[CalendarServer-changes] [14132] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Mon Nov 3 13:19:46 PST 2014
Revision: 14132
http://trac.calendarserver.org//changeset/14132
Author: cdaboo at apple.com
Date: 2014-11-03 13:19:46 -0800 (Mon, 03 Nov 2014)
Log Message:
-----------
Client certificate verification support (for testing only).
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/tap/caldav.py
CalendarServer/trunk/calendarserver/tap/util.py
CalendarServer/trunk/conf/caldavd-test.plist
CalendarServer/trunk/requirements-stable.txt
CalendarServer/trunk/twistedcaldav/directory/principal.py
CalendarServer/trunk/twistedcaldav/stdconfig.py
CalendarServer/trunk/txweb2/channel/http.py
CalendarServer/trunk/txweb2/dav/resource.py
CalendarServer/trunk/txweb2/server.py
Added Paths:
-----------
CalendarServer/trunk/twistedcaldav/test/data/catool.py
CalendarServer/trunk/twistedcaldav/test/data/demoCA/
CalendarServer/trunk/twistedcaldav/test/data/demoCA/cacert.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.p12
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.p12
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.p12
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.p12
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.p12
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.p12
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.p12
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.p12
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.p12
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.p12
CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/crl/
CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt
CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt.attr
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DA.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DB.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DC.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DD.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DE.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DF.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E0.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E1.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E2.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E3.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E4.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/private/
CalendarServer/trunk/twistedcaldav/test/data/demoCA/private/cakey.pem
CalendarServer/trunk/twistedcaldav/test/data/demoCA/serial
CalendarServer/trunk/txweb2/auth/tls.py
Modified: CalendarServer/trunk/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/caldav.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/calendarserver/tap/caldav.py 2014-11-03 21:19:46 UTC (rev 14132)
@@ -101,12 +101,6 @@
UpgradeFileSystemFormatStep, PostDBImportStep,
)
-try:
- from twistedcaldav.authkerb import NegotiateCredentialFactory
- NegotiateCredentialFactory # pacify pyflakes
-except ImportError:
- NegotiateCredentialFactory = None
-
from calendarserver.accesslog import AMPCommonAccessLoggingObserver
from calendarserver.accesslog import AMPLoggingFactory
from calendarserver.accesslog import RotatingFileAccessLoggingObserver
@@ -830,7 +824,11 @@
certificateChainFile=config.SSLAuthorityChain,
passwdCallback=getSSLPassphrase,
sslmethod=getattr(OpenSSL.SSL, config.SSLMethod),
- ciphers=config.SSLCiphers.strip()
+ ciphers=config.SSLCiphers.strip(),
+ verifyClient=config.Authentication.ClientCertificate.Enabled,
+ requireClientCertificate=config.Authentication.ClientCertificate.Required,
+ clientCACertFileNames=config.Authentication.ClientCertificate.CAFiles,
+ sendCAsToClient=config.Authentication.ClientCertificate.SendCAsToClient,
)
Modified: CalendarServer/trunk/calendarserver/tap/util.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/util.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/calendarserver/tap/util.py 2014-11-03 21:19:46 UTC (rev 14132)
@@ -91,6 +91,7 @@
from txdav.who.util import directoryFromConfig
from txweb2.auth.basic import BasicCredentialFactory
+from txweb2.auth.tls import TLSCredentialsFactory, TLSCredentials
from txweb2.dav import auth
from txweb2.dav.auth import IPrincipalCredentials
from txweb2.dav.util import joinURL
@@ -360,8 +361,7 @@
except ImportError:
NegotiateCredentials = None
- if NegotiateCredentials and isinstance(credentials.credentials,
- NegotiateCredentials):
+ if NegotiateCredentials and isinstance(credentials.credentials, NegotiateCredentials):
# If we get here with Kerberos, then authentication has already succeeded
returnValue(
(
@@ -369,6 +369,17 @@
credentials.authzPrincipal,
)
)
+
+ # Handle TLS Client Certificate
+ elif isinstance(credentials.credentials, TLSCredentials):
+ # If we get here with TLS, then authentication (certificate verification) has already succeeded
+ returnValue(
+ (
+ credentials.authnPrincipal,
+ credentials.authzPrincipal,
+ )
+ )
+
else:
if (yield credentials.authnPrincipal.record.verifyCredentials(credentials.credentials)):
returnValue(
@@ -482,6 +493,9 @@
elif scheme == "basic":
credFactory = BasicCredentialFactory(realm)
+ elif scheme == TLSCredentialsFactory.scheme:
+ credFactory = TLSCredentialsFactory(realm)
+
elif scheme == "wiki":
pass
Modified: CalendarServer/trunk/conf/caldavd-test.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-test.plist 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/conf/caldavd-test.plist 2014-11-03 21:19:46 UTC (rev 14132)
@@ -444,6 +444,23 @@
<string></string>
</dict>
+ <!-- TLS Client Certificate -->
+ <key>ClientCertificate</key>
+ <dict>
+ <key>Enabled</key>
+ <false/>
+ <key>AllowedOverWireUnencrypted</key> <!-- advertised over non SSL? -->
+ <true/>
+ <key>Required</key>
+ <true/>
+ <key>CAFiles</key>
+ <array>
+ <string>twistedcaldav/test/data/demoCA/cacert.pem</string>
+ </array>
+ <key>SendCAsToClient</key>
+ <true/>
+ </dict>
+
<!-- Wikiserver authentication (Mac OS X) -->
<key>Wiki</key>
<dict>
Modified: CalendarServer/trunk/requirements-stable.txt
===================================================================
--- CalendarServer/trunk/requirements-stable.txt 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/requirements-stable.txt 2014-11-03 21:19:46 UTC (rev 14132)
@@ -5,7 +5,7 @@
# For CalendarServer development, don't try to get these projects from PyPI; use svn.
-e .
--e svn+http://svn.calendarserver.org/repository/calendarserver/twext/trunk@14114#egg=twextpy
+-e svn+http://svn.calendarserver.org/repository/calendarserver/twext/trunk@14131#egg=twextpy
-e svn+http://svn.calendarserver.org/repository/calendarserver/PyKerberos/trunk@13420#egg=kerberos
-e svn+http://svn.calendarserver.org/repository/calendarserver/PyCalendar/trunk@14025#egg=pycalendar
Modified: CalendarServer/trunk/twistedcaldav/directory/principal.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/principal.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/twistedcaldav/directory/principal.py 2014-11-03 21:19:46 UTC (rev 14132)
@@ -59,6 +59,7 @@
from txdav.xml import element as davxml
from txweb2 import responsecode
from txweb2.auth.digest import DigestedCredentials
+from txweb2.auth.tls import TLSCredentials
from txweb2.dav.noneprops import NonePropertyStore
from txweb2.dav.util import joinURL
from txweb2.http import HTTPError
@@ -203,6 +204,10 @@
returnValue(principal)
elif user.username:
returnValue((yield self.principalForUser(user.username)))
+ elif isinstance(user, TLSCredentials):
+ # FIXME: for now we use the local part of the emailAddress in the certs Subject, but we may need
+ # to lookup some other attribute
+ returnValue((yield self.principalForUser(user.username)))
returnValue(None)
Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/stdconfig.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py 2014-11-03 21:19:46 UTC (rev 14132)
@@ -367,6 +367,13 @@
"ServicePrincipal": "",
"AllowedOverWireUnencrypted": True, # Advertised over non-SSL?
},
+ "ClientCertificate": { # TLS Client Certificate
+ "Enabled": False,
+ "AllowedOverWireUnencrypted": True, # Advertised over non-SSL?
+ "Required": True, # Always require a client cert
+ "CAFiles": [], # Array of acceptable client cert CA file names
+ "SendCAsToClient": True, # Send the list of acceptable CAs to the client
+ },
"Wiki": {
"Enabled": False,
"Cookie": "cc.collabd_session_guid",
Added: CalendarServer/trunk/twistedcaldav/test/data/catool.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/catool.py (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/catool.py 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,172 @@
+#!/usr/bin/env python
+##
+# Copyright (c) 2014 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+from __future__ import print_function
+from getopt import getopt
+import sys
+import shutil
+import os
+import subprocess
+
+
+def newCA(caPath):
+ """
+ Create a new certificate authority with supporting files at the specified path.
