Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refresh all test certificates and fix incorrect handling of x509 intermediary certs in sectestdatga #424

Merged
merged 2 commits into from
Oct 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
test:
strategy:
matrix:
go-version: [1.19.x, 1.22.x]
go-version: [1.22.x]
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/macos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
test:
strategy:
matrix:
go-version: [1.18.x, 1.22.x]
go-version: [1.22.x]
# add macos-12 when runners are available on github.
os: [macos-11]
runs-on: ${{ matrix.os }}
Expand Down
4 changes: 2 additions & 2 deletions v23/security/x509_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@ func TestX509Errors(t *testing.T) {

names, rejected = security.RemoteBlessingNames(ctx, call)
validate("x509: certificate signed by unknown authority",
"x509: “(STAGING) Pretend Pear X1” certificate is not trusted")
"certificate is not trusted")

// No custom options.
client = newPrincipalWithX509Opts(ctx, t, clientKey, x509.VerifyOptions{})
Expand All @@ -325,7 +325,7 @@ func TestX509Errors(t *testing.T) {
names, rejected = security.RemoteBlessingNames(ctx, call)
validate("x509: certificate has expired or is not yet valid",
"x509: certificate signed by unknown authority",
`x509: “(STAGING) Pretend Pear X1” certificate is not trusted`,
`certificate is not trusted`,
`x509: “www.labdrive.io” certificate is not trusted`,
)

Expand Down
4 changes: 2 additions & 2 deletions x/ref/cmd/principal/internal/scripting/scripting_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -159,8 +159,8 @@ func TestExistingKeys(t *testing.T) {
}{
{
sectestdata.X509PrivateKeyBytes(keys.ED25519, sectestdata.X509Private),
"95:ba:85:d9:7d:bc:27:36:99:d7:cb:ce:eb:d9:49:34",
// generated using: openssl pkey -in ../../test/sectestdata/testdata/ed25519.vanadium.io.key -pubout -outform der | openssl md5 -c
"f4:00:25:2d:6f:d8:4d:2a:e5:43:aa:52:cf:7c:5c:42",
// generated using: openssl pkey -in ../../../../test/sectestdata/testdata/ed25519.vanadium.io.key -pubout -outform der | openssl md5 -c
},
{
sectestdata.SSHPrivateKeyBytes(keys.ECDSA256, sectestdata.SSHKeyPrivate),
Expand Down
2 changes: 1 addition & 1 deletion x/ref/lib/security/blessingroots_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ func TestBlessingRootsX509(t *testing.T) {
"x509: certificate signed by unknown authority",
"x509: certificate has expired or is not yet valid",
"x509: “www.labdrive.io” certificate is not trusted",
"x509: “(STAGING) Pretend Pear X1” certificate is not trusted") {
"certificate is not trusted") {
t.Errorf("%v: %v: %v: missing or wrong error: %v", i, tc.certType, tc.pattern, err)
}
}
Expand Down
2 changes: 1 addition & 1 deletion x/ref/lib/security/keys/x509keys/x509keys_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ func TestLetsEncryptKeys(t *testing.T) {

for _, certname := range []string{
"www.labdrive.io.letsencrypt",
"letsencrypt-stg-int-e1.pem",
sectestdata.LetsEncryptStagingRootECDSA,
} {
filename := filepath.Join(letsencryptDir, certname)
data, err := os.ReadFile(filename)
Expand Down
42 changes: 23 additions & 19 deletions x/ref/test/sectestdata/letsencrypt.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,34 +13,34 @@ import (
)

const (
letsEncryptStagingE1 = "letsencrypt-stg-int-e1.pem"
letsEncryptStagingR3 = "letsencrypt-stg-int-r3.pem"
LetsEncryptStagingRootRSA = "letsencrypt-stg-root-x1.pem"
LetsEncryptStagingRootECDSA = "letsencrypt-stg-root-x2.pem"
)

//go:embed testdata/letsencrypt-stg-int-e1.pem testdata/www.labdrive.io.letsencrypt testdata/www.labdrive.io.letsencrypt.key testdata/www.labdrive.io.letsencrypt.fingerprint testdata/letsencrypt-stg-int-e1.pem.fingerprint
//go:embed testdata/letsencrypt-stg-root-x1.pem testdata/letsencrypt-stg-root-x2.pem testdata/www.labdrive.io.letsencrypt testdata/www.labdrive.io.letsencrypt.key testdata/www.labdrive.io.letsencrypt.fingerprint testdata/letsencrypt-stg-root-x1.pem.fingerprint testdata/letsencrypt-stg-root-x2.pem.fingerprint
var letsEncryptSingleHostFS embed.FS

