diff -Nru canl-java-2.4.1/debian/changelog canl-java-2.5.0/debian/changelog --- canl-java-2.4.1/debian/changelog 2017-06-29 12:32:12.000000000 +0000 +++ canl-java-2.5.0/debian/changelog 2018-02-20 15:19:42.000000000 +0000 @@ -1,3 +1,9 @@ +canl-java (2.5.0-1) unstable; urgency=medium + + * Update to version 2.5.0 + + -- Mattias Ellert Tue, 20 Feb 2018 16:19:42 +0100 + canl-java (2.4.1-2) unstable; urgency=medium * BuildDepend on maven-debian-helper 2.2 or later diff -Nru canl-java-2.4.1/debian/control canl-java-2.5.0/debian/control --- canl-java-2.4.1/debian/control 2017-06-29 12:32:12.000000000 +0000 +++ canl-java-2.5.0/debian/control 2018-02-20 15:19:42.000000000 +0000 @@ -1,22 +1,24 @@ Source: canl-java Priority: optional Maintainer: Mattias Ellert -Build-Depends: debhelper (>= 9), maven-debian-helper (>= 2.2), libmaven-javadoc-plugin-java, junit4, libbcpkix-java (>= 1.54), libbcprov-java (>= 1.54), libcommons-io-java -Standards-Version: 4.0.0 +Build-Depends: debhelper (>= 9), maven-debian-helper (>= 2.2), libmaven-javadoc-plugin-java, junit4 (>= 4.8), libbcpkix-java (>= 1.54), libbcprov-java (>= 1.54), libcommons-io-java +Standards-Version: 4.1.3 Section: java +Vcs-Browser: https://salsa.debian.org/ellert/canl-java +Vcs-Git: https://salsa.debian.org/ellert/canl-java.git Homepage: https://github.com/eu-emi/canl-java/ Package: libcanl-java Section: java Architecture: all Depends: ${misc:Depends}, ${maven:Depends} -Breaks: libvoms-api-java-java (<< 3.2.0) +Breaks: libvoms-api-java-java (<< 3.3.0) Description: EMI Common Authentication library - bindings for Java This is the Java part of the EMI caNl -- the Common Authentication Library. Package: libcanl-java-doc Section: doc Architecture: all -Depends: ${misc:Depends} +Depends: ${misc:Depends}, ${maven:DocDepends} Description: Javadoc documentation for canl-java Javadoc documentation for EMI caNl. diff -Nru canl-java-2.4.1/debian/copyright canl-java-2.5.0/debian/copyright --- canl-java-2.4.1/debian/copyright 2017-06-29 12:32:12.000000000 +0000 +++ canl-java-2.5.0/debian/copyright 2018-02-20 15:19:42.000000000 +0000 @@ -1,9 +1,9 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: canl-java -Source: https://github.com/eu-emi/canl-java/archive/canl-2.4.1.tar.gz +Source: https://github.com/eu-emi/canl-java/archive/canl-2.5.0.tar.gz Files: * -Copyright: 2010-2012 ICM Uniwersytet Warszawski +Copyright: 2010-2017 ICM Uniwersytet Warszawski License: BSD-3-clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -27,23 +27,110 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -Files: src/main/java/eu/emi/security/authn/x509/helpers/proxy/IPAddressHelper.java +Files: src/main/java/eu/emi/security/authn/x509/helpers/proxy/DraftRFCProxyCertInfoExtension.java + src/main/java/eu/emi/security/authn/x509/helpers/proxy/IPAddressHelper.java src/main/java/eu/emi/security/authn/x509/helpers/proxy/ProxyAddressRestrictionData.java src/main/java/eu/emi/security/authn/x509/helpers/proxy/ProxyCertInfoExtension.java src/main/java/eu/emi/security/authn/x509/helpers/proxy/ProxyHelper.java src/main/java/eu/emi/security/authn/x509/helpers/proxy/ProxySAMLExtension.java src/main/java/eu/emi/security/authn/x509/helpers/proxy/ProxyTracingExtension.java + src/main/java/eu/emi/security/authn/x509/helpers/proxy/RFCProxyCertInfoExtension.java