Merge pull request #2 from chengr28/master

pull from upstream

Linux/README.md

+Revoke-China-Certs on Linux
+==========================================
+
+## Intro
+
+This tool revokes certain CA certificates for NSS-based applications on Linux,
+(most notably, Firefox & Chrome).
+
+On Linux there are multiple libraries for SSL/TLS and each may have its own
+certificate store. The `/etc/ca-certificate.conf` configures the trusted
+Root CAs for OpenSSL (which `wget` uses by default). Another widely used
+library is NSS by Mozilla, which supports blacklisting a specific intermediate
+CA without fiddling with the Root CA.
+
+**This tool is experimental. DO MAKE BACKUPS before you do anything!**
+
+## Usage
+
+First you need to have packages installed to provide `certutil`. On Ubuntu it would be:
+
+        sudo apt-get install libnss3-tools
+
+Then, use the `revoke-china-certs.sh` to do the revocation. For Chrome it would be:
+
+        ./revoke-china-certs.sh extended $HOME/.pki/nssdb
+
+to revoke trust of CAs within the *extended* set. Change `extended` to `all` or `base`
+or `restore` to revoke other sets of certs.
+
+Since Firefox maintains different certificate store for different browser profile (rather
+than per Linux user for Chrome), you need to do this for every profile under `~/.mozilla/firefox`.
+
+        for profile in `ls ~/.mozilla/firefox/*.default`;do
+            ./revoke-china-certs.sh extended $HOME/.mozilla/firefox/$profile
+        done
+
+## Notes
+
+Deselecting a CA by `dpkg-reconfigure ca-certificates` does NOT affect any NSS-based applications.

Linux/nss_revoke.sh

+#!/bin/sh
+
+DBPATH=$1
+CERTS=$2
+
+
+echo "Resetting CA set"
+RESETS=``
+
+certutil -d sql:${DBPATH} -L | grep -oP "NSS Certificate DB:revoke-china-certs:[^\s]+" | \
+while read CERT;do
+    certutil -d sql:${DBPATH} -D -n "${CERT}"
+done
+
+echo "Revoking CAs in $DBPATH/cert9.db"
+
+for CERT in $CERTS;do
+    # p,p,p: prohibit all use
+    certutil -d sql:${DBPATH} -A -n "revoke-china-certs:${CERT}" -t p,p,p -i ${CERT}
+done
+
+echo "Done"

Linux/revoke-china-certs.sh

+#!/bin/sh
+
+set -e
+
+if [ ${1:-extended} = 'all' ];then
+    echo "Generating ALL CRL set"
+    # TODO: Explicitly distinguish between CA & EE certificates.
+    CA_CERTS=`ls ../Windows/Certs/Online/*.crt`
+    EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt`
+    echo "all"
+elif [ ${1:-extended} = 'extended' ];then
+    echo "Generating EXTENDED CRL set"
+    CA_CERTS=`ls ../Windows/Certs/Online/CNNIC_*.crt ../Windows/Certs/Online/China_Internet_Network_Information_Center_EV_Certificates_Root.crt ../Windows/Certs/Online/[Suspicious]WaccBaiduCom.crt ../Windows/Certs/Online/GiantRootCA.crt ../Windows/Certs/Online/CFCA_*.crt  ../Windows/Certs/Online/UCA_*.crt  ../Windows/Certs/Online/[Suspicious]GoAgent_CA.crt`
+    EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt`
+elif [ ${1:-extended} = 'restore' ];then
+    echo "Generating RESTORE CRL set"
+    CA_CERTS=''
+    EE_CERTS=''
+else
+    echo "Generating Basic CRL set"
+    CA_CERTS=`ls ../Windows/Certs/Online/CNNIC_*.crt ../Windows/Certs/Online/China_Internet_Network_Information_Center_EV_Certificates_Root.crt ../Windows/Certs/Online/[Suspicious]WaccBaiduCom.crt ../Windows/Certs/Online/GiantRootCA.crt`
+    EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt`
+fi
+
+CERTS=`echo $CA_CERTS $EE_CERTS`
+./nss_revoke.sh ${2:-~/.pki/nssdb} "${CERTS}"

README.md

@@ -4,7 +4,7 @@ Revoke China Certificates.<br />
 全自动可疑证书吊销工具/全自動可疑憑證撤銷工具<br />
 
 ### Updated
-**2015-02-24**
+**2015-02-25**
 
 ### Type
 * Online Certificates/在线证书/在線證書
@@ -24,6 +24,7 @@ Revoke China Certificates.<br />
 * [English](https://github.com/chengr28/RevokeChinaCerts/wiki/ReadMe_Online)
 * [简体中文](https://github.com/chengr28/RevokeChinaCerts/wiki/ReadMe_Online(Chinese_Simplified))
 * [繁體中文](https://github.com/chengr28/RevokeChinaCerts/wiki/ReadMe_Online(Chinese_Traditional))
+* [Android](https://github.com/chengr28/RevokeChinaCerts/tree/master/Android)
 
 ### Usage(CodeSigning/Organization)
 * [English(CodeSigning)](https://github.com/chengr28/RevokeChinaCerts/wiki/ReadMe_CodeSigning)

