Merge pull request #1272 from nats-io/update_go_versions

Update travis to Go 1.19/18 and update some certs

.github/workflows/cov.yaml

@@ -0,0 +1,44 @@
+name: NATS Streaming Server Code Coverage
+on:
+  workflow_dispatch: {}
+
+  schedule:
+    - cron: "40 4 * * *"
+
+jobs:
+  nightly_coverage:
+    runs-on: ubuntu-latest
+
+    env:
+      GOPATH: /home/runner/work/nats-streaming-server
+      GO111MODULE: "on"
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          path: src/github.com/nats-io/nats-streaming-server
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19.x
+
+      - name: Run code coverage
+        shell: bash --noprofile --norc -x -eo pipefail {0}
+        run: |
+          set -e
+          ./scripts/cov.sh upload
+          set +e
+
+      - name: Convert coverage.out to coverage.lcov
+        uses: jandelgado/gcov2lcov-action@v1.0.9
+        with:
+          infile: acc.out
+
+      - name: Coveralls
+        uses: coverallsapp/github-action@1.1.3
+        with:
+          github-token: ${{ secrets.github_token }}
+          path-to-lcov: coverage.lcov
+

.travis.yml

@@ -1,10 +1,12 @@
 os:
 - linux
 - windows
+vm:
+  size: 2x-large
 language: go
 go:
-- 1.17.x
-- 1.16.x
+- 1.19.x
+- 1.18.x
 addons:
   apt:
     packages:
@@ -14,7 +16,7 @@ env:
 go_import_path: github.com/nats-io/nats-streaming-server
 install:
 - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then
-    go install honnef.co/go/tools/cmd/staticcheck@v0.2.2;
+    go install honnef.co/go/tools/cmd/staticcheck@latest;
     go install github.com/client9/misspell/cmd/misspell@latest;
   fi
 services:
@@ -33,26 +35,30 @@ script:
 - if [[ $TRAVIS_TAG ]]; then go test -v -run=TestVersionMatchesTag ./server; fi
 - if [[ ! $TRAVIS_TAG ]]; then
     if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then
+      if [[ "$TRAVIS_GO_VERSION" =~ 1.18 ]]; then
+        go build;
+      else
         mysql -u root -e "CREATE USER 'nss'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON *.* TO 'nss'@'localhost'; CREATE DATABASE test_nats_streaming;";
-        if [[ "$TRAVIS_GO_VERSION" =~ 1.16 ]]; then ./scripts/cov.sh TRAVIS; else go test -v -failfast -p=1 ./...; fi;
+        go test -v -p=1 ./... -count=1 -vet=off -failfast;
+      fi;
     fi;
   fi
 - if [[ ! $TRAVIS_TAG ]]; then
     if [[ "$TRAVIS_OS_NAME" == "windows" ]]; then
-      go install;
-      go test -v -p=1 ./... -count=1 -sql=false -failfast;
+      if [[ "$TRAVIS_GO_VERSION" =~ 1.18 ]]; then
+        go build;
+      else
+        go install;
+        go test -v -p=1 ./... -count=1 -vet=off -sql=false -failfast;
+      fi;
     fi;
   fi
 - set +e
-after_success:
-- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then
-    if [[ ! $TRAVIS_TAG ]]; then if [[ "$TRAVIS_GO_VERSION" =~ 1.16 ]]; then $HOME/gopath/bin/goveralls -coverprofile=acc.out -service travis-ci; fi; fi;
-  fi
 
 deploy:
   provider: script
   cleanup: true
   script: curl -sL http://git.io/goreleaser | bash
   on:
     tags: true
-    condition: ("$TRAVIS_OS_NAME" = "linux") && ("$TRAVIS_GO_VERSION" =~ "1.17")
+    condition: ("$TRAVIS_OS_NAME" = "linux") && ("$TRAVIS_GO_VERSION" =~ "1.19")

scripts/cov.sh

@@ -1,31 +1,68 @@
-#!/bin/bash -e
+#!/bin/bash
 # Run from directory above via ./scripts/cov.sh
 
+check_file () {
+    # If the content of the file is simply "mode: atomic", then it means that the
+    # code coverage did not complete due to a panic in one of the tests.
+    if [[ $(cat ./cov/$2) == "mode: atomic" ]]; then
+        echo "#############################################"
+        echo "## Code coverage for $1 package failed ##"
+        echo "#############################################"
+        exit 1
+    fi
+}
+
+# Do not globally set the -e flag because we don't a flapper to prevent the push to coverall.
+
 export GO111MODULE="on"
 
