logstash-mixin-rabbitmq_connection 5.0.0-java → 6.2.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 369b7b8885462316ac663ab74a818172be5717eb
-  data.tar.gz: 668e13d9c466042d75e471ec984c352f5dfe539e
+SHA256:
+  metadata.gz: facc2c0bbb94d9ffe28e084637a8bffdafd34b6b7ac1585bf44a519d4043253c
+  data.tar.gz: d7462fe30d31bd4851210100e0ddf6506a3045f2777dc877a77c06a320f24abd
 SHA512:
-  metadata.gz: 5ab6a522eb401c004e1e13d7fd766e03ad2d32a2ac8b733e02cfc26c819a42a9c11603d3e7b04e5d409641f58b48ad0e2be19e98ae9f2d992ce3fe3b7783188c
-  data.tar.gz: 2ed7a7060b2d521ea6484665ca87d79fef6fae8a897381a7be1cd111295c151f8a240fc1ac6cf2f507276392d45b1962ed3335a6703b6d0ca712ab02652a9a16
+  metadata.gz: bf0e3772d6d7ef7b0c1f9c77aab348a1dd8fe2bba5d7afa78abbdc4cacd72f13397406d6a7edc7aef0493ad17f71e74d0ef5be81517bcbf4a3200773d4a0eda0
+  data.tar.gz: 5b3790fa5d4dc80eed67701bd05712ede0299d0b2569905385758f54c7a9ab17fd87fe4cca9602128176eb1dacc7210f45c1b49202d98a77e42830a60346e961

data/.ci/docker-compose.yml

@@ -0,0 +1,17 @@
+version: '3'
+
+# run tests:  cd ci/unit; docker-compose up --build --force-recreate
+# manual:  cd ci/unit; docker-compose run logstash bash
+services:
+
+  logstash:
+    build:
+      context: ../
+      dockerfile: .ci/Dockerfile
+      args:
+        - ELASTIC_STACK_VERSION=$ELASTIC_STACK_VERSION
+    command: .ci/run.sh
+    environment:
+      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
+      LOGSTASH_SOURCE: 1
+    tty: true

data/.ci/run.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+ # This is intended to be run inside the docker container as the command of the docker-compose.
+set -ex
+
+ #bundle exec rspec -fd --pattern spec/**/*_spec.rb,spec/**/*_specs.rb
+bundle exec rspec -fd

data/.travis.yml

@@ -1,18 +1,2 @@
----
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-- jruby-1.7.25
-script:
-- bundle exec rspec spec
-jdk: oraclejdk8
-matrix:
-  include:
-  - rvm: jruby-9.1.10.0
-    env: LOGSTASH_BRANCH=master
-  - rvm: jruby-9.1.10.0
-    env: LOGSTASH_BRANCH=6.x
-  - rvm: jruby-1.7.25
-    env: LOGSTASH_BRANCH=5.6
-  fast_finish: true
+import:
+  - logstash-plugins/.ci:travis/travis.yml@1.x

