ejson 0.4.0 → 1.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d196aa010f463d032df01e73e296fee007ab032d
-  data.tar.gz: 22256d7a3eb5779e059f94f6d709a78dff3f2aba
+  metadata.gz: edf2ad7b024d89456d694953b6710bd2e6d41761
+  data.tar.gz: 2ea3452b0e34fb1401a078f1cee4b81e0b595ce4
 SHA512:
-  metadata.gz: 0145e7b10b201d63dad67d8ead58debf9c294364070721ab9c0fb481bd5aa4bc96ab0e279945315bb54481cd6806bfec440c8a105768aa3065b286cac66d72e6
-  data.tar.gz: ffc080d94d6fb9bcd353c0195ff83de2c92d75a544ff774aac1fddaa0859e6d989e362d1192cbfdc16db2764ddc1d54f06a758931f2f19a95805381c41f9572f
+  metadata.gz: e7801843e1f8e78e796f43ef8fe4131131351e27777c3aacd66cbba110aafc58a60268c43d91849df3b4d92356940a8493a416f638145730bac4466a92f432c8
+  data.tar.gz: 3c59e675ea9276bf587eb174cb1f62210917683f89ca3d676dd38674bb092404140f5d80034283a6fb127d6e6baffd9cb01069c7fcda0dccd69130d9d8d6d6ef

data/bin/ejson

@@ -1,4 +1,14 @@
 #!/usr/bin/env ruby
+platform = `uname -sm`
 
-require 'ejson/cli'
-EJSON::CLI.start
+dir = case platform
+      when /^Darwin/    ; "darwin-amd64"
+      when /^Linux.*64/ ; "linux-amd64"
+      else
+        puts "Ejson is not supported on your platform."
+      end
+
+bindir = File.expand_path("../../build/#{dir}", __FILE__)
+ENV['PATH'] = "#{bindir}:#{ENV['PATH']}"
+ENV['MANPATH'] = File.expand_path("../../man", __FILE__)
+exec "ejson", *ARGV

data/ejson.gemspec

@@ -1,7 +1,7 @@
 # coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'ejson/version'
+require File.expand_path('../lib/ejson/version', __FILE__)
+
+files = File.read("MANIFEST").lines.map(&:chomp)
 
 Gem::Specification.new do |spec|
   spec.name          = "ejson"
@@ -13,11 +13,8 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://github.com/Shopify/ejson"
   spec.license       = "MIT"
 
-  spec.files         = `git ls-files -z`.split("\x0")
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.files         = files
+  spec.executables   = ["ejson"]
+  spec.test_files    = []
   spec.require_paths = ["lib"]
-
-  spec.add_runtime_dependency "thor", "~> 0.18"
-  spec.add_development_dependency "rake", "~> 10.3.2"
 end

data/lib/ejson/version.rb

@@ -1,3 +1,3 @@
-class EJSON
-  VERSION = "0.4.0"
+module EJSON
+  VERSION = "1.0.0.rc1"
 end

metadata

@@ -1,43 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: ejson
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 1.0.0.rc1
 platform: ruby
 authors:
 - Burke Libbey
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-17 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: thor
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.18'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.18'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 10.3.2
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 10.3.2
+date: 2014-11-26 00:00:00.000000000 Z
+dependencies: []
 description: Secret management by encrypting values in a JSON hash with a public/private
   keypair
 email:
@@ -47,20 +19,17 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- Gemfile
 - LICENSE.txt
-- README.md
-- Rakefile
 - bin/ejson
+- build/darwin-amd64/ejson
+- build/linux-amd64/ejson
 - ejson.gemspec
-- lib/ejson.rb
-- lib/ejson/cli.rb
-- lib/ejson/encryption.rb
 - lib/ejson/version.rb
-- test/ejson_test.rb
-- test/privatekey.pem
-- test/publickey.pem
+- man/man1/ejson-decrypt.1.gz
+- man/man1/ejson-encrypt.1.gz
+- man/man1/ejson-keygen.1.gz
+- man/man1/ejson.1.gz
+- man/man5/ejson.5.gz
 homepage: https://github.com/Shopify/ejson
 licenses:
 - MIT
@@ -76,16 +45,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Asymmetric keywise encryption for JSON
-test_files:
-- test/ejson_test.rb
-- test/privatekey.pem
-- test/publickey.pem
+test_files: []

