harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'mike/master' into dev

Browse Source
This commit is contained in:
Mario Vavti 2018-08-14 13:04:37 +02:00
commit 10c5b46e3b
12 changed files with 149 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Zotlabs/Identity/OAuth2Storage.php
View File

@ -55,15 +55,22 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
return false; return false;
} }
$a = q("select * from account where account_id = %d",
intval($x['channel_account_id'])
);
$n = explode(' ', $x['channel_name']);
return( [ return( [
'webbie' => $x['channel_address'].'@'.\App::get_hostname(), 'webfinger' => channel_reddress($x),
'zothash' => $x['channel_hash'], 'portable_id' => $x['channel_hash'],
'email' => $a['account_email'],
'username' => $x['channel_address'], 'username' => $x['channel_address'],
'user_id' => $x['channel_id'], 'user_id' => $x['channel_id'],
'name' => $x['channel_name'], 'name' => $x['channel_name'],
'firstName' => $x['channel_name'], 'firstName' => ((count($n) > 1) ? $n[1] : $n[0]),
'lastName' => '', 'lastName' => ((count($n) > 2) ? $n[count($n) - 1] : ''),
'password' => 'NotARealPassword' 'picture' => $x['xchan_photo_l']
] ); ] );
} }
@ -91,12 +98,16 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
$userClaims = Array(); $userClaims = Array();
$claims = explode (' ', trim($claims)); $claims = explode (' ', trim($claims));
$validclaims = Array ("name","preferred_username","zothash"); $validclaims = Array ("name","preferred_username","webfinger","portable_id","email","picture","firstName","lastName");
$claimsmap = Array ( $claimsmap = Array (
"zotwebbie" => 'webbie', "webfinger" => 'webfinger',
"zothash" => 'zothash', "portable_id" => 'portable_id',
"name" => 'name', "name" => 'name',
"preferred_username" => "username" "email" => 'email',
"preferred_username" => 'username',
"picture" => 'picture',
"given_name" => 'firstName',
"family_name" => 'lastName'
); );
$userinfo = $this->getUser($user_id); $userinfo = $this->getUser($user_id);
foreach ($validclaims as $validclaim) { foreach ($validclaims as $validclaim) {

40
Zotlabs/Module/Authorize.php
View File

@ -7,27 +7,34 @@ use Zotlabs\Identity\OAuth2Storage;
class Authorize extends \Zotlabs\Web\Controller { class Authorize extends \Zotlabs\Web\Controller {
function get() { function get() {
if (!local_channel()) { if (! local_channel()) {
return login(); return login();
} else { }
// TODO: Fully implement the dynamic client registration protocol: else {
// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
// http://openid.net/specs/openid-connect-registration-1_0.html $name = $_REQUEST['client_name'];
$app = array( if(! $name) {
'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')), $name = (($_REQUEST['client_id']) ?: t('Unknown App'));
'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'), }
'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''),
); $app = [
$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( 'name' => $name,
'icon' => (x($_REQUEST, 'logo_uri') ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'),
'url' => (x($_REQUEST, 'client_uri') ? $_REQUEST['client_uri'] : ''),
];
$link = (($app['url']) ? '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> ' : $app['name']);
$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), [
'$title' => t('Authorize'), '$title' => t('Authorize'),
'$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '), '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), $link ),
'$app' => $app, '$app' => $app,
'$yes' => t('Allow'), '$yes' => t('Allow'),
'$no' => t('Deny'), '$no' => t('Deny'),
'$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''), '$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''), '$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
'$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''), '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
)); ]);
return $o; return $o;
} }
} }
@ -62,15 +69,14 @@ class Authorize extends \Zotlabs\Web\Controller {
// Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string.
$channel = channelx_by_n(local_channel()); $channel = channelx_by_n(local_channel());
$user_id = $channel["channel_id"]; $user_id = $channel['channel_id'];
// If the client is not registered, add to the database // If the client is not registered, add to the database
if (!$client = $storage->getClientDetails($client_id)) { if (!$client = $storage->getClientDetails($client_id)) {
// Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST
$client_secret = (isset($_REQUEST["client_secret"])) ? $_REQUEST["client_secret"] : random_string(16); $client_secret = (isset($_REQUEST['client_secret'])) ? $_REQUEST['client_secret'] : random_string(16);
// Client apps are registered per channel // Client apps are registered per channel
$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', urldecode($_REQUEST["scope"]), $user_id); $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', $_REQUEST['scope'], $user_id);
} }
if (!$client = $storage->getClientDetails($client_id)) { if (!$client = $storage->getClientDetails($client_id)) {
// There was an error registering the client. // There was an error registering the client.

