Skip to content

Commit

Permalink
Add lint to detect invalid cps uri (#828)
Browse files Browse the repository at this point in the history 
* Add files via upload

* Add files via upload

* Add files via upload

* Add files via upload

* Update lint_invalid_subject_rdn_order_test.go

Added //nolint:all to comment block to avoid golangci-lint to complain about duplicate words in comment

* Update lint_invalid_subject_rdn_order.go

Fixed import block

* Update v3/lints/cabf_br/lint_invalid_subject_rdn_order.go

Fine to me.

Co-authored-by: Christopher Henderson <[email protected]>

* Update lint_invalid_subject_rdn_order.go

As per Chris Henderson's suggestion, to "improve readability".

* Update lint_invalid_subject_rdn_order_test.go

As per Chris Henderson's suggestion.

* Update time.go

Added CABFEV_Sec9_2_8_Date

* Add files via upload

* Add files via upload

* Revised according to Chris and Corey suggestions

* Add files via upload

* Add files via upload

* Delete v3/lints/cabf_ev/lint_ev_orgid_inconsistent_subj_and_ext.go

* Delete v3/lints/cabf_ev/lint_ev_orgid_inconsistent_subj_and_ext_test.go

* Delete v3/testdata/orgid_subj_and_ext_ko_01.pem

* Delete v3/testdata/orgid_subj_and_ext_ko_02.pem

* Delete v3/testdata/orgid_subj_and_ext_ko_03.pem

* Delete v3/testdata/orgid_subj_and_ext_ok_01.pem

* Delete v3/testdata/orgid_subj_and_ext_ok_02.pem

* Delete v3/testdata/orgid_subj_and_ext_ok_03.pem

* Delete v3/testdata/orgid_subj_and_ext_ok_04.pem

* Delete v3/testdata/orgid_subj_and_ext_ok_05.pem

* Update time.go

---------

Co-authored-by: Christopher Henderson <[email protected]>
  • Loading branch information
@defacto64 @christopher-henderson
defacto64 and christopher-henderson authored Apr 28, 2024
1 parent 2988620 commit 63e3f86
Show file tree
Hide file tree
Showing 8 changed files with 812 additions and 0 deletions.
74 changes: 74 additions & 0 deletions v3/lints/cabf_br/lint_e_invalid_cps_uri.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
/*
* ZLint Copyright 2024 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/

/*
* Contributed by Adriano Santoni <[email protected]>
* of ACTALIS S.p.A. (www.actalis.com).
*/

package cabf_br

import (
"github.com/zmap/zcrypto/x509"
"github.com/zmap/zlint/v3/lint"
"github.com/zmap/zlint/v3/util"

"net/url"
)

func init() {
lint.RegisterCertificateLint(&lint.CertificateLint{
LintMetadata: lint.LintMetadata{
Name: "e_invalid_cps_uri",
Description: "If the CPS URI policyQualifier is present in a certificate, it MUST contain an HTTP or HTTPS URL",
Citation: "CABF BR 7.1.2 (several subsections thereof)",
Source: lint.CABFBaselineRequirements,
EffectiveDate: util.CABFBRs_2_0_0_Date,
},
Lint: NewInvalidCPSUri,
})
}

type invalidCPSUri struct{}

func NewInvalidCPSUri() lint.LintInterface {
return &invalidCPSUri{}
}

func (l *invalidCPSUri) CheckApplies(c *x509.Certificate) bool {
return util.IsExtInCert(c, util.CertPolicyOID)
}

func isValidHttpOrHttpsURL(input string) bool {
parsedURL, err := url.Parse(input)
if err != nil {
return false
}

scheme := parsedURL.Scheme
return scheme == "http" || scheme == "https"
}

func (l *invalidCPSUri) Execute(c *x509.Certificate) *lint.LintResult {
// There should normally be just one CPS URI, but one never knows...
for _, pol := range c.CPSuri {
for _, uri := range pol {
if !isValidHttpOrHttpsURL(uri) {
return &lint.LintResult{Status: lint.Error}
}
}
}

return &lint.LintResult{Status: lint.Pass}
}
83 changes: 83 additions & 0 deletions v3/lints/cabf_br/lint_e_invalid_cps_uri_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
/*
* ZLint Copyright 2024 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/

