aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public_key')
-rw-r--r--lib/public_key/asn1/PKCS-7.asn176
-rw-r--r--lib/public_key/src/pubkey_pbe.erl12
-rw-r--r--lib/public_key/src/public_key.erl7
-rw-r--r--lib/public_key/test/pbe_SUITE.erl8
-rw-r--r--lib/public_key/test/pbe_SUITE_data/aes_128_cbc_enc_key30
-rw-r--r--lib/public_key/test/public_key_SUITE.erl67
-rw-r--r--lib/public_key/test/public_key_SUITE_data/pkcs7_ext.pem62
7 files changed, 210 insertions, 52 deletions
diff --git a/lib/public_key/asn1/PKCS-7.asn1 b/lib/public_key/asn1/PKCS-7.asn1
index a6dfd57d80..e76f928acb 100644
--- a/lib/public_key/asn1/PKCS-7.asn1
+++ b/lib/public_key/asn1/PKCS-7.asn1
@@ -78,6 +78,49 @@ signingTime ATTRIBUTE ::= {
SigningTime ::= Time -- imported from ISO/IEC 9594-8
+-- begin added for VCE SCEP-support
+transactionID ATTRIBUTE ::= {
+ WITH SYNTAX PrintableString
+ ID id-transId
+}
+
+messageType ATTRIBUTE ::= {
+ WITH SYNTAX PrintableString
+ ID id-messageType
+}
+
+pkiStatus ATTRIBUTE ::= {
+ WITH SYNTAX PrintableString
+ ID id-pkiStatus
+}
+
+failInfo ATTRIBUTE ::= {
+ WITH SYNTAX PrintableString
+ ID id-failInfo
+}
+
+senderNonce ATTRIBUTE ::= {
+ WITH SYNTAX OCTET STRING
+ ID id-senderNonce
+}
+
+recipientNonce ATTRIBUTE ::= {
+ WITH SYNTAX OCTET STRING
+ ID id-recipientNonce
+}
+
+-- This is the authenticatedAttributes -member from SignerInfo
+-- added here to generate decode/encode functions for it which are
+-- needed to build the pkcs-7 used by SCEP, the resulting encoding are
+-- used to make a signed digest
+SignerInfoAuthenticatedAttributes ::= CHOICE {
+ aaSet [0] IMPLICIT SET OF AttributePKCS-7 {{Authenticated}},
+ aaSequence [2] EXPLICIT SEQUENCE OF AttributePKCS-7 {{Authenticated}}
+ -- Explicit because easier to compute digest on sequence of attributes and then reuse
+ -- encoded sequence in aaSequence.
+ }
+-- end added for VCE SCEP-support
+
-- Also defined in X.509
-- Redeclared here as a parameterized type
@@ -224,12 +267,9 @@ SignerInfo ::= SEQUENCE {
issuerAndSerialNumber
IssuerAndSerialNumber,
digestAlgorithm DigestAlgorithmIdentifier,
- authenticatedAttributes CHOICE {
- aaSet [0] IMPLICIT SET OF AttributePKCS-7 {{Authenticated}},
- aaSequence [2] EXPLICIT SEQUENCE OF AttributePKCS-7 {{Authenticated}}
- -- Explicit because easier to compute digest on sequence of attributes and then reuse
- -- encoded sequence in aaSequence.
