Add tests for certificates from Belgian and Finnish ID-cards

WE2-1026

Signed-off-by: Sven Mitt <[email protected]>

Author: svenzik

src/test/java/eu/webeid/security/testutil/AuthTokenValidators.java

@@ -94,6 +94,25 @@ public static AuthTokenValidator getAuthTokenValidatorWithDisallowedESTEIDPolicy
             .build();
     }
 
+    public static AuthTokenValidator getAuthTokenValidatorForBelgianIdCard() throws CertificateException, IOException, JceException {
+        return getAuthTokenValidatorBuilder(TOKEN_ORIGIN_URL, CertificateLoader.loadCertificatesFromResources("eID TEST EC Citizen CA.cer"))
+            .withOcspRequestTimeout(Duration.ofSeconds(1))
+            .withNonceDisabledOcspUrls(URI.create("http://example.org"))
+            .withoutUserCertificateRevocationCheckWithOcsp()
+            .build();
+    }
+
+    public static AuthTokenValidator getAuthTokenValidatorForFinnishIdCard() throws CertificateException, IOException, JceException {
+        return getAuthTokenValidatorBuilder(
+                TOKEN_ORIGIN_URL,
+                CertificateLoader.loadCertificatesFromResources("DVV TEST Certificates - G5E.crt", "VRK TEST CA for Test Purposes - G4.crt")
+            )
+            .withOcspRequestTimeout(Duration.ofSeconds(1))
+            .withNonceDisabledOcspUrls(URI.create("http://example.org"))
+            .withoutUserCertificateRevocationCheckWithOcsp()
+            .build();
+    }
+
     public static AuthTokenValidatorBuilder getDefaultAuthTokenValidatorBuilder() throws CertificateException, IOException {
         return getAuthTokenValidatorBuilder(TOKEN_ORIGIN_URL, getCACertificates());
     }

src/test/java/eu/webeid/security/validator/AuthTokenCertificateBelgianIdCardTest.java