/*
* Contributed by Adriano Santoni <[email protected]>
* of ACTALIS S.p.A. (www.actalis.com).
*/

package cabf_br

import (
"testing"

"github.com/zmap/zlint/v3/lint"
"github.com/zmap/zlint/v3/test"
)

/*
=== Pass test cases ===
invalid_cps_uri_ok_01.pem Certificate with a well-formed CPS URI
invalid_cps_uri_ok_02.pem Certificate without a CPS URI
=== NE test cases ===
invalid_cps_uri_ok_03.pem Certificate with an invalid CPS URI, but issued before effective date
=== Fail test cases ===
invalid_cps_uri_ko_01.pem Certificate with an invalid CPS URI (disallowed scheme)
invalid_cps_uri_ko_02.pem Certificate with an invalid CPS URI (syntax error)
invalid_cps_uri_ko_03.pem Certificate with two CPS URIs, one good and one bad
*/

func TestInvalidCPSUri(t *testing.T) {
type Data struct {
input string
want lint.LintStatus
}
data := []Data{
{
input: "invalid_cps_uri_ok_01.pem",
want: lint.Pass,
},
{
input: "invalid_cps_uri_ok_02.pem",
want: lint.Pass,
},
{
input: "invalid_cps_uri_ok_03.pem",
want: lint.NE,
},
{
input: "invalid_cps_uri_ko_01.pem",
want: lint.Error,
},
{
input: "invalid_cps_uri_ko_02.pem",
want: lint.Error,
},
{
input: "invalid_cps_uri_ko_03.pem",
want: lint.Error,
},
}
for _, testData := range data {
testData := testData
t.Run(testData.input, func(t *testing.T) {
out := test.TestLint("e_invalid_cps_uri", testData.input)
if out.Status != testData.want {
t.Errorf("expected %s, got %s", testData.want, out.Status)
}
})
}
}
109 changes: 109 additions & 0 deletions v3/testdata/invalid_cps_uri_ko_01.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 793070860651290632 (0xb018dbef2d56008)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA
Validity
Not Before: Mar 30 16:57:00 2024 GMT
Not After : Aug 13 16:57:00 2024 GMT
Subject: C = AU, ST = Some State, L = Some Locality, O = Some Company Ltd., CN = example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:ae:30:0d:6a:39:0c:02:14:f6:98:c2:97:6e:
c3:e2:a3:27:f8:e1:48:da:66:17:d7:d4:23:f9:47:
e0:6c:67:ea:a4:7b:54:fa:b2:50:21:86:0b:69:7a:
67:a2:e8:44:05:9d:fc:50:82:cc:91:3d:ef:22:d3:
af:83:aa:90:db:69:89:d4:9c:e3:97:81:cf:c3:59:
d9:c1:64:3c:aa:f3:42:25:3c:ae:3d:2a:48:cd:25:
25:ae:59:d9:79:bb:e6:26:d3:cb:44:fa:21:5b:d5:
e3:89:9b:6f:96:f1:fc:3a:5b:c4:0c:52:89:46:48:
7b:41:4c:84:9f:cf:79:10:05:52:74:9c:e1:12:29:
d7:3b:d8:10:b9:7d:44:73:da:f5:60:ce:1e:54:e9:
b1:1d:7f:4c:ac:2c:23:f3:91:59:12:df:f9:07:a3:
da:be:8e:18:a1:b5:74:60:e2:f9:64:52:30:65:f9:
e8:75:22:21:4d:f6:4f:e2:47:c4:5b:f7:ea:b2:be:
90:3d:9a:13:f3:7e:51:c7:6e:3e:bb:3f:43:9c:c7:
aa:e1:26:11:e6:40:c5:ab:b2:4a:f3:44:36:19:8f:
3d:d6:4a:45:1d:d2:db:03:53:ee:64:16:92:95:6e:
92:ab:19:33:06:d8:ad:4d:a1:1e:39:4d:44:80:3c:
e9:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
EF:A0:F9:31:2D:85:84:CF:39:D0:3A:8C:12:51:59:26:35:CB:C5:91
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:example.org
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
Policy: 1.2.3.4.5
CPS: ftp://www.some-ca.inc/cps