src/main/java/eu/emi/security/authn/x509/impl/AbstractHostnameToCertificateChecker.java + src/main/java/eu/emi/security/authn/x509/impl/CertificateUtils.java + src/main/java/eu/emi/security/authn/x509/proxy/BaseProxyCertificateOptions.java + src/main/java/eu/emi/security/authn/x509/proxy/ProxyCertificateOptions.java src/main/java/eu/emi/security/authn/x509/proxy/ProxyChainInfo.java + src/main/java/eu/emi/security/authn/x509/proxy/ProxyCSRInfo.java src/main/java/eu/emi/security/authn/x509/proxy/ProxyPolicy.java src/test/java/eu/emi/security/authn/x509/impl/GLiteValidatorTest.java src/test/java/eu/emi/security/authn/x509/impl/HostnameCheckerTest.java Copyright: 2011-2012 ICM Uniwersytet Warszawski 2004 Members of the EGEE Collaboration + Members of the EGEE Collaboration + --------------------------------- + European Organization for Particle Physics (CERN) + Institut für Graphische und Parallele Datenverarbeitung der + Joh. Kepler Universität Linz (AT) + Institut für Informatik der Universität Innsbruck (AT) + CESNET, z.s.p.o. (CZ) + Budapest University of Technology and Economics (HU) + Eötvös Loránd University Budapest (HU) + KFKI Research Institute for Particle and Nuclear Physics (HU) + Magyar Tudományos Akadémia Számítástechnikai és Automatizálási + Kutatóintézet (HU) + Office for National Information and Infrastructure Development (HU) + Akademickie Centrum Komputerowe CYFRONET akademii Górniczo-Hutniczej + im. St. Staszica w Krakowie (PL) + Warsaw University Interdisciplinary Centre for Mathematical and + Computational Modelling (PL) + Institute of Bioorganic Chemistry PAN, Poznan Supercomputing and + Networking Center (PL) + Ustav Informatiky, Slovenská Akadémia Vied (SK) + Jožef Stefan Institute (SI) + The Provost Fellows and Scholars of the College of the Holy and + Undivided Trinity of Queen Elizabeth near Dublin (IE) + Council for the Central Laboratory of the Research Councils (GB) + The University of Edinburgh (GB) + Particle Physics and Astronomy Research Council (GB) + University College of London (GB) + Commissariat l'Energie Atomique, Direction des Sciences de la Matière (FR) + Compagnie Générale de Géophysique (FR) + Centre National de la Recherche Scientifique (FR) + CS Système d'Information Communication & Systèmes (FR) + Centrale Recherche S.A. (FR) + Deutsches Elektronen-Synchrotron (DE) + Deutsches Klimarechenzentrum GmbH (DE) + Fraunhofer-Gesellschaft zur Förderung der Angewandten Forschung e.V. (DE) + Forschungszentrum Karlsruhe GmbH (DE) + Gesellschaft für Schwerionenforschung GmbH (DE) + DATAMAT S.p.A. (IT) + Istituto Nazionale di Fisica Nucleare (IT) + Trans-European Research and Networking Association (NL) + Vrije Universiteit Brussel (BE) + Faculty of Science University of Copenhagen (DK) + University of Helsinki (FI) + Foundation for Fundamental Research on Matter (NL) + Stichting Academisch Rekencentrum Amsterdam (NL) + Universiteit van Amsterdam (NL) + University of Bergen (NO) + Vetenskapsrådet, The Swedish Research Council (SE) + Institute of High Energy Physics (RU) + Institute of Mathematical Problems of Biology of Russian Academy of + Sciences (RU) + Institute of Theoretical and Experimental Physics (RU) + Joint Institute for Nuclear