+
+ @param caPath: path to store CA files
+ @type caPath: L{str}
+ """
+
+ print("Creating new Certificate Authority")
+
+ # Delete anything that exists first
+ if os.path.exists(caPath):
+ shutil.rmtree(caPath)
+
+ # Create directories
+ os.mkdir(caPath)
+ os.mkdir(os.path.join(caPath, "certs"))
+ os.mkdir(os.path.join(caPath, "crl"))
+ os.mkdir(os.path.join(caPath, "newcerts"))
+ os.mkdir(os.path.join(caPath, "private"))
+ with open(os.path.join(caPath, "index.txt"), "w"):
+ pass
+
+ keyfile = os.path.join(caPath, "private", "cakey.pem")
+ reqfile = os.path.join(caPath, "careq.pem")
+ certfile = os.path.join(caPath, "cacert.pem")
+
+ # Create a certificate request
+ subprocess.call("openssl req -batch -new -keyout {keyout} -out {reqout} -passout pass:{passwd} -subj {subject}".format(
+ keyout=keyfile,
+ reqout=reqfile,
+ passwd="secret",
+ subject="/C=US/ST=CA/O=Example.com/CN=admin/emailAddress=admin at example.com"
+ ).split())
+
+ # Create a CA certificate
+ subprocess.call("openssl ca -batch -create_serial -out {certout} -days {days} -batch -keyfile {keyfile} -passin pass:{passwd} -notext -selfsign -extensions v3_ca -infiles {reqin}".format(
+ keyfile=keyfile,
+ reqin=reqfile,
+ certout=certfile,
+ days=365 * 3,
+ passwd="secret",
+ ).split())
+
+ os.remove(reqfile)
+
+
+
+def makeUserCertificate(caPath, user):
+ """
+ Create a new certificate for the specified user and sign using the CA cert.
+
+ @param caPath: path of CA files
+ @type caPath: L{str}
+ @param user: user id
+ @type user: L{str}
+ """
+ print("Creating new Certificate for {}".format(user))
+
+ keyfile = os.path.join(caPath, "certs", "{}-key.pem".format(user))
+ reqfile = os.path.join(caPath, "certs", "{}-req.pem".format(user))
+ certfile = os.path.join(caPath, "certs", "{}-cert.pem".format(user))
+ pemfile = os.path.join(caPath, "certs", "{}.pem".format(user))
+ pkcs12file = os.path.join(caPath, "certs", "{}.p12".format(user))
+
+ # Create a certificate request
+ subprocess.call("openssl req -batch -new -keyout {keyout} -out {reqout} -passout pass:{passwd} -days {days} -subj {subject}".format(
+ keyout=keyfile,
+ reqout=reqfile,
+ passwd="secret",
+ days=365 * 3,
+ subject="/C=US/ST=CA/O=Example.com/CN={user}/emailAddress={user}@example.com".format(user=user)
+ ).split())
+
+ # Sign certificate
+ subprocess.call("openssl ca -batch -policy policy_anything -out {certout} -passin pass:{passwd} -notext -infiles {reqin}".format(
+ certout=certfile,
+ reqin=reqfile,
+ passwd="secret",
+ ).split())
+
+ os.remove(reqfile)
+
+ with open(keyfile) as f:
+ privkey = f.read()
+ with open(certfile) as f:
+ pubkey = f.read()
+
+ with open(pemfile, "w") as f:
+ f.write(privkey)
+ f.write(pubkey)
+
+ os.remove(keyfile)
+ os.remove(certfile)
+
+ # PKCS12 certificate
+ subprocess.call("openssl pkcs12 -export -in {pemin} -out {p12out} -passin pass:{passwd} -passout pass:{passwd}".format(
+ pemin=pemfile,
+ p12out=pkcs12file,
+ passwd="secret",
+ ).split())
+
+
+
+def usage():
+ print("catool [OPTIONS]")
+ print("")
+ print("OPTIONS")
+ print("-h print help and exit")
+ print("--newca create a new CA - delete any existing demoCA directory")
+ print("--newuser USER create a new user certificate with user id \"USER\" signed by the CA")
+ print("--users N generate a set of user certificates for \"user01\", \"user02\", etc. up to \"userN\"")
+ print("")
+ print("Version: 1")
+
+
+if __name__ == '__main__':
+
+ caPath = "demoCA"
+ newca = False
+ newuser = None
+ users = None
+
+ options, args = getopt(sys.argv[1:], "h", ["newca", "newuser=", "users="])
+
+ for option, value in options:
+ if option == "-h":
+ usage()
+ sys.exit(0)
+ elif option == "--newca":
+ newca = True
+ elif option == "--newuser":
+ newuser = value
+ elif option == "--users":
+ users = int(value)
+
+ if newca:
+ newCA(caPath)
+
+ if newuser:
+ makeUserCertificate(caPath, newuser)
+
+ if users:
+ for user in range(1, users + 1):
+ makeUserCertificate(caPath, "user{:02d}".format(user))
+
+ print("Certificate Authority operations complete.")
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/cacert.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/cacert.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/cacert.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCjCCAnOgAwIBAgIJAJcSURX8QvXaMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNzEwMjYxNzQ5MDRaMGIxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNVBAMTBWFkbWluMSAw
+HgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAv8I/m3GSQLIXXYOdl+u00iM69OcjD3sAPqP6fRxXBQgxTKcd
+0vtuxIjsEA92Ou3JDdHa5PGuvzNqQCNJARn7rDkvd3SLHsBPONXMvDH1HY7X9oXp
+o1x2CsqPM2b1rlimjoON0ohAZu2+hmPbPyX50pdL9p7SnoJOHIVdRuJqbS0CAwEA
+AaOBxzCBxDAdBgNVHQ4EFgQUHPXVEDPKfX5kTieJKO9xcWyNyfgwgZQGA1UdIwSB
+jDCBiYAUHPXVEDPKfX5kTieJKO9xcWyNyfihZqRkMGIxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNVBAMTBWFkbWlu
+MSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbYIJAJcSURX8QvXaMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAXKHxL3x1VwWWP5ViO2u70SS2
+ADcdxGiBAm2NTGg5eR++uFQI0+u8zwH87QhAlkRKCbafuAe7/EgbVYUCJDTkl2tK
+xSGBk6mzLqNk/Fz/FLb7Y+raUxr7+bkm1VLBekQIGwLqi8CNvxQBETNLDhg/tOF7
+4quBBA/7T9Rq6OPZIoE=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.p12
===================================================================
(Binary files differ)
Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.p12
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,35 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CA79E26202AC4534
+
+77/5R/ou0mkVJtIqweVpynb6IjTxyqIAb4pLq+meAshIL/p3WYZCPUunin/+uE6E
+31ubEOeXuREgB2Ood2QCgsMwrFcYhqficMhmMUZhhLeeVWflevggmv/6PWG5ZTCX
+kJ0/YBSefvgS7cBmmV3LTgW8TDl7RiRHGmS1RS/qmtXNam/w5NYFGriFvBqfp5cD
+UixSlypC4mZPz642P40fowNAM/OFcK+kBUoIXRX0dDXD7GJj8BQtjNz2B8Qhx+u9
+GvmR7ux796aykCj41jpX0WejzFbf+ZQJA9txkT38MVLU0yRZyaERMAdwl1fkqlc8
+RJlr4DwwZ8EN03rBr2EoPfLFiUw5YutPdNEwgdcGLQKAd0ZpKfmjTWEXC9eia49a
+fmiS98nNObJS9tHnoN6gDdOgM0VDuAgCuKsX6UFRiViiQGKqWjcjD9QH5Go0NU5z
+iH/hWjvFF3SJbYtgXQ+qi9pPZYY2RbtNmG0wIvT73FDAb3t98RJmAgqnzolntWIT
+V53/rmmZmPnfGn50v++KERFxuKK+kQXqAfrnODZbmnQ1l7TbOXwX6H7T2BMezkvk
+Zgb/Xc6U0CefM/QyRH/JfdXEst2OcTfm9mScCy0OeXtjL+9wyoTYDrfaQhDEwHXT