6
Zotlabs/Module/Oauthinfo.php
View File

@ -5,19 +5,17 @@ namespace Zotlabs\Module;
class Oauthinfo extends \Zotlabs\Web\Controller { class Oauthinfo extends \Zotlabs\Web\Controller {
function init() { function init() {
$ret = [ $ret = [
'issuer' => z_root(), 'issuer' => z_root(),
'authorization_endpoint' => z_root() . '/authorize', 'authorization_endpoint' => z_root() . '/authorize',
'token_endpoint' => z_root() . '/token', 'token_endpoint' => z_root() . '/token',
'userinfo_endpoint' => z_root() . '/userinfo',
'scopes_supported' => [ 'openid', 'profile', 'email' ],
'response_types_supported' => [ 'code', 'token', 'id_token', 'code id_token', 'token id_token' ] 'response_types_supported' => [ 'code', 'token', 'id_token', 'code id_token', 'token id_token' ]
]; ];
json_return_and_die($ret); json_return_and_die($ret);
} }
} }

1
Zotlabs/Module/Well_known.php
View File

@ -52,6 +52,7 @@ class Well_known extends \Zotlabs\Web\Controller {
break; break;
case 'oauth-authorization-server': case 'oauth-authorization-server':
case 'openid-configuration':
\App::$argc -= 1; \App::$argc -= 1;
array_shift(\App::$argv); array_shift(\App::$argv);
\App::$argv[0] = 'oauthinfo'; \App::$argv[0] = 'oauthinfo';

5
Zotlabs/Module/Wfinger.php
View File

@ -172,6 +172,11 @@ class Wfinger extends \Zotlabs\Web\Controller {
'href' => z_root() . '/hcard/' . $r[0]['channel_address'] 'href' => z_root() . '/hcard/' . $r[0]['channel_address']
], ],
[
'rel' => 'http://openid.net/specs/connect/1.0/issuer',
'href' => z_root()
],
[ [
'rel' => 'http://webfinger.net/rel/profile-page', 'rel' => 'http://webfinger.net/rel/profile-page',

31
Zotlabs/Update/_1218.php Normal file
View File

@ -0,0 +1,31 @@
<?php
namespace Zotlabs\Update;
class _1218 {
function run() {
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$r1 = q("ALTER TABLE hubloc add hubloc_id_url text NOT NULL");
$r2 = q("create index \"hubloc_id_url\" on hubloc (\"hubloc_id_url\")");
$r3 = q("ALTER TABLE hubloc add hubloc_site_id text NOT NULL");
$r4 = q("create index \"hubloc_site_id\" on hubloc (\"hubloc_site_id\")");
$r = $r1 && $r2 && $r3 && $r4;
}
if(ACTIVE_DBTYPE == DBTYPE_MYSQL) {
$r1 = q("ALTER TABLE hubloc add hubloc_id_url varchar(191) NOT NULL, ADD INDEX hubloc_id_url (hubloc_id_url)");
$r2 = q("ALTER TABLE hubloc add hubloc_site_id varchar(191) NOT NULL, ADD INDEX hubloc_site_id (hubloc_site_id)");
$r = $r1 && $r2;
}
if($r)
return UPDATE_SUCCESS;
return UPDATE_FAILED;
}
}