Research (RU) + Keldysh Institute of Applied Mathematics of Russian Academy of Sciences + Moscow (RU) + Petersburg Nuclear Physics Institute of Russian Academy of Sciences (RU) + Russian Research Centre "Kurchatov Institute" (RU) + Skobeltsyn Institute of Nuclear Physics of Moscow State University (RU) + Central Lab. for Parallel Processing, Bulgarian Academy of Sciences (BG) + University of Cyprus (CY) + Greek Research and Technology Network (GR) + Tel Aviv University (IL) + National Institute for Research and Development in Informatics (RO) + Laboratório de Instrumentação e Física Experimental de Partículas (PT) + S.A.X. Centro de Supercomputación de Galicia (ES) + Consejo Superior de Investigaciones Cientificas (ES) + Institut de Física d'Altes Energies (ES) + Instituto Nacional de Tecnica Aeroespacial (ES) + Universidad Politécnica de Valencia (ES) + University of Chicago (US) + University of Southern California, Marina del Rey (US) + The Board of Regents for the University of Wisconsin System (US) + Royal Institute of Technology - Center for Parallel Computers (SE) + Ente per le Nuove Tecnologie, l'Energia e l'Ambiente (IT) + Università degli Studi della Calabria (IT) + Università degli Studi di Lecce (IT) + Università degli Studi di Napoli Federico II (IT) + Delivery of Advanced Network Technology to Europe Limited (GB) + Verein zur Förderung eines Deutschen Forschungsnetzes e.V. (DE) + Consortium GARR (IT) License: Apache-2.0 Files: src/main/java/eu/emi/security/authn/x509/helpers/pkipath/bc/*.java src/main/java/eu/emi/security/authn/x509/helpers/pkipath/NonValidatingCertPathBuilder.java + src/main/java/eu/emi/security/authn/x509/helpers/proxy/X509v3CertificateBuilder.java Copyright: 2000-2011 The Legion Of The Bouncy Castle License: MIT Permission is hereby granted, free of charge, to any person obtaining @@ -71,7 +158,7 @@ License: Apache-2.0 Files: debian/* -Copyright: 2016-2017 Mattias Ellert +Copyright: 2016-2018 Mattias Ellert License: Apache-2.0 License: Apache-2.0 diff -Nru canl-java-2.4.1/debian/maven.ignoreRules canl-java-2.5.0/debian/maven.ignoreRules --- canl-java-2.4.1/debian/maven.ignoreRules 2016-09-10 19:22:50.000000000 +0000 +++ canl-java-2.5.0/debian/maven.ignoreRules 2018-02-20 15:19:42.000000000 +0000 @@ -1,6 +1,4 @@ org.apache.maven.plugins maven-gpg-plugin -org.apache.maven.plugins maven-release-plugin org.apache.maven.plugins maven-source-plugin org.apache.maven.wagon wagon-webdav-jackrabbit -org.codehaus.mojo javancss-maven-plugin org.sonatype.plugins nexus-staging-maven-plugin diff -Nru canl-java-2.4.1/debian/patches/canl-java-javadoc.patch canl-java-2.5.0/debian/patches/canl-java-javadoc.patch --- canl-java-2.4.1/debian/patches/canl-java-javadoc.patch 1970-01-01 00:00:00.000000000 +0000 +++ canl-java-2.5.0/debian/patches/canl-java-javadoc.patch 2018-01-06 12:05:18.000000000 +0000 @@ -0,0 +1,41 @@ +From c43be71185b82e016099e45dd410cfcac844e3db Mon Sep 17 00:00:00 2001 +From: Krzysztof Benedyczak +Date: Sun, 5 Mar 2017 16:24:51 +0000 +Subject: [PATCH] fix javadocs + +--- + .../eu/emi/security/authn/x509/helpers/CharArrayPasswordFinder.java | 2 +- + src/main/java/eu/emi/security/authn/x509/impl/CertificateUtils.java | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/main/java/eu/emi/security/authn/x509/helpers/CharArrayPasswordFinder.java