logstash-integration-logstash 0.0.3-java → 0.0.4-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d00baaa86ceb845df51e6a51e7690b675849c78c71a60f5a7a8e1419085a20fb
-  data.tar.gz: 1b7f3c00680fd4872dd4ecb23cb99f6fe31534c67214aea873da3e7a91ffa3ab
+  metadata.gz: 27a5393272c2cfde9c75782f701b1751dd1d3b35225876fb54c36f13ba0696b6
+  data.tar.gz: d7d9337f2c85dcaddfbc7ef79723e3993dda720fe407b5b189d8bc9ee4e1570a
 SHA512:
-  metadata.gz: 766dbd186c6f11110fa26dd7434bc11b5c9267fdfe371b9e5cf86c134988f25f2fdb3a140447a23a36d135489fdd2c309ed815879f991ef5b6b7768cc1e02260
-  data.tar.gz: deb1117264de1d90453b5407751d7d8cd40add339d3de8b3bfd0f6b5f33aa87e99c28da96c8e2ea62a40f1b03b2efa3f3462d88d057370d79de5359343761e1f
+  metadata.gz: e4bf91d282d3bfac6a0dae1864db3da98f6ffa02623b9f68eb683d77155d97910b7480442f53a992dda28883a05582e610bc037499b4ed5fcbf51a33b19d65f0
+  data.tar.gz: c6eeb96c776110b415e48d0ce2299f102a3469aaf9673b8870b8e46c02f569c2cf0fd21782a273aa34923673b824730cf128a1569c1e38fdfbc9d831642eb5a9

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 0.0.4
+  - Simplify configuration [#13](https://github.com/logstash-plugins/logstash-integration-logstash/pull/13)
+    - Introduce a default `port` of `9800` for both input and output plugins
+    - BREAKING: Introduce `hosts` config to output plugin, _replacing_ its separate `host` and `port` configurations
+
 ## 0.0.3
   - Doc: Minor doc changes and version bump to facilitate adding integration files to doc build [#14](https://github.com/logstash-plugins/logstash-integration-logstash/pull/14)
 

data/VERSION

@@ -1 +1 @@
-0.0.3
+0.0.4

data/docs/index.asciidoc

@@ -40,7 +40,7 @@ NOTE: You will need a TCP route from the upstream pipeline to the interface that
 ----
 input {
   logstash {
-    port => 8080
+    port => 9800
 
     # SSL IDENTITY <1>
     ssl_keystore_path      => "/path/to/identity.p12"
@@ -53,12 +53,13 @@ input {
 Once the downstream pipeline is configured and running, you may send events from any number of upstream pipelines by adding a `logstash` output plugin that points to the downstream input.
 You may need to configure SSL to trust the certificates presented by the downstream input plugin.
 
+NOTE: Single host endpoint is supported for `hosts`. Multi-host support is coming soon.
+
 [source]
 ----
 output {
   logstash {
-    host => "10.0.0.123"
-    port => 8080
+    hosts => "10.0.0.123:9800"
 
     # SSL TRUST <1>
     ssl_truststore_path => "/path/to/truststore.p12"

data/docs/input-logstash.asciidoc

@@ -23,7 +23,7 @@ include::{include_path}/plugin_header-integration.asciidoc[]
 ==== Description
 
 Listen for events that are sent by a <<plugins-outputs-logstash>> in a pipeline that may be in another process or on another host.
-The upstream output must have a TCP route to the port on an interface that this plugin is bound to.
+The upstream output must have a TCP route to the port (defaults to 9800) on an interface that this plugin is bound to.
 
 NOTE: Sending events to this input by _any_ means other than `plugins-outputs-logstash` is neither advised nor supported.
 We will maintain cross-compatibility with any two supported versions of output/input pair and reserve the right to change details such as protocol and encoding.
@@ -40,7 +40,6 @@ We will maintain cross-compatibility with any two supported versions of output/i
 ----
 input {
   logstash {
-    port => 8080
     ssl_keystore_path
          => "/path/to/logstash.p12"
     ssl_keystore_password
@@ -55,7 +54,6 @@ input {
 ----
 input {
   logstash {
-    port        => 8080
     ssl_enabled => false
   }
 }
@@ -107,7 +105,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 |Setting                            |Input type        |Required
 | <<plugins-{type}s-{plugin}-host>> |<<string,string>> |No
 | <<plugins-{type}s-{plugin}-password>> |<<password,password>>|No
-| <<plugins-{type}s-{plugin}-port>> |<<number,number>> |Yes
+| <<plugins-{type}s-{plugin}-port>> |<<number,number>> |No
 | <<plugins-{type}s-{plugin}-ssl_certificate>> | <<path,path>>|No
 | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-ssl_client_authentication>> | <<string,string>>, one of `["none", "optional", "required"]`|No
@@ -146,7 +144,7 @@ Requires <<plugins-{type}s-{plugin}-username>>.
 ===== `port`
 
 * Value type is a <<number,number>> port
-* There is no default value
+* Default value is 9800
 
 Specify which port to listen on.
 

data/docs/output-logstash.asciidoc

@@ -23,7 +23,7 @@ include::{include_path}/plugin_header-integration.asciidoc[]
 ==== Description
 
 Send events to a <<plugins-inputs-logstash>> in a pipeline that may be in another process or on another host.
-You must have a TCP route to the port on an interface that the downstream input is bound to.
+You must have a TCP route to the port (defaults to 9800) on an interface that the downstream input is bound to.
 
 NOTE: Sending events to _any_ destination other than <<plugins-inputs-logstash>> is neither advised nor supported.
       We will maintain cross-compatibility with any two supported versions of output/input pair and reserve the right to change details such as protocol and encoding.
@@ -40,8 +40,7 @@ NOTE: Sending events to _any_ destination other than <<plugins-inputs-logstash>>
 ----
 output {
   logstash {
-    host => "10.0.0.123"
-    port => 8080
+    hosts => "10.0.0.123:9801"
   }
 }
 ----
@@ -52,8 +51,7 @@ output {
 ----
 output {
   logstash {
-    host => "10.0.0.123"
-    port => 8080
+    hosts => "10.0.0.123:9801"
     ssl_enabled
          => false
   }
@@ -65,15 +63,15 @@ output {
 [id="plugins-{type}s-{plugin}-config-connecting"]
 ===== Configuration Concepts
 
-This output plugin needs to be configured to connect to a <<plugins-inputs-logstash>> by specifying its <<plugins-{type}s-{plugin}-host>> and <<plugins-{type}s-{plugin}-port>>.
-Depending on the downstream plugin's configuration, you may need to also configure SSL and/or credentials.
+This output plugin needs to be configured to connect to a <<plugins-inputs-logstash>> by specifying its <<plugins-{type}s-{plugin}-hosts>>.
+Depending on the downstream plugin's configuration, you may need to also configure the target port, SSL, and/or credentials.
 