+mdXT4AuZ7poXZ6u5t2OO37izvLh95xZMmPuMiOtX9UZ/3Zh5OwfpjnRQ7lEVaiZ1
+HAX7xqE7RaAB4r4A9z9+lBGdflG3Ts34sy7238UUCIA5zLPaI7AgT4d+yg5TeEs2
+jqhyxF6DvgeYrMW3XLhVRDAd65TRizKNpHnq0oCKn6vbYl3DaXaaPg==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXbMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAxQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDG56G+IxGs5Xd9RqZOecBdAn3LHofqSWTLzqUcqSfqpE2z
+CZxogT7jV1bLezMER5HxtJFV09264e4B5mT73DYAmyheVuit4aBlOz2ezEhat9ZC
+ObJLPwbyfDCXQTu8KnGPMFtSZlxjATamnn5lQ+iW7P8+jt955Z5JzVPaSSRA2wID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUWdjDxNhAvXwlG1b3YBuGgmpGWeQw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAiZyBco6Id5qtp0c+x1Raw0LaSJbMJTZ/tgIEczLDsCfL+EFG658nD8VIMGZe
+1ydAnkqMhk3k9dB5gixLj0O132UtVJo7sP5p+ugwWDH3EIbqqGLHW13lLevMDeVm
+R+Xq87AU6pdDIXYE2jkg79f1e4tAvfJuAzYmwzEkO9wvfyE=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.p12
===================================================================
(Binary files differ)
Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.p12
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,35 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2F17A8147D51E9AD
+
+BcQhRWO/Y8AkRyPoAQsMmqm5OFPZY5d/xwnyM//8qsCr9eMOTRM2PSLBfiprDY2+
+z1ZGL5txfcFfjfbjtADAgMlr6GvfHYs0wg8n83t/Q4Rs7P4Ds1KS0+DfkreEjgsJ
+uPeKO4dakJ/+WvJ3lCSGl24mtICFH0toq6RZ0lLs1JvXVjC3srVOydvIPX/fMoQ4
+Se19P4K5dDFKUH4EzBz/aYg+GCNQxOQpgLCuLAwzLAHUN3ZFDkF40uGBjYQ/Mf6y
+L6rsBZm0klgpXCZx5x8ZH8T/ouZncb0w9SHEWy8HZ9qW8scj8Txc6rGRQKtsk7y9
+qlwwxc6J7W1KuRErHiExRLzCTaW3GYpSM9bP+7xxU9sglDBqozIjKFM2cQaCJxQM
+ZMfvf6U0y72MUDXQwDk0JnAqvQ215cZmXroZGZt11zoNYObvV/e7zadbSb1ioXu6
+PlqBV5ZCpIxd4mkZnYAId198eoGIDQ5N9//VT/sFiQX1v/2GG1q1ZwYWdXQpgtmJ
+H744YXxofddNLicHmDEkHtEubHS1FRKue9F/JDWPFS6zrsvpa1GaHbTgeOKiCXcJ
+edHXKMoa/iyKsFWwFtfqyPm+wrUg8tyAFRqBO3vuqSDB56aol9bTSRDhFH+jyyb5
+QozXXqRgiYNUhNvPNISezmQC8LBmi1ubWkrDVvnLIB2y682hwvSU8Ch947s5r2Ka
+v54VvmOofKzyPNoIre7prLfw7gTz0G3wbKbFQJihi2QeQLzQSgAY3wNKrvMz8tRC
++7+cjHnZ4Cp/Q4F5ZAxjyl6Dm7ngkxDTbog4XNTgWI3KUwE1YigeVQ==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXcMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMjEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAyQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCkE/v5XmzRnOStXzP+7h8ART9eUp1c409g1nlxxVArdGE8
+QJOojh7Nr/02YZExY0rGgHRPHobbAzvY66bXFVxM9s4p2f0hO2zE1gpLkfYvbS5Z
+7b9uAfef4z6vOYuPl/CmIlnqh/IVFXF0UjekGaG08qhcEsXkXJfeTtB1uJxeLQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdR1jGv8wId5o4QF+z8Vsdgy7vr8w
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAn6QRQk5i6q95Mt+xQwp0IiIHAOWxYLaQitXzDbHnvhR/hBy5gjt8TDTW4uWU
+3hiv+xNgJ/CMV50a7W9QtgoLQX8bBigcNdsaNI7ZvYvEPUU8V4u6WdgQbiqWof8J
+Dw0IdqLmkHwtihXOI1AoJa63/RMdMxivBc6VeUlyIfCRxjw=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.p12
===================================================================
(Binary files differ)
Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.p12
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,35 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AFF718FC4F40A11D
+
+s7mzrrHYbBWuh4vNoyIl99yXFR1OrRZ1P466Pm5EEi4pNfq7ifVOyV0s1VaTJM8Y
+cEqyRAPjx0C11Tny8X5Xn3aPl3DVG9IyrDXRvCdR851AW1iTZDxUlov58QDBqXZ9
+9TlnwozghZWKFfFyGjfxISbPw2z5pmZ/UvulRzqnBWsUCeLxGlACoGEDbk7r0OSF
+mpF01NeoLhLBhd4mxXwnAImK4QVNp6ZC7Q928H8dMmZI71Xh/u+8KCDFNdG+Jcsg
+GP3tYfqkF2d+qqKMktzY9Ou+cWuDy0TZrxrHVVSV4cl0RHa7+hegfN5ZQd/WtV7N
+dEa34eI0sN3CmD1LD2i/weXKy5wY8OGZpnyb5s1fZ1nzXXweKYgLDXiIp+LRdcIU
+E0MnErRP06Qp8WcFIOzC7SQwhhGJIxikwek5mYavFixsAO8vmGk484DWIj0IYG/H
+RXYu5UO7soghBAdXOjdp2+k+hRORM2gaSP4yZWDy4SYYZIhKzUdzY5EuAxqKiBvc
+PTCfOZajHWkvRCT+26twi0fbDvwTiRlHXGu0xd9HWY1/NFQ3kyc/PBHohX6C5JDU
+/UGHXDIdZgtxWs4WI/K2Yh3PG0kpN8U2Q0XeMCg8YufngQmKAbkEQUpQsd9jGoms
+4a1HdhkTYLD+RqyjVHu7DCNtP6T0HF+75d+EO/XZ3wi9ZDRbxjbVw4S63YT6MSUp
+J5rDXrkBgWa0ybwKjAoyyzlEOBxmI9yfvMwfU4v7Z12DwboQI8zNYejOVyVJZ6/9
+nFIYiZjC5NeTisyO2rk0JnBJBUeqncnXzT5UsVmf1gsXHn6+PCR6KA==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXdMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMzEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAzQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC4yj+8f/h2iZD14+UijQLJhllAEbQZU87srh+p9uVr1CS2
+DwmWmFqfi+IP20zMN8aibb3paAyvgWM/kwZcm/1YDDDQnDnFIGPGkv4prd4gSyEq
+Xw3ldiB5PHLsXB7mgmEuDZj6MC9xLbgyLLi1jEjMj3CD1ZQjJQ22+TEZLLZ42QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU11jiW6Vki5eaRyE5Q8BuuYJ1yjgw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAde5YCtNzfnOheO995M42QC9y5DlZ9ovFRw9vGZrDSwWtgAHa6paZvnMphLrl
+TIqseCjtm9th8IaTM9NYSxAmIqSd8VFIPeThLrwB+QgGZSp4LPY8vX1kV2dkfZoY
+nMgaVGroqVKtyQU+pPP30J3QaXnOL7GLhqEMHpURG4zLDrg=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.p12
===================================================================
(Binary files differ)
Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.p12
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,35 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E707D57D6DFFDE04
+
+6fC3nq0bjNF6Gz/aGzc9kQD3hI4iNS/mM3UayhKckbq2wSiaDKmXoxpz4BDN0YDi
+KpFjUjQ5pzQ4rfg1QoYwrEkZEa9fvToKZz3G9Z54Nuq+vbQ/asEsti025z4oufUp
+ymO0xvYqbmB/Y/RwTLfJF1i+tXwGmF7ljBNKW4pj3TUG08QuBeksBsVgmSyCywE7
+tZheu1GmJ1hVmMyODdjwZbq+WXGINAyvtWTk50sybxWF9UVYOgwfZkiMrA5vv7RF
+nkijlsGbaKgQDh+WoPRp7cLLnxmLTN8BkxU1q9i4LLad7GmRFmqpy0+aLXJTjiXJ
+FUhiWmQm6X+4q7tSGQxNpbfn1a/keAoo8IcmRoQNR1FHhM3gyVwo9rLtCMlUBKzI
+mGzwr06cOViBhUlEiOori8ixsmmdwhzpA6OB1g+djegBqlQBH9g5nfkiqm1cLR78
+4mJazdPU9tenAflTjnwNBFEZ7Svqe6+iILkHlVEB0RqYVVAGjV7gW6D5dHJPgOeU
+Q4u3BXqCzi8+9UH+Z/8+SQHQtVFlt5EucA2y5bYene4dhyZ0W2KCkO4JvwvXpDsI
+g7cCxvkJniyj39woF60F83TpYxvklM6XgOoa8cS45GFAIe62K4xHC2zNYY/BWJHJ
+Ry7y3Q1Qq5yMcokaYOzvJW67TJZjA//UEKImImU8aJFK6yoMyTjMxpewp81LioD9
+QVyk0/9yErLI7sCfc/IohA8M0lgYpuXlvyW4scsS8hul0r9NLtQq7wwdHPmKvgOI
+lcK30w4sasdZzda5yWygLD2T13xGt4f/g8vcLSBva/s=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXeMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNDEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA0QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC1djVn/b+c4eUTdtLI0hTaOwa/TI3SdFO40qyWnzDduXjf
+qqgzZnDd2hirFh5ws4QGO3JWIbFaApKlWpoe7eUkkPI9kHmqsXXjb1YgTkt6me71
