web/surfer
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

References #2

Browse Source
This commit is contained in:
carsten.pluntke
2010-09-02 15:58:09 +00:00
parent 9a8b208c62
commit f5e983f5b9
9 changed files with 429 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Test_Qt_Frontend/QtSslTest.pro Normal file
View File

@@ -0,0 +1,16 @@
# #####################################################################
# Automatically generated by qmake (2.01a) Fr 18. Jun 11:12:34 2010
# #####################################################################
TEMPLATE = app
TARGET =
DEPENDPATH += .
INCLUDEPATH += ../engine_securetoken .
# Input
SOURCES += qtssltest.cpp \
smartcardauth.cpp \
pindialog.cpp
QT += webkit
QT += network
HEADERS += smartcardauth.h \
pindialog.h

37
Test_Qt_Frontend/pindialog.cpp Normal file
View File

@@ -0,0 +1,37 @@
#include <QtGui>
#include "pindialog.h"
PinDialog::PinDialog(QWidget *parent)
: QDialog(parent)
{
label=new QLabel(tr("Enter &PIN:"));
lineEdit=new QLineEdit;
lineEdit->setEchoMode(QLineEdit::Password);
label->setBuddy(lineEdit);
okButton=new QPushButton(tr("&OK"));
okButton->setDefault(true);
cancelButton=new QPushButton(tr("&Cancel"));
connect(okButton, SIGNAL(clicked()), this, SLOT(accept()));
connect(cancelButton, SIGNAL(clicked()), this, SLOT(reject()));
QHBoxLayout* tl= new QHBoxLayout;
tl->addWidget(label);
tl->addWidget(lineEdit);
QHBoxLayout* bl= new QHBoxLayout;
bl->addStretch();
bl->addWidget(okButton);
bl->addWidget(cancelButton);
QVBoxLayout* ml= new QVBoxLayout;
ml->addLayout(tl);
ml->addLayout(bl);
setLayout(ml);
}
QString PinDialog::pin() const {
// TODO: Cleanup of internal strings as soon as the PIN is retrieved
return lineEdit ? lineEdit->text() : "";
}

22
Test_Qt_Frontend/pindialog.h Normal file
View File

@@ -0,0 +1,22 @@
#ifndef PINDIALOG_H
#define PINDIALOG_H
#include <QDialog>
class QLabel;
class QLineEdit;
class QPushButton;
class PinDialog : public QDialog
{
Q_OBJECT
public:
PinDialog(QWidget *parent = 0);
QString pin() const;
private:
QLabel* label;
QLineEdit* lineEdit;
QPushButton* okButton;
QPushButton* cancelButton;
};
#endif // PINDIALOG_H

48
Test_Qt_Frontend/qtssltest.cpp Normal file
View File

@@ -0,0 +1,48 @@
#include <QApplication>
#include <QtNetwork>
#include <QtWebKit>
#include <QList>
#include <QFile>
#include <iostream>
#include "smartcardauth.h"
SmartCardAuth g_scard_auth;
int main(int argc, char *argv[])
{
SmartCardAuth::initialize();
QApplication app(argc, argv);
QSslConfiguration sslConf(QSslConfiguration::defaultConfiguration());
// Works even without specifying the root certificate, we just need to add the intermediates,
// and that's done in SmartCardAuth.cpp
#if 0
QFile caCertsFile("D:\\QtSmartCardAuth_TMI\\QtSslTest\\swsign_root.pem");
caCertsFile.open(QIODevice::ReadOnly);
QList<QSslCertificate> chain( QSslCertificate::fromDevice(&caCertsFile) );
sslConf.setCaCertificates(chain);
#endif
sslConf.setPeerVerifyMode(QSslSocket::QueryPeer);
sslConf.setOpenSslHook(&g_scard_auth);
QSslConfiguration::setDefaultConfiguration(sslConf);
// TODO - IMPORTANT: Error reporting!
// If there is ANY failure (no network, no host resolution, no SSL connection, timeout) we just see a
// blank page!
QWebView web;
// Works - NEEDS AN INTERMEDIATE CERTIFICATE, either loaded from card or from file, see SmartCardAuth
web.load(QUrl("https://dev.swisssign.com/test/"));
// web.load(QUrl("https://e2k7.demo8.cryptovision.com/ssl/"));
web.show();
int rv=app.exec();
SmartCardAuth::deinitialize();
return rv;
}

