hexapdf 0.19.0 → 0.19.1

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hexapdf
 version: !ruby/object:Gem::Version
-  version: 0.19.0
+  version: 0.19.1
 platform: ruby
 authors:
 - Thomas Leitner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-24 00:00:00.000000000 Z
+date: 2021-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cmdparse
@@ -254,6 +254,7 @@ files:
 - lib/hexapdf/document/fonts.rb
 - lib/hexapdf/document/images.rb
 - lib/hexapdf/document/pages.rb
+- lib/hexapdf/document/signatures.rb
 - lib/hexapdf/encryption.rb
 - lib/hexapdf/encryption/aes.rb
 - lib/hexapdf/encryption/arc4.rb
@@ -396,6 +397,7 @@ files:
 - lib/hexapdf/type/page.rb
 - lib/hexapdf/type/page_tree_node.rb
 - lib/hexapdf/type/resources.rb
+- lib/hexapdf/type/signature/adbe_pkcs7_detached.rb
 - lib/hexapdf/type/trailer.rb
 - lib/hexapdf/type/viewer_preferences.rb
 - lib/hexapdf/type/xref_stream.rb
@@ -434,36 +436,6 @@ files:
 - test/data/aes-test-vectors/CBCVarTxt-192-encrypt.data.gz
 - test/data/aes-test-vectors/CBCVarTxt-256-decrypt.data.gz
 - test/data/aes-test-vectors/CBCVarTxt-256-encrypt.data.gz
-- test/data/cert/create.sh
-- test/data/cert/root-ca/certs/84E66B6F4C359E741C0AFA014790DF39.pem
-- test/data/cert/root-ca/certs/84E66B6F4C359E741C0AFA014790DF3A.pem
-- test/data/cert/root-ca/db/crlnumber
-- test/data/cert/root-ca/db/index
-- test/data/cert/root-ca/db/index.attr
-- test/data/cert/root-ca/db/index.attr.old
-- test/data/cert/root-ca/db/index.old
-- test/data/cert/root-ca/db/serial
-- test/data/cert/root-ca/db/serial.old
-- test/data/cert/root-ca/private/root-ca.key
-- test/data/cert/root-ca/root-ca.conf
-- test/data/cert/root-ca/root-ca.crt
-- test/data/cert/root-ca/root-ca.csr
-- test/data/cert/signature-1-pkcs7-detached.pdf
-- test/data/cert/sub-ca/certs/453FF080E3EDCD6A388D5368DFC320D9.pem
-- test/data/cert/sub-ca/db/crlnumber
-- test/data/cert/sub-ca/db/index
-- test/data/cert/sub-ca/db/index.attr
-- test/data/cert/sub-ca/db/index.old
-- test/data/cert/sub-ca/db/serial
-- test/data/cert/sub-ca/db/serial.old
-- test/data/cert/sub-ca/private/signing.key
-- test/data/cert/sub-ca/private/sub-ca.key
-- test/data/cert/sub-ca/signing.crt
-- test/data/cert/sub-ca/signing.csr
-- test/data/cert/sub-ca/signing.p12
-- test/data/cert/sub-ca/sub-ca.conf
-- test/data/cert/sub-ca/sub-ca.crt
-- test/data/cert/sub-ca/sub-ca.csr
 - test/data/fonts/Ubuntu-Title.ttf
 - test/data/images/cmyk.jpg
 - test/data/images/fillbytes.jpg