- } OPTIONAL,
+ -- Added explicit type for authenticatedAttributes to be able to
+ -- encode/decode this type separately
+ authenticatedAttributes SignerInfoAuthenticatedAttributes OPTIONAL,
digestEncryptionAlgorithm
DigestEncryptionAlgorithmIdentifier,
encryptedDigest EncryptedDigest,
@@ -247,7 +287,15 @@ SignerInfo ::= SEQUENCE {
Authenticated ATTRIBUTE ::= {
contentType |
- messageDigest,
+ messageDigest |
+-- begin added for VCE SCEP-support
+ transactionID |
+ messageType |
+ pkiStatus |
+ failInfo |
+ senderNonce |
+ recipientNonce,
+-- end added for VCE SCEP-support
..., -- add application-specific attributes here
signingTime
}
@@ -384,4 +432,18 @@ signedAndEnvelopedData OBJECT IDENTIFIER ::= { pkcs-7 4 }
digestedData OBJECT IDENTIFIER ::= { pkcs-7 5 }
encryptedData OBJECT IDENTIFIER ::= { pkcs-7 6 }
+-- begin added for VCE SCEP-support
+id-VeriSign OBJECT IDENTIFIER ::= {2 16 us(840) 1 veriSign(113733)}
+id-pki OBJECT IDENTIFIER ::= {id-VeriSign pki(1)}
+id-attributes OBJECT IDENTIFIER ::= {id-pki attributes(9)}
+id-messageType OBJECT IDENTIFIER ::= {id-attributes messageType(2)}
+id-pkiStatus OBJECT IDENTIFIER ::= {id-attributes pkiStatus(3)}
+id-failInfo OBJECT IDENTIFIER ::= {id-attributes failInfo(4)}
+id-senderNonce OBJECT IDENTIFIER ::= {id-attributes senderNonce(5)}
+id-recipientNonce OBJECT IDENTIFIER ::= {id-attributes recipientNonce(6)}
+id-transId OBJECT IDENTIFIER ::= {id-attributes transId(7)}
+id-extensionReq OBJECT IDENTIFIER ::= {id-attributes extensionReq(8)}
+-- end added for VCE SCEP-support
+
+
END
diff --git a/lib/public_key/src/pubkey_pbe.erl b/lib/public_key/src/pubkey_pbe.erl
index 6f0be53db9..460624163b 100644
--- a/lib/public_key/src/pubkey_pbe.erl
+++ b/lib/public_key/src/pubkey_pbe.erl
@@ -66,7 +66,13 @@ decode(Data, Password,"DES-EDE3-CBC" = Cipher, KeyDevParams) ->
decode(Data, Password,"RC2-CBC"= Cipher, KeyDevParams) ->
{Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
- crypto:block_decrypt(rc2_cbc, Key, IV, Data).
+ crypto:block_decrypt(rc2_cbc, Key, IV, Data);
+
+decode(Data, Password,"AES-128-CBC"= Cipher, IV) ->
+ %% PKCS5_SALT_LEN is 8 bytes
+ <<Salt:8/binary,_/binary>> = IV,
+ {Key, _} = password_to_key_and_iv(Password, Cipher, Salt),
+ crypto:block_decrypt(aes_cbc128, Key, IV, Data).
%%--------------------------------------------------------------------
-spec pbdkdf1(string(), iodata(), integer(), atom()) -> binary().
@@ -200,7 +206,9 @@ derived_key_length(Cipher,_) when (Cipher == ?'rc2CBC') or
16;
derived_key_length(Cipher,_) when (Cipher == ?'des-EDE3-CBC') or
(Cipher == "DES-EDE3-CBC") ->
- 24.
+ 24;
+derived_key_length(Cipher,_) when (Cipher == "AES-128-CBC") ->
+ 16.
cipher(#'PBES2-params_encryptionScheme'{algorithm = ?'desCBC'}) ->
"DES-CBC";
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index cdbfe6e07c..a4b6b8ad15 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -118,6 +118,13 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry,
is_list(Cipher) andalso
is_binary(Salt) andalso
erlang:byte_size(Salt) == 8 ->
+ do_pem_entry_decode(PemEntry, Password);
+pem_entry_decode({Asn1Type, CryptDer, {"AES-128-CBC"=Cipher, IV}} = PemEntry,
+ Password) when is_atom(Asn1Type) andalso
+ is_binary(CryptDer) andalso
+ is_list(Cipher) andalso
+ is_binary(IV) andalso
+ erlang:byte_size(IV) == 16 ->
do_pem_entry_decode(PemEntry, Password).