-go get github.com/mattn/goveralls
-go get github.com/wadey/gocovmerge
+go install github.com/wadey/gocovmerge@latest
 
 rm -rf ./cov
 mkdir cov
-go test -v -failfast -covermode=atomic -coverprofile=./cov/server.out -coverpkg=./server,./stores,./util ./server
-go test -v -failfast -covermode=atomic -coverprofile=./cov/server2.out -coverpkg=./server,./stores,./util -run=TestPersistent ./server -encrypt
-go test -v -failfast -covermode=atomic -coverprofile=./cov/logger.out ./logger
-go test -v -failfast -covermode=atomic -coverprofile=./cov/stores1.out ./stores
-go test -v -failfast -covermode=atomic -coverprofile=./cov/stores2.out -run=TestCS/FILE ./stores -fs_no_buffer
-go test -v -failfast -covermode=atomic -coverprofile=./cov/stores3.out -run=TestCS/FILE ./stores -fs_set_fds_limit
-go test -v -failfast -covermode=atomic -coverprofile=./cov/stores4.out -run=TestCS/FILE ./stores -fs_no_buffer -fs_set_fds_limit
-go test -v -failfast -covermode=atomic -coverprofile=./cov/stores5.out -run=TestFS ./stores -fs_no_buffer
-go test -v -failfast -covermode=atomic -coverprofile=./cov/stores6.out -run=TestFS ./stores -fs_set_fds_limit
-go test -v -failfast -covermode=atomic -coverprofile=./cov/stores7.out -run=TestFS ./stores -fs_no_buffer -fs_set_fds_limit
-go test -v -failfast -covermode=atomic -coverprofile=./cov/stores8.out -run=TestCS ./stores -encrypt
-go test -v -failfast -covermode=atomic -coverprofile=./cov/util.out ./util
+#
+# Since it is difficult to get a full run without a flapper, do not use `-failfast`.
+# It is better to have one flapper or two and still get the report than have
+# to re-run the whole code coverage. One or two failed tests should not affect
+# so much the code coverage.
+#
+# However, we need to take into account that if there is a panic in one test, all
+# other tests in that package will not run, which then would cause the code coverage
+# to drastically be lowered. In that case, we don't want the code coverage to be
+# uploaded.
+#
+go test -v -covermode=atomic -coverprofile=./cov/server.out -coverpkg=./server,./stores,./util ./server
+check_file "server" "server.out"
+go test -v -covermode=atomic -coverprofile=./cov/server2.out -coverpkg=./server,./stores,./util -run=TestPersistent ./server -encrypt
+check_file "server" "server2.out"
+go test -v -covermode=atomic -coverprofile=./cov/logger.out ./logger
+check_file "logger" "logger.out"
+go test -v -covermode=atomic -coverprofile=./cov/stores1.out ./stores
+check_file "stores" "stores1.out"
+go test -v -covermode=atomic -coverprofile=./cov/stores2.out -run=TestCS/FILE ./stores -fs_no_buffer
+check_file "stores" "stores2.out"
+go test -v -covermode=atomic -coverprofile=./cov/stores3.out -run=TestCS/FILE ./stores -fs_set_fds_limit
+check_file "stores" "stores3.out"
+go test -v -covermode=atomic -coverprofile=./cov/stores4.out -run=TestCS/FILE ./stores -fs_no_buffer -fs_set_fds_limit
+check_file "stores" "stores4.out"
+go test -v -covermode=atomic -coverprofile=./cov/stores5.out -run=TestFS ./stores -fs_no_buffer
+check_file "stores" "stores5.out"
+go test -v -covermode=atomic -coverprofile=./cov/stores6.out -run=TestFS ./stores -fs_set_fds_limit
+check_file "stores" "stores6.out"
+go test -v -covermode=atomic -coverprofile=./cov/stores7.out -run=TestFS ./stores -fs_no_buffer -fs_set_fds_limit
+check_file "stores" "stores7.out"
+go test -v -covermode=atomic -coverprofile=./cov/stores8.out -run=TestCS ./stores -encrypt
+check_file "stores" "stores8.out"
+go test -v -covermode=atomic -coverprofile=./cov/util.out ./util
+check_file "util" "util.out"
+
+# At this point, if that fails, we want the caller to know about the failure.
+set -e
 gocovmerge ./cov/*.out > acc.out
 rm -rf ./cov
 