 [id="plugins-{type}s-{plugin}-config-ssl-trust"]
 ===== Security: SSL Trust
 
 When communicating over SSL, this plugin establishes trust of the server it connects to before transmitting credentials or events.
 
-It does so by ensuring that the server presents a currently-valid certificate with identity claims matching the <<plugins-{type}s-{plugin}-host>> we are configured to connect to, signed by a trusted signing authority, along with proof-of-possession of the associated private key material.
+It does so by ensuring that the responding server presents a currently-valid certificate with identity claims matching host it is connecting to, signed by a trusted signing authority, along with proof-of-possession of the associated private key material.
 
 The system trust store is used by default.
 You can provide an _alternate_ source of trust with _ONE OF_:
@@ -105,9 +103,8 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 [cols="<,<,<",options="header",]
 |=======================================================================
 |Setting                            |Input type        |Required
-| <<plugins-{type}s-{plugin}-host>> |<<string,string>> |Yes
+| <<plugins-{type}s-{plugin}-hosts>> |<<string,string>> |Yes
 | <<plugins-{type}s-{plugin}-password>> |<<password,password>>|No
-| <<plugins-{type}s-{plugin}-port>> |<<number,number>> |Yes
 | <<plugins-{type}s-{plugin}-ssl_enabled>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-ssl_certificate>> | <<path,path>>|No
 | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |list of <<path,path>>|No
@@ -125,23 +122,39 @@ output plugins.
 
 &nbsp;
 
-[id="plugins-{type}s-{plugin}-host"]
-===== `host`
+[id="plugins-{type}s-{plugin}-hosts"]
+===== `hosts`
 
-* Value type is a <<string,string>> ip address or hostname
-* There is no default value
+* Value type is <<string,string>>
+* There is no default value for this setting.
+* Constraints:
+** When using IPv6, IP address must be in an enclosed in brackets.
+** When a port is not provided, the default `9800` is used.
 
-Specify which host to connect to by providing its ip address or resolvable hostname.
+A downstream input {ls} host or IP address to connect.
 
-NOTE: when using SSL, the server that responds must present a certificated with identity claim matching this host name or ip address.
+NOTE: Single host endpoint is supported for `hosts`. Multi-host support is coming soon.
 
-[id="plugins-{type}s-{plugin}-port"]
-===== `port`
+Host can be any of IPv4, IPv6 (in enclosed bracket) or host name, examples:
 
-* Value type is a <<number,number>> port
-* There is no default value
+* `"127.0.0.1"`
+* `"127.0.0.1:9801"`
+* `"ds.example.com"`
+* `"ds.example:9802"`
+* `"[::1]"`
+* `"[::1]:9803"`
+* `"[2001:0db8:85a3:0000:0000:8a2e:0370:7334]"`
+* `"[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:9804"`
 
-Specify which port to connect to.
+When connecting, communication to downstream input {ls} is secured with SSL unless configured otherwise.
+
+[WARNING]
+.Disabling SSL is dangerous
+============
+The security of this plugin relies on SSL to avoid leaking credentials and to avoid running illegitimate ingest pipeline definitions.
+============
+
+NOTE: when using SSL, the server that responds must present a certificated with identity claim matching this host name or ip address.
 
 [id="plugins-{type}s-{plugin}-password"]
 ===== `password`
@@ -244,7 +257,7 @@ Password for the <<plugins-{type}s-{plugin}-ssl_truststore_path>>
 
 * Value type is <<string,string>>
 * The supported modes are:
-** `full`: verifies that a certificate provided by the client has an identity claim matching <<plugins-{type}s-{plugin}-host>>, is signed by a trusted authority (CA), is within its valid date range, and that the client has possession of the associated key.
+** `full`: verifies that a certificate provided by the client has an identity claim matching <<plugins-{type}s-{plugin}-hosts>>, is signed by a trusted authority (CA), is within its valid date range, and that the client has possession of the associated key.
 ** `none`: performs no validation of the presented certificate
 
 * The default value is `full`.

data/lib/logstash/inputs/logstash.rb

@@ -13,7 +13,7 @@ class LogStash::Inputs::Logstash < LogStash::Inputs::Base
   config_name "logstash"
 
   config :host,     :validate => :string,   :default => "0.0.0.0"
-  config :port,     :validate => :number,   :required => true
+  config :port,     :validate => :number,   :default => 9800
 
   # optional username/password credentials
   config :username, :validate => :string,   :required => false

data/lib/logstash/outputs/logstash.rb

@@ -4,14 +4,28 @@ require 'logstash/outputs/base'
 require 'logstash/namespace'
 
 require "logstash/plugin_mixins/plugin_factory_support"
+require "logstash/plugin_mixins/validator_support/required_host_optional_port_validation_adapter"
 
 class LogStash::Outputs::Logstash < LogStash::Outputs::Base
+  extend LogStash::PluginMixins::ValidatorSupport::RequiredHostOptionalPortValidationAdapter
+
   include LogStash::PluginMixins::PluginFactorySupport
 
   config_name "logstash"
 
-  config :host,     :validate => :string,   :required => true
-  config :port,     :validate => :number,   :required => true
+  # Sets the host of the downstream Logstash instance.
+  # Host can be any of IPv4, IPv6 (requires to be in enclosed bracket) or host name, the forms:
+  #     `"127.0.0.1"`
+  #     `"127.0.0.1:9800"`
+  #     `"foo-bar.com"`
+  #     `"foo-bar.com:9800"`
+  #     `"[::1]"`
+  #     `"[::1]:9000"`
+  #     `"[2001:0db8:85a3:0000:0000:8a2e:0370:7334]"`
+  #
+  # NOTE: `hosts` naming is intentional and multi-host support is planned.
+  #
+  config :hosts, :validate => :required_host_optional_port, :required => true
 
   # optional username/password credentials
   config :username, :validate => :string,   :required => false
@@ -31,7 +45,7 @@ class LogStash::Outputs::Logstash < LogStash::Outputs::Base
   config :ssl_verification_mode,       :validate => %w(full none), :default => 'full'
 
   # SSL:TRUST:SOURCE ca file
-  config :ssl_certificate_authorities, :validate => :path,         :list => true
+  config :ssl_certificate_authorities, :validate => :path, :list => true
 
   # SSL:TRUST:SOURCE truststore
   config :ssl_truststore_path,         :validate => :path
@@ -83,10 +97,12 @@ class LogStash::Outputs::Logstash < LogStash::Outputs::Base
     logger.debug('inner HTTP output plugin has been closed')
   end
 
+  DEFAULT_PORT = 9800.freeze
+
   def inner_http_output_options
     @_inner_http_output_options ||= begin
       http_options = {
-        'url' => "#{@ssl_enabled ? 'https' : 'http'}://#{@host}:#{@port}",
+        'url'                  => construct_host_uri.to_s,
         'http_method'          => 'post',
         'retry_non_idempotent' => 'true',
 
