mieps_http-2 0.8.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 13402c073dfd886f238e4f75e8ee2475581a4276
+  data.tar.gz: c3e2b71f0a64d0c26af9b1ff90c74ee9451a04a7
+SHA512:
+  metadata.gz: 4c440d093fba7be69098551f2248b3e58b6d910d687d636b0d8f0136c5eee676c74b2478237b25d3b502b16a4bc5508528a7de4b5c341ce3a720349a6ac37afc
+  data.tar.gz: c9730a5eedbcf01baaf44de42653672e4459b52411c0458b7504e14d3fdd6726e09d000c5b03f5bbd436ecb8cd733535e8037f90c4c7167d7e27d9315ca644b8

data/.autotest

@@ -0,0 +1,20 @@
+require 'autotest/growl'
+
+Autotest.add_hook(:initialize) {|at|
+  at.add_exception %r{^\.git|\.yardoc}
+  at.add_exception %r{^./tmp}
+  at.add_exception %r{coverage}
+
+  at.clear_mappings
+
+  at.add_mapping(%r%^spec/.*_spec\.rb$%) { |filename, _|
+    filename
+  }
+  at.add_mapping(%r%^lib/(.*)\.rb$%) { |_, m|
+    ["spec/#{m[1].split('/').last}_spec.rb"]
+  }
+  at.add_mapping(%r%^spec/(spec_helper|shared/.*)\.rb$%) {
+    files_matching %r%^spec/.*_spec\.rb$%
+  }
+  nil
+}

data/.coveralls.yml

@@ -0,0 +1 @@
+service_name: travis-ci

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "spec/hpack-test-case"]
+	path = spec/hpack-test-case
+	url = https://github.com/http2jp/hpack-test-case

data/.rspec

@@ -0,0 +1,4 @@
+autotest
+--color
+--format documentation
+--order rand

data/.rubocop.yml

@@ -0,0 +1,18 @@
+inherit_from: .rubocop_todo.yml
+
+AllCops:
+  DisplayCopNames: true
+  Exclude:
+    - 'bin/*'
+
+Lint/EndAlignment:
+  AlignWith: variable
+
+Style/CaseIndentation:
+  IndentWhenRelativeTo: end
+
+Style/IndentHash:
+  EnforcedStyle: consistent
+
+Style/TrailingComma:
+  EnforcedStyleForMultiline: comma

data/.rubocop_todo.yml

@@ -0,0 +1,46 @@
+# This configuration was generated by `rubocop --auto-gen-config`
+# on 2015-04-06 10:04:21 -0700 using RuboCop version 0.30.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 23
+Metrics/AbcSize:
+  Max: 186
+
+# Offense count: 16
+Metrics/BlockNesting:
+  Max: 5
+
+# Offense count: 7
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 331
+
+# Offense count: 12
+Metrics/CyclomaticComplexity:
+  Max: 60
+
+# Offense count: 349
+# Configuration parameters: AllowURI, URISchemes.
+Metrics/LineLength:
+  Max: 231
+
+# Offense count: 27
+# Configuration parameters: CountComments.
+Metrics/MethodLength:
+  Max: 134
+
+# Offense count: 1
+# Configuration parameters: CountKeywordArgs.
+Metrics/ParameterLists:
+  Max: 6
+
+# Offense count: 10
+Metrics/PerceivedComplexity:
+  Max: 46
+
+# Offense count: 7
+Style/Documentation:
+  Enabled: false

data/.travis.yml

@@ -0,0 +1,13 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.1
+  - 2.2
+  - 2.3.0
+  - jruby-9.0.0.0
+  - jruby-head
+  - rbx-2
+matrix:
+  allow_failures:
+    - rvm: jruby-head
+    - rvm: rbx-2

data/Gemfile

@@ -0,0 +1,18 @@
+source 'https://rubygems.org'
+
+gem 'rake'
+gem 'yard'
+
+group :test do
+  gem 'activesupport'
+  gem 'autotest-growl'
+  gem 'autotest-standalone'
+  gem 'coveralls', require: false
+  gem 'pry'
+  gem 'pry-byebug', platform: :mri
+  gem 'rspec'
+  gem 'rspec-autotest'
+  gem 'rubocop', '~> 0.30.0'
+end
+
+gemspec

