From 447637fe5d364d79a5433b919b25e5a68aac496c Mon Sep 17 00:00:00 2001 From: Angelo De Caro Date: Fri, 23 Aug 2019 08:11:27 +0200 Subject: [PATCH] [FAB-16376] MSP_1.4.3: support for admincerts This change-sets introduces a new test that check that when Node OU classificationi is enabled, certificates in the admincerts folder are considered administrator even if they carry the Client OU. Notice that certificates in the admincerts folder, when node ou classification is enabled, are required to contain either the client or admin OU. Signed-off-by: Angelo De Caro Change-Id: I7a418bfae4ac1490c9e640bb864a6f7b94089db9 (cherry picked from commit 05479d9571121348b666dd27d93f4201a921c04c) --- msp/nodeous_test.go | 31 +++++++++++++++++++ .../nodeouadminclient/admincerts/admin.pem | 14 +++++++++ .../cacerts/ca.example.com-cert.pem | 15 +++++++++ msp/testdata/nodeouadminclient/config.yaml | 14 +++++++++ .../nodeouadminclient/keystore/priv_sk | 5 +++ .../signcerts/orderer.example.com-cert.pem | 14 +++++++++ .../tlscacerts/tlsca.example.com-cert.pem | 15 +++++++++ .../nodeouadminclient2/admincerts/admin.pem | 14 +++++++++ .../cacerts/ca.example.com-cert.pem | 15 +++++++++ msp/testdata/nodeouadminclient2/config.yaml | 8 +++++ .../nodeouadminclient2/keystore/priv_sk | 5 +++ .../signcerts/orderer.example.com-cert.pem | 14 +++++++++ .../tlscacerts/tlsca.example.com-cert.pem | 15 +++++++++ 13 files changed, 179 insertions(+) create mode 100644 msp/testdata/nodeouadminclient/admincerts/admin.pem create mode 100644 msp/testdata/nodeouadminclient/cacerts/ca.example.com-cert.pem create mode 100644 msp/testdata/nodeouadminclient/config.yaml create mode 100644 msp/testdata/nodeouadminclient/keystore/priv_sk create mode 100644 msp/testdata/nodeouadminclient/signcerts/orderer.example.com-cert.pem create mode 100644 msp/testdata/nodeouadminclient/tlscacerts/tlsca.example.com-cert.pem create mode 100644 msp/testdata/nodeouadminclient2/admincerts/admin.pem create mode 100644 msp/testdata/nodeouadminclient2/cacerts/ca.example.com-cert.pem create mode 100644 msp/testdata/nodeouadminclient2/config.yaml create mode 100644 msp/testdata/nodeouadminclient2/keystore/priv_sk create mode 100644 msp/testdata/nodeouadminclient2/signcerts/orderer.example.com-cert.pem create mode 100644 msp/testdata/nodeouadminclient2/tlscacerts/tlsca.example.com-cert.pem diff --git a/msp/nodeous_test.go b/msp/nodeous_test.go index e676190c0ba..71dc80ac979 100644 --- a/msp/nodeous_test.go +++ b/msp/nodeous_test.go @@ -293,6 +293,37 @@ func TestLoad142MSPWithInvalidAdminConfiguration(t *testing.T) { assert.Equal(t, "administrators must be declared when no admin ou classification is set", err.Error()) } +func TestAdminInAdmincertsWith143MSP(t *testing.T) { + // testdata/nodeouadminclient enables NodeOU classification and contains in the admincerts folder + // a certificate classified as client. This test checks that that identity is considered an admin anyway. + // testdata/nodeouadminclient2 enables NodeOU classification and contains in the admincerts folder + // a certificate classified as client. This test checks that that identity is considered an admin anyway. + // Notice that the configuration used is one that is usually expected for MSP version < 1.4.3 which + // only define peer and client OU. + testFolders := []string{"testdata/nodeouadminclient", "testdata/nodeouadminclient2"} + + for _, testFolder := range testFolders { + localMSP := getLocalMSPWithVersion(t, testFolder, MSPv1_4_3) + + cert, err := readFile(filepath.Join(testFolder, "admincerts", "admin.pem")) + assert.NoError(t, err) + + id, _, err := localMSP.