%%--------------------------------------------------------------------
diff --git a/lib/public_key/test/pbe_SUITE.erl b/lib/public_key/test/pbe_SUITE.erl
index 2c9b17478d..b68ffbd5fd 100644
--- a/lib/public_key/test/pbe_SUITE.erl
+++ b/lib/public_key/test/pbe_SUITE.erl
@@ -218,6 +218,14 @@ encrypted_private_key_info(Config) when is_list(Config) ->
[{'PrivateKeyInfo', _, {"RC2-CBC",_}} = PubEntry2] = PemRc2Entry,
KeyInfo = public_key:pem_entry_decode(PubEntry2, "password"),
+ %% key generated with ssh-keygen -N hello_aes -f aes_128_cbc_enc_key
+ {ok, PemAesCbc} = file:read_file(filename:join(Datadir, "aes_128_cbc_enc_key")),
+
+ PemAesCbcEntry = public_key:pem_decode(PemAesCbc),
+ ct:print("Pem entry: ~p" , [PemAesCbcEntry]),
+ [{'RSAPrivateKey', _, {"AES-128-CBC",_}} = PubAesCbcEntry] = PemAesCbcEntry,
+ #'RSAPrivateKey'{} = public_key:pem_entry_decode(PubAesCbcEntry, "hello_aes"),
+
check_key_info(KeyInfo).
diff --git a/lib/public_key/test/pbe_SUITE_data/aes_128_cbc_enc_key b/lib/public_key/test/pbe_SUITE_data/aes_128_cbc_enc_key
new file mode 100644
index 0000000000..34c7543f30
--- /dev/null
+++ b/lib/public_key/test/pbe_SUITE_data/aes_128_cbc_enc_key
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,D64FF97327558643763BE17BD50FDDAD
+
+oS4LbrLbQHPxfQILHl0KPswnkC1QqJ4RX6SkcQGVoYJJkPcavupABDYD1PSJf/MD
+aPiN2OHsYAFLHxa1NGEAH6wKSvgdUJyaQ6jbSBNh9we9p2i3tpMnWsJMCZzXsCQh
+RJj23/cFhb2UsqPM3OH6x6/VxX5VmD9Dnt1iU9b+WS6KdU45zP+QWpRd54uBrFab
+Pw0kW7o84VFH6ahUDnzT8JUIk4P4G43G2F7wrOCbiK6AS0S8sCh5E83MrGEoJ6jB
+NIW4xnLdBOLeV65NTgwWEn7bjLz+8IYSg2/wodjj5GL/ciMgiF+/krdQhzbHJhcm
+dXV3SB/lTyjYUUGYU/3wm10f0iLJLFZxVU70yfV0eKhdYtWdR+2RxZjHvstBTGoI
+BMtcaGwfMBh3wBHjS2M9AVh35DUYQIGW6QATf1VF+chhgESj6Qktkmfe4R9uAhP0
+r8Qkql/lq19K653c6ZIcUIYWvpAQ4Y/Q6Fdd92GY45FQdXYlZ/dXkwdq+ZYAhe6g
+GUNmpwHf5N2a6lgXR3YytPYdhQbYMdy29RjXJsFWJh3sKTxgG/Y+FX2Ua7J1G4IW
+wO6yZgQc9GyYzNn1TpT/TQ32GuHbw0u/oQqbNOJEjE0BTsQelEPpnNnEmkgPqSlI
+3PNtsBvS6antvJ3CiCnmkQlT7/dLR9ym8nU+jo/hrtIStNUrdopCLB4+iUt7tJdz
+jpW3Kc5fWmnGbp1UOXHoOghENfjIN+yUxIx9qCgBmWliY1nncUgzEHM34eGqGdek
+nf6PowS4gIbJmO5Uc+0MwPld5HFou21da2M48FKolp3+CO1mX5MhvMLGVoFqNiE3
+dXYJG4bcMdxZncdaMn+c6ycA9iFTufF/qZPF/rGO5I+gc9M50bJjewbixqXM/LJ5
+1OnP/x7DN1Td3PTjAfjFX9yLWRMIjbihG43Htk5bOifaBtnOYj1e7WMjN8uBx91x
+OCnfC3rngF4B9WmdYEkEvp9QZixbDlp0oh6/4HiRjjDkUfADnKuU/At7dd8sDOGD
+NgaWVskJsulp8d9s3CozM7LmowlNpHV9BvAguckx/B7ZqV10mgAKOqZKk4LDlu2Y
+MgQvSLJfyJsz/1q4z4jcXhYtSuZXXHk9lX9dgCZbQfVGnlsptNuV5KwupV2cz0Vi
+Uh1mwvDXWFNIFwexZi0z27FJ1pKAKK+sf/GFqoAvdmYgYS6d5bmxh68bGZMZ2C6P
+eehHkEZm1pv4CVDxrUTk+bNtqhDXglSdfxR0Xm1QDN95hM0dHq1kDZH6HgD6krJ6
+BBfd7mPRExH3+5JSQXoSUDO8LqP5phxLWKS0B8HDburnP/x9QzBOIKvmtDF1lQEk
+FAI/6Lv8GJ0R7WYd2vFfGeqS94iw1BpmO/xS6WINOFpfwVCBuuYmLEdEWcXJgvy9
