From accdb5e71446bc8a4d9263cce5fd10e15255d90a Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Fri, 13 Dec 2013 10:23:23 -0600 Subject: [PATCH 001/160] Implement LDAP directory searching --- auth-ldap/authentication.php | 109 ++++++++++++++++++++++++----------- 1 file changed, 76 insertions(+), 33 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index e8b45fd4..261a1be0 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -16,7 +16,8 @@ function splat($what) { } require_once(INCLUDE_DIR.'class.auth.php'); -class LDAPAuthentication extends AuthenticationBackend { +class LDAPAuthentication extends AuthenticationBackend + implements AuthDirectorySearch { static $name = "Active Directory or LDAP"; static $id = "ldap"; @@ -39,7 +40,7 @@ class LDAPAuthentication extends AuthenticationBackend { 'mobile' => false, 'username' => 'sAMAccountName', 'dn' => '{username}@{domain}', - 'search' => '(&(objectCategory=person)(objectClass=user)(sAMAccountName={q}*))', + 'search' => '(&(objectCategory=person)(objectClass=user)(|(sAMAccountName={q}*)(firstName={q}*)(lastName={q}*)(displayName={q}*)))', ), 'group' => array( 'ismember' => '(&(objectClass=user)(sAMAccountName={username}) @@ -59,7 +60,7 @@ class LDAPAuthentication extends AuthenticationBackend { 'mobile' => 'mobileTelephoneNumber', 'username' => 'uid', 'dn' => 'uid={username},{search_base}', - 'search' => '(&(objectClass=posixAccount)(uid={q}*))', + 'search' => '(&(objectClass=posixAccount)(|(uid={q}*)(displayName={q}*)(cn={q}*)))', ), ), ); @@ -147,10 +148,23 @@ function getConnection() { $r = $c->bind(); if (!PEAR::isError($r)) return $c; - var_dump($r); } } + /** + * Binds to the directory under the search-user credentials configured + */ + function _bind($connection) { + if ($dn = $this->getConfig()->get('bind_dn')) { + $pw = Crypto::decrypt($this->getConfig()->get('bind_pw'), + SECRET_SALT, $this->getConfig()->getNamespace()); + $r = $connection->bind($dn, $pw); + unset($pw); + return !PEAR::isError($r); + } + return false; + } + function authenticate($username, $password=null) { // Thanks, http://stackoverflow.com/a/764651 // Binding with an empty password implies an anonymous bind which @@ -219,21 +233,42 @@ function getSchema($connection) { return '2307'; } - function supportsLookup() { return true; } + function lookup($lookup_dn) { + $c = $this->getConnection(); + // TODO: Include bind information + $users = array(); + if (!$this->_bind($c)) + return $users; + + $schema = static::$schemas[$this->getSchema($c)]; + $schema = $schema['user']; + $opts = array( + 'scope' => 'base', + 'sizelimit' => 1, + 'attributes' => array_filter(flatten(array( + $schema['first'], $schema['last'], $schema['full'], + $schema['phone'], $schema['mobile'], $schema['email'], + $schema['username'], + ))) + ); + $r = $c->search($lookup_dn, '(objectClass=*)', $opts); + if ($r->count()) { + return $this->_getUserInfoArray($r->current(), $schema); + } + else + return array(); + } - function supportsSearch() { return true; } function search($query) { + if (strlen($query) < 3) + return array(); + $c = $this->getConnection(); // TODO: Include bind information $users = array(); - if ($dn = $this->getConfig()->get('bind_dn')) { - $pw = Crypto::decrypt($this->getConfig()->get('bind_pw'), - SECRET_SALT, $this->getConfig()->getNamespace()); - $r = $c->bind($dn, $pw); - unset($pw); - if (PEAR::isError($r)) - return $users; - } + if (!$this->_bind($c)) + return $users; + $schema = static::$schemas[$this->getSchema($c)]; $schema = $schema['user']; $r = $c->search( @@ -242,31 +277,15 @@ function search($query) { array('attributes' => array_filter(flatten(array( $schema['first'], $schema['last'], $schema['full'], $schema['phone'], $schema['mobile'], $schema['email'], - $schema['username'] + $schema['username'], 'dn', )))) ); // XXX: Log or return some kind of error? if (PEAR::isError($r)) return $users; - foreach ($r as $e) { - // Detect first and last name if only full name is given - if (!($first = $e->getValue($schema['first'])) - || !($last = $e->getValue($schema['last']))) { - $name = new PersonsName($this->_getValue($e, $schema['full'])); - $first = $name->getFirst(); - $last = $name->getLast(); - } - $users[] = array( - 'username' => $this->_getValue($e, $schema['username']), - 'first' => $first, - 'last' => $last, - 'email' => $this->_getValue($e, $schema['email']), - 'phone' => $this->_getValue($e, $schema['phone']), - 'mobile' => $this->_getValue($e, $schema['mobile']), - 'backend' => static::$id, - ); - } + foreach ($r as $e) + $users[] = $this->_getUserInfoArray($e, $schema); return $users; } @@ -286,6 +305,30 @@ function _getValue($entry, $names) { return $val; } + function _getUserInfoArray($e, $schema) { + // Detect first and last name if only full name is given + if (!($first = $e->getValue($schema['first'])) + || !($last = $e->getValue($schema['last']))) { + $name = new PersonsName($this->_getValue($e, $schema['full'])); + $first = $name->getFirst(); + $last = $name->getLast(); + } + else + $name = "$first $last"; + + return array( + 'username' => $this->_getValue($e, $schema['username']), + 'first' => $first, + 'last' => $last, + 'name' => $name, + 'email' => $this->_getValue($e, $schema['email']), + 'phone' => $this->_getValue($e, $schema['phone']), + 'mobile' => $this->_getValue($e, $schema['mobile']), + 'backend' => static::$id, + 'id' => static::$id . ':' . $e->dn(), + ); + } + } require_once(INCLUDE_DIR.'class.plugin.php'); From 1aaa2e32e45a73a4d7a4512bf2eb1d308889bfa9 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Fri, 13 Dec 2013 15:42:37 -0600 Subject: [PATCH 002/160] Implement user lookup on authenticate If the search_base is not defined or not correct for the user being authenticated and a search user and password is given and is correct, attempt to lookup the user's DN and authenticate as the found DN with the given password. --- auth-ldap/authentication.php | 38 ++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 261a1be0..ddeba345 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -41,6 +41,7 @@ class LDAPAuthentication extends AuthenticationBackend 'username' => 'sAMAccountName', 'dn' => '{username}@{domain}', 'search' => '(&(objectCategory=person)(objectClass=user)(|(sAMAccountName={q}*)(firstName={q}*)(lastName={q}*)(displayName={q}*)))', + 'lookup' => '(&(objectCategory=person)(objectClass=user)(sAMAccountName={q}))', ), 'group' => array( 'ismember' => '(&(objectClass=user)(sAMAccountName={username}) @@ -61,6 +62,7 @@ class LDAPAuthentication extends AuthenticationBackend 'username' => 'uid', 'dn' => 'uid={username},{search_base}', 'search' => '(&(objectClass=posixAccount)(|(uid={q}*)(displayName={q}*)(cn={q}*)))', + 'lookup' => '(&(objectClass=posixAccount)(uid={q}))', ), ), ); @@ -202,6 +204,28 @@ function($match) use ($username, $domain, $config) { $r = $c->bind($dn, $password); if (!PEAR::isError($r)) return $this->lookupAndSync($username); + + // Another effort is to search for the user + if (!$this->_bind($c)) + return null; + + $r = $c->search( + $this->getSearchBase(), + str_replace('{q}', $username, $schema['lookup']), + array('sizelimit' => 1) + ); + if (PEAR::isError($r) || !$r->count()) + return null; + + // Attempt to bind as the DN of the user looked up with the password + // specified + $r = $c->bind($r->current()->dn(), $password); + if (PEAR::isError($r)) + return null; + + // TODO: Save the DN in the config table so a lookup isn't necessary + // in the future + return $this->lookupAndSync($username); } function lookupAndSync($username) { @@ -235,10 +259,8 @@ function getSchema($connection) { function lookup($lookup_dn) { $c = $this->getConnection(); - // TODO: Include bind information - $users = array(); if (!$this->_bind($c)) - return $users; + return null; $schema = static::$schemas[$this->getSchema($c)]; $schema = $schema['user']; @@ -252,11 +274,10 @@ function lookup($lookup_dn) { ))) ); $r = $c->search($lookup_dn, '(objectClass=*)', $opts); - if ($r->count()) { - return $this->_getUserInfoArray($r->current(), $schema); - } - else - return array(); + if (PEAR::isError($r) || !$r->count()) + return null; + + return $this->_getUserInfoArray($r->current(), $schema); } function search($query) { @@ -326,6 +347,7 @@ function _getUserInfoArray($e, $schema) { 'mobile' => $this->_getValue($e, $schema['mobile']), 'backend' => static::$id, 'id' => static::$id . ':' . $e->dn(), + 'dn' => $e->dn(), ); } From ac403643dbed8b0d7ba04be10f067bfc7a734b47 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Wed, 18 Dec 2013 11:19:36 -0600 Subject: [PATCH 003/160] auth-passthru: Fix Active Directory username match --- auth-passthru/plugin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-passthru/plugin.php b/auth-passthru/plugin.php index 4f484062..1a1f9d0c 100644 --- a/auth-passthru/plugin.php +++ b/auth-passthru/plugin.php @@ -16,9 +16,9 @@ function signOn() { if ($username) { // Support ActiveDirectory domain specification with either // "user@domain" or "domain\user" formats - if (strpos('@', $username) !== false) + if (strpos($username, '@') !== false) list($username, $domain) = explode('@', $username, 2); - elseif (strpos('\\', $username) !== false) + elseif (strpos($username, '\\') !== false) list($domain, $username) = explode('\\', $username, 2); $username = trim(strtolower($username)); From 691be0dfbdaaec161f1224613579c0a8712bd068 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 23 Dec 2013 13:39:12 -0600 Subject: [PATCH 004/160] Add telephoneNumber lookup for Active Directory Add the "Telephone Number" field on the "General" tab of the Windows user manager dialog to the "Phone Number" field of the user-to-be-created when adding users from the LDAP directory into the system. --- auth-ldap/authentication.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index ddeba345..1d42e6e1 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -26,6 +26,7 @@ class LDAPAuthentication extends AuthenticationBackend * * References: * http://www.kouti.com/tables/userattributes.htm (AD) + * https://fsuid.fsu.edu/admin/lib/WinADLDAPAttributes.html (AD) */ static $schemas = array( 'msad' => array( @@ -36,7 +37,7 @@ class LDAPAuthentication extends AuthenticationBackend 'last' => 'lastName', 'full' => 'displayName', 'email' => 'mail', - 'phone' => false, + 'phone' => 'telephoneNumber', 'mobile' => false, 'username' => 'sAMAccountName', 'dn' => '{username}@{domain}', From 5dd31340a7ba88afbbac2bbb9e1f2b10230e654c Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Wed, 1 Jan 2014 13:25:27 -0600 Subject: [PATCH 005/160] auth-ldap: Fix incorrect usage of unconfigured dns If the DNS servers were not considered, the empty string would be interpreted as a list of one DNS server with an empty IP address. Therefore, the name servers specified in the system DNS configuration would not be used. This patch corrects the issue by filtering empty DNS server specifications. --- auth-ldap/authentication.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 1d42e6e1..1483b905 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -112,7 +112,7 @@ function getServers() { || !($servers = preg_split('/\s+/', $servers))) { if ($domain = $this->getConfig()->get('domain')) { $dns = preg_split('/,?\s+/', $this->getConfig()->get('dns')); - return $this->autodiscover($domain, $dns); + return $this->autodiscover($domain, array_filter($dns)); } } if ($servers) { From ff82153252a2bd001ce8c651ef979c3debbc4737 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Fri, 17 Jan 2014 18:50:52 +0000 Subject: [PATCH 006/160] Limit HttpAuthentication to staff's backend --- auth-passthru/plugin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-passthru/plugin.php b/auth-passthru/plugin.php index 1a1f9d0c..63a644f0 100644 --- a/auth-passthru/plugin.php +++ b/auth-passthru/plugin.php @@ -1,7 +1,7 @@ Date: Fri, 17 Jan 2014 14:26:46 -0600 Subject: [PATCH 007/160] Add plugin builder script to create PHAR files --- make.php | 329 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 329 insertions(+) create mode 100644 make.php diff --git a/make.php b/make.php new file mode 100644 index 00000000..58e9ff5c --- /dev/null +++ b/make.php @@ -0,0 +1,329 @@ +short, $this->long) = array_slice($options, 0, 2); + $this->help = (isset($options['help'])) ? $options['help'] : ""; + $this->action = (isset($options['action'])) ? $options['action'] + : "store"; + $this->dest = (isset($options['dest'])) ? $options['dest'] + : substr($this->long, 2); + $this->type = (isset($options['type'])) ? $options['type'] + : 'string'; + $this->const = (isset($options['const'])) ? $options['const'] + : null; + $this->default = (isset($options['default'])) ? $options['default'] + : null; + $this->metavar = (isset($options['metavar'])) ? $options['metavar'] + : 'var'; + $this->nargs = (isset($options['nargs'])) ? $options['nargs'] + : 1; + } + + function hasArg() { + return $this->action != 'store_true' + && $this->action != 'store_false'; + } + + function handleValue(&$destination, $args) { + $nargs = 0; + $value = ($this->hasArg()) ? array_shift($args) : null; + if ($value[0] == '-') + $value = null; + elseif ($value) + $nargs = 1; + if ($this->type == 'int') + $value = (int)$value; + switch ($this->action) { + case 'store_true': + $value = true; + break; + case 'store_false': + $value = false; + break; + case 'store_const': + $value = $this->const; + break; + case 'append': + if (!isset($destination[$this->dest])) + $destination[$this->dest] = array($value); + else { + $T = &$destination[$this->dest]; + $T[] = $value; + $value = $T; + } + break; + case 'store': + default: + break; + } + $destination[$this->dest] = $value; + return $nargs; + } + + function toString() { + $short = explode(':', $this->short); + $long = explode(':', $this->long); + if ($this->nargs === '?') + $switches = sprintf(' %s [%3$s], %s[=%3$s]', $short[0], + $long[0], $this->metavar); + elseif ($this->hasArg()) + $switches = sprintf(' %s %3$s, %s=%3$s', $short[0], $long[0], + $this->metavar); + else + $switches = sprintf(" %s, %s", $short[0], $long[0]); + $help = preg_replace('/\s+/', ' ', $this->help); + if (strlen($switches) > 23) + $help = "\n" . str_repeat(" ", 24) . $help; + else + $switches = str_pad($switches, 24); + $help = wordwrap($help, 54, "\n" . str_repeat(" ", 24)); + return $switches . $help; + } +} + +class OutputStream { + var $stream; + + function OutputStream() { + call_user_func_array(array($this, '__construct'), func_get_args()); + } + function __construct($stream) { + $this->stream = fopen($stream, 'w'); + } + + function write($what) { + fwrite($this->stream, $what); + } +} + +class Module { + + var $options = array(); + var $arguments = array(); + var $prologue = ""; + var $epilog = ""; + var $usage = '$script [options] $args [arguments]'; + var $autohelp = true; + var $module_name; + + var $stdout; + var $stderr; + + var $_options; + var $_args; + + function Module() { + call_user_func_array(array($this, '__construct'), func_get_args()); + } + + function __construct() { + $this->options['help'] = array("-h","--help", + 'action'=>'store_true', + 'help'=>"Display this help message"); + foreach ($this->options as &$opt) + $opt = new Option($opt); + $this->stdout = new OutputStream('php://output'); + $this->stderr = new OutputStream('php://stderr'); + } + + function showHelp() { + if ($this->prologue) + echo $this->prologue . "\n\n"; + + global $argv; + $manager = @$argv[0]; + + echo "Usage:\n"; + echo " " . str_replace( + array('$script', '$args'), + array($manager ." ". $this->module_name, implode(' ', array_keys($this->arguments))), + $this->usage) . "\n"; + + ksort($this->options); + if ($this->options) { + echo "\nOptions:\n"; + foreach ($this->options as $name=>$opt) + echo $opt->toString() . "\n"; + } + + if ($this->arguments) { + echo "\nArguments:\n"; + foreach ($this->arguments as $name=>$help) + echo $name . "\n " . wordwrap( + preg_replace('/\s+/', ' ', $help), 76, "\n ")."\n"; + } + + if ($this->epilog) { + echo "\n\n"; + $epilog = preg_replace('/\s+/', ' ', $this->epilog); + echo wordwrap($epilog, 76, "\n"); + } + + echo "\n"; + } + + function fail($message, $showhelp=false) { + $this->stderr->write($message . "\n"); + if ($showhelp) + $this->showHelp(); + die(); + } + + function getOption($name, $default=false) { + $this->parseOptions(); + if (isset($this->_options[$name])) + return $this->_options[$name]; + elseif (isset($this->options[$name]) && $this->options[$name]->default) + return $this->options[$name]->default; + else + return $default; + } + + function getArgument($name, $default=false) { + $this->parseOptions(); + if (isset($this->_args[$name])) + return $this->_args[$name]; + return $default; + } + + function parseOptions() { + if (is_array($this->_options)) + return; + + global $argv; + list($this->_options, $this->_args) = + $this->parseArgs(array_slice($argv, 1)); + + foreach (array_keys($this->arguments) as $idx=>$name) + if (!isset($this->_args[$idx])) + $this->optionError($name . " is a required argument"); + else + $this->_args[$name] = &$this->_args[$idx]; + + foreach ($this->options as $name=>$opt) + if (!isset($this->_options[$name])) + $this->_options[$name] = $opt->default; + + if ($this->autohelp && $this->getOption('help')) { + $this->showHelp(); + die(); + } + } + + function optionError($error) { + echo "Error: " . $error . "\n\n"; + $this->showHelp(); + die(); + } + + function _run($module_name) { + $this->module_name = $module_name; + $this->parseOptions(); + return $this->run($this->_args, $this->_options); + } + + /* abstract */ + function run($args, $options) { + } + + /* static */ + function register($action, $class) { + global $registered_modules; + $registered_modules[$action] = new $class(); + } + + /* static */ function getInstance($action) { + global $registered_modules; + return $registered_modules[$action]; + } + + function parseArgs($argv) { + $options = $args = array(); + $argv = array_slice($argv, 0); + while ($arg = array_shift($argv)) { + if (strpos($arg, '=') !== false) { + list($arg, $value) = explode('=', $arg, 2); + array_unshift($argv, $value); + } + $found = false; + foreach ($this->options as $opt) { + if ($opt->short == $arg || $opt->long == $arg) { + if ($opt->handleValue($options, $argv)) + array_shift($argv); + $found = true; + } + } + if (!$found && $arg[0] != '-') + $args[] = $arg; + } + return array($options, $args); + } +} + +class PluginBuilder extends Module { + var $prologue = + "Inspects, tests, and builds a plugin PHAR file"; + + var $arguments = array( + 'action' => "What to do with the plugin", + 'plugin' => "Plugin to be compiled", + ); + + var $options = array( + 'sign' => array('-S','--sign', 'metavar'=>'KEY', 'help'=> + 'Sign the compiled PHAR file with the provided OpenSSL private + key file'), + ); + + function run($args, $options) { + $plugin = $args['plugin']; + + if (!file_exists($plugin)) + $this->fail("Plugin folder '$plugin' does not exist"); + + switch (strtolower($args['action'])) { + case 'build': + $this->_build($plugin, $options); + break; + default: + $this->fail("Unsupported MAKE action. See help"); + } + } + + function _build($plugin, $options) { + @unlink("$plugin.phar"); + $phar = new Phar("$plugin.phar"); + + if ($options['sign']) { + if (!function_exists('openssl_get_privatekey')) + $this->fail('OpenSSL extension required for signing'); + $private = openssl_get_privatekey( + file_get_contents($options['sign'])); + $pkey = ''; + openssl_pkey_export($private, $pkey); + $phar->setSignatureAlgorithm(Phar::OPENSSL, $pkey); + } + + $phar->buildFromDirectory($plugin); + $phar->setStub(''); # parseOptions(); +$builder->_run(basename(__file__)); + +?> + From e5fdaa4048027998593393ed05fe7e730c4a43f3 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Fri, 17 Jan 2014 19:08:12 +0000 Subject: [PATCH 008/160] Make LDAPAuthentication abtract This is necessary so we can split Staff/User authentication. --- auth-ldap/authentication.php | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 1483b905..cf28b2e0 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -16,7 +16,7 @@ function splat($what) { } require_once(INCLUDE_DIR.'class.auth.php'); -class LDAPAuthentication extends AuthenticationBackend +abstract class LDAPAuthentication extends AuthenticationBackend implements AuthDirectorySearch { static $name = "Active Directory or LDAP"; static $id = "ldap"; @@ -229,12 +229,6 @@ function($match) use ($username, $domain, $config) { return $this->lookupAndSync($username); } - function lookupAndSync($username) { - if (($user = new StaffSession($username)) && $user->getId()) - return $user; - // TODO: Auto-create users, etc. - } - /** * Retrieve currently configured LDAP schema, perhaps by inspecting the * server's advertised DSE information @@ -352,15 +346,35 @@ function _getUserInfoArray($e, $schema) { ); } + abstract function lookupAndSync($username); + } +class StaffLDAPAuthentication extends LDAPAuthentication { + + function lookupAndSync($username) { + if (($user = new StaffSession($username)) && $user->getId()) + return $user; + // TODO: Auto-create users, etc. + } +} + +class ClientLDAPAuthentication extends LDAPAuthentication { + + //TODO: implement once we support client logins + function lookupAndSync($username) { + return null; + } +} + + require_once(INCLUDE_DIR.'class.plugin.php'); require_once('config.php'); class LdapAuthPlugin extends Plugin { var $config_class = 'LdapConfig'; function bootstrap() { - AuthenticationBackend::register(new LDAPAuthentication($this->getConfig())); + StaffAuthenticationBackend::register(new StaffLDAPAuthentication($this->getConfig())); } } From ee8fdf0783129e0d2ac14aa2602ec276a8f53e24 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Fri, 17 Jan 2014 16:28:54 -0600 Subject: [PATCH 009/160] Allow LDAP auth to be used for clients too (For when we get there) --- auth-ldap/authentication.php | 41 ++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index cf28b2e0..9e16cd69 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -16,10 +16,7 @@ function splat($what) { } require_once(INCLUDE_DIR.'class.auth.php'); -abstract class LDAPAuthentication extends AuthenticationBackend - implements AuthDirectorySearch { - static $name = "Active Directory or LDAP"; - static $id = "ldap"; +class LDAPAuthentication { /** * LDAP typical schema variations @@ -276,9 +273,6 @@ function lookup($lookup_dn) { } function search($query) { - if (strlen($query) < 3) - return array(); - $c = $this->getConnection(); // TODO: Include bind information $users = array(); @@ -346,12 +340,6 @@ function _getUserInfoArray($e, $schema) { ); } - abstract function lookupAndSync($username); - -} - -class StaffLDAPAuthentication extends LDAPAuthentication { - function lookupAndSync($username) { if (($user = new StaffSession($username)) && $user->getId()) return $user; @@ -359,14 +347,31 @@ function lookupAndSync($username) { } } -class ClientLDAPAuthentication extends LDAPAuthentication { +class StaffLDAPAuthentication extends StaffAuthenticationBackend + implements AuthDirectorySearch { - //TODO: implement once we support client logins - function lookupAndSync($username) { - return null; + static $name = "Active Directory or LDAP"; + static $id = "ldap"; + + function __construct($config) { + $this->_ldap = new LDAPAuthentication($config); + } + + function authenticate($username, $password=false, $errors=array()) { + return $this->_ldap->authenticate($username, $password); + } + + function lookup($dn) { + return $this->_ldap->lookup($dn); } -} + function search($query) { + if (strlen($query) < 3) + return array(); + + return $this->_ldap->search($query); + } +} require_once(INCLUDE_DIR.'class.plugin.php'); require_once('config.php'); From 113915cce050a44595255b0183eaba21bd5deea3 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Fri, 17 Jan 2014 17:10:46 -0600 Subject: [PATCH 010/160] Fixup user searches for LDAP --- auth-ldap/authentication.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 9e16cd69..6a2b0230 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -334,8 +334,6 @@ function _getUserInfoArray($e, $schema) { 'email' => $this->_getValue($e, $schema['email']), 'phone' => $this->_getValue($e, $schema['phone']), 'mobile' => $this->_getValue($e, $schema['mobile']), - 'backend' => static::$id, - 'id' => static::$id . ':' . $e->dn(), 'dn' => $e->dn(), ); } @@ -362,14 +360,24 @@ function authenticate($username, $password=false, $errors=array()) { } function lookup($dn) { - return $this->_ldap->lookup($dn); + $hit = $this->_ldap->lookup($dn); + if ($hit) { + $hit['backend'] = static::$id; + $hit['id'] = static::$id . ':' . $hit['dn']; + } + return $hit; } function search($query) { if (strlen($query) < 3) return array(); - return $this->_ldap->search($query); + $hits = $this->_ldap->search($query); + foreach ($hits as &$h) { + $h['backend'] = static::$id; + $h['id'] = static::$id . ':' . $h['dn']; + } + return $hits; } } From e1f7f0507bde42865ca79c5b423c1c82d3415763 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Fri, 31 Jan 2014 08:39:29 -0600 Subject: [PATCH 011/160] ldap: Allow specification of extremely long DNs Previously the DN length was capped at 80 chars. This patch allows specification of up to 120 chars. --- auth-ldap/config.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 80a18141..4d3fa9dc 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -53,7 +53,7 @@ function getOptions() { 'label' => 'Search User', 'hint' => 'Bind DN (distinguised name) to bind to the LDAP server as in order to perform searches', - 'configuration' => array('size'=>40, 'length'=>80), + 'configuration' => array('size'=>40, 'length'=>120), )), 'bind_pw' => new TextboxField(array( 'widget' => 'PasswordWidget', @@ -64,7 +64,7 @@ function getOptions() { 'search_base' => new TextboxField(array( 'label' => 'Search Base', 'hint' => 'Used when searching for users', - 'configuration' => array('size'=>70, 'length'=>80), + 'configuration' => array('size'=>70, 'length'=>120), )), 'schema' => new ChoiceField(array( 'label' => 'LDAP Schema', From 12c495a6f957a9b271a115108e47e91bfe7ee33c Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Fri, 31 Jan 2014 17:53:57 -0600 Subject: [PATCH 012/160] Bump auth-ldap version --- auth-ldap/plugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index 9554e5b0..6047eb77 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -2,7 +2,7 @@ return array( 'id' => 'auth:ldap', # notrans - 'version' => '0.1', + 'version' => '0.2', 'name' => 'LDAP Authentication and Lookup', 'author' => 'Jared Hancock', 'description' => 'Provides a configurable authentication backend From b1557703353de7c78d5a481fc96259c7cb73de3a Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 3 Feb 2014 11:34:14 -0600 Subject: [PATCH 013/160] ldap: Ensure domain name is a FQDN --- auth-ldap/config.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 4d3fa9dc..1884c8d4 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -15,6 +15,12 @@ function getOptions() { 'label' => 'Default Domain', 'hint' => 'Default domain used in authentication and searches', 'configuration' => array('size'=>40), + 'validators' => array( + function($self, $val) { + if (strpos($val, '.') === false) + $self->addError( + 'Fully-qualified domain name is expected'); + }), )), 'dns' => new TextboxField(array( 'label' => 'DNS Servers', From 3700f0ee5c787fefa203c6eeff9c848bd4933958 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 3 Feb 2014 11:36:37 -0600 Subject: [PATCH 014/160] ldap: Ensure DNS is a comma-separated IP list --- auth-ldap/config.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 1884c8d4..91703f94 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -29,6 +29,15 @@ function($self, $val) { this web server or does not have its DNS configured to point to the AD servers', 'configuration' => array('size'=>40), + 'validators' => array( + function($self, $val) { + if (!$val) return; + $servers = explode(',', $val); + foreach ($servers as $s) { + if (!Validator::is_ip(trim($s))) + $self->addError($s.': Expected an IP address'); + } + }), )), 'ldap' => new SectionBreakField(array( From be2000f127bec1a03d0a90c675d0b699bd0bdb2d Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Wed, 19 Feb 2014 09:40:57 -0600 Subject: [PATCH 015/160] Bump LDAP version --- auth-ldap/plugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index 6047eb77..c067af47 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -2,7 +2,7 @@ return array( 'id' => 'auth:ldap', # notrans - 'version' => '0.2', + 'version' => '0.3', 'name' => 'LDAP Authentication and Lookup', 'author' => 'Jared Hancock', 'description' => 'Provides a configurable authentication backend From cdf242f529281c301f2ec107375d069fcded35b9 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 3 Mar 2014 10:41:30 -0600 Subject: [PATCH 016/160] ldap: Increase default domain length Also search for inetOrgPerson objectClass objects for standard LDAP systems rather than assuming that all users have the posixAccount class as well. --- auth-ldap/authentication.php | 6 +++--- auth-ldap/config.php | 2 +- auth-ldap/plugin.php | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 6a2b0230..6fe7e62c 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -50,7 +50,7 @@ class LDAPAuthentication { // A general approach for RFC-2307 '2307' => array( 'user' => array( - 'filter' => '(objectClass=posixAccount)', + 'filter' => '(objectClass=inetOrgPerson)', 'first' => 'gn', 'last' => 'sn', 'full' => array('displayName', 'gecos', 'cn'), @@ -59,8 +59,8 @@ class LDAPAuthentication { 'mobile' => 'mobileTelephoneNumber', 'username' => 'uid', 'dn' => 'uid={username},{search_base}', - 'search' => '(&(objectClass=posixAccount)(|(uid={q}*)(displayName={q}*)(cn={q}*)))', - 'lookup' => '(&(objectClass=posixAccount)(uid={q}))', + 'search' => '(&(objectClass=inetOrgPerson)(|(uid={q}*)(displayName={q}*)(cn={q}*)))', + 'lookup' => '(&(objectClass=inetOrgPerson)(uid={q}))', ), ), ); diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 91703f94..6f08ff07 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -14,7 +14,7 @@ function getOptions() { 'domain' => new TextboxField(array( 'label' => 'Default Domain', 'hint' => 'Default domain used in authentication and searches', - 'configuration' => array('size'=>40), + 'configuration' => array('size'=>40, 'length'=>60), 'validators' => array( function($self, $val) { if (strpos($val, '.') === false) diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index c067af47..90795110 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -2,7 +2,7 @@ return array( 'id' => 'auth:ldap', # notrans - 'version' => '0.3', + 'version' => '0.4', 'name' => 'LDAP Authentication and Lookup', 'author' => 'Jared Hancock', 'description' => 'Provides a configurable authentication backend From 8c4d0605d8cee068905fe43e5a95a3aaf7451e9d Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 3 Mar 2014 10:52:05 -0600 Subject: [PATCH 017/160] storage-fs: Support reading by block size --- storage-fs/plugin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/storage-fs/plugin.php b/storage-fs/plugin.php index 5c32f6f1..fa3d79db 100644 --- a/storage-fs/plugin.php +++ b/storage-fs/plugin.php @@ -10,7 +10,7 @@ class FilesystemStorage extends FileStorageBackend { var $fp = null; static $base; - function read($bytes=32768, $offset=false) { + function read($bytes=false, $offset=false) { $hash = $this->meta->getKey(); $filename = $this->getPath($hash); if (!$this->fp) @@ -19,7 +19,7 @@ function read($bytes=32768, $offset=false) { throw new IOException($filename.': Unable to open for reading'); if ($offset) fseek($this->fp, $offset); - if (($status = @fread($this->fp, $bytes)) === false) + if (($status = @fread($this->fp, $bytes ?: self::getBlocksize())) === false) throw new IOException($filename.': Unable to read from file'); return $status; } From a29a210c33ead217eac69a93a3ab162b9c2ec783 Mon Sep 17 00:00:00 2001 From: ntozier Date: Sun, 23 Feb 2014 15:15:19 -0500 Subject: [PATCH 018/160] file system config page update display some more information to the admin user configuring the plugin --- storage-fs/plugin.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/storage-fs/plugin.php b/storage-fs/plugin.php index fa3d79db..de58393f 100644 --- a/storage-fs/plugin.php +++ b/storage-fs/plugin.php @@ -78,13 +78,17 @@ function getPath($hash) { class FsStoragePluginConfig extends PluginConfig { function getOptions() { return array( + 'desc' => new SectionBreakField(array( + 'label' => 'File System', + 'hint' => 'Once enabled and configured please change the storage backend in Admin Panel -> Settings -> Attachments', + )), 'uploadpath' => new TextboxField(array( 'label'=>'Base folder for attachment files', 'hint'=>'The path must already exist and be writeable by the web server. If the path starts with neither a `/` or a drive letter, the path will be assumed to be relative to the root of osTicket', - 'configuration'=>array('size'=>40), + 'configuration'=>array('size'=>60, 'length'=>120), 'required'=>true, )), ); From 6d9ea4f8419798dc4eef3a33b134fddd35d2deb7 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 3 Mar 2014 10:58:39 -0600 Subject: [PATCH 019/160] storage-fs: Bump version number --- storage-fs/plugin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/storage-fs/plugin.php b/storage-fs/plugin.php index de58393f..653db222 100644 --- a/storage-fs/plugin.php +++ b/storage-fs/plugin.php @@ -39,7 +39,7 @@ function write($data) { if (!$this->fp) $this->fp = @fopen($filename, 'wb'); if (!$this->fp) - throw new IOException($filename.':Unable to open for reading'); + throw new IOException($filename.': Unable to open for reading'); if (($status = @fwrite($this->fp, $data)) === false) throw new IOException($filename.': Unable to write to file'); return $status; @@ -130,7 +130,7 @@ function bootstrap() { return array( 'id' => 'storage:fs', # notrans - 'version' => '0.1', + 'version' => '0.2', 'name' => 'Attachments on the filesystem', 'author' => 'Jared Hancock', 'description' => 'Enables storing attachments on the filesystem', From ccdb11334639c9ee5c0e250b8dbf08d1c6ed051c Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 23 Jan 2014 22:09:58 -0600 Subject: [PATCH 020/160] Add S3 plugin and dependencies Use composer to download and manage dependencies --- .gitignore | 7 + auth-ldap/include/Net/LDAP2.php | 1799 ----------------- auth-ldap/include/Net/LDAP2/Entry.php | 1069 ---------- auth-ldap/include/Net/LDAP2/Filter.php | 547 ----- auth-ldap/include/Net/LDAP2/LDIF.php | 923 --------- auth-ldap/include/Net/LDAP2/RootDSE.php | 241 --- auth-ldap/include/Net/LDAP2/Schema.php | 622 ------ .../Net/LDAP2/SchemaCache.interface.php | 59 - auth-ldap/include/Net/LDAP2/Search.php | 624 ------ .../Net/LDAP2/SimpleFileSchemaCache.php | 97 - auth-ldap/include/Net/LDAP2/Util.php | 572 ------ auth-ldap/plugin.php | 6 +- composer.json | 17 + lib/.keep | 0 make.php | 20 + storage-s3/config.php | 92 + storage-s3/plugin.php | 20 + storage-s3/storage.php | 203 ++ 18 files changed, 364 insertions(+), 6554 deletions(-) delete mode 100644 auth-ldap/include/Net/LDAP2.php delete mode 100644 auth-ldap/include/Net/LDAP2/Entry.php delete mode 100644 auth-ldap/include/Net/LDAP2/Filter.php delete mode 100644 auth-ldap/include/Net/LDAP2/LDIF.php delete mode 100644 auth-ldap/include/Net/LDAP2/RootDSE.php delete mode 100644 auth-ldap/include/Net/LDAP2/Schema.php delete mode 100644 auth-ldap/include/Net/LDAP2/SchemaCache.interface.php delete mode 100644 auth-ldap/include/Net/LDAP2/Search.php delete mode 100644 auth-ldap/include/Net/LDAP2/SimpleFileSchemaCache.php delete mode 100644 auth-ldap/include/Net/LDAP2/Util.php create mode 100644 composer.json create mode 100644 lib/.keep create mode 100644 storage-s3/config.php create mode 100644 storage-s3/plugin.php create mode 100644 storage-s3/storage.php diff --git a/.gitignore b/.gitignore index 3bdc4e06..cdd8f1a8 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,10 @@ Vagrantfile # Staging directory used for packaging script stage + +# Ignore compiled phar files +*.phar + +# Ignore installed dependencies and composer if placed here +lib/ +composer.phar diff --git a/auth-ldap/include/Net/LDAP2.php b/auth-ldap/include/Net/LDAP2.php deleted file mode 100644 index d9ecdbc6..00000000 --- a/auth-ldap/include/Net/LDAP2.php +++ /dev/null @@ -1,1799 +0,0 @@ - -* @author Jan Wagner -* @author Del -* @author Benedikt Hallinger -* @copyright 2003-2007 Tarjej Huse, Jan Wagner, Del Elson, Benedikt Hallinger -* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 -* @version SVN: $Id: LDAP2.php 318473 2011-10-27 13:39:13Z beni $ -* @link http://pear.php.net/package/Net_LDAP2/ -*/ - -/** -* Package includes. -*/ -require_once 'PEAR.php'; -require_once 'LDAP2/RootDSE.php'; -require_once 'LDAP2/Schema.php'; -require_once 'LDAP2/Entry.php'; -require_once 'LDAP2/Search.php'; -require_once 'LDAP2/Util.php'; -require_once 'LDAP2/Filter.php'; -require_once 'LDAP2/LDIF.php'; -require_once 'LDAP2/SchemaCache.interface.php'; -require_once 'LDAP2/SimpleFileSchemaCache.php'; - -/** -* Error constants for errors that are not LDAP errors. -*/ -define('NET_LDAP2_ERROR', 1000); - -/** -* Net_LDAP2 Version -*/ -define('NET_LDAP2_VERSION', '2.0.10'); - -/** -* Net_LDAP2 - manipulate LDAP servers the right way! -* -* @category Net -* @package Net_LDAP2 -* @author Tarjej Huse -* @author Jan Wagner -* @author Del -* @author Benedikt Hallinger -* @copyright 2003-2007 Tarjej Huse, Jan Wagner, Del Elson, Benedikt Hallinger -* @license http://www.gnu.org/copyleft/lesser.html LGPL -* @link http://pear.php.net/package/Net_LDAP2/ -*/ -class Net_LDAP2 extends PEAR -{ - /** - * Class configuration array - * - * host = the ldap host to connect to - * (may be an array of several hosts to try) - * port = the server port - * version = ldap version (defaults to v 3) - * starttls = when set, ldap_start_tls() is run after connecting. - * bindpw = no explanation needed - * binddn = the DN to bind as. - * basedn = ldap base - * options = hash of ldap options to set (opt => val) - * filter = default search filter - * scope = default search scope - * - * Newly added in 2.0.0RC4, for auto-reconnect: - * auto_reconnect = if set to true then the class will automatically - * attempt to reconnect to the LDAP server in certain - * failure conditionswhen attempting a search, or other - * LDAP operation. Defaults to false. Note that if you - * set this to true, calls to search() may block - * indefinitely if there is a catastrophic server failure. - * min_backoff = minimum reconnection delay period (in seconds). - * current_backoff = initial reconnection delay period (in seconds). - * max_backoff = maximum reconnection delay period (in seconds). - * - * @access protected - * @var array - */ - protected $_config = array('host' => 'localhost', - 'port' => 389, - 'version' => 3, - 'starttls' => false, - 'binddn' => '', - 'bindpw' => '', - 'basedn' => '', - 'options' => array(), - 'filter' => '(objectClass=*)', - 'scope' => 'sub', - 'auto_reconnect' => false, - 'min_backoff' => 1, - 'current_backoff' => 1, - 'max_backoff' => 32); - - /** - * List of hosts we try to establish a connection to - * - * @access protected - * @var array - */ - protected $_host_list = array(); - - /** - * List of hosts that are known to be down. - * - * @access protected - * @var array - */ - protected $_down_host_list = array(); - - /** - * LDAP resource link. - * - * @access protected - * @var resource - */ - protected $_link = false; - - /** - * Net_LDAP2_Schema object - * - * This gets set and returned by {@link schema()} - * - * @access protected - * @var object Net_LDAP2_Schema - */ - protected $_schema = null; - - /** - * Schema cacher function callback - * - * @see registerSchemaCache() - * @var string - */ - protected $_schema_cache = null; - - /** - * Cache for attribute encoding checks - * - * @access protected - * @var array Hash with attribute names as key and boolean value - * to determine whether they should be utf8 encoded or not. - */ - protected $_schemaAttrs = array(); - - /** - * Cache for rootDSE objects - * - * Hash with requested rootDSE attr names as key and rootDSE object as value - * - * Since the RootDSE object itself may request a rootDSE object, - * {@link rootDse()} caches successful requests. - * Internally, Net_LDAP2 needs several lookups to this object, so - * caching increases performance significally. - * - * @access protected - * @var array - */ - protected $_rootDSE_cache = array(); - - /** - * Returns the Net_LDAP2 Release version, may be called statically - * - * @static - * @return string Net_LDAP2 version - */ - public static function getVersion() - { - return NET_LDAP2_VERSION; - } - - /** - * Configure Net_LDAP2, connect and bind - * - * Use this method as starting point of using Net_LDAP2 - * to establish a connection to your LDAP server. - * - * Static function that returns either an error object or the new Net_LDAP2 - * object. Something like a factory. Takes a config array with the needed - * parameters. - * - * @param array $config Configuration array - * - * @access public - * @return Net_LDAP2_Error|Net_LDAP2 Net_LDAP2_Error or Net_LDAP2 object - */ - public static function &connect($config = array()) - { - $ldap_check = self::checkLDAPExtension(); - if (self::iserror($ldap_check)) { - return $ldap_check; - } - - @$obj = new Net_LDAP2($config); - - // todo? better errorhandling for setConfig()? - - // connect and bind with credentials in config - $err = $obj->bind(); - if (self::isError($err)) { - return $err; - } - - return $obj; - } - - /** - * Net_LDAP2 constructor - * - * Sets the config array - * - * Please note that the usual way of getting Net_LDAP2 to work is - * to call something like: - * $ldap = Net_LDAP2::connect($ldap_config); - * - * @param array $config Configuration array - * - * @access protected - * @return void - * @see $_config - */ - public function __construct($config = array()) - { - $this->PEAR('Net_LDAP2_Error'); - $this->setConfig($config); - } - - /** - * Sets the internal configuration array - * - * @param array $config Configuration array - * - * @access protected - * @return void - */ - protected function setConfig($config) - { - // - // Parameter check -- probably should raise an error here if config - // is not an array. - // - if (! is_array($config)) { - return; - } - - foreach ($config as $k => $v) { - if (isset($this->_config[$k])) { - $this->_config[$k] = $v; - } else { - // map old (Net_LDAP2) parms to new ones - switch($k) { - case "dn": - $this->_config["binddn"] = $v; - break; - case "password": - $this->_config["bindpw"] = $v; - break; - case "tls": - $this->_config["starttls"] = $v; - break; - case "base": - $this->_config["basedn"] = $v; - break; - } - } - } - - // - // Ensure the host list is an array. - // - if (is_array($this->_config['host'])) { - $this->_host_list = $this->_config['host']; - } else { - if (strlen($this->_config['host']) > 0) { - $this->_host_list = array($this->_config['host']); - } else { - $this->_host_list = array(); - // ^ this will cause an error in performConnect(), - // so the user is notified about the failure - } - } - - // - // Reset the down host list, which seems like a sensible thing to do - // if the config is being reset for some reason. - // - $this->_down_host_list = array(); - } - - /** - * Bind or rebind to the ldap-server - * - * This function binds with the given dn and password to the server. In case - * no connection has been made yet, it will be started and startTLS issued - * if appropiate. - * - * The internal bind configuration is not being updated, so if you call - * bind() without parameters, you can rebind with the credentials - * provided at first connecting to the server. - * - * @param string $dn Distinguished name for binding - * @param string $password Password for binding - * - * @access public - * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true - */ - public function bind($dn = null, $password = null) - { - // fetch current bind credentials - if (is_null($dn)) { - $dn = $this->_config["binddn"]; - } - if (is_null($password)) { - $password = $this->_config["bindpw"]; - } - - // Connect first, if we haven't so far. - // This will also bind us to the server. - if ($this->_link === false) { - // store old credentials so we can revert them later - // then overwrite config with new bind credentials - $olddn = $this->_config["binddn"]; - $oldpw = $this->_config["bindpw"]; - - // overwrite bind credentials in config - // so performConnect() knows about them - $this->_config["binddn"] = $dn; - $this->_config["bindpw"] = $password; - - // try to connect with provided credentials - $msg = $this->performConnect(); - - // reset to previous config - $this->_config["binddn"] = $olddn; - $this->_config["bindpw"] = $oldpw; - - // see if bind worked - if (self::isError($msg)) { - return $msg; - } - } else { - // do the requested bind as we are - // asked to bind manually - if (is_null($dn)) { - // anonymous bind - $msg = @ldap_bind($this->_link); - } else { - // privileged bind - $msg = @ldap_bind($this->_link, $dn, $password); - } - if (false === $msg) { - return PEAR::raiseError("Bind failed: " . - @ldap_error($this->_link), - @ldap_errno($this->_link)); - } - } - return true; - } - - /** - * Connect to the ldap-server - * - * This function connects to the LDAP server specified in - * the configuration, binds and set up the LDAP protocol as needed. - * - * @access protected - * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true - */ - protected function performConnect() - { - // Note: Connecting is briefly described in RFC1777. - // Basicly it works like this: - // 1. set up TCP connection - // 2. secure that connection if neccessary - // 3a. setLDAPVersion to tell server which version we want to speak - // 3b. perform bind - // 3c. setLDAPVersion to tell server which version we want to speak - // together with a test for supported versions - // 4. set additional protocol options - - // Return true if we are already connected. - if ($this->_link !== false) { - return true; - } - - // Connnect to the LDAP server if we are not connected. Note that - // with some LDAP clients, ldapperformConnect returns a link value even - // if no connection is made. We need to do at least one anonymous - // bind to ensure that a connection is actually valid. - // - // Ref: http://www.php.net/manual/en/function.ldap-connect.php - - // Default error message in case all connection attempts - // fail but no message is set - $current_error = new PEAR_Error('Unknown connection error'); - - // Catch empty $_host_list arrays. - if (!is_array($this->_host_list) || count($this->_host_list) == 0) { - $current_error = PEAR::raiseError('No Servers configured! Please '. - 'pass in an array of servers to Net_LDAP2'); - return $current_error; - } - - // Cycle through the host list. - foreach ($this->_host_list as $host) { - - // Ensure we have a valid string for host name - if (is_array($host)) { - $current_error = PEAR::raiseError('No Servers configured! '. - 'Please pass in an one dimensional array of servers to '. - 'Net_LDAP2! (multidimensional array detected!)'); - continue; - } - - // Skip this host if it is known to be down. - if (in_array($host, $this->_down_host_list)) { - continue; - } - - // Record the host that we are actually connecting to in case - // we need it later. - $this->_config['host'] = $host; - - // Attempt a connection. - $this->_link = @ldap_connect($host, $this->_config['port']); - if (false === $this->_link) { - $current_error = PEAR::raiseError('Could not connect to ' . - $host . ':' . $this->_config['port']); - $this->_down_host_list[] = $host; - continue; - } - - // Try to set the configured LDAP version on the connection if LDAP - // server needs that before binding (eg OpenLDAP). - // This could be necessary since rfc-1777 states that the protocol version - // has to be set at the bind request. - // We use force here which means that the test in the rootDSE is skipped; - // this is neccessary, because some strict LDAP servers only allow to - // read the LDAP rootDSE (which tells us the supported protocol versions) - // with authenticated clients. - // This may fail in which case we try again after binding. - // In this case, most probably the bind() or setLDAPVersion()-call - // below will also fail, providing error messages. - $version_set = false; - $ignored_err = $this->setLDAPVersion(0, true); - if (!self::isError($ignored_err)) { - $version_set = true; - } - - // Set desired LDAP version if not successfully set before. - // Here, a check against the rootDSE is performed, so we get a - // error message if the server does not support the version. - // The rootDSE entry should tell us which LDAP versions are - // supported. However, some strict LDAP servers only allow - // bound suers to read the rootDSE. - if (!$version_set) { - if (self::isError($msg = $this->setLDAPVersion())) { - $current_error = $msg; - $this->_link = false; - $this->_down_host_list[] = $host; - continue; - } - } - - // Set LDAP parameters, now we know we have a valid connection. - if (isset($this->_config['options']) && - is_array($this->_config['options']) && - count($this->_config['options'])) { - foreach ($this->_config['options'] as $opt => $val) { - $err = $this->setOption($opt, $val); - if (self::isError($err)) { - $current_error = $err; - $this->_link = false; - $this->_down_host_list[] = $host; - continue 2; - } - } - } - - // If we're supposed to use TLS, do so before we try to bind, - // as some strict servers only allow binding via secure connections - if ($this->_config["starttls"] === true) { - if (self::isError($msg = $this->startTLS())) { - $current_error = $msg; - $this->_link = false; - $this->_down_host_list[] = $host; - continue; - } - } - - // Attempt to bind to the server. If we have credentials configured, - // we try to use them, otherwise its an anonymous bind. - // As stated by RFC-1777, the bind request should be the first - // operation to be performed after the connection is established. - // This may give an protocol error if the server does not support - // V2 binds and the above call to setLDAPVersion() failed. - // In case the above call failed, we try an V2 bind here and set the - // version afterwards (with checking to the rootDSE). - $msg = $this->bind(); - if (self::isError($msg)) { - // The bind failed, discard link and save error msg. - // Then record the host as down and try next one - if ($msg->getCode() == 0x02 && !$version_set) { - // provide a finer grained error message - // if protocol error arieses because of invalid version - $msg = new Net_LDAP2_Error($msg->getMessage(). - " (could not set LDAP protocol version to ". - $this->_config['version'].")", - $msg->getCode()); - } - $this->_link = false; - $current_error = $msg; - $this->_down_host_list[] = $host; - continue; - } - - // At this stage we have connected, bound, and set up options, - // so we have a known good LDAP server. Time to go home. - return true; - } - - - // All connection attempts have failed, return the last error. - return $current_error; - } - - /** - * Reconnect to the ldap-server. - * - * In case the connection to the LDAP - * service has dropped out for some reason, this function will reconnect, - * and re-bind if a bind has been attempted in the past. It is probably - * most useful when the server list provided to the new() or connect() - * function is an array rather than a single host name, because in that - * case it will be able to connect to a failover or secondary server in - * case the primary server goes down. - * - * This doesn't return anything, it just tries to re-establish - * the current connection. It will sleep for the current backoff - * period (seconds) before attempting the connect, and if the - * connection fails it will double the backoff period, but not - * try again. If you want to ensure a reconnection during a - * transient period of server downtime then you need to call this - * function in a loop. - * - * @access protected - * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true - */ - protected function performReconnect() - { - - // Return true if we are already connected. - if ($this->_link !== false) { - return true; - } - - // Default error message in case all connection attempts - // fail but no message is set - $current_error = new PEAR_Error('Unknown connection error'); - - // Sleep for a backoff period in seconds. - sleep($this->_config['current_backoff']); - - // Retry all available connections. - $this->_down_host_list = array(); - $msg = $this->performConnect(); - - // Bail out if that fails. - if (self::isError($msg)) { - $this->_config['current_backoff'] = - $this->_config['current_backoff'] * 2; - if ($this->_config['current_backoff'] > $this->_config['max_backoff']) { - $this->_config['current_backoff'] = $this->_config['max_backoff']; - } - return $msg; - } - - // Now we should be able to safely (re-)bind. - $msg = $this->bind(); - if (self::isError($msg)) { - $this->_config['current_backoff'] = $this->_config['current_backoff'] * 2; - if ($this->_config['current_backoff'] > $this->_config['max_backoff']) { - $this->_config['current_backoff'] = $this->_config['max_backoff']; - } - - // _config['host'] should have had the last connected host stored in it - // by performConnect(). Since we are unable to bind to that host we can safely - // assume that it is down or has some other problem. - $this->_down_host_list[] = $this->_config['host']; - return $msg; - } - - // At this stage we have connected, bound, and set up options, - // so we have a known good LDAP server. Time to go home. - $this->_config['current_backoff'] = $this->_config['min_backoff']; - return true; - } - - /** - * Starts an encrypted session - * - * @access public - * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true - */ - public function startTLS() - { - /* Test to see if the server supports TLS first. - This is done via testing the extensions offered by the server. - The OID 1.3.6.1.4.1.1466.20037 tells us, if TLS is supported. - Note, that not all servers allow to feth either the rootDSE or - attributes over an unencrypted channel, so we must ignore errors. */ - $rootDSE = $this->rootDse(); - if (self::isError($rootDSE)) { - /* IGNORE this error, because server may refuse fetching the - RootDSE over an unencrypted connection. */ - //return $this->raiseError("Unable to fetch rootDSE entry ". - //"to see if TLS is supoported: ".$rootDSE->getMessage(), $rootDSE->getCode()); - } else { - /* Fetch suceeded, see, if the server supports TLS. Again, we - ignore errors, because the server may refuse to return - attributes over unencryted connections. */ - $supported_extensions = $rootDSE->getValue('supportedExtension'); - if (self::isError($supported_extensions)) { - /* IGNORE error, because server may refuse attribute - returning over an unencrypted connection. */ - //return $this->raiseError("Unable to fetch rootDSE attribute 'supportedExtension' ". - //"to see if TLS is supoported: ".$supported_extensions->getMessage(), $supported_extensions->getCode()); - } else { - // fetch succeedet, lets see if the server supports it. - // if not, then drop an error. If supported, then do nothing, - // because then we try to issue TLS afterwards. - if (!in_array('1.3.6.1.4.1.1466.20037', $supported_extensions)) { - return $this->raiseError("Server reports that it does not support TLS."); - } - } - } - - // Try to establish TLS. - if (false === @ldap_start_tls($this->_link)) { - // Starting TLS failed. This may be an error, or because - // the server does not support it but did not enable us to - // detect that above. - return $this->raiseError("TLS could not be started: " . - @ldap_error($this->_link), - @ldap_errno($this->_link)); - } else { - return true; // TLS is started now. - } - } - - /** - * alias function of startTLS() for perl-ldap interface - * - * @return void - * @see startTLS() - */ - public function start_tls() - { - $args = func_get_args(); - return call_user_func_array(array( &$this, 'startTLS' ), $args); - } - - /** - * Close LDAP connection. - * - * Closes the connection. Use this when the session is over. - * - * @return void - */ - public function done() - { - $this->_Net_LDAP2(); - } - - /** - * Alias for {@link done()} - * - * @return void - * @see done() - */ - public function disconnect() - { - $this->done(); - } - - /** - * Destructor - * - * @access protected - */ - public function _Net_LDAP2() - { - @ldap_close($this->_link); - } - - /** - * Add a new entryobject to a directory. - * - * Use add to add a new Net_LDAP2_Entry object to the directory. - * This also links the entry to the connection used for the add, - * if it was a fresh entry ({@link Net_LDAP2_Entry::createFresh()}) - * - * @param Net_LDAP2_Entry &$entry Net_LDAP2_Entry - * - * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true - */ - public function add(&$entry) - { - if (!$entry instanceof Net_LDAP2_Entry) { - return PEAR::raiseError('Parameter to Net_LDAP2::add() must be a Net_LDAP2_Entry object.'); - } - - // Continue attempting the add operation in a loop until we - // get a success, a definitive failure, or the world ends. - $foo = 0; - while (true) { - $link = $this->getLink(); - - if ($link === false) { - // We do not have a successful connection yet. The call to - // getLink() would have kept trying if we wanted one. Go - // home now. - return PEAR::raiseError("Could not add entry " . $entry->dn() . - " no valid LDAP connection could be found."); - } - - if (@ldap_add($link, $entry->dn(), $entry->getValues())) { - // entry successfully added, we should update its $ldap reference - // in case it is not set so far (fresh entry) - if (!$entry->getLDAP() instanceof Net_LDAP2) { - $entry->setLDAP($this); - } - // store, that the entry is present inside the directory - $entry->markAsNew(false); - return true; - } else { - // We have a failure. What type? We may be able to reconnect - // and try again. - $error_code = @ldap_errno($link); - $error_name = Net_LDAP2::errorMessage($error_code); - - if (($error_name === 'LDAP_OPERATIONS_ERROR') && - ($this->_config['auto_reconnect'])) { - - // The server has become disconnected before trying the - // operation. We should try again, possibly with a different - // server. - $this->_link = false; - $this->performReconnect(); - } else { - // Errors other than the above catched are just passed - // back to the user so he may react upon them. - return PEAR::raiseError("Could not add entry " . $entry->dn() . " " . - $error_name, - $error_code); - } - } - } - } - - /** - * Delete an entry from the directory - * - * The object may either be a string representing the dn or a Net_LDAP2_Entry - * object. When the boolean paramter recursive is set, all subentries of the - * entry will be deleted as well. - * - * @param string|Net_LDAP2_Entry $dn DN-string or Net_LDAP2_Entry - * @param boolean $recursive Should we delete all children recursive as well? - * - * @access public - * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true - */ - public function delete($dn, $recursive = false) - { - if ($dn instanceof Net_LDAP2_Entry) { - $dn = $dn->dn(); - } - if (false === is_string($dn)) { - return PEAR::raiseError("Parameter is not a string nor an entry object!"); - } - // Recursive delete searches for children and calls delete for them - if ($recursive) { - $result = @ldap_list($this->_link, $dn, '(objectClass=*)', array(null), 0, 0); - if (@ldap_count_entries($this->_link, $result)) { - $subentry = @ldap_first_entry($this->_link, $result); - $this->delete(@ldap_get_dn($this->_link, $subentry), true); - while ($subentry = @ldap_next_entry($this->_link, $subentry)) { - $this->delete(@ldap_get_dn($this->_link, $subentry), true); - } - } - } - - // Continue attempting the delete operation in a loop until we - // get a success, a definitive failure, or the world ends. - while (true) { - $link = $this->getLink(); - - if ($link === false) { - // We do not have a successful connection yet. The call to - // getLink() would have kept trying if we wanted one. Go - // home now. - return PEAR::raiseError("Could not add entry " . $dn . - " no valid LDAP connection could be found."); - } - - if (@ldap_delete($link, $dn)) { - // entry successfully deleted. - return true; - } else { - // We have a failure. What type? - // We may be able to reconnect and try again. - $error_code = @ldap_errno($link); - $error_name = Net_LDAP2::errorMessage($error_code); - - if ((Net_LDAP2::errorMessage($error_code) === 'LDAP_OPERATIONS_ERROR') && - ($this->_config['auto_reconnect'])) { - // The server has become disconnected before trying the - // operation. We should try again, possibly with a - // different server. - $this->_link = false; - $this->performReconnect(); - - } elseif ($error_code == 66) { - // Subentries present, server refused to delete. - // Deleting subentries is the clients responsibility, but - // since the user may not know of the subentries, we do not - // force that here but instead notify the developer so he - // may take actions himself. - return PEAR::raiseError("Could not delete entry $dn because of subentries. Use the recursive parameter to delete them."); - - } else { - // Errors other than the above catched are just passed - // back to the user so he may react upon them. - return PEAR::raiseError("Could not delete entry " . $dn . " " . - $error_name, - $error_code); - } - } - } - } - - /** - * Modify an ldapentry directly on the server - * - * This one takes the DN or a Net_LDAP2_Entry object and an array of actions. - * This array should be something like this: - * - * array('add' => array('attribute1' => array('val1', 'val2'), - * 'attribute2' => array('val1')), - * 'delete' => array('attribute1'), - * 'replace' => array('attribute1' => array('val1')), - * 'changes' => array('add' => ..., - * 'replace' => ..., - * 'delete' => array('attribute1', 'attribute2' => array('val1'))) - * - * The changes array is there so the order of operations can be influenced - * (the operations are done in order of appearance). - * The order of execution is as following: - * 1. adds from 'add' array - * 2. deletes from 'delete' array - * 3. replaces from 'replace' array - * 4. changes (add, replace, delete) in order of appearance - * All subarrays (add, replace, delete, changes) may be given at the same time. - * - * The function calls the corresponding functions of an Net_LDAP2_Entry - * object. A detailed description of array structures can be found there. - * - * Unlike the modification methods provided by the Net_LDAP2_Entry object, - * this method will instantly carry out an update() after each operation, - * thus modifying "directly" on the server. - * - * @param string|Net_LDAP2_Entry $entry DN-string or Net_LDAP2_Entry - * @param array $parms Array of changes - * - * @access public - * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true - */ - public function modify($entry, $parms = array()) - { - if (is_string($entry)) { - $entry = $this->getEntry($entry); - if (self::isError($entry)) { - return $entry; - } - } - if (!$entry instanceof Net_LDAP2_Entry) { - return PEAR::raiseError("Parameter is not a string nor an entry object!"); - } - - // Perform changes mentioned separately - foreach (array('add', 'delete', 'replace') as $action) { - if (isset($parms[$action])) { - $msg = $entry->$action($parms[$action]); - if (self::isError($msg)) { - return $msg; - } - $entry->setLDAP($this); - - // Because the @ldap functions are called inside Net_LDAP2_Entry::update(), - // we have to trap the error codes issued from that if we want to support - // reconnection. - while (true) { - $msg = $entry->update(); - - if (self::isError($msg)) { - // We have a failure. What type? We may be able to reconnect - // and try again. - $error_code = $msg->getCode(); - $error_name = Net_LDAP2::errorMessage($error_code); - - if ((Net_LDAP2::errorMessage($error_code) === 'LDAP_OPERATIONS_ERROR') && - ($this->_config['auto_reconnect'])) { - - // The server has become disconnected before trying the - // operation. We should try again, possibly with a different - // server. - $this->_link = false; - $this->performReconnect(); - - } else { - - // Errors other than the above catched are just passed - // back to the user so he may react upon them. - return PEAR::raiseError("Could not modify entry: ".$msg->getMessage()); - } - } else { - // modification succeedet, evaluate next change - break; - } - } - } - } - - // perform combined changes in 'changes' array - if (isset($parms['changes']) && is_array($parms['changes'])) { - foreach ($parms['changes'] as $action => $value) { - - // Because the @ldap functions are called inside Net_LDAP2_Entry::update, - // we have to trap the error codes issued from that if we want to support - // reconnection. - while (true) { - $msg = $this->modify($entry, array($action => $value)); - - if (self::isError($msg)) { - // We have a failure. What type? We may be able to reconnect - // and try again. - $error_code = $msg->getCode(); - $error_name = Net_LDAP2::errorMessage($error_code); - - if ((Net_LDAP2::errorMessage($error_code) === 'LDAP_OPERATIONS_ERROR') && - ($this->_config['auto_reconnect'])) { - - // The server has become disconnected before trying the - // operation. We should try again, possibly with a different - // server. - $this->_link = false; - $this->performReconnect(); - - } else { - // Errors other than the above catched are just passed - // back to the user so he may react upon them. - return $msg; - } - } else { - // modification succeedet, evaluate next change - break; - } - } - } - } - - return true; - } - - /** - * Run a ldap search query - * - * Search is used to query the ldap-database. - * $base and $filter may be ommitted. The one from config will - * then be used. $base is either a DN-string or an Net_LDAP2_Entry - * object in which case its DN willb e used. - * - * Params may contain: - * - * scope: The scope which will be used for searching - * base - Just one entry - * sub - The whole tree - * one - Immediately below $base - * sizelimit: Limit the number of entries returned (default: 0 = unlimited), - * timelimit: Limit the time spent for searching (default: 0 = unlimited), - * attrsonly: If true, the search will only return the attribute names, - * attributes: Array of attribute names, which the entry should contain. - * It is good practice to limit this to just the ones you need. - * [NOT IMPLEMENTED] - * deref: By default aliases are dereferenced to locate the base object for the search, but not when - * searching subordinates of the base object. This may be changed by specifying one of the - * following values: - * - * never - Do not dereference aliases in searching or in locating the base object of the search. - * search - Dereference aliases in subordinates of the base object in searching, but not in - * locating the base object of the search. - * find - * always - * - * Please note, that you cannot override server side limitations to sizelimit - * and timelimit: You can always only lower a given limit. - * - * @param string|Net_LDAP2_Entry $base LDAP searchbase - * @param string|Net_LDAP2_Filter $filter LDAP search filter or a Net_LDAP2_Filter object - * @param array $params Array of options - * - * @access public - * @return Net_LDAP2_Search|Net_LDAP2_Error Net_LDAP2_Search object or Net_LDAP2_Error object - * @todo implement search controls (sorting etc) - */ - public function search($base = null, $filter = null, $params = array()) - { - if (is_null($base)) { - $base = $this->_config['basedn']; - } - if ($base instanceof Net_LDAP2_Entry) { - $base = $base->dn(); // fetch DN of entry, making searchbase relative to the entry - } - if (is_null($filter)) { - $filter = $this->_config['filter']; - } - if ($filter instanceof Net_LDAP2_Filter) { - $filter = $filter->asString(); // convert Net_LDAP2_Filter to string representation - } - if (PEAR::isError($filter)) { - return $filter; - } - if (PEAR::isError($base)) { - return $base; - } - - /* setting searchparameters */ - (isset($params['sizelimit'])) ? $sizelimit = $params['sizelimit'] : $sizelimit = 0; - (isset($params['timelimit'])) ? $timelimit = $params['timelimit'] : $timelimit = 0; - (isset($params['attrsonly'])) ? $attrsonly = $params['attrsonly'] : $attrsonly = 0; - (isset($params['attributes'])) ? $attributes = $params['attributes'] : $attributes = array(); - - // Ensure $attributes to be an array in case only one - // attribute name was given as string - if (!is_array($attributes)) { - $attributes = array($attributes); - } - - // reorganize the $attributes array index keys - // sometimes there are problems with not consecutive indexes - $attributes = array_values($attributes); - - // scoping makes searches faster! - $scope = (isset($params['scope']) ? $params['scope'] : $this->_config['scope']); - - switch ($scope) { - case 'one': - $search_function = 'ldap_list'; - break; - case 'base': - $search_function = 'ldap_read'; - break; - default: - $search_function = 'ldap_search'; - } - - // Continue attempting the search operation until we get a success - // or a definitive failure. - while (true) { - $link = $this->getLink(); - $search = @call_user_func($search_function, - $link, - $base, - $filter, - $attributes, - $attrsonly, - $sizelimit, - $timelimit); - - if ($err = @ldap_errno($link)) { - if ($err == 32) { - // Errorcode 32 = no such object, i.e. a nullresult. - return $obj = new Net_LDAP2_Search ($search, $this, $attributes); - } elseif ($err == 4) { - // Errorcode 4 = sizelimit exeeded. - return $obj = new Net_LDAP2_Search ($search, $this, $attributes); - } elseif ($err == 87) { - // bad search filter - return $this->raiseError(Net_LDAP2::errorMessage($err) . "($filter)", $err); - } elseif (($err == 1) && ($this->_config['auto_reconnect'])) { - // Errorcode 1 = LDAP_OPERATIONS_ERROR but we can try a reconnect. - $this->_link = false; - $this->performReconnect(); - } else { - $msg = "\nParameters:\nBase: $base\nFilter: $filter\nScope: $scope"; - return $this->raiseError(Net_LDAP2::errorMessage($err) . $msg, $err); - } - } else { - return $obj = new Net_LDAP2_Search($search, $this, $attributes); - } - } - } - - /** - * Set an LDAP option - * - * @param string $option Option to set - * @param mixed $value Value to set Option to - * - * @access public - * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true - */ - public function setOption($option, $value) - { - if ($this->_link) { - if (defined($option)) { - if (@ldap_set_option($this->_link, constant($option), $value)) { - return true; - } else { - $err = @ldap_errno($this->_link); - if ($err) { - $msg = @ldap_err2str($err); - } else { - $err = NET_LDAP2_ERROR; - $msg = Net_LDAP2::errorMessage($err); - } - return $this->raiseError($msg, $err); - } - } else { - return $this->raiseError("Unkown Option requested"); - } - } else { - return $this->raiseError("Could not set LDAP option: No LDAP connection"); - } - } - - /** - * Get an LDAP option value - * - * @param string $option Option to get - * - * @access public - * @return Net_LDAP2_Error|string Net_LDAP2_Error or option value - */ - public function getOption($option) - { - if ($this->_link) { - if (defined($option)) { - if (@ldap_get_option($this->_link, constant($option), $value)) { - return $value; - } else { - $err = @ldap_errno($this->_link); - if ($err) { - $msg = @ldap_err2str($err); - } else { - $err = NET_LDAP2_ERROR; - $msg = Net_LDAP2::errorMessage($err); - } - return $this->raiseError($msg, $err); - } - } else { - $this->raiseError("Unkown Option requested"); - } - } else { - $this->raiseError("No LDAP connection"); - } - } - - /** - * Get the LDAP_PROTOCOL_VERSION that is used on the connection. - * - * A lot of ldap functionality is defined by what protocol version the ldap server speaks. - * This might be 2 or 3. - * - * @return int - */ - public function getLDAPVersion() - { - if ($this->_link) { - $version = $this->getOption("LDAP_OPT_PROTOCOL_VERSION"); - } else { - $version = $this->_config['version']; - } - return $version; - } - - /** - * Set the LDAP_PROTOCOL_VERSION that is used on the connection. - * - * @param int $version LDAP-version that should be used - * @param boolean $force If set to true, the check against the rootDSE will be skipped - * - * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true - * @todo Checking via the rootDSE takes much time - why? fetching and instanciation is quick! - */ - public function setLDAPVersion($version = 0, $force = false) - { - if (!