEP71VJXluYY5OPULfaGQ0doej4Z8I2fxPEdO7Z7X2rJR4nqnSG+Q48In/Y5QkSape6679m5EShEhbIQNXmJc0uB9E/"
- + "VP7hles1Zp+xThV6WCDOFVehghIUMIIHVQYLKoZIhvcNAQkQAhgxggdEMIIHQKGCBzwwggc4MIIHNDCCAQ2hbTBrMQswCQYDVQQG"
- + "EwJJVDEYMBYGA1UECgwPSW5mb0NlcnQgUy5wLkEuMR8wHQYDVQQLDBZUcnVzdCBTZXJ2aWNlIFByb3ZpZGVyMSEwHwYDVQQDDBhP"
- + "Q1NQIFJlc3BvbmRlciBDUyBDQTMgQ0wYDzIwMjMxMjAzMTkzMDQ4WjCBijCBhzA7MAkGBSsOAwIaBQAEFFigVvdYJdDb+3ks6nkd"
- + "dybm/1tfBBSKt+EIOuxJR6TEC9yMHqtLdN4XhQICDAmAABgPMjAyMzEyMDMxOTMwNDhaoBEYDzIwMjMxMjAzMjAzMDQ4WqEiMCAw"
- + "HgYJKwYBBQUHMAEGBBEYDzIwMTYxMjAxMTYwOTA4WjANBgkqhkiG9w0BAQsFAAOCAQEAdA/n/yxYD/WeXT+aAOiZbmQ8aEVj3FgX"
- + "6n3tAZZwB8QDzsFfmLmWsTbk9u4pdZ3v/k8X4psDKEXpzZVzNW/eBrV7oxSNgGjJN/7yZ8WJNgmXrehh5jll369s5x0cqNOgD3qR"
- + "7EVEqS6GsPXmB43wB/ops41zDLXksi7jPwvRnlS0sV31w5amUqb5IQnxpCLVxHDi4xs0SjXgWcc3CEv3Rtqb1CQlqsXdQ3RJtKdk"
- + "YcxfghxYM+zSob7w9IqfIAID4A72vNCYP5vM7RO9vIzang68ds+ajP8Jm2aHzdfF6kGo44GdGLdya+g0hD74Gbe1LPFCywTfXR8Z"
- + "R6eWkmwp3KCCBQswggUHMIIFAzCCAuugAwIBAgICCtgwDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNVBAYTAklUMRgwFgYDVQQKDA9J"
- + "bmZvQ2VydCBTLnAuQS4xHzAdBgNVBAsMFlRydXN0IFNlcnZpY2UgUHJvdmlkZXIxGjAYBgNVBGEMEVZBVElULTA3OTQ1MjExMDA2"
- + "MTAwLgYDVQQDDCdJbmZvQ2VydCBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIENBIDMgQ0wwHhcNMjMwMjE0MTYwMjM5WhcNMjYwMjE0"
- + "MTYwMjM5WjBrMQswCQYDVQQGEwJJVDEYMBYGA1UECgwPSW5mb0NlcnQgUy5wLkEuMR8wHQYDVQQLDBZUcnVzdCBTZXJ2aWNlIFBy"
- + "b3ZpZGVyMSEwHwYDVQQDDBhPQ1NQIFJlc3BvbmRlciBDUyBDQTMgQ0wwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4"
- + "E4jNB8W8PS9xua2T/EIez+LKBssGuG/+btUsCRwcr2SLKHLDZquWG1uqJZEElulzY1x2u46+PgO1ZtGoeCRazZt7NdYaU4kQBsrk"
- + "mKRc72WITR7bcA8f2DelArlivtYswLO/RrgTO0CcrhTNy8njB17nGyJwn6pPrHAWii7i+5qaHnTfs97Y/uyghUBh5yfpLZD5CneT"
- + "0085R5wDQCzASCu7TO9cAkT84Ax5P8NvIutVLpfXVw2DYdx5gRsvtZMFdb00wBwFlj66PEonTvZ3SUb4JU/NPEpA80q59lBGKJd9"
- + "vccrGJoiUf7dagVl9fpqayNO5hkFv3bfqtuqUr3nAgMBAAGjgYQwgYEwCQYDVR0TBAIwADAPBgkrBgEFBQcwAQUEAgUAMBMGA1Ud"
- + "JQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSKt+EIOuxJR6TEC9yMHqtLdN4XhTAdBgNVHQ4EFgQU"
- + "xMdBvrytW0xOnDzFvSjgFqO58rowDQYJKoZIhvcNAQELBQADggIBADXer+pOSAXKtUVBYEtmV2cEWARXQhvn77Yu+r8NCfAqKX7N"
- + "D9N7up9eYYyq7huuyHgBUACrhoxDVLBJiefSC/NSN72vI/wfSbo6RjZWlz+OnySEsD6Qw3IPk+bivFyP3gAHq++nMZwOH/oeuHZC"
- + "YDHvvUzsmwedzMTbX2QjgXlb/qfxAQmHYgMuyAcLE7+o9zXP7cqhxOX5+/XFexWjtOr5P4ngVlJezwi4ouT1RpgpEZr3o9JlOGAU"
- + "xFhTHlE7jZ2/o4VRPuFY47ufMh3wJPo3DrKaGeLR4w+d7JiLFMMO0rq8E1MCFUHgbLjUDlprwwZDY9yFQgtt0pQ8yrqHDqpNALcV"
- + "YxTTTcoqnF64Dbb//qHBfyKs+wJ+y+dzNWmFyQEr9Kng/6/orNHhSbmyRkE3aXcVvmlfUnBaK53zkP5m7Dr3XYxyJnzAZLw2LdUT"
- + "mPVXjwvPARGloxYJwOsdyDUgAKPJlNWU/7X1HLqzKm2TRcq7zs4tpwdYkRAf0NhUm733ITNsnRepxc7NCi0L+sDLZXwq+to8bad5"
- + "3HJodVcZBeCSnE9xm1bFQ9pdtvXueDCDH1SHUdSGdzTa3stnEJ40hGiqpDrb7MWwSgrH/NReZVxF7Rngnk70FGgu0udxoWWHUm85"
- + "rK8enT7yDiznBZI3aQvMSHvkmYzlNQ7omGokMIIKtwYLKoZIhvcNAQkQAg4xggqmMIIKogYJKoZIhvcNAQcCoIIKkzCCCo8CAQMx"
- + "DzANBglghkgBZQMEAgEFADCB7gYLKoZIhvcNAQkQAQSggd4EgdswgdgCAQEGBitMJAEBKDAxMA0GCWCGSAFlAwQCAQUABCBWlrPK"
- + "cF6PM/haW9SfZ8mDbOECxD7j/7kQStx/xduPMQIEAOG5uhgPMjAyMzEyMDMxOTM0MjRaMAMCAQECCFtpcKcBhSPfoFWkUzBRMQsw"
- + "CQYDVQQGEwJJVDEYMBYGA1UECgwPSW5mb0NlcnQgUy5wLkEuMQwwCgYDVQQLDANUU0ExGjAYBgNVBAMMEUlDRURUU1BEMUNMMjAy"
- + "MjA3oRswGQYIKwYBBQUHAQMEDTALMAkGBwQAgZdeAQGgggawMIIGrDCCBJSgAwIBAgIBDjANBgkqhkiG9w0BAQsFADCBgTELMAkG"
- + "A1UEBhMCSVQxGDAWBgNVBAoMD0luZm9DZXJ0IFMucC5BLjEMMAoGA1UECwwDVFNBMRowGAYDVQRhDBFWQVRJVC0wNzk0NTIxMTAw"
- + "NjEuMCwGA1UEAwwlSW5mb0NlcnQgVGltZSBTdGFtcGluZyBBdXRob3JpdHkgMyBDTDAeFw0yMjA3MjExMDAzMTlaFw0yNTA3MjEx"
- + "MDAzMTlaMFExCzAJBgNVBAYTAklUMRgwFgYDVQQKDA9JbmZvQ2VydCBTLnAuQS4xDDAKBgNVBAsMA1RTQTEaMBgGA1UEAwwRSUNF"
- + "RFRTUEQxQ0wyMDIyMDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW2cLIxkXEVbXqXt7PuNhEnvzsTYNj7QFfYNyu"
- + "Y0gxT8TIQ7Lk0CgsHlP6C920eTuNOSB8aPKCOxEZZnOWQ3RcjN5bmPVERFkNIixAH8Tf7P/lqztHwWoAsC1MCWnn6JoosksF9hs+"
- + "BGnR4FiZQGJRBOU0ffNTlBN2KpisCs2UnxHzxW0iUNtk3BP9qEHEJ4mJQhUQTYmra7SnsT74EP/egSXtLraJdRPpzC/VGZZl96xR"
- + "BZqfXhhNsXro7CPalWGJT4kiO6dHBWKjbAIBr3xqppvpb4EFfU0w0HBqKcIClnhgtpzZx+EIk3n3PE01fgJttC7HmiaojNELDzEx"
- + "5hkjAgMBAAGjggJcMIICWDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDBxBggrBgEFBQcBAwRlMGMwCAYGBACORgEBMAgGBgQAjkYB"
- + "BDALBgYEAI5GAQMCARQwQAYGBACORgEFMDYwNBYuaHR0cHM6Ly93d3cuZmlybWEuaW5mb2NlcnQuaXQvcGRmL1BLSS1EVFNBLnBk"
- + "ZhMCZW4wPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcGNsLnRzYS5jYTMuaW5mb2NlcnQuaXQvMIHMBgNV"
- + "HR8EgcQwgcEwgb6ggbuggbiGKGh0dHA6Ly9jcmxjbC5pbmZvY2VydC5pdC9jYTMvdHNhL0NSTC5jcmyGgYtsZGFwOi8vbGRhcGNs"
- + "LmluZm9jZXJ0Lml0L2NuJTNESW5mb0NlcnQlMjBUaW1lJTIwU3RhbXBpbmclMjBBdXRob3JpdHklMjAzJTIwQ0wsb3UlM0RUU0Es"
- + "byUzRElORk9DRVJUJTIwU1BBLGMlM0RJVD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0MGwGA1UdIARlMGMwCAYGBACPZwEBME8G"
- + "BitMJAEBKDBFMEMGCCsGAQUFBwIBFjdodHRwOi8vd3d3LmZpcm1hLmluZm9jZXJ0Lml0L2RvY3VtZW50YXppb25lL21hbnVhbGku"
- + "cGhwMAYGBCtMEAYwDgYDVR0PAQH/BAQDAgeAMB8GA1UdIwQYMBaAFEHldFezAI2xG0viX7DrARShKtuZMB0GA1UdDgQWBBQJ7Bf9"
- + "kzBv8oTNyiECzlBLNSWcNTANBgkqhkiG9w0BAQsFAAOCAgEAyD+jZi6CR/Hfxu/IaN2TP+L10Sm4WzlVc4uQlOFrlrxiHuyZvqWj"
- + "hebS2eCBJ/MQnbuzoJe6XAlZCRiQHL+bFR4EhlXb34c0NKGsNb0uJgwZM8WvxEE3kPNPFfb/QqJm+H9OTcLsFW9ZBMbpIGpzYHi1"
- + "v1W8ETTQM8RR1cxbv5t4uc7VB2V0nHW5KwJadMNGPJgaL+7SHzxcOB4K8QcKkJLxAocd3xfRWBLexTfX3oH4zGb7YHuWgxxogWPx"
- + "RGD9it4N3qGHVOgrgGsWWjza29AQSSnZaR+HmNuX6TTAt21Lm5JI79zfG1cgL5UxGpBloKJPIP0Ti0JQz01wJl/8wf8WFXi5oSAs"
- + "OVMLXu6UiZJ5Dgm4aVooeU8fzin+SrF/m7iwKp4sibVhEwi6X+9xQV/abyNp0QemiHuNS3dNAuwIsUHYoFFMPTcbse+JSx6JyTTi"
- + "N/CSivSjD6vh0L3lJ7vdG8sVT+sNOkjgVrDdJ5OonTnnqDNjWFF4PsIVkue9ZrCI9SFtLfi/RiCnc79QdrqkFcP96F9XzSyoSJwD"
- + "NAMQKsjaOCXuGxtPBNJRoAVR2t4cnGJIkc/RrllvsZmrrt2eq8+qFCPEJgy3+7wx4noPtTcAcMBh2RVs8V91flJEcSr/e3CvzKaV"
- + "8cmfNg1g00XmS7Ps3w0lGS9g/sRgcscxggLSMIICzgIBATCBhzCBgTELMAkGA1UEBhMCSVQxGDAWBgNVBAoMD0luZm9DZXJ0IFMu"
- + "cC5BLjEMMAoGA1UECwwDVFNBMRowGAYDVQRhDBFWQVRJVC0wNzk0NTIxMTAwNjEuMCwGA1UEAwwlSW5mb0NlcnQgVGltZSBTdGFt"
- + "cGluZyBBdXRob3JpdHkgMyBDTAIBDjANBglghkgBZQMEAgEFAKCCARswGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMC8GCSqG"
- + "SIb3DQEJBDEiBCBoI+/W2jQpMcB1rsNP9IpssP0nHJz0zCYFh+GitSK3+zCBywYLKoZIhvcNAQkQAi8xgbswgbgwgbUwgbIEIGHM"
- + "B34bFSWTFpXzd/r69zOYA6dNg/iE5qWFk9VWTmSMMIGNMIGHpIGEMIGBMQswCQYDVQQGEwJJVDEYMBYGA1UECgwPSW5mb0NlcnQg"
- + "Uy5wLkEuMQwwCgYDVQQLDANUU0ExGjAYBgNVBGEMEVZBVElULTA3OTQ1MjExMDA2MS4wLAYDVQQDDCVJbmZvQ2VydCBUaW1lIFN0"
- + "YW1waW5nIEF1dGhvcml0eSAzIENMAgEOMA0GCSqGSIb3DQEBAQUABIIBAAaGUELs/u4IAaVDY08a8qWKJomuqEKguYoDEh0auAxo"
- + "2de7q3AwgrfqUnA0eJvGahqxidT5sL5tCylf8PXXP01Mm7wWf5dNOCVjY/DZCkvLB4+tRq9bFvJEAIpcQXcUh8anS+keY4jYLWZa"
- + "c3j+75+TdcysA4yxXyGjWijLoKhDLCaOdOLmU0TftZ9hlWAfTsual6vIw86Kqv/o/NzxdGrDHrqfPF7prfFQQB7cnzG3tPX7owPM"
