summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsb <sb@openoffice.org>2010-03-04 23:05:27 +0100
committersb <sb@openoffice.org>2010-03-04 23:05:27 +0100
commitd11e7c65afe7eb24f8c696b5bd18898ae095f382 (patch)
treeb8fe110f9c1c918d69579e38e176c4e8c9804e13
parent8213de345f24af0c55b587802d5738e611b7009c (diff)
parent60c0e59fd450e39902d85918d2243fb83c02a21d (diff)
merged in re/DEV300_next towards DEV300_m74
-rw-r--r--cui/source/options/optsave.cxx12
-rw-r--r--extensions/source/config/ldap/componentdef.cxx51
-rw-r--r--extensions/source/config/ldap/ldapaccess.cxx76
-rw-r--r--extensions/source/config/ldap/ldapaccess.hxx37
-rw-r--r--extensions/source/config/ldap/ldapbe2.uno.xml45
-rw-r--r--extensions/source/config/ldap/ldapuserprof.cxx226
-rw-r--r--extensions/source/config/ldap/ldapuserprof.hxx163
-rw-r--r--extensions/source/config/ldap/ldapuserprofilebe.cxx321
-rw-r--r--extensions/source/config/ldap/ldapuserprofilebe.hxx112
-rw-r--r--extensions/source/config/ldap/ldapuserprofilelayer.cxx244
-rw-r--r--extensions/source/config/ldap/ldapuserprofilelayer.hxx121
-rw-r--r--extensions/source/config/ldap/makefile.mk4
-rw-r--r--extensions/source/config/ldap/propertysethelper.cxx150
-rw-r--r--extensions/source/config/ldap/propertysethelper.hxx134
-rw-r--r--extensions/source/oooimprovement/Jobs.xcu1
-rw-r--r--setup_native/scripts/javaloader.sh4
-rw-r--r--setup_native/source/mac/macinstall.ulf2
-rw-r--r--wizards/com/sun/star/wizards/common/Configuration.java6
-rw-r--r--wizards/com/sun/star/wizards/table/CGCategory.java6
-rw-r--r--wizards/com/sun/star/wizards/table/FieldDescription.java3
-rw-r--r--wizards/com/sun/star/wizards/table/ScenarioSelector.java16
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx34
-rwxr-xr-xxmlsecurity/test_docs/CAs/README.txt383
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_1/demoCA/cacert.pem19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_1/demoCA/crl/DO_NOT_CREATE_A_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_1/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_1/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_1/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_1/demoCA/newcerts/1000.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_1/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_1/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_1/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_10/demoCA/cacert.pem19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_10/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_10/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_10/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_10/demoCA/newcerts/1000.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_10/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_10/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_10/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/cacert.pem19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt34
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1000.pem57
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1002.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1003.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1004.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1005.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1006.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1007.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1008.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1009.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100A.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100B.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100C.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100D.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100E.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100F.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1010.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1011.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1012.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1013.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1014.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1015.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1016.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1017.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1018.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1019.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101A.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101B.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101C.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101D.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101E.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101F.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1020.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1021.pem61
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/openssl.cfg295
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_2/demoCA/cacert.pem19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_2/demoCA/crl/DO_NOT_CREATE_A_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_2/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_2/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_2/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_2/demoCA/newcerts/1000.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_2/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_2/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_2/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_3/demoCA/cacert.pem19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_3/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_3/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_3/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_3/demoCA/newcerts/1000.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_3/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_3/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_3/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_4/README.txt4
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_4/demoCA/cacert.pem19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_4/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_4/demoCA/index.txt2
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_4/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_4/demoCA/newcerts/1000.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_4/demoCA/newcerts/1001.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_4/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_4/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_4/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_5/demoCA/cacert.pem19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_5/demoCA/crl/DO_NOT_CREATE_A_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_5/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_5/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_5/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_5/demoCA/newcerts/1001.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_5/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_5/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_5/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_6/README.txt5
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_6/demoCA/cacert.pem19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_6/demoCA/crl/DO_NOT_INSTALL_THIS_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_6/demoCA/crl/Root_6.crlbin0 -> 316 bytes
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_6/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_6/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_6/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_6/demoCA/newcerts/1001.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_6/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_6/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_6/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/README.txt10
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/demoCA/cacert.pem19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/demoCA/crl/DO_NOT_INSTALL_THIS_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/demoCA/crl/Root_7.crlbin0 -> 353 bytes
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/demoCA/index.txt2
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/demoCA/newcerts/1000.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/demoCA/newcerts/1001.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_7/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/README.txt9
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/demoCA/cacert.pem19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/demoCA/crl/DO_NOT_INSTALL_THIS_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/demoCA/crl/Root_8.crlbin0 -> 353 bytes
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/demoCA/index.txt2
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/demoCA/newcerts/1000.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/demoCA/newcerts/1001.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_8/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_9/DO_NOT_INSTALL_THIS_ROOT_CERT.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_9/demoCA/DO_NO_INSTALL_THIS_ROOT_CERTIFICATE0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_9/demoCA/Root_9.crtbin0 -> 776 bytes
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_9/demoCA/cacert.pem19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_9/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_9/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_9/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_9/demoCA/newcerts/1000.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_9/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_9/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_9/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/cacert.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/crl/DO_NOT_CREATE_A_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/newcerts/1000.pem58
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/DO_NOT_INSTALL_THIS_CERTIFICATE0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/README.txt19
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/DO_NOT_INSTALL_THIS_CERTIFICATE0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/Sub_CA_1_Root_10.crtbin0 -> 781 bytes
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/cacert.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crl/DO_NOT_INSTALL_THIS_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crl/Sub_CA_1_Root_10.crlbin0 -> 326 bytes
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/newcerts/1000.pem67
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/openssl.cfg293
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/cacert.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/newcerts/1000.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/req.pem11
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/cacert.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/crl/DO_NOT_CREATE_A_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/newcerts/1000.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/req.pem11
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_4/README.txt4
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_4/demoCA/cacert.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_4/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_4/demoCA/index.txt2
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_4/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_4/demoCA/newcerts/1000.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_4/demoCA/newcerts/1001.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_4/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_4/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_4/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_5/README.txt5
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_5/demoCA/cacert.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_5/demoCA/crl/DO_NOT_INSTALL_THIS_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_5/demoCA/crl/Sub_CA_1_Root_5.crlbin0 -> 325 bytes
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_5/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_5/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_5/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_5/demoCA/newcerts/1002.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_5/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_5/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_5/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_6/demoCA/cacert.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_6/demoCA/crl/DO_NOT_CREATE_A_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_6/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_6/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_6/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_6/demoCA/newcerts/1000.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_6/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_6/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_6/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/README.txt3
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/demoCA/cacert.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/demoCA/crl/DO_NOT_INSTALL_THIS_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/demoCA/crl/Sub_CA_1_Root_7.crlbin0 -> 362 bytes
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/demoCA/index.txt2
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/demoCA/newcerts/1000.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/demoCA/newcerts/1001.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_7/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/README.txt13
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/demoCA/cacert.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/demoCA/crl/DO_NOT_INSTALL_THIS_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/demoCA/crl/Sub_CA_1_Root_8.crlbin0 -> 362 bytes
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/demoCA/index.txt2
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/demoCA/newcerts/1000.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/demoCA/newcerts/1001.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_8/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_9/demoCA/cacert.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_9/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_9/demoCA/index.txt1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_9/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_9/demoCA/newcerts/1000.pem58
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_9/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_9/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_1_Root_9/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_4/README.txt4
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_4/demoCA/cacert.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_4/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_4/demoCA/index.txt2
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_4/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_4/demoCA/newcerts/1001.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_4/demoCA/newcerts/1002.pem60
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_4/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_4/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_4/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/README.txt12
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/demoCA/cacert.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/demoCA/crl/DO_NOT_INSTALL_THIS_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/demoCA/crl/Sub_CA_2_Root_7.crlbin0 -> 362 bytes
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/demoCA/index.txt2
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/demoCA/newcerts/1000.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/demoCA/newcerts/1001.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_7/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/README.txt13
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/demoCA/cacert.pem66
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/demoCA/crl/DO_NOT_INSTALL_THIS_CRL0
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/demoCA/crl/Sub_CA_2_Root_8.crlbin0 -> 362 bytes
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/demoCA/crlnumber1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/demoCA/index.txt2
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/demoCA/index.txt.attr1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/demoCA/newcerts/1002.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/demoCA/newcerts/1003.pem62
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/demoCA/private/cakey.pem18
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/demoCA/serial1
-rwxr-xr-xxmlsecurity/test_docs/CAs/Sub_CA_2_Root_8/openssl.cfg292
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Root_1.crtbin0 -> 776 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Root_10.crtbin0 -> 779 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Root_11.crtbin0 -> 779 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Root_2.crtbin0 -> 776 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Root_3.crtbin0 -> 776 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Root_4.crtbin0 -> 776 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Root_5.crtbin0 -> 776 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Root_6.crtbin0 -> 776 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Root_7.crtbin0 -> 776 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Root_8.crtbin0 -> 776 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_1_Root_1.crtbin0 -> 778 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_1_Root_2.crtbin0 -> 778 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_1_Root_3.crtbin0 -> 778 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_1_Root_4.crtbin0 -> 778 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_1_Root_5.crtbin0 -> 842 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_1_Root_6.crtbin0 -> 842 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_1_Root_7.crtbin0 -> 842 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_1_Root_8.crtbin0 -> 829 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_1_Root_9.crtbin0 -> 778 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_2_Root_4.crtbin0 -> 778 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_2_Root_7.crtbin0 -> 842 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/ca_certs/Sub_CA_2_Root_8.crtbin0 -> 829 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/crl/Root_10.crlbin0 -> 317 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/crl/Root_11.crlbin0 -> 317 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/crl/Root_3.crlbin0 -> 316 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/crl/Root_4.crlbin0 -> 353 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/crl/Root_9.crlbin0 -> 316 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/crl/Sub_CA_1_Root_2.crlbin0 -> 325 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/crl/Sub_CA_1_Root_4.crlbin0 -> 362 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/crl/Sub_CA_1_Root_9.crlbin0 -> 325 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/crl/Sub_CA_2_Root_4.crlbin0 -> 362 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_10_Root_11.crtbin0 -> 739 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_11_Root_11.crtbin0 -> 733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_12_Root_11.crtbin0 -> 729 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_13_Root_11.crtbin0 -> 739 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_14_Root_11.crtbin0 -> 729 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_15_Root_11.crtbin0 -> 720 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_16_Root_11.crtbin0 -> 739 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_17_Root_11.crtbin0 -> 749 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_18_Root_11.crtbin0 -> 714 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_19_Root_11.crtbin0 -> 710 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Root_11.crtbin0 -> 699 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_1_Root_1.crtbin0 -> 706 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_1_Root_10.crtbin0 -> 828 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_1_Root_2.crtbin0 -> 719 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_1_Root_3.crtbin0 -> 719 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_1_Root_4.crtbin0 -> 719 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_1_Root_5.crtbin0 -> 746 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_1_Root_6.crtbin0 -> 746 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_1_Root_7.crtbin0 -> 746 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_1_Root_8.crtbin0 -> 726 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_1_Root_9.crtbin0 -> 673 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_2_Root_4.crtbin0 -> 719 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_2_Root_7.crtbin0 -> 746 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_1_Sub_CA_2_Root_8.crtbin0 -> 726 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_20_Root_11.crtbin0 -> 710 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_21_Root_11.crtbin0 -> 727 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_22_Root_11.crtbin0 -> 739 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_23_Root_11.crtbin0 -> 733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_24_Root_11.crtbin0 -> 729 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_25_Root_11.crtbin0 -> 737 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_26_Root_11.crtbin0 -> 729 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_27_Root_11.crtbin0 -> 705 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_28_Root_11.crtbin0 -> 700 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_29_Root_11.crtbin0 -> 698 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_2_Root_11.crtbin0 -> 695 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_2_Sub_CA_1_Root_4.crtbin0 -> 719 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_2_Sub_CA_1_Root_7.crtbin0 -> 746 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_2_Sub_CA_1_Root_8.crtbin0 -> 726 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_2_Sub_CA_2_Root_4.crtbin0 -> 719 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_2_Sub_CA_2_Root_7.crtbin0 -> 746 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_2_Sub_CA_2_Root_8.crtbin0 -> 726 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_30_Root_11.crtbin0 -> 716 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_31_Root_11.crtbin0 -> 745 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_3_Root_11.crtbin0 -> 719 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_4_Root_11.crtbin0 -> 738 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_5_Root_11.crtbin0 -> 748 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_6_Root_11.crtbin0 -> 713 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_7_Root_11.crtbin0 -> 709 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_8_Root_11.crtbin0 -> 709 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/end_certs/User_9_Root_11.crtbin0 -> 726 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_10_Root_11.p12bin0 -> 1757 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_11_Root_11.p12bin0 -> 1749 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_12_Root_11.p12bin0 -> 1749 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_13_Root_11.p12bin0 -> 1757 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_14_Root_11.p12bin0 -> 1749 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_15_Root_11.p12bin0 -> 1741 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_16_Root_11.p12bin0 -> 1757 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_17_Root_11.p12bin0 -> 1765 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_18_Root_11.p12bin0 -> 1733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_19_Root_11.p12bin0 -> 1725 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Root_11.p12bin0 -> 1717 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_1_Root_1.p12bin0 -> 1725 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_1_Root_10.p12bin0 -> 1845 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_1_Root_2.p12bin0 -> 1733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_1_Root_3.p12bin0 -> 1733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_1_Root_4.p12bin0 -> 1733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_1_Root_5.p12bin0 -> 1765 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_1_Root_6.p12bin0 -> 1765 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_1_Root_7.p12bin0 -> 1765 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_1_Root_8.p12bin0 -> 1741 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_1_Root_9.p12bin0 -> 1693 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_2_Root_4.p12bin0 -> 1733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_2_Root_7.p12bin0 -> 1765 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_1_Sub_CA_2_Root_8.p12bin0 -> 1741 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_20_Root_11.p12bin0 -> 1725 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_21_Root_11.p12bin0 -> 1741 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_22_Root_11.p12bin0 -> 1757 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_23_Root_11.p12bin0 -> 1749 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_24_Root_11.p12bin0 -> 1749 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_25_Root_11.p12bin0 -> 1757 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_26_Root_11.p12bin0 -> 1749 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_27_Root_11.p12bin0 -> 1725 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_28_Root_11.p12bin0 -> 1717 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_29_Root_11.p12bin0 -> 1717 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_2_Root_11.p12bin0 -> 1709 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_2_Sub_CA_1_Root_4.p12bin0 -> 1733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_2_Sub_CA_1_Root_7.p12bin0 -> 1765 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_2_Sub_CA_1_Root_8.p12bin0 -> 1741 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_2_Sub_CA_2_Root_4.p12bin0 -> 1733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_2_Sub_CA_2_Root_7.p12bin0 -> 1765 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_2_Sub_CA_2_Root_8.p12bin0 -> 1741 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_30_Root_11.p12bin0 -> 1733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_31_Root_11.p12bin0 -> 1765 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_3_Root_11.p12bin0 -> 1733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_4_Root_11.p12bin0 -> 1757 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_5_Root_11.p12bin0 -> 1765 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_6_Root_11.p12bin0 -> 1733 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_7_Root_11.p12bin0 -> 1725 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_8_Root_11.p12bin0 -> 1725 bytes
-rwxr-xr-xxmlsecurity/test_docs/certs/p12/User_9_Root_11.p12bin0 -> 1741 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/aia_ca_issuers.odtbin0 -> 9511 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/aia_ocsp.odtbin0 -> 9376 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/aia_ocsp_revoked_chain.odtbin0 -> 9370 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/aia_ocsp_revoked_leaf.odtbin0 -> 9379 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/aia_ocsp_revoked_leaf_chain.odtbin0 -> 9378 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/crl.odtbin0 -> 9354 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/crl_revoked_chain.odtbin0 -> 9352 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/crl_revoked_leaf.odtbin0 -> 9363 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/crl_revoked_leaf_chain.odtbin0 -> 9351 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/crldp.odtbin0 -> 9379 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/crldp_no_intermediate_ca_revocation_info.odtbin0 -> 9382 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/crldp_no_root_revocation_info.odtbin0 -> 9379 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/crldp_revoked_chain.odtbin0 -> 9381 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/crldp_revoked_leaf.odtbin0 -> 9380 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/crldp_revoked_leaf_chain.odtbin0 -> 9383 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/dn_cyrillic_bmpstring.odtbin0 -> 9392 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/dn_latin_ext_greak_bmpstring.odtbin0 -> 9388 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/dn_quoting.odtbin0 -> 28429 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/incomplete_path.odtbin0 -> 9308 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/invalid_ooo2_x_doc1.odtbin0 -> 9550 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/invalid_ooo2_x_doc2.odtbin0 -> 6989 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/invalid_ooo2_x_macro1.odtbin0 -> 12911 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/invalid_ooo2_x_macro2.odtbin0 -> 12929 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/invalid_ooo2_x_macro3.odtbin0 -> 13043 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/invalid_ooo2_x_macro4.odtbin0 -> 13079 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/invalid_ooo2_x_macro5.odtbin0 -> 20336 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/invalid_ooo3_2_doc1.odtbin0 -> 9200 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/invalid_ooo3_2_doc3.odtbin0 -> 8908 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/invalid_ooo3_2_doc4.odtbin0 -> 8997 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/invalid_ooo_3_2_doc2.odtbin0 -> 9199 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/ocsp_crl.odtbin0 -> 9444 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/ocsp_crl_revoked_leaf.odtbin0 -> 9447 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/stateOrProvinceName.odtbin0 -> 10534 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_no_revocation.odtbin0 -> 9341 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_no_root_revocation_info.odtbin0 -> 9349 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_no_sub_ca_revocation_info.odtbin0 -> 9352 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_ooo2_x_doc1.odtbin0 -> 9880 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_ooo2_x_doc_macro.odtbin0 -> 12425 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_ooo2_x_doc_unsigned_macro.odtbin0 -> 10821 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_ooo3_0_doc1.odtbin0 -> 12565 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_ooo3_0_doc_macro.odtbin0 -> 15656 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_ooo3_0_doc_unsigned_macro.odtbin0 -> 13975 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_ooo3_2_doc1.odtbin0 -> 12514 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_ooo3_2_doc_macro.odtbin0 -> 15579 bytes
-rwxr-xr-xxmlsecurity/test_docs/documents/valid_ooo3_2_doc_unsigned_macro.odtbin0 -> 13929 bytes
-rwxr-xr-xxmlsecurity/test_docs/test_description.odtbin0 -> 24746 bytes
-rwxr-xr-xxmlsecurity/test_docs/tools/README.txt23
-rwxr-xr-xxmlsecurity/test_docs/tools/httpserv/build.xml74
-rwxr-xr-xxmlsecurity/test_docs/tools/httpserv/dist/README.TXT33
-rwxr-xr-xxmlsecurity/test_docs/tools/httpserv/dist/httpserv.jarbin0 -> 6994 bytes
-rwxr-xr-xxmlsecurity/test_docs/tools/httpserv/manifest.mf3
-rwxr-xr-xxmlsecurity/test_docs/tools/httpserv/nbproject/build-impl.xml700
-rwxr-xr-xxmlsecurity/test_docs/tools/httpserv/nbproject/genfiles.properties8
-rwxr-xr-xxmlsecurity/test_docs/tools/httpserv/nbproject/project.properties64
-rwxr-xr-xxmlsecurity/test_docs/tools/httpserv/nbproject/project.xml15
-rwxr-xr-xxmlsecurity/test_docs/tools/httpserv/src/httpserv/Main.java213
487 files changed, 14456 insertions, 1561 deletions
diff --git a/cui/source/options/optsave.cxx b/cui/source/options/optsave.cxx
index d313b86c79ec..70ef2d682941 100644
--- a/cui/source/options/optsave.cxx
+++ b/cui/source/options/optsave.cxx
@@ -619,9 +619,17 @@ void SfxSaveTabPage::Reset( const SfxItemSet& )
aDocTypeLB.SelectEntryPos(0);
FilterHdl_Impl(&aDocTypeLB);
}
- catch(Exception& )
+ catch(Exception& e)
{
- DBG_ERROR("exception in FilterFactory access");
+ (void) e;
+ DBG_ERROR(
+ rtl::OUStringToOString(
+ (rtl::OUString(
+ RTL_CONSTASCII_USTRINGPARAM(
+ "exception in FilterFactory access: ")) +
+ e.Message),
+ RTL_TEXTENCODING_UTF8).
+ getStr());
}
pImpl->bInitialized = sal_True;
diff --git a/extensions/source/config/ldap/componentdef.cxx b/extensions/source/config/ldap/componentdef.cxx
index 986866939466..0fd917d2ff9e 100644
--- a/extensions/source/config/ldap/componentdef.cxx
+++ b/extensions/source/config/ldap/componentdef.cxx
@@ -28,14 +28,8 @@
// MARKER(update_precomp.py): autogen include statement, do not remove
#include "precompiled_extensions.hxx"
-#ifndef EXTENSIONS_CONFIG_LDAP_LDAPUSERPROFILE_HXX_
#include "ldapuserprofilebe.hxx"
-#endif //CONFIGMGR_BACKEND_LDAPUSERPROFILE_HXX_
-#include <com/sun/star/registry/XRegistryKey.hpp>
-#ifndef _CPPUHELPER_IMPLEMENTATIONENTRY_HXX_
#include <cppuhelper/implementationentry.hxx>
-#endif // _CPPUHELPER_IMPLEMENTATIONENTRY_HXX_
-#include <rtl/ustrbuf.hxx>
using namespace extensions::config::ldap ;
@@ -70,49 +64,8 @@ extern "C" void SAL_CALL component_getImplementationEnvironment(
extern "C" sal_Bool SAL_CALL component_writeInfo(void *aServiceManager,
void *aRegistryKey) {
- using namespace ::com::sun::star::registry;
- if (aRegistryKey)
- {
-
- /** Service factory */
- uno::Reference<lang::XMultiServiceFactory> xFactory
- (reinterpret_cast<lang::XMultiServiceFactory*> (aServiceManager),
- uno::UNO_QUERY);
-
- rtl::OUStringBuffer aImplKeyName;
- aImplKeyName.appendAscii("/");
- aImplKeyName.append(LdapUserProfileBe::getLdapUserProfileBeName());
-
- rtl::OUString aMainKeyName(RTL_CONSTASCII_USTRINGPARAM("/UNO/SERVICES"));
-
- uno::Reference<XRegistryKey> xNewImplKey(
- reinterpret_cast<XRegistryKey*>
- (aRegistryKey)->createKey(aImplKeyName.makeStringAndClear()));
-
- uno::Reference<XRegistryKey> xNewKey(
- xNewImplKey->createKey(aMainKeyName));
-
- //Now register associated service names
- uno::Sequence<rtl::OUString> sServiceNames =
- LdapUserProfileBe::getLdapUserProfileBeServiceNames();
- for (sal_Int32 i = 0 ; i < sServiceNames.getLength() ; ++ i)
- {
- xNewKey->createKey(sServiceNames[i]);
- }
- //Now register associated org.openoffice.UserProfile component
- //that this backend supports under xNewImplKey
- uno::Reference<XRegistryKey> xComponentKey(
- xNewImplKey->createKey(rtl::OUString::createFromAscii
- ("/DATA/SupportedComponents")));
-
- uno::Sequence<rtl::OUString> aComponentList(1);
- aComponentList[0]= rtl::OUString::createFromAscii
- ("org.openoffice.UserProfile");
-
- xComponentKey->setAsciiListValue(aComponentList);
- return sal_True;
- }
- return sal_False;
+ return cppu::component_writeInfoHelper(
+ aServiceManager, aRegistryKey, kImplementations_entries);
}
//------------------------------------------------------------------------------
diff --git a/extensions/source/config/ldap/ldapaccess.cxx b/extensions/source/config/ldap/ldapaccess.cxx
index 8e049df2d660..c518dc37e94c 100644
--- a/extensions/source/config/ldap/ldapaccess.cxx
+++ b/extensions/source/config/ldap/ldapaccess.cxx
@@ -30,7 +30,6 @@
#include "ldapaccess.hxx"
-#include "ldapuserprof.hxx"
#include <rtl/ustrbuf.hxx>
#include <rtl/strbuf.hxx>
@@ -46,6 +45,8 @@ t_ldap_init LdapConnection::s_p_init = NULL;
t_ldap_msgfree LdapConnection::s_p_msgfree = NULL;
t_ldap_get_dn LdapConnection::s_p_get_dn = NULL;
t_ldap_first_entry LdapConnection::s_p_first_entry = NULL;
+t_ldap_first_attribute LdapConnection::s_p_first_attribute = NULL;
+t_ldap_next_attribute LdapConnection::s_p_next_attribute = NULL;
t_ldap_search_s LdapConnection::s_p_search_s = NULL;
t_ldap_value_free LdapConnection::s_p_value_free = NULL;
t_ldap_get_values LdapConnection::s_p_get_values = NULL;
@@ -188,12 +189,12 @@ void LdapConnection::initConnection()
}
}
//------------------------------------------------------------------------------
- void LdapConnection::getUserProfile(const rtl::OUString& aUser,
- const LdapUserProfileMap& aUserProfileMap,
- LdapUserProfile& aUserProfile)
+ void LdapConnection::getUserProfile(
+ const rtl::OUString& aUser, LdapData * data)
throw (lang::IllegalArgumentException,
ldap::LdapConnectionException, ldap::LdapGenericException)
- {
+{
+ OSL_ASSERT(data != 0);
if (!isValid()) { connectSimple(); }
rtl::OString aUserDn =findUserDn( rtl::OUStringToOString(aUser, RTL_TEXTENCODING_ASCII_US));
@@ -203,18 +204,26 @@ void LdapConnection::initConnection()
aUserDn,
LDAP_SCOPE_BASE,
"(objectclass=*)",
- const_cast<sal_Char **>(aUserProfileMap.getLdapAttributes()),
+ 0,
0, // Attributes + values
&result.msg) ;
checkLdapReturnCode("getUserProfile", retCode,mConnection) ;
-
- aUserProfileMap.ldapToUserProfile(mConnection,
- result.msg,
- aUserProfile) ;
-
- }
+ void * ptr;
+ char * attr = (*s_p_first_attribute)(mConnection, result.msg, &ptr);
+ while (attr != 0) {
+ char ** values = (*s_p_get_values)(mConnection, result.msg, attr);
+ if (values != 0) {
+ data->insert(
+ LdapData::value_type(
+ rtl::OStringToOUString(attr, RTL_TEXTENCODING_ASCII_US),
+ rtl::OStringToOUString(*values, RTL_TEXTENCODING_UTF8)));
+ (*s_p_value_free)(values);
+ }
+ attr = (*s_p_next_attribute)(mConnection, result.msg, ptr);
+ }
+}
//------------------------------------------------------------------------------
rtl::OString LdapConnection::findUserDn(const rtl::OString& aUser)
throw (lang::IllegalArgumentException,
@@ -264,47 +273,6 @@ void LdapConnection::initConnection()
return userDn ;
}
-//------------------------------------------------------------------------------
-rtl::OString LdapConnection::getSingleAttribute(
- const rtl::OString& aDn,
- const rtl::OString& aAttribute)
- throw (ldap::LdapConnectionException, ldap::LdapGenericException)
-{
- if (!isValid()) { connectSimple(); }
- const sal_Char *attributes [2] ;
- rtl::OString value ;
-
- attributes [0] = aAttribute ;
- attributes [1] = 0 ;
- LdapMessageHolder result ;
- LdapErrCode retCode = (*s_p_search_s)(mConnection,
- aDn,
- LDAP_SCOPE_BASE,
- "(objectclass=*)",
- const_cast<sal_Char **>(attributes),
- 0, // Attributes + values
- &result.msg) ;
-
- if (retCode == LDAP_NO_SUCH_OBJECT)
- {
- return value ;
- }
- checkLdapReturnCode("GetSingleAttribute", retCode, mConnection) ;
- LDAPMessage *entry = (*s_p_first_entry)(mConnection, result.msg) ;
-
- if (entry != NULL)
- {
- sal_Char **values = (*s_p_get_values)(mConnection, entry,
- aAttribute) ;
-
- if (values != NULL)
- {
- if (*values != NULL) { value = *values ; }
- (*s_p_value_free)(values) ;
- }
- }
- return value ;
-}
extern "C" { static void SAL_CALL thisModule() {} }
void LdapConnection::loadModule()
@@ -336,6 +304,8 @@ void LdapConnection::loadModule()
s_p_msgfree = (t_ldap_msgfree)(osl_getFunctionSymbol(s_Ldap_Module, ::rtl::OUString::createFromAscii("ldap_msgfree").pData));
s_p_get_dn = (t_ldap_get_dn)(osl_getFunctionSymbol(s_Ldap_Module, ::rtl::OUString::createFromAscii("ldap_get_dn").pData));
s_p_first_entry = (t_ldap_first_entry)(osl_getFunctionSymbol(s_Ldap_Module, ::rtl::OUString::createFromAscii("ldap_first_entry").pData));
+ s_p_first_attribute = (t_ldap_first_attribute)(osl_getFunctionSymbol(s_Ldap_Module, ::rtl::OUString::createFromAscii("ldap_first_attribute").pData));
+ s_p_next_attribute = (t_ldap_next_attribute)(osl_getFunctionSymbol(s_Ldap_Module, ::rtl::OUString::createFromAscii("ldap_next_attribute").pData));
s_p_search_s = (t_ldap_search_s)(osl_getFunctionSymbol(s_Ldap_Module, ::rtl::OUString::createFromAscii("ldap_search_s").pData));
s_p_value_free = (t_ldap_value_free)(osl_getFunctionSymbol(s_Ldap_Module, ::rtl::OUString::createFromAscii("ldap_value_free").pData));
s_p_get_values = (t_ldap_get_values)(osl_getFunctionSymbol(s_Ldap_Module, ::rtl::OUString::createFromAscii("ldap_get_values").pData));
diff --git a/extensions/source/config/ldap/ldapaccess.hxx b/extensions/source/config/ldap/ldapaccess.hxx
index d5f4e0606864..b2ea7970952e 100644
--- a/extensions/source/config/ldap/ldapaccess.hxx
+++ b/extensions/source/config/ldap/ldapaccess.hxx
@@ -28,6 +28,10 @@
#ifndef EXTENSIONS_CONFIG_LDAP_LDAPACCESS_HXX_
#define EXTENSIONS_CONFIG_LDAP_LDAPACCESS_HXX_
+#include "sal/config.h"
+
+#include <map>
+
#include "wrapldapinclude.hxx"
#include <com/sun/star/ldap/LdapGenericException.hpp>
@@ -54,6 +58,8 @@ typedef LDAP_API(LDAP *) (LDAP_CALL *t_ldap_init)( const char *defhost, int defp
typedef LDAP_API(int) (LDAP_CALL *t_ldap_msgfree)( LDAPMessage *lm );
typedef LDAP_API(char *) (LDAP_CALL *t_ldap_get_dn)( LDAP *ld, LDAPMessage *entry );
typedef LDAP_API(LDAPMessage *) (LDAP_CALL *t_ldap_first_entry)( LDAP *ld, LDAPMessage *chain );
+typedef LDAP_API(char *) (LDAP_CALL *t_ldap_first_attribute)( LDAP *ld, LDAPMessage *entry, void **ptr );
+typedef LDAP_API(char *) (LDAP_CALL *t_ldap_next_attribute)( LDAP *ld, LDAPMessage *entry, void *ptr );
typedef LDAP_API(int) (LDAP_CALL *t_ldap_search_s)( LDAP *ld, const char *base, int scope, const char *filter, char **attrs, int attrsonly, LDAPMessage **res );
typedef LDAP_API(void) (LDAP_CALL *t_ldap_value_free)( char **vals );
typedef LDAP_API(char **) (LDAP_CALL *t_ldap_get_values)( LDAP *ld, LDAPMessage *entry, const char *target );
@@ -76,10 +82,10 @@ struct LdapDefinition
rtl::OString mUserObjectClass;
/** User Entity Unique Attribute */
rtl::OString mUserUniqueAttr;
- /** Mapping File */
- rtl::OString mMapping;
} ;
+typedef std::map< rtl::OUString, rtl::OUString > LdapData; // key/value pairs
+
/** Class encapulating all LDAP functionality */
class LdapConnection
{
@@ -95,36 +101,19 @@ public:
throw (ldap::LdapConnectionException,
ldap::LdapGenericException);
- /** query connection status */
- bool isConnected() const { return isValid(); }
-
/**
Gets LdapUserProfile from LDAP repository for specified user
@param aUser name of logged on user
@param aUserProfileMap Map containing LDAP->00o mapping
- @param aUserProfile struct for holding OOo values
+ @param aUserProfile struct for holding OOo values
@throws com::sun::star::ldap::LdapGenericException
if an LDAP error occurs.
*/
- void getUserProfile(const rtl::OUString& aUser,
- const LdapUserProfileMap& aUserProfileMap,
- LdapUserProfile& aUserProfile)
+ void getUserProfile(const rtl::OUString& aUser, LdapData * data)
throw (lang::IllegalArgumentException,
ldap::LdapConnectionException,
ldap::LdapGenericException);
- /**
- Retrieves a single attribute from a single entry.
- @param aDn entry DN
- @param aAttribute attribute name
-
- @throws com::sun::star::ldap::LdapGenericException
- if an LDAP error occurs.
- */
- rtl::OString getSingleAttribute(const rtl::OString& aDn,
- const rtl::OString& aAttribute)
- throw (ldap::LdapConnectionException,
- ldap::LdapGenericException);
/** finds DN of user
@return DN of User
@@ -137,8 +126,6 @@ public:
void loadModule();
static t_ldap_err2string s_p_err2string;
- static t_ldap_value_free s_p_value_free;
- static t_ldap_get_values s_p_get_values;
private:
void initConnection()
@@ -159,6 +146,8 @@ private:
LdapDefinition mLdapDefinition;
static oslModule s_Ldap_Module;
+ static t_ldap_value_free s_p_value_free;
+ static t_ldap_get_values s_p_get_values;
static t_ldap_unbind_s s_p_unbind_s;
static t_ldap_simple_bind_s s_p_simple_bind_s;
static t_ldap_set_option s_p_set_option;
@@ -166,6 +155,8 @@ private:
static t_ldap_msgfree s_p_msgfree;
static t_ldap_get_dn s_p_get_dn;
static t_ldap_first_entry s_p_first_entry;
+ static t_ldap_first_attribute s_p_first_attribute;
+ static t_ldap_next_attribute s_p_next_attribute;
static t_ldap_search_s s_p_search_s;
static t_ldap_memfree s_p_memfree;
diff --git a/extensions/source/config/ldap/ldapbe2.uno.xml b/extensions/source/config/ldap/ldapbe2.uno.xml
deleted file mode 100644
index e365e20f48aa..000000000000
--- a/extensions/source/config/ldap/ldapbe2.uno.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-c<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE module-description PUBLIC "-//StarOffice/DTD ComponentDescription 1.0//EN" "module-description.dtd">
-<module-description xmlns:xlink="http://www.w3.org/1999/xlink">
- <module-name>ldapbe2.uno</module-name>
- <component-description>
- <author>Sarah Smith</author>
- <name>com.sun.star.comp.configuration.backend.LdapUserProfileBe</name>
- <description>The LdapUserProfileBe accesses User Profile settings form a configured LDAP repository</description>
- <loader-name>com.sun.star.loader.SharedLibrary</loader-name>
- <language>C++</language>
- <status value="final"/>
- <supported-service>com.sun.star.configuration.backend.LdapUserProfileBe</supported-service>
- <supported-service>com.sun.star.configuration.backend.PlatformBackend</supported-service>
- <supported-service>com.sun.star.configuration.backend.SingleLayerStratum</supported-service>
- <service-dependency>com.sun.star.configuration.backend.LayerDescriber</service-dependency>
- <type>com.sun.star.configuration.CannotLoadConfigurationException</type>
- <type>com.sun.star.configuration.backend.BackendAccessException</type>
- <type>com.sun.star.configuration.backend.XLayer</type>
- <type>com.sun.star.configuration.backend.XUpdateHandler</type>
- <type>com.sun.star.configuration.backend.XSingleLayerStratum</type>
- <type>com.sun.star.uno.XComponentContext</type>
- <type>com.sun.star.lang.IllegalArgumentException</type>
- <type>com.sun.star.lang.XInitialization</type>
- <type>com.sun.star.lang.XMultiServiceFactory</type>
- <type>com.sun.star.lang.XServiceInfo</type>
- <type>com.sun.star.lang.XSingleServiceFactory</type>
- <type>com.sun.star.lang.XSingleComponentFactory</type>
- <type>com.sun.star.lang.XTypeProvider</type>
- <type>com.sun.star.registry.XRegistryKey</type>
- <type>com.sun.star.uno.Any</type>
- <type>com.sun.star.uno.Sequence</type>
- </component-description>
- <project-build-dependency> comphelper </project-build-dependency>
- <project-build-dependency> vos </project-build-dependency>
- <project-build-dependency> cppuhelper </project-build-dependency>
- <project-build-dependency> salhelper </project-build-dependency>
- <project-build-dependency> cppu </project-build-dependency>
- <project-build-dependency> sal </project-build-dependency>
- <runtime-module-dependency> comphelp2$(COM) </runtime-module-dependency>
- <runtime-module-dependency> vos2$(COM) </runtime-module-dependency>
- <runtime-module-dependency> cppuhelper3$(COM) </runtime-module-dependency>
- <runtime-module-dependency> salhelper3$(COM) </runtime-module-dependency>
- <runtime-module-dependency> cppu3 </runtime-module-dependency>
- <runtime-module-dependency> sal3 </runtime-module-dependency>
-</module-description>
diff --git a/extensions/source/config/ldap/ldapuserprof.cxx b/extensions/source/config/ldap/ldapuserprof.cxx
deleted file mode 100644
index a75a1b0d1447..000000000000
--- a/extensions/source/config/ldap/ldapuserprof.cxx
+++ /dev/null
@@ -1,226 +0,0 @@
-/*************************************************************************
- *
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * Copyright 2000, 2010 Oracle and/or its affiliates.
- *
- * OpenOffice.org - a multi-platform office productivity suite
- *
- * This file is part of OpenOffice.org.
- *
- * OpenOffice.org is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License version 3
- * only, as published by the Free Software Foundation.
- *
- * OpenOffice.org is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License version 3 for more details
- * (a copy is included in the LICENSE file that accompanied this code).
- *
- * You should have received a copy of the GNU Lesser General Public License
- * version 3 along with OpenOffice.org. If not, see
- * <http://www.openoffice.org/license.html>
- * for a copy of the LGPLv3 License.
- *
- ************************************************************************/
-
-// MARKER(update_precomp.py): autogen include statement, do not remove
-#include "precompiled_extensions.hxx"
-#include "ldapuserprof.hxx"
-#include "ldapaccess.hxx"
-namespace extensions { namespace config { namespace ldap {
-//==============================================================================
-
-//------------------------------------------------------------------------------
-
-/**
- Finds the next line in a buffer and returns it, along with a
- modified version of the buffer with the line removed.
-
- @param aString string to extract the next line from
- @param aLine next line
- @return sal_True if a line has been extracted, sal_False otherwise
- */
-static sal_Bool getNextLine(rtl::OString& aString,
- rtl::OString& aLine)
-{
- aString = aString.trim() ;
- const sal_Char *currentChar = aString ;
- const sal_Char *endChar = currentChar + aString.getLength() ;
- sal_Int32 lineThreshold = 0 ;
-
- while (currentChar < endChar &&
- *currentChar != '\r' && *currentChar != '\n') { ++ currentChar ; }
- lineThreshold = currentChar - static_cast<const sal_Char *>(aString) ;
- if (lineThreshold == 0) { return sal_False ; }
- aLine = aString.copy(0, lineThreshold) ;
- aString = aString.copy(lineThreshold) ;
- return sal_True ;
-}
-//------------------------------------------------------------------------------
-
-LdapUserProfileMap::~LdapUserProfileMap(void)
-{
- // No need to delete the contents of the mAttributes array,
- // since they refer to rtl::OStrings stored in the mLdapAttributes
- // array.
- if (mAttributes != NULL)
- {
- delete [] mAttributes ;
- }
-}
-//------------------------------------------------------------------------------
-
-void LdapUserProfileMap::source(const rtl::OString& aMap)
-{
- if (mAttributes != NULL)
- {
- delete [] mAttributes ; mAttributes = NULL ;
- mMapping.clear() ;
- }
- rtl::OString currentLine ;
- rtl::OString buffer = aMap ;
- std::set<rtl::OString> attributes ;
- rtl::OString prefix ;
-
- // First, parse the buffer to find all the mapping definitions.
- // While we're at it, we collect the list of unique LDAP attributes
- // involved in the mapping.
- while (getNextLine(buffer, currentLine))
- {
- addNewMapping(currentLine, attributes, prefix) ;
- }
- // Now we use the list of attributes to build mAttributes
- mAttributes = new const sal_Char * [attributes.size() + 1] ;
- std::set<rtl::OString>::const_iterator attribute ;
- sal_Int32 i = 0 ;
-
- for (attribute = attributes.begin() ;
- attribute != attributes.end() ; ++ attribute)
- {
- mAttributes [i ++] = static_cast<const sal_Char *>(*attribute) ;
- }
- mAttributes [i] = NULL ;
-}
-//------------------------------------------------------------------------------
-
-void LdapUserProfileMap::ldapToUserProfile(LDAP *aConnection,
- LDAPMessage *aEntry,
- LdapUserProfile& aProfile) const
-{
- if (aEntry == NULL) { return ; }
- // Ensure return value has proper size
- aProfile.mProfile.resize(mMapping.size()) ;
- sal_Char **values = NULL ;
-
- for (sal_uInt32 i = 0 ; i < mMapping.size() ; ++ i)
- {
- aProfile.mProfile [i].mAttribute = rtl::OStringToOUString(
- mMapping [i].mProfileElement,
- RTL_TEXTENCODING_ASCII_US);
- rtl::OUString debugStr = aProfile.mProfile [i].mAttribute;
-
- for (sal_uInt32 j = 0 ;
- j < mMapping [i].mLdapAttributes.size() ; ++ j)
- {
- values = (*LdapConnection::s_p_get_values)(aConnection, aEntry,
- mMapping [i].mLdapAttributes [j]) ;
-
- if (values != NULL)
- {
- aProfile.mProfile[i].mValue = rtl::OStringToOUString(
- *values, RTL_TEXTENCODING_UTF8);
- (*LdapConnection::s_p_value_free)(values);
- break;
- }
- }
- }
-}
-//------------------------------------------------------------------------------
-void LdapUserProfileMap::addNewMapping(const rtl::OString& aLine,
- std::set<rtl::OString>& aLdapAttributes,
- rtl::OString& aPrefix)
-{
- if (aLine.getStr() [0] == '#') { return ; }
- sal_Int32 prefixLength = aPrefix.getLength() ;
-
- if (prefixLength == 0)
- {
- sal_Int32 firstSlash = aLine.indexOf('/') ;
-
- if (firstSlash == -1) { return ; }
- sal_Int32 secondSlash = aLine.indexOf('/', firstSlash + 1) ;
-
- if (secondSlash == -1){ return; }
-
-
- mComponentName =
- rtl::OUString::createFromAscii(aLine.copy(0, firstSlash)) ;
- mGroupName =
- rtl::OUString::createFromAscii(aLine.copy(firstSlash + 1,
- secondSlash - firstSlash - 1)) ;
- aPrefix = aLine.copy(0, secondSlash + 1) ;
- prefixLength = secondSlash + 1 ;
-
- }
- else if (aLine.compareTo(aPrefix, prefixLength) != 0)
- {
- return ;
- }
- mMapping.push_back(Mapping()) ;
- if (!mMapping.back().parse(aLine.copy(prefixLength)))
- {
- mMapping.pop_back() ;
- }
- else
- {
- const std::vector<rtl::OString>& attributes =
- mMapping.back().mLdapAttributes ;
- std::vector<rtl::OString>::const_iterator ldapAttribute ;
-
- for (ldapAttribute = attributes.begin() ;
- ldapAttribute != attributes.end() ; ++ ldapAttribute)
- {
- aLdapAttributes.insert(*ldapAttribute) ;
- }
- }
-}
-//------------------------------------------------------------------------------
-
-static sal_Char kMappingSeparator = '=' ;
-static sal_Char kLdapMapSeparator = ',' ;
-
-sal_Bool LdapUserProfileMap::Mapping::parse(const rtl::OString& aLine)
-{
- sal_Int32 index = aLine.indexOf(kMappingSeparator) ;
-
- if (index == -1)
- {
- // Imparsable line
- return sal_False ;
- }
- sal_Int32 oldIndex = index + 1 ;
-
- mProfileElement = aLine.copy(0, index).trim() ;
- mLdapAttributes.clear() ;
- index = aLine.indexOf(kLdapMapSeparator, oldIndex) ;
- while (index != -1)
- {
- mLdapAttributes.push_back(
- aLine.copy(oldIndex, index - oldIndex).trim()) ;
- oldIndex = index + 1 ;
- index = aLine.indexOf(kLdapMapSeparator, oldIndex) ;
- }
- rtl::OString endOfLine = aLine.copy(oldIndex).trim() ;
-
- if (endOfLine.getLength() > 0)
- {
- mLdapAttributes.push_back(endOfLine) ;
- }
- return sal_True ;
-}
-//------------------------------------------------------------------------------
-
-} } } // extensiond.config.ldap
-
diff --git a/extensions/source/config/ldap/ldapuserprof.hxx b/extensions/source/config/ldap/ldapuserprof.hxx
deleted file mode 100644
index 36b9d671ea02..000000000000
--- a/extensions/source/config/ldap/ldapuserprof.hxx
+++ /dev/null
@@ -1,163 +0,0 @@
-/*************************************************************************
- *
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * Copyright 2000, 2010 Oracle and/or its affiliates.
- *
- * OpenOffice.org - a multi-platform office productivity suite
- *
- * This file is part of OpenOffice.org.
- *
- * OpenOffice.org is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License version 3
- * only, as published by the Free Software Foundation.
- *
- * OpenOffice.org is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License version 3 for more details
- * (a copy is included in the LICENSE file that accompanied this code).
- *
- * You should have received a copy of the GNU Lesser General Public License
- * version 3 along with OpenOffice.org. If not, see
- * <http://www.openoffice.org/license.html>
- * for a copy of the LGPLv3 License.
- *
- ************************************************************************/
-
-#ifndef EXTENSIONS_CONFIG_LDAP_LDAPUSERPROF_HXX_
-#define EXTENSIONS_CONFIG_LDAP_LDAPUSERPROF_HXX_
-
-#include "wrapldapinclude.hxx"
-#include <rtl/ustring.hxx>
-#include <rtl/string.hxx>
-
-#ifndef VECTOR_INCLUDED
-#define VECTOR_INCLUDED
-#include <vector>
-#endif // VECTOR_INCLUDED
-
-#ifndef SET_INCLUDED
-#define SET_INCLUDED
-#include <set>
-#endif // SET_INCLUDED
-
-
-namespace extensions { namespace config { namespace ldap {
-
-/** Struct containing the data associated to a UserProfile */
-struct LdapUserProfile {
- /** Struct defining an entry in the profile */
- struct ProfileEntry {
- rtl::OUString mAttribute ;
- rtl::OUString mValue ;
- } ;
- /** List of attribute/value pairs */
- std::vector<ProfileEntry> mProfile ;
-
- typedef std::vector<ProfileEntry>::const_iterator Iterator;
-} ;
-
-/** Provider of UserProfile mapping services */
-class LdapUserProfileMap
-{
- public :
- /** Default constructor, doesn't do much. */
- LdapUserProfileMap() : mAttributes(NULL) {}
- /** Destructor */
- ~LdapUserProfileMap() ;
-
- /**
- Fills the map using a string description of the mapping.
- Each possible UserProfile attribute is mapped to a list
- of LDAP attributes, in order of priority.
- The entry is formatted as:
- <UP Attribute>=<LDAP Attr1>,...,<LDAP AttrN>
-
- @param aMap string description of the mapping
- */
- void source(const rtl::OString& aMap) ;
- /**
- Returns an array of all the LDAP attribute names that may
- be relevant for UserProfile mapping.
-
- @return array of LDAP attribute names
- */
- const sal_Char **getLdapAttributes(void) const { return mAttributes ; }
- /**
- Returns the component name that holds the data
- when presented to the outside.
-
- @return component name
- */
- const rtl::OUString& getComponentName(void) const {
- return mComponentName ;
- }
- /**
- Returns the group name that holds the data when
- presented to the outside world.
-
- @return group name
- */
- const rtl::OUString& getGroupName(void) const {
- return mGroupName ;
- }
- /**
- Struct defining the mapping between UserProfile attributes
- and LDAP ones. It also serves as a crude "schema" of the
- UserProfile component, as the list of profile elements
- is the list of properties in the component and the presence
- or absence of LDAP mapping indicates whether the property
- should be made writable or kept read-only.
- */
- struct Mapping {
- /** Name of the UserProfile element */
- rtl::OString mProfileElement ;
- /** Corresponding LDAP attributes in order of priority */
- std::vector<rtl::OString> mLdapAttributes ;
-
- /** Utility to fill the mapping from a <Prof>=<Ldap1>;...;<LdapN>
- description */
- sal_Bool parse(const rtl::OString& aDescription) ;
- } ;
-
-
- /**
- Maps an LDAP entry to a UserProfile.