Windows/Certs/CodeSigning/Beijing_Kingsoft_Security_Software_CoLtd_201412.crt

+-----BEGIN CERTIFICATE-----
+MIIFdzCCBF+gAwIBAgIQeh/nZ2pISdruK//EpP9L0zANBgkqhkiG9w0BAQUFADCB
+tDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
+YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEuMCwGA1UEAxMl
+VmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAxMCBDQTAeFw0xNDEyMjkw
+MDAwMDBaFw0xNjAxMjgyMzU5NTlaMIGoMQswCQYDVQQGEwJDTjEQMA4GA1UECBMH
+YmVpamluZzEQMA4GA1UEBxMHYmVpamluZzEzMDEGA1UEChQqQmVpamluZyBLaW5n
+c29mdCBTZWN1cml0eSBzb2Z0d2FyZSBDby4sTHRkMQswCQYDVQQLFAJJVDEzMDEG
+A1UEAxQqQmVpamluZyBLaW5nc29mdCBTZWN1cml0eSBzb2Z0d2FyZSBDby4sTHRk
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4H96NpBPM4piYDBxHB93
+26igM/APfSN0by7vsRhpg60SpXn8XJW/vSJKr8HUpYwtS+GPN9aFvN/KpDT5+SRB
+26RYoinHgyLsxFSPQIqQVgbyBwJxu16pjbva8qML2z7Uh1ioNv8nzIRwLy1BI2/M
+etHCmGcN7KgnCy+Bjq1l0ipeVjbrjIeRm7oskvv0epjiblCKywSLY4gpuaJ8h04T
+qdzmYkzKyvD5gjtkQT0u6CORuhNNjrReOiSYRrAOsuhQzGpy4cQtpwEd0F2gGgmb
+0uwrawyMYv5gg/YJxZd0E+GPjjhqi2NVDOSb+dXwyLuDk6OBPBy5Oib3SpU1lBxP
+TwIDAQABo4IBjTCCAYkwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwKwYDVR0f
+BCQwIjAgoB6gHIYaaHR0cDovL3NmLnN5bWNiLmNvbS9zZi5jcmwwZgYDVR0gBF8w
+XTBbBgtghkgBhvhFAQcXAzBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2Iu
+Y29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAT
+BgNVHSUEDDAKBggrBgEFBQcDAzBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGG
+E2h0dHA6Ly9zZi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zZi5zeW1j
+Yi5jb20vc2YuY3J0MB8GA1UdIwQYMBaAFM+Zqep7JvRLyY6P1/AFJu/j0qedMB0G
+A1UdDgQWBBTLiDXjtqWv2mSKzUhOhjUOpHO2zDARBglghkgBhvhCAQEEBAMCBBAw
+FgYKKwYBBAGCNwIBGwQIMAYBAQABAf8wDQYJKoZIhvcNAQEFBQADggEBAJIO9o10
+lg4MSyqbRmeoUvEW9T8I2nUY2mKqUzMYdF4jhBljuv5cKYtnCVbr7yXW7IhkwyAR
+zspPNMYrVLI03MvIbyGhk7T9F65wv7/uqJsnfqT/a6C6jhqLFGHoyFGTH207Xm+j
+6goixclXkI7ZoFGTnHM0h0T9AlfU4gEn3hgjUhK8iL1Eh4YPcXiMsqttL1run223
+qJ3074wUL8kC0gSDGmjN5hHX3ljt4REqYWoghlt1nq2q6O01cJ6y0lpAf58+EvjE
+BA7LWfneE3B7gsLNlpNmj4efRCHu9aUODXXs/eRGDqmaVib1Z6ayQAPAL5laUd6P
+Xgr+GTs36XnG4QQ=
+-----END CERTIFICATE-----

Windows/Certs/CodeSigning/Certification_Authority_Of_WoSign_UTN_USERFirst_Object.crt