- + "tTJa3Ijiad+UEkIQqzSgG8+lGL03SbGyhSiU3KvZR+wvnesq2VTdZq6g6gbgohAnhl5gLMLnJj/6CgGj51tU6/ViBBKfCxVu0EMA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==";
-
internal const String SERIALIZED_B64_2DIGEST_ALGOS = "MIIKCgYJKoZIhvcNAQcCoIIJ+zCCCfcCAQExHjANBglghkgBZQME"
+ "AgEFADANBglghkgBZQMEAgIFADALBgkqhkiG9w0BBwGgggfb" + "MIID6TCCAtGgAwIBAgIEWOew7DANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoM"
+ "BWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290MCAXDTE3MDQwNzE1MzM0MFoYDzIxMTcwNDA3MTUz"
@@ -735,5 +323,113 @@ internal class CMSTestHelper {
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+
+ internal const String CMS_CONTAINER_WITH_OCSP_AND_CRL = "MIIXHAYJKoZIhvcNAQcCoIIXDTCCFwkCAQExDzANBglghkgBZQMEAgMFA"
+ + "DALBgkqhkiG9w0BBwGgggvqMIID6jCCAtKgAwIBAgIEWOeR1jANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJCWTEOMAwG" +
+ "A1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4" + "dFRlc3RSb290MCAXDTE3MDQwNzEzMjAwMVoYDzIxMTcwNDA3MTMyMDAxWjBUMQswCQYDVQQGEwJC"
+ + "WTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQD" + "DA1pVGV4dFRlc3RSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/fz7iq1wzhM"
+ + "MYcGfmMmteCY/ZtdE26PB1OTTBuDSN86sVNmur5FV/mLPU9ZK2ofrs+wMrqn0agmFlRl4dThf5u5" + "WSEQ/ARwXzYOn2uEkwR/0dwwZUL3VWhrPSD5SxX5MzFo8UXTNlXW2bClLC0FQU2qLjIwwRFwwWDS"
+ + "QPR8r/Mv181RljVpEjPk6DfkDtHWWA4daGlQU0nXbuZszplviPafXmyKn+2w4G9Jw/8pHIK2VhWY" + "stLI+bUZk662ZVldNvnpMyHn12FfB0Nbf/Z6V2WTGviEr8EEE2cA7I+H7ZGUDzug7umNCCJn3ilC"
+ + "6vAt9i9OLaZRDh6jPMOjMUizTwIDAQABo4HBMIG+MA8GA1UdEwEB/wQFMAMBAf8wfwYDVR0jBHgw" + "doAUXSpxda7d2L5ZuiCxZpHJdjZTXO6hWKRWMFQxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5z"
+ + "azEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxFjAUBgNVBAMMDWlUZXh0VGVzdFJvb3SC" + "BFjnkdYwHQYDVR0OBBYEFF0qcXWu3di+WbogsWaRyXY2U1zuMAsGA1UdDwQEAwIB9jANBgkqhkiG"
+ + "9w0BAQsFAAOCAQEAdhby6EaopoUF8j7oR44Mhe/N3y9hzGb/zLmmgTavPd2plv6NlAPt9W+8rezK" + "O6jQCsBRFw8JY+Lx6j3W0K6rWigBpPGU/B/0bXLlOIv2a4uW8nBmq6jxAe5Xbtwm8HcKOOLMzxPI"
+ + "ChHJIJy5NWw9ArD4Ul+FEt/VuEW1NfPZm1U5ixMOrBfn0C8pxIX4+VSHN9I8WoFjSfYX4Y3ldRLT" + "eqxQrhZQlbhGNymp3Kcvtuq5At6vopskyB8Q1b7L4e+hRWK2prz/7p4Bdhu2TmkEfWZcYKpgrkVF"
+ + "qa/Z1uZ0q4KVBOP3cyaQmqRXTV37SfpNyHAJdol5ueF68VVVNZFRXzCCA/cwggLfoAMCAQICBFxs" + "KrcwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQK"
+ + "DAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRUZXN0Um9vdDAgFw0xOTAyMTkx" + "NjE2NDdaGA8yMTE5MDIxOTE2MTY0N1owYTELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4w"
+ + "DAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEjMCEGA1UEAwwaaVRleHRUZXN0SW50ZXJtZWRp" + "YXRlUnNhMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1ZSP/QPAJgCYLo40PZzLP"
+ + "UiTPvdV4YM9ZyQbpPuAaM9/+dD98m/DHhNRquKEeEyBOtqhQRaEq6dXezcY/omjpnVB1d8qymAKF" + "HjDCwmay2g1V7xCq+NguScY6FfSS0qf4BR9l7RM5RFJRGBqqLSX0KpSuzrnwH4W1+uvbzXasrIRa"
+ + "8VnhrrT3d5NdrrJfR8u54j0iCvaytDvL0itefp3hMmayGmcTqNFR82raZoTnN7sJXVcIaSJBfgyh" + "e3W0Lspcap3s9Kjtq6LN3UB6Tu8HpGjJa9AMflTAIGWKyovHYgycTOlRxCictiEfTDzd653667J/"
+ + "4PIANUWQkrqXcEV/AgMBAAGjgcEwgb4wDwYDVR0TAQH/BAUwAwEB/zB/BgNVHSMEeDB2gBRdKnF1" + "rt3Yvlm6ILFmkcl2NlNc7qFYpFYwVDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYD"
+ + "VQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRUZXN0Um9vdIIEWOeR1jAd" + "BgNVHQ4EFgQU+fZz3YlV41AjV8fQsSoS9TYj5HEwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUA"
+ + "A4IBAQCFLmV4qA6fnMfqyY92jpnbbuhwNQBq06tRdTsT6jLmzUSSh+dUYpSaA6Q4lbr8l9EJnIci" + "01L0Sqddt5ujasib+fVdp8M2dBgR6jEt0k5cHemhx6wpgHfqBCI0CGq4tG6wc30CF9rhV4HvouH0"
+ + "DZnccjW+ku/Os3Wg8LW+0TXBsCfLCW+S4OfEC/PMhB7aVXoV9SlCGrFnfU/Ae4q2RhZypSj95XEX" + "ZJyGSC8cJzOtKy9tRSKflcoUO+6tnl488E0ZYyPWSkeK50ZIlmaf7qcc/oJU0yH9ukYJ32beta3U"
+ + "7fyG+/cvYnRYv6hG0TCelU//3mJ3jKeCS5QHtbeiIUNlMIID/TCCAuWgAwIBAgIEXGwsIjANBgkq" + "hkiG9w0BAQsFADBhMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0"
+ + "MQ0wCwYDVQQLDAR0ZXN0MSMwIQYDVQQDDBppVGV4dFRlc3RJbnRlcm1lZGlhdGVSc2EwMTAgFw0x" + "OTAyMTkxNjIwMTVaGA8yMTE5MDIxOTE2MjAxNVowYDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1p"
+ + "bnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEiMCAGA1UEAwwZaVRleHRUZXN0UnNh" + "Q2VydFdpdGhDaGFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMNBVdCUyzCDrYJU"
+ + "zgkZj4O8yQlnNfBTcbjr4wBB9Fgin88wRh1Q28/6MYyZvBDZ/O8irgcXtxYPPZ5sEfvYETZRX/4N" + "cfaX50Yjs7cBttY2ycRUEeSqyOfpV+llNoaMPh4n3DLmGEgAiqOf7sS4II3sSCMfkmTAPLxsXMxz"
+ + "jFoZBIBd43p6QrgXnxLnnQiRTRyfx2O+yPlb6oQZMc1Li5uENrPMmYyPVSt+Kx9qa47Ieh9NQxWM" + "i41ad7gVWwLSyB8zydYtpZYh4/6/KtVRecV1aNh7Wzr9idprmP1SPijsiiSj/gIuZGHnRkkayJfg"
+ + "Y9x8bLuCcKQr+3JN0b3NxjUCAwEAAaOBuzCBuDAJBgNVHRMEAjAAMH8GA1UdIwR4MHaAFPn2c92J" + "VeNQI1fH0LEqEvU2I+RxoVikVjBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNV"
+ + "BAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290ggRcbCq3MB0G" + "A1UdDgQWBBT9n6P7M0+sxcQZaLmT3nHvwMtcDjALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQAD"
+ + "ggEBAKw+KJXyMz3jXoeNpRVpUp2vVt/qxdHkXMmHB8Govrri6+ys6GX1qNi6ORkr6mxS58/h+V5X" + "a0vnZv+Vgs/278MSfWXA5LZT+JduDp8gNN7GLQ2wu6WEDEAcG2RfjPJuuToml4iHk+2z3feUQLbd"
+ + "D89R4bM6W0FwZhz149Secf6gm/M2RmeftODgU9Sej59ByLRGxqhrfBlNCbu08SrEY4HxaRawWX2S" + "v1tkTsqkyXT5C59s7Q2jzRSFvuF59LsDU36JEUB0cMth3z7ebmmB9oVXaauCwWp3XwEQtCGg1Rcf"
+ + "Ll7BdsrObHVF87AW3j55qCKuyO9C8BvYLCv9GdF9LbahggdPMIIB0DCBuQIBATANBgkqhkiG9w0B" + "AQsFADBgMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYD"
+ + "VQQLDAR0ZXN0MSIwIAYDVQQDDBlpVGV4dFRlc3RSc2FDZXJ0V2l0aENoYWluFw0wMDAyMTMxNDE0" + "MDJaFw0wMDAzMTUxNDE0MDJaMCUwIwIEXGwsIhcNMDAwMzE1MTQxNDAyWjAMMAoGA1UdFQQDCgEB"
+ + "MA0GCSqGSIb3DQEBCwUAA4IBAQCHiG6rCn46IpDvtHX2SRM/azq+rhrvZZ5axvoBIkeRo1efAwbn" + "8f+0V2wRxBvGFWsEwguTlzXS3bT9cDfvR1HKDsjUfvcSEc4tEzzvXrZonV1Q3Z3TEe4SBjJdlYvC"
+ + "oNOYXRlly48qi6IuL3Mh40EOz0AEhR8ShhEY43FbRN3DllSzHZOp//s/JeXXwTaw7CEv0molbl3g" + "m6X3glWH0o9iAj37MIPdNpAx1sjQq3aCbjMExLM7B6XIL4g6kRVSFaYupVUiUTyQJaQgaFm2qhQn"
+ + "B1FWeLREbzHCZEyiff6OBYTVq+paYvScEOgSUDkNSH3qYVhuBC0ZZMdMhn7sl2WdMIIFdwYIKwYB" + "BQUHEAIwggVpCgEAMIIFYgYJKwYBBQUHMAEBBIIFUzCCBU8wgduhOjA4MQswCQYDVQQGEwJCWTEO"
+ + "MAwGA1UECgwFaVRleHQxGTAXBgNVBAMMEGlUZXh0VGVzdFJvb3RSc2EYDzIwMjExMjE2MDAxMDM3" + "WjBnMGUwPTAJBgUrDgMCGgUABBS3N/pakPMumDlViKRP2+K6XJgJDAQUXSpxda7d2L5ZuiCxZpHJ"
+ + "djZTXO4CBFjnsOyAABgPMjAyMTEyMTUwMDEwMzdaoBEYDzIwMjIwMTE1MDAxMDM3WqEjMCEwHwYJ" + "KwYBBQUHMAECBBIEELP0PeKhpRxyfh6liMz0JGEwDQYJKoZIhvcNAQELBQADggEBAIMlJDB0yNel"
+ + "AddKAVDQ/4oKN0OSFvvmf/WcMtlyMvo1iGnfPj5kVOBGwu9QnPP59K/l42eK7MS5PdwQKpy0F9Rs" + "a8a2JKIwjEFZSvrlkBshRCWEH2nVD1Bv+FBoDpP+87UR2DFazK06lCeN3wjEfXXf/Kqxa+Eum8ks"
+ + "ejG5nv5DzKz7QAiywrIes3TEBKAUuGLIYl9g044+Tcc5cy0YtLpwDTGPY1GjnKvJ6rBaARmuF6Va" + "4kzN5TinGFdolMjLRhPSEz/yu3js1yRa1io/OpnfuS+3+YKBth/4Ha4S/RExUhrGzRvuCJKaQN1Z"
+ + "Au086IJYnl7DZB+JEKu0zgqQTwGgggNZMIIDVTCCA1EwggI5oAMCAQICAhAAMA0GCSqGSIb3DQEB" + "CwUAMDgxCzAJBgNVBAYTAkJZMQ4wDAYDVQQKDAVpVGV4dDEZMBcGA1UEAwwQaVRleHRUZXN0Um9v"
