Add tls auth to lime client

- tls certificate shall already be loaded in core when the lime client
needs them, no call to the authentication requested client

coreapi/authentication.c

@@ -132,6 +132,22 @@ static const LinphoneAuthInfo *find_auth_info(LinphoneCore *lc, const char *user
 	return ret;
 }
 
+const LinphoneAuthInfo *_linphone_core_find_indexed_tls_auth_info(LinphoneCore *lc, const char *username, const char *domain) {
+	bctbx_list_t *elem;
+	for (elem=lc->auth_info;elem!=NULL;elem=elem->next) {
+		LinphoneAuthInfo *pinfo = (LinphoneAuthInfo*)elem->data;
+		// if auth info holds tls_cert and key or a path to them
+		if ((linphone_auth_info_get_tls_cert(pinfo) && linphone_auth_info_get_tls_key(pinfo)) || (linphone_auth_info_get_tls_cert_path(pinfo) && linphone_auth_info_get_tls_key_path(pinfo))) {
+			// check it matches requested username/domain
+			if (username && linphone_auth_info_get_username(pinfo) && (strcmp(username, linphone_auth_info_get_username(pinfo))==0)
+			&& domain && linphone_auth_info_get_domain(pinfo) && (strcmp(domain, linphone_auth_info_get_domain(pinfo))==0)) {
+				return pinfo;
+			}
+		}
+	}
+	return NULL;
+}
+
 const LinphoneAuthInfo *_linphone_core_find_tls_auth_info(LinphoneCore *lc) {
 	bctbx_list_t *elem;
 	for (elem=lc->auth_info;elem!=NULL;elem=elem->next) {

coreapi/private_functions.h

@@ -128,6 +128,7 @@ LINPHONE_PUBLIC void linphone_call_params_set_no_user_consent(LinphoneCallParams
 void _linphone_core_uninit(LinphoneCore *lc);
 void linphone_core_write_auth_info(LinphoneCore *lc, LinphoneAuthInfo *ai);
 const LinphoneAuthInfo *_linphone_core_find_tls_auth_info(LinphoneCore *lc);
+const LinphoneAuthInfo *_linphone_core_find_indexed_tls_auth_info(LinphoneCore *lc, const char *username, const char *domain);
 const LinphoneAuthInfo *_linphone_core_find_auth_info(LinphoneCore *lc, const char *realm, const char *username, const char *domain, const char *algorithm, bool_t ignore_realm);
 void linphone_auth_info_fill_belle_sip_event(const LinphoneAuthInfo *auth_info, belle_sip_auth_event *event);
 

include/linphone/api/c-auth-info.h

@@ -40,7 +40,7 @@ LINPHONE_PUBLIC LinphoneAuthInfo *linphone_auth_info_new(
 	const char *userid,
 	const char *passwd,
 	const char *ha1,
-	const char *rfealm,
+	const char *realm,
 	const char *domain);
 
 LINPHONE_PUBLIC LinphoneAuthInfo *linphone_auth_info_new_for_algorithm(
@@ -256,4 +256,4 @@ LinphoneAuthInfo *linphone_auth_info_new_from_config_file(LpConfig *config, int
 }
 #endif
 
-#endif /* LINPHONE_AUTH_INFO_H */
\ No newline at end of file
+#endif /* LINPHONE_AUTH_INFO_H */

src/chat/encryption/lime-x3dh-encryption-engine.cpp

@@ -71,14 +71,87 @@ void LimeManager::processResponse (void *data, const belle_http_response_event_t
 void LimeManager::processAuthRequested (void *data, belle_sip_auth_event_t *event) noexcept {
 	X3dhServerPostContext *userData = static_cast<X3dhServerPostContext *>(data);
 	shared_ptr<Core> core = userData->core;
+	/* Notes: when registering on the Lime server, the user is already registered on the flexisip server
+	 * the requested auth info shall thus be present in linphone core (except if registering methods are differents on flexisip and lime server - very unlikely)
+	 * This request will thus not use the auth requested callback to get the information
+	 * - Stored auth information in linphone core are indexed by username/domain */
+
+	switch (belle_sip_auth_event_get_mode(event)) {
+		case BELLE_SIP_AUTH_MODE_HTTP_DIGEST:{
+			const char *realm = belle_sip_auth_event_get_realm(event);
+			const char *username = belle_sip_auth_event_get_username(event);
+			const char *domain = belle_sip_auth_event_get_domain(event);
+			const char *algorithm = belle_sip_auth_event_get_algorithm(event);
+
+			const LinphoneAuthInfo *auth_info = _linphone_core_find_auth_info(core->getCCore(), realm, username, domain, algorithm, TRUE);
+			linphone_auth_info_fill_belle_sip_event(auth_info, event);
+		}
+		break;
+		case BELLE_SIP_AUTH_MODE_TLS: {
+			/* extract username and domain from the GRUU stored in userData->username */
+			auto address = IdentityAddress(userData->username);
+			const char *cert_chain_path = nullptr;
+			const char *key_path = nullptr;
+			const char *cert_chain = nullptr;
+			const char *key = nullptr;
+			const LinphoneAuthInfo *auth_info = _linphone_core_find_indexed_tls_auth_info(core->getCCore(), address.getUsername().data(), address.getDomain().data());
+			if (auth_info) { /* tls_auth_info found something */
+				if (linphone_auth_info_get_tls_cert(auth_info) && linphone_auth_info_get_tls_key(auth_info)) {
+					cert_chain = linphone_auth_info_get_tls_cert(auth_info);
+					key = linphone_auth_info_get_tls_key(auth_info);
+				} else if (linphone_auth_info_get_tls_cert_path(auth_info) && linphone_auth_info_get_tls_key_path(auth_info)) {
+					cert_chain_path = linphone_auth_info_get_tls_cert_path(auth_info);
+					key_path = linphone_auth_info_get_tls_key_path(auth_info);
+				}
+			} else { /* get directly from linphonecore
+				    or given in the sip/client_cert_chain in the config file, no username/domain associated with it, last resort try
+				   it shall work if we have only one user */
+				cert_chain = linphone_core_get_tls_cert(core->getCCore());
+				key = linphone_core_get_tls_key(core->getCCore());
+				if (!cert_chain || !key) {
+					cert_chain_path = linphone_core_get_tls_cert_path(core->getCCore());
+					key_path = linphone_core_get_tls_key_path(core->getCCore());
+				}
+			}
 