b/src/main/java/eu/emi/security/authn/x509/helpers/CharArrayPasswordFinder.java +index 4c0249c..e5ffa85 100644 +--- a/src/main/java/eu/emi/security/authn/x509/helpers/CharArrayPasswordFinder.java ++++ b/src/main/java/eu/emi/security/authn/x509/helpers/CharArrayPasswordFinder.java +@@ -5,7 +5,7 @@ + package eu.emi.security.authn.x509.helpers; + + /** +- * Trivial implementation of {@link PasswordFinder} which uses a password ++ * Trivial implementation of {@link PasswordSupplier} which uses a password + * provided to the constructor. + * + * @author K. Benedyczak +diff --git a/src/main/java/eu/emi/security/authn/x509/impl/CertificateUtils.java b/src/main/java/eu/emi/security/authn/x509/impl/CertificateUtils.java +index eef171d..735f451 100644 +--- a/src/main/java/eu/emi/security/authn/x509/impl/CertificateUtils.java ++++ b/src/main/java/eu/emi/security/authn/x509/impl/CertificateUtils.java +@@ -223,8 +223,8 @@ public class CertificateUtils + /** + * Loads a private key from the provided input stream. The input stream must be encoded + * in the PEM format. This method is a special purpose version of the +- * {@link #loadPrivateKey(InputStream, Encoding, char[])}. It allows to provide {@link PasswordFinder} +- * instead of the actual password. The {@link PasswordFinder} implementation will be used only if ++ * {@link #loadPrivateKey(InputStream, Encoding, char[])}. It allows to provide {@link PasswordSupplier} ++ * instead of the actual password. The {@link PasswordSupplier} implementation will be used only if + * the source is encrypted. + *

+ * All other limitations and features are as in the {@link #loadPrivateKey(InputStream, Encoding, char[])} +-- +2.14.3 + diff -Nru canl-java-2.4.1/debian/patches/series canl-java-2.5.0/debian/patches/series --- canl-java-2.4.1/debian/patches/series 2016-09-10 19:22:50.000000000 +0000 +++ canl-java-2.5.0/debian/patches/series 2018-02-20 15:19:42.000000000 +0000 @@ -1,2 +1,5 @@ # Disable tests that require network connections canl-java-test.patch + +# Javadoc fixes (backport from upstream's git) +canl-java-javadoc.patch diff -Nru canl-java-2.4.1/pom.xml canl-java-2.5.0/pom.xml --- canl-java-2.4.1/pom.xml 2016-09-04 11:05:33.000000000 +0000 +++ canl-java-2.5.0/pom.xml 2017-03-05 16:00:33.000000000 +0000 @@ -4,7 +4,7 @@ eu.eu-emi.security canl jar - 2.4.1 + 2.5.0 canl EMI Common X.509 Authentication Library @@ -75,7 +75,7 @@ scm:git:git://github.com/eu-emi/canl-java.git https://github.com/eu-emi/canl-java scm:git:ssh://git@github.com/eu-emi/canl-java.git - canl-2.4.1 + canl-2.5.0 @@ -107,12 +107,12 @@ org.bouncycastle bcpkix-jdk15on - 1.54 + 1.56 org.bouncycastle bcprov-jdk15on - 1.54 + 1.56 commons-io diff -Nru canl-java-2.4.1/README.md canl-java-2.5.0/README.md --- canl-java-2.4.1/README.md 2016-09-04 11:05:33.000000000 +0000 +++ canl-java-2.5.0/README.md 2017-03-05 16:00:33.000000000 +0000 @@ -6,6 +6,11 @@ The documentation, manual and JavaDocs are available from the external documentation pages, which are version specific. +Version 2.4.1: + - Docs: http://unicore-dev.zam.kfa-juelich.de/documentation/canl-2.4.1/ + - Changes: https://github.com/eu-emi/canl-java/issues?q=milestone%3Acanl-2.4.1+is%3Aclosed + - This update contains