$version) { - $version = $this->_config['version']; - } - - // - // Check to see if the server supports this version first. - // - // Todo: Why is this so horribly slow? - // $this->rootDse() is very fast, as well as Net_LDAP2_RootDSE::fetch() - // seems like a problem at copiyng the object inside PHP?? - // Additionally, this is not always reproducable... - // - if (!$force) { - $rootDSE = $this->rootDse(); - if ($rootDSE instanceof Net_LDAP2_Error) { - return $rootDSE; - } else { - $supported_versions = $rootDSE->getValue('supportedLDAPVersion'); - if (is_string($supported_versions)) { - $supported_versions = array($supported_versions); - } - $check_ok = in_array($version, $supported_versions); - } - } - - if ($force || $check_ok) { - return $this->setOption("LDAP_OPT_PROTOCOL_VERSION", $version); - } else { - return $this->raiseError("LDAP Server does not support protocol version " . $version); - } - } - - - /** - * Tells if a DN does exist in the directory - * - * @param string|Net_LDAP2_Entry $dn The DN of the object to test - * - * @return boolean|Net_LDAP2_Error - */ - public function dnExists($dn) - { - if (PEAR::isError($dn)) { - return $dn; - } - if ($dn instanceof Net_LDAP2_Entry) { - $dn = $dn->dn(); - } - if (false === is_string($dn)) { - return PEAR::raiseError('Parameter $dn is not a string nor an entry object!'); - } - - // search LDAP for that DN by performing a baselevel search for any - // object. We can only find the DN in question this way, or nothing. - $s_opts = array( - 'scope' => 'base', - 'sizelimit' => 1, - 'attributes' => '1.1' // select no attrs - ); - $search = $this->search($dn, '(objectClass=*)', $s_opts); - - if (self::isError($search)) { - return $search; - } - - // retun wehter the DN exists; that is, we found an entry - return ($search->count() == 0)? false : true; - } - - - /** - * Get a specific entry based on the DN - * - * @param string $dn DN of the entry that should be fetched - * @param array $attr Array of Attributes to select. If ommitted, all attributes are fetched. - * - * @return Net_LDAP2_Entry|Net_LDAP2_Error Reference to a Net_LDAP2_Entry object or Net_LDAP2_Error object - * @todo Maybe check against the shema should be done to be sure the attribute type exists - */ - public function &getEntry($dn, $attr = array()) - { - if (!is_array($attr)) { - $attr = array($attr); - } - $result = $this->search($dn, '(objectClass=*)', - array('scope' => 'base', 'attributes' => $attr)); - if (self::isError($result)) { - return $result; - } elseif ($result->count() == 0) { - return PEAR::raiseError('Could not fetch entry '.$dn.': no entry found'); - } - $entry = $result->shiftEntry(); - if (false == $entry) { - return PEAR::raiseError('Could not fetch entry (error retrieving entry from search result)'); - } - return $entry; - } - - /** - * Rename or move an entry - * - * This method will instantly carry out an update() after the move, - * so the entry is moved instantly. - * You can pass an optional Net_LDAP2 object. In this case, a cross directory - * move will be performed which deletes the entry in the source (THIS) directory - * and adds it in the directory $target_ldap. - * A cross directory move will switch the Entrys internal LDAP reference so - * updates to the entry will go to the new directory. - * - * Note that if you want to do a cross directory move, you need to - * pass an Net_LDAP2_Entry object, otherwise the attributes will be empty. - * - * @param string|Net_LDAP2_Entry $entry Entry DN or Entry object - * @param string $newdn New location - * @param Net_LDAP2 $target_ldap (optional) Target directory for cross server move; should be passed via reference - * - * @return Net_LDAP2_Error|true - */ - public function move($entry, $newdn, $target_ldap = null) - { - if (is_string($entry)) { - $entry_o = $this->getEntry($entry); - } else { - $entry_o =& $entry; - } - if (!$entry_o instanceof Net_LDAP2_Entry) { - return PEAR::raiseError('Parameter $entry is expected to be a Net_LDAP2_Entry object! (If DN was passed, conversion failed)'); - } - if (null !== $target_ldap && !$target_ldap instanceof Net_LDAP2) { - return PEAR::raiseError('Parameter $target_ldap is expected to be a Net_LDAP2 object!'); - } - - if ($target_ldap && $target_ldap !== $this) { - // cross directory move - if (is_string($entry)) { - return PEAR::raiseError('Unable to perform cross directory move: operation requires a Net_LDAP2_Entry object'); - } - if ($target_ldap->dnExists($newdn)) { - return PEAR::raiseError('Unable to perform cross directory move: entry does exist in target directory'); - } - $entry_o->dn($newdn); - $res = $target_ldap->add($entry_o); - if (self::isError($res)) { - return PEAR::raiseError('Unable to perform cross directory move: '.$res->getMessage().' in target directory'); - } - $res = $this->delete($entry_o->currentDN()); - if (self::isError($res)) { - $res2 = $target_ldap->delete($entry_o); // undo add - if (self::isError($res2)) { - $add_error_string = 'Additionally, the deletion (undo add) of $entry in target directory failed.'; - } - return PEAR::raiseError('Unable to perform cross directory move: '.$res->getMessage().' in source directory. '.$add_error_string); - } - $entry_o->setLDAP($target_ldap); - return true; - } else { - // local move - $entry_o->dn($newdn); - $entry_o->setLDAP($this); - return $entry_o->update(); - } - } - - /** - * Copy an entry to a new location - * - * The entry will be immediately copied. - * Please note that only attributes you have - * selected will be copied. - * - * @param Net_LDAP2_Entry &$entry Entry object - * @param string $newdn New FQF-DN of the entry - * - * @return Net_LDAP2_Error|Net_LDAP2_Entry Error Message or reference to the copied entry - */ - public function ©(&$entry, $newdn) - { - if (!$entry instanceof Net_LDAP2_Entry) { - return PEAR::raiseError('Parameter $entry is expected to be a Net_LDAP2_Entry object!'); - } - - $newentry = Net_LDAP2_Entry::createFresh($newdn, $entry->getValues()); - $result = $this->add($newentry); - - if ($result instanceof Net_LDAP2_Error) { - return $result; - } else { - return $newentry; - } - } - - - /** - * Returns the string for an ldap errorcode. - * - * Made to be able to make better errorhandling - * Function based on DB::errorMessage() - * Tip: The best description of the errorcodes is found here: - * http://www.directory-info.com/LDAP2/LDAPErrorCodes.html - * - * @param int $errorcode Error code - * - * @return string The errorstring for the error. - */ - public static function errorMessage($errorcode) - { - $errorMessages = array( - 0x00 => "LDAP_SUCCESS", - 0x01 => "LDAP_OPERATIONS_ERROR", - 0x02 => "LDAP_PROTOCOL_ERROR", - 0x03 => "LDAP_TIMELIMIT_EXCEEDED", - 0x04 => "LDAP_SIZELIMIT_EXCEEDED", - 0x05 => "LDAP_COMPARE_FALSE", - 0x06 => "LDAP_COMPARE_TRUE", - 0x07 => "LDAP_AUTH_METHOD_NOT_SUPPORTED", - 0x08 => "LDAP_STRONG_AUTH_REQUIRED", - 0x09 => "LDAP_PARTIAL_RESULTS", - 0x0a => "LDAP_REFERRAL", - 0x0b => "LDAP_ADMINLIMIT_EXCEEDED", - 0x0c => "LDAP_UNAVAILABLE_CRITICAL_EXTENSION", - 0x0d => "LDAP_CONFIDENTIALITY_REQUIRED", - 0x0e => "LDAP_SASL_BIND_INPROGRESS", - 0x10 => "LDAP_NO_SUCH_ATTRIBUTE", - 0x11 => "LDAP_UNDEFINED_TYPE", - 0x12 => "LDAP_INAPPROPRIATE_MATCHING", - 0x13 => "LDAP_CONSTRAINT_VIOLATION", - 0x14 => "LDAP_TYPE_OR_VALUE_EXISTS", - 0x15 => "LDAP_INVALID_SYNTAX", - 0x20 => "LDAP_NO_SUCH_OBJECT", - 0x21 => "LDAP_ALIAS_PROBLEM", - 0x22 => "LDAP_INVALID_DN_SYNTAX", - 0x23 => "LDAP_IS_LEAF", - 0x24 => "LDAP_ALIAS_DEREF_PROBLEM", - 0x30 => "LDAP_INAPPROPRIATE_AUTH", - 0x31 => "LDAP_INVALID_CREDENTIALS", - 0x32 => "LDAP_INSUFFICIENT_ACCESS", - 0x33 => "LDAP_BUSY", - 0x34 => "LDAP_UNAVAILABLE", - 0x35 => "LDAP_UNWILLING_TO_PERFORM", - 0x36 => "LDAP_LOOP_DETECT", - 0x3C => "LDAP_SORT_CONTROL_MISSING", - 0x3D => "LDAP_INDEX_RANGE_ERROR", - 0x40 => "LDAP_NAMING_VIOLATION", - 0x41 => "LDAP_OBJECT_CLASS_VIOLATION", - 0x42 => "LDAP_NOT_ALLOWED_ON_NONLEAF", - 0x43 => "LDAP_NOT_ALLOWED_ON_RDN", - 0x44 => "LDAP_ALREADY_EXISTS", - 0x45 => "LDAP_NO_OBJECT_CLASS_MODS", - 0x46 => "LDAP_RESULTS_TOO_LARGE", - 0x47 => "LDAP_AFFECTS_MULTIPLE_DSAS", - 0x50 => "LDAP_OTHER", - 0x51 => "LDAP_SERVER_DOWN", - 0x52 => "LDAP_LOCAL_ERROR", - 0x53 => "LDAP_ENCODING_ERROR", - 0x54 => "LDAP_DECODING_ERROR", - 0x55 => "LDAP_TIMEOUT", - 0x56 => "LDAP_AUTH_UNKNOWN", - 0x57 => "LDAP_FILTER_ERROR", - 0x58 => "LDAP_USER_CANCELLED", - 0x59 => "LDAP_PARAM_ERROR", - 0x5a => "LDAP_NO_MEMORY", - 0x5b => "LDAP_CONNECT_ERROR", - 0x5c => "LDAP_NOT_SUPPORTED", - 0x5d => "LDAP_CONTROL_NOT_FOUND", - 0x5e => "LDAP_NO_RESULTS_RETURNED", - 0x5f => "LDAP_MORE_RESULTS_TO_RETURN", - 0x60 => "LDAP_CLIENT_LOOP", - 0x61 => "LDAP_REFERRAL_LIMIT_EXCEEDED", - 1000 => "Unknown Net_LDAP2 Error" - ); - - return isset($errorMessages[$errorcode]) ? - $errorMessages[$errorcode] : - $errorMessages[NET_LDAP2_ERROR] . ' (' . $errorcode . ')'; - } - - /** - * Gets a rootDSE object - * - * This either fetches a fresh rootDSE object or returns it from - * the internal cache for performance reasons, if possible. - * - * @param array $attrs Array of attributes to search for - * - * @access public - * @return Net_LDAP2_Error|Net_LDAP2_RootDSE Net_LDAP2_Error or Net_LDAP2_RootDSE object - */ - public function &rootDse($attrs = null) - { - if ($attrs !== null && !is_array($attrs)) { - return PEAR::raiseError('Parameter $attr is expected to be an array!'); - } - - $attrs_signature = serialize($attrs); - - // see if we need to fetch a fresh object, or if we already - // requested this object with the same attributes - if (true || !array_key_exists($attrs_signature, $this->_rootDSE_cache)) { - $rootdse =& Net_LDAP2_RootDSE::fetch($this, $attrs); - if ($rootdse instanceof Net_LDAP2_Error) { - return $rootdse; - } - - // search was ok, store rootDSE in cache - $this->_rootDSE_cache[$attrs_signature] = $rootdse; - } - return $this->_rootDSE_cache[$attrs_signature]; - } - - /** - * Alias function of rootDse() for perl-ldap interface - * - * @access public - * @see rootDse() - * @return Net_LDAP2_Error|Net_LDAP2_RootDSE - */ - public function &root_dse() - { - $args = func_get_args(); - return call_user_func_array(array(&$this, 'rootDse'), $args); - } - - /** - * Get a schema object - * - * @param string $dn (optional) Subschema entry dn - * - * @access public - * @return Net_LDAP2_Schema|Net_LDAP2_Error Net_LDAP2_Schema or Net_LDAP2_Error object - */ - public function &schema($dn = null) - { - // Schema caching by Knut-Olav Hoven - // If a schema caching object is registered, we use that to fetch - // a schema object. - // See registerSchemaCache() for more info on this. - if ($this->_schema === null) { - if ($this->_schema_cache) { - $cached_schema = $this->_schema_cache->loadSchema(); - if ($cached_schema instanceof Net_LDAP2_Error) { - return $cached_schema; // route error to client - } else { - if ($cached_schema instanceof Net_LDAP2_Schema) { - $this->_schema = $cached_schema; - } - } - } - } - - // Fetch schema, if not tried before and no cached version available. - // If we are already fetching the schema, we will skip fetching. - if ($this->_schema === null) { - // store a temporary error message so subsequent calls to schema() can - // detect, that we are fetching the schema already. - // Otherwise we will get an infinite loop at Net_LDAP2_Schema::fetch() - $this->_schema = new Net_LDAP2_Error('Schema not initialized'); - $this->_schema = Net_LDAP2_Schema::fetch($this, $dn); - - // If schema caching is active, advise the cache to store the schema - if ($this->_schema_cache) { - $caching_result = $this->_schema_cache->storeSchema($this->_schema); - if ($caching_result instanceof Net_LDAP2_Error) { - return $caching_result; // route error to client - } - } - } - return $this->_schema; - } - - /** - * Enable/disable persistent schema caching - * - * Sometimes it might be useful to allow your scripts to cache - * the schema information on disk, so the schema is not fetched - * every time the script runs which could make your scripts run - * faster. - * - * This method allows you to register a custom object that - * implements your schema cache. Please see the SchemaCache interface - * (SchemaCache.interface.php) for informations on how to implement this. - * To unregister the cache, pass null as $cache parameter. - * - * For ease of use, Net_LDAP2 provides a simple file based cache - * which is used in the example below. You may use this, for example, - * to store the schema in a linux tmpfs which results in the schema - * beeing cached inside the RAM which allows nearly instant access. - * - * // Create the simple file cache object that comes along with Net_LDAP2 - * $mySchemaCache_cfg = array( - * 'path' => '/tmp/Net_LDAP2_Schema.cache', - * 'max_age' => 86400 // max age is 24 hours (in seconds) - * ); - * $mySchemaCache = new Net_LDAP2_SimpleFileSchemaCache($mySchemaCache_cfg); - * $ldap = new Net_LDAP2::connect(...); - * $ldap->registerSchemaCache($mySchemaCache); // enable caching - * // now each call to $ldap->schema() will get the schema from disk! - * - * - * @param Net_LDAP2_SchemaCache|null $cache Object implementing the Net_LDAP2_SchemaCache interface - * - * @return true|Net_LDAP2_Error - */ - public function registerSchemaCache($cache) { - if (is_null($cache) - || (is_object($cache) && in_array('Net_LDAP2_SchemaCache', class_implements($cache))) ) { - $this->_schema_cache = $cache; - return true; - } else { - return new Net_LDAP2_Error('Custom schema caching object is either no '. - 'valid object or does not implement the Net_LDAP2_SchemaCache interface!'); - } - } - - - /** - * Checks if phps ldap-extension is loaded - * - * If it is not loaded, it tries to load it manually using PHPs dl(). - * It knows both windows-dll and *nix-so. - * - * @static - * @return Net_LDAP2_Error|true - */ - public static function checkLDAPExtension() - { - if (!extension_loaded('ldap') && !@dl('ldap.' . PHP_SHLIB_SUFFIX)) { - return new Net_LDAP2_Error("It seems that you do not have the ldap-extension installed. Please install it before using the Net_LDAP2 package."); - } else { - return true; - } - } - - /** - * Encodes given attributes to UTF8 if needed by schema - * - * This function takes attributes in an array and then checks against the schema if they need - * UTF8 encoding. If that is so, they will be encoded. An encoded array will be returned and - * can be used for adding or modifying. - * - * $attributes is expected to be an array with keys describing - * the attribute names and the values as the value of this attribute: - * $attributes = array('cn' => 'foo', 'attr2' => array('mv1', 'mv2')); - * - * @param array $attributes Array of attributes - * - * @access public - * @return array|Net_LDAP2_Error Array of UTF8 encoded attributes or Error - */ - public function utf8Encode($attributes) - { - return $this->utf8($attributes, 'utf8_encode'); - } - - /** - * Decodes the given attribute values if needed by schema - * - * $attributes is expected to be an array with keys describing - * the attribute names and the values as the value of this attribute: - * $attributes = array('cn' => 'foo', 'attr2' => array('mv1', 'mv2')); - * - * @param array $attributes Array of attributes - * - * @access public - * @see utf8Encode() - * @return array|Net_LDAP2_Error Array with decoded attribute values or Error - */ - public function utf8Decode($attributes) - { - return $this->utf8($attributes, 'utf8_decode'); - } - - /** - * Encodes or decodes attribute values if needed - * - * @param array $attributes Array of attributes - * @param array $function Function to apply to attribute values - * - * @access protected - * @return array|Net_LDAP2_Error Array of attributes with function applied to values or Error - */ - protected function utf8($attributes, $function) - { - if (!is_array($attributes) || array_key_exists(0, $attributes)) { - return PEAR::raiseError('Parameter $attributes is expected to be an associative array'); - } - - if (!$this->_schema) { - $this->_schema = $this->schema(); - } - - if (!$this->_link || self::isError($this->_schema) || !function_exists($function)) { - return $attributes; - } - - if (is_array($attributes) && count($attributes) > 0) { - - foreach ($attributes as $k => $v) { - - if (!isset($this->_schemaAttrs[$k])) { - - $attr = $this->_schema->get('attribute', $k); - if (self::isError($attr)) { - continue; - } - - if (false !== strpos($attr['syntax'], '1.3.6.1.4.1.1466.115.121.1.15')) { - $encode = true; - } else { - $encode = false; - } - $this->_schemaAttrs[$k] = $encode; - - } else { - $encode = $this->_schemaAttrs[$k]; - } - - if ($encode) { - if (is_array($v)) { - foreach ($v as $ak => $av) { - $v[$ak] = call_user_func($function, $av); - } - } else { - $v = call_user_func($function, $v); - } - } - $attributes[$k] = $v; - } - } - return $attributes; - } - - /** - * Get the LDAP link resource. It will loop attempting to - * re-establish the connection if the connection attempt fails and - * auto_reconnect has been turned on (see the _config array documentation). - * - * @access public - * @return resource LDAP link - */ - public function &getLink() - { - if ($this->_config['auto_reconnect']) { - while (true) { - // - // Return the link handle if we are already connected. Otherwise - // try to reconnect. - // - if ($this->_link !== false) { - return $this->_link; - } else { - $this->performReconnect(); - } - } - } - return $this->_link; - } -} - -/** -* Net_LDAP2_Error implements a class for reporting portable LDAP error messages. -* -* @category Net -* @package Net_LDAP2 -* @author Tarjej Huse -* @license http://www.gnu.org/copyleft/lesser.html LGPL -* @link http://pear.php.net/package/Net_LDAP22/ -*/ -class Net_LDAP2_Error extends PEAR_Error -{ - /** - * Net_LDAP2_Error constructor. - * - * @param string $message String with error message. - * @param integer $code Net_LDAP2 error code - * @param integer $mode what "error mode" to operate in - * @param mixed $level what error level to use for $mode & PEAR_ERROR_TRIGGER - * @param mixed $debuginfo additional debug info, such as the last query - * - * @access public - * @see PEAR_Error - */ - public function __construct($message = 'Net_LDAP2_Error', $code = NET_LDAP2_ERROR, $mode = PEAR_ERROR_RETURN, - $level = E_USER_NOTICE, $debuginfo = null) - { - if (is_int($code)) { - $this->PEAR_Error($message . ': ' . Net_LDAP2::errorMessage($code), $code, $mode, $level, $debuginfo); - } else { - $this->PEAR_Error("$message: $code", NET_LDAP2_ERROR, $mode, $level, $debuginfo); - } - } -} - -?> diff --git a/auth-ldap/include/Net/LDAP2/Entry.php b/auth-ldap/include/Net/LDAP2/Entry.php deleted file mode 100644 index 9988a794..00000000 --- a/auth-ldap/include/Net/LDAP2/Entry.php +++ /dev/null @@ -1,1069 +0,0 @@ - -* @author Tarjej Huse -* @author Benedikt Hallinger -* @copyright 2009 Tarjej Huse, Jan Wagner, Benedikt Hallinger -* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 -* @version SVN: $Id: Entry.php 307580 2011-01-19 12:32:05Z beni $ -* @link http://pear.php.net/package/Net_LDAP2/ -*/ - -/** -* Includes -*/ -require_once 'PEAR.php'; -require_once 'Util.php'; - -/** -* Object representation of a directory entry -* -* This class represents a directory entry. You can add, delete, replace -* attributes and their values, rename the entry, delete the entry. -* -* @category Net -* @package Net_LDAP2 -* @author Jan Wagner -* @author Tarjej Huse -* @author Benedikt Hallinger -* @license http://www.gnu.org/copyleft/lesser.html LGPL -* @link http://pear.php.net/package/Net_LDAP2/ -*/ -class Net_LDAP2_Entry extends PEAR -{ - /** - * Entry ressource identifier - * - * @access protected - * @var ressource - */ - protected $_entry = null; - - /** - * LDAP ressource identifier - * - * @access protected - * @var ressource - */ - protected $_link = null; - - /** - * Net_LDAP2 object - * - * This object will be used for updating and schema checking - * - * @access protected - * @var object Net_LDAP2 - */ - protected $_ldap = null; - - /** - * Distinguished name of the entry - * - * @access protected - * @var string - */ - protected $_dn = null; - - /** - * Attributes - * - * @access protected - * @var array - */ - protected $_attributes = array(); - - /** - * Original attributes before any modification - * - * @access protected - * @var array - */ - protected $_original = array(); - - - /** - * Map of attribute names - * - * @access protected - * @var array - */ - protected $_map = array(); - - - /** - * Is this a new entry? - * - * @access protected - * @var boolean - */ - protected $_new = true; - - /** - * New distinguished name - * - * @access protected - * @var string - */ - protected $_newdn = null; - - /** - * Shall the entry be deleted? - * - * @access protected - * @var boolean - */ - protected $_delete = false; - - /** - * Map with changes to the entry - * - * @access protected - * @var array - */ - protected $_changes = array("add" => array(), - "delete" => array(), - "replace" => array() - ); - /** - * Internal Constructor - * - * Constructor of the entry. Sets up the distinguished name and the entries - * attributes. - * You should not call this method manually! Use {@link Net_LDAP2_Entry::createFresh()} - * or {@link Net_LDAP2_Entry::createConnected()} instead! - * - * @param Net_LDAP2|ressource|array &$ldap Net_LDAP2 object, ldap-link ressource or array of attributes - * @param string|ressource $entry Either a DN or a LDAP-Entry ressource - * - * @access protected - * @return none - */ - protected function __construct(&$ldap, $entry = null) - { - $this->PEAR('Net_LDAP2_Error'); - - // set up entry resource or DN - if (is_resource($entry)) { - $this->_entry = &$entry; - } else { - $this->_dn = $entry; - } - - // set up LDAP link - if ($ldap instanceof Net_LDAP2) { - $this->_ldap = &$ldap; - $this->_link = $ldap->getLink(); - } elseif (is_resource($ldap)) { - $this->_link = $ldap; - } elseif (is_array($ldap)) { - // Special case: here $ldap is an array of attributes, - // this means, we have no link. This is a "virtual" entry. - // We just set up the attributes so one can work with the object - // as expected, but an update() fails unless setLDAP() is called. - $this->setAttributes($ldap); - } - - // if this is an entry existing in the directory, - // then set up as old and fetch attrs - if (is_resource($this->_entry) && is_resource($this->_link)) { - $this->_new = false; - $this->_dn = @ldap_get_dn($this->_link, $this->_entry); - $this->setAttributes(); // fetch attributes from server - } - } - - /** - * Creates a fresh entry that may be added to the directory later on - * - * Use this method, if you want to initialize a fresh entry. - * - * The method should be called statically: $entry = Net_LDAP2_Entry::createFresh(); - * You should put a 'objectClass' attribute into the $attrs so the directory server - * knows which object you want to create. However, you may omit this in case you - * don't want to add this entry to a directory server. - * - * The attributes parameter is as following: - * - * $attrs = array( 'attribute1' => array('value1', 'value2'), - * 'attribute2' => 'single value' - * ); - * - * - * @param string $dn DN of the Entry - * @param array $attrs Attributes of the entry - * - * @static - * @return Net_LDAP2_Entry|Net_LDAP2_Error - */ - public static function createFresh($dn, $attrs = array()) - { - if (!is_array($attrs)) { - return PEAR::raiseError("Unable to create fresh entry: Parameter \$attrs needs to be an array!"); - } - - $entry = new Net_LDAP2_Entry($attrs, $dn); - return $entry; - } - - /** - * Creates a Net_LDAP2_Entry object out of an ldap entry resource - * - * Use this method, if you want to initialize an entry object that is - * already present in some directory and that you have read manually. - * - * Please note, that if you want to create an entry object that represents - * some already existing entry, you should use {@link createExisting()}. - * - * The method should be called statically: $entry = Net_LDAP2_Entry::createConnected(); - * - * @param Net_LDAP2 $ldap Net_LDA2 object - * @param resource $entry PHP LDAP entry resource - * - * @static - * @return Net_LDAP2_Entry|Net_LDAP2_Error - */ - public static function createConnected($ldap, $entry) - { - if (!$ldap instanceof Net_LDAP2) { - return PEAR::raiseError("Unable to create connected entry: Parameter \$ldap needs to be a Net_LDAP2 object!"); - } - if (!is_resource($entry)) { - return PEAR::raiseError("Unable to create connected entry: Parameter \$entry needs to be a ldap entry resource!"); - } - - $entry = new Net_LDAP2_Entry($ldap, $entry); - return $entry; - } - - /** - * Creates an Net_LDAP2_Entry object that is considered already existing - * - * Use this method, if you want to modify an already existing entry - * without fetching it first. - * In most cases however, it is better to fetch the entry via Net_LDAP2->getEntry()! - * - * Please note that you should take care if you construct entries manually with this - * because you may get weird synchronisation problems. - * The attributes and values as well as the entry itself are considered existent - * which may produce errors if you try to modify an entry which doesn't really exist - * or if you try to overwrite some attribute with an value already present. - * - * This method is equal to calling createFresh() and after that markAsNew(FALSE). - * - * The method should be called statically: $entry = Net_LDAP2_Entry::createExisting(); - * - * The attributes parameter is as following: - * - * $attrs = array( 'attribute1' => array('value1', 'value2'), - * 'attribute2' => 'single value' - * ); - * - * - * @param string $dn DN of the Entry - * @param array $attrs Attributes of the entry - * - * @static - * @return Net_LDAP2_Entry|Net_LDAP2_Error - */ - public static function createExisting($dn, $attrs = array()) - { - if (!is_array($attrs)) { - return PEAR::raiseError("Unable to create entry object: Parameter \$attrs needs to be an array!"); - } - - $entry = Net_LDAP2_Entry::createFresh($dn, $attrs); - if ($entry instanceof Net_LDAP2_Error) { - return $entry; - } else { - $entry->markAsNew(false); - return $entry; - } - } - - /** - * Get or set the distinguished name of the entry - * - * If called without an argument the current (or the new DN if set) DN gets returned. - * If you provide an DN, this entry is moved to the new location specified if a DN existed. - * If the DN was not set, the DN gets initialized. Call {@link update()} to actually create - * the new Entry in the directory. - * To fetch the current active DN after setting a new DN but before an update(), you can use - * {@link currentDN()} to retrieve the DN that is currently active. - * - * Please note that special characters (eg german umlauts) should be encoded using utf8_encode(). - * You may use {@link Net_LDAP2_Util::canonical_dn()} for properly encoding of the DN. - * - * @param string $dn New distinguished name - * - * @access public - * @return string|true Distinguished name (or true if a new DN was provided) - */ - public function dn($dn = null) - { - if (false == is_null($dn)) { - if (is_null($this->_dn)) { - $this->_dn = $dn; - } else { - $this->_newdn = $dn; - } - return true; - } - return (isset($this->_newdn) ? $this->_newdn : $this->currentDN()); - } - - /** - * Renames or moves the entry - * - * This is just a convinience alias to {@link dn()} - * to make your code more meaningful. - * - * @param string $newdn The new DN - * - * @return true - */ - public function move($newdn) - { - return $this->dn($newdn); - } - - /** - * Sets the internal attributes array - * - * This fetches the values for the attributes from the server. - * The attribute Syntax will be checked so binary attributes will be returned - * as binary values. - * - * Attributes may be passed directly via the $attributes parameter to setup this - * entry manually. This overrides attribute fetching from the server. - * - * @param array $attributes Attributes to set for this entry - * - * @access protected - * @return void - */ - protected function setAttributes($attributes = null) - { - /* - * fetch attributes from the server - */ - if (is_null($attributes) && is_resource($this->_entry) && is_resource($this->_link)) { - // fetch schema - if ($this->_ldap instanceof Net_LDAP2) { - $schema =& $this->_ldap->schema(); - } - // fetch attributes - $attributes = array(); - do { - if (empty($attr)) { - $ber = null; - $attr = @ldap_first_attribute($this->_link, $this->_entry, $ber); - } else { - $attr = @ldap_next_attribute($this->_link, $this->_entry, $ber); - } - if ($attr) { - $func = 'ldap_get_values'; // standard function to fetch value - - // Try to get binary values as binary data - if ($schema instanceof Net_LDAP2_Schema) { - if ($schema->isBinary($attr)) { - $func = 'ldap_get_values_len'; - } - } - // fetch attribute value (needs error checking?) - $attributes[$attr] = $func($this->_link, $this->_entry, $attr); - } - } while ($attr); - } - - /* - * set attribute data directly, if passed - */ - if (is_array($attributes) && count($attributes) > 0) { - if (isset($attributes["count"]) && is_numeric($attributes["count"])) { - unset($attributes["count"]); - } - foreach ($attributes as $k => $v) { - // attribute names should not be numeric - if (is_numeric($k)) { - continue; - } - // map generic attribute name to real one - $this->_map[strtolower($k)] = $k; - // attribute values should be in an array - if (false == is_array($v)) { - $v = array($v); - } - // remove the value count (comes from ldap server) - if (isset($v["count"])) { - unset($v["count"]); - } - $this->_attributes[$k] = $v; - } - } - - // save a copy for later use - $this->_original = $this->_attributes; - } - - /** - * Get the values of all attributes in a hash - * - * The returned hash has the form - * array('attributename' => 'single value', - * 'attributename' => array('value1', value2', value3')) - * Only attributes present at the entry will be returned. - * - * @access public - * @return array Hash of all attributes with their values - */ - public function getValues() - { - $attrs = array(); - foreach ($this->_attributes as $attr => $value) { - $attrs[$attr] = $this->getValue($attr); - } - return $attrs; - } - - /** - * Get the value of a specific attribute - * - * The first parameter is the name of the attribute - * The second parameter influences the way the value is returned: - * 'single': only the first value is returned as string - * 'all': all values including the value count are returned in an array - * 'default': in all other cases an attribute value with a single value is - * returned as string, if it has multiple values it is returned - * as an array (without value count) - * - * If the attribute is not set at this entry (no value or not defined in - * schema), an empty string is returned. - * - * You may use Net_LDAP2_Schema->checkAttribute() to see if the attribute - * is defined for the objectClasses of this entry. - * - * @param string $attr Attribute name - * @param string $option Option - * - * @access public - * @return string|array|PEAR_Error string, array or PEAR_Error - */ - public function getValue($attr, $option = null) - { - $attr = $this->getAttrName($attr); - - // If the attribute is not set at the entry, return an empty value. - // Users should do schema checks if they want to know if an attribute is - // valid for an entrys OCLs. - if (!array_key_exists($attr, $this->_attributes)) { - $value = array(''); - } else { - $value = $this->_attributes[$attr]; - } - - // format the attribute values depending on $option - if ($option == "single" || (count($value) == 1 && $option != 'all')) { - $value = array_shift($value); - } - - return $value; - } - - /** - * Alias function of getValue for perl-ldap interface - * - * @see getValue() - * @return string|array|PEAR_Error - */ - public function get_value() - { - $args = func_get_args(); - return call_user_func_array(array( &$this, 'getValue' ), $args); - } - - /** - * Returns an array of attributes names - * - * @access public - * @return array Array of attribute names - */ - public function attributes() - { - return array_keys($this->_attributes); - } - - /** - * Returns whether an attribute exists or not - * - * @param string $attr Attribute name - * - * @access public - * @return boolean - */ - public function exists($attr) - { - $attr = $this->getAttrName($attr); - return array_key_exists($attr, $this->_attributes); - } - - /** - * Adds a new attribute or a new value to an existing attribute - * - * The paramter has to be an array of the form: - * array('attributename' => 'single value', - * 'attributename' => array('value1', 'value2)) - * When the attribute already exists the values will be added, else the - * attribute will be created. These changes are local to the entry and do - * not affect the entry on the server until update() is called. - * - * Note, that you can add values of attributes that you haven't selected, but if - * you do so, {@link getValue()} and {@link getValues()} will only return the - * values you added, _NOT_ all values present on the server. To avoid this, just refetch - * the entry after calling {@link update()} or select the attribute. - * - * @param array $attr Attributes to add - * - * @access public - * @return true|Net_LDAP2_Error - */ - public function add($attr = array()) - { - if (false == is_array($attr)) { - return PEAR::raiseError("Parameter must be an array"); - } - if ($this->isNew()) { - $this->setAttributes($attr); - } else { - foreach ($attr as $k => $v) { - $k = $this->getAttrName($k); - if (false == is_array($v)) { - // Do not add empty values - if ($v == null) { - continue; - } else { - $v = array($v); - } - } - // add new values to existing attribute or add new attribute - if ($this->exists($k)) { - $this->_attributes[$k] = array_unique(array_merge($this->_attributes[$k], $v)); - } else { - $this->_map[strtolower($k)] = $k; - $this->_attributes[$k] = $v; - } - // save changes for update() - if (empty($this->_changes["add"][$k])) { - $this->_changes["add"][$k] = array(); - } - $this->_changes["add"][$k] = array_unique(array_merge($this->_changes["add"][$k], $v)); - } - } - $return = true; - return $return; - } - - /** - * Deletes an whole attribute or a value or the whole entry - * - * The parameter can be one of the following: - * - * "attributename" - The attribute as a whole will be deleted - * array("attributename1", "attributename2) - All given attributes will be - * deleted - * array("attributename" => "value") - The value will be deleted - * array("attributename" => array("value1", "value2") - The given values - * will be deleted - * If $attr is null or omitted , then the whole Entry will be deleted! - * - * These changes are local to the entry and do - * not affect the entry on the server until {@link update()} is called. - * - * Please note that you must select the attribute (at $ldap->search() for example) - * to be able to delete values of it, Otherwise {@link update()} will silently fail - * and remove nothing. - * - * @param string|array $attr Attributes to delete (NULL or missing to delete whole entry) - * - * @access public - * @return true - */ - public function delete($attr = null) - { - if (is_null($attr)) { - $this->_delete = true; - return true; - } - if (is_string($attr)) { - $attr = array($attr); - } - // Make the assumption that attribute names cannot be numeric, - // therefore this has to be a simple list of attribute names to delete - if (is_numeric(key($attr))) { - foreach ($attr as $name) { - if (is_array($name)) { - // someone mixed modes (list mode but specific values given!) - $del_attr_name = array_search($name, $attr); - $this->delete(array($del_attr_name => $name)); - } else { - // mark for update() if this attr was not marked before - $name = $this->getAttrName($name); - if ($this->exists($name)) { - $this->_changes["delete"][$name] = null; - unset($this->_attributes[$name]); - } - } - } - } else { - // Here we have a hash with "attributename" => "value to delete" - foreach ($attr as $name => $values) { - if (is_int($name)) { - // someone mixed modes and gave us just an attribute name - $this->delete($values); - } else { - // mark for update() if this attr was not marked before; - // this time it must consider the selected values also - $name = $this->getAttrName($name); - if ($this->exists($name)) { - if (false == is_array($values)) { - $values = array($values); - } - // save values to be deleted - if (empty($this->_changes["delete"][$name])) { - $this->_changes["delete"][$name] = array(); - } - $this->_changes["delete"][$name] = - array_unique(array_merge($this->_changes["delete"][$name], $values)); - foreach ($values as $value) { - // find the key for the value that should be deleted - $key = array_search($value, $this->_attributes[$name]); - if (false !== $key) { - // delete the value - unset($this->_attributes[$name][$key]); - } - } - } - } - } - } - $return = true; - return $return; - } - - /** - * Replaces attributes or its values - * - * The parameter has to an array of the following form: - * array("attributename" => "single value", - * "attribute2name" => array("value1", "value2"), - * "deleteme1" => null, - * "deleteme2" => "") - * If the attribute does not yet exist it will be added instead (see also $force). - * If the attribue value is null, the attribute will de deleted. - * - * These changes are local to the entry and do - * not affect the entry on the server until {@link update()} is called. - * - * In some cases you are not allowed to read the attributes value (for - * example the ActiveDirectory attribute unicodePwd) but are allowed to - * replace the value. In this case replace() would assume that the attribute - * is not in the directory yet and tries to add it which will result in an - * LDAP_TYPE_OR_VALUE_EXISTS error. - * To force replace mode instead of add, you can set $force to true. - * - * @param array $attr Attributes to replace - * @param bool $force Force replacing mode in case we can't read the attr value but are allowed to replace it - * - * @access public - * @return true|Net_LDAP2_Error - */ - public function replace($attr = array(), $force = false) - { - if (false == is_array($attr)) { - return PEAR::raiseError("Parameter must be an array"); - } - foreach ($attr as $k => $v) { - $k = $this->getAttrName($k); - if (false == is_array($v)) { - // delete attributes with empty values; treat ints as string - if (is_int($v)) { - $v = "$v"; - } - if ($v == null) { - $this->delete($k); - continue; - } else { - $v = array($v); - } - } - // existing attributes will get replaced - if ($this->exists($k) || $force) { - $this->_changes["replace"][$k] = $v; - $this->_attributes[$k] = $v; - } else { - // new ones just get added - $this->add(array($k => $v)); - } - } - $return = true; - return $return; - } - - /** - * Update the entry on the directory server - * - * This will evaluate all changes made so far and send them - * to the directory server. - * Please note, that if you make changes to objectclasses wich - * have mandatory attributes set, update() will currently fail. - * Remove the entry from the server and readd it as new in such cases. - * This also will deal with problems with setting structural object classes. - * - * @param Net_LDAP2 $ldap If passed, a call to setLDAP() is issued prior update, thus switching the LDAP-server. This is for perl-ldap interface compliance - * - * @access public - * @return true|Net_LDAP2_Error - * @todo Entry rename with a DN containing special characters needs testing! - */ - public function update($ldap = null) - { - if ($ldap) { - $msg = $this->setLDAP($ldap); - if (Net_LDAP2::isError($msg)) { - return PEAR::raiseError('You passed an invalid $ldap variable to update()'); - } - } - - // ensure we have a valid LDAP object - $ldap =& $this->getLDAP(); - if (!$ldap instanceof Net_LDAP2) { - return PEAR::raiseError("The entries LDAP object is not valid"); - } - - // Get and check link - $link = $ldap->getLink(); - if (!is_resource($link)) { - return PEAR::raiseError("Could not update entry: internal LDAP link is invalid"); - } - - /* - * Delete the entry - */ - if (true === $this->_delete) { - return $ldap->delete($this); - } - - /* - * New entry - */ - if (true === $this->_new) { - $msg = $ldap->add($this); - if (Net_LDAP2::isError($msg)) { - return $msg; - } - $this->_new = false; - $this->_changes['add'] = array(); - $this->_changes['delete'] = array(); - $this->_changes['replace'] = array(); - $this->_original = $this->_attributes; - - $return = true; - return $return; - } - - /* - * Rename/move entry - */ - if (false == is_null($this->_newdn)) { - if ($ldap->getLDAPVersion() !== 3) { - return PEAR::raiseError("Renaming/Moving an entry is only supported in LDAPv3"); - } - // make dn relative to parent (needed for ldap rename) - $parent = Net_LDAP2_Util::ldap_explode_dn($this->_newdn, array('casefolding' => 'none', 'reverse' => false, 'onlyvalues' => false)); - if (Net_LDAP2::isError($parent)) { - return $parent; - } - $child = array_shift($parent); - // maybe the dn consist of a multivalued RDN, we must build the dn in this case - // because the $child-RDN is an array! - if (is_array($child)) { - $child = Net_LDAP2_Util::canonical_dn($child); - } - $parent = Net_LDAP2_Util::canonical_dn($parent); - - // rename/move - if (false == @ldap_rename($link, $this->_dn, $child, $parent, true)) { - return PEAR::raiseError("Entry not renamed: " . - @ldap_error($link), @ldap_errno($link)); - } - // reflect changes to local copy - $this->_dn = $this->_newdn; - $this->_newdn = null; - } - - /* - * Carry out modifications to the entry - */ - // ADD - foreach ($this->_changes["add"] as $attr => $value) { - // if attribute exists, add new values - if ($this->exists($attr)) { - if (false === @ldap_mod_add($link, $this->dn(), array($attr => $value))) { - return PEAR::raiseError("Could not add new values to attribute $attr: " . - @ldap_error($link), @ldap_errno($link)); - } - } else { - // new attribute - if (false === @ldap_modify($link, $this->dn(), array($attr => $value))) { - return PEAR::raiseError("Could not add new attribute $attr: " . - @ldap_error($link), @ldap_errno($link)); - } - } - // all went well here, I guess - unset($this->_changes["add"][$attr]); - } - - // DELETE - foreach ($this->_changes["delete"] as $attr => $value) { - // In LDAPv3 you need to specify the old values for deleting - if (is_null($value) && $ldap->getLDAPVersion() === 3) { - $value = $this->_original[$attr]; - } - if (false === @ldap_mod_del($link, $this->dn(), array($attr => $value))) { - return PEAR::raiseError("Could not delete attribute $attr: " . - @ldap_error($link), @ldap_errno($link)); - } - unset($this->_changes["delete"][$attr]); - } - - // REPLACE - foreach ($this->_changes["replace"] as $attr => $value) { - if (false === @ldap_modify($link, $this->dn(), array($attr => $value))) { - return PEAR::raiseError("Could not replace attribute $attr values: " . - @ldap_error($link), @ldap_errno($link)); - } - unset($this->_changes["replace"][$attr]); - } - - // all went well, so _original (server) becomes _attributes (local copy) - $this->_original = $this->_attributes; - - $return = true; - return $return; - } - - /** - * Returns the right attribute name - * - * @param string $attr Name of attribute - * - * @access protected - * @return string The right name of the attribute - */ - protected function getAttrName($attr) - { - $name = strtolower($attr); - if (array_key_exists($name, $this->_map)) { - $attr = $this->_map[$name]; - } - return $attr; - } - - /** - * Returns a reference to the LDAP-Object of this entry - * - * @access public - * @return Net_LDAP2|Net_LDAP2_Error Reference to the Net_LDAP2 Object (the connection) or Net_LDAP2_Error - */ - public function &getLDAP() - { - if (!$this->_ldap instanceof Net_LDAP2) { - $err = new PEAR_Error('LDAP is not a valid Net_LDAP2 object'); - return $err; - } else { - return $this->_ldap; - } - } - - /** - * Sets a reference to the LDAP-Object of this entry - * - * After setting a Net_LDAP2 object, calling update() will use that object for - * updating directory contents. Use this to dynamicly switch directorys. - * - * @param Net_LDAP2 &$ldap Net_LDAP2 object that this entry should be connected to - * - * @access public - * @return true|Net_LDAP2_Error - */ - public function setLDAP(&$ldap) - { - if (!$ldap instanceof Net_LDAP2) { - return PEAR::raiseError("LDAP is not a valid Net_LDAP2 object"); - } else { - $this->_ldap =& $ldap; - return true; - } - } - - /** - * Marks the entry as new/existing. - * - * If an Entry is marked as new, it will be added to the directory - * when calling {@link update()}. - * If the entry is marked as old ($mark = false), then the entry is - * assumed to be present in the directory server wich results in - * modification when calling {@link update()}. - * - * @param boolean $mark Value to set, defaults to "true" - * - * @return void - */ - public function markAsNew($mark = true) - { - $this->_new = ($mark)? true : false; - } - - /** - * Applies a regular expression onto a single- or multivalued attribute (like preg_match()) - * - * This method behaves like PHPs preg_match() but with some exceptions. - * If you want to retrieve match information, then you MUST pass the - * $matches parameter via reference! otherwise you will get no matches. - * Since it is possible to have multi valued attributes the $matches - * array will have a additionally numerical dimension (one for each value): - * - * $matches = array( - * 0 => array (usual preg_match() returnarray), - * 1 => array (usual preg_match() returnarray) - * ) - * - * Please note, that $matches will be initialized to an empty array inside. - * - * Usage example: - * - * $result = $entry->preg_match('/089(\d+)/', 'telephoneNumber', &$matches); - * if ( $result === true ){ - * echo "First match: ".$matches[0][1]; // Match of value 1, content of first bracket - * } else { - * if ( Net_LDAP2::isError($result) ) { - * echo "Error: ".$result->getMessage(); - * } else { - * echo "No match found."; - * } - * } - * - * - * Please note that it is important to test for an Net_LDAP2_Error, because objects are - * evaluating to true by default, thus if an error occured, and you only check using "==" then - * you get misleading results. Use the "identical" (===) operator to test for matches to - * avoid this as shown above. - * - * @param string $regex The regular expression - * @param string $attr_name The attribute to search in - * @param array $matches (optional, PASS BY REFERENCE!) Array to store matches in - * - * @return boolean|Net_LDAP2_Error TRUE, if we had a match in one of the values, otherwise false. Net_LDAP2_Error in case something went wrong - */ - public function pregMatch($regex, $attr_name, $matches = array()) - { - $matches = array(); - - // fetch attribute values - $attr = $this->getValue($attr_name, 'all'); - if (Net_LDAP2::isError($attr)) { - return $attr; - } else { - unset($attr['count']); - } - - // perform preg_match() on all values - $match = false; - foreach ($attr as $thisvalue) { - $matches_int = array(); - if (preg_match($regex, $thisvalue, $matches_int)) { - $match = true; - array_push($matches, $matches_int); // store matches in reference - } - } - return $match; - } - - /** - * Alias of {@link pregMatch()} for compatibility to Net_LDAP 1 - * - * @see pregMatch() - * @return boolean|Net_LDAP2_Error - */ - public function preg_match() - { - $args = func_get_args(); - return call_user_func_array(array( &$this, 'pregMatch' ), $args); - } - - /** - * Tells if the entry is consiedered as new (not present in the server) - * - * Please note, that this doesn't tell you if the entry is present on the server. - * Use {@link Net_LDAP2::dnExists()} to see if an entry is already there. - * - * @return boolean - */ - public function isNew() - { - return $this->_new; - } - - - /** - * Is this entry going to be deleted once update() is called? - * - * @return boolean - */ - public function willBeDeleted() - { - return $this->_delete; - } - - /** - * Is this entry going to be moved once update() is called? - * - * @return boolean - */ - public function willBeMoved() - { - return ($this->dn() !== $this->currentDN()); - } - - /** - * Returns always the original DN - * - * If an entry will be moved but {@link update()} was not called, - * {@link dn()} will return the new DN. This method however, returns - * always the current active DN. - * - * @return string - */ - public function currentDN() - { - return $this->_dn; - } - - /** - * Returns the attribute changes to be carried out once update() is called - * - * @return array - */ - public function getChanges() - { - return $this->_changes; - } -} -?> diff --git a/auth-ldap/include/Net/LDAP2/Filter.php b/auth-ldap/include/Net/LDAP2/Filter.php deleted file mode 100644 index d046aa2a..00000000 --- a/auth-ldap/include/Net/LDAP2/Filter.php +++ /dev/null @@ -1,547 +0,0 @@ - -* @copyright 2009 Benedikt Hallinger -* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 -* @version SVN: $Id: Filter.php 318470 2011-10-27 12:57:05Z beni $ -* @link http://pear.php.net/package/Net_LDAP2/ -*/ - -/** -* Includes -*/ -require_once 'PEAR.php'; -require_once 'Util.php'; - -/** -* Object representation of a part of a LDAP filter. -* -* This Class is not completely compatible to the PERL interface! -* -* The purpose of this class is, that users can easily build LDAP filters -* without having to worry about right escaping etc. -* A Filter is built using several independent filter objects -* which are combined afterwards. This object works in two -* modes, depending how the object is created. -* If the object is created using the {@link create()} method, then this is a leaf-object. -* If the object is created using the {@link combine()} method, then this is a container object. -* -* LDAP filters are defined in RFC-2254 and can be found under -* {@link http://www.ietf.org/rfc/rfc2254.txt} -* -* Here a quick copy&paste example: -* -* $filter0 = Net_LDAP2_Filter::create('stars', 'equals', '***'); -* $filter_not0 = Net_LDAP2_Filter::combine('not', $filter0); -* -* $filter1 = Net_LDAP2_Filter::create('gn', 'begins', 'bar'); -* $filter2 = Net_LDAP2_Filter::create('gn', 'ends', 'baz'); -* $filter_comp = Net_LDAP2_Filter::combine('or',array($filter_not0, $filter1, $filter2)); -* -* echo $filter_comp->asString(); -* // This will output: (|(!(stars=\0x5c0x2a\0x5c0x2a\0x5c0x2a))(gn=bar*)(gn=*baz)) -* // The stars in $filter0 are treaten as real stars unless you disable escaping. -* -* -* @category Net -* @package Net_LDAP2 -* @author Benedikt Hallinger -* @license http://www.gnu.org/copyleft/lesser.html LGPL -* @link http://pear.php.net/package/Net_LDAP2/ -*/ -class Net_LDAP2_Filter extends PEAR -{ - /** - * Storage for combination of filters - * - * This variable holds a array of filter objects - * that should be combined by this filter object. - * - * @access protected - * @var array - */ - protected $_subfilters = array(); - - /** - * Match of this filter - * - * If this is a leaf filter, then a matching rule is stored, - * if it is a container, then it is a logical operator - * - * @access protected - * @var string - */ - protected $_match; - - /** - * Single filter - * - * If we operate in leaf filter mode, - * then the constructing method stores - * the filter representation here - * - * @acces private - * @var string - */ - protected $_filter; - - /** - * Create a new Net_LDAP2_Filter object and parse $filter. - * - * This is for PERL Net::LDAP interface. - * Construction of Net_LDAP2_Filter objects should happen through either - * {@link create()} or {@link combine()} which give you more control. - * However, you may use the perl iterface if you already have generated filters. - * - * @param string $filter LDAP filter string - * - * @see parse() - */ - public function __construct($filter = false) - { - // The optional parameter must remain here, because otherwise create() crashes - if (false !== $filter) { - $filter_o = self::parse($filter); - if (PEAR::isError($filter_o)) { - $this->_filter = $filter_o; // assign error, so asString() can report it - } else { - $this->_filter = $filter_o->asString(); - } - } - } - - /** - * Constructor of a new part of a LDAP filter. - * - * The following matching rules exists: - * - equals: One of the attributes values is exactly $value - * Please note that case sensitiviness is depends on the - * attributes syntax configured in the server. - * - begins: One of the attributes values must begin with $value - * - ends: One of the attributes values must end with $value - * - contains: One of the attributes values must contain $value - * - present | any: The attribute can contain any value but must be existent - * - greater: The attributes value is greater than $value - * - less: The attributes value is less than $value - * - greaterOrEqual: The attributes value is greater or equal than $value - * - lessOrEqual: The attributes value is less or equal than $value - * - approx: One of the attributes values is similar to $value - * - * Negation ("not") can be done by prepending the above operators with the - * "not" or "!" keyword, see example below. - * - * If $escape is set to true (default) then $value will be escaped - * properly. If it is set to false then $value will be treaten as raw filter value string. - * You should escape yourself using {@link Net_LDAP2_Util::escape_filter_value()}! - * - * Examples: - * - * // This will find entries that contain an attribute "sn" that ends with "foobar": - * $filter = Net_LDAP2_Filter::create('sn', 'ends', 'foobar'); - * - * // This will find entries that contain an attribute "sn" that has any value set: - * $filter = Net_LDAP2_Filter::create('sn', 'any'); - * - * // This will build a negated equals filter: - * $filter = Net_LDAP2_Filter::create('sn', 'not equals', 'foobar'); - * - * - * @param string $attr_name Name of the attribute the filter should apply to - * @param string $match Matching rule (equals, begins, ends, contains, greater, less, greaterOrEqual, lessOrEqual, approx, any) - * @param string $value (optional) if given, then this is used as a filter - * @param boolean $escape Should $value be escaped? (default: yes, see {@link Net_LDAP2_Util::escape_filter_value()} for detailed information) - * - * @return Net_LDAP2_Filter|Net_LDAP2_Error - */ - public static function &create($attr_name, $match, $value = '', $escape = true) - { - $leaf_filter = new Net_LDAP2_Filter(); - if ($escape) { - $array = Net_LDAP2_Util::escape_filter_value(array($value)); - $value = $array[0]; - } - - $match = strtolower($match); - - // detect negation - $neg_matches = array(); - $negate_filter = false; - if (preg_match('/^(?:not|!)[\s_-](.+)/', $match, $neg_matches)) { - $negate_filter = true; - $match = $neg_matches[1]; - } - - // build basic filter - switch ($match) { - case 'equals': - case '=': - case '==': - $leaf_filter->_filter = '(' . $attr_name . '=' . $value . ')'; - break; - case 'begins': - $leaf_filter->_filter = '(' . $attr_name . '=' . $value . '*)'; - break; - case 'ends': - $leaf_filter->_filter = '(' . $attr_name . '=*' . $value . ')'; - break; - case 'contains': - $leaf_filter->_filter = '(' . $attr_name . '=*' . $value . '*)'; - break; - case 'greater': - case '>': - $leaf_filter->_filter = '(' . $attr_name . '>' . $value . ')'; - break; - case 'less': - case '<': - $leaf_filter->_filter = '(' . $attr_name . '<' . $value . ')'; - break; - case 'greaterorequal': - case '>=': - $leaf_filter->_filter = '(' . $attr_name . '>=' . $value . ')'; - break; - case 'lessorequal': - case '<=': - $leaf_filter->_filter = '(' . $attr_name . '<=' . $value . ')'; - break; - case 'approx': - case '~=': - $leaf_filter->_filter = '(' . $attr_name . '~=' . $value . ')'; - break; - case 'any': - case 'present': // alias that may improve user code readability - $leaf_filter->_filter = '(' . $attr_name . '=*)'; - break; - default: - return PEAR::raiseError('Net_LDAP2_Filter create error: matching rule "' . $match . '" not known!'); - } - - // negate if requested - if ($negate_filter) { - $leaf_filter = Net_LDAP2_Filter::combine('!', $leaf_filter); - } - - return $leaf_filter; - } - - /** - * Combine two or more filter objects using a logical operator - * - * This static method combines two or more filter objects and returns one single - * filter object that contains all the others. - * Call this method statically: $filter = Net_LDAP2_Filter::combine('or', array($filter1, $filter2)) - * If the array contains filter strings instead of filter objects, we will try to parse them. - * - * @param string $log_op The locical operator. May be "and", "or", "not" or the subsequent logical equivalents "&", "|", "!" - * @param array|Net_LDAP2_Filter $filters array with Net_LDAP2_Filter objects - * - * @return Net_LDAP2_Filter|Net_LDAP2_Error - * @static - */ - public static function &combine($log_op, $filters) - { - if (PEAR::isError($filters)) { - return $filters; - } - - // substitude named operators to logical operators - if ($log_op == 'and') $log_op = '&'; - if ($log_op == 'or') $log_op = '|'; - if ($log_op == 'not') $log_op = '!'; - - // tests for sane operation - if ($log_op == '!') { - // Not-combination, here we only accept one filter object or filter string - if ($filters instanceof Net_LDAP2_Filter) { - $filters = array($filters); // force array - } elseif (is_string($filters)) { - $filter_o = self::parse($filters); - if (PEAR::isError($filter_o)) { - $err = PEAR::raiseError('Net_LDAP2_Filter combine error: '.$filter_o->getMessage()); - return $err; - } else { - $filters = array($filter_o); - } - } elseif (is_array($filters)) { - if (count($filters) != 1) { - $err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is an array!'); - return $err; - } elseif (!($filters[0] instanceof Net_LDAP2_Filter)) { - $err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is not a valid Net_LDAP2_Filter nor a filter string!'); - return $err; - } - } else { - $err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is not a valid Net_LDAP2_Filter nor a filter string!'); - return $err; - } - } elseif ($log_op == '&' || $log_op == '|') { - if (!is_array($filters) || count($filters) < 2) { - $err = PEAR::raiseError('Net_LDAP2_Filter combine error: parameter $filters is not an array or contains less than two Net_LDAP2_Filter objects!'); - return $err; - } - } else { - $err = PEAR::raiseError('Net_LDAP2_Filter combine error: logical operator is not known!'); - return $err; - } - - $combined_filter = new Net_LDAP2_Filter(); - foreach ($filters as $key => $testfilter) { // check for errors - if (PEAR::isError($testfilter)) { - return $testfilter; - } elseif (is_string($testfilter)) { - // string found, try to parse into an filter object - $filter_o = self::parse($testfilter); - if (PEAR::isError($filter_o)) { - return $filter_o; - } else { - $filters[$key] = $filter_o; - } - } elseif (!$testfilter instanceof Net_LDAP2_Filter) { - $err = PEAR::raiseError('Net_LDAP2_Filter combine error: invalid object passed in array $filters!'); - return $err; - } - } - - $combined_filter->_subfilters = $filters; - $combined_filter->_match = $log_op; - return $combined_filter; - } - - /** - * Parse FILTER into a Net_LDAP2_Filter object - * - * This parses an filter string into Net_LDAP2_Filter objects. - * - * @param string $FILTER The filter string - * - * @access static - * @return Net_LDAP2_Filter|Net_LDAP2_Error - * @todo Leaf-mode: Do we need to escape at all? what about *-chars?check for the need of encoding values, tackle problems (see code comments) - */ - public static function parse($FILTER) - { - if (preg_match('/^\((.+?)\)$/', $FILTER, $matches)) { - if (in_array(substr($matches[1], 0, 1), array('!', '|', '&'))) { - // Subfilter processing: pass subfilters to parse() and combine - // the objects using the logical operator detected - // we have now something like "&(...)(...)(...)" but at least one part ("!(...)"). - // Each subfilter could be an arbitary complex subfilter. - - // extract logical operator and filter arguments - $log_op = substr($matches[1], 0, 1); - $remaining_component = substr($matches[1], 1); - - // split $remaining_component into individual subfilters - // we cannot use split() for this, because we do not know the - // complexiness of the subfilter. Thus, we look trough the filter - // string and just recognize ending filters at the first level. - // We record the index number of the char and use that information - // later to split the string. - $sub_index_pos = array(); - $prev_char = ''; // previous character looked at - $level = 0; // denotes the current bracket level we are, - // >1 is too deep, 1 is ok, 0 is outside any - // subcomponent - for ($curpos = 0; $curpos < strlen($remaining_component); $curpos++) { - $cur_char = substr($remaining_component, $curpos, 1); - - // rise/lower bracket level - if ($cur_char == '(' && $prev_char != '\\') { - $level++; - } elseif ($cur_char == ')' && $prev_char != '\\') { - $level--; - } - - if ($cur_char == '(' && $prev_char == ')' && $level == 1) { - array_push($sub_index_pos, $curpos); // mark the position for splitting - } - $prev_char = $cur_char; - } - - // now perform the splits. To get also the last part, we - // need to add the "END" index to the split array - array_push($sub_index_pos, strlen($remaining_component)); - $subfilters = array(); - $oldpos = 0; - foreach ($sub_index_pos as $s_pos) { - $str_part = substr($remaining_component, $oldpos, $s_pos - $oldpos); - array_push($subfilters, $str_part); - $oldpos = $s_pos; - } - - // some error checking... - if (count($subfilters) == 1) { - // only one subfilter found - } elseif (count($subfilters) > 1) { - // several subfilters found - if ($log_op == "!") { - return PEAR::raiseError("Filter parsing error: invalid filter syntax - NOT operator detected but several arguments given!"); - } - } else { - // this should not happen unless the user specified a wrong filter - return PEAR::raiseError("Filter parsing error: invalid filter syntax - got operator '$log_op' but no argument!"); - } - - // Now parse the subfilters into objects and combine them using the operator - $subfilters_o = array(); - foreach ($subfilters as $s_s) { - $o = self::parse($s_s); - if (PEAR::isError($o)) { - return $o; - } else { - array_push($subfilters_o, self::parse($s_s)); - } - } - - $filter_o = self::combine($log_op, $subfilters_o); - return $filter_o; - - } else { - // This is one leaf filter component, do some syntax checks, then escape and build filter_o - // $matches[1] should be now something like "foo=bar" - - // detect multiple leaf components - // [TODO] Maybe this will make problems with filters containing brackets inside the value - if (stristr($matches[1], ')(')) { - return PEAR::raiseError("Filter parsing error: invalid filter syntax - multiple leaf components detected!"); - } else { - $filter_parts = preg_split('/(?|<|>=|<=)/', $matches[1], 2, PREG_SPLIT_DELIM_CAPTURE); - if (count($filter_parts) != 3) { - return PEAR::raiseError("Filter parsing error: invalid filter syntax - unknown matching rule used"); - } else { - $filter_o = new Net_LDAP2_Filter(); - // [TODO]: Do we need to escape at all? what about *-chars user provide and that should remain special? - // I think, those prevent escaping! We need to check against PERL Net::LDAP! - // $value_arr = Net_LDAP2_Util::escape_filter_value(array($filter_parts[2])); - // $value = $value_arr[0]; - $value = $filter_parts[2]; - $filter_o->_filter = '('.$filter_parts[0].$filter_parts[1].$value.')'; - return $filter_o; - } - } - } - } else { - // ERROR: Filter components must be enclosed in round brackets - return PEAR::raiseError("Filter parsing error: invalid filter syntax - filter components must be enclosed in round brackets"); - } - } - - /** - * Get the string representation of this filter - * - * This method runs through all filter objects and creates - * the string representation of the filter. If this - * filter object is a leaf filter, then it will return - * the string representation of this filter. - * - * @return string|Net_LDAP2_Error - */ - public function asString() - { - if ($this->isLeaf()) { - $return = $this->_filter; - } else { - $return = ''; - foreach ($this->_subfilters as $filter) { - $return = $return.$filter->asString(); - } - $return = '(' . $this->_match . $return . ')'; - } - return $return; - } - - /** - * Alias for perl interface as_string() - * - * @see asString() - * @return string|Net_LDAP2_Error - */ - public function as_string() - { - return $this->asString(); - } - - /** - * Print the text representation of the filter to FH, or the currently selected output handle if FH is not given - * - * This method is only for compatibility to the perl interface. - * However, the original method was called "print" but due to PHP language restrictions, - * we can't have a print() method. - * - * @param resource $FH (optional) A filehandle resource - * - * @return true|Net_LDAP2_Error - */ - public function printMe($FH = false) - { - if (!is_resource($FH)) { - if (PEAR::isError($FH)) { - return $FH; - } - $filter_str = $this->asString(); - if (PEAR::isError($filter_str)) { - return $filter_str; - } else { - print($filter_str); - } - } else { - $filter_str = $this->asString(); - if (PEAR::isError($filter_str)) { - return $filter_str; - } else { - $res = @fwrite($FH, $this->asString()); - if ($res == false) { - return PEAR::raiseError("Unable to write filter string to filehandle \$FH!"); - } - } - } - return true; - } - - /** - * This can be used to escape a string to provide a valid LDAP-Filter. - * - * LDAP will only recognise certain characters as the - * character istself if they are properly escaped. This is - * what this method does. - * The method can be called statically, so you can use it outside - * for your own purposes (eg for escaping only parts of strings) - * - * In fact, this is just a shorthand to {@link Net_LDAP2_Util::escape_filter_value()}. - * For upward compatibiliy reasons you are strongly encouraged to use the escape - * methods provided by the Net_LDAP2_Util class. - * - * @param string $value Any string who should be escaped - * - * @static - * @return string The string $string, but escaped - * @deprecated Do not use this method anymore, instead use Net_LDAP2_Util::escape_filter_value() directly - */ - public static function escape($value) - { - $return = Net_LDAP2_Util::escape_filter_value(array($value)); - return $return[0]; - } - - /** - * Is this a container or a leaf filter object? - * - * @access protected - * @return boolean - */ - protected function isLeaf() - { - if (count($this->_subfilters) > 0) { - return false; // Container! - } else { - return true; // Leaf! - } - } -} -?> diff --git a/auth-ldap/include/Net/LDAP2/LDIF.php b/auth-ldap/include/Net/LDAP2/LDIF.php deleted file mode 100644 index 22ed11ef..00000000 --- a/auth-ldap/include/Net/LDAP2/LDIF.php +++ /dev/null @@ -1,923 +0,0 @@ - -* @copyright 2009 Benedikt Hallinger -* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 -* @version SVN: $Id: LDIF.php 302696 2010-08-23 12:48:07Z beni $ -* @link http://pear.php.net/package/Net_LDAP2/ -*/ - -/** -* Includes -*/ -require_once 'PEAR.php'; -require_once 'Entry.php'; -require_once 'Util.php'; - -/** -* LDIF capabilitys for Net_LDAP2, closely taken from PERLs Net::LDAP -* -* It provides a means to convert between Net_LDAP2_Entry objects and LDAP entries -* represented in LDIF format files. Reading and writing are supported and may -* manipulate single entries or lists of entries. -* -* Usage example: -* -* // Read and parse an ldif-file into Net_LDAP2_Entry objects -* // and print out the DNs. Store the entries for later use. -* require 'Net/LDAP2/LDIF.php'; -* $options = array( -* 'onerror' => 'die' -* ); -* $entries = array(); -* $ldif = new Net_LDAP2_LDIF('test.ldif', 'r', $options); -* do { -* $entry = $ldif->read_entry(); -* $dn = $entry->dn(); -* echo " done building entry: $dn\n"; -* array_push($entries, $entry); -* } while (!