-	const char *realm = belle_sip_auth_event_get_realm(event);
-	const char *username = belle_sip_auth_event_get_username(event);
-	const char *domain = belle_sip_auth_event_get_domain(event);
-	const char *algorithm = belle_sip_auth_event_get_algorithm(event);
-
-	const LinphoneAuthInfo *auth_info = _linphone_core_find_auth_info(core->getCCore(), realm, username, domain, algorithm, TRUE);
-	linphone_auth_info_fill_belle_sip_event(auth_info, event);
+			if (cert_chain != nullptr && key != nullptr) {
+				belle_sip_certificates_chain_t *bs_cert_chain = belle_sip_certificates_chain_parse(cert_chain, strlen(cert_chain), BELLE_SIP_CERTIFICATE_RAW_FORMAT_PEM);
+				belle_sip_signing_key_t *bs_key = belle_sip_signing_key_parse(key, strlen(key), nullptr);
+				if (bs_cert_chain && bs_key) {
+					belle_sip_object_ref((belle_sip_object_t *)bs_cert_chain);
+					belle_sip_object_ref((belle_sip_object_t *)bs_key);
+					belle_sip_auth_event_set_signing_key(event,  bs_key);
+					belle_sip_auth_event_set_client_certificates_chain(event, bs_cert_chain);
+					belle_sip_object_unref((belle_sip_object_t *)bs_cert_chain);
+					belle_sip_object_unref((belle_sip_object_t *)bs_key);
+				}
+			} else if (cert_chain_path != nullptr && key_path != nullptr) {
+				belle_sip_certificates_chain_t *bs_cert_chain = belle_sip_certificates_chain_parse_file(cert_chain_path, BELLE_SIP_CERTIFICATE_RAW_FORMAT_PEM);
+				belle_sip_signing_key_t *bs_key = belle_sip_signing_key_parse_file(key_path, nullptr);
+				if (bs_cert_chain && bs_key) {
+					belle_sip_object_ref((belle_sip_object_t *)bs_cert_chain);
+					belle_sip_object_ref((belle_sip_object_t *)bs_key);
+					belle_sip_auth_event_set_signing_key(event,  bs_key);
+					belle_sip_auth_event_set_client_certificates_chain(event, bs_cert_chain);
+					belle_sip_object_unref((belle_sip_object_t *)bs_cert_chain);
+					belle_sip_object_unref((belle_sip_object_t *)bs_key);
+				}
+			} else {
+				lInfo() << "Lime encryption engine could not retrieve any client certificate upon server's request";
+				// To enable callback:
+				//  - create an AuthInfo object with username and domain
+				//  - call linphone_core_notify_authentication_requested on it to give the app a chance to fill the auth_info.
+				//  - call again _linphone_core_find_indexed_tls_auth_info to retrieve the auth_info set by the callback.
+				//  Not done as we assume that authentication on flexisip server was performed before
+				//  so the application layer already got a chance to set the correct auth_info in the core
+				return;
+			}
+		}
+		break;
+		default:
+			lError() << "Lime X3DH server connection gets an auth event of unexpected type";
+		break;
+	}
 }
 
 LimeManager::LimeManager (
@@ -916,10 +989,12 @@ void LimeX3dhEncryptionEngine::onRegistrationStateChanged (
 	try {
 		if (!limeManager->is_user(localDeviceId)) {
 			// create user if not exist
-			//lime::limeCallback callback = setLimeCallback("creating user " + localDeviceId);
-			//limeManager->create_user(localDeviceId, x3dhServerUrl, curve, callback);
 			limeManager->create_user(localDeviceId, x3dhServerUrl, curve, [lc, localDeviceId](lime::CallbackReturn returnCode, string info) {
-						lInfo() << "[LIME] user "<< localDeviceId <<" creation successful";
+						if (returnCode==lime::CallbackReturn::success) {
+							lInfo() << "[LIME] user "<< localDeviceId <<" creation successful";
+						} else {
+							lWarning() << "[LIME] user "<< localDeviceId <<" creation failed";
+						}
 						linphone_core_notify_imee_user_registration(lc, returnCode==lime::CallbackReturn::success, localDeviceId.data(), info.data());
 					});
 			lastLimeUpdate = ms_time(NULL);

tester/CMakeLists.txt

@@ -75,6 +75,16 @@ set(CERTIFICATE_CLIENT_FILES
 	certificates/client/cert3.pem
 	certificates/client/key3.pem
 	certificates/client/cert2-signed-by-other-ca.pem
+	certificates/client/user1_cert.pem
+	certificates/client/user1_key.pem
+	certificates/client/user1_multiple_aliases_cert.pem
+	certificates/client/user1_multiple_aliases_key.pem
+	certificates/client/user2_cert.pem
+	certificates/client/user2_key.pem
+	certificates/client/user2_CN_cert.pem
+	certificates/client/user2_CN_key.pem
+	certificates/client/user2_revoked_cert.pem
+	certificates/client/user2_revoked_key.pem
 )
 
 set(CERTIFICATE_FILES ${CERTIFICATE_ALT_FILES} ${CERTIFICATE_CN_FILES} ${CERTIFICATE_CLIENT_FILES})
@@ -241,6 +251,7 @@ set(SOURCE_FILES_CXX
 	multipart-tester.cpp
 	property-container-tester.cpp
 	utils-tester.cpp
+	lime-user-authentication-tester.cpp
 )
 
 if(ENABLE_ADVANCED_IM)