162
Test_Qt_Frontend/smartcardauth.cpp Normal file
View File

@@ -0,0 +1,162 @@
#include "smartcardauth.h"
#include "pindialog.h"
#include <QtNetwork/private/qsslsocket_openssl_symbols_p.h>
#include "engine_sct.h"
#include <string>
ENGINE* SmartCardAuth::e=NULL;
enum_certs_s* SmartCardAuth::certs_found=NULL;
QWidget* SmartCardAuth::parent=0;
bool SmartCardAuth::pin_configured=false;
bool SmartCardAuth::pin_rejected=false;
void SmartCardAuth::initialize() {
QSslSocketPrivate::ensureInitialized();
q_ENGINE_load_dynamic();
e = q_ENGINE_by_id("dynamic");
int r=q_ENGINE_ctrl_cmd_string(e, "SO_PATH", "C:\\Windows\\System32\\engine_act.dll", 0);
r=q_ENGINE_ctrl_cmd_string(e, "ID", "act", 0);
r=q_ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0);
r=q_ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
if(!r)
{
unsigned int err = 0;
while((err = q_ERR_get_error()))
{
char *str = q_ERR_error_string(err, NULL);
fprintf(stderr,"%s\n", str);
}
}
r=q_ENGINE_init(e);
}
void SmartCardAuth::deinitialize() {
q_ENGINE_finish(e);
q_ENGINE_cleanup();
}
void SmartCardAuth::setPinDlgParent(QWidget* p) {
parent=p;
}
int SmartCardAuth::client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
{
// NB: Keep in mind that this function is called for EVERY SSL connection to be opened.
for(size_t i=certs_found->num_certs;i--;)
{
const char *id_p = certs_found->certificate[i].id;
if(id_p == NULL) continue;
// Name has the format "slot-x-name-SwissSign_digSig" for the certificate/key we're looking for
std::string name(certs_found->certificate[i].name);
std::string compare("-name-SwissSign_digSig");
// Compare the rightmost part of the retrieved name to locate the certificate/keypair
size_t pos = name.length() - compare.length();
if(name.substr(pos) != compare)
continue;
// // Filter out the correct certificate depending on well-known sorting criteria
// // Given example searches for a keyword in the certificate's subject, but since we've got
// // the decoded certificate as an X509* structure we can check all the fields.
// X509_NAME* subj_name = q_X509_get_subject_name(certs_found->certificate[i].cert);
// int maxlen = 2048;
// char buf[maxlen+1];
// buf[maxlen]=0;
// q_X509_NAME_oneline(subj_name, buf, maxlen);
// std::string subject(buf);
// const char *compare="CN=Carsten Pluntke";
// if(subject.find(compare) == std::string::npos)
// continue;
// Here we found a suitable certificate.
// Now prepare the reference to the SmartCard's private key and a copy of the certificate
// to pass back to the caller.
*x509 = q_X509_dup(certs_found->certificate[i].cert);
*pkey = NULL;
// If we don't have a PIN yet, pop up a dialog, ask for a PIN and pass it along to the engine
// for usage.
if(!pin_configured)
{
PinDialog dlg(parent);
int ok=dlg.exec();
if(ok!=1) return 0; // User cancelled
QByteArray pinByteArray=dlg.pin().toAscii();
char *pin_str = pinByteArray.data();
// The engine control command takes a copy and overwrites the source array
if(q_ENGINE_ctrl_cmd_string(e, "PIN", pin_str, 0))
pin_configured = true;
else
return 0; // Engine refuses to take the PIN
*pkey = q_ENGINE_load_private_key(e, id_p, NULL, NULL);
// We do a test authorization on loading of the private key. If the operation fails at all,
// DON'T try again (see below) or we would instantly lock the card in a single session because
// of the retries!
if(!*pkey)
pin_rejected = true;
}
// Second to nth iteration: We skipped the PIN dialog here, now load the key if we don't have the
// explicit information not to do it (because the PIN is wrong)
if(!*pkey && !pin_rejected)
*pkey = q_ENGINE_load_private_key(e, id_p, NULL, NULL);
break;
}
if(!*x509) {
qWarning("Unable to load certificate");
return 0;
}
if(!*pkey) {
qWarning("Unable to load key");
return 0;
}
return 1;
}
bool SmartCardAuth::hookInitSslContext(SSL_CTX *ctx)
{
bool result = false;
if(!certs_found)
result = (q_ENGINE_ctrl_cmd(e, "ENUM_CERTS", 0, &certs_found, NULL, 0) != 0);
else
result = true;
#ifdef USE_CERTIFICATE_FILE
// Load a specific intermediate certificate from a file
BIO* cert_file= q_BIO_new_file("D:\\QtSmartCardAuth_TMI\\QtSslTest\\swsign_interm.pem", "r");
X509* interm=q_PEM_read_bio_X509(cert_file,NULL,NULL, NULL);
q_BIO_free(cert_file);
q_SSL_CTX_add_extra_chain_cert(ctx,interm);
#else
// Add all of the card's certificates without a private key as intermediate certs
for(size_t i=certs_found->num_certs;i--;)
{
if(certs_found->certificate[i].id == NULL)
q_SSL_CTX_add_extra_chain_cert(ctx, q_X509_dup(certs_found->certificate[i].cert));
}
#endif
q_SSL_CTX_set_client_cert_cb(ctx,client_cert_cb);
return true;
}