//go:embed testdata/letsencrypt-stg-int-e1.pem testdata/abc.labdrive.io.letsencrypt testdata/abc.labdrive.io.letsencrypt.key testdata/abc.labdrive.io.letsencrypt.fingerprint testdata/letsencrypt-stg-int-e1.pem.fingerprint
//go:embed testdata/letsencrypt-stg-root-x1.pem testdata/letsencrypt-stg-root-x2.pem testdata/abc.labdrive.io.letsencrypt testdata/abc.labdrive.io.letsencrypt.key testdata/abc.labdrive.io.letsencrypt.fingerprint testdata/letsencrypt-stg-root-x1.pem.fingerprint testdata/letsencrypt-stg-root-x2.pem.fingerprint
var letsEncryptMultiHostFS embed.FS

//go:embed testdata/letsencrypt-stg-int-r3.pem testdata/star.labdrive.io.letsencrypt testdata/star.labdrive.io.letsencrypt.key testdata/star.labdrive.io.letsencrypt.fingerprint testdata/letsencrypt-stg-int-r3.pem.fingerprint
//go:embed testdata/letsencrypt-stg-root-x1.pem testdata/letsencrypt-stg-root-x2.pem testdata/star.labdrive.io.letsencrypt testdata/star.labdrive.io.letsencrypt.key testdata/star.labdrive.io.letsencrypt.fingerprint testdata/letsencrypt-stg-root-x1.pem.fingerprint testdata/letsencrypt-stg-root-x2.pem.fingerprint
var letsEncryptWildcardFS embed.FS

//go:embed testdata/letsencrypt-stg-int-r3.pem testdata/ab-star.labdrive.io.letsencrypt testdata/ab-star.labdrive.io.letsencrypt.key testdata/ab-star.labdrive.io.letsencrypt.fingerprint testdata/letsencrypt-stg-int-r3.pem.fingerprint
//go:embed testdata/letsencrypt-stg-root-x1.pem testdata/letsencrypt-stg-root-x2.pem testdata/ab-star.labdrive.io.letsencrypt testdata/ab-star.labdrive.io.letsencrypt.key testdata/ab-star.labdrive.io.letsencrypt.fingerprint testdata/letsencrypt-stg-root-x1.pem.fingerprint testdata/letsencrypt-stg-root-x2.pem.fingerprint
var letsEncryptMultipleWildcardFS embed.FS

// CertType specifies the type of cert to be used.
type CertType int

// Supported cert types are below.
const (
// SingleHostCert refers to a cert and key for www.labdrive.io
// SingleHostCert refers to a cert and key for www.labdrive.io (ECDSA)
SingleHostCert CertType = iota
// MultipleHostsCert refers to a cert and key for {a,b,c}.labdrive.io
// MultipleHostsCert refers to a cert and key for {a,b,c}.labdrive.io (ECDSA)
MultipleHostsCert
// WildcardCert refers to a cert and key for *.labdrive.io
// WildcardCert refers to a cert and key for *.labdrive.io (RSA)
WildcardCert
// Cert with multiple wildcard domains for *.labdrive.io and *.labdr.io
// Cert with multiple wildcard domains for *.labdrive.io and *.labdr.io (RSA)
MultipleWildcardCert
)