tester/certificates/client/user1_cert.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 27 (0x1b)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com
+        Validity
+            Not Before: May 30 15:37:30 2020 GMT
+            Not After : May 28 15:37:30 2030 GMT
+        Subject: C=FR, ST=France, L=Grenoble, O=Belledonne Communications, CN=Jehan Monnier
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:c9:17:d9:fd:c7:93:23:c9:02:b1:c1:41:fe:2a:
+                    15:c8:89:7c:d4:6a:78:6d:56:38:5f:78:8b:75:02:
+                    97:b6:cb:77:d8:21:24:fe:cf:4b:e8:20:c6:f3:8d:
+                    61:36:f6:22:17:67:18:ea:e2:2b:a9:fe:3f:76:da:
+                    fa:fc:57:3c:4d:e6:ef:3c:6a:a4:97:c7:bc:5f:76:
+                    d3:7f:ba:9e:fb:38:0b:4d:82:9d:c2:24:37:d1:04:
+                    c4:b1:1c:32:89:42:83:dd:e7:f2:5c:8c:c3:fb:30:
+                    1b:29:3c:c0:54:0f:dc:6d:3b:cd:38:f5:a1:64:fa:
+                    e6:ad:24:d2:db:a9:9b:5b:01:b9:da:ea:88:e4:c6:
+                    db:c7:bf:e8:84:c7:af:1c:02:20:b2:c7:e2:4f:5c:
+                    53:bd:57:3b:dd:cb:1e:08:59:88:5e:e4:5e:bf:06:
+                    4a:6d:a6:50:63:62:75:f1:9d:19:c7:5a:3f:1a:41:
+                    00:84:34:5e:e6:ab:0a:7c:a2:12:0d:40:4e:31:04:
+                    f5:ef:e9:41:db:6d:16:ba:8e:cf:17:f1:46:0e:e4:
+                    07:ba:23:8d:96:e7:54:82:11:88:f4:43:aa:22:fd:
+                    ac:73:f8:90:48:c1:80:79:7f:df:e0:aa:04:0c:7b:
+                    12:75:08:cd:03:f0:9c:53:0c:d1:4c:c1:65:c7:17:
+                    b7:a1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:sip:user_1@sip.example.org
+    Signature Algorithm: sha256WithRSAEncryption
+         2a:7e:c3:f8:4b:82:51:c2:33:9a:cd:29:4f:5d:bb:05:d3:1a:
+         40:f4:05:95:4e:bc:c8:d4:c6:7a:7b:1e:0f:34:59:e2:06:f1:
+         3c:e2:a1:80:78:44:7a:6a:9d:8d:3a:24:23:17:fa:60:54:04:
+         24:79:2d:e9:43:5d:b9:fd:3d:9e:95:d6:42:a7:d7:5f:47:83:
+         b6:a8:6d:94:89:e8:39:de:3d:7f:8a:1b:06:17:cb:da:cb:c2:
+         79:5f:69:bb:ba:39:b7:7c:80:5c:e7:7a:71:5e:3d:90:9b:5a:
+         eb:b5:70:06:5d:c9:c2:36:a4:b3:15:ef:b0:bf:5d:a2:93:28:
+         0c:77
+-----BEGIN CERTIFICATE-----
+MIIDZDCCAs2gAwIBAgIBGzANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCRlIx
+EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK
+DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV
+BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA
+YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMjAwNTMwMTUzNzMwWhcN
+MzAwNTI4MTUzNzMwWjBtMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMREw
+DwYDVQQHDAhHcmVub2JsZTEiMCAGA1UECgwZQmVsbGVkb25uZSBDb21tdW5pY2F0
+aW9uczEWMBQGA1UEAwwNSmVoYW4gTW9ubmllcjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMkX2f3HkyPJArHBQf4qFciJfNRqeG1WOF94i3UCl7bLd9gh
+JP7PS+ggxvONYTb2IhdnGOriK6n+P3ba+vxXPE3m7zxqpJfHvF9203+6nvs4C02C
+ncIkN9EExLEcMolCg93n8lyMw/swGyk8wFQP3G07zTj1oWT65q0k0tupm1sBudrq
+iOTG28e/6ITHrxwCILLH4k9cU71XO93LHghZiF7kXr8GSm2mUGNidfGdGcdaPxpB
+AIQ0XuarCnyiEg1ATjEE9e/pQdttFrqOzxfxRg7kB7ojjZbnVIIRiPRDqiL9rHP4
+kEjBgHl/3+CqBAx7EnUIzQPwnFMM0UzBZccXt6ECAwEAAaNBMD8wCQYDVR0TBAIw
+ADALBgNVHQ8EBAMCBeAwJQYDVR0RBB4wHIIac2lwOnVzZXJfMUBzaXAuZXhhbXBs
+ZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAKn7D+EuCUcIzms0pT127BdMaQPQFlU68
+yNTGenseDzRZ4gbxPOKhgHhEemqdjTokIxf6YFQEJHkt6UNduf09npXWQqfXX0eD
+tqhtlInoOd49f4obBhfL2svCeV9pu7o5t3yAXOd6cV49kJta67VwBl3JwjaksxXv
+sL9dopMoDHc=
+-----END CERTIFICATE-----