data/README.md

@@ -0,0 +1,285 @@
+# HTTP-2
+
+[![Gem Version](https://badge.fury.io/rb/http-2.png)](http://rubygems.org/gems/http-2)
+[![Build Status](https://travis-ci.org/igrigorik/http-2.png?branch=master)](https://travis-ci.org/igrigorik/http-2)
+[![Coverage Status](https://coveralls.io/repos/igrigorik/http-2/badge.png)](https://coveralls.io/r/igrigorik/http-2)
+[![Analytics](https://ga-beacon.appspot.com/UA-71196-10/http-2/readme)](https://github.com/igrigorik/ga-beacon)
+
+Pure Ruby, framework and transport agnostic, implementation of HTTP/2 protocol and HPACK header compression with support for:
+
+* [Binary framing](http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#_binary_framing_layer) parsing and encoding
+* [Stream multiplexing](http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#HTTP2_STREAMS_MESSAGES_FRAMES) and [prioritization](http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#HTTP2_PRIORITIZATION)
+* Connection and stream [flow control](http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#_flow_control)
+* [Header compression](http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#HTTP2_HEADER_COMPRESSION) and [server push](http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#HTTP2_PUSH)
+* Connection and stream management
+* And more... see [API docs](http://www.rubydoc.info/github/igrigorik/http-2/frames)
+
+Protocol specifications:
+
+* [Hypertext Transfer Protocol Version 2 (RFC 7540)](https://httpwg.github.io/specs/rfc7540.html)
+* [HPACK: Header Compression for HTTP/2 (RFC 7541)](https://httpwg.github.io/specs/rfc7541.html)
+
+
+## Getting started
+
+```bash
+$> gem install http-2
+```
+
+This implementation makes no assumptions as how the data is delivered: it could be a regular Ruby TCP socket, your custom eventloop, or whatever other transport you wish to use - e.g. ZeroMQ, [avian carriers](http://www.ietf.org/rfc/rfc1149.txt), etc.
+
+Your code is responsible for feeding data into the parser, which performs all of the necessary HTTP/2 decoding, state management and the rest, and vice versa, the parser will emit bytes (encoded HTTP/2 frames) that you can then route to the destination. Roughly, this works as follows:
+
+```ruby
+require 'http/2'
+socket = YourTransport.new
+
+conn = HTTP2::Client.new
+conn.on(:frame) {|bytes| socket << bytes }
+
+while bytes = socket.read
+ conn << bytes
+end
+```
+
+Checkout provided [client](https://github.com/igrigorik/http-2/blob/master/example/client.rb) and [server](https://github.com/igrigorik/http-2/blob/master/example/server.rb) implementations for basic examples.
+
+
+### Connection lifecycle management
+
+Depending on the role of the endpoint you must initialize either a [Client](http://www.rubydoc.info/github/igrigorik/http-2/HTTP2/Client) or a [Server](http://www.rubydoc.info/github/igrigorik/http-2/HTTP2/Server) object. Doing so picks the appropriate header compression / decompression algorithms and stream management logic. From there, you can subscribe to connection level events, or invoke appropriate APIs to allocate new streams and manage the lifecycle. For example:
+
+```ruby
+# - Server ---------------
+server = HTTP2::Server.new
+
+server.on(:stream) { |stream| ... } # process inbound stream
+server.on(:frame)  { |bytes| ... }  # encoded HTTP/2 frames
+
+server.ping { ... } # run liveness check, process pong response
+server.goaway # send goaway frame to the client
+
+# - Client ---------------
+client = HTTP2::Client.new
+client.on(:promise) { |stream| ... } # process push promise
+
+stream = client.new_stream # allocate new stream
+stream.headers({':method' => 'post', ...}, end_stream: false)
+stream.data(payload, end_stream: true)
+```
+
+Events emitted by the connection object:
+
+<table>
+  <tr>
+    <td><b>:promise</b></td>
+    <td>client role only, fires once for each new push promise</td>
+  </tr>
+  <tr>
+    <td><b>:stream</b></td>
+    <td>server role only, fires once for each new client stream</td>
+  </tr>
+  <tr>
+    <td><b>:frame</b></td>
+    <td>fires once for every encoded HTTP/2 frame that needs to be sent to the peer</td>