data/.gitignore

@@ -1,17 +0,0 @@
-*.gem
-*.rbc
-.bundle
-.config
-.yardoc
-Gemfile.lock
-InstalledFiles
-_yardoc
-coverage
-doc/
-lib/bundler/man
-pkg
-rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp

data/Gemfile

@@ -1,4 +0,0 @@
-source 'https://rubygems.org'
-
-# Specify your gem's dependencies in ejson.gemspec
-gemspec

data/README.md

@@ -1,61 +0,0 @@
-# EJSON
-
-EJSON is a small library to manage encrypted secrets using PKCS7 (asymmetric)
-encryption. It provides a simple command interface to manage and update secrets
-in a JSON file where keys are cleartext and values are encrypted.
-
-## Installation
-
-It's on rubygems. Just `gem install ejson` or add it to your `Gemfile`.
-
-## Usage
-
-#### 1) Create a `secrets.ejson`:
-
-    echo '{"a": "b"}' > config/secrets.production.ejson
-
-Keys in this file will remain in cleartext, while values will all be encrypted.
-It can be arbitrarily nested.
-
-#### 2) Encrypt the file:
-
-    ejson
-
-This updates `config/secrets.ejson` in place, encrypting any newly-added or
-modified values that are not yet encrypted. `ejson` is short-hand for `ejson encrypt`.
-
-By default, it uses a public key that you won't be able to decrypt (and
-shouldn't use because we *can* decrypt it!). You can use your own by following
-the "Custom keypair" directions below. Feel free to fork the gem to reference
-your own keypair by default.
-
-#### 3) Decrypt the file:
-
-     ejson decrypt -k ~/.keys/ejson.priv.pem -p config/ejson.pub.pem secrets.production.ejson > secrets.production.json
-     # OR
-     ejson decrypt -i -k ~/.keys/ejson.priv.pem -p config/ejson.pub.pem secrets.production.ejson
-
-Unlike encrypt, decrypt doesn't update the file in-place; it prints the
-decrypted contents to stdout. It also requires access to the private key
-created in step 1. By default, the secrets will be decrypted to stdout,
-but passing the `-i` flag causes them to be overwritten to the input file.
-
-#### See `ejson help` for more information.
-
-## Custom keypair:
-
-We use a single keypair internally; the default public key is fetched from S3
-on each run. However, you can generate your own keypair like so:
-
-    openssl req -x509 -nodes -days 100000 -newkey rsa:2048 -keyout privatekey.pem -out publickey.pem -subj '/'
-
-`publickey.pem` and `privatekey.pem` are created. Move `privatekey.pem`
-somewhere more private, and move `publickey.pem` somewhere more public.
-
-Then you can encrypt like:
-
-    ejson encrypt -p publickey.pem secrets.ejson
-
-If you'd like to fork the gem to reference your own public key, that
-information lives around line 10 of `lib/ejson/cli.rb`.
-

data/Rakefile

@@ -1,7 +0,0 @@
-require "bundler/gem_tasks"
-
-task default: :test
-
-task :test do
-  exec "ruby -I./lib test/ejson_test.rb"
-end