@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2020-2024 Estonian Information System Authority
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package eu.webeid.security.validator;
+
+import static eu.webeid.security.testutil.DateMocker.mockDate;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.mockito.Mockito.mockStatic;
+
+import eu.webeid.security.authtoken.WebEidAuthToken;
+import eu.webeid.security.exceptions.AuthTokenException;
+import eu.webeid.security.testutil.AbstractTestWithValidator;
+import eu.webeid.security.testutil.AuthTokenValidators;
+import eu.webeid.security.util.DateAndTime;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.MockedStatic;
+
+class AuthTokenCertificateBelgianIdCardTest extends AbstractTestWithValidator {
+
+    private static final String BELGIAN_TEST_ID_CARD_AUTH_TOKEN =
+        "{\"algorithm\":\"RS256\"," +
+        "\"unverifiedCertificate\":\"MIID7zCCA3WgAwIBAgIQEAAAAAAA8evx/gAAAAHu2TAKBggqhkjOPQQDAzAuMQswCQYDVQQGEwJCRTEfMB0GA1UEAwwWZUlEIFRFU1QgRUMgQ2l0aXplbiBDQTAeFw0yMzA5MjYyMjAwMDBaFw0zMzA5MjYyMjAwMDBaMHYxCzAJBgNVBAYTAkJFMScwJQYDVQQDDB5Ob3JhIFNwZWNpbWVuIChBdXRoZW50aWNhdGlvbikxETAPBgNVBAQMCFNwZWNpbWVuMRUwEwYDVQQqDAxOb3JhIEFuZ8OobGUxFDASBgNVBAUTCzAxMDUwMzk5ODY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/JkeHwt4rQhx/QrpPSCLUd98YxiZRvtKyo1glLiByNvDu7D6Jgg70tj2wlrwn3X0c8Rz/Yy3SgLIPzc92ptvaJG0H52cecRKABzDKwn9Qf/ZwsasDkKnprx0KUbiTaBU9Se1AEim5hyG4naahcfQJo+SwvIMhjIVPk1l1B+fbwRBlYG+LoJXdLSwoYRWArnf+4vx2PXR1nrmfLDw0NrtuNQy637O58DSL2XGd0+jKpQfYCBrqN0B26zA2RU0Uzb0ztEf4VXYH26dmv+bqwpXdPQYPQ7elNFXzFCRnmgJfxt4aKSkGZ2sQFWrKeIRxzVizLFDnfW8TSV5S4tuwYSMwIDAQABo4IBYDCCAVwwHwYDVR0jBBgwFoAU3bN/45oZjlnJEVYCLfX6nW/ehEswDgYDVR0PAQH/BAQDAgeAMEkGA1UdIARCMEAwPgYHYDgMAQECAjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNjYXJkcy5iZS9jZXJ0MBMGA1UdJQQMMAoGCCsGAQUFBwMCMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9laWRkZXZjYXJkcy56ZXRlc2NhcmRzLmJlL2NybC9jaXRpemVuY2FFQy5jcmwwgYEGCCsGAQUFBwEBBHUwczA+BggrBgEFBQcwAoYyaHR0cDovL2VpZGRldmNhcmRzLnpldGVzY2FyZHMuYmUvY2VydC9yb290Y2FFQy5jcnQwMQYIKwYBBQUHMAGGJWh0dHA6Ly9laWRkZXZjYXJkcy56ZXRlc2NhcmRzLmJlOjg4ODgwCgYIKoZIzj0EAwMDaAAwZQIwL3Mp3pSlxfjUQ6zlsAwLHBbs1//7vPiqx//IcyUZYuVXZ00KG8MelmaMNbmzDVxaAjEAnqHxkwV5sSDwQCUbb6Tofaypm+DO6C2LriHS5r+s84x2Eq+s+lAJ1L4WkcgsKxns\"," +
+        "\"appVersion\":\"https://web-eid.eu/web-eid-app/releases/2.0.0+0\"," +
+        "\"signature\":\"arx164xRiwhIQDINe0J+ZxJWZFOQTx0PBtOaWaxAe7gofEIHRIbV1w0sOCYBJnvmvMem9hU4nc2+iJx2x8poYck4Z6eI3GwtiksIec3XQ9ZIk1n/XchXnmPn3GYV+HzJ\"," +
+        "\"format\":\"web-eid:1\"}";
+
+    private MockedStatic<DateAndTime.DefaultClock> mockedClock;
+
+    @Override
+    @BeforeEach
+    protected void setup() {
+        super.setup();
+        mockedClock = mockStatic(DateAndTime.DefaultClock.class);
+        // Ensure that the certificates do not expire.
+        mockDate("2024-12-24", mockedClock);
+    }
+
+    @AfterEach
+    void tearDown() {
+        mockedClock.close();
+    }
+
+    @Test
+    void whenBelgianExampleIdCardSignatureCertificateIsValidated_thenValidationSucceeds() throws AuthTokenException, CertificateException, IOException {
+        AuthTokenValidator validator = AuthTokenValidators.getAuthTokenValidatorForBelgianIdCard();
+        final WebEidAuthToken token = validator.parse(BELGIAN_TEST_ID_CARD_AUTH_TOKEN);
+        assertThatCode(() -> validator
+            .validate(token, VALID_CHALLENGE_NONCE))
+            .doesNotThrowAnyException();
+    }
+
+}

src/test/java/eu/webeid/security/validator/AuthTokenCertificateFinnishIdCardTest.java