-# Without argument, launch browser results. We are going to push to coveralls only
-# from Travis.yml and after success of the build (and result of pushing will not affect
-# build result).
+# If no argument passed, launch a browser to see the results.
 if [[ $1 == "" ]]; then
     go tool cover -html=acc.out
 fi
+set +e

test/certs/ca.pem

@@ -1,20 +1,27 @@
 -----BEGIN CERTIFICATE-----
-MIIDXDCCAkQCCQDI2Vsry8+BDDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCQ0ExEDAOBgNVBAoMB1N5bmFkaWExEDAOBgNVBAsMB25hdHMu
-aW8xEjAQBgNVBAMMCWxvY2FsaG9zdDEcMBoGCSqGSIb3DQEJARYNZGVyZWtAbmF0
-cy5pbzAeFw0xOTEwMTcxMzAzNThaFw0yOTEwMTQxMzAzNThaMHAxCzAJBgNVBAYT
-AlVTMQswCQYDVQQIDAJDQTEQMA4GA1UECgwHU3luYWRpYTEQMA4GA1UECwwHbmF0
-cy5pbzESMBAGA1UEAwwJbG9jYWxob3N0MRwwGgYJKoZIhvcNAQkBFg1kZXJla0Bu
-YXRzLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohX2dXdHIDM5
-yZDWk96b0mwRTHhBIOKtMPTTs/zKmlAgjjDxW7kSg0JimTNds9YbJ33FhcEJKXtV
-KH3Cn0uyZPS1VcTzPr7XP2QI+9SqqLuahkHAhgqoRwK62fTFJgzdZO0f9w9WwzMi
-gGk/v7KkKFa/9xKLCa9DTEJ9FA34HuYoBxXMZvypDm8d+0kxOCdThpzhKeucE4ya
-jFlvOP9/l7GyjlczzAD/nt/QhPfSeIx1MF0ICj5qzwPD/jB1ekoL9OShoHvoEyXo
-UO13GMdVmZqwJcS7Vk5XNEZoH0cxSw/SrZGCE9SFjR1t8TAe3QZiZ9E8EAg4IzJQ
-jfR2II5LiQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBIwib+0xLth/1+URtgQFn8
-dvQNqnJjlqC27U48qiTCTC5vJWbQDqUg9o6gtwZyYEHQ7dMmn68ozDzcGTCxaikV
-n01Bj2ijODK96Jrm/P5aVkP5Cn06FfudluZI2Q/A1cqTsa8V4rj02PpwCcLEaDqX
-yhztlhbKypWrlGuWpVlDBWstyRar98vvRK1XEyBu2NHp2fy49cwJCub4Cmz920fh
-oiIwzXIKtfnf1GEjUnsuFPMgCxvhjirYNPWWjqaBldrM/dBJqwTyZf/p6g40vufN
-JJDc65c4tyRwBSBdFn+Q4zD44M0AR/8THAeIfsT42lyl8fMV5A4fe1nAVJDC4Z/H
+MIIEkDCCA3igAwIBAgIUSZwW7btc9EUbrMWtjHpbM0C2bSEwDQYJKoZIhvcNAQEL
+BQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEDAOBgNVBAoM
+B1N5bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xKTAnBgNVBAMMIENlcnRpZmljYXRl
+IEF1dGhvcml0eSAyMDIyLTA4LTI3MB4XDTIyMDgyNzIwMjMwMloXDTMyMDgyNDIw
+MjMwMlowcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEDAOBgNV
+BAoMB1N5bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xKTAnBgNVBAMMIENlcnRpZmlj
+YXRlIEF1dGhvcml0eSAyMDIyLTA4LTI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAqilVqyY8rmCpTwAsLF7DEtWEq37KbljBWVjmlp2Wo6TgMd3b537t
+6iO8+SbI8KH75i63RcxV3Uzt1/L9Yb6enDXF52A/U5ugmDhaa+Vsoo2HBTbCczmp
+qndp7znllQqn7wNLv6aGSvaeIUeYS5Dmlh3kt7Vqbn4YRANkOUTDYGSpMv7jYKSu
+1ee05Rco3H674zdwToYto8L8V7nVMrky42qZnGrJTaze+Cm9tmaIyHCwUq362CxS
+dkmaEuWx11MOIFZvL80n7ci6pveDxe5MIfwMC3/oGn7mbsSqidPMcTtjw6ey5NEu
+Z0UrC/2lL1FtF4gnVMKUSaEhU2oKjj0ZAQIDAQABo4IBHjCCARowHQYDVR0OBBYE
+FP7Pfz4u7sSt6ltviEVsx4hIFIs6MIGuBgNVHSMEgaYwgaOAFP7Pfz4u7sSt6ltv
+iEVsx4hIFIs6oXWkczBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p
+YTEQMA4GA1UECgwHU3luYWRpYTEQMA4GA1UECwwHbmF0cy5pbzEpMCcGA1UEAwwg
+Q2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMjItMDgtMjeCFEmcFu27XPRFG6zFrYx6
+WzNAtm0hMAwGA1UdEwQFMAMBAf8wOgYJYIZIAYb4QgENBC0WK25hdHMuaW8gbmF0
+cy1zZXJ2ZXIgdGVzdC1zdWl0ZSB0cmFuc2llbnQgQ0EwDQYJKoZIhvcNAQELBQAD
+ggEBAHDCHLQklYZlnzHDaSwxgGSiPUrCf2zhk2DNIYSDyBgdzrIapmaVYQRrCBtA
+j/4jVFesgw5WDoe4TKsyha0QeVwJDIN8qg2pvpbmD8nOtLApfl0P966vcucxDwqO
+dQWrIgNsaUdHdwdo0OfvAlTfG0v/y2X0kbL7h/el5W9kWpxM/rfbX4IHseZL2sLq
+FH69SN3FhMbdIm1ldrcLBQVz8vJAGI+6B9hSSFQWljssE0JfAX+8VW/foJgMSx7A
+vBTq58rLkAko56Jlzqh/4QT+ckayg9I73v1Q5/44jP1mHw35s5ZrzpDQt2sVv4l5
+lwRPJFXMwe64flUs9sM+/vqJaIY=
 -----END CERTIFICATE-----