Expand All @@ -64,39 +64,43 @@ func (c CertType) String() string {
func LetsEncryptData(certType CertType) (crypto.PrivateKey, []*x509.Certificate, x509.VerifyOptions) {
switch certType {
case SingleHostCert:
return letsEncryptData(letsEncryptSingleHostFS, "www.labdrive.io.letsencrypt.key", "www.labdrive.io.letsencrypt", letsEncryptStagingE1)
return letsEncryptData(letsEncryptSingleHostFS, "www.labdrive.io.letsencrypt.key", "www.labdrive.io.letsencrypt")
case MultipleHostsCert:
return letsEncryptData(letsEncryptMultiHostFS, "abc.labdrive.io.letsencrypt.key", "abc.labdrive.io.letsencrypt", letsEncryptStagingE1)
return letsEncryptData(letsEncryptMultiHostFS, "abc.labdrive.io.letsencrypt.key", "abc.labdrive.io.letsencrypt")
case WildcardCert:
return letsEncryptData(letsEncryptWildcardFS, "star.labdrive.io.letsencrypt.key", "star.labdrive.io.letsencrypt", letsEncryptStagingR3)
return letsEncryptData(letsEncryptWildcardFS, "star.labdrive.io.letsencrypt.key", "star.labdrive.io.letsencrypt")
case MultipleWildcardCert:
return letsEncryptData(letsEncryptMultipleWildcardFS, "ab-star.labdrive.io.letsencrypt.key", "ab-star.labdrive.io.letsencrypt", letsEncryptStagingR3)
return letsEncryptData(letsEncryptMultipleWildcardFS, "ab-star.labdrive.io.letsencrypt.key", "ab-star.labdrive.io.letsencrypt")
default:
panic(fmt.Sprintf("unsupported cert type: %v", certType))
}
}

func loadCertSet(keyBytes, certByes, caBytes []byte) (crypto.PrivateKey, []*x509.Certificate, x509.VerifyOptions) {
func loadCertSet(keyBytes, certByes []byte, roots [][]byte) (crypto.PrivateKey, []*x509.Certificate, x509.VerifyOptions) {
key, err := loadPrivateKey(keyBytes)
if err != nil {
panic(err)
}
certs, err := loadCerts(certByes)
certs, pemBytes, err := loadCerts(certByes)
if err != nil {
panic(err)
}
opts, err := loadCA(certs[0], caBytes)
opts, err := loadCA(certs[0], pemBytes, roots)
if err != nil {
panic(err)
}
return key, certs, opts
}

func letsEncryptData(fs embed.FS, key, cert, ca string) (crypto.PrivateKey, []*x509.Certificate, x509.VerifyOptions) {
func letsEncryptData(fs embed.FS, key, cert string) (crypto.PrivateKey, []*x509.Certificate, x509.VerifyOptions) {
roots := [][]byte{
mustBytesFromFS(fs, "testdata", LetsEncryptStagingRootRSA),
mustBytesFromFS(fs, "testdata", LetsEncryptStagingRootECDSA),
}
return loadCertSet(
mustBytesFromFS(fs, "testdata", key),
mustBytesFromFS(fs, "testdata", cert),
mustBytesFromFS(fs, "testdata", ca),
roots,
)
}

Expand Down
14 changes: 8 additions & 6 deletions x/ref/test/sectestdata/ssl.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,25 +36,27 @@ const (
func VanadiumSSLData() (map[string]crypto.PrivateKey, map[string]*x509.Certificate, x509.VerifyOptions) {
keys := map[string]crypto.PrivateKey{}
certs := map[string]*x509.Certificate{}
var intermediates [][]byte
for _, typ := range SupportedKeyAlgos {
host := typ.String()
k, err := loadPrivateKey(fileContents(vanadiumSSLKeys, host+".vanadium.io.key"))
if err != nil {
panic(err)
}
c, err := loadCerts(fileContents(vanadiumSSLCerts, host+".vanadium.io.crt"))
c, intermediate, err := loadCerts(fileContents(vanadiumSSLCerts, host+".vanadium.io.crt"))
if err != nil {
panic(err)
}
keys[host] = k
certs[host] = c[0]
intermediates = append(intermediates, intermediate...)
}
var cert *x509.Certificate
for _, c := range certs {
cert = c
break
}
opts, err := loadCA(cert, vanadiumSSLCA)
opts, err := loadCA(cert, intermediates, [][]byte{vanadiumSSLCA})
if err != nil {
panic(err)
}
Expand All @@ -63,27 +65,27 @@ func VanadiumSSLData() (map[string]crypto.PrivateKey, map[string]*x509.Certifica

func X509VerifyOptions(typ keys.CryptoAlgo) x509.VerifyOptions {
host := typ.String()
cert, err := loadCerts(fileContents(vanadiumSSLCerts, host+".vanadium.io.crt"))
cert, intermediates, err := loadCerts(fileContents(vanadiumSSLCerts, host+".vanadium.io.crt"))
if err != nil {
panic(err)
}
opts, err := loadCA(cert[0], vanadiumSSLCA)
opts, err := loadCA(cert[0], intermediates, [][]byte{vanadiumSSLCA})
if err != nil {
panic(err)
}
return opts
}