data/CHANGELOG.md

@@ -0,0 +1,59 @@
+## 6.2.0
+  - Remove ruby pipeline dependency. Starting from Logstash 8, Ruby execution engine is not available. All pipelines should use Java pipeline [#64](https://github.com/logstash-plugins/logstash-mixin-rabbitmq_connection/pull/64)
+  - Updated ci setting to use the share ci repository
+## 6.1.1
+   - Fixed issue with custom port assignment when multiple hosts are specified. [#54](https://github.com/logstash-plugins/logstash-mixin-rabbitmq_connection/pull/54)
+
+## 6.1.0
+   - Updated `march_hare` dependency to `4.x`, which enables consumers to reliably manage a connection blocked/unblocked state machine that survives connection recovery.
+   - Removed support for Logstash 5.x since `march_hare` >= 3.x is not compatible.
+
+## 6.0.0
+   - Removed obsolete options `verify_ssl`, `debug`, `tls_certificate_path` and `tls_certificate_password`
+
+## 5.0.2
+   - Bug Fix: undefined method `value' for nil:NilClass with SSL enabled, but no certificates provided [#109](https://github.com/logstash-plugins/logstash-input-rabbitmq/issues/109)
+## 5.0.1
+   - Relax constraint on march hare to allow 3.x [#44](https://github.com/logstash-plugins/logstash-mixin-rabbitmq_connection/issues/44)
+   - Validate :ssl_certificate_password as a password [#43](https://github.com/logstash-plugins/logstash-mixin-rabbitmq_connection/issues/43)
+## 5.0.0
+   - Mark deprecated options `debug`, `tls_certificate_path` and `tls_certificate_password` as obsolete
+## 4.3.0
+   - Bump march hare to 3.0.0
+## 4.2.2
+   - Bump march hare to 2.22.0 to properly convert LongString to String
+## 4.2.1
+   - Bump march_hare version to 2.20.0 to fix reconnection issues
+## 4.2.0
+   - Include URL of server when logging errors
+   - Add warning log when connection is severed
+## 4.1.3
+   - Bump march_hare version to 2.19.0 to fix reconnection failures with proxies. See [#76](https://github.com/logstash-plugins/logstash-input-rabbitmq/issues/76) for
+  more info
+## 4.1.2
+  - Retry the connection attempt if there is an IO Exception.
+## 4.1.1
+  - Remove internal Logstash deps that were not necessary
+## 4.1.0
+  - Fix SSL option to be boolean once again
+  - Add separate ssl_version parameter
+  - Mark verify_ssl parameter as obsolete since it never worked
+  - Better checks for SSL argument consistency
+## 2.4.0
+  - Add SSL/TLS Support
+  - Add support for "x-consistent-hash" and "x-modulus-hash" exchanges
+## 2.3.1
+  - use logstash-core-plugin-api as dependency instead of logstash-core directly
+## 2.3.0
+  - Bump march_mare version to 2.15.0 to fix perms issue internal to march hare gem (.jar not installed with o+r perms)
+## 2.2.0
+  - Rollback the changes in 2.1.0 . prefetch_count only belongs in the input plugin
+## 2.1.0
+  - Add prefetch_count config option
+## 2.0.3
+  - Add heartbeat setting
+  - Add connect_timeout setting
+## 2.0.0
+  - Make LS2 compatible
+## 1.0.1
+  - Initial Release

data/Gemfile

@@ -2,3 +2,11 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in logstash-mass_effect.gemspec
 gemspec
+
+logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
+use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
+
+if Dir.exist?(logstash_path) && use_logstash_source
+  gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
+  gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
+end

data/lib/logstash/plugin_mixins/rabbitmq_connection.rb

@@ -3,6 +3,7 @@ require "logstash/outputs/base"
 require "logstash/namespace"
 require "march_hare"
 require "java"
+require "stud/interval"
 
 # Common functionality for the rabbitmq input/output
 module LogStash
@@ -54,17 +55,11 @@ module LogStash
         # Version of the SSL protocol to use.
         config :ssl_version, :validate => :string, :default => "TLSv1.2"
 
-        config :verify_ssl, :validate => :boolean, :default => false,
-          :obsolete => "This function did not actually function correctly and was removed." +
-                       "If you wish to validate SSL certs use the ssl_certificate_path and ssl_certificate_password options."
-
         # Path to an SSL certificate in PKCS12 (.p12) format used for verifying the remote host
         config :ssl_certificate_path, :validate => :path
 
         # Password for the encrypted PKCS12 (.p12) certificate file specified in ssl_certificate_path
-        config :ssl_certificate_password, :validate => :string
-
-        config :debug, :validate => :boolean, :obsolete => "Use the logstash --debug flag for this instead."
+        config :ssl_certificate_password, :validate => :password
 
         # Set this to automatically recover from a broken connection. You almost certainly don't want to override this!!!
         config :automatic_recovery, :validate => :boolean, :default => true
@@ -81,12 +76,6 @@ module LogStash
         # Passive queue creation? Useful for checking queue existance without modifying server state
         config :passive, :validate => :boolean, :default => false
 