tester/certificates/client/user1_key.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDJF9n9x5MjyQKx
+wUH+KhXIiXzUanhtVjhfeIt1Ape2y3fYIST+z0voIMbzjWE29iIXZxjq4iup/j92
+2vr8VzxN5u88aqSXx7xfdtN/up77OAtNgp3CJDfRBMSxHDKJQoPd5/JcjMP7MBsp
+PMBUD9xtO8049aFk+uatJNLbqZtbAbna6ojkxtvHv+iEx68cAiCyx+JPXFO9Vzvd
+yx4IWYhe5F6/BkptplBjYnXxnRnHWj8aQQCENF7mqwp8ohINQE4xBPXv6UHbbRa6
+js8X8UYO5Ae6I42W51SCEYj0Q6oi/axz+JBIwYB5f9/gqgQMexJ1CM0D8JxTDNFM
+wWXHF7ehAgMBAAECggEADSH5opE+EsA15NXyMV8ePRJ9jIHHi5xt4g5FTUb2EYII
+OZ0whVOUaXx6gb1h8+zvHQgmoHBU2a05B9IVQhWQYqYKSa/NP/xTWQixl03gxBdM
+5ar6Eou6+XOOROLKihxF8GANe+3VfroNjAvjo5nFk3ysUmP4PlgEaJpXCvFwq+i7
+L6gf4JCbub4RADYxIewtLIX+GA75KqdjZrjLwiUZM811l3A56+gOREo6n5oRU4dr
+FD8kbpVdjTiww3pZv9nYHF4u0iL8A/44a7JUoNz12GUCD0F4VTwNvaRRim16mNwm
+s8T72KK+Sl1hpkuYg7gcmSyXFkaiQHf0iqDBsRdCgQKBgQD4xrHYVWBmqcHi5kOg
+gHAeid4EF1vnZ8eJBU/j2DVcrYQSsFcK1oQrOdPvyvKHSPIUA/qTb1sN6lpF2Ptr
+AQDt/xmIPqn6SpSeOjfFscM5G5ITMOqzY9k/3glK14TTMxIFdVKJp8pZVSllfFhL
+cjCpkBHVw0meJVF7TQNACzM2tQKBgQDO7rM2+o5lL5b6t3JFoP6u269Ve6VvG6EK
+hmfwUorZVg/TLmV6MwH0ksxQ7XGTHbRVdGhb/cXtx8j+Sfv+AQbqHH0ugrlopM8d
+eIT0J2aXZYMYKzla/qK3tZ0bQaYio+nDtbIC8XBHX+5nCCHxG3MQS0sqwnah4YR8
+mnYdAqeEvQKBgAddOl6BCH2BgO/KiS3zH16IDj5owpuzAsEXmynPeKTprgMvnSQA
+/aCZ8aAjjdJbYm8dPwmmPjfHPCzdI3Qjb3ecGZFi6X0zP/r/Fi+P94t1OXm/9PKi
+fgfZ9sR0ZMYruNjYhDz27pJ+Zt9OMv7ovnAGh8CgK0m3KRZRTUtUCYwRAoGAV3WV
+s0/0rRmPE0pDduBTpC3fjh6jTjF8QAmMloscej0glR4P77TtR6RfzHh+vzIXzOJV
+VUQNyrDc53T3l2RxurLtyaGgoXS+wPL2JoccmjJiVO234RisRz7wNtvpTsy+eWQq
+54mJ7fDCvzM1vUTfvexEyb7FCyhYqZ1S/HHpwXUCgYAj8u6vKhkkM6FUSHYrJoGG
+GsjORr4UUFaGPMRAagTUfUb9pRUhkVKeo06B3IlG1IveG61XdbxSh6lKld8JkbiI
+nq+S0GtVYGNfwmbeGCMOU3RHYaMHUr3HXpXCSMg+FApIPxWnf5acf/6ht6QmqDF2
+DW7Z1wYyA5KQif3y/hA0tg==
+-----END PRIVATE KEY-----

tester/certificates/client/user1_multiple_aliases_cert.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 28 (0x1c)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com
+        Validity
+            Not Before: May 30 19:40:17 2020 GMT
+            Not After : May 28 19:40:17 2030 GMT
+        Subject: C=FR, ST=France, L=Grenoble, O=Belledonne Communications, CN=User 1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:f1:b1:91:e5:34:ef:81:21:b7:25:af:48:48:4e:
+                    ea:f2:b9:6c:f4:06:6e:59:8e:24:7a:83:3a:50:22:
+                    64:7b:24:f2:ee:f3:3e:21:68:77:e1:e9:e4:b1:dc:
+                    8b:01:5b:ad:75:a1:31:fc:b1:08:5a:ad:69:32:4b:
+                    5d:69:1b:a9:03:3b:71:55:1b:25:0c:d3:a2:5c:03:
+                    b0:fb:41:f3:10:3d:92:21:2d:27:03:ca:df:4d:c1:
+                    ba:56:ee:0b:e0:74:f5:17:e7:d6:9b:4b:54:5d:2f:
+                    42:dc:de:b8:70:79:89:df:11:52:c4:28:60:b3:a4:
+                    e1:51:b2:9a:47:3a:1a:ae:6e:6a:eb:95:3d:d0:7e:
+                    79:ca:70:3f:3e:4d:f4:e9:7f:6f:42:40:dc:8b:68:
+                    4f:ad:7f:a2:eb:e6:72:3d:7b:5b:5a:8f:3d:c9:eb:
+                    57:2e:67:22:78:8c:47:93:db:2b:e6:ed:18:03:e2:
+                    ae:1a:da:89:35:fa:e2:b0:21:89:a6:bb:e8:ec:f8:
+                    24:72:3f:12:75:4f:dc:e4:ad:f6:9a:fb:9f:d8:c6:
+                    a8:4d:cc:b7:48:f9:b1:94:63:e3:27:e7:6e:7f:19:
+                    9e:12:d6:4a:23:ae:1a:88:05:65:c9:ad:18:a0:16:
+                    cf:db:d1:e1:38:68:1a:c8:75:f1:12:ba:4e:01:b4:
+                    4f:6f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:sip:user_1alias1@sip.example.org, DNS:sips:user_1@sip.example.org, DNS:sip:user_1@sip.example.org, DNS:sip:user_1alias2@sip.example.org
+    Signature Algorithm: sha256WithRSAEncryption
+         94:fd:6c:f3:ce:16:cf:c0:19:10:64:e4:1a:b0:f4:27:90:cb:
+         d7:ba:58:70:a7:8f:ae:40:77:a6:e0:a6:20:25:59:3c:82:83:
+         07:5f:d9:ab:00:76:c7:50:9b:37:a3:d6:8d:a4:70:bb:24:67:
+         07:5b:5c:b8:73:76:14:8f:2a:22:60:eb:c7:2a:38:60:db:1d:
+         79:50:1c:d2:3d:a4:9f:26:7b:01:b8:f9:99:83:d5:56:9c:f4:
+         8b:10:4a:46:a7:15:be:e6:98:cd:e0:7c:a2:dd:9f:63:be:c8:
+         c2:0b:a5:8c:c2:93:3d:58:c5:4f:ed:24:c0:d5:54:5b:cd:ef:
+         9b:fd
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAyqgAwIBAgIBHDANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCRlIx
+EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK
+DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV
+BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA
+YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMjAwNTMwMTk0MDE3WhcN
+MzAwNTI4MTk0MDE3WjBmMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMREw
+DwYDVQQHDAhHcmVub2JsZTEiMCAGA1UECgwZQmVsbGVkb25uZSBDb21tdW5pY2F0
+aW9uczEPMA0GA1UEAwwGVXNlciAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA8bGR5TTvgSG3Ja9ISE7q8rls9AZuWY4keoM6UCJkeyTy7vM+IWh34enk
+sdyLAVutdaEx/LEIWq1pMktdaRupAztxVRslDNOiXAOw+0HzED2SIS0nA8rfTcG6
+Vu4L4HT1F+fWm0tUXS9C3N64cHmJ3xFSxChgs6ThUbKaRzoarm5q65U90H55ynA/
+Pk306X9vQkDci2hPrX+i6+ZyPXtbWo89yetXLmcieIxHk9sr5u0YA+KuGtqJNfri
+sCGJprvo7Pgkcj8SdU/c5K32mvuf2MaoTcy3SPmxlGPjJ+dufxmeEtZKI64aiAVl
+ya0YoBbP29HhOGgayHXxErpOAbRPbwIDAQABo4GkMIGhMAkGA1UdEwQCMAAwCwYD
+VR0PBAQDAgXgMIGGBgNVHREEfzB9giBzaXA6dXNlcl8xYWxpYXMxQHNpcC5leGFt
+cGxlLm9yZ4Ibc2lwczp1c2VyXzFAc2lwLmV4YW1wbGUub3JnghpzaXA6dXNlcl8x
+QHNpcC5leGFtcGxlLm9yZ4Igc2lwOnVzZXJfMWFsaWFzMkBzaXAuZXhhbXBsZS5v
+cmcwDQYJKoZIhvcNAQELBQADgYEAlP1s884Wz8AZEGTkGrD0J5DL17pYcKePrkB3
+puCmICVZPIKDB1/ZqwB2x1CbN6PWjaRwuyRnB1tcuHN2FI8qImDrxyo4YNsdeVAc
+0j2knyZ7Abj5mYPVVpz0ixBKRqcVvuaYzeB8ot2fY77IwguljMKTPVjFT+0kwNVU
+W83vm/0=
+-----END CERTIFICATE-----