+  </tr>
+</table>
+
+
+### Stream lifecycle management
+
+A single HTTP/2 connection can [multiplex multiple streams](http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#REQUEST_RESPONSE_MULTIPLEXING) in parallel: multiple requests and responses can be in flight simultaneously and stream data can be interleaved and prioritized. Further, the specification provides a well-defined lifecycle for each stream (see below).
+
+The good news is, all of the stream management, and state transitions, and error checking is handled by the library. All you have to do is subscribe to appropriate events (marked with ":" prefix in diagram below) and provide your application logic to handle request and response processing.
+
+```
+                      +--------+
+                 PP   |        |   PP
+             ,--------|  idle  |--------.
+            /         |        |         \
+           v          +--------+          v
+    +----------+          |           +----------+
+    |          |          | H         |          |
+,---|:reserved |          |           |:reserved |---.
+|   | (local)  |          v           | (remote) |   |
+|   +----------+      +--------+      +----------+   |
+|      | :active      |        |      :active |      |
+|      |      ,-------|:active |-------.      |      |
+|      | H   /   ES   |        |   ES   \   H |      |
+|      v    v         +--------+         v    v      |
+|   +-----------+          |          +-----------+  |
+|   |:half_close|          |          |:half_close|  |
+|   |  (remote) |          |          |  (local)  |  |
+|   +-----------+          |          +-----------+  |
+|        |                 v                |        |
+|        |    ES/R    +--------+    ES/R    |        |
+|        `----------->|        |<-----------'        |
+| R                   | :close |                   R |
+`-------------------->|        |<--------------------'
+                      +--------+
+```
+
+For sake of example, let's take a look at a simple server implementation:
+
+```ruby
+conn = HTTP2::Server.new
+
+# emits new streams opened by the client
+conn.on(:stream) do |stream|
+  stream.on(:active) { } # fires when stream transitions to open state
+  stream.on(:close)  { } # stream is closed by client and server
+
+  stream.on(:headers) { |head| ... } # header callback
+  stream.on(:data) { |chunk| ... }   # body payload callback
+
+  # fires when client terminates its request (i.e. request finished)
+  stream.on(:half_close) do
+
+    # ... generate_response
+
+    # send response
+    stream.headers({
+      ":status" => 200,
+      "content-type" => "text/plain"
+    })
+
+    # split response between multiple DATA frames
+    stream.data(response_chunk, end_stream: false)
+    stream.data(last_chunk)
+  end
+end
+```
+
+Events emitted by the [Stream object](http://www.rubydoc.info/github/igrigorik/http-2/HTTP2/Stream):
+
+<table>
+  <tr>
+    <td><b>:reserved</b></td>
+    <td>fires exactly once when a push stream is initialized</td>
+  </tr>
+  <tr>
+    <td><b>:active</b></td>
+    <td>fires exactly once when the stream become active and is counted towards the open stream limit</td>
+  </tr>
+  <tr>
+    <td><b>:headers</b></td>
+    <td>fires once for each received header block (multi-frame blocks are reassembled before emitting this event)</td>
+  </tr>
+  <tr>
+    <td><b>:data</b></td>
+    <td>fires once for every DATA frame (no buffering)</td>
+  </tr>
+  <tr>
+    <td><b>:half_close</b></td>
+    <td>fires exactly once when the opposing peer closes its end of connection (e.g. client indicating that request is finished, or server indicating that response is finished)</td>
+  </tr>
+  <tr>
+    <td><b>:close</b></td>
+    <td>fires exactly once when both peers close the stream, or if the stream is reset</td>
+  </tr>
+  <tr>
+    <td><b>:priority</b></td>
+    <td>fires once for each received priority update (server only)</td>
+  </tr>
+</table>
+
+
+### Prioritization
+