2
boot.php
View File

@ -54,7 +54,7 @@ define ( 'STD_VERSION', '3.7.1' );
define ( 'ZOT_REVISION', '6.0a' ); define ( 'ZOT_REVISION', '6.0a' );
define ( 'DB_UPDATE_VERSION', 1217 ); define ( 'DB_UPDATE_VERSION', 1218 );
define ( 'PROJECT_BASE', __DIR__ ); define ( 'PROJECT_BASE', __DIR__ );

37
include/api_auth.php
View File

@ -12,7 +12,13 @@ function api_login(&$a){
require_once('include/oauth.php'); require_once('include/oauth.php');
if(array_key_exists('REDIRECT_REMOTE_USER',$_SERVER) && (! array_key_exists('HTTP_AUTHORIZATION',$_SERVER))) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_REMOTE_USER'];
}
// login with oauth // login with oauth
try { try {
// OAuth 2.0 // OAuth 2.0
$storage = new \Zotlabs\Identity\OAuth2Storage(\DBA::$dba->db); $storage = new \Zotlabs\Identity\OAuth2Storage(\DBA::$dba->db);
@ -66,32 +72,27 @@ function api_login(&$a){
logger($e->getMessage()); logger($e->getMessage());
} }
// workarounds for HTTP-auth in CGI mode
foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { if(array_key_exists('HTTP_AUTHORIZATION',$_SERVER)) {
/* Basic authentication */ /* Basic authentication */
if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') { if (substr(trim($_SERVER['HTTP_AUTHORIZATION']),0,5) === 'Basic') {
$userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ; $userpass = @base64_decode(substr(trim($_SERVER['HTTP_AUTHORIZATION']),6)) ;
if(strlen($userpass)) { if(strlen($userpass)) {
list($name, $password) = explode(':', $userpass); list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password; $_SERVER['PHP_AUTH_PW'] = $password;
} }
break;
} }
/* Signature authentication */ /* OpenWebAuth */
if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { if(substr(trim($_SERVER['HTTP_AUTHORIZATION']),0,9) === 'Signature') {
if($head !== 'HTTP_AUTHORIZATION') { $record = null;
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
continue;
}
$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER['HTTP_AUTHORIZATION']);
if($sigblock) { if($sigblock) {
$keyId = str_replace('acct:','',$sigblock['keyId']); $keyId = str_replace('acct:','',$sigblock['keyId']);
if($keyId) { if($keyId) {
@ -108,24 +109,14 @@ function api_login(&$a){
$record = [ 'channel' => $c, 'account' => $a[0] ]; $record = [ 'channel' => $c, 'account' => $a[0] ];
$channel_login = $c['channel_id']; $channel_login = $c['channel_id'];
} }
else {
continue;
} }
} }
else {
continue;
}
}
else {
continue;
}
if($record) { if($record) {
$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
$record = null; $record = null;
} }
break;
} }
} }
} }
@ -137,7 +128,7 @@ function api_login(&$a){
// process normal login request // process normal login request
if(isset($_SERVER['PHP_AUTH_USER'])) { if(isset($_SERVER['PHP_AUTH_USER']) && (! $record)) {
$channel_login = 0; $channel_login = 0;
$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
if($record && $record['channel']) { if($record && $record['channel']) {