data/lib/ejson/cli.rb

@@ -1,94 +0,0 @@
-require 'thor'
-require 'json'
-require 'ejson'
-require 'net/http'
-
-class EJSON
-
-  class CLI < Thor
-    class_option "privkey", type: :string, aliases: "-k", desc: "Path to PKCS7 private key in PEM format"
-    class_option "pubkey",  type: :string, aliases: "-p", desc: "Path or URL to PKCS7 public key in PEM format",  default: "https://s3.amazonaws.com/shopify-ops/ejson-publickey.pem"
-
-    default_task :encrypt
-
-    desc "decrypt [file]", "decrypt some data from file to stdout"
-    method_option :out, type: :string, default: false, aliases: "-o", desc: "Write to a file rather than stdout"
-    def decrypt(file)
-      ciphertext = File.read(file)
-      ej = EJSON.new(pubkey, options[:privkey])
-      output = JSON.pretty_generate(ej.load(ciphertext).decrypt_all)
-      if options[:out]
-        File.open(options[:out], "w") { |f| f.puts output }
-        puts "Wrote #{output.size} bytes to #{options[:out]}"
-      else
-        puts output
-      end
-    rescue EJSON::Encryption::PrivateKeyMissing => e
-      fatal("can't decrypt data without private key (specify path with -k)", e)
-    rescue EJSON::Encryption::ExpectedEncryptedString => e
-      fatal("can't decrypt data with cleartext strings (use ejson recrypt first)", e)
-    end
-
-    desc "encrypt [file=**/*.ejson]", "encrypt an ejson file in place (encrypt any unencrypted values)"
-    def encrypt(file="**/*.ejson")
-      ej = EJSON.new(pubkey)
-      fpaths = Dir.glob(file)
-      if fpaths.empty?
-        fatal("no ejson files found!", nil)
-      end
-      fpaths.each do |fpath|
-        data = ej.load(File.read(fpath))
-        dump = data.dump
-        File.open(fpath, "w") { |f| f.puts dump }
-        puts "Wrote #{dump.size+1} bytes to #{fpath}"
-      end
-    rescue OpenSSL::X509::CertificateError => e
-      fatal("invalid certificate", e)
-    end
-
-    desc "version", "show version information"
-    def version
-      require 'ejson/version'
-      puts "ejson version #{EJSON::VERSION}"
-    end
-
-    private
-
-    def fatal(str, err=str)
-      raise err if defined?(Minitest)
-      msg = $stderr.tty? ? "\x1b[31m#{str}\x1b[0m" : str
-      $stderr.puts msg
-      exit 1
-    end
-
-    def get_input(file)
-      return File.read(file) if file
-      $stdin.read
-    end
-
-    def pubkey
-      @pubkey ||= _pubkey
-    end
-
-    def _pubkey
-      if options[:pubkey] =~ %r{https://}
-        uri = URI.parse(options[:pubkey])
-        http = Net::HTTP.new(uri.host, uri.port)
-        http.use_ssl = true
-        http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-        req = Net::HTTP::Get.new(URI.parse(options[:pubkey]).request_uri)
-        resp = http.request(req)
-        resp.value # raises on code >399
-        f = Tempfile.new("pubkey")
-        f.write resp.body
-        f.close
-        at_exit { f.unlink }
-        f.path
-      else
-        options[:pubkey]
-      end
-    end
-
-  end
-end
-

data/lib/ejson/encryption.rb

@@ -1,62 +0,0 @@
-require 'openssl'
-require 'base64'
-
-class EJSON
-
-  class Encryption
-    PrivateKeyMissing = Class.new(StandardError)
-    ExpectedEncryptedString = Class.new(StandardError)
-
-    def initialize(public_key, private_key)
-      @public_key_x509 = load_public_key(public_key)
-      if private_key
-        @private_key_rsa = load_private_key(private_key)
-      end
-    end
-
-    ENCRYPTED = /\AENC\[(.*)\]\n*\z/m
-
-    def load(str)
-      if str =~ ENCRYPTED
-        decrypt_string($1)
-      else
-        raise ExpectedEncryptedString
-      end
-    end
-
-    def dump(str)
-      if str =~ ENCRYPTED
-        str
-      else
-        "ENC[#{encrypt_string(str)}]"
-      end
-    end
-
-    private
-
-    def encrypt_string(plaintext)
-      cipher = OpenSSL::Cipher::AES.new(256, :CBC)
-      bin = OpenSSL::PKCS7.encrypt([@public_key_x509], plaintext, cipher, OpenSSL::PKCS7::BINARY).to_der
-      Base64.encode64(bin).tr("\n",'')
-    end
-
-    def decrypt_string(ciphertext)
-      raise PrivateKeyMissing unless @private_key_rsa
-      bin = Base64.decode64(ciphertext)
-      pkcs7 = OpenSSL::PKCS7.new(bin)
-      pkcs7.decrypt(@private_key_rsa, @public_key_x509)
-    end
-
-    def load_public_key(public_key)
-      OpenSSL::X509::Certificate.new(get_pem(public_key))
-    end
-
-    def load_private_key(private_key)
-      OpenSSL::PKey::RSA.new(get_pem(private_key))
-    end
-
-    def get_pem(string)
-      string =~ /^-----BEGIN/ ? string : File.read(string)
-    end
-  end
-end