+Each HTTP/2 [stream has a priority value](http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#HTTP2_PRIORITIZATION) that can be sent when the new stream is initialized, and optionally reprioritized later:
+
+```ruby
+client = HTTP2::Client.new
+
+default_priority_stream = client.new_stream
+custom_priority_stream = client.new_stream(priority: 42)
+
+# sometime later: change priority value
+custom_priority_stream.reprioritize(32000) # emits PRIORITY frame
+```
+
+On the opposite side, the server can optimize its stream processing order or resource allocation by accessing the stream priority value (`stream.priority`).
+
+
+### Flow control
+
+Multiplexing multiple streams over the same TCP connection introduces contention for shared bandwidth resources. Stream priorities can help determine the relative order of delivery, but priorities alone are insufficient to control how the resource allocation is performed between multiple streams. To address this, HTTP/2 provides a simple mechanism for [stream and connection flow control](http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#_flow_control).
+
+Connection and stream flow control is handled by the library: all streams are initialized with the default window size (64KB), and send/receive window updates are automatically processed - i.e. window is decremented on outgoing data transfers, and incremented on receipt of window frames. Similarly, if the window is exceeded, then data frames are automatically buffered until window is updated.
+
+The only thing left is for your application to specify the logic as to when to emit window updates:
+
+```ruby
+conn.buffered_amount     # check amount of buffered data
+conn.window              # check current window size
+conn.window_update(1024) # increment connection window by 1024 bytes
+
+stream.buffered_amount     # check amount of buffered data
+stream.window              # check current window size
+stream.window_update(2048) # increment stream window by 2048 bytes
+```
+
+Alternatively, flow control can be disabled by emitting an appropriate settings frame on the connection:
+
+```ruby
+# limit number of concurrent streams to 100 and disable flow control
+conn.settings(streams: 100, window: Float::INFINITY)
+```
+
+### Server push
+
+An HTTP/2 server can [send multiple replies](http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#HTTP2_PUSH) to a single client request. To do so, first it emits a "push promise" frame which contains the headers of the promised resource, followed by the response to the original request, as well as promised resource payloads (which may be interleaved). A simple example is in order:
+
+```ruby
+conn = HTTP2::Server.new
+
+conn.on(:stream) do |stream|
+  stream.on(:headers) { |head| ... }
+  stream.on(:data) { |chunk| ... }
+
+  # fires when client terminates its request (i.e. request finished)
+  stream.on(:half_close) do
+    head = {
+     ":status" => 200,
+     ":path"   => "/other_resource",
+     "content-type" => "text/plain"
+    }
+
+    # initiate server push stream
+    stream.promise(head) do |push|
+      push.headers({ ... })
+      push.data(...)
+    end
+
+    # send response
+    stream.headers({
+      ":status" => 200,
+      "content-type" => "text/plain"
+    })
+
+    # split response between multiple DATA frames
+    stream.data(response_chunk, end_stream: false)
+    promise.data(payload)
+    stream.data(last_chunk)
+  end
+end
+```
+
+When a new push promise stream is sent by the server, the client is notified via the `:promise` event:
+
+```ruby
+conn = HTTP2::Client.new
+conn.on(:promise) do |push|
+  # process push stream
+end
+```
+
+The client can cancel any given push stream (via `.close`), or disable server push entirely by sending the appropriate settings frame (note that below setting only impacts server > client direction):
+
+```ruby
+client.settings(streams: 0) # setting max limit to 0 disables server push
+```
+
+### License
+
+(MIT License) - Copyright (c) 2013 Ilya Grigorik ![GA](https://www.google-analytics.com/__utm.gif?utmac=UA-71196-9&utmhn=github.com&utmdt=HTTP2&utmp=/http-2/readme)