-        # TLS certifcate path
-        config :tls_certificate_path, :validate => :path, :obsolete => "This setting is obsolete. Use ssl_certificate_path instead"
-
-        # TLS certificate password
-        config :tls_certificate_password, :validate => :string, :obsolete => "This setting is obsolete. Use ssl_certificate_password instead"
-
         # Extra queue arguments as an array.
         # To make a RabbitMQ queue mirrored, use: `{"x-ha-policy" => "all"}`
         config :arguments, :validate => :array, :default => {}
@@ -107,8 +96,7 @@ module LogStash
 
         s = {
           :vhost => @vhost,
-          :hosts => @host,
-          :port  => @port,
+          :addresses => addresses_from_hosts_and_port(@host, @port),
           :user  => @user,
           :automatic_recovery => @automatic_recovery,
           :pass => @password ? @password.value : "guest",
@@ -121,7 +109,7 @@ module LogStash
           s[:tls] = @ssl_version
 
           cert_path = @ssl_certificate_path
-          cert_pass = @ssl_certificate_password
+          cert_pass = @ssl_certificate_password.value if @ssl_certificate_password
 
           if !!cert_path ^ !!cert_pass
             raise LogStash::ConfigurationError, "RabbitMQ requires both ssl_certificate_path AND ssl_certificate_password to be set!"
@@ -134,6 +122,42 @@ module LogStash
         @rabbitmq_settings = s
       end
 
+
+      # Adds port to the value of host if it is not already supplied
+      def format_address(host, port)
+        case host.count(':')
+        when 0
+          "#{host}:#{port}"
+        when 1
+          host
+        else
+          format_ipv6(host, port)
+        end
+      end
+
+      # Formats an IPv6 to include the port, if it is not already given, conforming to the format used for
+      # literal IPv6 addresses in URIs,
+      # eg [2406:da00:ff00::6b15:edbc]:80
+      def format_ipv6(host, port)
+        last_bracket = host.rindex(']')
+        if last_bracket
+          if last_bracket < host.rindex(':')
+            host
+          else
+            "#{host}:#{port}"
+          end
+        else
+          "[#{host}]:#{port}"
+        end
+      end
+
+      def addresses_from_hosts_and_port(hosts, port)
+        # Expand host to include port, unless port is already present
+        # (Allowing hosts with port was a previously undocumented feature)
+        hosts.map{|host|format_address(host, port)}
+      end
+
+
       def connect!
         @hare_info = connect() unless @hare_info # Don't duplicate the conn!
       rescue MarchHare::Exception, java.io.IOException => e

data/logstash-mixin-rabbitmq_connection.gemspec

@@ -1,7 +1,7 @@
 
 Gem::Specification.new do |s|
   s.name            = 'logstash-mixin-rabbitmq_connection'
-  s.version         = '5.0.0'
+  s.version         = '6.2.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Common functionality for RabbitMQ plugins"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -17,7 +17,12 @@ Gem::Specification.new do |s|
   s.test_files = s.files.grep(%r{^(test|spec|features)/})
 
   s.platform = RUBY_PLATFORM
-  s.add_runtime_dependency 'march_hare', ['~> 3.0.0'] #(MIT license)
+
+  # MarchHare 3.x+ includes ruby syntax from 2.x
+  # This effectively requires Logstash >= 6.x
+  s.required_ruby_version = '>= 2.0.0'
+
+  s.add_runtime_dependency 'march_hare', ['~> 4.0'] #(MIT license)
   s.add_runtime_dependency 'stud', '~> 0.0.22'
 
   s.add_development_dependency 'logstash-devutils'