Signature Algorithm: sha256WithRSAEncryption
97:54:ef:06:28:ff:dd:57:18:92:a4:e1:89:56:d5:90:f4:46:
9d:df:f4:67:d4:5f:dd:b5:0c:33:0a:cb:bc:a4:3c:86:3b:0b:
48:61:f0:0b:68:b1:72:ee:2a:55:f1:78:d4:25:10:ef:58:00:
5f:2e:26:a8:76:32:0e:45:31:69:98:79:a7:5d:51:b5:5d:d8:
4b:61:41:ee:02:ce:e6:10:18:cb:88:cd:3a:00:db:27:51:75:
ef:23:b8:61:2b:53:72:a6:fd:95:96:80:c2:3a:87:8a:f2:cf:
a4:c2:56:d2:8f:3d:52:28:a8:ee:11:c2:f4:0f:cb:6f:87:30:
35:8d:bd:0f:a2:3f:25:6b:b3:68:de:46:8d:fa:23:d9:8a:43:
90:a0:6b:97:cf:bb:8a:b5:e4:64:d0:dc:07:3f:e5:46:d0:d5:
79:e7:0f:7b:0c:ac:4c:03:8c:d3:c3:55:14:76:ed:02:a6:e1:
96:58:ab:2c:42:ac:6d:e7:75:04:3f:35:ae:7f:35:a0:5f:e7:
10:df:22:3f:94:eb:a2:9a:1a:a7:75:8d:f8:13:95:c4:a0:bc:
a5:90:ab:8f:af:f5:42:ba:c0:15:47:c8:15:47:d9:98:70:c8:
ff:10:90:1b:68:3d:74:ed:ec:94:14:70:5a:33:ce:1a:d7:ba:
9a:38:0e:d3:dc:9c:83:54:19:5e:bc:95:7e:ed:e6:8e:18:93:
28:c8:b9:77:a5:e5:a9:31:8e:29:9c:b2:8c:e3:d5:29:ce:5f:
5d:1c:b7:f7:00:36:5a:38:e3:99:a0:7c:20:a6:38:dd:6d:5b:
d8:76:e1:03:51:51:d2:7b:3b:01:35:4a:88:76:72:63:61:19:
7e:4e:79:62:7a:c0:e6:0c:a8:9e:3e:cf:15:1a:98:ab:f1:67:
8e:f7:4d:a4:01:b7:72:59:44:ec:e2:2d:d0:be:d0:9e:4f:af:
4f:56:06:90:c8:04:b3:04:cd:00:ca:c9:cb:d3:c4:04:0c:d6:
2e:0b:c7:85:05:31:32:89:70:4e:2f:b9:f1:04:b5:35:1f:0d:
12:0d:8d:fe:3c:1f:c7:bf:10:5d:01:c8:56:27:83:3d:67:ac:
82:e6:40:70:89:8d:c7:d7:5b:e2:3d:95:1d:e4:fa:92:ce:4e:
f7:47:88:e0:b7:10:60:8b:5f:8f:6c:7f:53:56:db:4b:ab:84:
db:d1:42:28:f9:de:35:4d:ad:c7:d7:e8:8c:13:c5:24:51:88:
3e:f3:9d:b3:7a:ba:14:9a:ac:ae:6b:a4:6e:c3:7c:53:18:0d:
b2:9f:17:c7:96:de:56:ef:fd:bd:b8:b7:30:d0:7c:81:28:4c:
12:db:c0:f0:e5:50:83:cb
-----BEGIN CERTIFICATE-----
MIIFKDCCAxCgAwIBAgIICwGNvvLVYAgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE
BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh
MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD
ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzMwMTY1NzAwWhcNMjQwODEzMTY1
NzAwWjBsMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZSBTdGF0ZTEWMBQGA1UE
BxMNU29tZSBMb2NhbGl0eTEaMBgGA1UEChMRU29tZSBDb21wYW55IEx0ZC4xFDAS
BgNVBAMTC2V4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvK4wDWo5DAIU9pjCl27D4qMn+OFI2mYX19Qj+UfgbGfqpHtU+rJQIYYLaXpn
ouhEBZ38UILMkT3vItOvg6qQ22mJ1Jzjl4HPw1nZwWQ8qvNCJTyuPSpIzSUlrlnZ
ebvmJtPLRPohW9XjiZtvlvH8OlvEDFKJRkh7QUyEn895EAVSdJzhEinXO9gQuX1E
c9r1YM4eVOmxHX9MrCwj85FZEt/5B6Pavo4YobV0YOL5ZFIwZfnodSIhTfZP4kfE
W/fqsr6QPZoT835Rx24+uz9DnMeq4SYR5kDFq7JK80Q2GY891kpFHdLbA1PuZBaS
lW6SqxkzBtitTaEeOU1EgDzpIwIDAQABo4G9MIG6MAwGA1UdEwEB/wQCMAAwHQYD