-
- @param aConnection LDAP connection to the repository
- @param aEntry entry containing the data
- @param aProfile user profile struct to fill up
- */
- void ldapToUserProfile(LDAP *aConnection,
- LDAPMessage *aEntry,
- LdapUserProfile& aProfile) const ;
-
- private :
- /** Contains the mapping entries */
- std::vector<Mapping> mMapping ;
- /** Contains the LDAP attributes used in a NULL terminated array */
- const sal_Char **mAttributes ;
- /** User profile component name */
- rtl::OUString mComponentName ;
- /** User profile storage group name */
- rtl::OUString mGroupName ;
-
- /**
- Adds a new mapping entry to the list, and collects the
- LDAP attributes involved in the mapping.
-
- @param aMappingDescription string describing the mapping
- @param aLdapAttributes collection of LDAP attributes
- @param aPrefix common prefix to the attributes
- containing the component and group
- name, used for validation
- */
- void addNewMapping(const rtl::OString& aMappingDescription,
- std::set<rtl::OString>& aLdapAttributes,
- rtl::OString& aPrefix) ;
-} ;
-
-} } } // extensions.config.ldap
-
-#endif // EXTENSIONS_CONFIG_LDAP_LDAPUSERPROF_HXX_
diff --git a/extensions/source/config/ldap/ldapuserprofilebe.cxx b/extensions/source/config/ldap/ldapuserprofilebe.cxx
index 9466dfb1371f..5826188c564d 100644
--- a/extensions/source/config/ldap/ldapuserprofilebe.cxx
+++ b/extensions/source/config/ldap/ldapuserprofilebe.cxx
@@ -28,8 +28,8 @@
// MARKER(update_precomp.py): autogen include statement, do not remove
#include "precompiled_extensions.hxx"
+#include "ldapaccess.hxx"
#include "ldapuserprofilebe.hxx"
-#include "ldapuserprofilelayer.hxx"
#include <osl/file.hxx>
#include <osl/module.hxx>
#include <osl/process.h>
@@ -40,63 +40,18 @@
#include <rtl/instance.hxx>
#endif
#include <com/sun/star/beans/NamedValue.hpp>
+#include <com/sun/star/beans/Optional.hpp>
#include <osl/security.hxx>
//==============================================================================
namespace extensions { namespace config { namespace ldap {
-
-static void checkIOError(
- osl::File::RC aErrorCode,
- const rtl::OUString& aFileUrl)
-{
- switch (aErrorCode)
- {
- case osl::File::E_None: // got it
- {
-
- }
- break;
- default:
- {
- rtl::OUStringBuffer sMsg;
- sMsg.appendAscii("LdapUserProfileBe: Cannot Read Meta-Configuration file:");
- sMsg.append(aFileUrl);
- throw backend::BackendSetupException(sMsg.makeStringAndClear(),
- NULL, uno::Any());
- }
- }
-}
-
-//------------------------------------------------------------------------------
-#if 0
-static rtl::OUString getCurrentModuleDirectory() // URL excluding terminating slash
-{
- rtl::OUString aFileURL;
- if ( !osl::Module::getUrlFromAddress((void*)&getCurrentModuleDirectory,aFileURL) )
- {
- OSL_TRACE(false, "Cannot locate current module - using executable instead");
-
- OSL_VERIFY(osl_Process_E_None == osl_getExecutableFile(&aFileURL.pData));
- }
-
- OSL_ENSURE(0 < aFileURL.lastIndexOf('/'), "Cannot find directory for module URL");
-
- return aFileURL.copy(0, aFileURL.lastIndexOf('/') );
-}
-#endif
-//------------------------------------------------------------------------------
LdapUserProfileBe::LdapUserProfileBe( const uno::Reference<uno::XComponentContext>& xContext)
-// throw (backend::BackendAccessException, backend::BackendSetupException, RuntimeException)
: LdapProfileMutexHolder(),
- BackendBase(mMutex),
- mFactory(xContext->getServiceManager(),uno::UNO_QUERY_THROW),
- mContext(xContext),
- mLdapSource( new LdapUserProfileSource ),
- mLoggedOnUser(),
- mUserDN()
+ BackendBase(mMutex)
{
LdapDefinition aDefinition;
+ rtl::OUString loggedOnUser;
// This whole rigmarole is to prevent an infinite recursion where reading
// the configuration for the backend would create another instance of the
@@ -113,16 +68,20 @@ LdapUserProfileBe::LdapUserProfileBe( const uno::Reference<uno::XComponentContex
try
{
bReentrantCall = true ;
- if (! readLdapConfiguration(aDefinition) )
+ if (!readLdapConfiguration(
+ css::uno::Reference< css::lang::XMultiServiceFactory >(
+ xContext->getServiceManager(),
+ css::uno::UNO_QUERY_THROW),
+ &aDefinition, &loggedOnUser))
{
- throw backend::BackendSetupException(
+ throw css::uno::RuntimeException(
rtl::OUString::createFromAscii("LdapUserProfileBe- LDAP not configured"),
- NULL, uno::Any());
+ NULL);
}
bReentrantCall = false ;
}
- catch (uno::Exception&)
+ catch (...)
{
bReentrantCall = false;
throw;
@@ -130,34 +89,10 @@ LdapUserProfileBe::LdapUserProfileBe( const uno::Reference<uno::XComponentContex
}
}
- try
- {
- mLdapSource->mConnection.loadModule();
- mLdapSource->mConnection.connectSimple(aDefinition);
- //Set the UserDN
- mUserDN = mLdapSource->mConnection.findUserDn(
- rtl::OUStringToOString(mLoggedOnUser, RTL_TEXTENCODING_ASCII_US));
- }
- catch (lang::IllegalArgumentException& exception)
- {
- throw backend::BackendSetupException(exception.Message, NULL,
- uno::makeAny(exception)) ;
- }
- catch (ldap::LdapConnectionException& exception)
- {
- throw backend::CannotConnectException(exception.Message, NULL,
- uno::makeAny(exception)) ;
- }
- catch(ldap::LdapGenericException& exception)
- {
- mapGenericException(exception) ;
- }
-
- initializeMappingTable(
- rtl::OStringToOUString(aDefinition.mMapping,
- RTL_TEXTENCODING_ASCII_US));
-
- OSL_POSTCOND(mLdapSource->mConnection.isConnected(),"Erroneously constructed a LdapUserProfileBackend without a LDAP connection");
+ LdapConnection connection;
+ connection.loadModule();
+ connection.connectSimple(aDefinition);
+ connection.getUserProfile(loggedOnUser, &data_);
}
//------------------------------------------------------------------------------
LdapUserProfileBe::~LdapUserProfileBe()
@@ -165,129 +100,11 @@ LdapUserProfileBe::~LdapUserProfileBe()
}
//------------------------------------------------------------------------------
-void LdapUserProfileBe::initializeMappingTable(const rtl::OUString& aFileMapName)
-{
- rtl::OUString aMappingFileUrl = getMappingFileUrl(aFileMapName );
-
- osl::File aFile (aMappingFileUrl);
- checkIOError( aFile.open(OpenFlag_Read), aMappingFileUrl);
-
- sal_uInt64 nFileLength = 0;
- checkIOError( aFile.getSize(nFileLength), aMappingFileUrl);
-
- sal_uInt32 nDataLength = sal_uInt32(nFileLength);
- if (nDataLength != nFileLength)
- {
- throw backend::BackendSetupException(rtl::OUString::createFromAscii
- ("LdapUserProfileBe - can not read entire Mapping File: too big"),
- NULL, uno::Any());
- }
-
- struct RawBuffer
- {
- RawBuffer(sal_Size size) : data(rtl_allocateMemory(size)) {}
- ~RawBuffer() { rtl_freeMemory(data); }
-
- void * data;
- };
- RawBuffer buffer( nDataLength );
-
- sal_uInt64 nRead = 0;
- osl::File::RC result = aFile.read (static_cast<sal_uInt8*>(buffer.data), nDataLength, nRead);
- if (result != osl::File::E_None)
- {
- checkIOError( result, aMappingFileUrl );
- OSL_ASSERT(!"unreached");
- }
-
- if (nRead != nDataLength)
- {
- throw backend::BackendSetupException(rtl::OUString::createFromAscii
- ("LdapUserProfileBe - can not read entire Mapping File"),
- NULL, uno::Any());
- }
-
- rtl::OString aStrBuffer ( static_cast<char*>(buffer.data), sal_uInt32(nDataLength) );
- mLdapSource->mProfileMap.source(aStrBuffer);
-
-}
-//------------------------------------------------------------------------------
-
-static const rtl::OUString kMappingFileSuffix(RTL_CONSTASCII_USTRINGPARAM(
- "-attr.map"));
-
-static const rtl::OUString kMappingUrl(
- RTL_CONSTASCII_USTRINGPARAM("/modules/com.sun.star.configuration/bootstrap/LdapMappingUrl"));
-
-
-static const sal_Unicode kPathSeparator = '/' ;
-static const rtl::OUString kBootstrapContextSingletonName(
- RTL_CONSTASCII_USTRINGPARAM(
- "/singletons/com.sun.star.configuration.bootstrap.theBootstrapContext"));
-
-rtl::OUString LdapUserProfileBe::getMappingFileUrl(const rtl::OUString& aFileMapName) const
-{
- uno::Any aContext = mContext->getValueByName(kBootstrapContextSingletonName);
- uno::Reference<uno::XComponentContext> aBootStrapContext;
-
- rtl::OUString aFileUrl;
- if (aContext >>= aBootStrapContext)
- aBootStrapContext->getValueByName(kMappingUrl) >>= aFileUrl;
-
- if (aFileUrl.getLength() == 0 )
- {
-#if 0
- static const rtl::OUString kMappingDirectory(RTL_CONSTASCII_USTRINGPARAM( "/share/registry/ldap"));
-
- rtl::OUString aModuleUrl = getCurrentModuleDirectory();
- sal_Int32 nIndex = aModuleUrl.lastIndexOf('/');
- if (nIndex == 0)
- {
- throw backend::BackendSetupException(rtl::OUString::createFromAscii
- ("LdapUserProfileBe - can not access Mapping File"),
- NULL, uno::Any());
- }
- rtl::OUString aMappingFileUrl = aModuleUrl.copy(0, nIndex);
- aMappingFileUrl += kMappingDirectory;
- aFileUrl = aMappingFileUrl;
-#else
- throw backend::BackendSetupException(rtl::OUString::createFromAscii
- ("LdapUserProfileBe - can not locate Mapping File"),
- NULL, uno::Any());
-#endif
- }
-
- rtl::OUStringBuffer sFileBuffer(aFileUrl);
- sFileBuffer.append(kPathSeparator);
- sFileBuffer.append (aFileMapName);
- sFileBuffer.append(kMappingFileSuffix);
- return sFileBuffer.makeStringAndClear();
-}
-//------------------------------------------------------------------------------
-void LdapUserProfileBe::mapGenericException(ldap::LdapGenericException& aException)
- throw (backend::InsufficientAccessRightsException,
- backend::ConnectionLostException,
- backend::BackendAccessException)
-{
- switch (aException.ErrorCode)
- {
- case LDAP_INSUFFICIENT_ACCESS:
- throw backend::InsufficientAccessRightsException(aException.Message,
- NULL, uno::makeAny(aException)) ;
-
- case LDAP_SERVER_DOWN:
- case LDAP_CONNECT_ERROR:
- throw backend::ConnectionLostException(aException.Message, NULL,
- uno::makeAny(aException)) ;
- default:
- throw backend::BackendAccessException(aException.Message, NULL,
- uno::makeAny(aException)) ;
- }
-}
-//------------------------------------------------------------------------------
-
-bool LdapUserProfileBe::readLdapConfiguration(LdapDefinition& aDefinition)
+bool LdapUserProfileBe::readLdapConfiguration(
+ css::uno::Reference< css::lang::XMultiServiceFactory > const & factory,
+ LdapDefinition * definition, rtl::OUString * loggedOnUser)
{
+ OSL_ASSERT(factory.is() && definition != 0 && loggedOnUser != 0);
const rtl::OUString kConfigurationProviderService( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.configuration.ConfigurationProvider")) ;
const rtl::OUString kReadOnlyViewService( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.configuration.ConfigurationAccess")) ;
const rtl::OUString kComponent( RTL_CONSTASCII_USTRINGPARAM("org.openoffice.LDAP/UserDirectory"));
@@ -299,14 +116,12 @@ bool LdapUserProfileBe::readLdapConfiguration(LdapDefinition& aDefinition)
const rtl::OUString kPassword(RTL_CONSTASCII_USTRINGPARAM("SearchPassword"));
const rtl::OUString kUserObjectClass(RTL_CONSTASCII_USTRINGPARAM("UserObjectClass"));
const rtl::OUString kUserUniqueAttr(RTL_CONSTASCII_USTRINGPARAM("UserUniqueAttribute"));
- const rtl::OUString kMapping(RTL_CONSTASCII_USTRINGPARAM("Mapping"));
- const rtl::OString kDefaultMappingFile("oo-ldap");
uno::Reference< XInterface > xIface;
try
{
uno::Reference< lang::XMultiServiceFactory > xCfgProvider(
- mFactory->createInstance(kConfigurationProviderService),
+ factory->createInstance(kConfigurationProviderService),
uno::UNO_QUERY);
OSL_ENSURE(xCfgProvider.is(),"LdapUserProfileBe: could not create the configuration provider");
if (!xCfgProvider.is())
@@ -324,26 +139,23 @@ bool LdapUserProfileBe::readLdapConfiguration(LdapDefinition& aDefinition)
uno::Reference<container::XNameAccess > xChildAccess(xIface, uno::UNO_QUERY_THROW);
- if (!getLdapStringParam(xChildAccess, kServer, aDefinition.mServer))
+ if (!getLdapStringParam(xChildAccess, kServer, definition->mServer))
return false;
- if (!getLdapStringParam(xChildAccess, kBaseDN, aDefinition.mBaseDN))
+ if (!getLdapStringParam(xChildAccess, kBaseDN, definition->mBaseDN))
return false;
- aDefinition.mPort=0;
- xChildAccess->getByName(kPort) >>= aDefinition.mPort ;
- if (aDefinition.mPort == 0)
+ definition->mPort=0;
+ xChildAccess->getByName(kPort) >>= definition->mPort ;
+ if (definition->mPort == 0)
return false;
- if (!getLdapStringParam(xAccess, kUserObjectClass, aDefinition.mUserObjectClass))
+ if (!getLdapStringParam(xAccess, kUserObjectClass, definition->mUserObjectClass))
return false;
- if (!getLdapStringParam(xAccess, kUserUniqueAttr, aDefinition.mUserUniqueAttr))
+ if (!getLdapStringParam(xAccess, kUserUniqueAttr, definition->mUserUniqueAttr))
return false;
- getLdapStringParam(xAccess, kUser, aDefinition.mAnonUser);
- getLdapStringParam(xAccess, kPassword, aDefinition.mAnonCredentials);
-
- if (!getLdapStringParam(xAccess, kMapping, aDefinition.mMapping))
- aDefinition.mMapping = kDefaultMappingFile;
+ getLdapStringParam(xAccess, kUser, definition->mAnonUser);
+ getLdapStringParam(xAccess, kPassword, definition->mAnonCredentials);
}
catch (uno::Exception & e)
{
@@ -353,15 +165,15 @@ bool LdapUserProfileBe::readLdapConfiguration(LdapDefinition& aDefinition)
}
osl::Security aSecurityContext;
- if (!aSecurityContext.getUserName(mLoggedOnUser))
+ if (!aSecurityContext.getUserName(*loggedOnUser))
OSL_TRACE("LdapUserProfileBackend - could not get Logged on user from system");
- sal_Int32 nIndex = mLoggedOnUser.indexOf('/');
+ sal_Int32 nIndex = loggedOnUser->indexOf('/');
if (nIndex > 0)
- mLoggedOnUser = mLoggedOnUser.copy(nIndex+1);
+ *loggedOnUser = loggedOnUser->copy(nIndex+1);
//Remember to remove
- OSL_TRACE("Logged on user is %s", rtl::OUStringToOString(mLoggedOnUser,RTL_TEXTENCODING_ASCII_US).getStr());
+ OSL_TRACE("Logged on user is %s", rtl::OUStringToOString(*loggedOnUser,RTL_TEXTENCODING_ASCII_US).getStr());
return true;
}
@@ -379,35 +191,48 @@ bool LdapUserProfileBe::getLdapStringParam(
return aServerParameter.getLength() != 0;
}
//------------------------------------------------------------------------------
-uno::Reference<backend::XLayer> SAL_CALL LdapUserProfileBe::getLayer(
- const rtl::OUString& /*aComponent*/, const rtl::OUString& /*aTimestamp*/)
- throw (backend::BackendAccessException, lang::IllegalArgumentException,uno::RuntimeException)
+void LdapUserProfileBe::setPropertyValue(
+ rtl::OUString const &, css::uno::Any const &)
+ throw (
+ css::beans::UnknownPropertyException, css::beans::PropertyVetoException,
+ css::lang::IllegalArgumentException, css::lang::WrappedTargetException,
+ css::uno::RuntimeException)
{
- OSL_PRECOND(mLdapSource->mConnection.isConnected(), "LdapUserProfileBackend invoked without a connection");
- if (!mLdapSource->mConnection.isConnected())
- return NULL;
-
- const rtl::OString kModificationAttribute = "modifyTimeStamp";
-
- rtl::OString aTimeStamp = mLdapSource->mConnection.
- getSingleAttribute( mUserDN, kModificationAttribute);
-
- return new LdapUserProfileLayer(
- mFactory, mLoggedOnUser, mLdapSource,
- rtl::OStringToOUString(aTimeStamp, RTL_TEXTENCODING_ASCII_US));
+ throw css::lang::IllegalArgumentException(
+ rtl::OUString(
+ RTL_CONSTASCII_USTRINGPARAM("setPropertyValue not supported")),
+ static_cast< cppu::OWeakObject * >(this), -1);
}
-//------------------------------------------------------------------------------
-uno::Reference<backend::XUpdatableLayer> SAL_CALL
-LdapUserProfileBe::getUpdatableLayer(const rtl::OUString& /*aComponent*/)
- throw (backend::BackendAccessException,lang::NoSupportException,
- lang::IllegalArgumentException,uno::RuntimeException)
+css::uno::Any LdapUserProfileBe::getPropertyValue(
+ rtl::OUString const & PropertyName)
+ throw (
+ css::beans::UnknownPropertyException, css::lang::WrappedTargetException,
+ css::uno::RuntimeException)
{
- throw lang::NoSupportException(
- rtl::OUString::createFromAscii(
- "LdapUserProfileBe: No Update Operation allowed, Read Only access"),
- *this) ;
+ for (sal_Int32 i = 0;;) {
+ sal_Int32 j = PropertyName.indexOf(',', i);
+ if (j == -1) {
+ j = PropertyName.getLength();
+ }
+ if (j == i) {
+ throw css::beans::UnknownPropertyException(
+ PropertyName, static_cast< cppu::OWeakObject * >(this));
+ }
+ LdapData::iterator k(data_.find(PropertyName.copy(i, j - i)));
+ if (k != data_.end()) {
+ return css::uno::makeAny(
+ css::beans::Optional< css::uno::Any >(
+ true, css::uno::makeAny(k->second)));
+ }
+ if (j == PropertyName.getLength()) {
+ break;
+ }
+ i = j + 1;
+ }
+ return css::uno::makeAny(css::beans::Optional< css::uno::Any >());
}
+
//------------------------------------------------------------------------------
rtl::OUString SAL_CALL LdapUserProfileBe::getLdapUserProfileBeName(void) {
return rtl::OUString::createFromAscii("com.sun.star.comp.configuration.backend.LdapUserProfileBe") ;
@@ -423,10 +248,8 @@ rtl::OUString SAL_CALL LdapUserProfileBe::getImplementationName(void)
uno::Sequence<rtl::OUString> SAL_CALL LdapUserProfileBe::getLdapUserProfileBeServiceNames(void)
{
- uno::Sequence<rtl::OUString> aServices(2) ;
+ uno::Sequence<rtl::OUString> aServices(1) ;
aServices[0] = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.configuration.backend.LdapUserProfileBe")) ;
- aServices[1] = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.configuration.backend.PlatformBackend")) ;
-
return aServices ;
}
//------------------------------------------------------------------------------
diff --git a/extensions/source/config/ldap/ldapuserprofilebe.hxx b/extensions/source/config/ldap/ldapuserprofilebe.hxx
index 240a7b364e24..f19e9e275a55 100644
--- a/extensions/source/config/ldap/ldapuserprofilebe.hxx
+++ b/extensions/source/config/ldap/ldapuserprofilebe.hxx
@@ -28,41 +28,33 @@
#ifndef EXTENSIONS_CONFIG_LDAP_LDAPUSERPROFILEBE_HXX_
#define EXTENSIONS_CONFIG_LDAP_LDAPUSERPROFILEBE_HXX_
-#include "ldapuserprof.hxx"
-#include "ldapaccess.hxx"
-#include "ldapuserprofilelayer.hxx"
-#include <com/sun/star/configuration/backend/XSingleLayerStratum.hpp>
+#include <com/sun/star/beans/XPropertySet.hpp>
#include <com/sun/star/lang/XInitialization.hpp>
#include <com/sun/star/uno/XComponentContext.hpp>
#include <com/sun/star/lang/XServiceInfo.hpp>
#include <com/sun/star/lang/XMultiServiceFactory.hpp>
-#include <com/sun/star/configuration/backend/CannotConnectException.hpp>
-#include <com/sun/star/configuration/backend/InsufficientAccessRightsException.hpp>
-#include <com/sun/star/configuration/backend/ConnectionLostException.hpp>
#include <com/sun/star/container/XNameAccess.hpp>
#include <com/sun/star/lang/IllegalArgumentException.hpp>
#include <cppuhelper/compbase2.hxx>
+#include "ldapaccess.hxx"
-#define CONTEXT_ITEM_PREFIX_ "/modules/com.sun.star.configuration/bootstrap/"
namespace extensions { namespace config { namespace ldap {
namespace css = com::sun::star ;
namespace uno = css::uno ;
namespace lang = css::lang ;
-namespace ldap= css::ldap ;
-namespace backend = css::configuration::backend ;
namespace container = css::container;
-//------------------------------------------------------------------------------
-//------------------------------------------------------------------------------
-typedef cppu::WeakComponentImplHelper2<backend::XSingleLayerStratum,
+struct LdapDefinition;
+
+typedef cppu::WeakComponentImplHelper2<css::beans::XPropertySet,
lang::XServiceInfo> BackendBase ;
struct LdapProfileMutexHolder { osl::Mutex mMutex; };
/**
Implements the PlatformBackend service, a specialization of the
- SingleLayerStratum service for retreiving LDAP user profile
+ XPropertySet service for retreiving LDAP user profile
configuration settings from a LDAP repsoitory.
*/
class LdapUserProfileBe : private LdapProfileMutexHolder, public BackendBase
@@ -70,7 +62,6 @@ class LdapUserProfileBe : private LdapProfileMutexHolder, public BackendBase
public :
LdapUserProfileBe(const uno::Reference<uno::XComponentContext>& xContext);
- // throw(backend::BackendAccessException, backend::BackendSetupException, RuntimeException);
~LdapUserProfileBe(void) ;
// XServiceInfo
@@ -86,19 +77,57 @@ class LdapUserProfileBe : private LdapProfileMutexHolder, public BackendBase
getSupportedServiceNames( )
throw (uno::RuntimeException) ;
- //XSingleLayerStratum
- virtual uno::Reference<backend::XLayer> SAL_CALL
- getLayer( const rtl::OUString& aLayerId, const rtl::OUString& aTimestamp )
- throw (backend::BackendAccessException,
- lang::IllegalArgumentException,
- uno::RuntimeException) ;
-
- virtual uno::Reference<backend::XUpdatableLayer> SAL_CALL
- getUpdatableLayer( const rtl::OUString& aLayerId )
- throw (backend::BackendAccessException,
- lang::NoSupportException,
- lang::IllegalArgumentException,
- uno::RuntimeException) ;
+ // XPropertySet
+ virtual css::uno::Reference< css::beans::XPropertySetInfo > SAL_CALL
+ getPropertySetInfo() throw (css::uno::RuntimeException)
+ { return css::uno::Reference< css::beans::XPropertySetInfo >(); }
+
+ virtual void SAL_CALL setPropertyValue(
+ rtl::OUString const &, css::uno::Any const &)
+ throw (
+ css::beans::UnknownPropertyException,
+ css::beans::PropertyVetoException,
+ css::lang::IllegalArgumentException,
+ css::lang::WrappedTargetException, css::uno::RuntimeException);
+
+ virtual css::uno::Any SAL_CALL getPropertyValue(
+ rtl::OUString const & PropertyName)
+ throw (
+ css::beans::UnknownPropertyException,
+ css::lang::WrappedTargetException, css::uno::RuntimeException);
+
+ virtual void SAL_CALL addPropertyChangeListener(
+ rtl::OUString const &,
+ css::uno::Reference< css::beans::XPropertyChangeListener > const &)
+ throw (
+ css::beans::UnknownPropertyException,
+ css::lang::WrappedTargetException, css::uno::RuntimeException)
+ {}
+
+ virtual void SAL_CALL removePropertyChangeListener(
+ rtl::OUString const &,
+ css::uno::Reference< css::beans::XPropertyChangeListener > const &)
+ throw (
+ css::beans::UnknownPropertyException,
+ css::lang::WrappedTargetException, css::uno::RuntimeException)
+ {}
+
+ virtual void SAL_CALL addVetoableChangeListener(
+ rtl::OUString const &,
+ css::uno::Reference< css::beans::XVetoableChangeListener > const &)
+ throw (
+ css::beans::UnknownPropertyException,
+ css::lang::WrappedTargetException, css::uno::RuntimeException)
+ {}
+
+ virtual void SAL_CALL removeVetoableChangeListener(
+ rtl::OUString const &,
+ css::uno::Reference< css::beans::XVetoableChangeListener > const &)
+ throw (
+ css::beans::UnknownPropertyException,
+ css::lang::WrappedTargetException, css::uno::RuntimeException)
+ {}
+
/**
Provides the implementation name.
@return implementation name
@@ -112,35 +141,16 @@ class LdapUserProfileBe : private LdapProfileMutexHolder, public BackendBase
getLdapUserProfileBeServiceNames(void) ;
private:
- /** Build OO/LDAP attribute mapping table */
- void initializeMappingTable (const rtl::OUString& aFileMapName);
/** Check if LDAP is configured */
- bool readLdapConfiguration(LdapDefinition& aDefinition);
+ bool readLdapConfiguration(
+ uno::Reference<lang::XMultiServiceFactory> const & factory,
+ LdapDefinition * definition, rtl::OUString * loggedOnUser);
bool getLdapStringParam(uno::Reference<container::XNameAccess>& xAccess,
const rtl::OUString& aLdapSetting,
rtl::OString& aServerParameter);
- void mapGenericException(ldap::LdapGenericException& aException)
- throw (backend::InsufficientAccessRightsException,
- backend::ConnectionLostException,
- backend::BackendAccessException);
- /** Connect to LDAP server */
- void connectToLdapServer(const LdapDefinition& aDefinition );
- /** Get URL of OO-to-LDAP Mapping File */
- rtl::OUString getMappingFileUrl(const rtl::OUString& aFileMapName) const;
-
- /** Service Factory object */
- uno::Reference<lang::XMultiServiceFactory> mFactory;
- /** Component Context */
- uno::Reference<uno::XComponentContext> mContext ;
- /** Object for LDAP functionality */
- LdapUserProfileSourceRef mLdapSource;
- /**Currently logged in user */
- rtl::OUString mLoggedOnUser ;
- /** DN of currently logged in user */
- rtl::OString mUserDN;
-
+ LdapData data_;
} ;
//------------------------------------------------------------------------------
}}}
diff --git a/extensions/source/config/ldap/ldapuserprofilelayer.cxx b/extensions/source/config/ldap/ldapuserprofilelayer.cxx
deleted file mode 100644
index 9c9afbe8989c..000000000000
--- a/extensions/source/config/ldap/ldapuserprofilelayer.cxx
+++ /dev/null
@@ -1,244 +0,0 @@
-/*************************************************************************
- *
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * Copyright 2000, 2010 Oracle and/or its affiliates.
- *
- * OpenOffice.org - a multi-platform office productivity suite
- *
- * This file is part of OpenOffice.org.
- *
- * OpenOffice.org is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License version 3
- * only, as published by the Free Software Foundation.
- *
- * OpenOffice.org is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License version 3 for more details
- * (a copy is included in the LICENSE file that accompanied this code).
- *
- * You should have received a copy of the GNU Lesser General Public License
- * version 3 along with OpenOffice.org. If not, see
- * <http://www.openoffice.org/license.html>
- * for a copy of the LGPLv3 License.
- *
- ************************************************************************/
-
-// MARKER(update_precomp.py): autogen include statement, do not remove
-#include "precompiled_extensions.hxx"
-#include "ldapuserprofilelayer.hxx"
-#include <com/sun/star/configuration/backend/PropertyInfo.hpp>
-#include <com/sun/star/configuration/backend/ConnectionLostException.hpp>
-#ifndef _COM_SUN_STAR_BEANS_PROPERTYATTRIBUTE_HPP_
-// on windows this is defined indirectly by <ldap.h>
-#undef OPTIONAL
-#include <com/sun/star/beans/PropertyAttribute.hpp>
-#endif
-#include <rtl/ustrbuf.hxx>
-#include <com/sun/star/uno/Sequence.hxx>
-
-//==============================================================================
-namespace extensions { namespace config { namespace ldap {
-
-static const sal_Unicode kPathSeparator = '/' ;
-
-static
-uno::Reference<backend::XLayerContentDescriber>
- newLayerDescriber(const uno::Reference<lang::XMultiServiceFactory>& xFactory)
-{
- typedef uno::Reference<backend::XLayerContentDescriber> LayerDescriber;
-
- rtl::OUString const k_sLayerDescriberService (
- RTL_CONSTASCII_USTRINGPARAM("com.sun.star.comp.configuration.backend.LayerDescriber"));
-
- LayerDescriber xResult(xFactory->createInstance(k_sLayerDescriberService), uno::UNO_QUERY_THROW);
- return xResult;
-}
-//------------------------------------------------------------------------------
-
-void LdapUserProfileSource::getUserProfile(const rtl::OUString & aUser, LdapUserProfile & aProfile)
-{
- mConnection.getUserProfile(aUser,
- mProfileMap,
- aProfile);
-}
-
-rtl::OUString LdapUserProfileSource::getComponentName() const
-{
- return mProfileMap.getComponentName();
-}
-
-rtl::OUString LdapUserProfileSource::getConfigurationBasePath() const
-{
- rtl::OUStringBuffer sComponentNameBuffer(mProfileMap.getComponentName());
- sComponentNameBuffer.append(kPathSeparator);
- sComponentNameBuffer.append (mProfileMap.getGroupName());
- sComponentNameBuffer.append(kPathSeparator);
-
- return sComponentNameBuffer.makeStringAndClear();
-}
-//------------------------------------------------------------------------------
-
-struct LdapUserProfileLayer::ProfileData
-{
- LdapUserProfile mProfile;
- rtl::OUString mBasePath;
-
- explicit ProfileData(LdapUserProfileSource & aSource, const rtl::OUString & aUser)
- {
- aSource.getUserProfile(aUser, mProfile);
- mBasePath = aSource.getConfigurationBasePath();
- }
-};
-//------------------------------------------------------------------------------
-
-LdapUserProfileLayer::LdapUserProfileLayer(
- const uno::Reference<lang::XMultiServiceFactory>& xFactory,
- const rtl::OUString& aUser,
- const LdapUserProfileSourceRef & aUserProfileSource,
- const rtl::OUString& aTimestamp)
-: mLayerDescriber( newLayerDescriber(xFactory) )
-, mSource( aUserProfileSource )
-, mUser(aUser)
-, mTimestamp(aTimestamp)
-, mProfile( 0 )
-{
- OSL_ASSERT(mSource.is());
-}
-
-//------------------------------------------------------------------------------
-LdapUserProfileLayer::~LdapUserProfileLayer()
-{
- delete mProfile;
-}
-//------------------------------------------------------------------------------
-
-#define PROPNAME( name ) rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( name ) )
-#define PROPTYPE( type ) getCppuType( static_cast< type const *>( 0 ) )
-
-const sal_Int32 LAYER_PROPERTY_URL = 1;
-
-cppu::IPropertyArrayHelper * SAL_CALL LdapUserProfileLayer::newInfoHelper()
-{
- using com::sun::star::beans::Property;
- using namespace com::sun::star::beans::PropertyAttribute;
-
- Property properties[] =
- {
- Property(PROPNAME("URL"), LAYER_PROPERTY_URL, PROPTYPE(rtl::OUString), READONLY)
- };
-
- return new cppu::OPropertyArrayHelper(properties, sizeof(properties)/sizeof(properties[0]));
-}
-//------------------------------------------------------------------------------
-
-void SAL_CALL LdapUserProfileLayer::getFastPropertyValue( uno::Any& rValue, sal_Int32 nHandle ) const
-{
- switch (nHandle)
- {
- case LAYER_PROPERTY_URL:
- {
- rtl::OUStringBuffer aURL;
- aURL.appendAscii("ldap-user-profile:");
- aURL.append(mUser);
- aURL.append(sal_Unicode('@'));
- if (mSource.is())
- aURL.append(mSource->getComponentName());
- else
- aURL.appendAscii("<NULL>");
-
- rValue <<= aURL.makeStringAndClear();
- }
- break;
-
- default:
- OSL_ENSURE(false, "Error: trying to get an UNKNOWN property");
- break;
- }
-}
-//------------------------------------------------------------------------------
-
-bool LdapUserProfileLayer::readProfile()
-{
- if (mSource.is())
- try
- {
- OSL_ASSERT(!mProfile);
- mProfile = new ProfileData(*mSource,mUser);
-
- mSource.clear();
- }
- catch (ldap::LdapConnectionException & e)
- {
- // without existing Ldap Connection we should never have gotten a timestamp
- OSL_ENSURE(false, "Unexpected: Have Ldap Backedn Layer but no vaild LDAP connection ?!");
- throw backend::ConnectionLostException(e.Message, *this, uno::makeAny(e) );
- }
- catch (ldap::LdapGenericException & e)
- {
- throw backend::BackendAccessException(e.Message, *this, uno::makeAny(e) );
- }
- OSL_ASSERT( !mSource.is() );
- OSL_ASSERT( mProfile != 0 );
- return mProfile != 0;
-}
-//------------------------------------------------------------------------------
-
-void SAL_CALL LdapUserProfileLayer::readData(
- const uno::Reference<backend::XLayerHandler>& xHandler)
- throw ( backend::MalformedDataException,
- lang::NullPointerException,
- lang::WrappedTargetException,
- uno::RuntimeException)
-{
- std::vector<backend::PropertyInfo> aPropList;
-#ifdef SUPPRESS_BACKEND_ERRORS
- try
-#endif
- if ( readProfile() )
- {
- // initialize PropInfo members that are the same for all settings
- const rtl::OUString k_sTypeString(RTL_CONSTASCII_USTRINGPARAM("string"));
-
- backend::PropertyInfo aPropInfo;
- aPropInfo.Type = k_sTypeString;
- aPropInfo.Protected = sal_False;
-
- LdapUserProfile * pProfile = &mProfile->mProfile;
- aPropList.reserve(pProfile->mProfile.size());
-
- for (LdapUserProfile::Iterator entry = pProfile->mProfile.begin() ;
- entry != pProfile->mProfile.end() ; ++ entry)
- {
- if (entry->mAttribute.getLength()==0) { continue ; }
- if (entry->mValue.getLength()==0) { continue ; }
-
- aPropInfo.Name = mProfile->mBasePath + entry->mAttribute;
- aPropInfo.Value <<= entry->mValue;
-
- aPropList.push_back(aPropInfo);
- }
- }
-#ifdef SUPPRESS_BACKEND_ERRORS
- catch (uno::Exception & e)
- {
- OSL_TRACE("LDAP Backend - Reading data from LDAP failed: %s\n",
- rtl::OUStringToOString( e.Message, RTL_TEXTENCODING_ASCII_US ).getStr() );
- }
-#endif
-
- if ( !aPropList.empty())
- {
- //Describe UserProfileLayer (the list of properties) to the XHandler
- //Object using com.sun.star.comp.backend.LayerContentDescriber Service
- uno::Sequence<backend::PropertyInfo> aPropInfoList(&aPropList.front(),aPropList.size());
-
- mLayerDescriber->describeLayer(xHandler, aPropInfoList);
- }
- // else { check handler not NULL; xHandler->startLayer(); xHandler->endLayer(); }
-}
-//------------------------------------------------------------------------------
-}}}
-//------------------------------------------------------------------------------
-
diff --git a/extensions/source/config/ldap/ldapuserprofilelayer.hxx b/extensions/source/config/ldap/ldapuserprofilelayer.hxx
deleted file mode 100644
index c87bccc02d38..000000000000
--- a/extensions/source/config/ldap/ldapuserprofilelayer.hxx
+++ /dev/null
@@ -1,121 +0,0 @@
-/*************************************************************************
- *
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * Copyright 2000, 2010 Oracle and/or its affiliates.
- *
- * OpenOffice.org - a multi-platform office productivity suite
- *
- * This file is part of OpenOffice.org.
- *
- * OpenOffice.org is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License version 3
- * only, as published by the Free Software Foundation.
- *
- * OpenOffice.org is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License version 3 for more details
- * (a copy is included in the LICENSE file that accompanied this code).
- *
- * You should have received a copy of the GNU Lesser General Public License
- * version 3 along with OpenOffice.org. If not, see
- * <http://www.openoffice.org/license.html>
- * for a copy of the LGPLv3 License.
- *
- ************************************************************************/
-
-#ifndef EXTENSIONS_CONFIG_LDAP_LADPUSERPROFILELAYER_HXX_
-#define EXTENSIONS_CONFIG_LDAP_LADPUSERPROFILELAYER_HXX_
-
-#include "ldapuserprof.hxx"
-#include "ldapaccess.hxx"
-
-#include "propertysethelper.hxx"
-#include <com/sun/star/configuration/backend/XLayer.hpp>
-#include <com/sun/star/configuration/backend/BackendAccessException.hpp>
-
-#ifndef _COM_SUN_STAR_CONFIGURATION_BACKEND_XLAYERCONTENTDESCIBER_HPP_
-#include <com/sun/star/configuration/backend/XLayerContentDescriber.hpp>
-#endif
-#include <com/sun/star/util/XTimeStamped.hpp>
-#include <cppuhelper/implbase2.hxx>
-#include <salhelper/simplereferenceobject.hxx>
-#include <rtl/ref.hxx>
-
-
-namespace extensions { namespace config { namespace ldap {
-
-namespace css = com::sun::star ;
-namespace uno = css::uno ;
-namespace lang = css::lang ;
-namespace backend = css::configuration::backend ;
-namespace util = css::util ;
-
-//------------------------------------------------------------------------------
-struct LdapUserProfileSource : public salhelper::SimpleReferenceObject
-{
- LdapConnection mConnection;
- LdapUserProfileMap mProfileMap;
-
- rtl::OUString getComponentName() const;
- rtl::OUString getConfigurationBasePath() const;
- void getUserProfile(rtl::OUString const & aUser, LdapUserProfile & aProfile);
-};
-typedef rtl::Reference< LdapUserProfileSource > LdapUserProfileSourceRef;
-//------------------------------------------------------------------------------
-
-/**
- Implementation of the XLayer interfaces for LdapUserProfileBe.
- Class reads UserProfile setting form LDAP.
- The timestamp indicates the last modification time
- */
- class LdapUserProfileLayer : public cppu::ImplInheritanceHelper2<
- apihelper::ReadOnlyPropertySetHelper,
- backend::XLayer,
- util::XTimeStamped>
-{
- public :
- /** Constructor */
- LdapUserProfileLayer(
- const uno::Reference<lang::XMultiServiceFactory>& xFactory,
- const rtl::OUString& aUser,
- const LdapUserProfileSourceRef & aUserProfileSource,
- const rtl::OUString& aTimestamp);
- // throw (uno::RuntimeException
-
- /** Destructor */
- ~LdapUserProfileLayer();
-
- // XLayer
- virtual void SAL_CALL readData(
- const uno::Reference<backend::XLayerHandler>& xHandler)
- throw ( backend::MalformedDataException,
- lang::NullPointerException,
- lang::WrappedTargetException,
- uno::RuntimeException) ;
-
- // XTimeStamped
- virtual rtl::OUString SAL_CALL getTimestamp(void)
- throw (uno::RuntimeException)
- { return mTimestamp; }
-
- protected:
- // PropertySetHelper
- virtual cppu::IPropertyArrayHelper * SAL_CALL newInfoHelper();
-
- virtual void SAL_CALL getFastPropertyValue( uno::Any& rValue, sal_Int32 nHandle ) const;
- private :
- struct ProfileData;
- bool readProfile();
-
- uno::Reference<backend::XLayerContentDescriber> mLayerDescriber;
- LdapUserProfileSourceRef mSource;
- rtl::OUString mUser;
- rtl::OUString mTimestamp;
- ProfileData * mProfile;
- private:
- using cppu::OPropertySetHelper::getFastPropertyValue;
- } ;
-}}}
-#endif // EXTENSIONS_CONFIG_LDAP_LADPUSERPROFILELAYER_HXX_
diff --git a/extensions/source/config/ldap/makefile.mk b/extensions/source/config/ldap/makefile.mk
index 58fea69cd309..a27cb39b6225 100644
--- a/extensions/source/config/ldap/makefile.mk
+++ b/extensions/source/config/ldap/makefile.mk
@@ -27,7 +27,6 @@
PRJ=..$/..$/..
-PRJINC=$(PRJ)$/source
PRJNAME=extensions
TARGET=ldapbe
ENABLE_EXCEPTIONS=TRUE
@@ -64,10 +63,7 @@ SOLARINC+= $(LDAPSDKINCLUDES)
SLOFILES=\
$(SLO)$/ldapuserprofilebe.obj \
- $(SLO)$/ldapuserprof.obj \
$(SLO)$/ldapaccess.obj \
- $(SLO)$/ldapuserprofilelayer.obj \
- $(SLO)$/propertysethelper.obj \
$(SLO)$/componentdef.obj
LIB1TARGET=$(SLB)$/_$(TARGET).lib
diff --git a/extensions/source/config/ldap/propertysethelper.cxx b/extensions/source/config/ldap/propertysethelper.cxx
deleted file mode 100644
index 6bdf17ccf0e8..000000000000
--- a/extensions/source/config/ldap/propertysethelper.cxx
+++ /dev/null
@@ -1,150 +0,0 @@
-/*************************************************************************
- *
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * Copyright 2000, 2010 Oracle and/or its affiliates.
- *
- * OpenOffice.org - a multi-platform office productivity suite
- *
- * This file is part of OpenOffice.org.
- *
- * OpenOffice.org is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License version 3
- * only, as published by the Free Software Foundation.
- *
- * OpenOffice.org is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License version 3 for more details
- * (a copy is included in the LICENSE file that accompanied this code).
- *
- * You should have received a copy of the GNU Lesser General Public License
- * version 3 along with OpenOffice.org. If not, see
- * <http://www.openoffice.org/license.html>
- * for a copy of the LGPLv3 License.
- *
- ************************************************************************/
-
-// MARKER(update_precomp.py): autogen include statement, do not remove
-#include "precompiled_extensions.hxx"
-
-#include "propertysethelper.hxx"
-#include <com/sun/star/lang/XTypeProvider.hpp>
-
-#include <cppuhelper/typeprovider.hxx>
-
-//..........................................................................
-namespace extensions {
- namespace apihelper {
-//..........................................................................
- namespace uno = com::sun::star::uno;
- namespace lang = com::sun::star::lang;
- namespace beans = com::sun::star::beans;
-//..........................................................................
-PropertySetHelper::PropertySetHelper()
-: BroadcasterBase()
-, cppu::OWeakObject()
-, cppu::OPropertySetHelper( BroadcasterBase::getBroadcastHelper() )
-, m_pHelper(0)
-{
-}
-
-//..........................................................................
-PropertySetHelper::~PropertySetHelper()
-{
- delete m_pHelper;
-}
-
-//..........................................................................
-// XInterface
-uno::Any SAL_CALL PropertySetHelper::queryInterface( uno::Type const & rType ) throw (uno::RuntimeException)
-{
- uno::Any aResult = cppu::OPropertySetHelper::queryInterface(rType);
- if (!aResult.hasValue())
- aResult = OWeakObject::queryInterface(rType);
- return aResult;
-}
-
-void SAL_CALL PropertySetHelper::acquire() throw ()
-{
- OWeakObject::acquire();
-}
-
-void SAL_CALL PropertySetHelper::release() throw ()
-{
- if (m_refCount == 1)
- this->disposing();
-
- OWeakObject::release();
-}
-
-//..........................................................................
-// XTypeProvider
-uno::Sequence< uno::Type > SAL_CALL PropertySetHelper::getTypes() throw (uno::RuntimeException)
-{
- // could be static instance
- cppu::OTypeCollection aTypes(
- ::getCppuType( static_cast< uno::Reference< beans::XPropertySet > const * >(0) ),
- ::getCppuType( static_cast< uno::Reference< beans::XMultiPropertySet > const * >(0) ),
- ::getCppuType( static_cast< uno::Reference< beans::XFastPropertySet > const * >(0) ),
- ::getCppuType( static_cast< uno::Reference< lang::XTypeProvider > const * >(0) ) );
-
- return aTypes.getTypes();
-}
-
-//..........................................................................
-// cppu::OPropertySetHelper
-uno::Reference< beans::XPropertySetInfo > SAL_CALL PropertySetHelper::getPropertySetInfo( )
- throw (uno::RuntimeException)
-{
- return createPropertySetInfo(getInfoHelper());
-}
-
-//..........................................................................
-cppu::IPropertyArrayHelper & SAL_CALL PropertySetHelper::getInfoHelper()
-{
- osl::MutexGuard aGuard( getBroadcastMutex() );
- if (!m_pHelper)
- m_pHelper = newInfoHelper();
-
- OSL_ENSURE(m_pHelper,"Derived class did not create new PropertyInfoHelper");
- if (!m_pHelper)
- throw uno::RuntimeException(rtl::OUString::createFromAscii("No PropertyArrayHelper available"),*this);
-
- return *m_pHelper;
-}
-
-//..........................................................................
-sal_Bool SAL_CALL PropertySetHelper::convertFastPropertyValue(
- uno::Any & rConvertedValue, uno::Any & rOldValue, sal_Int32 nHandle, const uno::Any& rValue )
- throw (lang::IllegalArgumentException)
-{
- this->getFastPropertyValue(rOldValue, nHandle);
- rConvertedValue = rValue;
- return rValue.isExtractableTo( rOldValue.getValueType() );
-}
-
-//..........................................................................
-void SAL_CALL ReadOnlyPropertySetHelper::setFastPropertyValue_NoBroadcast(
- sal_Int32 /*nHandle*/, const uno::Any& /*rValue*/ )
- throw (uno::Exception)
-{
- OSL_ENSURE(false, "Attempt to set value in read-only property set");
- throw beans::PropertyVetoException(rtl::OUString::createFromAscii("Attempt to set value in Read-Only property set"),*this);
-}
-
-//..........................................................................
-sal_Bool SAL_CALL ReadOnlyPropertySetHelper::convertFastPropertyValue(
- uno::Any & /*rConvertedValue*/, uno::Any & /*rOldValue*/, sal_Int32 /*nHandle*/, const uno::Any& /*rValue*/ )
- throw (lang::IllegalArgumentException)
-{
- OSL_ENSURE(false, "Attempt to convert value in read-only property set");
- return false;
-}
-//..........................................................................
-//..........................................................................
- } // namespace apihelper
-} // namespace extensions
-//..........................................................................
-
-
diff --git a/extensions/source/config/ldap/propertysethelper.hxx b/extensions/source/config/ldap/propertysethelper.hxx
deleted file mode 100644
index 1a6dd9867d06..000000000000
--- a/extensions/source/config/ldap/propertysethelper.hxx
+++ /dev/null
@@ -1,134 +0,0 @@
-/*************************************************************************
- *
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * Copyright 2000, 2010 Oracle and/or its affiliates.
- *
- * OpenOffice.org - a multi-platform office productivity suite
- *
- * This file is part of OpenOffice.org.
- *
- * OpenOffice.org is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License version 3
- * only, as published by the Free Software Foundation.
- *
- * OpenOffice.org is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License version 3 for more details
- * (a copy is included in the LICENSE file that accompanied this code).
- *
- * You should have received a copy of the GNU Lesser General Public License
- * version 3 along with OpenOffice.org. If not, see
- * <http://www.openoffice.org/license.html>
- * for a copy of the LGPLv3 License.
- *
- ************************************************************************/
-
-#ifndef EXTENSIONS_MISC_PROPERTYSETHELPER_HXX
-#define EXTENSIONS_MISC_PROPERTYSETHELPER_HXX
-
-#include <cppuhelper/propshlp.hxx>
-#include <cppuhelper/weak.hxx>
-
-//..........................................................................
-namespace extensions {
- namespace apihelper {
-//..........................................................................
- namespace uno = com::sun::star::uno;
- namespace lang = com::sun::star::lang;
- namespace beans = com::sun::star::beans;
-//..........................................................................
-class BroadcasterBase
-{
- osl::Mutex m_aMutex;
- cppu::OBroadcastHelper m_aBroadcastHelper;
-
-protected:
- BroadcasterBase() : m_aMutex(), m_aBroadcastHelper(m_aMutex) {}
- ~BroadcasterBase() {}
-
- osl::Mutex & getBroadcastMutex() { return m_aMutex; }
- cppu::OBroadcastHelper & getBroadcastHelper() { return m_aBroadcastHelper; }
-};
-
-//..........................................................................