tester/certificates/client/user1_multiple_aliases_key.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDxsZHlNO+BIbcl
+r0hITuryuWz0Bm5ZjiR6gzpQImR7JPLu8z4haHfh6eSx3IsBW611oTH8sQharWky
+S11pG6kDO3FVGyUM06JcA7D7QfMQPZIhLScDyt9NwbpW7gvgdPUX59abS1RdL0Lc
+3rhweYnfEVLEKGCzpOFRsppHOhqubmrrlT3QfnnKcD8+TfTpf29CQNyLaE+tf6Lr
+5nI9e1tajz3J61cuZyJ4jEeT2yvm7RgD4q4a2ok1+uKwIYmmu+js+CRyPxJ1T9zk
+rfaa+5/YxqhNzLdI+bGUY+Mn525/GZ4S1kojrhqIBWXJrRigFs/b0eE4aBrIdfES
+uk4BtE9vAgMBAAECggEASEK4xfh/qvHzmfa/+65snElIA+VwVKIk0eQuKQs/U3oG
+j951svNS9F5Dm9G+VZedUs/w7AXZ45J5IypZMTWt4GODTNiiyST1I+GOpnBfRXnD
+GNwxD/c1sD+9gIQHVQJizNTp2uA4xut8aCDGsAoGaIT7Y95Wmx8upohpi+YZWBDi
+cqrGuId9+VHkVQXTME901S96cAR70Sv5UURyPdv2+cJGkfgSKsB8dFrYcL6+HER3
+XxveIY6Yh0mW5XJpEkEwbEKMT8Ry2H95/v2OPt7zHcBaKWPg61DDWeUlCipJzMl0
+NmOowilAJDzXsgLykbhtKUrOfgaSpqTXM/IyN2QlsQKBgQD7we5MIm8/xB4P/e/v
+UecBn7rXolqBCVriu9iRIsJoff5e98CgfdJYi+gnI0CRUUTaRoJV2cuelVz5o6hA
+pMlG84VpjMRh4XF1ZHcUXdHAoaI+aFuZERus9jIbSdZHii8gVj1p1jbucrQn2+pQ
+CFmSDKzbDXhoHKWL5/wITPs2DQKBgQD1xDlPBuZ04s++9PqXvO1qaZTJreHvs2Fd
+8nfELIps8lej8iRjZrpf7aSqQddR4GH7Kjg34tKHJntI/HcBTAYyEJz5vGsbpdeh
+S5fxNMKUFMmjOtXs3kvV6gtvZhWzByovI2wS11sT+LfApfItNl06Bh+eLw0PSaYK
+K6O4vNGYawKBgG3K7IatecDgYY/t2caP/GOb6lsCBeBCWS2KaG8bLpdtYxK9j3cu
+iB5vnWX8HLuDKrjaiRqxqfhWAT8pnUXb15+msicO6dIaBGYC01/BbqlIlD4NOu0t
+JdmvYLi/4cA/RkAe/Bd9AWXKBkFfyfbvPUjRWE0LudgFrjiuih6AnAm9AoGAaPTH
+1KwJt1k1h0Nv0WVprswwMoEDwC5HIqvt4eVzqFtGeklqqNiyN01xyRQdNGYy8eRx
+5cwERJt2gxDucatZ6f+WSkDhLQmCMOvrk6MIhdzqz77MpT+5+zzcbVKXacFhjof+
+G33E856AOtGjvxM8dQ8waYmGdkTpl+ZTIQ3iJMkCgYBvY991AC0dYtnUDD1o/E6E
+Nhripaab84Hke1lZa/mlK36HOysi+ie97BGYUaOqBPfdemk47x1OXexemIy9mGxg
++U5GpV3Ecb4zbPnM4RViBmfgR1niFNTIPdRyfUf5G+IfZRKp7xlmQapLrByXM2O5
+6Dbyw3ppcUxXmg3EkwDxGQ==
+-----END PRIVATE KEY-----

