logstash-input-tcp 6.0.10-java → 6.2.1-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 877ef458e968d48f3cd99ecd7f6846ac2f371e8c3897a6ed831b86e1f584d245
4
- data.tar.gz: fab3cedbc3b4fab8c5915e219e03cfa6da6ba3aa9bb61d3245e0339535067894
3
+ metadata.gz: 387806978d8a05a020a5f642c6e377a4ebb6b40d73df908a88d99282d0b4e99e
4
+ data.tar.gz: 670952d23fd233413a074c2447b15fb6f04aef532b311edac6dcfc85d9de7299
5
5
  SHA512:
6
- metadata.gz: 6196c01efc835b13d84528bbc780d6915d40adc7e86b7427d5b0e445fef3f9b3df6049301dbeb6f7321510b908dc16910920b50d602a30e6f049461f9fc8509c
7
- data.tar.gz: 41102085f47d341e9db45d8ded793ced779f703102c22929c1382b1047d41269849d8d116e2a73531498b2b9b4430cde135c38a50e29b43aab2e8dc015784231
6
+ metadata.gz: 151d1d001537105d26efbd03cdb603bec2c8e2c5402082b0f66b26bc582c5e601790d5d61e90eea224781b9682b221026daad5d8323bfa1a030e0fbc10c628e7
7
+ data.tar.gz: b290d05bf1c1f3fcb3ac3bc0e9d7d8cc2523b52cd90f0aad848398971026e4bb2e7eba94a5b27ec56ee4e961d33b1672c27992cf5997ffffc81cc5357af53d2b
data/CHANGELOG.md CHANGED
@@ -1,3 +1,19 @@
1
+ ## 6.2.1
2
+ - Fix: restore logic to add the Bouncy-Castle security provider at runtime [#181](https://github.com/logstash-plugins/logstash-input-tcp/pull/181)
3
+ - required to properly read encrypted (legacy) OpenSSL PKCS#5v1.5 keys
4
+
5
+ ## 6.2.0
6
+ - Added ECS Compatibility Mode [#165](https://github.com/logstash-plugins/logstash-input-tcp/pull/165)
7
+ - When operating in an ECS Compatibility mode, metadata about the connection on which we are receiving data is nested in well-named fields under `[@metadata][input][tcp]` instead of at the root level.
8
+ - Fix: source address is no longer missing when a proxy is present
9
+
10
+ ## 6.1.1
11
+ - Changed jar dependencies to reflect newer versions [#179](https://github.com/logstash-plugins/logstash-input-http/pull/179)
12
+
13
+ ## 6.1.0
14
+ - Feat: improve SSL error logging/unwrapping [#178](https://github.com/logstash-plugins/logstash-input-tcp/pull/178)
15
+ - Fix: the plugin will no longer have a side effect of adding the Bouncy-Castle security provider at runtime
16
+
1
17
  ## 6.0.10
2
18
  - bumping dependency commons-io [#174](https://github.com/logstash-plugins/logstash-input-tcp/pull/174)
3
19
 
data/docs/index.asciidoc CHANGED
@@ -70,6 +70,52 @@ event timestamp
70
70
  }
71
71
  }
72
72
 