VR0OBBYEFO+g+TEthYTPOdA6jBJRWSY1y8WRMA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwFgYDVR0RBA8wDYILZXhhbXBsZS5v
cmcwRAYDVR0gBD0wOzAIBgZngQwBAgIwLwYEKgMEBTAnMCUGCCsGAQUFBwIBFhlm
dHA6Ly93d3cuc29tZS1jYS5pbmMvY3BzMA0GCSqGSIb3DQEBCwUAA4ICAQCXVO8G
KP/dVxiSpOGJVtWQ9Ead3/Rn1F/dtQwzCsu8pDyGOwtIYfALaLFy7ipV8XjUJRDv
WABfLiaodjIORTFpmHmnXVG1XdhLYUHuAs7mEBjLiM06ANsnUXXvI7hhK1Nypv2V
loDCOoeK8s+kwlbSjz1SKKjuEcL0D8tvhzA1jb0Poj8la7No3kaN+iPZikOQoGuX
z7uKteRk0NwHP+VG0NV55w97DKxMA4zTw1UUdu0CpuGWWKssQqxt53UEPzWufzWg
X+cQ3yI/lOuimhqndY34E5XEoLylkKuPr/VCusAVR8gVR9mYcMj/EJAbaD107eyU
FHBaM84a17qaOA7T3JyDVBlevJV+7eaOGJMoyLl3peWpMY4pnLKM49Upzl9dHLf3
ADZaOOOZoHwgpjjdbVvYduEDUVHSezsBNUqIdnJjYRl+TnliesDmDKiePs8VGpir
8WeO902kAbdyWUTs4i3QvtCeT69PVgaQyASzBM0AysnL08QEDNYuC8eFBTEyiXBO
L7nxBLU1Hw0SDY3+PB/HvxBdAchWJ4M9Z6yC5kBwiY3H11viPZUd5PqSzk73R4jg
txBgi1+PbH9TVttLq4Tb0UIo+d41Ta3H1+iME8UkUYg+852zeroUmqyua6Ruw3xT
GA2ynxfHlt5W7/29uLcw0HyBKEwS28Dw5VCDyw==
-----END CERTIFICATE-----
109 changes: 109 additions & 0 deletions v3/testdata/invalid_cps_uri_ko_02.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1892436556900320617 (0x1a4349059e01c569)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IT, ST = Milano, L = Santa Redegonda, O = Certificati Gratis S.p.A., CN = Certificati Gratis CA
Validity
Not Before: Mar 30 16:57:00 2024 GMT
Not After : Aug 13 16:57:00 2024 GMT
Subject: C = AU, ST = Some State, L = Some Locality, O = Some Company Ltd., CN = example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:ae:30:0d:6a:39:0c:02:14:f6:98:c2:97:6e:
c3:e2:a3:27:f8:e1:48:da:66:17:d7:d4:23:f9:47:
e0:6c:67:ea:a4:7b:54:fa:b2:50:21:86:0b:69:7a:
67:a2:e8:44:05:9d:fc:50:82:cc:91:3d:ef:22:d3:
af:83:aa:90:db:69:89:d4:9c:e3:97:81:cf:c3:59:
d9:c1:64:3c:aa:f3:42:25:3c:ae:3d:2a:48:cd:25:
25:ae:59:d9:79:bb:e6:26:d3:cb:44:fa:21:5b:d5:
e3:89:9b:6f:96:f1:fc:3a:5b:c4:0c:52:89:46:48:
7b:41:4c:84:9f:cf:79:10:05:52:74:9c:e1:12:29:
d7:3b:d8:10:b9:7d:44:73:da:f5:60:ce:1e:54:e9:
b1:1d:7f:4c:ac:2c:23:f3:91:59:12:df:f9:07:a3:
da:be:8e:18:a1:b5:74:60:e2:f9:64:52:30:65:f9:
e8:75:22:21:4d:f6:4f:e2:47:c4:5b:f7:ea:b2:be:
90:3d:9a:13:f3:7e:51:c7:6e:3e:bb:3f:43:9c:c7:
aa:e1:26:11:e6:40:c5:ab:b2:4a:f3:44:36:19:8f:
3d:d6:4a:45:1d:d2:db:03:53:ee:64:16:92:95:6e:
92:ab:19:33:06:d8:ad:4d:a1:1e:39:4d:44:80:3c:
e9:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
EF:A0:F9:31:2D:85:84:CF:39:D0:3A:8C:12:51:59:26:35:CB:C5:91
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:example.org
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
Policy: 1.2.3.4.5
CPS: www.some-ca.inc