data/lib/ejson.rb

@@ -1,81 +0,0 @@
-require 'json'
-require 'forwardable'
-require 'ejson/encryption'
-
-class EJSON
-  extend Forwardable
-  def_delegators :@encryption, :load_string, :dump_string
-
-  def initialize(public_key, private_key = nil)
-    @encryption = Encryption.new(public_key, private_key)
-  end
-
-  def load(json_text)
-    Data.new(JSON.load(json_text), @encryption)
-  end
-
-  def serializer
-    @serializer ||= Serializer.new(@encryption)
-  end
-
-  class Serializer
-
-    def initialize(encryption)
-      @encryption = encryption
-    end
-
-    def dump(data)
-      data = Data.new(data, @encryption) unless data.is_a?(Data)
-      data.dump
-    end
-
-    def load(data)
-      Data.new(JSON.parse(data), @encryption).decrypt_all
-    end
-
-  end
-
-  class Data
-    extend Forwardable
-    def_delegators :@data, :[]=
-
-    attr_reader :encryption
-    def initialize(data, encryption)
-      @data, @encryption = data, encryption
-    end
-
-    def dump
-      JSON.pretty_generate(encrypt_all(@data))
-    end
-
-    def encrypt_all(data=@data)
-      case data
-      when Hash
-        Hash[ data.map { |k,v| [k, encrypt_all(v)] } ]
-      when Array
-        data.map { |d| encrypt_all(d) }
-      when String
-        encryption.dump(data)
-      else
-        data
-      end
-    end
-
-    def decrypt_all(data=@data)
-      case data
-      when Hash
-        Hash[ data.map { |k,v| [k, decrypt_all(v)] } ]
-      when Array
-        data.map { |d| decrypt_all(d) }
-      when String
-        encryption.load(data)
-      else
-        data
-      end
-    end
-
-  end
-
-end
-
-