func X509Certificate(typ keys.CryptoAlgo) *x509.Certificate {
cert, err := loadCerts(fileContents(vanadiumSSLCerts, typ.String()+".vanadium.io.crt"))
cert, _, err := loadCerts(fileContents(vanadiumSSLCerts, typ.String()+".vanadium.io.crt"))
if err != nil {
panic(err)
}
return cert[0]
}

func X509PublicKey(typ keys.CryptoAlgo) crypto.PublicKey {
cert, err := loadCerts(fileContents(vanadiumSSLCerts, typ.String()+".vanadium.io.crt"))
cert, _, err := loadCerts(fileContents(vanadiumSSLCerts, typ.String()+".vanadium.io.crt"))
if err != nil {
panic(err)
}
Expand Down
114 changes: 57 additions & 57 deletions x/ref/test/sectestdata/testdata/ab-star.labdrive.io.letsencrypt
Original file line number Diff line number Diff line change
@@ -1,61 +1,61 @@
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISK4tDCLyGrmZDyx7pFsm1m0ctMA0GCSqGSIb3DQEBCwUA
MFkxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExcoU1RBR0lORykgTGV0J3MgRW5jcnlw
dDEoMCYGA1UEAxMfKFNUQUdJTkcpIEFydGlmaWNpYWwgQXByaWNvdCBSMzAeFw0y
NDAzMjEwMDM0MzhaFw0yNDA2MTkwMDM0MzdaMBUxEzARBgNVBAMMCioubGFiZHIu
aW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJscS18UNeVsZGP/OE
kNN0q/6LVVFs3EiG2SHPm6UTJmvHwR/KW1T6KTrMOd8VilMZ5mwJEx81MuBIrjyE
ecfIOW3FU6t02embguXdZkBqokfXtH5OukKmCNXFIZr/alrEy9HSAr2A6KJnJARy
jkFMtqzD+DVTiGUVDalo2UjQNeCxiNxHxw2B9f2kr/q2W8yyrE1mBRLJHW59SEeJ
58XESX+hhE/pK/b/LCoesCOyfGlLt38jj/endta3pkx2RhKvFD9TQsL+f1f2D2NM
JumsNlmU1nrti2JklTYrlpZrjDXWuQLQO1v7T7w8rJQkl9EOs5UURea+P5ghjbAy
BEp7AgMBAAGjggIrMIICJzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJ+MxSFfnYlB
ekZ6mUzIRvCGHqe6MB8GA1UdIwQYMBaAFN5yekjfMcOmUN+fhSPfVzdLXS5lMF0G
CCsGAQUFBwEBBFEwTzAlBggrBgEFBQcwAYYZaHR0cDovL3N0Zy1yMy5vLmxlbmNy
Lm9yZzAmBggrBgEFBQcwAoYaaHR0cDovL3N0Zy1yMy5pLmxlbmNyLm9yZy8wJAYD
VR0RBB0wG4IKKi5sYWJkci5pb4INKi5sYWJkcml2ZS5pbzATBgNVHSAEDDAKMAgG
BmeBDAECATCCAQwGCisGAQQB1nkCBAIEgf0EgfoA+AB3AIUbro7uM8G5hz/EnHp8
J2VmO2uAYwMECuymwRGlq+nXAAABjl6lWcIAAAQDAEgwRgIhANEyOdY8DnWEh59w
MNSK4H1bsd/SwLjWi2zjykXVo7qzAiEAlxztvbFBbrh6MpsW6+pda6G+2+Iv3iFK
QqNB2r1ikcAAfQDtMMiT+i92YhDL3PIHGM9+RFadSi3Z64i16N7awTUDmQAAAY5e