+ + "dFJzYTAgFw0wMDAxMDEwMDAwMDBaGA8yNTAwMDEwMTAwMDAwMFowODELMAkGA1UEBhMCQlkxDjAM" + "BgNVBAoMBWlUZXh0MRkwFwYDVQQDDBBpVGV4dFRlc3RSb290UnNhMIIBIjANBgkqhkiG9w0BAQEF"
+ + "AAOCAQ8AMIIBCgKCAQEA1+fAOZj02WNCkGhss/rm+ExC/9hkCk3GH+t433G+iTrmSjZhDms+MXd3" + "1UlWIRTY0BVIlV6siuW6N24qMJ0NvWAD2PbHSQ4fcRS1faaLNN23nKOBkOZBwzF9gapHUU0E+RXp"
+ + "qcgTvGcL/t7n5a/DxpjdnVvdWqbLHtnfmoMHfwAwF9b31jxA9ZMwD159RTk6qL27Cu7CaH4vDKbN" + "7N+0NLfAFLJXWLnHxMtYLngjmUS09ScUJqMQ6aVDvySR8HqLWp/gF+VCbLmGAJFn/cCk3YIhhIgU"
+ + "YVVweTUjWnhi4mSRERgF2hGOpRwO2ho7/L55qNGH1j2VR+qD9JEd0qnDRQIDAQABo2MwYTAdBgNV" + "HQ4EFgQUg+HjrU9dZYHU6XgWmWAXDsl8Q4YwHwYDVR0jBBgwFoAUg+HjrU9dZYHU6XgWmWAXDsl8"
+ + "Q4YwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBABE5" + "k6eKVF/hG4M1e1i/hYjVnSW12gbzR000MeiUUZ86lfuhOtHAn11CudBTNpKLMMz/NIXxcGf/Th/T"
+ + "LNdoC09MPgD6G095+Yydx9ip1B9xW5IeSZChsLJNq+DO6tO9NYUe1NlXwd5/bUxJYBIurkSIQvfN" + "GtYDWapQtK1mtVzrqsq+aeR+X5E4YHWzhCgvOZ0mbdVNP6tBaAGLWreSGkk18DYYCSwpxbeC3g5C"
+ + "Gz5LuN+a7IrbfnTK9V/2Fytu3wpE0F5pgp+tmKaUUlL8EHb1IyVnI/UT8KhIkW0moJi74i7EzLW3" + "t/hxIvWAYdt4kC4M+PZxJnuy8UB0pe3Xi2YxggOjMIIDnwIBATBpMGExCzAJBgNVBAYTAkJZMQ4w"
+ + "DAYDVQQHDAVNaW5zazEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxIzAhBgNVBAMMGmlU" + "ZXh0VGVzdEludGVybWVkaWF0ZVJzYTAxAgRcbCwiMA0GCWCGSAFlAwQCAwUAoIICCzAYBgkqhkiG"
+ + "9w0BCQMxCwYJKoZIhvcNAQcBMIHXBgsqhkiG9w0BCRACLzGBxzCBxDCBwTCBvjALBglghkgBZQME" + "AgMEQAJAICi7FPbZ7MwuzR4m/aK+S1eD6bzTwuOyR7FTgIO8qLDmq9xnUmiZk1Qx7DIAZJkHriWU"
+ + "tM6HRka/few5zPQwbTBlpGMwYTELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQK" + "DAVpVGV4dDENMAsGA1UECwwEdGVzdDEjMCEGA1UEAwwaaVRleHRUZXN0SW50ZXJtZWRpYXRlUnNh"
+ + "MDECBFxsLCIwggETBgkqhkiG9w0BCQQxggEEBIIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAwDQYJKoZIhvcNAQENBQAEggEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==";
+
+ internal const String CMS_CONTAINER_WITH_INCORRECT_REV_INFO = "MIIXKQYJKoZIhvcNAQcCoIIXGjCCFxYCAQExDzANBglghkgBZQMEAgMFADALBgkqhkiG9w0BBwGg"
+ + "ggvqMIID6jCCAtKgAwIBAgIEWOeR1jANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJCWTEOMAwG" + "A1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4"
+ + "dFRlc3RSb290MCAXDTE3MDQwNzEzMjAwMVoYDzIxMTcwNDA3MTMyMDAxWjBUMQswCQYDVQQGEwJC" + "WTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQD"
+ + "DA1pVGV4dFRlc3RSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/fz7iq1wzhM" + "MYcGfmMmteCY/ZtdE26PB1OTTBuDSN86sVNmur5FV/mLPU9ZK2ofrs+wMrqn0agmFlRl4dThf5u5"
+ + "WSEQ/ARwXzYOn2uEkwR/0dwwZUL3VWhrPSD5SxX5MzFo8UXTNlXW2bClLC0FQU2qLjIwwRFwwWDS" + "QPR8r/Mv181RljVpEjPk6DfkDtHWWA4daGlQU0nXbuZszplviPafXmyKn+2w4G9Jw/8pHIK2VhWY"
+ + "stLI+bUZk662ZVldNvnpMyHn12FfB0Nbf/Z6V2WTGviEr8EEE2cA7I+H7ZGUDzug7umNCCJn3ilC" + "6vAt9i9OLaZRDh6jPMOjMUizTwIDAQABo4HBMIG+MA8GA1UdEwEB/wQFMAMBAf8wfwYDVR0jBHgw"
+ + "doAUXSpxda7d2L5ZuiCxZpHJdjZTXO6hWKRWMFQxCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5z" + "azEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxFjAUBgNVBAMMDWlUZXh0VGVzdFJvb3SC"
+ + "BFjnkdYwHQYDVR0OBBYEFF0qcXWu3di+WbogsWaRyXY2U1zuMAsGA1UdDwQEAwIB9jANBgkqhkiG" + "9w0BAQsFAAOCAQEAdhby6EaopoUF8j7oR44Mhe/N3y9hzGb/zLmmgTavPd2plv6NlAPt9W+8rezK"
+ + "O6jQCsBRFw8JY+Lx6j3W0K6rWigBpPGU/B/0bXLlOIv2a4uW8nBmq6jxAe5Xbtwm8HcKOOLMzxPI" + "ChHJIJy5NWw9ArD4Ul+FEt/VuEW1NfPZm1U5ixMOrBfn0C8pxIX4+VSHN9I8WoFjSfYX4Y3ldRLT"
+ + "eqxQrhZQlbhGNymp3Kcvtuq5At6vopskyB8Q1b7L4e+hRWK2prz/7p4Bdhu2TmkEfWZcYKpgrkVF" + "qa/Z1uZ0q4KVBOP3cyaQmqRXTV37SfpNyHAJdol5ueF68VVVNZFRXzCCA/cwggLfoAMCAQICBFxs"
+ + "KrcwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYDVQQK" + "DAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRUZXN0Um9vdDAgFw0xOTAyMTkx"
+ + "NjE2NDdaGA8yMTE5MDIxOTE2MTY0N1owYTELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4w" + "DAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEjMCEGA1UEAwwaaVRleHRUZXN0SW50ZXJtZWRp"
+ + "YXRlUnNhMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1ZSP/QPAJgCYLo40PZzLP" + "UiTPvdV4YM9ZyQbpPuAaM9/+dD98m/DHhNRquKEeEyBOtqhQRaEq6dXezcY/omjpnVB1d8qymAKF"
+ + "HjDCwmay2g1V7xCq+NguScY6FfSS0qf4BR9l7RM5RFJRGBqqLSX0KpSuzrnwH4W1+uvbzXasrIRa" + "8VnhrrT3d5NdrrJfR8u54j0iCvaytDvL0itefp3hMmayGmcTqNFR82raZoTnN7sJXVcIaSJBfgyh"
+ + "e3W0Lspcap3s9Kjtq6LN3UB6Tu8HpGjJa9AMflTAIGWKyovHYgycTOlRxCictiEfTDzd653667J/" + "4PIANUWQkrqXcEV/AgMBAAGjgcEwgb4wDwYDVR0TAQH/BAUwAwEB/zB/BgNVHSMEeDB2gBRdKnF1"
+ + "rt3Yvlm6ILFmkcl2NlNc7qFYpFYwVDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1pbnNrMQ4wDAYD" + "VQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEWMBQGA1UEAwwNaVRleHRUZXN0Um9vdIIEWOeR1jAd"
+ + "BgNVHQ4EFgQU+fZz3YlV41AjV8fQsSoS9TYj5HEwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUA" + "A4IBAQCFLmV4qA6fnMfqyY92jpnbbuhwNQBq06tRdTsT6jLmzUSSh+dUYpSaA6Q4lbr8l9EJnIci"
+ + "01L0Sqddt5ujasib+fVdp8M2dBgR6jEt0k5cHemhx6wpgHfqBCI0CGq4tG6wc30CF9rhV4HvouH0" + "DZnccjW+ku/Os3Wg8LW+0TXBsCfLCW+S4OfEC/PMhB7aVXoV9SlCGrFnfU/Ae4q2RhZypSj95XEX"
+ + "ZJyGSC8cJzOtKy9tRSKflcoUO+6tnl488E0ZYyPWSkeK50ZIlmaf7qcc/oJU0yH9ukYJ32beta3U" + "7fyG+/cvYnRYv6hG0TCelU//3mJ3jKeCS5QHtbeiIUNlMIID/TCCAuWgAwIBAgIEXGwsIjANBgkq"
+ + "hkiG9w0BAQsFADBhMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNVBAoMBWlUZXh0" + "MQ0wCwYDVQQLDAR0ZXN0MSMwIQYDVQQDDBppVGV4dFRlc3RJbnRlcm1lZGlhdGVSc2EwMTAgFw0x"
+ + "OTAyMTkxNjIwMTVaGA8yMTE5MDIxOTE2MjAxNVowYDELMAkGA1UEBhMCQlkxDjAMBgNVBAcMBU1p" + "bnNrMQ4wDAYDVQQKDAVpVGV4dDENMAsGA1UECwwEdGVzdDEiMCAGA1UEAwwZaVRleHRUZXN0UnNh"
+ + "Q2VydFdpdGhDaGFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMNBVdCUyzCDrYJU" + "zgkZj4O8yQlnNfBTcbjr4wBB9Fgin88wRh1Q28/6MYyZvBDZ/O8irgcXtxYPPZ5sEfvYETZRX/4N"
+ + "cfaX50Yjs7cBttY2ycRUEeSqyOfpV+llNoaMPh4n3DLmGEgAiqOf7sS4II3sSCMfkmTAPLxsXMxz" + "jFoZBIBd43p6QrgXnxLnnQiRTRyfx2O+yPlb6oQZMc1Li5uENrPMmYyPVSt+Kx9qa47Ieh9NQxWM"
+ + "i41ad7gVWwLSyB8zydYtpZYh4/6/KtVRecV1aNh7Wzr9idprmP1SPijsiiSj/gIuZGHnRkkayJfg" + "Y9x8bLuCcKQr+3JN0b3NxjUCAwEAAaOBuzCBuDAJBgNVHRMEAjAAMH8GA1UdIwR4MHaAFPn2c92J"
+ + "VeNQI1fH0LEqEvU2I+RxoVikVjBUMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNV" + "BAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MRYwFAYDVQQDDA1pVGV4dFRlc3RSb290ggRcbCq3MB0G"
+ + "A1UdDgQWBBT9n6P7M0+sxcQZaLmT3nHvwMtcDjALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQAD" + "ggEBAKw+KJXyMz3jXoeNpRVpUp2vVt/qxdHkXMmHB8Govrri6+ys6GX1qNi6ORkr6mxS58/h+V5X"
+ + "a0vnZv+Vgs/278MSfWXA5LZT+JduDp8gNN7GLQ2wu6WEDEAcG2RfjPJuuToml4iHk+2z3feUQLbd" + "D89R4bM6W0FwZhz149Secf6gm/M2RmeftODgU9Sej59ByLRGxqhrfBlNCbu08SrEY4HxaRawWX2S"
+ + "v1tkTsqkyXT5C59s7Q2jzRSFvuF59LsDU36JEUB0cMth3z7ebmmB9oVXaauCwWp3XwEQtCGg1Rcf" + "Ll7BdsrObHVF87AW3j55qCKuyO9C8BvYLCv9GdF9LbahggdeMA0GCSqGSIb3DQEHAjAAMIIB0DCB"
+ + "uQIBATANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJCWTEOMAwGA1UEBwwFTWluc2sxDjAMBgNV" + "BAoMBWlUZXh0MQ0wCwYDVQQLDAR0ZXN0MSIwIAYDVQQDDBlpVGV4dFRlc3RSc2FDZXJ0V2l0aENo"
+ + "YWluFw0wMDAyMTMxNDE0MDJaFw0wMDAzMTUxNDE0MDJaMCUwIwIEXGwsIhcNMDAwMzE1MTQxNDAy" + "WjAMMAoGA1UdFQQDCgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCHiG6rCn46IpDvtHX2SRM/azq+rhrv"