tester/certificates/client/user2_CN_cert.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 30 (0x1e)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com
+        Validity
+            Not Before: May 30 20:43:17 2020 GMT
+            Not After : May 28 20:43:17 2030 GMT
+        Subject: C=FR, ST=France, L=Grenoble, O=Belledonne Communications, CN=sip:user_2@sip.example.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:e6:20:2e:8f:37:5a:90:62:ce:a8:2a:26:dc:95:
+                    9b:09:c9:22:99:35:19:9a:c0:d3:f1:a9:2d:39:fe:
+                    18:e5:52:23:d6:91:9c:b3:47:d1:3e:ca:a2:72:9e:
+                    fc:4f:86:15:05:b6:78:a6:0e:ea:48:00:9f:2f:e7:
+                    83:44:8a:8a:c3:c4:18:40:82:45:9e:5f:e7:85:f6:
+                    d0:30:55:ec:14:d7:5d:6f:c4:e5:cc:e2:cd:31:41:
+                    30:9b:04:5e:c6:b8:b4:c1:3c:cb:d0:9f:61:53:35:
+                    ec:d0:a5:bf:12:dd:78:79:e5:ed:93:87:ba:85:17:
+                    ce:13:d0:be:53:e9:eb:2a:92:59:a8:f8:9f:84:cf:
+                    ea:f4:74:78:81:2d:66:e7:1f:83:ca:db:ae:88:92:
+                    96:cf:c2:e8:a5:28:07:dd:9b:ba:c1:9f:c2:8d:b7:
+                    8d:9d:71:54:60:06:0b:7e:30:78:cc:9d:db:ee:6a:
+                    27:08:fb:6e:3e:0b:0a:78:c4:80:a0:7f:f0:e2:9f:
+                    fb:90:c0:06:93:b4:f3:02:c7:0d:74:24:09:8c:db:
+                    fd:10:30:9b:1e:bc:c1:56:7f:4d:e8:0f:c7:1e:2a:
+                    f9:f4:39:be:18:a3:3b:1f:77:69:0f:f3:a0:d4:99:
+                    b6:79:1e:19:41:94:49:fc:25:ec:3d:17:16:22:cd:
+                    97:a7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:sip:user_2alias@sip.example.org
+    Signature Algorithm: sha256WithRSAEncryption
+         21:6f:ad:62:97:5c:0c:80:6c:07:01:59:1d:71:27:3e:ae:95:
+         df:09:db:82:22:eb:f0:ec:d0:b6:a3:8e:a9:90:84:1a:82:b1:
+         5b:47:bc:fa:cd:a1:7e:ed:60:59:74:1a:d9:32:8c:e7:07:0a:
+         7a:d7:0c:33:76:43:92:f0:d7:c9:e0:c7:45:5a:9e:82:ee:c8:
+         9c:8f:d4:e3:cf:ac:a1:28:5d:4d:2f:ec:f9:2d:95:74:c5:51:
+         19:27:3e:ca:19:43:82:90:9a:31:9f:55:fc:38:c9:96:15:90:
+         34:a7:5f:6a:fd:46:65:9d:81:a7:81:c0:d5:75:26:6d:2c:55:
+         98:a9
+-----BEGIN CERTIFICATE-----
+MIIDdjCCAt+gAwIBAgIBHjANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCRlIx
+EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK
+DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV
+BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA
+YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMjAwNTMwMjA0MzE3WhcN
+MzAwNTI4MjA0MzE3WjB6MQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMREw
+DwYDVQQHDAhHcmVub2JsZTEiMCAGA1UECgwZQmVsbGVkb25uZSBDb21tdW5pY2F0
+aW9uczEjMCEGA1UEAwwac2lwOnVzZXJfMkBzaXAuZXhhbXBsZS5vcmcwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmIC6PN1qQYs6oKibclZsJySKZNRma
+wNPxqS05/hjlUiPWkZyzR9E+yqJynvxPhhUFtnimDupIAJ8v54NEiorDxBhAgkWe
+X+eF9tAwVewU111vxOXM4s0xQTCbBF7GuLTBPMvQn2FTNezQpb8S3Xh55e2Th7qF
+F84T0L5T6esqklmo+J+Ez+r0dHiBLWbnH4PK266IkpbPwuilKAfdm7rBn8KNt42d
+cVRgBgt+MHjMndvuaicI+24+Cwp4xICgf/Din/uQwAaTtPMCxw10JAmM2/0QMJse
+vMFWf03oD8ceKvn0Ob4Yozsfd2kP86DUmbZ5HhlBlEn8Jew9FxYizZenAgMBAAGj
+RjBEMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMCoGA1UdEQQjMCGCH3NpcDp1c2Vy
+XzJhbGlhc0BzaXAuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAIW+tYpdc
+DIBsBwFZHXEnPq6V3wnbgiLr8OzQtqOOqZCEGoKxW0e8+s2hfu1gWXQa2TKM5wcK
+etcMM3ZDkvDXyeDHRVqegu7InI/U48+soShdTS/s+S2VdMVRGSc+yhlDgpCaMZ9V
+/DjJlhWQNKdfav1GZZ2Bp4HA1XUmbSxVmKk=
+-----END CERTIFICATE-----

