<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[14132] CalendarServer/trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/14132">14132</a></dd>
<dt>Author</dt> <dd>cdaboo@apple.com</dd>
<dt>Date</dt> <dd>2014-11-03 13:19:46 -0800 (Mon, 03 Nov 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>Client certificate verification support (for testing only).</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#CalendarServertrunkcalendarservertapcaldavpy">CalendarServer/trunk/calendarserver/tap/caldav.py</a></li>
<li><a href="#CalendarServertrunkcalendarservertaputilpy">CalendarServer/trunk/calendarserver/tap/util.py</a></li>
<li><a href="#CalendarServertrunkconfcaldavdtestplist">CalendarServer/trunk/conf/caldavd-test.plist</a></li>
<li><a href="#CalendarServertrunkrequirementsstabletxt">CalendarServer/trunk/requirements-stable.txt</a></li>
<li><a href="#CalendarServertrunktwistedcaldavdirectoryprincipalpy">CalendarServer/trunk/twistedcaldav/directory/principal.py</a></li>
<li><a href="#CalendarServertrunktwistedcaldavstdconfigpy">CalendarServer/trunk/twistedcaldav/stdconfig.py</a></li>
<li><a href="#CalendarServertrunktxweb2channelhttppy">CalendarServer/trunk/txweb2/channel/http.py</a></li>
<li><a href="#CalendarServertrunktxweb2davresourcepy">CalendarServer/trunk/txweb2/dav/resource.py</a></li>
<li><a href="#CalendarServertrunktxweb2serverpy">CalendarServer/trunk/txweb2/server.py</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#CalendarServertrunktwistedcaldavtestdatacatoolpy">CalendarServer/trunk/twistedcaldav/test/data/catool.py</a></li>
<li>CalendarServer/trunk/twistedcaldav/test/data/demoCA/</li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcacertpem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/cacert.pem</a></li>
<li>CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/</li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser01p12">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.p12</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser01pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser02p12">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.p12</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser02pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser03p12">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.p12</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser03pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser04p12">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.p12</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser04pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser05p12">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.p12</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser05pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser06p12">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.p12</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser06pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser07p12">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.p12</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser07pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser08p12">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.p12</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser08pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser09p12">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.p12</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser09pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser10p12">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.p12</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAcertsuser10pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.pem</a></li>
<li>CalendarServer/trunk/twistedcaldav/test/data/demoCA/crl/</li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAindextxt">CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAindextxtattr">CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt.attr</a></li>
<li>CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/</li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DApem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DA.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DBpem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DB.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DCpem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DC.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DDpem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DD.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DEpem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DE.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DFpem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DF.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5E0pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E0.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5E1pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E1.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5E2pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E2.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5E3pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E3.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5E4pem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E4.pem</a></li>
<li>CalendarServer/trunk/twistedcaldav/test/data/demoCA/private/</li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAprivatecakeypem">CalendarServer/trunk/twistedcaldav/test/data/demoCA/private/cakey.pem</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtestdatademoCAserial">CalendarServer/trunk/twistedcaldav/test/data/demoCA/serial</a></li>
<li><a href="#CalendarServertrunktxweb2authtlspy">CalendarServer/trunk/txweb2/auth/tls.py</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="CalendarServertrunkcalendarservertapcaldavpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/calendarserver/tap/caldav.py (14131 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/calendarserver/tap/caldav.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/calendarserver/tap/caldav.py 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -101,12 +101,6 @@
</span><span class="cx"> UpgradeFileSystemFormatStep, PostDBImportStep,
</span><span class="cx"> )
</span><span class="cx">
</span><del>-try:
- from twistedcaldav.authkerb import NegotiateCredentialFactory
- NegotiateCredentialFactory # pacify pyflakes
-except ImportError:
- NegotiateCredentialFactory = None
-
</del><span class="cx"> from calendarserver.accesslog import AMPCommonAccessLoggingObserver
</span><span class="cx"> from calendarserver.accesslog import AMPLoggingFactory
</span><span class="cx"> from calendarserver.accesslog import RotatingFileAccessLoggingObserver
</span><span class="lines">@@ -830,7 +824,11 @@
</span><span class="cx"> certificateChainFile=config.SSLAuthorityChain,
</span><span class="cx"> passwdCallback=getSSLPassphrase,
</span><span class="cx"> sslmethod=getattr(OpenSSL.SSL, config.SSLMethod),
</span><del>- ciphers=config.SSLCiphers.strip()
</del><ins>+ ciphers=config.SSLCiphers.strip(),
+ verifyClient=config.Authentication.ClientCertificate.Enabled,
+ requireClientCertificate=config.Authentication.ClientCertificate.Required,
+ clientCACertFileNames=config.Authentication.ClientCertificate.CAFiles,
+ sendCAsToClient=config.Authentication.ClientCertificate.SendCAsToClient,
</ins><span class="cx"> )
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="CalendarServertrunkcalendarservertaputilpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/calendarserver/tap/util.py (14131 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/calendarserver/tap/util.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/calendarserver/tap/util.py 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -91,6 +91,7 @@
</span><span class="cx"> from txdav.who.util import directoryFromConfig
</span><span class="cx">
</span><span class="cx"> from txweb2.auth.basic import BasicCredentialFactory
</span><ins>+from txweb2.auth.tls import TLSCredentialsFactory, TLSCredentials
</ins><span class="cx"> from txweb2.dav import auth
</span><span class="cx"> from txweb2.dav.auth import IPrincipalCredentials
</span><span class="cx"> from txweb2.dav.util import joinURL
</span><span class="lines">@@ -360,8 +361,7 @@
</span><span class="cx"> except ImportError:
</span><span class="cx"> NegotiateCredentials = None
</span><span class="cx">
</span><del>- if NegotiateCredentials and isinstance(credentials.credentials,
- NegotiateCredentials):
</del><ins>+ if NegotiateCredentials and isinstance(credentials.credentials, NegotiateCredentials):
</ins><span class="cx"> # If we get here with Kerberos, then authentication has already succeeded
</span><span class="cx"> returnValue(
</span><span class="cx"> (
</span><span class="lines">@@ -369,6 +369,17 @@
</span><span class="cx"> credentials.authzPrincipal,
</span><span class="cx"> )
</span><span class="cx"> )
</span><ins>+
+ # Handle TLS Client Certificate
+ elif isinstance(credentials.credentials, TLSCredentials):
+ # If we get here with TLS, then authentication (certificate verification) has already succeeded
+ returnValue(
+ (
+ credentials.authnPrincipal,
+ credentials.authzPrincipal,
+ )
+ )
+
</ins><span class="cx"> else:
</span><span class="cx"> if (yield credentials.authnPrincipal.record.verifyCredentials(credentials.credentials)):
</span><span class="cx"> returnValue(
</span><span class="lines">@@ -482,6 +493,9 @@
</span><span class="cx"> elif scheme == "basic":
</span><span class="cx"> credFactory = BasicCredentialFactory(realm)
</span><span class="cx">
</span><ins>+ elif scheme == TLSCredentialsFactory.scheme:
+ credFactory = TLSCredentialsFactory(realm)
+
</ins><span class="cx"> elif scheme == "wiki":
</span><span class="cx"> pass
</span><span class="cx">
</span></span></pre></div>
<a id="CalendarServertrunkconfcaldavdtestplist"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/conf/caldavd-test.plist (14131 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/conf/caldavd-test.plist 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/conf/caldavd-test.plist 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -444,6 +444,23 @@
</span><span class="cx"> <string></string>
</span><span class="cx"> </dict>
</span><span class="cx">
</span><ins>+ <!-- TLS Client Certificate -->
+ <key>ClientCertificate</key>
+ <dict>
+ <key>Enabled</key>
+ <false/>
+ <key>AllowedOverWireUnencrypted</key> <!-- advertised over non SSL? -->
+ <true/>
+ <key>Required</key>
+ <true/>
+ <key>CAFiles</key>
+ <array>
+ <string>twistedcaldav/test/data/demoCA/cacert.pem</string>
+ </array>
+ <key>SendCAsToClient</key>
+ <true/>
+ </dict>
+
</ins><span class="cx"> <!-- Wikiserver authentication (Mac OS X) -->
</span><span class="cx"> <key>Wiki</key>
</span><span class="cx"> <dict>
</span></span></pre></div>
<a id="CalendarServertrunkrequirementsstabletxt"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/requirements-stable.txt (14131 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/requirements-stable.txt 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/requirements-stable.txt 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -5,7 +5,7 @@
</span><span class="cx"> # For CalendarServer development, don't try to get these projects from PyPI; use svn.
</span><span class="cx">
</span><span class="cx"> -e .