+LHufTZ8WpU9ZqzJhT37GJ3YX9Eq2S1iPtygvXeoM1eSx3rDwiXL7FHCiNqtt6QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUzwn6HO0PK/T80cWF4hHC/7mFzBIw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAcGuNpkrftcBkXTb7yCQZ8irMrchNZbizv6htCNKnrWldIdX7qAGTJo6WdWLO
+zHKtqmWL2PQMBPCY93thdh4dfBjpFzWYE2ScoQ3I9B8s3CGB3v7GwwI6kpAw5XZI
+Gkfbd9ZiTUDD2KJfPEGfWZrH9gcXwciUXHRLF0Qx27OM+OY=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.p12
===================================================================
(Binary files differ)
Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.p12
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,35 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,30FC302A7965C27B
+
+Zk63Tb5SD+e1SrtWiGZ+UYBC9phMdgFk6XEaUhI/9a9ZpaPv3tJ3W08OwpBT2tN9
+6rizOmMQM0RnepcmOdsrUIclIrxVPFAsaOTi6JkQB7aLNnfHBHRIUfsx555HaIXP
+u8VU5aqghX/MLpUHrsCZFXKchbx/yiRQh2nYNmlwprP8MMTa/OJFImE63JjQNakl
+UbPH8qjtMz+sFr9hwOuxLjv0/t3myRlOkjEzOkvKpIcswKYp+tL7Ucbi1l5/43qX
+NKKLogD31e4WSr5k/R0DrJ8fXP9BQRHFDBe4XnHLseQRFEA6WpAhNoq77OXwM80Q
+uIdPvkQzcT01dLGx5TZhpy1h4CSt5RTPIoyz0u3u/c5AHnD3pdarBnM6sZxuABW2
+0IYNdJffOyxpRD8TwVLPQxGiAnHugOLByzO0zozRHhZngf5r/96Q2hPoHJBoX3a6
+LrpbedLA1v8r0LQsuTB+ldqiNOfJArIJQoemfMdvf0FqVH5CjoDA0eXlX7wOS9Kw
+aDbi3HIIN37jYGshC8xOO5thFxCaCWprD/IHhNacOnRgVaTU4gadoVnGzYpXt/vx
+pizON3eLaRqhNI6OC6mqPa4VEEOtZg74+dNVaH7bK+hXD/3sR/0HZLaKqH2fizhe
+kA9YosVrH93BsxTpm8CtNJXSZY024cYra1uqdMEFVVvSjLzZbz3LJiKzrc2G7OtR
+T+5YNqMJAyqtNWseEX4/SveNIiDRpmucIHbbA3KVD4Eymcklja7BuFEgW7C/yLZv
+BTH7H1A1bWvel6NAyRc2m7G8eyxxnZZqKsAIj0pZD4Q=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXfMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA1QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCuhqverBz5ABiO21VAJHcT/hi/t8TmI8dlHWcxZyUtllBY
+MVb1iCOgj07drBh69hAHhsCuNnerjsZ0JzpSppC9/xx06sDtm1F/BqKcRVCYuq3z
+cos1OeVT8+7VtCbtPZRPzBtL3dLPH7DIIKnAZZuOqSWOmP2gXqoKtUJMJwHGqwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUCarYPsCG5CSiAHKTGMXWboJNWWUw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAuJMTCTxRpWyR1BSdRYFB2Ke2HjAyCZpUY2Ay+PypHa1LJSKHb4M3psfFtZl6
+Jl7FtJL1Um+dOq44KQ9vxvadhjodUcOJ086rzjBraIOEtpV7sPK5tYaj7p8+RATn
+VlvM5HvV+/JkDXkdw6gUqmUIBuJt1SKmj+1xJgrWUnmnbTE=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.p12
===================================================================
(Binary files differ)
Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.p12
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,35 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AB60544FF549AAAA
+
+/P9rhhdZp4+AS37YZD404k2hUp5GnYft+Ima23PpFt3WhTWVlGZrvmluS9u0aEoy
++UenuOnIzjdRyw14VSItu9lqMi/7GMhSHcbIA13+GZTztVNPf90USOLhkZcaZmz7
+S3x13Pu2WIkKY+AJxVqbpKxukngvJuy+HL+LMCIj19IP/PYNmrG3Sda/9xQnVRSt
+IACbfggPNsL7fMmnsiZOTqZQUrD00yOoIY5+qGGxI0YaGyeMBtvFI2KVL4jSW1W2
+ks3Jl6rdvD2KZtUQWNdKMsD4XPW/VeZ4cVuuIBHFLedd6P6p6hkMk/zfo/sPfNVv
+dJuiwrbjqd7piS+r3GNvPbSLAz4Eh8tp4UTPaKdUeYpycwtFDh20tfQVFpMfcyae
+hL5WA59dppeU4KiFYjaCLluyNNBjOYjthpLnLJvSLKoerhOXMLD5Nh/0tl5DKYkr
+DOS/du0DSK5dSEHwK/R9gCeuJFPwlfrfyuSE8443B0XdP/LOyXfGZhscA2TLGupH
+NrLoW0b8HBDc2FvsqcMvqhUps5Z8PNCikcnyh7Owj4YefE35DraAhxJQKTE/4pTp
+6tlKuYavKC4fEPH4n8sCZh9iThVIEIZcncMbGjupqmPoxnV43k0wlJA2KkYCAkCg
+jlojjWgEtoGYlYkA8m7KS0C6MQbCYWzTB4ZMX0fJHi7FprGRn00+Av/o8eMozzOM
+2+HOKeGPVPge26DfCG+/i9SRJ1V3tyfIvXKMhuLBIaYWN6Gt/Ml4kWqfS8XFooWh
+5PM+fgSgE4C8nSr0xvp7V/AhjNC9Ic24qTviG94WLnk=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXgMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNjEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA2QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCZkzb7OR9IRFjlNMS+PmFqm7KK6kPY7THzCLI4k+Ek6Jij
+uwhun50ACy3PGIonBv0/Xj0xnY/ZVQDElvul5LdCzvYDwk3N+z0Y3JXb7gg9Dp6g
+85K51eNrags59/VslGyteb1wW7zGRBpq1TXxEXFd+RxRsBqA+4jj5jOMUCUDxwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfUUjJDftXIX3ClcXyXX8pmc6PUkw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAoYkQhoeDSIOdVypiyBQ6OygLYGBDgaU8pBt9n5miteOMSqj1ezVlXyA/0c1u
+ETLB03QfnB8RfGHNLp4zBcE2VfwEWs4z4D7h4KQOIjqyl9bChWhPMF1xKmHQDiTo
+nmz2GGpMvMMqMGKIj00XFjjgqF8ESEJlN91YVFbEPdqHwyw=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.p12
===================================================================
(Binary files differ)
Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.p12
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,35 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F77DE75C081213D1
+
+5l7GBA30EbvLIEKPmJUOYxgRKUQUeeOsMqxqvm8xJxXkPY98+Ze61+zZ3MSER//u
+/a6fdSAZY6dG6HzK1pTqlKuAeY9riZdxob3FKhjh6x1YStKfaPtuTCuJIJ/l75ei
+zyS7DpuRrXIafzX8uqLRYezgCxv9lSiKZidwUxtWWfC3VEzTD44DXryObjoEWt2w
+IpniIxbt45ZO6eoMUlNixHGt1G4tm7SfHwjgj45mau3hXfDWubWYnsdHV1vTCM0t
+gHvbDUijW6uyCNkX/ffVNebXUsSxcoCCkK2n9UTDz5ZnpsV6+PM+JLUwSk+q1Bm7
+8Fs0voIzCSrR5girNVRk/hzQE4rB+ktySFJcw/mdfsoJjlsWxx79OsINuoTPzIm3
+WEUXkGlhG/U84nlqUr+UlRyKqX9tj9oginle1x34PebEO2EhGkTotw7hgtwJwKBX
+MKX4WEZgIc/312OTFSOH/ogy1Yps7uI4ScxDiFYHYPifKfTPfULSUwLUXEj6hcia
+Fv3g/vsXkEQ4Xt8vu7peXKH0mzhfeMpNPBbs3oan+Ey7QnwAfpB4fnwZQgyJ9dsE
+ibQ+I8ioCsEThH9txRjYDX+Dt3YvDKTWhN4EJP+Jet1A7fDVh7PTdCK4iDjVUQhu
+pJ5dxt6wbygm9R+8tI6gyfYnDyjaEH7LEdHYtVTPJ3IOY0lD9JUsjksOQzpsrwIT
+Vouq1d4j3Q7p9j7Yo+vsiSFv4qILGZO+UPhfL3NKriGqr7Mmx8dQG4XnWlbqgKIP
+NgurRm+ki9XlSoA3LrZNLXwbqD/2Jt0KXhEkBfd9+RfIUd38L2KPaQ==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXhMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNzEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA3QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC9QR4qmt6vyCpdRpkddNFLO+8V48HGx/Kyb2msmMyYoHDR
+hbV8WePfroS+3Wslr7bMZMVSpz7rGBbl5aUzwqh2mya7V61Dkr/+xWLnyL0vRkw3
+mfFe4/Nxh2rZ+uOeig6LzgmIFVfao67EZ66mL9Kf43/R5267YspMwTupWyqRZwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUSs2pbK7bluGik89TYK2JL0HVfcow
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAtHKsUgDfcE2l3KmL2ihLQHwriR0d1HvEIgABee9iAUE6gi91EKpt6Lt/Bch6
+cTQya1C2h5yYRc/2kjZXRKHtEeVFHXGO+9Gj82nOR9VcdIJxIynaOO0E8xcCTDYd
+bWUdbxqg6dvyejpwFbyEIIf9CH+OrxxmQOoG1O7w4EbOanQ=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.p12
===================================================================
(Binary files differ)
Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.p12
