From 58e83d8f66e8071d777a295f8015773426503b9c Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Mon, 27 Apr 2020 08:14:54 -0700 Subject: [PATCH] tempfork/x509: moved to tailscale/go's crypto/x509 instead --- tempfork/x509/cert_pool.go | 227 -- tempfork/x509/certs.pem | 4293 ------------------------ tempfork/x509/example_test.go | 137 - tempfork/x509/name_constraints_test.go | 2195 ------------ tempfork/x509/pem_decrypt.go | 240 -- tempfork/x509/pem_decrypt_test.go | 249 -- tempfork/x509/pkcs1.go | 173 - tempfork/x509/pkcs8.go | 136 - tempfork/x509/pkcs8_test.go | 140 - tempfork/x509/pool_darwin_arm64.go | 34 - tempfork/x509/root.go | 25 - tempfork/x509/root_aix.go | 10 - tempfork/x509/root_bsd.go | 15 - tempfork/x509/root_cgo_darwin.go | 322 -- tempfork/x509/root_darwin.go | 288 -- tempfork/x509/root_darwin_arm64.go | 176 - tempfork/x509/root_darwin_arm_gen.go | 109 - tempfork/x509/root_darwin_test.go | 131 - tempfork/x509/root_js.go | 10 - tempfork/x509/root_linux.go | 15 - tempfork/x509/root_nocgo_darwin.go | 11 - tempfork/x509/root_plan9.go | 40 - tempfork/x509/root_solaris.go | 12 - tempfork/x509/root_unix.go | 92 - tempfork/x509/root_unix_test.go | 208 -- tempfork/x509/root_windows.go | 290 -- tempfork/x509/sec1.go | 123 - tempfork/x509/sec1_test.go | 66 - tempfork/x509/test-file.crt | 32 - tempfork/x509/testdata/test-dir.crt | 31 - tempfork/x509/verify.go | 1112 ------ tempfork/x509/verify_test.go | 2126 ------------ tempfork/x509/x509.go | 2828 ---------------- tempfork/x509/x509_test.go | 2664 --------------- tempfork/x509/x509_test_import.go | 56 - 35 files changed, 18616 deletions(-) delete mode 100644 tempfork/x509/cert_pool.go delete mode 100644 tempfork/x509/certs.pem delete mode 100644 tempfork/x509/example_test.go delete mode 100644 tempfork/x509/name_constraints_test.go delete mode 100644 tempfork/x509/pem_decrypt.go delete mode 100644 tempfork/x509/pem_decrypt_test.go delete mode 100644 tempfork/x509/pkcs1.go delete mode 100644 tempfork/x509/pkcs8.go delete mode 100644 tempfork/x509/pkcs8_test.go delete mode 100644 tempfork/x509/pool_darwin_arm64.go delete mode 100644 tempfork/x509/root.go delete mode 100644 tempfork/x509/root_aix.go delete mode 100644 tempfork/x509/root_bsd.go delete mode 100644 tempfork/x509/root_cgo_darwin.go delete mode 100644 tempfork/x509/root_darwin.go delete mode 100644 tempfork/x509/root_darwin_arm64.go delete mode 100644 tempfork/x509/root_darwin_arm_gen.go delete mode 100644 tempfork/x509/root_darwin_test.go delete mode 100644 tempfork/x509/root_js.go delete mode 100644 tempfork/x509/root_linux.go delete mode 100644 tempfork/x509/root_nocgo_darwin.go delete mode 100644 tempfork/x509/root_plan9.go delete mode 100644 tempfork/x509/root_solaris.go delete mode 100644 tempfork/x509/root_unix.go delete mode 100644 tempfork/x509/root_unix_test.go delete mode 100644 tempfork/x509/root_windows.go delete mode 100644 tempfork/x509/sec1.go delete mode 100644 tempfork/x509/sec1_test.go delete mode 100644 tempfork/x509/test-file.crt delete mode 100644 tempfork/x509/testdata/test-dir.crt delete mode 100644 tempfork/x509/verify.go delete mode 100644 tempfork/x509/verify_test.go delete mode 100644 tempfork/x509/x509.go delete mode 100644 tempfork/x509/x509_test.go delete mode 100644 tempfork/x509/x509_test_import.go diff --git a/tempfork/x509/cert_pool.go b/tempfork/x509/cert_pool.go deleted file mode 100644 index 89416800c..000000000 --- a/tempfork/x509/cert_pool.go +++ /dev/null @@ -1,227 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "crypto/sha256" - "encoding/pem" - "errors" - "runtime" - "sync" -) - -type sum224 [sha256.Size224]byte - -// CertPool is a set of certificates. -type CertPool struct { - bySubjectKeyId map[string][]int // cert.SubjectKeyId => getCert index(es) - byName map[string][]int // cert.RawSubject => getCert index(es) - - // haveSum maps from sum224(cert.Raw) to true. It's used only - // for AddCert duplicate detection, to avoid CertPool.contains - // calls in the AddCert path (because the contains method can - // call getCert and otherwise negate savings from lazy getCert - // funcs). - haveSum map[sum224]bool - - // getCert contains funcs that return the certificates. - getCert []func() (*Certificate, error) - - // rawSubjects is each cert's RawSubject field. - // Its indexes correspond to the getCert indexes. - rawSubjects [][]byte -} - -// NewCertPool returns a new, empty CertPool. -func NewCertPool() *CertPool { - return &CertPool{ - bySubjectKeyId: make(map[string][]int), - byName: make(map[string][]int), - haveSum: make(map[sum224]bool), - } -} - -// len returns the number of certs in the set. -// A nil set is a valid empty set. -func (s *CertPool) len() int { - if s == nil { - return 0 - } - return len(s.getCert) -} - -// cert returns cert index n in s. -func (s *CertPool) cert(n int) (*Certificate, error) { - return s.getCert[n]() -} - -func (s *CertPool) copy() *CertPool { - p := &CertPool{ - bySubjectKeyId: make(map[string][]int, len(s.bySubjectKeyId)), - byName: make(map[string][]int, len(s.byName)), - haveSum: make(map[sum224]bool, len(s.haveSum)), - getCert: make([]func() (*Certificate, error), len(s.getCert)), - rawSubjects: make([][]byte, len(s.rawSubjects)), - } - for k, v := range s.bySubjectKeyId { - indexes := make([]int, len(v)) - copy(indexes, v) - p.bySubjectKeyId[k] = indexes - } - for k, v := range s.byName { - indexes := make([]int, len(v)) - copy(indexes, v) - p.byName[k] = indexes - } - for k := range s.haveSum { - p.haveSum[k] = true - } - copy(p.getCert, s.getCert) - copy(p.rawSubjects, s.rawSubjects) - return p -} - -// SystemCertPool returns a copy of the system cert pool. -// -// Any mutations to the returned pool are not written to disk and do -// not affect any other pool returned by SystemCertPool. -// -// New changes in the system cert pool might not be reflected -// in subsequent calls. -func SystemCertPool() (*CertPool, error) { - if runtime.GOOS == "windows" { - // Issue 16736, 18609: - return nil, errors.New("crypto/x509: system root pool is not available on Windows") - } - - if sysRoots := systemRootsPool(); sysRoots != nil { - return sysRoots.copy(), nil - } - - return loadSystemRoots() -} - -// findPotentialParents returns the indexes of certificates in s which might -// have signed cert. The caller must not modify the returned slice. -func (s *CertPool) findPotentialParents(cert *Certificate) []int { - if s == nil { - return nil - } - - var candidates []int - if len(cert.AuthorityKeyId) > 0 { - candidates = s.bySubjectKeyId[string(cert.AuthorityKeyId)] - } - if len(candidates) == 0 { - candidates = s.byName[string(cert.RawIssuer)] - } - return candidates -} - -func (s *CertPool) contains(cert *Certificate) (bool, error) { - if s == nil { - return false, nil - } - candidates := s.byName[string(cert.RawSubject)] - for _, i := range candidates { - c, err := s.cert(i) - if err != nil { - return false, err - } - if c.Equal(cert) { - return true, nil - } - } - - return false, nil -} - -// AddCert adds a certificate to a pool. -func (s *CertPool) AddCert(cert *Certificate) { - if cert == nil { - panic("adding nil Certificate to CertPool") - } - s.AddCertFunc(sha256.Sum224(cert.Raw), string(cert.RawSubject), string(cert.SubjectKeyId), func() (*Certificate, error) { - return cert, nil - }) -} - -// AddCertFunc adds metadata about a certificate to a pool, along with -// a func to fetch that certificate later when needed. -// -// The rawSubject is Certificate.RawSubject and must be non-empty. -// The subjectKeyID is Certificate.SubjectKeyId and may be empty. -// The getCert func may be called 0 or more times. -func (s *CertPool) AddCertFunc(rawSum224 sum224, rawSubject, subjectKeyID string, getCert func() (*Certificate, error)) { - // Check that the certificate isn't being added twice. - if s.haveSum[rawSum224] { - return - } - s.haveSum[rawSum224] = true - s.addCertFuncNotDup(rawSubject, subjectKeyID, getCert) -} - -func (s *CertPool) addCertFuncNotDup(rawSubject, subjectKeyID string, getCert func() (*Certificate, error)) { - if getCert == nil { - panic("getCert can't be nil") - } - n := len(s.getCert) - s.getCert = append(s.getCert, getCert) - - if subjectKeyID != "" { - s.bySubjectKeyId[subjectKeyID] = append(s.bySubjectKeyId[subjectKeyID], n) - } - s.byName[rawSubject] = append(s.byName[rawSubject], n) - s.rawSubjects = append(s.rawSubjects, []byte(rawSubject)) -} - -// AppendCertsFromPEM attempts to parse a series of PEM encoded certificates. -// It appends any certificates found to s and reports whether any certificates -// were successfully parsed. -// -// On many Linux systems, /etc/ssl/cert.pem will contain the system wide set -// of root CAs in a format suitable for this function. -func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool) { - for len(pemCerts) > 0 { - var block *pem.Block - block, pemCerts = pem.Decode(pemCerts) - if block == nil { - break - } - if block.Type != "CERTIFICATE" || len(block.Headers) != 0 { - continue - } - - certBytes := block.Bytes - cert, err := ParseCertificate(certBytes) - if err != nil { - continue - } - var lazyCert struct { - sync.Once - v *Certificate - } - s.AddCertFunc(sha256.Sum224(cert.Raw), string(cert.RawSubject), string(cert.SubjectKeyId), func() (*Certificate, error) { - lazyCert.Do(func() { - // This can't fail, as the same bytes already parsed above. - lazyCert.v, _ = ParseCertificate(certBytes) - certBytes = nil - }) - return lazyCert.v, nil - }) - ok = true - } - return ok -} - -// Subjects returns a list of the DER-encoded subjects of -// all of the certificates in the pool. -func (s *CertPool) Subjects() [][]byte { - res := make([][]byte, s.len()) - for i, s := range s.rawSubjects { - res[i] = s - } - return res -} diff --git a/tempfork/x509/certs.pem b/tempfork/x509/certs.pem deleted file mode 100644 index f5f2739fb..000000000 --- a/tempfork/x509/certs.pem +++ /dev/null @@ -1,4293 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE -BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w -MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 -IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC -SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 -ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv -UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX -4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 -KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ -gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb -rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ -51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F -be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe -KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F -v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn -fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 -jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz -ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt -ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL -e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 -jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz -WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V -SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j -pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX -X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok -fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R -K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU -ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU -LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT -LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU -MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 -b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw -MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD -VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul -CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n -tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl -dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch -PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC -+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O -BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E -BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl -MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk -ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB -IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X -7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz -43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY -eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl -pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA -WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU -MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs -IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 -MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux -FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h -bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt -H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 -uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX -mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX -a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN -E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 -WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD -VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 -Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU -cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx -IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN -AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH -YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 -6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC -Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX -c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a -mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFVTCCBD2gAwIBAgIEO/OB0DANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJj -aDEOMAwGA1UEChMFYWRtaW4xETAPBgNVBAsTCFNlcnZpY2VzMSIwIAYDVQQLExlD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRYwFAYDVQQDEw1BZG1pbi1Sb290LUNB -MB4XDTAxMTExNTA4NTEwN1oXDTIxMTExMDA3NTEwN1owbDELMAkGA1UEBhMCY2gx -DjAMBgNVBAoTBWFkbWluMREwDwYDVQQLEwhTZXJ2aWNlczEiMCAGA1UECxMZQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdGllczEWMBQGA1UEAxMNQWRtaW4tUm9vdC1DQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvgr0QUIv5qF0nyXZ3PXAJi -C4C5Wr+oVTN7oxIkXkxvO0GJToM9n7OVJjSmzBL0zJ2HXj0MDRcvhSY+KiZZc6Go -vDvr5Ua481l7ILFeQAFtumeza+vvxeL5Nd0Maga2miiacLNAKXbAcUYRa0Ov5VZB -++YcOYNNt/aisWbJqA2y8He+NsEgJzK5zNdayvYXQTZN+7tVgWOck16Da3+4FXdy -fH1NCWtZlebtMKtERtkVAaVbiWW24CjZKAiVfggjsiLo3yVMPGj3budLx5D9hEEm -vlyDOtcjebca+AcZglppWMX/iHIrx7740y0zd6cWEqiLIcZCrnpkr/KzwO135GkC -AwEAAaOCAf0wggH5MA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIASBkTCBjjCBiwYI -YIV0AREDAQAwfzArBggrBgEFBQcCAjAfGh1UaGlzIGlzIHRoZSBBZG1pbi1Sb290 -LUNBIENQUzBQBggrBgEFBQcCARZEaHR0cDovL3d3dy5pbmZvcm1hdGlrLmFkbWlu -LmNoL1BLSS9saW5rcy9DUFNfMl8xNl83NTZfMV8xN18zXzFfMC5wZGYwfwYDVR0f -BHgwdjB0oHKgcKRuMGwxFjAUBgNVBAMTDUFkbWluLVJvb3QtQ0ExIjAgBgNVBAsT -GUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxETAPBgNVBAsTCFNlcnZpY2VzMQ4w -DAYDVQQKEwVhZG1pbjELMAkGA1UEBhMCY2gwHQYDVR0OBBYEFIKf+iNzIPGXi7JM -Tb5CxX9mzWToMIGZBgNVHSMEgZEwgY6AFIKf+iNzIPGXi7JMTb5CxX9mzWTooXCk -bjBsMQswCQYDVQQGEwJjaDEOMAwGA1UEChMFYWRtaW4xETAPBgNVBAsTCFNlcnZp -Y2VzMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRYwFAYDVQQD -Ew1BZG1pbi1Sb290LUNBggQ784HQMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B -AQUFAAOCAQEAeE96XCYRpy6umkPKXDWCRn7INo96ZrWpMggcDORuofHIwdTkgOeM -vWOxDN/yuT7CC3FAaUajbPRbDw0hRMcqKz0aC8CgwcyIyhw/rFK29mfNTG3EviP9 -QSsEbnelFnjpm1wjz4EaBiFjatwpUbI6+Zv3XbEt9QQXBn+c6DeFLe4xvC4B+MTr -a440xTk59pSYux8OHhEvqIwHCkiijGqZhTS3KmGFeBopaR+dJVBRBMoXwzk4B3Hn -0Zib1dEYFZa84vPJZyvxCbLOnPRDJgH6V2uQqbG+6DXVaf/wORVOvF/wzzv0viM/ -RWbEtJZdvo8N3sdtCULzifnxP/V0T9+4ZQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz -dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL -MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp -cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP -Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr -ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL -MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 -yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr -VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ -nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ -KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG -XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj -vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt -Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g -N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC -nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz -dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL -MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp -cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y -YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua -kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL -QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp -6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG -yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i -QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ -KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO -tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu -QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ -Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u -olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 -x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC -VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ -cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ -BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt -VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D -0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 -ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G -A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G -A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs -aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I -flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz -dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG -A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U -cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf -qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ -JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ -+jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS -s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 -HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 -70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG -V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S -qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S -5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia -C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX -OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE -FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 -KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg -Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B -8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ -MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc -0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ -u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF -u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH -YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 -GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO -RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e -KeC2uAloGRwYQw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIIGDCCBgCgAwIBAgIGAT8vMXfmMA0GCSqGSIb3DQEBCwUAMIIBCjELMAkGA1UE -BhMCRVMxEjAQBgNVBAgMCUJhcmNlbG9uYTFYMFYGA1UEBwxPQmFyY2Vsb25hIChz -ZWUgY3VycmVudCBhZGRyZXNzIGF0IGh0dHA6Ly93d3cuYW5mLmVzL2VzL2FkZHJl -c3MtZGlyZWNjaW9uLmh0bWwgKTEnMCUGA1UECgweQU5GIEF1dG9yaWRhZCBkZSBD -ZXJ0aWZpY2FjaW9uMRcwFQYDVQQLDA5BTkYgQ2xhc2UgMSBDQTEaMBgGCSqGSIb3 -DQEJARYLaW5mb0BhbmYuZXMxEjAQBgNVBAUTCUc2MzI4NzUxMDEbMBkGA1UEAwwS -QU5GIEdsb2JhbCBSb290IENBMB4XDTEzMDYxMDE3NDUzOFoXDTMzMDYwNTE3NDUz -OFowggEKMQswCQYDVQQGEwJFUzESMBAGA1UECAwJQmFyY2Vsb25hMVgwVgYDVQQH -DE9CYXJjZWxvbmEgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgaHR0cDovL3d3dy5h -bmYuZXMvZXMvYWRkcmVzcy1kaXJlY2Npb24uaHRtbCApMScwJQYDVQQKDB5BTkYg -QXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24xFzAVBgNVBAsMDkFORiBDbGFzZSAx -IENBMRowGAYJKoZIhvcNAQkBFgtpbmZvQGFuZi5lczESMBAGA1UEBRMJRzYzMjg3 -NTEwMRswGQYDVQQDDBJBTkYgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDHPi9xy4wynbcUbWjorVUgQKeUAVh937J7P37XmsfH -ZLOBZKIIlhhCtRwnDlg7x+BUvtJOTkIbEGMujDygUQ2s3HDYr5I41hTyM2Pl0cq2 -EuSGEbPIHb3dEX8NAguFexM0jqNjrreN3hM2/+TOkAxSdDJP2aMurlySC5zwl47K -ZLHtcVrkZnkDa0o5iN24hJT4vBDT4t2q9khQ+qb1D8KgCOb02r1PxWXu3vfd6Ha2 -mkdB97iGuEh5gO2n4yOmFS5goFlVA2UdPbbhJsb8oKVKDd+YdCKGQDCkQyG4AjmC -YiNm3UPG/qtftTH5cWri67DlLtm6fyUFOMmO6NSh0RtR745pL8GyWJUanyq/Q4bF -HQB21E+WtTsCaqjGaoFcrBunMypmCd+jUZXl27TYENRFbrwNdAh7m2UztcIyb+Sg -VJFyfvVsBQNvnp7GPimVxXZNc4VpxEXObRuPWQN1oZN/90PcZVqTia/SHzEyTryL -ckhiLG3jZiaFZ7pTZ5I9wti9Pn+4kOHvE3Y/4nEnUo4mTxPX9pOlinF+VCiybtV2 -u1KSlc+YaIM7VmuyndDZCJRXm3v0/qTE7t5A5fArZl9lvibigMbWB8fpD+c1GpGH -Eo8NRY0lkaM+DkIqQoaziIsz3IKJrfdKaq9bQMSlIfameKBZ8fNYTBZrH9KZAIhz -YwIDAQABo4IBfjCCAXowHQYDVR0OBBYEFIf6nt9SdnXsSUogb1twlo+d77sXMB8G -A1UdIwQYMBaAFIf6nt9SdnXsSUogb1twlo+d77sXMA8GA1UdEwEB/wQFMAMBAf8w -DgYDVR0PAQH/BAQDAgEGMIIBFQYDVR0RBIIBDDCCAQiCEWh0dHA6Ly93d3cuYW5m -LmVzgQtpbmZvQGFuZi5lc6SB5TCB4jE0MDIGA1UECQwrR3JhbiBWaWEgZGUgbGVz -IENvcnRzIENhdGFsYW5lcy4gOTk2LiAwODAxODESMBAGA1UEBwwJQmFyY2Vsb25h -MScwJQYDVQQKDB5BTkYgQXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24xEjAQBgNV -BAUTCUc2MzI4NzUxMDFZMFcGA1UECwxQSW5zY3JpdGEgZW4gZWwgTWluaXN0ZXJp -byBkZWwgSW50ZXJpb3IgZGUgRXNwYcOxYSBjb24gZWwgbnVtZXJvIG5hY2lvbmFs -IDE3MS40NDMwDQYJKoZIhvcNAQELBQADggIBAIgR9tFTZ9BCYg+HViMxOfF0MHN2 -Pe/eC128ARdS+GH8A4thtbqiH/SOYbWofO/0zssHhNKa5iQEj45lCAb8BANpWJMD -nWkPr6jq2+50a6d0MMgSS2l1rvjSF+3nIrEuicshHXSTi3q/vBLKr7uGKMVFaM68 -XAropIwk6ndlA0JseARSPsbetv7ALESMIZAxlHV1TcctYHd0bB3c/Jz+PLszJQqs -Cg/kBPo2D111OXZkIY8W/fJuG9veR783khAK2gUnC0zLLCNsYzEbdGt8zUmBsAsM -cGxqGm6B6vDXd65OxWqw13xdq/24+5R8Ng1PF9tvfjZkUFBF30CxjWur7P90WiKI -G7IGfr6BE1NgXlhEQQu4F+HizB1ypEPzGWltecXQ4yOzO+H0WfFTjLTYX6VSveyW -DQV18ixF8M4tHP/SwNE+yyv2b2JJ3/3RpxjtFlLk+opJ574x0gD/dMJuWTH0JqVY -3PbRfE1jIxFpk164Qz/Xp7H7w7f6xh+tQCkBs3PUYmnGIZcPwq44Q6JHlCNsKx4K -hxfggTvRCk4w79cUID45c2qDsRCqTPoOo/cbOpcfVhbH9LdMORpmuLwNogRZEUSE -fWpqR9q+0kcQf4zGSWIURIyDrogdpDgoHDxktqgMgc+qA4ZE2WQl1D8hmev53A46 -lUSrWUiWfDXtK3ux ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFkjCCA3qgAwIBAgIIAeDltYNno+AwDQYJKoZIhvcNAQEMBQAwZzEbMBkGA1UE -AwwSQXBwbGUgUm9vdCBDQSAtIEcyMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMw -HhcNMTQwNDMwMTgxMDA5WhcNMzkwNDMwMTgxMDA5WjBnMRswGQYDVQQDDBJBcHBs -ZSBSb290IENBIC0gRzIxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCAiIwDQYJ -KoZIhvcNAQEBBQADggIPADCCAgoCggIBANgREkhI2imKScUcx+xuM23+TfvgHN6s -XuI2pyT5f1BrTM65MFQn5bPW7SXmMLYFN14UIhHF6Kob0vuy0gmVOKTvKkmMXT5x -ZgM4+xb1hYjkWpIMBDLyyED7Ul+f9sDx47pFoFDVEovy3d6RhiPw9bZyLgHaC/Yu -OQhfGaFjQQscp5TBhsRTL3b2CtcM0YM/GlMZ81fVJ3/8E7j4ko380yhDPLVoACVd -J2LT3VXdRCCQgzWTxb+4Gftr49wIQuavbfqeQMpOhYV4SbHXw8EwOTKrfl+q04tv -ny0aIWhwZ7Oj8ZhBbZF8+NfbqOdfIRqMM78xdLe40fTgIvS/cjTf94FNcX1RoeKz -8NMoFnNvzcytN31O661A4T+B/fc9Cj6i8b0xlilZ3MIZgIxbdMYs0xBTJh0UT8TU -gWY8h2czJxQI6bR3hDRSj4n4aJgXv8O7qhOTH11UL6jHfPsNFL4VPSQ08prcdUFm -IrQB1guvkJ4M6mL4m1k8COKWNORj3rw31OsMiANDC1CvoDTdUE0V+1ok2Az6DGOe -HwOx4e7hqkP0ZmUoNwIx7wHHHtHMn23KVDpA287PT0aLSmWaasZobNfMmRtHsHLD -d4/E92GcdB/O/WuhwpyUgquUoue9G7q5cDmVF8Up8zlYNPXEpMZ7YLlmQ1A/bmH8 -DvmGqmAMQ0uVAgMBAAGjQjBAMB0GA1UdDgQWBBTEmRNsGAPCe8CjoA1/coB6HHcm -jTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQwF -AAOCAgEAUabz4vS4PZO/Lc4Pu1vhVRROTtHlznldgX/+tvCHM/jvlOV+3Gp5pxy+ -8JS3ptEwnMgNCnWefZKVfhidfsJxaXwU6s+DDuQUQp50DhDNqxq6EWGBeNjxtUVA -eKuowM77fWM3aPbn+6/Gw0vsHzYmE1SGlHKy6gLti23kDKaQwFd1z4xCfVzmMX3z -ybKSaUYOiPjjLUKyOKimGY3xn83uamW8GrAlvacp/fQ+onVJv57byfenHmOZ4VxG -/5IFjPoeIPmGlFYl5bRXOJ3riGQUIUkhOb9iZqmxospvPyFgxYnURTbImHy99v6Z -SYA7LNKmp4gDBDEZt7Y6YUX6yfIjyGNzv1aJMbDZfGKnexWoiIqrOEDCzBL/FePw -N983csvMmOa/orz6JopxVtfnJBtIRD6e/J/JzBrsQzwBvDR4yGn1xuZW7AYJNpDr -FEobXsmII9oDMJELuDY++ee1KG++P+w8j2Ud5cAeh6Squpj9kuNsJnfdBrRkBof0 -Tta6SqoWqPQFZ2aWuuJVecMsXUmPgEkrihLHdoBR37q9ZV0+N0djMenl9MU/S60E -inpxLK8JQzcPqOMyT/RFtm2XNuyE9QoB6he7hY1Ck3DDUOUUi78/w0EP3SIEIwiK -um1xRKtzCTrJ+VKACd+66eYWyi4uTLLT3OUEVLLUNIAytbwPF+E= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICQzCCAcmgAwIBAgIILcX8iNLFS5UwCgYIKoZIzj0EAwMwZzEbMBkGA1UEAwwS -QXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9u -IEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcN -MTQwNDMwMTgxOTA2WhcNMzkwNDMwMTgxOTA2WjBnMRswGQYDVQQDDBJBcHBsZSBS -b290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9y -aXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzB2MBAGByqGSM49 -AgEGBSuBBAAiA2IABJjpLz1AcqTtkyJygRMc3RCV8cWjTnHcFBbZDuWmBSp3ZHtf -TjjTuxxEtX/1H7YyYl3J6YRbTzBPEVoA/VhYDKX1DyxNB0cTddqXl5dvMVztK517 -IDvYuVTZXpmkOlEKMaNCMEAwHQYDVR0OBBYEFLuw3qFYM4iapIqZ3r6966/ayySr -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gA -MGUCMQCD6cHEFl4aXTQY2e3v9GwOAEZLuN+yRhHFD/3meoyhpmvOwgPUnPWTxnS4 -at+qIxUCMG1mihDK1A3UT82NQz60imOlM27jbdoXt2QfyFMm+YhidDkLF1vLUagM -6BgD56KyKA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEuzCCA6OgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzET -MBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMDYwNDI1MjE0 -MDM2WhcNMzUwMjA5MjE0MDM2WjBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBw -bGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx -FjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDkkakJH5HbHkdQ6wXtXnmELes2oldMVeyLGYne+Uts9QerIjAC6Bg+ -+FAJ039BqJj50cpmnCRrEdCju+QbKsMflZ56DKRHi1vUFjczy8QPTc4UadHJGXL1 -XQ7Vf1+b8iUDulWPTV0N8WQ1IxVLFVkds5T39pyez1C6wVhQZ48ItCD3y6wsIG9w -tj8BMIy3Q88PnT3zK0koGsj+zrW5DtleHNbLPbU6rfQPDgCSC7EhFi501TwN22IW -q6NxkkdTVcGvL0Gz+PvjcM3mo0xFfh9Ma1CWQYnEdGILEINBhzOKgbEwWOxaBDKM -aLOPHd5lc/9nXmW8Sdh2nzMUZaF3lMktAgMBAAGjggF6MIIBdjAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUK9BpR5R2Cf70a40uQKb3 -R01/CF4wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/CF4wggERBgNVHSAE -ggEIMIIBBDCCAQAGCSqGSIb3Y2QFATCB8jAqBggrBgEFBQcCARYeaHR0cHM6Ly93 -d3cuYXBwbGUuY29tL2FwcGxlY2EvMIHDBggrBgEFBQcCAjCBthqBs1JlbGlhbmNl -IG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0 -YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBj -b25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZp -Y2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMA0GCSqGSIb3DQEBBQUAA4IBAQBc -NplMLXi37Yyb3PN3m/J20ncwT8EfhYOFG5k9RzfyqZtAjizUsZAS2L70c5vu0mQP -y3lPNNiiPvl4/2vIB+x9OYOLUyDTOMSxv5pPCmv/K/xZpwUJfBdAVhEedNO3iyM7 -R6PVbyTi69G3cN8PReEnyvFteO3ntRcXqNx+IjXKJdXZD9Zr1KIkIxH3oayPc4Fg -xhtbCS+SsvhESPBgOJ4V9T0mZyCKM2r3DYLP3uujL/lTaltkwGMzd/c6ByxW69oP -IQ7aunMZT7XZNn/Bh1XZp5m5MkL72NVxnn6hUrcbvZNCJBIqxw8dtk2cXmPIS4AX -UKqK1drk/NAJBzewdXUh ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFujCCBKKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhjELMAkGA1UEBhMCVVMx -HTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMS0wKwYDVQQLEyRBcHBsZSBD -b21wdXRlciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgNVBAMTIEFwcGxlIFJv -b3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA1MDIxMDAwMTgxNFoXDTI1MDIx -MDAwMTgxNFowgYYxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBcHBsZSBDb21wdXRl -ciwgSW5jLjEtMCsGA1UECxMkQXBwbGUgQ29tcHV0ZXIgQ2VydGlmaWNhdGUgQXV0 -aG9yaXR5MSkwJwYDVQQDEyBBcHBsZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 -eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSRqQkfkdseR1DrBe1e -eYQt6zaiV0xV7IsZid75S2z1B6siMALoGD74UAnTf0GomPnRymacJGsR0KO75Bsq -wx+VnnoMpEeLW9QWNzPLxA9NzhRp0ckZcvVdDtV/X5vyJQO6VY9NXQ3xZDUjFUsV -WR2zlPf2nJ7PULrBWFBnjwi0IPfLrCwgb3C2PwEwjLdDzw+dPfMrSSgayP7OtbkO -2V4c1ss9tTqt9A8OAJILsSEWLnTVPA3bYharo3GSR1NVwa8vQbP4++NwzeajTEV+ -H0xrUJZBicR0YgsQg0GHM4qBsTBY7FoEMoxos48d3mVz/2deZbxJ2HafMxRloXeU -yS0CAwEAAaOCAi8wggIrMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ -MB0GA1UdDgQWBBQr0GlHlHYJ/vRrjS5ApvdHTX8IXjAfBgNVHSMEGDAWgBQr0GlH -lHYJ/vRrjS5ApvdHTX8IXjCCASkGA1UdIASCASAwggEcMIIBGAYJKoZIhvdjZAUB -MIIBCTBBBggrBgEFBQcCARY1aHR0cHM6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmlj -YXRlYXV0aG9yaXR5L3Rlcm1zLmh0bWwwgcMGCCsGAQUFBwICMIG2GoGzUmVsaWFu -Y2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2Nl -cHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5k -IGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRp -ZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wRAYDVR0fBD0wOzA5oDegNYYz -aHR0cHM6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5L3Jvb3Qu -Y3JsMFUGCCsGAQUFBwEBBEkwRzBFBggrBgEFBQcwAoY5aHR0cHM6Ly93d3cuYXBw -bGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5L2Nhc2lnbmVycy5odG1sMA0GCSqG -SIb3DQEBBQUAA4IBAQCd2i0oWC99dgS5BNM+zrdmY06PL9T+S61yvaM5xlJNBZhS -9YlRASR5vhoy9+VEi0tEBzmC1lrKtCBe2a4VXR2MHTK/ODFiSF3H4ZCx+CRA+F9Y -m1FdV53B5f88zHIhbsTp6aF31ywXJsM/65roCwO66bNKcuszCVut5mIxauivL9Wv -Hld2j383LS4CXN1jyfJxuCZA3xWNdUQ/eb3mHZnhQyw+rW++uaT+DjUZUWOxw961 -kj5ReAFziqQjyqSI8R5cH0EWLX6VCqrpiUGYGxrdyyC/R14MJsVVNU3GMIuZZxTH -CR+6R8faAQmHJEKVvRNgGQrv6n8Obs3BREM6StXj ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID9zCCAt+gAwIBAgILMTI1MzcyODI4MjgwDQYJKoZIhvcNAQELBQAwWDELMAkG -A1UEBhMCSlAxHDAaBgNVBAoTE0phcGFuZXNlIEdvdmVybm1lbnQxDTALBgNVBAsT -BEdQS0kxHDAaBgNVBAMTE0FwcGxpY2F0aW9uQ0EyIFJvb3QwHhcNMTMwMzEyMTUw -MDAwWhcNMzMwMzEyMTUwMDAwWjBYMQswCQYDVQQGEwJKUDEcMBoGA1UEChMTSmFw -YW5lc2UgR292ZXJubWVudDENMAsGA1UECxMER1BLSTEcMBoGA1UEAxMTQXBwbGlj -YXRpb25DQTIgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKaq -rSVl1gAR1uh6dqr05rRL88zDUrSNrKZPtZJxb0a11a2LEiIXJc5F6BR6hZrkIxCo -+rFnUOVtR+BqiRPjrq418fRCxQX3TZd+PCj8sCaRHoweOBqW3FhEl2LjMsjRFUFN -dZh4vqtoqV7tR76kuo6hApfek3SZbWe0BSXulMjtqqS6MmxCEeu+yxcGkOGThchk -KM4fR8fAXWDudjbcMztR63vPctgPeKgZggiQPhqYjY60zxU2pm7dt+JNQCBT2XYq -0HisifBPizJtROouurCp64ndt295D6uBbrjmiykLWa+2SQ1RLKn9nShjZrhwlXOa -2Po7M7xCQhsyrLEy+z0CAwEAAaOBwTCBvjAdBgNVHQ4EFgQUVqesqgIdsqw9kA6g -by5Bxnbne9owDgYDVR0PAQH/BAQDAgEGMHwGA1UdEQR1MHOkcTBvMQswCQYDVQQG -EwJKUDEYMBYGA1UECgwP5pel5pys5Zu95pS/5bqcMRswGQYDVQQLDBLmlL/lupzo -qo3oqLzln7rnm6QxKTAnBgNVBAMMIOOCouODl+ODquOCseODvOOCt+ODp+ODs0NB -MiBSb290MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAH+aCXWs -B9FydC53VzDCBJzUgKaD56WgG5/+q/OAvdVKo6GPtkxgEefK4WCB10jBIFmlYTKL -nZ6X02aD2mUuWD7b5S+lzYxzplG+WCigeVxpL0PfY7KJR8q73rk0EWOgDiUX5Yf0 -HbCwpc9BqHTG6FPVQvSCLVMJEWgmcZR1E02qdog8dLHW40xPYsNJTE5t8XB+w3+m -Bcx4m+mB26jIx1ye/JKSLaaX8ji1bnOVDMA/zqaUMLX6BbfeniCq/BNkyYq6ZO/i -Y+TYmK5rtT6mVbgzPixy+ywRAPtbFi+E0hOe+gXFwctyTiLdhMpLvNIthhoEdlkf -SUJiOxMfFui61/0= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE -AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG -EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM -FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC -REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp -Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM -VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ -SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ -4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L -cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi -eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV -HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG -A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 -DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j -vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP -DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc -maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D -lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv -KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE -BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h -cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy -MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg -Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 -thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM -cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG -L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i -NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h -X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b -m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy -Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja -EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T -KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF -6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh -OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD -VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD -VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp -cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv -ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl -AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF -661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 -am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 -ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 -PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS -3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k -SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF -3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM -ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g -StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz -Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB -jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIJmzCCB4OgAwIBAgIBATANBgkqhkiG9w0BAQwFADCCAR4xPjA8BgNVBAMTNUF1 -dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9s -YW5vMQswCQYDVQQGEwJWRTEQMA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlz -dHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0 -aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBlcmludGVuZGVuY2lh -IGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUwIwYJ -KoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyMjE4MDgy -MVoXDTMwMTIxNzIzNTk1OVowggEeMT4wPAYDVQQDEzVBdXRvcmlkYWQgZGUgQ2Vy -dGlmaWNhY2lvbiBSYWl6IGRlbCBFc3RhZG8gVmVuZXpvbGFubzELMAkGA1UEBhMC -VkUxEDAOBgNVBAcTB0NhcmFjYXMxGTAXBgNVBAgTEERpc3RyaXRvIENhcGl0YWwx -NjA0BgNVBAoTLVNpc3RlbWEgTmFjaW9uYWwgZGUgQ2VydGlmaWNhY2lvbiBFbGVj -dHJvbmljYTFDMEEGA1UECxM6U3VwZXJpbnRlbmRlbmNpYSBkZSBTZXJ2aWNpb3Mg -ZGUgQ2VydGlmaWNhY2lvbiBFbGVjdHJvbmljYTElMCMGCSqGSIb3DQEJARYWYWNy -YWl6QHN1c2NlcnRlLmdvYi52ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAME77xNS8ZlW47RsBeEaaRZhJoZ4rw785UAFCuPZOAVMqNS1wMYqzy95q6Gk -UO81ER/ugiQX/KMcq/4HBn83fwdYWxPZfwBfK7BP2p/JsFgzYeFP0BXOLmvoJIzl -Jb6FW+1MPwGBjuaZGFImWZsSmGUclb51mRYMZETh9/J5CLThR1exStxHQptwSzra -zNFpkQY/zmj7+YZNA9yDoroVFv6sybYOZ7OxNDo7zkSLo45I7gMwtxqWZ8VkJZkC -8+p0dX6mkhUT0QAV64Zc9HsZiH/oLhEkXjhrgZ28cF73MXIqLx1fyM4kPH1yOJi/ -R72nMwL7D+Sd6mZgI035TxuHXc2/uOwXfKrrTjaJDz8Jp6DdessOkxIgkKXRjP+F -K3ze3n4NUIRGhGRtyvEjK95/2g02t6PeYiYVGur6ruS49n0RAaSS0/LJb6XzaAAe -0mmO2evnEqxIKwy2mZRNPfAVW1l3wCnWiUwryBU6OsbFcFFrQm+00wOicXvOTHBM -aiCVAVZTb9RSLyi+LJ1llzJZO3pq3IRiiBj38Nooo+2ZNbMEciSgmig7YXaUcmud -SVQvLSL+Yw+SqawyezwZuASbp7d/0rutQ59d81zlbMt3J7yB567rT2IqIydQ8qBW -k+fmXzghX+/FidYsh/aK+zZ7Wy68kKHuzEw1Vqkat5DGs+VzAgMBAAGjggLeMIIC -2jASBgNVHRMBAf8ECDAGAQH/AgECMDcGA1UdEgQwMC6CD3N1c2NlcnRlLmdvYi52 -ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAzNi0wMB0GA1UdDgQWBBStuyIdxuDS -Aaj9dlBSk+2YwU2u0zCCAVAGA1UdIwSCAUcwggFDgBStuyIdxuDSAaj9dlBSk+2Y -wU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0b3JpZGFkIGRlIENlcnRpZmlj -YWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xhbm8xCzAJBgNVBAYTAlZFMRAw -DgYDVQQHEwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0cml0byBDYXBpdGFsMTYwNAYD -VQQKEy1TaXN0ZW1hIE5hY2lvbmFsIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25p -Y2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5kZW5jaWEgZGUgU2VydmljaW9zIGRlIENl -cnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkqhkiG9w0BCQEWFmFjcmFpekBz -dXNjZXJ0ZS5nb2IudmWCAQEwDgYDVR0PAQH/BAQDAgEGMDcGA1UdEQQwMC6CD3N1 -c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAzNi0wMFQGA1Ud -HwRNMEswJKAioCCGHmhodHA6Ly93d3cuc3VzY2VydGUuZ29iLnZlL2xjcjAjoCGg -H4YdbGRhcDovL2FjcmFpei5zdXNjZXJ0ZS5nb2IudmUwNwYIKwYBBQUHAQEEKzAp -MCcGCCsGAQUFBzABhhtoaHRwOi8vb2NzcC5zdXNjZXJ0ZS5nb2IudmUwQAYDVR0g -BDkwNzA1BgVghl4BAjAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN1c2NlcnRl -LmdvYi52ZS9kcGMwDQYJKoZIhvcNAQEMBQADggIBAK4qy/zmZ9zBwfW3yOYtLcBT -Oy4szJyPz7/RhNH3bPVH7HbDTGpi6JZ4YXdXMBeJE5qBF4a590Kgj8Rlnltt+Rbo -OFQOU1UDqKuTdBsA//Zry5899fmn8jBUkg4nh09jhHHbLlaUScdz704Zz2+UVg7i -s/r3Legxap60KzmdrmTAE9VKte1TQRgavQwVX5/2mO/J+SCas//UngI+h8SyOucq -mjudYEgBrZaodUsagUfn/+AzFNrGLy+al+5nZeHb8JnCfLHWS0M9ZyhgoeO/czyn -99+5G93VWNv4zfc4KiavHZKrkn8F9pg0ycIZh+OwPT/RE2zq4gTazBMlP3ACIe/p -olkNaOEa8KvgzW96sjBZpMW49zFmyINYkcj+uaNCJrVGsXgdBmkuRGJNWFZ9r0cG -woIaxViFBypsz045r1ESfYPlfDOavBhZ/giR/Xocm9CHkPRY2BApMMR0DUCyGETg -Ql+L3kfdTKzuDjUp2DM9FqysQmaM81YDZufWkMhlZPfHwC7KbNougoLroa5Umeos -bqAXWmk46SwIdWRPLLqbUpDTKooynZKpSYIkkotdgJoVZUUCY+RCO8jsVPEU6ece -SxztNUm5UOta1OJPMwSAKRHOo3ilVb9c6lAixDdvV8MeNbqe6asM1mpCHWbJ/0rg -5Ls9Cxx8hracyp0ev7b0 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ -RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD -VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX -DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y -ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy -VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr -mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr -IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK -mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu -XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy -dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye -jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 -BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 -DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 -9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx -jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 -Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz -ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS -R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgIIKv++n6Lw6YcwDQYJKoZIhvcNAQEFBQAwKDELMAkGA1UE -BhMCQkUxGTAXBgNVBAMTEEJlbGdpdW0gUm9vdCBDQTIwHhcNMDcxMDA0MTAwMDAw -WhcNMjExMjE1MDgwMDAwWjAoMQswCQYDVQQGEwJCRTEZMBcGA1UEAxMQQmVsZ2l1 -bSBSb290IENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZzQh6S -/3UPi790hqc/7bIYLS2X+an7mEoj39WN4IzGMhwWLQdC1i22bi+n9fzGhYJdld61 -IgDMqFNAn68KNaJ6x+HK92AQZw6nUHMXU5WfIp8MXW+2QbyM69odRr2nlL/zGsvU -+40OHjPIltfsjFPekx40HopQcSZYtF3CiInaYNKJIT/e1wEYNm7hLHADBGXvmAYr -XR5i3FVr/mZkIV/4L+HXmymvb82fqgxG0YjFnaKVn6w/Fa7yYd/vw2uaItgscf1Y -HewApDgglVrH1Tdjuk+bqv5WRi5j2Qsj1Yr6tSPwiRuhFA0m2kHwOI8w7QUmecFL -TqG4flVSOmlGhHUCAwEAAaOBuzCBuDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zBCBgNVHSAEOzA5MDcGBWA4CQEBMC4wLAYIKwYBBQUHAgEWIGh0dHA6 -Ly9yZXBvc2l0b3J5LmVpZC5iZWxnaXVtLmJlMB0GA1UdDgQWBBSFiuv0xbu+DlkD -lN7WgAEV4xCcOTARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUhYrr9MW7 -vg5ZA5Te1oABFeMQnDkwDQYJKoZIhvcNAQEFBQADggEBAFHYhd27V2/MoGy1oyCc -UwnzSgEMdL8rs5qauhjyC4isHLMzr87lEwEnkoRYmhC598wUkmt0FoqW6FHvv/pK -JaeJtmMrXZRY0c8RcrYeuTlBFk0pvDVTC9rejg7NqZV3JcqUWumyaa7YwBO+mPyW -nIR/VRPmPIfjvCCkpDZoa01gZhz5v6yAlGYuuUGK02XThIAC71AdXkbc98m6tTR8 -KvPG2F9fVJ3bTc0R5/0UAoNmXsimABKgX77OFP67H6dh96tK8QYUn8pJQsKpvO2F -sauBQeYNxUJpU4c5nUwfAA4+Bw11V0SoU7Q2dmSZ3G7rPUZuFF1eR1ONeE3gJ7uO -hXY= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd -MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg -Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow -TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw -HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB -BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr -6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV -L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 -1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx -MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ -QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB -arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr -Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi -FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS -P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN -9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP -AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz -uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h -9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s -A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t -OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo -+fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 -KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 -DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us -H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ -I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 -5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h -3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz -Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd -MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg -Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow -TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw -HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB -BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y -ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E -N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 -tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX -0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c -/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X -KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY -zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS -O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D -34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP -K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 -AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv -Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj -QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV -cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS -IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 -HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa -O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv -033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u -dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE -kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 -3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD -u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq -4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV -BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu -MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQy -MDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx -EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjEw -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy3QRk -D2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/o -OI7bm+V8u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3A -fQ+lekLZWnDZv6fXARz2m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJe -IgpFy4QxTaz+29FHuvlglzmxZcfe+5nkCiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8n -oc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTaYVKvJrT1cU/J19IG32PK -/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6vpmumwKj -rckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD -3AjLLhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE -7cderVC6xkGbrPAXZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkC -yC2fg69naQanMVXVz0tv/wQFx1isXxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLd -qvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud -DwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ04IwDQYJKoZI -hvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR -xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaA -SfX8MPWbTx9BLxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXo -HqJPYNcHKfyyo6SdbhWSVhlMCrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpB -emOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5GfbVSUZP/3oNn6z4eGBrxEWi1CXYBmC -AMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85YmLLW1AL14FABZyb -7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKSds+x -DzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvk -F7mGnjixlAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqF -a3qdnom2piiZk4hA9z7NUaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsT -Q6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJa7+h89n07eLw4+1knj0vllJPgFOL ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV -BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu -MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy -MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx -EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe -NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH -PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I -x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe -QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR -yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO -QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 -H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ -QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD -i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs -nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 -rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud -DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI -hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM -tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf -GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb -lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka -+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal -TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i -nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 -gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr -G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os -zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x -L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV -BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X -DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ -BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 -QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny -gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw -zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q -130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 -JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw -DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw -ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT -AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj -AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG -9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h -bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc -fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu -HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w -t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw -WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjET -MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAk -BgNVBAMMHUNlcnRpbm9taXMgLSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4 -Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNl -cnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYwJAYDVQQDDB1DZXJ0 -aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jY -F1AMnmHawE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N -8y4oH3DfVS9O7cdxbwlyLu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWe -rP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K -/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92NjMD2AR5vpTESOH2VwnHu -7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9qc1pkIuVC -28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6 -lSTClrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1E -nn1So2+WLhl+HPNbxxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB -0iSVL1N6aaLwD4ZFjliCK0wi1F6g530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql09 -5gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna4NH4+ej9Uji29YnfAgMBAAGj -WzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQN -jLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ -KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9s -ov3/4gbIOZ/xWqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZM -OH8oMDX/nyNTt7buFHAAQCvaR6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q -619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40nJ+U8/aGH88bc62UeYdocMMzpXDn -2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1BCxMjidPJC+iKunqj -o3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjvJL1v -nxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG -5ERQL1TEqkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWq -pdEdnV1j6CTmNhTih60bWfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZb -dsLLO7XSAPCjDuGtbkD326C00EauFddEwk01+dIL8hf2rGbVJLJP0RyZwG71fet0 -BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/vgt2Fl43N+bYdJeimUV5 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET -MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb -BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz -MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx -FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g -Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2 -fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl -LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV -WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF -TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb -5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc -CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri -wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ -wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG -m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4 -F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng -WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0 -2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF -AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/ -0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw -F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS -g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj -qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN -h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/ -ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V -btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj -Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ -8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW -gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT -AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD -QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP -MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do -0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ -UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d -RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ -OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv -JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C -AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O -BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ -LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY -MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ -44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I -Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw -i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN -9u6wWk5JRFRYX0KD ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM -MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD -QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM -MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD -QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E -jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo -ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI -ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu -Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg -AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 -HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA -uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa -TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg -xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q -CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x -O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs -6GAqm4VKQPNriiTsBhYscw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB -gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu -QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG -A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz -OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ -VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 -b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA -DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn -0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB -OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE -fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E -Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m -o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i -sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW -OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez -Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS -adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n -3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC -AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ -F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf -CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 -XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm -djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ -WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb -AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq -P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko -b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj -XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P -5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi -DrW5viSP ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM -MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D -ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU -cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 -WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg -Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw -IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH -UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM -TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU -BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM -kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x -AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV -HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y -sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL -I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 -J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY -VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI -03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD -TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y -aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx -MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j -aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP -T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 -sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL -TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 -/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp -7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz -EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt -hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP -a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot -aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg -TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV -PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv -cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL -tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd -BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB -ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT -ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL -jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS -ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy -P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 -xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d -Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN -5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe -/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z -AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ -5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD -VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 -IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 -MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz -IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz -MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj -dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw -EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp -MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 -28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq -VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q -DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR -5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL -ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a -Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl -UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s -+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 -Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj -ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx -hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV -HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 -+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN -YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t -L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy -ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt -IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV -HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w -DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW -PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF -5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 -glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH -FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 -pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD -xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG -tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq -jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De -fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg -OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ -d0jQ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn -MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL -ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg -b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa -MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB -ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw -IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B -AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb -unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d -BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq -7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 -0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX -roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG -A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j -aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p -26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA -BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud -EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN -BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz -aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB -AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd -p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi -1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc -XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 -eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu -tGWaIZDgqtCYvDi1czyL+Nw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDQzCCAiugAwIBAgIQX/h7KCtU3I1CoxW1aMmt/zANBgkqhkiG9w0BAQUFADA1 -MRYwFAYDVQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENB -IDIwNDgwHhcNMDQwNTE0MjAxNzEyWhcNMjkwNTE0MjAyNTQyWjA1MRYwFAYDVQQK -Ew1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwNDgwggEg -MA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCwmrmrp68Kd6ficba0ZmKUeIhH -xmJVhEAyv8CrLqUccda8bnuoqrpu0hWISEWdovyD0My5jOAmaHBKeN8hF570YQXJ -FcjPFto1YYmUQ6iEqDGYeJu5Tm8sUxJszR2tKyS7McQr/4NEb7Y9JHcJ6r8qqB9q -VvYgDxFUl4F1pyXOWWqCZe+36ufijXWLbvLdT6ZeYpzPEApk0E5tzivMW/VgpSdH -jWn0f84bcN5wGyDWbs2mAag8EtKpP6BrXruOIIt6keO1aO6g58QBdKhTCytKmg9l -Eg6CTY5j/e/rmxrbU6YTYK/CfdfHbBcl1HP7R2RQgYCUTOG/rksc35LtLgXfAgED -o1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJ/PI -FR5umgIJFq0roIlgX9p7L6owEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEF -BQADggEBAJ2dhISjQal8dwy3U8pORFBi71R803UXHOjgxkhLtv5MOhmBVrBW7hmW -Yqpao2TB9k5UM8Z3/sUcuuVdJcr18JOagxEu5sv4dEX+5wW4q+ffy0vhN4TauYuX -cB7w4ovXsNgOnbFp1iqRe6lJT37mjpXYgyc81WhJDtSd9i7rp77rMKSsH0T8lasz -Bvt9YAretIpjsJyp8qS5UwGH0GikJ3+r/+n6yUA4iGe0OcaEb1fJU9u6ju7AQ7L4 -CYNu/2bPPu8Xs1gYJQk0XuPL1hS27PKSb3TkL4Eq1ZKR4OCXPDJoBYVL0fdX4lId -kxpUnwVwwEpxYB5DC2Ae/qPOgRnhCzU= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw -PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz -cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 -MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz -IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ -ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR -VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL -kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd -EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas -H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 -HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud -DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 -QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu -Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ -AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 -yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR -FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA -ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB -kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 -l7+ijrRU ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDoTCCAomgAwIBAgIQKTZHquOKrIZKI1byyrdhrzANBgkqhkiG9w0BAQUFADBO -MQswCQYDVQQGEwJ1czEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQ0wCwYDVQQL -EwRGQkNBMRYwFAYDVQQDEw1Db21tb24gUG9saWN5MB4XDTA3MTAxNTE1NTgwMFoX -DTI3MTAxNTE2MDgwMFowTjELMAkGA1UEBhMCdXMxGDAWBgNVBAoTD1UuUy4gR292 -ZXJubWVudDENMAsGA1UECxMERkJDQTEWMBQGA1UEAxMNQ29tbW9uIFBvbGljeTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJeNvTMn5K1b+3i9L0dHbsd4 -6ZOcpN7JHP0vGzk4rEcXwH53KQA7Ax9oD81Npe53uCxiazH2+nIJfTApBnznfKM9 -hBiKHa4skqgf6F5PjY7rPxr4nApnnbBnTfAu0DDew5SwoM8uCjR/VAnTNr2kSVdS -c+md/uRIeUYbW40y5KVIZPMiDZKdCBW/YDyD90ciJSKtKXG3d+8XyaK2lF7IMJCk -FEhcVlcLQUwF1CpMP64Sm1kRdXAHImktLNMxzJJ+zM2kfpRHqpwJCPZLr1LoakCR -xVW9QLHIbVeGlRfmH3O+Ry4+i0wXubklHKVSFzYIWcBCvgortFZRPBtVyYyQd+sC -AwEAAaN7MHkwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O -BBYEFC9Yl9ipBZilVh/72at17wI8NjTHMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJ -KwYBBAGCNxUCBBYEFHa3YJbdFFYprHWF03BjwbxHhhyLMA0GCSqGSIb3DQEBBQUA -A4IBAQBgrvNIFkBypgiIybxHLCRLXaCRc+1leJDwZ5B6pb8KrbYq+Zln34PFdx80 -CTj5fp5B4Ehg/uKqXYeI6oj9XEWyyWrafaStsU+/HA2fHprA1RRzOCuKeEBuMPdi -4c2Z/FFpZ2wR3bgQo2jeJqVW/TZsN5hs++58PGxrcD/3SDcJjwtCga1GRrgLgwb0 -Gzigf0/NC++DiYeXHIowZ9z9VKEDfgHLhUyxCynDvux84T8PCVI8L6eaSP436REG -WOE2QYrEtr+O3c5Ks7wawM36GpnScZv6z7zyxFSjiDV2zBssRm8MtNHDYXaSdBHq -S4CNHIkRi+xb/xfJSPzn4AYR4oRe ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB -gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV -BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw -MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl -YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P -RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 -UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI -2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 -Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp -+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ -DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O -nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW -/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g -PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u -QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY -SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv -IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ -RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 -zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd -BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB -ZQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT -IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw -MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy -ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N -T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR -FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J -cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW -BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm -fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv -GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB -hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV -BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 -MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT -EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR -Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR -6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X -pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC -9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV -/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf -Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z -+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w -qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah -SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC -u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf -Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq -crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E -FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB -/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl -wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM -4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV -2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna -FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ -CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK -boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke -jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL -S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb -QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl -0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB -NVOFBkpdn627G190 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUFADA0 -MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQG -EwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQxEzARBgNVBAMT -CkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNVBAYTAklMMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvTx49qROR+WCf4C9DklBKK -8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+YtkbDqthVVRVKU4VbirgwTyP2Q2 -98CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz6YQgitZBJzXkOPqUm7h65HkfM/sb -2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZKKxC+cX/zT/npfo4sdAMx9lSGlPWgcxC -ejVb7Us6eva1jsz/D3zkYDaHL63woSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7Kpi -Xd3DTKaCQeQzC6zJMw9kglcq/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQAB -o4GgMIGdMAwGA1UdEwQFMAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2Zl -ZGlyLmNvbXNpZ24uY28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQD -AgGGMB8GA1UdIwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRL -AZs+VhplNnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWd -foPPbrxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M -cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T5oWq -8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6FUtnUdLlp -hbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VGzT2ouvDzuFYk -Res3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjfZTL0pECMocJEAw6U -AGegcQCCSA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGATCCA+mgAwIBAgIRAI9hcRW6eVgXjH0ROqzW264wDQYJKoZIhvcNAQELBQAw -RTEfMB0GA1UEAxMWQ29tU2lnbiBHbG9iYWwgUm9vdCBDQTEVMBMGA1UEChMMQ29t -U2lnbiBMdGQuMQswCQYDVQQGEwJJTDAeFw0xMTA3MTgxMDI0NTRaFw0zNjA3MTYx -MDI0NTVaMEUxHzAdBgNVBAMTFkNvbVNpZ24gR2xvYmFsIFJvb3QgQ0ExFTATBgNV -BAoTDENvbVNpZ24gTHRkLjELMAkGA1UEBhMCSUwwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQCyKClzKh3rm6n1nvigmV/VU1D4hSwYW2ro3VqpzpPo0Ph3 -3LguqjXd5juDwN4mpxTpD99d7Xu5X6KGTlMVtfN+bTbA4t3x7DU0Zqn0BE5XuOgs -3GLH41Vmr5wox1bShVpM+IsjcN4E/hMnDtt/Bkb5s33xCG+ohz5dlq0gA9qfr/g4 -O9lkHZXTCeYrmVzd/il4x79CqNvGkdL3um+OKYl8rg1dPtD8UsytMaDgBAopKR+W -igc16QJzCbvcinlETlrzP/Ny76BWPnAQgaYBULax/Q5thVU+N3sEOKp6uviTdD+X -O6i96gARU4H0xxPFI75PK/YdHrHjfjQevXl4J37FJfPMSHAbgPBhHC+qn/014DOx -46fEGXcdw2BFeIIIwbj2GH70VyJWmuk/xLMCHHpJ/nIF8w25BQtkPpkwESL6esaU -b1CyB4Vgjyf16/0nRiCAKAyC/DY/Yh+rDWtXK8c6QkXD2XamrVJo43DVNFqGZzbf -5bsUXqiVDOz71AxqqK+p4ek9374xPNMJ2rB5MLPAPycwI0bUuLHhLy6nAIFHLhut -TNI+6Y/soYpi5JSaEjcY7pxI8WIkUAzr2r+6UoT0vAdyOt7nt1y8844a7szo/aKf -woziHl2O1w6ZXUC30K+ptXVaOiW79pBDcbLZ9ZdbONhS7Ea3iH4HJNwktrBJLQID -AQABo4HrMIHoMA8GA1UdEwEB/wQFMAMBAf8wgYQGA1UdHwR9MHswPKA6oDiGNmh0 -dHA6Ly9mZWRpci5jb21zaWduLmNvLmlsL2NybC9jb21zaWduZ2xvYmFscm9vdGNh -LmNybDA7oDmgN4Y1aHR0cDovL2NybDEuY29tc2lnbi5jby5pbC9jcmwvY29tc2ln -bmdsb2JhbHJvb3RjYS5jcmwwDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBQCRZPY -DUhirGm6rgZbPvuqJpFQsTAfBgNVHSMEGDAWgBQCRZPYDUhirGm6rgZbPvuqJpFQ -sTANBgkqhkiG9w0BAQsFAAOCAgEAk1V5V9701xsfy4mfX+tP9Ln5e9h3N+QMwUfj -kr+k3e8iXOqADjTpUHeBkEee5tJq09ZLp/43F5tZ2eHdYq2ZEX7iWHCnOQet6Yw9 -SU1TahsrGDA6JJD9sdPFnNZooGsU1520e0zNB0dNWwxrWAmu4RsBxvEpWCJbvzQL -dOfyX85RWwli81OiVMBc5XvJ1mxsIIqli45oRynKtsWP7E+b0ISJ1n+XFLdQo/Nm -WA/5sDfT0F5YPzWdZymudMbXitimxC+n4oQE4mbQ4Zm718Iwg3pP9gMMcSc7Qc1J -kJHPH9O7gVubkKHuSYj9T3Ym6c6egL1pb4pz/uT7cT26Fiopc/jdqbe2EAfoJZkv -hlp/zdzOoXTWjiKNA5zmgWnZn943FuE9KMRyKtyi/ezJXCh8ypnqLIKxeFfZl69C -BwJsPXUTuqj8Fic0s3aZmmr7C4jXycP+Q8V+akMEIoHAxcd960b4wVWKqOcI/kZS -Q0cYqWOY1LNjznRt9lweWEfwDBL3FhrHOmD4++1N3FkkM4W+Q1b2WOL24clDMj+i -2n9Iw0lc1llHMSMvA5D0vpsXZpOgcCVahfXczQKi9wQ3oZyonJeWx4/rXdMtagAB -VBYGFuMEUEQtybI+eIbnp5peO2WAAblQI4eTy/jMVowe5tfMEXovV3sz9ULgmGb3 -DscLP1I= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEFBQAw -PDEbMBkGA1UEAxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdDb21TaWdu -MQswCQYDVQQGEwJJTDAeFw0wNDAzMjQxMTM3MjBaFw0yOTAzMTYxNTA0NTZaMDwx -GzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBDQTEQMA4GA1UEChMHQ29tU2lnbjEL -MAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGtWhf -HZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjWaueP1H5XJLkGieQcPOqs49oh -gHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQPRbsHPaHA+iqYHU4Gk/v1iDurX8sW -v+bznkqH7Rnqwp9D5PGBpX8QTz7RSmKtUxvLg/8HZaWSLWapW7ha9B20IZFKF3ue -Mv5WJDmyVIRD9YTC2LxBkMyd1mja6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr -9gOUCXDeFhF6K+h2j0kQmHe5Y1yLM5d19guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt -6+UarA9z1YJZQIDTAgMBAAGjgacwgaQwDAYDVR0TBAUwAwEB/zBEBgNVHR8EPTA7 -MDmgN6A1hjNodHRwOi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29tU2lnblNl -Y3VyZWRDQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58 -ADsAj8c+DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkq -hkiG9w0BAQUFAAOCAQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7p -iL1DRYHjZiM/EoZNGeQFsOY3wo3aBijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2mPtC -dsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtpFhpFfTMDZflScZAmlaxMDPWL -kz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP51qJThRv4zdL -hfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+/21OGVZOIJFsnzQz -OjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF -MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD -bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha -ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM -HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 -UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 -tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R -ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM -lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp -/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G -A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G -A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj -dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy -MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl -cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js -L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL -BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni -acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 -o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K -zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 -PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y -Johw1+qRzT65ysCQblrGXnRl11z+o+I= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF -MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD -bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw -NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV -BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn -ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 -3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z -qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR -p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 -HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw -ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea -HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw -Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh -c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E -RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt -dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku -Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp -3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 -nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF -CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na -xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX -KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc -MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj -IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB -IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE -RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl -U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 -IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU -ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC -QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr -rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S -NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc -QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH -txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP -BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC -AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp -tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa -IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl -6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ -xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU -Cm26OWMohpLzGITY+9HPBVZkVw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv -b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl -cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c -JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP -mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ -wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 -VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ -AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB -AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW -BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun -pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC -dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf -fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm -NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx -H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe -+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv -b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl -cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA -n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc -biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp -EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA -bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu -YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB -AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW -BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI -QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I -0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni -lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 -B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv -ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo -IhNzbM8m9Yop5w== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw -CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu -ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg -RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu -Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf -Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q -RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD -AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY -JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv -6pZjamVFkpUBtA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD -QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT -MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j -b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB -CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 -nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt -43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P -T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 -gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO -BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR -TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw -DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr -hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg -06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF -PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls -YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk -CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH -MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT -MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j -b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI -2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx -1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ -q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz -tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ -vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV -5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY -1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 -NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG -Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 -8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe -pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl -MrY= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw -CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu -ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe -Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw -EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x -IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF -K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG -fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO -Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd -BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx -AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ -oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 -sycX ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j -ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL -MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 -LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug -RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm -+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW -PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM -xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB -Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 -hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg -EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA -FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec -nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z -eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF -hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 -Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe -vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep -+OkuE6N36B9K ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg -RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu -Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y -ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If -xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV -ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO -DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ -jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ -CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi -EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM -fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY -uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK -chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t -9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD -ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 -SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd -+SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc -fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa -sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N -cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N -0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie -4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI -r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 -/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm -gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb -MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx -ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w -MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD -VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx -FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu -ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7 -gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH -fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a -ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT -ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF -MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk -c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto -dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt -aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI -hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk -QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/ -h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq -nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR -rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2 -9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow -PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD -Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O -rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq -OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b -xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw -7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD -aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG -SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 -ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr -AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz -R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 -JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo -Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDOzCCAiOgAwIBAgIRANAeRlAAACmMAAAAAgAAAAIwDQYJKoZIhvcNAQEFBQAw -PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD -Ew5EU1QgUm9vdCBDQSBYNDAeFw0wMDA5MTMwNjIyNTBaFw0yMDA5MTMwNjIyNTBa -MD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEXMBUGA1UE -AxMORFNUIFJvb3QgQ0EgWDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQCthX3OFEYY8gSeIYur0O4ypOT68HnDrjLfIutL5PZHRwQGjzCPb9PFo/ihboJ8 -RvfGhBAqpQCo47zwYEhpWm1jB+L/OE/dBBiyn98krfU2NiBKSom2J58RBeAwHGEy -cO+lewyjVvbDDLUy4CheY059vfMjPAftCRXjqSZIolQb9FdPcAoa90mFwB7rKniE -J7vppdrUScSS0+eBrHSUPLdvwyn4RGp+lSwbWYcbg5EpSpE0GRJdchic0YDjvIoC -YHpe7Rkj93PYRTQyU4bhC88ck8tMqbvRYqMRqR+vobbkrj5LLCOQCHV5WEoxWh+0 -E2SpIFe7RkV++MmpIAc0h1tZAgMBAAGjMjAwMA8GA1UdEwEB/wQFMAMBAf8wHQYD -VR0OBBYEFPCD6nPIP1ubWzdf9UyPWvf0hki9MA0GCSqGSIb3DQEBBQUAA4IBAQCE -G85wl5eEWd7adH6XW/ikGN5salvpq/Fix6yVTzE6CrhlP5LBdkf6kx1bSPL18M45 -g0rw2zA/MWOhJ3+S6U+BE0zPGCuu8YQaZibR7snm3HiHUaZNMu5c8D0x0bcMxDjY -AVVcHCoNiL53Q4PLW27nbY6wwG0ffFKmgV3blxrYWfuUDgGpyPwHwkfVFvz9qjaV -mf12VJffL6W8omBPtgteb6UaT/k1oJ7YI0ldGf+ngpVbRhD+LC3cUtT6GO/BEPZu -8YTV/hbiDH5v3khVqMIeKT6o8IuXGG7F6a6vKwP1F1FwTXf4UC/ivhme7vdUH7B/ -Vv4AEbT8dNfEeFxrkDbh ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV -BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC -aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV -BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 -Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz -MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ -BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp -em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN -ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY -B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH -D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF -Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo -q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D -k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH -fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut -dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM -ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 -zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn -rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX -U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 -Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 -XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF -Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR -HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY -GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c -77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 -+GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK -vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 -FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl -yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P -AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD -y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d -NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIE5zCCA8+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCQ0Ex -EDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xHTAbBgNVBAoTFEVj -aG93b3J4IENvcnBvcmF0aW9uMR8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNlcnZp -Y2VzMRowGAYDVQQDExFFY2hvd29yeCBSb290IENBMjAeFw0wNTEwMDYxMDQ5MTNa -Fw0zMDEwMDcxMDQ5MTNaMIGNMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJp -bzEQMA4GA1UEBxMHVG9yb250bzEdMBsGA1UEChMURWNob3dvcnggQ29ycG9yYXRp -b24xHzAdBgNVBAsTFkNlcnRpZmljYXRpb24gU2VydmljZXMxGjAYBgNVBAMTEUVj -aG93b3J4IFJvb3QgQ0EyMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA -utU/5BkV15UBf+s+JQruKQxr77s3rjp/RpOtmhHILIiO5gsEWP8MMrfrVEiidjI6 -Qh6ans0KAWc2Dw0/j4qKAQzOSyAZgjcdypNTBZ7muv212DA2Pu41rXqwMrlBrVi/ -KTghfdLlNRu6JrC5y8HarrnRFSKF1Thbzz921kLDRoCi+FVs5eVuK5LvIfkhNAqA -byrTgO3T9zfZgk8upmEkANPDL1+8y7dGPB/d6lk0I5mv8PESKX02TlvwgRSIiTHR -k8++iOPLBWlGp7ZfqTEXkPUZhgrQQvxcrwCUo6mk8TqgxCDP5FgPoHFiPLef5szP -ZLBJDWp7GLyE1PmkQI6WiwIBA6OCAVAwggFMMA8GA1UdEwEB/wQFMAMBAf8wCwYD -VR0PBAQDAgEGMB0GA1UdDgQWBBQ74YEboKs/OyGC1eISrq5QqxSlEzCBugYDVR0j -BIGyMIGvgBQ74YEboKs/OyGC1eISrq5QqxSlE6GBk6SBkDCBjTELMAkGA1UEBhMC -Q0ExEDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xHTAbBgNVBAoT -FEVjaG93b3J4IENvcnBvcmF0aW9uMR8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNl -cnZpY2VzMRowGAYDVQQDExFFY2hvd29yeCBSb290IENBMoIBADBQBgNVHSAESTBH -MEUGCysGAQQB+REKAQMBMDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuZWNob3dv -cnguY29tL2NhL3Jvb3QyL2Nwcy5wZGYwDQYJKoZIhvcNAQEFBQADggEBAG+nrPi/ -0RpfEzrj02C6JGPUar4nbjIhcY6N7DWNeqBoUulBSIH/PYGNHYx7/lnJefiixPGE -7TQ5xPgElxb9bK8zoAApO7U33OubqZ7M7DlHnFeCoOoIAZnG1kuwKwD5CXKB2a74 -HzcqNnFW0IsBFCYqrVh/rQgJOzDA8POGbH0DeD0xjwBBooAolkKT+7ZItJF1Pb56 -QpDL9G+16F7GkmnKlAIYT3QTS3yFGYChnJcd+6txUPhKi9sSOOmAIaKHnkH9Scz+ -A2cSi4A3wUYXVatuVNHpRb2lygfH3SuCX9MU8Ure3zBlSU1LALtMqI4JmcQmQpIq -zIzvO2jHyu9PQqo= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 -MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 -czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG -CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy -MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl -ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS -b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy -euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO -bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw -WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d -MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE -1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD -VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ -zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB -BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF -BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV -v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG -E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u -uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW -iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v -GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG -A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 -d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu -dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq -RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy -MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD -VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 -L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g -Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi -A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt -ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH -Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O -BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC -R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX -hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC -VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 -cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs -IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz -dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy -NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu -dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt -dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 -aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T -RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN -cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW -wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 -U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 -jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN -BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ -jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ -Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v -1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R -nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH -VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC -VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 -Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW -KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl -cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw -NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw -NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy -ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV -BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo -Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 -4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 -KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI -rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi -94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB -sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi -gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo -kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE -vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA -A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t -O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua -AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP -9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ -eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m -0vdXcDazv/wor3ElhVsT/h5/WrQ8 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML -RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp -bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 -IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy -MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 -LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp -YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG -A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq -K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe -sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX -MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT -XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ -HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH -4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA -vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G -CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA -WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo -oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ -h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18 -f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN -B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy -vUxFnmG6v4SBkgPR0ml8xQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML -RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp -bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 -IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 -MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 -LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp -YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG -A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq -K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe -sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX -MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT -XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ -HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH -4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub -j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo -U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf -zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b -u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ -bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er -fF6adulZkMV8gzURZVE= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe -MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 -ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe -Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw -IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL -SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH -SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh -ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X -DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 -TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ -fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA -sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU -WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS -nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH -dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip -NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC -AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF -MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH -ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB -uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl -PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP -JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ -gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 -j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 -5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB -o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS -/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z -Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE -W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D -hNQ+IIX3Sj0rnP0qCglN6oH4EZw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEYDCCA0igAwIBAgICATAwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UE -AxMYRmVkZXJhbCBDb21tb24gUG9saWN5IENBMB4XDTEwMTIwMTE2NDUyN1oXDTMw -MTIwMTE2NDUyN1owWTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu -bWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UEAxMYRmVkZXJhbCBDb21tb24gUG9s -aWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HX7NRY0WkG/ -Wq9cMAQUHK14RLXqJup1YcfNNnn4fNi9KVFmWSHjeavUeL6wLbCh1bI1FiPQzB6+ -Duir3MPJ1hLXp3JoGDG4FyKyPn66CG3G/dFYLGmgA/Aqo/Y/ISU937cyxY4nsyOl -4FKzXZbpsLjFxZ+7xaBugkC7xScFNknWJidpDDSPzyd6KgqjQV+NHQOGgxXgVcHF -mCye7Bpy3EjBPvmE0oSCwRvDdDa3ucc2Mnr4MrbQNq4iGDGMUHMhnv6DOzCIJOPp -wX7e7ZjHH5IQip9bYi+dpLzVhW86/clTpyBLqtsgqyFOHQ1O5piF5asRR12dP8Qj -wOMUBm7+nQIDAQABo4IBMDCCASwwDwYDVR0TAQH/BAUwAwEB/zCB6QYIKwYBBQUH -AQsEgdwwgdkwPwYIKwYBBQUHMAWGM2h0dHA6Ly9odHRwLmZwa2kuZ292L2ZjcGNh -L2NhQ2VydHNJc3N1ZWRCeWZjcGNhLnA3YzCBlQYIKwYBBQUHMAWGgYhsZGFwOi8v -bGRhcC5mcGtpLmdvdi9jbj1GZWRlcmFsJTIwQ29tbW9uJTIwUG9saWN5JTIwQ0Es -b3U9RlBLSSxvPVUuUy4lMjBHb3Zlcm5tZW50LGM9VVM/Y0FDZXJ0aWZpY2F0ZTti -aW5hcnksY3Jvc3NDZXJ0aWZpY2F0ZVBhaXI7YmluYXJ5MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUrQx6dVzl85jEeZgOrCj9l/TnAvwwDQYJKoZIhvcNAQELBQAD -ggEBAI9z2uF/gLGH9uwsz9GEYx728Yi3mvIRte9UrYpuGDco71wb5O9Qt2wmGCMi -TR0mRyDpCZzicGJxqxHPkYnos/UqoEfAFMtOQsHdDA4b8Idb7OV316rgVNdF9IU+ -7LQd3nyKf1tNnJaK0KIyn9psMQz4pO9+c+iR3Ah6cFqgr2KBWfgAdKLI3VTKQVZH -venAT+0g3eOlCd+uKML80cgX2BLHb94u6b2akfI8WpQukSKAiaGMWMyDeiYZdQKl -Dn0KJnNR6obLB6jI/WNaNZvSr79PMUjBhHDbNXuaGQ/lj/RqDG8z2esccKIN47lQ -A2EC/0rskqTcLe4qNJMHtyznGI8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT -MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i -YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG -EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg -R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 -9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq -fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv -iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU -1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ -bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW -MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA -ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l -uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn -Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS -tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF -PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un -hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV -5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL -MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj -KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 -MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 -eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV -BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw -NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV -BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH -MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL -So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal -tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG -CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT -qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz -rD6ogRLQy7rQkgu2npaqBA+K ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB -mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT -MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s -eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ -BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg -MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 -BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz -+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm -hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn -5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W -JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL -DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC -huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw -HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB -AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB -zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN -kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD -AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH -SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G -spki4cErx5z481+oghLrGREt ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY -MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo -R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx -MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK -Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 -AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA -ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 -7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W -kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI -mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G -A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ -KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 -6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl -4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K -oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj -UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU -AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD -VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 -IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 -MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD -aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx -MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy -cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG -A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl -BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI -hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed -KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 -G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 -zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 -ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG -HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 -Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V -yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e -beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r -6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh -wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog -zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW -BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr -ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp -ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk -cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt -YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC -CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow -KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI -hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ -UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz -X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x -fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz -a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd -Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd -SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O -AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso -M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge -v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z -09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn -MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL -ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo -YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 -MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy -NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G -A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA -A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 -Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s -QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV -eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 -B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh -z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T -AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i -ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w -TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH -MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD -VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE -VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh -bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B -AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM -bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi -ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG -VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c -ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ -AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw -MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT -aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ -jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp -xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp -1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG -snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ -U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 -9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E -BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B -AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz -yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE -38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP -AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad -DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME -HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk -MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH -bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX -DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD -QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ -FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw -DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F -uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX -kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs -ewv4n4Q= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk -MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH -bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX -DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD -QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc -8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke -hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD -VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI -KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg -515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO -xwy8p2Fp8fc74SrL+SvzZpA3 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G -A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp -Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 -MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG -A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL -v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 -eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq -tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd -C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa -zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB -mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH -V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n -bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG -3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs -J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO -291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS -ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd -AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 -TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G -A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp -Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 -MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG -A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 -RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT -gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm -KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd -QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ -XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw -DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o -LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU -RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp -jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK -6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX -mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs -Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH -WD9f ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh -MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE -YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 -MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo -ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg -MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN -ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA -PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w -wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi -EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY -avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ -YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE -sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h -/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 -IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD -ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy -OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P -TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ -HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER -dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf -ReYNnyicsbkqWletNw+vHX/bvZ8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx -EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT -EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp -ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz -NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH -EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE -AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD -E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH -/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy -DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh -GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR -tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA -AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE -FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX -WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu -9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr -gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo -2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO -LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI -4uJEvlz36hz1 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFSzCCAzOgAwIBAgIRALZLiAfiI+7IXBKtpg4GofIwDQYJKoZIhvcNAQELBQAw -PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eTAeFw0xMjA5MjgwODU4NTFaFw0zNzEyMzExNTU5NTla -MD8xCzAJBgNVBAYTAlRXMTAwLgYDVQQKDCdHb3Zlcm5tZW50IFJvb3QgQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC -AQC2/5c8gb4BWCQnr44BK9ZykjAyG1+bfNTUf+ihYHMwVxAA+lCWJP5Q5ow6ldFX -eYTVZ1MMKoI+GFy4MCYa1l7GLbIEUQ7v3wxjR+vEEghRK5lxXtVpe+FdyXcdIOxW -juVhYC386RyA3/pqg7sFtR4jEpyCygrzFB0g5AaPQySZn7YKk1pzGxY5vgW28Yyl -ZJKPBeRcdvc5w88tvQ7Yy6gOMZvJRg9nU0MEj8iyyIOAX7ryD6uBNaIgIZfOD4k0 -eA/PH07p+4woPN405+2f0mb1xcoxeNLOUNFggmOd4Ez3B66DNJ1JSUPUfr0t4urH -cWWACOQ2nnlwCjyHKenkkpTqBpIpJ3jmrdc96QoLXvTg1oadLXLLi2RW5vSueKWg -OTNYPNyoj420ai39iHPplVBzBN8RiD5C1gJ0+yzEb7xs1uCAb9GGpTJXA9ZN9E4K -mSJ2fkpAgvjJ5E7LUy3Hsbbi08J1J265DnGyNPy/HE7CPfg26QrMWJqhGIZO4uGq -s3NZbl6dtMIIr69c/aQCb/+4DbvVq9dunxpPkUDwH0ZVbaCSw4nNt7H/HLPLo5wK -4/7NqrwB7N1UypHdTxOHpPaY7/1J1lcqPKZc9mA3v9g+fk5oKiMyOr5u5CI9ByTP -isubXVGzMNJxbc5Gim18SjNE2hIvNkvy6fFRCW3bapcOFwIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTVZx3gnHosnMvFmOcdByYqhux0zTAOBgNV -HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAJA75cJTQijq9TFOjj2Rnk0J -89ixUuZPrAwxIbvx6pnMg/y2KOTshAcOD06Xu29oRo8OURWV+Do7H1+CDgxxDryR -T64zLiNB9CZrTxOH+nj2LsIPkQWXqmrBap+8hJ4IKifd2ocXhuGzyl3tOKkpboTe -Rmv8JxlQpRJ6jH1i/NrnzLyfSa8GuCcn8on3Fj0Y5r3e9YwSkZ/jBI3+BxQaWqw5 -ghvxOBnhY+OvbLamURfr+kvriyL2l/4QOl+UoEtTcT9a4RD4co+WgN2NApgAYT2N -vC2xR8zaXeEgp4wxXPHj2rkKhkfIoT0Hozymc26Uke1uJDr5yTDRB6iBfSZ9fYTf -hsmL5a4NHr6JSFEVg5iWL0rrczTXdM3Jb9DCuiv2mv6Z3WAUjhv5nDk8f0OJU+jl -wqu+Iq0nOJt3KLejY2OngeepaUXrjnhWzAWEx/uttjB8YwWfLYwkf0uLkvw4Hp+g -pVezbp3YZLhwmmBScMip0P/GnO0QYV7Ngw5u6E0CQUridgR51lQ/ipgyFKDdLZzn -uoJxo4ZVKZnSKdt1OvfbQ/+2W/u3fjWAjg1srnm3Ni2XUqGwB5wH5Ss2zQOXlL0t -DjQG/MAWifw3VOTWzz0TBPKR2ck2Lj7FWtClTILD/y58Jnb38/1FoqVuVa4uzM8s -iTTa9g3nkagQ6hed8vbs ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix -RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 -dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p -YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw -NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK -EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl -cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl -c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz -dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ -fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns -bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD -75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP -FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp -5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu -b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA -A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p -6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 -TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 -dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys -Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI -l7WdmplNsDz4SgCbZN2fOUvRJ9e4 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx -FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg -Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG -A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr -b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ -jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn -PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh -ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 -nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h -q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED -MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC -mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 -7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB -oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs -EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO -fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi -AmvZWg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFHjCCBAagAwIBAgIEAKA3oDANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC -Q1oxOjA4BgNVBAMMMUkuQ0EgLSBRdWFsaWZpZWQgQ2VydGlmaWNhdGlvbiBBdXRo -b3JpdHksIDA5LzIwMDkxLTArBgNVBAoMJFBydm7DrSBjZXJ0aWZpa2HEjW7DrSBh -dXRvcml0YSwgYS5zLjE9MDsGA1UECww0SS5DQSAtIEFjY3JlZGl0ZWQgUHJvdmlk -ZXIgb2YgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlczAeFw0wOTA5MDEwMDAwMDBaFw0x -OTA5MDEwMDAwMDBaMIG3MQswCQYDVQQGEwJDWjE6MDgGA1UEAwwxSS5DQSAtIFF1 -YWxpZmllZCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSwgMDkvMjAwOTEtMCsGA1UE -CgwkUHJ2bsOtIGNlcnRpZmlrYcSNbsOtIGF1dG9yaXRhLCBhLnMuMT0wOwYDVQQL -DDRJLkNBIC0gQWNjcmVkaXRlZCBQcm92aWRlciBvZiBDZXJ0aWZpY2F0aW9uIFNl -cnZpY2VzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTaEy0KC8M9l -4lSaWHMs4+sVV1LwzyJYiIQNeCrv1HHm/YpGIdY/Z640ceankjQvIX7m23BK4OSC -6KO8kZYA3zopOz6GFCOKV2PvLukbc+c2imF6kLHEv6qNA8WxhPbR3xKwlHDwB2yh -Wzo7V3QVgDRG83sugqQntKYC3LnlTGbJpNP+Az72gpO9AHUn/IBhFk4ksc8lYS2L -9GCy9CsmdKSBP78p9w8Lx7vDLqkDgt1/zBrcUWmSSb7AE/BPEeMryQV1IdI6nlGn -BhWkXOYf6GSdayJw86btuxC7viDKNrbp44HjQRaSxnp6O3eto1x4DfiYdw/YbJFe -7EjkxSQBywIDAQABo4IBLjCCASowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E -BAMCAQYwgecGA1UdIASB3zCB3DCB2QYEVR0gADCB0DCBzQYIKwYBBQUHAgIwgcAa -gb1UZW50byBjZXJ0aWZpa2F0IGplIHZ5ZGFuIGpha28ga3ZhbGlmaWtvdmFueSBz -eXN0ZW1vdnkgY2VydGlmaWthdCBwb2RsZSB6YWtvbmEgYy4gMjI3LzIwMDAgU2Iu -IHYgcGxhdG5lbSB6bmVuaS9UaGlzIGlzIHF1YWxpZmllZCBzeXN0ZW0gY2VydGlm -aWNhdGUgYWNjb3JkaW5nIHRvIEN6ZWNoIEFjdCBOby4gMjI3LzIwMDAgQ29sbC4w -HQYDVR0OBBYEFHnL0CPpOmdwkXRP01Hi4CD94Sj7MA0GCSqGSIb3DQEBCwUAA4IB -AQB9laU214hYaBHPZftbDS/2dIGLWdmdSbj1OZbJ8LIPBMxYjPoEMqzAR74tw96T -i6aWRa5WdOWaS6I/qibEKFZhJAVXX5mkx2ewGFLJ+0Go+eTxnjLOnhVF2V2s+57b -m8c8j6/bS6Ij6DspcHEYpfjjh64hE2r0aSpZDjGzKFM6YpqsCJN8qYe2X1qmGMLQ -wvNdjG+nPzCJOOuUEypIWt555ZDLXqS5F7ZjBjlfyDZjEfS2Es9Idok8alf563Mi -9/o+Ba46wMYOkk3P1IlU0RqCajdbliioACKDztAqubONU1guZVzV8tuMASVzbJeL -/GAB7ECTwe1RuKrLYtglMKI9 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu -VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw -MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw -JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT -3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU -+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp -S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 -bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi -T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL -vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK -Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK -dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT -c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv -l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N -iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD -ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH -6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt -LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 -nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 -+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK -W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT -AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq -l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG -4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ -mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A -7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu -VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN -MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 -MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 -ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy -RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS -bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF -/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R -3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw -EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy -9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V -GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ -2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV -WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD -W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN -AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj -t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV -DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 -TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G -lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW -mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df -WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 -+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ -tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA -GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv -8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 -WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu -ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY -MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc -h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ -0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U -A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW -T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH -B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC -B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv -KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn -OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn -jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw -qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI -rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq -hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL -ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ -3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK -NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 -ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur -TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC -jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc -oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq -4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA -mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d -emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEXzCCA0egAwIBAgIBATANBgkqhkiG9w0BAQUFADCB0DELMAkGA1UEBhMCRVMx -SDBGBgNVBAoTP0laRU5QRSBTLkEuIC0gQ0lGIEEtMDEzMzcyNjAtUk1lcmMuVml0 -b3JpYS1HYXN0ZWl6IFQxMDU1IEY2MiBTODFCMEAGA1UEBxM5QXZkYSBkZWwgTWVk -aXRlcnJhbmVvIEV0b3JiaWRlYSAzIC0gMDEwMTAgVml0b3JpYS1HYXN0ZWl6MRMw -EQYDVQQDEwpJemVucGUuY29tMR4wHAYJKoZIhvcNAQkBFg9JbmZvQGl6ZW5wZS5j -b20wHhcNMDMwMTMwMjMwMDAwWhcNMTgwMTMwMjMwMDAwWjCB0DELMAkGA1UEBhMC -RVMxSDBGBgNVBAoTP0laRU5QRSBTLkEuIC0gQ0lGIEEtMDEzMzcyNjAtUk1lcmMu -Vml0b3JpYS1HYXN0ZWl6IFQxMDU1IEY2MiBTODFCMEAGA1UEBxM5QXZkYSBkZWwg -TWVkaXRlcnJhbmVvIEV0b3JiaWRlYSAzIC0gMDEwMTAgVml0b3JpYS1HYXN0ZWl6 -MRMwEQYDVQQDEwpJemVucGUuY29tMR4wHAYJKoZIhvcNAQkBFg9JbmZvQGl6ZW5w -ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1btoCXXhp3xIW -D+Bxl8nUCxkyiazWfpt0e68t+Qt9+lZjKZSdEw2Omj4qvr+ovRmDXO3iWpWVOWDl -3JHJjAzFCe8ZEBNDH+QNYwZHmPBaMYFOYFdbAFVHWvys152C308hcFJ6xWWGmjvl -2eMiEl9P2nR2LWue368DCu+ak7j3gjAXaCOdP1a7Bfr+RW3X2SC5R4Xyp8iHlL5J -PHJD/WBkLrezwzQPdACw8m9EG7q9kUwlNpL32mROujS3ZkT6mQTzJieLiE3X04s0 -uIUqVkk5MhjcHFf7al0N5CzjtTcnXYJKN2Z9EDVskk4olAdGi46eSoZXbjUOP5gk -Ej6wVZAXAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG -MB0GA1UdDgQWBBTqVk/sPIOhFIh4gbIrBSLAB0FbQjANBgkqhkiG9w0BAQUFAAOC -AQEAYp7mEzzhw6o5Hf5+T5kcI+t4BJyiIWy7vHlLs/G8dLYXO81aN/Mzg928eMTR -TxxYZL8dd9uwsJ50TVfX6L0R4Dyw6wikh3fHRrat9ufXi63j5K91Ysr7aXqnF38d -iAgHYkrwC3kuxHBb9C0KBz6h8Q45/KCyN7d37wWAq38yyhPDlaOvyoE6bdUuK5hT -m5EYA5JmPyrhQ1moDOyueWBAjxzMEMj+OAY1H90cLv6wszsqerxRrdTOHBdv7MjB -EIpvEEQkXUxVXAzFuuT6m2t91Lfnwfl/IvljHaVC7DlyyhRYHD6D4Rx+4QKp4tWL -vpw6LkI+gKNJ/YdMCsRZQzEEFA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF8DCCA9igAwIBAgIPBuhGJy8fCo/RhFzjafbVMA0GCSqGSIb3DQEBBQUAMDgx -CzAJBgNVBAYTAkVTMRQwEgYDVQQKDAtJWkVOUEUgUy5BLjETMBEGA1UEAwwKSXpl -bnBlLmNvbTAeFw0wNzEyMTMxMzA4MjdaFw0zNzEyMTMwODI3MjVaMDgxCzAJBgNV -BAYTAkVTMRQwEgYDVQQKDAtJWkVOUEUgUy5BLjETMBEGA1UEAwwKSXplbnBlLmNv -bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMnTesoPHqynhugWZWqx -whtFMnGV2f4QW8yv56V5AY+Jw8ryVXH3d753lPNypCxE2J6SmxQ6oeckkAoKVo7F -2CaU4dlI4S0+2gpy3aOZFdqBoof0e24md4lYrdbrDLJBenNubdt6eEHpCIgSfocu -ZhFjbFT7PJ1ywLwu/8K33Q124zrX97RovqL144FuwUZvXY3gTcZUVYkaMzEKsVe5 -o4qYw+w7NMWVQWl+dcI8IMVhulFHoCCQk6GQS/NOfIVFVJrRBSZBsLVNHTO+xAPI -JXzBcNs79AktVCdIrC/hxKw+yMuSTFM5NyPs0wH54AlETU1kwOENWocivK0bo/4m -tRXzp/yEGensoYi0RGmEg/OJ0XQGqcwL1sLeJ4VQJsoXuMl6h1YsGgEebL4TrRCs -tST1OJGh1kva8bvS3ke18byB9llrzxlT6Y0Vy0rLqW9E5RtBz+GGp8rQap+8TI0G -M1qiheWQNaBiXBZO8OOi+gMatCxxs1gs3nsL2xoP694hHwZ3BgOwye+Z/MC5TwuG -KP7Suerj2qXDR2kS4Nvw9hmL7Xtw1wLW7YcYKCwEJEx35EiKGsY7mtQPyvp10gFA -Wo15v4vPS8+qFsGV5K1Mij4XkdSxYuWC5YAEpAN+jb/af6IPl08M0w3719Hlcn4c -yHf/W5oPt64FRuXxqBbsR6QXAgMBAAGjgfYwgfMwgbAGA1UdEQSBqDCBpYEPaW5m -b0BpemVucGUuY29tpIGRMIGOMUcwRQYDVQQKDD5JWkVOUEUgUy5BLiAtIENJRiBB -MDEzMzcyNjAtUk1lcmMuVml0b3JpYS1HYXN0ZWl6IFQxMDU1IEY2MiBTODFDMEEG -A1UECQw6QXZkYSBkZWwgTWVkaXRlcnJhbmVvIEV0b3JiaWRlYSAxNCAtIDAxMDEw -IFZpdG9yaWEtR2FzdGVpejAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUHRxlDqjyJXu0kc/ksbHmvVV0bAUwDQYJKoZIhvcNAQEFBQAD -ggIBAMeBRm8hGE+gBe/n1bqXUKJg7aWSFBpSm/nxiEqg3Hh10dUflU7F57dp5iL0 -+CmoKom+z892j+Mxc50m0xwbRxYpB2iEitL7sRskPtKYGCwkjq/2e+pEFhsqxPqg -l+nqbFik73WrAGLRne0TNtsiC7bw0fRue0aHwp28vb5CO7dz0JoqPLRbEhYArxk5 -ja2DUBzIgU+9Ag89njWW7u/kwgN8KRwCfr00J16vU9adF79XbOnQgxCvv11N75B7 -XSus7Op9ACYXzAJcY9cZGKfsK8eKPlgOiofmg59OsjQerFQJTx0CCzl+gQgVuaBp -E8gyK+OtbBPWg50jLbJtooiGfqgNASYJQNntKE6MkyQP2/EeTXp6WuKlWPHcj1+Z -ggwuz7LdmMySlD/5CbOlliVbN/UShUHiGUzGigjB3Bh6Dx4/glmimj4/+eAJn/3B -kUtdyXvWton83x18hqrNA/ILUpLxYm9/h+qrdslsUMIZgq+qHfUgKGgu1fxkN0/P -pUTEvnK0jHS0bKf68r10OEMr3q/53NjgnZ/cPcqlY0S/kqJPTIAcuxrDmkoEVU3K -7iYLHL8CxWTTnn7S05EcS6L1HOUXHA0MUqORH5zwIe0ClG+poEnK6EOMxPQ02nwi -o8ZmPrgbBYhdurz3vOXcFD2nhqi2WVIhA16L4wTtSyoeo09Q ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 -MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 -ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD -VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j -b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq -scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO -xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H -LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX -uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD -yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ -JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q -rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN -BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L -hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB -QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ -HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu -Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg -QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB -BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx -MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA -A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb -laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 -awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo -JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw -LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT -VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk -LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb -UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ -QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ -naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls -QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDczCCAlugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJLUjEN -MAsGA1UECgwES0lTQTEuMCwGA1UECwwlS29yZWEgQ2VydGlmaWNhdGlvbiBBdXRo -b3JpdHkgQ2VudHJhbDEWMBQGA1UEAwwNS0lTQSBSb290Q0EgMTAeFw0wNTA4MjQw -ODA1NDZaFw0yNTA4MjQwODA1NDZaMGQxCzAJBgNVBAYTAktSMQ0wCwYDVQQKDARL -SVNBMS4wLAYDVQQLDCVLb3JlYSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBDZW50 -cmFsMRYwFAYDVQQDDA1LSVNBIFJvb3RDQSAxMIIBIDANBgkqhkiG9w0BAQEFAAOC -AQ0AMIIBCAKCAQEAvATk+hM58DSWIGtsaLv623f/J/es7C/n/fB/bW+MKs0lCVsk -9KFo/CjsySXirO3eyDOE9bClCTqnsUdIxcxPjHmc+QZXfd3uOPbPFLKc6tPAXXdi -8EcNuRpAU1xkcK8IWsD3z3X5bI1kKB4g/rcbGdNaZoNy4rCbvdMlFQ0yb2Q3lIVG -yHK+d9VuHygvx2nt54OJM1jT3qC/QOhDUO7cTWu8peqmyGGO9cNkrwYV3CmLP3WM -vHFE2/yttRcdbYmDz8Yzvb9Fov4Kn6MRXw+5H5wawkbMnChmn3AmPC7fqoD+jMUE -CSVPzZNHPDfqAmeS/vwiJFys0izgXAEzisEZ2wIBA6MyMDAwHQYDVR0OBBYEFL+2 -J9gDWnZlTGEBQVYx5Yt7OtnMMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF -BQADggEBABOvUQveimpb5poKyLGQSk6hAp3MiNKrZr097LuxQpVqslxa/6FjZJap -aBV/JV6K+KRzwYCKhQoOUugy50X4TmWAkZl0Q+VFnUkq8JSV3enhMNITbslOsXfl -BM+tWh6UCVrXPAgcrnrpFDLBRa3SJkhyrKhB2vAhhzle3/xk/2F0KpzZm4tfwjeT -2KM3LzuTa7IbB6d/CVDv0zq+IWuKkDsnSlFOa56ch534eJAx7REnxqhZvvwYC/uO -fi5C4e3nCSG9uRPFVmf0JqZCQ5BEVLRxm3bkGhKsGigA35vB1fjbXKP4krG9tNT5 -UNkAAk/bg9ART6RCVmE6fhMy04Qfybo= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD -VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 -ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G -CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y -OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx -FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp -Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o -dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP -kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc -cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U -fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 -N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC -xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 -+rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM -Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG -SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h -mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk -ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 -tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c -2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t -HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG -EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 -MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl -cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR -dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB -pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM -b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm -aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz -IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT -lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz -AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 -VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG -ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 -BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG -AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M -U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh -bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C -+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC -bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F -uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 -XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi -MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu -MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp -dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV -UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO -ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz -c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP -OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl -mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF -BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 -qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw -gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu -bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp -dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 -6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ -h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH -/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv -wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN -pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB -ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly -aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl -ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w -NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G -A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD -VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX -SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR -VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 -w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF -mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg -4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 -4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw -DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw -EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx -SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 -ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 -vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa -hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi -Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ -/L7fCg0= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt -MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg -Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i -YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x -CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG -b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh -bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 -HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx -WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX -1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk -u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P -99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r -M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw -AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB -BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh -cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 -gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO -ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf -aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic -Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL -BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc -BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 -MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV -wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe -rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 -68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh -4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp -UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o -abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc -3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G -KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt -hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO -Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt -zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD -ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC -MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 -cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN -qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 -YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv -b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 -8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k -NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj -ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp -q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt -nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL -BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc -BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 -MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf -qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW -n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym -c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ -O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 -o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j -IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq -IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz -8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh -vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l -7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG -cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD -ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 -AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC -roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga -W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n -lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE -+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV -csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd -dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg -KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM -HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 -WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x -GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv -b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV -BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W -YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa -GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg -Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J -WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB -rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp -+ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 -ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i -Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz -PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og -/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH -oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI -yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud -EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 -A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL -MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT -ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f -BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn -g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl -fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K -WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha -B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc -hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR -TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD -mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z -ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y -4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza -8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL -BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc -BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 -MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR -/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu -FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR -U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c -ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR -FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k -A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw -eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl -sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp -VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q -A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ -ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD -ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px -KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI -FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv -oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg -u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP -0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf -3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl -8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ -DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN -PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ -ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x -GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv -b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV -BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W -YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM -V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB -4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr -H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd -8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv -vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT -mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe -btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc -T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt -WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ -c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A -4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD -VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG -CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 -aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 -aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu -dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw -czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G -A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC -TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg -Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 -7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem -d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd -+LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B -4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN -t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x -DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 -k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s -zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j -Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT -mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK -4SVhM7JZG+Ju1zdXtg2pEto= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC -TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz -MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw -IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR -dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp -li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D -rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ -WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug -F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU -xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC -Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv -dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw -ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl -IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh -c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy -ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh -Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI -KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T -KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq -y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p -dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD -VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL -MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk -fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 -7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R -cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y -mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW -xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK -SnQ2+Q== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK -MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x -GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx -MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg -Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ -iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa -/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ -jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI -HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 -sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w -gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw -KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG -AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L -URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO -H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm -I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY -iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc -f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI -MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x -FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz -MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv -cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz -Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO -0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao -wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj -7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS -8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT -BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg -JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC -NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 -6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ -3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm -D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS -CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR -3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl -MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh -U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz -MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N -IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11 -bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE -RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO -zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5 -bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF -MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1 -VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC -OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G -CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW -tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ -q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb -EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+ -Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O -VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY -MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t -dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 -WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD -VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 -9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ -DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 -Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N -QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ -xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G -A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T -AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG -kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr -Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 -Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU -JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot -RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl -MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe -U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX -DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy -dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj -YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV -OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr -zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM -VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ -hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO -ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw -awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs -OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 -DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF -coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc -okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 -t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy -1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ -SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP -MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx -MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV -BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o -Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt -5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s -3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej -vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu -8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw -DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG -MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil -zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ -3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD -FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 -Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 -ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO -TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh -dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y -MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg -TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS -b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS -M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC -UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d -Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p -rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l -pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb -j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC -KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS -/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X -cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH -1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP -px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB -/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 -MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI -eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u -2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS -v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC -wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy -CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e -vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 -Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa -Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL -eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 -FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc -7uzXLg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO -TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh -dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX -DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl -ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv -b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 -qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp -uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU -Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE -pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp -5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M -UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN -GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy -5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv -6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK -eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 -B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ -BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov -L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV -HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG -SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS -CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen -5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 -IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK -gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL -+63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL -vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm -bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk -N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC -Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z -ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO -TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh -dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX -DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl -ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv -b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP -cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW -IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX -xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy -KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR -9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az -5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 -6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 -Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP -bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt -BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt -XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF -MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd -INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD -U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp -LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 -Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp -gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh -/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw -0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A -fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq -4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR -1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ -QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM -94B7IWcnMFk= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl -MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp -U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw -NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE -ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp -ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 -DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf -8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN -+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 -X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa -K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA -1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G -A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR -zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 -YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD -bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 -L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D -eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl -xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp -VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY -WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx -EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT -HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs -ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw -MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 -b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj -aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp -Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg -nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 -HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N -Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN -dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 -HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G -CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU -sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 -4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg -8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K -pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 -mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx -EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT -HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs -ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 -MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy -ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy -dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p -OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 -8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K -Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe -hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk -6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q -AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI -bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB -ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z -qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd -iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn -0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN -sSi6 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEW -MBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1 -OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoG -A1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8Oo1XJ -JZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsD -vfOpL9HG4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnoo -D/Uefyf3lLE3PbfHkffiAez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/ -Q0kGi4xDuFby2X8hQxfqp0iVAXV16iulQ5XqFYSdCI0mblWbq9zSOdIxHWDirMxW -RST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbsO+wmETRIjfaAKxojAuuK -HDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8HvKTlXcxN -nw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM -0D4LnMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/i -UUjXuG+v+E5+M5iSFGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9 -Ha90OrInwMEePnWjFqmveiJdnxMaz6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHg -TuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE -AwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJKoZIhvcNAQEL -BQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K -2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfX -UfEpY9Z1zRbkJ4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl -6/2o1PXWT6RbdejF0mCy2wl+JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK -9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG/+gyRr61M3Z3qAFdlsHB1b6uJcDJ -HgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTcnIhT76IxW1hPkWLI -wpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/XldblhY -XzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5l -IxKVCCIcl85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoo -hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr -so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddI ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW -MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg -Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9 -MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi -U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh -cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk -pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf -OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C -Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT -Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi -HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM -Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w -+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ -Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 -Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B -26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID -AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE -FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j -ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js -LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM -BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 -Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy -dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh -cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh -YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg -dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp -bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ -YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT -TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ -9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8 -jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW -FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz -ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 -ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L -EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu -L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq -yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC -O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V -um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh -NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW -MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg -Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9 -MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi -U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh -cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk -pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf -OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C -Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT -Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi -HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM -Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w -+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ -Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 -Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B -26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID -AQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD -VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFul -F2mHMMo0aEPQQa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCC -ATgwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5w -ZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVk -aWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENvbW1lcmNpYWwgKFN0 -YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUg -c2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93 -d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgG -CWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1 -dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5fPGFf59Jb2vKXfuM/gTF -wWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWmN3PH/UvS -Ta0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst -0OcNOrg+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNc -pRJvkrKTlMeIFw6Ttn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKl -CcWw0bdT82AUuoVpaiF8H3VhFyAXe2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVF -P0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA2MFrLH9ZXF2RsXAiV+uKa0hK -1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBsHvUwyKMQ5bLm -KhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE -JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ -8dCAWZvLMdibD4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnm -fyWl8kgAwKQB2j8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk -MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 -YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg -Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT -AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp -Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9 -m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih -FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/ -TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F -EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco -kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu -HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF -vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo -19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC -L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW -bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX -JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw -FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j -BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc -K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf -ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik -Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB -sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e -3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR -ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip -mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH -b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf -rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms -hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y -zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6 -MBr1mmz0DlP5OlvRHA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBk -MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 -YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg -Q0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYT -AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp -Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvEr -jw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r -0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f -2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVP -ACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aF -y6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTA -tukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL -6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0 -uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrAL -acywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velh -k6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q -VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw -FDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O -BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqh -b97iEoHF8TwuMA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4R -fbgZPnm3qKhyN2abGu2sEzsOv2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv -/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82YqZh6NM4OKb3xuqFp1mrjX2lhI -REeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLzo9v/tdhZsnPdTSpx -srpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcsa0vv -aGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT -woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99n -Bjx8Oto0QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5W -t6NlUe07qxS/TFED6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N -8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx2 -9CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5 -wSsSnqaeG8XmDtkx2Q== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF4DCCA8igAwIBAgIRAPL6ZOJ0Y9ON/RAdBB92ylgwDQYJKoZIhvcNAQELBQAw -ZzELMAkGA1UEBhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdp -dGFsIENlcnRpZmljYXRlIFNlcnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290 -IEVWIENBIDIwHhcNMTEwNjI0MDk0NTA4WhcNMzEwNjI1MDg0NTA4WjBnMQswCQYD -VQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2Vy -dGlmaWNhdGUgU2VydmljZXMxHjAcBgNVBAMTFVN3aXNzY29tIFJvb3QgRVYgQ0Eg -MjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMT3HS9X6lds93BdY7Bx -UglgRCgzo3pOCvrY6myLURYaVa5UJsTMRQdBTxB5f3HSek4/OE6zAMaVylvNwSqD -1ycfMQ4jFrclyxy0uYAyXhqdk/HoPGAsp15XGVhRXrwsVgu42O+LgrQ8uMIkqBPH -oCE2G3pXKSinLr9xJZDzRINpUKTk4RtiGZQJo/PDvO/0vezbE53PnUgJUmfANykR -HvvSEaeFGHR55E+FFOtSN+KxRdjMDUN/rhPSays/p8LiqG12W0OfvrSdsyaGOx9/ -5fLoZigWJdBLlzin5M8J0TbDC77aO0RYjb7xnglrPvMyxyuHxuxenPaHZa0zKcQv -idm5y8kDnftslFGXEBuGCxobP/YCfnvUxVFkKJ3106yDgYjTdLRZncHrYTNaRdHL -OdAGalNgHa/2+2m8atwBz735j9m9W8E6X47aD0upm50qKGsaCnw8qyIL5XctcfaC -NYGu+HuB5ur+rPQam3Rc6I8k9l2dRsQs0h4rIWqDJ2dVSqTjyDKXZpBy2uPUZC5f -46Fq9mDU5zXNysRojddxyNMkM3OxbPlq4SjbX8Y96L5V5jcb7STZDxmPX2MYWFCB -UWVv8p9+agTnNCRxunZLWB4ZvRVgRaoMEkABnRDixzgHcgplwLa7JSnaFp6LNYth -7eVxV4O1PHGf40+/fh6Bn0GXAgMBAAGjgYYwgYMwDgYDVR0PAQH/BAQDAgGGMB0G -A1UdIQQWMBQwEgYHYIV0AVMCAgYHYIV0AVMCAjASBgNVHRMBAf8ECDAGAQH/AgED -MB0GA1UdDgQWBBRF2aWBbj2ITY1x0kbBbkUe88SAnTAfBgNVHSMEGDAWgBRF2aWB -bj2ITY1x0kbBbkUe88SAnTANBgkqhkiG9w0BAQsFAAOCAgEAlDpzBp9SSzBc1P6x -XCX5145v9Ydkn+0UjrgEjihLj6p7jjm02Vj2e6E1CqGdivdj5eu9OYLU43otb98T -PLr+flaYC/NUn81ETm484T4VvwYmneTwkLbUwp4wLh/vx3rEUMfqe9pQy3omywC0 -Wqu1kx+AiYQElY2NfwmTv9SoqORjbdlk5LgpWgi/UOGED1V7XwgiG/W9mR4U9s70 -WBCCswo9GcG/W6uqmdjyMb3lOGbcWAXH7WMaLgqXfIeTK7KK4/HsGOV1timH59yL -Gn602MnTihdsfSlEvoqq9X46Lmgxk7lq2prg2+kupYTNHAq4Sgj5nPFhJpiTt3tm -7JFe3VE/23MPrQRYCd0EApUKPtN236YQHoA96M2kZNEzx5LH4k5E4wnJTsJdhw4S -nr8PyQUQ3nqjsTzyP6WqJ3mtMX0f/fwZacXduT98zca0wjAefm6S139hdlqP65VN -vBFuIXxZN5nQBrz5Bm0yFqXZaajh3DyAHmBR3NdUIR7KYndP+tiPsys6DXhyyWhB -WkdKwqPrGtcKqzwyVcgKEZzfdNbwQBUdyLmPtTbFr/giuMod89a2GQ+fYWVq6nTI -fI/DT11lgh/ZDYnadXL77/FHZxOzyNEZiCcmmpl5fx7kLD977vHeTYuWl8PVP3wb -I+2ksx0WckNLIOFZfsLorSa/ovc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV -BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln -biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF -MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT -d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 -76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ -bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c -6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE -emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd -MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt -MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y -MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y -FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi -aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM -gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB -qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 -lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn -8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov -L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 -45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO -UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 -O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC -bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv -GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a -77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC -hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 -92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp -Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w -ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt -Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFejCCA2KgAwIBAgIJAN7E8kTzHab8MA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV -BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxJDAiBgNVBAMTG1N3aXNzU2ln -biBHb2xkIFJvb3QgQ0EgLSBHMzAeFw0wOTA4MDQxMzMxNDdaFw0zNzA4MDQxMzMx -NDdaMEoxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxJDAiBgNV -BAMTG1N3aXNzU2lnbiBHb2xkIFJvb3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEB -BQADggIPADCCAgoCggIBAMPon8hlWp1nG8FFl7S0h0NbYWCAnvJ/XvlnRN1E+qu1 -q3f/KhlMzm/Ej0Gf4OLNcuDR1FJhQQkKvwpw++CDaWEpytsimlul5t0XlbBvhI46 -PmRaQfsbWPz9Kz6ypOasyYK8zvaV+Jd37Sb2WK6eJ+IPg+zFNljIe8/Vh6GphxoT -Z2EBbaZpnOKQ8StoZfPosHz8gj3erdgKAAlEeROc8P5udXvCvLNZAQt8xdUt8L// -bVfSSYHrtLNQrFv5CxUVjGn/ozkB7fzc3CeXjnuL1Wqm1uAdX80Bkeb1Ipi6LgkY -OG8TqIHS+yE35y20YueBkLDGeVm3Z3X+vo87+jbsr63ST3Q2AeVXqyMEzEpel89+ -xu+MzJUjaY3LOMcZ9taKABQeND1v2gwLw7qX/BFLUmE+vzNnUxC/eBsJwke6Hq9Y -9XWBf71W8etW19lpDAfpNzGwEhwy71bZvnorfL3TPbxqM006PFAQhyfHegpnU9t/ -gJvoniP6+Qg6i6GONFpIM19k05eGBxl9iJTOKnzFat+vvKmfzTqmurtU+X+P388O -WsStmryzOndzg0yTPJBotXxQlRHIgl6UcdBBGPvJxmXszom2ziKzEVs/4J0+Gxho -DaoDoWdZv2udvPjyZS+aQTpF2F7QNmxvOx5jtI6YTBPbIQ6fe+3qoKpxw+ujoNIl -AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud -DgQWBBRclwZGNKvfMMV8xQ1VcWYwtWCPnjAfBgNVHSMEGDAWgBRclwZGNKvfMMV8 -xQ1VcWYwtWCPnjANBgkqhkiG9w0BAQsFAAOCAgEAd0tN3uqFSqssJ9ZFx/FfIMFb -YO0Hy6Iz3DbPx5TxBsfV2s/NrYQ+/xJIf0HopWZXMMQd5KcaLy1Cwe9Gc7LV9Vr9 -Dnpr0sgxow1IlldlY1UYwPzkisyYhlurDIonN/ojaFlcJtehwcK5Tiz/KV7mlAu+ -zXJPleiP9ve4Pl7Oz54RyawDKUiKqbamNLmsQP/EtnM3scd/qVHbSypHX0AkB4gG -tySz+3/3sIsz+r8jdaNc/qplGsK+8X2BdwOBsY3XlQ16PEKYt4+pfVDh31IGmqBS -VHiDB2FSCTdeipynxlHRXGPRhNzC29L6Wxg2fWa81CiXL3WWHIQHrIuOUxG+JCGq -Z/LBrYic07B4Z3j101gDIApdIPG152XMDiDj1d/mLxkrhWjBBCbPj+0FU6HdBw7r -QSbHtKksW+NpPWbAYhvAqobAN8MxBIZwOb5rXyFAQaB/5dkPOEtwX0n4hbgrLqof -k0FD+PuydDwfS1dbt9RRoZJKzr4Qou7YFCJ7uUG9jemIqdGPAxpg/z+HiaCZJyJm -sD5onnKIUTidEz5FbQXlRrVz7UOGsRQKHrzaDb8eJFxmjw6+of3G62m8Q3nXA3b5 -3IeZuJjEzX9tEPkQvixC/pwpTYNrCr21jsRIiv0hB6aAfR+b6au9gmFECnEnX22b -kJ6u/zYks2gD1pWMa3M= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE -BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu -IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw -WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD -ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y -IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn -IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ -6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob -jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw -izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl -+zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY -zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP -pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF -KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW -ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB -AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O -BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 -ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW -IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA -A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 -uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ -FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 -jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ -u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D -YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 -puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa -icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG -DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x -kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z -Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFgTCCA2mgAwIBAgIIIj+pFyDegZQwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UE -BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEoMCYGA1UEAxMfU3dpc3NTaWdu -IFBsYXRpbnVtIFJvb3QgQ0EgLSBHMzAeFw0wOTA4MDQxMzM0MDRaFw0zNzA4MDQx -MzM0MDRaME4xCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxKDAm -BgNVBAMTH1N3aXNzU2lnbiBQbGF0aW51bSBSb290IENBIC0gRzMwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCUoO8TG59EIBvNxaoiu9nyUj56Wlh35o2h -K8ncpPPksxOUAGKbHPJDUEOBfq8wNkmsGIkMGEW4PsdUbePYmllriholqba1Dbd9 -I/BffagHqfc+hi7IAU3c5jbtHeU3B2kSS+OD0QQcJPAfcHHnGe1zSG6VKxW2VuYC -31bpm/rqpu7gwsO64MzGyHvXbzqVmzqPvlss0qmgOD7WiOGxYhOO3KswZ82oaqZj -K4Kwy8c9Tu1y9n2rMk5lAusPmXT4HBoojA5FAJMsFJ9txxue9orce3jjtJRHHU0F -bYR6kFSynot1woDfhzk/n/tIVAeNoCn1+WBfWnLou5ugQuAIADSjFTwT49YaawKy -lCGjnUG8KmtOMzumlDj8PccrM7MuKwZ0rJsQb8VORfddoVYDLA1fer0e3h13kGva -pS2KTOnfQfTnS+x9lUKfTKkJD0OIPz2T5yv0ekjaaMTdEoAxGl0kVCamJCGzTK3a -Fwg2AlfGnIZwyXXJnnxh2HjmuegUafkcECgSXUt1ULo80GdwVVVWS/s9HNjbeU2X -37ie2xcs1TUHuFCp9473Vv96Z0NPINnKZtY4YEvulDHWDaJIm/80aZTGNfWWiO+q -ZsyBputMU/8ydKe2nZhXtLomqfEzM2J+OrADEVf/3G8RI60+xgrQzFS3LcKTHeXC -pozH2O9T9wIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQUVio/kFj0F1oUstcIG4VbVGpUGigwHwYDVR0jBBgwFoAUVio/ -kFj0F1oUstcIG4VbVGpUGigwDQYJKoZIhvcNAQELBQADggIBAGztiudDqHknm7jP -hz5kOBiMEUKShjfgWMMb7gQu94TsgxBoDH94LZzCl442ThbYDuprSK1Pnl0NzA2p -PhiFfsxomTk11tifhsEy+01lsyIUS8iFZtoX/3GRrJxWV95xLFZCv/jNDvCi0//S -IhX70HgKfuGwWs6ON9upnueVz2PyLA3S+m/zyNX7ALf3NWcQ03tS7BAy+L/dXsmm -gqTxsL8dLt0l5L1N8DWpkQFH+BAClFvrPusNutUdYyylLqvn4x6j7kuqX7FmAbSC -WvlGS8fx+N8svv113ZY4mjc6bqXmMhVus5DAOYp0pZWgvg0uiXnNKVaOw15XUcQF -bwRVj4HpTL1ZRssqvE3JHfLGTwXkyAQN925P2sM6nNLC9enGJHoUPhxCMKgCRTGp -/FCp3NyGOA9bkz9/CE5qDSc6EHlWwxW4PgaG9tlwZ691eoviWMzGdU8yVcVsFAko -O/KV5GreLCgHraB9Byjd1Fqj6aZ8E4yZC1J429nR3z5aQ3Z/RmBTws3ndkd8Vc20 -OWQQW5VLNV1EgyTV4C4kDMGAbmkAgAZ3CmaCEAxRbzeJV9vzTOW4ue4jZpdgt1Ld -2Zb7uoo7oE3OXvBETJDMIU8bOphrjjGD+YMIUssZwTVr7qEVW4g/bazyNJJTpjAq -E9fmhqhd2ULSx52peovL3+6iMcLl ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE -BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu -IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow -RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY -U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv -Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br -YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF -nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH -6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt -eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ -c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ -MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH -HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf -jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 -5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB -rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU -F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c -wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 -cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB -AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp -WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 -xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ -2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ -IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 -aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X -em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR -dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ -OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ -hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy -tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFfjCCA2agAwIBAgIJAKqIsFoLsXabMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV -BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxJjAkBgNVBAMTHVN3aXNzU2ln -biBTaWx2ZXIgUm9vdCBDQSAtIEczMB4XDTA5MDgwNDEzMTkxNFoXDTM3MDgwNDEz -MTkxNFowTDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEmMCQG -A1UEAxMdU3dpc3NTaWduIFNpbHZlciBSb290IENBIC0gRzMwggIiMA0GCSqGSIb3 -DQEBAQUAA4ICDwAwggIKAoICAQC+h5sF5nF8Um9t7Dep6bPczF9/01DqIZsE8D2/ -vo7JpRQWMhDPmfzscK1INmckDBcy1inlSjmxN+umeAxsbxnKTvdR2hro+iE4bJWc -L9aLzDsCm78mmxFFtrg0Wh2mVEhSyJ14cc5ISsyneIPcaKtmHncH0zYYCNfUbWD4 -8HnTMzYJkmO3BJr1p5baRa90GvyC46hbDjo/UleYfrycjMHAslrfxH7+DKZUdoN+ -ut3nKvRKNk+HZS6lujmNWWEp89OOJHCMU5sRpUcHsnUFXA2E2UTZzckmRFduAn2V -AdSrJIbuPXD7V/qwKRTQnfLFl8sJyvHyPefYS5bpiC+eR1GKVGWYSNIS5FR3DAfm -vluc8d0Dfo2E/L7JYtX8yTroibVfwgVSYfCcPuwuTYxykY7IQ8GiKF71gCTc4i+H -O1MA5cvwsnyNeRmgiM14+MWKWnflBqzdSt7mcG6+r771sasOCLDboD+Uxb4Subx7 -J3m1MildrsUgI5IDe1Q5sIkiVG0S48N46jpA/aSTrOktiDzbpkdmTN/YF+0W3hrW -10Fmvx2A8aTgZBEpXgwnBWLr5cQEYtHEnwxqVdZYOJxmD537q1SAmZzsSdaCn9pF -1j9TBgO3/R/shn104KS06DK2qgcj+O8kQZ5jMHj0VN2O8Fo4jhJ/eMdvAlYhM864 -uK1pVQIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd -BgNVHQ4EFgQUoYxFkwoSYwunV18ySn3hIee3PmYwHwYDVR0jBBgwFoAUoYxFkwoS -YwunV18ySn3hIee3PmYwDQYJKoZIhvcNAQELBQADggIBAIeuYW1IOCrGHNxKLoR4 -ScAjKkW4NU3RBfq5BTPEZL3brVQWKrA+DVoo2qYagHMMxEFvr7g0tnfUW44dC4tG -kES1s+5JGInBSzSzhzV0op5FZ+1FcWa2uaElc9fCrIj70h2na9rAWubYWWQ0l2Ug -MTMDT86tCZ6u6cI+GHW0MyUSuwXsULpxQOK93ohGBSGEi6MrHuswMIm/EfVcRPiR -i0tZRQswDcoMT29jvgT+we3gh/7IzVa/5dyOetTWKU6A26ubP45lByL3RM2WHy3H -9Qm2mHD/ONxQFRGEO3+p8NgkVMgXjCsTSdaZf0XRD46/aXI3Uwf05q79Wz55uQbN -uIF4tE2g0DW65K7/00m8Ne1jxrP846thWgW2C+T/qSq+31ROwktcaNqjMqLJTVcY -UzRZPGaZ1zwCeKdMcdC/2/HEPOcB5gTyRPZIJjAzybEBGesC8cwh+joCMBedyF+A -P90lrAKb4xfevcqSFNJSgVPm6vwwZzKpYvaTFxUHMV4PG2n19Km3fC2z7YREMkco -BzuGaUWpxzaWkHJ02BKmcyPRTrm2ejrEKaFQBhG52fQmbmIIEiAW8AFXF9QFNmeX -61H5/zMkDAUPVr/vPRxSjoreaQ9aH/DVAzFEs5LG6nWorrvHYAOImP/HBIRSkIbh -tJOpUC/o69I2rDBgp9ADE7UK ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICqDCCAi2gAwIBAgIQIW4zpcvTiKRvKQe0JzzE2DAKBggqhkjOPQQDAzCBlDEL -MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD -VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD -bGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g -RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC -VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h -bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAxIFB1 -YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAATXZrUb266zYO5G6ohjdTsqlG3zXxL24w+etgoUU0hS -yNw6s8tIICYSTvqJhNTfkeQpfSgB2dsYQ2mhH7XThhbcx39nI9/fMTGDAzVwsUu3 -yBe7UcvclBfb6gk7dhLeqrWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E -BTADAQH/MB0GA1UdDgQWBBRlwI0l9Qy6l3eQP54u4Fr1ztXh5DAKBggqhkjOPQQD -AwNpADBmAjEApa7jRlP4mDbjIvouKEkN7jB+M/PsP3FezFWJeJmssv3cHFwzjim5 -axfIEWi13IMHAjEAnMhE2mnCNsNUGRCFAtqdR+9B52wmnQk9922Q0QVEL7C8g5No -8gxFSTm/mQQc0xCg ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID9jCCAt6gAwIBAgIQJDJ18h0v0gkz97RqytDzmDANBgkqhkiG9w0BAQsFADCB -lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w -HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl -YyBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE -BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT -eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAx -IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHOddJZKmZgiJM6kXZBxbje/SD -6Jlz+muxNuCad6BAwoGNAcfMjL2Pffd543pMA03Z+/2HOCgs3ZqLVAjbZ/sbjP4o -ki++t7JIp4Gh2F6Iw8w5QEFa0dzl2hCfL9oBTf0uRnz5LicKaTfukaMbasxEvxvH -w9QRslBglwm9LiL1QYRmn81ApqkAgMEflZKf3vNI79sdd2H8f9/ulqRy0LY+/3gn -r8uSFWkI22MQ4uaXrG7crPaizh5HmbmJtxLmodTNWRFnw2+F2EJOKL5ZVVkElauP -N4C/DfD8HzpkMViBeNfiNfYgPym4jxZuPkjctUwH4fIa6n4KedaovetdhitNAgMB -AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW -BBQzQejIORIVk0jyljIuWvXalF9TYDANBgkqhkiG9w0BAQsFAAOCAQEAFeNzV7EX -tl9JaUSm9l56Z6zS3nVJq/4lVcc6yUQVEG6/MWvL2QeTfxyFYwDjMhLgzMv7OWyP -4lPiPEAz2aSMR+atWPuJr+PehilWNCxFuBL6RIluLRQlKCQBZdbqUqwFblYSCT3Q -dPTXvQbKqDqNVkL6jXI+dPEDct+HG14OelWWLDi3mIXNTTNEyZSPWjEwN0ujOhKz -5zbRIWhLLTjmU64cJVYIVgNnhJ3Gw84kYsdMNs+wBkS39V8C3dlU6S+QTnrIToNA -DJqXPDe/v+z28LSFdyjBC8hnghAXOKK3Buqbvzr46SMHv3TgmDgVVXjucgBcGaP0 -0jPg/73RVDkpDw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICqDCCAi2gAwIBAgIQNBdlEkA7t1aALYDLeVWmHjAKBggqhkjOPQQDAzCBlDEL -MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD -VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD -bGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g -RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC -VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h -bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAyIFB1 -YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAATR2UqOTA2ESlG6fO/TzPo6mrWnYxM9AeBJPvrBR8mS -szrX/m+c95o6D/UOCgrDP8jnEhSO1dVtmCyzcTIK6yq99tdqIAtnRZzSsr9TImYJ -XdsR8/EFM1ij4rjPfM2Cm72jQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E -BTADAQH/MB0GA1UdDgQWBBQ9MvM6qQyQhPmijGkGYVQvh3L+BTAKBggqhkjOPQQD -AwNpADBmAjEAyKapr0F/tckRQhZoaUxcuCcYtpjxwH+QbYfTjEYX8D5P/OqwCMR6 -S7wIL8fip29lAjEA1lnehs5fDspU1cbQFQ78i5Ry1I4AWFPPfrFLDeVQhuuea9// -KabYR9mglhjb8kWz ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID9jCCAt6gAwIBAgIQZIKe/DcedF38l/+XyLH/QTANBgkqhkiG9w0BAQsFADCB -lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w -HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl -YyBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE -BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT -eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAy -IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNzOkFyGOFyz9AYxe9GPo15gRn -V2WYKaRPyVyPDzTS+NqoE2KquB5QZ3iwFkygOakVeq7t0qLA8JA3KRgmXOgNPLZs -ST/B4NzZS7YUGQum05bh1gnjGSYc+R9lS/kaQxwAg9bQqkmi1NvmYji6UBRDbfkx -+FYW2TgCkc/rbN27OU6Z4TBnRfHU8I3D3/7yOAchfQBeVkSz5GC9kSucq1sEcg+y -KNlyqwUgQiWpWwNqIBDMMfAr2jUs0Pual07wgksr2F82owstr2MNHSV/oW5cYqGN -KD6h/Bwg+AEvulWaEbAZ0shQeWsOagXXqgQ2sqPy4V93p3ec5R7c6d9qwWVdAgMB -AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW -BBSHjCCVyJhK0daABkqQNETfHE2/sDANBgkqhkiG9w0BAQsFAAOCAQEAgY6ypWaW -tyGltu9vI1pf24HFQqV4wWn99DzX+VxrcHIa/FqXTQCAiIiCisNxDY7FiZss7Y0L -0nJU9X3UXENX6fOupQIR9nYrgVfdfdp0MP1UR/bgFm6mtApI5ud1Bw8pGTnOefS2 -bMVfmdUfS/rfbSw8DVSAcPCIC4DPxmiiuB1w2XaM/O6lyc+tHc+ZJVdaYkXLFmu9 -Sc2lo4xpeSWuuExsi0BmSxY/zwIa3eFsawdhanYVKZl/G92IgMG/tY9zxaaWI4Sm -KIYkM2oBLldzJbZev4/mHWGoQClnHYebHX+bn5nNMdZUvmK7OaxoEkiRIKXLsd3+ -b/xa5IJVWa8xqQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICpzCCAi2gAwIBAgIQTHm1miicdjFk9YlE0JEC3jAKBggqhkjOPQQDAzCBlDEL -MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD -VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD -bGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g -RzQwHhcNMTIxMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UEBhMC -VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h -bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAzIFB1 -YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAARXz+qzOU0/oSHgbi84csaHl/OFC0fnD1HI0fSZm8pZ -Zf9M+eoLtyXV0vbsMS0yYhLXdoan+jjJZdT+c+KEOfhMSWIT3brViKBfPchPsD+P -oVAR5JNGrcNfy/GkapVW6MCjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E -BTADAQH/MB0GA1UdDgQWBBQknbzScfcdwiW+IvGJpSwVOzQeXjAKBggqhkjOPQQD -AwNoADBlAjEAuWZoZdsF0Dh9DvPIdWG40CjEsUozUVj78jwQyK5HeHbKZiQXhj5Q -Vm6lLZmIuL0kAjAD6qfnqDzqnWLGX1TamPR3vU+PGJyRXEdrQE0QHbPhicoLIsga -xcX+i93B3294n5E= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF9jCCA96gAwIBAgIQZWNxhdNvRcaPfzH5CYeSgjANBgkqhkiG9w0BAQwFADCB -lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w -HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl -YyBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -IC0gRzYwHhcNMTIxMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE -BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT -eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAz -IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3DrL6TbyachX7d1vb/UMPywv3 -YC6zK34Mu1PyzE5l8xm7/zUd99Opu0Attd141Kb5N+qFBXttt+YTSwZ8+3ZjjyAd -LTgrBIXy6LDRX01KIclq2JTqHgJQpqqQB6BHIepm+QSg5oPwxPVeluInTWHDs8GM -IrZmoQDRVin77cF/JMo9+lqUsITDx7pDHP1kDvEo+0dZ8ibhMblE+avd+76+LDfj -rAsY0/wBovGkCjWCR0yrvYpe3xOF/CDMSFmvr0FvyyPNypOn3dVfyGQ7/wEDoApP -LW49hL6vyDKyUymQFfewBZoKPPa5BpDJpeFdoDuw/qi2v/WJKFckOiGGceTciotB -VeweMCRZ0cBZuHivqlp03iWAMJjtMERvIXAc2xJTDtamKGaTLB/MTzwbgcW59nhv -0DI6CHLbaw5GF4WU87zvvPekXo7p6bVk5bdLRRIsTDe3YEMKTXEGAJQmNXQfu3o5 -XE475rgD4seTi4QsJUlF3X8jlGAfy+nN9quX92Hn+39igcjcCjBcGHzmzu/Hbh6H -fLPpysh7avRo/IOlDFa0urKNSgrHl5fFiDAVPRAIVBVycmczM/R8t84AJ1NlziTx -WmTnNi/yLgLCl99y6AIeoPc9tftoYAP6M6nmEm0G4amoXU48/tnnAGWsthlNe4N/ -NEfq4RhtsYsceavnnQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zAdBgNVHQ4EFgQUOXEIAD7eyIbnkP/k/SEPziQZFvYwDQYJKoZIhvcN -AQEMBQADggIBAFBriE1gSM5a4yLOZ3yEp80c/ekMA4w2rwqHDmquV64B0Da78v25 -c8FftaiuTKL6ScsHRhY2vePIVzh+OOS/JTNgxtw3nGO7XpgeGrKC8K6mdxGAREeh -KcXwszrOmPC47NMOgAZ3IzBM/3lkYyJbd5NDS3Wz2ztuO0rd8ciutTeKlYg6EGhw -OLlbcH7VQ8n8X0/l5ns27vAg7UdXEyYQXhQGDXt2B8LGLRb0rqdsD7yID08sAraj -1yLmmUc12I2lT4ESOhF9s8wLdfMecKMbA+r6mujmLjY5zJnOOj8Mt674Q5mwk25v -qtkPajGRu5zTtCj7g0x6c4JQZ9IOrO1gxbJdNZjPh34eWR0kvFa62qRa2MzmvB4Q -jxuMjvPB27e+1LBbZY8WaPNWxSoZFk0PuGWHbSSDuGLc4EdhGoh7zk5//dzGDVqa -pPO1TPbdMaboHREhMzAEYX0c4D5PjT+1ixIAWn2poQDUg+twuxj4pNIcgS23CBHI -Jnu21OUPA0Zy1CVAHr5JXW2T8VyyO3VUaTqg7kwiuqya4gitRWMFSlI1dsQ09V4H -Mq3cfCbRW4+t5OaqG3Wf61206MCpFXxOSgdy30bJ1JGSdVaw4e43NmUoxRXIK3bM -bW8Zg/T92hXiQeczeUaDV/nxpbZt07zXU+fucW14qZen7iCcGRVyFT0E ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDcTCCAlmgAwIBAgIVAOYJ/nrqAGiM4CS07SAbH+9StETRMA0GCSqGSIb3DQEB -BQUAMFAxCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGlj -emVuaW93YSBTLkEuMRcwFQYDVQQDDA5TWkFGSVIgUk9PVCBDQTAeFw0xMTEyMDYx -MTEwNTdaFw0zMTEyMDYxMTEwNTdaMFAxCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L -cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRcwFQYDVQQDDA5TWkFGSVIg -Uk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxHL49ZMTml -6g3wpYwrvQKkvc0Kc6oJ5sxfgmp1qZfluwbv88BdocHSiXlY8NzrVYzuWBp7J/9K -ULMAoWoTIzOQ6C9TNm4YbA9A1jdX1wYNL5Akylf8W5L/I4BXhT9KnlI6x+a7BVAm -nr/Ttl+utT/Asms2fRfEsF2vZPMxH4UFqOAhFjxTkmJWf2Cu4nvRQJHcttB+cEAo -ag/hERt/+tzo4URz6x6r19toYmxx4FjjBkUhWQw1X21re//Hof2+0YgiwYT84zLb -eqDqCOMOXxvH480yGDkh/QoazWX3U75HQExT/iJlwnu7I1V6HXztKIwCBjsxffbH -3jOshCJtywcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwHQYDVR0OBBYEFFOSo33/gnbwM9TrkmdHYTMbaDsqMA0GCSqGSIb3DQEBBQUA -A4IBAQA5UFWd5EL/pBviIMm1zD2JLUCpp0mJG7JkwznIOzawhGmFFaxGoxAhQBEg -haP+E0KR66oAwVC6xe32QUVSHfWqWndzbODzLB8yj7WAR0cDM45ZngSBPBuFE3Wu -GLJX9g100ETfIX+4YBR/4NR/uvTnpnd9ete7Whl0ZfY94yuu4xQqB5QFv+P7IXXV -lTOjkjuGXEcyQAjQzbFaT9vIABSbeCXWBbjvOXukJy6WgAiclzGNSYprre8Ryydd -fmjW9HIGwsIO03EldivvqEYL1Hv1w/Pur+6FUEOaL68PEIUovfgwIB2BAw+vZDuw -cH0mX548PojGyg434cDjkSXa3mHF ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx -KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd -BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl -YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 -OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy -aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 -ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd -AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC -FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi -1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq -jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ -wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj -QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ -WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy -NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC -uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw -IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 -g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN -9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP -BSeOE6Fuwg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx -KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd -BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl -YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 -OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy -aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 -ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN -8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ -RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 -hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 -ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM -EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj -QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 -A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy -WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ -1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 -6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT -91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml -e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p -TpPDpFQUWw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw -NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv -b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD -VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 -MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F -VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 -7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X -Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ -/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs -81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm -dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe -Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu -sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 -pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs -slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ -arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD -VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG -9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl -dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx -0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj -TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed -Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 -Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI -OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 -vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW -t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn -HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx -SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL -MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp -IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi -BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw -MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh -d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig -YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v -dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ -BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 -papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K -DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 -KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox -XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB -rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf -Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw -MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV -BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa -Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl -LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u -MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl -ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm -gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 -YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf -b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 -9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S -zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk -OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV -HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA -2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW -oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu -t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c -KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM -m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu -MdRAGmI0Nj81Aa6sY6A= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB -qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf -Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw -MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV -BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw -NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j -LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG -A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl -IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs -W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta -3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk -6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 -Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J -NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP -r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU -DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz -YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX -xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 -/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ -LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 -jVaMaA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGHDCCBASgAwIBAgIES45gAzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJE -SzESMBAGA1UEChMJVFJVU1QyNDA4MSIwIAYDVQQDExlUUlVTVDI0MDggT0NFUyBQ -cmltYXJ5IENBMB4XDTEwMDMwMzEyNDEzNFoXDTM3MTIwMzEzMTEzNFowRTELMAkG -A1UEBhMCREsxEjAQBgNVBAoTCVRSVVNUMjQwODEiMCAGA1UEAxMZVFJVU1QyNDA4 -IE9DRVMgUHJpbWFyeSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB -AJlJodr3U1Fa+v8HnyACHV81/wLevLS0KUk58VIABl6Wfs3LLNoj5soVAZv4LBi5 -gs7E8CZ9w0F2CopW8vzM8i5HLKE4eedPdnaFqHiBZ0q5aaaQArW+qKJx1rT/AaXt -alMB63/yvJcYlXS2lpexk5H/zDBUXeEQyvfmK+slAySWT6wKxIPDwVapauFY9QaG -+VBhCa5jBstWS7A5gQfEvYqn6csZ3jW472kW6OFNz6ftBcTwufomGJBMkonf4ZLr -6t0AdRi9jflBPz3MNNRGxyjIuAmFqGocYFA/OODBRjvSHB2DygqQ8k+9tlpvzMRr -kU7jq3RKL+83G1dJ3/LTjCLz4ryEMIC/OJ/gNZfE0qXddpPtzflIPtUFVffXdbFV -1t6XZFhJ+wBHQCpJobq/BjqLWUA86upsDbfwnePtmIPRCemeXkY0qabC+2Qmd2Fe -xyZphwTyMnbqy6FG1tB65dYf3mOqStmLa3RcHn9+2dwNfUkh0tjO2FXD7drWcU0O -I9DW8oAypiPhm/QCjMU6j6t+0pzqJ/S0tdAo+BeiXK5hwk6aR+sRb608QfBbRAs3 -U/q8jSPByenggac2BtTN6cl+AA1Mfcgl8iXWNFVGegzd/VS9vINClJCe3FNVoUnR -YCKkj+x0fqxvBLopOkJkmuZw/yhgMxljUi2qYYGn90OzAgMBAAGjggESMIIBDjAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUd -IAAwgZcGA1UdHwSBjzCBjDAsoCqgKIYmaHR0cDovL2NybC5vY2VzLnRydXN0MjQw -OC5jb20vb2Nlcy5jcmwwXKBaoFikVjBUMQswCQYDVQQGEwJESzESMBAGA1UEChMJ -VFJVU1QyNDA4MSIwIAYDVQQDExlUUlVTVDI0MDggT0NFUyBQcmltYXJ5IENBMQ0w -CwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFPZt+LFIs0FDAduGROUYBbdezAY3MB0G -A1UdDgQWBBT2bfixSLNBQwHbhkTlGAW3XswGNzANBgkqhkiG9w0BAQsFAAOCAgEA -VPAQGrT7dIjD3/sIbQW86f9CBPu0c7JKN6oUoRUtKqgJ2KCdcB5ANhCoyznHpu3m -/dUfVUI5hc31CaPgZyY37hch1q4/c9INcELGZVE/FWfehkH+acpdNr7j8UoRZlkN -15b/0UUBfGeiiJG/ugo4llfoPrp8bUmXEGggK3wyqIPcJatPtHwlb6ympfC2b/Ld -v/0IdIOzIOm+A89Q0utx+1cOBq72OHy8gpGb6MfncVFMoL2fjP652Ypgtr8qN9Ka -/XOazktiIf+2Pzp7hLi92hRc9QMYexrV/nnFSQoWdU8TqULFUoZ3zTEC3F/g2yj+ -FhbrgXHGo5/A4O74X+lpbY2XV47aSuw+DzcPt/EhMj2of7SA55WSgbjPMbmNX0rb -oenSIte2HRFW5Tr2W+qqkc/StixgkKdyzGLoFx/xeTWdJkZKwyjqge2wJqws2upY -EiThhC497+/mTiSuXd69eVUwKyqYp9SD2rTtNmF6TCghRM/dNsJOl+osxDVGcwvt -WIVFF/Onlu5fu1NHXdqNEfzldKDUvCfii3L2iATTZyHwU9CALE+2eIA+PIaLgnM1 -1oCfUnYBkQurTrihvzz9PryCVkLxiqRmBVvUz+D4N5G/wvvKDS6t6cPCS+hqM482 -cbBsn0R9fFLO4El62S9eH1tqOzO20OAOK65yJIsOpSE= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF -MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL -ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx -MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc -MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ -AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH -iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj -vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA -0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB -OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ -BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E -FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 -GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW -zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 -1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE -f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F -jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN -ZetX2fNXlrtIzYE= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx -EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT -VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 -NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT -B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF -10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz -0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh -MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH -zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc -46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 -yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi -laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP -oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA -BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE -qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm -4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL -1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn -LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF -H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo -RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ -nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh -15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW -6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW -nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j -wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz -aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy -KwbQBM0= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES -MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU -V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz -WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO -LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE -AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH -K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX -RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z -rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx -3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq -hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC -MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls -XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D -lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn -aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ -YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRS -MRgwFgYDVQQHDA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJp -bGltc2VsIHZlIFRla25vbG9qaWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSw -VEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ryb25payB2ZSBLcmlwdG9sb2ppIEFy -YcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNVBAsMGkthbXUgU2Vy -dGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUgS8O2 -ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAe -Fw0wNzA4MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIx -GDAWBgNVBAcMD0dlYnplIC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmls -aW1zZWwgdmUgVGVrbm9sb2ppayBBcmHFn3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBU -QUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZlIEtyaXB0b2xvamkgQXJh -xZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2FtdSBTZXJ0 -aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7Zr -IFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4h -gb46ezzb8R1Sf1n68yJMlaCQvEhOEav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yK -O7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1xnnRFDDtG1hba+818qEhTsXO -fJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR6Oqeyjh1jmKw -lZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL -hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQID -AQABo0IwQDAdBgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/ -BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmP -NOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4N5EY3ATIZJkrGG2AA1nJrvhY0D7t -wyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLTy9LQQfMmNkqblWwM -7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYhLBOh -gLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5n -oN+J1q2MdqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUs -yZyQ2uypQjyttgI= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvzE/MD0GA1UEAww2VMOc -UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx -c8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV4wXAYDVQQKDFVUw5xS -S1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kg -SGl6bWV0bGVyaSBBLsWeLiAoYykgQXJhbMSxayAyMDA3MB4XDTA3MTIyNTE4Mzcx -OVoXDTE3MTIyMjE4MzcxOVowgb8xPzA9BgNVBAMMNlTDnFJLVFJVU1QgRWxla3Ry -b25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTELMAkGA1UEBhMC -VFIxDzANBgNVBAcMBkFua2FyYTFeMFwGA1UECgxVVMOcUktUUlVTVCBCaWxnaSDE -sGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7F -ni4gKGMpIEFyYWzEsWsgMjAwNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAKu3PgqMyKVYFeaK7yc9SrToJdPNM8Ig3BnuiD9NYvDdE3ePYakqtdTyuTFY -KTsvP2qcb3N2Je40IIDu6rfwxArNK4aUyeNgsURSsloptJGXg9i3phQvKUmi8wUG -+7RP2qFsmmaf8EMJyupyj+sA1zU511YXRxcw9L6/P8JorzZAwan0qafoEGsIiveG -HtyaKhUG9qPw9ODHFNRRf8+0222vR5YXm3dx2KdxnSQM9pQ/hTEST7ruToK4uT6P -IzdezKKqdfcYbwnTrqdUKDT74eA7YH2gvnmJhsifLfkKS8RQouf9eRbHegsYz85M -733WB2+Y8a+xwXrXgTW4qhe04MsCAwEAAaNCMEAwHQYDVR0OBBYEFCnFkKslrxHk -Yb+j/4hhkeYO/pyBMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G -CSqGSIb3DQEBBQUAA4IBAQAQDdr4Ouwo0RSVgrESLFF6QSU2TJ/sPx+EnWVUXKgW -AkD6bho3hO9ynYYKVZ1WKKxmLNA6VpM0ByWtCLCPyA8JWcqdmBzlVPi5RX9ql2+I -aE1KBiY3iAIOtsbWcpnOa3faYjGkVh+uX4132l32iPwa2Z61gfAyuOOI0JzzaqC5 -mxRZNTZPz/OOXl0XrRWV2N2y1RVuAE6zS89mlOTgzbUF2mNXi+WzqtvALhyQRNsa -XRik7r4EW5nVcV9VZWRi1aKbBFmGyGJ353yCRWo9F7/snXUMrqNvWtMvmDb08PUZ -qxFdyKbjKlhqQgnDvZImZjINXQhVdP+MmNAKpoRq0Tl9 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFkjCCA3qgAwIBAgIBCDANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJDTjER -MA8GA1UEChMIVW5pVHJ1c3QxGDAWBgNVBAMTD1VDQSBHbG9iYWwgUm9vdDAeFw0w -ODAxMDEwMDAwMDBaFw0zNzEyMzEwMDAwMDBaMDoxCzAJBgNVBAYTAkNOMREwDwYD -VQQKEwhVbmlUcnVzdDEYMBYGA1UEAxMPVUNBIEdsb2JhbCBSb290MIICIjANBgkq -hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2rPlBlA/9nP3xDK/RqUlYjOHsGj+p9+I -A2N9Apb964fJ7uIIu527u+RBj8cwiQ9tJMAEbBSUgU2gDXRm8/CFr/hkGd656YGT -0CiFmUdCSiw8OCdKzP/5bBnXtfPvm65bNAbXj6ITBpyKhELVs6OQaG2BkO5NhOxM -cE4t3iQ5zhkAQ5N4+QiGHUPR9HK8BcBn+sBR0smFBySuOR56zUHSNqth6iur8CBV -mTxtLRwuLnWW2HKX4AzKaXPudSsVCeCObbvaE/9GqOgADKwHLx25urnRoPeZnnRc -GQVmMc8+KlL+b5/zub35wYH1N9ouTIElXfbZlJrTNYsgKDdfUet9Ysepk9H50DTL -qScmLCiQkjtVY7cXDlRzq6987DqrcDOsIfsiJrOGrCOp139tywgg8q9A9f9ER3Hd -J90TKKHqdjn5EKCgTUCkJ7JZFStsLSS3JGN490MYeg9NEePorIdCjedYcaSrbqLA -l3y74xNLytu7awj5abQEctXDRrl36v+6++nwOgw19o8PrgaEFt2UVdTvyie3AzzF -HCYq9TyopZWbhvGKiWf4xwxmse1Bv4KmAGg6IjTuHuvlb4l0T2qqaqhXZ1LUIGHB -zlPL/SR/XybfoQhplqCe/klD4tPq2sTxiDEhbhzhzfN1DiBEFsx9c3Q1RSw7gdQg -7LYJjD5IskkCAwEAAaOBojCBnzALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zBj -BgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcD -BAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUF -BwMJMB0GA1UdDgQWBBTZw9P4gJJnzF3SOqLXcaK0xDiALTANBgkqhkiG9w0BAQUF -AAOCAgEA0Ih5ygiq9ws0oE4Jwul+NUiJcIQjL1HDKy9e21NrW3UIKlS6Mg7VxnGF -sZdJgPaE0PC6t3GUyHlrpsVE6EKirSUtVy/m1jEp+hmJVCl+t35HNmktbjK81HXa -QnO4TuWDQHOyXd/URHOmYgvbqm4FjMh/Rk85hZCdvBtUKayl1/7lWFZXbSyZoUkh -1WHGjGHhdSTBAd0tGzbDLxLMC9Z4i3WA6UG5iLHKPKkWxk4V43I29tSgQYWvimVw -TbVEEFDs7d9t5tnGwBLxSzovc+k8qe4bqi81pZufTcU0hF8mFGmzI7GJchT46U1R -IgP/SobEHOh7eQrbRyWBfvw0hKxZuFhD5D1DCVR0wtD92e9uWfdyYJl2b/Unp7uD -pEqB7CmB9HdL4UISVdSGKhK28FWbAS7d9qjjGcPORy/AeGEYWsdl/J1GW1fcfA67 -loMQfFUYCQSu0feLKj6g5lDWMDbX54s4U+xJRODPpN/xU3uLWrb2EZBL1nXz/gLz -Ka/wI3J9FO2pXd96gZ6bkiL8HvgBRUGXx2sBYb4zaPKgZYRmvOAqpGjTcezHCN6j -w8k2SjTxF+KAryAhk5Qe5hXTVGLxtTgv48y5ZwSpuuXu+RBuyy5+E6+SFP7zJ3N7 -OPxzbbm5iPZujAv1/P8JDrMtXnt145Ik4ubhWD5LKAN1axibRww= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDhDCCAmygAwIBAgIBCTANBgkqhkiG9w0BAQUFADAzMQswCQYDVQQGEwJDTjER -MA8GA1UEChMIVW5pVHJ1c3QxETAPBgNVBAMTCFVDQSBSb290MB4XDTA0MDEwMTAw -MDAwMFoXDTI5MTIzMTAwMDAwMFowMzELMAkGA1UEBhMCQ04xETAPBgNVBAoTCFVu -aVRydXN0MREwDwYDVQQDEwhVQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALNdB8qGJn1r4vs4CQ7MgsJqGgCiFV/W6dQBt1YDAVmP9ThpJHbC -XivF9iu/r/tB/Q9a/KvXg3BNMJjRnrJ2u5LWu+kQKGkoNkTo8SzXWHwk1n8COvCB -a2FgP/Qz3m3l6ihST/ypHWN8C7rqrsRoRuTej8GnsrZYWm0dLNmMOreIy4XU9+gD -Xv2yTVDo1h//rgI/i0+WITyb1yXJHT/7mLFZ5PCpO6+zzYUs4mBGzG+OoOvwNMXx -QhhgrhLtRnUc5dipllq+3lrWeGeWW5N3UPJuG96WUUqm1ktDdSFmjXfsAoR2XEQQ -th1hbOSjIH23jboPkXXHjd+8AmCoKai9PUMCAwEAAaOBojCBnzALBgNVHQ8EBAMC -AQYwDAYDVR0TBAUwAwEB/zBjBgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIG -CCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcD -BwYIKwYBBQUHAwgGCCsGAQUFBwMJMB0GA1UdDgQWBBTbHzXza0z/QjFkm827Wh4d -SBC37jANBgkqhkiG9w0BAQUFAAOCAQEAOGy3iPGt+lg3dNHocN6cJ1nL5BXXoMNg -14iABMUwTD3UGusGXllH5rxmy+AI/Og17GJ9ysDawXiv5UZv+4mCI4/211NmVaDe -JRI7cTYWVRJ2+z34VFsxugAG+H1V5ad2g6pcSpemKijfvcZsCyOVjjN/Hl5AHxNU -LJzltQ7dFyiuawHTUin1Ih+QOfTcYmjwPIZH7LgFRbu3DJaUxmfLI3HQjnQi1kHr -A6i26r7EARK1s11AdgYg1GS4KUYGis4fk5oQ7vuqWrTcL9Ury/bXBYSYBZELhPc9 -+tb5evosFeo2gkO3t7jj83EB7UNDogVFwygFBzXjAaU4HoDU18PZ3g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL -MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl -eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT -JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx -MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT -Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg -VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo -I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng -o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G -A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD -VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB -zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW -RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB -iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl -cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV -BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw -MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV -BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU -aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B -3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY -tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ -Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 -VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT -79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 -c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT -Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l -c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee -UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE -Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd -BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G -A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF -Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO -VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 -ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs -8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR -iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze -Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ -XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ -qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB -VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB -L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG -jjxDah2nGN59PRbxYvnKkKj9 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCB -kzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug -Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho -dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFDb3Jw -IFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBaMIGTMQswCQYDVQQG -EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD -VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cu -dXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6 -E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ -D0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK -4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykq -lXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulW -bfXv33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQAB -o4GrMIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT -MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js -LnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUEIzAhBggr -BgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4IB -AQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft -Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyj -j98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVH -KWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv -2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwPDPafepE39peC4N1xaf92P2BNPM/3 -mfnGV/TJVTl4uix5yaaIK/QI ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB -rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug -Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho -dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt -Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa -Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV -BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l -dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE -AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B -YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9 -hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l -L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm -SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM -1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws -6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud -DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw -Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50 -aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH -AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u -7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0 -xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ -rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim -eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk -USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB -lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug -Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho -dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt -SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG -A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe -MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v -d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh -cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn -0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ -M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a -MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd -oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI -DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy -oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD -VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0 -dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy -bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF -BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM -//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli -CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE -CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t -3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS -KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUFADCB -lTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug -Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho -dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3Qt -T2JqZWN0MB4XDTk5MDcwOTE4MzEyMFoXDTE5MDcwOTE4NDAzNlowgZUxCzAJBgNV -BAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAc -BgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3 -dy51c2VydHJ1c3QuY29tMR0wGwYDVQQDExRVVE4tVVNFUkZpcnN0LU9iamVjdDCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6qgT+jo2F4qjEAVZURnicP -HxzfOpuCaDDASmEd8S8O+r5596Uj71VRloTN2+O5bj4x2AogZ8f02b+U60cEPgLO -KqJdhwQJ9jCdGIqXsqoc/EHSoTbL+z2RuufZcDX65OeQw5ujm9M89RKZd7G3CeBo -5hy485RjiGpq/gt2yb70IuRnuasaXnfBhQfdDWy/7gbHd2pBnqcP1/vulBe3/IW+ -pKvEHDHd17bR5PDv3xaPslKT16HUiaEHLr/hARJCHhrh2JU022R5KP+6LhHC5ehb -kkj7RwvCbNqtMoNB86XlQXD9ZZBt+vpRxPm9lisZBCzTbafc8H9vg2XiaquHhnUC -AwEAAaOBrzCBrDALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E -FgQU2u1kdBScFDyr3ZmpvVsoTYs8ydgwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDov -L2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0LmNybDApBgNV -HSUEIjAgBggrBgEFBQcDAwYIKwYBBQUHAwgGCisGAQQBgjcKAwQwDQYJKoZIhvcN -AQEFBQADggEBAAgfUrE3RHjb/c652pWWmKpVZIC1WkDdIaXFwfNfLEzIR1pp6ujw -NTX00CXzyKakh0q9G7FzCL3Uw8q2NbtZhncxzaeAFK4T7/yxSPlrJSUtUbYsbUXB -mMiKVl0+7kNOPmsnjtA6S4ULX9Ptaqd1y9Fahy85dRNacrACgZ++8A+EVCBibGnU -4U3GDZlDAQ0Slox4nb9QorFEqmrPF3rPbw/U+CRVX/A0FklmPlBGyWNxODFiuGK5 -81OtbLUrohKqGU8J2l7nk8aOFAj+8DCAGKCGhU3IfdeLA/5u1fedFqySLKAj5ZyR -Uh+U3xeUc8OzwcFxBSAAeL0TUh2oPs0AH8g= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl -cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu -LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT -aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD -VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT -aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ -bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu -IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 -nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO -8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV -ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb -PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 -6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr -n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a -qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 -wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 -ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs -pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 -E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ -BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy -aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s -IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp -Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 -eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV -BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp -Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu -Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g -Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt -IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU -J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO -JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY -wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o -koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN -qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E -Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe -xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u -7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU -sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI -sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP -cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl -cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu -LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT -aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD -VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT -aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ -bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu -IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b -N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t -KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu -kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm -CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ -Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu -imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te -2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe -DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC -/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p -F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt -TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL -MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW -ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln -biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp -U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y -aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp -U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg -SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln -biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm -GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve -fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw -AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ -aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj -aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW -kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC -4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga -FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB -yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL -ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp -U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW -ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL -MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW -ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln -biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp -U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y -aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 -nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex -t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz -SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG -BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ -rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ -NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E -BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH -BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy -aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv -MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE -p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y -5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK -WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ -4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N -hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB -vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL -ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp -U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W -ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe -Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX -MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 -IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y -IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh -bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF -9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH -H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H -LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN -/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT -rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud -EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw -WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs -exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud -DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 -sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ -seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz -4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ -BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR -lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 -7M2CYfE45k+XmCpajQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr -MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl -cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv -bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw -CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h -dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l -cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h -2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E -lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV -ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq -299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t -vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL -dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD -AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF -AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR -zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 -LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd -7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw -++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt -398znM/jra6O1I7mT1GvFpLgXPYHDw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID+TCCAuGgAwIBAgIQW1fXqEywr9nTb0ugMbTW4jANBgkqhkiG9w0BAQUFADB5 -MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl -cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xKjAoBgNVBAMTIVZpc2EgSW5m -b3JtYXRpb24gRGVsaXZlcnkgUm9vdCBDQTAeFw0wNTA2MjcxNzQyNDJaFw0yNTA2 -MjkxNzQyNDJaMHkxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKEwRWSVNBMS8wLQYDVQQL -EyZWaXNhIEludGVybmF0aW9uYWwgU2VydmljZSBBc3NvY2lhdGlvbjEqMCgGA1UE -AxMhVmlzYSBJbmZvcm1hdGlvbiBEZWxpdmVyeSBSb290IENBMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyREA4R/QkkfpLx0cYjga/EhIPZpchH0MZsRZ -FfP6C2ITtf/Wc+MtgD4yTK0yoiXvni3d+aCtEgK3GDvkdgYrgF76ROJFZwUQjQ9l -x42gRT05DbXvWFoy7dTglCZ9z/Tt2Cnktv9oxKgmkeHY/CyfpCBg1S8xth2JlGMR -0ug/GMO5zANuegZOv438p5Lt5So+du2Gl+RMFQqEPwqN5uJSqAe0VtmB4gWdQ8on -Bj2ZAM2R73QW7UW0Igt2vA4JaSiNtaAG/Y/58VXWHGgbq7rDtNK1R30X0kJV0rGA -ib3RSwB3LpG7bOjbIucV5mQgJoVjoA1e05w6g1x/KmNTmOGRVwIDAQABo30wezAP -BgNVHRMBAf8EBTADAQH/MDkGA1UdIAQyMDAwLgYFZ4EDAgEwJTAVBggrBgEFBQcC -ARYJMS4yLjMuNC41MAwGCCsGAQUFBwICMAAwDgYDVR0PAQH/BAQDAgEGMB0GA1Ud -DgQWBBRPitp2/2d3I5qmgH1924h1hfeBejANBgkqhkiG9w0BAQUFAAOCAQEACUW1 -QdUHdDJydgDPmYt+telnG/Su+DPaf1cregzlN43bJaJosMP7NwjoJY/H2He4XLWb -5rXEkl+xH1UyUwF7mtaUoxbGxEvt8hPZSTB4da2mzXgwKvXuHyzF5Qjy1hOB0/pS -WaF9ARpVKJJ7TOJQdGKBsF2Ty4fSCLqZLgfxbqwMsd9sysXI3rDXjIhekqvbgeLz -PqZr+pfgFhwCCLSMQWl5Ll3u7Qk9wR094DZ6jj6+JCVCRUS3HyabH4OlM0Vc2K+j -INsF/64Or7GNtRf9HYEJvrPxHINxl3JVwhYj4ASeaO4KwhVbwtw94Tc/XrGcexDo -c5lC3rAi4/UZqweYCw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEGjCCAwKgAwIBAgIDAYagMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYDVQQGEwJG -STEQMA4GA1UECBMHRmlubGFuZDEhMB8GA1UEChMYVmFlc3RvcmVraXN0ZXJpa2Vz -a3VzIENBMSkwJwYDVQQLEyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBTZXJ2aWNl -czEZMBcGA1UECxMQVmFybWVubmVwYWx2ZWx1dDEZMBcGA1UEAxMQVlJLIEdvdi4g -Um9vdCBDQTAeFw0wMjEyMTgxMzUzMDBaFw0yMzEyMTgxMzUxMDhaMIGjMQswCQYD -VQQGEwJGSTEQMA4GA1UECBMHRmlubGFuZDEhMB8GA1UEChMYVmFlc3RvcmVraXN0 -ZXJpa2Vza3VzIENBMSkwJwYDVQQLEyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBT -ZXJ2aWNlczEZMBcGA1UECxMQVmFybWVubmVwYWx2ZWx1dDEZMBcGA1UEAxMQVlJL -IEdvdi4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALCF -FdrIAzfQo0Y3bBseljDCWoUSZyPyu5/nioFgJ/gTqTy894aqqvTzJSm0/nWuHoGG -igWyHWWyOOi0zCia+xc28ZPVec7Bg4shT8MNrUHfeJ1I4x9CRPw8bSEga60ihCRC -jxdNwlAfZM0tOSJWiP2yY51U2kJpwMhP1xjiPshphJQ9LIDGfM6911Mf64i5psu7 -hVfvV3ZdDIvTXhJBnyHAOfQmbQj6OLOhd7HuFtjQaNq0mKWgZUZKa41+qk1guPjI -DfxxPu45h4G02fhukO4/DmHXHSto5i7hQkQmeCxY8n0Wf2HASSQqiYe2XS8pGfim -545SnkFLWg6quMJmQlMCAwEAAaNVMFMwDwYDVR0TAQH/BAUwAwEB/zARBglghkgB -hvhCAQEEBAMCAAcwDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTb6eGb0tEkC/yr -46Bn6q6cS3f0sDANBgkqhkiG9w0BAQUFAAOCAQEArX1ID1QRnljurw2bEi8hpM2b -uoRH5sklVSPj3xhYKizbXvfNVPVRJHtiZ+GxH0mvNNDrsczZog1Sf0JLiGCXzyVy -t08pLWKfT6HAVVdWDsRol5EfnGTCKTIB6dTI2riBmCguGMcs/OubUpbf9MiQGS0j -8/G7cdqehSO9Gu8u5Hp5t8OdhkktY7ktdM9lDzJmid87Ie4pbzlj2RXBbvbfgD5Q -eBmK3QOjFKU3p7UsfLYRh+cF8ry23tT/l4EohP7+bEaFEEGfTXWMB9SZZ291im/k -UJL2mdUQuMSpe/cXjUu/15WfCdxEDx4yw8DP03kN5Mc7h/CQNIghYkmSBAQfvA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB -gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk -MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY -UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx -NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 -dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy -dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 -38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP -KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q -DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 -qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa -JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi -PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P -BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs -jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 -eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD -ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR -vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt -qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa -IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy -i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ -O+7ETPTsJ3xCwnR8gooJybQDJbw= ------END CERTIFICATE----- diff --git a/tempfork/x509/example_test.go b/tempfork/x509/example_test.go deleted file mode 100644 index 19d249af7..000000000 --- a/tempfork/x509/example_test.go +++ /dev/null @@ -1,137 +0,0 @@ -// Copyright 2014 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509_test - -import ( - "crypto/dsa" - "crypto/ecdsa" - "crypto/ed25519" - "crypto/rsa" - "crypto/x509" - "encoding/pem" - "fmt" -) - -func ExampleCertificate_Verify() { - // Verifying with a custom list of root certificates. - - const rootPEM = ` ------BEGIN CERTIFICATE----- -MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT -MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i -YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG -EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy -bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP -VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv -h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE -ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ -EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC -DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7 -qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD -VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g -K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI -KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n -ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB -BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY -/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/ -zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza -HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto -WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6 -yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx ------END CERTIFICATE-----` - - const certPEM = ` ------BEGIN CERTIFICATE----- -MIIDujCCAqKgAwIBAgIIE31FZVaPXTUwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE -BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl -cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwMTI5MTMyNzQzWhcNMTQwNTI5MDAwMDAw -WjBpMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN -TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEYMBYGA1UEAwwPbWFp -bC5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfRrObuSW5T7q -5CnSEqefEmtH4CCv6+5EckuriNr1CjfVvqzwfAhopXkLrq45EQm8vkmf7W96XJhC -7ZM0dYi1/qOCAU8wggFLMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAa -BgNVHREEEzARgg9tYWlsLmdvb2dsZS5jb20wCwYDVR0PBAQDAgeAMGgGCCsGAQUF -BwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcy -LmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2Nz -cDAdBgNVHQ4EFgQUiJxtimAuTfwb+aUtBn5UYKreKvMwDAYDVR0TAQH/BAIwADAf -BgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisG -AQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29t -L0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAH6RYHxHdcGpMpFE3oxDoFnP+ -gtuBCHan2yE2GRbJ2Cw8Lw0MmuKqHlf9RSeYfd3BXeKkj1qO6TVKwCh+0HdZk283 -TZZyzmEOyclm3UGFYe82P/iDFt+CeQ3NpmBg+GoaVCuWAARJN/KfglbLyyYygcQq -0SgeDh8dRKUiaW3HQSoYvTvdTuqzwK4CXsr3b5/dAOY8uMuG/IAR3FgwTbZ1dtoW -RvOTa8hYiU6A475WuZKyEHcwnGYe57u2I2KbMgcKjPniocj4QzgYsVAVKW3IwaOh -yE+vPxsiUkvQHdO2fojCkY8jg70jxM+gu59tPDNbw3Uh/2Ij310FgTHsnGQMyA== ------END CERTIFICATE-----` - - // First, create the set of root certificates. For this example we only - // have one. It's also possible to omit this in order to use the - // default root set of the current operating system. - roots := x509.NewCertPool() - ok := roots.AppendCertsFromPEM([]byte(rootPEM)) - if !ok { - panic("failed to parse root certificate") - } - - block, _ := pem.Decode([]byte(certPEM)) - if block == nil { - panic("failed to parse certificate PEM") - } - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - panic("failed to parse certificate: " + err.Error()) - } - - opts := x509.VerifyOptions{ - DNSName: "mail.google.com", - Roots: roots, - } - - if _, err := cert.Verify(opts); err != nil { - panic("failed to verify certificate: " + err.Error()) - } -} - -func ExampleParsePKIXPublicKey() { - const pubPEM = ` ------BEGIN PUBLIC KEY----- -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlRuRnThUjU8/prwYxbty -WPT9pURI3lbsKMiB6Fn/VHOKE13p4D8xgOCADpdRagdT6n4etr9atzDKUSvpMtR3 -CP5noNc97WiNCggBjVWhs7szEe8ugyqF23XwpHQ6uV1LKH50m92MbOWfCtjU9p/x -qhNpQQ1AZhqNy5Gevap5k8XzRmjSldNAFZMY7Yv3Gi+nyCwGwpVtBUwhuLzgNFK/ -yDtw2WcWmUU7NuC8Q6MWvPebxVtCfVp/iQU6q60yyt6aGOBkhAX0LpKAEhKidixY -nP9PNVBvxgu3XZ4P36gZV6+ummKdBVnc3NqwBLu5+CcdRdusmHPHd5pHf4/38Z3/ -6qU2a/fPvWzceVTEgZ47QjFMTCTmCwNt29cvi7zZeQzjtwQgn4ipN9NibRH/Ax/q -TbIzHfrJ1xa2RteWSdFjwtxi9C20HUkjXSeI4YlzQMH0fPX6KCE7aVePTOnB69I/ -a9/q96DiXZajwlpq3wFctrs1oXqBp5DVrCIj8hU2wNgB7LtQ1mCtsYz//heai0K9 -PhE4X6hiE0YmeAZjR0uHl8M/5aW9xCoJ72+12kKpWAa0SFRWLy6FejNYCYpkupVJ -yecLk/4L1W0l6jQQZnWErXZYe0PNFcmwGXy1Rep83kfBRNKRy5tvocalLlwXLdUk -AIU+2GKjyT3iMuzZxxFxPFMCAwEAAQ== ------END PUBLIC KEY-----` - - block, _ := pem.Decode([]byte(pubPEM)) - if block == nil { - panic("failed to parse PEM block containing the public key") - } - - pub, err := x509.ParsePKIXPublicKey(block.Bytes) - if err != nil { - panic("failed to parse DER encoded public key: " + err.Error()) - } - - switch pub := pub.(type) { - case *rsa.PublicKey: - fmt.Println("pub is of type RSA:", pub) - case *dsa.PublicKey: - fmt.Println("pub is of type DSA:", pub) - case *ecdsa.PublicKey: - fmt.Println("pub is of type ECDSA:", pub) - case ed25519.PublicKey: - fmt.Println("pub is of type Ed25519:", pub) - default: - panic("unknown type of public key") - } -} diff --git a/tempfork/x509/name_constraints_test.go b/tempfork/x509/name_constraints_test.go deleted file mode 100644 index de92552cc..000000000 --- a/tempfork/x509/name_constraints_test.go +++ /dev/null @@ -1,2195 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "bytes" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "crypto/x509/pkix" - "encoding/asn1" - "encoding/hex" - "encoding/pem" - "fmt" - "io/ioutil" - "math/big" - "net" - "net/url" - "os" - "os/exec" - "strconv" - "strings" - "sync" - "testing" - "time" -) - -const ( - // testNameConstraintsAgainstOpenSSL can be set to true to run tests - // against the system OpenSSL. This is disabled by default because Go - // cannot depend on having OpenSSL installed at testing time. - testNameConstraintsAgainstOpenSSL = false - - // debugOpenSSLFailure can be set to true, when - // testNameConstraintsAgainstOpenSSL is also true, to cause - // intermediate files to be preserved for debugging. - debugOpenSSLFailure = false -) - -type nameConstraintsTest struct { - roots []constraintsSpec - intermediates [][]constraintsSpec - leaf leafSpec - requestedEKUs []ExtKeyUsage - expectedError string - noOpenSSL bool - ignoreCN bool -} - -type constraintsSpec struct { - ok []string - bad []string - ekus []string -} - -type leafSpec struct { - sans []string - ekus []string - cn string -} - -var nameConstraintsTests = []nameConstraintsTest{ - // #0: dummy test for the certificate generation process itself. - { - roots: make([]constraintsSpec, 1), - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - }, - - // #1: dummy test for the certificate generation process itself: single - // level of intermediate. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - }, - - // #2: dummy test for the certificate generation process itself: two - // levels of intermediates. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - {}, - }, - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - }, - - // #3: matching DNS constraint in root - { - roots: []constraintsSpec{ - { - ok: []string{"dns:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - }, - - // #4: matching DNS constraint in intermediate. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - { - ok: []string{"dns:example.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - }, - - // #5: .example.com only matches subdomains. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:.example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - expectedError: "\"example.com\" is not permitted", - }, - - // #6: .example.com matches subdomains. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - { - ok: []string{"dns:.example.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.example.com"}, - }, - }, - - // #7: .example.com matches multiple levels of subdomains - { - roots: []constraintsSpec{ - { - ok: []string{"dns:.example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.bar.example.com"}, - }, - }, - - // #8: specifying a permitted list of names does not exclude other name - // types - { - roots: []constraintsSpec{ - { - ok: []string{"dns:.example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:10.1.1.1"}, - }, - }, - - // #9: specifying a permitted list of names does not exclude other name - // types - { - roots: []constraintsSpec{ - { - ok: []string{"ip:10.0.0.0/8"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - }, - - // #10: intermediates can try to permit other names, which isn't - // forbidden if the leaf doesn't mention them. I.e. name constraints - // apply to names, not constraints themselves. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - { - ok: []string{"dns:example.com", "dns:foo.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - }, - - // #11: intermediates cannot add permitted names that the root doesn't - // grant them. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - { - ok: []string{"dns:example.com", "dns:foo.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.com"}, - }, - expectedError: "\"foo.com\" is not permitted", - }, - - // #12: intermediates can further limit their scope if they wish. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:.example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - { - ok: []string{"dns:.bar.example.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.bar.example.com"}, - }, - }, - - // #13: intermediates can further limit their scope and that limitation - // is effective - { - roots: []constraintsSpec{ - { - ok: []string{"dns:.example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - { - ok: []string{"dns:.bar.example.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.notbar.example.com"}, - }, - expectedError: "\"foo.notbar.example.com\" is not permitted", - }, - - // #14: roots can exclude subtrees and that doesn't affect other names. - { - roots: []constraintsSpec{ - { - bad: []string{"dns:.example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.com"}, - }, - }, - - // #15: roots exclusions are effective. - { - roots: []constraintsSpec{ - { - bad: []string{"dns:.example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.example.com"}, - }, - expectedError: "\"foo.example.com\" is excluded", - }, - - // #16: intermediates can also exclude names and that doesn't affect - // other names. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - { - bad: []string{"dns:.example.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.com"}, - }, - }, - - // #17: intermediate exclusions are effective. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - { - bad: []string{"dns:.example.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.example.com"}, - }, - expectedError: "\"foo.example.com\" is excluded", - }, - - // #18: having an exclusion doesn't prohibit other types of names. - { - roots: []constraintsSpec{ - { - bad: []string{"dns:.example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.com", "ip:10.1.1.1"}, - }, - }, - - // #19: IP-based exclusions are permitted and don't affect unrelated IP - // addresses. - { - roots: []constraintsSpec{ - { - bad: []string{"ip:10.0.0.0/8"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:192.168.1.1"}, - }, - }, - - // #20: IP-based exclusions are effective - { - roots: []constraintsSpec{ - { - bad: []string{"ip:10.0.0.0/8"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:10.0.0.1"}, - }, - expectedError: "\"10.0.0.1\" is excluded", - }, - - // #21: intermediates can further constrain IP ranges. - { - roots: []constraintsSpec{ - { - bad: []string{"ip:0.0.0.0/1"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - { - bad: []string{"ip:11.0.0.0/8"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:11.0.0.1"}, - }, - expectedError: "\"11.0.0.1\" is excluded", - }, - - // #22: when multiple intermediates are present, chain building can - // avoid intermediates with incompatible constraints. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - { - ok: []string{"dns:.foo.com"}, - }, - { - ok: []string{"dns:.example.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.example.com"}, - }, - noOpenSSL: true, // OpenSSL's chain building is not informed by constraints. - }, - - // #23: (same as the previous test, but in the other order in ensure - // that we don't pass it by luck.) - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - { - ok: []string{"dns:.example.com"}, - }, - { - ok: []string{"dns:.foo.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.example.com"}, - }, - noOpenSSL: true, // OpenSSL's chain building is not informed by constraints. - }, - - // #24: when multiple roots are valid, chain building can avoid roots - // with incompatible constraints. - { - roots: []constraintsSpec{ - {}, - { - ok: []string{"dns:foo.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - noOpenSSL: true, // OpenSSL's chain building is not informed by constraints. - }, - - // #25: (same as the previous test, but in the other order in ensure - // that we don't pass it by luck.) - { - roots: []constraintsSpec{ - { - ok: []string{"dns:foo.com"}, - }, - {}, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - noOpenSSL: true, // OpenSSL's chain building is not informed by constraints. - }, - - // #26: chain building can find a valid path even with multiple levels - // of alternative intermediates and alternative roots. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:foo.com"}, - }, - { - ok: []string{"dns:example.com"}, - }, - {}, - }, - intermediates: [][]constraintsSpec{ - { - {}, - { - ok: []string{"dns:foo.com"}, - }, - }, - { - {}, - { - ok: []string{"dns:foo.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:bar.com"}, - }, - noOpenSSL: true, // OpenSSL's chain building is not informed by constraints. - }, - - // #27: chain building doesn't get stuck when there is no valid path. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:foo.com"}, - }, - { - ok: []string{"dns:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - { - ok: []string{"dns:foo.com"}, - }, - }, - { - { - ok: []string{"dns:bar.com"}, - }, - { - ok: []string{"dns:foo.com"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:bar.com"}, - }, - expectedError: "\"bar.com\" is not permitted", - }, - - // #28: unknown name types don't cause a problem without constraints. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"unknown:"}, - }, - }, - - // #29: unknown name types are allowed even in constrained chains. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:foo.com", "dns:.foo.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"unknown:"}, - }, - }, - - // #30: without SANs, a certificate with a CN is rejected in a constrained chain. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:foo.com", "dns:.foo.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{}, - cn: "foo.com", - }, - expectedError: "leaf doesn't have a SAN extension", - }, - - // #31: IPv6 addresses work in constraints: roots can permit them as - // expected. - { - roots: []constraintsSpec{ - { - ok: []string{"ip:2000:abcd::/32"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:2000:abcd:1234::"}, - }, - }, - - // #32: IPv6 addresses work in constraints: root restrictions are - // effective. - { - roots: []constraintsSpec{ - { - ok: []string{"ip:2000:abcd::/32"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:2000:1234:abcd::"}, - }, - expectedError: "\"2000:1234:abcd::\" is not permitted", - }, - - // #33: An IPv6 permitted subtree doesn't affect DNS names. - { - roots: []constraintsSpec{ - { - ok: []string{"ip:2000:abcd::/32"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:2000:abcd::", "dns:foo.com"}, - }, - }, - - // #34: IPv6 exclusions don't affect unrelated addresses. - { - roots: []constraintsSpec{ - { - bad: []string{"ip:2000:abcd::/32"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:2000:1234::"}, - }, - }, - - // #35: IPv6 exclusions are effective. - { - roots: []constraintsSpec{ - { - bad: []string{"ip:2000:abcd::/32"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:2000:abcd::"}, - }, - expectedError: "\"2000:abcd::\" is excluded", - }, - - // #36: IPv6 constraints do not permit IPv4 addresses. - { - roots: []constraintsSpec{ - { - ok: []string{"ip:2000:abcd::/32"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:10.0.0.1"}, - }, - expectedError: "\"10.0.0.1\" is not permitted", - }, - - // #37: IPv4 constraints do not permit IPv6 addresses. - { - roots: []constraintsSpec{ - { - ok: []string{"ip:10.0.0.0/8"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:2000:abcd::"}, - }, - expectedError: "\"2000:abcd::\" is not permitted", - }, - - // #38: an exclusion of an unknown type doesn't affect other names. - { - roots: []constraintsSpec{ - { - bad: []string{"unknown:"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - }, - - // #39: a permitted subtree of an unknown type doesn't affect other - // name types. - { - roots: []constraintsSpec{ - { - ok: []string{"unknown:"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - }, - - // #40: exact email constraints work - { - roots: []constraintsSpec{ - { - ok: []string{"email:foo@example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:foo@example.com"}, - }, - }, - - // #41: exact email constraints are effective - { - roots: []constraintsSpec{ - { - ok: []string{"email:foo@example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:bar@example.com"}, - }, - expectedError: "\"bar@example.com\" is not permitted", - }, - - // #42: email canonicalisation works. - { - roots: []constraintsSpec{ - { - ok: []string{"email:foo@example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:\"\\f\\o\\o\"@example.com"}, - }, - noOpenSSL: true, // OpenSSL doesn't canonicalise email addresses before matching - }, - - // #43: limiting email addresses to a host works. - { - roots: []constraintsSpec{ - { - ok: []string{"email:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:foo@example.com"}, - }, - }, - - // #44: a leading dot matches hosts one level deep - { - roots: []constraintsSpec{ - { - ok: []string{"email:.example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:foo@sub.example.com"}, - }, - }, - - // #45: a leading dot does not match the host itself - { - roots: []constraintsSpec{ - { - ok: []string{"email:.example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:foo@example.com"}, - }, - expectedError: "\"foo@example.com\" is not permitted", - }, - - // #46: a leading dot also matches two (or more) levels deep. - { - roots: []constraintsSpec{ - { - ok: []string{"email:.example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:foo@sub.sub.example.com"}, - }, - }, - - // #47: the local part of an email is case-sensitive - { - roots: []constraintsSpec{ - { - ok: []string{"email:foo@example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:Foo@example.com"}, - }, - expectedError: "\"Foo@example.com\" is not permitted", - }, - - // #48: the domain part of an email is not case-sensitive - { - roots: []constraintsSpec{ - { - ok: []string{"email:foo@EXAMPLE.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:foo@example.com"}, - }, - }, - - // #49: the domain part of a DNS constraint is also not case-sensitive. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:EXAMPLE.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - }, - - // #50: URI constraints only cover the host part of the URI - { - roots: []constraintsSpec{ - { - ok: []string{"uri:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{ - "uri:http://example.com/bar", - "uri:http://example.com:8080/", - "uri:https://example.com/wibble#bar", - }, - }, - }, - - // #51: URIs with IPs are rejected - { - roots: []constraintsSpec{ - { - ok: []string{"uri:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"uri:http://1.2.3.4/"}, - }, - expectedError: "URI with IP", - }, - - // #52: URIs with IPs and ports are rejected - { - roots: []constraintsSpec{ - { - ok: []string{"uri:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"uri:http://1.2.3.4:43/"}, - }, - expectedError: "URI with IP", - }, - - // #53: URIs with IPv6 addresses are also rejected - { - roots: []constraintsSpec{ - { - ok: []string{"uri:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"uri:http://[2006:abcd::1]/"}, - }, - expectedError: "URI with IP", - }, - - // #54: URIs with IPv6 addresses with ports are also rejected - { - roots: []constraintsSpec{ - { - ok: []string{"uri:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"uri:http://[2006:abcd::1]:16/"}, - }, - expectedError: "URI with IP", - }, - - // #55: URI constraints are effective - { - roots: []constraintsSpec{ - { - ok: []string{"uri:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"uri:http://bar.com/"}, - }, - expectedError: "\"http://bar.com/\" is not permitted", - }, - - // #56: URI constraints are effective - { - roots: []constraintsSpec{ - { - bad: []string{"uri:foo.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"uri:http://foo.com/"}, - }, - expectedError: "\"http://foo.com/\" is excluded", - }, - - // #57: URI constraints can allow subdomains - { - roots: []constraintsSpec{ - { - ok: []string{"uri:.foo.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"uri:http://www.foo.com/"}, - }, - }, - - // #58: excluding an IPv4-mapped-IPv6 address doesn't affect the IPv4 - // version of that address. - { - roots: []constraintsSpec{ - { - bad: []string{"ip:::ffff:1.2.3.4/128"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:1.2.3.4"}, - }, - }, - - // #59: a URI constraint isn't matched by a URN. - { - roots: []constraintsSpec{ - { - ok: []string{"uri:example.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"uri:urn:example"}, - }, - expectedError: "URI with empty host", - }, - - // #60: excluding all IPv6 addresses doesn't exclude all IPv4 addresses - // too, even though IPv4 is mapped into the IPv6 range. - { - roots: []constraintsSpec{ - { - ok: []string{"ip:1.2.3.0/24"}, - bad: []string{"ip:::0/0"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"ip:1.2.3.4"}, - }, - }, - - // #61: omitting extended key usage in a CA certificate implies that - // any usage is ok. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - ekus: []string{"serverAuth", "other"}, - }, - }, - - // #62: The “any” EKU also means that any usage is ok. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - { - ekus: []string{"any"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - ekus: []string{"serverAuth", "other"}, - }, - }, - - // #63: An intermediate with enumerated EKUs causes a failure if we - // test for an EKU not in that set. (ServerAuth is required by - // default.) - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - { - ekus: []string{"email"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - ekus: []string{"serverAuth"}, - }, - expectedError: "incompatible key usage", - }, - - // #64: an unknown EKU in the leaf doesn't break anything, even if it's not - // correctly nested. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - { - ekus: []string{"email"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - ekus: []string{"other"}, - }, - requestedEKUs: []ExtKeyUsage{ExtKeyUsageAny}, - }, - - // #65: trying to add extra permitted key usages in an intermediate - // (after a limitation in the root) is acceptable so long as the leaf - // certificate doesn't use them. - { - roots: []constraintsSpec{ - { - ekus: []string{"serverAuth"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - { - ekus: []string{"serverAuth", "email"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - ekus: []string{"serverAuth"}, - }, - }, - - // #66: EKUs in roots are not ignored. - { - roots: []constraintsSpec{ - { - ekus: []string{"email"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - { - ekus: []string{"serverAuth"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - ekus: []string{"serverAuth"}, - }, - expectedError: "incompatible key usage", - }, - - // #67: in order to support COMODO chains, SGC key usages permit - // serverAuth and clientAuth. - { - roots: []constraintsSpec{ - {}, - }, - intermediates: [][]constraintsSpec{ - { - { - ekus: []string{"netscapeSGC"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - ekus: []string{"serverAuth", "clientAuth"}, - }, - }, - - // #68: in order to support COMODO chains, SGC key usages permit - // serverAuth and clientAuth. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - { - ekus: []string{"msSGC"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - ekus: []string{"serverAuth", "clientAuth"}, - }, - }, - - // #69: an empty DNS constraint should allow anything. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - }, - - // #70: an empty DNS constraint should also reject everything. - { - roots: []constraintsSpec{ - { - bad: []string{"dns:"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - }, - expectedError: "\"example.com\" is excluded", - }, - - // #71: an empty email constraint should allow anything - { - roots: []constraintsSpec{ - { - ok: []string{"email:"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:foo@example.com"}, - }, - }, - - // #72: an empty email constraint should also reject everything. - { - roots: []constraintsSpec{ - { - bad: []string{"email:"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:foo@example.com"}, - }, - expectedError: "\"foo@example.com\" is excluded", - }, - - // #73: an empty URI constraint should allow anything - { - roots: []constraintsSpec{ - { - ok: []string{"uri:"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"uri:https://example.com/test"}, - }, - }, - - // #74: an empty URI constraint should also reject everything. - { - roots: []constraintsSpec{ - { - bad: []string{"uri:"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"uri:https://example.com/test"}, - }, - expectedError: "\"https://example.com/test\" is excluded", - }, - - // #75: serverAuth in a leaf shouldn't permit clientAuth when requested in - // VerifyOptions. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - ekus: []string{"serverAuth"}, - }, - requestedEKUs: []ExtKeyUsage{ExtKeyUsageClientAuth}, - expectedError: "incompatible key usage", - }, - - // #76: However, MSSGC in a leaf should match a request for serverAuth. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - ekus: []string{"msSGC"}, - }, - requestedEKUs: []ExtKeyUsage{ExtKeyUsageServerAuth}, - }, - - // An invalid DNS SAN should be detected only at validation time so - // that we can process CA certificates in the wild that have invalid SANs. - // See https://github.com/golang/go/issues/23995 - - // #77: an invalid DNS or mail SAN will not be detected if name constraint - // checking is not triggered. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:this is invalid", "email:this @ is invalid"}, - }, - }, - - // #78: an invalid DNS SAN will be detected if any name constraint checking - // is triggered. - { - roots: []constraintsSpec{ - { - bad: []string{"uri:"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:this is invalid"}, - }, - expectedError: "cannot parse dnsName", - }, - - // #79: an invalid email SAN will be detected if any name constraint - // checking is triggered. - { - roots: []constraintsSpec{ - { - bad: []string{"uri:"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"email:this @ is invalid"}, - }, - expectedError: "cannot parse rfc822Name", - }, - - // #80: if several EKUs are requested, satisfying any of them is sufficient. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - ekus: []string{"email"}, - }, - requestedEKUs: []ExtKeyUsage{ExtKeyUsageClientAuth, ExtKeyUsageEmailProtection}, - }, - - // #81: EKUs that are not asserted in VerifyOpts are not required to be - // nested. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ - { - { - ekus: []string{"serverAuth"}, - }, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:example.com"}, - // There's no email EKU in the intermediate. This would be rejected if - // full nesting was required. - ekus: []string{"email", "serverAuth"}, - }, - }, - - // #82: a certificate without SANs and CN is accepted in a constrained chain. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:foo.com", "dns:.foo.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{}, - }, - }, - - // #83: a certificate without SANs and with a CN that does not parse as a - // hostname is accepted in a constrained chain. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:foo.com", "dns:.foo.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{}, - cn: "foo,bar", - }, - }, - - // #84: a certificate with SANs and CN is accepted in a constrained chain. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:foo.com", "dns:.foo.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{"dns:foo.com"}, - cn: "foo.bar", - }, - }, - - // #85: without SANs, a certificate with a valid CN is accepted in a - // constrained chain if x509ignoreCN is set. - { - roots: []constraintsSpec{ - { - ok: []string{"dns:foo.com", "dns:.foo.com"}, - }, - }, - intermediates: [][]constraintsSpec{ - { - {}, - }, - }, - leaf: leafSpec{ - sans: []string{}, - cn: "foo.com", - }, - ignoreCN: true, - }, -} - -func makeConstraintsCACert(constraints constraintsSpec, name string, key *ecdsa.PrivateKey, parent *Certificate, parentKey *ecdsa.PrivateKey) (*Certificate, error) { - var serialBytes [16]byte - rand.Read(serialBytes[:]) - - template := &Certificate{ - SerialNumber: new(big.Int).SetBytes(serialBytes[:]), - Subject: pkix.Name{ - CommonName: name, - }, - NotBefore: time.Unix(1000, 0), - NotAfter: time.Unix(2000, 0), - KeyUsage: KeyUsageCertSign, - BasicConstraintsValid: true, - IsCA: true, - } - - if err := addConstraintsToTemplate(constraints, template); err != nil { - return nil, err - } - - if parent == nil { - parent = template - } - derBytes, err := CreateCertificate(rand.Reader, template, parent, &key.PublicKey, parentKey) - if err != nil { - return nil, err - } - - caCert, err := ParseCertificate(derBytes) - if err != nil { - return nil, err - } - - return caCert, nil -} - -func makeConstraintsLeafCert(leaf leafSpec, key *ecdsa.PrivateKey, parent *Certificate, parentKey *ecdsa.PrivateKey) (*Certificate, error) { - var serialBytes [16]byte - rand.Read(serialBytes[:]) - - template := &Certificate{ - SerialNumber: new(big.Int).SetBytes(serialBytes[:]), - Subject: pkix.Name{ - OrganizationalUnit: []string{"Leaf"}, - CommonName: leaf.cn, - }, - NotBefore: time.Unix(1000, 0), - NotAfter: time.Unix(2000, 0), - KeyUsage: KeyUsageDigitalSignature, - BasicConstraintsValid: true, - IsCA: false, - } - - for _, name := range leaf.sans { - switch { - case strings.HasPrefix(name, "dns:"): - template.DNSNames = append(template.DNSNames, name[4:]) - - case strings.HasPrefix(name, "ip:"): - ip := net.ParseIP(name[3:]) - if ip == nil { - return nil, fmt.Errorf("cannot parse IP %q", name[3:]) - } - template.IPAddresses = append(template.IPAddresses, ip) - - case strings.HasPrefix(name, "invalidip:"): - ipBytes, err := hex.DecodeString(name[10:]) - if err != nil { - return nil, fmt.Errorf("cannot parse invalid IP: %s", err) - } - template.IPAddresses = append(template.IPAddresses, net.IP(ipBytes)) - - case strings.HasPrefix(name, "email:"): - template.EmailAddresses = append(template.EmailAddresses, name[6:]) - - case strings.HasPrefix(name, "uri:"): - uri, err := url.Parse(name[4:]) - if err != nil { - return nil, fmt.Errorf("cannot parse URI %q: %s", name[4:], err) - } - template.URIs = append(template.URIs, uri) - - case strings.HasPrefix(name, "unknown:"): - // This is a special case for testing unknown - // name types. A custom SAN extension is - // injected into the certificate. - if len(leaf.sans) != 1 { - panic("when using unknown name types, it must be the sole name") - } - - template.ExtraExtensions = append(template.ExtraExtensions, pkix.Extension{ - Id: []int{2, 5, 29, 17}, - Value: []byte{ - 0x30, // SEQUENCE - 3, // three bytes - 9, // undefined GeneralName type 9 - 1, - 1, - }, - }) - - default: - return nil, fmt.Errorf("unknown name type %q", name) - } - } - - var err error - if template.ExtKeyUsage, template.UnknownExtKeyUsage, err = parseEKUs(leaf.ekus); err != nil { - return nil, err - } - - if parent == nil { - parent = template - } - - derBytes, err := CreateCertificate(rand.Reader, template, parent, &key.PublicKey, parentKey) - if err != nil { - return nil, err - } - - return ParseCertificate(derBytes) -} - -func customConstraintsExtension(typeNum int, constraint []byte, isExcluded bool) pkix.Extension { - appendConstraint := func(contents []byte, tag uint8) []byte { - contents = append(contents, tag|32 /* constructed */ |0x80 /* context-specific */) - contents = append(contents, byte(4+len(constraint)) /* length */) - contents = append(contents, 0x30 /* SEQUENCE */) - contents = append(contents, byte(2+len(constraint)) /* length */) - contents = append(contents, byte(typeNum) /* GeneralName type */) - contents = append(contents, byte(len(constraint))) - return append(contents, constraint...) - } - - var contents []byte - if !isExcluded { - contents = appendConstraint(contents, 0 /* tag 0 for permitted */) - } else { - contents = appendConstraint(contents, 1 /* tag 1 for excluded */) - } - - var value []byte - value = append(value, 0x30 /* SEQUENCE */) - value = append(value, byte(len(contents))) - value = append(value, contents...) - - return pkix.Extension{ - Id: []int{2, 5, 29, 30}, - Value: value, - } -} - -func addConstraintsToTemplate(constraints constraintsSpec, template *Certificate) error { - parse := func(constraints []string) (dnsNames []string, ips []*net.IPNet, emailAddrs []string, uriDomains []string, err error) { - for _, constraint := range constraints { - switch { - case strings.HasPrefix(constraint, "dns:"): - dnsNames = append(dnsNames, constraint[4:]) - - case strings.HasPrefix(constraint, "ip:"): - _, ipNet, err := net.ParseCIDR(constraint[3:]) - if err != nil { - return nil, nil, nil, nil, err - } - ips = append(ips, ipNet) - - case strings.HasPrefix(constraint, "email:"): - emailAddrs = append(emailAddrs, constraint[6:]) - - case strings.HasPrefix(constraint, "uri:"): - uriDomains = append(uriDomains, constraint[4:]) - - default: - return nil, nil, nil, nil, fmt.Errorf("unknown constraint %q", constraint) - } - } - - return dnsNames, ips, emailAddrs, uriDomains, err - } - - handleSpecialConstraint := func(constraint string, isExcluded bool) bool { - switch { - case constraint == "unknown:": - template.ExtraExtensions = append(template.ExtraExtensions, customConstraintsExtension(9 /* undefined GeneralName type */, []byte{1}, isExcluded)) - - default: - return false - } - - return true - } - - if len(constraints.ok) == 1 && len(constraints.bad) == 0 { - if handleSpecialConstraint(constraints.ok[0], false) { - return nil - } - } - - if len(constraints.bad) == 1 && len(constraints.ok) == 0 { - if handleSpecialConstraint(constraints.bad[0], true) { - return nil - } - } - - var err error - template.PermittedDNSDomains, template.PermittedIPRanges, template.PermittedEmailAddresses, template.PermittedURIDomains, err = parse(constraints.ok) - if err != nil { - return err - } - - template.ExcludedDNSDomains, template.ExcludedIPRanges, template.ExcludedEmailAddresses, template.ExcludedURIDomains, err = parse(constraints.bad) - if err != nil { - return err - } - - if template.ExtKeyUsage, template.UnknownExtKeyUsage, err = parseEKUs(constraints.ekus); err != nil { - return err - } - - return nil -} - -func parseEKUs(ekuStrs []string) (ekus []ExtKeyUsage, unknowns []asn1.ObjectIdentifier, err error) { - for _, s := range ekuStrs { - switch s { - case "serverAuth": - ekus = append(ekus, ExtKeyUsageServerAuth) - case "clientAuth": - ekus = append(ekus, ExtKeyUsageClientAuth) - case "email": - ekus = append(ekus, ExtKeyUsageEmailProtection) - case "netscapeSGC": - ekus = append(ekus, ExtKeyUsageNetscapeServerGatedCrypto) - case "msSGC": - ekus = append(ekus, ExtKeyUsageMicrosoftServerGatedCrypto) - case "any": - ekus = append(ekus, ExtKeyUsageAny) - case "other": - unknowns = append(unknowns, asn1.ObjectIdentifier{2, 4, 1, 2, 3}) - default: - return nil, nil, fmt.Errorf("unknown EKU %q", s) - } - } - - return -} - -func TestConstraintCases(t *testing.T) { - defer func(savedIgnoreCN bool) { - ignoreCN = savedIgnoreCN - }(ignoreCN) - - privateKeys := sync.Pool{ - New: func() interface{} { - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - panic(err) - } - return priv - }, - } - - for i, test := range nameConstraintsTests { - rootPool := NewCertPool() - rootKey := privateKeys.Get().(*ecdsa.PrivateKey) - rootName := "Root " + strconv.Itoa(i) - - // keys keeps track of all the private keys used in a given - // test and puts them back in the privateKeys pool at the end. - keys := []*ecdsa.PrivateKey{rootKey} - - // At each level (root, intermediate(s), leaf), parent points to - // an example parent certificate and parentKey the key for the - // parent level. Since all certificates at a given level have - // the same name and public key, any parent certificate is - // sufficient to get the correct issuer name and authority - // key ID. - var parent *Certificate - parentKey := rootKey - - for _, root := range test.roots { - rootCert, err := makeConstraintsCACert(root, rootName, rootKey, nil, rootKey) - if err != nil { - t.Fatalf("#%d: failed to create root: %s", i, err) - } - - parent = rootCert - rootPool.AddCert(rootCert) - } - - intermediatePool := NewCertPool() - - for level, intermediates := range test.intermediates { - levelKey := privateKeys.Get().(*ecdsa.PrivateKey) - keys = append(keys, levelKey) - levelName := "Intermediate level " + strconv.Itoa(level) - var last *Certificate - - for _, intermediate := range intermediates { - caCert, err := makeConstraintsCACert(intermediate, levelName, levelKey, parent, parentKey) - if err != nil { - t.Fatalf("#%d: failed to create %q: %s", i, levelName, err) - } - - last = caCert - intermediatePool.AddCert(caCert) - } - - parent = last - parentKey = levelKey - } - - leafKey := privateKeys.Get().(*ecdsa.PrivateKey) - keys = append(keys, leafKey) - - leafCert, err := makeConstraintsLeafCert(test.leaf, leafKey, parent, parentKey) - if err != nil { - t.Fatalf("#%d: cannot create leaf: %s", i, err) - } - - // Skip tests with CommonName set because OpenSSL will try to match it - // against name constraints, while we ignore it when it's not hostname-looking. - if !test.noOpenSSL && testNameConstraintsAgainstOpenSSL && test.leaf.cn == "" { - output, err := testChainAgainstOpenSSL(leafCert, intermediatePool, rootPool) - if err == nil && len(test.expectedError) > 0 { - t.Errorf("#%d: unexpectedly succeeded against OpenSSL", i) - if debugOpenSSLFailure { - return - } - } - - if err != nil { - if _, ok := err.(*exec.ExitError); !ok { - t.Errorf("#%d: OpenSSL failed to run: %s", i, err) - } else if len(test.expectedError) == 0 { - t.Errorf("#%d: OpenSSL unexpectedly failed: %v", i, output) - if debugOpenSSLFailure { - return - } - } - } - } - - ignoreCN = test.ignoreCN - verifyOpts := VerifyOptions{ - Roots: rootPool, - Intermediates: intermediatePool, - CurrentTime: time.Unix(1500, 0), - KeyUsages: test.requestedEKUs, - } - _, err = leafCert.Verify(verifyOpts) - - logInfo := true - if len(test.expectedError) == 0 { - if err != nil { - t.Errorf("#%d: unexpected failure: %s", i, err) - } else { - logInfo = false - } - } else { - if err == nil { - t.Errorf("#%d: unexpected success", i) - } else if !strings.Contains(err.Error(), test.expectedError) { - t.Errorf("#%d: expected error containing %q, but got: %s", i, test.expectedError, err) - } else { - logInfo = false - } - } - - if logInfo { - certAsPEM := func(cert *Certificate) string { - var buf bytes.Buffer - pem.Encode(&buf, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}) - return buf.String() - } - t.Errorf("#%d: root:\n%s", i, certAsPEM(rootPool.mustCert(0))) - t.Errorf("#%d: leaf:\n%s", i, certAsPEM(leafCert)) - } - - for _, key := range keys { - privateKeys.Put(key) - } - keys = keys[:0] - } -} - -func writePEMsToTempFile(certs []*Certificate) *os.File { - file, err := ioutil.TempFile("", "name_constraints_test") - if err != nil { - panic("cannot create tempfile") - } - - pemBlock := &pem.Block{Type: "CERTIFICATE"} - for _, cert := range certs { - pemBlock.Bytes = cert.Raw - pem.Encode(file, pemBlock) - } - - return file -} - -func allCerts(p *CertPool) []*Certificate { - all := make([]*Certificate, p.len()) - for i := range all { - all[i] = p.mustCert(i) - } - return all -} - -func testChainAgainstOpenSSL(leaf *Certificate, intermediates, roots *CertPool) (string, error) { - args := []string{"verify", "-no_check_time"} - - rootsFile := writePEMsToTempFile(allCerts(roots)) - if debugOpenSSLFailure { - println("roots file:", rootsFile.Name()) - } else { - defer os.Remove(rootsFile.Name()) - } - args = append(args, "-CAfile", rootsFile.Name()) - - if intermediates.len() > 0 { - intermediatesFile := writePEMsToTempFile(allCerts(intermediates)) - if debugOpenSSLFailure { - println("intermediates file:", intermediatesFile.Name()) - } else { - defer os.Remove(intermediatesFile.Name()) - } - args = append(args, "-untrusted", intermediatesFile.Name()) - } - - leafFile := writePEMsToTempFile([]*Certificate{leaf}) - if debugOpenSSLFailure { - println("leaf file:", leafFile.Name()) - } else { - defer os.Remove(leafFile.Name()) - } - args = append(args, leafFile.Name()) - - var output bytes.Buffer - cmd := exec.Command("openssl", args...) - cmd.Stdout = &output - cmd.Stderr = &output - - err := cmd.Run() - return output.String(), err -} - -var rfc2821Tests = []struct { - in string - localPart, domain string -}{ - {"foo@example.com", "foo", "example.com"}, - {"@example.com", "", ""}, - {"\"@example.com", "", ""}, - {"\"\"@example.com", "", "example.com"}, - {"\"a\"@example.com", "a", "example.com"}, - {"\"\\a\"@example.com", "a", "example.com"}, - {"a\"@example.com", "", ""}, - {"foo..bar@example.com", "", ""}, - {".foo.bar@example.com", "", ""}, - {"foo.bar.