+zyaTX/mk1RMXo7I1X7aWviaIF7ykGxs1dJdrxQonwJ3oyTySNl2xf8bziKlqB/Ml
+LDjeMNX91G8fJE0MdKPWd94PUoLN0CutM5sY5yHzwCvJQV9oQ1qvrQYUbnvtCEyQ
+xT+bawt+ODgVb/QnyNeiIyEN5lXc8meJFLr1uMeEwX8WaJ7/KBKGk1V0XqVZTmga
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index c3aa2e2366..f8d167e770 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -46,7 +46,7 @@ all() ->
groups() ->
[{pem_decode_encode, [], [dsa_pem, rsa_pem, encrypted_pem,
- dh_pem, cert_pem, pkcs10_pem]},
+ dh_pem, cert_pem, pkcs7_pem, pkcs10_pem]},
{ssh_public_key_decode_encode, [],
[ssh_rsa_public_key, ssh_dsa_public_key, ssh_rfc4716_rsa_comment,
ssh_rfc4716_dsa_comment, ssh_rfc4716_rsa_subject, ssh_known_hosts,
@@ -188,15 +188,9 @@ dh_pem() ->
[{doc, "DH parametrs PEM-file decode/encode"}].
dh_pem(Config) when is_list(Config) ->
Datadir = ?config(data_dir, Config),
- [{'DHParameter', DerDH, not_encrypted} = Entry] =
+ [{'DHParameter', _DerDH, not_encrypted} = Entry] =
erl_make_certs:pem_to_der(filename:join(Datadir, "dh.pem")),
-
- erl_make_certs:der_to_pem(filename:join(Datadir, "new_dh.pem"), [Entry]),
-
- DHParameter = public_key:der_decode('DHParameter', DerDH),
- DHParameter = public_key:pem_entry_decode(Entry),
-
- Entry = public_key:pem_entry_encode('DHParameter', DHParameter).
+ asn1_encode_decode(Entry).
%%--------------------------------------------------------------------
@@ -204,57 +198,38 @@ pkcs10_pem() ->
[{doc, "PKCS-10 PEM-file decode/encode"}].
pkcs10_pem(Config) when is_list(Config) ->
Datadir = ?config(data_dir, Config),
- [{'CertificationRequest', DerPKCS10, not_encrypted} = Entry] =
+ [{'CertificationRequest', _DerPKCS10, not_encrypted} = Entry] =
erl_make_certs:pem_to_der(filename:join(Datadir, "req.pem")),
-
- erl_make_certs:der_to_pem(filename:join(Datadir, "new_req.pem"), [Entry]),
-
- PKCS10 = public_key:der_decode('CertificationRequest', DerPKCS10),
- PKCS10 = public_key:pem_entry_decode(Entry),
-
- Entry = public_key:pem_entry_encode('CertificationRequest', PKCS10).
-
+ asn1_encode_decode(Entry).
%%--------------------------------------------------------------------
pkcs7_pem() ->
[{doc, "PKCS-7 PEM-file decode/encode"}].
pkcs7_pem(Config) when is_list(Config) ->
Datadir = ?config(data_dir, Config),
- [{'ContentInfo', DerPKCS7, not_encrypted} = Entry] =
+ [{'ContentInfo', _, not_encrypted} = Entry0] =
erl_make_certs:pem_to_der(filename:join(Datadir, "pkcs7_cert.pem")),
-
- erl_make_certs:der_to_pem(filename:join(Datadir, "new_pkcs7_cert.pem"), [Entry]),
-
- PKCS7 = public_key:der_decode('ContentInfo', DerPKCS7),
- PKCS7 = public_key:pem_entry_decode(Entry),
-
- Entry = public_key:pem_entry_encode('ContentInfo', PKCS7).