two bugixes: draft RFC proxy (aka GT3 proxy) parsing and generation was wrong in case of proxies with limited length; building process could fail dependending on the build environment. + Version 2.4.0: - Docs: http://unicore-dev.zam.kfa-juelich.de/documentation/canl-2.4.0/ - Changes: https://github.com/eu-emi/canl-java/issues?q=milestone%3Acanl-2.4.0+is%3Aclosed diff -Nru canl-java-2.4.1/src/main/java/eu/emi/security/authn/x509/helpers/CharArrayPasswordFinder.java canl-java-2.5.0/src/main/java/eu/emi/security/authn/x509/helpers/CharArrayPasswordFinder.java --- canl-java-2.4.1/src/main/java/eu/emi/security/authn/x509/helpers/CharArrayPasswordFinder.java 2016-09-04 11:05:33.000000000 +0000 +++ canl-java-2.5.0/src/main/java/eu/emi/security/authn/x509/helpers/CharArrayPasswordFinder.java 2017-03-05 16:00:33.000000000 +0000 @@ -4,15 +4,13 @@ */ package eu.emi.security.authn.x509.helpers; -import org.bouncycastle.openssl.PasswordFinder; - /** * Trivial implementation of {@link PasswordFinder} which uses a password * provided to the constructor. * * @author K. Benedyczak */ -public class CharArrayPasswordFinder implements PasswordFinder +public class CharArrayPasswordFinder implements PasswordSupplier { private transient char []password; diff -Nru canl-java-2.4.1/src/main/java/eu/emi/security/authn/x509/helpers/PasswordSupplier.java canl-java-2.5.0/src/main/java/eu/emi/security/authn/x509/helpers/PasswordSupplier.java --- canl-java-2.4.1/src/main/java/eu/emi/security/authn/x509/helpers/PasswordSupplier.java 1970-01-01 00:00:00.000000000 +0000 +++ canl-java-2.5.0/src/main/java/eu/emi/security/authn/x509/helpers/PasswordSupplier.java 2017-03-05 16:00:33.000000000 +0000 @@ -0,0 +1,15 @@ +/* + * Copyright (c) 2017 ICM Uniwersytet Warszawski All rights reserved. + * See LICENCE.txt file for licensing information. + */ +package eu.emi.security.authn.x509.helpers; + +/** + * Provides password on demand. + * + * @author K. Benedyczak + */ +public interface PasswordSupplier +{ + char[] getPassword(); +} diff -Nru canl-java-2.4.1/src/main/java/eu/emi/security/authn/x509/impl/CertificateUtils.java canl-java-2.5.0/src/main/java/eu/emi/security/authn/x509/impl/CertificateUtils.java --- canl-java-2.4.1/src/main/java/eu/emi/security/authn/x509/impl/CertificateUtils.java 2016-09-04 11:05:33.000000000 +0000 +++ canl-java-2.5.0/src/main/java/eu/emi/security/authn/x509/impl/CertificateUtils.java 2017-03-05 16:00:33.000000000 +0000 @@ -47,7 +47,6 @@ import org.bouncycastle.openssl.PEMEncryptor; import org.bouncycastle.openssl.PEMKeyPair; import org.bouncycastle.openssl.PEMParser; -import org.bouncycastle.openssl.PasswordFinder; import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator; import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; import org.bouncycastle.openssl.jcajce.JcaPEMWriter; @@ -73,6 +72,7 @@ import eu.emi.security.authn.x509.helpers.FlexiblePEMReader; import eu.emi.security.authn.x509.helpers.KeyStoreHelper; import eu.emi.security.authn.x509.helpers.PKCS8DERReader; +import eu.emi.security.authn.x509.helpers.PasswordSupplier; /** * Utility class with methods simplifying typical certificate related operations. @@ -235,21 +235,21 @@ * @return loaded key * @throws IOException if key can not be read or parsed */ - public