@@ -119,6 +135,15 @@ class LogStash::Outputs::Logstash < LogStash::Outputs::Base
     end
   end
 
+  def construct_host_uri
+    scheme = @ssl_enabled ? 'https'.freeze : 'http'.freeze
+    host_port_pair = @hosts # Struct(:host, :port)
+    uri = LogStash::Util::SafeURI.new(host_port_pair[:host])
+    uri.port = host_port_pair[:port].nil? ? DEFAULT_PORT : host_port_pair[:port]
+    uri.update(:scheme, scheme)
+    uri.freeze
+  end
+
   def ssl_identity_options
     if @ssl_certificate && @ssl_keystore_path
       fail(LogStash::ConfigurationError, 'SSL identity can be configured with EITHER `ssl_certificate` OR `ssl_keystore_*`, but not both')

data/logstash-integration-logstash.gemspec

@@ -25,6 +25,7 @@ Gem::Specification.new do |s|
 
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 2.1.12", "<= 2.99"
   s.add_runtime_dependency "logstash-mixin-plugin_factory_support", "~> 1.0"
+  s.add_runtime_dependency "logstash-mixin-validator_support", "~> 1.1"
   s.add_runtime_dependency "logstash-codec-json_lines", "~> 3.1"
 
   s.add_runtime_dependency "logstash-input-http", ">= 3.7.0"  # some params not available in older versions because they are renamed, such as `cacert` to `ssl_certificate_authorities`

