4DMega_Setup_v1.0.1.2

AppCode/laser/app/skin/licensepage.xml

@@ -4,9 +4,8 @@
       <VerticalLayout visible="false" name="licenseshow" float="true"  bkimage="file='form\license_bg.png'" pos="5,35,475,375">
 	  
 		<Container height="10" />
-        <Label name="licensename" text="《四维深时本地版用户许可协议》"  font="5" align="center" textcolor="0xffffffff"/>
-        <Container height="4" />
-		
+<!--        <Label name="licensename" text="《四维深时本地版用户许可协议》"  font="5" align="center" textcolor="0xffffffff"/>-->
+
       	<RichEdit width="465" height="260" name="editLicense" autovscroll="true" vscrollbar="true" readonly="true" textcolor="0xffffffff"   inset="12,12,2,12" bordersize="1"  />
         
         <HorizontalLayout height="34">

AppFile/laser/CGAII/asset/isp_minion.pp3

@@ -10,7 +10,7 @@ InTrash=false
 [Exposure]
 Auto=false
 Clip=0
-Compensation=0.2
+Compensation=0.25
 Brightness=0
 Contrast=24
 Saturation=0
@@ -210,7 +210,7 @@ Curve2=0;
 Curve3=0;
 
 [Impulse Denoising]
-Enabled=true
+Enabled=false
 Threshold=44
 
 [Defringing]
@@ -227,7 +227,7 @@ Depth=2
 Luminance=true
 
 [Directional Pyramid Denoising]
-Enabled=true
+Enabled=false
 Enhance=false
 Median=true
 Luma=0
@@ -519,7 +519,7 @@ ClutFilename=
 Strength=100
 
 [RGB Curves]
-Enabled=true
+Enabled=false
 LumaMode=false
 rCurve=0;
 gCurve=0;

AppFile/laser/CGAII/asset/isp_minion_raw.pp3

@@ -1,642 +0,0 @@
-[Version]
-AppVersion=5.8
-Version=346
-
-[General]
-Rank=-1
-ColorLabel=0
-InTrash=false
-
-[Exposure]
-Auto=false
-Clip=0
-Compensation=0.70999999999999996
-Brightness=4
-Contrast=15
-Saturation=0
-Black=0
-HighlightCompr=0
-HighlightComprThreshold=0
-ShadowCompr=50
-HistogramMatching=false
-CurveFromHistogramMatching=false
-ClampOOG=true
-CurveMode=Standard
-CurveMode2=Standard
-Curve=2;0.25;0.5;0.75;0;8;-16;0;
-Curve2=0;
-
-[HLRecovery]
-Enabled=false
-Method=Luminance
-
-[Retinex]
-Enabled=false
-Str=20
-Scal=3
-Iter=1
-Grad=1
-Grads=1
-Gam=1.3
-Slope=3
-Median=false
-Neigh=80
-Offs=0
-Vart=200
-Limd=8
-highl=4
-skal=3
-RetinexMethod=high
-mapMethod=none
-viewMethod=none
-Retinexcolorspace=Lab
-Gammaretinex=none
-CDCurve=0;
-MAPCurve=0;
-CDHCurve=0;
-LHCurve=0;
-Highlights=0
-HighlightTonalWidth=80
-Shadows=0
-ShadowTonalWidth=80
-Radius=40
-TransmissionCurve=1;0;0.5;0.34999999999999998;0.34999999999999998;0.59999999999999998;0.75;0.34999999999999998;0.34999999999999998;1;0.5;0.34999999999999998;0.34999999999999998;
-GainTransmissionCurve=1;0;0.10000000000000001;0.34999999999999998;0;0.25;0.25;0.34999999999999998;0.34999999999999998;0.69999999999999996;0.25;0.34999999999999998;0.34999999999999998;1;0.10000000000000001;0;0;
-
-[Local Contrast]
-Enabled=true
-Radius=33
-Amount=0.40999999999999998
-Darkness=0.76000000000000001
-Lightness=0.41999999999999998
-
-[Channel Mixer]
-Enabled=false
-Red=1000;0;0;
-Green=0;1000;0;
-Blue=0;0;1000;
-
-[Black & White]
-Enabled=false
-Method=Desaturation
-Auto=false
-ComplementaryColors=true
-Setting=RGB-Rel
-Filter=None
-MixerRed=33
-MixerOrange=33
-MixerYellow=33
-MixerGreen=33
-MixerCyan=33
-MixerBlue=33
-MixerMagenta=33
-MixerPurple=33
-GammaRed=0
-GammaGreen=0
-GammaBlue=0
-Algorithm=SP
-LuminanceCurve=0;
-BeforeCurveMode=Standard
-AfterCurveMode=Standard
-BeforeCurve=0;
-AfterCurve=0;
-
-[Luminance Curve]
-Enabled=false
-Brightness=0
-Contrast=0
-Chromaticity=0
-AvoidColorShift=false
-RedAndSkinTonesProtection=0
-LCredsk=true
-LCurve=0;
-aCurve=0;
-bCurve=0;
-ccCurve=0;
-chCurve=0;
-lhCurve=0;
-hhCurve=0;
-LcCurve=0;
-ClCurve=0;
-
-[Sharpening]
-Enabled=true
-Contrast=0
-Method=usm
-Radius=0.40999999999999998
-BlurRadius=0.20000000000000001
-Amount=543
-Threshold=0;60;2000;1200;
-OnlyEdges=false
-EdgedetectionRadius=1.7
-EdgeTolerance=1100
-HalocontrolEnabled=false
-HalocontrolAmount=5
-DeconvRadius=0.70999999999999996
-DeconvAmount=61
-DeconvDamping=0
-DeconvIterations=15
-
-[Vibrance]
-Enabled=false
-Pastels=0
-Saturated=0
-PSThreshold=0;75;
-ProtectSkins=false
-AvoidColorShift=true
-PastSatTog=true
-SkinTonesCurve=0;
-
-[SharpenEdge]
-Enabled=false
-Passes=1
-Strength=91
-ThreeChannels=false
-
-[SharpenMicro]
-Enabled=false
-Matrix=false
-Strength=89
-Contrast=42
-Uniformity=1
-
-[White Balance]
-Enabled=false
-Setting=Camera
-Temperature=6490
-Green=1.002
-Equal=1
-TemperatureBias=0
-
-[Color appearance]
-Enabled=false
-Degree=90
-AutoDegree=true
-Degreeout=90
-AutoDegreeout=true
-Surround=Average
-Surrsrc=Average
-AdaptLum=16
-Badpixsl=0
-Model=RawT
-Algorithm=JC
-J-Light=0
-Q-Bright=0
-C-Chroma=0
-S-Chroma=0
-M-Chroma=0
-J-Contrast=0
-Q-Contrast=0
-H-Hue=0
-RSTProtection=0
-AdaptScene=2000
-AutoAdapscen=true
-YbScene=18
-Autoybscen=true
-SurrSource=false
-Gamut=true
-Tempout=5000
-Greenout=1
-Tempsc=5000
-Greensc=1
-Ybout=18
-Datacie=false
-Tonecie=false
-CurveMode=Lightness
-CurveMode2=Lightness
-CurveMode3=Chroma
-Curve=0;
-Curve2=0;
-Curve3=0;
-
-[Impulse Denoising]
-Enabled=false
-Threshold=53
-
-[Defringing]
-Enabled=false
-Radius=2
-Threshold=13
-HueCurve=1;0.16666666699999999;0;0.34999999999999998;0.34999999999999998;0.34699999999999998;0;0.34999999999999998;0.34999999999999998;0.51366742600000004;0;0.34999999999999998;0.34999999999999998;0.66894457100000004;0;0.34999999999999998;0.34999999999999998;0.82877752459999998;0.97835991;0.34999999999999998;0.34999999999999998;0.99088838270000001;0;0.34999999999999998;0.34999999999999998;
-
-[Dehaze]
-Enabled=false
-Strength=25
-ShowDepthMap=false
-Depth=25
-Luminance=true
-
-[Directional Pyramid Denoising]
-Enabled=true
-Enhance=false
-Median=true
-Luma=0
-Ldetail=0
-Chroma=1.1299999999999999
-Method=Lab
-LMethod=SLI
-CMethod=MAN
-C2Method=AUTO
-SMethod=shal
-MedMethod=soft
-RGBMethod=soft
-MethodMed=RGB
-Redchro=3.7999999999999998
-Bluechro=-0.69999999999999996
-Gamma=1.7
-Passes=1
-LCurve=1;0.050000000000000003;0.14999999999999999;0.34999999999999998;0.34999999999999998;0.55000000000000004;0.040000000000000001;0.34999999999999998;0.34999999999999998;
-CCCurve=1;0.050000000000000003;0.5;0.34999999999999998;0.34999999999999998;0.34999999999999998;0.050000000000000003;0.34999999999999998;0.34999999999999998;
-
-[EPD]
-Enabled=false
-Strength=0.5
-Gamma=1
-EdgeStopping=1.3999999999999999
-Scale=1
-ReweightingIterates=0
-
-[FattalToneMapping]
-Enabled=false
-Threshold=30
-Amount=20
-Anchor=50
-
-[Shadows & Highlights]
-Enabled=true
-Highlights=0
-HighlightTonalWidth=70
-Shadows=21
-ShadowTonalWidth=22
-Radius=100
-Lab=false
-
-[Crop]
-Enabled=false
-X=0
-Y=0
-W=16384
-H=8192
-FixedRatio=true
-Ratio=As Image
-Orientation=As Image
-Guide=Frame
-
-[Coarse Transformation]
-Rotate=0
-HorizontalFlip=false
-VerticalFlip=false
-
-[Common Properties for Transformations]
-Method=log
-AutoFill=true
-
-[Rotation]
-Degree=0
-
-[Distortion]
-Amount=0
-
-[LensProfile]
-LcMode=none
-LCPFile=
-UseDistortion=true
-UseVignette=true
-UseCA=false
-LFCameraMake=
-LFCameraModel=
-LFLens=
-
-[Perspective]
-Horizontal=0
-Vertical=0
-
-[Gradient]
-Enabled=false
-Degree=0
-Feather=25
-Strength=0.59999999999999998
-CenterX=0
-CenterY=0
-
-[PCVignette]
-Enabled=false
-Strength=0.59999999999999998
-Feather=50
-Roundness=50
-
-[CACorrection]
-Red=0
-Blue=0
-
-[Vignetting Correction]
-Amount=0
-Radius=50
-Strength=1
-CenterX=0
-CenterY=0
-
-[Resize]
-Enabled=false
-Scale=0.050000000000000003
-AppliesTo=Cropped area
-Method=Lanczos
-DataSpecified=3
-Width=900
-Height=900
-AllowUpscaling=false
-
-[PostDemosaicSharpening]
-Enabled=false
-Contrast=10
-AutoContrast=true
-AutoRadius=true
-DeconvRadius=0.75
-DeconvRadiusOffset=0
-DeconvIterCheck=true
-DeconvIterations=20
-
-[PostResizeSharpening]
-Enabled=false
-Contrast=190
-Method=rld
-Radius=0.5
-Amount=200
-Threshold=20;80;2000;1200;
-OnlyEdges=false
-EdgedetectionRadius=1.8999999999999999
-EdgeTolerance=1800
-HalocontrolEnabled=false
-HalocontrolAmount=85
-DeconvRadius=2.2799999999999998
-DeconvAmount=60
-DeconvDamping=0
-DeconvIterations=79
-
-[Color Management]
-InputProfile=(embedded)
-ToneCurve=false
-ApplyLookTable=false
-ApplyBaselineExposureOffset=true
-ApplyHueSatMap=true
-DCPIlluminant=0
-WorkingProfile=ProPhoto
-WorkingTRC=none
-WorkingTRCGamma=2.3999999999999999
-WorkingTRCSlope=12.92
-OutputProfile=RTv4_sRGB
-OutputProfileIntent=Relative
-OutputBPC=true
-
-[Wavelet]
-Enabled=false
-Strength=100
-Balance=0
-Iter=0
-MaxLev=7
-TilesMethod=full
-DaubMethod=4_
-ChoiceLevMethod=all
-BackMethod=grey
-LevMethod=4
-DirMethod=all
-CBgreenhigh=0
-CBgreenmed=0
-CBgreenlow=0
-CBbluehigh=0
-CBbluemed=0
-CBbluelow=0
-Expcontrast=false
-Expchroma=false
-Expedge=false
-Expresid=false
-Expfinal=false
-Exptoning=false
-Expnoise=false
-Contrast1=318
-Contrast2=313
-Contrast3=289
-Contrast4=299
-Contrast5=300
-Contrast6=299
-Contrast7=286
-Contrast8=0
-Contrast9=0
-Chroma1=0
-Chroma2=0
-Chroma3=0
-Chroma4=0
-Chroma5=0
-Chroma6=0
-Chroma7=0
-Chroma8=0
-Chroma9=0
-ContExtra=0
-HSMethod=with
-HLRange=50;75;100;98;
-SHRange=0;2;50;25;
-Edgcont=0;10;75;40;
-Level0noise=94.599999999999994;47.100000000000001;
-Level1noise=0;0;
-Level2noise=0;0;
-Level3noise=0;0;
-ThresholdHighlight=5
-ThresholdShadow=4
-Edgedetect=90
-Edgedetectthr=20
-EdgedetectthrHi=0
-Edgesensi=60
-Edgeampli=10
-ThresholdChroma=5
-CHromaMethod=without
-Medgreinf=less
-CHSLromaMethod=SL
-EDMethod=CU
-NPMethod=none
-BAMethod=none
-TMMethod=cont
-ChromaLink=0
-ContrastCurve=1;0;0.25;0.34999999999999998;0.34999999999999998;0.5;0.75;0.34999999999999998;0.34999999999999998;0.90000000000000002;0;0.34999999999999998;0.34999999999999998;
-Pastlev=0;2;30;20;
-Satlev=30;45;130;100;
-OpacityCurveRG=1;0;0.5;0.34999999999999998;0.34999999999999998;1;0.5;0.34999999999999998;0.34999999999999998;
-OpacityCurveBY=1;0;0.5;0.34999999999999998;0.34999999999999998;1;0.5;0.34999999999999998;0.34999999999999998;
-OpacityCurveW=1;0;0.34999999999999998;0.34999999999999998;0;0.34999999999999998;0.75;0.34999999999999998;0.34999999999999998;0.59999999999999998;0.75;0.34999999999999998;0.34999999999999998;1;0.34999999999999998;0;0;
-OpacityCurveWL=1;0;0.5;0.34999999999999998;0.34999999999999998;1;0.5;0.34999999999999998;0.34999999999999998;
-HHcurve=0;
-CHcurve=0;
-WavclCurve=0;
-Median=false
-Medianlev=false
-Linkedg=true
-CBenab=false
-Lipst=false
-Skinprotect=0
-Hueskin=-5;25;170;120;
-Edgrad=7
-Edgval=21
-ThrEdg=-41
-AvoidColorShift=false
-TMr=false
-ResidualcontShadow=0
-ResidualcontHighlight=0
-ThresholdResidShadow=35
-ThresholdResidHighLight=65
-Residualchroma=0
-ResidualTM=0
-Residualgamma=1
-HueRangeResidual=0
-HueRange=-260;-250;-130;-140;
-Contrast=0
-
-[Directional Pyramid Equalizer]
-Enabled=false
-Gamutlab=false
-cbdlMethod=bef
-Mult0=1
-Mult1=1
-Mult2=1
-Mult3=1
-Mult4=1
-Mult5=1
-Threshold=0.20000000000000001
-Skinprotect=0
-Hueskin=-5;25;170;120;
-
-[HSV Equalizer]
-Enabled=false
-HCurve=0;
-SCurve=0;
-VCurve=0;
-
-[SoftLight]
-Enabled=false
-Strength=0
-
-[Film Simulation]
-Enabled=false
-ClutFilename=
-Strength=100
-
-[RGB Curves]
-Enabled=true
-LumaMode=false
-rCurve=0;
-gCurve=0;
-bCurve=0;
-
-[ColorToning]
-Enabled=false
-Method=LabRegions
-Lumamode=true
-Twocolor=Std
-Redlow=0
-Greenlow=0
-Bluelow=0
-Satlow=0
-Balance=0
-Sathigh=0
-Redmed=0
-Greenmed=0
-Bluemed=0
-Redhigh=0
-Greenhigh=0
-Bluehigh=0
-Autosat=true
-OpacityCurve=1;0;0.29999999999999999;0.34999999999999998;0;0.25;0.80000000000000004;0.34999999999999998;0.34999999999999998;0.69999999999999996;0.80000000000000004;0.34999999999999998;0.34999999999999998;1;0.29999999999999999;0;0;
-ColorCurve=1;0.050000000000000003;0.62;0.25;0.25;0.58499999999999996;0.11;0.25;0.25;
-SatProtectionThreshold=15
-SaturatedOpacity=2
-Strength=50
-HighlightsColorSaturation=60;80;
-ShadowsColorSaturation=80;208;
-ClCurve=3;0;0;0.34999999999999998;0.65000000000000002;1;1;
-Cl2Curve=3;0;0;0.34999999999999998;0.65000000000000002;1;1;
-LabGridALow=0
-LabGridBLow=0
-LabGridAHigh=0
-LabGridBHigh=0
-LabRegionA_1=0
-LabRegionB_1=0
-LabRegionSaturation_1=0
-LabRegionSlope_1=1
-LabRegionOffset_1=0
-LabRegionPower_1=1
-LabRegionHueMask_1=1;0.16666666699999999;1;0.34999999999999998;0.34999999999999998;0.82877752459999998;1;0.34999999999999998;0.34999999999999998;
-LabRegionChromaticityMask_1=1;0;1;0.34999999999999998;0.34999999999999998;1;1;0.34999999999999998;0.34999999999999998;
-LabRegionLightnessMask_1=1;0;1;0.34999999999999998;0.34999999999999998;1;1;0.34999999999999998;0.34999999999999998;
-LabRegionMaskBlur_1=0
-LabRegionChannel_1=-1
-LabRegionsShowMask=-1
-
-[RAW]
-DarkFrame=/szeva
-DarkFrameAuto=false
-FlatFieldFile=/szeva
-FlatFieldAutoSelect=false
-FlatFieldBlurRadius=32
-FlatFieldBlurType=Area Flatfield
-FlatFieldAutoClipControl=false
-FlatFieldClipControl=0
-CA=false
-CAAvoidColourshift=true
-CAAutoIterations=2
-CARed=0
-CABlue=0
-HotPixelFilter=false
-DeadPixelFilter=false
-HotDeadPixelThresh=100
-PreExposure=1
-
-[RAW Bayer]
-Method=amaze
-Border=4
-ImageNum=1
-CcSteps=0
-PreBlack0=0
-PreBlack1=0
-PreBlack2=0
-PreBlack3=0
-PreTwoGreen=true
-LineDenoise=0
-LineDenoiseDirection=3
-GreenEqThreshold=0
-DCBIterations=2
-DCBEnhance=true
-LMMSEIterations=2
-DualDemosaicAutoContrast=true
-DualDemosaicContrast=20
-PixelShiftMotionCorrectionMethod=1
-PixelShiftEperIso=0
-PixelShiftSigma=1
-PixelShiftShowMotion=false
-PixelShiftShowMotionMaskOnly=false
-pixelShiftHoleFill=true
-pixelShiftMedian=false
-pixelShiftGreen=true
-pixelShiftBlur=true
-pixelShiftSmoothFactor=0.69999999999999996
-pixelShiftEqualBright=false
-pixelShiftEqualBrightChannel=false
-pixelShiftNonGreenCross=true
-pixelShiftDemosaicMethod=amaze
-PDAFLinesFilter=false
-
-[RAW X-Trans]
-Method=3-pass (best)
-DualDemosaicAutoContrast=true
-DualDemosaicContrast=20
-Border=7
-CcSteps=0
-PreBlackRed=0
-PreBlackGreen=0
-PreBlackBlue=0
-
-[MetaData]
-Mode=0
-
-[Film Negative]
-Enabled=false
-RedRatio=1.3600000000000001
-GreenExponent=1.5
-BlueRatio=0.85999999999999999

AppFile/laser/CGAII/asset/satuHigh.pp3

@@ -10,7 +10,7 @@ InTrash=false
 [Exposure]
 Auto=false
 Clip=0
-Compensation=0.2
+Compensation=0.25
 Brightness=0
 Contrast=0
 Saturation=0
@@ -210,7 +210,7 @@ Curve2=0;
 Curve3=0;
 
 [Impulse Denoising]
-Enabled=true
+Enabled=false
 Threshold=44
 
 [Defringing]
@@ -227,7 +227,7 @@ Depth=2
 Luminance=true
 
 [Directional Pyramid Denoising]
-Enabled=true
+Enabled=false
 Enhance=false
 Median=true
 Luma=0
@@ -519,7 +519,7 @@ ClutFilename=
 Strength=100
 
 [RGB Curves]
-Enabled=true
+Enabled=false
 LumaMode=false
 rCurve=0;
 gCurve=0;

AppFile/laser/CGAII/asset/satuLow.pp3

@@ -10,7 +10,7 @@ InTrash=false
 [Exposure]
 Auto=false
 Clip=0
-Compensation=0.2
+Compensation=0.25
 Brightness=0
 Contrast=24
 Saturation=0
@@ -210,7 +210,7 @@ Curve2=0;
 Curve3=0;
 
 [Impulse Denoising]
-Enabled=true
+Enabled=false
 Threshold=44
 
 [Defringing]
@@ -227,7 +227,7 @@ Depth=2
 Luminance=true
 
 [Directional Pyramid Denoising]
-Enabled=true
+Enabled=false
 Enhance=false
 Median=true
 Luma=0
@@ -519,7 +519,7 @@ ClutFilename=
 Strength=100
 