data/spec/fixtures/README.md

@@ -0,0 +1,150 @@
+# TLS Testing notes
+
+Currently all TLS integration style testing is manual. This fixture may be used to help test. 
+
+* client - has the key store with client public/private key and the server public key
+* server - has the key store with server public/private key and the client public key
+* client_untrusted - has a keystore with public/private key that is self signed
+
+logstash config
+---------
+```
+input {
+  rabbitmq {
+    host => "localhost"
+    port => 5671
+    queue => "hello"
+    codec => plain
+    ssl => true
+    ssl_certificate_path => "/Users/jake/workspace/plugins/logstash-mixin-rabbitmq_connection/spec/fixtures/client/keycert.p12"
+    ssl_certificate_password => "MySecretPassword"
+  }
+}
+
+output{ stdout { codec => rubydebug } }
+```
+
+rabbit mq install
+--------
+(mac) 
+
+```
+brew install rabbitmq
+export PATH=$PATH:/usr/local/sbin
+vim /usr/local/etc/rabbitmq/rabbitmq.config
+
+```
+```
+[
+  {rabbit, [
+     {ssl_listeners, [5671]},
+     {ssl_options, [{cacertfile,"/Users/jake/workspace/plugins/logstash-mixin-rabbitmq_connection/spec/fixtures/testca/cacert.pem"},
+                    {certfile,"/Users/jake/workspace/plugins/logstash-mixin-rabbitmq_connection/spec/fixtures/server/cert.pem"},
+                    {keyfile,"/Users/jake/workspace/plugins/logstash-mixin-rabbitmq_connection/spec/fixtures/server/key.pem"},
+                    {verify,verify_peer},
+                    {fail_if_no_peer_cert,false}]}
+   ]}
+].
+```
+```
+export PATH=$PATH:/usr/local/sbin
+rabbitmq-server
+tail -f /usr/local/var/log/rabbitmq/rabbit@localhost.log
+```
+
+sending a test message with ruby
+----------
+https://www.rabbitmq.com/tutorials/tutorial-one-ruby.html
+
+```
+gem install bunny --version ">= 2.6.4"
+```
+Create a file called send.rb
+```
+#!/usr/bin/env ruby
+# encoding: utf-8
+
+require "bunny"
+
+conn = Bunny.new(:automatically_recover => false)
+conn.start
+
+ch   = conn.create_channel
+q    = ch.queue("hello")
+
+ch.default_exchange.publish("Test message", :routing_key => q.name)
+puts "Message sent'"
+
+conn.close
+```
+Send the message with Logstash running as the consumer
+``` 
+ruby send.rb 
+```
+
+password for all files
+--------
+MySecretPassword
+
+start from testca dir
+---------
+```
+cd testca
+```
+
+client
+-------
+```
+openssl genrsa -out ../client/key.pem 2048
+openssl req -config openssl.cnf  -key ../client/key.pem  -new -sha256 -out ../client/req.pem
+# for hostname use localhost, O=client
+openssl ca -config openssl.cnf  -in ../client/req.pem -out ../client/cert.pem
+openssl x509 -in ../client/cert.pem -text -noout
+openssl pkcs12 -export -out ../client/keycert.p12 -inkey ../client/key.pem -in ../client/cert.pem
+```
+
+server
+-------
+```
+openssl genrsa -out ../server/key.pem 2048
+openssl req -config openssl.cnf  -key ../server/key.pem  -new -sha256 -out ../server/req.pem
+# for hostname use localhost, O=server
+openssl ca -config openssl.cnf  -in ../server/req.pem -out ../server/cert.pem