</span><del>--e svn+http://svn.calendarserver.org/repository/calendarserver/twext/trunk@14114#egg=twextpy
</del><ins>+-e svn+http://svn.calendarserver.org/repository/calendarserver/twext/trunk@14131#egg=twextpy
</ins><span class="cx"> -e svn+http://svn.calendarserver.org/repository/calendarserver/PyKerberos/trunk@13420#egg=kerberos
</span><span class="cx"> -e svn+http://svn.calendarserver.org/repository/calendarserver/PyCalendar/trunk@14025#egg=pycalendar
</span><span class="cx">
</span></span></pre></div>
<a id="CalendarServertrunktwistedcaldavdirectoryprincipalpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/twistedcaldav/directory/principal.py (14131 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/directory/principal.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/twistedcaldav/directory/principal.py 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -59,6 +59,7 @@
</span><span class="cx"> from txdav.xml import element as davxml
</span><span class="cx"> from txweb2 import responsecode
</span><span class="cx"> from txweb2.auth.digest import DigestedCredentials
</span><ins>+from txweb2.auth.tls import TLSCredentials
</ins><span class="cx"> from txweb2.dav.noneprops import NonePropertyStore
</span><span class="cx"> from txweb2.dav.util import joinURL
</span><span class="cx"> from txweb2.http import HTTPError
</span><span class="lines">@@ -203,6 +204,10 @@
</span><span class="cx"> returnValue(principal)
</span><span class="cx"> elif user.username:
</span><span class="cx"> returnValue((yield self.principalForUser(user.username)))
</span><ins>+ elif isinstance(user, TLSCredentials):
+ # FIXME: for now we use the local part of the emailAddress in the certs Subject, but we may need
+ # to lookup some other attribute
+ returnValue((yield self.principalForUser(user.username)))
</ins><span class="cx">
</span><span class="cx"> returnValue(None)
</span><span class="cx">
</span></span></pre></div>
<a id="CalendarServertrunktwistedcaldavstdconfigpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py (14131 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/stdconfig.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -367,6 +367,13 @@
</span><span class="cx"> "ServicePrincipal": "",
</span><span class="cx"> "AllowedOverWireUnencrypted": True, # Advertised over non-SSL?
</span><span class="cx"> },
</span><ins>+ "ClientCertificate": { # TLS Client Certificate
+ "Enabled": False,
+ "AllowedOverWireUnencrypted": True, # Advertised over non-SSL?
+ "Required": True, # Always require a client cert
+ "CAFiles": [], # Array of acceptable client cert CA file names
+ "SendCAsToClient": True, # Send the list of acceptable CAs to the client
+ },
</ins><span class="cx"> "Wiki": {
</span><span class="cx"> "Enabled": False,
</span><span class="cx"> "Cookie": "cc.collabd_session_guid",
</span></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatacatoolpy"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/catool.py (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/catool.py (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/catool.py 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,172 @@
</span><ins>+#!/usr/bin/env python
+##
+# Copyright (c) 2014 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+from __future__ import print_function
+from getopt import getopt
+import sys
+import shutil
+import os
+import subprocess
+
+
+def newCA(caPath):
+ """
+ Create a new certificate authority with supporting files at the specified path.
+
+ @param caPath: path to store CA files
+ @type caPath: L{str}
+ """
+
+ print("Creating new Certificate Authority")
+
+ # Delete anything that exists first
+ if os.path.exists(caPath):
+ shutil.rmtree(caPath)
+
+ # Create directories
+ os.mkdir(caPath)
+ os.mkdir(os.path.join(caPath, "certs"))
+ os.mkdir(os.path.join(caPath, "crl"))
+ os.mkdir(os.path.join(caPath, "newcerts"))
+ os.mkdir(os.path.join(caPath, "private"))
+ with open(os.path.join(caPath, "index.txt"), "w"):
+ pass
+
+ keyfile = os.path.join(caPath, "private", "cakey.pem")
+ reqfile = os.path.join(caPath, "careq.pem")
+ certfile = os.path.join(caPath, "cacert.pem")
+
+ # Create a certificate request
+ subprocess.call("openssl req -batch -new -keyout {keyout} -out {reqout} -passout pass:{passwd} -subj {subject}".format(
+ keyout=keyfile,
+ reqout=reqfile,
+ passwd="secret",
+ subject="/C=US/ST=CA/O=Example.com/CN=admin/emailAddress=admin@example.com"
+ ).split())
+
+ # Create a CA certificate
+ subprocess.call("openssl ca -batch -create_serial -out {certout} -days {days} -batch -keyfile {keyfile} -passin pass:{passwd} -notext -selfsign -extensions v3_ca -infiles {reqin}".format(
+ keyfile=keyfile,
+ reqin=reqfile,
+ certout=certfile,
+ days=365 * 3,
+ passwd="secret",
+ ).split())
+
+ os.remove(reqfile)
+
+
+
+def makeUserCertificate(caPath, user):
+ """
+ Create a new certificate for the specified user and sign using the CA cert.
+
+ @param caPath: path of CA files
+ @type caPath: L{str}
+ @param user: user id
+ @type user: L{str}
+ """
+ print("Creating new Certificate for {}".format(user))
+
+ keyfile = os.path.join(caPath, "certs", "{}-key.pem".format(user))
+ reqfile = os.path.join(caPath, "certs", "{}-req.pem".format(user))
+ certfile = os.path.join(caPath, "certs", "{}-cert.pem".format(user))
+ pemfile = os.path.join(caPath, "certs", "{}.pem".format(user))
+ pkcs12file = os.path.join(caPath, "certs", "{}.p12".format(user))
+
+ # Create a certificate request
+ subprocess.call("openssl req -batch -new -keyout {keyout} -out {reqout} -passout pass:{passwd} -days {days} -subj {subject}".format(
+ keyout=keyfile,
+ reqout=reqfile,
+ passwd="secret",
+ days=365 * 3,
+ subject="/C=US/ST=CA/O=Example.com/CN={user}/emailAddress={user}@example.com".format(user=user)
+ ).split())
+
+ # Sign certificate
+ subprocess.call("openssl ca -batch -policy policy_anything -out {certout} -passin pass:{passwd} -notext -infiles {reqin}".format(
+ certout=certfile,
+ reqin=reqfile,
+ passwd="secret",
+ ).split())
+
+ os.remove(reqfile)
+
+ with open(keyfile) as f:
+ privkey = f.read()
+ with open(certfile) as f:
+ pubkey = f.read()
+
+ with open(pemfile, "w") as f:
+ f.write(privkey)
+ f.write(pubkey)
+
+ os.remove(keyfile)
+ os.remove(certfile)
+
+ # PKCS12 certificate
+ subprocess.call("openssl pkcs12 -export -in {pemin} -out {p12out} -passin pass:{passwd} -passout pass:{passwd}".format(
+ pemin=pemfile,
+ p12out=pkcs12file,
+ passwd="secret",
+ ).split())
+
+
+
+def usage():
+ print("catool [OPTIONS]")
+ print("")
+ print("OPTIONS")
+ print("-h print help and exit")
+ print("--newca create a new CA - delete any existing demoCA directory")
+ print("--newuser USER create a new user certificate with user id \"USER\" signed by the CA")
+ print("--users N generate a set of user certificates for \"user01\", \"user02\", etc. up to \"userN\"")
+ print("")
+ print("Version: 1")
+
+
+if __name__ == '__main__':
+
+ caPath = "demoCA"
+ newca = False
+ newuser = None
+ users = None
+
+ options, args = getopt(sys.argv[1:], "h", ["newca", "newuser=", "users="])
+
+ for option, value in options:
+ if option == "-h":
+ usage()
+ sys.exit(0)
+ elif option == "--newca":
+ newca = True
+ elif option == "--newuser":
+ newuser = value
+ elif option == "--users":
+ users = int(value)
+
+ if newca:
+ newCA(caPath)
+
+ if newuser:
+ makeUserCertificate(caPath, newuser)
+
+ if users:
+ for user in range(1, users + 1):
+ makeUserCertificate(caPath, "user{:02d}".format(user))
+
+ print("Certificate Authority operations complete.")