27
Test_Qt_Frontend/smartcardauth.h Normal file
View File

@@ -0,0 +1,27 @@
#ifndef SMARTCARDAUTH_H
#define SMARTCARDAUTH_H
#include <Qt/private/qopensslhook_p.h>
class QWidget;
struct enum_certs_s;
class SmartCardAuth : public QOpenSslHook {
public:
static void initialize();
static void deinitialize();
static void setPinDlgParent(QWidget* parent);
virtual bool hookInitSslContext(SSL_CTX* ctx);
private:
static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
static ENGINE* e;
static enum_certs_s* certs_found;
static QWidget* parent;
static bool pin_configured;
static bool pin_rejected;
};
#endif // SMARTCARDAUTH_H

39
Test_Qt_Frontend/swsign_cert.pem Normal file
View File

@@ -0,0 +1,39 @@
Bag Attributes
localKeyID: 01 00 00 00
1.3.6.1.4.1.311.17.3.20: AB FC 95 89 38 6A 06 C3 21 78 B7 AE 9E 87 06 8A C8 79 33 02
friendlyName: My SwissSign ID
subject=/CN=Markus Tesche/emailAddress=markus.tesche@cryptovision.com
issuer=/C=CH/O=SwissSign AG/CN=SwissSign Personal Silver CA 2008 - G2
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgIPCfGkMO74CroouYxQ+mKcMA0GCSqGSIb3DQEBBQUAMFUx
CzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxLzAtBgNVBAMTJlN3
aXNzU2lnbiBQZXJzb25hbCBTaWx2ZXIgQ0EgMjAwOCAtIEcyMB4XDTEwMDQxNjEw
MDI0N1oXDTExMDQxNjEwMDI0N1owRzEWMBQGA1UEAxMNTWFya3VzIFRlc2NoZTEt
MCsGCSqGSIb3DQEJARYebWFya3VzLnRlc2NoZUBjcnlwdG92aXNpb24uY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0DvJNEgXJefs4pdCnGzn6zS
8jTO20XS0Gzu16exDDXZ1aqIUdfj/dV5ya25YiJmOqwkOIvi3ruaXTYEGhGAMXUb
5/AqzjSwJ5Jn5KG2s8zD8GchJf72hUPTF4Pke0aS1tQ+0r3L5uVCDLzMZ839GF1/
bbp1bb8vgXa7UL0qbeLH4nITT0QgEVoXhx/xGDnvOBfvmy7OQ3/GuOqnFHz6REIe
daYfEMYyxIziYa1aYlyUw1xGIkOcNahznkN6wK+enrJPzLORFcF9soZOGO3cMH7k
tKPxB1P8LeZtgoIXLmrns5aJ11omB+zCRXieZTyj6OAFPR6Z700ozZG4PWAdxwID
AQABo4ICpTCCAqEwWQYDVR0RBFIwUIEebWFya3VzLnRlc2NoZUBjcnlwdG92aXNp
b24uY29toC4GCisGAQQBgjcUAgOgIAwebWFya3VzLnRlc2NoZUBjcnlwdG92aXNp
b24uY29tMA4GA1UdDwEB/wQEAwID+DA1BgNVHSUELjAsBggrBgEFBQcDAgYIKwYB
BQUHAwQGCisGAQQBgjcKAwQGCisGAQQBgjcUAgIwHwYDVR0jBBgwFoAU6zWxVm0V
YFj04SLNHEYcrtAEAGUwgf8GA1UdHwSB9zCB9DBHoEWgQ4ZBaHR0cDovL2NybC5z
d2lzc3NpZ24ubmV0L0VCMzVCMTU2NkQxNTYwNThGNEUxMjJDRDFDNDYxQ0FFRDAw
NDAwNjUwgaiggaWggaKGgZ9sZGFwOi8vZGlyZWN0b3J5LnN3aXNzc2lnbi5uZXQv
Q049RUIzNUIxNTY2RDE1NjA1OEY0RTEyMkNEMUM0NjFDQUVEMDA0MDA2NSUyQ089
U3dpc3NTaWduJTJDQz1DSD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/
b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwZAYDVR0gBF0wWzBZBglg
hXQBWQEDAQQwTDBKBggrBgEFBQcCARY+aHR0cDovL3JlcG9zaXRvcnkuc3dpc3Nz
aWduLmNvbS9Td2lzc1NpZ24tU2lsdmVyLUNQLUNQUy1SNC5wZGYwdAYIKwYBBQUH
AQEEaDBmMGQGCCsGAQUFBzAChlhodHRwOi8vc3dpc3NzaWduLm5ldC9jZ2ktYmlu
L2F1dGhvcml0eS9kb3dubG9hZC9FQjM1QjE1NjZEMTU2MDU4RjRFMTIyQ0QxQzQ2
MUNBRUQwMDQwMDY1MA0GCSqGSIb3DQEBBQUAA4IBAQA6L3y3A9mZ+xziOo71CcWq
WjFl8sqtk0ul6oh0uA7qDT8DP2BjP+uVUZr3fdnzWenL1qLbnh9M90yWLst0vGZ1
dOBO5Ex+6VgHb95jcK4BztfCYGhGvdtBbWbdJELmPBF+87OL/C/PYRrLvYqDo0XX
P5R1DZeJu732qaFB30Z28Fino7RzuSmngwwWujRQGJs2sVmxjkHqD0Lrxkp9eOQl
XwLo9uhMlEgDhah/dPA+S/+zApB8mNjhILw+3WkPgEsNLob15u5wvJEZ4GD/vK7E
kbMxGDlvSkM6+tWVizxeqhFJgYA2kLeY/pKJ9ZRT2d+k+DJufdWeWMCbWPVEiILc
-----END CERTIFICATE-----