test/certs/client-cert.pem

@@ -1,20 +1,99 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            38:4c:16:24:9b:04:1c:b3:db:e0:4c:3c:ed:b7:40:7d:68:b5:fa:1f
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=California, O=Synadia, OU=nats.io, CN=Certificate Authority 2022-08-27
+        Validity
+            Not Before: Aug 27 20:23:02 2022 GMT
+            Not After : Aug 24 20:23:02 2032 GMT
+        Subject: C=US, ST=California, O=Synadia, OU=nats.io, CN=localhost
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:ac:9c:3e:9d:3b:7a:12:56:85:78:ca:df:9c:fc:
+                    0c:7e:5e:f2:4f:22:33:46:81:38:53:d7:a7:25:8f:
+                    d7:ee:16:13:e2:67:49:88:f6:94:99:f0:a9:a6:db:
+                    fe:7a:17:c9:e3:df:31:73:71:38:70:3a:96:1e:99:
+                    7b:5d:07:e3:63:e4:e8:bf:99:f7:3d:5c:27:f5:b7:
+                    37:29:da:ee:82:80:00:d4:c8:d3:1b:36:0d:8b:d3:
+                    8a:9b:8e:12:a1:4d:0c:c5:22:f8:56:3b:6a:1a:fb:
+                    e9:3d:08:1e:13:7f:55:6e:2e:65:93:9a:90:54:03:
+                    6d:0d:e6:44:d6:f7:c0:d7:d8:e1:c7:1e:c2:9b:a3:
+                    6e:88:f1:7c:58:08:a2:9f:13:cc:5b:b9:11:2c:1d:
+                    23:6f:3a:ae:47:9a:0f:6a:ce:e5:80:34:09:e6:e3:
+                    fd:76:4a:cf:5a:18:bb:9c:c5:c1:74:49:67:77:1b:
+                    ba:28:86:31:a6:fc:12:af:4a:85:1b:73:5b:f4:d6:
+                    42:ff:0c:1c:49:e7:31:f2:5a:2a:1e:cd:87:cb:22:
+                    ff:70:1c:48:ed:ba:e0:be:f0:bc:9e:e0:dc:59:db:
+                    a5:74:25:58:b3:61:04:f6:33:28:6b:07:25:60:0f:
+                    72:93:16:6c:9f:b0:ad:4a:18:f7:9e:29:1e:b7:61:
+                    34:17
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                nats.io nats-server test-suite certificate
+            X509v3 Subject Key Identifier: 
+                1F:14:EF:2B:53:AB:28:4A:93:42:98:AE:85:06:0F:B4:7D:DC:36:AE
+            X509v3 Authority Key Identifier: 
+                keyid:FE:CF:7F:3E:2E:EE:C4:AD:EA:5B:6F:88:45:6C:C7:88:48:14:8B:3A
+                DirName:/C=US/ST=California/O=Synadia/OU=nats.io/CN=Certificate Authority 2022-08-27