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcacertpem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/cacert.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/cacert.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/cacert.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,19 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIIDCjCCAnOgAwIBAgIJAJcSURX8QvXaMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNzEwMjYxNzQ5MDRaMGIxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNVBAMTBWFkbWluMSAw
+HgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAv8I/m3GSQLIXXYOdl+u00iM69OcjD3sAPqP6fRxXBQgxTKcd
+0vtuxIjsEA92Ou3JDdHa5PGuvzNqQCNJARn7rDkvd3SLHsBPONXMvDH1HY7X9oXp
+o1x2CsqPM2b1rlimjoON0ohAZu2+hmPbPyX50pdL9p7SnoJOHIVdRuJqbS0CAwEA
+AaOBxzCBxDAdBgNVHQ4EFgQUHPXVEDPKfX5kTieJKO9xcWyNyfgwgZQGA1UdIwSB
+jDCBiYAUHPXVEDPKfX5kTieJKO9xcWyNyfihZqRkMGIxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNVBAMTBWFkbWlu
+MSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbYIJAJcSURX8QvXaMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAXKHxL3x1VwWWP5ViO2u70SS2
+ADcdxGiBAm2NTGg5eR++uFQI0+u8zwH87QhAlkRKCbafuAe7/EgbVYUCJDTkl2tK
+xSGBk6mzLqNk/Fz/FLb7Y+raUxr7+bkm1VLBekQIGwLqi8CNvxQBETNLDhg/tOF7
+4quBBA/7T9Rq6OPZIoE=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser01p12"></a>
<div class="binary"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.p12</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.p12
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser01pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user01.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CA79E26202AC4534
+
+77/5R/ou0mkVJtIqweVpynb6IjTxyqIAb4pLq+meAshIL/p3WYZCPUunin/+uE6E
+31ubEOeXuREgB2Ood2QCgsMwrFcYhqficMhmMUZhhLeeVWflevggmv/6PWG5ZTCX
+kJ0/YBSefvgS7cBmmV3LTgW8TDl7RiRHGmS1RS/qmtXNam/w5NYFGriFvBqfp5cD
+UixSlypC4mZPz642P40fowNAM/OFcK+kBUoIXRX0dDXD7GJj8BQtjNz2B8Qhx+u9
+GvmR7ux796aykCj41jpX0WejzFbf+ZQJA9txkT38MVLU0yRZyaERMAdwl1fkqlc8
+RJlr4DwwZ8EN03rBr2EoPfLFiUw5YutPdNEwgdcGLQKAd0ZpKfmjTWEXC9eia49a
+fmiS98nNObJS9tHnoN6gDdOgM0VDuAgCuKsX6UFRiViiQGKqWjcjD9QH5Go0NU5z
+iH/hWjvFF3SJbYtgXQ+qi9pPZYY2RbtNmG0wIvT73FDAb3t98RJmAgqnzolntWIT
+V53/rmmZmPnfGn50v++KERFxuKK+kQXqAfrnODZbmnQ1l7TbOXwX6H7T2BMezkvk
+Zgb/Xc6U0CefM/QyRH/JfdXEst2OcTfm9mScCy0OeXtjL+9wyoTYDrfaQhDEwHXT
+mdXT4AuZ7poXZ6u5t2OO37izvLh95xZMmPuMiOtX9UZ/3Zh5OwfpjnRQ7lEVaiZ1
+HAX7xqE7RaAB4r4A9z9+lBGdflG3Ts34sy7238UUCIA5zLPaI7AgT4d+yg5TeEs2
+jqhyxF6DvgeYrMW3XLhVRDAd65TRizKNpHnq0oCKn6vbYl3DaXaaPg==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXbMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAxQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDG56G+IxGs5Xd9RqZOecBdAn3LHofqSWTLzqUcqSfqpE2z
+CZxogT7jV1bLezMER5HxtJFV09264e4B5mT73DYAmyheVuit4aBlOz2ezEhat9ZC
+ObJLPwbyfDCXQTu8KnGPMFtSZlxjATamnn5lQ+iW7P8+jt955Z5JzVPaSSRA2wID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUWdjDxNhAvXwlG1b3YBuGgmpGWeQw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAiZyBco6Id5qtp0c+x1Raw0LaSJbMJTZ/tgIEczLDsCfL+EFG658nD8VIMGZe
+1ydAnkqMhk3k9dB5gixLj0O132UtVJo7sP5p+ugwWDH3EIbqqGLHW13lLevMDeVm
+R+Xq87AU6pdDIXYE2jkg79f1e4tAvfJuAzYmwzEkO9wvfyE=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser02p12"></a>
<div class="binary"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.p12</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.p12
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser02pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user02.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2F17A8147D51E9AD
+
+BcQhRWO/Y8AkRyPoAQsMmqm5OFPZY5d/xwnyM//8qsCr9eMOTRM2PSLBfiprDY2+
+z1ZGL5txfcFfjfbjtADAgMlr6GvfHYs0wg8n83t/Q4Rs7P4Ds1KS0+DfkreEjgsJ
+uPeKO4dakJ/+WvJ3lCSGl24mtICFH0toq6RZ0lLs1JvXVjC3srVOydvIPX/fMoQ4
+Se19P4K5dDFKUH4EzBz/aYg+GCNQxOQpgLCuLAwzLAHUN3ZFDkF40uGBjYQ/Mf6y
+L6rsBZm0klgpXCZx5x8ZH8T/ouZncb0w9SHEWy8HZ9qW8scj8Txc6rGRQKtsk7y9
+qlwwxc6J7W1KuRErHiExRLzCTaW3GYpSM9bP+7xxU9sglDBqozIjKFM2cQaCJxQM
+ZMfvf6U0y72MUDXQwDk0JnAqvQ215cZmXroZGZt11zoNYObvV/e7zadbSb1ioXu6
+PlqBV5ZCpIxd4mkZnYAId198eoGIDQ5N9//VT/sFiQX1v/2GG1q1ZwYWdXQpgtmJ
+H744YXxofddNLicHmDEkHtEubHS1FRKue9F/JDWPFS6zrsvpa1GaHbTgeOKiCXcJ
+edHXKMoa/iyKsFWwFtfqyPm+wrUg8tyAFRqBO3vuqSDB56aol9bTSRDhFH+jyyb5
+QozXXqRgiYNUhNvPNISezmQC8LBmi1ubWkrDVvnLIB2y682hwvSU8Ch947s5r2Ka
+v54VvmOofKzyPNoIre7prLfw7gTz0G3wbKbFQJihi2QeQLzQSgAY3wNKrvMz8tRC
++7+cjHnZ4Cp/Q4F5ZAxjyl6Dm7ngkxDTbog4XNTgWI3KUwE1YigeVQ==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXcMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMjEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAyQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCkE/v5XmzRnOStXzP+7h8ART9eUp1c409g1nlxxVArdGE8
+QJOojh7Nr/02YZExY0rGgHRPHobbAzvY66bXFVxM9s4p2f0hO2zE1gpLkfYvbS5Z
+7b9uAfef4z6vOYuPl/CmIlnqh/IVFXF0UjekGaG08qhcEsXkXJfeTtB1uJxeLQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdR1jGv8wId5o4QF+z8Vsdgy7vr8w
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAn6QRQk5i6q95Mt+xQwp0IiIHAOWxYLaQitXzDbHnvhR/hBy5gjt8TDTW4uWU
+3hiv+xNgJ/CMV50a7W9QtgoLQX8bBigcNdsaNI7ZvYvEPUU8V4u6WdgQbiqWof8J
+Dw0IdqLmkHwtihXOI1AoJa63/RMdMxivBc6VeUlyIfCRxjw=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser03p12"></a>
<div class="binary"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.p12</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.p12
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser03pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user03.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AFF718FC4F40A11D
+
+s7mzrrHYbBWuh4vNoyIl99yXFR1OrRZ1P466Pm5EEi4pNfq7ifVOyV0s1VaTJM8Y
+cEqyRAPjx0C11Tny8X5Xn3aPl3DVG9IyrDXRvCdR851AW1iTZDxUlov58QDBqXZ9
+9TlnwozghZWKFfFyGjfxISbPw2z5pmZ/UvulRzqnBWsUCeLxGlACoGEDbk7r0OSF
+mpF01NeoLhLBhd4mxXwnAImK4QVNp6ZC7Q928H8dMmZI71Xh/u+8KCDFNdG+Jcsg
+GP3tYfqkF2d+qqKMktzY9Ou+cWuDy0TZrxrHVVSV4cl0RHa7+hegfN5ZQd/WtV7N
+dEa34eI0sN3CmD1LD2i/weXKy5wY8OGZpnyb5s1fZ1nzXXweKYgLDXiIp+LRdcIU
+E0MnErRP06Qp8WcFIOzC7SQwhhGJIxikwek5mYavFixsAO8vmGk484DWIj0IYG/H
+RXYu5UO7soghBAdXOjdp2+k+hRORM2gaSP4yZWDy4SYYZIhKzUdzY5EuAxqKiBvc
+PTCfOZajHWkvRCT+26twi0fbDvwTiRlHXGu0xd9HWY1/NFQ3kyc/PBHohX6C5JDU
+/UGHXDIdZgtxWs4WI/K2Yh3PG0kpN8U2Q0XeMCg8YufngQmKAbkEQUpQsd9jGoms
+4a1HdhkTYLD+RqyjVHu7DCNtP6T0HF+75d+EO/XZ3wi9ZDRbxjbVw4S63YT6MSUp
+J5rDXrkBgWa0ybwKjAoyyzlEOBxmI9yfvMwfU4v7Z12DwboQI8zNYejOVyVJZ6/9
+nFIYiZjC5NeTisyO2rk0JnBJBUeqncnXzT5UsVmf1gsXHn6+PCR6KA==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXdMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMzEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAzQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC4yj+8f/h2iZD14+UijQLJhllAEbQZU87srh+p9uVr1CS2
+DwmWmFqfi+IP20zMN8aibb3paAyvgWM/kwZcm/1YDDDQnDnFIGPGkv4prd4gSyEq
+Xw3ldiB5PHLsXB7mgmEuDZj6MC9xLbgyLLi1jEjMj3CD1ZQjJQ22+TEZLLZ42QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU11jiW6Vki5eaRyE5Q8BuuYJ1yjgw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAde5YCtNzfnOheO995M42QC9y5DlZ9ovFRw9vGZrDSwWtgAHa6paZvnMphLrl
+TIqseCjtm9th8IaTM9NYSxAmIqSd8VFIPeThLrwB+QgGZSp4LPY8vX1kV2dkfZoY