+-----BEGIN CERTIFICATE-----
+MIIFljCCBH6gAwIBAgIQa9rf7/BmG9JkKvRuy7J5QDANBgkqhkiG9w0BAQUFADCB
+lTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3Qt
+T2JqZWN0MB4XDTk5MDcwOTE4MzEyMFoXDTE5MDcwOTE4NDAzNlowVTELMAkGA1UE
+BhMCQ04xGjAYBgNVBAoTEVdvU2lnbiBDQSBMaW1pdGVkMSowKAYDVQQDEyFDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eSBvZiBXb1NpZ24wggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQC9yo2suJEVVpd7a1x6wt5r2aGwwxAj+qehsswx+j7Zpilv
+Fj3ga/i4QF/bOagAeougTVR9wiJ4/I4JuKiF18yVl0t02J5+8ADkDomuSShEGhCZ
+Mg8liFOkDbMPEggWCwNxJxx/4dvS/WdoxAVdCg5dcNfYl6C8U0GakY30njZmen5W
+wZBf5rFoIDakjCQsLEcLWXZmMLW+3u2P+J3TuwEw5vLzDuAskoDzhfkoirRULprt
+93b8FWgW60ps6y4Sj9TP/gzHXB0LfgUyvl6wCSpC1clOkLNZDbt6fs3VCFq0f9gc
+aRH5Jw97Bq9Ugxh74d1UelFobnf8xr9SSmZGobJnGrujT3egvl3//FYLQ3J3kMqe
++fI59Q2p9OrX57MQLzBCNyHMMHDJhpgPzFhNg7t95RqlN422rDKXADpjcSQenjfE
+/3TUN8Di/ohGYBHdCD9QNqu4eqSVYmpusMpqIVpp8/P7HXA5lfOnbqaBiaGIxTtx
+yqNS7oO7/aB39ORv50LbbUqZijRIvBfc5IAIIrbyMcA/BD7rnyB51rgGZGQCMdep
+zVL7hEVpCQAq3FWLxAZGS8BKHQlbOSj9qavOAPkuSEsm5jBMpVjKtESCT+eRHjPD
+sJP/EfyB0sofcSnddk+SJa8dgbcPL4zDBswvJ6NK5A6ZunweRR9/qhlFlv38PQID
+AQABo4IBHzCCARswHwYDVR0jBBgwFoAU2u1kdBScFDyr3ZmpvVsoTYs8ydgwHQYD
+VR0OBBYEFOFmzw7R8bNLtwYgFP6HEtX2/vs+MA4GA1UdDwEB/wQEAwIBhjASBgNV
+HRMBAf8ECDAGAQH/AgECMB0GA1UdJQQWMBQGCCsGAQUFBwMDBggrBgEFBQcDCDAR
+BgNVHSAECjAIMAYGBFUdIAAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2NybC50
+cnVzdC1wcm92aWRlci5jb20vVVROLVVTRVJGaXJzdC1PYmplY3QuY3JsMDoGCCsG
+AQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AudHJ1c3QtcHJvdmlk
+ZXIuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQBYbPGDS5n2cyuZB6PYV87Ul/1qAoO+
+YLEX4xd0YXFlPHkptf5lGMTYHeLa39oO+aB113l6yw7N+TBSg+PaLh7lMjRlG3Pd
+DZ/5MVh6x2s5umEeoUZgkdRPvIHOUt3LgES8ihg3DARFDgj254fFDPuLApMkIllb
+WzD6vXa++7WYiUP+8VLWIFGCnNkqGT8Y+Ila+0Zx+6m/l5lBzTbaJ1UCE7rSUzjV
+5X7AwhsAqgw8saNsVv+6Yn6BHsqPiKCaXW9n6s4bjR9aXPnyH/9KUARYa3DX3Po6
+/KIRD4F2E48pERsqB2jPUIxHLXXlBFxK4QCaif3/PqvMrblWw6clW2Rc
+
+-----END CERTIFICATE-----

Windows/Certs/CodeSigning/MeituCom_201411.crt

+-----BEGIN CERTIFICATE-----
+MIIFHTCCBAWgAwIBAgIQd+eV0+QIQll1ve8mWjtqaDANBgkqhkiG9w0BAQsFADBK
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMSQwIgYDVQQDExtU
+aGF3dGUgQ29kZSBTaWduaW5nIENBIC0gRzIwHhcNMTQxMTIwMDAwMDAwWhcNMTcw
+MjE4MjM1OTU5WjCBmzELMAkGA1UEBhMCQ04xDzANBgNVBAgMBkZ1amlhbjEPMA0G
+A1UEBwwGWGlhbWVuMSowKAYDVQQKDCHljqbpl6jnvo7lm77nvZHnp5HmioDmnInp
+mZDlhazlj7gxEjAQBgNVBAsMCeS6p+WTgemDqDEqMCgGA1UEAwwh5Y6m6Zeo576O
+5Zu+572R56eR5oqA5pyJ6ZmQ5YWs5Y+4MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0A
+MIIBCAKCAQEA9N5Sk0o4NYQBIR0wOkKQH72/1D5Y0ixJzZBror/HcQXr3sqtGRhU
+CPcJM+Prms8P8D51lTnyglrsQ9cKfc4BVnVgr7v2bb2IoWKa3YfscT/18+UKcpfp
+qCmRoDp5o/gv89j85kZyId0QNpUCL8s9QOWzGFdJHR3AyKRKaSEavyw0aTNoc64u
+vD8UYh3xe7+V/lPgvWMPQVei1PYQB+wn2dxS+rGHzjBeJjknVGIEUBIk87BDVR0u
+8hRxPRZhmwKa/bF+0Y0ITc6Ww4xoO2aAxJbvMBz9ArswfcG7cORnOIHq6SLkPC6X
+NOF5Nr2qHDBXuhyc8eR3+BymQENx1PykFwIBA6OCAa0wggGpMAkGA1UdEwQCMAAw
+HwYDVR0jBBgwFoAU1A1lP3q9NMb+R+dMDcC98t4Vq3EwHQYDVR0OBBYEFAy577up
+AqP40qggs6wuPEw7nJ11MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly90aC5zeW1j
+Yi5jb20vdGguY3JsMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSUEGDAWBggrBgEFBQcD
+AwYKKwYBBAGCNwIBFjBzBgNVHSAEbDBqMGgGC2CGSAGG+EUBBzACMFkwJgYIKwYB
+BQUHAgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMC8GCCsGAQUFBwICMCMM
+IWh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9yeTAdBgNVHQQEFjAUMA4w
+DAYKKwYBBAGCNwIBFgMCB4AwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNo
+dHRwOi8vdGguc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vdGguc3ltY2Iu
+Y29tL3RoLmNydDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQADggEB
+AKYeUS0q1WvEy/yVm7fwjul/340/+1kmxI9jgfOptJ4O7PrYWsA6jx9vxZk9JzqS
+WCkBilkm51GFBCjkAILzXyizFYF5eoi9U3dqNf7ekECxI+L4H1AWkc7mcEO3yS7v
+tWs4bxgCFSov8BUpZcS74qu1//3ck2jnbVzoZwZ/uqGjDfQspkkhW3OaKHTsUDuq
+P0rcg2Gl/MuHjSnN33D80OxTssExxM1Y3qpdWxwvPMRs9ooaS4Ir250xLOcCycFt
+Gi8InbV4f9hszhaQrpMREVHWRYUA9VkTpnEx8ySkoY4nsQPTxI+IoS7NLQgm5CrY
+lAksmYYywLTZ0s0f/T2gSww=
+-----END CERTIFICATE-----