73
+ [id="plugins-{type}s-{plugin}-ecs_metadata"]
74
+ ==== Event Metadata and the Elastic Common Schema (ECS)
75
+
76
+ In addition to decoding the events, this input will add metadata about the TCP connection itself to each event.
77
+ This can be helpful when applications are configured to send events directly to this input's TCP listener without including information about themselves.
78
+
79
+ Historically, this metadata was added to a variety of non-standard top-level fields, which had the potential to create confusion and schema conflicts downstream.
80
+ With ECS compatibility mode, we can ensure a pipeline still has access to this metadata throughout the event's lifecycle without polluting the top-level namespace.
81
+
82
+ [cols="3,7,5"]
83
+ |=======================================================================
84
+ | Metadata Group | ecs: `v1`, `v8` | ecs: `disabled`
85
+
86
+ .3+|Source Metadata from the TCP connection
87
+ on which events are being received, including
88
+ the sender's name, ip, and outbound port. l|[@metadata][input][tcp][source][name] l|[host]
89
+ l|[@metadata][input][tcp][source][ip] l|[@metadata][ip_address]
90
+ l|[@metadata][input][tcp][source][port] l|[port]
91
+
92
+ .2+|Proxy Metadata from a proxied TCP connection.
93
+ Available when receiving events by proxy and
94
+ `proxy_protocol => true` l|[@metadata][input][tcp][proxy][ip] l|[proxy_host]
95
+ l|[@metadata][input][tcp][proxy][port] l|[proxy_port]
96
+
97
+ .1+|SSL Subject Metadata from a secured TCP
98
+ connection. Available when `ssl_enable => true`
99
+ AND `ssl_verify => true` l|[@metadata][input][tcp][ssl][subject] l|[sslsubject]
100
+ |=======================================================================
101
+
102
+ For example, the Elastic Common Schema reserves the https://www.elastic.co/guide/en/ecs/current/ecs-host.html[top-level `host` field] for information about the host on which the event happened.
103
+ If an event is missing this metadata, it can be copied into place from the source TCP connection metadata that has been added to the event:
104
+
105
+ [source,txt]
106
+ -----
107
+ filter {
108
+ if [@metadata][input][tcp][source] and not [host] {
109
+ mutate {
110
+ copy {
111
+ "[@metadata][input][tcp][source][name]" => "[host][name]"
112
+ "[@metadata][input][tcp][source][ip]" => "[host][ip]"
113
+ }
114
+ }
115
+ }
116
+ }
117
+ -----
118
+
73
119
  [id="plugins-{type}s-{plugin}-options"]
74
120
  ==== Tcp Input Configuration Options
75
121
 
@@ -79,6 +125,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
79
125
  |=======================================================================
80
126
  |Setting |Input type|Required
81
127
  | <<plugins-{type}s-{plugin}-dns_reverse_lookup_enabled>> |<<boolean,boolean>>|No
128
+ | <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
82
129
  | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
83
130
  | <<plugins-{type}s-{plugin}-mode>> |<<string,string>>, one of `["server", "client"]`|No
84
131
  | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
@@ -108,6 +155,20 @@ It is possible to avoid DNS reverse-lookups by disabling this setting. If disabl
108
155
  the address metadata that is added to events will contain the source address as-specified
109
156
  at the TCP layer and IPs will not be resolved to hostnames.
110
157
 
158
+ [id="plugins-{type}s-{plugin}-ecs_compatibility"]
159
+ ===== `ecs_compatibility`
160
+
161
+ * Value type is <<string,string>>
162
+ * Supported values are:
163
+ ** `disabled`: unstructured connection metadata added at root level
164
+ ** `v1`,`v8`: structured connection metadata added under `[@metadata][input][tcp]`
165
+ * Default value depends on which version of Logstash is running:
166
+ ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
167
+ ** Otherwise, the default value is `disabled`.
168
+
169
+ Controls this plugin's compatibility with the https://www.elastic.co/guide/en/ecs/current/index.html[Elastic Common Schema (ECS)].
170
+ The value of this setting affects the <<plugins-{type}s-{plugin}-ecs_metadata,placement of a TCP connection's metadata>> on events.
171
+
111
172
  [id="plugins-{type}s-{plugin}-host"]
112
173
  ===== `host`
113
174
 
@@ -1,7 +1,7 @@
1
1
  # encoding: utf-8
2
2
  require 'java'
3
3
 
4
- class DecoderImpl
4
+ class LogStash::Inputs::Tcp::DecoderImpl
5
5
 
6
6
  include org.logstash.tcp.Decoder
7
7
 
@@ -24,7 +24,7 @@ class DecoderImpl
24
24
  end
25
25
 
26
26
  def copy
27
- DecoderImpl.new(@codec.clone, @tcp)
27
+ self.class.new(@codec.clone, @tcp)
28
28
  end
29
29
 