+nMgaVGroqVKtyQU+pPP30J3QaXnOL7GLhqEMHpURG4zLDrg=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser04p12"></a>
<div class="binary"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.p12</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.p12
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser04pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user04.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E707D57D6DFFDE04
+
+6fC3nq0bjNF6Gz/aGzc9kQD3hI4iNS/mM3UayhKckbq2wSiaDKmXoxpz4BDN0YDi
+KpFjUjQ5pzQ4rfg1QoYwrEkZEa9fvToKZz3G9Z54Nuq+vbQ/asEsti025z4oufUp
+ymO0xvYqbmB/Y/RwTLfJF1i+tXwGmF7ljBNKW4pj3TUG08QuBeksBsVgmSyCywE7
+tZheu1GmJ1hVmMyODdjwZbq+WXGINAyvtWTk50sybxWF9UVYOgwfZkiMrA5vv7RF
+nkijlsGbaKgQDh+WoPRp7cLLnxmLTN8BkxU1q9i4LLad7GmRFmqpy0+aLXJTjiXJ
+FUhiWmQm6X+4q7tSGQxNpbfn1a/keAoo8IcmRoQNR1FHhM3gyVwo9rLtCMlUBKzI
+mGzwr06cOViBhUlEiOori8ixsmmdwhzpA6OB1g+djegBqlQBH9g5nfkiqm1cLR78
+4mJazdPU9tenAflTjnwNBFEZ7Svqe6+iILkHlVEB0RqYVVAGjV7gW6D5dHJPgOeU
+Q4u3BXqCzi8+9UH+Z/8+SQHQtVFlt5EucA2y5bYene4dhyZ0W2KCkO4JvwvXpDsI
+g7cCxvkJniyj39woF60F83TpYxvklM6XgOoa8cS45GFAIe62K4xHC2zNYY/BWJHJ
+Ry7y3Q1Qq5yMcokaYOzvJW67TJZjA//UEKImImU8aJFK6yoMyTjMxpewp81LioD9
+QVyk0/9yErLI7sCfc/IohA8M0lgYpuXlvyW4scsS8hul0r9NLtQq7wwdHPmKvgOI
+lcK30w4sasdZzda5yWygLD2T13xGt4f/g8vcLSBva/s=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXeMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNDEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA0QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC1djVn/b+c4eUTdtLI0hTaOwa/TI3SdFO40qyWnzDduXjf
+qqgzZnDd2hirFh5ws4QGO3JWIbFaApKlWpoe7eUkkPI9kHmqsXXjb1YgTkt6me71
+LHufTZ8WpU9ZqzJhT37GJ3YX9Eq2S1iPtygvXeoM1eSx3rDwiXL7FHCiNqtt6QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUzwn6HO0PK/T80cWF4hHC/7mFzBIw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAcGuNpkrftcBkXTb7yCQZ8irMrchNZbizv6htCNKnrWldIdX7qAGTJo6WdWLO
+zHKtqmWL2PQMBPCY93thdh4dfBjpFzWYE2ScoQ3I9B8s3CGB3v7GwwI6kpAw5XZI
+Gkfbd9ZiTUDD2KJfPEGfWZrH9gcXwciUXHRLF0Qx27OM+OY=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser05p12"></a>
<div class="binary"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.p12</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.p12
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser05pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user05.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,30FC302A7965C27B
+
+Zk63Tb5SD+e1SrtWiGZ+UYBC9phMdgFk6XEaUhI/9a9ZpaPv3tJ3W08OwpBT2tN9
+6rizOmMQM0RnepcmOdsrUIclIrxVPFAsaOTi6JkQB7aLNnfHBHRIUfsx555HaIXP
+u8VU5aqghX/MLpUHrsCZFXKchbx/yiRQh2nYNmlwprP8MMTa/OJFImE63JjQNakl
+UbPH8qjtMz+sFr9hwOuxLjv0/t3myRlOkjEzOkvKpIcswKYp+tL7Ucbi1l5/43qX
+NKKLogD31e4WSr5k/R0DrJ8fXP9BQRHFDBe4XnHLseQRFEA6WpAhNoq77OXwM80Q
+uIdPvkQzcT01dLGx5TZhpy1h4CSt5RTPIoyz0u3u/c5AHnD3pdarBnM6sZxuABW2
+0IYNdJffOyxpRD8TwVLPQxGiAnHugOLByzO0zozRHhZngf5r/96Q2hPoHJBoX3a6
+LrpbedLA1v8r0LQsuTB+ldqiNOfJArIJQoemfMdvf0FqVH5CjoDA0eXlX7wOS9Kw
+aDbi3HIIN37jYGshC8xOO5thFxCaCWprD/IHhNacOnRgVaTU4gadoVnGzYpXt/vx
+pizON3eLaRqhNI6OC6mqPa4VEEOtZg74+dNVaH7bK+hXD/3sR/0HZLaKqH2fizhe
+kA9YosVrH93BsxTpm8CtNJXSZY024cYra1uqdMEFVVvSjLzZbz3LJiKzrc2G7OtR
+T+5YNqMJAyqtNWseEX4/SveNIiDRpmucIHbbA3KVD4Eymcklja7BuFEgW7C/yLZv
+BTH7H1A1bWvel6NAyRc2m7G8eyxxnZZqKsAIj0pZD4Q=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXfMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA1QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCuhqverBz5ABiO21VAJHcT/hi/t8TmI8dlHWcxZyUtllBY
+MVb1iCOgj07drBh69hAHhsCuNnerjsZ0JzpSppC9/xx06sDtm1F/BqKcRVCYuq3z
+cos1OeVT8+7VtCbtPZRPzBtL3dLPH7DIIKnAZZuOqSWOmP2gXqoKtUJMJwHGqwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUCarYPsCG5CSiAHKTGMXWboJNWWUw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAuJMTCTxRpWyR1BSdRYFB2Ke2HjAyCZpUY2Ay+PypHa1LJSKHb4M3psfFtZl6
+Jl7FtJL1Um+dOq44KQ9vxvadhjodUcOJ086rzjBraIOEtpV7sPK5tYaj7p8+RATn
+VlvM5HvV+/JkDXkdw6gUqmUIBuJt1SKmj+1xJgrWUnmnbTE=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser06p12"></a>
<div class="binary"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.p12</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.p12
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser06pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user06.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AB60544FF549AAAA
+
+/P9rhhdZp4+AS37YZD404k2hUp5GnYft+Ima23PpFt3WhTWVlGZrvmluS9u0aEoy
++UenuOnIzjdRyw14VSItu9lqMi/7GMhSHcbIA13+GZTztVNPf90USOLhkZcaZmz7
+S3x13Pu2WIkKY+AJxVqbpKxukngvJuy+HL+LMCIj19IP/PYNmrG3Sda/9xQnVRSt
+IACbfggPNsL7fMmnsiZOTqZQUrD00yOoIY5+qGGxI0YaGyeMBtvFI2KVL4jSW1W2
+ks3Jl6rdvD2KZtUQWNdKMsD4XPW/VeZ4cVuuIBHFLedd6P6p6hkMk/zfo/sPfNVv
+dJuiwrbjqd7piS+r3GNvPbSLAz4Eh8tp4UTPaKdUeYpycwtFDh20tfQVFpMfcyae
+hL5WA59dppeU4KiFYjaCLluyNNBjOYjthpLnLJvSLKoerhOXMLD5Nh/0tl5DKYkr
+DOS/du0DSK5dSEHwK/R9gCeuJFPwlfrfyuSE8443B0XdP/LOyXfGZhscA2TLGupH
+NrLoW0b8HBDc2FvsqcMvqhUps5Z8PNCikcnyh7Owj4YefE35DraAhxJQKTE/4pTp
+6tlKuYavKC4fEPH4n8sCZh9iThVIEIZcncMbGjupqmPoxnV43k0wlJA2KkYCAkCg
+jlojjWgEtoGYlYkA8m7KS0C6MQbCYWzTB4ZMX0fJHi7FprGRn00+Av/o8eMozzOM
+2+HOKeGPVPge26DfCG+/i9SRJ1V3tyfIvXKMhuLBIaYWN6Gt/Ml4kWqfS8XFooWh
+5PM+fgSgE4C8nSr0xvp7V/AhjNC9Ic24qTviG94WLnk=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXgMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNjEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA2QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCZkzb7OR9IRFjlNMS+PmFqm7KK6kPY7THzCLI4k+Ek6Jij
+uwhun50ACy3PGIonBv0/Xj0xnY/ZVQDElvul5LdCzvYDwk3N+z0Y3JXb7gg9Dp6g
+85K51eNrags59/VslGyteb1wW7zGRBpq1TXxEXFd+RxRsBqA+4jj5jOMUCUDxwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfUUjJDftXIX3ClcXyXX8pmc6PUkw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAoYkQhoeDSIOdVypiyBQ6OygLYGBDgaU8pBt9n5miteOMSqj1ezVlXyA/0c1u
+ETLB03QfnB8RfGHNLp4zBcE2VfwEWs4z4D7h4KQOIjqyl9bChWhPMF1xKmHQDiTo
+nmz2GGpMvMMqMGKIj00XFjjgqF8ESEJlN91YVFbEPdqHwyw=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser07p12"></a>
<div class="binary"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.p12</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.p12
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser07pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user07.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F77DE75C081213D1
+
+5l7GBA30EbvLIEKPmJUOYxgRKUQUeeOsMqxqvm8xJxXkPY98+Ze61+zZ3MSER//u
+/a6fdSAZY6dG6HzK1pTqlKuAeY9riZdxob3FKhjh6x1YStKfaPtuTCuJIJ/l75ei
+zyS7DpuRrXIafzX8uqLRYezgCxv9lSiKZidwUxtWWfC3VEzTD44DXryObjoEWt2w
+IpniIxbt45ZO6eoMUlNixHGt1G4tm7SfHwjgj45mau3hXfDWubWYnsdHV1vTCM0t
+gHvbDUijW6uyCNkX/ffVNebXUsSxcoCCkK2n9UTDz5ZnpsV6+PM+JLUwSk+q1Bm7
+8Fs0voIzCSrR5girNVRk/hzQE4rB+ktySFJcw/mdfsoJjlsWxx79OsINuoTPzIm3
+WEUXkGlhG/U84nlqUr+UlRyKqX9tj9oginle1x34PebEO2EhGkTotw7hgtwJwKBX
+MKX4WEZgIc/312OTFSOH/ogy1Yps7uI4ScxDiFYHYPifKfTPfULSUwLUXEj6hcia
+Fv3g/vsXkEQ4Xt8vu7peXKH0mzhfeMpNPBbs3oan+Ey7QnwAfpB4fnwZQgyJ9dsE
+ibQ+I8ioCsEThH9txRjYDX+Dt3YvDKTWhN4EJP+Jet1A7fDVh7PTdCK4iDjVUQhu
+pJ5dxt6wbygm9R+8tI6gyfYnDyjaEH7LEdHYtVTPJ3IOY0lD9JUsjksOQzpsrwIT
+Vouq1d4j3Q7p9j7Yo+vsiSFv4qILGZO+UPhfL3NKriGqr7Mmx8dQG4XnWlbqgKIP