2
include/hubloc.php
View File

@ -24,6 +24,8 @@ function hubloc_store_lowlevel($arr) {
'hubloc_status' => ((array_key_exists('hubloc_status',$arr)) ? $arr['hubloc_status'] : 0), 'hubloc_status' => ((array_key_exists('hubloc_status',$arr)) ? $arr['hubloc_status'] : 0),
'hubloc_url' => ((array_key_exists('hubloc_url',$arr)) ? $arr['hubloc_url'] : ''), 'hubloc_url' => ((array_key_exists('hubloc_url',$arr)) ? $arr['hubloc_url'] : ''),
'hubloc_url_sig' => ((array_key_exists('hubloc_url_sig',$arr)) ? $arr['hubloc_url_sig'] : ''), 'hubloc_url_sig' => ((array_key_exists('hubloc_url_sig',$arr)) ? $arr['hubloc_url_sig'] : ''),
'hubloc_id_url' => ((array_key_exists('hubloc_id_url',$arr)) ? $arr['hubloc_id_url'] : ''),
'hubloc_site_id' => ((array_key_exists('hubloc_site_id',$arr)) ? $arr['hubloc_site_id'] : ''),
'hubloc_host' => ((array_key_exists('hubloc_host',$arr)) ? $arr['hubloc_host'] : ''), 'hubloc_host' => ((array_key_exists('hubloc_host',$arr)) ? $arr['hubloc_host'] : ''),
'hubloc_callback' => ((array_key_exists('hubloc_callback',$arr)) ? $arr['hubloc_callback'] : ''), 'hubloc_callback' => ((array_key_exists('hubloc_callback',$arr)) ? $arr['hubloc_callback'] : ''),
'hubloc_connect' => ((array_key_exists('hubloc_connect',$arr)) ? $arr['hubloc_connect'] : ''), 'hubloc_connect' => ((array_key_exists('hubloc_connect',$arr)) ? $arr['hubloc_connect'] : ''),

6
install/schema_mysql.sql
View File

@ -501,10 +501,12 @@ CREATE TABLE IF NOT EXISTS `hook` (
KEY `hook_version` (`hook_version`) KEY `hook_version` (`hook_version`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE IF NOT EXISTS `hubloc` ( CREATE TABLE IF NOT EXISTS `hubloc` (
`hubloc_id` int(10) unsigned NOT NULL AUTO_INCREMENT, `hubloc_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`hubloc_guid` char(191) NOT NULL DEFAULT '', `hubloc_guid` char(191) NOT NULL DEFAULT '',
`hubloc_guid_sig` text NOT NULL, `hubloc_guid_sig` text NOT NULL,
`hubloc_id_url` char(191) NOT NULL DEFAULT '0',
`hubloc_hash` char(191) NOT NULL DEFAULT '', `hubloc_hash` char(191) NOT NULL DEFAULT '',
`hubloc_addr` char(191) NOT NULL DEFAULT '', `hubloc_addr` char(191) NOT NULL DEFAULT '',
`hubloc_network` char(32) NOT NULL DEFAULT '', `hubloc_network` char(32) NOT NULL DEFAULT '',
@ -512,6 +514,7 @@ CREATE TABLE IF NOT EXISTS `hubloc` (
`hubloc_status` int(10) unsigned NOT NULL DEFAULT 0 , `hubloc_status` int(10) unsigned NOT NULL DEFAULT 0 ,
`hubloc_url` char(191) NOT NULL DEFAULT '', `hubloc_url` char(191) NOT NULL DEFAULT '',
`hubloc_url_sig` text NOT NULL, `hubloc_url_sig` text NOT NULL,
`hubloc_site_id` char(191) NOT NULL DEFAULT '',
`hubloc_host` char(191) NOT NULL DEFAULT '', `hubloc_host` char(191) NOT NULL DEFAULT '',
`hubloc_callback` char(191) NOT NULL DEFAULT '', `hubloc_callback` char(191) NOT NULL DEFAULT '',
`hubloc_connect` char(191) NOT NULL DEFAULT '', `hubloc_connect` char(191) NOT NULL DEFAULT '',
@ -524,7 +527,9 @@ CREATE TABLE IF NOT EXISTS `hubloc` (
`hubloc_deleted` tinyint(1) NOT NULL DEFAULT 0 , `hubloc_deleted` tinyint(1) NOT NULL DEFAULT 0 ,
PRIMARY KEY (`hubloc_id`), PRIMARY KEY (`hubloc_id`),
KEY `hubloc_url` (`hubloc_url`), KEY `hubloc_url` (`hubloc_url`),
KEY `hubloc_site_id` (`hubloc_site_id`),
KEY `hubloc_guid` (`hubloc_guid`), KEY `hubloc_guid` (`hubloc_guid`),
KEY `hubloc_id_url` (`hubloc_id_url`),
KEY `hubloc_hash` (`hubloc_hash`), KEY `hubloc_hash` (`hubloc_hash`),
KEY `hubloc_flags` (`hubloc_flags`), KEY `hubloc_flags` (`hubloc_flags`),
KEY `hubloc_connect` (`hubloc_connect`), KEY `hubloc_connect` (`hubloc_connect`),
@ -540,7 +545,6 @@ CREATE TABLE IF NOT EXISTS `hubloc` (
KEY `hubloc_error` (`hubloc_error`) KEY `hubloc_error` (`hubloc_error`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE IF NOT EXISTS `iconfig` ( CREATE TABLE IF NOT EXISTS `iconfig` (
`id` int(11) NOT NULL AUTO_INCREMENT, `id` int(11) NOT NULL AUTO_INCREMENT,
`iid` int(11) NOT NULL DEFAULT 0 , `iid` int(11) NOT NULL DEFAULT 0 ,