Windows/Certs/Online/Certification_Authority_Of_WoSign_Chinese_StartCom_2.crt

+-----BEGIN CERTIFICATE-----
+MIIGTTCCBDWgAwIBAgIHH86n9ql/6TANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
+EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp
+Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MjI0NjM2WhcNMTkxMjMxMjM1
+OTU5WjBGMQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQx
+GzAZBgNVBAMMEkNBIOayg+mAmuagueivgeS5pjCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBANBJIR4l/IfBKsKs23aGBk7n0HQ03O1lNfxQ1og/pPB/6w9f
+eS+Jsf28Y1g3k5s4+LdbqfrYcce0vICXjWxL8VDVKimqqBl6luaVjnTtlwpXdfQF
+220LObkBf6r21tps5gXgpE1S/NvQdLcRjHuNT/+Hg67/BQMTV1A3/oyWUhBMX7+U
+cWnZlj4MQ0++MMCfOXRPBkVdo9ZWOWgHzIdPUHeTcdlECLGKNOmJrNubTuHZ5FJF
+jC4UH5FrGR1oKSxWxOIeE1dk8GHjuRHfsOFXoBut11/Rr9srLT/QaI4P6p8PizVY
+GxMc9N41oQpd1urfEm/A+2kHRnLcgfYEIxfgTXXhcm+wKOub4eGDoZ9KXa/Mm/oC
+ILYYYneRO6PVZa3cfJB3HERBpEqL65Vy6fYJZNyoLZ90eOjBogljnO+g20+dlasg
+T7ew94dcpqDkNzjHXOM1Dyyto4Ci7C5dwM/tiwXC5nNu9onV9dJGjuptYxseisl9
+pvic6+XVY4VNc2ZpEf7IDvTBx2ZJU37kGWvx6XpZo21+xRfmJ8bvG9tv/A1NBgG0
+DlwwRlVgrzhlOspHuqwszEYfskaWP/PtJgXud6Fqa34tbVhcStSOZ7jx2tVGiif5
+EfLJQv5O3t8fXMSkhocWM6GnFxilDeQF5SvCKwuilZC5/WA8Tok+55zuH7sBAgMB
+AAGjggEHMIIBAzASBgNVHRMBAf8ECDAGAQH/AgECMA4GA1UdDwEB/wQEAwIBBjAd
+BgNVHQ4EFgQU4E2/3JtBXRPoZPCn6RWk4YHBujEwHwYDVR0jBBgwFoAUTgvvGqRA
+W6UXaYcwyjRoQ9BBrvIwaQYIKwYBBQUHAQEEXTBbMCcGCCsGAQUFBzABhhtodHRw
+Oi8vb2NzcC5zdGFydHNzbC5jb20vY2EwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEu
+c3RhcnRzc2wuY29tL2NlcnRzL2NhLmNydDAyBgNVHR8EKzApMCegJaAjhiFodHRw
+Oi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwDQYJKoZIhvcNAQELBQADggIB
+AI274T7wqbpK6IUpiNBGwjQCnLQYCkkOse9rVge7hwFTdK2gpoA1bNcBmrmEubOP
+jRBVHNhW+bXyJIc+UBs8RdjcgJMmGHSVhMPs2zvncMwx5b2FHvr4ajWwXcL3INlF
+vwJYifZgzi9FSe+Xg9KLqfQMSZNCpIop57BJ8F/hhnWcmjNvCtPod9jaV91SMy/R
+xN6FfVNV8V/TJNYlJYNjLF9xSHxgpLYu5WHPFzHzyFdPlDdtWZbgoTyXJ0zKwsMV
+w1zS6WDAGRWHgWlRRXPbmBSBPhXk5JfSBLX8M/uHJGl1t6frghUdSqw7EiOJn7T8
+JE7dIsi3zx462waTg7jKDLpzC34/PEvPYcF7X5pybb/TQVjjGzWZg61sQERjfN7B
+ePHm6SGg74pOkX4XVVuX8SnaH/Y+dTmaZfGJKDs50PU7PpF5qA2x1FaeIFuzklqt
+H4DHm6uaOsO5HOIWstKhtlH9xnb2l9vxF581/Tlxea6OUtHfk4J7GvGcowyADI8g
+7OOYkS8e9GQ2DBVqacq0VrnIFA0uAXGTL27Oh6VYFmZ61MjVEhXF5y4yHQ8KFpQK
+vFCV0S6lX0VqalP0cPBCUftf1L8qBqy5FMQDhlET6Lwh0FT1iTvz03xlQMRZBzyS
+EkE9+JcNYJ8zFJKmjFvuStRRmMJTdkorYuwFw2tQZLFs
+-----END CERTIFICATE-----