-
-class PropertySetHelper : protected BroadcasterBase // must be first
- , public cppu::OWeakObject
- , public cppu::OPropertySetHelper // not copyable
-{
-public:
- PropertySetHelper();
- ~PropertySetHelper();
-
- // XInterface
- virtual uno::Any SAL_CALL queryInterface( uno::Type const & rType ) throw (uno::RuntimeException);
- virtual void SAL_CALL acquire() throw ();
- virtual void SAL_CALL release() throw ();
- // XTypeProvider
- virtual uno::Sequence< uno::Type > SAL_CALL getTypes() throw (uno::RuntimeException);
-
- // to be provided by derived classes
- // virtual uno::Sequence< sal_Int8 > SAL_CALL getImplementationId() throw (uno::RuntimeException) = 0;
-
- // XPropertySet
- virtual uno::Reference< beans::XPropertySetInfo > SAL_CALL
- getPropertySetInfo( ) throw (uno::RuntimeException);
-
-
-protected:
-// new methods still to be overridden
- virtual cppu::IPropertyArrayHelper * SAL_CALL newInfoHelper() = 0;
-
-// cppu::OPropertySetHelper interface
-#if 0 // these methods still must be overridden
- virtual cppu::IPropertyArrayHelper * SAL_CALL newInfoHelper() = 0;
-
- virtual void SAL_CALL setFastPropertyValue_NoBroadcast( sal_Int32 nHandle, const uno::Any& rValue )
- throw (uno::Exception) = 0;
-
- virtual void SAL_CALL getFastPropertyValue( uno::Any& rValue, sal_Int32 nHandle ) const = 0;
-#endif
- virtual cppu::IPropertyArrayHelper & SAL_CALL getInfoHelper();
-
- // default implementation: does not do any conversion
- virtual sal_Bool SAL_CALL convertFastPropertyValue(
- uno::Any & rConvertedValue, uno::Any & rOldValue,
- sal_Int32 nHandle, const uno::Any& rValue )
- throw (lang::IllegalArgumentException);
-private:
- cppu::IPropertyArrayHelper * m_pHelper;
-};
-//..........................................................................
-
-class ReadOnlyPropertySetHelper : public PropertySetHelper
-{
-public:
- ReadOnlyPropertySetHelper() {}
- ~ReadOnlyPropertySetHelper() {}
-
-protected:
-#if 0 // these methods still must be overridden
- virtual cppu::IPropertyArrayHelper * SAL_CALL newInfoHelper() = 0;
-
- virtual void SAL_CALL getFastPropertyValue( uno::Any& rValue, sal_Int32 nHandle ) const = 0;
-#endif
- // default implementation: rejects any attempt to set a value
- virtual void SAL_CALL setFastPropertyValue_NoBroadcast( sal_Int32 nHandle, const uno::Any& rValue )
- throw (uno::Exception);
-
- // default implementation: rejects any attempt to do a conversion
- virtual sal_Bool SAL_CALL convertFastPropertyValue(
- uno::Any & rConvertedValue, uno::Any & rOldValue,
- sal_Int32 nHandle, const uno::Any& rValue )
- throw (lang::IllegalArgumentException);
-};
-//..........................................................................
- } // namespace apihelper
-} // namespace extensions
-//..........................................................................
-
-#endif
-
-
diff --git a/extensions/source/oooimprovement/Jobs.xcu b/extensions/source/oooimprovement/Jobs.xcu
index 438ab2d23e8e..206d83dd7eb2 100644
--- a/extensions/source/oooimprovement/Jobs.xcu
+++ b/extensions/source/oooimprovement/Jobs.xcu
@@ -1,5 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE oor:component-data SYSTEM "../../../../component-update.dtd">
<oor:component-data oor:name="Jobs" oor:package="org.openoffice.Office" xmlns:oor="http://openoffice.org/2001/registry" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<node oor:name="Jobs">
<node oor:name="OOoImprovement.OnLogRotateJob" oor:op="replace">
diff --git a/setup_native/scripts/javaloader.sh b/setup_native/scripts/javaloader.sh
index 22b1eb927625..e23505f586b0 100644
--- a/setup_native/scripts/javaloader.sh
+++ b/setup_native/scripts/javaloader.sh
@@ -242,7 +242,7 @@ install_linux_rpm()
# start to install jre
echo "Extracting ..."
olddir=`pwd`
- cd $tempdir
+ cd "$tempdir"
rpm2cpio $tempjrefile | cpio -i --make-directories
rm -f $tempjrefile # we do not need it anymore, so conserve discspace
@@ -330,7 +330,7 @@ install_linux_rpm()
fi
echo "Done."
- cd $olddir
+ cd "$olddir"
}
find_rpm2cpio()
diff --git a/setup_native/source/mac/macinstall.ulf b/setup_native/source/mac/macinstall.ulf
index 4651d93e03ab..2d92e8c260fb 100644
--- a/setup_native/source/mac/macinstall.ulf
+++ b/setup_native/source/mac/macinstall.ulf
@@ -62,7 +62,7 @@ en-US = "Installation failed."
en-US = "Installation of [PRODUCTNAME] language pack completed."
[InstallCompleteText2]
-en-US = "Call 'Tools-Options-Language Settings' to change the user interface language."
+en-US = "Call '[PRODUCTNAME]-Preferences-Language Settings-Languages' to change the user interface language."
[InstallCompleteTextPatch]
en-US = "Installation of [FULLPRODUCTNAME] completed"
diff --git a/wizards/com/sun/star/wizards/common/Configuration.java b/wizards/com/sun/star/wizards/common/Configuration.java
index 076c8633c1c4..103fdc5848a2 100644
--- a/wizards/com/sun/star/wizards/common/Configuration.java
+++ b/wizards/com/sun/star/wizards/common/Configuration.java
@@ -365,12 +365,6 @@ public abstract class Configuration
}
}
- public static XNameAccess getChildNodebyIndex(Object _oNode, int _index)
- {
- XNameAccess xNameAccessNode = (XNameAccess) UnoRuntime.queryInterface(XNameAccess.class, _oNode);
- return getChildNodebyIndex(xNameAccessNode, _index);
- }
-
public static XNameAccess getChildNodebyIndex(XNameAccess _xNameAccess, int _index)
{
try
diff --git a/wizards/com/sun/star/wizards/table/CGCategory.java b/wizards/com/sun/star/wizards/table/CGCategory.java
index c39bf5a65f4c..ea74b33f09ad 100644
--- a/wizards/com/sun/star/wizards/table/CGCategory.java
+++ b/wizards/com/sun/star/wizards/table/CGCategory.java
@@ -56,12 +56,14 @@ public class CGCategory
xMSF = _xMSF;
}
- public void initialize(int _index)
+ public void initialize(String category)
{
try
{
oconfigView = Configuration.getConfigurationRoot(xMSF, CGROOTPATH, false); //business/Tables
- xNameAccessCurBusinessNode = Configuration.getChildNodebyIndex(oconfigView, _index);
+ xNameAccessCurBusinessNode = Configuration.getChildNodebyName(
+ UnoRuntime.queryInterface(XNameAccess.class, oconfigView),
+ category);
}
catch (Exception e)
{
diff --git a/wizards/com/sun/star/wizards/table/FieldDescription.java b/wizards/com/sun/star/wizards/table/FieldDescription.java
index ff7be38e9193..d26e58783aba 100644
--- a/wizards/com/sun/star/wizards/table/FieldDescription.java
+++ b/wizards/com/sun/star/wizards/table/FieldDescription.java
@@ -39,8 +39,6 @@ import com.sun.star.wizards.common.Properties;
public class FieldDescription
{
-
- int category;
private String tablename = "";
// String fieldname;
private String keyname;
@@ -60,7 +58,6 @@ public class FieldDescription
{
xMSF = _xMSF;
aLocale = _aLocale;
- category = _curscenarioselector.getCategory();
tablename = _curscenarioselector.getTableName();
Name = _fieldname;
keyname = _keyname;
diff --git a/wizards/com/sun/star/wizards/table/ScenarioSelector.java b/wizards/com/sun/star/wizards/table/ScenarioSelector.java
index d603ad18793e..4f985c18e055 100644
--- a/wizards/com/sun/star/wizards/table/ScenarioSelector.java
+++ b/wizards/com/sun/star/wizards/table/ScenarioSelector.java
@@ -165,19 +165,6 @@ public class ScenarioSelector extends FieldSelection implements XItemListener, X
initializeCategory(BUSINESS);
}
- public int getCategory()
- {
- if (optBusiness.getState())
- {
- curcategory = BUSINESS;
- }
- else
- {
- curcategory = PRIVATE;
- }
- return curcategory;
- }
-
public void selectCategory()
{
if (optBusiness.getState())
@@ -194,7 +181,8 @@ public class ScenarioSelector extends FieldSelection implements XItemListener, X
{
try
{
- oCGCategory.initialize(_iCategory);
+ oCGCategory.initialize(
+ _iCategory == PRIVATE ? "private" : "business");
xTableListBox.removeItems((short) 0, xTableListBox.getItemCount());
xTableListBox.addItems(oCGCategory.getTableNames(), (short) _iCategory);
initializeTable(0);
diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
index d746f6831e4a..9c505800388f 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
@@ -260,24 +260,27 @@ sal_Int16 SAL_CALL X509Certificate_MSCryptImpl :: getVersion() throw ( ::com::su
}
}
-::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl :: getSubjectName() throw ( ::com::sun::star::uno::RuntimeException) {
- if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
- char* subject ;
+::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl :: getSubjectName() throw ( ::com::sun::star::uno::RuntimeException)
+{
+ if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL )
+ {
+ wchar_t* subject ;
DWORD cbSubject ;
- cbSubject = CertNameToStr(
+ cbSubject = CertNameToStrW(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
&( m_pCertContext->pCertInfo->Subject ),
CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG ,
NULL, 0
) ;
- if( cbSubject != 0 ) {
- subject = new char[ cbSubject ] ;
+ if( cbSubject != 0 )
+ {
+ subject = new wchar_t[ cbSubject ] ;
if( subject == NULL )
throw RuntimeException() ;
- cbSubject = CertNameToStr(
+ cbSubject = CertNameToStrW(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
&( m_pCertContext->pCertInfo->Subject ),
CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG ,
@@ -289,22 +292,17 @@ sal_Int16 SAL_CALL X509Certificate_MSCryptImpl :: getVersion() throw ( ::com::su
throw RuntimeException() ;
}
- // By CP , for correct encoding
- sal_uInt16 encoding ;
- rtl_Locale *pLocale = NULL ;
- osl_getProcessLocale( &pLocale ) ;
- encoding = osl_getTextEncodingFromLocale( pLocale ) ;
- // CP end
-
- if(subject[cbSubject-1] == 0) cbSubject--; //delimit the last 0x00;
- OUString xSubject(subject , cbSubject ,encoding ) ; //By CP
+ OUString xSubject(subject);
delete [] subject ;
return replaceTagSWithTagST(xSubject);
- } else {
+ } else
+ {
return OUString() ;
}
- } else {
+ }
+ else
+ {
return OUString() ;
}
}
diff --git a/xmlsecurity/test_docs/CAs/README.txt b/xmlsecurity/test_docs/CAs/README.txt
new file mode 100755
index 000000000000..b454f1fafdd8
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/README.txt
@@ -0,0 +1,383 @@
+This folder contains the directory structures needed by openssl to create
+and manager certificates.
+
+
+
+################################################################################
+
+Root 1
+======
+Valid root CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+
+Sub CA 1 Root 1
+===============
+Valid intermediate CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+CRLDP = NO
+AIA = NO
+
+User 1 Sub CA 1 Root 1
+======================
+Valid end certificate.
+CRLDP = NO
+AIA = NO
+
+################################################################################
+
+Root 2
+======
+Valid root CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+
+Sub CA 1 Root 2
+===============
+Valid intermediate CA certificate.
+Provides CRL = YES
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+CRLDP = NO
+AIA = NO
+
+User 1 Sub CA 1 Root 2
+======================
+Valid end certificate.
+CRLDP = NO
+AIA = NO
+
+################################################################################
+
+Root 3
+======
+Valid root CA certificate.
+Provides CRL = YES
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+
+Sub CA 1 Root 3
+===============
+Valid intermediate CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+CRLDP = NO
+AIA = NO
+
+User 1 Sub CA 1 Root 3
+======================
+Valid end certificate.
+CRLDP = NO
+AIA = NO
+
+################################################################################
+
+Root 4
+======
+Valid root CA certificate.
+Provides CRL = YES
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+
+Revoked certificates:
+
+- Sub CA 2 Root 4
+
+
+Sub CA 1 Root 4
+===============
+Valid intermediate CA certificate.
+Provides CRL = YES
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+CRLDP = NO
+AIA = NO
+
+Revoked certificates:
+
+- User 2 Sub CA 1 Root 4
+
+
+User 1 Sub CA 1 Root 4
+======================
+Valid end certificate.
+CRLDP = NO
+AIA = NO
+
+User 2 Sub CA 1 Root 4
+======================
+Revoked end certificate.
+CRLDP = NO
+AIA = NO
+
+Sub CA 2 Root 4
+===============
+Revoked intermediate CA certificate. Reason = keyCompromise
+Provides CRL = YES
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+CRLDP = NO
+AIA = NO
+
+Revoked certificates:
+
+- User 2 Sub CA 2 Root 4
+
+User 1 Sub CA 2 Root 4
+======================
+Valid end certificate. Issuer is revoked.
+CRLDP = NO
+AIA = NO
+
+User 2 Sub CA 2 Root 4
+======================
+Revoked end certificate. Reason = keyCompromise. Issuer is revoked.
+CRLDP = NO
+AIA = NO
+
+################################################################################
+
+Root 5
+======
+Valid root CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+
+Sub CA 1 Root 5
+===============
+Valid intermediate CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = YES
+Provides OCSP = NO
+CRLDP = URL=http://localhost:8901/demoCA/crl/Root_5.crl
+AIA = NO
+
+User 1 Sub CA 1 Root 5
+======================
+Valid end certificate.
+CRLDP = URL=http://localhost:8902/demoCA/crl/Sub_CA_1_Root_5.crl
+AIA = NO
+
+
+################################################################################
+
+Root 6
+======
+Valid root CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = YES
+Provides OCSP = NO
+
+Sub CA 1 Root 6
+===============
+Valid intermediate CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+CRLDP = URL=http://localhost:8901/demoCA/crl/Root_6.crl
+AIA = NO
+
+User 1 Sub CA 1 Root 6
+======================
+Valid end certificate.
+CRLDP = URL=http://localhost:8902/demoCA/crl/Sub_CA_1_Root_6.crl
+AIA = NO
+
+################################################################################
+
+Root 7
+======
+Valid root CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = YES
+Provides OCSP = NO
+
+Revoked certificates:
+
+- Sub CA 2 Root 7
+
+
+Sub CA 1 Root 7
+===============
+Valid intermediate CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = YES
+Provides OCSP = NO
+CRLDP = URL=http://localhost:8901/demoCA/crl/Root_7.crl
+AIA = NO
+
+Revoked certificates:
+
+- User 2 Sub CA 1 Root 7
+
+
+User 1 Sub CA 1 Root 7
+======================
+Valid end certificate.
+CRLDP = URL=http://localhost:8902/demoCA/crl/Sub_CA_1_Root_7.crl
+AIA = NO
+
+User 2 Sub CA 1 Root 7
+======================
+Revoked end certificate. Reason = CACompromise.
+CRLDP = URL=http://localhost:8902/demoCA/crl/Sub_CA_1_Root_7.crl
+AIA = NO
+
+Sub CA 2 Root 7
+===============
+Revoked intermediate CA certificate. Reason = keyCompromise
+Provides CRL = NO
+Provides CRL via HTTP = YES
+Provides OCSP = NO
+CRLDP = URL=http://localhost:8901/demoCA/crl/Root_7.crl
+AIA = NO
+
+Revoked certificates:
+
+- User 2 Sub CA 2 Root 7
+
+User 1 Sub CA 2 Root 7
+======================
+Valid end certificate. Issuer is revoked.
+CRLDP = URL=http://localhost:8902/demoCA/crl/Sub_CA_2_Root_7.crl
+AIA = NO
+
+User 2 Sub CA 2 Root 7
+======================
+Revoked end certificate. Reason = CACompromise. Issuer is revoked.
+CRLDP = URL=http://localhost:8902/demoCA/crl/Sub_CA_2_Root_7.crl
+AIA = NO
+
+################################################################################
+
+Root 8
+======
+Valid root CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = NO
+Provides OCSP = YES
+
+Revoked certificates:
+
+- Sub CA 2 Root 8
+
+
+Sub CA 1 Root 8
+===============
+Valid intermediate CA certificate.
+Provides CRL = NO
+Provides CRL via HTTP = NO
+Provides OCSP = YES
+CRLDP =
+AIA = OCSP;URI:http://localhost:8888
+
+Revoked certificates:
+
+- User 2 Sub CA 1 Root 8
+
+
+User 1 Sub CA 1 Root 8
+======================
+Valid end certificate.
+CRLDP = NO
+AIA = OCSP;URI:http://localhost:8889
+
+User 2 Sub CA 1 Root 8
+======================
+Revoked end certificate. Reason = superseded.
+CRLDP = NO
+AIA = OCSP;URI:http://localhost:8889
+
+Sub CA 2 Root 8
+===============
+Revoked intermediate CA certificate. Reason = superseded.
+Provides CRL = NO
+Provides CRL via HTTP = NO
+Provides OCSP = YES
+CRLDP = NO
+AIA = OCSP;URI:http://localhost:8888
+
+Revoked certificates:
+
+- User 2 Sub CA 2 Root 8
+
+User 1 Sub CA 2 Root 8
+======================
+Valid end certificate. Issuer is revoked.
+CRLDP = NO
+AIA = OCSP;URI:http://localhost:8889
+
+User 2 Sub CA 2 Root 8
+======================
+Revoked end certificate. Reason = superseded. Issuer is revoked.
+CRLDP = NO
+AIA = OCSP;URI:http://localhost:8889
+
+################################################################################
+
+Root 9
+======
+Valid root CA certificate. (Not installed.)
+Provides CRL = YES
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+
+Sub CA 1 Root 9
+===============
+Valid intermediate CA certificate.
+Provides CRL = YES
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+CRLDP = NO
+AIA = NO
+
+User 1 Sub CA 1 Root 9
+======================
+Valid end certificate.
+CRLDP = NO
+AIA = NO
+
+################################################################################
+
+Root 10
+======
+Valid root CA certificate.
+Provides CRL = YES
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+
+Sub CA 1 Root 10
+===============
+Valid intermediate CA certificate. (Not installed.)
+Provides CRL = NO
+Provides CRL via HTTP = YES
+Provides OCSP = NO
+CRLDP = NO
+AIA = NO
+
+User 1 Sub CA 1 Root 10
+======================
+Valid end certificate.
+CRLDP = URI:http://localhost:8902/demoCA/crl/Sub_CA_1_Root_10.crl
+AIA = caIssuers;URI:http://localhost:8910/demoCA/Sub_CA_1_Root_10.crt
+
+################################################################################
+
+Root 11
+======
+Valid root CA certificate.
+Provides CRL = YES
+Provides CRL via HTTP = NO
+Provides OCSP = NO
+
+User x Root 11
+======================
+All certificate issues by Root 11 are valid end certificate. Currently there are
+31 certificates.
+
diff --git a/xmlsecurity/test_docs/CAs/Root_1/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Root_1/demoCA/cacert.pem
new file mode 100755
index 000000000000..091052e3ab93
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_1/demoCA/cacert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAm2gAwIBAgIJAJWwBSvtwjktMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9y
+ZzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgMTAeFw0wOTEx
+MTgxNDU1NDFaFw0zNDExMTIxNDU1NDFaMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAvrD6NFWcOQQVxIuXw5Pzpy667PZbBP80ow2Bbnj+RFCI/LbgfQTsC8Bw
+eSlQGX7IqMHkCTuWNJw7CoNeOLFhRMtm0DEKnEkZlM0t6kpFshbs12jZu9okcnII
+F5uIoKxx/thbD5AbC1Q74vZr6XOXY5Sc+k9Ic6Jwhe9ZyEt6SUsCAwEAAaOBxzCB
+xDAdBgNVHQ4EFgQUD/rG69/OuLuzqT5Cprrs0pPKR6QwgZEGA1UdIwSBiTCBhoAU
+D/rG69/OuLuzqT5Cprrs0pPKR6ShY6RhMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgMYIJAJWwBSvtwjktMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAqORur4HQGdQOQCaiyZR5u0+9mM/0w79y
+r8Cmt+H8WB5BBeDgCyOcmaZjF0eEoRBF/ZhtlO54i4CH/yb/Pl6gGlxfGZL9iLu0
+tv4HRIIibnoi0N7Z0r/dhJcrTHo4Ha8EARhAqxoNUSlGVBsaKUfjW9RyCjv4Akyi
+WUSwsmtd/sY=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_1/demoCA/crl/DO_NOT_CREATE_A_CRL b/xmlsecurity/test_docs/CAs/Root_1/demoCA/crl/DO_NOT_CREATE_A_CRL
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_1/demoCA/crl/DO_NOT_CREATE_A_CRL
diff --git a/xmlsecurity/test_docs/CAs/Root_1/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Root_1/demoCA/crlnumber
new file mode 100755
index 000000000000..83b33d238dab
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_1/demoCA/crlnumber
@@ -0,0 +1 @@
+1000
diff --git a/xmlsecurity/test_docs/CAs/Root_1/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_1/demoCA/index.txt
new file mode 100755
index 000000000000..9a6e64301b43
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_1/demoCA/index.txt
@@ -0,0 +1 @@
+V 341112150713Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 1 Root 1
diff --git a/xmlsecurity/test_docs/CAs/Root_1/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Root_1/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_1/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Root_1/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Root_1/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..be26aa5d8f4b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_1/demoCA/newcerts/1000.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 1
+ Validity
+ Not Before: Nov 18 15:07:13 2009 GMT
+ Not After : Nov 12 15:07:13 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d9:3a:8d:64:95:87:76:76:e8:61:c3:e9:65:f4:
+ a6:b7:0c:77:0e:4b:10:e8:14:a3:e1:84:69:7c:8e:
+ 97:d2:7d:01:ad:b2:dc:5c:cd:c6:91:a1:f3:93:7c:
+ 54:36:64:e3:ca:22:ca:00:cb:c6:91:ab:6b:26:88:
+ 69:60:9a:61:d7:59:17:db:93:7d:09:36:da:28:cb:
+ ec:2d:a4:26:bb:1a:42:20:b8:08:b2:0f:b9:77:a6:
+ 80:71:cf:13:f5:37:a2:90:4d:ab:e8:97:49:d2:80:
+ 94:8f:b1:9d:5a:b4:9f:de:ff:fa:b6:d6:e0:45:5f:
+ cc:d4:10:1e:32:46:7b:ba:55
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 37:71:74:81:44:DD:1E:B1:60:96:41:B7:4B:38:C4:B7:79:1B:CF:8A
+ X509v3 Authority Key Identifier:
+ keyid:0F:FA:C6:EB:DF:CE:B8:BB:B3:A9:3E:42:A6:BA:EC:D2:93:CA:47:A4
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 1
+ serial:95:B0:05:2B:ED:C2:39:2D
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 18:f6:02:5e:75:04:5f:eb:3b:07:41:85:c0:9e:08:29:58:3d:
+ b5:6f:c2:aa:24:0d:93:1d:17:fc:be:d6:43:ac:43:d7:4d:a0:
+ 2c:40:fd:3d:d5:7e:91:46:25:49:62:ba:e9:7f:67:c2:fc:8a:
+ c3:a0:37:bf:ec:f9:54:bf:61:10:35:dd:5b:bb:da:7c:70:54:
+ 32:13:b9:ae:7d:ea:a5:7d:aa:55:3e:ef:0a:ef:12:fd:c3:f6:
+ e5:25:98:97:34:02:64:fd:88:79:b3:e2:f4:fc:ff:e7:d3:98:
+ f1:d9:d5:18:d9:b4:62:ae:99:88:61:2e:ff:02:6a:13:35:fe:
+ 37:c7
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAm+gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAxMB4XDTA5MTExODE1MDcx
+M1oXDTM0MTExMjE1MDcxM1owaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCAxMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDZOo1klYd2duhhw+ll9Ka3DHcOSxDoFKPhhGl8jpfSfQGtstxczcaR
+ofOTfFQ2ZOPKIsoAy8aRq2smiGlgmmHXWRfbk30JNtooy+wtpCa7GkIguAiyD7l3
+poBxzxP1N6KQTavol0nSgJSPsZ1atJ/e//q21uBFX8zUEB4yRnu6VQIDAQABo4HH
+MIHEMB0GA1UdDgQWBBQ3cXSBRN0esWCWQbdLOMS3eRvPijCBkQYDVR0jBIGJMIGG
+gBQP+sbr3864u7OpPkKmuuzSk8pHpKFjpGEwXzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAxggkAlbAFK+3COS0wDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAY9gJedQRf6zsHQYXAnggpWD21b8Kq
+JA2THRf8vtZDrEPXTaAsQP091X6RRiVJYrrpf2fC/IrDoDe/7PlUv2EQNd1bu9p8
+cFQyE7mufeqlfapVPu8K7xL9w/blJZiXNAJk/Yh5s+L0/P/n05jx2dUY2bRirpmI
+YS7/AmoTNf43xw==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_1/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Root_1/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..6d38b24e6fe9
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_1/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2D2CC3782F59A842
+
+901JcMMdeCfHjfY05bkyLIsgMxwu4SFJPXZH75ebFtJQpkQQf5WNhSlo3sgKJ5MF
+GZeqQw4w9CmN+CNqQENZOOGrVKxT+sFtWIgSLVk4hrLzPtsT7domHc1yUKfpBH/w
+xo/bsL5wZPqcsxSdlmd4FA0PKzW/rhyYvRxF0oKQx2PVnJKT29WbhwlYurI3+2gG
+pS+N6f7awWjmgyqYvFuFo7DWhERDDL/Bi/sJ7qFinijtfp1CkVG1XWFZ8Tu9ij+t
+KPT3fpWbh4sV0V1ZGng7EPb4c+p/+GHvKsGM9N5kuyxufllNzAeIy6hfTR3mxn0i
+Ep4CoufMi0JwNEfgwBB+o47k1hVoBTn0ofXc2iP6iQWsoC5ZoPPGLLklWK3Tur7P
+kpng8UECTxV2s6J3nYkAoHfy+TzK+nssFPpE8zDmaprpeTj9oh3KrPTn0IdoPHcx
+oI3yqWqDK9uErJBBCAjLF0SPJWAsmp0HsJaGnj5ErVe0yy3jBxVWogVDSWkoWU0W
++umK1pSQrS1A/oKErsnbhPi8XAD/gd4etEaKdcY538QKgE2tdPvhLoAeXxslyOfG
+UiPohtmcm2Mva7vT0Iu1MGKplw76DxmmM1Rpf3+u7Kwf/+K6bMOSBGZQJhjE2AuZ
+aPyHX8gCNlZfqB6eeuWdbqIHhTN5dS2Bba3QquvS84Vgb3O2ck+vdjmdPEeetvA7
+7S4WZYHBRmz1ZHwdfSvwyBkdTRP5YrUhrIthbqy2NjcP9TkpQmJaDIlWXsGY738q
+zTsjCkcnS06x0/JvHe1I8IAib+MFsmGI7Dw25fzgY3ReS4wZRZdU0A==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Root_1/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_1/demoCA/serial
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_1/demoCA/serial
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_1/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_1/openssl.cfg
new file mode 100755
index 000000000000..bf73e3549d66
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_1/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+#crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Test_CA_2009.2.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Root_10/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Root_10/demoCA/cacert.pem
new file mode 100755
index 000000000000..72e6c66e2eb3
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_10/demoCA/cacert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBzCCAnCgAwIBAgIJAL/ID7vZoDprMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9y
+ZzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxEDAOBgNVBAMTB1Jvb3QgMTAwHhcNMDkx
+MTIzMTUwNzA0WhcNMzQxMTE3MTUwNzA0WjBgMQswCQYDVQQGEwJERTEQMA4GA1UE
+CBMHSGFtYnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0Rl
+dmVsb3BtZW50MRAwDgYDVQQDEwdSb290IDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC5qE1pk/tI2i60IrVhlwS77j7jAyktxRuwKJqBECd2ZD2/goO8wcwD
+R/wfrh+zuLWRwFb57PF1O7ig+WNhQk3GDhXhMbuB82Bwjb/n5phKDWHsAIqDRbH4
+vpl/7sWYXvE46zf41PpQPgudOtqpeL1ENFoHKZOJthkBc4Yx6HTUSQIDAQABo4HI
+MIHFMB0GA1UdDgQWBBTIp6OAIHRsb+wReva+JhA3MYewejCBkgYDVR0jBIGKMIGH
+gBTIp6OAIHRsb+wReva+JhA3MYeweqFkpGIwYDELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMIIJAL/ID7vZoDprMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAroDDzqZQL+7NeQuePohejcGfFR/0
+vtbQ3AYViQ2JS42gQpaNaMNcVCvO0nUwLHldLNVdQsn9P0ultu6KcUKkBbY4/2Xp
+er6RMQWsrKVLnszgIi2gk1NiNwZ+N9RISJvElaQuIciZs+8sM6LOPybVTArMjxEo
+U3VqHTViFfOvWC0=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_10/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Root_10/demoCA/crlnumber
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_10/demoCA/crlnumber
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_10/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_10/demoCA/index.txt
new file mode 100755
index 000000000000..2db3924cea70
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_10/demoCA/index.txt
@@ -0,0 +1 @@
+V 341117151448Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 1 Root 10
diff --git a/xmlsecurity/test_docs/CAs/Root_10/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Root_10/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_10/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Root_10/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Root_10/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..1f27b97b3d17
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_10/demoCA/newcerts/1000.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 10
+ Validity
+ Not Before: Nov 23 15:14:48 2009 GMT
+ Not After : Nov 17 15:14:48 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 10
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e4:d5:66:14:88:9f:79:41:50:b0:d1:a0:1b:98:
+ bf:b0:21:34:30:36:70:58:6f:8b:58:f1:b9:58:3a:
+ ce:29:6b:65:b6:11:f7:0d:c8:a6:c3:be:db:0f:2a:
+ 4e:c7:42:df:c9:0e:13:c0:00:0f:af:b5:71:c4:bc:
+ dd:82:fc:4a:27:c0:ee:af:ba:e1:7b:67:de:6b:bb:
+ ac:4c:fe:88:01:1a:73:4e:f5:32:15:3a:d0:cb:6b:
+ 97:84:1b:6c:d0:d6:91:a8:a4:5a:87:2a:69:61:36:
+ 1d:42:cc:16:d0:03:9c:c6:90:5c:61:20:8b:b1:be:
+ b6:54:24:5b:6f:1f:a9:5a:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 11:63:A1:BE:8B:E3:56:07:E6:A3:9F:23:39:72:7D:E3:22:B6:53:39
+ X509v3 Authority Key Identifier:
+ keyid:C8:A7:A3:80:20:74:6C:6F:EC:11:7A:F6:BE:26:10:37:31:87:B0:7A
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 10
+ serial:BF:C8:0F:BB:D9:A0:3A:6B
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 6b:0f:75:6d:56:b0:4e:45:19:65:ad:50:ef:4e:87:6c:95:5d:
+ 05:39:5a:43:5c:b4:51:25:9a:ec:f4:93:d1:f0:f6:91:dd:a3:
+ 77:95:0c:74:3c:a9:7c:c2:f6:62:ce:bf:58:5f:66:1f:d0:55:
+ ca:d8:2d:c4:1e:29:3a:ad:55:2c:9d:2c:8f:8e:9e:ce:ac:17:
+ 7e:1b:d1:16:d9:12:76:5c:2d:3f:9d:70:66:aa:39:34:f0:ec:
+ 31:4b:4b:5a:14:0c:c5:5b:3c:c8:47:02:90:cb:77:d7:4f:88:
+ 10:a7:80:3d:ca:19:5c:b5:04:c9:f0:e1:1b:5a:5f:fb:61:b2:
+ 14:b5
+-----BEGIN CERTIFICATE-----
+MIIDCTCCAnKgAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMDAeFw0wOTExMjMxNTE0
+NDhaFw0zNDExMTcxNTE0NDhaMGkxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxGTAXBgNVBAMTEFN1YiBDQSAxIFJvb3QgMTAwgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBAOTVZhSIn3lBULDRoBuYv7AhNDA2cFhvi1jxuVg6zilrZbYR9w3I
+psO+2w8qTsdC38kOE8AAD6+1ccS83YL8SifA7q+64Xtn3mu7rEz+iAEac071MhU6
+0Mtrl4QbbNDWkaikWocqaWE2HULMFtADnMaQXGEgi7G+tlQkW28fqVpvAgMBAAGj
+gcgwgcUwHQYDVR0OBBYEFBFjob6L41YH5qOfIzlyfeMitlM5MIGSBgNVHSMEgYow
+gYeAFMino4AgdGxv7BF69r4mEDcxh7B6oWSkYjBgMQswCQYDVQQGEwJERTEQMA4G
+A1UECBMHSGFtYnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRAwDgYDVQQDEwdSb290IDEwggkAv8gPu9mgOmswDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBrD3VtVrBORRllrVDvTodslV0F
+OVpDXLRRJZrs9JPR8PaR3aN3lQx0PKl8wvZizr9YX2Yf0FXK2C3EHik6rVUsnSyP
+jp7OrBd+G9EW2RJ2XC0/nXBmqjk08OwxS0taFAzFWzzIRwKQy3fXT4gQp4A9yhlc
+tQTJ8OEbWl/7YbIUtQ==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_10/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Root_10/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..f75ccc08ef67
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_10/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,78CCF9A24E7B5044
+
+ppKSX6K7DHnU4EvbmBAIzWDJ35yGppjzNdWRKpB7rkGW60dW0Cw0Jmbxf1dfbUC+
+UTWtxE+i0x159jF7jGobPvLFQnAg1ZPUUIgeXJt+fqf/OghY4i8x82BdSlaKJ293
+GgwR9m1N1I2/6ydob+9KwzJhOPhmylyUyRJVAx/OF86E9G4nxtuJA1c1nzSBgwR5
+7uHU0LiY5A42iTDiMmu7Jw4vj6Cy81P88hmyoVzo4JQG8YFuJyLz2ei+DJ3/572z
+BCefqDKmlmI2vvayZW1jgpLDlTwmqiIGUDBBipN4vDmqZAdEbv/9BjLkS4Svy3PU
+xaFs1tFQzv8ivGpyPWU5naoTKhmMhOEAKpEi6YqWbcD/qKn1pRrYSyVyD9zNXHEK
+QrXjTP+D/DMSHNJTo5WI4kxvwSZtPI97vaCTmxkrjnIXDPD5L4v9dJUdejnngsqn
+cHB/C/05dR0RLEp5CHrl0hwGiIY1IgQXmGHY2HEUyQYttyJ5jdY0pdnn9n0eQxHr
+9Mg3WneWC42XHw0pyqEsgiMmr8SjaF42MSrMB6y4WEVtBstn03LTdFnRIFTgZ5Mj
+l/O2mSk+YUBR4CYTUTRaWpzCAZmFVy98I8KQgrhi8t96wrRe0+9tB1uC5PoDNR5P
+CcgsmiEPeqolPZwOmnDdij+DcIiT43Sx2vDYGfDtqc+kur/O6noYyX8Kf7wzcpan
+V4gHTCEOrlcRiEcVIxAQFDpB8CERG9fJvnBdZE9Gjepz6OatRpE/2kDZMelwRcEx
+V5zeE1qNS51gdq2dE0qYkdyU1yfbNUouqtFy/z1sXU6Q5nR1r21jFQ==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Root_10/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_10/demoCA/serial
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_10/demoCA/serial
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_10/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_10/openssl.cfg
new file mode 100755
index 000000000000..cc9663bbd5c5
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_10/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+#crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Root_7.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/cacert.pem
new file mode 100755
index 000000000000..8cfffd9a6c35
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/cacert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBzCCAnCgAwIBAgIJAI3gSU2IIGPLMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9y
+ZzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxEDAOBgNVBAMTB1Jvb3QgMTEwHhcNMTAw
+MTE0MTEzNzA1WhcNMzUwMTA4MTEzNzA2WjBgMQswCQYDVQQGEwJERTEQMA4GA1UE
+CBMHSGFtYnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0Rl
+dmVsb3BtZW50MRAwDgYDVQQDEwdSb290IDExMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDKGrq6yC3tyctcBo+iz31MF2yvDiQ7YFgez8TswNvb3USOPOUPsCaB
+ufVN6ULSqmGi5BzFIW7CVAj5L+iCrrwMtPyG86fKbvgdWmLepz5a4S1y+vydnQ0B
+rJCNdxmLdQK+l/P7jzrH5xhcR62DPQ2lLabvmixvylHv4H6cFjJ98wIDAQABo4HI
+MIHFMB0GA1UdDgQWBBToarvCkOpscCI+9vZIGwPmvremVTCBkgYDVR0jBIGKMIGH
+gBToarvCkOpscCI+9vZIGwPmvremVaFkpGIwYDELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMYIJAI3gSU2IIGPLMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAZRXdBfSqhY+xELs28/gjsZ4/mUvu
+LKL3PruRCNqUgIOznEdxsQXsmLIQhEPZ4a4jd31srFD2j5gJmZ8KdeFXII9NRvIX
+RpRcrl2uclHXWbIC7s6xiATDWumrL2nXB5bU4qYMZ0ybytXprIwkzqRFXUrEHcYm
+OXJCSKayIviQ6G0=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Root_11/demoCA/crlnumber
new file mode 100755
index 000000000000..83b33d238dab
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/crlnumber
@@ -0,0 +1 @@
+1000
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt
new file mode 100755
index 000000000000..7061a98fa15f
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt
@@ -0,0 +1,34 @@
+V 350108161110Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\xC5\xB9\xC5\xBA\xC5\xBB\xC5\xBC\xC5\xBD\xC5\xBE \xEF\xAC\xB3 j\xCE\xAC\xCE\xAD\xCE\xAE
+V 350108161614Z 1001 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\xC5\xB9\xC5\xBA\xC5\xBB\xC5\xBC\xC5\xBD\xC5\xBE \xEF\xAD\x86 j\xCE\xAC\xCE\xAD\xCE\xAE
+V 350112144417Z 1002 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x04\x0F\x04\x10\x04\x11\x04\x12\x04\x13\x04\x14
+V 350112153942Z 1003 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x01y\x01z\x01{\x00 \x03\xA6\x03\xA7\x03\xA8\x03\xA9
+V 350112160038Z 1004 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00"\x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00s\x00"
+V 350112160547Z 1005 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00"\x00"\x00d\x00o\x00u\x00b\x00l\x00e\x00 \x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00s\x00"\x00"
+V 350112160921Z 1006 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00"\x00"\x00t\x00w\x00o\x00 \x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00o\x00n\x00e\x00 \x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00"
+V 350112161153Z 1007 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00"\x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e
+V 350112161405Z 1008 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00"
+V 350112161631Z 1009 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00"\x00q\x00u\x00o\x00t\x00e
+V 350112161857Z 100A unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00d\x00o\x00u\x00b\x00l\x00e\x00 \x00"\x00"\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e
+V 350113090237Z 100B unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00p\x00a\x00r\x00t\x00i\x00a\x00l\x00l\x00y\x00 \x00"\x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00"
+V 350113094852Z 100C unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00"\x00U\x00s\x00e\x00r\x00 \x001\x001\x00,\x00 \x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e
+V 350113095110Z 100D unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x001\x002\x00,\x00 \x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00"
+V 350113095308Z 100E unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00"\x00U\x00s\x00e\x00r\x00 \x001\x003\x00,\x00 \x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00s\x00"
+V 350113095502Z 100F unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x001\x004\x00 \x00"\x00,\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e\x00"
+V 350113095752Z 1010 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00\\x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00s\x00\
+V 350113095922Z 1011 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00\\x00\\x00d\x00o\x00u\x00b\x00l\x00e\x00 \x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00s\x00\\x00\
+V 350113100207Z 1012 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00\\x00\\x00t\x00w\x00o\x00 \x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00o\x00n\x00e\x00 \x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00\
+V 350113100436Z 1013 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00\\x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e
+V 350113100550Z 1014 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00\
+V 350113100707Z 1015 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00\\x00q\x00u\x00o\x00t\x00e
+V 350113100950Z 1016 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00d\x00o\x00u\x00b\x00l\x00e\x00 \x00\\x00\\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e