+ + "ZZ5axvoBIkeRo1efAwbn8f+0V2wRxBvGFWsEwguTlzXS3bT9cDfvR1HKDsjUfvcSEc4tEzzvXrZo" + "nV1Q3Z3TEe4SBjJdlYvCoNOYXRlly48qi6IuL3Mh40EOz0AEhR8ShhEY43FbRN3DllSzHZOp//s/"
+ + "JeXXwTaw7CEv0molbl3gm6X3glWH0o9iAj37MIPdNpAx1sjQq3aCbjMExLM7B6XIL4g6kRVSFaYu" + "pVUiUTyQJaQgaFm2qhQnB1FWeLREbzHCZEyiff6OBYTVq+paYvScEOgSUDkNSH3qYVhuBC0ZZMdM"
+ + "hn7sl2WdMIIFdwYIKwYBBQUHEAIwggVpCgEAMIIFYgYJKwYBBQUHMAEBBIIFUzCCBU8wgduhOjA4" + "MQswCQYDVQQGEwJCWTEOMAwGA1UECgwFaVRleHQxGTAXBgNVBAMMEGlUZXh0VGVzdFJvb3RSc2EY"
+ + "DzIwMjExMjE2MDAxMDM3WjBnMGUwPTAJBgUrDgMCGgUABBS3N/pakPMumDlViKRP2+K6XJgJDAQU" + "XSpxda7d2L5ZuiCxZpHJdjZTXO4CBFjnsOyAABgPMjAyMTEyMTUwMDEwMzdaoBEYDzIwMjIwMTE1"
+ + "MDAxMDM3WqEjMCEwHwYJKwYBBQUHMAECBBIEELP0PeKhpRxyfh6liMz0JGEwDQYJKoZIhvcNAQEL" + "BQADggEBAIMlJDB0yNelAddKAVDQ/4oKN0OSFvvmf/WcMtlyMvo1iGnfPj5kVOBGwu9QnPP59K/l"
+ + "42eK7MS5PdwQKpy0F9Rsa8a2JKIwjEFZSvrlkBshRCWEH2nVD1Bv+FBoDpP+87UR2DFazK06lCeN" + "3wjEfXXf/Kqxa+Eum8ksejG5nv5DzKz7QAiywrIes3TEBKAUuGLIYl9g044+Tcc5cy0YtLpwDTGP"
+ + "Y1GjnKvJ6rBaARmuF6Va4kzN5TinGFdolMjLRhPSEz/yu3js1yRa1io/OpnfuS+3+YKBth/4Ha4S" + "/RExUhrGzRvuCJKaQN1ZAu086IJYnl7DZB+JEKu0zgqQTwGgggNZMIIDVTCCA1EwggI5oAMCAQIC"
+ + "AhAAMA0GCSqGSIb3DQEBCwUAMDgxCzAJBgNVBAYTAkJZMQ4wDAYDVQQKDAVpVGV4dDEZMBcGA1UE" + "AwwQaVRleHRUZXN0Um9vdFJzYTAgFw0wMDAxMDEwMDAwMDBaGA8yNTAwMDEwMTAwMDAwMFowODEL"
+ + "MAkGA1UEBhMCQlkxDjAMBgNVBAoMBWlUZXh0MRkwFwYDVQQDDBBpVGV4dFRlc3RSb290UnNhMIIB" + "IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+fAOZj02WNCkGhss/rm+ExC/9hkCk3GH+t4"
+ + "33G+iTrmSjZhDms+MXd31UlWIRTY0BVIlV6siuW6N24qMJ0NvWAD2PbHSQ4fcRS1faaLNN23nKOB" + "kOZBwzF9gapHUU0E+RXpqcgTvGcL/t7n5a/DxpjdnVvdWqbLHtnfmoMHfwAwF9b31jxA9ZMwD159"
+ + "RTk6qL27Cu7CaH4vDKbN7N+0NLfAFLJXWLnHxMtYLngjmUS09ScUJqMQ6aVDvySR8HqLWp/gF+VC" + "bLmGAJFn/cCk3YIhhIgUYVVweTUjWnhi4mSRERgF2hGOpRwO2ho7/L55qNGH1j2VR+qD9JEd0qnD"
+ + "RQIDAQABo2MwYTAdBgNVHQ4EFgQUg+HjrU9dZYHU6XgWmWAXDsl8Q4YwHwYDVR0jBBgwFoAUg+Hj" + "rU9dZYHU6XgWmWAXDsl8Q4YwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZI"
+ + "hvcNAQELBQADggEBABE5k6eKVF/hG4M1e1i/hYjVnSW12gbzR000MeiUUZ86lfuhOtHAn11CudBT" + "NpKLMMz/NIXxcGf/Th/TLNdoC09MPgD6G095+Yydx9ip1B9xW5IeSZChsLJNq+DO6tO9NYUe1NlX"
+ + "wd5/bUxJYBIurkSIQvfNGtYDWapQtK1mtVzrqsq+aeR+X5E4YHWzhCgvOZ0mbdVNP6tBaAGLWreS" + "Gkk18DYYCSwpxbeC3g5CGz5LuN+a7IrbfnTK9V/2Fytu3wpE0F5pgp+tmKaUUlL8EHb1IyVnI/UT"
+ + "8KhIkW0moJi74i7EzLW3t/hxIvWAYdt4kC4M+PZxJnuy8UB0pe3Xi2YxggOhMIIDnQIBATBpMGEx" + "CzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVNaW5zazEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRl"
+ + "c3QxIzAhBgNVBAMMGmlUZXh0VGVzdEludGVybWVkaWF0ZVJzYTAxAgRcbCwiMA0GCWCGSAFlAwQC" + "AwUAoIICCTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMIHVBgsqhkiG9w0BCRACLzGBxTCBwjCB"
+ + "vzCBvDALBglghkgBZQMEAgMEQAJAICi7FPbZ7MwuzR4m/aK+S1eD6bzTwuOyR7FTgIO8qLDmq9xn" + "UmiZk1Qx7DIAZJkHriWUtM6HRka/few5zPQwa6RjMGExCzAJBgNVBAYTAkJZMQ4wDAYDVQQHDAVN"
+ + "aW5zazEOMAwGA1UECgwFaVRleHQxDTALBgNVBAsMBHRlc3QxIzAhBgNVBAMMGmlUZXh0VGVzdElu" + "dGVybWVkaWF0ZVJzYTAxAgRcbCwiMIIBEwYJKoZIhvcNAQkEMYIBBASCAQAAAAAAAAAAAAAAAAAA"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ + "AAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3DQEBCwUABIIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAA=";
}
}
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/PdfPKCS7Test/cmpBytesPkcs7WithRevInfo.txt b/itext.tests/itext.sign.tests/resources/itext/signatures/PdfPKCS7Test/cmpBytesPkcs7WithRevInfo.txt
new file mode 100644
index 0000000000..6cbccd6013
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/PdfPKCS7Test/cmpBytesPkcs7WithRevInfo.txt differ
diff --git a/itext.tests/itext.sign.tests/resources/itext/signatures/cms/CMSContainerTest/simpleOCSPResponse.bin b/itext.tests/itext.sign.tests/resources/itext/signatures/cms/CMSContainerTest/simpleOCSPResponse.bin
new file mode 100644
index 0000000000..fe80cb291c
Binary files /dev/null and b/itext.tests/itext.sign.tests/resources/itext/signatures/cms/CMSContainerTest/simpleOCSPResponse.bin differ
diff --git a/itext/itext.bouncy-castle-adapter/itext/bouncycastle/BouncyCastleFactory.cs b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/BouncyCastleFactory.cs
index 72700c4186..77a7f76f75 100644
--- a/itext/itext.bouncy-castle-adapter/itext/bouncycastle/BouncyCastleFactory.cs
+++ b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/BouncyCastleFactory.cs
@@ -82,6 +82,7 @@ You should have received a copy of the GNU Affero General Public License
using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Security.Certificates;
using ContentInfo = Org.BouncyCastle.Asn1.Cms.ContentInfo;
using ICipher = iText.Commons.Bouncycastle.Crypto.ICipher;
using IDigest = iText.Commons.Bouncycastle.Crypto.IDigest;
@@ -368,6 +369,15 @@ public virtual IDerEnumerated CreateASN1Enumerated(int i) {
return new DerEnumeratedBC(i);
}
+ ///
+ public virtual IDerEnumerated CreateASN1Enumerated(IAsn1Encodable i) {
+ Asn1EncodableBC encodable = (Asn1EncodableBC) i;
+ if (encodable.GetEncodable() is DerEnumerated) {
+ return new DerEnumeratedBC((DerEnumerated) encodable.GetEncodable());
+ }
+ return null;
+ }
+
///
public virtual IAsn1Encoding CreateASN1Encoding() {
return ASN1EncodingBC.GetInstance();
@@ -918,6 +928,19 @@ public IX509Crl CreateX509Crl(Stream input) {
return new X509CrlBC(new X509CrlParser().ReadCrl(input));
}
+ ///
+ public ICollection CreateX509Crls(Stream input) {
+ try {
+ ICollection crls = new List();
+ foreach (X509Crl crl in new X509CrlParser().ReadCrls(input)) {
+ crls.Add(new X509CrlBC(crl));
+ }
+ return crls;
+ } catch (CrlException e) {
+ throw new CrlExceptionBC(e);
+ }
+ }
+
///
public IDigest CreateIDigest(string hashAlgorithm) {
return new DigestBC(DigestUtilities.GetDigest(hashAlgorithm));
diff --git a/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/DerEnumeratedBC.cs b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/DerEnumeratedBC.cs
index 6473a5f331..34012fc42b 100644
--- a/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/DerEnumeratedBC.cs
+++ b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/asn1/DerEnumeratedBC.cs
@@ -63,5 +63,14 @@ public DerEnumeratedBC(int i)
public virtual DerEnumerated GetDerEnumerated() {
return (DerEnumerated)GetEncodable();
}
+
+ ///
+ ///
+ ///
+ ///
+ ///
+ public virtual int IntValueExact() {
+ return GetDerEnumerated().IntValueExact;
+ }
}
}
diff --git a/itext/itext.bouncy-castle-adapter/itext/bouncycastle/security/certificates/CrlExceptionBC.cs b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/security/certificates/CrlExceptionBC.cs
new file mode 100644
index 0000000000..1b92b85719
--- /dev/null
+++ b/itext/itext.bouncy-castle-adapter/itext/bouncycastle/security/certificates/CrlExceptionBC.cs
@@ -0,0 +1,83 @@
+/*
+ This file is part of the iText (R) project.
