From 8b2e42019d41002d045596647a4a183808a5d926 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 15 Apr 2022 11:34:48 -0600
Subject: [PATCH 01/12] remove unnecessary -framework JavaVM from java.sh,
 breaks on newer XCode/OSX versions

---
 java.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java.sh b/java.sh
index 28b663c1..ba8caa3b 100755
--- a/java.sh
+++ b/java.sh
@@ -21,7 +21,7 @@ if [ "$OS" == "Darwin" ] ; then
     echo "    Detected Darwin/OSX host OS"
     javaHome=`/usr/libexec/java_home`
     javaIncludes="-I$javaHome/include -I$javaHome/include/darwin -I$WOLFSSL_INSTALL_DIR/include"
-    javaLibs="-dynamiclib -framework JavaVM"
+    javaLibs="-dynamiclib"
     jniLibName="libwolfssljni.jnilib"
     cflags="-DHAVE_ECC"
 elif [ "$OS" == "Linux" ] ; then

From 1e0bf44201b0cc42cc80e9afd98800fd2f295f5c Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 15 Apr 2022 11:45:09 -0600
Subject: [PATCH 02/12] add and comment default constructors to avoid Javadoc
 warnings on newer JDK versions

---
 src/java/com/wolfssl/WolfSSLCustomUser.java                   | 3 +++
 src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java          | 3 +++
 src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java     | 3 +++
 .../com/wolfssl/provider/jsse/WolfSSLParametersHelper.java    | 3 +++
 src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java       | 4 ++++
 src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java   | 3 +++
 .../com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java  | 3 +++
 src/java/com/wolfssl/wolfcrypt/ECC.java                       | 3 +++
 src/java/com/wolfssl/wolfcrypt/RSA.java                       | 3 +++
 9 files changed, 28 insertions(+)

diff --git a/src/java/com/wolfssl/WolfSSLCustomUser.java b/src/java/com/wolfssl/WolfSSLCustomUser.java
index 3ae33d73..91683bf4 100644
--- a/src/java/com/wolfssl/WolfSSLCustomUser.java
+++ b/src/java/com/wolfssl/WolfSSLCustomUser.java
@@ -37,6 +37,9 @@ public class WolfSSLCustomUser {
     /** Mask of options to set for the associated WOLFSSL_CTX */
     public long noOptions;
 
+    /** Default WolfSSLCustomUser constructor */
+    public WolfSSLCustomUser() { }
+
     /**
      * callback for getting Context attributes before creating context,
      *                                     TLS protocol and Cipher list
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java b/src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java
index 8c950af7..a46c475e 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java
@@ -30,6 +30,9 @@
  */
 public class WolfSSLDebug {
 
+    /** Default WolfSSLDebug constructor */
+    public WolfSSLDebug() { }
+
     /**
      * boolean to check if debug mode is on
      */
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java b/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java
index 34f5bacb..beb00886 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java
@@ -38,6 +38,9 @@ public class WolfSSLKeyManager extends KeyManagerFactorySpi {
     private char[] pswd;
     private KeyStore store;
 
+    /** Default WolfSSLKeyManager constructor */
+    public WolfSSLKeyManager() { }
+
     @Override
     protected void engineInit(KeyStore store, char[] password)
             throws KeyStoreException, NoSuchAlgorithmException,
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java
index 02c20188..c5c3c267 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java
@@ -34,6 +34,9 @@ public class WolfSSLParametersHelper
     private static Method getServerNames = null;
     private static Method setServerNames = null;
 
+    /** Default WolfSSLParametersHelper constructor */
+    public WolfSSLParametersHelper() { }
+
     /* Runs upon class initialization to detect if this version of Java
      * has SSLParameters methods that older versions may not have */
     static
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java b/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java
index 48530065..2e202af0 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java
@@ -42,6 +42,10 @@ public final class WolfSSLProvider extends Provider {
      * Inner callback class for wolfCrypt FIPS 140-2/3 errors
      */
     public class JSSEFIPSErrorCallback implements WolfSSLFIPSErrorCallback {
+
+        /** Default JSSEFIPSErrorCallback constructor */
+        public JSSEFIPSErrorCallback() { }
+
         /**
          * wolfCrypt FIPS 140-2/3 error callback.
          * Called when FIPS integrity test fails
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java
index 08025cae..e2d1945f 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java
@@ -51,6 +51,9 @@
 public class WolfSSLTrustManager extends TrustManagerFactorySpi {
     private KeyStore store;
 
+    /** Default WolfSSLTrustManager constructor */
+    public WolfSSLTrustManager() { }
+
     /* Initialize TrustManager. Attempts to load CA certifciates as trusted
      * roots into wolfSSL from user-provided KeyStore. If KeyStore is null,
      * we attempt to load default system CA certificates in the following
diff --git a/src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java b/src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java
index a9d59c08..7e8287a3 100644
--- a/src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java
+++ b/src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java
@@ -40,6 +40,9 @@
  */
 public class WolfSSLJDK8Helper
 {
+    /** Default WolfSSLJDK8Helper constructor */
+    public WolfSSLJDK8Helper() { }
+
     /**
      * Call SSLParameters.setServerNames() to set SNI server names from
      * WolfSSLParameters into SSLParameters.
diff --git a/src/java/com/wolfssl/wolfcrypt/ECC.java b/src/java/com/wolfssl/wolfcrypt/ECC.java
index 2c2822d6..e94bb1b9 100644
--- a/src/java/com/wolfssl/wolfcrypt/ECC.java
+++ b/src/java/com/wolfssl/wolfcrypt/ECC.java
@@ -33,6 +33,9 @@
  */
 public class ECC {
 
+    /** Default ECC constructor */
+    public ECC() { }
+
     /**
      * ECC verify. Wraps native wc_ecc_verify_hash() to verify ECDSA
      * signature against known hash value.
diff --git a/src/java/com/wolfssl/wolfcrypt/RSA.java b/src/java/com/wolfssl/wolfcrypt/RSA.java
index 788d9262..1077d80b 100644
--- a/src/java/com/wolfssl/wolfcrypt/RSA.java
+++ b/src/java/com/wolfssl/wolfcrypt/RSA.java
@@ -33,6 +33,9 @@
  */
 public class RSA {
 
+    /** Default RSA constructor */
+    public RSA() { }
+
     /**
      * RSA sign, wraps native wolfCrypt operation.
      *

From da13eafe3eb0b30388216ab1a9e34253b27e4d00 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 15 Apr 2022 11:49:40 -0600
Subject: [PATCH 03/12] fix Javadocs without descriptions in WolfSSLAuthStore,
 prevent warnings on newer JDKs

---
 src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java b/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java
index f82af250..e86bfac4 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java
@@ -63,6 +63,7 @@ public class WolfSSLAuthStore {
     private WolfSSLSessionContext clientCtx = null;
 
     /**
+     * Protected constructor to create new WolfSSLAuthStore
      * @param keyman key manager to use
      * @param trustman trust manager to use
      * @param random secure random
@@ -189,6 +190,7 @@ private void initSecureRandom(SecureRandom random) {
 
 
     /**
+     * Get X509KeyManager for this object
      * @return get the key manager used
      */
     protected X509KeyManager getX509KeyManager() {
@@ -196,6 +198,7 @@ protected X509KeyManager getX509KeyManager() {
     }
 
     /**
+     * Get X509TrustManager for this object
      * @return get the trust manager used
      */
     protected X509TrustManager getX509TrustManager() {
@@ -203,6 +206,7 @@ protected X509TrustManager getX509TrustManager() {
     }
 
     /**
+     * Get the SecureRandom for this object
      * @return get secure random
      */
     protected SecureRandom getSecureRandom() {
@@ -210,6 +214,7 @@ protected SecureRandom getSecureRandom() {
     }
 
     /**
+     * Get protocol version set
      * @return get the current protocol version set
      */
     protected TLS_VERSION getProtocolVersion() {
@@ -217,6 +222,7 @@ protected TLS_VERSION getProtocolVersion() {
     }
 
     /**
+     * Set certificate alias
      * @param in alias to set for certificate used
      */
     protected void setCertAlias(String in) {
@@ -224,6 +230,7 @@ protected void setCertAlias(String in) {
     }
 
     /**
+     * Get certificate alias
      * @return alias name
      */
     protected String getCertAlias() {

From b4bb2d9aba5d33ce4e0a79aa0a0a9619e9469a81 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Tue, 19 Apr 2022 15:42:36 -0600
Subject: [PATCH 04/12] make example KeyStores more specific to certs/type
 contained, allows for more granular testing

---
 examples/provider/ClientJSSE.java             |  11 +-
 examples/provider/ClientSSLSocket.java        |   9 +-
 examples/provider/MultiThreadedSSLClient.java |   2 +-
 examples/provider/MultiThreadedSSLServer.java |   4 +-
 examples/provider/ServerJSSE.java             |  13 +-
 .../ThreadedSSLSocketClientServer.java        |   4 +-
 examples/provider/all.jks                     | Bin 18450 -> 18450 bytes
 examples/provider/all_mixed.jks               | Bin 17546 -> 17547 bytes
 examples/provider/ca-client.jks               | Bin 0 -> 3779 bytes
 examples/provider/ca-server.jks               | Bin 0 -> 3539 bytes
 examples/provider/cacerts.jks                 | Bin 2636 -> 11667 bytes
 examples/provider/client-ecc.jks              | Bin 0 -> 1141 bytes
 examples/provider/client-rsa-1024.jks         | Bin 0 -> 1830 bytes
 examples/provider/client-rsa.jks              | Bin 0 -> 2670 bytes
 examples/provider/client.jks                  | Bin 10850 -> 3775 bytes
 examples/provider/ecc.jks                     | Bin 2060 -> 0 bytes
 examples/provider/rsa.jks                     | Bin 9142 -> 0 bytes
 examples/provider/server-ecc.jks              | Bin 0 -> 952 bytes
 examples/provider/server-rsa-1024.jks         | Bin 0 -> 2837 bytes
 examples/provider/server-rsa.jks              | Bin 0 -> 3912 bytes
 examples/provider/server.jks                  | Bin 13169 -> 4828 bytes
 examples/provider/update-jks.sh               | 135 ++++++++++++++----
 .../wolfssl/provider/jsse/WolfSSLContext.java |   2 +
 .../provider/jsse/WolfSSLEngineHelper.java    |   8 ++
 .../jsse/WolfSSLInternalVerifyCb.java         |  18 +++
 .../wolfssl/provider/jsse/WolfSSLX509.java    |   2 +-
 .../wolfssl/provider/jsse/WolfSSLX509X.java   |   1 +
 .../jsse/test/WolfSSLKeyX509Test.java         |   2 +-
 .../jsse/test/WolfSSLServerSocketTest.java    |   6 +-
 .../provider/jsse/test/WolfSSLSocketTest.java |   2 +-
 .../jsse/test/WolfSSLTestFactory.java         |  89 +++++++++---
 .../jsse/test/WolfSSLTrustX509Test.java       |  55 ++++---
 .../provider/jsse/test/WolfSSLX509Test.java   |  17 ++-
 33 files changed, 271 insertions(+), 109 deletions(-)
 create mode 100644 examples/provider/ca-client.jks
 create mode 100644 examples/provider/ca-server.jks
 create mode 100644 examples/provider/client-ecc.jks
 create mode 100644 examples/provider/client-rsa-1024.jks
 create mode 100644 examples/provider/client-rsa.jks
 delete mode 100644 examples/provider/ecc.jks
 delete mode 100644 examples/provider/rsa.jks
 create mode 100644 examples/provider/server-ecc.jks
 create mode 100644 examples/provider/server-rsa-1024.jks
 create mode 100644 examples/provider/server-rsa.jks

diff --git a/examples/provider/ClientJSSE.java b/examples/provider/ClientJSSE.java
index 46d8e158..537221f5 100644
--- a/examples/provider/ClientJSSE.java
+++ b/examples/provider/ClientJSSE.java
@@ -91,7 +91,7 @@ public void run(String[] args) throws Exception {
 
         /* cert info */
         String clientJKS  = "../provider/client.jks";
-        String caJKS      = "../provider/client.jks";
+        String caJKS      = "../provider/ca-server.jks";
         String clientPswd = "wolfSSL test";
         String caPswd = "wolfSSL test";
 
@@ -140,9 +140,6 @@ public void run(String[] args) throws Exception {
                 cipherList = args[++i];
 
             } else if (arg.equals("-c")) {
-                if (args.length < i+2) {
-                    printUsage();
-                }
                 String[] tmp = args[++i].split(":");
                 if (tmp.length != 2) {
                     printUsage();
@@ -151,8 +148,6 @@ public void run(String[] args) throws Exception {
                 clientPswd = tmp[1];
 
             } else if (arg.equals("-A")) {
-                if (args.length < i+2)
-                    printUsage();
                 String[] tmp = args[++i].split(":");
                 if (tmp.length != 2) {
                     printUsage();
@@ -351,9 +346,9 @@ private void printUsage() {
         System.out.println("-setp <protocols> \tSet enabled protocols " +
                            "e.g \"TLSv1.1 TLSv1.2\"");
         System.out.println("-c <file>:<password>\tCertificate/key JKS,\t\tdefault " +
-                "../provider/rsa.jks:wolfSSL test");
+                "../provider/client.jks:wolfSSL test");
         System.out.println("-A <file>:<password>\tCertificate/key CA JKS file,\tdefault " +
-                "../provider/cacerts.jks:wolfSSL test");
+                "../provider/ca-server.jks:wolfSSL test");
         System.out.println("-r Resume session");
         System.exit(1);
     }
diff --git a/examples/provider/ClientSSLSocket.java b/examples/provider/ClientSSLSocket.java
index 8f724cac..2cb54cbb 100644
--- a/examples/provider/ClientSSLSocket.java
+++ b/examples/provider/ClientSSLSocket.java
@@ -80,12 +80,17 @@ public static void main(String[] args) {
 
         try {
 
-            /* load wolfJSSE as provider */
-            Security.addProvider(new WolfSSLProvider());
+            /* load wolfJSSE as provider as top priority provider */
+            Security.insertProviderAt(new WolfSSLProvider(), 1);
 
             /* set up key and trust stores */
             ks = KeyStore.getInstance("JKS");
             ks.load(new FileInputStream(keyStorePath), keyStorePass);
+
+            /* NOTE: Some versions of Java/JDK do not have support for EC
+             * certificate types. If run on one of those versions, this
+             * example may fail with an ASN no signer error / -188. If that
+             * is the case, try again using RSA certs and CA certs instead */
             ts = KeyStore.getInstance("JKS");
             ts.load(new FileInputStream(trustStorePath), trustStorePass);
 
diff --git a/examples/provider/MultiThreadedSSLClient.java b/examples/provider/MultiThreadedSSLClient.java
index 526fe7c4..c6b38a66 100644
--- a/examples/provider/MultiThreadedSSLClient.java
+++ b/examples/provider/MultiThreadedSSLClient.java
@@ -152,7 +152,7 @@ public MultiThreadedSSLClient(String[] args) {
         Security.addProvider(new WolfSSLProvider());
 
         String clientKS = "./examples/provider/client.jks";
-        String clientTS = "./examples/provider/client.jks";
+        String clientTS = "./examples/provider/ca-server.jks";
         String jkspass = "wolfSSL test";
         char[] passArr = jkspass.toCharArray();
 
diff --git a/examples/provider/MultiThreadedSSLServer.java b/examples/provider/MultiThreadedSSLServer.java
index d33fe3e9..ed3b41f8 100644
--- a/examples/provider/MultiThreadedSSLServer.java
+++ b/examples/provider/MultiThreadedSSLServer.java
@@ -45,8 +45,8 @@
 public class MultiThreadedSSLServer
 {
     private char[] psw = "wolfSSL test".toCharArray();
-    private String serverKS = "./examples/provider/rsa.jks";
-    private String serverTS = "./examples/provider/client.jks";
+    private String serverKS = "./examples/provider/server.jks";
+    private String serverTS = "./examples/provider/ca-client.jks";
     private String jsseProv = "wolfJSSE";
     int serverPort = 11118;
 
diff --git a/examples/provider/ServerJSSE.java b/examples/provider/ServerJSSE.java
index 2850c70b..fd89f626 100644
--- a/examples/provider/ServerJSSE.java
+++ b/examples/provider/ServerJSSE.java
@@ -61,8 +61,8 @@ public void run(String[] args) {
         boolean putEnabledProtocols  = false;  /* set enabled protocols */
 
         /* cert info */
-        String serverJKS  = "../provider/rsa.jks";
-        String caJKS      = "../provider/client.jks";
+        String serverJKS  = "../provider/server.jks";
+        String caJKS      = "../provider/ca-client.jks";
         String serverPswd = "wolfSSL test";
         String caPswd     = "wolfSSL test";
 
@@ -119,9 +119,6 @@ public void run(String[] args) {
                     cipherList = args[++i];
 
                 } else if (arg.equals("-c")) {
-                    if (args.length < i+2) {
-                        printUsage();
-                    }
                     String[] tmp = args[++i].split(":");
                     if (tmp.length != 2) {
                         printUsage();
@@ -130,8 +127,6 @@ public void run(String[] args) {
                     serverPswd = tmp[1];
 
                 } else if (arg.equals("-A")) {
-                    if (args.length < i+2)
-                        printUsage();
                     String[] tmp = args[++i].split(":");
                     if (tmp.length != 2) {
                         printUsage();
@@ -300,9 +295,9 @@ private void printUsage() {
         System.out.println("-setp <protocols> \tSet enabled protocols " +
                            "e.g \"TLSv1.1 TLSv1.2\"");
         System.out.println("-c <file>:<password>\tCertificate/key JKS,\t\tdefault " +
-                "../provider/rsa.jks:wolfSSL test");
+                "../provider/server.jks:\"wolfSSL test\"");
         System.out.println("-A <file>:<password>\tCertificate/key CA JKS file,\tdefault " +
-                "../provider/cacerts.jks:wolfSSL test");
+                "../provider/ca-client.jks:\"wolfSSL test\"");
         System.exit(1);
     }
 
diff --git a/examples/provider/ThreadedSSLSocketClientServer.java b/examples/provider/ThreadedSSLSocketClientServer.java
index 4e8768fd..dd0cbe9e 100644
--- a/examples/provider/ThreadedSSLSocketClientServer.java
+++ b/examples/provider/ThreadedSSLSocketClientServer.java
@@ -151,9 +151,9 @@ public ThreadedSSLSocketClientServer(String[] args) {
         Security.addProvider(new WolfSSLProvider());
 
         String serverKS = "./examples/provider/server.jks";
-        String serverTS = "./examples/provider/client.jks";
+        String serverTS = "./examples/provider/ca-client.jks";
         String clientKS = "./examples/provider/client.jks";
-        String clientTS = "./examples/provider/client.jks";
+        String clientTS = "./examples/provider/ca-server.jks";
         String pass = "wolfSSL test";
 
         ServerThread server = new ServerThread(
diff --git a/examples/provider/all.jks b/examples/provider/all.jks
index 0d883257320163d6c2f15de77bd1d0b9e34dabca..8773fb85454ba10ee0c10015c2366b4448636863 100644
GIT binary patch
delta 9219
zcmeHsWl&t(x^2@q1PSi$PGiB{9fEs+KyV1s1Zk|1;52T*9fDh+f#3uQu7M!IU4p~S
z-uu3~Ki)a#{dvD$y;U`<)~cFw)m)?I8e@FlNJ>CRN<c`UMh=plvt)sd3y?uhx$TGq
z`zXCHBG98AldkR5K5fEOL2<d)6374%7tZ4fl<#tN6ML7b4=)N%IyG5N0Iqofw!643
z#fIaenS+vOVQdJb72k*=HXR}imo5f{8;Z5YIxhN@u(HwXym@kb(h6TIPw1?z%y7;)
zHj>{DwnV3Ygd!rGZpkLr!#_}qt)h8x49I78p)?67F9Z>}gJm^P#jo@$)+GdK{3#Mw
z=w24{gaGsZ48=S|AOaAGfC!V~tE2+)fOrLXK>|D=eq&-R5I^r<*FTRu!SOInKFJ1R
zpd1233BV%{q%q04d`BGFjn6M09K3SR?4M^1h?rGc&o&rF=$W$MF$B^AqF}|%NUQ4N
z=|`C3BAyaXXF=2~3&-HkOCLoWnO|+x0RR950E)HKJ6jjeKevA%G;Rg}kbyiQNKZW2
zC>ZQ02uKKQz?TRJ$N;1eq<tbeP{L$21PPpEZQrs-KID?GjM4k?m*=6%#uk<L)&4GF
z3P;|tu5~gY?}eLw7+K1NWOp|a0cdwL%f(~ah<fek<7(_gK0S4a3RC$F_F%_^BOR`M
z52H`5W?u&Tyc36q`z6}ihUaWl+k29IKukPX2RCs$t98gEWb>RL@%LPUONtpD<mHM#
z&}P5Mx6n_lmfH68(L9#27V~t)i^=u;K|STpL9WY-o7;Na5PfzdU)B2d*1OYV*w|fN
zH2&Zo%<}lbsTL=jX1GgXODOl+iM*-Tb8#}8<cTJY!%Fpo?Lc$H+}H29&hB3Cerz`A
zOwzE$`{Q-EK$5V@A19k?ZqR-0A#V~UcTq38LX?ufx=m}SD`feiu9vg#yM76^w$=Wk
z@|C(=^eooITS^(Sit^y(^(B#vxe()FW8K%?2zV8%$q`h0!(<KES)}Zo9L^iE^(R~t
z?+u={*$PjKvUsyizR{4i2^WpwzVN;=m!WK7{6T$m8d%J%H*9exbM-L}3*s@LQNLw1
zaTn7-D7wSoVJ9ue$~d-XzHl|8R^Lt?M-0PEP{&%kM!~F77J(zjEDVX#i6htt#rgj%
z8Y!pNn}?%sn0#i`lN0}3q^GIT+^I4m|HAE8e5TcYKmnor6{M0sH&@eJrIWaP19{j*
ziuDCj^chFtYTBV_K)T_y1*FVaNvx{2aQW2s`GD_NhRidZJMGaCxu>6y&iQKr$4OdS
zQaQqd<@-7yqBM;R4uNCE49TRIX5$AQ8B{E7=ixY68kVmLKZeSjtYW!kwLZMeglYD>
zyN>gG^K)9BYOR$9#q6kBjUBiS;hFmGJ$)j9Wp-Oxu%gbeOa!LjkVBZ$6eT9ZuSH32
zCVxAepwL9yPLlC1XG$ZB6xxT^J+w?Eff^;83#ZdMeH4>x(%e#bhKlu2gc{`!eE`V*
zmTQ_b7U|qPZ_jiLM3hJzS8yJOx_w(yuw`PnIc(GWj_1E%Cu;b{8!qHWZ-{Ibz|JvB
z>B8NbtcDt&eZVC@0wGk%xqYL<#KI*Dt!iScWEd#*zexQkX)s>xy7s^I{sxExiujci
z-0LEDpu9f(RU>@vW!)2C7wIh|&y_~m<AZ(g@#D^1i9<RD;e)9dVa2pS9c6tC1C})l
z`Btt{_aM<utO`+Ev>#0d7VaS1r~A~K$;57Nyk?zCj+(_j=Qv1<6_NQhg<ReG<}b1m
zQprh8@I7JHTU+(QZ)XVge(Da3`tV}M&xuS-EN3cUzHBAdEvETJ_wB0_rn}D!;h#LS
z?>dggBJ!Gu)9=kjE+vesyMOY!dI-I3-J)zJ$VY5ri?AE<_Y}Q~Z4dzh^@Jvu!@^M8
zc7&9lhsGbdNai35pZf!{Ik6rh6u&$fKq&(t99`BcD|<n21J8q~!AVQv{27SD$zpiK
zyDhB&@M!ixSg;TCI}`udz5ch`MBvLCtB!o{BTwB*=0f*v<Gz#fvYCezl{qB!Mc%<k
z?@t=D+MIdV(5=&(vtc|8Q__F|Mawe-W+2&oVeabNbZ;ZcwJZLIijz+`t}<@@Dc_41
z48Qwf9c?{Q`pH|bceo#BlDf0astk86#uo-eO~sWI(l1j|=Q5y#(*higA{Xo$EW*K7
z1=RzCw((y`9UTTo>;Slqr0nlHVdZEb0tB)H{mPZ-ixR3!m}OK8GAb(q2kZo`iR9nW
zb3+F@9Qd!7;nJHxLJ$xDHqIp~WuHp-yf`kP;u4=<-8&5)41Q-XkZ-buf5+#zF6=oF
ztGj6xw~ik{)3BxF80U8pNR5E;m{knz<z;7ufkkxk`IKD3-nwT`Ob+@1)z+2$-zh${
zAl&8&i&nM`ERHZkPfeSPwpY$|p5y?{r;6vUlCwC^yf9rzWX#~bKCY^$?Dog(md4B<
zrki8gouw~&7E@1Q7nPk;R6ZYN#&DjLmJIl<6bhrbc&AimWV!XBa$X~jf*ZRc^(iSL
zED5pQ^!H*@WbYkM9_PppobA}w57<KKsy9<ef5DCkR+<8KCZb~I<EJF;1Is=A$zR#t
zvZz064IOKfiNsUp>Y4u|HScXbylp-Hks8xw7y>p0MEj&F`O?@7`jjn5Hqc+Z6eFRj
zzl;^1DU)=U_+0tpwI_jB7eeOHocph+t8UK^&uZLmLAB}pbq{&G;qD?0HnUy9;m|!Y
z94;8|=BAuBro%kzbwl5N)i~!=-H~0E-DcB9O}(j;wTyb>m_vg3X>x<&nElKN-9C7%
zdOpenLf!dBomZl^o8)?KE*=2mLk&=VPbHMIc^+23C7CO=d12J!f;eNv^NU})yM>b3
zz4aO-8Mf9$#q$d3XqH+*_IiYRrw*aS&HwF(`_68VjCtTJ3>XuNJAL~=*ySX=@}SXi
z-OcwAz9df^r1wlZU`_u09MwP5fQa)W7V<}1h-=+==m4ZpajB5JAEF{G*UPjf_Hsxq
z`5-VsfeSE*zr=s$ae-&5m76W<ja!Ttw~XBg#4c6o=b2%jD0s4E63<8sD+Di2b8f2C
zY^yMV<nWh7P{){J$@~4!GFv{NoHX@|%F~pSrZ&>@V9Rgzij!#hflNz4z1|R`l#x#m
zRb==1^BiSQqQollTBFtxu&#JW`P_7|oo)$cPO@LAe8+k9&W2qsnMq&a>+dH9Go9lp
zh@2upBu4f-N{2U<1d+EE{#%_)?9tD6lsRXf=8o}jZrVO9;jmr^0lk&Fq1)qXubMNR
zX3N8!C3s45va!6*u_6V3mbVQ>QR*Xv;KB$r@hl>F9&4}bC7E$231&j@<`%Rdh6XzA
zyl`$QXdCulOF4)x%v-v2^@b<cR~TbwpD2SbdoTNadeAiwiE~m~^Pkc5QdZyC{YJf<
zaZ$%yAElKOw4m$1ue<j<2!e%38E*3FbgAAI$$NAN)uzqy(s$lL#JsElTY`|fiEFYb
z^X51G1ub86m99o5MKAl$BSV4?S;t*5Q@aiP<@|%1yIm4WLJ>-7jGJT5xDLlVP@@aW
zt~w&pcg}%5ua02hY5|vOKfD)|#FzVmYDJ-1#?hr3x576~&sncBS?}o-S3qJOC|8@?
z;FzYeTe8Kf<uBe)irU*;X&#6UpSkbv8fS&rQ4$z+Uf%9EjJKZ=&a~cXS}SpwSm)RA
zU({87oZ55bVUcL*tq@LdTU?LN3lKqOK^{7cjz8A%&be{@HVxQ&)S2XDV**(z_=pG3
zDp6X1v_gHzhcxjCy@dB0UyXc>5c-Wphd2<~GvQ*WU(<s>7r*^N-Z2J(+(<#%@;<nG
zPhNmpuwvQ(bVG!IgS7^C-s>}-$2Y_VH59bFHjfr;qMk*J>~y8Aa9$~~IN}>pDzj+L
zxOHplyv;c%aq=QZ8_|u!x)weR{yF$vt>I#&&l!US{gf0>0`pWm)FX}a_5#*3)#12G
zK5ujmRVu;XLJ=Dq`NR!b>M|^q_b&f=SlB}HIoq-R-OU-1D#O0CTt;#Brj(%3ZlUyq
z)h4Uep2E_YpF;wqHEPcB;ORQVMGv!g5{SUgw>tBxdPqty&Wly3Kx(i};uHr3@!NKR
zsDr_9popHjJoAdP*p0+I-@uz;p07~?XazrJ@Y&dJo8W;Wj#cfJ4V~44@zGAUM%j6q
z6~>{C$fnf$ungiemsT-boN8V0GKUVUt9syjdyVx4T8TMIaU0AAyK|MMQY5-94I%}@
z1GTxEy%cr{?B$L&dR?_%c=)kaS!2b$;nz~!r%&>~VV8KT|Jm6mz!1<uFf>}c27Url
zAOTYh?DqDOssX_xS<lXS<3@aG?-KUEghVy+b(z8G8})|%m?<De6sf#*oRDexbxgm1
z4r!xVa}le0+LDVH^C8gmego#(OtxaqNDZ%a6?&daxAVW&4HMnIraRH8jnC2GmSzj!
zz5!BQjb+x`+s~aGIi%)=xxO&>le=~O4siVu>ae&-oCC_-SB<#Elb2{+h0r`*wn|=R
zSe3A+k^AQ*Ozeq{C67bb?j6|eOk!A8w=q@iO&U}ra7AA%44p}ck8%@vGsrfJK2C6>
z;t=v0nU95)hagkGNYgh<Q0@#<JVb4qxXaVes@W({t$zblxs#ctU!ia`l@>pLzk39N
zja~zd8{uIi@0mU!ax{3RqR<55?f*J~(QuOeYm9hFD*wGkzvQa;KS29ti=0I)XUei%
z5AN`r=6q>4pDe8|!6)Qs(1%r*j|BJ4&rTTm)Led$ETzqvOwwUX>#5_CQRroB#P)+5
z?fx5(n>_*cO5@qv4VTI(57(tN_ut~oX#w!{$tt4idCiKP7gR3g<^cvKVuQ|8=cc_Y
z;({4*mE92h;!B8K^hSv`?-^nupscT-5+d-Xl`^lm@(^Tyd@-U#^y!i+aR070oKQ#5
zN!3uU^neEJ61WSHs!Ctby}(y(O@FIpef0TP(eL2|iZBdxdG7pmA?qgDm^>~>-^_YV
zOPf6YjoYj*ie^ZtYWlpsqD`iQbKHlVlTaK-FKk7+qzjbB`Y<bM3fN0Zg1_o$vm+QA
zB?aV?{~Hs(lom13NI#+VN%dUH$LiZ>ZyB<%&#SvbO#Yn;%YHpbV03Ag>4{zL7Y&3p
zWfd}Qs~T_pbY*1f9*Gxsg1@a~Ou)p|Goh{@KR2~*LDM`@c1_jC=R46+A$nENYX5#Y
z^V;cvb!V1J<#U(z2BiD12qtTquMy{8i+qMuxIb7i+7!Y&Q&CU#<32F42WWoy=9Fx4
z?9SlSm{C8&{JSrk$P_9JPWDme5qr)`YVE#Ls0$ri>++_-&w7`;mmBpJYv}9T{3cnX
zfPs0FpSoD9PG|>d$;D+ZjiAkRrR*M?riBPhtG7G(zyV(wGcb%$iB2hqrZ4@yg277&
z8S~lg*$A!B%aE@#HyAY)+SKesfnA-PK75238b<+eW}eUl8zC(TR1caH0V{noq3n37
za<kXOzmuVt+$(R+>z1Cmd&`YF-6}1^l{o+q^<(hbD$|R@p5^*e-!`}{JHHuQRLo8t
zuX6+YhSqGmb{te#nGyimD?wL*yqti%WToY1C5AI>Jj>dTkN;xn{JA35XLrT!`8v;8
z;kd;vsN=X~z>ho4-dDg%V~*4*uOjJMBJ}5Np8YPB<&-c^qYRtLL_0DqUF_iGLxTlO
zO4zycyiR~;1z8v8^hndA08a$%*Y{a$O-qi}IT$5Kt%-=H)Tk?O?Zd370uBn~jZXir
zU>V2sNP$5%xjJE=ps@cQo@#2)g-r~SZ(t_tatp1STbJ@H961BH7TsQU>%0VyRd6i$
zdE_Phmf-H~Mw>7#?%^MWx}Fa%R4}{6Nai3R`X&zg<%x98^HpcMvSMeH0(J8&2U^!2
zeT<rCkWu=UYtjH}bF0>SuX;jY=J#%f7Bv_No7S+<<IS9a8%c*7Y?gZSKeK7dUu@cd
zMtg}sz+f+2CsM#l;h&Nz4caSjXsCz~{==l^ka(HL53_cXeOG=syu&_{nmbZ%5y8!|
zW0Afb)Vle<q6*%R=sLFEJC-fKc?wWg1NGdF{;*6^9d!=TABf~ny?&-IvOA6Hqgr0E
zjg+ffJTQKT+&#P8HqGs9vx$>lORVGeMVWji4Es=1EsZHJ#v{L`t6ap}|Jx20GMVWM
zLWCXIF+JJ8-W~-*E&0DIH2$=OV6@^nFeh4yhCD{k|L}n(e8(c%@q=|8i*rQHWEo%>
zC;n;ajafPPC)<xRt~_2O#;|%*p^`_Mq{2w+Pe|hDqEuKheXWzq+j07_166>#%4i$k
zgf~wRX;GgV6OHSJ0{d4%M>4NlC6cX6<PXMNVgqK)pQ+7GbhyUX-2$;Ng=y+8ru90g
zQ$(qLYhyy%|F-);YpZ{(zLmp&>MA8jK#fvU_9nklFuPFll2w+Jh76#a$uDels_7Xn
zS#ae+V{zPXBpt+=?XS)q)8ii*o?m~ui6d)Ink5z*d#G6;Wu3YZ6R^Y;mIZ}T%Vi=q
zLWm!UE{Rb#!{1TdXYb>BP)$^6sa4<3vd7N+G-mP@dEjI68eKFK0$2^xbd*Q6FNz``
z3(YB<41xxwSXm8!sBb%#9(>Z^T{J8RJD6~LCFFu<&e)1^w0FvigjO$4JY#@NZdy`{
zFgt-QsOL#3;WvQKJJ6;8A<?DhMicF+g19t4*5RP*%iQ}GttNXYs<y-lE0_)C7RZIw
z7r+bN{^a`pRHQ^V50@qIHp?*kau;FqNc#QL%_*9VrCbFENvBMv#WG^*&3hNDK6^lk
zeSOU)T7Y?1MCeNoopV4-^1fHoOxPGaJP(cvru$$pGw_3pwd>O26<Gf_I@&0uCS-+V
zgm|J$Gf#?lGn2Xg6LG~*zL<3s7rYjIA(t*wg=9zbhxZvRj;%WjZC|u>j8qKCC0>%v
zkMIShVeOL)P0t5q;6shjfeK^@9k1pbeejN!ak-i9sFqZc&)1ApbG*B~T76Ym`II#S
zk<At<$h|;}K9wILk;THUDV_%5half;ngqLR#Jd>U;k*m<$USe7MFt4Rs#tuE%O^X9
z9uE?4gebNmO3qS_Vw$=uq3;({$?M8s8|hm}tx{%xLIayyzglRt%OUy6FLmP_AH>bP
zN5pZM>xls#ay81($R;&q(bdW$;I#_h`zePtwfntMiZ7J=X*zWMB=i+345BwWQ7o3X
z*4}zCN|ZyZkRHTk`}-k*hloXa*}^0}`n{~`7+@cRpR|bk(Qiu&i-LwbgR1B0TdWWT
z(M7JE`Z}MpsI~_-Me2L`Sd)*c5igWQnz{_Y)Gcqqyv1>}#p?r_`q=jcev<2xTZ#wE
z-J|4tz8^|;pqe39&$Ruz$q6}BEHP~|^+RPi?V_~leIdLboVR<GofuirVUzSo$j6Q5
zfGw-~r0Ub5GGfzZLAY^o+rHLGpi(O1d+@<q**iWgh!<Czwf95Mbi-+oMu&@G@qkaQ
zoSScXmfFbv@pmHpYwo-e`v3)?q=wBYX|1grle5-Dbjwn^cIynK8v?`<bv>~xox+R)
z=_Uj{1lI>@7M2yo)0Fux@vAeXu9k83;yTnJeYZ+}^7QpNqd$_46P^%B*ZjLwTqk#@
zndz*eEr0JZe#b7-&V={++28k{&98v6h8iv}3K%Y$5z~v6KHJc1&@oEK#P8cal)G~=
zpK#@aJ5FJjTSqajYYC8|4tDg={RFj|lZ!6g+@hZ~GUuQ#bdRxGT`3gp>_u%#qYT<4
zd(N^f#=!tV6l%wlf&dBe%I|B?W{xU*2IVJ_T6P-#M#rj`7Da2J6t?+nezf#vh@=FB
zBk$~W#|9q?P<SbBXUG`y!9w70MTn_Ga+bZ<x@o0eRK`P=j3T5eXX){PVZgO^;q@@W
zHRFP43?uXNd;xcKp>5rffB{~bgu$hTY`6ltsm>;Ur!iCvB%(nN<ZPVjRZS?3c`yBT
zg_m>A@Cn`Lgh{sWir<j=`N4;9>q8zfVkt>NS!fz4T70rI!9n#y@Hp@I$cFZ|bw9zY
zMhv~<Z7TArD03{4gHiT!l3i&D;&;exFf>lk|97nacO5I)KaTak0}LxpTWjloq{e#r
z?+nPI?Qmdta*HTCkk?~$O8-~WhTjp9*@*+4X2pq;UXvsowLvU+nAj?QKb#~d0-R27
zRskhk{vK@#=b6a`jz$_;2c0^4o|#f@7OszOl!n5NV3p@NaGj%t89VUaiB2(cdJo}7
z-Bb=2lI!XK)4Z`@RaqHgD$cr3(vZMj2KDh$+;}9iIuXnEcC;in;qD-#2Pvv2QEzs_
z?Jo++ZP*=%jv@U|0F?Y^i2f4-5wLc#k9Fz2R)#jb(^!WJ`BDYne*G&K`j37<jV}vE
z`iczpg}>fX5x^q{qyZnPQIv8v2w+kw6bkWTenb`?V&OFuI7`1)_2|~zh5%`R=jiMr
z>w-yLh7O2$oW9$gDDqZq*uv}Cr)6B2R5A5`ql)oQEc8FfT44N*?ALGNYNCu3LJ=`_
zQQC?_fceglW9qM+bXjXXeqh8{@y2~-#uLNR!-_?DTuxP@`y{3aca05VSGjc;JFf~j
zDfzx7)Ya-YAw98uz@~SHoi2nWUGICqq}}$yoi*ZH<LtyK*SF8W<xfO3$i9SagG>r|
z=GOiJ*K;WXbI$QQ)TF^J^P?Z&<dQ}d-(Ew|&x~In-#Kk9TV=@${TeS+goO)&2rTvL
zAR`{?0>b)CI{`$SAtZv|C}E?5`DFjzSv5omO(6X1g}C%;ux4R=gWca0u~~T=$_MH>
zSKAFvTXaM0&iuYPI6VxcZ+ip`;XoSc-TJtnq4%w7jAaSW^rsyRsc;E2V+E)N7Tz_p
zgjx9Cz@l1Paq|9&`2IPsZ@$22L?|F$=LBm@cpB~@>pa!HQYC!1Ht)v_4Y(!vmdTc7
zBdKY78rpsJ@f=!C>Y0E%aFsFa?PoUgBTT>NvOE9p$uKA%B<J16XXEMeo6+&4VN;<p
zYbc-xN|Wd-FKE;h%e+Nl<Uj9uIM-e6Lp9zr!DmKFW{7>+aJP_qN9tv?g9Mo#$qZaw
zu84xmGv`OC01d4$({VwmKh_EF@iVEYrb8R<(i2$|*|5mTi=G;5GH{MkckxOxC^Ct5
z`;}7fiqtG>Ujhu1K|CL8$6N=lM8&_@ZB%>yM2<I9gir<&yHj3J_k0FlZ3g~WAi@7B
zT(QxSu!zXgWZNF~$^SaQ#0^sE8J9zBa(sY9QOz>Vh|${)u@z(R8)bCS>&}%66z@(z
z*RP32iU{(LdYIP5fBPa6Rg37DJ4Y=sW7(Cf;~AOc<WiK+pgQ1MEbU&{l@X)*m{F3p
z9Q|v4|MP^UkS^oMkcjuYFA=-5hJWlLYCPj}tB{Z7D3eB9>+7oQA1IJqOOE|%|Bo5A
zxYa|kOgwvDEep6XXKiZoj)tls5jNwQyGze*Y^2<<M7;qa_hoJd87q!&QPMm+dS|;x
zF6LuMc7#)_Td9QM+LAZC(V9hVLmu+P5i{nI^Z_NanrMmClrLnotkJof9@;q|sGQmP
zkHuQ_?a03-RH*6qv|S-KzA=$6{rwO-6;Ml)W71X>q6kv0;FG_Vlg1PJOlF}lohGof
zH-+S$#Hd>eny#Hh8nC?7qDL{q;DsgehN5bZW#>o{Z8b648}k@dSw}Cv)bXQ?r5#)Z
z$!JTS*k_61&E49j{#2-!k5Oq5Q4L3(Is%sT&B$l-?gVIvR5+n}Kwne$ooQ|iPwJ$b
z-6w}OF?c08Y*Y;N|9+K%`QJqMKmVjj4*&pc|HI79|9c1yEO10pS!Wm3^ZFcrID;9a
z_U$oTI)hVuYC+(exFzECXw+~0kAmR!O&OUN^sz&=bm(g|z{gkXI~U6>2JtYL)Ye*h
zF|p!hGqw{*_3@s`bzasfrV9Ms7hSA?`k<=E3fqK?IBkWPhzt~NWs}|o8P9fTu9hSy
z!4Q!Q8;P$vNB1;Rf{CQ*vNOfq=8Th;j1I-f5Uq^14qz;#fJ^nY+cq+@$bn=}U^rFZ
zPhD#iu#Q5xb-hZAhs~LApY`LePYBIdkzN(qPeuh||2dgF5bZFVJ@fcw_Jh#kO}RN%
zX3rg3L1w*E7W8DL*~o1@n{h_gqWkb*!FOO(s^oswaTJ{s-u{XO`ILuE0X0;n#3_J#
zpQ}wP-c#r79uuvR4=oGFzc}OOx^E;y78wo&D|^e{ojwaa*33|KxJkvyTbST|)Z~Ot
zy9_|6&J~Rin}W336N|D4pD<>H_(bClWrc14k8*_67u)Bo39l`*&0<_q*GN%>gm4Aq
zi)<^<&DwQ=UsrO$491V0Wk}g$HcR?`G2UWH@s^TfGayh0d3Q0+*B*`6N^P(Jo??h*
ziq<a$TJeR{JUrwlIYB<f7$LFmWsV9fft-+U+nSsU6LMgl()3pf8VA3VC5c~%A~$~V
zd?*cRHXN1lUroU%zTnnOgW4BqnMqRpAe8)#&x%FwKmIw)*ShNG`^(ekARf;>{_(&L
z@i#vCvB_cmikH(*WF|h)tOwZ<g<Ht4U+AwaTPK}rDYRwBCF_Lh0kr;K(C1X?(l6l3
zKEZu%LDw;AJX*Nw4OT<YA4zlF%7F#l<JjCzdC%P6311URQ;bYU75**?#*J|OeeL~<
z3q%oE<(`6v&9B*1d$2Sm$R6u8`vmKf1rZQrX%n^}v5e!3C$K|18RiT3zBK>IE%jlw
z3dXQc=*a)JHwx=OSNVIABQ0eEOx_paU%%?F#tB-VDA~5V$7=+WOlm;slz~&e6>me5
z$Ggn}e^8{46j!_rs{AQB=H6;tzUyx8*=TJ_cvgMN`-x+Y0lgaPlrkF?N*>APl4E^k
zb}STMW_%wntFk&RK=a~IDHT#)t{HKSY-c~7)Y_E#KzgS%F4~yu>$bV&wJEZlA`7D1
c9YVSi!ahlJ@OkVWq{eTL?<X4b!j#c}0bmFjqW}N^