+openssl x509 -in ../server/cert.pem -text -noout
+openssl pkcs12 -export -out ../server/keycert.p12 -inkey ../server/key.pem -in ../server/cert.pem
+```
+
+establish trust
+----------
+```
+cd server
+keytool -import -file ../client/cert.pem  -alias client_cert -keystore keycert.p12
+cd client
+keytool -import -file ../server/cert.pem  -alias server_cert -keystore keycert.p12
+```
+
+reading
+-----------
+```
+openssl x509 -in cert.pem -text -noout
+keytool -list -v -keystore keycert.p12
+```
+
+self signed cert (untrusted)
+-------
+ ```
+openssl req -x509  -batch -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/CN=localhost, O=client" -days 10000
+openssl pkcs12 -export -out keycert.p12 -inkey key.pem -in cert.pem
+
+```
+
+Issue [44](https://github.com/logstash-plugins/logstash-mixin-rabbitmq_connection/issues/44) validation
+---------
+configure Logstash to the untrusted cert :`ssl_certificate_path => "/Users/jake/workspace/plugins/logstash-mixin-rabbitmq_connection/spec/fixtures/client_untrusted/keycert.p12"`
+
+This _SHOULD_ fail an error like the following:
+```
+Using TLS/SSL version TLSv1.2
+[2017-12-19T12:47:12,891][ERROR][logstash.inputs.rabbitmq ] RabbitMQ connection error, will retry. {:error_message=>"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>"Java::JavaxNetSsl::SSLHandshakeException"}
+```
+There should _NOT_ be any warnings about a NullTrustManager or disabling verification, and you should _NOT_ be able to send messages.

data/spec/fixtures/client/cert.pem

@@ -1,18 +1,69 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=MyTestCA
+        Validity
+            Not Before: Dec 18 23:38:39 2017 GMT
+            Not After : May  5 23:38:39 2045 GMT
+        Subject: CN=localhost, O=client
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cb:58:26:53:85:b2:d2:25:6e:b8:bd:09:2a:b3:
+                    e7:c5:bb:05:bc:5e:57:41:1b:d5:9a:90:0a:55:4a:
+                    b9:2f:c0:f7:d0:73:aa:fe:ed:8c:a4:8a:62:42:db:
+                    e2:7b:5b:17:66:a7:2a:6a:a8:6a:59:fc:ac:8e:bb:
+                    4c:ca:68:3f:50:73:e6:01:dd:f0:63:8a:c4:da:b6:
+                    46:16:e8:fe:dd:14:f5:d8:71:06:4f:06:6c:55:c9:
+                    41:63:04:ab:4c:5d:35:aa:4d:d5:27:dd:0d:9e:be:
+                    47:6c:06:56:9c:0a:48:23:ce:c3:4e:9d:e2:bc:3f:
+                    78:8f:ec:24:73:97:8f:94:97:38:e4:4e:75:eb:aa:
+                    14:9f:6e:3c:8e:1f:0a:bf:37:9f:65:f7:2a:48:9e:
+                    c1:f4:31:a6:b2:19:73:62:4d:b9:9f:4d:bd:2a:cb:
+                    c6:c5:55:75:b6:63:f8:56:c8:4c:9d:98:b5:3a:e5:
+                    16:96:09:cc:53:ca:3e:82:fb:e4:b4:ff:1b:aa:d3:
+                    6c:01:1f:00:31:da:81:2e:82:7e:d8:a5:a1:bd:5d:
+                    85:f7:22:01:fb:77:46:9b:23:0a:a1:b4:e1:66:b7:
+                    ff:c9:9b:f6:be:0d:1a:39:d1:2e:1c:40:4c:a9:e5:
+                    25:05:9c:57:99:95:f4:0c:67:1e:b0:cb:d3:4a:b0:
+                    2c:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         27:c6:56:63:d5:18:c2:32:e7:c2:7c:45:2d:15:02:48:a7:eb:
+         8a:fc:a2:70:65:e1:ce:2f:f2:fa:78:3c:e0:5f:f8:69:1f:a6:
+         f1:cd:d7:32:f7:46:60:74:bf:18:71:81:f4:42:d8:90:a1:4b:
+         83:07:b0:dc:c9:33:84:a4:e9:e4:84:e9:9a:02:c2:78:86:bd:
+         b9:9e:30:63:d6:97:f3:8b:cc:0f:d5:81:dc:05:8c:01:7a:30:
+         53:ab:2a:3c:23:b5:a4:16:dc:1b:a0:35:47:b5:2d:b5:6d:d8:
+         a1:c8:98:7f:77:a9:00:3e:9e:44:c7:75:d8:91:15:56:7b:c4:
+         a4:7c:0d:73:3b:a6:9a:55:59:c2:d7:f4:71:0d:1e:46:0e:da:
+         01:9f:15:d8:02:6b:e6:85:23:64:1c:c5:da:b3:4e:18:23:33:
+         79:80:c9:1c:cc:35:fd:0f:37:8d:12:40:6c:5d:a2:16:cb:17:
+         e4:f7:90:b9:8f:8e:a5:ab:0e:c8:64:86:c3:b0:64:ef:46:7a:
+         82:21:a9:4b:8f:bd:5a:a0:b4:54:84:36:2b:bc:4e:30:e3:8c:
+         fe:ea:7f:49:c2:fb:2f:5a:7d:c6:16:7a:4c:8a:e3:ec:68:76:
+         de:80:20:ab:f4:76:09:27:65:26:e1:31:9a:02:6a:af:08:39:
+         aa:40:36:40
 -----BEGIN CERTIFICATE-----
-MIIC4jCCAcqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
-c3RDQTAeFw0xNjA1MTAxNzAwMDFaFw0xNzA1MTAxNzAwMDFaMCUxEjAQBgNVBAMT
-CWxvY2FsaG9zdDEPMA0GA1UEChMGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAo9dLuAbDY5jBAlx1UqsOQf480ni4BVbxOjEAL4PVBfIU4xmn
-F3Z+tAvmcd3oNc9JYYxXVq5sKA/HE5eWhVdXdQWX0IrTHraJAXvRlHuu1TSuTvuq
-7QgQVFbZdWzRfvukLoKPDm1DtI5BFJ7L83j8RJy6tyvek4KzsHtG3JKoVzoz5+Hz
-7fL7gE76Dr82uH1t9WouZ5oXS2HgBR0l9CTYxARa6OMrr/+r4w1RoYDXnrlit5Ft
-81mQAVibnei9dN3EXoECUflclQ1nip12XVuoH9GXF6AetzDsbhInYvRoxm1Q9pNz
-g/L1QswPkF5MCuSIkkwgtHazZkIWlUKqPMVtIQIDAQABoy8wLTAJBgNVHRMEAjAA
-MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsF
-AAOCAQEAuJ1ruPLP2WdRZz5bb/qgaBqADUVKJu3Ny9TsEK/oZzUwgWVc4hvsiFms
-gj/JVmXy4f36s6VLfOiDNHI6jIb31wvfduYV58Z+IUXMyj9OV4ZxqpQBqS9YK1Gq
-2AChr1wYUs+WmnNATwa4Q51ytTU4DcLdJTusZIfo5BAvnnz35QnQPsB11EEHRovA
-1bnzvG6uKAG0MjxNvXpWRUImNXrIKrbRXnvu5FDXAVMPg674g1QMhaa6SlPO5bFP
-meg4+1jH2tUMKR8qCS4KfOfbccNF/u09pRYcMJwiTXu++gCAu1il9jn0C5zxX3Ni
-GKm0/sj2BpZf9D4Kl8LppAIxcphBUg==
+MIICuTCCAaGgAwIBAgIBBTANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
+c3RDQTAeFw0xNzEyMTgyMzM4MzlaFw00NTA1MDUyMzM4MzlaMB4xHDAaBgNVBAMM
+E2xvY2FsaG9zdCwgTz1jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDLWCZThbLSJW64vQkqs+fFuwW8XldBG9WakApVSrkvwPfQc6r+7YykimJC
+2+J7WxdmpypqqGpZ/KyOu0zKaD9Qc+YB3fBjisTatkYW6P7dFPXYcQZPBmxVyUFj
+BKtMXTWqTdUn3Q2evkdsBlacCkgjzsNOneK8P3iP7CRzl4+UlzjkTnXrqhSfbjyO
+Hwq/N59l9ypInsH0MaayGXNiTbmfTb0qy8bFVXW2Y/hWyEydmLU65RaWCcxTyj6C
+++S0/xuq02wBHwAx2oEugn7YpaG9XYX3IgH7d0abIwqhtOFmt//Jm/a+DRo50S4c
+QEyp5SUFnFeZlfQMZx6wy9NKsCzNAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZI
+hvcNAQELBQADggEBACfGVmPVGMIy58J8RS0VAkin64r8onBl4c4v8vp4POBf+Gkf
+pvHN1zL3RmB0vxhxgfRC2JChS4MHsNzJM4Sk6eSE6ZoCwniGvbmeMGPWl/OLzA/V
+gdwFjAF6MFOrKjwjtaQW3BugNUe1LbVt2KHImH93qQA+nkTHddiRFVZ7xKR8DXM7
+pppVWcLX9HENHkYO2gGfFdgCa+aFI2QcxdqzThgjM3mAyRzMNf0PN40SQGxdohbL
+F+T3kLmPjqWrDshkhsOwZO9GeoIhqUuPvVqgtFSENiu8TjDjjP7qf0nC+y9afcYW
+ekyK4+xodt6AIKv0dgknZSbhMZoCaq8IOapANkA=
 -----END CERTIFICATE-----