tester/certificates/client/user2_CN_key.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDmIC6PN1qQYs6o
+KibclZsJySKZNRmawNPxqS05/hjlUiPWkZyzR9E+yqJynvxPhhUFtnimDupIAJ8v
+54NEiorDxBhAgkWeX+eF9tAwVewU111vxOXM4s0xQTCbBF7GuLTBPMvQn2FTNezQ
+pb8S3Xh55e2Th7qFF84T0L5T6esqklmo+J+Ez+r0dHiBLWbnH4PK266IkpbPwuil
+KAfdm7rBn8KNt42dcVRgBgt+MHjMndvuaicI+24+Cwp4xICgf/Din/uQwAaTtPMC
+xw10JAmM2/0QMJsevMFWf03oD8ceKvn0Ob4Yozsfd2kP86DUmbZ5HhlBlEn8Jew9
+FxYizZenAgMBAAECggEBAKW2fPCiorOgg0IzgGKN1OQaE7ERvMtkmfrGoYvGP3U7
+ThVgK+AqEjLORmaVuAkn+5Fukbi6uth4oikj5LIBteU9G12wsaNXWmhskASOiv+D
+CoTG29hLZglW8UJfxkQBlCAmwHoNm08JYOvqvwo9s1jMSuVW8uiOeNZqFfRlWPQA
+q19gvlXJzo0jKtbZp9F/Su5kQobBNA1VlQWlkELT8RANygbSAw3MSwAojkbu7l4Q
+bybT7cCY5grM/omof6TD2MNrVVOrNbn4oyg8mjh93shvpZByMsiJ1zk4/KSLH/F7
+Xx7zBHHRg3K1NL9pvrllN/R4zPPnCasninqr4vUQVUkCgYEA/lBaMrLXTLOCgd8a
+RUInFL+sWLqvcZiz3zKmpxFaTx7CJ/poudHGkhRkVi34nK8uRXhBn4qfp9thj0YL
+2QH76bUklOYXUGeo89Z+9NL2Mzf83J4k7L3bodJwWt0JRLy3c40I14fE1B/bNJAC
+SWB+cs0gVISbF7a1ttLHfWcPsrUCgYEA56bGX3ZNG96ykouBiIfcnq8D/7/W1pE4
+zcreK7HrGFOEMNewev87EwggMfYHXkg4YvLiWVP08atchuf5+bDiztvU2PjuoFOU
+Mfw6G/ndP7ZXuvqlw4e10gKAzNtd4pIUm9KlFMdEJhvoCwJ0T5DFIbdH875Nb6/P
+8VuhUbiYDmsCgYAV/5Nd0VSIYPrICyl1ljxVMiNRZYypkeD1TKdXykt6jpmS5blL
+YZcAqdzoC3/25bxl6/oZN9+JoJN21kNOGTrWQ4IPkzuvC9h0hzhiKyF62rv3xYJC
+LEYkYFSxt28G0CA6UZfTNP5UrxDCIjbgbAVkHtROG05jJb3gO6lf8ptMBQKBgHbh
+ptJc4uuXmSsNvxczKiyhgrrgV7/b3Tv3jZb9ArqEOcXbGy20CDwXInahXVysUYuu
+PC09oenYWG6/ZBEZDvy74nrLHaNX4SjZ2XR8AWhuCo3hjepPnia9tB3twjvBXiQt
+sRx9uuKX1bi4tLoUgKZx6dIT6qeToXKq5JoM0rQrAoGAYiU9KuzzW7H6CliSos7P
+hDPWXI3NCGpV2/wBqz6wTQBUAyFblGDJ7RIl+o+JfDtNITJtuCcnMj8SJbtuHXZE
+C8msvAdOijjxDUl5BrWfveQy0OT/Nph16aa5JthhSUeOXnrGT3ab6e8ZtK+iUdU6
+4Gf235i5eGrjBvRexd2RbJ0=
+-----END PRIVATE KEY-----

tester/certificates/client/user2_cert.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 29 (0x1d)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com
+        Validity
+            Not Before: May 30 20:19:29 2020 GMT
+            Not After : May 28 20:19:29 2030 GMT
+        Subject: C=FR, ST=France, L=Grenoble, O=Belledonne Communications, CN=User 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:b1:fb:93:04:cd:f8:44:7c:09:7a:3a:df:22:87:
+                    56:b2:e0:c6:27:34:d2:8d:95:5e:29:e2:44:5e:2e:
+                    6b:84:77:03:f4:b3:6e:a9:38:6d:cc:89:ae:9f:ce:
+                    b8:8b:70:02:24:7b:06:cf:aa:a7:33:be:ae:b0:72:
+                    51:80:35:88:9a:e9:2a:bf:1f:46:b2:52:c4:88:0e:
+                    c4:c8:7b:d0:c9:cd:d9:d8:0d:36:f6:64:5b:c1:3d:
+                    a4:84:7a:d0:10:63:a0:70:b9:ec:c3:1e:50:05:f7:
+                    0f:9c:85:cf:57:97:54:17:a1:6c:cd:74:fc:db:38:
+                    3c:fc:14:38:68:19:14:30:a2:d2:f7:f1:5f:c3:7d:
+                    a1:ee:67:dc:ce:85:c5:3b:1d:46:38:b3:4b:27:e2:
+                    af:9e:3d:dc:cd:55:a2:9a:1e:1c:6c:a0:75:34:05:
+                    0a:ca:d2:0a:09:16:a2:ab:fd:e7:52:f9:04:72:de:
+                    00:5f:bf:3a:99:f7:b5:4f:78:23:a4:15:0e:5f:e8:
+                    51:ec:fa:5b:1c:73:71:2d:85:52:f1:32:1f:8d:81:
+                    d0:70:01:6b:52:db:1f:d2:6f:ed:44:0d:c0:22:df:
+                    e1:0b:33:1e:50:d2:7c:b0:39:f2:18:7d:fd:58:bf:
+                    b7:ba:b5:c9:4e:e8:d4:fa:0a:ef:73:20:45:4c:99:
+                    6b:a3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:sip:user_2@sip.example.org, DNS:sips:user_2@sip.example.org
+    Signature Algorithm: sha256WithRSAEncryption
+         2f:1e:56:e8:c1:c7:bc:72:9c:45:cb:ce:c6:5b:ee:77:5c:4d:
+         f9:00:51:1b:9c:3d:20:d8:d5:1b:76:55:fa:28:89:90:37:90:
+         6e:3d:58:c3:9c:a3:4b:fd:2a:45:bd:c3:10:51:11:7d:11:c4:
+         d3:59:ce:9b:f8:db:01:0a:45:62:40:d6:43:9e:9b:1c:29:95:
+         92:c3:3f:de:97:02:95:a6:28:b8:af:e8:bb:5a:4c:39:4d:de:
+         f7:64:5e:c1:47:2a:d8:b4:79:c1:b0:15:3b:f9:15:92:4f:70:
+         e2:d5:e3:bb:3b:e4:65:d2:54:0d:cc:92:4c:2b:f0:71:0d:b1:
+         ba:09
+-----BEGIN CERTIFICATE-----
+MIIDejCCAuOgAwIBAgIBHTANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCRlIx
+EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK
+DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV
+BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA
+YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMjAwNTMwMjAxOTI5WhcN
+MzAwNTI4MjAxOTI5WjBmMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMREw
+DwYDVQQHDAhHcmVub2JsZTEiMCAGA1UECgwZQmVsbGVkb25uZSBDb21tdW5pY2F0
+aW9uczEPMA0GA1UEAwwGVXNlciAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAsfuTBM34RHwJejrfIodWsuDGJzTSjZVeKeJEXi5rhHcD9LNuqThtzImu
+n864i3ACJHsGz6qnM76usHJRgDWImukqvx9GslLEiA7EyHvQyc3Z2A029mRbwT2k
+hHrQEGOgcLnswx5QBfcPnIXPV5dUF6FszXT82zg8/BQ4aBkUMKLS9/Ffw32h7mfc
+zoXFOx1GOLNLJ+Kvnj3czVWimh4cbKB1NAUKytIKCRaiq/3nUvkEct4AX786mfe1
+T3gjpBUOX+hR7PpbHHNxLYVS8TIfjYHQcAFrUtsf0m/tRA3AIt/hCzMeUNJ8sDny
+GH39WL+3urXJTujU+grvcyBFTJlrowIDAQABo14wXDAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwIF4DBCBgNVHREEOzA5ghpzaXA6dXNlcl8yQHNpcC5leGFtcGxlLm9yZ4Ib
+c2lwczp1c2VyXzJAc2lwLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAC8e
+VujBx7xynEXLzsZb7ndcTfkAURucPSDY1Rt2VfooiZA3kG49WMOco0v9KkW9wxBR
+EX0RxNNZzpv42wEKRWJA1kOemxwplZLDP96XApWmKLiv6LtaTDlN3vdkXsFHKti0
+ecGwFTv5FZJPcOLV47s75GXSVA3Mkkwr8HENsboJ
+-----END CERTIFICATE-----