+ Copyright (c) 1998-2023 Apryse Group NV
+ Authors: Apryse Software.
+
+ This program is offered under a commercial and under the AGPL license.
+ For commercial licensing, contact us at https://itextpdf.com/sales. For AGPL licensing, see below.
+
+ AGPL licensing:
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see .
+ */
+using System;
+using iText.Commons.Bouncycastle.Security;
+using iText.Commons.Utils;
+using Org.BouncyCastle.Security.Certificates;
+
+namespace iText.Bouncycastle.Security {
+ /// Wrapper class for .
+ public class CrlExceptionBC : AbstractCrlException {
+ private readonly CrlException exception;
+
+ ///
+ /// Creates new wrapper for .
+ ///
+ ///
+ /// to be wrapped
+ ///
+ public CrlExceptionBC(CrlException exception) {
+ this.exception = exception;
+ }
+
+ /// Get actual org.bouncycastle object being wrapped.
+ /// wrapped .
+ public CrlException GetException() {
+ return exception;
+ }
+
+ /// Indicates whether some other object is "equal to" this one.
+ /// Indicates whether some other object is "equal to" this one. Compares wrapped objects.
+ public override bool Equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || GetType() != o.GetType()) {
+ return false;
+ }
+ CrlExceptionBC that = (CrlExceptionBC)o;
+ return Object.Equals(exception, that.exception);
+ }
+
+ /// Returns a hash code value based on the wrapped object.
+ public override int GetHashCode() {
+ return JavaUtil.ArraysHashCode(exception);
+ }
+
+ ///
+ /// Delegates
+ /// toString
+ /// method call to the wrapped object.
+ ///
+ public override String ToString() {
+ return exception.ToString();
+ }
+
+ ///
+ /// Delegates
+ /// getMessage
+ /// method call to the wrapped exception.
+ ///
+ public override String Message => exception.Message;
+ }
+}
diff --git a/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleDefaultFactory.cs b/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleDefaultFactory.cs
index 841235f16e..6652bf215b 100644
--- a/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleDefaultFactory.cs
+++ b/itext/itext.bouncy-castle-connector/itext/bouncycastleconnector/BouncyCastleDefaultFactory.cs
@@ -22,6 +22,7 @@ You should have received a copy of the GNU Affero General Public License
*/
using System;
using System.Collections;
+using System.Collections.Generic;
using System.IO;
using iText.Bouncycastleconnector.Logs;
using iText.Commons.Bouncycastle;
@@ -208,6 +209,10 @@ public IDerSet CreateDERSet(IRecipientInfo recipientInfo) {
public IDerEnumerated CreateASN1Enumerated(int i) {
throw new NotSupportedException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
}
+
+ public IDerEnumerated CreateASN1Enumerated(IAsn1Encodable i) {
+ throw new NotSupportedException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
+ }
public IAsn1Encoding CreateASN1Encoding() {
throw new NotSupportedException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
@@ -554,6 +559,10 @@ public IX509Crl CreateX509Crl(Stream input) {
throw new NotSupportedException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
}
+ public ICollection CreateX509Crls(Stream input) {
+ throw new NotSupportedException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
+ }
+
public IDigest CreateIDigest(string hashAlgorithm) {
throw new NotSupportedException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
}
diff --git a/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs
index e39c2090c3..f70c1f1aaf 100644
--- a/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs
+++ b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/BouncyCastleFipsFactory.cs
@@ -24,6 +24,7 @@ You should have received a copy of the GNU Affero General Public License
using System.Collections;
using System.Collections.Generic;
using System.IO;
+using iText.Bouncycastle.Security;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Esf;
using Org.BouncyCastle.Asn1.Ess;
@@ -377,6 +378,15 @@ public virtual IDerEnumerated CreateASN1Enumerated(int i) {
return new DerEnumeratedBCFips(i);
}
+ ///
+ public virtual IDerEnumerated CreateASN1Enumerated(IAsn1Encodable i) {
+ Asn1EncodableBCFips encodable = (Asn1EncodableBCFips) i;
+ if (encodable.GetEncodable() is DerEnumerated) {
+ return new DerEnumeratedBCFips((DerEnumerated) encodable.GetEncodable());
+ }
+ return null;
+ }
+
///
public virtual IAsn1Encoding CreateASN1Encoding() {
return ASN1EncodingBCFips.GetInstance();
@@ -947,14 +957,32 @@ public IX509Crl CreateX509Crl(Stream input) {
if (seq.Count > 1 && seq[0] is DerObjectIdentifier) {
if (seq[0].Equals(PkcsObjectIdentifiers.SignedData)) {
- Asn1Set sCrlData = SignedData.GetInstance(
- Asn1Sequence.GetInstance((Asn1TaggedObject) seq[1], true)).CRLs;
- return new X509CrlBCFips(new X509Crl(CertificateList.GetInstance(sCrlData[0])));
+ try {
+ Asn1Set sCrlData = SignedData.GetInstance(
+ Asn1Sequence.GetInstance((Asn1TaggedObject)seq[1], true)).CRLs;
+ return new X509CrlBCFips(new X509Crl(CertificateList.GetInstance(sCrlData[0])));
+ } catch (Exception e) {
+ throw new CrlException(e.Message);
+ }
}
}
return new X509CrlBCFips(new X509Crl(CertificateList.GetInstance(seq)));
}
+ ///
+ public ICollection CreateX509Crls(Stream input) {
+ try {
+ ICollection crls = new List();
+ X509CrlBCFips crl;
+ while ((crl = (X509CrlBCFips)CreateX509Crl(input)).GetX509Crl() != null) {
+ crls.Add(crl);
+ }
+ return crls;
+ } catch (CrlException e) {
+ throw new CrlExceptionBCFips(e);
+ }
+ }
+
///
public IDigest CreateIDigest(string hashAlgorithm) {
return new DigestBCFips(hashAlgorithm);
diff --git a/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/asn1/DerEnumeratedBCFips.cs b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/asn1/DerEnumeratedBCFips.cs
index 923036414a..1a389b8238 100644
--- a/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/asn1/DerEnumeratedBCFips.cs
+++ b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/asn1/DerEnumeratedBCFips.cs
@@ -63,5 +63,14 @@ public DerEnumeratedBCFips(int i)
public virtual DerEnumerated GetDerEnumerated() {
return (DerEnumerated)GetEncodable();
}
+
+ ///
+ ///
+ ///
+ ///
+ ///
+ public virtual int IntValueExact() {
+ return GetDerEnumerated().Value.IntValueExact;
+ }
}
}
diff --git a/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/cert/CrlExceptionBCFips.cs b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/cert/CrlExceptionBCFips.cs
new file mode 100644
index 0000000000..977d30a422
--- /dev/null
+++ b/itext/itext.bouncy-castle-fips-adapter/itext/bouncycastlefips/cert/CrlExceptionBCFips.cs
@@ -0,0 +1,83 @@
+/*
+ This file is part of the iText (R) project.
+ Copyright (c) 1998-2023 Apryse Group NV
+ Authors: Apryse Software.
+
+ This program is offered under a commercial and under the AGPL license.
+ For commercial licensing, contact us at https://itextpdf.com/sales. For AGPL licensing, see below.
+
+ AGPL licensing:
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see .
+ */
+using System;
+using iText.Commons.Bouncycastle.Security;
+using iText.Commons.Utils;
+using Org.BouncyCastle.Cert;
+
+namespace iText.Bouncycastle.Security {
+ /// Wrapper class for .
+ public class CrlExceptionBCFips : AbstractCrlException {
+ private readonly CrlException exception;
+
+ ///
+ /// Creates new wrapper for .
+ ///
+ ///
+ /// to be wrapped
+ ///
+ public CrlExceptionBCFips(CrlException exception) {
+ this.exception = exception;
+ }
+
+ /// Get actual org.bouncycastle object being wrapped.
+ /// wrapped .
+ public CrlException GetException() {
+ return exception;
+ }
+
+ /// Indicates whether some other object is "equal to" this one.
+ /// Indicates whether some other object is "equal to" this one. Compares wrapped objects.
+ public override bool Equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || GetType() != o.GetType()) {
+ return false;
+ }
+ CrlExceptionBCFips that = (CrlExceptionBCFips)o;
+ return Object.Equals(exception, that.exception);
+ }
+
+ /// Returns a hash code value based on the wrapped object.
+ public override int GetHashCode() {
+ return JavaUtil.ArraysHashCode(exception);
+ }
+
+ ///
+ /// Delegates
+ /// toString
+ /// method call to the wrapped object.
+ ///
+ public override String ToString() {
+ return exception.ToString();
+ }
+
+ ///
+ /// Delegates
+ /// getMessage
+ /// method call to the wrapped exception.