data/test/data/cert/create.sh

@@ -1,171 +0,0 @@
-#!/bin/sh
-# See https://www.feistyduck.com/library/openssl-cookbook/online/ch-openssl.html
-
-
-#####################################3
-# Root CA
-mkdir root-ca
-cd root-ca
-mkdir certs db private
-touch db/index
-openssl rand -hex 16 > db/serial
-echo 1001 > db/crlnumber
-
-cat > root-ca.conf <<'CACONF'
-[default]
-name                     = root-ca
-domain_suffix            = hexapdf.gettalong.org
-aia_url                  = http://$name.$domain_suffix/$name.crt
-crl_url                  = http://$name.$domain_suffix/$name.crl
-default_ca               = ca_default
-name_opt                 = utf8,esc_ctrl,multiline,lname,align
-
-[ca_dn]
-countryName              = "AT"
-organizationName         = "HexaPDF"
-commonName               = "HexaPDF Test Root CA"
-
-[ca_default]
-home                     = ../root-ca
-database                 = $home/db/index
-serial                   = $home/db/serial
-crlnumber                = $home/db/crlnumber
-certificate              = $home/$name.crt
-private_key              = $home/private/$name.key
-RANDFILE                 = $home/private/random
-new_certs_dir            = $home/certs
-unique_subject           = no
-copy_extensions          = none
-default_days             = 36500
-default_crl_days         = 365
-default_md               = sha256
-policy                   = policy_c_o_match
-
-[policy_c_o_match]
-countryName              = match
-stateOrProvinceName      = optional
-organizationName         = match
-organizationalUnitName   = optional
-commonName               = supplied
-emailAddress             = optional
-
-[req]
-default_bits             = 4096
-encrypt_key              = no
-default_md               = sha256
-utf8                     = yes
-string_mask              = utf8only
-prompt                   = no
-distinguished_name       = ca_dn
-req_extensions           = ca_ext
-
-[ca_ext]
-basicConstraints         = critical,CA:true
-keyUsage                 = critical,keyCertSign,cRLSign
-subjectKeyIdentifier     = hash
-
-[sub_ca_ext]
-authorityKeyIdentifier   = keyid:always
-basicConstraints         = critical,CA:true,pathlen:0
-extendedKeyUsage         = clientAuth,serverAuth
-keyUsage                 = critical,keyCertSign,cRLSign
-subjectKeyIdentifier     = hash
-
-[client_ext]
-authorityKeyIdentifier   = keyid:always
-basicConstraints         = critical,CA:false
-extendedKeyUsage         = clientAuth
-keyUsage                 = critical,digitalSignature
-subjectKeyIdentifier     = hash
-CACONF
-
-openssl req -new -config root-ca.conf -out root-ca.csr -keyout private/root-ca.key
-openssl ca -selfsign -config root-ca.conf -batch -in root-ca.csr -out root-ca.crt -extensions ca_ext
-
-#####################################3
-# Subordinate CA
-cd ..
-mkdir sub-ca
-cd sub-ca
-mkdir certs db private
-touch db/index
-openssl rand -hex 16 > db/serial
-echo 1001 > db/crlnumber
-
-cat > sub-ca.conf <<'CACONF'
-[default]
-name                     = sub-ca
-domain_suffix            = hexapdf.gettalong.org
-aia_url                  = http://$name.$domain_suffix/$name.crt
-crl_url                  = http://$name.$domain_suffix/$name.crl
-default_ca               = ca_default
-name_opt                 = utf8,esc_ctrl,multiline,lname,align
-
-[ca_dn]
-countryName              = "AT"
-organizationName         = "HexaPDF"
-commonName               = "HexaPDF Test Subordinate CA"
-
-[ca_default]
-home                     = ../sub-ca
-database                 = $home/db/index
-serial                   = $home/db/serial
-crlnumber                = $home/db/crlnumber
-certificate              = $home/$name.crt
-private_key              = $home/private/$name.key
-RANDFILE                 = $home/private/random
-new_certs_dir            = $home/certs
-unique_subject           = no
-copy_extensions          = copy
-default_days             = 36500
-default_crl_days         = 90
-default_md               = sha256
-policy                   = policy_c_o_match
-
-[policy_c_o_match]
-countryName              = match
-stateOrProvinceName      = optional
-organizationName         = match
-organizationalUnitName   = optional
-commonName               = supplied
-emailAddress             = optional
-
-[req]
-default_bits             = 4096
-encrypt_key              = no
-default_md               = sha256
-utf8                     = yes
-string_mask              = utf8only
-prompt                   = no
-distinguished_name       = ca_dn
-req_extensions           = ca_ext
-
-[ca_ext]
-basicConstraints         = critical,CA:true
-keyUsage                 = critical,keyCertSign,cRLSign
-subjectKeyIdentifier     = hash
-
-[sub_ca_ext]
-authorityKeyIdentifier   = keyid:always
-basicConstraints         = critical,CA:true,pathlen:0
-extendedKeyUsage         = clientAuth,serverAuth
-keyUsage                 = critical,keyCertSign,cRLSign
-subjectKeyIdentifier     = hash
-
-[client_ext]
-authorityKeyIdentifier   = keyid:always
-basicConstraints         = critical,CA:false
-extendedKeyUsage         = clientAuth
-keyUsage                 = critical,digitalSignature
-subjectKeyIdentifier     = hash
-CACONF
-
-openssl req -new -config sub-ca.conf -out sub-ca.csr -keyout private/sub-ca.key
-openssl ca -config ../root-ca/root-ca.conf -batch -in sub-ca.csr -out sub-ca.crt -extensions sub_ca_ext
-
-
-#####################################3
-# Signing certificate
-openssl req -new -config sub-ca.conf -subj "/C=AT/O=HexaPDF/CN=HexaPDF Test Certifcate" -keyout private/signing.key -out signing.csr
-openssl ca -config sub-ca.conf -in signing.csr -batch -out signing.crt -extensions client_ext
-openssl pkcs12 -export -in signing.crt -inkey private/signing.key -password pass: -out signing.p12