data/spec/fixtures/certs/generated/client_from_root.key.pem

@@ -1,52 +1,52 @@
 -----BEGIN PRIVATE KEY-----
-MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDLuw56wRPNi/Jg
-biecPioyhkKX0MbgLha08uvUfo+rWr22+3/gK8CO9FlOmiXvjuQEibLUcgy9pxgU
-8SKtnUj7u+kTO4/CUTe4DglyMrb/Ayuzh+B4jRzNQycI7Hgku34OyCb0Po5Ne8fv
-0GOQsBpL+Fvviouql3km71gcXQg1eD29hlE+bES0f7wDSGuVdBFOwiG0ugJUD3SE
-CnsTNntQAC/+uUCdfAMGVlJjJaXx1irGIJZsiZdYbsmwh49qJx5aKj2y156UOFwj
-jVrZXjSsyVQ8uIEkac0j+cCxrtZ/SfzhyInNUPvKdP6Y+vlGRzOcJjnYcf96Z1uf
-E+kVIIWAv8/0kDelr6Wd7AnLh8Zm9jJGQ2QGTt2nGs6c+g5scm5FEDO8IiEKmc4z
-YYz4uXaGdunHOju31JtK7+TDjyTNlMp0t1oRuTkL9VNf/JDsVIqFZiNP8gUVWLfd
-jfR4VNuhWOur+etMuyf+TtGk6ZOfnHWqbw8unzhlXHVifgSv9sS7YQCdiyN94d45
-DLZxFjeddeyf3/ARZZdPJ1/sbapxyqRWyCe+kc/LZXT9P9cHOIjVWpe2dAwR6QLL
-90NLWvRqG3RCHKIriXqUrzAYXKJetKXa4QNJFBXIXHztlrSNSrJy4bQA4KJWrvCC
-sL+V27tPKC5Zrez2adhoEmZBI8bZbwIDAQABAoICACZb6HyFaQidDnxIkU2ySLit
-ndE+3ossMltMl8mxMLTXR3wx+2BGbKGd8UjC7lyeH2GZWaH1fV+iG/8pbdmZkTnQ
-pjBYWReBukd94Rpu4RS/0JUjgsi/7Qna2HkuKOrloHUBC5CWTK3bHgiRyIVgGvtt
-3kWKZQSwM3/4tbLVc2u54YoTRa3GreL8X/aQRq1jprSZCcag9TpFlK8d2BGEgxBL
-kL3ZvIhKZrllPGrtlkKkC/a1AQ2blHLynSgPRhn7FpRseqR3Q6Ttva91+IKP4cQc
-vi8WoD4ua5EX/8eUv09FK4eJfiS52EbE44EDVDb+xgFjEyYlRLCT0GTx10OClZAT
-zXTrSUP10GMGWY6hZ9s2ADmnk71wIbIqp441AyDb99/GUyZEXEI3fweFSAPGBxEx
-uqwG0qbcV1m7CI+apxuGZXU1Vy5cBq4dUsDSJm/qtecf7o57ckViaRORW0ewGYY3
-XVSN6WBk8kQVRaLzHwFRJFatuArkGPl5TbQm1g6PZYZB+Jf5Tc2lSQe4yC+AFSvJ
-QYwBAXQH5dik9sQWB0+RGct9Q1rSV+mKybpJHBVH5o9gwh1ZOaKT35thdGCAEd/o
-PbYGoVPqPNSnqPxWvoAT09icV9yh5B6XjRcFkjzmKk9FF33G/QbpkbwH5PZUsfab
-wyh4cttWtm+n90MlC/aZAoIBAQDlSwzHlirVvx99d4iQD2OiaZzG4Zq8mJWnK6Tj
-a11/OPdA6tmrztlZt8LG2hIKL5+citGALnzPO5zma0/Vx0JfbhaP8bniUI1NOFCw
-Lg/QxWjNF0TdmE7+0ddmuh3nGB6Y0bHGoeJTKpl9gKg88iRkToV6PiWRNPQwBgYW
-Zai0lyiGLWctrasUZJILaVoctbghzjsgRBl7/U4IQQFjJpsM1Gz12JpuzuwbOvq9
-LXMWvOKBHJKIuVEr+uYSXCF9d1Abp9zOTM6SdzK5p5hARh74kJ0N6u9cHPbHPf1/
-pmfUsc8IOgzHtRggJkmAUHzSVRzjxXHIpk1bndmHF5WJugO5AoIBAQDjdcwk/Wbp
-iTNjKLxLEvqzIrK4/MLlQ08U+gNvb1R4Gs5HDh5bVwECfI2fPdaoP0sqfwnxuIzl
-kK5psKpq4KBJZE0Vdtnfnu9/BS4BSg7FEAUbIivL+SiiJgw+YlH6I8R03R6YSBeH
-MGXv6aexGkH3dmOOrXFSum8f0Ujpp7vODGL447+VcvDUyN9N5hFWIEbD90f+PmVH
-uFhX4n5FpPK1nB4/Fe5mRMmy/YBfKF9X2swZW/oeXBUdH9A2gOfR93bWPa+qEQ4D
-X3pjXzxjyyG333/QndKk4UrqKDLD/eG8g99kyG3uUVZcvHoSIk+OEPQbO6ncmOSg
-nAlSw8VfaypnAoIBAF+NcgruknU2y3muyZM3Ro8VMgdTVveHIr5imrlHMdRluews
-sn89mSghQyM5F1F1XS+QThP7y3lU32LKj5+IBSndp7tewdcFOI1YjY+N8ntO+QiW
-zNUHtsvMSNZ/cxyt2XpX0Jz1M2rzErnRVsrnIbFHY6p4oZEsnyIwMHM+9Bol7/ZS
-j2/isqux6Yal5a6XL9+uoMcmefRIsC8SX/Cg0vZ6w9mD5X+N7ai/YGRbv11XY5Do
-hkxB5gjM6vn1uOMfSJvtzT+PlHpHADWMGQ+X6SouobR+Fjetvk1zkOOURirF2oAU
-KOVEm4QyUGkPoaTJYVuuGWfDnfMzCcaZVnDpuskCggEAcuT9yXF2mmCDZIMfGYzs
-ta/BN0/14nitaZsgQRmrQT/JEns/OkQobmkb4GQMGdBe14h0LXVbNlpuv1RNwM7W
-KDxR85WlWB+gOjkTk/MkosYEzj/kf5PLwpwVcy2W2xNWGPHYknNX7yGzXAxaeEsb
-JzTV9SwHIhKqLxg4DE59vwbit3XTQFpe7BzLLz4XY7nKBRLTeslpv2COv1XZErTP
-JI1HefZKBb6ZY6BJR8fM4UPT9LtRDCTXRW7cbauPba/ihzWBlhYnTezclXV1u7LP
-xWFP3sDZtg9XGBBWFEoZzG+QWAgl/0t2pEFQJ/jM1qYZp+frVVKlqbsnunbJK/ml
-4QKCAQAyetifmOjcx3nzX/j+v0JYtZ4tUcPOVcUvKxg9lCaKCpx4z5+9uNi6oIT+
-0YoBsOAXPXJ6+Wvvp0SH55E/gN+OSNnIcr5Wl6B+HLPYxFGoGVAdoaD7y4R7Szea
-dpjx6Mj0tk1jPCEcckhylHobrV4X22QfjU7v1Ha6R0qrtEK9+XHtckKCApqJzcI9
-+/eNCSl1maOzotu0rhQ11aivkdDzlfOK70qUjZLskYU0Gmw5A2mh57KYAdVeVmwW
-caiFH4LFJ9UZEsMj+EA333Tk4MPaEDi3NqxuKgrfvrT5rNXhgy/HgyaXUMYloFCz