+ ///
+ public override String Message => exception.Message;
+ }
+}
diff --git a/itext/itext.commons/itext/commons/bouncycastle/IBouncyCastleFactory.cs b/itext/itext.commons/itext/commons/bouncycastle/IBouncyCastleFactory.cs
index 6ad0f2b696..073a1d7ce3 100644
--- a/itext/itext.commons/itext/commons/bouncycastle/IBouncyCastleFactory.cs
+++ b/itext/itext.commons/itext/commons/bouncycastle/IBouncyCastleFactory.cs
@@ -22,6 +22,7 @@ You should have received a copy of the GNU Affero General Public License
*/
using System;
using System.Collections;
+using System.Collections.Generic;
using System.IO;
using iText.Commons.Bouncycastle.Asn1;
using iText.Commons.Bouncycastle.Asn1.Cms;
@@ -417,6 +418,19 @@ public interface IBouncyCastleFactory {
/// created ASN1 Enumerated wrapper
IDerEnumerated CreateASN1Enumerated(int i);
+ ///
+ /// Create ASN1 Enumerated wrapper from
+ /// IASN1Encodable
+ /// value.
+ ///
+ ///
+ ///
+ /// IASN1Encodable
+ /// to create ASN1 Enumerated wrapper from
+ ///
+ /// created ASN1 Enumerated wrapper.
+ IDerEnumerated CreateASN1Enumerated(IAsn1Encodable i);
+
/// Create ASN1 Encoding without parameters.
/// created ASN1 Encoding
IAsn1Encoding CreateASN1Encoding();
@@ -1140,6 +1154,18 @@ IX509V3CertificateGenerator CreateJcaX509v3CertificateBuilder(IX509Certificate s
///
/// created X509 Crl wrapper
IX509Crl CreateX509Crl(Stream input);
+
+ ///
+ /// Create collection of the X509 Crl wrappers from
+ /// .
+ ///
+ ///
+ ///
+ ///
+ /// to create X509 Crl wrapper from
+ ///
+ /// created collection of the X509 Crl wrappers
+ ICollection CreateX509Crls(Stream input);
///
/// Create digest wrapper from
diff --git a/itext/itext.commons/itext/commons/bouncycastle/asn1/IDerEnumerated.cs b/itext/itext.commons/itext/commons/bouncycastle/asn1/IDerEnumerated.cs
index cd012f0b88..14c8d08d82 100644
--- a/itext/itext.commons/itext/commons/bouncycastle/asn1/IDerEnumerated.cs
+++ b/itext/itext.commons/itext/commons/bouncycastle/asn1/IDerEnumerated.cs
@@ -26,5 +26,12 @@ namespace iText.Commons.Bouncycastle.Asn1 {
/// to switch between bouncy-castle and bouncy-castle FIPS implementations.
///
public interface IDerEnumerated : IAsn1Object {
+ ///
+ /// Calls actual
+ /// intValueExact()
+ /// method for the wrapped ASN1Enumerated object.
+ ///
+ /// integer value of the wrapped ASN1Enumerated object.
+ int IntValueExact();
}
}
diff --git a/itext/itext.commons/itext/commons/bouncycastle/security/certificates/AbstractCrlException.cs b/itext/itext.commons/itext/commons/bouncycastle/security/certificates/AbstractCrlException.cs
new file mode 100644
index 0000000000..2b3824e85b
--- /dev/null
+++ b/itext/itext.commons/itext/commons/bouncycastle/security/certificates/AbstractCrlException.cs
@@ -0,0 +1,45 @@
+/*
+ This file is part of the iText (R) project.
+ Copyright (c) 1998-2023 Apryse Group NV
+ Authors: Apryse Software.
+
+ This program is offered under a commercial and under the AGPL license.
+ For commercial licensing, contact us at https://itextpdf.com/sales. For AGPL licensing, see below.
+
+ AGPL licensing:
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see .
+ */
+using System;
+
+namespace iText.Commons.Bouncycastle.Security {
+ ///
+ /// This class represents the wrapper for the CrlException that provides the ability
+ /// to switch between bouncy-castle and bouncy-castle FIPS implementations.
+ ///
+ public class AbstractCrlException : Exception {
+ ///
+ /// Base constructor for .
+ ///
+ protected AbstractCrlException() {
+ }
+
+ ///
+ /// Creates new wrapper instance for .
+ /// The abstract class constructor gets executed from a derived class.
+ ///
+ /// Exception message
+ protected AbstractCrlException(string message) : base(message) {
+ }
+ }
+}
diff --git a/itext/itext.sign/itext/signatures/CertificateUtil.cs b/itext/itext.sign/itext/signatures/CertificateUtil.cs
index 188d3ca1e4..e80660612d 100644
--- a/itext/itext.sign/itext/signatures/CertificateUtil.cs
+++ b/itext/itext.sign/itext/signatures/CertificateUtil.cs
@@ -21,13 +21,20 @@ You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .
*/
using System;
+using System.Collections;
+using System.Collections.Generic;
using System.IO;
+using Microsoft.Extensions.Logging;
using iText.Bouncycastleconnector;
+using iText.Commons;
using iText.Commons.Bouncycastle;
using iText.Commons.Bouncycastle.Asn1;
+using iText.Commons.Bouncycastle.Asn1.Ocsp;
using iText.Commons.Bouncycastle.Asn1.X509;
using iText.Commons.Bouncycastle.Cert;
+using iText.Commons.Bouncycastle.Security;
using iText.IO.Util;
+using iText.Signatures.Logs;
namespace iText.Signatures {
///
@@ -37,6 +44,8 @@ namespace iText.Signatures {
public class CertificateUtil {
private static readonly IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.GetFactory();
+ private static readonly ILogger LOGGER = ITextLogManager.GetLogger(typeof(CertificateUtil));
+
// Certificate Revocation Lists
/// Gets a CRL from an X509 certificate.
/// the X509Certificate to extract the CRL from
@@ -164,6 +173,112 @@ public static IX509Certificate GenerateCertificate(Stream data) {
return SignUtils.GenerateCertificate(data);
}
+ /// Try to retrieve CRL and OCSP responses from the signed data crls field.
+ ///
+ /// signed data crls field as
+ /// .
+ ///
+ /// collection to store retrieved CRL responses.
+ ///
+ /// collection of
+ ///
+ /// wrappers to store retrieved
+ /// OCSP responses.
+ ///
+ ///
+ /// collection of revocation info other than OCSP and CRL responses,
+ /// e.g. SCVP Request and Response, stored as
+ /// .
+ ///
+ public static void RetrieveRevocationInfoFromSignedData(IAsn1TaggedObject taggedObj, ICollection
+ crls, ICollection ocsps, ICollection otherRevocationInfoFormats) {
+ IEnumerator revInfo = FACTORY.CreateASN1Set(taggedObj, false).GetObjects();
+ while (revInfo.MoveNext()) {
+ IAsn1Sequence s = FACTORY.CreateASN1Sequence(revInfo.Current);
+ IDerObjectIdentifier o = FACTORY.CreateASN1ObjectIdentifier(s.GetObjectAt(0));
+ if (o != null && SecurityIDs.ID_RI_OCSP_RESPONSE.Equals(o.GetId())) {
+ IAsn1Sequence ocspResp = FACTORY.CreateASN1Sequence(s.GetObjectAt(1));
+ IDerEnumerated respStatus = FACTORY.CreateASN1Enumerated(ocspResp.GetObjectAt(0));
+ if (respStatus.IntValueExact() == FACTORY.CreateOCSPResponseStatus().GetSuccessful()) {
+ IAsn1Sequence responseBytes = FACTORY.CreateASN1Sequence(ocspResp.GetObjectAt(1));
+ if (responseBytes != null) {
+ ocsps.Add(CertificateUtil.CreateOcsp(responseBytes));
+ }
+ }
+ }
+ else {
+ try {
+ crls.AddAll(SignUtils.ReadAllCRLs(s.GetEncoded()));
+ }
+ catch (AbstractCrlException) {
+ LOGGER.LogWarning(SignLogMessageConstant.UNABLE_TO_PARSE_REV_INFO);
+ otherRevocationInfoFormats.Add(s);
+ }
+ }
+ }
+ }
+
+ ///
+ /// Creates the revocation info (crls field) for SignedData structure:
+ /// RevocationInfoChoices ::= SET OF RevocationInfoChoice
+ /// RevocationInfoChoice ::= CHOICE {
+ /// crl CertificateList,
+ /// other [1] IMPLICIT OtherRevocationInfoFormat }
+ /// OtherRevocationInfoFormat ::= SEQUENCE {
+ /// otherRevInfoFormat OBJECT IDENTIFIER,
+ /// otherRevInfo ANY DEFINED BY otherRevInfoFormat }
+ /// CertificateList ::= SEQUENCE {
+ /// tbsCertList TBSCertList,
+ /// signatureAlgorithm AlgorithmIdentifier,
+ /// signatureValue BIT STRING }
+ ///
+ /// RFC 5652 ยง10.2.1
+ /// collection of CRL revocation status information.
+ /// collection of OCSP revocation status information.
+ ///
+ /// collection of revocation info other than OCSP and CRL responses,
+ /// e.g. SCVP Request and Response, stored as
+ /// .
+ ///
+ ///
+ ///
+ /// crls [1] RevocationInfoChoices
+ /// field of SignedData structure. Null if SignedData has
+ /// no revocation data.
+ ///
+ public static IDerSet CreateRevocationInfoChoices(ICollection crls, ICollection ocsps, ICollection otherRevocationInfoFormats) {
+ if (crls.Count == 0 && ocsps.Count == 0) {
+ return null;
+ }
+ IAsn1EncodableVector revocationInfoChoices = FACTORY.CreateASN1EncodableVector();
+ // Add CRLs
+ foreach (IX509Crl element in crls) {
+ // Add crl CertificateList (crl RevocationInfoChoice)
+ revocationInfoChoices.Add(FACTORY.CreateASN1Sequence(((IX509Crl)element).GetEncoded()));
+ }
+ // Add OCSPs
+ foreach (IBasicOcspResponse element in ocsps) {
+ IAsn1EncodableVector ocspResponseRevInfo = FACTORY.CreateASN1EncodableVector();
+ // Add otherRevInfoFormat (ID_RI_OCSP_RESPONSE)
+ ocspResponseRevInfo.Add(FACTORY.CreateASN1ObjectIdentifier(SecurityIDs.ID_RI_OCSP_RESPONSE));
+ IAsn1EncodableVector ocspResponse = FACTORY.CreateASN1EncodableVector();
+ ocspResponse.Add(FACTORY.CreateOCSPResponseStatus(FACTORY.CreateOCSPResponseStatus().GetSuccessful()).ToASN1Primitive
+ ());
+ ocspResponse.Add(FACTORY.CreateResponseBytes(FACTORY.CreateOCSPObjectIdentifiers().GetIdPkixOcspBasic(), FACTORY
+ .CreateDEROctetString(element.ToASN1Primitive().GetEncoded())).ToASN1Primitive());
+ // Add otherRevInfo (ocspResponse)
+ ocspResponseRevInfo.Add(FACTORY.CreateDERSequence(ocspResponse));
+ // Add other [1] IMPLICIT OtherRevocationInfoFormat (ocsp RevocationInfoChoice)
+ revocationInfoChoices.Add(FACTORY.CreateDERSequence(ocspResponseRevInfo));
+ }
+ // Add other RevocationInfo formats
+ foreach (IAsn1Sequence revInfo in otherRevocationInfoFormats) {
+ revocationInfoChoices.Add(revInfo);
+ }
+ return FACTORY.CreateDERSet(revocationInfoChoices);
+ }
+
/// Checks if the certificate is signed by provided issuer certificate.
/// a certificate to check
/// an issuer certificate to check
@@ -260,5 +375,29 @@ private static String GetValueFromAIAExtension(IAsn1Object extensionValue, Strin
}
return null;
}
+
+ ///
+ /// Helper method that creates the
+ ///
+ /// object from the response bytes.
+ ///
+ /// response bytes.
+ ///
+ ///
+ ///
+ /// object.