30
30
  def flush
@@ -41,16 +41,17 @@ class DecoderImpl
41
41
  @tcp.logger.error("Invalid proxy protocol header label", :header => pp_hdr)
42
42
  raise IOError.new("Invalid proxy protocol header label #{pp_hdr.inspect}")
43
43
  else
44
- @proxy_address = pp_info[3]
45
- @proxy_port = pp_info[5]
46
- @address = pp_info[2]
47
- @port = pp_info[4]
44
+ @proxy_address = pp_info[3] # layer 3 destination address (proxy's receiving address)
45
+ @proxy_port = pp_info[5] # TCP destination port (proxy's receiving port)
46
+ @ip_address = pp_info[2] # layer 3 source address (outgoing ip of sender)
47
+ @address = extract_host_name(@ip_address)
48
+ @port = pp_info[4] # TCP source port (outgoing port on sender [probably random])
48
49
  end
49
50
  else
50
51
  filtered = received
51
- @ip_address = channel_addr.get_address.get_host_address
52
- @address = extract_host_name(channel_addr)
53
- @port = channel_addr.get_port
52
+ @ip_address = channel_addr.get_address.get_host_address # ip address of sender
53
+ @address = extract_host_name(channel_addr) # name _or_ address of sender
54
+ @port = channel_addr.get_port # outgoing port of sender (probably random)
54
55
  end
55
56
  @first_read = false
56
57
  filtered
@@ -58,6 +59,8 @@ class DecoderImpl
58
59
 
59
60
  private
60
61
  def extract_host_name(channel_addr)
62
+ channel_addr = java.net.InetSocketAddress.new(channel_addr, 0) if channel_addr.kind_of?(String)
63
+
61
64
  return channel_addr.get_host_string unless @tcp.dns_reverse_lookup_enabled?
62
65
 
63
66
  channel_addr.get_host_name
@@ -5,8 +5,7 @@ require "java"
5
5
  require "logstash/inputs/base"
6
6
  require "logstash/util/socket_peer"
7
7
  require "logstash-input-tcp_jars"
8
- require "logstash/inputs/tcp/decoder_impl"
9
- require "logstash/inputs/tcp/compat_ssl_options"
8
+ require 'logstash/plugin_mixins/ecs_compatibility_support'
10
9
 
11
10
  require "socket"
12
11
  require "openssl"
@@ -61,7 +60,13 @@ require "openssl"
61
60
  # }
62
61
  class LogStash::Inputs::Tcp < LogStash::Inputs::Base
63
62
 
64
- java_import org.logstash.tcp.InputLoop
63
+ java_import 'org.logstash.tcp.InputLoop'
64
+ java_import 'org.logstash.tcp.SslContextBuilder'
65
+
66
+ require_relative "tcp/decoder_impl"
67
+
68
+ # ecs_compatibility option, provided by Logstash core or the support adapter.
69
+ include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
65
70
 
66
71
  config_name "tcp"
67
72
 
@@ -103,7 +108,8 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
103
108
  # Useful when the CA chain is not necessary in the system store.
104
109
  config :ssl_extra_chain_certs, :validate => :array, :default => []
105
110
 
106
- # Validate client certificates against these authorities. You can define multiple files or paths. All the certificates will be read and added to the trust store.
111
+ # Validate client certificates against these authorities. You can define multiple files or paths.
112
+ # All the certificates will be read and added to the trust store.
107
113
  config :ssl_certificate_authorities, :validate => :array, :default => []
108
114
 
109
115
  # Instruct the socket to use TCP keep alives. Uses OS defaults for keep alive settings.
@@ -112,13 +118,6 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
112
118
  # Option to allow users to avoid DNS Reverse Lookup.
113
119
  config :dns_reverse_lookup_enabled, :validate => :boolean, :default => true
114
120
 
115
- HOST_FIELD = "host".freeze
116
- HOST_IP_FIELD = "[@metadata][ip_address]".freeze
117
- PORT_FIELD = "port".freeze
118
- PROXY_HOST_FIELD = "proxy_host".freeze
119
- PROXY_PORT_FIELD = "proxy_port".freeze
120
- SSLSUBJECT_FIELD = "sslsubject".freeze
121
-
122
121
  # Monkey patch TCPSocket and SSLSocket to include socket peer
123
122
  # @private
124
123
  def self.patch_socket_peer!
@@ -133,6 +132,8 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
133
132
  def initialize(*args)
134
133
  super(*args)
135
134
 
135
+ setup_fields!
136
+
136
137
  self.class.patch_socket_peer!
137
138
 
138
139
  # threadsafe socket bookkeeping
@@ -148,10 +149,7 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
148
149
  fix_streaming_codecs
149
150
 