-
+ [{'ContentInfo', _, not_encrypted} = Entry1] =
+ erl_make_certs:pem_to_der(filename:join(Datadir, "pkcs7_ext.pem")),
+ asn1_encode_decode(Entry0),
+ asn1_encode_decode(Entry1).
+
%%--------------------------------------------------------------------
cert_pem() ->
[{doc, "Certificate PEM-file decode/encode"}].
cert_pem(Config) when is_list(Config) ->
Datadir = ?config(data_dir, Config),
-
- [Entry0] =
- erl_make_certs:pem_to_der(filename:join(Datadir, "dsa.pem")),
-
- [{'Certificate', DerCert, not_encrypted} = Entry7] =
+
+ [{'Certificate', _, not_encrypted} = Entry0] =
erl_make_certs:pem_to_der(filename:join(Datadir, "client_cert.pem")),
- Cert = public_key:der_decode('Certificate', DerCert),
- Cert = public_key:pem_entry_decode(Entry7),
+ asn1_encode_decode(Entry0),
- CertEntries = [{'Certificate', _, not_encrypted} = CertEntry0,
- {'Certificate', _, not_encrypted} = CertEntry1] =
+ [{'Certificate', _, not_encrypted} = Entry1,
+ {'Certificate', _, not_encrypted} = Entry2] =
erl_make_certs:pem_to_der(filename:join(Datadir, "cacerts.pem")),
-
- ok = erl_make_certs:der_to_pem(filename:join(Datadir, "wcacerts.pem"), CertEntries),
- ok = erl_make_certs:der_to_pem(filename:join(Datadir, "wdsa.pem"), [Entry0]),
- NewCertEntries = erl_make_certs:pem_to_der(filename:join(Datadir, "wcacerts.pem")),
- true = lists:member(CertEntry0, NewCertEntries),
- true = lists:member(CertEntry1, NewCertEntries),
- [Entry0] = erl_make_certs:pem_to_der(filename:join(Datadir, "wdsa.pem")).
+ asn1_encode_decode(Entry1),
+ asn1_encode_decode(Entry2).
%%--------------------------------------------------------------------
ssh_rsa_public_key() ->
@@ -720,6 +695,12 @@ pkix_iso_dsa_oid(Config) when is_list(Config) ->
%%--------------------------------------------------------------------
%% Internal functions ------------------------------------------------
%%--------------------------------------------------------------------
+asn1_encode_decode({Asn1Type, Der, not_encrypted} = Entry) ->
+ Decoded = public_key:der_decode(Asn1Type, Der),
+ Decoded = public_key:pem_entry_decode(Entry),
+ Entry = public_key:pem_entry_encode(Asn1Type, Decoded),
+ ok.
+
check_countryname({rdnSequence,DirName}) ->
do_check_countryname(DirName).