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,35 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,78F5786E70D62FE5
+
+mNfwSX9Kr4un1KingxUlv+zEz6K8KC72GP3CCxENAdYYJLb4RsqwDwHF1+yfpMGT
+W0/LnSR3Q+Fv9SsljIVyXIVKs/e6TLgwUUUMq0aXNrz4klq7gz1K6bGiZQTR9Q+z
+ttTDJBzSrx2ay7sfIETFm6FESveWZTF71Q6vraaV6keHOByLwI4lkl3bYOHCfYm5
+MB+95iInCugzcxFDNcWjljWyOsqNYeJbTLZUQs+b+gE8heoKMCpofxB3UAkqKbio
+roJRFFOVnnG/KeoxbK91x80+L51NLaW7A4XfJn/Mkh9tI6NHAXUUSIKRWqALU9Q+
+6eBL9lizAIXoeHt+5x9N/zxsNiUqN+yYRQOROAMUHfwaBDFn6o5+TnGk1p1Vi/cm
+ogK/Nfxh+KzgR48lbOdQEw5ZU5LDVcFWvFAQ9ilzBAsKXT8zazhHGrhdvP/EO0di
+MtOJn/OjwMUQV/jU3mEkoq6/+ENmSXZfxoFgAkDEYnFb/7Vl4gZ1AtWDuBerFw10
+KTEZ7A38we5P80OvcC4h0zWr7ixpmnAfSM+9Kew00TCdzqPWTj6q3hazSiSChsBC
+Oi1ArA0Q5PlFmlcU0ZM7Zp/Pm03tKkHEyA+6+ay17yFnulTmblBZvvDQ7r2jUmJG
+mqn9g91a3D+J22l9GNov6cV13X7EH+3ixsPrSGdZNBwTn0tDtFXwM7S0bb7lW1tU
+aYS1NwLt1/CVaxU6EbKU1abv2rfXT+Zs+a2FImBXdP2j3PCifJsrPbYOxZ4xUTk6
+4EcQTEc3fQTHKsJh5TrQ4OvXHeG2GaHw6pvwFIxKU2vzG84q8Telyw==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwODEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA4QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDQBosyvbKD3nOarln/unV2FuXWFG2KUtRhsxBATfgTgk1V
+aH2/8f5IjwvPfZj7GEcSQ24vf/vBl8Ubmba/AXRFvrp6dIIyPi3gkMAU+qnmDasx
+HPXZlqiSXCXIOfiHhMaHYdULsXpXZUS0L2hFEi55pEi+SHfSSYjXOxyODWzFCQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUr9p20sfqknB4FETQ6+WOtErMGAAw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAFjRe0oG7Ybo05te+aa6xb4EfEvN38YxclvEaBOueQw8+NB7muxf+Yn/uQlAJ
+IP/16RtDyP+FHDInQ7Kggi9ZHwBPUqWorwh5wbu/ZW9oLc4u+qm1rYEJZcrMn0uo
+XnoQsHivpDbxR27p3geunqNNH+lpoLHglu9gH21xUrhR72k=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.p12
===================================================================
(Binary files differ)
Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.p12
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,35 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,725CBE701F555AB5
+
+GEgJZhoMbyDgBiHW7o1/ksjCGh5X+qYcLbbncYcn9+PbG5X6AkwxbiB90nA3oIPm
+G0jIiFG2QUjWAk8V2LLWqo7XXL56/xzuBYz67mA6hX8Tznx32mZKUA6bv+3X0bg5
+iKQ4m8fsozPKYpJD/90OEhHQvdItY0Qq9qsNrBMqGl00gCr1cggPuFR7LkuaqCyt
+mXhUVJLMeQLVM0aKjMSdOnqfHNPNIZGne+a1YqW1sZpK3NV9/bInnSAWXT9OufGH
+or4UTthot8E5Txx6L6GDBw2j/NBlmf8uwCsZbeVqv3/jA5GHtdc8f9/mypW6CnHw
+XEL4ZNtezCKq6/JHV0PV1IAAOyU8r6pKkTjZq0cr4CM+rvhOC8qC/noAEftsiiuo
+QiM4nPOw843PolIXpNqkw35DYWCgTeDa5GQax3IjUwHZT4a/gKcMWAmfzBYXVDlA
+nPCFw/1rcmsG/kAkpPBwxysorytouzDXbBZS8m3LZPcSt3VtSNE0nubxUfjbFL0Y
+DyBq8nt4o08QgpF1dnPihC0uc1Or/n6mY5iZZN+5mREN1C7FKm3iC/sYAoMExlhX
+5vqpzfPjo8attQSIrvj0dgj3zHyFDSUeT8njoujoJFYVWxaQRKTe8twAZzXNc1KR
+NObrLwKZJJHJHtZ04THQXC7GwEH7xKFItgvggRS982gJGmNtGnBQ2orgy2TmYQYH
+DZUOkxeM6z/A/+bvoLqANXja+/PqmD+vuo7sGFy5kkJ7zQaI4SD02kLt/4Rwwo1J
+yC/A/q2CZMMHDd/Ru61Eg6oxZmuhR7tpAW9rXiXTy+fwDsLxQ6CfNw==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXjMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwOTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA5QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDfBJGBYXuSaWriD62VbkvxSfCAtK7usPXXqtGkQgqImwIx
+Vxq6bmUMYp5KSD2mszGmjMSdK+XbsFtyyzkTS3A8aT86TrOw0bNhVIzFxJQS+8DY
+3sSqqqn+LcvMqUYpCriBO7CRn0+hdfSuLd9gI+qmTWRFmdZxF+v/GLlCWAQi4QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUwhl9UY1l4ilXzz3GVbStuZicdqAw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEALJke+7d6iLMpp43LPY81OmyZwWMV0C6rM12xjzpwGGhX0lRRoqvu9ARwOg7e
+NW7Ie+oSEva0lR9sqnrM1P3I4T+f08hjLGvpIz5S5g1JxTrvBKxw68tB/S1uvy3c
+kHSV7sDJhNdbl62iF06hkTYaR0cG5XDnYhcovjvaZl0Sw8A=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.p12
===================================================================
(Binary files differ)
Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.p12
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,35 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,92926780C9752571
+
+F0eVk2UbqEM/QgfdKRmgpDEAEr36kBIxHLxFeqJ2J5TGAk/aJh2yHh2oNgcEt8wW
+EpOYer0MRyO3QJaQ2UTx44kvjOJ9refxBwKX9FRrV+Jx8bFCowIm3+g6tOoskH1p
+o1CxMj/tIqq1CVZVrWj3CEWzuxKHdkCbD1CwwWCiUoMePnOWwi3vA6u2aVjVoact
+Cc4UAkxTSlDeORN4bxwYEE12+8FUC1UR2ZT1CCwj6BsfuiYDQSgdFpdyqqNBMZJ0
+I+MrAi788mBBsS/rjxaUkaKltwUuFTkQ72Kc+woum0z21o8P3uunPVFUyf0lqUUf
+bRupDnnvXhOHApeF9tHG6N66scLxEY+uoPhfa5Rbl2zmGVproaDoGpTee8RdruSM
+ivrI+vHOT9Ctize/EG/xCyYVDZSKBJm9gr6PcFbGn0hS7dmqDU9XFTDDSzEL5osq
+kPmxdgS3c5l6Rvb4ShENSuRq88jQXNjzCKqmswxCUGG3yS9PSd1XLxoK4AQDkhpV
+ExfGr+I+fao76vhOnRZfAhij5Azng6sBAEYMdK1LbtmdnzCEVWCIrnDIVF3RIst2
+iwlSuk7wY7Qo9yOCfcEm57Ut3ovVOq7YvQqnz57hoTYIqNUMDqED6+XrlIqPOXq+
+A1pJzNjpM/Kol/1gPDstEk+iwPBAcwckoLCHSQYsCIZL3OYBST2Io4S0ZNKBgOAW
+uGL/AIJX5QV0uHbFSSWSNMsZ5jAmayHlUc8l5Wt3VchtbtyEfZJNA4OVUQ/6bqwQ
+8wrUGtGhr5XMLcretFmZKpvHyarApXrgV4SN8MbWgBw=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXkMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIxMDEh
+MB8GCSqGSIb3DQEJARYSdXNlcjEwQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCyiwIhalaw0ATtjGN3YwSOhMCi26rxWCpFYxqK5zlYF/ZZ
+JObhZOkp6HoP7B5Gxui7YkFO0IEal+N/En3dF6s+Io139Fxoog+UbNxa1fjWsPcX
+17kSraeWaglXyK/MRu1wfMb4bOUDQjBJdEW0EIlEeecqJXx48sY8lB0jgv9TTQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUhlYehueFRkqX9eBSgLwFs5Wh9Jsw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAhWEn99V8xWdglGHSq8PddxzXg2NS2tI/7DMzkJcTea17JTGL6Z5c1zBWvEma
+VTnBcVDDDmeeTLjm2m5A8rdM6h3S/8VT7BJCyE/9PM3zkx40kIB+NMWtJRRdsLs7
+js9Rw/p8fXxztiGx93NrdBHE1cPWTLD9f2OR+Z21QP2SWoQ=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,11 @@
+V 171026174904Z 97125115FC42F5DA unknown /C=US/ST=CA/O=Example.com/CN=admin/emailAddress=admin at example.com
+V 151027174904Z 97125115FC42F5DB unknown /C=US/ST=CA/O=Example.com/CN=user01/emailAddress=user01 at example.com
+V 151027174904Z 97125115FC42F5DC unknown /C=US/ST=CA/O=Example.com/CN=user02/emailAddress=user02 at example.com
+V 151027174904Z 97125115FC42F5DD unknown /C=US/ST=CA/O=Example.com/CN=user03/emailAddress=user03 at example.com
+V 151027174904Z 97125115FC42F5DE unknown /C=US/ST=CA/O=Example.com/CN=user04/emailAddress=user04 at example.com
+V 151027174905Z 97125115FC42F5DF unknown /C=US/ST=CA/O=Example.com/CN=user05/emailAddress=user05 at example.com