+NgurRm+ki9XlSoA3LrZNLXwbqD/2Jt0KXhEkBfd9+RfIUd38L2KPaQ==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXhMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNzEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA3QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC9QR4qmt6vyCpdRpkddNFLO+8V48HGx/Kyb2msmMyYoHDR
+hbV8WePfroS+3Wslr7bMZMVSpz7rGBbl5aUzwqh2mya7V61Dkr/+xWLnyL0vRkw3
+mfFe4/Nxh2rZ+uOeig6LzgmIFVfao67EZ66mL9Kf43/R5267YspMwTupWyqRZwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUSs2pbK7bluGik89TYK2JL0HVfcow
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAtHKsUgDfcE2l3KmL2ihLQHwriR0d1HvEIgABee9iAUE6gi91EKpt6Lt/Bch6
+cTQya1C2h5yYRc/2kjZXRKHtEeVFHXGO+9Gj82nOR9VcdIJxIynaOO0E8xcCTDYd
+bWUdbxqg6dvyejpwFbyEIIf9CH+OrxxmQOoG1O7w4EbOanQ=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser08p12"></a>
<div class="binary"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.p12</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.p12
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser08pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user08.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,78F5786E70D62FE5
+
+mNfwSX9Kr4un1KingxUlv+zEz6K8KC72GP3CCxENAdYYJLb4RsqwDwHF1+yfpMGT
+W0/LnSR3Q+Fv9SsljIVyXIVKs/e6TLgwUUUMq0aXNrz4klq7gz1K6bGiZQTR9Q+z
+ttTDJBzSrx2ay7sfIETFm6FESveWZTF71Q6vraaV6keHOByLwI4lkl3bYOHCfYm5
+MB+95iInCugzcxFDNcWjljWyOsqNYeJbTLZUQs+b+gE8heoKMCpofxB3UAkqKbio
+roJRFFOVnnG/KeoxbK91x80+L51NLaW7A4XfJn/Mkh9tI6NHAXUUSIKRWqALU9Q+
+6eBL9lizAIXoeHt+5x9N/zxsNiUqN+yYRQOROAMUHfwaBDFn6o5+TnGk1p1Vi/cm
+ogK/Nfxh+KzgR48lbOdQEw5ZU5LDVcFWvFAQ9ilzBAsKXT8zazhHGrhdvP/EO0di
+MtOJn/OjwMUQV/jU3mEkoq6/+ENmSXZfxoFgAkDEYnFb/7Vl4gZ1AtWDuBerFw10
+KTEZ7A38we5P80OvcC4h0zWr7ixpmnAfSM+9Kew00TCdzqPWTj6q3hazSiSChsBC
+Oi1ArA0Q5PlFmlcU0ZM7Zp/Pm03tKkHEyA+6+ay17yFnulTmblBZvvDQ7r2jUmJG
+mqn9g91a3D+J22l9GNov6cV13X7EH+3ixsPrSGdZNBwTn0tDtFXwM7S0bb7lW1tU
+aYS1NwLt1/CVaxU6EbKU1abv2rfXT+Zs+a2FImBXdP2j3PCifJsrPbYOxZ4xUTk6
+4EcQTEc3fQTHKsJh5TrQ4OvXHeG2GaHw6pvwFIxKU2vzG84q8Telyw==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwODEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA4QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDQBosyvbKD3nOarln/unV2FuXWFG2KUtRhsxBATfgTgk1V
+aH2/8f5IjwvPfZj7GEcSQ24vf/vBl8Ubmba/AXRFvrp6dIIyPi3gkMAU+qnmDasx
+HPXZlqiSXCXIOfiHhMaHYdULsXpXZUS0L2hFEi55pEi+SHfSSYjXOxyODWzFCQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUr9p20sfqknB4FETQ6+WOtErMGAAw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAFjRe0oG7Ybo05te+aa6xb4EfEvN38YxclvEaBOueQw8+NB7muxf+Yn/uQlAJ
+IP/16RtDyP+FHDInQ7Kggi9ZHwBPUqWorwh5wbu/ZW9oLc4u+qm1rYEJZcrMn0uo
+XnoQsHivpDbxR27p3geunqNNH+lpoLHglu9gH21xUrhR72k=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser09p12"></a>
<div class="binary"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.p12</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.p12
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser09pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user09.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,725CBE701F555AB5
+
+GEgJZhoMbyDgBiHW7o1/ksjCGh5X+qYcLbbncYcn9+PbG5X6AkwxbiB90nA3oIPm
+G0jIiFG2QUjWAk8V2LLWqo7XXL56/xzuBYz67mA6hX8Tznx32mZKUA6bv+3X0bg5
+iKQ4m8fsozPKYpJD/90OEhHQvdItY0Qq9qsNrBMqGl00gCr1cggPuFR7LkuaqCyt
+mXhUVJLMeQLVM0aKjMSdOnqfHNPNIZGne+a1YqW1sZpK3NV9/bInnSAWXT9OufGH
+or4UTthot8E5Txx6L6GDBw2j/NBlmf8uwCsZbeVqv3/jA5GHtdc8f9/mypW6CnHw
+XEL4ZNtezCKq6/JHV0PV1IAAOyU8r6pKkTjZq0cr4CM+rvhOC8qC/noAEftsiiuo
+QiM4nPOw843PolIXpNqkw35DYWCgTeDa5GQax3IjUwHZT4a/gKcMWAmfzBYXVDlA
+nPCFw/1rcmsG/kAkpPBwxysorytouzDXbBZS8m3LZPcSt3VtSNE0nubxUfjbFL0Y
+DyBq8nt4o08QgpF1dnPihC0uc1Or/n6mY5iZZN+5mREN1C7FKm3iC/sYAoMExlhX
+5vqpzfPjo8attQSIrvj0dgj3zHyFDSUeT8njoujoJFYVWxaQRKTe8twAZzXNc1KR
+NObrLwKZJJHJHtZ04THQXC7GwEH7xKFItgvggRS982gJGmNtGnBQ2orgy2TmYQYH
+DZUOkxeM6z/A/+bvoLqANXja+/PqmD+vuo7sGFy5kkJ7zQaI4SD02kLt/4Rwwo1J
+yC/A/q2CZMMHDd/Ru61Eg6oxZmuhR7tpAW9rXiXTy+fwDsLxQ6CfNw==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXjMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwOTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA5QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDfBJGBYXuSaWriD62VbkvxSfCAtK7usPXXqtGkQgqImwIx
+Vxq6bmUMYp5KSD2mszGmjMSdK+XbsFtyyzkTS3A8aT86TrOw0bNhVIzFxJQS+8DY
+3sSqqqn+LcvMqUYpCriBO7CRn0+hdfSuLd9gI+qmTWRFmdZxF+v/GLlCWAQi4QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUwhl9UY1l4ilXzz3GVbStuZicdqAw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEALJke+7d6iLMpp43LPY81OmyZwWMV0C6rM12xjzpwGGhX0lRRoqvu9ARwOg7e
+NW7Ie+oSEva0lR9sqnrM1P3I4T+f08hjLGvpIz5S5g1JxTrvBKxw68tB/S1uvy3c
+kHSV7sDJhNdbl62iF06hkTYaR0cG5XDnYhcovjvaZl0Sw8A=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser10p12"></a>
<div class="binary"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.p12</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Property changes on: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.p12
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAcertsuser10pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/certs/user10.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,92926780C9752571
+
+F0eVk2UbqEM/QgfdKRmgpDEAEr36kBIxHLxFeqJ2J5TGAk/aJh2yHh2oNgcEt8wW
+EpOYer0MRyO3QJaQ2UTx44kvjOJ9refxBwKX9FRrV+Jx8bFCowIm3+g6tOoskH1p
+o1CxMj/tIqq1CVZVrWj3CEWzuxKHdkCbD1CwwWCiUoMePnOWwi3vA6u2aVjVoact
+Cc4UAkxTSlDeORN4bxwYEE12+8FUC1UR2ZT1CCwj6BsfuiYDQSgdFpdyqqNBMZJ0
+I+MrAi788mBBsS/rjxaUkaKltwUuFTkQ72Kc+woum0z21o8P3uunPVFUyf0lqUUf
+bRupDnnvXhOHApeF9tHG6N66scLxEY+uoPhfa5Rbl2zmGVproaDoGpTee8RdruSM
+ivrI+vHOT9Ctize/EG/xCyYVDZSKBJm9gr6PcFbGn0hS7dmqDU9XFTDDSzEL5osq
+kPmxdgS3c5l6Rvb4ShENSuRq88jQXNjzCKqmswxCUGG3yS9PSd1XLxoK4AQDkhpV
+ExfGr+I+fao76vhOnRZfAhij5Azng6sBAEYMdK1LbtmdnzCEVWCIrnDIVF3RIst2
+iwlSuk7wY7Qo9yOCfcEm57Ut3ovVOq7YvQqnz57hoTYIqNUMDqED6+XrlIqPOXq+
+A1pJzNjpM/Kol/1gPDstEk+iwPBAcwckoLCHSQYsCIZL3OYBST2Io4S0ZNKBgOAW
+uGL/AIJX5QV0uHbFSSWSNMsZ5jAmayHlUc8l5Wt3VchtbtyEfZJNA4OVUQ/6bqwQ
+8wrUGtGhr5XMLcretFmZKpvHyarApXrgV4SN8MbWgBw=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXkMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIxMDEh
+MB8GCSqGSIb3DQEJARYSdXNlcjEwQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCyiwIhalaw0ATtjGN3YwSOhMCi26rxWCpFYxqK5zlYF/ZZ
+JObhZOkp6HoP7B5Gxui7YkFO0IEal+N/En3dF6s+Io139Fxoog+UbNxa1fjWsPcX
+17kSraeWaglXyK/MRu1wfMb4bOUDQjBJdEW0EIlEeecqJXx48sY8lB0jgv9TTQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUhlYehueFRkqX9eBSgLwFs5Wh9Jsw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAhWEn99V8xWdglGHSq8PddxzXg2NS2tI/7DMzkJcTea17JTGL6Z5c1zBWvEma
+VTnBcVDDDmeeTLjm2m5A8rdM6h3S/8VT7BJCyE/9PM3zkx40kIB+NMWtJRRdsLs7
+js9Rw/p8fXxztiGx93NrdBHE1cPWTLD9f2OR+Z21QP2SWoQ=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAindextxt"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+V 171026174904Z 97125115FC42F5DA unknown /C=US/ST=CA/O=Example.com/CN=admin/emailAddress=admin@example.com
+V 151027174904Z 97125115FC42F5DB unknown /C=US/ST=CA/O=Example.com/CN=user01/emailAddress=user01@example.com
+V 151027174904Z 97125115FC42F5DC unknown /C=US/ST=CA/O=Example.com/CN=user02/emailAddress=user02@example.com