Signature Algorithm: sha256WithRSAEncryption
16:57:14:9b:a6:7b:51:88:49:42:81:dc:ae:c0:13:ff:5e:55:
cf:24:5b:c8:00:68:dc:ac:7f:23:db:e5:24:bd:da:93:71:70:
c1:4a:7c:22:09:61:51:da:07:52:b7:5c:e8:0f:9e:30:6f:8e:
5e:33:0b:a2:75:2a:14:85:80:a9:72:5d:ba:c0:31:31:4f:b7:
56:ae:37:0a:9b:79:e5:34:5a:24:44:c6:c0:6f:b8:39:de:96:
69:43:f3:e9:69:c0:eb:5a:f3:c3:2b:7a:03:8b:d4:06:c6:a7:
de:09:00:c5:85:12:0f:6b:bb:1d:96:c7:e2:7a:17:56:17:dd:
c5:25:2c:41:3c:cb:d9:77:b6:fc:81:5b:d3:16:d1:c7:6b:8a:
bc:0e:5a:30:74:33:12:dd:ff:40:a4:83:2a:83:58:72:41:84:
19:87:f9:5c:3a:1d:c7:79:ca:5f:2c:ec:60:f3:a2:64:33:f4:
87:d8:f9:54:ba:28:7f:69:e7:2f:f7:40:04:90:86:21:3c:68:
0e:ee:c9:b2:ce:47:d7:2c:8a:90:65:83:70:59:53:fd:8a:df:
f7:2c:91:c2:06:be:ed:9b:89:65:47:32:ec:ec:70:c1:5c:7f:
ee:24:ea:ec:a7:b5:6f:28:b0:11:5f:47:e7:f5:ce:82:63:36:
6b:7a:74:53:00:e3:72:2c:1d:9e:4e:e7:27:54:59:1d:43:61:
36:53:bc:ba:7c:d4:d4:db:af:bd:4e:1c:a2:de:98:f0:a9:48:
75:73:1d:2a:cd:ea:12:b0:a9:dd:25:01:f7:e4:3c:15:8c:cb:
53:ff:d1:33:b8:a0:4d:fa:c7:c3:d8:b9:6d:e3:df:62:77:6e:
89:7b:17:c4:bc:96:3f:ed:25:72:f2:7b:66:04:49:da:91:a9:
73:ca:50:9b:ad:e2:46:ef:dd:7f:7a:14:55:df:ad:c5:55:f9:
f8:77:a7:1c:09:d7:42:ff:28:ef:c6:5b:e0:b5:f0:80:d8:ac:
09:45:1c:eb:a0:e5:69:07:de:ef:6d:b3:0d:6b:5d:e8:ea:d3:
9b:b3:98:70:45:fd:8f:5b:53:14:c0:e6:0b:57:5f:9a:37:14:
69:e2:10:8f:ab:59:3f:b7:54:51:4f:03:6c:1d:ce:54:40:2a:
be:f2:b5:f6:c8:25:b4:70:be:f7:44:4d:ed:03:ab:c3:98:59:
87:2a:41:be:5a:1b:d6:0d:40:11:64:ef:0f:13:37:fe:49:c3:
c7:df:f8:2d:e5:5a:6b:b4:e7:d2:52:1f:57:75:04:f9:0c:09:
5a:b4:e6:8f:be:74:5f:24:9b:bd:92:4c:ee:3d:96:1d:a1:fa:
f2:51:42:4e:bc:a3:a8:c3
-----BEGIN CERTIFICATE-----
MIIFHjCCAwagAwIBAgIIGkNJBZ4BxWkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE
BhMCSVQxDzANBgNVBAgTBk1pbGFubzEYMBYGA1UEBxMPU2FudGEgUmVkZWdvbmRh