-xUKu1zX8CNNJGBd63eLC0TC4pzXG
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDN6cNsA43zDVMD
+u7UQt8rejwFHvE2lCIPKQW0cUaunm1jQiWTtiTzpUDkLQM2j+t1Q56UJ7Z/zjBr3
+44f2yF9GB8+oOtmoP30xt/+vvyewL4i1i/63189TP5O7eGDw8kj+hyDuvNDvulq1
+1YddXPdXRLWjG6zXbmP3iOL/jjzNiMVNLOR7q3nFcpikYZYA9KZDE1qivb6vaASm
+p9E098r4P1MfJlfSw5H8wPUA4sxtU5Ob2mzCGx8Coi5N8ZUlYAQw9S4gwLnGvt77
+xpltMM/VMPz90OvP20bNf3hAvW3Zvv7DkHvlaaW1kLTVFob96UKSlcxum3wHB93y
+GZbYqyqoewIaRglO2OS9Mu1YpKKqk5pr7S6pFcpRPHQjFF0eVJpyBUGUuIOxOsUC
+Ex6VJK7vlmAruMCuJwsAOXjwYcNr0AHJOv9jGnrba9N9jvr1gEpx8sG83upLKAl/
+uNnhsVYhSo8rOhw40VzOqJYjeDic2UAjfIgbz3mVJ8nD/h7gxOiGfGuYVUhIbOw1
+GyKXUPjobdu3tkO+TofYgNbF2TdJWZHHiSE8wz4eaB0UIUa1lIWdsF1Cwz0xIJe/
+46Rf5pQcHxND81MIwPVkK4WuYAqbQ+JwOZIMIStZdG9Lh2aPlfsZqHwupNPfkZM/
+SgFM7cZkU443hs0NW0i0LhsSslsA0QIDAQABAoICABj5qo9WWwhI7HG+eba+ZCfc
+do5J460JvFpy1xYhPc3FhN8+WvSIuc+ewFyCDq8+BUwD3Lu4i7cRnk/E1D/1i8DF
+v8Uq5i2HDdtS8vtRFzJCgbVrdoi771SsmHGbpz5yVLIyl6b9VeZN1yTI8nM7jHCU
+T+epuqwiopNqkgXnLa7MUQoMUOZDJTDytlrxzyzsf6IRHeQxWYiS+EVyg2iGSaMU
+ozNbBjn1KKbcjJr/50W3Zmb39ksQ2RELtMwVaj6vR7LceizU03OswQUO0Jsy2XKF
+T5pFleSPNyZDuMU5dLJ9fQ8hXjW0O7orBBP4eIUhnsaCztn3l/KOXLg5rFc5Y6H1
+5awWy6hfuThbQ2MTbbEUOvcktQJkGrN3eeEl/RcbusSCWRU+ptzsubi3esG2EVYx
+I/KJDd6zXtl4UYEsbtDMMoG02Hz8uU9QTrtbOrh9ByOCE4s6BrTL4K3ErFzVgG1+
+0ilNk0qSFf88/QBH/ofo/cRXS/It05LH0xIjxUoO1DxabsmCoRlFeZujteRNRYGC
+RwVX8mFp9TEJ4mlmJOAEtx+oU7dhT7q082q5oZgOmt3rbII5GsmRyvlFNGRoUwQe
+OowjO6PgF0/d/pTXY0hN+pb6C/q/dP91s2dMZxntuTM8GP4oNnifeOVcXJ5p3rwz
+F2CFmCVUHxjMezk4AnNBAoIBAQD7Mevw5+gPXI29jDUKSkcY7SsqbJYMDd6/K50q
+PWssaNQeebrGo7nUrUYIrn7Np/rzBWQd22aKVFoec7fF6c/yRB5hHedkHoBmkI+7
+dhFSTfF/R8XMmxRrnh68GqezKiaB3ECF37111WNtvjNVAJZFXftfmI/ifov8yhJO
+2F1wO6+86Y/dQUZmrn8LyzXXjcUlVv7x76PjydTYJB5aXPTLQn1ABQD+rABs6KvL
+2m77vwS6X+6r+4jIwdJFuRjgao10dTucyFcs1Jmm/L/twv980xpt2HKa6QZ+emj+
+CGN+cuCpVTnrMEWr0pnxFMNV39RHYY1EsjWTnGil7/aYMACpAoIBAQDR2hnFPsys
+LH6KCAQcsAj8G8UBnjHKWmVYCvVp3+Xi3BqhAUEbYlCe6g2cP4w3j6Bn5iy6zEvb
+A1W3N4rMevtzfFut2ZDtxsr6gN7iXP9/chDqy6DGb5X7AuJP/lUldC8cDqpuRGZQ
+uM+1/SigNrVWzOP27Jm/xbdrBxo6a7c1rybadZJLTooCSKAFb+u59tG/FNIMkuyT
+8g7lbC4QSH/aX8RtAdWk2FL4JCeAupOwnDLL2en8n1I1GdCgWGbJoonT6lCtodBH
+aLT2Zf50FEh8ec6sjTo3Ao9remh8Fh5ID7Yzivo5w4WcJYztbF4Ztyd7hZisz86X
+xSC+oHm/bI/pAoIBAB9dSV+IJVKdtNkBA7JoOd5j5qriag3RQYnPMU2P46zk3e98
+NZUN5msmw4Lb/ttA6TWk665Ksc/93k7FFiIxIpTWapCnwjefE1s7G6dFg74qG0hQ
+NuNoTbFuSdok3eGiFrLKRIgyup5W6ZZPVGt9qkW5CWUTUIvwTxxeQtDzdR9JZJUK
++LqgpuC1Uwmu8ucaPY5/AVBGIsmTbu8Z+2w/BRXIFImE1m32Hgt7NdA7UvY+EKIQ
+zmVM//RJNy8bgH6s70KmTK4z2aawWQsfrftLCMmWNkuW5iBvji8Gq8tkUr/8Kg8a
+pCO4oEpm/m+6rvUvAHt1M8VrFwN6WRq3DqxL+hkCggEAQghM/6IJKUw+7RQkpxpF
+WX8reJzcsf3L0e5w1sXbQo1b27nXUNSY5chkS/w7FOie4tKs1IKgg+QCvso9ZKZ2
+JRrGhmflkMxy5mxStgvpYaL068zzZD2MhhWcPOucw1JR2JRM0LG5OEFPKsbkV7Wf
+ThbezL4aixud4ZG0kRl/5uacZTWFuSiXiKxtnghftn6R9XyJs+cvhkYupcZqoDkP
+8hkcZ+ih32MqiGZn/7u16WbdHQQO+qzvY0IiQbJPdbctg39Br8ExFqc9+iKR9NjF
+DlYN0IIIBXNKydkUs6cKFEbNYF6k6jQ6AK5YMAVfftwBEn8xUX96VIt1CEbayH9S
+sQKCAQEA55p0t4PZ4ATXxWX7Lv/9yXNdQi37e31zl+VxCeI8H+xwZ0Luhkb7xEGP
+T/pXYASzuabRIWnFoj54yWbNfJiSlokfvMbOYgJTFt4xL8rb27IDYO19gwjJ8Ofk
+eo9hxsZlNIKDZWRCCQaMrkz2DknFCX+ICSlsD6BWSFkUZ+fOIRhlznsVgaCCuMf5
+JUq0LcCjhZ/rpWCHq4kuTB32mEPoxvausfNvCYNzgUyuyxbO2zczthXtT+MKpNfV
+8tQYtWWJrQJuddue2G/inz3w2Uzn+v5UX0kDlZAqTnA8RrgKnzijM6p2u3qjCScw
+CjgbIk+XQOnoNKbVTTRkwYuPtxAl7A==
 -----END PRIVATE KEY-----