+V 350113101153Z 1017 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00p\x00a\x00r\x00t\x00i\x00a\x00l\x00l\x00y\x00 \x00\\x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00\
+V 350113101338Z 1018 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00\\x00U\x00s\x00e\x00r\x00 \x002\x003\x00,\x00 \x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e
+V 350113101450Z 1019 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x002\x004\x00,\x00 \x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00\
+V 350113101610Z 101A unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00\\x00U\x00s\x00e\x00r\x00 \x002\x005\x00,\x00 \x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00\
+V 350113101745Z 101B unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x002\x006\x00\\x00,\x00 \x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e
+V 350113101913Z 101C unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=comma, comma, comma ,
+V 350113102047Z 101D unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=equal CN=User 28
+V 350113102213Z 101E unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=User 29+OU=ooo
+V 350113102601Z 101F unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x000\x00<\x00 \x00>\x00#\x00;\x00 \x00"\x00+\x00"
+V 350113102847Z 1020 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x001\x00 \x00\\x00"\x00a\x00,\x00b\x00"\x00+\x00C\x00N\x00=\x00U\x00S\x00,\x00 \x00>\x00 \x00\\x00\\x00d\x00e\x00 \x00<
+V 350113104059Z 1021 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x001\x004\x00 \x00"\x00,\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..6efde26f7e69
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1000.pem
@@ -0,0 +1,57 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 14 16:11:10 2010 GMT
+ Not After : Jan 8 16:11:10 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\xC5\xB9\xC5\xBA\xC5\xBB\xC5\xBC\xC5\xBD\xC5\xBE \xEF\xAC\xB3 j\xCE\xAC\xCE\xAD\xCE\xAE
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c5:8e:23:dc:00:60:ab:13:ac:00:15:c8:2f:13:
+ 04:4a:05:15:38:1e:ea:43:cb:68:8e:e3:08:cc:a4:
+ bb:ef:78:3e:4a:d3:3c:89:50:95:c4:16:6f:a4:89:
+ 97:4a:07:ad:17:b4:96:1e:54:87:82:ed:22:a4:15:
+ f7:cf:09:83:b7:4d:ee:75:70:8c:71:5a:b8:e7:4d:
+ 27:b4:f8:eb:19:67:8f:58:3f:4c:5f:b3:ca:aa:bd:
+ 5b:95:d7:b4:ba:d4:bc:0e:69:01:52:b9:8a:2d:55:
+ 83:9e:4d:3f:01:0c:f1:d7:bd:c9:82:54:d2:71:d6:
+ 51:9c:55:4c:a3:82:43:35:2f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ CA:DF:DA:1A:F7:9C:D8:41:19:34:69:EA:67:74:68:CA:A3:24:0F:9F
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 28:3a:db:4b:fd:15:4c:bb:ea:74:b4:53:4f:75:2a:92:3c:78:
+ b6:86:aa:39:bc:b0:67:3a:5a:00:f1:1e:74:5c:c7:2b:19:4f:
+ f4:c0:4d:ff:01:4c:b2:0f:b5:49:14:c3:9a:96:ce:61:b6:c7:
+ 37:82:44:75:76:fc:bd:5d:74:f9:22:ae:f2:36:cb:20:b7:e3:
+ c8:c8:01:ae:d5:01:f6:5e:b4:cb:ca:76:fe:72:98:f3:0a:c3:
+ ac:76:fa:41:67:b4:5c:92:67:fa:ca:17:02:80:00:d8:b6:d5:
+ 01:03:89:25:97:96:60:86:0c:0b:d8:64:94:c9:77:43:28:06:
+ f9:4e
+-----BEGIN CERTIFICATE-----
+MIIClzCCAgCgAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTQxNjEx
+MTBaFw0zNTAxMDgxNjExMTBaMHExCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxITAfBgNVBAMUGMW5xbrFu8W8xb3FviDvrLMgas6szq3OrjCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAxY4j3ABgqxOsABXILxMESgUVOB7qQ8tojuMIzKS7
+73g+StM8iVCVxBZvpImXSgetF7SWHlSHgu0ipBX3zwmDt03udXCMcVq4500ntPjr
+GWePWD9MX7PKqr1blde0utS8DmkBUrmKLVWDnk0/AQzx173JglTScdZRnFVMo4JD
+NS8CAwEAAaNPME0wCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTK39oa95zYQRk0aepn
+dGjKoyQPnzAfBgNVHSMEGDAWgBToarvCkOpscCI+9vZIGwPmvremVTANBgkqhkiG
+9w0BAQUFAAOBgQAoOttL/RVMu+p0tFNPdSqSPHi2hqo5vLBnOloA8R50XMcrGU/0
+wE3/AUyyD7VJFMOals5htsc3gkR1dvy9XXT5Iq7yNssgt+PIyAGu1QH2XrTLynb+
+cpjzCsOsdvpBZ7Rckmf6yhcCgADYttUBA4kll5ZghgwL2GSUyXdDKAb5Tg==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1002.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1002.pem
new file mode 100755
index 000000000000..037410ad798b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1002.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4098 (0x1002)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 18 14:44:17 2010 GMT
+ Not After : Jan 12 14:44:17 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x04\x0F\x04\x10\x04\x11\x04\x12\x04\x13\x04\x14
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b4:d3:fd:a0:56:2b:d9:72:66:e3:fc:4b:5b:70:
+ fb:9c:23:10:0b:b9:8a:c4:d1:dd:1d:37:cd:20:f4:
+ 9d:52:c3:8f:80:14:26:c4:3e:dc:3d:af:38:86:70:
+ 2f:e1:54:1c:a6:5e:b6:6a:2d:73:b4:2d:88:7c:ed:
+ eb:63:34:bf:ef:d0:a8:e0:00:ea:f0:24:50:68:3b:
+ ff:03:4a:22:e0:eb:5c:a4:e8:65:e4:c7:e7:38:e9:
+ ce:0c:44:3e:36:08:fe:82:d8:50:b9:13:43:3b:17:
+ 77:09:ef:7b:cc:9f:b4:7d:5d:f7:ab:8e:ab:c0:11:
+ bc:7a:07:ea:98:51:c0:27:1f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 49:1F:9A:43:D9:43:B9:89:0C:00:D9:90:C8:BC:9C:67:CD:8D:3E:C6
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 2 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 03:bc:24:ba:71:8b:4f:cc:3a:60:5a:04:13:15:4e:b0:79:e7:
+ 94:6c:9b:3b:4c:5d:d8:26:75:f5:94:04:71:5a:3e:b9:8c:5f:
+ b5:3d:e0:bb:8b:64:71:8f:0d:9a:99:b8:ff:ec:14:c0:c0:ca:
+ 63:5a:4e:1d:75:77:7a:2f:fb:12:90:25:44:ba:d8:2f:03:39:
+ 86:ef:88:4a:cc:69:79:0b:ff:a6:66:83:45:08:17:0b:0c:05:
+ f9:25:7c:6a:30:05:b3:61:df:1a:fe:2c:ca:49:e9:73:bd:b3:
+ 11:6b:bf:04:b0:a6:46:76:21:40:95:5c:78:b3:aa:4b:fd:03:
+ ee:51
+-----BEGIN CERTIFICATE-----
+MIICszCCAhygAwIBAgICEAIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTgxNDQ0
+MTdaFw0zNTAxMTIxNDQ0MTdaMGUxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxFTATBgNVBAMeDAQPBBAEEQQSBBMEFDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAtNP9oFYr2XJm4/xLW3D7nCMQC7mKxNHdHTfNIPSdUsOPgBQmxD7cPa84
+hnAv4VQcpl62ai1ztC2IfO3rYzS/79Co4ADq8CRQaDv/A0oi4OtcpOhl5MfnOOnO
+DEQ+Ngj+gthQuRNDOxd3Ce97zJ+0fV33q46rwBG8egfqmFHAJx8CAwEAAaN3MHUw
+CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRJH5pD2UO5iQwA2ZDIvJxnzY0+xjAfBgNV
+HSMEGDAWgBToarvCkOpscCI+9vZIGwPmvremVTAmBgNVHREEHzAdpBswGTEXMBUG
+A1UEAxMOVXNlciAyIFJvb3QgMTEwDQYJKoZIhvcNAQEFBQADgYEAA7wkunGLT8w6
+YFoEExVOsHnnlGybO0xd2CZ19ZQEcVo+uYxftT3gu4tkcY8Nmpm4/+wUwMDKY1pO
+HXV3ei/7EpAlRLrYLwM5hu+ISsxpeQv/pmaDRQgXCwwF+SV8ajAFs2HfGv4syknp
+c72zEWu/BLCmRnYhQJVceLOqS/0D7lE=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1003.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1003.pem
new file mode 100755
index 000000000000..95589b227122
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1003.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4099 (0x1003)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 18 15:39:42 2010 GMT
+ Not After : Jan 12 15:39:42 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x01y\x01z\x01{\x00 \x03\xA6\x03\xA7\x03\xA8\x03\xA9
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d6:d8:62:3c:69:c9:dd:93:b3:e9:65:63:89:03:
+ 4e:f8:8a:e1:8b:9d:92:c6:43:ca:8e:af:fd:6e:9c:
+ c7:66:31:48:f4:ce:5e:be:38:c5:6c:1b:48:c9:61:
+ f5:78:8a:e9:74:ac:a8:98:9c:83:f9:b0:74:e3:25:
+ 7c:5a:bb:df:5f:73:ef:fc:a0:dc:6a:ac:07:a2:b8:
+ 52:ea:7a:42:ba:9f:74:3c:00:cc:26:46:ba:90:5d:
+ 45:78:02:57:e7:47:9f:8e:94:9c:5a:31:ab:f3:ff:
+ bc:9f:7f:d9:b0:a6:f6:86:70:a6:9d:52:ff:c8:19:
+ 47:88:75:78:6a:73:d5:97:e9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ E3:01:F6:1E:51:6D:FC:DB:BF:82:A9:12:21:4B:E2:46:FF:E8:EE:FF
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 1 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 68:f0:88:18:d5:98:63:da:42:39:47:bf:51:22:f6:0b:8e:46:
+ b0:8c:83:b0:4d:07:a4:e3:a9:66:76:4d:41:23:1a:6b:dc:d8:
+ d1:85:b1:bf:4f:f9:e6:01:4a:36:a9:a3:26:2d:0b:33:cc:36:
+ 97:c6:40:b6:77:26:1c:06:f2:1b:fa:0a:ef:5c:61:8d:0d:9c:
+ 3c:d3:0f:db:dd:60:69:8c:24:c6:70:bc:f8:3b:38:19:90:7a:
+ f3:4f:7e:7c:b7:69:b6:0f:55:e1:4b:da:77:cd:b1:fe:5f:f1:
+ c1:8a:f8:3d:26:10:3d:40:6f:83:17:0a:d8:dd:da:a1:27:10:
+ a1:73
+-----BEGIN CERTIFICATE-----
+MIICtzCCAiCgAwIBAgICEAMwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTgxNTM5
+NDJaFw0zNTAxMTIxNTM5NDJaMGkxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxGTAXBgNVBAMeEAF5AXoBewAgA6YDpwOoA6kwgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANbYYjxpyd2Ts+llY4kDTviK4YudksZDyo6v/W6cx2YxSPTOXr44
+xWwbSMlh9XiK6XSsqJicg/mwdOMlfFq7319z7/yg3GqsB6K4Uup6QrqfdDwAzCZG
+upBdRXgCV+dHn46UnFoxq/P/vJ9/2bCm9oZwpp1S/8gZR4h1eGpz1ZfpAgMBAAGj
+dzB1MAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU4wH2HlFt/Nu/gqkSIUviRv/o7v8w
+HwYDVR0jBBgwFoAU6Gq7wpDqbHAiPvb2SBsD5r63plUwJgYDVR0RBB8wHaQbMBkx
+FzAVBgNVBAMTDlVzZXIgMSBSb290IDExMA0GCSqGSIb3DQEBBQUAA4GBAGjwiBjV
+mGPaQjlHv1Ei9guORrCMg7BNB6TjqWZ2TUEjGmvc2NGFsb9P+eYBSjapoyYtCzPM
+NpfGQLZ3JhwG8hv6Cu9cYY0NnDzTD9vdYGmMJMZwvPg7OBmQevNPfny3abYPVeFL
+2nfNsf5f8cGK+D0mED1Ab4MXCtjd2qEnEKFz
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1004.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1004.pem
new file mode 100755
index 000000000000..6f57ca684532
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1004.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4100 (0x1004)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 18 16:00:38 2010 GMT
+ Not After : Jan 12 16:00:38 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00"\x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00s\x00"
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c9:ff:37:16:4d:7a:ad:59:bd:f2:c4:dc:4f:79:
+ 6a:f6:21:c7:ef:cd:af:f1:39:34:24:92:f4:46:d3:
+ 8b:43:31:55:11:3e:22:2b:85:19:38:ed:0b:35:3c:
+ 73:fc:b9:17:e8:73:99:21:a2:20:30:b4:e9:11:c6:
+ 7a:61:fa:fa:fe:eb:c8:30:c4:73:5f:77:f2:fc:42:
+ b7:10:29:ac:9e:8a:c2:df:25:9b:44:17:05:a3:39:
+ d9:1b:58:62:fb:2c:86:07:f7:f0:28:7b:5a:38:1b:
+ 6a:de:88:fb:ad:32:f4:53:e2:a1:c5:0f:68:db:64:
+ ae:39:2a:5e:02:d0:b5:38:07
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 86:2F:46:D0:A9:F9:3F:22:BD:57:83:51:35:F9:67:11:A2:00:AB:33
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 3 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ bb:f6:61:ae:30:94:3a:4a:d6:d5:cb:b5:50:bb:ca:0e:ab:9f:
+ 09:e9:78:d4:2f:20:fe:18:4e:d8:61:db:97:28:a9:d9:dc:e5:
+ 06:f8:6c:41:c2:5a:95:53:47:7e:a7:73:c9:45:4f:6b:30:fc:
+ fd:17:9a:7b:a9:d8:27:57:a9:fd:8d:e7:7e:4b:3e:98:11:42:
+ 00:39:1a:55:4b:3d:a5:de:75:3c:43:5a:33:10:d3:cf:4e:04:
+ 0a:71:d4:93:2b:0b:2b:15:82:7b:04:46:9b:50:da:18:84:66:
+ 31:75:36:5b:09:eb:82:5d:7d:e1:35:a3:a4:6c:b2:ac:c8:fa:
+ bd:5f
+-----BEGIN CERTIFICATE-----
+MIICyzCCAjSgAwIBAgICEAQwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTgxNjAw
+MzhaFw0zNTAxMTIxNjAwMzhaMH0xCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxLTArBgNVBAMeJAAiAGUAbgBjAGwAbwBzAGkAbgBnACAAcQB1AG8AdABlAHMA
+IjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyf83Fk16rVm98sTcT3lq9iHH
+782v8Tk0JJL0RtOLQzFVET4iK4UZOO0LNTxz/LkX6HOZIaIgMLTpEcZ6Yfr6/uvI
+MMRzX3fy/EK3ECmsnorC3yWbRBcFoznZG1hi+yyGB/fwKHtaOBtq3oj7rTL0U+Kh
+xQ9o22SuOSpeAtC1OAcCAwEAAaN3MHUwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBSG
+L0bQqfk/Ir1Xg1E1+WcRogCrMzAfBgNVHSMEGDAWgBToarvCkOpscCI+9vZIGwPm
+vremVTAmBgNVHREEHzAdpBswGTEXMBUGA1UEAxMOVXNlciAzIFJvb3QgMTEwDQYJ
+KoZIhvcNAQEFBQADgYEAu/ZhrjCUOkrW1cu1ULvKDqufCel41C8g/hhO2GHblyip
+2dzlBvhsQcJalVNHfqdzyUVPazD8/Reae6nYJ1ep/Y3nfks+mBFCADkaVUs9pd51
+PENaMxDTz04ECnHUkysLKxWCewRGm1DaGIRmMXU2Wwnrgl194TWjpGyyrMj6vV8=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1005.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1005.pem
new file mode 100755
index 000000000000..3a2f7522d19d
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1005.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4101 (0x1005)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 18 16:05:47 2010 GMT
+ Not After : Jan 12 16:05:47 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00"\x00"\x00d\x00o\x00u\x00b\x00l\x00e\x00 \x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00s\x00"\x00"
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:de:4d:31:93:c5:1b:7c:2b:85:86:da:89:3d:06:
+ 6f:6d:44:a5:de:6c:6a:06:28:b0:96:7b:40:34:01:
+ af:e4:b1:f4:93:f1:25:78:b0:43:ea:92:2a:87:60:
+ e8:be:7e:c9:b6:02:f8:14:93:1b:b8:5f:cb:2c:24:
+ e2:80:24:f0:5c:6d:77:f2:dc:ef:90:d6:d1:78:22:
+ 53:f0:7f:45:ad:f2:1a:9d:25:08:13:c8:62:6b:9e:
+ 88:79:3d:9e:b4:0a:05:11:79:7d:a1:b2:46:89:f3:
+ 45:ce:f3:22:2e:17:ab:e1:a9:b1:04:93:3b:f3:ca:
+ e6:60:c0:fd:91:7f:34:80:65
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ C1:6E:6A:FB:5A:B1:0C:67:07:C8:7E:F1:8D:86:F6:D0:27:56:6D:73
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 4 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 61:72:4b:33:1d:60:91:08:19:4f:ff:ec:8e:9e:83:71:d7:00:
+ 96:0a:b5:82:b7:8c:a6:3f:70:64:36:ac:25:a7:f1:a9:83:f1:
+ 63:f8:29:06:fa:58:86:8a:fd:25:9e:77:38:dd:c7:3b:cd:68:
+ 91:8e:f4:57:42:c9:6b:88:87:ec:24:57:38:84:fb:c0:d9:bc:
+ 6c:1c:6e:9d:9d:b9:da:cc:7e:fe:f9:bd:29:be:14:26:6f:63:
+ 1f:6f:6a:f1:dd:fd:d2:03:69:f2:36:e1:35:e0:57:72:d5:e3:
+ 09:ee:6a:08:45:b4:73:e9:d1:18:c2:38:1d:86:53:53:6d:bf:
+ f0:1e
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAkegAwIBAgICEAUwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTgxNjA1
+NDdaFw0zNTAxMTIxNjA1NDdaMIGPMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MT8wPQYDVQQDHjYAIgAiAGQAbwB1AGIAbABlACAAZQBuAGMAbABvAHMAaQBu
+AGcAIABxAHUAbwB0AGUAcwAiACIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AN5NMZPFG3wrhYbaiT0Gb21Epd5sagYosJZ7QDQBr+Sx9JPxJXiwQ+qSKodg6L5+
+ybYC+BSTG7hfyywk4oAk8Fxtd/Lc75DW0XgiU/B/Ra3yGp0lCBPIYmueiHk9nrQK
+BRF5faGyRonzRc7zIi4Xq+GpsQSTO/PK5mDA/ZF/NIBlAgMBAAGjdzB1MAsGA1Ud
+DwQEAwIF4DAdBgNVHQ4EFgQUwW5q+1qxDGcHyH7xjYb20CdWbXMwHwYDVR0jBBgw
+FoAU6Gq7wpDqbHAiPvb2SBsD5r63plUwJgYDVR0RBB8wHaQbMBkxFzAVBgNVBAMT
+DlVzZXIgNCBSb290IDExMA0GCSqGSIb3DQEBBQUAA4GBAGFySzMdYJEIGU//7I6e
+g3HXAJYKtYK3jKY/cGQ2rCWn8amD8WP4KQb6WIaK/SWedzjdxzvNaJGO9FdCyWuI
+h+wkVziE+8DZvGwcbp2dudrMfv75vSm+FCZvYx9vavHd/dIDafI24TXgV3LV4wnu
+aghFtHPp0RjCOB2GU1Ntv/Ae
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1006.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1006.pem
new file mode 100755
index 000000000000..cb72b8d1610a
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1006.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4102 (0x1006)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 18 16:09:21 2010 GMT
+ Not After : Jan 12 16:09:21 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00"\x00"\x00t\x00w\x00o\x00 \x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00o\x00n\x00e\x00 \x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00"
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d1:a4:91:c7:28:84:f8:54:63:09:1f:bc:2e:4e:
+ a3:be:54:01:42:2e:f7:ef:4f:b8:46:a9:35:b1:b3:
+ 29:0e:8b:f7:b5:fa:b7:71:5b:33:03:ac:e6:b5:f6:
+ ba:f5:ba:21:72:ed:7d:ea:f0:f1:2c:55:2a:a9:c6:
+ d8:54:ef:12:f0:f5:37:ca:57:b2:3c:ce:7c:5a:57:
+ 86:68:a2:51:82:80:bd:58:a5:04:1c:e8:cf:f6:5b:
+ 4e:d2:6a:79:63:eb:ac:52:7c:61:8c:fe:0a:6b:b2:
+ f6:16:9c:94:ae:a6:f6:69:b9:d5:0b:26:0d:01:7f:
+ 62:d2:58:c2:02:53:25:63:0d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 45:DF:D7:35:D1:13:E4:8F:E3:0D:E3:7E:A9:9A:5D:56:00:64:4E:43
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 5 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 9d:bd:dc:dc:8e:a8:e8:e4:15:cb:14:c1:6a:ab:d8:ab:e6:e5:
+ 4f:f5:a8:8b:2c:ab:80:e2:31:f9:89:d8:12:ba:9c:4f:b3:f5:
+ bb:7e:ee:8b:df:58:d3:b2:ee:f8:c5:46:c3:5d:2e:a9:35:d0:
+ 7a:1e:80:18:14:4d:78:6e:f1:c8:9a:51:db:86:3e:2c:04:4a:
+ 0a:2f:f1:7a:01:e3:1b:31:d7:1d:f1:32:c4:04:db:b9:7e:c4:
+ fd:b0:c1:41:3f:8a:b3:88:4f:4a:9c:a6:38:11:2a:4a:0f:8b:
+ d0:9a:8a:2c:33:fe:7f:42:b5:93:8d:54:df:de:2b:b1:08:5c:
+ d9:0d
+-----BEGIN CERTIFICATE-----
+MIIC6DCCAlGgAwIBAgICEAYwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTgxNjA5
+MjFaFw0zNTAxMTIxNjA5MjFaMIGZMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MUkwRwYDVQQDHkAAIgAiAHQAdwBvACAAcwB0AGEAcgB0AGkAbgBnACAAbwBu
+AGUAIABlAG4AZABpAG4AZwAgAHEAdQBvAHQAZQAiMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDRpJHHKIT4VGMJH7wuTqO+VAFCLvfvT7hGqTWxsykOi/e1+rdx
+WzMDrOa19rr1uiFy7X3q8PEsVSqpxthU7xLw9TfKV7I8znxaV4ZoolGCgL1YpQQc
+6M/2W07Sanlj66xSfGGM/gprsvYWnJSupvZpudULJg0Bf2LSWMICUyVjDQIDAQAB
+o3cwdTALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFEXf1zXRE+SP4w3jfqmaXVYAZE5D
+MB8GA1UdIwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMCYGA1UdEQQfMB2kGzAZ
+MRcwFQYDVQQDEw5Vc2VyIDUgUm9vdCAxMTANBgkqhkiG9w0BAQUFAAOBgQCdvdzc
+jqjo5BXLFMFqq9ir5uVP9aiLLKuA4jH5idgSupxPs/W7fu6L31jTsu74xUbDXS6p
+NdB6HoAYFE14bvHImlHbhj4sBEoKL/F6AeMbMdcd8TLEBNu5fsT9sMFBP4qziE9K
+nKY4ESpKD4vQmoosM/5/QrWTjVTf3iuxCFzZDQ==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1007.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1007.pem
new file mode 100755
index 000000000000..ce9b36d12d7a
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1007.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4103 (0x1007)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 18 16:11:53 2010 GMT
+ Not After : Jan 12 16:11:53 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00"\x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d1:99:9c:20:2e:65:ee:0f:ce:cb:8a:d8:70:c8:
+ 04:3c:ac:2f:14:7c:6c:8f:5e:95:36:f8:53:74:5b:
+ 88:bf:a1:43:73:04:ab:3a:42:b4:7c:2c:3c:3b:63:
+ 7e:ef:82:c5:bb:b1:28:9b:8b:b7:29:72:3d:30:08:
+ e9:a2:d7:4b:08:e2:2e:e6:d4:9f:75:29:31:23:be:
+ b4:30:5d:94:30:41:38:a1:d5:34:bc:69:f5:d8:8d:
+ c6:08:cc:28:4a:92:22:2b:19:89:f5:ad:7c:49:89:
+ b3:63:c6:e5:6c:86:d7:62:05:1b:97:db:2d:fb:c2:
+ 47:e5:51:a6:f0:50:6f:e3:53
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 5F:DA:34:F6:6F:BA:9E:12:99:DC:02:2A:4C:3E:8C:0D:14:A1:9B:2B
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 6 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 24:af:11:b6:1a:5c:d1:bf:70:93:85:c0:2e:10:96:4d:b7:ad:
+ 4e:d7:c4:7e:87:a1:3b:20:d7:bf:04:07:cc:91:13:0c:ad:66:
+ 08:d6:2e:b6:d0:aa:d0:45:0e:c0:92:3d:7c:a6:82:19:04:3c:
+ 9a:b3:5e:e8:fe:9e:5c:d6:17:75:73:e3:3c:64:0c:ae:5d:92:
+ 2a:eb:0e:ef:04:f5:ce:a5:7f:1f:2f:1d:05:a0:70:f4:24:80:
+ c3:38:35:2d:e5:ac:a7:11:4a:3e:a2:b2:d1:14:91:ba:b0:d8:
+ 5f:be:80:8a:34:2c:72:fb:00:47:88:47:9e:34:65:12:ad:9f:
+ ff:99
+-----BEGIN CERTIFICATE-----
+MIICxTCCAi6gAwIBAgICEAcwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTgxNjEx
+NTNaFw0zNTAxMTIxNjExNTNaMHcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxJzAlBgNVBAMeHgAiAHMAdABhAHIAdABpAG4AZwAgAHEAdQBvAHQAZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0ZmcIC5l7g/Oy4rYcMgEPKwvFHxsj16V
+NvhTdFuIv6FDcwSrOkK0fCw8O2N+74LFu7Eom4u3KXI9MAjpotdLCOIu5tSfdSkx
+I760MF2UMEE4odU0vGn12I3GCMwoSpIiKxmJ9a18SYmzY8blbIbXYgUbl9st+8JH
+5VGm8FBv41MCAwEAAaN3MHUwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRf2jT2b7qe
+EpncAipMPowNFKGbKzAfBgNVHSMEGDAWgBToarvCkOpscCI+9vZIGwPmvremVTAm
+BgNVHREEHzAdpBswGTEXMBUGA1UEAxMOVXNlciA2IFJvb3QgMTEwDQYJKoZIhvcN
+AQEFBQADgYEAJK8Rthpc0b9wk4XALhCWTbetTtfEfoehOyDXvwQHzJETDK1mCNYu
+ttCq0EUOwJI9fKaCGQQ8mrNe6P6eXNYXdXPjPGQMrl2SKusO7wT1zqV/Hy8dBaBw
+9CSAwzg1LeWspxFKPqKy0RSRurDYX76AijQscvsAR4hHnjRlEq2f/5k=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1008.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1008.pem
new file mode 100755
index 000000000000..8d6f2bd25c05
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1008.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4104 (0x1008)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 18 16:14:05 2010 GMT
+ Not After : Jan 12 16:14:05 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00"
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a6:a8:3f:60:a7:9a:3b:20:c9:2c:8c:4f:cd:11:
+ 1f:0d:a9:2a:2c:eb:12:80:0c:55:8a:4d:06:ef:b2:
+ 5f:2e:47:be:0d:10:22:8a:15:57:29:4a:90:63:f9:
+ 1c:13:85:47:c7:c9:b9:76:09:10:a9:b1:94:5c:8d:
+ c9:f4:01:26:43:e4:d4:98:d6:00:1a:d4:cd:2a:d1:
+ cd:7e:4c:4e:ab:18:78:5a:fb:b2:ec:a3:87:a1:0e:
+ 84:3f:70:cf:ca:02:24:c8:d7:1b:83:a3:ac:a5:f0:
+ 10:c5:de:b7:a2:6c:0b:0c:9d:ab:32:a3:1a:c9:ae:
+ 9b:48:a8:65:cd:50:db:0b:cf
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 91:32:56:26:62:63:A1:32:B0:BC:D0:91:F1:D8:F2:94:CB:10:F1:91
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 7 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 4c:d5:2f:ab:fb:83:f8:11:c9:d2:df:aa:dc:e9:b8:38:2e:53:
+ e1:3a:5b:bb:0a:bf:72:f7:47:b5:57:de:82:8a:e6:bb:7d:62:
+ af:1b:9c:8e:4a:f5:cf:0b:ac:e9:06:16:ca:59:f1:7f:d7:45:
+ c0:88:84:ee:f4:c7:8b:e0:39:aa:c7:b7:95:b9:fe:a2:4a:3a:
+ 41:df:d0:02:bf:6f:54:30:9a:9a:0a:a6:04:5f:f4:17:52:d6:
+ c2:39:43:5e:b9:a3:86:0f:3d:ad:eb:a3:81:f4:cc:90:29:17:
+ dc:46:5e:6b:9c:f6:70:0f:b2:0f:dc:0f:9c:9f:09:6c:fa:31:
+ 6c:01
+-----BEGIN CERTIFICATE-----
+MIICwTCCAiqgAwIBAgICEAgwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTgxNjE0
+MDVaFw0zNTAxMTIxNjE0MDVaMHMxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxIzAhBgNVBAMeGgBlAG4AZABpAG4AZwAgAHEAdQBvAHQAZQAiMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQCmqD9gp5o7IMksjE/NER8NqSos6xKADFWKTQbv
+sl8uR74NECKKFVcpSpBj+RwThUfHybl2CRCpsZRcjcn0ASZD5NSY1gAa1M0q0c1+
+TE6rGHha+7Lso4ehDoQ/cM/KAiTI1xuDo6yl8BDF3reibAsMnasyoxrJrptIqGXN
+UNsLzwIDAQABo3cwdTALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJEyViZiY6EysLzQ
+kfHY8pTLEPGRMB8GA1UdIwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMCYGA1Ud
+EQQfMB2kGzAZMRcwFQYDVQQDEw5Vc2VyIDcgUm9vdCAxMTANBgkqhkiG9w0BAQUF
+AAOBgQBM1S+r+4P4EcnS36rc6bg4LlPhOlu7Cr9y90e1V96Ciua7fWKvG5yOSvXP
+C6zpBhbKWfF/10XAiITu9MeL4Dmqx7eVuf6iSjpB39ACv29UMJqaCqYEX/QXUtbC
+OUNeuaOGDz2t66OB9MyQKRfcRl5rnPZwD7IP3A+cnwls+jFsAQ==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1009.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1009.pem
new file mode 100755
index 000000000000..c1a94dae5d59
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1009.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4105 (0x1009)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 18 16:16:31 2010 GMT
+ Not After : Jan 12 16:16:31 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00"\x00q\x00u\x00o\x00t\x00e
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b4:3b:c7:b0:6c:b5:f2:b3:a5:79:89:54:de:af:
+ 03:3c:0e:c9:57:15:8e:73:2a:48:83:18:59:ce:b4:
+ 12:fb:5c:92:28:69:75:18:f9:0f:24:15:95:38:b2:
+ 4c:81:07:90:97:3b:d7:3a:ab:a6:92:5a:9f:5a:1f:
+ fe:14:ac:4d:b5:5e:6a:a6:0f:98:55:08:07:09:07:
+ a5:fb:79:9e:a0:2d:73:99:92:ad:6e:bc:75:36:d0:
+ b5:f1:1c:91:3a:d4:49:8a:60:1e:a7:01:2f:bc:d9:
+ cd:b4:f4:70:b4:38:d1:3c:d3:ee:00:df:b3:83:45:
+ 63:5c:5d:28:47:bc:b1:b9:57
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ D6:18:38:7B:14:4B:D6:72:42:A9:53:E2:1D:BE:81:88:26:DB:0A:06
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 8 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 98:f3:ac:db:7b:a0:00:d2:58:be:74:21:ff:09:29:4c:0c:1a:
+ 7a:1f:dd:e2:f3:f4:9a:52:5d:da:ac:10:30:f9:b8:93:10:60:
+ 46:bf:48:47:bd:af:87:a1:d9:c6:46:81:b3:0d:a4:f8:ba:ca:
+ 17:7c:f2:f9:46:03:62:7f:32:6b:f0:7c:75:a4:05:44:cb:10:
+ 42:36:ce:12:c0:b9:e5:5f:e0:7b:c6:c8:39:5c:0c:50:30:a0:
+ f6:fe:e1:a2:e6:00:b3:fc:86:56:11:66:d8:41:81:e3:4e:15:
+ e5:68:9d:1c:b0:c4:4f:ab:86:75:55:fa:39:58:3f:7c:68:03:
+ e0:76
+-----BEGIN CERTIFICATE-----
+MIICwTCCAiqgAwIBAgICEAkwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTgxNjE2
+MzFaFw0zNTAxMTIxNjE2MzFaMHMxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxIzAhBgNVBAMeGgBtAGkAZABkAGwAZQAgACIAcQB1AG8AdABlMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC0O8ewbLXys6V5iVTerwM8DslXFY5zKkiDGFnO
+tBL7XJIoaXUY+Q8kFZU4skyBB5CXO9c6q6aSWp9aH/4UrE21XmqmD5hVCAcJB6X7
+eZ6gLXOZkq1uvHU20LXxHJE61EmKYB6nAS+82c209HC0ONE80+4A37ODRWNcXShH
+vLG5VwIDAQABo3cwdTALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFNYYOHsUS9ZyQqlT
+4h2+gYgm2woGMB8GA1UdIwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMCYGA1Ud
+EQQfMB2kGzAZMRcwFQYDVQQDEw5Vc2VyIDggUm9vdCAxMTANBgkqhkiG9w0BAQUF
+AAOBgQCY86zbe6AA0li+dCH/CSlMDBp6H93i8/SaUl3arBAw+biTEGBGv0hHva+H
+odnGRoGzDaT4usoXfPL5RgNifzJr8Hx1pAVEyxBCNs4SwLnlX+B7xsg5XAxQMKD2
+/uGi5gCz/IZWEWbYQYHjThXlaJ0csMRPq4Z1Vfo5WD98aAPgdg==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100A.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100A.pem
new file mode 100755
index 000000000000..a3a79bf83111
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100A.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4106 (0x100a)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 18 16:18:57 2010 GMT
+ Not After : Jan 12 16:18:57 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00d\x00o\x00u\x00b\x00l\x00e\x00 \x00"\x00"\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e5:3f:d4:e1:d6:26:2a:c9:40:1d:34:3c:1e:e8:
+ f4:54:67:6b:6c:a5:b7:fe:04:bb:cb:0e:c0:2d:26:
+ 61:c1:81:80:9d:da:1b:fd:d3:7a:7a:57:78:c5:f6:
+ e6:4b:ad:2d:a2:8d:49:b3:ac:18:ca:1c:25:67:44:
+ 7c:8e:b5:ab:ec:f7:a8:da:b7:37:ed:77:76:b2:8f:
+ bb:15:b2:e3:45:5f:b2:2a:aa:27:b7:f1:bc:37:8f:
+ b7:b4:c5:ff:45:fd:67:04:25:47:2c:1a:a7:63:1e:
+ 97:f6:ac:d7:39:cf:ef:24:63:a1:87:9b:36:97:92:
+ fa:d9:4d:a9:fa:dd:c9:fb:75
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 62:F1:43:E3:B1:7B:98:0D:69:A4:8F:CF:32:F7:6D:E6:88:D6:23:90
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 9 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ ab:46:88:13:e8:02:63:4e:f2:a0:5a:48:7e:35:a4:c2:f8:55:
+ 33:cb:ef:45:55:30:81:a1:9e:c2:c7:43:cd:19:23:1f:df:3f:
+ 8b:b8:7e:69:5e:98:06:b1:47:dd:e5:05:e2:3a:19:cf:af:e3:
+ dd:7b:75:e5:53:b0:bc:4e:58:40:bf:3b:d2:9c:7f:9e:b1:66:
+ f8:3f:58:c4:5f:ab:be:1f:03:fb:89:47:a4:25:8a:1e:10:e0:
+ 20:33:70:07:13:92:32:e1:bf:92:6a:d5:89:03:2c:ad:e1:85:
+ 8c:b3:1d:ee:0c:35:70:2f:aa:e5:e0:77:97:b0:9b:a3:0d:22:
+ 6f:dc
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAjugAwIBAgICEAowDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTgxNjE4
+NTdaFw0zNTAxMTIxNjE4NTdaMIGDMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MTMwMQYDVQQDHioAZABvAHUAYgBsAGUAIAAiACIAbQBpAGQAZABsAGUAIABx
+AHUAbwB0AGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOU/1OHWJirJQB00
+PB7o9FRna2ylt/4Eu8sOwC0mYcGBgJ3aG/3TenpXeMX25kutLaKNSbOsGMocJWdE
+fI61q+z3qNq3N+13drKPuxWy40VfsiqqJ7fxvDePt7TF/0X9ZwQlRywap2Mel/as
+1znP7yRjoYebNpeS+tlNqfrdyft1AgMBAAGjdzB1MAsGA1UdDwQEAwIF4DAdBgNV
+HQ4EFgQUYvFD47F7mA1ppI/PMvdt5ojWI5AwHwYDVR0jBBgwFoAU6Gq7wpDqbHAi
+Pvb2SBsD5r63plUwJgYDVR0RBB8wHaQbMBkxFzAVBgNVBAMTDlVzZXIgOSBSb290
+IDExMA0GCSqGSIb3DQEBBQUAA4GBAKtGiBPoAmNO8qBaSH41pML4VTPL70VVMIGh
+nsLHQ80ZIx/fP4u4fmlemAaxR93lBeI6Gc+v4917deVTsLxOWEC/O9Kcf56xZvg/
+WMRfq74fA/uJR6Qlih4Q4CAzcAcTkjLhv5Jq1YkDLK3hhYyzHe4MNXAvquXgd5ew
+m6MNIm/c
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100B.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100B.pem
new file mode 100755
index 000000000000..75684732d762
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100B.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4107 (0x100b)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 09:02:37 2010 GMT
+ Not After : Jan 13 09:02:37 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00p\x00a\x00r\x00t\x00i\x00a\x00l\x00l\x00y\x00 \x00"\x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00"
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ae:9f:8e:b8:88:8e:ed:53:aa:2a:2c:ed:f1:6c:
+ 99:47:9f:ab:8b:4e:8e:d8:2e:c2:78:2c:54:f9:29:
+ 14:27:b9:6a:3c:33:3f:06:51:ba:76:15:0a:16:60:
+ db:f2:f0:db:af:5b:38:be:18:42:b4:31:02:ba:6f:
+ 19:00:57:be:d0:f3:7c:6b:34:36:e8:7c:45:77:0d:
+ f5:d0:7c:0e:23:64:7c:59:02:5c:54:15:71:82:be:
+ 98:3f:c9:2d:f0:9e:d5:f0:32:02:44:61:5b:2f:71:
+ 16:13:9a:b3:2b:28:ff:d5:d8:3d:00:9c:eb:ec:b7:
+ 04:e2:b6:15:42:45:e5:ef:3f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 8C:2C:B6:8B:82:43:DC:41:EC:AC:D4:75:E8:DA:D8:3F:A9:A0:F5:31
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 10 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 48:a6:51:46:5b:44:a5:be:18:ed:8f:d4:c6:d2:3c:86:8f:e7:
+ e5:f4:a2:5d:51:aa:00:9b:bc:d8:b1:d3:f4:24:a0:a1:0d:80:
+ 2e:7e:62:26:ee:8c:4b:bd:79:0c:39:bd:6e:af:db:92:b6:03:
+ b1:b0:49:95:a7:59:28:54:30:33:fc:7e:2f:0f:a2:ce:90:27:
+ 29:b9:d8:3f:99:36:e9:81:9f:f5:fa:cb:f9:f2:05:b5:48:60:
+ 4d:50:4d:1e:ba:45:fd:f1:99:84:a6:79:0b:6b:76:eb:73:9d:
+ 5c:47:27:be:0d:23:0b:97:cc:9d:5a:80:fa:9b:ff:66:e7:37:
+ 60:a4
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAkigAwIBAgICEAswDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkwOTAy
+MzdaFw0zNTAxMTMwOTAyMzdaMIGPMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MT8wPQYDVQQDHjYAcABhAHIAdABpAGEAbABsAHkAIAAiAGUAbgBjAGwAbwBz
+AGkAbgBnACAAcQB1AG8AdABlACIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AK6fjriIju1Tqios7fFsmUefq4tOjtguwngsVPkpFCe5ajwzPwZRunYVChZg2/Lw
+269bOL4YQrQxArpvGQBXvtDzfGs0Nuh8RXcN9dB8DiNkfFkCXFQVcYK+mD/JLfCe
+1fAyAkRhWy9xFhOasyso/9XYPQCc6+y3BOK2FUJF5e8/AgMBAAGjeDB2MAsGA1Ud
+DwQEAwIF4DAdBgNVHQ4EFgQUjCy2i4JD3EHsrNR16NrYP6mg9TEwHwYDVR0jBBgw
+FoAU6Gq7wpDqbHAiPvb2SBsD5r63plUwJwYDVR0RBCAwHqQcMBoxGDAWBgNVBAMT
+D1VzZXIgMTAgUm9vdCAxMTANBgkqhkiG9w0BAQUFAAOBgQBIplFGW0Slvhjtj9TG
+0jyGj+fl9KJdUaoAm7zYsdP0JKChDYAufmIm7oxLvXkMOb1ur9uStgOxsEmVp1ko
+VDAz/H4vD6LOkCcpudg/mTbpgZ/1+sv58gW1SGBNUE0eukX98ZmEpnkLa3brc51c
+Rye+DSMLl8ydWoD6m/9m5zdgpA==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100C.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100C.pem
new file mode 100755
index 000000000000..115190ca6780
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100C.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4108 (0x100c)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 09:48:52 2010 GMT
+ Not After : Jan 13 09:48:52 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00"\x00U\x00s\x00e\x00r\x00 \x001\x001\x00,\x00 \x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e2:8b:a9:94:06:b0:cb:e7:1b:a3:fd:7c:70:d1:
+ 66:e6:2d:aa:c7:ec:2e:e3:08:c3:39:3f:48:47:fd:
+ 09:67:2d:16:17:87:c0:e3:4d:c1:cc:6b:3f:c4:7b:
+ 74:d5:71:70:d6:74:8a:a2:17:fd:39:78:f8:c7:b3:
+ 42:54:ac:f7:07:d7:6f:55:da:03:15:11:e0:c2:d8:
+ 95:d2:87:c3:9c:3d:94:96:9d:01:81:5d:61:43:aa:
+ 4c:92:d5:68:aa:6c:73:88:52:7b:ee:9b:76:65:0d:
+ 2a:ae:3d:83:71:41:44:8b:23:7d:a6:f9:3c:81:56:
+ 6c:9b:52:96:87:c8:97:18:8d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 48:89:BE:3C:AA:C9:5A:38:6B:CA:FA:C8:B2:BB:F7:E1:44:4B:7B:08
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 11 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 23:c9:5b:f5:9f:59:ff:97:0b:79:35:2d:32:db:b7:4b:b1:c9:
+ 2b:1e:cf:88:7b:b4:4e:f0:ed:13:a3:64:85:8f:d6:70:b5:ed:
+ 2a:57:92:a0:b4:14:96:48:7a:aa:a4:19:59:df:d9:a9:0f:86:
+ a3:e5:ec:b5:67:ef:c3:ee:23:dd:c3:3e:24:86:6c:09:03:59:
+ ab:93:d6:c7:0a:4c:ef:c5:4a:be:d6:ff:0f:2e:81:8e:18:d5:
+ 44:21:3a:0e:86:04:aa:86:8a:38:1e:d6:07:75:d0:08:be:ef:
+ 29:7d:d2:fc:85:8d:0c:d3:bd:ea:47:be:40:bb:fa:2f:29:fc:
+ c6:d8
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAkKgAwIBAgICEAwwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkwOTQ4
+NTJaFw0zNTAxMTMwOTQ4NTJaMIGJMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MTkwNwYDVQQDHjAAIgBVAHMAZQByACAAMQAxACwAIABzAHQAYQByAHQAaQBu
+AGcAIABxAHUAbwB0AGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOKLqZQG
+sMvnG6P9fHDRZuYtqsfsLuMIwzk/SEf9CWctFheHwONNwcxrP8R7dNVxcNZ0iqIX
+/Tl4+MezQlSs9wfXb1XaAxUR4MLYldKHw5w9lJadAYFdYUOqTJLVaKpsc4hSe+6b
+dmUNKq49g3FBRIsjfab5PIFWbJtSlofIlxiNAgMBAAGjeDB2MAsGA1UdDwQEAwIF
+4DAdBgNVHQ4EFgQUSIm+PKrJWjhryvrIsrv34URLewgwHwYDVR0jBBgwFoAU6Gq7
+wpDqbHAiPvb2SBsD5r63plUwJwYDVR0RBCAwHqQcMBoxGDAWBgNVBAMTD1VzZXIg
+MTEgUm9vdCAxMTANBgkqhkiG9w0BAQUFAAOBgQAjyVv1n1n/lwt5NS0y27dLsckr
+Hs+Ie7RO8O0To2SFj9Zwte0qV5KgtBSWSHqqpBlZ39mpD4aj5ey1Z+/D7iPdwz4k
+hmwJA1mrk9bHCkzvxUq+1v8PLoGOGNVEIToOhgSqhoo4HtYHddAIvu8pfdL8hY0M
+073qR75Au/ovKfzG2A==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100D.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100D.pem
new file mode 100755
index 000000000000..95e419a174a3
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100D.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4109 (0x100d)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 09:51:10 2010 GMT
+ Not After : Jan 13 09:51:10 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00U\x00s\x00e\x00r\x00 \x001\x002\x00,\x00 \x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00"
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:bf:4f:93:6b:6b:86:76:30:31:3b:0e:eb:b7:a6:
+ b9:a3:3e:84:ea:d5:31:50:5a:df:f4:3f:67:11:5a:
+ a5:28:23:58:37:67:a5:5c:72:6d:f2:fc:80:81:55:
+ 78:86:28:e9:60:c2:0a:d0:17:3c:3a:e9:a8:01:71:
+ 64:b8:27:f4:42:e0:d7:69:f5:4e:ef:14:07:69:fd:
+ de:7b:af:c8:a4:0c:9c:56:00:8b:76:67:d1:ba:a9:
+ e7:40:63:77:da:44:d3:89:5c:a7:5a:ea:d5:f3:9b:
+ 15:43:f3:08:2d:bc:8a:bf:4a:5b:57:01:f0:c7:97:
+ fe:b0:93:b2:1b:79:a0:4e:ad
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 0A:A2:A6:09:88:23:56:82:9E:60:8B:79:23:61:CA:BF:D4:F7:ED:A9
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 12 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 64:3e:b6:a6:5e:0d:6f:b3:e7:f6:c7:1f:4a:48:96:4c:fe:13:
+ 3c:4a:7b:e7:46:51:56:45:66:02:e4:79:1a:7f:15:a4:e9:5b:
+ f7:4c:68:cf:cf:b0:7b:e2:ba:57:37:23:c6:cd:ba:75:85:e8:
+ eb:d5:ca:a2:6d:9a:75:84:4b:7b:47:38:58:bc:0a:4b:cc:2c:
+ 2a:0d:eb:7e:ac:36:6f:0b:a5:26:b7:d3:0b:0f:e7:cc:26:db:
+ bb:01:48:5b:38:49:f5:3e:2d:75:c0:d6:11:ad:3e:a0:b6:8a:
+ 8e:7f:4d:10:2c:7b:d7:03:0d:de:da:6b:e0:07:06:90:73:1f:
+ dd:f1
+-----BEGIN CERTIFICATE-----
+MIIC1TCCAj6gAwIBAgICEA0wDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkwOTUx
+MTBaFw0zNTAxMTMwOTUxMTBaMIGFMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MTUwMwYDVQQDHiwAVQBzAGUAcgAgADEAMgAsACAAZQBuAGQAaQBuAGcAIABx
+AHUAbwB0AGUAIjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv0+Ta2uGdjAx
+Ow7rt6a5oz6E6tUxUFrf9D9nEVqlKCNYN2elXHJt8vyAgVV4hijpYMIK0Bc8Oumo
+AXFkuCf0QuDXafVO7xQHaf3ee6/IpAycVgCLdmfRuqnnQGN32kTTiVynWurV85sV
+Q/MILbyKv0pbVwHwx5f+sJOyG3mgTq0CAwEAAaN4MHYwCwYDVR0PBAQDAgXgMB0G
+A1UdDgQWBBQKoqYJiCNWgp5gi3kjYcq/1PftqTAfBgNVHSMEGDAWgBToarvCkOps
+cCI+9vZIGwPmvremVTAnBgNVHREEIDAepBwwGjEYMBYGA1UEAxMPVXNlciAxMiBS
+b290IDExMA0GCSqGSIb3DQEBBQUAA4GBAGQ+tqZeDW+z5/bHH0pIlkz+EzxKe+dG
+UVZFZgLkeRp/FaTpW/dMaM/PsHviulc3I8bNunWF6OvVyqJtmnWES3tHOFi8CkvM
+LCoN636sNm8LpSa30wsP58wm27sBSFs4SfU+LXXA1hGtPqC2io5/TRAse9cDDd7a
+a+AHBpBzH93x
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100E.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100E.pem
new file mode 100755
index 000000000000..f91766a0a8f1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100E.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4110 (0x100e)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 09:53:08 2010 GMT
+ Not After : Jan 13 09:53:08 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00"\x00U\x00s\x00e\x00r\x00 \x001\x003\x00,\x00 \x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00s\x00"
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e0:b2:b3:77:34:32:23:3c:45:ce:1f:5f:9a:60:
+ c5:59:af:2f:bf:73:8e:be:3d:88:8d:97:4f:fe:8a:
+ 00:b9:71:7f:07:3a:1e:6a:5b:37:8a:ff:58:8f:f1:
+ b3:e5:0b:9d:35:58:57:6d:da:d1:15:cd:52:7f:e2:
+ 15:25:16:d4:d6:1e:71:a6:f3:f7:c5:6d:01:64:fc:
+ 20:d4:4e:6a:f2:f9:b9:2a:36:f8:ae:e6:17:a8:f9:
+ 8e:7c:bb:75:e5:24:39:ad:4c:18:c8:bb:07:22:cd:
+ d1:a6:52:93:7f:24:5f:90:dd:0f:64:07:70:42:67:
+ 39:9b:1f:ea:5e:bb:cd:df:ab
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 75:49:D0:1F:A0:B3:A2:C6:F2:7F:CF:16:A3:4C:4B:DF:D6:4C:07:9D
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 13 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 5d:60:60:06:aa:8a:2d:ee:20:2a:ee:fb:b5:99:8c:ed:d8:67:
+ 28:30:d8:26:a7:e0:1c:6e:5d:e1:4c:5e:c8:f9:02:e2:2e:c4:
+ 1e:58:e9:84:bc:d7:79:4e:d5:c5:ea:ba:74:aa:4e:30:9d:2b:
+ 98:c8:0b:fe:7f:eb:fb:e9:24:5f:f8:17:27:a9:ce:7c:ff:4b:
+ 88:15:3e:25:18:71:73:bf:b6:bf:c5:51:6b:1d:db:32:1d:ae:
+ 00:bf:ed:a5:65:99:16:43:8d:d2:6d:27:53:fc:65:9a:91:94:
+ 7b:44:c8:58:a1:f1:2b:95:86:0b:2d:2d:94:10:6f:5e:be:f8:
+ 7b:8e
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAkigAwIBAgICEA4wDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkwOTUz
+MDhaFw0zNTAxMTMwOTUzMDhaMIGPMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MT8wPQYDVQQDHjYAIgBVAHMAZQByACAAMQAzACwAIABlAG4AYwBsAG8AcwBp
+AG4AZwAgAHEAdQBvAHQAZQBzACIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AOCys3c0MiM8Rc4fX5pgxVmvL79zjr49iI2XT/6KALlxfwc6HmpbN4r/WI/xs+UL
+nTVYV23a0RXNUn/iFSUW1NYecabz98VtAWT8INROavL5uSo2+K7mF6j5jny7deUk
+Oa1MGMi7ByLN0aZSk38kX5DdD2QHcEJnOZsf6l67zd+rAgMBAAGjeDB2MAsGA1Ud
+DwQEAwIF4DAdBgNVHQ4EFgQUdUnQH6Czosbyf88Wo0xL39ZMB50wHwYDVR0jBBgw
+FoAU6Gq7wpDqbHAiPvb2SBsD5r63plUwJwYDVR0RBCAwHqQcMBoxGDAWBgNVBAMT
+D1VzZXIgMTMgUm9vdCAxMTANBgkqhkiG9w0BAQUFAAOBgQBdYGAGqoot7iAq7vu1
+mYzt2GcoMNgmp+Acbl3hTF7I+QLiLsQeWOmEvNd5TtXF6rp0qk4wnSuYyAv+f+v7
+6SRf+Bcnqc58/0uIFT4lGHFzv7a/xVFrHdsyHa4Av+2lZZkWQ43SbSdT/GWakZR7
+RMhYofErlYYLLS2UEG9evvh7jg==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100F.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100F.pem
new file mode 100755
index 000000000000..34a9b97c5f60
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/100F.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4111 (0x100f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 09:55:02 2010 GMT
+ Not After : Jan 13 09:55:02 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00U\x00s\x00e\x00r\x00 \x001\x004\x00 \x00"\x00,\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e\x00"
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d7:b7:68:39:6e:80:18:83:2e:d7:0a:e5:f1:3f:
+ 27:80:68:59:a8:05:ac:7f:d9:6e:5d:7f:1c:58:86:
+ b7:74:b5:51:3d:64:09:4a:a0:ff:e7:10:0e:bc:8a:
+ f0:d1:54:18:0a:ed:68:0a:a2:33:e5:9f:f0:3d:7f:
+ 24:9c:46:34:ba:45:8f:05:59:51:2d:fb:32:1d:79:
+ 51:37:1a:4b:f8:6e:c5:49:c0:49:9e:ef:2b:ae:aa:
+ 03:fa:ff:55:08:69:85:0d:b4:06:53:ee:20:4e:74:
+ 6c:ca:b8:98:8d:64:8f:b5:99:a9:06:37:32:ca:ca:
+ eb:31:16:ce:97:e8:17:0d:9d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ A7:D8:65:FB:E9:A1:F6:A4:16:76:1C:2E:5B:F3:1B:8E:08:B1:1D:7F
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 14 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 35:54:0f:d2:d3:ec:9e:a6:ea:e6:51:69:27:a3:f1:ae:ea:ef:
+ f9:da:ca:2a:50:f1:9e:2a:7c:74:43:d6:7f:91:ad:5a:5c:e2:
+ da:f3:cb:27:a2:78:99:75:0b:9e:e9:3a:bd:3e:31:14:6a:06:
+ b7:3f:59:d1:0a:67:03:a4:32:63:cd:b1:b6:5c:68:bb:bb:e2:
+ 23:a6:ff:8e:55:e5:92:a6:a8:b3:87:3d:25:21:9c:2a:6f:ab:
+ 09:ad:f5:e6:e6:d8:37:62:f2:30:ac:51:da:f4:9c:1d:06:f6:
+ f3:73:2f:6a:3b:7f:53:0d:c0:2e:ad:cc:6e:81:fe:ce:e3:53:
+ 0e:23
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAkCgAwIBAgICEA8wDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkwOTU1
+MDJaFw0zNTAxMTMwOTU1MDJaMIGHMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MTcwNQYDVQQDHi4AVQBzAGUAcgAgADEANAAgACIALABtAGkAZABkAGwAZQAg
+AHEAdQBvAHQAZQAiMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXt2g5boAY
+gy7XCuXxPyeAaFmoBax/2W5dfxxYhrd0tVE9ZAlKoP/nEA68ivDRVBgK7WgKojPl
+n/A9fyScRjS6RY8FWVEt+zIdeVE3Gkv4bsVJwEme7yuuqgP6/1UIaYUNtAZT7iBO
+dGzKuJiNZI+1makGNzLKyusxFs6X6BcNnQIDAQABo3gwdjALBgNVHQ8EBAMCBeAw
+HQYDVR0OBBYEFKfYZfvpofakFnYcLlvzG44IsR1/MB8GA1UdIwQYMBaAFOhqu8KQ
+6mxwIj729kgbA+a+t6ZVMCcGA1UdEQQgMB6kHDAaMRgwFgYDVQQDEw9Vc2VyIDE0
+IFJvb3QgMTEwDQYJKoZIhvcNAQEFBQADgYEANVQP0tPsnqbq5lFpJ6Pxrurv+drK
+KlDxnip8dEPWf5GtWlzi2vPLJ6J4mXULnuk6vT4xFGoGtz9Z0QpnA6QyY82xtlxo
+u7viI6b/jlXlkqaos4c9JSGcKm+rCa315ubYN2LyMKxR2vScHQb283Mvajt/Uw3A
+Lq3MboH+zuNTDiM=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1010.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1010.pem
new file mode 100755
index 000000000000..ae0a4174738d
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1010.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4112 (0x1010)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 09:57:52 2010 GMT
+ Not After : Jan 13 09:57:52 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00\\x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00s\x00\
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a1:cc:00:2b:07:2b:e7:ac:80:29:cb:40:37:e3:
+ 1f:a3:c5:13:86:16:63:6b:cc:b8:c1:aa:54:fd:57:
+ 0f:de:4c:69:2f:e5:5f:f0:a9:bb:25:74:48:ee:36:
+ 77:6b:08:b5:95:a9:00:aa:15:31:9e:d8:f6:25:53:
+ 78:9d:bc:2b:8f:7a:19:32:12:8c:13:60:7d:76:1e:
+ 4e:b1:e4:51:c7:43:c0:e6:ee:d9:61:df:85:90:a0:
+ 95:3c:a2:81:83:3d:22:f6:8d:42:ee:69:fa:5c:ae:
+ 1c:b5:52:02:fb:ec:a6:12:2f:bb:fb:6c:a8:61:95:
+ 08:6c:d2:e5:1e:90:61:a6:27
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 2F:C9:F6:94:E6:1E:91:13:CE:75:A1:17:FD:1D:93:7E:45:CE:4D:67
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 15 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 19:d0:dc:4c:c8:59:f0:7a:14:f2:51:54:e5:9e:5a:b3:27:0b:
+ d7:36:0f:74:38:07:26:65:1a:b5:94:1a:1f:b2:b7:3d:ee:b1:
+ 90:05:83:41:6a:98:5f:25:b4:cb:5c:49:12:24:35:d6:97:cf:
+ 50:2e:0a:17:41:0b:75:e9:6a:a4:fb:bb:c2:cc:c1:94:64:03:
+ 81:c4:25:d2:3f:3e:8f:d1:29:44:db:a9:3c:7f:0c:2c:6d:48:
+ 38:cb:8f:56:82:9c:d3:f3:f3:20:1f:45:19:8e:ea:91:9c:c1:
+ 25:cf:20:1d:bb:70:7e:b9:a0:c5:34:78:93:5f:2b:d9:fd:d5:
+ de:ad
+-----BEGIN CERTIFICATE-----
+MIICzDCCAjWgAwIBAgICEBAwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkwOTU3
+NTJaFw0zNTAxMTMwOTU3NTJaMH0xCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxLTArBgNVBAMeJABcAGUAbgBjAGwAbwBzAGkAbgBnACAAcQB1AG8AdABlAHMA
+XDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAocwAKwcr56yAKctAN+Mfo8UT
+hhZja8y4wapU/VcP3kxpL+Vf8Km7JXRI7jZ3awi1lakAqhUxntj2JVN4nbwrj3oZ
+MhKME2B9dh5OseRRx0PA5u7ZYd+FkKCVPKKBgz0i9o1C7mn6XK4ctVIC++ymEi+7
++2yoYZUIbNLlHpBhpicCAwEAAaN4MHYwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQv
+yfaU5h6RE851oRf9HZN+Rc5NZzAfBgNVHSMEGDAWgBToarvCkOpscCI+9vZIGwPm
+vremVTAnBgNVHREEIDAepBwwGjEYMBYGA1UEAxMPVXNlciAxNSBSb290IDExMA0G
+CSqGSIb3DQEBBQUAA4GBABnQ3EzIWfB6FPJRVOWeWrMnC9c2D3Q4ByZlGrWUGh+y
+tz3usZAFg0FqmF8ltMtcSRIkNdaXz1AuChdBC3XpaqT7u8LMwZRkA4HEJdI/Po/R
+KUTbqTx/DCxtSDjLj1aCnNPz8yAfRRmO6pGcwSXPIB27cH65oMU0eJNfK9n91d6t
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1011.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1011.pem
new file mode 100755
index 000000000000..21222706f476
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1011.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4113 (0x1011)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 09:59:22 2010 GMT
+ Not After : Jan 13 09:59:22 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00\\x00\\x00d\x00o\x00u\x00b\x00l\x00e\x00 \x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00s\x00\\x00\
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a4:e3:64:10:9f:0a:e4:35:bb:e3:e1:f0:28:86:
+ 8a:f2:6e:d3:f8:44:ac:58:7b:f5:dd:1c:71:17:bf:
+ 3e:14:29:55:f0:5c:c9:ed:36:c0:7f:e7:cc:7c:a3:
+ c4:9a:13:4f:7d:6c:b3:1e:ab:24:ba:1a:ff:48:96:
+ 67:a5:ca:e5:75:30:24:70:3a:94:d2:92:db:29:2b:
+ 69:1f:1d:a4:da:37:91:57:03:79:d7:0a:c7:a9:09:
+ 14:a8:70:60:b5:a3:62:4f:b8:bf:0a:22:0a:9c:83:
+ 3a:4d:1a:47:06:97:f1:4a:38:78:95:45:10:9e:44:
+ 90:fb:6e:13:ba:3a:1b:b7:4b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ A5:32:FD:E7:0D:90:82:17:34:E1:AD:2A:48:5D:78:27:2B:C9:2A:B8
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 16 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 96:ee:46:fc:41:4f:55:0d:bc:46:27:5a:3c:09:7c:17:6c:e3:
+ 9e:3a:85:eb:3b:e2:f7:a5:ab:b5:ae:aa:44:81:d7:b7:29:39:
+ b8:20:40:1e:36:da:a8:03:8b:3a:96:c3:2e:ba:cd:81:b9:af:
+ a0:a5:95:b0:3b:55:c1:85:9d:3d:c2:d0:7b:a4:d0:0e:16:7c:
+ 26:ba:85:e5:96:f0:f9:cc:28:c4:ed:83:e8:6f:30:a8:22:7a:
+ 7e:3b:99:d6:b2:3d:a2:90:1e:c9:9b:70:0a:af:04:d9:7c:46:
+ 52:e2:5a:d3:57:d6:18:a9:e9:55:ee:00:e8:10:a1:84:ed:ca:
+ 2b:bf
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAkigAwIBAgICEBEwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkwOTU5
+MjJaFw0zNTAxMTMwOTU5MjJaMIGPMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MT8wPQYDVQQDHjYAXABcAGQAbwB1AGIAbABlACAAZQBuAGMAbABvAHMAaQBu
+AGcAIABxAHUAbwB0AGUAcwBcAFwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AKTjZBCfCuQ1u+Ph8CiGivJu0/hErFh79d0ccRe/PhQpVfBcye02wH/nzHyjxJoT
+T31ssx6rJLoa/0iWZ6XK5XUwJHA6lNKS2ykraR8dpNo3kVcDedcKx6kJFKhwYLWj
+Yk+4vwoiCpyDOk0aRwaX8Uo4eJVFEJ5EkPtuE7o6G7dLAgMBAAGjeDB2MAsGA1Ud
+DwQEAwIF4DAdBgNVHQ4EFgQUpTL95w2Qghc04a0qSF14JyvJKrgwHwYDVR0jBBgw
+FoAU6Gq7wpDqbHAiPvb2SBsD5r63plUwJwYDVR0RBCAwHqQcMBoxGDAWBgNVBAMT
+D1VzZXIgMTYgUm9vdCAxMTANBgkqhkiG9w0BAQUFAAOBgQCW7kb8QU9VDbxGJ1o8
+CXwXbOOeOoXrO+L3pau1rqpEgde3KTm4IEAeNtqoA4s6lsMuus2Bua+gpZWwO1XB
+hZ09wtB7pNAOFnwmuoXllvD5zCjE7YPobzCoInp+O5nWsj2ikB7Jm3AKrwTZfEZS
+4lrTV9YYqelV7gDoEKGE7corvw==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1012.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1012.pem
new file mode 100755
index 000000000000..b75551711c37
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1012.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4114 (0x1012)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:02:07 2010 GMT
+ Not After : Jan 13 10:02:07 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00\\x00\\x00t\x00w\x00o\x00 \x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00o\x00n\x00e\x00 \x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00\
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e9:8c:31:90:52:8d:ef:c6:6a:10:17:7d:37:a3:
+ ef:00:34:19:dd:a4:1a:f6:cc:37:b0:19:c8:9d:f6:
+ 9f:f8:3d:15:c9:cf:73:ab:0a:42:f2:54:5b:cc:12:
+ fb:64:35:54:c9:50:36:18:6c:b6:b0:cf:d6:1e:30:
+ 0b:0d:fa:f3:25:99:d7:49:20:dd:cc:04:d7:bb:07:
+ 00:b9:b9:87:8c:75:e5:28:a6:74:a9:b4:96:36:b8:
+ 15:62:84:0c:7a:a2:f3:07:9c:5c:8f:7a:22:3d:ba:
+ a4:06:69:f6:ce:d2:36:a0:62:e1:ae:67:aa:23:24:
+ ac:1d:53:ac:bf:b6:30:74:f7
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ C0:28:3E:BA:44:88:99:A0:80:67:AA:3E:B6:D4:12:A7:35:DA:A6:BB
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 17 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 06:5b:fb:65:55:34:ca:2c:1a:c2:2d:2a:97:1b:a1:68:f6:0c:
+ 13:18:03:44:f9:0d:37:a1:8c:b1:f7:bc:b7:74:a8:aa:c1:e7:
+ 36:e7:b9:e0:64:79:76:63:98:7b:1d:d8:80:8c:d9:26:61:a8:
+ e7:07:96:60:e9:8a:24:78:cb:9c:f3:35:15:c9:d9:0c:2e:68:
+ 68:48:9c:df:6b:56:3f:aa:47:34:36:b0:ef:0e:d2:e0:ee:a9:
+ a9:6a:27:93:60:27:5f:42:76:9c:e0:aa:74:6c:b9:aa:de:fe:
+ 86:98:5a:3d:73:c5:15:38:c8:ff:09:8e:ed:da:06:74:fb:67:
+ 92:51
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAlKgAwIBAgICEBIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDAy
+MDdaFw0zNTAxMTMxMDAyMDdaMIGZMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MUkwRwYDVQQDHkAAXABcAHQAdwBvACAAcwB0AGEAcgB0AGkAbgBnACAAbwBu
+AGUAIABlAG4AZABpAG4AZwAgAHEAdQBvAHQAZQBcMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDpjDGQUo3vxmoQF303o+8ANBndpBr2zDewGcid9p/4PRXJz3Or
+CkLyVFvMEvtkNVTJUDYYbLawz9YeMAsN+vMlmddJIN3MBNe7BwC5uYeMdeUopnSp
+tJY2uBVihAx6ovMHnFyPeiI9uqQGafbO0jagYuGuZ6ojJKwdU6y/tjB09wIDAQAB
+o3gwdjALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFMAoPrpEiJmggGeqPrbUEqc12qa7
+MB8GA1UdIwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMCcGA1UdEQQgMB6kHDAa
+MRgwFgYDVQQDEw9Vc2VyIDE3IFJvb3QgMTEwDQYJKoZIhvcNAQEFBQADgYEABlv7
+ZVU0yiwawi0qlxuhaPYMExgDRPkNN6GMsfe8t3SoqsHnNue54GR5dmOYex3YgIzZ
+JmGo5weWYOmKJHjLnPM1FcnZDC5oaEic32tWP6pHNDaw7w7S4O6pqWonk2AnX0J2
+nOCqdGy5qt7+hphaPXPFFTjI/wmO7doGdPtnklE=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1013.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1013.pem
new file mode 100755
index 000000000000..2b48a29b0efb
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1013.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4115 (0x1013)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:04:36 2010 GMT
+ Not After : Jan 13 10:04:36 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00\\x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:bb:73:a4:4e:45:8e:80:b1:65:b6:d8:3b:96:c8:
+ 3b:c4:2e:40:98:2a:a9:0d:2e:75:29:df:dd:28:8f:
+ dc:65:4e:2f:8b:24:55:f4:5b:95:5e:d8:29:c8:31:
+ aa:53:41:a6:1b:2a:cc:8d:67:b6:d8:5f:56:7d:bd:
+ 0e:17:88:9b:28:b8:fc:54:ff:0e:1f:d9:59:f7:6f:
+ 99:46:76:86:69:87:f7:07:51:f6:1a:76:91:37:40:
+ 96:de:5a:0e:c1:20:7f:b5:1b:79:c2:63:13:50:dc:
+ f0:35:11:2c:4a:30:e0:68:8f:dc:51:4c:2b:61:ba:
+ a5:e6:ad:72:8b:c4:e1:2d:73
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 31:AE:51:BD:37:3E:EB:D6:98:7D:BD:DF:45:0C:92:4E:73:58:35:AA
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 18 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 51:34:24:4b:78:89:95:5d:43:15:3e:62:fc:40:a0:34:a5:6e:
+ 83:b5:ee:f0:93:ae:8a:27:97:9c:66:54:c9:aa:f5:9b:96:88:
+ 43:25:76:b6:0d:06:36:6c:0e:08:5f:15:45:c6:cc:d1:62:18:
+ 6b:fa:cd:af:53:7c:7c:97:30:13:a7:03:ac:db:04:25:bb:22:
+ 7d:49:70:30:69:9f:c8:22:94:32:40:83:d3:d1:9d:1c:2a:64:
+ cf:a9:42:0c:ce:0c:b8:3d:63:33:bb:e1:85:45:a7:79:89:ac:
+ 0c:1b:b5:a4:e0:1d:4d:99:d6:68:9b:c2:67:97:9c:9d:2c:57:
+ 12:fe
+-----BEGIN CERTIFICATE-----
+MIICxjCCAi+gAwIBAgICEBMwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDA0
+MzZaFw0zNTAxMTMxMDA0MzZaMHcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxJzAlBgNVBAMeHgBcAHMAdABhAHIAdABpAG4AZwAgAHEAdQBvAHQAZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu3OkTkWOgLFlttg7lsg7xC5AmCqpDS51
+Kd/dKI/cZU4viyRV9FuVXtgpyDGqU0GmGyrMjWe22F9Wfb0OF4ibKLj8VP8OH9lZ
+92+ZRnaGaYf3B1H2GnaRN0CW3loOwSB/tRt5wmMTUNzwNREsSjDgaI/cUUwrYbql
+5q1yi8ThLXMCAwEAAaN4MHYwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQxrlG9Nz7r
+1ph9vd9FDJJOc1g1qjAfBgNVHSMEGDAWgBToarvCkOpscCI+9vZIGwPmvremVTAn
+BgNVHREEIDAepBwwGjEYMBYGA1UEAxMPVXNlciAxOCBSb290IDExMA0GCSqGSIb3
+DQEBBQUAA4GBAFE0JEt4iZVdQxU+YvxAoDSlboO17vCTroonl5xmVMmq9ZuWiEMl
+drYNBjZsDghfFUXGzNFiGGv6za9TfHyXMBOnA6zbBCW7In1JcDBpn8gilDJAg9PR
+nRwqZM+pQgzODLg9YzO74YVFp3mJrAwbtaTgHU2Z1mibwmeXnJ0sVxL+
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1014.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1014.pem
new file mode 100755
index 000000000000..a2027e9d8a43
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1014.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4116 (0x1014)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:05:50 2010 GMT
+ Not After : Jan 13 10:05:50 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00\
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ca:cc:98:77:0c:10:dd:0e:87:a2:da:b6:e6:97:
+ 91:36:71:54:de:2b:f8:de:18:b7:23:eb:e5:e3:57:
+ ae:cf:0b:6d:86:0f:63:f0:c4:4e:2a:66:48:33:c4:
+ e3:0b:2c:f5:e6:e5:e5:0f:f8:e0:a1:bc:11:06:a1:
+ 19:16:ec:44:77:a6:db:7d:d6:78:29:1f:57:f1:9d:
+ 3c:b4:3a:2b:3b:94:64:6d:e3:ce:b3:fa:d8:28:e2:
+ ed:76:9a:97:41:64:7c:0d:48:b8:1d:6a:56:e3:f9:
+ 4c:88:e9:1a:3c:b8:af:7a:13:67:19:59:36:46:79:
+ 52:72:ea:51:80:65:be:e2:0f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ D2:D8:8D:EE:39:D7:EA:15:23:00:7C:9D:48:1C:51:17:F8:80:86:CE
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 19 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 6e:05:c4:48:32:4a:62:6f:a3:8c:23:af:47:dd:d4:c7:c1:91:
+ 17:7e:cd:36:73:39:a3:7b:c9:ae:da:f6:e1:bd:82:d6:72:17:
+ 78:20:a2:27:ad:f5:d2:3f:10:66:e0:d8:ba:10:00:c3:76:5b:
+ de:36:cb:2a:91:25:89:08:0e:2a:6a:81:d0:a7:49:70:42:f3:
+ 94:a3:bf:6c:6b:b9:fa:fd:f9:d4:1f:6f:75:27:b9:0d:d3:d2:
+ fd:5d:0d:dc:f5:34:29:a2:3a:2f:04:ab:48:41:6d:d7:2b:fd:
+ 42:02:99:3c:cf:aa:6b:98:66:17:83:39:4a:6f:47:36:ad:db:
+ 22:6e
+-----BEGIN CERTIFICATE-----
+MIICwjCCAiugAwIBAgICEBQwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDA1
+NTBaFw0zNTAxMTMxMDA1NTBaMHMxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxIzAhBgNVBAMeGgBlAG4AZABpAG4AZwAgAHEAdQBvAHQAZQBcMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDKzJh3DBDdDoei2rbml5E2cVTeK/jeGLcj6+Xj
+V67PC22GD2PwxE4qZkgzxOMLLPXm5eUP+OChvBEGoRkW7ER3ptt91ngpH1fxnTy0
+Ois7lGRt486z+tgo4u12mpdBZHwNSLgdalbj+UyI6Ro8uK96E2cZWTZGeVJy6lGA
+Zb7iDwIDAQABo3gwdjALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFNLYje451+oVIwB8
+nUgcURf4gIbOMB8GA1UdIwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMCcGA1Ud
+EQQgMB6kHDAaMRgwFgYDVQQDEw9Vc2VyIDE5IFJvb3QgMTEwDQYJKoZIhvcNAQEF
+BQADgYEAbgXESDJKYm+jjCOvR93Ux8GRF37NNnM5o3vJrtr24b2C1nIXeCCiJ631
+0j8QZuDYuhAAw3Zb3jbLKpEliQgOKmqB0KdJcELzlKO/bGu5+v351B9vdSe5DdPS
+/V0N3PU0KaI6LwSrSEFt1yv9QgKZPM+qa5hmF4M5Sm9HNq3bIm4=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1015.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1015.pem
new file mode 100755
index 000000000000..d9d3f941e628
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1015.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4117 (0x1015)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:07:07 2010 GMT
+ Not After : Jan 13 10:07:07 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00\\x00q\x00u\x00o\x00t\x00e
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:f0:7c:07:f6:13:52:ce:13:cf:8a:5f:7f:5f:3c:
+ d4:93:c8:a0:43:1f:e2:fc:3f:62:63:be:b5:17:e0:
+ 32:b0:d0:c2:9a:35:9e:3b:29:30:b4:13:78:18:ae:
+ 80:ba:fb:f3:fc:81:ad:aa:47:18:eb:fc:d1:76:de:
+ b6:cf:55:65:5e:3e:15:93:8e:9c:39:4e:a3:ae:1d:
+ c0:49:22:dc:25:09:33:95:0d:b5:62:7c:96:0b:05:
+ b6:10:ae:ee:f8:18:24:9f:d4:ed:b3:4c:a9:4d:f2:
+ be:6c:66:37:b9:17:cb:14:df:52:b4:a8:de:63:0d:
+ 4f:78:58:16:ab:f2:3f:f6:a9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 41:CC:3D:88:34:10:21:13:A2:34:24:B6:4E:F9:33:3C:B3:FA:56:BC
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 20 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ a7:17:c3:92:37:10:ee:9a:12:65:32:82:56:93:82:fa:0e:40:
+ 9f:ae:30:6a:b1:6f:85:18:7f:ff:9c:30:49:b7:56:bf:a3:86:
+ d7:dd:5d:79:d1:7f:9a:95:b6:bd:1d:43:cc:2c:aa:7a:40:c4:
+ de:17:02:22:74:ec:a9:cd:8d:93:f6:6c:98:7e:bb:6a:68:70:
+ 66:d4:a0:8f:1a:7a:8e:9e:38:35:aa:87:6a:e5:db:80:69:51:
+ 51:68:46:4f:3d:da:17:df:6f:22:60:77:95:55:d3:12:1b:11:
+ c1:6f:c1:96:78:00:47:61:af:53:c0:37:44:6b:92:67:7f:14:
+ 79:80
+-----BEGIN CERTIFICATE-----
+MIICwjCCAiugAwIBAgICEBUwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDA3
+MDdaFw0zNTAxMTMxMDA3MDdaMHMxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxIzAhBgNVBAMeGgBtAGkAZABkAGwAZQAgAFwAcQB1AG8AdABlMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDwfAf2E1LOE8+KX39fPNSTyKBDH+L8P2JjvrUX
+4DKw0MKaNZ47KTC0E3gYroC6+/P8ga2qRxjr/NF23rbPVWVePhWTjpw5TqOuHcBJ
+ItwlCTOVDbVifJYLBbYQru74GCSf1O2zTKlN8r5sZje5F8sU31K0qN5jDU94WBar
+8j/2qQIDAQABo3gwdjALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFEHMPYg0ECETojQk
+tk75Mzyz+la8MB8GA1UdIwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMCcGA1Ud
+EQQgMB6kHDAaMRgwFgYDVQQDEw9Vc2VyIDIwIFJvb3QgMTEwDQYJKoZIhvcNAQEF
+BQADgYEApxfDkjcQ7poSZTKCVpOC+g5An64warFvhRh//5wwSbdWv6OG191dedF/
+mpW2vR1DzCyqekDE3hcCInTsqc2Nk/ZsmH67amhwZtSgjxp6jp44NaqHauXbgGlR
+UWhGTz3aF99vImB3lVXTEhsRwW/BlngAR2GvU8A3RGuSZ38UeYA=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1016.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1016.pem
new file mode 100755
index 000000000000..9f4e006f02eb
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1016.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4118 (0x1016)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:09:50 2010 GMT
+ Not After : Jan 13 10:09:50 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00d\x00o\x00u\x00b\x00l\x00e\x00 \x00\\x00\\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:cd:22:93:9a:93:18:34:2f:50:e0:cc:23:f4:60:
+ bc:96:60:d5:a5:f9:da:45:9a:5b:a3:0a:fb:71:25:
+ 4c:bd:60:84:19:f5:93:28:c1:5d:b9:8d:05:05:4d:
+ 01:85:aa:9e:5b:08:9c:01:f8:32:90:fe:ef:7f:eb:
+ cb:b3:8b:b2:c8:d1:79:d6:47:a3:d8:df:f1:d0:56:
+ 04:04:bd:41:72:fc:98:75:10:d2:9b:b5:bc:55:a1:
+ fa:19:01:67:93:09:48:0a:67:ec:4d:12:47:37:6f:
+ c2:53:0e:c9:7a:30:ec:1d:9d:a5:e2:64:d8:92:4d:
+ ed:ec:b2:bb:10:96:76:28:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ DC:FF:9A:2B:49:51:1E:FB:A7:3A:90:94:1B:E0:3E:34:89:13:48:EE
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 21 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 16:aa:a6:b7:0e:e3:d2:ba:7e:9b:59:f6:cc:ce:5d:4d:2a:f2:
+ 95:60:46:24:dd:ea:e8:08:e6:60:9c:33:82:8c:34:a2:d8:38:
+ fb:75:fe:31:79:10:78:7d:93:44:3b:00:90:83:a4:15:52:8d:
+ 3a:b4:9c:c0:6f:95:2c:4f:d8:b3:3b:cf:69:ab:3c:41:3a:43:
+ 1b:0a:8b:b0:b4:aa:8b:bf:6f:96:e2:65:4a:00:3a:49:bc:9a:
+ a1:cd:13:b1:24:93:f6:44:cd:d3:71:91:da:4f:dd:75:3d:68:
+ 5c:6b:49:14:8a:23:b5:b6:4f:b6:41:d0:a7:16:7c:67:4c:b3:
+ 0a:88
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAjygAwIBAgICEBYwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDA5
+NTBaFw0zNTAxMTMxMDA5NTBaMIGDMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MTMwMQYDVQQDHioAZABvAHUAYgBsAGUAIABcAFwAbQBpAGQAZABsAGUAIABx
+AHUAbwB0AGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM0ik5qTGDQvUODM
+I/RgvJZg1aX52kWaW6MK+3ElTL1ghBn1kyjBXbmNBQVNAYWqnlsInAH4MpD+73/r
+y7OLssjRedZHo9jf8dBWBAS9QXL8mHUQ0pu1vFWh+hkBZ5MJSApn7E0SRzdvwlMO
+yXow7B2dpeJk2JJN7eyyuxCWdihHAgMBAAGjeDB2MAsGA1UdDwQEAwIF4DAdBgNV
+HQ4EFgQU3P+aK0lRHvunOpCUG+A+NIkTSO4wHwYDVR0jBBgwFoAU6Gq7wpDqbHAi
+Pvb2SBsD5r63plUwJwYDVR0RBCAwHqQcMBoxGDAWBgNVBAMTD1VzZXIgMjEgUm9v
+dCAxMTANBgkqhkiG9w0BAQUFAAOBgQAWqqa3DuPSun6bWfbMzl1NKvKVYEYk3ero
+COZgnDOCjDSi2Dj7df4xeRB4fZNEOwCQg6QVUo06tJzAb5UsT9izO89pqzxBOkMb
+CouwtKqLv2+W4mVKADpJvJqhzROxJJP2RM3TcZHaT911PWhca0kUiiO1tk+2QdCn
+FnxnTLMKiA==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1017.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1017.pem
new file mode 100755
index 000000000000..7bb12fa78903
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1017.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4119 (0x1017)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:11:53 2010 GMT
+ Not After : Jan 13 10:11:53 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00p\x00a\x00r\x00t\x00i\x00a\x00l\x00l\x00y\x00 \x00\\x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00\
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e7:c9:bb:89:11:2f:2c:39:bc:d3:f5:d9:86:d4:
+ 8e:d7:20:11:81:75:30:25:7e:2b:29:70:61:83:38:
+ 24:d1:0f:cc:0b:88:71:29:06:05:a5:53:d2:00:2f:
+ 12:0c:7d:42:e6:47:33:de:cc:f8:7b:2a:5d:d9:cb:
+ 69:24:91:38:bf:0c:1a:12:cf:1e:f9:44:c2:1c:e8:
+ 6f:ea:ab:8b:92:4c:93:8c:69:61:b9:57:b3:1d:d0:
+ 03:3e:13:9d:30:bd:b2:b9:d9:c7:9b:4d:18:45:b0:
+ 19:19:15:58:4c:bd:5a:a1:59:4f:f0:1f:99:26:3b:
+ 4e:76:c6:bb:21:3c:94:bc:d9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 43:E4:70:39:E3:91:80:2A:C3:BC:1A:F4:A3:51:4B:99:C5:20:93:A6
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 22 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 28:ce:8c:f0:bf:56:c6:a4:02:df:dd:1d:75:dc:cf:62:a0:92:
+ 58:64:91:8c:bb:96:3c:52:d5:66:6c:31:7e:1c:d9:a8:e5:1c:
+ a6:9f:5e:26:3f:69:71:c6:d7:5d:02:4f:a7:42:a5:85:fa:38:
+ 01:43:36:54:75:4c:51:a2:99:5d:72:05:9a:9b:fc:5e:83:9b:
+ a0:ef:11:b1:a4:dd:a5:50:2f:d0:14:dd:04:0f:8b:93:7e:4b:
+ 3e:24:04:45:d0:98:46:49:74:9f:d7:b4:68:09:dc:b6:ac:35:
+ 3f:5d:f9:ee:77:a4:35:46:75:a4:6a:d6:c1:53:4f:d2:0c:38:
+ 3c:df
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAkigAwIBAgICEBcwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDEx
+NTNaFw0zNTAxMTMxMDExNTNaMIGPMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MT8wPQYDVQQDHjYAcABhAHIAdABpAGEAbABsAHkAIABcAGUAbgBjAGwAbwBz
+AGkAbgBnACAAcQB1AG8AdABlAFwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AOfJu4kRLyw5vNP12YbUjtcgEYF1MCV+KylwYYM4JNEPzAuIcSkGBaVT0gAvEgx9
+QuZHM97M+HsqXdnLaSSROL8MGhLPHvlEwhzob+qri5JMk4xpYblXsx3QAz4TnTC9
+srnZx5tNGEWwGRkVWEy9WqFZT/AfmSY7TnbGuyE8lLzZAgMBAAGjeDB2MAsGA1Ud
+DwQEAwIF4DAdBgNVHQ4EFgQUQ+RwOeORgCrDvBr0o1FLmcUgk6YwHwYDVR0jBBgw
+FoAU6Gq7wpDqbHAiPvb2SBsD5r63plUwJwYDVR0RBCAwHqQcMBoxGDAWBgNVBAMT
+D1VzZXIgMjIgUm9vdCAxMTANBgkqhkiG9w0BAQUFAAOBgQAozozwv1bGpALf3R11
+3M9ioJJYZJGMu5Y8UtVmbDF+HNmo5Rymn14mP2lxxtddAk+nQqWF+jgBQzZUdUxR
+opldcgWam/xeg5ug7xGxpN2lUC/QFN0ED4uTfks+JARF0JhGSXSf17RoCdy2rDU/
+Xfnud6Q1RnWkatbBU0/SDDg83w==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1018.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1018.pem
new file mode 100755
index 000000000000..d134dc5f3ea5
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1018.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4120 (0x1018)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:13:38 2010 GMT
+ Not After : Jan 13 10:13:38 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00\\x00U\x00s\x00e\x00r\x00 \x002\x003\x00,\x00 \x00s\x00t\x00a\x00r\x00t\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b9:e3:64:f8:02:be:98:47:de:c6:f4:22:14:4f:
+ 22:fe:17:8c:14:7f:b8:27:44:51:9d:5a:79:33:b4:
+ d0:21:27:b0:ed:f9:9f:3d:54:ef:ba:3a:d8:89:2a:
+ ca:a8:8f:f3:f6:a7:6b:5f:0a:58:2d:a0:e3:05:3a:
+ 26:a6:1e:b6:89:a1:e1:71:11:e7:16:93:29:69:f8:
+ 14:a2:e3:d7:4e:e5:60:40:d7:40:c5:37:d6:95:7c:
+ 4f:35:fd:a8:82:7f:90:32:1d:99:e7:8a:b9:93:a4:
+ f3:23:0a:a5:f9:56:31:73:d8:e3:cb:d6:0e:2f:2b:
+ ee:8e:b5:ca:eb:63:82:1c:0b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 80:A8:F7:13:E3:E8:F8:A6:60:94:21:C1:FE:54:54:89:AC:4B:DF:45
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 23 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ be:31:bd:4a:56:80:64:f0:1e:ea:77:4a:f3:e3:ec:f0:ad:27:
+ cc:05:01:fa:d2:12:7c:8e:85:5b:37:54:9c:4f:96:2d:1c:81:
+ e4:21:3d:4b:d9:86:1a:6c:29:5e:88:f2:ae:04:f1:70:87:25:
+ b9:9a:4a:ef:dd:21:f9:17:33:ee:a1:eb:38:fb:c4:73:72:70:
+ 0c:67:58:96:95:8c:2c:5a:4a:31:28:50:52:64:65:5c:63:60:
+ de:24:df:a0:e9:0d:c0:b6:d6:4c:51:a7:5a:e8:dd:f6:ff:49:
+ e6:6f:7f:86:38:5d:c7:f9:eb:55:f1:b2:89:3b:cd:41:f7:5d:
+ a8:b0
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAkKgAwIBAgICEBgwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDEz
+MzhaFw0zNTAxMTMxMDEzMzhaMIGJMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MTkwNwYDVQQDHjAAXABVAHMAZQByACAAMgAzACwAIABzAHQAYQByAHQAaQBu
+AGcAIABxAHUAbwB0AGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALnjZPgC
+vphH3sb0IhRPIv4XjBR/uCdEUZ1aeTO00CEnsO35nz1U77o62IkqyqiP8/ana18K
+WC2g4wU6JqYetomh4XER5xaTKWn4FKLj107lYEDXQMU31pV8TzX9qIJ/kDIdmeeK
+uZOk8yMKpflWMXPY48vWDi8r7o61yutjghwLAgMBAAGjeDB2MAsGA1UdDwQEAwIF
+4DAdBgNVHQ4EFgQUgKj3E+Po+KZglCHB/lRUiaxL30UwHwYDVR0jBBgwFoAU6Gq7
+wpDqbHAiPvb2SBsD5r63plUwJwYDVR0RBCAwHqQcMBoxGDAWBgNVBAMTD1VzZXIg
+MjMgUm9vdCAxMTANBgkqhkiG9w0BAQUFAAOBgQC+Mb1KVoBk8B7qd0rz4+zwrSfM
+BQH60hJ8joVbN1ScT5YtHIHkIT1L2YYabCleiPKuBPFwhyW5mkrv3SH5FzPuoes4
++8RzcnAMZ1iWlYwsWkoxKFBSZGVcY2DeJN+g6Q3AttZMUada6N32/0nmb3+GOF3H
++etV8bKJO81B912osA==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1019.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1019.pem
new file mode 100755
index 000000000000..66c3f15bfdbf
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1019.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4121 (0x1019)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:14:50 2010 GMT
+ Not After : Jan 13 10:14:50 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00U\x00s\x00e\x00r\x00 \x002\x004\x00,\x00 \x00e\x00n\x00d\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00\
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:9c:cd:78:e7:11:1d:61:d4:0c:c6:87:c9:28:47:
+ 84:23:6b:86:c3:38:37:62:5a:9a:4b:50:fc:b7:f3:
+ d9:4b:1b:20:ff:06:42:bb:22:33:c5:22:12:2c:bb:
+ e6:c8:08:69:0e:af:e9:22:45:9f:ef:2c:26:46:d7:
+ 1b:36:db:70:58:32:bc:3d:d7:7d:64:27:44:54:6c:
+ 89:12:88:d7:31:3d:3f:5c:96:cb:69:9f:b1:a9:e0:
+ 9a:de:50:b7:ad:d8:29:bf:bc:3c:21:e9:a2:79:21:
+ 46:81:ea:90:df:44:0c:6c:bb:f8:47:c8:e9:79:d1:
+ 8d:40:1b:5d:d3:75:9b:e4:0b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 81:14:09:35:7F:F6:7A:83:6B:19:C2:22:24:92:E6:D4:EF:52:1C:0B
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 24 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 7c:65:0b:e2:cd:ca:00:e8:40:0f:37:70:a1:89:54:5d:03:06:
+ 2c:60:56:dc:2f:b7:01:ac:75:58:f6:82:8f:91:63:e2:91:d1:
+ 17:7b:bd:63:b9:9c:4e:46:86:3e:a6:f5:a6:56:ac:90:2a:f4:
+ d8:a0:6c:02:15:6e:d9:f6:2a:f8:9a:c4:48:bd:cd:54:82:55:
+ c6:d5:52:76:09:e3:3d:17:8d:5c:46:16:ae:9e:56:df:9f:c3:
+ 05:15:6f:ae:d0:b5:76:67:48:2d:5a:3c:59:da:1b:13:c3:84:
+ 5e:2a:57:8d:86:9a:f1:8a:5d:01:47:93:44:62:af:65:03:e1:
+ df:10
+-----BEGIN CERTIFICATE-----
+MIIC1TCCAj6gAwIBAgICEBkwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDE0
+NTBaFw0zNTAxMTMxMDE0NTBaMIGFMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MTUwMwYDVQQDHiwAVQBzAGUAcgAgADIANAAsACAAZQBuAGQAaQBuAGcAIABx
+AHUAbwB0AGUAXDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnM145xEdYdQM
+xofJKEeEI2uGwzg3YlqaS1D8t/PZSxsg/wZCuyIzxSISLLvmyAhpDq/pIkWf7ywm
+RtcbNttwWDK8Pdd9ZCdEVGyJEojXMT0/XJbLaZ+xqeCa3lC3rdgpv7w8IemieSFG
+geqQ30QMbLv4R8jpedGNQBtd03Wb5AsCAwEAAaN4MHYwCwYDVR0PBAQDAgXgMB0G
+A1UdDgQWBBSBFAk1f/Z6g2sZwiIkkubU71IcCzAfBgNVHSMEGDAWgBToarvCkOps
+cCI+9vZIGwPmvremVTAnBgNVHREEIDAepBwwGjEYMBYGA1UEAxMPVXNlciAyNCBS
+b290IDExMA0GCSqGSIb3DQEBBQUAA4GBAHxlC+LNygDoQA83cKGJVF0DBixgVtwv
+twGsdVj2go+RY+KR0Rd7vWO5nE5Ghj6m9aZWrJAq9NigbAIVbtn2KviaxEi9zVSC
+VcbVUnYJ4z0XjVxGFq6eVt+fwwUVb67QtXZnSC1aPFnaGxPDhF4qV42GmvGKXQFH
+k0Rir2UD4d8Q
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101A.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101A.pem
new file mode 100755
index 000000000000..ba352d83d135
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101A.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4122 (0x101a)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:16:10 2010 GMT
+ Not After : Jan 13 10:16:10 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00\\x00U\x00s\x00e\x00r\x00 \x002\x005\x00,\x00 \x00e\x00n\x00c\x00l\x00o\x00s\x00i\x00n\x00g\x00 \x00q\x00u\x00o\x00t\x00e\x00\
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ad:20:4a:85:d2:a8:2a:f8:0e:4c:b5:2d:72:a5:
+ 1d:0e:b1:8a:76:2c:b0:bf:7a:48:b8:57:29:cb:40:
+ c5:8a:e8:0e:d3:f6:f9:b1:90:a6:4a:bb:82:45:fd:
+ c2:ff:03:fa:fc:4a:5d:93:0b:52:a2:17:10:b1:7e:
+ 13:1d:9d:28:26:e3:44:bd:fd:26:da:b2:7b:47:e1:
+ c4:35:ea:53:1b:94:76:cc:f2:f6:c1:86:f2:18:46:
+ e1:71:c0:5d:e5:8f:0a:10:7a:ea:61:af:d0:ba:28:
+ 22:13:77:0f:7d:9e:e0:0a:f0:92:ce:dd:b3:5d:a6:
+ df:c1:eb:a8:29:57:e6:71:65
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ C3:EE:4A:7E:AC:46:2D:BA:42:F7:33:1F:E7:49:FA:21:D3:BC:DD:49
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 25 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ bf:63:34:12:e3:4b:83:4e:e5:c5:08:c3:b3:ea:be:38:33:38:
+ 3c:99:c3:ca:08:84:05:d4:21:53:7a:7d:43:86:c2:63:e2:d3:
+ 7c:21:3c:72:fa:c6:f3:bf:2b:10:5e:ca:4b:2c:2c:1c:e3:10:
+ eb:7c:ff:b1:20:b2:47:1b:b3:3e:77:b6:74:fb:83:85:ac:b8:
+ c9:5b:ca:8a:14:2f:e4:81:6e:04:6f:c8:37:c0:9f:c0:41:0f:
+ b4:6e:21:82:69:51:e8:68:09:72:c4:8c:72:db:47:0b:a5:52:
+ d7:e7:b3:5d:10:9c:ed:14:af:1c:fd:0b:11:a3:fd:f9:b9:2d:
+ 48:b5
+-----BEGIN CERTIFICATE-----
+MIIC3TCCAkagAwIBAgICEBowDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDE2
+MTBaFw0zNTAxMTMxMDE2MTBaMIGNMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MT0wOwYDVQQDHjQAXABVAHMAZQByACAAMgA1ACwAIABlAG4AYwBsAG8AcwBp
+AG4AZwAgAHEAdQBvAHQAZQBcMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt
+IEqF0qgq+A5MtS1ypR0OsYp2LLC/eki4VynLQMWK6A7T9vmxkKZKu4JF/cL/A/r8
+Sl2TC1KiFxCxfhMdnSgm40S9/SbasntH4cQ16lMblHbM8vbBhvIYRuFxwF3ljwoQ
+euphr9C6KCITdw99nuAK8JLO3bNdpt/B66gpV+ZxZQIDAQABo3gwdjALBgNVHQ8E
+BAMCBeAwHQYDVR0OBBYEFMPuSn6sRi26QvczH+dJ+iHTvN1JMB8GA1UdIwQYMBaA
+FOhqu8KQ6mxwIj729kgbA+a+t6ZVMCcGA1UdEQQgMB6kHDAaMRgwFgYDVQQDEw9V
+c2VyIDI1IFJvb3QgMTEwDQYJKoZIhvcNAQEFBQADgYEAv2M0EuNLg07lxQjDs+q+
+ODM4PJnDygiEBdQhU3p9Q4bCY+LTfCE8cvrG878rEF7KSywsHOMQ63z/sSCyRxuz
+Pne2dPuDhay4yVvKihQv5IFuBG/IN8CfwEEPtG4hgmlR6GgJcsSMcttHC6VS1+ez
+XRCc7RSvHP0LEaP9+bktSLU=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101B.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101B.pem
new file mode 100755
index 000000000000..4c03562a8ea9
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101B.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4123 (0x101b)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:17:45 2010 GMT
+ Not After : Jan 13 10:17:45 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00U\x00s\x00e\x00r\x00 \x002\x006\x00\\x00,\x00 \x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ec:4c:2b:ba:b1:e5:ba:83:e8:64:6c:67:fe:f9:
+ 84:9a:71:68:0b:10:b0:2e:2c:21:d8:6d:c8:cc:de:
+ 82:76:15:b8:74:a0:4b:3c:39:f0:ee:3a:08:6c:0e:
+ 0c:36:51:ed:44:04:ca:2b:76:30:6f:85:d4:f6:f0:
+ 7e:53:2b:17:90:6a:7b:79:e0:c2:00:f2:5f:dd:19:
+ 8f:09:7a:a2:c8:85:95:24:e0:41:39:ec:75:e1:c7:
+ 03:ba:6d:e9:81:48:8b:36:38:e0:99:3e:58:04:e3:
+ 03:8d:e4:3b:95:98:0a:23:96:f1:96:50:06:5d:71:
+ 6f:02:e1:c5:cd:e0:5c:c4:7b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 1D:A3:64:F0:93:51:C2:F2:1A:BB:D0:2D:20:95:5E:19:94:4C:72:BB
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 26 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 8c:c1:56:7d:d9:a8:f7:af:4b:57:4a:a5:2a:32:11:12:e0:d8:
+ 0e:10:39:8f:17:53:25:f5:c6:57:55:e4:f0:16:f2:11:cc:af:
+ cc:44:6b:23:6f:8e:2a:df:ee:ff:f0:d4:3f:0a:85:7e:19:de:
+ f8:cf:69:be:8b:59:ad:3c:be:3c:d7:32:ac:ba:82:91:28:23:
+ 71:ba:b5:29:05:e4:98:ee:2b:bb:56:04:7f:8b:69:c5:f9:4c:
+ 1b:0b:2e:3a:46:41:8e:da:16:68:9f:c7:57:71:8e:97:0d:b0:
+ a1:92:ae:7c:75:46:ef:b4:6d:8e:e7:53:07:23:a4:e1:e0:f0:
+ e7:3b
+-----BEGIN CERTIFICATE-----
+MIIC1TCCAj6gAwIBAgICEBswDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDE3
+NDVaFw0zNTAxMTMxMDE3NDVaMIGFMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MTUwMwYDVQQDHiwAVQBzAGUAcgAgADIANgBcACwAIABtAGkAZABkAGwAZQAg
+AHEAdQBvAHQAZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7EwrurHluoPo
+ZGxn/vmEmnFoCxCwLiwh2G3IzN6CdhW4dKBLPDnw7joIbA4MNlHtRATKK3Ywb4XU
+9vB+UysXkGp7eeDCAPJf3RmPCXqiyIWVJOBBOex14ccDum3pgUiLNjjgmT5YBOMD
+jeQ7lZgKI5bxllAGXXFvAuHFzeBcxHsCAwEAAaN4MHYwCwYDVR0PBAQDAgXgMB0G
+A1UdDgQWBBQdo2Twk1HC8hq70C0glV4ZlExyuzAfBgNVHSMEGDAWgBToarvCkOps
+cCI+9vZIGwPmvremVTAnBgNVHREEIDAepBwwGjEYMBYGA1UEAxMPVXNlciAyNiBS
+b290IDExMA0GCSqGSIb3DQEBBQUAA4GBAIzBVn3ZqPevS1dKpSoyERLg2A4QOY8X
+UyX1xldV5PAW8hHMr8xEayNvjirf7v/w1D8KhX4Z3vjPab6LWa08vjzXMqy6gpEo
+I3G6tSkF5JjuK7tWBH+LacX5TBsLLjpGQY7aFmifx1dxjpcNsKGSrnx1Ru+0bY7n
+UwcjpOHg8Oc7
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101C.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101C.pem
new file mode 100755
index 000000000000..c403402f3dd4
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101C.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4124 (0x101c)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:19:13 2010 GMT
+ Not After : Jan 13 10:19:13 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=comma, comma, comma ,
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:af:2e:02:1a:b8:ed:7e:6e:27:2f:6e:ca:dc:57:
+ 11:17:88:37:38:37:26:d0:fb:d0:ee:ad:f3:a8:ad:
+ f5:8a:53:04:6a:82:a7:31:b5:e6:ce:88:24:fa:22:
+ 75:84:1b:a8:8c:fd:7f:63:0c:fc:13:41:82:60:a3:
+ 19:33:3d:d3:18:6e:09:c5:c7:e7:e9:9e:49:dd:f4:
+ 77:ef:f1:06:91:9a:c5:57:68:e5:0f:59:19:8d:53:
+ ff:cb:ae:11:33:48:5c:eb:72:e8:2f:67:ae:94:42:
+ d3:5b:2e:31:e3:6f:a7:5e:5e:9c:ea:2c:d2:c3:af:
+ 66:10:34:32:e5:2d:3f:55:c1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ A1:FB:82:9C:27:AD:83:67:5E:8C:CC:A2:BA:32:3C:30:26:74:F4:CE
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 27 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ c6:72:8b:f8:57:9e:b7:bf:b1:f3:99:41:1c:8c:47:a1:93:d8:
+ 62:8e:2d:68:6c:db:12:02:86:e0:66:65:c1:7c:c4:83:35:4c:
+ 16:53:fd:34:c1:3c:60:15:fc:3d:3b:90:07:68:ca:af:a1:10:
+ 39:c4:6b:15:a6:1a:71:51:20:ea:35:84:ef:8f:ac:51:bc:d7:
+ 84:d8:35:71:44:8e:8c:4f:59:76:3d:b3:5f:5c:26:9e:bc:ee:
+ 09:40:13:3b:38:85:02:56:7d:97:db:4d:3d:b5:a1:66:cf:df:
+ 19:7a:2f:71:b7:a4:12:c3:9b:df:83:f9:a8:8a:00:68:e4:3a:
+ ee:25
+-----BEGIN CERTIFICATE-----
+MIICvTCCAiagAwIBAgICEBwwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDE5
+MTNaFw0zNTAxMTMxMDE5MTNaMG4xCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxHjAcBgNVBAMTFWNvbW1hLCBjb21tYSwgY29tbWEgLDCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAry4CGrjtfm4nL27K3FcRF4g3ODcm0PvQ7q3zqK31ilME
+aoKnMbXmzogk+iJ1hBuojP1/Ywz8E0GCYKMZMz3TGG4Jxcfn6Z5J3fR37/EGkZrF
+V2jlD1kZjVP/y64RM0hc63LoL2eulELTWy4x42+nXl6c6izSw69mEDQy5S0/VcEC
+AwEAAaN4MHYwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBSh+4KcJ62DZ16MzKK6Mjww
+JnT0zjAfBgNVHSMEGDAWgBToarvCkOpscCI+9vZIGwPmvremVTAnBgNVHREEIDAe