 [RGB Curves]
-Enabled=true
+Enabled=false
 LumaMode=false
 rCurve=0;
 gCurve=0;

CodeSign/GnuTLS/lib/gnutls.pc

@@ -0,0 +1,24 @@
+# Process this file with autoconf to produce a pkg-config metadata file.
+
+# Copyright (C) 2004-2012 Free Software Foundation, Inc.
+
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved.  This file is offered as-is,
+# without any warranty.
+
+# Author: Simon Josefsson
+
+prefix=/usr/x86_64-w64-mingw32/sys-root/mingw
+exec_prefix=/usr/x86_64-w64-mingw32/sys-root/mingw
+libdir=/usr/x86_64-w64-mingw32/sys-root/mingw/lib
+includedir=/usr/x86_64-w64-mingw32/sys-root/mingw/include
+
+Name: GnuTLS
+Description: Transport Security Layer implementation for the GNU system
+URL: http://www.gnutls.org/
+Version: 3.6.0
+Libs: -L${libdir} -lgnutls
+Libs.private:  -lws2_32   -lws2_32  -lgmp  -lidn2
+Requires.private: nettle, hogweed, p11-kit-1
+Cflags: -I${includedir}

CodeSign/GnuTLS/lib/includes/abstract.h

@@ -0,0 +1,677 @@
+/*
+ * Copyright (C) 2010-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2015-2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifndef __GNUTLS_ABSTRACT_H
+#define __GNUTLS_ABSTRACT_H
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gnutls/pkcs11.h>
+#include <gnutls/openpgp.h>
+#include <gnutls/tpm.h>
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+/* Public key operations */
+
+#define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA
+/**
+ * gnutls_pubkey_flags:
+ * @GNUTLS_PUBKEY_DISABLE_CALLBACKS: The following flag disables call to PIN callbacks. Only
+ *   relevant to TPM keys.
+ * @GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT: request an OPENPGP fingerprint instead of the default.
+ *
+ * Enumeration of different certificate import flags.
+ */
+typedef enum gnutls_pubkey_flags {
+	GNUTLS_PUBKEY_DISABLE_CALLBACKS = 1 << 2,
+	GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT = 1 << 3
+} gnutls_pubkey_flags_t;
+
+/**
+ * gnutls_abstract_export_flags:
+ * @GNUTLS_EXPORT_FLAG_NO_LZ: do not prepend a leading zero to exported values
+ *
+ * Enumeration of different certificate import flags.
+ */
+typedef enum gnutls_abstract_export_flags {
+	GNUTLS_EXPORT_FLAG_NO_LZ = 1
+} gnutls_abstract_export_flags_t;
+
+#define GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA GNUTLS_VERIFY_USE_TLS1_RSA
+
+typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key,
+					 void *userdata,
+					 const gnutls_datum_t *raw_data,
+					 gnutls_datum_t * signature);
+
+
+typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key,
+					    void *userdata,
+					    const gnutls_datum_t *ciphertext,
+					    gnutls_datum_t * plaintext);
+
+/* to be called to sign pre-hashed data. The input will be
+ * the output of the hash (such as SHA256) corresponding to
+ * the signature algorithm. The algorithm GNUTLS_SIGN_RSA_RAW
+ * will be provided when RSA PKCS#1 DigestInfo structure is provided
+ * as data (when this is called from a TLS 1.0 or 1.1 session).
+ */
+typedef int (*gnutls_privkey_sign_hash_func) (gnutls_privkey_t key,
+					      gnutls_sign_algorithm_t algo,
+					      void *userdata,
+					      unsigned int flags,
+					      const gnutls_datum_t *hash,
+					      gnutls_datum_t * signature);
+
+/* to be called to sign data. The input data will be
+ * the data to be signed (and hashed), with the provided
+ * signature algorithm. This function is used for algorithms
+ * like ed25519 which cannot take pre-hashed data as input.
+ */
+typedef int (*gnutls_privkey_sign_data_func) (gnutls_privkey_t key,
+					      gnutls_sign_algorithm_t algo,
+					      void *userdata,
+					      unsigned int flags,
+					      const gnutls_datum_t *data,
+					      gnutls_datum_t * signature);
+
+typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key,
+					    void *userdata);
+
+
+#define GNUTLS_SIGN_ALGO_TO_FLAGS(sig) (unsigned int)((sig)<<20)
+#define GNUTLS_FLAGS_TO_SIGN_ALGO(flags) (unsigned int)((flags)>>20)
+
+/* Should return the public key algorithm (gnutls_pk_algorithm_t) */
+#define GNUTLS_PRIVKEY_INFO_PK_ALGO 1
+/* Should return the preferred signature algorithm (gnutls_sign_algorithm_t) or 0. */
+#define GNUTLS_PRIVKEY_INFO_SIGN_ALGO (1<<1)
+/* Should return true (1) or false (0) if the provided sign algorithm
+ * (obtained with GNUTLS_FLAGS_TO_SIGN_ALGO) is supported.
+ */
+#define GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO (1<<2)
+
+/* returns information on the public key associated with userdata */
+typedef int (*gnutls_privkey_info_func) (gnutls_privkey_t key, unsigned int flags, void *userdata);
+
+int gnutls_pubkey_init(gnutls_pubkey_t * key);
+void gnutls_pubkey_deinit(gnutls_pubkey_t key);
+
+int gnutls_pubkey_verify_params(gnutls_pubkey_t key);
+
+void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key,
+				    gnutls_pin_callback_t fn,
+				    void *userdata);
+
+int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key,
+				   unsigned int *bits);
+
+int
+gnutls_pubkey_set_spki(gnutls_pubkey_t key,
+			const gnutls_x509_spki_t spki,
+			unsigned int flags);
+
+int
+gnutls_pubkey_get_spki(gnutls_pubkey_t key,
+			const gnutls_x509_spki_t spki,
+			unsigned int flags);
+
+int gnutls_pubkey_import_x509(gnutls_pubkey_t key,
+			      gnutls_x509_crt_t crt, unsigned int flags);
+int gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key,
+				  gnutls_x509_crq_t crq,
+				  unsigned int flags);
+int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
+				gnutls_pkcs11_obj_t obj,
+				unsigned int flags);
+int gnutls_pubkey_import_openpgp(gnutls_pubkey_t key,
+				 gnutls_openpgp_crt_t crt,
+				 unsigned int flags);
+
+int gnutls_pubkey_import_openpgp_raw(gnutls_pubkey_t pkey,
+				     const gnutls_datum_t * data,
+				     gnutls_openpgp_crt_fmt_t
+				     format,
+				     const gnutls_openpgp_keyid_t
+				     keyid, unsigned int flags);
+int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey,
+				  const gnutls_datum_t * data,
+				  gnutls_x509_crt_fmt_t format,
+				  unsigned int flags);
+
+int
+gnutls_pubkey_import_privkey(gnutls_pubkey_t key,
+			     gnutls_privkey_t pkey,
+			     unsigned int usage, unsigned int flags);
+
+int
+gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey,
+			     const char *url,
+			     const char *srk_password, unsigned int flags);
+
+int
+gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url,
+			 unsigned int flags);
+
+int
+gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey,
+			     const gnutls_datum_t * fdata,
+			     gnutls_tpmkey_fmt_t format,
+			     const char *srk_password, unsigned int flags);
+
+int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
+					       gnutls_digest_algorithm_t
+					       * hash, unsigned int *mand);
+
+#define gnutls_pubkey_get_pk_rsa_raw gnutls_pubkey_export_rsa_raw
+int gnutls_pubkey_export_rsa_raw(gnutls_pubkey_t key,
+				 gnutls_datum_t * m, gnutls_datum_t * e);
+
+int gnutls_pubkey_export_rsa_raw2(gnutls_pubkey_t key,
+				  gnutls_datum_t * m, gnutls_datum_t * e,
+				  unsigned flags);
+
+#define gnutls_pubkey_get_pk_dsa_raw gnutls_pubkey_export_dsa_raw
+int gnutls_pubkey_export_dsa_raw(gnutls_pubkey_t key,
+				 gnutls_datum_t * p,
+				 gnutls_datum_t * q,
+				 gnutls_datum_t * g, gnutls_datum_t * y);
+
+int gnutls_pubkey_export_dsa_raw2(gnutls_pubkey_t key,
+				 gnutls_datum_t * p,
+				 gnutls_datum_t * q,
+				 gnutls_datum_t * g, gnutls_datum_t * y,
+				 unsigned flags);
+
+int gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key,
+				 gnutls_ecc_curve_t * curve,
+				 gnutls_datum_t * x, gnutls_datum_t * y,
+				 unsigned flags);
+
+#define gnutls_pubkey_get_pk_ecc_raw gnutls_pubkey_export_ecc_raw
+int gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key,
+				 gnutls_ecc_curve_t * curve,
+				 gnutls_datum_t * x, gnutls_datum_t * y);
+
+#define gnutls_pubkey_get_pk_ecc_x962 gnutls_pubkey_export_ecc_x962
+int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key,
+				  gnutls_datum_t * parameters,
+				  gnutls_datum_t * ecpoint);
+
+int gnutls_pubkey_export(gnutls_pubkey_t key,
+			 gnutls_x509_crt_fmt_t format,
+			 void *output_data, size_t * output_data_size);
+
+int gnutls_pubkey_export2(gnutls_pubkey_t key,
+			  gnutls_x509_crt_fmt_t format,
+			  gnutls_datum_t * out);
+
+int gnutls_pubkey_get_key_id(gnutls_pubkey_t key,
+			     unsigned int flags,
+			     unsigned char *output_data,
+			     size_t * output_data_size);
+
+int
+gnutls_pubkey_get_openpgp_key_id(gnutls_pubkey_t key,
+				 unsigned int flags,
+				 unsigned char *output_data,
+				 size_t * output_data_size,
+				 unsigned int *subkey);
+
+int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage);
+int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage);
+
+int gnutls_pubkey_import(gnutls_pubkey_t key,
+			 const gnutls_datum_t * data,
+			 gnutls_x509_crt_fmt_t format);
+
+
+#define gnutls_pubkey_import_pkcs11_url(key, url, flags) gnutls_pubkey_import_url(key, url, flags)
+
+int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
+				 const gnutls_datum_t * p,
+				 const gnutls_datum_t * q,
+				 const gnutls_datum_t * g,
+				 const gnutls_datum_t * y);
+int gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key,
+				 const gnutls_datum_t * m,
+				 const gnutls_datum_t * e);
+
+int
+gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key,
+			      const gnutls_datum_t * parameters,
+			      const gnutls_datum_t * ecpoint);
+
+int
+gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key,
+			     gnutls_ecc_curve_t curve,
+			     const gnutls_datum_t * x,
+			     const gnutls_datum_t * y);
+
+int
+gnutls_pubkey_encrypt_data(gnutls_pubkey_t key,
+			   unsigned int flags,
+			   const gnutls_datum_t * plaintext,
+			   gnutls_datum_t * ciphertext);
+
+int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, gnutls_pubkey_t key);
+
+int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, gnutls_pubkey_t key);
+
+int
+gnutls_pubkey_verify_hash2(gnutls_pubkey_t key,
+			   gnutls_sign_algorithm_t algo,
+			   unsigned int flags,
+			   const gnutls_datum_t * hash,
+			   const gnutls_datum_t * signature);
+
+int
+gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey,
+			   gnutls_sign_algorithm_t algo,
+			   unsigned int flags,
+			   const gnutls_datum_t * data,
+			   const gnutls_datum_t * signature);
+
+/* Private key operations */
+
+int gnutls_privkey_init(gnutls_privkey_t * key);
+void gnutls_privkey_deinit(gnutls_privkey_t key);
+
+/* macros to allow specifying a subgroup and group size in gnutls_privkey_generate()
+ * and gnutls_x509_privkey_generate() */
+#define GNUTLS_SUBGROUP_TO_BITS(group, subgroup) (unsigned int)((subgroup<<16)|(group))
+#define GNUTLS_BITS_TO_SUBGROUP(bits) ((bits >> 16) & 0xFFFF)
+#define GNUTLS_BITS_TO_GROUP(bits) (bits & 0xFFFF)
+#define GNUTLS_BITS_HAVE_SUBGROUP(bits) ((bits) & 0xFFFF0000)
+
+int
+gnutls_privkey_generate (gnutls_privkey_t key,
+                         gnutls_pk_algorithm_t algo, unsigned int bits,
+                         unsigned int flags);
+int
+gnutls_privkey_generate2(gnutls_privkey_t pkey,
+			 gnutls_pk_algorithm_t algo, unsigned int bits,
+			 unsigned int flags, const gnutls_keygen_data_st *data, unsigned data_size);
+
+int
+gnutls_privkey_set_spki(gnutls_privkey_t key,
+			const gnutls_x509_spki_t spki,
+			unsigned int flags);
+
+int
+gnutls_privkey_get_spki(gnutls_privkey_t key,
+			const gnutls_x509_spki_t spki,
+			unsigned int flags);
+
+int gnutls_privkey_verify_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t, const void *seed, size_t seed_size);
+int gnutls_privkey_get_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t*, void *seed, size_t *seed_size);
+
+int gnutls_privkey_verify_params(gnutls_privkey_t key);
+
+void gnutls_privkey_set_flags(gnutls_privkey_t key, unsigned int flags);
+
+void gnutls_privkey_set_pin_function (gnutls_privkey_t key,
+                                      gnutls_pin_callback_t fn, void *userdata);
+
+int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key,
+				    unsigned int *bits);
+gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key);
+int gnutls_privkey_status(gnutls_privkey_t key);
+
+/**
+ * gnutls_privkey_flags:
+ * @GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA: Make an RSA signature on the hashed data as in the TLS protocol.
+ * @GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS: Make an RSA signature on the hashed data with the PSS padding.
+ * @GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE: Make an RSA-PSS signature on the hashed data with reproducible parameters (zero salt).
+ * @GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE: When importing a private key, automatically
+ *   release it when the structure it was imported is released.
+ * @GNUTLS_PRIVKEY_IMPORT_COPY: Copy required values during import.
+ * @GNUTLS_PRIVKEY_DISABLE_CALLBACKS: The following flag disables call to PIN callbacks etc.
+ *   Only relevant to TPM keys.
+ * @GNUTLS_PRIVKEY_FLAG_PROVABLE: When generating a key involving prime numbers, use provable primes; a seed may be required.
+ * @GNUTLS_PRIVKEY_FLAG_CA: The generated private key is going to be used as a CA (relevant for RSA-PSS keys).
+ * @GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT: Keys generated or imported as provable require an extended format which cannot be read by previous versions
+ *   of gnutls or other applications. By setting this flag the key will be exported in a backwards compatible way,
+ *   even if the information about the seed used will be lost.
+ *
+ * Enumeration of different certificate import flags.
+ */
+typedef enum gnutls_privkey_flags {
+	GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE = 1,
+	GNUTLS_PRIVKEY_IMPORT_COPY = 1 << 1,
+	GNUTLS_PRIVKEY_DISABLE_CALLBACKS = 1 << 2,
+	GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA = 1 << 4,
+	GNUTLS_PRIVKEY_FLAG_PROVABLE = 1 << 5,
+	GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT = 1 << 6,
+	GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS = 1 << 7,
+	GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE = 1 << 8,
+	GNUTLS_PRIVKEY_FLAG_CA = 1 << 9
+} gnutls_privkey_flags_t;
+
+int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
+				 gnutls_pkcs11_privkey_t key,
+				 unsigned int flags);
+int gnutls_privkey_import_x509(gnutls_privkey_t pkey,
+			       gnutls_x509_privkey_t key,
+			       unsigned int flags);
+int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
+				  gnutls_openpgp_privkey_t key,
+				  unsigned int flags);
+
+int gnutls_privkey_export_x509(gnutls_privkey_t pkey,
+                               gnutls_x509_privkey_t * key);
+int gnutls_privkey_export_openpgp(gnutls_privkey_t pkey,
+                                  gnutls_openpgp_privkey_t * key);
+int
+gnutls_privkey_export_pkcs11(gnutls_privkey_t pkey,
+                             gnutls_pkcs11_privkey_t *key);
+
+int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey,
+				      const gnutls_datum_t * data,
+				      gnutls_openpgp_crt_fmt_t
+				      format,
+				      const gnutls_openpgp_keyid_t
+				      keyid, const char *password);
+
+int gnutls_privkey_import_x509_raw(gnutls_privkey_t pkey,
+				   const gnutls_datum_t * data,
+				   gnutls_x509_crt_fmt_t format,
+				   const char *password,
+				   unsigned int flags);
+
+int
+gnutls_privkey_import_tpm_raw(gnutls_privkey_t pkey,
+			      const gnutls_datum_t * fdata,
+			      gnutls_tpmkey_fmt_t format,
+			      const char *srk_password,
+			      const char *key_password,
+			      unsigned int flags);
+
+int
+gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey,
+			      const char *url,
+			      const char *srk_password,
+			      const char *key_password,
+			      unsigned int flags);
+
+int gnutls_privkey_import_url(gnutls_privkey_t key,
+			      const char *url, unsigned int flags);
+
+#if 0
+/* for documentation purposes */
+int gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url);
+#endif
+
+#define gnutls_privkey_import_pkcs11_url(key, url) gnutls_privkey_import_url(key, url, 0)
+
+int
+gnutls_privkey_import_ext(gnutls_privkey_t pkey,
+			  gnutls_pk_algorithm_t pk,
+			  void *userdata,
+			  gnutls_privkey_sign_func sign_func,
+			  gnutls_privkey_decrypt_func
+			  decrypt_func, unsigned int flags);
+
+int
+gnutls_privkey_import_ext2(gnutls_privkey_t pkey,
+			   gnutls_pk_algorithm_t pk,
+			   void *userdata,
+			   gnutls_privkey_sign_func sign_func,
+			   gnutls_privkey_decrypt_func
+			   decrypt_func,
+			   gnutls_privkey_deinit_func deinit_func,
+			   unsigned int flags);
+
+int
+gnutls_privkey_import_ext3(gnutls_privkey_t pkey,
+                           void *userdata,
+                           gnutls_privkey_sign_func sign_func,
+                           gnutls_privkey_decrypt_func decrypt_func,
+                           gnutls_privkey_deinit_func deinit_func,
+                           gnutls_privkey_info_func info_func,
+                           unsigned int flags);
+
+int
+gnutls_privkey_import_ext4(gnutls_privkey_t pkey,
+                           void *userdata,
+                           gnutls_privkey_sign_data_func sign_data_func,
+                           gnutls_privkey_sign_hash_func sign_hash_func,
+                           gnutls_privkey_decrypt_func decrypt_func,
+                           gnutls_privkey_deinit_func deinit_func,
+                           gnutls_privkey_info_func info_func,
+                           unsigned int flags);
+
+int gnutls_privkey_import_dsa_raw(gnutls_privkey_t key,
+				       const gnutls_datum_t * p,
+				       const gnutls_datum_t * q,
+				       const gnutls_datum_t * g,
+				       const gnutls_datum_t * y,
+				       const gnutls_datum_t * x);
+
+int gnutls_privkey_import_rsa_raw(gnutls_privkey_t key,
+					const gnutls_datum_t * m,
+					const gnutls_datum_t * e,
+					const gnutls_datum_t * d,
+					const gnutls_datum_t * p,
+					const gnutls_datum_t * q,
+					const gnutls_datum_t * u,
+					const gnutls_datum_t * e1,
+					const gnutls_datum_t * e2);
+int gnutls_privkey_import_ecc_raw(gnutls_privkey_t key,
+				       gnutls_ecc_curve_t curve,
+				       const gnutls_datum_t * x,
+				       const gnutls_datum_t * y,
+				       const gnutls_datum_t * k);
+
+
+int gnutls_privkey_sign_data(gnutls_privkey_t signer,
+			     gnutls_digest_algorithm_t hash,
+			     unsigned int flags,
+			     const gnutls_datum_t * data,
+			     gnutls_datum_t * signature);
+
+int gnutls_privkey_sign_data2(gnutls_privkey_t signer,
+			      gnutls_sign_algorithm_t algo,
+			      unsigned int flags,
+			      const gnutls_datum_t * data,
+			      gnutls_datum_t * signature);
+
+#define gnutls_privkey_sign_raw_data(key, flags, data, sig) \
+	gnutls_privkey_sign_hash ( key, 0, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, data, sig)
+
+int gnutls_privkey_sign_hash(gnutls_privkey_t signer,
+			     gnutls_digest_algorithm_t hash_algo,
+			     unsigned int flags,
+			     const gnutls_datum_t * hash_data,
+			     gnutls_datum_t * signature);
+
+int gnutls_privkey_sign_hash2(gnutls_privkey_t signer,
+			      gnutls_sign_algorithm_t algo,
+			      unsigned int flags,
+			      const gnutls_datum_t * hash_data,
+			      gnutls_datum_t * signature);
+
+
+int gnutls_privkey_decrypt_data(gnutls_privkey_t key,
+				unsigned int flags,
+				const gnutls_datum_t * ciphertext,
+				gnutls_datum_t * plaintext);
+
+int
+gnutls_privkey_export_rsa_raw(gnutls_privkey_t key,
+				    gnutls_datum_t * m, gnutls_datum_t * e,
+				    gnutls_datum_t * d, gnutls_datum_t * p,
+				    gnutls_datum_t * q, gnutls_datum_t * u,
+				    gnutls_datum_t * e1,
+				    gnutls_datum_t * e2);
+
+int
+gnutls_privkey_export_rsa_raw2(gnutls_privkey_t key,
+				    gnutls_datum_t * m, gnutls_datum_t * e,
+				    gnutls_datum_t * d, gnutls_datum_t * p,
+				    gnutls_datum_t * q, gnutls_datum_t * u,
+				    gnutls_datum_t * e1,
+				    gnutls_datum_t * e2, unsigned flags);
+
+int
+gnutls_privkey_export_dsa_raw(gnutls_privkey_t key,
+			     gnutls_datum_t * p, gnutls_datum_t * q,
+			     gnutls_datum_t * g, gnutls_datum_t * y,
+			     gnutls_datum_t * x);
+
+int
+gnutls_privkey_export_dsa_raw2(gnutls_privkey_t key,
+			     gnutls_datum_t * p, gnutls_datum_t * q,
+			     gnutls_datum_t * g, gnutls_datum_t * y,
+			     gnutls_datum_t * x, unsigned flags);
+
+int
+gnutls_privkey_export_ecc_raw(gnutls_privkey_t key,
+				       gnutls_ecc_curve_t * curve,
+				       gnutls_datum_t * x,
+				       gnutls_datum_t * y,
+				       gnutls_datum_t * k);
+
+int
+gnutls_privkey_export_ecc_raw2(gnutls_privkey_t key,
+				       gnutls_ecc_curve_t * curve,
+				       gnutls_datum_t * x,
+				       gnutls_datum_t * y,
+				       gnutls_datum_t * k,
+				       unsigned flags);
+
+int gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt,
+				 gnutls_x509_crt_t issuer,
+				 gnutls_privkey_t issuer_key,
+				 gnutls_digest_algorithm_t dig,
+				 unsigned int flags);
+
+int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl,
+				 gnutls_x509_crt_t issuer,
+				 gnutls_privkey_t issuer_key,
+				 gnutls_digest_algorithm_t dig,
+				 unsigned int flags);
+
+int gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq,
+				 gnutls_privkey_t key,
+				 gnutls_digest_algorithm_t dig,
+				 unsigned int flags);
+
+/**
+ * gnutls_pcert_st:
+ * @pubkey: public key of parsed certificate.
+ * @cert: certificate itself of parsed certificate
+ * @type: type of certificate, a #gnutls_certificate_type_t type.
+ *
+ * A parsed certificate.
+ */
+typedef struct gnutls_pcert_st {
+	gnutls_pubkey_t pubkey;
+	gnutls_datum_t cert;
+	gnutls_certificate_type_t type;
+} gnutls_pcert_st;
+
+/* Do not initialize the "cert" element of
+ * the certificate */
+#define GNUTLS_PCERT_NO_CERT 1
+
+int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
+			     gnutls_x509_crt_t crt, unsigned int flags);
+
+int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert,
+				  gnutls_x509_crt_t *crt, unsigned *ncrt,
+				  unsigned int flags);
+
+int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
+                             gnutls_x509_crt_t * crt);
+
+int
+gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts,
+				  unsigned int *pcert_max,
+				  const gnutls_datum_t * data,
+				  gnutls_x509_crt_fmt_t format,
+				  unsigned int flags);
+
+int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert,
+				 const gnutls_datum_t * cert,
+				 gnutls_x509_crt_fmt_t format,
+				 unsigned int flags);
+
+int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * pcert,
+				    const gnutls_datum_t * cert,
+				    gnutls_openpgp_crt_fmt_t
+				    format,
+				    gnutls_openpgp_keyid_t keyid,
+				    unsigned int flags);
+
+int gnutls_pcert_import_openpgp(gnutls_pcert_st * pcert,
+				gnutls_openpgp_crt_t crt,
+				unsigned int flags);
+
+int gnutls_pcert_export_openpgp(gnutls_pcert_st * pcert,
+                                gnutls_openpgp_crt_t * crt);
+
+void gnutls_pcert_deinit(gnutls_pcert_st * pcert);
+
+/* For certificate credentials */
+	/* This is the same as gnutls_certificate_retrieve_function()
+	 * but retrieves a gnutls_pcert_st which requires much less processing
+	 * within the library.
+	 */
+typedef int gnutls_certificate_retrieve_function2(gnutls_session_t,
+				  const gnutls_datum_t *req_ca_rdn,
+				  int nreqs,
+				  const gnutls_pk_algorithm_t *pk_algos,
+				  int pk_algos_length,
+				  gnutls_pcert_st**,
+				  unsigned int *pcert_length,
+				  gnutls_privkey_t *privkey);
+
+
+void gnutls_certificate_set_retrieve_function2
+    (gnutls_certificate_credentials_t cred,
+     gnutls_certificate_retrieve_function2 * func);
+
+int
+gnutls_certificate_set_key(gnutls_certificate_credentials_t res,
+			   const char **names,
+			   int names_size,
+			   gnutls_pcert_st * pcert_list,
+			   int pcert_list_size, gnutls_privkey_t key);
+
+int
+gnutls_pubkey_print(gnutls_pubkey_t pubkey,
+		    gnutls_certificate_print_formats_t format,
+		    gnutls_datum_t * out);
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif

CodeSign/GnuTLS/lib/includes/compat.h

@@ -0,0 +1,259 @@
+/*
+ * Copyright (C) 2008-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* Typedefs for more compatibility with older GnuTLS. */
+
+#ifndef _GNUTLS_COMPAT_H
+#define _GNUTLS_COMPAT_H
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+#ifdef __GNUC__
+
+#define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+
+#if !defined GNUTLS_INTERNAL_BUILD
+#if _GNUTLS_GCC_VERSION >= 30100
+#define _GNUTLS_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__))
+#endif
+#endif
+
+#endif				/* __GNUC__ */
+
+#ifndef _GNUTLS_GCC_ATTR_DEPRECATED
+#define _GNUTLS_GCC_ATTR_DEPRECATED
+#endif
+
+/* gnutls_connection_end_t was made redundant in 2.99.0 */
+typedef unsigned int gnutls_connection_end_t _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* Stuff deprected in 2.x */
+typedef gnutls_cipher_algorithm_t gnutls_cipher_algorithm
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_kx_algorithm_t gnutls_kx_algorithm
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_mac_algorithm_t gnutls_mac_algorithm
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_digest_algorithm_t gnutls_digest_algorithm
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_compression_method_t gnutls_compression_method
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_connection_end_t gnutls_connection_end
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_x509_crt_fmt_t gnutls_x509_crt_fmt
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_pk_algorithm_t gnutls_pk_algorithm
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_sign_algorithm_t gnutls_sign_algorithm
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_close_request_t gnutls_close_request
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_certificate_request_t gnutls_certificate_request
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_certificate_status_t gnutls_certificate_status
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_session_t gnutls_session _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_alert_level_t gnutls_alert_level
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_alert_description_t gnutls_alert_description
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_x509_subject_alt_name_t gnutls_x509_subject_alt_name
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_openpgp_privkey_t gnutls_openpgp_privkey
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_openpgp_keyring_t gnutls_openpgp_keyring
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_x509_crt_t gnutls_x509_crt _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_x509_privkey_t gnutls_x509_privkey
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_x509_crl_t gnutls_x509_crl _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_x509_crq_t gnutls_x509_crq _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_certificate_credentials_t
+    gnutls_certificate_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_anon_server_credentials_t
+    gnutls_anon_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_anon_client_credentials_t
+    gnutls_anon_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_srp_client_credentials_t
+    gnutls_srp_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_srp_server_credentials_t
+    gnutls_srp_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_dh_params_t gnutls_dh_params _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_rsa_params_t gnutls_rsa_params _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_params_type_t gnutls_params_type
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_credentials_type_t gnutls_credentials_type
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_certificate_type_t gnutls_certificate_type
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_transport_ptr_t gnutls_transport_ptr
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* Old verification flags */
+#define GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT  (0)
+
+/* Old SRP alerts removed in 2.1.x because the TLS-SRP RFC was
+   modified to use the PSK alert. */
+#define GNUTLS_A_MISSING_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
+#define GNUTLS_A_UNKNOWN_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
+
+/* OpenPGP stuff renamed in 2.1.x. */
+#define GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
+#define GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
+#define gnutls_openpgp_send_key gnutls_openpgp_send_cert
+typedef gnutls_openpgp_crt_status_t gnutls_openpgp_key_status_t
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+typedef gnutls_openpgp_crt_t gnutls_openpgp_key_t
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+#define gnutls_openpgp_key_init gnutls_openpgp_crt_init
+#define gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
+#define gnutls_openpgp_key_import gnutls_openpgp_crt_import
+#define gnutls_openpgp_key_export gnutls_openpgp_crt_export
+#define gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage
+#define gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint
+#define gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm
+#define gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name
+#define gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version
+#define gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time
+#define gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time
+#define gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id
+#define gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname
+
+/* OpenPGP stuff renamed in 2.3.x. */
+#define gnutls_openpgp_crt_get_id gnutls_openpgp_crt_get_key_id
+
+/* New better names renamed in 2.3.x, add these for backwards
+   compatibility with old poor names.*/
+#define GNUTLS_X509_CRT_FULL GNUTLS_CRT_PRINT_FULL
+#define GNUTLS_X509_CRT_ONELINE GNUTLS_CRT_PRINT_ONELINE
+#define GNUTLS_X509_CRT_UNSIGNED_FULL GNUTLS_CRT_PRINT_UNSIGNED_FULL
+
+/* Namespace problems. */
+#define LIBGNUTLS_VERSION GNUTLS_VERSION
+#define LIBGNUTLS_VERSION_MAJOR GNUTLS_VERSION_MAJOR
+#define LIBGNUTLS_VERSION_MINOR GNUTLS_VERSION_MINOR
+#define LIBGNUTLS_VERSION_PATCH GNUTLS_VERSION_PATCH
+#define LIBGNUTLS_VERSION_NUMBER GNUTLS_VERSION_NUMBER
+#define LIBGNUTLS_EXTRA_VERSION GNUTLS_VERSION
+
+/* This is a very dangerous and error-prone function.
+ * Use gnutls_privkey_sign_hash() instead.
+ */
+int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key,
+				  const gnutls_datum_t * hash,
+				  gnutls_datum_t * signature)
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key,
+				     const gnutls_datum_t * hash,
+				     gnutls_datum_t * signature)
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+
+	/* gnutls_pubkey_get_preferred_hash_algorithm() */
+int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t
+						 crt,
+						 gnutls_digest_algorithm_t
+						 * hash, unsigned int
+						 *mand)
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+
+	/* gnutls_x509_crq_privkey_sign() */
+int gnutls_x509_crq_sign(gnutls_x509_crq_t crq,
+			 gnutls_x509_privkey_t key)
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+
+	/* gnutls_x509_crl_privkey_sign */
+int gnutls_x509_crl_sign(gnutls_x509_crl_t crl,
+			 gnutls_x509_crt_t issuer,
+			 gnutls_x509_privkey_t issuer_key)
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+
+	/* use gnutls_privkey_sign_hash() with the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag */
+
+#ifdef _ISOC99_SOURCE
+/* we provide older functions for compatibility as inline functions that
+ * depend on gnutls_session_get_random. */
+
+static inline const void
+*gnutls_session_get_server_random(gnutls_session_t session)
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+static inline const void
+*gnutls_session_get_server_random(gnutls_session_t session)
+{
+	gnutls_datum_t rnd;
+	gnutls_session_get_random(session, NULL, &rnd);	/*doc-skip */
+	return rnd.data;
+}
+
+static inline const void
+*gnutls_session_get_client_random(gnutls_session_t session)
+    _GNUTLS_GCC_ATTR_DEPRECATED;
+static inline const void
+*gnutls_session_get_client_random(gnutls_session_t session)
+{
+	gnutls_datum_t rnd;
+	gnutls_session_get_random(session, &rnd, NULL);	/*doc-skip */
+	return rnd.data;
+}
+#endif
+
+void
+gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func,
+				gnutls_alloc_function secure_alloc_func,
+				gnutls_is_secure_function is_secure_func,
+				gnutls_realloc_function realloc_func,
+				gnutls_free_function free_func) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* defined in old headers - unused nevertheless */
+#define GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA 0
+
+/* old compression related functions */
+gnutls_compression_method_t
+gnutls_compression_get(gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+const char *
+gnutls_compression_get_name(gnutls_compression_method_t
+			    algorithm) __GNUTLS_CONST__ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+gnutls_compression_method_t
+	gnutls_compression_get_id(const char *name) __GNUTLS_CONST__ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+const gnutls_compression_method_t *
+	gnutls_compression_list(void) __GNUTLS_PURE__ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_priority_compression_list(gnutls_priority_t pcache,
+				     const unsigned int **list) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+
+#endif				/* _GNUTLS_COMPAT_H */

CodeSign/GnuTLS/lib/includes/crypto.h

@@ -0,0 +1,247 @@
+/*
+ * Copyright (C) 2008-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifndef GNUTLS_CRYPTO_H
+#define GNUTLS_CRYPTO_H
+
+#include <gnutls/gnutls.h>
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+typedef struct api_cipher_hd_st *gnutls_cipher_hd_t;
+
+int gnutls_cipher_init(gnutls_cipher_hd_t * handle,
+		       gnutls_cipher_algorithm_t cipher,
+		       const gnutls_datum_t * key,
+		       const gnutls_datum_t * iv);
+int gnutls_cipher_encrypt(const gnutls_cipher_hd_t handle,
+			  void *text, size_t textlen);
+int gnutls_cipher_decrypt(const gnutls_cipher_hd_t handle,
+			  void *ciphertext, size_t ciphertextlen);
+int gnutls_cipher_decrypt2(gnutls_cipher_hd_t handle,
+			   const void *ciphertext,
+			   size_t ciphertextlen, void *text,
+			   size_t textlen);
+int gnutls_cipher_encrypt2(gnutls_cipher_hd_t handle,
+			   const void *text, size_t textlen,
+			   void *ciphertext, size_t ciphertextlen);
+
+void gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv,
+			  size_t ivlen);
+
+int gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag,
+		      size_t tag_size);
+int gnutls_cipher_add_auth(gnutls_cipher_hd_t handle,
+			   const void *text, size_t text_size);
+
+void gnutls_cipher_deinit(gnutls_cipher_hd_t handle);
+unsigned gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__;
+unsigned gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__;
+unsigned gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__;
+
+/* AEAD API
+ */
+typedef struct api_aead_cipher_hd_st *gnutls_aead_cipher_hd_t;
+
+int gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t * handle,
+			    gnutls_cipher_algorithm_t cipher,
+			    const gnutls_datum_t * key);
+int
+gnutls_aead_cipher_decrypt(gnutls_aead_cipher_hd_t handle,
+			   const void *nonce, size_t nonce_len,
+			   const void *auth, size_t auth_len,
+			   size_t tag_size,
+			   const void *ctext, size_t ctext_len,
+			   void *ptext, size_t *ptext_len);
+int
+gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
+			   const void *nonce, size_t nonce_len,
+			   const void *auth, size_t auth_len,
+			   size_t tag_size,
+			   const void *ptext, size_t ptext_len,
+			   void *ctext, size_t *ctext_len);
+
+void gnutls_aead_cipher_deinit(gnutls_aead_cipher_hd_t handle);
+
+/* Hash - MAC API */
+
+typedef struct hash_hd_st *gnutls_hash_hd_t;
+typedef struct hmac_hd_st *gnutls_hmac_hd_t;
+
+size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__;
+int gnutls_hmac_init(gnutls_hmac_hd_t * dig,
+		     gnutls_mac_algorithm_t algorithm,
+		     const void *key, size_t keylen);
+void gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle,
+			   const void *nonce, size_t nonce_len);
+int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text, size_t textlen);
+void gnutls_hmac_output(gnutls_hmac_hd_t handle, void *digest);
+void gnutls_hmac_deinit(gnutls_hmac_hd_t handle, void *digest);
+unsigned gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__;
+int gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm,
+		     const void *key, size_t keylen,
+		     const void *text, size_t textlen, void *digest);
+
+int gnutls_hash_init(gnutls_hash_hd_t * dig,
+		     gnutls_digest_algorithm_t algorithm);
+int gnutls_hash(gnutls_hash_hd_t handle, const void *text, size_t textlen);
+void gnutls_hash_output(gnutls_hash_hd_t handle, void *digest);
+void gnutls_hash_deinit(gnutls_hash_hd_t handle, void *digest);
+unsigned gnutls_hash_get_len(gnutls_digest_algorithm_t algorithm) __GNUTLS_CONST__;
+int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,
+		     const void *text, size_t textlen, void *digest);
+
+/* register ciphers */
+
+
+/**
+ * gnutls_rnd_level_t:
+ * @GNUTLS_RND_NONCE: Non-predictable random number.  Fatal in parts
+ *   of session if broken, i.e., vulnerable to statistical analysis.
+ * @GNUTLS_RND_RANDOM: Pseudo-random cryptographic random number.
+ *   Fatal in session if broken. Example use: temporal keys.
+ * @GNUTLS_RND_KEY: Fatal in many sessions if broken. Example use:
+ *   Long-term keys.
+ *
+ * Enumeration of random quality levels.
+ */
+typedef enum gnutls_rnd_level {
+	GNUTLS_RND_NONCE = 0,
+	GNUTLS_RND_RANDOM = 1,
+	GNUTLS_RND_KEY = 2
+} gnutls_rnd_level_t;
+
+int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len);
+
+void gnutls_rnd_refresh(void);
+
+
+/* API to override ciphers and MAC algorithms 
+ */
+
+typedef int (*gnutls_cipher_init_func) (gnutls_cipher_algorithm_t, void **ctx, int enc);
+typedef int (*gnutls_cipher_setkey_func) (void *ctx, const void *key, size_t keysize);
+/* old style ciphers */
+typedef int (*gnutls_cipher_setiv_func) (void *ctx, const void *iv, size_t ivsize);
+typedef int (*gnutls_cipher_encrypt_func) (void *ctx, const void *plain, size_t plainsize,
+				void *encr, size_t encrsize);
+typedef int (*gnutls_cipher_decrypt_func) (void *ctx, const void *encr, size_t encrsize,
+			void *plain, size_t plainsize);
+
+/* aead ciphers */
+typedef int (*gnutls_cipher_auth_func) (void *ctx, const void *data, size_t datasize);
+typedef void (*gnutls_cipher_tag_func) (void *ctx, void *tag, size_t tagsize);
+
+typedef int (*gnutls_cipher_aead_encrypt_func) (void *ctx,
+			const void *nonce, size_t noncesize,
+			const void *auth, size_t authsize,
+			size_t tag_size,
+			const void *plain, size_t plainsize,
+			void *encr, size_t encrsize);
+typedef int (*gnutls_cipher_aead_decrypt_func) (void *ctx,
+			const void *nonce, size_t noncesize,
+			const void *auth, size_t authsize,
+			size_t tag_size,
+			const void *encr, size_t encrsize,
+			void *plain, size_t plainsize);
+typedef void (*gnutls_cipher_deinit_func) (void *ctx);
+
+int
+gnutls_crypto_register_cipher(gnutls_cipher_algorithm_t algorithm,
+			      int priority,
+			      gnutls_cipher_init_func init,
+			      gnutls_cipher_setkey_func setkey,
+			      gnutls_cipher_setiv_func setiv,
+			      gnutls_cipher_encrypt_func encrypt,
+			      gnutls_cipher_decrypt_func decrypt,
+			      gnutls_cipher_deinit_func deinit);
+
+int
+gnutls_crypto_register_aead_cipher(gnutls_cipher_algorithm_t algorithm,
+			      int priority,
+			      gnutls_cipher_init_func init,
+			      gnutls_cipher_setkey_func setkey,
+			      gnutls_cipher_aead_encrypt_func aead_encrypt,
+			      gnutls_cipher_aead_decrypt_func aead_decrypt,
+			      gnutls_cipher_deinit_func deinit);
+
+typedef int (*gnutls_mac_init_func) (gnutls_mac_algorithm_t, void **ctx);
+typedef int (*gnutls_mac_setkey_func) (void *ctx, const void *key, size_t keysize);
+typedef int (*gnutls_mac_setnonce_func) (void *ctx, const void *nonce, size_t noncesize);
+typedef int (*gnutls_mac_hash_func) (void *ctx, const void *text, size_t textsize);
+typedef int (*gnutls_mac_output_func) (void *src_ctx, void *digest, size_t digestsize);
+typedef void (*gnutls_mac_deinit_func) (void *ctx);
+typedef int (*gnutls_mac_fast_func) (gnutls_mac_algorithm_t, const void *nonce,
+		     size_t nonce_size, const void *key, size_t keysize,
+		     const void *text, size_t textsize, void *digest);
+
+int
+gnutls_crypto_register_mac(gnutls_mac_algorithm_t mac,
+			   int priority,
+			   gnutls_mac_init_func init,
+			   gnutls_mac_setkey_func setkey,
+			   gnutls_mac_setnonce_func setnonce,
+			   gnutls_mac_hash_func hash,
+			   gnutls_mac_output_func output,
+			   gnutls_mac_deinit_func deinit,
+			   gnutls_mac_fast_func hash_fast);
+
+typedef int (*gnutls_digest_init_func) (gnutls_digest_algorithm_t, void **ctx);
+typedef int (*gnutls_digest_hash_func) (void *ctx, const void *text, size_t textsize);
+typedef int (*gnutls_digest_output_func) (void *src_ctx, void *digest, size_t digestsize);
+typedef void (*gnutls_digest_deinit_func) (void *ctx);
+typedef int (*gnutls_digest_fast_func) (gnutls_digest_algorithm_t,
+		     const void *text, size_t textsize, void *digest);
+
+int
+gnutls_crypto_register_digest(gnutls_digest_algorithm_t digest,
+			   int priority,
+			   gnutls_digest_init_func init,
+			   gnutls_digest_hash_func hash,
+			   gnutls_digest_output_func output,
+			   gnutls_digest_deinit_func deinit,
+			   gnutls_digest_fast_func hash_fast);
+
+/* RSA-PKCS#1 1.5 helper functions */
+int
+gnutls_encode_ber_digest_info(gnutls_digest_algorithm_t hash,
+			      const gnutls_datum_t * digest,
+			      gnutls_datum_t * output);
+
+int
+gnutls_decode_ber_digest_info(const gnutls_datum_t * info,
+			      gnutls_digest_algorithm_t *hash,
+			      unsigned char *digest, unsigned int *digest_size);
+
+int gnutls_decode_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t *r, gnutls_datum_t *s);
+int gnutls_encode_rs_value(gnutls_datum_t * sig_value, const gnutls_datum_t * r, const gnutls_datum_t * s);
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif

CodeSign/GnuTLS/lib/includes/dtls.h

@@ -0,0 +1,92 @@
+/*
+ * Copyright (C) 2011-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* This file contains the types and prototypes for the X.509
+ * certificate and CRL handling functions.
+ */
+
+#ifndef GNUTLS_DTLS_H
+#define GNUTLS_DTLS_H
+
+#include <gnutls/gnutls.h>
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+#define GNUTLS_COOKIE_KEY_SIZE 16
+
+void gnutls_dtls_set_timeouts(gnutls_session_t session,
+			      unsigned int retrans_timeout,
+			      unsigned int total_timeout);
+
+unsigned int gnutls_dtls_get_mtu(gnutls_session_t session);
+unsigned int gnutls_dtls_get_data_mtu(gnutls_session_t session);
+
+void gnutls_dtls_set_mtu(gnutls_session_t session, unsigned int mtu);
+int gnutls_dtls_set_data_mtu(gnutls_session_t session, unsigned int mtu);
+
+unsigned int gnutls_dtls_get_timeout(gnutls_session_t session);
+
+/**
+ * gnutls_dtls_prestate_st:
+ * @record_seq: record sequence number
+ * @hsk_read_seq: handshake read sequence number
+ * @hsk_write_seq: handshake write sequence number
+ *
+ * DTLS cookie prestate struct.  This is usually never modified by
+ * the application, it is used to carry the cookie data between
+ * gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and
+ * gnutls_dtls_prestate_set().
+ */
+typedef struct {
+	unsigned int record_seq;
+	unsigned int hsk_read_seq;
+	unsigned int hsk_write_seq;
+} gnutls_dtls_prestate_st;
+
+int gnutls_dtls_cookie_send(gnutls_datum_t * key,
+			    void *client_data,
+			    size_t client_data_size,
+			    gnutls_dtls_prestate_st * prestate,
+			    gnutls_transport_ptr_t ptr,
+			    gnutls_push_func push_func);
+
+int gnutls_dtls_cookie_verify(gnutls_datum_t * key,
+			      void *client_data,
+			      size_t client_data_size, void *_msg,
+			      size_t msg_size,
+			      gnutls_dtls_prestate_st * prestate);
+
+void gnutls_dtls_prestate_set(gnutls_session_t session,
+			      gnutls_dtls_prestate_st * prestate);
+
+unsigned int gnutls_record_get_discarded(gnutls_session_t session);
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif				/* GNUTLS_DTLS_H */

CodeSign/GnuTLS/lib/includes/gnutlsxx.h

@@ -0,0 +1,426 @@
+/*
+ * Copyright (C) 2006-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifndef GNUTLSXX_H
+#define GNUTLSXX_H
+
+#include <exception>
+#include <vector>
+#include <gnutls/gnutls.h>
+
+namespace gnutls {
+
+	class noncopyable {
+	      protected:
+		noncopyable() {
+		} ~noncopyable() {
+	      } private:
+		// These are non-implemented.
+		 noncopyable(const noncopyable &);
+		noncopyable & operator=(const noncopyable &);
+	};
+
+
+	class exception:public std::exception {
+	      public:
+		exception(int x);
+		const char *what() const throw();
+		int get_code();
+	      protected:
+		int retcode;
+	};
+
+
+	class dh_params:private noncopyable {
+	      public:
+		dh_params();
+		~dh_params();
+		void import_raw(const gnutls_datum_t & prime,
+				const gnutls_datum_t & generator);
+		void import_pkcs3(const gnutls_datum_t & pkcs3_params,
+				  gnutls_x509_crt_fmt_t format);
+		void generate(unsigned int bits);
+
+		void export_pkcs3(gnutls_x509_crt_fmt_t format,
+				  unsigned char *params_data,
+				  size_t * params_data_size);
+		void export_raw(gnutls_datum_t & prime,
+				gnutls_datum_t & generator);
+
+		gnutls_dh_params_t get_params_t() const;
+		 dh_params & operator=(const dh_params & src);
+	      protected:
+		 gnutls_dh_params_t params;
+	};
+
+
+	class rsa_params:private noncopyable {
+	      public:
+		rsa_params();
+		~rsa_params();
+		void import_raw(const gnutls_datum_t & m,
+				const gnutls_datum_t & e,
+				const gnutls_datum_t & d,
+				const gnutls_datum_t & p,
+				const gnutls_datum_t & q,
+				const gnutls_datum_t & u);
+		void import_pkcs1(const gnutls_datum_t & pkcs1_params,
+				  gnutls_x509_crt_fmt_t format);
+		void generate(unsigned int bits);
+
+		void export_pkcs1(gnutls_x509_crt_fmt_t format,
+				  unsigned char *params_data,
+				  size_t * params_data_size);
+		void export_raw(gnutls_datum_t & m, gnutls_datum_t & e,
+				gnutls_datum_t & d, gnutls_datum_t & p,
+				gnutls_datum_t & q, gnutls_datum_t & u);
+		gnutls_rsa_params_t get_params_t() const;
+		 rsa_params & operator=(const rsa_params & src);
+
+	      protected:
+		 gnutls_rsa_params_t params;
+	};
+
+	class session:private noncopyable {
+	      protected:
+		gnutls_session_t s;
+	      public:
+		session(unsigned int);
+		 virtual ~ session();
+
+		int bye(gnutls_close_request_t how);
+		int handshake();
+
+		gnutls_alert_description_t get_alert() const;
+
+		int send_alert(gnutls_alert_level_t level,
+			       gnutls_alert_description_t desc);
+		int send_appropriate_alert(int err);
+
+		gnutls_cipher_algorithm_t get_cipher() const;
+		gnutls_kx_algorithm_t get_kx() const;
+		gnutls_mac_algorithm_t get_mac() const;
+		gnutls_compression_method_t get_compression() const;
+		gnutls_certificate_type_t get_certificate_type() const;
+
+		// for the handshake
+		void set_private_extensions(bool allow);
+
+		gnutls_handshake_description_t get_handshake_last_out()
+		    const;
+		gnutls_handshake_description_t get_handshake_last_in()
+		    const;
+
+		ssize_t send(const void *data, size_t sizeofdata);
+		ssize_t recv(void *data, size_t sizeofdata);
+
+		bool get_record_direction() const;
+
+		// maximum packet size
+		size_t get_max_size() const;
+		void set_max_size(size_t size);
+
+		size_t check_pending() const;
+
+		void prf(size_t label_size, const char *label,
+			 int server_random_first,
+			 size_t extra_size, const char *extra,
+			 size_t outsize, char *out);
+
+		void prf_raw(size_t label_size, const char *label,
+			     size_t seed_size, const char *seed,
+			     size_t outsize, char *out);
+
+		/* if you just want some defaults, use the following.
+		 */
+		void set_priority(const char *prio, const char **err_pos);
+		void set_priority(gnutls_priority_t p);
+
+		gnutls_protocol_t get_protocol_version() const;
+
+		// for resuming sessions
+		void set_data(const void *session_data,
+			      size_t session_data_size);
+		void get_data(void *session_data,
+			      size_t * session_data_size) const;
+		void get_data(gnutls_session_t session,
+			      gnutls_datum_t & data) const;
+		void get_id(void *session_id,
+			    size_t * session_id_size) const;
+
+		bool is_resumed() const;
+
+		void set_max_handshake_packet_length(size_t max);
+
+		void clear_credentials();
+		void set_credentials(class credentials & cred);
+
+		void set_transport_ptr(gnutls_transport_ptr_t ptr);
+		void set_transport_ptr(gnutls_transport_ptr_t recv_ptr,
+				       gnutls_transport_ptr_t send_ptr);
+		gnutls_transport_ptr_t get_transport_ptr() const;
+		void get_transport_ptr(gnutls_transport_ptr_t & recv_ptr,
+				       gnutls_transport_ptr_t & send_ptr)
+		    const;
+
+		void set_transport_lowat(size_t num);
+		void set_transport_push_function(gnutls_push_func
+						 push_func);
+		void set_transport_vec_push_function(gnutls_vec_push_func
+						     vec_push_func);
+		void set_transport_pull_function(gnutls_pull_func
+						 pull_func);
+
+		void set_user_ptr(void *ptr);
+		void *get_user_ptr() const;
+
+		void send_openpgp_cert(gnutls_openpgp_crt_status_t status);
+
+		gnutls_credentials_type_t get_auth_type() const;
+		gnutls_credentials_type_t get_server_auth_type() const;
+		gnutls_credentials_type_t get_client_auth_type() const;
+
+		// informational stuff
+		void set_dh_prime_bits(unsigned int bits);
+		unsigned int get_dh_secret_bits() const;
+		unsigned int get_dh_peers_public_bits() const;
+		unsigned int get_dh_prime_bits() const;
+		void get_dh_group(gnutls_datum_t & gen,
+				  gnutls_datum_t & prime) const;
+		void get_dh_pubkey(gnutls_datum_t & raw_key) const;
+		void get_rsa_export_pubkey(gnutls_datum_t & exponent,
+					   gnutls_datum_t & modulus) const;
+		unsigned int get_rsa_export_modulus_bits() const;
+
+		void get_our_certificate(gnutls_datum_t & cert) const;
+		bool get_peers_certificate(std::vector < gnutls_datum_t >
+					   &out_certs) const;
+		bool get_peers_certificate(const gnutls_datum_t ** certs,
+					   unsigned int *certs_size) const;
+
+		time_t get_peers_certificate_activation_time() const;
+		time_t get_peers_certificate_expiration_time() const;
+		void verify_peers_certificate(unsigned int &status) const;
+
+	};
+
+// interface for databases
+	class DB:private noncopyable {
+	      public:
+		virtual ~ DB() = 0;
+		virtual bool store(const gnutls_datum_t & key,
+				   const gnutls_datum_t & data) = 0;
+		virtual bool retrieve(const gnutls_datum_t & key,
+				      gnutls_datum_t & data) = 0;
+		virtual bool remove(const gnutls_datum_t & key) = 0;
+	};
+
+	class server_session:public session {
+	      public:
+		server_session();
+		~server_session();
+		void db_remove() const;
+
+		void set_db_cache_expiration(unsigned int seconds);
+		void set_db(const DB & db);
+
+		// returns true if session is expired
+		bool db_check_entry(gnutls_datum_t & session_data) const;
+
+		// server side only
+		const char *get_srp_username() const;
+		const char *get_psk_username() const;
+
+		void get_server_name(void *data, size_t * data_length,
+				     unsigned int *type,
+				     unsigned int indx) const;
+
+		int rehandshake();
+		void set_certificate_request(gnutls_certificate_request_t);
+	};
+
+	class client_session:public session {
+	      public:
+		client_session();
+		~client_session();
+
+		void set_server_name(gnutls_server_name_type_t type,
+				     const void *name, size_t name_length);
+
+		bool get_request_status();
+	};
+
+
+	class credentials:private noncopyable {
+	      public:
+		virtual ~ credentials() {
+		} gnutls_credentials_type_t get_type() const;
+	      protected:
+		friend class session;
+		credentials(gnutls_credentials_type_t t);
+		void *ptr() const;
+		void set_ptr(void *ptr);
+		gnutls_credentials_type_t type;
+	      private:
+		void *cred;
+	};
+
+	class certificate_credentials:public credentials {
+	      public:
+		~certificate_credentials();
+		certificate_credentials();
+
+		void free_keys();
+		void free_cas();
+		void free_ca_names();
+		void free_crls();
+
+		void set_dh_params(const dh_params & params);
+		void set_rsa_export_params(const rsa_params & params);
+		void set_verify_flags(unsigned int flags);
+		void set_verify_limits(unsigned int max_bits,
+				       unsigned int max_depth);
+
+		void set_x509_trust_file(const char *cafile,
+					 gnutls_x509_crt_fmt_t type);
+		void set_x509_trust(const gnutls_datum_t & CA,
+				    gnutls_x509_crt_fmt_t type);
+		// FIXME: use classes instead of gnutls_x509_crt_t
+		void set_x509_trust(gnutls_x509_crt_t * ca_list,
+				    int ca_list_size);
+
+		void set_x509_crl_file(const char *crlfile,
+				       gnutls_x509_crt_fmt_t type);
+		void set_x509_crl(const gnutls_datum_t & CRL,
+				  gnutls_x509_crt_fmt_t type);
+		void set_x509_crl(gnutls_x509_crl_t * crl_list,
+				  int crl_list_size);
+
+		void set_x509_key_file(const char *certfile,
+				       const char *KEYFILE,
+				       gnutls_x509_crt_fmt_t type);
+		void set_x509_key(const gnutls_datum_t & CERT,
+				  const gnutls_datum_t & KEY,
+				  gnutls_x509_crt_fmt_t type);
+		// FIXME: use classes
+		void set_x509_key(gnutls_x509_crt_t * cert_list,
+				  int cert_list_size,
+				  gnutls_x509_privkey_t key);
+
+
+		void set_simple_pkcs12_file(const char *pkcs12file,
+					    gnutls_x509_crt_fmt_t type,
+					    const char *password);
+
+		void set_retrieve_function
+		    (gnutls_certificate_retrieve_function * func);
+
+	      protected:
+		 gnutls_certificate_credentials_t cred;
+	};
+
+	class certificate_server_credentials:public certificate_credentials {
+	      public:
+		void set_params_function(gnutls_params_function * func);
+	};
+
+	class certificate_client_credentials:public certificate_credentials {
+	      public:
+	};
+
+
+
+
+	class anon_server_credentials:public credentials {
+	      public:
+		anon_server_credentials();
+		~anon_server_credentials();
+		void set_dh_params(const dh_params & params);
+		void set_params_function(gnutls_params_function * func);
+	      protected:
+		 gnutls_anon_server_credentials_t cred;
+	};
+
+	class anon_client_credentials:public credentials {
+	      public:
+		anon_client_credentials();
+		~anon_client_credentials();
+	      protected:
+		gnutls_anon_client_credentials_t cred;
+	};
+
+
+	class srp_server_credentials:public credentials {
+	      public:
+		srp_server_credentials();
+		~srp_server_credentials();
+		void set_credentials_file(const char *password_file,
+					  const char *password_conf_file);
+		void set_credentials_function
+		    (gnutls_srp_server_credentials_function * func);
+	      protected:
+		 gnutls_srp_server_credentials_t cred;
+	};
+
+	class srp_client_credentials:public credentials {
+	      public:
+		srp_client_credentials();
+		~srp_client_credentials();
+		void set_credentials(const char *username,
+				     const char *password);
+		void set_credentials_function
+		    (gnutls_srp_client_credentials_function * func);
+	      protected:
+		 gnutls_srp_client_credentials_t cred;
+	};
+
+
+	class psk_server_credentials:public credentials {
+	      public:
+		psk_server_credentials();
+		~psk_server_credentials();
+		void set_credentials_file(const char *password_file);
+		void set_credentials_function
+		    (gnutls_psk_server_credentials_function * func);
+		void set_dh_params(const dh_params & params);
+		void set_params_function(gnutls_params_function * func);
+	      protected:
+		 gnutls_psk_server_credentials_t cred;
+	};
+
+	class psk_client_credentials:public credentials {
+	      public:
+		psk_client_credentials();
+		~psk_client_credentials();
+		void set_credentials(const char *username,
+				     const gnutls_datum_t & key,
+				     gnutls_psk_key_flags flags);
+		void set_credentials_function
+		    (gnutls_psk_client_credentials_function * func);
+	      protected:
+		 gnutls_psk_client_credentials_t cred;
+	};
+
+
+}				/* namespace */
+
+#endif				/* GNUTLSXX_H */

CodeSign/GnuTLS/lib/includes/ocsp.h

@@ -0,0 +1,270 @@
+/*
+ * Copyright (C) 2011-2012 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* Online Certificate Status Protocol - RFC 2560
+ */
+
+#ifndef GNUTLS_OCSP_H
+#define GNUTLS_OCSP_H
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+#define GNUTLS_OCSP_NONCE "1.3.6.1.5.5.7.48.1.2"
+
+/**
+ * gnutls_ocsp_print_formats_t:
+ * @GNUTLS_OCSP_PRINT_FULL: Full information about OCSP request/response.
+ * @GNUTLS_OCSP_PRINT_COMPACT: More compact information about OCSP request/response.
+ *
+ * Enumeration of different OCSP printing variants.
+ */
+typedef enum gnutls_ocsp_print_formats_t {
+	GNUTLS_OCSP_PRINT_FULL = 0,
+	GNUTLS_OCSP_PRINT_COMPACT = 1
+} gnutls_ocsp_print_formats_t;
+
+/**
+ * gnutls_ocsp_resp_status_t:
+ * @GNUTLS_OCSP_RESP_SUCCESSFUL: Response has valid confirmations.
+ * @GNUTLS_OCSP_RESP_MALFORMEDREQUEST: Illegal confirmation request
+ * @GNUTLS_OCSP_RESP_INTERNALERROR: Internal error in issuer
+ * @GNUTLS_OCSP_RESP_TRYLATER: Try again later
+ * @GNUTLS_OCSP_RESP_SIGREQUIRED: Must sign the request
+ * @GNUTLS_OCSP_RESP_UNAUTHORIZED: Request unauthorized
+ *
+ * Enumeration of different OCSP response status codes.
+ */
+typedef enum gnutls_ocsp_resp_status_t {
+	GNUTLS_OCSP_RESP_SUCCESSFUL = 0,
+	GNUTLS_OCSP_RESP_MALFORMEDREQUEST = 1,
+	GNUTLS_OCSP_RESP_INTERNALERROR = 2,
+	GNUTLS_OCSP_RESP_TRYLATER = 3,
+	GNUTLS_OCSP_RESP_SIGREQUIRED = 5,
+	GNUTLS_OCSP_RESP_UNAUTHORIZED = 6
+} gnutls_ocsp_resp_status_t;
+
+/**
+ * gnutls_ocsp_cert_status_t:
+ * @GNUTLS_OCSP_CERT_GOOD: Positive response to status inquiry.
+ * @GNUTLS_OCSP_CERT_REVOKED: Certificate has been revoked.
+ * @GNUTLS_OCSP_CERT_UNKNOWN: The responder doesn't know about the
+ *   certificate.
+ *
+ * Enumeration of different OCSP response certificate status codes.
+ */
+typedef enum gnutls_ocsp_cert_status_t {
+	GNUTLS_OCSP_CERT_GOOD = 0,
+	GNUTLS_OCSP_CERT_REVOKED = 1,
+	GNUTLS_OCSP_CERT_UNKNOWN = 2
+} gnutls_ocsp_cert_status_t;
+
+/**
+ * gnutls_x509_crl_reason_t:
+ * @GNUTLS_X509_CRLREASON_UNSPECIFIED: Unspecified reason.
+ * @GNUTLS_X509_CRLREASON_KEYCOMPROMISE: Private key compromised.
+ * @GNUTLS_X509_CRLREASON_CACOMPROMISE: CA compromised.
+ * @GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: Affiliation has changed.
+ * @GNUTLS_X509_CRLREASON_SUPERSEDED: Certificate superseded.
+ * @GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: Operation has ceased.
+ * @GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: Certificate is on hold.
+ * @GNUTLS_X509_CRLREASON_REMOVEFROMCRL: Will be removed from delta CRL.
+ * @GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: Privilege withdrawn.
+ * @GNUTLS_X509_CRLREASON_AACOMPROMISE: AA compromised.
+ *
+ * Enumeration of different reason codes.  Note that this
+ * corresponds to the CRLReason ASN.1 enumeration type, and not the
+ * ReasonFlags ASN.1 bit string.
+ */
+typedef enum gnutls_x509_crl_reason_t {
+	GNUTLS_X509_CRLREASON_UNSPECIFIED = 0,
+	GNUTLS_X509_CRLREASON_KEYCOMPROMISE = 1,
+	GNUTLS_X509_CRLREASON_CACOMPROMISE = 2,
+	GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED = 3,
+	GNUTLS_X509_CRLREASON_SUPERSEDED = 4,
+	GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION = 5,
+	GNUTLS_X509_CRLREASON_CERTIFICATEHOLD = 6,
+	GNUTLS_X509_CRLREASON_REMOVEFROMCRL = 8,
+	GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN = 9,
+	GNUTLS_X509_CRLREASON_AACOMPROMISE = 10
+} gnutls_x509_crl_reason_t;
+
+/**
+ * gnutls_ocsp_verify_reason_t:
+ * @GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND: Signer cert not found.
+ * @GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR: Signer keyusage bits incorrect.
+ * @GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER: Signer is not trusted.
+ * @GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM: Signature using insecure algorithm.
+ * @GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE: Signature mismatch.
+ * @GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED: Signer cert is not yet activated.
+ * @GNUTLS_OCSP_VERIFY_CERT_EXPIRED: Signer cert has expired.
+ *
+ * Enumeration of OCSP verify status codes, used by
+ * gnutls_ocsp_resp_verify() and gnutls_ocsp_resp_verify_direct().
+ */
+typedef enum gnutls_ocsp_verify_reason_t {
+	GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND = 1,
+	GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR = 2,
+	GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER = 4,
+	GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM = 8,
+	GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE = 16,
+	GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED = 32,
+	GNUTLS_OCSP_VERIFY_CERT_EXPIRED = 64
+} gnutls_ocsp_verify_reason_t;
+
+struct gnutls_ocsp_req_int;
+typedef struct gnutls_ocsp_req_int *gnutls_ocsp_req_t;
+
+int gnutls_ocsp_req_init(gnutls_ocsp_req_t * req);
+void gnutls_ocsp_req_deinit(gnutls_ocsp_req_t req);
+
+int gnutls_ocsp_req_import(gnutls_ocsp_req_t req,
+			   const gnutls_datum_t * data);
+int gnutls_ocsp_req_export(gnutls_ocsp_req_t req, gnutls_datum_t * data);
+int gnutls_ocsp_req_print(gnutls_ocsp_req_t req,
+			  gnutls_ocsp_print_formats_t format,
+			  gnutls_datum_t * out);
+
+int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t req);
+
+int gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req,
+				unsigned indx,
+				gnutls_digest_algorithm_t * digest,
+				gnutls_datum_t * issuer_name_hash,
+				gnutls_datum_t * issuer_key_hash,
+				gnutls_datum_t * serial_number);
+int gnutls_ocsp_req_add_cert_id(gnutls_ocsp_req_t req,
+				gnutls_digest_algorithm_t digest,
+				const gnutls_datum_t *
+				issuer_name_hash,
+				const gnutls_datum_t *
+				issuer_key_hash,
+				const gnutls_datum_t * serial_number);
+int gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req,
+			     gnutls_digest_algorithm_t digest,
+			     gnutls_x509_crt_t issuer,
+			     gnutls_x509_crt_t cert);
+
+int gnutls_ocsp_req_get_extension(gnutls_ocsp_req_t req,
+				  unsigned indx,
+				  gnutls_datum_t * oid,
+				  unsigned int *critical,
+				  gnutls_datum_t * data);
+int gnutls_ocsp_req_set_extension(gnutls_ocsp_req_t req,
+				  const char *oid,
+				  unsigned int critical,
+				  const gnutls_datum_t * data);
+
+int gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_t req,
+			      unsigned int *critical,
+			      gnutls_datum_t * nonce);
+int gnutls_ocsp_req_set_nonce(gnutls_ocsp_req_t req,
+			      unsigned int critical,
+			      const gnutls_datum_t * nonce);
+int gnutls_ocsp_req_randomize_nonce(gnutls_ocsp_req_t req);
+
+struct gnutls_ocsp_resp_int;
+typedef struct gnutls_ocsp_resp_int *gnutls_ocsp_resp_t;
+
+int gnutls_ocsp_resp_init(gnutls_ocsp_resp_t * resp);
+void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp);
+
+int gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp,
+			    const gnutls_datum_t * data);
+int gnutls_ocsp_resp_export(gnutls_ocsp_resp_t resp,
+			    gnutls_datum_t * data);
+int gnutls_ocsp_resp_print(gnutls_ocsp_resp_t resp,
+			   gnutls_ocsp_print_formats_t format,
+			   gnutls_datum_t * out);
+
+int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_t resp);
+int gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_t resp,
+				  gnutls_datum_t *
+				  response_type_oid,
+				  gnutls_datum_t * response);
+
+int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp);
+int gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
+				   gnutls_datum_t * dn);
+int gnutls_ocsp_resp_get_responder2(gnutls_ocsp_resp_t resp,
+				    gnutls_datum_t * dn,
+				    unsigned flags);
+
+/* the raw key ID of the responder */
+#define GNUTLS_OCSP_RESP_ID_KEY 1
+/* the raw DN of the responder */
+#define GNUTLS_OCSP_RESP_ID_DN 2
+int
+gnutls_ocsp_resp_get_responder_raw_id(gnutls_ocsp_resp_t resp,
+				      unsigned type,
+				      gnutls_datum_t * raw);
+
+time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t resp);
+int gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp,
+				unsigned indx,
+				gnutls_digest_algorithm_t * digest,
+				gnutls_datum_t * issuer_name_hash,
+				gnutls_datum_t * issuer_key_hash,
+				gnutls_datum_t * serial_number,
+				unsigned int *cert_status,
+				time_t * this_update,
+				time_t * next_update,
+				time_t * revocation_time,
+				unsigned int *revocation_reason);
+int gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_t resp,
+				   unsigned indx,
+				   gnutls_datum_t * oid,
+				   unsigned int *critical,
+				   gnutls_datum_t * data);
+int gnutls_ocsp_resp_get_nonce(gnutls_ocsp_resp_t resp,
+			       unsigned int *critical,
+			       gnutls_datum_t * nonce);
+int gnutls_ocsp_resp_get_signature_algorithm(gnutls_ocsp_resp_t resp);
+int gnutls_ocsp_resp_get_signature(gnutls_ocsp_resp_t resp,
+				   gnutls_datum_t * sig);
+int gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp,
+			       gnutls_x509_crt_t ** certs,
+			       size_t * ncerts);
+
+int gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp,
+				   gnutls_x509_crt_t issuer,
+				   unsigned int *verify,
+				   unsigned int flags);
+int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_t resp,
+			    gnutls_x509_trust_list_t trustlist,
+			    unsigned int *verify, unsigned int flags);
+
+int gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
+			       unsigned int indx, gnutls_x509_crt_t crt);
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif				/* GNUTLS_OCSP_H */