static PrivateKey loadPEMPrivateKey(InputStream is, PasswordFinder pf) throws IOException + public static PrivateKey loadPEMPrivateKey(InputStream is, PasswordSupplier pf) throws IOException { Reader reader = new InputStreamReader(is, Charset.forName("US-ASCII")); FlexiblePEMReader pemReader = new FlexiblePEMReader(reader); return internalLoadPK(pemReader, "PEM", pf); } - private static PrivateKey parsePEMPrivateKey(PemObject pem, PasswordFinder pf) + private static PrivateKey parsePEMPrivateKey(PemObject pem, PasswordSupplier pf) throws IOException { CachedPEMReader pemReader = new CachedPEMReader(pem); return internalLoadPK(pemReader, "PEM", pf); } - private static PrivateKey internalLoadPK(PEMParser pemReader, String type, PasswordFinder pf) + private static PrivateKey internalLoadPK(PEMParser pemReader, String type, PasswordSupplier pf) throws IOException { Object ret = null; @@ -272,7 +272,7 @@ } - private static PrivateKey convertToPrivateKey(Object pemObject, String type, PasswordFinder pf) throws IOException + private static PrivateKey convertToPrivateKey(Object pemObject, String type, PasswordSupplier pf) throws IOException { PrivateKeyInfo pki; try @@ -290,7 +290,7 @@ return converter.getPrivateKey(pki); } - private static PrivateKeyInfo resolvePK(String type, Object src, PasswordFinder pf) throws + private static PrivateKeyInfo resolvePK(String type, Object src, PasswordSupplier pf) throws IOException, OperatorCreationException, PKCSException { if (src instanceof PrivateKeyInfo) @@ -461,7 +461,7 @@ * used to crypt the key in the keystore. If it is null then # * @throws IOException if input can not be read or parsed */ - public static KeyStore loadPEMKeystore(InputStream is, PasswordFinder pf, char[] ksPassword) throws IOException + public static KeyStore loadPEMKeystore(InputStream is, PasswordSupplier pf, char[] ksPassword) throws IOException { PrivateKey pk = null; List certChain = new ArrayList(); @@ -801,7 +801,7 @@ } - public static PasswordFinder getPF(char[] password) + public static PasswordSupplier getPF(char[] password) { return (password == null) ? null : new CharArrayPasswordFinder(password); } diff -Nru canl-java-2.4.1/src/main/java/eu/emi/security/authn/x509/impl/PEMCredential.java canl-java-2.5.0/src/main/java/eu/emi/security/authn/x509/impl/PEMCredential.java --- canl-java-2.4.1/src/main/java/eu/emi/security/authn/x509/impl/PEMCredential.java 2016-09-04 11:05:33.000000000 +0000 +++ canl-java-2.5.0/src/main/java/eu/emi/security/authn/x509/impl/PEMCredential.java 2017-03-05 16:00:33.000000000 +0000 @@ -15,11 +15,9 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import org.bouncycastle.openssl.PasswordFinder; - - import eu.emi.security.authn.x509.helpers.AbstractDelegatingX509Credential; import eu.emi.security.authn.x509.helpers.AbstractX509Credential; +import eu.emi.security.authn.x509.helpers.PasswordSupplier; import eu.emi.security.authn.x509.helpers.ReaderInputStream; import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding; @@ -64,7 +62,7 @@ * @throws CertificateException if certificate can not be parsed * @since 1.1.0 */ - public PEMCredential(String keystorePath, PasswordFinder pf) + public PEMCredential(String keystorePath, PasswordSupplier pf) throws