+V 151027174905Z 97125115FC42F5E0 unknown /C=US/ST=CA/O=Example.com/CN=user06/emailAddress=user06 at example.com
+V 151027174905Z 97125115FC42F5E1 unknown /C=US/ST=CA/O=Example.com/CN=user07/emailAddress=user07 at example.com
+V 151027174905Z 97125115FC42F5E2 unknown /C=US/ST=CA/O=Example.com/CN=user08/emailAddress=user08 at example.com
+V 151027174905Z 97125115FC42F5E3 unknown /C=US/ST=CA/O=Example.com/CN=user09/emailAddress=user09 at example.com
+V 151027174905Z 97125115FC42F5E4 unknown /C=US/ST=CA/O=Example.com/CN=user10/emailAddress=user10 at example.com
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt.attr
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt.attr (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt.attr 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1 @@
+unique_subject = yes
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DA.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DA.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DA.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCjCCAnOgAwIBAgIJAJcSURX8QvXaMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNzEwMjYxNzQ5MDRaMGIxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNVBAMTBWFkbWluMSAw
+HgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAv8I/m3GSQLIXXYOdl+u00iM69OcjD3sAPqP6fRxXBQgxTKcd
+0vtuxIjsEA92Ou3JDdHa5PGuvzNqQCNJARn7rDkvd3SLHsBPONXMvDH1HY7X9oXp
+o1x2CsqPM2b1rlimjoON0ohAZu2+hmPbPyX50pdL9p7SnoJOHIVdRuJqbS0CAwEA
+AaOBxzCBxDAdBgNVHQ4EFgQUHPXVEDPKfX5kTieJKO9xcWyNyfgwgZQGA1UdIwSB
+jDCBiYAUHPXVEDPKfX5kTieJKO9xcWyNyfihZqRkMGIxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNVBAMTBWFkbWlu
+MSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbYIJAJcSURX8QvXaMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAXKHxL3x1VwWWP5ViO2u70SS2
+ADcdxGiBAm2NTGg5eR++uFQI0+u8zwH87QhAlkRKCbafuAe7/EgbVYUCJDTkl2tK
+xSGBk6mzLqNk/Fz/FLb7Y+raUxr7+bkm1VLBekQIGwLqi8CNvxQBETNLDhg/tOF7
+4quBBA/7T9Rq6OPZIoE=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DB.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DB.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DB.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXbMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAxQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDG56G+IxGs5Xd9RqZOecBdAn3LHofqSWTLzqUcqSfqpE2z
+CZxogT7jV1bLezMER5HxtJFV09264e4B5mT73DYAmyheVuit4aBlOz2ezEhat9ZC
+ObJLPwbyfDCXQTu8KnGPMFtSZlxjATamnn5lQ+iW7P8+jt955Z5JzVPaSSRA2wID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUWdjDxNhAvXwlG1b3YBuGgmpGWeQw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAiZyBco6Id5qtp0c+x1Raw0LaSJbMJTZ/tgIEczLDsCfL+EFG658nD8VIMGZe
+1ydAnkqMhk3k9dB5gixLj0O132UtVJo7sP5p+ugwWDH3EIbqqGLHW13lLevMDeVm
+R+Xq87AU6pdDIXYE2jkg79f1e4tAvfJuAzYmwzEkO9wvfyE=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DC.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DC.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DC.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXcMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMjEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAyQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCkE/v5XmzRnOStXzP+7h8ART9eUp1c409g1nlxxVArdGE8
+QJOojh7Nr/02YZExY0rGgHRPHobbAzvY66bXFVxM9s4p2f0hO2zE1gpLkfYvbS5Z
+7b9uAfef4z6vOYuPl/CmIlnqh/IVFXF0UjekGaG08qhcEsXkXJfeTtB1uJxeLQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdR1jGv8wId5o4QF+z8Vsdgy7vr8w
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAn6QRQk5i6q95Mt+xQwp0IiIHAOWxYLaQitXzDbHnvhR/hBy5gjt8TDTW4uWU
+3hiv+xNgJ/CMV50a7W9QtgoLQX8bBigcNdsaNI7ZvYvEPUU8V4u6WdgQbiqWof8J
+Dw0IdqLmkHwtihXOI1AoJa63/RMdMxivBc6VeUlyIfCRxjw=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DD.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DD.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DD.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXdMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMzEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAzQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC4yj+8f/h2iZD14+UijQLJhllAEbQZU87srh+p9uVr1CS2
+DwmWmFqfi+IP20zMN8aibb3paAyvgWM/kwZcm/1YDDDQnDnFIGPGkv4prd4gSyEq
+Xw3ldiB5PHLsXB7mgmEuDZj6MC9xLbgyLLi1jEjMj3CD1ZQjJQ22+TEZLLZ42QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU11jiW6Vki5eaRyE5Q8BuuYJ1yjgw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAde5YCtNzfnOheO995M42QC9y5DlZ9ovFRw9vGZrDSwWtgAHa6paZvnMphLrl
+TIqseCjtm9th8IaTM9NYSxAmIqSd8VFIPeThLrwB+QgGZSp4LPY8vX1kV2dkfZoY
+nMgaVGroqVKtyQU+pPP30J3QaXnOL7GLhqEMHpURG4zLDrg=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DE.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DE.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DE.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXeMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNDEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA0QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC1djVn/b+c4eUTdtLI0hTaOwa/TI3SdFO40qyWnzDduXjf
+qqgzZnDd2hirFh5ws4QGO3JWIbFaApKlWpoe7eUkkPI9kHmqsXXjb1YgTkt6me71
+LHufTZ8WpU9ZqzJhT37GJ3YX9Eq2S1iPtygvXeoM1eSx3rDwiXL7FHCiNqtt6QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUzwn6HO0PK/T80cWF4hHC/7mFzBIw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAcGuNpkrftcBkXTb7yCQZ8irMrchNZbizv6htCNKnrWldIdX7qAGTJo6WdWLO
+zHKtqmWL2PQMBPCY93thdh4dfBjpFzWYE2ScoQ3I9B8s3CGB3v7GwwI6kpAw5XZI
+Gkfbd9ZiTUDD2KJfPEGfWZrH9gcXwciUXHRLF0Qx27OM+OY=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DF.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DF.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DF.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXfMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA1QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCuhqverBz5ABiO21VAJHcT/hi/t8TmI8dlHWcxZyUtllBY
+MVb1iCOgj07drBh69hAHhsCuNnerjsZ0JzpSppC9/xx06sDtm1F/BqKcRVCYuq3z
+cos1OeVT8+7VtCbtPZRPzBtL3dLPH7DIIKnAZZuOqSWOmP2gXqoKtUJMJwHGqwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUCarYPsCG5CSiAHKTGMXWboJNWWUw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAuJMTCTxRpWyR1BSdRYFB2Ke2HjAyCZpUY2Ay+PypHa1LJSKHb4M3psfFtZl6
+Jl7FtJL1Um+dOq44KQ9vxvadhjodUcOJ086rzjBraIOEtpV7sPK5tYaj7p8+RATn