delta 9206
zcmeHsWl$XLy6rHy+u#l%1b26LcX#*T1Q<MMkil&T?hqgl+}$;}y97<J04L}BcGW(z
z@BVlH+`2#Bs_v?OySi6(FL_pSB2023Od<t*kZaqzEo73L7;F;wzNaAs*gG$q8i!~E
zN>q-oAN|=nE$~6unF?wzRC~^bzgvA@dN^7;d?&$u(mN4J{B1C_G^b5?dDR60SC%CE
zT*~WdW@_@&R>$S(m}%5(hVc1@GTwq_4JG^bU@*>*xziP(=xyL&&|~3B9&NbGC;RXD
zOCzx(7L7qZToegSLd>q?<+UHI=acS-t}+-gCT>0%&1V(-@_+rc<(srdja|eR3e5kr
zWb<KxFhC#-EJU2MlAN8LgM*EOlZ}^y+kgO_gNu!yo%<iBY#|8{HBQk60-zKO#DyC{
z$H2Db2at=7WWJyK!@2$^%l??=<K&(g@4DEDH}bx%7eGq-Z%w9QcRCJN%F9p<hKB@A
zkbJDE$;VpoD9hH;p%)qe0Du7?SUTBTyLkRN{Da>j7vvi(DcBRWz)!<L5{*On%X#~6
z^6b`!NGZQ!&0|^kP<JX+sSqxN{K^NLTQX;~zU-S93JlJ2N-bC`FmG=d^=}kUCRiOf
zy0%-lCg#f!B*$g{Zx{k*gBI>z^j5J}`suJHey#8T`&i#~6Rm$CO1XEAVst&J7^clR
zYoOAdz!7!cKL;B|Wy1w{-!t=#))my?kR5!?pBQTJMooj4vl8idpK+9P_d8`6mo4^-
zTMGxJOQDwWEZzRt@;r;q%Aq7Wj;x&#?NjK`)4*O@nx&jw<x9j~^-hV5XED?pmN|1P
zDvQzJB%(H2#~o7s+1W}L9{Z9Ja<+1KQ=a#gHB>?3gEE-Xp^nS}2D3d^7v<m^n=(#6
ze&abC8S`7fw$RJn)EaS&(7yZxE|fm>a5<?>gfKsyM2!v#v-8HYnbXu-m;;f2k)mzA
zB^RLJ9zj(~9?h!PqfegCSJ%TvC+OhPA>YJbEj2eLEw+z9DAXBYR79&qAR}+fv0plz
z;I+maCIv>>>>`hyFRsAL5~OyQ?+Yn!;0_QNDMm+mjRe+Plo_SG|Ecx^3-PGk9*JsH
zZhelw1r&QD_<=c}H;taq%V-9N{70yxs<rGL@F~l<$rDRkZM-%-<NLd|P^P?j9iYM`
z{T)%QOWK@(Xrz~E9HCX>25xD{#n+vIhhSwO#xJnWVfnnUe2ersMIDOzbA@;5wW`Pi
z{m^p>)7-S@=X$@+rOTL5`rKgQLNOZk1P)a@f~%nlP7rv{MZpb|9V!aKz9m^`5BQK{
z>wxJ#6~h<RGktLESvdOKISRA;D&(B3t7@w_SbFS|w==#6KZhBULa80OmVgxLdAXEt
zHwJDfvYR`*3LTiz&HsV4Q4NtEL-PAv?GVy7X(%7ouy+9c(#`)7oiwx?&6Z-%qf^eH
z=3}mku)k9rv3x*VNslN2vQHx_Ug}V3L38Q^6s6|}>hyj#F~e%1cvywIeoMZf<%c<s
zxBI&9u~c~p6uxoe_D>#308J>fBf(0;y0YNHCFnfU0KH11NDqS{q1YP<oM>e`1wb?(
z^=CkTMnL{$hWuQ!p<a+@78$?m)&<<Vy4UDk8GSKVU+0>!Tb9VdNwE!Ix;d5*20s#5
zJ-aY^au<SxFIE9w2n?nRT9O-hnp$qal*3s`I$=T7%a%$OSOeShT`C$F@BKANv><TW
zlE<CY%6lhGk*QOx(dDoU3q}^g_b$JczSy(DrnC2_shPFpG<(Rh@6T>VL=zrllZ>zz
zM;Z%?@J*-XwWfb>#&mj{^>i{ShlWA7+QS_c$~}@B&_kAEJ(;sW(Qce0(Rzb+9my;$
zlp2eOTNc*#on+;+S1cpW4K-N3`RpC|{AnfxIE{|W-%HHB4fIITj5O2Q+kj0P607NA
zkaw}ztSFeb^!GcW${&(^;@M+*bBLB>_feT44UJwA=9c`|mvJx#g>ha=l;*~wgNEQD
zMSMl4)M18va9(wsm0bck;FB4_$9a1JMJASvfCd@~NzdSD1k<H?h0sJl<2edbtbvIk
zx#x`z*>+cM2*9BnGwS-t!csaAU^P?bWo$t~J#kp+?<+I2y;a_%O|Wl3JD~V`A!=iY
zl{8qx^=pY3DRydZ1v?%}=G!@ux$z%j@!<}`@#*KXW$~R++(meh3M3AYCVoJ^j+zWz
z=($<r3g?nT_sJSN<PzyC;XgT;>%VbuLkDsv@LzAkrZG$=fCGO!+GUV)f{VQm0TEAv
z&WA4N#<G%@naEr`coGWD`zcmt6r04R9r_t1hgqL~7>tPLGP>UI+ftqdEarm|{3bM*
zMuZHz_F-fbFGHiQgr#Y3XB5w>L`fz;W0>dDi~pj+fO<6WbM=#Jn?esIMk^D9EF#~g
zd~J>muvQXjt^)s5M=u6px-!04q`oD`(x{QrOI>U1_htpXvy!ezF<&8`o@x*X8@72m
z(p#HPQph?SZaR6;AgUKOO{K4joys;^T%T~fc7JYCCd@!Gj5%Z+>#$2F1y+dbqu*nw
zeV20$=?A#!*jf=c==`R+4VUM+1M{Wut%!wmx71aiOoI8Y|5g+a>-XN)@BdbmWgGwi
z9+oW>?v)J#0fi9(1`dV+hz$b+4}c4WJJoO&zMOK;nOV`Hg8ddNk{0-FiZ+5|{wwPT
z`xB{@U56mqqxwU&D>ooX?ya93IKE$C>S~Ngk4V@=yy!t<GitdW_q6W}w=r3NP4o+x
zjL(^IA*Y|lDq5TUB3p+{n?*Y`Tt5Q*^d*?(<%yjwDsc#9W@)x>;Q)eBB_8%R741`t
zjd0gp=L9Sq<Lc@xrI{q7km11j{#NWqwR&=TZ0<y1_tQeN)81mNg`<yId7|v1>nZwS
zm8V}0T(9Xe1@~@2J5M52r8j!2_m<1x9KD(HmkDG}kzT90boJwR0&wKK<fc*cER8FY
z6-n^R7r1-u>zD~;Bi;5>-tBy@$1l_%e;{6`^pizBXG%M9q>#I(>ecqD`UGYBj5B)J
zZdwrOl!UkD=yS-ld>OQii|x7IeiE@*VaV`iQsvDFKq4_F+PoZ*=n2blfrtf+l&1uz
zo#^8C?#7blZp+*=b1jx?WZ|y3a|OM48&$diQjd-(E7}`d(D~2?tm+E3|5^ac35~@e
zGB2L1C5XCm@bcYvch}id{ld6Z728AQ_;vpckW~Ul=9XTh2vEuT9bOXp`^=i}7&o(y
zuwstD$Yse7^&agids}ebv6&eB?xm&|8mN!7N_v4<tv}7G@LI~;=CU25t`<Cw(C;Je
zy`6~rFtU7)Ax@S!G&8)=xs>XZ3Gi9iiOWCued1)<iNkt=C(J8wg^b7{fpxc@Em!)2
ztzK)v9uzRC$|`2?==Yhxdf+?%Qh9@9wyG&Mil2^YB&pXmMQV|NIgvN`<ZjF<F({Rb
zRv-Jh{C&ms8y_FhXot#itd&Whp@Flll5no;-i{6>UNsp3ryEy!?HH2R-6Q=31-)g|
zV#6!olylCEBeEkC3X)W&mdKuTfu1J1E1QOd7ORw1a-F5&KGJ?iLIx(qr!M9!Cb!u4
zjYA+r<p96Ok13NXvzp9c<@g~e6*9XY-I-k!KI;8%h!x(sLh5ni*F>gKRUW9*y;!1p
z_4IbH%-f`8+5tB70UUZ+qv5OOLaUd1fr0gQ^SJ0!hL4KT>!1o_kj!bQm_~07hq{pR
z2$|;7{CPg9rY>hnuBqWF;AWv2VP}{QDhLpb+dhp4-+DZ{esBY;_*~O<tikc-WBRv}
zIKS%~xl$<_WmrCw$S%Kp6+K>uz&8oK(RE)#RQ~8)+Jo$C*85Vy3dA#0uV>w=IauI8
z7Hm%5MkOs|-cnT~@QF&ienAM_l*J0gCu?S{L=ATiIiy|=ipS{DNYv;&6%&l7t-4#U
zyS(}a{P^YGixm@$UxB9-DxQ45Dj=n+DT@KXex^{jBE*QHm$~o}<G(BrL07|FMlSXD
z8x|*(!s2eT2KdaRXpVJ+b&%MZNcaD=<EP~9v*&nm4nSiG;HpspwVh-W?IEQKvOT=I
z<?(;YbKX?cAPJ>l$iBto9a}WugO5rt<A9exJ|?chT_OQ5W9&k>x!rFGzanUi1O)ih
z<}LaN7M}f@2;3b~KdIa}*#~`L6VEx(pvhHQPlmKjBhAU5O1qqxH8E9pv{%(Fep4Bd
zGD$|RJaKY#uld=-XY}|?kdb^nxQ(o^L~91s3Pe3VK$;U5*;F=yV>^R$<RRYJ+0rlI
z>Zqj>b_>JRT_-_2%FNzOb9Ua)ffu_E^qYeG#MvPJr=t8%SKn}sTLc6Jrnp75B1*(p
z)T(y&63boAh#g2k{-G%z`mWk3+kA(V2G}yPW%Sqt2t@e4)U{go%N*u!Mfod>HZN+X
zQO6l;Q{58NHOGmZua%V^_i_WYwhRR+$TeiZ%dPo|t<IamwwF*1slII+o;7nl>{cbT
zUiy_gTxqj<Y`>)Q0BAGVXor4~yvui`Yo;UTPK9Qx@4~goHURux3AoT<`y&W#H+t32
zoP65!=aG$^fVS2GJ`NjTB+_eZ<dx5Ja(L+ZB5g@K&7Ip~m1}?%F+8S%gxp6Bg;J18
z5dl=|i(Mc-XpH8zrO}wD6j^ClxRp@QOKk5JEZCt&^Y*>!<MZZu1P9YzrN~XmG}$Vr
zqkVj4OCy(}Ul|bJ4noCD{I4NWWv(RoC$|4xtvR?1AmW4>4T(gU{~q8v_qJAPgJ4=<
zQBV|W`G@DawqG(|TW^PU%_-wx@oawXX@y?k2B%Zo_RK^X?=b8B+Jf3Ielcn~+RBI?
z2H`9=MaMg}<m;;@|G?IC41_4yqeLt(%vv0cd>vFF_=$3K!yIXjdfMMVXzO*J1=Y-V
zC(lnre}HXlk0f%r6jTKto!k97q>&Wl2@6w{$<KnB9*SrSOv$Gb4ia(@4p|ldAhU#L
zv5=rF+`XDL5K>mP@-cI0z2yp2I|JFhk@#K!r%t6s-zWX6)97(xwTsm+L}EWd7Ij_=
z=4-El%wicki&e0woOu%cO@*Y9y~`C$%ciBfaErkcPd9c!A6qU-YTsX?jrzA}GqbaC
zaQ&^^E71@}GE(rzp?s>^gCRb~r>LXWHa&+8=LVMY>WJti6XTwaa^$1+mx!jUc;fZ;
z`T)iET%sd2_n-h5a>;I;l`=DWL`cCyrkg_CF8fF@U>Vqiy?r&Pei&p>2d8Ya)*ui<
zy)^y}{sh>sJ{sZPre(9gLY(q+qLP&M`(?q^i20BuZXMjOAO|-#<%RFxa-l*}PPv7o
zgxz4kuN-Yy9bZtFq1-u_U9Nf)(^%<1SgEWR6b)1PY05TcP*{~#2$vQ+JZ*1yA^F`I
zWucpN{~8~TOU5piS(1A5OoBB}_<^8WTW!Z(of0}IMFCL@b1eJ7JESTBCDGJGW|S<H
zEE`KgdIb!9^wo&j<6t$)Y4Q$VB$BPWEJC2w;zg@<#H?_F(BADv8oePlXPa9nxBHR#
zSr(PEviw2$>j<uJ3Eg4(&Y+xT)&;wLUmZOm1_k{e;>>E7pJtHdy<PV~sBE+;3-`Lu
z2-(PrckNyJ0rSc>DMF?YTRBW5u;n{D6<5`h3;=gj<1q#0CN{cVAj7A5-74D1pylnN
zTucej1p8|6Oy~}_I~gjLpA5VpBPle(G<a7>AMPDDf08P&D1Uuimp3KPd-}=g7I4~0
zhC*XQZB96JMIaDb5(1?bXHAy`mx-%f=IlH65L9V(C6DjnOyT#miF4W%_C8h@xD$~C
z*n?vLMV)*NNAE1)mA#QmPs+|Ucx{7+Zi5~LeTC|76A;Uc=mNMT1dYw&F1r|f8dbw3
z4`5{(^kzT|h*ConH~SAG?^j4Zr{ML_qmQu@psid!<Y33)YoqM5#b{PjQ9s61BA-ld
z_tt9eFI#EITB3=gChb^&`G0xVFQEs4U_nOaM&XjxIz_+UScCjtN-pWyT|tmVirs%d
zD@lc1;Yu}-Q0>5g-X-Y<yZVx6MhZTYr2a<OA+x9l{b5%VFm>=Tl$2*FZ8?GIL#@mB
z{ntkQDtPG@7(h!XO{jk{n~*j#%r+?hcNB~4u*tsHY_#MfF8PV8nh1&6OZ#T_E+6{(
z6an!fBC&W;f0ZCsm9}~9%aG<2{h*=$i1kWe3NWC;1i#Q~($2&)X&~0@Ygeu%D)xey
zXP^~Mh9DL@%roSIhWKAU9@(3^|H5qlQ#A}ARKmFsXDZT$G!f5#^MV-Al5W?jBGWSk
zLS<XxPrT!~>1*scO9M!5zqM`Oh+fDB!)lp0B|WyfQ{W^eJg9G~PrT~4pEp<S258E8
zOhiOo(^Ql@A+tGrD6nB6uEsGbyC5$Yy?l_edP9y8oJ`64u%o(Yz1!NLomq`B>aQd$
z@e4de<A7IFALSyQUxxkZFJ=K+n*U8G8!LYemuC77x^xzQS<BA^*1{gv;SK`iCq-tw
zc{O~Me7T@_dgr|C1$^Bq%BwyZiLLMS@VsKC6fWdbRA-lr0N&4H8Fr2%IF4c{(le4y
ztNpPG-xxKb-dF|={hs*=NaNgJHNI-6t+-A*E^b6fn`F+|LJtdR_7s*>^j?A?gH<tR
z0?P%8{T!P=t;wG0!pT>${U~PGSp6Lw$w6^9;h3oC6_#m|5FhW8BU9xq)EtdZkW=5H
zm9T?8+hDzeE$O;+xY+?}|7k`ljE7~EIffe5wZKquv}ZWM5d73#OZQ~ycM%doE@KrT
z#$+Ey`WexJZ<J81#B*MCAb52&5c>EG05kJ0wvkG#k=SZT@tbIL34*HeI56{14s?~G
zl!Xag(C|yGqTB2=E$Jy3l&f`sw8$IpHS9*nan$cIemmbCNO5o+`oA*dS^3Pw5;Ejv
zY+~2dP54|+@6}Wnp~f%9!FZvp&Gzjxn-Xq=S0eC6^yBO^*g-)jcsRHGkM&aX;FgrE
z0!03O$S*h#<+u`@M{N}*v|(NH287@&a;Q|;Wsnm-@Qk;yOj%ONi9bo&F#R2-ZSuZ5
zn#KW?u`$FsP3W1Ln1SMe4gS*%6O#&H5Rx%|sb}%h7r9J+eW)#0p59m-hWHHQT2j2`
zzWV|>DideLkrschUOmLq*ot`p8^;@_%M}zU9N+b{?@+?zIpS2NWsdn1@g%dN%#jKr
zEsGMv#IpYmCA6@<D61>A^NoE<@H0O~;1`sSsxy<ao%H565ZP>lgx61!Cc`%pgzT|0
zJ)>R+B&Hwv>vup&*>p!@iwd?-@=K6`ZkDtlRKXKgC1#E_&VY=-U)~R3Bj`4n>a4sx
z&MV`ceMl4Cwxp$q%bUrRP<V1cChChJXzKxxN1bte1gE+GSYu6hm3&Kzh)=0METW?s
z9^np^Op4bB^9;3`r<)v(bWU#tx)iV>KiQADLymjxX^faPSPe;L_1=lC$6}k;<oWGa
zXeo~Pe~2O}>+JN#DUJu1+J5%IZriurtE-W|JBfITja9veWBwMEV%V)~wWUeO>r3Jt
z``ns*eSGt!M7L>43^^S8+6WCaGJL5+k#@(M!Y$XM{-F8g*st%m;s~+(%Nc0uZIb47
zLE+0OjTNdKyPKStFk+(I8;Fh2Pw_!4KkUGKXyx&zZZ*DoL2?uD(%oaD6k$uzVjW;{
zOJsnRWsAx@l6QI~eF+FazQ>6v{wk;t-hL(u9U`+>f&E#4T!Nf03*qWCy@57YC;8`J
zdKy*?5o(Ut7g(xbxq9Zo!GDtH`1sTzRSFIF8MmKv++VKPigrE-Z4{-Mmv5t^40dI~
z|E~8`H5XT6)%yl)baXR}MqtsdH&3s`06V>>`O|oHw^`ls+5ju^9?Ll3IMLHXeRTZm
zN2!<D^{IYr%NmYlCDKy<8}RU<Av#+TIP2kA{KlXGm)Dtf_DxoD1^!bg(GdR2p)V57
zSnD2RNmg@lL1-fS*e08$w=~JIq=)D$p~c1SlFHmE&<ooXL=xQ`!>(f#0UuBo%i6yP
z>L(gtTYblBVtim3_wc<qL#(4i7aub{m_pQcT(rWn2x%}V)?Y8tG_t2D23Ejl!bbHv
z@H8uhtd^!kxBV!kaa%mcZNQ~qUFMv8zv~i$%*^rs?dtz6yNdr0yNY0G&TMUI`M0oa
zxBb=nj5S`>#2Tm%$#~i2on8%+P7TdAiIm>+vUm2~d&wkqB4KAjWRXeZcRUtz-^G*j
z#J#^~C}%4zkaQ~}@kdJ=cj!=@ZA=Z#Rh~=Facn`dy@x8_@HLe9#3WTH?yD!+TX~4(
zl2`V>*Dez5KlzZ6-#jnGSuJ?i!C={mUzV^&QHKpgR#E$nI)T|&!3I8D)l_WxW)@A<
zElCR#ge=PldE%gclliCeN&T|~|E_&Ntldm66b=Tc>%WjJGbMtEk{{PN{<8`CFY5ol
zbB!`*HiU?e7}CyFZ!QO5lLk@&uJipdZQ##B3Q`={x6pqiIGkH@V$iWSObzE_7)Gf-
z0x8uo-^!%&ev((IQ=a%@{lY9+NjVheCWVa~S)47%_2%!<9m?Nj&_AJFef$gBf?DVB
zI)4SCYugVxw6v3}eNq99Jd^$RF)jwk>+cxkKWEn=k{uf%nRNC55LscF>-iX_*x*a|
zL-1V`OC~qx$dypEpc=LXRn%(K0Uy_v-y3g#ZEnUCdu3?#C?Zg?Sbp$)Rzwdq!CoT~
zWW!HJVl`bB&Ync%*s0Jew7Za?;0}@^c%J8;3eTjXjwUG`Png>zC7#wxwBaTvS@zk6
zMDlQeMB>Fhqwbh4gTLI=c!(wUELB`uL&kYN|GW78k#`E_UvI>wQGzt_|B3Xa>!2$9
zH>~_zVFmAwT0I!v%;`)C3y#Pnsl0cx$QlAtngV|o&0O8*z<zoeP+423dpNC@!hFjO
z!6@|pGjfW3{mTR){`p@28LhSyA(R57VEisVLbt&8j*(Cd_qxsQ4R5Afo7*+PiOjfm
zkon^9WX4N7`e{W{Y8<Poh<kGM2xCgq`nO`GLB&{c8n*(QRymi|3qlLeiu>@NG%zX2
z5*bW1bb;z~vsiW)B2O(d*j9QKW(RQvqiTYw?pz1TbL1M0F`d!z{*SS_lGbF_;A@+D
z6w$M|nxiRRVj+$Da;oQLe&SuCmaeQH1P{Mru%v;t_%>@cZ1!VM;lITx*PHhaIIfz7
zLeoxOZL^=%xoa#xnN@)r0@263T0X2rAmOZSIBCx{=X$oYr-NC=aeBgJ*>D3xg!XaP
zc=Xoe$?Ck6Twm3%#ir|bv5KE%!6myspFrSfLlc&}YII<9)h|*Sx)2ma`i`Sedkbrx
zma0Qv-5+$c9B&ce#D-uf#4Q;MXLCi&eMuR7xX`cVuX2IBx^Fqm<r-E62#Yi=GU2)|
z=;ROatUrb1Gvcmtj}PwD$RKNO6)qjbps6YtgPs*4TI$S6P&JA8&nI%R!BTkK-EC5r
zbQ+mFVTgv4MCr5cP5uwtl(Ub62IFqz&#zv#4Co1&oH<@I0rBucnGRKz$d;wNhqA=R
zRsngP-w9$Gg!VPauSbVbM=HGr&#cZo1noDGD#K4vmmH`B{eu_+jK3u=P2zla{ru1u
zTUcnqFZ`w$OTtCIry7iU1E%%C{hgV*{C%UO+EU46*`0t<*@J)=C()=Z&du@p5IX{3
z<kVD(>HZ@x8<y%e(&0K<GsS?<T$7PKqy{c9p|%riL^<7}S$|8InrRHgd4f1MwdCkx
zQ=$m>&9!puV8%=*WM!uP5{%BWW%;6!h}q@}hhXCARAtClV!Yz_126JKOB3OY1+d9;
zF^QLz(bhcE?fwcG7vlJTIFx|@4kf7nAi974li!O00ATAMYHs@9MFp@R#GS{!FzPj+
zpqq?;-_~z!4*TdFvo+xZBR1{%yF3Or;f~IzAJ<*)FQPoq=x1@E(?h}0pTQ|sbPdx!
zB!<>**`aP)_5t^ZaNtKJ^y(+T@#jG*W{i$Cq5jK4jGu3dzSi%+TYp~aLK;G;!5egV
z^?Kw1_t)VDK0wu+{JDP@kpHN;^#i}c!!~SWdPUw_d@q}+!h}z!?;9oJdXyzj5MXOB
zfQnK2nUko|>QrkIJ+OKJKom?TQ(o8m+(vr!;Ar9%UR(hX2l!&yEsy}<)H#vWlQ|$N
zt7>vd7=Ixrc+ysv@Lo}tYbf(3%|2Jqg`BzLuGjSbk`W23SEvp7gJm{j`8Rn@-b@N6
zJAL2c3aAKe`6bzebZngcXheG~m4|HK&#lbh&On1_9S&B^4n?_%Vi+b^K1)UnUY9CS
zgpMR}nsM)uJg}AepubSrnaIwWX$Wx5A&D=HwpohQzH{oQ!xkQ=04WLAvbdE{Ix6jj
zpuJPe>J_H38A8?tOYM9trWR>xgUvTsgSYPrj5m0UDaV?8b0RJ!cp^}VYr8Yvb<7}h
z&u`638a$Gx{9MmLFxkhAsPawQ(B|37Z)dD>OBl&p(gwG756#XkTx`1tEm>?7k(*4#
zW_zB8Tc1MEDh8bzM5A8b_B~h?f=JkRpfP*MeuRvaTASZ76rw&IH`fi!rbV6@Zrp#%
z$kQ{fYCV(~qHDI{EhcScu}W+^U?Y6Hm>>9Atp<qH*WBUUuYsJONM&clA<%XSdyqB{
za}3Np?U4^UJ!3+p+a@~tPzGCZ*?gqimord4fT}Hk{~cv)|HD$Hj?zbX4)?qKJ%yzf
zis2w-*xqp}fdmXT7D#Z|_AgBt1dFz?mewOnNS7oB$ULq#6qKUgoiSG?SeO_=nciwa
z_@~9xfz-(uK=P5{|Br1Zqyt&uuZx_h$QmHhelY*~R{uFCDPkSaq~?C;qiTr|3@rMT
zf0M(=u*>alp-Spu{_7<IzE+!{8}~%{6Ds98eZX(IY*}F!_y;J(Z?{?$BQ`x3Wp!rA
zMi2>B{ds{&=jS+kGv1@R5pGo#hKao64erZ`4Dk_uD+~=P7wJvC<E>P6YUS-8`+B+`
j+@sl}O}D~V@f5#&jh*(gL@ZmxD(GNp9c{>ag?|1IGMo_B

diff --git a/examples/provider/all_mixed.jks b/examples/provider/all_mixed.jks
index 82785820d0d4e19e271c0c27b7ffac84d2cab2b4..706db398565965a8d84e25d8c09fece030c3e337 100644
GIT binary patch
delta 8851
zcmeI1Wl&t*+NQhl;7)LNZ-To83lQAhgESHnAVA~pjazW&Ai*Ix!L4zZAi;vW!}p$Z
zX6l=&dC!@u`8hTF&#twqp7rCYeXsj^?j02gjE)2*kRu1k&e>xm(ojIOwXt1*?+<O4
zS{If2<Hkadui5R(2hcPe<!DgIyb;RSS-SKoI%3FPeYt`4AYP5=+)E<|DUNPBlgqvg
zjMui0@Kia%sQkc6k8L*c%df03@A7j2?sm#f$)8@lk*&li9U0NXr9KAnQ}SO$HhbmT
zDF!4)EELd?dnOrx`!gZ4lZ`YrS*%q*qXiKE%uBx!meR(UZM)hfZ!9fT4M!cMd|!G%
zT0LGG>W9eCBw4KKrkXujKea3@VX#8E4lqRB?QbWuh}}|<vEX5aO&dAw+ZDAV`@&_0
zZ-6<Y7rYLJ5_i45Tg0E0=!SQglBx`_0Zkmj9o{ng)(B(JuqX)Y)SD)6+cx!2kgKfq
zXwCr6%+5*>mYakH-_V%zqnj7642PJy|0?DC@l6)mxsgV}OWb?;k~VESr>zjT^Pl9f
zzJa?RA+~bQ2p9@+w<J7>A$Af=3GefHh>>3(OEKL89SJ@-c$VAb20rfcwpEtu$>3JN
z57{!?c01_e&JQ6p+2vdFKLXKNr3zr(P1JTi8j7S3#6Gb+4$1<O(;b^s?+97vruE;0
z(DE89!Zt=C6)pru=wf2}UpFyVE;NcpghtG*&Mukg67J72?bey_e^gr#RA`N8|MZ1d
z#NNvLVKk5rWX@mC6J<y;Tbf>zCX8jv&GmA#Z}=s?6aa)^JZDtB7)7Gue@SN;NlHJw
zqwMAOG8SgqaTgtP_G7OyD|~~L!LccH-%CF<&*s+TDg4&yvrGio3ndmepFAqdX!eVS
z>DfqPA<(dbaK4a#wbMX&BcJ&-?L#*u_3l`72IV~AJ&YS<I|~pn49haHK)-)>|6`X!
z1AL2;DSQfvQSy8BgZsOKkI%aeV+6^JWhpi*nE+86&Vh=c7c2(sdEC+mvp7eUoLD2v
zV^NXpqB?Nx*ROKBl-inwTok=~SB{re+?A@e(emUpb3V`{ty+M$40Ok}&3hvo^HJ@4
zEzVo4U~ap*_gP~uH~3L!;<#J1zMir~<P^L^q(D*#Yj{M-KGEWIL(PxzMR@f_PwPz8
ze22k+1B|^r|1={TrYN1$awmdq9;}yruFP@xd&=f1JknN5{^DptUGBbf8B=6<(mrjK
zRmozep45&MX!+nnIyk;JUEET`?T9WeRb_f^4A0GE)u`{JvP1q>?q!U&hP$l3qjI91
zcN_wtH9Df>FhJ6+N>^)qyd>gLjL(dwXl@TI+26)uipR1kW|HeDQ+QjHZ3;pDJulZi
zAhFHiq>9BDnsI@de02uuO6+O973sBLj^ri&WZRDIg#V-kKbvNBU(iQ1uN0Kn%0s1x
z@)v&DczBkHfUDrBEfZsS2fzB1<yTX*BaaO^(VSs_dSXACO(oHM`!f9w-@#jti|vRj
z<Cp7ge=DD4YA2>{ZFbj%RhiCP&NBRfqh&zDjOD(Pq0-=K{2vY>D`wP&8~XAZwjoC$
zS&JA9w@M=Vb4(<RumYK9Ksj~1xXl^?b=CF9Qn5?1mX&cYiEd54EP0v}@8IX(!7P8w
zgyz(rG=LXqlHggIC^k1l&OY86J)`e;5By`6(^6*19}nBicS>|>%IVPQ2gz$fz|4Ed
z+6Nxv_a;0V)#sbqpMcM04+w@;6vFn8SlX|LC1iw7l5SFFw&4m2pn(P`J~D_9NOquG
zz7l;=LUjo>k8DClWd(9T&v<pAU=$+?DiSOZhzG>W&kN$`0lhK&Yx#!vAJ1P)Xa`8S
z4vg{<;qQ+KkTik>0f7K(=Mv?zuciB*92cSD65oX$oCXdCCfEz)8*Dlz2smyEyAQ-_
zZkxre;)l`HY$!S4Z(R6O!=XGT-v;;dva>?GL^SjH6kS4W-Ll6g2fiS@+fed#P<U(t
z-sK64mjCEq9A*wZHEt~0Svl8ymIE}NDx8BQXK`M5p<0lLn1KgfToqB-ov7@l`pi}1
zt+DL(Qq1nf)Kln1dHWRA=O~#moM*))y*Czb3nRIBr<7-8xphP3Jck_xHupqoQ&L1&
z5@NgPAH=4}JRDD+=Ex76?btRB*n;UQw^B&Ap~r+P4Su`hkume}Q<C=nu#djvLN<3S
zsxR*ck2Q!z;wf`=OaTA@5P)E1@z?7wXR&$uhqHJA4ryWceBa7vDb^jb>8;8~3g=eW
z9=S*ug!Q}t1|gD@8Kx+$Aw7DIUuv9&^75=C5B3U~VLtrX8?P6<Z({`RIt8E*GLA$d
zUbutUQ){R-n)>7F3X3$L=$;1bs&1(_wB^=rDJTnTO<x77zvb0?E+u8Yex5U}qF53p
zgsjx~BKcDD0erC@?C2V%Y#F;s?bZv-itJ5mQoTob(K;`%<1E>^z-=1Mcc;!ejvb9*
z=rtx^yV_3Bolk`aSSRXjiavRs>Sv3X_0P*C0&>6NvD&w)vz96m+h1OS6jZUX8-}a#
z+kK_&NBI_gT5R4fkrwpu6sI8+eYavTg5VWhu+aKVn|?N;5N1gS2hq{Tm9B@5Y802?
z9I5xq!N16ql*h*`$r8>?bReU9l7liMi@rUY9-yJJ?t|m>a_X<CVKk8+y4>{IrS%p(
zj2otMs&91RhIMzepJruqb2?fo4SA^$OhV&uXZAvyWktE!meYBfyuFRtGDH)MA%xyD
z@C@nK<I>8ONU0Kj5w3)Lk6q;5A1WuZucGTUb`K)Zr)u6#I;Fl{7(7~q+cL`0E`8>v
zjBBF^<J+=Lw8LMOZZ*U6+f~`ojQ4SQD6d+J%yzFWQerWEn#g%<m4mfeW=Y5g&z^O=
zZXKVeR>v4_ja;9}S^KUW_+Y6mLin1L#3t2oJMHZ8R$nHJ@hlCM!inf%MC|RgO%gd-
zJSWw}1cFvIlgb)6j%bK;$n%tLNGzVOP`5(*XtKub%4s@fEbFS*G@niHivYtZWwTn3
zNov=$Wsf=t{;EcEd5S?E@Nw{<Wm8cl#k53FNWgwv5px!*+}dnjU$+7qgpI1E-Yyy#
zM!JwR7tb6R5E!gcYjDiq({TAUwI|+r!H)9XQtKFxMDe?pqn=Jfr7V9GJiOWoeC`&y
zqp?CI%3bVt6ci<?Xk#z|V-_K%L8R0))&W8~o-Pj$VK7Xj_t&J_jD4FHC0?^}#T*kS
zx1j$l;bYfwb1I=xa81=IWcg=&$w6}?1v%-rA%h-v&NtdTosVLY{SoU<y0f`IuFgJ5
z-nIkYv5K&!ZJ0WpaelOUpd|PX2B{5|IAFj;zq5>xYpCh(N(Jl=oqcm%`20mV0ivbC
z*Ab_?@-@VEgXF*lhl&e{aIZALI@G86$&06FQ!dBZ@*}{msp(F;8L|saXIv>>a1VmC
z2t9NY*|{F+OwxS)lq&=Y8}>5!<5I{TdZkk}T@`v5Zb4WQk<9LM-^hx`x$y%<Jy#_S
zmht{)Py7!rA<;cEgrq@Ch$7Wd$9G0|-7MFR8b1IAqlrvE&umw0>^9=$h&t637mIkH
zqE3>woXEm&T7LViP6)D%`trs~bsK<Lu$*vnWF;)=P(%oCRZ3=9o)E@yscGi-Yv-s>
ziFeF9gW~x&6MZz^#@E=fRaG#t21o3^2c4&a_ZX&@qjSY*rGpu|8HxjF(?XZMIzQWk
zhOC++F~XVPl%ESZMI_=T%dL}ma>CwZa<EL_#$z1mdv3xNwpqfu7mR?l&f2FuWA9I0
zw9JX8PJXD2$^>jpUn?xY^&Wh>ODAgGHkPgutfP0&YS=QH%VmSzin{=0?XgKb&e2@>
zqPqXvcH*cYbuD@T`SXei8<?pKqA9G<`vGh`57oy35i-R<@9r+C>VWRaI(E*Rx8h6t
zm(X0C^4I^)QR*ykzajj6+5dDC%irWIVmVXhFrAJM*EHu#d--H(H3^@Cjs`xnYVp0s
zwOnt9l26U$2gp)dpUEU0HZ`9*E*S)0Hiz##y3+o!1i9K1Vz1Pn*>1X&Pq~Aaez{$X
zGpG4=Y)n=VSI(<{%fX~_ftmX08Ho)zPn{e0tcVL_#FckJ2#PNucF~(98oXzSiGZ@+
zK1v9`Wiw@7arq(0{`g{8k@)K+mH(gn>M$Zr0VfrGxzYm~FBktkfK)~Lg4P9rN^`pH
zd#j`G+eOzy2^1mdujIM&Hw3L3WMlHUAiXmiRZTzS32t3yy;0PIf>qMzbrq~LKRCzv
z<eUWKIC^3$&?Q|!>T5$Rs44#GCg@g94mK_yIc==0{^csx_kZmV@&xwrV56Y3qX3bB
zYzTNjATj_cu-20rH_>SJ#PzqPt}|1SHvM<ih!SOIKXCu%J)_?sUf7_;+O~E#UOyIE
z&&;|@x9Xx8c_}iApx(yf4noxYvj}5hE)B9smtJyAMc*mGR|enHvQad$%`PJ=Qn;HL
zPoeLhvl>8puK*N3cMu=X#?2#ColoE^#ps0xXXU*x)d4RD?JxeL+-3MEw{3#Kb2cTX
zo$S4f?5aC{E=k{zBvg$EL};#40~vN#<rmgv+Vvye3VJOtLJ3VK$|w7G-wNnWojUP2
z@b3!)B;P^(UlTy~t|?-(@-~$YRCBI&>YRSl4YE7G@y@~NW+1ig=GX5)ppo9Ijav_X
zXnx07mheJ<+QyLDA%SN2HdGA@|Atw@B<!EvM)9z5|77F-uTFmu1OSi`d4iB${<l^K
zAsqzW?K4^Da|}p}{T%Itq@d@WpaoEKB+JLSuwSK;y!2R$3EO5Pe*at$ka}9uW&aKh
z|C{yRg8di7GzL+luq)vmwM9o<4Wgu6g3BwVpXXUGZ+UO-B#7U8Jz(OPF=XN2vg^wa
zf%K^5Fn^q^yb5YH5ZP87bSn#9TO&T6KG3a_8aTna=sWqc^~Hq10<vHH?V5FfNPq44
zRa5@<z$uAd2?T~ud~MCtkAW?B(VR;t&=poI1blO1+G$|%RiTHn$6RPhBx4PNoD&`j
zzZSOgj;&Xb9HiyktniXnS@rMM>s@uDyaR93K`k8%8NKg38hGE%$_%jZCt63@?vKP)
zws___pcITHL9M<cK~R}$`UdOLhUNw@qs_mVYJNyW;h~Q4-I$b9E#CkyXAep#6GRxp
zclCXu_7SCI`?xdNyk)~8b?gNOPc=IlCPk>19j^WQ6$O7kJ8sU{R$t>LTJ1!NTZ(Ip
zztqz?b9+O)Lh2q-rjFBaKC-3!vcD5j$4UqvQBJ%Nn~3o+g@B{!Re+$HNN|O;WKu)`
zI@267z7R%!?pqSw`}U9el`cVtd3rN9%|ue13|v2^JqRJBtu+@uS19kB-#`6H?USsp
zsY>_U<6*eFGYb$x_0qY6`ss|`Mw`o@oBiDT785{BcQyz%NX|S_`esM)8dZh;!_TaE
zVq^LT$0N?_dPpz+uY%|+7FxTz+blf(jBi*Z9c#ARHcc`fU6dc16^RvUd@m9)$QQx7
zzi8gIQO{-w7;zj``)h$CvgPEvX6?vRa^+2%`?mU)embfCG}vi|IosVzN7Ew(uD;t7
zO4FV)VrRhpnMPV~xgx*T9iW!G1JO>o-lZ%RJ*k!4$%9z2!D{2GgvPOoUJoE3>F3})
zGLH>gTMPdoigGf!FQ^-2PB%OWZ4}1%ohpZSkY}@c>b`qD#V_m5n<!WQ<gd})!98_$
z(jWIc1|QK?K0WMhaTC=O!WiQNSrI&*OJ>W5avuv#+{^1&tmh!t>?7!y_J)6`CtdQi
zsZND*GeV4T3J`tR*}0#`>o~oKwaLRo_!AWE4IoHY4l@rL#eB?<leUBKzE#|5>q0RR
z0XJKJbI|NS3Y_2=WFIjkKTAw-J;TxC;Q^4BYwOhQQ+4ne;;=aF|F8$&{hd+Hx1(i5
zMwbXbXJ0GmrlnCy{_K~}vNP0%MxbcIvmGIy49T$!>n`uW$6JZnzRpYXvMf_%HvqU}
z9)>4xrrZx-ZP}N*wHZrT?%3wQN*L9`chQkxp@V=|0px1PIrv8m0!}MS>X)3nJQyok
zT_4bY6+5WLt6Y>3x|)GvMro_le2E4hBi53(0Z=RjvbuWT-hD_TE^s)D>9ElbFFdpb
zQYBcsWwu10&Sg^GjeD&gcbB%DoeB81Ij}{e$LOO@Jfpv7yovFta}yF~4D`XwcgelE
zfeVeTQ&YjJ_$hvX;kzpm2$Gi-LuBG~Gu-ax%eknc%6!c5B-I7!$8g9OnPFLHw7w5Z
z*WQqN#81*vrQL93GeIKwqBQOjJ~5rvdD0AEudskalUTru!jV6%^mKw_L)K>f{fqh|
z2HEKhXBwc7s6OxLNchHir&LXvGop0#DX|Zp9H69YIu-bn6-d{-k9CY9ry!MdO?1jD
z8_5q{qFkf;_m{FEPhbLcQUX+mM(y%{uyU0M?J~VnOVzr*m?;GGNK$#LI6-6BO-!F}
z4r#qfV-c%r+LDVH^C5!q!zL8mNVa0iNZnBm7JQjYxAVQx3K8A8p*zv6j?Yo!mS*$g
zzD1zA8q2J;x1T#X`jDCz0>(7`B6kO#0DxD6KP)bi<bX2&sD$6)%S$w`L1>;Yn<XzZ
zEK1nZ$bIt?#`i_XlHsAh9zL+!8O5-y?O>?b8`UXG;EG}{44z4dk8%@#VvubVeH!OR
z#UbJ~FdYkl1tC*ors<j_D7A+u9HRahzt7Xns@jC5)><Mc-^<L>uTVG|ON*a->>Yui
zqc;eK^&KI@9!y^mIqE*9qR{x`|Jgo)y5f-iJ?{K}O8UR0B=Y}-l2ENI{t_?f&A*J>
zNezn0LIF8d0D*f(N{9q3f=cS<nlgr^-C_@TpGdnSS*)FU(c}9`5cXZNZnm4gE&c&w
zkoLt6GiEe=fZG&}^!G`2+Xcz9a#>acJPWc_f(w16GQRtHwCUS5Wk|!EEZE6B*o~Gn
z;4fH?EMkL*QlSUt@q+tWiLrPVMV2%$o=P;aHi+iep~-sVmVNF*fTNQuuA>rTijeC-
zo?L_ZwyNlZTpX>CEtlBSJKKj$4^1g(`^BI;ahh(g@C1mLZ4$BK{IOi;wZ{pGz*mbz
zad$Z~#h*JUd>O%aw+GPl>ni~Dk#1x(PA9!7RJQA=c~8X7QBw1zfx1)uZGIcGfxj|T
z8e%DI^VVYTHHJ}9tz&?n;K)1Vx?KiU;oo06N)4Pu05Qt1Oyg8Svs2f@7d{ck`u4l5
ztn>Fq-`T$wPe`^Qz|h1Z3bjhx3W+aftCi;y4m(_4`l*bY;rX!@X<h-}b-t{^$Z?yu
ztl-2wr43$~V;ZI7HjIoAat_vID;p%hV}cmmm=o!|x_WbD^MJl}=<wJh!p@V}rqlUg
zdFdn~yI6TAi*rs-k0x2Z=66L-(fAuZwz}*O(y$YzqIBzWqW`$Bddo8(WV7{y*w@=f
zS9;9KaQ_bP7*8r_<fxT>C!=Rw3c2O`!ey=n?Jn=l-qkSsPFaz4c7Hr;wmoGs?Olk`
zm2mGw;fAN%t531j-=^0d1@9j3tez%*S7aKN|D>LDHEHP;_+>hN#v}?irOmbEqMwOu
zCaBoHND7Egu56BQ*-)nn*8QW1RPEk&kXdTO>(uplJf|HsRp2Fp(aQN=7#P-55L59&
zOQbGahZ1;v<-XASwk+j_8+C8>I3bG2m~k>?Z9moRdBf#tP6VDYg@{2k1#M;n5i-~d
z*N7CbQuwB1N`v-cb#>pug`v-E)#U%-x`o0evZ2f3ly$f=AAx^=LV%<x#E9=$L?eEn
zrfqSKxRETw3(84wT6${&^IB(HJ>$ybMPdx8H5M#+qDd-@u=<K5elALd71P^1sk9TP
z8{1z2xG#^k_D-;ThDeKkt};@)sVlG-3OJI{Zk9;4Dv>`JbBXnvHGQErInm^TZ@Btn
zVF=UITuke<QKyJfU29;FwfvK#G5*KY^52@Y!-WF5DIoj5io;fmuqK|Hv_6*WmZfBT
zpHNruMz=+N4BmV{BE-a%^X=QiP$Xa2_wl2SX1gv%&!6ehWRyB8{eHza(~x-CCD=@t
zQ^Iat&(bqNgR9XzmI7|2coM4t;$Zu7`~|bNo%&(v7ek38$U>23v#;vW&=l)nuUH+v
zU<*oaRS+b)@=Uj@wL#0YqdV(yWjFpDgXR|a_BG3HGt)IoMYw9TPTRCA&$=Hqcrj_z
zoayx&I@)D~ip3c_il4QLe8?yF?@CV<fHoa*ZjD8z<N#ysyTrm*cpE$<p*|R|Ij=7$
zG(c)>Vh-oJos?J`e1~oie?D?#zL{o38t>?$eRhE4G<hh<%ZTi=I-B?E)BpCs2&gE(
zo~Z7vD9L1VT}h}&69Cg0J{U((HIEg?mgVH$82c^;Er{m>#d#O)<bK#vmd>L=mSD)u
z$OyxzmvHXZ)!SDVuDKS!I@sQ28}VcLQ&W^V2Pd;o_uZ>(r3=+}l?DKs8>F1cUsNgg
zoAV(>{h5(0pKT>Hp(LAN%xcw%9Hru29%<5_G0s)L%<GSv4w{1#0)wMDk4S<IRd<)T
z_ej|yp4u&}ft@_@6@@(U65Jll9Xgcln1TE)>gD6!NC`7l9apJ2FZ9kJri4~ww|vjp
zWei<Uyj@$U@NYUUinkhxwDCF7jj!eoxs@T~OSJXq#;J3(PmkMSR@lsf8F_BVBp~uW
zAmgZV9;Jd(#%BsCLH0~(?J{x2>mQ7+=?ek)5^8V#3lEy?uGqAm8MveZT;(zxcf70}
z&9@Lq9P@(LRUz^6)8>r*wK_&7Rv98{f2Dv6&fXv2h{d|xLS-N2jnvz!7s)q+EK3L!
z_2ipJk{}HWkulFydC0D;vC`0TUJxN+mIhH15(}I_Jb^v5ongLkzqRqNY`o#$Cm0<d
z5rn@l`-cqCdPT{0+}yQ+Mw!%r(kVTsd<)*XBzK3c0$)(XXDP0DYgGBuR~Y+iarxlA
z+_TZ@l(4MY6p!&^j((jg>Xb5TWlA2&#*$-QC3Y+nZ)Sqeo)%>_?*WaAgQZkRdATMe
zRkH1U_)@>7RQuE0rE$^5z}i3NmVZr=?G~94-|a%^{wYKBe~q*M9UeF^|F!>b!UJAP
z7TE#3#we^2tf*d!>5?tZy76Lonc`abY8Fm8mU8ho@U82IXdPH10kI-1{#t2aEvoRu
zPyZv{+F4*ypw=|mIg7?#yowOv=XuS8u?rE@UJ=j@H&uZp4{q&JW3VA_H@zB)neM9#
z4GfC3JVY#ZM-upB6J3U$1qNc$qcwJzSHTo@o3M5*PBPtL*nYOS7kfy$5_nQXcSJ3G
z4%#9>hg{4Pgpd#25NP_(U>Xm76p*aD5|jffDFS%p5onBZE*(fBx(MEg2L`S@F#G0N
z0m5e$H?sAHfZbDOJo*T<fJkU@Bhs3xc={0rT;!vK(^&vD%fhkO_oXP&dS;=`8fc&}
z;XnQtJMu#_g()C7EsKM4zpyc-!_Co3uRJ+!dS)f5XD$WOx43Z&yb;WmHt~)}4*V30
zugFt~cZYQ*6-+(^Fo;?F382Wq`N(c^t+k2(GtMjvvhd3}Lj%>DmNks123)?kB6N#T
zzD17$hK%+D&eckuVwE(SN4*EG&JCT;dx*vjkLa*hV)G#9No;%v;n&B$kHYz6Cv^Dj
zEFqmkP6@wgo()Ws2D|9UMts*x=3o8xpEj+wPX^<fviZLgzq!{J@QE_^NB?tQ@$ndG
z&K096_4^2-kO1_CwR$jyWR2l_O;>Ks^`}RdVlu6QwTz!zeC5J)2WGL~Tpp6(T=yHq
zHZP3sQT23?@V<blcsWs?hU&|Op-rY+nOYviaLUhf;p>`oHeH!SQImw6(MUH#*4aq7
zq3@MuYk$(-d@^`sna(6f6*;}$&U8iRNDc_}&CE8)qf>#FW4|J_+DKrz#WgMyC}L!P
ztq)5)K0lqw4`SN#`Yp$zFCLG-j3D*;W^~QIJxBbnz(F}S6LQ<9T+<p0RMcA_2vX||
z8SZd;$UBk1SJ|D0iA@T@X>;xjJr-*W!R(0uddyG>BP;$l#dL!kZ-~@u`lrfGSJ@J>
z4kRdiZVphJE?EpRP6O6O7rPvnJHeR>e_G1-2zGOXYe%rQ0i~FSu13L6%$Jgn<GLhP
z+S+`O$cPlX?Fz0878kUJBNxj8S?rPV=O-FLm-d+Dm03J0;tA1TU&)l#Cd|K5^yF;!
zD;qT^#WMOfc}SC673B-J9-AIlIh}7J<H!J(^~i+ClIZ1-S<O;>kFNJEpyXRItjMan
zUzlq!X%lNR4)EpdOdqZ|W$7;p_UHU4jm<X+KNBIU+B@yCUZvX5CW+kaHVA=}q4Hu|
z|5+F*|D4#o#4rB?LBz{E`OMl$_FjF#;T`%cslF@a8XnjfI~L*1L9La)9a-QptmWAJ
z;8?b7`Ru3k4%B@&x@w-JGU^<p+aK{J_2z}X$nG?<muh*%CPJ=e@xaglxodX$$27OI
z^%hQgHHoHcs}lK42=<}+yELY}829|DPMF9i-;rG`WHMt+BH%7`f{pC&0q6e-L?UWQ
ZH(si{j*=o$u|W@fMZ~T1z4{mbe*tZ_lq~=N

