xmlsec-shim 1.2.18.1

data/vendor/xmlsec1-1.2.18/tests/keys/largersakey.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEA82H5NlSuXRdoGxgoJHJOOV2/IBfIfCBZ+6NC5Cy3DW2XfuGb
+ulnD5+hk/3Y1WOCQ+isTkl+6t39UJW7OzRujeJI0MX+d3IBhPHJpbbg1qPgfA2zl
+10FTJISKcnA84jmL7HCd088uCPYFgK82j+2O799QM5RYFY+HxLRlPaHRIwBqZzVg
+Bli9Q4qGUin0oeFff1luykp4Fp3aBNlh1KPqaXJ/G6r/yAdRE1DBPn2b93Dcul2U
+qSus6lbgPH9dke+9giXyN+ss2a233T68hnqviY/5Ml6c0EEMjLeEXinpT/y1XPT5
+gjK5Ne2ECjIjMrWkscjFoBa1d40hj1OAxKGkZe6vCoQdNDDjBzXOFo5pe7chkVYm
+wtc/eQ7gsnelymCIFTCPZaqPnZ/QUD0qm09hykMZuWlYG5h3Q0IeCHwwWFLUs+vR
+op4o3RuW/fko/XbY7JEh0Y1CTPUFcC7Su5rFyOF3XU5fwqufwHVREW7qaw7UvJPe
+pJXj0lJXrHTFpuWilD/YQw5CjHWtDGnRqI7nSXcrOK/JrEN3J5CCHWLmMaAbF75+
+Yywp7Bs9S1I57Hoq/Egvvc7ZHyEC+yxu2UAUxWrOILwM5K6HNdLaX9uVUPPj7SyT
+rUJbr2X++EsK3GB/3Ug4iND8pKr8XweXz663Qz2H675R4/GMH2NDKSSMlCMCAwEA
+AQKCAgBHktNgJ+0TEVQbS7JabYcVlb0kKfpajoUH3I5KXeADQexgcuaCGe3j4FL7
+UX8EwR3BhDOAQ0i8t+Q+EeUdKnibd5uDxvzcoKB3z0mz641UQIuWTUsWT26s+ZFh
+cCJngPbmNIQlivMFzZv2qRBJqVn0rt5+HKz+wjPyI/717gV73p5r9aVkmGooV6+C
+sDXx+T5FTD6pnNbOB+Paszby+rVwByzcLSCFaaltHb2GrBfW38j5wZV7Xo2+aIgP
+IoGY7kDz6kbeLPoGlfDRTqbQgXnn4YAuUOaa09Zl934k1vx2+mE3kg9iO5p+Anhn
+KzFwszxY0CtWFfeNzeJFrQ/cQ5D9micMaTVB9zyizarkXGgHOoncuIVBVgV8i7gA
+YxxcR2jsDhySoUXcIMFWxxMVR66dx+gK4FUB/GOX26NMcvj0FgjQkUWCoDKivUSi
+9ClgH2/r8bFS+nNEoWuJ23LqUO2LtGDF1z2PXSs8SVUd2SPTHjlnJ6nSFbrtrfkw
+GMUov/QizIn7GH0IGUJCU5RZq3VUs5SdJqr7Glz8yjnbFacTfSrXdbLjD7toFOE8
+tNOJrAKI7mBhH9LsnQ4E0RRjpX/6GozVO6xfeNFWKsx4ocZ0T7wRjSwb6Pi/lVf5
+9VZwXgI67MJA8Px6MIGUDkPOOo63n1/Zs4YY3Pl7qKAOGr898QKCAQEA/1B8O+qi
+gXbTcXCAEkmQimhQDlrylBunucWTKPLNFLd1qiAwAlx9kDVHH0GV/lxqEKh9bm00
+6OOqHpEYwOoHFWfXr0hX4+FK86fI8SCZ8TPbMWYkx7567yAwl9p44mv3wHbwuVCs