MSIwIAYDVQQKExlDZXJ0aWZpY2F0aSBHcmF0aXMgUy5wLkEuMR4wHAYDVQQDExVD
ZXJ0aWZpY2F0aSBHcmF0aXMgQ0EwHhcNMjQwMzMwMTY1NzAwWhcNMjQwODEzMTY1
NzAwWjBsMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZSBTdGF0ZTEWMBQGA1UE
BxMNU29tZSBMb2NhbGl0eTEaMBgGA1UEChMRU29tZSBDb21wYW55IEx0ZC4xFDAS
BgNVBAMTC2V4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvK4wDWo5DAIU9pjCl27D4qMn+OFI2mYX19Qj+UfgbGfqpHtU+rJQIYYLaXpn
ouhEBZ38UILMkT3vItOvg6qQ22mJ1Jzjl4HPw1nZwWQ8qvNCJTyuPSpIzSUlrlnZ
ebvmJtPLRPohW9XjiZtvlvH8OlvEDFKJRkh7QUyEn895EAVSdJzhEinXO9gQuX1E
c9r1YM4eVOmxHX9MrCwj85FZEt/5B6Pavo4YobV0YOL5ZFIwZfnodSIhTfZP4kfE
W/fqsr6QPZoT835Rx24+uz9DnMeq4SYR5kDFq7JK80Q2GY891kpFHdLbA1PuZBaS
lW6SqxkzBtitTaEeOU1EgDzpIwIDAQABo4GzMIGwMAwGA1UdEwEB/wQCMAAwHQYD
VR0OBBYEFO+g+TEthYTPOdA6jBJRWSY1y8WRMA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwFgYDVR0RBA8wDYILZXhhbXBsZS5v
cmcwOgYDVR0gBDMwMTAIBgZngQwBAgIwJQYEKgMEBTAdMBsGCCsGAQUFBwIBFg93
d3cuc29tZS1jYS5pbmMwDQYJKoZIhvcNAQELBQADggIBABZXFJume1GISUKB3K7A
E/9eVc8kW8gAaNysfyPb5SS92pNxcMFKfCIJYVHaB1K3XOgPnjBvjl4zC6J1KhSF
gKlyXbrAMTFPt1auNwqbeeU0WiRExsBvuDnelmlD8+lpwOta88MregOL1AbGp94J
AMWFEg9rux2Wx+J6F1YX3cUlLEE8y9l3tvyBW9MW0cdrirwOWjB0MxLd/0CkgyqD
WHJBhBmH+Vw6Hcd5yl8s7GDzomQz9IfY+VS6KH9p5y/3QASQhiE8aA7uybLOR9cs
ipBlg3BZU/2K3/cskcIGvu2biWVHMuzscMFcf+4k6uyntW8osBFfR+f1zoJjNmt6
dFMA43IsHZ5O5ydUWR1DYTZTvLp81NTbr71OHKLemPCpSHVzHSrN6hKwqd0lAffk
PBWMy1P/0TO4oE36x8PYuW3j32J3bol7F8S8lj/tJXLye2YESdqRqXPKUJut4kbv
3X96FFXfrcVV+fh3pxwJ10L/KO/GW+C18IDYrAlFHOug5WkH3u9tsw1rXejq05uz
mHBF/Y9bUxTA5gtXX5o3FGniEI+rWT+3VFFPA2wdzlRAKr7ytfbIJbRwvvdETe0D
q8OYWYcqQb5aG9YNQBFk7w8TN/5Jw8ff+C3lWmu059JSH1d1BPkMCVq05o++dF8k
m72STO49lh2h+vJRQk68o6jD
-----END CERTIFICATE-----
Loading

0 comments on commit 63e3f86

Please sign in to comment.