+ ///
+ private static IBasicOcspResponse CreateOcsp(IAsn1Sequence seq) {
+ IDerObjectIdentifier objectIdentifier = FACTORY.CreateASN1ObjectIdentifier(seq.GetObjectAt(0));
+ IOcspObjectIdentifiers ocspObjectIdentifiers = FACTORY.CreateOCSPObjectIdentifiers();
+ if (objectIdentifier != null && objectIdentifier.GetId().Equals(ocspObjectIdentifiers.GetIdPkixOcspBasic()
+ .GetId())) {
+ IAsn1OctetString os = FACTORY.CreateASN1OctetString(seq.GetObjectAt(1));
+ using (IAsn1InputStream inp = FACTORY.CreateASN1InputStream(os.GetOctets())) {
+ return FACTORY.CreateBasicOCSPResponse(inp.ReadObject());
+ }
+ }
+ return null;
+ }
}
}
diff --git a/itext/itext.sign/itext/signatures/PdfPKCS7.cs b/itext/itext.sign/itext/signatures/PdfPKCS7.cs
index 32dec65972..90a3185da8 100644
--- a/itext/itext.sign/itext/signatures/PdfPKCS7.cs
+++ b/itext/itext.sign/itext/signatures/PdfPKCS7.cs
@@ -69,6 +69,10 @@ public class PdfPKCS7 {
/// Holds value of property signDate.
private DateTime signDate = (DateTime)TimestampConstants.UNDEFINED_TIMESTAMP_DATE;
+ /// Collection to store revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response.
+ ///
+ private readonly ICollection signedDataRevocationInfo = new List();
+
// Constructors for creating new signatures
/// Assembles all the elements needed to create a signature, except for the data.
/// the private key
@@ -88,9 +92,7 @@ public PdfPKCS7(IPrivateKey privKey, IX509Certificate[] certChain, String hashAl
// Copy the certificates
signCert = (IX509Certificate)certChain[0];
certs = new List();
- foreach (IX509Certificate element in certChain) {
- certs.Add(element);
- }
+ certs.AddAll(certChain);
// initialize and add the digest algorithms.
digestalgos = new HashSet();
digestalgos.Add(digestAlgorithmOid);
@@ -195,11 +197,17 @@ public PdfPKCS7(byte[] contentsKey, PdfName filterSubtype) {
this.encapMessageContent = encapContent.GetOctets();
}
int next = 3;
- while (BOUNCY_CASTLE_FACTORY.CreateASN1TaggedObject(content.GetObjectAt(next)) != null) {
+ IAsn1TaggedObject taggedObj;
+ while ((taggedObj = BOUNCY_CASTLE_FACTORY.CreateASN1TaggedObject(content.GetObjectAt(next))) != null) {
++next;
+ if (taggedObj.GetTagNo() == 1) {
+ // the crls
+ CertificateUtil.RetrieveRevocationInfoFromSignedData(taggedObj, this.signedDataCrls, this.signedDataOcsps,
+ this.signedDataRevocationInfo);
+ }
}
// the certificates
- certs = SignUtils.ReadAllCerts(contentsKey);
+ this.certs = SignUtils.ReadAllCerts(contentsKey);
// the signerInfos
IAsn1Set signerInfos = BOUNCY_CASTLE_FACTORY.CreateASN1Set(content.GetObjectAt(next));
if (signerInfos.Size() != 1) {
@@ -446,7 +454,7 @@ public virtual int GetSigningInfoVersion() {
// Message digest algorithm
/// The ID of the digest algorithm, e.g. "2.16.840.1.101.3.4.2.1".
- private String digestAlgorithmOid;
+ private readonly String digestAlgorithmOid;
/// The object that will create the digest
private IDigest messageDigest;
@@ -777,9 +785,9 @@ public virtual byte[] GetEncodedPKCS7(byte[] secondDigest, PdfSigner.CryptoStand
}
// Create the set of Hash algorithms
IAsn1EncodableVector digestAlgorithms = BOUNCY_CASTLE_FACTORY.CreateASN1EncodableVector();
- foreach (Object element in digestalgos) {
+ foreach (String element in digestalgos) {
IAsn1EncodableVector algos = BOUNCY_CASTLE_FACTORY.CreateASN1EncodableVector();
- algos.Add(BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier((String)element));
+ algos.Add(BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier(element));
algos.Add(BOUNCY_CASTLE_FACTORY.CreateDERNull());
digestAlgorithms.Add(BOUNCY_CASTLE_FACTORY.CreateDERSequence(algos));
}
@@ -792,7 +800,6 @@ public virtual byte[] GetEncodedPKCS7(byte[] secondDigest, PdfSigner.CryptoStand
}
IDerSequence contentinfo = BOUNCY_CASTLE_FACTORY.CreateDERSequence(v);
// Get all the certificates
- //
v = BOUNCY_CASTLE_FACTORY.CreateASN1EncodableVector();
foreach (Object element in certs) {
using (IAsn1InputStream tempstream = BOUNCY_CASTLE_FACTORY.CreateASN1InputStream(new MemoryStream(BOUNCY_CASTLE_FACTORY
@@ -801,22 +808,25 @@ public virtual byte[] GetEncodedPKCS7(byte[] secondDigest, PdfSigner.CryptoStand
}
}
IDerSet dercertificates = BOUNCY_CASTLE_FACTORY.CreateDERSet(v);
- // Create signerinfo structure.
- IAsn1EncodableVector signerinfo = BOUNCY_CASTLE_FACTORY.CreateASN1EncodableVector();
+ // Get the revocation info (crls field)
+ IDerSet revInfoChoices = CertificateUtil.CreateRevocationInfoChoices(this.signedDataCrls, this.signedDataOcsps
+ , this.signedDataRevocationInfo);
+ // Create signerInfo structure
+ IAsn1EncodableVector signerInfo = BOUNCY_CASTLE_FACTORY.CreateASN1EncodableVector();
// Add the signerInfo version
- signerinfo.Add(BOUNCY_CASTLE_FACTORY.CreateASN1Integer(signerversion));
+ signerInfo.Add(BOUNCY_CASTLE_FACTORY.CreateASN1Integer(signerversion));
v = BOUNCY_CASTLE_FACTORY.CreateASN1EncodableVector();
v.Add(CertificateInfo.GetIssuer(signCert.GetTbsCertificate()));
v.Add(BOUNCY_CASTLE_FACTORY.CreateASN1Integer(signCert.GetSerialNumber()));
- signerinfo.Add(BOUNCY_CASTLE_FACTORY.CreateDERSequence(v));
+ signerInfo.Add(BOUNCY_CASTLE_FACTORY.CreateDERSequence(v));
// Add the digestAlgorithm
v = BOUNCY_CASTLE_FACTORY.CreateASN1EncodableVector();
v.Add(BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier(digestAlgorithmOid));
v.Add(BOUNCY_CASTLE_FACTORY.CreateDERNull());
- signerinfo.Add(BOUNCY_CASTLE_FACTORY.CreateDERSequence(v));
+ signerInfo.Add(BOUNCY_CASTLE_FACTORY.CreateDERSequence(v));
// add the authenticated attribute if present
if (secondDigest != null) {
- signerinfo.Add(BOUNCY_CASTLE_FACTORY.CreateDERTaggedObject(false, 0, GetAuthenticatedAttributeSet(secondDigest
+ signerInfo.Add(BOUNCY_CASTLE_FACTORY.CreateDERTaggedObject(false, 0, GetAuthenticatedAttributeSet(secondDigest
, ocsp, crlBytes, sigtype)));
}
// Add the digestEncryptionAlgorithm
@@ -828,9 +838,9 @@ public virtual byte[] GetEncodedPKCS7(byte[] secondDigest, PdfSigner.CryptoStand
else {
v.Add(this.signatureMechanismParameters.ToASN1Primitive());
}
- signerinfo.Add(BOUNCY_CASTLE_FACTORY.CreateDERSequence(v));
+ signerInfo.Add(BOUNCY_CASTLE_FACTORY.CreateDERSequence(v));
// Add the digest
- signerinfo.Add(BOUNCY_CASTLE_FACTORY.CreateDEROctetString(signatureValue));
+ signerInfo.Add(BOUNCY_CASTLE_FACTORY.CreateDEROctetString(signatureValue));
// When requested, go get and add the timestamp. May throw an exception.
// Added by Martin Brunecky, 07/12/2007 folowing Aiken Sam, 2006-11-15
// Sam found Adobe expects time-stamped SHA1-1 of the encrypted digest
@@ -840,7 +850,7 @@ public virtual byte[] GetEncodedPKCS7(byte[] secondDigest, PdfSigner.CryptoStand
if (tsToken != null) {
IAsn1EncodableVector unauthAttributes = BuildUnauthenticatedAttributes(tsToken);
if (unauthAttributes != null) {
- signerinfo.Add(BOUNCY_CASTLE_FACTORY.CreateDERTaggedObject(false, 1, BOUNCY_CASTLE_FACTORY.CreateDERSet(unauthAttributes
+ signerInfo.Add(BOUNCY_CASTLE_FACTORY.CreateDERTaggedObject(false, 1, BOUNCY_CASTLE_FACTORY.CreateDERSet(unauthAttributes
)));
}
}
@@ -851,8 +861,11 @@ public virtual byte[] GetEncodedPKCS7(byte[] secondDigest, PdfSigner.CryptoStand
body.Add(BOUNCY_CASTLE_FACTORY.CreateDERSet(digestAlgorithms));
body.Add(contentinfo);
body.Add(BOUNCY_CASTLE_FACTORY.CreateDERTaggedObject(false, 0, dercertificates));
+ if (revInfoChoices != null) {
+ body.Add(BOUNCY_CASTLE_FACTORY.CreateDERTaggedObject(false, 1, revInfoChoices));
+ }
// Only allow one signerInfo
- body.Add(BOUNCY_CASTLE_FACTORY.CreateDERSet(BOUNCY_CASTLE_FACTORY.CreateDERSequence(signerinfo)));
+ body.Add(BOUNCY_CASTLE_FACTORY.CreateDERSet(BOUNCY_CASTLE_FACTORY.CreateDERSequence(signerInfo)));
// Now we have the body, wrap it in it's PKCS7Signed shell
// and return it
//
@@ -1168,7 +1181,7 @@ public virtual bool VerifyTimestampImprint() {
///
/// the X.509 certificates associated with this PKCS#7 object
public virtual IX509Certificate[] GetCertificates() {
- return certs.ToArray(new IX509Certificate[certs.Count]);
+ return certs.ToArray(new IX509Certificate[0]);
}
/// Get all X.509 certificates associated with this PKCS#7 object timestamp in no particular order.
@@ -1189,7 +1202,7 @@ public virtual IX509Certificate[] GetTimestampCertificates() {
///
/// the X.509 certificates associated with this PKCS#7 object
public virtual IX509Certificate[] GetSignCertificateChain() {
- return signCerts.ToArray(new IX509Certificate[signCerts.Count]);
+ return signCerts.ToArray(new IX509Certificate[0]);
}
/// Get the X.509 certificate actually used to sign the digest.
@@ -1231,14 +1244,25 @@ private void SignCertificateChain() {
}
// Certificate Revocation Lists
+ // Stored in the SignerInfo.
private ICollection crls;
- /// Get the X.509 certificate revocation lists associated with this PKCS#7 object
- /// the X.509 certificate revocation lists associated with this PKCS#7 object
+ // Stored in crls field of th SignedData.
+ private readonly ICollection signedDataCrls = new List();
+
+ /// Get the X.509 certificate revocation lists associated with this PKCS#7 object (stored in Signer Info).
+ ///
+ /// the X.509 certificate revocation lists associated with this PKCS#7 object.
public virtual ICollection GetCRLs() {
return crls;
}
+ /// Get the X.509 certificate revocation lists associated with this PKCS#7 Signed Data object.
+ /// the X.509 certificate revocation lists associated with this PKCS#7 Signed Data object.