+V 151027174904Z 97125115FC42F5DD unknown /C=US/ST=CA/O=Example.com/CN=user03/emailAddress=user03@example.com
+V 151027174904Z 97125115FC42F5DE unknown /C=US/ST=CA/O=Example.com/CN=user04/emailAddress=user04@example.com
+V 151027174905Z 97125115FC42F5DF unknown /C=US/ST=CA/O=Example.com/CN=user05/emailAddress=user05@example.com
+V 151027174905Z 97125115FC42F5E0 unknown /C=US/ST=CA/O=Example.com/CN=user06/emailAddress=user06@example.com
+V 151027174905Z 97125115FC42F5E1 unknown /C=US/ST=CA/O=Example.com/CN=user07/emailAddress=user07@example.com
+V 151027174905Z 97125115FC42F5E2 unknown /C=US/ST=CA/O=Example.com/CN=user08/emailAddress=user08@example.com
+V 151027174905Z 97125115FC42F5E3 unknown /C=US/ST=CA/O=Example.com/CN=user09/emailAddress=user09@example.com
+V 151027174905Z 97125115FC42F5E4 unknown /C=US/ST=CA/O=Example.com/CN=user10/emailAddress=user10@example.com
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAindextxtattr"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt.attr (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt.attr (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/index.txt.attr 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1 @@
</span><ins>+unique_subject = yes
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DApem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DA.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DA.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DA.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,19 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIIDCjCCAnOgAwIBAgIJAJcSURX8QvXaMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNzEwMjYxNzQ5MDRaMGIxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNVBAMTBWFkbWluMSAw
+HgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAv8I/m3GSQLIXXYOdl+u00iM69OcjD3sAPqP6fRxXBQgxTKcd
+0vtuxIjsEA92Ou3JDdHa5PGuvzNqQCNJARn7rDkvd3SLHsBPONXMvDH1HY7X9oXp
+o1x2CsqPM2b1rlimjoON0ohAZu2+hmPbPyX50pdL9p7SnoJOHIVdRuJqbS0CAwEA
+AaOBxzCBxDAdBgNVHQ4EFgQUHPXVEDPKfX5kTieJKO9xcWyNyfgwgZQGA1UdIwSB
+jDCBiYAUHPXVEDPKfX5kTieJKO9xcWyNyfihZqRkMGIxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNVBAMTBWFkbWlu
+MSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbYIJAJcSURX8QvXaMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAXKHxL3x1VwWWP5ViO2u70SS2
+ADcdxGiBAm2NTGg5eR++uFQI0+u8zwH87QhAlkRKCbafuAe7/EgbVYUCJDTkl2tK
+xSGBk6mzLqNk/Fz/FLb7Y+raUxr7+bkm1VLBekQIGwLqi8CNvxQBETNLDhg/tOF7
+4quBBA/7T9Rq6OPZIoE=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DBpem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DB.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DB.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DB.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXbMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAxQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDG56G+IxGs5Xd9RqZOecBdAn3LHofqSWTLzqUcqSfqpE2z
+CZxogT7jV1bLezMER5HxtJFV09264e4B5mT73DYAmyheVuit4aBlOz2ezEhat9ZC
+ObJLPwbyfDCXQTu8KnGPMFtSZlxjATamnn5lQ+iW7P8+jt955Z5JzVPaSSRA2wID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUWdjDxNhAvXwlG1b3YBuGgmpGWeQw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAiZyBco6Id5qtp0c+x1Raw0LaSJbMJTZ/tgIEczLDsCfL+EFG658nD8VIMGZe
+1ydAnkqMhk3k9dB5gixLj0O132UtVJo7sP5p+ugwWDH3EIbqqGLHW13lLevMDeVm
+R+Xq87AU6pdDIXYE2jkg79f1e4tAvfJuAzYmwzEkO9wvfyE=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DCpem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DC.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DC.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DC.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXcMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMjEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAyQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCkE/v5XmzRnOStXzP+7h8ART9eUp1c409g1nlxxVArdGE8
+QJOojh7Nr/02YZExY0rGgHRPHobbAzvY66bXFVxM9s4p2f0hO2zE1gpLkfYvbS5Z
+7b9uAfef4z6vOYuPl/CmIlnqh/IVFXF0UjekGaG08qhcEsXkXJfeTtB1uJxeLQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdR1jGv8wId5o4QF+z8Vsdgy7vr8w
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAn6QRQk5i6q95Mt+xQwp0IiIHAOWxYLaQitXzDbHnvhR/hBy5gjt8TDTW4uWU
+3hiv+xNgJ/CMV50a7W9QtgoLQX8bBigcNdsaNI7ZvYvEPUU8V4u6WdgQbiqWof8J
+Dw0IdqLmkHwtihXOI1AoJa63/RMdMxivBc6VeUlyIfCRxjw=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DDpem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DD.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DD.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DD.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXdMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwMzEh
+MB8GCSqGSIb3DQEJARYSdXNlcjAzQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC4yj+8f/h2iZD14+UijQLJhllAEbQZU87srh+p9uVr1CS2
+DwmWmFqfi+IP20zMN8aibb3paAyvgWM/kwZcm/1YDDDQnDnFIGPGkv4prd4gSyEq
+Xw3ldiB5PHLsXB7mgmEuDZj6MC9xLbgyLLi1jEjMj3CD1ZQjJQ22+TEZLLZ42QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU11jiW6Vki5eaRyE5Q8BuuYJ1yjgw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAde5YCtNzfnOheO995M42QC9y5DlZ9ovFRw9vGZrDSwWtgAHa6paZvnMphLrl
+TIqseCjtm9th8IaTM9NYSxAmIqSd8VFIPeThLrwB+QgGZSp4LPY8vX1kV2dkfZoY
+nMgaVGroqVKtyQU+pPP30J3QaXnOL7GLhqEMHpURG4zLDrg=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DEpem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DE.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DE.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DE.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXeMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDRaFw0xNTEwMjcxNzQ5MDRaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNDEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA0QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC1djVn/b+c4eUTdtLI0hTaOwa/TI3SdFO40qyWnzDduXjf
+qqgzZnDd2hirFh5ws4QGO3JWIbFaApKlWpoe7eUkkPI9kHmqsXXjb1YgTkt6me71
+LHufTZ8WpU9ZqzJhT37GJ3YX9Eq2S1iPtygvXeoM1eSx3rDwiXL7FHCiNqtt6QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUzwn6HO0PK/T80cWF4hHC/7mFzBIw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAcGuNpkrftcBkXTb7yCQZ8irMrchNZbizv6htCNKnrWldIdX7qAGTJo6WdWLO
+zHKtqmWL2PQMBPCY93thdh4dfBjpFzWYE2ScoQ3I9B8s3CGB3v7GwwI6kpAw5XZI
+Gkfbd9ZiTUDD2KJfPEGfWZrH9gcXwciUXHRLF0Qx27OM+OY=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5DFpem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DF.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DF.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5DF.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXfMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA1QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCuhqverBz5ABiO21VAJHcT/hi/t8TmI8dlHWcxZyUtllBY
+MVb1iCOgj07drBh69hAHhsCuNnerjsZ0JzpSppC9/xx06sDtm1F/BqKcRVCYuq3z
+cos1OeVT8+7VtCbtPZRPzBtL3dLPH7DIIKnAZZuOqSWOmP2gXqoKtUJMJwHGqwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUCarYPsCG5CSiAHKTGMXWboJNWWUw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAuJMTCTxRpWyR1BSdRYFB2Ke2HjAyCZpUY2Ay+PypHa1LJSKHb4M3psfFtZl6
+Jl7FtJL1Um+dOq44KQ9vxvadhjodUcOJ086rzjBraIOEtpV7sPK5tYaj7p8+RATn