+EoyQS5EKCfcOL/pLF7OyDMMWaHNLx24C+g7LRpim/NyUPQjTxmRBX4rd+4qFBIKH
+1Ksan+7rm/yzY3VZCtwLzqKQntsOPrdYO0vPYpq5lieIjSsz2v7uFa+QgHVaaupU
+UYEK3tpEKfLS+iLNA1aEmmlVfkFc3qWeR7y8SFN9TedBVLGg6gwjZ1kf5Yo4Zfgf
+FU/0XmuL0g/JmwKCAQEA9AlJKwUBtMEeauIY00gNCdQVN1oxsCrxa8knDMDWl9EO
+KEpoA6ilepROszlxj7ejdFBxHqnI0h4U6yLimsDB+LOA8ULvIhTYOWV2FIA/zpfw
+ej34dcnA4QiM7Cs63z6r84c3JS+EVL13zZoNBdmTzsLIEy47Sqv8XP1VzI24mZ+t
+LU6LXX50kj4iibPrFgfYkA1zsfh/amY1hBXktAj4tvOMI9sugy3py1iPlpu+UX3W
+7nbUzI66bZtDguLszQWkWfMwwkHABQcjO+e6fKKVe9P/KdCH3cXz3YTK3ZK9fIWJ
+jISFymS8wd9o70iI9HT+0/d4TEd8lmOpq1VCq2XsGQKCAQA0Fvyx0MZE+bRcEaLf
+mEi4JF4o/588XoQS39+NXDRBRMjp49VHtg0cLfKLyvrKQZqWOXoV3IwN890SjXHq
+chTt5hjYNz9PS/jZy2Kw54Dg+D6BTqC0bAVy4jNn1/gP4g1TJDEq7e2dfzY1ZKsS
+q2gmm79UX6I0/lyFBPjyAFz1Ha2VgrGXJ33LEhD7ChtYXeG6X2GSMPt7hUlSVhGV
+6rHC2f9HuuthxkMRVgoK+6cxud7e9Ehm/Tvb6XOT+60hmYc23jqLU7HOSzCnlQqR
+MGyhAhan1rAJPPJnZviGqG2pnzUe4IHRMhxfJjp5Ze6XOFTMpS2qiDv3Qi/OT8zg
+F75/AoIBAARbThUYh8lEUVizJKJQ/PqZ8K8GSzDL83drJelSYAJh1xDdEzJNhnbD
+wwvsEJzyOFbRQNO9UDqAEvuHqef9XPklqz2jZkWDfcC4kP0YtQrpJ3/nL1JbAbiC
+wJFOzERECCnW1iMxz/j7UPI4t9bM5ZihXZUKFEDnBSBb3XZDaXJEqYDPkClhIo+h
+0FgJAD9qcHFR7CjXON8baAUtpuGX72jEvFG/jfsFjND2icm0ihdGWdn0ASSNv8JJ
+LVFe379hRGfesZYmOllcoUJmhqvG80g8pqeGc4aADDR+NGj0P7HDaIs7qm/MkJod
+dPAgqWFD3XDHUDx8YjsFGHhYk1IgBbECggEBAOse/fI06KcoQ3ARHUV98UsTBf4C
+eLydlAkdoyJkJ+dIqFmqRLmNzOolfzfEJkp+YO9fU6KU5+mF2PUxGcU6QhUOk2Lz
+DF5ARFeZSNZ6UmrFdm3QGkBHE7u+iRBjHhrR80PjE0qYM7Vjqg9L1k4hr97ccrj9
+tNRSEqPtR7XA6QfAx3RBlJfQXAmwLeSuGC6Sh0Q55UYhHegN2IblFcYdoxYr68uD
+pMpypdcgbClKBaxCIvcKvbPiziHsAU2VZnLmCOA66Csqv0Tw/IjUops5EegIJ6LT
+29QsXgdv3E/Wb6yQF9vS0LRWBjEy3/FRwaxs6acqslfBT3QKQMSjDADTCKo=
+-----END RSA PRIVATE KEY-----