delta 8869
zcmeI0Wl)^m_T`aA0t9!r;M%w}?(S}lYj6nKc+en?yM^HH?iyT!1P|^KG|ZL%+?lC)
z@13goI5nT1I;U!%538QN*Ke<wDA?#I*aQ-UK<7@Fg+xkH2uxU*6F*$gNX>WRjwM{z
ziFi4g@0L%Q!K+az@S9?UAfTcwQ_zNC#zE8v;{@c{-eX>nqmg?f1qW@mG_#iV+nfz=
zXnXd<QI-XH{8L(oC|VEmMGVZ9gYNCf>Uv~M9aCQ;L$}TteSR!rR2IT)qfnt{m2JgZ
zMExSbOBEvm@{K}nECnI7bK89b3_8CfQ(VZi{`td;n)W924UY0)$gp7-VcIanO+SX*
z+Fs6cdn})e8Iw$tg%0~c)r6j*E`E~5>zMfdG!D^nq}W_!HL~1vQLmFjcF&`cxE1K4
z0C?E4ulT$Z{yLGQhtT&4JeI+g9SjyITHBb7>`R@1G%KnH2d8}|yIX@MSTK%=Sun5=
z=DMDAS5?O^2-B+`c753k03ftRtgb8qoz#9YTixRLifQ~LE=4(M{Gcw5?Y+O7&!W|q
zn6Q}*^VUU5!)qToTZN=EjAtqA7D$v(+g#aunU}#SYr9>}bz&Psabs_BUd^0Pl<}@G
zMxmk-!i)<{bE$i`OIlc*c8cZaAo;H49i5yvneJ;HY=C1Yeh<{(JkOHvfVl$*{uEwi
zdb@CyQ-^1?AGt1G9J$jM<-rzegp#4?o2H2VdOtt|W5&}F8g1l7em~<%BEP5XmcA%@
zI2!!=nISo1DWaScHNn7wI->Dx!YY$fUZr>d;`5>UF_r7$0LNJ-z@fCd6Ez$|YC~Rc
zs3jxm68#CWpM2m?Yabz5?e(6EHlax3&7b#a2pT7&D@hHvh#WPxMF&)H4}x_cj30VE
zlr70F0J|q~RS#lKiJ>-=qpl+Y)cIxoHZ)J_o!4C}4&aoO21=D$5B=jjEDaT_=f=SA
zkmS$p$LKF@XeAAU9z4rfl*?pJ0~1_CH=2tus)(=?`=^I@rs0Hnq9@Ig`k7`ve&DYo
zm&2r^YQ56GMrT<|qEurFXBlIN{Ut5uCWUQdB_QH$#DRH)Y@IUGKeB0H6G@Qry4f@)
zXxqIsu=rwhaC)-d!jpxOh9=FawN$&Hkh&n!@_G{kLuOUf-4nWOqXJ3!2fRKOyEKXT
z7&C3$O#IHVtPadEb(#5DBH$hU%7%}D7S@OKu|NDA^zJvpS>{+1=PLqe`9cGJ_F-%(
zous=0mWIaj<GFp))YGECX8<Q$!5<|1PvzNm>*L>vX}&IFP=~Zwr$;?dJ-kuGLSXP2
zu$?P4MhksB+%bGQos%Oul-&jGU?T@9h=VP+E`3^0zR{!fWcxZQV#2)s!Wl2MFoZi{
zP1qt%{&sm^|KR(>+xXC^TFos%7*24Q*)VH=7=!y*Wa?wGc1OHA`Fq_auMHoSQJQxk
z22J<g2r;Ydc|&>blD1H(hB9YsK}e!_PkeNF7^;+LDqC<ltliHk&ab=}>iPybt49;$
ztsM>1&7l=Md!FuOKOeRpYn**AKh#3)lES^_x-Ljwh?8fwDl(KaNi_#r@V%24MpQX=
z*a<{nsN#wy0|^l+!etj?=V^^{nk&n%oyZEl!4#5oMbTo=aB{4pKc-SR9GlY4E=WvT
z$Q>h8TLs|+nl-5#udKI<t$e>BKKt}kyTD4h`FM+95K7sotH=Gh-fGHTtK-+#NNR!u
zFy1aNp3>U}s2DREDfOx95q^bVHciZ`>raDKs)Xh-(lJuzKn)Zd0f?)K@1L)uCPN=`
zX4bgMwPN3Uyv_-|;?#jUBN~#D6TAm<asq)IKrRkGAh*Haj@%pqoIHO&Lc4(q4bF%j
zaDV+ou&5y<1Qr&i^>CL-&Jhsv5R6Mag?lz~IX{t^_=AP)qdRYW5qOYdbyl%iY{q_&
zS#p&9`P^VkJcrr&M!<&h)PE@-g6K1;!7?Un*s~8Sn{XKtc?FXGa67AbS}960Re%o8
zXB5AuLeFz=5a1pp*EY>NkQlFs7dDTeOKxh3@wb8~iL_MSslWe<i{Z@t$2^6O98;rO
zN-t%-anOq$m%&oHJQ=)7JTu)O7&>bGe5kj+kf@M(Fxq_ls6kW@GEHHujG4|dTH2U&
zxORPQRwhhGHjF-Cp6IeoBZVs$*MI+juC^@a96Si)qGMx8+@SM9a~mel`y0Za%)crY
z+}nm<TXj6ee+>fz0}BIZ0sh-3(7EFe+~1u=bQ1wk;U$eMoNfeTej=&x0`S+qQ+_k!
zXf*LAG|rKBG-@d$B9zVk;`+*_+*_9vC4BL?tF|UaOL~Y@hxcmqo9vfqu9gq}k4yng
zXgAz&hGeaYAQp#ptsPrtF%87C;S`?h!sGP|_M#=OdiOeQ)YVcHn-qWn=MT8gWlji!
zXi6dVHgT<9d%>+JGD*is0}8@ZQ>?zYOp94`=&ALJM^3VoAEOnx>C~t3dY+FZN9y!}
zmhaE-$LUdJ=dvoGRCLwRG#`?j)j}2}zO?Zber3+vL!MTTm5#o%e&&)9C|zOkRAGYH
z(K;{p$f}E|izE_S%2cA0ir(_+V&g%gBn)O2X|I0?>wF|h-iUV{Nx1Jvw@N?yE(RRs
zTF=e5AbWfYs#=bUyxLaGP?fjQ#t`yF>dmgZ^ZFVW1Hh5FrQ{`_kEawxliQ8<Z1hK=
zaN|DAG6BB$Ioa$3wmoE7CWw`IA=B@a(b%)E-Vk122eLE#7mUglf=X*Xm_9;afg<C#
z`NYkOsP(XzE`)cViKzD^&zOldPEsGj-y!jd0K`_F>sqD+Wx7(={4u^dTV|4qNi7xL
z`^pf&3@Uqd3O`bUN`!GyP^k|$oz_4`5l4xbD)gesd#e&mxXfT2=Opl2`jnI6*Dedr
zF@EJo$2ks`HC{HDed02Kqa#S(v5V#TlXq~{>h@G>-cR|sE48a@vkr%z-!+KnZ<^Gh
zqA5H(oRqeRof&bRMngfk*Ef1xD*i@q`V;(ghFYi$V06ivzN?|YSJ<y#Sq(D5E=WND
zV^ud?rwcllEQgZ9-u3tkc5M5#jxF1Wr>^%#K^O|FoZk|8QTMjZ<uV{3O#K1&All(;
znX0|MywruG#K6IRgNzqg6x{h>xhCnAxij56{j4se#X}DqOONHDae&HUU;28{dwfsI
zZ(&^$KtU>EB<q9g_XR?q-RJ8Jn$lG^Z5(8taJcfs2Foy6nR8E&9QNwk&PkOgIf6LQ
zYgoY(h$X3r!8irHWUr88e=L>)@U_=gBtOs8Sy>IuDXgLfp6{d*(U20U#uB$W##;{6
zrK6_zpSrO`8^#&A^)))s=2D>4)}9Pd5=j_<T_)eFF$ZfLND${oW3oCBA<0sIhaq0l
zc}XuIOeL;5%{iL_u?=O9EV-3YMj`N*-CViTxkq&O)+!FB{{i8B4#yqPe^5rXkA^V=
zc^FBStmQQNFJv+jY*|$i3g}#)NH8jDTuS%#rJw~ZLMAaT^gE9ljK5)n>))hV!(z$T
zq)~o&mnRV%vg1akx)X5jN~?BWQZd~!(h(|9;`e>5v54HdS~DS0-?~q!i>GZjo4i?n
zdTVB!TOaKy34=8Gfh*Z8Cag<(9r8JC40biugILj>w%(h5ext)uxZ~|@zMR$s_?cw^
zVa~28nG8~u4{om-u?269+ib$D#xbf@z#wdbjEqw!{<@ju->$1fSNQ>GZnRxai@`^@
zxd`W>UGFs7?ag(T$Ua9}9uc$Zkn#q#iEi_)WA)tv$V{mYKOB5N%Yf^ed}}q5j7`Uz
zM+z>Ey2R>UQd)iwuLQXG07rxKOOl6w{tH4P@AXjn;I{-NI4&vr96dP4%|qU9XwoSD
z>z2x7J|XvLqa2I9K@}YCo4zI)gWEo1qXSeA1Be@t>=N0IBoS9$quSk1EO$98_Dceq
zi%~)N?;NE8j9Cu%*Jc0RO=?{`+NBMGKEM?RMxvJaz1DWz%QUs$j_iUdW8v|v@AkAp
zE^va<sBQXYBaL@hb?>+G?3U_`nh&?qqegMDmztyE9NY5sRg=!KG#vt<3U(;rKNjcA
z567B@RS51-4sTc^z^EsKgTpqSXPJ4L`L5*o3GW}_8#^P2ARjM<R1eQ=?+<7sg?K|l
z6=m`>VP{6dI|7pPsX&3k_MqT3aX*<AJoCkPWl-;0=1_2H<?82*k&U)1+?rYF?v2E9
zAwZo<i*Z2uzT4<&a;=BmCs<-XUKVvh3%03WL1w9xlg%<nR1TcTcvCKEWcTq3wr$hG
z71U<%%-f3vDIDO)Ng4Quo1j=Y+F5<{V70Qa_@}G9Wc}@alp}bE104~C84(r$%LIo7
z3yS~)2(FLy9k9}e9S?A23Th>eMPfX16t(m`5^p}W2#V4}As3q14fVFmy?~8f`a{f=
zjwRr-+|iN2RL;uy(M~0;m$#5G;+m5&pkCMZ<vRa0XyOyRYRD;UObkrD2LIz*L!s9s
zt$32sgIL}8M`66`-A@td9I3nAiDXye<VT4>iI^yV;h*C5PYNg{k`@v^Qzc(LWcQV&
zRFmUkCrqSp*ZQF<ctBi{II#lM9n&9>x|?cuv82A0@=GgdGF}1k|M*vU{ulZH@-(R8
zPs9FoVX&wYG>{Mnvhi&Lw-TS0U4T2Zkm0c1or!i{XBs3lCX=Y*=4hTd0!L{IcUL@n
z^^gt!<<F4H`eN<lNtF}^9S;<}$m?{gB<AfOY9qQ^xp`T+{X^+a_<9%^1bB`Rz}x>O
zbqL@@FBPzb+&9GiT{ZSyGUTKY{+tl}m?NKPo=&Mmg1akHsQZy7h_1gEL#?ln6Dg2=
zubQh>QbOM8(B4>piK!al7(3^II6o0ELDR{{1&1-I>n>(EH=VJQnS1)2Xb*b2jVp)8
zt{k(2$m`L7DkU$<oRi;-vAlvLcS-N?QBR@>1n)IN7|&uOciF?<AZmCo;dtsb2aJ6R
zqUnbf4PxF}RGRO^BDL5Oo(hEHdvj<(x1ZMl2!#;qs5YM~u$zzRFWQ${95iNLFiO-W
zsw*S!lNi!)bmX#s0C|Qj=5KU&i}w^%zv*XhRJ#Dd_vG+IDNlter|N1`K0<lifexbT
zjR7Cnn=OvI`EXDbA&G&ZiTn2rh)!ZIDxkp1$)A(AK}F^&^(bZNo_X$8+uhcwRvz{o
zPGd2N`GkX>pN_r-ghqb|wsvp2RBhqLXbJWr{HXnLCN0>uUE~?nc6VhH+1cEWNNbjM
z7>_YZUs?V8E9JH=qXLooXZq=)((BT+Qr%?Z-Mj}A!WB;?5lCkqd^e9qvkfGqdI7nJ
zEe$mfF*29HXUK-JhCH-6RkhO#N3@GjV+$=T*c(ffoj`@J%w`dRS|}2z)DZr-o(k#H
zSf0v<Z64PJ_PdSh4l`59mS<T9yQ`EjR8^*SQ2-7!=kc6p)JV+ntOVi-T|FZn4v(ZR
z^R}pr&lOm5Ab$YMPVKRHBZkY=+xFomN~g{)TC|6fSd?yYMuHaxZ)XG)0W+M@`<g-h
z-+rkVnKlpDJ_}-u&x!W*mH$Z{yQ~R6*0WY{Z0*{N7xW9sI9L;!tgScj!1@m2dJkuj
zOopt?0AJ~-K$BOx%LT!>y6#0+TN2*>JiKS`5{)+I1aW6gq2(rdV^%pzk6|SEQqD7k
z>v7>gQ3)YDnh!iO>wQ=7Rk~nm!D663Nc)TByrOB_@!OEd2e>#R0L9|)XJz>cWCSSW
z)B4)7`n4&w4~ds0Uwg~C47C?MEZkCR93|_v-dps*ueCNSYIfG!&b1CCtE05NsnIFa
z&N-CtPY?(86iCG`t>Tteei9sRt9eON{Yj5<Xn`B&U^)NAK<&OWnb-~cLO#oj|HJGr
zMfl@<KFLq)mQ;%+;e}YiDVdEiBp+W_>U+FHu;?XT_ZcX3ClBnhmE;&0ZDO$|Sz*V~
zyHfFIt?y~Hv4fSR2yatKvA@6FHrP3Qm~?K{7=+w=4Dv|IEGAp0A`EF#X3Nk-`#CAq
zdO|%%bE(l)9hh{#Q_b7W%S*F%#4vg3+Kn>tlF#XGNxe69VBq0f>@QZ5+*xCx3=(Y|
z`7?+De4EL(Nl5n2pQ1i2*c8<zPVkK0Ial~b+o(AL*s^g_>!r!|$1i5YM45_a3rik(
zsDcFd#f}Mg8c7AP^T=L_TZh&Lkj`-XX^ZM96AM<huuKdyX^Rzfb6Gvg6y!~9+$|YY
zdx76<!^B+F<Ooh;N<(Y(k4B^!d5t_&?wfa~WGBD5W)@YzZ!qkwaa$CPx!{iJS*5+p
zRK8o>4esyUHl(f#8C)SHbX={Wev`{(KGy`qNP59Vk5CXX!I7yCy~e6f8D`b(2vCpk
z2ZF|7T#5;eP>2`D4|rB^l{2&xD)q|Wh1u1xH3q(~G_!%0UwmxE<VJq4Z%LWs<_E;$
zT*4mqlY*|2{UrbQL)m~MI00IV0fhR1up5XejQ$UH?ym2woxII|Kxu#_BU{RdMSw_z
z|B1Rr>){6wOeZQ(QM`FkJ%jq4xhBOWAx-l;k<+!Z($ij!zt)za5Cyr04CF_9enPv`
zCdlS8PeW>8+nRSBtcTUEgx1fv`Wr{utRBlJ@ytK31!A<rI85I2X|-pzEBm(!&DOvL
z#JSnVe_07`vCHN>5N$VV%?C_AV|sUJEhnh0wTO?+0W%iixi$92?=dwx@_LcFqMho>
zW4^{c#EujeT~0#ot%gD=M5Ty`Tk{F4P<+@J&1FlYF;^*~!mwy7zObLz&Lv2wOO1xk
zP4($@^DG?5vR5H;Q!+!g#^qoam(kXU$gSv8if;>b!65!?<oW-k^nXiAB>xjBAz6S~
zIXQsb|1@vJ6et=4DFmfTIuM;?7<qZ1;#yeC+fSW{Kn?^igMD1O1xr1=ZcfNTjx$4w
z;8mA=2`<}{ofy$ZVnvqW7g*?P^)Q%-INzNi2wXdmeq$SQ3_8Ll#88hM$Oq7JqYH>7
zB=GyrdMFmAp8H&qQab<M)A=x$Xf!ENh?!%Dg&-WZ;`_VF2vX7F;Hz(zkqH>1Uk9bZ
z?)a%8pvmTNO`0GnBz3gc%?RCJRv0h-tVq*7i$l&1>HsZUGP1cl=7p!`{HAI_XUp*W
zd};w<p$<Rk=|~bzzN!|^jQnf`nO4Hs>JlmYhAi5<W;-avat70=CtRZ$ogL;X8P_<C
zAGBr4z>79m0MWg?E3V1)zCa(9@vA%0If_2t#dDmH7I6BZrJX_&5kY2baT@>1OLnD^
zX5Cy~%G7D6KQxC(j@7<mRqO-yACgR!pDN&5r3rmC95Y}u&S9u({gjqO@!U)kdu1Fy
zsr#j6q3b0MVZE4wF?leKeC8QrE=5<qPQ^-WN1u@^9n#MmN84K6dBO%FO^W>^C(oH2
zlln94<`IaDS?^&rM?w`7pV}2}17FiSUQ_&5nH`(uZ<(Rfax^`N>P}){+(?OtsP#oC
zef&9w0+C-5*TDRxeyg;JJpm6W%kZv$!|{zGJq0mycdxvqJTD^x<*j3K&%W!#KtRAd
zzRSg$3Q{rJV9ioxE4d9<@nrDG$vvl_!zt92HY#Kwr>LUKiS3s2nir*NO51I`FkN>u
zPqS1WOt))hLtPr6BT3~>OD^$i-$iBIbPu<&ZMekTe&2?dgGXC~kNLDTCoAdMYutma
zFil0e`Z=puRX3=L@U`%i-N0dU_LCtdW9|-71YRn)^fOVbwWHYws^7NGoj6<cCO$u)
ztxP~%hD6;U=TGDr5kjvdDKCgSWajm_&_7JIB>!RLLZ?Ntq3a;Bh7cAH*uQ=uSkwf9
zo>$WAJY8&hsz9i0L;QvBdrsOqXZFevvdfFM4Xx;fY!JMbiDTkZyDJ5DV*I1}ruyWY
ze&<<B<*vV`ocm;W<TXusnd3VSd%r?!HsUI5lhO<FGSSONDN9;%^q?e4zQ-NaC9B=`
z2JMV0^l@J$ki<P?gvK7Px<2xwbbcxEmw&J{>VIu6|LVz(Hzz18J1Im5@sr1lNflBN
zFbed0ds)>}OQM2A-8D(jXJ>`653*1l1YQ1yfXoqz$Gmbgm6Jzk{>SZwE9nak_brcL
z4ZWB?WmeQ%S%;)5bA%O7j}~2$9+O1ujH40@DmBl*<p_{HX!%Z3fbDj}Ku|VL!N#C>
zuXZLOb0CEB=l29&3Nnc7dn+ZopHkbqEkiZ;eTiKNIl>=eiU%lSIwD>fUl2Rx=c7Au
zx(N~?oY1k49kKQ>G#TMH&R5FLbO8yhHMdNS-`-m_mePvzk?FWAu}~<B`l+F3p-g{q
z`aKfaqnWpf5m+=()~LF`#^Sj0GH6!n9#j<@h$h)Uo6Aj;+6aI!ISi{u`?=fo+-Cml
zQWVzl<`b+#LI{!HKM)K(kAB(}%)Fep|5ZhAqj;fmyVe?}nBEFOvs08=)Cn(S`G`5!
z#HA?hNP|PV_UqX#UiRhZ(wdnTjYL2~@8OQy($l^KNhf7`9`XwhPY2F<c6H80D+_BN
zE$sKN{*vMf%UPO`C4`#9h`ZxT2h+j67X-zJbA#d|?H(J~pRNjU+t}<Jx$fChB8oli
zqT#M*ZtIu<EYI_y@3N19J%W66K1QMrZ%eXSP_t}Vcb&x&--YeNw7^_530ozMD|3TX
z^LQL4rvB0jEh5L}Va#L7X#<&7!QU6~HSC6)7!SytdFl3$<y{3ss0}kP#(~TP#y+dA
zvi691q50%6l$P~W?Am#^M}*&Eq<axo;EotGVl)+#5YXHQH&~=EU)nA7C>lVlS^-|}
z2F@>9`yJ(bM`IfDaHEMU1Yi4>Y~XhB44FlCZ!|G#2tO`c=n86!&fHgV5bF|`;nNK)
z&t`7onZM$2^41p7bZgO??o^3BUB064fAfM?Z~}3`u{9yM$?Co7^QA&X3E`A!?dF7k
z%g3AkeTvZy6omWhvcI=sG5e4vHP7P!Ra>}FK=GISn`~yLT^?U^RZ@5G{hx4z8f}7J
zoMYuLsFWLw{x5P_vY?L$k9ia?E;T4d9C{y>)mfoG14%IJ&k9Yt3u5ie_zr8wcvMxG
zCUcK|@?3_ei;oFdqH9onl-|@k+DcKUR^C3}*VFZLjpB?l-3nWSDE>1*_~%OduK=MF
zPV8^@|0Y1l=${*6OnqK#k}|AWQp|?BS!G`hxpbLLTc-LMsK3h#FZ*fM*?pqk#OwXI
z`c@;E_1!o@#t$g>Ij^|Bu569T$3L)TkJuNL2Nav9@dexW_UnC*4C^ZyRuLm*N$|UR
z&CU1lGTJ-QW-wex;s7N9wiI3olxEdaVPC)GF+#%aKI%nx25Qf{Ys?NsPBDd`4`JnB
z@?JlcsSxD|o@on1+j*%GiaA2y@}b+jE&mx#<DoCSq78R^Qm|lI7!D~oN&}m=b2x5#
zl7&GYzcc+W7K70(M@fCrUbQikwDO<YFW@K{TboTof9u#^DgVgRV0w(##FdXRHThfv
z8E4yCIq*dLhn}earRTrKS|<WEG)sUKGTq5XA=bi<7Sc?NIA=)&52zQQHxrjB_dC63
z4RbjhvZ87KlY#28+j4@hQlmPVMU(^T^1E~2V~HdbYh$|WHiRQ_oq#_yyVqd;ESGTN
z>YRKisL{Ns6Idro#^8XUm`n{5c1A7vBi$PLer>|#QZ4;u9&48+EN@!1q+s|AqW1a1
z;iez(%2=u&Z)ZXzf|N^NU*$seLV{j{hzFZ3kVX076XV_q&KnrH2JK$kv1G3#wn_a{
z<k=h+Zix9^7>52t0L_7?{~WI_h!x<GkZD`WX|FSR--RRE_muTRTd@lq7Wia=t)u;Q
zc`h&~h*Ai<(bv!FN8%=GcCt@5Wc*jmO^MfQKKo8^U5aVii3Gztpd`>$qWU$7ZHsw<
zKZMlGM<-DC9gL^Pc;%$hA_--D0*9Qw*h|AI0c8xO9U0y7Bj{0#;)*G3f&*H6+4M91
zjRuziVME!n=0nn*2e({7U_FJk%Nikb0iZ2%L+s`=fE%t&&(D6-@f0=$(je)b6so;W
zK?eZzK89Hu+#i8vG);P%^7}zenZM$Q{*d$@H|Un)2PS?Z+K9*EA&rQedqGK5u6*5E
zjl*LFiu48roB49*!N{(8HdKK#@#44yH#cYQ?q&nqEJbhGi9@`n?r03}hHNRm+UsN@
z)bd9NV}|svPl`TK=E*xjsP3f4TBD}c0K231+8{TOvn(o)i+-;v!=zT^&*o?o)*t!>
z<Bl~>=n)cf*h<JkuvzY+rj5}+hTM^7g_Ppyu_NJJ=MoL_Jpq+(G4OAosld9!LM%4>
z-~MLk6z|D3V2B>rJXtsFxcADwZt_t!()CToFb8O~g)Gxzp|vUEMsV%cm+`Ynu7&o}
z_b<p&RFxE+KxKq?|8tw9{C$UO@B!Wa2cDn~I?5yET}k~B&*E3}@%uwlqkbiVbQ>&8
zTL?{v?^h0C?RT)-xcM)UY_g*!`<`=Al216~$IfaZBxZj)H?wy6-)~G45HBGSix&@8
z3Sm}igKPebXihT@8~Tn}tqvr^`InpE7g<i(ns_7*#h5kq<XE6$EsA*rSYoFOVRFL0
mLT8wW{~CAxp8zJjFH&Cm#%p6i+o}aS+sBdMGlELx{r?7fi&r23

diff --git a/examples/provider/ca-client.jks b/examples/provider/ca-client.jks
new file mode 100644
index 0000000000000000000000000000000000000000..7f86494473f3eaef378454b16006c7ead7068b93
GIT binary patch
literal 3779
zcmd6pc{Ei0AIIm;Vg_T&o+UKMQr)qKY@>KG#EhkcER8`18J<Z<Goi*(X`WOxvM=pP
zL`aJz$r`ehkX_l*gyJ`Pdd}%NzyAFF&gq`>J?DNt-_JSse&6@~`P|p)ht&@d2n70L
z0T4c)Kz~wD*jAE{4+H|7z;zv8=I%9s^jc7mhfjkCfCK7K5dc6y;Pm2=9t+Of;<eWW
zy)q-6!qPeS(d8K|m-ck5gQHpdDCgo}CEK`UzrTBc#dCo!yX6Av*D{4R-bAsvp~Xv<
zF(W0d=-bFc#6ITkpzZ_VF#HWimk0WH1hef|Egjs6=w+R5CHNn8NwbFx=E5<K*D*^B
zs>6vd*IrG~Xzw;<;i+2Y#a|PwZArp4iVJ&Uqn4<Q?dDhmOkI?L{6blEzmD+aaSMNs
zI~lPH=ZK>IgB~@u@3?0HAc%e2bio}E2+SK~z&yAMo(Y2jP^g%v)7_ZHP+Q#{&MITk
z62lBBy%%yI9}h}B-nw}w90mpH$yk1nmj~tq=MjZE5wSv`z<Pi}^Xv^Jk%NP<f*^W5
zfkY#SUV$VERumLjkNMDixbM0u?84!&0wDi-k{=D<?L`g4N`VsVAq*`<qtUj}f&+c2
z)WB^%!4&K!P>zR}`|x;<0Kf}K2>S>52Alm<0Ln`WXla33SY51^E~usB$_;g}>(}4m
zZ}-0YK~Wy$cQv8F4_RRV5@rE`J3aa&WNDwavpKzNw$^qrB=XfX=8W`-X;*wU2Ij4q
z-aC`6y8##br$n9e1)e6LsOoe0Mhi|=QL&!V!Fu<Yk{kwL0x|$Yu3|7JIYGDtTx{x<
z&Hlp|yi6TjO5wIl^V61Y*XKd{%k}-uaIT-}Pfq-@CX3F>rJwuVv}63*o$Gd!6NMu{
z7yzt+vg?ruTpSc-@RN>uQ9=Sq>qa^SkKy|MZ)ud_5}+6lirdKu1QN#m3P0|kKN}rp
z4FPvS6(QrFWs}o0hyIwdWiO823w*ECph3}zU<*CQNc%q4-B%4&Fdr{I^X}xz1H5wK
zxwXx+m6+6O6O`-jI6Hw2990wd`0ow(&rk`adi_0Aq8A_#1QcYzSO06OFyNEC{;A>v
z7mVv7?M81$PAg>CZ%MM#HWXux4u5>+TAQwUqtS7Xj$g1%!SWXYISIn{9OIovuj|iL
zoCjrT8Qz|>I49ZOmFT`nCGmL|2ajuaANol#pJsbvM4;Y1)nTQ2HJ$C*MWv5}MoQSF
zBXDB=^#+eT(=sbJh?@EqU%|(o+G<Aint8n*o(2l8Gr7^zX*g;|FCA6OG@v5pid(0R
z{V5K(54Y~Gm}B*AN<OyO;*^K$AXW=BO|uLre?b7!`>h{yf2#S+wDu(8p3q*$_N0zy
zBZ;uLDtYa8#X=>qc&C<+lhkpYB1q#>rRLPL8ld|9n)FTGT=Fn;;0WvR7-38*X%~5S
zd58nQg<4Cur+CM)VP~^c=E<3l<}uKk;Y$O5MozN4+7)n8YBezIexGM06(+4?ISGFS
z`!=3e(wDPHCdBgjMLrUg_^cT26W(y@3Sjf}6n;NsWtMeXCc2V$LPsY)kq13}U%VoK
z9(BYD%T^7Og;o;WwBZ9}$%c~Bl6K_j0~(u=1#G@gQ4gFaLY>WP6p+w~2vDJ}*+J`d
z)lFBm$V|gx;t>g})X@~7w6lk7lH`XJ7m{#>wc7pPG*_>UH=#QXdZF_i&J#@s!|M$O
za<+Yms<<R@^Mta+FfIcAMCu{?M0M?8U6#f8)hiEzMx7DZ)uI>4O(&1OH44xkTMkL&
z6$r1Y`7(nq(hWJJOH)=IyPC2Zcf6Gm-4ck9o{wUfFfy~UDD#*4W3Jv2%8#g5$z(rN
zoFnq*<z5!MX`L)N;2q7`a47FUL`-5}O8%d|DfilU%kJB@rSV&m+_CIy4-Go33E@i;
zY!*F^-&or9Wm<?kn|crE^sy3=bTsjr--5v^;{|%cnlk!%^L=v)-w`5G%TH^P<3s{A
z)i}hGf*r6dAG<W=u&rgs2=E4iU=JgwAfcmq;kgpcJf?B&h<n%ILr?4=>o~bS)Fo+e
zms;N^r~!Gy;F?>_4Z4rxt6MF#CAZEPy5DGU$aVZ{E2Xbrn?FNILUnFY7G$fagdPj7
zOqH&dO+JXp9dWTOEJJB1XTJEXY@OBr{*AWZ%f=)$ns$TzMuq|nF^&0RA+8FWxzuR7
zFTnVGL!-yaeQ1ioW$7#lCsbiirW~<UN}bvNh%i)^RvsUnz<3rd|0VpXt-fl8y`Y;-
zz_yFUth^!uFD+@uwQna=q2$&_W&=$9EN0pE%y4yx=y;)DbBne<Mccf;Z^B^=KJmeY
zO8$sh)PcOoyKwOdLdkTxGafI|wtTl$9Q8&Yb=T0vmu43i8c{`gV$oJ6c4+xX#SjAe
zA~8CqcVh=ekz6@2S6MzhwJ}L{(K980xJ10VXX}XlEpHERLUG%3nFr~&A=s-Gg1(Z1
z)!+V#d*VM-*thrO0#mQ3`c8iU{>}FGwdT%Nnfge%#jo2wyVgNYJyN0g>D!A;a`qw0
z8WekiOk}DxtT*-TSY$^SrZjVmISP`+^C>Z$gO;C?X13Fd+54JmRyXGG2YPuAfIPI3
zzH+zo?+91(cmlCUna@eg0Cv~->x+}xd!d1+%ReMXS2}bKhZJKjdGv~i+!juOy`T#p
zEsgY|KYg?5MXqeGS05uG$E5JE(+iU3L>ekSA@2hQ=@vL0baqxqAxLOMa{R34CSN?S
zaY)nWl_u1f^}lcgp$IY%a@?Va_<<w9#wq9P{fP_t@}F3q%rXR04bbEQ$3H{>@FO4~
zJ>%a*BFr7AT$n(ik+#7>VO~LA*dG}r8fg)Hj70GY!g7BP>ot5_=Wt<zNW>r10(A_q
z(xBvenjbA}9~w*!^`cPxgUDOIZ~Z?J<##^-15o-|bT0YA7=RFj3mbe;1^_^w!rC-e
zcjRjAG9os_YN$trrBz*1Cm^l5^7V?5T4!1-{3Gk0T4ubWTYuZ?mz_v{m=)fjr@5zH
zhLc#)BCs?wJx7<1Oov&eJt8&5kTCxF<6_JM?{zq}cf?qW<VeF~M+X6C=ahU=i{y4=
zvn%+Sw)g>k2N`sh(c)ar9^LnY&8Y)2#~;~UY!x0aM1l0%3j8>++Awm779%)0{>f>x
z%X%j(<jq2rB)bVD4E0X)jP%P}YexekYc{}M*@X(&Q;c$qaxQzY8+y=j_j(d~998-#
z%QqgbDdV5DMSMEa5pO0XddKH}s2%w1Vr=|Y=k49%oS2$hi(e0ntYlSmKw$s`;NsU_
zt|B%+;g|O7UB2CZr=*TM3WTVp)T?yIk!nEt+jT<W;#U_)?>Hg$tC}o&ZZ19Rw>LIJ
z?3eBNKjg80cRJT}0OSxQe^24nf{Ad=g}9w2w+&VT>!<2lHL`czCsntKYI1TOPZ{6+
z@?fXW*+!HdNlvp_CrCH-6bp2})-aKIB|Y}2At6iKIw;on$d#71`ba2#@Q)~etFL9i
zQsxe$>*aMljjD08Zl$@S{quxXOGxRg)qJpNr_dUfMLeBUzv3)xV}u(`xKdV<_Qq}a
z<&~-e^y8k?S=Pe!s&;u=g2hXrRqI|C9k1Ov%x&2AJ+E-vo#QOS8xQLZjT;tUxL~;D
zTyo9k7321e)Wb91x@4v(Wc9%*^^;0Bhc8Hvus(|Q-;W+^VJ3B-Z8!BhUKAE3V?bKk
lV!LMF@X^8WtXzhZhtY0Ns?@M$6LVi98Q+QG9m?!E{2%llvhx4{

literal 0
HcmV?d00001

diff --git a/examples/provider/ca-server.jks b/examples/provider/ca-server.jks
new file mode 100644
index 0000000000000000000000000000000000000000..e4673d730c20839df4ff92443a0118d701cb0dc0
GIT binary patch
literal 3539
zcmd5<c{r4N8=iL-h8eq1&Dc7Lk-TG1=2%BcaWYww%3!Qx#y*s7#vVzsmm&(G>`Nyp
zl)cE75=T-J*_9=}(ehoL>pTB`*LB|O`d#n)Jn#L-^Sj^YdGGtTF}*Pjfk2=?769R}
zCo53w?I92#RKK6e%g(oe%*P-v2e&*200(eT0RTWi;LI}Z@*B0$k}7>8PyBR^3EjP~
ziF_r>b^;>2k^$+W%CWN%M*X}4bgkP;y4e69GPXeQP?O7fx28tr(MT=Nr1D2%*SSvq
z32_gRD5m(LTcL6M2F@8ZZ&~)kNnJ8VWy!|T+P*W**1ig-kvlqYx9U}`wsGe=r^<HR
zaw{Evv;Wc)b=CVR^~}aDy^>X*_12-fx^xWg483g*>z{Tm_g%KlE8o|pww^dmhz*US
z@6N|#v`Y3~00_crpDMVYz2h{H1x;eF16eRA0EG(6)ysF*n;$<EQSM?g8lfH_&Rl5#
zxjB%yNTa6&I1CChQ}HN}ivwm3=MaLLlkh^Iz*c}nb6b+Von2^7K6DzMpUo6I$%*D9
zQOG_%RLai`H=2_{r#g~INASX+;1&jjMj252C{((KJB8+h7XwAMvM@9sgTdIhh4uEP
z?z5-6<0U{W2N%1H$j>|g7a+p#LUW|+`~m>QMR}BzKqb5?UP%>HQn6--D)_DId-yM|
z`~)b(!TF70DDZ=77{CeBgTSFZgS37ip4d{GfFFN&Wb9h8oJQI`{{9bKxX^-qqPW`g
z^~zy}W67wu44ujY`b1?uGAU5q;8FW}XxoJTWL}OvNM`c}Gsp76Mc~2~@fnS?dc$J1
zM0488<!6(P3pb@eiLKYW;B4kY{~5ry1rP#&O*jICv2Wi#E|zaA!R`nk^4I==9fW`e
zP)YykBbYpea#a-8Fh?DaI*-`jB8#_DolE;{?Df#}T?kYXI?pAqIjWXeZ{-RTR0w!i
z$3Z05^6nqKI-9=_B_3DytxdPa(94_reGEg<5C{Savfvy4GlwkrB<(0lx(dD^CcP2W
zySloF5O%PxW$0)iOAkg|N%V6^UNit34uqOqc;^!HzAFoUZUOL?&wbM3IoS*^dRK4r
zDqyk`Rc(8!Na8k5_iLuYx{eZfJNHD%LU21FLYV%PLOp-~>yd)5&9RAJhMs*|{V>$t
z;i^7_Uwe^fU`E)F+<rLc?&D1ZU$yrY7Ihw^5vL@MGP>q1KdIT}4bcY1nUln_PuYmJ
z?u_5JDQ-5cl~`bn0#9YDhR<kpjU`CqQX8fs)u%57Zgj`#dvuU5U!^-`UgaIwxZ!mU
zUhzlbI;90#<tX2T$f)x6JR4s+<2+7Xb}PW%=ixc~;8{(Z)7<Cx#|A|__P#=~E>J=K
zAWt7ssDAM)RPkb-Xy6WQZsmK6wu{SeU*eW0LS_6i4J!C_?kPF#4yp)hmRQ1?Eq5v2
z81b5D-c(bd4O|nxaB`!x@Axj2B!AfoRD#>Gmcy!p?Fg5l14i7nD^FT%ezOq}N_c-y
zJlc0-v?|$lua05JsVsz{0HMJ#>ck1|5kjAp=Z9MHC0Dm<mz^ff#7|uf1KJb{<cY#m
zhyFFsJ95Q$Qc^xle=K~~Z=2f@-7BS>G?ibynO!}<9<SD&++pNxwPbm<&uTI_Kn{6{
z>2?Z3@mJA(vJK&m;h!-3z3jJ@qD4aNbRHqOSHpNNtHj1yR8Y}h$)x|a_fwsR0y5!C
zUL~M&L&x^1N|MKR4R!I;mL_W^IHYknbi-I<<CG6WPYOP>xHwYl*F$IxD9V-<@!?X{
zH}efoDfWm~7qBge&hH=pRQ#}4-YoVttMyEe0dlOu;TZK?^LWcWjWMhy$!YH{L+ePl
zbpvfmN^DL=d{#D7tPy5YZESzjB7wDVOHB=T6&`b{?o4gE2tC<3=fU1QqM3vC{@<R?
z4mLH^5rrm9dCUkEtE<^Tm|nwZYZ1lZC4QYphUC5&$2EqGo0IJw)#JMzR0GA+#7TCA
zP{FuL88}rGEr{Ji2paohZV<NbL{FwqzuHtx$_$tH?3!1?@_^xK(NyWuPCmQx7M1)}
z<w&lMg)0yIExC;3mdeouW2SO4H>pg2&WJaI((d}dhaG&RHaPqC!Iwgz;`zI1?Cp;O
z!R>musLHWhSy-LpgOP~@Gqv_t)p?my+m4#_N80qKEJur|tRE}MmpkmcMsb&^N=T79
zoD?1k<;UdRD3&(%H^a{fdx`{h4Gs_}>uGDi{qpqc%9zf=s;6?gxTz>d(pr%iac-mY
zU=;4KtpD|}LrOTSycwRDDnz$^gQdCU)s?Qk9Y;d4FEs5D9XlX+I9LbPQ*$hZn{2Gj
zJe+skVXx$U81)|OfYJHI0_87DC3hL=nlasjYpmRu;IAM4(jc0!CigGpH1eI-Judgb
zFokE4wi!@(cE=UI`@=U=Ki6m}`(L@2(O$?R)b~@Lb@oeXq$X+Bjqk|y)qB?#taH9p
z)E}cVFF&SC5mYqC*kEG4lO=9z!jc3U<Ze}UT5yn)gv#Z*drn6^tjgld2$8)#@aW=u
z)8LiRK|?K^=6deRqL7Q1R(|}jT2gS;pCi=vI8MUF6%|cVzQ&Ee=)zfUBc>L84DH=%
z)^&!$+UYl9pT2RPD~REX82QTi#C7#c=fxAjpMs5thF(xDClkX~?iUT;*@bD*4#-8?
z1;4h%4>L1?zX>=3#{MC0f-Knk9|A5DcX?%HQM?@RN-}qHfAfX#^1~v?^IzozPzVUf
zO!~Wq|B!1Wn)4`~=0m2Df66sm!1d^7Dehz%UI5&Z0XR1rNg^|R=yV_FpVE&)bL-P-
z-o8{Hw)+2H1^nMxHVcscm0-3ngs}iV2*?7sp)3G^)T7%Jgv-Rk^-gwbNF1I&>dQY@
zrFwm&EeMv@Q#1^7{Dhl(Q4&PsJdWZ|lR6sOE-3lF!*rM!)au1hnrut>)5VM*rkKBw
z{CF<b&SK|`6Frw-H@TSm%Gk|^CC@$l{s2$rPayXOPUqb?dqG1EQ`9^?ADCQ{%nCYW
zqtVIOJyRFzOG?rrwAr7$zOAwcE2Ox+TkDmdW=Bm>>v+S!OC9<PsUh#3dJ3eg8#~s6
z3eT!(rwxY(BAlMO3Ts3a%*9nYw>yV;O3E)~*)Lfr=Eyv+rk7fa4rrt!H!fSzHyVWw
zAw^JmN1Y&Mc&A+^Y17Au*jo4?YU+h-xpCdJS^yLVK!6+;Kx8wb`->Ub6YnJ8(<p=0
zo>sOm&wYUf$0zzgX76`5!t4N<t)asIgvn-R<T6wLrA^Ed{>K4Cf3r|O{S#&@5`b?5
zg;*$xKiS=bO4+iwQScD9)A`QOZny|2%z<Q|HV_C-7~2*8c!K`gYV28Nw;BMkd%IIs
zEAzQ+f%ya1Wy$%M6WKdbOA{EZ>1Ku;Nm-2F?ytJbJD>Mwhw5V;=JXP$s%vK5UY-bB
ztciNJ?jbd4r{v)*%sW&u=lF(J_}q*Ba>R3)uqQR>!Dx4pNb!K_?M$>dt>AQ!<w>n(
z_viCAjY9;r^!UPuAwoA7onqhII)<NvU4rB{J;sKp+SOpQZWc}{Ie%JcGZMMJC>}hy
zS`xX<OpR)6Wsvt#(w`PQ0nsT+dqG+dGOkH;{KJ0w?s)EUYXT;mn~SKJJ*sYBsUMfM
zFQln=^iFjxQRs_DUjT<GE6g};z~Z1ohO2x0+02<RJ~v<9gVKo$6=mUM2~3U&Mm^Cp
Tpse@E#Pr-X&%)G05*hyi72|>m