tester/certificates/client/user2_key.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCx+5MEzfhEfAl6
+Ot8ih1ay4MYnNNKNlV4p4kReLmuEdwP0s26pOG3Mia6fzriLcAIkewbPqqczvq6w
+clGANYia6Sq/H0ayUsSIDsTIe9DJzdnYDTb2ZFvBPaSEetAQY6BwuezDHlAF9w+c
+hc9Xl1QXoWzNdPzbODz8FDhoGRQwotL38V/DfaHuZ9zOhcU7HUY4s0sn4q+ePdzN
+VaKaHhxsoHU0BQrK0goJFqKr/edS+QRy3gBfvzqZ97VPeCOkFQ5f6FHs+lscc3Et
+hVLxMh+NgdBwAWtS2x/Sb+1EDcAi3+ELMx5Q0nywOfIYff1Yv7e6tclO6NT6Cu9z
+IEVMmWujAgMBAAECggEADp8kTNi+9KFcBfagLi4AKWHd5YqpYYhL3BUCmNonaxJ7
++LZk+PHx00PcXLSW5J2nD2gr/xN9+PpJT6WUnHvJZTCSmnDvVecGzkaoU/AYDvwi
+UWWEhmloQE/YHCoavb3xiFE96imrWVIarjkv93ovJmHUlmxt+XR9Thg7KhIlXnle
+p1r6C/dxhgskffgQoy2LP9aCfq2Wk1NpiMQTGUsySDYv8XoUKEgU4zZAT3VDplF4
+sxlb6Wse47j8SLWp3UTegV4ED954pca3O0q4KeCARakuSO8tW+WJyqbJ15t8W7f6
+mzXm/WEBcY1oYp+2YUo7qfDUC6I/1f+vsc/fadUbAQKBgQDtIQ0E25X4EkJpwrMw
+B0Pya6ISBs4WvRIjH3HvLB+M3RRkOQ2OzvYp7TfaC50/Y2bg+tQbhyG/IIk/tKcM
+Miuxv+79sjOTEN18LEbJBhyYPdwDRGKiWO5jQ3G9a5MudivwSmeYkBen2acMtGRP
+LQqf1J3C3BqJP5uP05dgFipyMQKBgQDAJY3w1A3STOYvSNkdm2aGhFRwzKF4gNar
+BqIXN0zAFo/c4iU+P78ZxV+RMvEOFuM1ITZyN8H8GZR/agjiz+1d2ZPjWv0m8JvO
+HCixQoqV2mtqK1xMcZvS/gnD5GXW8Vi6NMnldEW6eErpMYEZAvoWjyb0vQ/wCxmE
+EavVJ8OSEwKBgFSXTMCl4NrtEJoP5cJFZTzOnrNVkCFWc2jqJ8fNcrfaihKys551
+QCV2xUzYhdD+Ec5CTHZBf41h+vQp6smUADhZotUHxBQ7mPdaCCpgLsU0lA7qT1Fg
+7jGk9qc+//M8HrKKqGgpRvcO0uPaWkpQZBDeVSUVRbYeZc0qCz8wyRWRAoGAX+Ve
+RcdPbpm6d/bfhQs9y/zXN8SpAb8rZAfXdca/o06fVhn3hG3ELlR3Mbw+2k1J8AY3
+aiGxyuPpXP3KmYg0axZf3KRYm8qRt/gNxwnyqH9uBHrHgc9heZgXv5CJ0xB4u9YE
+vWOeOUY3/NIcICOANSoUwyhof+DKR0OagrNpw8kCgYEAk+ohHF1b9kX0cpT2yKDb
+HsVzsntf0kPH2JS5iXvphOVYW5N7nf+lpptTG709zffc51GMFg0UBolqelJsA53V
+/Y0O17OKNVFWW29vQpv0Baj6WwRIBINiR7XAtEoHqBVM7nQroIPa7Xt6QTGmLq6Z
+qlYfGTqbwMxqZUQncxRA92s=
+-----END PRIVATE KEY-----

tester/certificates/client/user2_revoked_cert.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 31 (0x1f)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com
+        Validity