data/vendor/xmlsec1-1.2.18/tests/keys/largersareq.pem

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIFEzCCAvsCAQAwgc0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxGzAZBgNVBAsTElRl
+c3QgTGFyZ2UgUlNBIEtleTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEA82H5NlSuXRdoGxgoJHJOOV2/IBfIfCBZ+6NC5Cy3DW2XfuGb
+ulnD5+hk/3Y1WOCQ+isTkl+6t39UJW7OzRujeJI0MX+d3IBhPHJpbbg1qPgfA2zl
+10FTJISKcnA84jmL7HCd088uCPYFgK82j+2O799QM5RYFY+HxLRlPaHRIwBqZzVg
+Bli9Q4qGUin0oeFff1luykp4Fp3aBNlh1KPqaXJ/G6r/yAdRE1DBPn2b93Dcul2U
+qSus6lbgPH9dke+9giXyN+ss2a233T68hnqviY/5Ml6c0EEMjLeEXinpT/y1XPT5
+gjK5Ne2ECjIjMrWkscjFoBa1d40hj1OAxKGkZe6vCoQdNDDjBzXOFo5pe7chkVYm
+wtc/eQ7gsnelymCIFTCPZaqPnZ/QUD0qm09hykMZuWlYG5h3Q0IeCHwwWFLUs+vR
+op4o3RuW/fko/XbY7JEh0Y1CTPUFcC7Su5rFyOF3XU5fwqufwHVREW7qaw7UvJPe
+pJXj0lJXrHTFpuWilD/YQw5CjHWtDGnRqI7nSXcrOK/JrEN3J5CCHWLmMaAbF75+
+Yywp7Bs9S1I57Hoq/Egvvc7ZHyEC+yxu2UAUxWrOILwM5K6HNdLaX9uVUPPj7SyT
+rUJbr2X++EsK3GB/3Ug4iND8pKr8XweXz663Qz2H675R4/GMH2NDKSSMlCMCAwEA
+AaAAMA0GCSqGSIb3DQEBBAUAA4ICAQDW+eyCOkDNCtpO8i8ThqBMA++0WmnY1T8Q
+3tSFxgne8ZVz+/2fERcB7ZuPLH7+Uu37cdsaBP0Qq5jRqe0WiMlrOiV7sdFPDPnV
+uuiOCbSrxSc1FfmuSmtx2XnKZHCGpyRmArASvlN15PG+e8t/rN3EeqlAMeDnHyng
+ODoWXY8WxwNC6Ft8H/1duVhM0yP0lvLSKwgrUx3jU+m9gmWZADnQN5DZo32MJr/8
+KEJrjRYJQQ1oZZ34VNLCrZgutyH5y/A8dSZRpy99RA8PJ3trd1HWN2VMQesIhuKs
+uS0rZLdFov0JbH1dGe1V3DM7Omt4jvhZQ4wje6JkIDKoguuZ8izX1iZ+hfNFSxUx
+vREmTvoEMmOagAbg1OGfexbTMhQE5YcoNK8YdJj9xKIcD2Oj6TnWHX6p9JclAlIV
+LFxnXDsXHIRb2weoPc942PXH3yavHRWaguYAhDHYxb3TSPm5JDHKr6i7YRKCueV/
+NB84mhAGd40SKUCFGoD6wSWhKWG1KrBUNY0X2Qp8M71ZfWN4SF0sjcwB2XQQp6yr
+0mvxXSbMhtr4bSGKB5RECJRM16DaJ2VapTJ3Pr3S4+bZVkxUq6KCJZY7rQeyk7RP
+6U7k0u5XKUOgEmH93DL7ac0FMy70hIyaAiG4k3jE4P6ewqBmsWaW3OtT3RWtBCNd
+E8XvfdMyBg==
+-----END CERTIFICATE REQUEST-----