$ldif->eof()); -* $ldif->done(); -* -* -* // write those entries to another file -* $ldif = new Net_LDAP2_LDIF('test.out.ldif', 'w', $options); -* $ldif->write_entry($entries); -* $ldif->done(); -* -* -* @category Net -* @package Net_LDAP2 -* @author Benedikt Hallinger -* @license http://www.gnu.org/copyleft/lesser.html LGPL -* @link http://pear.php.net/package/Net_LDAP22/ -* @see http://www.ietf.org/rfc/rfc2849.txt -* @todo Error handling should be PEARified -* @todo LDAPv3 controls are not implemented yet -*/ -class Net_LDAP2_LDIF extends PEAR -{ - /** - * Options - * - * @access protected - * @var array - */ - protected $_options = array('encode' => 'base64', - 'onerror' => null, - 'change' => 0, - 'lowercase' => 0, - 'sort' => 0, - 'version' => null, - 'wrap' => 78, - 'raw' => '' - ); - - /** - * Errorcache - * - * @access protected - * @var array - */ - protected $_error = array('error' => null, - 'line' => 0 - ); - - /** - * Filehandle for read/write - * - * @access protected - * @var array - */ - protected $_FH = null; - - /** - * Says, if we opened the filehandle ourselves - * - * @access protected - * @var array - */ - protected $_FH_opened = false; - - /** - * Linecounter for input file handle - * - * @access protected - * @var array - */ - protected $_input_line = 0; - - /** - * counter for processed entries - * - * @access protected - * @var int - */ - protected $_entrynum = 0; - - /** - * Mode we are working in - * - * Either 'r', 'a' or 'w' - * - * @access protected - * @var string - */ - protected $_mode = false; - - /** - * Tells, if the LDIF version string was already written - * - * @access protected - * @var boolean - */ - protected $_version_written = false; - - /** - * Cache for lines that have build the current entry - * - * @access protected - * @var boolean - */ - protected $_lines_cur = array(); - - /** - * Cache for lines that will build the next entry - * - * @access protected - * @var boolean - */ - protected $_lines_next = array(); - - /** - * Open LDIF file for reading or for writing - * - * new (FILE): - * Open the file read-only. FILE may be the name of a file - * or an already open filehandle. - * If the file doesn't exist, it will be created if in write mode. - * - * new (FILE, MODE, OPTIONS): - * Open the file with the given MODE (see PHPs fopen()), eg "w" or "a". - * FILE may be the name of a file or an already open filehandle. - * PERLs Net_LDAP2 "FILE|" mode does not work curently. - * - * OPTIONS is an associative array and may contain: - * encode => 'none' | 'canonical' | 'base64' - * Some DN values in LDIF cannot be written verbatim and have to be encoded in some way: - * 'none' No encoding. - * 'canonical' See "canonical_dn()" in Net::LDAP::Util. - * 'base64' Use base64. (default, this differs from the Perl interface. - * The perl default is "none"!) - * - * onerror => 'die' | 'warn' | NULL - * Specify what happens when an error is detected. - * 'die' Net_LDAP2_LDIF will croak with an appropriate message. - * 'warn' Net_LDAP2_LDIF will warn (echo) with an appropriate message. - * NULL Net_LDAP2_LDIF will not warn (default), use error(). - * - * change => 1 - * Write entry changes to the LDIF file instead of the entries itself. I.e. write LDAP - * operations acting on the entries to the file instead of the entries contents. - * This writes the changes usually carried out by an update() to the LDIF file. - * - * lowercase => 1 - * Convert attribute names to lowercase when writing. - * - * sort => 1 - * Sort attribute names when writing entries according to the rule: - * objectclass first then all other attributes alphabetically sorted by attribute name - * - * version => '1' - * Set the LDIF version to write to the resulting LDIF file. - * According to RFC 2849 currently the only legal value for this option is 1. - * When this option is set Net_LDAP2_LDIF tries to adhere more strictly to - * the LDIF specification in RFC2489 in a few places. - * The default is NULL meaning no version information is written to the LDIF file. - * - * wrap => 78 - * Number of columns where output line wrapping shall occur. - * Default is 78. Setting it to 40 or lower inhibits wrapping. - * - * raw => REGEX - * Use REGEX to denote the names of attributes that are to be - * considered binary in search results if writing entries. - * Example: raw => "/(?i:^jpegPhoto|;binary)/i" - * - * @param string|ressource $file Filename or filehandle - * @param string $mode Mode to open filename - * @param array $options Options like described above - */ - public function __construct($file, $mode = 'r', $options = array()) - { - $this->PEAR('Net_LDAP2_Error'); // default error class - - // First, parse options - // todo: maybe implement further checks on possible values - foreach ($options as $option => $value) { - if (!array_key_exists($option, $this->_options)) { - $this->dropError('Net_LDAP2_LDIF error: option '.$option.' not known!'); - return; - } else { - $this->_options[$option] = strtolower($value); - } - } - - // setup LDIF class - $this->version($this->_options['version']); - - // setup file mode - if (!preg_match('/^[rwa]\+?$/', $mode)) { - $this->dropError('Net_LDAP2_LDIF error: file mode '.$mode.' not supported!'); - } else { - $this->_mode = $mode; - - // setup filehandle - if (is_resource($file)) { - // TODO: checks on mode possible? - $this->_FH =& $file; - } else { - $imode = substr($this->_mode, 0, 1); - if ($imode == 'r') { - if (!file_exists($file)) { - $this->dropError('Unable to open '.$file.' for read: file not found'); - $this->_mode = false; - } - if (!is_readable($file)) { - $this->dropError('Unable to open '.$file.' for read: permission denied'); - $this->_mode = false; - } - } - - if (($imode == 'w' || $imode == 'a')) { - if (file_exists($file)) { - if (!is_writable($file)) { - $this->dropError('Unable to open '.$file.' for write: permission denied'); - $this->_mode = false; - } - } else { - if (!@touch($file)) { - $this->dropError('Unable to create '.$file.' for write: permission denied'); - $this->_mode = false; - } - } - } - - if ($this->_mode) { - $this->_FH = @fopen($file, $this->_mode); - if (false === $this->_FH) { - // Fallback; should never be reached if tests above are good enough! - $this->dropError('Net_LDAP2_LDIF error: Could not open file '.$file); - } else { - $this->_FH_opened = true; - } - } - } - } - } - - /** - * Read one entry from the file and return it as a Net::LDAP::Entry object. - * - * @return Net_LDAP2_Entry - */ - public function read_entry() - { - // read fresh lines, set them as current lines and create the entry - $attrs = $this->next_lines(true); - if (count($attrs) > 0) { - $this->_lines_cur = $attrs; - } - return $this->current_entry(); - } - - /** - * Returns true when the end of the file is reached. - * - * @return boolean - */ - public function eof() - { - return feof($this->_FH); - } - - /** - * Write the entry or entries to the LDIF file. - * - * If you want to build an LDIF file containing several entries AND - * you want to call write_entry() several times, you must open the filehandle - * in append mode ("a"), otherwise you will always get the last entry only. - * - * @param Net_LDAP2_Entry|array $entries Entry or array of entries - * - * @return void - * @todo implement operations on whole entries (adding a whole entry) - */ - public function write_entry($entries) - { - if (!is_array($entries)) { - $entries = array($entries); - } - - foreach ($entries as $entry) { - $this->_entrynum++; - if (!$entry instanceof Net_LDAP2_Entry) { - $this->dropError('Net_LDAP2_LDIF error: entry '.$this->_entrynum.' is not an Net_LDAP2_Entry object'); - } else { - if ($this->_options['change']) { - // LDIF change mode - // fetch change information from entry - $entry_attrs_changes = $entry->getChanges(); - $num_of_changes = count($entry_attrs_changes['add']) - + count($entry_attrs_changes['replace']) - + count($entry_attrs_changes['delete']); - - $is_changed = ($num_of_changes > 0 || $entry->willBeDeleted() || $entry->willBeMoved()); - - // write version if not done yet - // also write DN of entry - if ($is_changed) { - if (!$this->_version_written) { - $this->write_version(); - } - $this->writeDN($entry->currentDN()); - } - - // process changes - // TODO: consider DN add! - if ($entry->willBeDeleted()) { - $this->writeLine("changetype: delete".PHP_EOL); - } elseif ($entry->willBeMoved()) { - $this->writeLine("changetype: modrdn".PHP_EOL); - $olddn = Net_LDAP2_Util::ldap_explode_dn($entry->currentDN(), array('casefold' => 'none')); // maybe gives a bug if using multivalued RDNs - $oldrdn = array_shift($olddn); - $oldparent = implode(',', $olddn); - $newdn = Net_LDAP2_Util::ldap_explode_dn($entry->dn(), array('casefold' => 'none')); // maybe gives a bug if using multivalued RDNs - $rdn = array_shift($newdn); - $parent = implode(',', $newdn); - $this->writeLine("newrdn: ".$rdn.PHP_EOL); - $this->writeLine("deleteoldrdn: 1".PHP_EOL); - if ($parent !== $oldparent) { - $this->writeLine("newsuperior: ".$parent.PHP_EOL); - } - // TODO: What if the entry has attribute changes as well? - // I think we should check for that and make a dummy - // entry with the changes that is written to the LDIF file - } elseif ($num_of_changes > 0) { - // write attribute change data - $this->writeLine("changetype: modify".PHP_EOL); - foreach ($entry_attrs_changes as $changetype => $entry_attrs) { - foreach ($entry_attrs as $attr_name => $attr_values) { - $this->writeLine("$changetype: $attr_name".PHP_EOL); - if ($attr_values !== null) $this->writeAttribute($attr_name, $attr_values, $changetype); - $this->writeLine("-".PHP_EOL); - } - } - } - - // finish this entrys data if we had changes - if ($is_changed) { - $this->finishEntry(); - } - } else { - // LDIF-content mode - // fetch attributes for further processing - $entry_attrs = $entry->getValues(); - - // sort and put objectclass-attrs to first position - if ($this->_options['sort']) { - ksort($entry_attrs); - if (array_key_exists('objectclass', $entry_attrs)) { - $oc = $entry_attrs['objectclass']; - unset($entry_attrs['objectclass']); - $entry_attrs = array_merge(array('objectclass' => $oc), $entry_attrs); - } - } - - // write data - if (!$this->_version_written) { - $this->write_version(); - } - $this->writeDN($entry->dn()); - foreach ($entry_attrs as $attr_name => $attr_values) { - $this->writeAttribute($attr_name, $attr_values); - } - $this->finishEntry(); - } - } - } - } - - /** - * Write version to LDIF - * - * If the object's version is defined, this method allows to explicitely write the version before an entry is written. - * If not called explicitely, it gets called automatically when writing the first entry. - * - * @return void - */ - public function write_version() - { - $this->_version_written = true; - if (!is_null($this->version())) { - return $this->writeLine('version: '.$this->version().PHP_EOL, 'Net_LDAP2_LDIF error: unable to write version'); - } - } - - /** - * Get or set LDIF version - * - * If called without arguments it returns the version of the LDIF file or NULL if no version has been set. - * If called with an argument it sets the LDIF version to VERSION. - * According to RFC 2849 currently the only legal value for VERSION is 1. - * - * @param int $version (optional) LDIF version to set - * - * @return int - */ - public function version($version = null) - { - if ($version !== null) { - if ($version != 1) { - $this->dropError('Net_LDAP2_LDIF error: illegal LDIF version set'); - } else { - $this->_options['version'] = $version; - } - } - return $this->_options['version']; - } - - /** - * Returns the file handle the Net_LDAP2_LDIF object reads from or writes to. - * - * You can, for example, use this to fetch the content of the LDIF file yourself - * - * @return null|resource - */ - public function &handle() - { - if (!is_resource($this->_FH)) { - $this->dropError('Net_LDAP2_LDIF error: invalid file resource'); - $null = null; - return $null; - } else { - return $this->_FH; - } - } - - /** - * Clean up - * - * This method signals that the LDIF object is no longer needed. - * You can use this to free up some memory and close the file handle. - * The file handle is only closed, if it was opened from Net_LDAP2_LDIF. - * - * @return void - */ - public function done() - { - // close FH if we opened it - if ($this->_FH_opened) { - fclose($this->handle()); - } - - // free variables - foreach (get_object_vars($this) as $name => $value) { - unset($this->$name); - } - } - - /** - * Returns last error message if error was found. - * - * Example: - * - * $ldif->someAction(); - * if ($ldif->error()) { - * echo "Error: ".$ldif->error()." at input line: ".$ldif->error_lines(); - * } - * - * - * @param boolean $as_string If set to true, only the message is returned - * - * @return false|Net_LDAP2_Error - */ - public function error($as_string = false) - { - if (Net_LDAP2::isError($this->_error['error'])) { - return ($as_string)? $this->_error['error']->getMessage() : $this->_error['error']; - } else { - return false; - } - } - - /** - * Returns lines that resulted in error. - * - * Perl returns an array of faulty lines in list context, - * but we always just return an int because of PHPs language. - * - * @return int - */ - public function error_lines() - { - return $this->_error['line']; - } - - /** - * Returns the current Net::LDAP::Entry object. - * - * @return Net_LDAP2_Entry|false - */ - public function current_entry() - { - return $this->parseLines($this->current_lines()); - } - - /** - * Parse LDIF lines of one entry into an Net_LDAP2_Entry object - * - * @param array $lines LDIF lines for one entry - * - * @return Net_LDAP2_Entry|false Net_LDAP2_Entry object for those lines - * @todo what about file inclusions and urls? "jpegphoto:< file:///usr/local/directory/photos/fiona.jpg" - */ - public function parseLines($lines) - { - // parse lines into an array of attributes and build the entry - $attributes = array(); - $dn = false; - foreach ($lines as $line) { - if (preg_match('/^(\w+(;binary)?)(:|::|:<)\s(.+)$/', $line, $matches)) { - $attr =& $matches[1] . $matches[2]; - $delim =& $matches[3]; - $data =& $matches[4]; - - if ($delim == ':') { - // normal data - $attributes[$attr][] = $data; - } elseif ($delim == '::') { - // base64 data - $attributes[$attr][] = base64_decode($data); - } elseif ($delim == ':<') { - // file inclusion - // TODO: Is this the job of the LDAP-client or the server? - $this->dropError('File inclusions are currently not supported'); - //$attributes[$attr][] = ...; - } else { - // since the pattern above, the delimeter cannot be something else. - $this->dropError('Net_LDAP2_LDIF parsing error: invalid syntax at parsing entry line: '.$line); - continue; - } - - if (strtolower($attr) == 'dn') { - // DN line detected - $dn = $attributes[$attr][0]; // save possibly decoded DN - unset($attributes[$attr]); // remove wrongly added "dn: " attribute - } - } else { - // line not in "attr: value" format -> ignore - // maybe we should rise an error here, but this should be covered by - // next_lines() already. A problem arises, if users try to feed data of - // several entries to this method - the resulting entry will - // get wrong attributes. However, this is already mentioned in the - // methods documentation above. - } - } - - if (false === $dn) { - $this->dropError('Net_LDAP2_LDIF parsing error: unable to detect DN for entry'); - return false; - } else { - $newentry = Net_LDAP2_Entry::createFresh($dn, $attributes); - return $newentry; - } - } - - /** - * Returns the lines that generated the current Net::LDAP::Entry object. - * - * Note that this returns an empty array if no lines have been read so far. - * - * @return array Array of lines - */ - public function current_lines() - { - return $this->_lines_cur; - } - - /** - * Returns the lines that will generate the next Net::LDAP::Entry object. - * - * If you set $force to TRUE then you can iterate over the lines that build - * up entries manually. Otherwise, iterating is done using {@link read_entry()}. - * Force will move the file pointer forward, thus returning the next entries lines. - * - * Wrapped lines will be unwrapped. Comments are stripped. - * - * @param boolean $force Set this to true if you want to iterate over the lines manually - * - * @return array - */ - public function next_lines($force = false) - { - // if we already have those lines, just return them, otherwise read - if (count($this->_lines_next) == 0 || $force) { - $this->_lines_next = array(); // empty in case something was left (if used $force) - $entry_done = false; - $fh = &$this->handle(); - $commentmode = false; // if we are in an comment, for wrapping purposes - $datalines_read = 0; // how many lines with data we have read - - while (!$entry_done && !$this->eof()) { - $this->_input_line++; - // Read line. Remove line endings, we want only data; - // this is okay since ending spaces should be encoded - $data = rtrim(fgets($fh)); - if ($data === false) { - // error only, if EOF not reached after fgets() call - if (!$this->eof()) { - $this->dropError('Net_LDAP2_LDIF error: error reading from file at input line '.$this->_input_line, $this->_input_line); - } - break; - } else { - if (count($this->_lines_next) > 0 && preg_match('/^$/', $data)) { - // Entry is finished if we have an empty line after we had data - $entry_done = true; - - // Look ahead if the next EOF is nearby. Comments and empty - // lines at the file end may cause problems otherwise - $current_pos = ftell($fh); - $data = fgets($fh); - while (!feof($fh)) { - if (preg_match('/^\s*$/', $data) || preg_match('/^#/', $data)) { - // only empty lines or comments, continue to seek - // TODO: Known bug: Wrappings for comments are okay but are treaten as - // error, since we do not honor comment mode here. - // This should be a very theoretically case, however - // i am willing to fix this if really necessary. - $this->_input_line++; - $current_pos = ftell($fh); - $data = fgets($fh); - } else { - // Data found if non emtpy line and not a comment!! - // Rewind to position prior last read and stop lookahead - fseek($fh, $current_pos); - break; - } - } - // now we have either the file pointer at the beginning of - // a new data position or at the end of file causing feof() to return true - - } else { - // build lines - if (preg_match('/^version:\s(.+)$/', $data, $match)) { - // version statement, set version - $this->version($match[1]); - } elseif (preg_match('/^\w+(;binary)?::?\s.+$/', $data)) { - // normal attribute: add line - $commentmode = false; - $this->_lines_next[] = trim($data); - $datalines_read++; - } elseif (preg_match('/^\s(.+)$/', $data, $matches)) { - // wrapped data: unwrap if not in comment mode - // note that the \s above is some more liberal than - // the RFC requests as it also matches tabs etc. - if (!$commentmode) { - if ($datalines_read == 0) { - // first line of entry: wrapped data is illegal - $this->dropError('Net_LDAP2_LDIF error: illegal wrapping at input line '.$this->_input_line, $this->_input_line); - } else { - $last = array_pop($this->_lines_next); - $last = $last.$matches[1]; - $this->_lines_next[] = $last; - $datalines_read++; - } - } - } elseif (preg_match('/^#/', $data)) { - // LDIF comments - $commentmode = true; - } elseif (preg_match('/^\s*$/', $data)) { - // empty line but we had no data for this - // entry, so just ignore this line - $commentmode = false; - } else { - $this->dropError('Net_LDAP2_LDIF error: invalid syntax at input line '.$this->_input_line, $this->_input_line); - continue; - } - - } - } - } - } - return $this->_lines_next; - } - - /** - * Convert an attribute and value to LDIF string representation - * - * It honors correct encoding of values according to RFC 2849. - * Line wrapping will occur at the configured maximum but only if - * the value is greater than 40 chars. - * - * @param string $attr_name Name of the attribute - * @param string $attr_value Value of the attribute - * - * @access protected - * @return string LDIF string for that attribute and value - */ - protected function convertAttribute($attr_name, $attr_value) - { - // Handle empty attribute or process - if (strlen($attr_value) == 0) { - $attr_value = " "; - } else { - $base64 = false; - // ASCII-chars that are NOT safe for the - // start and for being inside the value. - // These are the int values of those chars. - $unsafe_init = array(0, 10, 13, 32, 58, 60); - $unsafe = array(0, 10, 13); - - // Test for illegal init char - $init_ord = ord(substr($attr_value, 0, 1)); - if ($init_ord > 127 || in_array($init_ord, $unsafe_init)) { - $base64 = true; - } - - // Test for illegal content char - for ($i = 0; $i < strlen($attr_value); $i++) { - $char_ord = ord(substr($attr_value, $i, 1)); - if ($char_ord > 127 || in_array($char_ord, $unsafe)) { - $base64 = true; - } - } - - // Test for ending space - if (substr($attr_value, -1) == ' ') { - $base64 = true; - } - - // If converting is needed, do it - // Either we have some special chars or a matching "raw" regex - if ($base64 || ($this->_options['raw'] && preg_match($this->_options['raw'], $attr_name))) { - $attr_name .= ':'; - $attr_value = base64_encode($attr_value); - } - - // Lowercase attr names if requested - if ($this->_options['lowercase']) $attr_name = strtolower($attr_name); - - // Handle line wrapping - if ($this->_options['wrap'] > 40 && strlen($attr_value) > $this->_options['wrap']) { - $attr_value = wordwrap($attr_value, $this->_options['wrap'], PHP_EOL." ", true); - } - } - - return $attr_name.': '.$attr_value; - } - - /** - * Convert an entries DN to LDIF string representation - * - * It honors correct encoding of values according to RFC 2849. - * - * @param string $dn UTF8-Encoded DN - * - * @access protected - * @return string LDIF string for that DN - * @todo I am not sure, if the UTF8 stuff is correctly handled right now - */ - protected function convertDN($dn) - { - $base64 = false; - // ASCII-chars that are NOT safe for the - // start and for being inside the dn. - // These are the int values of those chars. - $unsafe_init = array(0, 10, 13, 32, 58, 60); - $unsafe = array(0, 10, 13); - - // Test for illegal init char - $init_ord = ord(substr($dn, 0, 1)); - if ($init_ord >= 127 || in_array($init_ord, $unsafe_init)) { - $base64 = true; - } - - // Test for illegal content char - for ($i = 0; $i < strlen($dn); $i++) { - $char = substr($dn, $i, 1); - if (ord($char) >= 127 || in_array($init_ord, $unsafe)) { - $base64 = true; - } - } - - // Test for ending space - if (substr($dn, -1) == ' ') { - $base64 = true; - } - - // if converting is needed, do it - return ($base64)? 'dn:: '.base64_encode($dn) : 'dn: '.$dn; - } - - /** - * Writes an attribute to the filehandle - * - * @param string $attr_name Name of the attribute - * @param string|array $attr_values Single attribute value or array with attribute values - * - * @access protected - * @return void - */ - protected function writeAttribute($attr_name, $attr_values) - { - // write out attribute content - if (!is_array($attr_values)) { - $attr_values = array($attr_values); - } - foreach ($attr_values as $attr_val) { - $line = $this->convertAttribute($attr_name, $attr_val).PHP_EOL; - $this->writeLine($line, 'Net_LDAP2_LDIF error: unable to write attribute '.$attr_name.' of entry '.$this->_entrynum); - } - } - - /** - * Writes a DN to the filehandle - * - * @param string $dn DN to write - * - * @access protected - * @return void - */ - protected function writeDN($dn) - { - // prepare DN - if ($this->_options['encode'] == 'base64') { - $dn = $this->convertDN($dn).PHP_EOL; - } elseif ($this->_options['encode'] == 'canonical') { - $dn = Net_LDAP2_Util::canonical_dn($dn, array('casefold' => 'none')).PHP_EOL; - } else { - $dn = $dn.PHP_EOL; - } - $this->writeLine($dn, 'Net_LDAP2_LDIF error: unable to write DN of entry '.$this->_entrynum); - } - - /** - * Finishes an LDIF entry - * - * @access protected - * @return void - */ - protected function finishEntry() - { - $this->writeLine(PHP_EOL, 'Net_LDAP2_LDIF error: unable to close entry '.$this->_entrynum); - } - - /** - * Just write an arbitary line to the filehandle - * - * @param string $line Content to write - * @param string $error If error occurs, drop this message - * - * @access protected - * @return true|false - */ - protected function writeLine($line, $error = 'Net_LDAP2_LDIF error: unable to write to filehandle') - { - if (is_resource($this->handle()) && fwrite($this->handle(), $line, strlen($line)) === false) { - $this->dropError($error); - return false; - } else { - return true; - } - } - - /** - * Optionally raises an error and pushes the error on the error cache - * - * @param string $msg Errortext - * @param int $line Line in the LDIF that caused the error - * - * @access protected - * @return void - */ - protected function dropError($msg, $line = null) - { - $this->_error['error'] = new Net_LDAP2_Error($msg); - if ($line !== null) $this->_error['line'] = $line; - - if ($this->_options['onerror'] == 'die') { - die($msg.PHP_EOL); - } elseif ($this->_options['onerror'] == 'warn') { - echo $msg.PHP_EOL; - } - } -} -?> diff --git a/auth-ldap/include/Net/LDAP2/RootDSE.php b/auth-ldap/include/Net/LDAP2/RootDSE.php deleted file mode 100644 index a66f5697..00000000 --- a/auth-ldap/include/Net/LDAP2/RootDSE.php +++ /dev/null @@ -1,241 +0,0 @@ - -* @copyright 2009 Jan Wagner -* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 -* @version SVN: $Id: RootDSE.php 286718 2009-08-03 07:30:49Z beni $ -* @link http://pear.php.net/package/Net_LDAP2/ -*/ - -/** -* Includes -*/ -require_once 'PEAR.php'; - -/** -* Getting the rootDSE entry of a LDAP server -* -* @category Net -* @package Net_LDAP2 -* @author Jan Wagner -* @license http://www.gnu.org/copyleft/lesser.html LGPL -* @link http://pear.php.net/package/Net_LDAP22/ -*/ -class Net_LDAP2_RootDSE extends PEAR -{ - /** - * @access protected - * @var object Net_LDAP2_Entry - **/ - protected $_entry; - - /** - * Class constructor - * - * @param Net_LDAP2_Entry &$entry Net_LDAP2_Entry object of the RootDSE - */ - protected function __construct(&$entry) - { - $this->_entry = $entry; - } - - /** - * Fetches a RootDSE object from an LDAP connection - * - * @param Net_LDAP2 $ldap Directory from which the RootDSE should be fetched - * @param array $attrs Array of attributes to search for - * - * @access static - * @return Net_LDAP2_RootDSE|Net_LDAP2_Error - */ - public static function fetch($ldap, $attrs = null) - { - if (!$ldap instanceof Net_LDAP2) { - return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!"); - } - - if (is_array($attrs) && count($attrs) > 0 ) { - $attributes = $attrs; - } else { - $attributes = array('vendorName', - 'vendorVersion', - 'namingContexts', - 'altServer', - 'supportedExtension', - 'supportedControl', - 'supportedCapabilities', # Added for AD detection - 'supportedSASLMechanisms', - 'supportedLDAPVersion', - 'subschemaSubentry' ); - } - $result = $ldap->search('', '(objectClass=*)', array('attributes' => $attributes, 'scope' => 'base')); - if (self::isError($result)) { - return $result; - } - $entry = $result->shiftEntry(); - if (false === $entry) { - return PEAR::raiseError('Could not fetch RootDSE entry'); - } - $ret = new Net_LDAP2_RootDSE($entry); - return $ret; - } - - /** - * Gets the requested attribute value - * - * Same usuage as {@link Net_LDAP2_Entry::getValue()} - * - * @param string $attr Attribute name - * @param array $options Array of options - * - * @access public - * @return mixed Net_LDAP2_Error object or attribute values - * @see Net_LDAP2_Entry::get_value() - */ - public function getValue($attr = '', $options = '') - { - return $this->_entry->get_value($attr, $options); - } - - /** - * Alias function of getValue() for perl-ldap interface - * - * @see getValue() - * @return mixed - */ - public function get_value() - { - $args = func_get_args(); - return call_user_func_array(array( &$this, 'getValue' ), $args); - } - - /** - * Determines if the extension is supported - * - * @param array $oids Array of oids to check - * - * @access public - * @return boolean - */ - public function supportedExtension($oids) - { - return $this->checkAttr($oids, 'supportedExtension'); - } - - /** - * Alias function of supportedExtension() for perl-ldap interface - * - * @see supportedExtension() - * @return boolean - */ - public function supported_extension() - { - $args = func_get_args(); - return call_user_func_array(array( &$this, 'supportedExtension'), $args); - } - - /** - * Determines if the version is supported - * - * @param array $versions Versions to check - * - * @access public - * @return boolean - */ - public function supportedVersion($versions) - { - return $this->checkAttr($versions, 'supportedLDAPVersion'); - } - - /** - * Alias function of supportedVersion() for perl-ldap interface - * - * @see supportedVersion() - * @return boolean - */ - public function supported_version() - { - $args = func_get_args(); - return call_user_func_array(array(&$this, 'supportedVersion'), $args); - } - - /** - * Determines if the control is supported - * - * @param array $oids Control oids to check - * - * @access public - * @return boolean - */ - public function supportedControl($oids) - { - return $this->checkAttr($oids, 'supportedControl'); - } - - /** - * Alias function of supportedControl() for perl-ldap interface - * - * @see supportedControl() - * @return boolean - */ - public function supported_control() - { - $args = func_get_args(); - return call_user_func_array(array(&$this, 'supportedControl' ), $args); - } - - /** - * Determines if the sasl mechanism is supported - * - * @param array $mechlist SASL mechanisms to check - * - * @access public - * @return boolean - */ - public function supportedSASLMechanism($mechlist) - { - return $this->checkAttr($mechlist, 'supportedSASLMechanisms'); - } - - /** - * Alias function of supportedSASLMechanism() for perl-ldap interface - * - * @see supportedSASLMechanism() - * @return boolean - */ - public function supported_sasl_mechanism() - { - $args = func_get_args(); - return call_user_func_array(array(&$this, 'supportedSASLMechanism'), $args); - } - - /** - * Checks for existance of value in attribute - * - * @param array $values values to check - * @param string $attr attribute name - * - * @access protected - * @return boolean - */ - protected function checkAttr($values, $attr) - { - if (!is_array($values)) $values = array($values); - - foreach ($values as $value) { - if (!@in_array($value, $this->get_value($attr, 'all'))) { - return false; - } - } - return true; - } -} - -?> diff --git a/auth-ldap/include/Net/LDAP2/Schema.php b/auth-ldap/include/Net/LDAP2/Schema.php deleted file mode 100644 index 7eb15662..00000000 --- a/auth-ldap/include/Net/LDAP2/Schema.php +++ /dev/null @@ -1,622 +0,0 @@ - -* @author Benedikt Hallinger -* @copyright 2009 Jan Wagner, Benedikt Hallinger -* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 -* @version SVN: $Id: Schema.php 296515 2010-03-22 14:46:41Z beni $ -* @link http://pear.php.net/package/Net_LDAP2/ -* @todo see the comment at the end of the file -*/ - -/** -* Includes -*/ -require_once 'PEAR.php'; - -/** -* Syntax definitions -* -* Please don't forget to add binary attributes to isBinary() below -* to support proper value fetching from Net_LDAP2_Entry -*/ -define('NET_LDAP2_SYNTAX_BOOLEAN', '1.3.6.1.4.1.1466.115.121.1.7'); -define('NET_LDAP2_SYNTAX_DIRECTORY_STRING', '1.3.6.1.4.1.1466.115.121.1.15'); -define('NET_LDAP2_SYNTAX_DISTINGUISHED_NAME', '1.3.6.1.4.1.1466.115.121.1.12'); -define('NET_LDAP2_SYNTAX_INTEGER', '1.3.6.1.4.1.1466.115.121.1.27'); -define('NET_LDAP2_SYNTAX_JPEG', '1.3.6.1.4.1.1466.115.121.1.28'); -define('NET_LDAP2_SYNTAX_NUMERIC_STRING', '1.3.6.1.4.1.1466.115.121.1.36'); -define('NET_LDAP2_SYNTAX_OID', '1.3.6.1.4.1.1466.115.121.1.38'); -define('NET_LDAP2_SYNTAX_OCTET_STRING', '1.3.6.1.4.1.1466.115.121.1.40'); - -/** -* Load an LDAP Schema and provide information -* -* This class takes a Subschema entry, parses this information -* and makes it available in an array. Most of the code has been -* inspired by perl-ldap( http://perl-ldap.sourceforge.net). -* You will find portions of their implementation in here. -* -* @category Net -* @package Net_LDAP2 -* @author Jan Wagner -* @author Benedikt Hallinger -* @license http://www.gnu.org/copyleft/lesser.html LGPL -* @link http://pear.php.net/package/Net_LDAP22/ -*/ -class Net_LDAP2_Schema extends PEAR -{ - /** - * Map of entry types to ldap attributes of subschema entry - * - * @access public - * @var array - */ - public $types = array( - 'attribute' => 'attributeTypes', - 'ditcontentrule' => 'dITContentRules', - 'ditstructurerule' => 'dITStructureRules', - 'matchingrule' => 'matchingRules', - 'matchingruleuse' => 'matchingRuleUse', - 'nameform' => 'nameForms', - 'objectclass' => 'objectClasses', - 'syntax' => 'ldapSyntaxes' - ); - - /** - * Array of entries belonging to this type - * - * @access protected - * @var array - */ - protected $_attributeTypes = array(); - protected $_matchingRules = array(); - protected $_matchingRuleUse = array(); - protected $_ldapSyntaxes = array(); - protected $_objectClasses = array(); - protected $_dITContentRules = array(); - protected $_dITStructureRules = array(); - protected $_nameForms = array(); - - - /** - * hash of all fetched oids - * - * @access protected - * @var array - */ - protected $_oids = array(); - - /** - * Tells if the schema is initialized - * - * @access protected - * @var boolean - * @see parse(), get() - */ - protected $_initialized = false; - - - /** - * Constructor of the class - * - * @access protected - */ - protected function __construct() - { - $this->PEAR('Net_LDAP2_Error'); // default error class - } - - /** - * Fetch the Schema from an LDAP connection - * - * @param Net_LDAP2 $ldap LDAP connection - * @param string $dn (optional) Subschema entry dn - * - * @access public - * @return Net_LDAP2_Schema|NET_LDAP2_Error - */ - public function fetch($ldap, $dn = null) - { - if (!$ldap instanceof Net_LDAP2) { - return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!"); - } - - $schema_o = new Net_LDAP2_Schema(); - - if (is_null($dn)) { - // get the subschema entry via root dse - $dse = $ldap->rootDSE(array('subschemaSubentry')); - if (false == Net_LDAP2::isError($dse)) { - $base = $dse->getValue('subschemaSubentry', 'single'); - if (!Net_LDAP2::isError($base)) { - $dn = $base; - } - } - } - - // Support for buggy LDAP servers (e.g. Siemens DirX 6.x) that incorrectly - // call this entry subSchemaSubentry instead of subschemaSubentry. - // Note the correct case/spelling as per RFC 2251. - if (is_null($dn)) { - // get the subschema entry via root dse - $dse = $ldap->rootDSE(array('subSchemaSubentry')); - if (false == Net_LDAP2::isError($dse)) { - $base = $dse->getValue('subSchemaSubentry', 'single'); - if (!Net_LDAP2::isError($base)) { - $dn = $base; - } - } - } - - // Final fallback case where there is no subschemaSubentry attribute - // in the root DSE (this is a bug for an LDAP v3 server so report this - // to your LDAP vendor if you get this far). - if (is_null($dn)) { - $dn = 'cn=Subschema'; - } - - // fetch the subschema entry - $result = $ldap->search($dn, '(objectClass=*)', - array('attributes' => array_values($schema_o->types), - 'scope' => 'base')); - if (Net_LDAP2::isError($result)) { - return PEAR::raiseError('Could not fetch Subschema entry: '.$result->getMessage()); - } - - $entry = $result->shiftEntry(); - if (!$entry instanceof Net_LDAP2_Entry) { - if ($entry instanceof Net_LDAP2_Error) { - return PEAR::raiseError('Could not fetch Subschema entry: '.$entry->getMessage()); - } else { - return PEAR::raiseError('Could not fetch Subschema entry (search returned '.$result->count().' entries. Check parameter \'basedn\')'); - } - } - - $schema_o->parse($entry); - return $schema_o; - } - - /** - * Return a hash of entries for the given type - * - * Returns a hash of entry for the givene type. Types may be: - * objectclasses, attributes, ditcontentrules, ditstructurerules, matchingrules, - * matchingruleuses, nameforms, syntaxes - * - * @param string $type Type to fetch - * - * @access public - * @return array|Net_LDAP2_Error Array or Net_LDAP2_Error - */ - public function &getAll($type) - { - $map = array('objectclasses' => &$this->_objectClasses, - 'attributes' => &$this->_attributeTypes, - 'ditcontentrules' => &$this->_dITContentRules, - 'ditstructurerules' => &$this->_dITStructureRules, - 'matchingrules' => &$this->_matchingRules, - 'matchingruleuses' => &$this->_matchingRuleUse, - 'nameforms' => &$this->_nameForms, - 'syntaxes' => &$this->_ldapSyntaxes ); - - $key = strtolower($type); - $ret = ((key_exists($key, $map)) ? $map[$key] : PEAR::raiseError("Unknown type $type")); - return $ret; - } - - /** - * Return a specific entry - * - * @param string $type Type of name - * @param string $name Name or OID to fetch - * - * @access public - * @return mixed Entry or Net_LDAP2_Error - */ - public function &get($type, $name) - { - if ($this->_initialized) { - $type = strtolower($type); - if (false == key_exists($type, $this->types)) { - return PEAR::raiseError("No such type $type"); - } - - $name = strtolower($name); - $type_var = &$this->{'_' . $this->types[$type]}; - - if (key_exists($name, $type_var)) { - return $type_var[$name]; - } elseif (key_exists($name, $this->_oids) && $this->_oids[$name]['type'] == $type) { - return $this->_oids[$name]; - } else { - return PEAR::raiseError("Could not find $type $name"); - } - } else { - $return = null; - return $return; - } - } - - - /** - * Fetches attributes that MAY be present in the given objectclass - * - * @param string $oc Name or OID of objectclass - * - * @access public - * @return array|Net_LDAP2_Error Array with attributes or Net_LDAP2_Error - */ - public function may($oc) - { - return $this->_getAttr($oc, 'may'); - } - - /** - * Fetches attributes that MUST be present in the given objectclass - * - * @param string $oc Name or OID of objectclass - * - * @access public - * @return array|Net_LDAP2_Error Array with attributes or Net_LDAP2_Error - */ - public function must($oc) - { - return $this->_getAttr($oc, 'must'); - } - - /** - * Fetches the given attribute from the given objectclass - * - * @param string $oc Name or OID of objectclass - * @param string $attr Name of attribute to fetch - * - * @access protected - * @return array|Net_LDAP2_Error The attribute or Net_LDAP2_Error - */ - protected function _getAttr($oc, $attr) - { - $oc = strtolower($oc); - if (key_exists($oc, $this->_objectClasses) && key_exists($attr, $this->_objectClasses[$oc])) { - return $this->_objectClasses[$oc][$attr]; - } elseif (key_exists($oc, $this->_oids) && - $this->_oids[$oc]['type'] == 'objectclass' && - key_exists($attr, $this->_oids[$oc])) { - return $this->_oids[$oc][$attr]; - } else { - return PEAR::raiseError("Could not find $attr attributes for $oc "); - } - } - - /** - * Returns the name(s) of the immediate superclass(es) - * - * @param string $oc Name or OID of objectclass - * - * @access public - * @return array|Net_LDAP2_Error Array of names or Net_LDAP2_Error - */ - public function superclass($oc) - { - $o = $this->get('objectclass', $oc); - if (Net_LDAP2::isError($o)) { - return $o; - } - return (key_exists('sup', $o) ? $o['sup'] : array()); - } - - /** - * Parses the schema of the given Subschema entry - * - * @param Net_LDAP2_Entry &$entry Subschema entry - * - * @access public - * @return void - */ - public function parse(&$entry) - { - foreach ($this->types as $type => $attr) { - // initialize map type to entry - $type_var = '_' . $attr; - $this->{$type_var} = array(); - - // get values for this type - if ($entry->exists($attr)) { - $values = $entry->getValue($attr); - if (is_array($values)) { - foreach ($values as $value) { - - unset($schema_entry); // this was a real mess without it - - // get the schema entry - $schema_entry = $this->_parse_entry($value); - - // set the type - $schema_entry['type'] = $type; - - // save a ref in $_oids - $this->_oids[$schema_entry['oid']] = &$schema_entry; - - // save refs for all names in type map - $names = $schema_entry['aliases']; - array_push($names, $schema_entry['name']); - foreach ($names as $name) { - $this->{$type_var}[strtolower($name)] = &$schema_entry; - } - } - } - } - } - $this->_initialized = true; - } - - /** - * Parses an attribute value into a schema entry - * - * @param string $value Attribute value - * - * @access protected - * @return array|false Schema entry array or false - */ - protected function &_parse_entry($value) - { - // tokens that have no value associated - $noValue = array('single-value', - 'obsolete', - 'collective', - 'no-user-modification', - 'abstract', - 'structural', - 'auxiliary'); - - // tokens that can have multiple values - $multiValue = array('must', 'may', 'sup'); - - $schema_entry = array('aliases' => array()); // initilization - - $tokens = $this->_tokenize($value); // get an array of tokens - - // remove surrounding brackets - if ($tokens[0] == '(') array_shift($tokens); - if ($tokens[count($tokens) - 1] == ')') array_pop($tokens); // -1 doesnt work on arrays :-( - - $schema_entry['oid'] = array_shift($tokens); // first token is the oid - - // cycle over the tokens until none are left - while (count($tokens) > 0) { - $token = strtolower(array_shift($tokens)); - if (in_array($token, $noValue)) { - $schema_entry[$token] = 1; // single value token - } else { - // this one follows a string or a list if it is multivalued - if (($schema_entry[$token] = array_shift($tokens)) == '(') { - // this creates the list of values and cycles through the tokens - // until the end of the list is reached ')' - $schema_entry[$token] = array(); - while ($tmp = array_shift($tokens)) { - if ($tmp == ')') break; - if ($tmp != '$') array_push($schema_entry[$token], $tmp); - } - } - // create a array if the value should be multivalued but was not - if (in_array($token, $multiValue) && !is_array($schema_entry[$token])) { - $schema_entry[$token] = array($schema_entry[$token]); - } - } - } - // get max length from syntax - if (key_exists('syntax', $schema_entry)) { - if (preg_match('/{(\d+)}/', $schema_entry['syntax'], $matches)) { - $schema_entry['max_length'] = $matches[1]; - } - } - // force a name - if (empty($schema_entry['name'])) { - $schema_entry['name'] = $schema_entry['oid']; - } - // make one name the default and put the other ones into aliases - if (is_array($schema_entry['name'])) { - $aliases = $schema_entry['name']; - $schema_entry['name'] = array_shift($aliases); - $schema_entry['aliases'] = $aliases; - } - return $schema_entry; - } - - /** - * Tokenizes the given value into an array of tokens - * - * @param string $value String to parse - * - * @access protected - * @return array Array of tokens - */ - protected function _tokenize($value) - { - $tokens = array(); // array of tokens - $matches = array(); // matches[0] full pattern match, [1,2,3] subpatterns - - // this one is taken from perl-ldap, modified for php - $pattern = "/\s* (?:([()]) | ([^'\s()]+) | '((?:[^']+|'[^\s)])*)') \s*/x"; - - /** - * This one matches one big pattern wherin only one of the three subpatterns matched - * We are interested in the subpatterns that matched. If it matched its value will be - * non-empty and so it is a token. Tokens may be round brackets, a string, or a string - * enclosed by ' - */ - preg_match_all($pattern, $value, $matches); - - for ($i = 0; $i < count($matches[0]); $i++) { // number of tokens (full pattern match) - for ($j = 1; $j < 4; $j++) { // each subpattern - if (null != trim($matches[$j][$i])) { // pattern match in this subpattern - $tokens[$i] = trim($matches[$j][$i]); // this is the token - } - } - } - return $tokens; - } - - /** - * Returns wether a attribute syntax is binary or not - * - * This method gets used by Net_LDAP2_Entry to decide which - * PHP function needs to be used to fetch the value in the - * proper format (e.g. binary or string) - * - * @param string $attribute The name of the attribute (eg.: 'sn') - * - * @access public - * @return boolean - */ - public function isBinary($attribute) - { - $return = false; // default to false - - // This list contains all syntax that should be treaten as - // containing binary values - // The Syntax Definitons go into constants at the top of this page - $syntax_binary = array( - NET_LDAP2_SYNTAX_OCTET_STRING, - NET_LDAP2_SYNTAX_JPEG - ); - - // Check Syntax - $attr_s = $this->get('attribute', $attribute); - if (Net_LDAP2::isError($attr_s)) { - // Attribute not found in schema - $return = false; // consider attr not binary - } elseif (isset($attr_s['syntax']) && in_array($attr_s['syntax'], $syntax_binary)) { - // Syntax is defined as binary in schema - $return = true; - } else { - // Syntax not defined as binary, or not found - // if attribute is a subtype, check superior attribute syntaxes - if (isset($attr_s['sup'])) { - foreach ($attr_s['sup'] as $superattr) { - $return = $this->isBinary($superattr); - if ($return) { - break; // stop checking parents since we are binary - } - } - } - } - - return $return; - } - - /** - * See if an schema element exists - * - * @param string $type Type of name, see get() - * @param string $name Name or OID - * - * @return boolean - */ - public function exists($type, $name) - { - $entry = $this->get($type, $name); - if ($entry instanceof Net_LDAP2_ERROR) { - return false; - } else { - return true; - } - } - - /** - * See if an attribute is defined in the schema - * - * @param string $attribute Name or OID of the attribute - * @return boolean - */ - public function attributeExists($attribute) - { - return $this->exists('attribute', $attribute); - } - - /** - * See if an objectClass is defined in the schema - * - * @param string $ocl Name or OID of the objectClass - * @return boolean - */ - public function objectClassExists($ocl) - { - return $this->exists('objectclass', $ocl); - } - - - /** - * See to which ObjectClasses an attribute is assigned - * - * The objectclasses are sorted into the keys 'may' and 'must'. - * - * @param string $attribute Name or OID of the attribute - * - * @return array|Net_LDAP2_Error Associative array with OCL names or Error - */ - public function getAssignedOCLs($attribute) - { - $may = array(); - $must = array(); - - // Test if the attribute type is defined in the schema, - // if so, retrieve real name for lookups - $attr_entry = $this->get('attribute', $attribute); - if ($attr_entry instanceof Net_LDAP2_ERROR) { - return PEAR::raiseError("Attribute $attribute not defined in schema: ".$attr_entry->getMessage()); - } else { - $attribute = $attr_entry['name']; - } - - - // We need to get all defined OCLs for this. - $ocls = $this->getAll('objectclasses'); - foreach ($ocls as $ocl => $ocl_data) { - // Fetch the may and must attrs and see if our searched attr is contained. - // If so, record it in the corresponding array. - $ocl_may_attrs = $this->may($ocl); - $ocl_must_attrs = $this->must($ocl); - if (is_array($ocl_may_attrs) && in_array($attribute, $ocl_may_attrs)) { - array_push($may, $ocl_data['name']); - } - if (is_array($ocl_must_attrs) && in_array($attribute, $ocl_must_attrs)) { - array_push($must, $ocl_data['name']); - } - } - - return array('may' => $may, 'must' => $must); - } - - /** - * See if an attribute is available in a set of objectClasses - * - * @param string $attribute Attribute name or OID - * @param array $ocls Names of OCLs to check for - * - * @return boolean TRUE, if the attribute is defined for at least one of the OCLs - */ - public function checkAttribute($attribute, $ocls) - { - foreach ($ocls as $ocl) { - $ocl_entry = $this->get('objectclass', $ocl); - $ocl_may_attrs = $this->may($ocl); - $ocl_must_attrs = $this->must($ocl); - if (is_array($ocl_may_attrs) && in_array($attribute, $ocl_may_attrs)) { - return true; - } - if (is_array($ocl_must_attrs) && in_array($attribute, $ocl_must_attrs)) { - return true; - } - } - return false; // no ocl for the ocls found. - } -} -?> \ No newline at end of file diff --git a/auth-ldap/include/Net/LDAP2/SchemaCache.interface.php b/auth-ldap/include/Net/LDAP2/SchemaCache.interface.php deleted file mode 100644 index e0c3094c..00000000 --- a/auth-ldap/include/Net/LDAP2/SchemaCache.interface.php +++ /dev/null @@ -1,59 +0,0 @@ - -* @copyright 2009 Benedikt Hallinger -* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 -* @version SVN: $Id: SchemaCache.interface.php 286718 2009-08-03 07:30:49Z beni $ -* @link http://pear.php.net/package/Net_LDAP2/ -*/ - -/** -* Interface describing a custom schema cache object -* -* To implement a custom schema cache, one must implement this interface and -* pass the instanciated object to Net_LDAP2s registerSchemaCache() method. -*/ -interface Net_LDAP2_SchemaCache -{ - /** - * Return the schema object from the cache - * - * Net_LDAP2 will consider anything returned invalid, except - * a valid Net_LDAP2_Schema object. - * In case you return a Net_LDAP2_Error, this error will be routed - * to the return of the $ldap->schema() call. - * If you return something else, Net_LDAP2 will - * fetch a fresh Schema object from the LDAP server. - * - * You may want to implement a cache aging mechanism here too. - * - * @return Net_LDAP2_Schema|Net_LDAP2_Error|false - */ - public function loadSchema(); - - /** - * Store a schema object in the cache - * - * This method will be called, if Net_LDAP2 has fetched a fresh - * schema object from LDAP and wants to init or refresh the cache. - * - * In case of errors you may return a Net_LDAP2_Error which will - * be routet to the client. - * Note that doing this prevents, that the schema object fetched from LDAP - * will be given back to the client, so only return errors if storing - * of the cache is something crucial (e.g. for doing something else with it). - * Normaly you dont want to give back errors in which case Net_LDAP2 needs to - * fetch the schema once per script run and instead use the error - * returned from loadSchema(). - * - * @return true|Net_LDAP2_Error - */ - public function storeSchema($schema); -} diff --git a/auth-ldap/include/Net/LDAP2/Search.php b/auth-ldap/include/Net/LDAP2/Search.php deleted file mode 100644 index 90949432..00000000 --- a/auth-ldap/include/Net/LDAP2/Search.php +++ /dev/null @@ -1,624 +0,0 @@ - -* @author Benedikt Hallinger -* @copyright 2009 Tarjej Huse, Benedikt Hallinger -* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 -* @version SVN: $Id: Search.php 315417 2011-08-24 12:11:39Z beni $ -* @link http://pear.php.net/package/Net_LDAP2/ -*/ - -/** -* Includes -*/ -require_once 'PEAR.php'; - -/** -* Result set of an LDAP search -* -* @category Net -* @package Net_LDAP2 -* @author Tarjej Huse -* @author Benedikt Hallinger -* @license http://www.gnu.org/copyleft/lesser.html LGPL -* @link http://pear.php.net/package/Net_LDAP22/ -*/ -class Net_LDAP2_Search extends PEAR implements Iterator -{ - /** - * Search result identifier - * - * @access protected - * @var resource - */ - protected $_search; - - /** - * LDAP resource link - * - * @access protected - * @var resource - */ - protected $_link; - - /** - * Net_LDAP2 object - * - * A reference of the Net_LDAP2 object for passing to Net_LDAP2_Entry - * - * @access protected - * @var object Net_LDAP2 - */ - protected $_ldap; - - /** - * Result entry identifier - * - * @access protected - * @var resource - */ - protected $_entry = null; - - /** - * The errorcode the search got - * - * Some errorcodes might be of interest, but might not be best handled as errors. - * examples: 4 - LDAP_SIZELIMIT_EXCEEDED - indicates a huge search. - * Incomplete results are returned. If you just want to check if there's anything in the search. - * than this is a point to handle. - * 32 - no such object - search here returns a count of 0. - * - * @access protected - * @var int - */ - protected $_errorCode = 0; // if not set - sucess! - - /** - * Cache for all entries already fetched from iterator interface - * - * @access protected - * @var array - */ - protected $_iteratorCache = array(); - - /** - * What attributes we searched for - * - * The $attributes array contains the names of the searched attributes and gets - * passed from $Net_LDAP2->search() so the Net_LDAP2_Search object can tell - * what attributes was searched for ({@link searchedAttrs()) - * - * This variable gets set from the constructor and returned - * from {@link searchedAttrs()} - * - * @access protected - * @var array - */ - protected $_searchedAttrs = array(); - - /** - * Cache variable for storing entries fetched internally - * - * This currently is only used by {@link pop_entry()} - * - * @access protected - * @var array - */ - protected $_entry_cache = false; - - /** - * Cache variable for count() - * - * @see count() - * @access protected - * @var int - */ - protected $_count_cache = null; - - /** - * Constructor - * - * @param resource &$search Search result identifier - * @param Net_LDAP2|resource &$ldap Net_LDAP2 object or just a LDAP-Link resource - * @param array $attributes (optional) Array with searched attribute names. (see {@link $_searchedAttrs}) - * - * @access public - */ - public function __construct(&$search, &$ldap, $attributes = array()) - { - $this->PEAR('Net_LDAP2_Error'); - - $this->setSearch($search); - - if ($ldap instanceof Net_LDAP2) { - $this->_ldap =& $ldap; - $this->setLink($this->_ldap->getLink()); - } else { - $this->setLink($ldap); - } - - $this->_errorCode = @ldap_errno($this->_link); - - if (is_array($attributes) && !empty($attributes)) { - $this->_searchedAttrs = $attributes; - } - } - - /** - * Returns an array of entry objects - * - * @return array Array of entry objects. - */ - public function entries() - { - $entries = array(); - - while ($entry = $this->shiftEntry()) { - $entries[] = $entry; - } - - return $entries; - } - - /** - * Get the next entry in the searchresult. - * - * This will return a valid Net_LDAP2_Entry object or false, so - * you can use this method to easily iterate over the entries inside - * a while loop. - * - * @return Net_LDAP2_Entry|false Reference to Net_LDAP2_Entry object or false - */ - public function &shiftEntry() - { - if (is_null($this->_entry)) { - $this->_entry = @ldap_first_entry($this->_link, $this->_search); - $entry = Net_LDAP2_Entry::createConnected($this->_ldap, $this->_entry); - if ($entry instanceof Net_LDAP2_Error) $entry = false; - } else { - if (!$this->_entry = @ldap_next_entry($this->_link, $this->_entry)) { - $false = false; - return $false; - } - $entry = Net_LDAP2_Entry::createConnected($this->_ldap, $this->_entry); - if ($entry instanceof Net_LDAP2_Error) $entry = false; - } - return $entry; - } - - /** - * Alias function of shiftEntry() for perl-ldap interface - * - * @see shiftEntry() - * @return Net_LDAP2_Entry|false - */ - public function shift_entry() - { - $args = func_get_args(); - return call_user_func_array(array( &$this, 'shiftEntry' ), $args); - } - - /** - * Retrieve the next entry in the searchresult, but starting from last entry - * - * This is the opposite to {@link shiftEntry()} and is also very useful - * to be used inside a while loop. - * - * @return Net_LDAP2_Entry|false - */ - public function popEntry() - { - if (false === $this->_entry_cache) { - // fetch entries into cache if not done so far - $this->_entry_cache = $this->entries(); - } - - $return = array_pop($this->_entry_cache); - return (null === $return)? false : $return; - } - - /** - * Alias function of popEntry() for perl-ldap interface - * - * @see popEntry() - * @return Net_LDAP2_Entry|false - */ - public function pop_entry() - { - $args = func_get_args(); - return call_user_func_array(array( &$this, 'popEntry' ), $args); - } - - /** - * Return entries sorted as array - * - * This returns a array with sorted entries and the values. - * Sorting is done with PHPs {@link array_multisort()}. - * This method relies on {@link as_struct()} to fetch the raw data of the entries. - * - * Please note that attribute names are case sensitive! - * - * Usage example: - * - * // to sort entries first by location, then by surename, but descending: - * $entries = $search->sorted_as_struct(array('locality','sn'), SORT_DESC); - * - * - * @param array $attrs Array of attribute names to sort; order from left to right. - * @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC - * - * @return array|Net_LDAP2_Error Array with sorted entries or error - * @todo what about server side sorting as specified in http://www.ietf.org/rfc/rfc2891.txt? - */ - public function sorted_as_struct($attrs = array('cn'), $order = SORT_ASC) - { - /* - * Old Code, suitable and fast for single valued sorting - * This code should be used if we know that single valued sorting is desired, - * but we need some method to get that knowledge... - */ - /* - $attrs = array_reverse($attrs); - foreach ($attrs as $attribute) { - if (!ldap_sort($this->_link, $this->_search, $attribute)){ - $this->raiseError("Sorting failed for Attribute " . $attribute); - } - } - - $results = ldap_get_entries($this->_link, $this->_search); - - unset($results['count']); //for tidier output - if ($order) { - return array_reverse($results); - } else { - return $results; - }*/ - - /* - * New code: complete "client side" sorting - */ - // first some parameterchecks - if (!is_array($attrs)) { - return PEAR::raiseError("Sorting failed: Parameterlist must be an array!"); - } - if ($order != SORT_ASC && $order != SORT_DESC) { - return PEAR::raiseError("Sorting failed: sorting direction not understood! (neither constant SORT_ASC nor SORT_DESC)"); - } - - // fetch the entries data - $entries = $this->as_struct(); - - // now sort each entries attribute values - // this is neccessary because later we can only sort by one value, - // so we need the highest or lowest attribute now, depending on the - // selected ordering for that specific attribute - foreach ($entries as $dn => $entry) { - foreach ($entry as $attr_name => $attr_values) { - sort($entries[$dn][$attr_name]); - if ($order == SORT_DESC) { - array_reverse($entries[$dn][$attr_name]); - } - } - } - - // reformat entrys array for later use with array_multisort() - $to_sort = array(); // <- will be a numeric array similar to ldap_get_entries - foreach ($entries as $dn => $entry_attr) { - $row = array(); - $row['dn'] = $dn; - foreach ($entry_attr as $attr_name => $attr_values) { - $row[$attr_name] = $attr_values; - } - $to_sort[] = $row; - } - - // Build columns for array_multisort() - // each requested attribute is one row - $columns = array(); - foreach ($attrs as $attr_name) { - foreach ($to_sort as $key => $row) { - $columns[$attr_name][$key] =& $to_sort[$key][$attr_name][0]; - } - } - - // sort the colums with array_multisort, if there is something - // to sort and if we have requested sort columns - if (!empty($to_sort) && !empty($columns)) { - $sort_params = ''; - foreach ($attrs as $attr_name) { - $sort_params .= '$columns[\''.$attr_name.'\'], '.$order.', '; - } - eval("array_multisort($sort_params \$to_sort);"); // perform sorting - } - - return $to_sort; - } - - /** - * Return entries sorted as objects - * - * This returns a array with sorted Net_LDAP2_Entry objects. - * The sorting is actually done with {@link sorted_as_struct()}. - * - * Please note that attribute names are case sensitive! - * Also note, that it is (depending on server capabilitys) possible to let - * the server sort your results. This happens through search controls - * and is described in detail at {@link http://www.ietf.org/rfc/rfc2891.txt} - * - * Usage example: - * - * // to sort entries first by location, then by surename, but descending: - * $entries = $search->sorted(array('locality','sn'), SORT_DESC); - * - * - * @param array $attrs Array of sort attributes to sort; order from left to right. - * @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC - * - * @return array|Net_LDAP2_Error Array with sorted Net_LDAP2_Entries or error - * @todo Entry object construction could be faster. Maybe we could use one of the factorys instead of fetching the entry again - */ - public function sorted($attrs = array('cn'), $order = SORT_ASC) - { - $return = array(); - $sorted = $this->sorted_as_struct($attrs, $order); - if (PEAR::isError($sorted)) { - return $sorted; - } - foreach ($sorted as $key => $row) { - $entry = $this->_ldap->getEntry($row['dn'], $this->searchedAttrs()); - if (!PEAR::isError($entry)) { - array_push($return, $entry); - } else { - return $entry; - } - } - return $return; - } - - /** - * Return entries as array - * - * This method returns the entries and the selected attributes values as - * array. - * The first array level contains all found entries where the keys are the - * DNs of the entries. The second level arrays contian the entries attributes - * such that the keys is the lowercased name of the attribute and the values - * are stored in another indexed array. Note that the attribute values are stored - * in an array even if there is no or just one value. - * - * The array has the following structure: - * - * $return = array( - * 'cn=foo,dc=example,dc=com' => array( - * 'sn' => array('foo'), - * 'multival' => array('val1', 'val2', 'valN') - * ) - * 'cn=bar,dc=example,dc=com' => array( - * 'sn' => array('bar'), - * 'multival' => array('val1', 'valN') - * ) - * ) - * - * - * @return array associative result array as described above - */ - public function as_struct() - { - $return = array(); - $entries = $this->entries(); - foreach ($entries as $entry) { - $attrs = array(); - $entry_attributes = $entry->attributes(); - foreach ($entry_attributes as $attr_name) { - $attr_values = $entry->getValue($attr_name, 'all'); - if (!is_array($attr_values)) { - $attr_values = array($attr_values); - } - $attrs[$attr_name] = $attr_values; - } - $return[$entry->dn()] = $attrs; - } - return $return; - } - - /** - * Set the search objects resource link - * - * @param resource &$search Search result identifier - * - * @access public - * @return void - */ - public function setSearch(&$search) - { - $this->_search = $search; - } - - /** - * Set the ldap ressource link - * - * @param resource &$link Link identifier - * - * @access public - * @return void - */ - public function setLink(&$link) - { - $this->_link = $link; - } - - /** - * Returns the number of entries in the searchresult - * - * @return int Number of entries in search. - */ - public function count() - { - // this catches the situation where OL returned errno 32 = no such object! - if (!$this->_search) { - return 0; - } - // ldap_count_entries is slow (see pear bug #18752) with large results, - // so we cache the result internally. - if ($this->_count_cache === null) { - $this->_count_cache = @ldap_count_entries($this->_link, $this->_search); - } - - return $this->_count_cache; - } - - /** - * Get the errorcode the object got in its search. - * - * @return int The ldap error number. - */ - public function getErrorCode() - { - return $this->_errorCode; - } - - /** - * Destructor - * - * @access protected - */ - public function _Net_LDAP2_Search() - { - @ldap_free_result($this->_search); - } - - /** - * Closes search result - * - * @return void - */ - public function done() - { - $this->_Net_LDAP2_Search(); - } - - /** - * Return the attribute names this search selected - * - * @return array - * @see $_searchedAttrs - * @access protected - */ - protected function searchedAttrs() - { - return $this->_searchedAttrs; - } - - /** - * Tells if this search exceeds a sizelimit - * - * @return boolean - */ - public function sizeLimitExceeded() - { - return ($this->getErrorCode() == 4); - } - - - /* - * SPL Iterator interface methods. - * This interface allows to use Net_LDAP2_Search - * objects directly inside a foreach loop! - */ - /** - * SPL Iterator interface: Return the current element. - * - * The SPL Iterator interface allows you to fetch entries inside - * a foreach() loop: foreach ($search as $dn => $entry) { ... - * - * Of course, you may call {@link current()}, {@link key()}, {@link next()}, - * {@link rewind()} and {@link valid()} yourself. - * - * If the search throwed an error, it returns false. - * False is also returned, if the end is reached - * In case no call to next() was made, we will issue one, - * thus returning the first entry. - * - * @return Net_LDAP2_Entry|false - */ - public function current() - { - if (count($this->_iteratorCache) == 0) { - $this->next(); - reset($this->_iteratorCache); - } - $entry = current($this->_iteratorCache); - return ($entry instanceof Net_LDAP2_Entry)? $entry : false; - } - - /** - * SPL Iterator interface: Return the identifying key (DN) of the current entry. - * - * @see current() - * @return string|false DN of the current entry; false in case no entry is returned by current() - */ - public function key() - { - $entry = $this->current(); - return ($entry instanceof Net_LDAP2_Entry)? $entry->dn() :false; - } - - /** - * SPL Iterator interface: Move forward to next entry. - * - * After a call to {@link next()}, {@link current()} will return - * the next entry in the result set. - * - * @see current() - * @return void - */ - public function next() - { - // fetch next entry. - // if we have no entrys anymore, we add false (which is - // returned by shiftEntry()) so current() will complain. - if (count($this->_iteratorCache) - 1 <= $this->count()) { - $this->_iteratorCache[] = $this->shiftEntry(); - } - - // move on array pointer to current element. - // even if we have added all entries, this will - // ensure proper operation in case we rewind() - next($this->_iteratorCache); - } - - /** - * SPL Iterator interface: Check if there is a current element after calls to {@link rewind()} or {@link next()}. - * - * Used to check if we've iterated to the end of the collection. - * - * @see current() - * @return boolean FALSE if there's nothing more to iterate over - */ - public function valid() - { - return ($this->current() instanceof Net_LDAP2_Entry); - } - - /** - * SPL Iterator interface: Rewind the Iterator to the first element. - * - * After rewinding, {@link current()} will return the first entry in the result set. - * - * @see current() - * @return void - */ - public function rewind() - { - reset($this->_iteratorCache); - } -} - -?> diff --git a/auth-ldap/include/Net/LDAP2/SimpleFileSchemaCache.php b/auth-ldap/include/Net/LDAP2/SimpleFileSchemaCache.php deleted file mode 100644 index 8019654a..00000000 --- a/auth-ldap/include/Net/LDAP2/SimpleFileSchemaCache.php +++ /dev/null @@ -1,97 +0,0 @@ - -* @copyright 2009 Benedikt Hallinger -* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 -* @version SVN: $Id: SimpleFileSchemaCache.php 286718 2009-08-03 07:30:49Z beni $ -* @link http://pear.php.net/package/Net_LDAP2/ -*/ - -/** -* A simple file based schema cacher with cache aging. -* -* Once the cache is too old, the loadSchema() method will return false, so -* Net_LDAP2 will fetch a fresh object from the LDAP server that will -* overwrite the current (outdated) old cache. -*/ -class Net_LDAP2_SimpleFileSchemaCache implements Net_LDAP2_SchemaCache -{ - /** - * Internal config of this cache - * - * @see Net_LDAP2_SimpleFileSchemaCache() - * @var array - */ - protected $config = array( - 'path' => '/tmp/Net_LDAP_Schema.cache', - 'max_age' => 1200 - ); - - /** - * Initialize the simple cache - * - * Config is as following: - * path Complete path to the cache file. - * max_age Maximum age of cache in seconds, 0 means "endlessly". - * - * @param array $cfg Config array - */ - public function Net_LDAP2_SimpleFileSchemaCache($cfg) - { - foreach ($cfg as $key => $value) { - if (array_key_exists($key, $this->config)) { - if (gettype($this->config[$key]) != gettype($value)) { - $this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key does not match type ".gettype($this->config[$key])."!"); - } - $this->config[$key] = $value; - } else { - $this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key is not defined!"); - } - } - } - - /** - * Return the schema object from the cache - * - * If file is existent and cache has not expired yet, - * then the cache is deserialized and returned. - * - * @return Net_LDAP2_Schema|Net_LDAP2_Error|false - */ - public function loadSchema() - { - $return = false; // Net_LDAP2 will load schema from LDAP - if (file_exists($this->config['path'])) { - $cache_maxage = filemtime($this->config['path']) + $this->config['max_age']; - if (time() <= $cache_maxage || $this->config['max_age'] == 0) { - $return = unserialize(file_get_contents($this->config['path'])); - } - } - return $return; - } - - /** - * Store a schema object in the cache - * - * This method will be called, if Net_LDAP2 has fetched a fresh - * schema object from LDAP and wants to init or refresh the cache. - * - * To invalidate the cache and cause Net_LDAP2 to refresh the cache, - * you can call this method with null or false as value. - * The next call to $ldap->schema() will then refresh the caches object. - * - * @param mixed $schema The object that should be cached - * @return true|Net_LDAP2_Error|false - */ - public function storeSchema($schema) { - file_put_contents($this->config['path'], serialize($schema)); - return true; - } -} diff --git a/auth-ldap/include/Net/LDAP2/Util.php b/auth-ldap/include/Net/LDAP2/Util.php deleted file mode 100644 index 48b03f9f..00000000 --- a/auth-ldap/include/Net/LDAP2/Util.php +++ /dev/null @@ -1,572 +0,0 @@ - -* @copyright 2009 Benedikt Hallinger -* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 -* @version SVN: $Id: Util.php 286718 2009-08-03 07:30:49Z beni $ -* @link http://pear.php.net/package/Net_LDAP2/ -*/ - -/** -* Includes -*/ -require_once 'PEAR.php'; - -/** -* Utility Class for Net_LDAP2 -* -* This class servers some functionality to the other classes of Net_LDAP2 but most of -* the methods can be used separately as well. -* -* @category Net -* @package Net_LDAP2 -* @author Benedikt Hallinger -* @license http://www.gnu.org/copyleft/lesser.html LGPL -* @link http://pear.php.net/package/Net_LDAP22/ -*/ -class Net_LDAP2_Util extends PEAR -{ - /** - * Constructor - * - * @access public - */ - public function __construct() - { - // We do nothing here, since all methods can be called statically. - // In Net_LDAP <= 0.7, we needed a instance of Util, because - // it was possible to do utf8 encoding and decoding, but this - // has been moved to the LDAP class. The constructor remains only - // here to document the downward compatibility of creating an instance. - } - - /** - * Explodes the given DN into its elements - * - * {@link http://www.ietf.org/rfc/rfc2253.txt RFC 2253} says, a Distinguished Name is a sequence - * of Relative Distinguished Names (RDNs), which themselves - * are sets of Attributes. For each RDN a array is constructed where the RDN part is stored. - * - * For example, the DN 'OU=Sales+CN=J. Smith,DC=example,DC=net' is exploded to: - * array( [0] => array([0] => 'OU=Sales', [1] => 'CN=J. Smith'), [2] => 'DC=example', [3] => 'DC=net' ) - * - * [NOT IMPLEMENTED] DNs might also contain values, which are the bytes of the BER encoding of - * the X.500 AttributeValue rather than some LDAP string syntax. These values are hex-encoded - * and prefixed with a #. To distinguish such BER values, ldap_explode_dn uses references to - * the actual values, e.g. '1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com' is exploded to: - * [ { '1.3.6.1.4.1.1466.0' => "\004\002Hi" }, { 'DC' => 'example' }, { 'DC' => 'com' } ]; - * See {@link http://www.vijaymukhi.com/vmis/berldap.htm} for more information on BER. - * - * It also performs the following operations on the given DN: - * - Unescape "\" followed by ",", "+", """, "\", "<", ">", ";", "#", "=", " ", or a hexpair - * and strings beginning with "#". - * - Removes the leading 'OID.' characters if the type is an OID instead of a name. - * - If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order. - * - * OPTIONS is a list of name/value pairs, valid options are: - * casefold Controls case folding of attribute types names. - * Attribute values are not affected by this option. - * The default is to uppercase. Valid values are: - * lower Lowercase attribute types names. - * upper Uppercase attribute type names. This is the default. - * none Do not change attribute type names. - * reverse If TRUE, the RDN sequence is reversed. - * onlyvalues If TRUE, then only attributes values are returned ('foo' instead of 'cn=foo') - * - - * @param string $dn The DN that should be exploded - * @param array $options Options to use - * - * @static - * @return array Parts of the exploded DN - * @todo implement BER - */ - public static function ldap_explode_dn($dn, $options = array('casefold' => 'upper')) - { - if (!isset($options['onlyvalues'])) $options['onlyvalues'] = false; - if (!isset($options['reverse'])) $options['reverse'] = false; - if (!isset($options['casefold'])) $options['casefold'] = 'upper'; - - // Escaping of DN and stripping of "OID." - $dn = self::canonical_dn($dn, array('casefold' => $options['casefold'])); - - // splitting the DN - $dn_array = preg_split('/(?<=[^\\\\]),/', $dn); - - // clear wrong splitting (possibly we have split too much) - // /!