41
Test_Qt_Frontend/swsign_interm.pem Normal file
View File

@@ -0,0 +1,41 @@
Bag Attributes
1.3.6.1.4.1.311.17.3.20: EB 35 B1 56 6D 15 60 58 F4 E1 22 CD 1C 46 1C AE D0 04 00 65
subject=/C=CH/O=SwissSign AG/CN=SwissSign Personal Silver CA 2008 - G2
issuer=/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2
-----BEGIN CERTIFICATE-----
MIIGZzCCBE+gAwIBAgIJAOJWt1OXa3ZYMA0GCSqGSIb3DQEBBQUAMEcxCzAJBgNV
BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxITAfBgNVBAMTGFN3aXNzU2ln
biBTaWx2ZXIgQ0EgLSBHMjAeFw0wODA3MDkxMTExMDlaFw0yMzA3MDkxMTExMDla
MFUxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxLzAtBgNVBAMT
JlN3aXNzU2lnbiBQZXJzb25hbCBTaWx2ZXIgQ0EgMjAwOCAtIEcyMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9/NTXkltjAPlJxchGGCldpQ/FRC4IUDP
NjOsKnKaj2HDa956SQhYPYDYO/CdHUEQAb9rB1YajbM9v2O6MX7ickYYaIfXhU+g
yXsTqdA50YnWNWdodsFflgnNzzoF0T8GBQraFvJD8qQHHaKsgHUBnaDo9zSnv7bm
OWhmUkc5KU20negqrRVhtKIx4BCR2x7kQ/Er3hDBNMtshO5iFCdE2DHx3zwhzMCs
kGjTdGjJF0qOOwmnsQVljQekkK4uet56RG+wAv50/xqH9VjppiXxzIgiJ9jLMcEv
KAxxch73+whObnoFrCF/PwpaZvi/5RYU+RubxJ+6Mw2GlxVdrqEGjwIDAQABo4IC
RjCCAkIwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0O
BBYEFOs1sVZtFWBY9OEizRxGHK7QBABlMB8GA1UdIwQYMBaAFBegzcHkQbY6WzvL
RZ29HMKY+oZYMIH/BgNVHR8EgfcwgfQwR6BFoEOGQWh0dHA6Ly9jcmwuc3dpc3Nz
aWduLm5ldC8xN0EwQ0RDMUU0NDFCNjNBNUIzQkNCNDU5REJEMUNDMjk4RkE4NjU4
MIGooIGloIGihoGfbGRhcDovL2RpcmVjdG9yeS5zd2lzc3NpZ24ubmV0L0NOPTE3
QTBDREMxRTQ0MUI2M0E1QjNCQ0I0NTlEQkQxQ0MyOThGQTg2NTglMkNPPVN3aXNz
U2lnbiUyQ0M9Q0g/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVj
dENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MGQGA1UdIARdMFswWQYJYIV0AVkB
AwEDMEwwSgYIKwYBBQUHAgEWPmh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5j
b20vU3dpc3NTaWduLVNpbHZlci1DUC1DUFMtUjMucGRmMHQGCCsGAQUFBwEBBGgw
ZjBkBggrBgEFBQcwAoZYaHR0cDovL3N3aXNzc2lnbi5uZXQvY2dpLWJpbi9hdXRo
b3JpdHkvZG93bmxvYWQvMTdBMENEQzFFNDQxQjYzQTVCM0JDQjQ1OURCRDFDQzI5
OEZBODY1ODANBgkqhkiG9w0BAQUFAAOCAgEALip22pfzTN9kJ+FbLZXvuVUu27gJ
ZTFAsEu9fJCx2dhxGFPO6DUsmxS6H3SC1FeSwFeTm1AFJXvgldRduER46TOQQf7h
v0abeX1yvDhQGcBoWgay0xveXWfPaZL49awJhdTdWi5qOSPv9O9zWjYew+mNIEdk
Nx85eRPXDlCyrLoZnuqD5EVGBL7NLzkQCJsNifBVsiYkUbNr0XxpPVjVgTU8aEdX
jcYSs88qahVFL4SpTj3BOcrr+95KnK0buGGWBiC4gCMZtHZDHJ+umjheENI49R6e
2QwR1S74yYqHpwyz0ihdI2xOZgXxmGOg3GKBxEficqLgbRl+PV2FRZdogAOl8PXt