150
151
  if server?
151
- ssl_context = get_ssl_context(SslOptions)
152
-
153
-
154
- @loop = InputLoop.new(@host, @port, DecoderImpl.new(@codec, self), @tcp_keep_alive, ssl_context)
152
+ @loop = InputLoop.new(@host, @port, DecoderImpl.new(@codec, self), @tcp_keep_alive, java_ssl_context)
155
153
  end
156
154
  end
157
155
 
@@ -188,8 +186,8 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
188
186
  proxy_port, tbuf, socket)
189
187
  codec.decode(tbuf) do |event|
190
188
  if @proxy_protocol
191
- event.set(PROXY_HOST_FIELD, proxy_address) unless event.get(PROXY_HOST_FIELD)
192
- event.set(PROXY_PORT_FIELD, proxy_port) unless event.get(PROXY_PORT_FIELD)
189
+ event.set(@field_proxy_host, proxy_address) unless event.get(@field_proxy_host)
190
+ event.set(@field_proxy_port, proxy_port) unless event.get(@field_proxy_port)
193
191
  end
194
192
  enqueue_decorated(event, client_ip_address, client_address, client_port, socket)
195
193
  end
@@ -262,14 +260,24 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
262
260
  end
263
261
 
264
262
  def enqueue_decorated(event, client_ip_address, client_address, client_port, socket)
265
- event.set(HOST_FIELD, client_address) unless event.get(HOST_FIELD)
266
- event.set(HOST_IP_FIELD, client_ip_address) unless event.get(HOST_IP_FIELD)
267
- event.set(PORT_FIELD, client_port) unless event.get(PORT_FIELD)
268
- event.set(SSLSUBJECT_FIELD, socket.peer_cert.subject.to_s) if socket && @ssl_enable && @ssl_verify && event.get(SSLSUBJECT_FIELD).nil?
263
+ event.set(@field_host, client_address) unless event.get(@field_host)
264
+ event.set(@field_host_ip, client_ip_address) unless event.get(@field_host_ip)
265
+ event.set(@field_port, client_port) unless event.get(@field_port)
266
+ event.set(@field_sslsubject, socket.peer_cert.subject.to_s) if socket && @ssl_enable && @ssl_verify && event.get(@field_sslsubject).nil?
269
267
  decorate(event)
270
268
  @output_queue << event
271
269
  end
272
270
 
271
+ # setup the field names, with respect to ECS compatibility.
272
+ def setup_fields!
273
+ @field_host = ecs_select[disabled: "host", v1: "[@metadata][input][tcp][source][name]" ].freeze
274
+ @field_host_ip = ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]" ].freeze
275
+ @field_port = ecs_select[disabled: "port", v1: "[@metadata][input][tcp][source][port]" ].freeze
276
+ @field_proxy_host = ecs_select[disabled: "proxy_host", v1: "[@metadata][input][tcp][proxy][ip]" ].freeze
277
+ @field_proxy_port = ecs_select[disabled: "proxy_port", v1: "[@metadata][input][tcp][proxy][port]" ].freeze
278
+ @field_sslsubject = ecs_select[disabled: "sslsubject", v1: "[@metadata][input][tcp][tls][client][subject]"].freeze
279
+ end
280
+
273
281
  def server?
274
282
  @mode == "server"
275
283
  end
@@ -320,7 +328,7 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
320
328
 
321
329
  socket
322
330
  rescue OpenSSL::SSL::SSLError => e
323
- @logger.error("SSL Error", :exception => e, :backtrace => e.backtrace)
331
+ @logger.error("SSL Error", :message => e.message, :exception => e.class, :backtrace => e.backtrace)
324
332
  # catch all rescue nil on close to discard any close errors or invalid socket
325
333
  socket.close rescue nil
326
334
  sleep(1) # prevent hammering peer
@@ -362,15 +370,33 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
362
370
  @socket_mutex.synchronize{@connection_sockets.keys.dup}
363
371
  end
364
372
 