+                serial:49:9C:16:ED:BB:5C:F4:45:1B:AC:C5:AD:8C:7A:5B:33:40:B6:6D:21
+
+            X509v3 Subject Alternative Name: 
+                DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, email:derek@nats.io
+            Netscape Cert Type: 
+                SSL Client
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         60:43:0b:c6:11:0b:96:ae:03:dc:77:26:9a:4a:bd:6a:d7:03:
+         ec:43:16:2d:ba:8c:e5:50:fa:57:a9:1f:2f:a4:15:c3:a8:13:
+         b9:d3:59:2a:97:7c:ae:ce:a9:f8:44:e4:97:ee:7d:09:dc:74:
+         38:80:94:cf:47:e0:84:52:2a:91:44:8a:85:55:da:42:6a:f1:
+         91:1a:6e:5a:63:e6:0b:61:3c:0d:b0:aa:17:b8:77:94:32:20:
+         4d:20:8f:84:56:64:ae:ef:d8:8d:42:b5:52:4d:b0:1c:46:97:
+         bc:4c:77:8c:3f:a3:73:43:87:27:71:62:e7:fe:02:de:a1:27:
+         77:be:86:29:8f:62:a1:d9:e7:ea:61:33:73:f4:1f:0a:12:14:
+         68:eb:7d:8c:71:5b:42:e7:48:10:c9:df:30:3b:5b:eb:69:29:
+         b6:95:bc:09:fc:01:b0:be:fc:9f:ee:c4:f3:df:a0:01:c5:68:
+         20:f5:2f:f8:e7:1c:a5:4c:a8:a8:a2:20:a1:d2:0f:f6:f6:c4:
+         0d:f5:26:fd:ea:8b:b5:06:a9:9e:17:35:47:f7:fd:6e:78:3d:
+         5f:7a:87:ed:21:b2:4e:e9:6a:d1:d9:ed:0e:cf:43:61:83:7c:
+         fe:0d:b1:ad:ff:fa:2d:2b:36:9d:99:9c:20:48:21:0d:36:c8:
+         dd:b6:0a:d8
 -----BEGIN CERTIFICATE-----
-MIIDQjCCAiqgAwIBAgIJAJCSLX9jr5WzMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJDQTEQMA4GA1UECgwHU3luYWRpYTEQMA4GA1UECwwH
-bmF0cy5pbzESMBAGA1UEAwwJbG9jYWxob3N0MRwwGgYJKoZIhvcNAQkBFg1kZXJl
-a0BuYXRzLmlvMB4XDTE5MTAxNzEzMjI0MloXDTI5MTAxNDEzMjI0MlowDTELMAkG
-A1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsnD6dO3oS
-VoV4yt+c/Ax+XvJPIjNGgThT16clj9fuFhPiZ0mI9pSZ8Kmm2/56F8nj3zFzcThw
-OpYemXtdB+Nj5Oi/mfc9XCf1tzcp2u6CgADUyNMbNg2L04qbjhKhTQzFIvhWO2oa
-++k9CB4Tf1VuLmWTmpBUA20N5kTW98DX2OHHHsKbo26I8XxYCKKfE8xbuREsHSNv
-Oq5Hmg9qzuWANAnm4/12Ss9aGLucxcF0SWd3G7oohjGm/BKvSoUbc1v01kL/DBxJ
-5zHyWioezYfLIv9wHEjtuuC+8Lye4NxZ26V0JVizYQT2MyhrByVgD3KTFmyfsK1K
-GPeeKR63YTQXAgMBAAGjQjBAMCkGA1UdEQQiMCCCCWxvY2FsaG9zdIcEfwAAAYEN
-ZGVyZWtAbmF0cy5pbzATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUF
-AAOCAQEAfGUnzmpXXigAJxcnVKQy1ago+GGOAGldlDKIcHoofkYibhWWrrojulHF
-pRPRVKm2S/P4rRnSsjrPfpf6I2Icd+oVdVxrsWcN5itbul8Xymsjl2gMSJSHknYs
