diff options
Diffstat (limited to 'testdata/proxy_protocol.tdir')
| -rw-r--r-- | testdata/proxy_protocol.tdir/proxy_protocol.conf | 34 | ||||
| -rw-r--r-- | testdata/proxy_protocol.tdir/proxy_protocol.dsc | 16 | ||||
| -rw-r--r-- | testdata/proxy_protocol.tdir/proxy_protocol.post | 12 | ||||
| -rw-r--r-- | testdata/proxy_protocol.tdir/proxy_protocol.pre | 66 | ||||
| -rw-r--r-- | testdata/proxy_protocol.tdir/proxy_protocol.test | 12 | ||||
| -rw-r--r-- | testdata/proxy_protocol.tdir/proxy_protocol.test.scenario | 193 | ||||
| -rw-r--r-- | testdata/proxy_protocol.tdir/proxy_protocol.testns | 23 | ||||
| -rw-r--r-- | testdata/proxy_protocol.tdir/unbound_server.key | 39 | ||||
| -rw-r--r-- | testdata/proxy_protocol.tdir/unbound_server.pem | 22 |
9 files changed, 417 insertions, 0 deletions
diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.conf b/testdata/proxy_protocol.tdir/proxy_protocol.conf new file mode 100644 index 000000000000..c5fa0ab332ff --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.conf @@ -0,0 +1,34 @@ +server: + verbosity: 5 + num-threads: 1 + interface: 127.0.0.1@@PORT@ + interface: 127.0.0.1@@PROXYPORT@ + interface: 127.0.0.1@@PROXYTLSPORT@ + interface: @INTERFACE_ALLOW_ADDR@@@PORT@ + interface: @INTERFACE_ALLOW_ADDR@@@PROXYPORT@ + interface: @INTERFACE_ALLOW_ADDR@@@PROXYTLSPORT@ + interface: @INTERFACE_REFUSE_ADDR@@@PORT@ + interface: @INTERFACE_REFUSE_ADDR@@@PROXYPORT@ + interface: @INTERFACE_REFUSE_ADDR@@@PROXYTLSPORT@ + proxy-protocol-port: @PROXYPORT@ + proxy-protocol-port: @PROXYTLSPORT@ + tls-port: @PROXYTLSPORT@ + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + + # 127.0.0.0/8 is allowed by default. + access-control: @CLIENT_ADDR_ALLOW@/32 allow + access-control: @CLIENT_ADDR_REFUSE@/32 refuse + access-control: @CLIENT_ADDR_ALLOW6@/128 allow + access-control: @CLIENT_ADDR_REFUSE6@/128 refuse + access-control: @INTERFACE_ALLOW_ADDR@/32 allow + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.dsc b/testdata/proxy_protocol.tdir/proxy_protocol.dsc new file mode 100644 index 000000000000..34155f0350d9 --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.dsc @@ -0,0 +1,16 @@ +BaseName: proxy_protocol +Version: 1.0 +Description: Test proxy protocol +CreationDate: Mon Mar 14 16:17:00 CET 2022 +Maintainer: Yorgos Thessalonikefs +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: proxy_protocol.pre +Post: proxy_protocol.post +Test: proxy_protocol.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.post b/testdata/proxy_protocol.tdir/proxy_protocol.post new file mode 100644 index 000000000000..cbf56bbd924c --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.post @@ -0,0 +1,12 @@ +# #-- proxy_protocol.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +cat unbound.log +exit 0 diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.pre b/testdata/proxy_protocol.tdir/proxy_protocol.pre new file mode 100644 index 000000000000..01cf357f53b7 --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.pre @@ -0,0 +1,66 @@ +# #-- proxy_protocol.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +# This test uses the unshare utility +if test ! -x "`which unshare 2>&1`"; then + skip_test "no unshare (from util-linux package) available, skip test" +fi + +get_make +(cd $PRE; $MAKE streamtcp) + +get_random_port 4 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +PROXY_PORT=$(($RND_PORT + 2)) +PROXY_TLS_PORT=$(($RND_PORT + 3)) + +INTERFACE_ALLOW=eth123 +INTERFACE_ALLOW_ADDR=10.1.2.3 +INTERFACE_REFUSE=eth234 +INTERFACE_REFUSE_ADDR=10.2.3.4 + +CLIENT_ADDR_ALLOW=1.2.3.4 +CLIENT_ADDR_ALLOW6=2001:db8::cafe:cafe +CLIENT_ADDR_REFUSE=5.6.7.8 +CLIENT_ADDR_REFUSE6=2001:db8::dead:beef + +# make config file +sed \ + -e 's/@PORT\@/'$UNBOUND_PORT'/' \ + -e 's/@TOPORT\@/'$FWD_PORT'/' \ + -e 's/@PROXYPORT\@/'$PROXY_PORT'/' \ + -e 's/@PROXYTLSPORT\@/'$PROXY_TLS_PORT'/' \ + -e 's/@INTERFACE_ALLOW_ADDR\@/'$INTERFACE_ALLOW_ADDR'/' \ + -e 's/@INTERFACE_REFUSE_ADDR\@/'$INTERFACE_REFUSE_ADDR'/' \ + -e 's/@CLIENT_ADDR_ALLOW\@/'$CLIENT_ADDR_ALLOW'/' \ + -e 's/@CLIENT_ADDR_ALLOW6\@/'$CLIENT_ADDR_ALLOW6'/' \ + -e 's/@CLIENT_ADDR_REFUSE\@/'$CLIENT_ADDR_REFUSE'/' \ + -e 's/@CLIENT_ADDR_REFUSE6\@/'$CLIENT_ADDR_REFUSE6'/' \ + < proxy_protocol.conf > ub.conf + +if test -x "`which bash`"; then + shell="bash" +else + shell="sh" +fi + +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test +echo "PROXY_TLS_PORT=$PROXY_TLS_PORT" >> .tpkg.var.test +echo "INTERFACE_ALLOW=$INTERFACE_ALLOW" >> .tpkg.var.test +echo "INTERFACE_ALLOW_ADDR=$INTERFACE_ALLOW_ADDR" >> .tpkg.var.test +echo "INTERFACE_REFUSE=$INTERFACE_REFUSE" >> .tpkg.var.test +echo "INTERFACE_REFUSE_ADDR=$INTERFACE_REFUSE_ADDR" >> .tpkg.var.test +echo "CLIENT_ADDR_ALLOW=$CLIENT_ADDR_ALLOW" >> .tpkg.var.test +echo "CLIENT_ADDR_ALLOW6=$CLIENT_ADDR_ALLOW6" >> .tpkg.var.test +echo "CLIENT_ADDR_REFUSE=$CLIENT_ADDR_REFUSE" >> .tpkg.var.test +echo "CLIENT_ADDR_REFUSE6=$CLIENT_ADDR_REFUSE6" >> .tpkg.var.test +echo "shell=$shell" >> .tpkg.var.test diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.test b/testdata/proxy_protocol.tdir/proxy_protocol.test new file mode 100644 index 000000000000..3f65e293267d --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.test @@ -0,0 +1,12 @@ +# #-- proxy_protocol.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +# Run the scenario in an unshared namespace +unshare -rUn $shell proxy_protocol.test.scenario +exit $? diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.test.scenario b/testdata/proxy_protocol.tdir/proxy_protocol.test.scenario new file mode 100644 index 000000000000..0b8fe6efad22 --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.test.scenario @@ -0,0 +1,193 @@ +# #-- proxy_protocol.test.scenario --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +ip addr add 127.0.0.1 dev lo +ip link set lo up + +ip link add $INTERFACE_ALLOW type dummy +ip addr add $INTERFACE_ALLOW_ADDR dev $INTERFACE_ALLOW +ip link set $INTERFACE_ALLOW up + +ip link add $INTERFACE_REFUSE type dummy +ip addr add $INTERFACE_REFUSE_ADDR dev $INTERFACE_REFUSE +ip link set $INTERFACE_REFUSE up + +# start forwarder in the background +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT proxy_protocol.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + +# call streamtcp and check return value +do_streamtcp () { + $PRE/streamtcp $* A IN >outfile 2>&1 + if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 + fi +} + +send_query () { + server=$1 + client=$2 + prot=$3 + query=$4 + echo -n "> query $query to $server" + port=$UNBOUND_PORT + if test ! -z "$client"; then + port=$PROXY_PORT + fi + case $prot in + -u) + echo -n " (over UDP)" + ;; + -s) + echo -n " (over TLS)" + port=$PROXY_TLS_PORT + ;; + *) + echo -n " (over TCP)" + esac + if test ! -z "$client"; then + echo -n " ($client proxied)" + fi + echo + do_streamtcp $prot -f $server@$port $client $query + #cat outfile +} + +expect_answer () { + #query=$1 + #answer=$2 + if grep "$query" outfile | grep "$answer"; then + echo "content OK" + echo + else + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "result contents not OK" + exit 1 + fi +} + +expect_refuse () { + if grep "rcode: REFUSE" outfile; then + echo "content OK" + echo + else + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "result contents not OK" + exit 1 + fi +} + +# Start the test + +# Query without PROXYv2 +# Client localhost +# Expect the result back +server=127.0.0.1 +client="" +query="two.example.net." +answer="2.2.2.2" +for prot in "-u" ""; do + send_query "$server" "$client" "$prot" "$query" + expect_answer +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_ALLOW should be allowed +# Expect the result back +server=127.0.0.1 +client="-p $CLIENT_ADDR_ALLOW@1234" +query="one.example.net." +answer="1.1.1.1" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_answer +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_ALLOW6 should be allowed +# Expect the result back +server=127.0.0.1 +client="-p $CLIENT_ADDR_ALLOW6@1234" +query="one.example.net." +answer="1.1.1.1" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_answer +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_REFUSE should be refused +# Expect the REFUSE back +server=127.0.0.1 +client="-p $CLIENT_ADDR_REFUSE" +query="one.example.net." +answer="" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_refuse +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_REFUSE6 should be refused +# Expect the REFUSE back +server=127.0.0.1 +client="-p $CLIENT_ADDR_REFUSE6" +query="one.example.net." +answer="" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_refuse +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be allowed +# Expect the result back +server=$INTERFACE_ALLOW_ADDR +client="-p $CLIENT_ADDR_ALLOW@1234" +query="one.example.net." +answer="1.1.1.1" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_answer +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be refused +# Expect the REFUSE back +server=$INTERFACE_REFUSE_ADDR +client="-p $CLIENT_ADDR_ALLOW@1234" +query="one.example.net." +answer="" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_refuse +done + +echo "OK" +exit 0 + diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.testns b/testdata/proxy_protocol.tdir/proxy_protocol.testns new file mode 100644 index 000000000000..176bc936a260 --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.testns @@ -0,0 +1,23 @@ +; nameserver test file +$ORIGIN example.net. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR RD RA NOERROR +ADJUST copy_id +SECTION QUESTION +one IN A +SECTION ANSWER +one IN A 1.1.1.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR RD RA NOERROR +ADJUST copy_id +SECTION QUESTION +two IN A +SECTION ANSWER +two IN A 2.2.2.2 +ENTRY_END diff --git a/testdata/proxy_protocol.tdir/unbound_server.key b/testdata/proxy_protocol.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/proxy_protocol.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/proxy_protocol.tdir/unbound_server.pem b/testdata/proxy_protocol.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/proxy_protocol.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- |