+VlvM5HvV+/JkDXkdw6gUqmUIBuJt1SKmj+1xJgrWUnmnbTE=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5E0pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E0.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E0.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E0.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXgMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNjEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA2QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCZkzb7OR9IRFjlNMS+PmFqm7KK6kPY7THzCLI4k+Ek6Jij
+uwhun50ACy3PGIonBv0/Xj0xnY/ZVQDElvul5LdCzvYDwk3N+z0Y3JXb7gg9Dp6g
+85K51eNrags59/VslGyteb1wW7zGRBpq1TXxEXFd+RxRsBqA+4jj5jOMUCUDxwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfUUjJDftXIX3ClcXyXX8pmc6PUkw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAoYkQhoeDSIOdVypiyBQ6OygLYGBDgaU8pBt9n5miteOMSqj1ezVlXyA/0c1u
+ETLB03QfnB8RfGHNLp4zBcE2VfwEWs4z4D7h4KQOIjqyl9bChWhPMF1xKmHQDiTo
+nmz2GGpMvMMqMGKIj00XFjjgqF8ESEJlN91YVFbEPdqHwyw=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5E1pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E1.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E1.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E1.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXhMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwNzEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA3QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC9QR4qmt6vyCpdRpkddNFLO+8V48HGx/Kyb2msmMyYoHDR
+hbV8WePfroS+3Wslr7bMZMVSpz7rGBbl5aUzwqh2mya7V61Dkr/+xWLnyL0vRkw3
+mfFe4/Nxh2rZ+uOeig6LzgmIFVfao67EZ66mL9Kf43/R5267YspMwTupWyqRZwID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUSs2pbK7bluGik89TYK2JL0HVfcow
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAtHKsUgDfcE2l3KmL2ihLQHwriR0d1HvEIgABee9iAUE6gi91EKpt6Lt/Bch6
+cTQya1C2h5yYRc/2kjZXRKHtEeVFHXGO+9Gj82nOR9VcdIJxIynaOO0E8xcCTDYd
+bWUdbxqg6dvyejpwFbyEIIf9CH+OrxxmQOoG1O7w4EbOanQ=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5E2pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E2.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E2.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E2.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwODEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA4QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDQBosyvbKD3nOarln/unV2FuXWFG2KUtRhsxBATfgTgk1V
+aH2/8f5IjwvPfZj7GEcSQ24vf/vBl8Ubmba/AXRFvrp6dIIyPi3gkMAU+qnmDasx
+HPXZlqiSXCXIOfiHhMaHYdULsXpXZUS0L2hFEi55pEi+SHfSSYjXOxyODWzFCQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUr9p20sfqknB4FETQ6+WOtErMGAAw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAFjRe0oG7Ybo05te+aa6xb4EfEvN38YxclvEaBOueQw8+NB7muxf+Yn/uQlAJ
+IP/16RtDyP+FHDInQ7Kggi9ZHwBPUqWorwh5wbu/ZW9oLc4u+qm1rYEJZcrMn0uo
+XnoQsHivpDbxR27p3geunqNNH+lpoLHglu9gH21xUrhR72k=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5E3pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E3.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E3.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E3.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXjMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIwOTEh
+MB8GCSqGSIb3DQEJARYSdXNlcjA5QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDfBJGBYXuSaWriD62VbkvxSfCAtK7usPXXqtGkQgqImwIx
+Vxq6bmUMYp5KSD2mszGmjMSdK+XbsFtyyzkTS3A8aT86TrOw0bNhVIzFxJQS+8DY
+3sSqqqn+LcvMqUYpCriBO7CRn0+hdfSuLd9gI+qmTWRFmdZxF+v/GLlCWAQi4QID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUwhl9UY1l4ilXzz3GVbStuZicdqAw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEALJke+7d6iLMpp43LPY81OmyZwWMV0C6rM12xjzpwGGhX0lRRoqvu9ARwOg7e
+NW7Ie+oSEva0lR9sqnrM1P3I4T+f08hjLGvpIz5S5g1JxTrvBKxw68tB/S1uvy3c
+kHSV7sDJhNdbl62iF06hkTYaR0cG5XDnYhcovjvaZl0Sw8A=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAnewcerts97125115FC42F5E4pem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E4.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E4.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/newcerts/97125115FC42F5E4.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIJAJcSURX8QvXkMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDjAMBgNV
+BAMTBWFkbWluMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0x
+NDEwMjcxNzQ5MDVaFw0xNTEwMjcxNzQ5MDVaMGQxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEUMBIGA1UEChMLRXhhbXBsZS5jb20xDzANBgNVBAMTBnVzZXIxMDEh
+MB8GCSqGSIb3DQEJARYSdXNlcjEwQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCyiwIhalaw0ATtjGN3YwSOhMCi26rxWCpFYxqK5zlYF/ZZ
+JObhZOkp6HoP7B5Gxui7YkFO0IEal+N/En3dF6s+Io139Fxoog+UbNxa1fjWsPcX
+17kSraeWaglXyK/MRu1wfMb4bOUDQjBJdEW0EIlEeecqJXx48sY8lB0jgv9TTQID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUhlYehueFRkqX9eBSgLwFs5Wh9Jsw
+HwYDVR0jBBgwFoAUHPXVEDPKfX5kTieJKO9xcWyNyfgwDQYJKoZIhvcNAQEFBQAD
+gYEAhWEn99V8xWdglGHSq8PddxzXg2NS2tI/7DMzkJcTea17JTGL6Z5c1zBWvEma
+VTnBcVDDDmeeTLjm2m5A8rdM6h3S/8VT7BJCyE/9PM3zkx40kIB+NMWtJRRdsLs7
+js9Rw/p8fXxztiGx93NrdBHE1cPWTLD9f2OR+Z21QP2SWoQ=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAprivatecakeypem"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/private/cakey.pem (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/private/cakey.pem (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/private/cakey.pem 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,18 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0AFACA85373949CF
+
+A5sfNCYZzAKVzcXRGD/I/3N+jKe1vZxOIutrztWrof5dXXFxbl2BdBWwbItyiJJB
+idDl83iy7je9pyew9uvWD0iuCJfob5o1Hp/g/zglIWZAvrxT09Ebr5EoeAHsCl7j
+T55Eh2qzog7bqRcF8+aiNnrMXPsZmi6OBA/K3KX7bmishwe2bxKE4isYzmVYUrXW
+RTTFouezCr7bVGYXB31g8vHn64mcHrVENNldxGMrMpw+AMu0pPgshz2xFso4j/uo
+xN4xNZ+tCGGouAcSNjX306Pj8fX8NybIN7dNN3icQu1LhcajCyV3UgYo/4+OmO2g
+SI+c9/LFkw0waGozTcgI6fBboxl7RQeORVo0c6tBdNkckiwEHMBplLSbjUOluFPo
+AYqq9ui+ox0wH6yJISBQlighFBtUpVidTElcV63Zndzy9Uzpl9NmR58WOZyaLVjA
+4L3NC5HL1DbzyYFt70YM3Jx9p0PdCF7ECtQfVHQj2zU4kLi69BHyXq8RKtgRkiju
+6tedz7FJ8qhLMOWnN2T42PZ0CIV6hZeIkggm+rLhGzXGVOzZkBeTXG6s3VsrMWeE
+gH959LOcYsEtsDR6mZOV7RLtyYt4Tttj84ygrkNelUP9sTiruWj/poBdJAjXwwt/
+2rBytzdEmIGGxYVpLyhT6F7sZM2199EQH3MU8A+PmM99PJqMKEHm6/en94K/5Uin
+1nwErISQgETVu1UgxEcsOKPrezzuDWa7OcY2jnQgVSxAjj8WxIKF0ulj/YacGneA
+e07KTlPPMZydPs7M8xBjL/unYaU4pxhXKvzNH+nV5cvTtw1aXyK/DQ==
+-----END RSA PRIVATE KEY-----
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtestdatademoCAserial"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/data/demoCA/serial (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/data/demoCA/serial (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/data/demoCA/serial 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1 @@
</span><ins>+97125115FC42F5E5
</ins></span></pre></div>
<a id="CalendarServertrunktxweb2authtlspy"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/txweb2/auth/tls.py (0 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/txweb2/auth/tls.py (rev 0)
+++ CalendarServer/trunk/txweb2/auth/tls.py 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -0,0 +1,114 @@
</span><ins>+##
+# Copyright (c) 2014 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+"""
+TLS client certificate authentication module.