@example.com", "", ""}, - {"|{}?'@example.com", "|{}?'", "example.com"}, - - // Examples from RFC 3696 - {"Abc\\@def@example.com", "Abc@def", "example.com"}, - {"Fred\\ Bloggs@example.com", "Fred Bloggs", "example.com"}, - {"Joe.\\\\Blow@example.com", "Joe.\\Blow", "example.com"}, - {"\"Abc@def\"@example.com", "Abc@def", "example.com"}, - {"\"Fred Bloggs\"@example.com", "Fred Bloggs", "example.com"}, - {"customer/department=shipping@example.com", "customer/department=shipping", "example.com"}, - {"$A12345@example.com", "$A12345", "example.com"}, - {"!def!xyz%abc@example.com", "!def!xyz%abc", "example.com"}, - {"_somename@example.com", "_somename", "example.com"}, -} - -func TestRFC2821Parsing(t *testing.T) { - for i, test := range rfc2821Tests { - mailbox, ok := parseRFC2821Mailbox(test.in) - expectedFailure := len(test.localPart) == 0 && len(test.domain) == 0 - - if ok && expectedFailure { - t.Errorf("#%d: %q unexpectedly parsed as (%q, %q)", i, test.in, mailbox.local, mailbox.domain) - continue - } - - if !ok && !expectedFailure { - t.Errorf("#%d: unexpected failure for %q", i, test.in) - continue - } - - if !ok { - continue - } - - if mailbox.local != test.localPart || mailbox.domain != test.domain { - t.Errorf("#%d: %q parsed as (%q, %q), but wanted (%q, %q)", i, test.in, mailbox.local, mailbox.domain, test.localPart, test.domain) - } - } -} - -func TestBadNamesInConstraints(t *testing.T) { - constraintParseError := func(err error) bool { - str := err.Error() - return strings.Contains(str, "failed to parse ") && strings.Contains(str, "constraint") - } - - encodingError := func(err error) bool { - return strings.Contains(err.Error(), "cannot be encoded as an IA5String") - } - - // Bad names in constraints should not parse. - badNames := []struct { - name string - matcher func(error) bool - }{ - {"dns:foo.com.", constraintParseError}, - {"email:abc@foo.com.", constraintParseError}, - {"email:foo.com.", constraintParseError}, - {"uri:example.com.", constraintParseError}, - {"uri:1.2.3.4", constraintParseError}, - {"uri:ffff::1", constraintParseError}, - {"dns:not–hyphen.com", encodingError}, - {"email:foo@not–hyphen.com", encodingError}, - {"uri:not–hyphen.com", encodingError}, - } - - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - panic(err) - } - - for _, test := range badNames { - _, err := makeConstraintsCACert(constraintsSpec{ - ok: []string{test.name}, - }, "TestAbsoluteNamesInConstraints", priv, nil, priv) - - if err == nil { - t.Errorf("bad name %q unexpectedly accepted in name constraint", test.name) - continue - } else { - if !test.matcher(err) { - t.Errorf("bad name %q triggered unrecognised error: %s", test.name, err) - } - } - } -} - -func TestBadNamesInSANs(t *testing.T) { - // Bad names in URI and IP SANs should not parse. Bad DNS and email SANs - // will parse and are tested in name constraint tests at the top of this - // file. - badNames := []string{ - "uri:https://example.com./dsf", - "invalidip:0102", - "invalidip:0102030405", - } - - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - panic(err) - } - - for _, badName := range badNames { - _, err := makeConstraintsLeafCert(leafSpec{sans: []string{badName}}, priv, nil, priv) - - if err == nil { - t.Errorf("bad name %q unexpectedly accepted in SAN", badName) - continue - } - - if str := err.Error(); !strings.Contains(str, "cannot parse ") { - t.Errorf("bad name %q triggered unrecognised error: %s", badName, str) - } - } -} diff --git a/tempfork/x509/pem_decrypt.go b/tempfork/x509/pem_decrypt.go deleted file mode 100644 index 93d1e4a92..000000000 --- a/tempfork/x509/pem_decrypt.go +++ /dev/null @@ -1,240 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -// RFC 1423 describes the encryption of PEM blocks. The algorithm used to -// generate a key from the password was derived by looking at the OpenSSL -// implementation. - -import ( - "crypto/aes" - "crypto/cipher" - "crypto/des" - "crypto/md5" - "encoding/hex" - "encoding/pem" - "errors" - "io" - "strings" -) - -type PEMCipher int - -// Possible values for the EncryptPEMBlock encryption algorithm. -const ( - _ PEMCipher = iota - PEMCipherDES - PEMCipher3DES - PEMCipherAES128 - PEMCipherAES192 - PEMCipherAES256 -) - -// rfc1423Algo holds a method for enciphering a PEM block. -type rfc1423Algo struct { - cipher PEMCipher - name string - cipherFunc func(key []byte) (cipher.Block, error) - keySize int - blockSize int -} - -// rfc1423Algos holds a slice of the possible ways to encrypt a PEM -// block. The ivSize numbers were taken from the OpenSSL source. -var rfc1423Algos = []rfc1423Algo{{ - cipher: PEMCipherDES, - name: "DES-CBC", - cipherFunc: des.NewCipher, - keySize: 8, - blockSize: des.BlockSize, -}, { - cipher: PEMCipher3DES, - name: "DES-EDE3-CBC", - cipherFunc: des.NewTripleDESCipher, - keySize: 24, - blockSize: des.BlockSize, -}, { - cipher: PEMCipherAES128, - name: "AES-128-CBC", - cipherFunc: aes.NewCipher, - keySize: 16, - blockSize: aes.BlockSize, -}, { - cipher: PEMCipherAES192, - name: "AES-192-CBC", - cipherFunc: aes.NewCipher, - keySize: 24, - blockSize: aes.BlockSize, -}, { - cipher: PEMCipherAES256, - name: "AES-256-CBC", - cipherFunc: aes.NewCipher, - keySize: 32, - blockSize: aes.BlockSize, -}, -} - -// deriveKey uses a key derivation function to stretch the password into a key -// with the number of bits our cipher requires. This algorithm was derived from -// the OpenSSL source. -func (c rfc1423Algo) deriveKey(password, salt []byte) []byte { - hash := md5.New() - out := make([]byte, c.keySize) - var digest []byte - - for i := 0; i < len(out); i += len(digest) { - hash.Reset() - hash.Write(digest) - hash.Write(password) - hash.Write(salt) - digest = hash.Sum(digest[:0]) - copy(out[i:], digest) - } - return out -} - -// IsEncryptedPEMBlock returns if the PEM block is password encrypted. -func IsEncryptedPEMBlock(b *pem.Block) bool { - _, ok := b.Headers["DEK-Info"] - return ok -} - -// IncorrectPasswordError is returned when an incorrect password is detected. -var IncorrectPasswordError = errors.New("x509: decryption password incorrect") - -// DecryptPEMBlock takes a password encrypted PEM block and the password used to -// encrypt it and returns a slice of decrypted DER encoded bytes. It inspects -// the DEK-Info header to determine the algorithm used for decryption. If no -// DEK-Info header is present, an error is returned. If an incorrect password -// is detected an IncorrectPasswordError is returned. Because of deficiencies -// in the encrypted-PEM format, it's not always possible to detect an incorrect -// password. In these cases no error will be returned but the decrypted DER -// bytes will be random noise. -func DecryptPEMBlock(b *pem.Block, password []byte) ([]byte, error) { - dek, ok := b.Headers["DEK-Info"] - if !ok { - return nil, errors.New("x509: no DEK-Info header in block") - } - - idx := strings.Index(dek, ",") - if idx == -1 { - return nil, errors.New("x509: malformed DEK-Info header") - } - - mode, hexIV := dek[:idx], dek[idx+1:] - ciph := cipherByName(mode) - if ciph == nil { - return nil, errors.New("x509: unknown encryption mode") - } - iv, err := hex.DecodeString(hexIV) - if err != nil { - return nil, err - } - if len(iv) != ciph.blockSize { - return nil, errors.New("x509: incorrect IV size") - } - - // Based on the OpenSSL implementation. The salt is the first 8 bytes - // of the initialization vector. - key := ciph.deriveKey(password, iv[:8]) - block, err := ciph.cipherFunc(key) - if err != nil { - return nil, err - } - - if len(b.Bytes)%block.BlockSize() != 0 { - return nil, errors.New("x509: encrypted PEM data is not a multiple of the block size") - } - - data := make([]byte, len(b.Bytes)) - dec := cipher.NewCBCDecrypter(block, iv) - dec.CryptBlocks(data, b.Bytes) - - // Blocks are padded using a scheme where the last n bytes of padding are all - // equal to n. It can pad from 1 to blocksize bytes inclusive. See RFC 1423. - // For example: - // [x y z 2 2] - // [x y 7 7 7 7 7 7 7] - // If we detect a bad padding, we assume it is an invalid password. - dlen := len(data) - if dlen == 0 || dlen%ciph.blockSize != 0 { - return nil, errors.New("x509: invalid padding") - } - last := int(data[dlen-1]) - if dlen < last { - return nil, IncorrectPasswordError - } - if last == 0 || last > ciph.blockSize { - return nil, IncorrectPasswordError - } - for _, val := range data[dlen-last:] { - if int(val) != last { - return nil, IncorrectPasswordError - } - } - return data[:dlen-last], nil -} - -// EncryptPEMBlock returns a PEM block of the specified type holding the -// given DER-encoded data encrypted with the specified algorithm and -// password. -func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, alg PEMCipher) (*pem.Block, error) { - ciph := cipherByKey(alg) - if ciph == nil { - return nil, errors.New("x509: unknown encryption mode") - } - iv := make([]byte, ciph.blockSize) - if _, err := io.ReadFull(rand, iv); err != nil { - return nil, errors.New("x509: cannot generate IV: " + err.Error()) - } - // The salt is the first 8 bytes of the initialization vector, - // matching the key derivation in DecryptPEMBlock. - key := ciph.deriveKey(password, iv[:8]) - block, err := ciph.cipherFunc(key) - if err != nil { - return nil, err - } - enc := cipher.NewCBCEncrypter(block, iv) - pad := ciph.blockSize - len(data)%ciph.blockSize - encrypted := make([]byte, len(data), len(data)+pad) - // We could save this copy by encrypting all the whole blocks in - // the data separately, but it doesn't seem worth the additional - // code. - copy(encrypted, data) - // See RFC 1423, Section 1.1. - for i := 0; i < pad; i++ { - encrypted = append(encrypted, byte(pad)) - } - enc.CryptBlocks(encrypted, encrypted) - - return &pem.Block{ - Type: blockType, - Headers: map[string]string{ - "Proc-Type": "4,ENCRYPTED", - "DEK-Info": ciph.name + "," + hex.EncodeToString(iv), - }, - Bytes: encrypted, - }, nil -} - -func cipherByName(name string) *rfc1423Algo { - for i := range rfc1423Algos { - alg := &rfc1423Algos[i] - if alg.name == name { - return alg - } - } - return nil -} - -func cipherByKey(key PEMCipher) *rfc1423Algo { - for i := range rfc1423Algos { - alg := &rfc1423Algos[i] - if alg.cipher == key { - return alg - } - } - return nil -} diff --git a/tempfork/x509/pem_decrypt_test.go b/tempfork/x509/pem_decrypt_test.go deleted file mode 100644 index dacef8b86..000000000 --- a/tempfork/x509/pem_decrypt_test.go +++ /dev/null @@ -1,249 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "bytes" - "crypto/rand" - "encoding/base64" - "encoding/pem" - "strings" - "testing" -) - -func TestDecrypt(t *testing.T) { - for i, data := range testData { - t.Logf("test %v. %v", i, data.kind) - block, rest := pem.Decode(data.pemData) - if len(rest) > 0 { - t.Error("extra data") - } - der, err := DecryptPEMBlock(block, data.password) - if err != nil { - t.Error("decrypt failed: ", err) - continue - } - if _, err := ParsePKCS1PrivateKey(der); err != nil { - t.Error("invalid private key: ", err) - } - plainDER, err := base64.StdEncoding.DecodeString(data.plainDER) - if err != nil { - t.Fatal("cannot decode test DER data: ", err) - } - if !bytes.Equal(der, plainDER) { - t.Error("data mismatch") - } - } -} - -func TestEncrypt(t *testing.T) { - for i, data := range testData { - t.Logf("test %v. %v", i, data.kind) - plainDER, err := base64.StdEncoding.DecodeString(data.plainDER) - if err != nil { - t.Fatal("cannot decode test DER data: ", err) - } - password := []byte("kremvax1") - block, err := EncryptPEMBlock(rand.Reader, "RSA PRIVATE KEY", plainDER, password, data.kind) - if err != nil { - t.Error("encrypt: ", err) - continue - } - if !IsEncryptedPEMBlock(block) { - t.Error("PEM block does not appear to be encrypted") - } - if block.Type != "RSA PRIVATE KEY" { - t.Errorf("unexpected block type; got %q want %q", block.Type, "RSA PRIVATE KEY") - } - if block.Headers["Proc-Type"] != "4,ENCRYPTED" { - t.Errorf("block does not have correct Proc-Type header") - } - der, err := DecryptPEMBlock(block, password) - if err != nil { - t.Error("decrypt: ", err) - continue - } - if !bytes.Equal(der, plainDER) { - t.Errorf("data mismatch") - } - } -} - -var testData = []struct { - kind PEMCipher - password []byte - pemData []byte - plainDER string -}{ - { - kind: PEMCipherDES, - password: []byte("asdf"), - pemData: []byte(testingKey(` ------BEGIN RSA TESTING KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,34F09A4FC8DE22B5 - -WXxy8kbZdiZvANtKvhmPBLV7eVFj2A5z6oAxvI9KGyhG0ZK0skfnt00C24vfU7m5 -ICXeoqP67lzJ18xCzQfHjDaBNs53DSDT+Iz4e8QUep1xQ30+8QKX2NA2coee3nwc -6oM1cuvhNUDemBH2i3dKgMVkfaga0zQiiOq6HJyGSncCMSruQ7F9iWEfRbFcxFCx -qtHb1kirfGKEtgWTF+ynyco6+2gMXNu70L7nJcnxnV/RLFkHt7AUU1yrclxz7eZz -XOH9VfTjb52q/I8Suozq9coVQwg4tXfIoYUdT//O+mB7zJb9HI9Ps77b9TxDE6Gm -4C9brwZ3zg2vqXcwwV6QRZMtyll9rOpxkbw6NPlpfBqkc3xS51bbxivbO/Nve4KD -r12ymjFNF4stXCfJnNqKoZ50BHmEEUDu5Wb0fpVn82XrGw7CYc4iug== ------END RSA TESTING KEY-----`)), - plainDER: ` -MIIBPAIBAAJBAPASZe+tCPU6p80AjHhDkVsLYa51D35e/YGa8QcZyooeZM8EHozo -KD0fNiKI+53bHdy07N+81VQ8/ejPcRoXPlsCAwEAAQJBAMTxIuSq27VpR+zZ7WJf -c6fvv1OBvpMZ0/d1pxL/KnOAgq2rD5hDtk9b0LGhTPgQAmrrMTKuSeGoIuYE+gKQ -QvkCIQD+GC1m+/do+QRurr0uo46Kx1LzLeSCrjBk34wiOp2+dwIhAPHfTLRXS2fv -7rljm0bYa4+eDZpz+E8RcXEgzhhvcQQ9AiAI5eHZJGOyml3MXnQjiPi55WcDOw0w -glcRgT6QCEtz2wIhANSyqaFtosIkHKqrDUGfz/bb5tqMYTAnBruVPaf/WEOBAiEA -9xORWeRG1tRpso4+dYy4KdDkuLPIO01KY6neYGm3BCM=`, - }, - { - kind: PEMCipher3DES, - password: []byte("asdf"), - pemData: []byte(testingKey(` ------BEGIN RSA TESTING KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,C1F4A6A03682C2C7 - -0JqVdBEH6iqM7drTkj+e2W/bE3LqakaiWhb9WUVonFkhyu8ca/QzebY3b5gCvAZQ -YwBvDcT/GHospKqPx+cxDHJNsUASDZws6bz8ZXWJGwZGExKzr0+Qx5fgXn44Ms3x -8g1ENFuTXtxo+KoNK0zuAMAqp66Llcds3Fjl4XR18QaD0CrVNAfOdgATWZm5GJxk -Fgx5f84nT+/ovvreG+xeOzWgvtKo0UUZVrhGOgfKLpa57adumcJ6SkUuBtEFpZFB -ldw5w7WC7d13x2LsRkwo8ZrDKgIV+Y9GNvhuCCkTzNP0V3gNeJpd201HZHR+9n3w -3z0VjR/MGqsfcy1ziEWMNOO53At3zlG6zP05aHMnMcZoVXadEK6L1gz++inSSDCq -gI0UJP4e3JVB7AkgYymYAwiYALAkoEIuanxoc50njJk= ------END RSA TESTING KEY-----`)), - plainDER: ` -MIIBOwIBAAJBANOCXKdoNS/iP/MAbl9cf1/SF3P+Ns7ZeNL27CfmDh0O6Zduaax5 -NBiumd2PmjkaCu7lQ5JOibHfWn+xJsc3kw0CAwEAAQJANX/W8d1Q/sCqzkuAn4xl -B5a7qfJWaLHndu1QRLNTRJPn0Ee7OKJ4H0QKOhQM6vpjRrz+P2u9thn6wUxoPsef -QQIhAP/jCkfejFcy4v15beqKzwz08/tslVjF+Yq41eJGejmxAiEA05pMoqfkyjcx -fyvGhpoOyoCp71vSGUfR2I9CR65oKh0CIC1Msjs66LlfJtQctRq6bCEtFCxEcsP+ -eEjYo/Sk6WphAiEAxpgWPMJeU/shFT28gS+tmhjPZLpEoT1qkVlC14u0b3ECIQDX -tZZZxCtPAm7shftEib0VU77Lk8MsXJcx2C4voRsjEw==`, - }, - { - kind: PEMCipherAES128, - password: []byte("asdf"), - pemData: []byte(testingKey(` ------BEGIN RSA TESTING KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,D4492E793FC835CC038A728ED174F78A - -EyfQSzXSjv6BaNH+NHdXRlkHdimpF9izWlugVJAPApgXrq5YldPe2aGIOFXyJ+QE -ZIG20DYqaPzJRjTEbPNZ6Es0S2JJ5yCpKxwJuDkgJZKtF39Q2i36JeGbSZQIuWJE -GZbBpf1jDH/pr0iGonuAdl2PCCZUiy+8eLsD2tyviHUkFLOB+ykYoJ5t8ngZ/B6D -33U43LLb7+9zD4y3Q9OVHqBFGyHcxCY9+9Qh4ZnFp7DTf6RY5TNEvE3s4g6aDpBs -3NbvRVvYTgs8K9EPk4K+5R+P2kD8J8KvEIGxVa1vz8QoCJ/jr7Ka2rvNgPCex5/E -080LzLHPCrXKdlr/f50yhNWq08ZxMWQFkui+FDHPDUaEELKAXV8/5PDxw80Rtybo -AVYoCVIbZXZCuCO81op8UcOgEpTtyU5Lgh3Mw5scQL0= ------END RSA TESTING KEY-----`)), - plainDER: ` -MIIBOgIBAAJBAMBlj5FxYtqbcy8wY89d/S7n0+r5MzD9F63BA/Lpl78vQKtdJ5dT -cDGh/rBt1ufRrNp0WihcmZi7Mpl/3jHjiWECAwEAAQJABNOHYnKhtDIqFYj1OAJ3 -k3GlU0OlERmIOoeY/cL2V4lgwllPBEs7r134AY4wMmZSBUj8UR/O4SNO668ElKPE -cQIhAOuqY7/115x5KCdGDMWi+jNaMxIvI4ETGwV40ykGzqlzAiEA0P9oEC3m9tHB -kbpjSTxaNkrXxDgdEOZz8X0uOUUwHNsCIAwzcSCiGLyYJTULUmP1ESERfW1mlV78 -XzzESaJpIM/zAiBQkSTcl9VhcJreQqvjn5BnPZLP4ZHS4gPwJAGdsj5J4QIhAOVR -B3WlRNTXR2WsJ5JdByezg9xzdXzULqmga0OE339a`, - }, - { - kind: PEMCipherAES192, - password: []byte("asdf"), - pemData: []byte(testingKey(` ------BEGIN RSA TESTING KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,E2C9FB02BCA23ADE1829F8D8BC5F5369 - -cqVslvHqDDM6qwU6YjezCRifXmKsrgEev7ng6Qs7UmDJOpHDgJQZI9fwMFUhIyn5 -FbCu1SHkLMW52Ld3CuEqMnzWMlhPrW8tFvUOrMWPYSisv7nNq88HobZEJcUNL2MM -Y15XmHW6IJwPqhKyLHpWXyOCVEh4ODND2nV15PCoi18oTa475baxSk7+1qH7GuIs -Rb7tshNTMqHbCpyo9Rn3UxeFIf9efdl8YLiMoIqc7J8E5e9VlbeQSdLMQOgDAQJG -ReUtTw8exmKsY4gsSjhkg5uiw7/ZB1Ihto0qnfQJgjGc680qGkT1d6JfvOfeYAk6 -xn5RqS/h8rYAYm64KnepfC9vIujo4NqpaREDmaLdX5MJPQ+SlytITQvgUsUq3q/t -Ss85xjQEZH3hzwjQqdJvmA4hYP6SUjxYpBM+02xZ1Xw= ------END RSA TESTING KEY-----`)), - plainDER: ` -MIIBOwIBAAJBAMGcRrZiNNmtF20zyS6MQ7pdGx17aFDl+lTl+qnLuJRUCMUG05xs -OmxmL/O1Qlf+bnqR8Bgg65SfKg21SYuLhiMCAwEAAQJBAL94uuHyO4wux2VC+qpj -IzPykjdU7XRcDHbbvksf4xokSeUFjjD3PB0Qa83M94y89ZfdILIqS9x5EgSB4/lX -qNkCIQD6cCIqLfzq/lYbZbQgAAjpBXeQVYsbvVtJrPrXJAlVVQIhAMXpDKMeFPMn -J0g2rbx1gngx0qOa5r5iMU5w/noN4W2XAiBjf+WzCG5yFvazD+dOx3TC0A8+4x3P -uZ3pWbaXf5PNuQIgAcdXarvhelH2w2piY1g3BPeFqhzBSCK/yLGxR82KIh8CIQDD -+qGKsd09NhQ/G27y/DARzOYtml1NvdmCQAgsDIIOLA==`, - }, - { - kind: PEMCipherAES256, - password: []byte("asdf"), - pemData: []byte(testingKey(` ------BEGIN RSA TESTING KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,8E7ED5CD731902CE938957A886A5FFBD - -4Mxr+KIzRVwoOP0wwq6caSkvW0iS+GE2h2Ov/u+n9ZTMwL83PRnmjfjzBgfRZLVf -JFPXxUK26kMNpIdssNnqGOds+DhB+oSrsNKoxgxSl5OBoYv9eJTVYm7qOyAFIsjr -DRKAcjYCmzfesr7PVTowwy0RtHmYwyXMGDlAzzZrEvaiySFFmMyKKvtoavwaFoc7 -Pz3RZScwIuubzTGJ1x8EzdffYOsdCa9Mtgpp3L136+23dOd6L/qK2EG2fzrJSHs/ -2XugkleBFSMKzEp9mxXKRfa++uidQvMZTFLDK9w5YjrRvMBo/l2BoZIsq0jAIE1N -sv5Z/KwlX+3MDEpPQpUwGPlGGdLnjI3UZ+cjgqBcoMiNc6HfgbBgYJSU6aDSHuCk -clCwByxWkBNgJ2GrkwNrF26v+bGJJJNR4SKouY1jQf0= ------END RSA TESTING KEY-----`)), - plainDER: ` -MIIBOgIBAAJBAKy3GFkstoCHIEeUU/qO8207m8WSrjksR+p9B4tf1w5k+2O1V/GY -AQ5WFCApItcOkQe/I0yZZJk/PmCqMzSxrc8CAwEAAQJAOCAz0F7AW9oNelVQSP8F -Sfzx7O1yom+qWyAQQJF/gFR11gpf9xpVnnyu1WxIRnDUh1LZwUsjwlDYb7MB74id -oQIhANPcOiLwOPT4sIUpRM5HG6BF1BI7L77VpyGVk8xNP7X/AiEA0LMHZtk4I+lJ -nClgYp4Yh2JZ1Znbu7IoQMCEJCjwKDECIGd8Dzm5tViTkUW6Hs3Tlf73nNs65duF -aRnSglss8I3pAiEAonEnKruawgD8RavDFR+fUgmQiPz4FnGGeVgfwpGG1JECIBYq -PXHYtPqxQIbD2pScR5qum7iGUh11lEUPkmt+2uqS`, - }, - { - // generated with: - // openssl genrsa -aes128 -passout pass:asdf -out server.orig.key 128 - kind: PEMCipherAES128, - password: []byte("asdf"), - pemData: []byte(testingKey(` ------BEGIN RSA TESTING KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,74611ABC2571AF11B1BF9B69E62C89E7 - -6ei/MlytjE0FFgZOGQ+jrwomKfpl8kdefeE0NSt/DMRrw8OacHAzBNi3pPEa0eX3 -eND9l7C9meCirWovjj9QWVHrXyugFuDIqgdhQ8iHTgCfF3lrmcttVrbIfMDw+smD -hTP8O1mS/MHl92NE0nhv0w== ------END RSA TESTING KEY-----`)), - plainDER: ` -MGMCAQACEQC6ssxmYuauuHGOCDAI54RdAgMBAAECEQCWIn6Yv2O+kBcDF7STctKB -AgkA8SEfu/2i3g0CCQDGNlXbBHX7kQIIK3Ww5o0cYbECCQDCimPb0dYGsQIIeQ7A -jryIst8=`, - }, -} - -var incompleteBlockPEM = testingKey(` ------BEGIN RSA TESTING KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,74611ABC2571AF11B1BF9B69E62C89E7 - -6L8yXK2MTQUWBk4ZD6OvCiYp+mXyR1594TQ1K38MxGvDw5pwcDME2Lek8RrR5fd40P2XsL2Z4KKt -ai+OP1BZUetfK6AW4MiqB2FDyIdOAJ8XeWuZy21Wtsh8wPD6yYOFM/w7WZL8weX3Y0TSeG/T ------END RSA TESTING KEY-----`) - -func TestIncompleteBlock(t *testing.T) { - // incompleteBlockPEM contains ciphertext that is not a multiple of the - // block size. This previously panicked. See #11215. - block, _ := pem.Decode([]byte(incompleteBlockPEM)) - _, err := DecryptPEMBlock(block, []byte("foo")) - if err == nil { - t.Fatal("Bad PEM data decrypted successfully") - } - const expectedSubstr = "block size" - if e := err.Error(); !strings.Contains(e, expectedSubstr) { - t.Fatalf("Expected error containing %q but got: %q", expectedSubstr, e) - } -} - -func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") } diff --git a/tempfork/x509/pkcs1.go b/tempfork/x509/pkcs1.go deleted file mode 100644 index a48c6f9d6..000000000 --- a/tempfork/x509/pkcs1.go +++ /dev/null @@ -1,173 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "crypto/rsa" - "encoding/asn1" - "errors" - "math/big" -) - -// pkcs1PrivateKey is a structure which mirrors the PKCS#1 ASN.1 for an RSA private key. -type pkcs1PrivateKey struct { - Version int - N *big.Int - E int - D *big.Int - P *big.Int - Q *big.Int - // We ignore these values, if present, because rsa will calculate them. - Dp *big.Int `asn1:"optional"` - Dq *big.Int `asn1:"optional"` - Qinv *big.Int `asn1:"optional"` - - AdditionalPrimes []pkcs1AdditionalRSAPrime `asn1:"optional,omitempty"` -} - -type pkcs1AdditionalRSAPrime struct { - Prime *big.Int - - // We ignore these values because rsa will calculate them. - Exp *big.Int - Coeff *big.Int -} - -// pkcs1PublicKey reflects the ASN.1 structure of a PKCS#1 public key. -type pkcs1PublicKey struct { - N *big.Int - E int -} - -// ParsePKCS1PrivateKey parses an RSA private key in PKCS#1, ASN.1 DER form. -// -// This kind of key is commonly encoded in PEM blocks of type "RSA PRIVATE KEY". -func ParsePKCS1PrivateKey(der []byte) (*rsa.PrivateKey, error) { - var priv pkcs1PrivateKey - rest, err := asn1.Unmarshal(der, &priv) - if len(rest) > 0 { - return nil, asn1.SyntaxError{Msg: "trailing data"} - } - if err != nil { - if _, err := asn1.Unmarshal(der, &ecPrivateKey{}); err == nil { - return nil, errors.New("x509: failed to parse private key (use ParseECPrivateKey instead for this key format)") - } - if _, err := asn1.Unmarshal(der, &pkcs8{}); err == nil { - return nil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)") - } - return nil, err - } - - if priv.Version > 1 { - return nil, errors.New("x509: unsupported private key version") - } - - if priv.N.Sign() <= 0 || priv.D.Sign() <= 0 || priv.P.Sign() <= 0 || priv.Q.Sign() <= 0 { - return nil, errors.New("x509: private key contains zero or negative value") - } - - key := new(rsa.PrivateKey) - key.PublicKey = rsa.PublicKey{ - E: priv.E, - N: priv.N, - } - - key.D = priv.D - key.Primes = make([]*big.Int, 2+len(priv.AdditionalPrimes)) - key.Primes[0] = priv.P - key.Primes[1] = priv.Q - for i, a := range priv.AdditionalPrimes { - if a.Prime.Sign() <= 0 { - return nil, errors.New("x509: private key contains zero or negative prime") - } - key.Primes[i+2] = a.Prime - // We ignore the other two values because rsa will calculate - // them as needed. - } - - err = key.Validate() - if err != nil { - return nil, err - } - key.Precompute() - - return key, nil -} - -// MarshalPKCS1PrivateKey converts an RSA private key to PKCS#1, ASN.1 DER form. -// -// This kind of key is commonly encoded in PEM blocks of type "RSA PRIVATE KEY". -// For a more flexible key format which is not RSA specific, use -// MarshalPKCS8PrivateKey. -func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte { - key.Precompute() - - version := 0 - if len(key.Primes) > 2 { - version = 1 - } - - priv := pkcs1PrivateKey{ - Version: version, - N: key.N, - E: key.PublicKey.E, - D: key.D, - P: key.Primes[0], - Q: key.Primes[1], - Dp: key.Precomputed.Dp, - Dq: key.Precomputed.Dq, - Qinv: key.Precomputed.Qinv, - } - - priv.AdditionalPrimes = make([]pkcs1AdditionalRSAPrime, len(key.Precomputed.CRTValues)) - for i, values := range key.Precomputed.CRTValues { - priv.AdditionalPrimes[i].Prime = key.Primes[2+i] - priv.AdditionalPrimes[i].Exp = values.Exp - priv.AdditionalPrimes[i].Coeff = values.Coeff - } - - b, _ := asn1.Marshal(priv) - return b -} - -// ParsePKCS1PublicKey parses an RSA public key in PKCS#1, ASN.1 DER form. -// -// This kind of key is commonly encoded in PEM blocks of type "RSA PUBLIC KEY". -func ParsePKCS1PublicKey(der []byte) (*rsa.PublicKey, error) { - var pub pkcs1PublicKey - rest, err := asn1.Unmarshal(der, &pub) - if err != nil { - if _, err := asn1.Unmarshal(der, &publicKeyInfo{}); err == nil { - return nil, errors.New("x509: failed to parse public key (use ParsePKIXPublicKey instead for this key format)") - } - return nil, err - } - if len(rest) > 0 { - return nil, asn1.SyntaxError{Msg: "trailing data"} - } - - if pub.N.Sign() <= 0 || pub.E <= 0 { - return nil, errors.New("x509: public key contains zero or negative value") - } - if pub.E > 1<<31-1 { - return nil, errors.New("x509: public key contains large public exponent") - } - - return &rsa.PublicKey{ - E: pub.E, - N: pub.N, - }, nil -} - -// MarshalPKCS1PublicKey converts an RSA public key to PKCS#1, ASN.1 DER form. -// -// This kind of key is commonly encoded in PEM blocks of type "RSA PUBLIC KEY". -func MarshalPKCS1PublicKey(key *rsa.PublicKey) []byte { - derBytes, _ := asn1.Marshal(pkcs1PublicKey{ - N: key.N, - E: key.E, - }) - return derBytes -} diff --git a/tempfork/x509/pkcs8.go b/tempfork/x509/pkcs8.go deleted file mode 100644 index ec4ab10c5..000000000 --- a/tempfork/x509/pkcs8.go +++ /dev/null @@ -1,136 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "crypto/ecdsa" - "crypto/ed25519" - "crypto/rsa" - "crypto/x509/pkix" - "encoding/asn1" - "errors" - "fmt" -) - -// pkcs8 reflects an ASN.1, PKCS#8 PrivateKey. See -// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn -// and RFC 5208. -type pkcs8 struct { - Version int - Algo pkix.AlgorithmIdentifier - PrivateKey []byte - // optional attributes omitted. -} - -// ParsePKCS8PrivateKey parses an unencrypted private key in PKCS#8, ASN.1 DER form. -// -// It returns a *rsa.PrivateKey, a *ecdsa.PrivateKey, or a ed25519.PrivateKey. -// More types might be supported in the future. -// -// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY". -func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) { - var privKey pkcs8 - if _, err := asn1.Unmarshal(der, &privKey); err != nil { - if _, err := asn1.Unmarshal(der, &ecPrivateKey{}); err == nil { - return nil, errors.New("x509: failed to parse private key (use ParseECPrivateKey instead for this key format)") - } - if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil { - return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)") - } - return nil, err - } - switch { - case privKey.Algo.Algorithm.Equal(oidPublicKeyRSA): - key, err = ParsePKCS1PrivateKey(privKey.PrivateKey) - if err != nil { - return nil, errors.New("x509: failed to parse RSA private key embedded in PKCS#8: " + err.Error()) - } - return key, nil - - case privKey.Algo.Algorithm.Equal(oidPublicKeyECDSA): - bytes := privKey.Algo.Parameters.FullBytes - namedCurveOID := new(asn1.ObjectIdentifier) - if _, err := asn1.Unmarshal(bytes, namedCurveOID); err != nil { - namedCurveOID = nil - } - key, err = parseECPrivateKey(namedCurveOID, privKey.PrivateKey) - if err != nil { - return nil, errors.New("x509: failed to parse EC private key embedded in PKCS#8: " + err.Error()) - } - return key, nil - - case privKey.Algo.Algorithm.Equal(oidPublicKeyEd25519): - if l := len(privKey.Algo.Parameters.FullBytes); l != 0 { - return nil, errors.New("x509: invalid Ed25519 private key parameters") - } - var curvePrivateKey []byte - if _, err := asn1.Unmarshal(privKey.PrivateKey, &curvePrivateKey); err != nil { - return nil, fmt.Errorf("x509: invalid Ed25519 private key: %v", err) - } - if l := len(curvePrivateKey); l != ed25519.SeedSize { - return nil, fmt.Errorf("x509: invalid Ed25519 private key length: %d", l) - } - return ed25519.NewKeyFromSeed(curvePrivateKey), nil - - default: - return nil, fmt.Errorf("x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", privKey.Algo.Algorithm) - } -} - -// MarshalPKCS8PrivateKey converts a private key to PKCS#8, ASN.1 DER form. -// -// The following key types are currently supported: *rsa.PrivateKey, *ecdsa.PrivateKey -// and ed25519.PrivateKey. Unsupported key types result in an error. -// -// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY". -func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) { - var privKey pkcs8 - - switch k := key.(type) { - case *rsa.PrivateKey: - privKey.Algo = pkix.AlgorithmIdentifier{ - Algorithm: oidPublicKeyRSA, - Parameters: asn1.NullRawValue, - } - privKey.PrivateKey = MarshalPKCS1PrivateKey(k) - - case *ecdsa.PrivateKey: - oid, ok := oidFromNamedCurve(k.Curve) - if !ok { - return nil, errors.New("x509: unknown curve while marshaling to PKCS#8") - } - - oidBytes, err := asn1.Marshal(oid) - if err != nil { - return nil, errors.New("x509: failed to marshal curve OID: " + err.Error()) - } - - privKey.Algo = pkix.AlgorithmIdentifier{ - Algorithm: oidPublicKeyECDSA, - Parameters: asn1.RawValue{ - FullBytes: oidBytes, - }, - } - - if privKey.PrivateKey, err = marshalECPrivateKeyWithOID(k, nil); err != nil { - return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error()) - } - - case ed25519.PrivateKey: - privKey.Algo = pkix.AlgorithmIdentifier{ - Algorithm: oidPublicKeyEd25519, - } - curvePrivateKey, err := asn1.Marshal(k.Seed()) - if err != nil { - return nil, fmt.Errorf("x509: failed to marshal private key: %v", err) - } - privKey.PrivateKey = curvePrivateKey - - default: - return nil, fmt.Errorf("x509: unknown key type while marshaling PKCS#8: %T", key) - } - - return asn1.Marshal(privKey) -} diff --git a/tempfork/x509/pkcs8_test.go b/tempfork/x509/pkcs8_test.go deleted file mode 100644 index cb7ee4c16..000000000 --- a/tempfork/x509/pkcs8_test.go +++ /dev/null @@ -1,140 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "bytes" - "crypto/ecdsa" - "crypto/ed25519" - "crypto/elliptic" - "crypto/rsa" - "encoding/hex" - "reflect" - "strings" - "testing" -) - -// Generated using: -// openssl genrsa 1024 | openssl pkcs8 -topk8 -nocrypt -var pkcs8RSAPrivateKeyHex = `30820278020100300d06092a864886f70d0101010500048202623082025e02010002818100cfb1b5bf9685ffa97b4f99df4ff122b70e59ac9b992f3bc2b3dde17d53c1a34928719b02e8fd17839499bfbd515bd6ef99c7a1c47a239718fe36bfd824c0d96060084b5f67f0273443007a24dfaf5634f7772c9346e10eb294c2306671a5a5e719ae24b4de467291bc571014b0e02dec04534d66a9bb171d644b66b091780e8d020301000102818100b595778383c4afdbab95d2bfed12b3f93bb0a73a7ad952f44d7185fd9ec6c34de8f03a48770f2009c8580bcd275e9632714e9a5e3f32f29dc55474b2329ff0ebc08b3ffcb35bc96e6516b483df80a4a59cceb71918cbabf91564e64a39d7e35dce21cb3031824fdbc845dba6458852ec16af5dddf51a8397a8797ae0337b1439024100ea0eb1b914158c70db39031dd8904d6f18f408c85fbbc592d7d20dee7986969efbda081fdf8bc40e1b1336d6b638110c836bfdc3f314560d2e49cd4fbde1e20b024100e32a4e793b574c9c4a94c8803db5152141e72d03de64e54ef2c8ed104988ca780cd11397bc359630d01b97ebd87067c5451ba777cf045ca23f5912f1031308c702406dfcdbbd5a57c9f85abc4edf9e9e29153507b07ce0a7ef6f52e60dcfebe1b8341babd8b789a837485da6c8d55b29bbb142ace3c24a1f5b54b454d01b51e2ad03024100bd6a2b60dee01e1b3bfcef6a2f09ed027c273cdbbaf6ba55a80f6dcc64e4509ee560f84b4f3e076bd03b11e42fe71a3fdd2dffe7e0902c8584f8cad877cdc945024100aa512fa4ada69881f1d8bb8ad6614f192b83200aef5edf4811313d5ef30a86cbd0a90f7b025c71ea06ec6b34db6306c86b1040670fd8654ad7291d066d06d031` - -// Generated using: -// openssl ecparam -genkey -name secp224r1 | openssl pkcs8 -topk8 -nocrypt -var pkcs8P224PrivateKeyHex = `3078020100301006072a8648ce3d020106052b810400210461305f020101041cca3d72b3e88fed2684576dad9b80a9180363a5424986900e3abcab3fa13c033a0004f8f2a6372872a4e61263ed893afb919576a4cacfecd6c081a2cbc76873cf4ba8530703c6042b3a00e2205087e87d2435d2e339e25702fae1` - -// Generated using: -// openssl ecparam -genkey -name secp256r1 | openssl pkcs8 -topk8 -nocrypt -var pkcs8P256PrivateKeyHex = `308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b0201010420dad6b2f49ca774c36d8ae9517e935226f667c929498f0343d2424d0b9b591b43a14403420004b9c9b90095476afe7b860d8bd43568cab7bcb2eed7b8bf2fa0ce1762dd20b04193f859d2d782b1e4cbfd48492f1f533113a6804903f292258513837f07fda735` - -// Generated using: -// openssl ecparam -genkey -name secp384r1 | openssl pkcs8 -topk8 -nocrypt -var pkcs8P384PrivateKeyHex = `3081b6020100301006072a8648ce3d020106052b8104002204819e30819b02010104309bf832f6aaaeacb78ce47ffb15e6fd0fd48683ae79df6eca39bfb8e33829ac94aa29d08911568684c2264a08a4ceb679a164036200049070ad4ed993c7770d700e9f6dc2baa83f63dd165b5507f98e8ff29b5d2e78ccbe05c8ddc955dbf0f7497e8222cfa49314fe4e269459f8e880147f70d785e530f2939e4bf9f838325bb1a80ad4cf59272ae0e5efe9a9dc33d874492596304bd3` - -// Generated using: -// openssl ecparam -genkey -name secp521r1 | openssl pkcs8 -topk8 -nocrypt -// -// Note that OpenSSL will truncate the private key if it can (i.e. it emits it -// like an integer, even though it's an OCTET STRING field). Thus if you -// regenerate this you may, randomly, find that it's a byte shorter than -// expected and the Go test will fail to recreate it exactly. -var pkcs8P521PrivateKeyHex = `3081ee020100301006072a8648ce3d020106052b810400230481d63081d3020101044200cfe0b87113a205cf291bb9a8cd1a74ac6c7b2ebb8199aaa9a5010d8b8012276fa3c22ac913369fa61beec2a3b8b4516bc049bde4fb3b745ac11b56ab23ac52e361a1818903818600040138f75acdd03fbafa4f047a8e4b272ba9d555c667962b76f6f232911a5786a0964e5edea6bd21a6f8725720958de049c6e3e6661c1c91b227cebee916c0319ed6ca003db0a3206d372229baf9dd25d868bf81140a518114803ce40c1855074d68c4e9dab9e65efba7064c703b400f1767f217dac82715ac1f6d88c74baf47a7971de4ea` - -// From RFC 8410, Section 7. -var pkcs8Ed25519PrivateKeyHex = `302e020100300506032b657004220420d4ee72dbf913584ad5b6d8f1f769f8ad3afe7c28cbf1d4fbe097a88f44755842` - -func TestPKCS8(t *testing.T) { - tests := []struct { - name string - keyHex string - keyType reflect.Type - curve elliptic.Curve - }{ - { - name: "RSA private key", - keyHex: pkcs8RSAPrivateKeyHex, - keyType: reflect.TypeOf(&rsa.PrivateKey{}), - }, - { - name: "P-224 private key", - keyHex: pkcs8P224PrivateKeyHex, - keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), - curve: elliptic.P224(), - }, - { - name: "P-256 private key", - keyHex: pkcs8P256PrivateKeyHex, - keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), - curve: elliptic.P256(), - }, - { - name: "P-384 private key", - keyHex: pkcs8P384PrivateKeyHex, - keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), - curve: elliptic.P384(), - }, - { - name: "P-521 private key", - keyHex: pkcs8P521PrivateKeyHex, - keyType: reflect.TypeOf(&ecdsa.PrivateKey{}), - curve: elliptic.P521(), - }, - { - name: "Ed25519 private key", - keyHex: pkcs8Ed25519PrivateKeyHex, - keyType: reflect.TypeOf(ed25519.PrivateKey{}), - }, - } - - for _, test := range tests { - derBytes, err := hex.DecodeString(test.keyHex) - if err != nil { - t.Errorf("%s: failed to decode hex: %s", test.name, err) - continue - } - privKey, err := ParsePKCS8PrivateKey(derBytes) - if err != nil { - t.Errorf("%s: failed to decode PKCS#8: %s", test.name, err) - continue - } - if reflect.TypeOf(privKey) != test.keyType { - t.Errorf("%s: decoded PKCS#8 returned unexpected key type: %T", test.name, privKey) - continue - } - if ecKey, isEC := privKey.(*ecdsa.PrivateKey); isEC && ecKey.Curve != test.curve { - t.Errorf("%s: decoded PKCS#8 returned unexpected curve %#v", test.name, ecKey.Curve) - continue - } - reserialised, err := MarshalPKCS8PrivateKey(privKey) - if err != nil { - t.Errorf("%s: failed to marshal into PKCS#8: %s", test.name, err) - continue - } - if !bytes.Equal(derBytes, reserialised) { - t.Errorf("%s: marshaled PKCS#8 didn't match original: got %x, want %x", test.name, reserialised, derBytes) - continue - } - } -} - -const hexPKCS8TestPKCS1Key = "3082025c02010002818100b1a1e0945b9289c4d3f1329f8a982c4a2dcd59bfd372fb8085a9c517554607ebd2f7990eef216ac9f4605f71a03b04f42a5255b158cf8e0844191f5119348baa44c35056e20609bcf9510f30ead4b481c81d7865fb27b8e0090e112b717f3ee08cdfc4012da1f1f7cf2a1bc34c73a54a12b06372d09714742dd7895eadde4aa5020301000102818062b7fa1db93e993e40237de4d89b7591cc1ea1d04fed4904c643f17ae4334557b4295270d0491c161cb02a9af557978b32b20b59c267a721c4e6c956c2d147046e9ae5f2da36db0106d70021fa9343455f8f973a4b355a26fd19e6b39dee0405ea2b32deddf0f4817759ef705d02b34faab9ca93c6766e9f722290f119f34449024100d9c29a4a013a90e35fd1be14a3f747c589fac613a695282d61812a711906b8a0876c6181f0333ca1066596f57bff47e7cfcabf19c0fc69d9cd76df743038b3cb024100d0d3546fecf879b5551f2bd2c05e6385f2718a08a6face3d2aecc9d7e03645a480a46c81662c12ad6bd6901e3bd4f38029462de7290859567cdf371c79088d4f024100c254150657e460ea58573fcf01a82a4791e3d6223135c8bdfed69afe84fbe7857274f8eb5165180507455f9b4105c6b08b51fe8a481bb986a202245576b713530240045700003b7a867d0041df9547ae2e7f50248febd21c9040b12dae9c2feab0d3d4609668b208e4727a3541557f84d372ac68eaf74ce1018a4c9a0ef92682c8fd02405769731480bb3a4570abf422527c5f34bf732fa6c1e08cc322753c511ce055fac20fc770025663ad3165324314df907f1f1942f0448a7e9cdbf87ecd98b92156" -const hexPKCS8TestECKey = "3081a40201010430bdb9839c08ee793d1157886a7a758a3c8b2a17a4df48f17ace57c72c56b4723cf21dcda21d4e1ad57ff034f19fcfd98ea00706052b81040022a16403620004feea808b5ee2429cfcce13c32160e1c960990bd050bb0fdf7222f3decd0a55008e32a6aa3c9062051c4cba92a7a3b178b24567412d43cdd2f882fa5addddd726fe3e208d2c26d733a773a597abb749714df7256ead5105fa6e7b3650de236b50" - -var pkcs8MismatchKeyTests = []struct { - hexKey string - errorContains string -}{ - {hexKey: hexPKCS8TestECKey, errorContains: "use ParseECPrivateKey instead"}, - {hexKey: hexPKCS8TestPKCS1Key, errorContains: "use ParsePKCS1PrivateKey instead"}, -} - -func TestPKCS8MismatchKeyFormat(t *testing.T) { - for i, test := range pkcs8MismatchKeyTests { - derBytes, _ := hex.DecodeString(test.hexKey) - _, err := ParsePKCS8PrivateKey(derBytes) - if !strings.Contains(err.Error(), test.errorContains) { - t.Errorf("#%d: expected error containing %q, got %s", i, test.errorContains, err) - } - } -} diff --git a/tempfork/x509/pool_darwin_arm64.go b/tempfork/x509/pool_darwin_arm64.go deleted file mode 100644 index 656fe8d58..000000000 --- a/tempfork/x509/pool_darwin_arm64.go +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright 2020 Tailscale Inc. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "compress/gzip" - "io/ioutil" - "strings" - "sync" -) - -func certUncompressor(zcertBytes string) func() (*Certificate, error) { - var once sync.Once - var c *Certificate - var err error - return func() (*Certificate, error) { - once.Do(func() { - var certBytes []byte - var zr *gzip.Reader - zr, err = gzip.NewReader(strings.NewReader(zcertBytes)) - if err != nil { - return - } - certBytes, err = ioutil.ReadAll(zr) - if err != nil { - return - } - c, err = ParseCertificate(certBytes) - }) - return c, err - } -} diff --git a/tempfork/x509/root.go b/tempfork/x509/root.go deleted file mode 100644 index 240296247..000000000 --- a/tempfork/x509/root.go +++ /dev/null @@ -1,25 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import "sync" - -var ( - once sync.Once - systemRoots *CertPool - systemRootsErr error -) - -func systemRootsPool() *CertPool { - once.Do(initSystemRoots) - return systemRoots -} - -func initSystemRoots() { - systemRoots, systemRootsErr = loadSystemRoots() - if systemRootsErr != nil { - systemRoots = nil - } -} diff --git a/tempfork/x509/root_aix.go b/tempfork/x509/root_aix.go deleted file mode 100644 index 6d427739a..000000000 --- a/tempfork/x509/root_aix.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -// Possible certificate files; stop after finding one. -var certFiles = []string{ - "/var/ssl/certs/ca-bundle.crt", -} diff --git a/tempfork/x509/root_bsd.go b/tempfork/x509/root_bsd.go deleted file mode 100644 index 137193389..000000000 --- a/tempfork/x509/root_bsd.go +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build dragonfly freebsd netbsd openbsd - -package x509 - -// Possible certificate files; stop after finding one. -var certFiles = []string{ - "/usr/local/etc/ssl/cert.pem", // FreeBSD - "/etc/ssl/cert.pem", // OpenBSD - "/usr/local/share/certs/ca-root-nss.crt", // DragonFly - "/etc/openssl/certs/ca-certificates.crt", // NetBSD -} diff --git a/tempfork/x509/root_cgo_darwin.go b/tempfork/x509/root_cgo_darwin.go deleted file mode 100644 index d03d91357..000000000 --- a/tempfork/x509/root_cgo_darwin.go +++ /dev/null @@ -1,322 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build cgo,!arm64,!ios - -package x509 - -/* -#cgo CFLAGS: -mmacosx-version-min=10.11 -#cgo LDFLAGS: -framework CoreFoundation -framework Security - -#include -#include - -#include -#include - -static Boolean isSSLPolicy(SecPolicyRef policyRef) { - if (!policyRef) { - return false; - } - CFDictionaryRef properties = SecPolicyCopyProperties(policyRef); - if (properties == NULL) { - return false; - } - Boolean isSSL = false; - CFTypeRef value = NULL; - if (CFDictionaryGetValueIfPresent(properties, kSecPolicyOid, (const void **)&value)) { - isSSL = CFEqual(value, kSecPolicyAppleSSL); - } - CFRelease(properties); - return isSSL; -} - -// sslTrustSettingsResult obtains the final kSecTrustSettingsResult value -// for a certificate in the user or admin domain, combining usage constraints -// for the SSL SecTrustSettingsPolicy, ignoring SecTrustSettingsKeyUsage and -// kSecTrustSettingsAllowedError. -// https://developer.apple.com/documentation/security/1400261-sectrustsettingscopytrustsetting -static SInt32 sslTrustSettingsResult(SecCertificateRef cert) { - CFArrayRef trustSettings = NULL; - OSStatus err = SecTrustSettingsCopyTrustSettings(cert, kSecTrustSettingsDomainUser, &trustSettings); - - // According to Apple's SecTrustServer.c, "user trust settings overrule admin trust settings", - // but the rules of the override are unclear. Let's assume admin trust settings are applicable - // if and only if user trust settings fail to load or are NULL. - if (err != errSecSuccess || trustSettings == NULL) { - if (trustSettings != NULL) CFRelease(trustSettings); - err = SecTrustSettingsCopyTrustSettings(cert, kSecTrustSettingsDomainAdmin, &trustSettings); - } - - // > no trust settings [...] means "this certificate must be verified to a known trusted certificate” - // (Should this cause a fallback from user to admin domain? It's unclear.) - if (err != errSecSuccess || trustSettings == NULL) { - if (trustSettings != NULL) CFRelease(trustSettings); - return kSecTrustSettingsResultUnspecified; - } - - // > An empty trust settings array means "always trust this certificate” with an - // > overall trust setting for the certificate of kSecTrustSettingsResultTrustRoot. - if (CFArrayGetCount(trustSettings) == 0) { - CFRelease(trustSettings); - return kSecTrustSettingsResultTrustRoot; - } - - // kSecTrustSettingsResult is defined as CFSTR("kSecTrustSettingsResult"), - // but the Go linker's internal linking mode can't handle CFSTR relocations. - // Create our own dynamic string instead and release it below. - CFStringRef _kSecTrustSettingsResult = CFStringCreateWithCString( - NULL, "kSecTrustSettingsResult", kCFStringEncodingUTF8); - CFStringRef _kSecTrustSettingsPolicy = CFStringCreateWithCString( - NULL, "kSecTrustSettingsPolicy", kCFStringEncodingUTF8); - CFStringRef _kSecTrustSettingsPolicyString = CFStringCreateWithCString( - NULL, "kSecTrustSettingsPolicyString", kCFStringEncodingUTF8); - - CFIndex m; SInt32 result = 0; - for (m = 0; m < CFArrayGetCount(trustSettings); m++) { - CFDictionaryRef tSetting = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, m); - - // First, check if this trust setting is constrained to a non-SSL policy. - SecPolicyRef policyRef; - if (CFDictionaryGetValueIfPresent(tSetting, _kSecTrustSettingsPolicy, (const void**)&policyRef)) { - if (!isSSLPolicy(policyRef)) { - continue; - } - } - - if (CFDictionaryContainsKey(tSetting, _kSecTrustSettingsPolicyString)) { - // Restricted to a hostname, not a root. - continue; - } - - CFNumberRef cfNum; - if (CFDictionaryGetValueIfPresent(tSetting, _kSecTrustSettingsResult, (const void**)&cfNum)) { - CFNumberGetValue(cfNum, kCFNumberSInt32Type, &result); - } else { - // > If this key is not present, a default value of - // > kSecTrustSettingsResultTrustRoot is assumed. - result = kSecTrustSettingsResultTrustRoot; - } - - // If multiple dictionaries match, we are supposed to "OR" them, - // the semantics of which are not clear. Since TrustRoot and TrustAsRoot - // are mutually exclusive, Deny should probably override, and Invalid and - // Unspecified be overridden, approximate this by stopping at the first - // TrustRoot, TrustAsRoot or Deny. - if (result == kSecTrustSettingsResultTrustRoot) { - break; - } else if (result == kSecTrustSettingsResultTrustAsRoot) { - break; - } else if (result == kSecTrustSettingsResultDeny) { - break; - } - } - - // If trust settings are present, but none of them match the policy... - // the docs don't tell us what to do. - // - // "Trust settings for a given use apply if any of the dictionaries in the - // certificate’s trust settings array satisfies the specified use." suggests - // that it's as if there were no trust settings at all, so we should probably - // fallback to the admin trust settings. TODO. - if (result == 0) { - result = kSecTrustSettingsResultUnspecified; - } - - CFRelease(_kSecTrustSettingsPolicy); - CFRelease(_kSecTrustSettingsPolicyString); - CFRelease(_kSecTrustSettingsResult); - CFRelease(trustSettings); - - return result; -} - -// isRootCertificate reports whether Subject and Issuer match. -static Boolean isRootCertificate(SecCertificateRef cert, CFErrorRef *errRef) { - CFDataRef subjectName = SecCertificateCopyNormalizedSubjectContent(cert, errRef); - if (*errRef != NULL) { - return false; - } - CFDataRef issuerName = SecCertificateCopyNormalizedIssuerContent(cert, errRef); - if (*errRef != NULL) { - CFRelease(subjectName); - return false; - } - Boolean equal = CFEqual(subjectName, issuerName); - CFRelease(subjectName); - CFRelease(issuerName); - return equal; -} - -// CopyPEMRoots fetches the system's list of trusted X.509 root certificates -// for the kSecTrustSettingsPolicy SSL. -// -// On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root -// certificates of the system. On failure, the function returns -1. -// Additionally, it fills untrustedPemRoots with certs that must be removed from pemRoots. -// -// Note: The CFDataRef returned in pemRoots and untrustedPemRoots must -// be released (using CFRelease) after we've consumed its content. -static int CopyPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots, bool debugDarwinRoots) { - int i; - - if (debugDarwinRoots) { - fprintf(stderr, "crypto/x509: kSecTrustSettingsResultInvalid = %d\n", kSecTrustSettingsResultInvalid); - fprintf(stderr, "crypto/x509: kSecTrustSettingsResultTrustRoot = %d\n", kSecTrustSettingsResultTrustRoot); - fprintf(stderr, "crypto/x509: kSecTrustSettingsResultTrustAsRoot = %d\n", kSecTrustSettingsResultTrustAsRoot); - fprintf(stderr, "crypto/x509: kSecTrustSettingsResultDeny = %d\n", kSecTrustSettingsResultDeny); - fprintf(stderr, "crypto/x509: kSecTrustSettingsResultUnspecified = %d\n", kSecTrustSettingsResultUnspecified); - } - - // Get certificates from all domains, not just System, this lets - // the user add CAs to their "login" keychain, and Admins to add - // to the "System" keychain - SecTrustSettingsDomain domains[] = { kSecTrustSettingsDomainSystem, - kSecTrustSettingsDomainAdmin, kSecTrustSettingsDomainUser }; - - int numDomains = sizeof(domains)/sizeof(SecTrustSettingsDomain); - if (pemRoots == NULL || untrustedPemRoots == NULL) { - return -1; - } - - CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0); - CFMutableDataRef combinedUntrustedData = CFDataCreateMutable(kCFAllocatorDefault, 0); - for (i = 0; i < numDomains; i++) { - int j; - CFArrayRef certs = NULL; - OSStatus err = SecTrustSettingsCopyCertificates(domains[i], &certs); - if (err != noErr) { - continue; - } - - CFIndex numCerts = CFArrayGetCount(certs); - for (j = 0; j < numCerts; j++) { - SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, j); - if (cert == NULL) { - continue; - } - - SInt32 result; - if (domains[i] == kSecTrustSettingsDomainSystem) { - // Certs found in the system domain are always trusted. If the user - // configures "Never Trust" on such a cert, it will also be found in the - // admin or user domain, causing it to be added to untrustedPemRoots. The - // Go code will then clean this up. - result = kSecTrustSettingsResultTrustRoot; - } else { - result = sslTrustSettingsResult(cert); - if (debugDarwinRoots) { - CFErrorRef errRef = NULL; - CFStringRef summary = SecCertificateCopyShortDescription(NULL, cert, &errRef); - if (errRef != NULL) { - fprintf(stderr, "crypto/x509: SecCertificateCopyShortDescription failed\n"); - CFRelease(errRef); - continue; - } - - CFIndex length = CFStringGetLength(summary); - CFIndex maxSize = CFStringGetMaximumSizeForEncoding(length, kCFStringEncodingUTF8) + 1; - char *buffer = malloc(maxSize); - if (CFStringGetCString(summary, buffer, maxSize, kCFStringEncodingUTF8)) { - fprintf(stderr, "crypto/x509: %s returned %d\n", buffer, (int)result); - } - free(buffer); - CFRelease(summary); - } - } - - CFMutableDataRef appendTo; - // > Note the distinction between the results kSecTrustSettingsResultTrustRoot - // > and kSecTrustSettingsResultTrustAsRoot: The former can only be applied to - // > root (self-signed) certificates; the latter can only be applied to - // > non-root certificates. - if (result == kSecTrustSettingsResultTrustRoot) { - CFErrorRef errRef = NULL; - if (!isRootCertificate(cert, &errRef) || errRef != NULL) { - if (errRef != NULL) CFRelease(errRef); - continue; - } - - appendTo = combinedData; - } else if (result == kSecTrustSettingsResultTrustAsRoot) { - CFErrorRef errRef = NULL; - if (isRootCertificate(cert, &errRef) || errRef != NULL) { - if (errRef != NULL) CFRelease(errRef); - continue; - } - - appendTo = combinedData; - } else if (result == kSecTrustSettingsResultDeny) { - appendTo = combinedUntrustedData; - } else if (result == kSecTrustSettingsResultUnspecified) { - // Certificates with unspecified trust should probably be added to a pool of - // intermediates for chain building, or checked for transitive trust and - // added to the root pool (which is an imprecise approximation because it - // cuts chains short) but we don't support either at the moment. TODO. - continue; - } else { - continue; - } - - CFDataRef data = NULL; - err = SecItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data); - if (err != noErr) { - continue; - } - if (data != NULL) { - CFDataAppendBytes(appendTo, CFDataGetBytePtr(data), CFDataGetLength(data)); - CFRelease(data); - } - } - CFRelease(certs); - } - *pemRoots = combinedData; - *untrustedPemRoots = combinedUntrustedData; - return 0; -} -*/ -import "C" -import ( - "errors" - "unsafe" -) - -func loadSystemRoots() (*CertPool, error) { - var data, untrustedData C.CFDataRef - err := C.CopyPEMRoots(&data, &untrustedData, C.bool(debugDarwinRoots)) - if err == -1 { - return nil, errors.New("crypto/x509: failed to load darwin system roots with cgo") - } - defer C.CFRelease(C.CFTypeRef(data)) - defer C.CFRelease(C.CFTypeRef(untrustedData)) - - buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data))) - roots := NewCertPool() - roots.AppendCertsFromPEM(buf) - - if C.CFDataGetLength(untrustedData) == 0 { - return roots, nil - } - - buf = C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(untrustedData)), C.int(C.CFDataGetLength(untrustedData))) - untrustedRoots := NewCertPool() - untrustedRoots.AppendCertsFromPEM(buf) - - trustedRoots := NewCertPool() - for i := 0; i < roots.len(); i++ { - c, err := roots.cert(i) - if err != nil { - return nil, err - } - contains, err := untrustedRoots.contains(c) - if err != nil { - return nil, err - } - if !contains { - trustedRoots.AddCert(c) - } - } - return trustedRoots, nil -} diff --git a/tempfork/x509/root_darwin.go b/tempfork/x509/root_darwin.go deleted file mode 100644 index 2f6a8b8d6..000000000 --- a/tempfork/x509/root_darwin.go +++ /dev/null @@ -1,288 +0,0 @@ -// Copyright 2013 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:generate go run root_darwin_arm_gen.go -output root_darwin_armx.go - -package x509 - -import ( - "bufio" - "bytes" - "crypto/sha1" - "encoding/pem" - "fmt" - "io" - "io/ioutil" - "os" - "os/exec" - "path/filepath" - "strings" - "sync" -) - -var debugDarwinRoots = strings.Contains(os.Getenv("GODEBUG"), "x509roots=1") - -func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { - return nil, nil -} - -// This code is only used when compiling without cgo. -// It is here, instead of root_nocgo_darwin.go, so that tests can check it -// even if the tests are run with cgo enabled. -// The linker will not include these unused functions in binaries built with cgo enabled. - -// execSecurityRoots finds the macOS list of trusted root certificates -// using only command-line tools. This is our fallback path when cgo isn't available. -// -// The strategy is as follows: -// -// 1. Run "security trust-settings-export" and "security -// trust-settings-export -d" to discover the set of certs with some -// user-tweaked trust policy. We're too lazy to parse the XML -// (Issue 26830) to understand what the trust -// policy actually is. We just learn that there is _some_ policy. -// -// 2. Run "security find-certificate" to dump the list of system root -// CAs in PEM format. -// -// 3. For each dumped cert, conditionally verify it with "security -// verify-cert" if that cert was in the set discovered in Step 1. -// Without the Step 1 optimization, running "security verify-cert" -// 150-200 times takes 3.5 seconds. With the optimization, the -// whole process takes about 180 milliseconds with 1 untrusted root -// CA. (Compared to 110ms in the cgo path) -func execSecurityRoots() (*CertPool, error) { - hasPolicy, err := getCertsWithTrustPolicy() - if err != nil { - return nil, err - } - if debugDarwinRoots { - fmt.Fprintf(os.Stderr, "crypto/x509: %d certs have a trust policy\n", len(hasPolicy)) - } - - keychains := []string{"/Library/Keychains/System.keychain"} - - // Note that this results in trusting roots from $HOME/... (the environment - // variable), which might not be expected. - home, err := os.UserHomeDir() - if err != nil { - if debugDarwinRoots { - fmt.Fprintf(os.Stderr, "crypto/x509: can't get user home directory: %v\n", err) - } - } else { - keychains = append(keychains, - filepath.Join(home, "/Library/Keychains/login.keychain"), - - // Fresh installs of Sierra use a slightly different path for the login keychain - filepath.Join(home, "/Library/Keychains/login.keychain-db"), - ) - } - - type rootCandidate struct { - c *Certificate - system bool - } - - var ( - mu sync.Mutex - roots = NewCertPool() - numVerified int // number of execs of 'security verify-cert', for debug stats - wg sync.WaitGroup - verifyCh = make(chan rootCandidate) - ) - - // Using 4 goroutines to pipe into verify-cert seems to be - // about the best we can do. The verify-cert binary seems to - // just RPC to another server with coarse locking anyway, so - // running 16 at a time for instance doesn't help at all. Due - // to the "if hasPolicy" check below, though, we will rarely - // (or never) call verify-cert on stock macOS systems, though. - // The hope is that we only call verify-cert when the user has - // tweaked their trust policy. These 4 goroutines are only - // defensive in the pathological case of many trust edits. - for i := 0; i < 4; i++ { - wg.Add(1) - go func() { - defer wg.Done() - for cert := range verifyCh { - sha1CapHex := fmt.Sprintf("%X", sha1.Sum(cert.c.Raw)) - - var valid bool - verifyChecks := 0 - if hasPolicy[sha1CapHex] { - verifyChecks++ - valid = verifyCertWithSystem(cert.c) - } else { - // Certificates not in SystemRootCertificates without user - // or admin trust settings are not trusted. - valid = cert.system - } - - mu.Lock() - numVerified += verifyChecks - if valid { - roots.AddCert(cert.c) - } - mu.Unlock() - } - }() - } - err = forEachCertInKeychains(keychains, func(cert *Certificate) { - verifyCh <- rootCandidate{c: cert, system: false} - }) - if err != nil { - close(verifyCh) - return nil, err - } - err = forEachCertInKeychains([]string{ - "/System/Library/Keychains/SystemRootCertificates.keychain", - }, func(cert *Certificate) { - verifyCh <- rootCandidate{c: cert, system: true} - }) - if err != nil { - close(verifyCh) - return nil, err - } - close(verifyCh) - wg.Wait() - - if debugDarwinRoots { - fmt.Fprintf(os.Stderr, "crypto/x509: ran security verify-cert %d times\n", numVerified) - } - - return roots, nil -} - -func forEachCertInKeychains(paths []string, f func(*Certificate)) error { - args := append([]string{"find-certificate", "-a", "-p"}, paths...) - cmd := exec.Command("/usr/bin/security", args...) - data, err := cmd.Output() - if err != nil { - return err - } - for len(data) > 0 { - var block *pem.Block - block, data = pem.Decode(data) - if block == nil { - break - } - if block.Type != "CERTIFICATE" || len(block.Headers) != 0 { - continue - } - cert, err := ParseCertificate(block.Bytes) - if err != nil { - continue - } - f(cert) - } - return nil -} - -func verifyCertWithSystem(cert *Certificate) bool { - data := pem.EncodeToMemory(&pem.Block{ - Type: "CERTIFICATE", Bytes: cert.Raw, - }) - - f, err := ioutil.TempFile("", "cert") - if err != nil { - fmt.Fprintf(os.Stderr, "can't create temporary file for cert: %v", err) - return false - } - defer os.Remove(f.Name()) - if _, err := f.Write(data); err != nil { - fmt.Fprintf(os.Stderr, "can't write temporary file for cert: %v", err) - return false - } - if err := f.Close(); err != nil { - fmt.Fprintf(os.Stderr, "can't write temporary file for cert: %v", err) - return false - } - cmd := exec.Command("/usr/bin/security", "verify-cert", "-p", "ssl", "-c", f.Name(), "-l", "-L") - var stderr bytes.Buffer - if debugDarwinRoots { - cmd.Stderr = &stderr - } - if err := cmd.Run(); err != nil { - if debugDarwinRoots { - fmt.Fprintf(os.Stderr, "crypto/x509: verify-cert rejected %s: %q\n", cert.Subject, bytes.TrimSpace(stderr.Bytes())) - } - return false - } - if debugDarwinRoots { - fmt.Fprintf(os.Stderr, "crypto/x509: verify-cert approved %s\n", cert.Subject) - } - return true -} - -// getCertsWithTrustPolicy returns the set of certs that have a -// possibly-altered trust policy. The keys of the map are capitalized -// sha1 hex of the raw cert. -// They are the certs that should be checked against `security -// verify-cert` to see whether the user altered the default trust -// settings. This code is only used for cgo-disabled builds. -func getCertsWithTrustPolicy() (map[string]bool, error) { - set := map[string]bool{} - td, err := ioutil.TempDir("", "x509trustpolicy") - if err != nil { - return nil, err - } - defer os.RemoveAll(td) - run := func(file string, args ...string) error { - file = filepath.Join(td, file) - args = append(args, file) - cmd := exec.Command("/usr/bin/security", args...) - var stderr bytes.Buffer - cmd.Stderr = &stderr - if err := cmd.Run(); err != nil { - // If there are no trust settings, the - // `security trust-settings-export` command - // fails with: - // exit status 1, SecTrustSettingsCreateExternalRepresentation: No Trust Settings were found. - // Rather than match on English substrings that are probably - // localized on macOS, just interpret any failure to mean that - // there are no trust settings. - if debugDarwinRoots { - fmt.Fprintf(os.Stderr, "crypto/x509: exec %q: %v, %s\n", cmd.Args, err, stderr.Bytes()) - } - return nil - } - - f, err := os.Open(file) - if err != nil { - return err - } - defer f.Close() - - // Gather all the runs of 40 capitalized hex characters. - br := bufio.NewReader(f) - var hexBuf bytes.Buffer - for { - b, err := br.ReadByte() - isHex := ('A' <= b && b <= 'F') || ('0' <= b && b <= '9') - if isHex { - hexBuf.WriteByte(b) - } else { - if hexBuf.Len() == 40 { - set[hexBuf.String()] = true - } - hexBuf.Reset() - } - if err == io.EOF { - break - } - if err != nil { - return err - } - } - - return nil - } - if err := run("user", "trust-settings-export"); err != nil { - return nil, fmt.Errorf("dump-trust-settings (user): %v", err) - } - if err := run("admin", "trust-settings-export", "-d"); err != nil { - return nil, fmt.Errorf("dump-trust-settings (admin): %v", err) - } - return set, nil -} diff --git a/tempfork/x509/root_darwin_arm64.go b/tempfork/x509/root_darwin_arm64.go deleted file mode 100644 index 5d9d4fc36..000000000 --- a/tempfork/x509/root_darwin_arm64.go +++ /dev/null @@ -1,176 +0,0 @@ -// Code generated by root_darwin_arm_gen --output root_darwin_arm64.go; DO NOT EDIT. - -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -func loadSystemRoots() (*CertPool, error) { - p := NewCertPool() - p.addCertFuncNotDup("0{1\v0\t\x06\x03U\x04\x06\x13\x02GB1\x1b0\x19\x06\x03U\x04\b\f\x12Greater Manchester1\x100\x0e\x06\x03U\x04\a\f\aSalford1\x1a0\x18\x06\x03U\x04\n\f\x11Comodo CA Limited1!0\x1f\x06\x03U\x04\x03\f\x18AAA Certificate Services", "\xa0\x11\n#>\x96\xf1\a\xec\xe2\xaf)\uf0a5\u007f\xd00\xa4\xb4", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb12hb\x96Z\xc0\xcc\xc4\xc8\xc4\xc4\xc8h\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xa0ڐۀ\x93\x8d9\x94\x85M\x98\xc9\xdd\xc9P\xda@\x12\xc4\xe1\xe0\x11r/JM,I-R\xf0M\xccK\xceH-.I-2\x140\xe0\x03I\xb2\xf3\xb0\a'\xe6\xa4\xe5\x17\xa5\x18J\x19H\x80D\xb8x\x04\x9d\xf3s\xf3S\xf2\x15\x9c\x1d\x15|2s3KRS\f\x15\r\xe4Ar\xcc<\x12\x8e\x8e\x8e\nΩE%\x99i\x99ɉ%\xa9\n\xc1\xa9Ee\x99ɩ\xc5\x06r\xe2\xbc\x06&\x06\x86\x06\x86\x06`\x10%\xcekdahdlhdljij\x195\xb0\x8ekbTB\x0e,FV\x06\xe6&F~\x06\x83&F.\xa6&FF\x86}\x0es\xbf\xe4=|U\xd6.\xe3\xeb\xeaҷ\xcf\xedD3\xdb܃Z\xff$\xe4\xfb\x9e0\xfd\xfa\xbc:6\xa0K̐{\x16ۅ\xa3\x05Jg=uC\x92\xcfl\xcb\xcbp\xe3\x0e~u\xdaG\xe5\xc0\x9e\"\xbfW\x1fE\xd7}\t\x99%\xc4u\xb8j\x93q£[\x9d\xa1\x9f\x95\">\u07fbs\xfe}sۢ\x9e)\xfe\xf33>͘\xe0֢~\xbcl\xff\xe33\xa6:\xddq\xec)\xa9M\a<6\xac\x98\xf83q~\x99B\xc0\x8a\x89\xc7Ӷ\xbe\xaeHb\x0e\xfb\xd0%%\xfc\xcap\xb1܂\x99\u007f-\xbe}S7\x8a\xc8g\xff\x9a\xbd㷈\xf6\xfa\xed\xab\xce\\K\x8e/\xee\xb9\xc5:s\x85Ŋ\xd3\xe2\x15f\x81k^\xce\xfbRa\xd5{\x9e\xff\xa6ӣ\x19<\xab\xf5\xe7\xf31\xde{?\u007f\xa6\xe7G\xdd\xfbkJ|\xa5glu?\xfaT\xf3\xe2\xcf\t\x12Ǔ\xe6\xeck>\xaeVmץz\xfc\xc0ݹ\xcfL3\x04\x14\xe6\xf6߸w\xe9p\xcb\x1c\u07b8\x17\xfa'\x99\x98\x19\x19\x18\x177\x1e0h\xdck \xcb\xc6\x1c*\xcb\xc7\"\xc6\"\xb2@\x90K\xd9n\xdaG\xf67\x8f\xd6k\xbeoZZ\u007f\xc1`\xc9\x16p\xcc\xc8\xf232\xfegaafbd3\xe0\a\xf1\x85A|V\x03fF\xc6\xff\x06\xd5 \x01y\x96\x12\x83\"\x03\x8b\x05f\vLڌ2JJ\n\xac\xf4\xf5\x93\x8br\xf4\x92\xc1\xb1\x97\x9c\bb\xe8;::\"\xc5\x16,\xb2\xf4\x92\x8br\f\xcc\x16\x98,0j3\xc0Щ\x97\x97Z\x82O\x1fj\x8e`\x06\xc5-G\xd8\x1f\xa6\x0f\xb3_\xfc_\xf2\xebZ\xf51\x97\x86s\xfeG\x8e~c\x888\xb3l\xdb\x1e\x11\xcf\f\x96\xb2\x17\xcf\xdeža\xe2O\xb8\xd6\x1b \xe1\xaf\xe6\xc7\xf8\xf8ن\xa5\xef\xf6\xef)\tq\xdc\xff\xf7\x8fЎ\xe3\xfeQ_:\x13X\xeb\x13\xb6\xb3z}\xfe\xf6\xf1\xd0\xfe#;Kڶ\xe9\xd6f\x9f\xb9\xf4\xd9\xed\xae\xfe\xb1\aY\x87\x0f\x9b0\xeb\xd4N\xbb\x1bu\x88o9\xd7̃\xacݫy\xf4?\xc7X\x9d\xcf1\x0f\xe5l\xbf\x17\xec\x90\x13\xf1\xfe϶թy,ߤ\xef\xd8<\x88\x12=6\xef\xe6\xc7H\x0f\x03\xc5T\xe6\x9c7/\x15\x8b\xdf\xccf^\xf8\xc0|\xed\x02Q\x89\xfe_\xbb\x98\xce-\xd7Y) \xacs\xe5)\x87\xdaj\xa5\xe9\t?&ĕ\\Y4+x崙\x19\x0f\x16\xe5\x1d\xba\x9e\xb3q1\xff\xbc\xfd\xaf3\x9e\x87}Z\xf7鱶\x85\x15g\xe3\xd6\xec\xd6\xeb\xfbt\xdf\xdaKmߔ\xfc\xe8k\x92Nӕ,\x06ǀ\x8f\x96\xcd\xf3\xa7\xbe4\x9b6#\x0f\x10\x00\x00\xff\xff\xd0G\xb5\x916\x04\x00\x00")) - p.addCertFuncNotDup("0k1\v0\t\x06\x03U\x04\x06\x13\x02IT1\x0e0\f\x06\x03U\x04\a\f\x05Milan1#0!\x06\x03U\x04\n\f\x1aActalis S.p.A./033585209671'0%\x06\x03U\x04\x03\f\x1eActalis Authentication Root CA", "R؈:ȟxf\xed\x89\xf3{8p\x94\xc9\x02\x026\xd0", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xddm\xd0ļx\x013\x13#\x13\x13G8\x97\xe0t\xa7#\x8f\xcf\x18\xf0\xb2qj\xb5y\xb4}\xe7ed\xe4fe0\xc86\xe46\xe0dc\x0eea\x13f\xf2\f1\xe43\xe0\x01q\xd8yX}3s\x12\xf3\f\x95\r\x14A|.\x1e)\xc7\xe4\x92Ĝ\xccb\x85`\xbd\x02=G=}\x03ccS\vS#\x03K3sCu\x03U\x90\"f\x1e9\x98\"\xc7Ғ\x8cԼ\x92\xcc\xe4Ē\xcc\xfc<\x85\xa0\xfc\xfc\x12\x05gG\x039q^CC\x03K##CC##\x03\xa3(q^c\x03$.}\x1d\xd3Ĥ\x84\x1c\x18\x8c\xac\f\xccML\xfc\f\x06ML\\LML\x8c\fˏ\x1dY\xaa\xb9D\xe7\xfdS\x89\xa3\x1b\x02\x16\xe7\aZ\xcf\xe7\x8a:y\xc8Â\xeb\x90\xcc\x02\x89\xfa\x89[\xdbw:\xd8ߕ͐\xe7h\xbe\xaa+ױ\xe0G\u007fX\u007f\xeeL\xa6I\x13Į\xc6s\xe4t^\u007f\xb8f\x8f¡\x8d\x0f\x9a\x03\xbb2}\x19\xa6E\xe5\xeb\x1fp\xa9[\xcc\xf7d\xe2وww~\x1f\x97su\xbf\xab\xbe\x93\x83q\xfe2Eٯ\x8e\xba\xfa>\u007f5\xd6>\xe8Z\xab\xb4%,\xb5\xaf-\xa4\u007f\xb2\xb3\xe6=K\xb7\x8a\xc5\x06ʻ\xce~\xa8\x15\x0e?\x10{\xa99\xdb\xc3\xe7\xc8\xea\xf9\rQ\xd1V{O.W\xb2oP7\x8e\xe6\xdb\xde\xc5\x13\xcbn\xceq:\xe7R\x95\xbb\x92\x8b\xe9\xd13g\xf4\xfa\xeej\xbd\xdd^\x9b\xc6\x1b\x9f\x18\xa8\x14*\xfd\xd8\xed\xf1c\xdb\v\xa6I\xb3n\xaf\x179\x11\xbd\xf0L\xa7\xf4C\x03\xb5?\vf\xcb7.w\x97gy\xbd\xd8r\x12\xdb\xfc\x99\x97\xf7_~\xe5\x1f0G\xf2ߴv9\x9b\xd4o\x8b%T\x9a\xdb\x04\x9e\x87ح\xb0*S\xf1oT<\xfa\x98\x9f\xe9\xc7\xe4)\xee\n\xbb\xff]Ờ\xb1\xf3\ue46a\x96\xa6\xc7\xc1!\x95woϹ\xf4\x89}\xb6\u07b6=vo[s߫\n~\x9a.\xe5\x94\xf8\xddk\xfa\x8b\xee\x8d\x02\xec\xbfR\x1b7-\xb2<\xff\xdd\xe6\xbf\xc4\xefc\x1f\xa3\xba#\x1f1\xad\xa9\x9et\xc1O\xc4?\xd2\xf5\x1bO\x9cF\xfc\x86\x17\xf6\xae\xe7ϯ\x9f\x9d\xff\xbb\xe5ry\xd4\xd4\xfc5SZ\xe6\xbd\xdbs\xc0\xab\xdfk\xf2\x0f\x17\xc5G\x86\xae\x89\x01~\x027\x1e\x9b\xd6\xf8Hn\xb9Ǻ\u007f1\xdb\xfc\x13[\xcf>\x91\xbf.\xce\xc6[5\xb5$\x947CꏀtR\xca\xdc\xdc\aS\x17\x1c\x9e\xc2\x1e\xce+\xf2l/\xeb\xef\x1d\xf3\x9f\xdd\xef~t\xecyݴo\xc1G\x1bL\x024\">\b\x05\x14\x8a\x1b\xeczV\x91\xbc\xe7˦\xb5\xb3\xb57\xfd{h\xd9\x13\xb7\x8b[aʽ\xea\xe6\x1d\xff\x1f\x87\xf5n\x17|i\xdd\xf3i\xe3\xc1عK\xb8}\xb4on\x92\xf8\xbau\xbe7\x133#\x03\xe3\xe2d\x83D\x03Y6\xe6PY>\x161\x16\x91\xa0\x1b\x1dV'\xe6W\xa4\xbd\xed\xfc\\mQ0\xe5$\x13\x93\xd9\x05\x03~\x90\xb40#\xe3\u007f\x16V\x03fF\xc6\xff\x06\xf2 \x01e\x16\t\x03\xb1\x06\xec:\xf8@\n\xf8A:X\x98\x99\x18\xd9\xd0\xf2$3(\xf5qW\x17\xb5\x1fHX\xe6\xe9\xd3\x11\xf1L\xb6\xe3\xbbH\x8aDz\x1b\x11\\|\xfe¦\xf7Me\xaf\xbce3<\xd1h\x97u\xf5\xae\xb5\x94ѻ\t\xb6\x82\x97\xf4\xbe\xf4\x1dN\xd6SNې\xbe/\u007f\xdb\x01a˄U\x8bLT'\x97\x06\xdd[>w-_{gPa\x96\x98\x8d\xa4l\xf3\x8fY\x9a\xa9\xfb\xbe\xd8Ϻ\xf9\xe1sT\xbbba\x83\xef\xe9\a\x16\xb3\xedw\xffz`\xe0{\xbe\xedr\xaa\x80\xa4\xc4\xc5\xe9L\x1b\xb5\x8b\x9c2\xd6,\xd8\xeb\x17uKb\u007f\xf6\x8c\xc6\v\u007fg\xed\x8b\x13\xf58+(\xba\xf3\x80f̖\x17\x1d\xdf\xed\xcc\xd6mO\xfa+\x97t\xaf\xa0B@\xc6#\xfa֞%\x16\xbb\xd2߆\xdaŅ߿\xc2\xec\xe0Ӹ\xe4\x92\u007f\xf2rN'N\x91?\f+\x0f5\x14\xfb\xeb\x1dp\xb8)X\xed\xf1\xaa\x8a\xe9\xc0\xe5\xd7\x1a\x8cj\x11%\a\x0f\x14+\xe5N\x9e\xfaײv\xb7\xd6\xe3oM\x8fu\xa6\xc7\xfb\xc9O\x9c\xf2\xeb\x9f\xce\xe2\x1beR;|7Y\xf8\xcf\xfe%\xeb\x91P\xa9\xf6\xe8\xf3ߕ\x17f\xbd(\xe8\xf7\xac\xba\xf6t/\x17\xdfm\xddϽ\xfb_?^R{\xfa\xf8\xd4\xc2\x17\xb7\x16\xd7\x1c=\xf4\xa3d\x12\x8btۚ%J\xc1\x0e\xdb\xd6\xfc\xf3);\xff{\x8a\xd1\x01\xd3\xf9e\xf6yO'\xe4-X\xa6\xb6h\x87ξ\x8bڭ\u007f\x97g\x9c\xd8Ũ\xbd1\xa7DvG\xf1\xd4\xe7\xef\xb6\x1fW\xfd\xc0\xe0ð\xa9n\x1bw\xb7\xcc\xe7\x03\x01\xf3Tw>\xe0\xb8g\x96\xf6\xdf|\xe9\xc5\xdd!):'շzO\xaaK\xfd\u007fY\xf7\xe1N\xbf=\xf5K\x1c\x15'8\x96/\xb3\x94\u007f5\xef\xf1\xfc\vi\xf9\xacoV\x95\xd5\xed\xcf\x16[\xf0z\xeb\xf1?\x93B\xf4\xb5\x05\xd5U\xcd+|\x02\xb36|>\x13\x11+\xf21\xcbC\xf4\xff!\xf6m\x1b{\xf9\xfbb\x02\xdc6\xdb\xeeg\x9c\xe1\xbf)2\xc4\xddΤ\xba\"7l\xb2^\xf1\xab4\x8d\x8a\xb3\xb2\"\xfb\x17\xf4\xeb\xeb\xed\xd0\xeb\xfb$\xd2u\xe6\xe5֚\xdf9sy\x96>\x9c\x06\b\x00\x00\xff\xff\x80\x11\x06п\x05\x00\x00")) - p.addCertFuncNotDup("0e1\v0\t\x06\x03U\x04\x06\x13\x02SE1\x140\x12\x06\x03U\x04\n\x13\vAddTrust AB1\x1d0\x1b\x06\x03U\x04\v\x13\x14AddTrust TTP Network1!0\x1f\x06\x03U\x04\x03\x13\x18AddTrust Class 1 CA Root", "\x95\xb1\xb4\U00014dbd\xc7\xda\xd1\x11\t!\xbe\xc1\xafI\xfd\x10{", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x910hbfX\xc0\xcc\xc4\xc8\xc4\xc4\xc8h\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1 Րۀ\x93\x8d9\x94\x85M\x98)\xd8\xd5P\xc4@\b\xc4\xe1\x12\xe6vLI\t)*-.Qpt2\x945\x90\x06\x89r\v\x8b\xc0ECB\x02\x14\xfcRK\xca\xf3\x8b\xb2\r\x15\r\xe4A\xd2\xcc\xc2\x12pi\xe7\x9c\xc4\xe2b\x05C\x05gG\x85\xa0\xfc\xfc\x12\x039q^\x03\x03\x03Sc\x03C\x03c\vc\xc3(q^#d.\xbd\x9c\xd1Ĩ\x84\x1c\x00\x8c\xac\f\xccM\x8c\xfc\f\x06M\x8c\\LM\x8c\x8c\fӦ]Q\xf4Lx\x94\xfd\u0091\x9d\xe7ޑ\aw\x84\x95\xcf\x1e4=\xfe\xfb\x9a\x9f Wz\xdcW\xb6\xe8\xec\xa5\x1c\xd6њbV\xcf\xdb7\x99\xb0\x1d\xddú\x94\xb9\xa6鴦\xc0\xba\x87\x1d\x8d{\xafͻ\xfcO7\xec\xa0\xe8\xb9\xc7jsE\xf5\x04~\xb3\xf5\x1b\xb0\xdc[\xbe%y\xcb\xff\x8ds\xd6٬/\xdf\x16vt\xeb\xeaE/3\xadl\xf9\x8c+\x8d\xec\v\x9a&\xcdL\xcc\xed5\xe0\xe8/\xb4_\xe6\x11.\xf9C\xf5\x8ewZ\xccҒ\xfe\x19\xebN\xfc<\xc0\xa6\xf4|M\xf1\xfd\xa5z\xbf\x83\xeel\x14MU\xf8e\x9a\x96y\xef\xbe\xceǼ=\x06\xb7uT\x84n\xbf65͘p\x9aa\xc3tE\xdb\x12E\xe5T\x13\xed\xdd\x15\x91\x8b\xaf=,\xb3\x9c\xb5ij\xaf\xa7d}ޒY\x8boξd\x113{\x91ęR\xe5\x96}\xaf\x1f\xf9\x1a\x17\xf6I}8\xf4\xe3\xb8좵\xcc\xd3u~\x9cW=\xf6m\x87\x8a\xe1\xc6\xe4\xd8I\xf5\xc9\x1fTO\x06\xeb\xc9\xef\xf7ebfd`\\\xdcxɠ\xf1\xbc\x81,\x1bs\xa8,\x1f\x8b\x18\x8b\xc8ԍ[>Lٶ\xf7\xf8\xad\x8b\x82\x9c\x8a\xfb\x0e\xae\xf7\xfc+Pm\xc0\r\x92\xe6gaafbd3\xe0\aq\x84\x19\x19\xff\xb3\xb0\x1a032\xfe7h\xec\a\x89(\xb34\xb6\x1b4\xb64`5aa\xe6\x92t:\xc5{\x13F\xbag\x06ŶNn\x8a\xb4\xfcY\u07bb;\x19\u007fMK61\xf2p\x9f\xb9n\xfaۿEbˊݣ\xbe\xbc\xbe\xfb\xf2\xeb\xb5߮g4;]b\xf7\xbbYھx\xb7\xc77\xa4MN6籸\xba\xf3\xc3\xce0\xed\x95\xf9E~\x9eƏ\x8bj\xb4\x94g\xed\xb1\xfb\xaf\xa1\xf5v\xf1\u007f\x19\xe5]\xce\xe1\x9c\xe9\xbe\xdeIl\xba?\xfe\xe7\xccM\x90\xbb!\xe3]\xbb\xd5P\xff慚\xd8\x1f\xf7\xb2\x9b%*\xcc\xc3\xf5_\x18\xb3\xa7ߗ;\x9e\xad5\xb5l]\u007f\xf8\xe2\x0f_\x82\xb6\xac\f\xe68\xff\xc0\xffrUp\xf7\xdf\xdd2af\x9f\xfem\xda\xf6\xb4l\xf7U\xa5\xd4\xe5\xf6\xff.\xa6\xad\xe5ޓ=\xb3\xed\xbd}\xedg\t\xa3S\xd5\xc7\x1e\xafNq\x9b\xfaC-\xf3fhs\xb5\xce4\xf6\xff\x91:.\x8b\x8f=}\xb9\xf2\xce\xc2\xe4\x86(\xc58\xc5\xf3\xc1!\x1fv\xe5w\xde^\xb1j\xea\xf9\xeeDžg\xe4\xa4\x15\\8\x0eTms\xf8{\xe4\x89\xe9CY1\x99\v{\xb4\xfb\xae\x15\xde\x04\x04\x00\x00\xff\xff;\x93\x99\xb0\x1c\x04\x00\x00")) - p.addCertFuncNotDup("0o1\v0\t\x06\x03U\x04\x06\x13\x02SE1\x140\x12\x06\x03U\x04\n\x13\vAddTrust AB1&0$\x06\x03U\x04\v\x13\x1dAddTrust External TTP Network1\"0 \x06\x03U\x04\x03\x13\x19AddTrust External CA Root", "\xad\xbd\x98z4\xb4&\xf7\xfa\xc4&T\xef\x03\xbd\xe0$\xcbT\x1a", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb13hb\x96[\xc0\xcc\xc4\xc8\xc4\xc4\xc8h\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1 ߐۀ\x93\x8d9\x94\x85M\x98)\xd8\xd5P\xc4@\b\xc4\xe1\x12\xe6vLI\t)*-.Qpt2T3P\x01\x89r\v\xcb\xc2E]+JR\x8b\xf2\x12s\x14BB\x02\x14\xfcRK\xca\xf3\x8b\xb2\r\x95\f\x14@ꘅ%1\xd59;*\x04\xe5\xe7\x97\x18ȉ\xf3\x1a\x18\x18\x98\x1a\x1b\x18\x1a\x98X\x18[D\x89\xf3\x1a!s\xe9\xef\xa0&F%\xe4@ade`nb\xe4g0hb\xe4bjbdd\xd8\xfe]\xca\xf8\xd9'\x06\x16]\xcb\a~\xd1o\xe5\xf7\xe4\xf0\x9f\xdd\xfaKy۹{\xb3\x05\x8d\xa7/\xd1\xf4\xa9\x9d<\u007f\xafמ\xc9o\x99\xa5\x1e\xf7\x9f\u007f\x9a\x1b\x10um\xba攨\x86\r\x9eU\xb7\xf5\xa6\xfe\xddqj\xbf\xb9\x85\xae\x9c\xddDǵ\x05a\xc7?\xf8ۿ0\x9aWr\xeaĄ\x90\x97\xc7\xe2\xf9+\xe6\xcer\xb0\xe1[\x93\xb8*N\xa4\u007f^\xfb¬\x80;\xd7g\xf9\xadgݼ\xacpʜ\xc2\xcd\x01\t\\Dž\xe7Z\xb0\xb71\xadx\xb9\"SMb\xc2j\x9f\r\xfeʫ\xad\xfc[n\xdc?7\xffaf\xfe\xee\xebN׳]\x9e\x1c_\xfb.\xd71\xbe(\xaa\x90\xc3|se\xea\x92\xc8\x05S̿3\xe8\xf3\x1e\x9aTt\xeb\x82E\xd1m\x91\x15\xaeGb\xb5j\xb7o\xb9v\xe4ݚ\xb3\xc2.\xdbOj\xdfufP\xfd\x95\xb833+BYp\xfbr\xe3\xfe\xb0\xd2ȯg5\xaf\xbbm\xe7\xd2N\xddv\xd9)_tӎ\xea\xdf\xef_\xc6\x06_5\x89Rgbfd`\\\xdcxǠ\xf1\xa6\x81,\x1bs\xa8,\x1f\x8b\x18\x8b\xc8ڽ3\xaaL\xb6\xa8}\xffuD-\xe4=\xf3\xde\a*\xa7C\xa4\f\xb8A\xd2\xfc,,\xccL\x8cl\x06\xfc \x8e0#\xe3\u007f\x16V\x03fF\xc6\xff\x06\x8d3A\"\xca,\x8d\x13\r\x1a\xfb\x1a\xb0\x9a\xb0\xb0xI!\xddS@\x13F\xae`\x06\xc5\xfb\x86\xd9\x0fZU\x0f]S~\xc4?\x8dm\xd2\\\xc7\x19sn\xb6T6ޔ\x8b\x16aW6K\xed\xdfp\xa3|\xf7\x1a\xc7\x1c\xf7\x84\xe6\xc0\r?\x8dl\x9f\xff\xf9\xa6&|\xbcAl\xe9\xfe\xa8?\xed\xe7+*;\x15g=\xf2a\xe7j3\xdd\xf3\xe9^\xe0\x91KӶߩ\xf3{W\xf0W\xc6\xf25\x0fS\xa0\x88n\xdf^\xb1\a\aﻕ>WY\xfb\xe6\x8bӖ\xd6\xc9\x05\x02\xe9\xbb沙zI\\֮:\x13贰*\xf9\xe2\xb3\xdd\v\x8fj\x1f2\xdb'\xcc\xfblor]e\xf5rN^\x87\xd5Yw\xfb\xbb\x0e\u007f\xfb\xd6#\xe5\xc4\x1ax\xc5\xf5\xeb\xfc\xe5I\x8a\x19\xa2\n\xce63\x9f\xd7\xecU\xb9\xb1r\xa2xq\x87}\x98\xb4\xa1\x85ĖB\xfeYgO\xf0\xcd\xebӓ~\xd83\xa3\xf9\xb4\xbc\xe1G\x17\x9fc,Şe\t\xfc\xc7\u007f\xec\x15o\xc8\xd6{yƇ/jV%\xbf\x02\x97\xde\xd5y\xc9jr\xa1\x93\xa6\xdch\x12\x8f\xaa\xbe\xb0\xe7x\xbf_\x1b\v \x00\x00\xff\xff\x00l&E:\x04\x00\x00")) - p.addCertFuncNotDup("0l1\v0\t\x06\x03U\x04\x06\x13\x02ch1\x0e0\f\x06\x03U\x04\n\x13\x05admin1\x110\x0f\x06\x03U\x04\v\x13\bServices1\"0 \x06\x03U\x04\v\x13\x19Certification Authorities1\x160\x14\x06\x03U\x04\x03\x13\rAdmin-Root-CA", "\x82\x9f\xfa#s \U000572f2LM\xbeB\xc5\u007ff\xcdd\xe8", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\r5hb\xb1]\xc0\xcc\xc4\xc8\xc4\xc4b\xfd\xb9\xf1\x82\x01/\x1b\xa7V\x9bG\xdbw^FFVV\x06\x83\x1cCn\x03N6\xe6P\x166a\xa6\xe4\fC>\x03\x1e\x10\x87K\x9851%73\xcfPЀ\x1f\xc4\xe7\x16\xe6\bN-*\xcbLN-6T2P\x80\bI:\xa7\x16\x95d\xa6e&'\x96d\xe6\xe7)8\x96\x96d\xe4\x17e\x96d\xa6\x16\x1b\x8a\x19\x88\x80\xd40\v\xf3:\x82\x8c\xd1\r\xca\xcf/\xd1uv4\x90\x13\xe75044445\xb00540\x8f\x12\xe75\x02q\r\f\xcc\xc1\\:\xbb\xa6\x89Q\t98\x18Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x19N?X\xef\"\xa2\xf4/K\xdc\xf3S\xec\xdc\xf31LI\xdc\r;\xa3\xf6\xaf\b5\xae^,\xa4\x12\xe7\x93o\xed\xd8\xe9\xd7l;\u007f\xf3T5\x93eg\x84\xbe\x9c\x99\xdb\x1eg\xcb\xc3+\xaeߪf\xa7\xa5\x16Y\xbcp\xc5\x1e\xeb\xd7O\xddv|\x8e\xacV\xd8\x18\xe7\xc0\x98\xbb+}s\xf6\xeb\xf7G\x1f\xfd4\xbd˓Ŷm\x96Ƭ\x82\xcd\x0e\x9ae\a\n\xdd\x04\xb3\x9d\xd7?\rs\xfc\xfdLƲ\xd9w\xfb\xb7E\x1b\xd3N\xae\xe0\xdd\xf4\xa1|\x9f\xd9A\x05u\xa3\x9dg\xaeG\x9d\xfa&\xeeh\xe6\xfb{whc\xf2\x9c\xc9q\xcd\xd9\xf5;Dˋjj}9\xb3#\xa7>{k\xb0\xda\xc5\xed\xa6(\xe3\xd2\xe8\xce\xd4m\x0f4njpL\xad\xe3Pޤ\xf4⾪\x8fM\xc6\xf7\xbc\xe7\xde\xc7'\xfcmqT\xdb\x17\xd3lu]\xb9r\xbb\xd4\x0fvɦ\xa8̈\xa3\xff;\x8a\xb4\x8f\xef\xfbqY\u05f8|\xb9\x98Њn\xc5cN\xeb\xaaR\xd6\u007f\xda|\xe0m\xf9\x93L&fF\x06\xc6\xc5M\x8c\u007f\r\x9a\x18\u007f\x82\x83^V\x98\x91\xf1?\v\xab\x013#\xe3\u007f\x83ƙ \x11\x05\x96Ɖ\x06\x8d}\x06\x8d\xddl\x1c\t\xad%\x8c\x82̌\f\x06\xf5\x06\xdal\x1c\xdal\x8c\xac\xac\xecLL\x06\xf2R\xb2!\x19\x99\xc5\n\x99\xc5\n%\x19\xa9\n(\x91\xa0\xe0\x1c\x10l\x10\x00W\xcc(\xe6\x92QRR`\xa5\xaf_^^\xae\x97\x99\x97\x96_\x94\x9bX\x92\x99\xad\aN\x00z\xc9\x19\xfa\x01ޞ\xfa9\x99y\xd9\xc5\xfa\xce\x01\xc1\xf1F\xf1\x86f\xf1\xe6\xa6f\xf1\x86\xf1\x86\xe6\xf1\xc6\xf1\x86\xf1\x06z\x05)i\x06\xf5 \xa7ɳT\x18\x94\x19\x94,(ZP\xb0$\xcf \aW: *\raIz\xe8\xa9\x139\xe9\x1aȂ\x1c\xc0\xc7\"\xc6\"\xd24\xff\x97r\xb1\xc2\xc7\xe9ݛ||\xf79\x1d\xadO;\x9b\xf2\x02\x1avʐ\xb0k\xc0\xaaf!\xc4\xd1t\xcc\x10M\x90\x12\x82\x0f\xe44~PD\xb3031\xb2\xa1\x95\x18̠\x9cQ\xe1_\x15\xa3&\xb8\\o\xdd,\xe7S1\xa6Mnu'\xcc\xfa\xabҶ\xae4\xe2\x90\xe1y\x92\xb7\xf0㉃W\x9e4<\xefٛ\xbc\x91\xe7\xfe\xa7\x9dv\x87\xb8\v\x1d2\xdd\x16\xe7|\x89\xe6\xe7Ut9\xae\xa5m+\xc5}`\xc1\xc13\x1d\xa7d\xec\xd7\x04m\xfb\x96~\xd6'\xf7\xc8>忎\xda,y\xe5K\xc5*^ΎQ>\xdf(Ŧ\x98\x9cuG3p\x93\xd5\xcf\xd9\xdfc7\xea~e\x11g\xab\x9f\xf3¼U\xf7\x9d\xe1\x1e=\xc6\x1fG^g\xf7\x99\x1c\xb5\xb4\xfc6e\xc6ny>9A\xfd\x15=\xec\\\x1e\x8bz\xb2f\xb6\x9al\xd7Jl\xad\x90\xd2̔\x9f\xab\x1a\x10\xc8rJ\xfc\xb0\xa5\x05{\xe1\xf3\x8b3f_\xbd(!:mϣ\xcf'ӵ?rn:7狳\x1a\xe3\xaf\xf0\xec\t+7\xee{az5\xf3\xff\aKQ\xbf=\xf1\x1f\xce[\u007f٧l\xef\x9avd˴\xd8}\xfd\xbc\xf7\x8e\xe7r:}\xee\xfc\xf9\xd1\xfek\x89\xff\xfd\x1d\xa9\x80\x00\x00\x00\xff\xff\xf7^\v\x93Y\x05\x00\x00")) - p.addCertFuncNotDup("0D1\v0\t\x06\x03U\x04\x06\x13\x02US1\x140\x12\x06\x03U\x04\n\f\vAffirmTrust1\x1f0\x1d\x06\x03U\x04\x03\f\x16AffirmTrust Commercial", "\x9d\x93\xc6S\x8b^ʯ?\x9f\x1e\x0f噕\xbc$\xf6\x94\x8f", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xf61hb2Y\xc0\xcc\xc4\xc8\xc4\xc4Q^Φ\xae\xb6rc\x8d\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x03\x17Cn\x03N6\xe6P\x166a\xa6\xd0`C\x11\x03!\x10\x87\x8b\x87\xdb1--\xb3(7\xa4\xa8\xb4\xb8\xc4P\xde@\x16$\xca\xcc#\x86$\xaa\xe0\x9c\x9f\x9b\x9bZ\x94\x9c\x99\x98c '\xcekh``hdihb`f`\x16%\xcekl`hdl\b\xe5Rɖ&F%d\xe73\xb22071\xf23\x1841r15122|\x93\xf6Og\xd7^(\xfa\x95M\xe9\xb4<\xe3\xa6\xc7Ůl.\x9e:\xbb=UE\xae\x9d;\xbc}\xb5\x8e\xff1G\xa3)ῄ\x96G\xf3=ꗗk\x93\\\xbej\xab\xee\xcexޮC\xeb[M+\x8dtw\xcb$\x99\u007f\xda\x18\xede{\xeala\xfcK\xa7}S^\x9c\xb8\xf7S\xc9#\xe5\xd8\xd3\xd5Ǵsײ~\xf8u\x95\xfb\xfc\xac\xa7\x1f\x02\x96t[\xbb/U\x8e\xae\xaa\xfaal\xbf\xe3\xfd\xcc\xe9\x8f\x15\x0e^\xd3\xe8\x8a\xad\xbb\xb1$\xe6J}`\xdf[\tƍ\x93\x93\xf7\xee\xf9\x91\xd80k\xde\xc6sN\x05\x8fVֲ\xa9֪/\xfc\x97\xfff\xb3\x9cʭ\xc7ޡR\f֦[\xaco^\x8f5\xf8\xdb(\xdc\xf9\xe9\x10\x9b\xf6\xdb\xf4#}'\x9d7\xc5d\x8bv2\xedI\xfa\xe3\xf7i\xab\xf1\xaaM\xf9\x97\xb9\x16\x05<\xfef\xfdB\xcf\xe5\xd0\xed4\x8b\x95\xc6a\x1e\x1fs\xa5\x8d{y{\xec\x13\xcc\xe7^>\x95[gR\xc7;\xbf\xa8\xac[z~\xd1\xdf SGW\xa6i\xfa2\x9bf\x15{*n\xf4twu\xdf\xf2>\xcbD\xf0\xa4\xef\xac3\x91ۯ1͋\xf2K\xdd:e\x9d\xf4}\xcd\rb\x1f\xf73\xccc\xb7\x12O\xd9ʲUYq&\xd7T\xeb\xe95\xef\x01\x01\x00\x00\xff\xffn\x88S\xabP\x03\x00\x00")) - p.addCertFuncNotDup("0D1\v0\t\x06\x03U\x04\x06\x13\x02US1\x140\x12\x06\x03U\x04\n\f\vAffirmTrust1\x1f0\x1d\x06\x03U\x04\x03\f\x16AffirmTrust Networking", "\a\x1f\xd2\xe7\x9c\xda\xc2n\xa2@\xb4\xb0zP\x10Pt\xc4Ƚ", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xf61hb2Y\xc0\xcc\xc4\xc8\xc4\xc4Q\xe3\xcfb)se\xa6\xae\x01/\x1b\xa7V\x9bG\xdbw^FFVV\x06\x03\x17Cn\x03N6\xe6P\x166a\xa6\xd0`C\x11\x03!\x10\x87\x8b\x87\xdb1--\xb3(7\xa4\xa8\xb4\xb8\xc4P\xde@\x16$\xca\xcc#\x86$\xaa\xe0\x97ZR\x9e_\x94\x9d\x99\x97n '\xcekh``hdihb`ad\x12%\xcekl`hdl\b\xe5Rɖ&F%d\xe73\xb22071\xf23\x1841r15122li9c,\xae\x97=%';1h\xc1\xeb\xc5\xe7+\xa7\xf8<\x9d\xd20\xf3th\x8aKj\u007fz\xca#\xb6\xc71\xe6\x9e\xdf\xf4g\xb7\xb4\xc8\xe9~J\x98k\xe0w\xa6\xa5\xf5\x91\xcey\xb9y\xff\xccV\x1b\x97\x9b\xba\xdc0\x9d&ek\xf6\xa2\x8a\xef\xc6U\xf7\x85Y\x99\xdd7\xff\xec\xb6ZW\x19u\xf5˵\xc2ݳ&(g\xcf\xda\xdeQ\xd2\xce#\x17\xbfs\x9e\xee\xaf\xd5\xc1\xdawv\x97\xd9M\xf6\xe1\xe0\xe8\x91[\xa4,s%k\xadҮ\x99\x8cz\xb9\xa9\xa7\xf7\xa9\xa4\x85\xaax;\xb8l\x94\xbe\xfe\xf0P\xeb\x81{\x02\xf6\xb6ow\xfc\xf9\xf8Q9\xf8\xce\xfe\xd4\xe9\xf97\u007f:\x14\xf6\xd6\xee\x9dz\xe5ܾ\x05q\xea\xca\xf7\xfe.\xbb\xa0\xc6Ǡ\xf9\xda\xc6\xed\x83m\xc2~\xfb\x80Kw\xd4\x1c\x03牘;\xb1,.\b_!\xdd\xfeV\xf7W\xf5\xbb\x1e\xae\xc7+\xd3:%O;\xfe\xbc\xebb\x96x\xfeQ\xb9ۉ\xdao_&5\x9a\xfd\xbdm\xf2\xb1\xa8\xee3\x8f\xd8\xde-\xa2Ľ\f\x8c\x8b\x9d\f\x1c\xc0\x01)\xcb\xc7\"\xc6\"\xc2.\u007f\xe9\xf9\x9c[\x87\xf2\x169l\xd9P\x15 \x10Pr\xe4\xc4^\x03~\x90\xb40#\xe3\u007f\x16V\x03fF\xc6\xff\x06| \x01~\x90\x00\v3\x13#\x1bZ\"a\x06\x05ng\xf8&\xb1\xaa\x15\x87\xfe^\xbb9{\xb6ɡ9[\x8cD|\x97/\xb9\xfff\xdf\xf2}?\x9coO4?\xb7\xc5H/ T\xcaԯ̹P\xe1\xfd\xe4r?\xd1\x02\xbd\xf6\xc3\aes\xef\x9cު~E'\xecbP\xb0\x95˥\xe2\x13G\xa4YS\xa3\x92&\xcdy\xe7\xd8kx\xfb\xb9ɫHū\x8cU\xd7Sv\xa4X\x9e=\xf9v\xfd[of\x8f\xe5\vf26\xdcI]l\xb6.5\xd2ÿ\xc9\xfbD\xea\xc7p٧\x91z\\\xf697.~}ʹ%'\x84\x81끨o{i\xee\xf6\x88iQws/1,\xf82\xdbc\xdfa\xf3%\xbb\xcc\x1eԴ\xb7N\x97\x12]tOoQ\xf4\xde\xf5\x12?'\x04\x9c-\x88\xfc\xa1\x9e\xee~\xfa\xf8\x02v\xabڋ:\xb19\x92Vi[k\xffN\xccoڸ\x8fc\xf2m\x11\xf7\x8f\x8b̏\xbbγ9^\xbe>e\xc5\xe4\xfb\xdf2\x9b\x9b\x12>y:\x99\xbc\x8db\bi\x95\x113\x9b\xc4\x13\xf3k\xd9\xda\xfd\xb7\x01\x01\x00\x00\xff\xffR\x12çP\x03\x00\x00")) - p.addCertFuncNotDup("0E1\v0\t\x06\x03U\x04\x06\x13\x02US1\x140\x12\x06\x03U\x04\n\f\vAffirmTrust1 0\x1e\x06\x03U\x04\x03\f\x17AffirmTrust Premium ECC", "\x9a\xaf)z\xc0\x1155&Q0\x00\xc3j\xfe@ծ\xd6<", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xfcg\xd0\xc4غ\x80\x99\x89\x91\x89\x89\xa3d\xbaj\xd7q\xfb\xaa\x10\x03.6\x0e\xad6\x8fs\xb6,\xcc\xcc\x06\xae\x86\xdc\x06\x9cl̡,l\xc2L\xa1\xc1\x86\"\x06B \x0e\x17\x0f\xb7cZZfQnHQiq\x89\xa1\x82\x81\x1cH\x94\x99G\x1cIT!\xa0(57\xb34W\xc1\xd5\xd9\xd9@N\x9c\xd7\xd0\xc0\xc0\xd0\xc8\xd2\xd0\xc4\xc8\xc0\xc8$J\x9c\xd7\xc4\xc0\xd0\xc8\xd8\x10ʥ\x965e\x06\x02l\xec`\xb731\xb2\xb1j7\xb20(1'1\xb0\xf0\x1a\xc4I\x8b\xcee\xbe\xb0\xb0\xd2t\xbb\x95ͤ\xaaS\xa22g\x93>\xcfQ\x8ba\xb7}\x1a\xf2k\xf1\xb53B\xaf\xbe\x88Ŀ\xe8\x93\\\xad\xaf\xe7\xf1l\x8d\x84sŚ\v\xe6\x87\xf7n:\xab\xf3\xcc\xfd\x91Գ\xe4\x1d\xb6z\xfa\x15G\xfco\u007f\xe1_\x92\xe1\x13Z\x94=U\xd6O\xc2ij\xc5\x19s\x9b\x89\x8ff\xa7jk.v2p0\x90ec\x0e\x95\xe5c\x11c\x11\x99\xb5^\xb3ꀠ\xa9\xa9Z\xa0\x01\xc3\xe1\xac\u007f\x0eW\xd7]\xb31\xe0\aI\v32\xfega5`fd\xfco\xc0\a\x12\xe0\a\t\xb0031\xb2!\x87:s:\x83A\n\x93\x818\xe7\xe7\xf6\x8e\x80\xa8\xf5'\x0e8\xedw\x8f\xff\x9a\x93\xd5\xf6\xe0\x88z\xc9\x13\x8b\xe0\xeb\xac\xf5\xd2&\x8f\x8f\xe9o>\xc5ic>\xf7\xfa\xf3\x1dn\x1f\xff.|T\xc8d\xe0\x14\xd9\xee|%\xf0\xfe\xae˜FQ\xe7:\xea\xc2m\xe7\xc4;e\u007fe\xd7\xdd\xfa\xa1i\xf2\xcf\xc8\xfcu)\xbf\"\x9ev\xcb=N\u07b7\xb5\xf1l>SO% \x00\x00\xff\xff\xf3\xf7\xa6m\x02\x02\x00\x00")) - p.addCertFuncNotDup("0A1\v0\t\x06\x03U\x04\x06\x13\x02US1\x140\x12\x06\x03U\x04\n\f\vAffirmTrust1\x1c0\x1a\x06\x03U\x04\x03\f\x13AffirmTrust Premium", "\x9d\xc0g\xa6\f\"\xd9&\xf5E\xab\xa6eR\x11'\xd8E\xacc", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbu3hb\xd6[\xc0\xcc\xc4\xc8\xc4đ\xdb#\xe2\xb6q\x19\xd7;\x03^6N\xad6\x8f\xb6,\x8c<\xac\f\x06\x8e\x86\xdc\x06\x9cl̡,l\xc2L\xa1\xc1\x86\"\x06B \x0e\x17\x0f\xb7cZZfQnHQiq\x89\xa1\x8c\x81\x14H\x94\x99G\x18IT!\xa0(57\xb34\xd7@N\x9c\xd7\xd0\xc0\xc0\xd0\xc8\xd2\xd0\xc4\xd0\xc0\xd8,J\x9c\xd7\xc4\xc0\xd0\xc8\xd8\x10ʥ\x86\x15MLJ\xc8\x0egde`nb\xe2g0hb\xe2bjbbd8\"t\u007fe\xfc?ǻw\xbf\xce\xefz\xfcm\xcdC\x9b\x8aY{n|\xa8\xafZ`\xacu\xa7W!z\x9dn\xfe\xf3\xc97\xcd\n\xb22\xce\xf7\x05.n\x8dNgY \xa0\x92\x1f\xab\xd1tpz\xf8\r\x0fM\xe1m\x0f\xf7M\xf4\xbd\xdf\xca\x13,1KNe\x91\u007f\xff\x87E\xadܧ\xbfh\xd6_Z\x12\xf1N\xcd\xf7\xe4\xaa\x15ճn\xfe\xb2\xb8\xe7\x12.\xfa\xf4Gω\x9b\x1e\x8fx\xc5\xd4e\xe5N4\xb7\xaanߵ*\xd4\xf1\f\xb3\x92\xb7\xee\xc4\xde\xeeg\x9d\xebӎ\xbf\xfc\xaf\xfd\xd2fͭK\x9b\x0f?̘\xd3\xf9\xa3\x8a!\xecޗЩ9\xbfw\xa5\xdcM\xea\xbe\xcf]n\xf4:\xe9\x8cڬٻW%5\xfbla\xab28\xa1\xb9\xff-\x9b\xef\xf4\x9d2G\f\xb5\xaf\xc6\xef\t\x16\x12\x9f33\\3\xad\xe5\\\xb9\xfd\x17\xcdr\"b>\xbe[\"\x19\"\xf5\x95\xf9Rٳ\x87={m6_\xf6\xf0~t\xe2G\xfd\xa4\x15ens\x9cR\xed\x96\xc8\x1ddg\x8er\xd3\xdd1\xfd\xf3\xf6\xab\x9bB\x15\xdf\xef\xba\xe3\xc30\xfd\xb7\xc8Tu\xe3\xfd/\x9c\xdd\xdd.q\xcc\x14K\xb0\x9eUw\xe9\xd9[\x8bWo\x18\xe5l<\xc2<9\x8f\xfb\x983\xcc\xeb\xe0;P\xfc0?\xede\x91\xbb\x81\x9d\xc0Sn擳\x9c\x18r\x8eN\xa9K<\xd2u\xbf\xbeI\x8a;\xf2H\xa4Q\xf9\xe6=\t\x99a\x96\u007f\xb7\xb0U\xeb\\K1\xbb\xb9\xd7\xe3m\x8b|\xddR\xa5~\xad\x1dN_\x9a\xb6_\t\x9eP\xe1\xa7+\xf5\xb71\xdf\xe5\xba5c\xc94\xa7\a\f\x8f\xf4\xb2_\x1d}W\xb4f\xf7\xfe\u007f\xafV\xad\xf8q\xe7ۦʮm\xe9Ľ\f\x8c\x8b\x9d\f\x1c\fd٘Ce\xf9X\xc4XD\xe6\x1eH_ƣtS\xed\xab\xeb\xeae\xa9A\x82\xea7\\\xd7$\x1b\xf0\x83\xa4\x85\x19\x19\xff\xb3\xb0\x1a032\xfe7\xe0\x03\t\xf0\x83\x04X\x98\x99\x18\xd9в\a3(qm\x0e\xf7\x15H\xf2\xb3z\xb2\xe6\xd5\x0e\x99\xf5F\xca'6{F\x05\xce)\xd3\xe8\xad\\\x15\xee&~\xf5kз\xed./8\\\xf6K\xb4\\\xe2n8{T\xe8/C(kb\xbb㝭*\xf3l\x8e\xdc8\xf1\xbb`\x9e~Ŵf\x05\xb3{5\xfc\x99\xc2\x1dKK\xcdfp,;v\u007f\u0379\xc7\x11\u05f6\xdb\xdd\xdb\xf5\xf9\xb5\x89ÍE\x8d_+\xec\xf5\xaf.\xfdssѕ8\x16>\xf1\xb5\xff\x1c?<\xddT\xf4˥\xc9\xd8\xe9\x85n\xc4\xf7\xb0\x9e$\xfb]N\x1b\xe6\xf0\xc4\xd4饪\xc5\x04\xfb3l\xaa\xa8[\xc8;S\xb7w\x87lߢ#\x1b\xfe&\\0X\xd2w\x82%i呷\xa6\xf7\xaa\xa6\xbf峈\x9b\xa4?\xb9`\xe9\xca9\xf9\xcbk\x85e\xeb\x8eqxl\x8cK\u007f\x1dȡ\xfa\xf2\x99jv\x90\xe6\xc49\x97,\x8b9\xc2\xef\xcdd\xdb\x12=W\x80\xed\xe1!\x86\x15;d\xbc\x98\xb8D.\x1ct<\xf5\xbb\xc7T\xb1\xb6\xc9\xe2\xd3ʐ\x89\x92\xa6\x93\xa7\xe4fY\x1d\xddtawg\xdb\xe4\x17\xb3O\xf2[-\xafڱ\xf0C\x85ۯ?\xe6\xfaO\xbbZ>\xdf\xff\xc7rsa\xc6\x02}\x95G\x9cSٮN=\xf5Pe\xda\xeb\x9ao\x93Yw\xbf-~\xa9{\xb1\xd4\xf2\xfas\x95\xdb7\xfc\xe2\x9d\xfb\xe7]\x10\xb1\xdc\x1fZ\xe013\xdcp˜w^3\x98\xa7\x19\xc8'\xb0\xbd\x93V\xfeט\xa0,\xe5\x9eԺ\xf4\x8c\xa4IC\xfe\xe65R\x8f\xe7\u007f\xa8\xf6X{\x95\xf1f\xfa\xb6\x95E\x93_\xe9\xa6mݴ㉭ͦ\xf7>=\xaf^\xb3\xef_m:+\xb4m\x8fIJ\xad+\xe2\xb64\xe7dg:\\\x9e\u007f\xe7\xe3\xe1\xcc\xec\x9d\x0fs9\xbf|\\\x15P\xc6UU[%\xbe0t\x9a\xd3LCλ\t\x82\xbd\xac\x06u\xcf\xfa\xdc.\xce\x15\xb9u\\\xfc\t봞#*[\xa5ϋ\xb0or\xf8\xb1x\x9ec\xdb\x1e\x96\v\xd9\xd3Nh5\x98\xfc\xdd\xff\x9em\xf1݈\xa3\xad\xb6v\xfd\xff\xe6i>ض\x833CRF\xc2\x19\x10\x00\x00\xff\xff \x8cQ\x9eJ\x05\x00\x00")) - p.addCertFuncNotDup("0\x82\x01\n1\v0\t\x06\x03U\x04\x06\x13\x02ES1\x120\x10\x06\x03U\x04\b\f\tBarcelona1X0V\x06\x03U\x04\a\fOBarcelona (see current address at http://www.anf.es/es/address-direccion.html )1'0%\x06\x03U\x04\n\f\x1eANF Autoridad de Certificacion1\x170\x15\x06\x03U\x04\v\f\x0eANF Clase 1 CA1\x1a0\x18\x06\t*\x86H\x86\xf7\r\x01\t\x01\x16\vinfo@anf.es1\x120\x10\x06\x03U\x04\x05\x13\tG632875101\x1b0\x19\x06\x03U\x04\x03\f\x12ANF Global Root CA", "\x87\xfa\x9e\xdfRvu\xecIJ o[p\x96\x8f\x9d\xef\xbb\x17", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff\xec\x94\xfbW\x13w\x1a\xc63\x99\x10!\x17\u00ad\x84\x12#\x83\x14\xbc\xa0\xe1;\x04\x10D\xb9\x05\x16p\x154(\x05\xab\xd5!\x99Ȅ0\x81d\x02\xb5P0Q#V\x04\xe5fk\xabK\x05\xc4\xe3\x05\x04\n\xe6(b\x97J\xe8\xca.\x15\x96-^\xb8T\x04u\xad\x88Z\n\x96*쉽\x1cw\xb7?\xec\x1f\xb0\xbf\xcd\xf7y\x9f\xf3\xbe\xe7}\xcf\xf3\x19`\xb0v\x01\x06&\xad\x12\xa6Ct:\x13\n\xf5A\xb3\xef\x01.\xd3f\xa91\xc68ͅ \xb6\x15\r\x18 \x16\xca\x066Lx\x13\x83\xe9H\x8fJ@\x1d\x80\x9d\xe5aͱ\x89\xc042\\\xa5&14\t$Z\xb4y\x9c\xf8\xdf4d\xb1\x16\xc7\x11\x99N\xa3\xc1I\n\xc1\xe4r\r\xae\xd5\"\x18\x85\xa4RT\xc6J\x1f\x9f\xec\xecl\x11F*D\xb8\xd6\a\xd7\xfa\xfcR_.'4\xb8LF\xa8IQ*\x95\xaeB\x96\xa0\x8b\x80\xa7\xa53\x8b\xb3 <\xee\x0fH\xb8\x8eRk\b9&G\xe48\"\xc15\x14\xa1 d\x98ŏ\xf2\xc1\x1b\x16#\x9bck1JT\x98\x16GPD\x12\x8e\xba\x02\x97\xdf6\xb2\x81\x9c\xd9\x04\xa9P\x87\xfd<\xf9\xd7]\xac\x1cm\xa2\x03ľ\x81+\xfcQ\x80\n\xc0\x9b\x16\r\xe68X\x1aE\xab\xd4)\x98\n\x91\xaa\xd5\x14\"\t\a\v\xf8\\T\f\x02P\x80\xae\xf0\xf3\x17\an\xe6s\xc5b\x10\x00\xfc\u007fy\xfe\xffZ\xffv-\x03}\xe1\xebq\x82\xach\xb0\x81Σ\x01\x03\x9dE7\xd0!Zg\x88OfW\xa1\xef\xb1\vN\xe9\xa9\x0f\xcemB\xc2jˠ\xa4\x0f\x86\x1bsB\xf3\xfa\x8fvvʛ\xf4\xf2\x13\xd6\x15.\x11\xcd\xf3\x17\xd9&\x05w~\xbb\xb1\xad7..B`'\x13\x15\xae\xaa\xdc\xc0=;\x90q\xa3\xbe$\xf0\x1b\xa7gb\xd9Xϵ\x16\x87Q\xa3}\xd3W\xc2˃\xf6\xf9\\:{o\x8e\xa3_Q\x95\xac\xee\xc2\xc1!ǀ\xb9\xd1\xeeC\x1c)\xe5\x1b\u007f\xb3JT\xb7\xa5\x84\xfd\xe9\x93#E\xd7\xe4\r㙛G\x15;\xe1\xb45A\x05\x83\xa6=e\xcf[\xed\xfe>2xz*f\xfd\xcc\xc9\x1fx\xed\x95\xd6\xf7&o]\x8e\xef\xc0\x1f\x0fM\x0f>\xc8j9\x1a\x1d>m2\x9abv\xee\x1a\xaf\xbd\xebq\xf2\r\xd1\xf6\xca\xe4M0.\\\xddr\xc7\xcb\xfc\xa2\xb2f\rw\xf8#j\xa11\fTK\xdcM\xf4 C\x8a\x87bPb\x9e=\xb3\xad\x19\xfd1S9\xf2\xdd\xf91\xd1͋\xf9\x9eV\x81\u007f)z\xd0\xf7Y\x8f`\xc3D\x11\xe1\xf3\xe7Ƥr\xd7?-\xbd\"1v\biY}\xf1\x15\xcd\xc1t\xe5)\xb3R\xbf嬠V\xbcTa3\\\xb5\xa1|\xec\xf6\xe77\xec\xfa\xa2\xc8V.e\x9d\xf3\t.nn\xf7U\x8fVn<\xac\xc9\xfbAe\x05\xab\x8f\x1f7\x87,)\xef\xc8Z\xa7\xddK\\\x8d\xeaN\x17\x14'ú\xcfJ\xf3\xa7%\x03\xf8\xe6\xd2\xfd\xf5\xbdn\xa8o\\\xeb\x01MLʲ\xf4\xbb\n\xaf\xbd;.&\xec(Y\xdd~\xe3rH\xbe\xe9Н\tǬБ\xccE\xd2\"\xafx\xc7\xfe\xa9Қ\x0f3\xf36.n$\xff\x91uIZR\xfe\xf5G\xa9\xbb\x83\x13\xd3\x1a\x8f]\xbfi]\xf6\xf6'9\x93\xb3\xd5W\x1f\x0f\x85\x8d=\xf1Vl\xc3ۼFv\x99\xbf\x99\xd7\xf9O\xde}\u007f\xd7\xc3\xfb\x1c\x8a\xb9Q\a=\x0fW\x85\xd8F,\x8d06\x15\x1c\x10\x0f\x18\xf6\x9f\x9b^\xa3\xac\u007f'\xecj\x8d\xfb\xd4\xc9\xf7*\x93\x9f~\x9f\xb4\xd69ͭ\xf7cZ\x81VF\x87!\x1aTe\x80\xf2\x80\x01z\x1f\b\x99\xf0&\xa1-Ù\xe1\xb4o\xe6\xf8\xb04K\xf7(v\r\xa2~'\xa3\xa2\xf8\xd8\xc4%>p\xb3\x94=\x18.\xc0y\xd7\xef\x1bx\x16\x83#\x04\xcd1\xac\x00\fAs\xc0\xd6\"\xf0,\x02\x03\xa6CL`\x80,\xa1\x17\xda3\f\x10\a\x18 k\x83\xfd\u007fѥ\u007f=\xf0\xd5\xfa1\xa0\x1fA\xfd\x80\xaf%\xe26\x1c\xefh\rF\"\x89\x04f\xe1I\x85k\x11\x89ZCi\x11\tFa*\x8cĵ\"$((@\x84\x80@\x80\x06\xfe\n˼\xd7\xc1\xff\x9f\xf1\xfc=Ғ\xc1\xdb?#\xbb>\x96\xd4\xca4\x04\x85!8\x89\xe0*d\x1dA\x12Z\n\xd7\x10jD\x8e\xab\x90X\xf2շ\xc6\xd25J\x9b\x81}ـ!2\xf5+'\xa9K\xc75j\x84|5\x04S!\xe8\nT\xe4\xe7'\xfe\x8f_>lA\xb3\xc0~\xaa'a\xc7\xf5\x88\x14\u07beD\x0f4\xe8)\x05\xb4Y\xab'\x86\xd8[[!\xbe\xf49\xf6\x02>\x805_<\xe16Y\x845\x9fʝ\x98\xec\ue6b7\xa7\xf7轷\x18\xc5E\xb85\xf3\x05\x03&\x92J\xe1c\x04\xaf\xfe\xd4\xc3ۏ\xa9\xb4Z\n|\xe5\xf0GBW\xf7\xbc\x97?~\u007fa\x83h\u007f\x97\xbb\x90*=\xf0\xfe\x95V\x87k\xf5\x97\x8c\x8b;\xa2R\xbb[\xb7\xb0\x1eT\x17\xbe\xf50\x1b\x87#T\xef1\xa4!桖\xd9/\x96E\x16\xba\x1fB\xcbt\xbau\x9d˷gS*\xe1\xc0\x8bOgW]\x12{\xb2βx\xa3\x8c\x99\x00\xdeV]P\x96ܽ\xd8\xf9\xe53Rp{(\xfaʊ\x12;\xd6-\xabE\xec\xb5]\xcb\r\x1b#o\xca=\xfbB\xdd?\xfe\xee\xc7\x01ە\xe5\x91g\x92c*r\xfdǽs\x1a\xfe\x15\x00\x00\xff\xff\xd5ЈX\x1c\b\x00\x00")) - p.addCertFuncNotDup("0g1\x1b0\x19\x06\x03U\x04\x03\f\x12Apple Root CA - G21&0$\x06\x03U\x04\v\f\x1dApple Certification Authority1\x130\x11\x06\x03U\x04\n\f\nApple Inc.1\v0\t\x06\x03U\x04\x06\x13\x02US", "ę\x13l\x18\x03\xc2{\xc0\xa3\xa0\r\u007fr\x80z\x1cw&\x8d", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x9dd\xd0\xc4\\\xb5\x80\x99\x89\x91\x89\x89\x83\xf1\xc1ӭ\xcd\xe9\x8b\x1f\x18\xf0\xb2qj\xb5y\xb4}\xe7ed\xe4ae0H7\x946\x90dc\x0eea\xe6\x11r,(\xc8IU\b\xca\xcf/QpvT\xd0Up72T3P\x01Ir\xf3\xc8B$\x9dS\x8bJ2\xd32\x93\x13K2\xf3\xf3\x14\x1cKK2\xf2\x8b2K*\r\x85\r\x04A\xea\xb8x\xb8 \xea<\xf3\x92\xf5\f\xb9\r8A\x82l\xc2L\xa1\xc1\x06r⼆&\x06&\xc6\x06\x86\x16\x86\x06\x06\x96Q\xe2\xbcƖH\\\xfa9\xa4\x89I\t9\x10\x18Y\x19\x98\x9b\x98\xf8\x19\f\x9a\x98\xb8\x98\x9a\x98\x18\x19n\b\nyx\xdc\xd2\xec\xf2<*s\xfcM\x9eq\xee?\xdf\xdf\x0fd\ueb49{d\xb6\\\xe5g}@\xb6Ϲ\x9d\x06!\xeaO7_{\xab\xfa\xcc`\x1b\xaby\x9c\x88\x92\xe0\xd1\x17\xab\xa4/\xfd\xdet\x89s\xaaŒ\xf7Z\x9e=\xb1v\x85i\xcc\x16\xbfž\xb6v<\x89\x9a\xc4\xc3b\xf4\xe9\x84\xc3\xef\xa0\xf8\xf9\xdf\x0e||\xbc\xcbuA\xc0U\xa1\xeeOw\xefMlS\xfe\xf0u[\x91\x1e\xe3-\xeeoz\x96\x1c\xf1\x92\v\x93\x1d\xb9e\x96O9\xd8v$X\xbf\xec\x1b\xd7u\x9e\x8b\xcd\xf6R\xc1\x92\x9fï\xaa\xd7\xff\x11\xde\xf1cR\xef\x9f\xcb\x1a\xce6[3\x18TcՓ.\xdf\r\xbd\xeb\xa20\xa1\xd9t\xf2\xd1\xfd;$\u007fg?\xbe\xc3\xe1\xf4l}\xee\xafy\x0e\xa7\xfcZ[+<7^?|\xd0\xc0\xd2hu]\xfc\xaa\xcb\xdd\xf9\xf3u\xa5\x143\n\xd27/\xfe8\xc31wb͏\xeb\xb7W<\x8fW\x94\xea1\xdeoX\xb2}\xc7\xc5/\x0f\x94\xbe\xec/2\xb9\xff\xbdѷ\xb06p\xe1\xa3\xcd\x1f.k\x88\x15\xe7\x9f=\xb3ּ\xd6\xef\xf5Z\x87\x87\xf6\x8d\u007f\xbf\xdbr\xd9-\xfa\xb8\xd7p\x9af\xe4\x9dC\x92\r=\xd1%\xc7t.\v\x04\xabɊ\xf8\x1f\xb9ҘfӞn\xac.\xc2\xf1rKy\x8bIP\u007f珌\x19\xe2\xfb\x0f\xef^%6D\u007f\xc5\xf1\x9a\u07fc\"\xfbDmUL>ͺS꘦\xb4\x85\xf1\x1a\xf7\xfa\t\xf3x^%\xfd\x98\x1di\xc3\xf1h\x9aɓ\xe4{{̯\xbc\xe6\xe9`v\xe6\x0eX\xbf\xc0\xe4n\x80\xaf\xe8\xef(\x95\x1b<\xbfx\x92\xe7\xc93o|\xf8\xee\xe1*\xe7/i\xa9\x1a\xe6L\x86\xef\x19\x8f\xcb]<3?\xf7T\x88\x95\xc3\xeds\xe7\xfdݺ\xbdRge\x1d\xcbȹ~f\xa6\xb4\xfb\x86\xa2\xc3\xe5\xfdG\xbe'\xce)\x91?\xf77{\xe1\xa19S\x9aVOY\xf4|\xaf\xf4\xae\x9d\x05\x96Sŏj~\xb6\x8c0\xf9zdɱꄝi\xce\x01\xf6y\x89\u007f\xf8~\xb6\xadJ\xe0q\xf6\x9e\xca\xc4\xcc\xc8\xc0\xb8\xd8\xc9\xc0\xc1@\x96\x8d9T\x96\x8fE\x8cE\xe4\xc8L\xe1\x1c\t\xe6C\xd5\a\x16/\xe0\xad/j\xa8\x92)W\xeb5\xe0\aI\v32\xfega5`fd\xfco\xc0\a\x12\xe0\a\t\xb0031\xb2\xa1e5fP\xe2\n\\\xf6\xf9ї\x1d\xb6\x93\xf7\xeb\x9e\xe3\xdf\x1d\xfd0T\xc4\xcf\xef\xe2\xd3s\x95\xb1\x8d\xf5\xff\xb6}h7\xfe\xf1~\xcaӺ;Y\x95\xcbe\xf6}\x98\xb2}\xd9E\x839'x\xb9J\xe7\xd5N\x9aZ'1\xb7\xeePaf\x8dȫ\xf3\xcd|OD\x9c\xe6\x95\xf0\t\x9c]-\xb5K0\xb1\xb1\xe2\xc6ǭ\xae\x0e\x15\xabW\x1c8\xf7\xbb6\xd9<\xe3\xdb\xf3\xdf\xeb\x8f\x1d\xf6~#o\xa6&\x1c\xd26\xa5h\xd3+\xa6\xb7ݹOx\x96M8\x10^z\xbeǩ6\xe6\x99a\xed瓛&e\xba\xf1u\xfcx\xac\xeb\xb4\xc9b\xc52\xc9ޏ\xf3Ͼ\xcbJ\xdd#\xb5Au\xefrͿ_\xec\x16\x95z\xee\x9fw\xfb\xe4\xf7\xe5r\xc93\x1fƸ\xfd\x9f\xc4\xda\xf3KN\xe1g۔0է[\xc2-\xe6\xbe\xeeH\x11Q\xf4T\xb4ܟ\x94\xb6r\xe3\xa2S\xf9\xf6\x8a\tG;\xaf\xb8\x9a\x9d\x98Q\xb3\xf7ۿ\x99\x9e\r\xd6:\x97\x96-\xef`f1\x94ܾ\xcd*\xd1\xf5\xd7\xc9O\xca'\x92\x8b\xf7\x87u\x1an\xb8Y\x93\xb4\xbcZtEG\xd7j\v\x87Cg\x84\xfe\x8b>\xfe`~\u07fc\xe8\xf4\x99\x19\xcf\xf6/\xda\xf3K\xad\xab0\xec\xfas\x15i\x0f\x17\xbby\u007f\xe6\x9f<#\xf5\xc6نq\x8fIʼn̯Ǟ\x85\xbda\xe34\x9b\xf0Z\xc4K:\xeed\x87\xf2-f\x83\x89\xdc;\xcc\xec~>ߪ\x91\xbf\xcf\xfe\x8dM\u007f\xaa\xec\xd3\x03r\xedKV\xed\x9a\xf1w\xd2\xe3\x1c\xb5\xf2\xbbl[R\xd8ڿ\xf8]\xdb\xe5\xb5Jl\xc5\x17\xd6\xf4\xb4i\xbb\x1e\x85V\x1e։\xf5\xeco\xf0\xd4\xee\x12:^\xd6\x10x\u007f\xd7\xde\xd4X;s\xf7d×O\xbf\x1c\xb5\xf7^\xcb\xd2UU\xa8\xb3\x9e\xd3ٜ\u007f\xc5c#\xff/\xae\xdbr\xa7\x9b\xbdi\xf9\xca\xc5\xf8J|wk\xaf\xd3\xe4\x82\xc3\x01OE\xba\xf7\xdb\x1fv俫Ģ\xccѵ+\xb7\xd0eu1\xa7\xd5ɟA\r\x9c\xf7w\xbd|&vJO\xcfg\xd3\xe5;OYB6]1i0ں\x87_\xfc! \x00\x00\xff\xffv.GO\x96\x05\x00\x00")) - p.addCertFuncNotDup("0g1\x1b0\x19\x06\x03U\x04\x03\f\x12Apple Root CA - G31&0$\x06\x03U\x04\v\f\x1dApple Certification Authority1\x130\x11\x06\x03U\x04\n\f\nApple Inc.1\v0\t\x06\x03U\x04\x06\x13\x02US", "\xbb\xb0ޡX3\x88\x9a\xa4\x8a\x99\u07be\xbd\xeb\xaf\xda\xcb$\xab", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbr6hb<\xb9\x80\x99\x89\x91\x89\x89C\xf7蟎KG\xbd\xa7\x1ap\xb1qh\xb5y\x9c\xb3eaf6H7\x946\x90dc\x0eea\xe6\x11r,(\xc8IU\b\xca\xcf/QpvT\xd0Up76T3P\x01Ir\xf3\xc8B$\x9dS\x8bJ2\xd32\x93\x13K2\xf3\xf3\x14\x1cKK2\xf2\x8b2K*\r\x85\r\x04A\xea\xb8x\xb8 \xea<\xf3\x92\xf5\f\xb9\r8A\x82l\xc2L\xa1\xc1\x06r⼆&\x06&\xc6\x06\x86\x16\x86\x96\x06fQ\xe2\xbcƖH\\\xfa9\xa4\xcc@\x80\x8d\x1d\xec\u007f&F6V\xedF\x16\x06%\xe6$\x06\x96\x19/\xf5m\x1d\x8a\x96\xbc\x9d\xacT\xd4(,sW`\xeaǣ\x8b\xfd\n\uf208\xdd\xe4{\xba\x8cU\xab<\xa5:\xde\xcf\xe2\xf2n\x19\x97\xad\xf5_\xe5\xb7\x19%Ş|\xd9\x12\xedo\xe0/\x18\xc5\xf07\"\x82g\xe9W~\x1d_vw\xe1\xd2[ӧO\xcf7\x8cy\xab=\xb7Z\xc1\xfa\xc6ΐ\x9bq3\x97X\x05r\x19.v2p0\x90ec\x0e\x95\xe5c\x11c\x11ٽ\xe1\xde\xc2\b\xe3\x8eYK\xbaf\xde۷\xf7\xf5\xfa[\xa7UV\x1b\xf0\x83\xa4\x85\x19\x19\xff\xb3\xb0\x1a032\xfe7\xe0\x03\t\xf0\x83\x04X\x98\x99\x18ِc\x8e9\x83\xc1 \x95ɐ\xa1\xf9\xe5\xc1#bqR\xb1&\x127߾\xff\x92\xc3\xc7\xe0\xe6\xbd\xe3\xfe&7\xc1\xa3\xfc\u007f\x9fU\xf5,\\\x96}\xee\x10\xf3\x959_'\x1f+ّu\u007f\x95\xb2(\x93AnZ\x97\xc0\xa9+\xbcW\xfc\xcf\xf6:\xdbm\xe9J^j\x9c\xf78\xf7\x96\xf8\xf6\x14\xf9\x13\xc1j?;\x92J,\xb9ţO\a\xae\xe0y!\xc1\xfc|\xd1&\r@\x00\x00\x00\xff\xffJ\xb1L\xb3G\x02\x00\x00")) - p.addCertFuncNotDup("0b1\v0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\n\x13\nApple Inc.1&0$\x06\x03U\x04\v\x13\x1dApple Certification Authority1\x160\x14\x06\x03U\x04\x03\x13\rApple Root CA", "+\xd0iG\x94v\t\xfe\xf4k\x8d.@\xa6\xf7GM\u007f\b^", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xd9m\xd0ļx\x013\x13#\x13\x13#\x93\x01/\x1b\xa7V\x9bG\xdbw^FFVV\x06\x83$Cn\x03N6\xe6P\x166a\xa6\xd0`Ca\x03A\x10\x87K\x98˱\xa0 'U\xc13/Y\xcfP\xcd@\x05$\xc8-,\v\x11tN-*\xc9L\xcbLN,\xc9\xcc\xcfSp,-\xc9\xc8/\xca,\xa94\x143\x10\x01\xa9c\x16慨\v\xca\xcf/Qpv4\x90\x13\xe7503012524106\x8b\x12\xe756502\xb0\x84r\xe9\xe2\x86&F%d\xaf3\xb22071\xf23\x1841r15122<\x99\xb8\x92S~\xe2m9\xf7\x80\u05eco\xe3*[t_\x9b-\n\xf7\t}\xd3-\xd9y\xef\xa7w\xceW\xf6\xd5J\x06L/$\xec~\x04p^\xaew\\1\xe3\xe7\xc5SisT\xb2\x05/,\xde\xfdDZ\xeb\xb0\xfc\xd4yU\xc2\xef{N$\xf3\xe2Iɢ\xaf\xb1|W\xeb\xe3g\u007fRe\xde\x15\xda\xef\x1b\xcb\xfb1\xc5TY\xd4[4Rv\xf3\x94\xef\xdf\xe6\xcc;\x1f\xb0\xeb`D@z?\xc7\x16\x85\xef\xa7\xd7\xe8(\xe4\x17l\xb3g4\xe8\xd9\xee|\x9e\u007f\xae\xedgmO\r\xa9\x13\xff\xcem\xdd\xc9w3N\xe6\xdaiۭVk\xbf\xf0\xf31L\xe2ި(\xa6WrՆ\xf7v\x92\xd8\xeaŅ\x93܃C\x0f\xae\xd7w\xdc\xfc\xe3\xf7コ\xcf\x16\xfb\xb8\xd6\xc9\xfbd\aLs\xec\x98\x95\x9c\xa8o\xd0x\x18\xae\x98ɠq\x9bT\xe3\xe6\xa0Ԝ\xccļ\xe4T\x85\xfc<\x85\x92\x8c\xccb\x85dx\x82IUH\xaaTH̫T(H,*\xa9TH,..\xcdM-VHLNN-(\x81\xe8IS(\xc9H\x05\xe1<\x05\x90\x1d\x99ɉI9\xa9\n\xc5%\x89y)\x89E)\n%\xa9E\xb9\xc5\n\x89y)\n\xc9\xf9y)\x99\xa0$X\f\xd2TZ\x9c\xaa\x83bQA~Nfr%D%J\x82-(JL.\xc9L\x06\x9bY\x92\x9a\x9b\x9aWR\xac\x87\x965\x99A\xc92\xc6l\xa6\x8fn\xc5\xf6\xb7=\xb3\xef|.\x9f\xfd\xa9\xecR\xb9\x81\xffA\xf9\xd6\xe6V陶\xee\xe6\x9fV\xcev\xe8ӹ\xb2q\x82Ѝ}_\x8ag\xbf\xbb\x94\xc2\u007f\xba\xd2\xdf\xe4\xc6\"\xbb\x9f\x15\xff\xb3O\xb0\xbf\xa9\xb5l\xee\x0eV\xb8lqd\xe3\xfeY\xfe\\\xd9\xff\xb5\xffD.g\xe5\xac\x11w\b\x13\x94+\xb9\xbc\xbd[\xd9\xda}\xf1\xd5|\x95G\xaf/n/\xb8\xcf\xef\xfaP\xfd\xd4\xc7܊\xb7Ϸ\x8a\x8b\xaf\xb8S\xa7dzJ\xf5\xeaM\xfek\xd9W\x16\xa9(\v~_\xb8\xa6\xbf\xb81\xe1\x98t4\xa7\xfe\xa4M?\\<>$X\xcc\x13\xfdj\xab\x96\xae\xd0e\x9c\xf5\x9d\xb7\xe9\xfc\xbd\u05cb\xf5\u007f\x06gE\xa7\x1cH6.\xffnŮ\x13\xf6\xfa\x16\xbf\"߭]Œ\xfe[o\x9a\xd5\x1fl\x0f\xbd\xb9|\xe6N#\xa7\xdf7\xae\x16Ϋ[\x18\xb4]z\xefd'\x15!\xad\xe3\xfc\xb2\xdb|\xe7\xc4%\x9f\xf0n\x10\x0fX\xd5u\xf5֓?\x178\xd9\xcd7\x94\x96*\x02\x02\x00\x00\xff\xff7\x80`d\xbf\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\x861\v0\t\x06\x03U\x04\x06\x13\x02US1\x1d0\x1b\x06\x03U\x04\n\x13\x14Apple Computer, Inc.1-0+\x06\x03U\x04\v\x13$Apple Computer Certificate Authority1)0'\x06\x03U\x04\x03\x13 Apple Root Certificate Authority", "+\xd0iG\x94v\t\xfe\xf4k\x8d.@\xa6\xf7GM\u007f\b^", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xdde\xd0IJh\x013\x13#\x13\x13#\xa3\x01/\x1b\xa7V\x9bG\xdbw^FFVV\x06\x83\xc66Cn\x03N6\xe6P\x166a\xa6\xd0`CY\x03i\x10\x87KXı\xa0 'U\xc19?\xb7\xa0\xb4$\xb5HG\xc13/Y\xcfP\xd7@\x1b$\xcd-\xac\x82*\xad\xe0\x9cZT\x92\x99\x96\x99\x9cX\x92\xaa\xe0XZ\x92\x91_\x94YRi\xa8i\xa0\x0eR\xce,\xac\x00Q\x1e\x94\x9f_\x82]\xa9\x81\x9c8\xaf\x81\xa9\x81\x91\xa1\x81\x81\x81\xa1\x85\xa1I\x948\xaf\x112w\xf08\xb4\x89Q\t9\x10\x19Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x19\x9eL\\\xc9)?\xf1\xb6\x9c{\xc0kַq\x95-\xba\xaf\xcd\x16\x85\xfb\x84\xbe\xe9\x96\xec\xbc\xf7\xd3;\xe7+\xfbj%\x03\xa6\x17\x12v?\x028/\xd7;\xae\x98\xf1\xf3⩴9*ق\x17\x16\xef~\"\xaduX~\xea\xbc*\x9e%\xee\xdd\xd1W\xc4̍O\x1f\xe1\xf7='\x92y\xf1\xa4d\xd1\xd7X\xbe\xab\xf5\xf1\xb3?\xa92\xef\n\xed\xf7\x8d\xe5\xfd\x98b\xaa,\xea-\x1a)\xbby\xca\xf7os\xe6\x9d\x0f\xd8u0\" \xbd\x9fc\x8b\xc2\xf7\xd3kt\x14\xf2\v\xb6\xd93\x1a\xf4lw>\xcf?\xd7\xf6\xb3\xb6\xa7\x86ԉ\u007f\xe7\xb6\xee\xe4\xbb\x19's\xed\xb4\xedV\xab\xb5_\xf8\xf9\x18&qoT\x14\xd3+\xb9j\xc3{;Il\xf5\xe2\xc2I\xee\xc1\xa1\a\xd7\xeb;n\xfe\xf1\xfbq\xc1\xd9g\x8b}\\\xeb\xe4}\xb2\x03\xa69v\x1e)I\xe2\x16hvl7\xeej\xdch\x10\xf1&\x8aŨ'cs\xbf\xec\xbd\xd4\xe2\xff\xe9q\xa9{\xe5\xa4.\x133#\x03\xe3\xe2&&}\x83&&m\x03>6\xe6PY~F\xc6\xff,,\xccL\x8cl\x06\xfc \xbe0\x88\xcfj\xc0\xcc\xc8\xf8\xdf@\x16$\xc0\xc7\"\xc6\"\xa2}!\xd3}J\x19\xe7\xbf/ٽz\x0e˾\xbb\xfb\xd6s\xc4\x19ȃ\xa4\x95Y$\f\xc4\x1a\xb0+hb\xd4\x04)Q`ibT0hb\x941hb\x94\x80\xc6Nr\n+\xa3A\x13#\xa7\x81#\x1b\x876\x1b#++;\x13\xa3\x98iFIIA\xb1\x95\xbe~yy\xb9^\"(\xb2\xf5\x92\xf3s\xf5\x93\x11q\x9d\b\x8bj\xfd\x92Ԣ\xdcb\xbd\x8c\x92\xdc\x1c\x83\xc6\xc3p3\x98\f\x1a\xb7I5n\x0eJ\xcd\xc9L\xccKNU\xc8\xcfS(\xc9\xc8,V@2B!\xa9R!1\xafR\xa1 \xb1\xa8\xa4R!\xb1\xb8\xb847\xb5X!199\xb5\xa0\x04\xa2'M\xa1$#\x15\x84\xf3\x14@\x8e\xc8LNL\xcaIU(.I\xccKI,JQ\x00۬\x90\x98\x97\xa2\x90\x9c\x9f\x97\x92Y\x92\x99\x9fW\f\xd2TZ\x9c\xaa\x83bQA~Nfr%D%\\83?O\xa1\xa0(1\xb9$3\x19lfIjnj^I\xb1\x9e\x81\v(\xa8\xe4Yl\r\xac\r,\x17\x98/0m3&!4\x8a\xf2\xf3K\xf4\x92\x8br\fBaA\xc1\xc8\xc8\xe2i\xe0n\xe0\n\xe3\x1b0\xb5Y\x92``rbqfz^j\x114\x88QK&fP^\x9a{KW#B\xbf\xb6\x8ce'\xcbe\xbbs\xdbӒ\xfd\xfa\xf5\xaf\xfc\xf3^[\xb4w\xb1\xe5\xb1 _\xd6\x19A_;\x03\x19U*\xf7I\x19}\u007f\xea\xd2\xed\xed\xc2n\xd9t-\xea\xd4\x16\x85\xb8\x9b\xebDce{d\x8d\xf6[\x18&y\xc4\x1e\u007f8a\xe3\x0f\x15\x87\x1f\xf1\x11\xb3\x03c\xc3\xe7\x1e|\xfa\xdf\xe6L\x91bޑ\x97/\x17\x96_\xd7\x11W;l\xffz\xd6\vn\xe6]/7{\x15\xbd6\xe6\x8c^\xfb,\xc90\xeb\xc5z\xfd\xab\xeb\xe5\xc2\xcb\xfa\xeb\xcdu\xf5\x98b\xee&\x9f\xfcT\xb8C\xcd\xe1\xbeho\xa9\x8b}\xe5\xdeg\xb23\x1f:\xebح\xcd߷s\xc9?>S\xc9\xc0䍇\xefm\x9dd\x17X\xc1XܵD\xf9Ԓ\x8e\x8fr1\xf2\x8eb\xbauS\xb9V\xbd\xect\x9c!-u\xf7\xb4\xc2~\xf78\x1e\xb5\xa3\xa1\xa6\xbe\xc7\f\xbag\xa6\x8b\x1c\xe7\x94\xdf\xe5~\xfc\x16#g\xbb\x8a\xd3Խ\xc2\t\x92\\\xef_\xd5\xf3\xe5\x9d=\xe8\xe2l\xe5u\xf51 \x00\x00\xff\xff\x1c\x85\xc1\xf9\xbe\x05\x00\x00")) - p.addCertFuncNotDup("0X1\v0\t\x06\x03U\x04\x06\x13\x02JP1\x1c0\x1a\x06\x03U\x04\n\x13\x13Japanese Government1\r0\v\x06\x03U\x04\v\x13\x04GPKI1\x1c0\x1a\x06\x03U\x04\x03\x13\x13ApplicationCA2 Root", "V\xa7\xac\xaa\x02\x1d\xb2\xac=\x90\x0e\xa0o.A\xc6v\xe7{\xda", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xfen\xd0\xc4t\u007f\x013\x13#\x13\x13\xb7\xa1\x91\xa9\xb1\xb9\x91\x05\b\x1a\xf0\xb2qj\xb5y\xb4}\xe7ed\xe4fe0\x880\xe46\xe0dc\x0eea\x13f\xf2\n0\x941\x90\x02q\xb8\x84\x85\xbd\x12\v\x12\xf3R\x8bS\x15\xdc\xf3\xcbR\x8b\xf2rS\xf3J\fy\r\xb8A\xb2\xdc\xc2,\xee\x01ޞ0\xc5\xcc\xc2\u008e\x05\x059\x99ɉ%\x99\xf9yΎF\nA\xf9\xf9%\x06r⼆\xc6\x06ƆF\x86\xa6\x06\x06\x06\x06Q\xe2\xbc\xc6\xc8\\\x1a\xda\xdcĨ\x84\xecMFV\x06\xe6&F~\x06\x83&F.\xa6&FF\x86e\xab֪\xa6^c\x10\xbc\xf6\xa2\xaal\u0557g[\xbc?\x9f9\x1c\xb4\xa5w\xcd2\xff\xad\x93\n\xf3ݶ^]\xdb-\xa4$\xaez\xce\xf5\x85HU\xeb\xac'\xca\x02+~mL\x0fx\x9a\xeb\xfe \xabS\xf8\xf1\xbau\xa6\x1f\xbf8\x1de\xfd\xee;\xbd\xceF\xe3\xcf\x06\xb5\x89r=r\x16R\xd3\xeeD\xb8LOzlt⢨\xa3o錊}\xab3Vƽu߷dW\xdfB\xa6\xe9\xf7&\x97\xcc\xccM\xdfª\xfanʉ\xb7\xab\x96\xec2\xcaq\x12|\xbd\xef\xb48ۄ\x87\x93[O\xa4h\x9c\x93w?~ 6\xe1]\x99\xd9\x1dc\xeb\xc0\xd7\xd5\xe7\x8bn\xf0W\xac\x90l\xe2\x98`'5\xa3\xb7o\xcbyQ\xb3eyw\xb7?\xf2uP\b\xbeY\xa6u\xa1bM\xe7\a\xffn\xa3\\\x97Wz\xbb6\xac|\xddyw{~%\xff\xeaƼ\x1dϺ5\xb9#\xd7o\xf3\xe4\r\xd4Y\xf9w\xaeFrڎ\x82\xa9ųn\xfc\xb26\xde\xe3\xe4$m\xb4f\xa3\xd1o[&fF\x06\xc6ō\a\r\x1a\xf7\x19Ȳ1\x87\xca\U000b1231\x88\x84-_\xb3\x8aIv\xd3\x1a\xdb\t|\v\xf2\xf5\x1c\x8f\x95=\xaf\xbee\xc0\a\x92\xe6gd\xfc\xcf\xc2\xc2\xcc\xc4\xc8fP\x03\xe2\v\xb2\x94\x1a\x14/)4\xc8G\x8dA\t\x031p\f\xf2\xf0?\x9b\xbe\xf4ٜ5Og\xef}6e\xff\xd3]s\f\xa5\r$\xc1\xb1\xc7#\x04\x11x\xb1\xaa\xf7Ŋ=O\xe7\xefz>{\x89\xa1\xa6\x81:8.y\x14\x1e7-z\xdc<\xfdq\xf3\xaa\xc7M\x1b\x1f7\xefyܴ\xfdq\xf3\xf2\xc7͛\xe1\x11\xcb\x0f\xb2]\x18\xe4\x1aV\x03fF\xc6\xffh\x89\x99\x19\x14\xb9\xf5\xb38Kװ_,*\xd1+\x0f78\xc42\xe7Jò\xe6\xe7K\x17H\xcf\xff\xb7\xfas\xc3ޫ^\x8b\x17\xf6o\xf3I\x10|~\xeaaB\xe3u\x8f\x83\n\x91K\x13\x8d\xba\xe7Λ~9\xad\xf9V\xaa^\x84\xdd\xed\xa7\xfaK\xcf\xf6\x14/\v\xdc\x17\xa1\xb1\xa02&S\xdf\xf9~\xf2\xa6N\xf7S\xbb\xef\xed4\x11L^\xc0\xa7*\xfe\xb4\xfd\x8b\xec\x86\rK\xcf;\xae(9\xf6\"\xf8\xaaӗ&\xdd`N\xc1\f\xb5\xc2)\xa5¾\xab\xca:lJ6^{\xec\xe3\x9ft\xd8\xd3\xc7/\xf7cA\xdd\xe1\xfae\xacg*f\xbfl\xbc\xbd\xe2\xc4\xf1\x98y\u007f&M\xd2]6\xfd\x93\xc5ּ\xe2\xa9<\a\xec\xcf-\x9bb\xb0\xf5\x17\xeb\xf6{\xf3\x14V\xfd\x11N9ٵ+\xe5\xfd\xa3\xe4'7f\xac\xcb\xdej\xb7,t\x87\xb1\x9dN\xd1o\x1dA\x86\xdf\xd1b\xfa-\x97\x84\xe7\xfdb=z\xf0t\x91\x9f\xd2ݖS\xde{.\xe9\xb6I\xb1\x94E\xca{:%Y\vˋ\xbd\xd8u\xfd/ \x00\x00\xff\xff\xa6\xd9\xf8I\xfb\x03\x00\x00")) - p.addCertFuncNotDup("0<1\x1e0\x1c\x06\x03U\x04\x03\f\x15Atos TrustedRoot 20111\r0\v\x06\x03U\x04\n\f\x04Atos1\v0\t\x06\x03U\x04\x06\x13\x02DE", "\xa7\xa5\x06\xb1,\xa6\t`\xeeї\xe9p\xae\xbc;\x19l\xdb!", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb.7hb\x8a_\xc0\xcc\xc4\xc8\xc4\xc4\x11c|:I'~\xb3\x91\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x03\x1bC9\x03\x196\xe6P\x16f\x1eQǒ\xfcb\x85\x90\xa2\xd2\xe2\x92Ԕ\xa0\xfc\xfc\x12\x05#\x03CCC^\x03n\x90<\x17\x0f\vHސۀ\x13\xc4e\x13frq5\x90\x13\xe7544070741\xb506\x88\x12\xe7560426426\xb54\xb5\x8c\xa2\xd0\xf4&F%d\xe72\xb22071\xf23\x1841r15122Lm\xb5\x9e\x9e\xafe\xadg}~\xd9gM\xd3}\xe7%\xd6ح\xba\xf9\xc3w\x81\x9d\x94\xfb\xce=\xb3\xee\u007f\xfaw\xc6\xce\xfdEմC*}\xa6_V\xf2\xfci\xfa\x9b{\xb0(I}\xef\xab\xec\xd7ϻ΄\xd8M\b8\xdfpe\xea\xef\x17[\x9b\xae\x88\x1cݶ2T5\xfc\xf6ƀo\x1b\x12R\"\xab2\xcf3o\xcf\xe7\xddw\xca.\xbf\xa4\xe8\xd5*\x03\xad\xe2\xa4}\x9e\x13\x13O\b\xfe\xe3c\xd6\xfa\x9e\xa5p\x87I\x947N4\xeb\xcf㦃[\x8f\xceM\xe1\xccY\x1c9\x83]\xfd\xb8\xf44\xedĒ\xc2\x1c\xe7\x8f\xdfM;\x05\x1e\xcc{\x13\xba\xd0\\iQ;\v\xab\x8e{\xed\x16\x99\x9dI\x9ai\x1a\xa7\xb6?\x9c\xfcu\xc9\x14\xe6\x99;\vZ\xb7>\xf3x\xd5\x1b\xf0\xe7\xe6\xbd3\xf9\xec|w\xb9\x8b\xe66\x18\x88\xb1O\xb5\xd7\xe0\xfb{\xb4\xd4?\xf8Zɬ-*z}L\x13ϗ\x1d\x9d-\x17Z2\xa7Bq\xe3\aݏ\xdc\xf3\x0f]\x9d&!\xff!D\xa9\xaa\x87\x9d\x89\x99\x91\x81qq\xadA\xb5\x81,\x1bs\xa8,\x1f\x8b\x18\x8b\xc8\xf2\xa5l\x1bu\x96q&\xbc\xbb8\xfde\xc1\xba=֒9\xb7\x15\r\xf8A\xd2\u008c\x8c\xffYX\r\x98\x19\x19\xff\x1bȃ\x04\x94Y$\f\xc4\x1a\xb0\xeb\x90\x00)P`\x114\xe07\xe0e\xe3\xd6fcdaܠ\xcb\xcc\xc2\xc8h\xc0\a\x92\xe1\a\x99\xc5\xc2\xcc\xc4؆\x96\x9e\x98A\xf1\xa2Vnr{\x8aG\x9b\x96\xe3\\\x1d;\xb6\t\tGz\xd6p\x87\xec\x90\xdfY}\x99\xdd\xf2\xc9/\xbb\xeaM\xb6~o\xe7+\xef\x9d\xfe9;\xe6\xfd\xbb\xbf\x0e\xcb\xee/\x9c\xbc\x90\xabm\xcd{\x85\v\x95\x8c{+\xbeK\xdeP14aa\\\xb6Kt\xd6a\xf5;7\xfc\xf9\xcfH$\xff\x9f\xc9\xcf71\xbbT\xec\xa1\xe2\x9f\x1bj\xc7ݷ/;\x1fQTX\xb7\xeb\xa1\xefTw\xeb\x93\xebs\x17n9\xf8\xa6\xf3\xdb\x16~\x8b\xad\x8fR\uea1e_v\xfb\xf5\xac\x98\x99\v\x8fr\xdc\xfb\xfb\xec\xd6\xd5kQ\xaeѭ_\xbf\xde>\xb6\xf7u\xd4\xf2\x0faJ+mRC\x8e\x89\xae\xd8\xdb6\xefl\U000f432a\xc2\xc6·\xdc\x0f_\tJgp\x9cɜ\xf7f\x9e\xe3<\x17#\xb5\xaaG\xed\\\x85\xb6\xaf\x9fD-\xb9t\xfb\xe8\xd9c\xf7\x12\xeaw~\xf6w\x99\xf4^k\xbb\x84\xddrɛܵ\x1b\xcd\x1d\x9d6\xecJ\x90\xfd\xf4\x8fSpÇ\xf6\xea\xe5s\x01\x01\x00\x00\xff\xff,$\x9b\x15{\x03\x00\x00")) - p.addCertFuncNotDup("0Q1\v0\t\x06\x03U\x04\x06\x13\x02ES1B0@\x06\x03U\x04\x03\f9Autoridad de Certificacion Firmaprofesional CIF A62634068", "e\xcd\xeb\xab5\x1e\x00>~\xd5t\xc0\x1c\xb4sG\x0e\x1ad/", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x131hb\xfe\xb3\x80\x99\x89\x91\x89\x89#\xf8\x8d\xf5\xbbߛ<\xe2\rx\xd98\xb5\xda<ھ\xf322\xb2\xb22\x18\x04\x1ar\x1bp\xb21\x87\xb2\xb0\t3\xb9\x06\x1b:\x198\x808\xcc<\x96\x8e\xa5%\xf9E\x99)\x89)\n)\xa9\nΩE%\x99i\x99ɉə\xf9y\nn\x99E\xb9\x89\x05E\xf9i\xa9ř\xf9y\x899\nΞn\n\x8efFf\xc6&\x06f\x16\x06r\xe2\xbc\x06\x96\x06\xa6F\x06\x06\x16\xc6\x16\x86\xa6Q\xe2\xbc\xc6\x06\x86FƆP.-\xaclbRB\xf6\x18#+\x03s\x13\x13?\x83A\x13\x13\x17S\x13\x13#éi\xd9}\xaf~\xfc\xfe\xb8\xc8\xf4A\xbdϭ\a\x87\x83\xae\xd7n\x138\xc1\x14\xb7\xd9Y\xeb\x88\u007f֦S2\xb1\x1a\xb3*\x04\xa52#\xc3\xd7oUpz\xd2\xcd\xff\xec~\xf42\xe6I\xfa_\x05\x9f$]7*\xb4\xb8\xc9\xc2S\xb8\xda6\xb0\x8e\x9f\xfd~2k\xcc\xcb\xfdS\xf2\x0fj6\x1d\xd8r+p\xc3A\x9b\xddkͽbN}\xf46\xe3SY\xbd\xffpK\xf9\xdf\x15\x01_6>?\xa6\u007fI7\xb2\xb7\x8a\xcboZf\x10\xd3*\xb3\x19o\xfe\xfc\x12i\xe61\x97?9ɼ\xfez\xa3\xee\xd3#;\x1fؙ\xfcK\xffb\x97v\xf1\xf2\x17\x87\xf3qI&\xfc\x05lv\n\x12Q\xe7\xbe\x17I\xab\xe6L.\x11\x99\xbc\xb8x#ߪv\x01\xe5\xc8x\x05VI\xf7\xb7\x19}\x93\x84N\xc5\xfe\xb9\xa6\xbdi\x92\x8d\xc2\xf9\x87\xf1\xeb\x15\xf6-(\xab/{\xfaF\xaa-\xd1\xd8\xeey\xf5\x16\xfb\x05\xfc}\x8bvf\xe5\xeflW\xcbw\xcc\xe9X\x16\xf07+\x99\xfb\xebd1i\xc9\xfeMog\xcf>9\xe1+#\xcf}I[~;\v\xe5\x93\xfa\xfd<\x17\x99\xfeI\x87^\xf3\xbb\xd0k\xb3\xde\u007f\xc9\xe7\u007f\xeb\xb5.\xb3έ\xe4Xx:\xdcp˜\x13\x136\xa5\u007f\x91\x10\x9bl\xf5\xc7\xfd\xc6Ŋi\x86\xf2\xbb\xb4y\xe2cg\xaeM\xee\x8cRQ(\xbbq\xff\xefj\xbfeJ\xab\xe6\xc6=S\xef\xaa\xcd\xd0\\\xfc\xbck\xc7-\xc1\xdd\xe2\xba3\xe7\n\xab\xb8}?\xfa\xe8\xc6\xfc\xbe\xfa\xe3\xfd%\xb9Q\x9b^\x14}]\xf3NE`\xad\xbeȭ\xff\xba\xb3\xdc\n\xdd\xf79\xdd\xdf\xcdx\xfbK\xfde\x8d~\xc3\xc8\xe8\xcb'\x99\x96m\t:\x957\xfd\xb7\xf3Q\x0e\xb5\xfc\xae/\xbb\xff\xce\xd7X\xc5{\xd5\xf5\xb3\xb0\x95\xec\x8d\x03\x15\xfd\x8e\xe96rSR\xd6Us\x1f}q\x93\xb1\xc3Rjz[\x8a\xe3U\xebv\x9e\xbc_\xfc\xc7\xf6z\x88\xec\xb7\xf4\xbd2\xcfq[\xff4\xd9\xe4i\x93oNe\xab0̘g\xcef\xdd\xd0\xe9\x9ah\xa9|\\\xdae\xb1\xe8S\x99\x1f\x93\fv31320.n|o\xd0\xf8\xc6@\x88\x8d9TV\x98\x91\xf1?\v\x87\x01\x1b#\xe3\u007f&FF\x03>\x90\x18?H\x8c\x85\x99\x89\x91\xcd@\x16\xc4\xe7c\x11c\x11I=\xfbz\xb5\xa9\x1c\x83]\xddՒ\x032[\x8a\xdd\xf9\xa4R\xf4\r\x1a\x97\x81\xe4\x15X\x1a\xe7\x194\xce6h\x9c\xc1\xc6\x12*\xab\xc0`\xd0\xd8o\xa0\xcfơ\xcd\xc6\xc8\xca\xca\xce\xc4(\xa6\x9cQRR`\xa5\xaf_^^\xae\x97\x86\x96~\xf5\x92\xf3s\xf5\x93\v\x8a\rb\xe0\x1a\x98\f\x02\xe4\xfc\x18\x02\x18\x12\x19\x8a\x19R\x19\xf2\x19\x14\x18R\x18R\x19\x14\x18r\x18\x12\x19\x14\x18\x9c\x18\xf2\x19\xf2\x18\x12\x19\xf2\x18\xf2\x19\xca\xc0\"&\f\xe6`\xf1D\x86\"\x86d\x86T\x86\x1c\xa8\n\x05\x06\x03\x06\v\x06\x03\x06C\x06s\xb4\xcc\xce\f\xca\n\xe2\xb5\v~n\xb9{\xf4\xe8\xeb\xb5\xde*[\x172\xad\xbe\xbb\xb4\xc3k\x13\u007f\xa8\xb7vx\x8f\xf5Sû\xff\x8e\x18}|\x1e\x9d2\xcd\xccH\xe2\xcdR\xa3\xf2\xeb\x8f]\xb6\x1d\x10\xd4j\xd8i\x9b\x95W3\xfb\xf2\xda?\x87\xaf-~\x96\xa2Ys\xf1\xa1\x85\\\x93\xf6\u007f\xf5\xd4\xf5\xbf\xc5D\x8f\xe8\x15\xb6<\xdd\xfa\xff\xd7\x12\xf7\xbd)F\xbb\xbf\xa9\xb6,Rw\xfa\xaa\xb0ᐰ\x80\xe0Y\x01\xd1]N\x13\xb4.\xb9<\x9c\xa6\xf6\xda\xd0C\xe8\xaf֭\x93l\xe7K\xe4Vz_m\xd7\xf8Yi2\xc9N\xcf\xe5ŷ~\xff~S{\xd5͖w\x92\xb5&d+\xc4\x1f\t\x12\U0009bba3\xb5f\xee\xf4{\x1e\x9f\x16\xa7\xdd>t\xa9y겴\xe5\xf3T\xf9_r\x1bOL\xe5\x8a:|3D\xe8\xee\xfa\xc3~|\xf2jq\xbcw6\xf7\xbe\xb9\xdaXp\uf4bf\n\xeb\xe7\x1c\xbf\xaf>\x9ei\xbd\x17\xff_\xe2Vu\xf4\xf8\x17\xd8r\xcci}\x03\xcb\xf9\vu)\x9eO>\xdd_\xf4f\xa3\xcf\x01-\xd9\xe7[6\xa6.:\xb2\xe7\xe3\x8c/\xab\nؓ\xb7\xec\xb8e\xed\xf3\xcbA\xc9 Zp\xd9\aV\xbecL\xcc\x1e\xab\xdbf\xb7\u07bd}\xf7բ\xb2\x86\xe2گsX\x8e\xb8\xf6>\xdf)\xd3=\xef\xd5\xf5ҋE\x1b\uf57a\xf9d_\xfb\xff\x9dS\xb6\xfd\x88U\xf0\xba\x12\xff|oFu\xea'Q\xb9KV+u_\xde\xc8VY3=\xc2\xc5}m\xa4\xc4G\xc5Ԃ{\xe7L\x12V8|\xfcl\xb3䰆r\xcf?ucg\x87\x05\xe26\xaf_Yo(Z\xb6x\xa7\x97w\x9c\x98ǗM{N\xf4L::w\xfe\x9a\"\xb3=&\r&\xd9+\xbb'\x1d\xd8!\xfe\xf6MY\xf0W\x15ƞ\xcdJ/\xbckB\x8f\xcd\xfd\xb5Xdwjk^\x9e\xbfP\x1d\x97\xcdܩ\x80\x00\x00\x00\xff\xffYJ\x04\x1c\x18\x06\x00\x00")) - p.addCertFuncNotDup("0\x82\x01\x1e1>0<\x06\x03U\x04\x03\x135Autoridad de Certificacion Raiz del Estado Venezolano1\v0\t\x06\x03U\x04\x06\x13\x02VE1\x100\x0e\x06\x03U\x04\a\x13\aCaracas1\x190\x17\x06\x03U\x04\b\x13\x10Distrito Capital1604\x06\x03U\x04\n\x13-Sistema Nacional de Certificacion Electronica1C0A\x06\x03U\x04\v\x13:Superintendencia de Servicios de Certificacion Electronica1%0#\x06\t*\x86H\x86\xf7\r\x01\t\x01\x16\x16acraiz@suscerte.gob.ve", "\xad\xbb\"\x1d\xc6\xe0\xd2\x01\xa8\xfdvPR\x93\xed\x98\xc1M\xae\xd3", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff\xecUkTSW\x16\xe6\xdc<@\x85 Ąg0\x02\xa2\x04HN\x12\x03\x01\xa4(\xa0\x11\x01\xa1\x80\x11D\xc5Kr\x81\v\x91\xa4I\x00\x8bX䊡V\x97E\xb4\x96G\xd1 :\xe8\x80\xf8@\xc5W\x05\xadP\xf0\x81E-\xab\xa22\xa0\"\b\x02>\xc9P-̊\x9dΚeg\xa6k\xcd\xef\xfe\xdc\xfb|\xdf\xde\xdfُs 1\xa5\x1c\x12\xa6\x9b\xf5$\x04 \b\x00Ђ:\x85\xa3[\xa23X\x00`N1\x81\x04p\xe2\u007f\x04\xe7SI\xcb\xc9$\xbaha\xa6V\xa9\xc6娜-\xc7\xd8\xc1\x98Z\x8b'\xe32T\x86+3\xd8\xd1(\x9eÖc\n\xf6\"\x8d\x16\x95+\xd9R,\x03\xcbQ*\xd0\f%\u007f\x1a\x9cb\xe4S\xe9\x88t\x11\u007f:\xa4\x19\rS\xbai0\xaaFe\xa8\x86o\am\x8c\x1e3\xfa\xf4\x10\\\xa3U\xe3Z%;\x18U\xe1ZT\xc1\xf7\x86\xf3\x8cGS\xe9^1\xb8F\x8b\xadC\xd9\xcb\xdegC\x15\xbf\x17\xb0H\x81ɴje\x06.C\xf9\xc1p\xa1\x917\x8d\xee\x17\x93\xa9\xc2\xd4x\x86\x16ːc\x192\x1c5\xf2b0u\x16.Õ\x9a\xff\x1dd6t\xf9W-\xa6\x00&\x13\x95\xa9Qຽo\xf6\xc5-\t\xc3\xe1\x81 \u007fǓR\xdbh\xb7\xf8r\xeb\x12\xcc\U0006b2d9\xa5LsyH\xaf\xe1\xe5\xa7f'{%+\x8e/\xbd/\t*W\x85\xf9u]\xef\xc0wR\x03\xdbSߎ\xeb\"H\xf77\xef?\xc7`NԶ\x9d\xa6\xa5\xd4\x1f\x9f\xe7\xe7\xdf\x1e\xb2\xadjǒ\x11\x12l\xb0ߓ\xd2,\x9f]\x8a\xbc\x1a\xd4f~\xf6\x97b\x06\xbdÄ1\xa4[\xf5z\x83\xdd\xe7y\x03\\+\xd75\xe2\xf4\xfc\x8a\v\xaa5\x06\xbe\x9a\xc3c%\xb6\xb6\xbb\xceߨ\x16\x974J\xbe\xad\x16\"o-\x1fW\f&\xafu\x89\x18\x8ft(\\}\xa3\xf1\xcc3\x9bܿ\x0e-\xf3\xdej\x198\xa5Z\xff \xe7\x1am\x975\xbb\xe8`\xc7\xf6\xc9-\x1e\xb9\xddݟYD\x15,.\x90\xaf\xbb\xfa\xc2ţ;\xaf\xcb»\xa1\xaa;ɍa?\xf8s\xdd\xe33c\x1b\xad\xc0\x81\xe2\xdb/۔\a_\xa5\x9a8\xdd\xc2w\xdc\x1d귮]\xe2a~\xbatwD\xc0sFB|v\x93{\xe7\xd6p\x8fV\x86\x9f_K\xb3\xea\xe3\xf4 \xe5\xc9ۤ\xfd\x9flh\x0fW\x85\xa7\xb1\xbf\x02\xd2\x18\xe5\x9dh\xde܋\x9e\x15\xd8ׂx\xff\x9c\xb4\xfb\x05I\x9f\xdb\x1a\x9ewͭ\x1a.\x15Փծ\xfa\xb2\xb9\xfeh\xd6nuzEh,\xcf\xcbyBfY|\xb8V\xb0a\xbe\xdd\x19ryuCޭ\xf3G\x82\xf7\xad~\xb5\xaaOq-{΅\xfc\xfe\xba\xa1\xc8$\x8e˜\xa8\x97z\xe9\xae\xfe'\x89\xe2Y\x89\xa3\xcd[;=\vǾx\xeb\xbd!\x81{\xa1\xa8r\xe4z\xb8Hzؾ\xa1\xa8\xa5\xbeO\x83\x90\x80\t\xa8\"\x90nH ]КJZ\u03a2\x030I6\x83T\x00&\x11\x80@\x1f\xa3Ϛ\f!\x97\xb0\xfc`\xba\xf4\x0eT\xcaZ\xdd\x1a\x04\xd1[\x9bO\x8f\x0e]\xec%\xf1\x12@\b\xe7A\xa1\xb7\x17\x84,#\x91Ff\x92g\x1c9\xef\xccj\xe9\xb9\x05\x0e\xfd\x92\x15\x15\xbdk\xb8\xe4RD\xddmH\x80(#\xc0\x85L\x00\t$@\xf0\xa6\xff\b\xab$\x80\xdb\x01\x028\xff\xb9\xea\u007f\xb4\xea\x04\x00\xefoIJ4\xf6\x8fLB\x00\xf5\xd7\xdeY\xfd\x1f\xbd\x8b5\x12g\x92#`\x18t\xd5;\xeb\xd9:\xa7\xd4T\xadʏ\xc7\xcb\xce\xce\xe6~\x10\x89\xa7\x90\xa9\xa1\x8b~\x96~\xa6\x8e\xa5\x90\xa3Fԯ\n?\x04B\x1f\xaa\x99\a\x15P(\xa6\x00\x90=\xa0;\x9c\xf3\x9b\r\x81\xce\xe1\x9f\t\x942\x8d\xeaw\xc4\x05F9l\xb2/\xf4\x81\xa2\xf7\xb2\x01\x02=!\xe77:\x02\x98N\xa9\xda\xff\xaaO\xae\x92}\xf0\xf5\x92\x8cO_\x1d\xe7ڻ')\xf7/]z\xd3\xd0\xfa\xc4˫)Ɵ\xeby\xfd\x9b/o6v\x14t\x18\x14o$ϲ\xbe\vOK\x1aس\x1e\xcd^\x01m\xb6\xd2\xcb\xf2mtg\rA\xfa/\xaf`{\x13֍3\aı\xb4\x98\xe5\xa4C5\xbb\xb4\x0e&\x93c\xe9\xd7\xf6\x05\xbc\x19\xaf~\tc\x8bis\n#e\x05\x9f\xdc\xe3Jw\x87~\xaf\x19]fwS\xb9[J{X\xff\xb3\xc1k\x80\x9f\xb6\xf7\xa4\x87oE\x9d\xbc\x89\xfe\xe3\xd2S\xc31\vm\xed\xbf5g$\xee\x1b+\x19m\x1bg\x97\xd5O\xdeً|Tx\xe5\x84_?\xa7̿b\xed\x12pdϡ\xcc0\xfb|I\xffd\x8fpFW\v\x8fW\xf6\xf5H\n\xd6{\xefy\xe9\xe5\xdc\xe3\x9da\xc1\x01)s\xd7V>j\xd4̯6\xfc\xed\xacÃ\x1f\xe3\xee\xfd\xfd\x86A\xccq;\xca*\xae)Σ\x8c\x95\xcck\xbblW\xf8\xe8X@`\a]1\xf8\x90\xdcu\x9d>;P\x85\xcc\x1a}\xba?\xde\"\xb5\xd7\xfeyM\xcf\re\xce\t\x18\u007f\xa0\xf9\x8c\x81\x9fܺ9ng\xeb\xc4٪ \xb7S\x8b\x8f\xafgQqnHRD\x9ct\xe3Q\t\xf52a\xdf\x1c\xb7Ŕ\xa3\xb8\xb9\xcc\xf7\xe8\xc7\xd6\x1b7\xf7\xe5\n\xcb.\xd8\xc6O\x98\xed\xfc%DZ\xfc\x87¢\xd7q?Mw\x87W\xb4\x16\vN؆\xf4\x04%n\xeb\x96<\b\xaf\x1d\xa1\x89\xdc\u007f\x12\x060kk\x83\x92\xb7\xbf\x92\x92\x92\xfb;\x8bZ1\xb9\xe1\xfb&\xeeUE\x17\x97 \x86*\xebbK\a=3\xf46+q\xf1SO\xb3Ly\xa4\xe7\xb9\xf2\xe8\xa2ۜ/\x04\x15ŇC\t\xd7\xe2m\xab7\x951\xb0E\x88\xecq\x90\u007f\xeb\xb3\xd8\x173\x9e\xf6;\x859\x0e\x8bB\xcfF\r\xad\xbc\xf30RH\xde\xe4n\xd5^\xb5\xfe\xe0\xf2\xc6U\x83Q\xceW|\x94+\xbes\x12\x9d\xdb\xfb\xb4Ƽ3-\x88\x95\xdc6\xb9\xb4\xe7\xf1\xf9\x80i\x8e\xb9\xba\xd3\xdf\\\xadpj<\xfd\xfa\x1f\x01\x00\x00\xff\xff\xe7v쭟\t\x00\x00")) - p.addCertFuncNotDup("0Z1\v0\t\x06\x03U\x04\x06\x13\x02IE1\x120\x10\x06\x03U\x04\n\x13\tBaltimore1\x130\x11\x06\x03U\x04\v\x13\nCyberTrust1\"0 \x06\x03U\x04\x03\x13\x19Baltimore CyberTrust Root", "\xe5\x9dY0\x82GX̬\xfa\bT6\x86{:\xb5\x04M\xf0", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb.7hb\x8a_\xc0\xcc\xc4\xc8\xc4\xc4\xc2\xc4\xc0\xb0Ӏ\x97\x8dS\xabͣ\xed;/##++\x83A\x94!\xb7\x01'\x1bs(\v\x9b0\x93\xa7\xab\xa1\x90\x81\x00\x88\xc3%\xcc锘S\x92\x99\x9b_\x94j(l \b\x12\xe3\x16\xe6r\xaeLJ-\n)*-.1T2P\x00\t2\vK\xc2\x15* \xa4\x15\x82\xf2\xf3K\f\xe4\xc4y\r\f\fL\r\x8d\f-L\xcc\f\f\xa2\xc4y\x8dLA\\#cSK\x03\x83(\x9a\xda\xddĨ\x84\xecUFV\x06\xe6&F~\x06\x83&F.\xa6&FF\x86\xc5,\xbb\x95Vϰ\r\u007f\xa1V4kk\xe5\x15\xcdG\x0f_Lmظ\xe1qt\x9f\xb6欔\xfb\vc\xdfn\xe0dͽ\xad\xa1w.iQҿ-\x1d\xb7\x84^[\xbcV\x9c{\xc0Q\x9b1\xa8\xba\xa3\xfc\xb2L\xff\xf1];;\xb6fq>/~!\xe8\xb0\xfc\xe2\x99SI\xbd\xbaO\xfb\xb9\x97\x05\\Z\x11pX\xe3\xd5\xd7ժ\xed]\xb3\xa6ɬL\xdfa\xcfs\xf5\xfb\xcf a\xfdC\xd2W\v\n>\xf4\x1f\x10:\xc5vz\xd6Û\xa7\x8c\xabʯ\xfdx\xb3\xf3c\x86\x8b\x93\x87\xf0\xa5\x03\x87\x96\xac\x8bK\xf8\xb7m\x19\xeb\x9f-w\xd9#\x99\xaeDJ\xccH\xfe\xba4\xf9\xc1\x04\x9e\xda\xd8MlU\x9f[_\xbd\xbe¼.\xae\xc5.\xfe\xbf\xe8\xdb\xcc=?-͊Jϗ\a\xf9~>9Ag\xa7\xedӓ\xca\xc1\xf6\xf2*3\x14c\xd8gj\xee=f\xf5\xe6y^\x9bU\xf6\xf4\x92d\xe3\xbd\x19\x12\x86\x1f*z\xcb\xf6\xff\x99\xd7\x17\xabն\xdcw\xc2\x1du)K&fF\x06\xc6Ů\x06\xce\x06\xb2l̡\xb2|,b,\"O\xe7F\x1a4\xb9G\x9cY\xf3\x8b#Ĭ\xad\xdaj+\x8b\xef\a\x03!\x90\xb40#\xe3\u007f\x16\x0e\x036F\xc6\xffL\x8c\xcc\x06| 1~\x90\x18\v3\x13#\x1bZ\x9ab\x06\x85o+Olߓ\xfc\xc0\f'\xd6\x05ww\xfb\xab\xab\xb60\xef\xfd\x9e\xf2W\xf7\xba\xc1\xe3%\x02\xe2\xafoijn\xab\xb4/\xfb&)\xac\xbcC\x80\xebgĒ+\x89\x05{Y\x12\xb3\x84\xbaįr\xed=\xbaǠ\xe6\xdaK\x1e\xd5\xde6\a\xff7g\x16\xd7Y\x1c3\x17\xf4\u007f{7ð\xcf\xe7\xd2fƒw\xfbJ\xe3\xd8=\xa4\xea\v\xfe\x8bŴ\x1c\xa8l\xdd\xc1\xfa\xb7~_\xaa\xe0b\xfe\x03L[~\x04\x99[\xb2\\]iX%\xb1\u007f\x81\xd6\x17\xa1\x99\xdf\x17\xbb6=\xb6\x89\xfb:w\xde\xd6\x13\xf3j\xf4N,\x99\xe7\xc7!\xe2\x9d\xfb\xb7 7[*yo\xca3\xf9\xed\xe7>|\x9a\xaf\xb7[z\xfb\xa7\x80\x8e\xe2I\x87\x1e=\x16\xeb\x9deĴ\xbaO\xe2\xeeK\x01\xc1wu\xa6\xab'\xac\xb73\x98Ru\xc1\xd8vy*\xff\xd7?}\xf3\x92λ\xbb\xe80\xc6\xee\x96\xddjt\xc9\xfd\x92\x85ޅ\u007f\x8dw\x8c\xb2\u4dbe\xb3\xb9\xfa\xe7y\xa3\xac\xe4a\x15\xa7Wɖ+\x01\x01\x00\x00\xff\xff}\xbe\x14\r{\x03\x00\x00")) - p.addCertFuncNotDup("0(1\v0\t\x06\x03U\x04\x06\x13\x02BE1\x190\x17\x06\x03U\x04\x03\x13\x10Belgium Root CA2", "\x85\x8a\xeb\xf4Ż\xbe\x0eY\x03\x94\xdeր\x01\x15\xe3\x10\x9c9", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xee3hb*[\xc0\xcc\xc4\xc8\xc4ġ\xf5\u007f\xdf\xfcE\x1f^\xb6\x1b\xf0\xb2qj\xb5y\xb4}\xe7eddee0\xd00\xe46\xe0dc\x0eea\x13frr5\x944\x10\aq\x98\x85\x05\x9cRs\xd23Ks\x15\x82\xf2\xf3K\x14\x9c\x1d\x8d\f\xe4\xc4y\r\xcc\r\r\fL\f\r@ J\x9c\xd7\xc8\xd0\xd0\xc8\xd0\xd4\xc0\x02\xcc%\xc1\xa4&F%dg0\xb22071\xf23\x1841r15122\x1c+v\x92\x9b\xf4\xbf\x94\xbf{\u007fI\xdbr\xfb\xb7\x9b$tu\xa7\xff\\\xf9{\x86\x97\xf2\xfd\xab\xbd\x0fz\x8e\x19Ɉ\xe9\xb2;]\xd3ݖ\xa7\xbf\xfc\xeb\x9fc\xadM\xb1S\xefmUb8\xb3\"\xd8a\xfez.\xd3EU\xc7\x1f\x9e\xfa\x9e \x90η<\xa0X\xbf\x9f\xcdu\x9b\xdfw\xb2ߊ\x05g\xab\xf5>E2fm\xe7\xdd\xc1\xdeX\xd7m!m\xf1\x8c+|\xa6\xed;\xc5\x17\x8b\xbf\xf2\x88\xdd\xed~c\xd27GK\x86AT\xbc7\xa3\xf9R\xc1|\t\x8e\xb3\x82\x19WOf\a\x9d=\xe2\xd6\u007fg\xeb\xe7\x1b\xe1\xc5r/\xa7X\xb2\xec\xbf|\xcf\xe2ޖ\xe07\x992\x8b\xea\x8e\xf4?\x91.X\xfbi\xd1\xcf\xdf\xdf\xc5R\xd22\xe7{\x06.z$*\x91\xce\xe6U\u007f5g\xab\xeff\xe3\a\x89\xafc\xf7\xbd\x9c\xc1ot]\xd6\xdbF/\x8a1h\"\xe7\xa7\xfb\xafzo\xb09$\xaf\x12|\xf2\xef\xb0\xf9<\x91 \xfb/\x8f\xce|J\x9c|\xf1oz\xf6\xf5\xa0u\xfb3V;8/\b7\r\xae\xf8\x10\xfc#щ=\xe5\xd8\xf5\xfc\xd9>\x16\xbc\xc9k\x92֛u/*\xe6\xe2\xfd\xaa\xb8\xb7d\x95\xef\xab\"f\xcf\xdb\xc7\xe3e\x93\x92\x8f\xff\xbd;\xf1\x8d\U0007bbf9[\xf2\f2\ue778\xa6\xb6\xa14\xaez\v\xbb\u008c\x85eF;|s\xfc\x99\x98\x19\x19\x18\x17;\x198\x18\xf0\xb31\x87\xca\n32\xfega5`fd\xfco \v\x12\xe0c\x11c\x119\xd9P\xfe iR\xd3W\xb79\x9fw}\xf79|o\xc7ⵖ\x06| i~\x90z\x16f&F6\xb4\x8c\xc3\fJ\\\xc1\xf1\x8a_wm\xb0\n\xb2ԙ\xb4!\x87\xe1\xe4\xfbs\n\xef\xd9>M\x9b\xf7rII}\x95؟\xed_\xb7\xfd\x16\x95\xb6_\xbd\xec@Q\xac\xc0\xc6\xc2w{\xfc\x1f\xaf]Ü\xabW\xa8\xb7\xfe\xc8㵋\xf7\xf2\b.\xdf\xf2\xdfkS\xb5\x80\x80\xfc\xf2p\xc7M\a\xd6}щ\xbc\xe6.\xd0\xf1Y1P\xd3\xe0TB\xdbz\xb7ղo\xad\xa27L\xb9\xe7\xf2ؑc\xd1\xc17\xb2\xd7\xfe\xfao\xbb\xe6~A\x84\xfbԳS[\xab\xcb\xeb\x1c\xe5㚏o뱜\xb6\xc1~Z\xa3c~\u0084G/~\xfeV*\xbcY\xbb\xd9\xd6m\xff\x96\x96\xf5\x13d\xf8\xfb\x85\xb2ֿ\u007f'W\xb5\x8eɫK\\\xbb\xecߚ\x90N\x15\x1d\u007f\xfbm\x9b\x96\xfb\xf5\xac\x988\xfd\xb7\xe6\xb1\xea\x18ݝ\xa7Ӷm_\x11-\x14غ\x95\xb3.\xa9\xa2\xe0\xdfʬ\x84m\xb2|\x95<\u007fO\xbdRi(:<\xdd\xfeS\xf9jg%\xae㯷\xf1\xb44\xe94d;vq\x1cx\xbd4\xfb\xfeL\xa1\xd3]W\xe3\x1ax&>P\xe30\xf38\xfa\xcbB\xd0\xf4\xbfj\xb3\ue9ea\xfd\xb7\xfe\xf6\xfd[z\xdaUG\xfeHG\xf0\xbar\xbe\x9b\xb3ʎ\xf6\xe9\xc8.\xdeu\xf5\x8dѺ\x03\xab\xd6|\xbfX\xe5\xfb\xfa\n\xfb#\x8f\xefJ}\x1b\x96\xcc\xcf:\u05f7iS\u0097\xc5J\x17\x94_O\x89\xaaʼ˿\xdf!|Mvd\xc0\xcd\xc53\x1f\xe6\xfd\xebe\xacTW\x16\xbd7in5\xa7o\xd4so\x0f\x83(\x89g\\\xb9\xcf\xfa\x1f\\\xda\xfd\xec~M\x9eb\xd3\xc1\fK\xdf-3\"Ғ\xcexM\x88;\xfcK\x9dec\xa5h\xc9\xcc3\xfb\xd6*\xdcSK\x90y\x1d\x16\xb8l\xf1\xab'\x8b\xed\x97\xffO\xbc\xf31\xca7\xc7H\xd9\xf9ݚ\x15\xef\xdey\tq\xda\xc4\x16\x1e\xdaW\xf9\xebP{\x86,\xf7ߘ\xcc3l\x17fՆ\xcc\xd4:i)%\xb9\xde[\xcb\xf9srlT\xc4#\xfdDzOV^\xbb\xc0ua\xde\xfe덜\x1fO\x1eW\xe3]3C,l\x01 \x00\x00\xff\xff?\x9d\xb8\x1c]\x05\x00\x00")) - p.addCertFuncNotDup("0N1\v0\t\x06\x03U\x04\x06\x13\x02NO1\x1d0\x1b\x06\x03U\x04\n\f\x14Buypass AS-9831633271 0\x1e\x06\x03U\x04\x03\f\x17Buypass Class 3 Root CA", "G\xb8\xcd\xff\xe5o\xee\xf8\xb2\xec/N\x0e\xf9%\xb0\x8ea\xb7\xedv\xcb\xc3|\x8c\xee3c\x85\xfco;\xff\n_\xf8\xf6\xe7\xdc}\x82\xeej\xd1\xc23VNJum0\x97\t\x9f\xeb\xfa\xbfc\x9a\xd9\xfeݧث\xf3ۓ\xaf_0ʺ\x16\x9b\xc3\xf3qs\x9e\xe5\xa3lC=K\x06u\x91{\x16\a\xdeH\xa6\xb5\t\xbd\x98[$&\x9c\x12t|\xa5\xb9\xcc\xdf&\x83\xb7-\x12\xb2_\xd6\xc5\xfc/\x10fx\xbd\xf1\xabq\x95\xf7\xb5\xd0\x1f\xac\xbdޙ\x1b\xben\xd60\x8b\x119\x12X\xec\x9b\xcd\xfdф\xfd\xb6\xb8\xe5\xf5;\x1a\xd5\xd9_\xe7\u007f\xd6;\xe8/\xae%\xf0\xf9̩\x17\xaf\xfff\xaf֛5_\xb7)\x8f\xe5J\x10\xe3d]۶?u\u007f\xee\xbfw\x92]\x96\xfd~\xa7±\xef{\x17,\x9f\xfaw\xf9\xb3N\x95\x1bgzLr\x1e)\xeb\xdf\x14\x92R\xdc\x19:1\x9f{b\xa5$\xcfZ\x87\x0e\xee\x82GU\x97\xf8ndx\xecn\x12\xb6\x14\x88xyC\x8b\xfd\x98\xd0\xed\x88ۗ\xacC\x05\xdcYEӓ\xea$\x92\x97\xb9\xd9s\xf2\x85\x18\xc5\xed\xe7M\xaaR\u007f\xdf\xf0\xe2\xf6Mo\xb6(\xf3(\xd5\v\x1cB\xe5W\xf29\x03\xa6۞\x90=|\xbf\xc7\xd5 \xec\xd8\xe5\x94\xd5i\x9f\x0f\xc4M\x9bs\xf8\xc8\xfb\xc35\xd9\xddV\x95\xf5\x9b=\xcf\xdb>ꜿ\xc0\xc0\xbbu\xe7\x9c)*\x95\xfd\xb5\xd9+]3\xf8\xb5/|\xbc%s:s\xc7)Ϥ\xdc\x13\x17\x92\x93\xee&\xf0G\xac\xea_\xb8\x87uiڢ\xf3\xd2e\x9bZR6\xfaX\x06\x1d0\xd8\xf5\xa1Ǜiö\xedĽ\f\x8c\x8b\x9d\f\x1c\f\xf8٘Ce\x85\x19\x19\xff\xb3\xb0\x1a032\xfe7\x90\x05\t\U00031231\x88\xb8\xef8\xfb\xffi\xfe\xbb\x1f\x9b\xde\xe8\xfb\xf1\xfdT\xdd\xd0g\x93}\u0600\x0f$\xcd\x0fR\xcf\xc2\xcc\xc4Ȇ\x96q\x98A\x89\x8bAA\xd9єe\xc2!\x87\xa4\x84\xf7\x8fL}\xaeۯyd2a\xc7\xc2\xfc\xb2_bbK<\xccu^N8\xf4\xc9\xe6\a\xd7\xfc\x1b\x8dOwG\xdfR\xd5Y\xb2<\xb4P\xc5\xe8\xdb\t\xeeO{\xb2~L^\xb3\x89\xfdP\xfc\xfc\xdbgNt\xadڗ\x95\xff\xd0S\xe0\x8c\xe1\xf5\x86ݻO\xdcXė\x12\xfej\xd1\xd7C+\rE/)d\xbd\xf9\xa3Ĩq\xbemG\x83\xdc\xca3\x82Km>\x89mv\x9f\xfb\xe7R\x83\xe2\x91\xd3\x17\xdc\v\x1c\x17\x9ej\x96\xe4\xd0\xc9\xfd\x14[>\xa7KD\xf8\x8a\x99̤\x0fO\xd9\xcc\xef,{6a\xb6E\u007fL\xb6\xb4[\x9b\xb3S\xbc\x1d#{pHlj\xed\xf7\xaeⅳB\xa2\xe45\x9dE\xd4\x0f\xb5\xf2o\xed\xa8\x96\xb2\x9e\xb2]6a\xf9\xd69\xcf53ãfO\xaer6\x90f\xbe\x9et\xc2a٪?)O\xbc\xaeO\ff\\\xa1Б7'\xdee\xe7\xe9\x84F\x937\xf9\x97koyĿ\xde2a\x8f\xeeJ\x19\xee52W\x17e(4\xb0\\\xfb\xb3\xb1_\u007f\xb7\x97!\xafW\x9b\xcc\xebGf\x9aj_o\xdd8\xf2\xa94\xf1|ݺ\xb2d\xaf*\x87\xd4\xc9\xed?\xe4\x1azڞ\xb6]\xeb\xe7\xfb\x13\xac\x93\xf0B,Qj\x91\x9ds\xf5Y˄\x90\xac\xaf\x9f:\xd5\x183\x9a=\x16\x19\xbf8\xc92q\x93\xa0\x89\xa0ݫ\vΒ\xf2̓'\xf0\xfc\x0f\xb4\r\xff\xe2\x98\xf7\xf0\xf4\x82}\xafO&\x9f\xcd=\xf3\xe4\x87٪\x8c\xb9o\xf7\xc6N/p\xe1\xdd\xc6gz\xe7!O\xec\xee\x05\x81SN\u05c9\xbd\x16\xd4_<\xc9\xf5\x84O\xe1\xcd='g\x06\x85\xbb\xe9\a\x9c\xdfk\x9a\xf9\xc5V\xf4\x1c\xdbR\x1d~\xbbo\x8d\xbb\xa6\xec>\xbc{\u007fjť\xb6\xca\xff\x9e\xd6R\xcd<\x1f\xeeU\xbc9\xf1\xc9\xd7G\xea^\x93揃Q\xb7\u07be{\xa6\x1e\xf7\xc2\xf5\xc2\\\x99\xc0\x15\x19\xab]\x1e_\xe8\xcez\xfc\xc3z\xf7\x1d\xdf\xeb)\x9f\x02\xf7=[\xb5:\xea\xa5\xe1;\xb6=\xc5\xfb\x85\x93\xb8\xe6\x1f\xdf9\x1d\x10\x00\x00\xff\xff\x85\xf5V\xce]\x05\x00\x00")) - p.addCertFuncNotDup("0R1\v0\t\x06\x03U\x04\x06\x13\x02SK1\x130\x11\x06\x03U\x04\a\x13\nBratislava1\x130\x11\x06\x03U\x04\n\x13\nDisig a.s.1\x190\x17\x06\x03U\x04\x03\x13\x10CA Disig Root R1", "\x89\n\xb48\x93\x1a\xe6\xab\ue6d1\x18\xf9\xf5<>5\xd0ӂ", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff\xb4\xd3k4\x94\t\x18\xc0\xf1y߹`\xa2\x89\x11\x06\xa1\x92\xe4D\xef\xab\\+\xb9d\xe92a,Y\xe52a\xe5\x10[#Y\x8b4\xac\x93\\\xdaPh\\\x9b\xd1\x14\x13\xb9V*i-c\x884\x19S\x8c4\x93a2\r\x0e\xc6\xe4\x96=Ξ=\xa7\xb3\xdf\xf7\xe3\xff\xf7\xe59\xcf9\xcf\x03Q\xd1\x11\x10\x15\xe9U\x8e\x04\x01\x10TA\xb4#oOy\xfe\x11m\n\xa9aT\xcc\xd2\xdd\xd3\x15j\x00\x80F# \x12\xbc\x01R\xc1 }P\x18<\xe8}\f\xc6C\xea롄\xc7:_ \xc7FP\xa2\xc8q\xe4\u007f\x11\x8b\xc7\x1e\x8e\xa0D\x84\x1b\x91-(\x160\x01\xd2^G$~\x93\x8b\x93\xd1?N\x8a\x89\x895\"\xc1\x90\x81\xb6\x1al\t\xd9\xc0v\x90\x1ddme\xed\xaf\xad\xb6\xef\xfb\xfc_fR\xc1m߯\x06\xa0\x11H*\x88C@T\x10\vRA\x00Q\xd5\x1e\xaf\x10\x14ҙ\xfe\x81\x97t\xeaGP\xa1\xb8\x90U\xda-\x95\x14\x9e\xa4\xaaRTl\x92o/)\xa2d\x95\x8c\xf2GS\xe7\xe2=\x1c\x85\x97\xb9L\xae\xb8\x1b\x9f7!\xeb\xbc\x14dݔ_+\xb1\xcd\x19\xa6\x89\x13\x9f\xbeʖ^\xa4\b\x8d{Ǚ\xe6\x04\x8bw\x83\xd7\"5\xa5\xcag\xb0\xef\x04\r\bb\xfb\xf6\xc4 \x17\xe5\xed\x96\x1a\x02\x99ꃶ$\\e\x82\xf3{\xff_\u07bf`\xf2\x01\xfd\x05ZuΣ\xa3\xe9\xf1\xe5\x06\xbep\xcd4\x15\x9b\xe2\xa4\xd0\xe3\xd4T[\x9a\f쎔%E\x8e\x89\x02\xb7a]{\xd2`\"\xeb\xdb\xf0\x1b\xb7\x96\xc5\xe0\x02\xbb\xba0\xf6\x87\xe5\xa21\xec\xb6:s\xa2\xd8\xdd$\xa2ZT5\xb7\xbc\x92\xbb\xcb\xf2s\x83\x03\xd1pgEo\xce\x13\xed\xe5\x1d\x0e\x9c\xe8\xb9KCj\x1a\v\x01\xec\xa7֛x?\x0e\xce}\x14\xb9\xb9\x8f\u007f\xd0\x1c\"\x93jM\x1a\xe5\xe7=8|.f4\xa4{m\xab\xe4'\xccGe^\xdafo\x85\x8b8\xb1\xa3<\xa30\x92\xd2y\xb6/\xec\xc3\xf3\xcbhE\xdd\xd4\xc2Ɋ\xe0\x9b\x1d\xaf&\xf3\xec[\x8bjh \xfd\x01G\xab\xa9o$\xb0(>Y\xd7.\xb9\xbe\r\xcdh\xa3V\xd2\xddJ\xb3&O7?\v\x1f\x1e7#rQ\x02z\x8d\xab\xe2Yf\xb1>s\x90\x87\x14(\xf7Xhu\x9fv\xdc+\to\xb7\x98\xb8{xR\xddU\xdf*\xcc\xdc\xc0\x95l\xacG\xb5\xa8,\xd9\x1b\x10\xf6\xd5iѢ'\xff\x90!]\x156>,c\a>\xf0l\xe9t\xa2\xb1f\xb4\xc3ھ\x06Ĝ*\xc7\xee;0ş\xbcZV\xb8X{\xc2x\xa9\xa0>4n\xa8z^\xf6\xa9=x\x9a\xb7\bv\x99\x97\xa5ֆG`\x98\xb0\x0f\xef\xf5\xb1\x985\x14\x9a\xed\xc7\n\xd2\xd2\x13s\xe9Rx\xd8p\xeffb\xffl\xa5\xb7\xbcGx\xf0\xc4Y\xf3w\x1a#U\xb3\xe3D\xda\x11q\x87iE\xcbC\xff\xce\xf2&\x10\t \x00\xba3\xe4\b\xe10H\x9f-x\x00XC\xa1!$\x00\xacA\x1b\xd7\x01\xb7\x0e($\b`\xa0-\xeb\xbd\x11\xa5\x85\xd2\xcc\xc06\xda\xe6\xe9\x8eWO\xd1n\xe8,\xca\x0f8X\xf5\xbf\xa5\xfe灐\xeb\xc7e\x99\xb9Pr\x94Ӫ)\xceb\xd9v۫\f\xe8\xf5\xa57\x8cH\aZL[5j\\w\xa3bYx\xaf\x0e?\x9d\x9f\x89\xd4!\x9e \xafm\xa7\xb05\xb1\x8cT\xaa\xe1\xbb\xc0+\xbe?\u007f\xb1x\xc9F\xe3\xba~ޗ\x93ߔp\xd5<\r\x05\xae\x86\x1c\xe8\x9brD\xbe\x02\xc9i\x1e\x86N{\xf4\xd3\xdef\xb0EC`\x9cL\xe5u\xd4\xcb\xc7\xfa\xa9\xfaZK\xf9\xbdI\xe5]:ܮ\x92h\xf9\xf3\x88\x81s\a\xad$\x06w<\x82\xf9J\xbbV\xea錒\xe8\u0379\xbe\x84\xe3؇\x9f\x13\xb9\x04\xa2\xf3\x0f_\x9e\xaf.\x9c<5R\x98\xcc \xbe\xba\x80L\xf5\v\x98γwJ\b\xa9J\xb4\xbf'g1ތ\xdc1o6[)\x03rD\x9b\xea\xfe\xea\x1e\v\x1f\xf6\xd9A8\xb4*\xb1Nn\x10\n\xafԪkez\x16\x04\x13\xa8\x88\xb6H\"\xe5\xf1\x1b\xbc\x92\xc3d3\xec1\xe3|\xfb\x9cH=V\x9c\xcf\xcaN\xbby`kmǐ[רݙ3=\xa7<7\xf0\xaf8\xa2\x8bi\xb2\x96\xe6L\x03T\xcc-#;\x19#iװ{\x1fU0\x00foA\xc1\xfe\xecc3Qd\x12\xbf\xd1\xeb\xcf+Q\xbd\xc2ef\x0577\xeeu\x1d\xceƏ1K:\x1f~H\xf5j|J\xc6ˮ&\xc3ܐVf\xc25\xdfݺ\xf7\xee\x167\x054\x84\xf4\xe3\x8d*\xa47\xa2\xfa\xb3\x93jG7\x8ci?I/\xb5\xad\xcbW\xf5\xcb\xfa\xe8S\xb5?\xe4\xdc\xed\x8c\xe0ǡf\xb9\x9d6\xf3\xc9..\x8f(\x12`\xe2r\x01\x8e?\xfb\x1baU\x97\u007f\x9d\xb3\xf4{dBIiF\xf3]Ӣ\xbc\xab\x8e\n\x87^/z\xf7\xe4\xf4\xafn[\x9b\xbeY\x8a\xd8\xed^1\xad)\xb13\x8cv\xfbY\x8f\xcfA\xa3\x04\xec\xec~\xbc\v\vf4LHWt\x06\x81\xfbsf\u05ed7J\x1b\xeb\x9e=:Ή|Q1\xf7~^&\x9a\xf9$\v-=\xb8\xe7\x16\xc9#\xc5;\xf3\xef\x00\x00\x00\xff\xff\xbe_\xe0\xcem\x05\x00\x00")) - p.addCertFuncNotDup("0R1\v0\t\x06\x03U\x04\x06\x13\x02SK1\x130\x11\x06\x03U\x04\a\x13\nBratislava1\x130\x11\x06\x03U\x04\n\x13\nDisig a.s.1\x190\x17\x06\x03U\x04\x03\x13\x10CA Disig Root R2", "\xb5\x99\xf8\xaf\xb0\x94\xf5\xe3 \xd6\n\xad\xceNV\xa4.nB\xed", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xcd4hb\x0e\\\xc0\xcc\xc4\xc8\xc4\xc4\xc90iG\xc7\xed\r]\a\x93\rx\xd98\xb5\xda<ھ\xf322r\xb32\x18\x04\x19r\x1bp\xb21\x87\xb2\xb0\t3\x05{\x1b\n\x1b\b\x828\xec\xc2\\NE\x89%\x99\xc59\x89e\x890A.a.\x97\xcc\xe2\xcct\x85D\xbdb=CI\x03q\x90 \xb3\xb0\x80\xb3\xa3\x02D<(?\xbfD!\xc8\xc8@N\x9c\xd7\xd0\xc8\xc0\xdc\xd0\xd2\xc0\xd2\xd0\xd4\xd8 J\x9c\xd7\x04\x99K\x13;\x9b\x98\x94\x90\xbd\xc6\xc8\xca\xc0\xdc\xc4\xc4\xcf`\xd0\xc4\xc4\xc5\xd4\xc4\xc4Ȱh\xf1\x11\x06\xcek\xad\xb1\xba\xb9\"\xdf\x0e\x1d.\x9egz\xa80\xb4\xae\xf1\xf7j\xb7\x80\a\ak<+\x9e\xad\xae\x8c\xb0\xb9\xf5\xbfFf\xfe\x8d\xe9L\x15vَ,/\x1d\xf7\xeec\xd6q\xfd\xa6\x9freu\xecbw۔\xd9/3f\x1d;#m\xbfkߦn\x13&\xbd\x19\xa1\x92\u007fz\xf2W\xc5\xdf\xf29\xe7ˬ\xb8\xf8\xc6%\x93\xc9a\xd3N\xfb\xf00\x88\xd9\xc4K\x9d=q\u0590\x95i\xf0\xf7һ\t\xefy\xd5\xefϟZ\xfc\xe5\xa1\xea\xad\x1c\xb1{\x8e\x16&\xaf\xba\xff\\|\xc1\"\x92\xa8\xebX\xb7\xe6x\xb9\xdf\xe9\xc0\x90\xdfq\x93$\xa4Y\xa22\x8e\x9d<\xf2k\xbb\xf0\x82\x19\xdb\x05\xb5\xb7_\v?S3O\xfc\xe2i\xd5\u007fm~*za<\x15\xbe\xf3\x18\x85\x96i/gLͫI\x92mi\xb9\xff\xea@\xf6֥ZS\x9b\x0f\a\v\xf2\x14\xcbror\x9bp\xd1\xc9\xea\x9cC\xdeԵ\xff\x8fMY\x9b7\xbd\xa5\xaf6\u007f^W\x03\xafgn\xf1\xa3\xeaIr\x87?\x1f\xfc\xfcZ\x8f5\xff\xa6\xf4y\xf32\x96\x13[\xa2\x9e\x88/?}\xb7L\xfe\x82d\xd9\v\x1d\xd6\xcd\xd7\xe6\x98ܘv'\xb1}\"\xeb\x13\x17\x0eヷvr\xa4^Y\xb7Ɍ\xf7\xf5.\x8b]\"\xe5t\xa79:\x85\xef\xf4\xd6=\xd7\xfc\x0f\xd6\xd8\xe4\xf5\n\xe7\xfe\xae~mp\xe1\x8e\xef\xfa\xa3W\xb7-\xf5\x89.<\xf9\xc2p\xdf\v\v6\x8f\x85R\x8f^]\xba'd\x19!\xf5\xbf\x81\xaf\xa9\xf4\xd9\xf6\x93\xec9|\xef\xff[|\x9cQxd{=\x9f\xe8\x05\xd5̽Js\xb5߲~ss_\xf3\xf6\xc0\x87+֏\u07bc\x9b\x16=A\xd8O.\xcc\xea\xf5\x86\xf7\xd3vOS\x16\xdc\xf5ɹ\xad$e\xea\t\x8d\xd2\xfb\xb2\xa6\xbb.\x997[\x04[\x98Y\x9f\xcfy\xf93\x9b\xef\xc2o\x96\x17\xfe\xe5\xd7S\x19+\xdax\xaa\xec\x14\x93>\xd6'\x17\xf2\x9c\x9c\xefr{\x85\xfa\xa2\xd2}y\x8dv\xd7\x0f\xbc\x96\x9e\xc1_\x10c\xb2\xa9\xeb́V\x89\xd7yU\x9b\xbfG-d߿\xd2i\xd2\xe7\x04\xa5\xe9OD\x16\xb2\xcf\xf6+;\xd0W\xfbw\x89\xeaq\xf7\xb7\xff\xe5\x8bל9\xbc\xf4e>W\xdf\xec\xd4C\x01\xad[\x17/\b\x16:\x13ڞ\xf8\xb9q\x9d\x80[\xe2^\x17\xc5\x1d\x87lK\xceש\x98\xfe\x92a\xe7\x9bm\xabt꽡~\xcf\x1a\xa1\xbd\xef\x1d4\xfeh\xa6\xcf\xdf$쟦r$X\U000a5726\xe8\xfbg\xb9\x1b\xeau\xd3\xff~Α.u[\xfc\xd4K\xfc\xe5\x92\xeb܀\x00\x00\x00\xff\xff\xb8\xf5W\x05m\x05\x00\x00")) - p.addCertFuncNotDup("041\v0\t\x06\x03U\x04\x06\x13\x02FR1\x120\x10\x06\x03U\x04\n\f\tDhimyotis1\x110\x0f\x06\x03U\x04\x03\f\bCertigna", "\x1a\xed\xfeA9\x90\xb4$Y\xbe\x01\xf2R\xd5E\xf6Z9\xdc\x11", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb^a\xd0\xc44a\x013\x13#\x13\x13'ÿ;\x8f\x19\xf9Oz\xfc7\xe0e\xe3\xd4j\xf3h\xfb\xce\xcb\xc8\xc8\xca\xca``b\xc8m\xc0\xc9\xc6\x1c\xca\xc2&\xcc\xe4\x16d(d \x00\xe2p\xf1p\xbadd\xe6V\xe6\x97d\x16\x1b\n\x1a\xf0\x83Ęy8\x9cS\x8bJ2\xd3\xf3\x12\r\xe4\xc4y\r\xcc\ř,\rM\r\x8d\rL\xa3\xc4y\x8d\x90\xb9d\x9a\xdaĨ\x84\xec\x0e\x92=\xfc\xd7\xe7\\l6\xa8\x9e\x11y\xa7\xf6\xd8N\x1eM\x9f\x85Ƌ^\xa7[\xa5\xb6\\\x9e\xf6\xe8m\x99kA\xffV\xed{?\x95\xafy\xe6وl=6\xdfT.\xe0\xc2\xc1\xfe\xac\x02\x17\xa6\xa4\xd3\xebd3\x1c\x97\xaf\n\u007f\x11\xbc\x8a\xfd\x12۷\xab\"l\xdc\x13\x99Kur\x8a\xb6&N\x9d\xc5۽\x93\xf7\xf9\xd7\xfb!g\xef=\xbbq\x8d\x93cz\xf2Ӄz\x1b\xb6\xbb\xa8\x1dP;\xb0>\xd4`\x9e\xf5U3-I\x96/1r\xff\xcf\xebl\xff\u007f\xe1o\xbb\x83\xe0UA\xe5\xdd\x1e\a\x14W.\xd1\xd0\xfd+\xfac\x83\x9f\xf6\x17\x83h\xc5?\x82\x13M\xf69\xbe\xaf\x9e;\xbd\xf4\xff\xf4\xa9\a\xa6E\xe8\xbf\xda\xedv}\xf7\x93\x9bz\x80\x00\x00\x00\xff\xff\xa4\xc1\x1dl\xac\x03\x00\x00")) - p.addCertFuncNotDup("0c1\v0\t\x06\x03U\x04\x06\x13\x02FR1\x130\x11\x06\x03U\x04\n\x13\nCertinomis1\x170\x15\x06\x03U\x04\v\x13\x0e0002 4339989031&0$\x06\x03U\x04\x03\f\x1dCertinomis - Autorité Racine", "\r\x8c\xb6a\xdaD\xb8\xd1\x14}þ}^H\xf0\xce\xcaj\xb0", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff\xbc\x93}4\xd3{\x1c\xc7\xf7\xdbo[y\xdaҰC\xd1b\xb1\x93\xe2\xbbͲչ\xf2\x98\xd5\xc5\xed\bG\x1c\x8bDM2\x0fC\xa9y\xd8Պ\xe8\xd6\xf1\xb0+5\"QI\x97\xab5T\x9e\xd2n\x0f\x12.\x86S\xa3\xe6ᐧ\x18Mj\xf7\xec\xaf\xdb9\xf7\xff\xfb\xe7\xeb\xf5\xfe\xfc\xf1\xf9\x9c\xf3y\x03\x01\xfa:\x10\xc0\x99\xa50\x12B\"!\b\x18`t\xb6\vY\xc2\x15\x03\bB\xa3\x11 \x9c\xa2\at0\xb0?\n\x83G\xee\xf3\xa5\xe0\x81\xa1\x16t\xf1\xban\x11\xf1\xfe\xef'\x82\xa4)>\xc9\x17\fƤӫb\xf6Y\x8bg]d\x9e,Oe\xf4ܒ\x8cR_m\xbfg\x93\x10\x85\xb5\xf3^\xb4#o\x89U\xf8\xdb\xfb\xcc\xc8\xe2\xb8:\xf1v3}T\xd1ۅ\xc0\xe4\xee\xd0\xc7>\xec\xe1k\x99˞a\x1e\xb6\xcb\ao\xa7E\xc5ٰ2\xe9\xe2\xea\xef\x9c;\xe2\x146}\xdbj}\xe5~zra\xe5\xae\xe0\xd1N\x85U\xac<īb\xfd\xaf\v\xb7I\f|\xd5'\xfb\xaa\x9b\xc7e\xb7w\n=g\xb3\xd7>\x15cyK\xb6\xfb\x91g\xaf$\xe6\xac\x151!f\xff\x81\xac1q\xd2=\xa7B2\xc3\xfaһܜ\x96eȂ[A\xd9\xc8\xe0\x17\xb4\xc5\xcd\xce\xf0j\x94\xbb\xca\xdc\x12\xfb\x16\x10\xc5\x1f\x94\x03\xaf]\xe1\x9fO\xa7\x8c\xf1\x9b\xa45vļ^e\x98\"n4\xe9\xb8h\xafD\x11\x95\x10t\xccr\xccu\xb8+\x03Γ/}\xdc0\x12\xbf\x8c\x88\xad\x9eoM\xc1\xa1Ӻ\x1c8\x1e\x0f\xf3\x94\xa6þ&V\xe8,l.K\xb9\x8d\xfb\xe7\xe9棪u\xab\x05\xa4\xb6º\xc9r\xab\xb6\x10x\xad\xbdw\xec܋D\xab\x81%\xd5\xe3\xf7JEgz\xf3Ջ\xfcJ|=\xb3qG\xe3\x93\ue4ef\x17+\xc83\xeeb\xbeo9\xb7\xd0\xce4u\xf3b\xb0\xcc\xe4rS(?9\xd2\xd3O\x800\f\x8d\xa6\xb6V16M\xc7\xfc\x8e\xef\x9fe\xa8\xe6K\xb0s\xdf)\x19\xad=\xa4\x02\xfbC)\x9c\xb2y\x9c\xd0\xe3r\xa0\xc0\xd6\xcb\xf2ov\xe9\x04\xdfچ\xa5ض/\xf7\x00\xf9\x9cP\xac.6;\xdc\x10ь~'q\r\xf9i\x1c\xc1\x12\xb0\x89+\x86\x82\xf7/\xe5%㎞\xd6\x16ӧW\xc2\xda]\x8e\x05\"]\xd4C#\xdd_ԓ\xdf|\x19\x12U\x96\x02\tC\b\xa8<\x18\x1c\x068\f\xeco\x8e\x87 \r\n\r`\b\xd2\x00\xacV\xe0\xb4\x02\x05#!\f0\xd72\x16e\x8222ȑ\x84\r\xb9K\xbb\x8d\xf8\xedO\xf9l\xd6\xfc\x9b\x97Q\u007f\x00\x826&\xa26\x00,\xd0\xc7\xe8n\xcfH\x81\x02\x90H\xc4\u007f\xba\ak\xbf\x8e\xe4\x14\x8aI5\x9f\xdb\xed4<\xf5`\xf3\xb5\x1d\x90\xdeR\xc7\xc3\xc1\xfd\x94\xa5\x10\x97\xdc,}\x1fMt\xd97\xcd\a\xcc_̒\x85\xa0;\xef,\x03\x8d\xab\xb2{kǩ:\x028z`\xefzٗ\x86Fĩ\x86\xfe5_jȭ\xb4[\x94\xfc&\x89\x17#\x8d\f\xe8\x9a\x12\xabC\x8f$\xb3F\xb1\bg\xdb!\xcf{\x0e\xa9\xec\xca\x00\x10f{ɭ\xfa\x9b\xe4\"YuR\xe2\x14z\xa0\xd1\xf5\x8a\xc3\xf1ܩ\xe9#\x1e~{\b\u0557\x94\xcf#p\xb3osB\"\x99o\xa8\x95\xf2\r\xa2\x96T\x87\xeb%\xf9\x8b\xcb\xc2-]\x9b\x12\xee矹p\"\xb6\x9dV\x11;!\xefc\xe4s\xc3\xcfL7\xebb\xd7Ot\xd8\xe3\\Km\x8d\x9c5[G\xd0\x1d6\xa3\x99\x86\xf8\xc6~\xa1\xb9\x8b\x1e\xde*\xab\xf7\x85\xdedvcJyy\x82#=\x9d\xbfQJKvf\xb4\xac\xb2A\xcfgIym\u007fY\x81(\xa3\xd8w\x86\xe3\xa5IW\x1e\x1a\xf6\v\x86O\xf9\x1d\xa9\x95Α\x9epK\f\xdbe\xc7\xdap\xe4\xa3\xe7#\xd9fg\xeb\x1e\xcd\xd5\xd0_\x98Ҫ\xa46\xc34\xff\xe6\x13\xa3\x89,\xf7\x80\xaf\x9d\xbd\xac&Ϭ\xdd\xd5\x1cU\xfas\xa5\xfbA{\xbfgw\xdd:(\x94\xc0'\x85\x1dS\x89\xd1\xd7\x12k\xbd\xbf\xac\x884\x85&\x9fEޓˋ\x86\xea\xdd\xfclF\f\xea\xd5h\xaf\x87\xf1݊n\xf3\x1b!ᓤ\xf1]F\x1f.\xdc\xdftX\xe5^\xfcu \xf9\xdc\x16(\xf6\xe8M\xa2YY\x87\x19yi+\xd50(\xe8\x0fNj{\xb5\xe7a\x0fb\xbe\x1c;z?\xc6ye\xb8\xb4\xfe\xed\xbe\x1a\xe3\x01\xf76o\xba\xbaG\xef3a\xb9:\xb2\x8fT\xf7K\xf7梖\x18\x15\u007f\x9a\x87\x92\xaa\xbd\x93u\x06\xea\xbb\xd6\x01\x9d\x05)\"`\x90`b\xa2k+T\xfc\x06\x99\x9a\x8d5\t\xc25O\xf5\x92L؎\x8e\xe3r\x9e\xa8\xac\xc8\xe3\xcc?\x01\x00\x00\xff\xff\xbc\f\xe0Ǡ\x05\x00\x00")) - p.addCertFuncNotDup("0Z1\v0\t\x06\x03U\x04\x06\x13\x02FR1\x130\x11\x06\x03U\x04\n\x13\nCertinomis1\x170\x15\x06\x03U\x04\v\x13\x0e0002 4339989031\x1d0\x1b\x06\x03U\x04\x03\x13\x14Certinomis - Root CA", "\xef\x91L\xf5\xa5\xc30\xe8/\b\xea\xd3q\"\xa4\x92hxt\xd9", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x9dd\xd0\xc4\\\xb5\x80\x99\x89\x91\x89\x89\x91р\x97\x8dS\xabͣ\xed;/##7+\x83A\x94!\xb7\x01'\x1bs(\v\x9b0\x93[\x90\xa1\xb0\x81 \x88\xc3%\xcc\xe5\x9cZT\x92\x99\x97\x9f\x9bYl(n \n\x12\xe4\x16\xe63000R016\xb6\xb4\xb4\xb0406\x945\x90\x06I0\v\x8b T+\xe8*\x04\xe5\xe7\x97(8;\x1aȉ\xf3\x1a\x1a\x1b\x1a\x18\x19\x1aX\x1a\x9a\x1bZD\x89\xf3\x1a#sijw\x13\x93\x12\xb2W\x19Y\x19\x98\x9b\x98\xf8\x19\f\x9a\x98\xb8\x98\x9a\x98\x18\x19\xae\x9c\xe1\xe4ұ\x9f\xf4\xad^d\x1e\xf7\x9cYY\xb2\x0e\x06)\u007fW\xdd\xe7\x93c\x8b\x9e\x1f\xd0\xfa\xeal\xefj\xe7\xf4{\x1b~\xd55L\x9b\xd7R1\xc9\xe3\xdac\xcbw\xe7\x9eDFL\u007f\xaa\xa7>\xe3\xd5\xe4\x15峽>\xbc/i\xd0}m \xbf\xf5\xe6\xf1\x869I\xea\x13;>xu\u07bd\xd3\xf1L\xe4\xe7Uf\xfd\xffSo\xef\x9d\xffF痈h\xe4T\xaec\xee5\x99\x12;\x973\xffKWo}\xc5\xf8\xa8G/\xa5>%\xff\xefb\xd5\xc9\xdd'\x16\xf1y\xf6\x9a|\x90\u007f\x13\xe1\xaag\xb2\xaa%`\xef\xf3M^\xc2;6\U0002fcc8ݰR\xfaY\xf1ɨ\x857\xd3\x1cV\xad\xf4]f´\xb6\xa5n\x93\xf2\xc1\xdfZ\xc7ҿ\x98l\xdb05\xcbؿ\xd0e\xeb\xda\x03\x95\xc6\x1d\x0f\xf6\xbf]\xbc@d\xcb\x1c\xce\r\\\x8f\x13\xf6\xfd\xf8\x91\xd6q6\xfac9냭\xc5y\ak\xdd\xf4\xfa\xbc\u0557\x9d5\xe5\xfa\xfbԷv\x95\xd6b\xcd\xe3Q\x19,/\x9e^\x9b\xbc$\xe9\xd0\xd1g_\xfc\x8f\xfd\x9c/\xd5\xdb\xe4)\xd9u*\xd2\xd9\xea\x05\xaf\xd1\xc1/>\xc2\xcc\xf9y\xcb\xec'\x16\x9f>U\x9c/\xa4\xd0\xfd\xee@S\xc5=o\xbdC\x9e\x87eߊ}S\xf9\xa2.\x1d\x13nx'\xf4\xdd\n\xb9\xfc\x9c5\x8f\\τ\x87w\x95\x86K>\xd8\x1a1\xd3\xd3\xcc\xd0Ƙ1W\xcc\xeb\xec\x0e\xad斶\xd9?\x13.\xc9\xe7Nd\xbe\x9c\xb0\xec\xaa\xed\xac\xbb\xe5\x13lM\x97\xcc\xe7\x8f\xfb\x1a䒹\xf3\xc0\xae;\xe7k\xef\xd7\xdc<\xb2\xa6M\xc9hOu\xf6\xc4\xf7U?\xc436<\n\x0eM\xd0]ow\xa8\xf9\xc6MN\xed\x0f\aRn\xb7wO<3\xf15\xcb߲-Sg=\x13a\x93\xbej\"\xbb\xef\xc6\xff\x12\x99\xe0֙\x0f\"\x83\xbc\x12\xdfv\xcc\xcb\xf6\xect\xabS\x88\xba\xf9\xdc\xebiֻK\xa9\x82\xceĽ\f\x8c\x8b\x93\r\x12\r\xf8ؘCe\xf9\x19\x19\xff\xb3\xb0031\xb2\x19\xf0\x83\xf8\xc2 >\xab\x013#\xe3\u007f\x03Y\x90\x00\x1f\x8b\x18\x8b\xc8\xfb\x89>_\x97\x1e6x\xa1\xcf\xf1\xear\xa1ҒI\x19\x15%7\r\xe4A\xd2\xca,\x12\x06b\r\xd8\x15\xa0\xe68fPꫳ\r\xb9\xa5\x14+\x15ag\x1d\xa2\xbekי\x13\x8f\xa5\xb2^\xd9\xfd\x14z\x1d\x16o\x1bp\xee\xc1+\x0f5\xb5\xf3\x95au\x13ef\xda_X8QF\x87\xdf\u007f\xc6\xd4\xc8\xe0\xbd\x17\x94nt\xc4\xce1\xff\xf3;\xe5`EO\xf7\xac\x04\xceWW\u007f)\xc6_(I}\x1ept\xbf\xdeNn\xee\xb5[7\x88/\x13깒T\xf1*,\xeb\r\xd7%\x87\xc36\xac\x06v\xbeS\xb6\xcf\xf7b\xbe\\\xab\xee\xbd\xed\x9f˹_\x92\xc6R\xb9K\x9c.\xde=s\xe2\xc4u\xb1\xa0f\u007f\xd3)\x9b\x85Bk\x9f>rz\xfdd\xced\xce\x03>\xd1쫏\xe7\n.\b\x10\x9f\xa2\xbcb+\xd7$\xfeMU\a\x13t,\xceH-\x8b\xfe\xff\x89\xe7\xf1*y\x99;;\x16LV\xbf\x97\xfc\xb8^q\xbe\xd5\xd3y\xbf\x1e\bg\x95\xbe\x9e\x16\x934qJ_z\xf0\xb6\xce\x1fB\x9c\xa7\U000c3899\x8b\xda\x02\xa6r\\\xe9mo\x13\x95\x9f\xaarcI\xfe\xacsK\xe6\xceν\xb4\xa9\x8c\xad\xedX\x18\xc7\xd1ל\xb7\xcc\x0eIG;\xeeK\xd4z\\\xf0lDz\x1fۢ\x8e\xecU\xfc\xfe\u007fU\xfc\u009c2˴k\xaf|B\x1f2\x18\xcf\x16\x9e\x91|2\xff\x02\xa3\x02\xa7y\xd0s\x1e\u007f\xbb\xb3{\xbe\xc6OS_\xae\xc04\xf5\x81\xde\vvGVyѼk\x1b\x9eH>\xe0g\x9a̠^t\xb4\xfbb\x88|\xac\xd7a\x87\xe9u\xa1\xcbj\x0e\x1a\xb3\x880\xcaz*drKN\x9e\x9b\x17\xa1\xf4݁ǍG9\xf9\xb3\xe5\xa5\xfa\xb2\xc0\xe5_N,\xfc\xc8S\xa6\xa4\xec\x16\xa4\xa9\xfbh\xb1#{X\xe6\x8cK\xac\x9c{2\x8fG%\x9e\xedoL\x10\xf5m\xb8;\xe1Q푀O=\xd6y^Ǐ=kжi\xdc#\xd8 &\xa0~\xfd\xc3Y\xfb\xca3\xc5Z\x87\xeb\x82'^\xcb\xfb\xf1\xf5\xf3\xf1\v\x81\xbe}\xdeK\xa3\x9fI\x8a[_k伣t\xe7]\xdf\xce#\xfd\xc1\x0f\xd3w\x1b\xef\xe8\x10u;\xff6\xd3\xf4\u007f)\xaf\xdb\xe7s\x85\x0f\x8ff\xb79\xb1\xedt\x04\x04\x00\x00\xff\xff\x00\xbbPU\x96\x05\x00\x00")) - p.addCertFuncNotDup("0;1\v0\t\x06\x03U\x04\x06\x13\x02RO1\x110\x0f\x06\x03U\x04\n\x13\bcertSIGN1\x190\x17\x06\x03U\x04\v\x13\x10certSIGN ROOT CA", "\xe0\x8c\x9b\xdb%I\xb3\xf1|\x86ֲB\x87\v\xd0k\xa0\xd9\xe4", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xb60hbRX\xc0\xcc\xc4\xc8\xc4Ħ\xc0\xc6*V\xc0d\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xc0ڐۀ\x93\x8d9\x94\x85M\x98)\xc8\xdfPЀ\x1f\xc4\xe1\x12\xe6HN-*\t\xf6t\xf73\x944\x10\a\tq\v\v\xc0\x84\x14\x82\xfc\xfdC\x14\x9c\x1d\r\xe4\xc4y\r\xcc\f\xcc\rL\f͍\f\fL\xa2\xc4y\x8d\r\x91\xb8\x94\x19\xdeĨ\x84\xecXFV\x06\xe6&F~\x06\x83&F.\xa6&FF\x86\xed\xc6;\xebN\xa8z\xf5m\xbd\xbdECzU\xf8\x84\x17\x17\x95.\xa7\xec\xba<\xf9ŕ5m\x89\x0eY\t\xe1\x19!-\xbe{\xb2B\x98X\xffߟ=Kk],{\xbf\xd7a\x8d\xfa\xf7\xbf\xb5\u007fU~<\xbe\xf6\x83@\xb0ʄ\ued13+:V\xaf\x8fZ\xcc\xf0r\xdf.\xb7w\xd1\xc5\xd5:\xe2M\x8dqI:\v\x99R7\xef=\xaa\xcdPw\xe4\x0f\xb3q8\xef\xdbG\xbf\xceź^\xb38k\xbam\xd3\xc1\vs\x1a\xbdV=\xd9\xc4\x18#\xdb\x1f?\xf3\xc8Ƶ\xb7;\x14_O\xe0hj\xf8l\xb0\xd8\xf9ل\xa6u\xa1\x1a\x9eo\xa3\xaf\xaf\x14\xb0\xe0\xfb\xd7\xef\x13=\xdb\xed\x95\xe3\xd7\r\x1c%\x87/t\x18o\xab\xb9^r\xffN\xcbEg\xbeR˅\xaa\x0e\x1a\xaf*N\xf3\xe9\xe8Y\xce\xed\xe9\xce\x13\x93\xd1Wk\x12x\xf48u\n\x17ˁ\xb8\xef\xb1\xd1?\x04\x1e]\xd8U\xe5\xfd\xfb\x9e9\x03\x83T\xb4\xc6\xe3Ks\x8a\xed\x8c\xdag,<\x19\xa8\u007f\xfd\xde\x1a\xe3\xcd\xfeĽ\f\x8c\x8b\x9d\f\x1c\xc0\xa1*+\xcc\xc8\xf8\x9f\x85Հ\x99\x91\xf1\xbf\x01\x1fH\x80\x1f$\xc0\xc2\xcc\xc4x\xcc@\x16\xc4\xe7c\x11c\x11y\xd03\xfb\xb6\xaa\xe7\xe6\x8f5m\xd769\xb5s_\xc8^p\xf3\tZ\x92`\x06\x05\xae\xdd%\x99N=\xd3??J\xef>\xabO\xed\xf8R\xe4sR纑\xdf绒\x95\xee{\xfb\xac\xa3'\xf3\ax\xaa\bg\x8b\xb0\x15\xbd缼p\xe1c\x87\x96\x93\xcf%\x8cJl<\xf2\xf8\xe7{_\xf9.wyr[J\xc8\xf4䢀\xab\xa1\xe7\u007f)LfZ4\xfb\xb0\xf2d?