CodeSign/GnuTLS/lib/includes/openpgp.h

@@ -0,0 +1,380 @@
+/*
+ * Copyright (C) 2003-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* This file contains the types and prototypes for the OpenPGP
+ * key and private key parsing functions.
+ */
+
+#ifndef GNUTLS_OPENPGP_H
+#define GNUTLS_OPENPGP_H
+
+#include <gnutls/gnutls.h>
+#include <limits.h>
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+/* Openpgp certificate stuff
+ */
+
+/**
+ * gnutls_openpgp_crt_fmt_t:
+ * @GNUTLS_OPENPGP_FMT_RAW: OpenPGP certificate in raw format.
+ * @GNUTLS_OPENPGP_FMT_BASE64: OpenPGP certificate in base64 format.
+ *
+ * Enumeration of different OpenPGP key formats.
+ */
+typedef enum gnutls_openpgp_crt_fmt {
+	GNUTLS_OPENPGP_FMT_RAW,
+	GNUTLS_OPENPGP_FMT_BASE64
+} gnutls_openpgp_crt_fmt_t;
+
+#define GNUTLS_OPENPGP_KEYID_SIZE 8
+#define GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE 20
+typedef unsigned char
+ gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE];
+
+/* gnutls_openpgp_cert_t should be defined in gnutls.h
+ */
+
+	/* initializes the memory for gnutls_openpgp_crt_t struct */
+int gnutls_openpgp_crt_init(gnutls_openpgp_crt_t * key) _GNUTLS_GCC_ATTR_DEPRECATED;
+	/* frees all memory */
+void gnutls_openpgp_crt_deinit(gnutls_openpgp_crt_t key) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key,
+			      const gnutls_datum_t * data,
+			      gnutls_openpgp_crt_fmt_t format) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_export(gnutls_openpgp_crt_t key,
+			      gnutls_openpgp_crt_fmt_t format,
+			      void *output_data,
+			      size_t * output_data_size) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_export2(gnutls_openpgp_crt_t key,
+			       gnutls_openpgp_crt_fmt_t format,
+			       gnutls_datum_t * out) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_print(gnutls_openpgp_crt_t cert,
+			     gnutls_certificate_print_formats_t
+			     format, gnutls_datum_t * out) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* The key_usage flags are defined in gnutls.h. They are
+ * the GNUTLS_KEY_* definitions.
+ */
+#define GNUTLS_OPENPGP_MASTER_KEYID_IDX INT_MAX
+
+int gnutls_openpgp_crt_get_key_usage(gnutls_openpgp_crt_t key,
+				     unsigned int *key_usage) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_get_fingerprint(gnutls_openpgp_crt_t key,
+				       void *fpr, size_t * fprlen) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_get_subkey_fingerprint(gnutls_openpgp_crt_t
+					      key,
+					      unsigned int idx,
+					      void *fpr, size_t * fprlen) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t key,
+				int idx, char *buf, size_t * sizeof_buf) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+gnutls_pk_algorithm_t
+gnutls_openpgp_crt_get_pk_algorithm(gnutls_openpgp_crt_t key,
+				    unsigned int *bits) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t key) _GNUTLS_GCC_ATTR_DEPRECATED;
+time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t key) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t key,
+				  gnutls_openpgp_keyid_t keyid) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key,
+				      const char *hostname) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_check_hostname2(gnutls_openpgp_crt_t key,
+				      const char *hostname, unsigned int flags) _GNUTLS_GCC_ATTR_DEPRECATED;
+int
+gnutls_openpgp_crt_check_email(gnutls_openpgp_crt_t key, const char *email, unsigned flags) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t key) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t key) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t key,
+				      const gnutls_openpgp_keyid_t keyid) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_get_subkey_revoked_status
+    (gnutls_openpgp_crt_t key, unsigned int idx) _GNUTLS_GCC_ATTR_DEPRECATED;
+gnutls_pk_algorithm_t
+gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t
+					   key,
+					   unsigned int idx,
+					   unsigned int *bits) _GNUTLS_GCC_ATTR_DEPRECATED;
+time_t
+    gnutls_openpgp_crt_get_subkey_creation_time
+    (gnutls_openpgp_crt_t key, unsigned int idx) _GNUTLS_GCC_ATTR_DEPRECATED;
+time_t
+    gnutls_openpgp_crt_get_subkey_expiration_time
+    (gnutls_openpgp_crt_t key, unsigned int idx) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_get_subkey_id(gnutls_openpgp_crt_t key,
+				     unsigned int idx,
+				     gnutls_openpgp_keyid_t keyid) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_get_subkey_usage(gnutls_openpgp_crt_t key,
+					unsigned int idx,
+					unsigned int *key_usage) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_get_subkey_pk_dsa_raw(gnutls_openpgp_crt_t
+					     crt, unsigned int idx,
+					     gnutls_datum_t * p,
+					     gnutls_datum_t * q,
+					     gnutls_datum_t * g,
+					     gnutls_datum_t * y) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_get_subkey_pk_rsa_raw(gnutls_openpgp_crt_t
+					     crt, unsigned int idx,
+					     gnutls_datum_t * m,
+					     gnutls_datum_t * e) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_get_pk_dsa_raw(gnutls_openpgp_crt_t crt,
+				      gnutls_datum_t * p,
+				      gnutls_datum_t * q,
+				      gnutls_datum_t * g,
+				      gnutls_datum_t * y) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_crt_get_pk_rsa_raw(gnutls_openpgp_crt_t crt,
+				      gnutls_datum_t * m,
+				      gnutls_datum_t * e) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_get_preferred_key_id(gnutls_openpgp_crt_t
+					    key,
+					    gnutls_openpgp_keyid_t keyid) _GNUTLS_GCC_ATTR_DEPRECATED;
+int
+gnutls_openpgp_crt_set_preferred_key_id(gnutls_openpgp_crt_t key,
+					const
+					gnutls_openpgp_keyid_t keyid) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* privkey stuff.
+ */
+int gnutls_openpgp_privkey_init(gnutls_openpgp_privkey_t * key) _GNUTLS_GCC_ATTR_DEPRECATED;
+void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey_t key) _GNUTLS_GCC_ATTR_DEPRECATED;
+gnutls_pk_algorithm_t
+    gnutls_openpgp_privkey_get_pk_algorithm
+    (gnutls_openpgp_privkey_t key, unsigned int *bits) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+gnutls_sec_param_t
+gnutls_openpgp_privkey_sec_param(gnutls_openpgp_privkey_t key) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_privkey_import(gnutls_openpgp_privkey_t key,
+				  const gnutls_datum_t * data,
+				  gnutls_openpgp_crt_fmt_t format,
+				  const char *password,
+				  unsigned int flags) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_privkey_get_fingerprint(gnutls_openpgp_privkey_t
+					   key, void *fpr,
+					   size_t * fprlen) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_privkey_get_subkey_fingerprint
+    (gnutls_openpgp_privkey_t key, unsigned int idx, void *fpr,
+     size_t * fprlen) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_privkey_get_key_id(gnutls_openpgp_privkey_t key,
+				      gnutls_openpgp_keyid_t keyid) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_privkey_get_subkey_count(gnutls_openpgp_privkey_t key) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_privkey_get_subkey_idx(gnutls_openpgp_privkey_t
+					  key,
+					  const
+					  gnutls_openpgp_keyid_t keyid) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_privkey_get_subkey_revoked_status
+    (gnutls_openpgp_privkey_t key, unsigned int idx) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_privkey_get_revoked_status
+    (gnutls_openpgp_privkey_t key) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+gnutls_pk_algorithm_t
+    gnutls_openpgp_privkey_get_subkey_pk_algorithm
+    (gnutls_openpgp_privkey_t key, unsigned int idx, unsigned int *bits) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+time_t
+    gnutls_openpgp_privkey_get_subkey_expiration_time
+    (gnutls_openpgp_privkey_t key, unsigned int idx) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_privkey_get_subkey_id(gnutls_openpgp_privkey_t
+					 key, unsigned int idx,
+					 gnutls_openpgp_keyid_t keyid) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+time_t
+    gnutls_openpgp_privkey_get_subkey_creation_time
+    (gnutls_openpgp_privkey_t key, unsigned int idx) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_privkey_export_subkey_dsa_raw
+    (gnutls_openpgp_privkey_t pkey, unsigned int idx,
+     gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g,
+     gnutls_datum_t * y, gnutls_datum_t * x) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_privkey_export_subkey_rsa_raw
+    (gnutls_openpgp_privkey_t pkey, unsigned int idx,
+     gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d,
+     gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_privkey_export_dsa_raw(gnutls_openpgp_privkey_t
+					  pkey, gnutls_datum_t * p,
+					  gnutls_datum_t * q,
+					  gnutls_datum_t * g,
+					  gnutls_datum_t * y,
+					  gnutls_datum_t * x) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_privkey_export_rsa_raw(gnutls_openpgp_privkey_t
+					  pkey, gnutls_datum_t * m,
+					  gnutls_datum_t * e,
+					  gnutls_datum_t * d,
+					  gnutls_datum_t * p,
+					  gnutls_datum_t * q,
+					  gnutls_datum_t * u) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_privkey_export(gnutls_openpgp_privkey_t key,
+				  gnutls_openpgp_crt_fmt_t format,
+				  const char *password,
+				  unsigned int flags,
+				  void *output_data,
+				  size_t * output_data_size) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_privkey_export2(gnutls_openpgp_privkey_t key,
+				   gnutls_openpgp_crt_fmt_t format,
+				   const char *password,
+				   unsigned int flags,
+				   gnutls_datum_t * out) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_privkey_set_preferred_key_id
+    (gnutls_openpgp_privkey_t key, const gnutls_openpgp_keyid_t keyid) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_openpgp_privkey_get_preferred_key_id
+    (gnutls_openpgp_privkey_t key, gnutls_openpgp_keyid_t keyid) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_get_auth_subkey(gnutls_openpgp_crt_t crt,
+				       gnutls_openpgp_keyid_t
+				       keyid, unsigned int flag) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* Keyring stuff.
+ */
+
+int gnutls_openpgp_keyring_init(gnutls_openpgp_keyring_t * keyring) _GNUTLS_GCC_ATTR_DEPRECATED;
+void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t keyring) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_keyring_import(gnutls_openpgp_keyring_t keyring,
+				  const gnutls_datum_t * data,
+				  gnutls_openpgp_crt_fmt_t format) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t ring,
+				    const gnutls_openpgp_keyid_t
+				    keyid, unsigned int flags) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+int gnutls_openpgp_crt_verify_ring(gnutls_openpgp_crt_t key,
+				   gnutls_openpgp_keyring_t
+				   keyring, unsigned int flags,
+				   unsigned int *verify
+				   /* the output of the verification */
+    ) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_crt_verify_self(gnutls_openpgp_crt_t key,
+				   unsigned int flags,
+				   unsigned int *verify) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_keyring_get_crt(gnutls_openpgp_keyring_t ring,
+				   unsigned int idx,
+				   gnutls_openpgp_crt_t * cert) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_openpgp_keyring_get_crt_count(gnutls_openpgp_keyring_t ring) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+
+/**
+ * gnutls_openpgp_recv_key_func:
+ * @session: a TLS session
+ * @keyfpr: key fingerprint
+ * @keyfpr_length: length of key fingerprint
+ * @key: output key.
+ *
+ * A callback of this type is used to retrieve OpenPGP keys.  Only
+ * useful on the server, and will only be used if the peer send a key
+ * fingerprint instead of a full key.  See also
+ * gnutls_openpgp_set_recv_key_function().
+ *
+ * The variable @key must be allocated using gnutls_malloc().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ *   otherwise an error code is returned.
+ */
+typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t
+					     session,
+					     const unsigned char
+					     *keyfpr,
+					     unsigned int
+					     keyfpr_length,
+					     gnutls_datum_t * key);
+
+void
+gnutls_openpgp_set_recv_key_function(gnutls_session_t session,
+				     gnutls_openpgp_recv_key_func func) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+
+/* certificate authentication stuff.
+ */
+int gnutls_certificate_set_openpgp_key
+    (gnutls_certificate_credentials_t res,
+     gnutls_openpgp_crt_t crt, gnutls_openpgp_privkey_t pkey) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int
+gnutls_certificate_get_openpgp_key(gnutls_certificate_credentials_t res,
+                                   unsigned index,
+                                   gnutls_openpgp_privkey_t *key) _GNUTLS_GCC_ATTR_DEPRECATED;
+int
+gnutls_certificate_get_openpgp_crt(gnutls_certificate_credentials_t res,
+                                   unsigned index,
+                                   gnutls_openpgp_crt_t **crt_list,
+                                   unsigned *crt_list_size) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int
+ gnutls_certificate_set_openpgp_key_file
+    (gnutls_certificate_credentials_t res, const char *certfile,
+     const char *keyfile, gnutls_openpgp_crt_fmt_t format) _GNUTLS_GCC_ATTR_DEPRECATED;
+int gnutls_certificate_set_openpgp_key_mem
+    (gnutls_certificate_credentials_t res,
+     const gnutls_datum_t * cert, const gnutls_datum_t * key,
+     gnutls_openpgp_crt_fmt_t format) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int
+ gnutls_certificate_set_openpgp_key_file2
+    (gnutls_certificate_credentials_t res, const char *certfile,
+     const char *keyfile, const char *subkey_id,
+     gnutls_openpgp_crt_fmt_t format) _GNUTLS_GCC_ATTR_DEPRECATED;
+int
+ gnutls_certificate_set_openpgp_key_mem2
+    (gnutls_certificate_credentials_t res,
+     const gnutls_datum_t * cert, const gnutls_datum_t * key,
+     const char *subkey_id, gnutls_openpgp_crt_fmt_t format) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_certificate_set_openpgp_keyring_mem
+    (gnutls_certificate_credentials_t c, const unsigned char *data,
+     size_t dlen, gnutls_openpgp_crt_fmt_t format) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_certificate_set_openpgp_keyring_file
+    (gnutls_certificate_credentials_t c, const char *file,
+     gnutls_openpgp_crt_fmt_t format) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif				/* GNUTLS_OPENPGP_H */