literal 0
HcmV?d00001

diff --git a/examples/provider/cacerts.jks b/examples/provider/cacerts.jks
index 136a4b4c7fcce525016503c2cb8ba5dec10d4750..bc3211300b7825d97ba3e3900a6d3694cd65fabc 100644
GIT binary patch
literal 11667
zcmeHtXH-<{k~U2@v4KWtl4Qxb$vH>KStLpZg>I4p5}T+b$)My6f=ColqU0z7l0gtq
zkeoA2dyeOhXYQGq?^|o`TIa{@wcgcxzq@|CyLMGQRZrE`=G7(|8X7ukVWJiQ4b$3^
z%huW&br~o>?z4f~>wzIVVFZ}C9GCzQfF1n?0Dyr8LRJM!x>)dB1~83QFJxxkb6Y=a
z1uvW24WrK<rC;zWpxBwYCL%37=_7rrf6FN1Bx#oXjFk9IY8`L}qtVsoDRihx(YAp|
zfm}ChPVj>+hhY<5eMm|lZ(15GXQZtBe%6I7`e|1Lt@5|{qJyK3VBQGyXwR4I-!1Wv
z8*H5l)*VjhSPd=Gr@|3)H*ckm>bKY&B+1ULN?Cq*Q4J%kqRla#c{o>j&y`&a%@mIL
zseD}rUi;hoVHj}>!bDMToC*s<Ped*8Y#=%S9UaQn!ZFxlpnp5G+EH^cRM?vadHNoP
zi;2x1rZOZ60;0o^DZF494kpk5gh`BUpvOxLyYb@&8xQx6rMrV8+};BL=OsjG3bl!a
zhoxt0>EYpI`^OG09+oG<$xcsCofirt`XK|x11s1*vUNhZINQQKc*$X;KX!q55Km7}
z?jN%5?oQm+2xnee7&Rsi>KI|i_y8OLDWN0W4k7c40E~tVpN|j5$1BLoCkW#cFh<=9
z@c#Jye)~5*`CS+>Cf08nMhE;<H4uOWltTldk50kI0Wpd_4Y9l{t?Emeuh>LV-x7|m
z;jjmmaFek&M6~b+D=j5~mpx@_#pM<GA(nc+!U}Eu7lD1N^52W{tYMZYy#WoV2|%PE
zsA0^D_8qx-@&-i%_-Vq2@9p~q^f1~Vj~PHH%?JLq0OW@NF#vE4!hiu$f4_ZPYRHcb
zltlo-ezgyvG8#+)oz81hovMhdS`bXFlqbv!j=&J@VdXUv+)X`Jb8FT58h}oRzK6ph
zwkQ<eVssx!#O3|92~*Lsfk1RIeW#ckOcPc04>xpkxBT4=AAdkY!$5}xfv*0^4}(D8
zRThGF1jt#%V!m`kc(I0J{3J91wLD&tx-)dnQ69srkbHKr-qV65M-5jJQD|d&j318>
zD4-8(<$Wdby)u9d9=4qF{J}V1?F$yF`Wp$eX4+Mz6M|K<y`9X?*4Nk+jqj_+FJUIl
z01n)nR~669=y?d*o|qr^*@|)r=yMOWHkmFSsH<O(;Keh4J(ZQ*O`jQXl*LdrYEyso
z`aH$5gI7>%nYtZWiv9^LmN1g{%FF*sRdvjEC!r?;gYe?YxJ=MfJtQ+D@?NbomXxVI
z)xMkF<^^SQ1_RvPEkx+iSNgF&iqMPj=Pn`3$tt15)G~5=0GKu+E|A()$BaJ65t~ze
z@ho5Cfmiwn$Ff*-GHcy1{_TQjQT80ysKKTH36N0h0DfBEx00pELg=GSx@jA$ZnyiN
zJXmGM_h|%Dd}*B4w5|wpT*;ms)ZbF4G<46re>S_s-QkXF_Rh8yH10xzAd}ILuV_$X
ze&JB#5ZXG1#(AgKdi{L3`0iRcHoH!Ze(cbWHBMY;lQPihsE4F%=H$+%U1!tbbyw34
zw;us4TjxVPvZ=(-Rj7;B&(cYb$)=T;>OIXmtHR+y3-`Q?>za@6{;YB}!G|y5Cz+G4
z_+)DF&OT*?$Uk~Axb|cOTlR5aMu5AWUeJ`wV~hA=8Ck`5YWf(WICN)})?3+VWf`qk
zAG(-=H<{!g9dk;*+m)D}tqYJI&O9CN2`Z6>@W~ADn7*;S!S4UkdzxX08+_xY@7V^E
z()hbL-+Qf?+C=G%ET;?gLi}iIc?_7Ep9Kl@Z|b&U`F>j~NPp{QubaajY0li8V9S(&
zhyJK|?@)NOwM9O$`cv7#34766fmd=?OwL>)->1@Rf`xs+)aVtHW~A$pj~Hb<CdKQE
z7DKu`)$V||O;z$sdn(_L<Wm|WKx&CPxCYOxwaJB}D}zX*`X85Imb?Ow4yoo6yxRz(
zVNS8aEb~HtZZ4>*Y}Cy{IedX_y)$r3!}c)6{eA1a!IrFzsk_`9WZB~MrGljPXk{bC
zY(lIgX+~-D*cU@Y#6v#i)56FDo&yf0`kSLS_^gI-M^y{lXiRT%@?II)vDUoZ&h;61
z+El}okM7@1;XSQ+uXSaepqJiJWyk5E!BcA{UXx2m;bWk<F)_k+TZyjDkc3jlPTw&>
zjF`Vj;Lf!~-)gT@#0$Z3`&%+(JmiuUp(TSPJyf$LMndDSrL-b?n_Llc#7{(V;0!MV
z{9-5-t|11r{O$~*Qtff|Oo)^rt^i(i`G>tD!X36`{%MyH(1e(j84G+Y9D@y4OX4q+
zW*YP&yLWv2n6bL)c%Q@4bxwL?t2h?Q#w$`5pETDgF1PqeC`~o9XxlMMwV6#`jN;B#
z>PV)web<=^>^uZMs-EXfJdj>#c;ZI=@j79_084mFkrGZg!T6w;sK?T)=3$M$R>!_u
z+@85ddiiEh`G8<v7NLMhouQ7;Oz-R-zbon`m#Cm5lGA+r)-%RaH&;{1F2W9@W7n&0
zBBWi9wfwL+%M77X#+i*iq@kqis@>OHn8~vgq_)&xu8sE_8-*E!0s^;;)G`AfYu*y+
zUt*?kq@eTW90*P&_h1qcSXW;-Jikpy&7$}vMlI^F_|?%uA76k}_Fz&W4<Ku4J*2U0
zzMO%oN7_3d+sc3L9`8Id1MnvR#{i-N;x#M?`0XcvGe;$yo*vLt1Kbh~?47@yNKUUE
z!0`WpoB%Ke8Vs5EXAJ)d*VuSi8VI<DCEW54xJCiE9OAL9vn8DO2J8n6fN=4!^(;L-
z5C{*4KcF9shbxbOyFYaDK%xJ?6u|$U#|{GA`c=WGybu@!fS|#G0J!Ku003GGULO~<
ziY7$PWKe`wbx-3V;qDv3tj~RZz|_&Qd7#}E`|f0g9~?^`Oqfcq5!g>e_iaFHUeT}D
z&6DqYU+g<aT|yvF@qSY0ZlskV<+eQ{pHMdG6>i#6L2Jc`%Oh==N%1N+r|)J_?&D|?
zHmb7j%{||wiliXF+omFeo=n?Kfe-Z(B_#W-O|nR8N2!T<C_YNeJQ5qI_v>AGKQS$X
zn53U|r<CK;OTW5#;aB=tNIG>s#23SU=sr{=yks}3)}h}az?F{UFx&djkSC9Mqz+MO
zOg16%9Q!K42yxX;d>fk-T%=)-rps&3pqaX<qe$HVngVZ3vR11#Z3=m#0|97&ydZ!g
zN+YtrBqJ;__BTA*nW?2W`K_z-C#hj8tDj)VvEQ>1<NyrW8wmX?nH=Pcd}PYs)QE$i
zf9ZgDzok%r<WE#T?rwlcV8lUSTQ5sz7bn{vDQ-9@0F~+dt|2B6DGZ8<jjA><FtC8A
ztnlX*`md&j@@15%0nn_LDOn{lM(&juG~Yj>+nZj^xtUTK>lw7!?a8LcPflpH(3C(q
zGM*DCPi?a+7r#+gzw==FZty{U_}2>;`tMeJE)GzF*_vIuFYwY4H^lU3*CR=m6u;)h
zk7cB<CbV8=;L*TK%>C||NOU`o?3uRDN(w!XDQyiPE;z7{{8FgHy9<m%EAHr|4iL1e
zr_L@Y-QaWB+V4{#%{rj*|9(~xMxra^q-La0v`*&*_g_VmDNCKy+b345Pqovw-h921
zf7BaG6@rVS$dj`uY+WlKmCYT{F}7G<*Puvz;_}HGQ!6M~Ep@_B+2+N4=a|PC+rf|r
z4+)fS#qZZtg;>&3{T2~%t(_cE6~up*ZQk9e{r{$Hn>Pvev?$B#=i1<Uh4kt@w6lcy
zb(<&0<+66I@D5V-5h5K96|G3Sy$IU(!i1E+gWf*1`WzhF3Jcn|$Zjzs(g-IMs4?SC
zPPnvsN|N6F&2Y>)HmztsMcT}wr$l$9`15l!%H0cQy4~0LG~i$&zQ?_SbPuY>B;3m%
zX}IM(t`4O=tXZrrKRK#Tc;hB<c=g?Wkzg@w#F-1wVD+#{fbhG&oTGU~X2^c59<k%1
zd8@|4pQ1j{3Kj9qQ491l>fbY{4Cr&y5EM0J{^m!z6hto6PyK6J4ns!&Ipjl7c7zJ&
z*m#&)ZnpNQl8pfN!$wgh8-|{xldba~!5tSB+<((6oua%vFFp+XLkNrqQnGaa*A{Dk
zv-AG<C7MCY0YpLjh2&6L-A<>*p^MMh24f6G;D)h!E+f#2Gi`c1SCB|P<Pm9?VG`y5
zprq;O;Z3>Yrjjb5TNd4B0X3+|D20lQV!uSj^)a=(50WgUb?&?YX*`vEqF`FO2SX12
zh#Cwa6b*rV9|-*`nH*$7J~H<2_N{}Ue`%fnhavG7egde122(_*M_WCjicZV^a(i7P
z<M3;>)AFqz4rc-H3`iRzg<YGVQ8PN7>}plaLhyOLI#Y4%HN#FLV{)?;wy{#ECO*+I
zi<DW|Zw`mzfvj!aJbo`gJxl(l0<^D*1AI~Feg@ocpg(S6zsjeyxt=}0^ZJErQJ>j#
zT<WUx8GEJhCU*615nGW-XbjdsN}?cRs|Y%&tjIQJ%j8SjOwn17oVX^@%a~@>>|M^C
z;^$tvn=y6OW1|anbBW|TwdrmkEJk^1?7(M^#3PN2VV9HZi{5ATukBcPYb=HW?jhJk
zzdVQ7-)4DbyA-`2$-1b%C(_qGCxZx?(wdUdVethgi3wt!7(e^Eem5*H{eovIipt+$
zEoUH$Vk}nd4r{E4@I%J6O8D6mq7VMQ@?4B7+|A_7RWwE+Wc7*bK65jh{Z|_XYDvjE
zexx51%*8AAN!pDw+MCmo-IVBb33(bII0H)>If}<0Pv-Zuef&vtmF>KxWi@DoDbF;d
zs<`e4*Fv!Ps}PB6BpF26#%j}<+<S@0N$yVx*(pQ}8LwE@NbknI*G<TjLNiHE@Kc)W
z*dJ*Q+%HKkfw8dS^)iQ=@zGOKt<?=qDa*rD<D({<l-SW!Rxh58+KK9^(L1G7`U7`v
zU&IL$u5FK5Yabsmf6hVpKul@NQVuo%j%2HtZBkwu{?V95hK929Z5l$niGs8hpST-j
z#Nk+jz8j1A-X><VJ%(}7VAu*LkjRNcn$vZU-aSWEAYNdwdYmj#!?|AjOgl#{qD>tK
zmqBL<!{~uB7fFH_$W6&WwE8H!C`%aB@3B);&NFW^S9nOe4QQU}=Nnf#cDVy=xL;E|
zG3r6Hj%9ZpH#{;+X602#9*#$Q(D!r<av*ut>r@zdy%E1^b)H1PM3>5<Fu|%B(Y$57
z3=D?b6hH#f7IKg8dWWe)c$Tm0$DOnWG&tZbZs}H*W9^c3v{?p|H=uGk9eyTiL;*7t
zRuzo-FOAjD&6xr&?waTg0}k-Gz6R~n)Z9HeZ8WgA9LtSeuEyZsviuyf*~rb<a{e0F
z4JWY1%QAaQ*qfZZz21Py?`I^XBhBS^bm4z0sF%2x{E%IoM8Z-uV}ixamXpao%I$f4
ztb1Ww?+e*L*&AFCz0<jF@YA~`SQ0~0JZAGWOph#-noHEC)hK0FZ|ZSthAgRo<LS=P
zYapEq;|&KSqKw^Pe9JfigU-fXrJL|t7AY|2mcXj&3hR7<Wwc1~7BE>fWzT#O5AvLq
z^;2Q8&Y7wB9UmEi12>gB&!T6_LARNEravw{Nhl=6a;&KJ-ri^|&bbWljF-H6FnBH`
zlXnFOT+A%@oW?5A|6Gk0tk<G9*H1P1{oE{H*u1?MTiZCQ$Wf0d#OupbG}S$vim!#6
zkMOG;+I4}?Vph!(l0Ou)*Kv6953)`gR6pAZ)rms9liEs_Ifj_31B)+D8aX%$9ZNBg
zHQf-+SNUHaR0MeAPd}fvHIjfB&8#i#9d#lV{hX+pZ;&mDr(2T*`IeaMW_BHz!zmP&
zK6xk_TJJO@X~7S06DFH$WURK?ZB<S3<@$C>U8ky$<gKQ$GTbU`l@3yNNyV$Q2zwGW
z>fRTO-{vBnj?Y0;m+0kh$R0Nro}%Rjo{-4DO-U|T={n6nZ5K>koADO0!&rhRghmP6
zDxI5UkdL!{lYF5x&spa8F^z<9w^hlh%*42U(wba)`tx~V$j%CbeV(O$Jk7qCtS6dW
z#e1CFteaOzBCO9+oLRH~E<k@}kpEqP{<{EO{q*kw^k*C92buKm0`$KYp#NxCcvb&T
z`Qkxeno|LS>FV|s*7!VeKJ;_p_xZ6)*#P3~kGXb&oFZ6XM<zPL1ViTR#6C=%WE*5t
zCT(8Su!q5FM{L%k;7oO1)EHF>o}yS15h{K38D^HIYt-!XZr<Z>dOsR5PB3$fk_l?U
zgAy#C^}esZy=6x0lAHulxIYJLBYXC8{mQ9uJNDbaqZ$OaY>MKS`uaQ#@;VXUcpGS5
z+spCXBKpt|_3U7S(mlS#si4ziYlMy1tG(21<IT%4r`x3C65%)GHr=Rm;KTf(#r?2U
zDE>(>HNVN-)pPTZ^0A`!V4=m<up?wihC?Qc4MXqVPLmf+o{-OmBu)Mru4V{Xb)yJ%
zJ+1&r^L=Bjmj(NW_H6vgU0J5_xSv<vpcSwgsP$8Ry&ftJIJS;TK5eK?1(|5yi@z(c
zoaqs_fi+jao^m!7!64}II^B}JOObMkPo&-X?q{pWwalfb<(>Y~4Gx)~vHDBndE-q;
zJT_iyy&cM30d;HnH~N`VlVzMy*=)@>#`J+Jr_1g`?$tMPchzCj`P|?G>{JD@GTC%8
zr>i?XR9xX}X3?ze%YXgC6KtfFqgdde)smJ2ZiX;KL{Fh}&5Kq;@A<!BTN)D1Ut;^}
z34<GapW>&;Dt-_*m1i2#@XjKX8Aj@o@@?2H>r(<WbR*iV@Iz;a+$-8!vX<rrm3A|n
zntN>&l4$z+E9moRFJdksQatGLLTd%Ml6-q{YNy1LYsAYbJWqCF4<#wxAp9GX#muL%
zr<dQK2rJ@!yE8gBHa%8-_IZ~3a!|UfF%RcMm`L4j%PKf<%hIW#sv@BTUcp}(u1V#w
z)_CgAfP?KU>86|tmJT)QYBA%<)eL$`tquHGhRf?W^Va>tibeA@T7**n^bEax7Bu)<
zqn7_|V}+!M59&B2QETL2<;vX|S^7e(B$La7Q>zTPa^&33a{8Sd!r=R{nM*1*lu_Sm
zi>C!d`rIxm+QJOGKE{12?X>#}-#bg$<1Gc*v-!vq)H~0cJ-I-nQjhm^il>#0mR#Eu
z`E$rjGwi13*7rWvk(ZCNbWzZIqsaNThBhoZ1o}omQUQ&<&i+fE67f;w^6TakV}C(Y
zf127G&3W^>1#9Nx4AS$D(YX-=Y!27u-Wi(o;LY9ihS>#d@u(A@2aS(1FmzsXt4+kF
zp{;?eUfHXLfL!M*4qMNS+*@$(ANCy?74AKg9B?#(o9C0!U8~%9VCtEF)xatE)IZk4
zvZBhFfX$$~iM;CS^{0M0pL6*~K8ZOIz1?89VPGc{Mq<x;Z-T!usmBAO><2tehWgW=
z_J!3l=<$j(#1}R=vZ1t6G1YRkSP8FIM6r%!T7({074+e+w|<;H&puFOgV^;w{oK6G
zDlOsuiR*FyYT?MqEVNE-!moRP!<8{AL?u6J2020wptAsPvD_$8pvzWQx$oL3+PO_=
zR@nCb?AWA3K58euphc?OrzC^8BaP-+36)j(wun(-+MAYzZydwS{EY9PXPm_z6FaLW
zgpq@8yw42Pr`qn*eV3c8CL8S;x0FZRXcea~>wcn?pD(xN?3nOvWjmoE6We!t!}Dd+
zUT+xd<1d5FCRm6FnXN_3;rO1^3N(Ya)ci2RsS_n4yG4`M9iS~gV&ekJz7j*=y^J9O
zhpdpTKD$S2r;a1xGH`T0fc;J7Pt+9#JuC==8r8JG_(@#>Zmt`a&PMJR(i|k*ds>Hq
z#RlN~FC-@nnfYh->i?x-fnryGa8<Z?ct0l&EcjpoBD@qZvfn8zLTxvMy_==8GpcLB
z_1mL=<?O-V{RRHFCPq8(Bgd6!KA)nvUQY-IyRXNKrkCuxSjyvtLRDCNF~e^ieY)Be
zGRKfAms}3Hk@oL$9`*=vs*X?|N51`lf4aS~i=^>M11i60u^kAoWppfDg+4V|7C7##
zfF>N;`-naES_Bvx#uXCFMUP0xq^oa#4ErpsLy4Coez=>bD!9Bjl>C{}zeO`;m~gci
z8-{#M2bPC+df3<S1tFrt-anCfE)@KhM#k+H*@UhwqkF~BHpO81wU?7mD-m!^(+ywS
zSv*fX@40zK&lFy0^;E=^KJ$$8S=qa5CiRYw-UqIuVKU^z71p(Gny`+PkT5Poo(YoU
zfY$QE3zL=eoVTNYG%>VLRGr!{R2~1MqTPf;IJv(*z6(oSH}gcOZ7U2p|C6d4hapD;
zp?@WlgUruI=KSpqI|%xh?)iVn-Tk>W`CB$=<6Nj(oK>{;kaIs&QtGwHxl{Lg_b^AU
zVy$iSFfr$GUfa4v<w?Dy^|L-~O<QWtApy8xa(DvF>}Ahdc6wTfmzZu2zY09W&NcnR
z$8H~V^~Kx1j>;ExfYWSI@zRE_sXms_9n&}YUuXApuN2VU>?rRcq(4Efc@y-WM0KAV
z5~_*Ie~n15t9dbJx-^*HRD{<ymAsR%U)nT6;~6102)R<3z9V3%l=qaIcSLnep2sj$
z;bGqcp)adqRY^%=tg+Fp4CfLfH{Bm>Uyf6*JKM7_uCoW<dbN~9v68R_ovroz_Tg#N
z#Iq4;2mcZeUrG_%Q&x>@?Vc?iv1ino2IjxTODxm`8ZT;$>38bUcMmnI)rgwYs{iNN
z7xes%HCfx%H<`AD2<`6@rL$|R?jn48YL9u!ViCU2a?uNr7Kvqxel8u5C}KX><M4j=
z{k7U+*6<6@BTEa5xJv4v=ve2fS!A==qBs*As_NInG$I|*uX0s<NX4_-v5u!PBet#3
zvEC$jDcGtNgXUAhK|cQ><Q0Mk+T(s17i-b^@n-FHc`(06#({oPs-Fl=pg}Dz&mwNa
zu&-WqCtg$hYm#xY+UW9=Ey&{&PVU^V-Jzs(h_vxVYta}9oW$bn^#j?Gd6J2b(6Asi
z4C0qFcCF!7(4|CwVmiEZ!6CBR*Bp1$sjD-Uh2<8$aJ(q0;9kc#eLb^B);|zPRWPZN
zcZlr*E=^xcj-5@^#J|PZZ%A;auw02}a<^V$Y20gy!A`o(I_#JmdPyMb>A(r9B3{mL
zUa1W547#s=A{W5S>`MkGn_HK<pIlXbB|PVz{+5}QfwuAH*2ZNEGRyNY^+CD4QHf$1
zm$S;@0_c7~!((#?rDW6lrg6>LoNWf#=xJ@I8eBQ<ubHjsrn}+`jVfox=LEflh6n74
zrepBqNzo1Q7RPMk7|#OPl8j9VakV-)u+BOO-x^$6Hs0f1Az1Ex@<rFj9qM9uF<Ytx
zOdhOB9r_rOxpGa-y+Jk?+JW6N#>%F-9byohaEfIk^|fv&)8$lg-j7GjJIp+%J$@H!
zqo#zcTfJ)>Y_azSafs>64Cw|E%1^Kwt3QhID>z&R=Emb^c*<a?+%ZvYrQCPRHVc5=
z0dZovGOM0f%-9aIEi+8R9p4B*&u+DcHU}0{9o~$KljuW#so&9a2$1oJI~8il5D>cL
zEBYKBbPzf4Vvf4Mh75UjVat&g?tF#mUht^8eDTeO?pkE?c3=1oM}B4Z7=Ex|Z;|mV
zql?0M>z|SU5I!maz(Mt|+<qnjj1HoeV!3QozDX}+`PNFRt6zqT{!<e0{Qo}*_=~B9
zpC}K;gZ$^zg2fL{`<IR`{Eg3!%=%T+KgJi3(Wn`br|3u|+F;q7@<wwVW4kq_eyaCk
zH!tbk@eI$5=r56*AhN2i_2sm<W?pTp6r<Vzw)tvTMsQ0CP5|>P*G4gSl?}&Z4nYd8
z+`#_lmx->F4AJ^C+*Z*@Y_0=FHx{SU-k2Hnhi}sWC(`5xUjxqXB*qUs>8L?_|8i{Q
z33>Gm9{1L9Hk?0TR}}@jO25GF=&fh0oC_FRqnqunlD$<zV$?0gFyz!v*!>7Y4h2I0
zN+t)Hm5)q^A^*OgBMADJzVNR@T+~-K;olO|dDdOoI5kfC=H_#+1TNy8q7$<cuLbtG
zUG8jN5K~B%sc_*XU3}gX>nxDuo;VGDR7d^C+h1c0qr1w`&PpR~yko7d0%XNK%S|+o
zt8*Ph0ypLK>!lK{3l-M~;n9Ad%&%$9wspCO7G3=D!J>4P`=bVpv`OMLM>^oQp_Rn#
V3Wmesi0&%xwH^pM<Xy?#{{X(gEtLQO

delta 1659
zcmV->288*OTg((7{_Xzl00002000010000100v`WV`Xx50004gZ@c?1lPD4#f1xE9
zC#{rYmF~I%8&urTOfY>OIm8h&!N?nf;)r%75BtayCV<}f`GC8MSSI5XM!nAi{1Ld(
z#cYERUK+;`286^vxAnZzoj%g9q;PU1lgv-431S&Xt>9DL9Ji9c2HNN<7ax-$<?wOd
zNb(-^Q5s=<(gaLqae1*_!NTR4f5Yz>I|s{lLIZ%Q2UX-2i!R3xcDq=>=IzY<%Q?iR
z#S^0kINbu9xG;k5AOO0Du6qP)bc?`u^0Jec)@{ckzd$bh7dW#tdWSXy6<P_Ous-l)
z?D-<Ojd-CNJ>j7ShE(Zau&W66Y988d%2ZA2=}`tfQ@6iEj$Fl)husT?fByN{|9_F+
zdAhbnCoF|Y-!Ggzhp|{p!{~geC<7s@mY>7IZ!d1x%hoID-uP}CJf>$vbkZyRgQ7~<
z92_}gZ!(=+>aI3d!=nKsopeyqM%7r#*JuD91*j4qjy8BC&$109w)30O7@GeIRn%ab
zDFF61CYlq{?3fO!ce4Kme~+eZPB1F0%f=4zoVWHBTkO0L1H$RMrk<8%U_+SMALq@d
z)XmegECB7aD95`_Y3mqYN@D<3a)B5P=K!UbAuUXxVlCGJk5r-4$H{o=aARnK^H$my
zRsqe!7=p=-;Ehd^yriVD5PD|(D5Ki*_}PzY|Ccdl<#k`~-tKpjf4eG4>Fp%%6*tkl
zy9(AX=0w7FsIxIV6kQhS+C#}&*@=83MVw`|O77CU{@mBN@198jcXcweL$H@<hS%`w
zVB_vy)e6sHv$hd00S-#wW{_AtPApT26Q%OuG2no3QpccQ!1^(j4|asUa;i2Ld-peY
z%c-Y!wWtg`j&}uhe_ZPlEiA&g03Gi+=)R=Vl93m|%Ac8Hh+C3=a@Hc>)K(M0^PLYG
zn9a;yolU0&Zzh_uox&vGu4jEF@qw<1ugp~gsvKi>g<bKs7eU<M6_U)21d>YA4zu_e
zwfpz<Z{h=#Q-jljU4`Fwq_NFv<b3A*F_7HkE>w=}&RH?Cf7vHSjfo<9E7tUYOAs6W
zWRUr2=xdV5U-g4-@a3(t24~C&TPV1oEyZiQp?j%2H3=3YXH<xBuThMq&k&7=*QJ-k
zS%inHOH}{RBt6ja_c6nz>g^ClU0wtsjXrQR<2X?pG_x{(Ay4%HRl)GUb{9o3@86f+
zp`*zf#<K8Yf8uw>A<OHSx5?RL3z?u~f)o;+e^^HNeA~8;)*;_y4)A?4h6Ps`cw|o~
zZGQGJG@46_wu%xXiUiT2b-{DPwCO0Z!r7oR@_bN8Nh-_jwYw9;D=BFSjii*kihbgK
zcIqw}9wryJ_gPa>%lI%{HKJWQ6r*H^jtn!^Pm)^+e+60B2q^J=&pGn+dBvRiB`(#f
z?C>(c;oq-|tMiDvRqjjjPZ3r`*>$h%9f|+eti>)!{=%G7g)YqqO7*d-I#?8axWd;W
zc#qE7e=YI=?a2}KPgp7H#QYd;c`)+{Yra%{0VwoMoONS<I`l3kR)%DkGJ6dp5<XeO
zjlxVQUrEO(jbrAvL>M#Z%6VSk{N7LU!811d4|8J>pmTn|Xlf4-Q$I({hZeujG@X<A
z80t_gw4(XND$^FK><@DHQq;5}n<uo-1vUYi#|STb={rS(U;l$pqFrmsP#fv;lNuK?
z6n&I%h`I+tjjFFtzQP(v@X<i#LX%(@s~a&fGBPkSGcY$YG+Gx8GBhwbF*PzXFgG$Z
zT9a=Vn6thZ4+0c@lyHc;2SSaiuTQ?h8c6WbK;}Y|;Tm6muyMP(MOuI*0;GP33#ohk
zu)Fp~wYv1j<6$6-0~KcV<Wz$16M&Z@XTi~kUE(cQ_TZms*0Ef+=-`-%$P^ORwuy~w
zxu983lI{^xYkiYSX$pne)zV_<$+gB#7xfD0^DTy93+u$h#%Fcynx9jkaUP(M4fzAK
zyoMQW@H<a`=<R6s=OaTqHiLspMxdGj(8q<leUzXfJ$^iDJ%QUndq&t5V%3jLJ;2+V
z#et}-+J~9P-MR4;uhEm^^Fr661W_SWDZ@qfzFhjv+rKY)fkNevM+?+c0ky(PM%Jh?
zE@Xf|NMVsF^QuE!X>RcWx!+@PJ-J%@Hoy_0!!Vr|mBTJd3%C1b(^Th{vBLn^@6WDX
FjWYV@IP?Gj

diff --git a/examples/provider/client-ecc.jks b/examples/provider/client-ecc.jks
new file mode 100644
index 0000000000000000000000000000000000000000..8419abbeed98295e8544925e9cc1f2b1130ac7c3
GIT binary patch
literal 1141
zcmezO_TO6u1_mY|W&~rd<ebdZyb|5i<Yb^wgY&h*R-pI^gT|u<d~96WY>X_7T1<kB
zjI0bSjhnPBwU{CTr`;1gfA^N~##Y6>A2%FQ`MZ6x#H_mQ4>z0k+b3;Y*&@EnSJ!Oo
zpBZ!9dex+}B`;YPl}R{Hu6yUS*dXuM{M*NpD}R@&Y5VD$XFJ;)O3YPrP+^!-X2K9N
zC;FbR^Pa~OZ{J@grn*si#eVr>6{CP3bI#Sw>Q!;nZjZ9qP<QWoVaQqL9r80P8>gzi
z=yQKsk^j8n{mUTf1aB(`6M<KCPML8V=CypD5G<VeFz$fw1F#=iBlJuSEEyP>lMI@e
z<A9iD0W%XL6O%|n=*Id}MZTt%VQSB7#U3|Fn4Ok2;9}#@YV$Z}%fifL(AaCpZNSOK
z9LmBb%oG}I$Zx<4;&AY=`4^?8=jR#n8SsDv*m+ok6LV5?4TTK^L3}PAE@yDKD!4j3
z8}b@(g9N#GSlkkeOAI9p#6VnT9{%$3a=r5WoV4QN9KGcHTtj&SSvF3f<!#@2895on
z1Tyo|@*R*A7|4n98W|ZF8JZdznHm_GL;<-bh9Cgp4m$Tn8VIwogF};v5gM$_jO@%#
z3@oAhzwo;R%(6W<d;5o@zF!Nfue?#|lWces<+DhIIZ0>st@n#eg`8W;#EykcWjn*T
za__fNDW~syS8g&>ia#D(zh!X~qn$w$qZKg3m_udxSj1RFUSIK!%$}NP9~i!k#kbS3
z!zE_*CxgbbAbDjLV0vym)PPmZ!p6x<8Yc|4uxrAeIzh=zR+xp=fSHl;zkv*hC&(gd
zAl$^AT9KGrkdq2ZNbM~3z|0H@8dVlC0}(b3U`}RbWoHJ)0+hvsoY0v)7z|vQ6d7K8
zlj)tk;F0HR-??9(ZO(b3bV57Vq;f9*K^4iggQgMtm=qjeZ0dW^{CkIw>WT^fl|SrJ
pnYPc4Bg(DSk5}lsx?ODBpVwO)%dcInSuMLoOsn*<Q#gyDH~=-_UX1_%

literal 0
HcmV?d00001

diff --git a/examples/provider/client-rsa-1024.jks b/examples/provider/client-rsa-1024.jks
new file mode 100644
index 0000000000000000000000000000000000000000..b9a3447ae5a4b0b41d4b15c361bbb2860dbaa40f
GIT binary patch
literal 1830
zcmezO_TO6u1_mY|W&~sY<ebdZyb|4_;zV6T10xflc!Tq`{4AiFT?S1|+YI>FxU|_A
zSs1mL1Q{7w8CaT_7G()(g}<LK5O<*EVAuD`vJcEMI{MR(F}zJ+l$sfG`|r#B%1g}i
z7H*!xCbU<db(w2$BG<erk{RiBUH^6GwVZ999JD_~(|&)+sic>u9@_3%eKIw?RYKsu
zM4t|mRE*o!AJ2J8yTUcUnL2s>Si>qlGo?%KY}YZ9M-NkXBrmgHc`{l~aON9Fr>q6F
zKchmdE==wH&cgL8^kdZQ;A0tYj-6O}rR~McCy&_{CYnZfbDWv(WuRtvpQoKmGmLwk
z_4x@8LY_7WY_xjIzji`|!{MN=TO!Q$;oX;W{MV~($ZqM)cMKL5eURhe`1;8dou#t#
zUDMoMcLiTcR~J1o-~Zy9nxNk<200B;5<#9m@|VNCOnaJ?nzubt-h4><$A!mB*-dWW
zVcU?uo!8^@?@-A<haNR1&g<RMp)Y-6|FngAt9=sq8}4f|os_lRr#6GHu|%kkcg2ie
zue+i5Swk$J%ubs<bwb1BgAeDXvp9-RVEB~a@+9EY`=TzB#Zei@^1SoS`sduS2(LYM
z-Sx~2&iTPy3FjO&FWsN*|8*MQp$e;v;QmRQI(vnCI^SCR7M#;AnwD=U`kqbgvEL=m
zQ}3%E?7GOfB=e#4#<+~Ovz}*qC4OgmO|)Z=JQZLR?)moPA%U(btN2RdAI*$A!{+-(
z($uK$@vQK&f@&8v>wpWID^^t9*mWcF*_lTXQJq(>rq(~>cM?lY_1U~UWp(p|mh&gp
zx^aDfeC%0K*zW&XW*beIH_JCzNu2iQaY;8f>$6|q>wW9+r?ilU2WC$N4W2Y!IB2&;
zOeef>Ta9DWzhnDV9oJs8TcvmP`ND!ze<ppbIDCXX$jBzyFlqJa#b3Vt=B}3Y_`KIH
zag)X6T6vC^CO+4M;)6bZ)Ak?u%C{w|ytS_G)0U_FOXj{|xtaOn)W1(pY@5MJn>9ku
z)WDK~fknokiABPoiMeqBGZP~dlZeRdK+)|i8s~&<Cuq0sRk^<S<?d|;ylk9WZ60mk
zc^MhGSs4r(=NWPvaI!Invaks=g$5f605bxR!@<Muo1a&bn3o6>Vdr6Y%CAbzP0TYC
zH4p}=;o{*b&(BE<4)%!$<tRf*196ZrH;+I-QGR++Vs36`UOG6l8A=$4fuxvu_{+=7
z^+39ci*xjn^K%X54P@aC;$##P$jnR2cR*5LAScdiWMp7uXliI=3bZ8($Tcwp0SI^S
zd!TVXa+m{)7UsrYV7PZOH8wKrDdt<@`MG4#%J&jWZ-vfO{CVQd=3I}brlzIk=5H=0
zPKdX=`Q+;TDW?vuye@gG?c@vJBZ+2B|5mT9D_7m!E4Xw|lGO@}GnR{3(zbm6{(03c
zUnaiYalM%ycgjy{@F~5_UZS?k=f%OlUisSc@4ME0n~?N0Meen>P5OyD>I~l|W~8oU
zVrFDuT-?OyZ_vc(4U7rqP+2|}F&2@=O#UDD@18f&yqaEG*m}HFAT#ofLE}A;yfRDU
zHG{^>4OrDIY+SOWap9nklP2t0g9qe4VHQ>cW=6*U1~MR?APX?DH*u#{B<2?6q=Hgx
zJ4-#V?tp}qDvOwb2pb2m-e6^AXJ&-6n2=)}n9G=fQO$A0TIyM0Q3zx7EP00Im%?)v
zCK_&@RFwI6QH@bYxr1JR3cKqEPVSfY`WEKDnD_C_hN*3{H%%=*|4!#v=sNkSD^k2<
z4eYlqdl%-Z&C6D)E?i!kxME`f!?v3zmdmj$m=`O)&Ux=qA&2{ye2>l8>nOl+Ha}$N
mwcGbENj+Z@FZT1fQkd_nq-5#&yQ(+nomCDqs4c$ma25arVzVd!

literal 0
HcmV?d00001

diff --git a/examples/provider/client-rsa.jks b/examples/provider/client-rsa.jks
new file mode 100644
index 0000000000000000000000000000000000000000..14328f23e3f3ed37bc7b0c129ae54c8a4c550a12
GIT binary patch
literal 2670
zcmd5;`#017AK!ZybD3LKjE_r5?%ta_8<HYPvP_X8M#?rZA8LxtEtOQF<i7c?q(m;c
zoHSZlC?gRGm7-QIEnO%+)8~9Yryo9lz~^<&^PJb?`Fy_4c|D)!`FOluOCOg$LLd;R
z#DHHW8yXc!rqaz~VnZaZ<c$N-Ob7%41zGSVP(e!8L<)cd#!zJdKtSLu`1?%X5uv8l
zDf8o#H@Vy|bq4xDW^cUa08vf(Ywt#bkA!J_r0w$~!P$}OqNJ{r_L>G{MZVciS~E&v
zq%X@Zz3$uB`ayJH@kU0p%7(^<G5ggw#EivKB01-_5Eqho=%l72#z{TZ?gZMXC1^+c
zmrU%ofX0U=bEO+5HFw8f?kr9VNSnSVHIBCm_9RSzC-nRERo#D#lWY+f|F)%;o#p(#
znuw={LFL=0?;&OsR_}<vfG(N0z||3$f!Z8%={dSI%0$rQgvr3!t+Owu*g0D+Zb^%1
zAy(lRG%q<$a!GIoRD&Ab%AV{7Tw88Gim*0X&U%&{RW?033-;Fq%2L;bbl$aadigvX
zDf<lS@0cD}Ae|(<>U}>_pJixxdbFJV+TSv)xbto9d7gp;KfpceMcwDJJlhD7g7+%d
z_M1UP`x65y-*TG2%<OA^tMmK-3Zr{5HBb9+{4L(ODrK)*$9mqWen1*chvm651{!O0
zmAAgTaMof*o1){UWdK-cvfBc!wo*OnRVJl87O$n)b97mXV-5N4rDPS?=%Fh=)~zGD
z9`T{OYH#g6QV1j}XFVusZyTwd=M01kAlJH9n~<{eu}wZ(IM$h2tJcfzHWJ+{kWoDg
z7&X++Iq1~-$KCle9+}#nfR~CUISp&_=9G)Q62h@dwVSV|q%p9W)7l!eMfrJOw-FBE
zp@Vxpx29kAw97$3W6`^=@({uh+oWdfs>M{k&(s={Pq1l&Ip`}D>`abeI6%T|#oI@}
zV_NhUG@5`6BdMnM2HwoT2tksP3MEOu7=9zS7W*k)Sw}E+F5TO#7R?{JSZpOb_<2)C
zQE;%RsZ=_5jQ?Si4W@B3>8zfALH4eL$|I%KSC9EL(PQs3j`9*rl|<}WK8+vHSrLk{
zOiB?4nss&A#?%L25Rq)z$xo^a+dLiCm&9q?)D~v9jVzWbKY1?L+p+zHs4=nxw3Tr-
zAgt12ZJUt^RN5mxsP?vU%;J(G-;zgITXeqQ_@&{ZL}4r|)EwhQ?q?*`k5@!qJSAR8
z9#zX7u<iTeCcNS_&{`3dZ=jYeK12xS^Xx$m?hZ!ircEcx(U%_3ju`8vQ0c>Jdna3o
z86S6x>WG1I%RJhTm?YT`k3f89p`Kg5k^=t<8z0p0hfyKywW#Qz{kSk$To7=2t=+=8
zS{If7DH^)>`Apcw_Z)s4^d7x?XMgnY=dcCd3s`%vdDRa4(d*-t7iQD^w4L)k1YI5H
zXNXEY9|;?7f$KvF1uXls$P@;9e*ikEH(|?R>^2RXhH^LcIGQC^mJMm^F!DtvFY|C(
z0zJ7;=O<gYg^y2oo$)x(?WaeW(XUOpo~TeAbB8mjZRh0v3eULkwCq5<Yt`<bQJ-Y6
z<Be|N!4*69J2*qtoPuoA=M{*m-IEkP$8YVivoo=q7vCqk;s4~tj<6rgY$&E0E<~G$
z>FU?(&Bryv?CNBg7cdXMD{6G@`gTm`=*b4v{4H&jMvb#YHYL8j5Mjzxiif|0I=5ap
zq;;Z|RWH8ew9l#TXBG2RlyuO&YXim^N=<6{s!pRbA6eX+Ai^?yU(c3-B#kSr?9`hN
z(o3(O;qIvmEvXQPvC6BB3nzvVS;s8uI*W$s*J8|Do9DSy#W$)`*}>Z3UNZRT?k|ho
z(vu#))Df}E+#0l(2;y3hh0v6UBBB%q1)xwgpe`a+j+_#6wLa$rXWm92jQ~?nUP{I|
z-6Q?0JOIccARx0CD+kI*!TjJ-Do{TnR!JhL5+IF2Zlh7@A=HrndypukEA1$m5<<nU
z231yaWKpPiT2wfZ=(P_ATG?SSpz4ZS4yEK1LyL$Bp->{J5oW(aYT%lc5DcXlA0KbN
zaw;}9$~=@t!D@q=|6E80Sfdn44X3&MmH=w0%Hwb#4r`6YS%WyM0133huB^Y|f4=}0
zp!<8%C2tgr1t>y579a~{0RZG4tk-18z8ts7ktj$tF;1jkzH`mk7wJC0wYi1Foe?%i
zG9KJ>EAD4{{4_hjJ{8eY7ALSV_3YF5daAic{`<^_Ii?n)0Oo%AF1b62tRKmpLT3g}
zSbe=;jn0{uDB974mjH=$j;rFD)rWT}^qT2SAG6(|fhu#HpW}F1PrQ7bH>Pp?uJ=Wu
z($rOHka<%_ZX^0WJ)#cBqGhGGpK!^yNom${iP2RZ^d;-ZRzIG>JgQnwh+^<o!TP;p
z<b5cP97j(6-Xg&eDy??t<j_uo=ahx(Ez9e?_`OFyAAXYVqNY+ES|8&L@-L>Qn~^LA
zSAR|7Rn7khe6v{A`~(UEAOMF2Y?pLot7IBrewqsKHE^`$vrXZH2Qt)-@05>Tf3Cw|
zFpbOunWHOlJveg!WIjp$*PJqDc{#J}KR*|&f2SvEr9Krn0)zp;GWf>|Qie+i$C4u_
zgixZR$SbVLfG0`*L4WsZ9efRlmXenIfe;8J4ESdU{e9>pOqUED012aTJ+GErc^79Y
zP9r$ov|Eho5OoMm*qiFftwI&kubeg!zUEsaAvC*F+MBFt`q+wUotKdV23-@pD=jQY
zO>ponv-F^*h955M>Fr=Zy<TofjCB8T8~9#o?^xONV5oC_+U%Z&^0y<Oe3#rH4YTf_
zXwFX+m$5m-6Q?^CNlIHCH@-btc)RZMi#@L&72dgmY8%R%%@J4L>C=io>H0`<$z#~x
zDr7S!(;VC9*}u_(l;#%KdC2C~l*6suTnEFmSv<W(e4l#kp_!ip8X`)B@k^0$itdfq
zxtKRO)98`<W0O6Zrw6n9oDUqYpeJhBk-r;mTlNu5?{LW0EcV+wDc;P%dwfvvKPRG(
MBl_v@`K>B{0ot@ro&W#<

literal 0
HcmV?d00001

diff --git a/examples/provider/client.jks b/examples/provider/client.jks
index c5610ba5d559acb10ddd331fde61ae197215a0f3..d0477348765cc5cc2e4614706915997eb71f4af4 100644
GIT binary patch
delta 2000
zcmZ{lYd8}M1IITkQbUbqbDLW;lgk*kop?)>+bO2GMA6J8_gf{|ge|m6&4{_Cawjpj
zm$~ISx8p=eop5s7QOlHDhxfeCc|V@_|2+Q>{|~=!|L6J5yR@qy_SW{+004m4{|W>g
zAO{ChLZblyV1m_T$R*Ziurdwa7j`mecPR65Id>B^W6Nanzt->zHu&xzHa<l6cB|<m
zdG2k0JWyFQ4{ZAV!+5D&_#q)}u6c_=-vLGWxBv@kPN!7#*p5T!7Den?(z2z-zYWNr
zEg<<#UM;tl!0O-n{gTEzZnErz9L9LXuWzTH6To^!pFn9?;ZE-+m3I1&UTv(B`uF1I
zCw!>-%aSk$1LN7^8-@}RV@=<bTVaz8@<66>Z2B8mwH+)z$S*Ww^SAbNN-v~OF>=Xx
z#Bciocypk;{U)JEpH9H>TRnpy>H<(=`a!|{knB&~inf%4F2u^OD{%;e{`}0B5twQR
z31HZkhI)Cph>c03>11UYFyhV2gQG&kzszkMMjhdx@)H_juCYT%h%7W`Q*?7!l9T*Q
zzDEwZKqY9ej1Jfk7bo9A8Gt-jW39{2Z)6RfqQW|)C)U>pkttcC;3;|lh25>?syVRX
zv2Zd~bJa2dr$C@4;7F$i7#1xIxikWv`C12&oVRCPLW>ZE%5<l+231fRc_Tl%Jcge_
zh-ECmn!e1=WV%?isCD*1Y^x6@{tl`g+Cg%j*n#_#GthQx=EkI21H<LVzTyG10|oYn
zm8lFA;``(Bo~(66vv-bJL3#R?QXU*?$aHni76YP%=K7o)Bl1x)Di)47P{6bC{G~3Q
z;UBc5w8%8mC-rf=s`$6kF{59cW2<rk&pFx?rjK#!*CJ63)Y~@V7npAbovRIf7m*el
zude#{eCZzfWlXjuQnu!K6LS||D}6_BxTq0*{nlPpmltBer0Ny4>V0h^YW4iq>%{6%
zH+ILo!J$jXDy|`~o9u?HgbHU1dEAmI&?1zUtRFd(0`HHtIp}V2(b*?8_R+wg0$c3U
z9B5`$))!WvKzNCNH$-+E2_pTW^}~!=zJQQK{<b;iYMY8qQ{WRe=M7q@R>wy^PC@6p
zhkJ@T;^bGChTzU(rgbJnBMq?Y))&2A-lnU3(}$;ib8SOz{_3-dEBh00*PGqd#mTgb
z&IQl7FYC3gK=qpIt;0$xu29F?CGAHeedNdz8Dg>)J2JPj%%$bO2Q<1(sle6jd^|mr
z!V2UygbPl}-PzGyq*B;}i;P+hFqlvdeA?5lbK(g|DnNVn{o00tw=7;XIf!G8$q)in
z**i$}7|_;jP3{=ieii?Ev{J={LBp*ab%Jh)Sm=Ad`Xam9eqcJqvyi&`5HO=`KU>-B
z!aMt5h~P85tXPeu+w&NIt3QxfMm62*@#T3%$mHPg;`KaQ=i=Rk<1U9X%fsC<P8iPd
zj7QdYC2P)`B|2s&b4sm^r|BMLf%;#C2Xdz_Sst9RJ_-}x^)iT8RL<+6oou*HPa!@+
z&o#+9&z{j&MXG=Y@@2r00##v66yO-wA4>B<Ia+ML;TzC*LDoha686OH#IHDPZ*YBo
zDE?1!jl(sxf;`#x7N)Q1njwR21vsLKJDsR{zVt>$fS8W@J&=UN&{F^95tkuy(!Zi4
zsnKg#I(5c{BiQnZXt`43t<4|k&Mkd(HFxg5N#hGQtdbHu3F7H)b|Q5>Ke4;m<r7+I
z=d_OYw-@&!Lx0pS?KyFWnG0$++`5qy@yq@x!KDV-WkYqPl05x&ntM+IM}ff($6_+f
zDWC^l-mDxcj64u7AXUuX6TMK~V0ouDf+SHuJ=RAlt|G<|V}v!rU=1-Q9#AmG#OS~I
zYt~gA<ca+=7LK|^O9TP|z9BE{N()L>V)R7xlNL4RyTN^ezA^MuYc7R12GQFr?iBn~
zyVZ1({BTg}XNrp6h)F0m^DfKKtGs`uFqe~j6YpGPd@eNEFCusJm%cbLhdJBZfoFd-
z0=Elsgo@_g=|Lo2=-KdWadzE#?+l<pcy>L^azb|Bh()BOF#C2%a`ptP#kAbU`keQk
z3&Xi>C5JnwGleWsMccUQjkMFlvU}%dTuppzic|HC#_ir%8Ib5_Vg`du=a=!X*lfH`
z`uz^g-JizcQ9)n+oKzBo`0LIIbdxly7TB;)tk3eZ-1w!@ROZ`<<CX!`vgq4N=9Fz6
z$NdZapPf|k4^{FnUj9ofK!Eh$N;yFxlmFIAsOKXDoaWOt_NP9@pMS)v;~K&%9m71k
z9CbeN&^bkSinkn*sHz)73J4SWkm874?~#NKWE<8}T9}-nYoB)1cbKmhrmaxvZ5;QU
zyyCI7v@0?@CiEh8PI;i$M=NRBgdCMvSKighz4PnF*?07+wq`_`#ZD|XqQLa7b)|+`
z+It%{Rtub0*Fi6P_e3t6hph#xz!Xl5FAr?<Rd8XHltR{|B1Yc(Vl8bj(h-Xz9bbw+
zwvec3%2#12!;0Yl?-dx6y0@@V;6H=mC<oR7We92cyYhWb;k>QDG4I=AUGVQ3{pb*r
z*gV-zEtp>?){Q5IIJNxh!N;WCCI{`(^nFcXt5zn@LdwI2{xkUKCep%-;SBv?J9A`x
Rc!G5z!g{2+xlq4T`afg`we<i1