@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2020-2024 Estonian Information System Authority
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package eu.webeid.security.validator;
+
+import static eu.webeid.security.testutil.DateMocker.mockDate;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.mockStatic;
+
+import eu.webeid.security.authtoken.WebEidAuthToken;
+import eu.webeid.security.exceptions.AuthTokenException;
+import eu.webeid.security.exceptions.AuthTokenParseException;
+import eu.webeid.security.testutil.AbstractTestWithValidator;
+import eu.webeid.security.testutil.AuthTokenValidators;
+import eu.webeid.security.util.DateAndTime;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.MockedStatic;
+
+class AuthTokenCertificateFinnishIdCardTest extends AbstractTestWithValidator {
+
+    private static final String FINNISH_TEST_ID_CARD_BACKMAN_JUHANI_AUTH_TOKEN =
+        "{\"algorithm\":\"ES384\"," +
+        "\"unverifiedCertificate\":\"MIIEOjCCA7+gAwIBAgIEBhwJHTAMBggqhkjOPQQDAwUAMHgxCzAJBgNVBAYTAkZJMSkwJwYDVQQKDCBEaWdpLSBqYSB2YWVzdG90aWV0b3ZpcmFzdG8gVEVTVDEYMBYGA1UECwwPVGVzdGl2YXJtZW50ZWV0MSQwIgYDVQQDDBtEVlYgVEVTVCBDZXJ0aWZpY2F0ZXMgLSBHNUUwHhcNMjMwMTI1MjIwMDAwWhcNMjgwMTIzMjE1OTU5WjB5MQswCQYDVQQGEwJGSTESMBAGA1UEBRMJOTk5MDIwMDE2MQ8wDQYDVQQqDAZKVUhBTkkxGTAXBgNVBAQMEFNQRUNJTUVOLUJBQ0tNQU4xKjAoBgNVBAMMIVNQRUNJTUVOLUJBQ0tNQU4gSlVIQU5JIDk5OTAyMDAxNjB2MBAGByqGSM49AgEGBSuBBAAiA2IABKq3yVI9NYmZwV2Matvk6yXFLLYn087ldhvl1AfCRoV8mTGhmL+y/R4DzaTeTrS9epEUcR9x2697h6DLBUkiOlAcI3nN92RJgNlBOCdvBdNcYgx57njSJHde4Rsm5gmLLqOCAhUwggIRMB8GA1UdIwQYMBaAFBKet+Iox/OUaou9Tcb0wjaXUkIIMB0GA1UdDgQWBBS8olmlfP/C700H4k/wLPrKX513QzAOBgNVHQ8BAf8EBAMCA4gwgc0GA1UdIASBxTCBwjCBvwYKKoF2hAVjCoJgATCBsDAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5maW5laWQuZmkvY3BzOTkvMIGEBggrBgEFBQcCAjB4GnZWYXJtZW5uZXBvbGl0aWlra2Egb24gc2FhdGF2aWxsYSAtIENlcnRpZmlrYXRwb2xpY3kgZmlubnMgLSBDZXJ0aWZpY2F0ZSBwb2xpY3kgaXMgYXZhaWxhYmxlIGh0dHA6Ly93d3cuZmluZWlkLmZpL2Nwczk5MDAGA1UdEQQpMCeBJVMxSnVoYW5pMDQ5LlNQRUNJTUVOLUJhY2ttYW5AdGVzdGkuZmkwDwYDVR0TAQH/BAUwAwEBADA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vcHJveHkuZmluZWlkLmZpL2NybC9kdnZ0cDVlYy5jcmwwcgYIKwYBBQUHAQEEZjBkMDIGCCsGAQUFBzAChiZodHRwOi8vcHJveHkuZmluZWlkLmZpL2NhL2R2dnRwNWVjLmNydDAuBggrBgEFBQcwAYYiaHR0cDovL29jc3B0ZXN0LmZpbmVpZC5maS9kdnZ0cDVlYzAMBggqhkjOPQQDAwUAA2cAMGQCMClSh2MQZVYZyKfgmntQxuVUtQvIIqs8aOdsKpla4wt/IU6hMbGEAfIv4AzLXLsS5QIwUcjlY8BCj4+x84ihAqqHNIle6kyKek/Tj994SjQBmUadtyUSDvg8O5MppKvgJCNV\"," +
+        "\"appVersion\":\"https://web-eid.eu/web-eid-app/releases/2.0.0+0\"," +
+        "\"signature\":\"arx164xRiwhIQDINe0J+ZxJWZFOQTx0PBtOaWaxAe7gofEIHRIbV1w0sOCYBJnvmvMem9hU4nc2+iJx2x8poYck4Z6eI3GwtiksIec3XQ9ZIk1n/XchXnmPn3GYV+HzJ\"," +
+        "\"format\":\"web-eid:1\"}";
+
+    private static final String FINNISH_TEST_ID_CARD_BABAFO_VELI_AUTH_TOKEN =
+        "{\"algorithm\":\"RS256\"," +
+        "\"unverifiedCertificate\":\"MIIGfDCCBGSgAwIBAgIEBgzM/jANBgkqhkiG9w0BAQ0FADB5MQswCQYDVQQGEwJGSTEjMCEGA1UECgwaVmFlc3RvcmVraXN0ZXJpa2Vza3VzIFRFU1QxGDAWBgNVBAsMD1Rlc3RpdmFybWVudGVldDErMCkGA1UEAwwiVlJLIFRFU1QgQ0EgZm9yIFRlc3QgUHVycG9zZXMgLSBHNDAeFw0yMDA2MDgwNjUwMjhaFw0yNTA1MjIyMDU5NTlaMHUxCzAJBgNVBAYTAkZJMRIwEAYDVQQFEwk5OTkwMTExMkgxDTALBgNVBCoMBFZFTEkxGTAXBgNVBAQMEFNQRUNJTUVOLUJBQkFGw5YxKDAmBgNVBAMMH1NQRUNJTUVOLUJBQkFGw5YgVkVMSSA5OTkwMTExMkgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqIgAEE3XvFvRruqDKdQacfCstkNMNZSKC0lj/zTpJbzF4SzoQAw9RJnZ2TAZEFQ+K7RhQpc7vIcdSEtFT4Qvqak2z79r8wO82c8IkeWmo412FgUzUNJcXA0fYcPQsYuociefQvGINrWWWMdHFZYvMlMgRL9VSgEjxN0JZ/+5sZW6IjFfy0VvKWH2jkDPA/eoX7boMzPx+sNlAIjvsZYgup313l1QYWwHQe3MjhJHcEKY+fXWI0zxiFFFJretr1atso2jqUc0vl0zaZImttj8h0DC6IlcieizT3HEf/yAjxMrnUYmAPexLQGspAk2J7UO8DGV/5z8rwfa5YPDgrcJtAgMBAAGjggIOMIICCjAfBgNVHSMEGDAWgBQ9mqO1+BUR7xHK68dcTZOAssc/wTAdBgNVHQ4EFgQUDWLtdQXSHmoD5CAjnCoFSKiLHnswDgYDVR0PAQH/BAQDAgSwMIHOBgNVHSAEgcYwgcMwgcAGCiqBdoQFYwqBSgEwgbEwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZmluZWlkLmZpL2Nwczk5LzCBhQYIKwYBBQUHAgIweRp3VmFybWVubmVwb2xpdGlpa2thIG9uIHNhYXRhdmlsbGEgLSBDZXJ0aWZpa2F0IHBvbGljeSBmaW5ucyAtIENlcnRpZmljYXRlIHBvbGljeSBpcyBhdmFpbGFibGUgaHR0cDovL3d3dy5maW5laWQuZmkvY3BzOTkwLQYDVR0RBCYwJIEiZzR2ZWxpMTEyLnNwZWNpbWVuLWJhYmFmb0B0ZXN0aS5maTAPBgNVHRMBAf8EBTADAQEAMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9wcm94eS5maW5laWQuZmkvY3JsL3Zya3RwNGMuY3JsMG4GCCsGAQUFBwEBBGIwYDAwBggrBgEFBQcwAoYkaHR0cDovL3Byb3h5LmZpbmVpZC5maS9jYS92cmt0cDQuY3J0MCwGCCsGAQUFBzABhiBodHRwOi8vb2NzcHRlc3QuZmluZWlkLmZpL3Zya3RwNDANBgkqhkiG9w0BAQ0FAAOCAgEAkj0Hm/egBQ2LTpzP+DexrRJZcnGbqqg2zoh0uK6Gt+Pc2Z1phe6/kyCh/WdbJcGqz4z8NZNFsse74VjyZupwDeX7VW/763XikOYoOMiLmdmC2EBMbTb1cjzEoyc/+VrfH2tqO6qJXf0LjaXdE9t6tGfbjH2XiJNuzLQCfnfc6kUrAfQCH1xkaaEBFHicpYVfkGxt2urDjeeG8caxFFiZrxMvWTy/zYub8ZMqked11JUgs5t0ycP8+zfSlehBDAhsv954JvfE7VZG+YpP3XXVUp/2rZzlOnXnjCqd0VsLSLNG5wzvjZ0+da2HDsdKtYrWAfjfueFLUbu9jJ+xIokYFOGxMM0frfQBms7Yk6UK1P7fdrcJRtbZVdEIEtDsx7sjPt892omX0ORmsVYUv2NZNqZaGKWNwQFCOL7W+1WQVpLpUBYEy9XKV5GYhzKj0BnfZJoGSWNhMavhJVanl5cjCCT4Md2MlV3yo2Wjrn7YY82IwpVK4nPPIK+rlG6agwIllQfejWrgEK+//rdnOrm/W+ryucfRS8Y6kIw+7IIiqpJsCb/vyny4wkfobdykidpnsiHS10dkaQ01fhN2GrdHcsVXviZCPvM5YTOht4tb+M0qNPdzs1ROgmWL+glH8N7dKn2m3XLBsuROGajGFMdkN9xkdlQ6KO8WJqT46o9RH6c=\"," +
+        "\"appVersion\":\"https://web-eid.eu/web-eid-app/releases/2.0.0+0\"," +
+        "\"signature\":\"arx164xRiwhIQDINe0J+ZxJWZFOQTx0PBtOaWaxAe7gofEIHRIbV1w0sOCYBJnvmvMem9hU4nc2+iJx2x8poYck4Z6eI3GwtiksIec3XQ9ZIk1n/XchXnmPn3GYV+HzJ\"," +
+        "\"format\":\"web-eid:1\"}";
+
+    private MockedStatic<DateAndTime.DefaultClock> mockedClock;
+
+    @Override
+    @BeforeEach
+    protected void setup() {
+        super.setup();
+
+        mockedClock = mockStatic(DateAndTime.DefaultClock.class);
+        // Ensure that the certificates do not expire.
+        mockDate("2024-12-24", mockedClock);
+    }
+
+    @AfterEach
+    void tearDown() {
+        mockedClock.close();
+    }
+
+    @Test
+    void whenFinishIdCardSignatureCertificateWithG5IsValidated_thenValidationSucceeds() throws AuthTokenException, CertificateException, IOException {
+        AuthTokenValidator validator = AuthTokenValidators.getAuthTokenValidatorForFinnishIdCard();
+        final WebEidAuthToken token = validator.parse(FINNISH_TEST_ID_CARD_BACKMAN_JUHANI_AUTH_TOKEN);
+        assertThatCode(() -> validator
+            .validate(token, VALID_CHALLENGE_NONCE))
+            .doesNotThrowAnyException();
+    }
+
+    @Test
+    void whenFinishIdCardSignatureCertificateWithG4IsValidated_thenValidationSucceeds() throws AuthTokenException, CertificateException, IOException {
+        AuthTokenValidator validator = AuthTokenValidators.getAuthTokenValidatorForFinnishIdCard();
+        final WebEidAuthToken token = validator.parse(FINNISH_TEST_ID_CARD_BABAFO_VELI_AUTH_TOKEN);
+        assertThatThrownBy(() -> validator
+            .validate(token, VALID_CHALLENGE_NONCE))
+            .isInstanceOf(AuthTokenParseException.class)
+            .doesNotThrowAnyException();
+    }
+
+}