(*bccspmsp).getIdentityFromConf(cert) + assert.NoError(t, err) + for _, ou := range id.GetOrganizationalUnits() { + assert.NotEqual(t, "admin", ou.OrganizationalUnitIdentifier) + } + + principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: "SampleOrg"}) + assert.NoError(t, err) + principal := &msp.MSPPrincipal{ + PrincipalClassification: msp.MSPPrincipal_ROLE, + Principal: principalBytes} + err = id.SatisfiesPrincipal(principal) + assert.NoError(t, err) + } +} + func TestSatisfiesPrincipalOrderer(t *testing.T) { // testdata/nodeouorderer: // the configuration enables NodeOUs (with orderOU) diff --git a/msp/testdata/nodeouadminclient/admincerts/admin.pem b/msp/testdata/nodeouadminclient/admincerts/admin.pem new file mode 100644 index 00000000000..d4a90794c91 --- /dev/null +++ b/msp/testdata/nodeouadminclient/admincerts/admin.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICGzCCAcKgAwIBAgIRAN5DkOBs583C+swyjC7nHS0wCgYIKoZIzj0EAwIwaTEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRcwFQYDVQQDEw5jYS5leGFt +cGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGcxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMQ8wDQYDVQQLEwZjbGllbnQxGjAYBgNVBAMMEUFkbWluQGV4YW1wbGUuY29t +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3H+SsKIPqOTCn2YBHDYTkgsvYtr0 +6Kz3mEp4jfNmRt0Mz/Sjyg+E3AUjBah/Qj6WBqVYhmJeFsMoNvk8OhdHg6NNMEsw +DgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAg3+GALQue +CGamN/C2yq8S+ET/YsjAltoJS2hjlwUXxZ8wCgYIKoZIzj0EAwIDRwAwRAIgXvE1 +Dsw0Vd2Tz+mxCfyf62lzQ8IN2BE4qsEQNgcsL94CIH26gcvFF7u0j+FVkjA4Awuq +10yaq8RzytoLpOz4SDkw +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient/cacerts/ca.example.com-cert.pem b/msp/testdata/nodeouadminclient/cacerts/ca.example.com-cert.pem new file mode 100644 index 00000000000..932a013b439 --- /dev/null +++ b/msp/testdata/nodeouadminclient/cacerts/ca.example.com-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICPzCCAeSgAwIBAgIRAONi5v8ImyejqCrCatbAW1QwCgYIKoZIzj0EAwIwaTEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRcwFQYDVQQDEw5jYS5leGFt +cGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGkxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5j +b20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQAfjOlLCdB/6SsdPlbDHUsdK+b +gRuEN38QOFZ0Ws3aFAsER8ImqV3UIlsbKi5JnDs+OQnzrr3hrKA8downRRy/o20w +azAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB +MA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEIN/hgC0LnghmpjfwtsqvEvhE/2LI +wJbaCUtoY5cFF8WfMAoGCCqGSM49BAMCA0kAMEYCIQDhhgAHx0l7V5uAG2hATgCs +bvsbHiJpHUtiK7f1Qfxf2AIhANeukSgRU+AeGSzyVmAOKhIUS+grsPyspksUwVvB +ehXv +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient/config.yaml b/msp/testdata/nodeouadminclient/config.yaml new file mode 100644 index 00000000000..8846e9d4d92 --- /dev/null +++ b/msp/testdata/nodeouadminclient/config.yaml @@ -0,0 +1,14 @@ +NodeOUs: + Enable: true + ClientOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: client + PeerOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: peer + AdminOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: admin + OrdererOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: orderer diff --git a/msp/testdata/nodeouadminclient/keystore/priv_sk b/msp/testdata/nodeouadminclient/keystore/priv_sk new file mode 100644 index 00000000000..c5ddc42760f --- /dev/null +++ b/msp/testdata/nodeouadminclient/keystore/priv_sk @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg3XkpMssR+HPUfA+C +SvrEalkm9qz1RvDZzWpeJZJgzHuhRANCAATttnug4BR0dA3fL8XFWdcAz2KBYXNu +o1ZoZtYoXuTBQmIAp9gzE3n4WZlx1Q20auf3LyheORimUmRokuMkzDBd +-----END PRIVATE KEY----- diff --git a/msp/testdata/nodeouadminclient/signcerts/orderer.example.com-cert.pem b/msp/testdata/nodeouadminclient/signcerts/orderer.example.com-cert.pem new file mode 100644 index 00000000000..6655403f305 --- /dev/null +++ b/msp/testdata/nodeouadminclient/signcerts/orderer.example.com-cert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHjCCAcSgAwIBAgIQSEQ9WMdyikoUBDZC1SCNYjAKBggqhkjOPQQDAjBpMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy +YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xFzAVBgNVBAMTDmNhLmV4YW1w +bGUuY29tMB4XDTE5MDcwNDE2MjcwMFoXDTI5MDcwMTE2MjcwMFowajELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz +Y28xEDAOBgNVBAsTB29yZGVyZXIxHDAaBgNVBAMTE29yZGVyZXIuZXhhbXBsZS5j +b20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATttnug4BR0dA3fL8XFWdcAz2KB +YXNuo1ZoZtYoXuTBQmIAp9gzE3n4WZlx1Q20auf3LyheORimUmRokuMkzDBdo00w +SzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADArBgNVHSMEJDAigCDf4YAt +C54IZqY38LbKrxL4RP9iyMCW2glLaGOXBRfFnzAKBggqhkjOPQQDAgNIADBFAiEA +6moSx8Ny5hOtKgR5ixwMclqefiFDW5p1OQ1mOakYe3MCIGuqooZlekXL/xCVpuNZ +V4ODyvgvMEgQBg7lpg7RapWZ +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient/tlscacerts/tlsca.example.com-cert.pem b/msp/testdata/nodeouadminclient/tlscacerts/tlsca.example.com-cert.pem new file mode 100644 index 00000000000..5a7c4e639e4 --- /dev/null +++ b/msp/testdata/nodeouadminclient/tlscacerts/tlsca.example.com-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICRTCCAeqgAwIBAgIRAJCUl0CdwlkfiNTXt/gxVlgwCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGwxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEaMBgGA1UEAxMRdGxzY2EuZXhh +bXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASiqvojiDlos4TH6hOh +2Sg16UMVs4xG/s6M0MxICfAJSkwD3PRwKOinv8wD7OT7FxevPa6THKZONsXJwhWR +Lbero20wazAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG +AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEIEcM31EymEUj64aNdHFZ +0OCICQC3vXXeGLXrrc28liw6MAoGCCqGSM49BAMCA0kAMEYCIQCgfmcPMxf8ojnD +UbfnxXFHHHqAQ03X+bISVaKVtpcqjwIhAOwrN+SL40ORnkRgKBzyL8SzyiDXwqf0 +RqgngKsp/XOT +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient2/admincerts/admin.pem b/msp/testdata/nodeouadminclient2/admincerts/admin.pem new file mode 100644 index 00000000000..d4a90794c91 --- /dev/null +++ b/msp/testdata/nodeouadminclient2/admincerts/admin.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICGzCCAcKgAwIBAgIRAN5DkOBs583C+swyjC7nHS0wCgYIKoZIzj0EAwIwaTEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRcwFQYDVQQDEw5jYS5leGFt +cGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGcxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMQ8wDQYDVQQLEwZjbGllbnQxGjAYBgNVBAMMEUFkbWluQGV4YW1wbGUuY29t +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3H+SsKIPqOTCn2YBHDYTkgsvYtr0 +6Kz3mEp4jfNmRt0Mz/Sjyg+E3AUjBah/Qj6WBqVYhmJeFsMoNvk8OhdHg6NNMEsw +DgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAg3+GALQue +CGamN/C2yq8S+ET/YsjAltoJS2hjlwUXxZ8wCgYIKoZIzj0EAwIDRwAwRAIgXvE1 +Dsw0Vd2Tz+mxCfyf62lzQ8IN2BE4qsEQNgcsL94CIH26gcvFF7u0j+FVkjA4Awuq +10yaq8RzytoLpOz4SDkw +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient2/cacerts/ca.example.com-cert.pem b/msp/testdata/nodeouadminclient2/cacerts/ca.example.com-cert.pem new file mode 100644 index 00000000000..932a013b439 --- /dev/null +++ b/msp/testdata/nodeouadminclient2/cacerts/ca.example.com-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICPzCCAeSgAwIBAgIRAONi5v8ImyejqCrCatbAW1QwCgYIKoZIzj0EAwIwaTEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRcwFQYDVQQDEw5jYS5leGFt +cGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGkxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5j +b20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQAfjOlLCdB/6SsdPlbDHUsdK+b +gRuEN38QOFZ0Ws3aFAsER8ImqV3UIlsbKi5JnDs+OQnzrr3hrKA8downRRy/o20w +azAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB +MA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEIN/hgC0LnghmpjfwtsqvEvhE/2LI +wJbaCUtoY5cFF8WfMAoGCCqGSM49BAMCA0kAMEYCIQDhhgAHx0l7V5uAG2hATgCs +bvsbHiJpHUtiK7f1Qfxf2AIhANeukSgRU+AeGSzyVmAOKhIUS+grsPyspksUwVvB +ehXv +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient2/config.yaml b/msp/testdata/nodeouadminclient2/config.yaml new file mode 100644 index 00000000000..b7994ee4289 --- /dev/null +++ b/msp/testdata/nodeouadminclient2/config.yaml @@ -0,0 +1,8 @@ +NodeOUs: + Enable: true + ClientOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: client + PeerOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: peer \ No newline at end of file diff --git a/msp/testdata/nodeouadminclient2/keystore/priv_sk b/msp/testdata/nodeouadminclient2/keystore/priv_sk new file mode 100644 index 00000000000..c5ddc42760f --- /dev/null +++ b/msp/testdata/nodeouadminclient2/keystore/priv_sk @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg3XkpMssR+HPUfA+C +SvrEalkm9qz1RvDZzWpeJZJgzHuhRANCAATttnug4BR0dA3fL8XFWdcAz2KBYXNu +o1ZoZtYoXuTBQmIAp9gzE3n4WZlx1Q20auf3LyheORimUmRokuMkzDBd +-----END PRIVATE KEY----- diff --git a/msp/testdata/nodeouadminclient2/signcerts/orderer.example.com-cert.pem b/msp/testdata/nodeouadminclient2/signcerts/orderer.example.com-cert.pem new file mode 100644 index 00000000000..6655403f305 --- /dev/null +++ b/msp/testdata/nodeouadminclient2/signcerts/orderer.example.com-cert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHjCCAcSgAwIBAgIQSEQ9WMdyikoUBDZC1SCNYjAKBggqhkjOPQQDAjBpMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy +YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xFzAVBgNVBAMTDmNhLmV4YW1w +bGUuY29tMB4XDTE5MDcwNDE2MjcwMFoXDTI5MDcwMTE2MjcwMFowajELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz +Y28xEDAOBgNVBAsTB29yZGVyZXIxHDAaBgNVBAMTE29yZGVyZXIuZXhhbXBsZS5j +b20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATttnug4BR0dA3fL8XFWdcAz2KB +YXNuo1ZoZtYoXuTBQmIAp9gzE3n4WZlx1Q20auf3LyheORimUmRokuMkzDBdo00w +SzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADArBgNVHSMEJDAigCDf4YAt +C54IZqY38LbKrxL4RP9iyMCW2glLaGOXBRfFnzAKBggqhkjOPQQDAgNIADBFAiEA +6moSx8Ny5hOtKgR5ixwMclqefiFDW5p1OQ1mOakYe3MCIGuqooZlekXL/xCVpuNZ +V4ODyvgvMEgQBg7lpg7RapWZ +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient2/tlscacerts/tlsca.example.com-cert.pem b/msp/testdata/nodeouadminclient2/tlscacerts/tlsca.example.com-cert.pem new file mode 100644 index 00000000000..5a7c4e639e4 --- /dev/null +++ b/msp/testdata/nodeouadminclient2/tlscacerts/tlsca.example.com-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICRTCCAeqgAwIBAgIRAJCUl0CdwlkfiNTXt/gxVlgwCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGwxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEaMBgGA1UEAxMRdGxzY2EuZXhh +bXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASiqvojiDlos4TH6hOh +2Sg16UMVs4xG/s6M0MxICfAJSkwD3PRwKOinv8wD7OT7FxevPa6THKZONsXJwhWR +Lbero20wazAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG +AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEIEcM31EymEUj64aNdHFZ +0OCICQC3vXXeGLXrrc28liw6MAoGCCqGSM49BAMCA0kAMEYCIQCgfmcPMxf8ojnD +UbfnxXFHHHqAQ03X+bISVaKVtpcqjwIhAOwrN+SL40ORnkRgKBzyL8SzyiDXwqf0 +RqgngKsp/XOT +-----END CERTIFICATE-----