literal 10850
zcmd6tXH-*LxA#eCk<bZ(H0elBkluSydIuE@7`pT#oq!@p?@fwGm)?u?-bIiOqKG2B
z_j030-^cSj-uvD=#yMl04|`<qwdaSm=3aCD{%g)$tY567p`ig$7Z&OQpkbN9IT5C&
zs9PVqhA(=ku^uS06N-<8!;S^O0I&gx002xh3}m?-y*)>DTR>gKj=F}II@j8KdR_`>
zqvH!^0}l_Ruy#pq(H+r#*Q{=UD9HQJkGZ(%s{qaLtLZV-Di_ilw!jmckWUHnA1nDW
z`1&`a?X0V)#R)uc2_*XP{VeJ2wG$Svc}<cTBs#N|LB96O<4te{9aj}_okr`Zg-=l-
zbq3>QgZqk=j`J3!2uS1S_p(p6@3iL9L?;icVJ}wR8+~zi#$~STz5|;u+Fe_$cg3q3
zwpHKPhpErS2NgoCI0@<xj6+=_8R$R&5D4LJ;kdYNWeA=-0GTF9`&^4YndO1vV1d{I
z6^Fzy(1B270t^hjf`zVwfkgt;(SngciM~C6aB=kDP8OE7=FWDuFhZ24P=naG*jfm<
zv$GB2=Liliwws-enU<C^3<4$oW&_3r%OYG6Hg@(85w^}Sa_H4>qv*H<Zf<T|-)x<n
zY`9GA9>T6esj;r0rV)6E2e<;bN@!_oW+(ZJ0hERej|T?h;eqnpgbMKR8loO~p+Yde
zACLdwnHxY!u&}>-7zp^`YIFcLx-=RFaCFLc91t$oQx^$aYEfQHD`FK)tS21*dWFp|
zpNovG?pgEA0Qto@@FzFPDiImEn*?wzF9F%s{xiS6Wto-Sm!?oS%5Ug8)c6=zF(A6(
z$?aRx^W=4MI=06#!z=B(*>uqB-(E9dpgiyQdjo=R1|$H$B?cxG9rg45<5ClR8$j&{
zK;W<Y16>gfDhH%P+sW`CFvDC!X2x2<7VtJAtkz9$;<LaihI=yb?*wU_0BJP{nC0UH
z!j)7@RR+rt7o0M$XuAXKWr;`vvr|NP8Fzlfp^YVKTl^7+i%e)}m_VpM#>IaGqCdt8
z@ZeJpXv`HMXo9w1aW_<i?(|d)7+Q!eK<mzPg$CrAsB7Y>zj8O~zUY0q7s29zGnFiY
zLC3?Uqh@F<A0X2o{PvGmz8ZpV-)tlEQdvl{J7Qn+d~->9%c@V{;imVe1hb^zMKWp;
zzC^}KP%T@Q-3KGkN-}quEx@6VCmw+9t*Py2EZKeM4T6Y8xRj7e%vV)vG=M6l4Ie~`
zv4%eH^+7<YXPaubnEmC`YWFFvkP*b&RB~wz7Lh^M9WT1HLC!Gk<J>XChJ#dyO3m45
z4-2bmN4oh(l{PB>`eBfV!2LoncD-Jd@Y<Dnt3z`qH#f#B0-J9q8Mz7C>=Z0RS~c4@
ztBDD*`o}wYc=St+g{1Qpmmx|Gv>DBppJY0#EgnM+G0B=`)VW2}X1z@sK=Z(S$G026
zCXpe8l||&EIJ%&wkN7geO|Iz5llvdKqG0!$_4|e`%|@&+-RmSl3Y;N2ZB#=uPa?!u
z>exBTSqst|Dd=;W8|B_^SSNxHy>-q-9p^a=gJmP5OlKppEc@&(z);PInXSQ@cvwE8
zYePw{p5B=_?hA?dT<W-@!wb=zgZ3O+hM>BHVBDTsaI@BKDj_vM+4#cMbnH!?JI-jF
zsRUaeTi%LxK%3=gG1o{go2W<ENo5qC7-qvUo3Fl5x!P;CcUoby;SG_83HcKxw6hxz
zF<Fvbh3eC>pDuBkN^POtU{rgq^xW*c+)uBF810qG0mw_PJnFsk{7qyd;LLO}U&G@C
zum5|mGixz?O`$FNAxmvJ(?`=(Y4Q4pN+GHi+YJvq9-cl%g!-*jzp`(zao2bn+`W0!
z!D>k?POvnJo+4g+x1&<vt+=RsXLwXh_&GrWE<cIUW6N+$4)*a*lSA?rb;7Wvhac=C
zEZ{w!PD%=qmGzud!olthGik@HF@nWI@*g8@7m~Y|shSDP<&S#K8)S2XL#r2x$Wz}>
z5r$ySb&!3PJwdn=M1;O`u0A3!EFFqrr{j;-P2ZJX(pZJ`J;y)mB)rhPcBo|RWILiq
z?es*AtsUI9RKYO1S17~LTG%4-)`ru4daen7GbZ>tX0VfkXCK)I+YCLeo@tO@-WnRb
zJX*jOYq2Xfc^=!d>S3pm3}4%cV)#Rhs`3;0hBI=z&UDI7E1HA&v02Un$)lH{@6!_|
z$=_mYtu2u=U!afp!Pl^RIqNyO_W7Q$wRt9-QF=^qfT*Zxd)kG(H$Vl^W{r)HAkQi4
zPNE5KU+v1&h#^!5B=xc@c=CpmX4I0!-=msKb&{XOzM88@p<8nmW3)j<DWe5zAaEhG
zc)*s(T(ft6n*jn?Fj#2nbgk~luBeen^4YnB-Du^X5n%D4Yj9!dsU4raGw1(xQa6C&
z9h1GPal(UV-1w^G%F=|SD}6EjmONKV_1B)wb533J;!ob$!L#dm!$*~F@ulX5B}efs
z543vl(ASz^AElahtmaOk_pes*a^_3BHdMq4nhPs-_`O(bi#^E6g;PRaamB8M*hz}n
z;D1iP<ay4p5>!DWTo4#FxaUe=cc7PuR%L>@z*j*o90%&7;Z7-J&}{XNPoHp+j+K{n
z+vYI8-TIby3$q7S`oxOq4H{NlYASAw=J1o;qNH4VDibwkvS~a?GKMvp!FNhFrnUr2
zWXlovubU}f5w#yUI2{0eQT!9ZG3lWGnAE7Gi1~xyT35X?bk*fq{MYYSPT!ogYFU|u
zLGk_{IssrzG$=Cd&k+B?YY;BBik+=9+!p?m*C>KZ+j$@!!fj!sC`h5mjDw5&gW$$I
zP+mdUH7MD)VK6SCx}%-BBmCh*lm_7Z{_5{!`9FOD{s8)4osJTV=>7l#G^jrS2j~v~
zptYlquwMve@yLm2^*m;0^KwpZEMU{bRv6FWFURHye^YPi+0`zaHilF@=d{QSF>iR`
z(!<Yj>n-JBNc}M0@#fk#lEyOyT_L#{G2n|}w9HwC1mF3@d)QeDiP<;z6!v)Z0idfJ
zl|v#O_EuE#x$@>n;ClfLO57JB``a&X@qPL*6#t&mr&%@O4dHSg2#PGB1<OD>oy{wG
z{O!U5+kzyM_yg)`BpvC=CNvR@PNhSe*9MC(AK7@e5TlQ&I^wB66nQD~GRY{lXA1X8
z#niJYZRVMWCxs1{Ov)W2?t2cSfs*7TrKVMms?d&v$AO%>+!LgSzAeT3XLpuPU(}BR
z(E(_Hm;L}Xlt*s=qEK#5%9%}AJSF$h#<ORM>SmsJf@pyv=l_r>$Z;rg)DQAIn-|Ee
zEaZ!S{Koc&{5CvszbmYt@`~!)6A=a~;QYaeNAQRCHi&Nu_$h`jN(cSnD<+JqPzV+X
zbr`|K#70Mn#vgaUUpE~p(ovfZfL6P_$fjt65psltPz*uVySGOBlcT0MsBNA2BVNKg
zu1}BLu9kdb)xj>)!+pA8*ejLFZnrCBPP^tcp5cq-KB&pjD|)AS37`<U<sY;yCdafl
za(k^%f^z5uK0Jd}>VOVE-Kj!|w}VE<IQ@%s->V2wlR)O!s+tflgtB-|;l2i5HiW>A
z{lX-UnTAlaSXMu7wz9*O8*<};TtO^+n&QoHg>XQR+3B+W>{!&T<S#wdE61AG%EgT1
zSPMgjQ|^w>4O;IwoL8%mCxY%g`@-JeXpuk#ERZt5JHl6=P_#pKpxNu1KcJ}4J!9B=
zti*rlD;O&{Es1QYD=k_X68u9+0!`t6sL17(|4BvO6a^!Ns|v{GYmBS}v-Yt~SgmO%
zKLW7^X+u-3_g3p~%?@c99JiQ>Nv6FMQ+J(utsur|?BzRBf45#R97t5gi%+ESwcQ{<
z#DZq&=;4Iyb7tjJ^I4T=%V{k^*6Z$)R@G(}kHwHd$I8n+5CRt&tlLILp92l2ee?a@
zP41CW$Wt;k=o)?D#?U-q51j}fAR08`R?o)Y;Zuc=hc)2q$0>EdLv%GH=JM9mc&s_k
zMEP&lVPF4}r!N+&z;fcPl0IuYm`LoXgoF0#^mU9^0V3RtdB0l<6n|L5nJc48##j2j
zHyusu>dUu+Wuhc5{S+k9{yK16qMFzA9}zNGT9=^4XtcrG@)_1Wk9+6A3r7>iE5a4s
z?tD?l8NGzt5S!3?OXySKQvUO{a?D`;;^~D~v)fO@hl7ZfJr`MAXB#s4*&;nMZMi8V
z<n~|_5>@IHIn1pQUM)Z}*+frTsb^^^lm~1T6Sm992R8(lr$$7V$377FiRWTRl$AQ+
z<$$=`%VMPN311KtnG{W?68q(;i3P^LUohAe=eqSMPr0&)MB)seOM>C#g6uJFPr1lk
zs=C0ZFh)e|d_0DRczV*1ZLbrB%ue$2bJfC5?#E#MfOS|@6Hm5=HbA4vlO)d_gv&HI
zE|N92K%=0<cCP-a>2Tb>GSOo)#oROXwYA<Z@3k9r!c9y{W3xn~kq9)uuZJY!WmgFM
zxu$k=dl~m%d9kP&yrwLuaoMSwW^C)P9fQ`0lVTl2;~Y6PN7#7l63*N;=xQ!(dE}B_
zdt@iL+V&u=?z+nwd^Ej@bdKzWJNX&cft6ayJugxW4W>lm`2Ekfg_R!MobkiECbCbs
zxDgsdQ%1w5lvkus+9tFx?DLwBYVO6n6#Mu<{VgjEG<7qI)iUNnoE2|;3f9zZkXUI|
zS3&#atoM964ULg`Om9l~tzF+mGjp4*vOV{OsqNvm*s9BH+vQp_MkC(oRHwA3LJ_U%
z^4a%a4&$=Nob{9g>NB%SjOf6)6<6AGK4(%T)=Z|wHCpDGEe@Nz5TxhVe$dbXnsz_f
zqF?d_TV1N#BNh;^A{#OG>6`<EZ*sHi?5zXN&2ud!;|NqH)#$D~X9le(9EYnJO3#hc
zwq*xsrQG&-WNj%^hhKW`)X+5Ct_>37W~y+|e6+hudr96b7xA#FwoTGORogHao$5=L
zJg_T|Jx*|#ZfRzp$xuwP@UpsBvUjtnD8OVOs`t9U1D}Ljtwh)`sQR@clM#%tEH%<v
zXSa&Qkd%rUiad?aBEEO9NTFOOXgjNsDRG$!)%DB$eosm&&ZSRE;58AC>uDIqhwNJu
zNYr{Wp4Fzh4p0<1<u0^W_mlYU=G3P=6V<&Pe4RO6JWn|;Nz^E*VF}vTOs_w4&6u<8
z!xH~!&$}m_yzRaX-OF5*c|L~ityuF^yPs`Z)>U^^_Ro5Y9uduq`5A8#mN0i9f=ZqX
z*I92^&h53@x7@d<(N1g4){BrO*m@{Nc{D_vK#41NM|@QxOq`#}u`A+cGSRamU{H)z
z)GfA*{Khh&V?4{N0*&ZXSl~%o&g+#+4fFfA-_qQE+165uhluObRlV+$pWJuwa$Y0H
z)Z!F>pY3TM<0tF+?71M@$bGqkaceS)Owpi{i^$i7^TiBQJreF&AQPXt`>=UrD&Ws5
z5*?)=FQNYEUw)`a?^yewdTi;if)cf+HVVb95y{We|Hc+5GWP$jB8i~istG6+3DSbQ
zIosJeTl}mbfpKwU>};J}Y@AU7@^7sJ{WGWi|5J?3xP6?Ea+=4|cLoKo-`Y`eA>6L!
zOMl<zjh;AKIFD|&!L~hF>TQdy4JJ&aQ}OF3ru{OYHZSMh>*&U_(ihoasY!^=owpm;
zxgBDnOSx%omqjQQSA>(YnB7wP*4|YedM9rg#NoA`o9PiI$Vye%y}siWR~qN<t#ns#
z(2Z%c(a%LIR#dFd^iDcy)hIOy_q7qx8CT(fTJPSawuxy;yGgoPCrW8ft>+gMXWp+o
z_$3nOAA4b%4_QG3pXP6eR$260_&U(C?`N3q>vF$jep_Q#W=J+6m;}0r(YL#3Cs6`j
z1?Q@mqiMp-8B`P3HRP!4Fs8t3lQ$}EH?H%$|5S`}D8(rCi(+I6Hz#s#XQq}|ziC>L
zHAxL!T7Cybj{Q)K15jkIALMs7FObPu$b^6BCiaK?HUR%#omlG7P%mfb#{|ss2?FPP
zo|iTp$XC_xbuYqcL(xgi_CIO+Z<6>W(3`i81l{|{sduoDZaH3dw|aRYF}MdpJYF3f
zW>c48pccJBq-E_LbITIv$<({ICd<85U8-dJILo`7fpG9@M@N^r%X)IUR)zyjMkL-b
zdgbfDYqnb=YRl^u2VWRuMEC;&Q2HYo@TU7ogLiBOotTfPl^AkH%2R%l)Z|@+idf4`
zawjscaQbOd_gvjJq+}#!aaVdG6GMYeo3&l;py}?(;7l{OJ5qWnLIFIc4XA3nB|n}A
z<9gsHp$Ly+-7S#0YiYX;sC#efAXaC1%HKki*$z#OYyX}RaZJBg9RF4QU;3sW|C{Q6
z4?CS1aTa>LO{Udi@HSVTF0{utw(F@ZEzY^uT}k*wr_pitI0>2ej^`vmO)-Ln6?~+g
z(N}>NG8C_PdOvOZ(+hOMw2Af`7UMJ7kjI&eg*S5vnjiR+FgFQuq=ow6!R4m-KlOZh
zt_c8o_!EBC;XB4nEp86t_>{qU<)buBX?QCPeB;t%HUI5Ae<5p6N*_}_1KXsPH^P6=
zl(3JNaK%U3(x^1;@ouCRiRA~Q7L|qXYy4ULM>j!bd?VC_@gwVthe^Hwe>9%*E!!=2
zl8kPhEZ9Q)THS>r!~UG|2~bQxrE?H2mYO5N998+phko0msLDU47TgB$@Mm(zK_&O^
zex;R@k%8es!QYI)xES(qr@ye~&-dq=KcC@0ZodD0rC+Cck3d#ES!^h!W~)<W-`;a<
zjWPV1-<qLvCL_8DN6PeOCLgiPW7n%)x^Y+ofc(Y-7Ygaa#{6=AdgJbUzLlu6v^Xj=
z3jdNBSI2G}SjWL7H1w)5RDz{~WbeM(fg%TgWX4V?vds_jJDV5Cm@H)EKh1akkl*gk
zzc3~K(&qZv#+b{UgA`t6<QC!$$h@&!@5IJ9syi$u(kmaO>S$w<+zq5P2JUB#Y#%*G
z55MSCoqbn&yjmnnz|0qe|I&4BAt&VWd%$6%+KDhI5APo*&=oFJ<Lx!7=~nxneGFh$
z@W))Um?QlAGn}zRVAV7X2{Nm#X5BbToaYnZp=eQ0fNRX^4bwW!&tqW;*S<a@ZsZ`H
z;u`)iok^gc0kON!qRb+fG5BaVNcWD+#+ieTb@t(~rc(`#F4J&48q*_t1~dsypP?J9
zgX4=h42JLSd26w&Ts>~Hu0NmjlV?gYAl7T#t`=bSmPp)4Xnzd0=mzG(qe{{MnlfV8
z#pW@9Q#)An&LF!dR(XHq$V^O9)rMNMhB108*=3&Tqw@HcP<hOOh<xB2!*hH=J`)`I
zi>KP^-PJmEPd}-(LTY3h9hDxDfRnMpA}zFi;&0A9JN<ln;XH_-4wn>~;Nlzd@>!*E
zMYe}F3}dgfM!=-8b5iGB!%F^2K5dtdi?S)68(wjHk7be?#S5TYvUE(AwtJ;8PAl>q
zErqHnZn1sNeI2Votml*Wmiu3ycKAi``GINJw3{X062%9*6q(FWTR4*Y!|8-RkZiWD
zOt_qW7BF~!-7_Him@)M8R;oi(wWWC6Vc^V@?!#G`>@all<=C$gqu~Kk#qKBUf)8Gm
zK3w(YUHv3^f*<X4R{+M+Tg$1vb&Bj15@v8Ps%W9%UL=k3HAI#`E8@;uNxqVZ_R?3H
z3$12d7WkTP$K77=vFUS5qfSnZwV+C*(^OwPsappS?3Pg5(LSI;1Uk+^3SzU7{(O|P
z15&kuO-DPgm@;);%Zyv^21q@lbu?Mjry<Adcd@a^cafb~kVwY|xtw-6kL&@-6;<d1
z?46}8kDyh=o_9_xY>j0u6l-!vMf`FxsBHl43WM6??ZG{UC9WLDT|x7VUm<4>*mWW{
z_Z0Bl?$Hg{s$Hs6=jzPoANrtgDdGsKvYKl|kGvgM6g|c2d%DG*Rn|R*7r@t>YdFhj
zFMHbZCyHR;q0SChP!w_eL6I9#dVY3~Xp#a&&MD*0us%|oltcdG?2z<lko<2d(7!o5
z{3tPlaS8r)b};@HX@A`T;x|zF2hSau{;Q|Im7S4csCs`e5Q#(^ESytVYpP*vH>K20
zbpOx|yJ|3=>XsVzF=QQsth{UWQ%Y15Ox+|wzsi?&zQTbK+?;U5mwA?REsv}G0lNn~
z-!;xmzy752SO-dmFzp#GlQ1NRbC1!H#pbv-d`8)&J_T?jLB99d_f#)7dLXEy60NOZ
zY$=Gmf{5FxWt{cOPX&Jq#VPq;I5kQiaf4$4b7OS9-9fCkoL`u_IS-1Q`oXCYD00XT
z@;jRs$n-4ab13qk`#Jm}zm0{zkXe6j?4YB*GJbkai`{UR@!BnN6?2Mkfq~S7S=jT*
zPLTbXjya>mrh*^3wvkQLNxj2$;;4vYjrSUZmj<ubYYG>=v=p5Np9JkN6y)1nfm(TH
znsHGS5gX-g(&S5Q9m_soq`~)#rWH8;s5XvRtgp~XD#GvcP!^Lu@a<->A}uZtvX#ro
z3;&)Qz&}*<zo7Ri5(T|_6!fZp1HDWK`BYbq5xuG6dxgX^{9i=7QYos&*T~Y4cSy9?
zx4h#LDjZmg=y^r3(}LzIy~JKO>NB?9e_3{l9f&;2xyOy2L0R3z%|TU_)+-{2$3#HL
zbnS6~b<7*SDWTXkUK^tPkuRc!Ujk2B_Hd&f36O9+^_rN{%x=BB`3&K}9TB%PSLJSw
z?K76gfuCAU#joIOEbRH2ut632C68TiZhMR-<28Q&a?4;w4kV>v8Z){vtucF!aI|^V
zn$Hg0ET1)5;`TCc?3U4p9$W2tfe4+VQAAf!c3NfZYSq2ZCh5dUS)(l1)%0hz_W<<^
z0*UPID<g%w)%#2hc!5Ec#N&I_aJ0ThY+W>*w#4b`O!%?R1?5>uH8~{D=ytK@Lw0?}
z7h?JF2;(Qu6FL2W20**3VK*1^sijzAJkC#o&KP2fPC2a8J4UW0H@sGo$i#Of>PaP|
zY<u4`d>>oL(cM7Bn@`sKGfxNy*S5^ad)KBtNC?+4=(R;VSFI+hS6$0!a%<D2<qGph
z=H#F~9HYc43?4QqBM{x3;yy(Jo^ClTOjPU0TVqW*8DFn*A2Uobg@=z3IsoelBE7lE
zN9z6Bz^;JCV7>x2+>**<@!@^|Gui44{Y(~OYx9-Yj>KqAFsa!QM}Kb5e6TCeY%&Ae
z5}8XzKW73(8L#*otFN*J!Vh+D!rrrD&nsArsq!~7B3BEg#@a;VCvKm;iaNp^!VRH@
z7V(8gI62=o-G@<M*~l$8^(b@GlYhfngv|>Z+M((%zUsG~Q_cd1KVrZVCEg6cY8i+x
z#y$@f_A0+x(3#UF5QGq9@-f%8@F7)I?B%bldzNjw*Bf~0u%sw6GyByCN9K80yW#kT
zFct<8!xJB$oysMGtkgA(Da)h2i=9tm0e?mw6$*LeDC8l3AP*i|;tz?{Xh|H+6L}f=
zgf^kxg#6b;{MR*Izr*eKP1nDcd%yVu)nC$d{TmnXKf&*{6Mml3u5)JoCVBR>P7>X5
z&sxPp#U(yI7dL^m5qPAr_|&I&?_>K~^CzxN2lg(jbin!jFJ2Y-xG^<^5oNzN5zZ4F
z5X!_bt2{j1EtpmT;x`zDSt`!D_1?gz|7xAZT(7*`dVb4}{rcv!;)6(&r3W;t?4ss9
zvn*%_Q5J~&pYZ$lh9}aJ;OPC_FfZ#na~Fpv-7bWd25bM`@cf<4U)u2e`@V@k<hP;m
zw-PXmyHksv@3@_=?um$ZR(Qtlb9S~xJ`WQ$Dku2C#S_dD9kLdZ6_s!>?HsGunPQ59
zm@VdU`t>vW5}dnGeOna`&X{>0O2YE>Orxe3p_carmP>p2)Ku99)4tC0Z9Pep>J@r`
zuSsVs_g??&LYxM@%7=|5eLYWyU|6v6!sD6SqEP|KBb}r0T%m4pv690yqDP^1{{>=K
BY5D*F

diff --git a/examples/provider/ecc.jks b/examples/provider/ecc.jks
deleted file mode 100644
index 9c94c3c1660882ca29968a63bd35495c74013c90..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2060
zcmezO_TO6u1_mZ5W@O+>&dE&8E746&PG(?Wtjpj1BN!-m!l3b}0UsNeHX9=gqZX4O
zBO@yVOXH^8>7S0A&|f&eWBQ?#DSuARRli%_G5ge01@WsZUspKTPw}*|o@k?OHpk?V
zfDljSM}~ft_MYZ|=Y>tvwsB6}-f8u>>+kG!a=*^y+gQ~d-Fi;$`!e3&4YKQJT@cyr
z)6}PS|B&6Z9A-nC2aay?54SJLU-|yehPJ;UNd-lnAJb|j_e_)BRCTgbf0C$(G`swh
z*|*P@1YfxFCc9={)L~}1)jv!GUe!5e#%-9_@_9nAaOT6f1HKP{eqm%_jnFeSuw-Ch
zPBLg>jss$r1<Xv0OiUtny$%bxAI0CS-}rf5vBRW;H&%T}HQ-|7&}#EIXUoFOWYE}a
z$Zf#M#vIDRCd?EXY{+lG3*vC_u=y9IrswAw@)_`e1lW04gA;R7a}9+J1VMZ*9xi8a
zxGK0hI~(#EaDxQ7d05;Mi%Se848%ZOW*+|X@^ZcM{G7Dn;vBu?{9HqM16ejspyh4f
zc^Nqw#RM|*(()aU6d1^f^BNf%8W|ZF85@`znMMJ*CI*&<rcmynb8n=9FdI8KG?^Ho
z!OG0Y&g{g%61x8jze~U@+jFzGe>m#<wV?XS8<jrEhBr|@i&U7CbY|arzsOX`xus0(
zSlCpyGmI<uek+x7`o4GNCNrh@<FWNy7B?~488k6k0Yi*ARF;oLj78-274OLGsfqT1
z;oDezI~_Y*Vpe}LXgmv&S7rgG=f*<~Sk)|SoV=uQ!e9%#ChVybl-y*6Sy&C285#c@
z$bfi)ETRU&P28y!iMa(isi1_^&QcFd_mH4bWf3zFVdDViWL8#oW?(EpSxm?Yo!NuI
zz?Dgn;qLOgB5TA{^es)A7iqlMRjj3QIqbZx^+~shenmM+vyL+<#4~+ea`EGjIm~_k
zj{4oXy5Z;RwJ!W>rjz*=m%VwgtouJW!*La-7L}zIAqthB`*9a4Kd0Qd#WtzA=gr+m
z_3ym57U=%^&ZKZ>#$CfKV}GXwdQMM0T=^x>8-D(zdo%q^kM_*_UcDa9FBS*yx?x{+
zztQ_pYRignlLl_rN76d2lA0U!?naxej7SUCJH`Lg=(c{ZrTMR{Uh!w&`L9h+JoHPi
zu7SbuEzhicPN{48a}P|P;<asF`-R4|nwbH0Jaf(n-JaY0L5S(Ol&9yxc}rfZ-l*XC
z>-^s~+OoU4uGuT3f-lqe;^8YOg$mOWgC?d0K<o}FR2Z3&1J<B%I%)|5Eg(2}xWW^Q
zGcxniOMs<_0I;kDmm=)Jsfi^eIjJxaE*^GJ_74vBF%&Tn0;%EV;dV(aOU=nI$ORVL
zG%ZW|DRjAOPG&(#X0jm<FhIaAX9g996qJ6rOOxHkYkbrLypDM-WjSnfZ@$^>BHeRS
zUTOb2t-xuiBlaSZ>E(Lg%S@AJ8AeZ^q*(vqyu_`Ef=niDFBBq-xf@J6Z!B)?G-zx?
zDobKx)!whEGy6HaOjO%Tl}Y*ircMI`c~EXsW&!%3K_ski*5MCM_at_@hUWd8eE!wp
z&r21-b%CrfFk`YX88Cq3RF)sa16C!>D}Y5IP`fG%C^%r5kP%p2a3-{QFt+`0Vq^rV
zV{<@GKFsb61};nrQRzG1F`1}KUpZo0{Wh{M`AFCHmy-^5m2K!gtKwO)>phc#=8kRg
z&ELbaKKkCAAEfoOKUl=GJ3g*`ef=rD2RELV@@!hrk-{ew^Y*^N?at&5^%q)te+2+Y
CXp!{*

diff --git a/examples/provider/rsa.jks b/examples/provider/rsa.jks
deleted file mode 100644
index a37c51239d1140718c0e81bee5c960add80c11fa..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 9142
zcmeI1Wl)@3y6?Mb+#4EqcW9s?5Foe&4H7)Tf<rfM4Z%GGmyqBZJh&zVcXyKD5@h2Z
z$RV@$o|<#c)SWu_*3_L_cRs9o-z6W`TJ^|p{hz!2yL|uvfO6kJ_YDX@u`s*;yhOB|
zuLA&RD9|9(J19OnHWxY&708JK1_IFls6nVZ>LU@6Fy<{jkq~7|+VBJCfn7Goo7Pi7
zGM##IOsp~f@rd^JbQeD}j95%3`ok3EQNR61k!+C%#>%U4QBE<P%HG-d0_|@xSDJgm
zy`zd1HZQGL6OTIWv|<yzwAArd&4nn@B2svHWWmepRx4A4Ll6uf^R_pVHj~;G?-w2l
zY!M!USjJ2?F4I~+yw;WSa?}f9x7IhbWQZ%E!%oRy*=~8<TG_~b<!cWQtdQ>2pqj%J
zjy!q%&7koq4B`s(>nqpRUX)ZLmX8lm-X+tFZe=-M;$9mm++whR)O+HhDCW0SVcwD4
zOxs0OS2=aK!i_d+((2^drkjgG#Yv2A!l_a&pK?uh%OLhzhx#0@qkyz($p^k4#bHAQ
zG*2>H@-Aj*572%TMK>VNGxE|@xo4<^RhWz>EyyZTH&4r+2DmA?A+E$KdvQe!V>n2q
z&hZ!x9^e?)+M;7>p0=f)ZhlSQ7@wuYdN8Sw)xU6A%{nKkj<oSO35`_ApVMGl$*XSl
zGMLp>EuS%cW8coatS4QJR(YN&d(q4E!CpB-<x3*x7^3Wr<RfpRVIqGt$)<z1T^i7m
z3$SS1K0p@5Q*NQ4r=<W#mUVawUr&~?siR(vy=3_j;x#ks?lhG=iKi+<&cv(L=;uak
zxi;7Uy5uu}U>0%!e*QzLTvi(M{nV~V2?Jc&s<)R7$}c<DuK*cG>Z_>!;9yM;ff*|9
zx(RYUNI#ZSHd&R1KM=>5TqwRw0%}=(<9yaNcg1dCr0s!iP*^P=<bvfc?EaN>kz9$p
z{MFo|P6+o_&s@@+0ZvlX;yaj=_RCNMI$0-1<5iDn^b5J6=utG|yQesV%)Lpgc-|e>
zw4!@A_WGxJj&TQHTc3vsPJTo0innDxe5FFtF61r!f&YxLEVn}Sffv#w=0o1&;`ry)
zZ$fV{_R5i*lsQ8l@igv@?C(+((Uz|QP<Q>p>jw#P<Ov=Xzrnl1vyI&;i1XH4O?Vg1
z_x=ETZIWi~uA|XlVq^oM78yesp5K+dV67Ay+)aKObd>^GkDxQXib7Hj3g-){x)h{;
zOg}cN`6=0IK#2JkLEOb!pzPYmY_is>u%eS-`4X~8AjDiuavTe06|#t=!Dngd^D@;m
zc&mE(j+z66MW1SqX-=Om1j}nLG2L>ZOUE9Ifc2(gBq#JM`Ifw*`NH^k@3#@PzKcYn
zY8IG!!wzX4jO*1zP9V=N8(4{IJzVD*SM{hJjKue=5df>qT?+$)pM{3bGJbf+qg>z!
zJ~rfpyT8(dvR!uetWd|VpaOVVe|hz;N-C1ry*NXqp!|X~7CRv8wbvUCtsxux#jTy|
z7;|37WbRB~gqX_eIicionf_C$1YV9c$LXNH&&S(%tVi<+vXdEtu|3~mv?yn#N2e#d
zN!F;2n`_UHS6q1R9zoeYT{(93WWc@`kOyKMQCGV3$KpHVR(X9pUY%KH+x%|)1XoSN
zh8q6RG5`-C+`KpZup1Fd`+yTE-Z6qbHWzmaUu)MZWYz8?dhg7=bri4nC8N*V?4bbu
z&#Wfgejhn`As9pZ+)_`wP8j#>#JA6Ev1*39)2nuOSNaTc<>PTLzEQoKQhFeU?@QtI
z^+t+Czx`D_saX>%!4JvIuKo_b*^<-NvTqek)P0iP`IzP}znb!Y3(NriB`Tun^9n&l
z?*k&}J|O;t27$J+K`1~J6o_AvQ$#a{OiW3o#>WmyrNeQlO&KU2Iu>V`QrHC^5Qu{Y
zfCeV<<3O>{K~GW9iBX<v^Ap|&)cX!5E`}Nc?q&uz`*Q>X7efZ&W9euH=LbUxeyzdA
z#nd+QbVDHAZ1{<x;9o;HxY)7?xU0K^n=Ra$pBzg1YY>D>;OXhf>xpo%a&>j!wLm!X
z(?Mzex(zHKDWNUg3L*733!t=Qcmn+V0s>G0LFfYknBjdF1{LKO`lI`=y6qq!<KJHJ
zeLeyO0SN%mARsnM5D*CXggd|ksiqB)F&Y-3Q$AL6Cp@Yb%32!m1Eo!teFItj#(6YX
z<p;;m!68gzPzx9&qTd?Q_$Key@8T)2GZ5Eet3?RnD?Ul?K8iNir8=-i<P%CKmt((O
zD`>BpaPoKpH7ef5<o4Y!%Jqp6;h-+--9PqCu1XH_du%K+?8$P_7T~U(BrY*vVU$Hu
zH%UXxM=>tG=<#r<(XW4_V|GCbF~{)5l}d(3``sPo55H0$Vac>_A--tVBX$sx@b^cr
z>TCvW{GI8!&ay4ebougFCmIkR49R9i-eBG(>Lczti63K<;uNV_1GM<9nbgzvHRWlV
zQ0H;>=Gbdg+V+LLQ9wWdFfRxwe}5y=_cj1}N`sF|iV9(SZ4GwoWTlbZ7qqC!pQC|p
zY)?Z2r+&>dp#}~?1N#I1?wXvy^!&ioe^F})`uh%u`|DK1sAy0S5cm^H{i_E?C4mwL
z;aGZ^IXXF5{_>D;RR4R@`Td4iP)VT>bj*9oK|{j;0ss1k^0%gT@5}e51_V?&w=~Ne
z2C$&yzl^|nkG!pFIajD_KJ8sIqkjb=u{vAV2|6GSNM*GCJRb3El}GP<Im>qDgK_=#
za#~~`glMKdGRC1P+dw1XH?X$7U!t-tcIf={g!y)VU5`518TR%GPna3bZdX^2wfla0
zmUgx?ZFU^q6{xl~i~@crrm?+mbH2qSD<&KqtfG*e4jk(ZZShOWW{`L(ZYL4AD2-H@
zBQc+jRg-96Oz#dXE?WqH)BCmQ2vRwoxOO5ln~SQ+pu^EAfBw<<dU){@pLd|lMyw*v
zln$`2Ls?;_n4kAWfTWUHJjY3itg$Wp2-vh_;VjW)cq7~n&h3O|BzOKLBBEP3*jmEf
zerLr~%KsHBB8B*$(;F38*fM~F%_&Bh^M@UHGITnWO3k=O0%n}?RN95Fo}k;x-rZ`S
z*h;R~9O;{VHOZq&uws?9W1pbYD+64Mo{+9K9BYN>8Q0g+A21zL=asZXbdG*N_xp&U
z7^xwk^}VFD?iweI9l^p&WD{;H-XL$XqrZo~*_amnv8YEt&)a&s6`&3!R+otXP`Det
zpBd|@9Zqk_9h?$79PAU0^{kYZB<qLXz=m(!`2i;Tyy6``{BT1^g9fsLAxT#11<gn@
zj}+H`V|*+o^kRtjOy8VQOF5FA{>1!<AAX~`E0_&6&A4sQMhS7xhKoitGj%TQ+m(sw
ze>q0wR42Dtn~Uy}r~f2zv=f`@9NR?{Y_llbL(!vLsn?&Pl8teRs&&oY=h>qyST%r!
zUqL0!4SH5dkUaJ%GyZPsC$q`&J12i}3x~u=pc1WhN-Km|?1U&2`ptAF*neeCdcq@i
z5m<c74gDVG<R`u}wD>sDXqO5mZTqs*dmVmt8Iuuv#|`*^NHRYyV~}WTR}LXzT*JVK
z;OuETZyOR@IDYQP=&5lQ+z)8eRx~30W(UzDSE2TcEVdeAj)5TFOHNi!KQ<RPKPX^5
zI-Owi)>;3swA@Jxjh2gMlxelHNh0s?ZLT{Ci$%k{Z5N+iH8p$MN@<3fW68&T0#*vn
z0{6O3e8lRP;d9^Dh+jBJ8X?F2$zY%9S;xqmVB$gS(R*7-s6J)lTQu&?rmJ-P#Tu&k
zxss5=yGopR2SnwXX-vSivf7Y)r~&e!MmprAkmGf0^wgR|oAec71JE#YAIUOblbIiC
zwhk&ZAga$!21^wtOeQ{x8uadnio}uFRRIITYcJ-#qZ7eqt<Rx`>Aq^J{)^=bVGJWQ
z`+9s%GI@;3hq>}+y1HK1HH5kTNYPP{g<QZeJ?lE+L%@I<UVRj_MVi`Y@FDd#E{cdF
z6e7QkeNzLo+gY7;!EuVlJy|v)X<&0soWwP4Mcz9_Xypn%+_nA~e2BO6Fe;>0haJ2V
zQET#<px@@iUGL=+T)jJF^_`x;XJj^mmT^T;@&Ov7vG=IKqiwGUoGJ^hAB~`pWy+U}
z9MgLdzC$%af;YAPZpSw-EvbFH95oFVAvwh}`biD^3~H?%`(l?SA1SYG`<=%{gvc~k
z2xLXX)jbQ3D9ZdpCYqZBEkf4bKHHqqdPiL{tdT~cd7J<*Y9n*g$KHEAaG4_Dvm}U;
zo+>?%K6q6U04k)wD^a`B<0=<1u8#gtjIEQ%bjav83}%kG`8=OmoYIEBoZ#~6xr~8t
zCUqj|(moo68nAjv{Pyq(X_32bnk+VjRY~|@U5s$|^44AsVOxR1W^r}ofcvYsL8phk
zKi{G#J&AsgIY)|#oKr(a<XO})iAsv{Jql4HGU`!pk>J2_X_n*X>#cUVdeFza@FZZC
z&EL*B&0diE*l<(9l5}X3v9eAI-qM0-<Rp%msZ)9e;PPV6N?$JRFiq(eAsJ>sN_>RA
z7@WxMjhO}qoU;yDg0te;H;sr{#LpcJJ#fQl@Uw9VhD*u#`#kHl$g)}v=kcXB8AQKV
zpwr*L6g<F;4NMi=N-smJPvP(sln<G4cBKw(sT<@c4CV@1>R}q!_C(8JenzvJT+<|Q
zf(^3mSW`MHRV;C*q4S#|%q^w=%!&-qAT*kLUPSwY6}3ryvvr>+um$a#)-DLn*|qO{
z;r}oB1sa(7KWD}J#CD(I?pYD{7v5=WtC|QvVIuq#P_kdcIJksQToBeSW{!^cz{vBL
zsedLl{;MD0AMs-+Xq@X#G+#hoOuH|Hi__OFy{&{(3qx_HP`DaH;PqIuEwZOmE^{hS
z>6XVPH`=--$GuOOTX}-&BD#4L@9JRhD3BKU7NnT|$#TfwlG(O!8xm=>4!h{Cf+U_<
zBOm&BtpIg(;|qypVkX3;-l-mphb=wOq{7V+J3Go#7Fu5!Nm-(L`AI!>jBvXc6B<}a
zk0T4|cC)S(2tve!bwo(L5e{yqm2zPuo7J*pcC8vYpct<B>E(cICjw2WyWl->6w4FK
zd-FV_Zyq<aW<F|Ohjr2Mx~%0Vi)z=n_o?$_m=rm2l|`M4I<zY_B#cLwZ<gf3zrEt@
zhtbAOPV?lS{HSryk1Bt|kAidZR<kzY<S%vboY>-fS!Y8n+o6HqezDa(Kh8h{Cj%gV
zZ%s~Metuxizr0}wLH@3L{&PvPaeIwZ$pJO`G7v&J0@?39oE%J#pXa85y9&qVnRU@E
zjH}d3joEc^$@cNx{ASoMoxz1T5w)h@^PS1|NB17q;_eqW`m_O5j5`d9IFgWOIUQHo
zE0d%e$-y_v=8!&Tz|V565ruWpJ~heOk{KwC6*muKO{!~%_O(=f)KGS&iB|w2Kycle
zC$rKLYE{VTCx5B!^5BE8zmP9UGFzY=8?AX5+-G&Ot^Z{zUO9cMuYTuBi=tY>B$=Zu
zdi1UF%-3Q2W9Qp?HS#n}qo^&e!8V&zYLpUb1H4Q8C$mb3z%GE3uJsGb8r>gEry-Ap
zFZ@N4L>8n1+ncJ&cSb~xe<w*-OBWAIm)}Y9?4HU0cx3-~)o~XF+cb9SKJZ_A4#hFU
zpcFLYzaE^1<R!q<8__G9hX%@OyfE@BX*d9yvzfcJL@nf>N(CX!OnD{0kxcaI#%UxL
zJJ+XOerH`veL+)5N_yzCUqQ1*8vOZfM`GL#<<h#aZ`8#{*ABq26p-BX)oyv1|A`0P
zEtPciLo!M7quXSN-Jn3j*S)mL9M9!`DP9p4hK-BIbek|u+Zv+)Q<}8G*u7evWnKUY
z6J590yd{OFUu(K<hkJnVq{=mk>~YoPdQDY{bM0t*a((JTynRc{N1iAMS4Vnj>tO^p
z!X+YVc66NkgpX;6=KHGq@<E=8;))7*Q4`~PBw*YJ%d8RG^Hs}?<&ekV^vzZ1=c19W
zUbEO^-6?<Re6bwP*JOpaR=;@xIk=-S7H8V)E#CUsmGs2j{ieQ%jn!i`!oVnQzo30s
zQbet(TUfXn+@L`nf=9{MrW;=4f`ON-^xk5xx9@Oh4&+kJhBI_}$SsWVN&2V4^>Eq-
zNw*Jw;z$y1CYbj8G;O7HAt79_l1GZ8)n2>dd}4`GaFlKtON~!$O0M_QoH9Ba{^Kgw
z?M!Wwr(fK6+{yF|ciV-9<J8Pm9DFZJE+W&2Vr%SdSsKJn?rM&+i&DZtmd0XQ2hWY-
zV?M{xlTVdE6{^(MIKS#g?O`qR%5(HATyT)){cN0+OWPJYp`tM(+&iuJZFsTEiwwBs
ze9&qyA*iXg&F9f4+aG|oyEyXDf$L#)aF6qIn4*IIi2QDzT$6|(xY^(B<I|q7n}AK4
znAb>sGM@@G@A+y~sfuLI{t*p8?!L3}A+Nw{ahAhoVsy4d;uUFb{7|kEX_nD~_Yux>
zRcTg>U9X}T(w%9!INT5|Pw7~ETx5Q6A52g-5v`3<-<DWD@d3Engs`S3n$6KL?UUA9
zszC*_yRS|feoDHYAo7{T-CnL--xm$+%q5Js&-6uD3r9aZ55jUY(*UgD9VZeS_l}%w
zeZUbKBpxRSOB-eGip$oIH=L?g|0<VDE$AqjE2ja$c-B5mgvN8;{b@q=MfNQ?wNahe
z06r1w718s#z5wKsMNJVT>Y(yC;$z~HB_@)}IJbyF?Jeb*L0c%iyHfJ&jnzj{^T9)3
z<mLmuDvQn~)k*KXj&!p}h+)*83;=)){WXKwOuGj#aVUu)eOhxvLGHu)(7H%=-HXxZ
zDT$B#ICLwZWHYBiq4_@_3d$;TjV0Sai@dH?gOOyf-4?75<ap`FNEN+|IMeW-sT081
z0d?6@&W^X1mr_L<w*De0n@NDUN1*K-@wwU9P)sk~x8-^$E@H%$SA*+(`2bO)_o}Sk
zzRW&s;`k>_N|8wOmj(&RW&2;;C1|tYk!<!v=V05F(|NhO)6o03hspUl8CuonoHy<&
zMCGsB?P)O=Nf7kFmaQhg@~^mcurC#bjl#t^>ePp!pAcuei?!99ne^{)^a?!qMt5~n
zr1v+AJ6~``I-mGhCgHAXrFybEM27Q(9^rnY;Gs)We*1bf)BHIelDfj_^y;Lmn=|So
z<|7Mjg?w8OPw#qfo=KC?4O1keb$q^60%O&omY8;s^dqZaf~oR%h}#J1n!Us*&uT08
z!O8GPFrpgp{QEW+(u6@95u1j?CbtPyQsaaGPbvp7bTDFN#=N|EY#J6p59MDX9PY!1
zwcUqC6u_UdBkJBgMsDBBj$^;0BoO%Dxbgo5jZx@7Ym7pM(7?F=Iqv=;pJL-;{DHfF
z%BMKE7~1YmP6!vb{}WmCAMs&(GUke&^s%#J!-Tvv8_=>xzT&u*8QPdU!lyoSP94$e
zn{`uc?SE(dPSgD&Y5-$Ph%a`f4cX4;Tl%7y?8m?}Wb-n^h6^u(H*7B1b)k$(yU9dy
zmI9AOW5vQkGaBcGWVvi(0ktu#rUH;{(S7cZV_@UuTKJ0mJ&I#xCk2qVk#MbNNUGL0
zPeIT&9NyJJR(P`gwcNE8$;VK4Yo&?Xrc<-xXhPk}<T{Q8iiAuMHofTN9Lq^jZe5w8
zH0sT6|7_t!Aol<&kP;xkl$_()Ogxe5y84Wz-wv-+)HJ`g%2q}O>-!vLs~~-iK4VeI
zZr94DS#bA6%F_IpM)~ZYeE47W#Tu|ce?nTwYX9Y!7#t)sK!^WY{NMWG|Bk-sYJhl}
zv?8)aZwOXUEam`{p;M50F;?na&I_2aN{W`|FCA2j;S6zACOgHYY7bF39;>NduV?t`
zEE|c@(P}C9&o^hsH9IazSRZC-$#t$+34bxu2REzYc5p0Q5X+lZgT3STeX|<;jaNB(
zXg_%^d>U_iccIR-+<AbgxAvV?MVW51{_Q31TI8a)8SR+K*|wF^!>2maq(o3af0+An
z|4$LOk-pyBgOs_aDb7OXi?D7!jF6}jDq7Dc*z{ryD(H|(FL17O&of-7Wv$vw)v!{d
zyye*34oX|60I{|wOsp;%*SAaip#t3NrH@Vu$7mJ>?QLV;G}XdXyo*U~{u=iFU2XZl
tUL^WQ(eU5ZmVZ}U{<&}D|KF=EQ<}v_rkVPh(jeb@`Qx>tojEn>{{U9te#Za+

diff --git a/examples/provider/server-ecc.jks b/examples/provider/server-ecc.jks
new file mode 100644
index 0000000000000000000000000000000000000000..77cda05e368a0d5e255e4259ed33dadcbaa0befa
GIT binary patch
literal 952
zcmezO_TO6u1_mY|W&~rd;?$zD)FR!~<Yb^wgY&hr*+B6V28~Az_}I9#*%(<EwU`7M
z8Ce-v8aHL!{Jy^J$xhjMf0tOzWxx7$Um8cm-BzEzP>;Ybub;~um0R=Bw)&r^&&^}^
zc3sLlw@pRr_3Gu*it?wXcAgdKKm6wYjtBqyBO~l`PIDaS^xEosX;y$6vtZE8b&Z_N
z)rK4U-Uuwx?<`d;oFl>8qd0p`&)jK&9aoP^KVY36xN2j`17}`OA8W5wm-$7Qf3|3!
z@b#`<>UU}SW}Er9YF6)V=HdA3{NFa(vb(yj*(;=iFVpwp;VWQ2vPS5c8dw5-z0{zI
zX(151FJNY3WMX1uHsE68&}#EIXUoFOWY9R>klTQhjX9KsO_(V(*ihI&5X9l&;R;VI
z&dAJ5FUij{6aWSbP>`L6JvcS7q$DR5Cc?$TUY?(m798wjC}JQ4Qp3%|?UGuSnv-9U
zo0?Z*C}AK55@qJ$FE20G1F0=8&e2QG&oz`ckY(cpI-~77FC!<Tm_TM;TD}940s}d5
zULzv|BSTX|BU1w-lPDn9#1I4^T!Y4b3SI7+lUY!bnQX`d3=pu(nO&WoDRFV6fiN38
zIAoa^p+U^d$j<D<z_QzTjgNYO*D<f9EQf9G%{RMUq<e14EA3yW6*w(*#9kyay<G2m
znQ8JY!|3Ug6ze~nm$)@ikjbR&g+hcecY{gijm3?f290gN5MvIN<zo?J5s8ged%vd6
z?C0z<QEe|(Cgt~=It>iuLDI@Bz%XwR3G176_=D3uiJh*Yc|Rwge|7ltQbhwEkOE;w
z#{Vo#1`OahmE{NVfC+(l1<>(8SydKLaBu+g04pmyGb1oHa3-{QFt+`0Vq^rVV{<@G
zKFl5r2ChsB(R06Kigz3kHnDANyz^VVW<fGT`&EyJbHYzD9=sH95W%F#&^dYOHkNz7
zwlm&xpR+2l%lX(KuW{pD#rj)a)?3sq9&Pm8l5Wsk<Y=(s>vy}A(PjzZJaf+i0Hzu+
AKL7v#