data/vendor/xmlsec1-1.2.18/tests/keys/merlincert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAwugAwIBAgIGAOxN334jMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+MB4XDTAyMDIyODE3NTI1NFoXDTAzMDIyODE3NTI1NFowbjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+MIIBtzCCASsGByqGSM44BAEwggEeAoGBAIprqepZpIuKwJlLLSm/8XQUTFjbUPqQ
+zfe2ZywPV95Sm5BB7WBco0N7gHLYFUie+YlUbisc+Am+Uc1ZtuRGipiqvK4n9TLQ
+SIuo4wycZiHTWhChvc1U3/YIicdTfSNLd6IdXwFWQ0q8ysyRkNlrw3yHxR3STLQd
+wtFShpi2Ue15AhUAxDve3j7sEnh4rIzM5gK+5/gxxFUCgYA0u6AB/ohknGjcEI6L
+nKsYRXC2UTNdyed1eF3RPPfwKdApzhIS6mbg/I/lOYu8rrhMN84Puyej9bmgjUpl
+2KZ9bZziv/rBo3NlK+Jww5aEthjrbU2fqeMFzxU3CjFanMJeEqbvRvz4Phhkyf95
+TkM3x2+FO/9s0rbUV8mqOnTfdQOBhQACgYEAhiDEE1r/AVBPgmBksGXqTRTHYhLq
++PE+lUD0zi8qUQTIsgIyjoWORG8HG9XoRl/4LxXVUP3hiJSE78MINC61m3ef6Ir1
+lbWo1lSUY9gi88Gy7TJMJrkpCwgzeNgUL5U/ZACwup8lM0D04Bi7lxZ7Vt4fqPMG
+MoY2QUwG2H3SUTGjNjA0MA4GA1UdDwEB/wQEAwICBDAPBgNVHRMECDAGAQH/AgEA
+MBEGA1UdDgQKBAiCOqKyJnVZWzAJBgcqhkjOOAQDAzAAMC0CFQCGiGcFnv0ZDYOb
+M8Ebo7XQJrgn2QIUa0pkSOjcyp9B68ZDaxsMLIpuVwM=
+-----END CERTIFICATE-----

data/vendor/xmlsec1-1.2.18/tests/keys/openssl.cnf

@@ -0,0 +1,316 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha1			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= US
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= California
+
+localityName			= Locality Name (eg, city)
+localityName_default		= Sunnyvale
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= XML Security Library (http://www.aleksey.com/xmlsec)
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+commonName_default		= Aleksey Sanin
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+emailAddress_default		= xmlsec@aleksey.com
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:TRUE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

data/vendor/xmlsec1-1.2.18/tests/keys/rsacert.pem

@@ -0,0 +1,61 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            d6:8e:b8:e0:91:82:2c:fa
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Second Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+        Validity
+            Not Before: Jul 10 02:33:02 2005 GMT
+            Not After : Jul  8 02:33:02 2015 GMT
+        Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:d3:d0:6d:0f:76:9e:56:de:83:54:39:24:d1:d2:
+                    3b:56:1e:cb:8e:a7:67:b1:89:96:d2:d6:c3:57:1c:
+                    4a:fa:7b:a6:7b:e6:7d:49:be:33:9d:b5:0a:91:69:
+                    7e:be:04:00:4d:d4:54:13:28:53:d8:ff:86:aa:b7:
+                    74:50:1c:d8:7d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D7:F4:C6:46:77:CE:37:04:23:AD:29:54:FB:B0:0E:A4:CC:43:28:19
+            X509v3 Authority Key Identifier: 
+                keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+                DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+                serial:D6:8E:B8:E0:91:82:2C:F8
+
+    Signature Algorithm: sha1WithRSAEncryption
+        47:e3:be:65:b0:8b:68:01:a5:8b:7b:6f:01:7a:a0:78:85:2e:
+        82:21:e6:48:8b:00:fa:e5:38:50:1b:3d:99:4b:0e:aa:f9:f9:
+        e0:dc:af:57:1f:d2:99:2c:81:6e:df:54:4f:4d:cd:34:a6:c2:
+        30:c5:b8:47:0f:a8:95:7a:d8:49
+-----BEGIN CERTIFICATE-----
+MIID3zCCA4mgAwIBAgIJANaOuOCRgiz6MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMzAyWhcNMTUwNzA4MDIzMzAyWjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wXDAN
+BgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7LjqdnsYmW0tbD
+VxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQABo4IBUzCC
+AU8wDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTMQygZMIHx
+BgNVHSMEgekwgeaAFP7k7FMk8JWVxxC14US1XTllWuN+oYHCpIG/MIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs
++DANBgkqhkiG9w0BAQUFAANBAEfjvmWwi2gBpYt7bwF6oHiFLoIh5kiLAPrlOFAb
+PZlLDqr5+eDcr1cf0pksgW7fVE9NzTSmwjDFuEcPqJV62Ek=
+-----END CERTIFICATE-----