\ Not clear, if this is neccessary here - //$dn_array = self::correct_dn_splitting($dn_array, ','); - - // construct subarrays for multivalued RDNs and unescape DN value - // also convert to output format and apply casefolding - foreach ($dn_array as $key => $value) { - $value_u = self::unescape_dn_value($value); - $rdns = self::split_rdn_multival($value_u[0]); - if (count($rdns) > 1) { - // MV RDN! - foreach ($rdns as $subrdn_k => $subrdn_v) { - // Casefolding - if ($options['casefold'] == 'upper') $subrdn_v = preg_replace("/^(\w+=)/e", "''.strtoupper('\\1').''", $subrdn_v); - if ($options['casefold'] == 'lower') $subrdn_v = preg_replace("/^(\w+=)/e", "''.strtolower('\\1').''", $subrdn_v); - - if ($options['onlyvalues']) { - preg_match('/(.+?)(?", ";", "#", "=" with a special meaning in RFC 2252 - * are preceeded by ba backslash. Control characters with an ASCII code < 32 are represented as \hexpair. - * Finally all leading and trailing spaces are converted to sequences of \20. - * - * @param array $values An array containing the DN values that should be escaped - * - * @static - * @return array The array $values, but escaped - */ - public static function escape_dn_value($values = array()) - { - // Parameter validation - if (!is_array($values)) { - $values = array($values); - } - - foreach ($values as $key => $val) { - // Escaping of filter meta characters - $val = str_replace('\\', '\\\\', $val); - $val = str_replace(',', '\,', $val); - $val = str_replace('+', '\+', $val); - $val = str_replace('"', '\"', $val); - $val = str_replace('<', '\<', $val); - $val = str_replace('>', '\>', $val); - $val = str_replace(';', '\;', $val); - $val = str_replace('#', '\#', $val); - $val = str_replace('=', '\=', $val); - - // ASCII < 32 escaping - $val = self::asc2hex32($val); - - // Convert all leading and trailing spaces to sequences of \20. - if (preg_match('/^(\s*)(.+?)(\s*)$/', $val, $matches)) { - $val = $matches[2]; - for ($i = 0; $i < strlen($matches[1]); $i++) { - $val = '\20'.$val; - } - for ($i = 0; $i < strlen($matches[3]); $i++) { - $val = $val.'\20'; - } - } - - if (null === $val) $val = '\0'; // apply escaped "null" if string is empty - - $values[$key] = $val; - } - - return $values; - } - - /** - * Undoes the conversion done by escape_dn_value(). - * - * Any escape sequence starting with a baskslash - hexpair or special character - - * will be transformed back to the corresponding character. - * - * @param array $values Array of DN Values - * - * @return array Same as $values, but unescaped - * @static - */ - public static function unescape_dn_value($values = array()) - { - // Parameter validation - if (!is_array($values)) { - $values = array($values); - } - - foreach ($values as $key => $val) { - // strip slashes from special chars - $val = str_replace('\\\\', '\\', $val); - $val = str_replace('\,', ',', $val); - $val = str_replace('\+', '+', $val); - $val = str_replace('\"', '"', $val); - $val = str_replace('\<', '<', $val); - $val = str_replace('\>', '>', $val); - $val = str_replace('\;', ';', $val); - $val = str_replace('\#', '#', $val); - $val = str_replace('\=', '=', $val); - - // Translate hex code into ascii - $values[$key] = self::hex2asc($val); - } - - return $values; - } - - /** - * Returns the given DN in a canonical form - * - * Returns false if DN is not a valid Distinguished Name. - * DN can either be a string or an array - * as returned by ldap_explode_dn, which is useful when constructing a DN. - * The DN array may have be indexed (each array value is a OCL=VALUE pair) - * or associative (array key is OCL and value is VALUE). - * - * It performs the following operations on the given DN: - * - Removes the leading 'OID.' characters if the type is an OID instead of a name. - * - Escapes all RFC 2253 special characters (",", "+", """, "\", "<", ">", ";", "#", "="), slashes ("/"), and any other character where the ASCII code is < 32 as \hexpair. - * - Converts all leading and trailing spaces in values to be \20. - * - If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order. - * - * OPTIONS is a list of name/value pairs, valid options are: - * casefold Controls case folding of attribute type names. - * Attribute values are not affected by this option. The default is to uppercase. - * Valid values are: - * lower Lowercase attribute type names. - * upper Uppercase attribute type names. This is the default. - * none Do not change attribute type names. - * [NOT IMPLEMENTED] mbcescape If TRUE, characters that are encoded as a multi-octet UTF-8 sequence will be escaped as \(hexpair){2,*}. - * reverse If TRUE, the RDN sequence is reversed. - * separator Separator to use between RDNs. Defaults to comma (','). - * - * Note: The empty string "" is a valid DN, so be sure not to do a "$can_dn == false" test, - * because an empty string evaluates to false. Use the "===" operator instead. - * - * @param array|string $dn The DN - * @param array $options Options to use - * - * @static - * @return false|string The canonical DN or FALSE - * @todo implement option mbcescape - */ - public static function canonical_dn($dn, $options = array('casefold' => 'upper', 'separator' => ',')) - { - if ($dn === '') return $dn; // empty DN is valid! - - // options check - if (!isset($options['reverse'])) { - $options['reverse'] = false; - } else { - $options['reverse'] = true; - } - if (!isset($options['casefold'])) $options['casefold'] = 'upper'; - if (!isset($options['separator'])) $options['separator'] = ','; - - - if (!is_array($dn)) { - // It is not clear to me if the perl implementation splits by the user defined - // separator or if it just uses this separator to construct the new DN - $dn = preg_split('/(?<=[^\\\\])'.$options['separator'].'/', $dn); - - // clear wrong splitting (possibly we have split too much) - $dn = self::correct_dn_splitting($dn, $options['separator']); - } else { - // Is array, check, if the array is indexed or associative - $assoc = false; - foreach ($dn as $dn_key => $dn_part) { - if (!is_int($dn_key)) { - $assoc = true; - } - } - // convert to indexed, if associative array detected - if ($assoc) { - $newdn = array(); - foreach ($dn as $dn_key => $dn_part) { - if (is_array($dn_part)) { - ksort($dn_part, SORT_STRING); // we assume here, that the rdn parts are also associative - $newdn[] = $dn_part; // copy array as-is, so we can resolve it later - } else { - $newdn[] = $dn_key.'='.$dn_part; - } - } - $dn =& $newdn; - } - } - - // Escaping and casefolding - foreach ($dn as $pos => $dnval) { - if (is_array($dnval)) { - // subarray detected, this means very surely, that we had - // a multivalued dn part, which must be resolved - $dnval_new = ''; - foreach ($dnval as $subkey => $subval) { - // build RDN part - if (!is_int($subkey)) { - $subval = $subkey.'='.$subval; - } - $subval_processed = self::canonical_dn($subval); - if (false === $subval_processed) return false; - $dnval_new .= $subval_processed.'+'; - } - $dn[$pos] = substr($dnval_new, 0, -1); // store RDN part, strip last plus - } else { - // try to split multivalued RDNS into array - $rdns = self::split_rdn_multival($dnval); - if (count($rdns) > 1) { - // Multivalued RDN was detected! - // The RDN value is expected to be correctly split by split_rdn_multival(). - // It's time to sort the RDN and build the DN! - $rdn_string = ''; - sort($rdns, SORT_STRING); // Sort RDN keys alphabetically - foreach ($rdns as $rdn) { - $subval_processed = self::canonical_dn($rdn); - if (false === $subval_processed) return false; - $rdn_string .= $subval_processed.'+'; - } - - $dn[$pos] = substr($rdn_string, 0, -1); // store RDN part, strip last plus - - } else { - // no multivalued RDN! - // split at first unescaped "=" - $dn_comp = preg_split('/(?<=[^\\\\])=/', $rdns[0], 2); - $ocl = ltrim($dn_comp[0]); // trim left whitespaces 'cause of "cn=foo, l=bar" syntax (whitespace after comma) - $val = $dn_comp[1]; - - // strip 'OID.', otherwise apply casefolding and escaping - if (substr(strtolower($ocl), 0, 4) == 'oid.') { - $ocl = substr($ocl, 4); - } else { - if ($options['casefold'] == 'upper') $ocl = strtoupper($ocl); - if ($options['casefold'] == 'lower') $ocl = strtolower($ocl); - $ocl = self::escape_dn_value(array($ocl)); - $ocl = $ocl[0]; - } - - // escaping of dn-value - $val = self::escape_dn_value(array($val)); - $val = str_replace('/', '\/', $val[0]); - - $dn[$pos] = $ocl.'='.$val; - } - } - } - - if ($options['reverse']) $dn = array_reverse($dn); - return implode($options['separator'], $dn); - } - - /** - * Escapes the given VALUES according to RFC 2254 so that they can be safely used in LDAP filters. - * - * Any control characters with an ACII code < 32 as well as the characters with special meaning in - * LDAP filters "*", "(", ")", and "\" (the backslash) are converted into the representation of a - * backslash followed by two hex digits representing the hexadecimal value of the character. - * - * @param array $values Array of values to escape - * - * @static - * @return array Array $values, but escaped - */ - public static function escape_filter_value($values = array()) - { - // Parameter validation - if (!is_array($values)) { - $values = array($values); - } - - foreach ($values as $key => $val) { - // Escaping of filter meta characters - $val = str_replace('\\', '\5c', $val); - $val = str_replace('*', '\2a', $val); - $val = str_replace('(', '\28', $val); - $val = str_replace(')', '\29', $val); - - // ASCII < 32 escaping - $val = self::asc2hex32($val); - - if (null === $val) $val = '\0'; // apply escaped "null" if string is empty - - $values[$key] = $val; - } - - return $values; - } - - /** - * Undoes the conversion done by {@link escape_filter_value()}. - * - * Converts any sequences of a backslash followed by two hex digits into the corresponding character. - * - * @param array $values Array of values to escape - * - * @static - * @return array Array $values, but unescaped - */ - public static function unescape_filter_value($values = array()) - { - // Parameter validation - if (!is_array($values)) { - $values = array($values); - } - - foreach ($values as $key => $value) { - // Translate hex code into ascii - $values[$key] = self::hex2asc($value); - } - - return $values; - } - - /** - * Converts all ASCII chars < 32 to "\HEX" - * - * @param string $string String to convert - * - * @static - * @return string - */ - public static function asc2hex32($string) - { - for ($i = 0; $i < strlen($string); $i++) { - $char = substr($string, $i, 1); - if (ord($char) < 32) { - $hex = dechex(ord($char)); - if (strlen($hex) == 1) $hex = '0'.$hex; - $string = str_replace($char, '\\'.$hex, $string); - } - } - return $string; - } - - /** - * Converts all Hex expressions ("\HEX") to their original ASCII characters - * - * @param string $string String to convert - * - * @static - * @author beni@php.net, heavily based on work from DavidSmith@byu.net - * @return string - */ - public static function hex2asc($string) - { - $string = preg_replace("/\\\([0-9A-Fa-f]{2})/e", "''.chr(hexdec('\\1')).''", $string); - return $string; - } - - /** - * Split an multivalued RDN value into an Array - * - * A RDN can contain multiple values, spearated by a plus sign. - * This function returns each separate ocl=value pair of the RDN part. - * - * If no multivalued RDN is detected, an array containing only - * the original rdn part is returned. - * - * For example, the multivalued RDN 'OU=Sales+CN=J. Smith' is exploded to: - * array([0] => 'OU=Sales', [1] => 'CN=J. Smith') - * - * The method trys to be smart if it encounters unescaped "+" characters, but may fail, - * so ensure escaped "+"es in attr names and attr values. - * - * [BUG] If you have a multivalued RDN with unescaped plus characters - * and there is a unescaped plus sign at the end of an value followed by an - * attribute name containing an unescaped plus, then you will get wrong splitting: - * $rdn = 'OU=Sales+C+N=J. Smith'; - * returns: - * array('OU=Sales+C', 'N=J. Smith'); - * The "C+" is treaten as value of the first pair instead as attr name of the second pair. - * To prevent this, escape correctly. - * - * @param string $rdn Part of an (multivalued) escaped RDN (eg. ou=foo OR ou=foo+cn=bar) - * - * @static - * @return array Array with the components of the multivalued RDN or Error - */ - public static function split_rdn_multival($rdn) - { - $rdns = preg_split('/(? $dn_value) { - $dn_value = $dn[$key]; // refresh value (foreach caches!) - // if the dn_value is not in attr=value format, then we had an - // unescaped separator character inside the attr name or the value. - // We assume, that it was the attribute value. - // [TODO] To solve this, we might ask the schema. Keep in mind, that UTIL class - // must remain independent from the other classes or connections. - if (!preg_match('/.+(? diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index 90795110..777d2654 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -9,7 +9,11 @@ which works against Microsoft Active Directory and OpenLdap servers', 'url' => 'http://www.osticket.com/plugins/auth/ldap', - 'plugin' => 'authentication.php:LdapAuthPlugin' + 'plugin' => 'authentication.php:LdapAuthPlugin', + 'includes' => array( + # Install (into the PHAR) PEAR Net_LDAP2 into include/ + 'lib/pear-pear.php.net/Net_LDAP2' => 'include', + ), ); ?> diff --git a/composer.json b/composer.json new file mode 100644 index 00000000..b3d407c1 --- /dev/null +++ b/composer.json @@ -0,0 +1,17 @@ +{ + "name": "osTicket/core-plugins", + "repositories": [ + { + "type": "pear", + "url": "http://pear.php.net" + } + ], + "require": { + "symfony/class-loader": "*", + "aws/aws-sdk-php": "2.*", + "pear-pear/Net_LDAP2": "*" + }, + "config": { + "vendor-dir": "lib" + } +} diff --git a/lib/.keep b/lib/.keep new file mode 100644 index 00000000..e69de29b diff --git a/make.php b/make.php index 58e9ff5c..23e8a9c3 100644 --- a/make.php +++ b/make.php @@ -312,7 +312,27 @@ function _build($plugin, $options) { $phar->setSignatureAlgorithm(Phar::OPENSSL, $pkey); } + // Read plugin info + $info = (include "$plugin/plugin.php"); + $phar->buildFromDirectory($plugin); + + // Add library dependencies + if (isset($info['includes'])) { + $includes = array(); + foreach ($info['includes'] as $local => $lib) { + $lib = trim($lib, '/').'/'; + $full = rtrim(realpath($local),'/').'/'; + $files = new RecursiveIteratorIterator( + new RecursiveDirectoryIterator($full), + RecursiveIteratorIterator::SELF_FIRST); + foreach ($files as $f) { + $includes[str_replace($full, $lib, $f->getPathname())] + = $f->getPathname(); + } + } + $phar->buildFromIterator(new ArrayIterator($includes)); + } $phar->setStub(''); # new TextboxField(array( + 'label' => 'S3 Bucket', + 'configuration' => array('size'=>40), + )), + 'aws-region' => new ChoiceField(array( + 'label' => 'AWS Region', + 'choices' => array( + '' => 'US Standard', + 'us-east-1' => 'US East (Northern Virginia)', + 'us-west-2' => 'US West (Oregon) Region', + 'us-west-1' => 'US West (Northern California) Region', + 'eu-west-1' => 'EU (Ireland) Region', + 'ap-southeast-1' => 'Asia Pacific (Singapore) Region', + 'ap-southeast-2' => 'Asia Pacific (Sydney) Region', + 'ap-northeast-1' => 'Asia Pacific (Tokyo) Region', + 'sa-east-1' => 'South America (Sao Paulo) Region', + ), + 'default' => '', + )), + 'acl' => new ChoiceField(array( + 'label' => 'Default ACL for Attachments', + 'choices' => array( + '' => 'Use Bucket Default', + 'private' => 'Private', + 'public-read' => 'Public Read', + 'public-read-write' => 'Public Read and Write', + 'authenticated-read' => 'Read for AWS authenticated Users', + 'bucket-owner-read' => 'Read for Bucket Owners', + 'bucket-owner-full-control' => 'Full Control for Bucket Owners', + ), + 'default' => '', + )), + + 'access-info' => new SectionBreakField(array( + 'label' => 'Access Information', + )), + 'aws-key-id' => new TextboxField(array( + 'required' => true, + 'configuration'=>array('length'=>64, 'size'=>40), + 'label' => 'AWS Access Key ID', + )), + 'secret-access-key' => new TextboxField(array( + 'widget' => 'PasswordWidget', + 'required' => false, + 'configuration'=>array('length'=>64, 'size'=>40), + 'label' => 'AWS Secret Access Key', + )), + ); + } + + function pre_save(&$config, &$errors) { + $credentials = array( + 'key' => $config['aws-key-id'], + 'secret' => $config['secret-access-key'] + ?: Crypto::decrypt($this->get('secret-access-key'), SECRET_SALT, + $this->getNamespace()), + ); + if ($config['aws-region']) + $credentials['region'] = $config['aws-region']; + + if (!$credentials['secret']) + $this->getForm()->getField('secret-access-key')->addError( + 'Secret access key is required'); + + $s3 = Aws\S3\S3Client::factory($credentials); + + try { + $s3->headBucket(array('Bucket'=>$config['bucket'])); + } + catch (Aws\S3\Exception\AccessDeniedException $e) { + $errors['err'] = + 'User does not have access to this bucket: '.(string)$e; + } + catch (Aws\S3\Exception\NoSuchBucketException $e) { + $this->getForm()->getField('bucket')->addError( + 'Bucket does not exist'); + } + + if (!$errors && $config['secret-access-key']) + $config['secret-access-key'] = Crypto::encrypt($config['secret-access-key'], + SECRET_SALT, $this->getNamespace()); + + return true; + } +} diff --git a/storage-s3/plugin.php b/storage-s3/plugin.php new file mode 100644 index 00000000..b2b36158 --- /dev/null +++ b/storage-s3/plugin.php @@ -0,0 +1,20 @@ + 'storage:s3', + 'version' => '0.1', + 'name' => 'Attachments hosted in Amazon S3', + 'author' => 'Jared Hancock', + 'description' => 'Enables storing attachments in Amazon S3', + 'url' => 'http://www.osticket.com/plugins/storage-s3', + 'includes' => array( + 'lib/aws/aws-sdk-php/src/Aws/S3' => 'lib/Aws/S3', + 'lib/aws/aws-sdk-php/src/Aws/Common' => 'lib/Aws/Common', + 'lib/symfony/event-dispatcher/Symfony' => 'lib/Symfony', + 'lib/symfony/class-loader/Symfony' => 'lib/Symfony', + 'lib/guzzle/guzzle/src/Guzzle' => 'lib/Guzzle', + ), + 'plugin' => 'storage.php:S3StoragePlugin' +); + +?> diff --git a/storage-s3/storage.php b/storage-s3/storage.php new file mode 100644 index 00000000..615432e8 --- /dev/null +++ b/storage-s3/storage.php @@ -0,0 +1,203 @@ +getInfo(); + static::$__config = $config; + } + function getConfig() { + return static::$__config; + } + + function __construct($meta) { + parent::__construct($meta); + $credentials = array( + 'key' => static::$config['aws-key-id'], + 'secret' => Crypto::decrypt(static::$config['secret-access-key'], + SECRET_SALT, static::getConfig()->getNamespace()), + ); + if ($config['aws-region']) + $credentials['region'] = $config['aws-region']; + + $this->client = S3Client::factory($credentials); + } + + function read($bytes=false) { + try { + if (!$this->body) + $this->openReadStream(); + return $this->body->read($bytes ?: $this->blocksize); + } + catch (Aws\S3\Exception\NoSuchKeyException $e) { + throw new IOException($this->meta->getKey() + .': Unable to locate file: '.(string)$e); + } + } + + function fpassthru() { + try { + $res = $this->client->getObject(array( + 'Bucket' => static::$config['bucket'], + 'Key' => $this->meta->getKey(), + )); + fpassthru($res['Body']); + } + catch (Aws\S3\Exception\NoSuchKeyException $e) { + throw new IOException($this->meta->getKey() + .': Unable to locate file: '.(string)$e); + } + } + + function write($block) { + if (!$this->body) + $this->openWriteStream(); + return $this->body->write($block); + } + + function flush() { + return $this->upload($this->body); + } + + function upload($filepath) { + if ($filepath instanceof EntityBody) + $filepath->rewind(); + elseif (is_string($filepath)) + $filepath = fopen($filepath, 'r'); + + try { + $this->client->upload( + static::$config['bucket'], + $this->meta->getKey(), + $filepath, + static::$config['acl'] ?: 'private', + array('params' => array( + 'ContentType' => $this->meta->getType(), + 'CacheControl' => 'private, max-age=86400', + )) + ); + return true; + } + catch (S3Exception $e) { + throw new IOException('Unable to upload to S3: '.(string)$e); + } + return false; + } + + // Send a redirect when the file is requested locally + function sendRedirectUrl($disposition='inline') { + $now = time(); + Http::redirect($this->client->getObjectUrl( + static::$config['bucket'], + $this->meta->getKey(), + $now + 86400 - ($now % 86400), # Expire at midnight + array( + 'ResponseContentDisposition' => sprintf("%s; %s;", + $disposition, + Http::getDispositionFilename($this->meta->getName())), + ))); + return true; + } + + function unlink() { + try { + $this->client->deleteObject(array( + 'Bucket' => static::$config['bucket'], + 'Key' => $this->meta->getKey() + )); + return true; + } + catch (S3Exception $e) { + throw new IOException('Unable to remove object: ' + . (string) $e); + } + } + + // Adapted from Aws\S3\StreamWrapper + /** + * Serialize and sign a command, returning a request object + * + * @param CommandInterface $command Command to sign + * + * @return RequestInterface + */ + protected function getSignedRequest($command) + { + $request = $command->prepare(); + $request->dispatch('request.before_send', + array('request' => $request)); + + return $request; + } + + /** + * Initialize the stream wrapper for a read only stream + * + * @param array $params Operation parameters + * @param array $errors Any encountered errors to append to + * + * @return bool + */ + protected function openReadStream() { + $params = array( + 'Bucket' => static::$config['bucket'], + 'Key' => $this->meta->getKey(), + ); + + // Create the command and serialize the request + $request = $this->getSignedRequest( + $this->client->getCommand('GetObject', $params)); + // Create a stream that uses the EntityBody object + $factory = new PhpStreamRequestFactory(); + $this->body = $factory->fromRequest($request, array(), + array('stream_class' => 'Guzzle\Http\EntityBody')); + + return true; + } + + /** + * Initialize the stream wrapper for a write only stream + * + * @param array $params Operation parameters + * @param array $errors Any encountered errors to append to + * + * @return bool + */ + protected function openWriteStream() { + $this->body = new EntityBody(fopen('php://temp', 'r+')); + } +} + +require_once 'config.php'; + +class S3StoragePlugin extends Plugin { + var $config_class = 'S3StoragePluginConfig'; + + function bootstrap() { + require_once 'storage.php'; + S3StorageBackend::setConfig($this->getConfig()); + S3StorageBackend::$desc = sprintf('S3 (%s)', $this->getConfig()->get('bucket')); + FileStorageBackend::register('3', 'S3StorageBackend'); + } +} + +require_once dirname(__file__) + .'/lib/Symfony/Component/ClassLoader/UniversalClassLoader.php'; +use Symfony\Component\ClassLoader\UniversalClassLoader; +$loader = new UniversalClassLoader(); +$loader->registerNamespaceFallbacks(array( + dirname(__file__).'/lib')); +$loader->register(); From 03251907856c47d7733895953d318bafe1421535 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 3 Feb 2014 10:46:43 -0600 Subject: [PATCH 021/160] Implement blocksize for S3 --- storage-s3/storage.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/storage-s3/storage.php b/storage-s3/storage.php index 615432e8..b2a24c28 100644 --- a/storage-s3/storage.php +++ b/storage-s3/storage.php @@ -13,7 +13,7 @@ class S3StorageBackend extends FileStorageBackend { static $__config; private $body; - var $blocksize = 131072; + static $blocksize = 8192; # Default read size for sockets static function setConfig($config) { static::$config = $config->getInfo(); @@ -40,7 +40,16 @@ function read($bytes=false) { try { if (!$this->body) $this->openReadStream(); - return $this->body->read($bytes ?: $this->blocksize); + // Reads may be cut short to 8k. Try to read $bytes if at all + // possible. + $chunk = ''; + $bytes = $bytes ?: self::getBlockSize(); + while (strlen($chunk) < $bytes) { + $buf = $this->body->read($bytes - strlen($chunk)); + if (!$buf) break; + $chunk .= $buf; + } + return $chunk; } catch (Aws\S3\Exception\NoSuchKeyException $e) { throw new IOException($this->meta->getKey() From e5afeb6625ab787abc2bf4b4186687e45f67a80e Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Tue, 4 Feb 2014 13:55:43 -0600 Subject: [PATCH 022/160] s3: Copy password on save (if not set) --- storage-s3/config.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/storage-s3/config.php b/storage-s3/config.php index a525b7e0..755f51c3 100644 --- a/storage-s3/config.php +++ b/storage-s3/config.php @@ -86,6 +86,8 @@ function pre_save(&$config, &$errors) { if (!$errors && $config['secret-access-key']) $config['secret-access-key'] = Crypto::encrypt($config['secret-access-key'], SECRET_SALT, $this->getNamespace()); + else + $config['secret-access-key'] = $this->get('secret-access-key'); return true; } From 3f6c7237f6f3a9b9650844fdb251454b19ce1374 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Fri, 21 Feb 2014 10:42:59 -0600 Subject: [PATCH 023/160] ldap: Fixup path for PEAR includes --- auth-ldap/authentication.php | 1 + 1 file changed, 1 insertion(+) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 6fe7e62c..5ebf7b95 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -388,6 +388,7 @@ class LdapAuthPlugin extends Plugin { function bootstrap() { StaffAuthenticationBackend::register(new StaffLDAPAuthentication($this->getConfig())); + set_include_path(get_include_path().':'.dirname(__file__).'/include'); } } From 57b3edd5ed1d7b1e9fe15e8c09feb9a3a0fefecc Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Tue, 18 Mar 2014 16:21:13 -0500 Subject: [PATCH 024/160] Add `hydrate` command for non-phar users --- .gitignore | 2 + README.md | 5 + auth-ldap/plugin.php | 10 +- auth-passthru/authenticate.php | 37 ++++++ auth-passthru/plugin.php | 38 +------ composer.json | 17 --- make.php | 201 +++++++++++++++++++++++++++++---- storage-fs/plugin.php | 130 +-------------------- storage-fs/storage.php | 126 +++++++++++++++++++++ storage-s3/plugin.php | 22 +++- 10 files changed, 372 insertions(+), 216 deletions(-) create mode 100644 auth-passthru/authenticate.php delete mode 100644 composer.json create mode 100644 storage-fs/storage.php diff --git a/.gitignore b/.gitignore index cdd8f1a8..7d383bc6 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,5 @@ stage # Ignore installed dependencies and composer if placed here lib/ composer.phar +composer.lock +composer.json diff --git a/README.md b/README.md index fc2dc4a1..6f9e462a 100644 --- a/README.md +++ b/README.md @@ -8,3 +8,8 @@ Installing Clone this repo or download the zip file and place the contents into your `include/plugins` folder + +After cloning, `hydrate` the repo by downloading the third-party library +dependencies. + + php make.php hydrate diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index 777d2654..9c3718fe 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -10,9 +10,13 @@ servers', 'url' => 'http://www.osticket.com/plugins/auth/ldap', 'plugin' => 'authentication.php:LdapAuthPlugin', - 'includes' => array( - # Install (into the PHAR) PEAR Net_LDAP2 into include/ - 'lib/pear-pear.php.net/Net_LDAP2' => 'include', + 'requires' => array( + "pear-pear/Net_LDAP2" => array( + "version" => "*", + "map" => array( + 'pear-pear.php.net/Net_LDAP2' => 'include', + ), + ), ), ); diff --git a/auth-passthru/authenticate.php b/auth-passthru/authenticate.php new file mode 100644 index 00000000..a4fb79a9 --- /dev/null +++ b/auth-passthru/authenticate.php @@ -0,0 +1,37 @@ +getId()) + return $user; + + // TODO: Consider client sessions + } + } +} + +class PassthruAuthPlugin extends Plugin { + function bootstrap() { + StaffAuthenticationBackend::register('HttpAuthentication'); + } +} diff --git a/auth-passthru/plugin.php b/auth-passthru/plugin.php index 63a644f0..3324cddc 100644 --- a/auth-passthru/plugin.php +++ b/auth-passthru/plugin.php @@ -1,41 +1,5 @@ getId()) - return $user; - - // TODO: Consider client sessions - } - } -} - -class PassthruAuthPlugin extends Plugin { - function bootstrap() { - StaffAuthenticationBackend::register('HttpAuthentication'); - } -} - return array( 'id' => 'auth:passthru', # notrans 'version' => '0.1', @@ -45,7 +9,7 @@ function bootstrap() { the authentication of the user. osTicket will match the username from the server authentication to a username defined internally', 'url' => 'http://www.osticket.com/plugins/auth/passthru', - 'plugin' => 'PassthruAuthPlugin' + 'plugin' => 'authenticate.php:PassthruAuthPlugin' ); ?> diff --git a/composer.json b/composer.json deleted file mode 100644 index b3d407c1..00000000 --- a/composer.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name": "osTicket/core-plugins", - "repositories": [ - { - "type": "pear", - "url": "http://pear.php.net" - } - ], - "require": { - "symfony/class-loader": "*", - "aws/aws-sdk-php": "2.*", - "pear-pear/Net_LDAP2": "*" - }, - "config": { - "vendor-dir": "lib" - } -} diff --git a/make.php b/make.php index 23e8a9c3..7b60793d 100644 --- a/make.php +++ b/make.php @@ -156,9 +156,18 @@ function showHelp() { if ($this->arguments) { echo "\nArguments:\n"; - foreach ($this->arguments as $name=>$help) + foreach ($this->arguments as $name=>$help) { + $extra = ''; + if (isset($help['options']) && is_array($help['options'])) { + foreach($help['options'] as $op=>$desc) + $extra .= wordwrap( + "\n $op - $desc", 76, "\n "); + } + $help = $help['help']; echo $name . "\n " . wordwrap( - preg_replace('/\s+/', ' ', $help), 76, "\n ")."\n"; + preg_replace('/\s+/', ' ', $help), 76, "\n ") + .$extra."\n"; + } } if ($this->epilog) { @@ -202,11 +211,23 @@ function parseOptions() { list($this->_options, $this->_args) = $this->parseArgs(array_slice($argv, 1)); - foreach (array_keys($this->arguments) as $idx=>$name) - if (!isset($this->_args[$idx])) + foreach (array_keys($this->arguments) as $idx=>$name) { + if (!is_array($this->arguments[$name])) + $this->arguments[$name] = array( + 'help' => $this->arguments[$name]); + $this->arguments[$name]['idx'] = $idx; + } + + foreach ($this->arguments as $name=>$info) { + if (!isset($this->_args[$info['idx']])) { + if (isset($info['required']) && !$info['required']) + continue; $this->optionError($name . " is a required argument"); - else - $this->_args[$name] = &$this->_args[$idx]; + } + else { + $this->_args[$name] = &$this->_args[$info['idx']]; + } + } foreach ($this->options as $name=>$opt) if (!isset($this->_options[$name])) @@ -273,26 +294,40 @@ class PluginBuilder extends Module { "Inspects, tests, and builds a plugin PHAR file"; var $arguments = array( - 'action' => "What to do with the plugin", - 'plugin' => "Plugin to be compiled", + 'action' => array( + 'help' => "What to do with the plugin", + 'options' => array( + 'build' => 'Compile a PHAR file for a plugin', + 'hydrate' => 'Prep plugin folders for embedding in osTicket directly', + ), + ), + 'plugin' => array( + 'help' => "Plugin to be compiled", + 'required' => false + ), ); var $options = array( 'sign' => array('-S','--sign', 'metavar'=>'KEY', 'help'=> 'Sign the compiled PHAR file with the provided OpenSSL private key file'), + 'verbose' => array('-v','--verbose','help'=> + 'Be more verbose','default'=>false, 'action'=>'store_true'), ); function run($args, $options) { - $plugin = $args['plugin']; - - if (!file_exists($plugin)) - $this->fail("Plugin folder '$plugin' does not exist"); - switch (strtolower($args['action'])) { case 'build': + $plugin = $args['plugin']; + + if (!file_exists($plugin)) + $this->fail("Plugin folder '$plugin' does not exist"); + $this->_build($plugin, $options); break; + case 'hydrate': + $this->_hydrate(); + break; default: $this->fail("Unsupported MAKE action. See help"); } @@ -315,26 +350,145 @@ function _build($plugin, $options) { // Read plugin info $info = (include "$plugin/plugin.php"); + //$this->resolveDependencies(); + $phar->buildFromDirectory($plugin); // Add library dependencies - if (isset($info['includes'])) { + if (isset($info['requires'])) { $includes = array(); - foreach ($info['includes'] as $local => $lib) { - $lib = trim($lib, '/').'/'; - $full = rtrim(realpath($local),'/').'/'; - $files = new RecursiveIteratorIterator( - new RecursiveDirectoryIterator($full), - RecursiveIteratorIterator::SELF_FIRST); - foreach ($files as $f) { - $includes[str_replace($full, $lib, $f->getPathname())] - = $f->getPathname(); + foreach ($info['requires'] as $lib=>$info) { + if (!isset($info['map'])) + continue; + foreach ($info['map'] as $lib=>$local) { + $phar_path = trim($local, '/').'/'; + $full = rtrim(dirname(__file__).'/lib/'.$lib,'/').'/'; + $files = new RecursiveIteratorIterator( + new RecursiveDirectoryIterator($full), + RecursiveIteratorIterator::SELF_FIRST); + foreach ($files as $f) { + $includes[str_replace($full, $phar_path, $f->getPathname())] + = $f->getPathname(); + } } } $phar->buildFromIterator(new ArrayIterator($includes)); } $phar->setStub(''); # resolveDependencies(); + + // Move things into place + foreach (glob(dirname(__file__).'/*/plugin.php') as $plugin) { + $p = (include $plugin); + if (!isset($p['requires']) || !is_array($p['requires'])) + continue; + foreach ($p['requires'] as $lib=>$info) { + if (!isset($info['map']) || !is_array($info['map'])) + continue; + foreach ($info['map'] as $lib=>$local) { + $source = dirname(__file__).'/lib/'.$lib; + $dest = dirname($plugin).'/'.$local; + if ($this->options['verbose']) { + $left = str_replace(dirname(__file__).'/', '', $source); + $right = str_replace(dirname(__file__).'/', '', $dest); + $this->stdout->write("Hydrating :: $left => $right\n"); + } + foreach ( + $iterator = new RecursiveIteratorIterator( + new RecursiveDirectoryIterator($source, RecursiveDirectoryIterator::SKIP_DOTS), + RecursiveIteratorIterator::SELF_FIRST) as $item + ) { + if ($item->isDir()) + continue; + + $target = $dest . DIRECTORY_SEPARATOR . $iterator->getSubPathName(); + $parent = dirname($target); + if (!file_exists($parent)) + mkdir($parent, 0777, true); + copy($item, $target); + } + } + } + } + } + + function _http_get($url) { + #curl post + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_USERAGENT, 'osTicket-cli'); + curl_setopt($ch, CURLOPT_HEADER, FALSE); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, FALSE); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); + $result=curl_exec($ch); + $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); + + return array($code, $result); + } + + function ensureComposer() { + if (file_exists(dirname(__file__).'/composer.phar')) + return true; + + return static::getComposer(); + } + + function getComposer() { + list($code, $phar) = $this->_http_get('https://getcomposer.org/composer.phar'); + + if (!($fp = fopen(dirname(__file__).'/composer.phar', 'wb'))) + $this->fail('Cannot install composer: Unable to write "composer.phar"'); + + fwrite($fp, $phar); + fclose($fp); + } + + function resolveDependencies() { + // Build dependency list + $requires = array(); + foreach (glob(dirname(__file__).'/*/plugin.php') as $plugin) { + $p = (include $plugin); + if (isset($p['requires'])) + foreach ($p['requires'] as $lib=>$info) + $requires[$lib] = $info['version']; + } + + // Write composer.json file + $composer = <<fail('Unable to save "composer.json"'); + + fwrite($fp, $composer); + fclose($fp); + + $this->ensureComposer(); + + $php = defined('PHP_BINARY') ? PHP_BINARY : 'php'; + if (file_exists(dirname(__file__)."/composer.lock")) + passthru($php." ".dirname(__file__)."/composer.phar -v update"); + else + passthru($php." ".dirname(__file__)."/composer.phar -v install"); + } } $registered_modules = array(); @@ -346,4 +500,3 @@ function _build($plugin, $options) { $builder->_run(basename(__file__)); ?> - diff --git a/storage-fs/plugin.php b/storage-fs/plugin.php index 653db222..2628b0db 100644 --- a/storage-fs/plugin.php +++ b/storage-fs/plugin.php @@ -1,133 +1,5 @@ meta->getKey(); - $filename = $this->getPath($hash); - if (!$this->fp) - $this->fp = @fopen($filename, 'rb'); - if (!$this->fp) - throw new IOException($filename.': Unable to open for reading'); - if ($offset) - fseek($this->fp, $offset); - if (($status = @fread($this->fp, $bytes ?: self::getBlocksize())) === false) - throw new IOException($filename.': Unable to read from file'); - return $status; - } - - function passthru() { - $hash = $this->meta->getKey(); - $filename = $this->getPath($hash); - // TODO: Raise IOException on failure - if (($status = @readfile($filename)) === false) - throw new IOException($filename.': Unable to read from file'); - return $status; - } - - function write($data) { - $hash = $this->meta->getKey(); - $filename = $this->getPath($hash); - if (!$this->fp) - $this->fp = @fopen($filename, 'wb'); - if (!$this->fp) - throw new IOException($filename.': Unable to open for reading'); - if (($status = @fwrite($this->fp, $data)) === false) - throw new IOException($filename.': Unable to write to file'); - return $status; - } - - function upload($filepath) { - $destination = $this->getPath($this->meta->getKey()); - if (!@move_uploaded_file($filepath, $destination)) - throw new IOException($filepath.': Unable to move file'); - // TODO: Consider CHMOD on the file - return true; - } - - function unlink() { - $filename = $this->getPath($this->meta->getKey()); - if (!@unlink($filename)) - throw new IOException($filename.': Unable to delete file'); - return true; - } - - function getPath($hash) { - // TODO: Make this configurable - $prefix = $hash[0]; - $base = static::$base; - if ($base[0] != '/' && $base[1] != ':') - $base = ROOT_DIR . $base; - // Auto-create the subfolders - $base .= '/'.$prefix; - if (!is_dir($base)) - mkdir($base, 751); - - return $base.'/'.$hash; - } -} - -class FsStoragePluginConfig extends PluginConfig { - function getOptions() { - return array( - 'desc' => new SectionBreakField(array( - 'label' => 'File System', - 'hint' => 'Once enabled and configured please change the storage backend in Admin Panel -> Settings -> Attachments', - )), - 'uploadpath' => new TextboxField(array( - 'label'=>'Base folder for attachment files', - 'hint'=>'The path must already exist and be writeable by the - web server. If the path starts with neither a `/` or a - drive letter, the path will be assumed to be relative to - the root of osTicket', - 'configuration'=>array('size'=>60, 'length'=>120), - 'required'=>true, - )), - ); - } - - function pre_save($config, &$errors) { - $path = $config['uploadpath']; - if ($path[0] != '/' && $path[1] != ':') - $path = ROOT_DIR . $path; - - $field = $this->getForm()->getField('uploadpath'); - $file = md5(microtime()); - if (!@is_dir($path)) - $field->addError('Path does not exist'); - elseif (!@opendir($path)) - $field->addError('Unable to access directory'); - elseif (!@touch("$path/$file")) - $field->addError('Unable to write to directory'); - elseif (!@unlink("$path/$file")) - $field->addError('Unable to remove files from directory'); - else - touch("$path/.keep"); - return true; - } -} - -class FsStoragePlugin extends Plugin { - var $config_class = 'FsStoragePluginConfig'; - - function bootstrap() { - $uploadpath = $this->getConfig()->get('uploadpath'); - if ($uploadpath) { - FileStorageBackend::register('F', 'FilesystemStorage'); - FilesystemStorage::$base = $uploadpath; - FilesystemStorage::$desc = 'Filesystem: '.$uploadpath; - } - } -} - return array( 'id' => 'storage:fs', # notrans 'version' => '0.2', @@ -135,7 +7,7 @@ function bootstrap() { 'author' => 'Jared Hancock', 'description' => 'Enables storing attachments on the filesystem', 'url' => 'http://www.osticket.com/plugins/storage-fs', - 'plugin' => 'FsStoragePlugin' + 'plugin' => 'storage.php:FsStoragePlugin' ); ?> diff --git a/storage-fs/storage.php b/storage-fs/storage.php new file mode 100644 index 00000000..f330c0cf --- /dev/null +++ b/storage-fs/storage.php @@ -0,0 +1,126 @@ +meta->getKey(); + $filename = $this->getPath($hash); + if (!$this->fp) + $this->fp = @fopen($filename, 'rb'); + if (!$this->fp) + throw new IOException($filename.': Unable to open for reading'); + if ($offset) + fseek($this->fp, $offset); + if (($status = @fread($this->fp, $bytes)) === false) + throw new IOException($filename.': Unable to read from file'); + return $status; + } + + function passthru() { + $hash = $this->meta->getKey(); + $filename = $this->getPath($hash); + // TODO: Raise IOException on failure + if (($status = @readfile($filename)) === false) + throw new IOException($filename.': Unable to read from file'); + return $status; + } + + function write($data) { + $hash = $this->meta->getKey(); + $filename = $this->getPath($hash); + if (!$this->fp) + $this->fp = @fopen($filename, 'wb'); + if (!$this->fp) + throw new IOException($filename.':Unable to open for reading'); + if (($status = @fwrite($this->fp, $data)) === false) + throw new IOException($filename.': Unable to write to file'); + return $status; + } + + function upload($filepath) { + $destination = $this->getPath($this->meta->getKey()); + if (!@move_uploaded_file($filepath, $destination)) + throw new IOException($filepath.': Unable to move file'); + // TODO: Consider CHMOD on the file + return true; + } + + function unlink() { + $filename = $this->getPath($this->meta->getKey()); + if (!@unlink($filename)) + throw new IOException($filename.': Unable to delete file'); + return true; + } + + function getPath($hash) { + // TODO: Make this configurable + $prefix = $hash[0]; + $base = static::$base; + if ($base[0] != '/' && $base[1] != ':') + $base = ROOT_DIR . $base; + // Auto-create the subfolders + $base .= '/'.$prefix; + if (!is_dir($base)) + mkdir($base, 751); + + return $base.'/'.$hash; + } +} + +class FsStoragePluginConfig extends PluginConfig { + function getOptions() { + return array( + 'uploadpath' => new TextboxField(array( + 'label'=>'Base folder for attachment files', + 'hint'=>'The path must already exist and be writeable by the + web server. If the path starts with neither a `/` or a + drive letter, the path will be assumed to be relative to + the root of osTicket', + 'configuration'=>array('size'=>40), + 'required'=>true, + )), + ); + } + + function pre_save($config, &$errors) { + $path = $config['uploadpath']; + if ($path[0] != '/' && $path[1] != ':') + $path = ROOT_DIR . $path; + + $field = $this->getForm()->getField('uploadpath'); + $file = md5(microtime()); + if (!@is_dir($path)) + $field->addError('Path does not exist'); + elseif (!@opendir($path)) + $field->addError('Unable to access directory'); + elseif (!@touch("$path/$file")) + $field->addError('Unable to write to directory'); + elseif (!@unlink("$path/$file")) + $field->addError('Unable to remove files from directory'); + else + touch("$path/.keep"); + return true; + } +} + +class FsStoragePlugin extends Plugin { + var $config_class = 'FsStoragePluginConfig'; + + function bootstrap() { + $uploadpath = $this->getConfig()->get('uploadpath'); + if ($uploadpath) { + FileStorageBackend::register('F', 'FilesystemStorage'); + FilesystemStorage::$base = $uploadpath; + FilesystemStorage::$desc = 'Filesystem: '.$uploadpath; + } + } +} + diff --git a/storage-s3/plugin.php b/storage-s3/plugin.php index b2b36158..251e4c65 100644 --- a/storage-s3/plugin.php +++ b/storage-s3/plugin.php @@ -7,12 +7,22 @@ 'author' => 'Jared Hancock', 'description' => 'Enables storing attachments in Amazon S3', 'url' => 'http://www.osticket.com/plugins/storage-s3', - 'includes' => array( - 'lib/aws/aws-sdk-php/src/Aws/S3' => 'lib/Aws/S3', - 'lib/aws/aws-sdk-php/src/Aws/Common' => 'lib/Aws/Common', - 'lib/symfony/event-dispatcher/Symfony' => 'lib/Symfony', - 'lib/symfony/class-loader/Symfony' => 'lib/Symfony', - 'lib/guzzle/guzzle/src/Guzzle' => 'lib/Guzzle', + 'requires' => array( + "symfony/class-loader" => array( + 'version' => "*", + 'map' => array( + 'symfony/class-loader/Symfony' => 'lib/Symfony', + ), + ), + "aws/aws-sdk-php" => array( + 'version' => "2.*", + 'map' => array( + 'aws/aws-sdk-php/src/Aws/S3' => 'lib/Aws/S3', + 'aws/aws-sdk-php/src/Aws/Common' => 'lib/Aws/Common', + 'symfony/event-dispatcher/Symfony' => 'lib/Symfony', + 'guzzle/guzzle/src/Guzzle' => 'lib/Guzzle', + ), + ), ), 'plugin' => 'storage.php:S3StoragePlugin' ); From 0af61933d51382ea5a85c927ae821588b7573bd0 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 20 Mar 2014 16:42:49 -0500 Subject: [PATCH 025/160] No implied update of dependencies when building --- make.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/make.php b/make.php index 7b60793d..6ae9ce28 100644 --- a/make.php +++ b/make.php @@ -350,7 +350,7 @@ function _build($plugin, $options) { // Read plugin info $info = (include "$plugin/plugin.php"); - //$this->resolveDependencies(); + $this->resolveDependencies(false); $phar->buildFromDirectory($plugin); @@ -447,7 +447,7 @@ function getComposer() { fclose($fp); } - function resolveDependencies() { + function resolveDependencies($autoupdate=true) { // Build dependency list $requires = array(); foreach (glob(dirname(__file__).'/*/plugin.php') as $plugin) { @@ -484,8 +484,10 @@ function resolveDependencies() { $this->ensureComposer(); $php = defined('PHP_BINARY') ? PHP_BINARY : 'php'; - if (file_exists(dirname(__file__)."/composer.lock")) - passthru($php." ".dirname(__file__)."/composer.phar -v update"); + if (file_exists(dirname(__file__)."/composer.lock")) { + if ($autoupdate) + passthru($php." ".dirname(__file__)."/composer.phar -v update"); + } else passthru($php." ".dirname(__file__)."/composer.phar -v install"); } From dc4a1b0582eb5a761d68822a49b572a4441b3988 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Tue, 25 Mar 2014 16:54:19 -0500 Subject: [PATCH 026/160] Implement client authentication via LDAP --- auth-ldap/authentication.php | 74 ++++++++++++++++++++++++++++++------ auth-ldap/config.php | 21 ++++++++++ auth-ldap/plugin.php | 2 +- 3 files changed, 85 insertions(+), 12 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 5ebf7b95..546d2ada 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -66,9 +66,11 @@ class LDAPAuthentication { ); var $config; + var $type = 'staff'; - function __construct($config) { + function __construct($config, $type='staff') { $this->config = $config; + $this->type = $type; } function getConfig() { return $this->config; @@ -120,7 +122,12 @@ function getServers() { } } - function getConnection() { + function getConnection($force_reconnect=false) { + static $connection = null; + + if ($connection && !$force_reconnect) + return $connection; + require_once('include/Net/LDAP2.php'); // Set reasonable timeout limits $defaults = array( @@ -146,8 +153,10 @@ function getConnection() { $params = $defaults + $s; $c = new Net_LDAP2($params); $r = $c->bind(); - if (!PEAR::isError($r)) + if (!PEAR::isError($r)) { + $connection = $c; return $c; + } } } @@ -201,7 +210,7 @@ function($match) use ($username, $domain, $config) { ); $r = $c->bind($dn, $password); if (!PEAR::isError($r)) - return $this->lookupAndSync($username); + return $this->lookupAndSync($username, $dn); // Another effort is to search for the user if (!$this->_bind($c)) @@ -223,7 +232,7 @@ function($match) use ($username, $domain, $config) { // TODO: Save the DN in the config table so a lookup isn't necessary // in the future - return $this->lookupAndSync($username); + return $this->lookupAndSync($username, $r->current()->dn()); } /** @@ -249,9 +258,9 @@ function getSchema($connection) { return '2307'; } - function lookup($lookup_dn) { + function lookup($lookup_dn, $bind=true) { $c = $this->getConnection(); - if (!$this->_bind($c)) + if ($bind && !$this->_bind($c)) return null; $schema = static::$schemas[$this->getSchema($c)]; @@ -338,9 +347,34 @@ function _getUserInfoArray($e, $schema) { ); } - function lookupAndSync($username) { - if (($user = new StaffSession($username)) && $user->getId()) - return $user; + function lookupAndSync($username, $dn) { + switch ($this->type) { + case 'staff': + if (($user = new StaffSession($username)) && $user->getId()) + return $user; + break; + case 'client': + // Lookup all the information on the user. Try to get the email + // addresss as well as the username when looking up the user + // locally. + if (!($info = $this->lookup($dn, false))) + return; + + $acct = false; + foreach (array($username, $info['username'], $info['email']) as $name) { + if ($acct = ClientAccount::lookupByUsername($name)) + break; + } + if (!$acct) + return; + + if (($client = new ClientSession(new EndUser($acct->getUser()))) + && !$client->getId()) + return; + + return $client; + } + // TODO: Auto-create users, etc. } } @@ -381,13 +415,31 @@ function search($query) { } } +class ClientLDAPAuthentication extends UserAuthenticationBackend { + static $name = "Active Directory or LDAP"; + static $id = "ldap.client"; + + function __construct($config) { + $this->_ldap = new LDAPAuthentication($config, 'client'); + } + + function authenticate($username, $password=false, $errors=array()) { + return $this->_ldap->authenticate($username, $password); + } +} + require_once(INCLUDE_DIR.'class.plugin.php'); require_once('config.php'); class LdapAuthPlugin extends Plugin { var $config_class = 'LdapConfig'; function bootstrap() { - StaffAuthenticationBackend::register(new StaffLDAPAuthentication($this->getConfig())); + $config = $this->getConfig(); + if ($config->get('auth-staff')) + StaffAuthenticationBackend::register(new StaffLDAPAuthentication($config)); + if ($config->get('auth-client')) + UserAuthenticationBackend::register(new ClientLDAPAuthentication($config)); + set_include_path(get_include_path().':'.dirname(__file__).'/include'); } } diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 6f08ff07..bc9cb2ee 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -91,6 +91,27 @@ function($self, $val) { '2307' => 'Posix Account', ), )), + + 'auth' => new SectionBreakField(array( + 'label' => 'Authentication Modes', + 'hint' => 'Accounts must be created locally for both clients and staff before they can be authenticated', + 'hint' => 'Authentication modes for clients and staff + members can be enabled independently', + )), + 'auth-staff' => new BooleanField(array( + 'label' => 'Staff Authentication', + 'default' => true, + 'configuration' => array( + 'desc' => 'Enable authentication of staff members' + ) + )), + 'auth-client' => new BooleanField(array( + 'label' => 'Client Authentication', + 'default' => false, + 'configuration' => array( + 'desc' => 'Enable authentication of clients' + ) + )), ); } diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index 9c3718fe..b24645fc 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -2,7 +2,7 @@ return array( 'id' => 'auth:ldap', # notrans - 'version' => '0.4', + 'version' => '0.5', 'name' => 'LDAP Authentication and Lookup', 'author' => 'Jared Hancock', 'description' => 'Provides a configurable authentication backend From d8c507aa243b2e4bd0667de8bfa27c8578658dbd Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Wed, 26 Mar 2014 11:03:48 -0500 Subject: [PATCH 027/160] Implement CreateClientRequest cooperation --- auth-ldap/authentication.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 546d2ada..a569c212 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -366,7 +366,7 @@ function lookupAndSync($username, $dn) { break; } if (!$acct) - return; + return new ClientCreateRequest($this, $username, $info); if (($client = new ClientSession(new EndUser($acct->getUser()))) && !$client->getId()) @@ -421,10 +421,15 @@ class ClientLDAPAuthentication extends UserAuthenticationBackend { function __construct($config) { $this->_ldap = new LDAPAuthentication($config, 'client'); + if ($domain = $config->get('domain')) + self::$name .= sprintf(' (%s)', $domain); } function authenticate($username, $password=false, $errors=array()) { - return $this->_ldap->authenticate($username, $password); + $object = $this->_ldap->authenticate($username, $password); + if ($object instanceof ClientCreateRequest) + $object->setBackend($this); + return $object; } } From 20fea986784ff7df543df09ea37408f236ca42fb Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 7 Apr 2014 10:26:18 -0500 Subject: [PATCH 028/160] Fixup ClientCreateRequest after searching for user --- auth-ldap/authentication.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index a569c212..73f39e76 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -226,8 +226,8 @@ function($match) use ($username, $domain, $config) { // Attempt to bind as the DN of the user looked up with the password // specified - $r = $c->bind($r->current()->dn(), $password); - if (PEAR::isError($r)) + $bound = $c->bind($r->current()->dn(), $password); + if (PEAR::isError($bound)) return null; // TODO: Save the DN in the config table so a lookup isn't necessary From 8ad63506be3aa5e28979e4b287b6304b6ff81fa2 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 7 Apr 2014 10:27:01 -0500 Subject: [PATCH 029/160] Fixup include_path setup on plugin load --- auth-ldap/authentication.php | 4 ---- auth-ldap/plugin.php | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 73f39e76..19aacf02 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -444,9 +444,5 @@ function bootstrap() { StaffAuthenticationBackend::register(new StaffLDAPAuthentication($config)); if ($config->get('auth-client')) UserAuthenticationBackend::register(new ClientLDAPAuthentication($config)); - - set_include_path(get_include_path().':'.dirname(__file__).'/include'); } } - -?> diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index b24645fc..18615443 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -1,5 +1,5 @@ 'auth:ldap', # notrans 'version' => '0.5', From 0f48180718ede26b82c6b02cb45027ba309dab10 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 7 Apr 2014 15:25:26 -0500 Subject: [PATCH 030/160] Add missing ldap extension to a red banner --- auth-ldap/config.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/auth-ldap/config.php b/auth-ldap/config.php index bc9cb2ee..d9a5d57d 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -121,6 +121,8 @@ function pre_save(&$config, &$errors) { global $ost; if ($ost && !extension_loaded('ldap')) { $ost->setWarning('LDAP extension is not available'); + $errors['err'] = 'LDAP extension is not available. Please + install or enable the `php-ldap` extension on your web server'; return; } From 1e2596b90a5dd85dfa2cf89b1a4348b3195eb772 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 7 Apr 2014 17:21:14 -0500 Subject: [PATCH 031/160] s3: Use Content-MD5 header instead of download AWS supports sending a Content-MD5 header along with the data. The AWS server will re-hash the data received, and if the server-generated hash does not match the received hash, the request will fail and the content will be discarded. This offers a significant performance boost over the previous version, as the content of the file only needs to be sent over the internet once per transaction. --- storage-s3/storage.php | 43 +++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/storage-s3/storage.php b/storage-s3/storage.php index b2a24c28..36b6b8a5 100644 --- a/storage-s3/storage.php +++ b/storage-s3/storage.php @@ -12,6 +12,8 @@ class S3StorageBackend extends FileStorageBackend { static $config; static $__config; private $body; + private $upload_hash; + private $upload_hash_final; static $blocksize = 8192; # Default read size for sockets @@ -74,6 +76,9 @@ function fpassthru() { function write($block) { if (!$this->body) $this->openWriteStream(); + if (!isset($this->upload_hash)) + $this->upload_hash = hash_init('md5'); + hash_update($this->upload_hash, $block); return $this->body->write($block); } @@ -82,21 +87,32 @@ function flush() { } function upload($filepath) { - if ($filepath instanceof EntityBody) + if ($filepath instanceof EntityBody) { $filepath->rewind(); - elseif (is_string($filepath)) + // Hashing already performed in the ::write() method + } + elseif (is_string($filepath)) { $filepath = fopen($filepath, 'r'); + $this->upload_hash = hash_init('md5'); + hash_update_file($this->upload_hash, $filepath); + rewind($filepath); + } try { - $this->client->upload( + $params = array( + 'ContentType' => $this->meta->getType(), + 'CacheControl' => 'private, max-age=86400', + ); + if (isset($this->upload_hash)) + $params['Content-MD5'] = + $this->upload_hash_final = hash_final($this->upload_hash); + + $info = $this->client->upload( static::$config['bucket'], $this->meta->getKey(), $filepath, static::$config['acl'] ?: 'private', - array('params' => array( - 'ContentType' => $this->meta->getType(), - 'CacheControl' => 'private, max-age=86400', - )) + array('params' => $params) ); return true; } @@ -106,6 +122,19 @@ function upload($filepath) { return false; } + // Support MD5 hash via the returned ETag header; + function getNativeHashAlgos() { + return array('md5'); + } + + function getHashDigest($algo) { + if ($algo == 'md5' && isset($this->upload_hash_final)) + return $this->upload_hash_final; + + // Return nothing. The migrater will compute the hash by downloading + // the object contents + } + // Send a redirect when the file is requested locally function sendRedirectUrl($disposition='inline') { $now = time(); From a7e3a08711211bc98dca92538d28c3d66bb1427f Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Fri, 18 Apr 2014 16:13:04 -0500 Subject: [PATCH 032/160] Bump version code for AWS S3 storage --- storage-s3/plugin.php | 2 +- storage-s3/storage.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/storage-s3/plugin.php b/storage-s3/plugin.php index 251e4c65..9c847f5f 100644 --- a/storage-s3/plugin.php +++ b/storage-s3/plugin.php @@ -2,7 +2,7 @@ return array( 'id' => 'storage:s3', - 'version' => '0.1', + 'version' => '0.2', 'name' => 'Attachments hosted in Amazon S3', 'author' => 'Jared Hancock', 'description' => 'Enables storing attachments in Amazon S3', diff --git a/storage-s3/storage.php b/storage-s3/storage.php index 36b6b8a5..b61eb76b 100644 --- a/storage-s3/storage.php +++ b/storage-s3/storage.php @@ -92,9 +92,9 @@ function upload($filepath) { // Hashing already performed in the ::write() method } elseif (is_string($filepath)) { - $filepath = fopen($filepath, 'r'); $this->upload_hash = hash_init('md5'); hash_update_file($this->upload_hash, $filepath); + $filepath = fopen($filepath, 'r'); rewind($filepath); } From e17c89ff35864f51c495e92072b3bca0fef1fc7c Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Tue, 29 Apr 2014 14:29:45 -0500 Subject: [PATCH 033/160] oauth: Introduce external authentication with Google+ --- auth-oauth/authentication.php | 32 ++++++++ auth-oauth/config.php | 31 +++++++ auth-oauth/google.php | 147 ++++++++++++++++++++++++++++++++++ auth-oauth/plugin.php | 23 ++++++ 4 files changed, 233 insertions(+) create mode 100644 auth-oauth/authentication.php create mode 100644 auth-oauth/config.php create mode 100644 auth-oauth/google.php create mode 100644 auth-oauth/plugin.php diff --git a/auth-oauth/authentication.php b/auth-oauth/authentication.php new file mode 100644 index 00000000..9adc349a --- /dev/null +++ b/auth-oauth/authentication.php @@ -0,0 +1,32 @@ +getConfig(); + + # ----- Google Plus --------------------- + $google = $config->get('g-enabled'); + if (in_array($google, array('all', 'staff'))) { + require_once('google.php'); + StaffAuthenticationBackend::register( + new GoogleStaffAuthBackend($this->getConfig())); + } + if (in_array($google, array('all', 'client'))) { + require_once('google.php'); + UserAuthenticationBackend::register( + new GoogleClientAuthBackend($this->getConfig())); + } + } +} + +require_once(INCLUDE_DIR.'UniversalClassLoader.php'); +use Symfony\Component\ClassLoader\UniversalClassLoader_osTicket; +$loader = new UniversalClassLoader_osTicket(); +$loader->registerNamespaceFallbacks(array( + dirname(__file__).'/lib')); +$loader->register(); diff --git a/auth-oauth/config.php b/auth-oauth/config.php new file mode 100644 index 00000000..d1e69f1c --- /dev/null +++ b/auth-oauth/config.php @@ -0,0 +1,31 @@ + 'Authenticate', + 'choices' => array( + '0' => 'Disabled', + 'staff' => 'Agents Only', + 'client' => 'Clients Only', + 'all' => 'Agents and Clients', + ), + )); + return array( + 'google' => new SectionBreakField(array( + 'label' => 'Google+ Authentication', + )), + 'g-client-id' => new TextboxField(array( + 'label' => 'Client ID', + 'configuration' => array('size'=>60, 'length'=>100), + )), + 'g-client-secret' => new TextboxField(array( + 'label' => 'Client Secret', + 'configuration' => array('size'=>60, 'length'=>100), + )), + 'g-enabled' => clone $modes, + ); + } +} diff --git a/auth-oauth/google.php b/auth-oauth/google.php new file mode 100644 index 00000000..ea1ab49e --- /dev/null +++ b/auth-oauth/google.php @@ -0,0 +1,147 @@ +config = $config; + } + + function triggerAuth() { + $self = $this; + return Auth2::legs(3) + ->set('id', $this->config->get('g-client-id')) + ->set('secret', $this->config->get('g-client-secret')) + ->set('redirect', 'http://' . $_SERVER['HTTP_HOST'] + . ROOT_PATH . 'api/auth/ext') + ->set('scope', 'profile email') + + ->authorize('https://accounts.google.com/o/oauth2/auth') + ->access('https://accounts.google.com/o/oauth2/token') + + ->finally(function($data) use ($self) { + $self->access_token = $data['access_token']; + }); + } +} + +class GoogleStaffAuthBackend extends ExternalStaffAuthenticationBackend { + static $id = "google"; + static $name = "Google Plus"; + + static $sign_in_image_url = "https://developers.google.com/+/images/branding/sign-in-buttons/White-signin_Long_base_44dp.png"; + static $service_name = "Google+"; + + var $config; + + function __construct($config) { + $this->config = $config; + $this->google = new GoogleAuth($config); + } + + function signOn() { + // TODO: Check session for auth token + if (isset($_SESSION[':oauth']['email'])) { + if (($staff = new StaffSession($_SESSION[':oauth']['email'])) + && $staff->getId()) + return $staff; + + else + $_SESSION['_staff']['auth']['msg'] = 'Have your administrator create a local account'; + } + } + + static function signOut($user) { + parent::signOut($user); + unset($_SESSION[':oauth']); + } + + + function triggerAuth() { + parent::triggerAuth(); + $google = $this->google->triggerAuth(); + $google->GET( + "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=" + . $this->google->access_token) + ->then(function($response) { + require_once INCLUDE_DIR . 'class.json.php'; + if ($json = JsonDataParser::decode($response->text)) + $_SESSION[':oauth']['email'] = $json['email']; + Http::redirect(ROOT_PATH . 'scp'); + } + ); + } +} + +class GoogleClientAuthBackend extends ExternalUserAuthenticationBackend { + static $id = "google.client"; + static $name = "Google Plus"; + + static $sign_in_image_url = "https://developers.google.com/+/images/branding/sign-in-buttons/Red-signin_Long_base_44dp.png"; + static $service_name = "Google+"; + + function __construct($config) { + $this->config = $config; + $this->google = new GoogleAuth($config); + } + + function supportsInteractiveAuthentication() { + return false; + } + + function signOn() { + // TODO: Check session for auth token + if (isset($_SESSION[':oauth']['email'])) { + if (($acct = ClientAccount::lookupByUsername($_SESSION[':oauth']['email'])) + && $acct->getId() + && ($client = new ClientSession(new EndUser($acct->getUser())))) + return $client; + + elseif (isset($_SESSION[':oauth']['profile'])) { + // TODO: Prepare ClientCreateRequest + $profile = $_SESSION[':oauth']['profile']; + $info = array( + 'email' => $_SESSION[':oauth']['email'], + 'name' => $profile['displayName'], + ); + return new ClientCreateRequest($this, $info['email'], $info); + } + } + } + + static function signOut($user) { + parent::signOut($user); + unset($_SESSION[':oauth']); + } + + function triggerAuth() { + require_once INCLUDE_DIR . 'class.json.php'; + parent::triggerAuth(); + $google = $this->google->triggerAuth(); + $token = $this->google->access_token; + $google->GET( + "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=" + . $token) + ->then(function($response) use ($google, $token) { + if (!($json = JsonDataParser::decode($response->text))) + return; + $_SESSION[':oauth']['email'] = $json['email']; + $google->GET( + "https://www.googleapis.com/plus/v1/people/me?access_token=" + . $token) + ->then(function($response) { + if (!($json = JsonDataParser::decode($response->text))) + return; + $_SESSION[':oauth']['profile'] = $json; + Http::redirect(ROOT_PATH . 'login.php'); + } + ); + } + ); + } +} + + diff --git a/auth-oauth/plugin.php b/auth-oauth/plugin.php new file mode 100644 index 00000000..65cd0051 --- /dev/null +++ b/auth-oauth/plugin.php @@ -0,0 +1,23 @@ + 'auth:oath2', # notrans + 'version' => '0.1', + 'name' => 'Oauth2 Authentication and Lookup', + 'author' => 'Jared Hancock', + 'description' => 'Provides a configurable authentication backend + for authenticating staff and clients using an OATH2 server + interface.', + 'url' => 'http://www.osticket.com/plugins/auth/oauth', + 'plugin' => 'authentication.php:OauthAuthPlugin', + 'requires' => array( + "ohmy/auth" => array( + "version" => "*", + "map" => array( + "ohmy/auth/src" => 'lib', + ) + ), + ), +); + +?> From f60642b5cc207a3d76bab0f798ed105c162b5d2c Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Sat, 3 May 2014 21:00:25 -0500 Subject: [PATCH 034/160] ldap: Fix user name info lookup The attributes for first and last name were incorrect for Active Directory --- auth-ldap/authentication.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 19aacf02..32903e9a 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -29,9 +29,9 @@ class LDAPAuthentication { 'msad' => array( 'user' => array( 'filter' => '(objectClass=user)', - 'base' => 'CN=users', - 'first' => 'firstName', - 'last' => 'lastName', + 'base' => 'CN=Users', + 'first' => 'givenName', + 'last' => 'sn', 'full' => 'displayName', 'email' => 'mail', 'phone' => 'telephoneNumber', @@ -326,8 +326,8 @@ function _getValue($entry, $names) { function _getUserInfoArray($e, $schema) { // Detect first and last name if only full name is given - if (!($first = $e->getValue($schema['first'])) - || !($last = $e->getValue($schema['last']))) { + if (!($first = $this->_getValue($e, $schema['first'])) + || !($last = $this->_getValue($e, $schema['last']))) { $name = new PersonsName($this->_getValue($e, $schema['full'])); $first = $name->getFirst(); $last = $name->getLast(); From 7dc26a053562abcc1e6c7ccb282079b5638f8713 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Sat, 3 May 2014 21:00:51 -0500 Subject: [PATCH 035/160] ldap: Fix auto detection of Active Directory supportedCapabilities is not included by default for the rootDse lookup funciton in the Net_LDAP2 library. Perhaps Windows Server 2003 level Active Directory always included it. --- auth-ldap/authentication.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 32903e9a..22c1bc05 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -242,7 +242,7 @@ function($match) use ($username, $domain, $config) { function getSchema($connection) { $schema = $this->getConfig()->get('schema'); if (!$schema || $schema == 'auto') { - $dse = $connection->rootDse(); + $dse = $connection->rootDse(array('supportedCapabilities')); // Microsoft Active Directory // http://www.alvestrand.no/objectid/1.2.840.113556.1.4.800.html if (($caps = $dse->getValue('supportedCapabilities')) From aa246e673f6f515309f9eacfe4a22aa15fb4af25 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Sat, 3 May 2014 21:03:03 -0500 Subject: [PATCH 036/160] ldap: Fix user information lookup for Active Directory The user@domain syntax is not a correct distinguished name when querying Active Directory for user information. Instead, the search base should be queried for an object with (userPrinicipalName=user@domain) --- auth-ldap/authentication.php | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 22c1bc05..34084362 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -266,15 +266,26 @@ function lookup($lookup_dn, $bind=true) { $schema = static::$schemas[$this->getSchema($c)]; $schema = $schema['user']; $opts = array( - 'scope' => 'base', - 'sizelimit' => 1, 'attributes' => array_filter(flatten(array( $schema['first'], $schema['last'], $schema['full'], $schema['phone'], $schema['mobile'], $schema['email'], $schema['username'], ))) ); - $r = $c->search($lookup_dn, '(objectClass=*)', $opts); + switch ($this->getSchema($c)) { + case 'msad': + $r = $c->search( + $this->getSearchBase(), + sprintf('userPrincipalName=%s', $lookup_dn), + $opts); + break; + default: + $opts += array( + 'scope' => 'base', + 'sizelimit' => 1, + ); + $r = $c->search($lookup_dn, '(objectClass=*)', $opts); + } if (PEAR::isError($r) || !$r->count()) return null; @@ -316,9 +327,9 @@ function getSearchBase() { } function _getValue($entry, $names) { - foreach (splat($names) as $n) + foreach (array_filter(splat($names)) as $n) // Support multi-value attributes - foreach (splat($entry->getValue($n)) as $val) + foreach (splat($entry->getValue($n, 'all')) as $val) // Return the first non-bool-false value of the entries if ($val) return $val; From 63124e42e6be98817c301f6d5d52ca9c6d171518 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Sat, 3 May 2014 22:16:38 -0500 Subject: [PATCH 037/160] make: Don't attempt to add directories to PHARs --- make.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/make.php b/make.php index 6ae9ce28..8f642a0b 100644 --- a/make.php +++ b/make.php @@ -365,8 +365,14 @@ function _build($plugin, $options) { $full = rtrim(dirname(__file__).'/lib/'.$lib,'/').'/'; $files = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($full), - RecursiveIteratorIterator::SELF_FIRST); + RecursiveIteratorIterator::SELF_FIRST); foreach ($files as $f) { + if (file_exists("$plugin/$phar_path")) + // Hydrated + continue; + elseif ($f->isDir()) + // Unnecessary + continue; $includes[str_replace($full, $phar_path, $f->getPathname())] = $f->getPathname(); } @@ -374,7 +380,7 @@ function _build($plugin, $options) { } $phar->buildFromIterator(new ArrayIterator($includes)); } - $phar->setStub(''); # setStub(' Date: Mon, 5 May 2014 11:02:22 -0500 Subject: [PATCH 038/160] ldap: Allow lookup and registration to coexist The way registraiton lookup was corrected broke user lookups in the staff portal for Active Directory. This patch allows them to coexist by looking up the User's DN in the registration pipeline for Active Directory. --- auth-ldap/authentication.php | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 34084362..0672b86a 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -266,26 +266,15 @@ function lookup($lookup_dn, $bind=true) { $schema = static::$schemas[$this->getSchema($c)]; $schema = $schema['user']; $opts = array( + 'scope' => 'base', + 'sizelimit' => 1, 'attributes' => array_filter(flatten(array( $schema['first'], $schema['last'], $schema['full'], $schema['phone'], $schema['mobile'], $schema['email'], $schema['username'], ))) ); - switch ($this->getSchema($c)) { - case 'msad': - $r = $c->search( - $this->getSearchBase(), - sprintf('userPrincipalName=%s', $lookup_dn), - $opts); - break; - default: - $opts += array( - 'scope' => 'base', - 'sizelimit' => 1, - ); - $r = $c->search($lookup_dn, '(objectClass=*)', $opts); - } + $r = $c->search($lookup_dn, '(objectClass=*)', $opts); if (PEAR::isError($r) || !$r->count()) return null; @@ -365,6 +354,19 @@ function lookupAndSync($username, $dn) { return $user; break; case 'client': + $c = $this->getConnection(); + if ('msad' == $this->getSchema($c)) { + // The user login DN will be user@domain. We need an LDAP DN + // -- fetch the real DN which looks like `CN=blah,DC=` + // NOTE: Already bound, so no need to bind again + $r = $c->search( + $this->getSearchBase(), + sprintf('userPrincipalName=%s', $dn), + $opts); + if (!PEAR::isError($r) && $r->count()) + $dn = $r->current()->dn(); + } + // Lookup all the information on the user. Try to get the email // addresss as well as the username when looking up the user // locally. From 805ac21dd19649cdebb405712570f814fd85befb Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 5 May 2014 11:04:05 -0500 Subject: [PATCH 039/160] ldap: Auto add Active Directory domain to search user --- auth-ldap/config.