CodeSign/GnuTLS/lib/includes/pkcs11.h

@@ -0,0 +1,485 @@
+/*
+ * Copyright (C) 2010-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifndef __GNUTLS_PKCS11_H
+#define __GNUTLS_PKCS11_H
+
+#include <stdarg.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+#define GNUTLS_PKCS11_MAX_PIN_LEN 32
+
+/**
+ * gnutls_pkcs11_token_callback_t:
+ * @userdata: user-controlled data from gnutls_pkcs11_set_token_function().
+ * @label: token label.
+ * @retry: retry counter, initially 0.
+ *
+ * Token callback function. The callback will be used to ask the user
+ * to re-insert the token with given (null terminated) label.  The
+ * callback should return zero if token has been inserted by user and
+ * a negative error code otherwise.  It might be called multiple times
+ * if the token is not detected and the retry counter will be
+ * increased.
+ *
+ * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code
+ * on error.
+ *
+ * Since: 2.12.0
+ **/
+typedef int (*gnutls_pkcs11_token_callback_t) (void *const
+					       userdata,
+					       const char *const
+					       label, unsigned retry);
+
+
+struct gnutls_pkcs11_obj_st;
+typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
+
+
+#define GNUTLS_PKCS11_FLAG_MANUAL 0	/* Manual loading of libraries */
+#define GNUTLS_PKCS11_FLAG_AUTO 1	/* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
+
+/* pkcs11.conf format:
+ * load = /lib/xxx-pkcs11.so
+ * load = /lib/yyy-pkcs11.so
+ */
+
+int gnutls_pkcs11_init(unsigned int flags,
+		       const char *deprecated_config_file);
+int gnutls_pkcs11_reinit(void);
+void gnutls_pkcs11_deinit(void);
+void gnutls_pkcs11_set_token_function
+    (gnutls_pkcs11_token_callback_t fn, void *userdata);
+
+void gnutls_pkcs11_set_pin_function(gnutls_pin_callback_t fn,
+				    void *userdata);
+
+gnutls_pin_callback_t gnutls_pkcs11_get_pin_function(void
+						     **userdata);
+
+int gnutls_pkcs11_add_provider(const char *name, const char *params);
+int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj);
+void gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj,
+					gnutls_pin_callback_t fn,
+					void *userdata);
+
+/**
+ * gnutls_pkcs11_obj_flags:
+ * @GNUTLS_PKCS11_OBJ_FLAG_LOGIN: Force login in the token for the operation (seek+store). 
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED: object marked as trusted (seek+store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE: object marked as sensitive -unexportable (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO: force login as a security officer in the token for the operation (seek+store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: marked as private -requires PIN to access (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: marked as not private (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY: When retrieving an object, do not set any requirements (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED: When retrieving an object, only retrieve the marked as trusted (alias to %GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED).
+ *   In gnutls_pkcs11_crt_is_known() it implies %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_COMPARE if %GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is not given.
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED: When writing an object, mark it as distrusted (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED: When retrieving an object, only retrieve the marked as distrusted (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_COMPARE: When checking an object's presence, fully compare it before returning any result (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY: When checking an object's presence, compare the key before returning any result (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE: The object must be present in a marked as trusted module (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Mark the object as a CA (seek+store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP: Mark the generated key pair as wrapping and unwrapping keys (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT: When an issuer is requested, override its extensions with the ones present in the trust module (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH: Mark the key pair as requiring authentication (pin entry) before every operation (seek+store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE: Mark the key pair as being extractable (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE: If set, the object was never marked as extractable (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_CRT: When searching, restrict to certificates only (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_PUBKEY: When searching, restrict to public key objects only (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY: When searching, restrict to private key objects only (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY: When generating a keypair don't store the public key (store).
+ *
+ * Enumeration of different PKCS #11 object flags. Some flags are used
+ * to mark objects when storing, while others are also used while seeking
+ * or retrieving objects.
+ */
+typedef enum gnutls_pkcs11_obj_flags {
+	GNUTLS_PKCS11_OBJ_FLAG_LOGIN = (1<<0),
+	GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED = (1<<1),
+	GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE = (1<<2),
+	GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO = (1<<3),
+	GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE = (1<<4),
+	GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE = (1<<5),
+	GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY = (1<<6),
+	GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED = GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED,
+	GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED = (1<<8),
+	GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED = GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED,
+	GNUTLS_PKCS11_OBJ_FLAG_COMPARE = (1<<9),
+	GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE = (1<<10),
+	GNUTLS_PKCS11_OBJ_FLAG_MARK_CA = (1<<11),
+	GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP = (1<<12),
+	GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY = (1<<13),
+	GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT = (1<<14),
+	GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH = (1<<15),
+	GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE = (1<<16),
+	GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE = (1<<17),
+	GNUTLS_PKCS11_OBJ_FLAG_CRT = (1<<18),
+	GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY = (1<<19),
+	GNUTLS_PKCS11_OBJ_FLAG_PUBKEY = (1<<20),
+	GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY = GNUTLS_PKCS11_OBJ_FLAG_PUBKEY,
+	GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY = (1<<21),
+	/* flags 1<<29 and later are reserved - see pkcs11_int.h */
+} gnutls_pkcs11_obj_flags;
+
+#define gnutls_pkcs11_obj_attr_t gnutls_pkcs11_obj_flags
+
+/**
+ * gnutls_pkcs11_url_type_t:
+ * @GNUTLS_PKCS11_URL_GENERIC: A generic-purpose URL.
+ * @GNUTLS_PKCS11_URL_LIB: A URL that specifies the library used as well.
+ * @GNUTLS_PKCS11_URL_LIB_VERSION: A URL that specifies the library and its version.
+ *
+ * Enumeration of different URL extraction flags.
+ */
+typedef enum {
+	GNUTLS_PKCS11_URL_GENERIC,	/* URL specifies the object on token level */
+	GNUTLS_PKCS11_URL_LIB,	/* URL specifies the object on module level */
+	GNUTLS_PKCS11_URL_LIB_VERSION	/* URL specifies the object on module and version level */
+} gnutls_pkcs11_url_type_t;
+
+int gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t obj,
+				 const char *url, unsigned int flags
+				 /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+int gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t obj,
+				 gnutls_pkcs11_url_type_t detailed,
+				 char **url);
+void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t obj);
+
+int gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj,
+			     void *output_data, size_t * output_data_size);
+int gnutls_pkcs11_obj_export2(gnutls_pkcs11_obj_t obj,
+			      gnutls_datum_t * out);
+
+int gnutls_pkcs11_obj_export3(gnutls_pkcs11_obj_t obj, gnutls_x509_crt_fmt_t fmt,
+			      gnutls_datum_t * out);
+
+int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert,
+			     gnutls_datum_t * issuer,
+			     gnutls_x509_crt_fmt_t fmt,
+			     unsigned int flags);
+
+int gnutls_pkcs11_get_raw_issuer_by_dn (const char *url, const gnutls_datum_t *dn,
+					gnutls_datum_t *issuer,
+					gnutls_x509_crt_fmt_t fmt,
+					unsigned int flags);
+
+int gnutls_pkcs11_get_raw_issuer_by_subject_key_id (const char *url, 
+					const gnutls_datum_t *dn,
+					const gnutls_datum_t *spki,
+					gnutls_datum_t *issuer,
+					gnutls_x509_crt_fmt_t fmt,
+					unsigned int flags);
+
+unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
+			     unsigned int flags);
+
+#if 0
+/* for documentation */
+int gnutls_pkcs11_copy_x509_crt(const char *token_url,
+				gnutls_x509_crt_t crt,
+				const char *label, unsigned int flags
+				/* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+
+int gnutls_pkcs11_copy_x509_privkey(const char *token_url,
+				    gnutls_x509_privkey_t key,
+				    const char *label,
+				    unsigned int key_usage,
+				    unsigned int flags);
+int
+gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
+				unsigned int bits, const char *label,
+				gnutls_x509_crt_fmt_t fmt,
+				gnutls_datum_t * pubkey,
+				unsigned int flags);
+int
+gnutls_pkcs11_privkey_generate(const char *url, gnutls_pk_algorithm_t pk,
+			       unsigned int bits, const char *label,
+			       unsigned int flags);
+#endif
+
+int
+gnutls_pkcs11_copy_pubkey(const char *token_url,
+			  gnutls_pubkey_t crt, const char *label,
+			  const gnutls_datum_t *cid,
+			  unsigned int key_usage, unsigned int flags);
+
+#define gnutls_pkcs11_copy_x509_crt(url, crt, label, flags) \
+	gnutls_pkcs11_copy_x509_crt2(url, crt, label, NULL, flags)
+
+int gnutls_pkcs11_copy_x509_crt2(const char *token_url,
+				gnutls_x509_crt_t crt,
+				const char *label,
+				const gnutls_datum_t *id,
+				unsigned int flags /* GNUTLS_PKCS11_OBJ_FLAG_* */);
+
+#define gnutls_pkcs11_copy_x509_privkey(url, key, label, usage, flags) \
+	gnutls_pkcs11_copy_x509_privkey2(url, key, label, NULL, usage, flags)
+int gnutls_pkcs11_copy_x509_privkey2(const char *token_url,
+				    gnutls_x509_privkey_t key,
+				    const char *label,
+				    const gnutls_datum_t *cid,
+				    unsigned int key_usage
+				    /*GNUTLS_KEY_* */ ,
+				    unsigned int flags
+				    /* GNUTLS_PKCS11_OBJ_FLAG_* */
+);
+
+int gnutls_pkcs11_delete_url(const char *object_url, unsigned int flags
+			     /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+
+int gnutls_pkcs11_copy_secret_key(const char *token_url,
+				  gnutls_datum_t * key,
+				  const char *label, unsigned int key_usage
+				  /* GNUTLS_KEY_* */ ,
+				  unsigned int flags
+				  /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+
+/**
+ * gnutls_pkcs11_obj_info_t:
+ * @GNUTLS_PKCS11_OBJ_ID_HEX: The object ID in hex. Null-terminated text.
+ * @GNUTLS_PKCS11_OBJ_LABEL: The object label. Null-terminated text.
+ * @GNUTLS_PKCS11_OBJ_TOKEN_LABEL: The token's label. Null-terminated text.
+ * @GNUTLS_PKCS11_OBJ_TOKEN_SERIAL: The token's serial number. Null-terminated text.
+ * @GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER: The token's manufacturer. Null-terminated text.
+ * @GNUTLS_PKCS11_OBJ_TOKEN_MODEL: The token's model. Null-terminated text.
+ * @GNUTLS_PKCS11_OBJ_ID: The object ID. Raw bytes.
+ * @GNUTLS_PKCS11_OBJ_LIBRARY_VERSION: The library's version. Null-terminated text.
+ * @GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION: The library's description. Null-terminated text.
+ * @GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER: The library's manufacturer name. Null-terminated text.
+ *
+ * Enumeration of several object information types.
+ */
+typedef enum {
+	GNUTLS_PKCS11_OBJ_ID_HEX = 1,
+	GNUTLS_PKCS11_OBJ_LABEL,
+	GNUTLS_PKCS11_OBJ_TOKEN_LABEL,
+	GNUTLS_PKCS11_OBJ_TOKEN_SERIAL,
+	GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER,
+	GNUTLS_PKCS11_OBJ_TOKEN_MODEL,
+	GNUTLS_PKCS11_OBJ_ID,
+	/* the pkcs11 provider library info  */
+	GNUTLS_PKCS11_OBJ_LIBRARY_VERSION,
+	GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION,
+	GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER
+} gnutls_pkcs11_obj_info_t;
+
+int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t obj,
+			       gnutls_pkcs11_obj_info_t itype,
+			       void *output, size_t * output_size);
+int gnutls_pkcs11_obj_set_info(gnutls_pkcs11_obj_t obj,
+			       gnutls_pkcs11_obj_info_t itype,
+			       const void *data, size_t data_size,
+			       unsigned flags);
+
+#define GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL GNUTLS_PKCS11_OBJ_FLAG_CRT
+#define GNUTLS_PKCS11_OBJ_ATTR_MATCH 0 /* always match the given URL */
+#define GNUTLS_PKCS11_OBJ_ATTR_ALL 0 /* match everything! */
+#define GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED (GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
+#define GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY (GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY)
+#define GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA (GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
+#define GNUTLS_PKCS11_OBJ_ATTR_PUBKEY GNUTLS_PKCS11_OBJ_FLAG_PUBKEY
+#define GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY
+
+/**
+ * gnutls_pkcs11_token_info_t:
+ * @GNUTLS_PKCS11_TOKEN_LABEL: The token's label (string)
+ * @GNUTLS_PKCS11_TOKEN_SERIAL: The token's serial number (string)
+ * @GNUTLS_PKCS11_TOKEN_MANUFACTURER: The token's manufacturer (string)
+ * @GNUTLS_PKCS11_TOKEN_MODEL: The token's model (string)
+ * @GNUTLS_PKCS11_TOKEN_MODNAME: The token's module name (string - since 3.4.3)
+ *
+ * Enumeration of types for retrieving token information.
+ */
+typedef enum {
+	GNUTLS_PKCS11_TOKEN_LABEL,
+	GNUTLS_PKCS11_TOKEN_SERIAL,
+	GNUTLS_PKCS11_TOKEN_MANUFACTURER,
+	GNUTLS_PKCS11_TOKEN_MODEL,
+	GNUTLS_PKCS11_TOKEN_MODNAME
+} gnutls_pkcs11_token_info_t;
+
+/**
+ * gnutls_pkcs11_obj_type_t:
+ * @GNUTLS_PKCS11_OBJ_UNKNOWN: Unknown PKCS11 object.
+ * @GNUTLS_PKCS11_OBJ_X509_CRT: X.509 certificate.
+ * @GNUTLS_PKCS11_OBJ_PUBKEY: Public key.
+ * @GNUTLS_PKCS11_OBJ_PRIVKEY: Private key.
+ * @GNUTLS_PKCS11_OBJ_SECRET_KEY: Secret key.
+ * @GNUTLS_PKCS11_OBJ_DATA: Data object.
+ * @GNUTLS_PKCS11_OBJ_X509_CRT_EXTENSION: X.509 certificate extension (supported by p11-kit trust module only).
+ *
+ * Enumeration of object types.
+ */
+typedef enum {
+	GNUTLS_PKCS11_OBJ_UNKNOWN,
+	GNUTLS_PKCS11_OBJ_X509_CRT,
+	GNUTLS_PKCS11_OBJ_PUBKEY,
+	GNUTLS_PKCS11_OBJ_PRIVKEY,
+	GNUTLS_PKCS11_OBJ_SECRET_KEY,
+	GNUTLS_PKCS11_OBJ_DATA,
+	GNUTLS_PKCS11_OBJ_X509_CRT_EXTENSION
+} gnutls_pkcs11_obj_type_t;
+
+int
+gnutls_pkcs11_token_init(const char *token_url,
+			 const char *so_pin, const char *label);
+
+int
+gnutls_pkcs11_token_get_mechanism(const char *url,
+				  unsigned int idx,
+				  unsigned long *mechanism);
+
+unsigned
+gnutls_pkcs11_token_check_mechanism(const char *url,
+				    unsigned long mechanism,
+				    void *ptr, unsigned psize, unsigned flags);
+
+int gnutls_pkcs11_token_set_pin(const char *token_url, const char *oldpin, const char *newpin, unsigned int flags	/*gnutls_pin_flag_t */);
+
+int gnutls_pkcs11_token_get_url(unsigned int seq,
+				gnutls_pkcs11_url_type_t detailed,
+				char **url);
+int gnutls_pkcs11_token_get_info(const char *url,
+				 gnutls_pkcs11_token_info_t ttype,
+				 void *output, size_t * output_size);
+
+#define GNUTLS_PKCS11_TOKEN_HW 1
+#define GNUTLS_PKCS11_TOKEN_TRUSTED (1<<1) /* p11-kit trusted */
+int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags);
+
+#define gnutls_pkcs11_obj_list_import_url(p_list, n_list, url, attrs, flags) gnutls_pkcs11_obj_list_import_url3(p_list, n_list, url, attrs|flags)
+#define gnutls_pkcs11_obj_list_import_url2(p_list, n_list, url, attrs, flags) gnutls_pkcs11_obj_list_import_url4(p_list, n_list, url, attrs|flags)
+
+int gnutls_pkcs11_obj_list_import_url3(gnutls_pkcs11_obj_t * p_list,
+				      unsigned int *const n_list,
+				      const char *url,
+				      unsigned int flags
+				      /* GNUTLS_PKCS11_OBJ_FLAG_* */
+    );
+
+int
+gnutls_pkcs11_obj_list_import_url4(gnutls_pkcs11_obj_t ** p_list,
+				   unsigned int *n_list,
+				   const char *url,
+				   unsigned int flags
+				   /* GNUTLS_PKCS11_OBJ_FLAG_* */
+    );
+
+int gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt,
+				  gnutls_pkcs11_obj_t pkcs11_crt);
+
+gnutls_pkcs11_obj_type_t
+gnutls_pkcs11_obj_get_type(gnutls_pkcs11_obj_t obj);
+const char *gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_type_t type);
+
+int
+gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj,
+			   struct gnutls_x509_ext_st **exts, unsigned int *exts_size,
+			   unsigned int flags);
+
+int
+gnutls_pkcs11_obj_get_flags(gnutls_pkcs11_obj_t obj, unsigned int *oflags);
+char *gnutls_pkcs11_obj_flags_get_str(unsigned int flags);
+
+int gnutls_x509_crt_list_import_pkcs11(gnutls_x509_crt_t * certs,
+				       unsigned int cert_max,
+				       gnutls_pkcs11_obj_t *
+				       const objs, unsigned int flags
+				       /* must be zero */ );
+
+/* private key functions...*/
+int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key);
+
+int
+gnutls_pkcs11_privkey_cpy(gnutls_pkcs11_privkey_t dst,
+			  gnutls_pkcs11_privkey_t src);
+
+void gnutls_pkcs11_privkey_set_pin_function(gnutls_pkcs11_privkey_t
+					    key,
+					    gnutls_pin_callback_t
+					    fn, void *userdata);
+void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key);
+int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t
+					   key, unsigned int *bits);
+int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey,
+				   gnutls_pkcs11_obj_info_t itype,
+				   void *output, size_t * output_size);
+
+int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
+				     const char *url, unsigned int flags);
+
+int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key,
+				     gnutls_pkcs11_url_type_t
+				     detailed, char **url);
+unsigned gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key);
+
+#define gnutls_pkcs11_privkey_generate(url, pk, bits, label, flags) \
+	gnutls_pkcs11_privkey_generate3(url, pk, bits, label, NULL, 0, NULL, 0, flags)
+
+#define gnutls_pkcs11_privkey_generate2(url, pk, bits, label, fmt, pubkey, flags) \
+	gnutls_pkcs11_privkey_generate3(url, pk, bits, label, NULL, fmt, pubkey, 0, flags)
+
+int
+gnutls_pkcs11_privkey_generate3(const char *url,
+				gnutls_pk_algorithm_t pk,
+				unsigned int bits,
+				const char *label,
+				const gnutls_datum_t *cid,
+				gnutls_x509_crt_fmt_t fmt,
+				gnutls_datum_t * pubkey,
+				unsigned int key_usage,
+				unsigned int flags);
+
+int
+gnutls_pkcs11_privkey_export_pubkey(gnutls_pkcs11_privkey_t pkey,
+			      gnutls_x509_crt_fmt_t fmt,
+			      gnutls_datum_t * pubkey,
+			      unsigned int flags);
+
+int
+gnutls_pkcs11_token_get_random(const char *token_url,
+			       void *data, size_t len);
+
+int
+gnutls_pkcs11_copy_attached_extension(const char *token_url,
+				      gnutls_x509_crt_t crt,
+				      gnutls_datum_t *data,
+				      const char *label,
+				      unsigned int flags);
+
+#define gnutls_x509_crt_import_pkcs11_url gnutls_x509_crt_import_url
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif

CodeSign/GnuTLS/lib/includes/pkcs12.h

@@ -0,0 +1,148 @@
+/*
+ * Copyright (C) 2003-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifndef GNUTLS_PKCS12_H
+#define GNUTLS_PKCS12_H
+
+#include <gnutls/x509.h>
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+	/* PKCS12 structures handling
+	 */
+struct gnutls_pkcs12_int;
+typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t;
+
+struct gnutls_pkcs12_bag_int;
+typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t;
+
+int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12);
+void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12);
+int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12,
+			 const gnutls_datum_t * data,
+			 gnutls_x509_crt_fmt_t format, unsigned int flags);
+int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12,
+			 gnutls_x509_crt_fmt_t format,
+			 void *output_data, size_t * output_data_size);
+int gnutls_pkcs12_export2(gnutls_pkcs12_t pkcs12,
+			  gnutls_x509_crt_fmt_t format,
+			  gnutls_datum_t * out);
+
+int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12,
+			  int indx, gnutls_pkcs12_bag_t bag);
+int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag);
+
+int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, const char *pass);
+int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, gnutls_mac_algorithm_t mac, const char *pass);
+int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass);
+
+int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, const char *pass);
+int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag,
+			      const char *pass, unsigned int flags);
+
+int
+gnutls_pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, unsigned int *schema, unsigned int *cipher,
+	void *salt, unsigned int *salt_size, unsigned int *iter_count, char **oid);
+int
+gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac,
+	void *salt, unsigned int *salt_size, unsigned int *iter_count, char **oid);
+
+#define GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED 1
+int gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
+			       const char *password,
+			       gnutls_x509_privkey_t * key,
+			       gnutls_x509_crt_t ** chain,
+			       unsigned int *chain_len,
+			       gnutls_x509_crt_t ** extra_certs,
+			       unsigned int *extra_certs_len,
+			       gnutls_x509_crl_t * crl,
+			       unsigned int flags);
+
+/**
+ * gnutls_pkcs12_bag_type_t:
+ * @GNUTLS_BAG_EMPTY: Empty PKCS-12 bag.
+ * @GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: PKCS-12 bag with PKCS-8 encrypted key.
+ * @GNUTLS_BAG_PKCS8_KEY: PKCS-12 bag with PKCS-8 key.
+ * @GNUTLS_BAG_CERTIFICATE: PKCS-12 bag with certificate.
+ * @GNUTLS_BAG_CRL: PKCS-12 bag with CRL.
+ * @GNUTLS_BAG_SECRET: PKCS-12 bag with secret PKCS-9 keys.
+ * @GNUTLS_BAG_ENCRYPTED: Encrypted PKCS-12 bag.
+ * @GNUTLS_BAG_UNKNOWN: Unknown PKCS-12 bag.
+ *
+ * Enumeration of different PKCS 12 bag types.
+ */
+typedef enum gnutls_pkcs12_bag_type_t {
+	GNUTLS_BAG_EMPTY = 0,
+	GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1,
+	GNUTLS_BAG_PKCS8_KEY = 2,
+	GNUTLS_BAG_CERTIFICATE = 3,
+	GNUTLS_BAG_CRL = 4,
+	GNUTLS_BAG_SECRET = 5,	/* Secret data. Underspecified in pkcs-12,
+				 * gnutls extension. We use the PKCS-9
+				 * random nonce ID 1.2.840.113549.1.9.25.3
+				 * to store randomly generated keys.
+				 */
+	GNUTLS_BAG_ENCRYPTED = 10,
+	GNUTLS_BAG_UNKNOWN = 20
+} gnutls_pkcs12_bag_type_t;
+
+int
+gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t bag, unsigned indx);
+int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, unsigned indx,
+			       gnutls_datum_t * data);
+int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag,
+			       gnutls_pkcs12_bag_type_t type,
+			       const gnutls_datum_t * data);
+int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag,
+			      gnutls_x509_crl_t crl);
+int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag,
+			      gnutls_x509_crt_t crt);
+
+int
+gnutls_pkcs12_bag_set_privkey(gnutls_pkcs12_bag_t bag,
+			      gnutls_x509_privkey_t privkey,
+			      const char *password, unsigned flags);
+
+int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag);
+void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag);
+int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag);
+
+int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, unsigned indx,
+				 gnutls_datum_t * id);
+int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, unsigned indx,
+				 const gnutls_datum_t * id);
+
+int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag,
+					unsigned indx, char **name);
+int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag,
+					unsigned indx, const char *name);
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif				/* GNUTLS_PKCS12_H */