365
- def get_ssl_context(options_class)
366
- ssl_context = options_class.builder
367
- .set_is_ssl_enabled(@ssl_enable)
373
+ def java_ssl_context
374
+ SslContextBuilder.new
375
+ .set_ssl_enabled(@ssl_enable)
368
376
  .set_should_verify(@ssl_verify)
369
377
  .set_ssl_cert(@ssl_cert)
370
378
  .set_ssl_key(@ssl_key)
371
- .set_ssl_key_passphrase(@ssl_key_passphrase.value)
379
+ .set_ssl_key_password(@ssl_key_passphrase.value)
372
380
  .set_ssl_extra_chain_certs(@ssl_extra_chain_certs.to_java(:string))
373
381
  .set_ssl_certificate_authorities(@ssl_certificate_authorities.to_java(:string))
374
- .build.toSslContext()
382
+ .build_context
383
+ rescue java.lang.IllegalArgumentException => e
384
+ @logger.error("SSL configuration invalid", error_details(e))
385
+ raise LogStash::ConfigurationError, e
386
+ rescue java.lang.Exception => e
387
+ @logger.error("SSL configuration failed", error_details(e, true))
388
+ raise e
389
+ end
390
+
391
+ def error_details(e, trace = false)
392
+ error_details = { :exception => e.class, :message => e.message }
393
+ error_details[:backtrace] = e.backtrace if trace || @logger.debug?
394
+ cause = e.cause
395
+ if cause && e != cause
396
+ error_details[:cause] = { :exception => cause.class, :message => cause.message }
397
+ error_details[:cause][:backtrace] = cause.backtrace if trace || @logger.debug?
398
+ end
399
+ error_details
375
400
  end
401
+
376
402
  end
@@ -21,6 +21,12 @@ Gem::Specification.new do |s|
21
21
 
22
22
  # Gem dependencies
23
23
  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
24
+ s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
25
+
26
+ s.add_runtime_dependency 'logstash-core', '>= 6.7.0'
27
+
28
+ # we depend on bouncycastle's bcpkix-jdk15on being on the class-path
29
+ s.add_runtime_dependency 'jruby-openssl', '>= 0.10.2', '< 0.12'
24
30
 