literal 0
HcmV?d00001

diff --git a/examples/provider/server-rsa-1024.jks b/examples/provider/server-rsa-1024.jks
new file mode 100644
index 0000000000000000000000000000000000000000..316805ce0c6ab077980375d5ee36c64b42f2dd5d
GIT binary patch
literal 2837
zcmezO_TO6u1_mY|W&~sI;?$zD)FNF&10xflScCJmlIcMC-3Coe+YR{GxU|_ASs1mL
z1Q{7w8CaT_7BhO^sPo%y&N6S(u@{eCbWU~heN!E7dcolF(REhKw4TilV|5lca(I=b
z^6G-MVu&A~NXNP#nr)(|wmqmd<yE__HEpHDs}nA|MyhdnP8+q@4)x2|-0&;Dc4S$b
z_wVIBz2<I{4o2Fi=vwb>4A^%oN3#2W`0AV1FW+uH7`G*gx$K2O$?HqX?5`Hx-`E%2
zaPu4k@125{mz$2Rcx>@?Pxl5z%~LK+zfA1)yP7LbmaP`(vy_QD-@buIDm~cHMcOH@
zVeX68LcSL={Xb?gbKQNB(!1D0Z$ZbBJg*y1oxGiwJiNIxrN#T+w}@1U#PjJ=&p9mo
zW>pD`Z_Vjqe*6C4s+ICnPAN~7`|YS9@_hP?ec_5)JNEaO`E0V&+xy1vq*_By>BZOY
zV>Ymh%-vL@xG(F#vf{amzShrp{MIRp?<n6i<2A|--nD0Jd0ph$-m*Ae-KBVW_B(Nj
z!|MZdzdzCPahZE5)++T5zn=VVm0s&`&;8Y9_ZITZNd1>Cy0&M@cOLyS(d*)!nz<#l
zK1VRI+i#EcdOxMae-ZQN>#0Zllm%*Xm#gaKTFz5@9BZQ~HS_rIpIP(zm$qd+I(H&@
z!j>x<iu2YTuPQm9<#MNd3tz!R{TQQy-_!4$G28dbP3Ga%0EHvnv2K?dx2^VP+f<ZT
z;}!JZIr^coT1U7?W@ql^z|9}pVpLv4J$-yUNFvz${N$L1%^luhPkp@FHGhBM{cvbQ
zyz1{ObJe`3|F$%0a_HT;(%{I^NAdcRhs0keXV~U@PM9~#+xzi}lbuU$S*_m`Q8O=V
z>I2FCZ!=y#yYOUIhE&bnpy$TAJ_U?#g0eII-}%6G?ftHAY^HL)p)*gvH_<uluakfN
z?!DT19D0o%`?OuQm;ZH_+<#_%zx2hgDz10pK6jeMS{J#^e)Y9w&s^UIaQbGA&@(l#
zWME+aX3)g^35cT?Ff%bSF)=b4@Un4gwRyCC=VfH%W@RvFoN35yz{$oO%EBhh6dG(O
z08I8k4hIjrZ+>1$VqPLlgq?@oDZeT;H!;sp(10JLhKq+III+AWKfffyP{KeAB*e|b
z@0_1kT$)ponU@|9%2hBKW*+|X@^ZcM{G7Dn;vBu?{9HqM16jCRI2pwRGV{{%9gq|l
z$cghB85tNEni?9J0*#6Sa!m|D0KzqBoJzXeq5k9IVF%e19PDE#Y9I`8I!|zEK|y{|
z3B~SioR1vJz@me>u@@N9olK3546E#x&bch^nd*G+!e?)p+nzjss!~~V?`0i%QmoT8
zt*KvmDO;foo1OloUT#ej*T|PE_at6dF^}DP#JqP``lk2H>c0+dIh)Opw&hxJfjo!R
znew$Sf0|tRyg+y5^N5uP5?i*tvE^F(H>Rz4Rkr($ZoLTaOra*V&}Sn1Lkl|o{VaXR
z#LURRxVVYY%b<zT4HyB;p|X4|Vk{yzZA@R4@G0+`^XHf51kQucTg2wq7&P7l$t$xo
zUNmSt*C29Psb53q0qeWVZx0vRp4?<+CA)vc!p8Ya8s`k=WYi?0l3}^gYLTW)&D2?r
zMlV-x-n^>a(tro#HDMN317=3X{{}K3o*)Y_Ei`ebRwU*Y<fMYqXgf<iuv&lwlPZgt
zfe0H1uu5QMWoKrDvzU-08<?e-fwA20^tbA2y8V%_)%=Dh%kBN2I~24xZtFeUQK=&z
zyzpt~qT*A***kt`uehD`uh!GY=-|&YcM~RgpUG_sJJw+`?fZY_CFvhJkI3D=liK03
z@#gEOOx6QeZ|}UUpPTZSf5ry!pn~0=(pOse-uU}WS6k3iv~b=2l~!dnr=Rn(O2zPq
zK4*Xx04%%)O)Q+i0-y*|0ALS`;Z!CJ;_?h%xo~#PUH3QpwyPXYmJXRw`S7@*Smd?2
z<#T%<b-!g1-*oKtli3sZ83rUxkJwtTd2e%}3itl$ob_sVbl<Gd+mxbRrEMyyyQtyx
z%)e6#rImX_ZtErWHgf2GQ7KZ-`FXPMwomD<*^EEzCB8hX{~bPM(wUAUTNn<ly7II`
zVzZ!r@qufaoVdybY<YgPTp+hxh&Fy_71)1#<DQ$>#I{MzteC7T{9*Zz*p(FzwC;Y?
zTVTkd+OjFeeA!=xNsBv@=d;*;vX<lRIkMxT=d-@B-eYSRey#3Kshp7XuinwRd|kBP
z_sxqkEE?WAh3v4KlDy3I_1V1M+N*K@<zwFm>79F6P{+${sj%_$<<LFyQ?2E`1#<7w
ZiS{ZmTlOTs*y6$3UBRlHpI8<@1OQr5^Jf46

literal 0
HcmV?d00001

diff --git a/examples/provider/server-rsa.jks b/examples/provider/server-rsa.jks
new file mode 100644
index 0000000000000000000000000000000000000000..fdae9ffaf7353eb2428e4ee5a6ef52d179782ba4
GIT binary patch
literal 3912
zcmeH}cTkhr7Qpi*p$7;>dPhJ|$w#C~k-iqBt5j(LLQRl>SO_JsperJR6j2nUH;sg<
zz=D8C6_64-K{`Z=D2jj&w$1*rZ{EE3{@Ho+?#!9F=iEDU&pG$p-#xqZT{;8;f$j<L
zi?9;h11`G<91S42?3uz127+=R5C#}Xf`11&7+DW90&qY9$^`%n5I70G1b?tu^TC80
z2_RaE@7|tZi=IFxo@&&gY-&w8y?{R@4#h?q@>sC=9*xZpiZMZ{zI!rOJ*L)eaCUm&
zVXW>DebTS<saCwUrf=gwl0mYZw!X<=U7@9w8$}(`T=~S(>PJg6l`^d>ZLhsoN|lt=
zx(lrbM|TreT%>K%VCkqtlI}5Be1Yv5_FID0!g<e}!#Y>a@eP$mSCDF5mZF84;<6U#
z?YPm^>9Hx$WxbH;>T90Cni}1^v3*l>TnhC0!#|1}fN4eduFEzEq&OEEF20ucx1D1&
zAvqZib-vo|ZKjE@Y-;JQ^GU~vZU|8^wGJ60&qi!7Cx(}-2yAgR0B4$;x^~iN!Tf`V
zxkoavZr-t=A_t#Au;Az`jIUGuuvqfeNJZ#@%wv_kKNEY#*7_hTgt&gU>y-fqh0Z!V
zZ_mz@M&pO=pJ}_$TU1!Sms`>uza;gXe7@#Catp1o#r!acNIrG;t>ofs(>ztX+6MbK
zTGzM4#ae2Xx?4|>{f6gQDo#Au_^5Tz%yFfG%3utw&OmyH^=SmCFpV;v*0?L|V;NMZ
zWarcES20svD?gN5;p;##0VE>UwdvvyrCD797;U>5cO-`zf|9zo<x-D$be&tW)Dx(g
zZnYsl5}M(tl5Kn<ZQ=h;q_%VN_MMSa6}JRe`vkK578tQfOqY%rPWuJ99DSyY8z*|N
zCA>(#q&o7n+QTE`ZU+bHQ^7QEG;87vCq}tgk(+;H=eXx$D07j8_R6<pwEB``dCk%_
zc@6%J<6&#jzA~!qb{QX}#~TaB$O%qO+%r@+<<UnHJ1ReY70}dryoHH7gH)#YI9qR6
z<j=Z)j5Bie(YhJ>0Hq}#T4$Q;70Z-+Hm@f6tVU@TCDoM6_hNX2?ojgaeu96Rn4E@#
z#uOA**6?9lPQG$O$~j)QG(K<>(CMFgrG48&_=}9pjIVtNCZSTjURvpq$*ze`{^d<)
zeC7uxeZAd`E^-Ki@s@a=jYc5nCdEAxWsY+cSXLceN>`J+UubT6#Vz$nX~Q|HB9)z$
z<KZ&mbao2+C0(gIliF*NqqP22u1sTv%muTMmReP1Bl3Hi#*2g@dR1rnwDDVV>Fyjc
zw|<q}r6}wB>Bd|8AByXa&z{0gG~8Tu_@<VVLoJyA4j_{{<T0KW(ZhW6(2yrOSf`iB
zB7BhGy@2mN#Zu+bWwTweeX{-MBWJN(;_ungyzA=K&Fz!trxhI+ReDIila()7x78}q
zg-|qD<=YZGIWTVi{<E9YW$T<1Np<Ev-^~>a1|1&gXU?CPeg0GNVDe}TjR=R@sbrCH
zV=s0VEM@PH@f=w_#$iOw5vLsyd^<a$_vwW-S?ms@XsWZra}ojA9(Z_r(gS<{c-IK_
z2~v04%kX7t0(KpFae+IZsCgG-(DUu0Ys1=Biv#n*rk!Wr&BjNM`~y3S`8h17o@5_#
z=y=4YzWm*$9B}STD?fP$I@ykRpY926PpKyg9*ALIGu!Ozwm0wVCeq@HB6fuBgyUG|
z=h}<bf_f}^xT|D!+k44xnnzc#E`@c2DMA^9MAW=0V7U>Re~Q|^xowsduHWP@($uHI
z+WM{yjUThming{(6TpO+f>*BQC9m?L<QTdUjsu5CuLZS+-b;QH#?uB|OY*z>m2XIZ
zN)yP=Hyp~fzhIKVMo|Sk4uQaz_lP(Tl3?8#Fem_p0szR)$f6K^DteP00N5BHV8lHo
zHjsr8b{@{i13ho0gxtgDp2Cb^GQr~lU2rbHTbK|``uJ<^el9pAE|7D74=aM%$|X1u
zj}P=z;sLq#O>78O13Zop<QwRP!zu}YeEUWif-^WcSTPvy>p>v+Dq`?{O5&jCA8xP!
zd`K^x2VVD28$dCBb~GA9E2$`<RY0_|-JYtfv_F1T!HD>O-|gQ*V?{9SpJZiq_V>`(
z5KLA<{{HxY!2iZ&5+L>G<nH}EFcQEC0Z9NWlmq~f`XpwWwch$Azsg=CJvqSrwb9e{
znuB0fQWwf};Iqh$nvloe^08sN4i7DYHh*ekno~jDq19fmM}-u*<@0a1UA+EcQgS9h
z5w93cO(F~z3tLq?=?n_8%b3wH7>iqMZaO6fRXHLK%9N*&3{3OqFg9DyD}>xwfdZ)C
zvqnKcu?qSAb%$=5SJn^5ykc-oFZpvn&X1K4YObRs%Xd615VhwhG(RVi8fiig3+yIu
zFS6RLQK36C`AiM1PsqL{qrL%ih0{<CL??%%rIRv)U-0y%5T-85w0g5Q9(T?zBYWxV
zvn)`VYmP}!Y^3rEmzrp^E|JZ>$rD4}W+j7A7ytpXNPy8^M)daXA9h}p1I`EMrEsBJ
z6H=q5TEBE_;$Zr1;v8{WU_{^kx->kZ1B_@5=aq}Yas@WZit5mhVJO*DQE+CyKQkgN
zJ0j(8TEHY;+1SLdUpK@kK)}88Sih+++QSPQAYwl%9ykLC1Ay<K$iBt}KLGNO*xawU
z`1$*~@4t>1c-US~^J|7=;Cvu2BlBKA!@$4<1OAvn|6FQ&?|84&0EqF8bNSY*t|pY`
z*j^~>O+h0}oSH+yW^8jvx?tJGifnn4lwq8f+%nYR+f*XHLTJ=cM!c>Ful9W)6&tc?
z6{R`5DYarrzLRc>(o-O!zCgu3b*7bidJe46y^}Md@Ce82hF|gB5d2uA_s|f3Iy!C9
zIOZ$2(TS>YiQSDVosIi0xrbAPLo(vuE@*b%>-urxoA+U?ee9v}SvF%&d&-#;NKFLw
z&Dsg=4iw+zg9a6vJ8w};oClO_9Xq26NDShLlnWQ*PuE7BTxP0%yOnX_!PBXN<Wg7Y
znJxW(=}{3M2R-d|!aN<F*s%$<E31oYBgj669iap!ON4SS&a6Ow$KG#^APF}2EB5~S
zGX6(M`1b_(zoOyKh_<7=rD9R~_MPhDXVy)EkZTnxk0;uQu+(?O<1mj83Tsp{5yy0n
z4Vfxw65h@&G1p->ZbWPi2u3fq#lQ5jM8Z({ACsEbZn<6%UcutCk$OobtPkGj)RTMt
zFPnq*`SZ+2Lg;x<uH9Cb7b$L`uZJX&lSstV4(gr3GAp&=L00#)wA(QDj}Mf;6Xih(
z_Gpb<*664rw$8j79M;8CB}WOu`bVuE?h0)ai>|5aq>e|0Fkrj9dDUYI)?&*&+dacB
zNgV!^f%$X+l_lF-iGOa#Kd646c{kApzuU-jnwgI+&jbsxRKiM|rqV5pM62OLY|GR`
z6ysXD>eYWn!@nZk|7rN2(9m^S_>fk5uXDlqI`7XC>%;SzLMhMVgGuz3V0o)!0!Y`%
z+C<^rfy{6NQMWbygyqVrRi9zo$c?I)*=>KxMOU=HCojin*_y``uBbNvKRj{iv$k9c
zv5wYL%vUmKR+x?u!xcCZt?jj1{Cd|N8b`HN@5dF@hw<cWU~f(3S}3i-?n3gLnnlA@
zT&qMga*CGGo*zE8o#K1EAr`v0MUFmTsp@NNW0<!jaRnDT578}7rCNRDF|JDWFvrlJ
z&18RWjTebxWidi!($p~J2C*56VNHFsr<K)4JYW3#uQHmEB8^iAFPwBs^Y)9omcA0n
n=@Z0pQYztNS!tAuxQNgfzoVH`RLT!h%eR`}VWMr{y=?yn@$@TC

literal 0
HcmV?d00001

diff --git a/examples/provider/server.jks b/examples/provider/server.jks
index 8d8939568de22b7bb3c451e30b1f7d5b96e7283f..b5f1268c547cebbd54cb1ceb2398434b06dc8c09 100644
GIT binary patch
delta 2286
zcmaKtc{J3I0>#G^$yOTsI@WA4W=I-?>`SGr+1IR%$slDL%S5)q*D_>e5)oOl#Hpm>
zAxXv(lVT=ImNA$?82Y{6dGF8Pd-t6C$NlI2@j3ULyAe381U;l5(m@~)_`l`=aYbIo
z-nxzjfjE*(C$Ko+t$-9RKCNHfhe@yt6^OET&Tu&FV!ZXR2H?FYMV5`nQLh==_~2St
zzD@^Jklh`VifCeVwp@Yy9MT7;WH>mLhm<daYvs7-L*@n61s$Jb+Ls%B6N6{@8?mfX
z#8|1&DZHjL(PZOS-EaPcxH#NXl5Dn`WW@~gw0Z0owq$rF5w~f^t?Wt8GU!;4dS5T{
zT}TeoU?~_?3~jnS)3$JfI~W}0U?Yx?8p;haSa;0HHRcQC_uxgyl{v{ioT|DUG&%ML
zyw!BpOwE0<@Y)5EqPV+2<G`kT`k%C%UmtjMuLqw}wTAbd2y$q;u2=r~M%ghI?kTfc
z<7`0e*3nkH8ZQnc2?jsah`ZJK0h=?=&546?eBg15DVS0gYiT}CHT7wl(q$h=jtmu3
zU8KJ0PIWq=$HNB|GfnxDrDSe3IzCT@+`42m9e+rR9eziPjTT*Rt1;d#+J4J`>Jyk_
zw;Bre@&u=W#q*P>XxB;IJ<hv!<I0B!Sx>O=<9;_?Hm*Yq>-k`k$X#FC0!!WYy`unf
zH1=M=x@KBfY(vO%Ga(^)*D&hN*ra{L-O;oVXR`)q0VHGX0giWn^sapJh+s%t+qEBc
zgC`aX`1kUk`6h3EJ_#AK_gHd)#I8~)RX}q+x^n#$@ake7s=vMhDQ!{zy60o{o4eRK
ztEB=19EmL&%I?hS^?s4I*Sp=Tf+>l;Y*Z~UV8vZ4^79G@f1q3@#6-U!Ux|I%vgw?P
z)rxPDbq;$}BP(t+qPaOrv1=4yqLT}dzndLad^aOTK@Y-$t7#kHn6%k~c5=8JY5jQl
zmcP}$DrR85U!B62su1zg1}ZZg-gS|Jj}peseZkJYO+Dta^<GAw&)ZsEr~I%}=abk{
zmiTv19fUly9TXvWd(ge+XE(ai0PrD}d<%YZ2rZpGb4I!mVfpGg_l~$9@_dW2|Lran
z$>m1^P8-MU@bu&is6|@<vJ77?7gQFfh2m>iSE`KDkI{a4le$>*r?_1t9;e(xvTeuJ
z_`*~)`!YrpIQ3So3TKqvE|t;i4jub0aOE=Fht)f;2t@94Dq&r|re{t?_NYPNG?!4f
zl&P#zaT^eFPvPD|wRJ|E=>Y_8ivF&N=*f^TrJdtMq>nt9@FTm{DGzP<8fnSKH`^Ay
z%54mUO|FvH5<-wXQ>m}_=~VW>Yh2X%6qP${k7~>E`(GXICK+i}nm;^HN6BZk@lWOY
z1}gCy{3P^g)F7qJgz@IQJpt(!y=o{?ni))w`p7U^)rQ=Lj>LF!Hxf&$7TldOzF)ij
zo#25z%0-Cp7DskOP*^e{?n%+tk(&BKb{!+-qyC+0l@_RZG2@zOub6p9oP;u+Hz8ig
z$bsS{1?jIjK==z6<!~L{`onvw&vj{%kAd6KGW?AA7&xG3Y57oiAx3>|mm(6;U$X10
z=3~ScH*2q@9bZ-(v8eP#$Ar4llw5p#>|Gin%2`{^dZX~`AgQC?@z@<Z*cMNuxoe)u
z659UWnmigkpC1^>w)}wgDLdfL^9mtI(N^Bpv-8y_&sL8g-r<D<7p<^cSK-g{q-xZ4
z8CJS(@PwUYK<91u0lPK(2siP3n~am*WO1fGp*q*N%6{Sfo3%t}Rw2%UWi-H=x%U`!
zb!1Z%s)aQNUO;}xz+rH0U2V8746frQ$`9Ak{#*Zvu;g5TLmb{RD-;eEQqBf;cUdwm
z9M}S<AT;eain7E4Zc2IMZ0|YNxUBnKYU#};gLyK<&HeA|dDQM?_r?>&TRq#Ks9q|j
zgd3b*1$*q%08G2Yw3m`>R~<(0&jcYTe#ZfiT-cFk*f%{OUe>yxmZ0?;EVDIK`XV@Z
zf<X^0s=#CTyyDDuF<(HK@2R0vQ=&w8>9TG5?kRJ_jvvrNRtL_ARpMK%UMv}3kvqJE
z94h#HcV<6SJ;*&<<;McAZLoWbjp0co-(>%WA?lNs$Sp<FcI3gZ*0B@9+OA$h_}Uas
zS-xUt&s^&_c+1seox^(-&JP=CwM8%dz&3j(;|kMKVICJyn~}fhaNyGp*sZk-|1nbe
z(GiW7s3K_Msb%my19&GU@y~o1Vs(=L2QY9bMgWY2p)F_$2FE`){7u+zPEy5yNcO39
z>I&V4Zc=`cB#N7JV^ZjSF{%y-v6FtYZvaX11S!c>I$*;jfAwX@dKkqumDQ2Hz`iNB
z><7OYEF>`9x)DeVuOnkIl$nTa)al}cF6v0V$n&pu&xm|7;k8}~F75_>X!54VhiTN=
zlKXYtI7k&MD2rB&yQ;l$Bo9>6(<_bB_3MzXsH$6q2d^<dT8TVj$s{iCHKhsLpS@vw
z&Ftw4^mcgSFOYFPVbXyKvF#uPUh$_l&Og~6$d$tL95>e@QT6=WOtULAaXn+yhL@e@
zkl#1Q?{L|rq}md`I$H*mhNADs5*eu{!lDH%<@1@XFYvx#St(#d5yJWJV~zxXa2^Sq
z$oAnX?@J*b$?`K!s$mYxI~taj&txVK3e#YXUwr2a#*ukS_O2@$pl6QKlu*dVzq-3b
zo@<wfZ_-J+_kDL@6WQP7nT1NE;j`3+cVd{%m?}yHba0}$PjeM|DUlMeb9qjAyei=2
zryTFGC$`)aD}RaEPZ3;9&!%$n<@Cq0??ZCt?xmQ$<GdKhrPw)7S4ii+_`sz8X=Nba
zopYHk07*%nvkI01CIS6QFD3r>09s0v(>Xk?KrnMK)Sbu*5xv(9(Lp6APw$_OukZ(@
zk6Tg8Tn0Gak-cHpz;d7rpsM}ok4q>5o%i$kD8m~YNwO-FYquLInaI}D=V;Bp6)NNz
T&2UXa=3<j@XjGcI-qPA%>>x@-

literal 13169
zcmeHtWl)^iwl>|kTjL%iIE}jm*Wec1>EQ0tjRXl00t8EfCxjpg8Z5ZGyN3kV5Fps?
zWHNJR&dIs=yXVZQny>2qc&mEvcX!p^>s{+v&wAFr-o4&MKtKS(9~AflKtQo_gxENH
z!hZ(4)E`PAARq(5Fr;fR4hjYv3IGYf3d9EhkP(nzNLzjqRxY&0mBy>AlVfGL#wfc4
z$?MIzGB4QYeKaZ5fnu{pD!e7I2=mAZvw=B%h;JfnEB67$25Cru$vn&If)dt}@9<mO
z_fiyqZP8-}uUqe(`AJ>6=xsCJw~ifhurg@}T0f<C{ra4+_3$$V&)&-+R!g&Xe&w`;
zaolsRQxRFCg`3jSUHs3tHPQ3#%LwV<UeNWb;7Q)Zx+}&(4>!rE%8KrAaaJSMPR}Gf
zTYQye(YTNs7hSuZ^Xy_B50jK?+?>dF(1(7O$nmPc;Y$_%M=(iSeM2q8jw%m;yUWPD
zdOvY4$gL+<aJgdsew0EO6m7Dy>EUhV2D$0Ev*ZW*(*>ZDC$p#A>W@}+<BpwbwNB4)
zc30aoLnqDA_C$^f#5_$Sx$jpx`}_5V3+bRth6K1+fjxukCO-~6JFGl-fU@`jz1={d
z7rSc1SG7e$v-_49H{U(~rHDh<fEncx@@NUDMnBPZCtXQLkWPNATw!?%(_4kt-inkV
z*qoT+4D>ApZts)(di=uXy+TX2{4yRSG&=C03D2`Gag+gRm{M+@sjF9D$4(Hg5|&-$
zB{tlMP2P)C(cr1MWBB4UP<cH29Q(yFopH7l1HF4d-t+f5vqW7MVhb@4BlkX*^!;j=
z)MyR6b){uIRRKz=6G2&!qF!Ok27z1i33B)qpKWU3TIQ<lYinXEWsJd_RI9=I6Pb?d
zTOuSyRaGW*b*r2;2<)Phr+Z%(xD4KN7JDl5Le5Q^M7EZ=!>VJ3<a5s7)nlncVWe5q
zmKfGqPOqD%Qs&M5kSm3Z1(*l*N5%R1%!Fu6#6GH5jPFVgtE33gaoMUVGWXn&w!skZ
zJ~K3D?N`3Q*o0cf4W~4BQO2q=(h-GD=~d_oZ%94c6aE;3adr!h=e98c*8%ZZ(noe<
z*n1vB{Zmx?>rV`a=bx=kH%*n3caArY>1^Jlvp#So01R+QTrXIeJI<|fW)9k6BDITr
zG;jgobWgKVjI39Z#aDB1^G0hWp7aS-JjX&_u6i44m@9Ig)w2hvJx@|1I<Ov#NE48L
zhOe=wPcXVN{El#kM#+Y=>4>X1lsDqivHN7uV4Zc*$n~_x!9oP}k|y{OGuwlfxH;K2
z8T0oqUN~C|1!mD$D0J3rI7<{#Rd{ZnK}C!F(9{^-yNrlnOJgo<__y;Gn93s=-c9hv
zFY4YZ>E%vB111!XU<Z@ba$XFlmepaSlr-4y;0kOmTkeJ9_I??S6&To#`C_h~?!><r
zaLfqEJ>VuMgbg&c`1|eX$x3RzG`yg4?hM`^30sSJA)swA-Bm-3H#m_+{x#T*`z6j}
z&TNVu`g!ZPgz};M3B{+VFa-&zp~g99uW+exv1QL%6Kxq4lNv%CLRLC2WwJ`iq-KiM
z+twXm3>^@ahNy{gX8pP?K@j;oY6XRj1Aos-V0W@yM8s3mQRKi_0#=4(3SE{IpLKCz
zLWy8BZy5$fnwy9Mo5DiBPpUMg^cXZBM0{kDBD5?{E=#_)wSSZ~dPopZ<;p^Rg^xUm
zu0$+GQehfeB^Dd`kWeMJhUaFP@PlBIIz~m_+ENTZCf-<l;-iNvMWd4_)rD<Ok85+f
z8Ef`!>=22HVw=sxUyi?{P`d73Z@O1cphj8fJ$497a>iXJ*+?*_u~kJEbM60f(U0~?
z@jEgi8*uW2h2elm2ZkY2!9fu@8xaTq0zuluf!TT*^0#5T=9RO&)AyUV=DESxDCn$_
zijk+-001U30vP(78xxF<f~bpxLI~8==Ej2qDtv&3g{tP_>}la_@#_pK7OJ$1zm1cH
zGdB^K@Y@;;EG!=vM_X-eRWlwipAa`0nB?0uCKjHCyNjK>g_9G+*^cA;D^f7=w^xW*
zxIR8UoZtTC;o-<><>JIm1E%_IL+AivJczTci`4HHfT>BadAPZGc)&coU_l<fd+;G2
zSeTpt$MCOz02tub?~M-6QHU@AE&><^zyQJk0E9Ng5w>gLd>%Pb?e1_k)<DmU#v)cN
zRE5bG0_CVY@xyhHfX+7A=i^YtD-QeISiAZhuWkW$<xz^$*t#L?^ZlJeD0M(4qC!TK
zO@D|D1LVa9DB9=)-)YAiP|}HAfQY~E3P4XU@dcrD+^Cq;Q`P;E$R$Bd3alK_lfyh^
z{tqjIPnIZxo9?C#<82h8fuUuzm@=RaPrFJUm`hw_Ym`*FKv*5Ml>04`DJ>fYk2iz+
zWCNu)zK#LS1c>8z-LW;CMDs-R(oLUr&tOGV%*4#-FwHrAEv~;|RBa#e`|LIrDMd>7
z#;VHwF1S54Jd#6?Yl`SJq`CCu(rEo6r)~_02tWYj!2s%Ti>Sc80a2F<2Z<O7#5*l#
zJ7xcXG*}1Q^>$(x(^P~_GZ?z~?L9pbbP^053;pSu9B6(%H0Lkx7qFj)C)T&~5h5Xj
z5dnZ3Fy*%qJ`z0OV3;<(7EZ2?Hs7M=0a6H@2mN9zMkHb|2n7w!fsm0=5dpvb0{-6V
z;E@h@Isn4EjWt$9N2J&@D2RLzwA*zs)|Zhu!%pSwA&`(~(M~fvqEan2e7~Jdrkm?x
z?_STHXKXIV!gjPffs@%GD1HN4>^)*eP3r)KM+dN|LvcCA&m$^3#gY_*IXD*CEO)-p
z;beJK2=ld5>zZYKlJ0$-AZ8iKlw4I48)%~{QB!=PiCqA~bz!@<OktwN(<+rUNSUu}
z_vQjITgw$CTg;LV4^@bSb=zKS7|f3+DrbD^uHHJ=A}bd+OJOOF9m+JGTo`aTa=WTl
zBTYjyiuuIW*Jz(g2`su}h<%2mF{S7NZAWm`v$H0z(7UAn9IhmA8X}Y|G%E#du6<Lo
zH7IoS9WOC{VUip+R#v~T$^8lVd^Z@{@egDYTCR~@lco543sYeRwFs}jBUppj-VQ9y
zs?>P{<ON@D%a1tHdM(7AVE5URBtbO;I%~t05MCkP_wBtPKaX$^D~jn?)46xV7-h0U
zXe&)xII$t*%ocia>YFoD7rLVUTv^`@SfYV|s=Nmcl5ynczs_LZue8tNVv=7K#d$p!
zeo|K*OfXFeink~cm@-X~l`rQRnb;vGc6z_GZzlVe4{s}28e;n9dHC@oZ9>S3X|vk$
zA94bsB^ZWi3V)D(<OGR0sT|Bzvzd^$$E6-pk6WgT4s5^}C}{AUFer|M2n0jp{+JMO
z;ePZzA)u(c+t|4{bK`)&`6v=97P7X5qm2_cAsGML7y}DK<~u{Dm6MU-#s*`4o5aLI
zlDF{i<o?s}pZ|~e&wuYPw_iheazy=ZO&~lNzyCl4pdv~mAn7)J#+B8`5FgB}Ip|P3
zaSa&XVTdOS-MOcl%YbOfo;kap%TFK^?oHgOmx9s{c-8pDi(LA&@m0CNEwe6@kV-g4
zO29Ev<aZdkJ+5NtkYXXJsb7tx7JVm5*7)@i7&-tq{Wpy407F|tK|foQ15L_@KKiTK
z4hH(Ecm9cx_&Y~OR73#F0qGDHUM_%&i5a+r`NDFUH|jiC8OHR6#6^4L6Ysh^T4r<s
zY0ZEq`6GvCPZ8s<JMPX;ygA=4k;P@=Pr}Lb-dTPTd-FZuP&{nhy=~lo0hH}bI2%KR
zGqIb0Kol6#_6NMMJ4_e?x0p?PUrblZo$6q2CLK=`U~BnM<ZiJ>J$Aq{>r;-mpe*%5
z7jn)4Dt^(Noz|3t(cTDYr|8^;^pZ82-Fk83#PfuP)N9*>??h+iICZQ=D9`NP<^5ve
zch;5uACPHFsN=O8>j}1O*p?p|NJP|k%W9Z6e%|-*K7)NdHy%Lgw9-H7+8V!|Y2A<7
zIa0A|MJ2bhX=8n^-%b9Q2%)H1_D#KE!($hN(W}sR2586m5gA@W;}fodHg!H=@N$-b
z{!62Fp*W&0>og?l#>`CG>>N6VP*6jKUn3VNihK%VEI3Jvp0Y_!ka@H2z*K$szD)x@
zXOjr77tou6_fpn}oPHWsZ)cZ81a8l=wX46ETDAmn@)un)^x6f7woV7I&k23TndqmS
zeBP>C!+EBhE&;Ib+cq1!)fRBMv`>|AJ#><e72<W+xIpZH_>f2QOl%wX`G>iu=H)vS
z5!eBH8J}K&fu+V>$2w>1t`1Xoi(%)(Iuh9;UV_(x36H05LCW7=nctIQba*sRZ@oyR
zk3%0%AyAiUmm92Cez<|}VwB;MOWo#BY8sXJK5_Rl!Dol_b$@xm;(PzJ$$0Rk-i$RV
z*{d0Eg|U?VC@0mun$^8sjv~8q`Sje;9d{wlQ(W67c~;)zJu`-IFvDf8G{51(HMs^(
zAo!|}>e1QhO|4-?;`@%*$hR?w(_TCX611oXEgWk4rO&apJ@?E(qEtA&O1j5<?A~=D
zmFc8uW$!65CY=qTIO2`j^Hu3mx(dUc0hV>-#ojnD^1>|f<PtG=NXjU6zAk?blh~JP
zbTF)VlkW;EwMKFhdzT>ezz0e2xeQhleQY7Vl>%|<ffL$b$Gg5lluk-N6A%5(05kJ8
zrnIN;Ss@=H2n(o~)p*`f2u?@p7I`ok2)V-gpI})JI$#8$XD1BId3lu%CQUIs^>NR1
z_EVS}9PSRGoICm2B&yGylLKb^D(l-X;{l-Gxn>nPVht0US8EWyb)p!TrQ>cD9{<W0
zzfi5N1#cTdxJz;bl!7Ey&NJ3GmOhMAC|<g5X45k82?qfv8ACGcCXWP8I|Ajn8yfOP
zmDt2*gB+i!u-MZ`qq&nAUmIsR2V5B*S*u^<?ytMHidI25<(Kc??(6i&Ybxy}&aG;2
zpHqFX(gLxiDb`PYGZ-C=$tv*?Y$j^;#K3^plseS1ITlAXPDDM+I|E7ws^rP1J{NuG
zPC(h%<A**;hxE>RI|eg+(0C|4C6pp)f=xEnpO4%{y8jDP+rItUOO;JKh<7Ecn%xe%
z=<-Zm#!R27^XyFW45&GPX{t*y2(trs(m}^{jckz9tiZADV9j_KFVP+>xq3f?i!XHO
zu`ty3VdChG#ls*n#*Tb`^e1Jcjn>#p$a+?Mlm!UU7m)?FZp;pq7;Qy#qRjLk&;3K3
z98S55XdD;Vf-3l*%3acI&3jK$tw*KpA3x;{AD|Hq77t62D%J_LL69aqQhz&Fijfwy
z&Z2SU^%$ydh_#ZF;t`ksXpOjj8b7swQ6Sw(>2~*HXbSJm;^{!wlwDUcl`N4*nPNP8
z#~GgL$%J*)bwEZj!7AptN0un!jT-*)*rO-XZ>3>{nE0xaF+`f`Ly`j_YOIxL?R}v-
z*Lvp9m~XqROj?!{4o~n!(So^`@CLeZ_!{BR2t@d`K1JGrBjN^}iwyt5MF4=mqo`nL
z@*la!|4T87561n4exPYv_;|Xwc-sHUNHF1y#Kqae%h3~FhyF(?$fN)LwtpNA0}J&>
z4gG7KjfsV-?d9s~;{I>3rvItvY)(O2(Z6%#=2SB(cjq?1rc<u;sDT0eE@hDG?&KHB
zsD{9-i$c4QYvZSyUZ*j=sGs<`5>^@mnz;gBTNjdC_L>CLEz_;LbGmRwPN#Ux7E@@~
znn_NPVKb_)SXpVtVp>a<$h<3{H0G-)MaZ`5_!5F?Xz%Os;vwlPpi@~J8G!R0-dbnB
zR3#)&o)_}KxxJp`#qq{MiAO^K7hTnrttM8ZPQ{9o8D#^##|S!NG-wpB*1C;#IOmCS
z!^$|hQCD_zi<K{~tRR@@Nhl9}N{&w*;b^MIstIGyee5=2^Zd#;5NT=j&1tj-UfK$S
zTQ7^Y+gCnXgmsKQS(+JEFPZwa=#+yKsyn|UR2BF<J&)7ES9{KeMV%3)duedu#lX<<
zAB3tO4DAU8-Hx}z_iSULlHBFBs>q+F0<UjO<Ulj>p{ajS2Zn)yl3k<fP^IIF%GBSt
zk}DpJNPU$4PUHV`rKX3Wi*E9Y&?nk^`0@&cEchfSWW>I=%5=_Vcr2JCg<t0{?UxQ?
z_Oq3xxIRkN?k96PQd9l<;aQ;0vXLkawU&IyOkMV)I;SOZyMrt(*|rs1fq4r9{5n;v
zR+iaQLOJtte80rqz^s}O<5iYU>L%aWrjf>{r+4X>+xA_m?E<G%ffJ2(d%;+1(Q|$l
z)Wc>c8@7rfx;hiY1Ym@oNU!Cd8zIlZ?yjr-C)2u5-1sf$_&T^y!()mlsC_grXhrE%
zP(WqA__=pFO|V>-wJM*hM!q)6TTaMrC5O0%iZ*J{Gr6mOy;|Ch;9>vpTH^S{Fx4Ed
z10*iJwvtc9uaMaOH`x0@1YwAuew1K8{TP2Q%l-d=gg+7E{+iqVpU|)gtCs^*P8}|7
zG$2Hye5B@ucUaAzwbUDgm^N0th-kaVdN}<i$Qe}!6EBTUEwqn-_EW$5qFhjqyARJ+
z@1uH%79Jv3;c-gGVXUPd#lD?OKHi;_5{%5Xg621)uHG78qrwd|_Q2hjx&CoNER@Av
zyGMa3Z&F}EO2$G1K8*W~p<dd_V&c74Mp;BvV^oA(WFum8-Xi_)f_m0lr)H&Grs?KA
zD5N>GpI(z+2EFzdkW5<)4@9;byblt3@aphkm3^Omh#M{2Nw(FA9#<aIXpPI;dn8jr
z>1fwU1}@iagi2_{m@n1r5VW}M=<lZOYRXa7BF$j#Ofy%gH0}!c{WCQD8Pfe98vZN7
z+Z(s~I=OqHjKKWhD9l#@S8wXS$XC^U?pm{;eTYb8d-6dCwoe$Eddse5B+6u!L;uTi
z7G(0RarMS>T68yvV6r+o&apPzQ2p^9zP3Y9k}?D%VrF90a-*lJ^DfB=#>O#6qy^@7
zdwZvy*KS6ZcD5UJ_9N_b#L9+9GUo$P^^INoFQ4dTL<PdaROGWW0K;7o^+CzmbmGBc
z_r;-ecLL<6i7Y1))Wn<TGCH7z#j_96yB2B>L1iOJYsb=4xk#FHIxKB+U)~#k9hht4
z@`FmRCn#W!>j0`+mE|W3xjC&vB^50aS&oZjj3Lg4fZ8Q1H}Tqg7Xr=rxozNQDQ(|t
zWXvDJ8#kDT@0UXPs1!~R>%cHz^*<KMz}zN_Zo+3XEf1Mf3Tmak+P{p_M*L)i`}s4N
zr|MyG02T3~MUTZ$$&S~F6H!H=&P%(ngr<_mhuKZ&l@i<nBy0Sh9zObR32qSA$k}xW
zMON&UQQienOEgHhcI}`xSSf=b$z*@BF-&chk3WNkzjpywsE6DCi$GT=@hXEQ2Sd;}
zTaYgMa;<uJQa49?diT5$QSM+!=!?9*3S>OB{+bxVe!s+^!}nzI4WXl>p9mVE917ZK
zO{bL{^>S{^wx5dmt9vpiL^zp|iIDDM^sD(LsEBP~R=?dL*^A!pPB_9&I|$uv5%o12
zv__Fcijfad!@pB0U_my0Fq+O|aGkt=R;8`P#arjio)C41nY}5C35eV3<<?hT`R+bC
zy&mUsAJ*YTE44yO0#3yefZW#%Oxdfx88m3Li!o2%;UUKUN*sw;(-<-)JLq3iEQ5Tm
z?!`W0naS4dG&2)`MlFVTX`Xv;h`I}%M|Kz({52qbzy2`k{4oyjl~<%aeJb77Y>+d1
zvbv^>VWQzkh4)yBaMxi@wUg`auoZQE(pyD|R}YPF@uCiBDg7F1H1@hMOm0|O<A8!`
z3Ts109~IN3Zt?`bP-6~wdYm8N6w*%a9FOD2HlE2h@=&FMb9%1hJmZN;WO6oXjOEA_
zPqvC%Co+nK-eRk>Wn)cBigZeg2C4U9eErxe7ZO#oIiNO1Q4zLB$S?TjWY-n#eDH!p
zaO9TB*9Wwt;-3pzdR6i%ag-n_MS}=W{m)y1;xs?wdmUFDzbJXB+TRzNRHa#Yq*;1q
zE4C<#C$-8i{G>VS2J3)dFG{2iLtrhN*9WK8#ARonJdioqji{{6vD8p&{NzM6ILY1>
zuz>eKcAyR=A~^V{aveAS*$&bS<gEAl=!1CJcennnzM+KIH>B|T2Kpn>TRbd-fs!?w
z)5Z!#^BzUerq)@K{zJ+0r}W>xMbtm(zkPr8r|GXhN%?>E13<HWZ}V^MH)tHZ?->n*
zLJ=A~a0-=<J#$~}lNQYCrqi8w?^HM`uJiMI`3UZeSUfV5nE5cVl-%3$YKm+&vS&lB
z-9i9%{kkOBhp|2mzo5ZVq)@0|I2Xyb^7Qn$XjTn~Q*RmvQJnYbVaB<&>5$J<r@GN{
zrR>5+vmaCX<&ovOHT5=|m|ge$ZG<n0_BOA6O}u~K`+`Dn&z2U3_*f?FyxbzXyzn4~
zJAdE%`q`R4wfFU(b1E3<r=jsD3cY`%(}?g-ozK;weT)CRjjlFAG$=nl`}ipv>l(km
zr8=dD#h2>{<T727X2LDCcud*_mcUEJOa*ag<nt_=OV=_CW3Yj<nkGlmVlV|>`EIW1
z`<#ambHR-_J^bo-SqGkPF7h8lq}}New#Lz-bCz2&*j!H0yrs6Xw{D;x;1<mtZMGaf
zr}7;tFn&>q|JHiibA-?TlhzaRA}N;Vj#z^e#hM<kE6b@gx=mCva)rtMgL(Pq<$%GM
z5gW|(5pSN@EP|)kVd1>uN^NeImxJ8I@(;(uaz8CUDjmny%0fH!c@_|QeR1=KDK5ho
zb#HT4Okd96gSoanO;>79l5gJ7Te6dQPNu+!lJQ=#JMTz!uz0yjHP+D1C2KqSb*nW#
z8iHZ`Ab)`_6iY(_6-y_v-B4+Fb3C*wnHzB<;n;xSFl8NI9EjRT+xQ>g5SS0o>)G%}
z;fLIV_{Tm|>K{duA8jNwEDU`M4|}*`;|cFI{ZL8ZcMr5}EId6OZGN5koo)gG6a3O@
z!j!e~wsCZEb%I|L`;W>!3IFEK<s2cdo)9Z;EVx0wH^~scwaoqvjQ;06r+VIE)!Q1%
zoyrABZDNaA0(0&hgUMTLU;Aj$h1rQWEP$J3YGc5p3~r;;$8;eFL!`5b_&~nM4O#<U
z%uv4Q={#sO7#jIIfyBgwX}>sF;5^fth)tOhNWWhm4F=QvqL08&5DL<Z&uBZ4UL>uR
z({(;i8ro_*E};7%HNZRCNI)>c_ZucuxZg(bh9hF(_uC{?j7Z<i@mn7o-c&?4k5mLi
zo=F1$-`1f>{oZ{L6%fF(K-znDwR=Fm+Z5yN`~ka$@mB3IHJguHV!YqP4lpSB*6jmn
zS>9Efg`Mi%KUAB^(qcVN&;}{RnwdT*3+d%tp8n*8_1$GLe}v`Vi0Li>PE70J&Rg>n
zVw&f3xOYE(s)-_Wp0s7L8zaWWBzQtN@ksP&>Tx{doo)I08y{5m#^R1`?!dFjCW?WX
zqLS3NULyL|j*EMRxEMnBNNcTUQT;B3@ACRN8a@ZBNEQ=osRWPvl!^NqF=Y{^5R~-l
zPFStDGOpe%o2IVmK$68aRtg;paS4Px4{2TuW=XZSkudd>2~Oe2;i&Hkvw7(+S1&CM
zwD9_bD;R3GVzVe`XP<sfQb4BRZnNMr*~7@bO7bGT-8GHCJOin^+5~VPJ={L8v=U^S
zxL@OZc^VeDJGhs~mKyKAvK+~6^~#(pAAb;(t92SN6)WTifEo#f>>Qil<ERBqnzYP+
z^^P%{XwX~nqOt5`x4D6qKO6G~k<wd4h%dY<!iH_pFcKR!D)@Tj1sx8En?hs?I;wV!
z^A(Mxoi-uTs&Q#&ccyAp_h*-<SdN%uvGUmW9w87JKywUf8Kfiol+{#dQ7W|uv-^g0
zHvy`e(VayU9bJI<0D5w-kb26i*Ha2e9&`;Jnbo2+cPoVJ7%pOSko$*_*azkMi*<a&
zx#IPe_Ue$mtXY%WlFmrXX>#oWxLls;G@vAhSdkklN95`QvjIyqU75&hqxH$WtgtI>
z$}uzf2W0XmLiTD5%_iR4E*tDMH7$FCjt@lYz-e*aF}8VL%Dokz+IdvkT+FJkKIm%M
zthQQ8x(+V844Ai4gwca&H3T}xqg<?uI0mjGlc|lQKl0kQ1=V>SKqN`6*6m*2!%99y
z<zw&+;lW8g$d9(QcQ@vJXpgb%L2#|Ix<?tV$r|B5d7G^20=-Yd1Zd_bw#}C(Fw?qi
z8%LZ1Yue;L{)Fzk^Kp~n;C7Faf0^IL3}Q)F(5TkpfydqngWSC7akPMmsJndT)=7B7
zGqq5-U;j;cNBjb3rAP3`=$|U@>3_tue^Gh=fnk_fxPMdL&Hh{l`jZ;~DgXPu|D*i=
z<5C+Y7S<2>{omgAe@8rvBnqC6kto^7EDj&5P|hh~UHaP~J1yRC|KPzM^8}VaUx4C9
zi6X)EI1ZDAPtI`jRfEM8gP=)OyI@?MUHLxZ?XNAB0}cqbm6IN>G-x9IJ|&yyeB;O2
z9IrkZylS=xuig>ID7i9@^eA#rn2zN%P=OG@m~=mansi;GuFt(zekGpDaQ$2Uckn(V
z#=qr>L;wEi<yV$R=q;bZiL(O1(3v0l_Xrp|7z!G@mB7rtjJ!9t+vX<TQ!XGv)l`@R
z&B}*91w;S3ZUh4{C+df~_)@1wie6EqT%xQ}S(bzTgCaPbbKVNw%%T*SelnB59#H1o
ze^ym#Sd1)J3qYua(Zl=;z+$@SfE7^oWfZ4Ex9PgqXtc~%Lh3CS4G9YK>xQMwH6iSU
zArkUQRPsCd?Zu*a#kv+{*In8}ES*OFJvOs#$-uxOQ{p`9L3>lr#Ew|=s-|aFnD`S?
zo<Y_GX`*=CSHEe{NZ9bw6deu#?mtS?pW5P&r1`J>G5_vX=ua@=uj`25{|*-hiWd}i
z-q$d+SyAYu`K@$u6B|xG^LZAx8oP@`Qr@}!Av5tkw}xe^K~)ILVuc$6W>YG92-7^r
zP9bNxHJd*hKN&}EXkYqOvKs|`oX#AlWgHZZ<1>T%ZO8MT_&HUtx=g^CB<bgmAs70|
zkNczAD-l|Y#@C}rEAY8InkQM%{~0d)Eav|Y7yhMtm~dRc$$HW3GL&z&qfDx1M;<TO
z|15Q$`{{HCn(L*m9fRb)LMWn+sbk{TIyV}E#DsIrCCz~w!-n0O;<Z3+MUR1qs3ZEK
zSB~i5`vJMOoa7}0riJ^|uOtu7Wvv;gaY7%{3ZAd3Pui^2Rp_Rd;Pm>dic5b9>7u_+
iR9YV8ESFsv-|{kVxq=vB{<%)u302cAxh`AM@c#m#Txa_L

diff --git a/examples/provider/update-jks.sh b/examples/provider/update-jks.sh
index 3ab26d1a..9c0a6403 100755
--- a/examples/provider/update-jks.sh
+++ b/examples/provider/update-jks.sh
@@ -1,5 +1,30 @@
 