Windows/Certs/Online/Certification_Authority_Of_WoSign_StartCom_200609_2.crt

+-----BEGIN CERTIFICATE-----
+MIIGXDCCBESgAwIBAgIHGcKFMOk7NjANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
+EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp
+Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MjI0NjM2WhcNMTkxMjMxMjM1
+OTU5WjBVMQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQx
+KjAoBgNVBAMTIUNlcnRpZmljYXRpb24gQXV0aG9yaXR5IG9mIFdvU2lnbjCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL3Kjay4kRVWl3trXHrC3mvZobDD
+ECP6p6GyzDH6PtmmKW8WPeBr+LhAX9s5qAB6i6BNVH3CInj8jgm4qIXXzJWXS3TY
+nn7wAOQOia5JKEQaEJkyDyWIU6QNsw8SCBYLA3EnHH/h29L9Z2jEBV0KDl1w19iX
+oLxTQZqRjfSeNmZ6flbBkF/msWggNqSMJCwsRwtZdmYwtb7e7Y/4ndO7ATDm8vMO
+4CySgPOF+SiKtFQumu33dvwVaBbrSmzrLhKP1M/+DMdcHQt+BTK+XrAJKkLVyU6Q
+s1kNu3p+zdUIWrR/2BxpEfknD3sGr1SDGHvh3VR6UWhud/zGv1JKZkahsmcau6NP
+d6C+Xf/8VgtDcneQyp758jn1Dan06tfnsxAvMEI3IcwwcMmGmA/MWE2Du33lGqU3
+jbasMpcAOmNxJB6eN8T/dNQ3wOL+iEZgEd0IP1A2q7h6pJViam6wymohWmnz8/sd
+cDmV86dupoGJoYjFO3HKo1Lug7v9oHf05G/nQtttSpmKNEi8F9zkgAgitvIxwD8E
+PuufIHnWuAZkZAIx16nNUvuERWkJACrcVYvEBkZLwEodCVs5KP2pq84A+S5ISybm
+MEylWMq0RIJP55EeM8Owk/8R/IHSyh9xKd12T5Ilrx2Btw8vjMMGzC8no0rkDpm6
+fB5FH3+qGUWW/fw9AgMBAAGjggEHMIIBAzASBgNVHRMBAf8ECDAGAQH/AgECMA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU4WbPDtHxs0u3BiAU/ocS1fb++z4wHwYD
+VR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwaQYIKwYBBQUHAQEEXTBbMCcG
+CCsGAQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwMAYIKwYBBQUH
+MAKGJGh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL2NhLmNydDAyBgNVHR8E
+KzApMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwDQYJ
+KoZIhvcNAQELBQADggIBALZt+HD74g1MmLMHSRX1BMRsysr1aKAI/hJtnAQGya2a
+kVI+eMRc7p9UHe7j8V4wyUnhOeCmnTZsV/rmNE9V6IeoLN0F8VgSkejKzih4j98H
+hQGl3EWWBdSAsisFmsuapYvgOmfmc0e+Sv0nsYjv5srPjQ4mn/pfV3itbf6umzUI
+scO6wQBKS30Uvffx01UYrNAzcIhtxAlxFKYrT4iB5wsAN6kVfX7XAZY/L697Yq4K
+Sr9LOS41EIv+BDnkPDoMCVZAOrX0wmgMtflSze6d+Jj8eOdYR48cc1hpM6v/3d+O
+JAF3mBk6sGZ5vOEIow5PwQSz8wHI69NZHDXSkx5wZYJ/28/7yJkSYMNEbzqAS9e+
+IaoUemTL3TdDRVsyLkXw2VkfaxjwfOlVNhlhX7V98Y29iOR1S5jdJ7DkhEQqYYRX
+BYIRH6o1WPMgDq9Z7/pVcnINJtCbU0mszjcuZWH/9uwb6vbxptPRtXu+NfQiwbyN
+Ab1oXoMNL+zW2mMMJ9FUPuSo085LMriRlP/7W0ktdRiounGaO67ZwKlPh5Hti3tr
+IJiJOYNPgMRpzBfJyE6+5KmlgXZwBgQyzYNl9Lx9PhO80uhvY6q1O9qNhjKCeJ3Z
+zP+/V2R07Sg9RGIVYUv3lLANKmcc8MubpZK/+EFawT1g7Z+7uG2bzqlqFj9+6gbx
+-----END CERTIFICATE-----