CodeSign/GnuTLS/lib/includes/pkcs7.h

@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2003-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2015 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* This file contains the types and prototypes for the X.509
+ * certificate and CRL handling functions.
+ */
+
+#ifndef GNUTLS_PKCS7_H
+#define GNUTLS_PKCS7_H
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+/* PKCS7 structures handling
+ */
+struct gnutls_pkcs7_int;
+typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
+
+int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7);
+void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7);
+int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7,
+			const gnutls_datum_t * data,
+			gnutls_x509_crt_fmt_t format);
+int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7,
+			gnutls_x509_crt_fmt_t format,
+			void *output_data, size_t * output_data_size);
+int gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,
+			 gnutls_x509_crt_fmt_t format,
+			 gnutls_datum_t * out);
+
+int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7);
+
+#define GNUTLS_PKCS7_EDATA_GET_RAW (1<<24)
+int gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned flags, gnutls_datum_t *data);
+
+const char *
+gnutls_pkcs7_get_embedded_data_oid(gnutls_pkcs7_t pkcs7);
+
+int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7);
+int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, unsigned indx,
+			     void *certificate, size_t * certificate_size);
+
+int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7,
+			     const gnutls_datum_t * crt);
+int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
+int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx);
+
+int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
+			     unsigned indx, void *crl, size_t * crl_size);
+int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7);
+
+int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7,
+			     const gnutls_datum_t * crl);
+int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
+int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx);
+
+typedef struct gnutls_pkcs7_attrs_st *gnutls_pkcs7_attrs_t;
+
+typedef struct gnutls_pkcs7_signature_info_st {
+	gnutls_sign_algorithm_t algo;
+	gnutls_datum_t sig;
+	gnutls_datum_t issuer_dn;
+	gnutls_datum_t signer_serial;
+	gnutls_datum_t issuer_keyid;
+	time_t signing_time;
+	gnutls_pkcs7_attrs_t signed_attrs;
+	gnutls_pkcs7_attrs_t unsigned_attrs;
+	char pad[64];
+} gnutls_pkcs7_signature_info_st;
+
+void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st *info);
+int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_pkcs7_signature_info_st *info);
+
+int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t signer,
+			       unsigned idx, const gnutls_datum_t *data, unsigned flags);
+int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
+			gnutls_typed_vdata_st * vdata, unsigned int vdata_size,
+			unsigned idx, const gnutls_datum_t *data, unsigned flags);
+
+#define GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING 1
+int gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_t *data, unsigned flags);
+void gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list);
+int gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutls_datum_t *data, unsigned flags);
+
+/**
+ * gnutls_pkcs7_sign_flags:
+ * @GNUTLS_PKCS7_EMBED_DATA: The signed data will be embedded in the structure.
+ * @GNUTLS_PKCS7_INCLUDE_TIME: The signing time will be included in the structure.
+ * @GNUTLS_PKCS7_INCLUDE_CERT: The signer's certificate will be included in the cert list.
+ * @GNUTLS_PKCS7_WRITE_SPKI: Use the signer's key identifier instead of name.
+ *
+ * Enumeration of the different PKCS #7 signature flags.
+ */
+typedef enum gnutls_pkcs7_sign_flags {
+	GNUTLS_PKCS7_EMBED_DATA = 1,
+	GNUTLS_PKCS7_INCLUDE_TIME = (1<<1),
+	GNUTLS_PKCS7_INCLUDE_CERT = (1<<2),
+	GNUTLS_PKCS7_WRITE_SPKI = (1<<3)
+} gnutls_pkcs7_sign_flags;
+
+int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
+		      gnutls_x509_crt_t signer,
+		      gnutls_privkey_t signer_key,
+		      const gnutls_datum_t *data,
+		      gnutls_pkcs7_attrs_t signed_attrs,
+		      gnutls_pkcs7_attrs_t unsigned_attrs,
+		      gnutls_digest_algorithm_t dig,
+		      unsigned flags);
+
+int
+gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7,
+			  unsigned indx, gnutls_datum_t *cert);
+int
+gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7,
+			  unsigned indx, gnutls_datum_t *crl);
+
+int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7,
+		       gnutls_certificate_print_formats_t format,
+		       gnutls_datum_t * out);
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif				/* GNUTLS_PKCS7_H */

CodeSign/GnuTLS/lib/includes/self-test.h

@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2014 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifndef __GNUTLS_SELF_H
+#define __GNUTLS_SELF_H
+
+#include <gnutls/gnutls.h>
+
+ /* Self checking functions */
+ 
+#define GNUTLS_SELF_TEST_FLAG_ALL 1
+#define GNUTLS_SELF_TEST_FLAG_NO_COMPAT (1<<1)
+
+int gnutls_cipher_self_test(unsigned flags, gnutls_cipher_algorithm_t cipher);
+int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac);
+int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest);
+int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk);
+
+#endif

CodeSign/GnuTLS/lib/includes/socket.h

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2016 Free Software Foundation, Inc.
+ *
+ * Author: Tim Ruehsen
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* This file contains socket related types, prototypes and includes.
+ */
+
+#ifndef GNUTLS_SOCKET_H
+#define GNUTLS_SOCKET_H
+
+#include <gnutls/gnutls.h>
+
+/* Get socklen_t */
+#include <sys/socket.h>
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+void gnutls_transport_set_fastopen(gnutls_session_t session,
+                                   int fd,
+                                   struct sockaddr *connect_addr,
+                                   socklen_t connect_addrlen,
+                                   unsigned int flags);
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif				/* GNUTLS_SOCKET_H */

CodeSign/GnuTLS/lib/includes/system-keys.h

@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifndef __GNUTLS_SYSTEM_KEYS_H
+#define __GNUTLS_SYSTEM_KEYS_H
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+/* This API allows to access user key and certificate pairs that are
+ * available in the current system. If any passwords are required,
+ * they will be requested through the pin callbacks.
+ */
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+struct system_key_iter_st;
+typedef struct system_key_iter_st *gnutls_system_key_iter_t;
+
+void gnutls_system_key_iter_deinit(gnutls_system_key_iter_t iter);
+int
+gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter,
+			       unsigned cert_type /* gnutls_certificate_type_t */,
+			       char **cert_url,
+			       char **key_url,
+			       char **label,
+			       gnutls_datum_t *der,
+			       unsigned int flags);
+
+int gnutls_system_key_delete(const char *cert_url, const char *key_url);
+
+int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t privkey,
+				const char *label, char **cert_url, char **key_url);
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif

CodeSign/GnuTLS/lib/includes/tpm.h

@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2010-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifndef __GNUTLS_TPM_H
+#define __GNUTLS_TPM_H
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+struct tpm_key_list_st;
+typedef struct tpm_key_list_st *gnutls_tpm_key_list_t;
+
+#define GNUTLS_TPM_KEY_SIGNING (1<<1)
+#define GNUTLS_TPM_REGISTER_KEY (1<<2)
+#define GNUTLS_TPM_KEY_USER (1<<3)
+
+/**
+ * gnutls_tpmkey_fmt_t:
+ * @GNUTLS_TPMKEY_FMT_RAW: The portable data format.
+ * @GNUTLS_TPMKEY_FMT_DER: An alias for the raw format.
+ * @GNUTLS_TPMKEY_FMT_CTK_PEM: A custom data format used by some TPM tools.
+ *
+ * Enumeration of different certificate encoding formats.
+ */
+typedef enum {
+	GNUTLS_TPMKEY_FMT_RAW = 0,
+	GNUTLS_TPMKEY_FMT_DER = GNUTLS_TPMKEY_FMT_RAW,
+	GNUTLS_TPMKEY_FMT_CTK_PEM = 1
+} gnutls_tpmkey_fmt_t;
+
+int
+gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk,
+			    unsigned int bits,
+			    const char *srk_password,
+			    const char *key_password,
+			    gnutls_tpmkey_fmt_t format,
+			    gnutls_x509_crt_fmt_t pub_format,
+			    gnutls_datum_t * privkey,
+			    gnutls_datum_t * pubkey, unsigned int flags);
+
+void gnutls_tpm_key_list_deinit(gnutls_tpm_key_list_t list);
+int gnutls_tpm_key_list_get_url(gnutls_tpm_key_list_t list,
+				unsigned int idx, char **url,
+				unsigned int flags);
+int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list);
+int gnutls_tpm_privkey_delete(const char *url, const char *srk_password);
+
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif

CodeSign/GnuTLS/lib/includes/urls.h

@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifndef __GNUTLS_URLS_H
+#define __GNUTLS_URLS_H
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gnutls/abstract.h>
+
+/* This API allows to register application specific URLs for
+ * keys and certificates.
+ */
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+typedef int (*gnutls_privkey_import_url_func)(gnutls_privkey_t pkey,
+					       const char *url, unsigned flags);
+
+typedef int (*gnutls_x509_crt_import_url_func)(gnutls_x509_crt_t pkey,
+					        const char *url, unsigned flags);
+
+/* The following callbacks are optional */
+
+/* This is to enable gnutls_pubkey_import_url() */
+typedef int (*gnutls_pubkey_import_url_func)(gnutls_pubkey_t pkey,
+					     const char *url, unsigned flags);
+
+/* This is to allow constructing a certificate chain. It will be provided
+ * the initial certificate URL and the certificate to find its issuer, and must
+ * return zero and the DER encoding of the issuer's certificate. If not available,
+ * it should return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE. */
+typedef int (*gnutls_get_raw_issuer_func)(const char *url, gnutls_x509_crt_t crt,
+					  gnutls_datum_t *issuer_der, unsigned flags);
+
+typedef struct gnutls_custom_url_st {
+	const char *name;
+	unsigned name_size;
+	gnutls_privkey_import_url_func import_key;
+	gnutls_x509_crt_import_url_func import_crt;
+	gnutls_pubkey_import_url_func import_pubkey;
+	gnutls_get_raw_issuer_func get_issuer;
+	void *future1; /* replace in a future extension */
+	void *future2; /* replace in a future extension */
+} gnutls_custom_url_st;
+
+int gnutls_register_custom_url(const gnutls_custom_url_st *st);
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif

CodeSign/GnuTLS/lib/includes/x509-ext.h

@@ -0,0 +1,207 @@
+/*
+ * Copyright (C) 2014 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* Prototypes for direct handling of extension data */
+
+#ifndef GNUTLS_X509_EXT_H
+#define GNUTLS_X509_EXT_H
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* *INDENT-ON* */
+
+typedef struct gnutls_subject_alt_names_st *gnutls_subject_alt_names_t;
+
+int gnutls_subject_alt_names_init(gnutls_subject_alt_names_t *);
+void gnutls_subject_alt_names_deinit(gnutls_subject_alt_names_t sans);
+int gnutls_subject_alt_names_get(gnutls_subject_alt_names_t sans, unsigned int seq,
+				 unsigned int *san_type, gnutls_datum_t * san,
+				 gnutls_datum_t * othername_oid);
+int gnutls_subject_alt_names_set(gnutls_subject_alt_names_t sans,
+				 unsigned int san_type,
+				 const gnutls_datum_t * san,
+				 const char* othername_oid);
+
+
+int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext,
+					 gnutls_subject_alt_names_t,
+					 unsigned int flags);
+int gnutls_x509_ext_export_subject_alt_names(gnutls_subject_alt_names_t,
+					  gnutls_datum_t * ext);
+
+/* They are exactly the same */
+#define gnutls_x509_ext_import_issuer_alt_name gnutls_x509_ext_import_subject_alt_name
+#define gnutls_x509_ext_export_issuer_alt_name gnutls_x509_ext_export_subject_alt_name
+
+typedef struct gnutls_x509_crl_dist_points_st *gnutls_x509_crl_dist_points_t;
+
+int gnutls_x509_crl_dist_points_init(gnutls_x509_crl_dist_points_t *);
+void gnutls_x509_crl_dist_points_deinit(gnutls_x509_crl_dist_points_t);
+int gnutls_x509_crl_dist_points_get(gnutls_x509_crl_dist_points_t, unsigned int seq,
+				  unsigned int *type,
+				  gnutls_datum_t *dist, unsigned int *reason_flags);
+int gnutls_x509_crl_dist_points_set(gnutls_x509_crl_dist_points_t,
+				 gnutls_x509_subject_alt_name_t type,
+				 const gnutls_datum_t *dist, unsigned int reason_flags);
+
+int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext,
+					gnutls_x509_crl_dist_points_t dp,
+					unsigned int flags);
+int gnutls_x509_ext_export_crl_dist_points(gnutls_x509_crl_dist_points_t dp,
+					gnutls_datum_t * ext);
+
+int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t * ext,
+					 gnutls_x509_name_constraints_t nc,
+					 unsigned int flags);
+int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc,
+					 gnutls_datum_t * ext);
+
+typedef struct gnutls_x509_aia_st *gnutls_x509_aia_t;
+
+int gnutls_x509_aia_init(gnutls_x509_aia_t *);
+void gnutls_x509_aia_deinit(gnutls_x509_aia_t);
+int gnutls_x509_aia_get(gnutls_x509_aia_t aia, unsigned int seq,
+			gnutls_datum_t *oid,
+			unsigned *san_type,
+			gnutls_datum_t *san);
+int gnutls_x509_aia_set(gnutls_x509_aia_t aia,
+			const char *oid,
+			unsigned san_type,
+			const gnutls_datum_t * san);
+
+int gnutls_x509_ext_import_aia(const gnutls_datum_t * ext,
+				gnutls_x509_aia_t,
+				unsigned int flags);
+int gnutls_x509_ext_export_aia(gnutls_x509_aia_t aia,
+					      gnutls_datum_t * ext);
+
+int gnutls_x509_ext_import_subject_key_id(const gnutls_datum_t * ext,
+				       gnutls_datum_t * id);
+int gnutls_x509_ext_export_subject_key_id(const gnutls_datum_t * id,
+				       gnutls_datum_t * ext);
+
+typedef struct gnutls_x509_aki_st *gnutls_x509_aki_t;
+
+int gnutls_x509_ext_export_authority_key_id(gnutls_x509_aki_t,
+					 gnutls_datum_t * ext);
+int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext,
+					 gnutls_x509_aki_t,
+					 unsigned int flags);
+
+int gnutls_x509_othername_to_virtual(const char *oid, 
+				     const gnutls_datum_t *othername,
+				     unsigned int *virt_type,
+				     gnutls_datum_t *virt);
+
+int gnutls_x509_aki_init(gnutls_x509_aki_t *);
+int gnutls_x509_aki_get_id(gnutls_x509_aki_t, gnutls_datum_t *id);
+int gnutls_x509_aki_get_cert_issuer(gnutls_x509_aki_t aki, unsigned int seq,
+				 unsigned int *san_type, gnutls_datum_t * san,
+				 gnutls_datum_t *othername_oid,
+				 gnutls_datum_t *serial);
+int gnutls_x509_aki_set_id(gnutls_x509_aki_t aki, const gnutls_datum_t *id);
+int gnutls_x509_aki_set_cert_issuer(gnutls_x509_aki_t aki, 
+				 unsigned int san_type, 
+				 const gnutls_datum_t * san,
+				 const char *othername_oid,
+				 const gnutls_datum_t * serial);
+void gnutls_x509_aki_deinit(gnutls_x509_aki_t);
+
+int gnutls_x509_ext_import_private_key_usage_period(const gnutls_datum_t * ext,
+						 time_t * activation,
+						 time_t * expiration);
+int gnutls_x509_ext_export_private_key_usage_period(time_t activation,
+						 time_t expiration,
+						 gnutls_datum_t * ext);
+
+int gnutls_x509_ext_import_basic_constraints(const gnutls_datum_t * ext,
+					  unsigned int *ca, int *pathlen);
+int gnutls_x509_ext_export_basic_constraints(unsigned int ca, int pathlen,
+					  gnutls_datum_t * ext);
+
+typedef struct gnutls_x509_key_purposes_st *gnutls_x509_key_purposes_t;
+
+int gnutls_x509_key_purpose_init(gnutls_x509_key_purposes_t *p);
+void gnutls_x509_key_purpose_deinit(gnutls_x509_key_purposes_t p);
+int gnutls_x509_key_purpose_set(gnutls_x509_key_purposes_t p, const char *oid);
+int gnutls_x509_key_purpose_get(gnutls_x509_key_purposes_t p, unsigned idx, gnutls_datum_t *oid);
+
+int gnutls_x509_ext_import_key_purposes(const gnutls_datum_t * ext,
+				     gnutls_x509_key_purposes_t,
+				     unsigned int flags);
+int gnutls_x509_ext_export_key_purposes(gnutls_x509_key_purposes_t,
+				     gnutls_datum_t * ext);
+
+
+int gnutls_x509_ext_import_key_usage(const gnutls_datum_t * ext,
+				  unsigned int *key_usage);
+int gnutls_x509_ext_export_key_usage(unsigned int key_usage,
+				  gnutls_datum_t * ext);
+
+int gnutls_x509_ext_import_inhibit_anypolicy(const gnutls_datum_t * ext,
+				  unsigned int *skipcerts);
+int gnutls_x509_ext_export_inhibit_anypolicy(unsigned int skipcerts,
+				  gnutls_datum_t * ext);
+
+int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen,
+			      char **policyLanguage, char **policy,
+			      size_t * sizeof_policy);
+int gnutls_x509_ext_export_proxy(int pathLenConstraint, const char *policyLanguage,
+			      const char *policy, size_t sizeof_policy,
+			      gnutls_datum_t * ext);
+
+typedef struct gnutls_x509_policies_st *gnutls_x509_policies_t;
+
+int gnutls_x509_policies_init(gnutls_x509_policies_t *);
+void gnutls_x509_policies_deinit(gnutls_x509_policies_t);
+
+int gnutls_x509_policies_get(gnutls_x509_policies_t policies, unsigned int seq,
+				 struct gnutls_x509_policy_st *policy);
+int gnutls_x509_policies_set(gnutls_x509_policies_t policies,
+				 const struct gnutls_x509_policy_st *policy);
+
+int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext, gnutls_x509_policies_t
+				 policies,
+				 unsigned int flags);
+int gnutls_x509_ext_export_policies(gnutls_x509_policies_t policies,
+				 gnutls_datum_t * ext);
+
+int gnutls_x509_ext_import_tlsfeatures(const gnutls_datum_t * ext,
+									   gnutls_x509_tlsfeatures_t,
+									   unsigned int flags);
+
+int gnutls_x509_ext_export_tlsfeatures(gnutls_x509_tlsfeatures_t f,
+					  gnutls_datum_t * ext);
+
+int gnutls_x509_tlsfeatures_add(gnutls_x509_tlsfeatures_t f, unsigned int feature);
+
+/* *INDENT-OFF* */
+#ifdef __cplusplus
+}
+#endif
+/* *INDENT-ON* */
+#endif				/* GNUTLS_X509_H */