+"""
+
+__all__ = [
+ "TLSCredentials",
+ "TLSCredentialsFactory",
+ "TLSCredentialsChecker",
+]
+
+from zope.interface import implements
+
+from twisted.cred import checkers, credentials, error
+from twisted.internet.defer import succeed
+from txweb2.dav.auth import IPrincipalCredentials
+
+
+class TLSCredentials(object):
+ """
+ Credentials for TLS auth - basically just the client certificate.
+ """
+
+ implements(credentials.ICredentials)
+
+ def __init__(self, certificate):
+
+ self.certificate = certificate
+
+ try:
+ self.username = self.getSubject().emailAddress.split("@")[0]
+ except KeyError:
+ self.username = None
+
+
+ def getSubject(self):
+ return self.certificate.getSubject()
+
+
+
+class TLSCredentialsFactory(object):
+ """
+ Authorizer for TLS authentication (http://tools.ietf.org/html/draft-thomson-httpbis-cant-01).
+ """
+
+ scheme = 'clientcertificate'
+
+ def __init__(self, realm=None, dn=None, sha256=None):
+ """
+
+ @param realm: realm for authentication, or L{None} for no realm
+ @type realm: L{str}
+ @param dn: list DNs for acceptable CA certs
+ @type dn: L{list} of L{str}
+ @param sha256: list of sha-256 fingerprint values for acceptable CA certs
+ @type sha256: L{list} of L{str}
+ """
+ self.realm = realm
+ self.dn = dn
+ self.sha256 = sha256
+
+
+ def getChallenge(self, _ignore_peer):
+ challenge = {}
+ if self.realm:
+ challenge['realm'] = self.realm
+ if self.dn:
+ challenge['dn'] = self.dn
+ if self.sha256:
+ challenge['sha-256'] = self.sha256
+ return succeed(challenge)
+
+
+ def decode(self, credentials, request):
+ return succeed(credentials)
+
+
+
+class TLSCredentialsChecker(object):
+
+ implements(checkers.ICredentialsChecker)
+
+ credentialInterfaces = (IPrincipalCredentials,)
+
+ def requestAvatarId(self, credentials):
+ # NB If we get here authentication has already succeeded as it is done in TLSCredentialsFactory.decode
+ # So all we need to do is return the principal URIs from the credentials.
+
+ # Look for proper credential type.
+ pcreds = IPrincipalCredentials(credentials)
+
+ creds = pcreds.credentials
+ if isinstance(creds, TLSCredentials):
+ return succeed((
+ pcreds.authnPrincipal,
+ pcreds.authzPrincipal,
+ ))
+
+ raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.authnURI,))
</ins></span></pre></div>
<a id="CalendarServertrunktxweb2channelhttppy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/txweb2/channel/http.py (14131 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/txweb2/channel/http.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/txweb2/channel/http.py 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -39,11 +39,14 @@
</span><span class="cx"> from txweb2 import responsecode
</span><span class="cx"> from txweb2 import http_headers
</span><span class="cx"> from txweb2 import http
</span><ins>+from txweb2.auth.tls import TLSCredentials
</ins><span class="cx"> from txweb2.http import RedirectResponse
</span><span class="cx"> from txweb2.server import Request
</span><span class="cx">
</span><span class="cx"> from twistedcaldav.config import config
</span><span class="cx"> from twistedcaldav import accounting
</span><ins>+from twisted.internet._sslverify import Certificate
+from twisted.internet.error import CertificateError
</ins><span class="cx">
</span><span class="cx"> log = Logger()
</span><span class="cx">
</span><span class="lines">@@ -792,6 +795,9 @@
</span><span class="cx"> _abortTimer = None
</span><span class="cx"> chanRequest = None
</span><span class="cx">
</span><ins>+ peerCertificateCheck = False
+ peerCredentials = None
+
</ins><span class="cx"> def _callLater(self, secs, fun):
</span><span class="cx"> reactor.callLater(secs, fun)
</span><span class="cx">
</span><span class="lines">@@ -809,7 +815,22 @@
</span><span class="cx"> self.factory.addConnectedChannel(self)
</span><span class="cx">
</span><span class="cx">
</span><ins>+ def processPeerCertificate(self):
+ # Look for SSL client cert
+ if self._secure:
+ try:
+ self.peerCredentials = TLSCredentials(Certificate.peerFromTransport(self.transport))
+ except CertificateError:
+ pass
+
+ self.peerCertificateCheck = True
+
+
</ins><span class="cx"> def lineReceived(self, line):
</span><ins>+
+ if self._secure and not self.peerCertificateCheck:
+ self.processPeerCertificate()
+
</ins><span class="cx"> if self._first_line:
</span><span class="cx"> self.setTimeout(self.inputTimeOut)
</span><span class="cx"> # if this connection is not persistent, drop any data which
</span></span></pre></div>
<a id="CalendarServertrunktxweb2davresourcepy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/txweb2/dav/resource.py (14131 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/txweb2/dav/resource.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/txweb2/dav/resource.py 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -65,6 +65,7 @@
</span><span class="cx"> from txdav.xml.element import twisted_dav_namespace, twisted_private_namespace
</span><span class="cx"> from txdav.xml.element import registerElement, lookupElement
</span><span class="cx"> from txweb2 import responsecode
</span><ins>+from txweb2.auth.tls import TLSCredentialsFactory
</ins><span class="cx"> from txweb2.http import HTTPError, RedirectResponse, StatusResponse
</span><span class="cx"> from txweb2.http_headers import generateContentType
</span><span class="cx"> from txweb2.iweb import IResponse
</span><span class="lines">@@ -1014,8 +1015,14 @@
</span><span class="cx"> request.authzUser = None
</span><span class="cx"> return succeed((request.authnUser, request.authzUser))
</span><span class="cx">
</span><del>- authHeader = request.headers.getHeader("authorization")
</del><span class="cx">
</span><ins>+ # Check for native TLS client cert
+ if request.clientCredentials() is not None:
+ # Make this look as if it is done via the usual HTTP auth header approach
+ authHeader = (TLSCredentialsFactory.scheme, request.clientCredentials())
+ else:
+ authHeader = request.headers.getHeader("authorization")
+
</ins><span class="cx"> if authHeader is not None:
</span><span class="cx"> if authHeader[0] not in request.credentialFactories:
</span><span class="cx"> log.debug(
</span></span></pre></div>
<a id="CalendarServertrunktxweb2serverpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/txweb2/server.py (14131 => 14132)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/txweb2/server.py 2014-11-03 21:16:26 UTC (rev 14131)
+++ CalendarServer/trunk/txweb2/server.py 2014-11-03 21:19:46 UTC (rev 14132)
</span><span class="lines">@@ -232,6 +232,13 @@
</span><span class="cx"> self.timeStamps.append((tag, time.time(),))
</span><span class="cx">
</span><span class="cx">
</span><ins>+ def clientCredentials(self):
+ try:
+ return self.chanRequest.channel.peerCredentials
+ except AttributeError:
+ return None
+
+
</ins><span class="cx"> def addResponseFilter(self, filter, atEnd=False, onlyOnce=False):
</span><span class="cx"> """
</span><span class="cx"> Add a response filter to this request.
</span></span></pre>
</div>
</div>
</body>
</html>