data/Rakefile

@@ -0,0 +1,11 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+require 'yard'
+require_relative 'lib/tasks/generate_huffman_table'
+
+RSpec::Core::RakeTask.new
+RuboCop::RakeTask.new
+YARD::Rake::YardocTask.new
+
+task default: [:spec, :rubocop]

data/example/README.md

@@ -0,0 +1,40 @@
+## Interop
+
+First, a quick test to ensure that we can talk to ourselves:
+
+```bash
+# Direct connection
+$> ruby server.rb
+$> ruby client.rb http://localhost:8080/                 # GET
+$> ruby client.rb http://localhost:8080/ -d 'some data'  # POST
+
+# TLS + NPN negotiation
+$> ruby server.rb --secure
+$> ruby client.rb https://localhost:8080/                # GET
+$> ...
+```
+
+### [nghttp2](https://github.com/tatsuhiro-t/nghttp2) (HTTP/2.0 C Library)
+
+Public test server: http://106.186.112.116 (Upgrade + Direct)
+
+```bash
+# Direct request (http-2 > nghttp2)
+$> ruby client.rb http://106.186.112.116/
+
+# TLS + NPN request (http-2 > nghttp2)
+$> ruby client.rb https://106.186.112.116/
+
+# Direct request (nghttp2 > http-2)
+$> ruby server.rb
+$> nghttp -vnu http://localhost:8080       # Direct request to Ruby server
+```
+
+### Twitter (Java server)
+
+```bash
+# NPN + GET request (http-2 > twitter)
+$> ruby client.rb https://twitter.com/
+```
+
+For a complete list of current implementations, see [http2 wiki](https://github.com/http2/http2-spec/wiki/Implementations).

data/example/client.rb

@@ -0,0 +1,117 @@
+require_relative 'helper'
+
+options = {}
+OptionParser.new do |opts|
+  opts.banner = 'Usage: client.rb [options]'
+
+  opts.on('-d', '--data [String]', 'HTTP payload') do |v|
+    options[:payload] = v
+  end
+end.parse!
+
+uri = URI.parse(ARGV[0] || 'http://localhost:8080/')
+tcp = TCPSocket.new(uri.host, uri.port)
+sock = nil
+
+if uri.scheme == 'https'
+  ctx = OpenSSL::SSL::SSLContext.new
+  ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+  ctx.npn_protocols = [DRAFT]
+  ctx.npn_select_cb = lambda do |protocols|
+    puts "NPN protocols supported by server: #{protocols}"
+    DRAFT if protocols.include? DRAFT
+  end
+
+  sock = OpenSSL::SSL::SSLSocket.new(tcp, ctx)
+  sock.sync_close = true
+  sock.hostname = uri.hostname
+  sock.connect
+
+  if sock.npn_protocol != DRAFT
+    puts "Failed to negotiate #{DRAFT} via NPN"
+    exit
+  end
+else
+  sock = tcp
+end
+
+conn = HTTP2::Client.new
+conn.on(:frame) do |bytes|
+  # puts "Sending bytes: #{bytes.unpack("H*").first}"
+  sock.print bytes
+  sock.flush
+end
+conn.on(:frame_sent) do |frame|
+  puts "Sent frame: #{frame.inspect}"
+end
+conn.on(:frame_received) do |frame|
+  puts "Received frame: #{frame.inspect}"
+end
+
+stream = conn.new_stream
+log = Logger.new(stream.id)
+
+conn.on(:promise) do |promise|
+  promise.on(:headers) do |h|
+    log.info "promise headers: #{h}"
+  end
+
+  promise.on(:data) do |d|
+    log.info "promise data chunk: <<#{d.size}>>"
+  end
+end
+
+conn.on(:altsvc) do |f|
+  log.info "received ALTSVC #{f}"
+end
+
+stream.on(:close) do
+  log.info 'stream closed'
+  sock.close
+end
+
+stream.on(:half_close) do
+  log.info 'closing client-end of the stream'
+end
+
+stream.on(:headers) do |h|
+  log.info "response headers: #{h}"
+end
+
+stream.on(:data) do |d|
+  log.info "response data chunk: <<#{d}>>"
+end
+
+stream.on(:altsvc) do |f|
+  log.info "received ALTSVC #{f}"
+end
+
+head = {
+  ':scheme' => uri.scheme,
+  ':method' => (options[:payload].nil? ? 'GET' : 'POST'),
+  ':authority' => [uri.host, uri.port].join(':'),
+  ':path' => uri.path,
+  'accept' => '*/*',
+}
+
+puts 'Sending HTTP 2.0 request'
+if head[':method'] == 'GET'
+  stream.headers(head, end_stream: true)
+else
+  stream.headers(head, end_stream: false)
+  stream.data(options[:payload])
+end
+
+while !sock.closed? && !sock.eof?
+  data = sock.read_nonblock(1024)
+  # puts "Received bytes: #{data.unpack("H*").first}"
+
+  begin
+    conn << data
+  rescue => e
+    puts "#{e.class} exception: #{e.message} - closing socket."
+    e.backtrace.each { |l| puts "\t" + l }
+    sock.close
+  end
+end