\xb1в\x05\x05\x95\xb9g\x15\xe5\xcf\xeb\xeb\xee\x91|\xdca\xf8#R\xaa\x91\xf3\xc4\xf4e%\xc7\x13\x8eD\x9f\t\xef\xdbT\xfaW\x9a\x89\xf3vd~\xd1\xe4\xcc\uf18e\xd7:,\xf6\xb7o\xda+V\xf9sՓ}\x1d\xaaw\x13Օe\xb6\x1a\xb2\xb3\x98m\x91\x9a\xb0wAIa@g\xee\x1e\x91\xc7\xfcm\xeb>\xae\xb6;\xbe\x80\xf3\xccb\x8f\x8b\x0fn\xa7<\x9f\xb4\xf5\xfc\xfa\"\xe7\x82\ue7c7[l\x84W\xd5M\x9a\x1d\x1e<\xf9W\xc1\xa1\x89|\x86?g\xa7Ǿ\x9cf\x11\x17\xbf\xb9دC4\xfd\u07bc2\x81$\x85}\xa1\x99S\x9d\x19,}\xbf\xbd\xdb\x10\xe5\xe7\xe9\x12\x12\x11\xef\xd4\f\b\x00\x00\xff\xff\x12\xf1yC<\x03\x00\x00")) - p.addCertFuncNotDup("0>1\v0\t\x06\x03U\x04\x06\x13\x02PL1\x1b0\x19\x06\x03U\x04\n\x13\x12Unizeto Sp. z o.o.1\x120\x10\x06\x03U\x04\x03\x13\tCertum CA", "", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xe61hb\xfc\xb2\x80\x99\x89\x91\x89\x89\x99\x91A\xc1\x80\x97\x8dS\xabͣ\xed;/##++\x83\x81\x9d!\xb7\x01'\x1bs(\v\x9b0S\x80\x8f\xa1\xb4\x81$\x88\xc3%,\x14\x9a\x97Y\x95Z\x92\xaf\x10\\\xa0\xa7P\xa5\x90\xaf\x97\xafg(d \x00\x92d\x16\xe6tN-*)\xcdUpv4\x90\x13\xe750203444013\xb6\x8c\x12\xe752G\xe2Rl~\x13\xa3\x12\xb2\x93\x19Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x19\xcem<\xa8wٿ\xe6\xac\xea9\t;\xff#=\xf9\rY\xc5'\xa2\x03\u007f̾tg7C\xcc\xc6\x05\u007fJ\x99\xdf5~\xe8x\xa7\x1c\xf4\xf2\x99\xa8q\xef\x1a]Σe?\xb5-\x1b:\x9fL\xf7\x9e\xb0tEŏb\xe7\xea%\x89\x1bnD\x9cy\x98\x93V7\xe73g\\hr\xcb\xd5\x15\xef?o\xd43\xc8\xd8|\xc4\xe6ƚ\xbcޙQ\x13\xfcL\xee\x98\xcd\xeao\xec\b؞;͉\xf3\xf3\xf5\xa9ͼ\x8e\xde\x1b\xb2\xb2\u007f\xfc\xe1\xafK\x9a\x9f~\xe4\xadZ\xbc\x80\x1a?\x87\xff\x87%\xe1\x1a\xe7\xfaw\xbcu\xfd\x96\xf7N5vU\x9e\xe5\xbe'\x93\xf5o\xba/(z\xfdkY\xf4\xfaS\xc1\xf6\x8f\xf8\x8eM\v\x13\xcc\xfb\xfe2m\xa5ڍ\xfa\xa9\xc1o\xb9Z;v\xf9k.u\xea\x89\xdb\xf6\xa7U\x81aU\x06\xf7B\xa9V\xc69Gܒ\x9b:\xb6)m|\xf7o\x95[d\xddyS\x9d\xab\xdbn\xc5~\xf70\x16\t\xd9\xf6\xfaf\xfe\xb9\xb3\x1d\xd7VKߚf-\x1b\t\x8aT\xc6\xc5\xc2\x06\x82\x06\xfcl̡\xb2\u008c\x8c\xffYX\r\x98\x19\x19\xff\xa3\xc543(\xb4v\xf4\x9e{\xff\\d\xd7\xf9w\x1b\\&\xe5l\xb1\xb4[Ԓ\xb7v\x87b\xf9\xa5+\xe5M\xed\xcf\x14\x1c\x1b\xdf=\xfa!\xb8=\xf9\xa2\xb8\xf9>\xc92\x15\x19\x16)\x9f\u05f6\xab\xd2\xf3u\xaf\x9c\xfd\x97jXpTz\x19\x13\u05ee\x84\xea܈C\xb3<\xff%\x1bqg?\xb6:\xb0f\xb5\xf5\x86\x17\x979\x03{\x04\x9a\x8f\x99<8\xaa\xfd@j[\x82\x88z\x8eQyϞME3Ο=c\xbf\U000c4293ȵ\xf0?\xcfԜW\xca>m\x98p\x8e9D\xc3\xee\xbb\xfd\xe5\x1f\xbeo\xb3\xb8\xac&\v϶\x16Q\x16N\x9ec\u007f\xb1]\xbd\xf2\xa9O\xe0cƵ\xad\xb1R\xd6\x1b\xaf\x16\v,\xb9\xfciO^\xcaר\xb0\t+\x8e\xf3\xf9\x94\xf0\xeb\x15Z\u007f?\xe1\xfe%3_\xf4\x93`\\\xb3ܜ\x9a\xa0u\u007f\x99n\t\xad\x88L\x97\xb8\xbd\xa7\xe0\xee썙o\x1b\xceu:xd\xf1\x99\x9e\xd2L\x13U\x9c\xa2\xf3\"Akv\xab\x97\xc3\xe7\xec.\x957lb:ŀ\x00\x00\x00\xff\xff\xe0\xfa\xfd\a\x10\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\x801\v0\t\x06\x03U\x04\x06\x13\x02PL1\"0 \x06\x03U\x04\n\x13\x19Unizeto Technologies S.A.1'0%\x06\x03U\x04\v\x13\x1eCertum Certification Authority1$0\"\x06\x03U\x04\x03\x13\x1bCertum Trusted Network CA 2", "\xb6\xa1T9\x02à?\x8e\x8a\xbc\xfa\xd4\xf8\x1c\xa6\xd1:\x0e\xfd", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xbdd\xd0ļk\x013\x13#\x13\x93\x80\xe2\xb5\v^\xfe\xaa\xfc'\x8d\xcc\xff\xac\x8a\x13\xea}i\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x97\x95\xc1\xa0\xb1\xc1\x90ۀ\x93\x8d9\x94\x85M\x98)\xc0\xc7P\xc9@\x01\xc4\xe1\x12\x96\f\xcdˬJ-\xc9W\bIM\xce\xc8\xcb\xcf\xc9O\xcfL-V\b\xd6s\xd43T7P\x05\xa9\xe1\x16\x96sN-*)\xcdU\x00Q\x99i\x99ɉ%\x99\xf9y\n\x8e\xa5%\x19\xf9E\x99%\x95\x86*\x06J \x85\xcc\xc2\xd2P\x85!E\xa5\xc5%\xa9)\n~\xa9%\xe5\xf9E\xd9\nΎ\nF\x06J\x12\xfcF\x06\x86\x86\x86\x06\x06f\x06\x16Ɩ\xa6fQ \x01\x133$\x81\xc1\xe0\xcc&&%\xe4\xc0cde`nb\xe2g0hb\xe2bjbbd\xd8\xfb\xb3\xe2dz\xab\r<)sۤ\xa7\xa5\xa4\xdb+Yɕ2־\xff\x1d\x93\xdes\xf2LL\xf6ʉ\xcfv:=U\xf0\x9e}kv\xf5Ι\xb17g7x_oq\xd0V\xbf\xfcb\x97\xc1n;N\xa9\xe5\x9eS\xdfk;\xa8\x1c\x9a~|\xf9\xbb٪\xefWp1Lo\x8dZ5\xf7\x8e\xe6\xc9G\xa6\xec\xaf\v|\xbd\xae\x1d\xdc\x1c\xb6c\xa1\xa3\xc5싿\r\xeb\xfb\x1f\xc4?\xdch\xcf\xdf'\xe6\x99p\x9d\xadW\xe2\xe7*5\x81\xd5Z\x97/\\L\xef\x95v\xdb\xe7npU\xaf\xe8\xe2\xd1\xe4[ϓ+]꼓U:\xdb\xf4L\xec5}\x82\xba\xb5\x96\x1fx4Q\xa3s\xe7\x81蟲7\x9f\xab\xaf\xfd?\x8bi\xfa\xc1c\x01\x93f3\xe9\xec]\xb9\xd3$\x92k\u007f\x8b\xd7\xff\xfb\xff6\xcf\u007f}sރ\x19\xcao\x96e\x97\x8bi\xdd>\xb3\xd6ZfI\xfb\x1d\xb7\xe28ɤ\f\xd7\xf0'\x13\x9a\x9cv;]\xfb\x90\xf8\xe0\xe0b۴ű_$\xdeu\x9c\xec\x15w՜iT\xcad\xf8NS\xedD6ӳ\xadI\xae\xf5\xe6\xa2Q\xca\x19\x9dW\xec\xee\xf9\xa9o\xf8\xe0\xc0\xb3\xc7W\xfc\xb4\xef\xa2\xcdr\x17آ\xee~\x9b|>\xbct\xe6\xd7_mR\xe9\x15\x9b\xf7O\xfbgrg\xef\U000e0c27\x9b\x9f\x96V_w\x9c\xc8z'6\xf3\xf1T^\xe7\x9d\u007f\x9a\xa7YN\xad\xcei\x88\xf2\x17.:v\xbdV\xb3\xcaeW\xd0\x12\xad\xab\x8en\x9c\n\xff\x94\x16l\x8b6\xe8\xdd\xd3\xc9s\xf5z\xc1\x8f\xf6\xa0\xbf\xb7ޯ\t\xd4c\xdf\xec\xf7\xef\x02筂\xf73~\x85=˽\xbd5\xdc\xfb\xceS\x1dU\xd1\x13\xf3\xf4*\xfc~ܚ3\xafM\xe7T\xf8g\xa9\xa7'&uK5M\xab:\xbc'@(\xf3\x06_\x94[\xb7\xd5k\xb5_\xca'\xb7mh\xdc\xe7İ\xe4ǵ\u007f\x06z\xc7/\xb9}{\xdaW\xfa\xf7ә\x9d\x17ڣϰ\t$\xecn6\xdd\x1e\x97~\xcf\xfd\xcdL\x8f\x8fK\x16\x8a\xfe[ۓ\xd4g\x19\xeao)\xb6sc\xf2\xdc\xffۙ\x98\x19\x19\x18\x17;\x198\x18\xf0\xb31\x87\xca\n32\xfega5`fd\xfco \v\x12\xe0c\x11c\x11ٶ0Ē\xe9\xf0\x02\xfb\xbe\xae=\xbf\xae\xfc\x90Yvъ\xef\xaf\x01\x1fH\x9a\x1f\xa4\x9e\x85\x99\x89\x91\r-\x8b2\x83\x12W\xe1R\xbesO^\uedf7\xb8\xda\x19u\x84)\xf1\xb7\xcfQ\x11q\xddn\xff\xe0l\x01\xf1?\xa9-\xc7\x05<'ܻ}\\mr\x87Z~\xc15\xa68\xcb\x05\xdf\xfbWOۺT8\xa6Q$\x97\xaf\xb1IP\xba\xcb\xef\x98\xffһIr.\xf79#\xbfD\x97s\x9b\xbf\xecV8\xf6\x83\xcbO/B\xe6\xb5\xf1\x85\xf3m\t'o\xfdnП\xe7\x93\xd0Ra\xab\x98r\xed\xb7\xa3\xbc\x04\xff\U000d3945{\xf7\xc6\xdc3i\xb7s\xdc\xc0\xf7m\xe75{N\xe1i\"\xfa\xf7f\xc9F\xed\f;gj\xb5!\xbe\xc07\xee\xb1\xe6Ge\x8d\xa2\xc8m\xab\x0f\xf5\xa4\xa9ɔ먕\x99vk,\xcf\\\xf0\xd3\xfa\xab\xf2\xddV\x81\x92\x93\x13\x98\xc3&>_\xbf\xcb\xfd\x8a\xd0tA\xa5Nj<\xa7\xe4<\xdf>\xc5{\x97\xee\x92[\xc6\xdd>\xcb\\\xfeG\xd9\x1c\x93M\xb9\xb1\xd5\xf0\xc92\x9b\xaa\x15\xe1ܷ\xdf&J\x9d\xfex\xae\xb8\xe1\xdfr\xc4gi\xe2\xe4\x1f\xd3\x05ص\fTW\xeeL;5\xf3\xf2ɣj\u007fy3X\xdc\xd6m\xbb9\xbbg\x9f侍\xc7>I>\x8ea:\xa5s#ߋ\xfd\xe6I\xd3[\x0e\xa5\x9f\x8e,\x97̟\xe7$0\xa3\xf4\xd9\xd4\xee\x84=o\x8f\n]\xef:wuFL\xd84\xe6\xa3\xef\xca\xd9L\xff\x9f\u007f\xf2\xce^8\xf1\xdd\xed[\xba\xad\x1fή\x9b\xbbI\x82\xd3\xf5\xf0\xa4\x85E\xe2\u007fܷ-\xe0\xd6\xf9x\xe4\x9es\x06GV\xbc\xf5\x87\xb2\xe4\xdfg\xd8t\x96\x1d{ķu\xe7>\x95~@\x00\x00\x00\xff\xffMʇ\x18\xd6\x05\x00\x00")) - p.addCertFuncNotDup("0~1\v0\t\x06\x03U\x04\x06\x13\x02PL1\"0 \x06\x03U\x04\n\x13\x19Unizeto Technologies S.A.1'0%\x06\x03U\x04\v\x13\x1eCertum Certification Authority1\"0 \x06\x03U\x04\x03\x13\x19Certum Trusted Network CA", "\bv\xcd\xcb\a\xff$\xf6\xc5\xcd\xed\xbb\x90\xbc\xe2\x847Fu\xf7", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xdem\xd0Ĵx\x013\x13#\x13\x133\x8b\xcb\x01\x03^6N\xad6\x8f\xb6,\x8c\xac\xac\f\x06u\x86\xdc\x06\x9cl̡,l\xc2L\x01>\x86J\x06\n \x0e\x97\xb0dh^fUjI\xbeBHjrF^~N~zfj\xb1B\xb0\x9e\xa3\x9e\xa1\xba\x81*H\r\xb7\xb0\x9csjQIi\xae\x02\x88\xcaL\xcbLN,\xc9\xcc\xcfSp,-\xc9\xc8/\xca,\xa9\x84\x19\xc6,,\tU\x18RTZ\\\x92\x9a\xa2\xe0\x97ZR\x9e_\x94\xad\xe0\xech '\xcek`ah`ddhd`nl\x1e%\xcekdihdl\b\xe5\x0e\xb8\xfb\x9a\x18\x95\x90\x83\x8c\x91\x95\x81\xb9\x89\x91\x9f\xc1\xa0\x89\x91\x8b\xa9\x89\x91\x91\xe1\xf1\xef\xda\xc5E\xbb\x0e}8)\xd2\xfe5\x9b\xd1\xefa\x9e\x03\xfb\xae\\\xf5\xd8\xfa\xefѺ\x9b\xa3\x8e\aƯ^b\xb4,\xb1}[\x1e\u007f\xdb%\x03\xa6\xe9?\xaeg\x86/\x94\xb0\x8c\xcdJ\xa9<\xc6\x18\xb9\xc6\xc6\xd0ˢ\xe6\x12\xcb%o\x8d\x17\n\xf1\xd6\xec\x8b\xce\xf8\x16\xdf\xfe\xbc\xce\xffx\xd8ը\xe5\xd3:\u007f}^\x9dqE\xb9-R\xfd<\xa7\xfa\x9e5yE\xcd2\x06E\xf7\x1f,zy\xe9aI\xa9\xe4^\xadyբ!,\xd2ם-׆j\x1c}$\xb5\xfbˁ'\xeb,<\x8dϔ\xb5ηt\xbd\xb4d\xde'\xa1\x9e\xc0\x1f5Ot뿮\x89\u007f-6\u007f\xa3\xee\xc5]g&:\x95\xfb\xa8\x9e\x9c`\x91\u007f\xfbÙ\xdf}r\xd3#\xed\xae&\xf8=c\xd5x\xebY)\xec\xbd\xcb\xe3\xb6\xfeϢ˖\xa7\xfe\xc9\xdf0)\xfa\xba\xc5\xe1\xbc!\xe3\xe17\xf7\x04u\xc5c\xe5w\x04\\\x8c\x93\\\x9ey\x8f\xddX\xe3T\xc0ԟ\xcbCN\x87\xb4\x05\xb8\xae\xfc\xe9\xc9\xc4\xcc\xc8\xc0\xb8\xd8\xc9\xc0\xc1\x80\x9f\x8d9TV\x98\x91\xf1?\v\xab\x013#\xe3\u007f\x03Y\x90\x00\x1f\x8b\x18\x8b\bG\xd9\xd9\xd3\xec\xffU\xbe\x1d=\xfbv\xf7\x84=\x8fZ\xcc\xddJ\xbf\x1b\xf0\x81\xa4\xf9A\xeaY\x98\x99\x18\xd9\xd0\x12&3(p\x97\xadX\xabt\x8e\xd1v\xd9\xe2\xffI\x17<\xe6v\xc7\x15m\xa8py|Gf=\xe7_e\x8f_{\xb5\x8e\xec\fe\xd9*\xb0\xb8W\xfd\x1ewS\xf2\x85w\xf7x\xcc+\x1d\xa3\x956m\x98\xe5\x18\xb3\xac\xe0\xc1\x95\v姕/3<\xc8\t\xd3\u007f\x98\xc9\xcb{s\xd5~\xc5ƀ\x9blKW\xfc\x9fj~aտG\x9b\xbf\xce\xd4um\xe9z\xea\xc4y\xbd\x84I\xff{獙/\xf7\xa8_q\xef\xdd\xc5\xeb&S~^d\x89\xcc\xce%\x86G\xe6h\x940\x9b\xfc7\x96T[\xfa\x92\xb7d\xbb\xdd\xf4ce/ԧ-N\xbb\xfbp\xdd'\xc7\xe8S3\u009a\x8b\v\x9e\xb4I]2tܥ\xbfOW8\xaa,\xdf\xef\x85_#\x9f}4\xb3\xd2\x02\xa1}i\x11\x82^\xa7\x99\x8fl\xd1\xd2ҝ&\xfe\xc02d\x8f\xc7\xe52\xf5\xb9\xb3tٖ\x9d|cyi\xf5\xed\xf9\xb3\xb8ՙL57:L}\xfe\xf3Ŝ\xd0\x0eI\xb7k\xdbM\xbe֝\xb3\x9cu\xd3\xe2c\xe0w\u007f\x1d@\x00\x00\x00\xff\xff\xb2\xc4\xd5\xc0\xbf\x03\x00\x00")) - p.addCertFuncNotDup("0V1\v0\t\x06\x03U\x04\x06\x13\x02CN100.\x06\x03U\x04\n\f'China Financial Certification Authority1\x150\x13\x06\x03U\x04\x03\f\fCFCA EV ROOT", "\xe3\xfe-\xfd(\xd0\v\xb5\xba\xb6\xa2Ŀ\x06\xaa\x05\x8c\x93\xfb/", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xed5hb.]\xc0\xcc\xc4\xc8\xc4\xc4\"\xe1u\xe6\x9a\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x830Cn\x03N6\xe6P\x166a&g?C\x03\x03=\x10\x87\x8bG\xdd9#3/Q\xc1-3/1/931G\xc19\xb5\xa8$3-39\xb1$3?O\xc1\xb1\xb4$#\xbf(\xb3\xa4\xd2P\xd4@\x18\xa4\x83\x99\x87\xc7\xd9\xcd\xd9Q\xc15L!\xc8\xdf?\xc4@N\x9c\xd7\xd0\xc8\xc0\xc2\xc0\xc2\xc0\xd8\xc0\xdc\xc00J\x9c\xd7\xc8\xd2\xd0\xc8\xd8\x10ʥ\x99\xbdMLJ\xc8^dde`nb\xe2g0hb\xe2bjbbd\xb8\x1e\x9b}V\xc0^\x9e5\xf2*\xab\xaf\xf9F\xbe73\xb4\xfbDe\u007fM\xf6\x16oR,\x14\b\xba\x1e\x98R v(4ӷO4w\xfe~\x1e\xe9C\x0f\x16\xa7_\xe3Ys^i\xdd\xfa\xf2\x10-o\x9f\xaeࠪ\xc3\xef\xf4\xeem.T=\xf82\xd6\xf6\xddB\xfd\xc5ߵlN*\xcbf\xad\x96]\xb8\xfc\xe3\xe77\v\xae\xba\x9c\x17=_\xa4/\x9b<\xfd\xc5̟\u007f'/\ti\xf0\t\xba\x12\xb4Z\xcf\xf3\xfe\x84\xb3;\xe2\xf7\xd9\xdf[x\xcaW\xe1\x8a\xea\x8b\x16\xcd\xe0\xed\x1b;\xe4\xff\xff\xba5a>\xd7J]G\xfb\x8d\x1f%4߉E\xea\x98xJ\xad`\xbb\xbe\xa2\xe3\x12sQ\x95ѣW\x19\xbey:\xd3R\xabOE\xfe\xfa\xf4\xe8\xee;\x03\x9d\xdfg\xdc\xd6\x1cI~\x9d_o\xa6mR,4\xa5\xfe\xfe\x19\xb5y\x1f\x8bb\x03R#\xfb37\xb7\xc7\x19\xe5\x1f\x96\xe8\xda:\xb5\u007fC\x95\xf9\xbd(W\xeb\xe3f\x0fߧ_\xb4\xbc<=\xba8I\xd2C\xb7]\x86\xedw\xc9\f\x05\xcf\xe2\x0f\xac\x97\xa47.X\xbc]\xba\xe0rG\xe6Ψk\x16_\x92\xee\xa8vW\xec\xff\xf1\xa2nG\xccɩ\xfe\xf1\xcbuw*d\x9fϾ\xfb\x95\xf7K\xd3\xf6/\x9b\xd2\xf4\x044\xbeM\x8f\xaa\x9e&\xd6\xcf(\xa9\x9b\x93Wo\x19\xc1\x96\xd2\xcc\xd8\xdc|\xd8w\xd2]\xa3c\xedK\xcc_\x8a\x9d[\xa5\x9b\xb1\x9e\xab1ժ\xe0\xe0쵾\xb9!\xa7\xb4t\xbd[\xa577<+p\xe5͎3\xfdPo\xbdc\xce\x13\x96\x82N!\xd5ɷ\xb8f*%d%'\xf8\x95\xb1\xcd\xf0\xdbۼV6\xa2K\xb5\xf5\xd2\xf1T9ݾc\xf7\xb7\x1d{X\xdfŢ(\xaaY\xf2\xc1n΄\xb9\x10\xab\xdd|1,\xeb\xe4\xb6\x15!\xc1z\x15F\xe9\xb6M\xf5%\x17~?\xdcƚ\xb0\xb3\xe0v\x1f\xf7O\xe1\x88\xfc\xc2\x04\x81 \x81\x9d\a\x1d9\xdf\x17ɧ\x1bV\xfc\x9f\xc6\xda\xcb\xc4\xcc\xc8\xc0\xb88\xd9 \xd1@\x9e\x8d9TV\x99E\xc2@\xacA\xe4\xf1?ݿ\x1a\x17\xb8\xb7\xeeڶ\xe8\xc8~\xb6U\xac=\x93\u007f\xeb\x1b\xf0\x83\x14\b32\xfega5`fd\xfco\xc0\a\x12\xe0\a\t\xb0031\xb2\x19Ȃ\xf8|,b,\xd8\xf5\xa3\xe64fP\xeaS=\xb6+\xfbu\xfb\xe9{M\x96\xd3l?\xb8,\xcfn)f\xbe7W\xdb\u007f\x97B\xfd\x9e\x8aM\xe7\xa7o\x90\x9e\xf3\xf9z\xa5\xdeW\x8fm\x97~\x8bw<\xbb\\e\xff6X\xf8\xc2#\xfd\xac\xca\xd3\f\xca\x1a\xcf\xe4\xcc\xc3M;[\x0e\x95\xf9\x9b\x98\xadM?|Α\xad\xe3\xe8\xf7w7\xa4v\\\xe3\xae\x0f\xf8?y\x95\xb8wϛ\xb7A\t\x9b\x96\xb0\xbd\xf2{\xfd%[\xf2\xef\xeb\xafR\x0fT\xb5f\xdd9\xeeh\xf6\xfdD\tk\x8b\xe5T\xcbk\xdc\xd6K\xd4\u007fq܈\x91\xfb\xc1\x92\x10$\xa8\xa1\xc1\xfc\xff}p\x1a\xc3R/\x13\xb1\xb4\x9a\xbf\x9cK\xd6\xcdK\x97\xcaw\xe4\xcef\x13\x9e\xdd\xdfVȺE\xbf\xb73\xcdX\xb3,d\x96\xe0\x0f\xf5_\x9b\xec'>8\xc7+\xfd\xd9@j\xed~\xa5X\xe9\xcb\xfbUY}\x1fN\x92\xaa\x9f9\xdf\xc6e\xf2\xa9+\x0e\x9e9\r\xed\xd7Y\xac\x0e\x1b\x05\x99\xf2\x85\xfdXz\xb7\xf6H7\xaf\xa0|\xf0i\xb9M\xe2\xdb2ʣ\x1e\\9}\x82}\xddW+\xbd>\xf3\xed\x17\x18\xbd\x9d5\xcb{,\xa7\xf77E\xfd\b|ڹ@\xe2yF},\x97\xde\xef\xc5\xee|\xb6˔\xab\x8e1\x1e\xef?\x11\xb7?\xb7!l_\x97\xca.\xe3W\xf3\x1f\x1a\t\xce\xfbxɿᛴ\xc3z\x8by\x82\x01\x95\xc5BBg\x9f\xe5\xcc\xd5\xe9(\xb21hd\x9b\xa8\xf4*r\xed-I=\xa5C\xbd;{\xda\x1f\xa4\xed)V\x8eWLIn\xf0\xf8\xba\xc0F\xc2v\xca\t\x0fGY\x87]q\xff\xfe\x85Y.n\x9ed\x8a\x9b\xc0-\xf1\x89\xdbY\x1b\xd6tϜT\xfb|\xd1\rvn3\xf5\xe7\x1e\x95\t]\x87\xaf\v\xc7\xfc(r\xb8\xefu\xfa\xfcL\x06.\x06n\xc1\xa9\xb7\xc2\\\x99;\xb8\xe6\xa7_\xb8Z\xb9qE\xafC.\xef\xa1*\x87_\x9f\xe3S\xdc'\x9d\x0e\u07b9;\xf2\x9c\xff\xdf\v\xa2\xc1\x8c7\ueffe\xf9\xac\xec\xfd\x05\xe5\xdd\xd6++7_e\xd2<۹x\x1a\xbf\x97\xe9s?\xa7\x03\xa5g\xd9\xcf?\xd3y]\xad\a\b\x00\x00\xff\xff|\xc3һ\x91\x05\x00\x00")) - p.addCertFuncNotDup("0\x81\xae1\v0\t\x06\x03U\x04\x06\x13\x02EU1C0A\x06\x03U\x04\a\x13:Madrid (see current address at www.camerfirma.com/address)1\x120\x10\x06\x03U\x04\x05\x13\tA827432871\x1b0\x19\x06\x03U\x04\n\x13\x12AC Camerfirma S.A.1)0'\x06\x03U\x04\x03\x13 Chambers of Commerce Root - 2008", "\xf9$\xac\x0f\xb2\xb5\xf8y\xc0\xfa`\x88\x1b\xc4\xd9M\x02\x9e\x17\x19", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xf77hb5_\xc0\xcc\xc4\xc8\xc4\xc4ɰ\xf8\x96Sݒ\x8d\xebn\x19\xf0\xb2qj\xb5y\xb4}\xe7eddee0h\\g\xc8m\xc0\xc9\xc6\x1c\xca\xc2&\xcc\xe4\x1aj\xe8l\xe0\b\xe2\xb0\v[\xf9&\xa6\x14e\xa6(h\x14\xa7\xa6*$\x97\x16\x15\xa5\xe6\x95($\xa6\xa4\x14\xa5\x16\x17+$\x96(\x94\x97\x97\xeb%'\xe6\xa6\x16\xa5e\x16\xe5&\xea%\xe7\xe7\xeaCe5\r\x85\f\x04@\x86\xb0\ns:Z\x18\x99\x9b\x18\x1bY\x98\x1bJ\x1bH\x82ĸ\x84\x85\x1c\x9d\x15\x9c\xe1\x1a\x15\x82\xf5\x1c\xf5\f5\r\xd4A\x92\xcc\xc2\n\xce\x19\x89\xb9I\xa9E\xc5\n\xf9i\n\xce\xf9\xb9\xb9\xa9Eɩ\nA\xf9\xf9%\n\xba\nF\x06\x06\x16\x06r\xe2\xbc\x06\x16\x06\x16\x06\x86\x86FF\x96\xa6\x06Q\xe2\xbc\xc6\x16\x06\xe6\xc60\xee\xd0\xf3P\x13\x93\x12r\xa40\xb22071\xf13\x1841q15112\xacg8]`\xae\xdd\x10\xe5e\x95S1\xa5vq\xbd\x94\xfc7ӫ{o\x9f\xe6u)\xb2S\xdb4!hW\xb2\xb5FD\xfe\xd2\u0379S\x96}\xbe\x9b\xc2\x13\xfa\xed\xdb\xf3OJJ\rq\x0f\x93\x8em\xd3|ؘ\xf3i\xff\xd3Z\xa3\xac\x90\x05F\x92\x91\xff仯\xdb&\xb4\xb5\xaa\xe4?\x16\xdc\\n\xa70\xcdT1{3\xc7\xcd\x02\xbd\x94\xef-\x93\x82\xaf\xf1m\x98\xd0\xd5\xf5\xb8\xbd\x97\xed\xf2\xde\t|\x8ff.\x94n\xe3\xbb5\x8bk7wb\x00[\xd0\xc7y\xf5eoN\xf3_\x90\xe3=?\xd3\xc0V戫@Ěk\x97_\\\u007f\xfa\xea(#{\xf9\xb5\xc0g\xcc\xf5]\x1eK}3Jw\xbe\xdc3\xcfO\xb2\xf0\xab\x91\xf7\x9c\xdc\x04I\xee\xdfg\xe6\x96\xdeٯv\xb6\u007fr\x85eeq\x9c*ߩ\x98\xd7\xe5B\xec\xa7S\x1c\u074b&\xaf\x0e8\xfc\x9a\xb3,\xc5\xe4\x92\xe5\xf62AN\xde2\xd7#+\xd7\xd9f\xad\xdfZ\x9b\xaa?%B\xe0ML\xcd\xfa\xbaG\xdb$n^\x98\xed\x17\xe5y\u007fe\x1a\xf7\x19\x9bc\x155\xcb\xe7\xc8>>\xd7\x17\xbc\x8f\xf5^\x02\u007f\xf6S\xa9\xdb\xf6\x8f\x1f*\x9e\xd4<\xf8\xf15\xfb\x9c iF\x97@\x9bj\xd5\xebG\x9e\x06\x85Ī\xb2\x9f\x12Sر\xf6\x89\xe3\xbb*\x8e\u007f3\xf3\x9b\x97Mdڐc\x16\x9a\xf5\xbc\xf6\xeb\xb4g\xa7\x1a\xafM\xff8\xa5\xf9\xe5\xdb\r\x1b\xb3\x852\xe5\xd6\xfc\x8e]yt\xc6\xcb-\xd1\x11U\xfbl\x17\xb9X%G^\xe1V\xbd'\xed\xbf\xf7)㼳\x974\xaf\xce\x17\x97\xe4\xca\xdf\xcf3\xe12g\xfc\xcd\xc7]\xa6g*\xa3|%\xcd'm?rp\xed\xfa/\x95*\xb361ro\\\x1f3\xeds\x83\xd1\xef\x18\xdb\x19\x1f\x17\xd8{\xdd۷~\x8a\xde\xcd\xd0Y\xe2y\ts\x93sv$\x9f\\\xd7\x18#a\xfa`\xc2\xee}6\xfe\xe6J;\xeb^\x9f\x9fW\xae\xb8\xcc֢\xf1\xb7\xc7-C[\xedǝ_/l\xdd[\xf7 \xe0\x88P\xe7f\xe5Y\x02\x86\xad\xb7\xd7忷0\x96(\x13dbfd`\\\xdcĘc\xd0Ęa \xc4\xc6\x1c*+\xcc\xc8\xf8\x9f\x85À\x8d\x91\xf1?\x13#\x8f\x81,H\x8c\x8fE\x8cE\xe4\xa7\xca\x1a\xfeM[\u007fT\x1e\xf8\x95\xd0!}\xe4\xa6/\xd3\x90'\xf9A\x01\xc3\xc2\xcc\xc4\xc8f`\v\xe2+\xb0\x98\x19\x98\x18\x18\xb1\xb1\x84\xca*0\x18h\x19h\xb0qh\xb31\xb2\xb2\xb231\x8a\xc9d\x94\x94\x14X\xe9\xeb\x17\xe4\xe7d&W\xa29\x1f\xad\x98d\x06e\xc4\tB\xeb\x95L\x0f-\xb6\xfc\xa0w\xef\xe5֗\x155\x1e\xfb\xeck]'Ž\xbc\xb5Q\xf2\x8f\x98\xcd\xfc-\xd1i\xf3\xb2\x9e\x1f\xde\x19\xdb\xf1\x82\u007f\xedye\xfe{\xaaVqg\xfc\x97\x1eܪ\xbbF\xe5R\x04\xfb\xbdE\xe73[\x12\x8c_\b\xf0\n\xafT\xbe\xd0\xfa\xb4\xafz\xd9<\xdb\"\xe1\"㯫j\x8f%\xcbs|\xf9\xc7X\xafr^['\x84\xf3\xde#\xed\xdcI\xc7,\xfd\xc5^\xd9\xd4U\xb9]q\xcdr[\xf1\xba\xb4)l\xf9\xea\x055\x19\xc2\xc6\xdf\xe6\x1a|\xc8W\xb7TQ֚\xf0w\x82\xa6\xe9\xa7\xc9\xf7M\x96\x1e\xfb\xfe\xe3}\x0f\u007f\x92Wͺ\xcb_C~\xf4n\x9b\x15\xd6.\xd6de\xbc:J\x89\xe3{ӮWz\x0f\xdcgm\xd9꺘\xd5\xfa\xe6\x1d=W\a\xebWw\xea_X\xbf\xbe\xf8F\xed\x86\xe9\x12\x83\xa3Vk\xc2\xe7m.[\xaaP\xfdS\u038b5\x89q\x99Fi\xc2\xf4I\xbcyv\xbe\xe6μ\x93D\xe7H(\x9d\r\x9c\xb9@S\xca&\xbe\xcb\xc88\xda\xe0x\xa7\xbe\xfb\f\xfe\xc5\xccǾ}\\s\xdf\xe8\xc3\xcdF\xa9's\xf6~k\x10\xf9pQgg\xeb\xd7\x1b\x8b7\x9eX\xaa\xf8TFx\xfa;\xbe\xbd\xf75W\xbe7\t\x8e\xbe\xfc$K\xb8\x85m\x9b\x11ӑ\xa0uJ\x97\xeelRt\x92\xba\xe5\xf0A\xf3\xe4\x1b.\x9e\x98G\x17v\x9d\xf1\xb8l\xceuF\x88\xab\xabr\x83-s}\xa6\xf7\x17\x13\x85\xda\xcd&\xaf\xfa\xbcS\xbe\xda\xfdݬ\x9c.\xca˲\xe3\x83\xeeA\xce@\x9bM9\xa2\x1f\x96*_o.y\xf2T\xef\xe4\xbf\x19\xeaN\xc7V\x1f\x9b\xb7\xe1B\xb4\xc5\xd2\xd9\x01\xf7\xea$flu\xb5\xfeV\xb9\xe5\xc5w\xa9j\xb6\xe6\xdf\x17\xbao\xed>\xbeWb5G\xbeMC\xb6\x83\xbd\xa4\xe4\xaeԮg\xfb\xae\xc6\\6\xbb\xfe\xde!H%\xc1\"\x9d\xc5\xf0M\xff\xe7\xa6c\xf7v\x86~\xb66\x9c\x18ug+\x87\xe8\xda2U.\xdej\xbd\xf6G<\xcb\xd8\xf6\xa8\t\xe4\x9a\xcf}s\xb7\xa2\xa7\xa6\xe1臛\xe5\x1e\x17\x00\x01\x00\x00\xff\xffT\x04DTS\a\x00\x00")) - p.addCertFuncNotDup("0\u007f1\v0\t\x06\x03U\x04\x06\x13\x02EU1'0%\x06\x03U\x04\n\x13\x1eAC Camerfirma SA CIF A827432871#0!\x06\x03U\x04\v\x13\x1ahttp://www.chambersign.org1\"0 \x06\x03U\x04\x03\x13\x19Chambers of Commerce Root", "\xe3\x94\xf5\xb1M\xe9ۡ)[W\x8bMv\x06v\xe1Ѣ\x8a", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xd9k\xd0ļt\x013\x13#\x13\x13#\x83\x01/\x1b\xa7V\x9bG\xdbw^FFVV\x06\x83zCn\x03N6\xe6P\x166a&\xd7PCu\x03U\x10\x87KX\xce\xd1Y\xc1917\xb5(-\xb3(7Q!\xd8Q\xc1\xd9\xd3M\xc1\xd1\xc2\xc8\xdc\xc4\xd8\xc8\xc2\xdcP\xd9@\x11\xa4\x90[X*\xa3\xa4\xa4\xc0J_\xbf\xbc\xbc\\/9#17)\xb5\xa883=O/\xbf(\xddP\xc9@\x01\xa4\x88YX\xd2\x19*\xa3\x90\x9f\xa6\xe0\x9c\x9f\x9b\x9bZ\x94\x9c\xaa\x10\x94\x9f_b '\xcek`l`il`hfhlb\x1c%\xcekl\x0e\xe7\x9aD\r\xbc\x03\x9b\x18\x15\x90\x03\x8d\x91\x95\x81\xb9\x89\x91\x97\xc1\xa0\x89\x91\x83\xa9\x89\x91\x91a\xbbY\xe8ӥ\xb1\x12\x06\x0fnu\x86L\xfcs\xe2x\xd0\x0f\xfd\x80\x9b\xef7\x96\x16\xa7\xba\xd7JG\xef*=\xfaga\x87\xca/\xfd\xb7\xa78\xbc,C\x8e\x04Vm\xbd\x95\xf0\xca¦q\xd3鏻oNT\xb6\xf7`,(]ɪ\xb5V\xbe\xf0\xf3\xc9\x10[Y\xb6,\a\xbb\xcd<\xad\xefb\xa4+\x0f%\x1d\xd9a\xd6g\x1a\xcbȣ\xcc\xe2n\xbajv\x82߂4\xdb\xd3j\\s\x1c\x16~\x89\x9d\xb1\xbfp\xf5R\x86\f\xad\xb7\xcdU\xfc\x8bD\xb6^Q\xdaܰ\xc1\x86'*0S7B\xa2\xff\xed\xccy\x1f\xd7=\x9a\xfa\xec\x9b\xfb\x8ak<\xfc\x1b\"\"n\x1fN3\x9f7{b\x88\xb1\xf9\xa5)2Y\x1e'O~Zzk)\x8f\xf2we\xbe9F\xa1q\x85sZX\x03g\xe9\xfe}\xe6\xa7e\x12u\uf503y:O\x88bh\xf9-.\x9e3\xd3\xd75ܙb\xe6\xf5\xc5\ue719\xb0\\\xf0\x935~V\xacon\xaf+\x9ac\xd1}\xc1Һ\x93ˮ\xfc_)\x13#\xf3\xe2&F\x17\x83&F\a\x03!6\xe6PYaF\xc6\xff,\x1c\x06l\x8c\x8c\xff\x99\x18y\fl@b\xf2,\xa6\x06\xc6\x06\x86\v\xf4\x17\xe8\xb6iC#$\xb9(\a=B\xf4a\xfc\xa2\xfc\xfc\x12\xbd\xe4\xa2\x1c\x03Y\x90n>\x161\x16\x91\xc7S\xben\xf4}y{\xa1ftx\xb7o\x19[\xd9Ë\x8b\xba\f\xf8@\xd2\xfc \vY\x98\x99\x18\xd9\f\x04\xd98\x13\xda<\x18\xdb~812\x82\x84\x18\xd8\r\xd4AJ\x04Y\x14\f\xe4\x1ae\x90\x8dw@\xb3\x1b\xa2P\x88\b\x85\x11 \x85\n,\x81\x06\xfe\x06\xbel\xdc\xdal\x8c,\x8c\x8d\xedz\\̌\x06v\x066l\x1c\xdal\x8c\xac\xac\xecL\x8cb\x060\x8f\x16\x14cz\xb4\xa0\x18ճ\x19%\xb99h\x99\x93\x19\x94\xbcx\x1c\xa7\x1f\x92j;\xa0T3\xff\xf7\x84\xcfR\x17\x997\xbe\x17\xfe\xa9\x18\xcf2\xe7\xd6ɥ\xbd\xea9\xd3\xda'\xees\x9c\xc0X4\xf9\xb9\\m\xfc\xb7\xcec\xb1\xcb\x1d8m\xd7x\xba\xba\xde\xd1\xeb5\xc8\xd8Ĺ\xeb\xf7a\xfd3\xbb\xb8\xefۗW\xbb\xd5Z\t\xa9\xf4M\xeb\xb7a\xe5ʿ4EC6\x97\xe7\x80^\x87\xd2\xd5\x1b\xe7e\x85\x8f\u007f\xf0\xb8~\x9du\xf9\xf9\xe3\xee\xf3\xacmLN4\xf8_\x11\xd9\xfd\x877\xe0\xfb\xaf\xcdo\x9c\xe2W\xde\xcd=\xf1\xa5\xf4|\xf5\xc1\"\xb5\x8d\x8c21:\u007f\xab\xfc\xb60\x1ee\r\xdf\xf9\xdcf\x15\xeb͎\x97\xecn\x8e\xe7\xde;6\xae\x8b\xb8\u07fchݩ\xeb\xe5\xf2\xcf\x19l\xe6\xe6\xf7=1\xe2\x94\xf5\xad0\xa90\xb1\x992[\xed\xad\u007f\xe11ɪ\xbd\nJ\x1eQ\xff\xbck\x99\xb7?\x8f\xd8w\xccȯD.\xe3\ue28c\xe8\xcdv\xef\x92jo6\xbc\xe0*\xad\xda\xfenK\xea,\xc5\t\x0fV]\x98\xb1\xc7bk\xb1M\xf7\x8f;\x80\x00\x00\x00\xff\xffqU\xc6t\xc1\x04\x00\x00")) - p.addCertFuncNotDup("051\x160\x14\x06\x03U\x04\n\x13\rCisco Systems1\x1b0\x19\x06\x03U\x04\x03\x13\x12Cisco Root CA 2048", "'\xf3\xc8\x15\x1en\x9a\x02\t\x16\xad+\xa0\x89`_\xda{/\xaa", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbv6hb\xd2^\xc0\xcc\xc4\xc8\xc4$\x10\xff\xa3ZC;\xe4N\xaf\xd3bѭ\x19'\xd7\xfe7\xe0e\xe3\xd4j\xf3h\xfb\xce\xcb\xc8\xc8\xca\xca``j(f \xc2\xc6\x1c\xca\xc2%\xcc\xeb\x9cY\x9c\x9c\xaf\x10\\Y\\\x92\x9a[l(m \t\x12g\x16\x16\x82\x88\a\xe5\xe7\x97(8;*\x18\x19\x98X\x18ȉ\xf3\x1a\x98\x18\x98\x1a\x9a\x18\x19\x18\x9a\x1b\x1aE\x89\xf3\x1aYB\xb8F\xa6&FQ\xe4\x1a\xdbĨ\x80\xec@FV\x06\xe6&F^\x06\x83&F\x0e\xa6&FF\x86\r\xb3v\xae^\xbe\x9e\xab|\xf9\xa3\xc2m[Ғ\xa6Tt\xb8\x1fK\nmq0\xda\u007f`\xb5\xdeR\x99\xc2k{\xf2\xaaW\xacڕwI\xb4\xc3\xc3u\xee\xa2?\xcd\x17\xce\xec\xecy\xa0\x96Q\xe0Uq_Q|ޗD֓\xa2'\u038b\xdd2M\xec\x9c⼢e\x85ጊ\xd9;\xfd\xf2u\x82\x85r\xceʮ\xd5V\xd9mxD\xfb\u007f\xb3K\xfe6[\x95r\xceW\xfb\xb5V\xc8g\x85}S\xe0\x17\f\x99\xdeX\xba\\\xf5\\dVS\xea\xfb\xed\xaf\x9e?\xea-\xed\xce\xfbt\xd7\u007fY\\Ҝ\xf3\x02\\)\x17\xfcr\xcfi\x9f\x89\xfe\x9a\xb0Tݽ7\xf3K\xfd9\xe9\x82{\x05\xd2\n\xd7\xf2\xce.c\\a#ti\xa5\xfd\x82\xec\xb8\xdd}\n\xddU\x13\x1fo\xcdx\xb7\xe0\xf9\x11ƒ\x15\xc1\xdc\xda^\xb3\xf8S\x85\xf8\x9a|\xfb\x92\xff\xbe\u007f=[\xeav\xf02\xe1\x84\xf5\x87j\xaf\x1f\xcf\x11W\xbdR\xfc\xdb=%\xa0\xb1a\x8a\xcf\xc3\xfd\xeb\xbce\xeeOz\xab\xc7z\x9f\x89\x91yq\xa0\x81\xbf\x017\x1bs\xa8,?\v\v3\x13c\x9b\x01?\x88#\xcc\xc8\xf8\x9f\x85Հ\x99\x91\xf1\xbf\x81,H\x80\x8fE\x8cED\xfd\xf3\tQ\xb9\xbcYL\x9cbk\xb5\x17t&\xc4ߪ\xd6_e \xc0Ʃ\xcd\xc6\xc8\xc2\xd8d.\xca\b2\x81\x01-M0\x83Bz\xeeܖ\x96Ŏ+k\xcay\xb6\a\x9f\xf2s\tHz\x1fRs\xb9T\\\xe6Ńc\x1e\xde\xdb\xfe\xf9XI6\x86m\b{'9-iU\xd4┃\xdf\xfcB\x8c\x8f\x95\xff;*\xb3\xebi\xacꩯ\x1f&\xcfj\x16\xd4{v\xfaG\x89\xeb\xbf\xe7\xac;V?\xbf\u007f\xda\xfb\xa1y˭\x9d\xdd\xd3\v\xe4><꾾\xe1\x06\xdf܍\x99״&V\xaf\xf4\xf4\xaf{\xd67\xf5F\xb3\xba\xcd\xd5\fO\xbe+s\xbf\xe9\xbd^\xbe\xef\xb5\xc1\x925\xf2.\u007f\xa6\xae6f\xfb]\x9b\xc0uoKW\xf2\x869+?-\xd9\x19\xcc\xd8~!c\x89z\xfd\xea\xff/\u007f\x9dt\xb0\xe8H\xdfby\xac%?\xfcd\xf0\xed]}\xef\x0e8o\xfa\xc1ٜ\xf7?\xed\xbc\xdd{\xf1\xcd\x11\x12\xaa\x9c&q\x8fO_\x13\xd9\xf6\xe6Ӥ\xfc\x92'\xfa\x8dZW'M|\xf0`\xba\x8dQ\x06k\xab\xf7\xc5\xefᏂd'K\x85\xccg-8\xe0U\x98 \xe7̝ \xf7o\xf1\xb9Fɇܦ\x80\x00\x00\x00\xff\xff\x14\xb5A8G\x03\x00\x00")) - p.addCertFuncNotDup("0=1\v0\t\x06\x03U\x04\x06\x13\x02FR1\x110\x0f\x06\x03U\x04\n\x13\bCertplus1\x1b0\x19\x06\x03U\x04\x03\x13\x12Class 2 Primary CA", "\xe3s-\xdf\xcb\x0e(\f\xdeݳ\xa4\xcay\xb8\x8e\xbb\xe80\x89", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x9ed\xd0\xc4T\xb5\x80\x99\x89\x91\x89I\x90\xa1u\xaf\xf7\xe7\x1b\xb7\x1eg~\x9br=\xfe\xf0R\x17e\x03^6N\xad6\x8f\xb6,\x8c\xac\xac\f\x06\xb6\x86\xdc\x06\x9cl̡,l\xc2LnA\x86\x82\x06\xfc \x0e\x970\x87sjQIANi\xb1\xa1\xb4\x81$H\x88YX\xc89'\xb1\xb8X\xc1H!\xa0(37\xb1\xa8R\xc1\xd9\xd1@N\x9c\xd7\xd2\xd2\xc0\xdc\xc0\xdc\xd0\xdc\xc0\xd4\xc0 J\x9c\xd7\x10\xc45326\xb54\xb5\x8c\xa2\xd4\xf8&F%d\a3\xb22071\xf23\x1841r15122\xdc\t\x98vA\xe8\x87\xe9%\x8e\x8a\xaamA\x05\u007f\xf3ߝ\xdf)x:\xb6\xfcᛗu,\xbd\xd7\xce\xe4\x17;\x87'\xac1\xe6ry\xc3\x1c/Ӡ2\xf1銉aBM\xdf\x1fh\u007f\xb9\xbd.Q\xafS\xa07;g\xd7f\xa6\xbdW͎z\x98+?\xfa\x10e\x1ed,.\xf4\xe8b\x82\xef>}G\xc1\xc7\xdf\xc4Uy\xba'\x1e\x90\x9eY=3\x8cw\xfd\xbbK{\xdc\xc3\x1fWzV\x9bt\xaa\xab\xb4\xdc\xdb\xf8\xe6e\x84\xdf?\xbf\xfbQ\xfb\x1c\u05ee\xe18*\xc1\xf7\xfeR\xf0\xbb\x9c\vs\x85\x18\x85{\xef4$}\x9f\xbaҥë\xd0/!t\xdeme\xc9\xca0v\x1e\xfbd\xee\x98\r\x8f\xf6Չ\xfe\x99b\x1c\xe1hQr\xe4a\u007f\xf7}\xb55\xf2[\xbb\xad\xb7;GfoPY\x96;\xa1\xfbHѫX\xe3\x19\xdbOߋ\xab~?壴ݩ\x93\x8a\a\x8f\xce`Z\xb5\xe8[t\xf9\xec\xafu\xd3BMd\xd23\x0f|tz\xec\xbe揆LZ(\x133#\x03\xe3\xe2\xc6\x1e\x83\xc6Np\xc8\xca\n\xb3p\x18\xb012\xfegb\xe42\xe0\x06\t\xf0\xb3\xb0031\xb2\x19Ȃ8|,b,\"\x8f\x8bu\xef\x9f\xe6\xd3\xe0\xb9ww\xf3\x92S\x95;\xfav\xbf0\xe84\x10d\xe3Lh\xf3`l\xfb\xe1\xc4\xc8\b\xd5a\x0e\xd2!\xcfb`\xa0g\xa0\xb3@k\x81F\x9bZFII\x81\x95\xbe~yy\xb9^24\xfa\xf4\x92\xf3s\xf5\x9d\x83|\xf4\x93A\x91g\xa4\x97\\\x94\x83\x96\u0098A\xf1\xb4<\xe4|\x87\x8b\xe4\xe9\xfbW\xea\x19\xee\x87\x19'm\xfd\x1e\xc88\xe1\xf5a\xfb\x8b\x1d./Ub\xdf?\x17٫\xb0}\x96\rÿ\xdc\xf9\xb7'ܹ\xfe%\xe9ZwA\xec\xf3\xa7,\x1e+3jN~t\xfa\x9cS\u007f\xb4\xaaF6\xb0c\xd7%.;\xf5\xd8{\xba\x81~\x97\x85S2\x9f\xe8=\xbe\xfc|6\xe7\xcce\x0f\xa6\xce>'u\xbd~\x9f\u0379\xa0͂\xa2\a\xf9\xc5\xcf2\uf7a3*\xbakQY\xe7\x1f\xb6\x8f\x12\x17&{\xf3\xd54m_\xfa\xe5[\xfc\xbf\xb7\x0e\xcb涔X\xee\xbc#\xd7*vKS\xbaM\x99\xe1\xe4\xeeκ\xbc\x86\x0e9}\x91-\xcc*+\x8c\xf2\x99g\xb9\xeb\x18\xec\v;\xb6܉\xa9@\xfa\x95Í]\xac\xcc\x05\xecK\xa6\xfd\xff\xeba\xcc\xf5\xf0\xce\xd2\xc6\t\xb3}\xef\xd6>\u007f\xbe\xe9l̉\xac\xa9?\x96~\xeb=\x12[\xc1\xb1\xaf\x9a\xed\x9a\xe7yI\xb3\x00e=\x8eg\xf3X}\xdd%\xae\x8a\xbd\xdcxm\x9b\xc0\xd5\xdd\xd3\xf7/\xea\xdb\x12\x02\b\x00\x00\xff\xffێ\xb9\x1c\x96\x03\x00\x00")) - p.addCertFuncNotDup("0N1\v0\t\x06\x03U\x04\x06\x13\x02us1\x180\x16\x06\x03U\x04\n\x13\x0fU.S. Government1\r0\v\x06\x03U\x04\v\x13\x04FBCA1\x160\x14\x06\x03U\x04\x03\x13\rCommon Policy", "/X\x97ة\x05\x98\xa5V\x1f\xfb٫u\xef\x02<64\xc7", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb^h\xd0\xc4Թ\x80\x99\x89\x91\x89I@\xd3\xcc}\xd5\xe3\xae5m^\xcaa\x9fNmO\\o\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xc0ϐۀ\x93\x8d9\x94\x85M\x98\xa9\xb4\xd8P\xc2@\f\xc4\xe1\x12\xe6\x0f\xd5\v\xd6Sp\xcf/K-\xca\xcbM\xcd+1\xe45\xe0\x06\xc9p\v\xb3\xb899;\x1a\x8a\x19\x88\x80\xb8\xcc¼\xce\xf9\xb9\xb9\xf9y\n\x01\xf99\x99ɕ\x06r\xe2\xbc\x06\xe6\x86\x06\x86\xa6\x86\xa6\xa6\x16\x06\x06Q\xe2\xbcF\x10\xae\x99\x01\x88Ku\xfb\x9a\x18\x95\x90\xbd\xc4\xc8\xca\xc0\xdc\xc4\xc8\xcf`\xd0\xc4\xc8\xc5\xd4\xc4\xc8\xc80\xbdw\xaf\xb1\xfa\x93\xb5ѿ+\xf6껻\xe7\x1d\xafx9yΒ{'e\xfe\xeaK[Z\xacq\x17?PW\xae\xc9`\xcd,\x9f\xc1\u007f\xd6w\xe9\xbb\xf2\x1d:Iن\xdf~\x15q\xd6\x1ah\xb2\xd5<\xafYl\xdb\"\xd1%\xbbNg\xd2\n\xf9\x17q\xfe\xbd}\xaf\xed\xa5~\xcc\xe1J\x9f\xbb!\xdd\xf7\x83\xde\x05\x83{\x87\xa7lXp^\x8fˤ>\x84\xf3\xb2\xd9\xde%\x9e\xe1A\xc5/\xe7\xfe{\xe2Q\xe9&\x1d\xddk\xf4d\xa9G\xcag%\xdeIs9D\xf7'\xd84\u007fwWRUZ\xabY\xb8\xbd\xfc\xbd\xf8\xc9Eۦĝ0\x98\xb0D\xc4#&,\x9c\xdbч\xf5\x8a\x96\x8f\xfd:\xa1ّ\x82\xa5\x05\xecJ\x99\xba:\x97\r\xcfL\xaa;svI\xdd\x14\xf7Us89\xbey\xaf\x0fz\x91\xe50\xf1h\xe8^\x87\x8d'r\xc3ۦ\x8a?\x93/\xde\xe7\xaeg\xd7\xed#\xbes\xa7\xaa\xcc\xd2 q3\x8e\xc8\x03N\xfb\xb8\xb4\xb7\x84\x05\xdaH\x87\x9e\xec\x99P\xfe\x9a\x89\x99\x91\x81qq\xb5A\xa5\x01\x1f\x1bs\xa8,?#\xe3\u007f\x16\x16f&F6\x03~\x10_\x18\xc4g5`fd\xfco \v\x12\xe0c\x11c\x11я\x98~c%댥a\xf2\xbfo\xae.}\xcfdcfr\xdc@\x88\x8dS\x9b\x8d\x91\x85\xb1\xc9\\\x94\x91\x85\x15l\xae\x812B\x8c\t\xa4\xb1l{´\xbb\"a\x9akJ[/\x17$\x1f\xdc\xe3\xde&Ӎ\x96\xe2\x98A\xb1\x92\xb0\uecc7\x98C\xd12\x8e\x8e\x93{\xdcuT\xbcc\x17L,~\x9bZ1\xe1C\xfa\x84\xaa\xa5\xfb\xb9\xd6n\xd3\xfa93\xfd~\xf3\xd1ry\x13N\x8b\x9fu\xf3\x1c\x1fx$\xfc{\xb4*\xb6\xbd\xe3U\xc7\xdf\x18\xd7M'\xb3n\xd5.Y\xbb\xd1\u007f\xbf\f\xef|\xb9Y\a\xae\x8a\x14[hwU8\xe4\x19|Ozxv\xe6\x9f\xc0\xcc\xf4\x1c\xc1\xbb;\x04\x16g\xdcS[\x1a\xf6\xd7,\xc7|F\xce\xefw569\xd9\x05\xf6\xdf=\xcc9\xfb\xb9\x9d\x1a\u05fa\xb9\xed\xe0nf\xfb\"m\xb1\xa0\xde\xff,\xf7\xfb\xe6\xce\xf6\xe92]\x06\xe9w\xfe\x86,d\xaec<\xdd곑[\xf3\xf0\xbe75\x0f\xed\xf99\x83l\xf4\x97\xcf\xf2\xf8g\xfeR\x90-⡙cבm\xfb\xfb\xee\x9e\xf3ڼG\xea\xc0\xd9_R3/\x15\xce\xfeu~ϧ#!\x8b;L\xcb\xceH\xeb\xb8\xe5\xf3l\xb9x8\xb1lR\x89\xe0+\xef\x86^\x99N\xc1\xee7\xd1\xff\xc5Oz\xfcy\xfe\x80M\xf0QK\x1c \x00\x00\xff\xff\xcc[\x13\x16\xa5\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\x811\v0\t\x06\x03U\x04\x06\x13\x02GB1\x1b0\x19\x06\x03U\x04\b\x13\x12Greater Manchester1\x100\x0e\x06\x03U\x04\a\x13\aSalford1\x1a0\x18\x06\x03U\x04\n\x13\x11COMODO CA Limited1'0%\x06\x03U\x04\x03\x13\x1eCOMODO Certification Authority", "\vX\xe5\x8b\xc6L\x157\xa4@\xa90\xa9!\xbeG6ZV\xff", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x915hbf]\xc0\xcc\xc4\xc8\xc4$\xe0ר\xdbՔ\xfa\x80\x9b靝)\x93\xdbS[\x03^6N\xad6\x8f\xb6,\x8c\xac\xac\f\x06\x8d\x8d\x86\xdc\x06\x9cl̡,l\xc2L\xeeN\x86\xd2\x06\x92 \x0e\x87\xb0\x90{QjbIj\x91\x82ob^rFjqIj\x91\xa1\x80\x01\x1fH\x92]\x98=81'-\xbf(\xc5P\xca@\x02$\xc2%,\xe8\xec\xef\xeb\xef\xe2\xaf\xe0\xec\xa8\xe0\x93\x99\x9bY\x92\x9ab\xa8n\xa0\n\x92c\x16\x96\x83ɥ\x16\x95d\xa6e&'\x96d\xe6\xe7)8\x96\x96d\xe4\x17e\x96T\x1aȉ\xf3\x1a\x98\x19\x1a\x19\x18\x1a\x80A\x948\xaf\x91\xa5\xa1\x91\xb1\xa1\x91\xb1\xa9\xa5\xa9eԠpc\x13\xa3\x12r\xd01\xb22071\xf23\x1841r15122\\p\xe8\xee.z(\xfa.\xbc\xb1˲Ff\xdeb\x95\xb9\x9f\x9a\xc5f\xac\x12\xabq\x9e-\x1a\xbd}\x9d\xc9\xc4\u007fW\x92\xd4$\xdcfٿ>\xf8\xf3\xe3\x84\xf0\xd7k\xaax\xbbo\x17\x19d\xa5]}ම\xe0N\xc6\xcd\xff,\x1e\x9d\xe5\xf7\xb6\xbe\xfc\x9d\x9e\xeb\xf8r\x8f\xe5^\xa3\x9bIL\x1f7\xae\xb0\xcd3\x9f\xf3H\xff\xd1\xe5Ej\xdd\xc7v\x84:w\xe6#j\xbe\xc4a\xa5\xc1J\xc5}\xeefQa\xff\xc1\xf1#\xcb\xcf\xc8\xf8\x9f\x85\x85\x99\x89\x91̀\x1f\xc4\x17\x06\xf1Y\r\x98\x19\x19\xff\x1bx\x82\x04\xe4Y\x9c\f\x1c\f\xec\x16\xd8,\xb0j\xb3\xc8())\xb0\xd2\xd7O.\xca\xd1K\xce\xcf\xcdO\xc9ON\x041\xf4!\x91\x86\x12g\xf0(\xd3K.\xcaAK\xed̠\x98\xb2\x9b1o\xf67\xe9\x97\xd7-\xb7W\xac\x93-\x92\xf0\xbc\xdc\xfeĹ\xe9\xb5\xfd\xc9U_Wl}\x1fZ\xa3\x18\x94\xfa\xf3*\xefÜ/v=\x93\x8b'\xea1\x1d\xf1c/\xcc?\xd0o\x91ȱB\xae\x91뀾\x82\xbec\xf7\xc4;\x1e\xae{>\x1e\xbb\xb7\xab,\xdb\xf8\x04\x83\xae\xa1\x9b\xcf\xdb\xe7s\xcfwL\xf9o| \xec\x85J\x9bڎ\x1b\x16\x16\xf7\xb5\xb2\xef\n\x9d9n\xef.\xee\xb3\xe8\x10\xdb4\xcek\xb7\xff\xd9۸9ޏx\x14\xc6oc}Pf\xb2\xe9M\x8b\xa05\xefN\xbc\xd13\xf0\x9bb\xbaEE\u07bb\"\xf3\xd6'&\x8b3S\x83&\u007f(P\x8d\x9c\xa3\x90~\xe4\xdd\xcf\xee\xf0\xc4/\x93\xcaj\xed[zC\xb7\xbfx\xba\xe6\xeaǯ\x92aˢ~O\x90Y?\xf9\xf5S\x99+\xe9\xd3cY\xf8\xf6q7/\x13o\xdei \xb4\u0a31(\xebN\xde\xdf\xc7Y\xcb\x1e\xdf\xf0\xea\xfdc\"\xbe\xf8\x98\xa2\xc6>\x03WC\xb9\xe3\x15\xfb\"\x12-\xd6X?bL\x05\x04\x00\x00\xff\xff\xcc\x10\xcf&!\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\x851\v0\t\x06\x03U\x04\x06\x13\x02GB1\x1b0\x19\x06\x03U\x04\b\x13\x12Greater Manchester1\x100\x0e\x06\x03U\x04\a\x13\aSalford1\x1a0\x18\x06\x03U\x04\n\x13\x11COMODO CA Limited1+0)\x06\x03U\x04\x03\x13\"COMODO ECC Certification Authority", "uq\xa7\x19H\x19\xbc\x9d\x9d\xeaAGߔ\xc4Hw\x99\xd3y", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xea4hb\xe2_\xc0\xcc\xc4\xc8\xc4$ \xef\xbe~U\x12CA@\x88\x0f\xe3\xbc\xd9\xc93\xb5\f\xb8\xd88\xb4\xda<\xceٲ03\x1b4\xb6\x1ar\x1bp\xb21\x87\xb2\xb0\t3\xb9;\x19J\x1bH\x828\x1c\xc2B\xeeE\xa9\x89%\xa9E\n\xbe\x89y\xc9\x19\xa9\xc5%\xa9E\x86\x02\x06| Iva\xf6\xe0Ĝ\xb4\xfc\xa2\x14C)\x03\t\x90\b\x97\xb0\xa0\xb3\xbf\xaf\xbf\x8b\xbf\x82\xb3\xa3\x82OfnfIj\x8a\xa1\xb6\x81&H\x8eYX\t*\xe7\xea\xec\xac\xe0\x9cZT\x92\x99\x96\x99\x9cX\x92\x99\x9f\xa7\xe0XZ\x92\x91_\x94YRi '\xcek`a`l`f\x00\x06Q\xe2\xbc\xc6\x16\x06\x86\x86\x16FƦ\x96\xa6\x96Q\x83Ɲe\x06\x02l\xec\xe0\xd0cbdc\xd5ndaPbNb`av\xaf\xd6/=\xd9$\xda\xfa\xbb\xf4\xc9D\xb1+\xab\x93f~\xb5\v\xe2f;\xe7\xc8P?\xfd!\x97\x8a\x8d,#\xcb;\xdbK\xbd\x9c\xd3y\x1e\x94>\xf9\xf5\xbb\xbcK\xeb+s\x82\xb7Y\xb7\x98\xb2\xd8Z\xce\xc2/^_4\x02\xb6\xfc\xeb\x90ɳ\xcf\xd1\xd7猌^\x1a\xcdm<\xf3\xd1a\xdbΟY:\xef7]f{\xb9\xd8\xc9\xc0\xc1@\x96\x8d9T\x96\x8fE\x8cE\xa4\xb4p\xb9\xa4\x87䞹s_9\xbaߟrģ|\xe6\xe5J\xb0\x9fe\xf9\x19\x19\xff\xb3\xb0031\xb2\x19\xf0\x83\xf8\xc2 >\xab\x013#\xe3\u007f\xe4xg\xce`0He2dx\xcf\x1c]\xb5f{\x05W\xd1\xf6\x8e\xfb\xff\xb7\xba\x89pr\xfdZ\xf0\xac\x96\xe3\x98T\xfb^\x89\x15\xc5{\xd5N%\xf0\xcc=7s\xfe\xf9\x18~\x83\x87\xfbD\f_1\x19\x88|\x99l\xe3\xb9ܸj\x82\x9b\xfb\xe6\xe4Z\xe1\xd9~\xdb\xf3%\xcc\x1b\x82\xff\xddUx`:\xcb\xec\xe2qƝ\xcf\xee\xdc\xfd\xfc_V\xc7J,\xfc\xe6$\xcbk\x80\x00\x00\x00\xff\xff;\n\x84f\x8d\x02\x00\x00")) - p.addCertFuncNotDup("0\x81\x851\v0\t\x06\x03U\x04\x06\x13\x02GB1\x1b0\x19\x06\x03U\x04\b\x13\x12Greater Manchester1\x100\x0e\x06\x03U\x04\a\x13\aSalford1\x1a0\x18\x06\x03U\x04\n\x13\x11COMODO CA Limited1+0)\x06\x03U\x04\x03\x13\"COMODO RSA Certification Authority", "\xbb\xaf~\x02=\xfa\xa6\xf1<\x84\x8e\xad\xee8\x98\xec\xd922\xd4", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xbda\xd0\xc4|`\x013\x13#\x13\x93\x80Ϫ\x9f\xa7n'\xe7?\x90\xff\xeew#\x9a\xb9m\xae\x01/\x1b\xa7V\x9bG\xdbw^FF\x1eV\x06\x83\xc6VCn\x03N6\xe6P\x166a&w'Ci\x03I\x10\x87CXȽ(5\xb1$\xb5H\xc171/9#\xb5\xb8$\xb5\xc8P\xc0\x80\x0f$\xc9.\xcc\x1e\x9c\x98\x93\x96_\x94b(e \x01\x12\xe1\x12\x16t\xf6\xf7\xf5w\xf1WpvT\xf0\xc9\xcc\xcd,IM1\xd46\xd0\x04\xc91\v+A傂\x1d\x15\x9cS\x8bJ2\xd32\x93\x13K2\xf3\xf3\x14\x1cKK2\xf2\x8b2K*\r\xe4\xc4y\r\r\f\f\r-\r\xc0 J\x9c\xd7\xd8\xc2\xc0\xd0\xd0\xc2\xc8\xd8\xd4\xd2\xd42jи\xb3\x89I\t9\b\x19Y\x19\x98\x9b\x98\xf8\x19\f\x9a\x98\xb8\x98\x9a\x98\x18\x19&\xbe\b\x99t\x89+l\xe3\x1a^\x95\xbbGϻ\xa4\x97\xcc\xd46_\\\xab\\\xc0P\xb8'\xf8\xfe\x91_ZB\xfd\xde\xf5\x02a{\xe7\x17\x14mO\xac?\xe9\xcd/\xbe\xdc\xf6\xf1\x06\x96\xc4w\xff\x05\xa7\x1f\xff\xd2f\xc7\xf5\xcb.\xe6\xe7\xe4g&U7E\xb2\x9f\xcf\xd9ܺ\xa0\xa9\xaal}\xe1\x84\xebo\xfe\xf2\xfe\x9a\x93\xf3\xeb\xfe\x86\xa6/\"u?\xf7\x1dY\xa6\xef_?\xb3~\xeb\x9ft碽<\f\xd7:_g\xeb\\~\xdb?CFdu\xdd\xd3\xc7y\u007fn\xacx2I\xe5\x96svҎп\xaf\x0e\xee\xc9\xd9\xd6\xfd\x99\xafw֓\xd99\x993\u007fTx\x18\xb8^]\xfb\x90\xd7\xc65\xe1\x8fѴ@\xf5=\xe9\x87O\xe9m\xcb~\xe5v\xfc\xb8\u0082\x8d\xf2\xa9\xf7<8v-\xf1[\xf9\xa9\xd9ͼ\xe5\xf5\x8b3\x8d\x1e\xce\xe9~EZ\xb3c\xf6\xfaHkt\xc5(UoY=\xe3\xe6\xbb\a\x81͇9\xdd\xfcr\xedf\xfe\x9a*~\xab\xc68\xdcѦ7\xf0-\xf7\xb6\x98\xf5:\xc9R\xf7\xc3O\xd8\xefy\x19{d\xf6zי\x8f\x16G\xa9lٵ2\xcc\xf6|\xfe\xaa\xff\x9e\x11\xfb>\xac\xf8\xffe\xc7ڗ\xe6\xbfw\xed\xf8\xc2m\xf5\U000c5cd3\\獖\xd3\xc2\x1fo\xee~ؙ\xb0\xa3G#l\x8d\x88\xec\x1c\xae煯\xcf\xf3ݵ]9m\xa1\xc7^\x9b\xef\xeb\xb7\xf2*\xf9\x1c\x10l|\x13f\xfd\xed\xf2\xa2G\xd1\xdb7\xb1(\x05Mm\x98\x9c\xf9\xa2\xcf'\xf5\xe3Df݂\x12\xa6W\xdd颚\x99AL\xbb\xaf\xdf\x0f\xc8\nuۿ`\xb1Fb}\xc1\x85ËV\xe9(\xaer?\xa71\x87͵l\u007f\x93\x84\xfa\x96\xab붜\x0ex\x96\xfdŧ\xad\xd0\xe0\xe5\xb2\xfbbm\x0fn\xfcw\xb8\xfb\xfb\x82SG\xfdbc+\xbd\x189G\xc1\xc6\xe4s\x12\x85\xd9\xdao\x96um7\x8c\xb1\xcar\u007fp\xb82\xf2\x9a\x82\xd4\xfaOY3V\x15\xed\t\xf7\xba\xe4=w\xb7\xc0\x9f\r>\x8eO\xdf\xca\xda\xc6i̝sf\xff\xe6\xc0[\xcbݟ\xb6\x0431320.v2p0\x90ec\x0e\x95\xe5c\x11c\x11ٽ\xbe\x8e\xc9\xf6ײ\x8f6-}k\xdfY\xccxs\xd3\xc8\xe8\n8\x85\xca\xf232\xfegaafbd3\xe0\a\xf1\x85A|V\x03fF\xc6\xffh\x19\x95\x19\x94\xb8\xb8>^ukپ.pw\xce&_G\x11\x86\xc9>sN?=\x10r~\x81j\x1f\xd3Ͽ\x1b\x16\xf1~U\x98a#\xac\xbb&lцku\x82\x93^\xea횧7\xabh\xe3^I\x97\x9cD\xd3E\xb3\xb6\x88\teF\xf5<\xbcn\xb7D\xea\x85>\xf3\x97u\x89\xb2\x02\xd2ZK\xba\xab\x8e\xfec]\xf6\xf0\xc0\xb5\x13\xff\xe6\xad\xeb\xd7\xdee;\xf3Ǎb\xce\b\xb7\xbces\xbe\\W\xbf<\xf5\x96ys\x91\xcc\xe5\xe2\a\x8b\xdcg2[\xc4^\xf5\xacdД9\xfef\xb6\x82\f\xbbJfx\xc5&\xcb?V-\v\xb6Ω\xe9ݯ79I}\xbb\xe5-q\x89u{m83\xfe\xb7̶\xb9z\x8d\x9b\xf9q\xf8<\x91\xef\x17_\xfb\x9f\xd8ۮ\xbc}\x9b\xa7sek̮ד\xb8\x17\x1e{\x91\xb1\xc2Gl\xa3\xd4L\xae\x17\xc1:\x93v/\xe4\x94(\xe5I]Q}Zy\xbb\xd4!\x8d\xd6\xc3\xd2\xff/h'\xbd_R\xcd9qFz\x8f\b\xe3\xd9\f\xb6\xacd\xc5R憎\xae\xbc\xc6c\xad\x9fV.\xd1}\xfee\xa9\x8a\x80{\xf3\xa9\xb3_z+#6\xb2\xcd~.\xa5us.\xe3\xf5)\xb5o\x99\xbdN}\xb8\xfdb%\xa3\xddװ\x99'\xe5\xfaV\x1ae6v\xcb{\x97\xaa\x92\x05\xee2\xe7(1", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x9el\xd0\xc4T\xbd\x80\x99\x89\x91\x89I@DxZ\xb3Hhϫ\xea\xe4\xa7\u007fL\xda\xcb]\fx\xd98\xb5\xda<ھ\xf322\xb2\xb22\x18\x98\x18\n\x1b\b\xb21\x87\xb20\vs9\xe7\xe7\x06g\xa6\xe7)8;\x1a\n\x18\xf0\x81\x04\xb9\x84١\x82\x86\xdc\x06\x9c \x116a&O\x1f\x039q^\x03\x13\x03c#\x13CCc#C\x8b(q^#K\x03cCKCS\x03\x10\x97LS\x9b\x18\x95\x90\x9d\xc7\xc8\xca\xc0\xdc\xc4\xc8\xcf`\xd0\xc4\xc8\xc5\xd4\xc4\xc8\xc8\xf0\xe1IH\xa6\xf6\xe5\xe3\xfdY.O\xea\"\xd4\u007fp_x2E\xa8룴\x85\x85\xbe\xbc\xe1\x1c\xb6+:\xcb\xefqk\xad\x93Z\xf0x^\xd6\xfe\xf96\xc7\xf3\x16\xfd\xecNɱZ\xdb\x1a\x1a\x18\xb2\xd4\"t\xc7\xeaf\x96O\xf6)f\xdf\x0f\xf4:;g\xa5]\xfc.\xaeu\xf5\xbd\xd9/\x03\x01\xa7\xeb\xc1g\u007f\xfe2.\xf6\xd9\xfc\xb2E\xa1뚣\xba\xe9\x13\x8b_Sf\xef\xa8zR)o\xfc[\xfa\x86\"\xa7F\x8d\xafDf\\JW\x95\xe4\xe4Suo>\x17=7g\x8f\x88\xd4X\xe3\xf4\xf3\xe8\xff\xb3\xf6ϗ\xfe\xb2\xd8x\x81\xe7\xf8\xcd \xa9\xe0k\x8dg\x9c\xaaL\xa3\xdfz[U}\xdb\xdaw\xe6?\u007f͓\x04\xb3v\xfd\xb5\x1f\x16\xaa\xd6\xfe\xbf\xe4-\xd8Q\x10\xb2\xccqEzp\x90S\xdc\x13\x93yO\xf6-~\xb3*)\xf6\xeea\x9feM\x8eO\x8c\xb9ל4\xe6Oi\n\xd7\xfa˳\xd6\xec!\xcf:\xef\xa3\xef\xadg\xdeT\xde\x1c\x1d\xbb%\xfcMI\x01\x8f\x96?\x133#\x03\xe3\xe2\xc6\x05\x06\x8ds\rxؘCe\x85YX\r\x98\x19\x19\xff\x1b\u0602x\xf2,f\x06&\x06F\v\f\x16\xe8\xb5\xe9d\x94\x94\x14X\xe9맥\xa6d\x16\xe9%\xe7\xe7\x16g\xa6\xe7\xe9%\xe7\xebe\xe6\xe8'\x17\xe5\xe8C\xc3\xdf\xd9Q/\xb9(\a\x1c+\xb2\xfc\x8c\x8c\xffYX\x98\x99\x18\xdb\f\xe4A|e\x16\t\x03\xb1\x06\x11o\xc6\xd9vaR\xa9fe\xa7\xab\xa7\xaf\x9a\xc4\xfa\xce蹆\xa1\x81,H\x01\x1f\x8b\x18\vvi\xd44\xc6\f\x8a\xbb\v7\x97\xd6\xfd\xd3Lp\x9d[\xd7|>o\x8f{\xdeW\xa9y!eN\x85[l\"\xecu\x1dT\x9d\xbe5\xce\xf9\xd8)p\x82oU\x85\xbf\x05g\xf8\x06\x9b\x03\x1c\u007fL\xfb>z\x04\xf6\xf2\x14\x96\xecj9r\xbdhvK\x8d\x85_\n\x9b\xba\xd6\xc3\xe5[\xdfp\xcc\xdc\xc2\xc5{\xa5\xb5\xf8\x84\xd0Cӷ\x1fY\re\x8bg\xf2\xbc\x9ev\xea\xee\xe5g\xad\xab>t\xfd.=\xf8\x89\xd3&55\xe5\xb3ύ\xb5\xa7;2??i\xdeγW\xef\bSq}m~\xfca\x99\u007f\x91\xa5\xc4\xfd\xba\x92\xa2\xe3ź\x96\xaf\x12\x9e\xad\x15\\\x14\xd6^}8cֿ\x1f=\x05+\xee\xa7\x1a}Y\xe2г\xf0\x90\v3\xdf\x14\x86\xf4\x05\x85\fM\x1e\x80\x00\x00\x00\xff\xff\xd88`\xfc\x97\x03\x00\x00")) - p.addCertFuncNotDup("0E1\x1f0\x1d\x06\x03U\x04\x03\x13\x16ComSign Global Root CA1\x150\x13\x06\x03U\x04\n\x13\fComSign Ltd.1\v0\t\x06\x03U\x04\x06\x13\x02IL", "\x02E\x93\xd8\rHb\xaci\xba\xae\x06[>\xfb\xaa&\x91P\xb1", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbc4hb~\xb9\x80\x99\x89\x91\x89I\x90\xa1?\xb1PtWe\x84xO\xad\xa0՚k\xb7\xd7\x19\xf0\xb2qj\xb5y\xb4}\xe7ed\xe4fe0p5\x947\x90ec\x0eea\x16\x16s\xce\xcf\r\xceL\xcfSp\xcf\xc9OJ\xccQ\b\xca\xcf/Qpv4\x145\x10\x06)\xe0\x12\xe6\x81)\xf0)I\xd13\xe46\xe0\x04\t\xb3\t3y\xfa\x18ȉ\xf3\x1a\x1a\x1a\x98\x1bZ\x18\x1a\x18\x99\x98\x9aD\x89\xf3\x1a\x9b\x19\x98\x1b\x9a\x81\xb9\xa6QԲ\xa6\x89I\t\xd9\x03\x8c\xac\f\xccML\xfc\f\x06ML\\LML\x8c\f\x9b44\x8b\xb5d_\xcf^\xf9uޏ\x053\xe3\xaf\x06\a\xfchՑ\x88\xcezq7j\xe5\xb9\xc9/.\xfc(\xbf\xb3Co\x95\xe9\xddg\xd6\xcd\a\xee\xa9-\x17y\xc9\u007f?\xf6m\xf5\xce\xf8Em~\xc1\xa2[?\xd7\xe5\x9a\x1dxt\xf7\xe3\x1bS\x93\xb4\x95_X\xfc\xc2w\xbcй\x93t\xfcqh\xda\xfa9\x1a\xc7\xc3.\xb5F\xf9\xfc\xe8V.\xb8\xc7\xf2OX\x9d\xefv=\x9b\xdb\xcf͵\x1f9\xf2W\xb4\xdb\xc5N[\xab\xc0|k\xfe\xfa\x1f\x16\xd67Sd\xa7^\xe6|\xa6=3\xe6\xee?͊\xe3\xfb\x9dV\xdc>6\xf1\xd2\xf7]\xf9}\x9a\x9d5\xebxc\xed.\xfc\t:\xb3\xd6p\xc1\x03\x16.MM\xf9i]\xec\xa6/\x99\x8a9w\xdf\xe9\xaat\xf1\x8b\xfal\xff\xb9\xe8\xfd\x820\xbb\x02\x81\xc6e\x8c\x01\xdb6\xfe\xe5\xcbm\r\xb53\xaff\xb1XU\xb5\xeb\xc7\xe4\x12\xfb\xe9\xd6+\xf6\xbeb\x10\fn\xfcr\\\xf8\xa8\xf2>\u007f\xedo\xb2r\x1b\x1fי\xc8\xed\xad\xacP\xaf;\xaa\xfa\xf9\x8cG\x81tÇD\x19\xfdU\xf3\xff\x9a>0\xde\xf8x\xf9\x11\xc9r\xd9\xc3\t\xae\x15M\x1c\aw|\x93\xa8\xfb\x12\xae\x146\xeb\xa5\xfd\x91\xcdL2U\x9e\xff\x8aX?\xf3\xeed\xe5N\xb1\x9bi \xa8\xf4\xab\xeaؔ\xfc\x80M\xec\xad\t\xfd\xea__\xffUwSh\xd0\xe0i\xfacf\x9f$\xbf\x9a7;\\\xfb\xb8\x95\x93\xeb\xe1\x9be\xcb\xd6\x06e<.\xb8j\x12Ֆnv\xff\xe9n\x91\xb8\x15Sy\xde\xfc\xbe\u0093\xb5b\xfdʇ/m\xef\xef3\xb4\xb9\xccykC\xa5\xc1\xe6\x03\xf6\xea\x06\xcanWvl|\xa8\xaf\xb7\x9c\xa1\xd1]Oz\xad\xcf%\xbb\x97\xfdo\x16v%=\x992K\xc8\\\xe2\xdd\x1c\x8f\x8fI*\x01<\xafo\xed\xdf\x15\xd4\xf2e\x0f{\x91ս\xe7\xdbc\xf6|\xee\x93zw\xe6\xc5\xdfE\xf3\x0f\xf5<\x92\x8b\xed\xbb\xce73\xd6a\xfb\x85\xf5+\xb7\x96FY\xa9\xee\xfe6\xc1\xb9p\xd3ͯӣ-n\x04\xbdq\xdb\xdeQǮrGe\xdb\x06O]&fF\x06\xc6ō\xaf\r\x1a_\x18\xf0\xb31\x87\xca\n32\xfega5`fd\xfco\xd0\xd8\x02\x12\x91g\xa95\xa86\xb0Y`\xb5\xc0\xa2\xcd,\xa3\xa4\xa4\xc0J_?-5%\xb3H/9?\xb783=O/9_/3G?\xb9(G\x1f*\x92\x0eN\xa8E\xf9\xf9%ɉz\xc9E9\x06\xd6\v,\x17\x98\xb7\x99Bu'\x17\xe5\x18\x92\xa0\x99\x0f\xe4\n~\x90\xbbX\x98\x99\x18\xdb\xc0\xd9B\x96\x8fE\x8cE\x84\xc9u\xf2\r^\x8f\xa45\x99\xbbֱE\xdb\xfd^\xa561`\xa3\x81:\xe7ZƂl\x91\xebs\xb7T\xfb\x9cew\xf7\x8d\xe6Ɏ\xe0\\\xf7P\x9a\xf1\xd8G\xcd\b\xa5\xe8\xfd&\xdc%\xcf?ş\v\x8c\xe6L\xfa\x1c\xbc(\xe4@\xcc\xd3\xea\x93\xd7rr\x14\xba\x96v\xf7e\xb8k\x9e\xdav\xb4\xff\x8d\xff\xec\v-\x9d\xd7꧋l\x0fX\xfc9-\x82\xff\xe7\x06\xf3\xcb\x17\xe2\"\xecM\xe7\xa6k\xae+9v\xbd\xebƲ#\xfa\xcb\x1f\xb5\xb0\xe7\xb0o\x11\x8f\xbe=<\xe9ld\xbf\xe8V\xbd\xc7aϘk\x91\xee\x86\xca\xfa\xcc\x13\xbe\xec\x9b-\x9e6yA\x81jT\xeb\xd7;g\x99\x16}g1_8gŜ\xe9ӎ\xf7\xbf\x8e\xbd\xac\x9b\xc5\xc0\x18\"\xc6&\xf6\x98%\xc0E\xf7\xe4&\xbb\x8a\xb6\xe7\xcbg\xc5Y\xa760\xee\fPn\x9f|\xfaǙ\xb0\x1e\xb9g\xd7\xcf\bV\xe9\x87W\x1b\u007fuz0#\xed;\xdfqn\xfb @\x00\x00\x00\xff\xff\xaeg\x81\xac\x05\x06\x00\x00")) - p.addCertFuncNotDup("0<1\x1b0\x19\x06\x03U\x04\x03\x13\x12ComSign Secured CA1\x100\x0e\x06\x03U\x04\n\x13\aComSign1\v0\t\x06\x03U\x04\x06\x13\x02IL", "\xc1K\xedp\xb6\xf7>|\x00;\x00\x8f\xc7>\x0eE\x9f\x1e]\xec", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb^m\xd0\xc44y\x013\x13#\x13\x93 \xc3q\rw\xce\xcd;r\\{d\u007f\xa9|5\xf3{i\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xc0\xc6P\xda@\x92\x8d9\x94\x85YX\xc89?783=O!85\xb9\xb4(5E\xc1\xd9\xd1P\xc0\x80\x0f$\xc9%\xcc\x0e\x954\xe46\xe0\x04\x89\xb0\t3y\xfa\x18ȉ\xf3\x1a\x98\x18\x18\x1b\x99\x18\x1a\x1a\x9b\x1b\x19D\x89\xf3\x1aY\x1a\x18\x1b\x9a\x19\x9a\x1a\x98\x98\x9aEQhz\x13\xa3\x12\xb2s\x19Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x19\x8em͈\x97\x9d\"zx\tG\xa8\xee\xe3\x05\xe1U\xef_\x96h\xed\xdeY\x13\xee)%\x18\xe7\xaf\xd9\xce\xe3q-\xeby\xff\x95\xbap\x95\x9dl\x9dOdl^\xady|K\xb1\xa1X\x91\xeb}\xe5\x8c\x1cy\x8e\xff\v\x03j?͐>\x19\x92o\xb7T\xe3\x8d\"\v\xbf\xebnvۅ\a~i͐\xf5c\x9b\xfc\xfbk\x87\xf5\xea\xf8\xd3b\xfb\x9f}\x9e\xe7\xd5\xfeV\xf2ա\xf9\xceO>6.\xad\x17\xf0\xb7\xbb蕴6X\xfat\xf3\u007f\xf6ԥ\x93t\xd3VF\xef\x88\xfa\"\xbbEq\xa2\x97x\xf5<\xa3\u007fa*\x96\x9bBZ\x9c\xbf\xb6\x1c\xba\xb1\xc7q\u0099\xb9\xd72n\xbdl\nXi\x9dq~k,Ӕ\x04\xb1\x8d\xce7\x9dc\xefƶ\xe7\xbdڽ\xf9d\xf67\xe6)\x9c\x05\xf7\xc4\x04\xab\xb4_\x94\xf5{\n\xcc(ߙ\x1c\xd3m<\xbd\xf4\x1bwϦ\xd5\xd1\xf7J\x14T\xed\x1f\u007f\x16\xfcٞ\xd1fZxX\xb6G\xf7\xf5S\xa95\xfc\xc5W\x9b\"\x1d\x1a.31320.n\\nиĀ\x87\x8d9TV\x98\x85Հ\x99\x91\xf1\xbf\x81\v\x88'\xcfbk`m`\xb9\xc0|\x81i\x9bqFII\x81\x95\xbe~ZjJf\x91^r~nqfz\x9e^r\xbe^f\x8e~rQ\x8e>4\xfc\xa1q\xe3쨗\\\x94\x03\x8e\x1cY~F\xc6\xff,,\xccL\x8cm\x06\xf2 \xbe2\x8b\x84\x81X\x83\xc8A\xef\xb7\x05۾\xdb\xd50X3\xf4\x1f\xb7\xe3s\x9d/\x17\xfb\xc6@\x16\xa4\x80\x8fE\x8c\x05\xbb4j\xd2c\x06E\xa1\xd8\xf9w\x93\x84\x03VW\x8b\xcc3\xde椐uEt/\xe7\xea?E/\u07bbWMX\x13x0\xc5\xefe\xc7^g\xd7\xc6\xc7i\xca\xf6Bm\xbe\x92OX7<3?\xd4{\x8bM\xe3$\u007f\xe7\x92\xe0\x95\xa5\xf6\x1b\xa6\xfd^\xedc\x1c\xfa\xb3B\xcd-_\xdal\xc6o\xa7\xb2\x83M;\xfb\xee\xfdv\xfd\x99,\x9ddm\xc9v\xaa\xbcj\x85\r\xe7\xf9\x1c3[~.W\xefL1)\xd7Zc\xe6ԟA\x85\x13Ԧ\xae\xf1\xe1\xf9\xda=\xd9\xfeLiI\xeb\x8c]\xff\x93\xaa|\xe5;\xff\xad\xdb;\x85a\xe6~\xc1\xa5w\x1eT\x1e\x15\xe3\xaeeJ\x94}\xd5\xfa\x93I\xd4\xffyT\xa7\x9fH\xfecs\xef֯\am\x12\x1f\xfceu\xdc4\xa9\xfe\xb0\xec\x82\v\xeb\x82R\x12\xb2%\x8e\xa9\u0379\xf15剙T\xd2\xfc.~\xbb\xff\xb9~\x92a~\n\x13s\xe6\x9b\x18[\x99\x84\aX\xe57Ʊ\x1d\xfbjW\xe3ק}.\x95M/\xf6\x92VpI\xdc\xe5<\xf5y\xfd\x80\x00\x00\x00\xff\xff\x0e\x8c\x8c\xf8\xaf\x03\x00\x00")) - p.addCertFuncNotDup("0M1\v0\t\x06\x03U\x04\x06\x13\x02DE1\x150\x13\x06\x03U\x04\n\f\fD-Trust GmbH1'0%\x06\x03U\x04\x03\f\x1eD-TRUST Root Class 3 CA 2 2009", "\xfd\xda\x14ğ0\xde!\xbd\x1eB9\xfc\xabc#I\xe0\xf1\x84", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb16hb\x96^\xc0\xcc\xc4\xc8\xc4\xc4\xcc\xd9\xfcـ\x97\x8dS\xabͣ\xed;/##7+\x83\x81\xaf!\xb7\x01'\x1bs(\v\x9b0\x93\x8b\xab\xa1\xa8\x810\x88\xc3\xc5\xc3\xe3\xa2\x1bRTZ\\\xa2\xe0\x9e\x9b\xe4a\xa8n\xa0\n\x12f\xe6\x91s\xd1\r\t\n\r\x0eQ\b\xca\xcf/Qp\xceI,.V0VpvT0R020\xb04\x90\x13\xe75\xb044405\xb0065\xb5\x88\x12\xe75B\xe6Rۺ&F%d\x0f1\xb22071\xf23\x1841r15122\\\xde\xe4u\xbe\xca\xfd}\xe9l\xe5_V\xfa\xd7\x02\\;M\xad\x8ee\xdf\xfew\x9b!c\xc5\x03fAY\xf3\x00\x8e\xf9\xbe^\x19SL7\a_\x9c\x92\xbc\\!l\xfd\xbd\xc0\x8a7Z\xb6\x9f=<\x02\xec\xb8\ueec5v\xab\xe7\x1e\x16\xf0\xe5\x9d\x18\xe4|\xa3\xfdA\xac\x9f\xd9V\xc5S\xf1\x96\x0e,\xf1\xd1ug\x16\x1f\xd3^\xe9 wӬ\xe5\x9a\xc7\xe7Ir&n\n*\a\x97\x04\xf6yI\xbd\x0f\xb0ό\x95\xacw=|\x9c\xb1?\xf0\xa4\xf2\x8b\xa2u[\xf6\x84q\xd6\v\x9d\x96ٸ^s\x02\xd7\xc9\xd03\xfc\x97\xb7H\xbdu7\x8d\xf2z;\xa7\x98E\xf1ª\xbd<\xc2[\x19N\xa9\xe5\x1c\xc9\xe6\x99\x125uʭ\x80Y\x1f\xff/\xd5N3\\r\xd2b\xc1}Y\xf9\x1d\x9cz\x9f\x97\xbfH\x0fZ=U\xfe\x81\x9bݍ%\x87OE\x1d5lx\xe11k\xfe\x94\xcc\u007f\x92wo\x14\xd74\x9e\x9av\xaf\xef\xedf#\xd6\xd4\x16\x93g\xcf\xfe\x86\vl\x8d/ۯ\xbfA\x80\xf7(\x133#\x03\xe3\xe2&F)\x83&F1\x03~6\xe6PYaF\xc6\xff,\xac\x06̌\x8c\xff\rdA\x02|,b,\"\u007fo\x89\x1c\x99opOq\xaf\x9c\x93\xe5\x9f\xd5\xc9ʞ\x0f>\xb6\x18\xf0\x81\xa4\xf9A\xeaY\x98\x99\x18\xd9\f\x1a/\x83\x04\xe4Y\x1aO\x1b4\x9e0hlXP\xb7\xa0\xa6\xad*'%\xb1\xc0J_?%\xb3(5\xb9$\xbf\xa8R/E\xb7\x04\x14\x95zy\xa9%\xfa\xce~\xb6\xd0(T52\x00E\xa2\xaa\x91\x018\x1aU\x8d\f\x8cAlGU#\x03#\x1060\xb0\xd4\xf1\xb7\x85&\x03U#\x03PB\xd0q\xb6uq\xb5ON-*\xc9L\xcbLN,I-J-\xcbON,\xc9\xcc\xcf\xcb\xc9,.1p^\xe0\xb8\xc0\xbe\xcd6\xa3\xa4\x04\xe4\x82\xf2\xf2r\x14\xbb\x93\x8br\xf4\xa1\xfc\xf8\xa2\xfc\xfc\x92\xf8d\x90\xc5\xf1\xc6\xf1ɉ\xf1F\xf1 \v\xf5\x92\x8br\xd02\x043(\xd9\xd4O\xbfmp\xe2\xfe\x929\xb5\x8aU\r\x05\xe7D\x842;D\xa6&\xb80\xae\xd9\xf4\xd2\xc0\u007fv\xc0\xa1\xb4\x1bu\xbd\x06[\v\f_>\xca<\xfe\xb9ංh\xdb\x05\xde\x0f\xfb\xd60\x96\xb6\x9c\xab\x9b\xef\xbb\u007f{\x82\xf5\x9cϧd\x1f\xc5e\xdcXTz\x8b\xc1\xcdsR\xff\xd8\x02\x97\x89.\xd1}\xbf\xc9{\xbf\x82\x86\xaa\xe7\xc5ef\xe5&/R\xee\am\x14<^\\u\xd6rޡ\xb5=\x85\x8a\x9f\xa2\xb2\xd7߷\xf1\v]\xbf\xa9%U\xa4sg\xf9i-\xc3}\xe7\x17\xe7\x9e\xcf\xf7\x98b\xe4\x96\xff\xbc\xb0g\xc1\xb2\x16Is\xf6O̮\x9c\xdam\xa55\xf7\xe33\xc3\x19n\xe7\xddXV\xa4\xe4\x1dp\xa5tF\xd8\xfd\xed\x12\xff\x9d\x9d\x03\xd6U\xb9T\u007f\xa8\f\xbc\xeel\xbb\xfcr\xe3\xe5\x0f'\xfdw\xde:6\xbd\xedB\xd3\xe1'N\xb9\xff6\x99\xed\xba\xe5\x9b\xf5\x86\xb3\x96\x923\x8c\x9e\xbeRL\x9c\xf0\xc4P\xb1\xcfd\xe3w}S\xafV\x81[ϻ\xcc\x15\xf7E&?\xf8\xd4\xdaa\x18|%D\xa4\xb5\xa0\xf2\x8b\x1e[\xb9z\xa9\xbe\xfc\x8e\xae\x9f\xff\x8e\xee\xbaa\xf6\xa4\xf9\xcd\xf3\xd4\xed\xfb\x93\xa3>\xbb\xado\x9cb~ű\xe7\x9a\xf25\xb9\xf3_3\xa4]\x92\x17E\xedZn\x1a\xb9\xf0i\x01\xebl>\xe5\xf0\x99S\xb8rwY&k\xb4M\xfa,\xd1r\xe3\xf7\xc5\xf3\xaca)\xe1\x80\x00\x00\x00\xff\xff\xf5FGa\xa3\x03\x00\x00")) - p.addCertFuncNotDup("0e1\v0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\fDigiCert Inc1\x190\x17\x06\x03U\x04\v\x13\x10www.digicert.com1$0\"\x06\x03U\x04\x03\x13\x1bDigiCert Assured ID Root CA", "E뢯\xf4\x92˂1-Q\x8b\xa7\xa7!\x9d\xf3m\xc8\x0f", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xden\xd0\xc44\u007f\x013\x13#\x13\x93\x00\xcf\xf3\aO\xc5o\xb8\xfd\xeb\u007f\x9a\xf0G\xfa\x83\x81\xa5\x01/\x1b\xa7V\x9bG\xdbw^FFVV\x06\x83TCn\x03N6\xe6P\x166a\xa6\xd0`CQ\x03a\x10\x87K\x98\xc7%3=\xd39\xb5\xa8D\xc13/\xd9P\xd2@\x1c$\xcc-,P^^\xae\x97\x92\x99\x9e\x99\x9cZT\xa2\x97\x9c\x9fk\xa8b\xa0\x04\x92b\x16\x96\x86\xebp,..-JMQ\xf0tQ\b\xca\xcf/Qpv4\x90\x13\xe7503444\x80\x80(q^cC$.\xbd\x9c\xd1Ĩ\x84\x1c\x00\x8c\xac\f\xccM\x8c\xfc\f\x06M\x8c\\LM\x8c\x8c\fk\xf9D\xcf=qn\x88\xd9\xd8\xfey{\xc2\xcfB\xa1\xa5\xeb\xee\xa8M\xe9X\xf5\xe5\xdcW\x05K\x8d\x88\x04\x9e\x1f\r\xb7V\x8aN5J\xb4ٺQ\xa3\xa5\xab\xeb\xce|.\x9ef\xf1\xaa\xfe\tk\xba\x9eW\x06\xc7\x18\xb6h}\xe3\x9fadVv\xe6\xde]\x9b\x15\x8b\xdeg\xfdV\xfc\x14\x94x\u007f\xbe\xc2u\xf9G\x1bo\xfe\x93H\xb9$\x14\x1d\xff3B\xc2t\x8f\xfbمf?\xb3\xeb\xafl\xb0\xb0;(}\xb8\xc7\xf8\xe6\r}\x89\u007f\x1a\xfc\x9b\x977_;\x9c\xe7r \xd1t\x9aؿ\xc89\xdde\xb9\xd7?.\xf2\xe6\xd5\xfe\xcf]tk^\u0085\xbe\t\xa6\xc7*B\xdb\x15\x16\x9e\u007f\x9a\xcbu³\xc6p\x86q\x8e\xd2\xcb\xf6\vFQ\x8bv\t7\t\xbe\xb5\x14\x9f;Ӫh\xe1\xb3_Kn^\x157,]\xd7Z\xab\xb4Ξѭ\xed\x9bF前\xb7\x9e\x84\x8b\x1f\xa9\x93\xe1۰eҲ\xb0\xcd{7M\u007f\xbbj\xf9\x87\xedGW\xd8O\x15\xbb\xf0\u007f\xe1\xb4\xd7\x1c\xf1\x12\xe5\xfeĽ\f\x8c\x8b\x93\r\x12\r\xf8ؘCe\xf9\x19\x19\xff\xb3\xb0031\xb6\x19\xf0\x83\xf8\xc2 >\xab\x013#\xe3\u007f\x03Y\x90\x00\x1f\x8b\x18\x8b\x88\xeb\xebE\xeb\xbfL:\xddd\xa8\x1bؽ|\xb9\xe2\xdcϹ'\xf8\r\xe4A\xd2\xca,\x12\x06b\r\xd8\x15\xa0\xa6CfP\xe8/\xe2\xdbs\xff\xd1\xdb\x0f\x8f\x8b\x8a\xabR\xa6\xec\xff^\x94v\xc3\xe8\x89SiҺ\xf6ן\xae\u07bc\x17\xb6y\xfe\x99s\"\x1a;y\xa7'\xc4\b\xf9D<\xb9l\xdb\xec\xe9\x1a1\xdd4Sj\x85\xfb\xab\xb0c\x95\xab\x85n\xa47\xb6ܯ紙\xf2l\x87\x9a\x8e\xc2^\xdb\xcd\x1a\x9d\xdf\xe3\xff+=\x9a\xde\"\xff2\xf5}\xfb\x83\xfb\a\xd3=7Ǿ\xdeĩ\xf5Z\xedmžZ{\xed\xcf\xdb\xd5Ls\xe3;\x19\xb7yF\xcfgd\x9d\xbd\xdaV\xf5\xe0\x99m\xf5\x87>\xe6\xb7\x1d\xfb\x95\x92\xf1\xbaQw\xcak\xa7\xed\xbfz\xe4\xee&}\xdc\x17\x90\xbe=g\xef\xe7\x8f\xf2\xd9\n\xb9%4_Wg\xd9\xe7}n\xfa\xbe\xc3\xe9Z\x19\x82\xf7\x1b\x9e\xf3\x18\xa7\xed\x17\xe6\x15\xc9\xfb\\/\x9f, \xf7\xabWZ57\xa7\u007f\xe9\xf6Dƍ\x97\x16\xab-\x14(\x9c\xbb\xf6\xd1ះg\x06n\xd7f\xe78\xa7\xf7,`\xd3\xf2_\\\xae\xfa\x8b>|\x02\x04\x00\x00\xff\xff\tÏɻ\x03\x00\x00")) - p.addCertFuncNotDup("0e1\v0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\fDigiCert Inc1\x190\x17\x06\x03U\x04\v\x13\x10www.digicert.com1$0\"\x06\x03U\x04\x03\x13\x1bDigiCert Assured ID Root G2", "\xce\xc3J\xb9\x99U\xf2\xb8\xdb`\xbf\xa9~\xbdV\xb5\x976\xa7\xd6", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x9ef\xd0\xc4T\xb7\x80\x99\x89\x91\x89I\x80{\xb2\x8c\xd55\xcb\xf4W\xe9\xca\xfb\x0f\xaf\x9f\xf5\xc5ۀ\x97\x8dS\xabͣ\xed;/##7+\x83A\xaa!\xb7\x01'\x1bs(\v\x9b0Sh\xb0\xa1\xa8\x810\x88\xc3%\xcc㒙\x9e\xe9\x9cZT\xa2\xe0\x99\x97l(i \x0e\x12\xe6\x16\x16(//\xd7K\xc9L\xcfLN-*\xd1K\xce\xcf5T1P\x02I1\vK\xc3u8\x16\x17\x97\x16\xa5\xa6(x\xba(\x04\xe5\xe7\x97(\xb8\x1b\x19ȉ\xf3\x1a\x1a\x1bX\x18\x18\x1a\x1a\x19\x18\x18\x18D\x89\xf3\x1a\x838\xa6P.\xbd\x9c\xd1Ĩ\x84\x1c\x00\x8c\xac\f\xccM\x8c\xfc\f\x06M\x8c\\LM\x8c\x8c\f7\x9fk\xe8\aٛ\x15yvL6\xf9\xfc#K\xce0\xa4a\xfe\xda\x10ǭ\xee\xf7\xa7\xad\xb8\xb2\xbeAw'\xd7\xf9ҿ\x9dKkU~=V\xe2\xd1\xde3U\x9c\xdbx\xbf\xa4\xaf#\xdb\x04\x86\xbd<\xbe\x02\xffط>\x97\xc9S\n5L\x9d\xbe\xf7\xb2\xf8%\xb9\xa4Ϸ_\xe5\x04\xf4ط\xf0L;\xbf\xfd4\xf3\x83S\xb9\vE|\xa4;\xef\xbee\xd8\x10T\xb3~b\xceF\v\xe1\x8b/\x858\x0e0l\x90\xd1\x16\xbcU^`6{ݹ\xca\xf6;M\x05\xcf8K\nB3\xd7/Θ\xbf\xff\xee\xb6\xca͟\xe6\x16h\x86~Y\xfd\u007fj\xe2\xe7\x93\x0e\xf9\xb2\x17\xf7M\xde}\xb9Ck\xf7\xdc\xfdEQa\x85\xd6\xf6W>_\xe4\xfa\xa7\xf1~\xf1\xbb\x9b3\xd73_\xeeO\xd8\xfei\xd2\u008d{;;\xe5\r\xce\x1e^\xa6\x97d\xbcN\x8c\xa9\xdc%\xeay#\x97\xcdr\x17\xbd\xca\x1d\xf6,{b\x16\xb4?\x94^\x1f\xd8w\xf6\x8dί\x1f\xffr?Xլ\xea~\x92>հ\x97\x89\x99\x91\x81q\xb1\x93\x81\x83\x01?\x1bs\xa8\xac0#\xe3\u007f\x16V\x03fF\xc6\xff\x06| \x01~\x90\x00\v3\x13c\x9b\x81,\x88\xcf\xc7\"\xc6\"r\xee\xb0\xd7Ι\xa1\x9fv\xdcNؿ\xb2no\xd8\xd6\xe9f˯\xa1%3fP\xe0\x9eZ\x1a\xda\xf3\xf8\x84c^\xa6\xfa\xf2R\xc1\xf76mf\xf9\x97\xe6\x1e\xab\xb0\x90͜\xb6hR\xa6\x9eE\xce\xecZ\x96+\x9dK7\x1a\x9aw\x9dT<\xb3:\xe7l\xb7̬k\xfb=.\x19\xa5\x1d\xec:\xf0Y\xdf\xea\xfd\x81\xc7W&\xb6]\fx\xcc|\xbb\xb8<\xdf\xcb2\xf8\xed=\xb5\xe3[k\xd7k;],Mz\xec\xa5\xcdt<\xc0\xfbA\xe6\xa3i9|.i\x02.\xfdkY_\xff\xa8\\\xb3L\xfa\x85\xb9\xc9\xdc\xe0\x93\x89\xab\x16\x05\xad\xf7*\x10k;dub\xa3p\x81ٍ\xf3\xef\xbep\x99\\\x8d\xf6\xf9\xcb>gѮ\x9b\x8cE1\x9f}\x0f\xde\xe5\xdb(\xc3{$y\xdf\xda/\"\xbf;\xdf,r\xe4\xf39s\"\xdc\xe1B\x1e\xf3\xaa\xb3<}\x9d3g\xe6|\xb01Xoq?\u007f\xcf\xe2}\x9a\n\xea\xabK\xfe\v+Uܛ\x1e\x14*\u05fc5D\x81\xf9ݺ\x03\xfea\xf7\xcc\xcf\x1c\xae_Ţ\xbe\xfbr\xf9\x8e\xa4\xdb\xe25s4\x94\x84\x8bsΫ}\xed\xd2|\x0e\b\x00\x00\xff\xff{ia\x90\x9a\x03\x00\x00")) - p.addCertFuncNotDup("0e1\v0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\fDigiCert Inc1\x190\x17\x06\x03U\x04\v\x13\x10www.digicert.com1$0\"\x06\x03U\x04\x03\x13\x1bDigiCert Assured ID Root G3", "\xcbн\xa9\xe1\x98\x05Q\xa1M7\xa2\x83y\u038d\x1d*\xe4\x84", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbr3hb<\xbb\x80\x99\x89\x91\x89I\x80{a\xd4/\xd9\xfb\v\xb6z\xba\xac?\xab\xb2 \xe7\x8d\x01\x17\x1b\x87V\x9b\xc79[\x16ff\x83TCn\x03N6\xe6P\x166a\xa6\xd0`CQ\x03a\x10\x87K\x98\xc7%3=\xd39\xb5\xa8D\xc13/\xd9P\xd2@\x1c$\xcc-,P^^\xae\x97\x92\x99\x9e\x99\x9cZT\xa2\x97\x9c\x9fk\xa8b\xa0\x04\x92b\x16\x96\x86\xebp,..-JMQ\xf0tQ\b\xca\xcf/Qp76\x90\x13\xe7546\xb000442000\x88\x12\xe75\x06qL\xa1\\z9\xa3\xcc@\x80\x8d\x1d\xecw&F6V\xedF\x16\x06%\xe6$\x06\x16\xc9\xe7{ָ\xa4\xbe=\xbb\xc3>\xe2w\xef\xc6\xf0\x95.\xba\xac\xa2\x9f\xdes\xff\x17(\x99\xbf5)(>\xadN\xfe\xe9\x1di\xd7J\xee3ǂ\xb9\xe6\xf6\xc62\xdd\\\x19y\x8f)\xea\xdbT-\xbe^\v\xaf.\xcfc{\x8e1[\xb0LJު\xe3\xcc{T\x1fw\xc1U\x81?\xb2L\xe0\xda\x02\x95\x0f\xba\xf7\xcc>\xe5hZ.v2p0\xe0gc\x0e\x95\x15fd\xfc\xcf\xc2j\xc0\xcc\xc8\xf8߀\x0f$\xc0\x0f\x12`afbl3\x90\x05\xf1\xf9X\xc4XDN_ػ\xf2\xe1\f\xd6\xc0\x85\xbe拚+\xcf\xf5\xcaj=iA\x8e5\xe6t\x06\x83\x14&\x03\xd5%\x8d\xaeL\xd9Bޥ%\xfe'\x94\x1f\x17|*-\xbaW\xd3\xf9\xe1\xfcĢ\xc4yq\x02\x93\"\xc3v6\x1f\x17xn\xf12Bͬ\xf6\xea\x13\x936K&\x83\x1a\xb3\xe0\x0f\x06O\x93\x92\xadf>ڶ\xd8z\xb6\xc9/\xb9[\x02\x93\n\xe3&\n/\xbf\xbb$o\xd2\x19\xa3k_\x15ӎ뿚\x96\x9c\x95\xea:i*\xe3\x16@\x00\x00\x00\xff\xff%\xf2\xd0\xcaJ\x02\x00\x00")) - p.addCertFuncNotDup("0a1\v0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\fDigiCert Inc1\x190\x17\x06\x03U\x04\v\x13\x10www.digicert.com1 0\x1e\x06\x03U\x04\x03\x13\x17DigiCert Global Root CA", "\x03\xdeP5V\xd1L\xbbf\xf0\xa3\xe2\x1b\x1b×\xb2=\xd1U", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb^o\xd0\xc44}\x013\x13#\x13\x93\x00\x87\xf5\x83\xb0\tNn\x1b\x17\x96f\x9d\x8c\x9cx\xdcˀ\x97\x8dS\xabͣ\xed;/##++\x83A\xa2!\xb7\x01'\x1bs(\v\x9b0Sh\xb0\xa1\xa8\x810\x88\xc3%\xcc㒙\x9e\xe9\x9cZT\xa2\xe0\x99\x97l(i \x0e\x12\xe6\x16\x16(//\xd7K\xc9L\xcfLN-*\xd1K\xce\xcf5T0\x90\x03I1\v\x8b\xc3u\xb8\xe7\xe4'%\xe6(\x04\xe5\xe7\x97(8;\x1aȉ\xf3\x1a\x98\x19\x1a\x1a\x1a@@\x948\xaf\xb1!\x12\x97\x1eNhbTB\xf68#+\x03s\x13#?\x83A\x13#\x17S\x13##\xc3#뇂E\xf7V,\xb9\xbc8|U\xc0\xa2~\xee\xf2\t'\x17-}'tnZ4#\xa7\xc2\x19\xc6\xc9\xcb\xfd\f\xb6\a\u007fw>\x92\xc9\x10>\xf7Q\xaf\xd2\xddv6\a\x86F\xces礛\xf7\xdf?k]\xe8\xf6\xe8Z\xdaq\xd6\xcde\xeab\xfd\xd5\xf3\xe4\xa6־\xdb\uec58\xe3ֵ\xf5U<\x96l\xa9\xf5^\xb1\xf2{\xc4\u007f\xac\xde\xf7N\xe3zI}U\xc5\xcc\xc8\u058c\xbc\x18e#\xef\xfd~\a^D\xe5>.\xd8_.\xb0\xff\x0f\xe3\xb7֛+\\\x04\"\x8cV\x96J\\\xbd\xb8h\x9f\xfb#\xf5\xac/\xb3\x8c\u007fxr$t_\x89\xdfbղ\u007f\xe1*/\x9fZ\xbb\xf3\xfe\xf19eq\v\xbc\xcd'λ\xa3\xf4,\xf7\x9c\x88T_\xd6\xe9\u007fg7\x8b\xa4\x88\x1f\x8f֜g\xb4\xffӻ_\x97\xb9\x9d\xae\xac\xde\xeeht\x8b\xe7\xca\xfb\x1f\x8dWw\xf7F\xd8o\x95~ᩱ\xa8\xe0\x96!\xcb\xdd\xef\x9b\xc4>\xf9p\xf9\xb1\xafx\xebe\x1b\xb7\xb5~\xf1\x84\xc3\xebՙ\x98\x19\x19\x18\x17'\x1b$\x1a\xf0\xb11\x87\xca\xf232\xfegaafbl3\xe0\a\xf1\x85A|V\x03fF\xc6\xff\x06\xb2 \x01>\x161\x16\x11\xe6{\x01\xa6a\x17}v\xa7}X\xfcHZ\xfa\xf0\xf4M\xb6\x17C\r\xe4A\xd2\xca,\x12\x06b\r\xd8\x15\xa0\xa6?fP蟞c\xbe\xcaCX\x88\xeb\xd7]\x979\xfeA\x1b\xbe\xdc_\xc7\U000b5c92c\xb1\x8a\xc4\x1fo\xed\x96\x03\xba;\xaf\x1e\xff\xf7\xe5\xa0|\xc4\xe9\x1d\xb9s\xaaJ\x9e\xcf\xd0\\-\xb8\xf5q\xc1\x82\x85g}:fN\xee\x99X\xf0h5\xbf̾\xc9+\xff'_}\u009epy\xf1\xfe\xb9ќ\x1f\xaf\xf6=\x0e\xfeҗ\xfc\xcb~\xf9\xed-i\xf7\x93Ү]\xccs\xec\xfd\xa4\xbb\xf5U\xb9\xd7\xfc\xb9\x11\x8f\xb4#\x0f8(\xbf\xd5\xd5hr\xb5\xab\f\x99\xa46\xe3A\x83\xc7\n\xf3\xf7\x1f\xaeU&\x88\xdd[\xf3\x82\xefl\xde\x1a\x17q\v}\xcf[\x0f]\xed\xb4v\x9a\x05\x9f\xb7\n`\xfb\xae\xf7\xe2H\xb8gN\xa2\xa2\xc4U\x96\xb5\x156:V\r\xd9\xcb_\xaf\x17\x15yy\xa3\xf3\xe0N\x8b\x9cG\x13s\xba\xfe\xa7\xec,W\r78 \xad\xb2\xf8\u1757\xf7\xddk\xb6nQ\xe1`5x\xa3\xbb\x97{\xbf\xeb\xfe\x80\x9d+?\xbf\x9e\xc1(\xb4\xf6DDZ\x19&\xf1\xbd\\6\xc7^^\x9d:5\xf7\x1e \x00\x00\xff\xff\x02\x8c\xad\x03\xb3\x03\x00\x00")) - p.addCertFuncNotDup("0a1\v0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\fDigiCert Inc1\x190\x17\x06\x03U\x04\v\x13\x10www.digicert.com1 0\x1e\x06\x03U\x04\x03\x13\x17DigiCert Global Root G2", "N\"T \x18\x95\xe6\xe3n\xe6\x0f\xfa\xfa\xb9\x12\xed\x06\x17\x8f9", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xee3hb*[\xc0\xcc\xc4\xc8\xc4$\xc0l\xf5\xf1\xd9r\xc1\x95\vvk\xa4l\x94\xe5\xfc\xf5Ԁ\x97\x8dS\xabͣ\xed;/##7+\x83A\xa2!\xb7\x01'\x1bs(\v\x9b0Sh\xb0\xa1\xa8\x810\x88\xc3%\xcc㒙\x9e\xe9\x9cZT\xa2\xe0\x99\x97l(i \x0e\x12\xe6\x16\x16(//\xd7K\xc9L\xcfLN-*\xd1K\xce\xcf5T0\x90\x03I1\v\x8b\xc3u\xb8\xe7\xe4'%\xe6(\x04\xe5\xe7\x97(\xb8\x1b\x19ȉ\xf3\x1a\x1a\x1bX\x18\x18\x1a\x1a\x19\x18\x18\x18D\x89\xf3\x1a\x838\xa6P.=\x9c\xd0Ĩ\x84\xecqFV\x06\xe6&F~\x06\x83&F.\xa6&FF\x86\xdd\xe6gM\xeeTg\x9fܔ1a\xadW\xe9\u007f\xb7]\x8a\\\x1c\xbd_%CN\xfe\xee\xb8\xfdy\xdd'\xabΉ6U\xcfV\xb3Ie\x9f_\xa3\xfb\"\x8eS\xc5eWҬ\xbak\x8bW\xd4=\b)U`]\x13\xb0}N\xb2T\x8e\xc1\x9d[\xf2\x92\x1b\xaf\xcb\xdd\xfb{\xfd\xc1\xe9)\xcd\xe6\xeb\xde\xc8;\xfbݭֹ\xb4Wo\xa9\xfe\x93\x95;\xd6Z]\x99\xb9d\x9b\xea\xcb\xd9\xd9\f\t\x93\x12\xfe\xfb+zJ|O\x9f\xb0:\x91mN\xff\xa7]/\xb7\xbc\x9cd\x94\xbd\xf5s\xf8\x8bX\xe9\xb3=\xb2\xab\xa7\xb2L\xf5\xfcl\xaa;\xed\xb1g\xee\xdd\xf2ǿ=\xbd\xb7\xac\te_\xd9?u\xf3\x16\xe5\xdd>\xb9\xae\x1f\xbe\xad\xdc4\xd5`\xcb_\x9f\xd0\x1eu\xafp\x91\x9a\xa6\xb9g\x8b']\x16\xf3b\xe3\xe9\t\xb8\xd8/ǹO|\xe13\xc5S\u007f\x9b\x9f\n\xeci^\xcau$]\xe3[\xb1\x88\x88\xad[\xd9\xe1v\x91NE\x13\xdf\xf5\xfc\xae<\xcb<\x17\xee\xda=\xe7\xe8F\xe3f\xcdV&fF\x06\xc6\xc5N\x06\x0e\x06\xfcl̡\xb2\u008c\x8c\xffYX\r\x98\x19\x19\xff\x1b\xf0\x81\x04\xf8A\x02,\xccL\x8cm\x06\xb2 >\x1f\x8b\x18\x8b\x88\x9fR\x88\x82\xc4\xd4g\x8f\xf3\x9e\xf1\xff\xfa\xb5S\xe8-\x9bx\xbf%Z\xf2b\x06\x05nB\xbaƔ|>\x8f\xe4׆w_\xa5K\\\xed\xac\xb59\xda\xedU\xffr\xdfmm\xf1\xfb\x1b\xe2\x8b˵\x8c\x84-\x1bӝZ\x94?\xb9\xa6\x9b\xbe\xe9\xd8\xff\xa3\u007fC\"\x8fɒu\n>-\xc7n\xff0}Xv\xf3\xfe2\xa7\xdd\xc7]8\xda\xea\xcdJT\xa2n\xe5\xf0\x8aD\x9a\xee\xfd\xe4yw\x9b\xfc\xc9ͼ\xeeZ\xb63\xf5w\xc7\xec\xdezE\xe1\xe1\xcc\xf8`7\xd1\xdb\x19\xb3?|6\xb8jg\xf8\xa8\xb7e\xde\xe3\xae[\xb7\xa6ٙ\n/\x8d\xff\xf0\xb3 \xa0\xc0\xddQ0\\\xd2\xef@\xff:\xb6#S\x85\xc5\xf5\xa5U\xe7\x97~\xda\xd87sa\xbe\xf0F\xc7\xc2\u007f\x1dZ'\xfc\x05\x14B\xaf\u007f\x16q}\xfa\xc0\xe5˫\xf6\xa9F\x93\xf9\xfe\x05\xbb\xfdҙ\xfb\xbf[i\xa7\xf7MN\xd7%\xf7\x96\xec\x98\x15qW\xba6h~_\xa4sG\xe3\x92yjW\xf3\xd7\xde\xe5=f^\xfb\x96y\x92\xf4\xd3\xf2\xf8\xb2w6\xbdGbâ\x17\xddL\xcb\xdblj\xfe\xd4h\x1b \x00\x00\xff\xff[I\x17P\x92\x03\x00\x00")) - p.addCertFuncNotDup("0a1\v0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\fDigiCert Inc1\x190\x17\x06\x03U\x04\v\x13\x10www.digicert.com1 0\x1e\x06\x03U\x04\x03\x13\x17DigiCert Global Root G3", "\xb3\xdbH\xa4\xf9\xa1\xc5خ6A\xcc\x11cib)\xbcK\xc6", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xb27hb<\xba\x80\x99\x89\x91\x89I\x8054lϧ\xb8%\xa6\xa6\x87\x97\xf0_]\xedZd\xc0\xc5ơ\xd5\xe6qΖ\x85\x99\xd9 ѐۀ\x93\x8d9\x94\x85M\x98)4\xd8P\xd4@\x18\xc4\xe1\x12\xe6q\xc9L\xcftN-*Q\xf0\xccK6\x944\x10\a\ts\v\v\x94\x97\x97\xeb\xa5d\xa6g&\xa7\x16\x95\xe8%\xe7\xe7\x1a*\x18ȁ\xa4\x98\x85\xc5\xe1:\xdcs\xf2\x93\x12s\x14\x82\xf2\xf3K\x14܍\r\xe4\xc4y\r\x8d\r,\f\f\r\x8d\f\f\f\f\xa2\xc4y\x8dA\x1cS(\x97\x1eN(3\x10`c\a\xfb\x99\x89\x91\x8dU\xbb\x91\x85A\x899\x89\x81\xe5\xee\U0009befbvp\xff\xe6\xaeW\xbc\xf4a߾\xe2\xcfƱR{L^\xdd;6{υ\xa9\xdf>\x9c\xb9\xc0\xbd+1:Эn\x9e\xee\xfcw}\xc9<\xe2o\xd8\v\xbe\x9eo\xd1sh\x9e\xf3\xc2\xde1\xd7z\xed\xe5%\"\x91f\x15s\x99\x9d\xdf\t\b\xe7\x14\xdd[ױ|a\xf6V\xe7s\xe9w\x94\xff3\xcb,~d\xb7\xd8\xc9\xc0\xc1\x80\x9f\x8d9TV\x98\x91\xf1?\v\xab\x013#\xe3\u007f\x03>\x90\x00?H\x80\x85\x99\x89\xb1\xcd@\x16\xc4\xe7c\x11c\x11\xd9|\xdbc\xc9υGo\xac3s<#\x98\x9c\x99\xa4\xb9\xc7\xfb\x18rl1g0\x18\xa42\x192\xac\xdd\xf3)\xc7^\xc8뢮\xe5a.\xce\xe9\xc5_:\xccz:\xd4w?\xeb\xe8\rh]\x9e\xfcs\x9eѽ\xb4\xc9\xfc\x1f\xcfl\xe4쿛\xb3\xfaWv\xfd\x02&\x03˴\xe8C)\xbd;\xe6\x05\xdcYq\xd5s\xd1\xdb\xe3w.z\u058b3\xee8\xd1\xd6\xef\xd7ӡ\xbdb\xd6ʮ\xa3\x17\x19\xf6\xfe\by4\xebit\xcdfuq@\x00\x00\x00\xff\xff\x80_\v\xbbC\x02\x00\x00")) - p.addCertFuncNotDup("0l1\v0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\fDigiCert Inc1\x190\x17\x06\x03U\x04\v\x13\x10www.digicert.com1+0)\x06\x03U\x04\x03\x13\"DigiCert High Assurance EV Root CA", "\xb1>\xc3i\x03\xf8\xbfG\x01Ԙ&\x1a\b\x02\xefcd+\xc3", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb>j\xd0Ĵv\x013\x13#\x13\x93\x00Ӛ\x18\xb5,n\x87\xd9\xfdܕ\x9fֹ\xa9\x96\x1b\xf0\xb2qj\xb5y\xb4}\xe7eddee0\xc81\xe46\xe0dc\x0eea\x13f\n\r6\x145\x10\x06q\xb8\x84y\\2\xd33\x9dS\x8bJ\x14<\xf3\x92\r%\r\xc4A\xc2\xdc\xc2\x02\xe5\xe5\xe5z)\x99\xe9\x99ɩE%z\xc9\xf9\xb9\x86\xda\x06\x9a )fa%\xb8\x0e\x8f\xcc\xf4\f\x05\xc7\xe2\xe2Ңļ\xe4T\x05\xd70\x85\xa0\xfc\xfc\x12\x05gG\x039q^\x033CCC\x03\b\x88\x12\xe756D\xe2\xd2\xd95M\x8cJ\xc8\xc1\xc1\xc8\xca\xc0\xdc\xc4\xc8\xcf`\xd0\xc4\xc8\xc5\xd4\xc4\xc8\xc8p\xec\xcc\xd3\xe2g\xbf\xaf\xec~\xaa\xabk\xb4\xec\xfe\xd3F\xfb\x93gU=\xb7\x15j\x1d\xbe:\xc5$}\x11\x97̆\xf8\xcce\x0e\x1b\x8fl\xdf\xd4\u007faƒ\x95\x8e\x91V\x97\xefL\xb9fs\xbb\xc4b\x89\xd7\x19_զ\xef^K\x83\x85,\xde}\xf6\xcc-\x9cX\x97\xbcm\xf5\xb2\xf8\xc3KZ~\xf8'\x05\xee\xfbq\xf4\xcdm\x8bI\x8fٞrL\xe49\xa2\xe1\x18\xfa\xfbtT\xa7h]\xe1\v\xd3\xfd\xbeE\x9c\xb6\xfb\xac,\x02\xa2\xcb\r\xa5{7\x1fWq\x9d\xb5|M.\x83H\x14\xcb\xf6]¯\x03\xb9f8:*\xf9\xa5&\xb67:\x06,\xab\x8c\xe9\xbc'\xe9\x15~U\xefY\xacL\xb0N\u074c\xb3RlbK2\x8a/\x98\xb0\b\xc7,,\xbc\x1cU\x13z;.\xe5\xa1y\xbbA\x18\xcbS\xc1-\x9a\rB\x1f+-;\x161\t֨\xa7m\xef\xd8^\xf1\xe9\x14\xd7\n\x8b\xd5\\)\x87\xf6\xa7\xc5Nm9\xb8PU\xae=V*\x80[A\xe8\x8c\xe3\xee<\xee@\x8b\x1dާ\x99\x98\x19\x19\x18\x17'\x1b$\x1a\xf0\xb11\x87\xca\xf232\xfegaafbl3\xe0\a\xf1\x85A|V\x03fF\xc6\xff\x06\xb2 \x01>\x161\x16\x91\x8dv\x873\x99\u007f\xecwg\xbc2CM\x8a\x83\xe9}r\x8a\xf6a\x03y\x90\xb42\x8b\x84\x81X\x03v\x05\xa8\xa9\x92\x19\x14\xfa2Rl\xd3\xef\\\x9f3ߦ#\x8d\x8d#\\\xf1\xb6\xa2\xfb\x0f\xad\xf4U\xfb%\x8c\xca\x1c\x04\xc2\x0fv}\xae\xba)\x98\xdag\xfak\xde\x1f\u05ed\xf3n\xfa\x18z\xef\x98\xf8\xc2Y\xa7osŹۏ\x83+\v\xaf=U\x9c\xc2x+\xb4}\x96Jʷ\xae\xb43\xf7星]a\xb21s\xb6\xf2\x89y\x15J\xda\x05ΏC\xdd\r\x13%\xdfG\x1cm\xd5\xf73\xf8\xb6\xc0PL\xf9\xc4\xf3G\xa9bƧ\xf7KI/\xb0\xfdq*\xae۰;\x81\xa3S\x97\x87-&h\xfb\x91\x9f\\3.\x8a\xc6\xcf\x17\xdaWc\x96l\xb1\xd7eI\xfd\x135m\xae#\xd33y_\xf6<: \x10\xbe\xe3D\x99\xd0\xc4\xd0O\x1e\x997\xf6h1E\xf3\xbb\\Q0\xbc\xfdeW\x81Z섄y{\xbc\xc59\xf5\xb7\x9c\x96s\xce8ɮ~\xf0R\xcc\xf7W\x8a;3\x84\xe6\xd8\xcc\xd9?\xefOC\xcc\xec\xe4\xb3o\xdcW\xa9\xaa\xa7/0\xff\xcc\xd0T\x1br}受z\u008b\xcb_\xc8{\x01\x02\x00\x00\xff\xff\x94\x8c{I\xc9\x03\x00\x00")) - p.addCertFuncNotDup("0b1\v0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\fDigiCert Inc1\x190\x17\x06\x03U\x04\v\x13\x10www.digicert.com1!0\x1f\x06\x03U\x04\x03\x13\x18DigiCert Trusted Root G4", "\xec\xd7\xe3\x82\xd2q]dL\xdf.g?纘\xae\x1c\x0fO", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x9d`\xd0\xc4\\\xb1\x80\x99\x89\x91\x89I\x80u\xb6t\xf8\xbc>E\xa3G\x96\xec{\x97\x97\x97\xc6\x18\xf0\xb2qj\xb5y\xb4}\xe7ed\xe4ae0H2\xe46\xe0dc\x0eea\x13f\n\r6\x145\x10\x06q\xb8\x84y\\2\xd33\x9dS\x8bJ\x14<\xf3\x92\r%\r\xc4A\xc2\xdc\xc2\x02\xe5\xe5\xe5z)\x99\xe9\x99ɩE%z\xc9\xf9\xb9\x86\x8a\x06\xf2 )fa\t\xb8\x8e\x90\xa2\xd2\xe2\x92\xd4\x14\x85\xa0\xfc\xfc\x12\x05w\x13\x039q^Cc\x03\v\x03CC#\x03\x03\x03\x83(q^c\x10\xc7\x14ʥ\x8b\x1b\x9a\x98\x94\x90\xbd\xce\xc8\xca\xc0\xdc\xc4\xc4\xcf`\xd0\xc4\xc4\xc5\xd4\xc4\xc4Ȱ\xffل\xe2\x8c{\xbb\x9f\xc4z\xd9\x18(\x19d\x1a\xbf9\xb4\\U濫\xed\xa7\xae\x1b\x91\x87\x1ej.\xb7\x8dX]6\xeb\xec\xbaj\xe9\x16\xde#\x06\U0009f957X\x88\xbd\x0e;6=Wv\xf5\xa6\xcaO\xa7\x04/=\x89\xbf\xc6j\x13\xc4\x1f$\u007fl\x9e\xe8Һ}\xf3W\x86\x8bE\x86\x16\xadϘ\\phӮҙY\xc5FS.\n\xb8\b\xe8\xddo\xfa\xcc\xde\xf2\xac\xc4:\xb7\xf0\x91.\x8f\xf4;\x85\xab'\x15d\x935uϽ\x89\xf3;1\xf9\x87b\xe2l\x93\u05ec\xc7\xe2\xdeDK\xedy}\xf2\xfc\xd95&\x0e\xf1\x1b\xab\xd2ޕ\x9f\xf0X\x91\x16\x1e>?$\xa2\x8fG{\xbb\xffr\x83\x9ba\xefNU\xc7>^{\xd2?\xee\xa9\xe9s\xc3ӷ&\xc7\xdd\xe9\xebo\xb8\xb5m\xe2\f\x87\t\x95\x87+\x8eo\xdbxdk\x96\x84\x05\xb3@\xef\x8d+\xe6K\xf4Xk;\xbe6\xd9\tL,X\x1d\xda\xe4ht\xfd6K\xb1V\xdeD\xc6\x1aE\x9f+{\xd6I3\x97\xc6V\xa4ݴ2t\x99e찟\xe3z\x94\xe7\x92C\xcfV.H\xbf\xbbD}\xcfB\u007f˭\x82\x11\xe2\xdfUb\xdc\xfaS\xbe\x1f\xcc\xec(\x9bQf\x1b\x19\xebT\xd6\xde9=\xb3\xca\xe3ÃEB\xd2i\xb3JN\xdd\xf3\x96{Η\xbc\xeeٕ\xf7\x93&Yͳ\xbd\xc3\xf0\xc4U\xb5s\xdb,\x17I\xed\xba\x03S\xb6\\J\xcc}m|\xf3\xe8}o\x16\x863\xb52S\x0f\xf7\u007fWܴIp\xfb\xee\xfaOW{\nt\x1c\x13VmL\x96p\x99*U\x96T\xf7\xada\xc3\xef\x17)ˌ/v\xb2?ܻ\xfd\x99\xf3\x12\x89\x1d\xcb\xca\x19\x1f\xf2O\xe1Q\x94\xdd\x14\xa2\xa9ڙ\xf3\x94/(нd\x9fښm\x8e\xa5\xf7\xaa\xd6\xc4\xf7ڟ\xdcs\xd9QP(\xfa\xa9@\xc0kã\xa7\x8aĔ8\xef\xd7\xf8\x94\xda'\xbfQ\x8c?\xa2\x10\x98\x9d\xbfqu[\xb7\xff\xa1k\xae\xf1s\x15\xfe,\x94;z\xa0\u007f\xd1\xc6:.\xb5\x99_\x9fd\xeaϐ\xd5\xfdzs\xe5&٧\xd2Ľ\f\x8c\x8b\x9d\f\x1c\f\xf8٘Ce\x85\x19\x19\xff\xb3\xb0\x1a032\xfe7\xe0\x03\t\xf0\x83\x04X\x98\x99\x18\xdb\fdA|>\x161\x16\x917\xd7\x1f7]*\x8cM\U00079bd7n\xff|\u05ccu2\xfc\xfeh\x19\x8c\x19\x94\xb8v'ެ]\x99\xb3O\xfc\xc8D\xe9\xc3\v\x171\xf4>N\xc9\xe0\x0f;_\xbe\xae\xe0\xe7\xdfY^3w\x9e\xac\x88\xe1\xe1\x89\u007f\xf2LD3\x8c\xdb\xcc3\xd6%\xf9\xc1\xda9\xd3$Ҥ\x95ym+_\xe6f_\v\xf9q\xc9栳\xc3:ـ\xafA\u007f&X\xef\x9e133\xfb\xf8\xc1\xe5+2\x96\xa8ߙ\xfbS}\x9dA\xeb\xceo\xe9\xbeVv\xfd\x91\x96J\xc1.\xafO\xc42\x9fz\x1bPU\x9b\xa4\xc8\xd5p\xa28\xed\xe2\x02ք\xf8\x17K\xb7,_\xbf\xe2{\xae霚\xa8\xaek\x8b,f~\xae\xe8\xfe\xe2{I\x81\xfb\x1e˻\x9e\xd9\xee\x8dE\xbc\aD\x8c\xde\x1bD\xea\xad{P\xf8)\xecI\xd6\xf4\xfcI\x01\xb9\xd3z3\xaafm2\x13\xa9b\xfb\xa4\xb2\x93S0\xe0:\xc7\xc6\x1d\x9dU-ʉN\x9aO\x17\x9f]\xa4\xe0x\xfd✔\x9b\xaf\xd4\x16v\x8b\\\xf7\x91\xdc\x14\xe0Xhk\xef[\xa0\xdc\xc6\xe3u\xa7\xf1\xd2\x19\xa3)-\xbc\x1c\x9c\xd3e\xfc\x0f\xbc\xcbV(1\xb8\xf4\xc0\xd2D\xa0UQ\x94\x91\xe3E\xa8ѽBϛ\x1a\xe2\x01\xbe\xcf\xf6\xf9^,]s\xe1\xd4o\xc7\x1d\xceKW]>\xcc\xea\xe2\xafc6\xfbѯG\xae;\x94\x83s\xd8\xf2\xd3C\xebݶ\xfa\xd8\xe7iDU\xaa]Z\xb2\"i\xfa%\xb9Go\xbd\xba\xf7H\xffu\xf7⽟\x9eV\xb7)\xda\xf1\x82\xf5\x93/\xd6_X\x92_\xbe?\x14\xc2\x10\xb8\xa0K\xeb乊3W_\xb5\xb3Hl>\xb7\u07b3c\xfd\xe7I3\xb7m~\x96\xc8\u007f\xa9\x95\xe1y\x80\xd4\x13\xe9\xa9s%\x17\ue733q\xf6F\x06\xb9\xf7\x17\xf8\xfd\x9drNr\xedy\xe7\xfc˪p\xe9\t_\xb5\xa5\xa6\u007f;c\xf7\xb4&\xc9\x1a]Z\xa0\x1d\xf2vV\xf8\xc1ۿ\x04\xceKn\xef\xf6\x92\xeegܦ>5\xf8Ŷ\xce\xdc\xe8=\x19W\x94_t\a.\n\xfb\xf9aYÂkr\x9b\xf7\xf0\xf3\a\x97j\xaez%\\\xfe\xe4^O\xa3\xe2Zv\x01w\xc1\xb5\xed\xb6\xec\x17K\xf7\x9c\xff\x9cV\a\b\x00\x00\xff\xff\x89\xfa\x9fG\x94\x05\x00\x00")) - p.addCertFuncNotDup("0[1\v0\t\x06\x03U\x04\x06\x13\x02US1 0\x1e\x06\x03U\x04\n\x13\x17Digital Signature Trust1\x110\x0f\x06\x03U\x04\v\x13\bDST ACES1\x170\x15\x06\x03U\x04\x03\x13\x0eDST ACES CA X6", "\tr\x06N\x18C\x0f\xe5\xd6\xcc\xc3j\x8b1{x\x8f\xa8\x83\xb8", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xe14hb\xfa\xb8\x80\x99\x89\x91\x89I\x807n&\u05f5\xb9\xdb+\xde\xdc`\x0f\xb3n\x13\xbdi\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1 ڐۀ\x93\x8d9\x94\x85M\x98)4\xd8P\xc1@\x0e\xc4\xe1\x12\x16w\xc9L\xcf,I\xccQ\b\xceL\xcfK,)-JU\b)*-.1\x144\xe0\a\xa9\xe0\x16\xe6p\t\x0eQptv\r6\x147\x10\x05\t1\v\xf3\xc1\x84\x14\x9c\x1d\x15\"\xcc\f\xe4\xc4y\r\x8c\r\r\x8d\f\x8c\f\r-M-\xa2\xc4y\r͑\xb8\xb4\xb5\xbc\x89Q\tٳ\x8c\xac\f\xccM\x8c\xfc\f\x06M\x8c\\LM\x8c\x8c\f;m\xbfꜜr\xa7\xb4kjl\xf2\x8b\x96\U000b2d1d\x91\x13c\xdc\xeeN\xb2\x9b\xff\x93\x8fy\x8bm⤽\xcaj[\x93\xdfM\xba4\xef\x9a\xcd\t\xde\t\xf1)\x8d\x1bWp\xf0\xfa\xdc\xf8y\x99U#h\v\xa3\xeaѩ2\xffb\xc5Ď\x9d\xceA\xbb\x1b6\x86vv\x1b\xfe\xba\xb0\xbdl\x9f\xa3\xad\xc1\xac%J\xaa\xe2\xc5/\xe4\x1e]^\xa3\xb57\xdaB\xf1\xaa\x96\xf7\xf5\xd0\xda\xc7V\xa1{\xaf\xe7f3\x85g?s\xaf\xe18Ѵ\xeb\xde\xf2vۅ\xb9;\f\xc2\x0emfj\x8c\xd7\xfd\xfah\x96\x81\x84Ǝ\xb4˧\x19\xa7\xe5\xbf\xear\r\xbd\xf6`\xee\xfftmq\xa6e~RY\x82\xdcu۫\x9fϸ\xd6S\x96\u007f\xd0\xfav\xc0产\x17\xfa\xe4\xcdw\xec\xddul~\xce\xcb\x1a\xe3OF6j\xee\xbf\xd4U\x98N\xd6\xc9Fw8\tg\x99\xd6Ԛ\xbe\xd4K\x9bX4\xf9\xaa\x91ڑ\x92\xaf\xc1\x8b7\xc7\xce\xfa\xc6y\x9a\x89\x99\x91\x81qq\xe3\t\x83ƣ\xe0P\x95\x15fd\xfc\xcf\xc2j\xc0\xcc\xc8\xf8߀\x0f$\xc0\x0f\x12`afb(2u3\xf3RR+\xf42Jrs\fdAv\U00031231\x88p\x16\xb1\xf9I8\xf3?\xbdv\xe6pV\xb7auE\xff\x8a\xe6\x1dh)\x9b\x19\x14Njo\xf4]\xdbt\xfb\x1c\xebs\xa3\xb3\x8c\x97Y\x98\x9f\x96=\tӞ3s\xc2\v\x0e\x83\x9c\xfb\xb5\xb6\xef\x9e\xeeߪ\xe2\xd0\xe2\xf9\xf0\xa2ƺ#\x87\xac\x82\r:>~-\xcf\v<\xf5\xeb\xff\xcc\xf5*\xf1\xd2\v\xfe~Z\xd3r\xea\xfe\xca\x0f\xf1,zk\xc5\xf6+N\x17h\xb4}\xfc\xbf\xbd\xd7\xe8Δ\xa7\xee]qY\xc2'\xa7L\xb5\xbd\xf4\xee\x84\xc9\xd4\v\rW\xd6\x1aq4\x84\xd8<\xd8\x1b\x14|=\xa8fS\xa6}}\xd5\xf9\xac\x92S\xbfX\xb4\xe6\xf8D\xb1-}\xa9\xb0\xd65\x8d?\xf3\xe3\xdd\xfd/\x1f\x1bu\xffzp\xb0ͷ\xc8F\xef\xc6\xe4\n.\xad\x1f7.\xa9\xdbJv\xc6GUwY\x9f\xe1\xb9\x15\xb8\xee8\xf7w\xed\r\xe6\xaco\xf6\x84+?\xb2\xb84;\xe3s\x98P\x87\xbfS\xcd\x0e\xc3#[o?9\xa1h\xf2\xd2C\xd0\xf4ݯ\xe3\x93\u008f\xce7yr\xfc\xdbw>n\x9f9\x19\x15Յ\x86\xc7_\xcb=Hw\xfc\xbc}\xc1\xf2\xb3O\xab\x8cͲ~\xcd\xd2\x06\x04\x00\x00\xff\xffe\x8f\x19(\r\x04\x00\x00")) - p.addCertFuncNotDup("0?1$0\"\x06\x03U\x04\n\x13\x1bDigital Signature Trust Co.1\x170\x15\x06\x03U\x04\x03\x13\x0eDST Root CA X3", "ħ\xb1\xa4{,q\xfa\xdb\xe1K\x90u\xff\xc4\x15`\x85\x89\x10", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xf62hb2Z\xc0\xcc\xc4\xc8\xc4$\xe0\xb2~Cõ\xc5\xea\xbb:\r,\xdb\xf4~8d\x1b\xf0\xb2qj\xb5y\xb4}\xe7eddee0\xb07T1Pbc\x0ee\xe1\x12\x96v\xc9L\xcf,I\xccQ\b\xceL\xcfK,)-JU\b)*-.Qp\xce\xd73\x147\x10\x05\xa9b\x16\xe6s\t\x0eQ\b\xca\xcf/QpvT\x8806\x90\x13\xe7500\xb04602442\xb4\x8c\x12\xe752\x04q\rM\f\f\rM\xa3(\xb7\xa0\x89Q\t\xd9ь\xac\f\xccM\x8c\xfc\f\x06M\x8c\\LM\x8c\x8c\f\xf7\u05ff\x9c\x1e\xc0\xd1\x1c\xbe\xe5LR\xea\xb7\tMo\x8e_\xd6\xc968\x15\xfd\xe6\xe6\xe1\xda\xe3\x0e\a%D\xba\x1f\xbc0.\xf3\xd4zl\xaf\xe89y\x8d\x1f\xdfz;\x8fө\xef\xfe\\V\xe4O\xbd\xa4uӨ\xbf\xe7\xe9\xf7\xf2\rB\xd5[\xa7\x1e\xe8\\\xbcr\xd7\xdbb\xbd*\x1e6\xa3\xe6Eu]\"\x06g\x05\x17<Բ\xd8Y\xc9e\xf87`oC\xea\xfd\xed\x81\xc9\xcd'\x1eu$\xbe\xf2Nl|\x13\x94\xbds\xd1#o)\x8d\xf9\x1e\x8b\xe7\xf1\xdc\xe2\xec\xb3\x13ד\xbb\xabp?\xfa\x98V\xd7j\xbd\xbd\x05k\x8frK\xa9N():Z\x9d\xb5\xda\xe4\x9aA\xe7\xff\xa7\x19\xc2\xd5!\xdc'\xae\xad{\x135g\x92\x9cm\xca\xe6\x9ec\xf7\xf7\x9ft,x#VtU\xed\x8dE\xa8\xa5\xf3\x85?\u007f%b\x1c>N\u007f}u\xd6\xec^\xd9]\xb7Tw\x1e\xbbq\xff\xa0(\x93\xd5\xea[y\x1f\xed\xf4\xbe\xc6p̱\xb9֜\xf9D`\xb6\xa4\xd66\xcd\xf0\xc7Omg\xcf\xff\xc0\x14\xcb\xc4\xcc\xc8\xc0\xb8\xd8\xc9\xc0\xc1\x80\x9f\x8d9TV\x98\x91\xf1?\v\xab\x013#\xe3\u007f\x03>\x90\x00?H\x80\x85\x99\x89\x91\xcd@\x16\xc4\xe7c\x11c\x119\xb2|\xe3\x92j\x9d\xc2_\xb7\x1fzO(\xfd\u007fD4\xa1\xb5S\x00-i0\x83\x02w\xb1\x94\xcelq\x86\x98\x95r\xef4\xd2̭\xf67\x1f\xb7\xf7>̹`\xaaB\xec㛑.\x97\xecx\xed\xf6vy/(\x91?'\xd04\xa7DJ\xb6n\x86\xd4\xdd\xd3\xc2ޛ\x15\\\x9eL|y\xe6O\xed\xd2\xdbYO\xff=\xfb\xfb\xc0\xef\xeev\x06\xab\xad\x05\x9e\xeb?=}\xcd\xf4\xf1\"S\xb7\xe4\xe9)Vq\x1eG$\xe4\"$\xe3嘢>\xf0|ܸv\xe5\x9dȶ\uef17\x13\xbf\xb6\x9d\xfa\xb53\xcdxUd\xf4\xb9G\xcbŊ\xddOk\x9f\x99\xb9\xc1\xdc\xe3\xfc\xe30\xef\xaf\xe7\xf9y\x8a\x8cڏ}p\xd9\x1d\\\x94\xeb\xfcU\xcdcVP\xfa\xf6\x88\xd5\xff\xd2\xcb\n+n\xf3.\n\x13\x11\xb6T1l]\xb4\x82)\xca\xc0\xfd\xe1\xdd\x00\xf6=L\x9c\x13\x18^\xa7$'\xcc\x16\xdb\xd3qR\xe8٥ډ\xdd?m\x8dzS\xb7\xbc\xac\xd9\x18^\xf6\xea\xe86\r\xcb\xfd\xa2\xa92'\xbe\x95O\xcb\xe2\xea-\xe7\xbe1\x91\x9b\xa5\x8f\xfd\xb6\xe66\xaews\x9bLM\x05\x00\x01\x00\x00\xff\xff\xe7\x96\xd1\x13N\x03\x00\x00")) - p.addCertFuncNotDup("0?1$0\"\x06\x03U\x04\n\x13\x1bDigital Signature Trust Co.1\x170\x15\x06\x03U\x04\x03\x13\x0eDST Root CA X4", "\xf0\x83\xeas\xc8?[\x9b[7_\xf5L\x8fZ\xf7\xf4\x86H\xbd", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xb66hbR^\xc0\xcc\xc4\xc8\xc4$\xc8pA\xce-\x80\x81A\xb3\x87\x81\x81\x81\t\x84\rx\xd98\xb5\xda<ھ\xf322\xb2\xb22\x18\xd8\x1b\xaa\x18(\xb11\x87\xb2p\tK\xbbd\xa6g\x96$\xe6(\x04g\xa6\xe7%\x96\x94\x16\xa5*\x84\x14\x95\x16\x97(8\xe7\xeb\x19\x8a\x1b\x88\x82T1\v\xf3\xb9\x04\x87(\x04\xe5\xe7\x97(8;*D\x98\x18ȉ\xf3\x1a\x18\x18X\x1a\x1a\x1b\x98\x19\x19\x99\x1aD\x89\xf3\x1a!s)\xb7\xa0\x89Q\t\xd9ь\xac\f\xccM\x8c\xfc\f\x06M\x8c\\LM\x8c\x8c\fk[kω\xb8I|b\x99\xa7ؽ\xfa\xc2;\xa3%O~}\xa8<\xbc\xce\xe8\xbe\xd2k\xef'\xdf\xdc\xddY\xd8\xfa\r\xfa\xf3/\x1f]\xfcca^S\x8d\xdb\xf7c-\x02ZK\x19V<\xde\xf3!\xc1#3*7\x99\xfd\xd1\u007f\v\xff\xbb,\x12\x9b\xe6\xdfWY\xfb\xd5\xccL\xc1˫s\x9b\xfa|A\xd6\a\x062\x89F\x05\xef\x97V\xf3,\x0e\xfbv\x98g\xab\xd1\x03\x8d\xb8d\xbfڽ\x9f\x95m\xd8\xdfr\x8a>^\xa9\xe6\xb1(D\xfaK\xb8\u007f\x01\x97\xd4w\xcf\xd6\x03r\xaf\xb5*Z\xd4w\xbf\\z\xeb\x8a\xe7\x91I\x97\x9f7\xae)\x99b\xb3=\xff\xb0\xe6\x0f\x97\xac\xba\xa9:ґ\xed\xd2\xcd\x135\xbd&\x9aH\n\xc5\x16I̹\xd8\xf0xO\x17SBU\xdc[I\xe5\xef\xc57\\M\x8c\x82\xdb\x1er\x9f\x97\x99|\xdag\xe5\xee\x8bI\x8b\x05Wʯ_\xb8\xed\xc9:;o\x1d\xe5\t\x1c\xa5\x95\x11^\x86Q\xf2[\x84SV*\x84\xefvs\xad\xfbqr\xa5\x02\xbbI{t$\x133#\x03\xe3b#\x03\x03\x03~6\xe6PYaF\xc6\xff,\xac\x06̌\x8c\xff\rdA\x02|,b,\"\x1f\x9a_\x15\x9f\xb0\x8f\x9e\x1dm\x1e\xffէ?\xea\xfb\x976\x8f\xbdhI\x81\x19\x14\x98-\xd2\xe7\n\xa6Oo\x89\xbcw\xab\xa4nz\xf4\x8f%\x12\xf7r\xb2\xa2_\xae\xfe\x98t|\xcdT\u007fC+\xae\x1d\xa9\xf6\x93\x0e\x96\xb9\xff\x9a,\x1b\xed\xf1\xe9\xeb\x87s\x96\xcd^\x1fn\x1b\xd8\x1b&/T\xaf\x9f\xf4ҿQ\xd8缄\xf6\xba\x8f-Rij\x17ߝ|v\xa7\xa2=p\x99\xafѻ\x98\x0f\xb6\x86\x17\xb7\xf3\x1c\xb1\xb8\xc1\x18\x1a#\xa3\xc5۱\xafܹ\xf9tt\xde\xf3ܾ\r\ar\xe5k\x82\x965\xc6ޞ.u#\xf2\xf7\x14>ƕ'\xfe\xb0\x1fr\xbf*\xf6\xe7\xef*\xb3\xa93\xff\x96\x85L\xbf\xaf\xbftϢ\x04\xffm\xdcq\xf9K\xa5\xfc\u007f\x9a.\x98wC\xd93V\xf2\xff\xf2\xa6\xa9\xd1n\x02\xfftt\xef\x04]\xf9%\xf1\xfe\xa0\xc0\xb7\xbc\x8f-W\xff\x89=\xe2\xa9˿\xe7\x11\xba␜\xa6݊\x0f\xdd\xd3%\xf2\x8e\xbe\\\xb7^\x9b\xf9\xabx`\x81o\xf9\x8f\x00\xfdG\xfb$\xe7\xbd\xfb\x1e\"\xbf\xa1>\xec\x1f\x83\xe0\x96?%\u05cfT\xc4dO0{\b\b\x00\x00\xff\xff\xeb4(\xcf?\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\xb21\v0\t\x06\x03U\x04\x06\x13\x02TR1\x0f0\r\x06\x03U\x04\a\f\x06Ankara1@0>\x06\x03U\x04\n\f7E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.1&0$\x06\x03U\x04\v\f\x1dE-Tugra Sertifikasyon Merkezi1(0&\x06\x03U\x04\x03\f\x1fE-Tugra Certification Authority", ".\xe3۲IМTy\\\xfa'*\xfe\xccN\xd2\xe8NT", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xf36hb1^\xc0\xcc\xc4\xc8\xc4đ\x95a7'p\xf6\xe9`\x03^6N\xad6\x8f\xb6,\x8cܬ\f\x06\x8d\x9b\f\xb9\r8٘CY\u0604\x99B\x82\f\xf9\rxA\x1cv\x1e6Ǽ\xecĢDC\a\x03;\x90\x00\x17\x8f\xb9\xabnH\xe9\x91\xf9E\x89\n\xaeN\xee\nN\x999\x99G\xe7g\xe6*\x84\xa4f\xe7\xe5\xe7\xe4ge\xe6\xa4\x16e*\x94\xa5*xdV妖\x80y\x8ezG\xe7\xe9\x19\xaa\x19\xa8\x80L\xe0\xe6\x91\x05\x99\x90^\x94\xa8\x10\x9cZT\x92\x99\x96\x99\x9dX\\\x99\x9f\xa7\xe0\x9bZ\x94\x9dZ\x95i\xa8a\xa0\x06R\xc7\xcc#\x0fS\xe7\fQ\x97\x9cX\x92\x99\x9f\xa7\xe0XZ\x92\x91_\x94YRi '\xcekhl`l`jhd`ib\x11%\xcek\x04\xe2\x1aC\xb9C\xd3SMLJȑ\xc3\xc8\xca\xc0\xdc\xc4\xc4\xcf`\xd0\xc4\xc4\xc5\xd4\xc4\xc4\xc8\xf0\xe8\xab\xfdd\xd6@\xb9֤\x90\xb8*\xee\xaf\x12\xec\xcd\xeb\xea\xd6\xd7|\xbfҕ\xbd4\xd9\xd9r\xa7\xf7\xf7\xc3\xc7R:m\xa7\xe8\x854\x04YZ\xb2{{\xdfme/k?\xb3_\u007f\xaaϙ\xda\xe5\xb6{\xdc\xf9g\x14\xfc\xe8i\x95+雔+\xedpq&\xef\xeeҼ\x13+\xb3g\x1dh1\\\u007f\xca\xf9\xf4km\x93\x17\xfdӳ\x19g_\xe5\xf3\xe2X\x15=\xa9\xa4\xd5\xf9rú\x85\x1d\xd1\xeb6\xbf\x8a;-6\xab\xdc\xe5\xc4\xc2o!\x19\xe7\xee\xf5O\xd7\xde\x15\xed\xc0ē\"~`\xeb\xe4\xb3\x0f?\n\xa7\x9d\xe3\xa9|\u007fq\xa2\xc6\xea\xf8\x05BA\x06Œ}\xfd\x0f{\xd8\x17\x1d\xde\xed\xf5ᕼ\xe8\x8aw\xaag\x96\xb8\xfd\x90Vz\xbf\x99\xcfy\x97\x8eʎ\xa3:1Wd~Ħ\xec=<9Nc\xb9\xbd\xfa\xc7>\xb9\xcbZ\x01\xac\x8bCo\x9e~n\x19|`Ƽ\x9e\x90\xa4n\xb5\r\xdfk{k\x9e\x1c\x9b\x97\xe6\x14\xda\xe4\xfe|SDo\xdaw\xf6\x1a=\xb3g\x012\xf6\xb7\x9dU\x8e\xeeos\xaf\xdc\\)\xf3=\xea\x8b\xf0\x9b\x9c\x1f\xf6\x8f\"姾s\xb2۹v\x85Q\xab\xe7t\xb7\u007fކ\xfdQ\xa7ז\xb8˿\x9c\xb8\xfd\xbe\x06\x8b҂+\xfc\xb1\x8f*\xfd_崶\xed]\xb1\xecܓ_\x87\x1fn^w\xcf&\xf0\xddi\xe1\x1a\xc6\xfa\x16\xbe\xd8\xc0)\xf3\x84y\xb6\xe9-\xf5\xf9iY`\x96?\xed\x94\x1e\x8fK\xe8\xd1S\xbfb\x99\x16߿\x96\xd2\x13\xb5\x99\x91k\xe5V.w\xf1\xff\xef':h\xf5-t\xb32\x9c\xf1T\xf0ϙݞa]\u007fv^H\x9c\x95\x9f\x9a\xf3\xec\xf0i\xbbR\xcf\u007f\xfd\xcb\x1fu\x1eM\xbf>\xd7M\xd8ϰ\xccZe\xf3<\xc1Զ\xd5\xf5\xefe\xaf\xfc\xd8\xf3|MT\xcc\xf6(\xf7\x98\xd0s\xa1[\x94\n\xa3\xa3\xb9?\x9c\xbf\xb3 1\xe5\xd5\xca\xeb\x19\\\xc9\xcb\x1f\xf0\xda/X\u007fyե\xba\xf7\x81\v\x9e\x05j\x87N\x12\x15\x0f>\xbd=\x8d/\xcd\xe7\xc7\xcfR\x9f\tυ\n\x8e\xbb21320.N6H4\x90ec\x0e\x95\xe5c\x11c\x11\xd1{|{\x93\xe7\x859!\x951\xbfԵ\xfe\x9d\xf1\xbb\xf4\xc2/Ā\x1f$-\xcc\xc8\xf8\x9f\x85Հ\x99\x91\xf1\xbf\x81\x90\x02~\x90\x0e\x16f&F6\xb42\x82\x19\x94\xfaXͭ\xbe\xf8nw}\xe4Z\xaaҿ\xad<\xe8\x85\xcc\r\x81ɩ\x9f?E\xb2-\xb1\x93\xd3|\x13{\xf1\xc2\xea\x9a\a\\\x13<*\xde\xfa\xcd`\x9e\xf9O#a\xa2\xac\x81\xec\x8e\xe4\x9a\x15\xcfL\xb7\xfe\xba\x9cX\xf6\xec\x1a\xbb\xf7\xa9\xccY\x9bZ\xaa\xca'\xbb\x8a\x8b\xceW\xb90CX\xe8\xff\xee\x05z\u007f\xfd|\xda\u007f\x9c\x8bY5C\x9a\xf5\x01\x83\x9bWS\xc3R\xe3n\x8d;o-.\xdf\u007fj\xf7\xf2\xdf\xefȻ\x89-\xfe\x97B\xa6\t'\n\xdb\xf57d\xee\x9b\xec\xbe\xd5\xd4\xf9R\xd4nۘ\xf7\x9b\x9d\xdc\xcfZ\x87\n\xb3m\xe0\xbc\xfd7\xf9\x9bU\a\xd7\xcc\xfc\xba\x87礃\xb3\\Ҕ\x039\xaa\xf7D\a-\xfa\xcbfn\xe1\x90\xd8\xef5m\xc7\x04\xf3\x1fi\xc7+&0\x88\xeau\xaf\r4\rf_\x91\x9d\xb1\ue9df\r\xbb\xdaY\x0eւ3\x96\xf6e{\x97^NWcl[\x16|)\xc1\xbaƹ>\xb4k\xcfT\xa9\x83\x1a\x96>\xf2Η&~)\x8a\xec\xda\x19\xf6\xc7~\xcb\xdc[\x05sʢz\x9c\x03\xde\xf5\x19\x14\xf9\xde\xff\xef\xf9\xfd\xd8\xca\xf4\x9b\xb9k\x98\x04\x1fY\x89\xa9.\x8f\xe08\x9d\x1f\xec8\xc7\xc3\xc2=\xc3\xf8\xe2\xf5\xe3\xfdWJ\x14\xaf\x1cf\x9dP\xf5\xffܴ\x8e\x8d\xa2\x9a\xb1ʫ/$,\x14\xf2\xbf\xf7E\xfc\xac\xd1ӓ\xfbO8\xaf\xfd\xab\xd7\xf7q\xfd\xa3/3~\t\xc9+\xdc8\xb0\x9c\xa7\xf5\xe8\x84/ֺ\xd3\xd46\xea\xec\xf3Y\xfdz㥮\x93\xb7+\x84\xf9\xe58\xe7\xe6\xf63\xccg\xbau\xf0\x97|U\x15\xe7\x11\xafg\x1dZ\xd3\xe7wv\xff5\x8f\x8f\xb7:g\x11\xd9潾\x90{ˍO\x05\xfe\xf3\x8d\x84\x1foX\x1e\xfe\xf4\xd6-\xe7\xd3-&\x9f4\x8e\xbc\xca\xfd\xa2\xf5\xfe`v٭\xdfu\xbb[m.\x05\x1f\xf2\xddW\xf8\xd0\xf5\xe2_\xe5t^\xe1\xd2\xdf\xe7Sӕ\xe6\xae\xdb\xc0y\x91\xf3\xbf\xac\xc9\xfe\u007f\xca\xd3\xcd/Y\xfe\xb2\xe5e\xe3\xder\xdbz\xf1\xea\xfc\x18\xd9mu/67\x99\xbce\x8bQ\x01\x04\x00\x00\xff\xff\x93p\x17\x90O\x06\x00\x00")) - p.addCertFuncNotDup("0\x81\x8d1\v0\t\x06\x03U\x04\x06\x13\x02CA1\x100\x0e\x06\x03U\x04\b\x13\aOntario1\x100\x0e\x06\x03U\x04\a\x13\aToronto1\x1d0\x1b\x06\x03U\x04\n\x13\x14Echoworx Corporation1\x1f0\x1d\x06\x03U\x04\v\x13\x16Certification Services1\x1a0\x18\x06\x03U\x04\x03\x13\x11Echoworx Root CA2", ";\xe1\x81\x1b\xa0\xab?;!\x82\xd5\xe2\x12\xae\xaeP\xab\x14\xa5\x13", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbyn\xd0\xc4|~\x013\x13#\x13\x13#\x83\x01/\x1b\xa7V\x9bG\xdbw^FFVV\x06\x83\xc6^Cn\x03N6\xe6P\x166a&gGC\x01\x03>\x10\x87C\x98\xdd?\xaf$\xb1(3\x1f&\xc2.\xcc\x1e\x92_\x94\x9fW\x92o(k \r\x12\xe1\x12\x16qM\xce\xc8/\xcf/\xaaPp\xce/*\xc8/J,\xc9\xcc\xcf3\x947\x90\x05Is\v\x8b9\xa7\x16\x95d\xa6e&\x83\xc5\x15\x82S\x8b\xca2\x93S\x8b\r\xa5\f$@\n\x98\x85\x05\xe1\xfa\x83\xf2\xf3K\x14\x9c\x1d\x8d\f\xe4\xc4y\rL\r\r\f\xcc\f\rL,\r\x8d\xa3\xc4y\x8d\r\f\r\f̡\xdcA\xe7\xde&F\x05\xe4 ede`nb\xe4e0hb\xe4`jbdd\xd8u\xd5\xfe\x89\xa4\xe8\xf5\xa9\x8c\xf5\xaf\xedT\xb9\xdei\xf2d\xbf\xdfm\xbeΪ\xdem\xf2\xdaY\x82't:\xfa\x9eq\xb3D\xfc\xe71\xda\xfe:\xc4cQ\x99\x91\x95\x93ܬyg\xb9\x18\xd3\xcd\xf8y\xed\xfb\xbb\xba\x18y\xcey+H6\x99˞\x9a\x1c\xcc:\xefٮ\xbf[o\x18\x98ٽ3][\xb5\xc1h\xa7\xe3ڈ\xfd\x9a\x16\x8a\xb5\x97\x9e\x9aJ\xefR۰\xf3\xf4\xc1[\xebv^\x14Uj\xbdj\x11}\u07be\xec\x9a\xd3a\xb7\x86E?Bs\x9e>\xcdӞ\xf4^\xf1\xa7\xa2\tWC\xbe\xd6冷\x97\xbf\x9b\xdfl\xf2\xd7[\x96\xa8\xc2p\xf9\xb0~\xfc\x9e\xd3\xdb\xddl\xe4ハ4Q\x9e\xb9\xfe\xc3G!\xcdZ3\xbf\xe8\x0f\x8d\"\x1d\x9d\x86\x17'\x9f\xdf\xd7\xf1\xf84k\xa6\xdb\xf2m\xf1+\r\xc5'|\x95l\xe3\xba\xe0\xf4'f=Ô\xc5+\x97|\xb4ZpD\xe1\xfc\x93\b\xfe\x05\x85I6\xdb\xe7?;s>e\x83'oV\xb5Ğ\x96+?\x978\xf4M\xebfbd^\xdc\xc4\x18`\xd0\xc4\xe8c\xc0\xcf\xc6\x1c*+\xcc\xc8\xf8\x9f\x85Հ\x99\x91\xf1\xbf\x017H\x80\x9f\x85\x85\x99\x89\x91\r\x1c\t\xb2|,b,\"\xd6\x0f\x1b\xa5\x17\xac\xb6\xb7Vl\xba\xfaHhݺ\x80\xd5\"K\x85\r\x1aw\x81\xe4\x95Y\x1a7\x194\xaeo\xc0\xaafa\xe3\xe4%\x8d\x13\x06[\x12ibd0\b\x00\xb9]\x81\xc5\xd3\xc0\xdd\xc0\x95\x8d[\x9b\x8d\x91\x85\xf1\xa7 \x17#3\xa3\x81\x99\x81\t\x1b\x876\x1b#++;\x13\xa3\x98FFII\x81\x95\xbe~yy\xb9^*\xd4 \xbd\xe4\xfc\\\xfd\xe4D\xfd\xa2\xfc\xfc\x12#\xfd\xe4\x82b\xbd\x82\x944\xb4l\xcc\fJj\xf9\xcb\xd7\xfc\xd8\u007fQ*^\xd8\xea\xf1\xe5\x84]*\xc9W\xb2\xf6\xa9\xe7\x19)\x16\xf6\xf5\xbe1\xed\xadZ\x90\x11\xf4\xd2ѣ\xf1\xbfmc\xaflO\xf5\xbfȓ\x95?\x16\x1d\xf9\xd8\xf2\xd6\xc4\xf2\xc8\x0f\x96\xe9b\u007fs\xd6\x1b/`д\xdej~\xe7\xf5\xec\x95\xf3μ\xb1t\x9f\x13\u07b4\xe0\x15\a\xe3\xccc\u05fc7h3\xfc\xe4,j\xbc\xb9\ue1fc\xb9\x96Ya\u0605nF\x115\xad\xb5\x11\xf5k98\xad\r\x0e|\xf8ܖS\xcb\\ak\xd8\xcfศAc\x9a\xd3\xe4\xdf\xdb<\xb6L,\xb5\xddW\xe54\xe1\xf4\x97\xfc\xad/\xe2\x8eM\xca<5\x85I¿Dػ\xa6U\xb2a\xe1\x9c鲿W\x17\x06\xfc\xf0\xea\xbe-d\xf1\xb2AqQ\xfb<ǿ\x9eg\xfe1\xa7\vu7\x98\x1ft\x13\x0f]\x9d\x17r\xf1\xa5\xebޥ\xa7؏\xdf\xd5n\x8a\xbf,\xf2\xd1\xeb\xde}\x83TO_o\x86\xdd>+\xfa8g\x1eQs\x9a\xa4u\xa6\xe7\xbdu\xc6\xf1S\xef\xfd\x9dV\x01\x02\x00\x00\xff\xff\xa4\xbc`\xdd\xeb\x04\x00\x00")) - p.addCertFuncNotDup("0u1\v0\t\x06\x03U\x04\x06\x13\x02EE1\"0 \x06\x03U\x04\n\f\x19AS Sertifitseerimiskeskus1(0&\x06\x03U\x04\x03\f\x1fEE Certification Centre Root CA1\x180\x16\x06\t*\x86H\x86\xf7\r\x01\t\x01\x16\tpki@sk.ee", "\x12\xf2Z>\xeaV\x1c\xbf\xcd\x06\xac\xf1\xf1%ɩK\xd4\x14\x99", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hba6hbz\xbd\x80\x99\x89\x91\x89I \xa4\xe1\xe7\x82\xe2\xb7\xf6\f>\xa7:o<.|\xe6e\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xa0Ԑۀ\x93\x8d9\x94\x85M\x98\xc9\xd5\xd5P\xc9@\x01\xc4\xe1\xe2\x91t\fV\bN-*\xc9L\xcb,)NM-\xca\xcc\xcd,\xceN-\xce.-6\xd40P\x03\xa9a\xe6\x91wuUp\x86\xa8IN,\xc9\xcc\xcfSpN\xcd+)JU\b\xca\xcf/Qpv4\x940\x10\x83\xdb\xc6\xc9(\xc6Y\x90\x9d\xe9P\x9c\xad\x97\x9aj\xa0$\xc1od`h`h`\f%\xa3@\x02\xc6\x06\x86F\x86\xe6FƦ\x96\xa6\x96Q\x03\xe5\xb4&F%\xe4@bde`nb\xe4g0hb\xe4bjbdd8\xa1p\xe0̓\xa3ޫ\xd9+\xa6~vy\xf7\x9b\x9b\xe7\u007fI_\xe2\xee\x8dI\xaf\x94o\xac^\x98jT\xf5\xbaO\xdc\u007f\xda\r\xaeꉋ\x92s\x8e\xf7\xf8\xe8U\xee_\xc9\xfa'3fjo\xd2ϝ\x05o\x0f\a\xd6^\x98\xfc,絁\xf7\xc3=\xb5\xfb\x83f\x9f˫N\xfdd\xb1\xf1\xc0\"\xa3\xf7I\x9b2\x1e$\x06\x1f4\x9b\xfa\xff͔]f\xeb\xe6\xc8,7\xe2\u007fZ\xb3\xe5X~\xc9\xdfj\x89\x17k\xc2߲)x\x1b\x19DD\xff=\xbb\xe2\xd9\xc2?\x05{\xfa&\x15ߞ\xbe\xbcFq\x9d\xed\xc1\xaf\x1e\xed9\xea{竖4\x86n\xf8^\xfa\xcdvIJ\xf65\xff\xe7\xe7\x1c\xd6\xf2\xdf5\xba\xbc\xa7K(x\xc6\xc9\xce\xdf\x02\xb2\xbeug\xeb\xe4\xc3x\x15\vZ\xbf)4\xcb\u007f\xdb%\xcf\xd2\xff\xaa\xbc\xc3\xf4\xc8\xffW~\v\xbb}퓥]\x0e\xbb\\Q-;\xb5\xbd\xf7\xba\x9cWZ\xca٘\xa3s\x9a\x1f\x1e\xe2\xe8\x98\xf5\xc6o\xf1G;\x19\x9d\x9b9\xb2\v\xbd\x99\x98\x19\x19\x18\x177v\x194\xb6\x1b\xf0\xb31\x87\xca\n32\xfega5`fd\xfco\xc0\a\x12\xe0\a\t\xb0031\xb2\x19Ȃ\xf8|,b,\"B\x9f\xa2\xec^\x85\xc9\xec?˶\xe6\xe3GՓ+\xbd\xaf\x88\xcc4p\x05I\xab\xb2\xd8\x19ذqh\xb31\xb2\xb2\xb233\xc1Y\x8cp\x163\x9c\xc5\x02gq\xc0Y\x9chi\x9a\x19\x14K\xd5ߞ\x1c\xe0]%\xe9\xbe\xdd7|\U0007fd7b7f]\xe5\x9fw\xfbI\xf2Ѿ\x85\x01a\x93\xa7\xed\xb08\xa0\xa2\x94\xb6'X$q\xea\xfe\vǵ\xa6Y\xda\xd7jl\x16pP\xcc:\xb2~CP\xb9\xc4\xc3i7\xc2b\x1f\xdf5\x8b\x93]\x1e\x10\xb2\xe0\xa8֓U=S\xba\xfc\xe7\x9a\xfe/[\xc2&N\xba\xb2ҝ\xdd\xee\x8c\xc2b'\x03\a\x03>6\xe6PY~F\xc6\xff,,\xccL\x8cl\x06\xfc \xbe0\x88\xcfj\xc0\xcc\xc8\xf8\xdf@\x16$\xc0\xc7\"\xc6\"\xb2=\xf9\xb9\xd4\xddޗ\x1c\xcbB\x9b\x97<\xc8\npL\x15t\xf2DNk\xcc\xe9\f\x06)L\x06\x89\x957\x9e:\xb9ߗY\x17\xe9\xed\\\xd2U\xeev/7\xf1=\xd3\xd7\xdf[\xef\x9f\xf9\xe7\xf7\xff\xdf\xcag˙\f\xa2g^o5g\xdbZ\xcd\xf1\xf7\xb5z\xb7ה\x9f\x0f\u007f-\xefS\xe3xQ3)#\xb7\xf8F\xbe\xda\x1aE\xa6\x1d3\xb7\xab9F\xab&\xac\xbb\xe0!\xf5\x8e\r\x10\x00\x00\xff\xff\xe0:w\x99\xfd\x02\x00\x00")) - p.addCertFuncNotDup("0\x81\xbe1\v0\t\x06\x03U\x04\x06\x13\x02US1\x160\x14\x06\x03U\x04\n\x13\rEntrust, Inc.1(0&\x06\x03U\x04\v\x13\x1fSee www.entrust.net/legal-terms1907\x06\x03U\x04\v\x130(c) 2009 Entrust, Inc. - for authorized use only1200\x06\x03U\x04\x03\x13)Entrust Root Certification Authority - G2", "jr&z\xd0\x1e\xef}\xe7;iQ\xd4l\x8d\x9f\x90\x12f\xab", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xb13hbV[\xc0\xcc\xc4\xc8\xc4\xc4\xe2\x15ܣa\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x9b\x95\xc1\xa0q\x9f!\xb7\x01'\x1bs(\v\x9b0Sh\xb0\xa1\x98\x81\b\x88\xc3%\xcc\xeb\x9aWRTZ\\\xa2\xa3\xe0\x99\x97\xacg\xa8a\xa0\x06\x12\xe7\x16\x96\x0fNMU(//\xd7K\x85\xc8\xeb奖\xe8礦'\xe6薤\x16\xe5\x16\x1bZ\x1a\x98CT\x1ah$k*\x18\x19\x18X*\xa0\x18\xa5\xa0\xab\x90\x96_\xa4\x90XZ\x92\x91_\x94Y\x95\x9a\xa2PZ\x9c\xaa\x90\x9f\x97Sihd`\x00\xd2\xca,\xac\tա\x10\x94\x9f_\xa2\xe0\x9cZT\x92\x99\x96\x99\x9cX\x92\x99\x9f\xa7\xe0\b\xd1XR\xa9\xa0\xab\xe0nd '\xcek`i`n`nhndjj\x12%\xcekl`h\x04⚂\xb8C߃M\x8cJȑ\xc6\xc8\xca\xc0\xdc\xc4\xc8\xcf`\xd0\xc4\xc8\xc5\xd4\xc4\xc8Ȱ\xabe[\xd1\xedy<ُf\xbe4`\\^\xf6\xcah\xc7TG\xa9\x93\xb7\x12\xfd\"\x8a\xce\xff\xfb\xd6T\xb9\xbf8\x91\x8dk\xa9\xfa\x8d\xcd\xf1\x97]\xfdd\x8a\xae\xf9\x19}*\xea\xe2\xff\xde,y!\xab\xa1\x81\xc1Un\xc3\xf1\xe7\xb3\xf6\v\x85\xab\xcb,\xce\xd0\xe7jߛ\x95\xcd\x17\x97\xfaY\xa6\xfc\xea\x95\xd6\xde\x02\xc5-\x9b\x8d\x9ew/\xba\xdafɴq\xc7%\xf7sONz\x1e\xb1^~\xefwHm\xf8\xbe\x0f/\xf2\x0eUn\xb2\xe2\x0e}\x140C\xccH8F\xbf\"\xec\xe0\xa1)\x9b?E=Q\x9f5_\xe5\xfa\xb17\x17f\xab6=>s\xe8\x88\xebў\xe9Ul\xd9Z\x82\xf3Wr\xe5yX\xe7߾\"(\xe9\xf4\xbd\x9f}\xff\xd7\xe0\xf89v_\xc4u\x9ee\xae\xf13\xf2I*\u007f\xb5\xfd\xc5\xd3\xdd&{$\xbb\xd7\xcd\t|\xbe\xbdnk\xf0Fc\xa5\xa7\xb9\xe7\vl\xa4~=\x9a\x9d\xbe\xad\xf9K\xef\xd2\xf5I>\xbe\x0f\"֤\x98\b1\xff\xd8\xd6;%YeI!\x133#\x03\xe3b'\x03\a\x03>6\xe6PY~F\xc6\xff,,\xccL\x8cl\x06\xfc \xbe0\x88\xcfj\xc0\xcc\xc8\xf8\xdf@\x16$\xc0\xc7\"\xc6\"\x92U\xa4VuA\xee}\xeds\xeb\xcc\xc0+9\xbd\xf3'\b\xa5\xadF\xcb\x1a̠\xc0\xad\x9c/;\xedضJ{\xa5\xde\xf6\xcb\xed\xcc,\tYٳ\xf4\";\x8b\x05\xd78_\xfc*\xfc\xbf\xd7R\xfb\xc0\xa7\xbd\xfe\x05=+\xf5_\x89\x1f\xe1\x0e\x99wEz\xda\fc\x9b\x15k\x93\x161\x94\xad\x8e\xcc\xccc\x93\xad;\xb2ӥw\xc6z\xa1+\x89\xb7\xb9$\xdd\xdc?\xbf\xfe\x9e|Ё\xd5a\xe9\xa5\xed_\xb6\xce2ۿ\xb2\xa3\xac\x83%\x94E{N{\xbd\x94\xb9M\x9d\xeeR\xa9\x1bW:\xe3N\xed]c\x9bs#w\xfd\xd5\xcfe\xfcg\xad;,\x94\xe6\xe6L\x9eu\xc4v\u007f\x93t\xaa\xfd2\xfe\xd8U\u007f\x9en\x12=\xb5u\xed\xb1=\xb6\x17Z^\xbcb+\xda\xe0kiT\xb1\xdfNp\x0e\xf7\x92\xb9\xb3\x14?\u007f\x98\xcdmPq\xfb\xe0\x9dv\xe7\u007f{\x92g\x9d:zH\xe6\xe4\xf1\xde\xff\xd6B\x11\x1c϶پ\xa9\xd2\xf1\xfb\xdd<\xed\x1c\x8fMf{H\xf1\x92\xe2C\x93\xff\a\n\xac\x11\ra\xbc\xf1\x87uc\xe7\xc2\xfa\x92\xe6Y\x9e\xd7\xef\xf8Uwy\xe4w\xbb~\x03\x04\x00\x00\xff\xff\x95\xbd=AB\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\xb01\v0\t\x06\x03U\x04\x06\x13\x02US1\x160\x14\x06\x03U\x04\n\x13\rEntrust, Inc.1907\x06\x03U\x04\v\x130www.entrust.net/CPS is incorporated by reference1\x1f0\x1d\x06\x03U\x04\v\x13\x16(c) 2006 Entrust, Inc.1-0+\x06\x03U\x04\x03\x13$Entrust Root Certification Authority", "h\x90\xe4g\xa4\xa6S\x80džf\xa4\xf1\xf7KC\xfb\x84\xbdm", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x99h\xd0\xc4\\\xb9\x80\x99\x89\x91\x89\x89\xc55; Ā\x97\x8dS\xabͣ\xed;/##++\x83A\xe3\x06Cn\x03N6\xe6P\x166a\xa6\xd0`C1\x03\x11\x10\x87K\x98\xd75\xaf\xa4\xa8\xb4\xb8DG\xc13/Y\xcf\xd0\xd2\xc0\x1c$\xce-lP^^\xae\x97\n\x91\xd3\xcbK-\xd1w\x0e\bV\xc8,V\xc8\xccK\xce/*\xc8/J,IMQH\xaaT(JMK-J\xcdKN5\x947\x90\x85h\x15\xd3H\xd6T0200S@5[\xd7@\x1b\xa4\x80YX\x05*\xae\x10\x94\x9f_\xa2\xe0\x9cZT\x92\x99\x96\x99\x9cX\x92\x99\x9f\xa7\xe0XZ\x92\x91_\x94YRi '\xcek`fhhdnd`dlb\x14%\xcek\x04嚂\xb8C\xd1KM\x8cJ\xc8\x11\xc3\xc8\xca\xc0\xdc\xc4\xc8\xcf`\xd0\xc4\xc8\xc5\xd4\xc4\xc8Ȱm\xea6g\xa7_\xc7r\xb5\xf2=\xeeO\xf1\xb1\fg}w\xb8R\xd01\xc3\xec\xed\x9b\u007f\xb3\x18\xfb\x17Zh\xfc\xf9.\xe0\x96\xa6\xe7+'\xb5Q\xca\xef\xd8\xc5\x03S;6\x9c\xfco\xd8m\xcc|{{s\xb5\x9dBK\xdc\xdbMa\x1a\xcb\u007f<\xd8\xe9Ph~\xf4\xb4;\xdft\xad\x8c\x03JS\x93Do\xbb\xdf\xfczA\xfb\u007f\x93\xf7ɵv\xf7|nOh\b\xb0\xe7\xecjaxc\xc0e+q\xf6\xf7_\xad\xc8Y\xcaS\xc5u\\\xe7\xc9\xe79W\xe6\xf2\xc4\xcc\xf8\xe7\xb1\xfc\xa8\xb2{L\xdc\u07fc\xe7r[\xbee\xb8^lk\x8e^\xd4ջ\xf1\xb1f\xc3?\xd5\u008e\xb5\xfb\xf6\xf4\xaf\t\x9a\xe6\xbd*\xb0\xf7\x89\xb0\xa1\xe4\v?\xdf\xf9\xb7\xd7lκ\xba\xc72\xa4\xf0TUU\xfd\x84\xbb\xb5\xb2\r7\x1bwG\xaa\x1d\x12\xfc\xf7l\xf2\xa3\xef\rOR\u007f\x9b\x98\xf3i6\x14\xf8\xae\xb7hӛW\x1f\xbe~\x9e\xf8\xba\xd72\xa75\x14\xe3\xb7\xc9\xdcx\xbe\x88E\xe9\xe7\xe5[7N31320.n\xdc`иր\x8f\x8d9T\x96\x9f\x91\xf1?\v\v3\x13#\x9b\x01?\x88/\f\xe2\xb3\x1a032\xfe\a\x87\xbc\xac\x00\x8b\x8a\x81R\x03?(j\x90\x92J#\xbf\x91\x01jb\x91\a)Vf\x910\x10k\x10ɘ\xf0$}ɲ\xe0\x86\xe3miK>~\xf7v\xfeݲ7\x17\x1cѲ|,b,\xb8\xa4\xc1\xb1\xf6\xad\x96ݑ\x81E\xc0\x80O\x9a#\xcc\\\xcf\xd0\xcaDπ\x99\x89e\x02Znc\x06\xc5\xe5\xe4+\x06\x1b\xae3+h]\xf8\x99\xfcb\"\x0f\xab\xc2\xcax\xc9S\xd5E~W6\u07be0\xedwH\x94\xa4\x0e\x0f\xc7\xf7M{ZW̭ϵ\x0eڬu\xfb\xf9\x95\x96\x9e\xe4o\xfc\xa7\xd5\x18'\x06\xe4|\x89\x17y4\xb9\xe4\x80\xf0<\x03\xab\x80\xc7[\x12\x8e\xca|Pr\xe9-t_sB\xea\xe4\xcbٳ\x18\x12\x84\xff\x17\xd4\xc5\v\xfazJo\x16\r\xaa>\x19rk\xffܩ\xeb\xb3gݘ\xf7\xf2\xe3\x13\xe7\xdeG\x82.V\xfb\xd7\xefmv*\x0e\xea^\xb5{\xb9\xe6\xf9\xaf)2\\\xbe\x17\xf7\xacZ3_\xeb\xc2\xff\xfa\xfa[\xb5\xaf6\xbe5P=\xd8r\xcb\xe4RtEs؛9f\x87\xd5\x1e\t~K\xf7\x94\x9d\xb4\xba\xe7\xf7\xeb\xffU\xefZ\xbd\x96\a4|X\x1e\xe35E/\x9eu\xa6M\x90ン[\x92\xcf3:\xef\x9a\xd3|\xa7?\xc1\xfasԖ-\xd5\xebnqO\xb0(}\xdf(\x9bv\xe9{x\x81\xd9\xe6\xfd\u007f4\xd6\x17\xaa\xb6F\v\xff\x93\xab\x8f\xdab\x03\b\x00\x00\xff\xffWߵ/\x95\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\xb41\x140\x12\x06\x03U\x04\n\x13\vEntrust.net1@0>\x06\x03U\x04\v\x147www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)1%0#\x06\x03U\x04\v\x13\x1c(c) 1999 Entrust.net Limited1301\x06\x03U\x04\x03\x13*Entrust.net Certification Authority (2048)", "U\xe4\x81\xd1\x11\x80\xbe؉\xb9\b\xa31\xf9\xa1$\t\x16\xb9p", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x891hbvY\xc0\xcc\xc4\xc8\xc4\xc4b\x91\xbc3̀\x97\x8dS\xabͣ\xed;/##++\x83A\xe3\x16C\x11\x03!6\xe6P\x16.an\u05fc\x92\xa2\xd2\xe2\x12\xbd\xbc\xd4\x12C\a\x03;\x90(\xb7\x88yyy\xb9^*BF\xdf9 8\xde\xc8\xc0\xc4B!3/9\xbf\xa8@O!\xa9R\xa1(5MOA#'37\xb3\xa4X!'31IO\xd3P\xd5@\x19l\x82\xb0\x8cF\xb2\xa6\x82\xa1\xa5\xa5\xa5\x02\x92\x05\n> ũ)\x86\xc6\x06\x86 e\xcc\xc2ZȲΩE%\x99i\x99ɉ%\x99\xf9y\n\x8e\xa5%\x19\xf9E\x99%\x95\n\x1a \x9b5\r\xe4\xc4y--\r\x8d\x8cL\f\xcdM\rL\r\xa3\xc4y\r!\\\v#\x10w\xa8z\xab\x89Q\t9\x82\x18Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x19\xd6\xfaz\xaf\x14j\xdb\xf4j\xb1\x02\xbb\xa8X\x8a\x96\xb6\xf7\xc5\xfd\xdc^\xbe}o\x1bʖ\xa6o\xafp8P\xect\"\xe3\xc0\xed`\xed\xbbq;\xcaf\x98N\ue59a[#l\xc5'\x1f\xbd]\xee\xfcS\x15\x11\xb9\x8d\x8d+{kw\x9c\xc9\xf6f\xfe\xc8\xc4sg\xf5R\a\x15\x86\xfa\x92)\v\xe7rhn\xee\xe0\xfe\xda^>7\xf4\xec\x93\xc3u׳RV\xb7\x8a\xb4M\x8d\x9en\x14\x90o{bW\x1a\xcf\xe3?{wx\x1e,\xeb\xf4\x94\xfc{`\xc5\xde\xce\xc5\xe9\xfa\xc7\xe6\xef)\x94Lء\xfbR\xe7䄲\xb4\xea)\x8f\xd6W\\K\r\x8e\xb5\xb96g\xd3yM\xe6\x9f\xfaK\x026]\xf18\xc7j\x14\xda\xf5wS\x8a\x0fߓ\x19쥷\xeb\xef\xef\xe4\bMh5\xd0\xfcY\xed\xb1$\xb3\xed\xb1\xa9\xbd\\[lU\x95\xe8\xde\xf7\f}\xa2J!\xe2\f\x13\xd4&\xef\xe1\xf3̘\xb8\xff\x87\xfb\xe5\xb9S\x9d\x0e\xf2\xf9\xde\xcfW;\u007fXB1)\u0379\xe0\xda\xd5\x03\xec\x0f\x99\x98\x19\x19\x18\x17\x97\x18\x14\x19\b\xb2q&\xb4y0\xb6\xfdpbddaafb`7\x90gc\x0e\x95Uf\x910\x10k\x10\t}\xd2xQ\xb0aߍΝ\x1c\x8b\r\u007f.T\xe1\x14\xdbY` \vR\xc0\xc7\"ƂK\x1a\x1c\xf0\xdfj\xd9\x1d\x19X\x04\f\xf8\xa49\xc2L\xf5\f\xacL\xf4\f\x98\x99X&\xa0e\x1cfPtD\xba\xafQl\xe9\x12?9\xa73XnWC\xab\xd41\x1b?\xbb\x8ds\xb6\xd5\x1c\x9b\x14+\x91\xc2\xf4\xf82\x1b\x87`bM\xf2c\xed\xb9\x86\xcc\x05e\x97\x16k,\xf8\xb2{Vr\xf1\xdbܧZ\xb7ߊ\xac\xd4>f&xA\xfb5{\xf7\xd2[\xf3b$\xe7\x86\t}\r\xd1<\xc1\xfav\x93\x90V\xef\x17f\xe9\xff\xcf'\t\xb4o\xb0\xdazx.\xab\xb9\xd0\xe2\xe3_Dw^]b)6;\xd8Jy\xe2\xc7\x15M\x8b\xb2:2\x0eV2)\xedY\xb5\xecں\xfb\x1bD\xe2w\xb4_\xb8[S_\xfd\u007f\xbd\xcc\xf9g\xb7\xd9\xd7\xc6\xddn\x9d{A\x9b\xd7\xf86\xcb\xc5g\x9e\x0e\xc2\xdae\xbf\xed^\xce\xe9\xe4\x17='\xb1\xa1\xb5B\xd1?۟\xef\x97Y\xfaY\xf6O\xff9.<\xbaws\xbf\xd6\xfa\x1d\xedm\x8a6,\xa7\xb6Oɨ?o\xf3r\xc6u\x8b\xffo\x0e\xdc\f\xf8\xa0\xe7\x1d\xb1\xce-\xff\x82\xde\xe1\x84[E\xa1E{}\\\xe7%\xee\xda\xdf\xd28\x89\xf9\xe2\xa5̚\xa3\x80\x00\x00\x00\xff\xff\x13j\xcbA`\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\xb41\x140\x12\x06\x03U\x04\n\x13\vEntrust.net1@0>\x06\x03U\x04\v\x147www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)1%0#\x06\x03U\x04\v\x13\x1c(c) 1999 Entrust.net Limited1301\x06\x03U\x04\x03\x13*Entrust.net Certification Authority (2048)", "U\xe4\x81\xd1\x11\x80\xbe؉\xb9\b\xa31\xf9\xa1$\t\x16\xb9p", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xd12hb\x16Z\xc0\xcc\xc4\xc8\xc4\xc4b\x91|\xef\x87\x01/\x1b\xa7V\x9bG\xdbw^FFVV\x06\x83\xc6-\x86\"\x06Bl̡,\\\xc2ܮy%E\xa5\xc5%zy\xa9%\x86\x0e\x06v Qn\x11\xf3\xf2\xf2r\xbdT\x84\x8c\xbes@p\xbc\x91\x81\x89\x85Bf^r~Q\x81\x9eBR\xa5BQj\x9a\x9e\x82FNfnfI\xb1BNfb\x92\x9e\xa6\xa1\xaa\x812\xd8\x04a\x19\x8ddM\x05CKKK\x05$\v\x14|@\x8aSS\f\x8d\r\fAʘ\x85\xb5\x90e\x9dS\x8bJ2\xd32\x93\x13K2\xf3\xf3\x14\x1cKK2\xf2\x8b2K*\x154@6k\x1aȉ\xf3ZZ\x1a\x1a\x19\x99\x18\x9a\x9b\x1a\x98\x1aF\x89\xf3\x1aY\x1a\x98\x1b\x99\x18\x9a\x18\x9a\x1a\x1aE\rUo51*!G\x10#+\x03s\x13#?\x83A\x13#\x17S\x13##\xc3Z_\xef\x95Bm\x9b^-V`\x17\x15K\xd1\xd2\xf6\xbe\xb8\x9f\xdb˷\xefmC\xd9\xd2\xf4\xed\x15\x0e\a\x8a\x9dNd\x1c\xb8\x1d\xac}7nG\xd9\f\xd3\xc9\xddRsk\x84\xad\xf8䣷˝\u007f\xaa\"\"\xb7\xb1qeo\xed\x8e3\xd9\xde\xcc\x1f\x99x\xee\xac^\xea\xa0\xc2P_2e\xe1\\\x0e\xcd\xcd\x1d\xdc_\xdb\xcb熞}r\xb8\xeezV\xca\xeaV\x91\xb6\xa9\xd1Ӎ\x02\xf2mO\xecJ\xe3y\xfcg\xef\x0eσe\x9d\x9e\x92\u007f\x0f\xac\xd8۹8]\xff\xd8\xfc=\x85\x92\t;t_ꜜP\x96V=\xe5\xd1\xfa\x8ak\xa9\xc1\xb16\xd7\xe6l:\xaf\xc9\xfcS\u007fI\xc0\xa6+\x1e\xe7X\x8dB\xbb\xfenJ\xf1\xe1{2\x83\xbd\xf4v\xfd\xfd\x9d\x1c\xa1\t\xad\x06\x9a?\xab=\x96d\xb6=6\xb5\x97k\x8b\xad\xaa\x12\xdd\xfb\x9e\xa1OT)D\x9ca\x82\xda\xe4=|\x9e\x19\x13\xf7\xffp\xbf\xdf\xfb\xf9j\xe7\x0fK(&\xa59\x17\\\xbbz\x80\xfd!\x133#\x03\xe3b'\x03\a\x03>6\xe6PY~F\xc6\xff,,\xccL\x8cl\x06\xfc \xbe0\x88\xcfj\xc0\xcc\xc8\xf8\xdf@\x16$\xc0\xc7\"\xc6\"\x12\xfa\xa4\xf1\xa2`þ\x1b\x9d;9\x16\x1b\xfe\\\xa8\xc2)\xb6\xb3\x00-\x1b0\x83\x02\xd7zv\u007f\xd8l\x83\xe7\xc13k\xaa*\x97\xfbN\xbf.9u\xc2o6\xf9S\xc65n\xc9\xfd\xd3\xd2T~9H+\xaa\x9fzVT\xfc\xc9\xff\x9f\xe1̿'x|2\x82\x8f54\t\xcf\xf8\xb5m\xed\xadXۏ\xe7\xf2\xbe\x89\nNi\xe2yg?u\xbd\xe0j\xfe\xeb\xfa\xf7\xe4\x99\xfb\xc3u\xe4N\xee\x9e%\xe52\xf5\xb5\x84\xff2\xf9\xb3\xb5\xe1\x02\xfa\xb3Y8\xa3Z\xb6\xe6ݐ\xb5zxm\xdeŜʸJ\x19\x91\xa3\x8f/\xf8L\xb6N\xb5y{\xdfv߲\xa7S\xa5\x0eo\x95<\xbc7.z\xf7\u007f\xe5\xf7\x19\x92\xa7\x85&\xab\xc70\xeb\xe6\x1b\\\x90\xdb&\xb5\xe6^\xd4\xf7\x8b\xabV\xa8/\xfbW\xd9x\xa4r\xa6q\xf8.\xa1\r+\x1f8\xe5L>\x15v\xef_n\v7Gw]\xef\xab\xeb3\x14\x8f}~nS\xa9\x1f7碏h\xef\xc37J\xe6gf9sO\xbf\xd30\xa1ws\xfa\xec|\x0f\x0eѰ\xf3\xfb?j\xd7\xc4\xcd*{\x199\xe1hM\xb3\xa9`j \x00\x00\xff\xff[P*$.\x04\x00\x00")) - p.addCertFuncNotDup("0^1\v0\t\x06\x03U\x04\x06\x13\x02TW1#0!\x06\x03U\x04\n\f\x1aChunghwa Telecom Co., Ltd.1*0(\x06\x03U\x04\v\f!ePKI Root Certification Authority", "\x1e\f\xf7\xb6g\xf2\xe1\x92&\tE\xc0U9.w?BJ\xa2", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xdd`\xd0\xc4\xba\xc4\x15\xc4%>\xeb\x8fԆ\x00\xa6\xa7\x8c\x8b\x93\xcd\x15}\\\x8e\xcc\x0e\x9c)\xc8W<\x87\xad?Do\xb9F\x9c\x8be{\x98\xae\xf9\xdeV\x97)\x0fy\xbcu\xe6\x1c\x9e\xd4j\x92x\x9a\u007f\xc7l/\xe7\xa0\u007f&V\xb5;^j\xde)[y\xc2\xe0\x87Ha\xc3193\x8f\x12%ǘ\xf6\xa6\x17\x12\x85ݎ\x9d.\xcf\xeb\"\xa2W\xec\xe8\x15~\xb9<\xe7\xb0\xfb\xdb\xcdRs\x93\xd6\xf56\xbd\x9a2\xefn\xa4\xc0\xe1\xb5w\x1f\xf9>6\xbcz\xfc͋O\x1b\xfeM\x92\x13\xe3\x92\xfas\xf3\xf3\x0f\xf5m'\xf7\xc9n\xc9I\x99P\xff\xe5ɑ\xe8\xeb\xe6\xeb\x9c\xf8\xee.\x91ʯ\xe9\b9*\x96\xf7\xb0*C\xef\x87\xd5~\xde%6\x9d\xd6\x15\xcb\xfd\x92\x9bY\x149\xd2{?5y^\x88\xfe\xbb\xf1,\u007fs\xcb\x15;\x85\xd6\xef^\xb6\xdas\xfejqq\xfa\xbej\xfc!8\a\x10\x00\x00\xff\xffEt)\x84\xb4\x05\x00\x00")) - p.addCertFuncNotDup("0Y1\v0\t\x06\x03U\x04\x06\x13\x02US1\x180\x16\x06\x03U\x04\n\x13\x0fU.S. Government1\r0\v\x06\x03U\x04\v\x13\x04FPKI1!0\x1f\x06\x03U\x04\x03\x13\x18Federal Common Policy CA", "\xad\fzu\\\xe5\xf3\x98\xc4y\x98\x0e\xac(\xfd\x97\xf4\xe7\x02\xfc", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbI0hb\xf6X\xc0\xcc\xc4\xc8\xc4\xc4\xc4h`\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x9b\x95\xc1 Ґۀ\x93\x8d9\x94\x85M\x98)4\xd8P\xc2@\f\xc4\xe1\x12\xe6\x0f\xd5\v\xd6Sp\xcf/K-\xca\xcbM\xcd+1\xe45\xe0\x06\xc9p\v\xb3\xb8\x05x{\x1a*\x1aȃ\xb8\xcc\xc2\x12n\xa9)\xa9E\x899\n\xce\xf9\xb9\xb9\xf9y\n\x01\xf99\x99ɕ\nΎ\x06r⼆\x06\x86F\x06\x86\x86f&\xa6F\xe6Q\xe2\xbc\xc6\xc8\\ZZ\xddĨ\x84\xecQFV\x06\xe6&F~\x06\x83&F.\xa6&FF\x86\x1b\xa5\xbfM\xc5L\xa2\x1c\xf7G\xad\x8f1`\x11\x91Y[\xe1\xb2\xf5\x95ګ\xd2\xc4\xe3g\xcd*\u007f\xd4\xdcث\x19\x98\x16\xa9\xf8\xb8r\xf5\x95\x8a}\x1bt7,\xbc\xba\xc9TL\xf9\xc2\x19\xb9}|/V\xdf9|\xf2\x9a\xd0\xf5\xe5E\x19\x12\x86;ĕ6\xd9\xd5\xed\xe2\xc8=\xf6\xf7b\x84N\xe6\x02\xe6\x0fZ\x8b\xbf\xd9+\xaa\xda\xde\xdfnt\xb4O}\xb3\xf2\xd2\aA\x9bc\xa7\xbdܰ\xe3\xe8\xd1\xf9\xbb\x8f.\xc8kr\xd8}T\x9d\xd5\xcc\xf3\x9a\x9az&\x8fI\xffy\xf5*-\xaeŎ\xf1\xbd\xb2\xccm͢\x0fB\x0f\x1e\x9d\xa13\xef\x8dT\xd1\x1d\x8f\x83v?[.\xb54\x1d\x94>\\b\xb6}\xe7q3\xa3\xaa\x1fF\xdb.\x98\xadS\x920\xec\t(V\x9c\xf7\xaf\xd9ڠC\xe5\xf1˃u\xf7\xde\xce8.?I\xa0k~t\x92\xfe\xdc%{\xae\xb6\xe6[\xfd=\x19\xbc\\\xc1{\xd5m\x85Պ~\xb2\xbc~\xcff\xb4>]-\xe8\x1e;\xd7\xfe\x88\xf2\x81\xc7\"ly\xff\xe621320.nb40hb\xd41\xe0gc\x0e\x95\x15fd\xfc\xcf\xc2j\xc0\xcc\xc8\xf8ߠ\xf1%\x1b\x876\x1b#++;#7K\xe3\x1d\x83ƛ\x06\xf60\x11\x03\xd66㌒\x92\x02+}}\x10\xa5\x97V\x90\x9d\xa9\x97\x9e_\xa6\x9f\x96\\\x90\x9c\xa8\x9f\x9c\xe8\x9cZTR\xecY\\\\\x9a\x9a\xe2T\t\x16\xd4+0O6h\x9c\x8adBcGNJ\"\xc8\b\x10\x850\"9\xcf\x16\x1a\xa5\xaaF\x06\x90HU52\x80D+H\xc4Q'\xbf\xd4\x16\x94\x06t\xf2mA\x89D\xd5\xc8\x00\x91Lt\x92mC\x83\xed\x93\x1dA\xf6g\xa6e&'\x96\xa4Z'e\xe6%\x16U\xea$\x17\xe5\x17\x17#\x89\a$f\x16A\xe5\f\xf8@\x9e\xe7\ay\x9e\x85\x99\x89\x91\xcd@\x16\xc4\xe7c\x11c\x11Y\xcbSU\x1a\xf3\xf4\xf3\x8c#\x953\xf8\xd6h\xfc\x9d\xfe\xe59\xd3\x1f\xb4\xec\xc3\fJL\xfdŷ\x1e\xd67ll\xff\xf6F\xe7\xfcŖd\xb9o\x1f;\xb6\xcf\xfa$\xb8\xf5}\xc8ڮ<\ts\x8d\xf71\xd2O\xde\al\xcfQ\x93PV\xf2\x95UsWx\xc99\xe7QAR\xe1j\xc1\xf3\x13;_l\xfe\xaa\xb5\xc0\xfd\x80\xc8i?\xa7\x83wy\xf8\xa4?\xb4G\xbfyZ~}Ճ\x90\xeb\xae_Z\xed\xdel\x91\xbdW\xd3U\x1f\xed;gZׅEF\xf3o\xe5\x18\xf2\xfcX\xf2\xbe\xae\xf8\xc5\xc4;\x1cU\x05Q\v\xd6'5F\xfe`(Yt\xe2n\xc8)\xc70\xf7\xbd/\x0f\xf8\xbfU\xb8\xfbx)\xe7\xfdu\x1a\x87\xfe\\\xde\x19\xc0\x9c\xc8\xf4\xdf\xebͤ%wt\xdfi\x99Lf߮\xf3\\\xa2\x1f\x10\x00\x00\xff\xff\xe7\xdeN\x1ad\x04\x00\x00")) - p.addCertFuncNotDup("0B1\v0\t\x06\x03U\x04\x06\x13\x02US1\x160\x14\x06\x03U\x04\n\x13\rGeoTrust Inc.1\x1b0\x19\x06\x03U\x04\x03\x13\x12GeoTrust Global CA", "\xc0z\x98h\x8d\x89\xfb\xab\x05d\f\x11}\xaa}e\xb8\xca\xccN", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x0e1hb\xb2Y\xc0\xcc\xc4\xc8\xc4\xc4\xccd\x12f\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xc0ɐۀ\x93\x8d9\x94\x85M\x98)4\xd8P\xcc@\x04\xc4\xe1\x12\xe6uO\xcd\x0f)*-.Q\xf0\xccK\xd63\x946\x90\x04\x893\v\v\xc1\xc5\xdds\xf2\x93\x12s\x14\x9c\x1d\r\xe4\xc4y\r\x8c\fL\x8d\f\rL\f\f\f\f\xa2\xc4y\x8d\x90\xb9T\xb1\xa3\x89Q\t\xd9錬\f\xccM\x8c\xfc\f\x06M\x8c\\LM\x8c\x8c\f\xb7\xceH$\x1b\xfc\xfd\"\xae,\x15V\x17}\xdf&\xc7\xe2I\xe1\xf6\x8a\x89W\xf6,\xbc\xe1\xf3c\x85\xf36旾\x8a\xec\x1c\x1d\xb7\"\xf4\xd3,5\xf7\xb2Vtϵx\xc1\xba=\xab\xaepɳ#\t\xcb6\xbcoxҩ\xc1?O\xf5\xda\xdb\xe6\xcfk\x97M<>㤓\x84\xa9\xc8ܵ3\xdc&\xe9\xf9\x9f\xfa\xd8\xee|Plj\xb8n\xc0\xfbN݆\xaa\xf0\xb5\x9f\xde\xc5g_b\xe8\xdd)\xf2CD\xd4\xf4\xe6\x01\xb7\xc5\xd5E'&\xee?\x19\xaa}\xf6\xc2t\xbb9j)g\xee\x9fk\x96,<\xe5\xf7\xec\xca\xd5ꕒgC\xef\x9dxs)\xce\"\xf8i\x8c\u007f\x8f\xee\xbf\x00e\xb3?i\xcfN\xf7-\xb1\x94d\xd8>\x95\xc9r\"7\xdf?\v\xbd\x8b\xb2\xac\xb3\xbe\xf9\xda\xe5\xf3\xb3ˮב\xebO\xb0|\xf4\xcb,X\xd8\xf2J\x9c\x9a\xf6m\xdb\x15\"{\x8d^K0k\x04\xb1\x14>]ml\xfb\xd0b7\xbbYKҜ\xcaWb\x06_\xe2\x0fh\xbf(\xcc~\U00093259\x91\x81qq\xb0A\xa0\x01?\x1bs\xa8\xac0#\xe3\u007f\x16V\x03fF\xc6\xff\x06\xb2 \x01>\x161\x16\x91\x03U32z;\u007f\xaffM\xe1\x11\xac]U\x9b\xba\xe3\xd4\x19?\x03y\x90\xb42\x8b\x84\x81X\x03v\x05\xa8)\x86\x19\x14ڦ\x8f5\xb3\x9e\xeadž\xf4i\x06L\x99?SJ\xe4I\u007f\x85VҔE\xea\xe9\xf3.\x9c\x97\x8as\u007fypӒ\xf3w\x1d\xa5X\xfdf{\xbf\xf3\xca\x0f\rڬ\xb2М\xebuJ\x99\x96\x9e\xce\xe7\xbf֥\x13\xf6\xff*\xbcq\xdc\xd6\xfc\xd2V֩I;\x97\xdd\xeb\xb45\xab\xb6(\xf7\x98\xbef\x99B\xbf\u07b2\x93<\x876\xcdte8~N0PI\xe9\xc1\xd2W\xdbD=8S^\xc5\xf9\x97|g\xb5;\xde\x15\xc4s[t\xcb\xde\xdc\xd9O\x8fm\f\xc9X\xf98s¶YK\xf9w\xec\xb4W\xa8]\xe7\xb5uǜ'\xb2\xdbV?\x9b\xb2\xf4\xe0\xf1海\xbf\xaa\xb7\xf3\xb1\xe4\\\xfd\u007fwA\xec\xdb\xf6\xa0\xedڢL\xeb,\x97e\x95\xbc\xbcu\xe4\xf9\x1e_\x13\xb9\x951\xbe\xc6\xf1\x938\xf5;\xd2b˧\x1f\x97-\x13^y\xf5\xe9G1NAӫkn\xab\x14\x16\xe8\xcc\b\xe3\xbe)\xbe\xe5\xe2\xe3@\xed\xb8\xd2\x17W/\xdc\xf17y{\x885\xada\xe1\xe9gƀ\x00\x00\x00\xff\xfff\xf2b\xa8X\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\x981\v0\t\x06\x03U\x04\x06\x13\x02US1\x160\x14\x06\x03U\x04\n\x13\rGeoTrust Inc.1907\x06\x03U\x04\v\x130(c) 2007 GeoTrust Inc. - For authorized use only1604\x06\x03U\x04\x03\x13-GeoTrust Primary Certification Authority - G2", "\x15_5WQU\xfb%\xb2\xad\x03i\xfc\x01\xa3\xfa\xbe\x11U\xd5", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbZg\xd0\xc4d\xba\x80\x99\x89\x91\x89I\xc0f\xd3\x17\x0f.\x86G\xff^\xabX\xc7%\xd8\x1d\xce6\xe0b\xe3\xd0j\xf38g\xcb\xc2\xccl\xd08Ðۀ\x93\x8d9\x94\x85M\x98)4\xd8P\xcc@\x04\xc4\xe1\x12\xe6uO\xcd\x0f)*-.Q\xf0\xccK\xd63\xb440\a\x89s\v\x1bh$k*\x18\x19\x18\x98+\xa0(P\xd0Up\xcb/RH,-\xc9\xc8/ʬJMQ(-NU\xc8\xcf˩4430\x01ie\x16օ\xeb\b(\xca\xccM,\xaaTpN-*\xc9L\xcbLN,\xc9\xcc\xcfSp\x84h.\xa9T\xd0Up72\x90\x13\xe75074405\x00\x83(q^c\v\x03CC\v#cSKS˨\xc1\xec\xf42\x03\x016vp\x1831\xb2\xb1j7\xb20(1'1\xb0\x88n|\xf1\x97Y\xd4\xf9\xe9\x9a\xd7\xed\xe6\x82I\xef/5\x9b\x05պ\x86s{\xf5V\x87X[\xe5ŋ2\x1d\bXv^U\xbf\xf6\x94ǎ\xe3\x01\xc92Z\x8a\x1c5\xb3\xccnp\xff\xbb\xa8v4\xc2\xd0@C\xf5sl\xec\xe2\x1dۖn\x99\xf46Gg\xfe\xeb\xbbΝ\x8bl\xbc=&\xca\x06\xbcQ\xbb\u007f-Ao\xaf\xe2b'\x03\a\x03~6\xe6PYaF\xc6\xff,\xac\x06̌\x8c\xff\r\xf8@\x02\xfc \x01\x16f&F6\x03Y\x10\x9f\x8fE\x8cED4\xde4<0\xf4\xb7ꦵ̙\u007f\x18\x17\xff\xda'\x18z\x159u0\xa73\x18\xa40\x19\xa4L\x8b\\\xf6\x82\xf3^\xf7\xae_Q\x1d\x1d\x1f\xe4'^v[\xf1\xc9ˇ)\xf9wN\xbc\xc5m=\xc7\xc9+\xf9\x9eͽc(\xb3i\xc1r\t\x99ʇ\xc7͘\f\xac\xc2\xd6\xcf*\xc9\xf9\xf6\xbb\xf9\x81\xf1e\x8e\xf8\x85s\x0eE\xcfw\xbb\xb6\xed\xf4D\xb6\xe4Elύ\xd7حh\x14\xbapzׅI\xdc\xdb\xe6M[\xc5\xc2\xdf\x05\b\x00\x00\xff\xff\x9ao\xac\x89\xb2\x02\x00\x00")) - p.addCertFuncNotDup("0\x81\x981\v0\t\x06\x03U\x04\x06\x13\x02US1\x160\x14\x06\x03U\x04\n\x13\rGeoTrust Inc.1907\x06\x03U\x04\v\x130(c) 2008 GeoTrust Inc. - For authorized use only1604\x06\x03U\x04\x03\x13-GeoTrust Primary Certification Authority - G3", "\xc4yʎ\xa1N\x03\x1d\x1c\xdck\xdb1[\x94>?0\u007f-", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xfeg\xd0\xc4\xf4l\x013\x13#\x13\x93\x80蚼)\x92\x9b*\xbd\x1d\xbf\xa9\xaf<,\xc1/o\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x9b\x95\xc1\xa0q\x86!\xb7\x01'\x1bs(\v\x9b0Sh\xb0\xa1\x98\x81\b\x88\xc3%\xcc랚\x1fRTZ\\\xa2\xe0\x99\x97\xacghi`\x0e\x12\xe7\x166\xd0H\xd6T020\xb0P@Q\xa0\xa0\xab\xe0\x96_\xa4\x90XZ\x92\x91_\x94Y\x95\x9a\xa2PZ\x9c\xaa\x90\x9f\x97Sihf`\x02\xd2\xca,\xac\v\xd7\x11P\x94\x99\x9bXT\xa9\xe0\x9cZT\x92\x99\x96\x99\x9cX\x92\x99\x9f\xa7\xe0\b\xd1\\R\xa9\xa0\xab\xe0nl '\xcek`a`b`d\x00\x06Q\xe2\xbc\xc6\xe6\x86F\x06\x86FƦ\x96\xa6\x96Q\x83\xd9\xe9M\x8cJ\xc8\x01\xcd\xc8\xca\xc0\xdc\xc4\xc8\xcf`\xd0\xc4\xc8\xc5\xd4\xc4\xc8\xc8p\xe7Q\\R\x84\xacq\xb8\xa5\x91\xf1\xafק\xdb{\x96_\xf1\xba\xcb\xd6\xf1*\xa5\xcfp\xc6R\x8b\tr3\xce\xeb%k\u007fp\xdb㲩s\xe1\x01\r\x1e\xcf\x02ũ\xf3S\x0e,\x9b,Ĕ\xaa\xd6vli\xe7\x87_\xd7[\x16\x14\xac\xf7\x97\x9an\xcf\xe6r\xf5\xe4\xeb\"\x81\xda'\x86\x1a\xbfe\x12\x9fi\xb0\xbb\x14OR\xca\\\xceܑ37\xf9DЭ\x19\xea\xcf9|\n출\x14:x4\xbd9\xd6\xf83\xb3\xe0\x9b\xac\v\xc1\x8f.\xee2K\x98Ұ;19'Z\xbc\xee\xbe\xc3\x14\xb9ռ\x87\x145\n:\xfe_S\xcb\xc9I`Q\xf5\v\xad\xab}\xbf\u007f\x8aǽ\xed\xb2w\vzY\xe3;\x96\xce\xfet\xe8ݫ\x8b\x0e\x8e\xb9I\x16\xb2alG\x99\xdd\x03\x15$\xffT\vp\xf3%\xad+\v\xdd\x1f_\xbe\xcfΓ1\xd8v\x86*s\x99J\x94\xec\x96\u06dd\xaf*\x9fn\xdblm\xbf\xcbGñ\x9emMV\xdf\xc1\v\xdfXek\x9f9\xb5=^z՝\x89\x99\x91\x81q\xb1\x93\x81\x83\x01?\x1bs\xa8\xac0#\xe3\u007f\x16V\x03fF\xc6\xff\x06| \x01~\x90\x00\v3\x13#\x9b\x81,\x88\xcf\xc7\"\xc6\"r\xa4\xf2T\xdfB?fY\x99;ٷ\r\xa3\xa7\xd8\xd9\x1b\xd4\xeb\xa2%gfP\xe0\xea\x1e\x15>\x1f\xd6P]U\xb1w\xfe:\x9d\x99\xcf\xdfߺ?%\x8e3s\xf9\U000fc31e\xbdE\xfb\xdcW\xf2M\x17\xda\xe1\xf51\xe5\xb2\xe5}U\x93+\a\xcf\xfa5~\xe0g9\xa2\xb2\xd9dڱe\xab\f\xeeg$\x16_\xff\xd9\xd7\xda\xf9\x9e/n\xaa\x86\x97\x96z\xbf@\x9f^M\xdb\x11\xa6y\xb7x\xcaS\xf9\\x'\xfd\xfd\xbbY\xcc\xec\x97 \xafl\x0f\x1f{g\x96f\xd8\xf7\xa2/wE甛\xa6\x85\xaf\x16\x0e\xbe\xd1w\xd0\xe1\xe8ua\xb1\xa8\xa2\xe3\xdb3\x19\x8fTmlf̨\xedu\\8E\xe2\xa0j̟\x0f\xff\x9a\x99\xdakxy\xcf\xebq\xc4x9\xf0ڽiL|\xa6r\xfb\xd4\x03>]\xf6Mvawz\xbf:\xb6\xb2{\xcc\xe6\xe1>\xedi_\xfbf\xfb\xdfӽ\xe9\x9dR\xab\xdf\xee\x96[\xcc\xc0\xc1!\xae\xd5\x14c\x18\xeb֥\xcb\xdf6\xbb\xe4\xa6\xeb\xef+\x0e\x1b\xabVe\xe8\xb6m\x9a\xa9\xf4\xf0\xa0\xf6\xf19?>ǯh\x12z-)\xa8\v\b\x00\x00\xff\xff_kj\xe0\x02\x04\x00\x00")) - p.addCertFuncNotDup("0X1\v0\t\x06\x03U\x04\x06\x13\x02US1\x160\x14\x06\x03U\x04\n\x13\rGeoTrust Inc.110/\x06\x03U\x04\x03\x13(GeoTrust Primary Certification Authority", ",\xd5PA\x97\x15\x8b\xf0\x8f6a[J\xfbkٙ\xc93\x92", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xae1hbJY\xc0\xcc\xc4\xc8\xc4$ \xb1fk\xd6\xdf\xccm\xa2V\xc99\xebo\xfd:\xb2Ѐ\x97\x8dS\xabͣ\xed;/##++\x83A\x84!\xb7\x01'\x1bs(\v\x9b0Sh\xb0\xa1\x98\x81\b\x88\xc3%\xcc랚\x1fRTZ\\\xa2\xe0\x99\x97\xacghh\xa0\x0f\x12g\x16ր\x8b\a\x14e\xe6&\x16U*8\xa7\x16\x95d\xa6e&'\x96d\xe6\xe7)8\x96\x96d\xe4\x17e\x96T\x1aȉ\xf3\x1a\x98\x19\x1a\x1a\x99\x1b\x80A\x948\xaf\xb1\x99\x81\xb9\xa1\x99\x91\xb1\xa9\xa5\xa9e\x14\rmnbTB\xf6&#+\x03s\x13#?\x83A\x13#\x17S\x13##þ\x1d\xa2\xd5\xff\xaf\xd4Ԧ\xafmN\xa9>\xe1\x14\xac{\xff[\v\x87B\xe25\xc6Ȭ9.\x82\xebߗ\xfd\x9dZw.\xd1`wUs<\xd3^ƴS\xefD{\xf3\x17\x1a\xccٻ\xb0u\xde\x14\xab\xcfa\x1d\f\x86\xe7o\xbc˚\xc6t\xf3-s\xcf\xef\xd2\xdc\xe7\xafv\x84\x8a\xb1\x8a\xcd\xfa\xf2 ncǁ\x94\xd6\x18Qߎ\xe3\xdbw=(}\xb9\x96\xd5v\xee\xf1N\x8f\a\xbb5N0?4\x98\x9c\x12\x17t \xb2@\xc94\xbc\xa3\xeb\xe3T\xae\xe6\xeb{\f\x8b\x19M\u07bew+|\x90ʹ´({\xfa\xec\xb4\a\xa7e*\xe3oH\xb1dȹ3=\x9b\x9b\xf0\xc8l:\xe3\xfds\xa6\x93\xee\xefK?\x9e[\x1ei\xdd?\xf7\xda\x04\xd1){\x9cL\x04\x0eZ\xfeܨnWw\xad\xab\xf4\xe8\xa6\xf5\xd3./\xba7\xfbɌ}\xb5\x0f_6\xaeݖ\xff\xe7:߭\a&\x1bx\xa5ʟ?\xe6\x98\xf1>\xe2ל\x96\xedf\xeb\x0f\xdd_s\xe9\x8b\x00[A\xa1)\x133#\x03\xe3b'\x03\a\x03~6\xe6PYaF\xc6\xff,\xac\x06̌\x8c\xff\r\xf8@\x02\xfc \x01\x16f&F6\x03Y\x10\x9f\x8fE\x8cED\xe7j\x80\xe3t\xd1\xee\x0f\xfdf\x89\xd1^\xbf\xb3o\xce8-\x98\xca\x1e\x97{\xf6\x8c\xf7\x12\xd7\xde\xd5B/6ߋz\xba\xa0\xe6\x05\xbf\x92l\xd4\xcbH@\x00\x00\x00\xff\xff\x19\xa6+\x85\x80\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\xac1\v0\t\x06\x03U\x04\x06\x13\x02EU1C0A\x06\x03U\x04\a\x13:Madrid (see current address at www.camerfirma.com/address)1\x120\x10\x06\x03U\x04\x05\x13\tA827432871\x1b0\x19\x06\x03U\x04\n\x13\x12AC Camerfirma S.A.1'0%\x06\x03U\x04\x03\x13\x1eGlobal Chambersign Root - 2008", "\xb9\tʜ\x1e\xdb\xd3l:k\xae\xedT\xf1[\x93\x065.^", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xf74hb5\\\xc0\xcc\xc4\xc8\xc4\xc4\xc9p\xf2\xec\xe5\x97Wk\x95\xcf\x19\xf0\xb2qj\xb5y\xb4}\xe7eddee0h\\c\xc8m\xc0\xc9\xc6\x1c\xca\xc2&\xcc\xe4\x1aj\xe8l\xe0\b\xe2\xb0\v[\xf9&\xa6\x14e\xa6(h\x14\xa7\xa6*$\x97\x16\x15\xa5\xe6\x95($\xa6\xa4\x14\xa5\x16\x17+$\x96(\x94\x97\x97\xeb%'\xe6\xa6\x16\xa5e\x16\xe5&\xea%\xe7\xe7\xeaCe5\r\x85\f\x04@\x86\xb0\ns:Z\x18\x99\x9b\x18\x1bY\x98\x1bJ\x1bH\x82ĸ\x84\x85\x1c\x9d\x15\x9c\xe1\x1a\x15\x82\xf5\x1c\xf5\f\xd5\rTA\x92\xcc\xc2r\xee9\xf9I\x899\n\xce\x19\x89\xb9I\xa9Eř\xe9y\nA\xf9\xf9%\n\xba\nF\x06\x06\x16\x06r\xe2\xbc\x06\x16\x06\x16\x06\x86\x86FƆ&\x06Q\xe2\xbc\xc6\x16\x06\xe6\xc60\xeeP\xf3N\x13\x93\x12r\x840\xb22071\xf13\x1841q15112\x1c\xb8\x1fv\xf9\x89\xd5\xec2\xd7-·\xff\x1f\xdc&\xd9m\xee(15\xc8\xfd\xb5\xf8\\͎>\xd3\x1c6#=\xf7\xa4Ϟ,\xfbk]\xcc6\x16\x9e\xd9\x1b\xc5Y|\xf5f\xab\xcb\xff\x89\xe1\xaa\xf7\xe3\xcc\xfa\n.\xc6\x14:\xcb\u07bc\xf5>\xe6\xd2o\xe9\xbdV[O\xaf]|\xc6e9\xef:EQ\xfb\x9dUѓJo,\x11\xb2\xe8\x94\xec\xda\xdep\xe9\x91Q~\u061c\x89\xd7:\x04\xb87\x97\xa4L*I\xf8\xfc\xed\xbc\x84\u007f\xc2&\xe5\vǭ\xcf%z\xcf\xec?\xc4s\xc1aӌ;\xbc+\xfc\x16\xef\xe4Z\x97\xb0`\xadkP\U000aed3d\x19\x0f~\xee\x93ZѸ[α\xa2\xf4\xf2\xc1\u007f\f\xa1\x1b\xdaC^\xa8O0\x95\xf51^;\xfd\xcft\xbd\x19-\xfbuN.\xde\u007fq\x86\xa0\xc8\xdb\xe4\x1f\xa7ftD\x88\xcf|\xeb\xca<\xbdΦM\xae\xa3gߧ\x89-\xfd\xa9&7\x18|j\xb7\x1b\x8aGiVqI\xa8\x18,6\xdfZ\xb5\x92\xb1V\xed\xdaO\xbe\xbeȏ\u007f\xa5\x8d\xb7jZ\x8b[;nS\xbc{\xe5\x80\xed\xd2\xf9\xf3\xe5\x9d\x03N\xeeޓS5}ƻ\xb3=\xf2\xbf\xe7\x04\xae\xeb.ث>\xbf\xf0@\xf6\x9a\xda\ti/\xae\xc7Z\xf1n\xb8z\xa8\xf7ꉹs\x0f\xe6^\xb8\xb0?\xf0\xc9\xe3\x1f\x87-\xcc\xd6][^\xfal}\x8bs\xec\xe4I\xf2\xe6\xf63i\xdd3\x8248\x99\xee\x1f\xd5o魚^\xbe\xff\x8d\xc3\\բ\xd5[\xed\x8df\xfc\u07be\xfdOQ\xcbS\xd3\xf6\x9f\xa1\xbf\x16\xcb\xf3\xe5\xebi\xdc\xcd\\p\xd3I\xe0؏\xad.\x87.8\xd7\xdf\xde\xf3d\x91MVh\x05W\xf9\xca\x1b\xaf$\x8d\xb6\xeb\xff\x8b\xb1\x97~\xb7qƛSk\xab2]\x1fO\xe3\x0f\xfd\xf6\xecm\xe9\xab\xd4\x17Fa\x93\xdd:W\xa8v\xa5\xb2\xbd\xcb\xde_\xc9~\xe1\xe3\xf6\xf5ou|'\xed>\xb0\"~yz-\xcb'Q\x8e\x825\x93\xaeղ\\2\xfe\xed\xb3\x8d\x9b\xfb\xb7\xd4\xc9#\xbd\xcc+\xebb>\x05\xac\x16Z\xba\xf0\xbcG\xc0\xd2\xf7\x97NH\t\xff\xdaP\xbf\xb1I\xa6<\x8b?\xfe\x0e\xf7\xd4\xfe\xf7\xceu\xcf\\9U\x99\x18\x99\x1771\x06\x1841\xfa\x18\b\xb11\x87\xca\n32\xfeg\xe10`cd\xfc\xcf\xc4\xc8c`\x0f\x12\x93g\xb10030Y`\xb4\xc0\xa0M\x0f\x1a\x1d\xc9E9\xe8ѡ\x8f\xc4/\xca\xcf/\xd1K.\xca1\x90\x05\x19\xc0\xc7\"\xc6\"\xe2<\xc7l\xfe\x86y\x06\xbe\xc7\xceů\x15X\xfd\x94y鯕\"\x06| i~\x90\x9d,\xccL\x8cl\x06\x82l\x9c\tm\x1e\x8cm?\x9c\x18\x19AB\f\xec\x06Z %\x82,\xca\x06\x8a\x8d\xf2h68\xa0\xb9\x00\xa2V\x888\xb5\xd1 \xb5\n,!\x06A\x06\x01l\xdc\xdal\x8c,\x8c\x8d\xedz\\\x8c\x8c\x06\x8e\x06\xf6l\x1c\xdal\x8c\xac\xac\xecL\x8cb\xc60\x1f\x17\x14c\xfa\xb8\xa0\x18\xc3\xd7\x19%\xb99h\x99\x94\x19\x94\xd4l\xac\v&\xfed\tQ\x9f\xf8\xf0\xed\xdb\u007f\x19\xf5\x89\xb1O\x1dS\xfd\x8d>J\xb0Nɒ\xb9'_pۮڈ\xc9d+O\xce®\x9a\xa5_\xfa\xff_\xb9\xb1V\xfc\xaa.\xcbE\xfb\x88\x86G\x8d\x91\x1d\xfb\x0eȽjj\xd0\x17\xe7\\\xfc\xc9\xf1\xe5լǛ:\xad\xc2,-\xf2\xd9l:2\xa3\xb5|\x8f.\x0fّ\xd3yf\xf6O\x9bSO\xffv~\x15\xb2\x99T1\xedڝ\x92\xbc\xc9.\x89\x17{\x8f\xbbm*\xe5k{!\xd9u57\xe7j\x85\xd8\xd4E/OpY\xbc\xfe\xa4\"\xec_\x1c2Y\xb8\xd5Jz\x8f\x9c\xc9\xd6n֞\x9d\xe5\xdd\x1bo\xcb+L\\\xcd\x19\x9c7\xe1\\\xb5y\xc9\xce\x02\xf7\x89J\x81\xc9b\x95\xeb6\xaesT\xe38!\xa9}\xd1m\x95ǵ\x14\xad\xeb\xcd&\xffu\xb4\x0e\xe6H:{\xb1\xb7>\xbf\\\xf3M1\xe3\xfd\xabOA\xf3\xeb'O8\xcf\xc4\xcc\xc8\xc0\xb8\xd8\xc9\xc0\x01\x1c\xac\xb2\xfc\x8c\x8c\xffYX\x98\x99\x18\xd9\f\xf8A|a\x10\x9fՀ\x99\x91\xf1\xbf\x81,H\x80\x8fE\x8cE$\xa1:Mʕw\xfa\xa9\xce\x00\xfdZ\x96\xb3&+\xfe\xff\xf9덖\x94\x98A\x81{\xad\xf8y\x8d\u007fم\xde\xfdov-\xdagrT\xc3hk͟\x9c9:\xda{9\xe7\x05\xefώ[%\xe8\xb1\xed)\xc7\xe2ͧl\x13}/\xbbqn\xb6;\xbc\xe0qr\xa8\xf4\xa7]\xef\xd7Z>t\xdei\xb1\xf8\x99~\x97\x9a\xf5\xfb\x05\x01a?\x8fq\xfd\xb58{\x84\xbb p\xca\xf4\x19,\xf7\x0f\xc7O\xb9*zR\xc4qΑ\xd8\xd2\x14Q\xde\xff\xa1\x06o\xda\xfa\xff\xf3\xbe\xd7ٙ\xec\xf6m՟\xfb{2\xff\xea\ty\xa4\xccz0\xf5ò\xf7\x9a\xfd\x8c\x1bE\xb7\xf2\xc8.\xfd\x97\xa9\x93\xa9R!\xb7y\xb9LaһS'\xa6\xaf\x11\x8f\xed:\xf4ý-O\xebH\x98\xe1\xd4\v靭\xda?s\x96ź\xcd\xe5Y\xd5\xf4df\xe0݂\xed\xb7\xc3l\x13\x9fd=\x8c\xb9\xf6\xed\x9f\xed=\xc73\xec뒃\xf6\a\a\u007f\xd1~y\xfc\xef\xb6\xefM\xf1\xad\x97\x1c%n7nf\x919*\xbf\xa4!_T\xe1\xe4=\x9e\x0e.\xd9ki\xa1\x8f\xfex\x9c\xd4T\xcb|\x00\b\x00\x00\xff\xff\x03\xbb&\xe5y\x03\x00\x00")) - p.addCertFuncNotDup("0P1$0\"\x06\x03U\x04\v\x13\x1bGlobalSign ECC Root CA - R41\x130\x11\x06\x03U\x04\n\x13\nGlobalSign1\x130\x11\x06\x03U\x04\x03\x13\nGlobalSign", "T\xb0{\xadE\xb8\xe2@\u007f\xfb\nn\xfb\xbe3\xc9<\xa3\x84\xd5", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb|h\xd0\xc4ؾ\x80\x99\x89\x91\x89IP\xcbb\x89\xcc4.\x96{N\x9b4\x96r\xbf0\x99\xc1d\xc0\xc5ơ\xd5\xe6qΖ\x85\x99\xc9 \xc0P\xc5@\x89\x8d9\x94\x85[X\xda='?)1'83=O\xc1\xd5\xd9Y!(?\xbfD\xc1\xd9QAW!\xc8\xc4P\xd8@\x10\xa4\x8aK\x98\v\xa1\n&Ȍ,h '\xcekhdhhhl\x00\x06Q\xe2\xbc\xc6\x16\x06\x86\x86\x96\x06Ɔ&\x06\xe6Q4\xb01\xd2@\x98\x8d\x1d\xec#&F\xa8ט\x19ٙ\x9d\x18Xv\x1c\xab\xbcܟ\xa3\xca7_\xcfRR\x86yɺYO-\xd99\xc5N%o\xdc\xd9\xf6\xa3+\xfc`\xf89\xa7_\xc5\v\xbf\xa7:\xfd\x97;Ȱ)\xaf\x98\xef\xffqŧ\x12KV\xdd,\xb4_qe\xe7\xb9\x1e\xd9\xc5N\x06\x0e\x06|l̡\xb2\xfc\x8c\x8c\xffYX\x98\x99\x18\xd9\f\xf8A|a\x10\x9fՀ\x99\x91\xf1\xbf\x81,H\x80\x8fE\x8cE$dC\xf5Z\xd7\x1d\x8f\x1c\xea\u007fs\xe5\xfd\xdeg|\xd2fq\xcbU\xe4\xe0f\xf6`0peRd\xb83i\xe1\x02\xe1e\xe7\x997<;\xa28}\xc2/\x91p]\xe67\xefl.\xe7\x9dZ\x91S\xb6gѽ\xddL\n\xea+Z\xd5Mg\x87\x1d[\xfc\xc9\xfd\xd2\xf66\xe6PY~F\xc6\xff,,\xccL\x8cl\x06\xfc \xbe0\x88\xcfj\xc0\xcc\xc8\xf8\xdf@\x16$\xc0\xc7\"\xc6\"b\xfbL\xd3c\xf6+\xf6S\x8a.^j\xf7\xf2\xee]j\xbe0?\x129.\x983\x18\fR\x99\f\x19\x9ef\n\x9d̻}\xccp\x17\xa7\xe3\xc3\xe9?~\xff\x9d\xf5\xa8V\xe8\xe4ۚ\x94˧YU\xbb\xc3n.x\x1e\x17\xeb\xc7\xdd<'\xbaLs\x01\xa7\x9abV\x12\x93Aᥭ\xfd1\xaf\xac\x1fVp\xb6\xae(\x9dd}\"\xe6\xaf\xc7{\xde\x12\xa5\x15\x1c\x8f\xf2\x8ez\x9e;γgyb\xe6\xc7\xef\xd6\x0f\xb5N\xff\xd4\xfe\x9c6\xc1\x1c\x10\x00\x00\xff\xff*\xd7\xcb%\"\x02\x00\x00")) - p.addCertFuncNotDup("0L1 0\x1e\x06\x03U\x04\v\x13\x17GlobalSign Root CA - R21\x130\x11\x06\x03U\x04\n\x13\nGlobalSign1\x130\x11\x06\x03U\x04\x03\x13\nGlobalSign", "\x9b\xe2\aWg\x1c\x1e\xc0j\x06\xdeY\xb4\x9a-\xdf\xdc\x19\x86.", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xdee\xd0Ĵh\x013\x13#\x13\x137\v\x03\x03\x03\x03#\u007f\x9b\xda3^\x03^6N\xad6\x8f\xb6,\x8c\xac\xac\f\x06>\x86\n\x06rl̡,\xdc\xc2\xe2\xee9\xf9I\x899\xc1\x99\xe9y\nA\xf9\xf9%\nΎ\n\xba\nAF\x86\xc2\x06\x82 \x15\\\xc2\\\b\x150AfdA\x039q^\x033C#CS\x03\v\x03\x03\x03\x83(q^#C$.\x95mkbTB\xf6\x0e#+\x03s\x13#?\x83A\x13#\x17S\x13##ò\xf3*|\xfb\xf4\xf25f\xba:\x1dYm\xa7\x182\x9b\xfbr}K\xc1/\xa1ͧ\xf7\xb7\xc7\x1f\xabo\xbb\xbc\xc9 \xe6\xdaߵ\x1f\xab\xef<\xfd\x910\x8ds\x92\xc0\xd7\v\xc1\xf7~W\xd7\x15w\xac\t\xea\xa8\xf6Zv\xcasY܊\xe5=Q\x82{\xaa\x9a^\xef\xeby\xb9y\xcd4U\xf6\xe9^3\xb5\xd8\xf5\xb7ȕ\xef\xef\xe2\xdf\xcaT#=m\xc7ѝV:{\xae\t\xed|\x1dY\xfb\xe8\x02[[|\x9cg\xd6V˸\x0e\x937{*x8f\xb4\xe4\xac8\xeb\xbdeA-O\xa5\xef\x87\x1d\xba\xa7\x15O]͉\xae}\xb8@\xb3e\xe1\xcf\xcbS\xbe\xa9k.K\xbc\xcai=\xef\x87\tMn\x0f\x83V\xf34\xba\x17\xe4\xdcM\xb9\xf8\xfa\xab\xceb\xfe&[\x1e\xeduӯo\x13i\x13\xa8\xdcm-\xdcP\xde\xc3\xf1\xd0\xf3RV\x92\xbe|ܯi\x19\xf7;էZ\xccg\xbbnw\xf2\xb4Z$o\xf1\xbd\r'^\xaa\xf15\x8b\x1e{\x1f\xdd}\x89%\xe1\x94\xe72\x8do\x99\xd6\xdfN\x9fИ\xf8tnWb\xb8\xf9\x9a\x12\x91;%\x0f\xac\xde\x15\xe9\xeb\xcd\xf9}a\xf7\xfe\xaf\xb6\f\x0fٌ_4i\xaf\v^f%V\xdcsבO\xc1\xea\xc0\x96\xe5\v_n\xf2\x9f\xa0g\x94\xf02\xfc\xf4N\x96I\x19\x19O-\xd4\x12J7\xcd/\xff?Q\xe4\xfd:\x05\xcf?k\x1dD=.2\x19&J\xc6\xed\x98\xfe~m\xf9\xf6\x94YU\xfb\xe3\x0f\n\xbf\x9f\x9d\xf4\x9b7\xe7AH\xa6\xd8J\xe6[y/\x9b'\x17\x96\x1d\xcblm\x12gbfd`\\\xecd\xe0`\xc0\xc7\xc6\x1c*\xcb\xcf\xc8\xf8\x9f\x85\x85\x99\x89\x91̀\x1f\xc4\x17\x06\xf1Y\r\x98\x19\x19\xff\x1bȂ\x04\xf8X\xc4XD\xfa?xׯ\xd0sUY\xe7\x1b\xf0+yV\xf7\xbdGw\xa5\xf7\xa0%\x1afP\xe0z;\xdc>\x10\xb0\xea\xdf\t\x9e\xf7ߧ\x85\xb8z\xee\x9e\xc6\xc0\xe9\xb8f\xb3p[\x9b\x06\xbb\xf1\xa9\xecg%;w1\xe8\xae[\xc2u\xf9\xebǏ\xfc]\xfb\x8bӽ\x9a\x8f\xbbTW\xa6\xfbD%g\xe7\x94\xe4\xdfw\x823\xd2\xc3\xec\x9aw\x9c7U<|2\xe3߹[\x87\x82W\x9d\x99\xd0\xf5\xf2C\xac[\xcfԻU\x11\x1aR\xfa\xb2\xf7\xce2\x98;\xf6\xbfuɽ\x1e\xac1\xbd\xees:\x8b\x9c\xe8\xf5\xaei[.\xdf\xf3Q_\xe2#]\\\\\xf6E|\xe6!\xf9*\xbeǺ\x1ck\xb9dt\xfe۬\x0e\xe5\xe3\x9fXg\xf6\xfap\xb8羇z\xba5\t݇\x1d\x03\x85\x95\xe7\x9e\xfbn\x94=\x85q\xc5\xcc\xe7:\xc6\xf2V֪\x97\xda\x1c\xceY\xeb\xb4U\x9cL\xd4\x17\xd9\xf5\xeevh\xfe\xfd\x96w\xac\x9c\xbe{5n\x14\x9d\xbb\x9c\x14\x90*\xf7z\xd2\xf4fÛ\x9b\xb7\x9er\x8f\xb0\x8f\a\x04\x00\x00\xff\xffǼ\xb6Vc\x03\x00\x00")) - p.addCertFuncNotDup("0c1\v0\t\x06\x03U\x04\x06\x13\x02US1!0\x1f\x06\x03U\x04\n\x13\x18The Go Daddy Group, Inc.110/\x06\x03U\x04\v\x13(Go Daddy Class 2 Certification Authority", "\xd2İґ\xd4L\x11q\xb3a\xcb=\xa1\xfeݨj\xd4\xe3", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hba0hbz\xb1\x80\x99\x89\x91\x89\x89\x91\xc1\x80\x97\x8dS\xabͣ\xed;/##++\x83A\xb2!\xb7\x01'\x1bs(\v\x9b0Sh\xb0\xa1\xa2\x81<\x88\xc3%,\x11\x92\x91\xaa\xe0\x9e\xaf\xe0\x92\x98\x92R\xa9\xe0^\x94_Z\xa0\xa3\xe0\x99\x97\xacghh\xa0\x0fR\xc2-\xac\x01\x97v\xceI,.V0RpN-*\xc9L\xcbLN,\xc9\xcc\xcfSp,-\xc9\xc8/\xca,\xa94\x90\x13\xe750103\xb2447032\x88\x12\xe75F\xe6\xd2\xc7\x11M\x8c\nȞgde`nb\xe4e0hb\xe4`jbdd\xb87\xf7\xfa\xabp\tυѯ\xaf\xc7{\xb4\xbd\xdaw\xf7\xff\x93\xf7\xe92_R36\x87\x17.\x88+\xdf\xfdv\xb6\xe7˂\x06\xdb0\x89d\x8e\xfc[\x9f\xce\\\xb0\xafg\nQ\n\x11\xb8\xb1\xa9\xf1ʁR[\xef\xfa\xe3\xe5\x87\xed*VK1oU\xc8\xd6\xcf\xd2\xdex\xb4\xa3\xee\xc8n\xb9\r\ao\xb8\xaa\xe7\xaf2\x8f\xf8ޮv\xfd\x86\uedd5\xe2\xdb\xe5\x8b\xcc\xfc\x96\x89ۧΘt[+/vѿ\x8e\a\xdc\xf7\xea\x9f\xf6\x8a>|}\xda\xea\xea#\xa1Eº7\xfa\xd6\xc7\v\xd9.\xe0`\xe5\xd8\x16\xb34Ղ\xc5u\xa6\xdc℄\x92\xa3\x8eK\x8b\x92\xa4\x93\x8e\xca\xe7\xc7K9\xedc\nL]\xb1NY\"\xebO\x05\xf3J\xdf\xfa\x86ÿVG\xfdY\xe8\xb0䔤ؿM'\xde\xc7\x15\xf3\xbe+\xdf;\xeb[\xe5\x8c=\x1b\xd9\xd3\x17\x89\xf2\xde]\x10q̥\x9a\xcb.I#~\x97#{p\xc4y\xc1:\x8b\x92\xa3?\xfeo͜\xd0\xdfR\xf2j\xba\xf4z&F\xe6ō\a\f\x1a\xf7\x1aȲ1\x87\xca\U000b1231\x88\\:\xb2\xe1\xd2\xc4+>\x82\x85\x9b\x13O\xdb.\xfcwwE֕\xc7\x06\x8d\xbd ye\x96\xc6V\x83Ʀ\x06\xacj\x16\xa6/I\xa5K\xac612\x18\xf0\x80\x9c#\xcc\xc2j\xc0\xcc\xc8\xf8\x1f-}3\x83b\xd6\xc8\xfb\xf3\xa6Sv\x13\xff\b\x1d[\xc8\xde\xd3W\xbe\xc0\x98M$f\x82\x9c\xc4w\x8ee\xb6\\\x92?\xdb\x1b\x04\xf32\x9fL\x137\xf8o21\xb9\xc8\xe2\xdd\x19\x19\xc6ŲS4\x96\x18~\xab:\x12r\xfd\xdbS\xc3\b\xe6Eg\xce%ݞ\xe2Z\xbcu\xbf\xebI\x95\xadW\x9b\x98\xd6*Wf\xf6\xee\xd8\xe6{\xee\xbc\xcf)c\xe5\x172\x1d\xab\xe6v;扝Tx\xda9\xef\xac\xf5\xad\x82\xefu3\xd5\x14DBTW\xe7\x15\xb7>\x9b\xad8\x97+\xa7\x89oŏC<\xbf\x04\xe4r\xa6\xbdo\xe7=\u009fؽ\xf6]\xb3\xf6\xd4\x1f}\x93Z\x8a,_+\xbcj~\xdb|vz\x1eǞ\xd7~jۊ\xb5\x9f\\\xfe\xe6\xf3O\xad\xf0Q\xa2`\x89\xd7\xffp\xa9v\xfeR\x0f\xbd\xf3\x81\x99\xe2\v\x98\x84\x12\xa7^\xbd\xe8\xb0I\xc0\xe7ݑ5\x02\xce˖\xce\xe3\xba:5i\x16\xef\xf9\x8e\xa6\xa3F㝯1g\xe3N\xad\xa8\xf0\xb5\xe6\xfc\xebe\xebo\xef\x9d\x0f\b\x00\x00\xff\xff\xc5\xe5\x98\xcc\x04\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\x831\v0\t\x06\x03U\x04\x06\x13\x02US1\x100\x0e\x06\x03U\x04\b\x13\aArizona1\x130\x11\x06\x03U\x04\a\x13\nScottsdale1\x1a0\x18\x06\x03U\x04\n\x13\x11GoDaddy.com, Inc.110/\x06\x03U\x04\x03\x13(Go Daddy Root Certificate Authority - G2", ":\x9a\x85\a\x10g(\xb6\xef\xf6\xbd\x05An \xc1\x94\xda\x0f\xde", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb>j\xd0Ĵv\x013\x13#\x13\x13#\x83\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x83\xc6fCn\x03N6\xe6P\x166a\xa6\xd0`C\x01\x03>\x10\x87C\x98ݱ(\xb3*?/\xd1P\xd8@\x10$\xc2.\xcc\x15\x9c\x9c_RR\x9c\x92\x98\x93j(e \x01\x12\xe4\x12\x16t\xcfwILI\xa9\xd4K\xce\xcf\xd5Q\xf0\xccK\xd6344\xd0\a\xc91\vk\xb8\xe7+\x80%\x15\x82\xf2\xf3K\x14\x9cS\x8bJ2\xd32\x93\x13KR\x15\x1cKK2\xf2\x8b2K*\x15t\x15܍\f\xe4\xc4y\r,\r,\r\f\r\xc0 J\x9c\xd7\xd8\xdc\xd0\xc8\xd8\xd0\xc8\xd8\xd4\xd2\xd42j\x90\xb8\xb2\x89Q\t9\xf8\x18Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x19\xf6\x17&q|\xfc\x15i\xf2]\xfa\xa4\xc4\xe2\xef\r\x9e\x11/\x95\x9a\x85\x97\x1dUpf\xb4n\xf9\xf8\xac\xd5s\xbe\xfa\xabo-\xd2~\v\xb6\xdc.\x98q܈q#\xab\x1d\xbb\u07fb/\xbf\xfc\xf5#\r\x94\x9e\xaf\x96\f\xcb~\xd4\xc0\xfe\xe7\xb3Xi\x83e`\xf5ӟ\xa6\xdbJ\xfcV\xf66\t?\xd9f\xbf\x92\xb9\xf9ע}]\xa2Y\xf5\xf7\xb8\x0fo\x93\x14a=\xf5\xea\xf0\n\x96)\xd6n5F\xbc\x9f\x19ҔN\xf4f\xe6\x9a\xf5\bJl\xbf\xbcI&a\x8b\xc5/\xa6\x9es\x97ﺱ\xdf\xe3\xb2{\x1d[s\xa2\xe6\xf7\x06\xed\xe0%\x93\x922\x03UY\x13\xa5\\\x1a{tV:OS\xbe\xbfƪq\x16\x9f\xe6Q\x99\x95/c\xe5\xb6͛g\xc0ey\xeecG\xc3o\xef\xd83FoZ\x93\x9cUM\x98\xc2\xd4\x19'n\xb1.в\xcf\xdb\xf8bN\ac\xed\xfc+?o\a\xe7&\xccݯ\xf3\xde\xf2\xe9\xa3\xd2]G\xcb$\x8c\xcf\xe9|\xd0\xf7Y\xfb}\xe3\xf3s\xfe+\x8e\xcc\xf6\na;Z_{\x95\x83\xff\x91̿:\xf1\x1dk\xe2\xbe]\x11\xdb\xe4\xcc\xc9\xe3\xfbmy\xf6\x96\x99-\xa9\xa7\xaa:\x1e=r\xd9\x17\xf3\xfd\x95\xccW@\x00\x00\x00\xff\xff\xe1Ͷ\f\xc9\x03\x00\x00")) - p.addCertFuncNotDup("0?1\v0\t\x06\x03U\x04\x06\x13\x02TW100.\x06\x03U\x04\n\f'Government Root Certification Authority", "\xd5g\x1d\xe0\x9cz,\x9c\xcbŘ\xe7\x1d\a&*\x86\xect\xcd", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff\xa4Si8\x94\t\x00\x9e\uf6cb\xc9|#D%\x12\x1e\xe3h\xf4\x8d+#\xa3\xc3F\xa8q\xa7\xb5Ε\x8a2\x13&\xd1\">\x9e\x91\\;V\r\x19\r\x89t`\xa5\x1d\xcaѮ.\xe3Hl&\xab\x95k\xd08\xb6%\r1\xcc>\xfe\xed\xb3\u007f\xf7\xe7{<\xcf\xfb\xfex_\x18\xc1\xba\xc1\bڲ\x14\r\x02 \xb8\x19%t\xbb\x82\x1f3\xf8\xab=@\xad\xba\x12\u0095-\xc0D\x9c\xb2)\xe7\bg\x89\b\x00\x9b\xb0(x?u\x13\xac\x8cC\xfbbpꠏ\x1f\x15\x86\xcd7\x00A\x85\xec̊\v\x8faF\x853\xd9z^,\x16[\xcf1<\x86\x1dq*\",\x94\x1d\xc1b\xea\x1d\xbc\xc0>Ê\x89`'\xc0\xbaZD\xaa\x05L\xb3\xb0\x85m\xadm\xad\xa9\xfeZD˽T\vK*\xd5ښfM\xf3\xff\xff\x01\b\xa8\xff\xef\xd2\x00\x16\x85F@\x12\nF@\x02\x88\x80\x00J\xa8\xe0٧\xb6\x02'\fɵ\xb9\x80\x998&\x1f\xb6\xd0\x0e.N|\xfb\xf6\xf2Dz\x90X\xd8O\x15\xb5\xe2q\xddp\xddc2\xdb\xeeZ\xaf_Bz\xffio\x15S\xc4ak@#l\xb4]\x1c\xf4\x92\xf2\x10\xe3\t}\x1aV\ts\x9ey\xae\xa6\xe4iV\x14\x1d\xd4\x1f\xf1\xc3h\xa0袎\xde\xec\xf1܉\xd0\x10\x8a\\\xba#ex%2\xad\t\xfb\x8b\xae\x81\x1a\x1f\xe9 |\xd6\xd0ѓ\xe0\xf2\x1c\r\x8b\x04B\xc2O\xfe\xb1ښ\xb4V\xacp>\xbb\xe2d~\x1eV\x12\x10\xb7D{\xd6Ci\x81\x06:\xab j\xb1ȉt\xda\xdb\x11\x93\xd7\xfe\xb0=-%\xf8\xc9\x02\xe9~\xaa\xf5-\xbd]\xbcפL\xabxR\xcfN\x86t5\xdb\xd8\xfe\x83\xd5Ԝ\xa0\xefԗ\x17\x1d\xd4\xf8\xbe\xd7\x1e\xbd!HX\xc9\xc8\xd1%|M\x9aU\x89\x8b\x8b\xe3\xdb\xe4\x16\xca\xd8\xf4\xab\xe8\xf0\x14%\x89\xcd̈́\xf3\x04\xfb\f\x13\xa9$\xbf`\x1a\x97oB\x8e\x9f\xac~G\x97\x126\x05-\x8e\x889%\x94\x98ά\x93\xc7'\x17k\xe2+Ji\x96'\xec\xff\xac\xca\xcby\x14IY\xbb\x12+\xbd\xe6\x11\x8b\x19\xde|\xc5\xe1\x90\x18d\xaf\xee~\xcej>'\x1eIa\xf5r*,\xfc\xd0\xe2c\x8b\fB\x91~\\\xb2\xeb\x01dY$atzS^\xd5\t\xc7~o\xbb@f>\x86\xa2\x1fZɟ\xee`\xb4їm\xa4\x84\xae\x137ʶr\x18c\xa3\xf7\xeac\xbfe\x06\x95\x06\x03U\x04\x03\x137Hellenic Academic and Research Institutions RootCA 2011", "\xa6\x91B\xfd\x13aJ#\x9e\b\xa4)\xe5\xd8\x13\x04#\xeeA%", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb14hb\x96\\\xc0\xcc\xc4\xc8\xc4\xc4\xc8`\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xa0q\xaa!\xb7\x01'\x1bs(\v\x9b0\x93{\x90\xa1\x8b\x81\x13\x88\xc3%l푚\x93\x93\x9a\x97\x99\xac\xe0\x98\x9c\x98\x92\x9a\x9b\x99\xac\x90\x98\x97\xa2\x10\x94Z\x9c\x9aX\x94\x9c\xa1\xe0\x99W\\\x92YRZ\x92\x99\x9fW\xac\xe0\x9cZT\xa2\xa7\xe0XZ\x92\x91_\x94YRi\xe8``\a2\x85Y\u061c\x14S\x82\xf2\xf3K\x9c\x1d\x15\x8c\f\f\r\r\xe4\xc4y\r\r\r\x8d\f\xcc\f\x8dM,M\x8d\xa2\xc4y\x8dA\\C(wк\xbb\x89Q\t9\x88\x19Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x19V\x063<\xd6[\xf6\xad\xefW\xc2\rݩv?t\xb4B\xfc\xce\xeelI\x9c\x12\xe1\xdfo\xdb\xfd\xc4\xf9sigo\xe0\x93\xc3旺:|+\xe5\xb6\v\xddu\xae\xf0\xea\x9a\xf4\xec\xba\xc7U\xfe%V\x9a.\xa6;ؿeȆ\x9e\xb5\b\xfcУbغ\xbe\xf9d\xed\xcb\xf2\xf5o\xa5\xaa\xe7\x8a\xff\xdc<\xd7\"\x80\u007fYT\xe5Ć\xf5\xe6\xeb\x96]6\xfc\xbdU\x8ds\xaeM\xd4\xfb\xc0\xa3\xda\xf7\xa7ž6\x92c\xbaU\xe0\xf9&\x8f\xe7\xc4,\xf3\xde\xef\x1f\xcd\x12\xbc\xd5t\x9a\xe6]\xa8\xf8\xcc˟\xbc$\xd0\xe0\xe1Omu!\xf6\x1b\xaf\xf6J$\xcd\xd8\x10i^\xbb\xef\xddg\x85@\xa7\xa8\xe6\xf7\x93we\x8a~L\x9a;\u007f\xa6e\xd3\xc2\xed%z\xddW\x8erW\xeb\u007f8\xc1u˶\x92k\xd6d\x99\xa5\x1aE\xc5\x13\x9dg-\xbf\xe8\xdbڲseI\xbf\x88\xc3\xf1;\xf7\xd68\xa6\xe4l\x91\x9c͔\x9c\xab\x92\xd2\xef\xb2I\xf5չ\xd8\x12\x9ed\xa3\x98\xde\xf6\xa7Ľ\f\x8c\x8b\x1b;\r\x1a\xdb\f\xf8٘Ce\x85\x19\x19\xff\xb3\xb0\x1a032\xfe7\xe0\x06\t\xf0\xb3\xb0031\xb2\x19Ȃ8|,b,\"\xcb&:\xfd\x15N\xf4R\x9eDZD\xf3\xe9\ra\x16\xe5w\x8e\xaa\x06\xee i9\x16\a\x03\xbb\x056\x06\xacM\xccz\xe9E`*\xb5Ԁ\xad\x89E/5\x05B\xe7\x17\xa5\x1b\xb06Bd\x1b!\xb2\x8dP\xd9F\x88,j\x86`\x06E\x92\xfc\xfbJLJ\xd5y\xf6\x9bz\xda̝\xbc\xfcd\xcc\xe5z\xd3v\xa94\x9e\xf4\x17\xe2W<\xc0<\xbdM57\xf6\xb2\x92抜E\xbc+_۲Eϴ:~\xe6\xf0,\x93\xfa\xd5|'\xfcd\x1e\xfezr\xe7,\xef\xbe\xfd*\xffr\x9eg\x1f\xe2=\xc16ϯ7QcY\xd6ߧߒ^I\xd8\xf8-\b\x9e\xbb\xc9j\xce\xeb\xa5s&\x8am\xf3mz\xc0\xc3\xea\xb12\xe7\xeb\x99\x1f\xa7\xe7zn\xf9\xc0\xb4\xf4o\x01\xf3\xdb.ť\xeb\x84\xdb<\x0f\x1b\x17\xefk\xb7.\xe9\x16wU\xf3\x11\x9b\xd8\xfc/\xbd\xf6\xacor\xfa\xaf\xcf\xccB\xd3*\xd8z7\xa6\xbf\xed\xb3\xdf7ߟ\xe9\xebfN\xfd\xcf>\xed\xf7\xb5NO\xada<\xb3Ƭj\xff\xa2\xe2\xaa\xef\xfd\a\xb7\xceZ(\xb2\xa9\xdfx>\xef{\xa5;i\xd5-{]\xc5\xd9lmN\xed,7\xe9?\xf5꼽\xa1\xdd\xe3\x8e\xc7\r\x9e\xaa'\xa6o\x9d;k\xa6\xef\x06\x9b\x1f^\f\xb3S\xeeη\xf4\xbe\xa8~}\a \x00\x00\xff\xffV\x97\x85\x1b5\x04\x00\x00")) - p.addCertFuncNotDup("0G1\v0\t\x06\x03U\x04\x06\x13\x02HK1\x160\x14\x06\x03U\x04\n\x13\rHongkong Post1 0\x1e\x06\x03U\x04\x03\x13\x17Hongkong Post Root CA 1", "", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb60hb\x92X\xc0\xcc\xc4\xc8\xc4\xc4\xc4\xfc\u0080\x97\x8dS\xabͣ\xed;/##++\x83\x81\xbb!\xb7\x01'\x1bs(\v\x9b0\x93\x87\xb7\xa1\x98\x81\b\x88\xc3%\xcc둟\x97\x9e\x9d\x9f\x97\xae\x10\x90_\\b\xa8` \a\x12g\x16\x16G\x11W\b\xca\xcf/QpvT04\x90\x13\xe7506054505464\x89\x12\xe75\x82pML\x8d\x8c,\xa3\xa8gQ\x13\xa3\x12\xb2'\x18Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x19\xd6\xfc\xb7\xd8\xf62\x8d\xc9\xf3\xf1\xa2-\x0f'\xfct\xe8\xaf\xfc\xf9ho\xe5?\xa6\xbd\xefT&\xc9*}\xbb\xd5Z\x94\xf9\xef\xba=畻\x13\xb72\u0379\xd0\x1b\xf50\xf4p@\xdbNM\xb5C\x8fo.\xf8\x98ɬ\xa1\xd0ત\x1b\xb6\xdc:dj\x98R\xa4\xbc\xc6}y\x05\xdb\xdcEf\xfb\x94\x17l\xccۺQ\xdd\xde2\x98\xf3\xd5\xea\xac\x17%\x9b\x0e\xa5\xc6\xf4\xed\xaf9\\\xd1rv\x9e؟\xafz\xfe\nZ\x1c\xf3\xcb?\x1f\x95;2+(M\xce#\xee\xb1\x00[\xbfҌ\x87\xa9}ұ\xcai\xd6;\x96\x1a\x05\x9eh[\xb5p\xe5\xbc\xfa\xb2)\x87\x96\xe5lw\xfcp\xf5\x04\x9bų+<\x8f>[\xfb\xe4\x06\xf4\x1ciV?(\xdc\x12i;\xaf\xb4d\xdb\r\xa68\xab\tU\a\x9c̊\xded\xf9\xdey\u007f\x84ᾰDx\xbcZʼnk\\\x95\xe5\xfb\xbf\xaf\xdf^\xb6s)w\x8bx\xac\xc0\xab\xfc\x87\xab\xa7\n\xc6\xe7\xda,\x8e\xf1m\x8e\xfe\xb4Y\xb2\xab\xa1\x9b\xbb\x9d\x89\x99\x91\x81q\xb1\x9a\x81\x8a\x81\x10\x1bs\xa8\xac0#\xe3\u007f\x16\x0e\x036F\xc6\xffL\x8c\xcc\x06| 1~\x90\x18\v3\x13\xe31\xb4\xe4\xc0\f\n@>\xb7\xab6\xeb\x1e\xb5ߌk\xecf\x9a\xe1\xc8\xd1\xe3\xb3\xe7\xd6\xedw\xea\xd2Mϳ\\߈u\xfb\xb7.\xf8\xbc\xa9`oԴ]\xa7\xf2r߹u\xe7=\xd7қ\xb6Y\xd2\xf8\xf5\x96\xf9+6\x99\xbf\x9b\xb1b\xfa6\xbdm\xe9\xeaW\x96y\xfe\x95\x99\x9cZ6\xcfI\xff\x8eR\xce,\xffOQ\xa2\x96\x1b\v\xafk\a\xbeȕ\x99q\xe0\xa6֗\x85M\xd5WO:.Rf,\xb1\b\xed\xe6ߩ\x97\xbeH\x81\xc5\xfc\xd6\x1c\xee\xcb\xe2\x8a\x0f\xfa\xa7W\x9a\xe4\xb7x0)\x18K?3q\x99?\xb1\xe0KC\\\x8b\xf3!\xcdK9B\"O\x12{\xd7\bL\x98\xd7\x12\xb0\xfbô|\xd7\xf9]\x9fO\xe5\xf8\xff\x12\xb4\x12\x15u;|V\xbe9Z\xd7Q\xe8m@\xba\xa3\xb0\xad\xe2\xea)]\xab\xfcj\x0en\xfc\xbd\xfc\xdaVu\xfd\xe9\xab\xf3\x1e\xc8>\xba(\xa3#\xef\xf2\xe8Ͼ\x89\v\xe7\xfc\xbe\xa6\x19\\\xdc6?\xf8\x863_\xec\xb5\xe4\xa6Bن\x92S\xdf\x1e1eߌ\x02\x04\x00\x00\xff\xff\xbf\x90i\xc14\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\xb71\v0\t\x06\x03U\x04\x06\x13\x02CZ1:08\x06\x03U\x04\x03\f1I.CA - Qualified Certification Authority, 09/20091-0+\x06\x03U\x04\n\f$První certifikační autorita, a.s.1=0;\x06\x03U\x04\v\f4I.CA - Accredited Provider of Certification Services", "y\xcb\xd0#\xe9:gp\x91tO\xd3Q\xe2\xe0 \xfd\xe1(\xfb", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x953hba[\xc0\xcc\xc4\xc8\xc4\xc4°\xc0|\x81\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x83\xc6\xed\x86\xdc\x06\x9cl̡,l\xc2L\xceQ\x86V\x06\x16 \x0e3\x8f\xa1\xa7\x9e\xb3\xa3\x82\xaeB`ibNfZfj\x8a\x82sjQIfZfrbIf~\x9e\x82ciIF~QfI\xa5\x8e\x82\x81\xa5\xbe\x91\x81\x81\xa5\xa1\xae\x816H/\x17\x8fJ@QY\xde\xe1\xb5\n\xc9\x10\x1dىGzA\xdc\xc4\xd2\x12\x90\x8eD\x1d\x85D\xbdb=C[\x03k\x90rn\x1e\x13\xa8U\x8e\xc9\xc9E\xa9)\x99%\xa9)\n\x01E\xf9e\x99)\xa9E\n\xf9ih\xf6\x06\xa7\x16\x95e&\xa7\x16\x1bȉ\xf3\x1aX\x1aX\x1a\x18\x1a\x80A\x948\xaf!2w\b\xfb\xac\x89Q\t9\x9a\x18Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x19\xb6\x9a\xb5\x9cvj\xfap>\xf5QȬ\x88b\x9dǯEÃ>\x9cW\x8a\xe8h\xe1\xad\xd0z\u007f\xa5\xf0\xd9\xdf.7\xc5k\xf6\xe9\xebL\n\x9f-\x9fd\xa2\xafX\xf7\xecv\x81׃'M/\x16\xef\x998\x8dᾕ\xa6\xb5]\x9b\x88rWx\xf2{\xbd\x97\xd2\xc5\xcfͺ\x12\xab&l<\xb2\u007fU/\xf3э-\xdf.\xde\x17\xda0\xa5\xe0\x03{\xce\xc2h+\xeb\xf0\x12\xd1\x06\x13\xb7\xcf\xd5zMKԷ,c\xba\xb3\xf3\xa9O\xda\xc9%\x97\xff1\xdb}k\x9a\xbc\x97\xa1T\xfdOC\xa2\x98\x9f\xca\xc6\U000ea27a\xdd_\x126}\xd1V+Y\xd2h\xbf_\xf3;?\xf7\xf1݇\xf5V27ݭ?#u'0s\x92\xe7\xbe\x03\xc2\x1f\xfc\x05\x1fk\x9fd-U\xbcd5/p9\x9b蒘g\xf2/R\xe6f+\x15|^\xf6v\xb7\xc0\xee}\n\xa7̶\xbd|\xdc\xf8\xd8Qlұ\xaa*\xeb\xf2\xb5\x8bc*x\u007f\xcc(翑31\xee\x8dǓ\xa3*\x8c\xa7\x99\x98\x19\x19\x18\x1771\xea\x1941j\x19\xf0\xb31\x87\xca\n32\xfega5`fd\xfco\xc0\a\x12\xe0\a\t\xb0031\xb2\x194>\a\t(\xb04\xde7h\xbcc\xd0x\x93\x8d%TV\x81\xc1\xa0\xf1\x82A\xe3Y6\x0em6FVVv&&\x83\xc6\x03R\x8d{CR\xf3J\xf2\x11\xb1[\xa2\x90\x95\xaaPV\x99\x92\x98\xa7\x90\x95\x98\x9d\xaf\x90]\x06N2\xd9\xf9e\x89y\x95\nŕ\xc5%\xa9\xb9\xf9e\x95\xc8\x1a\n\xf2SrR\x15\xaa\x12\xb3\xf3\xf3\x12\x15\x92\xf5\x14\x8c\x8c\xccAi\xc8@!8IO\xa1L\xa1 '\xb1$/5W\xa1*/5/S?$#\xb3X!\xb3X\xa1\x10\x9e\x14!f\xc2\fLN,IUHLN\xce/J\xc9\xccKW(\xc9Wp\xaeJM\xcePpL.Q\xf0\xcbG2\xdc9?'G\xcf@\x16\xe4Q>\x161\x16\x91\xca\xd3\x17\x94_Z\xa5\x17L,\xf1\xbf\x1c\xf8\xe8\x81\xc2߇\x1a\xbfѲ>3()\xd5N]jv\xbd#\"C\xf0|\xea\xefh^\xfdo%\x8dݑ7\xe7z\xee\xf8j9\xed\xe4\x87M\xfc,g\"z~\xb1\x18\xad9\xe0\xbeO\xf7\xf0\xbd\xc9\xdd˦\xb9\xae\v+y:\xcb{\x91\xfd*\xb5#\x1aa\x89*\xac\xe1\xf13\x97\x1cO\xdf \x11t\xf2\xb7㊟O>\xce3:7O\xd4\xf5f\xec\x9a\xdf\xf3n\xcf>nӿ\xfe\xb6\xf7\"\xe5\x17֚\x05\x85\x12K\u007fwAk\xe7\xe6\xde\xe0\b\xbdԘ\xab\x9fn\xf70\xaa\x16\xe7L\xef\xfe\x93\xc0\xf8\xc6a\xf2\xc1\xb7\x81;V\x9dN\xba\xa1j\xb0\xc8\x16\x10\x00\x00\xff\xff\x99\x14\x91;\"\x05\x00\x00")) - p.addCertFuncNotDup("0J1\v0\t\x06\x03U\x04\x06\x13\x02US1\x120\x10\x06\x03U\x04\n\x13\tIdenTrust1'0%\x06\x03U\x04\x03\x13\x1eIdenTrust Commercial Root CA 1", "\xedD\x19\xc0\xd3\xf0\x06\x8b\xee\xa4{\xbeB\xe7&TȎ6v", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbM0hb\xf6X\xc0\xcc\xc4\xc8\xc4$\xc0\xc5\xe8\xd4\xc0\xc0\xc0\xe8\xaa|\xc2e+\x03\x03\x03\x93\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x03/Cn\x03N6\xe6P\x166a\xa6\xd0`C!\x03\x01\x10\x87K\x98\xd33%5/\xa4\xa8\xb4\xb8\xc4P\xdd@\x15$\xc6,,\a\x17Sp\xce\xcf\xcdM-J\xceL\xccQ\b\xca\xcf/QpvT04\x90\x13\xe75410443\xb40422\x8e\x12\xe75F\xe6Rծ&&%d\xaf0\xb22071\xf13\x1841q15112,\x0f\x90\xbcg?\xd3\xf6\x8a\xb1\xdb\xc7\xfc\xc0ĦM+\xfd\xfb\xd3;c[n\x06\xdf\xe5Ѹy\xfd\xc3\xffuS\x9d\x8bf\xfe\xdc\x1a[\xd3u\xd0\xe9\xa1a@\xc9\xc5Fޚ\xb3\xb3\x15W;?Z\xb36\xae-\xef3g\x97|\x94\xd1\xdeE\xaf\xa7\xfc|\x11\xc3\xf5\xe6\xff\x8cK\xeb\v7o\t\x9e\xef\xd7\xfe~Ҟ\xbdo\xfc\x8d\f:\xbc\xc5\xe3\u008f\x04\x1f\xfa\xc64\xbd\xf7f\x92\xf6~\x15\xf9\xa4\xde\xfb\x87whz{V\xd8LN\xe8P\xfa3\xf3\x96ىC\x8b\xae\xe8\x840\xa4\x9b\xe6\x15\xefg\x8a\xf8\xb0\xe4\xee\xd3\r\x8bԪN=0[*)\xf6\xf5\xef\xf6\xf7\xeb\xec\x1d\xbe\xe6F\xb1\xfc=grJ\xe5N\x89\xb2t\xac\xb1\xb0P\xec\x11F\xd5o\x06w\x99b\xe7?\xb8\xea\xbew\xcbk酻==ȍf\xfa\xdc\xf5De\u0093$\u007f\xff\x83\xeb\xbb\xf9J\xc4W\\,\xeaȪb\xf4<\xb3ŭ\xf2\x98\xf8\xc6[3\xe4\xd8#\u007f\x95*\xb6\xa6ޝ\x10v\xee\xf7\xea\xa5\ts\x8f\xcc\xfd\x19\xb4\xa1{o\xfb\xcf~me.\xe52\xeb\xef\xc6\x0fO2|\xce\xfc\xe9\xbd\xe8\x81ߞ\xbaɖ-\xec\xdf]\n\xea\xfe\xb1G=ݸ\xe6\xa2ęO\xa6O==9N\x85\x9d\xb4\xfd\xcd/Q\xdbm}P\xf8\x90o\xffI\u007f>\xf3\x97\xf2\v\xf9\xb2\xee'\xe9\x9d6e\v\xac\xd49\xa1j\xf1\xe5\x97\xf7\xf2Θ9\x97\x1e\xf3Z\xb6y\x95\xd4\\\x8dl?d\xef\xc7\x13\x13\xf4\xc5\xf6{P\xd3\xc7W\x8b\xd7\xfc\xf54\x91\xd2\xf8\xec\xd8a%\xfc\xeeŽ\xff3e\xe3w\x9d~!\xf7ig@\xc2\x01\xc3\xcb\xc5O\xdf\xef[\xf0֘\xbbd\x9f\x82\u0091\xf4\x9c\x0f\x1c\xccU\xa1\r\xf5n~Ӗ\u007f\x91\xb3{\xf8\xed\x06\xe7C\xe3\x14\xed\xe4\xebFq\xf3\u007f\x1e\xa8\xe6\xafȟ\xbeg\xf2\xac\x9fs\x84&TT5\xb4\x8b^/*\x99\x13ZR\xb1q\xd7ü\x02\x96]\xfe\vve\x1c\xae\xfeo\xf8\xa1\xd8\xd6v\x8a\xd6FnG\xbe\x05\xff|;R\xb3+\x8d\xb7\\gbfd`\\\xecd\xe0`\xc0\xc7\xc6\x1c*\xcb\xcf\xc8\xf8\x9f\x85\x85\x99\x89\x91̀\x1f\xc4\x17\x06\xf1Y\r\x98\x19\x19\xff\x1bȂ\x04\xf8X\xc4XD\u07baH\x1e\xb8\xfc\x81\xad\xfbݒ\xea}N\xcf\xd5BN\xf4\x99\x95\xa1e\x18fP\xe2\xe2]7\xc1\xe8\xdb2\xef\x1a\x972\xc9D9u\x8d\xb3q!\xefU\xf7<\xe6\x98\xf0S\xf3\xfa\xba\f\x8e\x87S\x18\"\xde\xeb\xe9\xd5\x05\a\xf5l\x8ba\u007fձkfw\xc0\x94\xebM\r\xf7\x139\x19&\xaf\xe5\x15yv\xee\xe0'\xf3)\x15\x1b\xe2\xe7l^T\xbc\xa3\x9fu\xb2\xc5\xd9^\xbb\r;~\x1f8\xbf\xf1\xd3\x1b]]\xe93oV\xcdڼ*\xa1IZ\xd7\xfap\x8bmx\xd74\xb99\xa5;.\x1b\x9cM\xe0h\x9ep\xb9/\xe4\xa3oځ\xd8\x12f\x87\xc5\xefZ\xeb\x0eɗ\xcfa{qp\xb9Dl\xd0Է'\xef\xaa\xce\xcb\xfd\xb5\xf2\xedb+\x93\v\x91շ\xde\x06|6\xdd\xff\xf6\xb5\x88\xaf\xe1\xf1\x84/\xb7>\xb6\xcfy\xe4\xf1\xe8\xd8Q\xf3\xdfl\x02\xbfJ#\xd3\f\xdd5o\x95͒yٴ\xee\xfd\xac\x9d\x81\xdf;\x94geNM\xb2y\x1a\xda`v=\x84\xe9\xffǝ\xb1\xe7\xae(\xe7\xdfpm\xf1\x8aN}\xdf\xc9sWd\xb9\xc2i\x89\xa5\xaa[x\u007f2~Xt\xe9\vÉ\x92\xbe\x85Z\x1e}\xa9\xb7\x85\x8f\xf0\xf4Y\xb5h\xa7\x96\xf4\x1c\xb3Ɗ\xb7\x87_\xb8=R\x8bt)\x95\xbbY\xda\x19xV\xa0enb\xc2\xe9؟ӕ|\xfbf<{\\\xff-z\xf7\xba\xb3\xa7\xbc\x1a\xb3\xe3\xb8?\a>,\xd1~Y\xa7\xbe\xfc\xe6LO\xbf\x1fK\x1bn\xab\xf2\xcb$'u\x9d4N϶\x11h>\xb6\xf6ފ\xb3b}\xbd\x1f\xd8\xcd\v\xe7\u007fZ\xfd\xc7\xf1\xeb\xc1\xee7\f汜O\xfd\x1a\xde\xff\xda\x18c\xc1\xb6T\xda\xeb\xe1\x1d\v]\x9b;\xab\xe5'H]\xf5\x9a\xf3\xeebAΙw_\xc2\u007fH\xecj\xc9k\a\x04\x00\x00\xff\xffL\xfa\u007f\xdad\x05\x00\x00")) - p.addCertFuncNotDup("0M1\v0\t\x06\x03U\x04\x06\x13\x02US1\x120\x10\x06\x03U\x04\n\x13\tIdenTrust1*0(\x06\x03U\x04\x03\x13!IdenTrust Public Sector Root CA 1", "\xe3q\xe0\x9eاB\xd9\xdbq\x91k\x94\x93\xebã\xd1\x14\xa3", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbM3hb\xf6[\xc0\xcc\xc4\xc8\xc4$\xc0\xc5\xe8\xd4\xc0\xc0\xc0\xe8\xaa|ޭ\x86\x81\x81\x81ɀ\x97\x8dS\xabͣ\xed;/##7+\x83\x81\xaf!\xb7\x01'\x1bs(\v\x9b0Sh\xb0\xa1\x90\x81\x00\x88\xc3%\xcc陒\x9a\x17RTZ\\b\xa8e\xa0\x01\x12c\x16V\x84\x8b)\x04\x94&\xe5d&+\x04\xa7&\x97\xe4\x17)\x04\xe5\xe7\x97(8;*\x18\x1aȉ\xf3\x1a\x9a\x18\x18\x1a\x9a\x19\x9a\x9b\x1a\x1b\x1bE\x89\xf3\x1a#s\xa9m]\x13\x93\x12\xb2\x87\x18Y\x19\x98\x9b\x98\xf8\x19\f\x9a\x98\xb8\x98\x9a\x98\x18\x19\xb6)M\xf9\xb3\xc4c\xfd\v\xf7l\xae\xdf\xeaeO>\xd9wYWy\xe9\x18j\xf5\xf4nXy\xd80{EyY\x8bڶ5\x8dN\xbc\x1c\xafC#vW\xfdؓZ\xfbiAn\xf7\n\xf7\x97Ier\x82\xef8D.nr\x11\xfb\xf2\xea\xc2/9\xfd\xb8ۧ\x8b\x1d\xd7\xeda\xd8\xe0\xa5\xed\xb0i\xcdCk\xefC\xbas\x9f,\x9c\xfdF\xcaJ\xee\x03\xc7\xe6\vOTL\xd9\xe7\xcf\xd9r2(\xf76\xfb\xa9\xfe\xad\xd1\x1f\x9a?\xfb\x1f\xd7]zb\xed\xe9\xa9\nK\f5\xc2#\xa2\x9e\xf4J\xcfZ=\x8f\x97\xe7\x13\x97\xb1\xa5\x92%\xd7t\xbd\xcf\xc1\xe5;]\\\xff\xb6\x9c6Sh\x8cԝ\x95\x9f\xeb\xe1\x91x\xca\xe7~\xf0\xc5\xf5A{\\\xe6\xaf\xd6\xcfn.z_\xdap\x8b\xcdX:\xf6ĭ\xe4c\xbegפ\x19\x9e\xbdxϮ]\xc0\xec\xe1\xce%U\xef\x13\x026\x9d>\xb5,\xec\x81\xf9\xfa\xd5&\u0096\xaa/,Ӟ̨Z%4cNdZ\x9b\xddڏ\x1bNٱ\xf1W\u007f\x10\xf46_\xe0\x92[}zEOᗫ['\x9a\x9d\xf9 zL\xfb^\xa0\xf8\xc6\xe9>\x01\xb6\x1b\xa7Fְ\xd6\xea*^e\xd8Ϙ\xbe(\xaezY̧\xefJ\x1f'\xf0N\xbe\xbd\xca%0\xedLm\x19\xf3\xeb\xac\x15Z\x16\x92\xd3\xcbx\xb3\xbb\x12\u007f\xee\xf9\xf6\xae\xeco\x81\xf6]M\x9b\x1f\\r\xd1N2\xdda\xfa\xa1\xd22\v\xf5\xb6\x1e\x17{\xf6c\x95ͤ\xbe\xccm\x8c\a\xb7\xb6\xcd\xed\xe4綘\x12\xf2\xe2՝y\xb6\xaa{\x82\xd5\xde^]m\xb9ꨃO\xc8\xeaM[n\xde\xfcq\xbd\xe8\xb6̞ܽ\xa9\xf1\xef;L\xb5\xd2\xf4\xdf}ۜ\xfa\xc1\xb8\xb7f\x86c\xa6\x1b\xbf\xb3L\xe6\xaf\xd9[/$f\x9d=\xe5}\xd3g\x82\xdbj\xd1ȅ\xee!\x9az\xcd\x1a\xf12\x87\x16\xad.\x12g`\xebs}\xd3\xfd\xc8ض\xfe\x96\xa4˓\xa4\xa2\xc3\xf7\x95\x8e}\n\xbbr7~j\xd1\xdb\xdc\xf8\xef\x1e\xcc\xd1\u007f\x8fj-\xf8V\xac\xdc\" \xcd\xf8\x9c\x89\x99\x91\x81q\xb1\x93\x81\x83\x01\x1f\x1bs\xa8,?#\xe3\u007f\x16\x16f&F6\x03~\x10_\x18\xc4g5`fd\xfco \v\x12\xe0c\x11c\x11y\\\xf8`ލ\xe5N7o\x17N̞2\xf9\xf5\xe1\xc5\x17E\x16\xa3e\x1bfP\xe2r\xffu\x97k\x83\xe0D\x8b\xb5\xbe\xb1ߟ\xf2M\x0f\x91l\xf2h\x0f\xe9Y\x952\xf3FԿ\x0eƣ\x11KgnT\x0eQޞ%\xab\x10\xfe\x941\xc9Q\xfc2\xe7\xed\xd2\xd3y!\x13J\xffI\xcdo\xe4:t\xf7\xfaw\xce\v\xd1E\xa2O\xe48\xb3l\x8d?+\xcez&Z\xb76\xf0*\xaf\xc0\xdbZ\xa7\x03\xfd\xef\x0e\xcc\xe2\xb8\xeax-\x86O13\xaf!\x91O\xf4\xc0\x8e\xf3G=\x85\x82\xce\xec\xb3:sEς\xf5\x9e\xe9_\xf9\xfc\x1d\r\x193l}\x17\x9crH\xbdT\\\xf3\xb5\xfb&\xd7T\xfb\x1b\xf6ʹR\x17\xb5T$o\xb6n\x16\u007f_\x91\xb72\xe2\xa2\xf2\xe5\xe3\xc2o\x8bT\xebc7\x16\x17\\\xa8g\x9b\xce٢ِ(\xfb+\xee\u007f\xf1\x9a\x05\x8f;w\xc8\x14\x8a\x1e\xbbgX/t\xe7a\xee\xec\xf5\xcf_\xcc/\xad\xf0Y\xedf=\xeb\xdc~V\x89X_Q\x1b\xb1Y\x92\x01,\xb36\xcd\xcaO\xed\x0e\x8a\xb7\x89`\xd1P=\x90\x96hX\xb7\xf3A\xe9N\xa9\x15\x8d\u05ca\xc47\x1fe64\x15\xac\xa8X\xf4\xe0\xa5AO}\xc3\xfd\x88\xfb6\xbbԧ=j0\xc9}<\xe3r\x8a\xfa\x1a\x8f:\x8d\xf2\x98c\xaa\x89\xaa?ZyR\u007f\x1d1\xd2_:\x83\xf5\xc9\x0f\xeet1\xb1cM;\x8c$\u007f\xfe\xdcYyG\xfe\xec\xeb\xf5\xab\xf9\xeeJ\xdfv}R\xf5\x9c\xe9\xd1\xd4\xd8?\x99\x1f\x823\x13\xa7\x96VrDž>\xb3\x90\x99\xb22\xd2xމ\u0092\xca\xfa\xc0\xcem'\xb2v\x18\x9cȲ8\x9c7\uf879\xd8+\xd6$\x9fh!\xf7\xb7˷l\x8e\b;\xee\xf9\xb9^(\x83Ӱ\xf0C\xee\x0f?\xf7\xdf\xd7Z\xdf\x1d\x8dp\x90\\\"\xbb\xfc\xa7\xb7\xb3\xf9\x9d\x8c(\xff\xf3\xaf\x0f\xa5\x94\xdc\xdb\"z\xf3KH\x88\x94\xbe\xcc\xf5\xe9\x85!\x13\xfan*\xcc\r֮_\xdd\xff\xe8\x95\xc1\x9e\x00\xf3\xf7\x1fݷ\xd6\xd6谼ɘ\xbb\xc5\xd3E\xe0K\x91\xb7L\xca\xf3?ϲ'\xdcͬ\xcd\xfc\xcb\x10\xb6t\xfb\x9amk\xb7\x9f\xb2c|?\a\x10\x00\x00\xff\xff\xe1\x05T\xd8j\x05\x00\x00")) - p.addCertFuncNotDup("0O1\v0\t\x06\x03U\x04\x06\x13\x02US1)0'\x06\x03U\x04\n\x13 Internet Security Research Group1\x150\x13\x06\x03U\x04\x03\x13\fISRG Root X1", "y\xb4Y\xe6{\xb6\xe5\xe4\x01s\x80\b\x88\xc8\x1aX\xf6\xe9\x9bn", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xcd6hb\x0e^\xc0\xcc\xc4\xc8\xc4$\xc8\xd0$p~\xc3%\x87Ǒ.\xc9\x0fv'7u3\x18\xf0\xb2qj\xb5y\xb4}\xe7ed\xe4fe0\xf07\xe46\xe0dc\x0eea\x13f\n\r6\xd44P\aq\xb8\x84\x15<\xf3JR\x8b\xf2RK\x14\x82S\x93K\x8b2K*\x15\x82R\x8bS\x13\x8b\x923\x14܋\xf2K\v\fE\r\x84AJ\x99\x85y<\x83\x83\xdc\x15\x82\xf2\xf3K\x14\"\f\r\xe4\xc4y\rM\r\xcc\fL\f\r\rL\x8c-\xa2\xc4y\x8d\x91\xb9Է\xb0\x89I\t\xd9S\x8c\xac\f\xccML\xfc\f\x06ML\\LML\x8c\fk_\xa8\x14\u007f\x111\xff<{\x9ev\xb8\x86L\xfb\xbe;\xdb\xef[L\xe8ɳy\x16\xbe\xa0\xe2{\xe9\xa1E\xff\xbef\xe5}c\xf0\u05f8}/\xa3-\xc7e\xf2\xb6\x8d\xc9\u007fE\x84\xb2\xf7\xcb_ze8[\xb1\ue8b1\xcd.\x8f\xafw+\xefo\xde\xf1_\xe8\xa3\xe2,\xef\x83]m\x85\x99^ii9\xfdu6\x05\xfb\xd7j*\xb1}~r\xe0YúG\xde\xfd\xdbg\xd6Ma\x9e\u007f\xd9}z\xcdL\x0f\xe5\xe0\x17\x16\xeb\xfc\xb9\xf2\x9b\xf5.z\x86\xf74\x94l\xbb\xa5\u007f\xc1\xa2\xb7\x9a\xb9@Q\xba\xf4\x93\x81ͯ\xfeuwo%\xaf~-\xe6\u007f\xa8Oл\xee<\xf7\x8b\xff[\xcb\xf5\xbel\xaa\xf6z\xe0#\xa4\xcaS\xd0ˬ\xb9\xe0a\xb0\xca\x1b\xe1\x9b\xef$\xf7\vl\xf6\xea\xb1\xef\\\x9c\x18xoM;\xfb\x94/Ʌo\xf4\x1e\xe5G\xcfh|\xd8\x19cR\x99S\xf6\xdezBR\xe5\xb3\xdbKf\xe9\xab\x1d\xbd \xf0\x90\xef\xdeM\x81>\xb1\xdfۿ\xaf\xf8~\xfc)\x13\xfb\x8c~3\x8e\xa9\xcf\x1f\x99O\xe35+\x9d\xf7\x9b\xafh\xa3\xec\xec=\xcc?=Yo4\xdeeݢu\xcd\xf1\xe5\x1aƲ\xa9\\\xfc7\xee_\xdd+$o\xaa\xaf!\x9esi\xc6\xc1\x15\x9c)\xe5y\xee\xe6\xbbέ\x89\x8c˘[_t\xad\xf3(\x9b\xa3\xa6]\xa4\xdd]\xb5\xaf*'\x05\x97G-\xf6q\x90w[8s\xebr\xab\xc0\xbc6\xeby\xb5E˅X+\"\xdf\xda\x05V\x88r3\xf7\xf7^\xd0g\xdddW\xed%\xe3]\xcc*\xf4\xe7ث\a\x01\xc25ΓK6\x9f*y\xde'\xcf\xc8q\xc1\xe0Jt\xa1\xd9\x16\xf6]\a\r\fb<\xb67Y\xcfXV\x9bеh\xb1fә]{\x9bY\xa4\x1753;.\xbc\xc6\xfaQ\xfaж\x0f+jڬ\xddVxhu\xdc)\x9bU\xb6_>k\xa9\xadd\xffk\x8b\xcf)\xf7Nh\xf3ri\xfc\xff~\xfb\x91\xa8\xd3\x15\xa5\v\xea\xb1\x0f+\xffI\xab\xde\xf6\xf4\tcq\x03G\xc7\t\xa9\x88o/g\xe7\xa1e\x1dfP\xe2\n\x95\x8fX\xb9gӊ\x80\v<\x1boHe*\xa8kr\xacI,\x8d\xe9\xca\xfb\xd1\xf44S\xff\xea\xb70\xef\x9d;\x8a\x05\"/+N\xaf{\xeeS\xf8{ӥ\x84\xb5\x96+\xb8_\x89+\x86\xb5~\f\xe0\x8b|}\xeeA\xe4\xcb]'E߷\xcd\xedoi\xf8\xf6\xe4\xe5\xc4\tw\xc4g'I\xbb~H\x9bz\xa9&\xff\xd0+\xeb\xf7\xf2\xe7O_[\xa7\xfeq\xe5\x86\x13\xeb\xfe\xd6\xd6\xcd\xfa\xa5\xc4\xf2\xfa\xff\xcd\xfaW\x13\xb5\x956\x8a\xf3\xf5\u007f\xea2\x89\x8e\xb8\xf1\x87\xf1d\xc8\xce\x1djg\xba:\x8c;}t[l\x9a\uefdb\x16κKg\xf7\xf7#ۏ\xfbY7\xed3<\xa1T\\<\xe9⡆%\x96\x96\x02\xc6\xcaM>6\xf3\xdb6\x85ΐݧ\xd9֣4{ޣl\xebp\xab\xa6\x02\xdf;\x9c\xc7;Os\xb1\xfb漈\xed;\xf9\xfe\xdc\xea㻷j\xfb\xb9^\xf3\xba\xa0v\xe6i\xd1)\x8e\xac\xa5S\x1f\x8b.