25
31
  # line vs streaming codecs required for fix_streaming_codecs
26
32
  # TODO: fix_streaming_codecs should be refactored to not
@@ -0,0 +1,14 @@
1
+ -----BEGIN CERTIFICATE-----
2
+ MIICNDCCAZ0CFDeJbri+rGpHPKybNEMIdH/rV8NNMA0GCSqGSIb3DQEBCwUAMFkx
3
+ CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
4
+ cm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4
5
+ MjUxMzAyMzZaFw0yNDEyMDcxMzAyMzZaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQI
6
+ DApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQx
7
+ EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
8
+ v7u9o3mztK8BQ7HiuWs1YJSzpPujs6cYefYDU8AWg6SkDIS/E0SiVoKZmHxcyul+
9
+ t1QEsF3VYEnkKs0jtJQKE6Av0DCMQWA8lXmuEnXI02mDvtL2Kxh4w5x1D5bSRgJP
10
+ Ms9ozN06F5wrMtipUBglwIwQ6HHPywToNMnf5BBZUnECAwEAATANBgkqhkiG9w0B
11
+ AQsFAAOBgQCuh+ytoZKgOEzeLwhfScUvcuDcYJFGkMckO6oUe+/SDTfBN/z5WAhV
12
+ ogBOLOqate4plaP12ZhjE8DUeRy9oN3zKenpskTtXrMz5XH0mclAn8aBig+eOyEj
13
+ 1QMDysipE11d1sx1SIXiIMSKtv6kLV/Y+4aId9/AJHxOYMHxebwSQg==
14
+ -----END CERTIFICATE-----
@@ -0,0 +1,17 @@
1
+ -----BEGIN ENCRYPTED PRIVATE KEY-----
2
+ MIICoTAbBgkqhkiG9w0BBQMwDgQI3TfMa5Qd1D8CAggABIICgFjVn88VPNrjBXiF
3
+ Hw5W8yFFwvoeSd/vVkDcGUiNhQy9A3ra/QmktEHvv1d/rGGLSkPypmx9zJuTNGz9
4
+ eJs7TSgIVBsmRG4UtG20qBifG/XVpN1/6pk1Hp9hbIuSBzNIi+EhdhSEty10oZso
5
+ JwrkTbFS4VAk4ivOWcl0O0HQRkGxlSaKmgYNOebvOLqw4/77BN80AOeZHXBGwYNJ
6
+ vRf8Og5PWqR5XmTJLVQxtB4BcBSPCSkECgOBoFfAeaeE6ei0W7V+LDBBHC7Ql0Dl
7
+ rK3KCyvYywd+Ep58jNQRfDsEglgw7jrN2IIaf2jRhfEiPhwbAnEDlQXsMqAIWS/I
8
+ gwj6NaaZObdX8hDVhz/T7MSnK9O8q2JGM6jhhRQZxo4TUlLB1xnwGZ9uQRljshQy
9
+ OmtQ3KuLZvRML9G8nMtd73vdQ3f0cFBIjPG8QblUMOews8tJA2OMpBXEAZf0go25
10
+ +lI+rk4RKdHvX9kVGDmKoe/KN3xo23usTjcfodhapHQYPqHc3QOx8XNxtcio1I49
11
+ wnS2xICbiEJfnSOBrrjWIivW0wHZG590ZKJ0FnpKEaXXJ2bV8VEyn+mZ4Ef9ITLk
12
+ 9wsOt+68V9xRrsUsvUkkW97POVGZbw0XHf5xZ3ckKiBK41wPuoo2opVc/Qyw+jB0
13
+ cw2Lr/AUzLWZW9w+jmHL1Qr9cydcf2XKBMIoqBFQpJce35bNLTTm8O8K8ZMXEK8g
14
+ WhKLaLRfo4j/pFyuUeHw2pQ7QHRdcYtRHT1GqsQ4AQsXqVYJjwpm1E2ZL001Y+6O
15
+ r/7sJ91jAcv4IwpRS4suaJJydvVQ0qz7xq7B9TvyxZh2f4zbHL+qSe6OQj8Erm1/
16
+ jHkcaB0=
17
+ -----END ENCRYPTED PRIVATE KEY-----
@@ -0,0 +1,11 @@
1
+ -----BEGIN CERTIFICATE-----
2
+ MIIBqjCCARMCFCWVL+Vfx2IIr8d2/GMqsmfzPLD/MA0GCSqGSIb3DQEBDQUAMBQx
3
+ EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4MjUxMDUyNTRaFw0yNDEyMDcxMDUy
4
+ NTRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
5
+ gYkCgYEA8HAsVcCjcolfzYR0siWOAg+xFG4fIahO6PH2Oi0l3zosa4KX2dlt3nFS
6
+ 2PmgG9MNIDfXwI+BoM6QXB7O7Ch/YUhOz4GGDv3ptCjTYWyA9KZBrgLpiBFsCdt+
7
+ DiW7JBbt0OnMJGhVEsZa2Byh3HOxYqkvC2y4fET4OXdj2uX56B0CAwEAATANBgkq
8
+ hkiG9w0BAQ0FAAOBgQAW/tHI3AnyKYsJ9uaqvndUnVTIDHEEPNFE/xMM3mtQiL8f
9
+ qVYPq4V4C1Z5RD2xBI/skPngaZRWmqFrshEz2EccKe8gzdfyGQG89MQAB8QWn4dJ
10
+ bXUcnXO4hcSD4y3SiZYXJYNj37I2qJ2DfYBx7pScGYdjzIr/OJNK5EIGZI1Bvg==
11
+ -----END CERTIFICATE-----
@@ -0,0 +1,18 @@
1
+ -----BEGIN ENCRYPTED PRIVATE KEY-----
2
+ MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIE3AUYJOvgkYCAggA
3
+ MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECO0VArsmaac3BIICgOpQitrzl0AC
4
+ uV2AD2kgBfOUvTVe9jVJZ2Pvawo7IRxZZQl/7wMHfm6uB666OVSOVfKEa6nXJhBn
5
+ JzJYXJHBqzQwgsoGfg25Y6bSvIU8ydkCzwEf2P93cexFCCDJE1B8p1/lxJViEfOq
6
+ 2CujkKgS3YZCet/03qt/ktkx3qBk9dOk6+xCXorUgzjwGL2SzSH7Su1kXoVKTu5/
7
+ TRCPyD552l8kjtyqNngfOu3xcd0+FFF/e/bUe4qX1bpYNza/Cs/AJAoxHhhGag+O
8
+ 26bZ/LTbsN56fM95PvytRvomyj2rMGFJtz1j56R7iYujLUZu7XgCkxq0/t/3mWgX
9
+ 0VxOy0zvppZO0XRky1uwSLPsaopZlPIN6s61JAJciT0O884Hi4citNA0hskOCnJA
10
+ vyy0lGa9goZh/cJKjr7W6w2ZkkPwMOKI6YMIup7Fo+7pfG2h0EDxCZyK2JWVl2n0
11
+ vyKMUNl3yrqDbxTk0vURz9qMx/q2cY6zK6+gi+uvfjvRM4oz3nCREbuVjykvEAXo
12
+ OhmN69CN6f8QwJ6wF4JNtxwwkHy+70dLoQg/FYKIfSbA3aoxpgXtr/2d/vkZYjya
13
+ zjcaIrM/WEoPLFvieMHrOmlRZhbVI9BVjhrAyTmT+sQV+GJ7GJirJpmn06VHz5Ln
14
+ ZNE4+ZSH4ODf+JQdh+LajyI8wQKfh4YMr498i5qHyw/KnKtbPjevbY25uWvEKzce
15
+ RWv9nt7VsSQhXuR2U85yc6sqFQQ01QM9xUdhcVB9Eu7FvloDrC6pgaFIXy3IVcfH
16
+ AJPiyRBv1bNad9wdh/+O5MyoKrhAI37YfH2fEKMdR2QKBEnCs94mjFPLy2Kc9kww
17
+ eVwJJw/VXbE=
18
+ -----END ENCRYPTED PRIVATE KEY-----
@@ -0,0 +1,17 @@
1
+ -----BEGIN CERTIFICATE-----
2
+ MIICrzCCAZcCFCbPEM/VXTgCksFOQPoLuv1Td9seMA0GCSqGSIb3DQEBCwUAMBQx
3
+ EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4MjUwOTM1MDBaFw0yNDEyMDcwOTM1
4
+ MDBaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
5
+ ADCCAQoCggEBAOfAL1NL6pXDkpgWNync+LHLWgrrL18gTrpXjaPjmw6HuiX0te6J
6
+ 1xYPjg6xYown6/SJeXi7LS0GFvlQGuz9dh2n6OtqpjBgHIXBXLtT8dXQszdZDaGu
7
+ U8iTBnjDYADt206Bqe2q3MpKEz6a3D8fHAE/fR/4FM4HAI77W+Bng2XwFKqLYHQC
8
+ ReKAexjxIExWBh/dvm8tUdvVmWyY/CVABQWucmwRNo+RQqktksiNqZCDHkE6CVgx
9
+ oXS8UUIWfz6EWNT6UkeIWRJSVUUECcgRYOTVgkYWBE/5BDsBK9E7ZNL+gWqy6j6h
10
+ 9fSPhK/Xv6XMqdCcOExZsNWFV1j+bt9Wun0CAwEAATANBgkqhkiG9w0BAQsFAAOC