+pBwwGjEYMBYGA1UEAxMPVXNlciAyNyBSb290IDExMA0GCSqGSIb3DQEBBQUAA4GB
+AMZyi/hXnre/sfOZQRyMR6GT2GKOLWhs2xIChuBmZcF8xIM1TBZT/TTBPGAV/D07
+kAdoyq+hEDnEaxWmGnFRIOo1hO+PrFG814TYNXFEjoxPWXY9s19cJp687glAEzs4
+hQJWfZfbTT21oWbP3xl6L3G3pBLDm9+D+aiKAGjkOu4l
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101D.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101D.pem
new file mode 100755
index 000000000000..2790a2abd2a1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101D.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4125 (0x101d)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:20:47 2010 GMT
+ Not After : Jan 13 10:20:47 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=equal CN=User 28
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ae:df:12:64:ab:d9:2f:ee:21:64:b5:08:c5:c8:
+ 8f:a1:ad:0e:b9:28:91:69:74:13:a5:aa:49:fe:fa:
+ 02:9d:37:db:0a:3b:26:6a:20:25:3d:f9:2d:b2:3b:
+ 39:c8:c6:e3:a7:aa:a1:0b:b2:1b:58:43:e6:3c:3f:
+ 67:fe:bb:bd:9b:b5:d9:de:e9:ed:76:ab:fd:f5:c8:
+ 15:b2:fb:a6:3f:23:ef:9f:5f:71:43:b3:be:55:1e:
+ 85:5f:13:b1:6b:9d:42:d7:30:a8:d2:9b:fe:71:7a:
+ c7:d3:60:7a:cf:e2:83:75:83:b8:1c:d3:ef:ee:94:
+ 3f:14:63:aa:7c:15:4e:42:1d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 3B:2D:2B:5F:2E:E6:32:23:AE:47:B7:30:25:CB:ED:B0:6D:0C:30:E4
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 28 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 5b:cf:de:92:f8:ac:39:fb:0a:81:70:5b:17:d0:0d:0d:85:5e:
+ 2e:7d:be:d1:1a:ad:1d:99:a4:a6:f0:48:5a:7b:04:39:e2:93:
+ ff:80:84:f6:a1:e6:8a:52:12:55:46:c0:57:84:d9:c3:13:92:
+ 61:d7:41:af:39:09:57:05:25:01:90:68:7c:7c:5c:85:c6:f2:
+ fe:0e:37:e3:58:68:f9:32:fc:41:2c:35:36:f4:cf:ea:55:2d:
+ 52:7c:fb:37:32:35:cf:82:eb:fc:f1:39:f1:51:f1:e1:5b:d6:
+ 58:e1:7f:d4:50:ce:cf:07:f2:e5:f5:e2:dd:fe:55:3f:64:07:
+ 90:4f
+-----BEGIN CERTIFICATE-----
+MIICuDCCAiGgAwIBAgICEB0wDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDIw
+NDdaFw0zNTAxMTMxMDIwNDdaMGkxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxGTAXBgNVBAMTEGVxdWFsIENOPVVzZXIgMjgwgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBAK7fEmSr2S/uIWS1CMXIj6GtDrkokWl0E6WqSf76Ap032wo7Jmog
+JT35LbI7OcjG46eqoQuyG1hD5jw/Z/67vZu12d7p7Xar/fXIFbL7pj8j759fcUOz
+vlUehV8TsWudQtcwqNKb/nF6x9Nges/ig3WDuBzT7+6UPxRjqnwVTkIdAgMBAAGj
+eDB2MAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUOy0rXy7mMiOuR7cwJcvtsG0MMOQw
+HwYDVR0jBBgwFoAU6Gq7wpDqbHAiPvb2SBsD5r63plUwJwYDVR0RBCAwHqQcMBox
+GDAWBgNVBAMTD1VzZXIgMjggUm9vdCAxMTANBgkqhkiG9w0BAQUFAAOBgQBbz96S
++Kw5+wqBcFsX0A0NhV4ufb7RGq0dmaSm8EhaewQ54pP/gIT2oeaKUhJVRsBXhNnD
+E5Jh10GvOQlXBSUBkGh8fFyFxvL+DjfjWGj5MvxBLDU29M/qVS1SfPs3MjXPguv8
+8TnxUfHhW9ZY4X/UUM7PB/Ll9eLd/lU/ZAeQTw==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101E.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101E.pem
new file mode 100755
index 000000000000..f12a0c1c0d9d
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101E.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4126 (0x101e)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:22:13 2010 GMT
+ Not After : Jan 13 10:22:13 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 29+OU=ooo
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ae:12:dc:26:fe:7f:b8:3f:47:a2:dc:83:a1:70:
+ 6d:ab:db:e5:3c:28:d5:18:32:2c:8d:ee:85:c6:f9:
+ f4:8b:31:34:71:de:91:79:fb:56:b4:9c:af:3e:b1:
+ c6:de:06:3f:32:fc:45:9d:9b:dd:15:0f:b5:c3:98:
+ ab:8c:1e:3d:63:7c:2a:c5:b9:38:3d:50:6c:81:9e:
+ f0:b3:5b:41:1a:ec:15:b2:7f:2b:b4:d4:42:aa:ca:
+ e6:89:b0:c6:58:bd:2d:38:f3:4d:85:c3:08:d7:45:
+ 48:42:d7:fe:ee:7a:c0:22:41:c0:c6:cb:77:7c:22:
+ 43:07:35:dc:88:7c:49:3a:9b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ E0:19:7F:AC:F8:6A:42:7E:84:CA:8C:84:45:75:4E:9D:A1:D1:2A:72
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 29 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 85:c9:ea:82:e2:ac:f6:b3:15:51:11:bd:69:81:31:8f:ee:d3:
+ f9:f4:8e:d5:27:34:20:89:76:eb:8a:5b:02:69:9b:97:89:d7:
+ 6b:aa:03:7f:b5:40:f9:ac:54:ce:8f:30:fd:3e:78:72:91:96:
+ dc:a6:bd:64:42:f8:e4:18:1a:e3:b5:db:08:fe:1e:fc:3d:a2:
+ 55:21:ad:0f:1a:87:df:f2:65:87:4d:91:52:c1:46:c1:c0:7c:
+ cc:81:79:97:dc:2e:41:cc:ae:8c:8e:79:4e:02:49:7c:c5:b0:
+ 3e:8e:d9:f0:aa:6b:a6:2f:e7:d2:21:5b:7f:57:e8:f7:f6:00:
+ 3c:ad
+-----BEGIN CERTIFICATE-----
+MIICtjCCAh+gAwIBAgICEB4wDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDIy
+MTNaFw0zNTAxMTMxMDIyMTNaMGcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxFzAVBgNVBAMTDlVzZXIgMjkrT1U9b29vMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQCuEtwm/n+4P0ei3IOhcG2r2+U8KNUYMiyN7oXG+fSLMTRx3pF5+1a0
+nK8+scbeBj8y/EWdm90VD7XDmKuMHj1jfCrFuTg9UGyBnvCzW0Ea7BWyfyu01EKq
+yuaJsMZYvS04802FwwjXRUhC1/7uesAiQcDGy3d8IkMHNdyIfEk6mwIDAQABo3gw
+djALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFOAZf6z4akJ+hMqMhEV1Tp2h0SpyMB8G
+A1UdIwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMCcGA1UdEQQgMB6kHDAaMRgw
+FgYDVQQDEw9Vc2VyIDI5IFJvb3QgMTEwDQYJKoZIhvcNAQEFBQADgYEAhcnqguKs
+9rMVURG9aYExj+7T+fSO1Sc0IIl264pbAmmbl4nXa6oDf7VA+axUzo8w/T54cpGW
+3Ka9ZEL45Bga47XbCP4e/D2iVSGtDxqH3/Jlh02RUsFGwcB8zIF5l9wuQcyujI55
+TgJJfMWwPo7Z8Kprpi/n0iFbf1fo9/YAPK0=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101F.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101F.pem
new file mode 100755
index 000000000000..1393b9ed3ed3
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/101F.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4127 (0x101f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:26:01 2010 GMT
+ Not After : Jan 13 10:26:01 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00U\x00s\x00e\x00r\x00 \x003\x000\x00<\x00 \x00>\x00#\x00;\x00 \x00"\x00+\x00"
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:cf:40:99:4d:a5:5d:73:2a:78:72:9c:32:94:15:
+ 1e:01:40:b4:68:8f:b8:4e:38:aa:b9:82:96:5a:5c:
+ 03:d5:db:09:42:46:d8:2d:f0:da:f8:1a:f0:85:10:
+ f2:cb:1f:be:50:b7:ae:6f:22:80:f2:bf:14:73:84:
+ da:30:b9:54:26:0d:72:1c:55:99:50:c6:78:a3:37:
+ 15:b2:9c:03:22:dc:ea:8b:f5:07:32:f3:d9:76:64:
+ 92:a3:4f:73:12:e2:43:79:0e:e6:44:17:99:79:49:
+ 73:65:da:03:3d:be:db:e3:4f:ae:6c:d0:6c:e6:4a:
+ d3:83:45:5d:83:18:d5:cc:29
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ D9:EA:10:1D:D3:F5:30:AD:30:0E:80:73:14:22:1A:26:35:90:DC:67
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 30 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 42:3a:02:d5:7b:23:9f:cc:5b:b8:d4:c8:e8:0c:e3:0d:8a:17:
+ 65:b6:87:ce:c9:dc:f7:84:95:e0:17:ea:11:8b:15:30:e1:a2:
+ 42:6c:4e:f0:31:fa:fd:ff:03:37:d4:ec:4c:1d:29:8d:07:8a:
+ c8:de:0b:d6:df:d7:2e:12:8a:00:a0:ca:be:48:af:17:36:63:
+ 8e:f2:cf:80:8b:a1:e2:33:ef:42:db:91:d3:8e:4b:02:55:5e:
+ f7:79:11:5c:6d:ef:64:8b:53:a6:af:f5:0f:e2:75:7a:d6:85:
+ f6:60:d5:7e:d6:8c:0e:37:84:a9:50:2b:c7:e6:63:bf:1d:14:
+ aa:bf
+-----BEGIN CERTIFICATE-----
+MIICyDCCAjGgAwIBAgICEB8wDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDI2
+MDFaFw0zNTAxMTMxMDI2MDFaMHkxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxKTAnBgNVBAMeIABVAHMAZQByACAAMwAwADwAIAA+ACMAOwAgACIAKwAiMIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPQJlNpV1zKnhynDKUFR4BQLRoj7hO
+OKq5gpZaXAPV2wlCRtgt8Nr4GvCFEPLLH75Qt65vIoDyvxRzhNowuVQmDXIcVZlQ
+xnijNxWynAMi3OqL9Qcy89l2ZJKjT3MS4kN5DuZEF5l5SXNl2gM9vtvjT65s0Gzm
+StODRV2DGNXMKQIDAQABo3gwdjALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFNnqEB3T
+9TCtMA6AcxQiGiY1kNxnMB8GA1UdIwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZV
+MCcGA1UdEQQgMB6kHDAaMRgwFgYDVQQDEw9Vc2VyIDMwIFJvb3QgMTEwDQYJKoZI
+hvcNAQEFBQADgYEAQjoC1Xsjn8xbuNTI6AzjDYoXZbaHzsnc94SV4BfqEYsVMOGi
+QmxO8DH6/f8DN9TsTB0pjQeKyN4L1t/XLhKKAKDKvkivFzZjjvLPgIuh4jPvQtuR
+045LAlVe93kRXG3vZItTpq/1D+J1etaF9mDVftaMDjeEqVArx+Zjvx0Uqr8=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1020.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1020.pem
new file mode 100755
index 000000000000..40e90d4cbea9
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1020.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4128 (0x1020)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:28:47 2010 GMT
+ Not After : Jan 13 10:28:47 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00U\x00s\x00e\x00r\x00 \x003\x001\x00 \x00\\x00"\x00a\x00,\x00b\x00"\x00+\x00C\x00N\x00=\x00U\x00S\x00,\x00 \x00>\x00 \x00\\x00\\x00d\x00e\x00 \x00<
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ac:02:18:e0:1c:54:bb:76:97:2e:d3:67:78:b7:
+ 14:78:46:83:7c:e9:5c:2b:2f:25:bb:bf:90:c0:52:
+ ea:2c:79:d6:9d:af:b5:f8:86:a2:bf:56:9b:0f:33:
+ ed:ef:d2:2c:57:c6:0a:25:b3:f7:9b:a1:7a:3b:75:
+ 0b:18:86:23:64:2a:23:b0:60:f1:d8:05:b4:a6:7b:
+ 77:21:30:b4:0d:f1:af:e1:fb:d6:88:a8:5b:5d:7e:
+ a2:bf:ce:20:f6:c0:7a:89:f2:0f:33:47:6d:49:0f:
+ 3d:59:27:f9:95:c0:3b:a3:1c:18:a1:2d:95:09:e8:
+ d2:95:ac:10:92:fc:db:84:e3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ F8:BA:7E:78:BC:70:33:D3:45:68:37:59:3A:06:AC:65:B1:15:74:F0
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 31 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 0f:a8:53:f0:56:76:df:a8:b3:5b:d1:e8:98:62:8f:a6:13:96:
+ c3:6b:ca:3f:e1:09:37:54:6f:ac:15:4b:74:0c:6c:3f:fe:de:
+ 36:58:a2:9d:a0:1f:18:97:2c:1d:bc:c6:df:ee:aa:5b:d3:da:
+ 2f:51:02:7a:ba:a9:7e:4d:cf:47:16:0b:f1:b1:e1:28:2b:fe:
+ a4:9d:50:96:cd:c5:45:09:35:50:93:9b:97:a9:23:2a:5e:f0:
+ 2e:16:18:3f:50:7a:83:59:c5:6c:79:99:d3:ea:12:ef:15:a9:
+ b0:93:1e:4b:26:6c:63:13:7f:d3:5a:0c:4d:0b:f4:51:21:98:
+ 4f:81
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAk6gAwIBAgICECAwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDI4
+NDdaFw0zNTAxMTMxMDI4NDdaMIGVMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MUUwQwYDVQQDHjwAVQBzAGUAcgAgADMAMQAgAFwAIgBhACwAYgAiACsAQwBO
+AD0AVQBTACwAIAA+ACAAXABcAGQAZQAgADwwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAKwCGOAcVLt2ly7TZ3i3FHhGg3zpXCsvJbu/kMBS6ix51p2vtfiGor9W
+mw8z7e/SLFfGCiWz95uhejt1CxiGI2QqI7Bg8dgFtKZ7dyEwtA3xr+H71oioW11+
+or/OIPbAeonyDzNHbUkPPVkn+ZXAO6McGKEtlQno0pWsEJL824TjAgMBAAGjeDB2
+MAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU+Lp+eLxwM9NFaDdZOgasZbEVdPAwHwYD
+VR0jBBgwFoAU6Gq7wpDqbHAiPvb2SBsD5r63plUwJwYDVR0RBCAwHqQcMBoxGDAW
+BgNVBAMTD1VzZXIgMzEgUm9vdCAxMTANBgkqhkiG9w0BAQUFAAOBgQAPqFPwVnbf
+qLNb0eiYYo+mE5bDa8o/4Qk3VG+sFUt0DGw//t42WKKdoB8YlywdvMbf7qpb09ov
+UQJ6uql+Tc9HFgvxseEoK/6knVCWzcVFCTVQk5uXqSMqXvAuFhg/UHqDWcVseZnT
+6hLvFamwkx5LJmxjE3/TWgxNC/RRIZhPgQ==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1021.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1021.pem
new file mode 100755
index 000000000000..443c07462820
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1021.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4129 (0x1021)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Jan 19 10:40:59 2010 GMT
+ Not After : Jan 13 10:40:59 2035 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=\x00U\x00s\x00e\x00r\x00 \x001\x004\x00 \x00"\x00,\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:da:7a:30:0d:63:da:74:05:ef:3e:d2:f4:2b:1b:
+ 50:e3:64:67:98:7d:2f:83:e7:77:7b:b8:72:9b:c8:
+ 9e:65:de:cc:2a:7b:76:c2:08:05:7a:ce:88:3e:ed:
+ b5:75:89:36:d2:4a:bb:3b:66:ac:57:2b:15:99:c9:
+ d4:74:ca:f5:eb:ff:80:b7:9f:6b:48:2f:3b:a7:51:
+ c4:12:af:96:ca:ac:b9:ea:23:fd:93:f7:7d:5b:d1:
+ ab:7c:24:1e:fe:48:dc:33:de:45:d6:8c:86:5a:b9:
+ 56:3c:e4:a9:f1:8c:d7:41:01:da:04:2a:7d:06:c3:
+ 5b:a4:cc:5f:6c:ef:7c:4e:ef
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 49:E2:AE:12:D7:EF:C3:B5:02:65:DD:CF:B2:62:E6:25:ED:3D:10:9C
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DirName:/CN=User 14 Root 11
+ Signature Algorithm: sha1WithRSAEncryption
+ 8b:ca:d2:93:cb:d1:cc:a9:67:a3:be:75:cf:ca:cd:22:78:cc:
+ 7c:f9:f1:2c:94:2c:60:bd:0f:18:16:26:fe:de:0d:19:5a:87:
+ de:34:8c:1f:eb:89:37:74:63:d4:d9:cd:59:35:06:24:a5:6f:
+ f2:c6:69:f4:b5:37:6d:ae:8b:d3:5d:5e:43:8f:36:7d:f8:0c:
+ 30:3f:74:3d:e2:85:89:75:58:36:0f:df:72:17:47:22:c6:fd:
+ 47:e3:d6:73:d1:40:89:e8:9a:ba:53:14:5c:3a:de:a9:85:a8:
+ 8f:b0:27:81:4d:87:ef:bb:6b:bf:8c:8a:71:9b:94:1d:30:d5:
+ 12:ed
+-----BEGIN CERTIFICATE-----
+MIIC1TCCAj6gAwIBAgICECEwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDAxMTkxMDQw
+NTlaFw0zNTAxMTMxMDQwNTlaMIGFMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFt
+YnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsTC0RldmVsb3Bt
+ZW50MTUwMwYDVQQDHiwAVQBzAGUAcgAgADEANAAgACIALABtAGkAZABkAGwAZQAg
+AHEAdQBvAHQAZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2nowDWPadAXv
+PtL0KxtQ42RnmH0vg+d3e7hym8ieZd7MKnt2wggFes6IPu21dYk20kq7O2asVysV
+mcnUdMr16/+At59rSC87p1HEEq+Wyqy56iP9k/d9W9GrfCQe/kjcM95F1oyGWrlW
+POSp8YzXQQHaBCp9BsNbpMxfbO98Tu8CAwEAAaN4MHYwCwYDVR0PBAQDAgXgMB0G
+A1UdDgQWBBRJ4q4S1+/DtQJl3c+yYuYl7T0QnDAfBgNVHSMEGDAWgBToarvCkOps
+cCI+9vZIGwPmvremVTAnBgNVHREEIDAepBwwGjEYMBYGA1UEAxMPVXNlciAxNCBS
+b290IDExMA0GCSqGSIb3DQEBBQUAA4GBAIvK0pPL0cypZ6O+dc/KzSJ4zHz58SyU
+LGC9DxgWJv7eDRlah940jB/riTd0Y9TZzVk1BiSlb/LGafS1N22ui9NdXkOPNn34
+DDA/dD3ihYl1WDYP33IXRyLG/Ufj1nPRQInomrpTFFw63qmFqI+wJ4FNh++7a7+M
+inGblB0w1RLt
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..fb0dd164efc2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F268674FF1377D42
+
+kJQy9qJMCqZyDVs3+ZKQnh22enecltKSYzd0S1dIN1chgQ0RzLEiWBHmHCVP/yB0
+YoKrQ07FUR/uSLqTbyhAl+KDVcNvqrj/NeWs0n8zqN0ZF6wQtxtDrWFWmHNAvQXU
+2kO1CvjYiruapgwmVDDJV1qf25byenQv9LMyQMD6EPU1XqFeamklidALdkb7DylA
+WL6EIg4vhh96ZaG6PwLcB9rho0QRrXrLS6SHiklNBN5fHUWOfDyhXJ7K4HvzH1SS
+/EtqgyKKxH5irTRdoJg2OaDBAahyW93CneEnFdufDgzvCdrsg79Z2GFz7TDJEfW4
+rnoqoXTdei1Ah+t1BC4uXXAU8DR0xusnJi0qJDJ7ETRBhROlNhTRF8TAHll+5dIf
+9772GwVT+hADZn1qJgmhPiN4f8Fx33k5NOcwb0X/0Z1mzULrwm1P6lng0DsusDo0
+dr/wFyRjWZEWhMcL/sIO1BwVTBPcE8CACnXutehs44DBWd91EQ4+PWNq7oPtHFw8
+09d30h4aJJZF/SGRi+f/czFyZF4WS2Q+UWmNNKJX8wCGQqzUb02kVwMEWHiNFiEo
+V8xI3JXVmKHDWlgdoIz9kVe//3AfY5y+52cYLdqaNW8IsgWZC8SC9Lk9j5uaNZ/I
+leNppt4ID7mfYPqjEXEKleC+1ncwFwdVl/zaa/fM78sWqDYrLZC47DToLfoQ9Gez
+3dj3554iHTe61Jd7JsK85pYsrIHAeYppOpqzLyQmCu3twBl3uGD7KXxvdZRt8foE
+Vrg/QSIB4E6gfSBP0UrXzsnga8tjVyqRW2vAvt0uLn945ducapf9oQ==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial
new file mode 100755
index 000000000000..c7781419a38b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial
@@ -0,0 +1 @@
+1022
diff --git a/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg
new file mode 100755
index 000000000000..8bf98da50e74
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg
@@ -0,0 +1,295 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+utf8 = yes
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask =pkix
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+commonName_default =User 14 \",middle quote
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+#nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+subjectAltName=dirName:dn_subjectAlt
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+[dn_subjectAlt]
+CN=User 14 Root 11
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+#crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Root_7.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Root_2/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Root_2/demoCA/cacert.pem
new file mode 100755
index 000000000000..e64badeef6c7
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_2/demoCA/cacert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAm2gAwIBAgIJAKKvFYnsc1SGMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9y
+ZzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgMjAeFw0wOTEx
+MTgxNTQ2NTJaFw0zNDExMTIxNTQ2NTJaMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAsJSDLnSsoNY1U8hS0g5cmu7ihp+nvDvx8C75Wav80KumG9gcS3icmSOm
+vPVqUmJq5o9CKM8z4vJR7D3e+Wf7S7XHMdL0uXuQi+QQCB1aMAWMxo7xnoWAXZrS
+LG1BWUjD9sdKCHuQfFQv9ke3cA2dGZFSMsUD73JYoo0RD72ftFkCAwEAAaOBxzCB
+xDAdBgNVHQ4EFgQUX7xM2usKDLUjQ14kMid5QfWCowIwgZEGA1UdIwSBiTCBhoAU
+X7xM2usKDLUjQ14kMid5QfWCowKhY6RhMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgMoIJAKKvFYnsc1SGMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAqfEPhXASt24n8P9mDKisEn2EIYmJKLaY
+AVwXLPXUOiMlqrfPRKpseQII4WmDCRxMa6bKCwf4pKUWIpTpDhRZCUespaLz1AcU
+ntv+HTXq1ECK+akK33fsh5qMvokfzZM+Q0zCiFV/c2aTTGSM5mV3/q810RUlNQY3
+1y+AN+6fRqE=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_2/demoCA/crl/DO_NOT_CREATE_A_CRL b/xmlsecurity/test_docs/CAs/Root_2/demoCA/crl/DO_NOT_CREATE_A_CRL
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_2/demoCA/crl/DO_NOT_CREATE_A_CRL
diff --git a/xmlsecurity/test_docs/CAs/Root_2/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Root_2/demoCA/crlnumber
new file mode 100755
index 000000000000..83b33d238dab
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_2/demoCA/crlnumber
@@ -0,0 +1 @@
+1000
diff --git a/xmlsecurity/test_docs/CAs/Root_2/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_2/demoCA/index.txt
new file mode 100755
index 000000000000..3e79e22d7cf1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_2/demoCA/index.txt
@@ -0,0 +1 @@
+V 341112155538Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 1 Root 2
diff --git a/xmlsecurity/test_docs/CAs/Root_2/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Root_2/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_2/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Root_2/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Root_2/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..36a8eb3c0709
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_2/demoCA/newcerts/1000.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 2
+ Validity
+ Not Before: Nov 18 15:55:38 2009 GMT
+ Not After : Nov 12 15:55:38 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:f0:7a:16:4c:ab:06:b2:af:27:9c:7d:3f:86:da:
+ de:7a:c3:01:67:77:56:49:09:ed:ed:31:72:83:e8:
+ 75:9c:4c:ce:f9:97:b6:63:3c:e2:ca:83:80:92:03:
+ 9c:96:e2:de:72:79:c1:cf:3e:3f:b9:0d:b4:87:c7:
+ 75:e6:56:8d:aa:f8:77:47:11:4e:fe:07:b0:1d:64:
+ 06:73:4b:6f:d4:ac:da:0f:05:87:b1:f1:98:a9:f5:
+ 8a:a1:a8:ed:17:9c:26:b8:da:92:63:d2:53:87:e6:
+ fc:ed:44:de:94:56:90:3e:a2:a1:67:08:cb:38:d4:
+ cf:17:3b:7e:ff:7a:97:c0:7b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 8C:F3:2C:30:A2:E8:62:50:70:BC:FC:71:A0:41:FA:E0:58:B4:4D:B8
+ X509v3 Authority Key Identifier:
+ keyid:5F:BC:4C:DA:EB:0A:0C:B5:23:43:5E:24:32:27:79:41:F5:82:A3:02
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 2
+ serial:A2:AF:15:89:EC:73:54:86
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 52:83:16:ab:0e:43:2d:b3:e4:0f:6c:c1:63:d4:86:ac:e7:1e:
+ ee:7b:ee:9b:0c:ff:4f:e0:59:d5:e4:27:af:68:bf:a7:f5:2a:
+ a3:c9:e3:2b:8d:b7:31:26:f6:04:80:4e:f2:a5:bf:da:63:5e:
+ 8c:d6:c6:b2:46:a0:46:10:2f:84:9f:02:76:f3:c8:33:05:62:
+ 0c:5f:2d:cc:06:23:53:9f:d9:f8:46:e4:2e:5c:da:05:fc:bf:
+ db:45:b4:ac:8d:8b:b5:4b:60:7b:7b:26:34:7f:b1:4b:41:96:
+ 41:26:70:7a:9d:78:a2:9b:e0:de:62:a2:04:86:9f:ed:7c:a6:
+ 20:eb
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAm+gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAyMB4XDTA5MTExODE1NTUz
+OFoXDTM0MTExMjE1NTUzOFowaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCAyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDwehZMqwayryecfT+G2t56wwFnd1ZJCe3tMXKD6HWcTM75l7ZjPOLK
+g4CSA5yW4t5yecHPPj+5DbSHx3XmVo2q+HdHEU7+B7AdZAZzS2/UrNoPBYex8Zip
+9YqhqO0XnCa42pJj0lOH5vztRN6UVpA+oqFnCMs41M8XO37/epfAewIDAQABo4HH
+MIHEMB0GA1UdDgQWBBSM8ywwouhiUHC8/HGgQfrgWLRNuDCBkQYDVR0jBIGJMIGG
+gBRfvEza6woMtSNDXiQyJ3lB9YKjAqFjpGEwXzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAyggkAoq8ViexzVIYwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBSgxarDkMts+QPbMFj1Ias5x7ue+6b
+DP9P4FnV5CevaL+n9SqjyeMrjbcxJvYEgE7ypb/aY16M1sayRqBGEC+EnwJ288gz
+BWIMXy3MBiNTn9n4RuQuXNoF/L/bRbSsjYu1S2B7eyY0f7FLQZZBJnB6nXiim+De
+YqIEhp/tfKYg6w==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_2/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Root_2/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..7ef7ef0a5e81
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_2/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,52B792B2B0E03BD6
+
+GIFY+N2q5LMcrtTplZUToF0/nuplr7ASLAe7lEcDLTTHeBTO+w4ScB62Dl6veeEU
+3/pPevG+V3HIA5ukywX334DuWjL3bFIsPg8a3NKKn0nTpmwqHqXZ53kbSMHIiu6v
+MkvGeVLLxLhnCsqQ8HI2ccuxGSXLA0rqlnrZTOtvQpw9ohpCM3CX1GeekLc83bL/
+4HHmw8nNL+OCH4l9g3Y8XpN3ySRgl+lWmoKxl9s2Mn7jFoaqSXuuH3wIu9D2kJxS
+qfVs/fo12j8RWXSIMpiCJFCOx1v+zzX7dJ0cyim83WF2OHsOW03UYnWzgk44iz4d
+/WVWJuRU3gEwpN3CDdhzBZuYw9DmaG8HLHYT15CSdkQrfHeFM3Axcoju7b887JX7
+sOHU6h4ebMVhAswAXKGlTKOY2PO1GE9cKoa2jxnB2z8Dhe8rxzuvWyr5BfXrS3KT
+lM6pjxZSoGMcmG7FtDgU/aAIn+DPR/rdB7tfZwP3GoVV+n3jRi8LU5I3wbi4z70o
+bwXMb7zN13WHFszZgPX4tHD3jjyLwk7rFmMJ17L3K6eOAlGg8o+FBgoqYFQo05sY
+2SElOibX8RIj9m9lerNLOxB5ty2VDUSaytJ0b1gPTXAdsaryq7tKFxIrNKpiJ1qk
+snQSJyr2JwRqBLRwkXZV5CliWwZJGGJsC9I5fAMuuW6qkDhsSQ1fIJsGn/SbbiZj
+lnZVY/33vHMltbwEgY4GuQWm29VYJwLWk925BY/nQ5fWPARYsap04JIwtperrZKj
+XETzTrnTje6sVl32aCLdYlwsVbh04zRwUFharCz5vtDdVeHrfsBDKA==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Root_2/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_2/demoCA/serial
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_2/demoCA/serial
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_2/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_2/openssl.cfg
new file mode 100755
index 000000000000..bf73e3549d66
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_2/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+#crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Test_CA_2009.2.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Root_3/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Root_3/demoCA/cacert.pem
new file mode 100755
index 000000000000..55be1552189e
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_3/demoCA/cacert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAm2gAwIBAgIJAJVv8OMrvnb5MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9y
+ZzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgMzAeFw0wOTEx
+MjAwNzM2MTVaFw0zNDExMTQwNzM2MTVaMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEA3L6zaGhxFC+Mf55dzotmPKxdZndlxSVVOVI93JrxKVfn8mYOCZEjdb9Q
+65vgLxGXMC9LCiF6SfT8dIfav1hUugmLaLzBesPu6h4kHN33/7Asj8BzY5I57uvF
+sMLNL5hHFRRqtBqHvmO2G8zjHPluObnBzaQNCbdZxYODeh1GFpECAwEAAaOBxzCB
+xDAdBgNVHQ4EFgQUaf8w7B80mmc6ayDS33/1BQTt+RwwgZEGA1UdIwSBiTCBhoAU
+af8w7B80mmc6ayDS33/1BQTt+RyhY6RhMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgM4IJAJVv8OMrvnb5MA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEABPdAJer/8FoOAMWszhfz/BEjF97TTFs1
+KqSEiuymswG706weo9tcnP8u81AITQPSWZE1ALQN5L35Zvg6ubJsNM3+VSoQ6hZj
+G9oWAJzFN7DhIqs3Xb13eBH/0yqAdTuFB5uLcJdR3GIXGFvcU/5FZBpYnORVqvg4
+irKv2VvyCR0=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_3/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Root_3/demoCA/crlnumber
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_3/demoCA/crlnumber
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_3/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_3/demoCA/index.txt
new file mode 100755
index 000000000000..dd9a47ee641b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_3/demoCA/index.txt
@@ -0,0 +1 @@
+V 341114074039Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 1 Root 3
diff --git a/xmlsecurity/test_docs/CAs/Root_3/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Root_3/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_3/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Root_3/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Root_3/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..c14880b580c7
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_3/demoCA/newcerts/1000.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 3
+ Validity
+ Not Before: Nov 20 07:40:39 2009 GMT
+ Not After : Nov 14 07:40:39 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:9e:87:1f:af:f0:a0:1c:f4:9e:f8:c3:e7:ee:d3:
+ cb:a8:e2:54:98:ba:dd:7e:dc:6e:14:e1:7e:7f:5b:
+ 1e:ef:53:3d:89:76:ea:e2:b3:6c:08:0d:e8:c8:4d:
+ 24:40:ff:92:f3:5b:51:f7:90:ac:69:37:29:90:f5:
+ e8:95:6f:67:d1:10:cd:7b:dd:65:38:d6:25:ec:63:
+ 39:ba:2e:ea:13:58:8e:7a:82:8e:10:d1:7b:77:7a:
+ 08:d5:82:66:62:a4:83:39:ad:f5:83:d5:2f:5c:bc:
+ 23:6e:c8:78:8b:38:9f:eb:a3:67:ba:43:fa:e4:07:
+ 3f:90:72:db:0c:f9:49:0e:0d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 1B:2D:E0:A2:26:7F:0D:BA:38:7E:EC:06:81:81:0F:12:74:4C:5A:4D
+ X509v3 Authority Key Identifier:
+ keyid:69:FF:30:EC:1F:34:9A:67:3A:6B:20:D2:DF:7F:F5:05:04:ED:F9:1C
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 3
+ serial:95:6F:F0:E3:2B:BE:76:F9
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 6f:ac:53:9d:16:6e:95:ed:97:60:ed:c8:a8:96:ab:24:c5:1e:
+ d5:d7:26:98:fb:b5:aa:ef:da:a4:91:6a:82:55:ec:21:a2:08:
+ 24:c7:0c:a7:58:0c:06:69:3d:04:7d:08:f1:0b:77:41:ad:1c:
+ 13:c2:bd:17:c9:9e:ff:df:64:69:8b:58:f1:bc:40:bd:cf:e4:
+ 57:29:bc:5e:93:84:61:56:4c:e6:c1:3a:2c:6e:71:ea:5d:67:
+ c0:54:be:4f:2f:27:a8:59:8d:29:94:ba:c6:6c:ff:ed:25:3d:
+ 0b:fa:93:c9:45:f4:d5:a3:3d:be:8a:f1:9d:c4:92:d5:5c:d2:
+ 77:7c
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAm+gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAzMB4XDTA5MTEyMDA3NDAz
+OVoXDTM0MTExNDA3NDAzOVowaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCAzMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQCehx+v8KAc9J74w+fu08uo4lSYut1+3G4U4X5/Wx7vUz2Jduris2wI
+DejITSRA/5LzW1H3kKxpNymQ9eiVb2fREM173WU41iXsYzm6LuoTWI56go4Q0Xt3
+egjVgmZipIM5rfWD1S9cvCNuyHiLOJ/ro2e6Q/rkBz+QctsM+UkODQIDAQABo4HH
+MIHEMB0GA1UdDgQWBBQbLeCiJn8Nujh+7AaBgQ8SdExaTTCBkQYDVR0jBIGJMIGG
+gBRp/zDsHzSaZzprINLff/UFBO35HKFjpGEwXzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAzggkAlW/w4yu+dvkwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBvrFOdFm6V7Zdg7ciolqskxR7V1yaY
++7Wq79qkkWqCVewhoggkxwynWAwGaT0EfQjxC3dBrRwTwr0XyZ7/32Rpi1jxvEC9
+z+RXKbxek4RhVkzmwTosbnHqXWfAVL5PLyeoWY0plLrGbP/tJT0L+pPJRfTVoz2+
+ivGdxJLVXNJ3fA==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_3/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Root_3/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..445d86f99540
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_3/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,24B61B9BC2D90894
+
+pJUmVTVcjD3b4WKoSDJHrxHYOJ5/6P0FyQRYaJhnDXpcC5cQywl7yuD3HpRh3cXT
+Y5k6d1E64St3I/IDImdbiEEDbjlSG9gfFf9vYeP/Xlpaja0Y9Q2ePnQvJY47HB7+
+qkrt6b+3yIW024wHi83dzaeYeNUJaY1jGsra2TzGk/+hYrf6yvnyehEAsy5WChof
+bfaQ29RrGTlzf6IpSRpiHUL7nVl+eHfbGLX4Ih8aEFXpcnoWtpY8FgQ5+bJxMeR4
+R2ge0c3G0VIBXBRRUoGsU0ZcRLdxYUFcDGZse50ZboUwvROfPCimowcyWKluV9yj
+l4+e3glYcwGHRqHYArsLDUV2hzHHEJ1IKn4E+oExqQSGgDQgUDN0kjlRPPxWQb29
+6dZSHW4VXW609Q10FKbPuCocgQ2Ut2bNGWqXsiNNTr39iB0r/hA/V4bKy3G8ogsH
+AQFp6D9LaFlt9ZFA49Y4WoPzSY9J2C4eFJzQ+jhCpeapzQ54BWNTYMQe+SJHkp1O
+PWVovUrRbTDesIUeY1UJuSnbDotOc6vzEAsP+FIL2qUySUGG/CPyAf3R4FyahwjL
+bgU5kmpzBKsgqRYrO2yfLz5/3/e9xUGfHVi8lbI5f21NQKesqHY2xS2NmGvakzbe
+ZvD3bhythAR5L0Pp+tiiHE1LUAbcKp90aFPeaONDpUtrRU21gqqvEKnnubCvnjmE
+l6GrH2WKSgxJbQ3GGqNaDg1ivB8XXyjx7guvBzpA0Pe2YCYMa0RI27GywNkv+RsR
+eo3ox2QhUpvPxUl3ijwOPN3EFXrq0gdlYQJBWW3GLlX4Q71KJF+jUQ==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Root_3/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_3/demoCA/serial
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_3/demoCA/serial
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_3/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_3/openssl.cfg
new file mode 100755
index 000000000000..5f9493f47e9b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_3/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+#crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Test_CA_2009.2.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Root_4/README.txt b/xmlsecurity/test_docs/CAs/Root_4/README.txt
new file mode 100755
index 000000000000..b9fb278a2724
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_4/README.txt
@@ -0,0 +1,4 @@
+Revoked certificates:
+
+- Sub CA 2 Root 4
+
diff --git a/xmlsecurity/test_docs/CAs/Root_4/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Root_4/demoCA/cacert.pem
new file mode 100755
index 000000000000..45b4ce8a5f29
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_4/demoCA/cacert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAm2gAwIBAgIJAKKTRnQ7puOtMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9y
+ZzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgNDAeFw0wOTEx
+MjAwODM1MDRaFw0zNDExMTQwODM1MDRaMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEA2k+jPArotoY09an0BpF3RYIPP/5RN04E4S+Ulp/ipttaVxtAC0ojJSlp
+0PGp/vIodFT9pkBb0nq56LHjFLj+lyW5tKAR+4B+VVvzwJhUBD8qHjYJE30vWZ88
+3+3I+GmXDzy962kQxrb4J6dBwGImoqhBTXWOxGnPjXxtovzYmMECAwEAAaOBxzCB
+xDAdBgNVHQ4EFgQUuo2hl9zEOR+QtVFrEBnyRg2pZY4wgZEGA1UdIwSBiTCBhoAU
+uo2hl9zEOR+QtVFrEBnyRg2pZY6hY6RhMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgNIIJAKKTRnQ7puOtMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEARdHX1KRJ/DE1zOkbjINPX4pFjTMIIfKd
+ncEBM7Po20it75Hbl8bHoxwCrjOu+9L1xaTCWcunyqv26yrjVpORPHPODLMc2W8x
+FQm39hL6a0RjqurDlhcrjor3HD7hQ+GjEUDAX6Pk9RDxN+uMHvF5/5WCEhSn2aLT
+IozGu5SmZys=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_4/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Root_4/demoCA/crlnumber
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_4/demoCA/crlnumber
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_4/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_4/demoCA/index.txt
new file mode 100755
index 000000000000..f07b3377de4a
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_4/demoCA/index.txt
@@ -0,0 +1,2 @@
+V 341114083727Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 1 Root 4
+R 341114092227Z 091120092718Z,keyCompromise 1001 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 2 Root 4
diff --git a/xmlsecurity/test_docs/CAs/Root_4/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Root_4/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_4/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Root_4/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Root_4/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..391037118147
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_4/demoCA/newcerts/1000.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 4
+ Validity
+ Not Before: Nov 20 08:37:27 2009 GMT
+ Not After : Nov 14 08:37:27 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 4
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:da:b0:21:94:89:b0:00:89:cb:69:59:9b:0d:fe:
+ 1f:b9:a0:a8:44:92:55:5f:0b:d5:e5:08:63:bd:47:
+ 6b:11:4d:b1:a8:12:6f:c1:cf:cb:9e:ae:e2:c1:03:
+ 68:46:59:0b:96:7c:21:45:9b:14:81:d8:f1:83:70:
+ 6b:3d:b4:56:65:49:87:1d:ab:e2:08:6a:49:66:0e:
+ 59:b4:da:7a:3f:72:23:b8:1f:fb:78:f5:f0:2d:c4:
+ fe:d9:94:6e:2e:c3:6e:95:ba:38:60:d1:0b:fa:16:
+ c7:02:71:ef:3e:71:72:63:26:56:35:1e:8b:ec:47:
+ 87:25:6e:bc:90:d0:8b:37:2d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 96:9A:2D:06:F6:76:4F:83:68:7B:9C:69:C4:18:BB:4A:EB:46:38:E4
+ X509v3 Authority Key Identifier:
+ keyid:BA:8D:A1:97:DC:C4:39:1F:90:B5:51:6B:10:19:F2:46:0D:A9:65:8E
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 4
+ serial:A2:93:46:74:3B:A6:E3:AD
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 45:77:ba:6b:b6:a7:2a:0f:6b:38:90:9f:0a:18:11:c7:54:7b:
+ c9:3b:9a:93:90:96:f0:04:0a:56:87:30:e0:f5:d8:84:40:39:
+ 90:85:ca:e7:38:1b:d8:df:2f:bd:73:91:13:cb:a6:c9:b0:7a:
+ f7:59:77:6b:9a:d5:86:78:06:dc:40:14:ce:ea:43:a8:ae:ed:
+ a2:03:64:51:3a:47:7a:9f:df:2d:65:49:56:a5:39:cf:28:2a:
+ ac:ab:fd:e1:93:fd:3e:56:e8:eb:7a:11:a8:f7:f9:1a:a1:83:
+ 1f:92:f7:da:4e:c6:d9:67:dd:67:ff:be:6f:e5:24:e1:6e:cc:
+ 94:3c
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAm+gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA0MB4XDTA5MTEyMDA4Mzcy
+N1oXDTM0MTExNDA4MzcyN1owaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCA0MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDasCGUibAAictpWZsN/h+5oKhEklVfC9XlCGO9R2sRTbGoEm/Bz8ue
+ruLBA2hGWQuWfCFFmxSB2PGDcGs9tFZlSYcdq+IIaklmDlm02no/ciO4H/t49fAt
+xP7ZlG4uw26Vujhg0Qv6FscCce8+cXJjJlY1HovsR4clbryQ0Is3LQIDAQABo4HH
+MIHEMB0GA1UdDgQWBBSWmi0G9nZPg2h7nGnEGLtK60Y45DCBkQYDVR0jBIGJMIGG
+gBS6jaGX3MQ5H5C1UWsQGfJGDalljqFjpGEwXzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA0ggkAopNGdDum460wDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBFd7prtqcqD2s4kJ8KGBHHVHvJO5qT
+kJbwBApWhzDg9diEQDmQhcrnOBvY3y+9c5ETy6bJsHr3WXdrmtWGeAbcQBTO6kOo
+ru2iA2RROkd6n98tZUlWpTnPKCqsq/3hk/0+VujrehGo9/kaoYMfkvfaTsbZZ91n
+/75v5SThbsyUPA==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_4/demoCA/newcerts/1001.pem b/xmlsecurity/test_docs/CAs/Root_4/demoCA/newcerts/1001.pem
new file mode 100755
index 000000000000..9d951ee26728
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_4/demoCA/newcerts/1001.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4097 (0x1001)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 4
+ Validity
+ Not Before: Nov 20 09:22:27 2009 GMT
+ Not After : Nov 14 09:22:27 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 2 Root 4
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e5:8d:27:4e:09:53:08:61:c6:23:25:9e:dd:9c:
+ 07:bf:81:38:5c:5c:10:8f:e4:12:2f:4e:2e:b1:a1:
+ cf:21:46:53:bf:e8:5e:de:17:3a:9d:f7:e8:ef:3e:
+ 9c:b4:29:37:4c:31:35:15:dc:98:e0:93:9c:ce:6a:
+ d6:e1:35:19:6b:d4:1d:3b:81:86:b1:e7:ff:1f:b8:
+ 34:a9:f9:de:4d:b8:62:ac:3b:d4:58:8e:5c:76:b5:
+ 07:7f:32:8a:3a:90:73:71:d5:da:f1:79:39:14:ed:
+ 1b:f1:8a:3e:be:48:bc:07:ec:f9:7c:03:14:fc:e7:
+ 55:a3:65:81:c7:6c:70:0b:ff
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 69:DE:B6:99:C4:95:F7:5A:FA:41:6B:4C:F6:C3:6D:89:AA:37:31:9D
+ X509v3 Authority Key Identifier:
+ keyid:BA:8D:A1:97:DC:C4:39:1F:90:B5:51:6B:10:19:F2:46:0D:A9:65:8E
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 4
+ serial:A2:93:46:74:3B:A6:E3:AD
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ bc:cf:43:eb:72:b1:71:a7:94:8e:cd:5b:fc:d8:21:31:83:db:
+ a9:de:c7:5b:14:e5:7b:90:43:e6:05:df:db:6e:95:5f:24:ac:
+ 0c:a1:8a:ac:c6:cf:f2:03:cd:a0:30:ae:d3:a9:41:07:c9:b1:
+ be:4b:e0:fc:a2:76:09:07:75:6a:fa:e4:2f:a3:3a:cd:81:68:
+ ab:f6:06:c4:32:08:25:6e:e8:e7:36:9c:1a:f7:42:73:f8:b0:
+ d8:42:3e:85:c2:11:23:10:d6:6a:e4:8f:53:cb:8b:8b:1b:5a:
+ 4d:6d:9d:34:45:26:52:d2:ee:6d:8f:23:ff:00:92:f5:99:62:
+ 4c:41
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAm+gAwIBAgICEAEwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA0MB4XDTA5MTEyMDA5MjIy
+N1oXDTM0MTExNDA5MjIyN1owaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDIgUm9vdCA0MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDljSdOCVMIYcYjJZ7dnAe/gThcXBCP5BIvTi6xoc8hRlO/6F7eFzqd
+9+jvPpy0KTdMMTUV3Jjgk5zOatbhNRlr1B07gYax5/8fuDSp+d5NuGKsO9RYjlx2
+tQd/Moo6kHNx1drxeTkU7Rvxij6+SLwH7Pl8AxT851WjZYHHbHAL/wIDAQABo4HH
+MIHEMB0GA1UdDgQWBBRp3raZxJX3WvpBa0z2w22JqjcxnTCBkQYDVR0jBIGJMIGG
+gBS6jaGX3MQ5H5C1UWsQGfJGDalljqFjpGEwXzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA0ggkAopNGdDum460wDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQC8z0PrcrFxp5SOzVv82CExg9up3sdb
+FOV7kEPmBd/bbpVfJKwMoYqsxs/yA82gMK7TqUEHybG+S+D8onYJB3Vq+uQvozrN
+gWir9gbEMgglbujnNpwa90Jz+LDYQj6FwhEjENZq5I9Ty4uLG1pNbZ00RSZS0u5t
+jyP/AJL1mWJMQQ==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_4/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Root_4/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..003d2f3b56d5
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_4/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,26D3AA1ECCD64EF2
+
+Smy62JNi1/1qKZI1q2lF13336vwJWfw+ii4g/ZwMJWuwTWUGXWZ1o9B9pZFo78KM
+pMlasoCwAoI3lepMIwxtSRMgstxacJ4QRVPdevo7Qq6+++qNXdkqq9pYM19dsOiu
+UNpbPXVvKQZnvm0ZFCjqiylvjCaQVQRScdwu9cJyq2qIQ1laXQoW2fPYBb8KSsCO
+B5E76zAGdRlzEglT9Qkjbi2dQWxWpMHFfWZydFJnNbuh7O+RxCSOJN3jXlDRGPag
+IwL4mFX8dElCwWhNpdd1pXF2ZXQ2S6Ke1MoOXRvJ7XVvEfnGyHpHQRdNB0M9gJCf
+3ynJ0UUiCvXJs/6NEcOZzZ+R38XfMvsOcG1jNuh2KE5hW3cGbQMV2TPZMHjGE/qn
+EhX+vzIOhRUPTUQjrjmV/lgioL4pMKFBXyfr2tkNLVOfzQtIXVfgxF1ooVmZFGKR
+fAmHRbXKSrGWPJkX75bdlVnQ15qz5dU7PkIohGwGojOHuTWLXzKtOuLs7KMmH/i1
+5MhxcoXbI4R+hX/oj2Es4MKYFcSI0MID9Z5Se6z/yaz++5P9OrEGrXydg4W5YSuc
+Q+MovUuqNoDH+Mo0z2P2DL4OxcIkBYoUVFOnIL2v5thRgbdWk05m0OBWYnvue9MG