\xfc\xbe\xe4\xedI\x9d\xf8\xa5\xbf\xff\xaf\xd1`\xd2\xdbw\xbdz\xf7\xe3\xc2\xea\tb\x97\xd9\xe3܂k\xccٝz.\x1f\x996\xe7\xea̭Z\x0f\xa6J5x\xac\xf3\xb1d?w\xc6}I\xd0T\xed];~\xaf\xbdd\x1c\\\xfbT\xd67\xf7\xea\u008dǝ\xf2\x9f9\xa8\x9b\xc6,\xd6\xd8\xce\xde\xfb\xbc\xd7x\xc2s\xe5\xf9\xbf\x03\xe6T\xe6\xb8]\xdd\"\xbayZ^\xddl\x9eiV;\x82t\xed\xafE?\xfc\xcdq\xa8\xe5\x9fʊŝ\xb7\xd6d=\x94\xd0ڸ\xc291\xfa\xb2\xfc\x1d\xeb\u07b2O\xba/zK\xef\x8b\x1b\xe7\xd8\x06\xff\xae>\xed\x18\xff\xff\u03a2\v\x89\x16\x0f\xa7\xedX\x13\xdbm~\xbd\xf4\xaa\U00041642\xeb\xe6:\x1e,*m\xd9\xc7\xe4\xe8\x14\x9f\xae\xe21\xe5\xe2l\xf5}\xec\xf6;w\xf87\x96\x04>\xac\xda\xfev\xae\xf2\xa3}\x0f\xaej\xb0\b\xdb\x182ϻ[\x95\xd3\u007f\x8c]\xe2X\xfd=\xf7>{\x8dy,l痆\x98\x94\xef}\xd39\xfb\xa5\xb8\xf3\xfd\xe8\xdb\xf1\xff\xfa\xe4\xc2\x17\x9du\x98[\x97\xa4t랄: \x00\x00\xff\xff\xb2\xa5\xe5eo\x05\x00\x00")) - p.addCertFuncNotDup("0\x81\xd01\v0\t\x06\x03U\x04\x06\x13\x02ES1H0F\x06\x03U\x04\n\x13?IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S81B0@\x06\x03U\x04\a\x139Avda del Mediterraneo Etorbidea 3 - 01010 Vitoria-Gasteiz1\x130\x11\x06\x03U\x04\x03\x13\nIzenpe.com1\x1e0\x1c\x06\t*\x86H\x86\xf7\r\x01\t\x01\x16\x0fInfo@izenpe.com", "\xeaVO\xec<\x83\xa1\x14\x88x\x81\xb2+\x05\"\xc0\aA[B", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x897hbv_\xc0\xcc\xc4\xc8\xc4\xc4\xc8h\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xa0\xf1\x82!\xb7\x01'\x1bs(\v\x9b0\x93k\xb0\xa1\x87\x81\x1b\x88\xc3%l\xef\x19\xe5\xea\x17\xe0\xaa\x10\xac稧\xa0\xab\xe0\xec\xe9\xa6\xe0\xa8k`hllndf\xa0\x1b\xe4\x9bZ\x94\xac\x17\x96Y\x92_\x94\x99\xa8\xeb\x9eX\\\x92\x9aY\xa5\x10bh`j\xaa\xe0ff\xa4\x10la\xe8d\xe0\x002\x89]\xd8ұ,%Q!%5G\xc175%\xb3$\xb5\xa8(1/5_\xc1\xb5$\xbf()3%5Q\xc1XAW\xc1\xc0\xd0\xc0\xd0@\x01\xcd@Ca\x03A\x90\x19\xcc\xc2\\\x9eU\xa9y\x05\xa9z\xc9\xf9\xb9\x86r\x062p?p2\x8a\xf1{\xe6\xa5\xe5;d\xc2\xe5\r\xe4\xc4y\r\x8c\r\f\x8d\r\x8c\x8c\r\f\f\f\xa2\xc4y\r-\x90\xb8\xc3\xd1\xcbM\x8cJ\xc8\x11\xcb\xc8\xca\xc0\xdc\xc4\xc8\xcf`\xd0\xc4\xc8\xc5\xd4\xc4\xc8Ȱ5\xef\x16SlE\xe6}!1\xfe\a\x85\xd3O^\xe1\x964\xea\\s\xadnvI\xf5zݟܵ\xbf\u00925\xa7\xcc\x15\xe6\xed\x9be\xa7\xb5o\xff\x8a\xbd\x92\xcd1o\x1fEM\x9dj\x99\xf0\xf4\xceē=\xe5\xbbH\xef\xda;\xd1G\xd5l\xd2\xf7[)~\xbbL\xb6\xa7\xb9\xfc\x9a\xc9\xf2YM\xbd\xbb\xc3\xf7\xfa\xe5n\x93\x1d\xadZa\x9e\x96F\x12wd\xc2\u007fg\xc5\xf2>\xd1y\xbc\xd5\\=\xb6\xc9\xcb<\xadV\xc04g\x92\x9f\xc6\x14v\xb7\xee\xbey^m\xe1y\xa6|\xf63T\x84\xec6\x84N\x10gbfd`\\\xecd\xe0`\xc0\xcf\xc6\x1c*+\xcc\xc8\xf8\x9f\x85Հ\x99\x91\xf1\xbf\x01\x1fH\x80\x1f$\xc0\xc2\xcc\xc4\xc8f \v\xe2\U000f1231\x88\xbc\n\xf3\u007fcӼP\xa4\xa3\xa2q\x936\xab\xd2\x01v\xc7h'\xb4\xec\xc3\f\nܤyτm\x1e\x1e^e)\xfb\xaf\xce\u007f\xa6\x8c\xf2\xeb\n\x969\x8b\x14sv\xef\xa9\xf4\xde\xfcqO\xc96q\xeb\xb3Q柍\x9b\xef\xee\xa98r\xd1_&\"e\xbfl\xf9\xed\r\x1b\xe6\x95\xf8\x86_\u007f\xb1W\xf0\x81͆\xd7\x1cK\xdaˏ\xbbm[\xfb\xed\xf9\xf5\ued4f\x9f\xac/M:\xf5;\xb3j\xb9x\xbdl\a\a{\x92\xd7\a\xeeJ\xbd#\x05\xd1_t\xb9\xd8\xed\x16~\xe4\xb3\xfc\xb3`\x93\xf9\xf6\xf2\xf7\xac\r\xab\xeb\x8dN\t\x1f\x9e\xbax\xfd\xa9F\xabܫz\xda3\x82gO\x94`\x9e\x94f\xaf\xf5\xd09r\x05ϛu\x95\t\x0e\xfd2g\x04N\xfc\xb3`3\x95\xbf+\xa3\xf7o\xc3fk\xad\xaa=\x81k\xaf\x9c\x93\x11\xcf\u007fs\xe2\xa0@W\xbe\x80\x8bJ\xacOh\f\xcf\xd1]O~\xcdή\xbd\xb2\xfd\xf9\xc1\x9f\xf5J?\x93e\x97:\xbd\xb1,:%\x12!c\xd7\xfcP\xa6\xee!\xd3\xcaGW\xbb\xf7ͱ\xd2s\xb2kX\xec\xf9\xb7݇\xebH\xa4\xb3!\x8b\b \x00\x00\xff\xff>f\x9ajc\x04\x00\x00")) - p.addCertFuncNotDup("081\v0\t\x06\x03U\x04\x06\x13\x02ES1\x140\x12\x06\x03U\x04\n\f\vIZENPE S.A.1\x130\x11\x06\x03U\x04\x03\f\nIzenpe.com", "\x1d\x1ce\x0e\xa8\xf2%{\xb4\x91\xcf䱱\xe6\xbdUtl\x05", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xfd`\xd0\xc4|c\x013\x13#\x13\x13?\xdb\v7u}y\xae\xfe\x8b-1\x8f3\xbf]5\xe0e\xe3\xd4j\xf3h\xfb\xce\xcb\xc8\xc8\xca\xca``a\xc8m\xc0\xc9\xc6\x1c\xca\xc2&\xcc\xe4\x1al(b \x04\xe2p\xf1p{F\xb9\xfa\x05\xb8*\x04\xeb9\xea\x19\n\x1b\b\x82D\x99y\xb8<\xabR\xf3\nR\xf5\x92\xf3s\r\xe4\xc4y\r\xcc\r\x8d\f\x8d\r\x8d\r,\x8c̣\xc4y\x8d\xc1\\\x10\xc7\xc84\x8a\x02\x93\x9b\x98\x94\x90\x9d\xc9\xc8\xca\xc0\xdc\xc4\xc4\xcf`\xd0\xc4\xc4\xc5\xd4\xc4\xc4\xc8p\xf2r\xd5)~\xb95\xcb\xdb^\x88\xa5fm<$\xedjT8\xf5\xe6?\x81\xe83\xeb\x9f/\xadd\xec\xef<|\xeaSh\xe1\xf7\xf2}\xe5S>\x17-\xd1q\xb91o\xd2l\x11\xab\x85\xcfU&pq\x85\xf5\x1d\xbd\xa16\xe5\xe1M\x8f\x87\xbav\xb7\xb8\x8a\xee.\x9e)z\xabqQ\xfb\x97\xea<\xb5\xf2Έ\xb5\xd7^\xf3lr\xac*\xce˽]U\xe1\xf8\x92\xa3C\xa8\xae]/M09'\xe4\xb7\xcdܢ\x03{\xf4\xfe\x1f\xda~\x97\xb7\xec\xb1\xd5\xf5\xef[2\xf6-\xfa\xfa\xb81\xef\xa0[~l\xef\x03\xdfc!\xa1\x9dRƆ\\\x1b\xc3w.\xee\x9aq\xf8\x8d\xb5\xc9ѩ\x8e\x99u\xa5\x87l\x14\x8e&\xee\nt_\xa00a\xf2\xc2\tޟ\xfdjZ]Cf]dUsܰ\xd5W\xd6x\xdf\x11\xe6\x13\xaa5\a\vn[\u007f\xe1\xd4\rQ\xf7X\xa3\xff\xf0\xc8\x1a\xbb\x13\xa7'\xf9\x04[\x9a+\xbf\xb9\xcc\xf8\xf3\x01\xa7\x8b\xafoʁ\x87\xbcQ\xedJ{\xd6J/\xfe\xa7\xb6U\xf4\xf3\xf2?-\x92/\xdf,\xec\xd8\xe2\x92\xd9\xd2\xfc\xb9\xf3b\t\xdb\xca3\xdc\xd7\x0e\xddSo\rP;%\xbe\xe3dU{\x98\x8e\x14\xa3\\\xce>\xe1\xb5\x02k\xb6\xaa|\xb5\x98\xb8\xf0\x9a\xf7\xad\x8f\xbb/\xdds\xdf\xfaqO\xe3\xb7\xc8\xec\xf3\x92\xc1/{EO{\x9d^\x99\xef\xf2T\xda\xf1\xfcö\xe5\xa7.d\xcd\xdf\xe3\xd3\xcbf\x1c\xb5\xa8\xf5\xe9\x04\xd3\x05I1b~\x1f\x1e/\xfa\xc5,\xb5E\xa7ps\x84νj\xee\xdbR\xfc\xaf\xef)ʳ\x95\xb31o8\xf9~\xe6\x9f\x03;\xfd\xb9\xdb4\xfe]\xda\xf9\xea\U0006d947\xdd3\x85\x1e\xdc\xfe\xf0M\xb2\xfbmu\xc1u\xa6ko\xdb%4tXT|ʟxtI\x1d\xb3\x9eu\x85\xffԯ\xd2K\x8c\x0eQ\xbd\x95\xfb\xbb\xcf{\x9f_%vpꓵ>]v\xe2\x13\xaflLz\xda\xf4\xb4\x81e\ts]\xef\xfe[\xf5\x8b\xf8\xa7\xfb\xf3\\\xe6\xfd}\xfd\xe2Ӣ:\x99\x13\xe5\xff\xa3g\xf1o_\xc7\xea\xf6\xf4\xe3\n\xb17\xeeKę\x98\x19\x19\x18\x177~3h\xfclи\x81\x8d9TV\x90\xa5q\x85A\xe3\xd2F\xfe̼\xb4|\x87LxRZ\xd28Ѡ\xb1\xcf\xd0\xdd\xc0\x15\x92\xf6\xec\x90Ҟ\x82\xae\x82\xb3\xa7\x9b\x82\xa3\x81\xa1\xb1\xb1\xb9\x91\x99\x81n\x90ojQ\xb2^XfI~Qf\xa2\xae{bqIjf\x95B\x88\xa1\x81\xa9\xa9\x82\x9b\x99\x91B\xb0\x85\xa1\xb3\x81#\xc8 N\x1e+Dz\x94D\x85\x94\xd4\x1c\x05\xdfԔ̒Ԣ\xa2ļ\xd4|\x05ג\xfc\xa2\xa4̔\xd4D\x05C\x13\x05]\x05\x03C\x03C\x03\x054\x13\r\xf8A.\x16fd\xfc\xcf\xc2j\xc0\xcc\xc8\xf8߀\x0f$\xc0\x0f\x12`afbd3\x90\x05\xf1\xf9X\xc4XDdeR\xf9V|R\xad\xde2\xf1\xfc\x93\x8d\x1b\x9f\xed\r-\xc9aE\xcb\xc1̠\x1cq\xbc\xd1-_Q\xc2\u007f\x01\xeb\xfb\xe7WwM\x0fX\x94\xf0v\xe9$\x11\xa9\xa0\xd9??vx-\xb8SQz\xf1\xaa\xfcT\xbf\xa3Ϸg>S\xfa\xf2Cs\x85V\xe7\xbe\xf3\xe7\xcb\xfa\x1f\x1b\x16\xcfU\xbb,#\xed.\xa6ɞ\xd1\xd2u\xe9\xf7Fi\x15\xbbK3$tT\xfa\xd6\u007f\xab~\xe5\"&\xadu\xe4ׂ\xe9/_\xe5D,y_\xba\x9a!\xe9\xe2ܷ\xc2f\xb7\x95\xb8\xb7}\xb8\xf8%\xafڭ\xfd\xd0\xdc={\xf79Yo/\xbe0K\xcbfK\xb4\x90\x18\xc3zI\xcb\u07b5\xcd\x012'\x1a\xfd\xf72\xf1\xdb\xce3\x9d\xf6\xee\xfd\x93C\xcc5\x9a2Lu{M\xd4\xe3\xd6\a_\x9b+\xbe?<\xe7\xe5\x85f\x81\xf5\xfbc}\xdfO\xa8\x8e\xd5^\xf3\xe6U-\x83\x9a\xf8\x19\xa6\x98\xe4\xeb\x92\x12\xcb\xdfh\x1fﲋ\xe0\xebj\u007f\xd6<\xdfo\x93\x89ܚ\x10N\u007fY&n˺F\x0eѝ\v2\x85O\x18i?^\x9b#|\xady\xae\xb2\xee\xa6\xdcE\x1dmu+x\x19\xd58\x1dn\xbe\xd5\xf0뙬\xc2\u007f\xfb\xa3\x9coUUԣ\xa5\x11\x1f\xef\xf4\xc7\xcfl\xe2\xd1;\xbf\xe9\xee\x8c3\x93\xa6\xd8\xff\xe4ܼt\x9aj\xb4\xf9W\xa1V\xc7G\x92>Ǻ8\x0eޑ\xa8◳o\x8a\\4\xcb\xce\xfe\xe7\x03\xce\xf9\u007f\x0fN\xf4\x8e=Y}m[\xe7\x9f\xfb\xb25m\xab\xce2\u007f\xe2\x0e\x9a\xf41)\xbf\xbe\xfd\xd5겓9\x01\x87$\x9b֯\x92\xfd\xaa\xa0\x91\xa1w\xf5O\x8a\xb9\xff\xf9\xa5.G\xf6\x15m\xe9)ْ\xb3\xfcק\xbd%\x16\xce\xda\xf7\xd6\xff\xbcs\xe3\xc1\xdc\xf9wlO-Mv\xd9?i\x91\xbfO\x83\xccn\xa9ó\xbcXB}O\xbdS\xe3\x96\xd9\xcft4\xe5\xf2\xbc\xbaK\x97'\xcax/\xfa*\xf3T\\\x86\x97'h\xf1D\xf99\x1f\x14\xdf2M\xc9_\xb9\xc0\xf3\xd4\v\xe7\x9e#_Ln\xd5(->\x96f\xb7C\x9a\xb5#vמ\xef{\x9e\xde\x11\xb1]\u07b6b[d\x90\"s\\\xf7c\x96\xb7\xdeZr\x8b\xfd\x03\x00\x01\x00\x00\xff\xff\xfa\xf2\xb57\xf4\x05\x00\x00")) - p.addCertFuncNotDup("081\v0\t\x06\x03U\x04\x06\x13\x02ES1\x140\x12\x06\x03U\x04\n\f\vIZENPE S.A.1\x130\x11\x06\x03U\x04\x03\f\nIzenpe.com", "\x1d\x1ce\x0e\xa8\xf2%{\xb4\x91\xcf䱱\xe6\xbdUtl\x05", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xfdh\xd0\xc4|s\x013\x13#\x13\x93\x00Æ\xedQb\x1e\xf1\xfb\x1f\x9e\xfe\xda}]\xf2Y\xad\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x03\vCn\x03N6\xe6P\x166a&\xd7`C\x11\x03!\x10\x87\x8b\x87\xdb3\xca\xd5/\xc0U!X\xcfQ\xcfP\xd8@\x10$\xca\xcc\xc3\xe5Y\x95\x9aW\x90\xaa\x97\x9c\x9fk '\xcek`nhdhlhl`ad\x11%\xcek\f\xe6\x1aX\x18\x99\x1b\x99FQ`r\x13\x93\x12\xb23\x19Y\x19\x98\x9b\x98\xf8\x19\f\x9a\x98\xb8\x98\x9a\x98\x18\x19N^\xae:\xc5/\xb7fy\xdb\v\xb1Ԭ\x8d\x87\xa4]\x8d\n\xa7\xde\xfc'\x10}f\xfd\U000e554c\xfd\x9d\x87O}\n-\xfc^\xbe\xaf|\xca\xe7\xa2%:.7\xe6M\x9a-b\xb5\xf0\xb9\xca\x04.\xae\xb0\xbe\xa37Ԧ<\xbc\xe9\xf1P\xd7\xee\x16W\xd1\xdd\xc53Eo5.j\xffR\x9d\xa7V\xde\x19\xb1\xf6\xdak\x9eM\x8eU\xc5y\xb9\xb7\xab*\x1c_rt\bյ\xeb\xa5\t&\xe7\x84\xfc\xb6\x99[t`\x8f\xde\xffC\xdb\xef\xf2\x96=\xb6\xba\xfe}KƾE_\x1f7\xe6\x1dtˏ\xed}\xe0{,$\xb4S\xcaؐkc\xf8\xce\xc5]3\x0e\xbf\xb169:\xd51\xb3\xae\xf4\x90\x8d\xc2\xd1\xc4]\x81\xee\v\x14&L^8\xc1\xfb\xb3_M\xabkȬ\x8b\xacj\x8e\x1b\xb6\xfa\xca\x1a\xef;\xc2|B\xb5\xe6`\xc1m\xeb/\x9c\xba!\xea\x1ek\xf4\x1f\x1eYcw\xe2\xf4$\x9f`Ks\xe57\x97\x19\u007f>\xe0t\xf1\xf5M9\xf0\x907\xaa]i\xcfZ\xe9\xc5\xffԶ\x8a~^\xfe\xa7E\xf2囅\x1d[\\2[\x9a?w^,a[y\x86\xfbڡ{\xea\xad\x01j\xa7\xc4w\x9c\xacj\x0fӑb\x94\xcb\xd9'\xbcV`\xcdV\x95\xaf\x16\x13\x17^\xf3\xbe\xf5q\xf7\xa5{\xee[?\xeei\xfc\x16\x99}^2\xf8e\xaf\xe8i\xaf\xd3+\xf3]\x9eJ;\x9e\u007fض\xfcԅ\xac\xf9{|zٌ\xa3\x16\xb5>\x9d`\xba )F\xcc\xef\xc3\xe3E\xbf\x98\xa5\xb6\xe8\x14n\x8eйW\xcd}[\x8a\xff\xf5=Ey\xb6r6\xe6\r'\xdf\xcf\xfcs`\xa7?w\x9bƿK;_=\xbe\xb5\xf4\xb0{\xa6Ѓ\xdb\x1f\xbeIv\xbf\xad.\xb8\xcet\xedm\xbb\x84\x86\x0e\x8b\x8aO\xf9\x13\x8f.\xa9cֳ\xae\xf0\x9f\xfaUz\x89\xd1!\xaa\xb7r\u007f\xf7y\xef\xf3\xab\xc4\x0eN}\xb2֧\xcbN|╍IO\x9b\x9e6\xb0,a\xae\xeb\xdd\u007f\xab~\x11\xfft\u007f\x9e˼\xbf\xaf_|ZT's\xa2\xfc\u007f\xf4,\xfe\xed\xebXݞ~\\!\xf6\xc6}\x898\x133#\x03\xe3\xe2\xc6o\x06\x8d\x9f\r\x1a7\xb01\x87\xca\n\xb24\xae0h\\\xdaȟ\x99\x97\x96\xef\x90\tOJK\x1a'\x1a4\xf6\x19\xba\x1b\xb8BҞ\x1dR\xdaS\xd0Up\xf6tSp40466723\xd0\r\xf2M-J\xd6\v\xcb,\xc9/\xcaL\xd4uO,.IͬR\b1405Up33R\b\xb60t6p\x04\x19\xc4\xc9c\xe5X\x96\x92\xa8\x90\x92\x9a\xa3\xe0\x9b\x9a\x92Y\x92ZT\x94\x98\x97\x9a\xaf\xe0Z\x92_\x94\x94\x99\x92\x9a\xa8`h\xa2\xa0\xab``h`h\xa0\x80f\xa2\x01?\xc8\xc5\u008c\x8c\xffYX\r\x98\x19\x19\xff\x1b\xf0\x81\x04\xf8A\x02,\xccL\x8cl\x06\xb2 >\x1f\x8b\x18\x8b\x88\xacL*ߊO\xaa\xd5[&\x9e\u007f\xb2q㳽\xa1%9\xach9\x98\x19\x94#*\x96\xf1\x88y\xcd\xf7\xe9\xb0:p\x9ao\xa9X\xed\xfc\x9d\x1e\xf1\x12\xfd\xbcIf\xdf\xceJf\xafY}\xf5\xdb\xc4\xdau\x85\x9f\xed7\xf3U\xb4Ξ\xbaD]\xd1\xddɫ\xc6\xc3\xea\xabk\xcdf\x9e\xbe\xc0\x8a5S\x85\xef\x1d\xfb[\xbbCj\x82\xcf\xeaI\xcc\xc7\xdf:1\x9e㿱\xf1עI\x0f\x13r\xd7Ues\xae:\xa6\xf9.\xc33ݠA\xa5\xcaP\xcc2\xba\ue8cc\xde\xdd\x1cε\x9f\f\x0f6\xf9\xed\xdc\xfds\xdf~\xadV\xfb\x03\x0e\x8b\xad\"\xffDz\xdbh\xa8\xdc\xde\"Z\xba\x8e\xb7c\x97^\xf1\x81\xbd\x11\xedO\x9d>\xbd\x8e{'g\xa04\xf3\xb4\xf9\xc5#\x8a9\x8do\xf6\xe5\xaa=\x93y\xe2\xa40\xcf}Ú\xe6\xc8\x02\x1d\xd3k\xeb\xcdL\xb6\x9c\xb5\xfea\xb4\xe2\xfd\xe3\x8a\xce߽\xae:\xb7\xe6\xec\xa8s\x90I|n\xb7h\x92\x8e\xf7\xa7\xb3\xbffl\xd3\xfc\xff\xf9S\xf5Jy\xbd\x05\x93õ\xef\xb52\xff\xcc4?=\xaf\"\x8bu\xcbQÊ\xce7U\xcb[\x1f\ueb36\xb9\xb7O\xae\xb2\xe5\xdc\xfc\x02\xbe\xc8C\xa6z\x13\xb4\fo>q\xadr\\\xa2'<ۄ/\xad\xdasu\xca\xf4\vn\x87+\xe7\x16\x05$/\x9b\x11Ͷ\xd7#\xf7\x86es\xc1\v\xd3\x0f\xac\x17W\xedy|\xfb\x04ӫ\x9a\xbfM\xb7\x0eE\a\x99\xae\x9ba\xb5v\x97\xe9d\xe5\xe5\xf2\x1ewM\xddfl\x12\xc8x\xb2\xd4\xf0\x10W\x84\x9ed\xa3\xc0ɀ\xd2?\xaf\xa2\xc4\xce\t^\u007f\xf7>\xa0C7\xf1\xbf\xbdS1\xeb\x14\xe7\xab}6~\x8cV\x92K\xe5\xdd\xfc\xca/\xc4>mTRl\xff7\xa5\xb6\xe5\xc6\xe4\xb5\xd72\x9c=6\xdd~]\xac\xf2|b}Ȓm\rvs\x17\xdb\xf8\x14\x1d\n?\xb2\xe0\xca\x19\v\xf5sW\xd9\xe6-\xf2\xb8\xf9r\xfe\xb9\xa6\x02\xb3ɳ\xac\xefOS|\x1c\xb9\x9d\xe7\xd6D\xf3\x0f\u007f#\xa36\xcf<\x91\x99\xe3\xac\xc6h\x9a\x9c\x10\xda\xc9lUzc\x97\xd7͐\xff\xef\xee5\xdcнhq5N\x97{F\xad]\xce\xed?j\x1d\xc7\x01\x01\x00\x00\xff\xff)\bӍ\xf5\x05\x00\x00")) - p.addCertFuncNotDup("0d1\v0\t\x06\x03U\x04\x06\x13\x02KR1\r0\v\x06\x03U\x04\n\f\x04KISA1.0,\x06\x03U\x04\v\f%Korea Certification Authority Central1\x160\x14\x06\x03U\x04\x03\f\rKISA RootCA 1", "\xbf\xb6'\xd8\x03ZveLa\x01AV1\xe5\x8b{:\xd9\xcc", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb.6hb\x8a^\xc0\xcc\xc4\xc8\xc4\xc4\xc8b\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1 Őۀ\x93\x8d9\x94\x85M\x98\xc9;Ȑ׀\x1b\xc4\xe1\xe2a\xf1\xf6\fv4\xd43\xd0\x01q\xb9yT\xbd\xf3\x8bR\x13\x15\x9cS\x8bJ2\xd32\x93\x13K2\xf3\xf3\x14\x1cKK2\xf2\x8b2K*\x15\x9cS\xf3J\x8a\x12s\f\xc5\fD@\xea\x99yxA\xda\x15\x82\xf2\xf3K\x9c\x1d\x15\f\r\xe4\xc4y\rL\r,\x8cL\f,\fLM̢\xc4y\x8d\x90\xb9trE\x13\xa3\x02\xb2\xf7\x19Y\x19\x98\x9b\x18y\x19\f\x9a\x189\x98\x9a\x18\x19\x19\xf6\xb0<\xf9%l\xf9\xc1d\x9aBvN\xc6\xee_\xb7\xcb\xff\xab\u007f_\xf3F\xff\xf9\xdf\x0f\xf5\xb9\xf9=ZgU9\xa3U\xbe,\xcc\xf8\xa3\xf1\xe6\xa4\xea\xa35o\xef\x9d0n\xf9\xbaa)\xa7\xd5\xf2\x8d\xee\x1eG\xcf\xf8\xf7T\xce\xf9\xc9\x16^{\xf7\x9dŷ\xf3\"\x9b漺| \xb6<\xe9\x83;\xefN)\x87\xe0\x98\x94\x82\xf5\x1cQ\a\xbe\x9f/\xfd\x99ӛ\xa2!\xa7\xf0o\xbb\xb4\xe4娴\xe6\xa2G\x1bfャ*\xcak\x94\x9fb>\xa5\xd5\xedDѾ\xf2\xaby\xf2\x1a\xfa\xc73\xdf>o\xee4\x8e\xb8|o\xc1~\x87\x17\xce\x01\xef\xee\xf8f\xefY\xfajىľ\xaf\x87Sֳ\x89\xde\xd1\xec\xb6/\xed\xd9S\xe8r\xfb\xcfڭⲹ\x9d\xcd\xe7\x8f\x19\xef\xdd\xef\xba\xe8\x1f\xd7\xfcł\xf1\xfc;\xe5\xe7H\x1dr;3G#m~\x81\x9a\x8d\xde\xfdU\r\xffz\x8e\xb2p\xaa\xfa\x9f\x9d\xecnc\xfe\x8a)}ҿ?J*1k.\xe9<\x88a4\xee:(y\x9b\x89\x91y\xb1\x91\x81\x81\x81,\x1bs\xa8,\x1f\x8b\x18\x8b\xc8\xfem\xea7\x98\xa3\xcaR}\x12\x19\x1d\xc3\f\x9fvW[\xdd4\xb8$\x9cw\xd2oc\xf9S\x96\xf3k\xa3\xe4\xa6pF]\xb7\xe1\x90YW\xf5R\xc4\xe8\xa0\xeb\xdaKj\x1eEkV8\xde\xfa\xa0\xd8n\x19w\xffO\xca\xff\xc4\x12\xad97gw\xc7\x1f2\x9f|c\xb1\xb9\xbe\xf5\xe4\xecM\xd2\xec\xcb\xeb9\x03\xde_\xb6ڧ\x98\xdd5\xc1Z\xdd+\xd0/{ޜ\xf6\xb9?*&\x18\xbe\x15T?\xb6\"r\xdf\x1f\t\xee\xdf}uzN\x0f\xdf>\xe7TܻS\xf8hX\xfa\x17\xb5eN\xce\x13\\B\xb6\x14\xce.{\"%\xb4FJ\x83\xe1\xfe\xec\x83W\u007f\u070eY\xfcc\xd2ƽ[\xae\xfc\f\xb8\xc9\xc0\xe4\u007f\xbb\xf9\x82\xa0\xff\x12\xa7\xb0D\xab:a\xa3\xcb-\xf2'w\x01\x02\x00\x00\xff\xff\xe5V\xacdw\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\x821\v0\t\x06\x03U\x04\x06\x13\x02HU1\x110\x0f\x06\x03U\x04\a\f\bBudapest1\x160\x14\x06\x03U\x04\n\f\rMicrosec Ltd.1'0%\x06\x03U\x04\x03\f\x1eMicrosec e-Szigno Root CA 20091\x1f0\x1d\x06\t*\x86H\x86\xf7\r\x01\t\x01\x16\x10info@e-szigno.hu", "\xcb\x0f\xc6\xdfBC\xcc=˵H#\xa1\x1az\xa6*\xbb4h", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xe12hb\xfa\xb4\x80\x99\x89\x91\x89\x89\x93\xe1P\x9d3\x8b\x9f\xbb\xbd\xa4\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x83\xc6&Cn\x03N6\xe6P\x166a&\x8fPCA\x03~\x10\x87\x9d\x87é4%\xb1 \xb5\xb8\xc4P\xcc@\x04$\xc4\xc5\xc3뛙\\\x94_\x9c\x9a\xac\xe0S\x92\xa2g\xa8n\xa0\n\x12g摃\x8b\xa7\xea\x06We\xa6\xe7\xe5+\x04\xe5\xe7\x97(8;*\x18\x19\x18X\x1a\xca\x1b\xc8\xc2-\xe5d\x14\x13\xc8\xccK\xcbwH\xd5-\x06+\xd5\xcb(5\x90\x13\xe75\xb0403434460\xb4\x88\x12\xe75\xb24426\x80r\a\x87#\x9b\x18\x95\x90\x03\x8f\x91\x95\x81\xb9\x89\x91\x9f\xc1\xa0\x89\x91\x8b\xa9\x89\x91\x91\xe1\xe5\x8f\xfe\xcf\xc9ko\xb5\xddX\xfe\xc0\xe9\xf7\xf9\x89\xf7\x96\xa9\xfd\x98\xb94\xb9`\xed\xecu\xa7\x8c\x1djs\xa7\xe5-\xe4sy\xf7Px\xee\x14\xa7\xa0Y{K[KtV\xf0\xc9N\xde&\xb1\xbdGg\xc5\xf9\xdf1\x85;o\xbd\xf9\xf7\xa2\xae\xff\x89\xbe\xec\xa6\x15\xa5\xed7\xb6/|j}~\xa6\x97ۅf\xc9\xda\x03\v\x85d\xa6\xe6z}\xb9q|\xa9\xaf\xb1^\xab\xa5Ci\x9dHM\x83Ќ\x80\xe3\x8e\xe9;\x164$\x86,\xcb\xf1\x93\u007f0\x97\x8f\xfd\xe5\xc9]\xc6\xcf\xff\x1d\b\xd5\xd0ajX.\xf9uޝ\xd0`\xe6\xe9\xd5\xec\x1e\xffg\xfe6\xefR9\x12y&@ \xb9o\xd5J\xa9\r-Rm?\xe3wo\f\xc8[r\x91\xeb\xcc\xd5\xc2:\xf9\xe5\xd25_\x83\xf3\x94\xe2Ok?\xbbR\x13\xbb\xeeڡc>OY\x19o\xbe\r\xffsP\xb9\xf2ϯ\x13*\xcdS?o\xcd\nd\xbcP~\xed\xa5\xd0\u009fRͿ\x9b\xa4wn\x98\xfe\xa5\x8c\xcd\xd8\xd9s\xc1\u007f\ueb7f\xb621320.nl0\xa8\x03ǎ\xac0#\xe3\u007f\x16V\x03fF\xc6\xff\x06| \x01~\x90\x00\v3\x13#\x9b\x81,\x88\xcf\xc7\"\xc6\"r\x9a\xff\xd8}'\xe73\xb6\xa7\xb7z(/\x94\xaaZ\xa6\xb5\xdb$\xc3@\x1e$\xad\xcc\"a ր]\x814H\x81 \x8b\x88\x81P#fD\xa1\xa6pfPܜ\xbc\xc8\x17\xa7w\xf5\xcc\xe6\x1a\xbb\xd3\u007fl\xff\xf3jL\x9d\xccrb\xff\xad\xb3\x95;\x9c'|X\xb2\xef\xfd\xa7\xf7\x8a3\xf6\\\xb9\x12\xcb\xf6\xed\x9d\xd3\x1b\x83\x9c\x05\xabV\x9e\xfa\xb8\xbe\xeb\x97=wq\x96\xdd+=\x87:\xf9u!\x89\x95\xaf\xf58̯+\u007f\ue67fOv\xe3\xc3%\xa5\xb7\x17<\n\x11ٸKFs\x89\xc47\xa1]\x8bDD\x1e\x1b\x9a\x9ep\xf8\xbf\xfd\x01kY\xf8A\x99\xc8O?\xf6?y\xab\x9a\x14\xd3\xf2\xa1\xaeN~\xf3\xbe\x9f\xdb\x15\x05\xcf03\x86\x15,\x17\x98$'m\xd2(\xb7v\x8e\xd4a\x16\x9b\xb7L\x89\xd7\xe4\xd8>\xc7[\xb5\u007f\xd2\xfe\xe8\xda\xfe\xd4v\xcd\xc5\xe3\xe1-{\xb3\xd7ݹ\xf1s\x9btR\x01\xb7\xad\xd9I\xa7OF\u05eb\x12\x9f]\xbam{\xfe\xc4ʓ\xb3\xef\u070ep\xb9\x9eo\xb1\xbe\xbe\xe2\xf2\xe2\xb5R\xa5\xbbd\x0e\x9a\xd5\xf4\xcb\xe5\xca\x1c.u[gʺ\xec[\x8c\xad⻰\x0f'\x9b\x94t\xabBV\x17\x1c\xaeUJm*\x98\x06\b\x00\x00\xff\xff\xdc\x16\x9bc\x0e\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\xa71\v0\t\x06\x03U\x04\x06\x13\x02HU1\x110\x0f\x06\x03U\x04\a\f\bBudapest1\x150\x13\x06\x03U\x04\n\f\fNetLock Kft.1705\x06\x03U\x04\v\f.Tanúsítványkiadók (Certification Services)1503\x06\x03U\x04\x03\f,NetLock Arany (Class Gold) Főtanúsítvány", "\xcc\xfag\x93\xf0\xb6\xb8Х\xc0\x1e\xf3S\xfd\x8cS߃ז", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x115hb\xfa\xbb\x80\x99\x89\x91\x89\x89\xcd\xd3Q\xe7\t\x83\x80\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x83\xc6\xe5\x86\xdc\x06\x9cl̡,l\xc2L\x1e\xa1\x86\x82\x06\xfc \x0e;\x0f\x87SiJbAjq\x89\xa1\xa8\x810H\x88\x8b\x87\xc7/\xb5\xc4'?9[\xc1;\xadD\xcf\xd0\xdc\xc0\x14$\xccͣ\x17\x92\x98wxW\xf1\xe1\xb5%e\x87\x17\xe6Ufg&\xa6\x1cޜ\xad\xa0\xe1\x9cZT\x92\x99\x96\x99\x9cX\x92\x99\x9f\xa7\x10\x9cZT\x96\x99\x9cZ\xacihj`\f\xd2\xc8̣\x033ϱ(1\xafRA\xc39'\xb1\xb8X\xc1=?'ES\xc1\xed\xe8\xc4\x12\x14c\r\xe4\xc4y\r,\f\x8d\f\r\rM\r,\x8c\f\xa3\xc4y\x8d,\f\x8d\f̠\xdc!\xe4\x93&F%\xe4h`de`nb\xe4g0hb\xe4bjbdd8\xa2\x12W\xbc\xcf;W\xe4\xf0\xc2/\x8f\xa7OȻd\xe0*g\xf3.\xfdf\xca\x03\xa9\xae\xfaS\x06\xa7\x9a\x1f+\x1c|\xfc\xc5\xea\xf2\x94x\xa9\x9a\xe8\xdc\xfd\x06\xfe-\xea\xdf\xe6\xcb{\xee96\x93k\xc2'\xfe\xaf\xf5\xce-\xe6Ɂ\xddUK\v\xfeTE\x9c\xed\x9b\xfd\xf6\xb0[NKA\xec\xadό\x13\x94\xff\xf8\x19\xac\xac{\xa8\x9e\xfc\xfcm\x8a͂\x1d'\x8d\x93\xff\x89M\xf8\xbfa\xc7\xdf\xeb+\x0e\x1c\x98\xe2̽\xedj\xe4\xb2ya\x17T\xe4\v*\xd7߶\f\xe1M-\xbd)\xea8\x85q}ܛo\xbd\x1f\xff\xafM\xf9\xa70\xebz\xcc\xeb\u007f\xcb\xe49R\x16w\x97\x85\xae\x95\xb3\xd6H\xd0kW}\xb1j\xbd\xfc\xb1\x147\x85\xed\x05\xf56\xf7\x1f\x8b\x18\x8bș_\xe9\x93?l\xdbqa\xe9\x01\xb9\xcf\xc1\u007f{\x82\xef7_\x9f\x86\x96ޙAỺ\xfe\x9d\x8c\xd8\xca96\x81\f\v\x0e\br\xb0.\x9f\xf9,\x9f\xb1#$1\xef\xe3N\x89\xb5^k\xff5:(O\xd1\xff]Z\xa3\xafᝤ\xd2\xd8\xc4\xfd5\xf1\xa3LގD\x8b\u05cd\xbf\x92\x16ZG%]\x9e\x92z\xe4\xe1\xb3ܦ\x1f\xfa\xaa\x05\x9b\x14\xd5\x0e\x16\x05\xca\xf7\xe8\x1cn\x99p8\xaa\u007f\xd7\xf9/\xcbS\x97\xbe\x9eq\xf17\xeb&\xb7RQ\xe5\xac\xfc\xd6d\x83\x86\x0fW\xe7\xc9k\xca\x1c\xca\xd9\x10\x10\x19;!\xdaz\x05\xaf\xc1\xf9\xfd\xb5\xf5\xe7>\xcem\xde{\xd2-Oa\xd9\xcf\xc4\xc0]\x8a\xfa\xd5\xfb\x96\x8a&/\xbc2\xb5\xfd㼝\x9f;?۶\xee\xd8q{\xdf֝\x9a?o\x99\xb32xNanqy\xbe\xdf\xd9\xf0|i\xb7\xea\xc5/\xcbR\xbeN\xfa\xb6\x9a\xf5\xb5\xed˥\xdcfI\xb7ΰśuo\x8b3ܡ\xf5;\xee[\xe1}\x17\xb5yG\x9e\xf1NܢW:\xb5!0\xcb\xdb`ن\xa4\x85\x93?ξq\xeeHr\xa9}\xa4\xfbF@\x00\x00\x00\xff\xff\xc8|gr\x19\x04\x00\x00")) - p.addCertFuncNotDup("0b1\v0\t\x06\x03U\x04\x06\x13\x02US1!0\x1f\x06\x03U\x04\n\x13\x18Network Solutions L.L.C.100.\x06\x03U\x04\x03\x13'Network Solutions Certificate Authority", "!0\xc9\xfb\x00\xd7N\x98ڇ\xaa*Ч.\xb1@1\xa7L", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb~f\xd0\xc4tn\x013\x13#\x13\x93@\xf8i\xe3\xfcC1b\xcf\xdc\xc5\xc4\x1fO0\xccx`\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1 ɐۀ\x93\x8d9\x94\x85M\x98)4\xd8P\xd1@\x1e\xc4\xe1\x12\x96\xf0K-)\xcf/\xcaV\b\xce\xcf)-\xc9\xcc\xcf+V\xf0\xd1\xf3\xd1s\xd6340\xd0\x03)a\x16V\xc7T\xe2\x9cZT\x92\x99\x96\x99\x9cX\x92\xaa\xe0XZ\x92\x91_\x94YRi '\xcek`fhd`h\x00\x06Q\xe2\xbcF\x96\x86FƆFƦ\x96\xa6\x96QtqC\x13\xa3\x12\xb2\xd7\x19Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x19\x9e쩛d\x90{\xecF\x9f6\xf7\x1e\xb7s\x0fԧݻ\xf7\xf3\x97\xd0e\x1b\xe3\xe2\xcd,\xfa{\n{\x9e\xceߦ\x94`\x17\x1f{\x8e\xf3\u007f\x13\x8f\xf4\xac\xc0\x00)\xb5λW\x13c%\xef\b\xf1\xebr-r\x8e\x15\xbf`2I\xe1U\xf1y\v\x1d65Ϊ\xa2\xef\xbf\x02\x8c~\x1c\x9a|9s\x91\xf29Ǎg\x9e\\\x957\xbb\xd8e\xf5\xa3'\xf9\x91Hd\xe6[\xde\xcb\xf5\xd9/v0?\xf5\xcfz:#9Ӄu\x9f\xde\u007f\xe3m/\xa7Gf\xfeH\x97\\79q\x9a\x8b\xe8\xe5\xa2\r\xf6{\xb2j\xdfx\xd4\xf7\x1e^\xbd\xaaP;8\xd31\xd8d놝Gٸ\x8elp\xfd\xea\x18\x9b\xd7\xe9Zmk\xad\xd6Sr\xe8饋\xb5\x9b\x04\xaf\xfc\x8e0R\x9a\xd5p\xf2\xce_\x9e\x97\xf5q\xcc\xd3\xcfY3\x88\xb4\xab\x17X\xac\xec\xcb۬^6#\xf0\x01\xebc\xc5\xd5RW[\x95l4\xb7\xce\x12;ڰ\xe2\xcb\xeel\x83~}7\xa6E\x1by\x94\x1e\\fbfd`\\\xdc8ݠq\x8a\x81,\x1bs\xa8,\x1f\x8b\x18\x8b\x88\xa2\xc1\xc9\xdf\f\xd7\xfdf\xdcj_\xa5ua\xb9\xdeF\a\xc3\xe5>\x06| i~F\xc6\xff,,\xccL\x8cl\x06\xfc \xbe0\x88\xcfj\xc0\xcc\xc8\xf8\xdf \b$ \xcf\xe2m\xe0i\xe0\xbe\xc0u\x81s\x9bcFII\x81\x95\xbe~rQ\x8e^^jIq~Nqq\x8e^r~\xae>4\xfaే\x14y\xf0\xb8\xd3K.\xcaAK\xb6̠(۽\xce\xfb\xf9\xf6\xf0\xd7\xf5\xabt\xb7\x17\xbb\xb7f\x1d|\xb2T\xf6\xc9s\x9b\x97_\"S˷VEG\xf5\xaa\x9a=\xa8\x9a\xaegq <\xa1y\x06[\xf3\xfc\x9deUy\x01\x0fvu\xe8\xfcq=#\xb1a\xe6\xd4@\xbe7\xb2;:\xfe\xb7\a\xc84\x1dz\xfc\xc0\xa8a\xff\x02n\xf7\x13\x87\r\xdf\xcfL7j\xf0\x17W\xac\xe4Ɍ\xb9\x17g\xb2\x8ei\xabګ\x80\xfb\xf5\x12\xa9:'?%?\\\xc9\xfe\xaf\xa6P>\xdbX%K\x8e\xf5;kƁ,\xa1\xd3zq\x89\xa7\xd7i\\\xae;\xb4%m\xa2Z\xbc\x8d\x9eJ\xfc\xe9\b\xfe\xd7\x1ao\xd6\vN\xfb|\xa7:\xff\xc0\xf2\x8eO\xc1\xe5\x9b\x13\xe2֭Ӹe\xaa\x93o\xe2zY\xed\xe1\xbd7\xd1\xfe\xea\xd9b5{]X$\x9a6wV\x8a\v\x14\xdaV-\x12\xf3\xfb\xcaxvINj\xc6Bϲ\x18\xe7\x937\xf6\x98\xa5\xe7,\x9d\xb2\xf5ʙ\x9d{\xb3L\xc3\x14\xef\xdd8\xfc\xfa\xf7\xe9%\t>\x1bB\x17,\xa8\x0e\xdf\x04\b\x00\x00\xff\xffSAZ\xda\xea\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\x8a1\v0\t\x06\x03U\x04\x06\x13\x02CH1\x100\x0e\x06\x03U\x04\n\x13\aWISeKey1\x1b0\x19\x06\x03U\x04\v\x13\x12Copyright (c) 20051\"0 \x06\x03U\x04\v\x13\x19OISTE Foundation Endorsed1(0&\x06\x03U\x04\x03\x13\x1fOISTE WISeKey Global Root GA CA", "\xb3\x03~\xae6\xbc\xb0y\xd1ܔ&\xb6\x11\xbe!\xb2i\x86\x94", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xfeh\xd0\xc4ts\x013\x13#\x13\x93\x80\xa3m\xd1\xf1/\xd9\xf2\x8dε\x1f/i\x84ܟe\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xa0\xb1ːۀ\x93\x8d9\x94\x85M\x98\xc9\xd9\xc3P\xc0\x80\x0f\xc4\xe1\x12f\x0f\xf7\fN\xf5N\xad4\x946\x90\x04\x89p\v\v9\xe7\x17T\x16e\xa6g\x94(h$k*\x18\x19\x18\x98\x1a*\x19(@$%\xfd=\x83C\\\x15\xdc\xf2K\xf3R\x12K2\xf3\xf3\x14\\\xf3R\xf2\x8b\x8aSS\f5\f\xd4@j\x98\x85\xe5!j\xa0\x06+\xb8\xe7\xe4'%\xe6(\x04\xe5\xe7\x97(\xb8;*8;\x1aȉ\xf3\x1a\x98\x1a\x1a\x19\x1a\x1a\x9a\x19\x18\x9b\x98D\x89\xf3\x1a\x9bC\xb9\x96\xa6\x86Q\x83˱M\x8cJȁ\xc9\xc8\xca\xc0\xdc\xc4\xc8\xcf`\xd0\xc4\xc8\xc5\xd4\xc4\xc8\xc8p\xda\u007f3\xc3l[\xb3\xbb?/zfe\vxʿ\xb9\xa1\xbd\xe9\xd8\x0f\xa3FM\xe7\xa9>\xb3$\x95\x15E]\xef=>!\x13\x18\x1a\xbdn\xf2\v\xf3\xff\xda\xd9/\xaf\xbcڧuwE\xa0\xf6\xf5\xb4É1\tL'\xbe\x9e+\xaa\xb6\xde\xf1\xc9/\x95c\xd6\xd9%Y\x92\a\x19w\x17/\xbb\xfe\xed\xf0ݳ{\x96to\x9d\x99\xb8\x83q\xd1\xe2+\xbeWXm'\xae\xfd\xb1\x85\xa30e}\xc1G\x99\xec\xbao\x87\xcb\xe7\xaa\x14W?\xe1\xe9yx\xd3\xec\xe1\xccn֙\xdco]\r9O\x1db\xb8\xfd\xbdh\xc1\xb4US\xdb/\xf4\x1dߖX\xcc[\x96\xd6sGzK\xf2\xa2\xf9\xf5\x93\x85\r>.T\xbf}\xf3\xbfNh\xc7\xc4\x05\x0f\xfc\xd97h\x84\xf5HHOw\xe9\xeb\xbc\xfb@<\xef\xb9\xd6\xfb~K.Ö\xa6\x1b\x0e\"\x9ezU\x8eO\x96\xff{\x9cr\xe6`d\xa1\xb7\x8e\xe2\xf2\xe8\xda\a\xb2\x17\xf5\x1ag\x1f\xbe\x91\xf1}\xef4\xe95\x05\x1b\xc5D\xb8o'\xecTcdebfd`\\\x1ch\xe0o\xc0\xcd\xc6\x1c*\xcb\xcf\xc2\xc2\xcc\xc4\xd8f\xc0\x0f\xe2\b32\xfega5`fd\xfco \v\x12\xe0c\x11c\x11\xd9\xcc\\\xb7\xcelφʋw\xa6\xa8m\x13ܧ\xb8)\xb3m\x8a\x81\x00\x1b\xa76\x1b#\vc\x93\xb9(#\xc8\x04\x06\xb4\x14\xcc\f\nk\xef\x85\xff\xb9\xdb\xf36\xff<\xe8\xbc\xd1\xe3\xb3\xc6\x01Y\xbd\x93\x9c\x8e\xbf\xa60\xc8,Y\xb2\xdaӿ\xdfV\xee\xbdo\xfe\xde=K\xbe}R38)pJ\xb6\xe3w\x89\xa4|\xab\xeb\xde\r9\x81?\xcd\xean\u007f\xf51\xb2r\xf4\x8fv?\xff\x82[w\xdb\x11ɹ%GݏYg\xf1\xaf\x11\xb9m\xf3\xa5x\xceJ\xd6\xfb\fwJ*~\xfd0M\x88d\x12\x96\xa8\xd9\xf3\xdbw\x83B\xae\xf3\xee\x04\x83\xaat㘣3/\xfeе\f*\xfeݳj\xbajL\xd1M\x0e\xb9\xd5~6\x8f\x1b\r\xe73/\xfb}\xe0\x9ffG譖\xab\x01\xcc\xdb\x1e\xb5,^f\xb6JЊ\xf1\xa1\x84\xf75\x97\x8cͶ?\x83KZ6\xbbMt\x9bư\xbdAg\xdb\xc3\xc7\x02\x8fn/z\xae\xd1\xcf8-I̎\xe1\xb1\xccR\xb3F\x89E>Ae\a\x04\x17\xe7=\x93\xdd\xf58j\x9fY\xf0Q\xbb\xd2\xfe\xb6L͈\xe0\xadsv\xe7Ϗ9*\xf1\xe6\xae\xfe\xc3\x19'\xff\xec\xbb\xcf\xc5\v\b\x00\x00\xff\xff[\x0f\x0eO\xf5\x03\x00\x00")) - p.addCertFuncNotDup("0m1\v0\t\x06\x03U\x04\x06\x13\x02CH1\x100\x0e\x06\x03U\x04\n\x13\aWISeKey1\"0 \x06\x03U\x04\v\x13\x19OISTE Foundation Endorsed1(0&\x06\x03U\x04\x03\x13\x1fOISTE WISeKey Global Root GB CA", "5\x0f\xc86c^\xe2\xa3\xec\xf9;f\x15\xceQR㑚=", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xdej\xd0\xc44w\x013\x13#\x13\x93@\xd9F\x85\xa0\x92\x0f\xad\xedn\x9b\u007f(K};t\xc0\x80\x97\x8dS\xabͣ\xed;/##7+\x83A\xae!\xb7\x01'\x1bs(\v\x9b0\x93\xb3\x87\xa1\x80\x01\x1f\x88\xc3%\xcc\x1e\xee\x19\x9c\xea\x9dZi\xa8d\xa0\x00\x12\xe1\x16\x96\xf4\xf7\f\x0eqUp\xcb/\xcdKI,\xc9\xcc\xcfSp\xcdK\xc9/*NM1\xd40P\x03\xa9a\x16\x96\x87\xa8\x81\xeaUp\xcf\xc9OJ\xccQ\b\xca\xcf/QpwRpv4\x90\x13\xe7541420445006\x8a\x12\xe75\xb6\x84p\r\r\x8c\r\xa3\xe8\xed\x9c&F%\xe4\x00ade`nb\xe4g0hb\xe4bjbdd\xb8!\xbe]\xc6KE\xeb\xda\xf4\x8d\xa7\x1e\xc9\xfd\xae\xb5x?\xe3\xeb&\xcb\x19~\xea;\x04c\xab/\xa9N\xe9h\x12U˒6ܽ\"ZQQ\xfb\x06\xbf\xdf\xfc\xa8\x8f\x1b\xa3\x9eT^3R\xd6~\x18|f\xa6kL\xb5\xff\xda=\xfb۽\xb8\xbd\xa7G\xad\xf8\xe6\U00066d9a\xf7\xac\"\xdb\xfdy\xa2\u007f\x1d\xbb<\xb6+|YX%\x1d~%6\xe0\xff\xae\xf4\x1b\xca3\xe5O\xd8?\xbe\xf7??\xba|cvގ\x93)\xdf\x1f\x9ert\xe3\xd3,\xbc\xb0S\xf9\xcf\xc9\xc6x\xbf\xef\xf9\xf7\xf7\xb7\xac-Nٽݩ/\xf3ە2ٺ\xb9\xcbw\x84w\x05\xa6\x17]\xbf\xb2b\xc7\xd4\x10\x87b\xe6o\xaf\xbe\xbc\xfe\xa7\xe1Tn?WYz\xd36\xdb\x06\x11v\x1f=\xff\xefW\xb9\xc4x\xf7\xa69\x9b\xd7);W\x1evh\xfb\xea\xa3y\xabo\xd6Zޥ,\xed\x1dr\xad\x8f_\x06_\x9d}\xa2\x9b9\xb9\xe2\xf5\x03I\xaf\xbc\xdd\xfa\xd9\xc6)\x11\x93\xd7f\xee\xef\x97~\xdf\xe4q\x9c\x89\x99\x91\x81qq\xa0\x81\xbf\x017\x1bs\xa8,?\v\v3\x13c\x9b\x01?\x88#\xcc\xc8\xf8\x9f\x85Հ\x99\x91\xf1\xbf\x81,H\x80\x8fE\x8cEĔ\xff\x84Yrܣ\xc5o~Z\xa7\x89\x9e\v\fz<\xfd+\xee\xc4\xdf\x1f\x02n\u058b*\x9c&\x8a\x97\x84r\xdd\vH\xf7M\xbb\xb8\xfc\xffߛ\a\xb6\xaeX\xdcu.\xed+\xbf\xf3\xd9\xe5\xda\xe1\xd5\xc9nY\xab\xf4\x82n|y\xfb0w\xad\xe6\x84\n\x8f]\x0f\x95W-\xee|\xb3u\xf5\xb4\x03[\xbc\x17\xc9N\x9fW\xf5)ϡ\xf0~\xc6\xc7T\xdfs5\xac\xf7\x83SW.\xfd\xb0q:K\x81\xa8\x1b\xf3\x8c+\x97\xf6\x87lY\x10Q\x1b\x94\u007f+L-\xe9ʍ\u06dd\x86\xf92\x1f\x94\x0e]N\x921=\xeb\x93)\x1a\"5aƽ\xd7r\xf1\xa7ʏ\x9f\xee\xb3uΜ3+₊\xf5}i\x87iu\xa6k\x1b\x8f\xfb\x15\xee\xea\x10\x06\x04\x00\x00\xff\xff\xb5\xd1$W\xb9\x03\x00\x00")) - p.addCertFuncNotDup("0H1\v0\t\x06\x03U\x04\x06\x13\x02BM1\x190\x17\x06\x03U\x04\n\x13\x10QuoVadis Limited1\x1e0\x1c\x06\x03U\x04\x03\x13\x15QuoVadis Root CA 1 G3", "\xa3\x97\xd6\xf3^\xa2\x10\xe1\xabE\x9f<\x17d<\xee\x01p\x9c\xcc", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbM0hb\xf6X\xc0\xcc\xc4\xc8\xc4$R\x11\x11\xaf\xb7VG\xd2\xfb\xb19\xbb\xa9\x89\xb0\xc6\xd6iWR'\x1b\xf0\xb2qj\xb5y\xb4}\xe7ed\xe4fe0\xf00\xe46\xe0dc\x0eea\x13fr\xf25\x944\x10\aq\xb8\x84\x05\x02K\xf3\xc3\x12S2\x8b\x15|2s3KRS\f\xe5\fd@R\xcc¢p\xa9\xa0\xfc\xfc\x12\x05gG\x05C\x05wc\x039q^C#\x03CC#Cs#s\x13\x93(q^\x13d.\x15mjbRB\xf6\x06#+\x03s\x13\x13?\x83A\x13\x13\x17S\x13\x13#Â}\x01\x02}/?\xe58la\x99Ӻ\xd3\xf0\xd4\x1d\xdd'\x82+Yl\xa4C\x0f>\x8f0\x90U\xd9r\xf8}\xeb\xbd\x1e\x9d\x87\am\xef7=\xf3_\xebޞ\xf3&\xda\xf3\xa0\xd7\xd5\xdd\xfdo\xda\xd7\xd47\xcdj{c\xcb<3\x88\xf1\x92\xe9\xbc5\xb7>\x04\x9fL\xb3\xb9\xb2\x86\x89\xf1\x96\xcae\xeb\x15Ln\xeb\x97\xc8<\xfeQ\x1cQ\xb6\xfd\x1b\xdf\x04ޭ\x1fΟ\xf9\xf5\xf3\x98\xcf\xd3\xc3m\x06\\\xbd\xe2u\xa6\xaf\x8f\xde\xdf\xcd7\xe7@o\xfb\xe3\x0e\x8b\xd6\xf4_v\xc7W?\x10\x9e\xc3*1\xe3\xfc\xe4\xaf\x1b'm\xf9\xa3|\xf9\xfc\xd5#\xea\x9e\x0f\xe6\xd9\xcc\xe6X\xdc\x1d\xab\xa5\xf8\xe0\x8f\xe5\xaa\xe0[\xb5u\xe7\xa58\x83\xf7IJ\xb2\x9c_\xe8\xd5\xdf]\xd6Ļ\xf0ǥ\xe3\"\xe5\xd1\x13\xcc\xd8\x1bg۱\xfd\n\x8aK>\xba\x8c\xe1\xdfҗA\xd2A['Y\x161s&\xedݐ \x96\xb7\xec\xae\xea!活\x9fY.:<\xf2\xebn\xfb\x92\xff\xb4y\x81zK\x1c\xcb\xc1\xaf\x13\xf6\x1a\xd8\x1ey\xbf\"s\x8f\xc5\xec%K\xa6]L\xba\x95y\x80qں\xd3G\x02M^\xf1\xac\xfa\xaf\xd8\x17\xd9\xef\x15\xf3$q\xd6\xf2K/\xb5*z\x03m\xadD\xdf-\x8a\xec[\x19s\xef\xe8\xcf\tJO;\\\v\xefN\x9c\x99S5\xdf\xd6vFMܷ}b\x19\v\xe2\xd6q+\xff\x89\xe2_\xa5T\xa6{r\xa1\x80\xec\x93\xcb.\xca\x13:\xe6\x1f\xd3zv\xfd\xeb\xac\xcd\x11r\xfa\x06\x9d\x1c\xd2!\x8b\xb6\xceP~\xc3Q.356\xf1\xe2\xe9\xce9\xf1\x8b\xbc&\xcez\xaf\xb8\xcaS\x8cc\xc5\xdeD\rÓ%k[\xbf\xdd<\xba\xb1\xfb\xe2S\x01#\xdf\xf8n\x05+\x1bOy\xe3\xd6H\xdeۧ9K\x9d3\x8b\u007fg\x17\xd6~\xb8\u007fħ\xf6\xd8b\xbd\x13S+O\x17/\xea\xf3\xf3U\xf9\x1d\xf7\x84e_\x91\xf42u]Ϩ\x99U\xd7c8\x15\xb6\xd7O\xd9\xe9\xff\x91W&\xae\xc3IZp\xfb\xf3\x89\xb7\xe7\xe5|ɺ\xdf\xc36\x83y\xed\x19\x8d\xf7K\xdd?\a31320.v2p0\xe0gc\x0e\x95\x15fd\xfc\xcf\xc2j\xc0\xcc\xc8\xf8߀\x0f$\xc0\x0f\x12`afbd3\x90\x05\xf1\xf9X\xc4XD\x16O\xbf\xf69n\x91\xc0\xc3ծ\xf3m\xc4Sl\xde1\x16\xcc9\x83\x96Y\x98A\x89K\xe2Wt\xe9\x1f\xbb\xaa\xe3\xf1\xe5\xc7O\xdd?\x1f\u007fX\xe8\x88C\xec\x15\xa3U;\xb2\xae_\x15\x15u\x9b\xa1\xbc\xf4لh\x89\x99>\x8f\xd7:-n24\xeb8\xfb\xf2\xf7\x11\x96i\x1e\u074c\xc7{\x19\xcfG\x1b\xb3MsK+\x91\xf5\u007f{p\xdb\xce-\xbc\x89g\x92\xeb\xae\xeb\x95\xf7L\x93\xd1R\xce\xc8n\r/+0\x16\xfe\xf7\xd0\u007f\x99r\xb9\xc4/\xa9\x9e\x17{SO\x9e\xb7\xffrR\xfc\xce\xeb\xe3{\x0e\xb0\xe8\xe9\xba\xe9g\xa6\x1d\x96\xee\xff\xf7\xc6\xee\xf2\xa9)\xfb˸TyWV3ɬ\xbc`\x1d\xcf}\xa0\xd1\xca6\xe5\xe1\xfe\xe5\xba~{}\x8f\xdc\xd0<\xa6$q\xe1\xe8\x9a\"\xa6&\xfbUV\x8b\xac\x94\xa6\x1b\xde\xe5H>\\*\xb23AC7:\xe3\x81\xd8ʴ&\xe5\xc0\xaf\xaf\x83o\x18ή~\xb9}\xae\xf7\xeb\x0e\xb1\xf3?c-\xba<\r\xfa\xdf~|-\xf9\xa5\\\xcaP\xc27=$G??\xf5\xe7m\xdb7\x8ao\xe2\xbe|\xe9>\x95\x90\x1ar\xb10\xe5\xcb\xcfe\x8b\x1b\x8d͌\v?,\xa9\x88\xf7[۬x\xcfij\xf7E䚹\x9fʢ\xcc>\t\u007fY\xff\x80\xf3x\xa2V\xce\xf7\as\xd7\xedn\xf3\xd2\xc8\xd7{\xb7\xa5\xf2\xec\x04\xe3Û\xcb~}\xfd\x903\x97q¯y\x13\xbe\xcd):\xef~\xeb\xb0\xfc\x13S\x85\xe0O!\x17\xef'6/cz\xa4jq\xaf\xd5H7\xaexBP\xacӑs\xb6\xde\x0f\u007fJ\xb6\xc8^]\x14p\xc6\xf1\xb7\xa3\xc8\xe1\xbd\xd7NF-NNcj\xd8\xcbje\xed>\xe7\r\x83\x9a\xcf\u05ce\xc0\xfd+\x94\xeb%\xd87p\xbf\xedV[\x98r9\xd1\xebu\xcc\xfc{\x9bק3o\x96\xbf\x9b\x1b\x9b\x99\x91\xb9:\xce\xeaMM\xe6\x9e\xe3֭~\xf3Dwn\x11\xf5?<\xb5*\xe2\xfaɜ\x979;?k&\xc7m\xd1\xf9\xa0k\xfb6*\xf5\xc1\xcah\x87C\x1e3\x1bs\xe7ɳi\xd9\bm\xe9柽H\xe5ò\xdekU\x0f\xbc\xb7\xa5LK\x9e\xdar\xc8묌\x9eJ\xbbq\xc2\xd3À\x00\x00\x00\xff\xffV\xcex\xbbd\x05\x00\x00")) - p.addCertFuncNotDup("0H1\v0\t\x06\x03U\x04\x06\x13\x02BM1\x190\x17\x06\x03U\x04\n\x13\x10QuoVadis Limited1\x1e0\x1c\x06\x03U\x04\x03\x13\x15QuoVadis Root CA 2 G3", "\xed\xe7ovZ\xbf`\xecI[ƥw\xbbr\x16q\x9b\xc4=", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbM0hb\xf6X\xc0\xcc\xc4\xc8\xc4$\xe2\x12n\xa2\x12\xdd\xd89\xdb\xf4ӹ\x1d\xda\xd6\xd1\xcb\xd5>\x94j\x18\xf0\xb2qj\xb5y\xb4}\xe7ed\xe4fe0\xf00\xe46\xe0dc\x0eea\x13fr\xf25\x944\x10\aq\xb8\x84\x05\x02K\xf3\xc3\x12S2\x8b\x15|2s3KRS\f\xe5\fd@R\xcc¢p\xa9\xa0\xfc\xfc\x12\x05gG\x05#\x05wc\x039q^C#\x03CC#C\vSKc\xa3(q^\x13d.\x15mjbRB\xf6\x06#+\x03s\x13\x13?\x83A\x13\x13\x17S\x13\x13#\xc3\xc2u\xaa\x9b\x18%\xee\x84wػ\xbd\xfe\xb9\xfe\xd1k\xe5\xc2G\xb3.&\xa6)ƯZ\xaf\x1e\xf84OZ\xec\x8anm\xc0\x86\xe0\xf2\xbd\x15V\t\x8fR\x98f״;&շ\xf6\xbf\xbch\xfdթrB\xa7\x9f\x89\xb4\xb0\x1c\xbco\xb6Yl~\xd7㓷g\x98\x9c\xbba,\xae\xe1\xf6g\xf9\xc9\x0f\x97\xb6\\\xf5\xe5,\xf2\xfc\xf9\xa9\xfd\xf1\xca[\xb5\vk\xb37Y\xa9\xae\xcc\rrY\xf3c_\xde\xef;ˊ'NH\\\xc6,\xa2\xf0\xe9y\xfb⎵k\x17\xf4\xfc_ƭ\x1a\xa4\xfa\\\x8c\xf1\xea\xe9\x1d\xa6\x8d<\x8b\xad?<|\xf8'*\xf6\\Ca\xee\x0f\xcf\xd5vֻv\\o`\xfc\xbd\xf4u\xf4\xe6\xa3q\tZ\x86\v֛\xbfP\xb0\x9a\xbf\xc2H\x87\xe7\f\xa7\xec\xe5y}\xb1{|f\xbc;*\x95Q\xfd&x\xd9K\x11\xd3\xc5\xf7\xcf6\xcc\xe7\xf1\xf8-\xf3\xe5\xe3~\xaf\x1d\xbf\xae\xf6\x14z\x1d\x97_\xfb\xcfq\xd6\xe6\xe6\xd8O-a\uf5c6;\x9f\xd3\\۳:t\xff\x91\xdfьw\x95\x15\x17F0\xf4\x1d\xbe\x90%\xfcV\xf8\xb1\x90vÝ\xf4gS7\x9d\x95S\xca\xd3\xfa\xe1x\xe5\xd3)\x11\xf6ޮP\xa1c\x99_w\xb4e\xe8\a\xc7m\xb8\xb4J\xf1\xe0\x8cg\x06\x8f\xd3C\x8f\xcf\xce[#\xb9\"t\x99+\xdb\x05e\xabۯSc\xb5\x04\x05?X\xfb\x9f\xca\xfdbr\xa4\xf0\xc9\u007f\x86\xa8o1\xeb\x94\x13Z\x8b?>\x11ب\xba\xee\xea\xa4\xdd\xc2\ay\x1eX\xde\xdab\x19\xbeu\xb5\xe9\xaa\"E\xebf\xd3\xe7\x86\xf7\xab\x14\xf3v\x18q\xd4\xca\x1aM\x14\xf5J*:\xff\xb8|ឫ\x82\xd2e\x8c\xe9\x1c\x0f\x1c\xb9\x0f\xbf\x16\xcd\xfb\xb1D\xf2\xe6\xa2\xd5\xeb\x1f\xa9\a\x85i3u鈨\xfc\xdc\xefĴ_\xedı\xfe\ay\x16\xb5\xc1\xbaO\xdf\xce\xd8<59\xa3\xfe\xa7\xe9\x97\xfb\x1dG\x13L'\x1d\xa8ɔI\x9c*v\xe1\xf5=\xee\xf5v,\x02\xae\xa9\x11\x01\x16\xeb=>En\x13\xfbd\xc3;\x81\xe9X\x81\x1e\xe3Z\x1b\xd1\xebĽ\f\x8c\x8b\x9d\f\x1c\f\xf8٘Ce\x85\x19\x19\xff\xb3\xb0\x1a032\xfe7\xe0\x03\t\xf0\x83\x04X\x98\x99\x18\xd9\fdA|>\x161\x16\x91\xb7\xcf\xf3ˢ\xf6'\xbc\xf1\x8c>\xb6\xb4|w\x91X\xe1\xec#\xb6h\x99\x85\x19\x94\xb8&\xdeo\xb0w\xe6\xac+<\xf4\xfd\xf5\xe6\x8e\xfe\x87\x81\x9b\xf6ؖ\xfeԈ=\xb1g\xe6\xec\xea\xd8UOO=\xe4\xfa\xfeb\xd3\xe5\xf9w\xd3\r\xebv1\xae:\x9e\xe5h=\xe1\nG̦\x84\xac\t\x1fN\x9ccN\xfa\xd9\xfd\xf6w\x9e\xd6\x1d6_\x1bM\xfeN\xb1\xae\b\x1f\x0f\xfe\x17-\x89\xafl\x8a\x96\x95?qZױ\xd89\xa2\xb2nݩ\xa5\xc1\xbc+m\v\xf6*H&.ɱ\xf8\xe3l\xf4\xf0\xa0\xfb\xff\x1fo>\n*\x19M\x9bs\xe8[t\xe6\xb4j\x05\x1eg\xc7Y\xd1\xdf\"%;\xee\x85v\x98\arW\xc4p\xc9-v\xfa{|n\a\xff\x81O\x15L*!\x93\xd7w\xb6w\x9c\xf4j\x90}u!\xcf.Q\xcfl\xb7)\x9f\xfa\xb4\xbfi&։E\xc5\x1f\xc5b\xdc\xd9B<\x19\xaa\"\x846p\xbdo\xfd\xbbq\x87qi\xd6d\x19\xa1g\tq\xf9\xb2\xf5'\xe5\x95O\xb7$Ηkr\xf9\x19\xbf6)TeVЌ\xb7\x81\xcf\x17\xd6M\xb7z\xa6//x+\xb8A\xa7u\xdejS\x81\xdbJ\xf1YG\xe3\xa6\a\u007f2b\xe24X\x1c\xf1\x81\x97\xf1jѱ\x8d5\x99Շ\xbf\x9a\xb9\x9eI̋\xf3\x99r4n\xdd\v\xbe\xb8\xee\xfd\xdf\xcf>x\xbb\x90O\xda\xf8]\x88\xc4?\xfe}\xef\xebZ\xb2\x9d\x1f\x17̸\x1d[\xba\x897\x92\xbdUT\xd9\xf2\xda\xc7\xfb+\xd5\xf8\xafy\x1c\u07fcL髱y\xd4T\xf7\xf9ջ$D\xf3\xff_\x13Ii\xf6\xbcĕ\xaex\x9b\xdf49AC\xe9\xf1Ʃ\xcdg[\x97\xdd\xd5\xe7\u007f\x9e\x1e\x94\xb7[\xbf\xb5\xe6\xabW\xf1\xf3\xa3v\a\xf6*\n\xb1\xda\xff\xd9\xce\xec\xc9\x14}B\xf5٣\x10\x8b\xaf\x95\xed=\xb2\xc1\x9b\xfcZ\xab\xd9,\x8e\xeb\xfc\xf8\xb1\xa1\xa8W\xf5iy\xd0\x17f\x19\x8fe\x01\xf1\x1d\n\x06y\x9f\x9a\x9cW\xdbNoy\x1e\xfc[\xf1\xa0?\xbfҬ\xb6\x1d\x91Z\xdf\xdcm%;t_\xb4>\x9c\xf7\xa6\x95#kc\x8e\xc9I\xd97\x1e\xda\xd6\x15oӎ\xf4Uf6߫\xef\x01\x04\x00\x00\xff\xff\xd8>1\xf2d\x05\x00\x00")) - p.addCertFuncNotDup("0E1\v0\t\x06\x03U\x04\x06\x13\x02BM1\x190\x17\x06\x03U\x04\n\x13\x10QuoVadis Limited1\x1b0\x19\x06\x03U\x04\x03\x13\x12QuoVadis Root CA 2", "\x1a\x84b\xbcHL3%\x04\xd4\xee\xd0\xf6\x03\xc4\x19Fєk", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xddn\xd0\xc4<\u007f\x013\x13#\x13\x13\x13+\xa7\x01/\x1b\xa7V\x9bG\xdbw^FFVV\x06\x03WCn\x03N6\xe6P\x166a&'_CI\x03q\x10\x87KX \xb04?,1%\xb3X\xc1'37\xb3$5\xc5P\xda@\x12$\xc5,,\x04\x97\n\xca\xcf/QpvT02\x90\x13\xe75034421\xb40270\x88\x12\xe756\x84r\x8d\x8d\x8d\xa3\xa8eM\x13\x93\x12\xb2\a\x18Y\x19\x98\x9b\x98\xf8\x19\f\x9a\x98\xb8\x98\x9a\x98\x18\x19fI\x9c\xf2\x9e\xc2ˠ\xbb\x9eY\xb3\xeb\x03\u007f\xe3\x89u>\x92\xad\xb2\x1c\xf3Wk\xba\xb4~\xd6o\\k$7\xc1m\xff\xe265)\xb9\u007fu2\x12V1s\x12ĵ\xacJ\x9a\x8d\rj\x13C\x04O\xbf]\xfd\xe0٥Eu_\xb3\xf3%\xb6sq\xeb\xfe}i\xf7\x9e\xeb\xd8f\x81\x97w\x0e\xb9\x89\xff\x88\xfd\xbb\xe4\xd6\xffy\x9eQs\x9e\x19?S\x99\xf6\xdd~W\xb4\xb6L\x95\xe9\xa1k\xe9\xffV\xa7\x05t\xe7j$h\xbf\xbf\x9ep\xf8\xf8\xe4=\xbdf\x13?\xd7\xff\xb8-(|dNy\xd9\xc1uۙ\xb2\x1a\xabV\xba6?b}\xb63\xec\xe0\x14\xf3~\x8f\xc2d\xa57\xe2\xa9\xecS\xbb\xbc\xef\xf7\x1f\x8b\xe2z\xba\xe1q|\\\xb6\xe0j\x9e\x9f\xad\xaf]^\xfe`)\xfe\xf4\xf2_̌\x9e\xaf\xc5볷ԝ\xbd\x12ä\xedc\xf9p\xd3ԩ\xbaN\xedׯn\x9e\xe0\xbc=G\xf8㽻ߎ\xfc贿X\xfau\xd2\xe1\x89W\xbb:.Lxs'\xf7^\xe7\xa1\xd4\xc2iݼ\xcc\u007f\xe7\xec\x8f\x16[3\xe9\xf6\xab\u007f\x955k_\xaf\xff.v\xfa\xf6YU\xed\xa7\xf2\xbfg\xcd\u007f\x14x\xc6*\x98\xc7\xe3\x19\xdfޓ[\xca\u0602\x9e\t\n\xb7\x16%3\xb3<`1\xd3V\x90dzQ\xb2\\~\xdbɰ\xb4\x0f\xa5\xaaw\xd2\x0f\xf2%&tl\xb6\xbb\xb8\xe2\xcf\xe2[\xb2\x1b.nT\x0e\xb9\xefR\x96\xfb\xd6\xf1\xc6\xc1MJۂe\xee\x9b\xca\xdeYX\xaee\xf8D\xf7\xebӧ\xb7O<\xf8\xff\xb4\xe1:w\xf2\x82\xff\xc6\v\xf9w鈊\xbe\x9a\xbe\xf9Ң\xad\xfb>\xf5L\x93\x93\xea\x97\xcdY\x92h\xbe\xb3\xad\xd8\xf8\xfa\xf4i\xf3\x94k\x9b\x96\xf84>ZxqWz\xfcT\xf6\xc5\xea\x82\xef\xc4\x04\xaa\xf7\xb8z\xf9lb\xb9\xb4\xfa\xfdտ<\x81\xe7\x02\xb28\f\u007fN\xbc\xc5ӟ\x12\xc3|ت[\xc1>\xaf7\xdd\xd6\xeaڿ\xda莓q\xbf\xcf$\xde\xe96.\xbf\xecbdʙ\xc42IL\xe0\xc6\xab\xd9r\x92\x97\xbb(\xf8G\x19;\xbb\xa3\xfb4\x9e\xdf\x0f\x9a\xd4&\x87\xf6\xfcS\x92OH\xad\x89\u007f\xae\xb6\xf9\xbbф\x19\x01W\xcc\vC\xbfMR\xac\xf8>\xb5\xf2\xd7\x0f]\xb5\xf6\xb40\x83\xf2e\xe6\x15\xc6A\x02\x11\xeb\xec\x13\xfb>em|/Q\xe7\x15\x99|\xaawQ\xd8\xd5\xe5\xfa{\xc2\xe4\xcf[\x1e|\xf4\x9bk\x85\xa8N\xadoU\xf2\xb1\x9c\xe9.6\x97\xf2\x0f{\x89s\xfd\x98p)|\x91d\xe0R\xdd鎷\xd8\xfdW\x06ܚ\xd0;\xc5\xed\xa1݇)\u007f\x05\x18,\xbeZ\xbfpx\xb8%/LJ\xe1L~D\xef[=\xd7\xfek/'\xdb?ߨs\xdf\xea\x9aRϝ\x96\xddJ\xf9\x17~<9f\xf9\x92\xa5\xc3\xe6\xf0\xaeסU\xb9\r3U\xbe\xe60\xfe\xfe1}Ô\xe8\xd7\u007f/\xe5\u007f,\xcf\xe05MQ^\xb3#t!\xf3E_'\xc9;?J#\xc3\x16\xff\\\xe1Y\xf9c=\xdfN\xc1\x055۳ޚ\\ئ\x96d!\xd5\xce\xf3\xe3\xc5_\xbd\xcb\x13\xea\xd9'j\xc9^\xab\x8bim\x9e\xb9\xc1\x82\xc3\xfee\xdcOS\xf6''\x93\xf2\xc2\xeb\x97\aL\xfd\xbe\xeb\xc4\xecg}\x8b\x18\x8f^K\xdb_\x99\xf8\xd9F\xe6\xe1Φ\x98\xd8\x05\x87_\xde\xf0\xd8+\xb9HPD2oS\x9bt\x86\x9d\x87\xb9T\xc7\xf6\xd8iqs\x8e\xbfWO\xe2x4Q2\xe6\xd2GŻ\xbbĝ\x9a\xa6\x176\x06\x1b\xae\x9c\xff\xad6i\u007f\xd1\xc3œe\xcft\xa9EqZ\\8w\x9d\xb7AlK\xc5R\xabv\x9fޮ\xa5Wݦ\u007f\xd2\x11ع'D\xe9\x00c@\xa6\xf3\xbc/\x9b\xde\xe7\xfexs\xeb\xe3\xe3\x8d\xef\xefO\xec\x0f\xd1\xe2V=\xa8&y$H\x805\xf5j\x93\xc0\xabC\x86g\xf5\x00\x01\x00\x00\xff\xff\xb2\xae\xf0N\xbb\x05\x00\x00")) - p.addCertFuncNotDup("0H1\v0\t\x06\x03U\x04\x06\x13\x02BM1\x190\x17\x06\x03U\x04\n\x13\x10QuoVadis Limited1\x1e0\x1c\x06\x03U\x04\x03\x13\x15QuoVadis Root CA 3 G3", "\xc6\x17м\xa8\xea\x02C\xf2\x1b\x06\x99]+\x90 \xb9ל\xe4", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbM0hb\xf6X\xc0\xcc\xc4\xc8\xc4$\xa2\xf7u6\x93\xc6\xf2\xdbU\xff\xaf.^\xf9n/\xf3\x82\xf3BY\xb2\x06\xbcl\x9cZm\x1em\xdfy\x19\x19\xb9Y\x19\f<\f\xb9\r8٘CY\u0604\x99\x9c|\r%\r\xc4A\x1c.a\x81\xc0\xd2\xfc\xb0Ĕ\xccb\x05\x9f\xcc\xdc̒\xd4\x14C9\x03\x19\x90\x14\xb3\xb0(\\*(?\xbfD\xc1\xd9Q\xc1X\xc1\xdd\xd8@N\x9c\xd7\xd0\xc8\xc0\xd0\xd0\xc8\xc8\xc0\xc8\xcc\xd8(J\x9c\xd7\x04\x99KE\x9b\x9a\x98\x94\x90\xbd\xc1\xc8\xca\xc0\xdc\xc4\xc4\xcf`\xd0\xc4\xc4\xc5\xd4\xc4\xc4Ȱ\xf94\x9f@z\xdf+\x91\xe9ˍ\xb4\xb8\xc2\xcc\xea3|\x8eoηR\x16\x99\xf8_\xb2~\xe9\xa95\xef6\x97ͭz\xd9-\xbd:\xdb\xf0\xf6/\xee`\x9f\xf5G\x97JU\xdat\xf9\xfc_s_\xf5\x9e\xdf\xcd&#n\x97{\xa7n\xf7\xacY\x9c'\xd6l\xbd,\xc5ۨ\U000f7618E\xddk\xe7G\x97K\xbc\x0e%q\x15s\xdd\xf5\xdc\x1c~i\x03W\xeb\xdcB\x9b{\x8bO\x1f0\xfa\xcch\xa9\xe0,mz1x\xf3\xc6wG'g6ىm\xd5p[x\xefU'\xe7[\xe7\x1d\xacn]m_#\xdd\xf7I\xe73*\n\xec\xfc\xbb\xf2\x92\xc6)\x01K\xceS\xc2f\xe7\xe7\xac]\xebPR\xa9\xcddo\xf2\xff\x97Bf\xed\xe5w\x89_wm~np\xc1\\\xb9\xad(\xd1U\xd3#2#\xbf|\x99^\xe3>v\xdf\xfc\xf5玸\nO\x14)`뗟\xff\xa3=s#\xdf\xfbÝ\x92\xaf_\xc9$\xfe\xa9\xca\xe9\xbas\x8d\x99{\x9e\xda.\xa1\xbbWB,W\xab-6~U\xdaxK\xf7,\xbf\xff\x13\xe6\x8b\xefE\xa7KgO8\xca4ar\x1a\x93\xe2F\xf7{ݳ\xbc\x1av\x86\xf6o]\xa4\u007f\xe0\x9aq\xfa\xad\xba#˷\xb0\xb8\xbcv\xff\xfd,b\xe7w\x9e\x0f\xd5\xda\x1b\x0f\x14h\x1evHҵ\xf6ȼ\xa3l\xe3\U0007a6b3re\xee\xad\x15\x063\xce7\x141w,\x8bv[WTY\xc3\xc1\xac\x98\xban\xfbC\x99\xa5\x1b\xb5\x16\x19\xdeKc\xf9~\xa0\xe4E\xe1\xbd\xff\xb6\x91g\xa6\xa9\tu\xb7N\r\x97Z\x9d]\xca\xedb+\xa8aS\x9d\xb8\xfdQ\u007f\xba\xff\xd376>\t\r\x99\xe1\x16r\x8cѽ\xa1/\x8e\xdf?p\xa6\\\xd9ij\xb4\xe6\xdb\f\xc1\u05fa\xf7\xde:ꉰ2\xd5?\xf8\xa7\xf0\xda\xf4\xb9\xe0\x1a\xa5s\xe1\xb6\xf7N\x1a\xe4\n0\xb7\x9e\xfd\xf8\xbfGl\xeb\xc1Mv\x1d9\t\xf5\x13\xfc\xa7~\xff\xa6\xbb\x96ђ\x9d\xe5WiC\xed~π\xb7\xefO\x1e\xa9\x91y\xddPw{ۅ\xbb\xc2\xffN^\x9es}\xd3\xf4\x95Ľ\f\x8c\x8b\x9d\f\x1c\f\xf8٘Ce\x85\x19\x19\xff\xb3\xb0\x1a032\xfe7\xe0\x03\t\xf0\x83\x04X\x98\x99\x18\xd9\fdA|>\x161\x16\x91c\xe2\x17\xf6\xacx\xc5\xe4\xfcI\x9amf\xac\xf6\x04\x85\x9d\xd7\xe7\xfb\xee/g2\x965\\۸\xcb\x02\xd0", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff\xacT{4[i\x02Ͻy̐\xa4\xda\xc6\xc6bu\xaeh\xab\xa2\x95\x1bQښ\x962\xdd>\xbcJ\x1bE\xbd\"Bn\x91\xa8\\RLw%T\x95\xb6\x86萭7E\xabLQ\xe5x\x9bb<\xda2\x9c\x161\xac\x98\x16#\x15[Vk\x17\xb5'g\xf7̙=3\u007fΟ\xbf\xc7w~\xdf\xef\x9c\xef\xf7\xc1RB\x1e,\xc5]+Ă\x00\b\x82\xf8\x1e\x98LТ'\x9fJ\xfe@\x06\x00<\x1e\x03\x9f`\x12a-\x02\x96\x8d#P@\a\x17\xa6>\xac\xa7\x01ڔ\xed\xee\xd1BON0\"\x82\x9c\x91\b\x04\xe5\x053\ra}\x8d\x84\xa5\xec\xfcY\xf2\x10\nQ\xc8\xf18Ăw\xe9\x91ak&\xd3Ҋy\x98ɴd\xf9\xe8\x91Y\xcc\xffB\xd8\xda\xca\xca\xe7\xf7\x8a\x91\x82\xb4_\x16\x00\xf0\x18\xac\x14\xd4\xc1\xc0RP\x1b\x94\x82\x00\xe6\xd9\x05\a\xea\xf9\xdcٜ\x91\x11\x17\xf5\xc7\xc5\xef\n\x1c\x0f\x9f\xe1\xd5\xcdSS\xac&\xc8\xde\x19\xe8`f#ξ\ntbV\xb6\xdc\xca\xe0\x8fA\xdb\f\x80\x19\x83xW=\xbf\x99\xd4\x06;\xb9\xc1s\x15\xa7\xf2[^\xd9g\r\r\xad\r\xe9\x1b\x9b\x91\xe9\xc4\xc2\xd06\xa0\xd8{\xf0\xf2\xac\x8eY\xccV\x8dg\xec\t\xf3\xcf\xf2\xe3\xceϗ\x98\x1d\xe4\x97\x02n:\xa5\x166K\x86\xed?\xa6o\xaf\x88\xaa\xf4\xba0w>\xb9\xb7o\xe5\xa2b\xbf\xc2\xef\xb6\xe0\xf3\x92c\x8au\xe9\x9b\xc9e\xdfZ\x06\xd8\xcf\xd0z\x1f?\x0ev{\xd5t\xf5Ա\n\x844ڜ|\xb9O\xd4hg\x9b\xb7\xc7I\xb1e\xaf\x02\xb1\x00\x06(\x91\x02w`)\x90\x01\xeb\x10\xb0l#\n\x00l\xe1\xf00\x16\x00\xb6`\x89R\xc3@8\xc98,y\x05KF\bZ\xe6\x04\x00\a\xb4ya\xb0\xb0\xa4\x1b\x96\xc8\b\x9f\x9a\x13\x00<\xfe\x13\x10\x84%\xc9\x06\x92\xc4\xe3\x82X(Ză\x84!\x10\xcaGD\x90#/\nEB\x10.\a\xe5A\\\xa1@\x84\"h4\xca\x13A\x1c.\x97\x17\x89r\x04\xdc\xffYyЯ\x1f\xef\xff\x1d>+\fG\xb8\xb1\x10\xe3\x17$\"\x14@g\xa38\\\x14\xe1\xf2\xa0s(\a\xe5E\xf0\x04\xa8\x05|\xe0\xe7K\x01Tc>\x8aF\x1ea0\xc4b\xb1\xc5\xe5ha\x8c&!4\\\x18\xc4\t\xb7\xe0\n#\x18\xdcH\x11L\xd4T\xd4\xc1\xe1\xb0 @\x80\x8d4`\x1b\x8e\x8a\xd3]\xee\xa0LK\x1d\x8f\xad\xab\x19\xa1\x96_\x1f\xf4\x9dh\x1c\x00\x87`\x81F6\xc1\x85¼\x84\xdf4\x14\x9d.=\xf9;MW\xfa\xeb\xbf\a\xabY\xac[U\xe1~\xe7\u007fw,\v?\x84\xb0+M\xac\xd4sf\x8a\xa7\x17\x9f\xb3\xdb\xe3\x03\xba\xd9\xe4:[a\x04\nj\xc8\t_tV\x8f\x98\xd8\x044_\xfb\xd2<\xd3b\xfe/\xf7\xd2&\xe5\xcavS\xe1\x01\xbf\a\xf1\xd7?jO:m\xdc^\xdd\xfbZ\x10\xe9 `\xbde\xe6\xc7\xcb:_\xf7!\x06G;\xc2\\i\x11\xeaJ/\x97\x9e\xa1\xe3\x9d\xe6\vn;\xaf\xfb\xabN\x8c\x85\xaf\xe6\x80#\x85c\xecT\x82\\\xbf\xb8P\xfc=\x9c\xff\xf0Y\xb4:q\xf5Q\xd0\xe1\xc1\xf0\v3\xce\xc3\x19\xc4m\xd1\xfb\f\xff־i\xe0\xf8\xae_\xbcn\x9b\xceiD\xf6Q\x1dp\xfe\x91\xf4?\x19\x8f\xa5+[M.\x1e@\xed3ǹ\xfad\xd1$\xd2\x12t\xb2e\x1a5\xafU]m;nX\xdf\xf1\xe7\xee\"\xda@\x80k\xe7\xbe̩?6\xbd\xa4\xefkޑ\xa6'ˑ\af\xf9\x9a\f\xfa\x98f\xfb\x13\xf1\x04\x99\xcd.[\xc4Zu?\x9fc\x94n\xa9\xb8Mz\x85\x1e\x8b\xd7ڭ\x00\xc4'\xbbl\x9f[ݔ\xaf\xf6+\xf7pX\xb5ކ3\x82Q\x9b\vO\xc8\xf7w*\xfe\x13\x00\x00\xff\xff\x9e\xa9\xc37\xa1\x06\x00\x00")) - p.addCertFuncNotDup("0\u007f1\v0\t\x06\x03U\x04\x06\x13\x02BM1\x190\x17\x06\x03U\x04\n\x13\x10QuoVadis Limited1%0#\x06\x03U\x04\v\x13\x1cRoot Certification Authority1.0,\x06\x03U\x04\x03\x13%QuoVadis Root Certification Authority", "\x8bKm\xed\xd3)\xb9\x06\x19\xec99\xa9\xf0\x97\x84j\xcb\xef\xdf", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xbd`\xd0IJc\x013\x13#\x13\x13\x8bն\x80n\x03^6N\xad6\x8f\xb6,\x8c\xac\xac\f\x06\xf5\x86\xdc\x06\x9cl̡,l\xc2LN\xbe\x86\x92\x06\xe2 \x0e\x97\xb0@`i~XbJf\xb1\x82OfnfIj\x8a\xa1\xaa\x812H\x8a[X&(?\xbfD\xc19\xb5\xa8$3-39\xb1$3?O\xc1\xb1\xb4$#\xbf(\xb3\xa4\xd2P\xcf@\a\xa4\x8cYX\x15n\x02>\xf5\x06r\xe2\xbc\x06\x86\x06Ɔ\x96\x86\x16\xc6\xc6\xc6\xc6Q\xe2\xbcF \xae9\x94;\xf0\x0elbTB\x0e4FV\x06\xe6&F~\x06\x83&F.\xa6&FF\x86\xfd\x89[\xa7\x06\xef\n\xff\xf3\xebS:\xb7\x95\xd4}\xc1\x86\x94\xa9[.\xee9[u\xfe\x9b\xe64=\x95\x10\a\x15\x8b\xefR\xadw\"|N/Qw\x9a~a~s\xd7\xe1'l\xcc\xd1\fK\x03\xe5\nXJ\x1e\x1d\xbcb\xb5\xfa\xfaZkv\t־\xbf\xcdk^\xa5ݔ\x90\xce\xe8\xfa\x1a.5c\xd7\u05f7e\xb657\xefMɲ\xf6\x16?x\xb5\u007fo\xaa\x85\xd5\xd4\v\xb6\xa1f~\xf7+\xc3\r\xb5\xe4nD\xa6zF(̨[\x1d_7\xff\xe55\xdf7\xcd%+\x8f\xe7\xdcx\xa7\xe9ժ\xc5&\xf23\xe4\xd9\xe5[\xa9\xec\xdd\xc9\xe6B\xd7/\xbc9\\\xad\xe0\xe8\xb2\xf8\xed\xe9\x05\xe2\x0f\vS\xcfɦ\x19~/c\x94\x90{\xf9A\xd1\xcf\xc2\xcc\xc4ȆVX1\x83\xb2[\xd7\x15\x91\xad\xff\xbe̚\xb4\\\xf2ʒ\xba\"\x89\xfe\x9b\x195A*w\xd3\xf3-\xab\x8e\xac\x8a\xb3}\x14\xb1\xc1\xb7`FK\xe2\v\xe9Ǚ\x12|\xe7~\xbb\a,\xf0\xfb\xffAE~\xef\xa6s_\xd5\xff\xbc\xd1\x0f^U\\\xcdl[\x92\xf7Ll\xde\xeb\xa5zG\xf6\x87\xa9\ah'\xed\xda\xe7-c\x13\x1a\xe3(\xab\xb2\xafI\xc1=\xf6\xaaK]\x95X\xc6\xfdZ\xdf\xc0\x82\x8apYc\xb9\xbfL3\xe7\xf0\x9c\xe5b\xf5?\xbe\xbboI\xe9/\xaf܍\r}\x9ca;\xe7H%\xfc\x8b=x\xbd\xea\x8e`Ņk\xb1\a\xb7_]k4\x93٪\xebL\x88\xaa\xa5ac\xb5\xb0R\xe0.\xb7\x9c\x85\xbb\xe7\xfdb\xc9\xf1T+\xe9\xbfT\xfc\xfa\x8c\xc1\xa2g\xaf\"\x95\xda\u007fL\xff\xca\xf7\xf7ՙIKĎ\x04I\xbcR<\xb7\xf1㳖Ƨ\xbbV\xb6i|r\x8e\x8a\x15\x9a\xbbF\xee抧\\Y\xcb\xeb\x17\xb4k\x9e\xff\xd4\xe9{\xe5\xcd\xd1GϪ.\x98)wy\x95\x98\xfd\x04\x04\x00\x00\xff\xff\x81\xd2\xc1Y\xd4\x05\x00\x00")) - p.addCertFuncNotDup("0J1\v0\t\x06\x03U\x04\x06\x13\x02US1 0\x1e\x06\x03U\x04\n\x13\x17SecureTrust Corporation1\x190\x17\x06\x03U\x04\x03\x13\x10Secure Global CA", "\xafD\x04\xc2A~H\x83\xdbN9\x02\xec\xec\x84z\xe6\xceɤ", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xdec\xd0Ĵd\x013\x13#\x13\x93\x00{\x98Ғ\x17W\xba:}\xbf\b\x9f\xf8\xf0\xe3\xd5R\x03^6N\xad6\x8f\xb6,\x8c\xac\xac\f\x06^\x86\xdc\x06\x9cl̡,l\xc2L\xa1\xc1\x86\n\x06r \x0e\x97\xb0xpjriQjHQiq\x89\x82s~QA~QbIf~\x9e\xa1\xa4\x818H\x05\xb3\xb0\x00D\x85\x82{N~Rb\x8e\x82\xb3\xa3\x81\x9c8\xaf\x81\x99\xa1\xa1\x81\xb9\xa1\xa5\x89\x91\x91E\x948\xaf\x91\xa5\xa1\x91\xb1\xa1\xa1\xa5\xa9\x91\x81Y\x14U\xedjbTB\xf6\n#+\x03s\x13#?\x83A\x13#\x17S\x13##\xc3zS\xbd\x1bkrB3\xd9\n\x9f\ng\xa8l\xf6\xbfqF\xd1\xfd\xc7\xc7\x04\x8b\xceN\xe6\x97{_Ź\x05sމ\xf9\x1a\xf5⻫\x16\xd3k\xc3\xc4\xeb\x9a\xc6>\xe7\x8e\xd7p\x99\xd7\xf1\xef2\x9a\xf1Pv\xfa\xfa\xfe\xe3wNZL\xfb|[\xeaO\xe0یc\x17\xf2\x96Ԩ\\\\\xe7tbZ@\xb2ރ\u007f\xa5\xfff,\x8f\xf7ԛ\xfa\xd8\xd28\xa5OnI\xfc\x84K\xe96\x9bn\xfes\xdc\x19\xba\x9c\xb3\xaf\x88U\xae\xfb\xaeKk\x93\xd3\x05\xcf\x03\xb2\t\x1f.\x8a\xebL}\xfdm\xe9\xc1I\x8b\x8f\x1eZΑ\xc0\x9b\xc0\"0\xadr\x9e\x98ɳ\x95\xdb~\xa9\xbaZ\x9e\x90K\xfd9\xf9몏Awfΰ]\xda&\xc5cj\xfc\xcb{)\v\x9b\xa8\x8ca\xc3\xfbU\x12ه\xaa\xaf\xdf:\xf7\xd3X\xe1\xea\u05fdYƺ\x8d,\xbf7\xc4\\\x99\xb3\xf8Q\x8c\xec\xe3\x95N\xa5q\xd5W\xca\xdf[\x86\xec:\xc9%!-4\xd3S\xbf\xc3\xfbo@\xd2\xc5\xe2\xe7\xfdU\xceĽ\f\x8c\x8b\x1b\xe7\x1a4\xce2\x10f\xe3\xd4fcdal2\x17aba\x93capfp4\xe0fc\x0e\x95\xe5gaafbl3\xe0\aq\x84\x19\x19\xff\xb3\xb0\x1a032\xfe7\x90\x05\t\U00031231\x88\xacwa9\xe4X\xe7\xd1|\xdbϒ\xe9͛\x96\xaag\xe7N.10\x01I˳\xe8\x1ah\x1bh.P_\xa0ڦ\x9cQRR`\xa5\xaf\x9f\\\x94\xa3W\f\x8e\xab\x12Pl\xea%\xe7\xe7\xea\a\xbb;;\xea%\x17\xe5\x18\b\xc0\xdd!\xca\b\xb2\x97\x01-12\x83\".Y\x8aávI\\0o\xf9\x8d\xaau\xf2\xbc܁b\xcc\xef%jN<^\x9f\x151Y$a⦖;\x1d~\xfb,\xbb\xac>?k\xea\x8ce4\u07fcZe\x89(\xdf$\xd3(/\x978\xbf\xf0_\xa5\xe7\xe4=Υ}\xb1qP\x9b4#G\xfa\x9d\x8a\x1b\x8f\xf8栥\xb7\x97N\x9cx\xde\xfcr\xfesu\x0e+?Iy\xab\xe5\x111\xe2\xe7+\xed\xbb\x9f,\xbf\xac\xa6.\x13\xb3^\x99_˷ZV\xfc\x9f^\xfa]\xffɪl\x96\x16\x97S\xcb\x1ee\xf4\xfd\r\rH\xe2_R\xc8w\x8e\xddBש5`\xadʹ\xfc\ueacb\xf8\xce\xdf\xf3촽\x96\xa2g\xf1T.gkx\u05fc\xf7\x1e|g\xab2\xc5\xda]\xb6Nx\xc26w\xddB\x96\xe9\x11\x95\xef\x15\xbc\x9a\xb2{\x94\xf6\xbf\x91\xe7\u007f\xd9R\xf8\xf6#ߓ\x1d\x12\xc2g\xc2\xccb/Β\v̶\xccK(\xeb0\xe1\xfe\xbc\xf9↹\xa7\x12\x1f\xa5\xc8\x1etcߑ|W\xce8us\x1fgh\x90\xedֽ\xff\xd9_\xafM\f\x95\xd0Y\x999\xc3k\x95\xc3Qc\x91\xd4\x12\x86\x9f\x13\xef\xadg\xf68\xea\x10r\x87\xbfeB\x86\xc2\xd1I\xd3\xee\xe8=er]u >\xe4G\xee+\xcf\xf3\xb19\xde\xeb\xdf\xcf:\x14\x16s\xcc4\xcc)\xcb \xfe\xd0\xeao\x8fl\xed7\x9f\x14\xec7\xf4\xb9>ߓ\x89\x99\x91\x81q\xb1\x93\x81\x83\x81,\x1bs\xa8,\x1f\x8b\x18\x8b\x88\xa9\xd7W\xdf\xf5\xf6כ,֬.L\x15/\xed\x99\x1b:\xf9\x99\x01\x1fH\x9a\x9f\x91\xf1?\v\v3\x13#\x9b\x01?\x88/\f\xe2\xb3\x1a032\xfeGK\\̠\xc0]\xd1\xfe\xf2\xcd\x0f\x87\xf4\xd8\xc3\aӎ;xO\xff\xd3.s\xf5ܤ\x96o\x81\auN*\x8b\xde\xd0ؾZUx\xab\xdb\xc36\xa6\xffj=G:&Ɇ\xfd\x93L\xff\x14\xfa\xa4aq\xf6\x9c\xd5\xe5\x0f\x03\vy\x15n\v̺\xbd\xb7\xac\x92\xbd|\xa6\xc6\xdaYq\xb76\xfa\xbb\xe8\x98\xf6-\x9dv\xfco\xf3\x87\x88c\x95\xd7fԬ\xe8\xfd\xd7f\xc7.6\xe9a\xf5s\xd97\xc6euNz^\xad?'vf\xb407.\x9d=k\xdfc\xf3\xa3!\xabì%t\x1d\x97\xf0\xfcp\xba=s\xc1\x83\xa2\xfcݱ\x0f\xc5\xfc\x83\xb9R~\xfa}\xd9\xef\x17\xb2\xb7\"\xa7\xe3\xd5\xfe9\xc2*\x87\n2\x17\xd5\xf3\x9f\xb0Y\xcbqr\xc3\f\x87\xc5Z\xcf;\x9aߖ\xf7\x97\x00\x02\x00\x00\xff\xff\x02\xb4o\x82\x81\x03\x00\x00")) - p.addCertFuncNotDup("0P1\v0\t\x06\x03U\x04\x06\x13\x02JP1\x180\x16\x06\x03U\x04\n\x13\x0fSECOM Trust.net1'0%\x06\x03U\x04\v\x13\x1eSecurity Communication RootCA1", "\xa0sI\x99h܅[e\xe3\x9b(/W\x9f\xbd3\xbc\aH", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x8e2hbrZ\xc0\xcc\xc4\xc8\xc4\xc4\xc8`\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1 \xc0\x90ۀ\x93\x8d9\x94\x85M\x98\xc9+\xc0P\xc2@\f\xc4\xe1\x12\xe6\x0fvu\xf6\xf7U\b)*-.\xd1\xcbK-1T7P\x05\xc9p\v\xcb\x05\xa7&\x97\x16e\x96T*8\xe7\xe7\xe6\x96\xe6e&'\x96d\xe6\xe7)\x04\xe5\xe7\x978;\x1a\x1aȉ\xf3\x1a\x18\x1bX\x1a\x1b\x18\x98\x18\x19\x98XF\x89\xf3\x1a!si`c\x13\xa3\x12\xb2\xb7\x18Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x196o\xfeW\u007f9w\xe3{\xb1\x9a\xf0\xa5<\xb9e]\xfa\xde\xfbS~\xfb\xbc\xeb\xfa\xf0Y\xb3\xe6\xeb\xffwZ\x0f^\xbe\xdc\x15\x9d\xa24kV\xbe\x8e\x95Zf \xebL\xb5;We\xb2\n\x8fͪ\x95\x9b{\xb7&\xe7XOz\xba\x97ݏ\xc2\r\x92\xea+9y\x96M\xdd\xef\xdd\xc3\xf3+t\x86\xf5\x8d\x17J\v\xbd\v-*\xd7L\x9f\x94\xb9\xb9\xb3\xee\x95b\x06\xdb\f\x91i\xed\x97\x12\xcd\xf6䪇\xcd\v\u007fw\xe0@\xd8_\xa3\xf3Kn\xf6\x1dR\xbe\u07bb\xe2\xf3\r\xd55ӟ\x14X|\xd9f\xb5e\xae\xf5t5\xe7\xc5\v\xf7xF\x16\xf9(\x1b\xb43F|\xf3\xdb'\x93\x11\x96\xb6\xfe\xacc\xec\x89;Z\xa1n\xab\xe5o\xc9=r\xb0\xbd}\xb6v礆9\xe6wy\xa6\xa5̽\xa3\xf4=\xa5\xfb~\xe2=\xd1)A\xa2\vj\x83Nz\xafP\xc7\xe1\xfe:Ⱦb\xcez\xdfu?\xae\xfa\x9f\x9f5CK\xc0\xd12\xe8\xc8ݛ\xb3\xf9\xdeOf\\\xb7I\xefT\x86\x93\x8aSΆ\xcdVvg_\xde\xf28\"z\xfa\xe5Ov\xfeI\x01\x9e]w\r\xa7ǟ|i\xbe\xca:2u\xfa\x14\xa3\x93\x9b\xe7\xdbY%E\x1c\xf5\\\x9b\xc4W\xb8\xd4h\x95\xfe\xb1\xce2g\aa\xe1t\xdbE!\xaa\x02\xa7?Z}\xba\xf9\xeb\xb6g\xd8\xeee\xff\x96;\x9a\x1e~Бx\xb2\xe3\xf8}3\x01\xa5\x19\x91\xaf6x\xfd\x0e\x13+\xce[\xe3\xfb]i\xa1\xffZ\xd9*]W\xf5\xa7\x06\a\xe3>\xdd\x12>\xad\xea\x148՝\xb9'G\xf1L\x89\xd3\xdb\xe0\xff\xc6\xdd\xfd\xfc\xe1\x8cb\xfa痽;Y\xa0$\xb2\xf7\xef\xbe\x1cnf@\x00\x00\x00\xff\xff\x01a\xab^^\x03\x00\x00")) - p.addCertFuncNotDup("0]1\v0\t\x06\x03U\x04\x06\x13\x02JP1%0#\x06\x03U\x04\n\x13\x1cSECOM Trust Systems CO.,LTD.1'0%\x06\x03U\x04\v\x13\x1eSecurity Communication RootCA2", "\n\x85\xa9we\x05\x98|@\x81\xf8\x0f\x97,8\xf1\n\xec<\xcf", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb.7hb\x8a_\xc0\xcc\xc4\xc8\xc4\xc4\xc8`\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x9b\x95\xc1 \u0590ۀ\x93\x8d9\x94\x85M\x98\xc9+\xc0P\xd5@\x19\xc4\xe1\x12\x96\tvu\xf6\xf7U\b)*-.Q\b\xae,.I\xcd-Vp\xf6\xd7\xd3\xf1\tq\xd13T7P\x05)\xe3\x16\x96\vNM.-\xca,\xa9Tp\xce\xcf\xcd-\xcd\xcbLN,\xc9\xcc\xcfS\b\xca\xcf/qv42\x90\x13\xe75\xb0405\xb240500\xb6\x8c\x12\xe75B\xe6\xd2\xda\xfa&F%d\x0f3\xb22071\xf23\x1841r15122\\\x10\xb5\f\xda\x18\xb4y\xd7\xd1Ȧ#\xb1A묜S\x1b\xbc\x8f\u007f\x9a\xb6\xe7\xb6\xd9\xf4k\xcbRzV\xc4}x\xcc%\xf3\xfd\xfet[\xefu\xdfb\xdf(nu\\}vg]\xd9\xfc}?\xed\xccL\x16X\x1f\xfcf(\xe8Z2\xd96\xbc\xe1\xe8\xcfΙ\xa7\x9e\xaeκ\xb2\xf5\x96\xe3\x04\x81\x83\u05ee9u\x1e\xda\xff\xc5Bh\xaaO\b\xebw\xb3'\xae\xcd\xd5\"\xa9\xd7\xee\xf0\xf8^\xbcWdz\xda\xfa\x88\xe8>\xab\xb0eQ\xf9e\x99A+\xabv\x9ex\x9d5+6\xe8\x82.W\xb6\xa9\x18\xa7@˅\xacSVl\f\xe6\xeeO\xea\xc2\xfd\xed\xbb_\xa7\xef\xe8Xut_p覉Gjwnh\x95d\xabл\x9d(\xf5\xab\xf5\xab\xd7ą\xcfŮ\xf6-\xb2\xbc?eG\x81\xbc\x86}\xf7\x1f\x87\xb8\xe4f\x9bf-\xa9\x99\xd9\xe7\xefEfY\xff\xc9\x17\xbb.\xff\xd7K\xe0\xb5_\x93\x98\xd5\x1au\x9e\xe0\x8fk\xaf\xaal\xc8f\x0e8\xa8k#v\xd7\xc5D]\xaa\xf47\x133#\x03\xe3b'\x03\a\x03Y6\xe6PY>\x161\x16\x11\xae֕婬3j\x1c\x1a\u007f\xf0Oױ\xf8\xc8\xf5\xc6\xe6\xbc\x01\x1fH\x9a\x9f\x91\xf1?\v\v3\x13#\x9b\x01?\x88/\f\xe2\xb3\x1a032\xfeGKV̠\xc0\xf5\xb1Z\xec\xb2f\xa7\xeb\xc6\xe3\x93\xebNps9\xddOy%\xf3.2\x87cWg|\xd6)\xaf\xa9\xf3\xaa\xfaُ\xder-j*䳺t&\u007f\xf9\x96\x85ʻ\xbf\xa9\xcc?-\xfe\xafgٹC\x97n\x9f\xe9\xfdS\xf8\x87Y\xf3`N\xacq|ʶT\xeb\xce|\x89\xb2\x8a\xafw\x16y\xc8K\xda\xf7M~\xfd\xf1\x97\xf8\xbb\xb3~\x8fY\x84B\xaf=}r\xf7\xb7\x1dk\xcd#ٸc\xcb\xf7L\xf7ϰ\xfa\xfaR\x8f\xcby\xdb\xfa𘤌\x9a\xed\u007f\x17w\xb5,X\x93\xb4O\x9b\xb3\xdd\xe4C\x16\xe3\xeeٚa6\xff\x18\xcc\xcf+\xe7|\xf4[\xb5\xad\xc4M(g\xe2;\x93\xabofM|\xee\xb2o\x82a\xd1UO\xa6oLO\xbfȿ\xae\xb99-t\xe5\xff7]?g\xba\xff7\x8dbZ\xc5r\xba+\xba\xbdPs\xe2\xde%[\xaax\xf7\xce\xfa\x1a\xae\xcc\xc0\xae(n\xefey\x91Փ{\xf96\xf3ƥ\xb1=\xab\x8c\xe3\x1a5j\x96ת\xbffX\xd7k\x0e\b\x00\x00\xff\xffpc\x1d\xf7{\x03\x00\x00")) - p.addCertFuncNotDup("091\v0\t\x06\x03U\x04\x06\x13\x02FI1\x0f0\r\x06\x03U\x04\n\x13\x06Sonera1\x190\x17\x06\x03U\x04\x03\x13\x10Sonera Class2 CA", "J\xa0\xaaX\x84\xd3^<", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbV0hb\xe2X\xc0\xcc\xc4\xc8\xc4\xc4(k\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xc0Ґۀ\x93\x8d9\x94\x85M\x98\xc9\xcdӐ߀\x17\xc4\xe1\x12f\v\xce\xcfK-J4\x944\x10\a\t0\v\v@\x04\x14\x9cs\x12\x8b\x8b\x8d\x14\x9c\x1d\r\xe4\xc4y\r\f\rL\f\xcc\f̍,M\f\xa2\xc4y\x8d\x90\xb9\x94\x18\xddĨ\x84\xecPFV\x06\xe6&F~\x06\x83&F.\xa6&FF\x86\t\xe2^\xa6sO}\xe0\x9dv\xdc嗘\xf9\x1f\x8f\xbd{\xeb\x1btM\xad\x1f\xe6\xafH_\xb9\x9fYƷ'\xdf\xc8\xfd\xaac\xc6\x12a\x96\x83\xa6<\xb3Z\x9c\xff\xc4\xc8\xfe\xef\xdc\xfcB\\\xe2\xec\xc4\xf8ߝ\x8f_\xed\xf7\x8b\xad\x91V\xbb\\Z\xf9\xf6Y\xcb\xe3\xf0\xa7k5\x8f|\xb1\xd2x\xbe\xb4\xba\xc5,s\xf3߸\xb2\xbd\x8bug^\x9e৬Q+\x91\xfc1\xc4ZmnY\xf4t\xa7M\xff\xd7}\xf0{s\xd7r\xaa_3[\xfdsO\x87\x13G\x197\x85D\xa5\xc9\xda\xfe\xf9\xf9҆k^㎂\x0f\x8c\xddO\x94CjN\xac\xfb1A\x8eaZѕ\x90\xf3\x89\xca{^\xfd\x9e\xcb4\xf5\u2d9d\x85V\x99\x1c\xf6\xfc[\x1e:\x1d\xef\xf8j?c\xc5\xf2]2\x0f\n\v\xdfG\x847\x06T\xc5d\x97\xb8\xf153\xcf8ܷ\"\xefS\x99Q\x9ez\xf3\xa1\xe2\xcfw$^l\x99\xfc\xaa\xd4%\x9b%A\xa10\xbc}\xee\xe7}\v&(\xdbv\xa9<\xbc\xa5x\xfb0\x133#\x03\xe3bc\x03C\x03~6\xe6PYaF\xc6\xff,\xac\x06̌\x8c\xff\r\x04A\x02|,\\,\x1c^\vVE\xb4\\\x8e\xb31\xe0\x06\t\xf1\xb3\xb0031\xb2\xa1\xc5?3(4\xa3ε\xff\x14+\x12\r\xf7\x96\xbd9\xfb\xf9\"5\x837\x93\xd3\xef_ӽd\xb2\xfe\xbb\xc5\xd2s\xab\xc5v\xae֯1=\xbd\xe6\x02\xff\x16\x1f\xed?\r\xef\xb3{&ƛ\x95}\xbf\xbdYZ\xf2\u0557M\x82\u007f\x13\v]\xf6kl\xb6\x92ݿ\xd9\xf9\xc5\xfc\xfdw\f9\n7\xcc\xed\xbdf\xe2n4\xe1X\xaa\xca\xf7\x05^5,\xc5\xfd\x96\xf9\xe2=E[\xf7z\x9f\xa8\xfaQ\xdd|X\xc3o\x0e\xe7\xabt\xfbM\xe9,҇En\xfdx\xee\xa92\xf1\x82l֯D\xcb\xf7\xd9\xcf\x15K\xd9\xd8o\bmQT(p*l\xbce3\xcbl߲hެ\x9cY\xf2\x13\xab\u007f\xfe|\xef\xb4\xcb\xcfo\xde\x19\x9e\xde)wn\xbaΉ{\xe3\x14\x90\xbc\xeeK쑍BwNY\xafЛ+\x12\xc5Z\xba\xfd\xcd\xf5\xe4G\xbbL\xb7\xb1pL|qk\xee\x9coi[%\xd6p-\vQ31\xbe$}\xf0J\xbd\x94U\x1f\xf7*\xa3\xbc\xdb\u007f\xfcU\xe7\xdf4:>-\xaa`\xcd}\x1f@\x00\x00\x00\xff\xff\x06\xe2N\xfc$\x03\x00\x00")) - p.addCertFuncNotDup("0X1\v0\t\x06\x03U\x04\x06\x13\x02NL1\x1e0\x1c\x06\x03U\x04\n\f\x15Staat der Nederlanden1)0'\x06\x03U\x04\x03\f Staat der Nederlanden EV Root CA", "\xfe\xab\x00\x90\x98\x9e$\xfc\xa9\xcc\x1a\x8a\xfb'\xb8\xbf0n\xa8;", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb-0hb\x8eX\xc0\xcc\xc4\xc8\xc4\xc4\xc20cZ\xaf\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x83\bCn\x03N6\xe6P\x166a&?\x1fC9\x03\x19\x10\x87\x8bG4\xb8$1\xb1D!%\xb5H\xc1/5%\xb5('1/%5\xcfP\xd3@\x1d$\xcf̣\x80U^\xc15L!(?\xbfD\xc1\xd9\xd1@N\x9c\xd7\xd0\xc0\xd0\xc8\xc0\xc2\xd0\xd0\xd0\xd2\xc82J\x9c\xd7\xc8\b\xca50\xb2\x88\xa2\xa1\xcdMLJ\xc8\xdedde`nb\xe2g0hb\xe2bjbbdx|\xbc\xae\U000e72b7\xd5%\xe3fS\x9d\xcc7w8\x97<\x0e\\\xa1\xaa]\xb9\x83\xc3\xf6\xc1\xc4]-\xad\xc7Z\x97\x9czvR/x\xc9I\x15\xb9\xbf\xa1i\x85\xb1:G\x132X\xb6\xdf<\x14\xa4fѱ䚵òCg\xed\xcfΘ\xbc9D$bZ\xe8Հ\u007fmk\x97$\xd7Ǵ\u007f\xeb{\xa6>)]|\x12\x13\xb3Νki%o\xef\xa6\xff?\x98؛\xec\xcf?;W\xdc@\xed\xfd\xeaK\xf2\x02\v~\x1e\xad\x17\xcbldv\u007f+\x97\xd1[\xb4\xd0w\x93ڱ]9\xf1\xb9\xd7\xd6_\xdc(ܷr\xed\xe7\xb8\xccR5\t;Gm\xc5\xfawݱ\xecls\x9d\x8fhri\xffѲk;m\xd3l\xf5\xf3$ﭣ3\x1f\xed\xa9p4.{\xb8_?\xf6\xe9\x92\x19\x01<\xa2w\x1f\xfc\x9aSo\x91qaӲ\xaa\xe5\x17\r\xf7\xd6uE\xa8;o\xdee<\xf1\xf2\xf2\x19\xa21\xb3\x9e]\xe6/\xbd\xf9\xc7q\xc6t\xbbU\xaa\xb7\xfb'\xe9m\xa8\xe6\x89\xff\x98\xbc\xd2\xfc\xe7\xec\xd2L\x1f\r5\xd5[W?\t\x15\xb8\x86>\xbe_\x1cg\xfeU1gB\x9fi\xd4\xc9\xcbʯ/\x1f\xd8W\xb1\xc6I#\"m\xa9[n\x01\xd3u\x81\x9f\xde!\u007fbۼ\xda\xcfןr]#\x18\xb5U!\xb0W\xbf\xc3}\xba\xe5\x81\xf3\xbb\x0e81:\xcc\xf4P\xe4\xce^~\xe9ﴫ\x17\xf7\xb9\xcd\xf5|\xc0\xbdl\x81\x92\x9fŅ\x836\x06{\n\xfauJ\xcf\\8\xda\x13hm;\x85#E-\xb1v\xe7\xe1\xd4~\x919\x8a\x17V\xfd\x15/b\xee\xdf;\xbb\xe7Y\\\xf0\xbc\x9ds\xdf7\xed~\xb8\xe7Q\x91c\xb4\xe2\x94ˮ\xe6S.\xde紌}\xae\xbcj\x96\xec\xa9\xdc\x15\\m\xad]M\xfb\x9cد}\xb2h*\xbe\xd5\x1e\xfd\xd4\xe6\xf2<\xbb\xe5\xd6\xf3\xbe0o\xfe\xf9\xb1V\xb8\x84\xe9\xff\xee\x85O\u007f1T\xca,Ks\xec\x88I\b_\xa6\xc7yd\xd7\xdfY\xe7\x97\xcb;\x1c\xde}&\x8a+\xd4\xdbڢ,pGrw\xcb\x14\xb1ga\x9f\x99\x98\x19\x19\x18\x17;\x198\x18\xf0\xb31\x87\xca\n32\xfega5`fd\xfco\xc0\a\x12\xe0\a\t\xb0031\xb2\x19Ȃ\xf8|,b,\"\xffV3L\x981O\xe5\xcf\xca3R]\xbf\xd5w\xec7\xc8[a\x8d\x96\x99\x98A\x89\xeb|\xb9N^\xd8>\xbf\xcd\xdbZ\x18\xa6\xacv?\xc9{\xa9\xecx\xdb|Y\xf6\xcb۶\xec\xe6\xa8X\x9fy\x89\xdb\xf3\x9e\xf1\xd15k\x0fu0ղm7e:\x98pr\xff\x91\x17S\xee]\xb9\xbcRX5\xea_ޢu\xb5\xacwj?\xe7|\xa8[\xd6\xfb\xee\xe6\xf5s\x11\xe2/Vj\xae+\xf6h\u007f>\xfbT\x9e\xe6\u0094xI\xe1\xef\xeb\xd8\x04\xfe\a\x1e\x9b\xed\x1b\xaa\xea?y\xa6\x00cp\xe9G\xe1sǗ9:^\xda߱\xb4\xde\xf5Ϛ\x1dK\xb7\x1a\xf34\x1d\xf9\xcd\xfe-\xeb\xa9jK<۩\x83m\x96\x82\xb7#Ζ[\xeb\x1c\xf2Ꮫ\xf5\xf8\xc3j\xbbD\xe9\x00\x95C\a\xbe|\x94\xfc \xa8\xb9m\xa9\x04\xd3\xec\xeb\xc9>\x05=\ue2d9\x9dcvƺ-\xe0\xcd\xff\x1fٷ\xef\xee\xfc\xa2\xc3\xd1\xda\xf7{\xa2\xcf=\xe5q˙\xb4\x89k\xb1O\x88\x93\x84\xa8\x90\xc4\xde[\u007fv\x95\xe4\xfd?\xb8mAʍ\x95\xf1\xa1\xeb\xe6\xc7d\x95M\xbbQ\x9c\xde\xfe۷>\xe6]\xe6\xa9b\x81\xdf]+\xff\xce\xdbkf\xe1\xe9\xd9\xfe\x85O\xe4\xc3\xcb\xf6\x1d\xf6\xcb\xfd\xab\xa2\xfa*\xafL~\xb2;#\xa8eM\xce\xcb\xcf3\nB\x8b\x8c~\x9a\xac\xd6\xf6\xdczV!\xe9\x89UUz\xf2\xeaiwr\xd7M\u007f\xf3g~YX\x87^\xda\xf9\xe8m'\x97l\xb8κ롺\xfe\xe4\xddjZ\x8b&o\x90\xfeܷO\xd6a\xf1N\xb3~\xbb&)\xa9\xb8\x8eW\x01?\"\x1f5\xbbir?v\x89y8u[\xe6\x84Y\"\xf9\xd3\xd75\x9e\xcfx?s־\xad\xcf\x1f\xd6\xff\xf8%\xec.\xe6s&\x97\xc3\xe1ywE~@\x93K\x80}\x1a[\xd7j\xe7\x960/~\x05\xdd6\xbe\xaf\x97n_\xaa\xea\xf2>\xbb\xf4\x85\xdf\xc785U\xc6H\xe5\x05u\x97\xbe\xd5)\x86_W\xdf#\x1a\xee\xb3\xc4\xed\xe0\x83f9\x1e\x1f_y\u007f6\xc9G?W|\xb1jZ\xb8\xa9ҹ\xf2\xda\xda\xfc*\xf5\t\xccK^\xa9\xb4\xdb\xdf\xdc{\xf3\xe5\xa7\xf8\x00O\x99wo\xae\xeb\x01\x02\x00\x00\xff\xff\x86\x9fl\xf8t\x05\x00\x00")) - p.addCertFuncNotDup("0Z1\v0\t\x06\x03U\x04\x06\x13\x02NL1\x1e0\x1c\x06\x03U\x04\n\f\x15Staat der Nederlanden1+0)\x06\x03U\x04\x03\f\"Staat der Nederlanden Root CA - G2", "\x91h2\x87\x15\x1d\x89\xe2\xb5\xf1\xac6(4\x8d\v|b\x88\xeb", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb=e\xd0ļi\x013\x13#\x13\x13\vÌi=\x06\xbcl\x9cZm\x1em\xdfy\x19\x19\xb9Y\x19\f\xa2\f\xb9\r8٘CY\u0604\x99\xfc|\f\xe5\fd@\x1c.\x1e\xd1\xe0\x92\xc4\xc4\x12\x85\x94\xd4\"\x05\xbfԔԢ\x9cļ\x94\xd4/\xe6f-\xf7\xf8\xae\xfa\xb4`\x8d\x81\x88\x82\xea\xe3\xfaҨ\xa7\x1e?\xfc\xaa\x99\xd9Y~5%\xb6\xe7}\xb0>\xb2\xe4\xf8\x85\xaf%vKc\xa58>\xcdV\xbd\xf4m\r\x8b\x9a]\xa8U\x92\xc6\xd2\xeaM\x06\xeb\u007f\x98\x1f\xba\xb8\xeb\x9a\xc5\xdf/\xef=\r\xccg\xaa)z\xb42\xae|*\xf6\xfc΄\xd0\xfb\xfc/,\xce\xce4W\xf4\x8f\xfd\xaa\x94\x9fuTH,A<\xf4Sjڲ\xe5\x06\x13-\x0eZȶ\xb1\xb4\xec\x92R\xad\x88\x9b\xbb\xfeL@\xc25\xe1\xf6\xa0\xb7\xc9\U000b9a75\x87D%JN=\xacK\xd1\xec)\xba!&\\\xcb\xed\xe9\xf5QCZ\xa1$\xfb\xa8\xed\xdd\r\xab<8m\xf5\x9a\xa6\x9c\x95J\xbd\xa9\xdd1k\xe6\x1e\x89\xba\xf9\xefj\xd3j\xec\xf6N\xd9\xd1x\xee\xec\f\x83\x8a\x83\xf9\xe9\x17\xf6\xc5?\xc8x{\xef\xd1Ɠ:\x91\x15\x93V\xdd\xd7NH\xfe\xf44n\xe7\xe3S\xbf\xea\x03\xda\xec\x16\x99H\xf0pfh\b\xcat}\x9eڱ\u007f\xcf\xcf8\xc4\x04\xba4rU\xdc\xf3:\x17\xba_\xf6\xea\xcd\xeda\xef?\x94\xfd\xe7\xaeܺ~\xef\uf559\x13ݦg4\x88\x98\xc9n\xae߭9\xc3l\xa9¯\xa6\x84$\xe3%o\xae\xedb_\x9ew\xf4\xbcȲ\xe7\xd7&\x99\xdch\xfc\xfaG6vU\x8cܷž\xd6;\xbe[21320.n\x9cn\xd08ŀ\x9f\x8d9TV\x98\x91\xf1?\v\xab\x013#\xe3\u007f\x83 \x90\x80\x02\x8b\xb7\x81\xa7\x81;\x1bK\xa8\xac\x02\x83\x81\xbd\x81-\x1b\x876\x1b#++;\x13\xa3\x98aFII\x81\x95\xbe~yy\xb9^Avf~YjQFjf\x8a^^\x8e~A~Nfrfj\xb1~Q~~\x89.\x98W\xa9\xebnd\xc0\a2\x93\x1fd\t\v3\x13#\x9b\x81,\x88\xcf\xc7\"\xc6\"21è]T\xb6\xf3\xd1֏k\xcc4Lz\xb9k\x92:^\xa3eSfP\x92]\xe1蕮5\xa9\xb1) \xef\xe1\xf5\x1b\x9b-\xad?3\x89r\x06\x04\xbe\xd7ݫR\xdd\xd1f\xfds˞I\x9c\xd3v~;\xb0Z9\x81\xad\xb2G\xd0/\xf0Re\x83\xf1\xef\xb9\x1e\xfb\xde8:7\xca\u05f9;\xc8<\xad\xe28\xb5\xaa\xbbt\xadȑC/\xd2l\x9aؗ?So\x8a\x96xƟw3\xc0\xae\xcbIB\xf3ؖ\xb0?a\x02\vX\xc5\xf7\xf2(\xd7\u007f\x99\xfcv\x8eTྻ\xae\x8e\xfb'\xaal\x91\xefy\x19\u007f\xbeZq\xe6\xfc\xa9\xf3-\xad\xdcdr~\x9e\xad\x9e3\xe1\xac\xc6\xca\xe3+Cw\xafI2I2\x15\xf6\x16\xb1\nm\xde\xd9\xd6;iٱ/\xec\xaa!g\xc4\u0085\xbc\x9a*N\x88\xdc\x14oRӍU\x90\xaf\\\xf7\xefJ\x81\x98\xd8\xd4\xe6\x1b\xa6\x96\xff\x83bKeĎ\n\x87\x9ew?S\x9a\x1a\xe4u\xefÆ\xe5O\xb8\xa6q\xff^{\xe8\x91j˦\xbbO\xf6\xd6E\xe6\xcc\xfe\xf0\xe1\xc6\xf3S\x9f^N\xb7\xa8\xeb\xdcw淥x\xa2}\xd1m\xab\x897R\x19%e\xd7\x06,\t\xe7\xaa\xf1\xde3\xa7\xb0X\xcb5P\xb2\xf5L\xdf_\xf7\xe5%SeW\\\\\xef'\xbe1S\xedЪ\x8a\xf0裾˟\xcec\x15\x9frjS\xfc\x02O\x89^\x93\x97j9\x1er\xab2&\xb1>l*\x8e\x9a}\x87=\x9a#\xb7v\xee\xf5^ś\u007fD\x14V\x1dr\xbdo\xff\x9caS\xe0\x93C?XwVJ\xf5\x98|\x9e\x17\xfd\xc4<:\xdb\xeb\xbeNx\x97C\x94ٮ\xbb\xa5.\x1c\xe6N\x05<\xff\xee\xc4).X\xdcu`\u009c\x8c[\x01\xcf\\\x05\xdc+\xb6\xf9]J=y\xd8\xfc\xfeC\xa7\xe4\r\xe1殺\xd5]s\xf6\xb3\xbeJ\r5\xfen)pTCK\xb1J\xba\xeb\x88\xcaO{\xd1\x13\xb3D\x15\xbe\x86&M{\x9b;9`ϓU\x15ko\x9e\xe6Jm_\x96v\xf0H\xe3\xe2r\xab\b9\xeew\xcd\xdds\xe5.\x05-9#\x9b\xbfaF\xee\x14í?\n\xb9\xee\xec\xfcSk\x94\xf0\xec\xf5\xfa.F@\x00\x00\x00\xff\xffaD]B\xce\x05\x00\x00")) - p.addCertFuncNotDup("0Z1\v0\t\x06\x03U\x04\x06\x13\x02NL1\x1e0\x1c\x06\x03U\x04\n\f\x15Staat der Nederlanden1+0)\x06\x03U\x04\x03\f\"Staat der Nederlanden Root CA - G3", "T\xad\xfaǒW\xae\xca5\x9c.\x12\xfb\xe4\xba] ܔW", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb-1hb\x8eY\xc0\xcc\xc4\xc8\xc4\xc4\xc20c\x91\xa5\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x83(Cn\x03N6\xe6P\x166a&?\x1fC9\x03\x19\x10\x87\x8bG4\xb8$1\xb1D!%\xb5H\xc1/5%\xb5('1/%5\xcfP\xdb@\x13$\xcf̣\x84U^!(?\xbfD\xc1\xd9QAW\xc1\xdd\xd8@N\x9c\xd7\xd0\xd8\xd0\xd0\xd0\xc4\xd0\xd0\xc8\xc2\xc4(J\x9c\xd7\xc8\xc2\xd0\xd0\xd0\xd8\xc8\xd8\xc0\xc0\xc0 \x8a\xa6v71)!{\x95\x91\x95\x81\xb9\x89\x89\x9f\xc1\xa0\x89\x89\x8b\xa9\x89\x89\x91a\x9fѢ\x10\xfe\x82\xdf:1\x91\xafs\x8e,\t|Ѫ\xb5\xf9\x8c\x97ɧ\r\xf1\x9f\xf9\x8e\xcb\xd8\x06\xcbupd\xdcȷ]{hޙ\xa6tv\xf5\xf6\x8cB\xab\xf9\xa5Ӕ\xdcX7\xbc]{7\xe9\xf6\x81o9\xc9\x15gO\xf9\xd9n}\x1a4\xfb\xe3>\xebg!\t\x1b\xd2\xe48W\xb3\xff\v\xe9\x14t\xba\xf8]eWB\x85Ԍ\xef'\x05\xff\x8a\x1d4\x95\n)}\xef|\xf9\xe9:\xbfsϫ\x0f\x1f\xf3K\f\xf4^=\xcb\xd5{\xa1\xbc\xe3^\x8f`\xd1\xc2\x14\xee\xb6\xcdO\xf5\xf6\x9d[\"}P\xb3e\xd1\xd6\xd3\x1c\xcae\xceJ*\xf2\xe2,W\xf2\xe6\x1c\xfbS\xaf\x9d&\xf5\xa6\xeb\xe9\xb5\xf3\xbe_\x939\xb7\x8bZ^\xab^\xf3\xfaq\xcdK\xbf?\xa5N'\xdeFL\xe5asZ4\xe7\xfb\x93\x82\xcd\xf7\x8b\xf2\xa3\xcc\x1d:o\xb4.\xb9\xfe\x91\xfb\x9e\xb3\xe4\x15\xaf\b\x9d\x9e.\xcby\xfb[\xda?\x8aY\x9b\U0007cf3c\xe5T\x8e\xa4c\x10\xe7B\xd9\rY\xfb\x9b\xde\x17\x04*\x1a\xdda-\xeb9\xfd=\xe5\ts\xc0\xfa\x9e\x89髏~z\x17q\xe3\u07be\xef\xcf\r\xcf眴.)|\xdd)\xd39zB\xbf\x9f\xec\x8aU\xb83%\x1c-C1\x83\x12\x97\xc1̹\xacF'\xe2\xf8\xacg0Zu-y\xce\xfe\xbd\xea\xc7\xf3Y\xf7\x03\x9c\x83\xa7kٞ\xb2q\x9f\xa1\xf7P\xb4\xfa\xe3\xa4ω\xb7&\xa8\x8a\xa5\x1e\x98\x1f\x12\xcb\xc7l\x1d]\xce4\xa7e\x1b\xef\x8cx\x93\xbb\xd6ɇ\x0ek4\x1e\x9a\xa3\xa9\xa7\xf9\xe8\xc4a\xc6OƯ\xb4V\x9d\xe1\xe4\xf8\x9e\x9a~\xec\xec\xfd\xcb۴\x97\xef=s\x91\xaf ~\x87\xf2\xc5\xd3\x13\xfd\xb8\xbe\x9c\xa8zz3\xd9\xec\xe0\x95\xfb\u007f\x94\xa6\u007fO\x88}\xa5\xa9\x1f\xb1io\xc4\xde\xdei\xfe\x02\xa5\xfb=\xaam\x03\xdb\x17ڔ(\x1d\xfa\xc3^\xdfp\xe7Ț\u007fY\a\v\f6\xbc\xec\xcb|\xa4\x93\xd98\x85s\xd7\xdd\u007f\xbe\a\x9a{\xa6D\x1cpSX?G\x9e\xe9\x87i\xa8\xa7\xbeە\x03\x1f\x16Lc\xe27>Z\xf8y\x9er\xed\x94\xed\u007f\xad.s6\xb3)\xfeM\xb0]gt\xe0һ\xdee\x1f\x9eoi\xaa\xe1:Sp\xb2\xb2\xe1\xc7?\x9f\xef\xa6-\x92]\x86\xbf\xb9n^\xaf\x9f\xfdaѬ\xecì^o\x1d\x13D\f.\xae\x12tʻ\xac\xcc\xc4\xc2},\xf5\xeeݠ\xf2[\x8dٛV\xfcb\xb4\xd89\xed\x95VN\xfa\xf4\xce)\xf3\xf6<\f\xb9\xfa$\xab\xe2\xbd\xd7^\xedY\xb6\x0eu\xc7\x0e\x94^\xca\xfb\x9da\xf0\xe6M\xf7ܟ\x9e\xa6\xb3\xa4tnn\x9ejyUn\xd2\xf7e;S\xf5\x9f\xda\xe6Zy\xf8p\xdcy\xa2!\xa4\xb1\xaf\xd64\xe6\xd5\x03\xb1:a\xe9\xac\xebv\xd7\xe7\xfd\xd1-\xddtP\xe4\xaa2\xf3\xed\xe8|n\xbb\n}\xde{ƽb\xdb=\x9e7\xcfj\xe4\xaf>\xe8\xec\x1b\xca\"n\xe1\x15x5rQg\xc9\xe5\xf9\xfb伯\x1f\xcb\xddޡ\x92\x9f0qISkt\x98\xe3\x9e\v.\xab\xb3\x84\xf7]ԉ\xd8.d\x1c\xb1\xc9<\xf9\x8e\xf0\xd7)\xb2\xf6\x0e\x81_\xfd\xbfZ\xbd=q\xf4\xf5!9Y\xb1\xa9U\xc7\xeb\x9c\n'\xe7y\x8bn7\xb8\xbf\xeamx\xab\xc7\x1a٬\xbb\x96\x99O\x1eVV\xec;Ǻ\u007f!\xcf\xf7\x86j\xc5tu\x83H@\x00\x00\x00\xff\xff\xd0nhnx\x05\x00\x00")) - p.addCertFuncNotDup("0h1\v0\t\x06\x03U\x04\x06\x13\x02US1%0#\x06\x03U\x04\n\x13\x1cStarfield Technologies, Inc.1200\x06\x03U\x04\v\x13)Starfield Class 2 Certification Authority", "\xbf_\xb7\xd1\xce\xdd\x1f\x86\xf4[U\xac\xdc\xd7\x10\xc2\x0e\xa9\x88\xe7", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xe17hb\xfa\xbe\x80\x99\x89\x91\x89\x89\x91\xc1\x80\x97\x8dS\xabͣ\xed;/##++\x83A\x86!\xb7\x01'\x1bs(\v\x9b0Sh\xb0\xa1\xaa\x812\x88\xc3%,\x13\\\x92X\x94\x96\x99\x9a\x93\xa2\x10\x92\x9a\x9c\x91\x97\x9f\x93\x9f\x9e\x99Z\xac\xa3\xe0\x99\x97\xacghd`\x00R\xc6-\xac\x89P朓X\\\xac`\xa4\xe0\x9cZT\x92\x99\x96\x99\x9cX\x92\x99\x9f\xa7\xe0XZ\x92\x91_\x94YRi '\xcek`b`fdihnlih\x16%\xcek\x8c̥\xa3K\x9a\x18\x15\x90\x83\x81\x91\x95\x81\xb9\x89\x91\x97\xc1\xa0\x89\x91\x83\xa9\x89\x91\x91a\xbbщ\u007f/\v\x97\xb1\xb4\xae\xe5\x11L\xb9\u007f\xce\xf7\xfd\tf\x89v\xfb\x85\xab\u007f\xdb,\x9b\xff\xe1\xf0\xc2[Wn\xe4i\aO\xf8\xad\xb2Į\xe5ü\x17\xf1o\x9e\xaa\xbb|\xd5Xf_}\xef\x81և\x13\xeb\x83\xf5\xe7\x9dbe\x9c,ן&c\xb9\xdc\xf7WԶb\x16մ\xd7\xe5\xf5\xcf#\x8fy\xcdT\x15\ty\xadv\xfcs\xbd\xe4U\x83\x82\xfe\xf5\x1bܴ\xfe\xaf}\xad\xf9\xf6\xfa\xfcU,틯\xfc\xec\\j\x12\u007f\xdbyb\x93\xd9\xcd4\x9b\x8d;v6\xfd\x9dce'p\xc2\xfa=[jZ\xd5lI\t\xdb\xff\x85\x816\x06z\xf1\xfblˋ7Ų\xe5\x1cV\x0e\x9b\xa5ݪ6If9\xd3\xe6'\xf6\xbc\xeb9*\x9bv\x98پ\x9as\xd9t\xf3\x9e\xccS_\xcf\xcc}\xf17\xa5W\xbc\xc18/\xce+v\xe6I\xb9\xf6-s\xa5\x0e\\\xcd\x136U\x8e\xbb?;\xde\xf6\xfd\xb5\xefe\x87^\xd9\xed\xae\xe0\x95qJ\xcff\xb9\xf1\xe3ڭ\xfc\xeeO.\v\x18W312/n\xd3+?\x8b\x81\xab]\xf3e\xa8R\x04\x83\xf2\xab\xc7BΚ\xd1\xee\x1cw{\x1c\xb3R\xd9V\x10\x87C\x98ݱ(\xb3*?/\xd1P\xd8@\x10$\xc2.\xcc\x15\x9c\x9c_RR\x9c\x92\x98\x93j\xa8j\xa0\f\x12\xe4\x12\x96\t.I,J\xcbL\xcdIQ\bIM\xce\xc8\xcb\xcf\xc9O\xcfL-\xd6Q\xf0\xccK\xd63420\x00)c\x16\xd6D(\v\xca\xcf/QpN-*\xc9L\xcbLN,IUp,-\xc9\xc8/\xca,\xa9T\xd0Up72\x90\x13\xe75\xb04\xb0404\x00\x83(q^csC#cC#cSKS˨A\xe8\xe2&F%\xe4`ede`nb\xe4g0hb\xe4bjbdd\xd8\xfb\xf6 \xf3\x9fo\xfd\u007f\x986\xe6G\xcf\xf7\xb89\xb7\xf2Ѣ\xed̉a\x12\x87ݷ]?ek\xaa\xd7\xe9\xfc}a\xe6\xec{]R\u007f\x85\x15\xe6l\xf1,7\xd2\f\xfb\xbb\xf3M\xcf]\xa5_Ew\xd4\x13\xa7\xbf\xfb\x16\xd5\xf2&Org\xa7Ν\x96\xe8\xab%\xbf\xb3\xe3\x8fv.\x15\b\xeat\v\xfd\xb2\xa3T\xe6Y\xfd\x93\x90u\xde?B\x8b\u0099$\u007f\x88\x17F\xbe\x96\xd3`/9:\xd7c_Ζ/K6|N1\xaf\x9ct\xe0\x8d[\\\xfd\xc3\xdc`\x9f\xa4\xf5g幓w[\xcd\xfd\xfd\xa7\x92aFb\xc9y\xb5&\x87\xe4ϛ\x8a\xb2$yg\x9e\xba\xc2Wz\xc6\xfcww\xe7\xc1ȏI\xf5\xf1\x9b\xe3S\r~,\xdf\xee[\x16%W\x16gr\xe0Ŵ\xb0\x99]\x9b?\xd4/9\xbb\xf7\x8e\x91a\xcd\xc4\xf3\x0f\xe2\x05\u007fd\xaf\xf2\x8c\xb98s\xca\xc5E\x8f\x93\xa39˶\x86%=\xf4.\x91\x9dvE\xed\n\aK\xe4\x85\x19||\xcf\xee\xfd9\xfcF~\xc2G&fF\x06\xc6\xc5N\x06\x0e\x06\xfcl̡\xb2\u008c\x8c\xffYX\r\x98\x19\x19\xff\x83\xa3N\x96\x1f$\xc0\xc2\xcc\xc4\xc8f \v\xe2\U000f1231\x88\xd4\xf0\x18\xc9/\xbfiP\u007f\xa46cqҊ\x85\xe7V\xb3G\xab\xa3%^fP\xe0\nF\xfeR\xf5gΟ2\xd3z\x96|S\xab\xe5\x952\xd6)q\x0f5&\xe7&\xc5r\x1eZ\xb0\xe2ʆR\x8b\x8f&Ys\x9f\xcc\xefjS\v|\xa6s\xf1\x98n\xdeT\x05\xafI\x8covt\xa5W\x1b>J\xd7\xeb\x99ʬ\xa6\xe7<\xd7\xcb\xf0\x1b\xdfV\x9e\xdd\xdb\x1f\x99\xd7+\xedbX\xccW\x1d\xf4;{\xb7\xf5\x91˕\x81~g'|Ig\x97K\x85\xad\xd3\xdeV\"\xf2\xfa\xfco\xb5\xc7R\xbbd\xa7\xe9eYGL\xe9t\x0f\xfb\xaf\xba`rAp\xf3\xad\x96\x12\x91\xc3\xe9\xf3X2\xac\xee\xf79D\xc9z\xf9\x9dw\x9eh\xfd<\xec\x1aC\xc1\xe9\xa0wյ묞\xef1\xfc\xe9\xfa\xedP\xc2y\xe1H&\xed\x863&\xee\xf7wޛ\x90\x9a\xcbt^g\xe2\xb2e\xcf\xef\xb5Jx֤\xf9-\xb6\xca]\xb9\xf5\x9d\x89\xde.^\xe6\x1d\xc6\xf7\xdd_o\xcc\xeeU\xbd9\xfb\\\xe3EW7\xa3i\x05\xed\xf7\x98\xf8<\x9d[\xb7\xe5\x14\xefNy\x95\xe8\xb8\xe6䕐\xfb\xed\xfaǕ6\xa9\x9d\x99\x1f\x19\x921\xff\xcf>-\xfd#\xa12\xa5\x0e\t\xe2\xadL\xa1\x96\xdd\xf5\xacĽ\f\x8c\x8b\x9d\f\x1c\f\xf8٘Ce\x85\x19\x19\xff\xb3\xb0\x1a032\xfe\aǡ,?H\x80\x85\x99\x89\x91\xcd@\x16\xc4\xe7c\x11c\x11\x99\x13\xcfp\u007f\x15\xe3u\x03m\x8b\x8eE;r\xbd\xe6|\x12\x9c،\x96\x9c\x99A\x81\xebm\xb6\xac\xa5<\xf3\xae\xb5\xe4\xfcte\x8e|\xbeē\u007f[\xee\xc4\xdf0k<{C\xdaQw~\xc2\xdd\xe3R\x197/\xe6\xb5=\xecP>/|\xcf\xf9\xfc#\x93\xcd,s\xe55\xaf\xee\xff\x11w\xe2\xea\xc1\xbd\xef&\xe5\x1b\x95|\x9aؤ\xbf\xb7ɩj\xad\xd6v\x85Z\xdf=U\xa1B\x87D_\xed\xfd\x9e5U/\xa7d\xfey\x99-\x9f\x8e2.n\xbdPd\xb7\xb6x5\xf7\xecR\x9e\\\xd7\xed}S\xd6L3ߺ\xe0B\xbf\xa8;\xdf\xe3\x17\xcdw\xfb\xff\xbewd,?\xa3\xbe2\xa9\xd5\xf8\x939\xc7\xfb\xc2\xf3\xe5l\xf7NH\xcav8\x9c\xafu\x93\xfd/w\xfc\xe1\xb9\xffʷ\x8f\xfd\xea\r\xf5[\xc9\xf4\xdc]\xd0\xcd\xee\xcb߽՚j\xbbW&&\x99kl\xd3\xd5\xfa&Жr\xb2`\xf9\xa5\xb5\xdb5\v*_\xd9\xdcJV\x9d\xff7c\xbb\xc1\x9b\x82ߥ]\xdbs\x13\xd27ɝ\xd8\xf9\xf2Ɗ|\xa6\xeet^_\xb5\xf0\xc2[\n\u007f\x0ez\x05\xf4n\xd4\xd8\x05\b\x00\x00\xff\xff\xf2\x1c\xda+\xf3\x03\x00\x00")) - p.addCertFuncNotDup("0S1\v0\t\x06\x03U\x04\x06\x13\x02IL1\x160\x14\x06\x03U\x04\n\x13\rStartCom Ltd.1,0*\x06\x03U\x04\x03\x13#StartCom Certification Authority G2", "KŴ@k\xad\x1c\xb3\xa5\x1cenF6\x89\x87\x05\f\x0e\xb6", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbM6hb\xf6^\xc0\xcc\xc4\xc8\xc4\xc4hm\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x9b\x95\xc1 ؐۀ\x93\x8d9\x94\x85M\x98\xc9\xd3\xc7P\xcc@\x04\xc4\xe1\x12\xe6\r.I,*q\xce\xcfU\xf0)I\xd13\xd41\xd0\x02\x893\v+\xc3ŝS\x8bJ2\xd32\x93\x13K2\xf3\xf3\x14\x1cKK2\xf2\x8b2K*\x15܍\f\xe4\xc4y\r\r\f\f\xc1\xd0\xc0\xc00J\x9c\xd7\xd8\xd2\xd0\xc8\xd8\xd0\xc8\xd8\xd4\xd2\xc00\x8a6\x9661)!{\x8e\x91\x95\x81\xb9\x89\x89\x9f\xc1\xa0\x89\x89\x8b\xa9\x89\x89\x91a[\xa7Y4\xfbv\x05\xb3\xbdM\xbb\x1f\x8a)0O\xadZϷ8\xf4\xa4\xeaL\xaf\xa3\x17\xc2\x1c\xdb'\xf8*&,\x11i\xb7>\xfbw\x93ݖt欷\x0f\xf9\xbd\x0fLl-p}\xe04\uf7a6\xf2\x15F\xde\x05\x02\x95;n3\xef\xfd\xbcR\xff\xe2\xb1\a\xfc\xa7\xe7u\x89p\xed\xd8\xfb-,\xe9\xe3ѢmF\xaa77}ޛz\x94W'\xef\xea\xa4|\x89n\x06G\x91\xa6|\a\x05\xb5*\r\xfe\xafr\xf5\xeaߧl4\xb7\xdd~|\xe2\xf7G\x8co\xfeN\xe9|x&\xef\xb2\xd95.\xc9\xcau\xd7M\x9aR\xff\xd78\xed\xdev\x97{\x99\xc9z\xef\x84\u007f\xf5Ξl\xdd=\xce;\xc2>ݬWt\x16\u007f\xb5\xdcc*ci\xe9+\xed\xa5\xceS_\x89\xb6\xcc\xe5\xe8U\xcb\v\x9d\xbd\xfa\xce%\xcbK\x86\xb2\t\x8f֜\tsU\xf9*\x13\xb2\xfa]\xdb\xddiF\xad?|\xfc_L-\xdb\xc6z\xd7L9}\xcf\u007f\xd1G\xa7\xac\x9f-{c\xfdFM\xd0ģ\xf7[\x83\xb6\x942\xd3\xeb.\x19\xab2\xad\xea01\x99\"\xadͫ\x1e',e\x98\xcf2\xfbQ\xbe\x9cHD\xf4Ҝ\xee\b\x9bû\xfc\xacb\xbe?\x9c\xa6m\xf7\x9e}ϒ\xa7\xb1g|\xe7\xf3>\xbc\xb3j\xf7\xc3<\xa97\xfd\x0f\xb7\xf9\xf8V\x16Ŋ\x9br\xcb^?\xe8~k\x9aʃ\vE+\xa2\xe2\xd3t\x05\xee\xe8k\t\xafS\xfb\xc7%#y\xe6\x82\x1d\xf7\x9c\x13\x9cz?\xa3\xa7U\xb9\xcfyY\xf5\x995\xa0dj\xf1<\x03\xce\xcfӛ\xe2\x9e\xf5[r\xc8E>5\x15q\x12\xfe\xcf0\xe7\xfb\xbeU\x01\xe7\x1f\x05z\\ߑ\xbf\xfe\x87_\x9d\xf1\x8cI\"IV\xa5\xc9\xe7\xab\u007f\xddk\xb2^\xb9\xdb\xf2ё\xbd:\f|'\xc4\xd7\b\xbf\xf7U\xed\xbb\xb1y\x82\xfe\xca[\x9a\xb5\xb2\xebK\xac6\xa9\x1f8(gW\xbaXl\xe5\xfa*\xa5\xd8\xf9\xc2R\xe7\x97/x\xfd\xb8\x8d\xeb\xf2\xdfgӦ^W>a~\xf7H\xcd*\xb353\xa4\x846>\xf0{\xb1\xd1\xfa\xeb\xb5\xfc\x8f\x06י\x98\x19\x19\x18\x17;\x198\x18\xf0\xb31\x87\xca\n32\xfega5`fd\xfco\xc0\a\x12\xe0\a\t\xb0031\xb2\x19Ȃ\xf8|,b,\"\xdeG\xb78d\xaf\x95ټT&5\xcfͬ\xb3\x9d\x95\x87o\x1bZ\x16b\x06%\xae\xe2p{\x9d\xabS\x8d\xea\xccoO\x9b\xf4Z2\xae.\xf8\xb9\xe3\x1b\xc1m\xee\xef\xb7\xde{[\x12s\xf4c\x9f\xe7\x83?y3\x85\xcf\xce\xef\xbau֊\xeb\x86U\x14\xa7}\xbc\xc9\x05}\xe6Ki\xb2R{\xe7L0?\xc1\xd3\xc7\x1e5\xc5\xd5M\xebپ\xaa[\vW.\xc9\x14\x9a\xb4\xa1\xd6\xec\x8aK\xfb\xf5\xc0\x8f\x9a\xc9\xd7Jϊ=Q\xef\x94\xfdq\xc8\xc8\xe3\xef\xed\x99\x17\xfa\xe3CJάI7\x11L\xba\xc9\xc3e\xde~q\xb1\xb8G\xdf%q\xd9o\xd7\xff\xdeN}\xfdwŕ\xaf\xd7\xfc\x97D\x97\xbe8z)a\xd3m\xce:\xd5\xee\xea]A\x93\xe6ٽ8Z\xbe\xd0\xe6\x81Wqv\xe2\xf9\xb6;\xce\xff\xff+\xfeS\x8eU\xf1\xfaz9\x97?\x89\x855\xbc\xe9V\xde\x12c\xd5Jo\xbd\x10\xc9\xee3:\xb6\x06//\xb2\xfd\u007fa\xe4\xb6o\xabqY\xf9\n\xc6\xd8i\a\x0f^ݷN\xf5\xc0I9.N\x85\x8e\x85|'?\xe7\xfb6\x850(,\xbf\xd4\xff\xc42D\\\xafWn\x87\xf4n齳\xfc\xac\x05L\xee\xcc\xe9\b~\xbf\xc80:\xc2\u007fb҉C\xb3f\x9d\x15\x8d\xb5Xym\xdf\x0f\xe1\xad\xf3\x852?\x05$\xad\xf9-n\xfe\xe5ݎ\xd2\xf4\x04\x81\xdf\xcd\x01?]\xb6\x96\xceq\x10\xdf\xf4\xefoel^DD\xbc\xc1\x1f\x86u\xeb\x8d\x0f\xf2\xf9\xe5\xecZ\xbela\xbd\xd1m\x8b\a\x1b\x8bĹ\xb4'\xbe\xc9JV{\xdby\xa5\xe2L\x89\x1c\xeb\x8f\xec\u007f=Ye\x96\x9a\xebR\x95\x85\xa6r(\xc9L?\x17\xcd\xf6\x8e\xe7\xd1\xee=\xf2.\x93\xbfݰpeU|\xfbd\xedj\xa1m\xccK\x9c\xf4t\x8fpZ1\xa7g\xb6\xccz\x189\xa1K\xa3\xf5jl\xc9Ƌ|\n\x11\xb3\x85\x97nH^\xf6\xb6\xda\xfd\xafk\xa8\xc1\x92w\xb3\xae<{\xd4\xfe~\xc6I\xa3&AM\xa5=\f\\\x86q\xba\xfc\a\xfa^fo\xea\xd7c\xbbqq\xe2\xf1cB_|\xfe\x1a\x88\x1f>x\xcb\"\xfa\xf1\xcaW\xcf\x16\xee\xaa|_|c[p\xb8\xee\xb7\v\x0f\xaf{\x00\x02\x00\x00\xff\xff\xa8\x90\xfbog\x05\x00\x00")) - p.addCertFuncNotDup("0}1\v0\t\x06\x03U\x04\x06\x13\x02IL1\x160\x14\x06\x03U\x04\n\x13\rStartCom Ltd.1+0)\x06\x03U\x04\v\x13\"Secure Digital Certificate Signing1)0'\x06\x03U\x04\x03\x13 StartCom Certification Authority", "N\v\xef\x1a\xa4@[\xa5\x17i\x870\xca4hC\xd0A\xae\xf2", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff\xc4TkTSW\x1a\xe5\xdc<0\x81\b&\xac`#\x8f;Q\x1e!\x98\x1c$\ro;6\x94\x01\x03\x8e\x82\x8a-\x8feHn\xe0j\x1227\x17\xe4QP\xa2\x04\x11\x8b\xb8\xac\"ԖX\x94\x11\xb02>\x02\xf51\"\xa22Pu\xb1pJu\x9c\xc8P\x942\xa8\x95F\x10\x06\x1c\x98\x15fU\x9d\x1f\xce̿\xfe\xdc\xdf\xdd\xfb~\xdf\xf9\xce\xd9\x1b\x1a\x1d\xbb\xa1\x91v\xdaLA\x00\x82\x00\x00YtF\x80)\xd64\xc9\x02\x80Fs\x80EAN\x90A\xa7l\xa0\xd29H\\|\x10\x17\xba\xd9\x01\x93\xc3J\"\x15\x04)\xcb֢\xf1\xa4J\x14$\x84\x02{݉\xc3O\u00949\x04\x86F\xe3\x998\xa9Р2\x8c q5\xaeT\x90\x18\x9a\x84g\xeap]f\x90\x00\xfa\xd9\xc9\x14\x0e\xfa\xea'\xafix\xb6\x0e]\x95Cfe\x138\x99\x0f\xbd\xdcYP\nÂB\x82\xc2$\xd2`\xe9G\xee\xac\xe07\xe1/=\x9e\x11Ό0@s\xa0\x18\x11\x17\ahD\x98\x88\x11\x01\x0e\x1d\xbb\xef3.ib>Ϋ;Xh\t\xae\xb2\x11\x19\xfd\x1dR\x94\xbf,\xfd\xf6߷\xd9d\xcc/\xe9\xaac7+\xa5S\xa1\xc3K\xc7t\xdaӑV\xa2\xbe\xd4\xe3蝨s\xc1\xc2;\xe2\x96\xd9\xd1?\xac\xfa0\xb3\xf5\x1a\xbd\x88\xf9\x05Yڟ\x1f\xbf#\xa4` \x8c\x96\xf8\xe1\xe4\xf8\x92\x18ٱ\xbe\xd2Ҿ\xce\xdf=\xcfɐ\\\bܳ\xddkߏO%\xbd\x8b\xba\x0e\xddJ\x8c\xba\x10\xdcoMx\xe0\x14\xb1Z^w\xd5We\x12\xb74\xa3q\xe1;\xe17-ꆫ[ILJ\xc2\xc1ܕ\xe7\xb4w_D\x0f\x1a2\xbc#\xae]6'm\xf4ѬcL65\xf7\xb4\xe7\xfeS\xfb\xd9\xf3\xcf\xef\xb7G\xa9/9olj9\x1c{0\\>\xf0\xfbMk\xef\x85\xe64\xa6\x8cʜ\x91\xb9\x9a\xc7#\x9a\x04}\x8a\x00;bmJ\xbb\xd9\x02\x82\x9e8?\xee\xfbdd\xf4H\xe1\xb0n\xd2O\xed̋\xfdN\xf7\xfe\xd0{\x0f~\xb5\xb2p\x90\xa5\x9fQ6\x9d\xd0\xf0֟K\xf5)\xe8\xfe\xb2\xbb\x82\xdbp1\xb0\xd8=\x9d\x96\xb0I\xc7\xf6\x04?\xb2]Y7Vl_<\xf7r|\xfa\x96n\xff\x884\xee2/\x16\xaf\xb8z(\x81\xc7>\x83\xbbw0\xab\xfa\xa7\xf3\xf9\xb1\xed\x17\n\xf1)}\xd7tA\xc8ݻ\xac\xbe\xdc\xdf&\xcfU\xb5\r\xed\xef\xb3>\xbb\xba\xb9-3\xdc:\xdbtd\xec\xcf\x15\xdb\t\xfe\xed\x1buխS-{̮'\xee\xcd,\xbe\xd1jIM\x8c,o}'\xc0\x00\x98.\x94\xb3\xecͶ\x02q\xc9\xfdzݜ/\xac\x9e\xa8\xb0\x96'\xb7~\x15u\xb6Ex\xbd-\x17\x19;\xde/\xac5\xb9\x05\x10/\x86\x82\xf7\xa61䜁\x8b{IN\xa2\x1c\xa1\x00\aPoD\x12\xa1\x11Y\x03\x9d\xe9\x94\r\x9e\x1c*\rR\x00\x98\x83Nv\xe4B\xa5R\x10p\nz\xda\xc1B*\x97\xea\xb6\xc6\xe9\x19\xefدS\x8e\xbb\xe3e\xb0G\x92%\xeb]u\xca\x06U\xf6\xcf\xde\xd44\x98\x02\x03\xcd\x01f\u007f\x93o\x16I\xea\xc3\xc5b%F\x90\"\x83\xfd\x99*\xb3\xb5\xa2l\"SlP\x1b\x94\x8a\xe5JB#R\x12\x1a(4\v\xcc~&\x9f\x9fل濑\x8d \xcd\xde\a\xa5\x1a\xc1zh\x04k\xa1\x11\xc4ӝ\x84t@\x05%\x96\x10\x00\x004\x82\b(\xa6/\x10\xd2\x01\x8d\xe6\x88\x00\xeeҷ\x8e\xa1\xcf\xd6\xe0\xca|\x91^\xa5\x86\xef\xbe!\x10\xbcU\x80\xebH\x8c\xd0b*\\Ab\xf3\xb2\x92\xdeW:\x04\x96tB?\xee\xbf\xfd\x88ʲ\xb5Z\x8cP\xe2\n\r\xea\xff\xb3C\x05\xf3>\x87\x14\x04\x00^Iu<\xae\xc5IL\x85\xc6\xe3\x8a\f\\\x83\x93\xf9\x81(\x81)T(\x99\x85\xa1\x06L9o\xe2\x80x,S\xa1A\xe7\xa9\xf3\xb66\x04\xa0\xd9\xeay\xca\xff\xb2=\xbav\xfep\xa8\"W\x81k\x14\x19\x1a\fU\x90\xe8\xff\xb3\x89Et\xc6fS,0M\xbd\x0f\x80\xfd\xe2\x1d\x1ca\xe8\xeb\x12\x8b*\xe4\n^\xf5\x8e!0\fMJ\x8a\u007fk\xf6\xfcgPS\xecq\xc3\xd5Ԍ\xab\x9d%\x13\xbd\xa5\xe9E\xcc'\u007fq]\x13\xea\x91>\xd0\xe0C\x93\xef_\xd11\x12\xf1S\x945\x9a\x91\xe2\x18\xb7G\xf0\x8d\x1ai;];\xe9s\x98\x11Y\xb9d\xd0*-\x13\xca/f\xdd\tSG\x99}\xbbla\xfb=\xd75\x1b\v\x8b\xbf\xbd\xfd\xd1\xc3\xef)\xc9z\xbcz\xc1?\xd2750\a\xf6\xd2k?\xe0rC\x99\xe9\xc9/2\xba\n\x10\xda\xf0%/\x8b\xed\x8b\xf1F\xc1Ω3nC:\xff\xb2\xe8\xce*ރ\xd0\xc6ȓ\xb2\x04\xd5\a\xb7\xad\xfe\x8d\xa96C!u\xca}\xa4\xf9\xf4sQ\xaaJg\b\ng\u007f}\xe9좇E\xfbJ\xd6\xd5F|R>\x9ep@]\x18Iyz\xa7ֳ\xf69\xb6v\xc2ܛS'n\x19\x1b5\xca\x0eO\xe1G\xca\xf3\xaf\xc9*c\x88!\x95\x94\xdd2\xe9\xe3\x15Z^\xb5\xad\xb8s\xeb\x96\xf3\x9d\xdfD\xcbO\xe6UU\xfc\xd0\x15\xe8%_\x14\xfd'I\xa2\xdf-fZ]iG\xf9\xb7\xbc<\xdbAפ\x15\xd6\x1d\xbb\xd49\xf7,Y\xfe3\n\xd1\xe5]'B\xaf\u0530Mǽ2U_\xd1E\xe2F}i\xd7!\x97\x8f˱\x89J\xd9\xfa\x85\xcd\xd6\xe3;\xc2>\xdd|E\xd2}H\x1fXϞ\xf0\x8e-\xfc\xa3G\xf1ֶϫ\xc6\xf9\x11\xa7\xa6^\x06\xf4L\x1b\x13\xcd\xcfZ\xe4\x1b\x0e<\uec0c\xf1+NJ\xd6\xf8\xf2\xa9G\xcb\x02sV\xb7=*\xe2|\xf7\xb5\xb3ꊴ\xaf[lb\xef]\xca\xe8Xb\x8c0\xc4\xd5oI.\xfb\xf4Q\u007f\xde\xf5\x1a\x99r(\xe1oۖ\x0fb5\x04N\xe5\xfd\x861\xec\x026.\x9b\xf1n_\x98߸It\xfe\x1a\x03\x14\x1f\xbc\xa0u\xa0\xaf<3\xba\xda5\xecn\xafp\xa2\xfdIN{5r\x9d\xb1d\xc1_7\x84|_2\x13\xb2K\x96\x81\xf6\xfc\xb0Q\x8e\x8d\xcej:\x96\x1dXvT\xf2\x986W\xcb?\xf5Y\xd1{?a\xeb\x98\rp\xcb\xd9\xf1\xdd\x1e;X/\x89=#;\xd3\xff\x15\x00\x00\xff\xff\xa1\r\xb4\xd3\xcd\a\x00\x00")) - p.addCertFuncNotDup("0}1\v0\t\x06\x03U\x04\x06\x13\x02IL1\x160\x14\x06\x03U\x04\n\x13\rStartCom Ltd.1+0)\x06\x03U\x04\v\x13\"Secure Digital Certificate Signing1)0'\x06\x03U\x04\x03\x13 StartCom Certification Authority", "N\v\xef\x1a\xa4@[\xa5\x17i\x870\xca4hC\xd0A\xae\xf2", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbo7hb\xcd_\xc0\xcc\xc4\xc8\xc4Ĩk\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x9b\x95\xc1\xa0\u0590ۀ\x93\x8d9\x94\x85M\x98\xc9\xd3\xc7P\xcc@\x04\xc4\xe1\x12\xe6\r.I,*q\xce\xcfU\xf0)I\xd13\xd46\xd0\x04\x89s\v+\x05\xa7&\x97\x16\xa5*\xb8d\xa6g\x96$\xe6(8\xa7\x16\x95d\xa6e&'\x96\xa4*\x04g\xa6\xe7e\xe6\xa5\x1bj\x1a\xa8\x83\x143\v+\xc0\rA(\xcb\xcc\xcfSp,-\xc9\xc8/\xca,\xa94\x90\x13\xe7503\xb0447\xb44136\x8f\x12\xe75Fp͢\x06\xdayMLJ\xc8\x01\xc6\xc8\xca\xc0\xdc\xc4\xc4\xcf`\xd0\xc4\xc4\xc5\xd4\xc4\xc4\xc8p\xb0\xe36\xe7\x9e\x1c\xb7\x9a\x8a\xf9S\xab\xb7\x1aO\xf8T\x94t\xed\xa0\x99\x82\x92Jܹ\x97埜\xb9\x16\xb1\xa5,9\xd3g\xf6\xc3\xe2\x99\xf2\x87\xbc܍6w\x8b\x16\xb7\xca,\xbcl\xbb\xc5X\xfb\xb2\xfe\xfa\u007f\xaf68F\xa6o;\xc2V\xcb5\xaf\xa4\xf5Z\xa5O\x83y\xd5}K֠\xc8\xef_\xa4ݜ\x97\\jm\xbdt\xb8\xf0si\x92\xc9.\x9d\xaez\xb9\xfewoM.\b\x1e\x9fv6\xc8v\x97\U00075efe\xf7\xb8\xad\xbd\xbc\xe7\x1fR\xd3\xff\xb5UL\xa6ȴ\xfc\x94M\xec\xb3S\x0fպ\xa5\xcc\xcab\x18o\x97\x88\xa8\xfe{\xbbuA\a\xff݊S\xba\xf2\xec\xd3\r\x18u\x8b*\u007f\xb9]\x13\xd6Z\xb1s\xd9\xeafO٧\x9f\xde\xdf}\xc2\xd8'\xc1՟\x1c,֚\xb4\x92O\xd2\xea\xccִe\x87\xb2K؟h?,\xb3ے{\xe3\x9b\xcb\xc3\xe2$y\xeb#\xfb\x16\x04\x87\xa9\xe6\x04r~_\xb5\xfa\xd4\xfe\xb2\xbf\xb9\xb3?Ͻ\xbd\xdf6m\x0fOت\xf53<\xa6Zy\xdf_\x1e\x11pӢte\xf4+g\x1e\xa6\xff3_\xbf\xc8\xf1-\x88\xd6L\x9dswU\xec\x99\xf5\x8c\x86ox^_\xea}\xf1jN\xf5\xb3\xbc\xef\xeai)\x8f\xcc\xeeC\xd3|\xa5\x846e\x8a\x1f\xe4\x9ap\xedW\xa5\x92\xc7\xfe]ՙ?\n\x8e\xff\xaa2\xbfq\x83\xf7R\x99\u007f\xf8\xff\t\xdb\x1fO\xbct\xf7\xfd\xa1\x84\xed\xe9Vw\xff\xad\x9a\xf3\xe1Jw}\x91ҹc\xf3\xa7o\xfb\xb1\xbek\x81\xc0\x8a\x9b\xbf%\x8em\xdb\x1a\x13dӹMR\xab\x98\x91\x8b\x9fy\xb3P§*\xfd\xc6ۋ\xf3\xfe\xab\x19L\xff\xda}\xb73|\xdbZ\xdb\xcd뵏n/c\xfa\xb0\xf4\x9a\xf6\xac6\x11\xad\xa2o\x8f\x8d{b9\xbd\x85\xef\xef\xee)\x11\x0e\xf2fbfd`\\\xdc\xc4$`\xd0\xc4\xc4c\xc0\xcf\xc6\x1c*+\xcc\xc8\xf8\x9f\x85Հ\x99\x91\xf1\xbf\x01\x1fH\x80\x1f$\xc0\xc2\xcc\xc4\xc8f \v\xe2\U000f1231\x88\xf8q\xbf\x97Z\xe2\x10\xbdT<\xb3\xdd\xe0\x94I\x86\xf3\x05\xc7u\x9f\f\xe4A\xd2\xca,\x12\x06b\r\xd8\x1541F\x81\x94(\xb041\x06\x1a41\xfa\x1a41z\xb2qk\xb31\xb206n5gdd4hb\xb40\xd0c\xe3\xd0fcdeegb\x14S\xca())\xb0\xd2\xd7///\xd7+\x06\xa5\xf6\xe2\xe2\x1c\xbd\xe4\xfc\\\xfd\x82\xfc\x9c\xcc\xe4J\xbd\x82\x944\x03\x13$\xf5\x1a\xb8\xd4g敤\x16妦d&\x96\xa4\x82u5\x9e\x87kc2h\x87gv7:V\xb3\xab7\xaf,]f^|\xfc\xaf\xf7%ߵ\xe2\x0e'\xdc\xf6Y\xd7\a\xfe9\xbc\x8d\xd5\xf0\xce\xd9V%\xbf\xc2\xed\x9f\n\xe36H\x1d\xdb5\xb9\xbbb\x92W\xeb\x8f\n\xfe\xe6\u007f\xfaku\xbe?Y\xb2[\xf7\xc2s^\xab\x1dv\xe7\xbeU|[\xe7\xaerj\xb1\xa9ٹ\xe3\xc7\xdag\xdcz\xf3\xfb\xe5\xa6s\xea\xb3;\x0e\xb3,\xfc\xc6\x1d\x99\xb1\xfe\xe4m\x01~\xdfo)\xc91K\x85\xf2'm\x9a<\xe5x\x878\xdf\xe4muI\xdd\x13\xeaW\xfb\xcd\xff\xf3\xb8T\xc4_\xcb\xe8~4\uf0efՓyW/<\xdf\xfep)\x8b\xeb\v\x1b\xa1\xa5\x9cG7\\\xdc\x1e\xfc9AdWkf\x96b\x8d|i\xa2\xb8\x82xu\x8e\xb5\xa3f\xcc\xc35Q\x17\xcf\xf6\xcc~\x9d +\xf9\xe6\xfb\xd3\r\xb7~VJ,u\xb5\xf7t\x0e\xbftW\xe5\xaa\xce\xe2\xbf\x13{շ>}-\xc26˧Zq\xb7\xd5Z\x036\x89\x037\x0ef\xeb\xd4G\xc6\xc4N\xdcX\xa0\x14\xfe\xba+\xdb\xc3\xeb*\xbf\xe6\x9bc\x0e\a\xf4;|2\x18\xc5˿\xa8H\xfa\xef\xfd\xf5p\x93\x82\xa2\xf7]\xa9\x1b\x9a\xb5\xabv\xdc\vy\xa3\x18ڐ#\xf7\xd5\xe0\xc4b\x81\xa7\x9b\x9ei\x89\x18\x1en\xd5홱\xb1-ʿ3Rw\xe7\xf1\xef2'\xba\xea\x0f\xcce\xf5z\xe6䟴8Ws\x89|\xeb\xea\xdbO\x1bO\xacղ\xf5\x89\x8dnQ+<\xd2\x1aW\xa8rj\xa9t\u038d\xc4\xcbR\x0fBn\x9f۵\xd2h\xabҷbG\xce\xd8\x1d\xe2\xb1|\xfc3'\\s\xbf\x95\xcfe\x95\xa4!\x92\xdet\xf3ㅆ\xc8٧\ro\xcc\xe6\xef)\xf7ۚ\xd1\xf5)\xe7\x9b\n\x9fnN\xc1\xd1\xe2\x8b\xf7D.\x14\xf6o\xbb\\\xcd\xf4\xed\xf1\x8e+\x9cy\xd9\xf3J[,\x9fի.\xfd\xe4\xc1p`\t\xe3-{@\x00\x00\x00\xff\xff\x8eѳӋ\a\x00\x00")) - p.addCertFuncNotDup("0d1\v0\t\x06\x03U\x04\x06\x13\x02ch1\x110\x0f\x06\x03U\x04\n\x13\bSwisscom1%0#\x06\x03U\x04\v\x13\x1cDigital Certificate Services1\x1b0\x19\x06\x03U\x04\x03\x13\x12Swisscom Root CA 1", "\x03%/\xdeo\x82\x01:\\,\xdc+\xa1i\xb5gԌ\xd3\xfd", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xbdi\xd0\xc4|p\x013\x13#\x13\x93@\fwk\f\xf7\xf3H\xc7\xfb\xe1g\xec\xeb\xe7\xae03\xe0e\xe3\xd4j\xf3h\xfb\xce\xcb\xc8\xc8\xca\xca`\x90b\xc8m\xc0\xc9\xc6\x1c\xca\xc2&̔\x9ca(h\xc0\x0f\xe2p\ts\x04\x97g\x16\x17'\xe7\xe7\x1a\xaa\x1a(\x83\x84\xb8\x85e\\2\xd33K\x12s\x14\x9cS\x8bJ2\xd32\x93\x13KR\x15\x82S\x8b\xca2\x93S\x8b\r\xa5\r$Aʘ\x85\x85`:\x15\x82\xf2\xf3K\x14\x9c\x1d\x15\f\r\xe4\xc4y\rL\r,\f-\f\x8d\f̌\f\xa2\xc4y\x8d\xc0\\#\b\x97N\xaehbRB\xf6>#+\x03s\x13\x13?\x83A\x13\x13\x17S\x13\x13#Å\x9d\x1bV\xf0\xdc\xdcm\xaf\xf8C\xfa\xaa\xf1\xe4\x06\xb1T\x85\xd2M\xb6\xb3\x13r\xddN\xf4\x18\xe6\x8b\x1f\xfe5+'\xec\xad\xcdщ\xe1\x87Ϯ\x9e\xe69AK\xd2[nqn\xf8ݏ\xdaI\x1a\xa5\xaeq\xab\xaeE\xff\xe2V\xbd\xb1P\xec\xa7\xcc\x11\xbdgS\xb5\xd2\xcf\\\xd0̳i5\xb1H\xf4\xdc\xc80\xff\x9aUa\xbco\xee\xb9\xf8\x9d+\x9ft\xd6g\x05\xfd:5\xfbӝ\x95?\xe7\xcet\xb7\xf7ӌ߲\xac7\xb6\x9a{\xa6 3\xf3\xbf\xe7\xb7o/\xfe/\xbb\xf4\xec\x049Fy\xd3\r\xf5\f\xb7'\xe4\x1f\xab\xab\xbe\xf8\xae\xaaj\xf9*\x9e\xf0\xfc%\xb9G\x85\xad7,\xbd\xf9\xd6HfK\\zwȝ\xe2\xf6\xa7\x97\xc5k\xd2\x02\x8ab\xafHE\x1c\xbcy\xfeF'S\xfer\xcf-f\xb1\x17\x96\xdcc\xd7\xd9V\xba]c\xe2\xb5\xe9\xfb4\xbeΐ{\x15\xadvr\xef\x86\xe9ŷ\xd6MT{\x9dq\xf0\xa7\xa5\xe8\xb5to\xae\\\xff\xd3\xe776\xe6PY~F\xc6\xff,,\xccL\x8cm\x06\xb2 \xbe\"\x8b\x98\x81\x88\x81\x10\x1b{Bk\tc0\x03#\x9ca \x04\x92\x16\x06)\xe70`cd\xfc\xcf\xc4\xc8n \x0f\x12Sf\x910\x10k\x10aVտ\x97\xdf\xc4h\x15\xa3sG{a\xe6\xd6\xf4+=\x97\xffB\xcc\xe4c\x11c\xc1.\x8d\x9aS\x99A)\xd4T\xe0\xf4\x9be,\xbc\xbc\xfcg\x0f\xdc^\xbd\xe2S\xc7t\x9e\xfb\x93\xf5}k\x1c\xc2\f\xab^/\xe1O8[\xf5y\xdfa\xf5>f\xbb%w\x85\xde\xd7ɕ\xb0\xd9\xd8\x1b~\x92\xa9\x9eh\xa8\xb8\xe5Å\x9c\xe9W^Nߤ\x12&\x17v\xd8to\a+\u007f\xb4\x80T\xca\xc3\xe3M\x06?\x8d\xd6\xce\v\xd0y^\xc1z\xc1pcԌ\xaeR\xbf\t1Y\"Z\x0f\x82ܛ\x12\x9e\xc9\xddj\xdc\xf8[\x84;\xea\xe3\xfcKSw\xd9]\x90\xbe&*\xbbx_\xdb\xd5\xdb\xfc\akづ\x96z15\x99\x8ft6\xbc2\xcfZ\xf20\xea\xe1׀\xa7\xcd\xef\x97\xee\xd6\xeax\xdes\xfbon\xdct\xc9\x15ui\xa5م\xaf\xf6o<\x9e\xbf\xe0Kߒ7&\x81\xd1=j\xcc\x05\v˯2\n\x853\x98\xdeV\xbe\xc7ץ1\xf3\xefF\x81|\xef\xff\x16\xba\t~:s^\xa7o]\xeb\xf9\xce[~\xcd\xfa\u07fc\x13\xa2\xd2\x12\nbW\x9d\xad\xb8\xa2\xf2\xee\x84\xe3\x82Ɍ\x93\xe6d\xcd\xfb\xb3S\xe5\xe8fѦ\xba}\xeb\xa6j\xbf\xdex\xe0\xd6c\xc6\x04\xee\xb8\xcc5-a\x89\xfb\n\xc5\xff\xc9\n\xf3\xff;\xd6\xee\xfa\xf2\x9f\xd1\x02)^\xe1%SB\v\x97\x8au\xef:չa\xd3\xf1?\xfd7B\xb6NN\x9a{\xee|\xe4o[\x89sZ\xa7ME\x9bb\xff\x87(E\x17\x06\xfd\xde~\xf2_\xc2l\x06ǔ\x0f\xab\xb4\xdelsr>י\xd6x\xa2{\xbee\b\xb3\xeae1Ӿ\x96\v\xf1\xbf\f\xa4\xbe\xce\xca\xf9\xc2\x17\xfc\xd3*\xfa\xa2\f \x00\x00\xff\xff\xde\xfb\x80\t\xdd\x05\x00\x00")) - p.addCertFuncNotDup("0d1\v0\t\x06\x03U\x04\x06\x13\x02ch1\x110\x0f\x06\x03U\x04\n\x13\bSwisscom1%0#\x06\x03U\x04\v\x13\x1cDigital Certificate Services1\x1b0\x19\x06\x03U\x04\x03\x13\x12Swisscom Root CA 2", "M& \"\x89K\xd3դ\n\xa1o\xde\xe2\x12\x81\xc5\xf1<.", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xbdi\xd0\xc4|p\x013\x13#\x13\x93\x80\xdc<\x8d\x17\x1e\x9f\x9e\xbe?\\\xe3%\x17%\x91\xbè\x97\x8dS\xabͣ\xed;/##7+\x83A\x8a!\xb7\x01'\x1bs(\v\x9b0Sr\x86\xa1\xa0\x01?\x88\xc3%\xcc\x11\\\x9eY\\\x9c\x9c\x9fk\xa8j\xa0\f\x12\xe2\x16\x96q\xc9L\xcf,I\xccQpN-*\xc9L\xcbLN,IU\bN-*\xcbLN-6\x946\x90\x04)c\x16\x16\x82\xe9T\b\xca\xcf/QpvT02\x90\x13\xe75440321\xb00\xb604\x89\x12\xe75\x06qM\r\xcc\xc1\\:\xb9\xa2\x89I\t\xd9\xfb\x8c\xac\f\xccML\xfc\f\x06ML\\LML\x8c\fS\x9d\xfcZ\xe6\x06>\xbb\xcc\xf9\xa2(J9\xf3vEA\x9f\xd8G\xed~^\xe6s\x93\xcf\xe81pT\xaf6\xee\xf9\xf2\xd2ᙸ\xcf\xeay;\xdcE\x8cʍ\xeej\xf0ܓ\xf0\x8e/\x9b\xff\xc3\xd2\xfa\x8f_獚\xa3\xe9\xefW_\xdai\x12\x9fm\xf59\xc5\xecܡ\r\xe7\x853N\x9d8\xfdz\xeb#[=\xc5\xfb\xaft\xae<\xf8Y0\xcd\xe7\u007fVČ\xed\xe2O\xa4\x83\x9eֱ3\xc8\xc6\xdfzf7\x95e{f\x87\xe5B\xc7\x04\xd5D節\x19I2\x1b\xb9Y;\x0f\x985\x89(گ\xbb\xbd\xf0\xef\x9e|\x99\x84\xb6m\xc1S\xf6~\xad\x13d\xb2\xa1믐ߴ\r\xaf\v\xea\xe7Y~OsڸzMЭ2\x87\xf0j\xad\xbd/\xf2\x987q7\xb4v\xcc\xe59~\xa8|ìY\xe1_v\xfc\x12\x8eɘl\x95\xbed\xfa\x05\xe9\x99\xdbی\xbc\x13n\x9c{\u007f\x81\xa7~\xea\xfc\xfcv\xff\xf6\xae\xbex\x8e\x9aU\xd1\u007f\xa2\xf6-\x9c8?\xb4\xd6o\x03w\xe6\x99\rSV,o\xfft\xd9+\xe0N|\xd1\x06\xb1R\xb9\xd3[$\x92fmXn\xb9j\xf6\xfc\xb4\x1b\xbd\xcbr\xa6\x89>~\xf6\xe9\xc7\xc7検ݡ/\x13'/\xb6\xfd\xba1\xbc\xdb_y\xc3\xec\xa7S\xb2\xf4\xef\xf7ܟ\x1a\xa8\x99\xb0\x90[\xf3ILh\xc4\xf6\x15\u007ff\xbeS\xf5\xf5\xe1\xdb|٧\xbf\xe5\x85&\xff_\x81\x10\xa6\xd6\x13?\x9f\x1e\xee>\xff\x9c\x9f\x89\x99\x91\x81qqc\x9bAc\xb3\x01\x1f\x1bs\xa8,?#\xe3\u007f\x16\x16f&\xc66\x03Y\x10_\x91E\xcc@\xc4@\x88\x8d=\xa1\xb5\x841\x98\x89\x11\xce0\x10\x02I\v\x83\x94s\x18\xb012\xfegbd\x87h\xe1c\x11c\x11\xf1USP\xea\xf4\xbe|u\t\xd7\xc2\xfc{\x8f\x84\x1a\x8f~\xb4\xd13\x90\aI+\xb3H\x18\x885`W\x80\x9aS\x99A)Ԉk\xd3\x12\xe9ӵ\xfb\x9a\xc2;wf\xd5\u007f\xferPO\xb0v\x87\xa4]\xe5\xf6\x15+\x8a\xcc\xd3fK\xbd]#lͷ?\xe9Ü\xfb\xf3\xaa\x17\x06{\xf09V\x9dRX..\xbd\xad\xe2\x8d\xc3\xc4\xcfNk\x05\x0eǼ\xff\x9f\x10Y\u007f\xb6uq\xb7\xad\x87\x8c*\x93Mz\xedW\xa3\x97\xfa\x06Ok\x97VY\\\xf8\x9c\xa6\x95&\xd7k\xdcܕ_\x93\xb7\"\xaat֎\xeb\xb7\"<\\\xdcW\xf8\xfc\xf2\xf1\xe4\xf2:$d\xbe\u0081\xe7\xf0\x89\x87\x17\xc2y\xa7\x1bM=n5\u007f\xfa\xe5\xf0\x1f\xdc\xf7\x9e\x16}^|\xfb\xff\xd6\x1b\x91\x9b\x8a\xef\xfaj\x15n\xda\xe5\xf9\xf5\xb4\xccկ\x95'fn\xfesЧ\xe4\U00056f5a\xe6\xa2,\x1ar\xf7\\\xdd\nެ\xdfU\xc1ץu\x8e\xa1\xf2\u0381x\xc9t\x9dl\xef\xf7\x19\x19\xdcΏ\xd7\x1cL\xe2|\xbf\xecnj\xe2\x82\xf5-\xa1\x1e\x13\x83d\x8e\xa9NԺpPI91r\xbd\xab`\xab,\xa3\x8aI\xff\xf9\xcd\xffŋ\x14\x84\x0f5\xacR\xd4)\xb4\xe4\xbb\xd0\x1fs\xf0\xf2\xc5>\xa5\"7\x1f\xd9i\xeb\xfc\v7>d՜\x16\xf9e\xf7\xbcR\xdb\xf3\xbc\xe6\xbcI\xb7\xd5z\x92W*\xdfOg\xb3\xa9\xb1\xbae\xe2\xf40m\x8b\x1b˽c\xd3f\xf0{{T\xa9\x18\x95N\x9c\xbf\xe6{\xc6K\xad\x9d\xa1\xa9\xe7b\x13/\xab\x17\xdc0\xff7\u007f\xe7\xfa\x05za\xdb\x17\xa7\x06\xbe\xb5^-\xb2\xdf'\x90\xf9E|\x17\xeb\xecw]ys\xde\xef\xcf\xf8u\xe2\x16\xf7c\xa7\x93\x17\xc4E\xe6l\xf7z\xb0~\xb2\xbab\xa8\xda\xd6\x14\xfdޏ\xff\x979\xb0\xb6\xb2Ɯb\x97\x8c\xe1\x16\xd6\xf0\x89\xa8?\xb4\xf4\xbd뭄\xcb\xebR\x13\xe7\x067\x97\x1cZ\xf7)\xe6\x90\xd8\xdbIv-v\xc5\t\x1d{ʾ蜿P[{yG\xdcʼnB\x02/\xcf\xde=\xa5\xfa\xf8\xeaۙ\xfa\xfbJ\x1b\xbdU~\xba\xbaM9\xa9\xa9\x18{\xf5o\xcd\x17\xa9\xd9%1/\xfaU\xbe\xc5\xceu;\xa2sIN[1\xabY==\xd4k\xc9\xe3\x13F\xd3\xd3&\x14\xddz|%E/\xfe\xf1¬o\tW\x9e\x9b\x9e=u$\xa3\xf7z\xe1\x89\xcb*\xc6\xc5\x1bs~f=Ը\x1d\u007f\xcc\xf6ž\xd0g\xe6\xd2oUn\xf2K\xf6\xc7'KD\x044\x06\xa6\xe6\u007f\x9a_\x97\xc5\xf2\xdcD\xa5pW\x99w\x84\x9c\xe4^\xd1\x04\xd7U\xd20\xd7@\x1e$\xad\xcc\"a ր]\x01j~e\x06\xa5\xd0)V\xc5l\xf3\x83\xbc\rb\xae\xfc\xdb\x18\xa3\xfa\xf3z_\xfe\xd7\xf6\x94\xf9oE\xfav\xb0\xf4ix\xf7\xaf\xaa\xee\xb3\xdcr3\xe2[\xf5BS\xae\x85s\xbb\xbe'?}\xbdײ\xe9\xca\xe3*\xdd\xfc\xfb\xc26\xbb\xfeՅ\xcd\xe0\xfe\x1c2\xff\xac\x8b_\x9e\xcdC;\xd1\xfdljs\x9f|\x98\xb0\xedʡy\x06z\xf2\xef\x8fW\x1d\t8\xfe\xaa\xfaV\xc0\xe9*\xb5\xd3\f[\xa2Vo\x9d,\xdf\xd0\xd9\xc22\xb5\xb7\xb7\x9es\xf2\xfe++VY{S\xd7\xe3\x8fo$\x9e\x96n\xd3l\u007f~\xa7[\xaanˍ\x93\x97\xbb\xc4sj5]\xf6u\xad\xfaZg\xa5\x97a8yg֭Y\x0fn\xbf\xd4[\xdarV\x86k\x87\x17\xc7\xcf9\x1f\x13\xd5fL\xde^\x9d\xf6fb\xdc\xdd@\xfb\xdb\xc5\xfckY\"8\xef\xb20M岻\\v\u007f\x99\x80\\\x83틳KR.\x1a\x1f\x9ft\xfc\x91\x9f\xcbcΓ~\x87b\xdb\xf9\x84\xe6\xed\xe7?\xc9*p\xafj\xf1F\x9bO\xf6KW\xa9W\xae5\xac\x95\xff\xfbG2\xf3\xe8ݝ\xf65g\x8fm9d W\x977\xe9z}bYT\xff멾{\x04\xf3\x14k\"\xcdg^`\xdb\xf3\x93-\xd7Hl\xe9\xcd\xcc\x15\x0f\xef\xd84\xc8%\x04\u07b9\x1e\xa2(w*\xa9\xdc\xff\u05cd\xfe\xcd\xdaV\xbc\x15E'3\x1c\xa3ܽ\x0e-~-u\x9dk\xb5\x8dQ\xe8\t.\xc19\xf7K\xae}p\x10\x95=\xb1\xb3\u007f\xab\xd9\xd1\xf5?\x94v\x9c\x92\xfd|m\x9b$\xff\xfc\xc4ԬW%'j\xfa\x0f\xfbǦ6\xc9\xdf\xe4\xed\xbcUZ\xf4\xfb\xfdG\xf7t\xe1\xcd'.Jv\xa8\xab͚YY/\xf7DǾ\xfa\xdd\xc7{\xbe\xddӦ\x1f\xbej_#\xad\xfcv\xc9fY\xb1\"go\x85\x87\x91u\x87^\xacUۿ\xe8; \x00\x00\xff\xffi\xe4/\xb7\xe4\x05\x00\x00")) - p.addCertFuncNotDup("0E1\v0\t\x06\x03U\x04\x06\x13\x02CH1\x150\x13\x06\x03U\x04\n\x13\fSwissSign AG1\x1f0\x1d\x06\x03U\x04\x03\x13\x16SwissSign Gold CA - G2", "[%{\x96\xa4eQ~\xb89\xf3\xc0xf^\xe8:\xe7\xf0\xee", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xdde\xd0ļh\x013\x13#\x13\x13'\xc3n\a\x19\xe7\xafq\xfe\x1b\fx\xd98\xb5\xda<ھ\xf322\xb2\xb22\x18\xb8\x1ar\x1bp\xb21\x87\xb2\xb0\t39{\x18\x8a\x1a\b\x838\\\xc2<\xc1\xe5\x99\xc5\xc5\xc1\x99\xe9y\n\x8e\xee\x86\xf2\x06\xb2 afa1\x84\xb0{~N\x8a\x82\xb3\xa3\x82\xae\x82\xbb\x91\x81\x9c8\xaf\x81\x99\xa1\x81\x91\xa9\x81\x85\xb1\x81\xb1i\x948\xaf12\x97Z\xd641)!{\x80\x91\x95\x81\xb9\x89\x89\x9f\xc1\xa0\x89\x89\x8b\xa9\x89\x89\x91a\xfd\x93wu\xdd*|By+\x03t\xc5\\\xac'M\x8a9\xb5#\xb6e\x92\x93\xb0֞\xd4\xf0&\a\xbbp\x95\xb3\x01ݪZ\xdb\xf3\xff\xbc_t\xe1\x80<\x93\x8a\x97\xf0\xb4~e\xe1g\x1a\x11\f\x8bݏ\xb3-oQ\xd6\u07bdw\x9av}\xe8\x99\xee\x83\xe1\xf2|I\xa9\xfcwmú\x8ao\xad\xab\xcb\xdd\xd5(S\xe7ԣ`z\xd3ٷ\xe5W\xcb\xed \x9d\xcf|\xea\xe5\xdc\xd9\xfb\x05\xf5\x8b*\xe6\xebݰ{&a\x1e\xa5U\xf4\xf3V҄ISO\xc9\xcfy\xb9\xd9F\xfb\xf4gF\xe1\xfdQ\xe7\x0fn\xe5J\xd8{w\xeb̔\xe0\x1d\v\xa6m\xce\u007f\xa4V>\xb1\xe7A\x92\x00\xd3|\x13\xfe%W'\x19\a\xde\xdb\u05fb\xab\xa5*\xc1&\xeb\xf6|\xed7\xf7\xee1\xda\xe7\xf9>\rh;\xbde\xfd[\x17\x87\xa3\xa7\xa2zn]ҮY\xf1n߲\xa7\\\xab\xf8\x96\xdeg\r\xda\x1ez\\)\xd6(k\xfa\xf4d\xe1\xdb'oW\x9aU\xb7Zy\x1d\r\xea\xfc\xa9\xf2|n\xf9ʦ\xff\xa12K\v3\xb5/2\xa9|ڬv%\xfb\x16K\xe8Ӄ\\\xc7s\r\xcc'h=\x99'b\x1c'&\x1ez4z\xebi\x93\xceI\x1f\xe7\xaa\xf5/d\xbfrlSE\xc0m\x1e\x1e\xee\x1a\xee\x1e\xc7\xeb;_\xde\xed\xe9\xf8\xbe\xd8w\x93љ\x1b\xe2\xb7\xcen?\x976\xf7\xca߸\xff{\xa7\xdbi\x96>\xaf[\x9e\x14\xb1^\xd5d\xa9\xe3q\xdb=\xbc\x01\xa7\x98\x99\xf99\xa2\xe4\xa7\x16W$\xed__$\x92ɷ\xf4)3_E\x9f\x9a\x86\xd3\av\xee$\x05\x81tK\xb7_+\x99ϰXT\xa5\xbdWh\xde\xda\xe3\x15\xd67\x91\xe1O_Lӽ\x8e\x05\x87\x1fe\xe4\xd5\xf6\xbe\xb7\xb9\x9b\xfa%vM\xe0{\x95\x86u\xab¦\xe7\xff\\[{+\xd1~F\xb9\xcd҉\xdbdz\xd4n\xa5.\xe2\xcc=\xf8(\xe4\xf1\xceS>>\r\xfd\xe5\xd5\t\xb3\xe4\xeeo\xfb\xe4!Ƿ\xcb/$wƃ\x87\x8b\xa4\x16\x95\a\x9c?\x92<鍻\xe4\xdc\xd7ϲ\xcf\x1ddbfd`\\ܸƠq\xa5\x01\x1f\x1bs\xa8,?#\xe3\u007f\x16\x16f&F6\x03~\x10_\x18\xc4g5`fd\xfc\x0fNk\xb2|,b,\"Ѫ\xd5Ӗ\xa4\x06\xd6\xed\xb0\xfc|\xa0\"-\xee\x85\xd5\xf3\x0f\xef\f\xe4A\xd2\xca,\x12\x06b\r\xd8\x15\xb8\x81\x14(\xb0\xd8\x1b\xd8\x1aX\xb3q&\xb4\x960F2212\x1a\xe8\x19\xe8\xb0qh\xb31\xb2\xb2\xb231\x8a)d\x94\x94\x14X\xe9\xeb\x17\xa5\x16\xe4\x17g\x96\xe4\x17U\xea\x15\x83\x12wqfz\x9e^r~\xae>Z\x8ed\x06\xa5c\xf5]\x8f\xa7\xd4|\\w\xe0\x9e\xf8\xb3\xa77\xae~\r\xd9\xd0\xfce\xf7\xd98\xd6j\xff\xf9\xa5i\xebm^\x84\xd5\xfd)\xaa\xb0`\xbe\xa9\x9d$Ͱ\xf3\xc7˄\xb3g\xce\x05v\x1d\x0f0\xcc{\xe8U'\xa1\x9f\x19\xb9\xcd6\xa5Q\xfbqs\xcb3\xa5\xf6\xbe\xda\a\xef\x98f&\xee\x90\xfb\xb2C\xbbCH\xac\xe5\x90\xe1d\x8bi\x86\xcbvZ\a\xdb\x1fV\x99\x1c\x16\x9d9\xe9\xcdу\xbb-\x18\x1e\xbf\x11_\xb9\xe3\xce\xf1\x1a\xc6\xe6\xf9F\ueec2\x94Ld\x8d\xaa8Öר\x9a\xad\xb4\xf5\xbeu\xa0)\x9fk\xb7Љvou\xc1\x9fr\xba\xc7'\xdbϻ\x1d\xaf\x96\x1dtS\xaf\xeb\xa3\xc81\x97^ѕ\xdb\xf7キL\xea\xdd:\xdd\xdf\x1e\xe5\xe2\xffv\xbfY/\xf1U+\xf0\x83e\xcb\xf4\xa99y҇\xb5\x8f\x94$T\xaan\xe0R\xbf\u007f?\xee\x92\xe5y\xd7Z'\xef\xfb\x9bu\xe4\x8e\x1e\x8b=\x15j\xb5`N\xe6\xac\xfe[\xef7m\xb0\x99ߞ#\xa4\x9dZ \x1ad(\xa5r>\xdfP9@\xbeǿ_\xf9p\x89c\xb2L\xe8\n\x91\xbbv\x0f\x02\x03\xce\u007f\x946\b㛴\xa1\xa9\xf5F\xf3i\xa5\x94=\xba;T\xaf\x86,\xda\xc1\xf6j\xed\xa4%*\v\x0e\xb6m\xf5\x12\xcer?\xaf\xc7\x1d65\xe4\xf4\xb9Y\xb7\xb3\xb6,\xdbtۑ\xa3M\xbd\xfc{\xd6\x02\xa7\x1cn\x8bs\xd7K\x03\x8c&\x1d\xba\xafm\xa0\xe4q᪣\x85j쒗\xb1\xf3\x8fM)\xbd\xe0\xfa\xd7`\xbas\xff\x84\xd5\\\xc7ۊ\x13\xbc2u\xef-\xad\xb8\xcev+k\x9e\xb7]\xb9\x95\x82\xb0\x12\xe3\x85\xfd\x19\xf3\x92\x13\xb2M}\xb9sw-\xb4=0\xf9A\xbd\xf2\xe6еE\xaa~n?/\x89\xbdߐr\x90q\xde\xcbS\v\xb2f\U0001dfd1\xf0I\xdfs\xc7\x13\xa7\x87\x16\xa6b_N\xe4\xf9\u007fo\f{\xb1k\xf1>\xe5\xf5\xeb\xfe\xe63?`\xb26(\xfb%\x9d\xebx\x9eq\xe3\xcb\x1d'Ӿ\xdcV\xfbl\xb5\xa4䓧J\xf4\xc9\r\x17\xc2\x0f\xfe\xb2\xabz8\xfd$ \x00\x00\xff\xff\xb8vr\xff\xbe\x05\x00\x00")) - p.addCertFuncNotDup("0J1\v0\t\x06\x03U\x04\x06\x13\x02CH1\x150\x13\x06\x03U\x04\n\x13\fSwissSign AG1$0\"\x06\x03U\x04\x03\x13\x1bSwissSign Gold Root CA - G3", "\\\x97\x06F4\xab\xdf0\xc5|\xc5\rUqf0\xb5`\x8f\x9e", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xad2hbNZ\xc0\xcc\xc4\xc8\xc4\xc4\xc9p\xef\xc8'\x97ϲ\xcb\xfe\x18\xf0\xb2qj\xb5y\xb4}\xe7ed\xe4fe0\xf02\xe46\xe0dc\x0eea\x13fr\xf60\x145\x10\x06q\xb8\x84y\x82\xcb3\x8b\x8b\x833\xd3\xf3\x14\x1c\xdd\rU\f\x94@\xc2\xcc\xc2\xd2\ba\xf7\xfc\x9c\x14\x85\xa0\xfc\xfc\x12\x05gG\x05]\x05wc\x039q^\x03K\x03\v\x03\x13CccC\x13\xf3(q^cs$.U\xedjbRB\xf6\n#+\x03s\x13\x13?\x83A\x13\x13\x17S\x13\x13#\xc3\xe1\x17\xf3O\xa4F\xcdM\x97>\xe8:}˖v\xe7\xe8Ą\x86y\x9f\xea\xe3~\xa6\xbb\xdcu\xf9\xb5z\xeb\xea\xf2\xffZ\x92>\xe7\xf2\x8f\xf4;\xce\u007f\xf0\xe8lу\x8bW\x82\x12\x1d9\xb9\xf6s\x15\xfc~М\x99\xa8y\xea\xb6Ҭ\xe8\xa5\xcf\xee\x8aOݐ\xdf\xd2ge\x97\x12\xe5\xf8[:\xe2\xcf_m\xbbMK\x9e\xad9ٴ\xe7ܷ\xa9?\xa6\x97\xbfU\xfb\x16\xb1n\x9e\xfa#\xfe\xe67G\xcd\"NT\x9f\xbfھpe\xbb\x94pz\"c\xee\xb2\xcc9\x8f&|\xd4\xceH\xfd\xfcbC͟&\xdb{kop1p\xbaT\n\xcf\xf9\xf0/\xaf\xb4\xfaО͑\x8c\xdc5G\xaf\xea~\xd8\xff?7\xfc\x92g\xe3\xeb-\x9b\x03\xd6D\xff\xe4\x16\x15\xed\xc9\xfc\xbfؒ\xf1\xed\x9f;wԧ\xf7Uw_\xcdZv\xed\x81l\xfcYƉϾ*\xcdإ\xc7)a\x91/\xbc\xa2\xf1\xd2oE\xf3\xe7\xba[\x92\x9e7N\xd8p\xac2r{z\xe9\xbf}\xfdֿ\xccެ_{ɿČ\xf1i\xf8je\x963^q\xd3\xcf\xd7\x1d{\xdfsf\xaarf\xefi\x8b\xe3\x92߮u1\x88ș\xd8\xe6\xdf\xe2\xe1>\xbck\xfa\x1fA\xef\xa0D\xbb\xfd\xc6\xe9\xc1\x02\xfb+\xa49\x0f\xb9\xef\x92[\x1f\U00075d31~o\xd8\xc7\xd7a\xd7of\xf2\xb0\xbf47\xdc $c\xf4>\xec\xe6\xbe*횽\x97m\xf7d\x19\xfbZ\xd9\x04\b\xb4\xab\x1f\xaf\xe2J\x0f\xbe]\xdf0\xfb\xc5<\xe5_?9\xac\xba\x17\xf6\x99Dy\x18ǧ\\\x9e\xde\xc6.Y\xdb1\xe5\x9cV\xcdѬ\xfb\xeb\xf7\xac\x9c\u007f\xd6jٮ\xdd!?\xeb\xfb\xef\x9f\xe7\x8b:\xb2v֞\xcdV\xe5\xc5\xcd>\x93m&dl\xad\t\x98*x\xa2)nJ\xe1\x05G\x89\xdf'\x8f\xa5\xbe9\u05f9\xed\x9c\xd2f\xc1h\xfb\as\xed\xa4%2xW1/L\x8fܟ=wϏO\xa9\xfa\xb3\x1c\xad\\o\xc4]0\xcbɷ\x96K\xde\xd27\xc3G\xf8\xb6\"\xdf\xfc귯\x16\xac*<\xfcz\xf1\x82K\xaaĽ\f\x8c\x8b\x93\r\x12\r\xf8ؘCe\xf9\x19\x19\xff\xb3\xb0031\xb2\x19\xf0\x83\xf8\xc2 >\xab\x013#\xe3\u007f\x03Y\x90\x00\x1f\x8b\x18\x8bH\xcct67\x93\xd5\xf7\r\x8e\xd6\x1c\xe5\r-L3ؚ\xd0?\xcf@\x1e$\xad\xcc\"a ր]\x01j\x8eb\x06\xa5\xbero\xdf{\xafZ\xbdV\xeb\xa8_s=\xfe1^\xe1`t\xc2[\xf6Ӌ\x8c\uf61d?>\xe5#\xdb\xf1\xab\xb7Ο]\xdbb\xf7_ȣ\xde\xf1\xc5Ҵp\x83#\xb2O\x96K\xe9\xeb:\x1d|\xefV\xbc\xe9\xeaר\xbf|UٗN\x18.\xe6\xf5\x98\x16\x9e\x9a\x1c*q\xe0ϓ\xae33ڢW\xf3t\xa9\x9b\xffRΈ\x8cQ\xbb\xbe\xf0\u085d~:\xff5\xe3\x9eM\xe1\xdew\xb6\xc8\u007f\xea\x8b\xfeo\xdfw\xd8ŝ;?O\xf0\xe4\x1afM\x8f\xae\x95ۖ\x99\xec\\\xe3\xf0\xffȶb\xf3\x8d\xc7\xebW\x06\xde\xf6\xd6r\x8fwPa\xef`ۮ\xb2\xf9w\xfd\xf7\r\xddƿ\xf6+\x97.\x8e\xf9\xb7*U\xeaо\x8f\xb5\x8d\xe5̍\x1b{\xafO孲q\x9a\xb1\xbd\u007fem\xc0\xc3\xfbAl\xb3\x16\x04\x85T4\xb3'\x06q\x9a\xc7u\xcdY~,\xf0bL\xf2Ŗ;\x87n_\xfa\x15-aV\x9b\xb6\xe7\x8a\xc6t\xfd\xd2i2-\xeck\xba\xfb\x82\x05\xf7\xa9(\xaeJ\xfftpmǜ\xcb\x1b*\xd2+\xbe^\x8e`V\xe0\x8aU\xf8\xb8\xf5y\xea\x19>\x85\xc7W\xef?ӗ\xd4n\xcd8Ȣv\xbe\xff-k\xf0»\xec|\xaf\x1dՎoY\xa9\x13\xfd8\xd36\xed@\x92\xf4\x81Um\a\xcc\x0f\x1b\xb2\xb4\x15X\xeeˎWtp\\P\xff\xf4&\xbf\x85wA\xbc\xe7\x8f\xd6\x1d\xdaz\xab\xe4';:\xff\xf8\xbd\xa9\xc4F\xde;\xd1C\xdbU\x9b\xf1\xbb\x8cԢ\xb7\x12\xbb\xb8\xf66\xff\xca\xdf\xd3\x1b>\xd9\xfaʕe\xe7\xe4>.\xd8xn\xf5_m\x8dY\xfe\xd2\xd7\x0f\x17\xdd^rd\u007f\xac\xcf\u05fb\xd5\xd32\xdfe4<{>c\x97\xd9\xf6\u007fyo\xb5\xf7*\xfcH\x95\xbc\x15\xcaY\xa7z\xe7_bR\xd1\xcf:\t\xa6\xf7\xc9[.\xfc^\xff\xd4:\xb9'\xbd\x9f\x89\x99\x91\x81qq\xe3\x1a\x83ƕ\x06|l̡\xb2\xfc\x8c\x8c\xffYX\x98\x99\x18\xd9\f\xf8A|a\x10\x9fՀ\x99\x91\xf1\xbf\x81,H\x80\x8fE\x8cE$`\xfd\x19\xf6vQ\xf7|\x8b\xa3[R/ޛ\xba\xea\xe5\xfd9g\f\xe4A\xd2\xca,\x12\x06b\r\xd8\x15\xb8\x81\x14(\xb0\xd8\x1b\xd8\x1aX\xb3q&\xb4\x960F2222\x1a\xe8\x19\xe8\xb0qh\xb31\xb2\xb2\xb231\x8a)d\x94\x94\x14X\xe9\xeb\x17\xa5\x16\xe4\x17g\x96\xe4\x17U\xea\x15\x83\x12xqfz\x9e^r~\xae>Z\xced\x06\xa5c\x8e\xd6e_\xc5x\xfe\xb8H\x1dL~\xf03ԍ\xe3O\x81\x8c\x93ƴ\xbe\xedG\x0f:\x96\xfaq\x16V>͝v\xca{iG\xc2\x05\x83\x92\x1d\xa78\xeel1\x98\xe7\xc0.\x96\x9d:\xb5\x9cqݒ\xed\xa6܍\xb7\nEW\x96\x88[TG\x9c\xfa\xa9\xff\xfb@jYo4\xe3\xce\xda{M\xb6);\xf6\x89\x94,\xe6\n\xb9\xac3UB\xdc\xf4k`\xb6}\xff\xa2i\x89\x96\x15\xd9\xdeO\x97-\xf8\x11|?P`r\xd2\xf3\x06\xfdG\x17\x1f\xec\xe93s+7~\xb3\xe3w\xdf,\x9dN_CA~\xb5y,\xbb\xb7\xb3\xf4r\u007f\xda\xf9'j\xae\xb5\xd8v\xfd\x133V\xff\xeb\n\x88\xd4[l\xfdG3\xb6\xfb\xa0\xf7\xc9G]²\x1b\xf7\xefv\x92\r\xba\xebwC$N\xe0\x98!\xfb\xfbB\xf5\xefҖ\x9cw\x9a^uo\x9e\xda\x16\xf7\xf7\xeb\xadX\xc3e\x0f\f\xb7My\xe6\xe2YrT\xec\xe9wy\xe6D\x8d\xa3'N\v-p\xf2\xfe\x99\xdd\xc1ѻ\xc5H\xe2s\xe9\xfc#\xf5\f\xfe\xacS\xe7,\x16g:\xbc9x\xf6*\x05KM\xed\xb4_s\xd7\xc7m\x9eti벇R?u\x1d3\x1bE\xb6l\xd9\xfa\xb6\xd3\xf6\xdc\xef\x95sM\x9d\\6ʈ\x147\x9e\xd7b4\x9dexU\xb7?\xb7\xe5~\x83o\xf8c\xfb\xa3-\xa5\xb7:\x8f\x19\xec~\xdd\u007fZ\x89c\xc1\xbaU\x1f\x99s\xac\xbc}9\x97\xf2\x15\x1d\v\xcbVt\xf2SV\x15\xc9XW\xc6U\xc3\xc3^\x90\xf2s\x96\xfe7VK\xb5c<\xfd\x92\xf5\xceqy_\xa2E\xf5o'\xc6>K\u05f7\xe7\x98\xf23a\xcb\f\xc3[%\x1f[&\x17\xfa\xc6\xffN\x88\xb8\xf8\xfb\xc8\xc1\xdc\xceE\xbb\x15\xe4\xe7\x16N\xc1\xff\x8dJ\x96o\x9b;#|\xcb.\xb5\x95\x1f\x8d\x8d\x93\xea\xac60\v\x86\xff\xbf\x93/\xa8\xbc\xd6\xee\x18ׅ3!\xdbu\x0fM\x96}zhY\xcf\xf1\x1b\uf0ff31320.N6H4\xe0cc\x0e\x95\xe5gd\xfc\xcf\xc2\xc2\xcc\xc4\xc8f\xc0\x0f\xe2\v\x83\xf8\xac\x06̌\x8c\xff\rdA\x02|,b,\"aZ\xf6\x13\"\xbe\x88G\x89l\xba\xce!\xdd\x1a\x1d\x92\x15\"\xa5a \x0f\x92Vf\x910\x10k\xc0\xae\x005g1\x83R_\xceۮ\xe7\xce+*\xd5g\xef8\xdfn\x97b!\xd1#\xe84\xa9\xcd\xfcA\xc4a\xe9w,z\xdf[\xde4\vd\xf0\xd4W\xe8\xce94\xbd\xcf\xccO\xec\x06߫l\x8f\xb5\xfe\xf3by\xcf\U0002ed13h\xad;\x931\xd3\xd2\xf4ڍ\xf9m\a\x8d~\xfb\xa6nV\x12\xf1>њvK\xfc\u007f\xe1\xc45s\xc2\xc2\xef\x15\xea\x849\xed\xffq\x96\xefâ\xcb\xff/)\x89\xfe\xbeP\xc1U\xf7pCԹ>\xf3\xdb+\xe7=\x9fz>\xf9\x93\x0e\xef\xa5_\xf9\x9fO\\\xfdͰ\xfd\xbbi\xba\xc0\xe5\xea\xa07\x02F?\xf6ߍ;\xb9\xaci\xc9\xc7\r\xfbe\xf5\xee\xaa>\xd9\xeb\xfb\xc1t\xe5DF\xf7\x1f\x02LS\xa2_۽\xe6\xdduU6Yg\xa9\xde\xea\xe7\x8f\xe5\x16\xbf\xf3^\x15\xbf1\x8dqKS\xd4O7\xef\xe3\x1f\u007f\xdc\xd7\xd9\xf7\xb7\xf4\xee4\x8bY\xe6VyK\x9f\x19\x89\xe6m\x9ep\xc0\xb2\xabd\xe9\xd4\x05\xfbx\xf5:+\xcfj\x86\xf5\x1d\x8e\v\x0f<\u009a\xcf\x12\xda\xdf\xf8\xd2go\xa4\xdbi\xad=\xbe'e?\x1d\xf3g}r\x82\x85\xf7{\x9e\xff\xad\xc3Vs.\x1d\xfa\xfa\xf2\x98J\x95\x88\x9d\x8c\x93\xc1\n&WÕ\u007f\x02V\u07b9\xd3f\xc1\x1f=پ\x9e\xc3/\x8bW\xddJ\xa02\xec\xb0\xe8\x0e;\xb6\xb6o7\v\xd2חVu?\x8a8s\xac\xd4\xdf(\xf4h\x8e\b\xa7\x86\xf5\xa7\xa9O\xb2\xee\xe9h\xb0\xaf]Pˮq\xf7J\xd4\xe2\x97\xcbj\x84{fr\aUܾy\xf1\xbe]\x94sY\xbd[B\xf0\xa1\xb3\xcf\xcb\xdckB\xcfn\xb1L\x11\x88\x9e\xeam\x1a\xebҬr\xf5\x81\x9e\n\xcf\xc1\x86\xbcL\x86\x06\xb6r\xae\xb4&\x01\x9e\xc0|\xf3\xce\xf0۟}\x9e\xee\xd8\xf9N9mz\xc2\xf6\xa0\xbb7\xa7\xfd\xde\xd5e\xbd\xc0\xf7\\\xdc\a\x17\x9f\tg\x14\xfd\xa5\xadfd\xf7\x196\xffl\xe6\b:-y\xd04\xfb\xddB\xd1\xe8\x0e\xfb\xdc5\x9fL&\x05/3\xd0\x12\xbe\xfe\xacmE\xecM\xa7K\xc7箬\xea>}\xff\xdd\"\xc3CO\x01\x01\x00\x00\xff\xff\xc6\xfe\xcbu\x85\x05\x00\x00")) - p.addCertFuncNotDup("0G1\v0\t\x06\x03U\x04\x06\x13\x02CH1\x150\x13\x06\x03U\x04\n\x13\fSwissSign AG1!0\x1f\x06\x03U\x04\x03\x13\x18SwissSign Silver CA - G2", "\x17\xa0\xcd\xc1\xe4A\xb6:[;\xcbE\x9d\xbd\x1c\u0098\xfa\x86X", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xddk\xd0ļt\x013\x13#\x13\x13\x87\xbf\xf4\x15\xfd\x90\xdd\xfa\xde\x06\xbcl\x9cZm\x1em\xdfy\x19\x19YY\x19\f\xdc\r\xb9\r8٘CY\u0604\x99\x9c=\fE\r\x84A\x1c.a\x9e\xe0\xf2\xcc\xe2\xe2\xe0\xcc\xf4<\x05GwCE\x03y\x900\xb3\xb0\x04B883\xa7,\xb5H\xc1\xd9QAW\xc1\xdd\xc8@N\x9c\xd7\xc0\xcc\xd0\xc0\xc8\xd4\xc0\xc2\xd8\xc8\xc4,J\x9c\xd7\x18\x99K=\x8b\x9a\x98\x94\x90=\xc1\xc8\xca\xc0\xdc\xc4\xc4\xcf`\xd0\xc4\xc4\xc5\xd4\xc4\xc4\xc8p\xe4c{\xfd\xe5\n\xc3\xef\x16'\u007f\x1c\x9e\xe9\xbc\xe7\xf8\xf7=\xe6\xcf\xfd\nwy\xf7/-\x96\x8dɛ\xb1\x8e9|\x9d\x85\xb9\xb3\xbe\xb8\xad\xfc\x89s\x19\x02\a+\xd6I2k\v\xfcҩl\xfe\xf6bg\xc6\xce\xd0O,.\xcb-\u007f\xfea\xe9\x96\xfb\xb8\xc8W\xfdgb\xf5\xae\xedO\x17\to{\x9dhw!\xe7\xe2\xb3߿\xe2\xde\xcan\x99\xb7\xc04z\xe1\xa4\xd3\x1f<'\xfdk\xe5b\xb5{v\x93\xfb\x91\xff\xee;S\xcd\xffL|id\xaatQ\xde\xcaO\xbdu\xee\x06\xd1)F\xb7\x12y\xdd}\x13\x9c\xd6Mr\u007f\xd1\x1c\x15\x10\xf1\xb2\xab{g\xec\xc2;wgzɛ\xa5\xef\xf6xҼ\xcd\xfc\xb5\x87\xd5z\xfe\xf4~q\xf6\x17,\xa7\xdeg\x19\xb6_9\xb0\xed\xe7\x94\xc2\xea\xf4\x94\x1d\xdb&z9U\xa7\xea\x19d\xf1|\x9d\xf0n\xea\xb3Og\x9b\xde\xdc\\\xe8\xf5\xe6\xdb&燐\xad\xcfr+&\xb3\xe8\xcdi\xca5[y\xc40E\xbe\xad\x99[\xeb\x8b)W\xc5\xc9\xd0\xf3\x8e\x1b\xdc_\x1a̟\xb9/q\x05[\xcbN\x8d\xaax\x8b\x9b\xd2+-64\xd7\x17\x1f\xc7\xcf-\xee\xb2\x069.\xaf4\xcd['e\xa4\xedi\xb6\xf8Wm\xa9w9\xe0\x83\xfc︄m+\x97\xfdRw\xfc8[\xa2\xe8\xd3ז\x12\xaf\x93\xe9GB\xd6y\xa4\xdc﹘\xb7A\xf6!{?\x87\xdc\xcc9\x85/}n,\xfd\xee.$_r1p^\xdb\xe7C\x8b\x94\x1d\xb8\x8bo{/{^\xcc\xd6sp\xc1˃\x91k\xdc~=\xd3\xffq\xbep\x8e[\xee\xce#\xa2\xbd\x16\x95̮\x1e\xef\x8f\xc4^\xe7x\xd7n\xa9Զ\x89\x97?\xc2\xf9{\xe1J\x0f\xbd\xbf\xaf\xae\xc931320.n\\cиҀ\x8f\x8d9T\x96\x9f\x91\xf1?\v\v3\x13#\x9b\x01?\x88/\f\xe2\xb3\x1a032\xfe7\x90\x05\t\U00031231\x88\x88/8{\xf0\x89\xe36\xabh\xebӮs\xf7\xca\x1c\x9a\xf1\xab-\x02\x9c\x18e\x95Y$\f\xc4\x1a\xb0+p\x03)P`\xb17\xb05\xb0f\xe3Lh-a\x8cddfd4\xd03\xd0a\xe3\xd0fcdeegb\x14S\xc8())\xb0\xd2\xd7/J-\xc8/\xce,\xc9/\xaa\xd4+\x06%\xef\xe2\xcc\xf4<\xbd\xe4\xfc\\}\xb4\\\xc9\fJ\xc7\xc5\xc7\x1a\x1f\xa8_\xd2\xe5\u007f0\xd5\xe0\xd1,\xc7\xfa\x00\x9d\xf8\xf8\xa4ĕmY\x99\x12<%\x9e\xd7b[^9\x06I\xe4G\xac\r\bS\xc8:\xb6W#3b❉\x82\xa6+\xadd\xf7H-M\x98wC\xbe\xdeub\xe6ͺ\xdd\x15E\a\xd9\xf8\xb5\xce\xf5\xb7\x16$\xaeYp\x96{\x87\xa5fX\x8b\x91_\xdbn\xdb#Z7\xaf\xcb\x17\xbd\xfb\x17\xb8P\xc9qc!S\xb2Tӆ\xa4\xd5q\xe1B\xf2\xf7O\xdf-]p \xb6rB\x8f\xf4\x83\x80g\xf7\f\xffͨ.\x88_:\xe1\xc6\xda\x1fL\xdb\xf2/'\xdcu\xf0V:j\xbb֪j\xbe\x94\x94\xfb\xc4J\xe3]Mw\x8c2\x99\xa7\xe5\xc9{\u007f(\xfc\xf78\xbdh\xc1\xc6\xfd1\xddO~\xcdT:\u07b2S\xbaWy\xba\xfd[\xd5\a\xe7Sw\u007fMdy\u007fWnS\x94\xa3R\xd4\xc2\xf9\xb1:/\xa2O\xe6\xae\xe4\xe1\xa9X\x95p,\xac\x9f1\x8a'cO\xa6d\xe5\x11\xf9\xba\xe9\xac\xfb\x8f\xbeT\t\x8c\xbbr\xd5;\xf8\xedM\xe5(3\xe6\xd4\xc5\a\x99\xd7:\x1a|v\x93n\x9d\xb0>u\xebՍOĢ+Je\xa7W\xe5F\xae\xd4\uabfew\xb8\xbdS`\xa6gq\xc5\t۽\x81\xa6%ZW?\xd6eJk\xed\xb6ޫ\xbacV\x94mQℴ\xf6w<\xd7|\xaf\b\x96pg\xfd\xe3f\xfe\xb384\xbc\xf3\x9f\xd7\xe9u\xd1\xe2\xac'>\xf5*\x1b\x06[\\\xd2Ͳo\xda\xd9ˑ\xf5=α$\xef\xb0`\x1d\xfb\x1ä́\x89\xf6\x16\xa7\xc2\x05x\xf7\x1a\xe8\x1f_\xfa\xccq\xc1\xadu\xac\xed\xb3\x16,I\xcd\xf1\xe1\xe4\xe9ܵ\xe3\xf2\xce\x03\x93\xbb\f~\xf5>\x9d\x95-\xca藾\xeaVR\x98]\vGڥ#f\xb5\xcb\xed\x04\xfet<\xb8\xd2\xf0\x94a\xef\xaa\xcf~l\x8b\xab\xb2~&\x15=\xe6\xf4\u007f=\x9b\x8fQ\xf9\xe3\xfc\xdd5w\xee\xe4\bNW\xdd\xf4iK\xb2\xc8%6\xad\xf4\x9e\xe6\xaf\xe7^\xb1ߘ\x95%\xf7\xe6\t\xd7n-\x9fל\t\x96\xe7N%\xdd\xd0\xcb\x03\x04\x00\x00\xff\xff\x8clR1\xc1\x05\x00\x00")) - p.addCertFuncNotDup("0L1\v0\t\x06\x03U\x04\x06\x13\x02CH1\x150\x13\x06\x03U\x04\n\x13\fSwissSign AG1&0$\x06\x03U\x04\x03\x13\x1dSwissSign Silver Root CA - G3", "\xa1\x8cE\x93\n\x12c\v\xa7W_2J}\xe1!\xe7\xb7>f", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xad3hbN[\xc0\xcc\xc4\xc8\xc4\xc4ɰ\xaacC\x14\xf7Ʋ\xd9\x06\xbcl\x9cZm\x1em\xdfy\x19\x19\xb9Y\x19\f|\f\xb9\r8٘CY\u0604\x99\x9c=\fE\r\x84A\x1c.a\x9e\xe0\xf2\xcc\xe2\xe2\xe0\xcc\xf4<\x05GwC5\x03\x15\x900\xb3\xb0,B883\xa7,\xb5H!(?\xbfD\xc1\xd9QAW\xc1\xdd\xd8@N\x9c\xd7\xc0\xd2\xc0\xc2\xc0\xc4\xd0\xd8\xd0\xd2\xd0$J\x9c\xd7\xd8\x1c\x89Keۚ\x98\x94\x90\xbd\xc3\xc8\xca\xc0\xdc\xc4\xc4\xcf`\xd0\xc4\xc4\xc5\xd4\xc4\xc4Ȱ\xaf}6\xeb\xb3\u009a\xa0\xfc\xdc7\xe6+_n\xbes&\xbe\xfer\xc0+\xc5\xd9,\x1fl\xf7\xef\xeb;\xb9TD\xccH\xe0\xfc\xcc?o\n\xd6z\x98\xa5\xab\xf0\x88\x1b]\xd3|\xeae\xb9\xd1\xfc\xf5\xb2\n\x9e\x9c|\xc9S~\xdf\x03oI\xbd\xf8\xa5h\x913u\x8e\xfe\xb5\xee3\xd6L\xb3\xf7\xab\xcd\x16tݶ\xc3$JvY\x88GЉ\xb9\x15\x85\xe7<\xbc\xce,\xafh\xbe\x93\xb1:M\xae\x9c\xfd\xb2\x99\x04\xc7\xf5+\xb9\t?>T^66㜔\xbc\x9de\xd6\xd7\xe5\xd3n\xb9\xae/\x91\xfa\xd3\xf4xE4\x9f\x95}P\xf8\x8c\xba=sz\x0e\x1e\xd8\x14u\xffH\xdd?\x9ee!e\xcdu\xbb\xee>\xd7\xfa\xe2e\xe6ߞ\xaa\xb7t\x97eod\xa2\xe6\xe7\xcb}*\x05=\xc1\xb3\x05\x97\xba\xb3o*e\x8d\xe1m\xb9\xe9r\xf3\xecI5\x97\xf0<\xa6ک\x8cWV\xab\xb4\xbd\xb3-\xf8\x1d\xfek\x83\xa6ȅ\xb9\x9f\x8eN?\xcdy\xea\xe3'\xdb\xe77\xbc\xa7\xbd\xecП\xe7\x1e\xd8\x15\x92:\xc3\xe3\x92Г\x90r\x1e\xf6g\xfb\xa2\xe7|\xbc\xcb\\\xd7\xdb\xf2g\xdfɤ\xab\u007fNZ\xbd\xe8\xdc\x1a\u007f\x885(\xf1\xc3\x1c\xbb7z\xbe=E\x13\xfbN8\x1f\\\xa4\x11\xf7\xb5A\xe5\xce#\xfdv\xeb`\x86\xa7\xa7?l\xaa魔\\\xd0q\xb6\xe2\xc7Ѯ\xa8\xf2\xa7lk\xeez\xdd{V\x90\xb7o\xfd\xbe\xaf\x1bW\xf3ql\xb8\xbd\xc0~\xca\xd1}B;\xf7T\xabWn5Ҍ]wTAy\x12su\x88\xe5\x86N\xa5\x90\\\xa1LJ+^Y9\xfc]2y\xcdK\xdd\x0e\x9b\xdb\xcb\xdc\xd3|\xee\xdf\x10\u007f+vO\xea\xdauǴ\xfd\xb2\r\x1f\x97\x98\x8dy\xfb_\xf97m\xb5%\x0f\x96lya\xb4m\x15\xbb\xf2\x8f\xf7*\x8e\xf3\x92\r*\xbe\x84\xdc\xed\xfb\x10e\xd1'T_q<\x9f)L\xd1\xf8\u070e\x1dk3C\x99\x98\x19\x19\x18\x17'\x1b$\x1a\xf0\xb11\x87\xca\xf232\xfegaafbd3\xe0\a\xf1\x85A|V\x03fF\xc6\xff\x06\xb2 \x01>\x161\x16\x91\x85=\xae\x93\xb9\x84\x92\xb9\x97\x87\xc7\x1by\xd5>T|\xbe\xdd.\xcd@\x1e$\xad\xcc\"a ր]\x01j\xaeb\x06\xa5\xbe\xf6u\x89\xb9\x1e\x16Z\xc7d\xeex\xe9\xb5Tx\x1eP\xd6r\xdda\xea{\x91\xf5\xd7NV\xe3#){o\xaf\r\x11\xd3\xda`\xc7\x1b\xa5qk\x99TC1\xcf\x11\xc7\xfc\xf5;L\xb6\x95_\x89\xee\x93\xe5\xeev\x9b\xe0\xb2u\xf3;O\x89\u0383\xde&\x9b\xdbMK\x16\xcdsM\u007f\xebZ\x98\xb6m\xe7B\xd5\xe2\xeb\x87\xd6t\xfc\xbe$\xbb<\xfbց\xa8g7\"SL\xa6\xa7*\x18\x1a3\xfb\x9f[\xcb9o\xdd\xcbCv\x12\xa5[\x8cU\x85v\xb3\xbe\t\xd8U\xe8\xf0h\xef\xbd\x0e7VŖ\xee\xc5\xdar\xaf\r\f:\xf7\v~\x8dq\xf91\xb1\xdb;ҕۀ\xf7\x14\x8f\u007f~\xf2>\x96\u007f\a\xdf>h\xffw\xe2l\xd8\xfe\xa7w\xfa\xaa\xae\\\xd3\xf4k\xb8\xbdz\xb6}_*\xbb\xd2w\x97\xb3\xd3\xe4u\x8f\u007f\xe5\xdc6\xa3\xe0\xbfŝ\x00Q\xc1\x16\xeb\xfa\x95\x1fn\xa8\x84\x9c\x10\xef\xd1\x16\xf6\xbc6\xb3\xde\xf5\"\u007f\xdf\xfe\xcc\"\xf3`\xf6/\xcf\xd6\xfd\x8d\xb6\xab\xdc\xc9vvGc\xc5\x16\xdf\x05\x17Lw=Y\xf7\xff\xb2\xe7\x1eӷ\xc9\xc76\xffy\xbc:1\x8au\x1b\xf7\x93\xff+\xb5\xf6\xdd\x0f\xf1;\xe4\x1d\x93qk\xb1Ѣ\x93\xbe\xe1\x12\xc1&\x916i3\xaf\xdb0U,\xf7)\xbc\xb0\xff\xf6\xc7#6\xcf\x19\x9f\xb1|r\xf9\xe6\xa1f`|r#\xa3\xe4k\xa6\x8fg\x14\u007fY1\x19\x88\xcf=\x11\xdf`\u007fWu\r\xd3\xec\xc7\xe2\xf7\xf6\x9e\x9a$r)\xa81\xf8٫?\x06\xe9F+\x93\xbeM\x16\x17e7\x8c\xe3\x97\xce\xfc\xfae\xe5\xf6\x1a\xdd\xcdo[\\\x8c\xdc5ح\xdb2]W\x1e7\x9b6\xa1\xa8\xe4\x86вb\xe5\x8b~;\xb7UY\x1d\xd1\\\x18\xc0&\xb8\xf3\xe6\x17\xb5\xbc$\x0e!\x05\xb1\x0f\x8c\xe1\xe2WX\xcdҧ\xbf\x0e\xfc\xf9\xdfX\x85\x87\x95?l\xff{[\x99\xa0\xbe\xae{\x99\xfcQ\xf2\x1f\xae2\x1b\xbal\x9et\xecU\xe9\x8au\xbb\x8f'0w\xcc\xf8\u007f\x9c\xa5%hB\xdb\xc3-\x93W\x06\xe8\xbfx}\xc9l\x8dA\xc2\xf2\v\xcc\xc2[\xb9\x00\x01\x00\x00\xff\xffQ\x90\xb9\x89\x82\x05\x00\x00")) - p.addCertFuncNotDup("0\x81\x941\v0\t\x06\x03U\x04\x06\x13\x02US1\x1d0\x1b\x06\x03U\x04\n\x13\x14Symantec Corporation1\x1f0\x1d\x06\x03U\x04\v\x13\x16Symantec Trust Network1E0C\x06\x03U\x04\x03\x13\x161\x16\x91\xd4\x03\xbd\xaa_yvM/\x9f`?O\xefA\xd4\xd7sW\x1f>AN\x15̙\f\x06iL\x86\fK\xd7=v\v\xfe1\xc3\xec\xb1\xd2/=\rO\xdew\x06uƟ\xdf\xd8\x17Ɲ\t\xed\xac\x98\xb9f\xd3\xdf;21\xc6}\x9a;\xb3\xc5O\bfl\xbd\xd3\xcc\xced\xc80\xe7\x84˭\xccCf\x87C$\x05Z\x99n\xcdu\u007f\xef\xf8M3ҋ\xfazkJ|p\x02Z2f\x06\x05\xae\xe8\xe3\xe2\xf0\x8d\xe2\xdb\xe2=3]\x96}\x8b\xabJ_s\xe9^\xa9\xe7\xea\u007f\xaa\xa1ǭN\xba\x88\n\xe4\xed7\xcc>}\x93}r\xbdLk2\xc3c#\xa1\agN\xff\xb6\xcc\xe9\u007f\x14\xfc\xc8\xc6\xc1\xf8\xe6\x92\x1e\xf7gk#~w\xae\u007f|\xafM3\xccD\xc7u\x87\xd0/\x97\xce<]\x11U\r\x15\xc6\xd4k\xaf\x82ְ\xe6\x85\tq\xda^(\xf9r}/۩\x15V\xbdaN\xbfz\x8b\xecJ>2\x17\xddo\x97\x8e\xe3\xab\n\x9d\xa6c\xb1}F\xebY_c\x97\x93S\xfa\xa3\f\r̽\x17[\tm~nvQ1\xc3[\xd7\xe2Y\xf0:\x19\xd50\x8e0\xe6\xf4\x96\xb9\xc7\x0e\x9fSI:\xeecv~\x03\x9b\xcb\xf6\xaf\xf1Lwo\x86\xbcԟ\xe0Wu¯فg\xd6t\x1b\xf3\xfd\xfb\xdf|\xfb\xb0\xa5\xb5\\\xe3 \xf7\x89\xf4&\x01q\x8bE\xdb\xd9^\xcd\xdeo\xf5\xe3\xa52\xfb\xfe\x92\a3,DC+\xde\x151\xc4H.\xfer\xc9\xf8\xc1\xff\xbd\x17C,5\xf9\x01\x01\x00\x00\xff\xff\x0f\xc2\x01:\xfa\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\x941\v0\t\x06\x03U\x04\x06\x13\x02US1\x1d0\x1b\x06\x03U\x04\n\x13\x14Symantec Corporation1\x1f0\x1d\x06\x03U\x04\v\x13\x16Symantec Trust Network1E0C\x06\x03U\x04\x03\x13\xbc-^\x81\xbbj\xde_>\xf3\xcbj\xd6\xd6\xe5\xc9¶\x8c\x0f<\xed~\x1dt?9i\xb3\xd5\xf5\u007f\xf9s\xbeϲ\xe2\xff\xca\xc7\xc5u\xd8\xfe\xc4s!\x91\xbe\xabWsg\xe8l.4\xe2z\xad\xb5\xf7\xdb\xf5,\x05\xeet\xd79\x976\xed\x0fVJ㌽-\xf8\xf9#\xabq\xc4\xe2G;\xceלm\x9a\xbdw\xb1\x93\x81\x83\x01\x1f\x1bs\xa8,?#\xe3\u007f\x16\x16f&F6\x03~\x10_\x18\xc4g5`fd\xfc\x0f\x0e\x02Y>\x161\x16\x11[\xa3\xcfV+y&\xb4\xfc\\ԓɖ\x18\xa2\xdf^\xf4\x8f\x159U0g2\x18\xa41\x192\x9cX\xb6r\xbdc\xfd֓\x82Nb\x19\x99>1;\xd4%\xb6\xcd\xf8x\xa0~Bn\xfb\xe5\x1e7\xf1\x0fv\xfe\u007f^m\xe08R彇C\xff\xf8\xa3\xe5\xf9\xa9L\x86\f\xd7\"ﵝ\x8b\xe7;\x15r\xf5\xd8\x05Q\xbe?\xddS\x8a\xae\xf41D\x04\x9f\xaf\xdb\xe8\xcd\xfb4\xa0\xed\xf5\xbc\xec\xfb\xff5\x97\xddp\xbf\xb9`\x9a\xc4\xedO\xae\x9b\x01\x01\x00\x00\xff\xff\xabɆ\xb6\xac\x02\x00\x00")) - p.addCertFuncNotDup("0\x81\x941\v0\t\x06\x03U\x04\x06\x13\x02US1\x1d0\x1b\x06\x03U\x04\n\x13\x14Symantec Corporation1\x1f0\x1d\x06\x03U\x04\v\x13\x16Symantec Trust Network1E0C\x06\x03U\x04\x03\x13\v,W\x8aV\xad{{iс\x0f\x13\xcc5%\xd4b^\xf0\xdal\xcb\xf1\xb4?\xf8\xe0\xceM\xefm\"\x92\xdc\xcb.O{x\x8d\U000f191a\xccO\xf9T\xef\x9fR\xce2\f\xcd\xd7.\xac\xf2\\t\xe5\xf6\xb3$\x8b]\x01\"ι?\r\u007f\x84\x89ݴ`\x9ax\xfeu\xce\xddݖ~3\x1f\x1a\xa4\xbb~\xbc\xf2\xa1\xf7\xf0\xfd\u007f\x9f,\xd8\x15k\x19\xe2\xc2\\6?I\xd8;Q{\xce\xeah\x96\"\xfeM\x1a7\x8bV\xb3*8\xa9\xae\x8cf\xceR\x108c\xf8A\xfb\x96\xa9΅߳\xa6\xfb}h\xf2־\x11o\xb6\x98[w}2\xaf\xacj\xfd¼\x98\xa4\x85\xbd\x1av\v\xff\xc8(\xfc`\xd4\xdf\x15:Kp\x83\xe4\xa5\x13\x01\x95\xd9|Y\xac\xd7W\xb1\x98mZ\xfc\xe9a|\xf9\xf2\xf29O\xe5\uef3c\x9fu05\x96\x89\x99\x91\x81q\xb1\x93\x81\x83\x01\x1f\x1bs\xa8,?#\xe3\u007f\x16\x16f&F6\x03~\x10_\x18\xc4g5`fd\xfc\x0f\x8e0Y>\x161\x16\x91\xf6\x1e\x85\xa9'fx]\xbc\xd6\xc0\xe65\xc1\xc4後\xef\xfe\rhɘ\x19\x14\xb8\x8d}\x9b\x96\xa6Mۮ\xb8t\xdb\xfb|\xe5\xa8\xf8ۍG\x9d\x96V\x1c\xcc\xfc\xfb\xc5\xe6\xfaϘ\xec\x82\"\xa9?Q\xd3}\x19\x1a::\x9a\xba\x0e\x17\xf2\xf6\x1d휭\xf3\xb6\x97\xfbRQ\xc8\xd7\xda+1\xce\xe1/?\xaf[\xca$\xf8\xadL\xbb1\xfcn\xed\xad\x12\x83\xbf!\xee\xdf\x1e\x88\xe5-\xdb\xc2\xe5\xf1\xecy);\xbf\xa6\xa4\xe5\xb9\xca/\xdbr\x8e\xc6ϼ*\xef\xfd\xeb~\xae\x8e\roHC\xc1\x87\x0e\xee\x86\xf3\xc72\x16\xed\x90-\xb8Y\xd6\xf3\xe7\xddғ\xe7\xd7ʞ\x9f\xa9\x1a\x1e\x95\xe4zZ,{\xaf\xe7٥\x8b{2+U\xd7\xed\xf0\xc9\xe9vH\xf3\x16\xb3?\xcf$u\xf7aN6{bV\x99\xa8\xe6\xccz\xe9\xbb\x1d\r\a\xf7o\xed/>\xbal\x9ar\xcb2\x8d6\x15\xe3,F\xbd\xf0b\xd5mq\xfb\xfb\x9f\xc9&\xaep\xd0L\x97m\x9f-[?{\xfe̳\x86\xd7B\xf6%\xed\xb6\\\x93!\xe41Qa\xe9\xe9\x8dw\xff\xe5\xff\x89z\xd2\x14\x1a\xb9\xdep% \x00\x00\xff\xffy\x1f\xdf\x03\xfa\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\x941\v0\t\x06\x03U\x04\x06\x13\x02US1\x1d0\x1b\x06\x03U\x04\n\x13\x14Symantec Corporation1\x1f0\x1d\x06\x03U\x04\v\x13\x16Symantec Trust Network1E0C\x06\x03U\x04\x03\x13\xdeȆ\xe7\x90\xff\xe4\xfd!\x0f\xce$\x19\x16\xf6", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xfdf\xd0\xc4|o\x013\x13#\x13\x93@jra\xeb\xe5|\xd7c\xfd\xf5\x86?9\xdb'5\x19\xf0\xb2qj\xb5y\xb4}\xe7ed\xe4ae0h\x9cb\xc8m\xc0\xc9\xc6\x1c\xca\xc2&\xcc\x14\x1al(k \r\xe2p\t\x8b\x04W\xe6&敤&+8\xe7\x17\x15\xe4\x17%\x96d\xe6\xe7\x19\xca\x1bȂ\xa4\xb9\x85\xc5\xe0\xd2!E\xa5\xc5%\n~\xa9%\xe5\xf9Eن\xae\x06\xce \x05\xcc\xc26\b\xfd9\x89\xc5\xc5\n\xc6\n\x01\xa5I9\x99\xc9\n\x01E\x99\xb9\x89E\x95\nΩE%\x99i\x99\xc9`\x83\x15\x1cKK2\xf2\x8b2K*\x15t\x15\xdc\xcd\f\xe4\xc4y\r\x8d\f\r\f-\f\xc0 J\x9c\xd7\xd8\xdc\xd0\xc8\xc0\xd0\xc8\xd8\xd4\xd2\xd42j\xb0:\xbb\x89I\t9\x80\x19Y\x19\x98\x9b\x98\xf8\x19\f\x9a\x98\xb8\x98\x9a\x98\x18\x19\xb6\xf3m\xfa\xe5\xbbgV\x91\xe8\xef\xf2\xe8\xdb\u007f\x9d\xf9Os\u007fO\xd0۬]dz;\xf8\xd3\x19\xbf\xd4ϒ\xbb\xff\x9b\xca~\xbf\xbcr\xb7\x83\xeeֻ\x15W\x96\xfd4\u007f\xd5\xcaZ\x9d\xbb\xfd\x99\xb07[\xcd\xef\xb2\xe4~\x05Y]\vm\x96\xd6O/6\\\x8c\xf7\xf5R<\x99uc\xca+9\xa6\x80e\xab&\xb0/pW|\x95\xf6\x93e\xc1\xb3\xe6\x0fG\xbe\xc6M{\xa4\xee\x9bxx\xf3\xc1\x1e\xa5mi\v\x19.\x86i\xfe~{\xb0^\xe5\x94\xed\xaf\xa8)\x1bZ\x0e\x1f\xdf\xe5,\xf37\x85\xef\xa3\xc6o\xf7\xc8Oj\x0f\rw\xba\xfc\\}\xf7\xf7\xbe}:\xe6\x8f\xd7pK\\\xfeø\xe8\xe3\x12.\xd3&w\x9f\xd5{\xbb\xe2\xee\v\xb7\xfeQ8\xe3\x11\xb9~\xbdc\xfei峧&/\xbf{5\xfeD\x8a\xf5\u007fF\xe6\x05\\\xfe\xbay\xb6-\xfb֟0\xda\x14\xac9A\xf4\xfb\x06\xd6Y\\6\xdfv\xb2M8\xb9\xf4a\xec\x02\xeb\r\xffVl\xdb\xff\xb5S#\\\xc5J\xb1\xad\xf0ɝ\xaen\xc7\xd07r\x06*\x91\x17\x0fD\xee\xa8X\xbf*\xaa\xe4\x9ej\x83\xc1\x8c\xb7\x06.\xf9\x8a\x052\xb7\x85\x82\xf9\xae-\xd3H\x9b\xac#\u007f\xc6\xdfF\xba\xf1\xe8\xceo\x15\xf9\x17\x8c\xac8\x8ang\U000f9277N\xf9\xbc\xe7\xfd\x9e\xefK\xe2\xfa^\xbeܚ\xf2t\xbb\xb7\xab\x90\x8e\x8f\xf9\xf6\x04g.\xdfB6\x86)j\xa6%\xf2\xbb\xab,c\xfc\xac\x9f\xed`~t|rw\x8b\x8e\xaa\xa7\xeb\xddz\xe5)\t\xf2\xa7_\x9e\xfd\xb6z\xfa\xf7\xc4\xe7\xbf\xeb\x93\x1aO\xdc\xe12\x88\x91\xa8yv\xee\xfd\xf1<\xb9\xf6\x9a\xcd/O\x9d\xa8\xce\xfa\x92\xf1\xa7y)Oؖ]\x9bz\xbd\xb8\x8eO\x9f~\xb4\xc3@\xd4V\x80#D\xb4\xa8(\xdd\xd8\xf8K\xcd\xf6s\f\xea\xc1\xa9\xe7T>F\xa5<7\xd3\xff\xa4\xc7th\xfa\xfd\xa2\x17Lr\v\xbe\xdbn\xfd\x9d\x91\xc0\xfc\xcbx\xe53\xa1\\\xb6\x87+W\xc4\xfa\xd9\xfc\xbb\xf9\x9c!u\xcd6I\xdf\xea\xe6z\x13\xf7W\x0f%r7v\xcbT\xae~>\x97\x89\x99\x91\x81q\xb1\x93\x81\x83\x01\x1f\x1bs\xa8,?#\xe3\u007f\x16\x16f&F6\x03~\x10_\x18\xc4g5`fd\xfc\x0fN\xb0\xb2|,b,\"\x96\x85\x1c\fv\xf7N\xb4=\x9f\xf0\xff\xc9_E\xfes*\x92b\xdfв13(q\x05dw\xf8&x\x9c\x8bz\xact.\xbd\xa6e\xf9Y\x99\xbf/y\x98{\xcc\xd6s\xb5\xf3e\xad\v_\xc7x\xc1l\xf7\xa7\xbf;\x8b\x0f\xc6o]\xb1\xceg\xd1/\xcf\xd3\xecnbf{\x1f\x9f\b\xb7\xa8\xb3x\xb2_\xd58\xe1\xd8\x1d\xf39ɻ\xe3f\xc8Imj\xfa\xb0nY\xb9`\x83\x8b\xfbBͣ\x1f6[\x9d\x9b\xf1aǛ\xcb|\rl\xe5\xca\x06>\xff+S\x92\x95\xa2\xcb';{\x97n\xbem\x9dg\xedu\xf7\xe3\x89u[ͻ\xa6vX\td\x14X\xec\x8c.\xa8\xbb\xea|\xf2O\xbc\xff\xd3g\xd5f\xef>(\xbcu\x0f\x17V\x13\x88\x13a\xe3\xad.c?tLW\xec˺\xe59\xfc{:\xf8\xfdu\x98\xb6-\xbe\xae\xf4l\xa6\xbb\xe9\x8dޥ\xfe\x8dBV\x82\xb5\x9b\xcfp\x97~\x96+X,\xcd\xfc\xea\u05ec\x17\xcf\xf4\xcc,\xcf\xcc\x1f\xbc\xbd}ߕ\rѩ\xfdb\x19\x9fÎjI\x8a\xf9\xf2\xefHm\xcfUiޑt\xe7\x81{\xa2TG\xf59\xbf\xfa\xbfw\x8e\xf1F\xcdZ\xf2y\xabϷ\xbb\x86\xcb^\xc8\n*\x1a\x1b\xb0$\xd6\xca<\xb0\xf3\xef\xb5\xdf\xda-\xc4\x10U\xbbr!Õ\xe6\xd7\x05\xbb%~,\xb9$Ө\xbb\x9dC\xf0\x84Z\xf5\xb6+O\xf9\x99݊\xae\xa8:\xc8\xed\xf3\x8c͝\xfc1f\x93uiH\xa6Ղw>J\xbb\xd6\xcczı\xd65\x99\xd5+ȴ\xec\x88\xc9\xd78v\xa3\xb5wj\xd4.F\xf7\xaf}\xf2l\x95t\xe9\xfcױ[^\x1cX)Z\xe3\xe7\xc5^t\xdf\xed䕉\x93J\xc36<|gn\x96\xaaqT\xf4\x84vٙ\xdc|\xc9\xe6/\u007fo\x89>r|n\\\xe9\xd6\x1c\xfe\xf3\xe3\xd2m\xb9\x97\xf7\\\x0f~\xfe\xae0\xb7b\xe5\xf4\xe5\xef\x14\xe6H\x8a\x16\x89ڲ\x00\x02\x00\x00\xff\xff\x9dBn\xba\xfa\x05\x00\x00")) - p.addCertFuncNotDup("0P1\v0\t\x06\x03U\x04\x06\x13\x02PL1(0&\x06\x03U\x04\n\f\x1fKrajowa Izba Rozliczeniowa S.A.1\x170\x15\x06\x03U\x04\x03\f\x0eSZAFIR ROOT CA", "S\x92\xa3}\xff\x82v\xf03\xd4\xeb\x92gGa3\x1bh;*", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb.4hb\x8a\\\xc0\xcc\xc4\xc8\xc4$\xca\xf0\x8c\xf3_\xd5+\x86\x8c\x9e\a*[\xde*H˿\x0f\xda\xe2rр\x97\x8dS\xabͣ\xed;/##++\x83A\x80!\xb7\x01'\x1bs(\v\x9b0S\x80\x8f\xa1\x86\x81\x1a\x88\xc3\xc5#\xef]\x94\x98\x95_\x9e\xa8\xe0Y\x95\x94\xa8\x10\x94_\x95\x93\x99\\\x95\x9a\x97\t\x12\n\xd6s\xd43\x147\x10\x05\xa9d\xe6\xe1\v\x8ert\xf3\fR\b\xf2\xf7\x0fQpv4\x90\x13\xe7544420344405\x8f\x12\xe75F\xe6\xd2\xc0\xc6&F%do1\xb22071\xf23\x1841r15122\xacq\xd7\xef\x8f4\xb4\\\xfa\x8a\xf7\xc3\xd2\x1e\xed\xbdLK\xf6\x9e\xe5*^\xc5\xf9\xecL|SV\xe9\xca\xe9Ow\xb3\xbd\xff| v\xe1\xc1K\x9d\x95\x11\x1f\xee\xbc\x0e\xedy\x17!U\xad\xfe\xdf+`3\xc3\xc2,ae\xe3\t/\xf4\x83\xcd\xf2$r\xf8\x1d\xae\x99\x87_g\xe3՟\xa0r*\xfcO\xf4\xa4\xff\xca\r\xe1\xad\xf6^\U000c2b0e?\xdb\xcd\x1a\xa06o\xff\xe5m\xf1\xeb\xb6\xda\x1fؔmV+~dC\xec\xfa\x94φ\xf2\xad\xac+\x1e(\x8a\xd9\x04OJ\n\xabOX\xf7\xa8\xfa\xa2\xc3\xc4;\xdb.\xd4\x158hd\xf1?\x14\x94\xae\xffu\xe7\xc5C\x97\xe2\xd7r\xab\xaf\xdf\xceH\xca)|\x10\xf1\x98\xcdU1\x92\xc74>7\xbb\xfa\xff\xf1\x85\u007f\xf7]\xecP:\xd8\xf2\xe7\xb1\xd1\xed\xaa\x05\xaf8\x1e\xf3\xc5K\x1f\u007f|\xd6H\xc2R\xf1/\x97\xd4\xd9\xd4\xef\xc1\xfb\xdc\x1d|\x82\xff)\xa5\x1e\xaaޭ\x1cZ%[\xf3V\xa3\x87\x89\xcdڰ\xf6\xdb\xf1{\xc6kZ\x94rO\xb331320.v2p0\xe0gc\x0e\x95\x15fd\xfc\xcf\xc2j\xc0\xcc\xc8\xf8߀\x0f$\xc0\x0f\x12`afbd3\x90\x05\xf1\xf9X\xc4XD\x82'-\xae\xfd\xdfT\xf6\xc1\xf8\xca\xebI\xe9\xee\x89\xc6\xd2\x19\xd6Zh\x89\x87\x19\x14\xb8\x96\x01\xa1s\x9f8\xfd_\"\xfdH\xe1\xe4\xd63\xb6\x9d\xba\x0e+\x97{vJoJ9ly\xc2\xdalCKf\xab\xe8\x1a\xb7\xc5\x02\x8a\x0e\x82\n\xad\x8b\xff\t;M|\xbd\x8a\xe1`\xc0\xae\xa3o\xbf9\xba\x06\xc9~]\x15U^\x9c\xf3\u0cce\xbcQ\xff\xd6\x06wwf\xe3\xbe\xc8y,\x8d6ҭ¥\xeb$6\x85\u007f\xe3-\xb9\xe0r_\xb1~G\x82H\xfd\x83+\xf5\xbb\xbe<_V^[u}w\x94dI\xea7\xdb\xc7\xda\xeb\x1e\x8bh\xb1Oa\xdd\xff\xf8\xb7b\xe9թƋ'Y\xb7Ÿ\x1b9p\\8\xbb1\xca\xff\xf6\t\x06\x91\xd9\x15\xaa\xd7Xw\xbc\xb7\xac^\xa2\xae7\xad\x81c\xcet\xc3^Ϯ\xec\xb5\xef\x05O\xab\xc7\xd6e\\\xfbR\xc4v\xe8\x10\xdf\xe5B\xd52\xed\xf7+ܸ\xafT\u007f=\xfc\xf9\xdd\xfaw\xad\x01γ\xf4\xd7\xf3\v\xb4j\xec\xfda\xa0 \xdb\xc8̿>\xc5zCA\xadZ\xfc<\x1b\xbb\x8ec\xa7\xf8\xcc\x1f\x1exl\xd0Ĵz\x013\x13#\x13\x13#\xa3\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x83\xc6&Cn\x03N6\xe6P\x166a&\x17WCm\x03M\x10\x87\x8bG)D7\xb8\xb2\xb8$5\xb7X\xc15\xaf$\xb5\xa8\xa0(\xb38U!8\xb5\xa8,39\xb5X\xc1=7\xc9\xc3P\xde@\x16\xa4\x98\x9bG\f\xa18\xa4\xa8\xb4\xb8D\xc19\x15\xa4\xc7P\xd5@\x19\xa4\x80\x99G&D7$5'585Y\xc1='?)1'(?\xbfD\xc19'\xb1\xb8X\xc1\xc8@N\x9c\xd7\xc0\xc2\xd0\xc0\xc0\xd0\xd0\xc0\xc4\xc0\xd0$J\x9c\xd7\xd8\x18\xc4526\xb54\xb5\x8c\x1a\x1c\x8elbTB\x0el\xd0Ĵz\x013\x13#\x13\x13#\xa3\x01/\x1b\xa7V\x9bG\xdbw^FFnV\x06\x83\xc6&Cn\x03N6\xe6P\x166a&\x17WCm\x03M\x10\x87\x8bG)D7\xb8\xb2\xb8$5\xb7X\xc15\xaf$\xb5\xa8\xa0(\xb38U!8\xb5\xa8,39\xb5X\xc1=7\xc9\xc3P\xde@\x16\xa4\x98\x9bG\f\xa18\xa4\xa8\xb4\xb8D\xc19\x15\xa4\xc7P\xd5@\x19\xa4\x80\x99G&D7$5'585Y\xc1='?)1'(?\xbfD\xc19'\xb1\xb8X\xc1\xd8@N\x9c\xd7\xc0\xc2\xd0\xc0\xc0\xd0\xd0\xc0\xc8\xd2\xd4,J\x9c\xd7\xd8\x18\xc4526\xb54\xb5\x8c\x1a\x1c\x8elbTB\x0e_\xf0%h\xeb\x8d\xc9,\x8f\xdd\xda\n\x1d\xbd\xb4?h\xe9\x842_\xf38\xfc\xc0\xd2\xe2\xed\xa7\x18\x1b{\x97=\x93m\x13W\xfb\x9d\xe5\xdd\xf7AA=\x82ϥ\x9eE\xaa}\xe9\xf5i\"f\x13.xV/,\xfd-\x95]\xbc\xf1ǹ\x95\x9c:\x9f\x82\xaf\x1e\x16q\xd9Ѷ\xf4[\xb7\xb6\xe5\xad\xc5\xc6!7\u007f\x15I}W\x12\x95阘]\x9f\xf6\xf4pV\xc3\x06\x95\xcf\xf7\xdb\\;\xfeJ֗\xb6\xcb\xcbo\x94\xe6*V\x89ޙ\xfa@'\xe4D\xc2\xe54q\xfb\x87gB\x8c\x8b'2Y-\xab\xaf.\xb3\\$?m\x9bź\xad'&\x97\xc8\xce۹\xe5i\xc2\\\xfd\xb0\x8b\x0f^\xc7E\xfb\b\x15\xf0\xe4\xb8(\xac\x16\xbc\xf1E\xf2ۥ9A\xe6\xcf\u007fm;dh\xeduEd\xe6\xda\xe3R_c\xe3\u007f\xb1\xef\xa8ᕿ\xd6,\xb7\x99\x89\x99\x91\x81q\xb1\x93\x81\x83\x01?\x1bs\xa8\xac0#\xe3\u007f\x16V\x03fF\xc6\xff\x06| \x01~\x90\x00\v3\x13#\x1b8Bd\xf9X\xc4XD\xb62\u007f/\xb3Nl\xca\x12Z%\x11\xfc\x9aYq\xca\xfe\u007f\xe7N\xa1%QfP\xe0\x86پ\x9fru\xef\xad\xe2M\x11\xfb\xd6MX;C}\xfa?ƍ\x1b\x82\x18v\xf8>\x91V,\x91\xae;\xf0..SKu}\xcc5\xd9[\x97*O~\x9e\xae\xf9\xa0\xad\xfd\x1eK$\xff\xc7\xc8+)\xad\xde3\u05eb\xb2ȝt[9\xfd^\xd3&\xe9\x82\xf9s\xbe\xad/4\xbc[ͺT\xe7\xf2\xceS\xee\xdfN}\xfa\xf6|\xedN\x0f\xfb=b\xdb\x0f\xe6~yŹ\xfe\xcd\xe7\xad\xcfY\xe7-\x93\xeb\n\x0e\xbc6\xb9\xf1L\xc9\xe4o;o-Se-\xa9\x8c\xaas\xb0k\xf2V\x134\xc8{h\xefxܝ\xc1\xf4\xea\xd7\xcb\xdfC\xec\x1amoyf\xcd\xda\xfc^\xc0\xf6\xd9\xeb\xfc\x8b'\x94\xdcO\x9f9\xcfh8\xe9\xa6\xc4c\xa5}\x9crRvQ\x9b\x9ed\xf3\x84T\xd5:\xfb\xed\xe8\\Z}}\x91\xed\xb4\xb63\x9f\xd4Lt\xb3&͝%u\xc1\xe0Q\xac\x1fˆ\xf8n\x85\xba\xf2\x83\xb6S\x9b.\xbaͲ\xb6\xa9ؑ\xbf\xf0\x02oʢ\n9M\xbfɇ\x97\x84\x88D\x03\x02\x00\x00\xff\xff\x80dG\x1b\xc7\x03\x00\x00")) - p.addCertFuncNotDup("071\x140\x12\x06\x03U\x04\n\f\vTeliaSonera1\x1f0\x1d\x06\x03U\x04\x03\f\x16TeliaSonera Root CA v1", "\xf0\x8fY8\x00\xb3\xf5\x8f\x9a\x96\f\xd5\xeb\xfa{\xaa\x17\xe8\x13\x12", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xb50hbVX\xc0\xcc\xc4\xc8\xc4$\xc80u\x9f\u0602\xefzn\x1f\xab-\x9b\x8a~u\x9f\x9df\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xc0\xdcP\xc4@\x88\x8d9\x94\x85\x8b\x87;$5'318?/\xb5(\xd1P\xde@\x16$\xca\xcc#\x86$\xaa\x10\x94\x9f_\xa2\xe0\xec\xa8Pfh '\xcek`nh`hahd``j\x10%\xcekl\x84\xc4%\xdf\xe0&&%dG2\xb22071\xf13\x1841q15112\x1c\xda\xf7Z\xfd\x83\xe2\xe2ϙj\xa1us\x8f\x86\x8aM\x8c\xf9\xfb^q\u007fpC\x95\ue949=Ɇ\x1fި|8\xbc\xf4RQ\x8d@\xee\x17\xf3\xedO\x9f\xd5T\xbe\xea\xd9\xdaԽ\xcec\xdb\x1a\x86;\xa9\xa5o\xb4|\xe3\x0f\xb6\u007fUH\xd5n\\\xe1nש<\xd5@lB\xfd\x8bpv\x8f\xe7\x92\xeb\xf6\xbb\xa6o4\x97f\xd3\xfaw\xef\xe7\x9a\xda\xe6\xdfq\xbb\x9e\xf4OO\xdf\xe7\xddכ\xc2\x1en\x11\x9aibf+\xec\xf1\xde\xff\xd1\xe54\xb9%祶Ǚ\x19_\xd9¶W\x82\xf1oyK\x00\x83\xebמ\xd8\x17\xca{\xea\xfe\x99>|\x1bP\xbdҠW\xf22g_Fz\xec~\x9b\xe9\x12\xc1\xbb5\x93\x8e\x9e\x8a+:x|ڕۺ\v\xb6\xc8g2\xbfy\xf5(\xe0#\x8f͇5\x9f\x83u?\xc8|}\x9bciY\xdc v\"h\x83\xf2\xd9\avw\xeeڸ/\xd8m\xda\xf5hFF\xf7\xbe\xa7\xfb\x8b\xde]\xfa\xb5\xf4\xad\xd0\xdb?3$V\xaa\x95\xdd\xd1\xf0\x16P\x90\xb9\\/V\xae\xfb6\xbf\xe1\xbb\xe7\xee`\xd6ݱ\x19ǯ\x9c(\x15\xb3\xef\x8c\xea\xfe.\xee~\xc5\xe7\xe3\xa5\xceJ;_\xdb\x19+\x12\xefY\xc9]\xfa\x11\xc7\xfc\xe0\xe0I\x99\x9e˽\xbe\x97\xa7\x9am6\x8fON\x9em,\xf2AW-;\xb8\xa6\xb3\xc7\xe8P\xde\x1b[E\x06˓\v3\x1e\x054\xebm\xb0\xd2\xfel\xb6`\x8d\xfe\x93\xfc\xc4C\x81\x9c\x96v\xdd\xc1;w\xa7ߺ\x13\xbc\xb3,\xd2l\xae\xf3S\x85\a\xb6F\t\xadJ\x81ۏ\x1b\xef\xbe+\xaa\xbf\xa4b\x19{u\xa3\x9b\x19K\xdb\xddJ\xd3\xe3Su\xac7,\x167}Z,\xbf%&\xf2\xfd\xadW\x02\xa9\xd5U\x17\xea\xe7oޢen]\xd0=;z\xa7\xf6\xf67\x9b\x02\x85\xa6\akF]\xf9 $pǟi\xb7\xd0$\xfd\xa4+\xf6\x99\xce5\xbc\xd7\xfeD\x942v̍\x10\xf3\xbe\xb7k\xc2\u007fw\xc6N\xb6\xaco\xf1\x9b&dmfZ\xc6Ա\u007f\xb3{\x9d\xd6ͫ\xbf2*L}\x99\x98\x19\x19\x18\x17\xdb\x1b\xd8\x1a\xf0\xb31\x87\xca\n32\xfega5`fd\xfco\xc0\r\x12\xe0gaafbd\x03'3Y>\x161\x16\x91\x0f\xfd\x91\x16\f\x9b\xbf\xf6Ϛ\xc6s\xf5\xf5\xaf\xeaU\xe2/\x84\x85\xd0\xf2\x013(e\xed{\x12\x93\xe4\xa7\xf2\x85\x87\xe3\xff\x87\xcb<\x19O&{*ٻ\xa8\xe7\xefνלvn\xc5\x19\xde?_g\xb1=-\x17\x99\xf8z\xaec\xf5L\xad\x96\xa7\xff\xff(\x1e\x8c\xfd\xf0D>|{\xe9ʅ\xf1Lj\xff\xaf\x1f\xff\xeew\xcf\xff\xc7w\x19\xb7\x03U\xfe\x0e:J\xa6\x1f$7^\xc8N\xd7ٰ\xe2\xc1\x01\as\xd3o-11\x8f\xd7;U\xfc[~\x927\xe0\x15oKٷ\xc0\xf7\xcd\xc1Ǫ\xfe\xf3\x85y\xea\xf5W]\xe3y\xa6\x1e\xf2ؗ+\xa1(\xe9\xecD\xf6kK\xf7\x9f\x98\x99\xfd\xf6\x88\xe4\xb3\xd5>\x82\x16G\xf3\r\x1f\xe5y\x9e\xb0/kPcV\xd3|`\xf6\xed\x9bB\xf0c\xf1\x02\x13\xf1\xb9\xc9\x19r\xd9o\x0e\xfb\xb6\xed\x106Џu\xe3uw\xbe*\xbd*\x92ogL/\x9b\xc7ڒ\xf6\xf8\xe3\u007f\fC\x1c\x85\x1f\x1dW\xe4\x9b\xf7@\x8e\xf7\xe1\x81j\xe7\xd6\tG\xbb\"\x8e\xa5rU\x84\u007f:\xa6\xcc\xcfxS\xc1\xfb\x1e\xff\xefI\xad\xa5Z1Ž\xb9ժ\x13O\xbds]\xc7\xe6\xcdp\xe6\xf2\xc6Ȁ[V\x1d֚\xcenqӵC\xce\x05\xe7\xf7z=\x9f\xf6k\u007f!\x9fSw\xcd_\x8d\x05\x17\nt+c\x03\xf7\xb6Y\xbf", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xd12hb\x16Z\xc0\xcc\xc4\xc8\xc4$\x90\xc08}\xbb\xdb\xf2W[\xb6̺\xe6\xad\xff}\xc2o\x03^6N\xad6\x8f\xb6,\x8cܬ\f\x06\x8d\xeb\f\xb9\r8٘CY\u0604\x99B\x83\rE\r\x84A\x1c.a\x9e\x92\x8c\xc4\xf2\x92T\x1d\x05ϼd=C\r\x035\x900\xb7\xb0\xbcsjQIfZfrbIf~\x9eBpjQYfrj\xb1\x82KfYfqf~\x9e\xa1\x85\x81\x19D\xa5\xbeF\xb2\xa6\x82\x91\x81\x81\x85\x02\xb2I\n\xba\nn\xf9E\n\x89\xa5%\x19\xf9E\x99U\xa9)\n\xa5ũ\n\xf9y9\x95\x86*\x06J \x9d\xcc\xc2\xd2\x10\r\n\x01E\x99\xb9\x89E\x95\nA\xf9\xf9%\nΎ\n\xba\n\xee\xc6\x06r\xe2\xbc\x06\x16\x06&\x06F\x06`\x10%\xceklnhd`hdljij\x195\xf4<\xd4Ĩ\x84\x1c)\x8c\xac\f\xccM\x8c\xfc\f\x06M\x8c\\LM\x8c\x8c\f\x9b\xf6\xab\xeb\xfc\xbe}#\xfanE\xb5\xf4\xbc\xf2\xb4\xc6\xd3v{j\xd6}^\xa6>\xcbdq\x86a\xa1\x85qғυi\x95\x1bW\xa6.^\xda}\xb5?A\xd7\xde\xe9̪l\xa3\x03ʧu\x1c\xef>\xb9\xff'qΣ\xe2MJS\x05\x9d%\xe2\x8fl\x93\x0f\xcf\xe1b\x8dP:a\xe6cU\xb3\xf4\xe2\xf9\xb6\xf5\x1d\xcb]\x98\x84K\n\x8b\xb9\x9c\"\x99~H\x8bd;\xddϏߕݴhn\xf4s\xaf\xbdr\x8cE\xb7\xbdK^X\xd7\xd7\xd7ʳlQ\x9b\xfd`K\xd4\x1aw\xdb\xd0\x1d\xd77\xa8\x05i0\x1a:\xa4ݸ\xa9\xb2\xf7\x9b֍7\x8a\x9e1\xb3\xbfU\xbd\xac\x0f5\xad\x9b\x96\xdd;y\xb2\xfa\xe9I\xbb_\xadq80\xffЏ\x86\xf3\xb1_\xa2\xee\x9c+i[f\x97\xc3\x1d|j\xef\xa4s\x92lE\xcfxb,2\x8f\xb3\\ۓs.\xfa\xdb\xf7\x8c9wTE=:\x16\xbe\\\xf9cƜ\a\x9f\xaf\x1aj$\n\xe6\xa4O뵜y\xfa\x90\xab\x8a%\x133#\x03\xe3b'\x03\a\x03~6\xe6PYaF\xc6\xff,\xac\x06̌\x8c\xff\r\xf8@\x02\xfc \x01\x16f&F6\x03Y\x10\x9f\x8fE\x8cEdmΪ)\ts\xde>\xf9\xffˎ\xabD;\x99\xf9\xfb\xb6\xc8\xfdhI\x9f\x19\x14\xb8R\x0e7\xa6\xa6\xae\xe1\x9c\xd4y\xcc\xf2\x8b\xc0ӕ|i\xc1\xb1\x15\xf7~\xa9L\xdc\xfd\xdc%\xf0\xfe11\x13\xae\xf7Y.\x81\xaf\xb4ٻ\x98\xab\x0e\xbf\xb6\xe7\xd2\t\x12[\xa0\xed\xbcSu\x82}\xc1Jc\xd5\\W)\rk\xf5\xf3\xab\x0ek:I߷\xf69`l\x12\xedر?[;u\xbd\xc6\xfbM_\x0f\xafJ;W\x1d\xf6n\xfb\x89\xd3\xe9\aOΑ\x92\xd8q\xe4\xb0'\xf3\xc7\x04\xbe\x80\xb3nG?\x97W~\xdf&\xfa\xc0\xe2\xf6q}\x8d\x05<\xf6\xe5j%7U\x85n\x19ޒ\x92\xbb\xa3\xe98Q\xc9&s\xf9n\xa6O\xdbbԙ;\xbf\xb0\xbd\x9a\xfd\xa4\xa8\xe9\xf1B\u0383/\x19$/\xdb])\xc8\xdeU\xb8lUĺ/\xbb_\xe6l{\xdf~f\xf6\xee\xff\x96\xcf\xc2\x12/s-?\x12\xe3\x93P\xcdZ\xaeV\xb5\xff\x06{\x90N\xd2\xf7\x82䛖{\xf2e\x0eU\xde)\xd3\\\u007f\xee\xa8N\nK\\\x87Y\x9e\xe1\x15\a\xa9$\x133{S\xc6uk\x92\x17\x00\x02\x00\x00\xff\xff\xe8z\x19\xbb.\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\xa91\v0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\fthawte, Inc.1(0&\x06\x03U\x04\v\x13\x1fCertification Services Division1806\x06\x03U\x04\v\x13/(c) 2006 thawte, Inc. - For authorized use only1\x1f0\x1d\x06\x03U\x04\x03\x13\x16thawte Primary Root CA", "{[Eϯ\xce\xcbz\xfd1\x92\x1aj\xb6\xf3F\xebWHP", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbQ0hb\xe6X\xc0\xcc\xc4\xc8\xc4$`\xe2w5\\\xe1\xea\xdb7\x9e_\xf4ϙ\xdf\xd6\xce5\xe0e\xe3\xd4j\xf3h\xfb\xce\xcb\xc8\xc8\xca\xca`иҐۀ\x93\x8d9\x94\x85M\x98)4\xd8P\xd4@\x18\xc4\xe1\x12\xe6)\xc9H,/I\xd5Q\xf0\xccK\xd63\xd40P\x03\ts\v\xcb;\xa7\x16\x95d\xa6e&'\x96d\xe6\xe7)\x04\xa7\x16\x95e&\xa7\x16+\xb8d\x96e\x16g\xe6\xe7\x19Z\x18\x98AT\xeak$k*\x18\x19\x18\x98) \x9b\xa4\xa0\xab\xe0\x96_\xa4\x90XZ\x92\x91_\x94Y\x95\x9a\xa2PZ\x9c\xaa\x90\x9f\x97Si(o \v\xd2\xc9,,\x06Ѡ\x10P\x94\x99\x9bXT\xa9\x10\x94\x9f_\xa2\xe0\xech '\xcek`fhhhn\x00\x06Q\xe2\xbc\xc6f\x06\xe6\x86fFƦ\x96\xa6\x96QC\xca/M\x8cJ\xc8Q\xc1\xc8\xca\xc0\xdc\xc4\xc8\xcf`\xd0\xc4\xc8\xc5\xd4\xc4\xc8Ȱf\xc1\x87\xdf\r\x91W\xe6\x1c_r~\xee\xc2\xc8bN\x01W\x1e^\x9d\xbc\x8c\x8f9\xd1\x1e\x19\x9e\x91\xe6\u007f\xb8\x8d%\x0f\x95ן\x11Нj\"\xf3\xec\xb5/\xe7r\x99K;NN7c\xda\xdeyE%\x9e\xed\xc0\x19\x97)Sz\x99\x92\xf2_G\xdd\x15\xec\u0558\x15\xd32A\xa0\x8awoI\x9a~\x96łGWC\\^˲\xcfgߕ\xff\xee\xe5_?nͯv-\v\x18?\xceY\xfdC\xa6\xaesɋ\x857\nSy\x17\aV\xbf\xdbsI)\x81wg\xf4\xdc\xfb\xbb\xfe\x04Fs\xaf\x9f\xb1\xe9\xa5\xdeK\x96\x17I\xed\xf7\xb4O\\\xf7;\xe8\x93\"w\xf7|{\xc4./\xffS\x19\xec\xb22s\xbd\x8e]՟x\xa6\xa6\xb0H\xe6\xe8\x81\xf4\xd7F\u007fON\x8a\x99r\xab\xf5\xc0\xec\xfd\xc1\xb5ڜ_z\xe6N\x94\x9f\x9e\x15t\xfa\x1e\xa7ْ\xf2\x1b\xd5\xed\x01.W\xed\xf243\u007f[z\xaa\xc9q.m\xa8v\xd0}\xfdB\xbd\xf5\xe4\xbfĿu\xcfj\xa6\xcb^\x9d\xcb\xc4\xcc\xc8\xc0\xb8\xd8\xc9\xc0\xc1\x80\x9f\x8d9TV\x98\x91\xf1?\v\xab\x013#\xe3\u007f\x03>\x90\x00?H\x80\x85\x99\x89\x91\r\x1cҲ|,b,\"\xd5Ѯ\xe7ן;]\xf5\xd7p\x92Tֶ\xcfn\xaf\xc3=\x02\xd0\x12<3(p+\x05\x0fxo\x9e\xb8\xedχ\x97\xe9Wx\xf3\\\xf7\x85\xbe\x98|\xe9\x1c\xb3\xfd\xdb[\xaa\x1bd\xc3O\xcbY\x95-\xf0y\x13P\xf6\"\xa5\x88g\xc9ʏ;\xba\xaf]ko\xd9m\xf4\xd4Q\xf0@\xf9\xcd\xcd\ts_K_\xbd\x98\xe7\xe2\xb2r\x19\xe3\x9b\xd0$\xd9\xf2\x1d1}\x1e\x9e5s\xac\xc3\x05\u05ec-6\xefӯ\x88\x99\x90\xe1~3!\xe1\xd9\x1fv[%\x05\xf1#\xdf\xc5^\x1e\xb9Q\xf4\xf3Dq\xcd}1}ѕv\u007f\xb3Է-|\x1d\xb5k\x86\xfc\xd5Ǿ)\\s\x85O$\xee\xfaj)Ӿk\xc7\xdej\xa5\xfao\xff\xd68T>]#\x90o\xdb/]Y\xd6}\xc4|\xb3\xa2D\xcbS3\x86\xd7\xc9\n3w\xbe\xfcg̲\xdb\xf1\xc4A\xa6\x9f.\xc9\n\xf3\x1a\xcf9]\xbef\xafSv9yN\xe4\xdd\xfee\x0f\xf9\x16\xe89~כ\xea~~\xcf_\xe3\xcf߸\x13\xeb\xea&j7\xba\x1fR7x\xb7\\ ּ?\xc6R\xfb\tˇ\xeaް\x9e\f@\x00\x00\x00\xff\xff\xac\x9cp\v$\x04\x00\x00")) - p.addCertFuncNotDup("0E1\v0\t\x06\x03U\x04\x06\x13\x02DK1\x120\x10\x06\x03U\x04\n\x13\tTRUST24081\"0 \x06\x03U\x04\x03\x13\x19TRUST2408 OCES Primary CA", "\xf6m\xf8\xb1H\xb3AC\x01ۆD\xe5\x18\x05\xb7^\xcc\x067", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x931hbaY\xc0\xcc\xc4\xc8\xc4\xc4\xe2ݗ\xc0l\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x9b\x95\xc1\xc0Րۀ\x93\x8d9\x94\x85M\x98\xc9\xc5\xdbP\xc8@\x00\xc4\xe1\x12\xe6\f\t\n\r\x0e121\xb00T2P\x00\x891\vK\xc2\xc5\x14\xfc\x9d]\x83\x15\x02\x8a2s\x13\x8b*\x15\x9c\x1d\r\xe4\xc4y\r\r\f\x8c\r\x8c\r\x8dL\f\x8dM\xa2\xc4y\x8d\xcd\r\x8d\f\x8c\r\x8d\rA\\jY\xd3Ĥ\x84\xec\x01FV\x06\xe6&&~\x06\x83&&.\xa6&&F\x86\x99\x9e\vo}\x0f\x0e\x8c\xfa\xf5\x9f}\xbe\x02\x93l\xbc\xe9\u007f\xa6{{\xb6l\xd1\xf4\xb4\xfc\x18\xc4\xc0\x167\xad\xee\xeci\x9d[\xca\xcfN\x892\xce\xfe\xa1#\xb1\xb3\xe9ܑ\x0fj\xb5\x87\x1d˸\xba\xc2>\xfd9\xf3I\xcf]g\xa1E\xe5s\xff\xb2\xb2\xd6\x15\x15\x8d\xe9^;3\x97M`ںoŢ\xc2k[\xfe3.}\x9b\x15\xcc\xf8\xba\xfeӞ\xe9\x12SK\xb6M\x9b\xbeq\xf2\xc4\xffg\fBb\x1f\n\x9c\xfa\xfeL\xfb\xb5*\xb3\xca4\xff5\\G\x9a\x0f\x1f\f[\x99\xf50\xe2+[\xdbπD\xceu\xc9l\xa7ü7X6\xb2\x1f\xd9۵\xfc\xe5i\xc9{\xa6;\xdeg\x8a\xbdx\xe8{~\xf9[\xd6#\x1fv\xfeR\x93\x98\xe03\xa9\xf3\xfe\xc3I\xaf_\xdde(\x95\xd8\xdb\xfb\xd3\xd1\xde\xf6\x8c\xc9\x15\xb7\xe3\x1a'vp\xb6\xaeȒI\b\xb0\xb7xp\xd0\xcd\xfa\x92\x8cl\xf3)\xae\t\x9f\xfc\xf7n\x8b\xca?s${\xa2\xdf\xe3\xd5%^\xfa\xefͥ\xc3=\xef\u007f\xbaܣ\xf4\xf9ў\x16\x83\x86\xfd\x16\xf3\x1f\x98N?ri\xe9ݲ\xc9o\xcf\xfe\xf4\xb0\xbb\xca\x1a\xfa\xfdz\xe9\xc6\xd0k\xf7\xa6\xa7Dx\xfefpw\xd0\xf2\\\xb8k?\x9bUw\xa4\x83ͫW9\xbc\xdb?\xcc}\xfcvF\xf3EΗ\xf3\xe2\xdcLV.;\xf4;E\xad<1\xee\xb8Zf;\xcb'\xa3\xb2W\xa7\x17\xba]\xbbP\xf5\xf4\x9a\xfc\xbd\xe4U^7\xbb\xb3Kb\xe4\xea\xebn\xde\xe1\xad\xf5T\xbct\xe3܍\xd0\xc3oo]+\xf4\xe5S\xbep\xedS\x83\xd12凳\xbf0\xf5\x1c\xb5\xea_]wi\xce+\xf5/[\xb6^\xd0\xf8!\xbe(f]\xe2!\xbfY\xee\xaf\x05\xf3\xd7\xda8~\x88v\xe16\x0f\xfe\xb5\xa7W\xf9\xe0ɗ\x0f\x1a\x97\x9b\xb1]9\xfb\xf2d\x1d\x03\xafO\xed\t\xd5O\xaa\xd7LBݪx\xee\xfe\rٻ\xa7\xd9iʄyw\x82C\x17z^LPZ\xd2\xff\xa6\xa4nM>\xcb.M+\xa7\x94Y\xcf\n\xfek$\x18K&\a\xe9\xaeJl\\\xfe\xddy3\x133#\x03\xe3\xe2&F!\x83&F>\x03~6\xe6PYaF\xc6\xff,\xac\x06̌\x8c\xff\r\xf8@\x02\xfc \x01\x16f&F6\x03A\x10_\x81\x85ˀÀ\x8d\x8d%TV\x81\xc1\xa0q:HL\x9e\xa5\xb1ߠ\xb1\xc7@g\x81\xd6\x02\x8d6\xb5\x8c\x92\x92\x02+}\xfd\xe4\xa2\x1c\xbd\xfc\xe4\xd4b\xbd\x92\xa2\xd2\xe2\x12P\x02\xd5K\xce\xcf\xd5\a\v%\x17\xe5\x18\xc4,\x88Z\x10\xb1$\xcc \x84*\x89ݐ׀\x1b\xa2\x86\xc59\xc8\xc7\xd0@\x1e\xe40e\x16\t\x03\xb1\x06\x91o\xb9?6zlvtf\xbc\xdd\xe6\xf2T\x82u{\xdc\x196s\x03Y\x90\x02>\x161\x16\xecҨ\x19\x9f\x19\x94]B>\bHm\xf9]\xd2q\xf8\xfeo\x8e\\\xd6=/\xff;\xb1\xfc\xdeR\xbc\xc9\xcb|\x95\xc8BQ]\xad\x15\x9c7\x16\xcc-\x90s0\x13Xq\xda\xf2\xf8\xb2\xb7\xcf\xfe^\x95\x0fu\xb2l=\xfb\x95s\xf1\x83t5\xf3w\xe2\x8a\xd7\xd6\xd9\x17_\xe2-p:\x96\x1ah/\x9a~\xaf\xcd\xf1_\xe6\xa9X\xb3}\x8f?z\t\xa6E\xf2^\x9f\xf6\xff\xa2+cM\xfa\xa2\x8e\x89\xfbwqYL\v\u007fa\xb7\xab&\xd7s\xba@\x86\x82v\x8dъ\xe6;\xaa\xab\xfd\xb7Ԩ\xe6\xafY\xb6\xf4ö\xfcOw\xf7\xff\xe5(iެ\xf0r\x1f\xf3\xf9\x80K\xaf\v\u007f\x87\xf3\xb1\xad\xfbfQ\xb3\xa7i\xe2\xec\x17ǟ\x17\x06\xfa,\xd8;\xbf\xe7\xdfΛ]\t\xdb\xf6k\x99_\x9a\xf5\xb7x\xd69\xef$\xc5\xff\xdb쭪[v\xec\xbd%\x12\xf3\x95Y\xa2Z\xea\xea\xbfʣ\x9e\\b\xa5\xfe\xc2+\x9d\x8e\x06\xb5\x95\x9f5d\xba\x13\xff\xe0\xb6\xc6?1\xb1\u05cd\x85\xc7\x16\xcf?\xf0\xe0ݏ\xf8\x97\x99\xb9\xbd\xd3\xc3\xfbny\xbd\xb1\xe37\xe7\xdf\xfeQ\xd1\xc8vE\xfd\x96\x86\xe7S'5\xee8o\xb8\xb37\xde\xeb\xf6\u0097\x97\x94\xaeo\x93\x15\f{j\xf5-\xfaժ\x89\xe7/m\xd3I\x98\xb0\xbc\xe8L\xd2\vq\xf9\x8f\x95\xa6s\xd5ܼ\x0ek\xbcj|\xbbAm\x8dέW\x11B*\x0f[\xf4l߿\u007f槲.\xf6\xde\xde\xcaP\x03m\xad\x19˯4\xdf\xda\xf2\xd6,\xb1\xcaGC\xd1\xe5\xfc]\xb3C~\xd3_\xe9\x1c1u+\xe6~\x1b\xd1\xea*\xfey\xf9\xb4w\xf1\xbb\x83\xddco\xf5\n\xfeyZ\xb2\xe0\xca\x1e\xf5G\xddE\xdf:X.\xa7+~\b\xbeР㿭\xa2\xc1Φ\xad\xbb\xa9\xd8\xf4Z\xc3\xfc\xa02Ɖܫ\xfdv,\xdco\xf3\xd7nOS\x98\xd3Ǯ%i\xac\xd1W\xce?\xf8a>q\xff\xa1ߧx\xf5־<|\xc8\xfbE\x96q\xbfYᆜ\xf9.\xb55A\xe7\x1exV\xddԏ\x93\x8fβ6\xdev\xe1\x01\x9f\xf6\xba\"\x95n\xbe\xa5\x8a\x80\x00\x00\x00\xff\xff\xed\uf3bb \x06\x00\x00")) - p.addCertFuncNotDup("0E1\v0\t\x06\x03U\x04\x06\x13\x02GB1\x180\x16\x06\x03U\x04\n\x13\x0fTrustis Limited1\x1c0\x1a\x06\x03U\x04\v\x13\x13Trustis FPS Root CA", "\xba\xfaq%y\x8bWA%!\x86\vq\xeb\xb2d\x0e\x8b!g", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbN7hb\xf2_\xc0\xcc\xc4\xc8\xc4$ -\xbfv\x9b\xc2O\x95\xcbf\xd9ߏ\u007f\xecY\x10i\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xc0Րۀ\x93\x8d9\x94\x85M\x98\xc9\xdd\xc9P\xc2@\f\xc4\xe1\x12\xe6\x0f)*-.\xc9,V\xf0\xc9\xcc\xcd,IM1\x941\x90\x02\xc9p\v\v\xc3d\xdc\x02\x82\x15\x82\xf2\xf3K\x14\x9c\x1d\r\xe4\xc4y\r\x8c\r\x8d\x8c\x8c\r\x8d\fM\f̢\xc4y\x8dL\f\f\x8d\f\r\r\x8d\xcdLM\xa2\xa8eM\x13\xa3\x12\xb2\a\x18Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x19\x8e\x06Tϳ6\xbdp\xffH\xcfپ\xd9o\x17\x1f0\x9b\xf9\xc5\xe9\xd5r\xbb\x86f\xfee\xcb#\xdbONpu\xaecx\xd5V\xa9ż\xd7\xd6|fg\xda\xf6\xa7]am\x93\xe7dxg\xb0\xf4L\x9e\xccdgp\xc9\xdcJ)\xb1S\xa6կ\xb6\xff\xea\xfaj\xd3ou\x1a\ue746w\xf8*S\xe4g^\x8a\xde\xf5\xaf>a\xff\xda\xd7\xcfm,4\xb3\xf4\x9fN\xe4\x0e\xfd\xff&?\xe2\xaa\xee\xc9{>i\x85\xfd<\xd7Yn\xb1?\x93\x93x\xbcW\x93i\xc5/\x99\x87\xd1;\x9bW8z\xec\x91*\xec}\x9e\xf4Tw\xd3\xeb\xfb5\xe7o\xaf\x8e:e\xf8\xd1G\xe93\xab\xf0\xf7\xa6\x9fŕ<\xfb\xae{\xcb\x1c\xb8(j3\xd91\xe5\xe2\xb3}\xca\xe2J\f\x9dq\xf2\xd9K\xd7\xe4-\xf7\xeey\xbb\xb8\xe8\xd9\xfad_\xfd\xd6K\"\xa6\xb3\xf4\xfcz^\x19\xcd\xd0h[8\x91\xd3\xd1j\xcb\xc3ǟ~}8ɵ\xc8\xf1\xee\xca\xc7\xcc\xc7;D\xade\xaeHM\xb9>?%R(\x97\x89\x99\x91\x81qq\xb0A\xa0\x01?\x1bs\xa8\xac0#\xe3\u007f\x16V\x03fF\xc6\xff\x06\xf2 \x01e\x16\t\x03\xb1\x06\x91]\xbf\nU+\xbb\xc3\x1dU\x15۸\v_oJ\xe1\xebVL7\x90\x05)\xe0c\x11c\xc1.\x8d\x9an\x98A\xa1]\x17\xf1\xff\xaf\xa9d\xed\x1c\t\xffy\x1b\xb4\xf7\xf4\xf5\x88\xfc\xd7Yp\xcb=\xfa\xf0\xfbF\xdd\xf5\xac\xafJ<\xa2?\xdb\xf9\xb1\x1f\xcf=\xbay\xf2y%Әm\xf6\xa5\xea\xf1\x9c\xd3\xce.\xf8\xb7ρ'F(\xf4\xc7\xe4\xa6S\x9a/\xe3\xec\xc3»-̾\xbbJ\xf9h\x9c\x9d\xe7\xb8\xe3m\x98O\xcb\x12\x87\x13;6,\xd5\xce,`\xc9:\xfc㊐\xd1O\xbe\xc3\x1b\xef\x18\xb5\xb8\xe8\xe4\x9fv\xe3\u007f\x95\xe6\xc8\xef\xff1b\xe92^^\xfe\xc4{K\xe7\xc5֦.\xb4\x11\u007f\xbe\"\xd4\xef\xfd\x82\xe3o\x8f\xb9ԇ|]\xfc\xa0\xffCM\xa8R\xbf\xe6\xb6\xc6\xc5\x0fs\xfdt\xa4\x1b\xd2߬U\x98ϓ\x94xu\xfa\u007f緺\ao\xc5jj\xb5گI}\xd7\xc6\xcf\xda;!\xfe\xfe\xbb\xf9_\xf6\xbf\x93\xfd=\xe3I\xfd\x04\xed\x96\n\x01\xbe\x1c\xcf\xe0\xf7\xa2ѩn^\xb1\xebw\xfd\xb6*\x92=\xfbM\xb5Cn\xfa\x19\xc59\x9a\x8c\xbc\xa9\xaf\xc3o~\x0e\x9f\xb6\xdb\xe3l# \x00\x00\xff\xff)g \x8dk\x03\x00\x00")) - p.addCertFuncNotDup("0Q1\v0\t\x06\x03U\x04\x06\x13\x02TW1\x120\x10\x06\x03U\x04\n\x13\tTAIWAN-CA1\x100\x0e\x06\x03U\x04\v\x13\aRoot CA1\x1c0\x1a\x06\x03U\x04\x03\x13\x13TWCA Global Root CA", "", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbu4hb\xd6\\\xc0\xcc\xc4\xc8\xc4\xc4ijπ\x97\x8dS\xabͣ\xed;/##7+\x83A\xa0!\xb7\x01'\x1bs(\v\x9b0SH\xb8\xa1\x90\x81\x00\x88\xc3%\xcc\x19\xe2\xe8\x19\xee\xe8\xa7\xeb\xech(`\xc0\a\x12\xe3\x16f\x0f\xca\xcf/Qpv4\x941\x90\x02\x890\v\v\x87\x84;;*\xb8\xe7\xe4'%\xe6(@e\r\xe4\xc4y\r\x8d\f̌\xcc\ř,\x8c\x8d\xa3\xc4y\x8d\r\f\x8d\x8c\r\rMM-M-\xa3hae\x13\x93\x12\xb2\xc7\x18Y\x19\x98\x9b\x98\xf8\x19\f\x9a\x98\xb8\x98\x9a\x98\x18\x196\xb0\xde>\xf1\xba\xe7H^\x97\xe2\xfb>\xdf9\x85\\\xf2A\x05os\x9b\xe6L?z\xdd\xc7\xcf\xd5\xf3\xb4\x83\xd3V!\x93\x1c\xc9C%K\f\xe3[\x99\xa6\xbfq6\xe6\n\xbe4\xa7\xa7o\xfb\x8e\xca\xdb\xdaW\xb3>\xf5\xa5\x1dy\xa7\xcd\xc8>\xe9\xca\xe6\vL\xf7\x03\xbe\x85\xaeO\xe3;\xfd\xc0=A_\xdb\xc8\xd24\xc8J\xa3\xf9G\xb5\xd81\x89\x1dI\xd7\xdcU'\x9e\xfb )\xe4\xbb6\xf9\xebe\xfb\xd2x\xcd\x0f\v\rd\xb4\x16\xccX&\xba\xf7\xdd_I\xb3\x0f\x8f&:\xf7\xff:uM@\xdd\xd3\xe7\xfd݃\x1f[\vf\x9fz\xb5\"\xca\xf9On[~\xf1Ksו\x1f̎\x9f\xe9(\x95\u06dd\xc3\xf6\u007fv\xb6\x9d\xf8\x9b\xc4U\x855\xc7d\x17}\xf7|)\xba\xd5\xe6\xda\xc2į\x82\xdfY\xf3e\xff\n\xee\xbb`\xc0~Hs\x03\xa7\x9fڝNjVL̒?4ѵ#\xe6\xe9\x8c\x1d\x85KE%O֔\n\x9e)(\xf1ם-;\xd1\xe5o\x98Ƃ\u007f\xbb۲N\xfc\x8aᎸs̻\xec\xc4j\xa5\x9b\xc5\xfcK\xbfD1u\xda\xfb\xcfSjz\xb7\xa8$X\xcb6X=S6\xa7\xcfH'\x85A-9\xd1\xcco\xb1\xdbv\xfb\xdaͺkr',\x9a\xba\xe8\xdc\xf9[M\xcf\xd9M$\xa7\xbdܡ\xb8J\xb3n\x99ž>M/ŴJ\xf9͇\xb7r\xa6\u07fbv\x85\xdd\xed\xb3֭gJ\xe6\t\xa7\x1b\xb7\xf1/\xe0\u007fybj\xfd\xfeЉ\xacU\xe7mE\x0f\xe4\xdf\xe3\x9c\xc2\xd8|\xddD\xfa\x8c\xc3\xd2\x0f;f\xa7_\x9d1\xd1zyK\xc5T\xb5%Q\x1c?\xb4K\xb60\xb0\xd8\xdc\xdf!\xd2\xf7\xe2\xfe\xcaޜ\xf4IƲ\a\xb6_z3\xe9\xc4>\xce\xfd:\x9a\xac\xf9L\xd9\xf3\xde\xefٯ\xb5'\xfa@@\xbfcAa\xfb&\xdf\xed,+[\x16\x1b\xad_\xf7.[\xbc{\xd3\xc6\u007f9\x0f'\xf4t\xac\x98\xeeq\xee\x84\xef\xe9\xcfl\xe7㳸\x9c6\xcaɕ\xeb\xf7-x6\x89\x8f\xed\x0f\xab\xd2%\xb5\x87\x86\x81\xb5Fw\xf8\x99\x98\x19\x19\x18\x17+\x1b(\x82ӕ,?#\xe3\u007f\x16\x16f&F6\x03~\x10_\x18\xc4g5`fd\xfc\x8f\x96?