11
+ AQEA5ah44LKyb2LHTr1ePeduoXdVPqwuXik7mL/H6/ZGI1zfSFb0JgjQG822K0s1
12
+ 3QLT15/lndSt8smHCgMTm12i/bO1cwaM93+jpUbOaVILLnfuDprjVMgiBVfz1bdx
13
+ GBz6ISJXe1xaKLBhurDsy/1dzbISoizVIg5mJ1us5BvvdklMjtQ1ymY5210ZYCsk
14
+ YcKBVW3hJ6hoZTHrNw7tI99CeBSOpfg0UaxUNMIy1D95+m4RU2aIykoYhAGfmX+u
15
+ zZR0I16widielJWXNCnh6gXdoNjOgYS0TuNoSfmX2oF7nsC5N1zfynz+tPvoK0ys
16
+ OMFwnJJ5LrPHbQk/RK907gBf5Q==
17
+ -----END CERTIFICATE-----
@@ -0,0 +1,30 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ Proc-Type: 4,ENCRYPTED
3
+ DEK-Info: AES-256-CBC,23BAC38304EB81CEE42C61575CA054CE
4
+
5
+ jR1vKTozeVkx4Nyjb38fj/SSj99MZtboUUHSlUyfDYNgWdhDSli3agFuouxtGoGe
6
+ cWNKcjn73lbxBaAozFGejNo1RQSOaWdKLCXKvvoQTjWg02+9xIL4bQL29Xe4xi7f
7
+ DlsMbcLOrlJZsdAYeL+11vU61yrtIYyPJJFaRh6WLTbVuHH6vUJPYt0Vg77g0L8I
8
+ 8tJtAvFSLeMzonu1LGEa/gXHwNT5TlWERybXxD6JzoigmHx4mGFNo9fz4ZyTPjkR
9
+ OWbOZssFDKUeGJVdssRTPYwjaEg8DOUk7JbFTWlRYa7Re/2SEkIte3PrAxJFLFuV
10
+ LZSIR4Vg/cKmpo4BcNNNHmSyymSS4ZAh3GQiztfqHOqAXxfvBsuO3ZHUYPCIhpqw
11
+ KwwkDjJb4dRygDRC5n4os/mdQW/dBVD4OIaghE4lQApOqc3fxOoD9V0SIipbPPv0
12
+ bjaKyt5pEZYyAMrAd3G1UGPQBWcNl2Hu1Shc30uhJZrzthPy/0BTWao0lpA3fIQD
13
+ Pv4weYOc+5tZsKXSuFQc/Y2fLPF9m1GGTAd+YQlfN8JO9I1GKhl1AL/7eC+Usgl4
14
+ ugXPjIgh5/5+qYqiaYE1HlaNrNh2XxcIR9SC7+jgbliBMOeouEPQ0bPQyvz/44cg
15
+ sv3OoIP3F7lqLP/3oR9AiqrqadsO0WMNWwYdMUFshY3EZLWgdWVcH6JyxD02E/IJ
16
+ tPtZrhIGMADuJWbTj0abQUIxAuYrBm2Vf/+qgY9gKxJcHIZ3nKfrJc100WOILR8P
17
+ 3Ok2WLprASSLiOEkTJ0nvViTtsbgy4DRRhytGNzFEedj50/yRltkb9gdXuVNbmUV
18
+ M7p9YkY4VkF2m43k6sxGXuoAFxAVCLriAGzHLifWkX/xRuxsh93osNhUsg9sMWRd
19
+ bgX5Vcmyr2xhe2UEiQp6glQ6DQg7gofi19jes2iKaw7eMG3pelBvmUKqboARI4Ga
20
+ i8blKaBWZvdmZMBOJ6fx322T+Ii7vvAlCmnWLBxboF5GJ/KiE0i2vrdLTxwI0IZN
21
+ EHFxgfJF3rlLtuvRD8cW1VId9wyOPWPMi/olgE+FdRVlg7+w35cAb9c7Na52c+jj
22
+ G2pxqHgjFoSsofY/iWZ13OQvn6RFUncRS/b+QFz6c2Tp5shMwU+i4BXiuwSj8AvB
23
+ oWfEij7UBpi9o2x4qG3hAeJWM3mg4Nr9MRdv82eEf3tuAPidfXCne/GEN+aIRYeG
24
+ niBZS+kDXtvFgsixGtCU60T4/IXf7FDTWbZ5lN5o0vD6BClReubGd0cYbHTtH7ax
25
+ k4/BAM/PF7dT0sR0zNCd2I7Zkub/CF0+HDAcP94vgV1EcB4XdL7inaZXPTntDRmu
26
+ IZHTVm3satJBt34tAhML1Xqvb8ck02/rhQRdjqWcAOk7gGfKJUwewoH4T558R9uW
27
+ HHEOYCzXy8ckqiDZxJVJ67iZgrCOadWJWtEQPsr1QFxdxuO1J31u50Zzv/nJlrPb
28
+ bmm7fUwszWLX+sM0RGoenvdphicht4gmalMade8N05XzEoOIGth8jYQqFw3s8BKJ
29
+ uZGDC706f0VAGo1dVOvGcNeEOPC3keXkMABbzHFVEzAjH3kfr4rKNCrMx+2Vr/qc
30
+ -----END RSA PRIVATE KEY-----