data/test/data/cert/root-ca/certs/84E66B6F4C359E741C0AFA014790DF39.pem

@@ -1,119 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            84:e6:6b:6f:4c:35:9e:74:1c:0a:fa:01:47:90:df:39
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=AT, O=HexaPDF, CN=HexaPDF Test Root CA
-        Validity
-            Not Before: Nov  8 06:10:02 2021 GMT
-            Not After : Oct 15 06:10:02 2121 GMT
-        Subject: C=AT, O=HexaPDF, CN=HexaPDF Test Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (4096 bit)
-                Modulus:
-                    00:d6:a4:af:c5:b9:7b:7c:af:0a:fd:3b:34:22:60:
-                    c8:8f:b0:0a:19:67:02:b7:7b:b1:ca:61:68:b8:e3:
-                    bd:8d:97:a7:21:2f:0c:0c:21:8d:d8:4d:a0:de:c4:
-                    ad:a9:dc:a2:8c:44:e6:b0:e4:85:d7:fc:3f:fb:b1:
-                    95:b2:9a:d7:f8:f0:93:7e:cc:8d:5a:f1:30:56:7b:
-                    23:1d:1f:23:39:46:62:52:ed:ab:8e:11:ac:44:07:
-                    7c:94:26:31:9a:eb:7d:15:c8:20:84:cd:5d:45:65:
-                    95:ea:a7:fe:e9:b5:2f:86:51:2e:eb:20:24:4f:c9:
-                    a9:08:71:b5:95:fd:7f:d1:e8:55:06:71:b6:a3:45:
-                    d1:a6:47:9c:b7:8f:cc:97:95:d8:54:07:d5:43:47:
-                    7d:24:1b:26:40:ce:e6:a5:1e:33:1d:da:24:05:e4:
-                    3d:77:66:59:3f:55:bb:26:8d:12:9d:60:bc:22:1b:
-                    00:10:24:6a:39:00:0e:89:44:be:97:3f:fc:30:fb:
-                    fc:21:8f:d3:b8:ed:5a:5d:6f:8c:b2:cd:0d:9d:2c:
-                    c3:8b:d8:37:ac:f1:6c:ac:58:5b:c0:67:2b:4c:85:
-                    27:55:ab:d9:a1:9a:1e:6b:64:7e:ca:40:48:4c:54:
-                    dd:0b:fc:77:dd:38:10:78:15:fc:a5:3d:d8:8a:1f:
-                    f4:0a:17:63:87:84:a0:12:9d:f8:07:a5:26:b2:2a:
-                    43:97:61:e5:bd:c3:c8:65:06:ba:39:3e:a0:24:f5:
-                    91:84:b6:be:80:45:72:d0:9e:2b:cd:44:e7:b3:7e:
-                    91:b1:7b:c8:7b:2e:db:7e:aa:a5:1d:b5:66:9e:a7:
-                    e6:d5:47:00:4c:1a:2f:30:70:ca:da:e8:0f:ad:d8:
-                    f4:4b:64:a5:36:2a:6f:c7:b5:82:b9:f9:3c:b2:85:
-                    65:b7:f5:2d:1a:18:f8:97:9e:f6:6e:a3:05:22:7e:
-                    ca:2c:3b:7b:65:8e:e7:bf:09:0f:6c:79:3a:61:5a:
-                    2e:e1:3e:c1:bc:43:e2:08:cc:b0:ab:05:48:70:75:
-                    44:85:5b:5b:b0:47:0a:96:36:9a:eb:f4:9d:13:b3:
-                    09:aa:2d:da:1d:40:6b:6c:25:5a:d9:e5:28:9b:4d:
-                    92:8d:62:3f:8a:5e:1f:08:f3:8a:c7:fa:72:98:e6:
-                    74:73:a8:dd:ba:df:7c:36:5c:99:e2:21:f0:3e:11:
-                    8b:01:3b:2a:21:e6:39:33:56:88:2d:dd:25:96:1d:
-                    23:70:bc:4e:7e:e5:6a:07:91:d4:03:01:34:01:f2:
-                    c1:db:81:84:62:3e:8e:76:b9:ea:4a:aa:ef:f8:be:
-                    ce:45:69:84:e7:80:73:20:ed:1a:91:a6:cc:03:cb:
-                    d7:36:f9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                1A:80:9F:49:AD:91:C8:C0:36:23:1D:ED:CD:FF:2A:F6:43:47:E4:6D
-    Signature Algorithm: sha256WithRSAEncryption
-         11:0b:b4:6c:2f:9d:cc:aa:c7:d8:b7:24:f3:df:9c:b5:63:88:
-         6c:25:a7:de:d2:26:7b:7e:f2:5a:06:1d:77:26:9b:75:6a:fc:
-         35:33:9b:01:9d:b1:9b:fb:77:24:44:36:02:23:8e:7c:38:8c:
-         a9:18:c2:6b:c0:b8:c7:cd:6f:f3:5a:61:b5:1e:db:cd:6e:2a:
-         41:49:4d:a7:d1:fc:db:a0:c2:72:17:2e:bb:17:b4:19:61:7f:
-         75:f6:47:a9:78:66:bb:f8:3e:7f:ad:57:19:7d:ff:6f:e7:31:
-         85:d7:92:0c:a4:8a:d0:ad:1b:99:dd:fb:d5:3b:21:fd:8c:c6:
-         bd:ee:c7:85:20:52:a5:17:35:cd:2a:3c:68:b3:b3:ab:79:9c:
-         e4:f0:e5:88:c7:5b:db:2f:7e:c6:a1:ce:cb:78:59:be:cc:69:
-         af:ad:b1:e0:12:82:ad:5f:ca:eb:63:d9:78:63:46:94:45:98:
-         0b:d3:20:56:ab:f3:71:3e:b4:5d:1c:c6:7d:de:21:1d:2e:25:
-         98:c1:d9:a6:ac:62:c3:7c:44:76:58:66:dc:ef:35:23:1a:e0:
-         5f:16:ee:a0:4e:18:c1:83:7a:6f:47:e4:b8:58:cb:ab:58:48:
-         e3:25:e4:36:0a:97:2d:81:37:e6:09:87:9d:c1:99:2f:2e:aa:
-         49:27:a7:f1:66:aa:b5:8a:5d:52:f8:4a:00:4e:bb:6d:14:40:
-         dc:91:7f:7a:11:26:4c:33:a8:91:75:6a:1e:7a:68:8a:a2:64:
-         06:5e:df:3d:c4:a9:d8:c7:a2:8c:49:00:49:fa:50:a6:a8:5c:
-         cb:46:b3:0d:7d:a9:6a:31:81:d4:43:8e:b0:6a:48:d8:f1:19:
-         bd:b1:59:43:42:9f:bf:16:8c:74:65:1a:17:32:c5:4a:2e:bb:
-         ef:48:8e:19:07:61:64:d2:21:77:d4:0e:7d:61:02:36:66:2e:
-         84:26:cb:1d:12:9a:5c:5c:4e:6d:2a:d5:23:dc:ad:5c:7d:bf:
-         44:bd:de:dc:ad:b3:05:7f:7f:71:62:6c:47:7d:7b:7a:a2:26:
-         e7:68:a1:c7:b6:65:ec:e7:4e:c8:92:6a:c2:25:db:27:ba:5e:
-         a4:05:73:e5:84:04:93:50:fd:4b:41:c2:10:4f:0e:13:17:b5:
-         9c:ff:4e:3d:c6:83:7c:1b:8d:a2:70:4b:cf:46:a8:4f:67:bc:
-         04:0e:00:46:54:1f:dd:8c:67:47:88:e3:e2:85:5c:ec:56:7a:
-         52:09:66:70:88:7a:48:df:77:88:4c:fa:20:9f:36:c2:6f:72:
-         4f:1e:8d:5d:75:a5:a6:48:8d:fa:41:04:c7:c2:62:7d:b5:1d:
-         d2:6b:a6:13:34:4e:58:b0
------BEGIN CERTIFICATE-----
-MIIFSzCCAzOgAwIBAgIRAITma29MNZ50HAr6AUeQ3zkwDQYJKoZIhvcNAQELBQAw
-PjELMAkGA1UEBhMCQVQxEDAOBgNVBAoMB0hleGFQREYxHTAbBgNVBAMMFEhleGFQ
-REYgVGVzdCBSb290IENBMCAXDTIxMTEwODA2MTAwMloYDzIxMjExMDE1MDYxMDAy
-WjA+MQswCQYDVQQGEwJBVDEQMA4GA1UECgwHSGV4YVBERjEdMBsGA1UEAwwUSGV4
-YVBERiBUZXN0IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
-AQDWpK/FuXt8rwr9OzQiYMiPsAoZZwK3e7HKYWi4472Nl6chLwwMIY3YTaDexK2p
-3KKMROaw5IXX/D/7sZWymtf48JN+zI1a8TBWeyMdHyM5RmJS7auOEaxEB3yUJjGa
-630VyCCEzV1FZZXqp/7ptS+GUS7rICRPyakIcbWV/X/R6FUGcbajRdGmR5y3j8yX
-ldhUB9VDR30kGyZAzualHjMd2iQF5D13Zlk/VbsmjRKdYLwiGwAQJGo5AA6JRL6X
-P/ww+/whj9O47Vpdb4yyzQ2dLMOL2Des8WysWFvAZytMhSdVq9mhmh5rZH7KQEhM
-VN0L/HfdOBB4FfylPdiKH/QKF2OHhKASnfgHpSayKkOXYeW9w8hlBro5PqAk9ZGE
-tr6ARXLQnivNROezfpGxe8h7Ltt+qqUdtWaep+bVRwBMGi8wcMra6A+t2PRLZKU2
-Km/HtYK5+TyyhWW39S0aGPiXnvZuowUifsosO3tljue/CQ9seTphWi7hPsG8Q+II
-zLCrBUhwdUSFW1uwRwqWNprr9J0TswmqLdodQGtsJVrZ5SibTZKNYj+KXh8I84rH
-+nKY5nRzqN2633w2XJniIfA+EYsBOyoh5jkzVogt3SWWHSNwvE5+5WoHkdQDATQB
-8sHbgYRiPo52uepKqu/4vs5FaYTngHMg7RqRpswDy9c2+QIDAQABo0IwQDAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUGoCfSa2RyMA2
-Ix3tzf8q9kNH5G0wDQYJKoZIhvcNAQELBQADggIBABELtGwvncyqx9i3JPPfnLVj
-iGwlp97SJnt+8loGHXcmm3Vq/DUzmwGdsZv7dyRENgIjjnw4jKkYwmvAuMfNb/Na
-YbUe281uKkFJTafR/NugwnIXLrsXtBlhf3X2R6l4Zrv4Pn+tVxl9/2/nMYXXkgyk
-itCtG5nd+9U7If2Mxr3ux4UgUqUXNc0qPGizs6t5nOTw5YjHW9svfsahzst4Wb7M
-aa+tseASgq1fyutj2XhjRpRFmAvTIFar83E+tF0cxn3eIR0uJZjB2aasYsN8RHZY
-ZtzvNSMa4F8W7qBOGMGDem9H5LhYy6tYSOMl5DYKly2BN+YJh53BmS8uqkknp/Fm
-qrWKXVL4SgBOu20UQNyRf3oRJkwzqJF1ah56aIqiZAZe3z3EqdjHooxJAEn6UKao
-XMtGsw19qWoxgdRDjrBqSNjxGb2xWUNCn78WjHRlGhcyxUouu+9IjhkHYWTSIXfU
-Dn1hAjZmLoQmyx0SmlxcTm0q1SPcrVx9v0S93tytswV/f3FibEd9e3qiJudooce2
-ZeznTsiSasIl2ye6XqQFc+WEBJNQ/UtBwhBPDhMXtZz/Tj3Gg3wbjaJwS89GqE9n
-vAQOAEZUH92MZ0eI4+KFXOxWelIJZnCIekjfd4hM+iCfNsJvck8ejV11paZIjfpB
-BMfCYn21HdJrphM0Tliw
------END CERTIFICATE-----