+CiuA49Lqg0H2ViZrDCyGDQNBkDkW7AKHYhVe3afHSDENX+wsgB1oj1bMvWNLQfCB
+2IOYjv+of7tNOvIH6AuaJDqF2TYOm4ipcjSD/SEuKfrOgXlq6702tRhL4aAfHa6K
+o1yrUfAxLwqN/TjSDNfOIUr5ro24tYnUaUnYPpn/zwZ5WfitZ4RGBg==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Root_4/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_4/demoCA/serial
new file mode 100755
index 000000000000..7d802a3e7104
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_4/demoCA/serial
@@ -0,0 +1 @@
+1002
diff --git a/xmlsecurity/test_docs/CAs/Root_4/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_4/openssl.cfg
new file mode 100755
index 000000000000..5f9493f47e9b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_4/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+#crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Test_CA_2009.2.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Root_5/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Root_5/demoCA/cacert.pem
new file mode 100755
index 000000000000..631deb24de3f
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_5/demoCA/cacert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAm2gAwIBAgIJAPA9tqmpnKNOMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9y
+ZzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgNTAeFw0wOTEx
+MjAxMDEwMzdaFw0zNDExMTQxMDEwMzdaMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAwbqFK0+BWGylCl9gJj/eVuuNBcSgVetgx0cXwMRPHiwFZ8ilxPJm4kd0
+k2WDKHox5Ol8T0pU4n3fA5VmxjcfGnx03R8rFTn5deetrKQzyWUjz7EIl4mZYSvK
+hwlbg5ZB4FJDYUoC/3eVHdQq2jUvRaQad1TvdBmvIMbDaYmTT3cCAwEAAaOBxzCB
+xDAdBgNVHQ4EFgQUwdGg1FsLnX4xYfk5EJ8xEODSBrUwgZEGA1UdIwSBiTCBhoAU
+wdGg1FsLnX4xYfk5EJ8xEODSBrWhY6RhMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgNYIJAPA9tqmpnKNOMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAeX2QYyrs9an5ObWjzauPCzr8hx6k8dF3
+YXU8f/JCf/fKG5u5WQZmmu0YZXMSaDyzqS3rKupDSm4kbfB9l9oTkgZszueI29pd
+C/QIh8vUTiAlV5zxR4ypqmBg489W/uXdQPicuFhGFYX9EWjuGhwk8dL0dcUCufwX
+UBYBlUiceFU=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_5/demoCA/crl/DO_NOT_CREATE_A_CRL b/xmlsecurity/test_docs/CAs/Root_5/demoCA/crl/DO_NOT_CREATE_A_CRL
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_5/demoCA/crl/DO_NOT_CREATE_A_CRL
diff --git a/xmlsecurity/test_docs/CAs/Root_5/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Root_5/demoCA/crlnumber
new file mode 100755
index 000000000000..83b33d238dab
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_5/demoCA/crlnumber
@@ -0,0 +1 @@
+1000
diff --git a/xmlsecurity/test_docs/CAs/Root_5/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_5/demoCA/index.txt
new file mode 100755
index 000000000000..d910b9acc97e
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_5/demoCA/index.txt
@@ -0,0 +1 @@
+V 341114113023Z 1001 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 1 Root 5
diff --git a/xmlsecurity/test_docs/CAs/Root_5/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Root_5/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_5/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Root_5/demoCA/newcerts/1001.pem b/xmlsecurity/test_docs/CAs/Root_5/demoCA/newcerts/1001.pem
new file mode 100755
index 000000000000..b350f6eb33ef
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_5/demoCA/newcerts/1001.pem
@@ -0,0 +1,66 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4097 (0x1001)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 5
+ Validity
+ Not Before: Nov 20 11:30:23 2009 GMT
+ Not After : Nov 14 11:30:23 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 5
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:97:fa:a2:49:d3:bf:c1:2e:7a:ed:83:83:3c:78:
+ 96:c8:b2:b9:67:af:c0:5e:0a:89:89:fb:94:59:32:
+ a8:2a:e4:20:2f:3b:3d:ce:53:4f:72:fc:6c:0b:93:
+ 38:c3:df:66:6e:d5:79:d0:a4:4e:41:84:43:3c:99:
+ 79:0c:e0:5f:19:1a:3d:f5:4b:11:28:0f:80:b0:a0:
+ 71:34:5b:90:71:c2:ef:1e:85:2e:5b:9f:3b:22:c3:
+ 18:f8:7c:1f:ef:1b:78:17:a0:44:60:46:7e:88:eb:
+ a7:60:a0:5c:2a:7c:37:99:fa:27:97:08:e8:89:ba:
+ bc:69:4b:79:93:8f:ad:b5:9b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 01:E9:B5:99:E4:6D:F9:8C:42:3D:09:10:0F:A7:75:C6:27:78:4A:AF
+ X509v3 Authority Key Identifier:
+ keyid:C1:D1:A0:D4:5B:0B:9D:7E:31:61:F9:39:10:9F:31:10:E0:D2:06:B5
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 5
+ serial:F0:3D:B6:A9:A9:9C:A3:4E
+
+ X509v3 CRL Distribution Points:
+ URI:http://localhost:8901/demoCA/crl/Root_5.crl
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 6d:ca:34:05:99:ff:99:49:d3:6d:9d:ad:c6:99:da:9d:6c:94:
+ 62:77:ed:1c:39:23:d2:e8:b6:3e:df:63:dc:7c:10:3f:c2:ed:
+ f4:04:26:58:05:01:4c:ed:a9:83:43:3a:5d:fe:60:6d:5b:58:
+ dc:93:8c:94:69:b6:7f:02:48:30:9c:31:f4:7d:de:e0:de:04:
+ d2:dc:79:b7:60:c2:87:f7:c7:92:a2:f5:86:a7:0c:70:3b:a3:
+ a7:35:11:cf:a4:28:21:aa:8b:24:50:2e:96:41:be:66:01:bd:
+ b9:ec:04:0c:92:d9:8a:e7:a0:96:24:9b:f1:a2:9f:59:59:4a:
+ 32:a4
+-----BEGIN CERTIFICATE-----
+MIIDRjCCAq+gAwIBAgICEAEwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA1MB4XDTA5MTEyMDExMzAy
+M1oXDTM0MTExNDExMzAyM1owaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCA1MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQCX+qJJ07/BLnrtg4M8eJbIsrlnr8BeComJ+5RZMqgq5CAvOz3OU09y
+/GwLkzjD32Zu1XnQpE5BhEM8mXkM4F8ZGj31SxEoD4CwoHE0W5Bxwu8ehS5bnzsi
+wxj4fB/vG3gXoERgRn6I66dgoFwqfDeZ+ieXCOiJurxpS3mTj621mwIDAQABo4IB
+BjCCAQIwHQYDVR0OBBYEFAHptZnkbfmMQj0JEA+ndcYneEqvMIGRBgNVHSMEgYkw
+gYaAFMHRoNRbC51+MWH5ORCfMRDg0ga1oWOkYTBfMQswCQYDVQQGEwJERTEQMA4G
+A1UECBMHSGFtYnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MQ8wDQYDVQQDEwZSb290IDWCCQDwPbapqZyjTjA8BgNVHR8E
+NTAzMDGgL6AthitodHRwOi8vbG9jYWxob3N0Ojg5MDEvZGVtb0NBL2NybC9Sb290
+XzUuY3JsMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAbco0BZn/
+mUnTbZ2txpnanWyUYnftHDkj0ui2Pt9j3HwQP8Lt9AQmWAUBTO2pg0M6Xf5gbVtY
+3JOMlGm2fwJIMJwx9H3e4N4E0tx5t2DCh/fHkqL1hqcMcDujpzURz6QoIaqLJFAu
+lkG+ZgG9uewEDJLZiuegliSb8aKfWVlKMqQ=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_5/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Root_5/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..222320a9a05e
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_5/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5F2D7F26BBEBD8FB
+
+qFyJ/G/DFwA+Kx3cVldc6bOMRbbduL7x5DBjCqS20YfoQoyvDcyel8FYz4/8CQ9d
+kmb4nrM0Dj8/FgDiite2E8+qJV4U8OIBsXelFd8FWC8hB4z0DtwVxIAiM6mTMMcu
+bWta3Lu5xrNvU/vosB967COztoYB5XLLQ/DrRPoV+tvJx0Le3zXLzceIj4PicuIk
+/Mh5NVqN5a5blaV1/1JvcfOQLCI0rNebP3iAYhwCkKyu6WkpSNuHIw5gaMC6KXpq
+ORPf3m+3/YKHLS9/tg+9CPQrRpyzLV/TOUduq6HFfzh9ZRXd04Dpn0P61JVCypYo
+9u62lnNCAtreyvCUttzANLgujbgT9HNsjzKTAD2g+zjwQPgIS4epNm5LBPsQv15A
+Vuw7CnNlLa8PxUxuDUjoW2YaGUR3PHNUz+TA1U0UFxlNK/lgeekIvmSvPjVyROOB
+SxOH88yAZWe6pWioS3uzeg1kf1F5sj9u+KHPyikUe3nUBrS1cZSRtQczhlWWocgm
+GtfwQSSVSwRtd7CWe/nQHuSJyrIJCbWFaDhnVXRhr+tyDpLtoeApCvefvel0p/AY
+LTaRcno3zUxZS3G8Cv71hBPR8y5di5dAxBSfLgMYxwBD3UFO6CPkmiJteIhHska9
+FJqR98hfvF+0hwFnaFUTszDMGK1xV20MeTMhLAwSlttbuwtWMTourFKtS6t1SomB
+JOTkpiVfojTSAJX40ExQgNtvY+7ayNUBLX9NIuIcOjFbQa1LNmGy9cOPQD49x067
+fALGA+V1KO7sFeUrunkpHncYoux5OThq3iDJ2tPfBmyhTQhOSzN38w==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Root_5/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_5/demoCA/serial
new file mode 100755
index 000000000000..7d802a3e7104
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_5/demoCA/serial
@@ -0,0 +1 @@
+1002
diff --git a/xmlsecurity/test_docs/CAs/Root_5/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_5/openssl.cfg
new file mode 100755
index 000000000000..7a23cf2df5b9
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_5/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Root_5.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Root_6/README.txt b/xmlsecurity/test_docs/CAs/Root_6/README.txt
new file mode 100755
index 000000000000..e49615a51c0c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_6/README.txt
@@ -0,0 +1,5 @@
+To provide the CRL via HTTP run
+
+java -jar ../../tools/httpserv/dist/httpserv.jar -a 8901
+
+
diff --git a/xmlsecurity/test_docs/CAs/Root_6/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Root_6/demoCA/cacert.pem
new file mode 100755
index 000000000000..5a7fc185b421
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_6/demoCA/cacert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAm2gAwIBAgIJANhqTyT5yZQnMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9y
+ZzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgNjAeFw0wOTEx
+MjAxMjI2MDFaFw0zNDExMTQxMjI2MDFaMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgNjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAslt6KM0bikDy8n0lNMeaNQiZk9Pcfsf6Vaasn9A8FABFn1chxV5zOMag
+jo6CyZG1CNLhA841RtgiWVMc8BA+pDKzOQAzfgSk4VjXaY8nYgKEmGDKuNvls+kE
+OKMkJibh/scNMDUOx8Bnc6S9LyYJAhZFrxm/lgmoIo7QMcdseIsCAwEAAaOBxzCB
+xDAdBgNVHQ4EFgQUrCVem7W6TY69d7Kd2eKErnoxj/IwgZEGA1UdIwSBiTCBhoAU
+rCVem7W6TY69d7Kd2eKErnoxj/KhY6RhMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgNoIJANhqTyT5yZQnMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAU6Sjyeo650mhSGK8JJBhDroVJgAryVF4
+wXEKWxK0yuO0TVZJxUWeHOESpegBW1eP5m9Pz0IHnxj6MsGBYq7SZU84awt4HJto
+6O1ARZYfT9r+qTts33I/VVQVTJbvETF1vGsuAZfTTDhAJDqS2oueiPDSinzQxNMy
+16L4Rajm8LE=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_6/demoCA/crl/DO_NOT_INSTALL_THIS_CRL b/xmlsecurity/test_docs/CAs/Root_6/demoCA/crl/DO_NOT_INSTALL_THIS_CRL
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_6/demoCA/crl/DO_NOT_INSTALL_THIS_CRL
diff --git a/xmlsecurity/test_docs/CAs/Root_6/demoCA/crl/Root_6.crl b/xmlsecurity/test_docs/CAs/Root_6/demoCA/crl/Root_6.crl
new file mode 100755
index 000000000000..df6dcb21eec7
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_6/demoCA/crl/Root_6.crl
Binary files differ
diff --git a/xmlsecurity/test_docs/CAs/Root_6/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Root_6/demoCA/crlnumber
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_6/demoCA/crlnumber
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_6/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_6/demoCA/index.txt
new file mode 100755
index 000000000000..7f0df0d959b5
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_6/demoCA/index.txt
@@ -0,0 +1 @@
+V 341114122807Z 1001 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 1 Root 6
diff --git a/xmlsecurity/test_docs/CAs/Root_6/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Root_6/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_6/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Root_6/demoCA/newcerts/1001.pem b/xmlsecurity/test_docs/CAs/Root_6/demoCA/newcerts/1001.pem
new file mode 100755
index 000000000000..0490b88cd769
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_6/demoCA/newcerts/1001.pem
@@ -0,0 +1,66 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4097 (0x1001)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 6
+ Validity
+ Not Before: Nov 20 12:28:07 2009 GMT
+ Not After : Nov 14 12:28:07 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 6
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c4:d9:ab:27:06:66:41:0e:36:ff:d4:b1:d0:8c:
+ f7:b4:25:55:cd:fd:fa:a4:5a:e6:4f:d0:05:dc:a3:
+ e5:bd:8d:53:77:d1:ea:95:5a:52:81:c8:b6:36:a0:
+ 5f:3a:e1:85:1e:8a:48:91:7d:29:78:ff:ea:c5:e3:
+ ad:c4:27:d5:b7:8f:59:20:26:d4:45:87:6a:56:db:
+ ac:f5:f8:0a:88:82:9e:c2:00:06:fc:98:8a:fe:35:
+ c3:02:a1:67:08:06:42:e3:88:48:e0:8f:33:ff:f8:
+ a4:87:1a:3a:d9:54:0e:1c:09:3e:a0:f0:70:cd:b5:
+ b0:b2:7e:07:73:ad:20:64:69
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 89:8C:D7:71:EB:67:78:4E:D6:01:35:B2:AC:A1:B4:88:43:CE:70:A7
+ X509v3 Authority Key Identifier:
+ keyid:AC:25:5E:9B:B5:BA:4D:8E:BD:77:B2:9D:D9:E2:84:AE:7A:31:8F:F2
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 6
+ serial:D8:6A:4F:24:F9:C9:94:27
+
+ X509v3 CRL Distribution Points:
+ URI:http://localhost:8901/demoCA/crl/Root_6.crl
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 55:5b:3b:6b:8a:d0:1b:d8:19:d9:96:85:4d:b4:a0:98:b1:bd:
+ 9f:0b:62:21:92:8b:4e:d3:d0:1b:91:3d:e3:f5:bd:ce:16:57:
+ fc:b7:84:15:51:fd:98:ab:32:59:28:0b:44:57:49:ec:ac:11:
+ 67:26:7a:a3:c5:b8:9d:2a:de:b6:7c:76:0a:e9:18:9f:98:87:
+ e8:80:c8:72:99:56:74:ab:73:1b:f4:e7:b9:b1:3a:f3:7b:0d:
+ 2f:5d:82:6c:d1:99:9f:23:be:23:fb:4c:0e:15:5e:f5:9f:90:
+ 88:d7:51:3a:6a:7a:f0:54:a5:c4:89:a5:0d:0a:4e:94:59:64:
+ 59:54
+-----BEGIN CERTIFICATE-----
+MIIDRjCCAq+gAwIBAgICEAEwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA2MB4XDTA5MTEyMDEyMjgw
+N1oXDTM0MTExNDEyMjgwN1owaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCA2MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDE2asnBmZBDjb/1LHQjPe0JVXN/fqkWuZP0AXco+W9jVN30eqVWlKB
+yLY2oF864YUeikiRfSl4/+rF463EJ9W3j1kgJtRFh2pW26z1+AqIgp7CAAb8mIr+
+NcMCoWcIBkLjiEjgjzP/+KSHGjrZVA4cCT6g8HDNtbCyfgdzrSBkaQIDAQABo4IB
+BjCCAQIwHQYDVR0OBBYEFImM13HrZ3hO1gE1sqyhtIhDznCnMIGRBgNVHSMEgYkw
+gYaAFKwlXpu1uk2OvXeyndnihK56MY/yoWOkYTBfMQswCQYDVQQGEwJERTEQMA4G
+A1UECBMHSGFtYnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MQ8wDQYDVQQDEwZSb290IDaCCQDYak8k+cmUJzA8BgNVHR8E
+NTAzMDGgL6AthitodHRwOi8vbG9jYWxob3N0Ojg5MDEvZGVtb0NBL2NybC9Sb290
+XzYuY3JsMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAVVs7a4rQ
+G9gZ2ZaFTbSgmLG9nwtiIZKLTtPQG5E94/W9zhZX/LeEFVH9mKsyWSgLRFdJ7KwR
+ZyZ6o8W4nSretnx2CukYn5iH6IDIcplWdKtzG/TnubE683sNL12CbNGZnyO+I/tM
+DhVe9Z+QiNdROmp68FSlxImlDQpOlFlkWVQ=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_6/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Root_6/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..166be0166530
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_6/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BADC417CBCEF5888
+
+5vIfuyyd2rgqSPUElPa2YM8on+FeoYuAIB+mfVHy0nSGisUKjmQQACaeTVD+aO6S
+UFBz3W/RJXCj/8x5+ZYa8Rj44DeSwlDrxSy5VBrWegOzujfGPqrzwCL/ASKGPPFN
+RwK0i0niJsj6+oQOGgP6AIb08reX1tkT0GItwQMjIQAFETcDP8m1sA1kFpLhvBCF
+dHyw0lfnh+NZ9nnpAdpVXwt8teccLUyEHARNscebg8vqjc2gRxi3KpT3pURg0dUc
+eaGH8DIB5CuAYW2Mo1LLRQ0uvkFgSl56WcolYiRTy2KUMW7Gz7oBA5Qyb9lz25yV
+9djt4Hrs9cI1p1TGmvSklGPKJUaTf0Yrf0XRkS6xknFVX4zzkbD4vYFelITSxeMT
+pPVbjLSWiIo+mqBuW6i+LUNMt45b1RWM96pomrPRrGne4saJOkhVXTvv/pR4KB+S
+J2iwlEDNOwzkxeqSB7lJuzIce/iUqERAzlXe8e0VVgy0P0UfOIViLWS98cuqR86H
+P1rMYtWilAkLKBUYo+lS7f/3YD8E3V10XdBmYJFvmpHPXM2SP5HQZXtoNCXJNcvB
+aAlb3c7InxfqLLn+kH6WgPzXXcXO7cxlZ3cXBbJf3IhRT3aBEnAH+s+DDCi0RCII
+UiLOnrgfOEZuNyRhGin9R7WFRtnGYJjHTP54FMOY0f0Rj7ElT+xymeAZE8wyXKfi
+MWDgswTYYkcC7uPJAJ8HnLtFixr9aEriug7yemGyr686oX8gLPdwrYwPYJBt7Q+b
+0nf22SoMqMNWSCWcr89sc1AIb0ebX+FxtsN6j45ztEjZGjXYkk2iXQ==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Root_6/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_6/demoCA/serial
new file mode 100755
index 000000000000..7d802a3e7104
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_6/demoCA/serial
@@ -0,0 +1 @@
+1002
diff --git a/xmlsecurity/test_docs/CAs/Root_6/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_6/openssl.cfg
new file mode 100755
index 000000000000..ee8469fe548b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_6/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Root_6.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Root_7/README.txt b/xmlsecurity/test_docs/CAs/Root_7/README.txt
new file mode 100755
index 000000000000..056f1b13397e
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/README.txt
@@ -0,0 +1,10 @@
+Revoked certificates:
+
+- Sub CA 2 Root 7
+
+
+To provide the CRL via HTTP run
+
+java -jar ../../tools/httpserv/dist/httpserv.jar -a 8901
+
+
diff --git a/xmlsecurity/test_docs/CAs/Root_7/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Root_7/demoCA/cacert.pem
new file mode 100755
index 000000000000..01761f55bf00
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/demoCA/cacert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAm2gAwIBAgIJANXmY18YCYKJMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9y
+ZzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgNzAeFw0wOTEx
+MjAxMzA0NDhaFw0zNDExMTQxMzA0NDhaMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgNzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAvG//bRySIKOz1hmmH6qx02wtf2ZO2skK/wxPnTAd+LLuH2upOfGkaFCi
+hd1zsIshs9/TjtLNa4nplkYSvZlYBsbpIuNQZrEedbvLYV/zNdsnLfht+aX3yMuk
+q1dh2BI0LdwXiyMyPwATJwQ96AXq/a+cZi1ZRBToCztZArJK/xMCAwEAAaOBxzCB
+xDAdBgNVHQ4EFgQUgMb4C198SeSG/ciSxoBw2cBve94wgZEGA1UdIwSBiTCBhoAU
+gMb4C198SeSG/ciSxoBw2cBve96hY6RhMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgN4IJANXmY18YCYKJMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAg15QATKSYmz+XGtnBLDnWu2Gk59nglH4
+gG3p1xiVVgOyQVGsvNr+3ETPTTcf6x+ap1+AHE9SJJ0/WQSuUHtOv6y/prp4MWbw
+/QBL2WHS7adTFWxOJ/VWpb8GhTtJdG9PKYeSmVAtC1qzdI1zsjPYvHO3UJnokDkB
+fY7kpaTJprg=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_7/demoCA/crl/DO_NOT_INSTALL_THIS_CRL b/xmlsecurity/test_docs/CAs/Root_7/demoCA/crl/DO_NOT_INSTALL_THIS_CRL
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/demoCA/crl/DO_NOT_INSTALL_THIS_CRL
diff --git a/xmlsecurity/test_docs/CAs/Root_7/demoCA/crl/Root_7.crl b/xmlsecurity/test_docs/CAs/Root_7/demoCA/crl/Root_7.crl
new file mode 100755
index 000000000000..0eefbda68048
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/demoCA/crl/Root_7.crl
Binary files differ
diff --git a/xmlsecurity/test_docs/CAs/Root_7/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Root_7/demoCA/crlnumber
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/demoCA/crlnumber
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_7/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_7/demoCA/index.txt
new file mode 100755
index 000000000000..24c3538724a1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/demoCA/index.txt
@@ -0,0 +1,2 @@
+V 341114130753Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 1 Root 7
+R 341114133506Z 091120133621Z,keyCompromise 1001 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 2 Root 7
diff --git a/xmlsecurity/test_docs/CAs/Root_7/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Root_7/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Root_7/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Root_7/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..2dda8f2b286f
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/demoCA/newcerts/1000.pem
@@ -0,0 +1,66 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 7
+ Validity
+ Not Before: Nov 20 13:07:53 2009 GMT
+ Not After : Nov 14 13:07:53 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 7
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b0:ae:6d:0a:21:ae:8a:92:b1:16:25:d3:08:cb:
+ ac:b7:4c:53:6d:4b:b3:12:82:40:54:c9:44:28:fc:
+ 4e:10:e6:65:40:de:70:5d:8b:ab:1f:5c:77:03:43:
+ 3d:3a:3d:9e:f7:37:66:9a:33:68:a0:cf:ad:8f:f4:
+ fb:9c:a3:87:57:5d:ec:d6:55:5a:18:b5:e1:2b:d2:
+ c4:10:fe:f0:01:a5:da:29:ee:c4:af:15:c9:8c:dc:
+ 7c:45:84:bd:e5:5b:09:1f:16:1d:11:e7:61:e6:22:
+ e7:1f:c8:86:bf:a1:da:cb:fe:6b:7e:c0:6e:aa:7f:
+ 97:84:e8:8f:81:69:f1:26:87
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 54:64:15:7E:93:8A:19:C8:F9:B7:EF:60:A0:DF:5C:C8:15:56:C0:EE
+ X509v3 Authority Key Identifier:
+ keyid:80:C6:F8:0B:5F:7C:49:E4:86:FD:C8:92:C6:80:70:D9:C0:6F:7B:DE
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 7
+ serial:D5:E6:63:5F:18:09:82:89
+
+ X509v3 CRL Distribution Points:
+ URI:http://localhost:8901/demoCA/crl/Root_7.crl
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 1a:bc:5a:4b:9a:d5:e8:c0:35:c2:61:0a:58:7d:33:e2:87:01:
+ 61:83:80:42:8d:1a:7e:b1:9a:58:d5:01:fd:e7:ae:5c:c8:65:
+ fb:9e:1d:bf:49:ba:ed:40:f4:05:7c:3b:2d:db:0e:53:d0:05:
+ a0:bd:15:87:c4:37:22:0b:a0:04:a3:ad:cb:57:b2:00:97:ee:
+ 8f:89:91:8e:7d:0b:e2:27:96:6e:0f:ab:73:33:59:fa:9f:37:
+ f2:77:79:99:af:72:ad:f9:49:05:ed:55:08:31:eb:97:0f:99:
+ 6e:9c:a3:df:f0:52:1a:14:4e:78:25:0c:8b:02:cb:56:e9:4d:
+ f5:9f
+-----BEGIN CERTIFICATE-----
+MIIDRjCCAq+gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA3MB4XDTA5MTEyMDEzMDc1
+M1oXDTM0MTExNDEzMDc1M1owaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCA3MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQCwrm0KIa6KkrEWJdMIy6y3TFNtS7MSgkBUyUQo/E4Q5mVA3nBdi6sf
+XHcDQz06PZ73N2aaM2igz62P9Puco4dXXezWVVoYteEr0sQQ/vABpdop7sSvFcmM
+3HxFhL3lWwkfFh0R52HmIucfyIa/odrL/mt+wG6qf5eE6I+BafEmhwIDAQABo4IB
+BjCCAQIwHQYDVR0OBBYEFFRkFX6TihnI+bfvYKDfXMgVVsDuMIGRBgNVHSMEgYkw
+gYaAFIDG+AtffEnkhv3IksaAcNnAb3veoWOkYTBfMQswCQYDVQQGEwJERTEQMA4G
+A1UECBMHSGFtYnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MQ8wDQYDVQQDEwZSb290IDeCCQDV5mNfGAmCiTA8BgNVHR8E
+NTAzMDGgL6AthitodHRwOi8vbG9jYWxob3N0Ojg5MDEvZGVtb0NBL2NybC9Sb290
+XzcuY3JsMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAGrxaS5rV
+6MA1wmEKWH0z4ocBYYOAQo0afrGaWNUB/eeuXMhl+54dv0m67UD0BXw7LdsOU9AF
+oL0Vh8Q3IgugBKOty1eyAJfuj4mRjn0L4ieWbg+rczNZ+p838nd5ma9yrflJBe1V
+CDHrlw+Zbpyj3/BSGhROeCUMiwLLVulN9Z8=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_7/demoCA/newcerts/1001.pem b/xmlsecurity/test_docs/CAs/Root_7/demoCA/newcerts/1001.pem
new file mode 100755
index 000000000000..0d2a0f02a3eb
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/demoCA/newcerts/1001.pem
@@ -0,0 +1,66 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4097 (0x1001)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 7
+ Validity
+ Not Before: Nov 20 13:35:06 2009 GMT
+ Not After : Nov 14 13:35:06 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 2 Root 7
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:f9:3f:5e:76:52:9a:ce:5d:98:b0:00:d8:e0:65:
+ e7:78:11:4c:7b:c7:e2:d3:44:bf:8e:60:42:69:3e:
+ 75:67:65:24:ab:f7:07:d8:9d:be:0f:23:b5:c1:26:
+ 00:6b:c3:22:84:72:a9:96:dc:5f:63:fc:f5:e0:e3:
+ cc:da:0c:74:e9:31:51:91:89:27:8f:e5:17:41:6e:
+ 3d:5e:2a:13:cd:08:f7:f3:61:34:a1:f7:79:c6:bd:
+ 5d:2c:34:01:ea:5a:8c:48:97:36:d6:57:e0:80:03:
+ 2e:7a:03:83:4c:bd:b4:af:a2:fd:d7:4b:1a:f7:ab:
+ 9f:5a:22:2b:d1:25:73:dd:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 3B:50:26:45:6C:E2:FE:28:B1:71:0A:A8:95:2D:78:63:8E:2C:48:92
+ X509v3 Authority Key Identifier:
+ keyid:80:C6:F8:0B:5F:7C:49:E4:86:FD:C8:92:C6:80:70:D9:C0:6F:7B:DE
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 7
+ serial:D5:E6:63:5F:18:09:82:89
+
+ X509v3 CRL Distribution Points:
+ URI:http://localhost:8901/demoCA/crl/Root_7.crl
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 5f:b4:70:11:4f:d9:df:6a:6a:5a:4a:97:fe:8b:5d:9e:46:84:
+ e2:27:67:41:7c:a9:2e:9d:77:cc:e4:8c:d6:16:3c:39:7d:51:
+ 29:60:80:32:4f:a1:d0:b4:7f:2a:e5:60:f4:b8:d3:3b:94:f8:
+ a5:fb:15:99:cf:a9:c5:a7:59:c1:11:89:67:11:9c:ff:a9:ac:
+ dd:ca:a9:92:a8:60:26:c3:ab:74:41:86:b9:4d:1e:4a:c5:de:
+ 63:e6:da:2a:36:39:7b:6c:66:f3:20:57:d1:f1:36:4b:69:c5:
+ 04:a3:1f:cf:de:0c:10:d0:3f:07:e2:8e:0f:cd:41:26:c9:2e:
+ e9:1b
+-----BEGIN CERTIFICATE-----
+MIIDRjCCAq+gAwIBAgICEAEwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA3MB4XDTA5MTEyMDEzMzUw
+NloXDTM0MTExNDEzMzUwNlowaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDIgUm9vdCA3MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQD5P152UprOXZiwANjgZed4EUx7x+LTRL+OYEJpPnVnZSSr9wfYnb4P
+I7XBJgBrwyKEcqmW3F9j/PXg48zaDHTpMVGRiSeP5RdBbj1eKhPNCPfzYTSh93nG
+vV0sNAHqWoxIlzbWV+CAAy56A4NMvbSvov3XSxr3q59aIivRJXPdbwIDAQABo4IB
+BjCCAQIwHQYDVR0OBBYEFDtQJkVs4v4osXEKqJUteGOOLEiSMIGRBgNVHSMEgYkw
+gYaAFIDG+AtffEnkhv3IksaAcNnAb3veoWOkYTBfMQswCQYDVQQGEwJERTEQMA4G
+A1UECBMHSGFtYnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MQ8wDQYDVQQDEwZSb290IDeCCQDV5mNfGAmCiTA8BgNVHR8E
+NTAzMDGgL6AthitodHRwOi8vbG9jYWxob3N0Ojg5MDEvZGVtb0NBL2NybC9Sb290
+XzcuY3JsMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAX7RwEU/Z
+32pqWkqX/otdnkaE4idnQXypLp13zOSM1hY8OX1RKWCAMk+h0LR/KuVg9LjTO5T4
+pfsVmc+pxadZwRGJZxGc/6ms3cqpkqhgJsOrdEGGuU0eSsXeY+baKjY5e2xm8yBX
+0fE2S2nFBKMfz94MENA/B+KOD81BJsku6Rs=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_7/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Root_7/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..147ca4e9b6f7
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B17A06040862AC63
+
+9VJMswLGoelYtmpO17/f34Lb7j1I2vaK+RUg7fH09M6rQKurA2SmpsO7kJo7lMUb
+lwXEC8+JC5b3OoUcPeHLkZ5e9bB+flMJQq+bkzWs4NWYI17gRs2Tc74xm04XRTsO
+OYU+H7uOyRMAuS86hkQF13H3hCHcZkg8RZcvqfDXhsY8S7iyp0gErQv8IDmbIije
+R7go3NdZXCmkuINKhhABFYnPxnEpaHxhIMNKykbSn+jby02LX57X/u4JDGfkzjCH
+wyJMi9PiO7VbXvi8IPYnFz0IaCMVr5cltTh47/KiqACeAADQ6ETekrX9r7lngkRz
+sqFuyqEtdi02ujElsGIaDCImQ5KbD2u2IQ3FX2b6Jwmd/uDmqQQwtEfarEoUxich
+chCEUBGAiqRxLcrnRzjT+Reqgx7qGNurjP78kmKeD91hDm3tEHeWtecy4iA3C8z0
+aMZFOZLx1r7kf5/YaRMREcLPmreEWgFmkIMN004GdIvOwlsUjmAM7UMle+cef17v
+h1hxbFsznzYLBk0zOYjmsTpI3dQHtxSUVsyUWXXVJ0Y4YhJSjMHlMOOCanGYOpGS
+vipUNzLx4aIWfMmQdJePQM4uxO2FNwTc1IGyRpoOhj6vxroICuGK3WkxqZsN3VwR
+hwNol0cNMNHbVacKvhh5PQJcmWiqmLEXaQD8VWgCNQVa0otS59vj+SeyW4ZvULBM
+Od/9FhFfEBHQDxNSL+c6B/dXFIO1oY159ErdElAn+NPRtQcHAsnu8HknKLhry1NP
+b4d+KZcTZAq9q97ltRQf9/hXBpA3ophMtbBFnnnh5WJuMMdDMNgGsg==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Root_7/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_7/demoCA/serial
new file mode 100755
index 000000000000..7d802a3e7104
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/demoCA/serial
@@ -0,0 +1 @@
+1002
diff --git a/xmlsecurity/test_docs/CAs/Root_7/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_7/openssl.cfg
new file mode 100755
index 000000000000..a63458d084b4
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_7/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Root_7.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Root_8/README.txt b/xmlsecurity/test_docs/CAs/Root_8/README.txt
new file mode 100755
index 000000000000..d749d8ebcfe8
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/README.txt
@@ -0,0 +1,9 @@
+Revoked certificates:
+
+- Sub CA 2 Root 8
+
+
+Start the OCSP responder:
+openssl ocsp -index demoCA/index.txt -port 8888 -rsigner demoCA/cacert.pem -rkey demoCA/private/cakey.pem -CA demoCA/cacert.pem -text
+
+
diff --git a/xmlsecurity/test_docs/CAs/Root_8/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Root_8/demoCA/cacert.pem
new file mode 100755
index 000000000000..ef431ec9528f
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/demoCA/cacert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAm2gAwIBAgIJALJH3moqTIMZMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9y
+ZzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgODAeFw0wOTEx
+MjAxNTI4NTZaFw0zNDExMTQxNTI4NTZaMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgODCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAmR4R07C/I8zEPsAEQdc/nzH74hLjEwImtiWKL8nVc70fwquIRzWLaavm
+DaQE3g/ha00d2hepB2dUiR1nV2GhMYdV64eq1utEPU+tTIYpx163axOGLYLWwKc3
+cBaR2mCqZmAkS+WABHkCX9hsBn+Ju/XNxLDVcpBohVrx882+3kMCAwEAAaOBxzCB
+xDAdBgNVHQ4EFgQU1mZ2yQX/qVCIlmDd+8cwGHJnQRkwgZEGA1UdIwSBiTCBhoAU
+1mZ2yQX/qVCIlmDd+8cwGHJnQRmhY6RhMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgOIIJALJH3moqTIMZMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAfZylT15q6Dnpvf9jWoCovzvUoBqAwL1Z
+UDEikhCpajYsrfXI3MRvKYkTvt18lgg2Y09gJ2vhfLBCaDp+ELUq0Vc5hIbblGGO
+EA4vBuH5Yfho3AK3gKAtk7Rc9l/qP2rBPb1JVw79pRaz95IkYGeOp35pVDQfBN+i
+jji5JSyOeYQ=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_8/demoCA/crl/DO_NOT_INSTALL_THIS_CRL b/xmlsecurity/test_docs/CAs/Root_8/demoCA/crl/DO_NOT_INSTALL_THIS_CRL
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/demoCA/crl/DO_NOT_INSTALL_THIS_CRL
diff --git a/xmlsecurity/test_docs/CAs/Root_8/demoCA/crl/Root_8.crl b/xmlsecurity/test_docs/CAs/Root_8/demoCA/crl/Root_8.crl
new file mode 100755
index 000000000000..8f91a1949a68
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/demoCA/crl/Root_8.crl
Binary files differ
diff --git a/xmlsecurity/test_docs/CAs/Root_8/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Root_8/demoCA/crlnumber
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/demoCA/crlnumber
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_8/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_8/demoCA/index.txt
new file mode 100755
index 000000000000..831cbf1a38ed
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/demoCA/index.txt
@@ -0,0 +1,2 @@
+V 341114153321Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 1 Root 8
+R 341114155533Z 091120155655Z,superseded 1001 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 2 Root 8
diff --git a/xmlsecurity/test_docs/CAs/Root_8/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Root_8/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Root_8/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Root_8/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..b2d1deb75960
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/demoCA/newcerts/1000.pem
@@ -0,0 +1,66 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 8
+ Validity
+ Not Before: Nov 20 15:33:21 2009 GMT
+ Not After : Nov 14 15:33:21 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 8
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:96:79:01:9f:4f:68:c1:09:0d:44:3a:82:e4:eb:
+ ad:70:7a:cf:b9:71:e5:fb:e0:c8:0c:21:79:3e:cb:
+ 78:91:7f:4a:a0:de:3e:37:0f:a1:6b:73:10:12:9b:
+ 08:c4:96:dc:cb:a8:5b:87:9b:75:24:e4:00:5e:4a:
+ 6f:4c:13:79:1f:57:13:8c:3e:1b:38:31:e1:77:74:
+ 52:f9:94:47:36:57:33:bd:de:08:11:a3:01:e1:53:
+ 1c:bd:7b:39:9c:5e:96:5c:a9:61:6c:cc:2b:90:8d:
+ 5a:3c:9e:f4:4b:6e:e5:97:64:86:f3:8e:e8:72:20:
+ 5d:0d:50:bf:e9:cf:be:d4:13
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ EF:BD:C8:8E:78:79:F9:76:4B:11:59:B6:C3:32:10:07:C0:BC:E3:8A
+ X509v3 Authority Key Identifier:
+ keyid:D6:66:76:C9:05:FF:A9:50:88:96:60:DD:FB:C7:30:18:72:67:41:19
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 8
+ serial:B2:47:DE:6A:2A:4C:83:19
+
+ Authority Information Access:
+ OCSP - URI:http://localhost:8888
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 4c:95:44:3b:57:08:ec:01:ec:f9:3e:7c:89:1c:30:b1:4e:26:
+ 32:b6:57:fa:25:bc:ed:eb:d4:a2:1c:67:ee:b9:8b:d0:4c:57:
+ 8a:0e:db:a0:9d:92:e7:de:c6:73:01:e7:de:61:1b:b5:0e:d0:
+ c5:c1:a7:a6:ab:e0:c6:0b:51:dd:e5:a2:32:1f:c6:52:ea:d3:
+ 03:68:3a:f5:92:bd:8b:b8:03:bb:50:70:63:cc:ec:ed:3c:11:
+ 76:ca:ac:72:47:ad:99:6b:8e:07:9e:38:f2:63:e1:ba:d4:df:
+ a9:73:54:1d:74:89:94:01:2e:68:dd:97:e7:53:f9:cf:b6:7d:
+ fc:87
+-----BEGIN CERTIFICATE-----
+MIIDOTCCAqKgAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA4MB4XDTA5MTEyMDE1MzMy
+MVoXDTM0MTExNDE1MzMyMVowaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCA4MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQCWeQGfT2jBCQ1EOoLk661wes+5ceX74MgMIXk+y3iRf0qg3j43D6Fr
+cxASmwjEltzLqFuHm3Uk5ABeSm9ME3kfVxOMPhs4MeF3dFL5lEc2VzO93ggRowHh
+Uxy9ezmcXpZcqWFszCuQjVo8nvRLbuWXZIbzjuhyIF0NUL/pz77UEwIDAQABo4H6
+MIH3MB0GA1UdDgQWBBTvvciOeHn5dksRWbbDMhAHwLzjijCBkQYDVR0jBIGJMIGG
+gBTWZnbJBf+pUIiWYN37xzAYcmdBGaFjpGEwXzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA4ggkAskfeaipMgxkwMQYIKwYBBQUH
+AQEEJTAjMCEGCCsGAQUFBzABhhVodHRwOi8vbG9jYWxob3N0Ojg4ODgwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBMlUQ7VwjsAez5PnyJHDCxTiYy
+tlf6Jbzt69SiHGfuuYvQTFeKDtugnZLn3sZzAefeYRu1DtDFwaemq+DGC1Hd5aIy
+H8ZS6tMDaDr1kr2LuAO7UHBjzOztPBF2yqxyR62Za44HnjjyY+G61N+pc1QddImU
+AS5o3ZfnU/nPtn38hw==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_8/demoCA/newcerts/1001.pem b/xmlsecurity/test_docs/CAs/Root_8/demoCA/newcerts/1001.pem
new file mode 100755
index 000000000000..26368962e8d0
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/demoCA/newcerts/1001.pem
@@ -0,0 +1,66 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4097 (0x1001)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 8
+ Validity
+ Not Before: Nov 20 15:55:33 2009 GMT
+ Not After : Nov 14 15:55:33 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 2 Root 8
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e9:91:38:d8:c1:36:e5:c1:d0:32:e8:ae:02:11:
+ 97:e5:c5:07:8f:5b:46:3a:3c:d9:49:5e:9a:4b:51:
+ 4c:b7:7d:e9:d1:4f:a7:15:8c:c6:10:f6:fa:5f:a9:
+ 0b:1b:bc:de:56:f5:ad:a3:a0:40:f1:75:10:58:74:
+ 37:f9:b7:9f:76:ca:46:96:4c:1a:81:f4:a2:ce:88:
+ 8b:9e:00:6d:42:b3:d6:68:d1:67:d6:9f:b8:9c:3f:
+ 43:c7:36:bf:41:88:1b:e8:74:26:a0:51:5c:e2:ee:
+ 6d:9d:73:bb:0d:36:e1:5c:68:9f:21:3b:b2:aa:ed:
+ 39:1d:ae:fc:b4:ca:38:c2:fb
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 1B:AB:6B:0F:42:91:DC:1E:D4:7A:95:87:30:2D:CC:11:4F:35:B7:73
+ X509v3 Authority Key Identifier:
+ keyid:D6:66:76:C9:05:FF:A9:50:88:96:60:DD:FB:C7:30:18:72:67:41:19
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 8
+ serial:B2:47:DE:6A:2A:4C:83:19
+
+ Authority Information Access:
+ OCSP - URI:http://localhost:8888
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 89:f8:8d:a8:e5:0b:2a:fb:f3:6a:80:2c:26:a1:a7:36:7e:a0:
+ c5:61:65:9d:7e:d6:47:60:b4:f6:72:e9:6e:2c:d9:f8:7f:c8:
+ 7a:5d:75:98:ad:88:de:e7:1b:44:a3:96:37:84:c0:b3:20:98:
+ 3b:b5:f6:ee:70:9c:04:7a:6c:88:05:75:7f:12:cf:b9:76:e8:
+ c0:17:0c:5e:eb:10:38:1e:54:41:58:56:f6:3c:ec:07:a5:c0:
+ 74:24:34:af:b3:c7:b2:58:85:47:0f:6c:e4:a0:9f:c8:7b:5c:
+ 95:77:17:e5:ad:eb:c3:86:44:f7:81:ef:cb:58:12:1a:6a:c7:
+ 19:95
+-----BEGIN CERTIFICATE-----
+MIIDOTCCAqKgAwIBAgICEAEwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA4MB4XDTA5MTEyMDE1NTUz
+M1oXDTM0MTExNDE1NTUzM1owaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDIgUm9vdCA4MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDpkTjYwTblwdAy6K4CEZflxQePW0Y6PNlJXppLUUy3fenRT6cVjMYQ
+9vpfqQsbvN5W9a2joEDxdRBYdDf5t592ykaWTBqB9KLOiIueAG1Cs9Zo0WfWn7ic
+P0PHNr9BiBvodCagUVzi7m2dc7sNNuFcaJ8hO7Kq7Tkdrvy0yjjC+wIDAQABo4H6
+MIH3MB0GA1UdDgQWBBQbq2sPQpHcHtR6lYcwLcwRTzW3czCBkQYDVR0jBIGJMIGG
+gBTWZnbJBf+pUIiWYN37xzAYcmdBGaFjpGEwXzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA4ggkAskfeaipMgxkwMQYIKwYBBQUH
+AQEEJTAjMCEGCCsGAQUFBzABhhVodHRwOi8vbG9jYWxob3N0Ojg4ODgwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCJ+I2o5Qsq+/NqgCwmoac2fqDF
+YWWdftZHYLT2culuLNn4f8h6XXWYrYje5xtEo5Y3hMCzIJg7tfbucJwEemyIBXV/
+Es+5dujAFwxe6xA4HlRBWFb2POwHpcB0JDSvs8eyWIVHD2zkoJ/Ie1yVdxflrevD
+hkT3ge/LWBIaascZlQ==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_8/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Root_8/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..dd11db44373a
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1DE6DE80057C280E
+
+1pXaFFR4KgVEWQzq73tQrfEkLZn7J0G0fxp1ZZYKOVdL3g/S4su2cXn5zfkSypjG
+sTPnj9YuHzZiW1sB5M+U84b0aCSuh4+HK1Y+K6Us99psx/VaDq36uEBJZQviJ4zb
+uF7ZT6NRGWMs3pIkFEHqi9TQ6mmeRgHMgkiI/mpM/26Y00dLpXdxBIGOCpKIPXwp
+02mx/o9CHqI7ASuXV6ZAhawEmvFKKRNCKsKOaSs0CylGOT5nAaqWRp/IVMrm46wr
+o7cErGgCZCPzQ5Ndx4553oSeWTjnm4iTS5UKg0nwPgS6sVhsr3zrTxIhS9zzcW2G
+ycREX312K7q0zxtCxdNZxGeSfowRRy54JRoLf+O5yoNTRXYFjLxXGHgCTQRWgpIh
+ggOmgUyIeNQXts4Qf6ddUtEcfGzMowCAJWTakXpOBoWj42mF85lDlcAAn8V1L90Q
+MDF31HzrDAe3po4g+dNA6qdZrpSpnDDVp0oPsr3ooz1dLlwa8LWpPpq5PRgDWeQF
+hcYrywI5tfUJyXv0xkEv+BIGKjGofWHGNtZWazBunhAVgWG/GQbzWxdSBS5w2waE
+2Zo65PBqfLgRdnO6HYl15Pc5wm3gEQJo5VYgl7HmRpEt7lQrcnReqLWnsuHmqZ/H
+vaEmGnSfXauVTvBVRXnrpznM/ROC9n2FR50lNIO1nAtMM7a0S0PIKgB+uNwAtsAR
+Y4dY4YCS/io8wCL+DNBPtdvuY85/y5lnURpj9ojWO916WZsK/EFPJIQFuVwhal2C
+Q9NVu8PXPDiBAHTVGZz8HoG32eYYUtqzeIY4Xo5ybUlnsNGlncWSqw==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Root_8/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_8/demoCA/serial
new file mode 100755
index 000000000000..7d802a3e7104
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/demoCA/serial
@@ -0,0 +1 @@
+1002
diff --git a/xmlsecurity/test_docs/CAs/Root_8/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_8/openssl.cfg
new file mode 100755
index 000000000000..0353bced3bd2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_8/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+authorityInfoAccess = OCSP;URI:http://localhost:8888
+#crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Root_7.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Root_9/DO_NOT_INSTALL_THIS_ROOT_CERT.txt b/xmlsecurity/test_docs/CAs/Root_9/DO_NOT_INSTALL_THIS_ROOT_CERT.txt
new file mode 100755
index 000000000000..ee3d2b339ef1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_9/DO_NOT_INSTALL_THIS_ROOT_CERT.txt
@@ -0,0 +1 @@
+!!!DO NOT INSTALL THIS ROOT CERTIFICATE!!!