-# Used to update all of the JKS stores
+# Example KeyStore Update Script
+#
+# This script is Used to update all example JKS stores, using example
+# certificates found in wolfSSL proper.
+#
+# Java KeyStores which this script creates includes:
+#
+# all.jks               All certs
+# all_mixed.jks         All certs, mixed order
+# client.jks            RSA 2048-bit and ECC client certs
+# client-rsa-1024.jks   RSA 1024-bit only client cert
+# client-rsa.jks        RSA 2048-bit only client cert
+# client-ecc.jks        ECC only client cert
+# server.jks            RSA 2048-bit and ECC server certs
+# server-rsa-1024.jks   RSA 1024-bit only server cert
+# server-rsa.jks        RSA 2048-bit only server cert
+# server-ecc.jks        ECC only server cert
+# cacerts.jks           All CA certs (RSA, ECC, 1024, 2048, etc)
+# ca-client.jks         CA certs used to verify client certs
+# ca-server.jks         CA certs used to verify server certs
+#
+# NOTE: Keystores generated by this script are generated in JKS format,
+#       instead of the newer/better PKCS#12 format. The newer format would
+#       be preferred, but older versions of keytool do not support PKCS#12
+#       format. This would cause test failures in those older environments.
+
 printf "Removing and updating JKS stores\n"
 if [ -z "$1" ]; then
     printf "\tNo directory to certs provided\n"
@@ -10,7 +35,7 @@ CERT_LOCATION=$1
 
 # keystore-name , cert file , alias , password
 add_cert() {
-    keytool -import -keystore "$1" -file "$CERT_LOCATION/$2" -alias "$3" -noprompt -trustcacerts -storepass "$4"
+    keytool -import -keystore "$1" -file "$CERT_LOCATION/$2" -alias "$3" -noprompt -trustcacerts -deststoretype JKS -storepass "$4"
     if [ $? -ne 0 ]; then
         printf "fail"
         exit 1
@@ -20,13 +45,16 @@ add_cert() {
 # keystore-name , cert file , key file , alias , password
 add_cert_key() {
     openssl pkcs12 -export -in "$CERT_LOCATION/$2" -inkey "$CERT_LOCATION/$3" -out tmp.p12 -passin pass:"$5" -passout pass:"$5" -name "$4" &> /dev/null
-    keytool -importkeystore -deststorepass "$5" -destkeystore "$1" -srckeystore tmp.p12 -srcstoretype PKCS12 -srcstorepass "$5" -alias "$4" &> /dev/null
+    keytool -importkeystore -deststorepass "$5" -destkeystore "$1" -deststoretype JKS -srckeystore tmp.p12 -srcstoretype PKCS12 -srcstorepass "$5" -alias "$4" &> /dev/null
     if [ $? -ne 0 ]; then
         printf "fail"
         exit 1
     fi
     rm tmp.p12
 }
+
+#################### KEYSTORES WITH ALL CERTS ####################
+
 printf "\tCreating all.jks ..."
 rm all.jks &> /dev/null
 add_cert_key "all.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
@@ -40,53 +68,100 @@ add_cert_key "all.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL
 add_cert_key "all.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test"
 printf "done\n"
 
+printf "\tCreating all_mixed.jks ..."
+rm all_mixed.jks &> /dev/null
+add_cert_key "all_mixed.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
+add_cert_key "all_mixed.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test"
+add_cert_key "all_mixed.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test"
+add_cert_key "all_mixed.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
+add_cert_key "all_mixed.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
+add_cert_key "all_mixed.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
+add_cert_key "all_mixed.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test"
+add_cert_key "all_mixed.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
+printf "done\n"
+
+#################### CLIENT KEYSTORES ####################
+
+# Client cert: both RSA 2048-bit and ECC
 printf "\tCreating client.jks ..."
 rm client.jks &> /dev/null
 add_cert_key "client.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
-add_cert_key "client.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test"
 add_cert_key "client.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
-add_cert_key "client.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test"
-add_cert_key "client.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test"
-add_cert_key "client.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
 printf "done\n"
 
+# Client cert: RSA, 1024-bit only
+printf "\tCreating client-rsa-1024.jks ..."
+rm client-rsa-1024.jks &> /dev/null
+add_cert_key "client-rsa-1024.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-rsa-1024" "wolfSSL test"
+printf "done\n"
+
+# Client cert: RSA 2048-bit only
+printf "\tCreating client-rsa.jks ..."
+rm client-rsa.jks &> /dev/null
+add_cert_key "client-rsa.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test"
+printf "done\n"
+
+# Client cert: ECC only
+printf "\tCreating client-ecc.jks ..."
+rm client-ecc.jks &> /dev/null
+add_cert_key "client-ecc.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
+printf "done\n"
+
+#################### SERVER KEYSTORES ####################
+
+# Server cert: both RSA 2048-bit and ECC
 printf "\tCreating server.jks ..."
 rm server.jks &> /dev/null
 add_cert_key "server.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
-add_cert_key "server.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test"
 add_cert_key "server.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
-add_cert_key "server.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
-add_cert_key "server.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
-add_cert_key "server.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test"
 printf "done\n"
 
-printf "\tCreating rsa.jks ..."
-rm rsa.jks &> /dev/null
-add_cert_key "rsa.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
-add_cert_key "rsa.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
-add_cert_key "rsa.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test"
+# Server cert: RSA, 1024-bit only
+printf "\tCreating server-rsa-1024.jks ..."
+rm server-rsa-1024.jks &> /dev/null
+add_cert_key "server-rsa-1024.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test"
+printf "done\n"
+
+# Server cert: RSA, 2048-bit only
+printf "\tCreating server-rsa.jks ..."
+rm server-rsa.jks &> /dev/null
+add_cert_key "server-rsa.jks" "/server-cert.pem" "/server-key.pem" "server-rsa" "wolfSSL test"
 printf "done\n"
 
-printf "\tCreating ecc.jks ..."
-rm ecc.jks &> /dev/null
-add_cert_key "ecc.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
-add_cert_key "ecc.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
+# Server cert: ECC only
+printf "\tCreating server-ecc.jks ..."
+rm server-ecc.jks &> /dev/null
+add_cert_key "server-ecc.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
 printf "done\n"
 
+#################### CA CERT KEYSTORES ###################
+
+# Contains all CA certs (RSA and ECC), verifies both client and server certs
 printf "\tCreating cacerts.jks ..."
 rm cacerts.jks &> /dev/null
 add_cert_key "cacerts.jks" "/ca-cert.pem" "/ca-key.pem" "cacert" "wolfSSL test"
+add_cert_key "cacerts.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test"
+add_cert_key "cacerts.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
+add_cert_key "cacerts.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfSSL test"
+add_cert_key "cacerts.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test"
+add_cert_key "cacerts.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
 printf "done\n"
 
-printf "\tCreating all_mixed.jks ..."
-rm all_mixed.jks &> /dev/null
-add_cert_key "all_mixed.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
-add_cert_key "all_mixed.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test"
-add_cert_key "all_mixed.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test"
-add_cert_key "all_mixed.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
-add_cert_key "all_mixed.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
-add_cert_key "all_mixed.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
-add_cert_key "all_mixed.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test"
-add_cert_key "all_mixed.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
+# Contains CA certs used to verify client certs:
+# client-cert.pem verifies itself (self signed)
+# client-ecc-cert.pem verifies itself (self signed)
+printf "\tCreating ca-client.jks ..."
+rm ca-client.jks &> /dev/null
+add_cert_key "ca-client.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test"
+add_cert_key "ca-client.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
+printf "done\n"
+
+# Contains CA certs used to verify server certs:
+# ca-cert.pem verifies server-cert.pem
+# ca-ecc-cert.pem verifies server-ecc.pem
+printf "\tCreating ca-server.jks ..."
+rm ca-server.jks &> /dev/null
+add_cert_key "ca-server.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfSSL test"
+add_cert_key "ca-server.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test"
 printf "done\n"
 
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java
index 4ce2c466..0024d9ee 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java
@@ -171,6 +171,8 @@ private void LoadTrustedRootCerts() {
          * If tm is not an instance of WolfSSLTrustX509, simply return
          * here since we do not need to interface with native verification */
         if (!(tm instanceof com.wolfssl.provider.jsse.WolfSSLTrustX509)) {
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                "Deferring verification to checkClientTrusted/ServerTrusted()");
             return;
         }
 
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
index ef691c75..b4eae4a1 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
@@ -470,11 +470,19 @@ private void setLocalAuth() {
         X509TrustManager tm = authStore.getX509TrustManager();
         if (tm instanceof com.wolfssl.provider.jsse.WolfSSLTrustX509) {
             /* use internal peer verification logic */
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                "X509TrustManager is of type WolfSSLTrustX509");
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                "Using native internal peer verification logic");
             this.ssl.setVerify(mask, null);
 
         } else {
             /* not our own TrustManager, set up callback so JSSE can use
              * TrustManager.checkClientTrusted/checkServerTrusted() */
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                "X509TrustManager is not of type WolfSSLTrustX509");
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                "Using checkClientTrusted/ServerTrusted() for verification");
             wicb = new WolfSSLInternalVerifyCb(authStore.getX509TrustManager(),
                                                this.clientMode);
             this.ssl.setVerify(WolfSSL.SSL_VERIFY_PEER, wicb);
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java b/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java
index a1359f29..9a147b44 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java
@@ -84,6 +84,8 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) {
         } else {
             WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
                     "NOTE: Native wolfSSL peer verification failed");
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    "      Continuing with X509TrustManager verification");
         }
 
         try {
@@ -94,6 +96,8 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) {
 
         } catch (WolfSSLException e) {
             /* failed to get certs from native, give app null array */
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                "Failed to get certs from x509StorePtr, certs = null");
             certs = null;
         }
 
@@ -103,9 +107,13 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) {
                 x509certs = new X509Certificate[certs.length];
                 for (int i = 0; i < certs.length; i++) {
                     x509certs[i] = certs[i].getX509Certificate();
+                    WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                        "Peer cert: " + x509certs[i].getSubjectDN().getName());
                 }
             } catch (CertificateException | IOException ce) {
                 /* failed to get cert array, give app null array */
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    "Failed to get X509Certificate[] array, set to null");
                 x509certs = null;
             }
 
@@ -120,6 +128,8 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) {
             } else if (sigType.contains("ED25519")) {
                 authType = "ED25519";
             }
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                "Auth type: " + authType);
 
             /* Free native WolfSSLCertificate memory. At this
              * point x509certs[] is all Java managed memory now. */
@@ -132,15 +142,23 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) {
             /* poll TrustManager for cert verification, should throw
              * CertificateException if verification fails */
             if (clientMode) {
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    "Calling TrustManager.checkServerTrusted()");
                 tm.checkServerTrusted(x509certs, authType);
             } else {
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    "Calling TrustManager.checkClientTrusted()");
                 tm.checkClientTrusted(x509certs, authType);
             }
         } catch (Exception e) {
             /* TrustManager rejected certificate, not valid */
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                "TrustManager rejected certificates, verification failed");
             return 0;
         }
 
+        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+            "TrustManager verification successful");
         /* continue handshake, verification succeeded */
         return 1;
     }
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java
index df30091e..04c30826 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java
@@ -567,7 +567,7 @@ public byte[] getExtensionValue(String oid) {
     }
 
 
-    @SuppressWarnings("deprecation")
+    @SuppressWarnings("removal")
     @Override
     public void finalize() throws Throwable {
         try {
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java b/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java
index d553d5db..c81d388a 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java
@@ -207,6 +207,7 @@ public PublicKey getPublicKey() {
     }
 
     @Override
+    @SuppressWarnings("removal")
     public void finalize() throws Throwable {
         super.finalize();
         this.cert.free();
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java
index 522f0188..753c93d0 100644
--- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java
+++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java
@@ -162,7 +162,7 @@ public void testgetServerAliases() {
         }
 
         /* should be no ECC keys in RSA key store */
-        list = tf.createKeyManager("SunX509", tf.rsaJKS, provider);
+        list = tf.createKeyManager("SunX509", tf.serverRSAJKS, provider);
         km = (X509KeyManager) list[0];
         alias = km.getServerAliases("EC", null);
         if (alias != null) {
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLServerSocketTest.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLServerSocketTest.java
index 8b424c3e..36bf6dcd 100644
--- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLServerSocketTest.java
+++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLServerSocketTest.java
@@ -486,9 +486,9 @@ public Void call() throws Exception {
         ss.close();
 
         /* fail case, incorrect root CA loaded to verify client cert.
-         * caJKS does not verify clientJKS (client cert is self-signed) */
+         * caServerJKS does not verify clientJKS (client cert is self-signed) */
         this.ctx = tf.createSSLContext("TLSv1.2", ctxProvider,
-                tf.createTrustManager("SunX509", tf.caJKS, ctxProvider),
+                tf.createTrustManager("SunX509", tf.caServerJKS, ctxProvider),
                 tf.createKeyManager("SunX509", tf.clientJKS, ctxProvider));
 
         ss = (SSLServerSocket)ctx.getServerSocketFactory()
@@ -548,7 +548,7 @@ pass with setNeedClientAuth(false) */
 
         /* client has correct CA to authenticate server */
         SSLContext cliCtx = tf.createSSLContext("TLSv1.2", ctxProvider,
-                tf.createTrustManager("SunX509", tf.clientJKS, ctxProvider),
+                tf.createTrustManager("SunX509", tf.caServerJKS, ctxProvider),
                 tf.createKeyManager("SunX509", tf.clientJKS, ctxProvider));
 
         ss = (SSLServerSocket)srvCtx.getServerSocketFactory()
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java
index 3b13cd07..477a458a 100644
--- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java
+++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java
@@ -1123,7 +1123,7 @@ pass with setNeedClientAuth(false) */
 
         /* client has correct CA to authenticate server */
         SSLContext cliCtx = tf.createSSLContext("TLSv1.2", ctxProvider,
-                tf.createTrustManager("SunX509", tf.clientJKS, ctxProvider),
+                tf.createTrustManager("SunX509", tf.caServerJKS, ctxProvider),
                 tf.createKeyManager("SunX509", tf.clientJKS, ctxProvider));
 
         ss = (SSLServerSocket)srvCtx.getServerSocketFactory()
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLTestFactory.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLTestFactory.java
index 1c9e13e2..7ed29bba 100644
--- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLTestFactory.java
+++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLTestFactory.java
@@ -58,27 +58,59 @@
  */
 class WolfSSLTestFactory {
 
+    protected String allJKS;
+    protected String allMixedJKS;
     protected String clientJKS;
+    protected String clientRSA1024JKS;
+    protected String clientRSAJKS;
+    protected String clientECCJKS;
     protected String serverJKS;
-    protected String allJKS;
-    protected String mixedJKS;
+    protected String serverRSA1024JKS;
+    protected String serverRSAJKS;
+    protected String serverECCJKS;
     protected String caJKS;
-    protected String rsaJKS;
+    protected String caClientJKS;
+    protected String caServerJKS;
+
     protected String googleCACert;
     protected String exampleComCert;
+
     protected final static char[] jksPass = "wolfSSL test".toCharArray();
     protected String keyStoreType = "JKS";
     private boolean extraDebug = false;
 
     protected WolfSSLTestFactory() throws WolfSSLException {
-        serverJKS = "examples/provider/server.jks";
-        clientJKS = "examples/provider/client.jks";
-        allJKS = "examples/provider/all.jks";
-        mixedJKS = "examples/provider/all_mixed.jks";
-        caJKS = "examples/provider/cacerts.jks";
-        rsaJKS = "examples/provider/rsa.jks";
-        googleCACert = "examples/certs/ca-google-root.der";
-        exampleComCert = "examples/certs/example-com.der";
+        /* wolfJSSE example Java KeyStore files, containing:
+         * all.jks               All certs
+         * all_mixed.jks         All certs, mixed order
+         * client.jks            RSA 2048-bit and ECC client certs
+         * client-rsa-1024.jks   RSA 1024-bit only client cert
+         * client-rsa.jks        RSA 2048-bit only client cert
+         * client-ecc.jks        ECC only client cert
+         * server.jks            RSA 2048-bit and ECC server certs
+         * server-rsa-1024.jks   RSA 1024-bit only server cert
+         * server-rsa.jks        RSA 2048-bit only server cert
+         * server-ecc.jks        ECC only server cert
+         * cacerts.jks           All CA certs (RSA, ECC, 1024, 2048, etc)
+         * ca-client.jks         CA certs used to verify client certs
+         * ca-server.jks         CA certs used to verify server certs */
+        allJKS           = "examples/provider/all.jks";
+        allMixedJKS      = "examples/provider/all_mixed.jks";
+        clientJKS        = "examples/provider/client.jks";
+        clientRSA1024JKS = "examples/provider/client-rsa-1024.jks";
+        clientRSAJKS     = "examples/provider/client-rsa.jks";
+        clientECCJKS     = "examples/provider/client-ecc.jks";
+        serverJKS        = "examples/provider/server.jks";
+        serverRSA1024JKS = "examples/provider/server-rsa-1024.jks";
+        serverRSAJKS     = "examples/provider/server-rsa.jks";
+        serverECCJKS     = "examples/provider/server-ecc.jks";
+        caJKS            = "examples/provider/cacerts.jks";
+        caClientJKS      = "examples/provider/ca-client.jks";
+        caServerJKS      = "examples/provider/ca-server.jks";
+
+        /* External CA certificate files */
+        googleCACert     = "examples/certs/ca-google-root.der";
+        exampleComCert   = "examples/certs/example-com.der";
 
         /* test if running from IDE directory */
         File f = new File(serverJKS);
@@ -99,12 +131,20 @@ protected WolfSSLTestFactory() throws WolfSSLException {
     }
 
     private void setPaths(String in) {
-        serverJKS = in.concat(serverJKS);
-        clientJKS = in.concat(clientJKS);
         allJKS = in.concat(allJKS);
-        mixedJKS = in.concat(mixedJKS);
+        allMixedJKS = in.concat(allMixedJKS);
+        clientJKS = in.concat(clientJKS);
+        clientRSA1024JKS = in.concat(clientRSA1024JKS);
+        clientRSAJKS = in.concat(clientRSAJKS);
+        clientECCJKS = in.concat(clientECCJKS);
+        serverJKS = in.concat(serverJKS);
+        serverRSA1024JKS = in.concat(serverRSA1024JKS);
+        serverRSAJKS = in.concat(serverRSAJKS);
+        serverECCJKS = in.concat(serverECCJKS);
         caJKS = in.concat(caJKS);
-        rsaJKS = in.concat(rsaJKS);
+        caClientJKS = in.concat(caClientJKS);
+        caServerJKS = in.concat(caServerJKS);
+
         googleCACert = in.concat(googleCACert);
         exampleComCert = in.concat(exampleComCert);
     }
@@ -126,12 +166,19 @@ private boolean isAndroidFile() {
         File f;
 
         if (isAndroid()) {
-            serverJKS = "examples/provider/server.bks";
-            clientJKS = "examples/provider/client.bks";
-            allJKS = "examples/provider/all.bks";
-            mixedJKS = "examples/provider/all_mixed.bks";
-            caJKS = "examples/provider/cacerts.bks";
-            rsaJKS = "examples/provider/rsa.bks";
+            allJKS           = "examples/provider/all.bks";
+            allMixedJKS      = "examples/provider/all_mixed.bks";
+            clientJKS        = "examples/provider/client.bks";
+            clientRSA1024JKS = "examples/provider/client-rsa-1024.bks";
+            clientRSAJKS     = "examples/provider/client-rsa.bks";
+            clientECCJKS     = "examples/provider/client-ecc.bks";
+            serverJKS        = "examples/provider/server.bks";
+            serverRSA1024JKS = "examples/provider/server-rsa-1024.bks";
+            serverRSAJKS     = "examples/provider/server-rsa.bks";
+            serverECCJKS     = "examples/provider/server-ecc.bks";
+            caJKS            = "examples/provider/cacerts.bks";
+            caClientJKS      = "examples/provider/ca-client.bks";
+            caServerJKS      = "examples/provider/ca-server.bks";
             keyStoreType = "BKS";
         }
 
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java
index 32e8ef44..beda22e6 100644
--- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java
+++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java
@@ -78,11 +78,13 @@ public void testCAParsing()
         TrustManager[] tm;
         X509TrustManager x509tm;
         X509Certificate cas[];
+
+        String OU[] = { "OU=Programming-2048", "OU=Support",
+            "OU=Support_1024", "OU=Consulting", "OU=Development",
+            "OU=Fast", "OU=Consulting_1024", "OU=Programming-1024", "OU=ECC" };
+
         int i = 0;
-        int expected = 9;
-        String OU[] = { "OU=ECC", "OU=Programming-2048", "OU=Support",
-            "OU=Support_1024", "OU=Consulting", "OU=Development", "OU=Fast",
-            "OU=Consulting_1024", "OU=Programming-1024" };
+        int expected = OU.length;
 
         System.out.print("\tTesting parse all.jks");
 
@@ -92,10 +94,11 @@ public void testCAParsing()
             return;
         }
 
-        /* wolfSSL only returns a list of CA's, server-ecc basic constraint is set
-         * to false so it is not added as a CA */
+        /* wolfSSL only returns a list of CA's, server-ecc basic constraint is
+         * set to false so it is not added as a CA */
         if (this.provider != null && this.provider.equals("wolfJSSE")) {
-            expected = 8; /* one less than SunJSSE because of server-ecc */
+            /* one less than SunJSSE because of server-ecc */
+            expected = expected - 1;
         }
 
         tm = tf.createTrustManager("SunX509", tf.allJKS, provider);
@@ -120,6 +123,8 @@ public void testCAParsing()
         for (String x: OU) {
             if (this.provider != null &&
                     provider.equals("wolfJSSE") && x.equals("OU=ECC")) {
+                /* skip checking ECC certs, since not all Java versions
+                 * support them */
                 continue;
             }
 
@@ -139,10 +144,11 @@ public void testServerParsing()
         TrustManager[] tm;
         X509TrustManager x509tm;
         X509Certificate cas[];
+
+        String OU[] = { "OU=Support", "OU=ECC" };
+
         int i = 0;
-        int expected = 6;
-        String OU[] = { "OU=Programming-2048", "OU=Fast", "OU=Support",
-                        "OU=ECC", "OU=Programming-1024", "OU=Support_1024" };
+        int expected = OU.length;
 
         System.out.print("\tTesting parsing server.jks");
 
@@ -152,10 +158,11 @@ public void testServerParsing()
             return;
         }
 
-        /* wolfSSL only returns a list of CA's, server-ecc basic constraint is set
-         * to false so it is not added as a CA */
+        /* wolfSSL only returns a list of CA's, server-ecc basic constraint is
+         * set to false so it is not added as a CA */
         if (this.provider != null && this.provider.equals("wolfJSSE")) {
-            expected = expected-1; /* one less than SunJSSE because of server-ecc */
+            /* one less than SunJSSE because of server-ecc */
+            expected = expected - 1;
         }
 
         tm = tf.createTrustManager("SunX509", tf.serverJKS, provider);
@@ -200,12 +207,13 @@ public void testCAParsingMixed()
         TrustManager[] tm;
         X509TrustManager x509tm;
         X509Certificate cas[];
+
+        String OU[] = { "OU=Consulting", "OU=Programming-2048", "OU=Fast",
+            "OU=Support", "OU=Programming-1024", "OU=Consulting_1024",
+            "OU=Support_1024", "OU=ECC" };
+
         int i = 0, j;
-        int expected = 8;
-        String OU[] = { "OU=Consulting", "Programming-2048", "OU=Fast",
-            "OU=Support", "OU=ECC", "OU=Programming-1024", "OU=Consulting_1024",
-            "OU=Support_1024",
-            };
+        int expected = OU.length;
 
         System.out.print("\tTesting parse all_mixed.jks");
 
@@ -214,13 +222,14 @@ public void testCAParsingMixed()
             pass("\t... skipped");
             return;
         }
-        /* wolfSSL only returns a list of CA's, server-ecc basic constraint is set
-         * to false so it is not added as a CA */
+        /* wolfSSL only returns a list of CA's, server-ecc basic constraint is
+         * set to false so it is not added as a CA */
         if (this.provider != null && this.provider.equals("wolfJSSE")) {
-            expected = 7; /* one less than SunJSSE because of server-ecc */
+            /* one less than SunJSSE because of server-ecc */
+            expected = expected - 1;
         }
 
-        tm = tf.createTrustManager("SunX509", tf.mixedJKS, provider);
+        tm = tf.createTrustManager("SunX509", tf.allMixedJKS, provider);
         if (tm == null) {
             error("\t... failed");
             fail("failed to create trustmanager");
@@ -242,6 +251,8 @@ public void testCAParsingMixed()
         for (j = 0; j < OU.length && i < cas.length; j++) {
             if (this.provider != null &&
                     provider.equals("wolfJSSE") && OU[j].equals("OU=ECC")) {
+                /* skip checking ECC certs, since not all Java versions
+                 * support them */
                 continue;
             }
 
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java
index 5b37140c..7efc7dc9 100644
--- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java
+++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java
@@ -396,14 +396,19 @@ public void testGetters() {
         int ret, i;
         String[] ciphers;
         String   certType;
-        SSLContext ctx;
+        SSLContext ctxClient;
+        SSLContext ctxServer;
         System.out.print("\tTesting x509 getters");
 
-        ctx = tf.createSSLContext("TLS", provider,
-                tf.createTrustManager("SunX509", tf.rsaJKS, provider),
-                tf.createKeyManager("SunX509", tf.rsaJKS, provider));
-        server = ctx.createSSLEngine();
-        client = ctx.createSSLEngine("wolfSSL client test", 11111);
+        ctxClient = tf.createSSLContext("TLS", provider,
+                    tf.createTrustManager("SunX509", tf.caServerJKS, provider),
+                    tf.createKeyManager("SunX509", tf.clientRSAJKS, provider));
+        ctxServer = tf.createSSLContext("TLS", provider,
+                    tf.createTrustManager("SunX509", tf.caClientJKS, provider),
+                    tf.createKeyManager("SunX509", tf.serverRSAJKS, provider));
+
+        server = ctxServer.createSSLEngine();
+        client = ctxClient.createSSLEngine("wolfSSL client test", 11111);
 
         /* make connection using RSA certificate */
         server.setUseClientMode(false);

From d1251768ac0b9aaeddf2d9413f34b476698a78fd Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Thu, 21 Apr 2022 11:04:39 -0600
Subject: [PATCH 05/12] fix compiler warnings when HAVE_PK_CALLBACKS is not
 defined

---
 native/com_wolfssl_WolfSSLSession.c | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/native/com_wolfssl_WolfSSLSession.c b/native/com_wolfssl_WolfSSLSession.c
index 967f9cc8..269483aa 100644
--- a/native/com_wolfssl_WolfSSLSession.c
+++ b/native/com_wolfssl_WolfSSLSession.c
@@ -2789,8 +2789,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccSignCtx
 
     void*          eccSignCtx;
     internCtx*     myCtx;
-#endif
     WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr;
+#endif
 
     /* find exception class in case we need it */
     excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException");
@@ -2851,6 +2851,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccSignCtx
 
     wolfSSL_SetEccSignCtx(ssl, myCtx);
 #else
+    (void)jcl;
+    (void)sslPtr;
     (*jenv)->ThrowNew(jenv, excClass,
         "wolfSSL not compiled with PK Callbacks and/or ECC");
     return;
@@ -2866,8 +2868,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccVerifyCtx
 
     void*          eccVerifyCtx;
     internCtx*     myCtx;
-#endif
     WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr;
+#endif
 
     /* find exception class in case we need it */
     excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException");
@@ -2928,6 +2930,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccVerifyCtx
 
     wolfSSL_SetEccVerifyCtx(ssl, myCtx);
 #else
+    (void)jcl;
+    (void)sslPtr;
     (*jenv)->ThrowNew(jenv, excClass,
         "wolfSSL not compiled with PK Callbacks and/or ECC");
     return;
@@ -2943,8 +2947,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccSharedSecretCtx
 
     void*          eccSharedSecretCtx;
     internCtx*     myCtx;
-#endif
     WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr;
+#endif
 
     /* find exception class in case we need it */
     excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException");
@@ -3005,6 +3009,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccSharedSecretCtx
 
     wolfSSL_SetEccSharedSecretCtx(ssl, myCtx);
 #else
+    (void)jcl;
+    (void)sslPtr;
     (*jenv)->ThrowNew(jenv, excClass,
         "wolfSSL not compiled with PK Callbacks and/or ECC");
     return;
@@ -3020,8 +3026,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaSignCtx
 
     void*          rsaSignCtx;
     internCtx*     myCtx;
-#endif
     WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr;
+#endif
 
     /* find exception class in case we need it */
     excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException");
@@ -3082,6 +3088,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaSignCtx
 
     wolfSSL_SetRsaSignCtx(ssl, myCtx);
 #else
+    (void)jcl;
+    (void)sslPtr;
     (*jenv)->ThrowNew(jenv, excClass,
         "wolfSSL not compiled with PK Callbacks and/or RSA support");
     return;
@@ -3097,8 +3105,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaVerifyCtx
 
     void*          rsaVerifyCtx;
     internCtx*     myCtx;
-#endif
     WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr;
+#endif
 
     /* find exception class in case we need it */
     excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException");
@@ -3159,6 +3167,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaVerifyCtx
 
     wolfSSL_SetRsaVerifyCtx(ssl, myCtx);
 #else
+    (void)jcl;
+    (void)sslPtr;
     (*jenv)->ThrowNew(jenv, excClass,
         "wolfSSL not compiled with PK Callbacks and/or RSA support");
     return;
@@ -3174,8 +3184,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaEncCtx
 
     void*          rsaEncCtx;
     internCtx*     myCtx;
-#endif
     WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr;
+#endif
 
     /* find exception class in case we need it */
     excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException");
@@ -3237,6 +3247,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaEncCtx
 
     wolfSSL_SetRsaEncCtx(ssl, myCtx);
 #else
+    (void)jcl;
+    (void)sslPtr;
     (*jenv)->ThrowNew(jenv, excClass,
         "wolfSSL not compiled with PK Callbacks and/or RSA support");
     return;
@@ -3252,8 +3264,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaDecCtx
 
     void*          rsaDecCtx;
     internCtx*     myCtx;
-#endif
     WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr;
+#endif
 
     /* find exception class in case we need it */
     excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException");
@@ -3314,6 +3326,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaDecCtx
 
     wolfSSL_SetRsaDecCtx(ssl, myCtx);
 #else
+    (void)jcl;
+    (void)sslPtr;
     (*jenv)->ThrowNew(jenv, excClass,
         "wolfSSL not compiled with PK Callbacks and/or RSA support");
     return;

From 963f5565eed6f36e37bb90032cbef3d2b0fdd19a Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 22 Apr 2022 13:30:50 -0600
Subject: [PATCH 06/12] add OS/ARCH and JAVA_HOME print to java.sh output

---
 java.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/java.sh b/java.sh
index ba8caa3b..4498b228 100755
--- a/java.sh
+++ b/java.sh
@@ -44,6 +44,9 @@ else
     echo 'Unknown host OS!'
     exit
 fi
+echo "        $OS $ARCH"
+
+echo "    Java Home = $javaHome"
 
 # create /lib directory if doesn't exist
 if [ ! -d ./lib ]

From 3fd0b1bdf01f1e320463d953068e7a41f2b12cbb Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 22 Apr 2022 16:07:17 -0600
Subject: [PATCH 07/12] WolfSSLCertificate: let Java do the modified UTF-8
 conversion for toString()

---
 native/com_wolfssl_WolfSSLCertificate.c      | 26 +++++++++++++++-----
 native/com_wolfssl_WolfSSLCertificate.h      |  4 +--
 src/java/com/wolfssl/WolfSSLCertificate.java | 18 ++++++++++++--
 3 files changed, 38 insertions(+), 10 deletions(-)

diff --git a/native/com_wolfssl_WolfSSLCertificate.c b/native/com_wolfssl_WolfSSLCertificate.c
index 3feda055..5200831e 100644
--- a/native/com_wolfssl_WolfSSLCertificate.c
+++ b/native/com_wolfssl_WolfSSLCertificate.c
@@ -418,12 +418,13 @@ JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1signatu
     return (*jenv)->NewStringUTF(jenv, oid);
 }
 
-JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1print
+JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1print
   (JNIEnv* jenv, jclass jcl, jlong x509Ptr)
 {
     WOLFSSL_BIO* bio;
-    jstring ret = NULL;
+    int sz = 0;
     const char* mem = NULL;
+    jbyteArray  memArr = NULL;
     WOLFSSL_X509* x509 = (WOLFSSL_X509*)(uintptr_t)x509Ptr;
     (void)jcl;
 
@@ -441,12 +442,25 @@ JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1print
         return NULL;
     }
 
-    wolfSSL_BIO_get_mem_data(bio, &mem);
-    if (mem != NULL) {
-        ret = (*jenv)->NewStringUTF(jenv, mem);
+    sz = wolfSSL_BIO_get_mem_data(bio, &mem);
+    if (sz > 0 && mem != NULL) {
+
+        memArr = (*jenv)->NewByteArray(jenv, sz);
+        if (memArr == NULL) {
+            wolfSSL_BIO_free(bio);
+            return NULL;
+        }
+
+        (*jenv)->SetByteArrayRegion(jenv, memArr, 0, sz, (jbyte*)mem);
+        if ((*jenv)->ExceptionOccurred(jenv)) {
+            /* failed to set byte region */
+            (*jenv)->DeleteLocalRef(jenv, memArr);
+            wolfSSL_BIO_free(bio);
+            return NULL;
+        }
     }
     wolfSSL_BIO_free(bio);
-    return ret;
+    return memArr;
 }
 
 JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1isCA
diff --git a/native/com_wolfssl_WolfSSLCertificate.h b/native/com_wolfssl_WolfSSLCertificate.h
index 38a79287..ac0ffe3f 100644
--- a/native/com_wolfssl_WolfSSLCertificate.h
+++ b/native/com_wolfssl_WolfSSLCertificate.h
@@ -90,9 +90,9 @@ JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1signatu
 /*
  * Class:     com_wolfssl_WolfSSLCertificate
  * Method:    X509_print
- * Signature: (J)Ljava/lang/String;
+ * Signature: (J)[B
  */
-JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1print
+JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1print
   (JNIEnv *, jclass, jlong);
 
 /*
diff --git a/src/java/com/wolfssl/WolfSSLCertificate.java b/src/java/com/wolfssl/WolfSSLCertificate.java
index 8d9b3ff5..3dbea23d 100644
--- a/src/java/com/wolfssl/WolfSSLCertificate.java
+++ b/src/java/com/wolfssl/WolfSSLCertificate.java
@@ -25,6 +25,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.ByteArrayInputStream;
+import java.nio.charset.Charset;
 import java.math.BigInteger;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
@@ -62,7 +63,7 @@ public class WolfSSLCertificate {
     static native byte[] X509_get_signature(long x509);
     static native String X509_get_signature_type(long x509);
     static native String X509_get_signature_OID(long x509);
-    static native String X509_print(long x509);
+    static native byte[] X509_print(long x509);
     static native int X509_get_isCA(long x509);
     static native String X509_get_subject_name(long x509);
     static native String X509_get_issuer_name(long x509);
@@ -600,7 +601,20 @@ public X509Certificate getX509Certificate()
 
     @Override
     public String toString() {
-        return X509_print(this.x509Ptr);
+
+        byte[] x509Text;
+
+        if (this.active == false) {
+            return super.toString();
+        }
+
+        x509Text = X509_print(this.x509Ptr);
+        if (x509Text != null) {
+            /* let Java do the modified UTF-8 conversion */
+            return new String(x509Text, Charset.forName("UTF-8"));
+        }
+
+        return super.toString();
     }
 
     /**

From 4e6582f3a8ce313303bc623444671f10fe7c98a6 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 22 Apr 2022 16:09:56 -0600
Subject: [PATCH 08/12] update files in examples/certs and
 WolfSSLCertificateTest cases

---
 examples/certs/ca-cert.pem                    |  56 ++++-----
 examples/certs/ca-ecc-cert.pem                |  22 ++--
 examples/certs/client-cert.der                | Bin 1313 -> 1313 bytes
 examples/certs/client-cert.pem                |  58 ++++-----
 examples/certs/server-cert.pem                | 112 ++++++++---------
 examples/certs/server-ecc.pem                 |  24 ++--
 .../wolfssl/test/WolfSSLCertificateTest.java  | 119 ++++++++----------
 7 files changed, 185 insertions(+), 206 deletions(-)

diff --git a/examples/certs/ca-cert.pem b/examples/certs/ca-cert.pem
index 5c280581..2c7fc177 100644
--- a/examples/certs/ca-cert.pem
+++ b/examples/certs/ca-cert.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            7d:94:70:88:ba:07:42:8d:aa:af:4f:be:c2:1a:48:f0:d1:40:e6:42
+            26:8c:93:f9:f9:f4:1e:b3:01:72:94:55:67:6d:e2:f8:3d:da:e9:f4
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 20 23:07:24 2021 GMT
-            Not After : Sep 15 23:07:24 2024 GMT
+            Not Before: Feb 15 12:50:24 2022 GMT
+            Not After : Nov 11 12:50:24 2024 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -38,7 +38,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:7D:94:70:88:BA:07:42:8D:AA:AF:4F:BE:C2:1A:48:F0:D1:40:E6:42
+                serial:26:8C:93:F9:F9:F4:1E:B3:01:72:94:55:67:6D:E2:F8:3D:DA:E9:F4
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -47,27 +47,27 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         b0:71:bb:ba:45:5a:80:25:02:a4:7e:88:0b:a9:7b:fd:b0:bb:
-         f6:46:b5:ba:f4:c7:e3:61:20:8c:03:15:66:f5:e4:54:82:ef:
-         13:80:97:22:67:c1:d1:88:5d:e2:2d:57:f6:e0:9f:69:d6:b1:
-         5c:b6:e8:e0:98:89:c8:14:12:d6:b6:89:8d:6c:b9:a0:59:4f:
-         92:ee:11:53:6b:7d:93:4a:69:0a:85:d9:d5:d2:62:e8:c9:b5:
-         c6:4e:17:f5:0a:e8:f3:2d:86:61:0b:eb:c4:c4:c6:67:75:ed:
-         9a:9f:53:a0:71:1e:a0:90:0d:f9:03:b4:bc:86:19:6e:f0:3b:
-         4f:e8:ed:68:f6:e7:23:43:3b:36:83:83:4b:46:a0:9a:01:d0:
-         c7:85:bb:7d:94:a0:21:3d:7e:3c:6a:3d:81:db:41:7b:46:d8:
-         15:62:d5:8f:4d:3d:c0:db:9a:c5:81:a8:ac:da:87:99:c7:dd:
-         b9:f1:14:af:d1:93:e3:f3:42:d7:a2:04:51:21:54:29:c3:45:
-         f6:be:5c:fa:cd:db:bf:2f:79:81:42:e5:8f:47:0b:d4:54:01:
-         b5:c2:4a:46:d6:a8:31:2e:64:80:3f:48:61:91:29:f3:aa:43:
-         5c:69:6e:f1:01:b9:df:63:71:3d:b9:5a:fb:36:c0:11:a2:c3:
-         30:9d:95:c3
+         62:e4:1b:28:3c:9d:d2:60:a9:55:be:6a:f6:20:f2:da:e8:a1:
+         1a:97:b1:90:77:82:ed:c7:77:29:53:33:18:10:62:e0:bd:93:
+         1b:d2:d6:a1:80:43:1d:64:f1:42:92:ec:b7:b8:f0:6b:da:59:
+         83:f4:b8:87:e6:fc:70:21:ea:62:32:70:68:14:0e:dc:b4:f1:
+         66:e2:6e:ab:d2:72:6f:da:df:71:f6:3d:27:97:7d:be:e1:d1:
+         ac:16:ad:d7:4f:aa:9d:0c:1e:6e:a9:5e:7d:57:5b:3c:c7:6d:
+         d2:f2:5c:c3:dc:3d:36:99:8e:ab:c0:7f:13:a5:f4:67:8b:e2:
+         a6:51:31:f1:03:91:00:a8:c4:c5:1d:7f:35:62:b8:1d:a0:a5:
+         ab:ec:32:68:ee:f3:ca:48:16:9f:f4:1e:7e:ea:fa:b0:86:15:
+         52:36:6c:4b:58:44:a7:eb:20:78:6e:7e:e8:00:40:ac:98:d8:
+         53:f3:13:4b:b8:98:66:50:63:ed:af:e5:a4:f6:c9:90:1c:84:
+         0a:09:45:2f:a1:e1:37:63:b5:43:8c:a0:2e:7f:c4:d4:e1:ae:
+         b7:b9:45:13:f8:70:d5:79:06:4f:82:83:4b:98:d7:56:47:64:
+         9a:6a:6d:8e:7a:9d:ef:83:0f:6b:75:0e:47:22:92:f3:b4:b2:
+         84:61:1f:1c
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUfZRwiLoHQo2qr0++whpI8NFA5kIwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUJoyT+fn0HrMBcpRVZ23i+D3a6fQwDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIxMTIyMDIzMDcyNFoXDTI0MDkxNTIzMDcyNFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTIyMDIxNTEyNTAyNFoXDTI0MTExMTEyNTAyNFowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -82,12 +82,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-fZRwiLoHQo2qr0++whpI8NFA5kIwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+JoyT+fn0HrMBcpRVZ23i+D3a6fQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBALBxu7pFWoAlAqR+iAupe/2wu/ZGtbr0x+NhIIwD
-FWb15FSC7xOAlyJnwdGIXeItV/bgn2nWsVy26OCYicgUEta2iY1suaBZT5LuEVNr
-fZNKaQqF2dXSYujJtcZOF/UK6PMthmEL68TExmd17ZqfU6BxHqCQDfkDtLyGGW7w
-O0/o7Wj25yNDOzaDg0tGoJoB0MeFu32UoCE9fjxqPYHbQXtG2BVi1Y9NPcDbmsWB
-qKzah5nH3bnxFK/Rk+PzQteiBFEhVCnDRfa+XPrN278veYFC5Y9HC9RUAbXCSkbW
-qDEuZIA/SGGRKfOqQ1xpbvEBud9jcT25Wvs2wBGiwzCdlcM=
+DQYJKoZIhvcNAQELBQADggEBAGLkGyg8ndJgqVW+avYg8trooRqXsZB3gu3HdylT
+MxgQYuC9kxvS1qGAQx1k8UKS7Le48GvaWYP0uIfm/HAh6mIycGgUDty08WbibqvS
+cm/a33H2PSeXfb7h0awWrddPqp0MHm6pXn1XWzzHbdLyXMPcPTaZjqvAfxOl9GeL
+4qZRMfEDkQCoxMUdfzViuB2gpavsMmju88pIFp/0Hn7q+rCGFVI2bEtYRKfrIHhu
+fugAQKyY2FPzE0u4mGZQY+2v5aT2yZAchAoJRS+h4TdjtUOMoC5/xNThrre5RRP4
+cNV5Bk+Cg0uY11ZHZJpqbY56ne+DD2t1DkcikvO0soRhHxw=
 -----END CERTIFICATE-----
diff --git a/examples/certs/ca-ecc-cert.pem b/examples/certs/ca-ecc-cert.pem
index 326d0396..1d0148d0 100644
--- a/examples/certs/ca-ecc-cert.pem
+++ b/examples/certs/ca-ecc-cert.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            2f:c0:2c:fe:1f:6a:5a:0b:dd:f6:08:63:99:42:7e:19:92:fa:dc:32
+            29:bf:2b:cd:bf:55:54:49:85:b3:69:4e:e1:85:37:79:1e:81:f9:c2
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 20 23:07:24 2021 GMT
-            Not After : Sep 15 23:07:24 2024 GMT
+            Not Before: Feb 15 12:50:24 2022 GMT
+            Not After : Nov 11 12:50:24 2024 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -31,16 +31,16 @@ Certificate:
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:f2:a0:7a:0f:66:05:ec:81:a2:94:6a:31:e0:
-         0d:ee:8f:6a:ed:63:33:0e:27:31:b3:cf:c8:a0:0e:5b:88:51:
-         fa:02:20:51:0f:26:46:95:37:8e:49:4e:b0:4d:cd:b1:65:fe:
-         2d:43:ab:20:c7:83:70:44:11:13:86:a5:9b:3b:34:24:f2
+         30:44:02:20:78:ed:4c:1c:a7:2d:b3:35:0b:1d:46:a3:37:31:
+         0b:8a:05:39:c8:28:31:58:35:f1:98:f7:4b:72:c0:4f:e6:7f:
+         02:20:02:f2:09:2b:3a:e1:36:92:bf:58:6a:03:12:2d:79:e6:
+         bd:06:45:61:b9:0e:39:e1:9c:f0:a8:2e:0b:1e:8c:b2
 -----BEGIN CERTIFICATE-----
-MIIClTCCAjugAwIBAgIUL8As/h9qWgvd9ghjmUJ+GZL63DIwCgYIKoZIzj0EAwIw
+MIIClDCCAjugAwIBAgIUKb8rzb9VVEmFs2lO4YU3eR6B+cIwCgYIKoZIzj0EAwIw
 gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIxMTIyMDIzMDcyNFoXDTI0MDkxNTIzMDcyNFowgZcxCzAJ
+bGZzc2wuY29tMB4XDTIyMDIxNTEyNTAyNFoXDTI0MTExMTEyNTAyNFowgZcxCzAJ
 BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
 MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE
 AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
@@ -48,6 +48,6 @@ Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtPZbtYBjkXIuZAx5cBM456t
 KTiYuhDW6QkqgKkuFyq5ir8zg0bjlQvkd0C1O0NFMw9hU3w3RMHL/IDK6EPqp6Nj
 MGEwHQYDVR0OBBYEFFaOmsPwQt4YuUVVbvmTz+rD86UhMB8GA1UdIwQYMBaAFFaO
 msPwQt4YuUVVbvmTz+rD86UhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgGGMAoGCCqGSM49BAMCA0gAMEUCIQDyoHoPZgXsgaKUajHgDe6Pau1jMw4nMbPP
-yKAOW4hR+gIgUQ8mRpU3jklOsE3NsWX+LUOrIMeDcEQRE4almzs0JPI=
+AgGGMAoGCCqGSM49BAMCA0cAMEQCIHjtTBynLbM1Cx1GozcxC4oFOcgoMVg18Zj3
+S3LAT+Z/AiAC8gkrOuE2kr9YagMSLXnmvQZFYbkOOeGc8KguCx6Msg==
 -----END CERTIFICATE-----
diff --git a/examples/certs/client-cert.der b/examples/certs/client-cert.der
index 857b8336ca092edcaef86b2b8003b01ab7527473..321f5c1a721cc84d5aa64e9f04afb1fff683a1e7 100644
GIT binary patch
delta 356
zcmZ3;wUA5Mpovx1poxWb0W%XL6O#y|)a$U-ce+0>llw9`p>sPcyC$Q~MCGj#Mg~TP
zriMnQ21X`P;=D#Ch9CgsZv3zhyQay9nB(hHa+i6nn7{mGsm|wCTf6lZzjKbiK7K)a
zk?YpfeHVmvzArxb+GgXA9k$8+r#SplWp&P(<e5%upKK7j>cq<hb7r?xSOqOK_Q-2V
zE1Yxw;_+%GpNF0`neKnKGyYs)X}x;qv74vVTR+5XTk`DAr=Wi>4BI}qf6BMN%KzVR
za&Sk_@!$1f0^Zin&${Mp-!kiN%;U3j_Aci+cyro^$)8v6y(CxO<#d++pU16mlSH@0
zoqC3syskLwhqbztp2{|R^ulV>)Tve)6M7FQ|F*d#Rh<3)?=|Vyx#?ODUu!iht$jRI
t^6BJvB6qgdK0n{tbG`qPeMa5Nk{W4?)Snu@{{v3E3$*H&oyQa!2LKF8shR))