data/spec/fixtures/certs/generated/client_from_root.key.pkcs8.pem

@@ -1,54 +1,54 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQITfIrh7WizjwCAggA
-MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDH7sVEv2qKzCN5iDQmMlQhBIIJ
-UMnezMJbNyZ/LH/Gyf8bMOg6LdV68MjReNgNrJEnCK1GYUaMbAhwS1xtC0QkG30Y
-Yk0ZM24UaoUxTXTrH8chtyj7QeolaVibtG7yQHrncYcgbZc/WF2hh+vIfwgwxHZU
-XkFWS6vKZ6NshZvrBU8mV8y2O6YRLPDcUvBudIUcxv+mXJ9EXNA4G1qzg1yIi3Wc
-ycUfQkGP3yGmlS2n5DaOeB7xyw4wWVhkuyrQZbFR9H/NBWRrbEtshs9Da+iVJeMY
-09+NL1qudKOM4u0bI5VPicwg5pjKZe9/yeuFNr01lZ+2IRqz5qRUMvE4KF8XsVUx
-jzNy9sfb/kzHiySQtVL5Ll/4SZyqgc4nAgv2IDWrPoPWu0WN7oJD/BSZoAKIH30L
-YHY5yjjGzL6LheFQwGtViDCsVTkob/TVZNabI+VlXPqmJ2L0UM9nkEy/rHGZJ4Af
-TcpCvYH4t7KEJ/IoaxCSFedMQGBSGDwvMY8tduRvgx/SQWud4en1UVulLsscHFbP
-+eatj3J82toU3MsreNQc43alKK4C1PylJsEOFvv77gMoucce1sAAxYACrutjwgcm
-sH8vNgyzt0fQNDQUwjEfbR297n8cNWd1jHiNCOUuVpGETGg/ef47+PKm0+mQxfdD
-74aLESuGmooihcQGFnScyuLWbr5TgaxD6cCf3sa6qi5/ycJa4W7ePWrq0vWA8rBn
-x8UpAmgBrMMZwfPlNFSn0YStKqSs/c8A76DeGbOE1Hm0w2G4w/CA3DwXNY3EasQC
-D65k2i3dmzObJUoxaBiPaZ9dFPQJff2o/m7agL3PemvPYoAiae7H5phukI+ZJnTH
-0yc2V3z4Pt5427AIsU5jZKFmae08vFwgyYdEvmQnxQt5HvvDYdWlGom/+jVqajKu
-YukyuTZLjw6nMoWtuCEjpEqWrvJWEsmTIaeT+7zCpkIraK1Yqq8WI3wK9JMH1vEz
-It1iLQ+DDQEdqJtuZlF4mD82/Mvx0+08NgzcJUTxeBzjTcNFjMohR9AGrCIb+Fi+
-cti35/lW91PZmUfXNLKCLjcVO2PREU2j7o5feQ0LJ5I+Qea5m2DVIu2weVoev2c/
-lcWojHUIv0DD+2xDVtnFkNPRXXTPH0lAQb5D2W4G1sOY52qHJFf3CgNkV+4ABtSw
-ncRus4dpUY/LJd0PffdIB1DHtfC4FF7opvkFqEFZD182ct0E8wv6J4UMF13k1nVH
-PHAVeRX8h+zH6S75POp0qfIX6MwHh700AhAIX/zF0iB+wAupoK6fuvXyudhUJ6rN
-tsvwMUMrSlEMcT2llHXXKiCJ6K6z72RejYEY9IuDJT/kqWwi5F+fZ+z+Zh363VpF
-UOGRUFXCzGxbBOETkWzEpc+e5hg1FhtRL0P5Aemq28Q/ceZLJr32ul74W+bnrNV4
-ZEgFXgKOZT6Ty6gGuRBJSF2QfwDw629O6DvfQ05O8YDga+P1LkBV7fx474CwkiVn
-K1gXEiUPJQ/5yeDsfw85WGD/FCLew2HL4ael9pPwRPI0siXFTvZ/0yTls+vqws6n
-mtmKRMiV1DKgVkU/GEFEojnbGhy9vHtNQcIfWzWg1e0QsZzI+KoeqhHvFabvGoo0
-t/2heEo8MziAVKbDnfJCUSnxRCtW1WUuXbYKe8WAqIMbPVDOcztnMn3fxUwiw9bp
-bFdi3/fLGKsKBaZ1UFe+NMqP0yjnvrOj1VNkZ38Oj/QTUS+7uVqZxsQullt+HTfi
-rdsIjF9spJpfQ1W67fq39iuFZWVMvYkU6/BQzbSCc58/VTf1kyfmoPAEZjDH5dzp
-gpMcXknGBHDUK+74PiDjMFGxnPFW7BiSCx0tmDbUxzxOEMv4V7SDz2Xf3w+VLD58
-vU4YVtIqaVzOBsK9mS+mpjVRmUJNfqbryDy4drMw94jfBiKaCJG6qmu7x9LiiIzg
-zADX1MPXCPkEst4OksIoISOH//kjpo29ft+UrxAZYXZRljuiRjeT22iiY4OIy0jx
-YjWyZvFNqLB90RmbAV7euFobJuTX4QAljRPT8d7tfWK8ZiHJnfs0AsLGoaGDRovg
-6G/yodoqhM9zpqWF4BFAHbIElkz2wpHsj+6fYuZmPKvlLktvnh+TpARPjqmYb69j
-zzHTxQeAoNHOqWBhwRFoqvVob+OgdMOyxvbenpfyE93PvItRnGMXX6HDZrcJGGsg
-Flgg6yhjMrcdh+D/I5necoyCsyaRN+SwyEQRPuqm/PowWQdkVRgIqiOUfISGWFed
-N10NF8EsVy2EsyBmNJNBxcXNsBxPCkxjktNj0r1A2MJ1GFj9PdH6nhMrpL2DlSwB
-eS0WuX/3Q/917C/OSiSZEDFKoq9O8M1MN3ixhCBOuDyGOW+fB/eSoXFiYgE3nVii
-80YMvOUq4ltKf8XTuuvJerIFY8ojYG5X2ubA78zT8I/ysY6Wyl2IeiHa+drUXroG
-Oqr2kjjZXeEWuBP3cD9thnzKSWrYCCsN7cSaUc3WEWL49N4MXJx3+WW+1y110oY5
-XjLzGfYGagWsgpZD967ful7akUFmemcz8afb7fC2ZY8vBTRrwd6R3vcSv1TmQK5S
-WyTk+Mk8xEB1YQCfwuyNMby1G3FEgbJi3D1TjsT2ZgF8s+tUJnYb4wkJ7hTA4Ta0
-mdMB7eNjTyHCRDdM3h2t+8vKkD9T4mVqrboM16A/DVVVru8eHqpKc7P4ijQQSDei
-VhT8wxNVSkJGpSss+pHdT8O3sRbhs1UIG+BuO4aeZ7MeNNW5NKocLzykLfwDF2Dn
-yJn67jWShoe4ygchzm70D7z8VVC6503zPdKis7kf44NZaV9TKzSj+NCiLuUKqDBr
-5SEToNMyhmdQCSnEcRLtKYRk2z3g38tnHvaaA+06cujn2NrDpQd3ZMO+UjIz7tRv
-BpBRGH+xTJlfiDbOChVwcC9R6kX82zP301Tpuwf68z5cMSAfpdt7U6dBfnc9Jwth
-gZP/LGcdsN7pescJIMpmlzh9FQoaUr/cvKXzfGTl1gecq+ivfra88S1gXhnfkXSM
-/URC9X+jmZ/sXkFklPpIKMN36rTgTZKTmXYqMZrTlX+RmOttmq6NeAYIJa4vS0+P
-N0uhkHZMwMNoyzKwg2I3xSrC5Oyz6x80mD2n4kZb8ql5QKBILDINakF4LSCFzEbo