\x98A\xa9'ޤ\xb1\xec\xfd4٫O\xb7\xdedJn\x11;\xb8nAA\xe0\xf2\xef>\xee\xa6'\xb8\xafk\xd8v\x16\xde\\e\xec\xf8JD:G\x91\xe1@\x8e\x93d\xdd\xfc\xcch\x05\xa7\xfb\x8b.\xdd:R3ݻwË5'\xde-\xcdd\x99\xc95i\xd9ju=)\xdf\xc6\xfd-W\n\xe4ֺ\xff\xfb\xeb5\xd7\xf8\xc1\xa7\x9dG\\9\x14\xb9nef\x16\x17\xf1\xee3\xf97\xa5{\xeda9\xd3닚\xdf?\xb58\xbe\xb4U~\xf5y\x937\xf6\x1a\xffx>\x86\xb7\xf9\x9d\f\xfd.s\xe5\xc6\xd2Z\xb6\xaa\xfc\xab\xf7\x05\xee7\xfa)\xa6n\xdc\xf6P\xbcr\xaa+۹\xf83w\xdc:\x933\\z'\u007fI)X`;W\x83\xf5\xb0e\xc1\x8e\xa4j\x85\xbfOn\xbf\xe4X\xb8c\x9e-\xe7q\xff\xdf:?&\x979\xde\vz\xf00\xfc\xd2\\\xe6=\xe5\xf3\xfe\xcdӌ\xfb~00A\xfe\xde-\xeeM\xba\xa5\u06dd=&?\xffVy\xac%\xb6!2aʟ\x8a\x19\xfd6\x93\x03\xdf:L`\xbf\x9f\x92\xacrگ\x90u\xe1\xf5)R\x1dF\x1f\x95J\x94\xd6-]vC(\xd3'a1\xd3;\xed7W\x92'q\xc7\xed\xd3/\xcb^\xbcMmO?\xf3\r\xaeO>)n{-\x93\x9eN{m\x92,\xa8qf\xeaǵ\xef\xdf\xdfi\x88\xf0x\xe9\xbd\xe3Uꚗ\u007f\x1a\xb6n=\xe1\xfas\xcd\xc1\xf97w\xbeJ\xea\xe8;\xf2ѻYh\xed\xb3\xee\x96k\xf3\x0e\xbdn\x96\x98\x9f\xb5[Z%\xc1\xb8\xe0̛\xefF\x9fcnV־\x9f\xb7\xe4\xdfI\xe5\xc3*\xefD'm\xb4\x9d\xe8\xafֶ7\xadXE\xf8Ւu\xc9\a\xd7ֶ0\xdb\bT\xb4IW>>\xf2\xf9\x13\xcbT\x85u\xcaMG6[1$\xed\u007ff\xa6\xf20|\xd7q\xb9\t\xa5W\xe3\xed\xa7&j\x1f\xb4>\xfbtsF\xe2\x057\xb5\x95\x8aA\x99\xba\xaf\xf5\x8e\xbf.?\xb7\xccj+\xb3\xb1\u007f\xd9\xc5\xe71!\x8c\xb1\xa7+\xbe\x9c\xe4\xd9\u007f^\xa8O\\W9c\xca\xf3\xd5\xffVn\xd2f\xbb\xc0r\x16\x10\x00\x00\xff\xffz`\xb0\xfdE\x05\x00\x00")) - p.addCertFuncNotDup("0_1\v0\t\x06\x03U\x04\x06\x13\x02TW1\x120\x10\x06\x03U\x04\n\f\tTAIWAN-CA1\x100\x0e\x06\x03U\x04\v\f\aRoot CA1*0(\x06\x03U\x04\x03\f!TWCA Root Certification Authority", "j8[&\x8dދZ\xf2OzT\x83\x19\x18\xe3\b5\xa6\xba", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xae6hbJ^\xc0\xcc\xc4\xc8\xc4\xc4\xc8h\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1 ސۀ\x93\x8d9\x94\x85M\x98)$\xdcP\xc8@\x00\xc4\xe1\xe2\xe1\fq\xf4\fw\xf4\xd3uv4\x140\xe0\x03\x89q\xf3\xb0\a\xe5\xe7\x97(8;\x1aj\x19h\x80D\x98y\x14C\u009d\x1d\x15 ©E%\x99i\x99ɉ%\x99\xf9y\n\x8e\xa5%\x19\xf9E\x99%\x95\x06r\xe2\xbc\x06\x16\x06\x16F\x16\x06\xe6F&\xc6\xc6Q\xe2\xbc\xc6\x06\x86FƆ\x86\xa6\xa6\x96\xa6\x96Q\xb4w@\x13\xa3\x12\xb2\xa7\x19Y\x19\x98\x9b\x18\xf9\x19\f\x9a\x18\xb9\x98\x9a\x18\x19\x196\xd4\x15\xedX\xc2<\xe5\xd9\xf2{\x9c\x16\x13\xbd\x04\x1dڗ\xd7D\xa6\x88To\x15\x14\xb8\xfbo\xff\xd5\x03\xbb\xc3\x1e\xb5\xaa~1-\xe2\xff\x11|\xc1\xf1\xa1\v\xe3\xa1-2\x87\r\x9d\xc4\xdc[\x8d\x95\xca6q\xe5\xf3?U\r\xf0om۷\u007f\x86\x9e@\xba\xdc>A\xd66\xd6\tG\"/\xd4T\blh\x88\xd9\xfe\xf0\xb8v\xe9\xe9\x9a\xf9\xeb\xb6^\x9c\xabl\x9e\xbc\xfc\x8e\xd3\"\xddI,\xd2\x01\a\xabw\xd8I\x9f\fc\xe9\xd6\x0f\x9a\xbdve\xd8˃\xff\u05ee\x8ch7\xd8\xd6\xf8}\xba\xeb\x1f\xc9pk\xed\xfc'\xee_f\xba\xfe\x93\xfd\xf8c\xfa\xe2\x0eYs\x99\x98\xfe\ae\xaa\xb3\x02~,\b\xf9\xef2\xa1L\xf9\x92ѱë\xd9\xf6\xff\xf9\xbd\xff\xf3\xda\xdaIILњ\x97M\x17O\x9e園\x10\xbb\xe9\x97\xd1\u007fk\x96\xf5\xbe\x0eY?\x8f?~\xaf\xfc7\xfb\xf4S\xfen\v\xdew\\\u007f\xfe\xf1Ϙo`x7'(\xf5gw\xe3>\xa5\x872\x11̻&Jw\xb231320.v2p\x00\x87\xb2,?#\xe3\u007f\x16\x16f&F6\x03~\x10_\x18\xc4g5`fd\xfco \v\x12\xe0c\x11c\x11ɲ\x88V\xeb\xbd\xd7\x1d\xf5ɿ*\xa4YR\xe21\x87\xe9\xb2]hI\x8b\x19\x14\xb86W\xcbmo\xdd\xef\xdc\xd5\xce\xc3\x11\x92\xa5\x100i\xdf\x06G\u06ddj)\xcd\\\xfa/\x1c\x0eL\xd7Po2\xf0:9\xf9\u007f\xd6\xf3e\f\xf5\x9dN\xb3\xae\t>\r>\xa7\u007f\xe6\xd3-\xd6#\xff\x1e\x05\x1c\xb1j\xab=s\xabN\x80\xd3z\x92\xa9V\xf0\xa6\u007f\xaf\xb5Yo\xe6\xc4>\xbb\xf0\xferV\xdaTürkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK1H0F\x06\x03U\x04\v\f?Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE1#0!\x06\x03U\x04\v\f\x1aKamu Sertifikasyon Merkezi1J0H\x06\x03U\x04\x03\fATÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3", "\xbd\x88\x87ɏ\xf6\xa4\n\v\xaa\xeb\xc5\xfe\x91#\x9d\xabJ\x8a2", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x157hb\xfe\xbf\x80\x99\x89\x91\x89\x89QЀ\x97\x8dS\xabͣ\xed;/##++\x83A\x13\xa3\xb6!\xb7\x01'\x1bs(\v\x9b0SH\x90\xa1\x84\x81\x18\x88\xc3\xce\xc3\uf79aT\x95\xaa\xa0\xab\xe0\x9d\x9f\x9c\x98\x9a\x93i\xe8n\xe0\n\x92\xe1\xe2\xb1\v9\xbc\xa7(;\xb32U\xc1)3'3\xb785G\xa1,U!$5;/?'?+3[\xc1\xb1(\xf1\xe8\xfc\x92#\x1b\x8br\x13\x15\xbcK\x8bJsK\x15t\x15B\x0e\xcfq:\xb2!\xc4\xd1\xdb\xd0\xc3\xc0\rd\x107\x8f}hNiqb\x8e\x82kNjvIQ~^f6\xc8 \xef\xa2̂\x12\xb0I(\x06\xb9\xe6\x15\x97d\x96\x1c\xdeS|x\x8f\x82\xaeB\xa8\xab\xb7\xa3\xab\xa1\xb2\x81\"\xc4$)\xef\xc4\xdcR\x85\xe0Ԣ\x92̴\xcc\xec\xc4\xe2\xca\xfc<\x05\xdfԢ\xecԪLC/\x03\x0f\x90\"f\x1eG\xb8\x13 \xda\x15\xbc\x0fo\xcbFhR\xf0Ȭ\xcaM-Q\bN<2?'\xb1\xf2\xc8\xc6\xe4#\x1b\x8b\x8flT\xd0U\b>\xbc\xa7\xe8\xf0\x9e\\\x05c\x039q^\x03s\x03\v#\x13CCcs\x03\xf3(q^C\x10\xd7\x10\xca\x1d\rN҂\xb3\x89Q\t9A2\xb22071\xf2\x83R%\x17S\x13##CW\xae\xf7\u007f\x81\x0e\xab\xc3\xdfꦼx\xa5\x90R\xb0N\xb1q\x9fU\xb5\xcd폲A\xf5\x91\xbf>+\xf9L]0a\x8f\x87\x9f\xe0\xea\xdf۷\xf6V5k\xf4\xa8\xb9\xdd\xf0\x9b\xeaО8\xff\xe8\xbc\xdc\xc6\xf6\xf0\x9c.\xeb-i\xaf\xce8\xfcy\xbc*g\xd3i\xc6\xdbF\xfb/\xbdn=\xbf\x907\xf4p\xb4Ex\xc1\x8e\xd2c\x95\x17E\f\xdeJGDg\xbf7\xfd\xb4P\xd1\xef蹚\x99\xf19;w(M\x0eX~֧ k_\x16k\xbd\xf0\x1cm\xb9W\xff\xdcϱ,\xcd_3Y\xafF{\xfe\xbcJ\xe1\x89/^\xcd;eQڗ\xb4a\xead\xad\xa7\xf7_\xc6M\xcfS\x88\x8fo\xa9r\xb1\x94t\x90\xd9\x15\xaa\xfd\xdb`S\xe3\xfb\x96\xc7w\xdḛ\xb0dn\xe5X\x19\xc2̪\xf9\xe1d\u007f\xf7+\xee\xb6TI\xc1\xcb/9\x95\xefeLf>i&\xa3\x98w\xae'\xed\xe3L\x83\x1b\xd77\x1f\x96\xfdѨ\xb7bo\x13wڿ\xa6\xd3\x0f\x1fH5\x1dvhdbfd`\\\xecd\xe0` \xcb\xc6\x1c*\xcb\xc7\"\xc6\"\xb2\xb7\xa3\xfdd\xff\xb7%\\ܫ^\x1f\xfd7Qy\xeej\xaf.#\x03>\x904?#\xe3\u007f\x16\x16f&F6\x03~\x10_\x18\xc4g5`fd\xfc\x8f\x96\xed\x99A\x81+[\xf3˳\xdf\xe4\xe5v\xb5Ib\xb3XK\x9e{_ȵ\xcc9\xac\xf6\xed\xdc\x0e\xc3=G\xee\xef\xd1\xfaa>Q\xe2\x0eˉ\x94\x99\xda\x12\xb9\ȓ'\xd7\xfd\x88\xb8`\xf7\xf6\xb0\xf2\xfcL\x9b6\v\x99y\xefo\xa9W\\l1/\xec\xb2\xf1\xb6<_\xe7\xcavM\xf7F\x97o\x85е\xb5\x87.\x9f\xbet\xc1\U00073699\xd7\xec\xa99<\xef\x9e^tVO;\xd8\xf1\xbdj\xb3BΫ\r\x99\xda\xc7\x15^\xf00\x1fqd\x9d\xf9\xc8\xfeI\xf6\x8f\x05m\x8d\xc7[\x8e\xc9_\xf5n\x14\xda$\xa6\xa8#\xbc\xb0aS\x1c\x8f\x97\xf0<\x85\x1bI\x0e\xab'\xbcJ\xf1\xd2_\xc3\xcb(T\xe9\xbaB\xbf]2\xe3ģ\xd6\xe3\x06\x9bJ\u007fZ\xd8o:0yK\xf6#f\x97s\xe9\v\xeew^[\xdbS\xb6X\xf8\xf0\x94D\xed\xec\x9b9\aٹ\x94\xd8[sZU\xdcV\xee\xb3\xef\xaehi\xaaS\xe1\x99\xfb\xb7\xd1\xfc\xb1ꊷf~SuNΙp\xeb\xcdJ'\x9b\xb5ۘ\x00\x01\x00\x00\xff\xff\x04\xba:\x16\x1b\x05\x00\x00")) - p.addCertFuncNotDup("0\x81\xbf1?0=\x06\x03U\x04\x03\f6TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı1\v0\t\x06\x03U\x04\x06\x13\x02TR1\x0f0\r\x06\x03U\x04\a\f\x06Ankara1^0\\\x06\x03U\x04\n\fUTÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007", ")Ő\xab%\xaf\x11\xe4a\xbf\xa3\xff\x88a\x91\xe6\x0e\xfe\x9c\x81", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xb15hbV]\xc0\xcc\xc4\xc8\xc4\xc4\xc8h\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x95\x95\xc1\xa0q\xbf\xa1\xbd\x81-\x1bs(\v3\x8fY\xc8\xe19A\xde!A\xa1\xc1!\n\xae9\xa9\xd9%E\xf9y\x99\xd9\n\xc1\xa9E%\x99i\x99ى\n\x1e\x99U\xb9\xa9%\n\xc1\x89G\xe6\xe7$V\x1e٘|dc\U00051346\xdc\x06\x9c \x03\u0604\x99B\x82\f\xf9\rxA\x1cv\x1e6Ǽ\xecĢD\xc38\x83\x18\x90\x00\x17O(\x92\xf1N\x999\xe9\x99\nG6䤖d\x1e\x9d\x9f\x99\xabP\x96\n\x12\x83\xb0\xdd\x0f\xef)K\xcd\xcb\xc9<2?\x13jeNjQ\xa6\x82\xa3\xde\xd1yz\n\x1aɚ\n\x8eE\x899G6f+\x18\x19\x18\x98\x1bȉ\xf3\x1a\x98\x1b\x1a\x19\x99\x1aZ\x18\x9b\x1bZF\x89\xf3\x1a\x82\xb8FP\xee0\xf0a\x13\xa3\x12r\xb41\xb22071\xf23\x1841r15122\xac\xden\xc7\xd5sbi\x84賮\xf7\xea\xb6^[^\xa8^>k|H\xe1\x8e\xe4\xbb\x0e{ߤ\x0fw\x85\xcb\xfb\x13Wjm\xbd\xf2i\xa7a\x84\xa6\xb5\xbe}֜\xfc\xe22\xd5w&\n\r\xef^m\xffp\x84\xeb\xacv۔\x93\x8f\x136\xba\x04m\x8a\xd2\xdc2qz\xf3\x8d\xed\xcbD\xf45=\x17}fe\xfb\xbd\xc5\xff\xd6\u009cYi\xf3?8s\x9ezU\xd4\xff\x9aẩ\xe5\xf50qwq\x83/\xfb\xf6\xdb\x1f\xcaXo\xe6pp嗕\xcb_\bdst}o\x93\xbb3KK\x94\xed\xdb\xe2\x0f_\x1e\x1c\x17\xb9\x12X\u007f~\xcb\xed\xdc\xf5\xee\xd3\xc4g\x97\x17\xdeX^8W\x85\xe7\xdb\x14\xfbVC!\xff]\xef\xfc\x9av\xec\xb4\xebW6\x8f;\xb3hU\xe9w\x89|\xce\xcb떇h\x98\xfc~\xf8\xc0:\xa1v\xc1\xbe\xcaζ\x13\xf3u\u007fry\x1f\tX\xf4\xfco\xa5\xd8\xf1*n\x89\xf3\xe7|\xde\xd7^cϟ\xf1q\xfdƃU\xd7\x1bMw\xac\x12\xdf\xf2\xe04\x133#\x03\xe3b'\x03\a\x03Y6\xe6PY>\x161\x16\x11ͣ\x13V\xab\xae\x17|\x92\xb8\u007f\xf1\xff\x8eĉ\xcf\xf8\xfe\xcdi4\xe0\x03I\xf332\xfegaafbd3\xe0\a\xf1\x85A|V\x03fF\xc6\xffh\x99\x83\x19\x14\xb8\x02\xbc\xb7~X\xbdѸ(2\xb5i\xa3\x90N`\x95\xa3\xaa\x99\xcf\xfc7\xf6\xf2-sSCbV\x8819\xfcʓ2oy_4\xb7\x8d+tn\x98ƚ4\x9d\vVa\x93M\xd8U\xd7rl\xe8?\xc1\xcf\x19yj\xee\f\x99\xa7!?v\xba\xd6gM\xcf\xef\xc8\xf0\xf5bS3\xef`\xe2\xdbv\xecZ\xd1\xccs\xd9巒\f\x97\x84ɯ\x8b\xef-\xbf\x15\xfb\xad\xe3\x8f\xd4\xcdy[\x1b?\x18\xedx\xdcqa\xce\xe7\xac\x05;g\x8bD\x9a\x9a\xf9\x9f\xff\xdc\x17\x17+\xbeVtꍻ\x9b\xae\x8a\xe61\xf8m\xf6>\x9f6\xe5Ƀ\xb3[Yo%\x87w?ݼ\xea\xf6\x01=\x99\t.\xb7\xa5b%\x96\xbc\xdb\xc7\x12=\xf3ja|hjJ\xd2\xd5E\xb3Y\"\xdbN$\x95?\xafirͲ\x15\xdf\xfffn)Ϻ\xc5\xf9Q\x97\xf5g\x98}\xf9\xf0Ur\xb5`\xec\x89e\x8f\xb5\"\xb2\x9c8\x0f\uf764\x96f\xc4\x1b\xcb\x11Z\xf2\xbfg\xc6\x05\xaee-Y\x17-k\x01\x01\x00\x00\xff\xff\x9b\x95\xf7\x1aA\x04\x00\x00")) - p.addCertFuncNotDup("0:1\v0\t\x06\x03U\x04\x06\x13\x02CN1\x110\x0f\x06\x03U\x04\n\x13\bUniTrust1\x180\x16\x06\x03U\x04\x03\x13\x0fUCA Global Root", "\xd9\xc3\xd3\xf8\x80\x92g\xcc]\xd2:\xa2\xd7q\xa2\xb4\xc48\x80-", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x9dd\xd0\xc4\\\xb5\x80\x99\x89\x91\x89\x89\x91À\x97\x8dS\xabͣ\xed;/##++\x83\x81\x95!\xb7\x01'\x1bs(\v\x9b0\x93\xb3\x9f\xa1\xa0\x01?\x88\xc3%\xcc\x11\x9a\x97\x19RTZ\\b(a \x06\x12b\x16\xe6\x0fuvTp\xcf\xc9OJ\xccQ\b\xca\xcf/1\x90\x13\xe75\xb000404\x00\x83(q^csC#c\x18\x97\"\xb3\x9b\x98\x94\x90\x9d\xca\xc8\xca\xc0\xdc\xc4\xc4\xcf`\xd0\xc4\xc4\xc5\xd4\xc4\xc4\xc8pk\xf3S\xb6\x00\xfbo\xc5ߏ\x18\xedw[\xaa\x9adܾ!\xe3\xdf\xf2\xfb\x1d\xccɵL\xd3\xfe\xben?\xf9\xee\x11\xc7\uee7bw?q\xec?n\xd0ɟ\xabr\x80%GdJ\xa3\xef\x02ޒ\xb4\xcf\x1fZ\xd7\xffH\x91\xbc\xb7\xf3e\xe3\xe4\v\x1a\xad3ݝ\xbctl,Խ\xce\xfc\xff\x99#y}\xeb\xe7\xf7\xb3\xd7E\x9b\xb0]\xef_$\xcc6\xa7\xab\xc5\xe9\xea\xe6\xc5\x132r\x1b'\xbc\xf3my\xe3S\xe0\xa7{O\xc5\xf2\x9c$\x83\xf3䊟\x1cm\xb2\xce\x17\xbf\x14\xeda=\x90\xfe\xeb@॓\xad\xec*\xeb,\xe5\xaa\xce:^2[\x9d\xf8J{\xf5\a\x85Й6\xb9\xba2zz\xa5\xd3n\x14M\u007f\xc0s*\xb3\xf8]\xa9\xb6(烾\xdcݷ\x84\xff\xbb\xadx\xc1\xc0\xb3\x86]_v箝\x17\x17|\x9f9\xaf$F\x925\xcd\xf0\xbc\x9dVп\xfc\xf9\x9fw\xee\xfdy\xb0\xf1\xab\xf9-=\x9fF\xd5\xd8o7\xa7̺lڭ\xa0a\x1e\x1f\xf8\xba6\xe9\xf8\xca\xc9\x17\u007f^09\xbdR]MGc\xc2$\xeb\xd0\xe4\xed\xe2|!ū\xd7\u05fc\xb1Z]`\xbcF\xf1\xb7\x92\xda\xe6\xb65\xca+\xaf\xd7\xe7\x9e\xe6P\xf8\xb4\xde\xe1\xeb\u007f\x17\xf7»\xeaw\x855\x16\xbe*\xb3\xfc)\xb0`\x81\xaf\xc3\x12\xf5M\x91\xa2\xda9\xba*\xdbU\x92+\xbe;KT\xf1\xfb\n>~\xb1\xa6ݩ\xf7yD\xe1\x92\xd5y\x8b\x0eL\xaf\xd9\xfdX\xd8\xfb\xd4\xed\xdd\xd9\x1c?3\xb7\xb0\x14]=춳\xfc\xd5\xff]\xbf_~\xb0\xe21\xfd\xd6Ͽ\x8e\xadE\xec\xee\x94\xd0+\xefO\xa9og\xb69*\xa3\xa6\xf5\xd5f\xc5ҩ\xb3\xdb>vu\xa6\xff8Γ\xb6\xf1\xad\xe3\xfe\xa6e\f\x19VJ&\xef\xe4^?\xcd\xef,\xf1\xcfZ\x95\xb5\"<=\xe8\x8aB\xe2\xc1s\xc1\xa7\xff\xaa\xd4ǫ\xdd_ȑ9m\xc1\xbc\u007f\x9eΏ.\xbf\xbau\xe4c\x87\xa1b\x9e\xccó\x9fK\xf9\x14\\\xc4\xce\xd4\x16\x97\x98\xba\xeaX7^Qx\xb3\x8d\xb3\xc7\xcec\x93'\x133#\x03\xe3\xe2\xc6E\x06\x8d\xf3\r\xb8٘Ce\xf9YX\x98\x99\x18\xd9\fx@\x1ca\x16V\x03fF\xc6\xff\x06\xc9 \x9e*K\x8cA\x14\x1b\x876\x1b#++;3#\x9c\xc5\x04g1\xc3Y,p\x16+\x9c\xc5\x06g\xb1\xc3Y\x1cp\x16\xa7\x81,\xc8\x12>\x161\x16\x91\x9b\x87/\xffh\x98\x94~&\xf6\x92բ녋\xb6\x1c\xb1h\xd0E\xcbq̠\xd4{\xa1\xa3\xf2\x14Ǫ\xef\xdc&\v\xfc8\x0f\xbd\xac3\xf5\xe8,hQ\xd6\x0f<\xac\xad\x1fw;8;\xba\x94C+d\x97\x11\xdf\xd5c\x85\xad\x1b\xa7{6|k\xb9\xf0a\xd7\xf6\xc2)'*\xb3\x97\x1duy\xe1\xb4h\xad\xaan\xb8\xfe\xb3k\x86\x9a\xbf$;C4\xeb\xb6\u05f9\x9be\xea\xe6\x19\xed\xb9Rz˩x\x87\xdf\xd3f\x87\xe2M\xb1\xf7\xaf\xb8\x14/K⾽*\x8f\xb5\xe7D\xbd\x9b\xbfe넹{\xa4C4\xd7,\xbd\xfe\xefiDXx\xae\xce̅\x9e\x8aW\x13\x8f\xf5$>,U9\xc8xWW\xda찾\xd0\x19\xeek\x15ݥ\r/\x1dwvl/\xf2{Q\xc2̲\xfc\xaf\xea\xcbw7/\xf1j|\xa3\xd9\xf8\xa5\xdc\xfb\xa1\x93P\xe8\x956-\xa1m\x1fBg3\xea\xdd\xfd\xb6\xe2\xb1\xe4\xe1s\xee\xfa\a*\x12%\xa2\x8e\xa7\xfe\x99\xeb\x16\x1d~\xa7\x86o\xf7\xb4f\x81\x9aP\tN\x96u\x17\xbfwk\xd9-x\x16p\xcd\xc0\xec\xfa\xf3n\x8b\xe07\x9e.\x0f\xce/\xb9\xff1\xb8\xba;j\xdb7\xc1\t\xde\xd7J?\xffc\xfa\xac\xb9\xfe\x83rQ\xad\xc8ە\xb1\xf7\xab\x1a\xe7͞\xa4\xf4G\xee\a\xa3\xab\xe3\xf4\xe3ٌ\x89\xfb\x8c3>-HmI\xdb\xf3@kI\xc6\xe5\xc27\xc79\xee->|\xd2\xcc\xcb\xe4\xa3\xf8\xa3\x86\xf5\n\x8a\x93\xa7\xc8=\x13\xbd\x1c\x92\xf4q\xab\x85\xfe\xe33;\xd3YV\xeez\xfa\xee\xa7@\xdei\xbd:\xe1\xf5\x93D\xfe}V/\xae\xb6\xf8S\x9c\xbbsgǷ\xbc\x1e\xee\xaf\u007f\xfes\xf2m֍\xab.}\xf9\xb0\xd2z\xfd泭:\x8f\x12\xdc\xce\xe4\xf7-x\xfd\xc1\xe4\xe8G'\x89\x84uBo\xddJe\x9e\xdeX9-j߽\xa8k\x15\xe9Ӣ'\x97\a|ʓ\xbe7-\xd0k\xd95o\xe7RŴ\xde\xf27L-e1.\x02\xdbd\x13s\x9e,V\xa8\xdd\u07bb\x8b\u007fb\xe9\xf1\xde\xfb{\x98\x12Vh\xae\xd8k\xeb\xcc\xc4\xcc\xc8\xc0\xb8\xb8q\x91A\xe3|\x03n6\xe6PY~\x16\x16f&F6\x03\x1e\x10G\x98\x85Հ\x99\x91\xf1\xbfA2\x88\xa7\xca\x12c\x10\xc5ơ\xcd\xc6\xc8\xca\xca\xce\xcc\bg1\xc1Y\xccp\x16\v\x9c\xc5\ng\xb1\xc1Y\xecp\x16\a\x9c\xc5i \v\xb2\x84\x8fE\x8cE\u4dbc\xe9\xe7l\x9f\xffN\x86)\xb3\xcf\ue392\x93\xf5\x10\xd8\xfe\x0e-\x8d1\x83b\xcf\"g{\xc7ǵ\xbf\"\xccK.\xbe(\xb87G=\xf2\xf4\x13\xd1\xeb\v\x0e'\\\xefh`9j\xe0c{E\xea5[\\\xa4\xfb\xb3=i\xa7\x1fp\xfcya\xfa&\xa9\xf6ԁ[\a+\xd6?u\xcb\xff\xdd٤\xdc\xff\xedzpZ\xe8\x82{\xaaBօfb\xa1Be\xbfm\u007f\x84D\x1b\xeeb`\xfbQ\x1b\xfatyY\xf3\xaa\x18\xaf\xe9˴4\xee\xef=\x96í<\xb5ϸ^.\xceA^8Dg\xceӭ|w\xc55\xd6e3^\x0e\xd2\xfc\xaa$?\xc1\xf2˝\xa4\x8c\x0f6m\xeeov\xb0\xba\xee\xde\xce3mʱ\xf4\xd3ʅ\x17\xfaJ\x94\xae9\xbef^\xb1\xedվ#\x8cB[7\xc7:\x94\xb1)\\I١\xe9\xc6\xd6uN~\xf2,\x81w\xbfWEm\xb9\xa3\u007fU\xfb\xf4\xb7\xeb\xac-3X'r\xb7|\xb7\xfdu\xedg\xd5/\x1d\xd1WfM\xce۷\xefx\xfc\xb9\x90\xf1\xad\xb3\xf3\"V\xd7\xc3\x1a\xac즏\x19\x97Z\xc85\\\xb9~\xf8\xe6=@\x00\x00\x00\xff\xff\xd5#\b|\x88\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\x881\v0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\b\x13\nNew Jersey1\x140\x12\x06\x03U\x04\a\x13\vJersey City1\x1e0\x1c\x06\x03U\x04\n\x13\x15The USERTRUST Network1.0,\x06\x03U\x04\x03\x13%USERTrust ECC Certification Authority", ":\xe1\t\x86\xd4\xcf\x19\u0096vtIv\xdc\xe05\xc6cc\x9a", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xea7hb\x12]\xc0\xcc\xc4\xc8\xc4$\x10\xd3=\xf3hԔ\xa3\x97\n\xc3\xee\x9d\xedl8\xa3f\xc0\xc5ơ\xd5\xe6qΖ\x85\x99٠\xb1Ðۀ\x93\x8d9\x94\x85M\x98)4\xd8P\xd8@\x10\xc4\xe1\x10\xe6\xf2K-W\xf0J-*N\xad4\x141\x10\x02\t\xb2\vsC\x04\x14\x9c3K*\r\xe5\fd@\xa2\\¢!\x19\xa9\n\xa1\xc1\xaeA!A\xa1\xc1!\n~\xa9%\xe5\xf9Eنz\x06: yfaU\xb0\\Qiq\x89\x82\xab\xb3\xb3\x82sjQIfZfrbIf~\x9e\x82ciIF~QfI\xa5\x81\x9c8\xaf\xa1\x81\x81\x91\x81\xa1\x01\x18D\x89\xf3\x1a[\x18\x18\x1aZ\x18\x19\x9bZ\x9aZF\r&\xa7\x96\x19\b\xb0\xb1\x83Ð\x89\x91\x8dU\xbb\x91\x85A\x899\x89\x81EjMH\xd4ʟ\x19\xcaϫ\xae\xaa\xe4\a\x1f\x8b\xba\xe1\xbd\xfa\xd8\xd5m\x17\x9f\x15\x17\xae\xbb;\xe7\x1aO\xe2\xdf\xdb\v:\x99w\xb0\x8a\xbc\t?\xf7.\xd6\xfe\x91\xe2\xe6s߯tU>X\xdc\\\xa7;\xfdB\u244f3\xef\xa8NL^]o\xb0xK\xc1\xa3\xe3\v\x8d\xe7|ޯ\x17\x13\xbc1~s\xadQ}\x97\xc9\xe3\xca\xca\xc5N\x06\x0e\x06\xb2l̡\xb2|,b,\"V\x0f9ۮ\x9c\x97<4\xad\xacij\xec\xce\x03\xd3c\xc9ɳ\f\xf8@\xd2\xfc\x8c\x8c\xffYX\x98\x99\x18\xd9\f\xf8A|a\x10\x9fՀ\x99\x91\xf1?r\xec3g0\x18\xa42\x19\x98\xa5/\x14\xe3\xb8\xf3d:\x83\xa3\xac߾\x87Ɍ\xe7\xadW9\t\xa6,\x98;ŒI\xb02\xa6Z\xf6W\xca\xcewbN\x9b\xf7w\x1d\xe2<\xf2\xe6\xc9F_&C\x86\x97Z\x89\xee=A^\xde~\x12\x05߮\xb9\\\xcb\xfbڼ+7b\xaf\xca\xcd0\x8fW\xef\x8f,rk\xecȲr\xbb\xb8r\xb6\xef\xc9\xc4[\x17có$\x00\x01\x00\x00\xff\xff\r?j{\x93\x02\x00\x00")) - p.addCertFuncNotDup("0\x81\x881\v0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\b\x13\nNew Jersey1\x140\x12\x06\x03U\x04\a\x13\vJersey City1\x1e0\x1c\x06\x03U\x04\n\x13\x15The USERTRUST Network1.0,\x06\x03U\x04\x03\x13%USERTrust RSA Certification Authority", "Sy\xbfZ\xaa+J\xcfT\x80\xe1؛\xc0\x9d\xf2\xb2\x03f\xcb", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xbdg\xd0\xc4|l\x013\x13#\x13\x93\x00\xe3\xdf\\\x83?\x8bO\x05\xae\x90ޓ\xc2gʬk\xc0\xcbƩ\xd5\xe6\xd1\xf6\x9d\x97\x91\x91\x87\x95\xc1\xa0\xb1Ðۀ\x93\x8d9\x94\x85M\x98)4\xd8P\xd8@\x10\xc4\xe1\x10\xe6\xf2K-W\xf0J-*N\xad4\x141\x10\x02\t\xb2\vsC\x04\x14\x9c3K*\r\xe5\fd@\xa2\\¢!\x19\xa9\n\xa1\xc1\xaeA!A\xa1\xc1!\n~\xa9%\xe5\xf9Eنz\x06: yfaU\xb0\\Qiq\x89BP\xb0\xa3\x82sjQIfZfrbIf~\x9e\x82ciIF~QfI\xa5\x81\x9c8\xaf\xa1\x81\x81\x91\x81\xa1\x01\x18D\x89\xf3\x1a[\x18\x18\x1aZ\x18\x19\x9bZ\x9aZF\r&\xa761)!\a$#+\x03s\x13\x13?\x83A\x13\x13\x17S\x13\x13#C\x83P\xaa\xb8\x19\xdf\xe1\xdb\x1c\x9b/\xac\t\xe7-{{V\xfd\xb2\xcfڀ\xe6\xc4G\xab\x14|9uS8\xef\x9c\xeb\x9c\u007f\xc6v\xe5\x9bo\xe7\x0f\xde\xf9xy\xe3\xb5js\rAm\xf7[\x96\xc7\xf6XIn\x89_\xb6\xb7v\xee\xe2d\xa7me\x9fVZkO\xfc\xf1(\xff\xc2\x1b1\x85\t\x9cv\x8f^\x94\x9c\x94\xd82\xf1JR\xca\xed\xfa\xc5l\x1f;$\xb2&(\xd9\xec\xf9'\xfc\xa1]\xa4\xfa\xdb\x13\xf9\xbe+O\x02\x8f\t\xa6\xbbq\x04\x9en\x13\t\xb1\xdfc\xfc\xaf.g\xce\u007f\xb1\xb9\x12{\x03\xfbL\x97-O;Q\x94~[1m\xe3\x95\xd9\x15\xcc\a\x02\xac^\x9c\xf9pg\xcf<\x9f\u007f\xebY\xa7\x99ʇGm\xff\u007f\xee\xa7\xedv\x9dm\xdfB\xee\x9ex.d\xe5\xbbΧk{̬-\xdb\x15lO\xd5+\x99\xac\xab\xb3\xceHcty\xce\xe8\xe7\x16<\xdb8\xe1\xfb\x94}\xc1\xe6\x13\x8a\x9d?\x1b\x1d\x0e~\u007f{տ\x12\xbf\xcc\xe3\xd9=\t\x93\xef\x1d9\xces\xff\xa1Ѻ3\x93\xad\x03+\xa6\xa6w\xbf\xb3\r\xfb\xc7s!\x93_\x9a\xff\xb3\xaaZ\xb6q\xee\xf7<\xf7_\xc5\xceO\xeb\xf8\x96\xa6mԬ1jI\x0e\xed<\xc2{pr\x88\x81\xa4\xf0\x9a˵\xe6\xcb_\xc7Z\xe5\x98\xc6\xdcv\xbc.tk\xa5'\xf7\xfd\x1b\r]\x9c\x93\x93\xfa\xb6\xa6\x9dW\xed8۲c\xa3\xfd\x12K\xfe\x9bL\xf3^\v\xf9L\xad\xf9\x9cͺ2N\xac\xf9̎\xf4G/\x84瞉n\xba\xec\xb3\xf9m\xf4\xff{O\x8b\xd7([\xeb2\xec7\r-\xe1\xf4\xbc\xe1\x19!U?\xc9\xecY\xe0$\xbe\xcfj\xb52\xbe\xe2{N\xbeqV\xbb\xb0\xdf1\xdea\xa5\x8b˗\x99\xcf\xc3\xdb\xe7\x05ȇ\x87\xac\xb0\xfb[\x92\xac\xbf1 \x95\xf3Y\x84\x93\x9e\xb3\x94ϖ\x0f\xaa\ue47fX\xe4&_Qs\xf3\nh\xdcto_\xc5\xf6?\xe9\xa2\x0fO\x86\xb7\xc8\xf1'_{\x99\xb4\xebZ|\xa8ޫ\x98c\x1a\x1c,\xaa\x96;\xf8\xb4W~\xf2\x99.\xc3n\xcf\x1b\xf4\xf5\xed{\xfd&~&fF\x06\xc6\xc5N\x06\x0e\x06\xb2l̡\xb2|,b,\"\xc1\x95\xfb\xa3Vi{\x9d\x0fixxc\xf6\x81\xb9\x9f61\xa7\x9d6\xe0\x03I\xf332\xfegaafbd3\xe0\a\xf1\x85A|V\x03fF\xc6\xffhٕ\x19\x94\xb8b\xae\xd4\xf0\x9e\xff\xceX\xeb83\x95\xa7\xf8h\xd0\xfc\xd3?\xce\xcfd\xab\x97\xbe\xe5,:\u007f\x1eSh\xf84\x91\x8fA6\xea\xedS4\xde\xca[1\x9a/*\xfb\x13\x1cp\xa0e\xf6\xb1l\xbf]=\x8a\xfe\x8b\xfaB\x93&~\xce\x14\xbd\xb1\xa7\xe3\xf1\x91U\xdc\u007f߯x\xe9\x1d\xaaŦ\x90\x1bZ\xa1)\xf9.\xde \xc6[E0\xf4\xbfʬ\xbc8-\xedwܾ\xf3\xeb\xbf3ZL\x11\x99\xea\xcc\xce\xf9;a\xe5;\x99\xd5B=\vf\xc5-\x9f\x91\x15\x99\xdbm\xcf\xf1\xfb\xc4E\xd7\xf5\x12\xa2)\x13\x84\xf8\x8b5\xf4\x8e>R\xf1\xfb\x13\xf1\xe6\xc3\x17\xd7\u007fJ\x9b_\xeb\xf7]\xba\xe9\x9a\xc8zpz\xfe\x8a\xb2\xa2\xfe\xee\x1e\xb3\xf5\xfbyY\xcf\x15\xf6>[\x96/\x9f\xb3\xac0\xe9\xe8\x8d\v\xcdE<\x1f\xd3\x05;y\xe6\b\xfb\x14\x99\xdc\xdfs\xb5\xf0\xfe\xaa»\x0fw\xe6\xf4\xd8\bŦ\xde\xda\x1b.\xb4\xcd9\xfb\xff\xd3{\xbei\x82\x81\xe7g\xae{#\xbe\xedE\xe1Ğ{\x9e\xff\xee\x9a\x16.\x12U\x9f\"s>\xf1\xb1\xda\xee\xfc\xc5骊\xb1\xcf\xee\xcar\xebeH[7\xad\u007fӜ\xdezeF`\xc9Ɲ3\x1b:\xff\xd7WH\xc6Tz%\xe8MrX\xe7c\xae\xa5s\xf2x\xd2\t\xbe\xd8\xeffѧ\x1e\xa8\xaa2n\xb9+\xc5>\xa7\x9c\xc1\xfe\u009d\xabol\xaf\xfc\xdam\u007f\xa6\xf5Z~\xfdJ\xdd\xfb;\x99\xbe\u007f\x9d>k\xab\xe9\xad\xc3\xe9\x1bڽVj\xccS\xee\xfb\x1f\xa3\x9e\xfdp\x83\xffg\xf6w\fzW\"\xdbO\a9N}\xf5\xc5\xfd\xfa\xbb\x14\xc7К\xdeH\xa6\xa9w\x93\xe6\x1e\xda\xf9.J\xa3\xa4e\xe9\xec\xed\x13\x8e\xf3\xb0\xdf\xff\xdaiVbtM\xe3\xe0\x86\r\xdc\x0f\xe6\xf8\x1c\x96\xb9\xf6\xe7q\xe6Vw\xb7F\xfdEM\xab/'\xbb\x14\x1c\xe9\xfd\xafk\xbckm\u007f\xf5ւ\x8euv\x92\xe7\x1d4n\xfc91aw\xecL\xa5\xafA\xcf\"\x8e\xcaw\x18:\xbf됽~\xac\xcf\xc69Kv\xb9ĽZ[\xb1\x8fI?OMX\xf1\x17\x10\x00\x00\xff\xff\xfd\x00\xc7@\xe2\x05\x00\x00")) - p.addCertFuncNotDup("0\x81\x931\v0\t\x06\x03U\x04\x06\x13\x02US1\v0\t\x06\x03U\x04\b\x13\x02UT1\x170\x15\x06\x03U\x04\a\x13\x0eSalt Lake City1\x1e0\x1c\x06\x03U\x04\n\x13\x15The USERTRUST Network1!0\x1f\x06\x03U\x04\v\x13\x18http://www.usertrust.com1\x1b0\x19\x06\x03U\x04\x03\x13\x12UTN - DATACorp SGC", "S2ѳ\xcf\u007f\xfa\xe0\xf1\xa0]\x85N\x92ҞE\x1d\xb4O", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x893hbv[\xc0\xcc\xc4\xc8\xc4$ಏ\xa7;\x80Aq\x8b\xe0e\xad\f\xb6\x95k3\rx\xd98\xb5\xda<ھ\xf322\xb2\xb22\x184N6\xe46\xe0dc\x0eea\x13f\n\r\x86q8\x84\x99BC\f\xc5\rDA\x1cva\xbe\xe0Ĝ\x12\x05\x9f\xc4\xecT\x05\xe7̒JC9\x03\x19\x90\x04\x97\xb0hHF\xaaBh\xb0kPHPhp\x88\x82_jIy~Q\xb6\xa1\xa2\x81\xcbN~\x91\x88\xcc8P\xf0)\x98\xe1@\\@\xd3Ұ|\xb3\x9f^\x0f\\\xda\x16\xf8\xfa]s\xcf\xf3\xf4:\x9d~}\xd9\x11֝}r_\xfe\xfc?\xfb\xdc\xec\xc1\x1c֜M\xc6J\xa2\x17\xb6<8#~`Ӂ/\xff\x8c\xec5\xb5\xa6V\xdf\xf8\xb4\u070f?\xa4f!o\xc3fN\xe6\x83\xffc\xee\xc6Ͳ۳n\x8f{Wֺ\xc2S\xf2\x1b\xb5v\xc4;\xb1r\xbfq3\xb8X\xc4}\xeaeX\xee\xd7\xf7\xf7+\xf6%\xeeڴt\x1d\x8bϞ\x15k2E\xa7\xef}\xffzK\xcf~\xd3\x1fW\x0e_\xd4\xe0\x8b\xb1\x9a_ a\xacP~d\xd1z&fF\x06\xc6ō\xab\r\x1aW\x18p\xb31\x87\xca\xf2\xb3\xb0031\x1e3\xe0\aq\x84\x19\x19\xff\xb3\xb0\x1a032\xfe7\x90\x05\t\U00031231\x88\x04\x1b]\xdc|\xbe\xfe׃\x8f\vb[\xfd&]\x9a\xe7*\xbb\xc5\xdf\xc0\x16$-\xcfbf`b`\xb4\xc0`\x81^\x9b\x0e4\u0092\x8brP#L?4\xc4O\x17\x16I\xc1\xee\xcez\xc9E9\x06Z \xed\xaa,\xca\x06\x8al\x1c\xdal\x8c\xac\xac\xečl\\\xdal\x8c,\x8cM\xe6\\\xcc\xccl\x9c\tm\x1e\x8cm?\x9cX\x18Ѳ\v3(\x1a\xd5M\xa73tuk\xec=fl \xa7\xf9\xe7\xd1\xf7\xab3\xae8\xecN8\xb5\u007f\xb5\xb8\x0e\xa7Y}\xc0/\xc7;\xeb\xa6Yq)\xdbuF\x9e\\\xcc\xfeV\xda|ퟚ}\x81\x9eQ\xf7\xac\xb8B8\xc4\\\x0f\xcd\xdc\xd8~\xb6'\xe3A&\xf3\xcb#~36Y\xf7\x88m\xe6[\xc03#`\xf6\xe4\x95\x05\x9c't\x16\xf7\xdfgz\xf2\xa0\xd0\xea\xe3\x16\xe5\xa2\x05\xab\x18\xefߟa'\x12\xb0\xc0Pm\xaf\xc6\xcb(\x03\xb5ҟ\xd5\t2\xbd\x9f\xcf\x06\xa8岨Ϻ\u007f\x95\xd7\xd5]3[\xe7Y\xd9͕\x9a\xb5FwO\x9a\xd9\xec]g\xfaQp\x9e\xec\xee\t\xf6B\xee~}\xd7\xeb\xf8\x93\x8ae\x83\xd4,d$<\xff\x1a\x94\xcc:\xf2TI\xffƁ\u07b7\x13\xab|\x18\xfa\x8b\xeacoݕ\xeev\xcd~~7s\xfa\x8a\xa3a>\xfc<\xdf\xe6WM4\xff6\xbd\xe9\xc1\xdd\xc2\xcc\xffe\xf6\t\xbe6\xe7\xbf\xcf\xfcy,\xfc\xcb\xc9Pˊ]:\x95'\x97uh\u007f\xe1\x00\x04\x00\x00\xff\xff\xe4v\xdd\xcab\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\xae1\v0\t\x06\x03U\x04\x06\x13\x02US1\v0\t\x06\x03U\x04\b\x13\x02UT1\x170\x15\x06\x03U\x04\a\x13\x0eSalt Lake City1\x1e0\x1c\x06\x03U\x04\n\x13\x15The USERTRUST Network1!0\x1f\x06\x03U\x04\v\x13\x18http://www.usertrust.com1604\x06\x03U\x04\x03\x13-UTN-USERFirst-Client Authentication and Email", "\x89\x82g}ĝ&p\x00K\xb4PH|\xde=\xae\x04n}", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbYd\xd0\xc4ܵ\x80\x99\x89\x91\x89I\xc0e\x1fOw\x00\x83\xca\x16\xc1\xcbf\xaa\xaa\xe9';\rx\xd98\xb5\xda<ھ\xf322\xb2\xb22\x184\xae3\xe46\xe0dc\x0eea\x13f\n\r\x86q8\x84\x99BC\f\xc5\rDA\x1cva\xbe\xe0Ĝ\x12\x05\x9f\xc4\xecT\x05\xe7̒JC9\x03\x19\x90\x04\x97\xb0hHF\xaaBh\xb0kPHPhp\x88\x82_jIy~Q\xb6\xa1\xa2\x81\x9b\x89\xff9\xccz\xf9\x14\xb3W\b \x00\x00\xff\xff\x86\x1d \x88\xa6\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\x971\v0\t\x06\x03U\x04\x06\x13\x02US1\v0\t\x06\x03U\x04\b\x13\x02UT1\x170\x15\x06\x03U\x04\a\x13\x0eSalt Lake City1\x1e0\x1c\x06\x03U\x04\n\x13\x15The USERTRUST Network1!0\x1f\x06\x03U\x04\v\x13\x18http://www.usertrust.com1\x1f0\x1d\x06\x03U\x04\x03\x13\x16UTN-USERFirst-Hardware", "\xa1r_&\x1b(\x98C\x95]\a7Յ\x96\x9dK\xd2\xc3E", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb)1hb\x8eY\xc0\xcc\xc4\xc8\xc4$ಏ\xa7;\x80Ae\x8b\xe0e3\xad\u007f\xa9\\\u007f\rx\xd98\xb5\xda<ھ\xf322\xb2\xb22\x184N7\xe46\xe0dc\x0eea\x13f\n\r\x86q8\x84\x99BC\f\xc5\rDA\x1cva\xbe\xe0Ĝ\x12\x05\x9f\xc4\xecT\x05\xe7̒JC9\x03\x19\x90\x04\x97\xb0hHF\xaaBh\xb0kPHPhp\x88\x82_jIy~Q\xb6\xa1\xa2\x81_\xfb\rog\xc8̝\x163ž?P\xac\xf48\xb4;\xb1Dh\x9a\xacMV\xd1U\x1b\x81t+˷\xda\xc2g\xd3^O\xe54^\x923}\xe3\x8bco\x0e\x96V\xceq\x8b\xeb]}!\xeb\xefN\xadPq\x81\x90͒\x1ff}\xfb\xb81v\xdb\xf2\xdc\xdf\x0f\nų\x17u\xfcf\xb8\xffOʰ\x9cg\x16c\xd5F\xa3\xc7ڌ\xec\x16y\x87\x97\xc6)\xefq\x9d]\x1dp\xf0\xa4A\xff\xed\xa7\xdaU\x97\xa3\u007f\x1b;\xc8-\xb8:C|Ow\xfb\xe1\xce˱\v\xfa6\xadZ\xf5\xad/\xb3\x83\xed\xe8\xafN\xc5\xcf\x1cs3\xf58\x8dgk\xf2\xba\xf1\xf7\x9c\xf14ِ\x19\xb8\xf7'\xdbٌ\xb5i>{\xec\xd6$\xee\xe5\xea\xe0;q\xdf\xf6]\r\x8b\xcf\\\xae\xb8\xec\x89\xd7\xde\x1d\u007f\xabѻڷ\xbd\xb3\xf8Bޒ\vrb\xdd\"\x0f\xcb\\\x98\xeb\x93\xd7<9\xeb9\xe7\xe8\xa4/\xab\x8d\x16zD31320.n\xdciѝ\x9b\x8d9T\x96\x9f\x85\x85\x99\x89\xf1\x98\x01?\x88#\xcc\xc8\xf8\x9f\x85Հ\x99\x91\xf1?8\xa0e\xf9X\xc4XD\x16\x16ūIk\xccp\x9e\x1a\xcbn~\xb5u\xda\\\xefK\x87]\r\\@\xd2\xf2,\xb6\x06\xd6\x06\x96\v\xcc\x17\x98\xb6\x19C#-\xb9(\a5\xd2\xf4\xb1G\x95^rQ\x8e\x81!\xc8\x14U\x16-\x03\r6\x0em6FVVvfF8\x8b\x15\xceb\x83\xb3\xd8\xd12\x113(R\xdd%\xf9\xef\x95\x1c\x9b9}\xfd\x9f\xb5\x1aq\xa5}\xafu\xd3\xdf\xf9Uk_\xe7\xf9\xff\xed\xde\xe9\xd0E\\\x0f}BR''d\xcf\x17\x9a\xb36\xaeY\xe7uԺ\x03Ot\xbf0$\xcb\xee8\x90\xf3\xe9\xbc\xe7n\xdf\xc9\xf9l˸\x946y&q\xf8\xfd?qBdS\x87X\xecs\xc6'BS\x9f\xba\x9al\xee\xce\xdc{~Kk\u007fi\xe0\xbcZ+\v+\x11\x0f\xa1c\xbf\x97[K\xf5\xf269\xb0\xbf`ᘰ\xb0\xf3\xb4d\xc0\xfdS2\x8c{dY$\xab\x05ʦ[\xbf\x9b0\xe1\xd4\x11>y\xb1\xbc\xd2\xf7\xc6?.\xe7G\xcbM{\xfc\xa0\xa4\xbc\xa4\xbakQ\x9e\xeeݲk\x96\x06M\x1fV\xcf\t\xfa\xa4u|\xbdg\\\xdd\xf1\x8c\xa7M\x8d'\xb2\xd4\u007f\xaawh]\x8d\b\x98*\xff\xc1Z&|w\xad\x88e\x92\xf6\xac\x93S&i-V\xe2\xf9ߩV\x1b\xaf\xac\xed~]Tveּ@^\xad\xc0y\x8d?\xafX\xc7\x15\b\xd5\v\x18͑\xdb=\xf7G\xda\n@\x00\x00\x00\xff\xff\xd2\xecx\x89x\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\x951\v0\t\x06\x03U\x04\x06\x13\x02US1\v0\t\x06\x03U\x04\b\x13\x02UT1\x170\x15\x06\x03U\x04\a\x13\x0eSalt Lake City1\x1e0\x1c\x06\x03U\x04\n\x13\x15The USERTRUST Network1!0\x1f\x06\x03U\x04\v\x13\x18http://www.usertrust.com1\x1d0\x1b\x06\x03U\x04\x03\x13\x14UTN-USERFirst-Object", "\xda\xeddt\x14\x9c\x14<\xabݙ\xa9\xbd[(M\x8b<\xc9\xd8", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hbI3hb\xf6[\xc0\xcc\xc4\xc8\xc4$ಏ\xa7;\x80Ae\x8b\xe0e3\xdd\a\x9b\xe3\xa5\rx\xd98\xb5\xda<ھ\xf322\xb2\xb22\x184N5\xe46\xe0dc\x0eea\x13f\n\r\x86q8\x84\x99BC\f\xc5\rDA\x1cva\xbe\xe0Ĝ\x12\x05\x9f\xc4\xecT\x05\xe7̒JC9\x03\x19\x90\x04\x97\xb0hHF\xaaBh\xb0kPHPhp\x88\x82_jIy~Q\xb6\xa1\xa2\x81\xf9\xf0\xfe\xbeX\xff\xa6\xa0\xc9\xd7\x17^\xe9\\Ȯ\xb7\xff!\xa3\x90\x93\x9c\xd4\xc3\x1bSMn\xa7Tj\xfcߥ'x\xe8\xe9\x8b\xe8I\x1e\xbfݹ\x0f\xe5\xdcZk\xd4\xec\xf8y\xe9Sǂ\xbf\xa9\x13r\u007f\xfd\n<\xf2s\xef4mI\x16\x9d˹\xcb\xef|\xa8\xcfoN}\x94\xb5\xba\xbd\xad\x94\x89\x99\x91\x81qq\xe3z\x83\xc65\x06\xdcl̡\xb2\xfc,,\xccL\x8c\xc7\f\xf8A\x1caF\xc6\xff,\xac\x06̌\x8c\xff\rdA\x02|,b,\"\xb7ަ\x94\x88\xcc\x11\xb1Y}w\xe6ʽ\xd1\x1a\xbe\xdd6'o\x188\x81\xa4\xe5Y\xac\r,\r\xcc\x17\x98.0n3\x84FYrQ\x0ej\x94\xe9c\x8b(\xbd\xe4\xa2\x1c\x03M\x90\x19\xaa,J\x06\nl\x1c\xdal\x8c\xac\xac\xec\xcc\xccp\x16\a\x1b\x976\x1b#\vc\x939\x173\vZ\xb6a\x06E%\x87|\xd0Fs\x97\x8a\xdb\u007f\xcf\xed\xbc5uڌU\xa1)\r[\xa3\x1c\xee*.=z\xf0s\xbc\x8e\xcf\t\xf7\xa8\xccW/>\x98\x9a~\xb9\xa0\xfa\xf9IJ%\xed^{\xa57\x16s\xec\xbdr\xf8\xd46\xd3ݑm\xe5\x86g\x977\x88\xac\x13~\xffg\xa3\xc7\xcflUU\xdd\xc0m:\xb9\xae\ag\x9c\xe8\n\x8b\xb5{\xe7\xecg\x97\xad\xdew\xc1ʻ\x95;\xfe\xf2۬奧/F\xb5\xeb[\x96\nG\x15m`j\x9c\xbf\xef\x03\u007fK\x88BRN敇\xbe\xc7xg:3\xf2\nM멘\xbb?`\xd1F\x97UY\xe7ū\xce\xe7\xf3_\xf9\xa1\x12\x1a\xff\xc1D\xcc3\xcd.\xc0\xeddr\xa1\x85aҎ\xa4\x9d\x9f\x83\xd7\xe6l\xd5^$\xb4Jҟ\xf3V\xdc\xf3\xc9\xc7\xfaD8\xfe}0h\x90X\xd0\xd6\xea{\xa2\xf6z7\U000fff2b\xdf犭\x99\xa4\xb3@\xf9霉A\xf2S\xee\x8bO)>\xbc\xf9\xe0\xc1BV\x05\x86\x8a\xbd\xc2A\xb2+\xec\xce2ȟ\x00\x04\x00\x00\xff\xfff\x95\bNj\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\xca1\v0\t\x06\x03U\x04\x06\x13\x02US1\x170\x15\x06\x03U\x04\n\x13\x0eVeriSign, Inc.1\x1f0\x1d\x06\x03U\x04\v\x13\x16VeriSign Trust Network1:08\x06\x03U\x04\v\x131(c) 1999 VeriSign, Inc. - For authorized use only1E0C\x06\x03U\x04\x03\x13\xb3T̹g{'GX\xecf\xd5]\x95\xc0\xb4\x03\xc7\xd5\"yװq\x1c\x9ar\xd1X\xfeC\xb3\xa9|\x9e\xf4\x89{\xab\xf2D\xfdB\xd4\xdf\x1fɕz\xc3\xfd\x98\xef\x83\xcb\xd2\xf0\xe3\x0e\x11r\x8b\xdd\xe5\v\xdf$|˝rB\xc2\xf2\xed?'\x89\xb0\xfbO|<\x05*\xfc\x18\xcbL\x93\x85\xcc\xee\xa6\xedad1[\x1c\x9aqu\x91\x19\xe7\x9aՊj!lk\xedO\x89\xfa\xf0\xaa\xa5>ri\x90;>\xff\xf1\xdd\x17\\\xb7\xde,Uh\xc8\xccX\xe8_\xf70\xfb<\xbb\xe3\xaf\xe6\xbe=\x16w7\xe8\tn\xcc\xde\xe4tf֞\x9f\x1eJ\x95^\x92\xfc\x9bd\xec\x14Jnf\x1d\xde\xf7I\xa3B8\xac\xd2?7\xe0\x95\xf4\x86\xad\xe1\x1b\xcd\xd3\"\x94?\xdf\xe1\xbf\xcf\xd5~\xe4}\x1b\xebU\v\x91\x84\x99\x8b\xbd\xef\xb1M+\xd4\xf9t{\x9b\xfc\x92\xf7\xf6\xef\x00\x01\x00\x00\xff\xff\x82Q\xffB\x1e\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\xca1\v0\t\x06\x03U\x04\x06\x13\x02US1\x170\x15\x06\x03U\x04\n\x13\x0eVeriSign, Inc.1\x1f0\x1d\x06\x03U\x04\v\x13\x16VeriSign Trust Network1:08\x06\x03U\x04\v\x131(c) 1999 VeriSign, Inc. - For authorized use only1E0C\x06\x03U\x04\x03\x13cR\xd7\x049\x8eưMk3\x17\a]8-sD\xd9V~\xe6?\x9f\x17b\xc9}\xc78\xfa\xbe\x19~\xbb\xf4\xebi\xd9ݭ2\x93\x16{\x9e=\xcbx6\xe3\xec\xca\xcc]\x8b_\xcb\xf2\xceY\xa2\xb0\xec\xe0\x82\xa3\x17\xdd|\xc4s/\xadI\xb3\x9f\xd6\xf3\xa0\xe5\x8a\xd9\u007f\xa5ȣ?\x05\x13Vij\xd4~\x92\xfa\xa6\xea\x94\xc8\u007f\xc4k\x87]'\x133#\x03#Zrg\x06\x05\x8c\x89\x9a\xa8́^_gOٽ/\x15']O\x9b\xb3\xfd\xde\xd1\x1d\x17\x9e\xc4Ɨ)\x1dP\xfb\xd9be\xf5\xb3g\xeb\xef7\t\x1f_\x9cc\xd9p\xe2\xeer\xe6~\x83\xcf3\xee/y\xb6\xc4\xf0\xfee\x19n\xb7;E\n\xf6\xebޱ\xda,1\xb6\xe7\xb6\\SPQ\xec=S\xfb\xbe\xc1\xa1\x90\r+\xacC\x17\xfe\x13\xd38봷$\xafᶺ\xcb\xf2s.\xb1W\xa4'\xcc\xe0\x95s\x9a\xb2\x91A\x87\xe5B\xc9b&V\xa5\xe4\xe4\xb3\xcd[\u007f\x1f\xccM\xca\xce,\xfd\x1b[\xe0\xb8\xf3\xeb\xfe\x9a\xfb\xfb\x0e\x1a\x15+)vG4V\x8bN\xac\xda\xf58\xc5cC\xfdo3\xd5[S/|T\x11\x11\xbf+ѐ\xed\xa6l\x19\xf2\xb5/\x89\x93Evʄe\xb3\x9f\xa9>rr]\xb5c\xc2\xda}\x1c\xfd+\xb9\x9d$\xa6\x9c/\xb2|\xb8\xd1\xf9\x81\xc6\xf9\xedϣr\x84\xb3=7\xff\u007f,Q\xd3\xd9m\x1c\xbb\xc6\xf8\xfa\U0009fdecBOF\b\xfc\\\xf5>j\xdbyo\xef\xfbZ\x80\x00\x00\x00\xff\xff\xa1\xfe\x80M\x1d\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\xca1\v0\t\x06\x03U\x04\x06\x13\x02US1\x170\x15\x06\x03U\x04\n\x13\x0eVeriSign, Inc.1\x1f0\x1d\x06\x03U\x04\v\x13\x16VeriSign Trust Network1:08\x06\x03U\x04\v\x131(c) 1999 VeriSign, Inc. - For authorized use only1E0C\x06\x03U\x04\x03\x13{\x11\x1c#\xf3j\xee\x87$1\xee\xe5'\xe3y>\xdc;Tvn\xfd\xf7\xacO\xbf\x1c\x97-2\x169\xf9\xb4*\xf9\xf2\xbc$\U000ebb69\xf3\xf8\x9e\x05\xab\x94H\xc7\xc9\n\x05G\x1f\xd7y\xde\xeci-\xba\xae+cg\xf8t&fF\x06F\xb4\xe4\xce\f\n\x18A\x91i\aWO\xe2\xf8n\xaf\u007frӿ'Q\xf3S\xee\xddV\xf4o\x9biRf\x16~\xf7\x82\xa8\xfeѵ\xf5\xa2\xf2\xe6I\xc5vW\x9eǟ\x13g\xbem\xfaK\xfb\xf6\xba\x04\xcex\xb9\xf8\xfe\xbc\xddܶ\xaf\xa2\x84\xe5x\x12\xf2\xb7\x1eت\xac\xa4\xc7\xce}ze\xc9i\xf7ݲ\a\xaf/\xcd>\xa3\u007f\xc9\xe9\xaf\xe7\xdd\xe5\x9d\xe7\x83w\xddb\x88\xd2\xd8\xdft\xff\xc7.aـ\xb6\xa6\xbf}\x06\xfd\x9an\x1b\xe4lMoY$\x89Ix\xad}\xb6-0\xe7\xde\xfa\xa4\u05cc\x17\xe4T\xfeU\xf5\vI\te\xec\xf8\x9d6SD\xc45f\xdd\xf3u\x99\xe2\x8d\xdaQ\xe6'㴾\x1c{\xb40&d\xf6\xb2\x10\x86\xf3\x1f>\x1e<>\xc3@\xca\xdaL\xec\xf6\xe2\xbcW\u007f\xd7n:t\xeb=\x93\xbbpׁ\x8f\x9b\r\xd7\xfa\xcb<\xf4\x9f\xb3\x9e\x9fg\xee\xf7\n\xde\x1b_L\xc3\x1anm\xcf\x15\xef\x9f+ט\xf2\xf0\xdfQ\xd7]k\xb3wrU\xf9\xf9{\xb7\xbc\xf3\xfeX{W\x10\x10\x00\x00\xff\xff\xf2\xc9!\xca\x1e\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\xca1\v0\t\x06\x03U\x04\x06\x13\x02US1\x170\x15\x06\x03U\x04\n\x13\x0eVeriSign, Inc.1\x1f0\x1d\x06\x03U\x04\v\x13\x16VeriSign Trust Network1:08\x06\x03U\x04\v\x131(c) 2007 VeriSign, Inc. - For authorized use only1E0C\x06\x03U\x04\x03\x130Hܼ.\x96qy\xf5\xbd\x9aM\xfbN\xa5&2\xb4\xad\xbb\xd5_}\xa1s\xad\xafl\xe4,Ǎ{\xdc\x1b\xee\xccK:\xfcsq\xe3&\x83\xc6\xf5\x06\xfcl̡\xb2\u008c\x8c\xffYX\r\x98\x19\x19\xff\x1b\xf0\x81\x04\xf8A\x02,\xccL\x8cl\x06\xb9l\x1c\xdal\x8c\xac\xac\xec\x8c<,\x89\x06\xf1\vc\x17D\x1bD\x1a\x84\x1b\x84\x8aqf\xe6&\xa6\xa7\xea\xa7g\xa6\x19(\x1a\xc8\x1b\xb0\xb3\xb1j\xf313I\xb1\x88\xf4?\xbd,ն\xa6\xb7/\xfb\xf0\xf9\x86\xac+\x1e\x12:Ւz\x06\xaab\xca\x19%%\x05V\xfa\xfa9\xf9\xe9\xf9ze\xa9E\x99ř\xe9yz\xc9\xf9\xb9\xfae\xc5`1\x90I\xa0\xf8\x92\xe5c\x11c\x11\xd9,6\xf1\xef\xbbeyO\xb6\xeay\xf6\xb7W46\xbcy\xbaq+r\x92g\xce`0He2HS\xe4\x91PK\x88\xb2\xa8\x0esz\xb0\xfc\x8fYK\xe0D\x05\x9d2_g\xdb#\xb2-\xca\x17\xd6\\\xab1e;w6s\xef\x04\xde\xdb9\x1eN\xb2|\xab\x9c\x98\f\x19\xe6\xd8zX*[FH\x89\nEf\xcd{\u007f5r\x93l\x90\xce\xcc³\xc75\xefKk%V\x17^\xbc\xf7\xf9\xc0S^+\xafU\xba\xcbo\xb4i\xdd\xd5\x13\x00\x04\x00\x00\xff\xff\xf6\"2\xe4\x88\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\xca1\v0\t\x06\x03U\x04\x06\x13\x02US1\x170\x15\x06\x03U\x04\n\x13\x0eVeriSign, Inc.1\x1f0\x1d\x06\x03U\x04\v\x13\x16VeriSign Trust Network1:08\x06\x03U\x04\v\x131(c) 2006 VeriSign, Inc. - For authorized use only1E0C\x06\x03U\x04\x03\x13\x81wɍ{?\x1e\x1cN\xe2\xb0\r\x11~\xedy*2\xa4U\xed\xa9v\xbf\xf4\xfc\xd7_\x17N\x90\x00?H\x80\x85\x99\x89\x91\xcd \x97\x8dC\x9b\x8d\x91\x95\x95\x9d\x91\x87%\xd1 ~a\xec\x82h\x83H\x83p\x83P1\xce\xcc\xdc\xc4\xf4T\xfd\xf4\xcc4\x03E\x03y\x03v6Vm>f&)\x16\x91\xfe\xa7\x97\xa5\xda\xd6\xf4\xf6e\x1f>ߐu\xc5CB\xa7ZR\xcf@UL9\xa3\xa4\xa4\xc0J_?'?=_\xaf,\xb5(\xb383=O/9?W\xbf\xac\x18,\x062\t\x94\xbad\xf9X\xc4XD\xea/\xa7.?t\xf7\xcd\xee\x0f\x06\x9c\x9f\x9d-\u007f1\xad764Fˣ̠\u061c\xac\xe2e\x10\x9ft\xfe\x86\xd4\f}\xdbWwf\xea\xee-\xff\xb6\xb4R\xc9\xe2͑\xe5\v*\x84\xd6&\xf1\xb9\x16\xa4\x1c}>=Mw\x06g]\xfc\xfakg4R?1\xae\xe2\x90r\xbf\xf7\xf3gͤ(\x8eL\x05ޛv\xb9y6\xbcy7\x9e\xb1Mt\x90\xd8\xf9\xe3\xe0\xdb\xfb\xb7\x1dW=\x98\xa6p\xf2l\x8a\xa8E\xe3\xc9)\xef\x16\xb5hr\v\xe7\xf7\xdd湫\xcat{I\xb7\xa4\xcb%\xc7*\xd6L\xaf\b\xff\x84SuMY\xdcL\xabT\xc5-\xb7ޮ\u007fޒ\xaa5\xb5ko۽\xb8F\xb1f]\x813\xf7\xfe\xaeh\xd2\xcaՐ\xe7\xe5>\xf2\xf4\xb9\x94\x9a\xe4\xc3/\x82\xf9\x02[\xa7\xfey\xee\xc4jt\xfb\xdc\xdc\xc08\x8dm\xf3Z/G\xbf_Z\xeb\xeaPԷ\x9d/\x9b\x8f\xed\xb7\xb1\xa9GᎹ\xea\xddGR\xe3y\xdb\xca\xe6\xb8T}\x9b\x1a\xf3-ֈ\xc3xI\xc86\t\xfb\x8c\x98ON^\xad\x16!\xcd\xf1\x17_\xe8|Z#xm\xc5\xdb\xe4,@\x00\x00\x00\xff\xff\xa8\xa5\x8a\xbd\xd7\x04\x00\x00")) - p.addCertFuncNotDup("0\x81\xbd1\v0\t\x06\x03U\x04\x06\x13\x02US1\x170\x15\x06\x03U\x04\n\x13\x0eVeriSign, Inc.1\x1f0\x1d\x06\x03U\x04\v\x13\x16VeriSign Trust Network1:08\x06\x03U\x04\v\x131(c) 2008 VeriSign, Inc. - For authorized use only1806\x06\x03U\x04\x03\x13/VeriSign Universal Root Certification Authority", "\xb6w\xfaiHG\x9fS\x12\xd5\xc2\xea\a2v\aї\a\x19", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\xd9i\xd0ļp\x013\x13#\x13\x93\x80\x83ԑ\x14\xc5\xcd\u008a\xcc|\xbb\x9f\bI\x1d\x955\xe0e\xe3\xd4j\xf3h\xfb\xce\xcb\xc8\xc8\xcd\xca`иאۀ\x93\x8d9\x94\x85M\x98)4\xd8P\xdc@\x14\xc4\xe1\x12\xe6\vK-\xca\f\xceL\xcf\xd3Q\xf0\xccK\xd63\x947\x90\x05Ip\v\x8b\xc1$\x14B\x8aJ\x8bK\x14\xfcRK\xca\xf3\x8b\xb2\r\xad\f, \n\f5\x925\x15\x8c\f\f,\x14P\x8dP\xd0Up\xcb/RH,-\xc9\xc8/ʬJMQ(-NU\xc8\xcf˩4\xb400\x03\xe9e\x16և\x1b\x1e\x9a\x97Y\x96ZT\x9c\x98\xa3\x10\x94\x9f_\xa2\xe0\x9cZT\x92\x99\x96\x99\x9cX\x92\x99\x9f\xa7\xe0\b1\xa3\xa4\xd2@N\x9c\xd7\xc0\xc2\xc0\xc4\xc0\xc8\x00\f\xa2\xc4y\x8d\xcd\r\x8d\f\f\x8d\x8cM-M-\xa3\x86\xbc\xff\x9a\x18\x95\x90\xa3\x8c\x91\x95\x81\xb9\x89\x91\x9f\xc1\xa0\x89\x91\x8b\xa9\x89\x91\x91\xe1x\xa2y\xdcFF\x93\xdbI\xd7Eg\xff\x8f\x88\xeaQV\xbe\x96\xd07\xf1\xfa\x84\x19\xcdU\xcf\"$-z\x8e~{\x9aҺeQ\xe1\xef\xb7{w\xde:\xeb˰\xe5\x84n\xf1\xd2㙅S\xe5-m6\xb9\xb0\xcfy\xc1\xf7\xcb\xd7\xeb\x88\xe2}\xcd\xc4~#\xa5Ħ\xa3\xed\xf2y=5\xf1b\n\x81.\x17\v\xfc\xc3_=\x96y|\xa6\xf2]\xc4\r\xbeC\x9b]'\x1f\xd0y>K\\\xbb\x9a\xc1\xbc\xcaѸ\xe2\xa1\xf1\xa3\xcf\x02R\xf5\xed:\xfb\xbe}\xfd\xee\xf4\xe8\xe9\xfe\xf6\xa4\xcex\x06\xef\xfbG\xef>)u1r\xb4\x92+\xcc\xcb<\xcd]\xea\xc6q\xf1\xd4%\xed\xa9\x17\xce\xff\xde鐝\xd2\x13\xee\xfbGX\xb0\xb2\xe5m\\\xc87\x93\xf9\x1c\x8c\x9f\x05T\xd9Ľn}\x94\xadJ˞\x91\x90\xb6\xe4\xe6\xfbKzM\x1f?\xbc\xe7|\xe5rR4\xeb\x11s\x9e\xf1\xe55\xf3C\x19\x8e\u007f\xe3Ț\xb23\xfe\xce\x03\xe3\x8f-\t?\xa3\xd5\x05\xb7\xfc\x11\xfb\xb4;,\xabA\xb5\x97\x89\x99\x91\x81qq\xe3&\x83\xc6\xf5\x06\xfcl̡\xb2\u008c\x8c\xffYX\r\x98\x19\x19\xff\x1b\xf0\x81\x04\xf8A\x02,\xccL\x8cl\x06\xb9l\x1c\xdal\x8c\xac\xac\xec\x8c<,\x89\x06\xf1\vc\x17D\x1bD\x1a\x84\x1b\x84\x8aqf\xe6&\xa6\xa7\xea\xa7g\xa6\x19(\x1a\xc8\x1b\xb0\xb3\xb1j\xf313I\xb1\x88\xf4?\xbd,ն\xa6\xb7/\xfb\xf0\xf9\x86\xac+\x1e\x12:Ւz\x06\xaab\xca\x19%%\x05V\xfa\xfa9\xf9\xe9\xf9ze\xa9E\x99ř\xe9yz\xc9\xf9\xb9\xfae\xc5`1\x90I\xa0\x04%\xcb\xc7\"\xc6\"\xb2\xad\xfcW\xa6\x87\xfb\xfc`\xa1\xab\x87^\xb1\x1b\x95\xb1_\x9c\xce.\x89\x96\x13\x99A\xb1\xe9\xf5\xe3\xc7\x06\xe6g:\xe9\xd5O\xa6\x94'\x9f\xc9\xf3\xf9Y\xcb\xc7{\xe7\xc4Nӝ\x05\xfeɿT~\xe54\xf7\xb8ϵN\xfe<\xebg\x99\xd1ԉ\x1b\xcb\xf7\xac\x99\xb5o\xe3\x13C\xc5c\x8dSâ\xf86\x1e\xba\xb2qY䚏ɧw\xf8\xc8FN\xf0z?ALC>j\x9d\xc0\xef\xc6\x00\v\x9e\x9c3\x1fm\x0f\u007fM~\xbc\xf9\xb1\xe2I\x15˗\u007fE\xd3ܾH\v^\xf0-^\\\xeb\xf6\xd3\xf6\xed\x8a\xf8\xa4+\x1f\xed\u007f<(\tז\x98۸\xe5\x88ƭ)ӗ\x16\xbc^#\xbb\x8f]\xf0\xc3\xd5\xdbw\x9f\xf6|\xb8j\xb4\xa1\xf9Y\xf8\xa3\xfe\xfd\xfb\x16\xae\xdao+\xbb\xf5\x8aū\xeb\x1bb\xac\xfc\xb3\xec\xfb\x0f\xa4\xe5$\xafzys\x89ؗƋSE\xf8j\xcfN5\xb9y\xa9\xbf\xa0\xb8\xb1zN\xdd\xde\x19\x897\\\xdbgL8\xfa\xba\xcd\xe0\x98\xe9\xfe\x0f\xff\x0f\x87v4{\xbfg\x9d\xc4V\xf8inj\xc9\xdbߜmJ\xfch\xf1\xcc\u007f\xfa\f\xad\xa8^@\x00\x00\x00\xff\xffn\xc0]\x1e\xbd\x04\x00\x00")) - p.addCertFuncNotDup("0k1\v0\t\x06\x03U\x04\x06\x13\x02US1\r0\v\x06\x03U\x04\n\x13\x04VISA1/0-\x06\x03U\x04\v\x13&Visa International Service Association1\x1c0\x1a\x06\x03U\x04\x03\x13\x13Visa eCommerce Root", "\x158\x83\x0f?,?p3\x1e\xcdF\xfe\a\x8c \xe0\xd7÷", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb^d\xd0\xc4Ե\x80\x99\x89\x91\x89I@\xb8\xcd\xd4W֞\xed\xd3\xc1\x9f\xa9\xacW'\xc8$\x19\xf0\xb2qj\xb5y\xb4}\xe7eddee0\xc86\xe46\xe0dc\x0eea\x13f\n\r6\xe45\xe0\x06q\xb8\x84Y\xc2<\x83\x1d\r\xf5\rtA\\na\xb5\xb0\xcc\xe2D\x05ϼ\x92Ԣ\xbcĒ\xcc\xfc\xbc\xc4\x1c\x85\xe0Ԣ\xb2\xcc\xe4T\x05\xc7\xe2\xe2\xfc\xe4L\xb0\xa8\xa1\x8c\x81\x14H\x03\xb3\xb00XC\xaas~nnjQr\xaaBP~~\x89\x81\x9c8\xaf\x81\x91\x81\x99\x91\x99\x81\x91\xa1\x85\xb1Y\x948\xaf\x11\x88kb``hfh\x14E_\xc741*!\a\x06#+\x03s\x13#?\x83A\x13#\x17S\x13##\xc3\xfa\xf0{ary\vo%l\x9c\xa2~Z\xfc6\xbb}C\xab\xff\x899\xdb.|\xc9\xf7??\xf3\xc6\xc3ۇ\xe7ڵa\x99\xe7\u007f\x9fڹ\x85\x1dG\xcad'D˾\xfb{\xe6\xfb\xbb\xbf\tK7V\x89\x15^\x14\xbbP#d\x93\x939\xfd\xf6\xbax\xcbY\x05\xfa\xac6\x92n,3\x15\xcc.$\xe4%\xb2\xed\x16s\xea)\xf8n\xf0\xfb\xc1\xed\xb4\xc5\f\x8c{\x9f\xe9ܚ\x18\xbf\xc0\xad\xdb7k\x8e\xad\xed]V\xb7\u007fe\xfb\x17p\xd9\x1b\xd6\u07fc\x9c\xef\xbd\xc0p˵G\x06\xbcl\x9cZm\x1em\xdfy\x19\x19YY\x19\f*\r\xb9\r8٘CY\u0604\x99B\x83\ry\r\xb8A\x1c.a\x960\xcf`GC}\x03]\x10\x97[X-,\xb38Q\xc13\xaf$\xb5(/\xb1$3?/1G!8\xb5\xa8,39U\xc1\xb1\xb88?9\x13,j\xa8e\xa0\x01\xd2\xc0,\xac\bՐ\x96_\x94\v\x96RpI\xcd\xc9,K-\xaaT\b\xca\xcf/Qpv4\x90\x13\xe7505032747121\x8a\x12\xe75\x02q-\xa1܁tZ\x13\xa3\x12r@1\xb22071\xf23\x1841r15122\x9c\x14dx(\u007fa\x92\xfbK}Y\x99$\v\xa9?\x1e\x1e\xb6\xb3bZjyҎD\x8a~\xfeŝ$\xbc\xf5\xff\xb5\xe2Ǻ\rvF>k\x8d\x16\xa9\xbe\x9f\xa7{\xf7炵BL\xdb%\xac\x9f\x94\xb1i7\xc4\xfdry\xe4\x9a\xce*\xd0˟z\xbcw\x81\xab\xad%\xef\xd6\xf7\x11QFo\xaf<\x98\xa2V{\xfe\xcb\xdb\x1b\x9aO\xb6\xfd\xcf8\xb2Bm\xe2\xc3\x1b\u007ft\xe6/QH\xb8\xaao\xb8M\xb6sJ\xb2\xe0\xa5\x17\xf6\x12\x87w\x9eaΫb\xf3\xdb\xdf\xfbg\xf9\xa4\xb7O\xb5\xec\xca\u07b6M\u007f\xe2#\xca\xd5b\xcf\xd5\xfb\xecQ\xd0\n\xf6-a7\x1b\x1f\xb1\xceu>\xa5\xcef;\x93\xe1\xec\xc4\xf7%bo]\xb7(q\x97\xed\xe1\xe3\xcc\xd4\xe8ݺ\x80\xedo\xffϏ\xa1\xd7d2\xa4W\xef:\xbc\xe5\xd2V\xf7Z\xf1KN\xa1\x9766t\xee\xbd\xe8\xcdP\xae7qw\u038b\xdbJ\xcfE\x9f\xa5(\xa8\xb5&/\xe0\x8d\xbb<Ǫ9\xa6^+9x\xc6É\xe1Ľ\f\x8c\x8bk\r\xaa\r\xf8٘Ce\x85\x19\x19\xff\xb3\xb0\x1a032\xfe7\xb0\x04\t(\xb0\x18\x19\x18\x18豱\xa67231\x1a\xa8\x1a\x88\xb2qh\xb31\xb2\xb2\xb231\x8aq\x1a\xea\x19\xe9\x19\xeb\x99\xe8\x99\x1a\xf0\xc0\x85\x99\f\x18\f\xf8@Z\xf9Af\xb1031\xb2\x19Ȃ\xf8|,b,\"\xfe]\xb7\xca\xfe\xa7\x97+\xcfZ\xd6P[{\xbb\xa3\xb4\xf5{c\x15ZJf\x06\xc5\v\xa7\xebVǫ\xec%FEe\f\xe7gv\xd7m}\x99.\xfde\xdd\x0f\xe3[\xf5\xe1\xdaU]\x13n\xbc\xfc+(ra-\xa3T\xa8Ƥj\x9fG\x01%I\x8d\x1bb'\x9fn\xbfık\xa6\x1e\xfbǼ5<\x1b\xef\xe7\x9c:z\xe2ކ\xeb=\x1dq\x93V\xdfn|\xf4\xd9nY\xf6\xaf\xe9\x0f\xc4d\x988\xb6\xf48fV\xeaž{\xcbi{P\xd6\xf6\x81YU\x9f\xdd>\x15U'W\x97\xed\xf2j\xb3囗\x1a\xbb\xc6\xdcX\xbfX\xe16\xeb\xffu|\xeb7\xf6n\x15\xff+\xdbȹo\xf3G\x99\xe6\xc2\xe9E\xa1\x87Ĕ\x1f\xb0\xcc\xcbx\xc7uH4\xfa\xd0\x1dۇ\xe6\xf6q\x1b\xe7T\v\xbc(\x9e\xe9to\x83\xd2㯒\xab\xd9gp\x03\x02\x00\x00\xff\xff\xd6\xf9\x04\xa3\xfd\x03\x00\x00")) - p.addCertFuncNotDup("0\x81\xa31\v0\t\x06\x03U\x04\x06\x13\x02FI1\x100\x0e\x06\x03U\x04\b\x13\aFinland1!0\x1f\x06\x03U\x04\n\x13\x18Vaestorekisterikeskus CA1)0'\x06\x03U\x04\v\x13 Certification Authority Services1\x190\x17\x06\x03U\x04\v\x13\x10Varmennepalvelut1\x190\x17\x06\x03U\x04\x03\x13\x10VRK Gov. Root CA", "\xdb\xe9\xe1\x9b\xd2\xd1$\v\xfc\xab\xe3\xa0gꮜKw\xf4\xb0", certUncompressor("\x1f\x8b\b\x00\x00\x00\x00\x00\x02\xff2hb\x912hbfZ\xc0\xcc\xc4\xc8\xc4\xc4\xccض\xc0\x80\x97\x8dS\xabͣ\xed;/##++\x83A\xe3bCn\x03N6\xe6P\x166a&7OC\x01\x03>\x10\x87C\x98\xdd-3/'1/\xc5P\xd1@\x1e$\xc2%,\x11\x96\x98Z\\\x92_\x94\x9a\x9dY\\\x92Z\x94\x99\x9dZ\x9c]Z\xac\xe0\xech\xa8i\xa0\x0eR\xc2-\xac\xe0\x9cZT\x92\x99\x96\x99\x9cX\x92\x99\x9f\xa7\xe0XZ\x92\x91_\x94YR\xa9\x10\x9cZT\x96\x99\x9cZl(i \x0eQ*\x10\x96X\x94\x9b\x9a\x97\x97Z\x90\x98S\x96\x9aSZ\x02\x93b\x16\x16\b\v\xf2Vp\xcf/\xd3S\b\xca\xcf/Qpv4\x90\x13\xe750242\xb4046560\x88\x12\xe752\x86r\r\r,\xa2\x86\x88/\x9a\x18\x95\x90\x83\x9f\x91\x95\x81\xb9\x89\x91\x9f\xc1\xa0\x89\x91\x8b\xa9\x89\x91\x91aC\xab\xe8\xad\x13\xcc\xe6\x17\x16\xbb\x99\xe7H\xcbM38\x14\xd5*\x94\xae\xfci\xf7\xfc\xe7]\x8d\t\xea?\x84W\xda\xec\xf9\u07b6j\u0557Ϫ\x9a[\xfe\x95\xae\x93kl\xebb\xdd$\x9b\xba\xc9\xe2Ŗ3\x1a\xb3~\x8b\x9b}\x9c|\xb5\xf2\xdc\xc1\xe6nE\xffük\x1d\xefW\xcc\xf5x,\xef\xe4\xf2\xc7&WQ!{\xadR\x8b\x8aS\xbf\xb8\xef\xa1\x00\xf9\x94\xb3\xba\x96Ja\x1d\u007f7%\xcf\r\xb9\xe5\x94y\xe0\x84\xffu\x89Gv'2[\xa6\xd8\xea4\x1c\xab9\xb7\xf7z\xb0\xfc뎝\xcbN\xefn\r\u007f\x1f^\x16\xcb\xd3}9N\xc8q\xbe\xe2\x01\xcb/j\xb9\x1c\xbf,6/,\xdf\xf8N\xecƅ\x8c[[f,]\x90\xea\xe6\x95\xdd[\xb7\xca7aǏ\x13\xbc\u007f\n\xed\xdeY\xb67n\xb9\xf9#o\xc2;{\xbe\xc4\xeb\xb2\xda\x19\xcf\xf4\x1e:\xb9\xa8U\xe8D|\xaa\x15\xabO<\u0a62\xd5پ-V_S\xf2Dz\xe7}A\xf3\x1c\xbd\xa3\xf8V\xed8\x94\xe6\x14\xcc\xc4\xcc\xc8\xc0\xb88\xd4 \u0600\x9f\x8d9TV\x98\x91\xf1?\v\xab\x013#\xe3\u007f\x03A6΄6\x0fƶ\x1fN\x8c\x8c,,\xccL\f\xec\xe0\x18\x96\xe5\a\xa9aafb<\xf99q\xf5sY\xeb=/\xce\u007f\xc9\xd65\xa9y\xe4\x91(\xd3\xf79\xd1\xe5L\xfe\x02\xaf\x95S6\xf8\xdez\xbeҤ\xaa\xc8b\x85\xe3\x19\x9b)\x82\xb5\xafO,\xeb\xd9\xdev\xfa\x94\xb1\xf5M[\xf3\xee\xdfUvm:ϋ\xafs\x85\xafI\x99-\xf9\xfa\v?\vG\xd7\x1afqɔ/Q\xaaJ\xbd&:\x9b\xbee\xc8\n\xe5^\xee\x92\x13\xb9u\xa4\u007f\xd9#\xe5֫U\xbc{\xb3\x1e\xbc|\xf3F|\xb7\x93t\xfa*շ\xae͊\u007f\x0e\x9e\xac\xb9\x9ad\xf7\xeb\xd3Q\xdd\xcb\u007f\xaf\xa421320.n\x9co\xd08\xc7@\x98\x8dS\x9b\x8d\x91\x85\xb1\xc9\\\x84\x89\x85M\x8e\x85\xc1\x99\xc1р\x9b\x8d9T\x96\x9f\x85\x85\x99\x89\xb1̀\x1f\xc4\x11fd\xfc\xcf\xc2j\xc0\xcc\xc8\xf8\xdf@\x16$\xc0\xc7\"\xc6\"r\xcc\u007f\x91-[r\v\xe7\x9csIOX\xd6\xf4\xc6l}\xb9M\xda\xc0\f$-Ϣo\xa0k\xa0\xbd@s\x81z\x9bjFII\x81\x95\xbe~rQ\x0ef\nЏpwv\xd4K.\xca1\x10\x80\xbbD\x94\x11d3#Z\x06`\x06E\xddDQKfF\xe9\xf4\xdf^2?\xb9\x12\xa2\x17\xde\xf2\x9d\x9e\xf4S%X\xfdzS\x8a\xdf\x04\xbdÞ\xd2ڳ\xee\xfcYQ\x91n\xfaQ\xf6\x83\xe0\xde\xed\x1e\x8f\x05\xbe\xf1\u07b7\xbftr۪\xd0%\x1e\xbb\x98nߋ\xd4\x13\x8d\xb6\x9e+V\xeb~\xdd\xfcU\xbco\x99\x90\xd9n\xf9\xeb\v\x1bY\xdc\x14\x16\xeb䮜\xc7Xg\xafy\x8ea\xf2\xfd\xbf''\x15wv\xa6\xcc{\xae\xfdDf\xa2Υ\x9d\xe7j\xcf\xe5\x1bμ\xfcl\xdf%\xb9\t\x1f8E*c\x94W\xfb^\xba\xa5(\xef;\xb3r\xee\xc3\xf3\xea\xf3\x05f\xcbt\xf0n\xe8Jq4\xdc\xc1\x973Ae\xc9\xec\x98\xc2\xfe]\xbb\xebd\xa4og5\xf0+\xeeyy{\xd9v\x87/\x9b\xbaWn|\xf2~\x96\xd4\x05\xdb̙\xefVh,~h\xb3\xf9\xc3&\xc19\xe7k\x1c\x9e\xdd}\xee\\\xbb\xe8\x86\xd5֕\xbd\x9fLf\x1e\xb9\"\xf0\x90\xed/g\x8b\x80\xf5\xbb#>_ި\xd78\x1d*\xa9i\xea\xe2<\xb9\x85Yu\x0f \x00\x00\xff\xff\xdf\xe6\x1c]4\x04\x00\x00")) - - return p, nil -} diff --git a/tempfork/x509/root_darwin_arm_gen.go b/tempfork/x509/root_darwin_arm_gen.go deleted file mode 100644 index d26568d9d..000000000 --- a/tempfork/x509/root_darwin_arm_gen.go +++ /dev/null @@ -1,109 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build ignore - -// Generates root_darwin_arm64.go. -// -// As of iOS 8, there is no API for querying the system trusted X.509 root -// certificates. We could use SecTrustEvaluate to verify that a trust chain -// exists for a certificate, but the x509 API requires returning the entire -// chain. -// -// Apple publishes the list of trusted root certificates for iOS on -// support.apple.com. So we parse the list and extract the certificates from -// an OS X machine and embed them into the x509 package. -package main - -import ( - "bytes" - "compress/gzip" - "crypto/x509" - "encoding/pem" - "flag" - "fmt" - "go/format" - "io/ioutil" - "log" -) - -var output = flag.String("output", "root_darwin_arm64.go", "file name to write") - -func main() { - certs, err := selectCerts() - if err != nil { - log.Fatal(err) - } - - buf := new(bytes.Buffer) - - fmt.Fprintf(buf, "// Code generated by root_darwin_arm_gen --output %s; DO NOT EDIT.\n", *output) - fmt.Fprintf(buf, "%s", header) - for _, cert := range certs { - gzbuf := new(bytes.Buffer) - zw, err := gzip.NewWriterLevel(gzbuf, gzip.BestCompression) - if err != nil { - log.Fatal(err) - } - if _, err := zw.Write(cert.Raw); err != nil { - log.Fatal(err) - } - if err := zw.Close(); err != nil { - log.Fatal(err) - } - fmt.Fprintf(buf, "p.addCertFuncNotDup(%q, %q, certUncompressor(%q))\n", - cert.RawSubject, - cert.SubjectKeyId, - gzbuf.Bytes()) - } - fmt.Fprintf(buf, "%s", footer) - - source, err := format.Source(buf.Bytes()) - if err != nil { - log.Fatal("source format error:", err) - } - if err := ioutil.WriteFile(*output, source, 0644); err != nil { - log.Fatal(err) - } -} - -func selectCerts() (certs []*x509.Certificate, err error) { - pemCerts, err := ioutil.ReadFile("certs.pem") - if err != nil { - return nil, err - } - for len(pemCerts) > 0 { - var block *pem.Block - block, pemCerts = pem.Decode(pemCerts) - if block == nil { - break - } - if block.Type != "CERTIFICATE" || len(block.Headers) != 0 { - continue - } - - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return nil, err - } - certs = append(certs, cert) - } - return certs, nil -} - -const header = ` -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -func loadSystemRoots() (*CertPool, error) { - p := NewCertPool() -` - -const footer = ` - return p, nil -} -` diff --git a/tempfork/x509/root_darwin_test.go b/tempfork/x509/root_darwin_test.go deleted file mode 100644 index df5235755..000000000 --- a/tempfork/x509/root_darwin_test.go +++ /dev/null @@ -1,131 +0,0 @@ -// Copyright 2013 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "crypto/rsa" - "os" - "os/exec" - "path/filepath" - "runtime" - "testing" - "time" -) - -func TestSystemRoots(t *testing.T) { - switch runtime.GOARCH { - case "arm64": - t.Skipf("skipping on %s/%s, no system root", runtime.GOOS, runtime.GOARCH) - } - - t0 := time.Now() - sysRoots := systemRootsPool() // actual system roots - sysRootsDuration := time.Since(t0) - - t1 := time.Now() - execRoots, err := execSecurityRoots() // non-cgo roots - execSysRootsDuration := time.Since(t1) - - if err != nil { - t.Fatalf("failed to read system roots: %v", err) - } - - t.Logf(" cgo sys roots: %v", sysRootsDuration) - t.Logf("non-cgo sys roots: %v", execSysRootsDuration) - - // On Mavericks, there are 212 bundled certs, at least there was at - // one point in time on one machine. (Maybe it was a corp laptop - // with extra certs?) Other OS X users report 135, 142, 145... - // Let's try requiring at least 100, since this is just a sanity - // check. - if want, have := 100, sysRoots.len(); have < want { - t.Errorf("want at least %d system roots, have %d", want, have) - } - - // Fetch any intermediate certificate that verify-cert might be aware of. - out, err := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", - "/Library/Keychains/System.keychain", - filepath.Join(os.Getenv("HOME"), "/Library/Keychains/login.keychain"), - filepath.Join(os.Getenv("HOME"), "/Library/Keychains/login.keychain-db")).Output() - if err != nil { - t.Fatal(err) - } - allCerts := NewCertPool() - allCerts.AppendCertsFromPEM(out) - - // Check that the two cert pools are the same. - sysPool := make(map[string]*Certificate, sysRoots.len()) - for i := 0; i < sysRoots.len(); i++ { - c := sysRoots.mustCert(i) - sysPool[string(c.Raw)] = c - } - for i := 0; i < execRoots.len(); i++ { - c := execRoots.mustCert(i) - if _, ok := sysPool[string(c.Raw)]; ok { - delete(sysPool, string(c.Raw)) - } else { - // verify-cert lets in certificates that are not trusted roots, but - // are signed by trusted roots. This is not great, but unavoidable - // until we parse real policies without cgo, so confirm that's the - // case and skip them. - if _, err := c.Verify(VerifyOptions{ - Roots: sysRoots, - Intermediates: allCerts, - KeyUsages: []ExtKeyUsage{ExtKeyUsageAny}, - CurrentTime: c.NotBefore, // verify-cert does not check expiration - }); err != nil { - t.Errorf("certificate only present in non-cgo pool: %v (verify error: %v)", c.Subject, err) - } else { - t.Logf("signed certificate only present in non-cgo pool (acceptable): %v", c.Subject) - } - } - } - for _, c := range sysPool { - // The nocgo codepath uses verify-cert with the ssl policy, which also - // happens to check EKUs, so some certificates will appear only in the - // cgo pool. We can't easily make them consistent because the EKU check - // is only applied to the certificates passed to verify-cert. - var ekuOk bool - for _, eku := range c.ExtKeyUsage { - if eku == ExtKeyUsageServerAuth || eku == ExtKeyUsageNetscapeServerGatedCrypto || - eku == ExtKeyUsageMicrosoftServerGatedCrypto || eku == ExtKeyUsageAny { - ekuOk = true - } - } - if len(c.ExtKeyUsage) == 0 && len(c.UnknownExtKeyUsage) == 0 { - ekuOk = true - } - if !ekuOk { - t.Logf("off-EKU certificate only present in cgo pool (acceptable): %v", c.Subject) - continue - } - - // Same for expired certificates. We don't chain to them anyway. - now := time.Now() - if now.Before(c.NotBefore) || now.After(c.NotAfter) { - t.Logf("expired certificate only present in cgo pool (acceptable): %v", c.Subject) - continue - } - - // On 10.11 there are five unexplained roots that only show up from the - // C API. They have in common the fact that they are old, 1024-bit - // certificates. It's arguably better to ignore them anyway. - if key, ok := c.PublicKey.(*rsa.PublicKey); ok && key.N.BitLen() == 1024 { - t.Logf("1024-bit certificate only present in cgo pool (acceptable): %v", c.Subject) - continue - } - - t.Errorf("certificate only present in cgo pool: %v", c.Subject) - } - - if t.Failed() && debugDarwinRoots { - cmd := exec.Command("security", "dump-trust-settings") - cmd.Stdout, cmd.Stderr = os.Stderr, os.Stderr - cmd.Run() - cmd = exec.Command("security", "dump-trust-settings", "-d") - cmd.Stdout, cmd.Stderr = os.Stderr, os.Stderr - cmd.Run() - } -} diff --git a/tempfork/x509/root_js.go b/tempfork/x509/root_js.go deleted file mode 100644 index 70abb73f9..000000000 --- a/tempfork/x509/root_js.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build js,wasm - -package x509 - -// Possible certificate files; stop after finding one. -var certFiles = []string{} diff --git a/tempfork/x509/root_linux.go b/tempfork/x509/root_linux.go deleted file mode 100644 index 267775dc5..000000000 --- a/tempfork/x509/root_linux.go +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -// Possible certificate files; stop after finding one. -var certFiles = []string{ - "/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc. - "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL 6 - "/etc/ssl/ca-bundle.pem", // OpenSUSE - "/etc/pki/tls/cacert.pem", // OpenELEC - "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7 - "/etc/ssl/cert.pem", // Alpine Linux -} diff --git a/tempfork/x509/root_nocgo_darwin.go b/tempfork/x509/root_nocgo_darwin.go deleted file mode 100644 index cd74a89da..000000000 --- a/tempfork/x509/root_nocgo_darwin.go +++ /dev/null @@ -1,11 +0,0 @@ -// Copyright 2013 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build !cgo,!arm64 - -package x509 - -func loadSystemRoots() (*CertPool, error) { - return execSecurityRoots() -} diff --git a/tempfork/x509/root_plan9.go b/tempfork/x509/root_plan9.go deleted file mode 100644 index 09f0e2303..000000000 --- a/tempfork/x509/root_plan9.go +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build plan9 - -package x509 - -import ( - "io/ioutil" - "os" -) - -// Possible certificate files; stop after finding one. -var certFiles = []string{ - "/sys/lib/tls/ca.pem", -} - -func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { - return nil, nil -} - -func loadSystemRoots() (*CertPool, error) { - roots := NewCertPool() - var bestErr error - for _, file := range certFiles { - data, err := ioutil.ReadFile(file) - if err == nil { - roots.AppendCertsFromPEM(data) - return roots, nil - } - if bestErr == nil || (os.IsNotExist(bestErr) && !os.IsNotExist(err)) { - bestErr = err - } - } - if bestErr == nil { - return roots, nil - } - return nil, bestErr -} diff --git a/tempfork/x509/root_solaris.go b/tempfork/x509/root_solaris.go deleted file mode 100644 index e6d4e6139..000000000 --- a/tempfork/x509/root_solaris.go +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -// Possible certificate files; stop after finding one. -var certFiles = []string{ - "/etc/certs/ca-certificates.crt", // Solaris 11.2+ - "/etc/ssl/certs/ca-certificates.crt", // Joyent SmartOS - "/etc/ssl/cacert.pem", // OmniOS -} diff --git a/tempfork/x509/root_unix.go b/tempfork/x509/root_unix.go deleted file mode 100644 index 0fce0a1d7..000000000 --- a/tempfork/x509/root_unix.go +++ /dev/null @@ -1,92 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build aix dragonfly freebsd js,wasm linux netbsd openbsd solaris - -package x509 - -import ( - "io/ioutil" - "os" - "strings" -) - -// Possible directories with certificate files; stop after successfully -// reading at least one file from a directory. -var certDirectories = []string{ - "/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139 - "/system/etc/security/cacerts", // Android - "/usr/local/share/certs", // FreeBSD - "/etc/pki/tls/certs", // Fedora/RHEL - "/etc/openssl/certs", // NetBSD - "/var/ssl/certs", // AIX -} - -const ( - // certFileEnv is the environment variable which identifies where to locate - // the SSL certificate file. If set this overrides the system default. - certFileEnv = "SSL_CERT_FILE" - - // certDirEnv is the environment variable which identifies which directory - // to check for SSL certificate files. If set this overrides the system default. - // It is a colon separated list of directories. - // See https://www.openssl.org/docs/man1.0.2/man1/c_rehash.html. - certDirEnv = "SSL_CERT_DIR" -) - -func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { - return nil, nil -} - -func loadSystemRoots() (*CertPool, error) { - roots := NewCertPool() - - files := certFiles - if f := os.Getenv(certFileEnv); f != "" { - files = []string{f} - } - - var firstErr error - for _, file := range files { - data, err := ioutil.ReadFile(file) - if err == nil { - roots.AppendCertsFromPEM(data) - break - } - if firstErr == nil && !os.IsNotExist(err) { - firstErr = err - } - } - - dirs := certDirectories - if d := os.Getenv(certDirEnv); d != "" { - // OpenSSL and BoringSSL both use ":" as the SSL_CERT_DIR separator. - // See: - // * https://golang.org/issue/35325 - // * https://www.openssl.org/docs/man1.0.2/man1/c_rehash.html - dirs = strings.Split(d, ":") - } - - for _, directory := range dirs { - fis, err := ioutil.ReadDir(directory) - if err != nil { - if firstErr == nil && !os.IsNotExist(err) { - firstErr = err - } - continue - } - for _, fi := range fis { - data, err := ioutil.ReadFile(directory + "/" + fi.Name()) - if err == nil { - roots.AppendCertsFromPEM(data) - } - } - } - - if roots.len() > 0 || firstErr == nil { - return roots, nil - } - - return nil, firstErr -} diff --git a/tempfork/x509/root_unix_test.go b/tempfork/x509/root_unix_test.go deleted file mode 100644 index cbb48eddb..000000000 --- a/tempfork/x509/root_unix_test.go +++ /dev/null @@ -1,208 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build dragonfly freebsd linux netbsd openbsd solaris - -package x509 - -import ( - "bytes" - "fmt" - "io/ioutil" - "os" - "path/filepath" - "reflect" - "strings" - "testing" -) - -const ( - testDir = "testdata" - testDirCN = "test-dir" - testFile = "test-file.crt" - testFileCN = "test-file" - testMissing = "missing" -) - -func TestEnvVars(t *testing.T) { - testCases := []struct { - name string - fileEnv string - dirEnv string - files []string - dirs []string - cns []string - }{ - { - // Environment variables override the default locations preventing fall through. - name: "override-defaults", - fileEnv: testMissing, - dirEnv: testMissing, - files: []string{testFile}, - dirs: []string{testDir}, - cns: nil, - }, - { - // File environment overrides default file locations. - name: "file", - fileEnv: testFile, - dirEnv: "", - files: nil, - dirs: nil, - cns: []string{testFileCN}, - }, - { - // Directory environment overrides default directory locations. - name: "dir", - fileEnv: "", - dirEnv: testDir, - files: nil, - dirs: nil, - cns: []string{testDirCN}, - }, - { - // File & directory environment overrides both default locations. - name: "file+dir", - fileEnv: testFile, - dirEnv: testDir, - files: nil, - dirs: nil, - cns: []string{testFileCN, testDirCN}, - }, - { - // Environment variable empty / unset uses default locations. - name: "empty-fall-through", - fileEnv: "", - dirEnv: "", - files: []string{testFile}, - dirs: []string{testDir}, - cns: []string{testFileCN, testDirCN}, - }, - } - - // Save old settings so we can restore before the test ends. - origCertFiles, origCertDirectories := certFiles, certDirectories - origFile, origDir := os.Getenv(certFileEnv), os.Getenv(certDirEnv) - defer func() { - certFiles = origCertFiles - certDirectories = origCertDirectories - os.Setenv(certFileEnv, origFile) - os.Setenv(certDirEnv, origDir) - }() - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - if err := os.Setenv(certFileEnv, tc.fileEnv); err != nil { - t.Fatalf("setenv %q failed: %v", certFileEnv, err) - } - if err := os.Setenv(certDirEnv, tc.dirEnv); err != nil { - t.Fatalf("setenv %q failed: %v", certDirEnv, err) - } - - certFiles, certDirectories = tc.files, tc.dirs - - r, err := loadSystemRoots() - if err != nil { - t.Fatal("unexpected failure:", err) - } - - if r == nil { - t.Fatal("nil roots") - } - - // Verify that the returned certs match, otherwise report where the mismatch is. - for i, cn := range tc.cns { - if i >= r.len() { - t.Errorf("missing cert %v @ %v", cn, i) - } else if r.mustCert(i).Subject.CommonName != cn { - fmt.Printf("%#v\n", r.mustCert(0).Subject) - t.Errorf("unexpected cert common name %q, want %q", r.mustCert(i).Subject.CommonName, cn) - } - } - if r.len() > len(tc.cns) { - t.Errorf("got %v certs, which is more than %v wanted", r.len(), len(tc.cns)) - } - }) - } -} - -// Ensure that "SSL_CERT_DIR" when used as the environment -// variable delimited by colons, allows loadSystemRoots to -// load all the roots from the respective directories. -// See https://golang.org/issue/35325. -func TestLoadSystemCertsLoadColonSeparatedDirs(t *testing.T) { - origFile, origDir := os.Getenv(certFileEnv), os.Getenv(certDirEnv) - origCertFiles := certFiles[:] - - // To prevent any other certs from being loaded in - // through "SSL_CERT_FILE" or from known "certFiles", - // clear them all, and they'll be reverting on defer. - certFiles = certFiles[:0] - os.Setenv(certFileEnv, "") - - defer func() { - certFiles = origCertFiles[:] - os.Setenv(certDirEnv, origDir) - os.Setenv(certFileEnv, origFile) - }() - - tmpDir, err := ioutil.TempDir(os.TempDir(), "x509-issue35325") - if err != nil { - t.Fatalf("Failed to create temporary directory: %v", err) - } - defer os.RemoveAll(tmpDir) - - rootPEMs := []string{ - geoTrustRoot, - googleLeaf, - startComRoot, - } - - var certDirs []string - for i, certPEM := range rootPEMs { - certDir := filepath.Join(tmpDir, fmt.Sprintf("cert-%d", i)) - if err := os.MkdirAll(certDir, 0755); err != nil { - t.Fatalf("Failed to create certificate dir: %v", err) - } - certOutFile := filepath.Join(certDir, "cert.crt") - if err := ioutil.WriteFile(certOutFile, []byte(certPEM), 0655); err != nil { - t.Fatalf("Failed to write certificate to file: %v", err) - } - certDirs = append(certDirs, certDir) - } - - // Sanity check: the number of certDirs should be equal to the number of roots. - if g, w := len(certDirs), len(rootPEMs); g != w { - t.Fatalf("Failed sanity check: len(certsDir)=%d is not equal to len(rootsPEMS)=%d", g, w) - } - - // Now finally concatenate them with a colon. - colonConcatCertDirs := strings.Join(certDirs, ":") - os.Setenv(certDirEnv, colonConcatCertDirs) - gotPool, err := loadSystemRoots() - if err != nil { - t.Fatalf("Failed to load system roots: %v", err) - } - subjects := gotPool.Subjects() - // We expect exactly len(rootPEMs) subjects back. - if g, w := len(subjects), len(rootPEMs); g != w { - t.Fatalf("Invalid number of subjects: got %d want %d", g, w) - } - - wantPool := NewCertPool() - for _, certPEM := range rootPEMs { - wantPool.AppendCertsFromPEM([]byte(certPEM)) - } - strCertPool := func(p *CertPool) string { - return string(bytes.Join(p.Subjects(), []byte("\n"))) - } - - zeroPoolFuncs(gotPool) - zeroPoolFuncs(wantPool) - - if !reflect.DeepEqual(gotPool, wantPool) { - g, w := strCertPool(gotPool), strCertPool(wantPool) - t.Fatalf("Mismatched certPools\nGot:\n%s\n\nWant:\n%s", g, w) - } -} diff --git a/tempfork/x509/root_windows.go b/tempfork/x509/root_windows.go deleted file mode 100644 index f98728179..000000000 --- a/tempfork/x509/root_windows.go +++ /dev/null @@ -1,290 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "errors" - "syscall" - "unsafe" -) - -// Creates a new *syscall.CertContext representing the leaf certificate in an in-memory -// certificate store containing itself and all of the intermediate certificates specified -// in the opts.Intermediates CertPool. -// -// A pointer to the in-memory store is available in the returned CertContext's Store field. -// The store is automatically freed when the CertContext is freed using -// syscall.CertFreeCertificateContext. -func createStoreContext(leaf *Certificate, opts *VerifyOptions) (*syscall.CertContext, error) { - var storeCtx *syscall.CertContext - - leafCtx, err := syscall.CertCreateCertificateContext(syscall.X509_ASN_ENCODING|syscall.PKCS_7_ASN_ENCODING, &leaf.Raw[0], uint32(len(leaf.Raw))) - if err != nil { - return nil, err - } - defer syscall.CertFreeCertificateContext(leafCtx) - - handle, err := syscall.CertOpenStore(syscall.CERT_STORE_PROV_MEMORY, 0, 0, syscall.CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, 0) - if err != nil { - return nil, err - } - defer syscall.CertCloseStore(handle, 0) - - err = syscall.CertAddCertificateContextToStore(handle, leafCtx, syscall.CERT_STORE_ADD_ALWAYS, &storeCtx) - if err != nil { - return nil, err - } - - if opts.Intermediates != nil { - for i := 0; i < opts.Intermediates.len(); i++ { - intermediate, err := opts.Intermediates.cert(i) - if err != nil { - return nil, err - } - ctx, err := syscall.CertCreateCertificateContext(syscall.X509_ASN_ENCODING|syscall.PKCS_7_ASN_ENCODING, &intermediate.Raw[0], uint32(len(intermediate.Raw))) - if err != nil { - return nil, err - } - - err = syscall.CertAddCertificateContextToStore(handle, ctx, syscall.CERT_STORE_ADD_ALWAYS, nil) - syscall.CertFreeCertificateContext(ctx) - if err != nil { - return nil, err - } - } - } - - return storeCtx, nil -} - -// extractSimpleChain extracts the final certificate chain from a CertSimpleChain. -func extractSimpleChain(simpleChain **syscall.CertSimpleChain, count int) (chain []*Certificate, err error) { - if simpleChain == nil || count == 0 { - return nil, errors.New("x509: invalid simple chain") - } - - simpleChains := (*[1 << 20]*syscall.CertSimpleChain)(unsafe.Pointer(simpleChain))[:count:count] - lastChain := simpleChains[count-1] - elements := (*[1 << 20]*syscall.CertChainElement)(unsafe.Pointer(lastChain.Elements))[:lastChain.NumElements:lastChain.NumElements] - for i := 0; i < int(lastChain.NumElements); i++ { - // Copy the buf, since ParseCertificate does not create its own copy. - cert := elements[i].CertContext - encodedCert := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:cert.Length:cert.Length] - buf := make([]byte, cert.Length) - copy(buf, encodedCert) - parsedCert, err := ParseCertificate(buf) - if err != nil { - return nil, err - } - chain = append(chain, parsedCert) - } - - return chain, nil -} - -// checkChainTrustStatus checks the trust status of the certificate chain, translating -// any errors it finds into Go errors in the process. -func checkChainTrustStatus(c *Certificate, chainCtx *syscall.CertChainContext) error { - if chainCtx.TrustStatus.ErrorStatus != syscall.CERT_TRUST_NO_ERROR { - status := chainCtx.TrustStatus.ErrorStatus - switch status { - case syscall.CERT_TRUST_IS_NOT_TIME_VALID: - return CertificateInvalidError{c, Expired, ""} - default: - return UnknownAuthorityError{c, nil, nil} - } - } - return nil -} - -// checkChainSSLServerPolicy checks that the certificate chain in chainCtx is valid for -// use as a certificate chain for a SSL/TLS server. -func checkChainSSLServerPolicy(c *Certificate, chainCtx *syscall.CertChainContext, opts *VerifyOptions) error { - servernamep, err := syscall.UTF16PtrFromString(opts.DNSName) - if err != nil { - return err - } - sslPara := &syscall.SSLExtraCertChainPolicyPara{ - AuthType: syscall.AUTHTYPE_SERVER, - ServerName: servernamep, - } - sslPara.Size = uint32(unsafe.Sizeof(*sslPara)) - - para := &syscall.CertChainPolicyPara{ - ExtraPolicyPara: (syscall.Pointer)(unsafe.Pointer(sslPara)), - } - para.Size = uint32(unsafe.Sizeof(*para)) - - status := syscall.CertChainPolicyStatus{} - err = syscall.CertVerifyCertificateChainPolicy(syscall.CERT_CHAIN_POLICY_SSL, chainCtx, para, &status) - if err != nil { - return err - } - - // TODO(mkrautz): use the lChainIndex and lElementIndex fields - // of the CertChainPolicyStatus to provide proper context, instead - // using c. - if status.Error != 0 { - switch status.Error { - case syscall.CERT_E_EXPIRED: - return CertificateInvalidError{c, Expired, ""} - case syscall.CERT_E_CN_NO_MATCH: - return HostnameError{c, opts.DNSName} - case syscall.CERT_E_UNTRUSTEDROOT: - return UnknownAuthorityError{c, nil, nil} - default: - return UnknownAuthorityError{c, nil, nil} - } - } - - return nil -} - -// systemVerify is like Verify, except that it uses CryptoAPI calls -// to build certificate chains and verify them. -func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { - hasDNSName := opts != nil && len(opts.DNSName) > 0 - - storeCtx, err := createStoreContext(c, opts) - if err != nil { - return nil, err - } - defer syscall.CertFreeCertificateContext(storeCtx) - - para := new(syscall.CertChainPara) - para.Size = uint32(unsafe.Sizeof(*para)) - - // If there's a DNSName set in opts, assume we're verifying - // a certificate from a TLS server. - if hasDNSName { - oids := []*byte{ - &syscall.OID_PKIX_KP_SERVER_AUTH[0], - // Both IE and Chrome allow certificates with - // Server Gated Crypto as well. Some certificates - // in the wild require them. - &syscall.OID_SERVER_GATED_CRYPTO[0], - &syscall.OID_SGC_NETSCAPE[0], - } - para.RequestedUsage.Type = syscall.USAGE_MATCH_TYPE_OR - para.RequestedUsage.Usage.Length = uint32(len(oids)) - para.RequestedUsage.Usage.UsageIdentifiers = &oids[0] - } else { - para.RequestedUsage.Type = syscall.USAGE_MATCH_TYPE_AND - para.RequestedUsage.Usage.Length = 0 - para.RequestedUsage.Usage.UsageIdentifiers = nil - } - - var verifyTime *syscall.Filetime - if opts != nil && !opts.CurrentTime.IsZero() { - ft := syscall.NsecToFiletime(opts.CurrentTime.UnixNano()) - verifyTime = &ft - } - - // CertGetCertificateChain will traverse Windows's root stores - // in an attempt to build a verified certificate chain. Once - // it has found a verified chain, it stops. MSDN docs on - // CERT_CHAIN_CONTEXT: - // - // When a CERT_CHAIN_CONTEXT is built, the first simple chain - // begins with an end certificate and ends with a self-signed - // certificate. If that self-signed certificate is not a root - // or otherwise trusted certificate, an attempt is made to - // build a new chain. CTLs are used to create the new chain - // beginning with the self-signed certificate from the original - // chain as the end certificate of the new chain. This process - // continues building additional simple chains until the first - // self-signed certificate is a trusted certificate or until - // an additional simple chain cannot be built. - // - // The result is that we'll only get a single trusted chain to - // return to our caller. - var chainCtx *syscall.CertChainContext - err = syscall.CertGetCertificateChain(syscall.Handle(0), storeCtx, verifyTime, storeCtx.Store, para, 0, 0, &chainCtx) - if err != nil { - return nil, err - } - defer syscall.CertFreeCertificateChain(chainCtx) - - err = checkChainTrustStatus(c, chainCtx) - if err != nil { - return nil, err - } - - if hasDNSName { - err = checkChainSSLServerPolicy(c, chainCtx, opts) - if err != nil { - return nil, err - } - } - - chain, err := extractSimpleChain(chainCtx.Chains, int(chainCtx.ChainCount)) - if err != nil { - return nil, err - } - if len(chain) < 1 { - return nil, errors.New("x509: internal error: system verifier returned an empty chain") - } - - // Mitigate CVE-2020-0601, where the Windows system verifier might be - // tricked into using custom curve parameters for a trusted root, by - // double-checking all ECDSA signatures. If the system was tricked into - // using spoofed parameters, the signature will be invalid for the correct - // ones we parsed. (We don't support custom curves ourselves.) - for i, parent := range chain[1:] { - if parent.PublicKeyAlgorithm != ECDSA { - continue - } - if err := parent.CheckSignature(chain[i].SignatureAlgorithm, - chain[i].RawTBSCertificate, chain[i].Signature); err != nil { - return nil, err - } - } - - return [][]*Certificate{chain}, nil -} - -func loadSystemRoots() (*CertPool, error) { - // TODO: restore this functionality on Windows. We tried to do - // it in Go 1.8 but had to revert it. See Issue 18609. - // Returning (nil, nil) was the old behavior, prior to CL 30578. - // The if statement here avoids vet complaining about - // unreachable code below. - if true { - return nil, nil - } - - const CRYPT_E_NOT_FOUND = 0x80092004 - - store, err := syscall.CertOpenSystemStore(0, syscall.StringToUTF16Ptr("ROOT")) - if err != nil { - return nil, err - } - defer syscall.CertCloseStore(store, 0) - - roots := NewCertPool() - var cert *syscall.CertContext - for { - cert, err = syscall.CertEnumCertificatesInStore(store, cert) - if err != nil { - if errno, ok := err.(syscall.Errno); ok { - if errno == CRYPT_E_NOT_FOUND { - break - } - } - return nil, err - } - if cert == nil { - break - } - // Copy the buf, since ParseCertificate does not create its own copy. - buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:cert.Length:cert.Length] - buf2 := make([]byte, cert.Length) - copy(buf2, buf) - if c, err := ParseCertificate(buf2); err == nil { - roots.AddCert(c) - } - } - return roots, nil -} diff --git a/tempfork/x509/sec1.go b/tempfork/x509/sec1.go deleted file mode 100644 index 0bfb90cd5..000000000 --- a/tempfork/x509/sec1.go +++ /dev/null @@ -1,123 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "crypto/ecdsa" - "crypto/elliptic" - "encoding/asn1" - "errors" - "fmt" - "math/big" -) - -const ecPrivKeyVersion = 1 - -// ecPrivateKey reflects an ASN.1 Elliptic Curve Private Key Structure. -// References: -// RFC 5915 -// SEC1 - http://www.secg.org/sec1-v2.pdf -// Per RFC 5915 the NamedCurveOID is marked as ASN.1 OPTIONAL, however in -// most cases it is not. -type ecPrivateKey struct { - Version int - PrivateKey []byte - NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"` - PublicKey asn1.BitString `asn1:"optional,explicit,tag:1"` -} - -// ParseECPrivateKey parses an EC private key in SEC 1, ASN.1 DER form. -// -// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY". -func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error) { - return parseECPrivateKey(nil, der) -} - -// MarshalECPrivateKey converts an EC private key to SEC 1, ASN.1 DER form. -// -// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY". -// For a more flexible key format which is not EC specific, use -// MarshalPKCS8PrivateKey. -func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) { - oid, ok := oidFromNamedCurve(key.Curve) - if !ok { - return nil, errors.New("x509: unknown elliptic curve") - } - - return marshalECPrivateKeyWithOID(key, oid) -} - -// marshalECPrivateKey marshals an EC private key into ASN.1, DER format and -// sets the curve ID to the given OID, or omits it if OID is nil. -func marshalECPrivateKeyWithOID(key *ecdsa.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error) { - privateKeyBytes := key.D.Bytes() - paddedPrivateKey := make([]byte, (key.Curve.Params().N.BitLen()+7)/8) - copy(paddedPrivateKey[len(paddedPrivateKey)-len(privateKeyBytes):], privateKeyBytes) - - return asn1.Marshal(ecPrivateKey{ - Version: 1, - PrivateKey: paddedPrivateKey, - NamedCurveOID: oid, - PublicKey: asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)}, - }) -} - -// parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure. -// The OID for the named curve may be provided from another source (such as -// the PKCS8 container) - if it is provided then use this instead of the OID -// that may exist in the EC private key structure. -func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *ecdsa.PrivateKey, err error) { - var privKey ecPrivateKey - if _, err := asn1.Unmarshal(der, &privKey); err != nil { - if _, err := asn1.Unmarshal(der, &pkcs8{}); err == nil { - return nil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)") - } - if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil { - return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)") - } - return nil, errors.New("x509: failed to parse EC private key: " + err.Error()) - } - if privKey.Version != ecPrivKeyVersion { - return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version) - } - - var curve elliptic.Curve - if namedCurveOID != nil { - curve = namedCurveFromOID(*namedCurveOID) - } else { - curve = namedCurveFromOID(privKey.NamedCurveOID) - } - if curve == nil { - return nil, errors.New("x509: unknown elliptic curve") - } - - k := new(big.Int).SetBytes(privKey.PrivateKey) - curveOrder := curve.Params().N - if k.Cmp(curveOrder) >= 0 { - return nil, errors.New("x509: invalid elliptic curve private key value") - } - priv := new(ecdsa.PrivateKey) - priv.Curve = curve - priv.D = k - - privateKey := make([]byte, (curveOrder.BitLen()+7)/8) - - // Some private keys have leading zero padding. This is invalid - // according to [SEC1], but this code will ignore it. - for len(privKey.PrivateKey) > len(privateKey) { - if privKey.PrivateKey[0] != 0 { - return nil, errors.New("x509: invalid private key length") - } - privKey.PrivateKey = privKey.PrivateKey[1:] - } - - // Some private keys remove all leading zeros, this is also invalid - // according to [SEC1] but since OpenSSL used to do this, we ignore - // this too. - copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey) - priv.X, priv.Y = curve.ScalarBaseMult(privateKey) - - return priv, nil -} diff --git a/tempfork/x509/sec1_test.go b/tempfork/x509/sec1_test.go deleted file mode 100644 index 9ac251896..000000000 --- a/tempfork/x509/sec1_test.go +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "bytes" - "encoding/hex" - "strings" - "testing" -) - -var ecKeyTests = []struct { - derHex string - shouldReserialize bool -}{ - // Generated using: - // openssl ecparam -genkey -name secp384r1 -outform PEM - {"3081a40201010430bdb9839c08ee793d1157886a7a758a3c8b2a17a4df48f17ace57c72c56b4723cf21dcda21d4e1ad57ff034f19fcfd98ea00706052b81040022a16403620004feea808b5ee2429cfcce13c32160e1c960990bd050bb0fdf7222f3decd0a55008e32a6aa3c9062051c4cba92a7a3b178b24567412d43cdd2f882fa5addddd726fe3e208d2c26d733a773a597abb749714df7256ead5105fa6e7b3650de236b50", true}, - // This key was generated by GnuTLS and has illegal zero-padding of the - // private key. See https://golang.org/issues/13699. - {"3078020101042100f9f43a04b9bdc3ab01f53be6df80e7a7bc3eaf7b87fc24e630a4a0aa97633645a00a06082a8648ce3d030107a1440342000441a51bc318461b4c39a45048a16d4fc2a935b1ea7fe86e8c1fa219d6f2438f7c7fd62957d3442efb94b6a23eb0ea66dda663dc42f379cda6630b21b7888a5d3d", false}, - // This was generated using an old version of OpenSSL and is missing a - // leading zero byte in the private key that should be present. - {"3081db0201010441607b4f985774ac21e633999794542e09312073480baa69550914d6d43d8414441e61b36650567901da714f94dffb3ce0e2575c31928a0997d51df5c440e983ca17a00706052b81040023a181890381860004001661557afedd7ac8d6b70e038e576558c626eb62edda36d29c3a1310277c11f67a8c6f949e5430a37dcfb95d902c1b5b5379c389873b9dd17be3bdb088a4774a7401072f830fb9a08d93bfa50a03dd3292ea07928724ddb915d831917a338f6b0aecfbc3cf5352c4a1295d356890c41c34116d29eeb93779aab9d9d78e2613437740f6", false}, -} - -func TestParseECPrivateKey(t *testing.T) { - for i, test := range ecKeyTests { - derBytes, _ := hex.DecodeString(test.derHex) - key, err := ParseECPrivateKey(derBytes) - if err != nil { - t.Fatalf("#%d: failed to decode EC private key: %s", i, err) - } - serialized, err := MarshalECPrivateKey(key) - if err != nil { - t.Fatalf("#%d: failed to encode EC private key: %s", i, err) - } - matches := bytes.Equal(serialized, derBytes) - if matches != test.shouldReserialize { - t.Fatalf("#%d: when serializing key: matches=%t, should match=%t: original %x, reserialized %x", i, matches, test.shouldReserialize, serialized, derBytes) - } - } -} - -const hexECTestPKCS1Key = "3082025c02010002818100b1a1e0945b9289c4d3f1329f8a982c4a2dcd59bfd372fb8085a9c517554607ebd2f7990eef216ac9f4605f71a03b04f42a5255b158cf8e0844191f5119348baa44c35056e20609bcf9510f30ead4b481c81d7865fb27b8e0090e112b717f3ee08cdfc4012da1f1f7cf2a1bc34c73a54a12b06372d09714742dd7895eadde4aa5020301000102818062b7fa1db93e993e40237de4d89b7591cc1ea1d04fed4904c643f17ae4334557b4295270d0491c161cb02a9af557978b32b20b59c267a721c4e6c956c2d147046e9ae5f2da36db0106d70021fa9343455f8f973a4b355a26fd19e6b39dee0405ea2b32deddf0f4817759ef705d02b34faab9ca93c6766e9f722290f119f34449024100d9c29a4a013a90e35fd1be14a3f747c589fac613a695282d61812a711906b8a0876c6181f0333ca1066596f57bff47e7cfcabf19c0fc69d9cd76df743038b3cb024100d0d3546fecf879b5551f2bd2c05e6385f2718a08a6face3d2aecc9d7e03645a480a46c81662c12ad6bd6901e3bd4f38029462de7290859567cdf371c79088d4f024100c254150657e460ea58573fcf01a82a4791e3d6223135c8bdfed69afe84fbe7857274f8eb5165180507455f9b4105c6b08b51fe8a481bb986a202245576b713530240045700003b7a867d0041df9547ae2e7f50248febd21c9040b12dae9c2feab0d3d4609668b208e4727a3541557f84d372ac68eaf74ce1018a4c9a0ef92682c8fd02405769731480bb3a4570abf422527c5f34bf732fa6c1e08cc322753c511ce055fac20fc770025663ad3165324314df907f1f1942f0448a7e9cdbf87ecd98b92156" -const hexECTestPKCS8Key = "30820278020100300d06092a864886f70d0101010500048202623082025e02010002818100cfb1b5bf9685ffa97b4f99df4ff122b70e59ac9b992f3bc2b3dde17d53c1a34928719b02e8fd17839499bfbd515bd6ef99c7a1c47a239718fe36bfd824c0d96060084b5f67f0273443007a24dfaf5634f7772c9346e10eb294c2306671a5a5e719ae24b4de467291bc571014b0e02dec04534d66a9bb171d644b66b091780e8d020301000102818100b595778383c4afdbab95d2bfed12b3f93bb0a73a7ad952f44d7185fd9ec6c34de8f03a48770f2009c8580bcd275e9632714e9a5e3f32f29dc55474b2329ff0ebc08b3ffcb35bc96e6516b483df80a4a59cceb71918cbabf91564e64a39d7e35dce21cb3031824fdbc845dba6458852ec16af5dddf51a8397a8797ae0337b1439024100ea0eb1b914158c70db39031dd8904d6f18f408c85fbbc592d7d20dee7986969efbda081fdf8bc40e1b1336d6b638110c836bfdc3f314560d2e49cd4fbde1e20b024100e32a4e793b574c9c4a94c8803db5152141e72d03de64e54ef2c8ed104988ca780cd11397bc359630d01b97ebd87067c5451ba777cf045ca23f5912f1031308c702406dfcdbbd5a57c9f85abc4edf9e9e29153507b07ce0a7ef6f52e60dcfebe1b8341babd8b789a837485da6c8d55b29bbb142ace3c24a1f5b54b454d01b51e2ad03024100bd6a2b60dee01e1b3bfcef6a2f09ed027c273cdbbaf6ba55a80f6dcc64e4509ee560f84b4f3e076bd03b11e42fe71a3fdd2dffe7e0902c8584f8cad877cdc945024100aa512fa4ada69881f1d8bb8ad6614f192b83200aef5edf4811313d5ef30a86cbd0a90f7b025c71ea06ec6b34db6306c86b1040670fd8654ad7291d066d06d031" - -var ecMismatchKeyTests = []struct { - hexKey string - errorContains string -}{ - {hexKey: hexECTestPKCS8Key, errorContains: "use ParsePKCS8PrivateKey instead"}, - {hexKey: hexECTestPKCS1Key, errorContains: "use ParsePKCS1PrivateKey instead"}, -} - -func TestECMismatchKeyFormat(t *testing.T) { - for i, test := range ecMismatchKeyTests { - derBytes, _ := hex.DecodeString(test.hexKey) - _, err := ParseECPrivateKey(derBytes) - if !strings.Contains(err.Error(), test.errorContains) { - t.Errorf("#%d: expected error containing %q, got %s", i, test.errorContains, err) - } - } -} diff --git a/tempfork/x509/test-file.crt b/tempfork/x509/test-file.crt deleted file mode 100644 index caa83b9f8..000000000 --- a/tempfork/x509/test-file.crt +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFbTCCA1WgAwIBAgIJAN338vEmMtLsMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV -BAYTAlVLMRMwEQYDVQQIDApUZXN0LVN0YXRlMRUwEwYDVQQKDAxHb2xhbmcgVGVz -dHMxEjAQBgNVBAMMCXRlc3QtZmlsZTAeFw0xNzAyMDEyMzUyMDhaFw0yNzAxMzAy -MzUyMDhaME0xCzAJBgNVBAYTAlVLMRMwEQYDVQQIDApUZXN0LVN0YXRlMRUwEwYD -VQQKDAxHb2xhbmcgVGVzdHMxEjAQBgNVBAMMCXRlc3QtZmlsZTCCAiIwDQYJKoZI -hvcNAQEBBQADggIPADCCAgoCggIBAPMGiLjdiffQo3Xc8oUe7wsDhSaAJFOhO6Qs -i0xYrYl7jmCuz9rGD2fdgk5cLqGazKuQ6fIFzHXFU2BKs4CWXt9KO0KFEhfvZeuW -jG5d7C1ZUiuKOrPqjKVu8SZtFPc7y7Ke7msXzY+Z2LLyiJJ93LCMq4+cTSGNXVlI -KqUxhxeoD5/QkUPyQy/ilu3GMYfx/YORhDP6Edcuskfj8wRh1UxBejP8YPMvI6St -cE2GkxoEGqDWnQ/61F18te6WI3MD29tnKXOkXVhnSC+yvRLljotW2/tAhHKBG4tj -iQWT5Ri4Wrw2tXxPKRLsVWc7e1/hdxhnuvYpXkWNhKsm002jzkFXlzfEwPd8nZdw -5aT6gPUBN2AAzdoqZI7E200i0orEF7WaSoMfjU1tbHvExp3vyAPOfJ5PS2MQ6W03 -Zsy5dTVH+OBH++rkRzQCFcnIv/OIhya5XZ9KX9nFPgBEP7Xq2A+IjH7B6VN/S/bv -8lhp2V+SQvlew9GttKC4hKuPsl5o7+CMbcqcNUdxm9gGkN8epGEKCuix97bpNlxN -fHZxHE5+8GMzPXMkCD56y5TNKR6ut7JGHMPtGl5lPCLqzG/HzYyFgxsDfDUu2B0A -GKj0lGpnLfGqwhs2/s3jpY7+pcvVQxEpvVTId5byDxu1ujP4HjO/VTQ2P72rE8Ft -C6J2Av0tAgMBAAGjUDBOMB0GA1UdDgQWBBTLT/RbyfBB/Pa07oBnaM+QSJPO9TAf -BgNVHSMEGDAWgBTLT/RbyfBB/Pa07oBnaM+QSJPO9TAMBgNVHRMEBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4ICAQB3sCntCcQwhMgRPPyvOCMyTcQ/Iv+cpfxz2Ck14nlx -AkEAH2CH0ov5GWTt07/ur3aa5x+SAKi0J3wTD1cdiw4U/6Uin6jWGKKxvoo4IaeK -SbM8w/6eKx6UbmHx7PA/eRABY9tTlpdPCVgw7/o3WDr03QM+IAtatzvaCPPczake -pbdLwmBZB/v8V+6jUajy6jOgdSH0PyffGnt7MWgDETmNC6p/Xigp5eh+C8Fb4NGT -xgHES5PBC+sruWp4u22bJGDKTvYNdZHsnw/CaKQWNsQqwisxa3/8N5v+PCff/pxl -r05pE3PdHn9JrCl4iWdVlgtiI9BoPtQyDfa/OEFaScE8KYR8LxaAgdgp3zYncWls -BpwQ6Y/A2wIkhlD9eEp5Ib2hz7isXOs9UwjdriKqrBXqcIAE5M+YIk3+KAQKxAtd -4YsK3CSJ010uphr12YKqlScj4vuKFjuOtd5RyyMIxUG3lrrhAu2AzCeKCLdVgA8+ -75FrYMApUdvcjp4uzbBoED4XRQlx9kdFHVbYgmE/+yddBYJM8u4YlgAL0hW2/D8p -z9JWIfxVmjJnBnXaKGBuiUyZ864A3PJndP6EMMo7TzS2CDnfCYuJjvI0KvDjFNmc -rQA04+qfMSEz3nmKhbbZu4eYLzlADhfH8tT4GMtXf71WLA5AUHGf2Y4+HIHTsmHG -vQ== ------END CERTIFICATE----- diff --git a/tempfork/x509/testdata/test-dir.crt b/tempfork/x509/testdata/test-dir.crt deleted file mode 100644 index b7fc9c518..000000000 --- a/tempfork/x509/testdata/test-dir.crt +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIJAL8a/lsnspOqMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV -BAYTAlVLMRMwEQYDVQQIDApUZXN0LVN0YXRlMRUwEwYDVQQKDAxHb2xhbmcgVGVz -dHMxETAPBgNVBAMMCHRlc3QtZGlyMB4XDTE3MDIwMTIzNTAyN1oXDTI3MDEzMDIz -NTAyN1owTDELMAkGA1UEBhMCVUsxEzARBgNVBAgMClRlc3QtU3RhdGUxFTATBgNV -BAoMDEdvbGFuZyBUZXN0czERMA8GA1UEAwwIdGVzdC1kaXIwggIiMA0GCSqGSIb3 -DQEBAQUAA4ICDwAwggIKAoICAQDzBoi43Yn30KN13PKFHu8LA4UmgCRToTukLItM -WK2Je45grs/axg9n3YJOXC6hmsyrkOnyBcx1xVNgSrOAll7fSjtChRIX72Xrloxu -XewtWVIrijqz6oylbvEmbRT3O8uynu5rF82Pmdiy8oiSfdywjKuPnE0hjV1ZSCql -MYcXqA+f0JFD8kMv4pbtxjGH8f2DkYQz+hHXLrJH4/MEYdVMQXoz/GDzLyOkrXBN -hpMaBBqg1p0P+tRdfLXuliNzA9vbZylzpF1YZ0gvsr0S5Y6LVtv7QIRygRuLY4kF -k+UYuFq8NrV8TykS7FVnO3tf4XcYZ7r2KV5FjYSrJtNNo85BV5c3xMD3fJ2XcOWk -+oD1ATdgAM3aKmSOxNtNItKKxBe1mkqDH41NbWx7xMad78gDznyeT0tjEOltN2bM -uXU1R/jgR/vq5Ec0AhXJyL/ziIcmuV2fSl/ZxT4ARD+16tgPiIx+welTf0v27/JY -adlfkkL5XsPRrbSguISrj7JeaO/gjG3KnDVHcZvYBpDfHqRhCgrosfe26TZcTXx2 -cRxOfvBjMz1zJAg+esuUzSkerreyRhzD7RpeZTwi6sxvx82MhYMbA3w1LtgdABio -9JRqZy3xqsIbNv7N46WO/qXL1UMRKb1UyHeW8g8btboz+B4zv1U0Nj+9qxPBbQui -dgL9LQIDAQABo1AwTjAdBgNVHQ4EFgQUy0/0W8nwQfz2tO6AZ2jPkEiTzvUwHwYD -VR0jBBgwFoAUy0/0W8nwQfz2tO6AZ2jPkEiTzvUwDAYDVR0TBAUwAwEB/zANBgkq -hkiG9w0BAQsFAAOCAgEAvEVnUYsIOt87rggmLPqEueynkuQ+562M8EDHSQl82zbe -xDCxeg3DvPgKb+RvaUdt1362z/szK10SoeMgx6+EQLoV9LiVqXwNqeYfixrhrdw3 -ppAhYYhymdkbUQCEMHypmXP1vPhAz4o8Bs+eES1M+zO6ErBiD7SqkmBElT+GixJC -6epC9ZQFs+dw3lPlbiZSsGE85sqc3VAs0/JgpL/pb1/Eg4s0FUhZD2C2uWdSyZGc -g0/v3aXJCp4j/9VoNhI1WXz3M45nysZIL5OQgXymLqJElQa1pZ3Wa4i/nidvT4AT -Xlxc/qijM8set/nOqp7hVd5J0uG6qdwLRILUddZ6OpXd7ZNi1EXg+Bpc7ehzGsDt -3UFGzYXDjxYnK2frQfjLS8stOQIqSrGthW6x0fdkVx0y8BByvd5J6+JmZl4UZfzA -m99VxXSt4B9x6BvnY7ktzcFDOjtuLc4B/7yg9fv1eQuStA4cHGGAttsCg1X/Kx8W -PvkkeH0UWDZ9vhH9K36703z89da6MWF+bz92B0+4HoOmlVaXRkvblsNaynJnL0LC -Ayry7QBxuh5cMnDdRwJB3AVJIiJ1GVpb7aGvBOnx+s2lwRv9HWtghb+cbwwktx1M -JHyBf3GZNSWTpKY7cD8V+NnBv3UuioOVVo+XAU4LF/bYUjdRpxWADJizNtZrtFo= ------END CERTIFICATE----- diff --git a/tempfork/x509/verify.go b/tempfork/x509/verify.go deleted file mode 100644 index 23bce95b7..000000000 --- a/tempfork/x509/verify.go +++ /dev/null @@ -1,1112 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "bytes" - "errors" - "fmt" - "net" - "net/url" - "os" - "reflect" - "runtime" - "strings" - "time" - "unicode/utf8" -) - -// ignoreCN disables interpreting Common Name as a hostname. See issue 24151. -var ignoreCN = strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=1") - -type InvalidReason int - -const ( - // NotAuthorizedToSign results when a certificate is signed by another - // which isn't marked as a CA certificate. - NotAuthorizedToSign InvalidReason = iota - // Expired results when a certificate has expired, based on the time - // given in the VerifyOptions. - Expired - // CANotAuthorizedForThisName results when an intermediate or root - // certificate has a name constraint which doesn't permit a DNS or - // other name (including IP address) in the leaf certificate. - CANotAuthorizedForThisName - // TooManyIntermediates results when a path length constraint is - // violated. - TooManyIntermediates - // IncompatibleUsage results when the certificate's key usage indicates - // that it may only be used for a different purpose. - IncompatibleUsage - // NameMismatch results when the subject name of a parent certificate - // does not match the issuer name in the child. - NameMismatch - // NameConstraintsWithoutSANs results when a leaf certificate doesn't - // contain a Subject Alternative Name extension, but a CA certificate - // contains name constraints, and the Common Name can be interpreted as - // a hostname. - // - // You can avoid this error by setting the experimental GODEBUG environment - // variable to "x509ignoreCN=1", disabling Common Name matching entirely. - // This behavior might become the default in the future. - NameConstraintsWithoutSANs - // UnconstrainedName results when a CA certificate contains permitted - // name constraints, but leaf certificate contains a name of an - // unsupported or unconstrained type. - UnconstrainedName - // TooManyConstraints results when the number of comparison operations - // needed to check a certificate exceeds the limit set by - // VerifyOptions.MaxConstraintComparisions. This limit exists to - // prevent pathological certificates can consuming excessive amounts of - // CPU time to verify. - TooManyConstraints - // CANotAuthorizedForExtKeyUsage results when an intermediate or root - // certificate does not permit a requested extended key usage. - CANotAuthorizedForExtKeyUsage -) - -// CertificateInvalidError results when an odd error occurs. Users of this -// library probably want to handle all these errors uniformly. -type CertificateInvalidError struct { - Cert *Certificate - Reason InvalidReason - Detail string -} - -func (e CertificateInvalidError) Error() string { - switch e.Reason { - case NotAuthorizedToSign: - return "x509: certificate is not authorized to sign other certificates" - case Expired: - return "x509: certificate has expired or is not yet valid: " + e.Detail - case CANotAuthorizedForThisName: - return "x509: a root or intermediate certificate is not authorized to sign for this name: " + e.Detail - case CANotAuthorizedForExtKeyUsage: - return "x509: a root or intermediate certificate is not authorized for an extended key usage: " + e.Detail - case TooManyIntermediates: - return "x509: too many intermediates for path length constraint" - case IncompatibleUsage: - return "x509: certificate specifies an incompatible key usage" - case NameMismatch: - return "x509: issuer name does not match subject from issuing certificate" - case NameConstraintsWithoutSANs: - return "x509: issuer has name constraints but leaf doesn't have a SAN extension" - case UnconstrainedName: - return "x509: issuer has name constraints but leaf contains unknown or unconstrained name: " + e.Detail - } - return "x509: unknown error" -} - -// HostnameError results when the set of authorized names doesn't match the -// requested name. -type HostnameError struct { - Certificate *Certificate - Host string -} - -func (h HostnameError) Error() string { - c := h.Certificate - - if !c.hasSANExtension() && !validHostname(c.Subject.CommonName) && - matchHostnames(toLowerCaseASCII(c.Subject.CommonName), toLowerCaseASCII(h.Host)) { - // This would have validated, if it weren't for the validHostname check on Common Name. - return "x509: Common Name is not a valid hostname: " + c.Subject.CommonName - } - - var valid string - if ip := net.ParseIP(h.Host); ip != nil { - // Trying to validate an IP - if len(c.IPAddresses) == 0 { - return "x509: cannot validate certificate for " + h.Host + " because it doesn't contain any IP SANs" - } - for _, san := range c.IPAddresses { - if len(valid) > 0 { - valid += ", " - } - valid += san.String() - } - } else { - if c.commonNameAsHostname() { - valid = c.Subject.CommonName - } else { - valid = strings.Join(c.DNSNames, ", ") - } - } - - if len(valid) == 0 { - return "x509: certificate is not valid for any names, but wanted to match " + h.Host - } - return "x509: certificate is valid for " + valid + ", not " + h.Host -} - -// UnknownAuthorityError results when the certificate issuer is unknown -type UnknownAuthorityError struct { - Cert *Certificate - // hintErr contains an error that may be helpful in determining why an - // authority wasn't found. - hintErr error - // hintCert contains a possible authority certificate that was rejected - // because of the error in hintErr. - hintCert *Certificate -} - -func (e UnknownAuthorityError) Error() string { - s := "x509: certificate signed by unknown authority" - if e.hintErr != nil { - certName := e.hintCert.Subject.CommonName - if len(certName) == 0 { - if len(e.hintCert.Subject.Organization) > 0 { - certName = e.hintCert.Subject.Organization[0] - } else { - certName = "serial:" + e.hintCert.SerialNumber.String() - } - } - s += fmt.Sprintf(" (possibly because of %q while trying to verify candidate authority certificate %q)", e.hintErr, certName) - } - return s -} - -// SystemRootsError results when we fail to load the system root certificates. -type SystemRootsError struct { - Err error -} - -func (se SystemRootsError) Error() string { - msg := "x509: failed to load system roots and no roots provided" - if se.Err != nil { - return msg + "; " + se.Err.Error() - } - return msg -} - -// errNotParsed is returned when a certificate without ASN.1 contents is -// verified. Platform-specific verification needs the ASN.1 contents. -var errNotParsed = errors.New("x509: missing ASN.1 contents; use ParseCertificate") - -// VerifyOptions contains parameters for Certificate.Verify. It's a structure -// because other PKIX verification APIs have ended up needing many options. -type VerifyOptions struct { - DNSName string - Intermediates *CertPool - Roots *CertPool // if nil, the system roots are used - CurrentTime time.Time // if zero, the current time is used - // KeyUsage specifies which Extended Key Usage values are acceptable. A leaf - // certificate is accepted if it contains any of the listed values. An empty - // list means ExtKeyUsageServerAuth. To accept any key usage, include - // ExtKeyUsageAny. - // - // Certificate chains are required to nest these extended key usage values. - // (This matches the Windows CryptoAPI behavior, but not the spec.) - KeyUsages []ExtKeyUsage - // MaxConstraintComparisions is the maximum number of comparisons to - // perform when checking a given certificate's name constraints. If - // zero, a sensible default is used. This limit prevents pathological - // certificates from consuming excessive amounts of CPU time when - // validating. - MaxConstraintComparisions int -} - -const ( - leafCertificate = iota - intermediateCertificate - rootCertificate -) - -// rfc2821Mailbox represents a “mailbox” (which is an email address to most -// people) by breaking it into the “local” (i.e. before the '@') and “domain” -// parts. -type rfc2821Mailbox struct { - local, domain string -} - -// parseRFC2821Mailbox parses an email address into local and domain parts, -// based on the ABNF for a “Mailbox” from RFC 2821. According to RFC 5280, -// Section 4.2.1.6 that's correct for an rfc822Name from a certificate: “The -// format of an rfc822Name is a "Mailbox" as defined in RFC 2821, Section 4.1.2”. -func parseRFC2821Mailbox(in string) (mailbox rfc2821Mailbox, ok bool) { - if len(in) == 0 { - return mailbox, false - } - - localPartBytes := make([]byte, 0, len(in)/2) - - if in[0] == '"' { - // Quoted-string = DQUOTE *qcontent DQUOTE - // non-whitespace-control = %d1-8 / %d11 / %d12 / %d14-31 / %d127 - // qcontent = qtext / quoted-pair - // qtext = non-whitespace-control / - // %d33 / %d35-91 / %d93-126 - // quoted-pair = ("\" text) / obs-qp - // text = %d1-9 / %d11 / %d12 / %d14-127 / obs-text - // - // (Names beginning with “obs-” are the obsolete syntax from RFC 2822, - // Section 4. Since it has been 16 years, we no longer accept that.) - in = in[1:] - QuotedString: - for { - if len(in) == 0 { - return mailbox, false - } - c := in[0] - in = in[1:] - - switch { - case c == '"': - break QuotedString - - case c == '\\': - // quoted-pair - if len(in) == 0 { - return mailbox, false - } - if in[0] == 11 || - in[0] == 12 || - (1 <= in[0] && in[0] <= 9) || - (14 <= in[0] && in[0] <= 127) { - localPartBytes = append(localPartBytes, in[0]) - in = in[1:] - } else { - return mailbox, false - } - - case c == 11 || - c == 12 || - // Space (char 32) is not allowed based on the - // BNF, but RFC 3696 gives an example that - // assumes that it is. Several “verified” - // errata continue to argue about this point. - // We choose to accept it. - c == 32 || - c == 33 || - c == 127 || - (1 <= c && c <= 8) || - (14 <= c && c <= 31) || - (35 <= c && c <= 91) || - (93 <= c && c <= 126): - // qtext - localPartBytes = append(localPartBytes, c) - - default: - return mailbox, false - } - } - } else { - // Atom ("." Atom)* - NextChar: - for len(in) > 0 { - // atext from RFC 2822, Section 3.2.4 - c := in[0] - - switch { - case c == '\\': - // Examples given in RFC 3696 suggest that - // escaped characters can appear outside of a - // quoted string. Several “verified” errata - // continue to argue the point. We choose to - // accept it. - in = in[1:] - if len(in) == 0 { - return mailbox, false - } - fallthrough - - case ('0' <= c && c <= '9') || - ('a' <= c && c <= 'z') || - ('A' <= c && c <= 'Z') || - c == '!' || c == '#' || c == '$' || c == '%' || - c == '&' || c == '\'' || c == '*' || c == '+' || - c == '-' || c == '/' || c == '=' || c == '?' || - c == '^' || c == '_' || c == '`' || c == '{' || - c == '|' || c == '}' || c == '~' || c == '.': - localPartBytes = append(localPartBytes, in[0]) - in = in[1:] - - default: - break NextChar - } - } - - if len(localPartBytes) == 0 { - return mailbox, false - } - - // From RFC 3696, Section 3: - // “period (".") may also appear, but may not be used to start - // or end the local part, nor may two or more consecutive - // periods appear.” - twoDots := []byte{'.', '.'} - if localPartBytes[0] == '.' || - localPartBytes[len(localPartBytes)-1] == '.' || - bytes.Contains(localPartBytes, twoDots) { - return mailbox, false - } - } - - if len(in) == 0 || in[0] != '@' { - return mailbox, false - } - in = in[1:] - - // The RFC species a format for domains, but that's known to be - // violated in practice so we accept that anything after an '@' is the - // domain part. - if _, ok := domainToReverseLabels(in); !ok { - return mailbox, false - } - - mailbox.local = string(localPartBytes) - mailbox.domain = in - return mailbox, true -} - -// domainToReverseLabels converts a textual domain name like foo.example.com to -// the list of labels in reverse order, e.g. ["com", "example", "foo"]. -func domainToReverseLabels(domain string) (reverseLabels []string, ok bool) { - for len(domain) > 0 { - if i := strings.LastIndexByte(domain, '.'); i == -1 { - reverseLabels = append(reverseLabels, domain) - domain = "" - } else { - reverseLabels = append(reverseLabels, domain[i+1:]) - domain = domain[:i] - } - } - - if len(reverseLabels) > 0 && len(reverseLabels[0]) == 0 { - // An empty label at the end indicates an absolute value. - return nil, false - } - - for _, label := range reverseLabels { - if len(label) == 0 { - // Empty labels are otherwise invalid. - return nil, false - } - - for _, c := range label { - if c < 33 || c > 126 { - // Invalid character. - return nil, false - } - } - } - - return reverseLabels, true -} - -func matchEmailConstraint(mailbox rfc2821Mailbox, constraint string) (bool, error) { - // If the constraint contains an @, then it specifies an exact mailbox - // name. - if strings.Contains(constraint, "@") { - constraintMailbox, ok := parseRFC2821Mailbox(constraint) - if !ok { - return false, fmt.Errorf("x509: internal error: cannot parse constraint %q", constraint) - } - return mailbox.local == constraintMailbox.local && strings.EqualFold(mailbox.domain, constraintMailbox.domain), nil - } - - // Otherwise the constraint is like a DNS constraint of the domain part - // of the mailbox. - return matchDomainConstraint(mailbox.domain, constraint) -} - -func matchURIConstraint(uri *url.URL, constraint string) (bool, error) { - // From RFC 5280, Section 4.2.1.10: - // “a uniformResourceIdentifier that does not include an authority - // component with a host name specified as a fully qualified domain - // name (e.g., if the URI either does not include an authority - // component or includes an authority component in which the host name - // is specified as an IP address), then the application MUST reject the - // certificate.” - - host := uri.Host - if len(host) == 0 { - return false, fmt.Errorf("URI with empty host (%q) cannot be matched against constraints", uri.String()) - } - - if strings.Contains(host, ":") && !strings.HasSuffix(host, "]") { - var err error - host, _, err = net.SplitHostPort(uri.Host) - if err != nil { - return false, err - } - } - - if strings.HasPrefix(host, "[") && strings.HasSuffix(host, "]") || - net.ParseIP(host) != nil { - return false, fmt.Errorf("URI with IP (%q) cannot be matched against constraints", uri.String()) - } - - return matchDomainConstraint(host, constraint) -} - -func matchIPConstraint(ip net.IP, constraint *net.IPNet) (bool, error) { - if len(ip) != len(constraint.IP) { - return false, nil - } - - for i := range ip { - if mask := constraint.Mask[i]; ip[i]&mask != constraint.IP[i]&mask { - return false, nil - } - } - - return true, nil -} - -func matchDomainConstraint(domain, constraint string) (bool, error) { - // The meaning of zero length constraints is not specified, but this - // code follows NSS and accepts them as matching everything. - if len(constraint) == 0 { - return true, nil - } - - domainLabels, ok := domainToReverseLabels(domain) - if !ok { - return false, fmt.Errorf("x509: internal error: cannot parse domain %q", domain) - } - - // RFC 5280 says that a leading period in a domain name means that at - // least one label must be prepended, but only for URI and email - // constraints, not DNS constraints. The code also supports that - // behaviour for DNS constraints. - - mustHaveSubdomains := false - if constraint[0] == '.' { - mustHaveSubdomains = true - constraint = constraint[1:] - } - - constraintLabels, ok := domainToReverseLabels(constraint) - if !ok { - return false, fmt.Errorf("x509: internal error: cannot parse domain %q", constraint) - } - - if len(domainLabels) < len(constraintLabels) || - (mustHaveSubdomains && len(domainLabels) == len(constraintLabels)) { - return false, nil - } - - for i, constraintLabel := range constraintLabels { - if !strings.EqualFold(constraintLabel, domainLabels[i]) { - return false, nil - } - } - - return true, nil -} - -// checkNameConstraints checks that c permits a child certificate to claim the -// given name, of type nameType. The argument parsedName contains the parsed -// form of name, suitable for passing to the match function. The total number -// of comparisons is tracked in the given count and should not exceed the given -// limit. -func (c *Certificate) checkNameConstraints(count *int, - maxConstraintComparisons int, - nameType string, - name string, - parsedName interface{}, - match func(parsedName, constraint interface{}) (match bool, err error), - permitted, excluded interface{}) error { - - excludedValue := reflect.ValueOf(excluded) - - *count += excludedValue.Len() - if *count > maxConstraintComparisons { - return CertificateInvalidError{c, TooManyConstraints, ""} - } - - for i := 0; i < excludedValue.Len(); i++ { - constraint := excludedValue.Index(i).Interface() - match, err := match(parsedName, constraint) - if err != nil { - return CertificateInvalidError{c, CANotAuthorizedForThisName, err.Error()} - } - - if match { - return CertificateInvalidError{c, CANotAuthorizedForThisName, fmt.Sprintf("%s %q is excluded by constraint %q", nameType, name, constraint)} - } - } - - permittedValue := reflect.ValueOf(permitted) - - *count += permittedValue.Len() - if *count > maxConstraintComparisons { - return CertificateInvalidError{c, TooManyConstraints, ""} - } - - ok := true - for i := 0; i < permittedValue.Len(); i++ { - constraint := permittedValue.Index(i).Interface() - - var err error - if ok, err = match(parsedName, constraint); err != nil { - return CertificateInvalidError{c, CANotAuthorizedForThisName, err.Error()} - } - - if ok { - break - } - } - - if !ok { - return CertificateInvalidError{c, CANotAuthorizedForThisName, fmt.Sprintf("%s %q is not permitted by any constraint", nameType, name)} - } - - return nil -} - -// isValid performs validity checks on c given that it is a candidate to append -// to the chain in currentChain. -func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *VerifyOptions) error { - if len(c.UnhandledCriticalExtensions) > 0 { - return UnhandledCriticalExtension{} - } - - if len(currentChain) > 0 { - child := currentChain[len(currentChain)-1] - if !bytes.Equal(child.RawIssuer, c.RawSubject) { - return CertificateInvalidError{c, NameMismatch, ""} - } - } - - now := opts.CurrentTime - if now.IsZero() { - now = time.Now() - } - if now.Before(c.NotBefore) { - return CertificateInvalidError{ - Cert: c, - Reason: Expired, - Detail: fmt.Sprintf("current time %s is before %s", now.Format(time.RFC3339), c.NotBefore.Format(time.RFC3339)), - } - } else if now.After(c.NotAfter) { - return CertificateInvalidError{ - Cert: c, - Reason: Expired, - Detail: fmt.Sprintf("current time %s is after %s", now.Format(time.RFC3339), c.NotAfter.Format(time.RFC3339)), - } - } - - maxConstraintComparisons := opts.MaxConstraintComparisions - if maxConstraintComparisons == 0 { - maxConstraintComparisons = 250000 - } - comparisonCount := 0 - - var leaf *Certificate - if certType == intermediateCertificate || certType == rootCertificate { - if len(currentChain) == 0 { - return errors.New("x509: internal error: empty chain when appending CA cert") - } - leaf = currentChain[0] - } - - checkNameConstraints := (certType == intermediateCertificate || certType == rootCertificate) && c.hasNameConstraints() - if checkNameConstraints && leaf.commonNameAsHostname() { - // This is the deprecated, legacy case of depending on the commonName as - // a hostname. We don't enforce name constraints against the CN, but - // VerifyHostname will look for hostnames in there if there are no SANs. - // In order to ensure VerifyHostname will not accept an unchecked name, - // return an error here. - return CertificateInvalidError{c, NameConstraintsWithoutSANs, ""} - } else if checkNameConstraints && leaf.hasSANExtension() { - err := forEachSAN(leaf.getSANExtension(), func(tag int, data []byte) error { - switch tag { - case nameTypeEmail: - name := string(data) - mailbox, ok := parseRFC2821Mailbox(name) - if !ok { - return fmt.Errorf("x509: cannot parse rfc822Name %q", mailbox) - } - - if err := c.checkNameConstraints(&comparisonCount, maxConstraintComparisons, "email address", name, mailbox, - func(parsedName, constraint interface{}) (bool, error) { - return matchEmailConstraint(parsedName.(rfc2821Mailbox), constraint.(string)) - }, c.PermittedEmailAddresses, c.ExcludedEmailAddresses); err != nil { - return err - } - - case nameTypeDNS: - name := string(data) - if _, ok := domainToReverseLabels(name); !ok { - return fmt.Errorf("x509: cannot parse dnsName %q", name) - } - - if err := c.checkNameConstraints(&comparisonCount, maxConstraintComparisons, "DNS name", name, name, - func(parsedName, constraint interface{}) (bool, error) { - return matchDomainConstraint(parsedName.(string), constraint.(string)) - }, c.PermittedDNSDomains, c.ExcludedDNSDomains); err != nil { - return err - } - - case nameTypeURI: - name := string(data) - uri, err := url.Parse(name) - if err != nil { - return fmt.Errorf("x509: internal error: URI SAN %q failed to parse", name) - } - - if err := c.checkNameConstraints(&comparisonCount, maxConstraintComparisons, "URI", name, uri, - func(parsedName, constraint interface{}) (bool, error) { - return matchURIConstraint(parsedName.(*url.URL), constraint.(string)) - }, c.PermittedURIDomains, c.ExcludedURIDomains); err != nil { - return err - } - - case nameTypeIP: - ip := net.IP(data) - if l := len(ip); l != net.IPv4len && l != net.IPv6len { - return fmt.Errorf("x509: internal error: IP SAN %x failed to parse", data) - } - - if err := c.checkNameConstraints(&comparisonCount, maxConstraintComparisons, "IP address", ip.String(), ip, - func(parsedName, constraint interface{}) (bool, error) { - return matchIPConstraint(parsedName.(net.IP), constraint.(*net.IPNet)) - }, c.PermittedIPRanges, c.ExcludedIPRanges); err != nil { - return err - } - - default: - // Unknown SAN types are ignored. - } - - return nil - }) - - if err != nil { - return err - } - } - - // KeyUsage status flags are ignored. From Engineering Security, Peter - // Gutmann: A European government CA marked its signing certificates as - // being valid for encryption only, but no-one noticed. Another - // European CA marked its signature keys as not being valid for - // signatures. A different CA marked its own trusted root certificate - // as being invalid for certificate signing. Another national CA - // distributed a certificate to be used to encrypt data for the - // country’s tax authority that was marked as only being usable for - // digital signatures but not for encryption. Yet another CA reversed - // the order of the bit flags in the keyUsage due to confusion over - // encoding endianness, essentially setting a random keyUsage in - // certificates that it issued. Another CA created a self-invalidating - // certificate by adding a certificate policy statement stipulating - // that the certificate had to be used strictly as specified in the - // keyUsage, and a keyUsage containing a flag indicating that the RSA - // encryption key could only be used for Diffie-Hellman key agreement. - - if certType == intermediateCertificate && (!c.BasicConstraintsValid || !c.IsCA) { - return CertificateInvalidError{c, NotAuthorizedToSign, ""} - } - - if c.BasicConstraintsValid && c.MaxPathLen >= 0 { - numIntermediates := len(currentChain) - 1 - if numIntermediates > c.MaxPathLen { - return CertificateInvalidError{c, TooManyIntermediates, ""} - } - } - - return nil -} - -// Verify attempts to verify c by building one or more chains from c to a -// certificate in opts.Roots, using certificates in opts.Intermediates if -// needed. If successful, it returns one or more chains where the first -// element of the chain is c and the last element is from opts.Roots. -// -// If opts.Roots is nil and system roots are unavailable the returned error -// will be of type SystemRootsError. -// -// Name constraints in the intermediates will be applied to all names claimed -// in the chain, not just opts.DNSName. Thus it is invalid for a leaf to claim -// example.com if an intermediate doesn't permit it, even if example.com is not -// the name being validated. Note that DirectoryName constraints are not -// supported. -// -// Extended Key Usage values are enforced down a chain, so an intermediate or -// root that enumerates EKUs prevents a leaf from asserting an EKU not in that -// list. -// -// WARNING: this function doesn't do any revocation checking. -func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error) { - // Platform-specific verification needs the ASN.1 contents so - // this makes the behavior consistent across platforms. - if len(c.Raw) == 0 { - return nil, errNotParsed - } - for i := 0; i < opts.Intermediates.len(); i++ { - c, err := opts.Intermediates.cert(i) - if err != nil { - return nil, fmt.Errorf("crypto/x509: error fetching cert: %w", err) - } - if len(c.Raw) == 0 { - return nil, errNotParsed - } - } - - // Use Windows's own verification and chain building. - if opts.Roots == nil && runtime.GOOS == "windows" { - return c.systemVerify(&opts) - } - - if opts.Roots == nil { - opts.Roots = systemRootsPool() - if opts.Roots == nil { - return nil, SystemRootsError{systemRootsErr} - } - } - - err = c.isValid(leafCertificate, nil, &opts) - if err != nil { - return - } - - if len(opts.DNSName) > 0 { - err = c.VerifyHostname(opts.DNSName) - if err != nil { - return - } - } - - var candidateChains [][]*Certificate - if inRoots, err := opts.Roots.contains(c); inRoots { - candidateChains = append(candidateChains, []*Certificate{c}) - } else if err != nil { - return nil, err - } else { - if candidateChains, err = c.buildChains(nil, []*Certificate{c}, nil, &opts); err != nil { - return nil, err - } - } - - keyUsages := opts.KeyUsages - if len(keyUsages) == 0 { - keyUsages = []ExtKeyUsage{ExtKeyUsageServerAuth} - } - - // If any key usage is acceptable then we're done. - for _, usage := range keyUsages { - if usage == ExtKeyUsageAny { - return candidateChains, nil - } - } - - for _, candidate := range candidateChains { - if checkChainForKeyUsage(candidate, keyUsages) { - chains = append(chains, candidate) - } - } - - if len(chains) == 0 { - return nil, CertificateInvalidError{c, IncompatibleUsage, ""} - } - - return chains, nil -} - -func appendToFreshChain(chain []*Certificate, cert *Certificate) []*Certificate { - n := make([]*Certificate, len(chain)+1) - copy(n, chain) - n[len(chain)] = cert - return n -} - -// maxChainSignatureChecks is the maximum number of CheckSignatureFrom calls -// that an invocation of buildChains will (tranistively) make. Most chains are -// less than 15 certificates long, so this leaves space for multiple chains and -// for failed checks due to different intermediates having the same Subject. -const maxChainSignatureChecks = 100 - -func (c *Certificate) buildChains(cache map[*Certificate][][]*Certificate, currentChain []*Certificate, sigChecks *int, opts *VerifyOptions) (chains [][]*Certificate, err error) { - var ( - hintErr error - hintCert *Certificate - ) - - considerCandidate := func(certType int, candidate *Certificate) { - for _, cert := range currentChain { - if cert.Equal(candidate) { - return - } - } - - if sigChecks == nil { - sigChecks = new(int) - } - *sigChecks++ - if *sigChecks > maxChainSignatureChecks { - err = errors.New("x509: signature check attempts limit reached while verifying certificate chain") - return - } - - if err := c.CheckSignatureFrom(candidate); err != nil { - if hintErr == nil { - hintErr = err - hintCert = candidate - } - return - } - - err = candidate.isValid(certType, currentChain, opts) - if err != nil { - return - } - - switch certType { - case rootCertificate: - chains = append(chains, appendToFreshChain(currentChain, candidate)) - case intermediateCertificate: - if cache == nil { - cache = make(map[*Certificate][][]*Certificate) - } - childChains, ok := cache[candidate] - if !ok { - childChains, err = candidate.buildChains(cache, appendToFreshChain(currentChain, candidate), sigChecks, opts) - cache[candidate] = childChains - } - chains = append(chains, childChains...) - } - } - - for _, rootNum := range opts.Roots.findPotentialParents(c) { - c, err := opts.Roots.cert(rootNum) - if err != nil { - return nil, fmt.Errorf("crypto/x509: error fetching cert: %w", err) - } - considerCandidate(rootCertificate, c) - } - for _, intermediateNum := range opts.Intermediates.findPotentialParents(c) { - c, err := opts.Intermediates.cert(intermediateNum) - if err != nil { - return nil, fmt.Errorf("crypto/x509: error fetching cert: %w", err) - } - considerCandidate(intermediateCertificate, c) - } - - if len(chains) > 0 { - err = nil - } - if len(chains) == 0 && err == nil { - err = UnknownAuthorityError{c, hintErr, hintCert} - } - - return -} - -// validHostname reports whether host is a valid hostname that can be matched or -// matched against according to RFC 6125 2.2, with some leniency to accommodate -// legacy values. -func validHostname(host string) bool { - host = strings.TrimSuffix(host, ".") - - if len(host) == 0 { - return false - } - - for i, part := range strings.Split(host, ".") { - if part == "" { - // Empty label. - return false - } - if i == 0 && part == "*" { - // Only allow full left-most wildcards, as those are the only ones - // we match, and matching literal '*' characters is probably never - // the expected behavior. - continue - } - for j, c := range part { - if 'a' <= c && c <= 'z' { - continue - } - if '0' <= c && c <= '9' { - continue - } - if 'A' <= c && c <= 'Z' { - continue - } - if c == '-' && j != 0 { - continue - } - if c == '_' || c == ':' { - // Not valid characters in hostnames, but commonly - // found in deployments outside the WebPKI. - continue - } - return false - } - } - - return true -} - -// commonNameAsHostname reports whether the Common Name field should be -// considered the hostname that the certificate is valid for. This is a legacy -// behavior, disabled if the Subject Alt Name extension is present. -// -// It applies the strict validHostname check to the Common Name field, so that -// certificates without SANs can still be validated against CAs with name -// constraints if there is no risk the CN would be matched as a hostname. -// See NameConstraintsWithoutSANs and issue 24151. -func (c *Certificate) commonNameAsHostname() bool { - return !ignoreCN && !c.hasSANExtension() && validHostname(c.Subject.CommonName) -} - -func matchHostnames(pattern, host string) bool { - host = strings.TrimSuffix(host, ".") - pattern = strings.TrimSuffix(pattern, ".") - - if len(pattern) == 0 || len(host) == 0 { - return false - } - - patternParts := strings.Split(pattern, ".") - hostParts := strings.Split(host, ".") - - if len(patternParts) != len(hostParts) { - return false - } - - for i, patternPart := range patternParts { - if i == 0 && patternPart == "*" { - continue - } - if patternPart != hostParts[i] { - return false - } - } - - return true -} - -// toLowerCaseASCII returns a lower-case version of in. See RFC 6125 6.4.1. We use -// an explicitly ASCII function to avoid any sharp corners resulting from -// performing Unicode operations on DNS labels. -func toLowerCaseASCII(in string) string { - // If the string is already lower-case then there's nothing to do. - isAlreadyLowerCase := true - for _, c := range in { - if c == utf8.RuneError { - // If we get a UTF-8 error then there might be - // upper-case ASCII bytes in the invalid sequence. - isAlreadyLowerCase = false - break - } - if 'A' <= c && c <= 'Z' { - isAlreadyLowerCase = false - break - } - } - - if isAlreadyLowerCase { - return in - } - - out := []byte(in) - for i, c := range out { - if 'A' <= c && c <= 'Z' { - out[i] += 'a' - 'A' - } - } - return string(out) -} - -// VerifyHostname returns nil if c is a valid certificate for the named host. -// Otherwise it returns an error describing the mismatch. -func (c *Certificate) VerifyHostname(h string) error { - // IP addresses may be written in [ ]. - candidateIP := h - if len(h) >= 3 && h[0] == '[' && h[len(h)-1] == ']' { - candidateIP = h[1 : len(h)-1] - } - if ip := net.ParseIP(candidateIP); ip != nil { - // We only match IP addresses against IP SANs. - // See RFC 6125, Appendix B.2. - for _, candidate := range c.IPAddresses { - if ip.Equal(candidate) { - return nil - } - } - return HostnameError{c, candidateIP} - } - - lowered := toLowerCaseASCII(h) - - if c.commonNameAsHostname() { - if matchHostnames(toLowerCaseASCII(c.Subject.CommonName), lowered) { - return nil - } - } else { - for _, match := range c.DNSNames { - if matchHostnames(toLowerCaseASCII(match), lowered) { - return nil - } - } - } - - return HostnameError{c, h} -} - -func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool { - usages := make([]ExtKeyUsage, len(keyUsages)) - copy(usages, keyUsages) - - if len(chain) == 0 { - return false - } - - usagesRemaining := len(usages) - - // We walk down the list and cross out any usages that aren't supported - // by each certificate. If we cross out all the usages, then the chain - // is unacceptable. - -NextCert: - for i := len(chain) - 1; i >= 0; i-- { - cert := chain[i] - if len(cert.ExtKeyUsage) == 0 && len(cert.UnknownExtKeyUsage) == 0 { - // The certificate doesn't have any extended key usage specified. - continue - } - - for _, usage := range cert.ExtKeyUsage { - if usage == ExtKeyUsageAny { - // The certificate is explicitly good for any usage. - continue NextCert - } - } - - const invalidUsage ExtKeyUsage = -1 - - NextRequestedUsage: - for i, requestedUsage := range usages { - if requestedUsage == invalidUsage { - continue - } - - for _, usage := range cert.ExtKeyUsage { - if requestedUsage == usage { - continue NextRequestedUsage - } else if requestedUsage == ExtKeyUsageServerAuth && - (usage == ExtKeyUsageNetscapeServerGatedCrypto || - usage == ExtKeyUsageMicrosoftServerGatedCrypto) { - // In order to support COMODO - // certificate chains, we have to - // accept Netscape or Microsoft SGC - // usages as equal to ServerAuth. - continue NextRequestedUsage - } - } - - usages[i] = invalidUsage - usagesRemaining-- - if usagesRemaining == 0 { - return false - } - } - } - - return true -} diff --git a/tempfork/x509/verify_test.go b/tempfork/x509/verify_test.go deleted file mode 100644 index 86fe76a57..000000000 --- a/tempfork/x509/verify_test.go +++ /dev/null @@ -1,2126 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "crypto" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "crypto/x509/pkix" - "encoding/pem" - "errors" - "fmt" - "math/big" - "runtime" - "strings" - "testing" - "time" -) - -type verifyTest struct { - leaf string - intermediates []string - roots []string - currentTime int64 - dnsName string - systemSkip bool - keyUsages []ExtKeyUsage - testSystemRootsError bool - sha2 bool - ignoreCN bool - - errorCallback func(*testing.T, int, error) bool - expectedChains [][]string -} - -var verifyTests = []verifyTest{ - { - leaf: googleLeaf, - intermediates: []string{giag2Intermediate}, - currentTime: 1395785200, - dnsName: "www.google.com", - testSystemRootsError: true, - - // Without any roots specified we should get a system roots - // error. - errorCallback: expectSystemRootsError, - }, - { - leaf: googleLeaf, - intermediates: []string{giag2Intermediate}, - roots: []string{geoTrustRoot}, - currentTime: 1395785200, - dnsName: "www.google.com", - - expectedChains: [][]string{ - {"Google", "Google Internet Authority", "GeoTrust"}, - }, - }, - { - leaf: googleLeaf, - intermediates: []string{giag2Intermediate}, - roots: []string{geoTrustRoot}, - currentTime: 1395785200, - dnsName: "WwW.GooGLE.coM", - - expectedChains: [][]string{ - {"Google", "Google Internet Authority", "GeoTrust"}, - }, - }, - { - leaf: googleLeaf, - intermediates: []string{giag2Intermediate}, - roots: []string{geoTrustRoot}, - currentTime: 1395785200, - dnsName: "www.example.com", - - errorCallback: expectHostnameError("certificate is valid for"), - }, - { - leaf: googleLeaf, - intermediates: []string{giag2Intermediate}, - roots: []string{geoTrustRoot}, - currentTime: 1395785200, - dnsName: "1.2.3.4", - - errorCallback: expectHostnameError("doesn't contain any IP SANs"), - }, - { - leaf: googleLeaf, - intermediates: []string{giag2Intermediate}, - roots: []string{geoTrustRoot}, - currentTime: 1, - dnsName: "www.example.com", - - errorCallback: expectExpired, - }, - { - leaf: googleLeaf, - roots: []string{geoTrustRoot}, - currentTime: 1395785200, - dnsName: "www.google.com", - - // Skip when using systemVerify, since Windows - // *will* find the missing intermediate cert. - systemSkip: true, - errorCallback: expectAuthorityUnknown, - }, - { - leaf: googleLeaf, - intermediates: []string{geoTrustRoot, giag2Intermediate}, - roots: []string{geoTrustRoot}, - currentTime: 1395785200, - dnsName: "www.google.com", - - expectedChains: [][]string{ - {"Google", "Google Internet Authority", "GeoTrust"}, - }, - // CAPI doesn't build the chain with the duplicated GeoTrust - // entry so the results don't match. Thus we skip this test - // until that's fixed. - systemSkip: true, - }, - { - leaf: dnssecExpLeaf, - intermediates: []string{startComIntermediate}, - roots: []string{startComRoot}, - currentTime: 1302726541, - - expectedChains: [][]string{ - {"dnssec-exp", "StartCom Class 1", "StartCom Certification Authority"}, - }, - }, - { - leaf: dnssecExpLeaf, - intermediates: []string{startComIntermediate, startComRoot}, - roots: []string{startComRoot}, - currentTime: 1302726541, - - expectedChains: [][]string{ - {"dnssec-exp", "StartCom Class 1", "StartCom Certification Authority"}, - }, - }, - { - leaf: googleLeafWithInvalidHash, - intermediates: []string{giag2Intermediate}, - roots: []string{geoTrustRoot}, - currentTime: 1395785200, - dnsName: "www.google.com", - - // The specific error message may not occur when using system - // verification. - systemSkip: true, - errorCallback: expectHashError, - }, - { - // The default configuration should reject an S/MIME chain. - leaf: smimeLeaf, - roots: []string{smimeIntermediate}, - currentTime: 1339436154, - - // Key usage not implemented for Windows yet. - systemSkip: true, - errorCallback: expectUsageError, - }, - { - leaf: smimeLeaf, - roots: []string{smimeIntermediate}, - currentTime: 1339436154, - keyUsages: []ExtKeyUsage{ExtKeyUsageServerAuth}, - - // Key usage not implemented for Windows yet. - systemSkip: true, - errorCallback: expectUsageError, - }, - { - leaf: smimeLeaf, - roots: []string{smimeIntermediate}, - currentTime: 1339436154, - keyUsages: []ExtKeyUsage{ExtKeyUsageEmailProtection}, - - // Key usage not implemented for Windows yet. - systemSkip: true, - expectedChains: [][]string{ - {"Ryan Hurst", "GlobalSign PersonalSign 2 CA - G2"}, - }, - }, - { - leaf: megaLeaf, - intermediates: []string{comodoIntermediate1}, - roots: []string{comodoRoot}, - currentTime: 1360431182, - - // CryptoAPI can find alternative validation paths so we don't - // perform this test with system validation. - systemSkip: true, - expectedChains: [][]string{ - {"mega.co.nz", "EssentialSSL CA", "COMODO Certification Authority"}, - }, - }, - { - // Check that a name constrained intermediate works even when - // it lists multiple constraints. - leaf: nameConstraintsLeaf, - intermediates: []string{nameConstraintsIntermediate1, nameConstraintsIntermediate2}, - roots: []string{globalSignRoot}, - currentTime: 1382387896, - dnsName: "secure.iddl.vt.edu", - - expectedChains: [][]string{ - { - "Technology-enhanced Learning and Online Strategies", - "Virginia Tech Global Qualified Server CA", - "Trusted Root CA G2", - "GlobalSign Root CA", - }, - }, - }, - { - // Check that SHA-384 intermediates (which are popping up) - // work. - leaf: moipLeafCert, - intermediates: []string{comodoIntermediateSHA384, comodoRSAAuthority}, - roots: []string{addTrustRoot}, - currentTime: 1397502195, - dnsName: "api.moip.com.br", - - // CryptoAPI can find alternative validation paths so we don't - // perform this test with system validation. - systemSkip: true, - - sha2: true, - expectedChains: [][]string{ - { - "api.moip.com.br", - "COMODO RSA Extended Validation Secure Server CA", - "COMODO RSA Certification Authority", - "AddTrust External CA Root", - }, - }, - }, - { - // Putting a certificate as a root directly should work as a - // way of saying “exactly this”. - leaf: selfSigned, - roots: []string{selfSigned}, - currentTime: 1471624472, - dnsName: "foo.example", - systemSkip: true, - - expectedChains: [][]string{ - {"Acme Co"}, - }, - }, - { - // Putting a certificate as a root directly should not skip - // other checks however. - leaf: selfSigned, - roots: []string{selfSigned}, - currentTime: 1471624472, - dnsName: "notfoo.example", - systemSkip: true, - - errorCallback: expectHostnameError("certificate is valid for"), - }, - { - // The issuer name in the leaf doesn't exactly match the - // subject name in the root. Go does not perform - // canonicalization and so should reject this. See issue 14955. - leaf: issuerSubjectMatchLeaf, - roots: []string{issuerSubjectMatchRoot}, - currentTime: 1475787715, - systemSkip: true, - - errorCallback: expectSubjectIssuerMismatcthError, - }, - { - // An X.509 v1 certificate should not be accepted as an - // intermediate. - leaf: x509v1TestLeaf, - intermediates: []string{x509v1TestIntermediate}, - roots: []string{x509v1TestRoot}, - currentTime: 1481753183, - systemSkip: true, - - errorCallback: expectNotAuthorizedError, - }, - { - // If any SAN extension is present (even one without any DNS - // names), the CN should be ignored. - leaf: ignoreCNWithSANLeaf, - dnsName: "foo.example.com", - roots: []string{ignoreCNWithSANRoot}, - currentTime: 1486684488, - systemSkip: true, - - errorCallback: expectHostnameError("certificate is not valid for any names"), - }, - { - // Test that excluded names are respected. - leaf: excludedNamesLeaf, - dnsName: "bender.local", - intermediates: []string{excludedNamesIntermediate}, - roots: []string{excludedNamesRoot}, - currentTime: 1486684488, - systemSkip: true, - - errorCallback: expectNameConstraintsError, - }, - { - // Test that unknown critical extensions in a leaf cause a - // verify error. - leaf: criticalExtLeafWithExt, - dnsName: "example.com", - intermediates: []string{criticalExtIntermediate}, - roots: []string{criticalExtRoot}, - currentTime: 1486684488, - systemSkip: true, - - errorCallback: expectUnhandledCriticalExtension, - }, - { - // Test that unknown critical extensions in an intermediate - // cause a verify error. - leaf: criticalExtLeaf, - dnsName: "example.com", - intermediates: []string{criticalExtIntermediateWithExt}, - roots: []string{criticalExtRoot}, - currentTime: 1486684488, - systemSkip: true, - - errorCallback: expectUnhandledCriticalExtension, - }, - { - // Test that invalid CN are ignored. - leaf: invalidCNWithoutSAN, - dnsName: "foo,invalid", - roots: []string{invalidCNRoot}, - currentTime: 1540000000, - systemSkip: true, - - errorCallback: expectHostnameError("Common Name is not a valid hostname"), - }, - { - // Test that valid CN are respected. - leaf: validCNWithoutSAN, - dnsName: "foo.example.com", - roots: []string{invalidCNRoot}, - currentTime: 1540000000, - systemSkip: true, - - expectedChains: [][]string{ - {"foo.example.com", "Test root"}, - }, - }, - // Replicate CN tests with ignoreCN = true - { - leaf: ignoreCNWithSANLeaf, - dnsName: "foo.example.com", - roots: []string{ignoreCNWithSANRoot}, - currentTime: 1486684488, - systemSkip: true, - ignoreCN: true, - - errorCallback: expectHostnameError("certificate is not valid for any names"), - }, - { - leaf: invalidCNWithoutSAN, - dnsName: "foo,invalid", - roots: []string{invalidCNRoot}, - currentTime: 1540000000, - systemSkip: true, - ignoreCN: true, - - errorCallback: expectHostnameError("Common Name is not a valid hostname"), - }, - { - leaf: validCNWithoutSAN, - dnsName: "foo.example.com", - roots: []string{invalidCNRoot}, - currentTime: 1540000000, - systemSkip: true, - ignoreCN: true, - - errorCallback: expectHostnameError("not valid for any names"), - }, - { - // A certificate with an AKID should still chain to a parent without SKID. - // See Issue 30079. - leaf: leafWithAKID, - roots: []string{rootWithoutSKID}, - currentTime: 1550000000, - dnsName: "example", - systemSkip: true, - - expectedChains: [][]string{ - {"Acme LLC", "Acme Co"}, - }, - }, -} - -func expectHostnameError(msg string) func(*testing.T, int, error) bool { - return func(t *testing.T, i int, err error) (ok bool) { - if _, ok := err.(HostnameError); !ok { - t.Errorf("#%d: error was not a HostnameError: %v", i, err) - return false - } - if !strings.Contains(err.Error(), msg) { - t.Errorf("#%d: HostnameError did not contain %q: %v", i, msg, err) - } - return true - } -} - -func expectExpired(t *testing.T, i int, err error) (ok bool) { - if inval, ok := err.(CertificateInvalidError); !ok || inval.Reason != Expired { - t.Errorf("#%d: error was not Expired: %v", i, err) - return false - } - return true -} - -func expectUsageError(t *testing.T, i int, err error) (ok bool) { - if inval, ok := err.(CertificateInvalidError); !ok || inval.Reason != IncompatibleUsage { - t.Errorf("#%d: error was not IncompatibleUsage: %v", i, err) - return false - } - return true -} - -func expectAuthorityUnknown(t *testing.T, i int, err error) (ok bool) { - e, ok := err.(UnknownAuthorityError) - if !ok { - t.Errorf("#%d: error was not UnknownAuthorityError: %v", i, err) - return false - } - if e.Cert == nil { - t.Errorf("#%d: error was UnknownAuthorityError, but missing Cert: %v", i, err) - return false - } - return true -} - -func expectSystemRootsError(t *testing.T, i int, err error) bool { - if _, ok := err.(SystemRootsError); !ok { - t.Errorf("#%d: error was not SystemRootsError: %v", i, err) - return false - } - return true -} - -func expectHashError(t *testing.T, i int, err error) bool { - if err == nil { - t.Errorf("#%d: no error resulted from invalid hash", i) - return false - } - if expected := "algorithm unimplemented"; !strings.Contains(err.Error(), expected) { - t.Errorf("#%d: error resulting from invalid hash didn't contain '%s', rather it was: %v", i, expected, err) - return false - } - return true -} - -func expectSubjectIssuerMismatcthError(t *testing.T, i int, err error) (ok bool) { - if inval, ok := err.(CertificateInvalidError); !ok || inval.Reason != NameMismatch { - t.Errorf("#%d: error was not a NameMismatch: %v", i, err) - return false - } - return true -} - -func expectNameConstraintsError(t *testing.T, i int, err error) (ok bool) { - if inval, ok := err.(CertificateInvalidError); !ok || inval.Reason != CANotAuthorizedForThisName { - t.Errorf("#%d: error was not a CANotAuthorizedForThisName: %v", i, err) - return false - } - return true -} - -func expectNotAuthorizedError(t *testing.T, i int, err error) (ok bool) { - if inval, ok := err.(CertificateInvalidError); !ok || inval.Reason != NotAuthorizedToSign { - t.Errorf("#%d: error was not a NotAuthorizedToSign: %v", i, err) - return false - } - return true -} - -func expectUnhandledCriticalExtension(t *testing.T, i int, err error) (ok bool) { - if _, ok := err.