pVyFAAgAAAUAEQnkKAQDAEYwRAIgafbzyVxjmCAj4lZStYT713aZHi/GzdKlepJO
kEY9gDYCICoaQht0wvk3BBMujqHoDlh2L1I3TA0FICUTsQCbKLgDMA0GCSqGSIb3
DQEBCwUAA4IBAQCcCjoOigX9As4Y0+pQcNYSCibB07422HmWWKwsN2qH73QLOSYU
A1ZIgfQow9L2YIaTQoVS754VQHNERLCO6gIaGw0RxlwqwjTFZTlhJeIWf3/3yQNg
Hbev5afoyocaXkEvv4Dfe8jepHkgbWNceNgVeWyAeJq5pztqtnWoiNz/K52q96cg
LclIdLeijy+/r6F00LdlJuJN/3tGIIJVGQxbNyCPu1+IpYJskYQ9qkDx9ol4Icno
pxG+NYXUwavYIV4Iop9vji2vitREPlLsI913T8i1M1uNdMIx7V0Rhmmkp7kqK6br
9zQkCOS0aa1P93xzY/Ib1p1X4o+SQL+YA4q8
MIIFKTCCBBGgAwIBAgISK42EMd4uHQzLN+397r4qFhsfMA0GCSqGSIb3DQEBCwUA
MFoxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExcoU1RBR0lORykgTGV0J3MgRW5jcnlw
dDEpMCcGA1UEAxMgKFNUQUdJTkcpIFdhbm5hYmUgV2F0ZXJjcmVzcyBSMTEwHhcN
MjQxMDA3MjAyMzM2WhcNMjUwMTA1MjAyMzM1WjAVMRMwEQYDVQQDDAoqLmxhYmRy
LmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12pq5BaOL3sORhDc
1AbC64f6v1uhRw7j1qH0NvLc2iYgXzgolj2Kg+6oXQzLGlNt2xxidwGC59dbi7uX
jcknrUwIH5HvWdFiEiwUbi7Y7R1SECez1OlN7Lw3m/aD9CCFeMQUq78BHVvRZtsD
4UCbHUgXZw7Ru1yva7K/clpSk4IzESDnxLUv75EcdFvuRRlRu4RDv8DhfFPSR8Gy
Uf2lnsoGEm/DtI2vyBCeJMJMu5t2TUaJcEqfkMeM9xkVJp302lWy/+vmcjs/hERe
CpGUzV+Yaj4AHCl3+Rci93Br5S6ClwwW3PQrEEbDh/y68g4DE8qGL7qHHua+iQPP
4lq+9wIDAQABo4ICLDCCAigwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQcxFXxmHK2
L8uqgOE+FzqKoOXpejAfBgNVHSMEGDAWgBQTy9f2rp38aUJk1lx8I8yF+UfHtjBf
BggrBgEFBQcBAQRTMFEwJgYIKwYBBQUHMAGGGmh0dHA6Ly9zdGctcjExLm8ubGVu
Y3Iub3JnMCcGCCsGAQUFBzAChhtodHRwOi8vc3RnLXIxMS5pLmxlbmNyLm9yZy8w
JAYDVR0RBB0wG4IKKi5sYWJkci5pb4INKi5sYWJkcml2ZS5pbzATBgNVHSAEDDAK
MAgGBmeBDAECATCCAQsGCisGAQQB1nkCBAIEgfwEgfkA9wB1ALDMg+Wl+X1rr3wJ
zChJBIcqx+iLEyxjULfG/SbhbGx3AAABkmjcYskAAAQDAEYwRAIgHsJpiVvA8qvT
26dxetby1OgahuZwJ+lQ8OB+UYnO3nQCIBc4X4D5PT+HwZv0XY7vgqpwl4R5TWGE
M5U1Yn61w6upAH4ACcqE9Qr4S0I/k8n/aw7Zb50vFLK8N6VTDklIYnKaIrUAAAGS
aNxsywAIAAAFAAL5B5kEAwBHMEUCIQDaZx+liOWYqse1jQDzo3Wnn0ebT2C4gtbF
Rug8xhZ9kAIgZgPaWBpnbzhgTK0jbJcH4fpriA5NpPQHHvQcufApezMwDQYJKoZI
hvcNAQELBQADggEBAHOelhuoGzbzSs3HP5liyPxzRp6LGF7ylDaLRr1oGi2SYgFo
S/GwR9LE3ArYyaz2/6YEcoG7Hq4gECdHwrNwyTmnyCdIwRBJfrdMG7cZS+BfxHLt
HlJwJ3c3z/sFRAe7qux4HaLs8lfpl7FKyReyjFxNfkB5E7YBW7bPExkUs1Rp88jl