do_check_countryname([]) ->
diff --git a/lib/public_key/test/public_key_SUITE_data/pkcs7_ext.pem b/lib/public_key/test/public_key_SUITE_data/pkcs7_ext.pem
new file mode 100644
index 0000000000..d7a1d01fe1
--- /dev/null
+++ b/lib/public_key/test/public_key_SUITE_data/pkcs7_ext.pem
@@ -0,0 +1,62 @@
+-----BEGIN PKCS7-----
+MIILCAYJKoZIhvcNAQcCoIIK+TCCCvUCAQExDjAMBggqhkiG9w0CBQUAMIIFmwYJ
+KoZIhvcNAQcBoIIFjASCBYgwggWEBgkqhkiG9w0BBwOgggV1MIIFcQIBADGCAmQw
+ggJgAgEAMEgwPDELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMRowGAYD
+VQQDDBFWQ19SQlNfU3ViQ0FfVjNfMQIIcw3ZS5VSTIwwDQYJKoZIhvcNAQEBBQAE
+ggIAFW0vd8wY2FJ87KVyUqcdK5uCmnjwC6uPbypDqnL44Fe4iAAiNOvmqt1Crm46
+pg9gOq50NbrRb+PY+UUM7lEUNNKZ61cul2iwGwp6r41l05EbMqgfsNoJkH+bTM8Y
+YhME4sT+AzdmPHIg1PGoM+pAMHzpjcdnaHFSlfSmwq5xfZwWelR2TDz7arO+AKCk
+DVIEnG9qHBrUWvDoT23VDVQQXP5Uja0Nml7B7Jt2RW2EKAiCAYDujkjIWcGy3F3X
+2Q+Nm4K2nJKnkdMI5kS0Eu9uHp24VHn98sEyqn8rDiLFOaj5BskQIVMDN6npssgr
+X4ChmBiVcquaxCoHMqQYGa/Jrd66C8WK2lQH3NpDCsULS+m6Z76bvXDFyL0K6rEP
+sOcn8J91LfB5jXeSvS3vi7zk07M/IwAL03fVKvqiKU65D4859AOgbjkGyytWG1iv
+t7ENh6GYHGJj71L+OlZZH25cJQ/2gGsYs4IYrT6w4Z1X5TscOL/tBiCDdTwcdT0q
++YdkL9ZONouHvgszb9IFvfFErzmmG7jTHwC/TzR0nC8vPog9+y05G4vnD1h7lzH7
+8xDsGrn86gcjYXXRPfc4AxDZfmaM8S0SFmd+O7B24sUKmSyxF3A7OVnb0/rTMuez
+Izoy6RW9WQpCJM5R9k7YFDI5lQI+PiKT8GqzQuFIFXRYwOIwggMCBgkqhkiG9w0B
+BwEwEQYFKw4DAgcECLsGKZ/iQ1HBgIIC4J1lxb/gn6EosJyMrTV8KnJxvD+Garzp
+zmrDNvl9Q7CHmpNLuW3dngU5JcB5dElq7B+j6+RXNkupcrd2dvllAmwfPpFblmNp
+Snsn99TTwDYv4LrpxNCcoIKSm93H28wfszhPv75zD9+/aIy4JK4UwYuv+p5JHfLW
+EhvWO4pxUc2YpB8jiUVKTJJcRohry/lwvXu5s8VjmpoADSflHtAA4DUhFKX2fafu
+Ux7muxbh7xFViNY6laQ/tuZuxxjs2Eb5aWWizO00cyLP2724vFQL+lnvyAvtSmcD
+z2hOeOvvch6sJ4krx/gFznqe/lVksPyJQOj+Or8RTbC26kV4GQwiuGqgp6zhNjYe
+4niPvGxVAFz8Qdv8Zu47fSHgI2nz5YlWuE2NiQ1qtCbMsf2k/NnZrTgx2oZxnZvL
+B2We2D0u6BRZo4XMvGUqOLlGIV5scusv39/sBblJGOwNjtekG/pIRmiHXuI+RQOX
+yr4tLR8clylf/HEMmYn2UVxXXuWsEr6zdBB3u3JhXhq+YmDpYYnTkxZq4nTz7oMY
+MicrF0+iUrun6lIAXEU6yOSPehje5PfZW5PqKlpugKYIQSsbuJ4t/8n/MczHbRk9
+CcIX05OeWUdxRPKYa7Jt8umXnuIqWu7s7uZpbiB/tmuW4Cp16xUv53SgrTm4tiMq
+b7O3ftMmEiFZ+uXds/ODfh7bTe4YlWdyimkCcyI4dcIjLxe+ifx4T+b4LktIc5Pd
+5MHwAN+F1yIWnPxi8Nep9Pnw4HiX/ZkL0jHG0msZgZ60jb1U3LV4w3VI1WrsjvJM