data/example/helper.rb

@@ -0,0 +1,19 @@
+$LOAD_PATH << 'lib' << '../lib'
+
+require 'optparse'
+require 'socket'
+require 'openssl'
+require 'http/2'
+require 'uri'
+
+DRAFT = 'h2'
+
+class Logger
+  def initialize(id)
+    @id = id
+  end
+
+  def info(msg)
+    puts "[Stream #{@id}]: #{msg}"
+  end
+end

data/example/keys/mycert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIJANjbVITTVqaAMA0GCSqGSIb3DQEBBQUAMFAxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRgwFgYDVQQKEw9TUERZIFByb3h5
+IERlbW8xEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xNDEwMTQwNDUwMTJaFw0xNTEw
+MTQwNDUwMTJaMFAxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRgw
+FgYDVQQKEw9TUERZIFByb3h5IERlbW8xEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxv7mqzNMVVFoBjqOSUy2cNM9c6
+6gTgVLr9ssoLU0TC4biY1B/KoD7G9Ive6PwfdpipgGY+tuPHfEzBCCHD7exER1NL
+npWauo6Lwh3wOjuo5Er6klgBGFuHYx8jJ2jBwCFvTcG2zJRedU/Pby6Fa27X6acw
+faAtReG5YOHs8YRmg4ErWqfRucoM3zj8vvMWnushMhYQxo1EVLJ2EvvbHEkip4ap
+pro+2Ql0KY4XT3EoMTRHICbolK/uQYoe0musKnwCGPg2NL6e27uvi47G7GrIpcf3
+HN4HZMoOzJ8ti7IIEkF0fVTgQEVkluInfned69WCwxecMQZs5sdBuwE3Kh0CAwEA
+AaOBszCBsDAdBgNVHQ4EFgQU86bqiYciIYDN+KAPlnJL6tSbH6IwgYAGA1UdIwR5
+MHeAFPOm6omHIiGAzfigD5ZyS+rUmx+ioVSkUjBQMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKU29tZS1TdGF0ZTEYMBYGA1UEChMPU1BEWSBQcm94eSBEZW1vMRIwEAYD
+VQQDEwlsb2NhbGhvc3SCCQDY21SE01amgDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
+DQEBBQUAA4IBAQCkcr0DLPCbP5l9G0YI/XKVsUW9fXcTvge6Eko0R8qAkzTcsZQv
+DbKcIM3z52QguCuJ9k63X4p174FKq7+qmieqaifosGKV03pyyxWLMpRooUUVXEBM
+gZaRfp9VG2N4zrRaIklOSkAscnwybv2U3LZhKDlc7Yatsr1/TFkbCnzll514UnTz
+ewjrlzVitUSEkwEGvLhKQuVPM9/3MAm+ztFpx846/GZ2XJSAFQLtHudjMXnFLihA
+7nGZvE4rudyT70YsKu0BP0KjVZXrxTh81C4kyJu9xo4YuiDCFtvwtjoty0ygbuQN
+a38i0bxFlYFmbWHooNCPUWVy59MOnW9zxaTV
+-----END CERTIFICATE-----