data/test/data/cert/root-ca/certs/84E66B6F4C359E741C0AFA014790DF3A.pem

@@ -1,125 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            84:e6:6b:6f:4c:35:9e:74:1c:0a:fa:01:47:90:df:3a
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=AT, O=HexaPDF, CN=HexaPDF Test Root CA
-        Validity
-            Not Before: Nov  8 06:10:02 2021 GMT
-            Not After : Oct 15 06:10:02 2121 GMT
-        Subject: C=AT, O=HexaPDF, CN=HexaPDF Test Subordinate CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (4096 bit)
-                Modulus:
-                    00:a6:2e:82:aa:b8:8f:e4:3c:c5:15:bb:8b:ea:75:
-                    f6:10:a1:61:a8:43:2e:ef:ee:78:0a:a7:a0:ce:76:
-                    a0:85:ad:5c:93:d8:d1:21:27:55:85:8d:82:be:e0:
-                    e3:70:5e:01:e6:a7:1a:44:4d:80:83:9b:31:fc:35:
-                    0f:53:67:ea:b3:99:ca:34:78:19:c6:8a:7e:08:1e:
-                    01:17:f1:88:e5:4d:f0:28:9e:33:fa:68:a0:38:1c:
-                    ee:b8:8e:0a:85:40:62:2f:53:3e:e2:d4:50:5d:77:
-                    a1:7d:4b:a6:53:6e:5a:4d:ab:68:dd:95:7a:ba:2c:
-                    8b:f2:5b:7d:1d:87:e8:33:04:f7:f0:ed:60:f2:d3:
-                    85:48:e1:ab:98:d7:01:89:73:49:50:18:21:9e:fc:
-                    a7:3e:e2:eb:32:1c:fc:34:3d:5f:3b:f5:d6:2e:8d:
-                    5b:d7:80:48:62:b4:92:e1:ff:ca:f6:8a:e4:e4:ac:
-                    70:d7:2a:75:d2:1b:81:27:d4:39:60:e1:2a:c4:7e:
-                    7f:d1:5a:45:5d:da:14:ac:5e:47:6a:1f:81:6c:ec:
-                    91:44:b8:07:3b:02:d5:35:ff:fd:3b:d0:12:a6:67:
-                    0b:98:ae:26:5e:7c:9c:5f:0b:c5:8b:2a:63:85:45:
-                    c9:6e:1e:8a:64:fd:1f:e3:c6:82:65:52:e1:24:3f:
-                    b3:3e:e9:0c:37:de:26:91:61:b5:10:84:64:04:25:
-                    f7:ab:e0:83:76:3d:c9:9e:12:c8:dc:84:85:71:99:
-                    f4:75:3c:63:da:5a:06:ac:60:13:48:00:2a:c3:b5:
-                    23:06:99:d6:fd:81:3a:61:64:b2:d9:5b:ae:45:0c:
-                    4b:bb:a8:9c:2d:0e:a6:fe:d4:74:ca:51:70:4b:60:
-                    c2:bc:d5:c2:9a:79:c6:85:6c:f8:72:60:41:f6:b0:
-                    58:cf:d4:ed:7c:fd:d9:2a:bc:8e:3b:5a:4f:4b:58:
-                    e0:6e:7c:7c:f1:28:a5:52:85:dd:24:48:70:70:97:
-                    75:3f:b3:2b:02:55:ac:c6:05:bb:ec:f2:7d:6a:a2:
-                    c6:0a:5e:86:ed:32:93:cc:f2:2b:d9:68:22:c9:44:
-                    9c:8e:6d:88:17:50:54:7a:fc:27:c4:b5:93:42:6f:
-                    dd:d7:c5:28:8b:8f:c2:2c:0f:02:76:d9:f8:11:78:
-                    5d:00:d7:17:9c:57:4a:b6:0a:51:a6:d5:79:7b:ca:
-                    6b:e0:59:e2:7e:0a:4b:ae:33:cb:39:b4:fe:8f:62:
-                    8d:0b:07:87:d0:27:8c:3f:a0:42:f1:a5:36:4f:21:
-                    57:f7:3c:5a:1b:60:ca:41:0d:e3:3e:35:16:23:c5:
-                    82:d0:c1:47:50:8a:ba:35:26:8f:1a:d1:95:2c:1f:
-                    91:ee:1b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1A:80:9F:49:AD:91:C8:C0:36:23:1D:ED:CD:FF:2A:F6:43:47:E4:6D
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:0
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication, TLS Web Server Authentication
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                56:3E:DA:D2:9A:AA:30:A1:70:75:5A:85:15:FE:2F:8B:F5:86:FF:61
-    Signature Algorithm: sha256WithRSAEncryption
-         39:23:34:6b:dc:54:d8:b0:ce:81:7c:59:5e:03:54:43:c3:28:
-         f7:a8:fd:73:2a:47:7e:d0:0c:29:7b:47:fe:5c:ce:64:dd:08:
-         99:35:91:b8:15:19:b2:b2:0e:6b:37:61:37:44:82:86:77:e0:
-         1f:63:c5:e1:15:e8:97:80:34:c0:cf:58:3c:32:60:d5:1c:9b:
-         14:80:72:cb:ac:d2:66:d4:c3:4b:f9:1a:7f:41:a5:46:ca:66:
-         ac:83:d6:e7:b0:02:a4:78:f4:7f:30:34:ac:33:f9:31:68:b4:
-         8e:a8:7f:2e:e1:64:58:e4:e8:92:48:18:18:15:40:8b:91:8d:
-         6e:a6:aa:80:c3:15:2d:e1:7d:33:46:b7:be:06:be:5e:72:7b:
-         fb:87:fc:9f:1e:74:cd:d8:c7:f9:eb:16:5c:62:28:1c:38:c3:
-         f8:bb:11:06:6f:3f:2b:51:a8:d2:f3:a2:80:87:57:72:f3:98:
-         b8:5d:9d:6e:32:8f:50:9e:12:ab:22:22:68:68:59:0e:99:93:
-         8c:1a:4e:0f:df:7f:0c:35:5c:fa:67:ad:4b:3e:2b:32:c2:10:
-         7f:cf:5e:16:d8:7e:1b:21:d3:ff:7a:0e:19:4a:49:c4:cf:b9:
-         e8:61:61:e3:3b:0f:10:73:28:fe:8e:3b:74:7e:a4:27:7e:d2:
-         67:27:a5:b4:11:e9:29:d9:ef:84:5e:53:d0:9b:1e:a8:2e:7b:
-         70:b4:09:e1:53:26:d9:09:25:e5:fb:e4:95:71:18:8d:22:de:
-         cc:6f:f2:6c:d3:10:8d:7b:1f:72:b0:1b:88:39:c7:5d:a7:46:
-         db:a1:91:ae:66:17:0d:6d:b0:09:b0:a0:89:fc:bf:37:3d:25:
-         67:3d:eb:e8:46:90:95:ac:46:d4:7f:4f:4a:3e:f4:98:96:21:
-         ba:59:f1:dc:96:e3:03:78:e5:74:5a:17:c3:99:a0:1c:45:36:
-         3c:82:01:a2:1b:ff:6f:5b:6a:6f:c4:da:bf:35:3c:05:73:01:
-         6a:ef:f0:57:99:ec:63:ff:dd:32:e2:8b:df:fc:64:10:90:47:
-         58:21:86:90:2f:1b:4c:bf:8b:36:2a:a3:c3:a2:9a:95:31:cb:
-         3a:03:37:c8:71:8f:ff:d8:9b:42:6c:2e:5e:dc:bb:1c:8b:97:
-         cd:97:33:4d:80:8f:db:ad:ec:ac:2a:45:e6:3f:a4:66:c1:17:
-         2d:90:e0:88:f3:b8:d5:fe:36:d6:33:e2:86:1a:bf:d0:e5:01:
-         90:17:da:fa:4a:8a:07:e5:1e:9f:43:45:00:a1:bd:b6:90:13:
-         01:35:d5:0f:59:06:63:b6:a8:3c:78:a6:5b:be:55:70:5e:be:
-         0b:da:72:38:ef:2c:f8:af
------BEGIN CERTIFICATE-----
-MIIFlzCCA3+gAwIBAgIRAITma29MNZ50HAr6AUeQ3zowDQYJKoZIhvcNAQELBQAw
-PjELMAkGA1UEBhMCQVQxEDAOBgNVBAoMB0hleGFQREYxHTAbBgNVBAMMFEhleGFQ
-REYgVGVzdCBSb290IENBMCAXDTIxMTEwODA2MTAwMloYDzIxMjExMDE1MDYxMDAy
-WjBFMQswCQYDVQQGEwJBVDEQMA4GA1UECgwHSGV4YVBERjEkMCIGA1UEAwwbSGV4
-YVBERiBUZXN0IFN1Ym9yZGluYXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
-MIICCgKCAgEApi6CqriP5DzFFbuL6nX2EKFhqEMu7+54Cqegznagha1ck9jRISdV
-hY2CvuDjcF4B5qcaRE2Ag5sx/DUPU2fqs5nKNHgZxop+CB4BF/GI5U3wKJ4z+mig
-OBzuuI4KhUBiL1M+4tRQXXehfUumU25aTato3ZV6uiyL8lt9HYfoMwT38O1g8tOF
-SOGrmNcBiXNJUBghnvynPuLrMhz8ND1fO/XWLo1b14BIYrSS4f/K9ork5Kxw1yp1
-0huBJ9Q5YOEqxH5/0VpFXdoUrF5Hah+BbOyRRLgHOwLVNf/9O9ASpmcLmK4mXnyc
-XwvFiypjhUXJbh6KZP0f48aCZVLhJD+zPukMN94mkWG1EIRkBCX3q+CDdj3JnhLI
-3ISFcZn0dTxj2loGrGATSAAqw7UjBpnW/YE6YWSy2VuuRQxLu6icLQ6m/tR0ylFw
-S2DCvNXCmnnGhWz4cmBB9rBYz9TtfP3ZKryOO1pPS1jgbnx88SilUoXdJEhwcJd1
-P7MrAlWsxgW77PJ9aqLGCl6G7TKTzPIr2WgiyUScjm2IF1BUevwnxLWTQm/d18Uo
-i4/CLA8Cdtn4EXhdANcXnFdKtgpRptV5e8pr4FnifgpLrjPLObT+j2KNCweH0CeM
-P6BC8aU2TyFX9zxaG2DKQQ3jPjUWI8WC0MFHUIq6NSaPGtGVLB+R7hsCAwEAAaOB
-hjCBgzAfBgNVHSMEGDAWgBQagJ9JrZHIwDYjHe3N/yr2Q0fkbTASBgNVHRMBAf8E
-CDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8B
-Af8EBAMCAQYwHQYDVR0OBBYEFFY+2tKaqjChcHVahRX+L4v1hv9hMA0GCSqGSIb3
-DQEBCwUAA4ICAQA5IzRr3FTYsM6BfFleA1RDwyj3qP1zKkd+0Awpe0f+XM5k3QiZ
-NZG4FRmysg5rN2E3RIKGd+AfY8XhFeiXgDTAz1g8MmDVHJsUgHLLrNJm1MNL+Rp/
-QaVGymasg9bnsAKkePR/MDSsM/kxaLSOqH8u4WRY5OiSSBgYFUCLkY1upqqAwxUt
-4X0zRre+Br5ecnv7h/yfHnTN2Mf56xZcYigcOMP4uxEGbz8rUajS86KAh1dy85i4
-XZ1uMo9QnhKrIiJoaFkOmZOMGk4P338MNVz6Z61LPisywhB/z14W2H4bIdP/eg4Z
-SknEz7noYWHjOw8Qcyj+jjt0fqQnftJnJ6W0Eekp2e+EXlPQmx6oLntwtAnhUybZ
-CSXl++SVcRiNIt7Mb/Js0xCNex9ysBuIOcddp0bboZGuZhcNbbAJsKCJ/L83PSVn
-PevoRpCVrEbUf09KPvSYliG6WfHcluMDeOV0WhfDmaAcRTY8ggGiG/9vW2pvxNq/
-NTwFcwFq7/BXmexj/90y4ovf/GQQkEdYIYaQLxtMv4s2KqPDopqVMcs6AzfIcY//
-2JtCbC5e3Lsci5fNlzNNgI/breysKkXmP6RmwRctkOCI87jV/jbWM+KGGr/Q5QGQ
-F9r6SooH5R6fQ0UAob22kBMBNdUPWQZjtqg8eKZbvlVwXr4L2nI47yz4rw==
------END CERTIFICATE-----