CodeSign/OpenSSL/CA.pl

@@ -0,0 +1,197 @@
+#!/usr/bin/env perl
+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# Wrapper around the ca to make it easier to use
+#
+# WARNING: do not edit!
+# Generated by makefile from apps\CA.pl.in
+
+use strict;
+use warnings;
+
+my $openssl = "openssl";
+if(defined $ENV{'OPENSSL'}) {
+    $openssl = $ENV{'OPENSSL'};
+} else {
+    $ENV{'OPENSSL'} = $openssl;
+}
+
+my $verbose = 1;
+
+my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
+my $DAYS = "-days 365";
+my $CADAYS = "-days 1095";	# 3 years
+my $REQ = "$openssl req $OPENSSL_CONFIG";
+my $CA = "$openssl ca $OPENSSL_CONFIG";
+my $VERIFY = "$openssl verify";
+my $X509 = "$openssl x509";
+my $PKCS12 = "$openssl pkcs12";
+
+# default openssl.cnf file has setup as per the following
+my $CATOP = "./demoCA";
+my $CAKEY = "cakey.pem";
+my $CAREQ = "careq.pem";
+my $CACERT = "cacert.pem";
+my $CACRL = "crl.pem";
+my $DIRMODE = 0777;
+
+my $NEWKEY = "newkey.pem";
+my $NEWREQ = "newreq.pem";
+my $NEWCERT = "newcert.pem";
+my $NEWP12 = "newcert.p12";
+my $RET = 0;
+my $WHAT = shift @ARGV || "";
+my $FILE;
+
+# See if reason for a CRL entry is valid; exit if not.
+sub crl_reason_ok
+{
+    my $r = shift;
+
+    if ($r eq 'unspecified' || $r eq 'keyCompromise'
+        || $r eq 'CACompromise' || $r eq 'affiliationChanged'
+        || $r eq 'superseded' || $r eq 'cessationOfOperation'
+        || $r eq 'certificateHold' || $r eq 'removeFromCRL') {
+        return 1;
+    }
+    print STDERR "Invalid CRL reason; must be one of:\n";
+    print STDERR "    unspecified, keyCompromise, CACompromise,\n";
+    print STDERR "    affiliationChanged, superseded, cessationOfOperation\n";
+    print STDERR "    certificateHold, removeFromCRL";
+    exit 1;
+}
+
+# Copy a PEM-format file; return like exit status (zero means ok)
+sub copy_pemfile
+{
+    my ($infile, $outfile, $bound) = @_;
+    my $found = 0;
+
+    open IN, $infile || die "Cannot open $infile, $!";
+    open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
+    while (<IN>) {
+        $found = 1 if /^-----BEGIN.*$bound/;
+        print OUT $_ if $found;
+        $found = 2, last if /^-----END.*$bound/;
+    }
+    close IN;
+    close OUT;
+    return $found == 2 ? 0 : 1;
+}
+
+# Wrapper around system; useful for debugging.  Returns just the exit status
+sub run
+{
+    my $cmd = shift;
+    print "====\n$cmd\n" if $verbose;
+    my $status = system($cmd);
+    print "==> $status\n====\n" if $verbose;
+    return $status >> 8;
+}
+
+
+if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
+    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
+    print STDERR "       CA -pkcs12 [certname]\n";
+    print STDERR "       CA -crl|-revoke cert-filename [reason]\n";
+    exit 0;
+}
+if ($WHAT eq '-newcert' ) {
+    # create a certificate
+    $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS");
+    print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newreq' ) {
+    # create a certificate request
+    $RET = run("$REQ -new -keyout $NEWKEY -out $NEWREQ $DAYS");
+    print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newreq-nodes' ) {
+    # create a certificate request
+    $RET = run("$REQ -new -nodes -keyout $NEWKEY -out $NEWREQ $DAYS");
+    print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newca' ) {
+    # create the directory hierarchy
+    mkdir ${CATOP}, $DIRMODE;
+    mkdir "${CATOP}/certs", $DIRMODE;
+    mkdir "${CATOP}/crl", $DIRMODE ;
+    mkdir "${CATOP}/newcerts", $DIRMODE;
+    mkdir "${CATOP}/private", $DIRMODE;
+    open OUT, ">${CATOP}/index.txt";
+    close OUT;
+    open OUT, ">${CATOP}/crlnumber";
+    print OUT "01\n";
+    close OUT;
+    # ask user for existing CA certificate
+    print "CA certificate filename (or enter to create)\n";
+    $FILE = "" unless defined($FILE = <STDIN>);
+    $FILE =~ s{\R$}{};
+    if ($FILE ne "") {
+        copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+        copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+    } else {
+        print "Making CA certificate ...\n";
+        $RET = run("$REQ -new -keyout"
+                . " ${CATOP}/private/$CAKEY"
+                . " -out ${CATOP}/$CAREQ");
+        $RET = run("$CA -create_serial"
+                . " -out ${CATOP}/$CACERT $CADAYS -batch"
+                . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
+                . " -extensions v3_ca"
+                . " -infiles ${CATOP}/$CAREQ") if $RET == 0;
+        print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
+    }
+} elsif ($WHAT eq '-pkcs12' ) {
+    my $cname = $ARGV[1];
+    $cname = "My Certificate" unless defined $cname;
+    $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
+            . " -certfile ${CATOP}/$CACERT"
+            . " -out $NEWP12"
+            . " -export -name \"$cname\"");
+    print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
+} elsif ($WHAT eq '-xsign' ) {
+    $RET = run("$CA -policy policy_anything -infiles $NEWREQ");
+} elsif ($WHAT eq '-sign' ) {
+    $RET = run("$CA -policy policy_anything -out $NEWCERT -infiles $NEWREQ");
+    print "Signed certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-signCA' ) {
+    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+            . " -extensions v3_ca -infiles $NEWREQ");
+    print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-signcert' ) {
+    $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
+            . " -out tmp.pem");
+    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+            . " -infiles tmp.pem") if $RET == 0;
+    print "Signed certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-verify' ) {
+    my @files = @ARGV ? @ARGV : ( $NEWCERT );
+    my $file;
+    foreach $file (@files) {
+        my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file");
+        $RET = $status if $status != 0;
+    }
+} elsif ($WHAT eq '-crl' ) {
+    $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL");
+    print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
+} elsif ($WHAT eq '-revoke' ) {
+    my $cname = $ARGV[1];
+    if (!defined $cname) {
+        print "Certificate filename is required; reason optional.\n";
+        exit 1;
+    }
+    my $reason = $ARGV[2];
+    $reason = " -crl_reason $reason"
+        if defined $reason && crl_reason_ok($reason);
+    $RET = run("$CA -revoke \"$cname\"" . $reason);
+} else {
+    print STDERR "Unknown arg \"$WHAT\"\n";
+    print STDERR "Use -help for help.\n";
+    exit 1;
+}
+
+exit $RET;

CodeSign/OpenSSL/PEM/ca-cert.srl

@@ -0,0 +1 @@
+07

CodeSign/OpenSSL/PEM/ca-key.pem

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL4tQNyKy4U2zX6l
+IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
+DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
+vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAECgYA3j6sSg+5f9hnldUMzbPjTh8Sb
+XsJlPrc6UFrmMBzGiUleXSpe9Dbla+x0XvQCN4pwMvAN4nnWp/f0Su5BV/9Y93nb
+im5ijGNrfN9i6QrnqGCr+MMute+4E8HR2pCScX0mBLDDf40SmDvMzCaxtd21keyr
+9DqHgInQZNEi6NKlkQJBAPCbUTFg6iQ6VTCQ8CsEf5q2xHhuTK23fJ999lvWVxN7
+QsvWb9RP9Ng34HVtvB7Pl6P7FyHLQYiDJhhvYR0L0+kCQQDKV/09Kt6Wjf5Omp1I
+wd3A+tFnipdqnPw+qNHGjevv0hYiEIWQOYbx00zXgaX+WN/pzV9eeNN2XAxlNJ++
+dxcPAkBrzeuPKFFAcjKBVC+H1rgl5gYZv7Hzk+buv02G0H6rZ+sB0c7BXiHiTwbv
+Fn/XfkP/YR14Ms3mEH0dLaphjU8hAkEAh3Ar/rRiN04mCcEuRFQXtaNtZSv8PA2G
+Pf7MI2Y9pdHupLCAZlBLRjTUO2/5hu1AO4QPMPIZQSFN3rRBtMCL+wJAMp/m2hvI
+TmtbMp/IrKGfma09e3yFiCmoNn7cHLJ7jLvXcacV2XNzpr9YHfBxiZo0g9FqZKvv
+PZoQ5B2XJ7bhTQ==
+-----END PRIVATE KEY-----

CodeSign/OpenSSL/PEM/ca-req.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
+GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDDBJUZXN0IENBICgx
+MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4tQNyKy4U2zX6l
+IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
+DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
+vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQCo
+2jE7J1SNV7kyRm9m8CoPw8xYsuVcVFxPheBymYp8BlO0/rSdYygRjobpYnLVRUPZ
+pV792wzT1Rp4sXfZWO10lkFY4yi0pH2cdK2RX7qedibV1Xu9vt/yYANFBKVpA4dy
+PRyTQwi3In1N8hdfddpYR8f5MIUYRe5poFMIJcf8JA==
+-----END CERTIFICATE REQUEST-----

CodeSign/OpenSSL/PEM/cert.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
+VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
+Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
+DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
+tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
+sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
+19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
+-----END CERTIFICATE-----

CodeSign/OpenSSL/PEM/client.pem

@@ -0,0 +1,52 @@
+subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
+issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+-----BEGIN CERTIFICATE-----
+MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
+A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
+RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
++yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
+lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
+nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
+x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
+bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
+AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
+hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
+curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
+IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
+vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
+QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
+CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
+wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
+agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
+mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
+MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
+HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
+p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
+KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
+1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
+L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
+LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
+Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
+/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
+1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
+1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
+NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
+zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
+mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
+5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
+u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
+HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
+tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
+SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
+kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
+1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
+-----END RSA PRIVATE KEY-----

CodeSign/OpenSSL/PEM/demoCA/cacert.pem

@@ -0,0 +1,14 @@
+subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+-----BEGIN X509 CERTIFICATE-----
+
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----

CodeSign/OpenSSL/PEM/demoCA/index.txt

@@ -0,0 +1,39 @@
+R	980705233205Z	951009233205Z	01	certs/00000001	/CN=Eric Young
+E	951009233205Z		02	certs/00000002	/CN=Duncan Young
+R	980705233205Z	951201010000Z	03	certs/00000003	/CN=Tim Hudson
+V	980705233205Z		04	certs/00000004	/CN=Eric Young4
+V	980705233205Z		05	certs/00000004	/CN=Eric Young5
+V	980705233205Z		06	certs/00000004	/CN=Eric Young6
+V	980705233205Z		07	certs/00000004	/CN=Eric Young7
+V	980705233205Z		08	certs/00000004	/CN=Eric Young8
+V	980705233205Z		09	certs/00000004	/CN=Eric Young9
+V	980705233205Z		0A	certs/00000004	/CN=Eric YoungA
+V	980705233205Z		0B	certs/00000004	/CN=Eric YoungB
+V	980705233205Z		0C	certs/00000004	/CN=Eric YoungC
+V	980705233205Z		0D	certs/00000004	/CN=Eric YoungD
+V	980705233205Z		0E	certs/00000004	/CN=Eric YoungE
+V	980705233205Z		0F	certs/00000004	/CN=Eric YoungF
+V	980705233205Z		10	certs/00000004	/CN=Eric Young10
+V	980705233205Z		11	certs/00000004	/CN=Eric Young11
+V	980705233205Z		12	certs/00000004	/CN=Eric Young12
+V	980705233205Z		13	certs/00000004	/CN=Eric Young13
+V	980705233205Z		14	certs/00000004	/CN=Eric Young14
+V	980705233205Z		15	certs/00000004	/CN=Eric Young15
+V	980705233205Z		16	certs/00000004	/CN=Eric Young16
+V	980705233205Z		17	certs/00000004	/CN=Eric Young17
+V	961206150305Z		010C	unknown	/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
+V	961206153245Z		010D	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
+V	970322074816Z		010E	unknown	/CN=Eric Young/Email=eay@mincom.oz.au
+V	970322075152Z		010F	unknown	/CN=Eric Young
+V	970322075906Z		0110	unknown	/CN=Eric Youngg
+V	970324092238Z		0111	unknown	/C=AU/SP=Queensland/CN=Eric Young
+V	970324221931Z		0112	unknown	/CN=Fred
+V	970324224934Z		0113	unknown	/C=AU/CN=eay
+V	971001005237Z		0114	unknown	/C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
+V	971001010331Z		0115	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3
+V	971001013945Z		0117	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
+V	971014225415Z		0118	unknown	/C=AU/SP=Queensland/CN=test
+V	971015004448Z		0119	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2
+V	971016035001Z		011A	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64
+V	971016080129Z		011B	unknown	/C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr
+V	971016224000Z		011D	unknown	/L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk

CodeSign/OpenSSL/PEM/demoCA/private/cakey.pem

@@ -0,0 +1,24 @@
+issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+-----BEGIN X509 CERTIFICATE-----
+
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+
+MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
+Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
+hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
+sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
+tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
+agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
+g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
+-----END RSA PRIVATE KEY-----

CodeSign/OpenSSL/PEM/demoSRP/srp_verifier.txt

@@ -0,0 +1,6 @@
+# This is a file that will be filled by the openssl srp routine.
+# You can initialize the file with additional groups, these are
+# records starting with a I followed by the g and N values and the id.
+# The exact values ... you have to dig this out from the source of srp.c
+# or srp_vfy.c
+# The last value of an I is used as the default group for new users.  

CodeSign/OpenSSL/PEM/demoSRP/srp_verifier.txt.attr

@@ -0,0 +1 @@
+unique_subject = yes

CodeSign/OpenSSL/PEM/dh1024.pem

@@ -0,0 +1,10 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
+Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
+/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
+-----END DH PARAMETERS-----
+
+These are the 1024-bit DH parameters from "Internet Key Exchange 
+Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.

CodeSign/OpenSSL/PEM/dh2048.pem

@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
+5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
+-----END DH PARAMETERS-----
+
+These are the 2048-bit DH parameters from "More Modular Exponential 
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": 
+https://tools.ietf.org/html/rfc3526
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.

CodeSign/OpenSSL/PEM/dh4096.pem

@@ -0,0 +1,19 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM
+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq
+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI
+ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI
+HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
+-----END DH PARAMETERS-----
+
+These are the 4096-bit DH parameters from "More Modular Exponential 
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": 
+https://tools.ietf.org/html/rfc3526
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.

CodeSign/OpenSSL/PEM/dsa-ca.pem

@@ -0,0 +1,47 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
+94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
+tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
+J6zsFbSEHaQGUmfSeoM=
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVjCCAhMCAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAwwCQ0Ew
+ggG2MIIBKwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9
+hpazFeBTLo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhu
+zmaua4g2++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82A
+EeRwlVtQzUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ
+5WhvMONp4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeo
+epEJnbbxTZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJ
+bEEXlZLrAbVzpWp+2DLtDgK4A4GEAAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfs
+i4e9IvD1hSslqFwEeZum+3j3iUXiALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj2
+5SoDKU5UUkkle6KtUn6j7RO04UMhMQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17
+ry7d6fGGqcMZoAAwCwYJYIZIAWUDBAMCAzAAMC0CFCp7rUwGJNtxK6Aqo6k6US+S
+KP8sAhUAyfSi8Zs3QAvkJoFG0IMRaq8M03I=
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAuygAwIBAgIBAjALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
+MTQ5WjBSMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
+CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDDAJDQTCCAbYwggEr
+BgcqhkjOOAQBMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMu
+j+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb7
+7Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DN
+SQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh
+5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFN
+nFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusB
+tXOlan7YMu0OArgDgYQAAoGAGqZZeoqs/V62RZZNhglXAfioocVpx+yLh70i8PWF
+KyWoXAR5m6b7ePeJReIAucN1jzPr1yaH27rJOBqEBBLEDTA2moeJuPblKgMpTlRS
+SSV7oq1SfqPtE7ThQyExAJfmGWWq4lzg+7XTkjpfUSzDwuvnWhykvXuvLt3p8Yap
+wxmjUDBOMB0GA1UdDgQWBBTMZcORcBEVlqO/CD4pf4V6N1NM1zAfBgNVHSMEGDAW
+gBTGjwJ33uvjSa20RNrMKWoGptOLdDAMBgNVHRMEBTADAQH/MAsGCWCGSAFlAwQD
+AgMxADAuAhUA4V6MrHufG8R79E+AtVO02olPxK8CFQDkZyo/TWpavsUBRDJbCeD9
+jgjIkA==
+-----END CERTIFICATE-----

CodeSign/OpenSSL/PEM/dsa-pca.pem

@@ -0,0 +1,47 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
+6TicfImU7UFRn9h00j0lJQ==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICWDCCAhUCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDUENB
+MIIBtzCCASsGByqGSM44BAEwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7F
+PYaWsxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmI
+bs5mrmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/N
+gBHkcJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYl
+meVobzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEn
+qHqRCZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/Xk
+CWxBF5WS6wG1c6Vqftgy7Q4CuAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYg
+rB7o1kQxeDf34dDVRM9OZ8tkumz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQ
+lNnKvbtlmMDULpqkZJD0bO7A29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgT
+mvTPT2j9TPjq7RWgADALBglghkgBZQMEAwIDMAAwLQIVAPA6/jxCT1D2HgzE4iZR
+AEup/C7YAhRPLTQvQnAiS5FRrA+8SwBLvDAsaw==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAu6gAwIBAgIBATALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
+MTQ5WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
+CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDDANQQ0EwggG3MIIB
+KwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9hpazFeBT
+Lo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhuzmaua4g2
+++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82AEeRwlVtQ
+zUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ5WhvMONp
+4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeoepEJnbbx
+TZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJbEEXlZLr
+AbVzpWp+2DLtDgK4A4GFAAKBgQCm7bkeQHVviAowhXtosY1IiSczNiCsHujWRDF4
+N/fh0NVEz05ny2S6bPq2X6JRw17kSjF2xhXUhdJ12M6LTws4uxmrsBCU2cq9u2WY
+wNQumqRkkPRs7sDb2eKwl8rLVRGoAEvDkOB9w+HVkte2YN9SAm+aOBOa9M9PaP1M
++OrtFaNQME4wHQYDVR0OBBYEFMaPAnfe6+NJrbRE2swpagam04t0MB8GA1UdIwQY
+MBaAFMaPAnfe6+NJrbRE2swpagam04t0MAwGA1UdEwQFMAMBAf8wCwYJYIZIAWUD
+BAMCAy8AMCwCFFhdz4fzQo9BBF20U1CHldYTi/D7AhQydDnDMj21y+U1UhDZJrvh
+lnt88g==
+-----END CERTIFICATE-----

CodeSign/OpenSSL/PEM/dsa1024.pem

@@ -0,0 +1,9 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
+mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
+OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
+bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
+3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
+zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
+Arg=
+-----END DSA PARAMETERS-----

CodeSign/OpenSSL/PEM/dsa512.pem

@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
+TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
+gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
+L8wka5B33qJoplISogOdIA==
+-----END DSA PARAMETERS-----

CodeSign/OpenSSL/PEM/dsap.pem

@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
+GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
+t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
+ADiRffvSdhrNw5dkqdql
+-----END DSA PARAMETERS-----

CodeSign/OpenSSL/PEM/pca-cert.srl

@@ -0,0 +1 @@
+07

CodeSign/OpenSSL/PEM/pca-key.pem

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALYYjjtpLs/lfkPF
+xAFZ4V3He5mZFbsEakK9bA2fQaryreRwyfhbXbDJHyBV+c4xI5fbmmVd2t/us4k4
+rMhGsBtL89SqCEHhPJpLFywiQVmJTAjANYrWkZK5uR/++YmZyzuLfPHLButuK6cF
+GKXw3NNToxjYooMf0mad2rPX3cKTAgMBAAECgYBvrJ+Nz/Pli9jjt2V9bqHH4Y7r
+o/avuwVv6Ltbn0+mhy4d6w3yQhYzVSTBr/iDe59YglUt1WFl8/4nKZrNOIzHJlav
+Sw4hd3fYBHxbT+DgZMQ9ikjHECWRdDffrnlTLsSJAcxnpMJBPe3dKCRDMUrqWUvB
+IIKaxyqmXJms5Y/wAQJBAPFL9NMKJcWBftMKXCasxsV0ZGjgqHGZODYjtGFN9jJO
+6AbZrxfCcapTWG4RCC2o/EDEMN8aArEhfdrYY3lhXGsCQQDBMRzFevkD7SYXTw5G
+NA/gJOAsFMYbt7tebcCRsHT7t3ymVfO2QwK7ZF0f/SYvi7cMAPraHvO7s3kFdGTB
+kDx5AkAHBICASsFCdzurA5gef9PgFjx9WFtNwnkCChPK6KuKVwUkfdw7wqnvnDDs
+Mo6cVVfQwmPxeR4u7JxuavCprQ01AkEAp5ZGAh1J9Jj9CQ1AMbAp8WOrvzGKJTM9
+641Dll4/LLif/d7j2kDJFuvaSMyeGnKVqGkVMq/U+QeYPR4Z5TuM6QJAWK05qFed
+wYgTZyVN0MY53ZOMAIWwjz0cr24TvDfmsZqIvguGL616GKQZKdKDZQyQHg+dCzqJ
+HgIoacuFDKz5CA==
+-----END PRIVATE KEY-----

CodeSign/OpenSSL/PEM/pca-req.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBnDCCAQUCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
+GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDDBNUZXN0IFBDQSAo
+MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2GI47aS7P5X5D
+xcQBWeFdx3uZmRW7BGpCvWwNn0Gq8q3kcMn4W12wyR8gVfnOMSOX25plXdrf7rOJ
+OKzIRrAbS/PUqghB4TyaSxcsIkFZiUwIwDWK1pGSubkf/vmJmcs7i3zxywbrbiun
+BRil8NzTU6MY2KKDH9Jmndqz193CkwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEA
+eJdCB0nHnFK0hek4biAxX0GuJXkknuUy46NKEhv3GBwt4gtO29bfkbQTGOsBBKNs
+KptlnkItscOXY+0lSva9K3XlwD9do7k2IZFtXJVayZVw1GcKybIY0l7B6kcSxG7T
+f3CsO+ifdrsJKtyoZNs96lBMrtXyGybt3mgQNdZauQU=
+-----END CERTIFICATE REQUEST-----

CodeSign/OpenSSL/PEM/privkey.pem

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMo7DFNMqywUA1O/
+qvWqCOm6rGrUAcR+dKsSXw6y2qiKO7APDDyotc0b4Mxwqjga98npex2RBIwUoCGJ
+iEmMXo/a8RbXVUZ+ZwcAX7PC+XeXVC5qoajaBBkd2MvYmib/2PqnNrgvhHsUL5dO
+xhC7cRqxLM/g45k3Yyw+nGa+WkTdAgMBAAECgYBMBT5w4dVG0I8foGFnz+9hzWab
+Ee9IKjE5TcKmB93ilXQyjrWO5+zPmbc7ou6aAKk9IaPCTY1kCyzW7pho7Xdt+RFq
+TgVXGZZfqtixO7f2/5oqZAkd00eOn9ZrhBpVMu4yXbbDvhDyFe4/oy0HGDjRUhxa
+Lf6ZlBuTherxm4eFkQJBAPBQwRs9UtqaMAQlagA9pV5UsQjV1WT4IxDURMPfXgCd
+ETNkB6pP0SmxQm5xhv9N2HY1UtoWpug9s0OU5IJB15sCQQDXbfbjiujNbuOxCFNw
+68JZaCFVdNovyOWORkpenQLNEjVkmTCS9OayK09ADEYtsdpUGKeF+2EYBNkFr5px
+CajnAkBMYI4PNz1HBuwt1SpMa0tMoMQnV7bbwVV7usskKbC5pzHZUHhzM6z5gEHp
+0iEisT4Ty7zKXZqsgzefSgoaMAzzAkEAoCIaUhtwXzwdPfvNYnOs3J6doJMimECB
++lbfcyLM8TimvadtRt+KGEg/OYGmLNM2UiqdY+duzdbUpvhYGcwvYwJAQvaoi9z2
+CkiwSs/PFrLaNlfLJmXRsUBzmiWYoh6+IQJJorEXz7ewI72ee9RBO4s746cgUFwH
+Ri+qO+HhZFUBqQ==
+-----END PRIVATE KEY-----

CodeSign/OpenSSL/PEM/req.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
+YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
+S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
+AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
+tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
+84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
+CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
+Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
+-----END CERTIFICATE REQUEST-----