25iCzummltrfbjXaGQNg9rBHmAM05bxgtMCQwCj0BG48ufpJhzplOLS1YYIehiHv
mojFdSg1q15SYC867zGLpnv3SAxwPLXXYsu0QsP0jbhEcYwk/NfunyHoqmOWw88H
W/KB0ppwJ1QYzO6h0Qwijl7QmUM5qlJOZxuP2jK8WoOS2jarU3r0EXfq/Nfo3uqX
xm5QDg9E4M8wyouaoaCn/LnoxS3zc/VU/p0o15AjIylPSTN/kHmDSl4eYZFmBBhd
0YhvjC4hW2UBRM12SQAAEPIaEqUdxrYFfogWojYCoymheKskXfAKdA1k2gp5mhVh
SFXeRgS5uQTbqpY=
-----END CERTIFICATE-----

37
Test_Qt_Frontend/swsign_root.pem Normal file
View File

@@ -0,0 +1,37 @@
Bag Attributes
1.3.6.1.4.1.311.17.3.20: 17 A0 CD C1 E4 41 B6 3A 5B 3B CB 45 9D BD 1C C2 98 FA 86 58
subject=/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2
issuer=/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2
-----BEGIN CERTIFICATE-----
MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE
BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu
IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow
RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY
U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv
Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br
YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF
nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH
6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt
eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/
c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ
MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH
HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf
jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6
5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB
rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c
wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB
AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp
WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9
xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ
2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ
IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8
aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X
em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR
dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/
OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+
hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
-----END CERTIFICATE-----