(UnhandledCriticalExtension); !ok { - t.Errorf("#%d: error was not an UnhandledCriticalExtension: %v", i, err) - return false - } - return true -} - -func certificateFromPEM(pemBytes string) (*Certificate, error) { - block, _ := pem.Decode([]byte(pemBytes)) - if block == nil { - return nil, errors.New("failed to decode PEM") - } - return ParseCertificate(block.Bytes) -} - -func testVerify(t *testing.T, useSystemRoots bool) { - defer func(savedIgnoreCN bool) { - ignoreCN = savedIgnoreCN - }(ignoreCN) - for i, test := range verifyTests { - if useSystemRoots && test.systemSkip { - continue - } - if runtime.GOOS == "windows" && test.testSystemRootsError { - continue - } - - ignoreCN = test.ignoreCN - opts := VerifyOptions{ - Intermediates: NewCertPool(), - DNSName: test.dnsName, - CurrentTime: time.Unix(test.currentTime, 0), - KeyUsages: test.keyUsages, - } - - if !useSystemRoots { - opts.Roots = NewCertPool() - for j, root := range test.roots { - ok := opts.Roots.AppendCertsFromPEM([]byte(root)) - if !ok { - t.Errorf("#%d: failed to parse root #%d", i, j) - return - } - } - } - - for j, intermediate := range test.intermediates { - ok := opts.Intermediates.AppendCertsFromPEM([]byte(intermediate)) - if !ok { - t.Errorf("#%d: failed to parse intermediate #%d", i, j) - return - } - } - - leaf, err := certificateFromPEM(test.leaf) - if err != nil { - t.Errorf("#%d: failed to parse leaf: %v", i, err) - return - } - - var oldSystemRoots *CertPool - if test.testSystemRootsError { - oldSystemRoots = systemRootsPool() - systemRoots = nil - opts.Roots = nil - } - - chains, err := leaf.Verify(opts) - - if test.testSystemRootsError { - systemRoots = oldSystemRoots - } - - if test.errorCallback == nil && err != nil { - t.Errorf("#%d: unexpected error: %v", i, err) - } - if test.errorCallback != nil { - if !test.errorCallback(t, i, err) { - return - } - } - - if len(chains) != len(test.expectedChains) { - t.Errorf("#%d: wanted %d chains, got %d", i, len(test.expectedChains), len(chains)) - } - - // We check that each returned chain matches a chain from - // expectedChains but an entry in expectedChains can't match - // two chains. - seenChains := make([]bool, len(chains)) - NextOutputChain: - for _, chain := range chains { - TryNextExpected: - for j, expectedChain := range test.expectedChains { - if seenChains[j] { - continue - } - if len(chain) != len(expectedChain) { - continue - } - for k, cert := range chain { - if !strings.Contains(nameToKey(&cert.Subject), expectedChain[k]) { - continue TryNextExpected - } - } - // we matched - seenChains[j] = true - continue NextOutputChain - } - t.Errorf("#%d: No expected chain matched %s", i, chainToDebugString(chain)) - } - } -} - -func TestGoVerify(t *testing.T) { - testVerify(t, false) -} - -func TestSystemVerify(t *testing.T) { - if runtime.GOOS != "windows" { - t.Skipf("skipping verify test using system APIs on %q", runtime.GOOS) - } - - testVerify(t, true) -} - -func chainToDebugString(chain []*Certificate) string { - var chainStr string - for _, cert := range chain { - if len(chainStr) > 0 { - chainStr += " -> " - } - chainStr += nameToKey(&cert.Subject) - } - return chainStr -} - -func nameToKey(name *pkix.Name) string { - return strings.Join(name.Country, ",") + "/" + strings.Join(name.Organization, ",") + "/" + strings.Join(name.OrganizationalUnit, ",") + "/" + name.CommonName -} - -const geoTrustRoot = `-----BEGIN CERTIFICATE----- -MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT -MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i -YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG -EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg -R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 -9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq -fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv -iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU -1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ -bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW -MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA -ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l -uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn -Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS -tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF -PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un -hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV -5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== ------END CERTIFICATE----- -` - -const giag2Intermediate = `-----BEGIN CERTIFICATE----- -MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT -MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i -YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG -EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy -bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP -VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv -h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE -ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ -EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC -DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7 -qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD -VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g -K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI -KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n -ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB -BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY -/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/ -zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza -HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto -WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6 -yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx ------END CERTIFICATE----- -` - -const googleLeaf = `-----BEGIN CERTIFICATE----- -MIIEdjCCA16gAwIBAgIIcR5k4dkoe04wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE -BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl -cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwMzEyMDkzODMwWhcNMTQwNjEwMDAwMDAw -WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN -TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3 -Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4zYCe -m0oUBhwE0EwBr65eBOcgcQO2PaSIAB2dEP/c1EMX2tOy0ov8rk83ePhJ+MWdT1z6 -jge9X4zQQI8ZyA9qIiwrKBZOi8DNUvrqNZC7fJAVRrb9aX/99uYOJCypIbpmWG1q -fhbHjJewhwf8xYPj71eU4rLG80a+DapWmphtfq3h52lDQIBzLVf1yYbyrTaELaz4 -NXF7HXb5YkId/gxIsSzM0aFUVu2o8sJcLYAsJqwfFKBKOMxUcn545nlspf0mTcWZ -0APlbwsKznNs4/xCDwIxxWjjqgHrYAFl6y07i1gzbAOqdNEyR24p+3JWI8WZBlBI -dk2KGj0W1fIfsvyxAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI -KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE -XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0 -MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G -A1UdDgQWBBTXD5Bx6iqT+dmEhbFL4OUoHyZn8zAMBgNVHRMBAf8EAjAAMB8GA1Ud -IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW -eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB -RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCR3RJtHzgDh33b/MI1ugiki+nl8Ikj -5larbJRE/rcA5oite+QJyAr6SU1gJJ/rRrK3ItVEHr9L621BCM7GSdoNMjB9MMcf -tJAW0kYGJ+wqKm53wG/JaOADTnnq2Mt/j6F2uvjgN/ouns1nRHufIvd370N0LeH+ -orKqTuAPzXK7imQk6+OycYABbqCtC/9qmwRd8wwn7sF97DtYfK8WuNHtFalCAwyi -8LxJJYJCLWoMhZ+V8GZm+FOex5qkQAjnZrtNlbQJ8ro4r+rpKXtmMFFhfa+7L+PA -Kom08eUK8skxAzfDDijZPh10VtJ66uBoiDPdT+uCBehcBIcmSTrKjFGX ------END CERTIFICATE----- -` - -// googleLeafWithInvalidHash is the same as googleLeaf, but the signature -// algorithm in the certificate contains a nonsense OID. -const googleLeafWithInvalidHash = `-----BEGIN CERTIFICATE----- -MIIEdjCCA16gAwIBAgIIcR5k4dkoe04wDQYJKoZIhvcNAWAFBQAwSTELMAkGA1UE -BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl -cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwMzEyMDkzODMwWhcNMTQwNjEwMDAwMDAw -WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN -TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3 -Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4zYCe -m0oUBhwE0EwBr65eBOcgcQO2PaSIAB2dEP/c1EMX2tOy0ov8rk83ePhJ+MWdT1z6 -jge9X4zQQI8ZyA9qIiwrKBZOi8DNUvrqNZC7fJAVRrb9aX/99uYOJCypIbpmWG1q -fhbHjJewhwf8xYPj71eU4rLG80a+DapWmphtfq3h52lDQIBzLVf1yYbyrTaELaz4 -NXF7HXb5YkId/gxIsSzM0aFUVu2o8sJcLYAsJqwfFKBKOMxUcn545nlspf0mTcWZ -0APlbwsKznNs4/xCDwIxxWjjqgHrYAFl6y07i1gzbAOqdNEyR24p+3JWI8WZBlBI -dk2KGj0W1fIfsvyxAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI -KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE -XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0 -MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G -A1UdDgQWBBTXD5Bx6iqT+dmEhbFL4OUoHyZn8zAMBgNVHRMBAf8EAjAAMB8GA1Ud -IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW -eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB -RzIuY3JsMA0GCSqGSIb3DQFgBQUAA4IBAQCR3RJtHzgDh33b/MI1ugiki+nl8Ikj -5larbJRE/rcA5oite+QJyAr6SU1gJJ/rRrK3ItVEHr9L621BCM7GSdoNMjB9MMcf -tJAW0kYGJ+wqKm53wG/JaOADTnnq2Mt/j6F2uvjgN/ouns1nRHufIvd370N0LeH+ -orKqTuAPzXK7imQk6+OycYABbqCtC/9qmwRd8wwn7sF97DtYfK8WuNHtFalCAwyi -8LxJJYJCLWoMhZ+V8GZm+FOex5qkQAjnZrtNlbQJ8ro4r+rpKXtmMFFhfa+7L+PA -Kom08eUK8skxAzfDDijZPh10VtJ66uBoiDPdT+uCBehcBIcmSTrKjFGX ------END CERTIFICATE----- -` - -const dnssecExpLeaf = `-----BEGIN CERTIFICATE----- -MIIGzTCCBbWgAwIBAgIDAdD6MA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ -TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0 -YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg -MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTAwNzA0MTQ1MjQ1 -WhcNMTEwNzA1MTA1NzA0WjCBwTEgMB4GA1UEDRMXMjIxMTM3LWxpOWE5dHhJRzZM -NnNyVFMxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVQZXJzb25hIE5vdCBWYWxpZGF0 -ZWQxKTAnBgNVBAsTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMRsw -GQYDVQQDExJ3d3cuZG5zc2VjLWV4cC5vcmcxKDAmBgkqhkiG9w0BCQEWGWhvc3Rt -YXN0ZXJAZG5zc2VjLWV4cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDEdF/22vaxrPbqpgVYMWi+alfpzBctpbfLBdPGuqOazJdCT0NbWcK8/+B4 -X6OlSOURNIlwLzhkmwVsWdVv6dVSaN7d4yI/fJkvgfDB9+au+iBJb6Pcz8ULBfe6 -D8HVvqKdORp6INzHz71z0sghxrQ0EAEkoWAZLh+kcn2ZHdcmZaBNUfjmGbyU6PRt -RjdqoP+owIaC1aktBN7zl4uO7cRjlYFdusINrh2kPP02KAx2W84xjxX1uyj6oS6e -7eBfvcwe8czW/N1rbE0CoR7h9+HnIrjnVG9RhBiZEiw3mUmF++Up26+4KTdRKbu3 -+BL4yMpfd66z0+zzqu+HkvyLpFn5AgMBAAGjggL/MIIC+zAJBgNVHRMEAjAAMAsG -A1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUy04I5guM -drzfh2JQaXhgV86+4jUwHwYDVR0jBBgwFoAU60I00Jiwq5/0G2sI98xkLu8OLEUw -LQYDVR0RBCYwJIISd3d3LmRuc3NlYy1leHAub3Jngg5kbnNzZWMtZXhwLm9yZzCC -AUIGA1UdIASCATkwggE1MIIBMQYLKwYBBAGBtTcBAgIwggEgMC4GCCsGAQUFBwIB -FiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIB -FihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUucGRmMIG3Bggr -BgEFBQcCAjCBqjAUFg1TdGFydENvbSBMdGQuMAMCAQEagZFMaW1pdGVkIExpYWJp -bGl0eSwgc2VlIHNlY3Rpb24gKkxlZ2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3Rh -cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUG9saWN5IGF2YWlsYWJsZSBh -dCBodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMGEGA1UdHwRaMFgw -KqAooCaGJGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2NydDEtY3JsLmNybDAqoCig -JoYkaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0MS1jcmwuY3JsMIGOBggrBgEF -BQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20v -c3ViL2NsYXNzMS9zZXJ2ZXIvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly93d3cuc3Rh -cnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuc2VydmVyLmNhLmNydDAjBgNVHRIE -HDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEB -ACXj6SB59KRJPenn6gUdGEqcta97U769SATyiQ87i9er64qLwvIGLMa3o2Rcgl2Y -kghUeyLdN/EXyFBYA8L8uvZREPoc7EZukpT/ZDLXy9i2S0jkOxvF2fD/XLbcjGjM -iEYG1/6ASw0ri9C0k4oDDoJLCoeH9++yqF7SFCCMcDkJqiAGXNb4euDpa8vCCtEQ -CSS+ObZbfkreRt3cNCf5LfCXe9OsTnCfc8Cuq81c0oLaG+SmaLUQNBuToq8e9/Zm -+b+/a3RVjxmkV5OCcGVBxsXNDn54Q6wsdw0TBMcjwoEndzpLS7yWgFbbkq5ZiGpw -Qibb2+CfKuQ+WFV1GkVQmVA= ------END CERTIFICATE-----` - -const startComIntermediate = `-----BEGIN CERTIFICATE----- -MIIGNDCCBBygAwIBAgIBGDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW -MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg -Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjA1NDE3WhcNMTcxMDI0MjA1NDE3WjCB -jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT -IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0 -YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtonGrO8JUngHrJJj0PREGBiE -gFYfka7hh/oyULTTRwbw5gdfcA4Q9x3AzhA2NIVaD5Ksg8asWFI/ujjo/OenJOJA -pgh2wJJuniptTT9uYSAK21ne0n1jsz5G/vohURjXzTCm7QduO3CHtPn66+6CPAVv -kvek3AowHpNz/gfK11+AnSJYUq4G2ouHI2mw5CrY6oPSvfNx23BaKA+vWjhwRRI/ -ME3NO68X5Q/LoKldSKqxYVDLNM08XMML6BDAjJvwAwNi/rJsPnIO7hxDKslIDlc5 -xDEhyBDBLIf+VJVSH1I8MRKbf+fAoKVZ1eKPPvDVqOHXcDGpxLPPr21TLwb0pwID -AQABo4IBrTCCAakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD -VR0OBBYEFOtCNNCYsKuf9BtrCPfMZC7vDixFMB8GA1UdIwQYMBaAFE4L7xqkQFul -F2mHMMo0aEPQQa7yMGYGCCsGAQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDov -L29jc3Auc3RhcnRzc2wuY29tL2NhMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3LnN0 -YXJ0c3NsLmNvbS9zZnNjYS5jcnQwWwYDVR0fBFQwUjAnoCWgI4YhaHR0cDovL3d3 -dy5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0 -c3NsLmNvbS9zZnNjYS5jcmwwgYAGA1UdIAR5MHcwdQYLKwYBBAGBtTcBAgEwZjAu -BggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0 -BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRl -LnBkZjANBgkqhkiG9w0BAQUFAAOCAgEAIQlJPqWIbuALi0jaMU2P91ZXouHTYlfp -tVbzhUV1O+VQHwSL5qBaPucAroXQ+/8gA2TLrQLhxpFy+KNN1t7ozD+hiqLjfDen -xk+PNdb01m4Ge90h2c9W/8swIkn+iQTzheWq8ecf6HWQTd35RvdCNPdFWAwRDYSw -xtpdPvkBnufh2lWVvnQce/xNFE+sflVHfXv0pQ1JHpXo9xLBzP92piVH0PN1Nb6X -t1gW66pceG/sUzCv6gRNzKkC4/C2BBL2MLERPZBOVmTX3DxDX3M570uvh+v2/miI -RHLq0gfGabDBoYvvF0nXYbFFSF87ICHpW7LM9NfpMfULFWE7epTj69m8f5SuauNi -YpaoZHy4h/OZMn6SolK+u/hlz8nyMPyLwcKmltdfieFcNID1j0cHL7SRv7Gifl9L -WtBbnySGBVFaaQNlQ0lxxeBvlDRr9hvYqbBMflPrj0jfyjO1SPo2ShpTpjMM0InN -SRXNiTE8kMBy12VLUjWKRhFEuT2OKGWmPnmeXAhEKa2wNREuIU640ucQPl2Eg7PD -wuTSxv0JS3QJ3fGz0xk+gA2iCxnwOOfFwq/iI9th4p1cbiCJSS4jarJiwUW0n6+L -p/EiO/h94pDQehn7Skzj0n1fSoMD7SfWI55rjbRZotnvbIIp3XUZPD9MEI3vu3Un -0q6Dp6jOW6c= ------END CERTIFICATE-----` - -const startComRoot = `-----BEGIN CERTIFICATE----- -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW -MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg -Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9 -MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi -U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh -cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk -pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf -OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C -Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT -Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi -HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM -Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w -+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ -Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 -Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B -26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID -AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE -FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j -ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js -LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM -BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 -Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy -dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh -cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh -YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg -dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp -bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ -YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT -TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ -9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8 -jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW -FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz -ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 -ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L -EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu -L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq -yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC -O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V -um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh -NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14= ------END CERTIFICATE-----` - -const smimeLeaf = `-----BEGIN CERTIFICATE----- -MIIFBjCCA+6gAwIBAgISESFvrjT8XcJTEe6rBlPptILlMA0GCSqGSIb3DQEBBQUA -MFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSowKAYD -VQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAyIENBIC0gRzIwHhcNMTIwMTIz -MTYzNjU5WhcNMTUwMTIzMTYzNjU5WjCBlDELMAkGA1UEBhMCVVMxFjAUBgNVBAgT -DU5ldyBIYW1zcGhpcmUxEzARBgNVBAcTClBvcnRzbW91dGgxGTAXBgNVBAoTEEds -b2JhbFNpZ24sIEluYy4xEzARBgNVBAMTClJ5YW4gSHVyc3QxKDAmBgkqhkiG9w0B -CQEWGXJ5YW4uaHVyc3RAZ2xvYmFsc2lnbi5jb20wggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC4ASSTvavmsFQAob60ukSSwOAL9nT/s99ltNUCAf5fPH5j -NceMKxaQse2miOmRRIXaykcq1p/TbI70Ztce38r2mbOwqDHHPVi13GxJEyUXWgaR -BteDMu5OGyWNG1kchVsGWpbstT0Z4v0md5m1BYFnxB20ebJyOR2lXDxsFK28nnKV -+5eMj76U8BpPQ4SCH7yTMG6y0XXsB3cCrBKr2o3TOYgEKv+oNnbaoMt3UxMt9nSf -9jyIshjqfnT5Aew3CUNMatO55g5FXXdIukAweg1YSb1ls05qW3sW00T3d7dQs9/7 -NuxCg/A2elmVJSoy8+MLR8JSFEf/aMgjO/TyLg/jAgMBAAGjggGPMIIBizAOBgNV -HQ8BAf8EBAMCBaAwTQYDVR0gBEYwRDBCBgorBgEEAaAyASgKMDQwMgYIKwYBBQUH -AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMCQGA1Ud -EQQdMBuBGXJ5YW4uaHVyc3RAZ2xvYmFsc2lnbi5jb20wCQYDVR0TBAIwADAdBgNV -HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwQwYDVR0fBDwwOjA4oDagNIYyaHR0 -cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc3BlcnNvbmFsc2lnbjJnMi5jcmww -VQYIKwYBBQUHAQEESTBHMEUGCCsGAQUFBzAChjlodHRwOi8vc2VjdXJlLmdsb2Jh -bHNpZ24uY29tL2NhY2VydC9nc3BlcnNvbmFsc2lnbjJnMi5jcnQwHQYDVR0OBBYE -FFWiECe0/L72eVYqcWYnLV6SSjzhMB8GA1UdIwQYMBaAFD8V0m18L+cxnkMKBqiU -bCw7xe5lMA0GCSqGSIb3DQEBBQUAA4IBAQAhQi6hLPeudmf3IBF4IDzCvRI0FaYd -BKfprSk/H0PDea4vpsLbWpA0t0SaijiJYtxKjlM4bPd+2chb7ejatDdyrZIzmDVy -q4c30/xMninGKokpYA11/Ve+i2dvjulu65qasrtQRGybAuuZ67lrp/K3OMFgjV5N -C3AHYLzvNU4Dwc4QQ1BaMOg6KzYSrKbABRZajfrpC9uiePsv7mDIXLx/toBPxWNl -a5vJm5DrZdn7uHdvBCE6kMykbOLN5pmEK0UIlwKh6Qi5XD0pzlVkEZliFkBMJgub -d/eF7xeg7TKPWC5xyOFp9SdMolJM7LTC3wnSO3frBAev+q/nGs9Xxyvs ------END CERTIFICATE-----` - -const smimeIntermediate = `-----BEGIN CERTIFICATE----- -MIIEFjCCAv6gAwIBAgILBAAAAAABL07hL1IwDQYJKoZIhvcNAQEFBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw -MDBaFw0xOTA0MTMxMDAwMDBaMFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAy -IENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBa0H5Nez4 -En3dIlFpX7e5E0YndxQ74xOBbz7kdBd+DLX0LOQMjVPU3DAgKL9ujhH+ZhHkURbH -3X/94TQSUL/z2JjsaQvS0NqyZXHhM5eeuquzOJRzEQ8+odETzHg2G0Erv7yjSeww -gkwDWDJnYUDlOjYTDUEG6+i+8Mn425reo4I0E277wD542kmVWeW7+oHv5dZo9e1Q -yWwiKTEP6BEQVVSBgThXMG4traSSDRUt3T1eQTZx5EObpiBEBO4OTqiBTJfg4vEI -YgkXzKLpnfszTB6YMDpR9/QS6p3ANB3kfAb+t6udSO3WCst0DGrwHDLBFGDR4UeY -T5KGGnI7cWL7AgMBAAGjgeUwgeIwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQI -MAYBAf8CAQAwHQYDVR0OBBYEFD8V0m18L+cxnkMKBqiUbCw7xe5lMEcGA1UdIARA -MD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWdu -LmNvbS9yZXBvc2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmds -b2JhbHNpZ24ubmV0L3Jvb3QuY3JsMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTN -NKj//P1LMA0GCSqGSIb3DQEBBQUAA4IBAQBDc3nMpMxJMQMcYUCB3+C73UpvwDE8 -eCOr7t2F/uaQKKcyqqstqLZc6vPwI/rcE9oDHugY5QEjQzIBIEaTnN6P0vege2IX -eCOr7t2F/uaQKKcyqqstqLZc6vPwI/rcE9oDHugY5QEjQzIBIEaTnN6P0vege2IX -YEvTWbWwGdPytDFPYIl3/6OqNSXSnZ7DxPcdLJq2uyiga8PB/TTIIHYkdM2+1DE0 -7y3rH/7TjwDVD7SLu5/SdOfKskuMPTjOEvz3K161mymW06klVhubCIWOro/Gx1Q2 -2FQOZ7/2k4uYoOdBTSlb8kTAuzZNgIE0rB2BIYCTz/P6zZIKW0ogbRSH ------END CERTIFICATE-----` - -var megaLeaf = `-----BEGIN CERTIFICATE----- -MIIFOjCCBCKgAwIBAgIQWYE8Dup170kZ+k11Lg51OjANBgkqhkiG9w0BAQUFADBy -MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD -VQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEYMBYGA1UE -AxMPRXNzZW50aWFsU1NMIENBMB4XDTEyMTIxNDAwMDAwMFoXDTE0MTIxNDIzNTk1 -OVowfzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMS4wLAYDVQQL -EyVIb3N0ZWQgYnkgSW5zdHJhIENvcnBvcmF0aW9uIFB0eS4gTFREMRUwEwYDVQQL -EwxFc3NlbnRpYWxTU0wxEzARBgNVBAMTCm1lZ2EuY28ubnowggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDcxMCClae8BQIaJHBUIVttlLvhbK4XhXPk3RQ3 -G5XA6tLZMBQ33l3F9knYJ0YErXtr8IdfYoulRQFmKFMJl9GtWyg4cGQi2Rcr5VN5 -S5dA1vu4oyJBxE9fPELcK6Yz1vqaf+n6za+mYTiQYKggVdS8/s8hmNuXP9Zk1pIn -+q0pGsf8NAcSHMJgLqPQrTDw+zae4V03DvcYfNKjuno88d2226ld7MAmQZ7uRNsI -/CnkdelVs+akZsXf0szefSqMJlf08SY32t2jj4Ra7RApVYxOftD9nij/aLfuqOU6 -ow6IgIcIG2ZvXLZwK87c5fxL7UAsTTV+M1sVv8jA33V2oKLhAgMBAAGjggG9MIIB -uTAfBgNVHSMEGDAWgBTay+qtWwhdzP/8JlTOSeVVxjj0+DAdBgNVHQ4EFgQUmP9l -6zhyrZ06Qj4zogt+6LKFk4AwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw -NAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgB -hvhCBAEwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1o -dHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwOwYDVR0fBDQw -MjAwoC6gLIYqaHR0cDovL2NybC5jb21vZG9jYS5jb20vRXNzZW50aWFsU1NMQ0Eu -Y3JsMG4GCCsGAQUFBwEBBGIwYDA4BggrBgEFBQcwAoYsaHR0cDovL2NydC5jb21v -ZG9jYS5jb20vRXNzZW50aWFsU1NMQ0FfMi5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6 -Ly9vY3NwLmNvbW9kb2NhLmNvbTAlBgNVHREEHjAcggptZWdhLmNvLm56gg53d3cu -bWVnYS5jby5uejANBgkqhkiG9w0BAQUFAAOCAQEAcYhrsPSvDuwihMOh0ZmRpbOE -Gw6LqKgLNTmaYUPQhzi2cyIjhUhNvugXQQlP5f0lp5j8cixmArafg1dTn4kQGgD3 -ivtuhBTgKO1VYB/VRoAt6Lmswg3YqyiS7JiLDZxjoV7KoS5xdiaINfHDUaBBY4ZH -j2BUlPniNBjCqXe/HndUTVUewlxbVps9FyCmH+C4o9DWzdGBzDpCkcmo5nM+cp7q -ZhTIFTvZfo3zGuBoyu8BzuopCJcFRm3cRiXkpI7iOMUIixO1szkJS6WpL1sKdT73 -UXp08U0LBqoqG130FbzEJBBV3ixbvY6BWMHoCWuaoF12KJnC5kHt2RoWAAgMXA== ------END CERTIFICATE-----` - -var comodoIntermediate1 = `-----BEGIN CERTIFICATE----- -MIIFAzCCA+ugAwIBAgIQGLLLuqME8aAPwfLzJkYqSjANBgkqhkiG9w0BAQUFADCB -gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV -BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw -MDBaFw0xOTEyMzEyMzU5NTlaMHIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVh -dGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9E -TyBDQSBMaW1pdGVkMRgwFgYDVQQDEw9Fc3NlbnRpYWxTU0wgQ0EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt8AiwcsargxIxF3CJhakgEtSYau2A1NHf -5I5ZLdOWIY120j8YC0YZYwvHIPPlC92AGvFaoL0dds23Izp0XmEbdaqb1IX04XiR -0y3hr/yYLgbSeT1awB8hLRyuIVPGOqchfr7tZ291HRqfalsGs2rjsQuqag7nbWzD -ypWMN84hHzWQfdvaGlyoiBSyD8gSIF/F03/o4Tjg27z5H6Gq1huQByH6RSRQXScq -oChBRVt9vKCiL6qbfltTxfEFFld+Edc7tNkBdtzffRDPUanlOPJ7FAB1WfnwWdsX -Pvev5gItpHnBXaIcw5rIp6gLSApqLn8tl2X2xQScRMiZln5+pN0vAgMBAAGjggGD -MIIBfzAfBgNVHSMEGDAWgBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAdBgNVHQ4EFgQU -2svqrVsIXcz//CZUzknlVcY49PgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQI -MAYBAf8CAQAwIAYDVR0lBBkwFwYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMD4GA1Ud -IAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21v -ZG8uY29tL0NQUzBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9kb2Nh -LmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBsBggrBgEFBQcB -AQRgMF4wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NvbW9k -b1VUTlNHQ0NBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2Eu -Y29tMA0GCSqGSIb3DQEBBQUAA4IBAQAtlzR6QDLqcJcvgTtLeRJ3rvuq1xqo2l/z -odueTZbLN3qo6u6bldudu+Ennv1F7Q5Slqz0J790qpL0pcRDAB8OtXj5isWMcL2a -ejGjKdBZa0wztSz4iw+SY1dWrCRnilsvKcKxudokxeRiDn55w/65g+onO7wdQ7Vu -F6r7yJiIatnyfKH2cboZT7g440LX8NqxwCPf3dfxp+0Jj1agq8MLy6SSgIGSH6lv -+Wwz3D5XxqfyH8wqfOQsTEZf6/Nh9yvENZ+NWPU6g0QO2JOsTGvMd/QDzczc4BxL -XSXaPV7Od4rhPsbXlM1wSTz/Dr0ISKvlUhQVnQ6cGodWaK2cCQBk ------END CERTIFICATE-----` - -var comodoRoot = `-----BEGIN CERTIFICATE----- -MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB -gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV -BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw -MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl -YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P -RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 -UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI -2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 -Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp -+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ -DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O -nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW -/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g -PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u -QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY -SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv -IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ -RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 -zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd -BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB -ZQ== ------END CERTIFICATE-----` - -var nameConstraintsLeaf = `-----BEGIN CERTIFICATE----- -MIIHMTCCBRmgAwIBAgIIIZaV/3ezOJkwDQYJKoZIhvcNAQEFBQAwgcsxCzAJBgNV -BAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTETMBEGA1UEBxMKQmxhY2tzYnVyZzEj -MCEGA1UECxMaR2xvYmFsIFF1YWxpZmllZCBTZXJ2ZXIgQ0ExPDA6BgNVBAoTM1Zp -cmdpbmlhIFBvbHl0ZWNobmljIEluc3RpdHV0ZSBhbmQgU3RhdGUgVW5pdmVyc2l0 -eTExMC8GA1UEAxMoVmlyZ2luaWEgVGVjaCBHbG9iYWwgUXVhbGlmaWVkIFNlcnZl -ciBDQTAeFw0xMzA5MTkxNDM2NTVaFw0xNTA5MTkxNDM2NTVaMIHNMQswCQYDVQQG -EwJVUzERMA8GA1UECAwIVmlyZ2luaWExEzARBgNVBAcMCkJsYWNrc2J1cmcxPDA6 -BgNVBAoMM1ZpcmdpbmlhIFBvbHl0ZWNobmljIEluc3RpdHV0ZSBhbmQgU3RhdGUg -VW5pdmVyc2l0eTE7MDkGA1UECwwyVGVjaG5vbG9neS1lbmhhbmNlZCBMZWFybmlu -ZyBhbmQgT25saW5lIFN0cmF0ZWdpZXMxGzAZBgNVBAMMEnNlY3VyZS5pZGRsLnZ0 -LmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkOyPpsOK/6IuPG -WnIBlVwlHzeYf+cUlggqkLq0b0+vZbiTXgio9/VCuNQ8opSoss7J7o3ygV9to+9Y -YwJKVC5WDT/y5JWpQey0CWILymViJnpNSwnxBc8A+Q8w5NUGDd/UhtPx/U8/hqbd -WPDYj2hbOqyq8UlRhfS5pwtnv6BbCTaY11I6FhCLK7zttISyTuWCf9p9o/ggiipP -ii/5oh4dkl+r5SfuSp5GPNHlYO8lWqys5NAPoDD4fc/kuflcK7Exx7XJ+Oqu0W0/ -psjEY/tES1ZgDWU/ParcxxFpFmKHbD5DXsfPOObzkVWXIY6tGMutSlE1Froy/Nn0 -OZsAOrcCAwEAAaOCAhMwggIPMIG4BggrBgEFBQcBAQSBqzCBqDBYBggrBgEFBQcw -AoZMaHR0cDovL3d3dy5wa2kudnQuZWR1L2dsb2JhbHF1YWxpZmllZHNlcnZlci9j -YWNlcnQvZ2xvYmFscXVhbGlmaWVkc2VydmVyLmNydDBMBggrBgEFBQcwAYZAaHR0 -cDovL3Z0Y2EtcC5lcHJvdi5zZXRpLnZ0LmVkdTo4MDgwL2VqYmNhL3B1YmxpY3dl -Yi9zdGF0dXMvb2NzcDAdBgNVHQ4EFgQUp7xbO6iHkvtZbPE4jmndmnAbSEcwDAYD -VR0TAQH/BAIwADAfBgNVHSMEGDAWgBS8YmAn1eM1SBfpS6tFatDIqHdxjDBqBgNV -HSAEYzBhMA4GDCsGAQQBtGgFAgICATAOBgwrBgEEAbRoBQICAQEwPwYMKwYBBAG0 -aAUCAgMBMC8wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9nbG9i -YWwvY3BzLzBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vd3d3LnBraS52dC5lZHUv -Z2xvYmFscXVhbGlmaWVkc2VydmVyL2NybC9jYWNybC5jcmwwDgYDVR0PAQH/BAQD -AgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHREEFjAUghJz -ZWN1cmUuaWRkbC52dC5lZHUwDQYJKoZIhvcNAQEFBQADggIBAEgoYo4aUtatY3gI -OyyKp7QlIOaLbTJZywESHqy+L5EGDdJW2DJV+mcE0LDGvqa2/1Lo+AR1ntsZwfOi -Y718JwgVVaX/RCd5+QKP25c5/x72xI8hb/L1bgS0ED9b0YAhd7Qm1K1ot82+6mqX -DW6WiGeDr8Z07MQ3143qQe2rBlq+QI69DYzm2GOqAIAnUIWv7tCyLUm31b4DwmrJ -TeudVreTKUbBNB1TWRFHEPkWhjjXKZnNGRO11wHXcyBu6YekIvVZ+vmx8ePee4jJ -3GFOi7lMuWOeq57jTVL7KOKaKLVXBb6gqo5aq+Wwt8RUD5MakrCAEeQZj7DKaFmZ -oQCO0Pxrsl3InCGvxnGzT+bFVO9nJ/BAMj7hknFdm9Jr6Bg5q33Z+gnf909AD9QF -ESqUSykaHu2LVdJx2MaCH1CyKnRgMw5tEwE15EXpUjCm24m8FMOYC+rNtf18pgrz -5D8Jhh+oxK9PjcBYqXNtnioIxiMCYcV0q5d4w4BYFEh71tk7/bYB0R55CsBUVPmp -timWNOdRd57Tfpk3USaVsumWZAf9MP3wPiC7gb4d5tYEEAG5BuDT8ruFw838wU8G -1VvAVutSiYBg7k3NYO7AUqZ+Ax4klQX3aM9lgonmJ78Qt94UPtbptrfZ4/lSqEf8 -GBUwDrQNTb+gsXsDkjd5lcYxNx6l ------END CERTIFICATE-----` - -var nameConstraintsIntermediate1 = `-----BEGIN CERTIFICATE----- -MIINLjCCDBagAwIBAgIRIqpyf/YoGgvHc8HiDAxAI8owDQYJKoZIhvcNAQEFBQAw -XDELMAkGA1UEBhMCQkUxFTATBgNVBAsTDFRydXN0ZWQgUm9vdDEZMBcGA1UEChMQ -R2xvYmFsU2lnbiBudi1zYTEbMBkGA1UEAxMSVHJ1c3RlZCBSb290IENBIEcyMB4X -DTEyMTIxMzAwMDAwMFoXDTE3MTIxMzAwMDAwMFowgcsxCzAJBgNVBAYTAlVTMREw -DwYDVQQIEwhWaXJnaW5pYTETMBEGA1UEBxMKQmxhY2tzYnVyZzEjMCEGA1UECxMa -R2xvYmFsIFF1YWxpZmllZCBTZXJ2ZXIgQ0ExPDA6BgNVBAoTM1ZpcmdpbmlhIFBv -bHl0ZWNobmljIEluc3RpdHV0ZSBhbmQgU3RhdGUgVW5pdmVyc2l0eTExMC8GA1UE -AxMoVmlyZ2luaWEgVGVjaCBHbG9iYWwgUXVhbGlmaWVkIFNlcnZlciBDQTCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALgIZhEaptBWADBqdJ45ueFGzMXa -GHnzNxoxR1fQIaaRQNdCg4cw3A4dWKMeEgYLtsp65ai3Xfw62Qaus0+KJ3RhgV+r -ihqK81NUzkls78fJlADVDI4fCTlothsrE1CTOMiy97jKHai5mVTiWxmcxpmjv7fm -5Nhc+uHgh2hIz6npryq495mD51ZrUTIaqAQN6Pw/VHfAmR524vgriTOjtp1t4lA9 -pXGWjF/vkhAKFFheOQSQ00rngo2wHgCqMla64UTN0oz70AsCYNZ3jDLx0kOP0YmM -R3Ih91VA63kLqPXA0R6yxmmhhxLZ5bcyAy1SLjr1N302MIxLM/pSy6aquEnbELhz -qyp9yGgRyGJay96QH7c4RJY6gtcoPDbldDcHI9nXngdAL4DrZkJ9OkDkJLyqG66W -ZTF5q4EIs6yMdrywz0x7QP+OXPJrjYpbeFs6tGZCFnWPFfmHCRJF8/unofYrheq+ -9J7Jx3U55S/k57NXbAM1RAJOuMTlfn9Etf9Dpoac9poI4Liav6rBoUQk3N3JWqnV -HNx/NdCyJ1/6UbKMJUZsStAVglsi6lVPo289HHOE4f7iwl3SyekizVOp01wUin3y -cnbZB/rXmZbwapSxTTSBf0EIOr9i4EGfnnhCAVA9U5uLrI5OEB69IY8PNX0071s3 -Z2a2fio5c8m3JkdrAgMBAAGjggh5MIIIdTAOBgNVHQ8BAf8EBAMCAQYwTAYDVR0g -BEUwQzBBBgkrBgEEAaAyATwwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xv -YmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wEgYDVR0TAQH/BAgwBgEB/wIBADCCBtAG -A1UdHgSCBscwggbDoIIGvzASghAzZGJsYWNrc2J1cmcub3JnMBiCFmFjY2VsZXJh -dGV2aXJnaW5pYS5jb20wGIIWYWNjZWxlcmF0ZXZpcmdpbmlhLm9yZzALgglhY3Zj -cC5vcmcwCYIHYmV2Lm5ldDAJggdiZXYub3JnMAuCCWNsaWdzLm9yZzAMggpjbWl3 -ZWIub3JnMBeCFWVhc3Rlcm5icm9va3Ryb3V0Lm5ldDAXghVlYXN0ZXJuYnJvb2t0 -cm91dC5vcmcwEYIPZWNvcnJpZG9ycy5pbmZvMBOCEWVkZ2FycmVzZWFyY2gub3Jn -MBKCEGdldC1lZHVjYXRlZC5jb20wE4IRZ2V0LWVkdWNhdGVkLmluZm8wEYIPZ2V0 -ZWR1Y2F0ZWQubmV0MBKCEGdldC1lZHVjYXRlZC5uZXQwEYIPZ2V0ZWR1Y2F0ZWQu -b3JnMBKCEGdldC1lZHVjYXRlZC5vcmcwD4INaG9raWVjbHViLmNvbTAQgg5ob2tp -ZXBob3RvLmNvbTAPgg1ob2tpZXNob3AuY29tMBGCD2hva2llc3BvcnRzLmNvbTAS -ghBob2tpZXRpY2tldHMuY29tMBKCEGhvdGVscm9hbm9rZS5jb20wE4IRaHVtYW53 -aWxkbGlmZS5vcmcwF4IVaW5uYXR2aXJnaW5pYXRlY2guY29tMA+CDWlzY2hwMjAx -MS5vcmcwD4INbGFuZHJlaGFiLm9yZzAggh5uYXRpb25hbHRpcmVyZXNlYXJjaGNl -bnRlci5jb20wFYITbmV0d29ya3ZpcmdpbmlhLm5ldDAMggpwZHJjdnQuY29tMBiC -FnBldGVkeWVyaXZlcmNvdXJzZS5jb20wDYILcmFkaW9pcS5vcmcwFYITcml2ZXJj -b3Vyc2Vnb2xmLmNvbTALgglzZGltaS5vcmcwEIIOc292YW1vdGlvbi5jb20wHoIc -c3VzdGFpbmFibGUtYmlvbWF0ZXJpYWxzLmNvbTAeghxzdXN0YWluYWJsZS1iaW9t -YXRlcmlhbHMub3JnMBWCE3RoaXNpc3RoZWZ1dHVyZS5jb20wGIIWdGhpcy1pcy10 -aGUtZnV0dXJlLmNvbTAVghN0aGlzaXN0aGVmdXR1cmUubmV0MBiCFnRoaXMtaXMt -dGhlLWZ1dHVyZS5uZXQwCoIIdmFkcy5vcmcwDIIKdmFsZWFmLm9yZzANggt2YXRl -Y2guaW5mbzANggt2YXRlY2gubW9iaTAcghp2YXRlY2hsaWZlbG9uZ2xlYXJuaW5n -LmNvbTAcghp2YXRlY2hsaWZlbG9uZ2xlYXJuaW5nLm5ldDAcghp2YXRlY2hsaWZl -bG9uZ2xlYXJuaW5nLm9yZzAKggh2Y29tLmVkdTASghB2aXJnaW5pYXZpZXcubmV0 -MDSCMnZpcmdpbmlhcG9seXRlY2huaWNpbnN0aXR1dGVhbmRzdGF0ZXVuaXZlcnNp -dHkuY29tMDWCM3ZpcmdpbmlhcG9seXRlY2huaWNpbnN0aXR1dGVhbmRzdGF0ZXVu -aXZlcnNpdHkuaW5mbzA0gjJ2aXJnaW5pYXBvbHl0ZWNobmljaW5zdGl0dXRlYW5k -c3RhdGV1bml2ZXJzaXR5Lm5ldDA0gjJ2aXJnaW5pYXBvbHl0ZWNobmljaW5zdGl0 -dXRlYW5kc3RhdGV1bml2ZXJzaXR5Lm9yZzAZghd2aXJnaW5pYXB1YmxpY3JhZGlv -Lm9yZzASghB2aXJnaW5pYXRlY2guZWR1MBOCEXZpcmdpbmlhdGVjaC5tb2JpMByC -GnZpcmdpbmlhdGVjaGZvdW5kYXRpb24ub3JnMAiCBnZ0LmVkdTALggl2dGFyYy5v -cmcwDIIKdnQtYXJjLm9yZzALggl2dGNyYy5jb20wCoIIdnRpcC5vcmcwDIIKdnRs -ZWFuLm9yZzAWghR2dGtub3dsZWRnZXdvcmtzLmNvbTAYghZ2dGxpZmVsb25nbGVh -cm5pbmcuY29tMBiCFnZ0bGlmZWxvbmdsZWFybmluZy5uZXQwGIIWdnRsaWZlbG9u -Z2xlYXJuaW5nLm9yZzATghF2dHNwb3J0c21lZGlhLmNvbTALggl2dHdlaS5jb20w -D4INd2l3YXR3ZXJjLmNvbTAKggh3dnRmLm9yZzAIgQZ2dC5lZHUwd6R1MHMxCzAJ -BgNVBAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTETMBEGA1UEBxMKQmxhY2tzYnVy -ZzE8MDoGA1UEChMzVmlyZ2luaWEgUG9seXRlY2huaWMgSW5zdGl0dXRlIGFuZCBT -dGF0ZSBVbml2ZXJzaXR5MCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDAQYI -KwYBBQUHAwkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2NybC5nbG9iYWxzaWdu -LmNvbS9ncy90cnVzdHJvb3RnMi5jcmwwgYQGCCsGAQUFBwEBBHgwdjAzBggrBgEF -BQcwAYYnaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3RydXN0cm9vdGcyMD8G -CCsGAQUFBzAChjNodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC90 -cnVzdHJvb3RnMi5jcnQwHQYDVR0OBBYEFLxiYCfV4zVIF+lLq0Vq0Miod3GMMB8G -A1UdIwQYMBaAFBT25YsxtkWASkxt/MKHico2w5BiMA0GCSqGSIb3DQEBBQUAA4IB -AQAyJm/lOB2Er4tHXhc/+fSufSzgjohJgYfMkvG4LknkvnZ1BjliefR8tTXX49d2 -SCDFWfGjqyJZwavavkl/4p3oXPG/nAMDMvxh4YAT+CfEK9HH+6ICV087kD4BLegi -+aFJMj8MMdReWCzn5sLnSR1rdse2mo2arX3Uod14SW+PGrbUmTuWNyvRbz3fVmxp -UdbGmj3laknO9YPsBGgHfv73pVVsTJkW4ZfY/7KdD/yaVv6ophpOB3coXfjl2+kd -Z4ypn2zK+cx9IL/LSewqd/7W9cD55PCUy4X9OTbEmAccwiz3LB66mQoUGfdHdkoB -jUY+v9vLQXmaVwI0AYL7g9LN ------END CERTIFICATE-----` - -var nameConstraintsIntermediate2 = `-----BEGIN CERTIFICATE----- -MIIEXTCCA0WgAwIBAgILBAAAAAABNuk6OrMwDQYJKoZIhvcNAQEFBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMjA0MjUxMTAw -MDBaFw0yNzA0MjUxMTAwMDBaMFwxCzAJBgNVBAYTAkJFMRUwEwYDVQQLEwxUcnVz -dGVkIFJvb3QxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExGzAZBgNVBAMTElRy -dXN0ZWQgUm9vdCBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AKyuvqrtcMr7g7EuNbu4sKwxM127UsCmx1RxbxxgcArGS7rjiefpBH/w4LYrymjf -vcw1ueyMNoqLo9nJMz/ORXupb35NNfE667prQYHa+tTjl1IiKpB7QUwt3wXPuTMF -Ja1tXtjKzkqJyuJlNuPKT76HcjgNqgV1s9qG44MD5I2JvI12du8zI1bgdQ+l/KsX -kTfbGjUvhOLOlVNWVQDpL+YMIrGqgBYxy5TUNgrAcRtwpNdS2KkF5otSmMweVb5k -hoUVv3u8UxQH/WWbNhHq1RrIlg/0rBUfi/ziShYFSB7U+aLx5DxPphTFBiDquQGp -tB+FC4JvnukDStFihZCZ1R8CAwEAAaOCASMwggEfMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIB -FiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAdBgNVHQ4E -FgQUFPblizG2RYBKTG38woeJyjbDkGIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDov -L2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDA+BggrBgEFBQcBAQQyMDAwLgYI -KwYBBQUHMAGGImh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9yb290cjEwHwYD -VR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZIhvcNAQEFBQADggEB -AL7IG0l+k4LkcpI+a/kvZsSRwSM4uA6zGX34e78A2oytr8RG8bJwVb8+AHMUD+Xe -2kYdh/Uj/waQXfqR0OgxQXL9Ct4ZM+JlR1avsNKXWL5AwYXAXCOB3J5PW2XOck7H -Zw0vRbGQhjWjQx+B4KOUFg1b3ov/z6Xkr3yaCfRQhXh7KC0Bc0RXPPG5Nv5lCW+z -tbbg0zMm3kyfQITRusMSg6IBsDJqOnjaiaKQRcXiD0Sk43ZXb2bUKMxC7+Td3QL4 -RyHcWJbQ7YylLTS/x+jxWIcOQ0oO5/54t5PTQ14neYhOz9x4gUk2AYAW6d1vePwb -hcC8roQwkHT7HvfYBoc74FM= ------END CERTIFICATE-----` - -var globalSignRoot = `-----BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw -MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT -aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ -jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp -xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp -1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG -snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ -U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 -9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E -BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B -AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz -yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE -38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP -AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad -DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME -HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== ------END CERTIFICATE-----` - -var moipLeafCert = `-----BEGIN CERTIFICATE----- -MIIGQDCCBSigAwIBAgIRAPe/cwh7CUWizo8mYSDavLIwDQYJKoZIhvcNAQELBQAw -gZIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO -BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTgwNgYD -VQQDEy9DT01PRE8gUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZl -ciBDQTAeFw0xMzA4MTUwMDAwMDBaFw0xNDA4MTUyMzU5NTlaMIIBQjEXMBUGA1UE -BRMOMDg3MTg0MzEwMDAxMDgxEzARBgsrBgEEAYI3PAIBAxMCQlIxGjAYBgsrBgEE -AYI3PAIBAhMJU2FvIFBhdWxvMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlv -bjELMAkGA1UEBhMCQlIxETAPBgNVBBETCDAxNDUyMDAwMRIwEAYDVQQIEwlTYW8g -UGF1bG8xEjAQBgNVBAcTCVNhbyBQYXVsbzEtMCsGA1UECRMkQXZlbmlkYSBCcmln -YWRlaXJvIEZhcmlhIExpbWEgLCAyOTI3MR0wGwYDVQQKExRNb2lwIFBhZ2FtZW50 -b3MgUy5BLjENMAsGA1UECxMETU9JUDEYMBYGA1UECxMPU1NMIEJsaW5kYWRvIEVW -MRgwFgYDVQQDEw9hcGkubW9pcC5jb20uYnIwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQDN0b9x6TrXXA9hPCF8/NjqGJ++2D4LO4ZiMFTjs0VwpXy2Y1Oe -s74/HuiLGnAHxTmAtV7IpZMibiOcTxcnDYp9oEWkf+gR+hZvwFZwyOBC7wyb3SR3 -UvV0N1ZbEVRYpN9kuX/3vjDghjDmzzBwu8a/T+y5JTym5uiJlngVAWyh/RjtIvYi -+NVkQMbyVlPGkoCe6c30pH8DKYuUCZU6DHjUsPTX3jAskqbhDSAnclX9iX0p2bmw -KVBc+5Vh/2geyzDuquF0w+mNIYdU5h7uXvlmJnf3d2Cext5dxdL8/jezD3U0dAqI -pYSKERbyxSkJWxdvRlhdpM9YXMJcpc88xNp1AgMBAAGjggHcMIIB2DAfBgNVHSME -GDAWgBQ52v/KKBSKqHQTCLnkDqnS+n6daTAdBgNVHQ4EFgQU/lXuOa7DMExzZjRj -LQWcMWGZY7swDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw -FAYIKwYBBQUHAwEGCCsGAQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQUB -MCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMFYG -A1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JT -QUV4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhwYIKwYBBQUH -AQEEezB5MFEGCCsGAQUFBzAChkVodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01P -RE9SU0FFeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYB -BQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAvBgNVHREEKDAmgg9hcGku -bW9pcC5jb20uYnKCE3d3dy5hcGkubW9pcC5jb20uYnIwDQYJKoZIhvcNAQELBQAD -ggEBAFoTmPlaDcf+nudhjXHwud8g7/LRyA8ucb+3/vfmgbn7FUc1eprF5sJS1mA+ -pbiTyXw4IxcJq2KUj0Nw3IPOe9k84mzh+XMmdCKH+QK3NWkE9Udz+VpBOBc0dlqC -1RH5umStYDmuZg/8/r652eeQ5kUDcJyADfpKWBgDPYaGtwzKVT4h3Aok9SLXRHx6 -z/gOaMjEDMarMCMw4VUIG1pvNraZrG5oTaALPaIXXpd8VqbQYPudYJ6fR5eY3FeW -H/ofbYFdRcuD26MfBFWE9VGGral9Fgo8sEHffho+UWhgApuQV4/l5fMzxB5YBXyQ -jhuy8PqqZS9OuLilTeLu4a8z2JI= ------END CERTIFICATE-----` - -var comodoIntermediateSHA384 = `-----BEGIN CERTIFICATE----- -MIIGDjCCA/agAwIBAgIQBqdDgNTr/tQ1taP34Wq92DANBgkqhkiG9w0BAQwFADCB -hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV -BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTIwMjEy -MDAwMDAwWhcNMjcwMjExMjM1OTU5WjCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgT -EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR -Q09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQg -VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAlVbeVLTf1QJJe9FbXKKyHo+cK2JMK40SKPMalaPGEP0p3uGf -CzhAk9HvbpUQ/OGQF3cs7nU+e2PsYZJuTzurgElr3wDqAwB/L3XVKC/sVmePgIOj -vdwDmZOLlJFWW6G4ajo/Br0OksxgnP214J9mMF/b5pTwlWqvyIqvgNnmiDkBfBzA -xSr3e5Wg8narbZtyOTDr0VdVAZ1YEZ18bYSPSeidCfw8/QpKdhQhXBZzQCMZdMO6 -WAqmli7eNuWf0MLw4eDBYuPCGEUZUaoXHugjddTI0JYT/8ck0YwLJ66eetw6YWNg -iJctXQUL5Tvrrs46R3N2qPos3cCHF+msMJn4HwIDAQABo4IBaTCCAWUwHwYDVR0j -BBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFDna/8ooFIqodBMI -ueQOqdL6fp1pMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMD4G -A1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5j -b21vZG8uY29tL0NQUzBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9k -b2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggr -BgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29t -L0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz -cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAERCnUFRK0iIXZebeV4R -AUpSGXtBLMeJPNBy3IX6WK/VJeQT+FhlZ58N/1eLqYVeyqZLsKeyLeCMIs37/3mk -jCuN/gI9JN6pXV/kD0fQ22YlPodHDK4ixVAihNftSlka9pOlk7DgG4HyVsTIEFPk -1Hax0VtpS3ey4E/EhOfUoFDuPPpE/NBXueEoU/1Tzdy5H3pAvTA/2GzS8+cHnx8i -teoiccsq8FZ8/qyo0QYPFBRSTP5kKwxpKrgNUG4+BAe/eiCL+O5lCeHHSQgyPQ0o -fkkdt0rvAucNgBfIXOBhYsvss2B5JdoaZXOcOBCgJjqwyBZ9kzEi7nQLiMBciUEA -KKlHMd99SUWa9eanRRrSjhMQ34Ovmw2tfn6dNVA0BM7pINae253UqNpktNEvWS5e -ojZh1CSggjMziqHRbO9haKPl0latxf1eYusVqHQSTC8xjOnB3xBLAer2VBvNfzu9 -XJ/B288ByvK6YBIhMe2pZLiySVgXbVrXzYxtvp5/4gJYp9vDLVj2dAZqmvZh+fYA -tmnYOosxWd2R5nwnI4fdAw+PKowegwFOAWEMUnNt/AiiuSpm5HZNMaBWm9lTjaK2 -jwLI5jqmBNFI+8NKAnb9L9K8E7bobTQk+p0pisehKxTxlgBzuRPpwLk6R1YCcYAn -pLwltum95OmYdBbxN4SBB7SC ------END CERTIFICATE-----` - -const comodoRSAAuthority = `-----BEGIN CERTIFICATE----- -MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv -MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk -ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF -eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow -gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO -BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD -VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq -hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw -AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6 -2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr -ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt -4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq -m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/ -vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT -8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE -IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO -KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO -GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/ -s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g -JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD -AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9 -MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy -bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6 -Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ -zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj -Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY -Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5 -B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx -PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR -pu/xO28QOG8= ------END CERTIFICATE-----` - -const addTrustRoot = `-----BEGIN CERTIFICATE----- -MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU -MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs -IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 -MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux -FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h -bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt -H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 -uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX -mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX -a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN -E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 -WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD -VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 -Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU -cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx -IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN -AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH -YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 -6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC -Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX -c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a -mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= ------END CERTIFICATE-----` - -const selfSigned = `-----BEGIN CERTIFICATE----- -MIIC/DCCAeSgAwIBAgIRAK0SWRVmi67xU3z0gkgY+PkwDQYJKoZIhvcNAQELBQAw -EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNjA4MTkxNjMzNDdaFw0xNzA4MTkxNjMz -NDdaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDWkm1kdCwxyKEt6OTmZitkmLGH8cQu9z7rUdrhW8lWNm4kh2SuaUWP -pscBjda5iqg51aoKuWJR2rw6ElDne+X5eit2FT8zJgAU8v39lMFjbaVZfS9TFOYF -w0Tk0Luo/PyKJpZnwhsP++iiGQiteJbndy8aLKmJ2MpLfpDGIgxEIyNb5dgoDi0D -WReDCpE6K9WDYqvKVGnQ2Jvqqra6Gfx0tFkuqJxQuqA8aUOlPHcCH4KBZdNEoXdY -YL3E4dCAh0YiDs80wNZx4cHqEM3L8gTEFqW2Tn1TSuPZO6gjJ9QPsuUZVjaMZuuO -NVxqLGujZkDzARhC3fBpptMuaAfi20+BAgMBAAGjTTBLMA4GA1UdDwEB/wQEAwIF -oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBYGA1UdEQQPMA2C -C2Zvby5leGFtcGxlMA0GCSqGSIb3DQEBCwUAA4IBAQBPvvfnDhsHWt+/cfwdAVim -4EDn+hYOMkTQwU0pouYIvY8QXYkZ8MBxpBtBMK4JhFU+ewSWoBAEH2dCCvx/BDxN -UGTSJHMbsvJHcFvdmsvvRxOqQ/cJz7behx0cfoeHMwcs0/vWv8ms5wHesb5Ek7L0 -pl01FCBGTcncVqr6RK1r4fTpeCCfRIERD+YRJz8TtPH6ydesfLL8jIV40H8NiDfG -vRAvOtNiKtPzFeQVdbRPOskC4rcHyPeiDAMAMixeLi63+CFty4da3r5lRezeedCE -cw3ESZzThBwWqvPOtJdpXdm+r57pDW8qD+/0lY8wfImMNkQAyCUCLg/1Lxt/hrBj ------END CERTIFICATE-----` - -const issuerSubjectMatchRoot = ` -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 161640039802297062 (0x23e42c281e55ae6) - Signature Algorithm: sha256WithRSAEncryption - Issuer: O=Golang, CN=Root ca - Validity - Not Before: Jan 1 00:00:00 2015 GMT - Not After : Jan 1 00:00:00 2025 GMT - Subject: O=Golang, CN=Root ca - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:e9:0e:7f:11:0c:e6:5a:e6:86:83:70:f6:51:07: - 2e:02:78:11:f5:b2:24:92:38:ee:26:62:02:c7:94: - f1:3e:a1:77:6a:c0:8f:d5:22:68:b6:5d:e2:4c:da: - e0:85:11:35:c2:92:72:49:8d:81:b4:88:97:6b:b7: - fc:b2:44:5b:d9:4d:06:70:f9:0c:c6:8f:e9:b3:df: - a3:6a:84:6c:43:59:be:9d:b2:d0:76:9b:c3:d7:fa: - 99:59:c3:b8:e5:f3:53:03:bd:49:d6:b3:cc:a2:43: - fe:ad:c2:0b:b9:01:b8:56:29:94:03:24:a7:0d:28: - 21:29:a9:ae:94:5b:4a:f9:9f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Subject Key Identifier: - 40:37:D7:01:FB:40:2F:B8:1C:7E:54:04:27:8C:59:01 - Signature Algorithm: sha256WithRSAEncryption - 6f:84:df:49:e0:99:d4:71:66:1d:32:86:56:cb:ea:5a:6b:0e: - 00:6a:d1:5a:6e:1f:06:23:07:ff:cb:d1:1a:74:e4:24:43:0b: - aa:2a:a0:73:75:25:82:bc:bf:3f:a9:f8:48:88:ac:ed:3a:94: - 3b:0d:d3:88:c8:67:44:61:33:df:71:6c:c5:af:ed:16:8c:bf: - 82:f9:49:bb:e3:2a:07:53:36:37:25:77:de:91:a4:77:09:7f: - 6f:b2:91:58:c4:05:89:ea:8e:fa:e1:3b:19:ef:f8:f6:94:b7: - 7b:27:e6:e4:84:dd:2b:f5:93:f5:3c:d8:86:c5:38:01:56:5c: - 9f:6d ------BEGIN CERTIFICATE----- -MIICIDCCAYmgAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwIzEPMA0GA1UE -ChMGR29sYW5nMRAwDgYDVQQDEwdSb290IGNhMB4XDTE1MDEwMTAwMDAwMFoXDTI1 -MDEwMTAwMDAwMFowIzEPMA0GA1UEChMGR29sYW5nMRAwDgYDVQQDEwdSb290IGNh -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1 -siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw -+QzGj+mz36NqhGxDWb6dstB2m8PX+plZw7jl81MDvUnWs8yiQ/6twgu5AbhWKZQD -JKcNKCEpqa6UW0r5nwIDAQABo10wWzAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYw -FAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIE -EEA31wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAb4TfSeCZ1HFmHTKG -VsvqWmsOAGrRWm4fBiMH/8vRGnTkJEMLqiqgc3Ulgry/P6n4SIis7TqUOw3TiMhn -RGEz33Fsxa/tFoy/gvlJu+MqB1M2NyV33pGkdwl/b7KRWMQFieqO+uE7Ge/49pS3 -eyfm5ITdK/WT9TzYhsU4AVZcn20= ------END CERTIFICATE-----` - -const issuerSubjectMatchLeaf = ` -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 16785088708916013734 (0xe8f09d3fe25beaa6) - Signature Algorithm: sha256WithRSAEncryption - Issuer: O=Golang, CN=Root CA - Validity - Not Before: Jan 1 00:00:00 2015 GMT - Not After : Jan 1 00:00:00 2025 GMT - Subject: O=Golang, CN=Leaf - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:db:46:7d:93:2e:12:27:06:48:bc:06:28:21:ab: - 7e:c4:b6:a2:5d:fe:1e:52:45:88:7a:36:47:a5:08: - 0d:92:42:5b:c2:81:c0:be:97:79:98:40:fb:4f:6d: - 14:fd:2b:13:8b:c2:a5:2e:67:d8:d4:09:9e:d6:22: - 38:b7:4a:0b:74:73:2b:c2:34:f1:d1:93:e5:96:d9: - 74:7b:f3:58:9f:6c:61:3c:c0:b0:41:d4:d9:2b:2b: - 24:23:77:5b:1c:3b:bd:75:5d:ce:20:54:cf:a1:63: - 87:1d:1e:24:c4:f3:1d:1a:50:8b:aa:b6:14:43:ed: - 97:a7:75:62:f4:14:c8:52:d7 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Key Identifier: - 9F:91:16:1F:43:43:3E:49:A6:DE:6D:B6:80:D7:9F:60 - X509v3 Authority Key Identifier: - keyid:40:37:D7:01:FB:40:2F:B8:1C:7E:54:04:27:8C:59:01 - - Signature Algorithm: sha256WithRSAEncryption - 8d:86:05:da:89:f5:1d:c5:16:14:41:b9:34:87:2b:5c:38:99: - e3:d9:5a:5b:7a:5b:de:0b:5c:08:45:09:6f:1c:9d:31:5f:08: - ca:7a:a3:99:da:83:0b:22:be:4f:02:35:91:4e:5d:5c:37:bf: - 89:22:58:7d:30:76:d2:2f:d0:a0:ee:77:9e:77:c0:d6:19:eb: - ec:a0:63:35:6a:80:9b:80:1a:80:de:64:bc:40:38:3c:22:69: - ad:46:26:a2:3d:ea:f4:c2:92:49:16:03:96:ae:64:21:b9:7c: - ee:64:91:47:81:aa:b4:0c:09:2b:12:1a:b2:f3:af:50:b3:b1: - ce:24 ------BEGIN CERTIFICATE----- -MIICODCCAaGgAwIBAgIJAOjwnT/iW+qmMA0GCSqGSIb3DQEBCwUAMCMxDzANBgNV -BAoTBkdvbGFuZzEQMA4GA1UEAxMHUm9vdCBDQTAeFw0xNTAxMDEwMDAwMDBaFw0y -NTAxMDEwMDAwMDBaMCAxDzANBgNVBAoTBkdvbGFuZzENMAsGA1UEAxMETGVhZjCB -nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA20Z9ky4SJwZIvAYoIat+xLaiXf4e -UkWIejZHpQgNkkJbwoHAvpd5mED7T20U/SsTi8KlLmfY1Ame1iI4t0oLdHMrwjTx -0ZPlltl0e/NYn2xhPMCwQdTZKyskI3dbHDu9dV3OIFTPoWOHHR4kxPMdGlCLqrYU -Q+2Xp3Vi9BTIUtcCAwEAAaN3MHUwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG -CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBCfkRYf -Q0M+SabebbaA159gMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwDQYJKoZI -hvcNAQELBQADgYEAjYYF2on1HcUWFEG5NIcrXDiZ49laW3pb3gtcCEUJbxydMV8I -ynqjmdqDCyK+TwI1kU5dXDe/iSJYfTB20i/QoO53nnfA1hnr7KBjNWqAm4AagN5k -vEA4PCJprUYmoj3q9MKSSRYDlq5kIbl87mSRR4GqtAwJKxIasvOvULOxziQ= ------END CERTIFICATE----- -` - -const x509v1TestRoot = ` ------BEGIN CERTIFICATE----- -MIICIDCCAYmgAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwIzEPMA0GA1UE -ChMGR29sYW5nMRAwDgYDVQQDEwdSb290IENBMB4XDTE1MDEwMTAwMDAwMFoXDTI1 -MDEwMTAwMDAwMFowIzEPMA0GA1UEChMGR29sYW5nMRAwDgYDVQQDEwdSb290IENB -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1 -siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw -+QzGj+mz36NqhGxDWb6dstB2m8PX+plZw7jl81MDvUnWs8yiQ/6twgu5AbhWKZQD -JKcNKCEpqa6UW0r5nwIDAQABo10wWzAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYw -FAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIE -EEA31wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAcIwqeNUpQr9cOcYm -YjpGpYkQ6b248xijCK7zI+lOeWN89zfSXn1AvfsC9pSdTMeDklWktbF/Ad0IN8Md -h2NtN34ard0hEfHc8qW8mkXdsysVmq6cPvFYaHz+dBtkHuHDoy8YQnC0zdN/WyYB -/1JmacUUofl+HusHuLkDxmadogI= ------END CERTIFICATE-----` - -const x509v1TestIntermediate = ` ------BEGIN CERTIFICATE----- -MIIByjCCATMCCQCCdEMsT8ykqTANBgkqhkiG9w0BAQsFADAjMQ8wDQYDVQQKEwZH -b2xhbmcxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAwMDAwWhcNMjUwMTAx -MDAwMDAwWjAwMQ8wDQYDVQQKEwZHb2xhbmcxHTAbBgNVBAMTFFguNTA5djEgaW50 -ZXJtZWRpYXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ2QyniAOT+5YL -jeinEBJr3NsC/Q2QJ/VKmgvp+xRxuKTHJiVmxVijmp0vWg8AWfkmuE4p3hXQbbqM -k5yxrk1n60ONhim2L4VXriEvCE7X2OXhTmBls5Ufr7aqIgPMikwjScCXwz8E8qI8 -UxyAhnjeJwMYBU8TuwBImSd4LBHoQQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIab -DRG6FbF9kL9jb/TDHkbVBk+sl/Pxi4/XjuFyIALlARgAkeZcPmL5tNW1ImHkwsHR -zWE77kJDibzd141u21ZbLsKvEdUJXjla43bdyMmEqf5VGpC3D4sFt3QVH7lGeRur -x5Wlq1u3YDL/j6s1nU2dQ3ySB/oP7J+vQ9V4QeM+ ------END CERTIFICATE-----` - -const x509v1TestLeaf = ` ------BEGIN CERTIFICATE----- -MIICMzCCAZygAwIBAgIJAPo99mqJJrpJMA0GCSqGSIb3DQEBCwUAMDAxDzANBgNV -BAoTBkdvbGFuZzEdMBsGA1UEAxMUWC41MDl2MSBpbnRlcm1lZGlhdGUwHhcNMTUw -MTAxMDAwMDAwWhcNMjUwMTAxMDAwMDAwWjArMQ8wDQYDVQQKEwZHb2xhbmcxGDAW -BgNVBAMTD2Zvby5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC -gYEApUh60Z+a5/oKJxG//Dn8CihSo2CJHNIIO3zEJZ1EeNSMZCynaIR6D3IPZEIR -+RG2oGt+f5EEukAPYxwasp6VeZEezoQWJ+97nPCT6DpwLlWp3i2MF8piK2R9vxkG -Z5n0+HzYk1VM8epIrZFUXSMGTX8w1y041PX/yYLxbdEifdcCAwEAAaNaMFgwDgYD -VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV -HRMBAf8EAjAAMBkGA1UdDgQSBBBFozXe0SnzAmjy+1U6M/cvMA0GCSqGSIb3DQEB -CwUAA4GBADYzYUvaToO/ucBskPdqXV16AaakIhhSENswYVSl97/sODaxsjishKq9 -5R7siu+JnIFotA7IbBe633p75xEnLN88X626N/XRFG9iScLzpj0o0PWXBUiB+fxL -/jt8qszOXCv2vYdUTPNuPqufXLWMoirpuXrr1liJDmedCcAHepY/ ------END CERTIFICATE-----` - -const ignoreCNWithSANRoot = ` ------BEGIN CERTIFICATE----- -MIIDPzCCAiegAwIBAgIIJkzCwkNrPHMwDQYJKoZIhvcNAQELBQAwMDEQMA4GA1UE -ChMHVEVTVElORzEcMBoGA1UEAxMTKipUZXN0aW5nKiogUm9vdCBDQTAeFw0xNTAx -MDEwMDAwMDBaFw0yNTAxMDEwMDAwMDBaMDAxEDAOBgNVBAoTB1RFU1RJTkcxHDAa -BgNVBAMTEyoqVGVzdGluZyoqIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQC4YAf5YqlXGcikvbMWtVrNICt+V/NNWljwfvSKdg4Inm7k6BwW -P6y4Y+n4qSYIWNU4iRkdpajufzctxQCO6ty13iw3qVktzcC5XBIiS6ymiRhhDgnY -VQqyakVGw9MxrPwdRZVlssUv3Hmy6tU+v5Ok31SLY5z3wKgYWvSyYs0b8bKNU8kf -2FmSHnBN16lxGdjhe3ji58F/zFMr0ds+HakrLIvVdFcQFAnQopM8FTHpoWNNzGU3 -KaiO0jBbMFkd6uVjVnuRJ+xjuiqi/NWwiwQA+CEr9HKzGkxOF8nAsHamdmO1wW+w -OsCrC0qWQ/f5NTOVATTJe0vj88OMTvo3071VAgMBAAGjXTBbMA4GA1UdDwEB/wQE -AwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUw -AwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOC -AQEAGOn3XjxHyHbXLKrRmpwV447B7iNBXR5VlhwOgt1kWaHDL2+8f/9/h0HMkB6j -fC+/yyuYVqYuOeavqMGVrh33D2ODuTQcFlOx5lXukP46j3j+Lm0jjZ1qNX7vlP8I -VlUXERhbelkw8O4oikakwIY9GE8syuSgYf+VeBW/lvuAZQrdnPfabxe05Tre6RXy -nJHMB1q07YHpbwIkcV/lfCE9pig2nPXTLwYZz9cl46Ul5RCpPUi+IKURo3x8y0FU -aSLjI/Ya0zwUARMmyZ3RRGCyhIarPb20mKSaMf1/Nb23pS3k1QgmZhk5pAnXYsWu -BJ6bvwEAasFiLGP6Zbdmxb2hIA== ------END CERTIFICATE-----` - -const ignoreCNWithSANLeaf = ` ------BEGIN CERTIFICATE----- -MIIDaTCCAlGgAwIBAgIJAONakvRTxgJhMA0GCSqGSIb3DQEBCwUAMDAxEDAOBgNV -BAoTB1RFU1RJTkcxHDAaBgNVBAMTEyoqVGVzdGluZyoqIFJvb3QgQ0EwHhcNMTUw -MTAxMDAwMDAwWhcNMjUwMTAxMDAwMDAwWjAsMRAwDgYDVQQKEwdURVNUSU5HMRgw -FgYDVQQDEw9mb28uZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDBqskp89V/JMIBBqcauKSOVLcMyIE/t0jgSWVrsI4sksBTabLsfMdS -ui2n+dHQ1dRBuw3o4g4fPrWwS3nMnV3pZUHEn2TPi5N1xkjTaxObXgKIY2GKmFP3 -rJ9vYqHT6mT4K93kCHoRcmJWWySc7S3JAOhTcdB4G+tIdQJN63E+XRYQQfNrn5HZ -hxQoOzaguHFx+ZGSD4Ntk6BSZz5NfjqCYqYxe+iCpTpEEYhIpi8joSPSmkTMTxBW -S1W2gXbYNQ9KjNkGM6FnQsUJrSPMrWs4v3UB/U88N5LkZeF41SqD9ySFGwbGajFV -nyzj12+4K4D8BLhlOc0Eo/F/8GwOwvmxAgMBAAGjgYkwgYYwDgYDVR0PAQH/BAQD -AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA -MBkGA1UdDgQSBBCjeab27q+5pV43jBGANOJ1MBsGA1UdIwQUMBKAEEA31wH7QC+4 -HH5UBCeMWQEwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAGZfZ -ErTVxxpIg64s22mQpXSk/72THVQsfsKHzlXmztM0CJzH8ccoN67ZqKxJCfdiE/FI -Emb6BVV4cGPeIKpcxaM2dwX/Y+Y0JaxpQJvqLxs+EByRL0gPP3shgg86WWCjYLxv -AgOn862d/JXGDrC9vIlQ/DDQcyL5g0JV5UjG2G9TUigbnrXxBw7BoWK6wmoSaHnR -sZKEHSs3RUJvm7qqpA9Yfzm9jg+i9j32zh1xFacghAOmFRFXa9eCVeigZ/KK2mEY -j2kBQyvnyKsXHLAKUoUOpd6t/1PHrfXnGj+HmzZNloJ/BZ1kiWb4eLvMljoLGkZn -xZbqP3Krgjj4XNaXjg== ------END CERTIFICATE-----` - -const excludedNamesLeaf = ` ------BEGIN CERTIFICATE----- -MIID4DCCAsigAwIBAgIHDUSFtJknhzANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UE -BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUxvcyBHYXRvczEU -MBIGA1UECgwLTmV0ZmxpeCBJbmMxLTArBgNVBAsMJFBsYXRmb3JtIFNlY3VyaXR5 -ICgzNzM0NTE1NTYyODA2Mzk3KTEhMB8GA1UEAwwYSW50ZXJtZWRpYXRlIENBIGZv -ciAzMzkyMB4XDTE3MDIwODIxMTUwNFoXDTE4MDIwODIwMjQ1OFowgZAxCzAJBgNV -BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlMb3MgR2F0b3Mx -FDASBgNVBAoMC05ldGZsaXggSW5jMS0wKwYDVQQLDCRQbGF0Zm9ybSBTZWN1cml0 -eSAoMzczNDUxNTc0ODUwMjY5NikxEzARBgNVBAMMCjE3Mi4xNi4wLjEwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ0oP1bMv6bOeqcKbzinnGpNOpenhA -zdFFsgea62znWsH3Wg4+1Md8uPCqlaQIsaJQKZHc50eKD3bg0Io7c6kxHkBQr1b8 -Q7cGeK3CjdqG3NwS/aizzrLKOwL693hFwwy7JY7GGCvogbhyQRKn6iV0U9zMm7bu -/9pQVV/wx8u01u2uAlLttjyQ5LJkxo5t8cATFVqxdN5J9eY//VSDiTwXnlpQITBP -/Ow+zYuZ3kFlzH3CtCOhOEvNG3Ar1NvP3Icq35PlHV+Eki4otnKfixwByoiGpqCB -UEIY04VrZJjwBxk08y/3jY2B3VLYGgi+rryyCxIqkB7UpSNPMMWSG4UpAgMBAAGj -LzAtMAwGA1UdEwEB/wQCMAAwHQYDVR0RBBYwFIIMYmVuZGVyLmxvY2FshwSsEAAB -MA0GCSqGSIb3DQEBCwUAA4IBAQCLW3JO8L7LKByjzj2RciPjCGH5XF87Wd20gYLq -sNKcFwCIeyZhnQy5aZ164a5G9AIk2HLvH6HevBFPhA9Ivmyv/wYEfnPd1VcFkpgP -hDt8MCFJ8eSjCyKdtZh1MPMLrLVymmJV+Rc9JUUYM9TIeERkpl0rskcO1YGewkYt -qKlWE+0S16+pzsWvKn831uylqwIb8ANBPsCX4aM4muFBHavSWAHgRO+P+yXVw8Q+ -VQDnMHUe5PbZd1/+1KKVs1K/CkBCtoHNHp1d/JT+2zUQJphwja9CcgfFdVhSnHL4 -oEEOFtqVMIuQfR2isi08qW/JGOHc4sFoLYB8hvdaxKWSE19A ------END CERTIFICATE----- -` - -const excludedNamesIntermediate = ` ------BEGIN CERTIFICATE----- -MIIDzTCCArWgAwIBAgIHDUSFqYeczDANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UE -BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUxvcyBHYXRvczEU -MBIGA1UECgwLTmV0ZmxpeCBJbmMxLTArBgNVBAsMJFBsYXRmb3JtIFNlY3VyaXR5 -ICgzNzM0NTE1NDc5MDY0NjAyKTEcMBoGA1UEAwwTTG9jYWwgUm9vdCBmb3IgMzM5 -MjAeFw0xNzAyMDgyMTE1MDRaFw0xODAyMDgyMDI0NThaMIGeMQswCQYDVQQGEwJV -UzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJTG9zIEdhdG9zMRQwEgYD -VQQKDAtOZXRmbGl4IEluYzEtMCsGA1UECwwkUGxhdGZvcm0gU2VjdXJpdHkgKDM3 -MzQ1MTU1NjI4MDYzOTcpMSEwHwYDVQQDDBhJbnRlcm1lZGlhdGUgQ0EgZm9yIDMz -OTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOyEs6tJ/t9emQTvlx -3FS7uJSou5rKkuqVxZdIuYQ+B2ZviBYUnMRT9bXDB0nsVdKZdp0hdchdiwNXDG/I -CiWu48jkcv/BdynVyayOT+0pOJSYLaPYpzBx1Pb9M5651ct9GSbj6Tz0ChVonoIE -1AIZ0kkebucZRRFHd0xbAKVRKyUzPN6HJ7WfgyauUp7RmlC35wTmrmARrFohQLlL -7oICy+hIQePMy9x1LSFTbPxZ5AUUXVC3eUACU3vLClF/Xs8XGHebZpUXCdMQjOGS -nq1eFguFHR1poSB8uSmmLqm4vqUH9CDhEgiBAC8yekJ8//kZQ7lUEqZj3YxVbk+Y -E4H5AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -ADxrnmNX5gWChgX9K5fYwhFDj5ofxZXAKVQk+WjmkwMcmCx3dtWSm++Wdksj/ZlA -V1cLW3ohWv1/OAZuOlw7sLf98aJpX+UUmIYYQxDubq+4/q7VA7HzEf2k/i/oN1NI -JgtrhpPcZ/LMO6k7DYx0qlfYq8pTSfd6MI4LnWKgLc+JSPJJjmvspgio2ZFcnYr7 -A264BwLo6v1Mos1o1JUvFFcp4GANlw0XFiWh7JXYRl8WmS5DoouUC+aNJ3lmyF6z -LbIjZCSfgZnk/LK1KU1j91FI2bc2ULYZvAC1PAg8/zvIgxn6YM2Q7ZsdEgWw0FpS -zMBX1/lk4wkFckeUIlkD55Y= ------END CERTIFICATE-----` - -const excludedNamesRoot = ` ------BEGIN CERTIFICATE----- -MIIEGTCCAwGgAwIBAgIHDUSFpInn/zANBgkqhkiG9w0BAQsFADCBozELMAkGA1UE -BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUxvcyBHYXRvczEU -MBIGA1UECgwLTmV0ZmxpeCBJbmMxLTArBgNVBAsMJFBsYXRmb3JtIFNlY3VyaXR5 -ICgzNzMxNTA5NDM3NDYyNDg1KTEmMCQGA1UEAwwdTmFtZSBDb25zdHJhaW50cyBU -ZXN0IFJvb3QgQ0EwHhcNMTcwMjA4MjExNTA0WhcNMTgwMjA4MjAyNDU4WjCBmTEL -MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUxvcyBH -YXRvczEUMBIGA1UECgwLTmV0ZmxpeCBJbmMxLTArBgNVBAsMJFBsYXRmb3JtIFNl -Y3VyaXR5ICgzNzM0NTE1NDc5MDY0NjAyKTEcMBoGA1UEAwwTTG9jYWwgUm9vdCBm -b3IgMzM5MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJymcnX29ekc -7+MLyr8QuAzoHWznmGdDd2sITwWRjM89/21cdlHCGKSpULUNdFp9HDLWvYECtxt+ -8TuzKiQz7qAerzGUT1zI5McIjHy0e/i4xIkfiBiNeTCuB/N9QRbZlcfM80ErkaA4 -gCAFK8qZAcWkHIl6e+KaQFMPLKk9kckgAnVDHEJe8oLNCogCJ15558b65g05p9eb -5Lg+E98hoPRTQaDwlz3CZPfTTA2EiEZInSi8qzodFCbTpJUVTbiVUH/JtVjlibbb -smdcx5PORK+8ZJkhLEh54AjaWOX4tB/7Tkk8stg2VBmrIARt/j4UVj7cTrIWU3bV -m8TwHJG+YgsCAwEAAaNaMFgwDwYDVR0TAQH/BAUwAwEB/zBFBgNVHR4EPjA8oBww -CocICgEAAP//AAAwDoIMYmVuZGVyLmxvY2FsoRwwCocICgEAAP//AAAwDoIMYmVu -ZGVyLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4IBAQAMjbheffPxtSKSv9NySW+8qmHs -n7Mb5GGyCFu+cMZSoSaabstbml+zHEFJvWz6/1E95K4F8jKhAcu/CwDf4IZrSD2+ -Hee0DolVSQhZpnHgPyj7ZATz48e3aJaQPUlhCEOh0wwF4Y0N4FV0t7R6woLylYRZ -yU1yRHUqUYpN0DWFpsPbBqgM6uUAVO2ayBFhPgWUaqkmSbZ/Nq7isGvknaTmcIwT -6mOAFN0qFb4RGzfGJW7x6z7KCULS7qVDp6fU3tRoScHFEgRubks6jzQ1W5ooSm4o -+NQCZDd5eFeU8PpNX7rgaYE4GPq+EEmLVCBYmdctr8QVdqJ//8Xu3+1phjDy ------END CERTIFICATE-----` - -const invalidCNRoot = ` ------BEGIN CERTIFICATE----- -MIIBFjCBvgIJAIsu4r+jb70UMAoGCCqGSM49BAMCMBQxEjAQBgNVBAsMCVRlc3Qg -cm9vdDAeFw0xODA3MTExODMyMzVaFw0yODA3MDgxODMyMzVaMBQxEjAQBgNVBAsM -CVRlc3Qgcm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABF6oDgMg0LV6YhPj -QXaPXYCc2cIyCdqp0ROUksRz0pOLTc5iY2nraUheRUD1vRRneq7GeXOVNn7uXONg -oCGMjNwwCgYIKoZIzj0EAwIDRwAwRAIgDSiwgIn8g1lpruYH0QD1GYeoWVunfmrI -XzZZl0eW/ugCICgOfXeZ2GGy3wIC0352BaC3a8r5AAb2XSGNe+e9wNN6 ------END CERTIFICATE----- -` - -const invalidCNWithoutSAN = ` -Certificate: - Data: - Version: 1 (0x0) - Serial Number: - 07:ba:bc:b7:d9:ab:0c:02:fe:50:1d:4e:15:a3:0d:e4:11:16:14:a2 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: OU = Test root - Validity - Not Before: Jul 11 18:35:21 2018 GMT - Not After : Jul 8 18:35:21 2028 GMT - Subject: CN = "foo,invalid" - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:a7:a6:7c:22:33:a7:47:7f:08:93:2d:5f:61:35: - 2e:da:45:67:76:f2:97:73:18:b0:01:12:4a:1a:d5: - b7:6f:41:3c:bb:05:69:f4:06:5d:ff:eb:2b:a7:85: - 0b:4c:f7:45:4e:81:40:7a:a9:c6:1d:bb:ba:d9:b9: - 26:b3:ca:50:90 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:85:96:75:b6:72:3c:67:12:a0:7f:86:04:81: - d2:dd:c8:67:50:d7:5f:85:c0:54:54:fc:e6:6b:45:08:93:d3: - 2a:02:20:60:86:3e:d6:28:a6:4e:da:dd:6e:95:89:cc:00:76: - 78:1c:03:80:85:a6:5a:0b:eb:c5:f3:9c:2e:df:ef:6e:fa ------BEGIN CERTIFICATE----- -MIIBJDCBywIUB7q8t9mrDAL+UB1OFaMN5BEWFKIwCgYIKoZIzj0EAwIwFDESMBAG -A1UECwwJVGVzdCByb290MB4XDTE4MDcxMTE4MzUyMVoXDTI4MDcwODE4MzUyMVow -FjEUMBIGA1UEAwwLZm9vLGludmFsaWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC -AASnpnwiM6dHfwiTLV9hNS7aRWd28pdzGLABEkoa1bdvQTy7BWn0Bl3/6yunhQtM -90VOgUB6qcYdu7rZuSazylCQMAoGCCqGSM49BAMCA0gAMEUCIQCFlnW2cjxnEqB/ -hgSB0t3IZ1DXX4XAVFT85mtFCJPTKgIgYIY+1iimTtrdbpWJzAB2eBwDgIWmWgvr -xfOcLt/vbvo= ------END CERTIFICATE----- -` - -const validCNWithoutSAN = ` -Certificate: - Data: - Version: 1 (0x0) - Serial Number: - 07:ba:bc:b7:d9:ab:0c:02:fe:50:1d:4e:15:a3:0d:e4:11:16:14:a4 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: OU = Test root - Validity - Not Before: Jul 11 18:47:24 2018 GMT - Not After : Jul 8 18:47:24 2028 GMT - Subject: CN = foo.example.com - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:a7:a6:7c:22:33:a7:47:7f:08:93:2d:5f:61:35: - 2e:da:45:67:76:f2:97:73:18:b0:01:12:4a:1a:d5: - b7:6f:41:3c:bb:05:69:f4:06:5d:ff:eb:2b:a7:85: - 0b:4c:f7:45:4e:81:40:7a:a9:c6:1d:bb:ba:d9:b9: - 26:b3:ca:50:90 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:53:6c:d7:b7:59:61:51:72:a5:18:a3:4b:0d:52: - ea:15:fa:d0:93:30:32:54:4b:ed:0f:58:85:b8:a8:1a:82:3b: - 02:20:14:77:4b:0e:7e:4f:0a:4f:64:26:97:dc:d0:ed:aa:67: - 1d:37:85:da:b4:87:ba:25:1c:2a:58:f7:23:11:8b:3d ------BEGIN CERTIFICATE----- -MIIBJzCBzwIUB7q8t9mrDAL+UB1OFaMN5BEWFKQwCgYIKoZIzj0EAwIwFDESMBAG -A1UECwwJVGVzdCByb290MB4XDTE4MDcxMTE4NDcyNFoXDTI4MDcwODE4NDcyNFow -GjEYMBYGA1UEAwwPZm9vLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D -AQcDQgAEp6Z8IjOnR38Iky1fYTUu2kVndvKXcxiwARJKGtW3b0E8uwVp9AZd/+sr -p4ULTPdFToFAeqnGHbu62bkms8pQkDAKBggqhkjOPQQDAgNHADBEAiBTbNe3WWFR -cqUYo0sNUuoV+tCTMDJUS+0PWIW4qBqCOwIgFHdLDn5PCk9kJpfc0O2qZx03hdq0 -h7olHCpY9yMRiz0= ------END CERTIFICATE----- -` - -const ( - rootWithoutSKID = ` -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 78:29:2a:dc:2f:12:39:7f:c9:33:93:ea:61:39:7d:70 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: O = Acme Co - Validity - Not Before: Feb 4 22:56:34 2019 GMT - Not After : Feb 1 22:56:34 2029 GMT - Subject: O = Acme Co - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:84:a6:8c:69:53:af:87:4b:39:64:fe:04:24:e6: - d8:fc:d6:46:39:35:0e:92:dc:48:08:7e:02:5f:1e: - 07:53:5c:d9:e0:56:c5:82:07:f6:a3:e2:ad:f6:ad: - be:a0:4e:03:87:39:67:0c:9c:46:91:68:6b:0e:8e: - f8:49:97:9d:5b - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature, Key Encipherment, Certificate Sign - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Subject Alternative Name: - DNS:example - Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:c6:81:61:61:42:8d:37:e7:d0:c3:72:43:44: - 17:bd:84:ff:88:81:68:9a:99:08:ab:3c:3a:c0:1e:ea:8c:ba: - c0:02:21:00:de:c9:fa:e5:5e:c6:e2:db:23:64:43:a9:37:42: - 72:92:7f:6e:89:38:ea:9e:2a:a7:fd:2f:ea:9a:ff:20:21:e7 ------BEGIN CERTIFICATE----- -MIIBbzCCARSgAwIBAgIQeCkq3C8SOX/JM5PqYTl9cDAKBggqhkjOPQQDAjASMRAw -DgYDVQQKEwdBY21lIENvMB4XDTE5MDIwNDIyNTYzNFoXDTI5MDIwMTIyNTYzNFow -EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABISm -jGlTr4dLOWT+BCTm2PzWRjk1DpLcSAh+Al8eB1Nc2eBWxYIH9qPirfatvqBOA4c5 -ZwycRpFoaw6O+EmXnVujTDBKMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr -BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MBIGA1UdEQQLMAmCB2V4YW1wbGUwCgYI -KoZIzj0EAwIDSQAwRgIhAMaBYWFCjTfn0MNyQ0QXvYT/iIFompkIqzw6wB7qjLrA -AiEA3sn65V7G4tsjZEOpN0Jykn9uiTjqniqn/S/qmv8gIec= ------END CERTIFICATE----- -` - leafWithAKID = ` - Certificate: - Data: - Version: 3 (0x2) - Serial Number: - f0:8a:62:f0:03:84:a2:cf:69:63:ad:71:3b:b6:5d:8c - Signature Algorithm: ecdsa-with-SHA256 - Issuer: O = Acme Co - Validity - Not Before: Feb 4 23:06:52 2019 GMT - Not After : Feb 1 23:06:52 2029 GMT - Subject: O = Acme LLC - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:5a:4e:4d:fb:ff:17:f7:b6:13:e8:29:45:34:81: - 39:ff:8c:9c:d9:8c:0a:9f:dd:b5:97:4c:2b:20:91: - 1c:4f:6b:be:53:27:66:ec:4a:ad:08:93:6d:66:36: - 0c:02:70:5d:01:ca:7f:c3:29:e9:4f:00:ba:b4:14: - ec:c5:c3:34:b3 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Authority Key Identifier: - keyid:C2:2B:5F:91:78:34:26:09:42:8D:6F:51:B2:C5:AF:4C:0B:DE:6A:42 - - X509v3 Subject Alternative Name: - DNS:example - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:64:e0:ba:56:89:63:ce:22:5e:4f:22:15:fd:3c: - 35:64:9a:3a:6b:7b:9a:32:a0:7f:f7:69:8c:06:f0:00:58:b8: - 02:20:09:e4:9f:6d:8b:9e:38:e1:b6:01:d5:ee:32:a4:94:65: - 93:2a:78:94:bb:26:57:4b:c7:dd:6c:3d:40:2b:63:90 ------BEGIN CERTIFICATE----- -MIIBjTCCATSgAwIBAgIRAPCKYvADhKLPaWOtcTu2XYwwCgYIKoZIzj0EAwIwEjEQ -MA4GA1UEChMHQWNtZSBDbzAeFw0xOTAyMDQyMzA2NTJaFw0yOTAyMDEyMzA2NTJa -MBMxETAPBgNVBAoTCEFjbWUgTExDMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE -Wk5N+/8X97YT6ClFNIE5/4yc2YwKn921l0wrIJEcT2u+Uydm7EqtCJNtZjYMAnBd -Acp/wynpTwC6tBTsxcM0s6NqMGgwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoG -CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUwitfkXg0JglCjW9R -ssWvTAveakIwEgYDVR0RBAswCYIHZXhhbXBsZTAKBggqhkjOPQQDAgNHADBEAiBk -4LpWiWPOIl5PIhX9PDVkmjpre5oyoH/3aYwG8ABYuAIgCeSfbYueOOG2AdXuMqSU -ZZMqeJS7JldLx91sPUArY5A= ------END CERTIFICATE----- -` -) - -var unknownAuthorityErrorTests = []struct { - cert string - expected string -}{ - {selfSignedWithCommonName, "x509: certificate signed by unknown authority (possibly because of \"empty\" while trying to verify candidate authority certificate \"test\")"}, - {selfSignedNoCommonNameWithOrgName, "x509: certificate signed by unknown authority (possibly because of \"empty\" while trying to verify candidate authority certificate \"ca\")"}, - {selfSignedNoCommonNameNoOrgName, "x509: certificate signed by unknown authority (possibly because of \"empty\" while trying to verify candidate authority certificate \"serial:0\")"}, -} - -func TestUnknownAuthorityError(t *testing.T) { - for i, tt := range unknownAuthorityErrorTests { - der, _ := pem.Decode([]byte(tt.cert)) - if der == nil { - t.Errorf("#%d: Unable to decode PEM block", i) - } - c, err := ParseCertificate(der.Bytes) - if err != nil { - t.Errorf("#%d: Unable to parse certificate -> %v", i, err) - } - uae := &UnknownAuthorityError{ - Cert: c, - hintErr: fmt.Errorf("empty"), - hintCert: c, - } - actual := uae.Error() - if actual != tt.expected { - t.Errorf("#%d: UnknownAuthorityError.Error() response invalid actual: %s expected: %s", i, actual, tt.expected) - } - } -} - -var nameConstraintTests = []struct { - constraint, domain string - expectError bool - shouldMatch bool -}{ - {"", "anything.com", false, true}, - {"example.com", "example.com", false, true}, - {"example.com.", "example.com", true, false}, - {"example.com", "example.com.", true, false}, - {"example.com", "ExAmPle.coM", false, true}, - {"example.com", "exampl1.com", false, false}, - {"example.com", "www.ExAmPle.coM", false, true}, - {"example.com", "sub.www.ExAmPle.coM", false, true}, - {"example.com", "notexample.com", false, false}, - {".example.com", "example.com", false, false}, - {".example.com", "www.example.com", false, true}, - {".example.com", "www..example.com", true, false}, -} - -func TestNameConstraints(t *testing.T) { - for i, test := range nameConstraintTests { - result, err := matchDomainConstraint(test.domain, test.constraint) - - if err != nil && !test.expectError { - t.Errorf("unexpected error for test #%d: domain=%s, constraint=%s, err=%s", i, test.domain, test.constraint, err) - continue - } - - if err == nil && test.expectError { - t.Errorf("unexpected success for test #%d: domain=%s, constraint=%s", i, test.domain, test.constraint) - continue - } - - if result != test.shouldMatch { - t.Errorf("unexpected result for test #%d: domain=%s, constraint=%s, result=%t", i, test.domain, test.constraint, result) - } - } -} - -const selfSignedWithCommonName = `-----BEGIN CERTIFICATE----- -MIIDCjCCAfKgAwIBAgIBADANBgkqhkiG9w0BAQsFADAaMQswCQYDVQQKEwJjYTEL -MAkGA1UEAxMCY2EwHhcNMTYwODI4MTcwOTE4WhcNMjEwODI3MTcwOTE4WjAcMQsw -CQYDVQQKEwJjYTENMAsGA1UEAxMEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAOH55PfRsbvmcabfLLko1w/yuapY/hk13Cgmc3WE/Z1ZStxGiVxY -gQVH9n4W/TbUsrep/TmcC4MV7xEm5252ArcgaH6BeQ4QOTFj/6Jx0RT7U/ix+79x -8RRysf7OlzNpGIctwZEM7i/G+0ZfqX9ULxL/EW9tppSxMX1jlXZQarnU7BERL5cH -+G2jcbU9H28FXYishqpVYE9L7xrXMm61BAwvGKB0jcVW6JdhoAOSfQbbgp7JjIlq -czXqUsv1UdORO/horIoJptynTvuARjZzyWatya6as7wyOgEBllE6BjPK9zpn+lp3 -tQ8dwKVqm/qBPhIrVqYG/Ec7pIv8mJfYabMCAwEAAaNZMFcwDgYDVR0PAQH/BAQD -AgOoMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAA -MAoGA1UdDgQDBAEAMAwGA1UdIwQFMAOAAQAwDQYJKoZIhvcNAQELBQADggEBAAAM -XMFphzq4S5FBcRdB2fRrmcoz+jEROBWvIH/1QUJeBEBz3ZqBaJYfBtQTvqCA5Rjw -dxyIwVd1W3q3aSulM0tO62UCU6L6YeeY/eq8FmpD7nMJo7kCrXUUAMjxbYvS3zkT -v/NErK6SgWnkQiPJBZNX1Q9+aSbLT/sbaCTdbWqcGNRuLGJkmqfIyoxRt0Hhpqsx -jP5cBaVl50t4qoCuVIE9cOucnxYXnI7X5HpXWvu8Pfxo4SwVjb1az8Fk5s8ZnxGe -fPB6Q3L/pKBe0SEe5GywpwtokPLB3lAygcuHbxp/1FlQ1NQZqq+vgXRIla26bNJf -IuYkJwt6w+LH/9HZgf8= ------END CERTIFICATE-----` -const selfSignedNoCommonNameWithOrgName = `-----BEGIN CERTIFICATE----- -MIIC+zCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQsFADAaMQswCQYDVQQKEwJjYTEL -MAkGA1UEAxMCY2EwHhcNMTYwODI4MTgxMzQ4WhcNMjEwODI3MTgxMzQ4WjANMQsw -CQYDVQQKEwJjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5EjrUa -7EtOMxWiIgTzp2FlQvncPsG329O3l3uNGnbigb8TmNMw2M8UhoDjd84pnU5RAfqd -8t5TJyw/ybnIKBN131Q2xX+gPQ0dFyMvcO+i1CUgCxmYZomKVA2MXO1RD1hLTYGS -gOVjc3no3MBwd8uVQp0NStqJ1QvLtNG4Uy+B28qe+ZFGGbjGqx8/CU4A8Szlpf7/ -xAZR8w5qFUUlpA2LQYeHHJ5fQVXw7kyL1diNrKNi0G3qcY0IrBh++hT+hnEEXyXu -g8a0Ux18hoE8D6rAr34rCZl6AWfqW5wjwm+N5Ns2ugr9U4N8uCKJYMPHb2CtdubU -46IzVucpTfGLdaMCAwEAAaNZMFcwDgYDVR0PAQH/BAQDAgOoMB0GA1UdJQQWMBQG -CCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMAoGA1UdDgQDBAEAMAwG -A1UdIwQFMAOAAQAwDQYJKoZIhvcNAQELBQADggEBAEn5SgVpJ3zjsdzPqK7Qd/sB -bYd1qtPHlrszjhbHBg35C6mDgKhcv4o6N+fuC+FojZb8lIxWzJtvT9pQbfy/V6u3 -wOb816Hm71uiP89sioIOKCvSAstj/p9doKDOUaKOcZBTw0PS2m9eja8bnleZzBvK -rD8cNkHf74v98KvBhcwBlDifVzmkWzMG6TL1EkRXUyLKiWgoTUFSkCDV927oXXMR -DKnszq+AVw+K8hbeV2A7GqT7YfeqOAvSbatTDnDtKOPmlCnQui8A149VgZzXv7eU -29ssJSqjUPyp58dlV6ZuynxPho1QVZUOQgnJToXIQ3/5vIvJRXy52GJCs4/Gh/w= ------END CERTIFICATE-----` -const selfSignedNoCommonNameNoOrgName = `-----BEGIN CERTIFICATE----- -MIIC7jCCAdagAwIBAgIBADANBgkqhkiG9w0BAQsFADAaMQswCQYDVQQKEwJjYTEL -MAkGA1UEAxMCY2EwHhcNMTYwODI4MTgxOTQ1WhcNMjEwODI3MTgxOTQ1WjAAMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3E+Jl6DpgzogHUW/i/AAcCM -fnNJLOamNVKFGmmxhb4XTHxRaWoTzrlsyzIMS0WzivvJeZVe6mWbvuP2kZanKgIz -35YXRTR9HbqkNTMuvnpUESzWxbGWE2jmt2+a/Jnz89FS4WIYRhF7nI2z8PvZOfrI -2gETTT2tEpoF2S4soaYfm0DBeT8K0/rogAaf+oeUS6V+v3miRcAooJgpNJGu9kqm -S0xKPn1RCFVjpiRd6YNS0xZirjYQIBMFBvoSoHjaOdgJptNRBprYPOxVJ/ItzGf0 -kPmzPFCx2tKfxV9HLYBPgxi+fP3IIx8aIYuJn8yReWtYEMYU11hDPeAFN5Gm+wID -AQABo1kwVzAOBgNVHQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG -AQUFBwMBMAwGA1UdEwEB/wQCMAAwCgYDVR0OBAMEAQAwDAYDVR0jBAUwA4ABADAN -BgkqhkiG9w0BAQsFAAOCAQEATZVOFeiCpPM5QysToLv+8k7Rjoqt6L5IxMUJGEpq -4ENmldmwkhEKr9VnYEJY3njydnnTm97d9vOfnLj9nA9wMBODeOO3KL2uJR2oDnmM -9z1NSe2aQKnyBb++DM3ZdikpHn/xEpGV19pYKFQVn35x3lpPh2XijqRDO/erKemb -w67CoNRb81dy+4Q1lGpA8ORoLWh5fIq2t2eNGc4qB8vlTIKiESzAwu7u3sRfuWQi -4R+gnfLd37FWflMHwztFbVTuNtPOljCX0LN7KcuoXYlr05RhQrmoN7fQHsrZMNLs -8FVjHdKKu+uPstwd04Uy4BR/H2y1yerN9j/L6ZkMl98iiA== ------END CERTIFICATE-----` - -const criticalExtRoot = `-----BEGIN CERTIFICATE----- -MIIBqzCCAVGgAwIBAgIJAJ+mI/85cXApMAoGCCqGSM49BAMCMB0xDDAKBgNVBAoT -A09yZzENMAsGA1UEAxMEUm9vdDAeFw0xNTAxMDEwMDAwMDBaFw0yNTAxMDEwMDAw -MDBaMB0xDDAKBgNVBAoTA09yZzENMAsGA1UEAxMEUm9vdDBZMBMGByqGSM49AgEG -CCqGSM49AwEHA0IABJGp9joiG2QSQA+1FczEDAsWo84rFiP3GTL+n+ugcS6TyNib -gzMsdbJgVi+a33y0SzLZxB+YvU3/4KTk8yKLC+2jejB4MA4GA1UdDwEB/wQEAwIC -BDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB -/zAZBgNVHQ4EEgQQQDfXAftAL7gcflQEJ4xZATAbBgNVHSMEFDASgBBAN9cB+0Av -uBx+VAQnjFkBMAoGCCqGSM49BAMCA0gAMEUCIFeSV00fABFceWR52K+CfIgOHotY -FizzGiLB47hGwjMuAiEA8e0um2Kr8FPQ4wmFKaTRKHMaZizCGl3m+RG5QsE1KWo= ------END CERTIFICATE-----` - -const criticalExtIntermediate = `-----BEGIN CERTIFICATE----- -MIIBszCCAVmgAwIBAgIJAL2kcGZKpzVqMAoGCCqGSM49BAMCMB0xDDAKBgNVBAoT -A09yZzENMAsGA1UEAxMEUm9vdDAeFw0xNTAxMDEwMDAwMDBaFw0yNTAxMDEwMDAw -MDBaMCUxDDAKBgNVBAoTA09yZzEVMBMGA1UEAxMMSW50ZXJtZWRpYXRlMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAESqVq92iPEq01cL4o99WiXDc5GZjpjNlzMS1n -rk8oHcVDp4tQRRQG3F4A6dF1rn/L923ha3b0fhDLlAvXZB+7EKN6MHgwDgYDVR0P -AQH/BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMB -Af8EBTADAQH/MBkGA1UdDgQSBBCMGmiotXbbXVd7H40UsgajMBsGA1UdIwQUMBKA -EEA31wH7QC+4HH5UBCeMWQEwCgYIKoZIzj0EAwIDSAAwRQIhAOhhNRb6KV7h3wbE -cdap8bojzvUcPD78fbsQPCNw1jPxAiBOeAJhlTwpKn9KHpeJphYSzydj9NqcS26Y -xXbdbm27KQ== ------END CERTIFICATE-----` - -const criticalExtLeafWithExt = `-----BEGIN CERTIFICATE----- -MIIBxTCCAWugAwIBAgIJAJZAUtw5ccb1MAoGCCqGSM49BAMCMCUxDDAKBgNVBAoT -A09yZzEVMBMGA1UEAxMMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTAwMDAwMFoXDTI1 -MDEwMTAwMDAwMFowJDEMMAoGA1UEChMDT3JnMRQwEgYDVQQDEwtleGFtcGxlLmNv -bTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABF3ABa2+B6gUyg6ayCaRQWYY/+No -6PceLqEavZNUeVNuz7bS74Toy8I7R3bGMkMgbKpLSPlPTroAATvebTXoBaijgYQw -gYEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBRNtBL2vq8nCV3qVp7ycxMMBsGA1Ud -IwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwCgYDUQMEAQH/BAAwCgYIKoZIzj0EAwID -SAAwRQIgVjy8GBgZFiagexEuDLqtGjIRJQtBcf7lYgf6XFPH1h4CIQCT6nHhGo6E -I+crEm4P5q72AnA/Iy0m24l7OvLuXObAmg== ------END CERTIFICATE-----` - -const criticalExtIntermediateWithExt = `-----BEGIN CERTIFICATE----- -MIIB2TCCAX6gAwIBAgIIQD3NrSZtcUUwCgYIKoZIzj0EAwIwHTEMMAoGA1UEChMD -T3JnMQ0wCwYDVQQDEwRSb290MB4XDTE1MDEwMTAwMDAwMFoXDTI1MDEwMTAwMDAw -MFowPTEMMAoGA1UEChMDT3JnMS0wKwYDVQQDEyRJbnRlcm1lZGlhdGUgd2l0aCBD -cml0aWNhbCBFeHRlbnNpb24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQtnmzH -mcRm10bdDBnJE7xQEJ25cLCL5okuEphRR0Zneo6+nQZikoh+UBbtt5GV3Dms7LeP -oF5HOplYDCd8wi/wo4GHMIGEMA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggr -BgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQKxdv -UuQZ6sO3XvBsxgNZ3zAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMAoGA1ED -BAEB/wQAMAoGCCqGSM49BAMCA0kAMEYCIQCQzTPd6XKex+OAPsKT/1DsoMsg8vcG -c2qZ4Q0apT/kvgIhAKu2TnNQMIUdcO0BYQIl+Uhxc78dc9h4lO+YJB47pHGx ------END CERTIFICATE-----` - -const criticalExtLeaf = `-----BEGIN CERTIFICATE----- -MIIBzzCCAXWgAwIBAgIJANoWFIlhCI9MMAoGCCqGSM49BAMCMD0xDDAKBgNVBAoT -A09yZzEtMCsGA1UEAxMkSW50ZXJtZWRpYXRlIHdpdGggQ3JpdGljYWwgRXh0ZW5z -aW9uMB4XDTE1MDEwMTAwMDAwMFoXDTI1MDEwMTAwMDAwMFowJDEMMAoGA1UEChMD -T3JnMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABG1Lfh8A0Ho2UvZN5H0+ONil9c8jwtC0y0xIZftyQE+Fwr9XwqG3rV2g4M1h -GnJa9lV9MPHg8+b85Hixm0ZSw7SjdzB1MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE -FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAZBgNVHQ4EEgQQ -UNhY4JhezH9gQYqvDMWrWDAbBgNVHSMEFDASgBArF29S5Bnqw7de8GzGA1nfMAoG -CCqGSM49BAMCA0gAMEUCIQClA3d4tdrDu9Eb5ZBpgyC+fU1xTZB0dKQHz6M5fPZA -2AIgN96lM+CPGicwhN24uQI6flOsO3H0TJ5lNzBYLtnQtlc= ------END CERTIFICATE-----` - -func TestValidHostname(t *testing.T) { - tests := []struct { - host string - want bool - }{ - {"example.com", true}, - {"eXample123-.com", true}, - {"-eXample123-.com", false}, - {"", false}, - {".", false}, - {"example..com", false}, - {".example.com", false}, - {"*.example.com", true}, - {"*foo.example.com", false}, - {"foo.*.example.com", false}, - {"exa_mple.com", true}, - {"foo,bar", false}, - {"project-dev:us-central1:main", true}, - } - for _, tt := range tests { - if got := validHostname(tt.host); got != tt.want { - t.Errorf("validHostname(%q) = %v, want %v", tt.host, got, tt.want) - } - } -} - -func generateCert(cn string, isCA bool, issuer *Certificate, issuerKey crypto.PrivateKey) (*Certificate, crypto.PrivateKey, error) { - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - return nil, nil, err - } - - serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) - serialNumber, _ := rand.Int(rand.Reader, serialNumberLimit) - - template := &Certificate{ - SerialNumber: serialNumber, - Subject: pkix.Name{CommonName: cn}, - NotBefore: time.Now().Add(-1 * time.Hour), - NotAfter: time.Now().Add(24 * time.Hour), - - KeyUsage: KeyUsageKeyEncipherment | KeyUsageDigitalSignature | KeyUsageCertSign, - ExtKeyUsage: []ExtKeyUsage{ExtKeyUsageServerAuth}, - BasicConstraintsValid: true, - IsCA: isCA, - } - if issuer == nil { - issuer = template - issuerKey = priv - } - - derBytes, err := CreateCertificate(rand.Reader, template, issuer, priv.Public(), issuerKey) - if err != nil { - return nil, nil, err - } - cert, err := ParseCertificate(derBytes) - if err != nil { - return nil, nil, err - } - - return cert, priv, nil -} - -func TestPathologicalChain(t *testing.T) { - if testing.Short() { - t.Skip("skipping generation of a long chain of certificates in short mode") - } - - // Build a chain where all intermediates share the same subject, to hit the - // path building worst behavior. - roots, intermediates := NewCertPool(), NewCertPool() - - parent, parentKey, err := generateCert("Root CA", true, nil, nil) - if err != nil { - t.Fatal(err) - } - roots.AddCert(parent) - - for i := 1; i < 100; i++ { - parent, parentKey, err = generateCert("Intermediate CA", true, parent, parentKey) - if err != nil { - t.Fatal(err) - } - intermediates.AddCert(parent) - } - - leaf, _, err := generateCert("Leaf", false, parent, parentKey) - if err != nil { - t.Fatal(err) - } - - start := time.Now() - _, err = leaf.Verify(VerifyOptions{ - Roots: roots, - Intermediates: intermediates, - }) - t.Logf("verification took %v", time.Since(start)) - - if err == nil || !strings.Contains(err.Error(), "signature check attempts limit") { - t.Errorf("expected verification to fail with a signature checks limit error; got %v", err) - } -} - -func TestLongChain(t *testing.T) { - if testing.Short() { - t.Skip("skipping generation of a long chain of certificates in short mode") - } - - roots, intermediates := NewCertPool(), NewCertPool() - - parent, parentKey, err := generateCert("Root CA", true, nil, nil) - if err != nil { - t.Fatal(err) - } - roots.AddCert(parent) - - for i := 1; i < 15; i++ { - name := fmt.Sprintf("Intermediate CA #%d", i) - parent, parentKey, err = generateCert(name, true, parent, parentKey) - if err != nil { - t.Fatal(err) - } - intermediates.AddCert(parent) - } - - leaf, _, err := generateCert("Leaf", false, parent, parentKey) - if err != nil { - t.Fatal(err) - } - - start := time.Now() - if _, err := leaf.Verify(VerifyOptions{ - Roots: roots, - Intermediates: intermediates, - }); err != nil { - t.Error(err) - } - t.Logf("verification took %v", time.Since(start)) -} diff --git a/tempfork/x509/x509.go b/tempfork/x509/x509.go deleted file mode 100644 index d5c5e0e8f..000000000 --- a/tempfork/x509/x509.go +++ /dev/null @@ -1,2828 +0,0 @@ -// Copyright 2009 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package x509 parses X.509-encoded keys and certificates. -// -// On UNIX systems the environment variables SSL_CERT_FILE and SSL_CERT_DIR -// can be used to override the system default locations for the SSL certificate -// file and SSL certificate files directory, respectively. -package x509 - -import ( - "bytes" - "crypto" - "crypto/dsa" - "crypto/ecdsa" - "crypto/ed25519" - "crypto/elliptic" - "crypto/rsa" - "crypto/sha1" - _ "crypto/sha1" - _ "crypto/sha256" - _ "crypto/sha512" - "crypto/x509/pkix" - "encoding/asn1" - "encoding/pem" - "errors" - "fmt" - "io" - "math/big" - "net" - "net/url" - "strconv" - "strings" - "time" - "unicode/utf8" - - "golang.org/x/crypto/cryptobyte" - cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1" -) - -// pkixPublicKey reflects a PKIX public key structure. See SubjectPublicKeyInfo -// in RFC 3280. -type pkixPublicKey struct { - Algo pkix.AlgorithmIdentifier - BitString asn1.BitString -} - -// ParsePKIXPublicKey parses a public key in PKIX, ASN.1 DER form. -// The encoded public key is a SubjectPublicKeyInfo structure -// (see RFC 5280, Section 4.1). -// -// It returns a *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey, or -// ed25519.PublicKey. More types might be supported in the future. -// -// This kind of key is commonly encoded in PEM blocks of type "PUBLIC KEY". -func ParsePKIXPublicKey(derBytes []byte) (pub interface{}, err error) { - var pki publicKeyInfo - if rest, err := asn1.Unmarshal(derBytes, &pki); err != nil { - if _, err := asn1.Unmarshal(derBytes, &pkcs1PublicKey{}); err == nil { - return nil, errors.New("x509: failed to parse public key (use ParsePKCS1PublicKey instead for this key format)") - } - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after ASN.1 of public-key") - } - algo := getPublicKeyAlgorithmFromOID(pki.Algorithm.Algorithm) - if algo == UnknownPublicKeyAlgorithm { - return nil, errors.New("x509: unknown public key algorithm") - } - return parsePublicKey(algo, &pki) -} - -func marshalPublicKey(pub interface{}) (publicKeyBytes []byte, publicKeyAlgorithm pkix.AlgorithmIdentifier, err error) { - switch pub := pub.(type) { - case *rsa.PublicKey: - publicKeyBytes, err = asn1.Marshal(pkcs1PublicKey{ - N: pub.N, - E: pub.E, - }) - if err != nil { - return nil, pkix.AlgorithmIdentifier{}, err - } - publicKeyAlgorithm.Algorithm = oidPublicKeyRSA - // This is a NULL parameters value which is required by - // RFC 3279, Section 2.3.1. - publicKeyAlgorithm.Parameters = asn1.NullRawValue - case *ecdsa.PublicKey: - publicKeyBytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y) - oid, ok := oidFromNamedCurve(pub.Curve) - if !ok { - return nil, pkix.AlgorithmIdentifier{}, errors.New("x509: unsupported elliptic curve") - } - publicKeyAlgorithm.Algorithm = oidPublicKeyECDSA - var paramBytes []byte - paramBytes, err = asn1.Marshal(oid) - if err != nil { - return - } - publicKeyAlgorithm.Parameters.FullBytes = paramBytes - case ed25519.PublicKey: - publicKeyBytes = pub - publicKeyAlgorithm.Algorithm = oidPublicKeyEd25519 - default: - return nil, pkix.AlgorithmIdentifier{}, fmt.Errorf("x509: unsupported public key type: %T", pub) - } - - return publicKeyBytes, publicKeyAlgorithm, nil -} - -// MarshalPKIXPublicKey converts a public key to PKIX, ASN.1 DER form. -// The encoded public key is a SubjectPublicKeyInfo structure -// (see RFC 5280, Section 4.1). -// -// The following key types are currently supported: *rsa.PublicKey, *ecdsa.PublicKey -// and ed25519.PublicKey. Unsupported key types result in an error. -// -// This kind of key is commonly encoded in PEM blocks of type "PUBLIC KEY". -func MarshalPKIXPublicKey(pub interface{}) ([]byte, error) { - var publicKeyBytes []byte - var publicKeyAlgorithm pkix.AlgorithmIdentifier - var err error - - if publicKeyBytes, publicKeyAlgorithm, err = marshalPublicKey(pub); err != nil { - return nil, err - } - - pkix := pkixPublicKey{ - Algo: publicKeyAlgorithm, - BitString: asn1.BitString{ - Bytes: publicKeyBytes, - BitLength: 8 * len(publicKeyBytes), - }, - } - - ret, _ := asn1.Marshal(pkix) - return ret, nil -} - -// These structures reflect the ASN.1 structure of X.509 certificates.: - -type certificate struct { - Raw asn1.RawContent - TBSCertificate tbsCertificate - SignatureAlgorithm pkix.AlgorithmIdentifier - SignatureValue asn1.BitString -} - -type tbsCertificate struct { - Raw asn1.RawContent - Version int `asn1:"optional,explicit,default:0,tag:0"` - SerialNumber *big.Int - SignatureAlgorithm pkix.AlgorithmIdentifier - Issuer asn1.RawValue - Validity validity - Subject asn1.RawValue - PublicKey publicKeyInfo - UniqueId asn1.BitString `asn1:"optional,tag:1"` - SubjectUniqueId asn1.BitString `asn1:"optional,tag:2"` - Extensions []pkix.Extension `asn1:"optional,explicit,tag:3"` -} - -type dsaAlgorithmParameters struct { - P, Q, G *big.Int -} - -type dsaSignature struct { - R, S *big.Int -} - -type ecdsaSignature dsaSignature - -type validity struct { - NotBefore, NotAfter time.Time -} - -type publicKeyInfo struct { - Raw asn1.RawContent - Algorithm pkix.AlgorithmIdentifier - PublicKey asn1.BitString -} - -// RFC 5280, 4.2.1.1 -type authKeyId struct { - Id []byte `asn1:"optional,tag:0"` -} - -type SignatureAlgorithm int - -const ( - UnknownSignatureAlgorithm SignatureAlgorithm = iota - MD2WithRSA - MD5WithRSA - SHA1WithRSA - SHA256WithRSA - SHA384WithRSA - SHA512WithRSA - DSAWithSHA1 - DSAWithSHA256 - ECDSAWithSHA1 - ECDSAWithSHA256 - ECDSAWithSHA384 - ECDSAWithSHA512 - SHA256WithRSAPSS - SHA384WithRSAPSS - SHA512WithRSAPSS - PureEd25519 -) - -func (algo SignatureAlgorithm) isRSAPSS() bool { - switch algo { - case SHA256WithRSAPSS, SHA384WithRSAPSS, SHA512WithRSAPSS: - return true - default: - return false - } -} - -func (algo SignatureAlgorithm) String() string { - for _, details := range signatureAlgorithmDetails { - if details.algo == algo { - return details.name - } - } - return strconv.Itoa(int(algo)) -} - -type PublicKeyAlgorithm int - -const ( - UnknownPublicKeyAlgorithm PublicKeyAlgorithm = iota - RSA - DSA - ECDSA - Ed25519 -) - -var publicKeyAlgoName = [...]string{ - RSA: "RSA", - DSA: "DSA", - ECDSA: "ECDSA", - Ed25519: "Ed25519", -} - -func (algo PublicKeyAlgorithm) String() string { - if 0 < algo && int(algo) < len(publicKeyAlgoName) { - return publicKeyAlgoName[algo] - } - return strconv.Itoa(int(algo)) -} - -// OIDs for signature algorithms -// -// pkcs-1 OBJECT IDENTIFIER ::= { -// iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } -// -// -// RFC 3279 2.2.1 RSA Signature Algorithms -// -// md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } -// -// md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } -// -// sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } -// -// dsaWithSha1 OBJECT IDENTIFIER ::= { -// iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 3 } -// -// RFC 3279 2.2.3 ECDSA Signature Algorithm -// -// ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { -// iso(1) member-body(2) us(840) ansi-x962(10045) -// signatures(4) ecdsa-with-SHA1(1)} -// -// -// RFC 4055 5 PKCS #1 Version 1.5 -// -// sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 } -// -// sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } -// -// sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } -// -// -// RFC 5758 3.1 DSA Signature Algorithms -// -// dsaWithSha256 OBJECT IDENTIFIER ::= { -// joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) -// csor(3) algorithms(4) id-dsa-with-sha2(3) 2} -// -// RFC 5758 3.2 ECDSA Signature Algorithm -// -// ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) -// us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 } -// -// ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) -// us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 } -// -// ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) -// us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 } -// -// -// RFC 8410 3 Curve25519 and Curve448 Algorithm Identifiers -// -// id-Ed25519 OBJECT IDENTIFIER ::= { 1 3 101 112 } - -var ( - oidSignatureMD2WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} - oidSignatureMD5WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} - oidSignatureSHA1WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} - oidSignatureSHA256WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} - oidSignatureSHA384WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} - oidSignatureSHA512WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} - oidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} - oidSignatureDSAWithSHA1 = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 3} - oidSignatureDSAWithSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 3, 2} - oidSignatureECDSAWithSHA1 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 1} - oidSignatureECDSAWithSHA256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 2} - oidSignatureECDSAWithSHA384 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 3} - oidSignatureECDSAWithSHA512 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 4} - oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112} - - oidSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1} - oidSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} - oidSHA512 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3} - - oidMGF1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 8} - - // oidISOSignatureSHA1WithRSA means the same as oidSignatureSHA1WithRSA - // but it's specified by ISO. Microsoft's makecert.exe has been known - // to produce certificates with this OID. - oidISOSignatureSHA1WithRSA = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 29} -) - -var signatureAlgorithmDetails = []struct { - algo SignatureAlgorithm - name string - oid asn1.ObjectIdentifier - pubKeyAlgo PublicKeyAlgorithm - hash crypto.Hash -}{ - {MD2WithRSA, "MD2-RSA", oidSignatureMD2WithRSA, RSA, crypto.Hash(0) /* no value for MD2 */}, - {MD5WithRSA, "MD5-RSA", oidSignatureMD5WithRSA, RSA, crypto.MD5}, - {SHA1WithRSA, "SHA1-RSA", oidSignatureSHA1WithRSA, RSA, crypto.SHA1}, - {SHA1WithRSA, "SHA1-RSA", oidISOSignatureSHA1WithRSA, RSA, crypto.SHA1}, - {SHA256WithRSA, "SHA256-RSA", oidSignatureSHA256WithRSA, RSA, crypto.SHA256}, - {SHA384WithRSA, "SHA384-RSA", oidSignatureSHA384WithRSA, RSA, crypto.SHA384}, - {SHA512WithRSA, "SHA512-RSA", oidSignatureSHA512WithRSA, RSA, crypto.SHA512}, - {SHA256WithRSAPSS, "SHA256-RSAPSS", oidSignatureRSAPSS, RSA, crypto.SHA256}, - {SHA384WithRSAPSS, "SHA384-RSAPSS", oidSignatureRSAPSS, RSA, crypto.SHA384}, - {SHA512WithRSAPSS, "SHA512-RSAPSS", oidSignatureRSAPSS, RSA, crypto.SHA512}, - {DSAWithSHA1, "DSA-SHA1", oidSignatureDSAWithSHA1, DSA, crypto.SHA1}, - {DSAWithSHA256, "DSA-SHA256", oidSignatureDSAWithSHA256, DSA, crypto.SHA256}, - {ECDSAWithSHA1, "ECDSA-SHA1", oidSignatureECDSAWithSHA1, ECDSA, crypto.SHA1}, - {ECDSAWithSHA256, "ECDSA-SHA256", oidSignatureECDSAWithSHA256, ECDSA, crypto.SHA256}, - {ECDSAWithSHA384, "ECDSA-SHA384", oidSignatureECDSAWithSHA384, ECDSA, crypto.SHA384}, - {ECDSAWithSHA512, "ECDSA-SHA512", oidSignatureECDSAWithSHA512, ECDSA, crypto.SHA512}, - {PureEd25519, "Ed25519", oidSignatureEd25519, Ed25519, crypto.Hash(0) /* no pre-hashing */}, -} - -// pssParameters reflects the parameters in an AlgorithmIdentifier that -// specifies RSA PSS. See RFC 3447, Appendix A.2.3. -type pssParameters struct { - // The following three fields are not marked as - // optional because the default values specify SHA-1, - // which is no longer suitable for use in signatures. - Hash pkix.AlgorithmIdentifier `asn1:"explicit,tag:0"` - MGF pkix.AlgorithmIdentifier `asn1:"explicit,tag:1"` - SaltLength int `asn1:"explicit,tag:2"` - TrailerField int `asn1:"optional,explicit,tag:3,default:1"` -} - -// rsaPSSParameters returns an asn1.RawValue suitable for use as the Parameters -// in an AlgorithmIdentifier that specifies RSA PSS. -func rsaPSSParameters(hashFunc crypto.Hash) asn1.RawValue { - var hashOID asn1.ObjectIdentifier - - switch hashFunc { - case crypto.SHA256: - hashOID = oidSHA256 - case crypto.SHA384: - hashOID = oidSHA384 - case crypto.SHA512: - hashOID = oidSHA512 - } - - params := pssParameters{ - Hash: pkix.AlgorithmIdentifier{ - Algorithm: hashOID, - Parameters: asn1.NullRawValue, - }, - MGF: pkix.AlgorithmIdentifier{ - Algorithm: oidMGF1, - }, - SaltLength: hashFunc.Size(), - TrailerField: 1, - } - - mgf1Params := pkix.AlgorithmIdentifier{ - Algorithm: hashOID, - Parameters: asn1.NullRawValue, - } - - var err error - params.MGF.Parameters.FullBytes, err = asn1.Marshal(mgf1Params) - if err != nil { - panic(err) - } - - serialized, err := asn1.Marshal(params) - if err != nil { - panic(err) - } - - return asn1.RawValue{FullBytes: serialized} -} - -func getSignatureAlgorithmFromAI(ai pkix.AlgorithmIdentifier) SignatureAlgorithm { - if ai.Algorithm.Equal(oidSignatureEd25519) { - // RFC 8410, Section 3 - // > For all of the OIDs, the parameters MUST be absent. - if len(ai.Parameters.FullBytes) != 0 { - return UnknownSignatureAlgorithm - } - } - - if !ai.Algorithm.Equal(oidSignatureRSAPSS) { - for _, details := range signatureAlgorithmDetails { - if ai.Algorithm.Equal(details.oid) { - return details.algo - } - } - return UnknownSignatureAlgorithm - } - - // RSA PSS is special because it encodes important parameters - // in the Parameters. - - var params pssParameters - if _, err := asn1.Unmarshal(ai.Parameters.FullBytes, ¶ms); err != nil { - return UnknownSignatureAlgorithm - } - - var mgf1HashFunc pkix.AlgorithmIdentifier - if _, err := asn1.Unmarshal(params.MGF.Parameters.FullBytes, &mgf1HashFunc); err != nil { - return UnknownSignatureAlgorithm - } - - // PSS is greatly overburdened with options. This code forces them into - // three buckets by requiring that the MGF1 hash function always match the - // message hash function (as recommended in RFC 3447, Section 8.1), that the - // salt length matches the hash length, and that the trailer field has the - // default value. - if (len(params.Hash.Parameters.FullBytes) != 0 && !bytes.Equal(params.Hash.Parameters.FullBytes, asn1.NullBytes)) || - !params.MGF.Algorithm.Equal(oidMGF1) || - !mgf1HashFunc.Algorithm.Equal(params.Hash.Algorithm) || - (len(mgf1HashFunc.Parameters.FullBytes) != 0 && !bytes.Equal(mgf1HashFunc.Parameters.FullBytes, asn1.NullBytes)) || - params.TrailerField != 1 { - return UnknownSignatureAlgorithm - } - - switch { - case params.Hash.Algorithm.Equal(oidSHA256) && params.SaltLength == 32: - return SHA256WithRSAPSS - case params.Hash.Algorithm.Equal(oidSHA384) && params.SaltLength == 48: - return SHA384WithRSAPSS - case params.Hash.Algorithm.Equal(oidSHA512) && params.SaltLength == 64: - return SHA512WithRSAPSS - } - - return UnknownSignatureAlgorithm -} - -// RFC 3279, 2.3 Public Key Algorithms -// -// pkcs-1 OBJECT IDENTIFIER ::== { iso(1) member-body(2) us(840) -// rsadsi(113549) pkcs(1) 1 } -// -// rsaEncryption OBJECT IDENTIFIER ::== { pkcs1-1 1 } -// -// id-dsa OBJECT IDENTIFIER ::== { iso(1) member-body(2) us(840) -// x9-57(10040) x9cm(4) 1 } -// -// RFC 5480, 2.1.1 Unrestricted Algorithm Identifier and Parameters -// -// id-ecPublicKey OBJECT IDENTIFIER ::= { -// iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } -var ( - oidPublicKeyRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} - oidPublicKeyDSA = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1} - oidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1} - oidPublicKeyEd25519 = oidSignatureEd25519 -) - -func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm { - switch { - case oid.Equal(oidPublicKeyRSA): - return RSA - case oid.Equal(oidPublicKeyDSA): - return DSA - case oid.Equal(oidPublicKeyECDSA): - return ECDSA - case oid.Equal(oidPublicKeyEd25519): - return Ed25519 - } - return UnknownPublicKeyAlgorithm -} - -// RFC 5480, 2.1.1.1. Named Curve -// -// secp224r1 OBJECT IDENTIFIER ::= { -// iso(1) identified-organization(3) certicom(132) curve(0) 33 } -// -// secp256r1 OBJECT IDENTIFIER ::= { -// iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) -// prime(1) 7 } -// -// secp384r1 OBJECT IDENTIFIER ::= { -// iso(1) identified-organization(3) certicom(132) curve(0) 34 } -// -// secp521r1 OBJECT IDENTIFIER ::= { -// iso(1) identified-organization(3) certicom(132) curve(0) 35 } -// -// NB: secp256r1 is equivalent to prime256v1 -var ( - oidNamedCurveP224 = asn1.ObjectIdentifier{1, 3, 132, 0, 33} - oidNamedCurveP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7} - oidNamedCurveP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34} - oidNamedCurveP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35} -) - -func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve { - switch { - case oid.Equal(oidNamedCurveP224): - return elliptic.P224() - case oid.Equal(oidNamedCurveP256): - return elliptic.P256() - case oid.Equal(oidNamedCurveP384): - return elliptic.P384() - case oid.Equal(oidNamedCurveP521): - return elliptic.P521() - } - return nil -} - -func oidFromNamedCurve(curve elliptic.Curve) (asn1.ObjectIdentifier, bool) { - switch curve { - case elliptic.P224(): - return oidNamedCurveP224, true - case elliptic.P256(): - return oidNamedCurveP256, true - case elliptic.P384(): - return oidNamedCurveP384, true - case elliptic.P521(): - return oidNamedCurveP521, true - } - - return nil, false -} - -// KeyUsage represents the set of actions that are valid for a given key. It's -// a bitmap of the KeyUsage* constants. -type KeyUsage int - -const ( - KeyUsageDigitalSignature KeyUsage = 1 << iota - KeyUsageContentCommitment - KeyUsageKeyEncipherment - KeyUsageDataEncipherment - KeyUsageKeyAgreement - KeyUsageCertSign - KeyUsageCRLSign - KeyUsageEncipherOnly - KeyUsageDecipherOnly -) - -// RFC 5280, 4.2.1.12 Extended Key Usage -// -// anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } -// -// id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } -// -// id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } -// id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } -// id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } -// id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } -// id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } -// id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } -var ( - oidExtKeyUsageAny = asn1.ObjectIdentifier{2, 5, 29, 37, 0} - oidExtKeyUsageServerAuth = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1} - oidExtKeyUsageClientAuth = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 2} - oidExtKeyUsageCodeSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 3} - oidExtKeyUsageEmailProtection = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 4} - oidExtKeyUsageIPSECEndSystem = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 5} - oidExtKeyUsageIPSECTunnel = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 6} - oidExtKeyUsageIPSECUser = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 7} - oidExtKeyUsageTimeStamping = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 8} - oidExtKeyUsageOCSPSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 9} - oidExtKeyUsageMicrosoftServerGatedCrypto = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 10, 3, 3} - oidExtKeyUsageNetscapeServerGatedCrypto = asn1.ObjectIdentifier{2, 16, 840, 1, 113730, 4, 1} - oidExtKeyUsageMicrosoftCommercialCodeSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 22} - oidExtKeyUsageMicrosoftKernelCodeSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 61, 1, 1} -) - -// ExtKeyUsage represents an extended set of actions that are valid for a given key. -// Each of the ExtKeyUsage* constants define a unique action. -type ExtKeyUsage int - -const ( - ExtKeyUsageAny ExtKeyUsage = iota - ExtKeyUsageServerAuth - ExtKeyUsageClientAuth - ExtKeyUsageCodeSigning - ExtKeyUsageEmailProtection - ExtKeyUsageIPSECEndSystem - ExtKeyUsageIPSECTunnel - ExtKeyUsageIPSECUser - ExtKeyUsageTimeStamping - ExtKeyUsageOCSPSigning - ExtKeyUsageMicrosoftServerGatedCrypto - ExtKeyUsageNetscapeServerGatedCrypto - ExtKeyUsageMicrosoftCommercialCodeSigning - ExtKeyUsageMicrosoftKernelCodeSigning -) - -// extKeyUsageOIDs contains the mapping between an ExtKeyUsage and its OID. -var extKeyUsageOIDs = []struct { - extKeyUsage ExtKeyUsage - oid asn1.ObjectIdentifier -}{ - {ExtKeyUsageAny, oidExtKeyUsageAny}, - {ExtKeyUsageServerAuth, oidExtKeyUsageServerAuth}, - {ExtKeyUsageClientAuth, oidExtKeyUsageClientAuth}, - {ExtKeyUsageCodeSigning, oidExtKeyUsageCodeSigning}, - {ExtKeyUsageEmailProtection, oidExtKeyUsageEmailProtection}, - {ExtKeyUsageIPSECEndSystem, oidExtKeyUsageIPSECEndSystem}, - {ExtKeyUsageIPSECTunnel, oidExtKeyUsageIPSECTunnel}, - {ExtKeyUsageIPSECUser, oidExtKeyUsageIPSECUser}, - {ExtKeyUsageTimeStamping, oidExtKeyUsageTimeStamping}, - {ExtKeyUsageOCSPSigning, oidExtKeyUsageOCSPSigning}, - {ExtKeyUsageMicrosoftServerGatedCrypto, oidExtKeyUsageMicrosoftServerGatedCrypto}, - {ExtKeyUsageNetscapeServerGatedCrypto, oidExtKeyUsageNetscapeServerGatedCrypto}, - {ExtKeyUsageMicrosoftCommercialCodeSigning, oidExtKeyUsageMicrosoftCommercialCodeSigning}, - {ExtKeyUsageMicrosoftKernelCodeSigning, oidExtKeyUsageMicrosoftKernelCodeSigning}, -} - -func extKeyUsageFromOID(oid asn1.ObjectIdentifier) (eku ExtKeyUsage, ok bool) { - for _, pair := range extKeyUsageOIDs { - if oid.Equal(pair.oid) { - return pair.extKeyUsage, true - } - } - return -} - -func oidFromExtKeyUsage(eku ExtKeyUsage) (oid asn1.ObjectIdentifier, ok bool) { - for _, pair := range extKeyUsageOIDs { - if eku == pair.extKeyUsage { - return pair.oid, true - } - } - return -} - -// A Certificate represents an X.509 certificate. -type Certificate struct { - Raw []byte // Complete ASN.1 DER content (certificate, signature algorithm and signature). - RawTBSCertificate []byte // Certificate part of raw ASN.1 DER content. - RawSubjectPublicKeyInfo []byte // DER encoded SubjectPublicKeyInfo. - RawSubject []byte // DER encoded Subject - RawIssuer []byte // DER encoded Issuer - - Signature []byte - SignatureAlgorithm SignatureAlgorithm - - PublicKeyAlgorithm PublicKeyAlgorithm - PublicKey interface{} - - Version int - SerialNumber *big.Int - Issuer pkix.Name - Subject pkix.Name - NotBefore, NotAfter time.Time // Validity bounds. - KeyUsage KeyUsage - - // Extensions contains raw X.509 extensions. When parsing certificates, - // this can be used to extract non-critical extensions that are not - // parsed by this package. When marshaling certificates, the Extensions - // field is ignored, see ExtraExtensions. - Extensions []pkix.Extension - - // ExtraExtensions contains extensions to be copied, raw, into any - // marshaled certificates. Values override any extensions that would - // otherwise be produced based on the other fields. The ExtraExtensions - // field is not populated when parsing certificates, see Extensions. - ExtraExtensions []pkix.Extension - - // UnhandledCriticalExtensions contains a list of extension IDs that - // were not (fully) processed when parsing. Verify will fail if this - // slice is non-empty, unless verification is delegated to an OS - // library which understands all the critical extensions. - // - // Users can access these extensions using Extensions and can remove - // elements from this slice if they believe that they have been - // handled. - UnhandledCriticalExtensions []asn1.ObjectIdentifier - - ExtKeyUsage []ExtKeyUsage // Sequence of extended key usages. - UnknownExtKeyUsage []asn1.ObjectIdentifier // Encountered extended key usages unknown to this package. - - // BasicConstraintsValid indicates whether IsCA, MaxPathLen, - // and MaxPathLenZero are valid. - BasicConstraintsValid bool - IsCA bool - - // MaxPathLen and MaxPathLenZero indicate the presence and - // value of the BasicConstraints' "pathLenConstraint". - // - // When parsing a certificate, a positive non-zero MaxPathLen - // means that the field was specified, -1 means it was unset, - // and MaxPathLenZero being true mean that the field was - // explicitly set to zero. The case of MaxPathLen==0 with MaxPathLenZero==false - // should be treated equivalent to -1 (unset). - // - // When generating a certificate, an unset pathLenConstraint - // can be requested with either MaxPathLen == -1 or using the - // zero value for both MaxPathLen and MaxPathLenZero. - MaxPathLen int - // MaxPathLenZero indicates that BasicConstraintsValid==true - // and MaxPathLen==0 should be interpreted as an actual - // maximum path length of zero. Otherwise, that combination is - // interpreted as MaxPathLen not being set. - MaxPathLenZero bool - - SubjectKeyId []byte - AuthorityKeyId []byte - - // RFC 5280, 4.2.2.1 (Authority Information Access) - OCSPServer []string - IssuingCertificateURL []string - - // Subject Alternate Name values. (Note that these values may not be valid - // if invalid values were contained within a parsed certificate. For - // example, an element of DNSNames may not be a valid DNS domain name.) - DNSNames []string - EmailAddresses []string - IPAddresses []net.IP - URIs []*url.URL - - // Name constraints - PermittedDNSDomainsCritical bool // if true then the name constraints are marked critical. - PermittedDNSDomains []string - ExcludedDNSDomains []string - PermittedIPRanges []*net.IPNet - ExcludedIPRanges []*net.IPNet - PermittedEmailAddresses []string - ExcludedEmailAddresses []string - PermittedURIDomains []string - ExcludedURIDomains []string - - // CRL Distribution Points - CRLDistributionPoints []string - - PolicyIdentifiers []asn1.ObjectIdentifier -} - -// ErrUnsupportedAlgorithm results from attempting to perform an operation that -// involves algorithms that are not currently implemented. -var ErrUnsupportedAlgorithm = errors.New("x509: cannot verify signature: algorithm unimplemented") - -// An InsecureAlgorithmError -type InsecureAlgorithmError SignatureAlgorithm - -func (e InsecureAlgorithmError) Error() string { - return fmt.Sprintf("x509: cannot verify signature: insecure algorithm %v", SignatureAlgorithm(e)) -} - -// ConstraintViolationError results when a requested usage is not permitted by -// a certificate. For example: checking a signature when the public key isn't a -// certificate signing key. -type ConstraintViolationError struct{} - -func (ConstraintViolationError) Error() string { - return "x509: invalid signature: parent certificate cannot sign this kind of certificate" -} - -func (c *Certificate) Equal(other *Certificate) bool { - if c == nil || other == nil { - return c == other - } - return bytes.Equal(c.Raw, other.Raw) -} - -func (c *Certificate) hasSANExtension() bool { - return oidInExtensions(oidExtensionSubjectAltName, c.Extensions) -} - -// CheckSignatureFrom verifies that the signature on c is a valid signature -// from parent. -func (c *Certificate) CheckSignatureFrom(parent *Certificate) error { - // RFC 5280, 4.2.1.9: - // "If the basic constraints extension is not present in a version 3 - // certificate, or the extension is present but the cA boolean is not - // asserted, then the certified public key MUST NOT be used to verify - // certificate signatures." - if parent.Version == 3 && !parent.BasicConstraintsValid || - parent.BasicConstraintsValid && !parent.IsCA { - return ConstraintViolationError{} - } - - if parent.KeyUsage != 0 && parent.KeyUsage&KeyUsageCertSign == 0 { - return ConstraintViolationError{} - } - - if parent.PublicKeyAlgorithm == UnknownPublicKeyAlgorithm { - return ErrUnsupportedAlgorithm - } - - // TODO(agl): don't ignore the path length constraint. - - return parent.CheckSignature(c.SignatureAlgorithm, c.RawTBSCertificate, c.Signature) -} - -// CheckSignature verifies that signature is a valid signature over signed from -// c's public key. -func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) error { - return checkSignature(algo, signed, signature, c.PublicKey) -} - -func (c *Certificate) hasNameConstraints() bool { - return oidInExtensions(oidExtensionNameConstraints, c.Extensions) -} - -func (c *Certificate) getSANExtension() []byte { - for _, e := range c.Extensions { - if e.Id.Equal(oidExtensionSubjectAltName) { - return e.Value - } - } - return nil -} - -func signaturePublicKeyAlgoMismatchError(expectedPubKeyAlgo PublicKeyAlgorithm, pubKey interface{}) error { - return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey) -} - -// CheckSignature verifies that signature is a valid signature over signed from -// a crypto.PublicKey. -func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey) (err error) { - var hashType crypto.Hash - var pubKeyAlgo PublicKeyAlgorithm - - for _, details := range signatureAlgorithmDetails { - if details.algo == algo { - hashType = details.hash - pubKeyAlgo = details.pubKeyAlgo - } - } - - switch hashType { - case crypto.Hash(0): - if pubKeyAlgo != Ed25519 { - return ErrUnsupportedAlgorithm - } - case crypto.MD5: - return InsecureAlgorithmError(algo) - default: - if !hashType.Available() { - return ErrUnsupportedAlgorithm - } - h := hashType.New() - h.Write(signed) - signed = h.Sum(nil) - } - - switch pub := publicKey.(type) { - case *rsa.PublicKey: - if pubKeyAlgo != RSA { - return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub) - } - if algo.isRSAPSS() { - return rsa.VerifyPSS(pub, hashType, signed, signature, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash}) - } else { - return rsa.VerifyPKCS1v15(pub, hashType, signed, signature) - } - case *dsa.PublicKey: - if pubKeyAlgo != DSA { - return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub) - } - dsaSig := new(dsaSignature) - if rest, err := asn1.Unmarshal(signature, dsaSig); err != nil { - return err - } else if len(rest) != 0 { - return errors.New("x509: trailing data after DSA signature") - } - if dsaSig.R.Sign() <= 0 || dsaSig.S.Sign() <= 0 { - return errors.New("x509: DSA signature contained zero or negative values") - } - // According to FIPS 186-3, section 4.6, the hash must be truncated if it is longer - // than the key length, but crypto/dsa doesn't do it automatically. - if maxHashLen := pub.Q.BitLen() / 8; maxHashLen < len(signed) { - signed = signed[:maxHashLen] - } - if !dsa.Verify(pub, signed, dsaSig.R, dsaSig.S) { - return errors.New("x509: DSA verification failure") - } - return - case *ecdsa.PublicKey: - if pubKeyAlgo != ECDSA { - return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub) - } - ecdsaSig := new(ecdsaSignature) - if rest, err := asn1.Unmarshal(signature, ecdsaSig); err != nil { - return err - } else if len(rest) != 0 { - return errors.New("x509: trailing data after ECDSA signature") - } - if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 { - return errors.New("x509: ECDSA signature contained zero or negative values") - } - if !ecdsa.Verify(pub, signed, ecdsaSig.R, ecdsaSig.S) { - return errors.New("x509: ECDSA verification failure") - } - return - case ed25519.PublicKey: - if pubKeyAlgo != Ed25519 { - return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub) - } - if !ed25519.Verify(pub, signed, signature) { - return errors.New("x509: Ed25519 verification failure") - } - return - } - return ErrUnsupportedAlgorithm -} - -// CheckCRLSignature checks that the signature in crl is from c. -func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) error { - algo := getSignatureAlgorithmFromAI(crl.SignatureAlgorithm) - return c.CheckSignature(algo, crl.TBSCertList.Raw, crl.SignatureValue.RightAlign()) -} - -type UnhandledCriticalExtension struct{} - -func (h UnhandledCriticalExtension) Error() string { - return "x509: unhandled critical extension" -} - -type basicConstraints struct { - IsCA bool `asn1:"optional"` - MaxPathLen int `asn1:"optional,default:-1"` -} - -// RFC 5280 4.2.1.4 -type policyInformation struct { - Policy asn1.ObjectIdentifier - // policyQualifiers omitted -} - -const ( - nameTypeEmail = 1 - nameTypeDNS = 2 - nameTypeURI = 6 - nameTypeIP = 7 -) - -// RFC 5280, 4.2.2.1 -type authorityInfoAccess struct { - Method asn1.ObjectIdentifier - Location asn1.RawValue -} - -// RFC 5280, 4.2.1.14 -type distributionPoint struct { - DistributionPoint distributionPointName `asn1:"optional,tag:0"` - Reason asn1.BitString `asn1:"optional,tag:1"` - CRLIssuer asn1.RawValue `asn1:"optional,tag:2"` -} - -type distributionPointName struct { - FullName []asn1.RawValue `asn1:"optional,tag:0"` - RelativeName pkix.RDNSequence `asn1:"optional,tag:1"` -} - -func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{}, error) { - asn1Data := keyData.PublicKey.RightAlign() - switch algo { - case RSA: - // RSA public keys must have a NULL in the parameters. - // See RFC 3279, Section 2.3.1. - if !bytes.Equal(keyData.Algorithm.Parameters.FullBytes, asn1.NullBytes) { - return nil, errors.New("x509: RSA key missing NULL parameters") - } - - p := new(pkcs1PublicKey) - rest, err := asn1.Unmarshal(asn1Data, p) - if err != nil { - return nil, err - } - if len(rest) != 0 { - return nil, errors.New("x509: trailing data after RSA public key") - } - - if p.N.Sign() <= 0 { - return nil, errors.New("x509: RSA modulus is not a positive number") - } - if p.E <= 0 { - return nil, errors.New("x509: RSA public exponent is not a positive number") - } - - pub := &rsa.PublicKey{ - E: p.E, - N: p.N, - } - return pub, nil - case DSA: - var p *big.Int - rest, err := asn1.Unmarshal(asn1Data, &p) - if err != nil { - return nil, err - } - if len(rest) != 0 { - return nil, errors.New("x509: trailing data after DSA public key") - } - paramsData := keyData.Algorithm.Parameters.FullBytes - params := new(dsaAlgorithmParameters) - rest, err = asn1.Unmarshal(paramsData, params) - if err != nil { - return nil, err - } - if len(rest) != 0 { - return nil, errors.New("x509: trailing data after DSA parameters") - } - if p.Sign() <= 0 || params.P.Sign() <= 0 || params.Q.Sign() <= 0 || params.G.Sign() <= 0 { - return nil, errors.New("x509: zero or negative DSA parameter") - } - pub := &dsa.PublicKey{ - Parameters: dsa.Parameters{ - P: params.P, - Q: params.Q, - G: params.G, - }, - Y: p, - } - return pub, nil - case ECDSA: - paramsData := keyData.Algorithm.Parameters.FullBytes - namedCurveOID := new(asn1.ObjectIdentifier) - rest, err := asn1.Unmarshal(paramsData, namedCurveOID) - if err != nil { - return nil, errors.New("x509: failed to parse ECDSA parameters as named curve") - } - if len(rest) != 0 { - return nil, errors.New("x509: trailing data after ECDSA parameters") - } - namedCurve := namedCurveFromOID(*namedCurveOID) - if namedCurve == nil { - return nil, errors.New("x509: unsupported elliptic curve") - } - x, y := elliptic.Unmarshal(namedCurve, asn1Data) - if x == nil { - return nil, errors.New("x509: failed to unmarshal elliptic curve point") - } - pub := &ecdsa.PublicKey{ - Curve: namedCurve, - X: x, - Y: y, - } - return pub, nil - case Ed25519: - // RFC 8410, Section 3 - // > For all of the OIDs, the parameters MUST be absent. - if len(keyData.Algorithm.Parameters.FullBytes) != 0 { - return nil, errors.New("x509: Ed25519 key encoded with illegal parameters") - } - if len(asn1Data) != ed25519.PublicKeySize { - return nil, errors.New("x509: wrong Ed25519 public key size") - } - pub := make([]byte, ed25519.PublicKeySize) - copy(pub, asn1Data) - return ed25519.PublicKey(pub), nil - default: - return nil, nil - } -} - -func forEachSAN(extension []byte, callback func(tag int, data []byte) error) error { - // RFC 5280, 4.2.1.6 - - // SubjectAltName ::= GeneralNames - // - // GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - // - // GeneralName ::= CHOICE { - // otherName [0] OtherName, - // rfc822Name [1] IA5String, - // dNSName [2] IA5String, - // x400Address [3] ORAddress, - // directoryName [4] Name, - // ediPartyName [5] EDIPartyName, - // uniformResourceIdentifier [6] IA5String, - // iPAddress [7] OCTET STRING, - // registeredID [8] OBJECT IDENTIFIER } - var seq asn1.RawValue - rest, err := asn1.Unmarshal(extension, &seq) - if err != nil { - return err - } else if len(rest) != 0 { - return errors.New("x509: trailing data after X.509 extension") - } - if !seq.IsCompound || seq.Tag != 16 || seq.Class != 0 { - return asn1.StructuralError{Msg: "bad SAN sequence"} - } - - rest = seq.Bytes - for len(rest) > 0 { - var v asn1.RawValue - rest, err = asn1.Unmarshal(rest, &v) - if err != nil { - return err - } - - if err := callback(v.Tag, v.Bytes); err != nil { - return err - } - } - - return nil -} - -func parseSANExtension(value []byte) (dnsNames, emailAddresses []string, ipAddresses []net.IP, uris []*url.URL, err error) { - err = forEachSAN(value, func(tag int, data []byte) error { - switch tag { - case nameTypeEmail: - emailAddresses = append(emailAddresses, string(data)) - case nameTypeDNS: - dnsNames = append(dnsNames, string(data)) - case nameTypeURI: - uri, err := url.Parse(string(data)) - if err != nil { - return fmt.Errorf("x509: cannot parse URI %q: %s", string(data), err) - } - if len(uri.Host) > 0 { - if _, ok := domainToReverseLabels(uri.Host); !ok { - return fmt.Errorf("x509: cannot parse URI %q: invalid domain", string(data)) - } - } - uris = append(uris, uri) - case nameTypeIP: - switch len(data) { - case net.IPv4len, net.IPv6len: - ipAddresses = append(ipAddresses, data) - default: - return errors.New("x509: cannot parse IP address of length " + strconv.Itoa(len(data))) - } - } - - return nil - }) - - return -} - -// isValidIPMask reports whether mask consists of zero or more 1 bits, followed by zero bits. -func isValidIPMask(mask []byte) bool { - seenZero := false - - for _, b := range mask { - if seenZero { - if b != 0 { - return false - } - - continue - } - - switch b { - case 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe: - seenZero = true - case 0xff: - default: - return false - } - } - - return true -} - -func parseNameConstraintsExtension(out *Certificate, e pkix.Extension) (unhandled bool, err error) { - // RFC 5280, 4.2.1.10 - - // NameConstraints ::= SEQUENCE { - // permittedSubtrees [0] GeneralSubtrees OPTIONAL, - // excludedSubtrees [1] GeneralSubtrees OPTIONAL } - // - // GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree - // - // GeneralSubtree ::= SEQUENCE { - // base GeneralName, - // minimum [0] BaseDistance DEFAULT 0, - // maximum [1] BaseDistance OPTIONAL } - // - // BaseDistance ::= INTEGER (0..MAX) - - outer := cryptobyte.String(e.Value) - var toplevel, permitted, excluded cryptobyte.String - var havePermitted, haveExcluded bool - if !outer.ReadASN1(&toplevel, cryptobyte_asn1.SEQUENCE) || - !outer.Empty() || - !toplevel.ReadOptionalASN1(&permitted, &havePermitted, cryptobyte_asn1.Tag(0).ContextSpecific().Constructed()) || - !toplevel.ReadOptionalASN1(&excluded, &haveExcluded, cryptobyte_asn1.Tag(1).ContextSpecific().Constructed()) || - !toplevel.Empty() { - return false, errors.New("x509: invalid NameConstraints extension") - } - - if !havePermitted && !haveExcluded || len(permitted) == 0 && len(excluded) == 0 { - // From RFC 5280, Section 4.2.1.10: - // “either the permittedSubtrees field - // or the excludedSubtrees MUST be - // present” - return false, errors.New("x509: empty name constraints extension") - } - - getValues := func(subtrees cryptobyte.String) (dnsNames []string, ips []*net.IPNet, emails, uriDomains []string, err error) { - for !subtrees.Empty() { - var seq, value cryptobyte.String - var tag cryptobyte_asn1.Tag - if !subtrees.ReadASN1(&seq, cryptobyte_asn1.SEQUENCE) || - !seq.ReadAnyASN1(&value, &tag) { - return nil, nil, nil, nil, fmt.Errorf("x509: invalid NameConstraints extension") - } - - var ( - dnsTag = cryptobyte_asn1.Tag(2).ContextSpecific() - emailTag = cryptobyte_asn1.Tag(1).ContextSpecific() - ipTag = cryptobyte_asn1.Tag(7).ContextSpecific() - uriTag = cryptobyte_asn1.Tag(6).ContextSpecific() - ) - - switch tag { - case dnsTag: - domain := string(value) - if err := isIA5String(domain); err != nil { - return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error()) - } - - trimmedDomain := domain - if len(trimmedDomain) > 0 && trimmedDomain[0] == '.' { - // constraints can have a leading - // period to exclude the domain - // itself, but that's not valid in a - // normal domain name. - trimmedDomain = trimmedDomain[1:] - } - if _, ok := domainToReverseLabels(trimmedDomain); !ok { - return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse dnsName constraint %q", domain) - } - dnsNames = append(dnsNames, domain) - - case ipTag: - l := len(value) - var ip, mask []byte - - switch l { - case 8: - ip = value[:4] - mask = value[4:] - - case 32: - ip = value[:16] - mask = value[16:] - - default: - return nil, nil, nil, nil, fmt.Errorf("x509: IP constraint contained value of length %d", l) - } - - if !isValidIPMask(mask) { - return nil, nil, nil, nil, fmt.Errorf("x509: IP constraint contained invalid mask %x", mask) - } - - ips = append(ips, &net.IPNet{IP: net.IP(ip), Mask: net.IPMask(mask)}) - - case emailTag: - constraint := string(value) - if err := isIA5String(constraint); err != nil { - return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error()) - } - - // If the constraint contains an @ then - // it specifies an exact mailbox name. - if strings.Contains(constraint, "@") { - if _, ok := parseRFC2821Mailbox(constraint); !ok { - return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse rfc822Name constraint %q", constraint) - } - } else { - // Otherwise it's a domain name. - domain := constraint - if len(domain) > 0 && domain[0] == '.' { - domain = domain[1:] - } - if _, ok := domainToReverseLabels(domain); !ok { - return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse rfc822Name constraint %q", constraint) - } - } - emails = append(emails, constraint) - - case uriTag: - domain := string(value) - if err := isIA5String(domain); err != nil { - return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error()) - } - - if net.ParseIP(domain) != nil { - return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse URI constraint %q: cannot be IP address", domain) - } - - trimmedDomain := domain - if len(trimmedDomain) > 0 && trimmedDomain[0] == '.' { - // constraints can have a leading - // period to exclude the domain itself, - // but that's not valid in a normal - // domain name. - trimmedDomain = trimmedDomain[1:] - } - if _, ok := domainToReverseLabels(trimmedDomain); !ok { - return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse URI constraint %q", domain) - } - uriDomains = append(uriDomains, domain) - - default: - unhandled = true - } - } - - return dnsNames, ips, emails, uriDomains, nil - } - - if out.PermittedDNSDomains, out.PermittedIPRanges, out.PermittedEmailAddresses, out.PermittedURIDomains, err = getValues(permitted); err != nil { - return false, err - } - if out.ExcludedDNSDomains, out.ExcludedIPRanges, out.ExcludedEmailAddresses, out.ExcludedURIDomains, err = getValues(excluded); err != nil { - return false, err - } - out.PermittedDNSDomainsCritical = e.Critical - - return unhandled, nil -} - -func parseCertificate(in *certificate) (*Certificate, error) { - out := new(Certificate) - out.Raw = in.Raw - out.RawTBSCertificate = in.TBSCertificate.Raw - out.RawSubjectPublicKeyInfo = in.TBSCertificate.PublicKey.Raw - out.RawSubject = in.TBSCertificate.Subject.FullBytes - out.RawIssuer = in.TBSCertificate.Issuer.FullBytes - - out.Signature = in.SignatureValue.RightAlign() - out.SignatureAlgorithm = - getSignatureAlgorithmFromAI(in.TBSCertificate.SignatureAlgorithm) - - out.PublicKeyAlgorithm = - getPublicKeyAlgorithmFromOID(in.TBSCertificate.PublicKey.Algorithm.Algorithm) - var err error - out.PublicKey, err = parsePublicKey(out.PublicKeyAlgorithm, &in.TBSCertificate.PublicKey) - if err != nil { - return nil, err - } - - out.Version = in.TBSCertificate.Version + 1 - out.SerialNumber = in.TBSCertificate.SerialNumber - - var issuer, subject pkix.RDNSequence - if rest, err := asn1.Unmarshal(in.TBSCertificate.Subject.FullBytes, &subject); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after X.509 subject") - } - if rest, err := asn1.Unmarshal(in.TBSCertificate.Issuer.FullBytes, &issuer); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after X.509 issuer") - } - - out.Issuer.FillFromRDNSequence(&issuer) - out.Subject.FillFromRDNSequence(&subject) - - out.NotBefore = in.TBSCertificate.Validity.NotBefore - out.NotAfter = in.TBSCertificate.Validity.NotAfter - - for _, e := range in.TBSCertificate.Extensions { - out.Extensions = append(out.Extensions, e) - unhandled := false - - if len(e.Id) == 4 && e.Id[0] == 2 && e.Id[1] == 5 && e.Id[2] == 29 { - switch e.Id[3] { - case 15: - // RFC 5280, 4.2.1.3 - var usageBits asn1.BitString - if rest, err := asn1.Unmarshal(e.Value, &usageBits); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after X.509 KeyUsage") - } - - var usage int - for i := 0; i < 9; i++ { - if usageBits.At(i) != 0 { - usage |= 1 << uint(i) - } - } - out.KeyUsage = KeyUsage(usage) - - case 19: - // RFC 5280, 4.2.1.9 - var constraints basicConstraints - if rest, err := asn1.Unmarshal(e.Value, &constraints); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after X.509 BasicConstraints") - } - - out.BasicConstraintsValid = true - out.IsCA = constraints.IsCA - out.MaxPathLen = constraints.MaxPathLen - out.MaxPathLenZero = out.MaxPathLen == 0 - // TODO: map out.MaxPathLen to 0 if it has the -1 default value? (Issue 19285) - case 17: - out.DNSNames, out.EmailAddresses, out.IPAddresses, out.URIs, err = parseSANExtension(e.Value) - if err != nil { - return nil, err - } - - if len(out.DNSNames) == 0 && len(out.EmailAddresses) == 0 && len(out.IPAddresses) == 0 && len(out.URIs) == 0 { - // If we didn't parse anything then we do the critical check, below. - unhandled = true - } - - case 30: - unhandled, err = parseNameConstraintsExtension(out, e) - if err != nil { - return nil, err - } - - case 31: - // RFC 5280, 4.2.1.13 - - // CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint - // - // DistributionPoint ::= SEQUENCE { - // distributionPoint [0] DistributionPointName OPTIONAL, - // reasons [1] ReasonFlags OPTIONAL, - // cRLIssuer [2] GeneralNames OPTIONAL } - // - // DistributionPointName ::= CHOICE { - // fullName [0] GeneralNames, - // nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - - var cdp []distributionPoint - if rest, err := asn1.Unmarshal(e.Value, &cdp); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after X.509 CRL distribution point") - } - - for _, dp := range cdp { - // Per RFC 5280, 4.2.1.13, one of distributionPoint or cRLIssuer may be empty. - if len(dp.DistributionPoint.FullName) == 0 { - continue - } - - for _, fullName := range dp.DistributionPoint.FullName { - if fullName.Tag == 6 { - out.CRLDistributionPoints = append(out.CRLDistributionPoints, string(fullName.Bytes)) - } - } - } - - case 35: - // RFC 5280, 4.2.1.1 - var a authKeyId - if rest, err := asn1.Unmarshal(e.Value, &a); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after X.509 authority key-id") - } - out.AuthorityKeyId = a.Id - - case 37: - // RFC 5280, 4.2.1.12. Extended Key Usage - - // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } - // - // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId - // - // KeyPurposeId ::= OBJECT IDENTIFIER - - var keyUsage []asn1.ObjectIdentifier - if rest, err := asn1.Unmarshal(e.Value, &keyUsage); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after X.509 ExtendedKeyUsage") - } - - for _, u := range keyUsage { - if extKeyUsage, ok := extKeyUsageFromOID(u); ok { - out.ExtKeyUsage = append(out.ExtKeyUsage, extKeyUsage) - } else { - out.UnknownExtKeyUsage = append(out.UnknownExtKeyUsage, u) - } - } - - case 14: - // RFC 5280, 4.2.1.2 - var keyid []byte - if rest, err := asn1.Unmarshal(e.Value, &keyid); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after X.509 key-id") - } - out.SubjectKeyId = keyid - - case 32: - // RFC 5280 4.2.1.4: Certificate Policies - var policies []policyInformation - if rest, err := asn1.Unmarshal(e.Value, &policies); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after X.509 certificate policies") - } - out.PolicyIdentifiers = make([]asn1.ObjectIdentifier, len(policies)) - for i, policy := range policies { - out.PolicyIdentifiers[i] = policy.Policy - } - - default: - // Unknown extensions are recorded if critical. - unhandled = true - } - } else if e.Id.Equal(oidExtensionAuthorityInfoAccess) { - // RFC 5280 4.2.2.1: Authority Information Access - var aia []authorityInfoAccess - if rest, err := asn1.Unmarshal(e.Value, &aia); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after X.509 authority information") - } - - for _, v := range aia { - // GeneralName: uniformResourceIdentifier [6] IA5String - if v.Location.Tag != 6 { - continue - } - if v.Method.Equal(oidAuthorityInfoAccessOcsp) { - out.OCSPServer = append(out.OCSPServer, string(v.Location.Bytes)) - } else if v.Method.Equal(oidAuthorityInfoAccessIssuers) { - out.IssuingCertificateURL = append(out.IssuingCertificateURL, string(v.Location.Bytes)) - } - } - } else { - // Unknown extensions are recorded if critical. - unhandled = true - } - - if e.Critical && unhandled { - out.UnhandledCriticalExtensions = append(out.UnhandledCriticalExtensions, e.Id) - } - } - - return out, nil -} - -// ParseCertificate parses a single certificate from the given ASN.1 DER data. -func ParseCertificate(asn1Data []byte) (*Certificate, error) { - var cert certificate - rest, err := asn1.Unmarshal(asn1Data, &cert) - if err != nil { - return nil, err - } - if len(rest) > 0 { - return nil, asn1.SyntaxError{Msg: "trailing data"} - } - - return parseCertificate(&cert) -} - -// ParseCertificates parses one or more certificates from the given ASN.1 DER -// data. The certificates must be concatenated with no intermediate padding. -func ParseCertificates(asn1Data []byte) ([]*Certificate, error) { - var v []*certificate - - for len(asn1Data) > 0 { - cert := new(certificate) - var err error - asn1Data, err = asn1.Unmarshal(asn1Data, cert) - if err != nil { - return nil, err - } - v = append(v, cert) - } - - ret := make([]*Certificate, len(v)) - for i, ci := range v { - cert, err := parseCertificate(ci) - if err != nil { - return nil, err - } - ret[i] = cert - } - - return ret, nil -} - -func reverseBitsInAByte(in byte) byte { - b1 := in>>4 | in<<4 - b2 := b1>>2&0x33 | b1<<2&0xcc - b3 := b2>>1&0x55 | b2<<1&0xaa - return b3 -} - -// asn1BitLength returns the bit-length of bitString by considering the -// most-significant bit in a byte to be the "first" bit. This convention -// matches ASN.1, but differs from almost everything else. -func asn1BitLength(bitString []byte) int { - bitLen := len(bitString) * 8 - - for i := range bitString { - b := bitString[len(bitString)-i-1] - - for bit := uint(0); bit < 8; bit++ { - if (b>>bit)&1 == 1 { - return bitLen - } - bitLen-- - } - } - - return 0 -} - -var ( - oidExtensionSubjectKeyId = []int{2, 5, 29, 14} - oidExtensionKeyUsage = []int{2, 5, 29, 15} - oidExtensionExtendedKeyUsage = []int{2, 5, 29, 37} - oidExtensionAuthorityKeyId = []int{2, 5, 29, 35} - oidExtensionBasicConstraints = []int{2, 5, 29, 19} - oidExtensionSubjectAltName = []int{2, 5, 29, 17} - oidExtensionCertificatePolicies = []int{2, 5, 29, 32} - oidExtensionNameConstraints = []int{2, 5, 29, 30} - oidExtensionCRLDistributionPoints = []int{2, 5, 29, 31} - oidExtensionAuthorityInfoAccess = []int{1, 3, 6, 1, 5, 5, 7, 1, 1} - oidExtensionCRLNumber = []int{2, 5, 29, 20} -) - -var ( - oidAuthorityInfoAccessOcsp = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 1} - oidAuthorityInfoAccessIssuers = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 2} -) - -// oidNotInExtensions reports whether an extension with the given oid exists in -// extensions. -func oidInExtensions(oid asn1.ObjectIdentifier, extensions []pkix.Extension) bool { - for _, e := range extensions { - if e.Id.Equal(oid) { - return true - } - } - return false -} - -// marshalSANs marshals a list of addresses into a the contents of an X.509 -// SubjectAlternativeName extension. -func marshalSANs(dnsNames, emailAddresses []string, ipAddresses []net.IP, uris []*url.URL) (derBytes []byte, err error) { - var rawValues []asn1.RawValue - for _, name := range dnsNames { - rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeDNS, Class: 2, Bytes: []byte(name)}) - } - for _, email := range emailAddresses { - rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeEmail, Class: 2, Bytes: []byte(email)}) - } - for _, rawIP := range ipAddresses { - // If possible, we always want to encode IPv4 addresses in 4 bytes. - ip := rawIP.To4() - if ip == nil { - ip = rawIP - } - rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeIP, Class: 2, Bytes: ip}) - } - for _, uri := range uris { - rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeURI, Class: 2, Bytes: []byte(uri.String())}) - } - return asn1.Marshal(rawValues) -} - -func isIA5String(s string) error { - for _, r := range s { - if r >= utf8.RuneSelf { - return fmt.Errorf("x509: %q cannot be encoded as an IA5String", s) - } - } - - return nil -} - -func buildExtensions(template *Certificate, subjectIsEmpty bool, authorityKeyId []byte, subjectKeyId []byte) (ret []pkix.Extension, err error) { - ret = make([]pkix.Extension, 10 /* maximum number of elements. */) - n := 0 - - if template.KeyUsage != 0 && - !oidInExtensions(oidExtensionKeyUsage, template.ExtraExtensions) { - ret[n].Id = oidExtensionKeyUsage - ret[n].Critical = true - - var a [2]byte - a[0] = reverseBitsInAByte(byte(template.KeyUsage)) - a[1] = reverseBitsInAByte(byte(template.KeyUsage >> 8)) - - l := 1 - if a[1] != 0 { - l = 2 - } - - bitString := a[:l] - ret[n].Value, err = asn1.Marshal(asn1.BitString{Bytes: bitString, BitLength: asn1BitLength(bitString)}) - if err != nil { - return - } - n++ - } - - if (len(template.ExtKeyUsage) > 0 || len(template.UnknownExtKeyUsage) > 0) && - !oidInExtensions(oidExtensionExtendedKeyUsage, template.ExtraExtensions) { - ret[n].Id = oidExtensionExtendedKeyUsage - - var oids []asn1.ObjectIdentifier - for _, u := range template.ExtKeyUsage { - if oid, ok := oidFromExtKeyUsage(u); ok { - oids = append(oids, oid) - } else { - panic("internal error") - } - } - - oids = append(oids, template.UnknownExtKeyUsage...) - - ret[n].Value, err = asn1.Marshal(oids) - if err != nil { - return - } - n++ - } - - if template.BasicConstraintsValid && !oidInExtensions(oidExtensionBasicConstraints, template.ExtraExtensions) { - // Leaving MaxPathLen as zero indicates that no maximum path - // length is desired, unless MaxPathLenZero is set. A value of - // -1 causes encoding/asn1 to omit the value as desired. - maxPathLen := template.MaxPathLen - if maxPathLen == 0 && !template.MaxPathLenZero { - maxPathLen = -1 - } - ret[n].Id = oidExtensionBasicConstraints - ret[n].Value, err = asn1.Marshal(basicConstraints{template.IsCA, maxPathLen}) - ret[n].Critical = true - if err != nil { - return - } - n++ - } - - if len(subjectKeyId) > 0 && !oidInExtensions(oidExtensionSubjectKeyId, template.ExtraExtensions) { - ret[n].Id = oidExtensionSubjectKeyId - ret[n].Value, err = asn1.Marshal(subjectKeyId) - if err != nil { - return - } - n++ - } - - if len(authorityKeyId) > 0 && !oidInExtensions(oidExtensionAuthorityKeyId, template.ExtraExtensions) { - ret[n].Id = oidExtensionAuthorityKeyId - ret[n].Value, err = asn1.Marshal(authKeyId{authorityKeyId}) - if err != nil { - return - } - n++ - } - - if (len(template.OCSPServer) > 0 || len(template.IssuingCertificateURL) > 0) && - !oidInExtensions(oidExtensionAuthorityInfoAccess, template.ExtraExtensions) { - ret[n].Id = oidExtensionAuthorityInfoAccess - var aiaValues []authorityInfoAccess - for _, name := range template.OCSPServer { - aiaValues = append(aiaValues, authorityInfoAccess{ - Method: oidAuthorityInfoAccessOcsp, - Location: asn1.RawValue{Tag: 6, Class: 2, Bytes: []byte(name)}, - }) - } - for _, name := range template.IssuingCertificateURL { - aiaValues = append(aiaValues, authorityInfoAccess{ - Method: oidAuthorityInfoAccessIssuers, - Location: asn1.RawValue{Tag: 6, Class: 2, Bytes: []byte(name)}, - }) - } - ret[n].Value, err = asn1.Marshal(aiaValues) - if err != nil { - return - } - n++ - } - - if (len(template.DNSNames) > 0 || len(template.EmailAddresses) > 0 || len(template.IPAddresses) > 0 || len(template.URIs) > 0) && - !oidInExtensions(oidExtensionSubjectAltName, template.ExtraExtensions) { - ret[n].Id = oidExtensionSubjectAltName - // From RFC 5280, Section 4.2.1.6: - // “If the subject field contains an empty sequence ... then - // subjectAltName extension ... is marked as critical” - ret[n].Critical = subjectIsEmpty - ret[n].Value, err = marshalSANs(template.DNSNames, template.EmailAddresses, template.IPAddresses, template.URIs) - if err != nil { - return - } - n++ - } - - if len(template.PolicyIdentifiers) > 0 && - !oidInExtensions(oidExtensionCertificatePolicies, template.ExtraExtensions) { - ret[n].Id = oidExtensionCertificatePolicies - policies := make([]policyInformation, len(template.PolicyIdentifiers)) - for i, policy := range template.PolicyIdentifiers { - policies[i].Policy = policy - } - ret[n].Value, err = asn1.Marshal(policies) - if err != nil { - return - } - n++ - } - - if (len(template.PermittedDNSDomains) > 0 || len(template.ExcludedDNSDomains) > 0 || - len(template.PermittedIPRanges) > 0 || len(template.ExcludedIPRanges) > 0 || - len(template.PermittedEmailAddresses) > 0 || len(template.ExcludedEmailAddresses) > 0 || - len(template.PermittedURIDomains) > 0 || len(template.ExcludedURIDomains) > 0) && - !oidInExtensions(oidExtensionNameConstraints, template.ExtraExtensions) { - ret[n].Id = oidExtensionNameConstraints - ret[n].Critical = template.PermittedDNSDomainsCritical - - ipAndMask := func(ipNet *net.IPNet) []byte { - maskedIP := ipNet.IP.Mask(ipNet.Mask) - ipAndMask := make([]byte, 0, len(maskedIP)+len(ipNet.Mask)) - ipAndMask = append(ipAndMask, maskedIP...) - ipAndMask = append(ipAndMask, ipNet.Mask...) - return ipAndMask - } - - serialiseConstraints := func(dns []string, ips []*net.IPNet, emails []string, uriDomains []string) (der []byte, err error) { - var b cryptobyte.Builder - - for _, name := range dns { - if err = isIA5String(name); err != nil { - return nil, err - } - - b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) { - b.AddASN1(cryptobyte_asn1.Tag(2).ContextSpecific(), func(b *cryptobyte.Builder) { - b.AddBytes([]byte(name)) - }) - }) - } - - for _, ipNet := range ips { - b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) { - b.AddASN1(cryptobyte_asn1.Tag(7).ContextSpecific(), func(b *cryptobyte.Builder) { - b.AddBytes(ipAndMask(ipNet)) - }) - }) - } - - for _, email := range emails { - if err = isIA5String(email); err != nil { - return nil, err - } - - b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) { - b.AddASN1(cryptobyte_asn1.Tag(1).ContextSpecific(), func(b *cryptobyte.Builder) { - b.AddBytes([]byte(email)) - }) - }) - } - - for _, uriDomain := range uriDomains { - if err = isIA5String(uriDomain); err != nil { - return nil, err - } - - b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) { - b.AddASN1(cryptobyte_asn1.Tag(6).ContextSpecific(), func(b *cryptobyte.Builder) { - b.AddBytes([]byte(uriDomain)) - }) - }) - } - - return b.Bytes() - } - - permitted, err := serialiseConstraints(template.PermittedDNSDomains, template.PermittedIPRanges, template.PermittedEmailAddresses, template.PermittedURIDomains) - if err != nil { - return nil, err - } - - excluded, err := serialiseConstraints(template.ExcludedDNSDomains, template.ExcludedIPRanges, template.ExcludedEmailAddresses, template.ExcludedURIDomains) - if err != nil { - return nil, err - } - - var b cryptobyte.Builder - b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) { - if len(permitted) > 0 { - b.AddASN1(cryptobyte_asn1.Tag(0).ContextSpecific().Constructed(), func(b *cryptobyte.Builder) { - b.AddBytes(permitted) - }) - } - - if len(excluded) > 0 { - b.AddASN1(cryptobyte_asn1.Tag(1).ContextSpecific().Constructed(), func(b *cryptobyte.Builder) { - b.AddBytes(excluded) - }) - } - }) - - ret[n].Value, err = b.Bytes() - if err != nil { - return nil, err - } - n++ - } - - if len(template.CRLDistributionPoints) > 0 && - !oidInExtensions(oidExtensionCRLDistributionPoints, template.ExtraExtensions) { - ret[n].Id = oidExtensionCRLDistributionPoints - - var crlDp []distributionPoint - for _, name := range template.CRLDistributionPoints { - dp := distributionPoint{ - DistributionPoint: distributionPointName{ - FullName: []asn1.RawValue{ - {Tag: 6, Class: 2, Bytes: []byte(name)}, - }, - }, - } - crlDp = append(crlDp, dp) - } - - ret[n].Value, err = asn1.Marshal(crlDp) - if err != nil { - return - } - n++ - } - - // Adding another extension here? Remember to update the maximum number - // of elements in the make() at the top of the function and the list of - // template fields used in CreateCertificate documentation. - - return append(ret[:n], template.ExtraExtensions...), nil -} - -func subjectBytes(cert *Certificate) ([]byte, error) { - if len(cert.RawSubject) > 0 { - return cert.RawSubject, nil - } - - return asn1.Marshal(cert.Subject.ToRDNSequence()) -} - -// signingParamsForPublicKey returns the parameters to use for signing with -// priv. If requestedSigAlgo is not zero then it overrides the default -// signature algorithm. -func signingParamsForPublicKey(pub interface{}, requestedSigAlgo SignatureAlgorithm) (hashFunc crypto.Hash, sigAlgo pkix.AlgorithmIdentifier, err error) { - var pubType PublicKeyAlgorithm - - switch pub := pub.