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/auth-ldap/config.php b/auth-ldap/config.php index d9a5d57d..7e5ee00a 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -168,6 +168,16 @@ function pre_save(&$config, &$errors) { ); $c = new Net_LDAP2($info); $r = $c->bind(); + if (PEAR::isError($r)) { + if (false === strpos($config['bind_dn'], '@') + && false === strpos($config['bind_dn'], ',dc=')) { + // Assume Active Directory, add the default domain in + $config['bind_dn'] .= '@' . $config['domain']; + $info['bind_dn'] = $config['bind_dn']; + $c = new Net_LDAP2($info); + $r = $c->bind(); + } + } if (PEAR::isError($r)) { $connection_error = $r->getMessage() .': Unable to bind to '.$info['host']; From 6b55697b031139ecad6db59910a545778240468c Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 5 May 2014 11:29:21 -0500 Subject: [PATCH 040/160] ldap: Permit authentication by email and password --- auth-ldap/authentication.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 0672b86a..29936a34 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -39,7 +39,7 @@ class LDAPAuthentication { 'username' => 'sAMAccountName', 'dn' => '{username}@{domain}', 'search' => '(&(objectCategory=person)(objectClass=user)(|(sAMAccountName={q}*)(firstName={q}*)(lastName={q}*)(displayName={q}*)))', - 'lookup' => '(&(objectCategory=person)(objectClass=user)(sAMAccountName={q}))', + 'lookup' => '(&(objectCategory=person)(objectClass=user)({attr}={q}))', ), 'group' => array( 'ismember' => '(&(objectClass=user)(sAMAccountName={username}) @@ -60,7 +60,7 @@ class LDAPAuthentication { 'username' => 'uid', 'dn' => 'uid={username},{search_base}', 'search' => '(&(objectClass=inetOrgPerson)(|(uid={q}*)(displayName={q}*)(cn={q}*)))', - 'lookup' => '(&(objectClass=inetOrgPerson)(uid={q}))', + 'lookup' => '(&(objectClass=inetOrgPerson)({attr}={q}))', ), ), ); @@ -218,7 +218,12 @@ function($match) use ($username, $domain, $config) { $r = $c->search( $this->getSearchBase(), - str_replace('{q}', $username, $schema['lookup']), + str_replace( + array('{attr}','{q}'), + // Assume email address if the $username contains an @ sign + array(strpos($username, '@') ? $schema['email'] : $schema['username'], + $username), + $schema['lookup']), array('sizelimit' => 1) ); if (PEAR::isError($r) || !$r->count()) From dcdcddf50a391cbc371222e3a5d447255e3b8f78 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 19 May 2014 13:49:17 -0500 Subject: [PATCH 041/160] http: Implement pass-through auth for clients --- auth-passthru/authenticate.php | 61 +++++++++++++++++++++++++++++++++- auth-passthru/config.php | 38 +++++++++++++++++++++ 2 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 auth-passthru/config.php diff --git a/auth-passthru/authenticate.php b/auth-passthru/authenticate.php index a4fb79a9..8cbfb853 100644 --- a/auth-passthru/authenticate.php +++ b/auth-passthru/authenticate.php @@ -5,6 +5,10 @@ class HttpAuthentication extends StaffAuthenticationBackend { static $name = "HTTP Authentication"; static $id = "passthru"; + function supportsInteractiveAuthentication() { + return false; + } + function signOn() { if (isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) // User was authenticated by the HTTP server @@ -30,8 +34,63 @@ function signOn() { } } +class UserHttpAuthentication extends UserAuthenticationBackend { + static $name = "HTTP Authentication"; + static $id = "passthru.client"; + + function supportsInteractiveAuthentication() { + return false; + } + + function signOn() { + if (isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) + // User was authenticated by the HTTP server + $username = $_SERVER['REMOTE_USER']; + elseif (isset($_SERVER['REDIRECT_REMOTE_USER']) + && !empty($_SERVER['REDIRECT_REMOTE_USER'])) + $username = $_SERVER['REDIRECT_REMOTE_USER']; + + if ($username) { + // Support ActiveDirectory domain specification with either + // "user@domain" or "domain\user" formats + if (strpos($username, '@') !== false) + list($username, $domain) = explode('@', $username, 2); + elseif (strpos($username, '\\') !== false) + list($domain, $username) = explode('\\', $username, 2); + $username = trim(strtolower($username)); + + if ($acct = ClientAccount::lookupByUsername($username)) { + if (($client = new ClientSession(new EndUser($acct->getUser()))) + && $client->getId()) + return $client; + } + else { + // No such account. Attempt a lookup on the username + $users = parent::searchUsers($username); + if (!is_array($users)) + return; + + foreach ($users as $u) { + if (0 === strcasecmp($u['username'], $username) + || 0 === strcasecmp($u['email'], $username)) + // User information matches HTTP username + return new ClientCreateRequest($this, $username, $u); + } + } + } + } +} + +require_once(INCLUDE_DIR.'class.plugin.php'); +require_once('config.php'); class PassthruAuthPlugin extends Plugin { + var $config_class = 'PassthruAuthConfig'; + function bootstrap() { - StaffAuthenticationBackend::register('HttpAuthentication'); + $config = $this->getConfig(); + if ($config->get('auth-staff')) + StaffAuthenticationBackend::register('HttpAuthentication'); + if ($config->get('auth-client')) + UserAuthenticationBackend::register('UserHttpAuthentication'); } } diff --git a/auth-passthru/config.php b/auth-passthru/config.php new file mode 100644 index 00000000..2b9b597e --- /dev/null +++ b/auth-passthru/config.php @@ -0,0 +1,38 @@ + new SectionBreakField(array( + 'label' => 'Authentication Modes', + 'hint' => 'Authentication modes for clients and staff + members can be enabled independently. Client discovery + can be supported via a separate backend (such as LDAP)', + )), + 'auth-staff' => new BooleanField(array( + 'label' => 'Staff Authentication', + 'default' => true, + 'configuration' => array( + 'desc' => 'Enable authentication of staff members' + ) + )), + 'auth-client' => new BooleanField(array( + 'label' => 'Client Authentication', + 'default' => false, + 'configuration' => array( + 'desc' => 'Enable authentication and discovery of clients' + ) + )), + ); + } + + function pre_save(&$config, &$errors) { + global $msg; + + if (!$errors) + $msg = 'Configuration updated successfully'; + + return true; + } +} From 1ed33fa0af833cb0175a2c65a3be39299a0a6ac5 Mon Sep 17 00:00:00 2001 From: Chefkeks Date: Wed, 17 Sep 2014 13:16:23 +0200 Subject: [PATCH 042/160] Try anonymous bind Here is a request from a forum member which does not like to create a github account, so I created the pull request on behalf for him/her. http://osticket.com/forum/discussion/79234/auth-ldap-and-anonymous-bind --- auth-ldap/authentication.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 29936a34..4a062285 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -171,7 +171,11 @@ function _bind($connection) { unset($pw); return !PEAR::isError($r); } - return false; + else { + // try anonymous bind + $r = $connection->bind(); + return !PEAR::isError($r); + } } function authenticate($username, $password=null) { From 66f7e42561719e3ce95b92a56d2898072dac6867 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Wed, 31 Dec 2014 08:54:49 -0600 Subject: [PATCH 043/160] make: Add PHP compression support This significantly reduces the size of generated PHAR files which should directly influence osTicket request time using such PHAR files. --- make.php | 49 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 32 insertions(+), 17 deletions(-) diff --git a/make.php b/make.php index 8f642a0b..3ba80dab 100644 --- a/make.php +++ b/make.php @@ -4,10 +4,6 @@ class Option { var $default = false; - function Option() { - call_user_func_array(array($this, "__construct"), func_get_args()); - } - function __construct($options=false) { list($this->short, $this->long) = array_slice($options, 0, 2); $this->help = (isset($options['help'])) ? $options['help'] : ""; @@ -92,9 +88,6 @@ function toString() { class OutputStream { var $stream; - function OutputStream() { - call_user_func_array(array($this, '__construct'), func_get_args()); - } function __construct($stream) { $this->stream = fopen($stream, 'w'); } @@ -120,10 +113,6 @@ class Module { var $_options; var $_args; - function Module() { - call_user_func_array(array($this, '__construct'), func_get_args()); - } - function __construct() { $this->options['help'] = array("-h","--help", 'action'=>'store_true', @@ -313,6 +302,10 @@ class PluginBuilder extends Module { key file'), 'verbose' => array('-v','--verbose','help'=> 'Be more verbose','default'=>false, 'action'=>'store_true'), + 'compress' => array('-z', '--compress', 'help' => + 'Compress source files when hydrading and building. Useful for + saving space when building PHAR files', + 'action'=>'store_true', 'default'=>false), ); function run($args, $options) { @@ -326,7 +319,7 @@ function run($args, $options) { $this->_build($plugin, $options); break; case 'hydrate': - $this->_hydrate(); + $this->_hydrate($options); break; default: $this->fail("Unsupported MAKE action. See help"); @@ -355,6 +348,7 @@ function _build($plugin, $options) { $phar->buildFromDirectory($plugin); // Add library dependencies + $phar->stopBuffering(); if (isset($info['requires'])) { $includes = array(); foreach ($info['requires'] as $lib=>$info) { @@ -373,17 +367,27 @@ function _build($plugin, $options) { elseif ($f->isDir()) // Unnecessary continue; - $includes[str_replace($full, $phar_path, $f->getPathname())] - = $f->getPathname(); + $content = ''; + $local = str_replace($full, $phar_path, $f->getPathname()); + if ($options['compress'] && fnmatch('*.php', $f->getPathname())) { + $p = popen('php -w '.realpath($f->getPathname()), 'r'); + while ($b = fread($p, 8192)) + $content .= $b; + fclose($p); + $phar->addFromString($local, $content); + } + else { + $phar->addFile($f->getPathname(), $local); + } } } } - $phar->buildFromIterator(new ArrayIterator($includes)); } $phar->setStub('startBuffering(); } - function _hydrate() { + function _hydrate($options) { $this->resolveDependencies(); // Move things into place @@ -414,7 +418,18 @@ function _hydrate() { $parent = dirname($target); if (!file_exists($parent)) mkdir($parent, 0777, true); - copy($item, $target); + // Compress PHP files + if ($options['compress'] && fnmatch('*.php', $item)) { + $p = popen('php -w '.realpath($item), 'r'); + $T = fopen($target, 'w'); + while ($b = fread($p, 8192)) + fwrite($T, $b); + fclose($p); + fclose($T); + } + else { + copy($item, $target); + } } } } From a829df6cc7d58fb701be5ecd39bedeee348e0b1d Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 26 Mar 2015 12:54:16 -0500 Subject: [PATCH 044/160] ldap: Fix client login under some circumstances --- auth-ldap/authentication.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 29936a34..7c09a710 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -360,13 +360,14 @@ function lookupAndSync($username, $dn) { break; case 'client': $c = $this->getConnection(); - if ('msad' == $this->getSchema($c)) { + if ('msad' == $this->getSchema($c) && stripos($dn, ',dc=') === false) { // The user login DN will be user@domain. We need an LDAP DN // -- fetch the real DN which looks like `CN=blah,DC=` // NOTE: Already bound, so no need to bind again + list($samid) = explode('@', $dn); $r = $c->search( $this->getSearchBase(), - sprintf('userPrincipalName=%s', $dn), + sprintf('(|(userPrincipalName=%s)(samAccountName=%s))', $dn, $samid), $opts); if (!PEAR::isError($r) && $r->count()) $dn = $r->current()->dn(); @@ -380,7 +381,7 @@ function lookupAndSync($username, $dn) { $acct = false; foreach (array($username, $info['username'], $info['email']) as $name) { - if ($acct = ClientAccount::lookupByUsername($name)) + if ($name && ($acct = ClientAccount::lookupByUsername($name))) break; } if (!$acct) From 62fabc1ebca15483ab74495ed0fa6ba3fc8d9187 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 26 Mar 2015 15:10:33 -0500 Subject: [PATCH 045/160] Allow for longer folder names in the storage-fs plugin --- storage-fs/storage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage-fs/storage.php b/storage-fs/storage.php index f330c0cf..625d97f8 100644 --- a/storage-fs/storage.php +++ b/storage-fs/storage.php @@ -84,7 +84,7 @@ function getOptions() { web server. If the path starts with neither a `/` or a drive letter, the path will be assumed to be relative to the root of osTicket', - 'configuration'=>array('size'=>40), + 'configuration'=>array('size'=>60, 'length'=>255), 'required'=>true, )), ); From 01d88cb67eff9070f329c627aee329edf46dd851 Mon Sep 17 00:00:00 2001 From: Kevin O'Connor Date: Wed, 28 May 2014 00:13:27 -0400 Subject: [PATCH 046/160] Add support for CAS authentication --- auth-cas/authentication.php | 32 + auth-cas/cacert.pem | 3866 +++++++++++++++++++++++++++++++++++ auth-cas/cas.php | 156 ++ auth-cas/config.php | 47 + auth-cas/plugin.php | 22 + 5 files changed, 4123 insertions(+) create mode 100644 auth-cas/authentication.php create mode 100644 auth-cas/cacert.pem create mode 100644 auth-cas/cas.php create mode 100644 auth-cas/config.php create mode 100644 auth-cas/plugin.php diff --git a/auth-cas/authentication.php b/auth-cas/authentication.php new file mode 100644 index 00000000..f3a2c722 --- /dev/null +++ b/auth-cas/authentication.php @@ -0,0 +1,32 @@ +getConfig(); + + # ----- Google Plus --------------------- + $enabled = $config->get('cas-enabled'); + if (in_array($enabled, array('all', 'staff'))) { + require_once('cas.php'); + StaffAuthenticationBackend::register( + new CasStaffAuthBackend($this->getConfig())); + } + if (in_array($enabled, array('all', 'client'))) { + require_once('cas.php'); + UserAuthenticationBackend::register( + new CasClientAuthBackend($this->getConfig())); + } + } +} + +require_once(INCLUDE_DIR.'UniversalClassLoader.php'); +use Symfony\Component\ClassLoader\UniversalClassLoader_osTicket; +$loader = new UniversalClassLoader_osTicket(); +$loader->registerNamespaceFallbacks(array( + dirname(__file__).'/lib')); +$loader->register(); diff --git a/auth-cas/cacert.pem b/auth-cas/cacert.pem new file mode 100644 index 00000000..9794dfb7 --- /dev/null +++ b/auth-cas/cacert.pem @@ -0,0 +1,3866 @@ +## +## ca-bundle.crt -- Bundle of CA Root Certificates +## +## Certificate data from Mozilla as of: Tue Apr 22 08:29:31 2014 +## +## This is a bundle of X.509 certificates of public Certificate Authorities +## (CA). These were automatically extracted from Mozilla's root certificates +## file (certdata.txt). This file can be found in the mozilla source tree: +## http://mxr.mozilla.org/mozilla-release/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1 +## +## It contains the certificates in PEM format and therefore +## can be directly used with curl / libcurl / php_curl, or with +## an Apache+mod_ssl webserver for SSL client authentication. +## Just configure this file as the SSLCACertificateFile. +## + + +GTE CyberTrust Global Root +========================== +-----BEGIN CERTIFICATE----- +MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUg +Q29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5jLjEjMCEG +A1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEz +MjM1OTAwWjB1MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQL +Ex5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0 +IEdsb2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrHiM3dFw4u +sJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTSr41tiGeA5u2ylc9yMcql +HHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X404Wqk2kmhXBIgD8SFcd5tB8FLztimQID +AQABMA0GCSqGSIb3DQEBBAUAA4GBAG3rGwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMW +M4ETCJ57NE7fQMh017l93PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OF +NMQkpw0PlZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ +-----END CERTIFICATE----- + +Thawte Server CA +================ +-----BEGIN CERTIFICATE----- +MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT +DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3Vs +dGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UE +AxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5j +b20wHhcNOTYwODAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNV +BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29u +c3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcG +A1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0 +ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl +/Kj0R1HahbUgdJSGHg91yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg7 +1CcEJRCXL+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGjEzAR +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG7oWDTSEwjsrZqG9J +GubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6eQNuozDJ0uW8NxuOzRAvZim+aKZuZ +GCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZqdq5snUb9kLy78fyGPmJvKP/iiMucEc= +-----END CERTIFICATE----- + +Thawte Premium Server CA +======================== +-----BEGIN CERTIFICATE----- +MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkExFTATBgNVBAgT +DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3Vs +dGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UE +AxMYVGhhd3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZl +ckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYT +AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU +VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2 +aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3DQEJARYZ +cHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2 +aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIh +Udib0GfQug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMRuHM/ +qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAm +SCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUIhfzJATj/Tb7yFkJD57taRvvBxhEf +8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JMpAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7t +UCemDaYj+bvLpgcUQg== +-----END CERTIFICATE----- + +Equifax Secure CA +================= +-----BEGIN CERTIFICATE----- +MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE +ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 +MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT +B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR +fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW +8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG +A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE +CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG +A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS +spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB +Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961 +zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB +BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95 +70+sB3c4 +-----END CERTIFICATE----- + +Verisign Class 3 Public Primary Certification Authority +======================================================= +-----BEGIN CERTIFICATE----- +MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMx +FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5 +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVow +XzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAz +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94 +f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Ol +hec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBALtMEivPLCYA +TxQT3ab7/AoRhIzzKBxnki98tsX63/Dolbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59Ah +WM1pF+NEHJwZRDmJXNycAA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2Omuf +Tqj/ZA1k +-----END CERTIFICATE----- + +Verisign Class 3 Public Primary Certification Authority - G2 +============================================================ +-----BEGIN CERTIFICATE----- +MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYTAlVT +MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFy +eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz +dCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVT +MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFy +eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz +dCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCO +FoUgRm1HP9SFIIThbbP4pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71 +lSk8UOg013gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwIDAQAB +MA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSkU01UbSuvDV1Ai2TT +1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7iF6YM40AIOw7n60RzKprxaZLvcRTD +Oaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpYoJ2daZH9 +-----END CERTIFICATE----- + +GlobalSign Root CA +================== +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx +GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds +b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV +BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD +VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa +DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc +THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb +Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP +c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX +gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF +AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj +Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG +j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH +hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC +X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- + +GlobalSign Root CA - R2 +======================= +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4GA1UECxMXR2xv +YmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh +bFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT +aWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6 +ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozp +s6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjN +S7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CL +TfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6C +ygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUm+IHV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9i +YWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjAN +BgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp +9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu +01yiPqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7 +9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- + +ValiCert Class 1 VA +=================== +-----BEGIN CERTIFICATE----- +MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRp +b24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs +YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZh +bGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIy +MjM0OFoXDTE5MDYyNTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0 +d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEg +UG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0 +LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9YLqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIi +GQj4/xEjm84H9b9pGib+TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCm +DuJWBQ8YTfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0LBwG +lN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLWI8sogTLDAHkY7FkX +icnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPwnXS3qT6gpf+2SQMT2iLM7XGCK5nP +Orf1LXLI +-----END CERTIFICATE----- + +ValiCert Class 2 VA +=================== +-----BEGIN CERTIFICATE----- +MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRp +b24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs +YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZh +bGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAw +MTk1NFoXDTE5MDYyNjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0 +d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIg +UG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0 +LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDOOnHK5avIWZJV16vYdA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVC +CSRrCl6zfN1SLUzm1NZ9WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7Rf +ZHM047QSv4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9vUJSZ +SWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTuIYEZoDJJKPTEjlbV +UjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwCW/POuZ6lcg5Ktz885hZo+L7tdEy8 +W9ViH0Pd +-----END CERTIFICATE----- + +RSA Root Certificate 1 +====================== +-----BEGIN CERTIFICATE----- +MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRp +b24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs +YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZh +bGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAw +MjIzM1oXDTE5MDYyNjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0 +d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMg +UG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0 +LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDjmFGWHOjVsQaBalfDcnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td +3zZxFJmP3MKS8edgkpfs2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89H +BFx1cQqYJJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliEZwgs +3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJn0WuPIqpsHEzXcjF +V9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/APhmcGcwTTYJBtYze4D1gCCAPRX5r +on+jjBXu +-----END CERTIFICATE----- + +Verisign Class 3 Public Primary Certification Authority - G3 +============================================================ +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv +cmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy +dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhv +cml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMu6nFL8eB8aHm8bN3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1 +EUGO+i2tKmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGukxUc +cLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBmCC+Vk7+qRy+oRpfw +EuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJXwzw3sJ2zq/3avL6QaaiMxTJ5Xpj +055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWuimi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +ERSWwauSCPc/L8my/uRan2Te2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5f +j267Cz3qWhMeDGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565pF4ErWjfJXir0 +xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGtTxzhT5yvDwyd93gN2PQ1VoDa +t20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== +-----END CERTIFICATE----- + +Verisign Class 4 Public Primary Certification Authority - G3 +============================================================ +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv +cmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy +dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhv +cml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDQgUHVibGljIFByaW1hcnkg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAK3LpRFpxlmr8Y+1GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaS +tBO3IFsJ+mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0GbdU6LM +8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLmNxdLMEYH5IBtptiW +Lugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XYufTsgsbSPZUd5cBPhMnZo0QoBmrX +Razwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA +j/ola09b5KROJ1WrIhVZPMq1CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXtt +mhwwjIDLk5Mqg6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm +fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c2NU8Qh0XwRJd +RTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/bLvSHgCwIe34QWKCudiyxLtG +UPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg== +-----END CERTIFICATE----- + +Entrust.net Secure Server CA +============================ +-----BEGIN CERTIFICATE----- +MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMCVVMxFDASBgNV +BAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5uZXQvQ1BTIGluY29ycC4gYnkg +cmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRl +ZDE6MDgGA1UEAxMxRW50cnVzdC5uZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eTAeFw05OTA1MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIG +A1UEChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBi +eSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1p +dGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQ +aO2f55M28Qpku0f1BBc/I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5 +gXpa0zf3wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OCAdcw +ggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHboIHYpIHVMIHSMQsw +CQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5l +dC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF +bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu +dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0MFqBDzIwMTkw +NTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX8+1i0Bow +HQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAaMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EA +BAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyN +Ewr75Ji174z4xRAN95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9 +n9cd2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI= +-----END CERTIFICATE----- + +Entrust.net Premium 2048 Secure Server CA +========================================= +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u +ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp +bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV +BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx +NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3 +d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl +MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u +ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL +Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr +hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW +nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi +VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ +KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy +T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT +J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e +nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- + +Baltimore CyberTrust Root +========================= +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE +ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li +ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC +SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs +dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME +uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB +UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C +G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9 +XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr +l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI +VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB +BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh +cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5 +hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa +Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H +RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- + +Equifax Secure Global eBusiness CA +================================== +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT +RXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBTZWN1cmUgR2xvYmFsIGVCdXNp +bmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIwMDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMx +HDAaBgNVBAoTE0VxdWlmYXggU2VjdXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEds +b2JhbCBlQnVzaW5lc3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRV +PEnCUdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc58O/gGzN +qfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/o5brhTMhHD4ePmBudpxn +hcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAHMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j +BBgwFoAUvqigdHJQa0S3ySPY+6j/s1draGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hs +MA0GCSqGSIb3DQEBBAUAA4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okEN +I7SS+RkAZ70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv8qIY +NMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV +-----END CERTIFICATE----- + +Equifax Secure eBusiness CA 1 +============================= +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT +RXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNzIENB +LTEwHhcNOTkwNjIxMDQwMDAwWhcNMjAwNjIxMDQwMDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UE +ChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNz +IENBLTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fek6lfWg0XTzQaDJj0ItlZ +1MRoRvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5/VGcqiTZ9J2DKocKIdMSODRsjQBuWqDZQu4a +IZX5UkxVWsUPOE9G+m34LjXWHXzr4vCwdYDIqROsvojvOm6rXyo4YgKwEnv+j6YDAgMBAAGjZjBk +MBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEp4MlIR21kW +Nl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRKeDJSEdtZFjZe38EUNkBqR3xMoTANBgkqhkiG9w0BAQQF +AAOBgQB1W6ibAxHm6VZMzfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5 +lSE/9dR+WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN/Bf+ +KpYrtWKmpj29f5JZzVoqgrI3eQ== +-----END CERTIFICATE----- + +AddTrust Low-Value Services Root +================================ +-----BEGIN CERTIFICATE----- +MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRU +cnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQsw +CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBO +ZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ulCDtbKRY6 +54eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0/7Gcrjyvd7ZWxbWr +oulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1 +Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJui +GMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8w +HQYDVR0OBBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTAD +AQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBlMQswCQYDVQQGEwJT +RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEw +HwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxt +ZBsfzQ3duQH6lmM0MkhHma6X7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0Ph +iVYrqW9yTkkz43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY +eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJlpz/+0WatC7xr +mYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vj +ccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= +-----END CERTIFICATE----- + +AddTrust External Root +====================== +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYD +VQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEw +NDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRU +cnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0Eg +Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821 ++iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfw +Tz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmo +aSYYkKtMsE8jqzpPhNjfzp/haW+710LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy +2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv7 +7+ldU9U0WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0P +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTL +VBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRk +VHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENB +IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl +j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4TDea9Y355 +e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4u +G+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- + +AddTrust Public Services Root +============================= +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSAwHgYDVQQDExdBZGRU +cnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAxMDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJ +BgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5l +dHdvcmsxIDAeBgNVBAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV6tsfSlbu +nyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nXGCwwfQ56HmIexkvA/X1i +d9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnPdzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSG +Aa2Il+tmzV7R/9x98oTaunet3IAIx6eH1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAw +HM+A+WD+eeSI8t0A65RF62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0G +A1UdDgQWBBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29yazEgMB4G +A1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4 +JNojVhaTdt02KLmuG7jD8WS6IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL ++YPoRNWyQSW/iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao +GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh4SINhwBk/ox9 +Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQmXiLsks3/QppEIW1cxeMiHV9H +EufOX1362KqxMy3ZdvJOOjMMK7MtkAY= +-----END CERTIFICATE----- + +AddTrust Qualified Certificates Root +==================================== +-----BEGIN CERTIFICATE----- +MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSMwIQYDVQQDExpBZGRU +cnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcx +CzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQ +IE5ldHdvcmsxIzAhBgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx +64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3 +KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1tUvznoD1o +L/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GR +wVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HU +MIHRMB0GA1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6FrpGkwZzELMAkGA1UE +BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29y +azEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlmaWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBABmrder4i2VhlRO6aQTvhsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxG +GuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X +dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3P6CxB9bpT9ze +RXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDB +iFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5noxqE= +-----END CERTIFICATE----- + +Entrust Root Certification Authority +==================================== +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV +BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw +b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG +A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0 +MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu +MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu +Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v +dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz +A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww +Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68 +j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN +rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1 +MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH +hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM +Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa +v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS +W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0 +tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- + +RSA Security 2048 v3 +==================== +-----BEGIN CERTIFICATE----- +MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6MRkwFwYDVQQK +ExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJpdHkgMjA0OCBWMzAeFw0wMTAy +MjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAXBgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAb +BgNVBAsTFFJTQSBTZWN1cml0eSAyMDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAt49VcdKA3XtpeafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7 +Jylg/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGlwSMiuLgb +WhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnhAMFRD0xS+ARaqn1y07iH +KrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP ++Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpuAWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4E +FgQUB8NRMKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYcHnmY +v/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/Zb5gEydxiKRz44Rj +0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+f00/FGj1EVDVwfSQpQgdMWD/YIwj +VAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVOrSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395 +nzIlQnQFgCi/vcEkllgVsRch6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kA +pKnXwiJPZ9d37CAFYd4= +-----END CERTIFICATE----- + +GeoTrust Global CA +================== +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQw +MDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j +LjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjo +BbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet +8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+Vc +T4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagU +vTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVk +DBF9qn1luMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57Q +zxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4 +d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2 +mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6p +XE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm +Mw== +-----END CERTIFICATE----- + +GeoTrust Global CA 2 +==================== +-----BEGIN CERTIFICATE----- +MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN +R2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwHhcNMDQwMzA0MDUw +MDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j +LjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDvPE1APRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/ +NTL8Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hLTytCOb1k +LUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL5mkWRxHCJ1kDs6ZgwiFA +Vvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7S4wMcoKK+xfNAGw6EzywhIdLFnopsk/b +HdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNH +K266ZUapEBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6tdEPx7 +srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv/NgdRN3ggX+d6Yvh +ZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywNA0ZF66D0f0hExghAzN4bcLUprbqL +OzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkC +x1YAzUm5s2x7UwQa4qjJqhIFI8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqF +H4z1Ir+rzoPz4iIprn2DQKi6bA== +-----END CERTIFICATE----- + +GeoTrust Universal CA +===================== +-----BEGIN CERTIFICATE----- +MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN +R2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVyc2FsIENBMB4XDTA0MDMwNDA1 +MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu +Yy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAKYVVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9t +JPi8cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTTQjOgNB0e +RXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFhF7em6fgemdtzbvQKoiFs +7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2vc7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d +8Lsrlh/eezJS/R27tQahsiFepdaVaH/wmZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7V +qnJNk22CDtucvc+081xdVHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3Cga +Rr0BHdCXteGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZf9hB +Z3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfReBi9Fi1jUIxaS5BZu +KGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+nhutxx9z3SxPGWX9f5NAEC7S8O08 +ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0 +XG0D08DYj3rWMB8GA1UdIwQYMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIB +hjANBgkqhkiG9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc +aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fXIwjhmF7DWgh2 +qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzynANXH/KttgCJwpQzgXQQpAvvL +oJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0zuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsK +xr2EoyNB3tZ3b4XUhRxQ4K5RirqNPnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxF +KyDuSN/n3QmOGKjaQI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2 +DFKWkoRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9ER/frslK +xfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQtDF4JbAiXfKM9fJP/P6EU +p8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6ZKy7PtXny3YuxadIwVyQD8vI +P/rmMuGNG2+k5o7Y+SlIis5z/iw= +-----END CERTIFICATE----- + +GeoTrust Universal CA 2 +======================= +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN +R2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwHhcNMDQwMzA0 +MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg +SW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0 +DE81WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUGFF+3Qs17 +j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdqXbboW0W63MOhBW9Wjo8Q +JqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxLse4YuU6W3Nx2/zu+z18DwPw76L5GG//a +QMJS9/7jOvdqdzXQ2o3rXhhqMcceujwbKNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2 +WP0+GfPtDCapkzj4T8FdIgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP +20gaXT73y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRthAAn +ZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgocQIgfksILAAX/8sgC +SqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4Lt1ZrtmhN79UNdxzMk+MBB4zsslG +8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2 ++/CfXGJx7Tz0RzgQKzAfBgNVHSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8E +BAMCAYYwDQYJKoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z +dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQL1EuxBRa3ugZ +4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgrFg5fNuH8KrUwJM/gYwx7WBr+ +mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSoag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpq +A1Ihn0CoZ1Dy81of398j9tx4TuaYT1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpg +Y+RdM4kX2TGq2tbzGDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiP +pm8m1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJVOCiNUW7d +FGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH6aLcr34YEoP9VhdBLtUp +gn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSLakhT2+zNVVXxxvjpoixMptEm +X36vWkzaH6byHCx+rgIW0lbQL1dTR+iS +-----END CERTIFICATE----- + +America Online Root Certification Authority 1 +============================================= +-----BEGIN CERTIFICATE----- +MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT +QW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkG +A1UEBhMCVVMxHDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2Eg +T25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lkhsmj76CG +v2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym1BW32J/X3HGrfpq/m44z +DyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsWOqMFf6Dch9Wc/HKpoH145LcxVR5lu9Rh +sCFg7RAycsWSJR74kEoYeEfffjA3PlAb2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP +8c9GsEsPPt2IYriMqQkoO3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAUAK3Z +o/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQB8itEf +GDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkFZu90821fnZmv9ov761KyBZiibyrF +VL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAbLjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft +3OJvx8Fi8eNy1gTIdGcL+oiroQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43g +Kd8hdIaC2y+CMMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds +sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7 +-----END CERTIFICATE----- + +America Online Root Certification Authority 2 +============================================= +-----BEGIN CERTIFICATE----- +MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT +QW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkG +A1UEBhMCVVMxHDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2Eg +T25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC206B89en +fHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFciKtZHgVdEglZTvYYUAQv8 +f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2JxhP7JsowtS013wMPgwr38oE18aO6lhO +qKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JN +RvCAOVIyD+OEsnpD8l7eXz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0 +gBe4lL8BPeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67Xnfn +6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEqZ8A9W6Wa6897Gqid +FEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZo2C7HK2JNDJiuEMhBnIMoVxtRsX6 +Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3+L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnj +B453cMor9H124HhnAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3Op +aaEg5+31IqEjFNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmnxPBUlgtk87FY +T15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2LHo1YGwRgJfMqZJS5ivmae2p ++DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzcccobGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXg +JXUjhx5c3LqdsKyzadsXg8n33gy8CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//Zoy +zH1kUQ7rVyZ2OuMeIjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgO +ZtMADjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2FAjgQ5ANh +1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUXOm/9riW99XJZZLF0Kjhf +GEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPbAZO1XB4Y3WRayhgoPmMEEf0cjQAPuDff +Z4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQlZvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuP +cX/9XhmgD0uRuMRUvAawRY8mkaKO/qk= +-----END CERTIFICATE----- + +Visa eCommerce Root +=================== +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQG +EwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2Ug +QXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2 +WhcNMjIwNjI0MDAxNjEyWjBrMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMm +VmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv +bW1lcmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h2mCxlCfL +F9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4ElpF7sDPwsRROEW+1QK8b +RaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdVZqW1LS7YgFmypw23RuwhY/81q6UCzyr0 +TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI +/k4+oKsGGelT84ATB+0tvz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzs +GHxBvfaLdXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG +MB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUFAAOCAQEAX/FBfXxc +CLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcRzCSs00Rsca4BIGsDoo8Ytyk6feUW +YFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pz +zkWKsKZJ/0x9nXGIxHYdkFsd7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBu +YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt +398znM/jra6O1I7mT1GvFpLgXPYHDw== +-----END CERTIFICATE----- + +Certum Root CA +============== +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQK +ExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQTAeFw0wMjA2MTExMDQ2Mzla +Fw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8u +by4xEjAQBgNVBAMTCUNlcnR1bSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6x +wS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdL +kKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ +89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/K +Uz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu/qpGWX7P +NSzVttpd90gzFFS269lvzs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQUFAAOCAQEAuI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+ +GXYkHAQaTOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvg +GrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqTE5s7FCMTY5w/ +0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5xO/fIR/RpbxXyEV6DHpx8Uq79AtoS +qFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs6GAqm4VKQPNriiTsBhYscw== +-----END CERTIFICATE----- + +Comodo AAA Services root +======================== +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS +R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg +TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw +MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl +c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV +BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG +C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs +i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW +Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH +Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK +Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f +BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl +cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz +LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm +7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z +8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C +12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- + +Comodo Secure Services root +=========================== +-----BEGIN CERTIFICATE----- +MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS +R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg +TGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAw +MDAwMFoXDTI4MTIzMTIzNTk1OVowfjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu +Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAi +BgNVBAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPMcm3ye5drswfxdySRXyWP +9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3SHpR7LZQdqnXXs5jLrLxkU0C8j6ysNstc +rbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rC +oznl2yY4rYsK7hljxxwk3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3V +p6ea5EQz6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNVHQ4E +FgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w +gYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL1NlY3VyZUNlcnRpZmlj +YXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRwOi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlm +aWNhdGVTZXJ2aWNlcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm +4J4oqF7Tt/Q05qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj +Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtIgKvcnDe4IRRL +DXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJaD61JlfutuC23bkpgHl9j6Pw +pCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDlizeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1H +RR3B7Hzs/Sk= +-----END CERTIFICATE----- + +Comodo Trusted Services root +============================ +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS +R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg +TGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEw +MDAwMDBaFw0yODEyMzEyMzU5NTlaMH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1h +bmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUw +IwYDVQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWWfnJSoBVC21ndZHoa0Lh7 +3TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMtTGo87IvDktJTdyR0nAducPy9C1t2ul/y +/9c3S0pgePfw+spwtOpZqqPOSC+pw7ILfhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6 +juljatEPmsbS9Is6FARW1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsS +ivnkBbA7kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0GA1Ud +DgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21vZG9jYS5jb20vVHJ1c3RlZENlcnRp +ZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRodHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENl +cnRpZmljYXRlU2VydmljZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8Ntw +uleGFTQQuS9/HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32 +pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxISjBc/lDb+XbDA +BHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+xqFx7D+gIIxmOom0jtTYsU0l +R+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/AtyjcndBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O +9y5Xt5hwXsjEeLBi +-----END CERTIFICATE----- + +QuoVadis Root CA +================ +-----BEGIN CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJCTTEZMBcGA1UE +ChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAz +MTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp +cyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQD +EyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMuk +J0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtL +F8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeL +YzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWen +AScOospUxbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4w +PQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y +ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAABMIH7 +MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmlj +YXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs +ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYIKwYBBQUHAgEW +Fmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGu +BgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkw +FwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6 +tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lo +fFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuul +LsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2x +gI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi +5upZIof4l/UO/erMkqQWxFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi +5nrQNiOKSnQ2+Q== +-----END CERTIFICATE----- + +QuoVadis Root CA 2 +================== +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx +ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6 +XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk +lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB +lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy +lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt +66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn +wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh +D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy +BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie +J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud +DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU +a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv +Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3 +UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm +VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK ++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW +IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1 +WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X +f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II +4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8 +VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- + +QuoVadis Root CA 3 +================== +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx +OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg +DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij +KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K +DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv +BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp +p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8 +nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX +MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM +Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz +uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT +BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj +YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB +BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD +VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4 +ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE +AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV +qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s +hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z +POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2 +Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp +8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC +bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu +g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p +vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr +qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- + +Security Communication Root CA +============================== +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP +U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw +HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP +U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw +8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM +DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX +5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd +DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2 +JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g +0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a +mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ +s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ +6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi +FL39vmwLAw== +-----END CERTIFICATE----- + +Sonera Class 2 Root CA +====================== +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEPMA0GA1UEChMG +U29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQw +NjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJh +IENsYXNzMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3 +/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybT +dXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMG +f+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8P +tOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURrBGAgcVeH +nfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITT +XjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt +0jSv9zilzqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEI +cbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr450kkkdAdavph +Oe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6Tk6ezAyNlNzZRZxe7EJQY670XcSx +EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH +llpwrN9M +-----END CERTIFICATE----- + +Staat der Nederlanden Root CA +============================= +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJOTDEeMBwGA1UE +ChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFhdCBkZXIgTmVkZXJsYW5kZW4g +Um9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEyMTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4w +HAYDVQQKExVTdGFhdCBkZXIgTmVkZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxh +bmRlbiBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFt +vsznExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw719tV2U02P +jLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MOhXeiD+EwR+4A5zN9RGca +C1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+UtFE5A3+y3qcym7RHjm+0Sq7lr7HcsBth +vJly3uSJt3omXdozSVtSnA71iq3DuD3oBmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn6 +22r+I/q85Ej0ZytqERAhSQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRV +HSAAMDwwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMvcm9v +dC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA7Jbg0zTBLL9s+DAN +BgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k/rvuFbQvBgwp8qiSpGEN/KtcCFtR +EytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzmeafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbw +MVcoEoJz6TMvplW0C5GUR5z6u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3y +nGQI0DvDKcWy7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR +iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw== +-----END CERTIFICATE----- + +TDC Internet Root CA +==================== +-----BEGIN CERTIFICATE----- +MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJESzEVMBMGA1UE +ChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTAeFw0wMTA0MDUx +NjMzMTdaFw0yMTA0MDUxNzAzMTdaMEMxCzAJBgNVBAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJu +ZXQxHTAbBgNVBAsTFFREQyBJbnRlcm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxLhAvJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20j +xsNuZp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a0vnRrEvL +znWv3Hv6gXPU/Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc14izbSysseLlJ28TQx5yc +5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGNeGlVRGn1ypYcNIUXJXfi9i8nmHj9eQY6 +otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcDR0G2l8ktCkEiu7vmpwIDAQABo4IBJTCCASEwEQYJYIZI +AYb4QgEBBAQDAgAHMGUGA1UdHwReMFwwWqBYoFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMM +VERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxMEQ1JM +MTArBgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3WjALBgNVHQ8EBAMC +AQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAwHQYDVR0OBBYEFGxkAcf9hW2syNqe +UAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8wHQYJKoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0G +CSqGSIb3DQEBBQUAA4IBAQBOQ8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540m +gwV5dOy0uaOXwTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKsLtB9KOy282A4aW8+ +2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7TmHnaCB4Mb7j4Fifvwm899qNLPg7kbWzb +O0ESm70NRyN/PErQr8Cv9u8btRXE64PECV90i9kR+8JWsTz4cMo0jUNAE4z9mQNUecYu6oah9jrU +Cbz0vGbMPVjQV0kK7iXiQe4T+Zs4NNEA9X7nlB38aQNiuJkFBT1reBK9sG9l +-----END CERTIFICATE----- + +UTN DATACorp SGC Root CA +======================== +-----BEGIN CERTIFICATE----- +MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UE +BhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhl +IFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZ +BgNVBAMTElVUTiAtIERBVEFDb3JwIFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBa +MIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4w +HAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRy +dXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ys +raP6LnD43m77VkIVni5c7yPeIbkFdicZD0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlo +wHDyUwDAXlCCpVZvNvlK4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA +9P4yPykqlXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulWbfXv +33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQABo4GrMIGoMAsGA1Ud +DwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRTMtGzz3/64PGgXYVOktKeRR20TzA9 +BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dD +LmNybDAqBgNVHSUEIzAhBggrBgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3 +DQEBBQUAA4IBAQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft +Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyjj98C5OBxOvG0 +I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVHKWss5nbZqSl9Mt3JNjy9rjXx +EZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwP +DPafepE39peC4N1xaf92P2BNPM/3mfnGV/TJVTl4uix5yaaIK/QI +-----END CERTIFICATE----- + +UTN USERFirst Hardware Root CA +============================== +-----BEGIN CERTIFICATE----- +MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UE +BhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhl +IFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAd +BgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgx +OTIyWjCBlzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0 +eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVz +ZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlI +wrthdBKWHTxqctU8EGc6Oe0rE81m65UJM6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFd +tqdt++BxF2uiiPsA3/4aMXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8 +i4fDidNdoI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqIDsjf +Pe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9KsyoUhbAgMBAAGjgbkw +gbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKFyXyYbKJhDlV0HN9WF +lp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNF +UkZpcnN0LUhhcmR3YXJlLmNybDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUF +BwMGBggrBgEFBQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM +//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28GpgoiskliCE7/yMgUsogW +XecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gECJChicsZUN/KHAG8HQQZexB2 +lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kn +iCrVWFCVH/A7HFe7fRQ5YiuayZSSKqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67 +nfhmqA== +-----END CERTIFICATE----- + +Camerfirma Chambers of Commerce Root +==================================== +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe +QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i +ZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAx +NjEzNDNaFw0zNzA5MzAxNjEzNDRaMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZp +cm1hIFNBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3Jn +MSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0BAQEFAAOC +AQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtbunXF/KGIJPov7coISjlU +xFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0dBmpAPrMMhe5cG3nCYsS4No41XQEMIwRH +NaqbYE6gZj3LJgqcQKH0XZi/caulAGgq7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jW +DA+wWFjbw2Y3npuRVDM30pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFV +d9oKDMyXroDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIGA1Ud +EwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5jaGFtYmVyc2lnbi5v +cmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p26EpW1eLTXYGduHRooowDgYDVR0P +AQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hh +bWJlcnNpZ24ub3JnMCcGA1UdEgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYD +VR0gBFEwTzBNBgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz +aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAAxBl8IahsAi +fJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZdp0AJPaxJRUXcLo0waLIJuvvD +L8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wN +UPf6s+xCX6ndbcj0dc97wXImsQEcXCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/n +ADydb47kMgkdTXg0eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1 +erfutGWaIZDgqtCYvDi1czyL+Nw= +-----END CERTIFICATE----- + +Camerfirma Global Chambersign Root +================================== +-----BEGIN CERTIFICATE----- +MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe +QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i +ZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYx +NDE4WhcNMzcwOTMwMTYxNDE4WjB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJt +YSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEg +MB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAw +ggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0Mi+ITaFgCPS3CU6gSS9J +1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/sQJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8O +by4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpVeAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl +6DJWk0aJqCWKZQbua795B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c +8lCrEqWhz0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0TAQH/ +BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1iZXJzaWduLm9yZy9j +aGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4wTcbOX60Qq+UDpfqpFDAOBgNVHQ8B +Af8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBj +aGFtYmVyc2lnbi5vcmcwKgYDVR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9y +ZzBbBgNVHSAEVDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh +bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0BAQUFAAOCAQEA +PDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUMbKGKfKX0j//U2K0X1S0E0T9Y +gOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXiryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJ +PJ7oKXqJ1/6v/2j1pReQvayZzKWGVwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4 +IBHNfTIzSJRUTN3cecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREes +t2d/AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== +-----END CERTIFICATE----- + +NetLock Notary (Class A) Root +============================= +-----BEGIN CERTIFICATE----- +MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQI +EwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6 +dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9j +ayBLb3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oX +DTE5MDIxOTIzMTQ0N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQH +EwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYD +VQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFz +cyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSM +D7tM9DceqQWC2ObhbHDqeLVu0ThEDaiDzl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZ +z+qMkjvN9wfcZnSX9EUi3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC +/tmwqcm8WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LYOph7 +tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2EsiNCubMvJIH5+hCoR6 +4sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCCApswDgYDVR0PAQH/BAQDAgAGMBIG +A1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaC +Ak1GSUdZRUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pv +bGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu +IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2Vn +LWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0 +ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFz +IGxlaXJhc2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBh +IGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVu +b3J6ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1YW5jZSBh +bmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sg +Q1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFp +bCBhdCBjcHNAbmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5 +ayZrU3/b39/zcT0mwBQOxmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjP +ytoUMaFP0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQQeJB +CWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxkf1qbFFgBJ34TUMdr +KuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK8CtmdWOMovsEPoMOmzbwGOQmIMOM +8CgHrTwXZoi1/baI +-----END CERTIFICATE----- + +NetLock Business (Class B) Root +=============================== +-----BEGIN CERTIFICATE----- +MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCSFUxETAPBgNVBAcT +CEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0b25zYWdpIEtmdC4xGjAYBgNV +BAsTEVRhbnVzaXR2YW55a2lhZG9rMTIwMAYDVQQDEylOZXRMb2NrIFV6bGV0aSAoQ2xhc3MgQikg +VGFudXNpdHZhbnlraWFkbzAeFw05OTAyMjUxNDEwMjJaFw0xOTAyMjAxNDEwMjJaMIGZMQswCQYD +VQQGEwJIVTERMA8GA1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRv +bnNhZ2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxMjAwBgNVBAMTKU5ldExvY2sg +VXpsZXRpIChDbGFzcyBCKSBUYW51c2l0dmFueWtpYWRvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCx6gTsIKAjwo84YM/HRrPVG/77uZmeBNwcf4xKgZjupNTKihe5In+DCnVMm8Bp2GQ5o+2S +o/1bXHQawEfKOml2mrriRBf8TKPV/riXiK+IA4kfpPIEPsgHC+b5sy96YhQJRhTKZPWLgLViqNhr +1nGTLbO/CVRY7QbrqHvcQ7GhaQIDAQABo4ICnzCCApswEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNV +HQ8BAf8EBAMCAAYwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZ +RUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRh +dGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQuIEEgaGl0 +ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRv +c2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUg +YXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJh +c2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBz +Oi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6ZXNA +bmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQgdGhl +IHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sgQ1BTIGF2 +YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBj +cHNAbmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4GBAATbrowXr/gOkDFOzT4JwG06sPgzTEdM +43WIEJessDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXan3BukxowOR0w2y7jfLKR +stE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKSNitjrFgBazMpUIaD8QFI +-----END CERTIFICATE----- + +NetLock Express (Class C) Root +============================== +-----BEGIN CERTIFICATE----- +MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUxETAPBgNVBAcT +CEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0b25zYWdpIEtmdC4xGjAYBgNV +BAsTEVRhbnVzaXR2YW55a2lhZG9rMTQwMgYDVQQDEytOZXRMb2NrIEV4cHJlc3N6IChDbGFzcyBD +KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNTE0MDgxMVoXDTE5MDIyMDE0MDgxMVowgZsxCzAJ +BgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6 +dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE0MDIGA1UEAxMrTmV0TG9j +ayBFeHByZXNzeiAoQ2xhc3MgQykgVGFudXNpdHZhbnlraWFkbzCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA6+ywbGGKIyWvYCDj2Z/8kwvbXY2wobNAOoLO/XXgeDIDhlqGlZHtU/qdQPzm6N3Z +W3oDvV3zOwzDUXmbrVWg6dADEK8KuhRC2VImESLH0iDMgqSaqf64gXadarfSNnU+sYYJ9m5tfk63 +euyucYT2BDMIJTLrdKwWRMbkQJMdf60CAwEAAaOCAp8wggKbMBIGA1UdEwEB/wQIMAYBAf8CAQQw +DgYDVR0PAQH/BAQDAgAGMBEGCWCGSAGG+EIBAQQEAwIABzCCAmAGCWCGSAGG+EIBDQSCAlEWggJN +RklHWUVMRU0hIEV6ZW4gdGFudXNpdHZhbnkgYSBOZXRMb2NrIEtmdC4gQWx0YWxhbm9zIFN6b2xn +YWx0YXRhc2kgRmVsdGV0ZWxlaWJlbiBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0LiBB +IGhpdGVsZXNpdGVzIGZvbHlhbWF0YXQgYSBOZXRMb2NrIEtmdC4gdGVybWVrZmVsZWxvc3NlZy1i +aXp0b3NpdGFzYSB2ZWRpLiBBIGRpZ2l0YWxpcyBhbGFpcmFzIGVsZm9nYWRhc2FuYWsgZmVsdGV0 +ZWxlIGF6IGVsb2lydCBlbGxlbm9yemVzaSBlbGphcmFzIG1lZ3RldGVsZS4gQXogZWxqYXJhcyBs +ZWlyYXNhIG1lZ3RhbGFsaGF0byBhIE5ldExvY2sgS2Z0LiBJbnRlcm5ldCBob25sYXBqYW4gYSBo +dHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIGNpbWVuIHZhZ3kga2VyaGV0byBheiBlbGxlbm9y +emVzQG5ldGxvY2submV0IGUtbWFpbCBjaW1lbi4gSU1QT1JUQU5UISBUaGUgaXNzdWFuY2UgYW5k +IHRoZSB1c2Ugb2YgdGhpcyBjZXJ0aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIHRoZSBOZXRMb2NrIENQ +UyBhdmFpbGFibGUgYXQgaHR0cHM6Ly93d3cubmV0bG9jay5uZXQvZG9jcyBvciBieSBlLW1haWwg +YXQgY3BzQG5ldGxvY2submV0LjANBgkqhkiG9w0BAQQFAAOBgQAQrX/XDDKACtiG8XmYta3UzbM2 +xJZIwVzNmtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2gpO0u9f38vf5NNwgMvOOW +gyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4Fp1hBWeAyNDYpQcCNJgEjTME1A== +-----END CERTIFICATE----- + +XRamp Global CA Root +==================== +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE +BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj +dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx +HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg +U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu +IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx +foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE +zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs +AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry +xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap +oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC +AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc +/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n +nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz +8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- + +Go Daddy Class 2 CA +=================== +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY +VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG +A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g +RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD +ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv +2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32 +qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j +YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY +vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O +BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o +atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu +MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim +PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt +I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI +Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b +vZ8= +-----END CERTIFICATE----- + +Starfield Class 2 CA +==================== +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc +U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo +MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG +A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG +SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY +bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ +JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm +epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN +F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF +MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f +hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo +bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs +afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM +PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD +KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3 +QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- + +StartCom Certification Authority +================================ +-----BEGIN CERTIFICATE----- +MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN +U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu +ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0 +NjM2WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk +LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg +U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y +o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/ +Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d +eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt +2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z +6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ +osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/ +untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc +UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT +37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE +FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0 +Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNj +YS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUH +AgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRw +Oi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYg +U3RhcnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5 +LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENl +cnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3Rh +cnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilT +dGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC +AgEAFmyZ9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8jhvh +3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUWFjgKXlf2Ysd6AgXm +vB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHk +fY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3 +fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZ +EoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq +yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl +1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/7HW/ +lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkyShNOsF/5oirpt9P/FlUQqmMGqz9IgcgA38coro +g14= +-----END CERTIFICATE----- + +Taiwan GRCA +=========== +-----BEGIN CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQG +EwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X +DTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1owPzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dv +dmVybm1lbnQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qN +w8XRIePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1qgQdW8or5 +BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKyyhwOeYHWtXBiCAEuTk8O +1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAtsF/tnyMKtsc2AtJfcdgEWFelq16TheEfO +htX7MfP6Mb40qij7cEwdScevLJ1tZqa2jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wov +J5pGfaENda1UhhXcSTvxls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7 +Q3hub/FCVGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHKYS1t +B6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoHEgKXTiCQ8P8NHuJB +O9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThNXo+EHWbNxWCWtFJaBYmOlXqYwZE8 +lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1UdDgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNV +HRMEBTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg2 +09yewDL7MTqKUWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ +TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyfqzvS/3WXy6Tj +Zwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaKZEk9GhiHkASfQlK3T8v+R0F2 +Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFEJPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlU +D7gsL0u8qV1bYH+Mh6XgUmMqvtg7hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6Qz +DxARvBMB1uUO07+1EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+Hbk +Z6MmnD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WXudpVBrkk +7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44VbnzssQwmSNOXfJIoRIM3BKQ +CZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v3Aun+kbfYNucpllQdSNpc5Oy ++fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYsfPQS +-----END CERTIFICATE----- + +Swisscom Root CA 1 +================== +-----BEGIN CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQG +EwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy +dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4 +MTgyMjA2MjBaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln +aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIIC +IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9m2BtRsiM +MW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdihFvkcxC7mlSpnzNApbjyF +NDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/TilftKaNXXsLmREDA/7n29uj/x2lzZAe +AR81sH8A25Bvxn570e56eqeqDFdvpG3FEzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkC +b6dJtDZd0KTeByy2dbcokdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn +7uHbHaBuHYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNFvJbN +cA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo19AOeCMgkckkKmUp +WyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjCL3UcPX7ape8eYIVpQtPM+GP+HkM5 +haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJWbjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNY +MUJDLXT5xp6mig/p/r+D5kNXJLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw +HQYDVR0hBBYwFDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j +BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzcK6FptWfUjNP9 +MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzfky9NfEBWMXrrpA9gzXrzvsMn +jgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7IkVh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQ +MbFamIp1TpBcahQq4FJHgmDmHtqBsfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4H +VtA4oJVwIHaM190e3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtl +vrsRls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ipmXeascCl +OS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HHb6D0jqTsNFFbjCYDcKF3 +1QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksfrK/7DZBaZmBwXarNeNQk7shBoJMBkpxq +nvy5JMWzFYJ+vq6VK+uxwNrjAWALXmmshFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCy +x/yP2FS1k2Kdzs9Z+z0YzirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMW +NY6E0F/6MBr1mmz0DlP5OlvRHA== +-----END CERTIFICATE----- + +DigiCert Assured ID Root CA +=========================== +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx +MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO +9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy +UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW +/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy +oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf +GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF +66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq +hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc +EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn +SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i +8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- + +DigiCert Global Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw +MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn +TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5 +BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H +4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y +7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB +o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm +8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF +BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr +EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt +tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886 +UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- + +DigiCert High Assurance EV Root CA +================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw +KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw +MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ +MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu +Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t +Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS +OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3 +MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ +NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe +h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY +JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ +V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp +myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK +mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K +-----END CERTIFICATE----- + +Certplus Class 2 Primary CA +=========================== +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UE +BhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFzcyAyIFByaW1hcnkgQ0EwHhcN +OTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2Vy +dHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANxQltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR +5aiRVhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyLkcAbmXuZ +Vg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCdEgETjdyAYveVqUSISnFO +YFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yasH7WLO7dDWWuwJKZtkIvEcupdM5i3y95e +e++U8Rs+yskhwcWYAqqi9lt3m/V+llU0HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRME +CDAGAQH/AgEKMAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJ +YIZIAYb4QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMuY29t +L0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/AN9WM2K191EBkOvD +P9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8yfFC82x/xXp8HVGIutIKPidd3i1R +TtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMRFcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+ +7UCmnYR0ObncHoUW2ikbhiMAybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW +//1IMwrh3KWBkJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 +l7+ijrRU +-----END CERTIFICATE----- + +DST Root CA X3 +============== +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK +ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X +DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1 +cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT +rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9 +UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy +xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d +utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ +MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug +dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE +GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw +RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS +fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- + +DST ACES CA X6 +============== +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QxETAPBgNVBAsTCERTVCBBQ0VT +MRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0wMzExMjAyMTE5NThaFw0xNzExMjAyMTE5NTha +MFsxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UE +CxMIRFNUIEFDRVMxFzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPuktKe1jzI +DZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7gLFViYsx+tC3dr5BPTCa +pCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZHfAjIgrrep4c9oW24MFbCswKBXy314pow +GCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4aahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPy +MjwmR/onJALJfh1biEITajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rkc3Qu +Y29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjtodHRwOi8vd3d3LnRy +dXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMtaW5kZXguaHRtbDAdBgNVHQ4EFgQU +CXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZIhvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V2 +5FYrnJmQ6AgwbN99Pe7lv7UkQIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6t +Fr8hlxCBPeP/h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq +nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpRrscL9yuwNwXs +vFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf29w4LTJxoeHtxMcfrHuBnQfO3 +oKfN5XozNmr6mis= +-----END CERTIFICATE----- + +TURKTRUST Certificate Services Provider Root 1 +============================================== +-----BEGIN CERTIFICATE----- +MIID+zCCAuOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtzE/MD0GA1UEAww2VMOcUktUUlVTVCBF +bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGDAJUUjEP +MA0GA1UEBwwGQU5LQVJBMVYwVAYDVQQKDE0oYykgMjAwNSBUw5xSS1RSVVNUIEJpbGdpIMSwbGV0 +acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjAeFw0wNTA1MTMx +MDI3MTdaFw0xNTAzMjIxMDI3MTdaMIG3MT8wPQYDVQQDDDZUw5xSS1RSVVNUIEVsZWt0cm9uaWsg +U2VydGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLExCzAJBgNVBAYMAlRSMQ8wDQYDVQQHDAZB +TktBUkExVjBUBgNVBAoMTShjKSAyMDA1IFTDnFJLVFJVU1QgQmlsZ2kgxLBsZXRpxZ9pbSB2ZSBC +aWxpxZ9pbSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEuxZ4uMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAylIF1mMD2Bxf3dJ7XfIMYGFbazt0K3gNfUW9InTojAPBxhEqPZW8qZSwu5GX +yGl8hMW0kWxsE2qkVa2kheiVfrMArwDCBRj1cJ02i67L5BuBf5OI+2pVu32Fks66WJ/bMsW9Xe8i +Si9BB35JYbOG7E6mQW6EvAPs9TscyB/C7qju6hJKjRTP8wrgUDn5CDX4EVmt5yLqS8oUBt5CurKZ +8y1UiBAG6uEaPj1nH/vO+3yC6BFdSsG5FOpU2WabfIl9BJpiyelSPJ6c79L1JuTm5Rh8i27fbMx4 +W09ysstcP4wFjdFMjK2Sx+F4f2VsSQZQLJ4ywtdKxnWKWU51b0dewQIDAQABoxAwDjAMBgNVHRME +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAV9VX/N5aAWSGk/KEVTCD21F/aAyT8z5Aa9CEKmu46 +sWrv7/hg0Uw2ZkUd82YCdAR7kjCo3gp2D++Vbr3JN+YaDayJSFvMgzbC9UZcWYJWtNX+I7TYVBxE +q8Sn5RTOPEFhfEPmzcSBCYsk+1Ql1haolgxnB2+zUEfjHCQo3SqYpGH+2+oSN7wBGjSFvW5P55Fy +B0SFHljKVETd96y5y4khctuPwGkplyqjrhgjlxxBKot8KsF8kOipKMDTkcatKIdAaLX/7KfS0zgY +nNN9aV3wxqUeJBujR/xpB2jn5Jq07Q+hh4cCzofSSE7hvP/L8XKSRGQDJereW26fyfJOrN3H +-----END CERTIFICATE----- + +TURKTRUST Certificate Services Provider Root 2 +============================================== +-----BEGIN CERTIFICATE----- +MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvjE/MD0GA1UEAww2VMOcUktUUlVTVCBF +bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEP +MA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUg +QmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUwHhcN +MDUxMTA3MTAwNzU3WhcNMTUwOTE2MTAwNzU3WjCBvjE/MD0GA1UEAww2VMOcUktUUlVTVCBFbGVr +dHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEPMA0G +A1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmls +acWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpNn7DkUNMwxmYCMjHWHtPFoylzkkBH3MOrHUTpvqe +LCDe2JAOCtFp0if7qnefJ1Il4std2NiDUBd9irWCPwSOtNXwSadktx4uXyCcUHVPr+G1QRT0mJKI +x+XlZEdhR3n9wFHxwZnn3M5q+6+1ATDcRhzviuyV79z/rxAc653YsKpqhRgNF8k+v/Gb0AmJQv2g +QrSdiVFVKc8bcLyEVK3BEx+Y9C52YItdP5qtygy/p1Zbj3e41Z55SZI/4PGXJHpsmxcPbe9TmJEr +5A++WXkHeLuXlfSfadRYhwqp48y2WBmfJiGxxFmNskF1wK1pzpwACPI2/z7woQ8arBT9pmAPAgMB +AAGjQzBBMB0GA1UdDgQWBBTZN7NOBf3Zz58SFq62iS/rJTqIHDAPBgNVHQ8BAf8EBQMDBwYAMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHJglrfJ3NgpXiOFX7KzLXb7iNcX/ntt +Rbj2hWyfIvwqECLsqrkw9qtY1jkQMZkpAL2JZkH7dN6RwRgLn7Vhy506vvWolKMiVW4XSf/SKfE4 +Jl3vpao6+XF75tpYHdN0wgH6PmlYX63LaL4ULptswLbcoCb6dxriJNoaN+BnrdFzgw2lGh1uEpJ+ +hGIAF728JRhX8tepb1mIvDS3LoV4nZbcFMMsilKbloxSZj2GFotHuFEJjOp9zYhys2AzsfAKRO8P +9Qk3iCQOLGsgOqL6EfJANZxEaGM7rDNvY7wsu/LSy3Z9fYjYHcgFHW68lKlmjHdxx/qR+i9Rnuk5 +UrbnBEI= +-----END CERTIFICATE----- + +SwissSign Gold CA - G2 +====================== +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw +EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN +MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp +c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq +t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C +jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg +vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF +ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR +AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend +jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO +peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR +7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi +GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64 +OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm +5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr +44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf +Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m +Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp +mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk +vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf +KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br +NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj +viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- + +SwissSign Silver CA - G2 +======================== +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT +BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X +DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3 +aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644 +N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm ++/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH +6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu +MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h +qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5 +FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs +ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc +celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X +CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB +tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P +4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F +kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L +3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx +/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa +DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP +e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu +WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ +DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub +DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- + +GeoTrust Primary Certification Authority +======================================== +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQ +cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWN +b6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9 +nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5X9gaBGge +RwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGt +tm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZI +hvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CePbJC/kRYkRj5K +Ts4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl4b7UVXGYNTq+k+qurUKykG/g/CFN +NWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHa +Floxt/m0cYASSJlyc1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG +1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= +-----END CERTIFICATE----- + +thawte Primary Root CA +====================== +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UE +BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2 +aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv +cml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3 +MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwg +SW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMv +KGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMT +FnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs +oPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ +1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGc +q/gcfomk6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/K +aAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR32HuHUETVPm4p +afs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUF +AAOCAQEAeRHAS7ORtvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE +uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89 +jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH +z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA== +-----END CERTIFICATE----- + +VeriSign Class 3 Public Primary Certification Authority - G5 +============================================================ +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE +BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO +ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk +IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln +biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh +dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz +j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD +Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ +Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r +fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/ +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv +Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG +SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+ +X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE +KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC +Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE +ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- + +SecureTrust CA +============== +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy +dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe +BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX +OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t +DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH +GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b +01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH +ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj +aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ +KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu +SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf +mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ +nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- + +Secure Global CA +================ +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH +bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg +MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx +YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ +bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g +8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV +HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi +0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn +oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA +MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+ +OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn +CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5 +3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- + +COMODO Certification Authority +============================== +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb +MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD +T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH ++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww +xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV +4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA +1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI +rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k +b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC +AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP +OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc +IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN ++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ== +-----END CERTIFICATE----- + +Network Solutions Certificate Authority +======================================= +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQG +EwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3Jr +IFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMx +MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7MEL7xx +jOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6UDL4wpPT +aaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXT +crA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc +/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMB +AAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwubmV0c29sc3NsLmNv +bS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUA +A4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q +4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/ +GGUsyfJj4akH/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxD +ydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- + +WellsSecure Public Root Certificate Authority +============================================= +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoM +F1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYw +NAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcN +MDcxMjEzMTcwNzU0WhcNMjIxMjE0MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dl +bGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYD +VQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+rWxxTkqxtnt3CxC5FlAM1 +iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjUDk/41itMpBb570OYj7OeUt9tkTmPOL13 +i0Nj67eT/DBMHAGTthP796EfvyXhdDcsHqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8 +bJVhHlfXBIEyg1J55oNjz7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiB +K0HmOFafSZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/SlwxlAgMB +AAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwu +cGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBQm +lRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0jBIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGB +i6SBiDCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRww +GgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEBALkVsUSRzCPI +K0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd/ZDJPHV3V3p9+N701NX3leZ0 +bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pBA4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSlj +qHyita04pO2t/caaH/+Xc/77szWnk4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+es +E2fDbbFwRnzVlhE9iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJ +tylv2G0xffX8oRAHh84vWdw+WNs= +-----END CERTIFICATE----- + +COMODO ECC Certification Authority +================================== +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix +GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X +4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni +wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG +FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA +U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- + +IGC/A +===== +-----BEGIN CERTIFICATE----- +MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYTAkZSMQ8wDQYD +VQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVE +Q1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZy +MB4XDTAyMTIxMzE0MjkyM1oXDTIwMTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQI +EwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NT +STEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaIs9z4iPf930Pfeo2aSVz2 +TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCW +So7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYy +HF2fYPepraX/z9E0+X1bF8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNd +frGoRpAxVs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGdPDPQ +tQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNVHSAEDjAMMAoGCCqB +egF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAxNjAfBgNVHSMEGDAWgBSjBS8YYFDC +iQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUFAAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RK +q89toB9RlPhJy3Q2FLwV3duJL92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3Q +MZsyK10XZZOYYLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg +Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2aNjSaTFR+FwNI +lQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R0982gaEbeC9xs/FZTEYYKKuF +0mBWWg== +-----END CERTIFICATE----- + +Security Communication EV RootCA1 +================================= +-----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMc +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNh +dGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIzMloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UE +BhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNl +Y3VyaXR5IENvbW11bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSERMqm4miO +/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gOzXppFodEtZDkBp2uoQSX +WHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4z +ZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDFMxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4 +bepJz11sS6/vmsJWXMY1VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK +9U2vP9eCOKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HWtWS3irO4G8za+6xm +iEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZq51ihPZRwSzJIxXYKLerJRO1RuGG +Av8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDbEJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnW +mHyojf6GPgcWkuF75x3sM3Z+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEW +T1MKZPlO9L9OVL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 +-----END CERTIFICATE----- + +OISTE WISeKey Global Root GA CA +=============================== +-----BEGIN CERTIFICATE----- +MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UE +BhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHlyaWdodCAoYykgMjAwNTEiMCAG +A1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBH +bG9iYWwgUm9vdCBHQSBDQTAeFw0wNTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYD +VQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIw +IAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5 +IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0+zAJs9 +Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxRVVuuk+g3/ytr6dTqvirdqFEr12bDYVxg +Asj1znJ7O7jyTmUIms2kahnBAbtzptf2w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbD +d50kc3vkDIzh2TbhmYsFmQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ +/yxViJGg4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t94B3R +LoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ +KoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOxSPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vIm +MMkQyh2I+3QZH4VFvbBsUfk2ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4 ++vg1YFkCExh8vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa +hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZiFj4A4xylNoEY +okxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ/L7fCg0= +-----END CERTIFICATE----- + +Microsec e-Szigno Root CA +========================= +-----BEGIN CERTIFICATE----- +MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UE +BhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNyb3NlYyBMdGQuMRQwEgYDVQQL +EwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9zZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0 +MDYxMjI4NDRaFw0xNzA0MDYxMjI4NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVz +dDEWMBQGA1UEChMNTWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMT +GU1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2uuO/TEdyB5s87lozWbxXG +d36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/N +oqdNAoI/gqyFxuEPkEeZlApxcpMqyabAvjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjc +QR/Ji3HWVBTji1R4P770Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJ +PqW+jqpx62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcBAQRb +MFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3AwLQYIKwYBBQUHMAKG +IWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAPBgNVHRMBAf8EBTADAQH/MIIBcwYD +VR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIBAQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3 +LmUtc3ppZ25vLmh1L1NaU1ovMIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0A +dAB2AOEAbgB5ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn +AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABTAHoAbwBsAGcA +4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABhACAAcwB6AGUAcgBpAG4AdAAg +AGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABoAHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMA +egBpAGcAbgBvAC4AaAB1AC8AUwBaAFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6 +Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NO +PU1pY3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxPPU1pY3Jv +c2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5h +cnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuBEGluZm9AZS1zemlnbm8uaHWkdzB1MSMw +IQYDVQQDDBpNaWNyb3NlYyBlLVN6aWduw7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhT +WjEWMBQGA1UEChMNTWljcm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhV +MIGsBgNVHSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJIVTER +MA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDASBgNVBAsTC2UtU3pp +Z25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBSb290IENBghEAzLjnv04pGv2i3Gal +HCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMT +nGZjWS7KXHAM/IO8VbH0jgdsZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FE +aGAHQzAxQmHl7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a +86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfRhUZLphK3dehK +yVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/MPMMNz7UwiiAc7EBt51alhQB +S6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU= +-----END CERTIFICATE----- + +Certigna +======== +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw +EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3 +MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI +Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q +XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH +GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p +ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg +DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf +Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ +tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ +BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J +SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA +hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+ +ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu +PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY +1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- + +AC Ra\xC3\xADz Certic\xC3\xA1mara S.A. +====================================== +-----BEGIN CERTIFICATE----- +MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNVBAYT +AkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRlIENlcnRpZmljYWNpw7NuIERpZ2l0YWwg +LSBDZXJ0aWPDoW1hcmEgUy5BLjEjMCEGA1UEAwwaQUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4w +HhcNMDYxMTI3MjA0NjI5WhcNMzAwNDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+ +U29jaWVkYWQgQ2FtZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJh +IFMuQS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAq2uJo1PMSCMI+8PPUZYILrgIem08kBeGqentLhM0R7LQcNzJPNCN +yu5LF6vQhbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzLfDe3fezTf3MZsGqy2IiKLUV0qPezuMDU +2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQY5fzp6cSsgkiBzPZkc0OnB8OIMfuuzONj8LSWKdf/WU3 +4ojC2I+GdV75LaeHM/J4Ny+LvB2GNzmxlPLYvEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP +2yYe68yQ54v5aHxwD6Mq0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+bMMCm +8Ibbq0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48jilSH5L887uvDdUhf +HjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++EjYfDIJss2yKHzMI+ko6Kh3VOz3vCa +Mh+DkXkwwakfU5tTohVTP92dsxA7SH2JD/ztA/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK +5lw1omdMEWux+IBkAC1vImHFrEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1b +czwmPS9KvqfJpxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMDG2gwgaAGA1UdIASBmDCBlTCBkgYEVR0g +ADCBiTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5jZXJ0aWNhbWFyYS5jb20vZHBjLzBaBggrBgEF +BQcCAjBOGkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW507WFzIGRlIGVzdGUgY2VydGlmaWNhZG8gc2Ug +cHVlZGVuIGVuY29udHJhciBlbiBsYSBEUEMuMA0GCSqGSIb3DQEBBQUAA4ICAQBclLW4RZFNjmEf +AygPU3zmpFmps4p6xbD/CHwso3EcIRNnoZUSQDWDg4902zNc8El2CoFS3UnUmjIz75uny3XlesuX +EpBcunvFm9+7OSPI/5jOCk0iAUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/Jre7Ir5v +/zlXdLp6yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dpezy4ydV/NgIlqmjCMRW3 +MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42gzmRkBDI8ck1fj+404HGIGQatlDCIaR4 +3NAvO2STdPCWkPHv+wlaNECW8DYSwaN0jJN+Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wk +eZBWN7PGKX6jD/EpOe9+XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f +/RWmnkJDW2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/pDceiz+/RL5h +RqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9Sy9NgWyo6R35rMDOhYil/SrnhLecU +Iw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ7Ud3YA47Dx7SwNxkBYn8eNZcLCZDqQ== +-----END CERTIFICATE----- + +TC TrustCenter Class 2 CA II +============================ +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIOLmoAAQACH9dSISwRXDswDQYJKoZIhvcNAQEFBQAwdjELMAkGA1UEBhMC +REUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNVBAsTGVRDIFRydXN0Q2VudGVy +IENsYXNzIDIgQ0ExJTAjBgNVBAMTHFRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0EgSUkwHhcNMDYw +MTEyMTQzODQzWhcNMjUxMjMxMjI1OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1 +c3RDZW50ZXIgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQTElMCMGA1UE +AxMcVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAKuAh5uO8MN8h9foJIIRszzdQ2Lu+MNF2ujhoF/RKrLqk2jftMjWQ+nEdVl//OEd+DFw +IxuInie5e/060smp6RQvkL4DUsFJzfb95AhmC1eKokKguNV/aVyQMrKXDcpK3EY+AlWJU+MaWss2 +xgdW94zPEfRMuzBwBJWl9jmM/XOBCH2JXjIeIqkiRUuwZi4wzJ9l/fzLganx4Duvo4bRierERXlQ +Xa7pIXSSTYtZgo+U4+lK8edJsBTj9WLL1XK9H7nSn6DNqPoByNkN39r8R52zyFTfSUrxIan+GE7u +SNQZu+995OKdy1u2bv/jzVrndIIFuoAlOMvkaZ6vQaoahPUCAwEAAaOCATQwggEwMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjq1RMgKHbVkO3kUrL84J6E1wIqzCB +7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRydXN0Y2VudGVyLmRlL2NybC92Mi90 +Y19jbGFzc18yX2NhX0lJLmNybIaBn2xkYXA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBU +cnVzdENlbnRlciUyMENsYXNzJTIwMiUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21i +SCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u +TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAjNfffu4bgBCzg/XbEeprS6iSGNn3Bzn1LL4G +dXpoUxUc6krtXvwjshOg0wn/9vYua0Fxec3ibf2uWWuFHbhOIprtZjluS5TmVfwLG4t3wVMTZonZ +KNaL80VKY7f9ewthXbhtvsPcW3nS7Yblok2+XnR8au0WOB9/WIFaGusyiC2y8zl3gK9etmF1Kdsj +TYjKUCjLhdLTEKJZbtOTVAB6okaVhgWcqRmY5TFyDADiZ9lA4CQze28suVyrZZ0srHbqNZn1l7kP +JOzHdiEoZa5X6AeIdUpWoNIFOqTmjZKILPPy4cHGYdtBxceb9w4aUUXCYWvcZCcXjFq32nQozZfk +vQ== +-----END CERTIFICATE----- + +TC TrustCenter Class 3 CA II +============================ +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjELMAkGA1UEBhMC +REUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNVBAsTGVRDIFRydXN0Q2VudGVy +IENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYw +MTEyMTQ0MTU3WhcNMjUxMjMxMjI1OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1 +c3RDZW50ZXIgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UE +AxMcVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJWHt4bNwcwIi9v8Qbxq63W +yKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+QVl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo +6SI7dYnWRBpl8huXJh0obazovVkdKyT21oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZ +uV3bOx4a+9P/FRQI2AlqukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk +2ZyqBwi1Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NXXAek0CSnwPIA1DCB +7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRydXN0Y2VudGVyLmRlL2NybC92Mi90 +Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBU +cnVzdENlbnRlciUyMENsYXNzJTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21i +SCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u +TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlNirTzwppVMXzE +O2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8TtXqluJucsG7Kv5sbviRmEb8 +yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9 +IJqDnxrcOfHFcqMRA/07QlIp2+gB95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal +092Y+tTmBvTwtiBjS+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc +5A== +-----END CERTIFICATE----- + +TC TrustCenter Universal CA I +============================= +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIOHaIAAQAC7LdggHiNtgYwDQYJKoZIhvcNAQEFBQAweTELMAkGA1UEBhMC +REUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNVBAsTG1RDIFRydXN0Q2VudGVy +IFVuaXZlcnNhbCBDQTEmMCQGA1UEAxMdVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBIEkwHhcN +MDYwMzIyMTU1NDI4WhcNMjUxMjMxMjI1OTU5WjB5MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMg +VHJ1c3RDZW50ZXIgR21iSDEkMCIGA1UECxMbVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBMSYw +JAYDVQQDEx1UQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0EgSTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAKR3I5ZEr5D0MacQ9CaHnPM42Q9e3s9B6DGtxnSRJJZ4Hgmgm5qVSkr1YnwC +qMqs+1oEdjneX/H5s7/zA1hV0qq34wQi0fiU2iIIAI3TfCZdzHd55yx4Oagmcw6iXSVphU9VDprv +xrlE4Vc93x9UIuVvZaozhDrzznq+VZeujRIPFDPiUHDDSYcTvFHe15gSWu86gzOSBnWLknwSaHtw +ag+1m7Z3W0hZneTvWq3zwZ7U10VOylY0Ibw+F1tvdwxIAUMpsN0/lm7mlaoMwCC2/T42J5zjXM9O +gdwZu5GQfezmlwQek8wiSdeXhrYTCjxDI3d+8NzmzSQfO4ObNDqDNOMCAwEAAaNjMGEwHwYDVR0j +BBgwFoAUkqR1LKSevoFE63n8isWVpesQdXMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0OBBYEFJKkdSyknr6BROt5/IrFlaXrEHVzMA0GCSqGSIb3DQEBBQUAA4IBAQAo0uCG +1eb4e/CX3CJrO5UUVg8RMKWaTzqwOuAGy2X17caXJ/4l8lfmXpWMPmRgFVp/Lw0BxbFg/UU1z/Cy +vwbZ71q+s2IhtNerNXxTPqYn8aEt2hojnczd7Dwtnic0XQ/CNnm8yUpiLe1r2X1BQ3y2qsrtYbE3 +ghUJGooWMNjsydZHcnhLEEYUjl8Or+zHL6sQ17bxbuyGssLoDZJz3KL0Dzq/YSMQiZxIQG5wALPT +ujdEWBF6AmqI8Dc08BnprNRlc/ZpjGSUOnmFKbAWKwyCPwacx/0QK54PLLae4xW/2TYcuiUaUj0a +7CIMHOCkoj3w6DnPgcB77V0fb8XQC9eY +-----END CERTIFICATE----- + +Deutsche Telekom Root CA 2 +========================== +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMT +RGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEG +A1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENBIDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5 +MjM1OTAwWjBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0G +A1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBS +b290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEUha88EOQ5 +bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhCQN/Po7qCWWqSG6wcmtoI +KyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1MjwrrFDa1sPeg5TKqAyZMg4ISFZbavva4VhY +AUlfckE8FQYBjl2tqriTtM2e66foai1SNNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aK +Se5TBY8ZTNXeWHmb0mocQqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTV +jlsB9WoHtxa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAPBgNV +HRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAlGRZrTlk5ynr +E/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756AbrsptJh6sTtU6zkXR34ajgv8HzFZMQSy +zhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpaIzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8 +rZ7/gFnkm0W09juwzTkZmDLl6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4G +dyd1Lx+4ivn+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU +Cm26OWMohpLzGITY+9HPBVZkVw== +-----END CERTIFICATE----- + +ComSign Secured CA +================== +-----BEGIN CERTIFICATE----- +MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEFBQAwPDEbMBkGA1UE +AxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQGEwJJTDAeFw0w +NDAzMjQxMTM3MjBaFw0yOTAzMTYxNTA0NTZaMDwxGzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBD +QTEQMA4GA1UEChMHQ29tU2lnbjELMAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDGtWhfHZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjWaueP1H5XJLkGieQcPOqs +49ohgHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQPRbsHPaHA+iqYHU4Gk/v1iDurX8sWv+bznkqH +7Rnqwp9D5PGBpX8QTz7RSmKtUxvLg/8HZaWSLWapW7ha9B20IZFKF3ueMv5WJDmyVIRD9YTC2LxB +kMyd1mja6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr9gOUCXDeFhF6K+h2j0kQmHe5Y1yLM5d1 +9guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt6+UarA9z1YJZQIDTAgMBAAGjgacwgaQwDAYDVR0TBAUw +AwEB/zBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29t +U2lnblNlY3VyZWRDQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58ADsA +j8c+DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkqhkiG9w0BAQUFAAOC +AQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7piL1DRYHjZiM/EoZNGeQFsOY3wo3a +BijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2mPtCdsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtp +FhpFfTMDZflScZAmlaxMDPWLkz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP +51qJThRv4zdLhfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+/21OGVZOIJFsnzQz +OjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw== +-----END CERTIFICATE----- + +Cybertrust Global Root +====================== +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYGA1UEChMPQ3li +ZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBSb290MB4XDTA2MTIxNTA4 +MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQD +ExZDeWJlcnRydXN0IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA ++Mi8vRRQZhP/8NN57CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW +0ozSJ8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2yHLtgwEZL +AfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iPt3sMpTjr3kfb1V05/Iin +89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNzFtApD0mpSPCzqrdsxacwOUBdrsTiXSZT +8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAYXSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2 +MDSgMqAwhi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3JsMB8G +A1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUAA4IBAQBW7wojoFRO +lZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMjWqd8BfP9IjsO0QbE2zZMcwSO5bAi +5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUxXOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2 +hO0j9n0Hq0V+09+zv+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+T +X3EJIrduPuocA06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5V +-----END CERTIFICATE----- + +ePKI Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG +EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg +Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx +MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq +MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs +IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi +lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv +qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX +12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O +WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ +ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao +lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/ +vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi +Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi +MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0 +1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq +KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV +xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP +NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r +GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE +xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx +gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy +sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD +BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- + +T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3 +============================================================================================================================= +-----BEGIN CERTIFICATE----- +MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRSMRgwFgYDVQQH +DA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJpbGltc2VsIHZlIFRla25vbG9q +aWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSwVEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ry +b25payB2ZSBLcmlwdG9sb2ppIEFyYcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNV +BAsMGkthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUg +S8O2ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAeFw0wNzA4 +MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIxGDAWBgNVBAcMD0dlYnpl +IC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2ppayBBcmHF +n3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBUQUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZl +IEtyaXB0b2xvamkgQXJhxZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2Ft +dSBTZXJ0aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7ZrIFNl +cnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4hgb46ezzb8R1Sf1n68yJMlaCQvEhO +Eav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yKO7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1 +xnnRFDDtG1hba+818qEhTsXOfJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR +6Oqeyjh1jmKwlZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL +hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQIDAQABo0IwQDAd +BgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmPNOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4 +N5EY3ATIZJkrGG2AA1nJrvhY0D7twyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLT +y9LQQfMmNkqblWwM7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYh +LBOhgLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5noN+J1q2M +dqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUsyZyQ2uypQjyttgI= +-----END CERTIFICATE----- + +Buypass Class 2 CA 1 +==================== +-----BEGIN CERTIFICATE----- +MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3MgQ2xhc3MgMiBDQSAxMB4XDTA2 +MTAxMzEwMjUwOVoXDTE2MTAxMzEwMjUwOVowSzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBh +c3MgQVMtOTgzMTYzMzI3MR0wGwYDVQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE425KEHK8T1A9vNkYgxC7M +cXA0ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvnma+WwajHQN2lFYxuyHyXA8vmIPLXl18xoS83 +0r7uvqmtqEyeIWZDO6i88wmjONVZJMHCR3axiFyCO7srpgTXjAePzdVBHfCuuCkslFJgNJQ72uA4 +0Z0zPhX0kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B5J2O6O+JzhRMVB0cgRJNcKi+EAUXfh/R +uFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3WNVyfh9EdrsAiR0WnVE1703CVu9r4Iw7DekCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0P +AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLPgcIV +1Xp+DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+DKhQ7SLHrQVMdvvt +7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKuBctN518fV4bVIJwo+28TOPX2EZL2 +fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEseaHsh7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5w +wDX3OaJdZtB7WZ+oRxKaJyOkLY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho +-----END CERTIFICATE----- + +Buypass Class 3 CA 1 +==================== +-----BEGIN CERTIFICATE----- +MIIDUzCCAjugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3MgQ2xhc3MgMyBDQSAxMB4XDTA1 +MDUwOTE0MTMwM1oXDTE1MDUwOTE0MTMwM1owSzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBh +c3MgQVMtOTgzMTYzMzI3MR0wGwYDVQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKSO13TZKWTeXx+HgJHqTjnmGcZEC4DVC69TB4sSveZn8AKx +ifZgisRbsELRwCGoy+Gb72RRtqfPFfV0gGgEkKBYouZ0plNTVUhjP5JW3SROjvi6K//zNIqeKNc0 +n6wv1g/xpC+9UrJJhW05NfBEMJNGJPO251P7vGGvqaMU+8IXF4Rs4HyI+MkcVyzwPX6UvCWThOia +AJpFBUJXgPROztmuOfbIUxAMZTpHe2DC1vqRycZxbL2RhzyRhkmr8w+gbCZ2Xhysm3HljbybIR6c +1jh+JIAVMYKWsUnTYjdbiAwKYjT+p0h+mbEwi5A3lRyoH6UsjfRVyNvdWQrCrXig9IsCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUOBTmyPCppAP0Tj4io1vy1uCtQHQwDgYDVR0P +AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQABZ6OMySU9E2NdFm/soT4JXJEVKirZgCFPBdy7 +pYmrEzMqnji3jG8CcmPHc3ceCQa6Oyh7pEfJYWsICCD8igWKH7y6xsL+z27sEzNxZy5p+qksP2bA +EllNC1QCkoS72xLvg3BweMhT+t/Gxv/ciC8HwEmdMldg0/L2mSlf56oBzKwzqBwKu5HEA6BvtjT5 +htOzdlSY9EqBs1OdTUDs5XcTRa9bqh/YL0yCe/4qxFi7T/ye/QNlGioOw6UgFpRreaaiErS7GqQj +el/wroQk5PMr+4okoyeYZdowdXb8GZHo2+ubPzK/QJcHJrrM85SFSnonk8+QQtS4Wxam58tAA915 +-----END CERTIFICATE----- + +EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 +========================================================================== +-----BEGIN CERTIFICATE----- +MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2BgNVBAMML0VCRyBF +bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMTcwNQYDVQQKDC5FQkcg +QmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXptZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAe +Fw0wNjA4MTcwMDIxMDlaFw0xNjA4MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ryb25p +ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UECgwuRUJHIEJpbGnFn2lt +IFRla25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBBLsWeLjELMAkGA1UEBhMCVFIwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDuoIRh0DpqZhAy2DE4f6en5f2h4fuXd7hxlugTlkaDT7by +X3JWbhNgpQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAktiHq6yOU/im/+4mRDGSaBUorzAzu8T2b +gmmkTPiab+ci2hC6X5L8GCcKqKpE+i4stPtGmggDg3KriORqcsnlZR9uKg+ds+g75AxuetpX/dfr +eYteIAbTdgtsApWjluTLdlHRKJ2hGvxEok3MenaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZ +TqNGFav4c0JqwmZ2sQomFd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8UmTDGy +Y5lhcucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z+kI2sSXFCjEmN1Zn +uqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0OLna9XvNRiYuoP1Vzv9s6xiQFlpJI +qkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenmHmMWOeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vm +ExH8nYQKE3vwO9D8owrXieqWfo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0 +Nokb+Clsi7n2l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSny2re2kcwHwYDVR0jBBgwFoAU587GT/wW +Z5b6SqMHwQSny2re2kcwDQYJKoZIhvcNAQEFBQADggIBAJuYml2+8ygjdsZs93/mQJ7ANtyVDR2t +FcU22NU57/IeIl6zgrRdu0waypIN30ckHrMk2pGI6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVGoGgm +zJNSroIBk5DKd8pNSe/iWtkqvTDOTLKBtjDOWU/aWR1qeqRFsIImgYZ29fUQALjuswnoT4cCB64k +XPBfrAowzIpAoHMEwfuJJPaaHFy3PApnNgUIMbOv2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqT +bCmYIai7FvOpEl90tYeY8pUm3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJnxk1Gj7sU +RT0KlhaOEKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4QDgZxGhBM/nV+/x5XOULK +1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9qKd+FPNMN4KIYEsxVL0e3p5sC/kH2iExt +2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11thie3I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQ +Y9iJSrSq3RZj9W6+YKH47ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9 +AahH3eU7QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqT +-----END CERTIFICATE----- + +certSIGN ROOT CA +================ +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD +VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa +Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE +CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I +JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH +rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2 +ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD +0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943 +AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B +Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB +AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8 +SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0 +x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt +vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz +TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- + +CNNIC ROOT +========== +-----BEGIN CERTIFICATE----- +MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJDTjEOMAwGA1UE +ChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2MDcwOTE0WhcNMjcwNDE2MDcw +OTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1Qw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzD +o+/hn7E7SIX1mlwhIhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tiz +VHa6dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZOV/kbZKKT +VrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrCGHn2emU1z5DrvTOTn1Or +czvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gNv7Sg2Ca+I19zN38m5pIEo3/PIKe38zrK +y5nLAgMBAAGjczBxMBEGCWCGSAGG+EIBAQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscC +wQ7vptU7ETAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991S +lgrHAsEO76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnKOOK5 +Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvHugDnuL8BV8F3RTIM +O/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7HgviyJA/qIYM/PmLXoXLT1tLYhFHxUV8 +BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fLbuXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2 +G8kS1sHNzYDzAgE8yGnLRUhj2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5m +mxE= +-----END CERTIFICATE----- + +ApplicationCA - Japanese Government +=================================== +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEcMBoGA1UEChMT +SmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRpb25DQTAeFw0wNzEyMTIxNTAw +MDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYTAkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zl +cm5tZW50MRYwFAYDVQQLEw1BcHBsaWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAp23gdE6Hj6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4 +fl+Kf5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55IrmTwcrN +wVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cwFO5cjFW6WY2H/CPek9AE +jP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDihtQWEjdnjDuGWk81quzMKq2edY3rZ+nYVu +nyoKb58DKTCXKB28t89UKU5RMfkntigm/qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRU +WssmP3HMlEYNllPqa0jQk/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNV +BAYTAkpQMRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOCseOD +vOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADlqRHZ3ODrs +o2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJhyzjVOGjprIIC8CFqMjSnHH2HZ9g +/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYD +io+nEhEMy/0/ecGc/WLuo89UDNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmW +dupwX3kSa+SjB1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL +rosot4LKGAfmt1t06SAZf7IbiVQ= +-----END CERTIFICATE----- + +GeoTrust Primary Certification Authority - G3 +============================================= +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UE +BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0 +IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFy +eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIz +NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAo +YykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT +LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5j +K/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdE +c5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3C +IShwiP/WJmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKu +dlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl1UcCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMR5yo6hTgMdHNxr +2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9 +cr5HqQ6XErhK8WTTOd8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE +Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33s +t/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt +-----END CERTIFICATE----- + +thawte Primary Root CA - G2 +=========================== +-----BEGIN CERTIFICATE----- +MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDELMAkGA1UEBhMC +VVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMu +IC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3Qg +Q0EgLSBHMjAeFw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEV +MBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBG +b3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAt +IEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJS +LSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2twu8x+qi5 +8/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU +mtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUN +G4k8VIZ3KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3K +rr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== +-----END CERTIFICATE----- + +thawte Primary Root CA - G3 +=========================== +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UE +BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2 +aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv +cml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0w +ODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh +d3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD +VQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG +A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2At +P0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC ++BsUa0Lfb1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY +7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkGcuYMXDhpxwTW +vGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUkOQIDAQABo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJ +KoZIhvcNAQELBQADggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK +A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC +8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm +er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A= +-----END CERTIFICATE----- + +GeoTrust Primary Certification Authority - G2 +============================================= +-----BEGIN CERTIFICATE----- +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IElu +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1 +OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdl +b1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEG +BSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33KSLjHUGMc +KiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+ +EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7m +ndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2 +npaqBA+K +-----END CERTIFICATE----- + +VeriSign Universal Root Certification Authority +=============================================== +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UE +BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO +ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk +IHVzZSBvbmx5MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJV +UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv +cmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj +1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGP +MiJhgsWHH26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL72 +9fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMReYTtXlT2NJ8I +AfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPTrJ9VAMf2CGqUuV/c4DPxhGD5WycR +tPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0G +CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O +a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud +DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3 +Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazx +Y8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTx +P/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+P +wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4 +mJO37M2CYfE45k+XmCpajQ== +-----END CERTIFICATE----- + +VeriSign Class 3 Public Primary Certification Authority - G4 +============================================================ +-----BEGIN CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjELMAkGA1UEBhMC +VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3 +b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVz +ZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU +cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRo +b3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5 +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8 +Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGz +rl0Bp3vefLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw +HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24u +Y29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMD +A2gAMGUCMGYhDBgmYFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx +AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== +-----END CERTIFICATE----- + +NetLock Arany (Class Gold) Főtanúsítvány +============================================ +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G +A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610 +dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB +cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx +MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO +ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6 +c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu +0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw +/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk +H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw +fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1 +neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW +qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta +YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna +NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu +dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- + +Staat der Nederlanden Root CA - G2 +================================== +-----BEGIN CERTIFICATE----- +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE +CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g +Um9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oXDTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMC +TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l +ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ +5291qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8SpuOUfiUtn +vWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPUZ5uW6M7XxgpT0GtJlvOj +CwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvEpMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiil +e7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCR +OME4HYYEhLoaJXhena/MUGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpI +CT0ugpTNGmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy5V65 +48r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv6q012iDTiIJh8BIi +trzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEKeN5KzlW/HdXZt1bv8Hb/C3m1r737 +qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMB +AAGjgZcwgZQwDwYDVR0TAQH/BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcC +ARYxaHR0cDovL3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqGSIb3DQEBCwUA +A4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLySCZa59sCrI2AGeYwRTlHSeYAz ++51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwj +f/ST7ZwaUb7dRUG/kSS0H4zpX897IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaN +kqbG9AclVMwWVxJKgnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfk +CpYL+63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxLvJxxcypF +URmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkmbEgeqmiSBeGCc1qb3Adb +CG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvkN1trSt8sV4pAWja63XVECDdCcAz+3F4h +oKOKwJCcaNpQ5kUQR3i2TtJlycM33+FCY7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoV +IPVVYpbtbZNQvOSqeK3Zywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm +66+KAQ== +-----END CERTIFICATE----- + +CA Disig +======== +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzETMBEGA1UEBxMK +QnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwHhcNMDYw +MzIyMDEzOTM0WhcNMTYwMzIyMDEzOTM0WjBKMQswCQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlz +bGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6UShGhJd4NLxs/LxFWYgm +GErENx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIjZkMhsDxkovhqFQ4/61HhVKndBpnXmjxUizkD +Pw/Fzsbrg3ICqB9x8y34dQjbYkzo+s7552oftms1grrijxaSfQUMbEYDXcDtab86wYqg6I7ZuUUo +hwjstMoVvoLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhWS8+2rT+MitcE5eN4TPWGqvWP+j1scaMt +ymfraHtuM6kMgiioTGohQBUgDCZbg8KpFhXAJIJdKxatymP2dACw30PEEGBWZ2NFAgMBAAGjgf8w +gfwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0P +AQH/BAQDAgEGMDYGA1UdEQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cuZGlz +aWcuc2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5zay9jYS9jcmwvY2Ff +ZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2svY2EvY3JsL2NhX2Rpc2lnLmNybDAa +BgNVHSAEEzARMA8GDSuBHpGT5goAAAABAQEwDQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59t +WDYcPQuBDRIrRhCA/ec8J9B6yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3 +mkkp7M5+cTxqEEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l37iYC5oyOGwwoPP/ +CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54GvCKWU3BlxFAKRmukLyeBEicTXxChds6K +ezfqwzlhA5WYOudsiCUI/HloDYd9Yvi0X/vF2Ey9WLw/Q1vUHgFNPGO+I++MzVpQuGhU+QqZMxEA +4Z7CRneC9VkGjCFMhwnN5ag= +-----END CERTIFICATE----- + +Juur-SK +======= +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcNAQkBFglwa2lA +c2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRAw +DgYDVQQDEwdKdXVyLVNLMB4XDTAxMDgzMDE0MjMwMVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqG +SIb3DQEJARYJcGtpQHNrLmVlMQswCQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVy +aW1pc2tlc2t1czEQMA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSYRqTCZUXP00B841oiqBB4M8yIsdOBSvZiF3tf +TQou0M+LI+5PAk676w7KvRhj6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkzABpTpyHhOEvWgxutr2TC ++Rx6jGZITWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvHLCu3GFH+4Hv2qEivbDtPL+/40UceJlfw +UR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMPPbgFPtGzlc3Yyg/CQ2fbt5PgIoIuvvVoKIO5wTtpeyDa +Tpxt4brNj3pssAki14sL2xzVWiZbDcDq5WDQn/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQF +MAMBAf8wggEWBgNVHSAEggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwICMIHD +HoHAAFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDkAGwAagBhAHMAdABh +AHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0AHMAZQBlAHIAaQBtAGkAcwBrAGUA +cwBrAHUAcwAgAGEAbABhAG0ALQBTAEsAIABzAGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABr +AGkAbgBuAGkAdABhAG0AaQBzAGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nw +cy8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2NybC8wHQYDVR0OBBYE +FASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaAFASqekej5ImvGs8KQKcYP2/v6X2+MA4G +A1UdDwEB/wQEAwIB5jANBgkqhkiG9w0BAQUFAAOCAQEAe8EYlFOiCfP+JmeaUOTDBS8rNXiRTHyo +ERF5TElZrMj3hWVcRrs7EKACr81Ptcw2Kuxd/u+gkcm2k298gFTsxwhwDY77guwqYHhpNjbRxZyL +abVAyJRld/JXIWY7zoVAtjNjGr95HvxcHdMdkxuLDF2FvZkwMhgJkVLpfKG6/2SSmuz+Ne6ML678 +IIbsSt4beDI3poHSna9aEhbKmVv8b20OxaAehsmR0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkh +Mp6qqIWYNIE5ITuoOlIyPfZrN4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0ZTbvGRNs2 +yyqcjg== +-----END CERTIFICATE----- + +Hongkong Post Root CA 1 +======================= +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT +DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx +NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n +IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1 +ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr +auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh +qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY +V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV +HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i +h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio +l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei +IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps +T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT +c4afU9hDDl3WY4JxHYB0yvbiAmvZWg== +-----END CERTIFICATE----- + +SecureSign RootCA11 +=================== +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi +SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS +b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw +KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1 +cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL +TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO +wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq +g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP +O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA +bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX +t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh +OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r +bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ +Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01 +y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061 +lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- + +ACEDICOM Root +============= +-----BEGIN CERTIFICATE----- +MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UEAwwNQUNFRElD +T00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMB4XDTA4 +MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEWMBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoG +A1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHk +WLn709gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7XBZXehuD +YAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5PGrjm6gSSrj0RuVFCPYew +MYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAKt0SdE3QrwqXrIhWYENiLxQSfHY9g5QYb +m8+5eaA9oiM/Qj9r+hwDezCNzmzAv+YbX79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbk +HQl/Sog4P75n/TSW9R28MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTT +xKJxqvQUfecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI2Sf2 +3EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyHK9caUPgn6C9D4zq9 +2Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEaeZAwUswdbxcJzbPEHXEUkFDWug/Fq +TYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz +4SsrSbbXc6GqlPUB53NlTKxQMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU +9QHnc2VMrFAwRAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv +bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWImfQwng4/F9tqg +aHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3gvoFNTPhNahXwOf9jU8/kzJP +eGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKeI6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1Pwk +zQSulgUV1qzOMPPKC8W64iLgpq0i5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1 +ThCojz2GuHURwCRiipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oI +KiMnMCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZo5NjEFIq +nxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6zqylfDJKZ0DcMDQj3dcE +I2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacNGHk0vFQYXlPKNFHtRQrmjseCNj6nOGOp +MCwXEGCSn1WHElkQwg9naRHMTh5+Spqtr0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3o +tkYNbn5XOmeUwssfnHdKZ05phkOTOPu220+DkdRgfks+KzgHVZhepA== +-----END CERTIFICATE----- + +Verisign Class 3 Public Primary Certification Authority +======================================================= +-----BEGIN CERTIFICATE----- +MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMx +FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5 +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVow +XzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAz +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94 +f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Ol +hec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBABByUqkFFBky +CEHwxWsKzH4PIRnN5GfcX6kb5sroc50i2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWX +bj9T/UWZYB2oK0z5XqcJ2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/ +D/xwzoiQ +-----END CERTIFICATE----- + +Microsec e-Szigno Root CA 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER +MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv +c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE +BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt +U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA +fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG +0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA +pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm +1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC +AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf +QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE +FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o +lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX +I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02 +yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi +LXpUq3DDfSJlgnCW +-----END CERTIFICATE----- + +E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi +=================================================== +-----BEGIN CERTIFICATE----- +MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQG +EwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5TLjE8MDoGA1UEAxMz +ZS1HdXZlbiBLb2sgRWxla3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhZ2xheWljaXNpMB4XDTA3 +MDEwNDExMzI0OFoXDTE3MDEwNDExMzI0OFowdTELMAkGA1UEBhMCVFIxKDAmBgNVBAoTH0VsZWt0 +cm9uaWsgQmlsZ2kgR3V2ZW5saWdpIEEuUy4xPDA6BgNVBAMTM2UtR3V2ZW4gS29rIEVsZWt0cm9u +aWsgU2VydGlmaWthIEhpem1ldCBTYWdsYXlpY2lzaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMMSIJ6wXgBljU5Gu4Bc6SwGl9XzcslwuedLZYDBS75+PNdUMZTe1RK6UxYC6lhj71vY +8+0qGqpxSKPcEC1fX+tcS5yWCEIlKBHMilpiAVDV6wlTL/jDj/6z/P2douNffb7tC+Bg62nsM+3Y +jfsSSYMAyYuXjDtzKjKzEve5TfL0TW3H5tYmNwjy2f1rXKPlSFxYvEK+A1qBuhw1DADT9SN+cTAI +JjjcJRFHLfO6IxClv7wC90Nex/6wN1CZew+TzuZDLMN+DfIcQ2Zgy2ExR4ejT669VmxMvLz4Bcpk +9Ok0oSy1c+HCPujIyTQlCFzz7abHlJ+tiEMl1+E5YP6sOVkCAwEAAaNCMEAwDgYDVR0PAQH/BAQD +AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ/uRLOU1fqRTy7ZVZoEVtstxNulMA0GCSqG +SIb3DQEBBQUAA4IBAQB/X7lTW2M9dTLn+sR0GstG30ZpHFLPqk/CaOv/gKlR6D1id4k9CnU58W5d +F4dvaAXBlGzZXd/aslnLpRCKysw5zZ/rTt5S/wzw9JKp8mxTq5vSR6AfdPebmvEvFZ96ZDAYBzwq +D2fK/A+JYZ1lpTzlvBNbCNvj/+27BrtqBrF6T2XGgv0enIu1De5Iu7i9qgi0+6N8y5/NkHZchpZ4 +Vwpm+Vganf2XKWDeEaaQHBkc7gGWIjQ0LpH5t8Qn0Xvmv/uARFoW5evg1Ao4vOSR49XrXMGs3xtq +fJ7lddK2l4fbzIcrQzqECK+rPNv3PGYxhrCdU3nt+CPeQuMtgvEP5fqX +-----END CERTIFICATE----- + +GlobalSign Root CA - R3 +======================= +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv +YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh +bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT +aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt +iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ +0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3 +rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl +OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2 +xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7 +lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8 +EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E +bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18 +YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r +kpeDMdmztcpHWD9f +-----END CERTIFICATE----- + +Autoridad de Certificacion Firmaprofesional CIF A62634068 +========================================================= +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA +BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 +MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw +QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB +NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD +Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P +B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY +7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH +ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI +plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX +MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX +LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK +bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU +vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud +EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH +DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA +bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx +ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx +51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk +R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP +T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f +Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl +osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR +crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR +saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD +KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi +6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- + +Izenpe.com +========== +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG +EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz +MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu +QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ +03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK +ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU ++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC +PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT +OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK +F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK +0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+ +0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB +leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID +AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+ +SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG +NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l +Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga +kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q +hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs +g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5 +aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5 +nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC +ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo +Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z +WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- + +Chambers of Commerce Root - 2008 +================================ +-----BEGIN CERTIFICATE----- +MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFD +MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv +bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu +QS4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEy +Mjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNl +ZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF +EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJl +cnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKA +XuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorj +h40G072QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/ +ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFHcpOrUMPrCXZk +NNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgvMPMZ4fKecHePOjlO+Bd5g +D2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331 +lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ +0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj +ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2 +EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCI +G8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJ +BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNh +bWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENh +bWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiC +CQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH +AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1 +wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH +3qLPaYRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbU +RWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaHFoI6 +M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2pSB7+R5KBWIBpih1 +YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF +9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK +zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvG +nrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg +OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ +-----END CERTIFICATE----- + +Global Chambersign Root - 2008 +============================== +-----BEGIN CERTIFICATE----- +MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYDVQQGEwJFVTFD +MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv +bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu +QS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMx +NDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUg +Y3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ +QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD +aGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDf +VtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXf +XjaOcNFccUMd2drvXNL7G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0 +ZJJ0YPP2zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB +/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiMvvKRhI9lNNgA +TH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2Id3UwD2ln58fQ1DJu7xsepeY7s2M +H/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfe +Ox2YItaswTXbo6Al/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF +HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh +wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsogzCtLkykPAgMB +AAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuT +BjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UE +BhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm +aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm +aXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp +1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0 +dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAICIf3DekijZBZRG +/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6 +ReAJ3spED8IXDneRRXozX1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/s +dZ7LoR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVza2Mg +9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yydYhz2rXzdpjEetrHH +foUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9Du +qqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr +P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVq +c5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z +09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B +-----END CERTIFICATE----- + +Go Daddy Root Certificate Authority - G2 +======================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu +MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G +A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq +9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD ++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd +fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl +NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9 +BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac +vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r +5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV +N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1 +-----END CERTIFICATE----- + +Starfield Root Certificate Authority - G2 +========================================= +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 +eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw +DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg +VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv +W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs +bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk +N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf +ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU +JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol +TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx +4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw +F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ +c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- + +Starfield Services Root Certificate Authority - G2 +================================================== +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl +IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT +dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2 +h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa +hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP +LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB +rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG +SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP +E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy +xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza +YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6 +-----END CERTIFICATE----- + +AffirmTrust Commercial +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw +MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb +DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV +C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6 +BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww +MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV +HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG +hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi +qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv +0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh +sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- + +AffirmTrust Networking +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw +MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE +Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI +dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24 +/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb +h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV +HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu +UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6 +12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23 +WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9 +/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- + +AffirmTrust Premium +=================== +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy +OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy +dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn +BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV +5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs ++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd +GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R +p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI +S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04 +6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5 +/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo ++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv +MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC +6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S +L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK ++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV +BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg +IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60 +g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb +zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw== +-----END CERTIFICATE----- + +AffirmTrust Premium ECC +======================= +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV +BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx +MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U +cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ +N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW +BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK +BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X +57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM +eQ== +-----END CERTIFICATE----- + +Certum Trusted Network CA +========================= +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK +ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy +MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU +ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC +l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J +J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4 +fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0 +cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj +jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1 +mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj +Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- + +Certinomis - Autorité Racine +============================= +-----BEGIN CERTIFICATE----- +MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjETMBEGA1UEChMK +Q2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAkBgNVBAMMHUNlcnRpbm9taXMg +LSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkG +A1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYw +JAYDVQQDDB1DZXJ0aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jYF1AMnmHa +wE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N8y4oH3DfVS9O7cdxbwly +Lu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWerP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw +2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92N +jMD2AR5vpTESOH2VwnHu7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9q +c1pkIuVC28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6lSTC +lrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1Enn1So2+WLhl+HPNb +xxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB0iSVL1N6aaLwD4ZFjliCK0wi1F6g +530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql095gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna +4NH4+ej9Uji29YnfAgMBAAGjWzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBQNjLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ +KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9sov3/4gbIOZ/x +WqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZMOH8oMDX/nyNTt7buFHAAQCva +R6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40 +nJ+U8/aGH88bc62UeYdocMMzpXDn2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1B +CxMjidPJC+iKunqjo3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjv +JL1vnxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG5ERQL1TE +qkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWqpdEdnV1j6CTmNhTih60b +WfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZbdsLLO7XSAPCjDuGtbkD326C00EauFddE +wk01+dIL8hf2rGbVJLJP0RyZwG71fet0BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/ +vgt2Fl43N+bYdJeimUV5 +-----END CERTIFICATE----- + +Root CA Generalitat Valenciana +============================== +-----BEGIN CERTIFICATE----- +MIIGizCCBXOgAwIBAgIEO0XlaDANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJFUzEfMB0GA1UE +ChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJR1ZBMScwJQYDVQQDEx5Sb290 +IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwHhcNMDEwNzA2MTYyMjQ3WhcNMjEwNzAxMTUyMjQ3 +WjBoMQswCQYDVQQGEwJFUzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UE +CxMGUEtJR1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGKqtXETcvIorKA3Qdyu0togu8M1JAJke+WmmmO3I2 +F0zo37i7L3bhQEZ0ZQKQUgi0/6iMweDHiVYQOTPvaLRfX9ptI6GJXiKjSgbwJ/BXufjpTjJ3Cj9B +ZPPrZe52/lSqfR0grvPXdMIKX/UIKFIIzFVd0g/bmoGlu6GzwZTNVOAydTGRGmKy3nXiz0+J2ZGQ +D0EbtFpKd71ng+CT516nDOeB0/RSrFOyA8dEJvt55cs0YFAQexvba9dHq198aMpunUEDEO5rmXte +JajCq+TA81yc477OMUxkHl6AovWDfgzWyoxVjr7gvkkHD6MkQXpYHYTqWBLI4bft75PelAgxAgMB +AAGjggM7MIIDNzAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnBraS5n +dmEuZXMwEgYDVR0TAQH/BAgwBgEB/wIBAjCCAjQGA1UdIASCAiswggInMIICIwYKKwYBBAG/VQIB +ADCCAhMwggHoBggrBgEFBQcCAjCCAdoeggHWAEEAdQB0AG8AcgBpAGQAYQBkACAAZABlACAAQwBl +AHIAdABpAGYAaQBjAGEAYwBpAPMAbgAgAFIAYQDtAHoAIABkAGUAIABsAGEAIABHAGUAbgBlAHIA +YQBsAGkAdABhAHQAIABWAGEAbABlAG4AYwBpAGEAbgBhAC4ADQAKAEwAYQAgAEQAZQBjAGwAYQBy +AGEAYwBpAPMAbgAgAGQAZQAgAFAAcgDhAGMAdABpAGMAYQBzACAAZABlACAAQwBlAHIAdABpAGYA +aQBjAGEAYwBpAPMAbgAgAHEAdQBlACAAcgBpAGcAZQAgAGUAbAAgAGYAdQBuAGMAaQBvAG4AYQBt +AGkAZQBuAHQAbwAgAGQAZQAgAGwAYQAgAHAAcgBlAHMAZQBuAHQAZQAgAEEAdQB0AG8AcgBpAGQA +YQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEAYwBpAPMAbgAgAHMAZQAgAGUAbgBjAHUAZQBu +AHQAcgBhACAAZQBuACAAbABhACAAZABpAHIAZQBjAGMAaQDzAG4AIAB3AGUAYgAgAGgAdAB0AHAA +OgAvAC8AdwB3AHcALgBwAGsAaQAuAGcAdgBhAC4AZQBzAC8AYwBwAHMwJQYIKwYBBQUHAgEWGWh0 +dHA6Ly93d3cucGtpLmd2YS5lcy9jcHMwHQYDVR0OBBYEFHs100DSHHgZZu90ECjcPk+yeAT8MIGV +BgNVHSMEgY0wgYqAFHs100DSHHgZZu90ECjcPk+yeAT8oWykajBoMQswCQYDVQQGEwJFUzEfMB0G +A1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJR1ZBMScwJQYDVQQDEx5S +b290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmGCBDtF5WgwDQYJKoZIhvcNAQEFBQADggEBACRh +TvW1yEICKrNcda3FbcrnlD+laJWIwVTAEGmiEi8YPyVQqHxK6sYJ2fR1xkDar1CdPaUWu20xxsdz +Ckj+IHLtb8zog2EWRpABlUt9jppSCS/2bxzkoXHPjCpaF3ODR00PNvsETUlR4hTJZGH71BTg9J63 +NI8KJr2XXPR5OkowGcytT6CYirQxlyric21+eLj4iIlPsSKRZEv1UN4D2+XFducTZnV+ZfsBn5OH +iJ35Rld8TWCvmHMTI6QgkYH60GFmuH3Rr9ZvHmw96RH9qfmCIoaZM3Fa6hlXPZHNqcCjbgcTpsnt ++GijnsNacgmHKNHEc8RzGF9QdRYxn7fofMM= +-----END CERTIFICATE----- + +A-Trust-nQual-03 +================ +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIDAWweMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJBVDFIMEYGA1UE +Cgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5RdWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5R +dWFsLTAzMB4XDTA1MDgxNzIyMDAwMFoXDTE1MDgxNzIyMDAwMFowgY0xCzAJBgNVBAYTAkFUMUgw +RgYDVQQKDD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMMEEEtVHJ1 +c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtPWFuA/OQO8BBC4SA +zewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUjlUC5B3ilJfYKvUWG6Nm9wASOhURh73+n +yfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZznF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPE +SU7l0+m0iKsMrmKS1GWH2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4 +iHQF63n1k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs2e3V +cuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECERqlWdV +eRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAVdRU0VlIXLOThaq/Yy/kgM40 +ozRiPvbY7meIMQQDbwvUB/tOdQ/TLtPAF8fGKOwGDREkDg6lXb+MshOWcdzUzg4NCmgybLlBMRmr +sQd7TZjTXLDR8KdCoLXEjq/+8T/0709GAHbrAvv5ndJAlseIOrifEXnzgGWovR/TeIGgUUw3tKZd +JXDRZslo+S4RFGjxVJgIrCaSD96JntT6s3kr0qN51OyLrIdTaEJMUVF0HhsnLuP1Hyl0Te2v9+GS +mYHovjrHF1D2t8b8m7CKa9aIA5GPBnc6hQLdmNVDeD/GMBWsm2vLV7eJUYs66MmEDNuxUCAKGkq6 +ahq97BvIxYSazQ== +-----END CERTIFICATE----- + +TWCA Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ +VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG +EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB +IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx +QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC +oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP +4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r +y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG +9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC +mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW +QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY +T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny +Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- + +Security Communication RootCA2 +============================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh +dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC +SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy +aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++ ++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R +3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV +spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K +EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8 +QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj +u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk +3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q +tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29 +mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- + +EC-ACC +====== +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UE +BhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0w +ODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD +VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UE +CxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMT +BkVDLUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQGEwJFUzE7 +MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8gKE5JRiBRLTA4MDExNzYt +SSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBDZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZl +Z2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQubmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJh +cnF1aWEgRW50aXRhdHMgZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUND +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R85iK +w5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm4CgPukLjbo73FCeT +ae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaVHMf5NLWUhdWZXqBIoH7nF2W4onW4 +HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNdQlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0a +E9jD2z3Il3rucO2n5nzbcc8tlGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw +0JDnJwIDAQABo4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4opvpXY0wfwYD +VR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBodHRwczovL3d3dy5jYXRjZXJ0 +Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5l +dC92ZXJhcnJlbCAwDQYJKoZIhvcNAQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJ +lF7W2u++AVtd0x7Y/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNa +Al6kSBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhyRp/7SNVe +l+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOSAgu+TGbrIP65y7WZf+a2 +E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xlnJ2lYJU6Un/10asIbvPuW/mIPX64b24D +5EI= +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions RootCA 2011 +======================================================= +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoT +O0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y +aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z +IFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYT +AkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z +IENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNo +IEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI +1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa +71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u +8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH +3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/ +MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8 +MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQu +b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVt +XdMiKahsog2p6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD +/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N +7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- + +Actalis Authentication Root CA +============================== +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM +BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE +AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky +MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz +IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ +wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa +by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6 +zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f +YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2 +oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l +EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7 +hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8 +EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5 +jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY +iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI +WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0 +JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx +K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+ +Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC +4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo +2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz +lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem +OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9 +vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- + +Trustis FPS Root CA +=================== +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQG +EwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQLExNUcnVzdGlzIEZQUyBSb290 +IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTExMzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNV +BAoTD1RydXN0aXMgTGltaXRlZDEcMBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQ +RUN+AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihHiTHcDnlk +H5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjjvSkCqPoc4Vu5g6hBSLwa +cY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zt +o3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlBOrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEA +AaNTMFEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAd +BgNVHQ4EFgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01GX2c +GE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmWzaD+vkAMXBJV+JOC +yinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP41BIy+Q7DsdwyhEQsb8tGD+pmQQ9P +8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZEf1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHV +l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl +iB6XzCGcKQENZetX2fNXlrtIzYE= +-----END CERTIFICATE----- + +StartCom Certification Authority +================================ +-----BEGIN CERTIFICATE----- +MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN +U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu +ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0 +NjM3WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk +LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg +U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y +o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/ +Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d +eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt +2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z +6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ +osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/ +untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc +UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT +37uMdBNSSwIDAQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQ +Qa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCCATgwLgYIKwYBBQUHAgEWImh0 +dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu +c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENv +bW1lcmNpYWwgKFN0YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0 +aGUgc2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t +L3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBG +cmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5 +fPGFf59Jb2vKXfuM/gTFwWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWm +N3PH/UvSTa0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst0OcN +Org+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNcpRJvkrKTlMeIFw6T +tn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKlCcWw0bdT82AUuoVpaiF8H3VhFyAX +e2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVFP0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA +2MFrLH9ZXF2RsXAiV+uKa0hK1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBs +HvUwyKMQ5bLmKhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE +JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ8dCAWZvLMdib +D4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnmfyWl8kgAwKQB2j8= +-----END CERTIFICATE----- + +StartCom Certification Authority G2 +=================================== +-----BEGIN CERTIFICATE----- +MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMN +U3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +RzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UE +ChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8O +o1XJJZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsDvfOpL9HG +4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnooD/Uefyf3lLE3PbfHkffi +Aez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/Q0kGi4xDuFby2X8hQxfqp0iVAXV16iul +Q5XqFYSdCI0mblWbq9zSOdIxHWDirMxWRST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbs +O+wmETRIjfaAKxojAuuKHDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8H +vKTlXcxNnw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM0D4L +nMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/iUUjXuG+v+E5+M5iS +FGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9Ha90OrInwMEePnWjFqmveiJdnxMa +z6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHgTuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJ +KoZIhvcNAQELBQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K +2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfXUfEpY9Z1zRbk +J4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl6/2o1PXWT6RbdejF0mCy2wl+ +JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG +/+gyRr61M3Z3qAFdlsHB1b6uJcDJHgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTc +nIhT76IxW1hPkWLIwpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/Xld +blhYXzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5lIxKVCCIc +l85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoohdVddLHRDiBYmxOlsGOm +7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulrso8uBtjRkcfGEvRM/TAXw8HaOFvjqerm +obp573PYtlNXLfbQ4ddI +-----END CERTIFICATE----- + +Buypass Class 2 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X +DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1 +g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn +9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b +/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU +CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff +awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI +zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn +Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX +Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs +M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI +osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S +aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd +DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD +LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0 +oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC +wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS +CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN +rJgWVqA= +-----END CERTIFICATE----- + +Buypass Class 3 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X +DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH +sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR +5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh +7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ +ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH +2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV +/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ +RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA +Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq +j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G +uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG +Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8 +ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2 +KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz +6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug +UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe +eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi +Cp/HuZc= +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 3 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx +MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK +9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU +NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF +iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W +0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr +AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb +fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT +ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h +P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw== +-----END CERTIFICATE----- + +EE Certification Centre Root CA +=============================== +-----BEGIN CERTIFICATE----- +MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQG +EwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2Vy +dGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIw +MTAxMDMwMTAxMDMwWhgPMjAzMDEyMTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlB +UyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRy +ZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUyeuuOF0+W2Ap7kaJjbMeM +TC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvObntl8jixwKIy72KyaOBhU8E2lf/slLo2 +rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIwWFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw +93X2PaRka9ZP585ArQ/dMtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtN +P2MbRMNE1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/zQas8fElyalL1BSZ +MEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF +BQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+Rj +xY6hUFaTlrg4wCQiZrxTFGGVv9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqM +lIpPnTX/dqQGE5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u +uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU +3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/vGVCJYMzpJJUPwssd8m92kMfM +dcGWxZ0= +-----END CERTIFICATE----- + +TURKTRUST Certificate Services Provider Root 2007 +================================================= +-----BEGIN CERTIFICATE----- +MIIEPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvzE/MD0GA1UEAww2VMOcUktUUlVTVCBF +bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEP +MA0GA1UEBwwGQW5rYXJhMV4wXAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUg +QmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgQXJhbMSxayAyMDA3MB4X +DTA3MTIyNTE4MzcxOVoXDTE3MTIyMjE4MzcxOVowgb8xPzA9BgNVBAMMNlTDnFJLVFJVU1QgRWxl +a3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTELMAkGA1UEBhMCVFIxDzAN +BgNVBAcMBkFua2FyYTFeMFwGA1UECgxVVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp +bGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7Fni4gKGMpIEFyYWzEsWsgMjAwNzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKu3PgqMyKVYFeaK7yc9SrToJdPNM8Ig3BnuiD9N +YvDdE3ePYakqtdTyuTFYKTsvP2qcb3N2Je40IIDu6rfwxArNK4aUyeNgsURSsloptJGXg9i3phQv +KUmi8wUG+7RP2qFsmmaf8EMJyupyj+sA1zU511YXRxcw9L6/P8JorzZAwan0qafoEGsIiveGHtya +KhUG9qPw9ODHFNRRf8+0222vR5YXm3dx2KdxnSQM9pQ/hTEST7ruToK4uT6PIzdezKKqdfcYbwnT +rqdUKDT74eA7YH2gvnmJhsifLfkKS8RQouf9eRbHegsYz85M733WB2+Y8a+xwXrXgTW4qhe04MsC +AwEAAaNCMEAwHQYDVR0OBBYEFCnFkKslrxHkYb+j/4hhkeYO/pyBMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAQDdr4Ouwo0RSVgrESLFF6QSU2TJ/s +Px+EnWVUXKgWAkD6bho3hO9ynYYKVZ1WKKxmLNA6VpM0ByWtCLCPyA8JWcqdmBzlVPi5RX9ql2+I +aE1KBiY3iAIOtsbWcpnOa3faYjGkVh+uX4132l32iPwa2Z61gfAyuOOI0JzzaqC5mxRZNTZPz/OO +Xl0XrRWV2N2y1RVuAE6zS89mlOTgzbUF2mNXi+WzqtvALhyQRNsaXRik7r4EW5nVcV9VZWRi1aKb +BFmGyGJ353yCRWo9F7/snXUMrqNvWtMvmDb08PUZqxFdyKbjKlhqQgnDvZImZjINXQhVdP+MmNAK +poRq0Tl9 +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe +Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE +LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD +ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA +BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv +KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z +p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC +AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ +4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y +eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw +MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G +PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw +OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm +2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV +dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph +X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 EV 2009 +================================= +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS +egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh +zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T +7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60 +sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35 +11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv +cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v +ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El +MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp +b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh +c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+ +PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX +ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA +NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv +w9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- + +PSCProcert +========== +-----BEGIN CERTIFICATE----- +MIIJhjCCB26gAwIBAgIBCzANBgkqhkiG9w0BAQsFADCCAR4xPjA8BgNVBAMTNUF1dG9yaWRhZCBk +ZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9sYW5vMQswCQYDVQQGEwJWRTEQ +MA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlzdHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lz +dGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBl +cmludGVuZGVuY2lhIGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUw +IwYJKoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyODE2NTEwMFoXDTIw +MTIyNTIzNTk1OVowgdExJjAkBgkqhkiG9w0BCQEWF2NvbnRhY3RvQHByb2NlcnQubmV0LnZlMQ8w +DQYDVQQHEwZDaGFjYW8xEDAOBgNVBAgTB01pcmFuZGExKjAoBgNVBAsTIVByb3ZlZWRvciBkZSBD +ZXJ0aWZpY2Fkb3MgUFJPQ0VSVDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZp +Y2FjaW9uIEVsZWN0cm9uaWNhMQswCQYDVQQGEwJWRTETMBEGA1UEAxMKUFNDUHJvY2VydDCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANW39KOUM6FGqVVhSQ2oh3NekS1wwQYalNo97BVC +wfWMrmoX8Yqt/ICV6oNEolt6Vc5Pp6XVurgfoCfAUFM+jbnADrgV3NZs+J74BCXfgI8Qhd19L3uA +3VcAZCP4bsm+lU/hdezgfl6VzbHvvnpC2Mks0+saGiKLt38GieU89RLAu9MLmV+QfI4tL3czkkoh +RqipCKzx9hEC2ZUWno0vluYC3XXCFCpa1sl9JcLB/KpnheLsvtF8PPqv1W7/U0HU9TI4seJfxPmO +EO8GqQKJ/+MMbpfg353bIdD0PghpbNjU5Db4g7ayNo+c7zo3Fn2/omnXO1ty0K+qP1xmk6wKImG2 +0qCZyFSTXai20b1dCl53lKItwIKOvMoDKjSuc/HUtQy9vmebVOvh+qBa7Dh+PsHMosdEMXXqP+UH +0quhJZb25uSgXTcYOWEAM11G1ADEtMo88aKjPvM6/2kwLkDd9p+cJsmWN63nOaK/6mnbVSKVUyqU +td+tFjiBdWbjxywbk5yqjKPK2Ww8F22c3HxT4CAnQzb5EuE8XL1mv6JpIzi4mWCZDlZTOpx+FIyw +Bm/xhnaQr/2v/pDGj59/i5IjnOcVdo/Vi5QTcmn7K2FjiO/mpF7moxdqWEfLcU8UC17IAggmosvp +r2uKGcfLFFb14dq12fy/czja+eevbqQ34gcnAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/ +AgEBMDcGA1UdEgQwMC6CD3N1c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAz +Ni0wMB0GA1UdDgQWBBRBDxk4qpl/Qguk1yeYVKIXTC1RVDCCAVAGA1UdIwSCAUcwggFDgBStuyId +xuDSAaj9dlBSk+2YwU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0b3JpZGFkIGRlIENlcnRp +ZmljYWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xhbm8xCzAJBgNVBAYTAlZFMRAwDgYDVQQH +EwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0cml0byBDYXBpdGFsMTYwNAYDVQQKEy1TaXN0ZW1hIE5h +Y2lvbmFsIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5k +ZW5jaWEgZGUgU2VydmljaW9zIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkqhkiG +9w0BCQEWFmFjcmFpekBzdXNjZXJ0ZS5nb2IudmWCAQowDgYDVR0PAQH/BAQDAgEGME0GA1UdEQRG +MESCDnByb2NlcnQubmV0LnZloBUGBWCGXgIBoAwMClBTQy0wMDAwMDKgGwYFYIZeAgKgEgwQUklG +LUotMzE2MzUzNzMtNzB2BgNVHR8EbzBtMEagRKBChkBodHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52 +ZS9sY3IvQ0VSVElGSUNBRE8tUkFJWi1TSEEzODRDUkxERVIuY3JsMCOgIaAfhh1sZGFwOi8vYWNy +YWl6LnN1c2NlcnRlLmdvYi52ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9v +Y3NwLnN1c2NlcnRlLmdvYi52ZTBBBgNVHSAEOjA4MDYGBmCGXgMBAjAsMCoGCCsGAQUFBwIBFh5o +dHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9kcGMwDQYJKoZIhvcNAQELBQADggIBACtZ6yKZu4Sq +T96QxtGGcSOeSwORR3C7wJJg7ODU523G0+1ng3dS1fLld6c2suNUvtm7CpsR72H0xpkzmfWvADmN +g7+mvTV+LFwxNG9s2/NkAZiqlCxB3RWGymspThbASfzXg0gTB1GEMVKIu4YXx2sviiCtxQuPcD4q +uxtxj7mkoP3YldmvWb8lK5jpY5MvYB7Eqvh39YtsL+1+LrVPQA3uvFd359m21D+VJzog1eWuq2w1 +n8GhHVnchIHuTQfiSLaeS5UtQbHh6N5+LwUeaO6/u5BlOsju6rEYNxxik6SgMexxbJHmpHmJWhSn +FFAFTKQAVzAswbVhltw+HoSvOULP5dAssSS830DD7X9jSr3hTxJkhpXzsOfIt+FTvZLm8wyWuevo +5pLtp4EJFAv8lXrPj9Y0TzYS3F7RNHXGRoAvlQSMx4bEqCaJqD8Zm4G7UaRKhqsLEQ+xrmNTbSjq +3TNWOByyrYDT13K9mmyZY+gAu0F2BbdbmRiKw7gSXFbPVgx96OLP7bx0R/vu0xdOIk9W/1DzLuY5 +poLWccret9W6aAjtmcz9opLLabid+Qqkpj5PkygqYWwHJgD/ll9ohri4zspV4KuxPX+Y1zMOWj3Y +eMLEYC/HYvBhkdI4sPaeVdtAgAUSM84dkpvRabP/v/GSCmE1P93+hvS84Bpxs2Km +-----END CERTIFICATE----- + +China Internet Network Information Center EV Certificates Root +============================================================== +-----BEGIN CERTIFICATE----- +MIID9zCCAt+gAwIBAgIESJ8AATANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCQ04xMjAwBgNV +BAoMKUNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyMUcwRQYDVQQDDD5D +aGluYSBJbnRlcm5ldCBOZXR3b3JrIEluZm9ybWF0aW9uIENlbnRlciBFViBDZXJ0aWZpY2F0ZXMg +Um9vdDAeFw0xMDA4MzEwNzExMjVaFw0zMDA4MzEwNzExMjVaMIGKMQswCQYDVQQGEwJDTjEyMDAG +A1UECgwpQ2hpbmEgSW50ZXJuZXQgTmV0d29yayBJbmZvcm1hdGlvbiBDZW50ZXIxRzBFBgNVBAMM +PkNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyIEVWIENlcnRpZmljYXRl +cyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm35z7r07eKpkQ0H1UN+U8i6y +jUqORlTSIRLIOTJCBumD1Z9S7eVnAztUwYyZmczpwA//DdmEEbK40ctb3B75aDFk4Zv6dOtouSCV +98YPjUesWgbdYavi7NifFy2cyjw1l1VxzUOFsUcW9SxTgHbP0wBkvUCZ3czY28Sf1hNfQYOL+Q2H +klY0bBoQCxfVWhyXWIQ8hBouXJE0bhlffxdpxWXvayHG1VA6v2G5BY3vbzQ6sm8UY78WO5upKv23 +KzhmBsUs4qpnHkWnjQRmQvaPK++IIGmPMowUc9orhpFjIpryp9vOiYurXccUwVswah+xt54ugQEC +7c+WXmPbqOY4twIDAQABo2MwYTAfBgNVHSMEGDAWgBR8cks5x8DbYqVPm6oYNJKiyoOCWTAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUfHJLOcfA22KlT5uqGDSSosqD +glkwDQYJKoZIhvcNAQEFBQADggEBACrDx0M3j92tpLIM7twUbY8opJhJywyA6vPtI2Z1fcXTIWd5 +0XPFtQO3WKwMVC/GVhMPMdoG52U7HW8228gd+f2ABsqjPWYWqJ1MFn3AlUa1UeTiH9fqBk1jjZaM +7+czV0I664zBechNdn3e9rG3geCg+aF4RhcaVpjwTj2rHO3sOdwHSPdj/gauwqRcalsyiMXHM4Ws +ZkJHwlgkmeHlPuV1LI5D1l08eB6olYIpUNHRFrrvwb562bTYzB5MRuF3sTGrvSrIzo9uoV1/A3U0 +5K2JRVRevq4opbs/eHnrc7MKDf2+yfdWrPa37S+bISnHOLaVxATywy39FCqQmbkHzJ8= +-----END CERTIFICATE----- + +Swisscom Root CA 2 +================== +-----BEGIN CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQG +EwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy +dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2 +MjUwNzM4MTRaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln +aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIIC +IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvErjw0DzpPM +LgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r0rk0X2s682Q2zsKwzxNo +ysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJ +wDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVPACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpH +Wrumnf2U5NGKpV+GY3aFy6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1a +SgJA/MTAtukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL6yxS +NLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0uPoTXGiTOmekl9Ab +mbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrALacywlKinh/LTSlDcX3KwFnUey7QY +Ypqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velhk6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3 +qPyZ7iVNTA6z00yPhOgpD/0QVAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw +HQYDVR0hBBYwFDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O +BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqhb97iEoHF8Twu +MA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4RfbgZPnm3qKhyN2abGu2sEzsO +v2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ +82YqZh6NM4OKb3xuqFp1mrjX2lhIREeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLz +o9v/tdhZsnPdTSpxsrpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcs +a0vvaGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciATwoCqISxx +OQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99nBjx8Oto0QuFmtEYE3saW +mA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5Wt6NlUe07qxS/TFED6F+KBZvuim6c779o ++sjaC+NCydAXFJy3SuCvkychVSa1ZC+N8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TC +rvJcwhbtkj6EPnNgiLx29CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX +5OfNeOI5wSsSnqaeG8XmDtkx2Q== +-----END CERTIFICATE----- + +Swisscom Root EV CA 2 +===================== +-----BEGIN CERTIFICATE----- +MIIF4DCCA8igAwIBAgIRAPL6ZOJ0Y9ON/RAdBB92ylgwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UE +BhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdpdGFsIENlcnRpZmljYXRlIFNl +cnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290IEVWIENBIDIwHhcNMTEwNjI0MDk0NTA4WhcN +MzEwNjI1MDg0NTA4WjBnMQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsT +HERpZ2l0YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxHjAcBgNVBAMTFVN3aXNzY29tIFJvb3QgRVYg +Q0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMT3HS9X6lds93BdY7BxUglgRCgz +o3pOCvrY6myLURYaVa5UJsTMRQdBTxB5f3HSek4/OE6zAMaVylvNwSqD1ycfMQ4jFrclyxy0uYAy +Xhqdk/HoPGAsp15XGVhRXrwsVgu42O+LgrQ8uMIkqBPHoCE2G3pXKSinLr9xJZDzRINpUKTk4Rti +GZQJo/PDvO/0vezbE53PnUgJUmfANykRHvvSEaeFGHR55E+FFOtSN+KxRdjMDUN/rhPSays/p8Li +qG12W0OfvrSdsyaGOx9/5fLoZigWJdBLlzin5M8J0TbDC77aO0RYjb7xnglrPvMyxyuHxuxenPaH +Za0zKcQvidm5y8kDnftslFGXEBuGCxobP/YCfnvUxVFkKJ3106yDgYjTdLRZncHrYTNaRdHLOdAG +alNgHa/2+2m8atwBz735j9m9W8E6X47aD0upm50qKGsaCnw8qyIL5XctcfaCNYGu+HuB5ur+rPQa +m3Rc6I8k9l2dRsQs0h4rIWqDJ2dVSqTjyDKXZpBy2uPUZC5f46Fq9mDU5zXNysRojddxyNMkM3Ox +bPlq4SjbX8Y96L5V5jcb7STZDxmPX2MYWFCBUWVv8p9+agTnNCRxunZLWB4ZvRVgRaoMEkABnRDi +xzgHcgplwLa7JSnaFp6LNYth7eVxV4O1PHGf40+/fh6Bn0GXAgMBAAGjgYYwgYMwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdIQQWMBQwEgYHYIV0AVMCAgYHYIV0AVMCAjASBgNVHRMBAf8ECDAGAQH/AgED +MB0GA1UdDgQWBBRF2aWBbj2ITY1x0kbBbkUe88SAnTAfBgNVHSMEGDAWgBRF2aWBbj2ITY1x0kbB +bkUe88SAnTANBgkqhkiG9w0BAQsFAAOCAgEAlDpzBp9SSzBc1P6xXCX5145v9Ydkn+0UjrgEjihL +j6p7jjm02Vj2e6E1CqGdivdj5eu9OYLU43otb98TPLr+flaYC/NUn81ETm484T4VvwYmneTwkLbU +wp4wLh/vx3rEUMfqe9pQy3omywC0Wqu1kx+AiYQElY2NfwmTv9SoqORjbdlk5LgpWgi/UOGED1V7 +XwgiG/W9mR4U9s70WBCCswo9GcG/W6uqmdjyMb3lOGbcWAXH7WMaLgqXfIeTK7KK4/HsGOV1timH +59yLGn602MnTihdsfSlEvoqq9X46Lmgxk7lq2prg2+kupYTNHAq4Sgj5nPFhJpiTt3tm7JFe3VE/ +23MPrQRYCd0EApUKPtN236YQHoA96M2kZNEzx5LH4k5E4wnJTsJdhw4Snr8PyQUQ3nqjsTzyP6Wq +J3mtMX0f/fwZacXduT98zca0wjAefm6S139hdlqP65VNvBFuIXxZN5nQBrz5Bm0yFqXZaajh3DyA +HmBR3NdUIR7KYndP+tiPsys6DXhyyWhBWkdKwqPrGtcKqzwyVcgKEZzfdNbwQBUdyLmPtTbFr/gi +uMod89a2GQ+fYWVq6nTIfI/DT11lgh/ZDYnadXL77/FHZxOzyNEZiCcmmpl5fx7kLD977vHeTYuW +l8PVP3wbI+2ksx0WckNLIOFZfsLorSa/ovc= +-----END CERTIFICATE----- + +CA Disig Root R1 +================ +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAlNLMRMw +EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp +ZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQyMDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sx +EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp +c2lnIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy +3QRkD2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/oOI7bm+V8 +u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3AfQ+lekLZWnDZv6fXARz2 +m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJeIgpFy4QxTaz+29FHuvlglzmxZcfe+5nk +CiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8noc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTa +YVKvJrT1cU/J19IG32PK/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6 +vpmumwKjrckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD3AjL +LhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE7cderVC6xkGbrPAX +ZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkCyC2fg69naQanMVXVz0tv/wQFx1is +XxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLdqvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ +04IwDQYJKoZIhvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR +xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaASfX8MPWbTx9B +LxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXoHqJPYNcHKfyyo6SdbhWSVhlM +CrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpBemOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5Gfb +VSUZP/3oNn6z4eGBrxEWi1CXYBmCAMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85 +YmLLW1AL14FABZyb7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKS +ds+xDzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvkF7mGnjix +lAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqFa3qdnom2piiZk4hA9z7N +UaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsTQ6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJ +a7+h89n07eLw4+1knj0vllJPgFOL +-----END CERTIFICATE----- + +CA Disig Root R2 +================ +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw +EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp +ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx +EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp +c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC +w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia +xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7 +A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S +GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV +g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa +5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE +koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A +Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i +Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u +Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV +sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je +dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8 +1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx +mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01 +utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0 +sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg +UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV +7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- + +ACCVRAIZ1 +========= +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB +SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1 +MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH +UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM +jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0 +RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD +aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ +0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG +WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7 +8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR +5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J +9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK +Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw +Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu +Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM +Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA +QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh +AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA +YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj +AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA +IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk +aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0 +dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2 +MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI +hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E +R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN +YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49 +nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ +TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3 +sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg +Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd +3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p +EfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- + +TWCA Global Root CA +=================== +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT +CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD +QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK +EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C +nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV +r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR +Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV +tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W +KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99 +sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p +yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn +kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI +zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g +cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M +8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg +/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg +lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP +A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m +i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8 +EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3 +zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0= +-----END CERTIFICATE----- + +TeliaSonera Root CA v1 +====================== +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE +CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4 +MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW +VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+ +6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA +3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k +B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn +Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH +oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3 +F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ +oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7 +gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc +TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB +AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW +DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm +zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW +pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV +G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc +c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT +JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2 +qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6 +Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems +WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- + +E-Tugra Certification Authority +=============================== +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w +DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls +ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw +NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx +QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl +cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD +DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd +hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K +CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g +ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ +BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0 +E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz +rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq +jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5 +dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB +/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK +kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO +XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807 +VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo +a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc +dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV +KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT +Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0 +8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G +C7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 2 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx +MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ +SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F +vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970 +2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV +WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy +YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4 +r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf +vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR +3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg== +-----END CERTIFICATE----- + +Atos TrustedRoot 2011 +===================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU +cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4 +MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG +A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV +hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr +54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+ +DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320 +HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR +z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R +l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ +bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h +k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh +TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9 +61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G +3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- diff --git a/auth-cas/cas.php b/auth-cas/cas.php new file mode 100644 index 00000000..f0f68e33 --- /dev/null +++ b/auth-cas/cas.php @@ -0,0 +1,156 @@ +config = $config; + } + + function triggerAuth() { + $self = $this; + phpCAS::client(CAS_VERSION_2_0, $this->config->get('cas-hostname'), + intval($this->config->get('cas-port')), $this->config->get('cas-context') + ); + phpCAS::setNoCasServerValidation(); + phpCAS::setCasServerCACert(dirname(__file__).'cacert.pem'); + if(!phpCAS::isAuthenticated()) { + phpCAS::forceAuthentication(); + } else { + $this->setUser(); + $this->setEmail(); + $this->setName(); + } + } + + function setUser() { + $_SESSION[':cas']['user'] = phpCAS::getUser(); + } + + function getUser() { + return $_SESSION[':cas']['user']; + } + + function setEmail() { + if($this->config->get('cas-email-attribute-key') !