+VlvM5HvV+/JkDXkdw6gUqmUIBuJt1SKmj+1xJgrWUnmnbTE=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E0.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E0.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E0.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXgMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNjEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA2QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCZkzb7OR9IRFjlNMS+PmFqm7KK6kPY7THzCLI4k+Ek6Jij
+uwhun50ACy3PGIonBv0/Xj0xnY/ZVQDElvul5LdCzvYDwk3N+z0Y3JXb7gg9Dp6g
+85K51eNrags59/VslGyteb1wW7zGRBpq1TXxEXFd+RxRsBqA+4jj5jOMUCUDxwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfUUjJDftXIX3ClcXyXX8pmc6PUkw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAoYkQhoeDSIOdVypiyBQ6OygLYGBDgaU8pBt9n5miteOMSqj1ezVlXyA/0c1u
+ETLB03QfnB8RfGHNLp4zBcE2VfwEWs4z4D7h4KQOIjqyl9bChWhPMF1xKmHQDiTo
+nmz2GGpMvMMqMGKIj00XFjjgqF8ESEJlN91YVFbEPdqHwyw=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E1.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E1.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E1.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXhMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNzEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA3QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC9QR4qmt6vyCpdRpkddNFLO+8V48HGx/Kyb2msmMyYoHDR
+hbV8WePfroS+3Wslr7bMZMVSpz7rGBbl5aUzwqh2mya7V61Dkr/+xWLnyL0vRkw3
+mfFe4/Nxh2rZ+uOeig6LzgmIFVfao67EZ66mL9Kf43/R5267YspMwTupWyqRZwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUSs2pbK7bluGik89TYK2JL0HVfcow
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAtHKsUgDfcE2l3KmL2ihLQHwriR0d1HvEIgABee9iAUE6gi91EKpt6Lt/Bch6
+cTQya1C2h5yYRc/2kjZXRKHtEeVFHXGO+9Gj82nOR9VcdIJxIynaOO0E8xcCTDYd
+bWUdbxqg6dvyejpwFbyEIIf9CH+OrxxmQOoG1O7w4EbOanQ=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E2.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E2.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E2.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwODEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA4QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDQBosyvbKD3nOarln/unV2FuXWFG2KUtRhsxBATfgTgk1V
+aH2/8f5IjwvPfZj7GEcSQ24vf/vBl8Ubmba/AXRFvrp6dIIyPi3gkMAU+qnmDasx
+HPXZlqiSXCXIOfiHhMaHYdULsXpXZUS0L2hFEi55pEi+SHfSSYjXOxyODWzFCQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUr9p20sfqknB4FETQ6+WOtErMGAAw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAFjRe0oG7Ybo05te+aa6xb4EfEvN38YxclvEaBOueQw8+NB7muxf+Yn/uQlAJ
+IP/16RtDyP+FHDInQ7Kggi9ZHwBPUqWorwh5wbu/ZW9oLc4u+qm1rYEJZcrMn0uo
+XnoQsHivpDbxR27p3geunqNNH+lpoLHglu9gH21xUrhR72k=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E3.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E3.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E3.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXjMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwOTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA5QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDfBJGBYXuSaWriD62VbkvxSfCAtK7usPXXqtGkQgqImwIx
+Vxq6bmUMYp5KSD2mszGmjMSdK+XbsFtyyzkTS3A8aT86TrOw0bNhVIzFxJQS+8DY
+3sSqqqn+LcvMqUYpCriBO7CRn0+hdfSuLd9gI+qmTWRFmdZxF+v/GLlCWAQi4QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUwhl9UY1l4ilXzz3GVbStuZicdqAw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEALJke+7d6iLMpp43LPY81OmyZwWMV0C6rM12xjzpwGGhX0lRRoqvu9ARwOg7e
+NW7Ie+oSEva0lR9sqnrM1P3I4T+f08hjLGvpIz5S5g1JxTrvBKxw68tB/S1uvy3c
+kHSV7sDJhNdbl62iF06hkTYaR0cG5XDnYhcovjvaZl0Sw8A=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E4.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E4.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E4.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXkMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIxMDEh
+MB8GCSqGSIb3DQEJARYSdXNlcjEwQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCyiwIhalaw0ATtjGN3YwSOhMCi26rxWCpFYxqK5zlYF/ZZ
+JObhZOkp6HoP7B5Gxui7YkFO0IEal+N/En3dF6s+Io139Fxoog+UbNxa1fjWsPcX
+17kSraeWaglXyK/MRu1wfMb4bOUDQjBJdEW0EIlEeecqJXx48sY8lB0jgv9TTQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUhlYehueFRkqX9eBSgLwFs5Wh9Jsw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAhWEn99V8xWdglGHSq8PddxzXg2NS2tI/7DMzkJcTea17JTGL6Z5c1zBWvEma
+VTnBcVDDDmeeTLjm2m5A8rdM6h3S/8VT7BJCyE/9PM3zkx40kIB+NMWtJRRdsLs7
+js9Rw/p8fXxztiGx93NrdBHE1cPWTLD9f2OR+Z21QP2SWoQ=
+-----END CERTIFICATE-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/private/cakey.pem
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/private/cakey.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/private/cakey.pem 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0AFACA85373949CF
+
+A5sfNCYZzAKVzcXRGD/I/3N+jKe1vZxOIutrztWrof5dXXFxbl2BdBWwbItyiJJB
+idDl83iy7je9pyew9uvWD0iuCJfob5o1Hp/g/zglIWZAvrxT09Ebr5EoeAHsCl7j
+T55Eh2qzog7bqRcF8+aiNnrMXPsZmi6OBA/K3KX7bmishwe2bxKE4isYzmVYUrXW
+RTTFouezCr7bVGYXB31g8vHn64mcHrVENNldxGMrMpw+AMu0pPgshz2xFso4j/uo
+xN4xNZ+tCGGouAcSNjX306Pj8fX8NybIN7dNN3icQu1LhcajCyV3UgYo/4+OmO2g
+SI+c9/LFkw0waGozTcgI6fBboxl7RQeORVo0c6tBdNkckiwEHMBplLSbjUOluFPo
+AYqq9ui+ox0wH6yJISBQlighFBtUpVidTElcV63Zndzy9Uzpl9NmR58WOZyaLVjA
+4L3NC5HL1DbzyYFt70YM3Jx9p0PdCF7ECtQfVHQj2zU4kLi69BHyXq8RKtgRkiju
+6tedz7FJ8qhLMOWnN2T42PZ0CIV6hZeIkggm+rLhGzXGVOzZkBeTXG6s3VsrMWeE
+gH959LOcYsEtsDR6mZOV7RLtyYt4Tttj84ygrkNelUP9sTiruWj/poBdJAjXwwt/
+2rBytzdEmIGGxYVpLyhT6F7sZM2199EQH3MU8A+PmM99PJqMKEHm6/en94K/5Uin
+1nwErISQgETVu1UgxEcsOKPrezzuDWa7OcY2jnQgVSxAjj8WxIKF0ulj/YacGneA
+e07KTlPPMZydPs7M8xBjL/unYaU4pxhXKvzNH+nV5cvTtw1aXyK/DQ==
+-----END RSA PRIVATE KEY-----
Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/serial
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/serial (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/serial 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1 @@
+97125115FC42F5E5
Added: CalendarServer/trunk/txweb2/auth/tls.py
===================================================================
--- CalendarServer/trunk/txweb2/auth/tls.py (rev 0)
+++ CalendarServer/trunk/txweb2/auth/tls.py 2014-11-03 21:19:46 UTC (rev 14132)
@@ -0,0 +1,114 @@
+##
+# Copyright (c) 2014 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+"""
+TLS client certificate authentication module.