Windows/RevokeChinaCerts_Online.bat

@@ -69,12 +69,18 @@ goto %UserChoice%
 ::  Certification Authority of WoSign 2(StartCom/2011-03-01)
 %CertMgr% -del -c -sha1 692790DA5189529CC5CE1E16E984277A03023E99 -s -r localMachine CA
 %CertMgr% -del -c -sha1 692790DA5189529CC5CE1E16E984277A03023E99 -s -r CurrentUser CA
-::  Certification Authority of WoSign(StartCom/2006-09-18)
+::  Certification Authority of WoSign 1(StartCom/2006-09-18)
 %CertMgr% -del -c -sha1 804E5FB7DE84F5F5B28347233EAF07846B6070D3 -s -r localMachine CA
 %CertMgr% -del -c -sha1 804E5FB7DE84F5F5B28347233EAF07846B6070D3 -s -r CurrentUser CA
-::  Certification Authority of WoSign(Chinese/StartCom) [v998]
+::  Certification Authority of WoSign 2(StartCom/2006-09-18) [v998]
+%CertMgr% -del -c -sha1 B0B68AE97CFE2AFACD0DC2010B9D70ACE593E8A6 -s -r localMachine CA
+%CertMgr% -del -c -sha1 B0B68AE97CFE2AFACD0DC2010B9D70ACE593E8A6 -s -r localMachine CA
+::  Certification Authority of WoSign 1(Chinese/StartCom) [v998]
 %CertMgr% -del -c -sha1 D8EFF6C28BB508E4702565F42748454A872BD412 -s -r localMachine CA
 %CertMgr% -del -c -sha1 D8EFF6C28BB508E4702565F42748454A872BD412 -s -r CurrentUser CA
+::  Certification Authority of WoSign 2(Chinese/StartCom) [v998]
+%CertMgr% -del -c -sha1 CE335662F0EA6764B95C7F50A995A514ACE8C815 -s -r localMachine CA
+%CertMgr% -del -c -sha1 CE335662F0EA6764B95C7F50A995A514ACE8C815 -s -r CurrentUser CA
 ::  Certification Authority of WoSign(USERTrust) [v998]
 %CertMgr% -del -c -sha1 56FAADDC596DCF78D585D83A35BC04B690D12736 -s -r localMachine CA
 %CertMgr% -del -c -sha1 56FAADDC596DCF78D585D83A35BC04B690D12736 -s -r CurrentUser CA
@@ -166,8 +172,10 @@ goto %UserChoice%
 %CertMgr% -add -c "%Folder%\CA_WoSign_ECC_Root.crt" -s Disallowed
 %CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_StartCom_201103_1.crt" -s Disallowed
 %CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_StartCom_201103_2.crt" -s Disallowed
-%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_StartCom_200609.crt" -s Disallowed
-%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_Chinese_StartCom.crt" -s Disallowed
+%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_StartCom_200609_1.crt" -s Disallowed
+%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_StartCom_200609_2.crt" -s Disallowed
+%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_Chinese_StartCom_1.crt" -s Disallowed
+%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_Chinese_StartCom_2.crt" -s Disallowed
 %CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_USERTrust.crt" -s Disallowed
 %CertMgr% -add -c "%Folder%\WoSign_Premium_Server_Authority_USERTrust.crt" -s Disallowed
 %CertMgr% -add -c "%Folder%\WoSign_Server_Authority_USERTrust.crt" -s Disallowed
@@ -407,10 +415,14 @@ goto EXIT
 %CertMgr% -del -c -sha1 868241C8B85AF79E2DAC79EDADB723E82A36AFC3 -s Disallowed
 ::  Certification Authority of WoSign 2(StartCom/2011-03-01)
 %CertMgr% -del -c -sha1 692790DA5189529CC5CE1E16E984277A03023E99 -s Disallowed
-::  Certification Authority of WoSign(StartCom/2006-09-18)
+::  Certification Authority of WoSign 1(StartCom/2006-09-18)
 %CertMgr% -del -c -sha1 804E5FB7DE84F5F5B28347233EAF07846B6070D3 -s Disallowed
-::  Certification Authority of WoSign(Chinese/StartCom) [v998]
+::  Certification Authority of WoSign 2(StartCom/2006-09-18) [v998]
+%CertMgr% -del -c -sha1 B0B68AE97CFE2AFACD0DC2010B9D70ACE593E8A6 -s Disallowed
+::  Certification Authority of WoSign 1(Chinese/StartCom) [v998]
 %CertMgr% -del -c -sha1 D8EFF6C28BB508E4702565F42748454A872BD412 -s Disallowed
+::  Certification Authority of WoSign 2(Chinese/StartCom) [v998]
+%CertMgr% -del -c -sha1 CE335662F0EA6764B95C7F50A995A514ACE8C815 -s Disallowed
 ::  Certification Authority of WoSign(USERTrust) [v998]
 %CertMgr% -del -c -sha1 56FAADDC596DCF78D585D83A35BC04B690D12736 -s Disallowed
 ::  WoSign Premium Server Authority(USERTrust)