IOException, KeyStoreException, CertificateException { this(new BufferedInputStream(new FileInputStream(keystorePath)), pf); @@ -104,7 +102,7 @@ * @throws CertificateException if certificate can not be parsed * @since 1.1.0 */ - public PEMCredential(InputStream keystoreStream, PasswordFinder pf) + public PEMCredential(InputStream keystoreStream, PasswordSupplier pf) throws IOException, KeyStoreException, CertificateException { KeyStore ks = CertificateUtils.loadPEMKeystore(keystoreStream, pf, @@ -155,7 +153,7 @@ * @throws CertificateException if certificate can not be parsed * @since 1.1.0 */ - public PEMCredential(InputStream privateKeyStream, InputStream certificateStream, PasswordFinder pf) + public PEMCredential(InputStream privateKeyStream, InputStream certificateStream, PasswordSupplier pf) throws IOException, KeyStoreException, CertificateException { init(privateKeyStream, certificateStream, pf); @@ -192,7 +190,7 @@ * @throws CertificateException if certificate can not be parsed * @since 1.1.0 */ - public PEMCredential(Reader privateKeyReader, Reader certificateReader, PasswordFinder pf) + public PEMCredential(Reader privateKeyReader, Reader certificateReader, PasswordSupplier pf) throws IOException, KeyStoreException, CertificateException { InputStream pkIs = new ReaderInputStream(privateKeyReader, CertificateUtils.ASCII); @@ -223,7 +221,7 @@ private void init(InputStream privateKeyStream, InputStream certificateStream, - PasswordFinder pf) throws IOException, KeyStoreException, CertificateException + PasswordSupplier pf) throws IOException, KeyStoreException, CertificateException { X509Certificate []chain = CertificateUtils.loadCertificateChain( certificateStream, Encoding.PEM); diff -Nru canl-java-2.4.1/src/test/resources/ocsp/mbank.pem canl-java-2.5.0/src/test/resources/ocsp/mbank.pem --- canl-java-2.4.1/src/test/resources/ocsp/mbank.pem 2016-09-04 11:05:33.000000000 +0000 +++ canl-java-2.5.0/src/test/resources/ocsp/mbank.pem 2017-03-05 16:00:33.000000000 +0000 @@ -1,40 +1,37 @@ -----BEGIN CERTIFICATE----- -MIIG+jCCBeKgAwIBAgIQIhLTp0X1xqmmGc5geo0/ZjANBgkqhkiG9w0BAQsFADB3 +MIIGZTCCBU2gAwIBAgIQTHPEplB5rufBwgnsRV8sfzANBgkqhkiG9w0BAQsFADB3 MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj -IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTYwNTAyMDAwMDAwWhcNMTcwNzEy -MjM1OTU5WjCB5DETMBEGCysGAQQBgjc8AgEDEwJQTDEdMBsGA1UEDxMUUHJpdmF0 +IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTcwMTI3MDAwMDAwWhcNMTcwOTMw +MjM1OTU5WjCB5zETMBEGCysGAQQBgjc8AgEDEwJQTDEdMBsGA1UEDxMUUHJpdmF0 ZSBPcmdhbml6YXRpb24xEzARBgNVBAUTCjAwMDAwMjUyMzcxCzAJBgNVBAYTAlBM MQ8wDQYDVQQRDAYwMC05NTAxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQH DAhXYXJzemF3YTEWMBQGA1UECQwNU2VuYXRvcnNrYSAxODETMBEGA1UECgwKbUJh -bmsgUy5BLjEOMAwGA1UECwwFbUJhbmsxFTATBgNVBAMMDHd3dy5tYmFuay5wbDCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALVzIheUmJDYjP+LnDlOFYh/ -m3Dq+tan56Arfw72RitwlwAXTEXTA/AMbXGvuC01mTwGia3BioD5LPXD9GDQjRju -9MvqZlHhNZ3aEYIu5yshKMcUK3sNZJhLp/gJOgezMSXWy9t2gjk6Hk1WRWk7brhW -6WoUBZ1MPO/Np0fS4Ult0NzPZpfo22ZpGwMVfVJXGz4YxXHzG/0Bm8kR7u7Iws3h -0bBdT+nuG26+5G/VUZvoMWzW0jq0kPN2Yc1dTCVlz3dJY3GqcCdjYj5fJgnqke8B -/TH2t+BSF/pVh3gXLH1S9n9X/XgLJI/v6UPDMAWh3OQr8lNOymRNKmE3Ow6iGp0C -AwEAAaOCAxIwggMOMDcGA1UdEQQwMC6CDHd3dy5tYmFuay5wbIIIbWJhbmsucGyC -FHd3dy5iYWRhbmlhLm1iYW5rLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWg -MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBvBgNVHSAEaDBmMAcGBWeB -DAEBMFsGC2CGSAGG+EUBBxcGMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1j -Yi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBh -MB8GA1UdIwQYMBaAFAFZq+fdOgtZpmRj1s8gB1fVkedqMCsGA1UdHwQkMCIwIKAe -oByGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3JsMFcGCCsGAQUFBwEBBEswSTAf -BggrBgEFBQcwAYYTaHR0cDovL3NyLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0 -cDovL3NyLnN5bWNiLmNvbS9zci5jcnQwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsB -aQB2AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABVHDX9eYAAAQD -AEcwRQIgPu/2i5j1Y7DCyqyKh3b8zsIS9tQKjg/mYiyuUZ9VNGYCIQDdkpIXum8y -+sK//h+rKRDwOSuxFlWoAH+0gzYAZadsOQB2AKS5CZC0GFgUh7sTosxncAo8NZgE -+RvfuON3zQ7IDdwQAAABVHDX9gwAAAQDAEcwRQIhAIAvkuY3YNBhY6nph9PjOghf -PAfDEUn8glamyenfaaXqAiAWlffVZL/MZi0FT5h/ekguydkTLZ8ugE0XJAxShmIv -lQB3AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT/vEAAABVHDX9ggAAAQD -AEgwRgIhAINsLJASsx19WZOmqhzMEXSdT7Mapnvl63w9qSj879c9AiEAp55k+z4X -Hc0bdJbNLCBRbZMgFYfAznrtnyzXCneDB9IwDQYJKoZIhvcNAQELBQADggEBAHLL -l2+KZYUf53otiNb3IpchgsXG8fxYQSxMYoMV8+KJHZ0G0OxXLzfGm6vfq3fdzn3b -+6XFvehV2Ala5oR9h8jw3/a8aNrjO9LR0m5iq/T2Emz794AK5XvL82Llr4q45PgF -OS/apReNfrdleQ/qhF6nowd+BsofMtTEsdoNUyMN+8b2f7i/V7Qzc1DD17L5wfgT -0Walu5Jcf5oWfQ/OS/q5ElibANP67P0/ESI68qNDN3ED6NSYRkVP7sdvyZ+IT0Xz -rtdrRwNhHpdw5vDNA12sXSB0lryiBvEKyV5a3sn6lzGzNGIYLZ42RR2cynb9vlGv -iHLFpDT9IJhy2WSv3VQ= +bmsgUy5BLjEOMAwGA1UECwwFbUJhbmsxGDAWBgNVBAMMD29ubGluZS5tYmFuay5w +bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANeaMu4ht7kvgvDUMuVE +nLvM7uOPud+AP7wRc8Hy1ICcTeGt1orGvZqAnQVL5ylcC9HTtbab2cHveosLdesG +SUtVpi2eNKNpBJEoQDw+xlVBEa6faRgLQqKekY4U94eaGTvAgIaRvd9bX1t/SlEf +X/COjjYITD8i0xmCbP7iMrGuXdHkh1Dczp9lpDKe8z0ITxrJDRZDK3M1JCpxxKx/ +5GixZ9FycOxcWOzIfnUOB6LaWqd/beHWZqPnAEkvsaiQseeS6r4QCGyczz+Cnwhg +I4YYLkzOtNIwozMqs+RvFNZzoLHaai+4i//s4H5NXiaR/iSl1KITbUAGLrYaIhSe +0hMCAwEAAaOCAnowggJ2MBoGA1UdEQQTMBGCD29ubGluZS5tYmFuay5wbDAJBgNV +HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB +BQUHAwIwbwYDVR0gBGgwZjAHBgVngQwBATBbBgtghkgBhvhFAQcXBjBMMCMGCCsG +AQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdo +dHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToLWaZkY9bP +IAdX1ZHnajArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2IuY29tL3Ny +LmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zci5zeW1j +ZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3J0MIIB +BAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiN +PRHEzbbsvswAAAFZ4DyROwAABAMARzBFAiEAs9l2G2d/zkCgWQb2AGJwmwxU46fo +GjHoCb5/n1YzCEoCIGxbKDJOMR1nXIdK8SYmINqgKvW0AVmxGKOtoTUIE+7ZAHYA +pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFZ4DyRXwAABAMARzBF +AiBdJ1pjOig8JlkXg0DKupnNEbOmNbHnBn8/PerHgw6bOwIhAMVviZOL3owJ6k0X +5YGPKxOrLd+7vM0wpWmVy2srg3saMA0GCSqGSIb3DQEBCwUAA4IBAQAuq872sAxG +eSeNCHXZSYlyv7DrnoLF/TNRoY4d+vYdexEyPZc8URZ/SmtMU0YfUZ5vhyfM8GVA +qPas6xbSffjQ4rSa+AuHa4VVByAxrEiqhk4Zec77TOSe49ET7QrbAs5RzssfuWDw +kcBrcrJ1tW++j3PI+aTFnxCgX4NDr7s8np2UEqSoRDE4QdwGnjZDZcj+n0dAWlKN +UiVYY8HjK+d0VRtjpcIR4Y0Wp5VkhqEGupprJS9FnyRtRQONVUQreE2QlCx2eAXz +H3tJf93bEqcFNZRoXOdFqs+WEAtHCsZq0V1MkCXsUpnX2aYcgpPG77mFf+WcLEmV +94cT2dfsFp8F -----END CERTIFICATE-----