data/test/data/cert/root-ca/db/crlnumber

@@ -1 +0,0 @@
-1001

data/test/data/cert/root-ca/db/index

@@ -1,2 +0,0 @@
-V	21211015061002Z		84E66B6F4C359E741C0AFA014790DF39	unknown	/C=AT/O=HexaPDF/CN=HexaPDF Test Root CA
-V	21211015061002Z		84E66B6F4C359E741C0AFA014790DF3A	unknown	/C=AT/O=HexaPDF/CN=HexaPDF Test Subordinate CA

data/test/data/cert/root-ca/db/index.attr

@@ -1 +0,0 @@
-unique_subject = no

data/test/data/cert/root-ca/db/index.attr.old

@@ -1 +0,0 @@
-unique_subject = no

data/test/data/cert/root-ca/db/index.old

@@ -1 +0,0 @@
-V	21211015061002Z		84E66B6F4C359E741C0AFA014790DF39	unknown	/C=AT/O=HexaPDF/CN=HexaPDF Test Root CA

data/test/data/cert/root-ca/db/serial

@@ -1 +0,0 @@
-84E66B6F4C359E741C0AFA014790DF3B

data/test/data/cert/root-ca/db/serial.old

@@ -1 +0,0 @@
-84E66B6F4C359E741C0AFA014790DF3A

data/test/data/cert/root-ca/private/root-ca.key

@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDWpK/FuXt8rwr9
-OzQiYMiPsAoZZwK3e7HKYWi4472Nl6chLwwMIY3YTaDexK2p3KKMROaw5IXX/D/7
-sZWymtf48JN+zI1a8TBWeyMdHyM5RmJS7auOEaxEB3yUJjGa630VyCCEzV1FZZXq
-p/7ptS+GUS7rICRPyakIcbWV/X/R6FUGcbajRdGmR5y3j8yXldhUB9VDR30kGyZA
-zualHjMd2iQF5D13Zlk/VbsmjRKdYLwiGwAQJGo5AA6JRL6XP/ww+/whj9O47Vpd
-b4yyzQ2dLMOL2Des8WysWFvAZytMhSdVq9mhmh5rZH7KQEhMVN0L/HfdOBB4Ffyl
-PdiKH/QKF2OHhKASnfgHpSayKkOXYeW9w8hlBro5PqAk9ZGEtr6ARXLQnivNROez
-fpGxe8h7Ltt+qqUdtWaep+bVRwBMGi8wcMra6A+t2PRLZKU2Km/HtYK5+TyyhWW3
-9S0aGPiXnvZuowUifsosO3tljue/CQ9seTphWi7hPsG8Q+IIzLCrBUhwdUSFW1uw
-RwqWNprr9J0TswmqLdodQGtsJVrZ5SibTZKNYj+KXh8I84rH+nKY5nRzqN2633w2
-XJniIfA+EYsBOyoh5jkzVogt3SWWHSNwvE5+5WoHkdQDATQB8sHbgYRiPo52uepK
-qu/4vs5FaYTngHMg7RqRpswDy9c2+QIDAQABAoICAQDRhV7DLoTZN/ENMg55BGqi
-wB+Lnl8rhkYNnLphyIVOwtt06/zhlptkqpo++lPfPK07KULbJ6dzJxu58CaFetsZ
-eJUxsDDHtioOMRMcqTlz/j2aX8AX5S54FarI3uOLKxYl/f2oROMoC7qknaqara+f
-eH3JLM3lSJ+Ey6KKsDJmT1k3+iZjCJNWsg7LrEX1LmNF24OUsiL47LuRhaXlRi51
-lGuXiK1rcO/rgB84yXqDP1tGG38bQsChtWl7GyzEbcQaeM8sX743hRGxpWL9YmZI
-p9qWFtB6NAx1y6Z8kPjWMCAuY5sEQXIyOJ3/hXJNeIVx3teOjNyerC+7iTxn0Dsh
-F+a5QhSXYcijlQlIvXoZMfmV2HILmxwz9/S9WGZhcnCC+fCdPL/knPYC8ZKAlpTc
-rtAJz1eKUf8tJEECQ0XWtDrtEM69bt11oHzzxedU2HDmTGdS+DJwKTpFb3zbR07Q
-LkL4OOcngHP1KknzIfHbVGgd44czohBGJYjFjlZZUohdKNXN2BgDx8ov9oYx8zJN
-tbOm5N/p2ZSIBpMJm6SctpXk8Lgdfou5Og/NXFVitJ4QjymWjGkBzbQLxeiXRgWO
-4bONt6HWxKaoz0zPmKdZIKR71w7Exm+bwk+qSax3GJg2c3RicVJTq34BB1J94tOg
-vs0rChiys22MK7EUPHwx0QKCAQEA+0VHbrdpCep2z9/ghwfQbbl1JQ/dvaAmF9xt
-DVCFyJUg8RUR8OQndSIDVvDhSp6kpPyS3ZcmRyStAr233syFYAA9W+nX0mgWVW0I
-grC5u6jRAIUnBmuhayY9GYbbdw/7c3uyqJUkNKF6947P9X2VOTHo6RCHXSpdUhAM
-nI8srCd3Vhmo9f17aYEkBHiLC3yhaRYxMFtVrHYTk7/Q5bZ89qjd8BWHSHW0iAyC
-+o4HA7MiHKD1z7qt78XF8ClzrSLzb+xjnh9h5QCmpbWAcqyP6Cv5vu/Gzi4RXH9b
-NLIi7aJ+vPhAvqBkBZLGKGVSJn0GbOggAdnfukvrU7gXKsMnRQKCAQEA2q7sOA9S
-JNmZLpMo9ZznSHxFJ4ftgQnIm3qbOPsln5Sj1Sh9WhOFL7noUvwUQJ7CIJNSnWar
-VydjXxUat37Lx/h/VG0xuMq6jHxfIpgINWbqjXq3okbtVjctgZ9LbuYUOmrJHs2l
-r5V62GsYl0ktIuYGOklxtx3URGpZAjTWKTqXB4g69VLoihgULrq/NPIJcg8HIb6u
-nhLG7xUEp4NS2sa3Lhy232clhc91FLhUKG8MpIeh+8LkovPvaMrNBY4/02MIaewV
-Xu5Drx+uq6shWKzfFFhilftvCiSMfGkW8oaCfClYeNsc9Bka7pz1KKsPx/h2bFsj
-JTFG5CyOFUQCJQKCAQAPhCywEpVi7l6d4ZZM4Fennu8z9bHcttoDWTJGwzUvuL3L
-BWERPhWNrycDpGZVJEzIf2xWULIlbIdehvamxHxr/DfNyDfyn0jZx5zh7SXbB8a4
-QICzbcwPANJ/FAvTY2JEtFvI+0S8F0ivptsCrtmbKZDXa5TgVPBkU+djd5frnZhJ
-8dW0Mw3+6uGdgRAdCnoxMhShhtJYjwYQdqTguo8m8DCcVcf/2nzmdddUv5aBTPuL
-RwlG5aE+EDlz5itlgqYDwFY6eneiG5Mu4nFnI27TiHuopcfiDYg27Qply6ZKhGFN
-LAtbei4TBghEkFUtWUUfTopDcv/U0kFa7yBHHLv9AoIBAQC94imGu/btvGwAPxPP
-wUAqdo1tt9+IrkAckSd7IMgYeu6PRisiLdT2Dg0nEW9cdP3HX2Ta+61HbhIhG6gp
-MNYtex7E5lPIS3AUUGIjHbPy+rwrwST2qXOn6x1+ch0D3JAv8U1Vi+eUQM18YfHm
-W0nwBZ/euKse/62zAkzrV4mmHxPJHIdlQWpdjm7n7Iveo1OEUHw21uW0qEVIkA2M
-jsFA6k9goNpBvcSdHfhh13Rr75EgxAzpGN+ChyGY8o93hX7yRAmoP7CGz4jB5Va8
-BUpdPy4s8loYNUzDl9zMokukpxtiSFxkBI5tfecezfcqKu73Ck155ODtiI4vzmhJ
-GtZpAoIBACELFmWxXLRhP9J4OeWjvwC24DYBBIroajhkHwkOfzq6okJ6la+wQsRp
-U3knWLNqb6I+ISrWBi/UHWTMJyyyBo8Gyjacka8xIkFiQEojbfA5Ip7tvEG5ZCt5
-AdINHZlbuR7/J8utvbm8WG5K2CtTTpo1KsYbBU4uD9VIVJN+ARiw3BXd2KrDjOoJ
-XJ+BWHwZXEjPJwwXbN7K3dB1X+4yPASA1txCdf0GMPxDD6sYfWuSMonPJGwtco/B
-gfHhUEqgNcMEGdYXVEFb7Wy3BHfZiqH+mFbEr/dTHhNvZJs83ngnS5B1dNA652Hw
-dUzZFjNwagPSN1UzhTJVUwGSVv1gejQ=
------END PRIVATE KEY-----