data/test/ejson_test.rb

@@ -1,124 +0,0 @@
-require 'minitest/autorun'
-require 'tempfile'
-
-require 'ejson/cli'
-
-class CLITest < Minitest::Unit::TestCase
-
-  def test_ejson
-    f = Tempfile.new("encrypt")
-
-    f.puts JSON.dump({a: "b"})
-    f.close
-
-    encrypt f.path
-
-    first_run = JSON.load(File.read(f.path))
-    assert_match(/\AENC\[MIIB.*\]\z/, first_run["a"])
-
-    File.open(f.path, "w") { |f2|
-      f2.puts JSON.dump(first_run.merge({new_key: "new_value"}))
-    }
-
-    encrypt f.path
-
-    second_run = JSON.load(File.read(f.path))
-
-    assert_equal first_run["a"], second_run["a"]
-    assert_match(/\AENC\[MIIB.*\]\z/, second_run["new_key"])
-
-    val = JSON.parse(decrypt(f.path))
-    assert_equal({"a" => "b", "new_key" => "new_value"}, val)
-  ensure
-    File.unlink(f.path)
-  end
-
-  def test_inplace
-    f = Tempfile.new("encrypt")
-
-    f.puts JSON.dump({a: "b"})
-    f.close
-
-    runcli "encrypt", "-p", pubkey, f.path
-    encrypted = JSON.load(File.read(f.path))
-    assert_match(/\AENC\[MIIB.*\]\z/, encrypted["a"])
-
-    runcli "decrypt", "-o", f.path, "-p", pubkey, "-k", privkey, f.path
-    decrypted = JSON.load(File.read(f.path))
-    refute_match(/\AENC\[MIIB.*\]\z/, decrypted["a"])
-  ensure
-    File.unlink(f.path)
-  end
-
-  def test_default_key_exists
-    f = Tempfile.new("encrypt")
-
-    f.puts JSON.dump({a: "b"})
-    f.close
-
-    runcli "encrypt", f.path # no pubkey specified
-
-    first_run = JSON.load(File.read(f.path))
-    # We don't have the decryption key to this, and it may change over time,
-    # so just make sure it was encrypted.
-    assert_match(/\AENC\[MIIB.*\]\z/, first_run["a"])
-  ensure
-    File.unlink(f.path)
-  end
-
-  def test_library_is_picky
-    f = Tempfile.new("decrypt")
-    f.puts JSON.dump({a: "b"})
-    f.close
-    assert_raises(EJSON::Encryption::ExpectedEncryptedString) {
-      decrypt(f.path)
-    }
-  ensure
-    File.unlink(f.path)
-  end
-
-  def test_key_strings
-    public_key = File.read(pubkey)
-    private_key = File.read(privkey)
-
-    @enc = EJSON::Encryption.new(public_key, private_key)
-
-    assert_equal public_key, @enc.instance_variable_get(:@public_key_x509).to_s
-    assert_equal private_key, @enc.instance_variable_get(:@private_key_rsa).to_s
-  end
-
-  def test_serializer_api
-    serializer = EJSON.new(pubkey, privkey).serializer
-    data = {'foo' => 'bar'}
-
-    assert_equal data, serializer.load(serializer.dump(data))
-  end
-
-  def test_serializer_safety
-    serializer = EJSON.new(pubkey, privkey).serializer
-    refute serializer.dump('foo' => 'bar').include?('bar')
-  end
-
-  private
-
-  def encrypt(path)
-    runcli "encrypt", "-p", pubkey, path
-  end
-
-  def decrypt(path)
-    runcli "decrypt", "-p", pubkey, "-k", privkey, path
-  end
-
-  def runcli(*args)
-    sio = StringIO.new
-    _stdout, $stdout = $stdout, sio
-    EJSON::CLI.start(args)
-    sio.string.chomp
-  ensure
-    $stdout = _stdout
-  end
-
-  def pubkey  ; File.expand_path("../publickey.pem", __FILE__); end
-  def privkey ; File.expand_path("../privatekey.pem", __FILE__); end
-
-end

data/test/privatekey.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAunMnKCNM9NRDvaANZ3wSBTM7EA4fl3ix/QjwCp3k118n7+Jf
-1DpdBAjqbx0jWVUZHjKan4t4ZHkCTKW4BXGzdEWVkFebYtYdxCm9DAiHFV53RscI
-gVmzrxxpC8Lxa7RApam1iGPK7TXXlkMe+2d3Jij1hZdCHCYT48/DDBRtIEcXCZRg
-nFkoSuvGbGwMBCxVhLTnvveIF5IgBV3la3vPJFfY62Hafuinpsy/hL4108pbrQcq
-oiyb3OgflTe6JrBmA29qqWoCLAW+6XRgcHsOUfTYiBx6XFHQ42SfzQhu+FY57a38
-Q3TkZLOb6abE6t5lsBqnJoE+dL/2WjLkhxQ/jQIDAQABAoIBAErqjBg/nuNdCt79
-mYU0QBVg0WGRGzaEo5fVaIYLjXDQZj6oCfM/hDJj1rbQ0WxKmi4dDS4AH17XlInx
-qHBfkEiu0PrPiLr857bzQme8YXK/o1OIE63NujopQzgbm1+4bKVj/HISDu6jTL2u
-uJsxpplpqcWE0mZ3ElTeHTQUXQizdz12DPn5vgXvtVS0yFFBErE7aAKorRRFoLPq
-OcajLIMODMo6huUAJW7uYR6PT6uwbt3Phc+VLQtdXpCCfLtDJK427G/5uJ/2vnY/
-rLVWConeNZcUDWRuc34agiXA4yjErXdKXJ/yiEdz2pKtAerf+N9VCoIBLBala3oL
-2BeMYY0CgYEA848omruvavfp4dJimdEHj0yTsFFggGHefoJWHG8Cvgyv9avISiAk
-T5gB01pSjpTTGL+Ba2aeSPKgKZcGNjp/F5xzeZzuP2tMxT8bs2FR3y9tGmLnhvF8
-JkKtlHilrGLt4pWh9eF+jiLDDmJE1N3fCU8TtIva+a/M60ZORA5ZSrcCgYEAw/k3
-sJs72xhUhjrNdpzww5dpHYxmoOxhCTyKG1H0r4sQ0Jv9w4K3mrphp/WRygA2LylO
-iCEc+56JJ6l4A6rdSFyV+YRtcdU7TKi9sarMDVBttqWsDkr/bnIIHE+QQhsScEBH
-e7rHE+1NP5rPfDB7ibBJ3QCOCpjHbkhUGAZIU9sCgYBa176RWAepoiY98DaOoIRt
-UmaTkQapW9ec4Ag2OsGPGTRYMWZXH33rogqsRjgcri2+QU+IO5I2KyjJ2maau17D
-87quVXYXeXH87/jpAxeCYzIScWlhz5g6vQv5ILbKgWuw45axGxYU9apDJyv9KXQT
-CMeUw8U88/E+n855W9C6KQKBgGtfKU7+zl2tR+o/X4FEXXmchIAnA7fZqxTHcZek
-YJ6pX+4b+X5cKUKCKa0/k8AMO6O9SwS0t894vgbYCCRiQlk6OQV7tAcxYAsRTNWC
-Ecidr27p+IngN3EI0z7HrO87K/AKl9/HpvlZBAD8Tf/qBFWdG+sVOb2+lU3sHP8I
-uioPAoGAVWyvmQsABl3ydPrvVl4zk3AHm3Bnouy1vM1RchQzXp6OD/u5mNGJ37Ks
-zIgipj/z9xf4J3ii5w0Qnxusq9Zy/6xKO1pgIEhiJUAYcm5jHGC51n7Y+d1NUPe1
-gnJAzuwmvbefN800tmZJtWv7dWSc7whoFsdR1rNwrlZXUoNJzPk=
------END RSA PRIVATE KEY-----