+ public virtual ICollection GetSignedDataCRLs() {
+ return signedDataCrls;
+ }
+
/// Helper method that tries to construct the CRLs.
internal virtual void FindCRL(IAsn1Sequence seq) {
try {
@@ -1259,8 +1283,16 @@ internal virtual void FindCRL(IAsn1Sequence seq) {
/// BouncyCastle IBasicOCSPResponse
internal IBasicOcspResponse basicResp;
- /// Gets the OCSP basic response if there is one.
- /// the OCSP basic response or null
+ private readonly ICollection signedDataOcsps = new List();
+
+ /// Gets the OCSP basic response collection retrieved from SignedData structure.
+ /// the OCSP basic response collection.
+ public virtual ICollection GetSignedDataOcsps() {
+ return signedDataOcsps;
+ }
+
+ /// Gets the OCSP basic response from the SignerInfo if there is one.
+ /// the OCSP basic response or null.
public virtual IBasicOcspResponse GetOcsp() {
return basicResp;
}
@@ -1275,11 +1307,11 @@ public virtual bool IsRevocationValid() {
return false;
}
try {
- IX509Certificate[] cs = (IX509Certificate[])GetSignCertificateChain();
+ IX509Certificate[] cs = GetSignCertificateChain();
ISingleResponse sr = BOUNCY_CASTLE_FACTORY.CreateSingleResp(basicResp);
ICertID cid = sr.GetCertID();
IX509Certificate sigcer = GetSigningCertificate();
- IX509Certificate isscer = cs[1];
+ IX509Certificate isscer = (IX509Certificate)cs[1];
ICertID tis = SignUtils.GenerateCertificateId(isscer, sigcer.GetSerialNumber(), cid.GetHashAlgOID());
return tis.Equals(cid);
}
@@ -1289,10 +1321,14 @@ public virtual bool IsRevocationValid() {
}
/// Helper method that creates the IBasicOCSPResp object.
- ///
+ ///
+ ///
+ ///
+ /// wrapper
+ ///
private void FindOcsp(IAsn1Sequence seq) {
basicResp = null;
- bool ret = false;
+ bool ret;
while (true) {
IDerObjectIdentifier objectIdentifier = BOUNCY_CASTLE_FACTORY.CreateASN1ObjectIdentifier(seq.GetObjectAt(0
));
diff --git a/itext/itext.sign/itext/signatures/SecurityIDs.cs b/itext/itext.sign/itext/signatures/SecurityIDs.cs
index 18f06637e6..b2cdf9c851 100644
--- a/itext/itext.sign/itext/signatures/SecurityIDs.cs
+++ b/itext/itext.sign/itext/signatures/SecurityIDs.cs
@@ -74,5 +74,7 @@ public class SecurityIDs {
public const String ID_MGF1 = "1.2.840.113549.1.1.8";
public const String ID_AA_TIME_STAMP_TOKEN = "1.2.840.113549.1.9.16.2.14";
+
+ public const String ID_RI_OCSP_RESPONSE = "1.3.6.1.5.5.7.16.2";
}
}
diff --git a/itext/itext.sign/itext/signatures/SignUtils.cs b/itext/itext.sign/itext/signatures/SignUtils.cs
index 6fd8e03eae..6ec496806f 100644
--- a/itext/itext.sign/itext/signatures/SignUtils.cs
+++ b/itext/itext.sign/itext/signatures/SignUtils.cs
@@ -68,6 +68,10 @@ internal static IX509Crl ParseCrlFromUrl(String crlurl) {
Stream url = WebRequest.Create(crlurl).GetResponse().GetResponseStream();
return ParseCrlFromStream(url);
}
+
+ internal static ICollection ReadAllCRLs(byte[] crlBytes) {
+ return FACTORY.CreateX509Crls(new MemoryStream(crlBytes));
+ }
internal static byte[] GetExtensionValueByOid(IX509Certificate certificate, String oid) {
IAsn1OctetString extensionValue = certificate.GetExtensionValue(oid);
diff --git a/itext/itext.sign/itext/signatures/SignatureUtil.cs b/itext/itext.sign/itext/signatures/SignatureUtil.cs
index 7f86276872..436aad56c4 100644
--- a/itext/itext.sign/itext/signatures/SignatureUtil.cs
+++ b/itext/itext.sign/itext/signatures/SignatureUtil.cs
@@ -35,9 +35,9 @@ You should have received a copy of the GNU Affero General Public License
namespace iText.Signatures {
/// Utility class that provides several convenience methods concerning digital signatures.
public class SignatureUtil {
- private PdfDocument document;
+ private readonly PdfDocument document;
- private PdfAcroForm acroForm;
+ private readonly PdfAcroForm acroForm;
private IDictionary sigNames;
diff --git a/itext/itext.sign/itext/signatures/cms/CMSContainer.cs b/itext/itext.sign/itext/signatures/cms/CMSContainer.cs
index a743b691db..c9f473c21a 100644
--- a/itext/itext.sign/itext/signatures/cms/CMSContainer.cs
+++ b/itext/itext.sign/itext/signatures/cms/CMSContainer.cs
@@ -26,6 +26,7 @@ You should have received a copy of the GNU Affero General Public License
using iText.Bouncycastleconnector;
using iText.Commons.Bouncycastle;
using iText.Commons.Bouncycastle.Asn1;
+using iText.Commons.Bouncycastle.Asn1.Ocsp;
using iText.Commons.Bouncycastle.Cert;
using iText.Commons.Utils;
using iText.Kernel.Exceptions;
@@ -40,6 +41,26 @@ namespace iText.Signatures.Cms {
public class CMSContainer {
private static readonly IBouncyCastleFactory BC_FACTORY = BouncyCastleFactoryCreator.GetFactory();
+ /// Collection to store revocation info other than OCSP and CRL responses, e.g. SCVP Request and Response.
+ ///
+ internal readonly ICollection otherRevocationInfo = new List();
+
+ /// Optional.
+ ///
+ /// Optional.
+ ///
+ /// It is a collection of CRL revocation status information.
+ ///
+ private readonly ICollection crls = new List();
+
+ /// Optional.
+ ///
+ /// Optional.
+ ///
+ /// It is a collection of CRL revocation status information.
+ ///
+ private readonly ICollection ocsps = new List();
+
/// This represents the signed content.
///
/// This represents the signed content.
@@ -80,11 +101,14 @@ public CMSContainer(byte[] encodedCMSdata) {
IAsn1Sequence lencapContentInfo = BC_FACTORY.CreateASN1Sequence(signedData.GetObjectAt(2));
encapContentInfo = new EncapsulatedContentInfo(lencapContentInfo);
ProcessCertificates(signedData);
- IAsn1Set signerInfosS = BC_FACTORY.CreateASN1Set(signedData.GetObjectAt(4));
- if (signerInfosS == null) {
- // Most probably revocation data is in place, so read next item.
- signerInfosS = BC_FACTORY.CreateASN1Set(signedData.GetObjectAt(5));
+ int next = 4;
+ IAsn1TaggedObject taggedObj = BC_FACTORY.CreateASN1TaggedObject(signedData.GetObjectAt(next));
+ if (taggedObj != null) {
+ ++next;
+ CertificateUtil.RetrieveRevocationInfoFromSignedData(taggedObj, this.crls, this.ocsps, this.otherRevocationInfo
+ );
}
+ IAsn1Set signerInfosS = BC_FACTORY.CreateASN1Set(signedData.GetObjectAt(next));
if (signerInfosS.Size() != 1) {
throw new PdfException(SignExceptionMessageConstant.CMS_ONLY_ONE_SIGNER_ALLOWED);
}
@@ -187,6 +211,30 @@ public virtual ICollection GetCertificates() {
return JavaCollectionsUtil.UnmodifiableCollection(certificates);
}
+ /// Retrieves a copy of the list of CRLs.
+ /// the list of CRL revocation info.
+ public virtual ICollection GetCrls() {
+ return JavaCollectionsUtil.UnmodifiableCollection(crls);
+ }
+
+ /// Adds a CRL response to the CMS container.
+ /// the CRL response to be added.
+ public virtual void AddCrl(IX509Crl crl) {
+ crls.Add(crl);
+ }
+
+ /// Retrieves a copy of the list of OCSPs.
+ /// the list of OCSP revocation info.
+ public virtual ICollection GetOcsps() {
+ return JavaCollectionsUtil.UnmodifiableCollection(ocsps);
+ }
+
+ /// Adds an OCSP response to the CMS container.
+ /// the OCSP response to be added.
+ public virtual void AddOcsp(IBasicOcspResponse ocspResponse) {
+ ocsps.Add(ocspResponse);
+ }
+
/// Sets the Signed Attributes of the signer info to this serialized version.
///
/// Sets the Signed Attributes of the signer info to this serialized version.
@@ -228,9 +276,16 @@ algorithm OBJECT IDENTIFIER
parameters ANY
encapContentInfo EncapsulatedContentInfo SEQUENCE
eContentType ContentType OBJECT IDENTIFIER (1.2.840.113549.1.7.1 data)
- CertificateSet [0] (set?)
+ certificates CertificateSet [0] SET
CertificateChoices SEQUENCE
tbsCertificate TBSCertificate SEQUENCE
+ crls RevocationInfoChoices [1] SET
+ RevocationInfoChoice CHOICE {
+ crl CertificateList SEQUENCE,
+ other OtherRevocationInfoFormat SEQUENCE
+ otherRevInfoFormat OBJECT IDENTIFIER,
+ otherRevInfo ANY DEFINED BY otherRevInfoFormat (SEQUENCE for OCSP)
+ }
signerInfos SignerInfos SET
*/
IAsn1EncodableVector contentInfoV = BC_FACTORY.CreateASN1EncodableVector();
@@ -252,6 +307,11 @@ signerInfos SignerInfos SET
certificateSetV.Add(BC_FACTORY.CreateASN1Primitive(cert.GetEncoded()));
}
singedDataV.Add(BC_FACTORY.CreateDERTaggedObject(false, 0, BC_FACTORY.CreateDERSet(certificateSetV)));
+ IDerSet revInfoChoices = CertificateUtil.CreateRevocationInfoChoices(this.crls, this.ocsps, this.otherRevocationInfo
+ );
+ if (revInfoChoices != null) {
+ singedDataV.Add(BC_FACTORY.CreateDERTaggedObject(false, 1, revInfoChoices));
+ }
IAsn1EncodableVector signerInfosV = BC_FACTORY.CreateASN1EncodableVector();
signerInfosV.Add(signerInfo.GetAsDerSequence(forEstimation));
singedDataV.Add(BC_FACTORY.CreateDERSet(signerInfosV));
diff --git a/itext/itext.sign/itext/signatures/logs/SignLogMessageConstant.cs b/itext/itext.sign/itext/signatures/logs/SignLogMessageConstant.cs
index 18a2987826..d1ae3f019b 100644
--- a/itext/itext.sign/itext/signatures/logs/SignLogMessageConstant.cs
+++ b/itext/itext.sign/itext/signatures/logs/SignLogMessageConstant.cs
@@ -34,6 +34,8 @@ public sealed class SignLogMessageConstant {
public const String REVOCATION_DATA_NOT_ADDED_VALIDITY_ASSURED = "Revocation data for certificate: \"{0}\" is not added due to validity assured - short term extension.";
+ public const String UNABLE_TO_PARSE_REV_INFO = "Unable to parse signed data revocation info item " + "since it is incorrect or unsupported (e.g. SCVP Request and Response).";
+
private SignLogMessageConstant() {
}
// Private constructor will prevent the instantiation of this class directly
diff --git a/port-hash b/port-hash
index 1e75bf84a1..854f4a9780 100644
--- a/port-hash
+++ b/port-hash
@@ -1 +1 @@
-4dcad825a0685a8a9b9ae0a6346310de34754ac5
\ No newline at end of file
+c277cd7dc90b08e38b4d6ffb7d4d09e7953deae6