+"""
+
+__all__ = [
+ "TLSCredentials",
+ "TLSCredentialsFactory",
+ "TLSCredentialsChecker",
+]
+
+from zope.interface import implements
+
+from twisted.cred import checkers, credentials, error
+from twisted.internet.defer import succeed
+from txweb2.dav.auth import IPrincipalCredentials
+
+
+class TLSCredentials(object):
+ """
+ Credentials for TLS auth - basically just the client certificate.
+ """
+
+ implements(credentials.ICredentials)
+
+ def __init__(self, certificate):
+
+ self.certificate = certificate
+
+ try:
+ self.username = self.getSubject().emailAddress.split("@")[0]
+ except KeyError:
+ self.username = None
+
+
+ def getSubject(self):
+ return self.certificate.getSubject()
+
+
+
+class TLSCredentialsFactory(object):
+ """
+ Authorizer for TLS authentication (http://tools.ietf.org/html/draft-thomson-httpbis-cant-01).
+ """
+
+ scheme = 'clientcertificate'
+
+ def __init__(self, realm=None, dn=None, sha256=None):
+ """
+
+ @param realm: realm for authentication, or L{None} for no realm
+ @type realm: L{str}
+ @param dn: list DNs for acceptable CA certs
+ @type dn: L{list} of L{str}
+ @param sha256: list of sha-256 fingerprint values for acceptable CA certs
+ @type sha256: L{list} of L{str}
+ """
+ self.realm = realm
+ self.dn = dn
+ self.sha256 = sha256
+
+
+ def getChallenge(self, _ignore_peer):
+ challenge = {}
+ if self.realm:
+ challenge['realm'] = self.realm
+ if self.dn:
+ challenge['dn'] = self.dn
+ if self.sha256:
+ challenge['sha-256'] = self.sha256
+ return succeed(challenge)
+
+
+ def decode(self, credentials, request):
+ return succeed(credentials)
+
+
+
+class TLSCredentialsChecker(object):
+
+ implements(checkers.ICredentialsChecker)
+
+ credentialInterfaces = (IPrincipalCredentials,)
+
+ def requestAvatarId(self, credentials):
+ # NB If we get here authentication has already succeeded as it is done in TLSCredentialsFactory.decode
+ # So all we need to do is return the principal URIs from the credentials.
+
+ # Look for proper credential type.
+ pcreds = IPrincipalCredentials(credentials)
+
+ creds = pcreds.credentials
+ if isinstance(creds, TLSCredentials):
+ return succeed((
+ pcreds.authnPrincipal,
+ pcreds.authzPrincipal,
+ ))
+
+ raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.authnURI,))
Modified: CalendarServer/trunk/txweb2/channel/http.py
===================================================================
--- CalendarServer/trunk/txweb2/channel/http.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/txweb2/channel/http.py 2014-11-03 21:19:46 UTC (rev 14132)
@@ -39,11 +39,14 @@
from txweb2 import responsecode
from txweb2 import http_headers
from txweb2 import http
+from txweb2.auth.tls import TLSCredentials
from txweb2.http import RedirectResponse
from txweb2.server import Request
from twistedcaldav.config import config
from twistedcaldav import accounting
+from twisted.internet._sslverify import Certificate
+from twisted.internet.error import CertificateError
log = Logger()
@@ -792,6 +795,9 @@
_abortTimer = None
chanRequest = None
+ peerCertificateCheck = False
+ peerCredentials = None
+
def _callLater(self, secs, fun):
reactor.callLater(secs, fun)
@@ -809,7 +815,22 @@
self.factory.addConnectedChannel(self)
+ def processPeerCertificate(self):
+ # Look for SSL client cert
+ if self._secure:
+ try:
+ self.peerCredentials = TLSCredentials(Certificate.peerFromTransport(self.transport))
+ except CertificateError:
+ pass
+
+ self.peerCertificateCheck = True
+
+
def lineReceived(self, line):
+
+ if self._secure and not self.peerCertificateCheck:
+ self.processPeerCertificate()
+
if self._first_line:
self.setTimeout(self.inputTimeOut)
# if this connection is not persistent, drop any data which
Modified: CalendarServer/trunk/txweb2/dav/resource.py
===================================================================
--- CalendarServer/trunk/txweb2/dav/resource.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/txweb2/dav/resource.py 2014-11-03 21:19:46 UTC (rev 14132)
@@ -65,6 +65,7 @@
from txdav.xml.element import twisted_dav_namespace, twisted_private_namespace
from txdav.xml.element import registerElement, lookupElement
from txweb2 import responsecode
+from txweb2.auth.tls import TLSCredentialsFactory
from txweb2.http import HTTPError, RedirectResponse, StatusResponse
from txweb2.http_headers import generateContentType
from txweb2.iweb import IResponse
@@ -1014,8 +1015,14 @@
request.authzUser = None
return succeed((request.authnUser, request.authzUser))
- authHeader = request.headers.getHeader("authorization")
+ # Check for native TLS client cert
+ if request.clientCredentials() is not None:
+ # Make this look as if it is done via the usual HTTP auth header approach
+ authHeader = (TLSCredentialsFactory.scheme, request.clientCredentials())
+ else:
+ authHeader = request.headers.getHeader("authorization")
+
if authHeader is not None:
if authHeader[0] not in request.credentialFactories:
log.debug(
Modified: CalendarServer/trunk/txweb2/server.py
===================================================================
--- CalendarServer/trunk/txweb2/server.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/txweb2/server.py 2014-11-03 21:19:46 UTC (rev 14132)
@@ -232,6 +232,13 @@
self.timeStamps.append((tag, time.time(),))
+ def clientCredentials(self):
+ try:
+ return self.chanRequest.channel.peerCredentials
+ except AttributeError:
+ return None
+
+
def addResponseFilter(self, filter, atEnd=False, onlyOnce=False):
"""
Add a response filter to this request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20141103/659bc8b2/attachment-0001.html>
More information about the calendarserver-changes
mailing list