diff --git a/xmlsecurity/test_docs/CAs/Root_9/demoCA/DO_NO_INSTALL_THIS_ROOT_CERTIFICATE b/xmlsecurity/test_docs/CAs/Root_9/demoCA/DO_NO_INSTALL_THIS_ROOT_CERTIFICATE
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_9/demoCA/DO_NO_INSTALL_THIS_ROOT_CERTIFICATE
diff --git a/xmlsecurity/test_docs/CAs/Root_9/demoCA/Root_9.crt b/xmlsecurity/test_docs/CAs/Root_9/demoCA/Root_9.crt
new file mode 100755
index 000000000000..66e316546ed4
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_9/demoCA/Root_9.crt
Binary files differ
diff --git a/xmlsecurity/test_docs/CAs/Root_9/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Root_9/demoCA/cacert.pem
new file mode 100755
index 000000000000..ca53f28f7adb
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_9/demoCA/cacert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAm2gAwIBAgIJAKTbFg1LjNSmMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9y
+ZzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgOTAeFw0wOTEx
+MjMxMzUyNDNaFw0zNDExMTcxMzUyNDNaMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgOTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAsOgehurKuYszsH2LFeGyHA9WYmCOMZmQfBFOgS/kO1Hkv6tNrDbshzyc
+I/qOlpkosXUbQaaJPYoQmv3eTpfYxM9Dju5GkzOL03Q9J8AGe8RW1urMCfD5fC9g
+XmhxAnIbrmDhS4K0lV8ngWwTQjmec9CV8SVBLQerrNtmcY/VvcMCAwEAAaOBxzCB
+xDAdBgNVHQ4EFgQUzTNeq3MjUYC4A60SAQvFXo5VymQwgZEGA1UdIwSBiTCBhoAU
+zTNeq3MjUYC4A60SAQvFXo5VymShY6RhMF8xCzAJBgNVBAYTAkRFMRAwDgYDVQQI
+EwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2
+ZWxvcG1lbnQxDzANBgNVBAMTBlJvb3QgOYIJAKTbFg1LjNSmMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAqQkfiXNJm8l5v6qQzv6HwcDIgSQBuwkp
+bN5FgHdLXaae/UOelXpmLSfrAbizw0Om1xLH/tnSeNY9MCGMGA4ScGU1hdNLUTIU
+LK9upl/q+cHQayZL/Hz4Z8sqRNrP+E2m0GY0RMF1getJunfYZZV9VcsfbO3SqgAQ
+exqICFDFi8M=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_9/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Root_9/demoCA/crlnumber
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_9/demoCA/crlnumber
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_9/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_9/demoCA/index.txt
new file mode 100755
index 000000000000..c741bbfdaccc
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_9/demoCA/index.txt
@@ -0,0 +1 @@
+V 341117135919Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Sub CA 1 Root 9
diff --git a/xmlsecurity/test_docs/CAs/Root_9/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Root_9/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_9/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Root_9/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Root_9/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..0b38d4db4c7a
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_9/demoCA/newcerts/1000.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 9
+ Validity
+ Not Before: Nov 23 13:59:19 2009 GMT
+ Not After : Nov 17 13:59:19 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 9
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a9:6d:7f:6a:08:fb:e2:3a:5e:83:3f:ff:58:ba:
+ 92:a1:79:9d:ce:d2:0c:16:15:f2:7e:b3:e4:45:9c:
+ 02:32:65:9b:02:90:78:05:95:e4:04:1d:4a:05:bb:
+ ea:f6:ac:ab:15:74:c2:bc:ee:2a:c1:80:55:3e:93:
+ 1f:5c:94:eb:cf:cf:8f:15:eb:b8:22:fe:69:61:51:
+ a9:08:b8:80:bd:48:99:da:85:10:1c:75:97:fd:d3:
+ c3:c4:0b:dd:eb:01:12:5d:ee:62:62:c3:0c:18:ea:
+ ed:76:ff:9b:1c:1f:c7:81:f9:9a:cd:e5:25:89:b2:
+ 13:57:56:f3:27:53:72:76:69
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 7B:D3:57:BF:6A:CB:6C:10:81:91:DA:95:DC:88:4F:A5:D0:DB:D1:46
+ X509v3 Authority Key Identifier:
+ keyid:CD:33:5E:AB:73:23:51:80:B8:03:AD:12:01:0B:C5:5E:8E:55:CA:64
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 9
+ serial:A4:DB:16:0D:4B:8C:D4:A6
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 17:67:b0:21:da:0d:a1:fe:09:62:d0:cf:1d:c0:c8:bd:d4:22:
+ dd:75:ec:04:e2:23:ae:ea:8c:15:fa:73:2e:83:f4:16:eb:c1:
+ e1:87:36:bd:58:d0:64:e0:6e:2c:bc:27:cb:dc:4b:58:01:80:
+ 48:27:53:bb:75:85:a7:19:b8:e2:c0:1f:9f:a2:18:27:82:3f:
+ 25:bf:17:d1:34:32:de:c4:81:9d:8a:39:6f:6b:1f:b6:12:61:
+ 74:78:96:6d:6e:52:23:4a:67:30:78:03:91:b7:89:bf:3c:4a:
+ 36:e3:95:21:38:35:af:05:55:81:05:25:91:78:ca:2f:5d:79:
+ d2:05
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAm+gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA5MB4XDTA5MTEyMzEzNTkx
+OVoXDTM0MTExNzEzNTkxOVowaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCA5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQCpbX9qCPviOl6DP/9YupKheZ3O0gwWFfJ+s+RFnAIyZZsCkHgFleQE
+HUoFu+r2rKsVdMK87irBgFU+kx9clOvPz48V67gi/mlhUakIuIC9SJnahRAcdZf9
+08PEC93rARJd7mJiwwwY6u12/5scH8eB+ZrN5SWJshNXVvMnU3J2aQIDAQABo4HH
+MIHEMB0GA1UdDgQWBBR701e/astsEIGR2pXciE+l0NvRRjCBkQYDVR0jBIGJMIGG
+gBTNM16rcyNRgLgDrRIBC8VejlXKZKFjpGEwXzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCA5ggkApNsWDUuM1KYwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAXZ7Ah2g2h/gli0M8dwMi91CLddewE
+4iOu6owV+nMug/QW68Hhhza9WNBk4G4svCfL3EtYAYBIJ1O7dYWnGbjiwB+fohgn
+gj8lvxfRNDLexIGdijlvax+2EmF0eJZtblIjSmcweAORt4m/PEo245UhODWvBVWB
+BSWReMovXXnSBQ==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_9/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Root_9/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..65149ff6505b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_9/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EEC173CF380C4BEC
+
+3ZAmsMS1aFKb3EfOncYO+hg0ucK80Y7pHg7GaH2/XZ+b6HmVQrHKuDrIcQNGEY5Z
+QTCBeCGhmh7hnemBSrco4HURl/2LlA5CoYyd6CCc79VeUQZRJdLjL2thD4x/QwQs
+Vh9uG+nunEAXK2kI2sFAxCScoCXSZmAgQqAANQ3SHyJ14e8BlOVgucfD0afYEDNE
+udc86lO8+Lz7HfTvysnKO06pgp30ZFJlnBzSBXkXsTShPWEPg8f+2JRc+A5PbxVM
+gz/S/ZrPMg8QyIfwwCGjRKzyRBeXVfquXqrwNqtGI+HXo4QaYYT8zuYUn9XuJsac
+ZFn2BoXhI6TCBzyM+yuoXp+Xx5plY2A8QXaiLdKO2usV5xcXaBY3XTczrnOfJh7f
+F3B2mbfhr/s4UJaFmnG4eULklFGADRY5tN2bIutsWmuuw17/ZwUSZxsjl+TybqVi
+uvfmEqrSgoZ9Qz1vvRngVAAwJPAvQqsBQwkq3WapNeoLqmQeSHq/6z4G5RKPbkMs
+t21L4SBUGQMhkZWAnJEtECDGsQpDjjwbDuJzrbVTSBiNvDWWeXJuGdyhzI6b17v7
+CZosIrzE82Oo0C+afWJVek2cB8rIMbgqEL+3Sj7x9c/kGeLx957d+geTSStqjD3z
+P574kcEDP9ppEHalg1ygJ6t3SjkTNMWrbuYH+GlY8all7rniMDYUDMECIj3Xrv+Q
+x3Yzv07FAooDYBE4pdWtTjpBlmwxa68XaMSDG28jQwTHck30GU/gwrM74CKWsg8y
+4eZAaeQKHeUYFGsxWeYfmwr7aD4pG+VYGOmRmdia5PA=
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Root_9/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_9/demoCA/serial
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_9/demoCA/serial
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Root_9/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_9/openssl.cfg
new file mode 100755
index 000000000000..cc9663bbd5c5
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_9/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+#crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Root_7.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/cacert.pem
new file mode 100755
index 000000000000..be26aa5d8f4b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/cacert.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 1
+ Validity
+ Not Before: Nov 18 15:07:13 2009 GMT
+ Not After : Nov 12 15:07:13 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d9:3a:8d:64:95:87:76:76:e8:61:c3:e9:65:f4:
+ a6:b7:0c:77:0e:4b:10:e8:14:a3:e1:84:69:7c:8e:
+ 97:d2:7d:01:ad:b2:dc:5c:cd:c6:91:a1:f3:93:7c:
+ 54:36:64:e3:ca:22:ca:00:cb:c6:91:ab:6b:26:88:
+ 69:60:9a:61:d7:59:17:db:93:7d:09:36:da:28:cb:
+ ec:2d:a4:26:bb:1a:42:20:b8:08:b2:0f:b9:77:a6:
+ 80:71:cf:13:f5:37:a2:90:4d:ab:e8:97:49:d2:80:
+ 94:8f:b1:9d:5a:b4:9f:de:ff:fa:b6:d6:e0:45:5f:
+ cc:d4:10:1e:32:46:7b:ba:55
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 37:71:74:81:44:DD:1E:B1:60:96:41:B7:4B:38:C4:B7:79:1B:CF:8A
+ X509v3 Authority Key Identifier:
+ keyid:0F:FA:C6:EB:DF:CE:B8:BB:B3:A9:3E:42:A6:BA:EC:D2:93:CA:47:A4
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 1
+ serial:95:B0:05:2B:ED:C2:39:2D
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 18:f6:02:5e:75:04:5f:eb:3b:07:41:85:c0:9e:08:29:58:3d:
+ b5:6f:c2:aa:24:0d:93:1d:17:fc:be:d6:43:ac:43:d7:4d:a0:
+ 2c:40:fd:3d:d5:7e:91:46:25:49:62:ba:e9:7f:67:c2:fc:8a:
+ c3:a0:37:bf:ec:f9:54:bf:61:10:35:dd:5b:bb:da:7c:70:54:
+ 32:13:b9:ae:7d:ea:a5:7d:aa:55:3e:ef:0a:ef:12:fd:c3:f6:
+ e5:25:98:97:34:02:64:fd:88:79:b3:e2:f4:fc:ff:e7:d3:98:
+ f1:d9:d5:18:d9:b4:62:ae:99:88:61:2e:ff:02:6a:13:35:fe:
+ 37:c7
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAm+gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAxMB4XDTA5MTExODE1MDcx
+M1oXDTM0MTExMjE1MDcxM1owaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCAxMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDZOo1klYd2duhhw+ll9Ka3DHcOSxDoFKPhhGl8jpfSfQGtstxczcaR
+ofOTfFQ2ZOPKIsoAy8aRq2smiGlgmmHXWRfbk30JNtooy+wtpCa7GkIguAiyD7l3
+poBxzxP1N6KQTavol0nSgJSPsZ1atJ/e//q21uBFX8zUEB4yRnu6VQIDAQABo4HH
+MIHEMB0GA1UdDgQWBBQ3cXSBRN0esWCWQbdLOMS3eRvPijCBkQYDVR0jBIGJMIGG
+gBQP+sbr3864u7OpPkKmuuzSk8pHpKFjpGEwXzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAxggkAlbAFK+3COS0wDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAY9gJedQRf6zsHQYXAnggpWD21b8Kq
+JA2THRf8vtZDrEPXTaAsQP091X6RRiVJYrrpf2fC/IrDoDe/7PlUv2EQNd1bu9p8
+cFQyE7mufeqlfapVPu8K7xL9w/blJZiXNAJk/Yh5s+L0/P/n05jx2dUY2bRirpmI
+YS7/AmoTNf43xw==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/crl/DO_NOT_CREATE_A_CRL b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/crl/DO_NOT_CREATE_A_CRL
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/crl/DO_NOT_CREATE_A_CRL
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/crlnumber
new file mode 100755
index 000000000000..83b33d238dab
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/crlnumber
@@ -0,0 +1 @@
+1000
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/index.txt
new file mode 100755
index 000000000000..e2027ce9f4ce
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/index.txt
@@ -0,0 +1 @@
+V 341112152323Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=User 1 Sub CA 1 Root 1
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..e7d22dfd0c87
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/newcerts/1000.pem
@@ -0,0 +1,58 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 1
+ Validity
+ Not Before: Nov 18 15:23:23 2009 GMT
+ Not After : Nov 12 15:23:23 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 1 Sub CA 1 Root 1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c8:41:66:84:c7:d5:c5:72:8f:a6:98:1b:59:e2:
+ 33:ca:0d:d2:24:b3:c1:47:db:11:e2:bf:23:da:32:
+ 68:41:cc:ff:28:fe:9a:39:49:e7:08:f0:22:75:15:
+ 61:99:9e:99:e5:14:65:71:60:00:0f:58:42:70:78:
+ 5a:1e:d8:fa:97:92:82:0e:e3:0c:ac:20:dc:b8:e3:
+ 5e:87:8b:89:e3:a1:c3:87:49:1d:92:a5:fd:7c:77:
+ 79:ce:1f:fa:9c:5a:17:d9:11:0c:f2:7f:1a:fa:d8:
+ 32:41:f8:69:80:ae:8a:66:bd:36:c2:21:65:57:08:
+ be:cf:f0:ec:83:15:98:6d:65
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ FF:BB:B0:7F:E3:0E:E3:8C:CF:EC:88:49:A9:0E:62:B5:D3:60:12:46
+ X509v3 Authority Key Identifier:
+ keyid:37:71:74:81:44:DD:1E:B1:60:96:41:B7:4B:38:C4:B7:79:1B:CF:8A
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 33:dd:e8:57:3e:69:1b:a0:4c:83:51:99:dd:73:b0:0c:cb:c7:
+ c0:ff:12:8b:b6:3b:59:12:b9:f1:20:87:75:f0:71:6e:bc:94:
+ 47:72:62:ae:93:90:05:e2:ff:63:31:5a:d2:80:a5:4a:7f:57:
+ e9:f7:4e:3e:be:bd:4c:9e:74:07:19:b0:4d:88:97:af:23:a7:
+ 5a:23:af:d1:a9:98:9b:55:7e:fa:6b:18:77:03:c4:aa:49:bc:
+ b6:3d:66:3e:8d:0a:80:5f:ac:b9:58:fb:11:ef:60:db:ad:a8:
+ 79:41:83:1a:6a:61:87:99:64:2d:e4:6a:bb:c0:30:00:dd:69:
+ e5:92
+-----BEGIN CERTIFICATE-----
+MIICvjCCAiegAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCAxMB4XDTA5
+MTExODE1MjMyM1oXDTM0MTExMjE1MjMyM1owbzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEfMB0GA1UEAxMWVXNlciAxIFN1YiBDQSAxIFJvb3QgMTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyEFmhMfVxXKPppgbWeIzyg3SJLPBR9sR
+4r8j2jJoQcz/KP6aOUnnCPAidRVhmZ6Z5RRlcWAAD1hCcHhaHtj6l5KCDuMMrCDc
+uONeh4uJ46HDh0kdkqX9fHd5zh/6nFoX2REM8n8a+tgyQfhpgK6KZr02wiFlVwi+
+z/DsgxWYbWUCAwEAAaNwMG4wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBT/u7B/4w7jjM/siEmpDmK102ASRjAf
+BgNVHSMEGDAWgBQ3cXSBRN0esWCWQbdLOMS3eRvPijANBgkqhkiG9w0BAQUFAAOB
+gQAz3ehXPmkboEyDUZndc7AMy8fA/xKLtjtZErnxIId18HFuvJRHcmKuk5AF4v9j
+MVrSgKVKf1fp904+vr1MnnQHGbBNiJevI6daI6/RqZibVX76axh3A8SqSby2PWY+
+jQqAX6y5WPsR72Dbrah5QYMaamGHmWQt5Gq7wDAA3Wnlkg==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..602026a47014
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4E900CB191575111
+
+vHLTGKUgxa3C35alVr0gWT30x8WW5Pmz4oFv23fMMWIXjrp/QLlRRmd2AO9H8rLb
+3MWnA7cby5UTcrcsqwBA30TqhduNDi4iQFcOM60/S7yUFKjF5nj9bGi8XuUzMgTx
+OrJuxMGkayLiELskZxEpi6SJvTEsSdreT6OvyhzXQfAFDodoJSW65oF08cuYxXzi
+FFYFqvyWXa29WUyinBav5k3Mjax3Av3dYfMf/1u2n4vjGyjkfMg7mHrno19daWqa
+FJsxHHFezq//G5+JvePWFQUo1b0fVh13fx9x1dCbCRGQ9duSXaI7BNfl2Jd2rlVk
+xUMqnvd8VBNkW1AHxZL4csurQyO8ZQzg46w/kWaIMroeXbUnZYNJV7/TCs6nLGJF
+iNwtsFAjunWgWttFbMx3X7L7T6f6cWXocOOTNeIDpH+W6Pw9vltrjzNPAyBBok17
+sboWXDtlihMrSq5lWzUSPE8gOueh7Bcf7fSnLTeXuOXgKooJVXelookSQzsilWmS
+Fo5PTM+jOOaXVlbf8zfKFreLawohNkzagIxrCEP+HU+tF52ybJDP4mwPi1sQNcA0
+0luHyCL5EmaH5hVIqYeGUQoNPois5TqgYH1SEujyIuoNdEBi5r5qIRR/zz+BEpKU
+Z1B+HmmSWb0hjfenFSSaSSmGyS6VW1wZsU2B+wcPr7r0uFqoWllkxYNmSdky6qmw
+4Or0D6ayFUaJOQG6aTEfEVS31B4TUfFGfOLbeuUdwNa4/pNwMeFFSx+Xj7J3oYrn
+udjIL0Hz8hhjLVXaPVcu/qkZ7pXhOVlRQJ7byx730G3+elUFalJ/eQ==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/serial b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/serial
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/demoCA/serial
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/openssl.cfg b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/openssl.cfg
new file mode 100755
index 000000000000..bf73e3549d66
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_1/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+#crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Test_CA_2009.2.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/DO_NOT_INSTALL_THIS_CERTIFICATE b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/DO_NOT_INSTALL_THIS_CERTIFICATE
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/DO_NOT_INSTALL_THIS_CERTIFICATE
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/README.txt b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/README.txt
new file mode 100755
index 000000000000..a18ed9ce0cd9
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/README.txt
@@ -0,0 +1,19 @@
+Do NOT install !!!
+
+
+
+To provide the CRL via HTTP run
+
+
+
+java -jar ../../tools/httpserv/dist/httpserv.jar -a 8902
+
+
+To provide the intermediate certificate run
+
+java -jar ../../tools/httpserv/dist/httpserv.jar -a 8910
+
+
+
+
+
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/DO_NOT_INSTALL_THIS_CERTIFICATE b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/DO_NOT_INSTALL_THIS_CERTIFICATE
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/DO_NOT_INSTALL_THIS_CERTIFICATE
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/Sub_CA_1_Root_10.crt b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/Sub_CA_1_Root_10.crt
new file mode 100755
index 000000000000..2bb9a4289404
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/Sub_CA_1_Root_10.crt
Binary files differ
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/cacert.pem
new file mode 100755
index 000000000000..1f27b97b3d17
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/cacert.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 10
+ Validity
+ Not Before: Nov 23 15:14:48 2009 GMT
+ Not After : Nov 17 15:14:48 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 10
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e4:d5:66:14:88:9f:79:41:50:b0:d1:a0:1b:98:
+ bf:b0:21:34:30:36:70:58:6f:8b:58:f1:b9:58:3a:
+ ce:29:6b:65:b6:11:f7:0d:c8:a6:c3:be:db:0f:2a:
+ 4e:c7:42:df:c9:0e:13:c0:00:0f:af:b5:71:c4:bc:
+ dd:82:fc:4a:27:c0:ee:af:ba:e1:7b:67:de:6b:bb:
+ ac:4c:fe:88:01:1a:73:4e:f5:32:15:3a:d0:cb:6b:
+ 97:84:1b:6c:d0:d6:91:a8:a4:5a:87:2a:69:61:36:
+ 1d:42:cc:16:d0:03:9c:c6:90:5c:61:20:8b:b1:be:
+ b6:54:24:5b:6f:1f:a9:5a:6f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 11:63:A1:BE:8B:E3:56:07:E6:A3:9F:23:39:72:7D:E3:22:B6:53:39
+ X509v3 Authority Key Identifier:
+ keyid:C8:A7:A3:80:20:74:6C:6F:EC:11:7A:F6:BE:26:10:37:31:87:B0:7A
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 10
+ serial:BF:C8:0F:BB:D9:A0:3A:6B
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 6b:0f:75:6d:56:b0:4e:45:19:65:ad:50:ef:4e:87:6c:95:5d:
+ 05:39:5a:43:5c:b4:51:25:9a:ec:f4:93:d1:f0:f6:91:dd:a3:
+ 77:95:0c:74:3c:a9:7c:c2:f6:62:ce:bf:58:5f:66:1f:d0:55:
+ ca:d8:2d:c4:1e:29:3a:ad:55:2c:9d:2c:8f:8e:9e:ce:ac:17:
+ 7e:1b:d1:16:d9:12:76:5c:2d:3f:9d:70:66:aa:39:34:f0:ec:
+ 31:4b:4b:5a:14:0c:c5:5b:3c:c8:47:02:90:cb:77:d7:4f:88:
+ 10:a7:80:3d:ca:19:5c:b5:04:c9:f0:e1:1b:5a:5f:fb:61:b2:
+ 14:b5
+-----BEGIN CERTIFICATE-----
+MIIDCTCCAnKgAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMDAeFw0wOTExMjMxNTE0
+NDhaFw0zNDExMTcxNTE0NDhaMGkxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxGTAXBgNVBAMTEFN1YiBDQSAxIFJvb3QgMTAwgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBAOTVZhSIn3lBULDRoBuYv7AhNDA2cFhvi1jxuVg6zilrZbYR9w3I
+psO+2w8qTsdC38kOE8AAD6+1ccS83YL8SifA7q+64Xtn3mu7rEz+iAEac071MhU6
+0Mtrl4QbbNDWkaikWocqaWE2HULMFtADnMaQXGEgi7G+tlQkW28fqVpvAgMBAAGj
+gcgwgcUwHQYDVR0OBBYEFBFjob6L41YH5qOfIzlyfeMitlM5MIGSBgNVHSMEgYow
+gYeAFMino4AgdGxv7BF69r4mEDcxh7B6oWSkYjBgMQswCQYDVQQGEwJERTEQMA4G
+A1UECBMHSGFtYnVyZzEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRAwDgYDVQQDEwdSb290IDEwggkAv8gPu9mgOmswDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBrD3VtVrBORRllrVDvTodslV0F
+OVpDXLRRJZrs9JPR8PaR3aN3lQx0PKl8wvZizr9YX2Yf0FXK2C3EHik6rVUsnSyP
+jp7OrBd+G9EW2RJ2XC0/nXBmqjk08OwxS0taFAzFWzzIRwKQy3fXT4gQp4A9yhlc
+tQTJ8OEbWl/7YbIUtQ==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crl/DO_NOT_INSTALL_THIS_CRL b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crl/DO_NOT_INSTALL_THIS_CRL
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crl/DO_NOT_INSTALL_THIS_CRL
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crl/Sub_CA_1_Root_10.crl b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crl/Sub_CA_1_Root_10.crl
new file mode 100755
index 000000000000..67ed32da5f5b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crl/Sub_CA_1_Root_10.crl
Binary files differ
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crlnumber
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/crlnumber
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/index.txt
new file mode 100755
index 000000000000..810ec7ef2ffe
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/index.txt
@@ -0,0 +1 @@
+V 341117153149Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=User 1 Sub CA 1 Root 10
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..7449048bbc59
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/newcerts/1000.pem
@@ -0,0 +1,67 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 10
+ Validity
+ Not Before: Nov 23 15:31:49 2009 GMT
+ Not After : Nov 17 15:31:49 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 1 Sub CA 1 Root 10
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ce:41:53:5f:ba:d9:26:e4:45:14:74:a9:f2:9e:
+ fa:91:50:ea:fe:e7:76:76:6e:62:26:4c:a2:bd:c9:
+ 98:ce:1d:b3:74:ea:95:04:ec:d8:24:ac:29:de:2d:
+ 7f:2f:7f:10:94:24:d2:0c:0b:ff:d0:38:f1:a9:8f:
+ ee:25:97:bf:bd:b0:1f:24:d7:9d:7a:20:79:c0:73:
+ 97:12:cb:5a:cf:6d:4f:df:4a:a8:9c:1b:be:49:63:
+ 1f:b1:03:6d:c6:5f:69:5c:0d:7e:81:23:48:2a:76:
+ 80:53:53:d2:03:f6:56:6d:dc:e3:cc:be:cb:0f:c3:
+ 1b:b7:6e:79:33:e0:da:f6:5d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Authority Information Access:
+ CA Issuers - URI:http://localhost:8910/demoCA/Sub_CA_1_Root_10.crt
+
+ X509v3 CRL Distribution Points:
+ URI:http://localhost:8902/demoCA/crl/Sub_CA_1_Root_10.crl
+
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 90:DC:ED:B0:CB:62:A1:BE:8F:23:65:01:79:14:85:22:48:70:7B:A1
+ X509v3 Authority Key Identifier:
+ keyid:11:63:A1:BE:8B:E3:56:07:E6:A3:9F:23:39:72:7D:E3:22:B6:53:39
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 54:e3:d2:eb:dc:aa:db:8b:88:34:c6:b9:5b:f6:d8:ca:81:24:
+ d0:ba:4c:c2:a7:8e:82:22:d3:68:64:c9:61:9b:0a:00:3e:d1:
+ 4e:cb:83:1d:b9:c7:07:6a:5e:7b:b4:ca:92:0c:93:d7:9e:99:
+ e1:58:47:17:b0:a7:6d:68:5f:e5:59:f9:2a:d1:96:df:b6:9f:
+ bc:47:40:f2:71:ed:71:2b:8a:6e:6f:aa:29:9f:4d:98:ee:f1:
+ aa:63:b4:44:39:58:8a:f8:c2:af:8d:c1:49:92:b4:99:02:2f:
+ 27:c7:5b:f5:30:7c:ed:67:ff:cd:12:dc:a7:c4:8e:98:4f:2c:
+ e0:05
+-----BEGIN CERTIFICATE-----
+MIIDODCCAqGgAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwaTELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEZMBcGA1UEAxMQU3ViIENBIDEgUm9vdCAxMDAeFw0w
+OTExMjMxNTMxNDlaFw0zNDExMTcxNTMxNDlaMHAxCzAJBgNVBAYTAkRFMRAwDgYD
+VQQIEwdIYW1idXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxML
+RGV2ZWxvcG1lbnQxIDAeBgNVBAMTF1VzZXIgMSBTdWIgQ0EgMSBSb290IDEwMIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOQVNfutkm5EUUdKnynvqRUOr+53Z2
+bmImTKK9yZjOHbN06pUE7NgkrCneLX8vfxCUJNIMC//QOPGpj+4ll7+9sB8k1516
+IHnAc5cSy1rPbU/fSqicG75JYx+xA23GX2lcDX6BI0gqdoBTU9ID9lZt3OPMvssP
+wxu3bnkz4Nr2XQIDAQABo4HnMIHkME0GCCsGAQUFBwEBBEEwPzA9BggrBgEFBQcw
+AoYxaHR0cDovL2xvY2FsaG9zdDo4OTEwL2RlbW9DQS9TdWJfQ0FfMV9Sb290XzEw
+LmNydDBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vbG9jYWxob3N0Ojg5MDIvZGVt
+b0NBL2NybC9TdWJfQ0FfMV9Sb290XzEwLmNybDALBgNVHQ8EBAMCBeAwHQYDVR0O
+BBYEFJDc7bDLYqG+jyNlAXkUhSJIcHuhMB8GA1UdIwQYMBaAFBFjob6L41YH5qOf
+IzlyfeMitlM5MA0GCSqGSIb3DQEBBQUAA4GBAFTj0uvcqtuLiDTGuVv22MqBJNC6
+TMKnjoIi02hkyWGbCgA+0U7Lgx25xwdqXnu0ypIMk9eemeFYRxewp21oX+VZ+SrR
+lt+2n7xHQPJx7XErim5vqimfTZju8apjtEQ5WIr4wq+NwUmStJkCLyfHW/UwfO1n
+/80S3KfEjphPLOAF
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..260e3aa94624
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,170F9697C268C4B5
+
+eIaE0ShuxMcOUBJBlI7PXIuKg69hDunjUz55iy0I+4sGc9tFK+vtjvDZWxx+dpZI
+WKGto0fDeobBf3f2xgKQFcwAtUPtiTMXk8C0BYfAbXsTYBgOgvKwJGOIo5FsjukZ
+VJCNlUM1mwX5P3OrLdyT0j8OoL6lINztYDhSC8XL12YJk1j05yN4Gl8N108JQMLA
+sywA2Q6WIhPloZQXtHkiN2mlQ7WWwbSBbaUbdXNQKk6sXelFLPMOk+JOTCLp9kHU
+svTBAg7RyWKBuUmtEmkipNLtYhdkRVJ/dgL3/TAsZET6cjDd/eZg+1Kl0pn93KGv
+avSQKppkKNjUcWkZiuM1imS8+0qeMiw56JQGzMdEeSjadcTdsyYb0lssXmndK/z0
+90bA6GegvCnsq6Wj0Nz97GbK+ZMzA76e+HPQLli0j3poAlVwdzBCFRyLO4ET5Qzl
+OhTewxKZxe2yx75chECWJS+CLOajHkVyUe3x6QzyVuU+YZqjXWkJP7rTcQJZFcml
++3PHYWy5RnZ2sKOegksr3+QtL+UmDVa1xEeIhk3m0IMiYZ9HNWlrg1gedY02y9yY
+MGsCOkCF10KnCNIp4j5s1kGMicdMquDt0jTXwu+8jt6Skh8FWcr9aLf0bNc63oHg
+NaI7Y3+Ssl3GLUGFOGwC0lpooZ10SoJJDK9xxEjt48vUfX+Npn3bRv+UlwfLBYLo
+GENyNV3OVAsKYQ8fGIh/gTeIqwMUdo7Efcs6bdeqiOrYQhBl04Gty0I4cO6/lFGd
+by/4SesYDXoVtaKto1B5VOQn+QxovF7eY1pK6wDBU8+EaJbGSNK9Rw==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/serial b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/serial
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/demoCA/serial
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/openssl.cfg b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/openssl.cfg
new file mode 100755
index 000000000000..c67e455ac4e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_10/openssl.cfg
@@ -0,0 +1,293 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8889
+authorityInfoAccess = caIssuers;URI:http://localhost:8910/demoCA/Sub_CA_1_Root_10.crt
+crlDistributionPoints=URI:http://localhost:8902/demoCA/crl/Sub_CA_1_Root_10.crl
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+#nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+#crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Test_CA_2009.2.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/cacert.pem
new file mode 100755
index 000000000000..36a8eb3c0709
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/cacert.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 2
+ Validity
+ Not Before: Nov 18 15:55:38 2009 GMT
+ Not After : Nov 12 15:55:38 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:f0:7a:16:4c:ab:06:b2:af:27:9c:7d:3f:86:da:
+ de:7a:c3:01:67:77:56:49:09:ed:ed:31:72:83:e8:
+ 75:9c:4c:ce:f9:97:b6:63:3c:e2:ca:83:80:92:03:
+ 9c:96:e2:de:72:79:c1:cf:3e:3f:b9:0d:b4:87:c7:
+ 75:e6:56:8d:aa:f8:77:47:11:4e:fe:07:b0:1d:64:
+ 06:73:4b:6f:d4:ac:da:0f:05:87:b1:f1:98:a9:f5:
+ 8a:a1:a8:ed:17:9c:26:b8:da:92:63:d2:53:87:e6:
+ fc:ed:44:de:94:56:90:3e:a2:a1:67:08:cb:38:d4:
+ cf:17:3b:7e:ff:7a:97:c0:7b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 8C:F3:2C:30:A2:E8:62:50:70:BC:FC:71:A0:41:FA:E0:58:B4:4D:B8
+ X509v3 Authority Key Identifier:
+ keyid:5F:BC:4C:DA:EB:0A:0C:B5:23:43:5E:24:32:27:79:41:F5:82:A3:02
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 2
+ serial:A2:AF:15:89:EC:73:54:86
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 52:83:16:ab:0e:43:2d:b3:e4:0f:6c:c1:63:d4:86:ac:e7:1e:
+ ee:7b:ee:9b:0c:ff:4f:e0:59:d5:e4:27:af:68:bf:a7:f5:2a:
+ a3:c9:e3:2b:8d:b7:31:26:f6:04:80:4e:f2:a5:bf:da:63:5e:
+ 8c:d6:c6:b2:46:a0:46:10:2f:84:9f:02:76:f3:c8:33:05:62:
+ 0c:5f:2d:cc:06:23:53:9f:d9:f8:46:e4:2e:5c:da:05:fc:bf:
+ db:45:b4:ac:8d:8b:b5:4b:60:7b:7b:26:34:7f:b1:4b:41:96:
+ 41:26:70:7a:9d:78:a2:9b:e0:de:62:a2:04:86:9f:ed:7c:a6:
+ 20:eb
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAm+gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAyMB4XDTA5MTExODE1NTUz
+OFoXDTM0MTExMjE1NTUzOFowaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCAyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDwehZMqwayryecfT+G2t56wwFnd1ZJCe3tMXKD6HWcTM75l7ZjPOLK
+g4CSA5yW4t5yecHPPj+5DbSHx3XmVo2q+HdHEU7+B7AdZAZzS2/UrNoPBYex8Zip
+9YqhqO0XnCa42pJj0lOH5vztRN6UVpA+oqFnCMs41M8XO37/epfAewIDAQABo4HH
+MIHEMB0GA1UdDgQWBBSM8ywwouhiUHC8/HGgQfrgWLRNuDCBkQYDVR0jBIGJMIGG
+gBRfvEza6woMtSNDXiQyJ3lB9YKjAqFjpGEwXzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAyggkAoq8ViexzVIYwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBSgxarDkMts+QPbMFj1Ias5x7ue+6b
+DP9P4FnV5CevaL+n9SqjyeMrjbcxJvYEgE7ypb/aY16M1sayRqBGEC+EnwJ288gz
+BWIMXy3MBiNTn9n4RuQuXNoF/L/bRbSsjYu1S2B7eyY0f7FLQZZBJnB6nXiim+De
+YqIEhp/tfKYg6w==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/crlnumber
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/crlnumber
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/index.txt
new file mode 100755
index 000000000000..ae1f2d1e4c05
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/index.txt
@@ -0,0 +1 @@
+V 341112160955Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=User 1 Sub CA 1 Root 2
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..a8c0b74caf11
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/newcerts/1000.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 2
+ Validity
+ Not Before: Nov 18 16:09:55 2009 GMT
+ Not After : Nov 12 16:09:55 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 1 Sub CA 1 Root 2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c7:00:aa:e0:5a:42:af:9c:b5:43:8c:f4:7d:7a:
+ 0f:ee:a9:19:22:d8:47:14:af:b4:e4:dd:5d:41:92:
+ a1:2b:32:39:5c:71:88:10:e3:77:87:b6:d5:38:85:
+ de:4b:91:c6:17:97:8e:3d:96:b3:af:8c:9d:74:8c:
+ 88:7f:2a:72:9a:ca:1a:1b:56:6c:63:2e:a4:a0:fc:
+ 3a:7b:0d:c2:16:15:d0:80:15:29:de:cd:0b:74:bc:
+ 5e:31:84:71:a4:fd:be:9b:06:6a:0c:47:1d:f9:e4:
+ c1:98:ae:46:e6:e2:51:55:d5:bb:ab:05:28:69:b5:
+ f8:35:32:d6:f0:64:d8:44:81
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 71:60:2B:22:B5:DF:FC:38:7E:79:F3:EF:7C:96:5F:C1:D2:42:9C:61
+ X509v3 Authority Key Identifier:
+ keyid:8C:F3:2C:30:A2:E8:62:50:70:BC:FC:71:A0:41:FA:E0:58:B4:4D:B8
+
+ Signature Algorithm: sha1WithRSAEncryption
+ e5:b8:1a:43:82:75:20:48:e0:52:d0:46:25:6f:f7:5b:a9:3f:
+ 9e:cd:db:45:da:15:53:95:e7:c8:74:7b:e0:e4:2c:8c:f6:4d:
+ 1c:73:6e:2c:11:eb:c1:dc:4c:1d:50:e3:e8:10:2f:03:20:06:
+ ff:d7:4f:c9:a2:2e:ef:85:27:92:31:47:64:c8:75:f2:fc:a4:
+ 9d:c9:53:55:c5:da:69:b0:96:99:fd:ac:c4:16:40:ea:0c:1b:
+ 32:c3:fd:65:1d:03:ad:be:60:88:7c:70:53:35:91:ce:13:e2:
+ 3d:23:6b:e8:23:c0:3c:9a:57:5f:ad:4b:03:94:92:16:62:f9:
+ d4:01
+-----BEGIN CERTIFICATE-----
+MIICyzCCAjSgAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCAyMB4XDTA5
+MTExODE2MDk1NVoXDTM0MTExMjE2MDk1NVowbzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEfMB0GA1UEAxMWVXNlciAxIFN1YiBDQSAxIFJvb3QgMjCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxwCq4FpCr5y1Q4z0fXoP7qkZIthHFK+0
+5N1dQZKhKzI5XHGIEON3h7bVOIXeS5HGF5eOPZazr4yddIyIfypymsoaG1ZsYy6k
+oPw6ew3CFhXQgBUp3s0LdLxeMYRxpP2+mwZqDEcd+eTBmK5G5uJRVdW7qwUoabX4
+NTLW8GTYRIECAwEAAaN9MHswCwYDVR0PBAQDAgXgMCwGCWCGSAGG+EIBDQQfFh1P
+cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcWArIrXf/Dh+
+efPvfJZfwdJCnGEwHwYDVR0jBBgwFoAUjPMsMKLoYlBwvPxxoEH64Fi0TbgwDQYJ
+KoZIhvcNAQEFBQADgYEA5bgaQ4J1IEjgUtBGJW/3W6k/ns3bRdoVU5XnyHR74OQs
+jPZNHHNuLBHrwdxMHVDj6BAvAyAG/9dPyaIu74UnkjFHZMh18vyknclTVcXaabCW
+mf2sxBZA6gwbMsP9ZR0Drb5giHxwUzWRzhPiPSNr6CPAPJpXX61LA5SSFmL51AE=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..ba6119464f9e
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A5EF3D451C410026
+
+RByk5Bn7uG1eixW1qTghnNri2bQHvnrNUYcpSL/mJIx6NjuYEY6vE/vQ9A9qcjuZ
+8NInLR1w+EmSlDS499za8dfllaJ4/djswWN+4gtkoP/kKF390AcNgIpf/gIiJX6d
+tkrw3Esst2gUwdtdhWItQNh0qZoeWpY9KlraDdEYVZt46JmsgwEIufzHyHTHf53C
+E9ZP7/vYBQeHPOvMGsvhwZWAZZOO5GnD4fktbVAnybQdnlPgJDrRTGabbTdawQNc
+8GJoG6hgJPcwlYm7NbRrtB18L3bG4bxx95fjqeOtvGDSUxSY+FNV7B2xQpivnBu6
+ppLdwTRYHQGOCJSCZoCtW+GYM7wXR2L4kGXMPwB4hHUAQXt+Tva9TP0t96313lMW
+bFTRgTcT71eBidEkUIn1OrOL/Al2lXvSaDhm0P2F0yElzj3JN/gqrIUChaXWcLrS
+CZuOGA2zGpoBASQ5jF+CyC+5mEkmDgvbmAXiJNjNmK/ColklpTNRSGk65Vr8AufA
+d/yoSQCGprhMgqhviue40MGSsOD58TLwR4Tsm5ptze0QYRNC2SkKCrgtS0IEXh/Z
+/9cMAgwOypW1T7LMOV+rG9DOyKx9Ye+oxPLCHdS7wN4h6blusiESbbUW0f5wqAzF
+FCe6VEd+AjahnQLjw7O8vP4zl8q99cjOYD5SB+wqYrr0beEely7xdpKrDMgXqiBe
+tOE9XvgU9KR59GZd0l6FPRkpZCUA+3Wuu4Zvrbam5kEbxVy+VTamWd5cRrxbJBM4
+Ipn414lfeq/5Foz13roErJE6gbWxXeCFDzg0z5fjWc2T41PX58x4Tw==
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/req.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/req.pem
new file mode 100755
index 000000000000..cc93d02e540c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBqDCCARECAQAwaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxFzAV
+BgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEYMBYG
+A1UEAxMPU3ViIENBIDEgUm9vdCAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDwehZMqwayryecfT+G2t56wwFnd1ZJCe3tMXKD6HWcTM75l7ZjPOLKg4CSA5yW
+4t5yecHPPj+5DbSHx3XmVo2q+HdHEU7+B7AdZAZzS2/UrNoPBYex8Zip9YqhqO0X
+nCa42pJj0lOH5vztRN6UVpA+oqFnCMs41M8XO37/epfAewIDAQABoAAwDQYJKoZI
+hvcNAQEFBQADgYEADbuni6Yq0l5FJGFDUaabv4T75XxyMWy+k6wSojSt1thtwcJI
+Bx5x1ngG5VyxeNmqyjLvd2KeYsVaV8M9J9ty40QGL8F83OArJPGADtBSM+gwmjdu
+C+ksYL+5Yl8vSY3M7tKqJB2AFk2QlfP5okMQWRJ5QFTTwA8EFpHFsy4gsks=
+-----END CERTIFICATE REQUEST-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/serial b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/serial
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/demoCA/serial
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/openssl.cfg b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/openssl.cfg
new file mode 100755
index 000000000000..5f9493f47e9b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_2/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = Development
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#authorityInfoAccess = OCSP;URI:http://localhost:8888/
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+#authorityInfoAccess = OCSP;URI:http://localhost:8888
+#crlDistributionPoints=URI:http://localhost:8901/demoCA/crl/Test_CA_2009.2.crl
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = critical, CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/cacert.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/cacert.pem
new file mode 100755
index 000000000000..c14880b580c7
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/cacert.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 3
+ Validity
+ Not Before: Nov 20 07:40:39 2009 GMT
+ Not After : Nov 14 07:40:39 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:9e:87:1f:af:f0:a0:1c:f4:9e:f8:c3:e7:ee:d3:
+ cb:a8:e2:54:98:ba:dd:7e:dc:6e:14:e1:7e:7f:5b:
+ 1e:ef:53:3d:89:76:ea:e2:b3:6c:08:0d:e8:c8:4d:
+ 24:40:ff:92:f3:5b:51:f7:90:ac:69:37:29:90:f5:
+ e8:95:6f:67:d1:10:cd:7b:dd:65:38:d6:25:ec:63:
+ 39:ba:2e:ea:13:58:8e:7a:82:8e:10:d1:7b:77:7a:
+ 08:d5:82:66:62:a4:83:39:ad:f5:83:d5:2f:5c:bc:
+ 23:6e:c8:78:8b:38:9f:eb:a3:67:ba:43:fa:e4:07:
+ 3f:90:72:db:0c:f9:49:0e:0d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 1B:2D:E0:A2:26:7F:0D:BA:38:7E:EC:06:81:81:0F:12:74:4C:5A:4D
+ X509v3 Authority Key Identifier:
+ keyid:69:FF:30:EC:1F:34:9A:67:3A:6B:20:D2:DF:7F:F5:05:04:ED:F9:1C
+ DirName:/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=Root 3
+ serial:95:6F:F0:E3:2B:BE:76:F9
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 6f:ac:53:9d:16:6e:95:ed:97:60:ed:c8:a8:96:ab:24:c5:1e:
+ d5:d7:26:98:fb:b5:aa:ef:da:a4:91:6a:82:55:ec:21:a2:08:
+ 24:c7:0c:a7:58:0c:06:69:3d:04:7d:08:f1:0b:77:41:ad:1c:
+ 13:c2:bd:17:c9:9e:ff:df:64:69:8b:58:f1:bc:40:bd:cf:e4:
+ 57:29:bc:5e:93:84:61:56:4c:e6:c1:3a:2c:6e:71:ea:5d:67:
+ c0:54:be:4f:2f:27:a8:59:8d:29:94:ba:c6:6c:ff:ed:25:3d:
+ 0b:fa:93:c9:45:f4:d5:a3:3d:be:8a:f1:9d:c4:92:d5:5c:d2:
+ 77:7c
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAm+gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAzMB4XDTA5MTEyMDA3NDAz
+OVoXDTM0MTExNDA3NDAzOVowaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1
+cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVu
+dDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCAzMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQCehx+v8KAc9J74w+fu08uo4lSYut1+3G4U4X5/Wx7vUz2Jduris2wI
+DejITSRA/5LzW1H3kKxpNymQ9eiVb2fREM173WU41iXsYzm6LuoTWI56go4Q0Xt3
+egjVgmZipIM5rfWD1S9cvCNuyHiLOJ/ro2e6Q/rkBz+QctsM+UkODQIDAQABo4HH
+MIHEMB0GA1UdDgQWBBQbLeCiJn8Nujh+7AaBgQ8SdExaTTCBkQYDVR0jBIGJMIGG
+gBRp/zDsHzSaZzprINLff/UFBO35HKFjpGEwXzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEPMA0GA1UEAxMGUm9vdCAzggkAlW/w4yu+dvkwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBvrFOdFm6V7Zdg7ciolqskxR7V1yaY
++7Wq79qkkWqCVewhoggkxwynWAwGaT0EfQjxC3dBrRwTwr0XyZ7/32Rpi1jxvEC9
+z+RXKbxek4RhVkzmwTosbnHqXWfAVL5PLyeoWY0plLrGbP/tJT0L+pPJRfTVoz2+
+ivGdxJLVXNJ3fA==
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/crl/DO_NOT_CREATE_A_CRL b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/crl/DO_NOT_CREATE_A_CRL
new file mode 100755
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/crl/DO_NOT_CREATE_A_CRL
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/crlnumber b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/crlnumber
new file mode 100755
index 000000000000..83b33d238dab
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/crlnumber
@@ -0,0 +1 @@
+1000
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/index.txt
new file mode 100755
index 000000000000..bd3b5eaeaeb0
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/index.txt
@@ -0,0 +1 @@
+V 341114075225Z 1000 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=User 1 Sub CA 1 Root 3
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/index.txt.attr b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/index.txt.attr
new file mode 100755
index 000000000000..8f7e63a3475c
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/newcerts/1000.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/newcerts/1000.pem
new file mode 100755
index 000000000000..46d60bda0a83
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/newcerts/1000.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Sub CA 1 Root 3
+ Validity
+ Not Before: Nov 20 07:52:25 2009 GMT
+ Not After : Nov 14 07:52:25 2034 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 1 Sub CA 1 Root 3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:bc:82:f1:75:77:02:f8:fb:3a:c2:8d:3c:1b:cb:
+ b2:63:2e:89:07:92:6b:b4:e1:ab:ce:30:a1:a4:82:
+ 38:30:64:2a:ba:01:c6:ac:ee:03:cc:65:bf:83:3e:
+ 39:b8:ce:ac:45:99:97:f9:94:e2:7d:5d:f3:c5:f7:
+ d4:a5:d6:57:cf:24:c1:d7:56:eb:00:9c:5d:80:bc:
+ 23:0c:91:d6:8e:2a:62:f6:af:4d:c9:19:5b:dd:16:
+ be:21:54:51:71:be:f2:c6:64:c5:bb:8e:37:49:c9:
+ 4d:68:82:3a:42:8a:e3:de:ab:fa:c7:ff:a5:b4:c7:
+ 53:8f:17:a4:66:9d:c3:8e:b1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 0B:DD:2E:E9:5C:8A:5F:67:C9:75:4C:B3:04:DB:95:2F:D8:74:76:EF
+ X509v3 Authority Key Identifier:
+ keyid:1B:2D:E0:A2:26:7F:0D:BA:38:7E:EC:06:81:81:0F:12:74:4C:5A:4D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 18:2f:af:1a:27:c7:f8:81:cd:d5:31:a0:f2:06:05:94:d6:12:
+ 11:88:24:ae:4f:f6:86:18:bf:d0:1b:c9:19:7a:47:30:0e:fb:
+ 30:b2:50:31:8d:30:6b:8b:54:17:67:bc:b8:c1:d5:1c:6c:95:
+ c5:e4:c4:ad:12:39:2f:38:ee:53:6a:cf:be:1c:4f:ac:98:0c:
+ ea:eb:0b:48:3d:5e:7a:2b:ed:02:8b:34:89:0a:d8:32:b4:6f:
+ f4:b2:06:96:aa:6b:ae:19:38:ec:9f:47:43:3b:7b:bd:71:38:
+ 99:4f:b4:1e:87:95:73:63:76:d4:ff:21:57:2c:c3:f4:3c:fd:
+ cb:c3
+-----BEGIN CERTIFICATE-----
+MIICyzCCAjSgAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEYMBYGA1UEAxMPU3ViIENBIDEgUm9vdCAzMB4XDTA5
+MTEyMDA3NTIyNVoXDTM0MTExNDA3NTIyNVowbzELMAkGA1UEBhMCREUxEDAOBgNV
+BAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtE
+ZXZlbG9wbWVudDEfMB0GA1UEAxMWVXNlciAxIFN1YiBDQSAxIFJvb3QgMzCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvILxdXcC+Ps6wo08G8uyYy6JB5JrtOGr
+zjChpII4MGQqugHGrO4DzGW/gz45uM6sRZmX+ZTifV3zxffUpdZXzyTB11brAJxd
+gLwjDJHWjipi9q9NyRlb3Ra+IVRRcb7yxmTFu443SclNaII6Qorj3qv6x/+ltMdT
+jxekZp3DjrECAwEAAaN9MHswCwYDVR0PBAQDAgXgMCwGCWCGSAGG+EIBDQQfFh1P
+cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUC90u6VyKX2fJ
+dUyzBNuVL9h0du8wHwYDVR0jBBgwFoAUGy3goiZ/Dbo4fuwGgYEPEnRMWk0wDQYJ
+KoZIhvcNAQEFBQADgYEAGC+vGifH+IHN1TGg8gYFlNYSEYgkrk/2hhi/0BvJGXpH
+MA77MLJQMY0wa4tUF2e8uMHVHGyVxeTErRI5LzjuU2rPvhxPrJgM6usLSD1eeivt
+Aos0iQrYMrRv9LIGlqprrhk47J9HQzt7vXE4mU+0HoeVc2N21P8hVyzD9Dz9y8M=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/private/cakey.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/private/cakey.pem
new file mode 100755
index 000000000000..8d893cdf9e43
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EF032FCF0827A7AA
+
+vTlvOy1d4MK41zEZfeUWDO7kjLqZ53jK6JdXhKT2P9MnstGf1S0QxwbEKP+KWj+4
+lwS7fSXs6/s2Q5OrG9QSV4bm5Sob0OpDfoc1GS24uSGvYXzhuyM9sjiITXvyGKCH
++0VQPV/GSXWShsk5CCzUXIBSBHDVxlEzmBvzWiHfcLEAwF1JJlh6ex9Xju9JL9sN
+Gp4VMw9PML11V4iqNXKeyBZ87Bv/yew+bDACLCe7e1liBxdOj2ntc7mtpCrkf/pn
+hLnJ1qKodcwgmmMLufa7//E1RCBMn1gml0YXMe+Grrn7tFdVWT/puKiSrKGgIbbB
+RNf7JnG5E8Oy2V8NRk4SV5Au784fw5NMykQDCMJFp9aldwP7LlIUBPtPm/jpaY0V
+e6tKT20e4Ru2mDzyfef8nhFRogMxvPrxVSxN8aI1u/soPMp55ypWrqg99QlsiZgG
+MhpHaFODSWvHaFcwFY+gEDUmEH76S3wuOSgeFolvIPEETjw6Vc46Zi32N1ycQ1wz
+NCbIGy2ftEzKIEOeXHAsuQiP+Cic1QYJEOxhvOq9VteYfilT7D9FQ2+QOqrl4+2X
+hj2RaTJawpSFoWfEh7QM1ir0TPj3wRSTg6g3e0f+vAvI9AfVEP3ctPm6tpXirUgh
+QOA1LZKZzHUYqr0q2TBvItyGsg3w7dxyeB6brCtzOzg+GpvNhaRZ1/+SVPxzYVgf
+buLQIfvvLE6TmABxOloop1m61u6c6+Bg5kKHXSnUKehGv+iIxVLZgxrNkCFyyzX0
+Dpu9hkGYzVzE8QCujC09MZCKH/85iYGuEZtP81Mjyjs=
+-----END RSA PRIVATE KEY-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/req.pem b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/req.pem
new file mode 100755
index 000000000000..dd08bf6717c7
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBqDCCARECAQAwaDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxFzAV
+BgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEYMBYG
+A1UEAxMPU3ViIENBIDEgUm9vdCAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQCehx+v8KAc9J74w+fu08uo4lSYut1+3G4U4X5/Wx7vUz2Jduris2wIDejITSRA
+/5LzW1H3kKxpNymQ9eiVb2fREM173WU41iXsYzm6LuoTWI56go4Q0Xt3egjVgmZi
+pIM5rfWD1S9cvCNuyHiLOJ/ro2e6Q/rkBz+QctsM+UkODQIDAQABoAAwDQYJKoZI
+hvcNAQEFBQADgYEAiwW4WbC3V3wEBfPlIFiUagJHOettp5NyCzLULyQZE1FXs/zV
+RxIi3Oxdaj643QZ8h6upKf9F60T8+oG15RBdp1ZjmBXnv7ZRx33LynExbxX0XKjo
+Pg/8dGLFBomZqE8MpWbQtY5lRkQOkgt5XZLj5SMJQsgpVaAOPQcOg5Sqfag=
+-----END CERTIFICATE REQUEST-----
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/serial b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/serial
new file mode 100755
index 000000000000..dd11724042e2
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/demoCA/serial
@@ -0,0 +1 @@
+1001
diff --git a/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/openssl.cfg b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/openssl.cfg
new file mode 100755
index 000000000000..5f9493f47e9b
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Sub_CA_1_Root_3/openssl.cfg
@@ -0,0 +1,292 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = DE
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Hamburg
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = OpenOffice.org
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit