xmlsec 0.0.1

data/ext/xmlsec/verify.c

@@ -0,0 +1,212 @@
+#include <xmlsec_ext.h>
+#include <verify.h>
+#include <errno.h>
+
+extern VALUE mXmlSec, cXmlSecError;
+
+VALUE xmlsec_is_valid_by_x509_file(VALUE self, xmlDocPtr doc, VALUE x509_file ) {
+  xmlSecKeysMngrPtr mngr;
+  xmlNodePtr node = NULL;
+  xmlSecDSigCtxPtr dsigCtx = NULL;
+
+  mngr = xmlSecKeysMngrCreate();
+
+  if(mngr == NULL) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: failed to create keys manager.\n");
+    return Qnil;
+  }
+
+  if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
+    rb_raise(rb_eRuntimeError, "Error: failed to initialize keys manager.\n");
+    return Qnil;
+  }
+
+  /* load trusted cert */
+  if(xmlSecCryptoAppKeysMngrCertLoad(mngr, StringValuePtr(x509_file), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
+    rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", StringValuePtr(x509_file));
+    return Qnil;
+  }
+
+  /* find start node */
+  node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+  if(node == NULL) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: start node not found\n");
+    return Qnil;
+  }
+
+  /* create signature context*/
+  dsigCtx = xmlSecDSigCtxCreate(mngr);
+  if(dsigCtx == NULL) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
+    rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
+    return Qnil;
+  }
+
+  /* Verify signature */
+  if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
+    rb_raise(rb_eRuntimeError, "Error: signature verify \"%s\"\n");
+    return Qnil;
+  }
+
+  /* verification result*/
+  if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
+    return Qtrue;
+  } else {
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
+    return Qfalse;
+  }
+
+}
+
+VALUE xmlsec_is_valid(VALUE self, xmlDocPtr doc) {
+  xmlNodePtr node = NULL;
+  xmlSecDSigCtxPtr dsigCtx = NULL;
+
+  /* find start node */
+  node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+  if(node == NULL) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: start node not found\n");
+    return Qnil;
+  }
+
+  /* create signature context*/
+  dsigCtx = xmlSecDSigCtxCreate(NULL);
+  if(dsigCtx == NULL) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
+    return Qnil;
+  }
+
+  /* Verify signature */
+  if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: signature verify \"%s\"\n");
+    return Qnil;
+  }
+
+  /* verification result*/
+  if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    return Qtrue;
+  } else {
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    return Qfalse;
+  }
+
+}
+
+VALUE xmlsec_is_valid_by_key(VALUE self, xmlDocPtr doc, VALUE key_file ) {
+  xmlNodePtr node = NULL;
+  xmlSecDSigCtxPtr dsigCtx = NULL;
+
+  /* find start node */
+  node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+  if(node == NULL) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: start node not found\n");
+    return Qnil;
+  }
+
+  /* create signature context*/
+  dsigCtx = xmlSecDSigCtxCreate(NULL);
+  if(dsigCtx == NULL) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
+    return Qnil;
+  }
+
+  /* load public key */
+  dsigCtx->signKey = xmlSecCryptoAppKeyLoad(StringValuePtr(key_file), xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+  if(dsigCtx->signKey == NULL) {
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: failed to load public pem key from \"%s\"\n", StringValuePtr(key_file));
+    return Qnil;
+  }
+
+  /* set key name to the file name*/
+  if(xmlSecKeySetName(dsigCtx->signKey, StringValuePtr(key_file)) < 0) {
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: failed to set key name for key from \"%s\"\n", StringValuePtr(key_file));
+    return Qnil;
+  }
+
+  /* Verify signature */
+  if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: signature verify \"%s\"\n");
+    return Qnil;
+  }
+
+  /* verification result*/
+  if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    return Qtrue;
+  } else {
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    return Qfalse;
+  }
+}
+
+static VALUE rb_xmlsec_is_valid_file(VALUE self, VALUE template_file, VALUE key_file, VALUE x509_file ) {
+  xmlDocPtr doc;
+
+  doc = xmlParseFile(StringValuePtr(template_file));
+
+  if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)) {
+    rb_raise(rb_eRuntimeError, "Error: unable to parse  template file.");
+    return;
+  }
+  if (! NIL_P(x509_file)) return xmlsec_is_valid_by_x509_file(self, doc, x509_file );
+  if (! NIL_P(key_file)) return xmlsec_is_valid_by_key(self, doc, key_file);
+  return xmlsec_is_valid(self, doc);
+}
+
+static VALUE rb_xmlsec_is_valid(VALUE self, VALUE template, VALUE key_file, VALUE x509_file ) {
+  xmlDocPtr doc;
+  doc = xmlReadMemory(
+      StringValuePtr(template),
+      RSTRING_LEN(template),
+      "noname.xml",
+      NULL,
+      0
+    );
+  if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+    rb_raise(rb_eRuntimeError, "Error: unable to parse  template.");
+    return;
+  }
+  if (! NIL_P(x509_file)) return xmlsec_is_valid_by_x509_file(self, doc, x509_file );
+  if (! NIL_P(key_file)) return xmlsec_is_valid_by_key(self, doc, key_file);
+  return xmlsec_is_valid(self, doc);
+}
+
+
+void init_xmlsec_verify(){
+
+  rb_define_singleton_method(mXmlSec, "valid_file?", rb_xmlsec_is_valid_file, 3);
+  rb_define_singleton_method(mXmlSec, "valid?", rb_xmlsec_is_valid, 3);
+
+}

data/ext/xmlsec/verify.h

@@ -0,0 +1,7 @@
+#ifndef XMLSEC_VERIFY_H
+#define XMLSEC_VERIFY_H
+
+
+void init_xmlsec_verify();
+
+#endif /* ifndef XMLSEC_VERIFY_H */

data/ext/xmlsec/xmlsec_ext.c

@@ -0,0 +1,75 @@
+#include <xmlsec_ext.h>
+
+VALUE mXmlSec, cXmlSecError;
+
+/* Ruby Extension initializer */
+void Init_xmlsec_ext() {
+#ifndef XMLSEC_NO_XSLT
+  xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+  mXmlSec      = rb_define_module("XmlSec");
+  cXmlSecError = rb_const_get(mXmlSec, rb_intern("Error"));
+
+  /* Init libxml and libxslt libraries */
+  xmlInitParser();
+  LIBXML_TEST_VERSION
+  xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+  xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+  xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+    /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+  /* disable everything */
+  xsltSecPrefs = xsltNewSecurityPrefs();
+  xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_READ_FILE,        xsltSecurityForbid);
+  xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_WRITE_FILE,       xsltSecurityForbid);
+  xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+  xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_READ_NETWORK,     xsltSecurityForbid);
+  xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_WRITE_NETWORK,    xsltSecurityForbid);
+  xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+  /* Init xmlsec library */
+  if(xmlSecInit() < 0) {
+    rb_raise(rb_eRuntimeError, "Error: xmlsec initialization failed.");
+    return;
+  }
+
+  /* Check loaded library version */
+  if(xmlSecCheckVersion() != 1) {
+    rb_raise(rb_eRuntimeError, "Error: loaded xmlsec library version is not compatible.");
+    return;
+  }
+
+/* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+  if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+    rb_raise(rb_eRuntimeError, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+                      "that you have it installed and check shared libraries path\n"
+                      "(LD_LIBRARY_PATH) envornment variable.\n");
+    return;
+  }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+  /* Init crypto library */
+  if(xmlSecCryptoAppInit(NULL) < 0) {
+    rb_raise(rb_eRuntimeError, "Error: crypto initialization failed.");
+    return;
+  }
+
+  /* Init xmlsec-crypto library */
+  if(xmlSecCryptoInit() < 0) {
+    rb_raise(rb_eRuntimeError, "Error: xmlsec-crypto initialization failed.");
+    return;
+  }
+
+  init_xmlsec_sign();
+  init_xmlsec_verify();
+}

data/ext/xmlsec/xmlsec_ext.h

@@ -0,0 +1,29 @@
+#ifndef XMLSEC_EXT_H
+#define XMLSEC_EXT_H
+
+#include <ruby.h>
+
+// libxml
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+#include <libxml/xpath.h>
+#include <libxml/xpathInternals.h>
+
+// libxslt
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+
+// xmlsec
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/templates.h>
+#include <xmlsec/crypto.h>
+#include <xmlsec/bn.h>
+
+#include <sign.h>
+#include <verify.h>
+
+#endif /* ifndef XMLSEC_EXT_H */

data/lib/xmlsec.rb

@@ -0,0 +1,9 @@
+
+require "xmlsec/version"
+
+require "xmlsec/error"
+require "xmlsec/xmlsec_ext"
+
+module XmlSec
+  # Your code goes here...
+end

data/lib/xmlsec/error.rb

@@ -0,0 +1,5 @@
+module XmlSec
+  class Error < StandardError
+
+  end
+end

data/lib/xmlsec/version.rb

@@ -0,0 +1,3 @@
+module XmlSec
+  VERSION = "0.0.1"
+end

data/spec/assets/csr.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBgTCB6wIBADBCMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5
+MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDMCRfYnC/IfqFS1e32DscDP8ZA97+d7FmMbBU59m1wtVHbjDNK
+owpSb636GwOueBmivuZhuTOsXBYlkq4zNN04EUx0kAFdDbqKThfkbehC8sK+9/Go
+ahyLgGc5rZOfG+lHDuDWN6SMbGff3dsWA5ckiLSCyPH6FyvbSot1oScnJwIDAQAB
+oAAwDQYJKoZIhvcNAQEFBQADgYEAFG95lafYpQo18bkz0YuMZ8bj/2Zq94FjX5kK
+b7T00vrUfl//3/75lcv3s/rXOn3ao3vqA6E28eodZuBhrM9HNf5WlTPJL0bSLtkL
+kSBH7p1tIAXZ4bMaUHPM1VOP7bSZDN3i97Ty8H5w+QkIzyiwx8Jzlo41HPkqY6IB
+wZTp1Pk=
+-----END CERTIFICATE REQUEST-----

data/spec/assets/private.key.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDMCRfYnC/IfqFS1e32DscDP8ZA97+d7FmMbBU59m1wtVHbjDNK
+owpSb636GwOueBmivuZhuTOsXBYlkq4zNN04EUx0kAFdDbqKThfkbehC8sK+9/Go
+ahyLgGc5rZOfG+lHDuDWN6SMbGff3dsWA5ckiLSCyPH6FyvbSot1oScnJwIDAQAB
+AoGBAIENT1PmliKOVaN7RGPZvO7FK7Rz/3L3xzwWMObUgyxCw1/GMbsHnMO/d581
+7wIvXKefb0BoT9K4/BkPybcBvNlUmp6p83ruC4HmqttwLYk73TzNdh3aDDGAy76M
+IPezi4h+p0qj2YcMS6e0k40s1VQnFNEObm68oglqZ5QLhRohAkEA5LCLa83yu9TM
+4Jicru+D2LSTS/pOPhQiivGomP5dtvMnuqQ7TyW+BSFL53WzdMt6g4Fk81j0PiRX
+DVGarAMtjQJBAORm0/FGLzIQhr72wck+AXiHtOG6Kp4ASQ+QGiKLGnvKvkGi8Vmo
+9PQ3Qw7OtXv7HO/5PGWe+BgElsOOZkPQOIMCQQCGHUsGY/cwVHH6XUW2Cd0Gn4+q
+hRaRrXk8htBbOQF4o0zvVhU6K2Yu2AINsacWnaYxrRao58gFEYbD1tGggxSZAkAy
+Tp/SHdZZXaCAQVOPotOqG6HwshOe94sgHWpUP3VW3OIpDN3CFN/XRrDDey4oH7hQ
+9wGhlHEqwR//9MZ7m0pHAkBRkPX/nPtbf/AzkimhcVvod7ef5UswEK0/2uunzF3o
+VaQN6L3gRkkzt8zgtk+F4QvMvrRTluXKmGkTzq67xHn9
+-----END RSA PRIVATE KEY-----

data/spec/assets/private.passw.key.pem

@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4DFDCA7B39063EEF
+
+TvgI/+eQRvga99c1Bo8cR+njTIw4jdgDYExi20wgX9PAQpmSW941XU+XaaqClb3X
+gRUa79dWNFrrfQfNg2WFDKXOUfibbo1/icZIb2eTkIIucq3fTEO+Lqr+LC7RiCAw
+KdK0yjdjyNDlisyn6yF71bldlhMb+RvOxv3pWMpCQWkFAgE4LVjjfGxLSA2I8J27
+4A9NC02kCnyNzL2QdM0ILnl/OYOLPCaWoJHrhAeTdpdUCerYUz/5pFKw6ez+2gf/
+ZVeWDwB1COuA3QIoCJC+JeGENtUIDfnntErbh0dd1dhmZ9E1keo/igsCL85m/Tc4
+mWeCKvyyi2VeGqxZa3by/ZYXP4GzRCZhuNXqNN6g2aMzliNWulkHMEpg8OVX+lQj
+KN45GcJpW1qI8Cm6lJgCITDq/1kccMyNI1nNenq1sXBJ0nJk0bGglJ+5lcvoUw68
+OfFP4vBVg/GfjwFvlp49EY+9OKfh99jRhQcToCBBkrzrl2+sfkW1w6mf6xQO1h6+
+Z//hQq3uOjOl5ZVZFEqX1jBkGp//vUcKOyDXbDec7Ixr5J0Y5PKMvqOeSqJiL6cT
+oSFJwCaVhg3t/vR/CJyc7ijBlI6isITyvsiod4Yk0JkEsHwg2TOJeosC+GFERJNy
+NEbzBQcEmezIPVqJiKftBTwKl6A0nliRZwL8/9wmvhCwWxwHejItuQVb1M2P8ASb
+GUpuvnynTzHw62nuP9IRteCjJu5hYzKlTs07BsNaXXScS3npsC/6tqZskaylywjY
+QbSlsyDjbIgI2+ZwuBoVMHdMtYoI6ohvncZYZwAgAOMVh2YCQ34MvQ==
+-----END RSA PRIVATE KEY-----

data/spec/assets/public.key.pem

@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMCRfYnC/IfqFS1e32DscDP8ZA
+97+d7FmMbBU59m1wtVHbjDNKowpSb636GwOueBmivuZhuTOsXBYlkq4zNN04EUx0
+kAFdDbqKThfkbehC8sK+9/GoahyLgGc5rZOfG+lHDuDWN6SMbGff3dsWA5ckiLSC
+yPH6FyvbSot1oScnJwIDAQAB
+-----END PUBLIC KEY-----

data/spec/assets/signed.test.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+     XML Security Library test file
+-->
+<Service version="2.0">
+  <Data>
+   <str>	Hello, World! The euro sign (ą) </str>
+   <smfing>
+    <!-- XML Security Library test file -->
+    <test1 somettr="VALUE"/>
+    <TEST2 SOMETTR="VALUE"/>
+   </smfing>
+  </Data>
+<Security><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
+<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<Reference>
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<DigestValue>cWRQ7e5Hp3G/m+AsreGhIefcB0A=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>lxGeNKU+RS7T8DsAT+ZlPxO/e0OLiq1tIUiZ1LWYLB3RxACvnre15pNniRCjXRrZ
+He6Kr+0xrqhfQLVPqHi0Gj7z8Ac0sTdICCCxJTzq1YQ2PhSRgXT8TGeXzVI4VIMp
+D0ypoBWhtOLvwaCpiX4mHZ3NjpqbrdNcxVGnoGh5Dm0=</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>MIIB+zCCAWQCCQCNDSfdaw1XODANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJY
+WDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh
+bnkgTHRkMB4XDTEyMDMxMjE0MjExNVoXDTEzMDMxMjE0MjExNVowQjELMAkGA1UE
+BhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBD
+b21wYW55IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzAkX2JwvyH6h
+UtXt9g7HAz/GQPe/nexZjGwVOfZtcLVR24wzSqMKUm+t+hsDrngZor7mYbkzrFwW
+JZKuMzTdOBFMdJABXQ26ik4X5G3oQvLCvvfxqGoci4BnOa2TnxvpRw7g1jekjGxn
+393bFgOXJIi0gsjx+hcr20qLdaEnJycCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBA
+8qZt/THE1SmLZ/55yTh3rxgcfdlJzk+iE9VYd9aseGHSbZmOEDjmtF6hNJBYw/BI
+oxAOVnMI6cuAbNe5ydub5YeelyJGrlPEcIs+lm2GkUCRFZd4krVO4r2wptD0KP8a
+5iD8CBI9Bl39pXP7k6pEM1UVPUfxyT/h7I2dpqxp+Q==</X509Certificate>
+</X509Data>
+</KeyInfo>
+</Signature></Security></Service>