-VpzrYuTN7PJB9rDkYDsqxW7KEUBvpbPsh3/PMn9bR9i5
+MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIbFZZr1ZBKQUCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDa1RXlkrCJZ7ezzwXyyEFxBIIJ
+UPskWxablY0V7QaO9kI6/g6ddLfddipdjosDeQh2gbimCryWEI05PzoXiIiZrao5
+7S+/HryjSI9J5fpt5BHvI6xlMQuQ/ZryxrJncGgf1X9JC4RFVmRoihcwRtUf4Fzm
+lD/NJZDqNwAx2rbVe8jrQSnzl+iIva5HkHDC1aFvst4beWvxG1P3BlZdFr2wyw8j
+WncFFZ+zpUq9WVmrSFNVXKmkjMS5meKJWtqT0W7gksdkTEtZ2OWbpkfG1d1i+cwG
+ZHWt+8hAF22s08WTRDx/28QHQ38HMroKD9KIa8eNqJMqib93IiC95x++Nhjt9UKk
+S5umgy3J0xRKn3+PmYERh/ZqUWSRQUlg+lvMagm5DVn+/7bxi6KdsHkOh8i4+vv1
+hl8GVbbZtBXCivvgpcPlYburW+MxoT4NX0KpcpyYcMkdttG9uf+EYuGaXxfhQLxr
+DXLI0xjEqUnBQfcf/xV7A/yVqaQFCKYAsxbdC66J8HFlUdZffXOTtESZXAtHfS3z
+h8XKjhnG2zhyNTPJpXfJLaBmd9xahGzC6fu/nbzcwrlymKzQ5cjY6r+sMjQflf+z
+N2lSBwi9xUlNDA1yVZ3QDRslmf/Ah6q28JUXJXxYarvt7u73bJ5LvW5Wxvz7cb9k
+XqqAyvdqHdhMuWKWq+bXyY6EG2e5KibDf3y5Xguxl/dFDVvRChIgZtD5cTndqan1
+Lm6Tk4SPKJbJ61c2Mpc5XykR5YsURLYYdv/utVYyZY7YneWjUYcqp8UZZKVqtBRz
+NIhbDyyCIAD+psN3+Wl1V4xqrEWSKS2S6+nIs5CP1pG0Cgn69xoNnjfAY90qvy1J
+reKiBSUVTpT4MI2aRqA4GCq0RIP+fjDIEXOSDMVttg7SYkhFLhURY5fdh8K5H444
+jXKkId3EZr2NG7IukDmQoSTTlfI7PthPRxvrrR0V3Cu3USMkZAghLHM8PlUmTqzd
+Gq1ILQbeaojPaDRqml0ZRsToLgWuHRgpySuBAbwh7jf7OmnTcVFS68XqAymcdWuk
++yA7DRcx7+h/maIk8UoRTSUI1UdDpnzKCsBNLPhT+dzUJqJlvrGSzmMtP0DBbkPL
+hYNfFofyRqA8DZnSw2jQGH130F9RBI9E74ZT93WTrDaqZd/xQONZmyh9Fat7YA2z
+vzg0svfEtWYw4ZbucV1cLvBN0FWVtGGzlskJ8a+5fkACRM5gEqvDstUcgKHMOikG
+HFQzcidNIsUaE2fMUd1pJ6E+l6wnJ5ol47uIpdZK/7jZgSXx15XRvyrTiqTwCkK+
+hjS2f8FyisC6VP0vOXx62r+TzMQSf8ET/FT62C71CMlKR5kroW0XEaElg7ymt7kX
+Mj+PzXsKwlj2AyI/1sFpUWOwM448XPc1beInQ6A19MIlssms29fii30USWPtUQ0z
+PMZwI9j4d5JFYhbS1C06Q4QYv2yatjdzAo2/8LkkEnD0sVicLCZzM3modLalFLCM
+x9m/n+32uXbXcJeK7ucZKJ3trHETdf9GKycPNvm56ESdvzzE7a3U2H7FG4m0/Bb4
+o/tufPOP5IT5SVcBSiG8sPZYz2Hb+4nfnEv9HTWDuqdyFsynpEm7Q/qopWDnM+mY
+1rC4IVWDF7jfApPxCzMRuhBYvTNd7B/Mpxpv38GTi2Iy5M1goKvS7GTIf3B6VDva
+oPFEFCK6e9aKyyzELrZY2UH5gcykWH+5XK7lM12+Z3v4XFKC7hOh4lbxM3iUwyb4
+rTNep6HM4rdyC3ZvbDckmsIx9f+vzq47UDWs3h2TKR43TJRaXsBVKRLi8aROjn9a
+1w4yv71sMMQgB8FvXVbuKZRP853Q7h7wKx2yfiNhXJDU+x1yXk0mIXtdTf4JOwwy
+NWnajwu28cYnM9YhOoEMpdbTDUmuZTvsXX9Mwb2JpjbOFPoCvZVHseTqoJlLCJwg
+AR+rxdafnFvrkjbx3i+X5nl1lBnAom+iplotBSr8OICSwY7I2pqU7JaxC82Qs38s
+TW+e0dK7L2osETPu6sO3nkBomFWrKo1mscwWuEbuT4c9Tt7vCvYeJ034oJ6xL8lu
+uq6CvlBXGZJl/cbVHTfsQ5MMHfysg2giHIvWUnwki27IkkLY/fQ6AY6yN8V7PiW0
+IO3D14ys3BFuyeS7YHUXhmEz4l6kW2Qun/TDFnDFzfC4RbhV1sFnes4thDACp8G/
+sWJbKQZQtLKNjRWLH7vqyTy96dSSrNbiHJ8piGyCdP2+Gy4+zuBqvCoL0G6YJZuP
+p5Y2vsJoud5II9K4281kxThh40tjVDsvVL2EjgW0xpZhbT/HJkgKdvxryChOIy+U
+KXCoLsGX2YaBO/Iep/PNq4o7qsGQHZYx4yUgXQxXyIH7vDK7xJUOMak58KRNCKHE
+YdMrVV8ciJbqotYHOk7nzDpF3Ah8PZ07F8uq/LfvqBw48Fq4Ap1DhPamKWX7ovdc
+ZoC5punX8y2qk9NcSZ155lLP1SGFdsuW9hKIw6H0FFlI9mu5dKUp3wO42rP3iv+l
+O0FZ1OJs2cAgIZqF4WaY7DjlZa9IxFrEBGjkmH5oZ3m5EY9jYSe/oqidu7OaMxPI
+OUulL9b+yp6YKWVw43xOBSwUIZbfUV3QTSf1TxP1ebl/GjiHeR088OwOmcnESgOi
+KyRhpMqzEP+Yqn0yawr/cumNTvJzkp4y1LIa2aIrnNsnE/xf/4/CjXhip2E8ekFB
+C33Ub6C55SMRp3aJtWIUyi9sPSdNV/n0vUSDCtoYI9h7EPY9Iepx/S0GVLTHKPIl
+jwVBhtq8WZGnWxm2TA38jcvF94KQWBd6NNHhy8kexCVzvlYVaGKflSSp9PHMQZgY
+bmuTvwRqhgA/5cYOxhyIc2lJTxj7nSyLVrg0txKOSYXS0e8uPSsi/KoscV5aBbRG
+S9dbZLsq9OuOYAL9LX0lufor2CloqnKRZXZgChTCcwsg4vCf6P4luhtXMAz7ZBau
+80MmFEgkfk1+H3FLsvplVKTiKTH6dFd+Sb7sjKe4Lj2nx4F77k3csa9Me3e4IoEn
+2dJNMgRbe70/vQ1JH4eMNRQrcGu+CWP4YG8jRU0u9xKofck5nMZD9Yrlbcf2Bavi
+E450La18i7v+JHm1A+qrF74hF8X+I7hOFU9ud//MPPILdRRRbXRKOOQ16IpYauz3
+wJ0cfKixHS29wMHewE06glcHKq3uIKY/bONuxwQy3FT/
 -----END ENCRYPTED PRIVATE KEY-----