src/test/resources/DVV TEST Certificates - G5E.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKTCCAq+gAwIBAgIIcND8I1qptLUwCgYIKoZIzj0EAwMwKzELMAkGA1UEBhMC
+QkUxHDAaBgNVBAMME2VJRCBURVNUIEVDIFJvb3QgQ0EwIBcNMDcwNDMwMjIwMDIw
+WhgPMjA4NzA0MTAyMjAwMjBaMC4xCzAJBgNVBAYTAkJFMR8wHQYDVQQDDBZlSUQg
+VEVTVCBFQyBDaXRpemVuIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJAiNoOQf
+Y0r8N6JVPMLedXyRZ7MwppGwQ9ZxFzLjVsbeKuUvqEFR0yKKyEidXc875m4UF5lR
+pf/FSWagg2IXGWrypnRZkgnNVP6s5W2LzKdV09hd6v7O8j/8knfHOj+No4IBmTCC
+AZUwHQYDVR0OBBYEFN2zf+OaGY5ZyRFWAi31+p1v3oRLMB8GA1UdIwQYMBaAFCHA
+clfKHAQEGR3ZjH4+tYPrrBwCMA4GA1UdDwEB/wQEAwIBBjBIBgNVHSAEQTA/MD0G
+BmA4DAEBAjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNj
+YXJkcy5iZS9jZXJ0MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDBCBgNV
+HR8EOzA5MDegNaAzhjFodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNjYXJkcy5iZS9j
+cmwvcm9vdGNhRUMuY3JsMIGBBggrBgEFBQcBAQR1MHMwPgYIKwYBBQUHMAKGMmh0
+dHA6Ly9laWRkZXZjYXJkcy56ZXRlc2NhcmRzLmJlL2NlcnQvcm9vdGNhRUMuY3J0
+MDEGCCsGAQUFBzABhiVodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNjYXJkcy5iZTo4
+ODg4MBIGA1UdEwEB/wQIMAYBAf8CAQAwCgYIKoZIzj0EAwMDaAAwZQIxAOMiiByF
+0aLEA6zUrobMw7aSH5o2u1hGVMe0AL4ezYztRdfxvXVU+m1JosBVBDDjeAIwYJJN
+7bLWw8BVi/lkxRjKL/+zAJP6djGywXI1pVh4HKb0D+tipq5StO+QnM8cnPmg
+-----END CERTIFICATE-----