-wTYNjdM4opRioArK69aRa26xXlxRs8YpRErF8Nb5mkxgvtUgtM8t/T/28MBprc7x
-7NuYvohKlOcWbgdBYI+e3CA2XLRG/A+9EmOe8g66vW/uY0eaiWduBJSwXhd+stjg
-elXYnK+EEUpJIK9DeS7r6k6HreNZ2FPM90RxdbMP7Q+i3bJwic4cJG3QOdLl+IqK
-tME8kUPD/63mEDHHMJjgAktgaFX4bQ==
+MIIE5zCCA8+gAwIBAgIUOEwWJJsEHLPb4Ew87bdAfWi1+h8wDQYJKoZIhvcNAQEL
+BQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEDAOBgNVBAoM
+B1N5bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xKTAnBgNVBAMMIENlcnRpZmljYXRl
+IEF1dGhvcml0eSAyMDIyLTA4LTI3MB4XDTIyMDgyNzIwMjMwMloXDTMyMDgyNDIw
+MjMwMlowWjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEDAOBgNV
+BAoMB1N5bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xEjAQBgNVBAMMCWxvY2FsaG9z
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKycPp07ehJWhXjK35z8
+DH5e8k8iM0aBOFPXpyWP1+4WE+JnSYj2lJnwqabb/noXyePfMXNxOHA6lh6Ze10H
+42Pk6L+Z9z1cJ/W3Nyna7oKAANTI0xs2DYvTipuOEqFNDMUi+FY7ahr76T0IHhN/
+VW4uZZOakFQDbQ3mRNb3wNfY4ccewpujbojxfFgIop8TzFu5ESwdI286rkeaD2rO
+5YA0Cebj/XZKz1oYu5zFwXRJZ3cbuiiGMab8Eq9KhRtzW/TWQv8MHEnnMfJaKh7N
+h8si/3AcSO264L7wvJ7g3FnbpXQlWLNhBPYzKGsHJWAPcpMWbJ+wrUoY954pHrdh
+NBcCAwEAAaOCAYwwggGIMAkGA1UdEwQCMAAwOQYJYIZIAYb4QgENBCwWKm5hdHMu
+aW8gbmF0cy1zZXJ2ZXIgdGVzdC1zdWl0ZSBjZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
+HxTvK1OrKEqTQpiuhQYPtH3cNq4wga4GA1UdIwSBpjCBo4AU/s9/Pi7uxK3qW2+I
+RWzHiEgUizqhdaRzMHExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
+MRAwDgYDVQQKDAdTeW5hZGlhMRAwDgYDVQQLDAduYXRzLmlvMSkwJwYDVQQDDCBD
+ZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAyMi0wOC0yN4IUSZwW7btc9EUbrMWtjHpb
+M0C2bSEwOwYDVR0RBDQwMoIJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAA
+AAABgQ1kZXJla0BuYXRzLmlvMBEGCWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMC
+BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAGBDC8YR
+C5auA9x3JppKvWrXA+xDFi26jOVQ+lepHy+kFcOoE7nTWSqXfK7OqfhE5JfufQnc
+dDiAlM9H4IRSKpFEioVV2kJq8ZEablpj5gthPA2wqhe4d5QyIE0gj4RWZK7v2I1C
+tVJNsBxGl7xMd4w/o3NDhydxYuf+At6hJ3e+himPYqHZ5+phM3P0HwoSFGjrfYxx
+W0LnSBDJ3zA7W+tpKbaVvAn8AbC+/J/uxPPfoAHFaCD1L/jnHKVMqKiiIKHSD/b2
+xA31Jv3qi7UGqZ4XNUf3/W54PV96h+0hsk7patHZ7Q7PQ2GDfP4Nsa3/+i0rNp2Z
+nCBIIQ02yN22Ctg=
 -----END CERTIFICATE-----