data/spec/fixtures/certs/generated/client_from_root.pem

@@ -1,35 +1,35 @@
 -----BEGIN CERTIFICATE-----
 MIIGATCCA+mgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJMUzEL
 MAkGA1UECAwCTkExEzARBgNVBAcMCkh0dHAgSW5wdXQxETAPBgNVBAoMCExvZ3N0
-YXNoMQ0wCwYDVQQDDARyb290MB4XDTIzMDkyOTIxMzA0NloXDTI2MDkyOTIxMzA0
-NlowUzELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMRMwEQYDVQQHDApIdHRwIElu
+YXNoMQ0wCwYDVQQDDARyb290MB4XDTIzMTAwMzA0MzY1MloXDTI2MTAwMzA0MzY1
+MlowUzELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMRMwEQYDVQQHDApIdHRwIElu
 cHV0MREwDwYDVQQKDAhMb2dzdGFzaDEPMA0GA1UEAwwGY2xpZW50MIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy7sOesETzYvyYG4nnD4qMoZCl9DG4C4W
-tPLr1H6Pq1q9tvt/4CvAjvRZTpol747kBImy1HIMvacYFPEirZ1I+7vpEzuPwlE3
-uA4JcjK2/wMrs4fgeI0czUMnCOx4JLt+Dsgm9D6OTXvH79BjkLAaS/hb74qLqpd5
-Ju9YHF0INXg9vYZRPmxEtH+8A0hrlXQRTsIhtLoCVA90hAp7EzZ7UAAv/rlAnXwD
-BlZSYyWl8dYqxiCWbImXWG7JsIePaiceWio9steelDhcI41a2V40rMlUPLiBJGnN
-I/nAsa7Wf0n84ciJzVD7ynT+mPr5RkcznCY52HH/emdbnxPpFSCFgL/P9JA3pa+l
-newJy4fGZvYyRkNkBk7dpxrOnPoObHJuRRAzvCIhCpnOM2GM+Ll2hnbpxzo7t9Sb
-Su/kw48kzZTKdLdaEbk5C/VTX/yQ7FSKhWYjT/IFFVi33Y30eFTboVjrq/nrTLsn
-/k7RpOmTn5x1qm8PLp84ZVx1Yn4Er/bEu2EAnYsjfeHeOQy2cRY3nXXsn9/wEWWX
-Tydf7G2qccqkVsgnvpHPy2V0/T/XBziI1VqXtnQMEekCy/dDS1r0aht0QhyiK4l6
-lK8wGFyiXrSl2uEDSRQVyFx87Za0jUqycuG0AOCiVq7wgrC/ldu7TyguWa3s9mnY
-aBJmQSPG2W8CAwEAAaOB4TCB3jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzenDbAON8w1TA7u1ELfK3o8BR7xNpQiD
+ykFtHFGrp5tY0Ilk7Yk86VA5C0DNo/rdUOelCe2f84wa9+OH9shfRgfPqDrZqD99
+Mbf/r78nsC+ItYv+t9fPUz+Tu3hg8PJI/ocg7rzQ77patdWHXVz3V0S1oxus125j
+94ji/448zYjFTSzke6t5xXKYpGGWAPSmQxNaor2+r2gEpqfRNPfK+D9THyZX0sOR
+/MD1AOLMbVOTm9pswhsfAqIuTfGVJWAEMPUuIMC5xr7e+8aZbTDP1TD8/dDrz9tG
+zX94QL1t2b7+w5B75WmltZC01RaG/elCkpXMbpt8Bwfd8hmW2KsqqHsCGkYJTtjk
+vTLtWKSiqpOaa+0uqRXKUTx0IxRdHlSacgVBlLiDsTrFAhMelSSu75ZgK7jAricL
+ADl48GHDa9AByTr/Yxp622vTfY769YBKcfLBvN7qSygJf7jZ4bFWIUqPKzocONFc
+zqiWI3g4nNlAI3yIG895lSfJw/4e4MTohnxrmFVISGzsNRsil1D46G3bt7ZDvk6H
+2IDWxdk3SVmRx4khPMM+HmgdFCFGtZSFnbBdQsM9MSCXv+OkX+aUHB8TQ/NTCMD1
+ZCuFrmAKm0PicDmSDCErWXRvS4dmj5X7Gah8LqTT35GTP0oBTO3GZFOON4bNDVtI
+tC4bErJbANECAwEAAaOB4TCB3jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
 oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
-ZmljYXRlMB0GA1UdDgQWBBRDosYG+0spuKpG6rnBBxO1CJrUCTAfBgNVHSMEGDAW
-gBR81PQUn3jB9/i0sWoSUloY3jeVGjAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
+ZmljYXRlMB0GA1UdDgQWBBS1DozP7Ov25cJeDW3IXq1c6+Sx4zAfBgNVHSMEGDAW
+gBQz/zI1tCfs7stYavc3NvY/DDDBGDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
 FAYIKwYBBQUHAwIGCCsGAQUFBwMEMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAA
-ATANBgkqhkiG9w0BAQsFAAOCAgEASlKD2Iw8MM69Qqhv/65kHXEnwjvl7ZxSuB9p
-YEI3jLmKLAONM6b1OP2iPZVKUbtQ6lTwAME64/fPIhnm8dbAt7If7ptcdFHHNe/4
-n143YeF6fxonMJGACIKwDsELinp9jGUtrQdtm7pIKRDATTzYspdvhn2HFbSSqCr+
-y3TGxmkg7x8/+bQTgnJs9CHtEopThhTYoC2olBMEXFq1Sh2oNEcm1nlKjOx/iApI
-lqqowADqjHz6pThrladTIQMF9i1MxsNLAeSVqC19RCzryspBx1POU0xukM6VsFep
-CCSfjT60UHhMMKkHmr9JcuUUy3h1yymf+z7fq40YefiSHRuWDNrKM9GXXlesObob
-T0FW+Jig9qGVPTdBZs6l3Fj8hhmvZc8TgadZ4nY2qFe4AXQH84ajpraw50WZQMtE
-6M7aECSHzSSbzpuZL22lsRHW41cT86KkH4Yjv3UfeR7Q1N6ADHOekHjtueh1lCHH
-gJomI+nkvNI8M/+nDy58aZ/Pu2hn4vF0CBN6/dzddbMpqLi8toeJFkfJRoXuQiBd
-AQZNzjTcC/w8G1eTMY+llGrE+w5GRzVa1PRqrQ+g79+OXsgVsV5RTxJ3ShGI867y
-U8njiuI7jlm2W1oo+NRko+a4B9t7A0O2rE6xJo4IFIC6y4qwJKvg/fezBQUZvUP5
-V+CM/k0=
+ATANBgkqhkiG9w0BAQsFAAOCAgEAtdiU8wM37Q7V3axzEBZf2prwRQSyA1Sxd1+a
+EuAk0B93ynRhOkIoW0EmJQzOh5lB/V4fkce+PwIZb9j2cH1DnTJyE/XjZ6Y/p1f/
+Fpk2xbSiaRGwhetotQCpEmNBwKng1VD3wgzp942sCn0ddswgJQ/5KEt+H9vJuuKu
+CC503HUQ58pfiYJc5Kwz9cboYSR0VoRJ+iVdmXGHOW+8oHwt6F/Hd6GN/HX/s9FC
+UQ6KYxFUQM/oAvxJ8FNmaL4kNQvZW9MQebpyTVPwZwq7hNqDndUicXVMuD2DzbCU
+S0OLvYzLnAW9v4niTNRRTh6hjQnlAZOXdGuwPgmcIIfq3X7Mdme26d+J2AddPDc/
+olOQFydJJ7dyYh6DKI/bK71IengFm3vokPZooZU/0D1VZkcMFITvNnXxgtud5nW5
+ghNCfDCE+y8gU+C9djUC3kBZtxEP4n2RDoAzy44U0QKA31j7dy/KTy1UzIaVHiLL
+TtJc5Kuyb2xAM76ySoIZCpF+k7c1ZipOkKnOV7ZYDYqWIxzfTBgDOcux9LJDkBUF
+LLsBdg/818evYFC8sf28DiLJNZen8o2DHhN4XDx7dT5VPHLquLWOJMubYMCBbFGB
+wKu5HdANuPV+ohUCnatFlfwG2Vju/0qPozfkixy5esF5EuUHrTHvDUvoMliA7rCN
+yzJa2MI=
 -----END CERTIFICATE-----