(type) { - case *rsa.PublicKey: - pubType = RSA - hashFunc = crypto.SHA256 - sigAlgo.Algorithm = oidSignatureSHA256WithRSA - sigAlgo.Parameters = asn1.NullRawValue - - case *ecdsa.PublicKey: - pubType = ECDSA - - switch pub.Curve { - case elliptic.P224(), elliptic.P256(): - hashFunc = crypto.SHA256 - sigAlgo.Algorithm = oidSignatureECDSAWithSHA256 - case elliptic.P384(): - hashFunc = crypto.SHA384 - sigAlgo.Algorithm = oidSignatureECDSAWithSHA384 - case elliptic.P521(): - hashFunc = crypto.SHA512 - sigAlgo.Algorithm = oidSignatureECDSAWithSHA512 - default: - err = errors.New("x509: unknown elliptic curve") - } - - case ed25519.PublicKey: - pubType = Ed25519 - sigAlgo.Algorithm = oidSignatureEd25519 - - default: - err = errors.New("x509: only RSA, ECDSA and Ed25519 keys supported") - } - - if err != nil { - return - } - - if requestedSigAlgo == 0 { - return - } - - found := false - for _, details := range signatureAlgorithmDetails { - if details.algo == requestedSigAlgo { - if details.pubKeyAlgo != pubType { - err = errors.New("x509: requested SignatureAlgorithm does not match private key type") - return - } - sigAlgo.Algorithm, hashFunc = details.oid, details.hash - if hashFunc == 0 && pubType != Ed25519 { - err = errors.New("x509: cannot sign with hash function requested") - return - } - if requestedSigAlgo.isRSAPSS() { - sigAlgo.Parameters = rsaPSSParameters(hashFunc) - } - found = true - break - } - } - - if !found { - err = errors.New("x509: unknown SignatureAlgorithm") - } - - return -} - -// emptyASN1Subject is the ASN.1 DER encoding of an empty Subject, which is -// just an empty SEQUENCE. -var emptyASN1Subject = []byte{0x30, 0} - -// CreateCertificate creates a new X.509v3 certificate based on a template. -// The following members of template are used: -// -// - AuthorityKeyId -// - BasicConstraintsValid -// - CRLDistributionPoints -// - DNSNames -// - EmailAddresses -// - ExcludedDNSDomains -// - ExcludedEmailAddresses -// - ExcludedIPRanges -// - ExcludedURIDomains -// - ExtKeyUsage -// - ExtraExtensions -// - IPAddresses -// - IsCA -// - IssuingCertificateURL -// - KeyUsage -// - MaxPathLen -// - MaxPathLenZero -// - NotAfter -// - NotBefore -// - OCSPServer -// - PermittedDNSDomains -// - PermittedDNSDomainsCritical -// - PermittedEmailAddresses -// - PermittedIPRanges -// - PermittedURIDomains -// - PolicyIdentifiers -// - SerialNumber -// - SignatureAlgorithm -// - Subject -// - SubjectKeyId -// - URIs -// - UnknownExtKeyUsage -// -// The certificate is signed by parent. If parent is equal to template then the -// certificate is self-signed. The parameter pub is the public key of the -// signee and priv is the private key of the signer. -// -// The returned slice is the certificate in DER encoding. -// -// The currently supported key types are *rsa.PublicKey, *ecdsa.PublicKey and -// ed25519.PublicKey. pub must be a supported key type, and priv must be a -// crypto.Signer with a supported public key. -// -// The AuthorityKeyId will be taken from the SubjectKeyId of parent, if any, -// unless the resulting certificate is self-signed. Otherwise the value from -// template will be used. -// -// If SubjectKeyId from template is empty and the template is a CA, SubjectKeyId -// will be generated from the hash of the public key. -func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv interface{}) (cert []byte, err error) { - key, ok := priv.(crypto.Signer) - if !ok { - return nil, errors.New("x509: certificate private key does not implement crypto.Signer") - } - - if template.SerialNumber == nil { - return nil, errors.New("x509: no SerialNumber given") - } - - if template.BasicConstraintsValid && !template.IsCA && (template.MaxPathLen != 0 || template.MaxPathLenZero) { - return nil, errors.New("x509: only CAs are allowed to specify MaxPathLen") - } - - hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Public(), template.SignatureAlgorithm) - if err != nil { - return nil, err - } - - publicKeyBytes, publicKeyAlgorithm, err := marshalPublicKey(pub) - if err != nil { - return nil, err - } - - asn1Issuer, err := subjectBytes(parent) - if err != nil { - return - } - - asn1Subject, err := subjectBytes(template) - if err != nil { - return - } - - authorityKeyId := template.AuthorityKeyId - if !bytes.Equal(asn1Issuer, asn1Subject) && len(parent.SubjectKeyId) > 0 { - authorityKeyId = parent.SubjectKeyId - } - - encodedPublicKey := asn1.BitString{BitLength: len(publicKeyBytes) * 8, Bytes: publicKeyBytes} - pki := publicKeyInfo{nil, publicKeyAlgorithm, encodedPublicKey} - subjectKeyId := template.SubjectKeyId - if len(subjectKeyId) == 0 && template.IsCA { - // SubjectKeyId generated using method 1 in RFC 5280, Section 4.2.1.2 - b, err := asn1.Marshal(pki) - if err != nil { - return nil, err - } - h := sha1.Sum(b) - subjectKeyId = h[:] - } - - extensions, err := buildExtensions(template, bytes.Equal(asn1Subject, emptyASN1Subject), authorityKeyId, subjectKeyId) - if err != nil { - return - } - - c := tbsCertificate{ - Version: 2, - SerialNumber: template.SerialNumber, - SignatureAlgorithm: signatureAlgorithm, - Issuer: asn1.RawValue{FullBytes: asn1Issuer}, - Validity: validity{template.NotBefore.UTC(), template.NotAfter.UTC()}, - Subject: asn1.RawValue{FullBytes: asn1Subject}, - PublicKey: pki, - Extensions: extensions, - } - - tbsCertContents, err := asn1.Marshal(c) - if err != nil { - return - } - c.Raw = tbsCertContents - - signed := tbsCertContents - if hashFunc != 0 { - h := hashFunc.New() - h.Write(signed) - signed = h.Sum(nil) - } - - var signerOpts crypto.SignerOpts = hashFunc - if template.SignatureAlgorithm != 0 && template.SignatureAlgorithm.isRSAPSS() { - signerOpts = &rsa.PSSOptions{ - SaltLength: rsa.PSSSaltLengthEqualsHash, - Hash: hashFunc, - } - } - - var signature []byte - signature, err = key.Sign(rand, signed, signerOpts) - if err != nil { - return - } - - return asn1.Marshal(certificate{ - nil, - c, - signatureAlgorithm, - asn1.BitString{Bytes: signature, BitLength: len(signature) * 8}, - }) -} - -// pemCRLPrefix is the magic string that indicates that we have a PEM encoded -// CRL. -var pemCRLPrefix = []byte("-----BEGIN X509 CRL") - -// pemType is the type of a PEM encoded CRL. -var pemType = "X509 CRL" - -// ParseCRL parses a CRL from the given bytes. It's often the case that PEM -// encoded CRLs will appear where they should be DER encoded, so this function -// will transparently handle PEM encoding as long as there isn't any leading -// garbage. -func ParseCRL(crlBytes []byte) (*pkix.CertificateList, error) { - if bytes.HasPrefix(crlBytes, pemCRLPrefix) { - block, _ := pem.Decode(crlBytes) - if block != nil && block.Type == pemType { - crlBytes = block.Bytes - } - } - return ParseDERCRL(crlBytes) -} - -// ParseDERCRL parses a DER encoded CRL from the given bytes. -func ParseDERCRL(derBytes []byte) (*pkix.CertificateList, error) { - certList := new(pkix.CertificateList) - if rest, err := asn1.Unmarshal(derBytes, certList); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after CRL") - } - return certList, nil -} - -// CreateCRL returns a DER encoded CRL, signed by this Certificate, that -// contains the given list of revoked certificates. -// -// Note: this method does not generate an RFC 5280 conformant X.509 v2 CRL. -// To generate a standards compliant CRL, use CreateRevocationList instead. -func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) (crlBytes []byte, err error) { - key, ok := priv.(crypto.Signer) - if !ok { - return nil, errors.New("x509: certificate private key does not implement crypto.Signer") - } - - hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Public(), 0) - if err != nil { - return nil, err - } - - // Force revocation times to UTC per RFC 5280. - revokedCertsUTC := make([]pkix.RevokedCertificate, len(revokedCerts)) - for i, rc := range revokedCerts { - rc.RevocationTime = rc.RevocationTime.UTC() - revokedCertsUTC[i] = rc - } - - tbsCertList := pkix.TBSCertificateList{ - Version: 1, - Signature: signatureAlgorithm, - Issuer: c.Subject.ToRDNSequence(), - ThisUpdate: now.UTC(), - NextUpdate: expiry.UTC(), - RevokedCertificates: revokedCertsUTC, - } - - // Authority Key Id - if len(c.SubjectKeyId) > 0 { - var aki pkix.Extension - aki.Id = oidExtensionAuthorityKeyId - aki.Value, err = asn1.Marshal(authKeyId{Id: c.SubjectKeyId}) - if err != nil { - return - } - tbsCertList.Extensions = append(tbsCertList.Extensions, aki) - } - - tbsCertListContents, err := asn1.Marshal(tbsCertList) - if err != nil { - return - } - - signed := tbsCertListContents - if hashFunc != 0 { - h := hashFunc.New() - h.Write(signed) - signed = h.Sum(nil) - } - - var signature []byte - signature, err = key.Sign(rand, signed, hashFunc) - if err != nil { - return - } - - return asn1.Marshal(pkix.CertificateList{ - TBSCertList: tbsCertList, - SignatureAlgorithm: signatureAlgorithm, - SignatureValue: asn1.BitString{Bytes: signature, BitLength: len(signature) * 8}, - }) -} - -// CertificateRequest represents a PKCS #10, certificate signature request. -type CertificateRequest struct { - Raw []byte // Complete ASN.1 DER content (CSR, signature algorithm and signature). - RawTBSCertificateRequest []byte // Certificate request info part of raw ASN.1 DER content. - RawSubjectPublicKeyInfo []byte // DER encoded SubjectPublicKeyInfo. - RawSubject []byte // DER encoded Subject. - - Version int - Signature []byte - SignatureAlgorithm SignatureAlgorithm - - PublicKeyAlgorithm PublicKeyAlgorithm - PublicKey interface{} - - Subject pkix.Name - - // Attributes contains the CSR attributes that can parse as - // pkix.AttributeTypeAndValueSET. - // - // Deprecated: Use Extensions and ExtraExtensions instead for parsing and - // generating the requestedExtensions attribute. - Attributes []pkix.AttributeTypeAndValueSET - - // Extensions contains all requested extensions, in raw form. When parsing - // CSRs, this can be used to extract extensions that are not parsed by this - // package. - Extensions []pkix.Extension - - // ExtraExtensions contains extensions to be copied, raw, into any CSR - // marshaled by CreateCertificateRequest. Values override any extensions - // that would otherwise be produced based on the other fields but are - // overridden by any extensions specified in Attributes. - // - // The ExtraExtensions field is not populated by ParseCertificateRequest, - // see Extensions instead. - ExtraExtensions []pkix.Extension - - // Subject Alternate Name values. - DNSNames []string - EmailAddresses []string - IPAddresses []net.IP - URIs []*url.URL -} - -// These structures reflect the ASN.1 structure of X.509 certificate -// signature requests (see RFC 2986): - -type tbsCertificateRequest struct { - Raw asn1.RawContent - Version int - Subject asn1.RawValue - PublicKey publicKeyInfo - RawAttributes []asn1.RawValue `asn1:"tag:0"` -} - -type certificateRequest struct { - Raw asn1.RawContent - TBSCSR tbsCertificateRequest - SignatureAlgorithm pkix.AlgorithmIdentifier - SignatureValue asn1.BitString -} - -// oidExtensionRequest is a PKCS#9 OBJECT IDENTIFIER that indicates requested -// extensions in a CSR. -var oidExtensionRequest = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 14} - -// newRawAttributes converts AttributeTypeAndValueSETs from a template -// CertificateRequest's Attributes into tbsCertificateRequest RawAttributes. -func newRawAttributes(attributes []pkix.AttributeTypeAndValueSET) ([]asn1.RawValue, error) { - var rawAttributes []asn1.RawValue - b, err := asn1.Marshal(attributes) - if err != nil { - return nil, err - } - rest, err := asn1.Unmarshal(b, &rawAttributes) - if err != nil { - return nil, err - } - if len(rest) != 0 { - return nil, errors.New("x509: failed to unmarshal raw CSR Attributes") - } - return rawAttributes, nil -} - -// parseRawAttributes Unmarshals RawAttributes into AttributeTypeAndValueSETs. -func parseRawAttributes(rawAttributes []asn1.RawValue) []pkix.AttributeTypeAndValueSET { - var attributes []pkix.AttributeTypeAndValueSET - for _, rawAttr := range rawAttributes { - var attr pkix.AttributeTypeAndValueSET - rest, err := asn1.Unmarshal(rawAttr.FullBytes, &attr) - // Ignore attributes that don't parse into pkix.AttributeTypeAndValueSET - // (i.e.: challengePassword or unstructuredName). - if err == nil && len(rest) == 0 { - attributes = append(attributes, attr) - } - } - return attributes -} - -// parseCSRExtensions parses the attributes from a CSR and extracts any -// requested extensions. -func parseCSRExtensions(rawAttributes []asn1.RawValue) ([]pkix.Extension, error) { - // pkcs10Attribute reflects the Attribute structure from RFC 2986, Section 4.1. - type pkcs10Attribute struct { - Id asn1.ObjectIdentifier - Values []asn1.RawValue `asn1:"set"` - } - - var ret []pkix.Extension - for _, rawAttr := range rawAttributes { - var attr pkcs10Attribute - if rest, err := asn1.Unmarshal(rawAttr.FullBytes, &attr); err != nil || len(rest) != 0 || len(attr.Values) == 0 { - // Ignore attributes that don't parse. - continue - } - - if !attr.Id.Equal(oidExtensionRequest) { - continue - } - - var extensions []pkix.Extension - if _, err := asn1.Unmarshal(attr.Values[0].FullBytes, &extensions); err != nil { - return nil, err - } - ret = append(ret, extensions...) - } - - return ret, nil -} - -// CreateCertificateRequest creates a new certificate request based on a -// template. The following members of template are used: -// -// - SignatureAlgorithm -// - Subject -// - DNSNames -// - EmailAddresses -// - IPAddresses -// - URIs -// - ExtraExtensions -// - Attributes (deprecated) -// -// priv is the private key to sign the CSR with, and the corresponding public -// key will be included in the CSR. It must implement crypto.Signer and its -// Public() method must return a *rsa.PublicKey or a *ecdsa.PublicKey or a -// ed25519.PublicKey. (A *rsa.PrivateKey, *ecdsa.PrivateKey or -// ed25519.PrivateKey satisfies this.) -// -// The returned slice is the certificate request in DER encoding. -func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error) { - key, ok := priv.(crypto.Signer) - if !ok { - return nil, errors.New("x509: certificate private key does not implement crypto.Signer") - } - - var hashFunc crypto.Hash - var sigAlgo pkix.AlgorithmIdentifier - hashFunc, sigAlgo, err = signingParamsForPublicKey(key.Public(), template.SignatureAlgorithm) - if err != nil { - return nil, err - } - - var publicKeyBytes []byte - var publicKeyAlgorithm pkix.AlgorithmIdentifier - publicKeyBytes, publicKeyAlgorithm, err = marshalPublicKey(key.Public()) - if err != nil { - return nil, err - } - - var extensions []pkix.Extension - - if (len(template.DNSNames) > 0 || len(template.EmailAddresses) > 0 || len(template.IPAddresses) > 0 || len(template.URIs) > 0) && - !oidInExtensions(oidExtensionSubjectAltName, template.ExtraExtensions) { - sanBytes, err := marshalSANs(template.DNSNames, template.EmailAddresses, template.IPAddresses, template.URIs) - if err != nil { - return nil, err - } - - extensions = append(extensions, pkix.Extension{ - Id: oidExtensionSubjectAltName, - Value: sanBytes, - }) - } - - extensions = append(extensions, template.ExtraExtensions...) - - // Make a copy of template.Attributes because we may alter it below. - attributes := make([]pkix.AttributeTypeAndValueSET, 0, len(template.Attributes)) - for _, attr := range template.Attributes { - values := make([][]pkix.AttributeTypeAndValue, len(attr.Value)) - copy(values, attr.Value) - attributes = append(attributes, pkix.AttributeTypeAndValueSET{ - Type: attr.Type, - Value: values, - }) - } - - extensionsAppended := false - if len(extensions) > 0 { - // Append the extensions to an existing attribute if possible. - for _, atvSet := range attributes { - if !atvSet.Type.Equal(oidExtensionRequest) || len(atvSet.Value) == 0 { - continue - } - - // specifiedExtensions contains all the extensions that we - // found specified via template.Attributes. - specifiedExtensions := make(map[string]bool) - - for _, atvs := range atvSet.Value { - for _, atv := range atvs { - specifiedExtensions[atv.Type.String()] = true - } - } - - newValue := make([]pkix.AttributeTypeAndValue, 0, len(atvSet.Value[0])+len(extensions)) - newValue = append(newValue, atvSet.Value[0]...) - - for _, e := range extensions { - if specifiedExtensions[e.Id.String()] { - // Attributes already contained a value for - // this extension and it takes priority. - continue - } - - newValue = append(newValue, pkix.AttributeTypeAndValue{ - // There is no place for the critical - // flag in an AttributeTypeAndValue. - Type: e.Id, - Value: e.Value, - }) - } - - atvSet.Value[0] = newValue - extensionsAppended = true - break - } - } - - rawAttributes, err := newRawAttributes(attributes) - if err != nil { - return - } - - // If not included in attributes, add a new attribute for the - // extensions. - if len(extensions) > 0 && !extensionsAppended { - attr := struct { - Type asn1.ObjectIdentifier - Value [][]pkix.Extension `asn1:"set"` - }{ - Type: oidExtensionRequest, - Value: [][]pkix.Extension{extensions}, - } - - b, err := asn1.Marshal(attr) - if err != nil { - return nil, errors.New("x509: failed to serialise extensions attribute: " + err.Error()) - } - - var rawValue asn1.RawValue - if _, err := asn1.Unmarshal(b, &rawValue); err != nil { - return nil, err - } - - rawAttributes = append(rawAttributes, rawValue) - } - - asn1Subject := template.RawSubject - if len(asn1Subject) == 0 { - asn1Subject, err = asn1.Marshal(template.Subject.ToRDNSequence()) - if err != nil { - return nil, err - } - } - - tbsCSR := tbsCertificateRequest{ - Version: 0, // PKCS #10, RFC 2986 - Subject: asn1.RawValue{FullBytes: asn1Subject}, - PublicKey: publicKeyInfo{ - Algorithm: publicKeyAlgorithm, - PublicKey: asn1.BitString{ - Bytes: publicKeyBytes, - BitLength: len(publicKeyBytes) * 8, - }, - }, - RawAttributes: rawAttributes, - } - - tbsCSRContents, err := asn1.Marshal(tbsCSR) - if err != nil { - return - } - tbsCSR.Raw = tbsCSRContents - - signed := tbsCSRContents - if hashFunc != 0 { - h := hashFunc.New() - h.Write(signed) - signed = h.Sum(nil) - } - - var signature []byte - signature, err = key.Sign(rand, signed, hashFunc) - if err != nil { - return - } - - return asn1.Marshal(certificateRequest{ - TBSCSR: tbsCSR, - SignatureAlgorithm: sigAlgo, - SignatureValue: asn1.BitString{ - Bytes: signature, - BitLength: len(signature) * 8, - }, - }) -} - -// ParseCertificateRequest parses a single certificate request from the -// given ASN.1 DER data. -func ParseCertificateRequest(asn1Data []byte) (*CertificateRequest, error) { - var csr certificateRequest - - rest, err := asn1.Unmarshal(asn1Data, &csr) - if err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, asn1.SyntaxError{Msg: "trailing data"} - } - - return parseCertificateRequest(&csr) -} - -func parseCertificateRequest(in *certificateRequest) (*CertificateRequest, error) { - out := &CertificateRequest{ - Raw: in.Raw, - RawTBSCertificateRequest: in.TBSCSR.Raw, - RawSubjectPublicKeyInfo: in.TBSCSR.PublicKey.Raw, - RawSubject: in.TBSCSR.Subject.FullBytes, - - Signature: in.SignatureValue.RightAlign(), - SignatureAlgorithm: getSignatureAlgorithmFromAI(in.SignatureAlgorithm), - - PublicKeyAlgorithm: getPublicKeyAlgorithmFromOID(in.TBSCSR.PublicKey.Algorithm.Algorithm), - - Version: in.TBSCSR.Version, - Attributes: parseRawAttributes(in.TBSCSR.RawAttributes), - } - - var err error - out.PublicKey, err = parsePublicKey(out.PublicKeyAlgorithm, &in.TBSCSR.PublicKey) - if err != nil { - return nil, err - } - - var subject pkix.RDNSequence - if rest, err := asn1.Unmarshal(in.TBSCSR.Subject.FullBytes, &subject); err != nil { - return nil, err - } else if len(rest) != 0 { - return nil, errors.New("x509: trailing data after X.509 Subject") - } - - out.Subject.FillFromRDNSequence(&subject) - - if out.Extensions, err = parseCSRExtensions(in.TBSCSR.RawAttributes); err != nil { - return nil, err - } - - for _, extension := range out.Extensions { - if extension.Id.Equal(oidExtensionSubjectAltName) { - out.DNSNames, out.EmailAddresses, out.IPAddresses, out.URIs, err = parseSANExtension(extension.Value) - if err != nil { - return nil, err - } - } - } - - return out, nil -} - -// CheckSignature reports whether the signature on c is valid. -func (c *CertificateRequest) CheckSignature() error { - return checkSignature(c.SignatureAlgorithm, c.RawTBSCertificateRequest, c.Signature, c.PublicKey) -} - -// RevocationList contains the fields used to create an X.509 v2 Certificate -// Revocation list with CreateRevocationList. -type RevocationList struct { - // SignatureAlgorithm is used to determine the signature algorithm to be - // used when signing the CRL. If 0 the default algorithm for the signing - // key will be used. - SignatureAlgorithm SignatureAlgorithm - - // RevokedCertificates is used to populate the revokedCertificates - // sequence in the CRL, it may be empty. RevokedCertificates may be nil, - // in which case an empty CRL will be created. - RevokedCertificates []pkix.RevokedCertificate - - // Number is used to populate the X.509 v2 cRLNumber extension in the CRL, - // which should be a monotonically increasing sequence number for a given - // CRL scope and CRL issuer. - Number *big.Int - // ThisUpdate is used to populate the thisUpdate field in the CRL, which - // indicates the issuance date of the CRL. - ThisUpdate time.Time - // NextUpdate is used to populate the nextUpdate field in the CRL, which - // indicates the date by which the next CRL will be issued. NextUpdate - // must be greater than ThisUpdate. - NextUpdate time.Time - // ExtraExtensions contains any additional extensions to add directly to - // the CRL. - ExtraExtensions []pkix.Extension -} - -// CreateRevocationList creates a new X.509 v2 Certificate Revocation List, -// according to RFC 5280, based on template. -// -// The CRL is signed by priv which should be the private key associated with -// the public key in the issuer certificate. -// -// The issuer may not be nil, and the crlSign bit must be set in KeyUsage in -// order to use it as a CRL issuer. -// -// The issuer distinguished name CRL field and authority key identifier -// extension are populated using the issuer certificate. issuer must have -// SubjectKeyId set. -func CreateRevocationList(rand io.Reader, template *RevocationList, issuer *Certificate, priv crypto.Signer) ([]byte, error) { - if template == nil { - return nil, errors.New("x509: template can not be nil") - } - if issuer == nil { - return nil, errors.New("x509: issuer can not be nil") - } - if (issuer.KeyUsage & KeyUsageCRLSign) == 0 { - return nil, errors.New("x509: issuer must have the crlSign key usage bit set") - } - if len(issuer.SubjectKeyId) == 0 { - return nil, errors.New("x509: issuer certificate doesn't contain a subject key identifier") - } - if template.NextUpdate.Before(template.ThisUpdate) { - return nil, errors.New("x509: template.ThisUpdate is after template.NextUpdate") - } - if template.Number == nil { - return nil, errors.New("x509: template contains nil Number field") - } - - hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(priv.Public(), template.SignatureAlgorithm) - if err != nil { - return nil, err - } - - // Force revocation times to UTC per RFC 5280. - revokedCertsUTC := make([]pkix.RevokedCertificate, len(template.RevokedCertificates)) - for i, rc := range template.RevokedCertificates { - rc.RevocationTime = rc.RevocationTime.UTC() - revokedCertsUTC[i] = rc - } - - aki, err := asn1.Marshal(authKeyId{Id: issuer.SubjectKeyId}) - if err != nil { - return nil, err - } - crlNum, err := asn1.Marshal(template.Number) - if err != nil { - return nil, err - } - - tbsCertList := pkix.TBSCertificateList{ - Version: 1, // v2 - Signature: signatureAlgorithm, - Issuer: issuer.Subject.ToRDNSequence(), - ThisUpdate: template.ThisUpdate.UTC(), - NextUpdate: template.NextUpdate.UTC(), - Extensions: []pkix.Extension{ - { - Id: oidExtensionAuthorityKeyId, - Value: aki, - }, - { - Id: oidExtensionCRLNumber, - Value: crlNum, - }, - }, - } - if len(revokedCertsUTC) > 0 { - tbsCertList.RevokedCertificates = revokedCertsUTC - } - - if len(template.ExtraExtensions) > 0 { - tbsCertList.Extensions = append(tbsCertList.Extensions, template.ExtraExtensions...) - } - - tbsCertListContents, err := asn1.Marshal(tbsCertList) - if err != nil { - return nil, err - } - - input := tbsCertListContents - if hashFunc != 0 { - h := hashFunc.New() - h.Write(tbsCertListContents) - input = h.Sum(nil) - } - var signerOpts crypto.SignerOpts = hashFunc - if template.SignatureAlgorithm.isRSAPSS() { - signerOpts = &rsa.PSSOptions{ - SaltLength: rsa.PSSSaltLengthEqualsHash, - Hash: hashFunc, - } - } - - signature, err := priv.Sign(rand, input, signerOpts) - if err != nil { - return nil, err - } - - return asn1.Marshal(pkix.CertificateList{ - TBSCertList: tbsCertList, - SignatureAlgorithm: signatureAlgorithm, - SignatureValue: asn1.BitString{Bytes: signature, BitLength: len(signature) * 8}, - }) -} diff --git a/tempfork/x509/x509_test.go b/tempfork/x509/x509_test.go deleted file mode 100644 index bd297858e..000000000 --- a/tempfork/x509/x509_test.go +++ /dev/null @@ -1,2664 +0,0 @@ -// Copyright 2009 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509 - -import ( - "bytes" - "crypto" - "crypto/dsa" - "crypto/ecdsa" - "crypto/ed25519" - "crypto/elliptic" - "crypto/rand" - "crypto/rsa" - _ "crypto/sha256" - _ "crypto/sha512" - "crypto/x509/pkix" - "encoding/asn1" - "encoding/base64" - "encoding/hex" - "encoding/pem" - "fmt" - "math/big" - "net" - "net/url" - "os/exec" - "reflect" - "runtime" - "strings" - "testing" - "time" - - "tailscale.com/tempfork/internal/testenv" -) - -func TestParsePKCS1PrivateKey(t *testing.T) { - block, _ := pem.Decode([]byte(pemPrivateKey)) - priv, err := ParsePKCS1PrivateKey(block.Bytes) - if err != nil { - t.Errorf("Failed to parse private key: %s", err) - return - } - if priv.PublicKey.N.Cmp(rsaPrivateKey.PublicKey.N) != 0 || - priv.PublicKey.E != rsaPrivateKey.PublicKey.E || - priv.D.Cmp(rsaPrivateKey.D) != 0 || - priv.Primes[0].Cmp(rsaPrivateKey.Primes[0]) != 0 || - priv.Primes[1].Cmp(rsaPrivateKey.Primes[1]) != 0 { - t.Errorf("got:%+v want:%+v", priv, rsaPrivateKey) - } - - // This private key includes an invalid prime that - // rsa.PrivateKey.Validate should reject. - data := []byte("0\x16\x02\x00\x02\x02\u007f\x00\x02\x0200\x02\x0200\x02\x02\x00\x01\x02\x02\u007f\x00") - if _, err := ParsePKCS1PrivateKey(data); err == nil { - t.Errorf("parsing invalid private key did not result in an error") - } -} - -func TestPKCS1MismatchPublicKeyFormat(t *testing.T) { - - const pkixPublicKey = "30820122300d06092a864886f70d01010105000382010f003082010a0282010100dd5a0f37d3ca5232852ccc0e81eebec270e2f2c6c44c6231d852971a0aad00aa7399e9b9de444611083c59ea919a9d76c20a7be131a99045ec19a7bb452d647a72429e66b87e28be9e8187ed1d2a2a01ef3eb2360706bd873b07f2d1f1a72337aab5ec94e983e39107f52c480d404915e84d75a3db2cfd601726a128cb1d7f11492d4bdb53272e652276667220795c709b8a9b4af6489cbf48bb8173b8fb607c834a71b6e8bf2d6aab82af3c8ad7ce16d8dcf58373a6edc427f7484d09744d4c08f4e19ed07adbf6cb31243bc5d0d1145e77a08a6fc5efd208eca67d6abf2d6f38f58b6fdd7c28774fb0cc03fc4935c6e074842d2e1479d3d8787249258719f90203010001" - const errorContains = "use ParsePKIXPublicKey instead" - derBytes, _ := hex.DecodeString(pkixPublicKey) - _, err := ParsePKCS1PublicKey(derBytes) - if !strings.Contains(err.Error(), errorContains) { - t.Errorf("expected error containing %q, got %s", errorContains, err) - } -} - -func testParsePKIXPublicKey(t *testing.T, pemBytes string) (pub interface{}) { - block, _ := pem.Decode([]byte(pemBytes)) - pub, err := ParsePKIXPublicKey(block.Bytes) - if err != nil { - t.Fatalf("Failed to parse public key: %s", err) - } - - pubBytes2, err := MarshalPKIXPublicKey(pub) - if err != nil { - t.Errorf("Failed to marshal public key for the second time: %s", err) - return - } - if !bytes.Equal(pubBytes2, block.Bytes) { - t.Errorf("Reserialization of public key didn't match. got %x, want %x", pubBytes2, block.Bytes) - } - return -} - -func TestParsePKIXPublicKey(t *testing.T) { - t.Run("RSA", func(t *testing.T) { - pub := testParsePKIXPublicKey(t, pemPublicKey) - _, ok := pub.(*rsa.PublicKey) - if !ok { - t.Errorf("Value returned from ParsePKIXPublicKey was not an RSA public key") - } - }) - t.Run("Ed25519", func(t *testing.T) { - pub := testParsePKIXPublicKey(t, pemEd25519Key) - _, ok := pub.(ed25519.PublicKey) - if !ok { - t.Errorf("Value returned from ParsePKIXPublicKey was not an Ed25519 public key") - } - }) -} - -var pemPublicKey = `-----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VoPN9PKUjKFLMwOge6+ -wnDi8sbETGIx2FKXGgqtAKpzmem53kRGEQg8WeqRmp12wgp74TGpkEXsGae7RS1k -enJCnma4fii+noGH7R0qKgHvPrI2Bwa9hzsH8tHxpyM3qrXslOmD45EH9SxIDUBJ -FehNdaPbLP1gFyahKMsdfxFJLUvbUycuZSJ2ZnIgeVxwm4qbSvZInL9Iu4FzuPtg -fINKcbbovy1qq4KvPIrXzhbY3PWDc6btxCf3SE0JdE1MCPThntB62/bLMSQ7xdDR -FF53oIpvxe/SCOymfWq/LW849Ytv3Xwod0+wzAP8STXG4HSELS4UedPYeHJJJYcZ -+QIDAQAB ------END PUBLIC KEY----- -` - -var pemPrivateKey = testingKey(` ------BEGIN RSA TESTING KEY----- -MIICXAIBAAKBgQCxoeCUW5KJxNPxMp+KmCxKLc1Zv9Ny+4CFqcUXVUYH69L3mQ7v -IWrJ9GBfcaA7BPQqUlWxWM+OCEQZH1EZNIuqRMNQVuIGCbz5UQ8w6tS0gcgdeGX7 -J7jgCQ4RK3F/PuCM38QBLaHx988qG8NMc6VKErBjctCXFHQt14lerd5KpQIDAQAB -AoGAYrf6Hbk+mT5AI33k2Jt1kcweodBP7UkExkPxeuQzRVe0KVJw0EkcFhywKpr1 -V5eLMrILWcJnpyHE5slWwtFHBG6a5fLaNtsBBtcAIfqTQ0Vfj5c6SzVaJv0Z5rOd -7gQF6isy3t3w9IF3We9wXQKzT6q5ypPGdm6fciKQ8RnzREkCQQDZwppKATqQ41/R -vhSj90fFifrGE6aVKC1hgSpxGQa4oIdsYYHwMzyhBmWW9Xv/R+fPyr8ZwPxp2c12 -33QwOLPLAkEA0NNUb+z4ebVVHyvSwF5jhfJxigim+s49KuzJ1+A2RaSApGyBZiwS -rWvWkB471POAKUYt5ykIWVZ83zcceQiNTwJBAMJUFQZX5GDqWFc/zwGoKkeR49Yi -MTXIvf7Wmv6E++eFcnT461FlGAUHRV+bQQXGsItR/opIG7mGogIkVXa3E1MCQARX -AAA7eoZ9AEHflUeuLn9QJI/r0hyQQLEtrpwv6rDT1GCWaLII5HJ6NUFVf4TTcqxo -6vdM4QGKTJoO+SaCyP0CQFdpcxSAuzpFcKv0IlJ8XzS/cy+mweCMwyJ1PFEc4FX6 -wg/HcAJWY60xZTJDFN+Qfx8ZQvBEin6c2/h+zZi5IVY= ------END RSA TESTING KEY----- -`) - -// pemEd25519Key is the example from RFC 8410, Secrion 4. -var pemEd25519Key = ` ------BEGIN PUBLIC KEY----- -MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE= ------END PUBLIC KEY----- -` - -func TestPKIXMismatchPublicKeyFormat(t *testing.T) { - - const pkcs1PublicKey = "308201080282010100817cfed98bcaa2e2a57087451c7674e0c675686dc33ff1268b0c2a6ee0202dec710858ee1c31bdf5e7783582e8ca800be45f3275c6576adc35d98e26e95bb88ca5beb186f853b8745d88bc9102c5f38753bcda519fb05948d5c77ac429255ff8aaf27d9f45d1586e95e2e9ba8a7cb771b8a09dd8c8fed3f933fd9b439bc9f30c475953418ef25f71a2b6496f53d94d39ce850aa0cc75d445b5f5b4f4ee4db78ab197a9a8d8a852f44529a007ac0ac23d895928d60ba538b16b0b087a7f903ed29770e215019b77eaecc360f35f7ab11b6d735978795b2c4a74e5bdea4dc6594cd67ed752a108e666729a753ab36d6c4f606f8760f507e1765be8cd744007e629020103" - const errorContains = "use ParsePKCS1PublicKey instead" - derBytes, _ := hex.DecodeString(pkcs1PublicKey) - _, err := ParsePKIXPublicKey(derBytes) - if !strings.Contains(err.Error(), errorContains) { - t.Errorf("expected error containing %q, got %s", errorContains, err) - } -} - -var testPrivateKey *rsa.PrivateKey - -func init() { - block, _ := pem.Decode([]byte(pemPrivateKey)) - - var err error - if testPrivateKey, err = ParsePKCS1PrivateKey(block.Bytes); err != nil { - panic("Failed to parse private key: " + err.Error()) - } -} - -func bigFromString(s string) *big.Int { - ret := new(big.Int) - ret.SetString(s, 10) - return ret -} - -func fromBase10(base10 string) *big.Int { - i := new(big.Int) - i.SetString(base10, 10) - return i -} - -func bigFromHexString(s string) *big.Int { - ret := new(big.Int) - ret.SetString(s, 16) - return ret -} - -var rsaPrivateKey = &rsa.PrivateKey{ - PublicKey: rsa.PublicKey{ - N: bigFromString("124737666279038955318614287965056875799409043964547386061640914307192830334599556034328900586693254156136128122194531292927142396093148164407300419162827624945636708870992355233833321488652786796134504707628792159725681555822420087112284637501705261187690946267527866880072856272532711620639179596808018872997"), - E: 65537, - }, - D: bigFromString("69322600686866301945688231018559005300304807960033948687567105312977055197015197977971637657636780793670599180105424702854759606794705928621125408040473426339714144598640466128488132656829419518221592374964225347786430566310906679585739468938549035854760501049443920822523780156843263434219450229353270690889"), - Primes: []*big.Int{ - bigFromString("11405025354575369741595561190164746858706645478381139288033759331174478411254205003127028642766986913445391069745480057674348716675323735886284176682955723"), - bigFromString("10937079261204603443118731009201819560867324167189758120988909645641782263430128449826989846631183550578761324239709121189827307416350485191350050332642639"), - }, -} - -func TestMarshalRSAPrivateKey(t *testing.T) { - priv := &rsa.PrivateKey{ - PublicKey: rsa.PublicKey{ - N: fromBase10("16346378922382193400538269749936049106320265317511766357599732575277382844051791096569333808598921852351577762718529818072849191122419410612033592401403764925096136759934497687765453905884149505175426053037420486697072448609022753683683718057795566811401938833367954642951433473337066311978821180526439641496973296037000052546108507805269279414789035461158073156772151892452251106173507240488993608650881929629163465099476849643165682709047462010581308719577053905787496296934240246311806555924593059995202856826239801816771116902778517096212527979497399966526283516447337775509777558018145573127308919204297111496233"), - E: 3, - }, - D: fromBase10("10897585948254795600358846499957366070880176878341177571733155050184921896034527397712889205732614568234385175145686545381899460748279607074689061600935843283397424506622998458510302603922766336783617368686090042765718290914099334449154829375179958369993407724946186243249568928237086215759259909861748642124071874879861299389874230489928271621259294894142840428407196932444474088857746123104978617098858619445675532587787023228852383149557470077802718705420275739737958953794088728369933811184572620857678792001136676902250566845618813972833750098806496641114644760255910789397593428910198080271317419213080834885003"), - Primes: []*big.Int{ - fromBase10("1025363189502892836833747188838978207017355117492483312747347695538428729137306368764177201532277413433182799108299960196606011786562992097313508180436744488171474690412562218914213688661311117337381958560443"), - fromBase10("3467903426626310123395340254094941045497208049900750380025518552334536945536837294961497712862519984786362199788654739924501424784631315081391467293694361474867825728031147665777546570788493758372218019373"), - fromBase10("4597024781409332673052708605078359346966325141767460991205742124888960305710298765592730135879076084498363772408626791576005136245060321874472727132746643162385746062759369754202494417496879741537284589047"), - }, - } - - derBytes := MarshalPKCS1PrivateKey(priv) - - priv2, err := ParsePKCS1PrivateKey(derBytes) - if err != nil { - t.Errorf("error parsing serialized key: %s", err) - return - } - if priv.PublicKey.N.Cmp(priv2.PublicKey.N) != 0 || - priv.PublicKey.E != priv2.PublicKey.E || - priv.D.Cmp(priv2.D) != 0 || - len(priv2.Primes) != 3 || - priv.Primes[0].Cmp(priv2.Primes[0]) != 0 || - priv.Primes[1].Cmp(priv2.Primes[1]) != 0 || - priv.Primes[2].Cmp(priv2.Primes[2]) != 0 { - t.Errorf("got:%+v want:%+v", priv, priv2) - } -} - -func TestMarshalRSAPublicKey(t *testing.T) { - pub := &rsa.PublicKey{ - N: fromBase10("16346378922382193400538269749936049106320265317511766357599732575277382844051791096569333808598921852351577762718529818072849191122419410612033592401403764925096136759934497687765453905884149505175426053037420486697072448609022753683683718057795566811401938833367954642951433473337066311978821180526439641496973296037000052546108507805269279414789035461158073156772151892452251106173507240488993608650881929629163465099476849643165682709047462010581308719577053905787496296934240246311806555924593059995202856826239801816771116902778517096212527979497399966526283516447337775509777558018145573127308919204297111496233"), - E: 3, - } - derBytes := MarshalPKCS1PublicKey(pub) - pub2, err := ParsePKCS1PublicKey(derBytes) - if err != nil { - t.Errorf("ParsePKCS1PublicKey: %s", err) - } - if pub.N.Cmp(pub2.N) != 0 || pub.E != pub2.E { - t.Errorf("ParsePKCS1PublicKey = %+v, want %+v", pub, pub2) - } - - // It's never been documented that asn1.Marshal/Unmarshal on rsa.PublicKey works, - // but it does, and we know of code that depends on it. - // Lock that in, even though we'd prefer that people use MarshalPKCS1PublicKey and ParsePKCS1PublicKey. - derBytes2, err := asn1.Marshal(*pub) - if err != nil { - t.Errorf("Marshal(rsa.PublicKey): %v", err) - } else if !bytes.Equal(derBytes, derBytes2) { - t.Errorf("Marshal(rsa.PublicKey) = %x, want %x", derBytes2, derBytes) - } - pub3 := new(rsa.PublicKey) - rest, err := asn1.Unmarshal(derBytes, pub3) - if err != nil { - t.Errorf("Unmarshal(rsa.PublicKey): %v", err) - } - if len(rest) != 0 || pub.N.Cmp(pub3.N) != 0 || pub.E != pub3.E { - t.Errorf("Unmarshal(rsa.PublicKey) = %+v, %q want %+v, %q", pub, rest, pub2, []byte(nil)) - } - - publicKeys := []struct { - derBytes []byte - expectedErrSubstr string - }{ - { - derBytes: []byte{ - 0x30, 6, // SEQUENCE, 6 bytes - 0x02, 1, // INTEGER, 1 byte - 17, - 0x02, 1, // INTEGER, 1 byte - 3, // 3 - }, - }, { - derBytes: []byte{ - 0x30, 6, // SEQUENCE - 0x02, 1, // INTEGER, 1 byte - 0xff, // -1 - 0x02, 1, // INTEGER, 1 byte - 3, - }, - expectedErrSubstr: "zero or negative", - }, { - derBytes: []byte{ - 0x30, 6, // SEQUENCE - 0x02, 1, // INTEGER, 1 byte - 17, - 0x02, 1, // INTEGER, 1 byte - 0xff, // -1 - }, - expectedErrSubstr: "zero or negative", - }, { - derBytes: []byte{ - 0x30, 6, // SEQUENCE - 0x02, 1, // INTEGER, 1 byte - 17, - 0x02, 1, // INTEGER, 1 byte - 3, - 1, - }, - expectedErrSubstr: "trailing data", - }, { - derBytes: []byte{ - 0x30, 9, // SEQUENCE - 0x02, 1, // INTEGER, 1 byte - 17, - 0x02, 4, // INTEGER, 4 bytes - 0x7f, 0xff, 0xff, 0xff, - }, - }, { - derBytes: []byte{ - 0x30, 10, // SEQUENCE - 0x02, 1, // INTEGER, 1 byte - 17, - 0x02, 5, // INTEGER, 5 bytes - 0x00, 0x80, 0x00, 0x00, 0x00, - }, - // On 64-bit systems, encoding/asn1 will accept the - // public exponent, but ParsePKCS1PublicKey will return - // an error. On 32-bit systems, encoding/asn1 will - // return the error. The common substring of both error - // is the word “large”. - expectedErrSubstr: "large", - }, - } - - for i, test := range publicKeys { - shouldFail := len(test.expectedErrSubstr) > 0 - pub, err := ParsePKCS1PublicKey(test.derBytes) - if shouldFail { - if err == nil { - t.Errorf("#%d: unexpected success, got %#v", i, pub) - } else if !strings.Contains(err.Error(), test.expectedErrSubstr) { - t.Errorf("#%d: expected error containing %q, got %s", i, test.expectedErrSubstr, err) - } - } else { - if err != nil { - t.Errorf("#%d: unexpected failure: %s", i, err) - continue - } - reserialized := MarshalPKCS1PublicKey(pub) - if !bytes.Equal(reserialized, test.derBytes) { - t.Errorf("#%d: failed to reserialize: got %x, expected %x", i, reserialized, test.derBytes) - } - } - } -} - -type matchHostnamesTest struct { - pattern, host string - ok bool -} - -var matchHostnamesTests = []matchHostnamesTest{ - {"a.b.c", "a.b.c", true}, - {"a.b.c", "b.b.c", false}, - {"", "b.b.c", false}, - {"a.b.c", "", false}, - {"example.com", "example.com", true}, - {"example.com", "www.example.com", false}, - {"*.example.com", "example.com", false}, - {"*.example.com", "www.example.com", true}, - {"*.example.com", "www.example.com.", true}, - {"*.example.com", "xyz.www.example.com", false}, - {"*.*.example.com", "xyz.www.example.com", false}, - {"*.www.*.com", "xyz.www.example.com", false}, - {"*bar.example.com", "foobar.example.com", false}, - {"f*.example.com", "foobar.example.com", false}, - {"", ".", false}, - {".", "", false}, - {".", ".", false}, - {"example.com", "example.com.", true}, - {"example.com.", "example.com", true}, - {"example.com.", "example.com.", true}, - {"*.com.", "example.com.", true}, - {"*.com.", "example.com", true}, - {"*.com", "example.com", true}, - {"*.com", "example.com.", true}, -} - -func TestMatchHostnames(t *testing.T) { - for i, test := range matchHostnamesTests { - r := matchHostnames(test.pattern, test.host) - if r != test.ok { - t.Errorf("#%d mismatch got: %t want: %t when matching '%s' against '%s'", i, r, test.ok, test.host, test.pattern) - } - } -} - -func TestMatchIP(t *testing.T) { - // Check that pattern matching is working. - c := &Certificate{ - DNSNames: []string{"*.foo.bar.baz"}, - Subject: pkix.Name{ - CommonName: "*.foo.bar.baz", - }, - } - err := c.VerifyHostname("quux.foo.bar.baz") - if err != nil { - t.Fatalf("VerifyHostname(quux.foo.bar.baz): %v", err) - } - - // But check that if we change it to be matching against an IP address, - // it is rejected. - c = &Certificate{ - DNSNames: []string{"*.2.3.4"}, - Subject: pkix.Name{ - CommonName: "*.2.3.4", - }, - } - err = c.VerifyHostname("1.2.3.4") - if err == nil { - t.Fatalf("VerifyHostname(1.2.3.4) should have failed, did not") - } - - c = &Certificate{ - IPAddresses: []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")}, - } - err = c.VerifyHostname("127.0.0.1") - if err != nil { - t.Fatalf("VerifyHostname(127.0.0.1): %v", err) - } - err = c.VerifyHostname("::1") - if err != nil { - t.Fatalf("VerifyHostname(::1): %v", err) - } - err = c.VerifyHostname("[::1]") - if err != nil { - t.Fatalf("VerifyHostname([::1]): %v", err) - } -} - -func TestCertificateParse(t *testing.T) { - s, _ := hex.DecodeString(certBytes) - certs, err := ParseCertificates(s) - if err != nil { - t.Error(err) - } - if len(certs) != 2 { - t.Errorf("Wrong number of certs: got %d want 2", len(certs)) - return - } - - err = certs[0].CheckSignatureFrom(certs[1]) - if err != nil { - t.Error(err) - } - - if err := certs[0].VerifyHostname("mail.google.com"); err != nil { - t.Error(err) - } - - const expectedExtensions = 4 - if n := len(certs[0].Extensions); n != expectedExtensions { - t.Errorf("want %d extensions, got %d", expectedExtensions, n) - } -} - -func TestCertificateEqualOnNil(t *testing.T) { - cNonNil := new(Certificate) - var cNil1, cNil2 *Certificate - if !cNil1.Equal(cNil2) { - t.Error("Nil certificates: cNil1 is not equal to cNil2") - } - if !cNil2.Equal(cNil1) { - t.Error("Nil certificates: cNil2 is not equal to cNil1") - } - if cNil1.Equal(cNonNil) { - t.Error("Unexpectedly cNil1 is equal to cNonNil") - } - if cNonNil.Equal(cNil1) { - t.Error("Unexpectedly cNonNil is equal to cNil1") - } -} - -func TestMismatchedSignatureAlgorithm(t *testing.T) { - der, _ := pem.Decode([]byte(rsaPSSSelfSignedPEM)) - if der == nil { - t.Fatal("Failed to find PEM block") - } - - cert, err := ParseCertificate(der.Bytes) - if err != nil { - t.Fatal(err) - } - - if err = cert.CheckSignature(ECDSAWithSHA256, nil, nil); err == nil { - t.Fatal("CheckSignature unexpectedly return no error") - } - - const expectedSubstring = " but have public key of type " - if !strings.Contains(err.Error(), expectedSubstring) { - t.Errorf("Expected error containing %q, but got %q", expectedSubstring, err) - } -} - -var certBytes = "308203223082028ba00302010202106edf0d9499fd4533dd1297fc42a93be1300d06092a864886" + - "f70d0101050500304c310b3009060355040613025a4131253023060355040a131c546861777465" + - "20436f6e73756c74696e67202850747929204c74642e311630140603550403130d546861777465" + - "20534743204341301e170d3039303332353136343932395a170d3130303332353136343932395a" + - "3069310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630" + - "140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c6520" + - "496e63311830160603550403130f6d61696c2e676f6f676c652e636f6d30819f300d06092a8648" + - "86f70d010101050003818d0030818902818100c5d6f892fccaf5614b064149e80a2c9581a218ef" + - "41ec35bd7a58125ae76f9ea54ddc893abbeb029f6b73616bf0ffd868791fba7af9c4aebf3706ba" + - "3eeaeed27435b4ddcfb157c05f351d66aa87fee0de072d66d773affbd36ab78bef090e0cc861a9" + - "03ac90dd98b51c9c41566c017f0beec3bff391051ffba0f5cc6850ad2a590203010001a381e730" + - "81e430280603551d250421301f06082b0601050507030106082b06010505070302060960864801" + - "86f842040130360603551d1f042f302d302ba029a0278625687474703a2f2f63726c2e74686177" + - "74652e636f6d2f54686177746553474343412e63726c307206082b060105050701010466306430" + - "2206082b060105050730018616687474703a2f2f6f6373702e7468617774652e636f6d303e0608" + - "2b060105050730028632687474703a2f2f7777772e7468617774652e636f6d2f7265706f736974" + - "6f72792f5468617774655f5347435f43412e637274300c0603551d130101ff04023000300d0609" + - "2a864886f70d01010505000381810062f1f3050ebc105e497c7aedf87e24d2f4a986bb3b837bd1" + - "9b91ebcad98b065992f6bd2b49b7d6d3cb2e427a99d606c7b1d46352527fac39e6a8b6726de5bf" + - "70212a52cba07634a5e332011bd1868e78eb5e3c93cf03072276786f207494feaa0ed9d53b2110" + - "a76571f90209cdae884385c882587030ee15f33d761e2e45a6bc308203233082028ca003020102" + - "020430000002300d06092a864886f70d0101050500305f310b3009060355040613025553311730" + - "15060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c61737320" + - "33205075626c6963205072696d6172792043657274696669636174696f6e20417574686f726974" + - "79301e170d3034303531333030303030305a170d3134303531323233353935395a304c310b3009" + - "060355040613025a4131253023060355040a131c54686177746520436f6e73756c74696e672028" + - "50747929204c74642e311630140603550403130d5468617774652053474320434130819f300d06" + - "092a864886f70d010101050003818d0030818902818100d4d367d08d157faecd31fe7d1d91a13f" + - "0b713cacccc864fb63fc324b0794bd6f80ba2fe10493c033fc093323e90b742b71c403c6d2cde2" + - "2ff50963cdff48a500bfe0e7f388b72d32de9836e60aad007bc4644a3b847503f270927d0e62f5" + - "21ab693684317590f8bfc76c881b06957cc9e5a8de75a12c7a68dfd5ca1c875860190203010001" + - "a381fe3081fb30120603551d130101ff040830060101ff020100300b0603551d0f040403020106" + - "301106096086480186f842010104040302010630280603551d110421301fa41d301b3119301706" + - "035504031310507269766174654c6162656c332d313530310603551d1f042a30283026a024a022" + - "8620687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332e63726c303206082b" + - "0601050507010104263024302206082b060105050730018616687474703a2f2f6f6373702e7468" + - "617774652e636f6d30340603551d25042d302b06082b0601050507030106082b06010505070302" + - "06096086480186f8420401060a6086480186f845010801300d06092a864886f70d010105050003" + - "81810055ac63eadea1ddd2905f9f0bce76be13518f93d9052bc81b774bad6950a1eededcfddb07" + - "e9e83994dcab72792f06bfab8170c4a8edea5334edef1e53d906c7562bd15cf4d18a8eb42bb137" + - "9048084225c53e8acb7feb6f04d16dc574a2f7a27c7b603c77cd0ece48027f012fb69b37e02a2a" + - "36dcd585d6ace53f546f961e05af" - -func parseCIDR(s string) *net.IPNet { - _, net, err := net.ParseCIDR(s) - if err != nil { - panic(err) - } - return net -} - -func parseURI(s string) *url.URL { - uri, err := url.Parse(s) - if err != nil { - panic(err) - } - return uri -} - -func TestCreateSelfSignedCertificate(t *testing.T) { - random := rand.Reader - - ecdsaPriv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - t.Fatalf("Failed to generate ECDSA key: %s", err) - } - - ed25519Pub, ed25519Priv, err := ed25519.GenerateKey(random) - if err != nil { - t.Fatalf("Failed to generate Ed25519 key: %s", err) - } - - tests := []struct { - name string - pub, priv interface{} - checkSig bool - sigAlgo SignatureAlgorithm - }{ - {"RSA/RSA", &testPrivateKey.PublicKey, testPrivateKey, true, SHA1WithRSA}, - {"RSA/ECDSA", &testPrivateKey.PublicKey, ecdsaPriv, false, ECDSAWithSHA384}, - {"ECDSA/RSA", &ecdsaPriv.PublicKey, testPrivateKey, false, SHA256WithRSA}, - {"ECDSA/ECDSA", &ecdsaPriv.PublicKey, ecdsaPriv, true, ECDSAWithSHA1}, - {"RSAPSS/RSAPSS", &testPrivateKey.PublicKey, testPrivateKey, true, SHA256WithRSAPSS}, - {"ECDSA/RSAPSS", &ecdsaPriv.PublicKey, testPrivateKey, false, SHA256WithRSAPSS}, - {"RSAPSS/ECDSA", &testPrivateKey.PublicKey, ecdsaPriv, false, ECDSAWithSHA384}, - {"Ed25519", ed25519Pub, ed25519Priv, true, PureEd25519}, - } - - testExtKeyUsage := []ExtKeyUsage{ExtKeyUsageClientAuth, ExtKeyUsageServerAuth} - testUnknownExtKeyUsage := []asn1.ObjectIdentifier{[]int{1, 2, 3}, []int{2, 59, 1}} - extraExtensionData := []byte("extra extension") - - for _, test := range tests { - commonName := "test.example.com" - template := Certificate{ - // SerialNumber is negative to ensure that negative - // values are parsed. This is due to the prevalence of - // buggy code that produces certificates with negative - // serial numbers. - SerialNumber: big.NewInt(-1), - Subject: pkix.Name{ - CommonName: commonName, - Organization: []string{"Σ Acme Co"}, - Country: []string{"US"}, - ExtraNames: []pkix.AttributeTypeAndValue{ - { - Type: []int{2, 5, 4, 42}, - Value: "Gopher", - }, - // This should override the Country, above. - { - Type: []int{2, 5, 4, 6}, - Value: "NL", - }, - }, - }, - NotBefore: time.Unix(1000, 0), - NotAfter: time.Unix(100000, 0), - - SignatureAlgorithm: test.sigAlgo, - - SubjectKeyId: []byte{1, 2, 3, 4}, - KeyUsage: KeyUsageCertSign, - - ExtKeyUsage: testExtKeyUsage, - UnknownExtKeyUsage: testUnknownExtKeyUsage, - - BasicConstraintsValid: true, - IsCA: true, - - OCSPServer: []string{"http://ocsp.example.com"}, - IssuingCertificateURL: []string{"http://crt.example.com/ca1.crt"}, - - DNSNames: []string{"test.example.com"}, - EmailAddresses: []string{"gopher@golang.org"}, - IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1).To4(), net.ParseIP("2001:4860:0:2001::68")}, - URIs: []*url.URL{parseURI("https://foo.com/wibble#foo")}, - - PolicyIdentifiers: []asn1.ObjectIdentifier{[]int{1, 2, 3}}, - PermittedDNSDomains: []string{".example.com", "example.com"}, - ExcludedDNSDomains: []string{"bar.example.com"}, - PermittedIPRanges: []*net.IPNet{parseCIDR("192.168.1.1/16"), parseCIDR("1.2.3.4/8")}, - ExcludedIPRanges: []*net.IPNet{parseCIDR("2001:db8::/48")}, - PermittedEmailAddresses: []string{"foo@example.com"}, - ExcludedEmailAddresses: []string{".example.com", "example.com"}, - PermittedURIDomains: []string{".bar.com", "bar.com"}, - ExcludedURIDomains: []string{".bar2.com", "bar2.com"}, - - CRLDistributionPoints: []string{"http://crl1.example.com/ca1.crl", "http://crl2.example.com/ca1.crl"}, - - ExtraExtensions: []pkix.Extension{ - { - Id: []int{1, 2, 3, 4}, - Value: extraExtensionData, - }, - // This extension should override the SubjectKeyId, above. - { - Id: oidExtensionSubjectKeyId, - Critical: false, - Value: []byte{0x04, 0x04, 4, 3, 2, 1}, - }, - }, - } - - derBytes, err := CreateCertificate(random, &template, &template, test.pub, test.priv) - if err != nil { - t.Errorf("%s: failed to create certificate: %s", test.name, err) - continue - } - - cert, err := ParseCertificate(derBytes) - if err != nil { - t.Errorf("%s: failed to parse certificate: %s", test.name, err) - continue - } - - if len(cert.PolicyIdentifiers) != 1 || !cert.PolicyIdentifiers[0].Equal(template.PolicyIdentifiers[0]) { - t.Errorf("%s: failed to parse policy identifiers: got:%#v want:%#v", test.name, cert.PolicyIdentifiers, template.PolicyIdentifiers) - } - - if len(cert.PermittedDNSDomains) != 2 || cert.PermittedDNSDomains[0] != ".example.com" || cert.PermittedDNSDomains[1] != "example.com" { - t.Errorf("%s: failed to parse name constraints: %#v", test.name, cert.PermittedDNSDomains) - } - - if len(cert.ExcludedDNSDomains) != 1 || cert.ExcludedDNSDomains[0] != "bar.example.com" { - t.Errorf("%s: failed to parse name constraint exclusions: %#v", test.name, cert.ExcludedDNSDomains) - } - - if len(cert.PermittedIPRanges) != 2 || cert.PermittedIPRanges[0].String() != "192.168.0.0/16" || cert.PermittedIPRanges[1].String() != "1.0.0.0/8" { - t.Errorf("%s: failed to parse IP constraints: %#v", test.name, cert.PermittedIPRanges) - } - - if len(cert.ExcludedIPRanges) != 1 || cert.ExcludedIPRanges[0].String() != "2001:db8::/48" { - t.Errorf("%s: failed to parse IP constraint exclusions: %#v", test.name, cert.ExcludedIPRanges) - } - - if len(cert.PermittedEmailAddresses) != 1 || cert.PermittedEmailAddresses[0] != "foo@example.com" { - t.Errorf("%s: failed to parse permitted email addreses: %#v", test.name, cert.PermittedEmailAddresses) - } - - if len(cert.ExcludedEmailAddresses) != 2 || cert.ExcludedEmailAddresses[0] != ".example.com" || cert.ExcludedEmailAddresses[1] != "example.com" { - t.Errorf("%s: failed to parse excluded email addreses: %#v", test.name, cert.ExcludedEmailAddresses) - } - - if len(cert.PermittedURIDomains) != 2 || cert.PermittedURIDomains[0] != ".bar.com" || cert.PermittedURIDomains[1] != "bar.com" { - t.Errorf("%s: failed to parse permitted URIs: %#v", test.name, cert.PermittedURIDomains) - } - - if len(cert.ExcludedURIDomains) != 2 || cert.ExcludedURIDomains[0] != ".bar2.com" || cert.ExcludedURIDomains[1] != "bar2.com" { - t.Errorf("%s: failed to parse excluded URIs: %#v", test.name, cert.ExcludedURIDomains) - } - - if cert.Subject.CommonName != commonName { - t.Errorf("%s: subject wasn't correctly copied from the template. Got %s, want %s", test.name, cert.Subject.CommonName, commonName) - } - - if len(cert.Subject.Country) != 1 || cert.Subject.Country[0] != "NL" { - t.Errorf("%s: ExtraNames didn't override Country", test.name) - } - - for _, ext := range cert.Extensions { - if ext.Id.Equal(oidExtensionSubjectAltName) { - if ext.Critical { - t.Fatal("SAN extension is marked critical") - } - } - } - - found := false - for _, atv := range cert.Subject.Names { - if atv.Type.Equal([]int{2, 5, 4, 42}) { - found = true - break - } - } - if !found { - t.Errorf("%s: Names didn't contain oid 2.5.4.42 from ExtraNames", test.name) - } - - if cert.Issuer.CommonName != commonName { - t.Errorf("%s: issuer wasn't correctly copied from the template. Got %s, want %s", test.name, cert.Issuer.CommonName, commonName) - } - - if cert.SignatureAlgorithm != test.sigAlgo { - t.Errorf("%s: SignatureAlgorithm wasn't copied from template. Got %v, want %v", test.name, cert.SignatureAlgorithm, test.sigAlgo) - } - - if !reflect.DeepEqual(cert.ExtKeyUsage, testExtKeyUsage) { - t.Errorf("%s: extkeyusage wasn't correctly copied from the template. Got %v, want %v", test.name, cert.ExtKeyUsage, testExtKeyUsage) - } - - if !reflect.DeepEqual(cert.UnknownExtKeyUsage, testUnknownExtKeyUsage) { - t.Errorf("%s: unknown extkeyusage wasn't correctly copied from the template. Got %v, want %v", test.name, cert.UnknownExtKeyUsage, testUnknownExtKeyUsage) - } - - if !reflect.DeepEqual(cert.OCSPServer, template.OCSPServer) { - t.Errorf("%s: OCSP servers differ from template. Got %v, want %v", test.name, cert.OCSPServer, template.OCSPServer) - } - - if !reflect.DeepEqual(cert.IssuingCertificateURL, template.IssuingCertificateURL) { - t.Errorf("%s: Issuing certificate URLs differ from template. Got %v, want %v", test.name, cert.IssuingCertificateURL, template.IssuingCertificateURL) - } - - if !reflect.DeepEqual(cert.DNSNames, template.DNSNames) { - t.Errorf("%s: SAN DNS names differ from template. Got %v, want %v", test.name, cert.DNSNames, template.DNSNames) - } - - if !reflect.DeepEqual(cert.EmailAddresses, template.EmailAddresses) { - t.Errorf("%s: SAN emails differ from template. Got %v, want %v", test.name, cert.EmailAddresses, template.EmailAddresses) - } - - if len(cert.URIs) != 1 || cert.URIs[0].String() != "https://foo.com/wibble#foo" { - t.Errorf("%s: URIs differ from template. Got %v, want %v", test.name, cert.URIs, template.URIs) - } - - if !reflect.DeepEqual(cert.IPAddresses, template.IPAddresses) { - t.Errorf("%s: SAN IPs differ from template. Got %v, want %v", test.name, cert.IPAddresses, template.IPAddresses) - } - - if !reflect.DeepEqual(cert.CRLDistributionPoints, template.CRLDistributionPoints) { - t.Errorf("%s: CRL distribution points differ from template. Got %v, want %v", test.name, cert.CRLDistributionPoints, template.CRLDistributionPoints) - } - - if !bytes.Equal(cert.SubjectKeyId, []byte{4, 3, 2, 1}) { - t.Errorf("%s: ExtraExtensions didn't override SubjectKeyId", test.name) - } - - if !bytes.Contains(derBytes, extraExtensionData) { - t.Errorf("%s: didn't find extra extension in DER output", test.name) - } - - if test.checkSig { - err = cert.CheckSignatureFrom(cert) - if err != nil { - t.Errorf("%s: signature verification failed: %s", test.name, err) - } - } - } -} - -// Self-signed certificate using ECDSA with SHA1 & secp256r1 -var ecdsaSHA1CertPem = ` ------BEGIN CERTIFICATE----- -MIICDjCCAbUCCQDF6SfN0nsnrjAJBgcqhkjOPQQBMIGPMQswCQYDVQQGEwJVUzET -MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEVMBMG -A1UECgwMR29vZ2xlLCBJbmMuMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEG -CSqGSIb3DQEJARYUZ29sYW5nLWRldkBnbWFpbC5jb20wHhcNMTIwNTIwMjAyMDUw -WhcNMjIwNTE4MjAyMDUwWjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm -b3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFTATBgNVBAoMDEdvb2dsZSwg -SW5jLjEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20xIzAhBgkqhkiG9w0BCQEWFGdv -bGFuZy1kZXZAZ21haWwuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/Wgn -WQDo5+bz71T0327ERgd5SDDXFbXLpzIZDXTkjpe8QTEbsF+ezsQfrekrpDPC4Cd3 -P9LY0tG+aI8IyVKdUjAJBgcqhkjOPQQBA0gAMEUCIGlsqMcRqWVIWTD6wXwe6Jk2 -DKxL46r/FLgJYnzBEH99AiEA3fBouObsvV1R3oVkb4BQYnD4/4LeId6lAT43YvyV -a/A= ------END CERTIFICATE----- -` - -// Self-signed certificate using ECDSA with SHA256 & secp256r1 -var ecdsaSHA256p256CertPem = ` ------BEGIN CERTIFICATE----- -MIICDzCCAbYCCQDlsuMWvgQzhTAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMx -EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFTAT -BgNVBAoMDEdvb2dsZSwgSW5jLjEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20xIzAh -BgkqhkiG9w0BCQEWFGdvbGFuZy1kZXZAZ21haWwuY29tMB4XDTEyMDUyMTAwMTkx -NloXDTIyMDUxOTAwMTkxNlowgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp -Zm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRUwEwYDVQQKDAxHb29nbGUs -IEluYy4xFzAVBgNVBAMMDnd3dy5nb29nbGUuY29tMSMwIQYJKoZIhvcNAQkBFhRn -b2xhbmctZGV2QGdtYWlsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPMt -2ErhxAty5EJRu9yM+MTy+hUXm3pdW1ensAv382KoGExSXAFWP7pjJnNtHO+XSwVm -YNtqjcAGFKpweoN//kQwCgYIKoZIzj0EAwIDRwAwRAIgIYSaUA/IB81gjbIw/hUV -70twxJr5EcgOo0hLp3Jm+EYCIFDO3NNcgmURbJ1kfoS3N/0O+irUtoPw38YoNkqJ -h5wi ------END CERTIFICATE----- -` - -// Self-signed certificate using ECDSA with SHA256 & secp384r1 -var ecdsaSHA256p384CertPem = ` ------BEGIN CERTIFICATE----- -MIICSjCCAdECCQDje/no7mXkVzAKBggqhkjOPQQDAjCBjjELMAkGA1UEBhMCVVMx -EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDAS -BgNVBAoMC0dvb2dsZSwgSW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEG -CSqGSIb3DQEJARYUZ29sYW5nLWRldkBnbWFpbC5jb20wHhcNMTIwNTIxMDYxMDM0 -WhcNMjIwNTE5MDYxMDM0WjCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm -b3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDASBgNVBAoMC0dvb2dsZSwg -SW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEGCSqGSIb3DQEJARYUZ29s -YW5nLWRldkBnbWFpbC5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARRuzRNIKRK -jIktEmXanNmrTR/q/FaHXLhWRZ6nHWe26Fw7Rsrbk+VjGy4vfWtNn7xSFKrOu5ze -qxKnmE0h5E480MNgrUiRkaGO2GMJJVmxx20aqkXOk59U8yGA4CghE6MwCgYIKoZI -zj0EAwIDZwAwZAIwBZEN8gvmRmfeP/9C1PRLzODIY4JqWub2PLRT4mv9GU+yw3Gr -PU9A3CHMdEcdw/MEAjBBO1lId8KOCh9UZunsSMfqXiVurpzmhWd6VYZ/32G+M+Mh -3yILeYQzllt/g0rKVRk= ------END CERTIFICATE----- -` - -// Self-signed certificate using ECDSA with SHA384 & secp521r1 -var ecdsaSHA384p521CertPem = ` ------BEGIN CERTIFICATE----- -MIICljCCAfcCCQDhp1AFD/ahKjAKBggqhkjOPQQDAzCBjjELMAkGA1UEBhMCVVMx -EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDAS -BgNVBAoMC0dvb2dsZSwgSW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEG -CSqGSIb3DQEJARYUZ29sYW5nLWRldkBnbWFpbC5jb20wHhcNMTIwNTIxMTUwNDI5 -WhcNMjIwNTE5MTUwNDI5WjCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm -b3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDASBgNVBAoMC0dvb2dsZSwg -SW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEGCSqGSIb3DQEJARYUZ29s -YW5nLWRldkBnbWFpbC5jb20wgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACqx9Rv -IssRs1LWYcNN+WffwlHw4Tv3y8/LIAA9MF1ZScIonU9nRMxt4a2uGJVCPDw6JHpz -PaYc0E9puLoE9AfKpwFr59Jkot7dBg55SKPEFkddoip/rvmN7NPAWjMBirOwjOkm -8FPthvPhGPqsu9AvgVuHu3PosWiHGNrhh379pva8MzAKBggqhkjOPQQDAwOBjAAw -gYgCQgEHNmswkUdPpHqrVxp9PvLVl+xxPuHBkT+75z9JizyxtqykHQo9Uh6SWCYH -BF9KLolo01wMt8DjoYP5Fb3j5MH7xwJCAbWZzTOp4l4DPkIvAh4LeC4VWbwPPyqh -kBg71w/iEcSY3wUKgHGcJJrObZw7wys91I5kENljqw/Samdr3ka+jBJa ------END CERTIFICATE----- -` - -var ecdsaTests = []struct { - sigAlgo SignatureAlgorithm - pemCert string -}{ - {ECDSAWithSHA1, ecdsaSHA1CertPem}, - {ECDSAWithSHA256, ecdsaSHA256p256CertPem}, - {ECDSAWithSHA256, ecdsaSHA256p384CertPem}, - {ECDSAWithSHA384, ecdsaSHA384p521CertPem}, -} - -func TestECDSA(t *testing.T) { - for i, test := range ecdsaTests { - pemBlock, _ := pem.Decode([]byte(test.pemCert)) - cert, err := ParseCertificate(pemBlock.Bytes) - if err != nil { - t.Errorf("%d: failed to parse certificate: %s", i, err) - continue - } - if sa := cert.SignatureAlgorithm; sa != test.sigAlgo { - t.Errorf("%d: signature algorithm is %v, want %v", i, sa, test.sigAlgo) - } - if parsedKey, ok := cert.PublicKey.(*ecdsa.PublicKey); !ok { - t.Errorf("%d: wanted an ECDSA public key but found: %#v", i, parsedKey) - } - if pka := cert.PublicKeyAlgorithm; pka != ECDSA { - t.Errorf("%d: public key algorithm is %v, want ECDSA", i, pka) - } - if err = cert.CheckSignatureFrom(cert); err != nil { - t.Errorf("%d: certificate verification failed: %s", i, err) - } - } -} - -// Self-signed certificate using DSA with SHA1 -var dsaCertPem = `-----BEGIN CERTIFICATE----- -MIIEDTCCA82gAwIBAgIJALHPghaoxeDhMAkGByqGSM44BAMweTELMAkGA1UEBhMC -VVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQHEwZOZXd0b24xFDASBgNVBAoTC0dvb2ds -ZSwgSW5jMRIwEAYDVQQDEwlKb24gQWxsaWUxIjAgBgkqhkiG9w0BCQEWE2pvbmFs -bGllQGdvb2dsZS5jb20wHhcNMTEwNTE0MDMwMTQ1WhcNMTEwNjEzMDMwMTQ1WjB5 -MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTkMxDzANBgNVBAcTBk5ld3RvbjEUMBIG -A1UEChMLR29vZ2xlLCBJbmMxEjAQBgNVBAMTCUpvbiBBbGxpZTEiMCAGCSqGSIb3 -DQEJARYTam9uYWxsaWVAZ29vZ2xlLmNvbTCCAbcwggEsBgcqhkjOOAQBMIIBHwKB -gQC8hLUnQ7FpFYu4WXTj6DKvXvz8QrJkNJCVMTpKAT7uBpobk32S5RrPKXocd4gN -8lyGB9ggS03EVlEwXvSmO0DH2MQtke2jl9j1HLydClMf4sbx5V6TV9IFw505U1iW -jL7awRMgxge+FsudtJK254FjMFo03ZnOQ8ZJJ9E6AEDrlwIVAJpnBn9moyP11Ox5 -Asc/5dnjb6dPAoGBAJFHd4KVv1iTVCvEG6gGiYop5DJh28hUQcN9kul+2A0yPUSC -X93oN00P8Vh3eYgSaCWZsha7zDG53MrVJ0Zf6v/X/CoZNhLldeNOepivTRAzn+Rz -kKUYy5l1sxYLHQKF0UGNCXfFKZT0PCmgU+PWhYNBBMn6/cIh44vp85ideo5CA4GE -AAKBgFmifCafzeRaohYKXJgMGSEaggCVCRq5xdyDCat+wbOkjC4mfG01/um3G8u5 -LxasjlWRKTR/tcAL7t0QuokVyQaYdVypZXNaMtx1db7YBuHjj3aP+8JOQRI9xz8c -bp5NDJ5pISiFOv4p3GZfqZPcqckDt78AtkQrmnal2txhhjF6o4HeMIHbMB0GA1Ud -DgQWBBQVyyr7hO11ZFFpWX50298Sa3V+rzCBqwYDVR0jBIGjMIGggBQVyyr7hO11 -ZFFpWX50298Sa3V+r6F9pHsweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8w -DQYDVQQHEwZOZXd0b24xFDASBgNVBAoTC0dvb2dsZSwgSW5jMRIwEAYDVQQDEwlK -b24gQWxsaWUxIjAgBgkqhkiG9w0BCQEWE2pvbmFsbGllQGdvb2dsZS5jb22CCQCx -z4IWqMXg4TAMBgNVHRMEBTADAQH/MAkGByqGSM44BAMDLwAwLAIUPtn/5j8Q1jJI -7ggOIsgrhgUdjGQCFCsmDq1H11q9+9Wp9IMeGrTSKHIM ------END CERTIFICATE----- -` - -func TestParseCertificateWithDsaPublicKey(t *testing.T) { - expectedKey := &dsa.PublicKey{ - Parameters: dsa.Parameters{ - P: bigFromHexString("00BC84B52743B169158BB85974E3E832AF5EFCFC42B264349095313A4A013EEE069A1B937D92E51ACF297A1C77880DF25C8607D8204B4DC45651305EF4A63B40C7D8C42D91EDA397D8F51CBC9D0A531FE2C6F1E55E9357D205C39D395358968CBEDAC11320C607BE16CB9DB492B6E78163305A34DD99CE43C64927D13A0040EB97"), - Q: bigFromHexString("009A67067F66A323F5D4EC7902C73FE5D9E36FA74F"), - G: bigFromHexString("009147778295BF5893542BC41BA806898A29E43261DBC85441C37D92E97ED80D323D44825FDDE8374D0FF15877798812682599B216BBCC31B9DCCAD527465FEAFFD7FC2A193612E575E34E7A98AF4D10339FE47390A518CB9975B3160B1D0285D1418D0977C52994F43C29A053E3D685834104C9FAFDC221E38BE9F3989D7A8E42"), - }, - Y: bigFromHexString("59A27C269FCDE45AA2160A5C980C19211A820095091AB9C5DC8309AB7EC1B3A48C2E267C6D35FEE9B71BCBB92F16AC8E559129347FB5C00BEEDD10BA8915C90698755CA965735A32DC7575BED806E1E38F768FFBC24E41123DC73F1C6E9E4D0C9E692128853AFE29DC665FA993DCA9C903B7BF00B6442B9A76A5DADC6186317A"), - } - pemBlock, _ := pem.Decode([]byte(dsaCertPem)) - cert, err := ParseCertificate(pemBlock.Bytes) - if err != nil { - t.Fatalf("Failed to parse certificate: %s", err) - } - if cert.PublicKeyAlgorithm != DSA { - t.Errorf("Parsed key algorithm was not DSA") - } - parsedKey, ok := cert.PublicKey.(*dsa.PublicKey) - if !ok { - t.Fatalf("Parsed key was not a DSA key: %s", err) - } - if expectedKey.Y.Cmp(parsedKey.Y) != 0 || - expectedKey.P.Cmp(parsedKey.P) != 0 || - expectedKey.Q.Cmp(parsedKey.Q) != 0 || - expectedKey.G.Cmp(parsedKey.G) != 0 { - t.Fatal("Parsed key differs from expected key") - } -} - -func TestParseCertificateWithDSASignatureAlgorithm(t *testing.T) { - pemBlock, _ := pem.Decode([]byte(dsaCertPem)) - cert, err := ParseCertificate(pemBlock.Bytes) - if err != nil { - t.Fatalf("Failed to parse certificate: %s", err) - } - if cert.SignatureAlgorithm != DSAWithSHA1 { - t.Errorf("Parsed signature algorithm was not DSAWithSHA1") - } -} - -func TestVerifyCertificateWithDSASignature(t *testing.T) { - pemBlock, _ := pem.Decode([]byte(dsaCertPem)) - cert, err := ParseCertificate(pemBlock.Bytes) - if err != nil { - t.Fatalf("Failed to parse certificate: %s", err) - } - // test cert is self-signed - if err = cert.CheckSignatureFrom(cert); err != nil { - t.Fatalf("DSA Certificate verification failed: %s", err) - } -} - -const dsaCert1024WithSha256 = `-----BEGIN CERTIFICATE----- -MIIDKzCCAumgAwIBAgIUOXWPK4gTRZVVY7OSXTU00QEWQU8wCwYJYIZIAWUDBAMC -MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ -bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwIBcNMTkxMDAxMDYxODUyWhgPMzAxOTAy -MDEwNjE4NTJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw -HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggG4MIIBLAYHKoZIzjgE -ATCCAR8CgYEAr79m/1ypU1aUbbLX1jikTyX7w2QYP+EkxNtXUiiTuxkC1KBqqxT3 -0Aht2vxFR47ODEK4B79rHO+UevhaqDaAHSH7Z/9umS0h0aS32KLDLb+LI5AneCrn -eW5YbVhfD03N7uR4kKUCKOnWj5hAk9xiE3y7oFR0bBXzqrrHJF9LMd0CFQCB6lSj -HSW0rGmNxIZsBl72u7JFLQKBgQCOFd1PGEQmddn0cdFgby5QQfjrqmoD1zNlFZEt -L0x1EbndFwelLlF1ChNh3NPNUkjwRbla07FDlONs1GMJq6w4vW11ns+pUvAZ2+RM -EVFjugip8az2ncn3UujGTVdFxnSTLBsRlMP/tFDK3ky//8zn/5ha9SKKw4v1uv6M -JuoIbwOBhQACgYEAoeKeR90nwrnoPi5MOUPBLQvuzB87slfr+3kL8vFCmgjA6MtB -7TxQKoBTOo5aVgWDp0lMIMxLd6btzBrm6r3VdRlh/cL8/PtbxkFwBa+Upe4o5NAh -ISCe2/f2leT1PxtF8xxYjz/fszeUeHsJbVMilE2cuB2SYrR5tMExiqy+QpqjUzBR -MB0GA1UdDgQWBBQDMIEL8Z3jc1d9wCxWtksUWc8RkjAfBgNVHSMEGDAWgBQDMIEL -8Z3jc1d9wCxWtksUWc8RkjAPBgNVHRMBAf8EBTADAQH/MAsGCWCGSAFlAwQDAgMv -ADAsAhQFehZgI4OyKBGpfnXvyJ0Z/0a6nAIUTO265Ane87LfJuQr3FrqvuCI354= ------END CERTIFICATE----- -` - -func TestVerifyCertificateWithDSATooLongHash(t *testing.T) { - pemBlock, _ := pem.Decode([]byte(dsaCert1024WithSha256)) - cert, err := ParseCertificate(pemBlock.Bytes) - if err != nil { - t.Fatalf("Failed to parse certificate: %s", err) - } - - // test cert is self-signed - if err = cert.CheckSignatureFrom(cert); err != nil { - t.Fatalf("DSA Certificate self-signature verification failed: %s", err) - } - - signed := []byte("A wild Gopher appears!\n") - signature, _ := hex.DecodeString("302c0214417aca7ff458f5b566e43e7b82f994953da84be50214625901e249e33f4e4838f8b5966020c286dd610e") - - // This signature is using SHA256, but only has 1024 DSA key. The hash has to be truncated - // in CheckSignature, otherwise it won't pass. - if err = cert.CheckSignature(DSAWithSHA256, signed, signature); err != nil { - t.Fatalf("DSA signature verification failed: %s", err) - } -} - -var rsaPSSSelfSignedPEM = `-----BEGIN CERTIFICATE----- -MIIGHjCCA9KgAwIBAgIBdjBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA -oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwbjELMAkGA1UEBhMC -SlAxHDAaBgNVBAoME0phcGFuZXNlIEdvdmVybm1lbnQxKDAmBgNVBAsMH1RoZSBN -aW5pc3RyeSBvZiBGb3JlaWduIEFmZmFpcnMxFzAVBgNVBAMMDmUtcGFzc3BvcnRD -U0NBMB4XDTEzMDUxNDA1MDczMFoXDTI5MDUxNDA1MDczMFowbjELMAkGA1UEBhMC -SlAxHDAaBgNVBAoME0phcGFuZXNlIEdvdmVybm1lbnQxKDAmBgNVBAsMH1RoZSBN -aW5pc3RyeSBvZiBGb3JlaWduIEFmZmFpcnMxFzAVBgNVBAMMDmUtcGFzc3BvcnRD -U0NBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx/E3WRVxcCDXhoST -8nVSLjW6hwM4Ni99AegWzcGtfGFo0zjFA1Cl5URqxauvYu3gQgQHBGA1CovWeGrl -yVSRzOL1imcYsSgLOcnhVYB3Xcrof4ebv9+W+TwNdc9YzAwcj8rNd5nP6PKXIQ+W -PCkEOXdyb80YEnxuT+NPjkVfFSPBS7QYZpvT2fwy4fZ0eh48253+7VleSmTO0mqj -7TlzaG56q150SLZbhpOd8jD8bM/wACnLCPR88wj4hCcDLEwoLyY85HJCTIQQMnoT -UpqyzEeupPREIm6yi4d8C9YqIWFn2YTnRcWcmMaJLzq+kYwKoudfnoC6RW2vzZXn -defQs68IZuK+uALu9G3JWGPgu0CQGj0JNDT8zkiDV++4eNrZczWKjr1YnAL+VbLK -bApwL2u19l2WDpfUklimhWfraqHNIUKU6CjZOG31RzXcplIj0mtqs0E1r7r357Es -yFoB28iNo4cz1lCulh0E4WJzWzLZcT4ZspHHRCFyvYnXoibXEV1nULq8ByKKG0FS -7nn4SseoV+8PvjHLPhmHGMvi4mxkbcXdV3wthHT1/HXdqY84A4xHWt1+sB/TpTek -tDhFlEfcUygvTu58UtOnysomOVVeERmi7WSujfzKsGJAJYeetiA5R+zX7BxeyFVE -qW0zh1Tkwh0S8LRe5diJh4+6FG0CAwEAAaNfMF0wHQYDVR0OBBYEFD+oahaikBTV -Urk81Uz7kRS2sx0aMA4GA1UdDwEB/wQEAwIBBjAYBgNVHSAEETAPMA0GCyqDCIaP -fgYFAQEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwQQYJKoZIhvcNAQEKMDSgDzANBglg -hkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IC -AQAaxWBQn5CZuNBfyzL57mn31ukHUFd61OMROSX3PT7oCv1Dy+C2AdRlxOcbN3/n -li0yfXUUqiY3COlLAHKRlkr97mLtxEFoJ0R8nVN2IQdChNQM/XSCzSGyY8NVa1OR -TTpEWLnexJ9kvIdbFXwUqdTnAkOI0m7Rg8j+E+lRRHg1xDAA1qKttrtUj3HRQWf3 -kNTu628SiMvap6aIdncburaK56MP7gkR1Wr/ichOfjIA3Jgw2PapI31i0GqeMd66 -U1+lC9FeyMAJpuSVp/SoiYzYo+79SFcVoM2yw3yAnIKg7q9GLYYqzncdykT6C06c -15gWFI6igmReAsD9ITSvYh0jLrLHfEYcPTOD3ZXJ4EwwHtWSoO3gq1EAtOYKu/Lv -C8zfBsZcFdsHvsSiYeBU8Oioe42mguky3Ax9O7D805Ek6R68ra07MW/G4YxvV7IN -2BfSaYy8MX9IG0ZMIOcoc0FeF5xkFmJ7kdrlTaJzC0IE9PNxNaH5QnOAFB8vxHcO -FioUxb6UKdHcPLR1VZtAdTdTMjSJxUqD/35Cdfqs7oDJXz8f6TXO2Tdy6G++YUs9 -qsGZWxzFvvkXUkQSl0dQQ5jO/FtUJcAVXVVp20LxPemfatAHpW31WdJYeWSQWky2 -+f9b5TXKXVyjlUL7uHxowWrT2AtTchDH22wTEtqLEF9Z3Q== ------END CERTIFICATE-----` - -// openssl req -newkey rsa:2048 -keyout test.key -sha256 -sigopt \ -// rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -sigopt rsa_mgf1_md:sha256 \ -// -x509 -days 3650 -nodes -subj '/C=US/ST=CA/L=SF/O=Test/CN=Test' -out \ -// test.pem -var rsaPSSSelfSignedOpenSSL110PEM = `-----BEGIN CERTIFICATE----- -MIIDwDCCAnigAwIBAgIJAM9LAMHTE5xpMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI -AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMEUxCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBFRlc3Qx -DTALBgNVBAMMBFRlc3QwHhcNMTgwMjIyMjIxMzE4WhcNMjgwMjIwMjIxMzE4WjBF -MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMQ0wCwYDVQQK -DARUZXN0MQ0wCwYDVQQDDARUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEA4Zrsydod+GoTAJLLutWNF87qhhVPBsK1zB1Gj+NAAe4+VbrZ1E41H1wp -qITx7DA8DRtJEf+NqrTAnAdZWBG/tAOA5LfXVax0ZSQtLnYLSeylLoMtDyY3eFAj -TmuTOoyVy6raktowCnHCh01NsstqqTfrx6SbmzOmDmKTkq/I+7K0MCVsn41xRDVM -+ShD0WGFGioEGoiWnFSWupxJDA3Q6jIDEygVwNKHwnhv/2NgG2kqZzrZSQA67en0 -iKAXtoDNPpmyD5oS9YbEJ+2Nbm7oLeON30i6kZvXKIzJXx+UWViazHZqnsi5rQ8G -RHF+iVFXsqd0MzDKmkKOT5FDhrsbKQIDAQABo1MwUTAdBgNVHQ4EFgQU9uFY/nlg -gLH00NBnr/o7QvpN9ugwHwYDVR0jBBgwFoAU9uFY/nlggLH00NBnr/o7QvpN9ugw -DwYDVR0TAQH/BAUwAwEB/zA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa -MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAhJzpwxBNGKvzKWDe -WLqv6RMrl/q4GcH3b7M9wjxe0yOm4F+Tb2zJ7re4h+D39YkJf8cX1NV9UQVu6z4s -Fvo2kmlR0qZOXAg5augmCQ1xS0WHFoF6B52anNzHkZQbAIYJ3kGoFsUHzs7Sz7F/ -656FsRpHA9UzJQ3avPPMrA4Y4aoJ7ANJ6XIwTrdWrhULOVuvYRLCl4CdTVztVFX6 -wxX8nS1ISYd8jXPUMgsBKVbWufvLoIymMJW8CZbpprVZel5zFn0bmPrON8IHS30w -Gs+ITJjKEnZgXmAQ25SLKVzkZkBcGANs2GsdHNJ370Puisy0FIPD2NXR5uASAf7J -+w9fjQ== ------END CERTIFICATE-----` - -func TestRSAPSSSelfSigned(t *testing.T) { - for i, pemBlock := range []string{rsaPSSSelfSignedPEM, rsaPSSSelfSignedOpenSSL110PEM} { - der, _ := pem.Decode([]byte(pemBlock)) - if der == nil { - t.Errorf("#%d: failed to find PEM block", i) - continue - } - - cert, err := ParseCertificate(der.Bytes) - if err != nil { - t.Errorf("#%d: failed to parse: %s", i, err) - continue - } - - if err = cert.CheckSignatureFrom(cert); err != nil { - t.Errorf("#%d: signature check failed: %s", i, err) - continue - } - } -} - -const ed25519Certificate = ` -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 0c:83:d8:21:2b:82:cb:23:98:23:63:e2:f7:97:8a:43:5b:f3:bd:92 - Signature Algorithm: ED25519 - Issuer: CN = Ed25519 test certificate - Validity - Not Before: May 6 17:27:16 2019 GMT - Not After : Jun 5 17:27:16 2019 GMT - Subject: CN = Ed25519 test certificate - Subject Public Key Info: - Public Key Algorithm: ED25519 - ED25519 Public-Key: - pub: - 36:29:c5:6c:0d:4f:14:6c:81:d0:ff:75:d3:6a:70: - 5f:69:cd:0f:4d:66:d5:da:98:7e:82:49:89:a3:8a: - 3c:fa - X509v3 extensions: - X509v3 Subject Key Identifier: - 09:3B:3A:9D:4A:29:D8:95:FF:68:BE:7B:43:54:72:E0:AD:A2:E3:AE - X509v3 Authority Key Identifier: - keyid:09:3B:3A:9D:4A:29:D8:95:FF:68:BE:7B:43:54:72:E0:AD:A2:E3:AE - - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: ED25519 - 53:a5:58:1c:2c:3b:2a:9e:ac:9d:4e:a5:1d:5f:5d:6d:a6:b5: - 08:de:12:82:f3:97:20:ae:fa:d8:98:f4:1a:83:32:6b:91:f5: - 24:1d:c4:20:7f:2c:e2:4d:da:13:3b:6d:54:1a:d2:a8:28:dc: - 60:b9:d4:f4:78:4b:3c:1c:91:00 ------BEGIN CERTIFICATE----- -MIIBWzCCAQ2gAwIBAgIUDIPYISuCyyOYI2Pi95eKQ1vzvZIwBQYDK2VwMCMxITAf -BgNVBAMMGEVkMjU1MTkgdGVzdCBjZXJ0aWZpY2F0ZTAeFw0xOTA1MDYxNzI3MTZa -Fw0xOTA2MDUxNzI3MTZaMCMxITAfBgNVBAMMGEVkMjU1MTkgdGVzdCBjZXJ0aWZp -Y2F0ZTAqMAUGAytlcAMhADYpxWwNTxRsgdD/ddNqcF9pzQ9NZtXamH6CSYmjijz6 -o1MwUTAdBgNVHQ4EFgQUCTs6nUop2JX/aL57Q1Ry4K2i464wHwYDVR0jBBgwFoAU -CTs6nUop2JX/aL57Q1Ry4K2i464wDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQBT -pVgcLDsqnqydTqUdX11tprUI3hKC85cgrvrYmPQagzJrkfUkHcQgfyziTdoTO21U -GtKoKNxgudT0eEs8HJEA ------END CERTIFICATE-----` - -func TestEd25519SelfSigned(t *testing.T) { - der, _ := pem.Decode([]byte(ed25519Certificate)) - if der == nil { - t.Fatalf("Failed to find PEM block") - } - - cert, err := ParseCertificate(der.Bytes) - if err != nil { - t.Fatalf("Failed to parse: %s", err) - } - - if cert.PublicKeyAlgorithm != Ed25519 { - t.Fatalf("Parsed key algorithm was not Ed25519") - } - parsedKey, ok := cert.PublicKey.(ed25519.PublicKey) - if !ok { - t.Fatalf("Parsed key was not an Ed25519 key: %s", err) - } - if len(parsedKey) != ed25519.PublicKeySize { - t.Fatalf("Invalid Ed25519 key") - } - - if err = cert.CheckSignatureFrom(cert); err != nil { - t.Fatalf("Signature check failed: %s", err) - } -} - -const pemCertificate = `-----BEGIN CERTIFICATE----- -MIIDATCCAemgAwIBAgIRAKQkkrFx1T/dgB/Go/xBM5swDQYJKoZIhvcNAQELBQAw -EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNjA4MTcyMDM2MDdaFw0xNzA4MTcyMDM2 -MDdaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDAoJtjG7M6InsWwIo+l3qq9u+g2rKFXNu9/mZ24XQ8XhV6PUR+5HQ4 -jUFWC58ExYhottqK5zQtKGkw5NuhjowFUgWB/VlNGAUBHtJcWR/062wYrHBYRxJH -qVXOpYKbIWwFKoXu3hcpg/CkdOlDWGKoZKBCwQwUBhWE7MDhpVdQ+ZljUJWL+FlK -yQK5iRsJd5TGJ6VUzLzdT4fmN2DzeK6GLeyMpVpU3sWV90JJbxWQ4YrzkKzYhMmB -EcpXTG2wm+ujiHU/k2p8zlf8Sm7VBM/scmnMFt0ynNXop4FWvJzEm1G0xD2t+e2I -5Utr04dOZPCgkm++QJgYhtZvgW7ZZiGTAgMBAAGjUjBQMA4GA1UdDwEB/wQEAwIF -oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBsGA1UdEQQUMBKC -EHRlc3QuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBADpqKQxrthH5InC7 -X96UP0OJCu/lLEMkrjoEWYIQaFl7uLPxKH5AmQPH4lYwF7u7gksR7owVG9QU9fs6 -1fK7II9CVgCd/4tZ0zm98FmU4D0lHGtPARrrzoZaqVZcAvRnFTlPX5pFkPhVjjai -/mkxX9LpD8oK1445DFHxK5UjLMmPIIWd8EOi+v5a+hgGwnJpoW7hntSl8kHMtTmy -fnnktsblSUV4lRCit0ymC7Ojhe+gzCCwkgs5kDzVVag+tnl/0e2DloIjASwOhpbH -KVcg7fBd484ht/sS+l0dsB4KDOSpd8JzVDMF8OZqlaydizoJO0yWr9GbCN1+OKq5 -EhLrEqU= ------END CERTIFICATE-----` - -const ed25519CRLCertificate = ` -Certificate: -Data: - Version: 3 (0x2) - Serial Number: - 7a:07:a0:9d:14:04:16:fc:1f:d8:e5:fe:d1:1d:1f:8d - Signature Algorithm: ED25519 - Issuer: CN = Ed25519 CRL Test CA - Validity - Not Before: Oct 30 01:20:20 2019 GMT - Not After : Dec 31 23:59:59 9999 GMT - Subject: CN = Ed25519 CRL Test CA - Subject Public Key Info: - Public Key Algorithm: ED25519 - ED25519 Public-Key: - pub: - 95:73:3b:b0:06:2a:31:5a:b6:a7:a6:6e:ef:71:df: - ac:6f:6b:39:03:85:5e:63:4b:f8:a6:0f:68:c6:6f: - 75:21 - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature, Certificate Sign, CRL Sign - X509v3 Extended Key Usage: - TLS Web Client Authentication, TLS Web Server Authentication, OCSP Signing - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Subject Key Identifier: - B7:17:DA:16:EA:C5:ED:1F:18:49:44:D3:D2:E3:A0:35:0A:81:93:60 - X509v3 Authority Key Identifier: - keyid:B7:17:DA:16:EA:C5:ED:1F:18:49:44:D3:D2:E3:A0:35:0A:81:93:60 - -Signature Algorithm: ED25519 - fc:3e:14:ea:bb:70:c2:6f:38:34:70:bc:c8:a7:f4:7c:0d:1e: - 28:d7:2a:9f:22:8a:45:e8:02:76:84:1e:2d:64:2d:1e:09:b5: - 29:71:1f:95:8a:4e:79:87:51:60:9a:e7:86:40:f6:60:c7:d1: - ee:68:76:17:1d:90:cc:92:93:07 ------BEGIN CERTIFICATE----- -MIIBijCCATygAwIBAgIQegegnRQEFvwf2OX+0R0fjTAFBgMrZXAwHjEcMBoGA1UE -AxMTRWQyNTUxOSBDUkwgVGVzdCBDQTAgFw0xOTEwMzAwMTIwMjBaGA85OTk5MTIz -MTIzNTk1OVowHjEcMBoGA1UEAxMTRWQyNTUxOSBDUkwgVGVzdCBDQTAqMAUGAytl -cAMhAJVzO7AGKjFatqembu9x36xvazkDhV5jS/imD2jGb3Uho4GNMIGKMA4GA1Ud -DwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUF -BwMJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLcX2hbqxe0fGElE09LjoDUK -gZNgMB8GA1UdIwQYMBaAFLcX2hbqxe0fGElE09LjoDUKgZNgMAUGAytlcANBAPw+ -FOq7cMJvODRwvMin9HwNHijXKp8iikXoAnaEHi1kLR4JtSlxH5WKTnmHUWCa54ZA -9mDH0e5odhcdkMySkwc= ------END CERTIFICATE-----` - -var ed25519CRLKey = testingKey(`-----BEGIN TEST KEY----- -MC4CAQAwBQYDK2VwBCIEINdKh2096vUBYu4EIFpjShsUSh3vimKya1sQ1YTT4RZG ------END TEST KEY-----`) - -func TestCRLCreation(t *testing.T) { - block, _ := pem.Decode([]byte(pemPrivateKey)) - privRSA, _ := ParsePKCS1PrivateKey(block.Bytes) - block, _ = pem.Decode([]byte(pemCertificate)) - certRSA, _ := ParseCertificate(block.Bytes) - - block, _ = pem.Decode([]byte(ed25519CRLKey)) - privEd25519, _ := ParsePKCS8PrivateKey(block.Bytes) - block, _ = pem.Decode([]byte(ed25519CRLCertificate)) - certEd25519, _ := ParseCertificate(block.Bytes) - - tests := []struct { - name string - priv interface{} - cert *Certificate - }{ - {"RSA CA", privRSA, certRSA}, - {"Ed25519 CA", privEd25519, certEd25519}, - } - - loc := time.FixedZone("Oz/Atlantis", int((2 * time.Hour).Seconds())) - - now := time.Unix(1000, 0).In(loc) - nowUTC := now.UTC() - expiry := time.Unix(10000, 0) - - revokedCerts := []pkix.RevokedCertificate{ - { - SerialNumber: big.NewInt(1), - RevocationTime: nowUTC, - }, - { - SerialNumber: big.NewInt(42), - // RevocationTime should be converted to UTC before marshaling. - RevocationTime: now, - }, - } - expectedCerts := []pkix.RevokedCertificate{ - { - SerialNumber: big.NewInt(1), - RevocationTime: nowUTC, - }, - { - SerialNumber: big.NewInt(42), - RevocationTime: nowUTC, - }, - } - - for _, test := range tests { - crlBytes, err := test.cert.CreateCRL(rand.Reader, test.priv, revokedCerts, now, expiry) - if err != nil { - t.Errorf("%s: error creating CRL: %s", test.name, err) - } - - parsedCRL, err := ParseDERCRL(crlBytes) - if err != nil { - t.Errorf("%s: error reparsing CRL: %s", test.name, err) - } - if !reflect.DeepEqual(parsedCRL.TBSCertList.RevokedCertificates, expectedCerts) { - t.Errorf("%s: RevokedCertificates mismatch: got %v; want %v.", test.name, - parsedCRL.TBSCertList.RevokedCertificates, expectedCerts) - } - } -} - -func fromBase64(in string) []byte { - out := make([]byte, base64.StdEncoding.DecodedLen(len(in))) - n, err := base64.StdEncoding.Decode(out, []byte(in)) - if err != nil { - panic("failed to base64 decode") - } - return out[:n] -} - -func TestParseDERCRL(t *testing.T) { - derBytes := fromBase64(derCRLBase64) - certList, err := ParseDERCRL(derBytes) - if err != nil { - t.Errorf("error parsing: %s", err) - return - } - numCerts := len(certList.TBSCertList.RevokedCertificates) - expected := 88 - if numCerts != expected { - t.Errorf("bad number of revoked certificates. got: %d want: %d", numCerts, expected) - } - - if certList.HasExpired(time.Unix(1302517272, 0)) { - t.Errorf("CRL has expired (but shouldn't have)") - } - - // Can't check the signature here without a package cycle. -} - -func TestCRLWithoutExpiry(t *testing.T) { - derBytes := fromBase64("MIHYMIGZMAkGByqGSM44BAMwEjEQMA4GA1UEAxMHQ2FybERTUxcNOTkwODI3MDcwMDAwWjBpMBMCAgDIFw05OTA4MjIwNzAwMDBaMBMCAgDJFw05OTA4MjIwNzAwMDBaMBMCAgDTFw05OTA4MjIwNzAwMDBaMBMCAgDSFw05OTA4MjIwNzAwMDBaMBMCAgDUFw05OTA4MjQwNzAwMDBaMAkGByqGSM44BAMDLwAwLAIUfmVSdjP+NHMX0feW+aDU2G1cfT0CFAJ6W7fVWxjBz4fvftok8yqDnDWh") - certList, err := ParseDERCRL(derBytes) - if err != nil { - t.Fatal(err) - } - if !certList.TBSCertList.NextUpdate.IsZero() { - t.Errorf("NextUpdate is not the zero value") - } -} - -func TestParsePEMCRL(t *testing.T) { - pemBytes := fromBase64(pemCRLBase64) - certList, err := ParseCRL(pemBytes) - if err != nil { - t.Errorf("error parsing: %s", err) - return - } - numCerts := len(certList.TBSCertList.RevokedCertificates) - expected := 2 - if numCerts != expected { - t.Errorf("bad number of revoked certificates. got: %d want: %d", numCerts, expected) - } - - if certList.HasExpired(time.Unix(1302517272, 0)) { - t.Errorf("CRL has expired (but shouldn't have)") - } - - // Can't check the signature here without a package cycle. -} - -func TestImports(t *testing.T) { - if testing.Short() { - t.Skip("skipping in -short mode") - } - testenv.MustHaveGoRun(t) - - if out, err := exec.Command(testenv.GoToolPath(t), "run", "x509_test_import.go").CombinedOutput(); err != nil { - t.Errorf("failed to run x509_test_import.go: %s\n%s", err, out) - } -} - -const derCRLBase64 = "MIINqzCCDJMCAQEwDQYJKoZIhvcNAQEFBQAwVjEZMBcGA1UEAxMQUEtJIEZJTk1FQ0NBTklDQTEVMBMGA1UEChMMRklOTUVDQ0FOSUNBMRUwEwYDVQQLEwxGSU5NRUNDQU5JQ0ExCzAJBgNVBAYTAklUFw0xMTA1MDQxNjU3NDJaFw0xMTA1MDQyMDU3NDJaMIIMBzAhAg4Ze1od49Lt1qIXBydAzhcNMDkwNzE2MDg0MzIyWjAAMCECDl0HSL9bcZ1Ci/UHJ0DPFw0wOTA3MTYwODQzMTNaMAAwIQIOESB9tVAmX3cY7QcnQNAXDTA5MDcxNjA4NDUyMlowADAhAg4S1tGAQ3mHt8uVBydA1RcNMDkwODA0MTUyNTIyWjAAMCECDlQ249Y7vtC25ScHJ0DWFw0wOTA4MDQxNTI1MzdaMAAwIQIOISMop3NkA4PfYwcnQNkXDTA5MDgwNDExMDAzNFowADAhAg56/BMoS29KEShTBydA2hcNMDkwODA0MTEwMTAzWjAAMCECDnBp/22HPH5CSWoHJ0DbFw0wOTA4MDQxMDU0NDlaMAAwIQIOV9IP+8CD8bK+XAcnQNwXDTA5MDgwNDEwNTcxN1owADAhAg4v5aRz0IxWqYiXBydA3RcNMDkwODA0MTA1NzQ1WjAAMCECDlOU34VzvZAybQwHJ0DeFw0wOTA4MDQxMDU4MjFaMAAwIAINO4CD9lluIxcwBydBAxcNMDkwNzIyMTUzMTU5WjAAMCECDgOllfO8Y1QA7/wHJ0ExFw0wOTA3MjQxMTQxNDNaMAAwIQIOJBX7jbiCdRdyjgcnQUQXDTA5MDkxNjA5MzAwOFowADAhAg5iYSAgmDrlH/RZBydBRRcNMDkwOTE2MDkzMDE3WjAAMCECDmu6k6srP3jcMaQHJ0FRFw0wOTA4MDQxMDU2NDBaMAAwIQIOX8aHlO0V+WVH4QcnQVMXDTA5MDgwNDEwNTcyOVowADAhAg5flK2rg3NnsRgDBydBzhcNMTEwMjAxMTUzMzQ2WjAAMCECDg35yJDL1jOPTgoHJ0HPFw0xMTAyMDExNTM0MjZaMAAwIQIOMyFJ6+e9iiGVBQcnQdAXDTA5MDkxODEzMjAwNVowADAhAg5Emb/Oykucmn8fBydB1xcNMDkwOTIxMTAxMDQ3WjAAMCECDjQKCncV+MnUavMHJ0HaFw0wOTA5MjIwODE1MjZaMAAwIQIOaxiFUt3dpd+tPwcnQfQXDTEwMDYxODA4NDI1MVowADAhAg5G7P8nO0tkrMt7BydB9RcNMTAwNjE4MDg0MjMwWjAAMCECDmTCC3SXhmDRst4HJ0H2Fw0wOTA5MjgxMjA3MjBaMAAwIQIOHoGhUr/pRwzTKgcnQfcXDTA5MDkyODEyMDcyNFowADAhAg50wrcrCiw8mQmPBydCBBcNMTAwMjE2MTMwMTA2WjAAMCECDifWmkvwyhEqwEcHJ0IFFw0xMDAyMTYxMzAxMjBaMAAwIQIOfgPmlW9fg+osNgcnQhwXDTEwMDQxMzA5NTIwMFowADAhAg4YHAGuA6LgCk7tBydCHRcNMTAwNDEzMDk1MTM4WjAAMCECDi1zH1bxkNJhokAHJ0IsFw0xMDA0MTMwOTU5MzBaMAAwIQIOMipNccsb/wo2fwcnQi0XDTEwMDQxMzA5NTkwMFowADAhAg46lCmvPl4GpP6ABydCShcNMTAwMTE5MDk1MjE3WjAAMCECDjaTcaj+wBpcGAsHJ0JLFw0xMDAxMTkwOTUyMzRaMAAwIQIOOMC13EOrBuxIOQcnQloXDTEwMDIwMTA5NDcwNVowADAhAg5KmZl+krz4RsmrBydCWxcNMTAwMjAxMDk0NjQwWjAAMCECDmLG3zQJ/fzdSsUHJ0JiFw0xMDAzMDEwOTUxNDBaMAAwIQIOP39ksgHdojf4owcnQmMXDTEwMDMwMTA5NTExN1owADAhAg4LDQzvWNRlD6v9BydCZBcNMTAwMzAxMDk0NjIyWjAAMCECDkmNfeclaFhIaaUHJ0JlFw0xMDAzMDEwOTQ2MDVaMAAwIQIOT/qWWfpH/m8NTwcnQpQXDTEwMDUxMTA5MTgyMVowADAhAg5m/ksYxvCEgJSvBydClRcNMTAwNTExMDkxODAxWjAAMCECDgvf3Ohq6JOPU9AHJ0KWFw0xMDA1MTEwOTIxMjNaMAAwIQIOKSPas10z4jNVIQcnQpcXDTEwMDUxMTA5MjEwMlowADAhAg4mCWmhoZ3lyKCDBydCohcNMTEwNDI4MTEwMjI1WjAAMCECDkeiyRsBMK0Gvr4HJ0KjFw0xMTA0MjgxMTAyMDdaMAAwIQIOa09b/nH2+55SSwcnQq4XDTExMDQwMTA4Mjk0NlowADAhAg5O7M7iq7gGplr1BydCrxcNMTEwNDAxMDgzMDE3WjAAMCECDjlT6mJxUjTvyogHJ0K1Fw0xMTAxMjcxNTQ4NTJaMAAwIQIODS/l4UUFLe21NAcnQrYXDTExMDEyNzE1NDgyOFowADAhAg5lPRA0XdOUF6lSBydDHhcNMTEwMTI4MTQzNTA1WjAAMCECDixKX4fFGGpENwgHJ0MfFw0xMTAxMjgxNDM1MzBaMAAwIQIORNBkqsPnpKTtbAcnQ08XDTEwMDkwOTA4NDg0MlowADAhAg5QL+EMM3lohedEBydDUBcNMTAwOTA5MDg0ODE5WjAAMCECDlhDnHK+HiTRAXcHJ0NUFw0xMDEwMTkxNjIxNDBaMAAwIQIOdBFqAzq/INz53gcnQ1UXDTEwMTAxOTE2MjA0NFowADAhAg4OjR7s8MgKles1BydDWhcNMTEwMTI3MTY1MzM2WjAAMCECDmfR/elHee+d0SoHJ0NbFw0xMTAxMjcxNjUzNTZaMAAwIQIOBTKv2ui+KFMI+wcnQ5YXDTEwMDkxNTEwMjE1N1owADAhAg49F3c/GSah+oRUBydDmxcNMTEwMTI3MTczMjMzWjAAMCECDggv4I61WwpKFMMHJ0OcFw0xMTAxMjcxNzMyNTVaMAAwIQIOXx/Y8sEvwS10LAcnQ6UXDTExMDEyODExMjkzN1owADAhAg5LSLbnVrSKaw/9BydDphcNMTEwMTI4MTEyOTIwWjAAMCECDmFFoCuhKUeACQQHJ0PfFw0xMTAxMTExMDE3MzdaMAAwIQIOQTDdFh2fSPF6AAcnQ+AXDTExMDExMTEwMTcxMFowADAhAg5B8AOXX61FpvbbBydD5RcNMTAxMDA2MTAxNDM2WjAAMCECDh41P2Gmi7PkwI4HJ0PmFw0xMDEwMDYxMDE2MjVaMAAwIQIOWUHGLQCd+Ale9gcnQ/0XDTExMDUwMjA3NTYxMFowADAhAg5Z2c9AYkikmgWOBydD/hcNMTEwNTAyMDc1NjM0WjAAMCECDmf/UD+/h8nf+74HJ0QVFw0xMTA0MTUwNzI4MzNaMAAwIQIOICvj4epy3MrqfwcnRBYXDTExMDQxNTA3Mjg1NlowADAhAg4bouRMfOYqgv4xBydEHxcNMTEwMzA4MTYyNDI1WjAAMCECDhebWHGoKiTp7pEHJ0QgFw0xMTAzMDgxNjI0NDhaMAAwIQIOX+qnxxAqJ8LtawcnRDcXDTExMDEzMTE1MTIyOFowADAhAg4j0fICqZ+wkOdqBydEOBcNMTEwMTMxMTUxMTQxWjAAMCECDhmXjsV4SUpWtAMHJ0RLFw0xMTAxMjgxMTI0MTJaMAAwIQIODno/w+zG43kkTwcnREwXDTExMDEyODExMjM1MlowADAhAg4b1gc88767Fr+LBydETxcNMTEwMTI4MTEwMjA4WjAAMCECDn+M3Pa1w2nyFeUHJ0RQFw0xMTAxMjgxMDU4NDVaMAAwIQIOaduoyIH61tqybAcnRJUXDTEwMTIxNTA5NDMyMlowADAhAg4nLqQPkyi3ESAKBydElhcNMTAxMjE1MDk0MzM2WjAAMCECDi504NIMH8578gQHJ0SbFw0xMTAyMTQxNDA1NDFaMAAwIQIOGuaM8PDaC5u1egcnRJwXDTExMDIxNDE0MDYwNFowADAhAg4ehYq/BXGnB5PWBydEnxcNMTEwMjA0MDgwOTUxWjAAMCECDkSD4eS4FxW5H20HJ0SgFw0xMTAyMDQwODA5MjVaMAAwIQIOOCcb6ilYObt1egcnRKEXDTExMDEyNjEwNDEyOVowADAhAg58tISWCCwFnKGnBydEohcNMTEwMjA0MDgxMzQyWjAAMCECDn5rjtabY/L/WL0HJ0TJFw0xMTAyMDQxMTAzNDFaMAAwDQYJKoZIhvcNAQEFBQADggEBAGnF2Gs0+LNiYCW1Ipm83OXQYP/bd5tFFRzyz3iepFqNfYs4D68/QihjFoRHQoXEB0OEe1tvaVnnPGnEOpi6krwekquMxo4H88B5SlyiFIqemCOIss0SxlCFs69LmfRYvPPvPEhoXtQ3ZThe0UvKG83GOklhvGl6OaiRf4Mt+m8zOT4Wox/j6aOBK6cw6qKCdmD+Yj1rrNqFGg1CnSWMoD6S6mwNgkzwdBUJZ22BwrzAAo4RHa2Uy3ef1FjwD0XtU5N3uDSxGGBEDvOe5z82rps3E22FpAA8eYl8kaXtmWqyvYU0epp4brGuTxCuBMCAsxt/OjIjeNNQbBGkwxgfYA0=" - -const pemCRLBase64 = "LS0tLS1CRUdJTiBYNTA5IENSTC0tLS0tDQpNSUlCOWpDQ0FWOENBUUV3RFFZSktvWklodmNOQVFFRkJRQXdiREVhTUJnR0ExVUVDaE1SVWxOQklGTmxZM1Z5DQphWFI1SUVsdVl5NHhIakFjQmdOVkJBTVRGVkpUUVNCUWRXSnNhV01nVW05dmRDQkRRU0IyTVRFdU1Dd0dDU3FHDQpTSWIzRFFFSkFSWWZjbk5oYTJWdmJuSnZiM1J6YVdkdVFISnpZWE5sWTNWeWFYUjVMbU52YlJjTk1URXdNakl6DQpNVGt5T0RNd1doY05NVEV3T0RJeU1Ua3lPRE13V2pDQmpEQktBaEVBckRxb2g5RkhKSFhUN09QZ3V1bjQrQmNODQpNRGt4TVRBeU1UUXlOekE1V2pBbU1Bb0dBMVVkRlFRRENnRUpNQmdHQTFVZEdBUVJHQTh5TURBNU1URXdNakUwDQpNalExTlZvd1BnSVJBTEd6blowOTVQQjVhQU9MUGc1N2ZNTVhEVEF5TVRBeU16RTBOVEF4TkZvd0dqQVlCZ05WDQpIUmdFRVJnUE1qQXdNakV3TWpNeE5EVXdNVFJhb0RBd0xqQWZCZ05WSFNNRUdEQVdnQlQxVERGNlVRTS9MTmVMDQpsNWx2cUhHUXEzZzltekFMQmdOVkhSUUVCQUlDQUlRd0RRWUpLb1pJaHZjTkFRRUZCUUFEZ1lFQUZVNUFzNk16DQpxNVBSc2lmYW9iUVBHaDFhSkx5QytNczVBZ2MwYld5QTNHQWR4dXI1U3BQWmVSV0NCamlQL01FSEJXSkNsQkhQDQpHUmNxNXlJZDNFakRrYUV5eFJhK2k2N0x6dmhJNmMyOUVlNks5cFNZd2ppLzdSVWhtbW5Qclh0VHhsTDBsckxyDQptUVFKNnhoRFJhNUczUUE0Q21VZHNITnZicnpnbUNZcHZWRT0NCi0tLS0tRU5EIFg1MDkgQ1JMLS0tLS0NCg0K" - -func TestCreateCertificateRequest(t *testing.T) { - random := rand.Reader - - ecdsa256Priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - t.Fatalf("Failed to generate ECDSA key: %s", err) - } - - ecdsa384Priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) - if err != nil { - t.Fatalf("Failed to generate ECDSA key: %s", err) - } - - ecdsa521Priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) - if err != nil { - t.Fatalf("Failed to generate ECDSA key: %s", err) - } - - _, ed25519Priv, err := ed25519.GenerateKey(random) - if err != nil { - t.Fatalf("Failed to generate Ed25519 key: %s", err) - } - - tests := []struct { - name string - priv interface{} - sigAlgo SignatureAlgorithm - }{ - {"RSA", testPrivateKey, SHA1WithRSA}, - {"ECDSA-256", ecdsa256Priv, ECDSAWithSHA1}, - {"ECDSA-384", ecdsa384Priv, ECDSAWithSHA1}, - {"ECDSA-521", ecdsa521Priv, ECDSAWithSHA1}, - {"Ed25519", ed25519Priv, PureEd25519}, - } - - for _, test := range tests { - template := CertificateRequest{ - Subject: pkix.Name{ - CommonName: "test.example.com", - Organization: []string{"Σ Acme Co"}, - }, - SignatureAlgorithm: test.sigAlgo, - DNSNames: []string{"test.example.com"}, - EmailAddresses: []string{"gopher@golang.org"}, - IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1).To4(), net.ParseIP("2001:4860:0:2001::68")}, - } - - derBytes, err := CreateCertificateRequest(random, &template, test.priv) - if err != nil { - t.Errorf("%s: failed to create certificate request: %s", test.name, err) - continue - } - - out, err := ParseCertificateRequest(derBytes) - if err != nil { - t.Errorf("%s: failed to create certificate request: %s", test.name, err) - continue - } - - err = out.CheckSignature() - if err != nil { - t.Errorf("%s: failed to check certificate request signature: %s", test.name, err) - continue - } - - if out.Subject.CommonName != template.Subject.CommonName { - t.Errorf("%s: output subject common name and template subject common name don't match", test.name) - } else if len(out.Subject.Organization) != len(template.Subject.Organization) { - t.Errorf("%s: output subject organisation and template subject organisation don't match", test.name) - } else if len(out.DNSNames) != len(template.DNSNames) { - t.Errorf("%s: output DNS names and template DNS names don't match", test.name) - } else if len(out.EmailAddresses) != len(template.EmailAddresses) { - t.Errorf("%s: output email addresses and template email addresses don't match", test.name) - } else if len(out.IPAddresses) != len(template.IPAddresses) { - t.Errorf("%s: output IP addresses and template IP addresses names don't match", test.name) - } - } -} - -func marshalAndParseCSR(t *testing.T, template *CertificateRequest) *CertificateRequest { - derBytes, err := CreateCertificateRequest(rand.Reader, template, testPrivateKey) - if err != nil { - t.Fatal(err) - } - - csr, err := ParseCertificateRequest(derBytes) - if err != nil { - t.Fatal(err) - } - - return csr -} - -func TestCertificateRequestOverrides(t *testing.T) { - sanContents, err := marshalSANs([]string{"foo.example.com"}, nil, nil, nil) - if err != nil { - t.Fatal(err) - } - - template := CertificateRequest{ - Subject: pkix.Name{ - CommonName: "test.example.com", - Organization: []string{"Σ Acme Co"}, - }, - DNSNames: []string{"test.example.com"}, - - // An explicit extension should override the DNSNames from the - // template. - ExtraExtensions: []pkix.Extension{ - { - Id: oidExtensionSubjectAltName, - Value: sanContents, - Critical: true, - }, - }, - } - - csr := marshalAndParseCSR(t, &template) - - if len(csr.DNSNames) != 1 || csr.DNSNames[0] != "foo.example.com" { - t.Errorf("Extension did not override template. Got %v\n", csr.DNSNames) - } - - if len(csr.Extensions) != 1 || !csr.Extensions[0].Id.Equal(oidExtensionSubjectAltName) || !csr.Extensions[0].Critical { - t.Errorf("SAN extension was not faithfully copied, got %#v", csr.Extensions) - } - - // If there is already an attribute with X.509 extensions then the - // extra extensions should be added to it rather than creating a CSR - // with two extension attributes. - - template.Attributes = []pkix.AttributeTypeAndValueSET{ - { - Type: oidExtensionRequest, - Value: [][]pkix.AttributeTypeAndValue{ - { - { - Type: oidExtensionAuthorityInfoAccess, - Value: []byte("foo"), - }, - }, - }, - }, - } - - csr = marshalAndParseCSR(t, &template) - if l := len(csr.Attributes); l != 1 { - t.Errorf("incorrect number of attributes: %d\n", l) - } - - if !csr.Attributes[0].Type.Equal(oidExtensionRequest) || - len(csr.Attributes[0].Value) != 1 || - len(csr.Attributes[0].Value[0]) != 2 { - t.Errorf("bad attributes: %#v\n", csr.Attributes) - } - - sanContents2, err := marshalSANs([]string{"foo2.example.com"}, nil, nil, nil) - if err != nil { - t.Fatal(err) - } - - // Extensions in Attributes should override those in ExtraExtensions. - template.Attributes[0].Value[0] = append(template.Attributes[0].Value[0], pkix.AttributeTypeAndValue{ - Type: oidExtensionSubjectAltName, - Value: sanContents2, - }) - - csr = marshalAndParseCSR(t, &template) - - if len(csr.DNSNames) != 1 || csr.DNSNames[0] != "foo2.example.com" { - t.Errorf("Attributes did not override ExtraExtensions. Got %v\n", csr.DNSNames) - } -} - -func TestParseCertificateRequest(t *testing.T) { - for _, csrBase64 := range csrBase64Array { - csrBytes := fromBase64(csrBase64) - csr, err := ParseCertificateRequest(csrBytes) - if err != nil { - t.Fatalf("failed to parse CSR: %s", err) - } - - if len(csr.EmailAddresses) != 1 || csr.EmailAddresses[0] != "gopher@golang.org" { - t.Errorf("incorrect email addresses found: %v", csr.EmailAddresses) - } - - if len(csr.DNSNames) != 1 || csr.DNSNames[0] != "test.example.com" { - t.Errorf("incorrect DNS names found: %v", csr.DNSNames) - } - - if len(csr.Subject.Country) != 1 || csr.Subject.Country[0] != "AU" { - t.Errorf("incorrect Subject name: %v", csr.Subject) - } - - found := false - for _, e := range csr.Extensions { - if e.Id.Equal(oidExtensionBasicConstraints) { - found = true - break - } - } - if !found { - t.Errorf("basic constraints extension not found in CSR") - } - } -} - -func TestCriticalFlagInCSRRequestedExtensions(t *testing.T) { - // This CSR contains an extension request where the extensions have a - // critical flag in them. In the past we failed to handle this. - const csrBase64 = "MIICrTCCAZUCAQIwMzEgMB4GA1UEAwwXU0NFUCBDQSBmb3IgRGV2ZWxlciBTcmwxDzANBgNVBAsMBjQzNTk3MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALFMAJ7Zy9YyfgbNlbUWAW0LalNRMPs7aXmLANsCpjhnw3lLlfDPaLeWyKh1nK5I5ojaJOW6KIOSAcJkDUe3rrE0wR0RVt3UxArqs0R/ND3u5Q+bDQY2X1HAFUHzUzcdm5JRAIA355v90teMckaWAIlkRQjDE22Lzc6NAl64KOd1rqOUNj8+PfX6fSo20jm94Pp1+a6mfk3G/RUWVuSm7owO5DZI/Fsi2ijdmb4NUar6K/bDKYTrDFkzcqAyMfP3TitUtBp19Mp3B1yAlHjlbp/r5fSSXfOGHZdgIvp0WkLuK2u5eQrX5l7HMB/5epgUs3HQxKY6ljhh5wAjDwz//LsCAwEAAaA1MDMGCSqGSIb3DQEJDjEmMCQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAoQwDQYJKoZIhvcNAQEFBQADggEBAAMq3bxJSPQEgzLYR/yaVvgjCDrc3zUbIwdOis6Go06Q4RnjH5yRaSZAqZQTDsPurQcnz2I39VMGEiSkFJFavf4QHIZ7QFLkyXadMtALc87tm17Ej719SbHcBSSZayR9VYJUNXRLayI6HvyUrmqcMKh+iX3WY3ICr59/wlM0tYa8DYN4yzmOa2Onb29gy3YlaF5A2AKAMmk003cRT9gY26mjpv7d21czOSSeNyVIoZ04IR9ee71vWTMdv0hu/af5kSjQ+ZG5/Qgc0+mnECLz/1gtxt1srLYbtYQ/qAY8oX1DCSGFS61tN/vl+4cxGMD/VGcGzADRLRHSlVqy2Qgss6Q=" - - csrBytes := fromBase64(csrBase64) - csr, err := ParseCertificateRequest(csrBytes) - if err != nil { - t.Fatalf("failed to parse CSR: %s", err) - } - - expected := []struct { - Id asn1.ObjectIdentifier - Value []byte - }{ - {oidExtensionBasicConstraints, fromBase64("MAYBAf8CAQA=")}, - {oidExtensionKeyUsage, fromBase64("AwIChA==")}, - } - - if n := len(csr.Extensions); n != len(expected) { - t.Fatalf("expected to find %d extensions but found %d", len(expected), n) - } - - for i, extension := range csr.Extensions { - if !extension.Id.Equal(expected[i].Id) { - t.Fatalf("extension #%d has unexpected type %v (expected %v)", i, extension.Id, expected[i].Id) - } - - if !bytes.Equal(extension.Value, expected[i].Value) { - t.Fatalf("extension #%d has unexpected contents %x (expected %x)", i, extension.Value, expected[i].Value) - } - } -} - -// serialiseAndParse generates a self-signed certificate from template and -// returns a parsed version of it. -func serialiseAndParse(t *testing.T, template *Certificate) *Certificate { - derBytes, err := CreateCertificate(rand.Reader, template, template, &testPrivateKey.PublicKey, testPrivateKey) - if err != nil { - t.Fatalf("failed to create certificate: %s", err) - return nil - } - - cert, err := ParseCertificate(derBytes) - if err != nil { - t.Fatalf("failed to parse certificate: %s", err) - return nil - } - - return cert -} - -func TestMaxPathLenNotCA(t *testing.T) { - template := &Certificate{ - SerialNumber: big.NewInt(1), - Subject: pkix.Name{ - CommonName: "Σ Acme Co", - }, - NotBefore: time.Unix(1000, 0), - NotAfter: time.Unix(100000, 0), - - BasicConstraintsValid: true, - IsCA: false, - } - cert := serialiseAndParse(t, template) - if m := cert.MaxPathLen; m != -1 { - t.Errorf("MaxPathLen should be -1 when IsCa is false, got %d", m) - } - - template.MaxPathLen = 5 - if _, err := CreateCertificate(rand.Reader, template, template, &testPrivateKey.PublicKey, testPrivateKey); err == nil { - t.Error("specifying a MaxPathLen when IsCA is false should fail") - } - - template.MaxPathLen = 0 - template.MaxPathLenZero = true - if _, err := CreateCertificate(rand.Reader, template, template, &testPrivateKey.PublicKey, testPrivateKey); err == nil { - t.Error("setting MaxPathLenZero when IsCA is false should fail") - } - - template.BasicConstraintsValid = false - cert2 := serialiseAndParse(t, template) - if m := cert2.MaxPathLen; m != 0 { - t.Errorf("Bad MaxPathLen should be ignored if BasicConstraintsValid is false, got %d", m) - } -} - -func TestMaxPathLen(t *testing.T) { - template := &Certificate{ - SerialNumber: big.NewInt(1), - Subject: pkix.Name{ - CommonName: "Σ Acme Co", - }, - NotBefore: time.Unix(1000, 0), - NotAfter: time.Unix(100000, 0), - - BasicConstraintsValid: true, - IsCA: true, - } - - cert1 := serialiseAndParse(t, template) - if m := cert1.MaxPathLen; m != -1 { - t.Errorf("Omitting MaxPathLen didn't turn into -1, got %d", m) - } - if cert1.MaxPathLenZero { - t.Errorf("Omitting MaxPathLen resulted in MaxPathLenZero") - } - - template.MaxPathLen = 1 - cert2 := serialiseAndParse(t, template) - if m := cert2.MaxPathLen; m != 1 { - t.Errorf("Setting MaxPathLen didn't work. Got %d but set 1", m) - } - if cert2.MaxPathLenZero { - t.Errorf("Setting MaxPathLen resulted in MaxPathLenZero") - } - - template.MaxPathLen = 0 - template.MaxPathLenZero = true - cert3 := serialiseAndParse(t, template) - if m := cert3.MaxPathLen; m != 0 { - t.Errorf("Setting MaxPathLenZero didn't work, got %d", m) - } - if !cert3.MaxPathLenZero { - t.Errorf("Setting MaxPathLen to zero didn't result in MaxPathLenZero") - } -} - -func TestNoAuthorityKeyIdInSelfSignedCert(t *testing.T) { - template := &Certificate{ - SerialNumber: big.NewInt(1), - Subject: pkix.Name{ - CommonName: "Σ Acme Co", - }, - NotBefore: time.Unix(1000, 0), - NotAfter: time.Unix(100000, 0), - - BasicConstraintsValid: true, - IsCA: true, - SubjectKeyId: []byte{1, 2, 3, 4}, - } - - if cert := serialiseAndParse(t, template); len(cert.AuthorityKeyId) != 0 { - t.Fatalf("self-signed certificate contained default authority key id") - } - - template.AuthorityKeyId = []byte{1, 2, 3, 4} - if cert := serialiseAndParse(t, template); len(cert.AuthorityKeyId) == 0 { - t.Fatalf("self-signed certificate erased explicit authority key id") - } -} - -func TestNoSubjectKeyIdInCert(t *testing.T) { - template := &Certificate{ - SerialNumber: big.NewInt(1), - Subject: pkix.Name{ - CommonName: "Σ Acme Co", - }, - NotBefore: time.Unix(1000, 0), - NotAfter: time.Unix(100000, 0), - - BasicConstraintsValid: true, - IsCA: true, - } - if cert := serialiseAndParse(t, template); len(cert.SubjectKeyId) == 0 { - t.Fatalf("self-signed certificate did not generate subject key id using the public key") - } - - template.IsCA = false - if cert := serialiseAndParse(t, template); len(cert.SubjectKeyId) != 0 { - t.Fatalf("self-signed certificate generated subject key id when it isn't a CA") - } - - template.SubjectKeyId = []byte{1, 2, 3, 4} - if cert := serialiseAndParse(t, template); len(cert.SubjectKeyId) == 0 { - t.Fatalf("self-signed certificate erased explicit subject key id") - } -} - -func TestASN1BitLength(t *testing.T) { - tests := []struct { - bytes []byte - bitLen int - }{ - {nil, 0}, - {[]byte{0x00}, 0}, - {[]byte{0x00, 0x00}, 0}, - {[]byte{0xf0}, 4}, - {[]byte{0x88}, 5}, - {[]byte{0xff}, 8}, - {[]byte{0xff, 0x80}, 9}, - {[]byte{0xff, 0x81}, 16}, - } - - for i, test := range tests { - if got := asn1BitLength(test.bytes); got != test.bitLen { - t.Errorf("#%d: calculated bit-length of %d for %x, wanted %d", i, got, test.bytes, test.bitLen) - } - } -} - -func TestVerifyEmptyCertificate(t *testing.T) { - if _, err := new(Certificate).Verify(VerifyOptions{}); err != errNotParsed { - t.Errorf("Verifying empty certificate resulted in unexpected error: %q (wanted %q)", err, errNotParsed) - } -} - -func TestInsecureAlgorithmErrorString(t *testing.T) { - tests := []struct { - sa SignatureAlgorithm - want string - }{ - {MD2WithRSA, "x509: cannot verify signature: insecure algorithm MD2-RSA"}, - {-1, "x509: cannot verify signature: insecure algorithm -1"}, - {0, "x509: cannot verify signature: insecure algorithm 0"}, - {9999, "x509: cannot verify signature: insecure algorithm 9999"}, - } - for i, tt := range tests { - if got := fmt.Sprint(InsecureAlgorithmError(tt.sa)); got != tt.want { - t.Errorf("%d. mismatch.\n got: %s\nwant: %s\n", i, got, tt.want) - } - } -} - -// These CSR was generated with OpenSSL: -// openssl req -out CSR.csr -new -sha256 -nodes -keyout privateKey.key -config openssl.cnf -// -// With openssl.cnf containing the following sections: -// [ v3_req ] -// basicConstraints = CA:FALSE -// keyUsage = nonRepudiation, digitalSignature, keyEncipherment -// subjectAltName = email:gopher@golang.org,DNS:test.example.com -// [ req_attributes ] -// challengePassword = ignored challenge -// unstructuredName = ignored unstructured name -var csrBase64Array = [...]string{ - // Just [ v3_req ] - "MIIDHDCCAgQCAQAwfjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UEAwwLQ29tbW9uIE5hbWUxITAfBgkqhkiG9w0BCQEWEnRlc3RAZW1haWwuYWRkcmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1GY4YFx2ujlZEOJxQVYmsjUnLsd5nFVnNpLE4cV+77sgv9NPNlB8uhn3MXt5leD34rm/2BisCHOifPucYlSrszo2beuKhvwn4+2FxDmWtBEMu/QA16L5IvoOfYZm/gJTsPwKDqvaR0tTU67a9OtxwNTBMI56YKtmwd/o8d3hYv9cg+9ZGAZ/gKONcg/OWYx/XRh6bd0g8DMbCikpWgXKDsvvK1Nk+VtkDO1JxuBaj4Lz/p/MifTfnHoqHxWOWl4EaTs4Ychxsv34/rSj1KD1tJqorIv5Xv2aqv4sjxfbrYzX4kvS5SC1goIovLnhj5UjmQ3Qy8u65eow/LLWw+YFcCAwEAAaBZMFcGCSqGSIb3DQEJDjFKMEgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwLgYDVR0RBCcwJYERZ29waGVyQGdvbGFuZy5vcmeCEHRlc3QuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAB6VPMRrchvNW61Tokyq3ZvO6/NoGIbuwUn54q6l5VZW0Ep5Nq8juhegSSnaJ0jrovmUgKDN9vEo2KxuAtwG6udS6Ami3zP+hRd4k9Q8djJPb78nrjzWiindLK5Fps9U5mMoi1ER8ViveyAOTfnZt/jsKUaRsscY2FzE9t9/o5moE6LTcHUS4Ap1eheR+J72WOnQYn3cifYaemsA9MJuLko+kQ6xseqttbh9zjqd9fiCSh/LNkzos9c+mg2yMADitaZinAh+HZi50ooEbjaT3erNq9O6RqwJlgD00g6MQdoz9bTAryCUhCQfkIaepmQ7BxS0pqWNW3MMwfDwx/Snz6g=", - // Both [ v3_req ] and [ req_attributes ] - "MIIDaTCCAlECAQAwfjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UEAwwLQ29tbW9uIE5hbWUxITAfBgkqhkiG9w0BCQEWEnRlc3RAZW1haWwuYWRkcmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1GY4YFx2ujlZEOJxQVYmsjUnLsd5nFVnNpLE4cV+77sgv9NPNlB8uhn3MXt5leD34rm/2BisCHOifPucYlSrszo2beuKhvwn4+2FxDmWtBEMu/QA16L5IvoOfYZm/gJTsPwKDqvaR0tTU67a9OtxwNTBMI56YKtmwd/o8d3hYv9cg+9ZGAZ/gKONcg/OWYx/XRh6bd0g8DMbCikpWgXKDsvvK1Nk+VtkDO1JxuBaj4Lz/p/MifTfnHoqHxWOWl4EaTs4Ychxsv34/rSj1KD1tJqorIv5Xv2aqv4sjxfbrYzX4kvS5SC1goIovLnhj5UjmQ3Qy8u65eow/LLWw+YFcCAwEAAaCBpTAgBgkqhkiG9w0BCQcxEwwRaWdub3JlZCBjaGFsbGVuZ2UwKAYJKoZIhvcNAQkCMRsMGWlnbm9yZWQgdW5zdHJ1Y3R1cmVkIG5hbWUwVwYJKoZIhvcNAQkOMUowSDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAuBgNVHREEJzAlgRFnb3BoZXJAZ29sYW5nLm9yZ4IQdGVzdC5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAgxe2N5O48EMsYE7o0rZBB0wi3Ov5/yYfnmmVI22Y3sP6VXbLDW0+UWIeSccOhzUCcZ/G4qcrfhhx6gTZTeA01nP7TdTJURvWAH5iFqj9sQ0qnLq6nEcVHij3sG6M5+BxAIVClQBk6lTCzgphc835Fjj6qSLuJ20XHdL5UfUbiJxx299CHgyBRL+hBUIPfz8p+ZgamyAuDLfnj54zzcRVyLlrmMLNPZNll1Q70RxoU6uWvLH8wB8vQe3Q/guSGubLyLRTUQVPh+dw1L4t8MKFWfX/48jwRM4gIRHFHPeAAE9D9YAoqdIvj/iFm/eQ++7DP8MDwOZWsXeB6jjwHuLmkQ==", -} - -var md5cert = ` ------BEGIN CERTIFICATE----- -MIIB4TCCAUoCCQCfmw3vMgPS5TANBgkqhkiG9w0BAQQFADA1MQswCQYDVQQGEwJB -VTETMBEGA1UECBMKU29tZS1TdGF0ZTERMA8GA1UEChMITUQ1IEluYy4wHhcNMTUx -MjAzMTkyOTMyWhcNMjkwODEyMTkyOTMyWjA1MQswCQYDVQQGEwJBVTETMBEGA1UE -CBMKU29tZS1TdGF0ZTERMA8GA1UEChMITUQ1IEluYy4wgZ8wDQYJKoZIhvcNAQEB -BQADgY0AMIGJAoGBANrq2nhLQj5mlXbpVX3QUPhfEm/vdEqPkoWtR/jRZIWm4WGf -Wpq/LKHJx2Pqwn+t117syN8l4U5unyAi1BJSXjBwPZNd7dXjcuJ+bRLV7FZ/iuvs -cfYyQQFTxan4TaJMd0x1HoNDbNbjHa02IyjjYE/r3mb/PIg+J2t5AZEh80lPAgMB -AAEwDQYJKoZIhvcNAQEEBQADgYEAjGzp3K3ey/YfKHohf33yHHWd695HQxDAP+wY -cs9/TAyLR+gJzJP7d18EcDDLJWVi7bhfa4EAD86di05azOh9kWSn4b3o9QYRGCSw -GNnI3Zk0cwNKA49hZntKKiy22DhRk7JAHF01d6Bu3KkHkmENrtJ+zj/+159WAnUa -qViorq4= ------END CERTIFICATE----- -` - -func TestMD5(t *testing.T) { - pemBlock, _ := pem.Decode([]byte(md5cert)) - cert, err := ParseCertificate(pemBlock.Bytes) - if err != nil { - t.Fatalf("failed to parse certificate: %s", err) - } - if sa := cert.SignatureAlgorithm; sa != MD5WithRSA { - t.Errorf("signature algorithm is %v, want %v", sa, MD5WithRSA) - } - if err = cert.CheckSignatureFrom(cert); err == nil { - t.Fatalf("certificate verification succeeded incorrectly") - } - if _, ok := err.(InsecureAlgorithmError); !ok { - t.Fatalf("certificate verification returned %v (%T), wanted InsecureAlgorithmError", err, err) - } -} - -// certMissingRSANULL contains an RSA public key where the AlgorithmIdentifier -// parameters are omitted rather than being an ASN.1 NULL. -const certMissingRSANULL = ` ------BEGIN CERTIFICATE----- -MIIB7TCCAVigAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD -bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTExMTIwODA3NTUxMloXDTEyMTIwNzA4 -MDAxMlowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGc -MAsGCSqGSIb3DQEBAQOBjAAwgYgCgYBO0Hsx44Jk2VnAwoekXh6LczPHY1PfZpIG -hPZk1Y/kNqcdK+izIDZFI7Xjla7t4PUgnI2V339aEu+H5Fto5OkOdOwEin/ekyfE -ARl6vfLcPRSr0FTKIQzQTW6HLlzF0rtNS0/Otiz3fojsfNcCkXSmHgwa2uNKWi7e -E5xMQIhZkwIDAQABozIwMDAOBgNVHQ8BAf8EBAMCAKAwDQYDVR0OBAYEBAECAwQw -DwYDVR0jBAgwBoAEAQIDBDALBgkqhkiG9w0BAQUDgYEANh+zegx1yW43RmEr1b3A -p0vMRpqBWHyFeSnIyMZn3TJWRSt1tukkqVCavh9a+hoV2cxVlXIWg7nCto/9iIw4 -hB2rXZIxE0/9gzvGnfERYraL7KtnvshksBFQRlgXa5kc0x38BvEO5ZaoDPl4ILdE -GFGNEH5PlGffo05wc46QkYU= ------END CERTIFICATE-----` - -func TestRSAMissingNULLParameters(t *testing.T) { - block, _ := pem.Decode([]byte(certMissingRSANULL)) - if _, err := ParseCertificate(block.Bytes); err == nil { - t.Error("unexpected success when parsing certificate with missing RSA NULL parameter") - } else if !strings.Contains(err.Error(), "missing NULL") { - t.Errorf("unrecognised error when parsing certificate with missing RSA NULL parameter: %s", err) - } -} - -const certISOOID = ` ------BEGIN CERTIFICATE----- -MIIB5TCCAVKgAwIBAgIQtwyL3RPWV7dJQp34HwZG9DAJBgUrDgMCHQUAMBExDzAN -BgNVBAMTBm15dGVzdDAeFw0xNjA4MDkyMjExMDVaFw0zOTEyMzEyMzU5NTlaMBEx -DzANBgNVBAMTBm15dGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArzIH -GsyDB3ohIGkkvijF2PTRUX1bvOtY1eUUpjwHyu0twpAKSuaQv2Ha+/63+aHe8O86 -BT+98wjXFX6RFSagtAujo80rIF2dSm33BGt18pDN8v6zp93dnAm0jRaSQrHJ75xw -5O+S1oEYR1LtUoFJy6qB104j6aINBAgOiLIKiMkCAwEAAaNGMEQwQgYDVR0BBDsw -OYAQVuYVQ/WDjdGSkZRlTtJDNKETMBExDzANBgNVBAMTBm15dGVzdIIQtwyL3RPW -V7dJQp34HwZG9DAJBgUrDgMCHQUAA4GBABngrSkH7vG5lY4sa4AZF59lAAXqBVJE -J4TBiKC62hCdZv18rBleP6ETfhbPg7pTs8p4ebQbpmtNxRS9Lw3MzQ8Ya5Ybwzj2 -NwBSyCtCQl7mrEg4nJqJl4A2EUhnET/oVxU0oTV/SZ3ziGXcY1oG1s6vidV7TZTu -MCRtdSdaM7g3 ------END CERTIFICATE-----` - -func TestISOOIDInCertificate(t *testing.T) { - block, _ := pem.Decode([]byte(certISOOID)) - if cert, err := ParseCertificate(block.Bytes); err != nil { - t.Errorf("certificate with ISO OID failed to parse: %s", err) - } else if cert.SignatureAlgorithm == UnknownSignatureAlgorithm { - t.Errorf("ISO OID not recognised in certificate") - } -} - -// certMultipleRDN contains a RelativeDistinguishedName with two elements (the -// common name and serial number). This particular certificate was the first -// such certificate in the “Pilot” Certificate Transparency log. -const certMultipleRDN = ` ------BEGIN CERTIFICATE----- -MIIFRzCCBC+gAwIBAgIEOl59NTANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJz -aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMREwDwYDVQQLEwhzaWdvdi1j -YTAeFw0xMjExMTYxMDUyNTdaFw0xNzExMTYxMjQ5MDVaMIGLMQswCQYDVQQGEwJz -aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRkwFwYDVQQLExB3ZWItY2Vy -dGlmaWNhdGVzMRAwDgYDVQQLEwdTZXJ2ZXJzMTIwFAYDVQQFEw0xMjM2NDg0MDEw -MDEwMBoGA1UEAxMTZXBvcnRhbC5tc3MuZWR1cy5zaTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMrNkZH9MPuBTjMGNk3sJX8V+CkFx/4ru7RTlLS6dlYM -098dtSfJ3s2w0p/1NB9UmR8j0yS0Kg6yoZ3ShsSO4DWBtcQD8820a6BYwqxxQTNf -HSRZOc+N/4TQrvmK6t4k9Aw+YEYTMrWOU4UTeyhDeCcUsBdh7HjfWsVaqNky+2sv -oic3zP5gF+2QfPkvOoHT3FLR8olNhViIE6Kk3eFIEs4dkq/ZzlYdLb8pHQoj/sGI -zFmA5AFvm1HURqOmJriFjBwaCtn8AVEYOtQrnUCzJYu1ex8azyS2ZgYMX0u8A5Z/ -y2aMS/B2W+H79WcgLpK28vPwe7vam0oFrVytAd+u65ECAwEAAaOCAf4wggH6MA4G -A1UdDwEB/wQEAwIFoDBABgNVHSAEOTA3MDUGCisGAQQBr1kBAwMwJzAlBggrBgEF -BQcCARYZaHR0cDovL3d3dy5jYS5nb3Yuc2kvY3BzLzAfBgNVHREEGDAWgRRwb2Rw -b3JhLm1pemtzQGdvdi5zaTCB8QYDVR0fBIHpMIHmMFWgU6BRpE8wTTELMAkGA1UE -BhMCc2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0aW9uczERMA8GA1UECxMIc2ln -b3YtY2ExDjAMBgNVBAMTBUNSTDM5MIGMoIGJoIGGhldsZGFwOi8veDUwMC5nb3Yu -c2kvb3U9c2lnb3YtY2Esbz1zdGF0ZS1pbnN0aXR1dGlvbnMsYz1zaT9jZXJ0aWZp -Y2F0ZVJldm9jYXRpb25MaXN0P2Jhc2WGK2h0dHA6Ly93d3cuc2lnb3YtY2EuZ292 -LnNpL2NybC9zaWdvdi1jYS5jcmwwKwYDVR0QBCQwIoAPMjAxMjExMTYxMDUyNTda -gQ8yMDE3MTExNjEyNDkwNVowHwYDVR0jBBgwFoAUHvjUU2uzgwbpBAZXAvmlv8ZY -PHIwHQYDVR0OBBYEFGI1Duuu+wTGDZka/xHNbwcbM69ZMAkGA1UdEwQCMAAwGQYJ -KoZIhvZ9B0EABAwwChsEVjcuMQMCA6gwDQYJKoZIhvcNAQEFBQADggEBAHny0K1y -BQznrzDu3DDpBcGYguKU0dvU9rqsV1ua4nxkriSMWjgsX6XJFDdDW60I3P4VWab5 -ag5fZzbGqi8kva/CzGgZh+CES0aWCPy+4Gb8lwOTt+854/laaJvd6kgKTER7z7U9 -9C86Ch2y4sXNwwwPJ1A9dmrZJZOcJjS/WYZgwaafY2Hdxub5jqPE5nehwYUPVu9R -uH6/skk4OEKcfOtN0hCnISOVuKYyS4ANARWRG5VGHIH06z3lGUVARFRJ61gtAprd -La+fgSS+LVZ+kU2TkeoWAKvGq8MAgDq4D4Xqwekg7WKFeuyusi/NI5rm40XgjBMF -DF72IUofoVt7wo0= ------END CERTIFICATE-----` - -func TestMultipleRDN(t *testing.T) { - block, _ := pem.Decode([]byte(certMultipleRDN)) - cert, err := ParseCertificate(block.Bytes) - if err != nil { - t.Fatalf("certificate with two elements in an RDN failed to parse: %v", err) - } - - if want := "eportal.mss.edus.si"; cert.Subject.CommonName != want { - t.Errorf("got common name of %q, but want %q", cert.Subject.CommonName, want) - } - - if want := "1236484010010"; cert.Subject.SerialNumber != want { - t.Errorf("got serial number of %q, but want %q", cert.Subject.SerialNumber, want) - } -} - -func TestSystemCertPool(t *testing.T) { - if runtime.GOOS == "windows" { - t.Skip("not implemented on Windows; Issue 16736, 18609") - } - a, err := SystemCertPool() - if err != nil { - t.Fatal(err) - } - b, err := SystemCertPool() - if err != nil { - t.Fatal(err) - } - zeroPoolFuncs(a) - zeroPoolFuncs(b) - if !reflect.DeepEqual(a, b) { - t.Fatal("two calls to SystemCertPool had different results") - } - if ok := b.AppendCertsFromPEM([]byte(` ------BEGIN CERTIFICATE----- -MIIDBjCCAe6gAwIBAgIRANXM5I3gjuqDfTp/PYrs+u8wDQYJKoZIhvcNAQELBQAw -EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xODAzMjcxOTU2MjFaFw0xOTAzMjcxOTU2 -MjFaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDK+9m3rjsO2Djes6bIYQZ3eV29JF09ZrjOrEHLtaKrD6/acsoSoTsf -cQr+rzzztdB5ijWXCS64zo/0OiqBeZUNZ67jVdToa9qW5UYe2H0Y+ZNdfA5GYMFD -yk/l3/uBu3suTZPfXiW2TjEi27Q8ruNUIZ54DpTcs6y2rBRFzadPWwn/VQMlvRXM -jrzl8Y08dgnYmaAHprxVzwMXcQ/Brol+v9GvjaH1DooHqkn8O178wsPQNhdtvN01 -IXL46cYdcUwWrE/GX5u+9DaSi+0KWxAPQ+NVD5qUI0CKl4714yGGh7feXMjJdHgl -VG4QJZlJvC4FsURgCHJT6uHGIelnSwhbAgMBAAGjVzBVMA4GA1UdDwEB/wQEAwIF -oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMCAGA1UdEQQZMBeC -FVRlc3RTeXN0ZW1DZXJ0UG9vbC5nbzANBgkqhkiG9w0BAQsFAAOCAQEAwuSRx/VR -BKh2ICxZjL6jBwk/7UlU1XKbhQD96RqkidDNGEc6eLZ90Z5XXTurEsXqdm5jQYPs -1cdcSW+fOSMl7MfW9e5tM66FaIPZl9rKZ1r7GkOfgn93xdLAWe8XHd19xRfDreub -YC8DVqgLASOEYFupVSl76ktPfxkU5KCvmUf3P2PrRybk1qLGFytGxfyice2gHSNI -gify3K/+H/7wCkyFW4xYvzl7WW4mXxoqPRPjQt1J423DhnnQ4G1P8V/vhUpXNXOq -N9IEPnWuihC09cyx/WMQIUlWnaQLHdfpPS04Iez3yy2PdfXJzwfPrja7rNE+skK6 -pa/O1nF0AfWOpw== ------END CERTIFICATE----- - `)); !ok { - t.Fatal("AppendCertsFromPEM failed") - } - if reflect.DeepEqual(a, b) { - t.Fatal("changing one pool modified the other") - } -} - -const emptyNameConstraintsPEM = ` ------BEGIN CERTIFICATE----- -MIIC1jCCAb6gAwIBAgICEjQwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UEAxMdRW1w -dHkgbmFtZSBjb25zdHJhaW50cyBpc3N1ZXIwHhcNMTMwMjAxMDAwMDAwWhcNMjAw -NTMwMTA0ODM4WjAhMR8wHQYDVQQDExZFbXB0eSBuYW1lIGNvbnN0cmFpbnRzMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwriElUIt3LCqmJObs+yDoWPD -F5IqgWk6moIobYjPfextZiYU6I3EfvAwoNxPDkN2WowcocUZMJbEeEq5ebBksFnx -f12gBxlIViIYwZAzu7aFvhDMyPKQI3C8CG0ZSC9ABZ1E3umdA3CEueNOmP/TChNq -Cl23+BG1Qb/PJkpAO+GfpWSVhTcV53Mf/cKvFHcjGNrxzdSoq9fyW7a6gfcGEQY0 -LVkmwFWUfJ0wT8kaeLr0E0tozkIfo01KNWNzv6NcYP80QOBRDlApWu9ODmEVJHPD -blx4jzTQ3JLa+4DvBNOjVUOp+mgRmjiW0rLdrxwOxIqIOwNjweMCp/hgxX/hTQID -AQABoxEwDzANBgNVHR4EBjAEoAChADANBgkqhkiG9w0BAQsFAAOCAQEAWG+/zUMH -QhP8uNCtgSHyim/vh7wminwAvWgMKxlkLBFns6nZeQqsOV1lABY7U0Zuoqa1Z5nb -6L+iJa4ElREJOi/erLc9uLwBdDCAR0hUTKD7a6i4ooS39DTle87cUnj0MW1CUa6H -v5SsvpYW+1XleYJk/axQOOTcy4Es53dvnZsjXH0EA/QHnn7UV+JmlE3rtVxcYp6M -LYPmRhTioROA/drghicRkiu9hxdPyxkYS16M5g3Zj30jdm+k/6C6PeNtN9YmOOga -nCOSyFYfGhqOANYzpmuV+oIedAsPpIbfIzN8njYUs1zio+1IoI4o8ddM9sCbtPU8 -o+WoY6IsCKXV/g== ------END CERTIFICATE-----` - -func TestEmptyNameConstraints(t *testing.T) { - block, _ := pem.Decode([]byte(emptyNameConstraintsPEM)) - _, err := ParseCertificate(block.Bytes) - if err == nil { - t.Fatal("unexpected success") - } - - const expected = "empty name constraints" - if str := err.Error(); !strings.Contains(str, expected) { - t.Errorf("expected %q in error but got %q", expected, str) - } -} - -func TestPKIXNameString(t *testing.T) { - pem, err := hex.DecodeString(certBytes) - if err != nil { - t.Fatal(err) - } - certs, err := ParseCertificates(pem) - if err != nil { - t.Fatal(err) - } - - tests := []struct { - dn pkix.Name - want string - }{ - {pkix.Name{ - CommonName: "Steve Kille", - Organization: []string{"Isode Limited"}, - OrganizationalUnit: []string{"RFCs"}, - Locality: []string{"Richmond"}, - Province: []string{"Surrey"}, - StreetAddress: []string{"The Square"}, - PostalCode: []string{"TW9 1DT"}, - SerialNumber: "RFC 2253", - Country: []string{"GB"}, - }, "SERIALNUMBER=RFC 2253,CN=Steve Kille,OU=RFCs,O=Isode Limited,POSTALCODE=TW9 1DT,STREET=The Square,L=Richmond,ST=Surrey,C=GB"}, - {certs[0].Subject, - "CN=mail.google.com,O=Google Inc,L=Mountain View,ST=California,C=US"}, - {pkix.Name{ - Organization: []string{"#Google, Inc. \n-> 'Alphabet\" "}, - Country: []string{"US"}, - }, "O=\\#Google\\, Inc. \n-\\> 'Alphabet\\\"\\ ,C=US"}, - {pkix.Name{ - CommonName: "foo.com", - Organization: []string{"Gopher Industries"}, - ExtraNames: []pkix.AttributeTypeAndValue{ - {Type: asn1.ObjectIdentifier([]int{2, 5, 4, 3}), Value: "bar.com"}}, - }, "CN=bar.com,O=Gopher Industries"}, - {pkix.Name{ - Locality: []string{"Gophertown"}, - ExtraNames: []pkix.AttributeTypeAndValue{ - {Type: asn1.ObjectIdentifier([]int{1, 2, 3, 4, 5}), Value: "golang.org"}}, - }, "1.2.3.4.5=#130a676f6c616e672e6f7267,L=Gophertown"}, - } - - for i, test := range tests { - if got := test.dn.String(); got != test.want { - t.Errorf("#%d: String() = \n%s\n, want \n%s", i, got, test.want) - } - } -} - -func TestRDNSequenceString(t *testing.T) { - // Test some extra cases that get lost in pkix.Name conversions such as - // multi-valued attributes. - - var ( - oidCountry = []int{2, 5, 4, 6} - oidOrganization = []int{2, 5, 4, 10} - oidOrganizationalUnit = []int{2, 5, 4, 11} - oidCommonName = []int{2, 5, 4, 3} - ) - - tests := []struct { - seq pkix.RDNSequence - want string - }{ - { - seq: pkix.RDNSequence{ - pkix.RelativeDistinguishedNameSET{ - pkix.AttributeTypeAndValue{Type: oidCountry, Value: "US"}, - }, - pkix.RelativeDistinguishedNameSET{ - pkix.AttributeTypeAndValue{Type: oidOrganization, Value: "Widget Inc."}, - }, - pkix.RelativeDistinguishedNameSET{ - pkix.AttributeTypeAndValue{Type: oidOrganizationalUnit, Value: "Sales"}, - pkix.AttributeTypeAndValue{Type: oidCommonName, Value: "J. Smith"}, - }, - }, - want: "OU=Sales+CN=J. Smith,O=Widget Inc.,C=US", - }, - } - - for i, test := range tests { - if got := test.seq.String(); got != test.want { - t.Errorf("#%d: String() = \n%s\n, want \n%s", i, got, test.want) - } - } -} - -const criticalNameConstraintWithUnknownTypePEM = ` ------BEGIN CERTIFICATE----- -MIIC/TCCAeWgAwIBAgICEjQwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UEAxMdRW1w -dHkgbmFtZSBjb25zdHJhaW50cyBpc3N1ZXIwHhcNMTMwMjAxMDAwMDAwWhcNMjAw -NTMwMTA0ODM4WjAhMR8wHQYDVQQDExZFbXB0eSBuYW1lIGNvbnN0cmFpbnRzMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwriElUIt3LCqmJObs+yDoWPD -F5IqgWk6moIobYjPfextZiYU6I3EfvAwoNxPDkN2WowcocUZMJbEeEq5ebBksFnx -f12gBxlIViIYwZAzu7aFvhDMyPKQI3C8CG0ZSC9ABZ1E3umdA3CEueNOmP/TChNq -Cl23+BG1Qb/PJkpAO+GfpWSVhTcV53Mf/cKvFHcjGNrxzdSoq9fyW7a6gfcGEQY0 -LVkmwFWUfJ0wT8kaeLr0E0tozkIfo01KNWNzv6NcYP80QOBRDlApWu9ODmEVJHPD -blx4jzTQ3JLa+4DvBNOjVUOp+mgRmjiW0rLdrxwOxIqIOwNjweMCp/hgxX/hTQID -AQABozgwNjA0BgNVHR4BAf8EKjAooCQwIokgIACrzQAAAAAAAAAAAAAAAP////8A -AAAAAAAAAAAAAAChADANBgkqhkiG9w0BAQsFAAOCAQEAWG+/zUMHQhP8uNCtgSHy -im/vh7wminwAvWgMKxlkLBFns6nZeQqsOV1lABY7U0Zuoqa1Z5nb6L+iJa4ElREJ -Oi/erLc9uLwBdDCAR0hUTKD7a6i4ooS39DTle87cUnj0MW1CUa6Hv5SsvpYW+1Xl -eYJk/axQOOTcy4Es53dvnZsjXH0EA/QHnn7UV+JmlE3rtVxcYp6MLYPmRhTioROA -/drghicRkiu9hxdPyxkYS16M5g3Zj30jdm+k/6C6PeNtN9YmOOganCOSyFYfGhqO -ANYzpmuV+oIedAsPpIbfIzN8njYUs1zio+1IoI4o8ddM9sCbtPU8o+WoY6IsCKXV -/g== ------END CERTIFICATE-----` - -func TestCriticalNameConstraintWithUnknownType(t *testing.T) { - block, _ := pem.Decode([]byte(criticalNameConstraintWithUnknownTypePEM)) - cert, err := ParseCertificate(block.Bytes) - if err != nil { - t.Fatalf("unexpected parsing failure: %s", err) - } - - if l := len(cert.UnhandledCriticalExtensions); l != 1 { - t.Fatalf("expected one unhandled critical extension, but found %d", l) - } -} - -const badIPMaskPEM = ` ------BEGIN CERTIFICATE----- -MIICzzCCAbegAwIBAgICEjQwDQYJKoZIhvcNAQELBQAwHTEbMBkGA1UEAxMSQmFk -IElQIG1hc2sgaXNzdWVyMB4XDTEzMDIwMTAwMDAwMFoXDTIwMDUzMDEwNDgzOFow -FjEUMBIGA1UEAxMLQmFkIElQIG1hc2swggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDCuISVQi3csKqYk5uz7IOhY8MXkiqBaTqagihtiM997G1mJhTojcR+ -8DCg3E8OQ3ZajByhxRkwlsR4Srl5sGSwWfF/XaAHGUhWIhjBkDO7toW+EMzI8pAj -cLwIbRlIL0AFnUTe6Z0DcIS5406Y/9MKE2oKXbf4EbVBv88mSkA74Z+lZJWFNxXn -cx/9wq8UdyMY2vHN1Kir1/JbtrqB9wYRBjQtWSbAVZR8nTBPyRp4uvQTS2jOQh+j -TUo1Y3O/o1xg/zRA4FEOUCla704OYRUkc8NuXHiPNNDcktr7gO8E06NVQ6n6aBGa -OJbSst2vHA7Eiog7A2PB4wKn+GDFf+FNAgMBAAGjIDAeMBwGA1UdHgEB/wQSMBCg -DDAKhwgBAgME//8BAKEAMA0GCSqGSIb3DQEBCwUAA4IBAQBYb7/NQwdCE/y40K2B -IfKKb++HvCaKfAC9aAwrGWQsEWezqdl5Cqw5XWUAFjtTRm6iprVnmdvov6IlrgSV -EQk6L96stz24vAF0MIBHSFRMoPtrqLiihLf0NOV7ztxSePQxbUJRroe/lKy+lhb7 -VeV5gmT9rFA45NzLgSznd2+dmyNcfQQD9AeeftRX4maUTeu1XFxinowtg+ZGFOKh -E4D92uCGJxGSK72HF0/LGRhLXozmDdmPfSN2b6T/oLo942031iY46BqcI5LIVh8a -Go4A1jOma5X6gh50Cw+kht8jM3yeNhSzXOKj7Uigjijx10z2wJu09Tyj5ahjoiwI -pdX+ ------END CERTIFICATE-----` - -func TestBadIPMask(t *testing.T) { - block, _ := pem.Decode([]byte(badIPMaskPEM)) - _, err := ParseCertificate(block.Bytes) - if err == nil { - t.Fatalf("unexpected success") - } - - const expected = "contained invalid mask" - if !strings.Contains(err.Error(), expected) { - t.Fatalf("expected %q in error but got: %s", expected, err) - } -} - -const additionalGeneralSubtreePEM = ` ------BEGIN CERTIFICATE----- -MIIG4TCCBMmgAwIBAgIRALss+4rLw2Ia7tFFhxE8g5cwDQYJKoZIhvcNAQELBQAw -bjELMAkGA1UEBhMCTkwxIDAeBgNVBAoMF01pbmlzdGVyaWUgdmFuIERlZmVuc2ll -MT0wOwYDVQQDDDRNaW5pc3RlcmllIHZhbiBEZWZlbnNpZSBDZXJ0aWZpY2F0aWUg -QXV0b3JpdGVpdCAtIEcyMB4XDTEzMDMwNjEyMDM0OVoXDTEzMTEzMDEyMDM1MFow -bDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUNlcnRpUGF0aCBMTEMxIjAgBgNVBAsT -GUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxITAfBgNVBAMTGENlcnRpUGF0aCBC -cmlkZ2UgQ0EgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANLW -4kXiRqvwBhJfN9uz12FA+P2D34MPxOt7TGXljm2plJ2CLzvaH8/ymsMdSWdJBS1M -8FmwvNL1w3A6ZuzksJjPikAu8kY3dcp3mrkk9eCPORDAwGtfsXwZysLiuEaDWpbD -dHOaHnI6qWU0N6OI+hNX58EjDpIGC1WQdho1tHOTPc5Hf5/hOpM/29v/wr7kySjs -Z+7nsvkm5rNhuJNzPsLsgzVaJ5/BVyOplZy24FKM8Y43MjR4osZm+a2e0zniqw6/ -rvcjcGYabYaznZfQG1GXoyf2Vea+CCgpgUhlVafgkwEs8izl8rIpvBzXiFAgFQuG -Ituoy92PJbDs430fA/cCAwEAAaOCAnowggJ2MEUGCCsGAQUFBwEBBDkwNzA1Bggr -BgEFBQcwAoYpaHR0cDovL2NlcnRzLmNhLm1pbmRlZi5ubC9taW5kZWYtY2EtMi5w -N2MwHwYDVR0jBBgwFoAUzln9WSPz2M64Rl2HYf2/KD8StmQwDwYDVR0TAQH/BAUw -AwEB/zCB6QYDVR0gBIHhMIHeMEgGCmCEEAGHawECBQEwOjA4BggrBgEFBQcCARYs -aHR0cDovL2Nwcy5kcC5jYS5taW5kZWYubmwvbWluZGVmLWNhLWRwLWNwcy8wSAYK -YIQQAYdrAQIFAjA6MDgGCCsGAQUFBwIBFixodHRwOi8vY3BzLmRwLmNhLm1pbmRl -Zi5ubC9taW5kZWYtY2EtZHAtY3BzLzBIBgpghBABh2sBAgUDMDowOAYIKwYBBQUH -AgEWLGh0dHA6Ly9jcHMuZHAuY2EubWluZGVmLm5sL21pbmRlZi1jYS1kcC1jcHMv -MDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmxzLmNhLm1pbmRlZi5ubC9taW5k -ZWYtY2EtMi5jcmwwDgYDVR0PAQH/BAQDAgEGMEYGA1UdHgEB/wQ8MDqhODA2pDEw -LzELMAkGA1UEBhMCTkwxIDAeBgNVBAoTF01pbmlzdGVyaWUgdmFuIERlZmVuc2ll -gQFjMF0GA1UdIQRWMFQwGgYKYIQQAYdrAQIFAQYMKwYBBAGBu1MBAQECMBoGCmCE -EAGHawECBQIGDCsGAQQBgbtTAQEBAjAaBgpghBABh2sBAgUDBgwrBgEEAYG7UwEB -AQIwHQYDVR0OBBYEFNDCjBM3M3ZKkag84ei3/aKc0d0UMA0GCSqGSIb3DQEBCwUA -A4ICAQAQXFn9jF90/DNFf15JhoGtta/0dNInb14PMu3PAjcdrXYCDPpQZOArTUng -5YT1WuzfmjnXiTsziT3my0r9Mxvz/btKK/lnVOMW4c2q/8sIsIPnnW5ZaRGrsANB -dNDZkzMYmeG2Pfgvd0AQSOrpE/TVgWfu/+MMRWwX9y6VbooBR7BLv7zMuVH0WqLn -6OMFth7fqsThlfMSzkE/RDSaU6n3wXAWT1SIqBITtccRjSUQUFm/q3xrb2cwcZA6 -8vdS4hzNd+ttS905ay31Ks4/1Wrm1bH5RhEfRSH0VSXnc0b+z+RyBbmiwtVZqzxE -u3UQg/rAmtLDclLFEzjp8YDTIRYSLwstDbEXO/0ArdGrQm79HQ8i/3ZbP2357myW -i15qd6gMJIgGHS4b8Hc7R1K8LQ9Gm1aLKBEWVNGZlPK/cpXThpVmoEyslN2DHCrc -fbMbjNZpXlTMa+/b9z7Fa4X8dY8u/ELzZuJXJv5Rmqtg29eopFFYDCl0Nkh1XAjo -QejEoHHUvYV8TThHZr6Z6Ib8CECgTehU4QvepkgDXNoNrKRZBG0JhLjkwxh2whZq -nvWBfALC2VuNOM6C0rDY+HmhMlVt0XeqnybD9MuQALMit7Z00Cw2CIjNsBI9xBqD -xKK9CjUb7gzRUWSpB9jGHsvpEMHOzIFhufvH2Bz1XJw+Cl7khw== ------END CERTIFICATE-----` - -func TestAdditionFieldsInGeneralSubtree(t *testing.T) { - // Very rarely, certificates can include additional fields in the - // GeneralSubtree structure. This tests that such certificates can be - // parsed. - block, _ := pem.Decode([]byte(additionalGeneralSubtreePEM)) - if _, err := ParseCertificate(block.Bytes); err != nil { - t.Fatalf("failed to parse certificate: %s", err) - } -} - -func TestEmptySubject(t *testing.T) { - template := Certificate{ - SerialNumber: big.NewInt(1), - DNSNames: []string{"example.com"}, - } - - derBytes, err := CreateCertificate(rand.Reader, &template, &template, &testPrivateKey.PublicKey, testPrivateKey) - if err != nil { - t.Fatalf("failed to create certificate: %s", err) - } - - cert, err := ParseCertificate(derBytes) - if err != nil { - t.Fatalf("failed to parse certificate: %s", err) - } - - for _, ext := range cert.Extensions { - if ext.Id.Equal(oidExtensionSubjectAltName) { - if !ext.Critical { - t.Fatal("SAN extension is not critical") - } - return - } - } - - t.Fatal("SAN extension is missing") -} - -// multipleURLsInCRLDPPEM contains two URLs in a single CRL DistributionPoint -// structure. It is taken from https://crt.sh/?id=12721534. -const multipleURLsInCRLDPPEM = ` ------BEGIN CERTIFICATE----- -MIIF4TCCBMmgAwIBAgIQc+6uFePfrahUGpXs8lhiTzANBgkqhkiG9w0BAQsFADCB -8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy -dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 -YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 -dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh -IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD -LUFDQzAeFw0xNDA5MTgwODIxMDBaFw0zMDA5MTgwODIxMDBaMIGGMQswCQYDVQQG -EwJFUzEzMDEGA1UECgwqQ09OU09SQ0kgQURNSU5JU1RSQUNJTyBPQkVSVEEgREUg -Q0FUQUxVTllBMSowKAYDVQQLDCFTZXJ2ZWlzIFDDumJsaWNzIGRlIENlcnRpZmlj -YWNpw7MxFjAUBgNVBAMMDUVDLUNpdXRhZGFuaWEwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQDFkHPRZPZlXTWZ5psJhbS/Gx+bxcTpGrlVQHHtIkgGz77y -TA7UZUFb2EQMncfbOhR0OkvQQn1aMvhObFJSR6nI+caf2D+h/m/InMl1MyH3S0Ak -YGZZsthnyC6KxqK2A/NApncrOreh70ULkQs45aOKsi1kR1W0zE+iFN+/P19P7AkL -Rl3bXBCVd8w+DLhcwRrkf1FCDw6cEqaFm3cGgf5cbBDMaVYAweWTxwBZAq2RbQAW -jE7mledcYghcZa4U6bUmCBPuLOnO8KMFAvH+aRzaf3ws5/ZoOVmryyLLJVZ54peZ -OwnP9EL4OuWzmXCjBifXR2IAblxs5JYj57tls45nAgMBAAGjggHaMIIB1jASBgNV -HRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUC2hZPofI -oxUa4ECCIl+fHbLFNxUwHwYDVR0jBBgwFoAUoMOLRKo3pUW/l4Ba0fF4opvpXY0w -gdYGA1UdIASBzjCByzCByAYEVR0gADCBvzAxBggrBgEFBQcCARYlaHR0cHM6Ly93 -d3cuYW9jLmNhdC9DQVRDZXJ0L1JlZ3VsYWNpbzCBiQYIKwYBBQUHAgIwfQx7QXF1 -ZXN0IGNlcnRpZmljYXQgw6lzIGVtw6hzIMO6bmljYSBpIGV4Y2x1c2l2YW1lbnQg -YSBFbnRpdGF0cyBkZSBDZXJ0aWZpY2FjacOzLiBWZWdldSBodHRwczovL3d3dy5h -b2MuY2F0L0NBVENlcnQvUmVndWxhY2lvMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEF -BQcwAYYXaHR0cDovL29jc3AuY2F0Y2VydC5jYXQwYgYDVR0fBFswWTBXoFWgU4Yn -aHR0cDovL2Vwc2NkLmNhdGNlcnQubmV0L2NybC9lYy1hY2MuY3JshihodHRwOi8v -ZXBzY2QyLmNhdGNlcnQubmV0L2NybC9lYy1hY2MuY3JsMA0GCSqGSIb3DQEBCwUA -A4IBAQChqFTjlAH5PyIhLjLgEs68CyNNC1+vDuZXRhy22TI83JcvGmQrZosPvVIL -PsUXx+C06Pfqmh48Q9S89X9K8w1SdJxP/rZeGEoRiKpwvQzM4ArD9QxyC8jirxex -3Umg9Ai/sXQ+1lBf6xw4HfUUr1WIp7pNHj0ZWLo106urqktcdeAFWme+/klis5fu -labCSVPuT/QpwakPrtqOhRms8vgpKiXa/eLtL9ZiA28X/Mker0zlAeTA7Z7uAnp6 -oPJTlZu1Gg1ZDJueTWWsLlO+P+Wzm3MRRIbcgdRzm4mdO7ubu26SzX/aQXDhuih+ -eVxXDTCfs7GUlxnjOp5j559X/N0A ------END CERTIFICATE----- -` - -func TestMultipleURLsInCRLDP(t *testing.T) { - block, _ := pem.Decode([]byte(multipleURLsInCRLDPPEM)) - cert, err := ParseCertificate(block.Bytes) - if err != nil { - t.Fatalf("failed to parse certificate: %s", err) - } - - want := []string{ - "http://epscd.catcert.net/crl/ec-acc.crl", - "http://epscd2.catcert.net/crl/ec-acc.crl", - } - if got := cert.CRLDistributionPoints; !reflect.DeepEqual(got, want) { - t.Errorf("CRL distribution points = %#v, want #%v", got, want) - } -} - -const hexPKCS1TestPKCS8Key = "30820278020100300d06092a864886f70d0101010500048202623082025e02010002818100cfb1b5bf9685ffa97b4f99df4ff122b70e59ac9b992f3bc2b3dde17d53c1a34928719b02e8fd17839499bfbd515bd6ef99c7a1c47a239718fe36bfd824c0d96060084b5f67f0273443007a24dfaf5634f7772c9346e10eb294c2306671a5a5e719ae24b4de467291bc571014b0e02dec04534d66a9bb171d644b66b091780e8d020301000102818100b595778383c4afdbab95d2bfed12b3f93bb0a73a7ad952f44d7185fd9ec6c34de8f03a48770f2009c8580bcd275e9632714e9a5e3f32f29dc55474b2329ff0ebc08b3ffcb35bc96e6516b483df80a4a59cceb71918cbabf91564e64a39d7e35dce21cb3031824fdbc845dba6458852ec16af5dddf51a8397a8797ae0337b1439024100ea0eb1b914158c70db39031dd8904d6f18f408c85fbbc592d7d20dee7986969efbda081fdf8bc40e1b1336d6b638110c836bfdc3f314560d2e49cd4fbde1e20b024100e32a4e793b574c9c4a94c8803db5152141e72d03de64e54ef2c8ed104988ca780cd11397bc359630d01b97ebd87067c5451ba777cf045ca23f5912f1031308c702406dfcdbbd5a57c9f85abc4edf9e9e29153507b07ce0a7ef6f52e60dcfebe1b8341babd8b789a837485da6c8d55b29bbb142ace3c24a1f5b54b454d01b51e2ad03024100bd6a2b60dee01e1b3bfcef6a2f09ed027c273cdbbaf6ba55a80f6dcc64e4509ee560f84b4f3e076bd03b11e42fe71a3fdd2dffe7e0902c8584f8cad877cdc945024100aa512fa4ada69881f1d8bb8ad6614f192b83200aef5edf4811313d5ef30a86cbd0a90f7b025c71ea06ec6b34db6306c86b1040670fd8654ad7291d066d06d031" -const hexPKCS1TestECKey = "3081a40201010430bdb9839c08ee793d1157886a7a758a3c8b2a17a4df48f17ace57c72c56b4723cf21dcda21d4e1ad57ff034f19fcfd98ea00706052b81040022a16403620004feea808b5ee2429cfcce13c32160e1c960990bd050bb0fdf7222f3decd0a55008e32a6aa3c9062051c4cba92a7a3b178b24567412d43cdd2f882fa5addddd726fe3e208d2c26d733a773a597abb749714df7256ead5105fa6e7b3650de236b50" - -var pkcs1MismatchKeyTests = []struct { - hexKey string - errorContains string -}{ - {hexKey: hexPKCS1TestPKCS8Key, errorContains: "use ParsePKCS8PrivateKey instead"}, - {hexKey: hexPKCS1TestECKey, errorContains: "use ParseECPrivateKey instead"}, -} - -func TestPKCS1MismatchKeyFormat(t *testing.T) { - for i, test := range pkcs1MismatchKeyTests { - derBytes, _ := hex.DecodeString(test.hexKey) - _, err := ParsePKCS1PrivateKey(derBytes) - if !strings.Contains(err.Error(), test.errorContains) { - t.Errorf("#%d: expected error containing %q, got %s", i, test.errorContains, err) - } - } -} - -func TestCreateRevocationList(t *testing.T) { - ec256Priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - t.Fatalf("Failed to generate ECDSA P256 key: %s", err) - } - _, ed25519Priv, err := ed25519.GenerateKey(rand.Reader) - if err != nil { - t.Fatalf("Failed to generate Ed25519 key: %s", err) - } - tests := []struct { - name string - key crypto.Signer - issuer *Certificate - template *RevocationList - expectedError string - }{ - { - name: "nil template", - key: ec256Priv, - issuer: nil, - template: nil, - expectedError: "x509: template can not be nil", - }, - { - name: "nil issuer", - key: ec256Priv, - issuer: nil, - template: &RevocationList{}, - expectedError: "x509: issuer can not be nil", - }, - { - name: "issuer doesn't have crlSign key usage bit set", - key: ec256Priv, - issuer: &Certificate{ - KeyUsage: KeyUsageCertSign, - }, - template: &RevocationList{}, - expectedError: "x509: issuer must have the crlSign key usage bit set", - }, - { - name: "issuer missing SubjectKeyId", - key: ec256Priv, - issuer: &Certificate{ - KeyUsage: KeyUsageCRLSign, - }, - template: &RevocationList{}, - expectedError: "x509: issuer certificate doesn't contain a subject key identifier", - }, - { - name: "nextUpdate before thisUpdate", - key: ec256Priv, - issuer: &Certificate{ - KeyUsage: KeyUsageCRLSign, - Subject: pkix.Name{ - CommonName: "testing", - }, - SubjectKeyId: []byte{1, 2, 3}, - }, - template: &RevocationList{ - ThisUpdate: time.Time{}.Add(time.Hour), - NextUpdate: time.Time{}, - }, - expectedError: "x509: template.ThisUpdate is after template.NextUpdate", - }, - { - name: "nil Number", - key: ec256Priv, - issuer: &Certificate{ - KeyUsage: KeyUsageCRLSign, - Subject: pkix.Name{ - CommonName: "testing", - }, - SubjectKeyId: []byte{1, 2, 3}, - }, - template: &RevocationList{ - ThisUpdate: time.Time{}.Add(time.Hour * 24), - NextUpdate: time.Time{}.Add(time.Hour * 48), - }, - expectedError: "x509: template contains nil Number field", - }, - { - name: "invalid signature algorithm", - key: ec256Priv, - issuer: &Certificate{ - KeyUsage: KeyUsageCRLSign, - Subject: pkix.Name{ - CommonName: "testing", - }, - SubjectKeyId: []byte{1, 2, 3}, - }, - template: &RevocationList{ - SignatureAlgorithm: SHA256WithRSA, - RevokedCertificates: []pkix.RevokedCertificate{ - { - SerialNumber: big.NewInt(2), - RevocationTime: time.Time{}.Add(time.Hour), - }, - }, - Number: big.NewInt(5), - ThisUpdate: time.Time{}.Add(time.Hour * 24), - NextUpdate: time.Time{}.Add(time.Hour * 48), - }, - expectedError: "x509: requested SignatureAlgorithm does not match private key type", - }, - { - name: "valid", - key: ec256Priv, - issuer: &Certificate{ - KeyUsage: KeyUsageCRLSign, - Subject: pkix.Name{ - CommonName: "testing", - }, - SubjectKeyId: []byte{1, 2, 3}, - }, - template: &RevocationList{ - RevokedCertificates: []pkix.RevokedCertificate{ - { - SerialNumber: big.NewInt(2), - RevocationTime: time.Time{}.Add(time.Hour), - }, - }, - Number: big.NewInt(5), - ThisUpdate: time.Time{}.Add(time.Hour * 24), - NextUpdate: time.Time{}.Add(time.Hour * 48), - }, - }, - { - name: "valid, Ed25519 key", - key: ed25519Priv, - issuer: &Certificate{ - KeyUsage: KeyUsageCRLSign, - Subject: pkix.Name{ - CommonName: "testing", - }, - SubjectKeyId: []byte{1, 2, 3}, - }, - template: &RevocationList{ - RevokedCertificates: []pkix.RevokedCertificate{ - { - SerialNumber: big.NewInt(2), - RevocationTime: time.Time{}.Add(time.Hour), - }, - }, - Number: big.NewInt(5), - ThisUpdate: time.Time{}.Add(time.Hour * 24), - NextUpdate: time.Time{}.Add(time.Hour * 48), - }, - }, - { - name: "valid, non-default signature algorithm", - key: ec256Priv, - issuer: &Certificate{ - KeyUsage: KeyUsageCRLSign, - Subject: pkix.Name{ - CommonName: "testing", - }, - SubjectKeyId: []byte{1, 2, 3}, - }, - template: &RevocationList{ - SignatureAlgorithm: ECDSAWithSHA512, - RevokedCertificates: []pkix.RevokedCertificate{ - { - SerialNumber: big.NewInt(2), - RevocationTime: time.Time{}.Add(time.Hour), - }, - }, - Number: big.NewInt(5), - ThisUpdate: time.Time{}.Add(time.Hour * 24), - NextUpdate: time.Time{}.Add(time.Hour * 48), - }, - }, - { - name: "valid, extra extension", - key: ec256Priv, - issuer: &Certificate{ - KeyUsage: KeyUsageCRLSign, - Subject: pkix.Name{ - CommonName: "testing", - }, - SubjectKeyId: []byte{1, 2, 3}, - }, - template: &RevocationList{ - RevokedCertificates: []pkix.RevokedCertificate{ - { - SerialNumber: big.NewInt(2), - RevocationTime: time.Time{}.Add(time.Hour), - }, - }, - Number: big.NewInt(5), - ThisUpdate: time.Time{}.Add(time.Hour * 24), - NextUpdate: time.Time{}.Add(time.Hour * 48), - ExtraExtensions: []pkix.Extension{ - { - Id: []int{2, 5, 29, 99}, - Value: []byte{5, 0}, - }, - }, - }, - }, - { - name: "valid, empty list", - key: ec256Priv, - issuer: &Certificate{ - KeyUsage: KeyUsageCRLSign, - Subject: pkix.Name{ - CommonName: "testing", - }, - SubjectKeyId: []byte{1, 2, 3}, - }, - template: &RevocationList{ - Number: big.NewInt(5), - ThisUpdate: time.Time{}.Add(time.Hour * 24), - NextUpdate: time.Time{}.Add(time.Hour * 48), - }, - }, - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - crl, err := CreateRevocationList(rand.Reader, tc.template, tc.issuer, tc.key) - if err != nil && tc.expectedError == "" { - t.Fatalf("CreateRevocationList failed unexpectedly: %s", err) - } else if err != nil && tc.expectedError != err.Error() { - t.Fatalf("CreateRevocationList failed unexpectedly, wanted: %s, got: %s", tc.expectedError, err) - } else if err == nil && tc.expectedError != "" { - t.Fatalf("CreateRevocationList didn't fail, expected: %s", tc.expectedError) - } - if tc.expectedError != "" { - return - } - - parsedCRL, err := ParseDERCRL(crl) - if err != nil { - t.Fatalf("Failed to parse generated CRL: %s", err) - } - - if tc.template.SignatureAlgorithm != UnknownSignatureAlgorithm && - parsedCRL.SignatureAlgorithm.Algorithm.Equal(signatureAlgorithmDetails[tc.template.SignatureAlgorithm].oid) { - t.Fatalf("SignatureAlgorithm mismatch: got %v; want %v.", parsedCRL.SignatureAlgorithm, - tc.template.SignatureAlgorithm) - } - - if !reflect.DeepEqual(parsedCRL.TBSCertList.RevokedCertificates, tc.template.RevokedCertificates) { - t.Fatalf("RevokedCertificates mismatch: got %v; want %v.", - parsedCRL.TBSCertList.RevokedCertificates, tc.template.RevokedCertificates) - } - - if len(parsedCRL.TBSCertList.Extensions) != 2+len(tc.template.ExtraExtensions) { - t.Fatalf("Generated CRL has wrong number of extensions, wanted: %d, got: %d", 2+len(tc.template.ExtraExtensions), len(parsedCRL.TBSCertList.Extensions)) - } - expectedAKI, err := asn1.Marshal(authKeyId{Id: tc.issuer.SubjectKeyId}) - if err != nil { - t.Fatalf("asn1.Marshal failed: %s", err) - } - akiExt := pkix.Extension{ - Id: oidExtensionAuthorityKeyId, - Value: expectedAKI, - } - if !reflect.DeepEqual(parsedCRL.TBSCertList.Extensions[0], akiExt) { - t.Fatalf("Unexpected first extension: got %v, want %v", - parsedCRL.TBSCertList.Extensions[0], akiExt) - } - expectedNum, err := asn1.Marshal(tc.template.Number) - if err != nil { - t.Fatalf("asn1.Marshal failed: %s", err) - } - crlExt := pkix.Extension{ - Id: oidExtensionCRLNumber, - Value: expectedNum, - } - if !reflect.DeepEqual(parsedCRL.TBSCertList.Extensions[1], crlExt) { - t.Fatalf("Unexpected second extension: got %v, want %v", - parsedCRL.TBSCertList.Extensions[1], crlExt) - } - if len(parsedCRL.TBSCertList.Extensions[2:]) == 0 && len(tc.template.ExtraExtensions) == 0 { - // If we don't have anything to check return early so we don't - // hit a [] != nil false positive below. - return - } - if !reflect.DeepEqual(parsedCRL.TBSCertList.Extensions[2:], tc.template.ExtraExtensions) { - t.Fatalf("Extensions mismatch: got %v; want %v.", - parsedCRL.TBSCertList.Extensions[2:], tc.template.ExtraExtensions) - } - }) - } -} - -func (s *CertPool) mustCert(n int) *Certificate { - c, err := s.getCert[n]() - if err != nil { - panic(err.Error()) - } - return c -} - -// zeroPoolFuncs zeros out funcs in p so two pools can be compared -// with reflect.DeepEqual. -func zeroPoolFuncs(p *CertPool) { - for i := range p.getCert { - p.getCert[i] = nil - } -} diff --git a/tempfork/x509/x509_test_import.go b/tempfork/x509/x509_test_import.go deleted file mode 100644 index b778df261..000000000 --- a/tempfork/x509/x509_test_import.go +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2013 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build ignore - -// This file is run by the x509 tests to ensure that a program with minimal -// imports can sign certificates without errors resulting from missing hash -// functions. -package main - -import ( - "crypto/rand" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "math/big" - "strings" - "time" -) - -func main() { - block, _ := pem.Decode([]byte(pemPrivateKey)) - rsaPriv, err := x509.ParsePKCS1PrivateKey(block.Bytes) - if err != nil { - panic("Failed to parse private key: " + err.Error()) - } - - template := x509.Certificate{ - SerialNumber: big.NewInt(1), - Subject: pkix.Name{ - CommonName: "test", - Organization: []string{"Σ Acme Co"}, - }, - NotBefore: time.Unix(1000, 0), - NotAfter: time.Unix(100000, 0), - KeyUsage: x509.KeyUsageCertSign, - } - - if _, err = x509.CreateCertificate(rand.Reader, &template, &template, &rsaPriv.PublicKey, rsaPriv); err != nil { - panic("failed to create certificate with basic imports: " + err.Error()) - } -} - -var pemPrivateKey = testingKey(`-----BEGIN RSA TESTING KEY----- -MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0 -fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu -/ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu -RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/ -EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A -IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS -tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V ------END RSA TESTING KEY----- -`) - -func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") }