delta 356
zcmZ3;wUA5Mpovx1poxWb0W%XL6O%}=Sj~d405|ofw+UNr8Q;h{@am4?MCGj#hK5E)
z21dpP=0+w_;=D#C29}1VAnwKw`><=8e26)|e#eW)S{^wp-9H*dq|S-FJ^tbH=~)wR
z>d595oAobFJR*PVqW3n33t30BolofheiwDpajtg$XUlYjH#OH5)U#Ed4bnMj6TSZ_
zqx*ypO&uR?T~)ta^nSC(Ui#cZzQhHZj^7md<`-|aG&v#{8bANJ)2Y?{Hc4%2Q?_pJ
zu1WQ=+rFm$Yas7Z5&nGbe@Ro-<OG7&xkOC8v*k#czKBMO>#8Y<x1=td-)z-<BJKB!
zh&xv%dd+%%V%w{qL6Vzn<ELt_={`R@=Gxt}*`EskZu6Cx!4ci{T>JFijOj8=s~jVF
tfA9rd_sDNN!cY*Fo+7n5?2q!77EiP9^%hesZaFj_*tuctt8+{ip8x~&r2hZ_

diff --git a/examples/certs/client-cert.pem b/examples/certs/client-cert.pem
index 16c2975d..26c73841 100644
--- a/examples/certs/client-cert.pem
+++ b/examples/certs/client-cert.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            53:16:7c:a0:56:50:46:27:82:ed:60:b4:da:33:d8:6a:c0:ea:dc:31
+            01:1a:eb:56:ab:dc:8b:f3:a6:1e:f4:93:60:89:b7:05:07:29:01:2c
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 20 23:07:24 2021 GMT
-            Not After : Sep 15 23:07:24 2024 GMT
+            Not Before: Feb 15 12:50:24 2022 GMT
+            Not After : Nov 11 12:50:24 2024 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -38,7 +38,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:53:16:7C:A0:56:50:46:27:82:ED:60:B4:DA:33:D8:6A:C0:EA:DC:31
+                serial:01:1A:EB:56:AB:DC:8B:F3:A6:1E:F4:93:60:89:B7:05:07:29:01:2C
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -47,27 +47,27 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         b8:e8:e3:2a:48:6c:04:8b:f8:81:14:1a:ce:14:ed:c7:f0:d3:
-         cb:9a:91:d9:2c:1d:6e:73:36:8f:a3:61:c4:1f:da:d1:4b:b6:
-         40:d0:6a:c4:2b:43:c8:2f:fb:ee:5a:c9:41:9d:2b:6f:f3:39:
-         67:20:ec:7c:d6:a0:7f:06:79:cd:52:2c:c9:3c:5b:bf:e5:01:
-         47:90:f0:82:88:f1:3d:45:25:f4:d1:4b:ec:ac:3f:1b:ce:a1:
-         0e:61:a0:29:41:f6:21:0e:9f:73:b3:39:34:c4:1e:55:5f:9f:
-         e7:42:ca:ab:8f:3c:62:86:26:94:b5:b7:8b:7c:65:4c:3e:b7:
-         ac:f5:51:0d:a5:14:0f:6f:2b:fe:62:95:26:1e:10:52:ae:44:
-         58:95:dc:b4:c4:76:2f:14:28:64:45:aa:94:61:da:1a:d0:cf:
-         b3:3a:83:c8:66:fb:e8:58:dc:d4:91:4a:9a:e7:c8:b6:ea:f9:
-         52:19:b2:3d:5f:95:29:ac:8b:cf:9b:5c:d6:dd:cd:6b:f2:71:
-         fd:b6:4d:18:98:08:5b:8a:e7:2b:cb:bd:68:97:1c:02:aa:41:
-         59:0d:f8:0e:50:d7:48:6f:81:c4:00:70:56:67:64:1a:b3:56:
-         fc:23:f4:84:49:36:f7:7f:38:94:38:da:40:81:c0:b9:b0:ad:
-         ea:ce:38:f2
+         64:6d:a6:4a:a8:9f:a7:e9:75:2c:f3:85:3d:3e:af:38:fb:6c:
+         c7:eb:c7:d0:2b:a2:45:b5:65:be:d0:13:2c:f7:a3:c1:eb:3c:
+         b1:f8:b8:3d:63:8f:ca:08:4e:65:1d:2c:ce:34:6e:35:96:87:
+         93:30:5d:aa:c8:e9:a0:9c:9b:84:78:3a:52:a1:33:48:6e:84:
+         66:71:9c:cf:d1:c7:7b:02:4c:e1:49:7c:69:47:fc:b7:01:f9:
+         a0:39:3b:ab:b9:c6:d9:ca:27:85:f0:5c:b6:a4:e6:dc:f2:52:
+         fe:44:00:b6:f0:47:f2:6f:3f:d5:0f:ff:31:93:53:88:8c:c7:
+         fb:56:10:4b:3b:43:e6:8a:9c:b7:b4:9a:dd:5c:e3:cd:9c:bd:
+         a7:0c:c1:d9:96:f0:93:f3:ab:bd:d2:1e:77:8a:42:cd:0f:fe:
+         48:da:57:34:61:46:a3:89:2e:31:d2:4a:d4:43:2f:56:85:44:
+         75:ca:6b:36:e2:e8:3a:b2:95:95:3a:28:90:8d:c0:23:fb:3c:
+         d2:1a:73:6b:ef:fd:d6:1b:eb:6d:67:2a:e1:eb:2a:83:22:ad:
+         e3:95:19:e5:93:ee:14:dc:b5:7d:e7:cf:89:8c:d7:8f:d2:3f:
+         68:7e:a9:74:7c:1b:38:65:f9:28:4d:ff:50:c8:ee:51:3a:8f:
+         1d:9e:55:5e
 -----BEGIN CERTIFICATE-----
-MIIFHTCCBAWgAwIBAgIUUxZ8oFZQRieC7WC02jPYasDq3DEwDQYJKoZIhvcNAQEL
+MIIFHTCCBAWgAwIBAgIUARrrVqvci/OmHvSTYIm3BQcpASwwDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMTEyMjAyMzA3MjRaFw0yNDA5MTUyMzA3
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMjAyMTUxMjUwMjRaFw0yNDExMTExMjUw
 MjRaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
@@ -82,13 +82,13 @@ Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH
 JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
 DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM
 EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUUxZ8oFZQRieC7WC02jPYasDq
-3DEwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUARrrVqvci/OmHvSTYIm3BQcp
+ASwwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
 BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB
-ALjo4ypIbASL+IEUGs4U7cfw08uakdksHW5zNo+jYcQf2tFLtkDQasQrQ8gv++5a
-yUGdK2/zOWcg7HzWoH8Gec1SLMk8W7/lAUeQ8IKI8T1FJfTRS+ysPxvOoQ5hoClB
-9iEOn3OzOTTEHlVfn+dCyquPPGKGJpS1t4t8ZUw+t6z1UQ2lFA9vK/5ilSYeEFKu
-RFiV3LTEdi8UKGRFqpRh2hrQz7M6g8hm++hY3NSRSprnyLbq+VIZsj1flSmsi8+b
-XNbdzWvycf22TRiYCFuK5yvLvWiXHAKqQVkN+A5Q10hvgcQAcFZnZBqzVvwj9IRJ
-Nvd/OJQ42kCBwLmwrerOOPI=
+AGRtpkqon6fpdSzzhT0+rzj7bMfrx9ArokW1Zb7QEyz3o8HrPLH4uD1jj8oITmUd
+LM40bjWWh5MwXarI6aCcm4R4OlKhM0huhGZxnM/Rx3sCTOFJfGlH/LcB+aA5O6u5
+xtnKJ4XwXLak5tzyUv5EALbwR/JvP9UP/zGTU4iMx/tWEEs7Q+aKnLe0mt1c482c
+vacMwdmW8JPzq73SHneKQs0P/kjaVzRhRqOJLjHSStRDL1aFRHXKazbi6DqylZU6
+KJCNwCP7PNIac2vv/dYb621nKuHrKoMireOVGeWT7hTctX3nz4mM14/SP2h+qXR8
+Gzhl+ShN/1DI7lE6jx2eVV4=
 -----END CERTIFICATE-----
diff --git a/examples/certs/server-cert.pem b/examples/certs/server-cert.pem
index 9e5186ec..75c6f836 100644
--- a/examples/certs/server-cert.pem
+++ b/examples/certs/server-cert.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 20 23:07:25 2021 GMT
-            Not After : Sep 15 23:07:25 2024 GMT
+            Not Before: Feb 15 12:50:24 2022 GMT
+            Not After : Nov 11 12:50:24 2024 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = Support, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -37,7 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:7D:94:70:88:BA:07:42:8D:AA:AF:4F:BE:C2:1A:48:F0:D1:40:E6:42
+                serial:26:8C:93:F9:F9:F4:1E:B3:01:72:94:55:67:6D:E2:F8:3D:DA:E9:F4
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -46,27 +46,27 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         73:59:6f:55:94:e1:38:e7:20:5a:11:46:47:a8:29:11:17:06:
-         19:16:78:22:af:54:f8:d9:32:61:26:3f:39:ab:a4:df:ef:ae:
-         d0:0b:cc:2b:af:95:70:90:97:53:cc:19:6d:f2:4d:4c:fa:e4:
-         9d:7c:54:e0:5b:3b:1f:1e:52:46:7f:d9:ba:a0:90:ba:6d:df:
-         3d:67:f0:9f:52:44:c3:e1:66:36:dc:61:58:11:ba:4c:0c:c2:
-         29:da:f7:13:45:60:b2:11:79:91:ed:7c:9f:b7:7f:5c:e2:29:
-         c6:1e:bf:78:da:bf:d1:bd:9c:f7:4e:23:e0:c3:ef:6f:b6:67:
-         7c:d7:4c:02:d5:bd:67:ee:7e:0c:e3:89:db:79:61:1e:d0:5f:
-         f5:e8:66:48:3a:55:54:d5:16:12:30:00:c9:86:75:e0:c9:ff:
-         38:74:ce:c8:c7:fd:ef:96:d8:55:96:71:35:62:db:34:c5:2f:
-         07:84:8a:aa:1b:1e:77:50:0a:20:3b:21:4b:06:14:af:78:11:
-         a2:41:c6:5d:0c:70:e0:52:b4:9e:4c:86:ab:5b:a3:e0:8f:a2:
-         c2:1a:69:70:80:3b:bd:50:23:26:72:4f:fa:fd:df:ed:85:32:
-         2c:e4:ab:3e:f3:a6:d0:1d:db:33:6b:69:8d:99:b9:b4:34:4b:
-         79:a8:16:68
+         4b:88:54:a8:57:f0:62:4d:b3:c5:8c:d2:02:0a:89:19:45:63:
+         8e:37:5c:a9:f7:8c:c5:7c:9d:19:b4:5d:b6:a4:29:4d:97:da:
+         6e:3c:27:ec:02:5c:fb:e2:93:6f:b6:1a:dc:5e:25:1f:be:ab:
+         6f:37:ff:d6:98:67:7c:f7:53:84:3b:e6:f7:22:ef:52:b0:8f:
+         9d:4e:2f:41:2a:7d:2f:f8:02:1e:f5:cd:9a:b2:68:68:d6:ef:
+         ed:6a:96:a0:84:6f:0c:5e:7b:44:f9:6f:d0:00:6f:dd:83:6a:
+         d9:d9:17:9d:32:9a:ea:4b:87:f9:12:45:3e:b8:de:20:fe:f4:
+         b8:3f:f4:99:61:a6:2b:97:1b:7c:a0:90:cf:e9:3b:cd:94:ce:
+         85:df:fb:6a:2b:67:5b:8c:28:de:e6:0b:4b:68:5b:b3:4a:3e:
+         10:3b:0c:d8:c8:f1:3e:3d:cc:2f:16:76:24:43:b6:3b:fd:cf:
+         2f:07:0f:15:31:59:5e:cd:84:a9:82:05:1f:0c:97:56:5d:90:
+         49:bd:84:47:ec:07:b9:cf:fa:a0:56:9b:ae:e2:a9:96:b2:62:
+         02:4a:fa:42:d5:23:dc:1c:6b:5c:41:3d:f2:73:e8:ed:32:93:
+         cc:f7:02:5a:b4:be:84:ca:73:26:9f:03:2c:b3:74:96:20:7e:
+         12:ea:e5:ef
 -----BEGIN CERTIFICATE-----
 MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjExMjIw
-MjMwNzI1WhcNMjQwOTE1MjMwNzI1WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjIwMjE1
+MTI1MDI0WhcNMjQxMTExMTI1MDI0WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
 BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
@@ -80,26 +80,26 @@ BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
 M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
 bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
 DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
-9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFH2UcIi6B0KNqq9PvsIaSPDRQOZCMAwG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFCaMk/n59B6zAXKUVWdt4vg92un0MAwG
 A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBzWW9V
-lOE45yBaEUZHqCkRFwYZFngir1T42TJhJj85q6Tf767QC8wrr5VwkJdTzBlt8k1M
-+uSdfFTgWzsfHlJGf9m6oJC6bd89Z/CfUkTD4WY23GFYEbpMDMIp2vcTRWCyEXmR
-7Xyft39c4inGHr942r/RvZz3TiPgw+9vtmd810wC1b1n7n4M44nbeWEe0F/16GZI
-OlVU1RYSMADJhnXgyf84dM7Ix/3vlthVlnE1Yts0xS8HhIqqGx53UAogOyFLBhSv
-eBGiQcZdDHDgUrSeTIarW6Pgj6LCGmlwgDu9UCMmck/6/d/thTIs5Ks+86bQHdsz
-a2mNmbm0NEt5qBZo
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBLiFSo
+V/BiTbPFjNICCokZRWOON1yp94zFfJ0ZtF22pClNl9puPCfsAlz74pNvthrcXiUf
+vqtvN//WmGd891OEO+b3Iu9SsI+dTi9BKn0v+AIe9c2asmho1u/tapaghG8MXntE
++W/QAG/dg2rZ2RedMprqS4f5EkU+uN4g/vS4P/SZYaYrlxt8oJDP6TvNlM6F3/tq
+K2dbjCje5gtLaFuzSj4QOwzYyPE+PcwvFnYkQ7Y7/c8vBw8VMVlezYSpggUfDJdW
+XZBJvYRH7Ae5z/qgVpuu4qmWsmICSvpC1SPcHGtcQT3yc+jtMpPM9wJatL6EynMm
+nwMss3SWIH4S6uXv
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            7d:94:70:88:ba:07:42:8d:aa:af:4f:be:c2:1a:48:f0:d1:40:e6:42
+            26:8c:93:f9:f9:f4:1e:b3:01:72:94:55:67:6d:e2:f8:3d:da:e9:f4
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 20 23:07:24 2021 GMT
-            Not After : Sep 15 23:07:24 2024 GMT
+            Not Before: Feb 15 12:50:24 2022 GMT
+            Not After : Nov 11 12:50:24 2024 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -130,7 +130,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:7D:94:70:88:BA:07:42:8D:AA:AF:4F:BE:C2:1A:48:F0:D1:40:E6:42
+                serial:26:8C:93:F9:F9:F4:1E:B3:01:72:94:55:67:6D:E2:F8:3D:DA:E9:F4
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -139,27 +139,27 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         b0:71:bb:ba:45:5a:80:25:02:a4:7e:88:0b:a9:7b:fd:b0:bb:
-         f6:46:b5:ba:f4:c7:e3:61:20:8c:03:15:66:f5:e4:54:82:ef:
-         13:80:97:22:67:c1:d1:88:5d:e2:2d:57:f6:e0:9f:69:d6:b1:
-         5c:b6:e8:e0:98:89:c8:14:12:d6:b6:89:8d:6c:b9:a0:59:4f:
-         92:ee:11:53:6b:7d:93:4a:69:0a:85:d9:d5:d2:62:e8:c9:b5:
-         c6:4e:17:f5:0a:e8:f3:2d:86:61:0b:eb:c4:c4:c6:67:75:ed:
-         9a:9f:53:a0:71:1e:a0:90:0d:f9:03:b4:bc:86:19:6e:f0:3b:
-         4f:e8:ed:68:f6:e7:23:43:3b:36:83:83:4b:46:a0:9a:01:d0:
-         c7:85:bb:7d:94:a0:21:3d:7e:3c:6a:3d:81:db:41:7b:46:d8:
-         15:62:d5:8f:4d:3d:c0:db:9a:c5:81:a8:ac:da:87:99:c7:dd:
-         b9:f1:14:af:d1:93:e3:f3:42:d7:a2:04:51:21:54:29:c3:45:
-         f6:be:5c:fa:cd:db:bf:2f:79:81:42:e5:8f:47:0b:d4:54:01:
-         b5:c2:4a:46:d6:a8:31:2e:64:80:3f:48:61:91:29:f3:aa:43:
-         5c:69:6e:f1:01:b9:df:63:71:3d:b9:5a:fb:36:c0:11:a2:c3:
-         30:9d:95:c3
+         62:e4:1b:28:3c:9d:d2:60:a9:55:be:6a:f6:20:f2:da:e8:a1:
+         1a:97:b1:90:77:82:ed:c7:77:29:53:33:18:10:62:e0:bd:93:
+         1b:d2:d6:a1:80:43:1d:64:f1:42:92:ec:b7:b8:f0:6b:da:59:
+         83:f4:b8:87:e6:fc:70:21:ea:62:32:70:68:14:0e:dc:b4:f1:
+         66:e2:6e:ab:d2:72:6f:da:df:71:f6:3d:27:97:7d:be:e1:d1:
+         ac:16:ad:d7:4f:aa:9d:0c:1e:6e:a9:5e:7d:57:5b:3c:c7:6d:
+         d2:f2:5c:c3:dc:3d:36:99:8e:ab:c0:7f:13:a5:f4:67:8b:e2:
+         a6:51:31:f1:03:91:00:a8:c4:c5:1d:7f:35:62:b8:1d:a0:a5:
+         ab:ec:32:68:ee:f3:ca:48:16:9f:f4:1e:7e:ea:fa:b0:86:15:
+         52:36:6c:4b:58:44:a7:eb:20:78:6e:7e:e8:00:40:ac:98:d8:
+         53:f3:13:4b:b8:98:66:50:63:ed:af:e5:a4:f6:c9:90:1c:84:
+         0a:09:45:2f:a1:e1:37:63:b5:43:8c:a0:2e:7f:c4:d4:e1:ae:
+         b7:b9:45:13:f8:70:d5:79:06:4f:82:83:4b:98:d7:56:47:64:
+         9a:6a:6d:8e:7a:9d:ef:83:0f:6b:75:0e:47:22:92:f3:b4:b2:
+         84:61:1f:1c
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUfZRwiLoHQo2qr0++whpI8NFA5kIwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUJoyT+fn0HrMBcpRVZ23i+D3a6fQwDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIxMTIyMDIzMDcyNFoXDTI0MDkxNTIzMDcyNFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTIyMDIxNTEyNTAyNFoXDTI0MTExMTEyNTAyNFowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -174,12 +174,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-fZRwiLoHQo2qr0++whpI8NFA5kIwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+JoyT+fn0HrMBcpRVZ23i+D3a6fQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBALBxu7pFWoAlAqR+iAupe/2wu/ZGtbr0x+NhIIwD
-FWb15FSC7xOAlyJnwdGIXeItV/bgn2nWsVy26OCYicgUEta2iY1suaBZT5LuEVNr
-fZNKaQqF2dXSYujJtcZOF/UK6PMthmEL68TExmd17ZqfU6BxHqCQDfkDtLyGGW7w
-O0/o7Wj25yNDOzaDg0tGoJoB0MeFu32UoCE9fjxqPYHbQXtG2BVi1Y9NPcDbmsWB
-qKzah5nH3bnxFK/Rk+PzQteiBFEhVCnDRfa+XPrN278veYFC5Y9HC9RUAbXCSkbW
-qDEuZIA/SGGRKfOqQ1xpbvEBud9jcT25Wvs2wBGiwzCdlcM=
+DQYJKoZIhvcNAQELBQADggEBAGLkGyg8ndJgqVW+avYg8trooRqXsZB3gu3HdylT
+MxgQYuC9kxvS1qGAQx1k8UKS7Le48GvaWYP0uIfm/HAh6mIycGgUDty08WbibqvS
+cm/a33H2PSeXfb7h0awWrddPqp0MHm6pXn1XWzzHbdLyXMPcPTaZjqvAfxOl9GeL
+4qZRMfEDkQCoxMUdfzViuB2gpavsMmju88pIFp/0Hn7q+rCGFVI2bEtYRKfrIHhu
+fugAQKyY2FPzE0u4mGZQY+2v5aT2yZAchAoJRS+h4TdjtUOMoC5/xNThrre5RRP4
+cNV5Bk+Cg0uY11ZHZJpqbY56ne+DD2t1DkcikvO0soRhHxw=
 -----END CERTIFICATE-----
diff --git a/examples/certs/server-ecc.pem b/examples/certs/server-ecc.pem
index 444644b0..24d3d40f 100644
--- a/examples/certs/server-ecc.pem
+++ b/examples/certs/server-ecc.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 20 23:07:25 2021 GMT
-            Not After : Sep 15 23:07:25 2024 GMT
+            Not Before: Feb 15 12:50:24 2022 GMT
+            Not After : Nov 11 12:50:24 2024 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -34,16 +34,16 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:5a:67:b9:ee:02:34:27:1b:d4:c4:35:7b:ed:59:
-         8e:63:c4:8a:b7:e9:92:c1:8a:76:b0:8b:cd:24:49:78:ba:ef:
-         02:20:29:b8:b6:5f:83:f7:56:6a:f1:4d:d9:9f:52:2a:f9:8f:
-         53:14:49:8b:5f:5e:87:af:7f:ca:2e:e0:d8:e7:75:0c
+         30:45:02:20:5b:9d:f4:69:17:88:c0:13:34:3d:81:81:dc:fb:
+         27:7c:a0:63:00:87:d5:48:e1:9c:57:c9:01:c1:d2:5f:30:58:
+         02:21:00:89:93:a5:b6:04:de:4d:3d:98:ed:0b:ce:3a:74:3e:
+         6c:f1:80:1f:28:d8:ee:78:af:da:8a:3b:b4:27:38:e2:b1
 -----BEGIN CERTIFICATE-----
-MIICoDCCAkegAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR
+MIICoTCCAkegAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR
 BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv
 bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjExMjIw
-MjMwNzI1WhcNMjQwOTE1MjMwNzI1WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjIwMjE1
+MTI1MDI0WhcNMjQxMTExMTI1MDI0WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
 DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
 hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
@@ -51,7 +51,7 @@ QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih
 f/DPGNqREQI0huggWDMLgDSJ2KOBiTCBhjAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr
 SiUCI++yiTAwHwYDVR0jBBgwFoAUVo6aw/BC3hi5RVVu+ZPP6sPzpSEwDAYDVR0T
 AQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEQYJ
-YIZIAYb4QgEBBAQDAgZAMAoGCCqGSM49BAMCA0cAMEQCIFpnue4CNCcb1MQ1e+1Z
-jmPEirfpksGKdrCLzSRJeLrvAiApuLZfg/dWavFN2Z9SKvmPUxRJi19eh69/yi7g
-2Od1DA==
+YIZIAYb4QgEBBAQDAgZAMAoGCCqGSM49BAMCA0gAMEUCIFud9GkXiMATND2Bgdz7
+J3ygYwCH1UjhnFfJAcHSXzBYAiEAiZOltgTeTT2Y7QvOOnQ+bPGAHyjY7niv2oo7
+tCc44rE=
 -----END CERTIFICATE-----
diff --git a/src/test/com/wolfssl/test/WolfSSLCertificateTest.java b/src/test/com/wolfssl/test/WolfSSLCertificateTest.java
index 30e1118a..2c96287c 100644
--- a/src/test/com/wolfssl/test/WolfSSLCertificateTest.java
+++ b/src/test/com/wolfssl/test/WolfSSLCertificateTest.java
@@ -194,10 +194,10 @@ public void test_WolfSSLCertificate_new_pemFile() {
 
     public void test_getSerial() {
         byte[] expected = new byte[]{
-            (byte)0x53, (byte)0x16, (byte)0x7c, (byte)0xa0, (byte)0x56,
-            (byte)0x50, (byte)0x46, (byte)0x27, (byte)0x82, (byte)0xed,
-            (byte)0x60, (byte)0xb4, (byte)0xda, (byte)0x33, (byte)0xd8,
-            (byte)0x6a, (byte)0xc0, (byte)0xea, (byte)0xdc, (byte)0x31
+            (byte)0x01, (byte)0x1a, (byte)0xeb, (byte)0x56, (byte)0xab,
+            (byte)0xdc, (byte)0x8b, (byte)0xf3, (byte)0xa6, (byte)0x1e,
+            (byte)0xf4, (byte)0x93, (byte)0x60, (byte)0x89, (byte)0xb7,
+            (byte)0x05, (byte)0x07, (byte)0x29, (byte)0x01, (byte)0x2c
         };
         byte[] serial;
         int i;
@@ -217,7 +217,7 @@ public void test_getSerial() {
     @SuppressWarnings("deprecation")
     public void test_notBefore() {
         Date date = cert.notBefore();
-        Date expected = new Date("Dec 20 23:07:24 2021 GMT");
+        Date expected = new Date("Feb 15 12:50:24 2022 GMT");
         System.out.print("\t\tnotBefore");
         if (date.compareTo(expected) != 0) {
             System.out.println("\t\t... failed");
@@ -230,7 +230,7 @@ public void test_notBefore() {
     @SuppressWarnings("deprecation")
     public void test_notAfter() {
         Date date = cert.notAfter();
-        Date expected = new Date("Sep 15 23:07:24 2024 GMT");
+        Date expected = new Date("Nov 11 12:50:24 2024 GMT");
         System.out.print("\t\tnotAfter");
         if (date.compareTo(expected) != 0) {
             System.out.println("\t\t... failed");
@@ -253,70 +253,49 @@ public void test_getVersion() {
     public void test_getSignature() {
         byte[] sig = cert.getSignature();
         byte[] expected = new byte[] {
-            (byte)0xB8, (byte)0xE8, (byte)0xE3, (byte)0x2A,
-            (byte)0x48, (byte)0x6C, (byte)0x04, (byte)0x8B,
-            (byte)0xF8, (byte)0x81, (byte)0x14, (byte)0x1A,
-            (byte)0xCE, (byte)0x14, (byte)0xED, (byte)0xC7,
-            (byte)0xF0, (byte)0xD3, (byte)0xCB, (byte)0x9A,
-            (byte)0x91, (byte)0xD9, (byte)0x2C, (byte)0x1D,
-            (byte)0x6E, (byte)0x73, (byte)0x36, (byte)0x8F,
-            (byte)0xA3, (byte)0x61, (byte)0xC4, (byte)0x1F,
-            (byte)0xDA, (byte)0xD1, (byte)0x4B, (byte)0xB6,
-            (byte)0x40, (byte)0xD0, (byte)0x6A, (byte)0xC4,
-            (byte)0x2B, (byte)0x43, (byte)0xC8, (byte)0x2F,
-            (byte)0xFB, (byte)0xEE, (byte)0x5A, (byte)0xC9,
-            (byte)0x41, (byte)0x9D, (byte)0x2B, (byte)0x6F,
-            (byte)0xF3, (byte)0x39, (byte)0x67, (byte)0x20,
-            (byte)0xEC, (byte)0x7C, (byte)0xD6, (byte)0xA0,
-            (byte)0x7F, (byte)0x06, (byte)0x79, (byte)0xCD,
-            (byte)0x52, (byte)0x2C, (byte)0xC9, (byte)0x3C,
-            (byte)0x5B, (byte)0xBF, (byte)0xE5, (byte)0x01,
-            (byte)0x47, (byte)0x90, (byte)0xF0, (byte)0x82,
-            (byte)0x88, (byte)0xF1, (byte)0x3D, (byte)0x45,
-            (byte)0x25, (byte)0xF4, (byte)0xD1, (byte)0x4B,
-            (byte)0xEC, (byte)0xAC, (byte)0x3F, (byte)0x1B,
-            (byte)0xCE, (byte)0xA1, (byte)0x0E, (byte)0x61,
-            (byte)0xA0, (byte)0x29, (byte)0x41, (byte)0xF6,
-            (byte)0x21, (byte)0x0E, (byte)0x9F, (byte)0x73,
-            (byte)0xB3, (byte)0x39, (byte)0x34, (byte)0xC4,
-            (byte)0x1E, (byte)0x55, (byte)0x5F, (byte)0x9F,
-            (byte)0xE7, (byte)0x42, (byte)0xCA, (byte)0xAB,
-            (byte)0x8F, (byte)0x3C, (byte)0x62, (byte)0x86,
-            (byte)0x26, (byte)0x94, (byte)0xB5, (byte)0xB7,
-            (byte)0x8B, (byte)0x7C, (byte)0x65, (byte)0x4C,
-            (byte)0x3E, (byte)0xB7, (byte)0xAC, (byte)0xF5,
-            (byte)0x51, (byte)0x0D, (byte)0xA5, (byte)0x14,
-            (byte)0x0F, (byte)0x6F, (byte)0x2B, (byte)0xFE,
-            (byte)0x62, (byte)0x95, (byte)0x26, (byte)0x1E,
-            (byte)0x10, (byte)0x52, (byte)0xAE, (byte)0x44,
-            (byte)0x58, (byte)0x95, (byte)0xDC, (byte)0xB4,
-            (byte)0xC4, (byte)0x76, (byte)0x2F, (byte)0x14,
-            (byte)0x28, (byte)0x64, (byte)0x45, (byte)0xAA,
-            (byte)0x94, (byte)0x61, (byte)0xDA, (byte)0x1A,
-            (byte)0xD0, (byte)0xCF, (byte)0xB3, (byte)0x3A,
-            (byte)0x83, (byte)0xC8, (byte)0x66, (byte)0xFB,
-            (byte)0xE8, (byte)0x58, (byte)0xDC, (byte)0xD4,
-            (byte)0x91, (byte)0x4A, (byte)0x9A, (byte)0xE7,
-            (byte)0xC8, (byte)0xB6, (byte)0xEA, (byte)0xF9,
-            (byte)0x52, (byte)0x19, (byte)0xB2, (byte)0x3D,
-            (byte)0x5F, (byte)0x95, (byte)0x29, (byte)0xAC,
-            (byte)0x8B, (byte)0xCF, (byte)0x9B, (byte)0x5C,
-            (byte)0xD6, (byte)0xDD, (byte)0xCD, (byte)0x6B,
-            (byte)0xF2, (byte)0x71, (byte)0xFD, (byte)0xB6,
-            (byte)0x4D, (byte)0x18, (byte)0x98, (byte)0x08,
-            (byte)0x5B, (byte)0x8A, (byte)0xE7, (byte)0x2B,
-            (byte)0xCB, (byte)0xBD, (byte)0x68, (byte)0x97,
-            (byte)0x1C, (byte)0x02, (byte)0xAA, (byte)0x41,
-            (byte)0x59, (byte)0x0D, (byte)0xF8, (byte)0x0E,
-            (byte)0x50, (byte)0xD7, (byte)0x48, (byte)0x6F,
-            (byte)0x81, (byte)0xC4, (byte)0x00, (byte)0x70,
-            (byte)0x56, (byte)0x67, (byte)0x64, (byte)0x1A,
-            (byte)0xB3, (byte)0x56, (byte)0xFC, (byte)0x23,
-            (byte)0xF4, (byte)0x84, (byte)0x49, (byte)0x36,
-            (byte)0xF7, (byte)0x7F, (byte)0x38, (byte)0x94,
-            (byte)0x38, (byte)0xDA, (byte)0x40, (byte)0x81,
-            (byte)0xC0, (byte)0xB9, (byte)0xB0, (byte)0xAD,
-            (byte)0xEA, (byte)0xCE, (byte)0x38, (byte)0xF2
+            (byte)0x64, (byte)0x6d, (byte)0xa6, (byte)0x4a, (byte)0xa8, (byte)0x9f,
+            (byte)0xa7, (byte)0xe9, (byte)0x75, (byte)0x2c, (byte)0xf3, (byte)0x85,
+            (byte)0x3d, (byte)0x3e, (byte)0xaf, (byte)0x38, (byte)0xfb, (byte)0x6c,
+            (byte)0xc7, (byte)0xeb, (byte)0xc7, (byte)0xd0, (byte)0x2b, (byte)0xa2,
+            (byte)0x45, (byte)0xb5, (byte)0x65, (byte)0xbe, (byte)0xd0, (byte)0x13,
+            (byte)0x2c, (byte)0xf7, (byte)0xa3, (byte)0xc1, (byte)0xeb, (byte)0x3c,
+            (byte)0xb1, (byte)0xf8, (byte)0xb8, (byte)0x3d, (byte)0x63, (byte)0x8f,
+            (byte)0xca, (byte)0x08, (byte)0x4e, (byte)0x65, (byte)0x1d, (byte)0x2c,
+            (byte)0xce, (byte)0x34, (byte)0x6e, (byte)0x35, (byte)0x96, (byte)0x87,
+            (byte)0x93, (byte)0x30, (byte)0x5d, (byte)0xaa, (byte)0xc8, (byte)0xe9,
+            (byte)0xa0, (byte)0x9c, (byte)0x9b, (byte)0x84, (byte)0x78, (byte)0x3a,
+            (byte)0x52, (byte)0xa1, (byte)0x33, (byte)0x48, (byte)0x6e, (byte)0x84,
+            (byte)0x66, (byte)0x71, (byte)0x9c, (byte)0xcf, (byte)0xd1, (byte)0xc7,
+            (byte)0x7b, (byte)0x02, (byte)0x4c, (byte)0xe1, (byte)0x49, (byte)0x7c,
+            (byte)0x69, (byte)0x47, (byte)0xfc, (byte)0xb7, (byte)0x01, (byte)0xf9,
+            (byte)0xa0, (byte)0x39, (byte)0x3b, (byte)0xab, (byte)0xb9, (byte)0xc6,
+            (byte)0xd9, (byte)0xca, (byte)0x27, (byte)0x85, (byte)0xf0, (byte)0x5c,
+            (byte)0xb6, (byte)0xa4, (byte)0xe6, (byte)0xdc, (byte)0xf2, (byte)0x52,
+            (byte)0xfe, (byte)0x44, (byte)0x00, (byte)0xb6, (byte)0xf0, (byte)0x47,
+            (byte)0xf2, (byte)0x6f, (byte)0x3f, (byte)0xd5, (byte)0x0f, (byte)0xff,
+            (byte)0x31, (byte)0x93, (byte)0x53, (byte)0x88, (byte)0x8c, (byte)0xc7,
+            (byte)0xfb, (byte)0x56, (byte)0x10, (byte)0x4b, (byte)0x3b, (byte)0x43,
+            (byte)0xe6, (byte)0x8a, (byte)0x9c, (byte)0xb7, (byte)0xb4, (byte)0x9a,
+            (byte)0xdd, (byte)0x5c, (byte)0xe3, (byte)0xcd, (byte)0x9c, (byte)0xbd,
+            (byte)0xa7, (byte)0x0c, (byte)0xc1, (byte)0xd9, (byte)0x96, (byte)0xf0,
+            (byte)0x93, (byte)0xf3, (byte)0xab, (byte)0xbd, (byte)0xd2, (byte)0x1e,
+            (byte)0x77, (byte)0x8a, (byte)0x42, (byte)0xcd, (byte)0x0f, (byte)0xfe,
+            (byte)0x48, (byte)0xda, (byte)0x57, (byte)0x34, (byte)0x61, (byte)0x46,
+            (byte)0xa3, (byte)0x89, (byte)0x2e, (byte)0x31, (byte)0xd2, (byte)0x4a,
+            (byte)0xd4, (byte)0x43, (byte)0x2f, (byte)0x56, (byte)0x85, (byte)0x44,
+            (byte)0x75, (byte)0xca, (byte)0x6b, (byte)0x36, (byte)0xe2, (byte)0xe8,
+            (byte)0x3a, (byte)0xb2, (byte)0x95, (byte)0x95, (byte)0x3a, (byte)0x28,
+            (byte)0x90, (byte)0x8d, (byte)0xc0, (byte)0x23, (byte)0xfb, (byte)0x3c,
+            (byte)0xd2, (byte)0x1a, (byte)0x73, (byte)0x6b, (byte)0xef, (byte)0xfd,
+            (byte)0xd6, (byte)0x1b, (byte)0xeb, (byte)0x6d, (byte)0x67, (byte)0x2a,
+            (byte)0xe1, (byte)0xeb, (byte)0x2a, (byte)0x83, (byte)0x22, (byte)0xad,
+            (byte)0xe3, (byte)0x95, (byte)0x19, (byte)0xe5, (byte)0x93, (byte)0xee,
+            (byte)0x14, (byte)0xdc, (byte)0xb5, (byte)0x7d, (byte)0xe7, (byte)0xcf,
+            (byte)0x89, (byte)0x8c, (byte)0xd7, (byte)0x8f, (byte)0xd2, (byte)0x3f,
+            (byte)0x68, (byte)0x7e, (byte)0xa9, (byte)0x74, (byte)0x7c, (byte)0x1b,
+            (byte)0x38, (byte)0x65, (byte)0xf9, (byte)0x28, (byte)0x4d, (byte)0xff,
+            (byte)0x50, (byte)0xc8, (byte)0xee, (byte)0x51, (byte)0x3a, (byte)0x8f,
+            (byte)0x1d, (byte)0x9e, (byte)0x55, (byte)0x5e
         };
         int i;
         System.out.print("\t\tgetSignature");

From f2aabae616b272aacd22fb50747001bbc495ab93 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 22 Apr 2022 16:10:22 -0600
Subject: [PATCH 09/12] update convert-to-bks.sh script for use on Android

---
 examples/provider/convert-to-bks.sh | 39 +++++++++++++++++++++--------
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/examples/provider/convert-to-bks.sh b/examples/provider/convert-to-bks.sh
index 96a932d3..e3a33305 100755
--- a/examples/provider/convert-to-bks.sh
+++ b/examples/provider/convert-to-bks.sh
@@ -11,23 +11,42 @@ keytool -importkeystore -srckeystore ${1}.jks -destkeystore ${1}.bks -srcstorety
 
 }
 
-rm -f server.bks &> /dev/null
-convert "server"
+rm -f all.bks &> /dev/null
+convert "all"
+
+rm -f all_mixed.bks &> /dev/null
+convert "all_mixed"
 
 rm -f client.bks &> /dev/null
 convert "client"
 
-rm -f rsa.bks &> /dev/null
-convert "rsa"
+rm -f client-rsa-1024.bks &> /dev/null
+convert "client-rsa-1024"
 
-rm -f all.bks &> /dev/null
-convert "all"
+rm -f client-rsa.bks &> /dev/null
+convert "client-rsa"
 
-rm -f all_mixed.bks &> /dev/null
-convert "all_mixed"
+rm -f client-ecc.bks &> /dev/null
+convert "client-ecc"
+
+rm -f server.bks &> /dev/null
+convert "server"
+
+rm -f server-rsa-1024.bks &> /dev/null
+convert "server-rsa-1024"
+
+rm -f server-rsa.bks &> /dev/null
+convert "server-rsa"
+
+rm -f server-ecc.bks &> /dev/null
+convert "server-ecc"
 
 rm -f cacerts.bks &> /dev/null
 convert "cacerts"
 
-rm -f ecc.bks &> /dev/null
-convert "ecc"
+rm -f ca-client.bks &> /dev/null
+convert "ca-client"
+
+rm -f ca-server.bks &> /dev/null
+convert "ca-server"
+

From 5b1a3c643f7ca56c00f64d6cc3d320d15edaaab0 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 22 Apr 2022 16:11:20 -0600
Subject: [PATCH 10/12] update Android Studio project gradle version to 7.1.3

---
 IDE/Android/build.gradle                             | 2 +-
 IDE/Android/gradle/wrapper/gradle-wrapper.properties | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/IDE/Android/build.gradle b/IDE/Android/build.gradle
index 09988364..ebe620bf 100644
--- a/IDE/Android/build.gradle
+++ b/IDE/Android/build.gradle
@@ -7,7 +7,7 @@ buildscript {
         
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:4.2.2'
+        classpath 'com.android.tools.build:gradle:7.1.3'
         
         // NOTE: Do not place your application dependencies here; they belong
         // in the individual module build.gradle files
diff --git a/IDE/Android/gradle/wrapper/gradle-wrapper.properties b/IDE/Android/gradle/wrapper/gradle-wrapper.properties
index 2a5b1bf1..17aae0d9 100644
--- a/IDE/Android/gradle/wrapper/gradle-wrapper.properties
+++ b/IDE/Android/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
 #Thu Nov 04 15:51:08 MDT 2021
 distributionBase=GRADLE_USER_HOME
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip
 distributionPath=wrapper/dists
 zipStorePath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME

From 302f5a40bf8f5c047d74266f72f2fde18290dbba Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Wed, 27 Apr 2022 09:54:03 -0600
Subject: [PATCH 11/12] update README with 1.9.0 release notes

---
 README.md | 38 ++++++++++++++++++++++++++++++++------
 1 file changed, 32 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index f5f97b21..b443b9d8 100644
--- a/README.md
+++ b/README.md
@@ -148,12 +148,38 @@ Additional instructions can be found on the wolfSSL.com website:
 
 ## Release Notes
 
-### wolfSSL JNI Release X.X.X (TBD)
-
-Release X.X.X has bug fixes and new features including:
-
-* Removal of HC-128 stream cipher support. Native wolfSSL removed HC-128
-support in [PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767)
+### wolfSSL JNI Release 1.9.0 (TBD)
+
+Release 1.9.0 has bug fixes and new features including:
+
+**JNI and JSSE Changes:**
+* Add synchronization to class cleanup/free routines (PR 78)
+* Fix JNI native casting to use utintptr\_t instead of intptr\_t (PR 79)
+* Add support for newer Java versions (ex: Java 17) (PR 90)
+* Remove HC-128 support (PR 94). Native wolfSSL removed with
+[PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767)
+* Remove RABBIT support (PR 96). Native wolfSSL removed with
+[PR #4774](https://github.com/wolfSSL/wolfssl/pull/4767)
+* Remove IDEA support (PR 97). Native wolfSSL removed in
+[PR #4806](https://github.com/wolfSSL/wolfssl/pull/4806).
+* Fix typecasting issues and cleanup for native argument checking (PR 98, 99)
+* Add Socket timeout support for native SSL\_connect/write() (PR 95)
+* SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76)
+* Fix shutdown/close\_notify alert handling in WolfSSLEngine (PR 83)
+* Fix WolfSSLSocket to test if close() called before object init (PR 88)
+* Add support for loading default system CA certs on Java 9+ (PR 89)
+* Fix timeout behavior with WolfSSLSession.connect() (PR 100)
+
+**Example Changes:**
+* Print wolfJSSE provider info in JSSE ProviderTest (PR 77)
+* Add option to ClientJSSE to do one session resumption (PR 80)
+* Update example certificates and keys (PR 81)
+
+**Documentation Changes:**
+* Add missing Javadocs, fix warnings on newer Java versions (PR 92)
+
+**Testing Changes:**
+* Update junit dependency to 4.13.2 (PR 91)
 
 The wolfSSL JNI Manual is available at:
 http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build

From 8849604513d741921b51e51ae285406156dbd626 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Wed, 27 Apr 2022 09:57:45 -0600
Subject: [PATCH 12/12] update README

---
 README.md | 41 +++++++++++++++++++++++++----------------
 1 file changed, 25 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index b443b9d8..3465a19f 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,17 @@
 
 # wolfSSL JSSE Provider and JNI Wrapper
 
-This package provides both a wolfSSL Java JSSE provider (**wolfJSSE**), and a
-thin JNI-based interface to the native
-[wolfSSL embedded SSL/TLS library](https://www.wolfssl.com/products/wolfssl/).
-These provide Java applications with SSL/TLS support up to the current
-[TLS 1.3](https://www.wolfssl.com/tls13) protocol standard.
+This package provides Java support for the
+[wolfSSL embedded SSL/TLS library](https://www.wolfssl.com/products/wolfssl/),
+giving applications support for SSL/TLS up to the current
+[TLS 1.3](https://www.wolfssl.com/tls13) protocol level.
+It contains both a wolfSSL **JSSE** (Java Secure Socket Extension) provider,
+called **wolfJSSE**, and a thin JNI-based interface that wraps the native C
+library.
+
+wolfSSL also provides a **JCE** (Java Cryptography Extension) provider that
+wraps native wolfCrypt. This can be found in a separate repository, located
+[here](https://github.com/wolfSSL/wolfcrypt-jni).
 
 ## Why use wolfJSSE?
 
@@ -19,10 +25,10 @@ and more!
 
 ## User Manual
 
-The wolfSSL JNI/JSSE Manual is available on wolfssl.com:
+The wolfSSL JNI/JSSE Manual is available on the wolfSSL website:
 [wolfSSL JNI Manual](https://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf).
 
-For additional build instructions and more detailed comments, please check
+For additional build instructions and more detailed comments, please reference
 the manual.
 
 ## Building
@@ -40,11 +46,12 @@ Build targets for ant are :
 * **ant clean**     (cleans all Java artifacts)
 * **ant cleanjni**  (cleans native artifacts)
 
-wolfJSSE currently supports compilation on Linux/Unix and Android.
+wolfJSSE currently supports compilation on Linux/Unix, OSX, and Android.
 
-To build wolfJSSE on Linux, first download, compile, and install wolfSSL.
-wolfSSL can be downloaded from the wolfSSL download page or cloned from
-GitHub.
+To build wolfJSSE in Linux/Unix environments, first download, compile, and
+install wolfSSL. wolfSSL can be downloaded from the wolfSSL
+[download page](https://www.wolfssl.com/download/) or cloned from
+[GitHub](https://github.com/wolfssl/wolfssl).
 
 ```
 $ unzip wolfssl-X.X.X.zip
@@ -60,6 +67,7 @@ Then, to build wolfJSSE:
 $ cd wolfssljni
 $ ./java.sh
 $ ant
+$ export JUNIT_HOME=/path/to/junit/jars
 $ ant test
 ```
 
@@ -82,7 +90,7 @@ $ ./examples/provider/ClientJSSE.sh
 Examples of using wolfssljni can be found in the `./examples` subdirectory.
 See [examples/README.md](./examples/README.md) for more details.
 
-Examples of using wolfJSSE can be found in the `./examples/provider`
+Examples of using the wolfJSSE provider can be found in the `./examples/provider`
 subdirectory. See [examples/provider/README.md](./examples/provider/README.md)
 for more details.
 
@@ -106,15 +114,15 @@ Android AOSP at the system-level.
 
 An example Android Studio application is included in this package, to show
 users how they could include the wolfSSL native and wolfSSL JNI/JSSE sources
-in an Androi Studio application. For more details, see the Android Studio
+in an Android Studio application. For more details, see the Android Studio
 project and README.md located in the [./IDE/Android](./IDE/Android) directory.
 
 Using wolfJSSE at the application level will allow developers to register
 wolfJSSE as a Security provider at the application scope. The application can
-they use the Java Security API for SSL/TLS operations which will then use the
+use the Java Security API for SSL/TLS operations which will then use the
 underlying wolfJSSE provider (and subsequently native wolfSSL).
 
-Applications can add the wolfJSSE provider using:
+Applications can register the wolfJSSE provider using:
 
 ```
 import com.wolfssl.provider.jsse.WolfSSLProvider;
@@ -122,7 +130,8 @@ import com.wolfssl.provider.jsse.WolfSSLProvider;
 Security.addProvider(new WolfSSLProvider());
 ```
 
-To instead insert the WolfSSLProvider as the top priority provider:
+To instead insert the WolfSSLProvider as the top priority provider, or at
+a specified index (note: indexing starts at 1):
 
 ```
 import com.wolfssl.provider.jsse.WolfSSLProvider;