data/test/publickey.pem

@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5jCCAc6gAwIBAgIJAKY1nRwN7afeMA0GCSqGSIb3DQEBBQUAMAAwIBcNMTQw
-MzE0MTc1ODQzWhgPMjI4NzEyMjgxNzU4NDNaMAAwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQC6cycoI0z01EO9oA1nfBIFMzsQDh+XeLH9CPAKneTXXyfv
-4l/UOl0ECOpvHSNZVRkeMpqfi3hkeQJMpbgFcbN0RZWQV5ti1h3EKb0MCIcVXndG
-xwiBWbOvHGkLwvFrtEClqbWIY8rtNdeWQx77Z3cmKPWFl0IcJhPjz8MMFG0gRxcJ
-lGCcWShK68ZsbAwELFWEtOe+94gXkiAFXeVre88kV9jrYdp+6KemzL+EvjXTylut
-ByqiLJvc6B+VN7omsGYDb2qpagIsBb7pdGBwew5R9NiIHHpcUdDjZJ/NCG74Vjnt
-rfxDdORks5vppsTq3mWwGqcmgT50v/ZaMuSHFD+NAgMBAAGjYTBfMB0GA1UdDgQW
-BBTzh5Sf8+voPm2ZI6iHFQ+gItYb6zAwBgNVHSMEKTAngBTzh5Sf8+voPm2ZI6iH
-FQ+gItYb66EEpAIwAIIJAKY1nRwN7afeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADggEBACr61pBSpsz931OUztFcDjm07u+vatM5XE5qAH18BZeKbXzCRz4j
-9cAEYIYrtBdJZj3RLDzKB3Hn38BeuXebb4UlbzPJwIj1klHKH90Nwl84XWBCJqPX
-rsGv7C5EOLAR1w/hxT+K2JC2LDJz9hkuDU1hjX1MeRpnJwXzPbHBQvgYb4lIgaOb
-ikSlcTpkdG5fGafanyZwxDeQsy4tHAUP/jRQ4/Xzkzp0GzuX+v9d+2FXJLyoh6vJ
-Fze3kL1+RH13Fn5NkdTAHpkX9AX0BuLKWslY3I/lusn3x9kPxVQTmTF2WQTVdKDg
-FDvqWYvyLcuiWcfNUdy3EOpKLBKyyan3DZ8=
------END CERTIFICATE-----