Windows/RevokeChinaCerts_Organization.bat

@@ -13,7 +13,7 @@ set CertMgr="%cd%\Tools\CertMgr"
 if %PROCESSOR_ARCHITECTURE%%PROCESSOR_ARCHITEW6432% EQU x86 set CertMgr="%cd%\Tools\CertMgr_x86"
 set Folder=%cd%\Certs\Organization
 set /a SetForce = 0
-set SetForceAppender="%cd%\Tools\SoftCertPolicyAppender\SoftCertPolicyAppender"
+set SetForceAppender="%cd%\Tools\SoftCertPolicyAppender\Binary\SoftCertPolicyAppender"
 @echo RevokeChinaCerts Organization batch
 @echo.
 @echo Do you want to set force cetificates policy? [Y/N]
@@ -33,6 +33,7 @@ goto %UserChoice%
 
 :: All version
 :CASE_1
+if %SetForce% EQU 0 (
 ::  ABC
 %CertMgr% -add -c "%Folder%\ABC.crt" -s Disallowed
 ::  ABC TEST CA
@@ -93,137 +94,108 @@ goto %UserChoice%
 %CertMgr% -add -c "%Folder%\SZCA_200307.crt" -s Disallowed
 ::  TenpayCom Root CA
 %CertMgr% -add -c "%Folder%\TenpayCom_Root_CA.crt" -s Disallowed
+) else (
 :: Set force
-@echo.
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ABC.crt" "%Folder%\ABC_TEST_CA.crt" "%Folder%\ABC2048.crt" "%Folder%\AlibabaCom_Corporation_Root_CA.crt" "%Folder%\ALIPAY_ROOT.crt" "%Folder%\Alipay_Trust_NetWork.crt" "%Folder%\BOCOMCA.crt" "%Folder%\CCB_CA_ROOT_199906.crt" "%Folder%\CCB_CA_ROOT_200906.crt" "%Folder%\CFCA.crt" "%Folder%\CFCA_CS_CA.crt" "%Folder%\CFCA_CS_TEST_CA.crt" "%Folder%\CFCA_Operation_CA3.crt" "%Folder%\CFCA_RCA.crt" "%Folder%\CFCA_Root_CA.crt" "%Folder%\CFCA_RSA_RCA.crt" "%Folder%\China_Trust_Network_1.crt" "%Folder%\China_Trust_Network_2.crt" "%Folder%\China_Trust_Network_3.crt" "%Folder%\ICBC.crt" "%Folder%\ICBC_Root_CA.crt" "%Folder%\IcbcCA.crt" "%Folder%\iTruschina_CN_Root_CA_1.crt" "%Folder%\iTruschina_CN_Root_CA_2.crt" "%Folder%\iTruschina_CN_Root_CA_3.crt" "%Folder%\Personal_ICBC_CA.crt" "%Folder%\ROOTCA_OSCCA.crt" "%Folder%\SZCA.crt" "%Folder%\SZCA_200307.crt" "%Folder%\TenpayCom_Root_CA.crt")
+%SetForceAppender% --set-force "%Folder%\ABC.crt" "%Folder%\ABC_TEST_CA.crt" "%Folder%\ABC2048.crt" "%Folder%\AlibabaCom_Corporation_Root_CA.crt" "%Folder%\ALIPAY_ROOT.crt" "%Folder%\Alipay_Trust_NetWork.crt" "%Folder%\BOCOMCA.crt" "%Folder%\CCB_CA_ROOT_199906.crt" "%Folder%\CCB_CA_ROOT_200906.crt" "%Folder%\CFCA.crt" "%Folder%\CFCA_CS_CA.crt" "%Folder%\CFCA_CS_TEST_CA.crt" "%Folder%\CFCA_Operation_CA3.crt" "%Folder%\CFCA_RCA.crt" "%Folder%\CFCA_Root_CA.crt" "%Folder%\CFCA_RSA_RCA.crt" "%Folder%\China_Trust_Network_1.crt" "%Folder%\China_Trust_Network_2.crt" "%Folder%\China_Trust_Network_3.crt" "%Folder%\ICBC.crt" "%Folder%\ICBC_Root_CA.crt" "%Folder%\IcbcCA.crt" "%Folder%\iTruschina_CN_Root_CA_1.crt" "%Folder%\iTruschina_CN_Root_CA_2.crt" "%Folder%\iTruschina_CN_Root_CA_3.crt" "%Folder%\Personal_ICBC_CA.crt" "%Folder%\ROOTCA_OSCCA.crt" "%Folder%\SZCA.crt" "%Folder%\SZCA_200307.crt" "%Folder%\TenpayCom_Root_CA.crt")
 goto EXIT
 