anTby7QGaOo+F6gE18KBtFTru3GQIQSwznKjVk7osuDryGuj5DmM9PrtRi9K3HvO
tZPqvXAHeX83RjlrVAO0mLc1tUugHFhB4fbAcIHGLfZGQe88KoYi256GEhTymRxy
iqIaoA1nsKcvyte7Otp6Mv3+j9ioUtIbBSMy5Tw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFWzCCA0OgAwIBAgIQTfQrldHumzpMLrM7jRBd1jANBgkqhkiG9w0BAQsFADBm
MQswCQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3Vy
aXR5IFJlc2VhcmNoIEdyb3VwMSIwIAYDVQQDExkoU1RBR0lORykgUHJldGVuZCBQ
ZWFyIFgxMB4XDTIwMDkwNDAwMDAwMFoXDTI1MDkxNTE2MDAwMFowWTELMAkGA1UE
BhMCVVMxIDAeBgNVBAoTFyhTVEFHSU5HKSBMZXQncyBFbmNyeXB0MSgwJgYDVQQD
Ex8oU1RBR0lORykgQXJ0aWZpY2lhbCBBcHJpY290IFIzMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAu6TR8+74b46mOE1FUwBrvxzEYLck3iasmKrcQkb+
gy/z9Jy7QNIAl0B9pVKp4YU76JwxF5DOZZhi7vK7SbCkK6FbHlyU5BiDYIxbbfvO
L/jVGqdsSjNaJQTg3C3XrJja/HA4WCFEMVoT2wDZm8ABC1N+IQe7Q6FEqc8NwmTS
nmmRQm4TQvr06DP+zgFK/MNubxWWDSbSKKTH5im5j2fZfg+j/tM1bGaczFWw8/lS
nukyn5J2L+NJYnclzkXoh9nMFnyPmVbfyDPOc4Y25aTzVoeBKXa/cZ5MM+WddjdL
biWvm19f1sYn1aRaAIrkppv7kkn83vcth8XCG39qC2ZvaQIDAQABo4IBEDCCAQww
DgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAS
BgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTecnpI3zHDplDfn4Uj31c3S10u
ZTAfBgNVHSMEGDAWgBS182Xy/rAKkh/7PH3zRKCsYyXDFDA2BggrBgEFBQcBAQQq
MCgwJgYIKwYBBQUHMAKGGmh0dHA6Ly9zdGcteDEuaS5sZW5jci5vcmcvMCsGA1Ud
HwQkMCIwIKAeoByGGmh0dHA6Ly9zdGcteDEuYy5sZW5jci5vcmcvMCIGA1UdIAQb
MBkwCAYGZ4EMAQIBMA0GCysGAQQBgt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCN
DLam9yN0EFxxn/3p+ruWO6n/9goCAM5PT6cC6fkjMs4uas6UGXJjr5j7PoTQf3C1
vuxiIGRJC6qxV7yc6U0X+w0Mj85sHI5DnQVWN5+D1er7mp13JJA0xbAbHa3Rlczn
y2Q82XKui8WHuWra0gb2KLpfboYj1Ghgkhr3gau83pC/WQ8HfkwcvSwhIYqTqxoZ
Uq8HIf3M82qS9aKOZE0CEmSyR1zZqQxJUT7emOUapkUN9poJ9zGc+FgRZvdro0XB
yphWXDaqMYph0DxW/10ig5j4xmmNDjCRmqIKsKoWA52wBTKKXK1na2ty/lW5dhtA
xkz5rVZFd4sgS4J0O+zm6d5GRkWsNJ4knotGXl8vtS3X40KXeb3A5+/3p0qaD215
Xq8oSNORfB2oI1kQuyEAJ5xvPTdfwRlyRG3lFYodrRg6poUBD/8fNTXMtzydpRgy
zUQZh/18F6B/iW6cbiRN9r2Hkh05Om+q0/6w0DdZe+8YrNpfhSObr/1eVZbKGMIY
qKmyZbBNu5ysENIK5MPc14mUeKmFjpN840VR5zunoU52lqpLDua/qIM8idk86xGW
xx2ml43DO/Ya/tVZVok0mO0TUjzJIfPqyvr455IsIut4RlCR9Iq0EDTve2/ZwCuG