+6M+l7HM3xeTl9posjVQPxb7kyX5s6gDe4IaatPrNYcsDJ4t43v/se/nvlrQtkJzv
+D4S2a9l833kYIC0MvoT8dqJuwySPZxjK0Io69sd6Af1BTGBoSQL75pOntrQUhICl
+/kfjBkG5h6tpJFSZQEReK3Kg9rKIax5VwgQUte2yVu3EYARd3YZ7On+gggMTMIID
+DzCCAfegAwIBAgITAkxY3LTPyvVkS5SUobGvznBgQDANBgkqhkiG9w0BAQUFADBC
+MQswCQYDVQQGEwJTRTERMA8GA1UEChMIRXJpY3Nzb24xIDAeBgNVBAMTF0M4MjYx
+MjQ1ODEuZXJpY3Nzb24uY29tMB4XDTEzMDgyMTE1MTcwM1oXDTE0MDgyMTE1MTcw
+M1owQjELMAkGA1UEBhMCU0UxETAPBgNVBAoTCEVyaWNzc29uMSAwHgYDVQQDExdD
+ODI2MTI0NTgxLmVyaWNzc29uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAPgg9zlAP6Z8vDMq+Ux0mq1RPLLtG2kByeauGvKdzbRLxtiyyKlknFQ8
+jdn8w3NrQiXTYSEcR0eDWjpLiwvkW2WC+lARIHUWQjRJWQIaSQ1lu9rDHlMYr2xm
+6EF6QDgr/9fqkY1IrF/gEAwnNQhT44qCzSr/jqmf5phd5qslzYlpYY97yeEihiCT
+wa/BNl1puS3+ayXI9e73Fpeysd0+TFjgbUwhUZn8kcKnDiynb19cyKzk4F1MQHwu
+QDFUkxtFcKMW8GikjEYy0Gw8CJUPl4SedtwoU4PGhWqgA/vYOPhdP6LfSBhTmU3s
+tUrFxUuMAiRF24JHdTj2bv+huDotWu0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
+PtB1eG9FbriUPD79Kb5uyt15JoROPDBc3voR9HffqDsANyEJ3VPlvAFEyrQzbdnA
+V5slZRR7M5AJBha1K3BIR7Cs74BlCXiiuWi358HnPGsHqqJjKVxlTKJksrRLvUr4
+K2bG1kBniQU/PkSZjB1DbSwAqw4So9BKLbzQFE8888/yETeCIEWnG2YMiRe1GB0r
+P/88QJctNrsT5oLdZ9E4igcAoGna6UR71PJSFCBoJ5WsnofMf44gZr7bgg2szoZr
+KDPnrlsi9SM4nWzTaxSTjEp3397QMwEHosJxwXv/Zy5QyGBDYfynaTRUVS2BwIfo
+AqRdylyrbv/+3NBQxdERRjGCAigwggIkAgEBMFkwQjELMAkGA1UEBhMCU0UxETAP
+BgNVBAoTCEVyaWNzc29uMSAwHgYDVQQDExdDODI2MTI0NTgxLmVyaWNzc29uLmNv
+bQITAkxY3LTPyvVkS5SUobGvznBgQDAMBggqhkiG9w0CBQUAoIGiMBIGCmCGSAGG
++EUBCQIxBBMCMTkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAfBgkqhkiG9w0B
+CQQxEgQQaEUDvpv6H163UM7zAQiMvDAgBgpghkgBhvhFAQkFMRIEEN4FI8tal3of
+ZTXKi1Ny2cswLwYKYIZIAYb4RQEJBzEhEx8yOUFBQjJFNTY5OUY1QjI1QTJEQUI3
+NDlGN0Q0QTFBMA0GCSqGSIb3DQEBAQUABIIBACnR54LqeHZ0u8bSErSnGupEytHK
+xbfShraXl3DFPnIZYs0HUuuriw5/BhkFHBsSXO8Oqm759/UgxOjnCUD2AKHenGoK
+LB0yqLGe/USBs0IkBv6lXg7HJhSDNqAPES6a5iUVIRv+M40Ldob570MKjZhERVPN
+AVSHMJHKmtVTZGt/VqiVk0qqZeV9nqhaSPFyW9pQU0PKep0lFltnwCHUTZiiqHuk
+SIpZFCmIgahAUcl/WrxiW4xC9L5+wBgsuaUU5LqLZwg3AFua0aaDs6NZXpSE0A43
+zm5whhmkVePjnSUUr78AoBRalsBdMkDwLoUZZ1Hhq+/WH+WW7TQ96zm+uzE=
+-----END PKCS7-----
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-07 04:44:27 +0000