data/test/data/cert/root-ca/root-ca.conf

@@ -1,65 +0,0 @@
-[default]
-name                     = root-ca
-domain_suffix            = hexapdf.gettalong.org
-aia_url                  = http://$name.$domain_suffix/$name.crt
-crl_url                  = http://$name.$domain_suffix/$name.crl
-default_ca               = ca_default
-name_opt                 = utf8,esc_ctrl,multiline,lname,align
-
-[ca_dn]
-countryName              = "AT"
-organizationName         = "HexaPDF"
-commonName               = "HexaPDF Test Root CA"
-
-[ca_default]
-home                     = ../root-ca
-database                 = $home/db/index
-serial                   = $home/db/serial
-crlnumber                = $home/db/crlnumber
-certificate              = $home/$name.crt
-private_key              = $home/private/$name.key
-RANDFILE                 = $home/private/random
-new_certs_dir            = $home/certs
-unique_subject           = no
-copy_extensions          = none
-default_days             = 36500
-default_crl_days         = 365
-default_md               = sha256
-policy                   = policy_c_o_match
-
-[policy_c_o_match]
-countryName              = match
-stateOrProvinceName      = optional
-organizationName         = match
-organizationalUnitName   = optional
-commonName               = supplied
-emailAddress             = optional
-
-[req]
-default_bits             = 4096
-encrypt_key              = no
-default_md               = sha256
-utf8                     = yes
-string_mask              = utf8only
-prompt                   = no
-distinguished_name       = ca_dn
-req_extensions           = ca_ext
-
-[ca_ext]
-basicConstraints         = critical,CA:true
-keyUsage                 = critical,keyCertSign,cRLSign
-subjectKeyIdentifier     = hash
-
-[sub_ca_ext]
-authorityKeyIdentifier   = keyid:always
-basicConstraints         = critical,CA:true,pathlen:0
-extendedKeyUsage         = clientAuth,serverAuth
-keyUsage                 = critical,keyCertSign,cRLSign
-subjectKeyIdentifier     = hash
-
-[client_ext]
-authorityKeyIdentifier   = keyid:always
-basicConstraints         = critical,CA:false
-extendedKeyUsage         = clientAuth
-keyUsage                 = critical,digitalSignature
-subjectKeyIdentifier     = hash