hSjpTUFGSiQrR2JK2Evp+o6AETUkBCO1aw0PpQBPDQ==
MIIFTTCCAzWgAwIBAgIRAOOuDiVgQFyATegPOxfOa5IwDQYJKoZIhvcNAQELBQAw
ZjELMAkGA1UEBhMCVVMxMzAxBgNVBAoTKihTVEFHSU5HKSBJbnRlcm5ldCBTZWN1
cml0eSBSZXNlYXJjaCBHcm91cDEiMCAGA1UEAxMZKFNUQUdJTkcpIFByZXRlbmQg
UGVhciBYMTAeFw0yNDAzMTMwMDAwMDBaFw0yNzAzMTIyMzU5NTlaMFoxCzAJBgNV
BAYTAlVTMSAwHgYDVQQKExcoU1RBR0lORykgTGV0J3MgRW5jcnlwdDEpMCcGA1UE
AxMgKFNUQUdJTkcpIFdhbm5hYmUgV2F0ZXJjcmVzcyBSMTEwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCVYHwe2gxMv9Jh/d1BgocW3am5E/iBOrLkyENg
RqLmVl6vNRXgoKpPjtP40Mv17Z2LlYhRsneaK9gdSNmNTxJlY8viqs9dk4XwKJxD
Pfl/vJBW4M/nJzFwS30qu7VF8jSfyF82Q7KkLl5NxJ39Y5yvQFzHjL3YCO8coMG5
v72DDgWzc+9wk2ncoXiB3/3mVg4RtD1w1xPpdjtSh5keB7jqgnD2/I75OLBzamy6
NL9nguaEc8cX8CdnpoCCQI8/Fz9qhPtJjP+O/RHCugWVkSptuCRra8tcnJTGHRiN
r/GyYsHZZ4jZ76hbJjxapwf24E8RAVzuMRsw/nS6/hUJ8lqPAgMBAAGjggEAMIH9
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUE8vX9q6d/GlCZNZcfCPMhflH
x7YwHwYDVR0jBBgwFoAUtfNl8v6wCpIf+zx980SgrGMlwxQwNgYIKwYBBQUHAQEE
KjAoMCYGCCsGAQUFBzAChhpodHRwOi8vc3RnLXgxLmkubGVuY3Iub3JnLzATBgNV
HSAEDDAKMAgGBmeBDAECATArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3RnLXgx
LmMubGVuY3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAeD9pt5sWtXEQyF94RMzo
lF+uip+ODYaNxPEJG/93xtxPc6QC0bsC9QIgv6dBk+s1LUf5ulIlJZQ1UlkLgTH4
HzHi37O4ivcbSHpILcgD0hKnftv0E8o9SNAaIcO7DKNmbeWQ6cPlfOlRtpcIXYoc
95wY9AipN0/ken5KxDxdxTSKuWS7Ae+ZWh7hmLdfDc5C85o2omLvM/6Ovmp0xUSP
U/xFR1fk0kRmM975smehEOXSHOJ24zFaY6BnMUWa67yLawbxUj0AqzGmohdqz7Lu
DhtKd9oXJgRzacFzuMSQluN0ivwKIzirpLR/AJoz4nHXIaDQRyfaA3jr1VYpK+bA
poIXAjgxR/vEFtbEHw7fNO3FKRCddvyJ0vh+OKIrY0nrbGUoyRlPlKF/9XrQ3UJo
Zc708mBBjzqijXdUQ0TB1/irAAQ7O/6i+ThQxElt77gYWzv2/8sSoagzqRKXOqLJ
ckNJQIA39t4HMIFgqxDLRuRNtooFUeoOvocDWTQr80bUp6357cBtAl7ypcOzrPK6
m5cuuyZfQ7zdh5ufcfMdFbgjwfeN8d442EzBnLxoMA9T2Igfn7KOhFl3znZ+WJhS
h+oyBS8PrKUKB2Xo9pnXma6123xyFPDapnuK3iiNpGJfI0sULCqjEodYG+aGyfCz
ZFLWftbU683YxZCOddgYxHI=
-----END CERTIFICATE-----
Original file line number Diff line number Diff line change
@@ -1 +1 @@
d6:95:f8:44:4f:80:ce:80:a1:30:1f:05:6b:b0:96:24
c2:dc:f8:ee:dd:8b:08:75:41:c5:82:26:06:ab:ac:95
Loading
Loading