5
install/schema_postgres.sql
View File

@ -474,10 +474,12 @@ create index "hook_idx" on hook ("hook");
create index "hook_version_idx" on hook ("hook_version"); create index "hook_version_idx" on hook ("hook_version");
create index "hook_priority_idx" on hook ("priority"); create index "hook_priority_idx" on hook ("priority");
CREATE TABLE "hubloc" ( CREATE TABLE "hubloc" (
"hubloc_id" serial NOT NULL, "hubloc_id" serial NOT NULL,
"hubloc_guid" text NOT NULL DEFAULT '', "hubloc_guid" text NOT NULL DEFAULT '',
"hubloc_guid_sig" text NOT NULL DEFAULT '', "hubloc_guid_sig" text NOT NULL DEFAULT '',
"hubloc_id_url" text NOT NULL DEFAULT '',
"hubloc_hash" text NOT NULL, "hubloc_hash" text NOT NULL,
"hubloc_addr" text NOT NULL DEFAULT '', "hubloc_addr" text NOT NULL DEFAULT '',
"hubloc_network" text NOT NULL DEFAULT '', "hubloc_network" text NOT NULL DEFAULT '',
@ -485,6 +487,7 @@ CREATE TABLE "hubloc" (
"hubloc_status" bigint NOT NULL DEFAULT '0', "hubloc_status" bigint NOT NULL DEFAULT '0',
"hubloc_url" text NOT NULL DEFAULT '', "hubloc_url" text NOT NULL DEFAULT '',
"hubloc_url_sig" text NOT NULL DEFAULT '', "hubloc_url_sig" text NOT NULL DEFAULT '',
"hubloc_site_id" text NOT NULL DEFAULT '',
"hubloc_host" text NOT NULL DEFAULT '', "hubloc_host" text NOT NULL DEFAULT '',
"hubloc_callback" text NOT NULL DEFAULT '', "hubloc_callback" text NOT NULL DEFAULT '',
"hubloc_connect" text NOT NULL DEFAULT '', "hubloc_connect" text NOT NULL DEFAULT '',
@ -498,7 +501,9 @@ CREATE TABLE "hubloc" (
PRIMARY KEY ("hubloc_id") PRIMARY KEY ("hubloc_id")
); );
create index "hubloc_url" on hubloc ("hubloc_url"); create index "hubloc_url" on hubloc ("hubloc_url");
create index "hubloc_site_id" on hubloc ("hubloc_site_id");
create index "hubloc_guid" on hubloc ("hubloc_guid"); create index "hubloc_guid" on hubloc ("hubloc_guid");
create index "hubloc_id_url" on hubloc ("hubloc_id_url");
create index "hubloc_flags" on hubloc ("hubloc_flags"); create index "hubloc_flags" on hubloc ("hubloc_flags");
create index "hubloc_connect" on hubloc ("hubloc_connect"); create index "hubloc_connect" on hubloc ("hubloc_connect");
create index "hubloc_host" on hubloc ("hubloc_host"); create index "hubloc_host" on hubloc ("hubloc_host");

28
library/certs/lets-encrypt-x3-cross-signed.pem
View File

@ -25,3 +25,31 @@ X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----