 
 :: Choice version
 :CASE_2
 set /p UserChoice="Revoke ABC? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ABC.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ABC.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ABC.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\ABC.crt"))
 @echo.
 set /p UserChoice="Revoke ABC TEST CA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ABC_TEST_CA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force %Folder%\ABC_TEST_CA.crt""))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ABC_TEST_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force %Folder%\ABC_TEST_CA.crt""))
 @echo.
 set /p UserChoice="Revoke ABC2048? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ABC2048.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force %Folder%\ABC2048.crt""))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ABC2048.crt" -s Disallowed) else (%SetForceAppender% --set-force %Folder%\ABC2048.crt""))
 @echo.
 set /p UserChoice="Revoke Alibaba.com Corporation Root CA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\AlibabaCom_Corporation_Root_CA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\AlibabaCom_Corporation_Root_CA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\AlibabaCom_Corporation_Root_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\AlibabaCom_Corporation_Root_CA.crt"))
 @echo.
 set /p UserChoice="Revoke ALIPAY_ROOT? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ALIPAY_ROOT.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ALIPAY_ROOT.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ALIPAY_ROOT.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\ALIPAY_ROOT.crt"))
 @echo.
 set /p UserChoice="Revoke Alipay Trust NetWork? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Alipay_Trust_NetWork.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Alipay_Trust_NetWork.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Alipay_Trust_NetWork.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Alipay_Trust_NetWork.crt"))
 @echo.
 set /p UserChoice="Revoke BOCOMCA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\BOCOMCA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\BOCOMCA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\BOCOMCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\BOCOMCA.crt"))
 @echo.
 set /p UserChoice="Revoke CCB CA ROOT(1999-06-29)? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CCB_CA_ROOT_199906.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CCB_CA_ROOT_199906.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CCB_CA_ROOT_199906.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CCB_CA_ROOT_199906.crt"))
 @echo.
 set /p UserChoice="Revoke CCB CA ROOT(2009-06-01)? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CCB_CA_ROOT_200906.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CCB_CA_ROOT_200906.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CCB_CA_ROOT_200906.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CCB_CA_ROOT_200906.crt"))
 @echo.
 set /p UserChoice="Revoke CFCA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA.crt"))
 @echo.
 set /p UserChoice="Revoke CFCA CS CA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_CS_CA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_CS_CA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_CS_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_CS_CA.crt"))
 @echo.
 set /p UserChoice="Revoke CFCA CS TEST CA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_CS_TEST_CA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_CS_TEST_CA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_CS_TEST_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_CS_TEST_CA.crt"))
 @echo.
 set /p UserChoice="Revoke CFCA Operation CA3? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_Operation_CA3.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_Operation_CA3.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_Operation_CA3.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_Operation_CA3.crt"))
 @echo.
 set /p UserChoice="Revoke CFCA RCA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_RCA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_RCA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_RCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_RCA.crt"))
 @echo.
 set /p UserChoice="Revoke CFCA Root CA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_Root_CA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_Root_CA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_Root_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_Root_CA.crt"))
 @echo.
 set /p UserChoice="Revoke CFCA RSA RCA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_RSA_RCA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_RSA_RCA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_RSA_RCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_RSA_RCA.crt"))
 @echo.
 set /p UserChoice="Revoke China Trust Network(1)? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\China_Trust_Network_1.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_1.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\China_Trust_Network_1.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_1.crt"))
 @echo.
 set /p UserChoice="Revoke China Trust Network(2)? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\China_Trust_Network_2.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_2.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\China_Trust_Network_2.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_2.crt"))
 @echo.
 set /p UserChoice="Revoke China Trust Network(3)? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\China_Trust_Network_3.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_3.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\China_Trust_Network_3.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_3.crt"))
 @echo.
 set /p UserChoice="Revoke ICBC? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ICBC.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ICBC.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ICBC.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\ICBC.crt"))
 @echo.
 set /p UserChoice="Revoke ICBC Root CA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ICBC_Root_CA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ICBC_Root_CA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ICBC_Root_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\ICBC_Root_CA.crt"))
 @echo.
 set /p UserChoice="Revoke IcbcCA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\IcbcCA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\IcbcCA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\IcbcCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\IcbcCA.crt"))
 @echo.
 set /p UserChoice="Revoke iTruschina CN Root CA(1)? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_1.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_1.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_1.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_1.crt"))
 @echo.
 set /p UserChoice="Revoke iTruschina CN Root CA(2)? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_2.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_2.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_2.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_2.crt"))
 @echo.
 set /p UserChoice="Revoke iTruschina CN Root CA(3)? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_3.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_3.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_3.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_3.crt"))
 @echo.
 set /p UserChoice="Revoke Personal ICBC CA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Personal_ICBC_CA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Personal_ICBC_CA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Personal_ICBC_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Personal_ICBC_CA.crt"))
 @echo.
 set /p UserChoice="Revoke ROOTCA OSCCA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ROOTCA_OSCCA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ROOTCA_OSCCA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ROOTCA_OSCCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\ROOTCA_OSCCA.crt"))
 @echo.
 set /p UserChoice="Revoke SZCA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\SZCA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\SZCA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\SZCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\SZCA.crt"))
 @echo.
 set /p UserChoice="Revoke SZCA(20030722)? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\SZCA_200307.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\SZCA_200307.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\SZCA_200307.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\SZCA_200307.crt"))
 @echo.
 set /p UserChoice="Revoke TenpayCom Root CA? [Y/N]"
-if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\TenpayCom_Root_CA.crt" -s Disallowed
-if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\TenpayCom_Root_CA.crt"))
+if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\TenpayCom_Root_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\TenpayCom_Root_CA.crt"))
 goto EXIT
 
 
 :: Restore certificates
+:CASE_3
 ::  ABC
 %CertMgr% -del -c -sha1 78D0CDF5752D1E5B58A674644CFE3499BF02F9EF -s Disallowed
 ::  ABC TEST CA