== null + && phpCAS::hasAttribute($this->config->get('cas-email-attribute-key'))) { + $_SESSION[':cas']['email'] = phpCAS::getAttribute($this->config->get('cas-email-attribute-key')); + } else { + $email = $this->getUser(); + if($this->config->get('cas-at-domain') !== null) { + $email .= $this->config->get('cas-at-domain'); + } + $_SESSION[':cas']['email'] = $email; + } + } + + function getEmail() { + return $_SESSION[':cas']['email']; + } + + function setName() { + if($this->config->get('cas-name-attribute-key') !== null + && phpCAS::hasAttribute($this->config->get('cas-name-attribute-key'))) { + $_SESSION[':cas']['name'] = phpCAS::getAttribute($this->config->get('cas-name-attribute-key')); + } else { + $_SESSION[':cas']['name'] = $this->getUser(); + } + } + + function getName() { + return $_SESSION[':cas']['name']; + } + + function getProfile() { + return array( + 'email' => $this->getEmail(), + 'name' => $this->getName() + ); + } +} + +class CasStaffAuthBackend extends ExternalStaffAuthenticationBackend { + static $id = "cas"; + static $name = "CAS"; + + //static $sign_in_image_url = "https://developers.google.com/+/images/branding/sign-in-buttons/White-signin_Long_base_44dp.png"; + static $service_name = "CAS"; + + var $config; + + function __construct($config) { + $this->config = $config; + $this->cas = new CasAuth($config); + } + + function signOn() { + // TODO: Check session for auth token + if (isset($_SESSION[':cas']['user'])) { + if (($staff = new StaffSession($this->cas->getEmail())) + && $staff->getId()) + return $staff; + + else + $_SESSION['_staff']['auth']['msg'] = 'Have your administrator create a local account'; + } + } + + static function signOut($user) { + parent::signOut($user); + unset($_SESSION[':cas']); + } + + + function triggerAuth() { + parent::triggerAuth(); + $cas = $this->cas->triggerAuth(); + Http::redirect(ROOT_PATH . 'scp'); + } +} + +class CasClientAuthBackend extends ExternalUserAuthenticationBackend { + static $id = "cas.client"; + static $name = "CAS"; + + //static $sign_in_image_url = "https://developers.google.com/+/images/branding/sign-in-buttons/Red-signin_Long_base_44dp.png"; + static $service_name = "CAS"; + + function __construct($config) { + $this->config = $config; + $this->cas = new CasAuth($config); + } + + function supportsInteractiveAuthentication() { + return false; + } + + function signOn() { + if (isset($_SESSION[':cas']['user'])) { + if (($acct = ClientAccount::lookupByUsername($this->cas->getEmail())) + && $acct->getId() + && ($client = new ClientSession(new EndUser($acct->getUser())))) + return $client; + + else { + var_dump($this->cas->getProfile()); + return new ClientCreateRequest($this, $this->cas->getEmail(), $this->cas->getProfile()); + } + } + } + + static function signOut($user) { + parent::signOut($user); + unset($_SESSION[':cas']); + } + + function triggerAuth() { + parent::triggerAuth(); + $cas = $this->cas->triggerAuth(); + Http::redirect(ROOT_PATH . 'login.php'); + } +} + + diff --git a/auth-cas/config.php b/auth-cas/config.php new file mode 100644 index 00000000..92a93020 --- /dev/null +++ b/auth-cas/config.php @@ -0,0 +1,47 @@ + 'Authenticate', + 'choices' => array( + '0' => 'Disabled', + 'staff' => 'Agents Only', + 'client' => 'Clients Only', + 'all' => 'Agents and Clients', + ), + )); + return array( + 'cas' => new SectionBreakField(array( + 'label' => 'CAS Authentication', + )), + 'cas-hostname' => new TextboxField(array( + 'label' => 'CAS Server Hostname', + 'configuration' => array('size'=>60, 'length'=>100), + )), + 'cas-port' => new TextboxField(array( + 'label' => 'CAS Server Port', + 'configuration' => array('size'=>10, 'length'=>8), + )), + 'cas-context' => new TextboxField(array( + 'label' => 'CAS Server Context', + 'configuration' => array('size'=>60, 'length'=>100), + )), + 'cas-at-domain' => new TextboxField(array( + 'label' => 'CAS e-mail suffix (ex. @domain.tld)', + 'configuration' => array('size'=>60, 'length'=>100), + )), + 'cas-name-attribute-key' => new TextboxField(array( + 'label' => 'CAS name attribute key', + 'configuration' => array('size'=>60, 'length'=>100), + )), + 'cas-email-attribute-key' => new TextboxField(array( + 'label' => 'CAS email attribute key', + 'configuration' => array('size'=>60, 'length'=>100), + )), + 'cas-enabled' => clone $modes, + ); + } +} diff --git a/auth-cas/plugin.php b/auth-cas/plugin.php new file mode 100644 index 00000000..89004580 --- /dev/null +++ b/auth-cas/plugin.php @@ -0,0 +1,22 @@ + 'auth:cas', # notrans + 'version' => '0.1', + 'name' => 'JASIG CAS Authentication', + 'author' => 'Kevin O\'Connor', + 'description' => 'Provides a configurable authentication backend + for authenticating staff and clients using anJASIG CAS interface.', + 'url' => 'http://www.osticket.com/plugins/auth/cas', + 'plugin' => 'authentication.php:CasAuthPlugin', + 'requires' => array( + "jasig/phpcas" => array( + "version" => "dev-master", + "map" => array( + "jasig/phpcas/source" => 'lib', + ) + ), + ), +); + +?> From 23cbd797a44ab6fbd97c7a5ddbed1309ef3eeaa5 Mon Sep 17 00:00:00 2001 From: Kevin O'Connor Date: Wed, 28 May 2014 00:25:40 -0400 Subject: [PATCH 047/160] Improve include location --- auth-cas/authentication.php | 1 - auth-cas/cas.php | 5 +---- auth-cas/plugin.php | 2 +- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/auth-cas/authentication.php b/auth-cas/authentication.php index f3a2c722..fa8e76ac 100644 --- a/auth-cas/authentication.php +++ b/auth-cas/authentication.php @@ -9,7 +9,6 @@ class CasAuthPlugin extends Plugin { function bootstrap() { $config = $this->getConfig(); - # ----- Google Plus --------------------- $enabled = $config->get('cas-enabled'); if (in_array($enabled, array('all', 'staff'))) { require_once('cas.php'); diff --git a/auth-cas/cas.php b/auth-cas/cas.php index f0f68e33..52fa0a64 100644 --- a/auth-cas/cas.php +++ b/auth-cas/cas.php @@ -1,6 +1,6 @@ cas->getEmail())) && $staff->getId()) @@ -115,7 +113,6 @@ class CasClientAuthBackend extends ExternalUserAuthenticationBackend { static $id = "cas.client"; static $name = "CAS"; - //static $sign_in_image_url = "https://developers.google.com/+/images/branding/sign-in-buttons/Red-signin_Long_base_44dp.png"; static $service_name = "CAS"; function __construct($config) { diff --git a/auth-cas/plugin.php b/auth-cas/plugin.php index 89004580..527e2aef 100644 --- a/auth-cas/plugin.php +++ b/auth-cas/plugin.php @@ -13,7 +13,7 @@ "jasig/phpcas" => array( "version" => "dev-master", "map" => array( - "jasig/phpcas/source" => 'lib', + "jasig/phpcas/source" => 'lib/jasig/phpcas', ) ), ), From 75743dc0b283fe332d17b8cea8fce52e735aec42 Mon Sep 17 00:00:00 2001 From: Kevin O'Connor Date: Thu, 29 May 2014 23:09:21 -0400 Subject: [PATCH 048/160] Add support for customizable CA files - Providing no CA file path implies no verification will be used - An absolute path to a CA cert can no be provided - Resolved a bug with case-sensitive loading from PHAR --- auth-cas/cacert.pem | 3866 ------------------------------------------- auth-cas/cas.php | 10 +- auth-cas/config.php | 4 + 3 files changed, 10 insertions(+), 3870 deletions(-) delete mode 100644 auth-cas/cacert.pem diff --git a/auth-cas/cacert.pem b/auth-cas/cacert.pem deleted file mode 100644 index 9794dfb7..00000000 --- a/auth-cas/cacert.pem +++ /dev/null @@ -1,3866 +0,0 @@ -## -## ca-bundle.crt -- Bundle of CA Root Certificates -## -## Certificate data from Mozilla as of: Tue Apr 22 08:29:31 2014 -## -## This is a bundle of X.509 certificates of public Certificate Authorities -## (CA). These were automatically extracted from Mozilla's root certificates -## file (certdata.txt). This file can be found in the mozilla source tree: -## http://mxr.mozilla.org/mozilla-release/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1 -## -## It contains the certificates in PEM format and therefore -## can be directly used with curl / libcurl / php_curl, or with -## an Apache+mod_ssl webserver for SSL client authentication. -## Just configure this file as the SSLCACertificateFile. -## - - -GTE CyberTrust Global Root -========================== ------BEGIN CERTIFICATE----- -MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUg -Q29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5jLjEjMCEG -A1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEz -MjM1OTAwWjB1MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQL -Ex5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0 -IEdsb2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrHiM3dFw4u -sJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTSr41tiGeA5u2ylc9yMcql -HHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X404Wqk2kmhXBIgD8SFcd5tB8FLztimQID -AQABMA0GCSqGSIb3DQEBBAUAA4GBAG3rGwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMW -M4ETCJ57NE7fQMh017l93PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OF -NMQkpw0PlZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ ------END CERTIFICATE----- - -Thawte Server CA -================ ------BEGIN CERTIFICATE----- -MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT -DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3Vs -dGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UE -AxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5j -b20wHhcNOTYwODAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNV -BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29u -c3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcG -A1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0 -ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl -/Kj0R1HahbUgdJSGHg91yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg7 -1CcEJRCXL+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGjEzAR -MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG7oWDTSEwjsrZqG9J -GubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6eQNuozDJ0uW8NxuOzRAvZim+aKZuZ -GCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZqdq5snUb9kLy78fyGPmJvKP/iiMucEc= ------END CERTIFICATE----- - -Thawte Premium Server CA -======================== ------BEGIN CERTIFICATE----- -MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkExFTATBgNVBAgT -DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3Vs -dGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UE -AxMYVGhhd3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZl -ckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYT -AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU -VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2 -aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3DQEJARYZ -cHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2 -aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIh -Udib0GfQug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMRuHM/ -qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAm -SCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUIhfzJATj/Tb7yFkJD57taRvvBxhEf -8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JMpAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7t -UCemDaYj+bvLpgcUQg== ------END CERTIFICATE----- - -Equifax Secure CA -================= ------BEGIN CERTIFICATE----- -MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE -ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 -MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT -B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB -nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR -fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW -8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG -A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE -CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG -A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS -spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB -Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961 -zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB -BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95 -70+sB3c4 ------END CERTIFICATE----- - -Verisign Class 3 Public Primary Certification Authority -======================================================= ------BEGIN CERTIFICATE----- -MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMx -FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5 -IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVow -XzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAz -IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94 -f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Ol -hec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBALtMEivPLCYA -TxQT3ab7/AoRhIzzKBxnki98tsX63/Dolbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59Ah -WM1pF+NEHJwZRDmJXNycAA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2Omuf -Tqj/ZA1k ------END CERTIFICATE----- - -Verisign Class 3 Public Primary Certification Authority - G2 -============================================================ ------BEGIN CERTIFICATE----- -MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYTAlVT -MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFy -eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2ln -biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz -dCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVT -MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFy -eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2ln -biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz -dCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCO -FoUgRm1HP9SFIIThbbP4pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71 -lSk8UOg013gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwIDAQAB -MA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSkU01UbSuvDV1Ai2TT -1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7iF6YM40AIOw7n60RzKprxaZLvcRTD -Oaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpYoJ2daZH9 ------END CERTIFICATE----- - -GlobalSign Root CA -================== ------BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx -GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds -b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV -BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD -VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa -DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc -THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb -Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP -c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX -gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF -AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj -Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG -j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH -hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC -X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== ------END CERTIFICATE----- - -GlobalSign Root CA - R2 -======================= ------BEGIN CERTIFICATE----- -MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4GA1UECxMXR2xv -YmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh -bFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT -aWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln -bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6 -ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozp -s6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjN -S7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CL -TfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6C -ygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E -FgQUm+IHV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9i -YWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjAN -BgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp -9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu -01yiPqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7 -9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 -TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== ------END CERTIFICATE----- - -ValiCert Class 1 VA -=================== ------BEGIN CERTIFICATE----- -MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRp -b24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs -YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZh -bGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIy -MjM0OFoXDTE5MDYyNTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0 -d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEg -UG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0 -LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9YLqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIi -GQj4/xEjm84H9b9pGib+TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCm -DuJWBQ8YTfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0LBwG -lN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLWI8sogTLDAHkY7FkX -icnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPwnXS3qT6gpf+2SQMT2iLM7XGCK5nP -Orf1LXLI ------END CERTIFICATE----- - -ValiCert Class 2 VA -=================== ------BEGIN CERTIFICATE----- -MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRp -b24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs -YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZh -bGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAw -MTk1NFoXDTE5MDYyNjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0 -d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIg -UG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0 -LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQDOOnHK5avIWZJV16vYdA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVC -CSRrCl6zfN1SLUzm1NZ9WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7Rf -ZHM047QSv4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9vUJSZ -SWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTuIYEZoDJJKPTEjlbV -UjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwCW/POuZ6lcg5Ktz885hZo+L7tdEy8 -W9ViH0Pd ------END CERTIFICATE----- - -RSA Root Certificate 1 -====================== ------BEGIN CERTIFICATE----- -MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRp -b24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs -YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZh -bGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAw -MjIzM1oXDTE5MDYyNjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0 -d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMg -UG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0 -LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQDjmFGWHOjVsQaBalfDcnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td -3zZxFJmP3MKS8edgkpfs2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89H -BFx1cQqYJJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliEZwgs -3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJn0WuPIqpsHEzXcjF -V9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/APhmcGcwTTYJBtYze4D1gCCAPRX5r -on+jjBXu ------END CERTIFICATE----- - -Verisign Class 3 Public Primary Certification Authority - G3 -============================================================ ------BEGIN CERTIFICATE----- -MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV -UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv -cmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl -IG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy -dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhv -cml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkg -Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAMu6nFL8eB8aHm8bN3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1 -EUGO+i2tKmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGukxUc -cLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBmCC+Vk7+qRy+oRpfw -EuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJXwzw3sJ2zq/3avL6QaaiMxTJ5Xpj -055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWuimi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA -ERSWwauSCPc/L8my/uRan2Te2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5f -j267Cz3qWhMeDGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC -/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565pF4ErWjfJXir0 -xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGtTxzhT5yvDwyd93gN2PQ1VoDa -t20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== ------END CERTIFICATE----- - -Verisign Class 4 Public Primary Certification Authority - G3 -============================================================ ------BEGIN CERTIFICATE----- -MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV -UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv -cmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl -IG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy -dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhv -cml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDQgUHVibGljIFByaW1hcnkg -Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAK3LpRFpxlmr8Y+1GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaS -tBO3IFsJ+mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0GbdU6LM -8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLmNxdLMEYH5IBtptiW -Lugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XYufTsgsbSPZUd5cBPhMnZo0QoBmrX -Razwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA -j/ola09b5KROJ1WrIhVZPMq1CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXtt -mhwwjIDLk5Mqg6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm -fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c2NU8Qh0XwRJd -RTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/bLvSHgCwIe34QWKCudiyxLtG -UPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg== ------END CERTIFICATE----- - -Entrust.net Secure Server CA -============================ ------BEGIN CERTIFICATE----- -MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMCVVMxFDASBgNV -BAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5uZXQvQ1BTIGluY29ycC4gYnkg -cmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRl -ZDE6MDgGA1UEAxMxRW50cnVzdC5uZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eTAeFw05OTA1MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIG -A1UEChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBi -eSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1p -dGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQ -aO2f55M28Qpku0f1BBc/I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5 -gXpa0zf3wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OCAdcw -ggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHboIHYpIHVMIHSMQsw -CQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5l -dC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF -bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENl -cnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu -dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0MFqBDzIwMTkw -NTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX8+1i0Bow -HQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAaMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EA -BAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyN -Ewr75Ji174z4xRAN95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9 -n9cd2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI= ------END CERTIFICATE----- - -Entrust.net Premium 2048 Secure Server CA -========================================= ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u -ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp -bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV -BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx -NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3 -d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl -MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u -ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL -Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr -hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW -nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi -VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ -KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy -T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf -zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT -J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e -nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE= ------END CERTIFICATE----- - -Baltimore CyberTrust Root -========================= ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE -ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li -ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC -SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs -dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME -uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB -UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C -G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9 -XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr -l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI -VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB -BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh -cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5 -hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa -Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H -RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp ------END CERTIFICATE----- - -Equifax Secure Global eBusiness CA -================================== ------BEGIN CERTIFICATE----- -MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT -RXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBTZWN1cmUgR2xvYmFsIGVCdXNp -bmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIwMDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMx -HDAaBgNVBAoTE0VxdWlmYXggU2VjdXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEds -b2JhbCBlQnVzaW5lc3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRV -PEnCUdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc58O/gGzN -qfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/o5brhTMhHD4ePmBudpxn -hcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAHMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j -BBgwFoAUvqigdHJQa0S3ySPY+6j/s1draGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hs -MA0GCSqGSIb3DQEBBAUAA4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okEN -I7SS+RkAZ70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv8qIY -NMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV ------END CERTIFICATE----- - -Equifax Secure eBusiness CA 1 -============================= ------BEGIN CERTIFICATE----- -MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT -RXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNzIENB -LTEwHhcNOTkwNjIxMDQwMDAwWhcNMjAwNjIxMDQwMDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UE -ChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNz -IENBLTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fek6lfWg0XTzQaDJj0ItlZ -1MRoRvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5/VGcqiTZ9J2DKocKIdMSODRsjQBuWqDZQu4a -IZX5UkxVWsUPOE9G+m34LjXWHXzr4vCwdYDIqROsvojvOm6rXyo4YgKwEnv+j6YDAgMBAAGjZjBk -MBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEp4MlIR21kW -Nl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRKeDJSEdtZFjZe38EUNkBqR3xMoTANBgkqhkiG9w0BAQQF -AAOBgQB1W6ibAxHm6VZMzfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5 -lSE/9dR+WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN/Bf+ -KpYrtWKmpj29f5JZzVoqgrI3eQ== ------END CERTIFICATE----- - -AddTrust Low-Value Services Root -================================ ------BEGIN CERTIFICATE----- -MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRU -cnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQsw -CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBO -ZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ulCDtbKRY6 -54eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0/7Gcrjyvd7ZWxbWr -oulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1 -Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJui -GMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8w -HQYDVR0OBBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTAD -AQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBlMQswCQYDVQQGEwJT -RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEw -HwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxt -ZBsfzQ3duQH6lmM0MkhHma6X7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0Ph -iVYrqW9yTkkz43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY -eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJlpz/+0WatC7xr -mYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vj -ccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= ------END CERTIFICATE----- - -AddTrust External Root -====================== ------BEGIN CERTIFICATE----- -MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYD -VQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEw -NDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRU -cnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0Eg -Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821 -+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfw -Tz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmo -aSYYkKtMsE8jqzpPhNjfzp/haW+710LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy -2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv7 -7+ldU9U0WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0P -BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTL -VBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRk -VHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENB -IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl -j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 -6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4TDea9Y355 -e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4u -G+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= ------END CERTIFICATE----- - -AddTrust Public Services Root -============================= ------BEGIN CERTIFICATE----- -MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSAwHgYDVQQDExdBZGRU -cnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAxMDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJ -BgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5l -dHdvcmsxIDAeBgNVBAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV6tsfSlbu -nyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nXGCwwfQ56HmIexkvA/X1i -d9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnPdzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSG -Aa2Il+tmzV7R/9x98oTaunet3IAIx6eH1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAw -HM+A+WD+eeSI8t0A65RF62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0G -A1UdDgQWBBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDELMAkGA1UEBhMCU0Ux -FDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29yazEgMB4G -A1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4 -JNojVhaTdt02KLmuG7jD8WS6IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL -+YPoRNWyQSW/iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao -GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh4SINhwBk/ox9 -Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQmXiLsks3/QppEIW1cxeMiHV9H -EufOX1362KqxMy3ZdvJOOjMMK7MtkAY= ------END CERTIFICATE----- - -AddTrust Qualified Certificates Root -==================================== ------BEGIN CERTIFICATE----- -MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSMwIQYDVQQDExpBZGRU -cnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcx -CzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQ -IE5ldHdvcmsxIzAhBgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx -64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3 -KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1tUvznoD1o -L/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GR -wVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HU -MIHRMB0GA1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6FrpGkwZzELMAkGA1UE -BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29y -azEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlmaWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQAD -ggEBABmrder4i2VhlRO6aQTvhsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxG -GuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X -dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3P6CxB9bpT9ze -RXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDB -iFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5noxqE= ------END CERTIFICATE----- - -Entrust Root Certification Authority -==================================== ------BEGIN CERTIFICATE----- -MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV -BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw -b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG -A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0 -MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu -MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu -Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v -dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz -A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww -Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68 -j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN -rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw -DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1 -MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH -hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA -A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM -Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa -v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS -W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0 -tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8 ------END CERTIFICATE----- - -RSA Security 2048 v3 -==================== ------BEGIN CERTIFICATE----- -MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6MRkwFwYDVQQK -ExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJpdHkgMjA0OCBWMzAeFw0wMTAy -MjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAXBgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAb -BgNVBAsTFFJTQSBTZWN1cml0eSAyMDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEAt49VcdKA3XtpeafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7 -Jylg/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGlwSMiuLgb -WhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnhAMFRD0xS+ARaqn1y07iH -KrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP -+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpuAWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/ -MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4E -FgQUB8NRMKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYcHnmY -v/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/Zb5gEydxiKRz44Rj -0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+f00/FGj1EVDVwfSQpQgdMWD/YIwj -VAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVOrSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395 -nzIlQnQFgCi/vcEkllgVsRch6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kA -pKnXwiJPZ9d37CAFYd4= ------END CERTIFICATE----- - -GeoTrust Global CA -================== ------BEGIN CERTIFICATE----- -MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK -Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQw -MDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j -LjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjo -BbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet -8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+Vc -T4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagU -vTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVk -DBF9qn1luMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57Q -zxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4 -d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2 -mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6p -XE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm -Mw== ------END CERTIFICATE----- - -GeoTrust Global CA 2 -==================== ------BEGIN CERTIFICATE----- -MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN -R2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwHhcNMDQwMzA0MDUw -MDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j -LjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDvPE1APRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/ -NTL8Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hLTytCOb1k -LUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL5mkWRxHCJ1kDs6ZgwiFA -Vvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7S4wMcoKK+xfNAGw6EzywhIdLFnopsk/b -HdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNH -K266ZUapEBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6tdEPx7 -srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv/NgdRN3ggX+d6Yvh -ZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywNA0ZF66D0f0hExghAzN4bcLUprbqL -OzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkC -x1YAzUm5s2x7UwQa4qjJqhIFI8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqF -H4z1Ir+rzoPz4iIprn2DQKi6bA== ------END CERTIFICATE----- - -GeoTrust Universal CA -===================== ------BEGIN CERTIFICATE----- -MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN -R2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVyc2FsIENBMB4XDTA0MDMwNDA1 -MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu -Yy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBAKYVVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9t -JPi8cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTTQjOgNB0e -RXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFhF7em6fgemdtzbvQKoiFs -7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2vc7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d -8Lsrlh/eezJS/R27tQahsiFepdaVaH/wmZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7V -qnJNk22CDtucvc+081xdVHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3Cga -Rr0BHdCXteGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZf9hB -Z3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfReBi9Fi1jUIxaS5BZu -KGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+nhutxx9z3SxPGWX9f5NAEC7S8O08 -ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0 -XG0D08DYj3rWMB8GA1UdIwQYMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIB -hjANBgkqhkiG9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc -aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fXIwjhmF7DWgh2 -qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzynANXH/KttgCJwpQzgXQQpAvvL -oJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0zuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsK -xr2EoyNB3tZ3b4XUhRxQ4K5RirqNPnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxF -KyDuSN/n3QmOGKjaQI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2 -DFKWkoRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9ER/frslK -xfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQtDF4JbAiXfKM9fJP/P6EU -p8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6ZKy7PtXny3YuxadIwVyQD8vI -P/rmMuGNG2+k5o7Y+SlIis5z/iw= ------END CERTIFICATE----- - -GeoTrust Universal CA 2 -======================= ------BEGIN CERTIFICATE----- -MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN -R2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwHhcNMDQwMzA0 -MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg -SW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0 -DE81WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUGFF+3Qs17 -j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdqXbboW0W63MOhBW9Wjo8Q -JqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxLse4YuU6W3Nx2/zu+z18DwPw76L5GG//a -QMJS9/7jOvdqdzXQ2o3rXhhqMcceujwbKNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2 -WP0+GfPtDCapkzj4T8FdIgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP -20gaXT73y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRthAAn -ZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgocQIgfksILAAX/8sgC -SqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4Lt1ZrtmhN79UNdxzMk+MBB4zsslG -8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2 -+/CfXGJx7Tz0RzgQKzAfBgNVHSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8E -BAMCAYYwDQYJKoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z -dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQL1EuxBRa3ugZ -4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgrFg5fNuH8KrUwJM/gYwx7WBr+ -mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSoag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpq -A1Ihn0CoZ1Dy81of398j9tx4TuaYT1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpg -Y+RdM4kX2TGq2tbzGDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiP -pm8m1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJVOCiNUW7d -FGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH6aLcr34YEoP9VhdBLtUp -gn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSLakhT2+zNVVXxxvjpoixMptEm -X36vWkzaH6byHCx+rgIW0lbQL1dTR+iS ------END CERTIFICATE----- - -America Online Root Certification Authority 1 -============================================= ------BEGIN CERTIFICATE----- -MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT -QW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkG -A1UEBhMCVVMxHDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2Eg -T25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lkhsmj76CG -v2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym1BW32J/X3HGrfpq/m44z -DyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsWOqMFf6Dch9Wc/HKpoH145LcxVR5lu9Rh -sCFg7RAycsWSJR74kEoYeEfffjA3PlAb2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP -8c9GsEsPPt2IYriMqQkoO3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0T -AQH/BAUwAwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAUAK3Z -o/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQB8itEf -GDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkFZu90821fnZmv9ov761KyBZiibyrF -VL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAbLjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft -3OJvx8Fi8eNy1gTIdGcL+oiroQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43g -Kd8hdIaC2y+CMMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds -sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7 ------END CERTIFICATE----- - -America Online Root Certification Authority 2 -============================================= ------BEGIN CERTIFICATE----- -MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT -QW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkG -A1UEBhMCVVMxHDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2Eg -T25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC206B89en -fHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFciKtZHgVdEglZTvYYUAQv8 -f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2JxhP7JsowtS013wMPgwr38oE18aO6lhO -qKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JN -RvCAOVIyD+OEsnpD8l7eXz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0 -gBe4lL8BPeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67Xnfn -6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEqZ8A9W6Wa6897Gqid -FEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZo2C7HK2JNDJiuEMhBnIMoVxtRsX6 -Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3+L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnj -B453cMor9H124HhnAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3Op -aaEg5+31IqEjFNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE -AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmnxPBUlgtk87FY -T15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2LHo1YGwRgJfMqZJS5ivmae2p -+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzcccobGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXg -JXUjhx5c3LqdsKyzadsXg8n33gy8CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//Zoy -zH1kUQ7rVyZ2OuMeIjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgO -ZtMADjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2FAjgQ5ANh -1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUXOm/9riW99XJZZLF0Kjhf -GEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPbAZO1XB4Y3WRayhgoPmMEEf0cjQAPuDff -Z4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQlZvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuP -cX/9XhmgD0uRuMRUvAawRY8mkaKO/qk= ------END CERTIFICATE----- - -Visa eCommerce Root -=================== ------BEGIN CERTIFICATE----- -MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQG -EwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2Ug -QXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2 -WhcNMjIwNjI0MDAxNjEyWjBrMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMm -VmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv -bW1lcmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h2mCxlCfL -F9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4ElpF7sDPwsRROEW+1QK8b -RaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdVZqW1LS7YgFmypw23RuwhY/81q6UCzyr0 -TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI -/k4+oKsGGelT84ATB+0tvz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzs -GHxBvfaLdXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG -MB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUFAAOCAQEAX/FBfXxc -CLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcRzCSs00Rsca4BIGsDoo8Ytyk6feUW -YFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pz -zkWKsKZJ/0x9nXGIxHYdkFsd7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBu -YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt -398znM/jra6O1I7mT1GvFpLgXPYHDw== ------END CERTIFICATE----- - -Certum Root CA -============== ------BEGIN CERTIFICATE----- -MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQK -ExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQTAeFw0wMjA2MTExMDQ2Mzla -Fw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8u -by4xEjAQBgNVBAMTCUNlcnR1bSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6x -wS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdL -kKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ -89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/K -Uz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu/qpGWX7P -NSzVttpd90gzFFS269lvzs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkq -hkiG9w0BAQUFAAOCAQEAuI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+ -GXYkHAQaTOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvg -GrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqTE5s7FCMTY5w/ -0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5xO/fIR/RpbxXyEV6DHpx8Uq79AtoS -qFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs6GAqm4VKQPNriiTsBhYscw== ------END CERTIFICATE----- - -Comodo AAA Services root -======================== ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS -R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg -TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw -MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl -c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV -BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG -C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs -i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW -Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH -Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK -Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f -BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl -cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz -LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm -7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z -8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C -12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- - -Comodo Secure Services root -=========================== ------BEGIN CERTIFICATE----- -MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS -R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg -TGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAw -MDAwMFoXDTI4MTIzMTIzNTk1OVowfjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu -Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAi -BgNVBAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPMcm3ye5drswfxdySRXyWP -9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3SHpR7LZQdqnXXs5jLrLxkU0C8j6ysNstc -rbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rC -oznl2yY4rYsK7hljxxwk3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3V -p6ea5EQz6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNVHQ4E -FgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -gYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL1NlY3VyZUNlcnRpZmlj -YXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRwOi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlm -aWNhdGVTZXJ2aWNlcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm -4J4oqF7Tt/Q05qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj -Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtIgKvcnDe4IRRL -DXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJaD61JlfutuC23bkpgHl9j6Pw -pCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDlizeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1H -RR3B7Hzs/Sk= ------END CERTIFICATE----- - -Comodo Trusted Services root -============================ ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS -R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg -TGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEw -MDAwMDBaFw0yODEyMzEyMzU5NTlaMH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1h -bmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUw -IwYDVQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWWfnJSoBVC21ndZHoa0Lh7 -3TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMtTGo87IvDktJTdyR0nAducPy9C1t2ul/y -/9c3S0pgePfw+spwtOpZqqPOSC+pw7ILfhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6 -juljatEPmsbS9Is6FARW1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsS -ivnkBbA7kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0GA1Ud -DgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21vZG9jYS5jb20vVHJ1c3RlZENlcnRp -ZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRodHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENl -cnRpZmljYXRlU2VydmljZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8Ntw -uleGFTQQuS9/HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32 -pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxISjBc/lDb+XbDA -BHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+xqFx7D+gIIxmOom0jtTYsU0l -R+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/AtyjcndBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O -9y5Xt5hwXsjEeLBi ------END CERTIFICATE----- - -QuoVadis Root CA -================ ------BEGIN CERTIFICATE----- -MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJCTTEZMBcGA1UE -ChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 -eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAz -MTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp -cyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQD -EyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMuk -J0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtL -F8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeL -YzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWen -AScOospUxbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4w -PQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y -ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAABMIH7 -MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmlj -YXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs -ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh -Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYIKwYBBQUHAgEW -Fmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGu -BgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkw -FwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6 -tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lo -fFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuul -LsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2x -gI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi -5upZIof4l/UO/erMkqQWxFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi -5nrQNiOKSnQ2+Q== ------END CERTIFICATE----- - -QuoVadis Root CA 2 -================== ------BEGIN CERTIFICATE----- -MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT -EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx -ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6 -XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk -lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB -lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy -lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt -66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn -wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh -D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy -BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie -J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud -DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU -a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT -ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv -Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3 -UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm -VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK -+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW -IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1 -WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X -f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II -4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8 -VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u ------END CERTIFICATE----- - -QuoVadis Root CA 3 -================== ------BEGIN CERTIFICATE----- -MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT -EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx -OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg -DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij -KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K -DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv -BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp -p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8 -nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX -MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM -Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz -uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT -BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj -YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 -aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB -BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD -VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4 -ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE -AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV -qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s -hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z -POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2 -Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp -8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC -bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu -g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p -vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr -qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto= ------END CERTIFICATE----- - -Security Communication Root CA -============================== ------BEGIN CERTIFICATE----- -MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP -U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw -HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP -U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw -8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM -DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX -5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd -DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2 -JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw -DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g -0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a -mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ -s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ -6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi -FL39vmwLAw== ------END CERTIFICATE----- - -Sonera Class 2 Root CA -====================== ------BEGIN CERTIFICATE----- -MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEPMA0GA1UEChMG -U29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQw -NjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJh -IENsYXNzMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3 -/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybT -dXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMG -f+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8P -tOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURrBGAgcVeH -nfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITT -XjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt -0jSv9zilzqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEI -cbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr450kkkdAdavph -Oe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6Tk6ezAyNlNzZRZxe7EJQY670XcSx -EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH -llpwrN9M ------END CERTIFICATE----- - -Staat der Nederlanden Root CA -============================= ------BEGIN CERTIFICATE----- -MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJOTDEeMBwGA1UE -ChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFhdCBkZXIgTmVkZXJsYW5kZW4g -Um9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEyMTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4w -HAYDVQQKExVTdGFhdCBkZXIgTmVkZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxh -bmRlbiBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFt -vsznExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw719tV2U02P -jLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MOhXeiD+EwR+4A5zN9RGca -C1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+UtFE5A3+y3qcym7RHjm+0Sq7lr7HcsBth -vJly3uSJt3omXdozSVtSnA71iq3DuD3oBmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn6 -22r+I/q85Ej0ZytqERAhSQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRV -HSAAMDwwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMvcm9v -dC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA7Jbg0zTBLL9s+DAN -BgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k/rvuFbQvBgwp8qiSpGEN/KtcCFtR -EytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzmeafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbw -MVcoEoJz6TMvplW0C5GUR5z6u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3y -nGQI0DvDKcWy7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR -iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw== ------END CERTIFICATE----- - -TDC Internet Root CA -==================== ------BEGIN CERTIFICATE----- -MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJESzEVMBMGA1UE -ChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTAeFw0wMTA0MDUx -NjMzMTdaFw0yMTA0MDUxNzAzMTdaMEMxCzAJBgNVBAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJu -ZXQxHTAbBgNVBAsTFFREQyBJbnRlcm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAxLhAvJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20j -xsNuZp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a0vnRrEvL -znWv3Hv6gXPU/Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc14izbSysseLlJ28TQx5yc -5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGNeGlVRGn1ypYcNIUXJXfi9i8nmHj9eQY6 -otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcDR0G2l8ktCkEiu7vmpwIDAQABo4IBJTCCASEwEQYJYIZI -AYb4QgEBBAQDAgAHMGUGA1UdHwReMFwwWqBYoFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMM -VERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxMEQ1JM -MTArBgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3WjALBgNVHQ8EBAMC -AQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAwHQYDVR0OBBYEFGxkAcf9hW2syNqe -UAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8wHQYJKoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0G -CSqGSIb3DQEBBQUAA4IBAQBOQ8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540m -gwV5dOy0uaOXwTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKsLtB9KOy282A4aW8+ -2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7TmHnaCB4Mb7j4Fifvwm899qNLPg7kbWzb -O0ESm70NRyN/PErQr8Cv9u8btRXE64PECV90i9kR+8JWsTz4cMo0jUNAE4z9mQNUecYu6oah9jrU -Cbz0vGbMPVjQV0kK7iXiQe4T+Zs4NNEA9X7nlB38aQNiuJkFBT1reBK9sG9l ------END CERTIFICATE----- - -UTN DATACorp SGC Root CA -======================== ------BEGIN CERTIFICATE----- -MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UE -BhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhl -IFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZ -BgNVBAMTElVUTiAtIERBVEFDb3JwIFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBa -MIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4w -HAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRy -dXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ys -raP6LnD43m77VkIVni5c7yPeIbkFdicZD0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlo -wHDyUwDAXlCCpVZvNvlK4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA -9P4yPykqlXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulWbfXv -33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQABo4GrMIGoMAsGA1Ud -DwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRTMtGzz3/64PGgXYVOktKeRR20TzA9 -BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dD -LmNybDAqBgNVHSUEIzAhBggrBgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3 -DQEBBQUAA4IBAQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft -Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyjj98C5OBxOvG0 -I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVHKWss5nbZqSl9Mt3JNjy9rjXx -EZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwP -DPafepE39peC4N1xaf92P2BNPM/3mfnGV/TJVTl4uix5yaaIK/QI ------END CERTIFICATE----- - -UTN USERFirst Hardware Root CA -============================== ------BEGIN CERTIFICATE----- -MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UE -BhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhl -IFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAd -BgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgx -OTIyWjCBlzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0 -eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVz -ZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlI -wrthdBKWHTxqctU8EGc6Oe0rE81m65UJM6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFd -tqdt++BxF2uiiPsA3/4aMXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8 -i4fDidNdoI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqIDsjf -Pe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9KsyoUhbAgMBAAGjgbkw -gbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKFyXyYbKJhDlV0HN9WF -lp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNF -UkZpcnN0LUhhcmR3YXJlLmNybDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUF -BwMGBggrBgEFBQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM -//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28GpgoiskliCE7/yMgUsogW -XecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gECJChicsZUN/KHAG8HQQZexB2 -lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kn -iCrVWFCVH/A7HFe7fRQ5YiuayZSSKqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67 -nfhmqA== ------END CERTIFICATE----- - -Camerfirma Chambers of Commerce Root -==================================== ------BEGIN CERTIFICATE----- -MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe -QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i -ZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAx -NjEzNDNaFw0zNzA5MzAxNjEzNDRaMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZp -cm1hIFNBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3Jn -MSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0BAQEFAAOC -AQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtbunXF/KGIJPov7coISjlU -xFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0dBmpAPrMMhe5cG3nCYsS4No41XQEMIwRH -NaqbYE6gZj3LJgqcQKH0XZi/caulAGgq7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jW -DA+wWFjbw2Y3npuRVDM30pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFV -d9oKDMyXroDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIGA1Ud -EwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5jaGFtYmVyc2lnbi5v -cmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p26EpW1eLTXYGduHRooowDgYDVR0P -AQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hh -bWJlcnNpZ24ub3JnMCcGA1UdEgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYD -VR0gBFEwTzBNBgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz -aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAAxBl8IahsAi -fJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZdp0AJPaxJRUXcLo0waLIJuvvD -L8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wN -UPf6s+xCX6ndbcj0dc97wXImsQEcXCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/n -ADydb47kMgkdTXg0eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1 -erfutGWaIZDgqtCYvDi1czyL+Nw= ------END CERTIFICATE----- - -Camerfirma Global Chambersign Root -================================== ------BEGIN CERTIFICATE----- -MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe -QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i -ZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYx -NDE4WhcNMzcwOTMwMTYxNDE4WjB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJt -YSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEg -MB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAw -ggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0Mi+ITaFgCPS3CU6gSS9J -1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/sQJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8O -by4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpVeAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl -6DJWk0aJqCWKZQbua795B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c -8lCrEqWhz0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0TAQH/ -BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1iZXJzaWduLm9yZy9j -aGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4wTcbOX60Qq+UDpfqpFDAOBgNVHQ8B -Af8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBj -aGFtYmVyc2lnbi5vcmcwKgYDVR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9y -ZzBbBgNVHSAEVDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh -bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0BAQUFAAOCAQEA -PDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUMbKGKfKX0j//U2K0X1S0E0T9Y -gOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXiryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJ -PJ7oKXqJ1/6v/2j1pReQvayZzKWGVwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4 -IBHNfTIzSJRUTN3cecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREes -t2d/AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== ------END CERTIFICATE----- - -NetLock Notary (Class A) Root -============================= ------BEGIN CERTIFICATE----- -MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQI -EwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6 -dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9j -ayBLb3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oX -DTE5MDIxOTIzMTQ0N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQH -EwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYD -VQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFz -cyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSM -D7tM9DceqQWC2ObhbHDqeLVu0ThEDaiDzl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZ -z+qMkjvN9wfcZnSX9EUi3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC -/tmwqcm8WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LYOph7 -tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2EsiNCubMvJIH5+hCoR6 -4sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCCApswDgYDVR0PAQH/BAQDAgAGMBIG -A1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaC -Ak1GSUdZRUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pv -bGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu -IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2Vn -LWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0 -ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFz -IGxlaXJhc2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBh -IGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVu -b3J6ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1YW5jZSBh -bmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sg -Q1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFp -bCBhdCBjcHNAbmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5 -ayZrU3/b39/zcT0mwBQOxmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjP -ytoUMaFP0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQQeJB -CWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxkf1qbFFgBJ34TUMdr -KuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK8CtmdWOMovsEPoMOmzbwGOQmIMOM -8CgHrTwXZoi1/baI ------END CERTIFICATE----- - -NetLock Business (Class B) Root -=============================== ------BEGIN CERTIFICATE----- -MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCSFUxETAPBgNVBAcT -CEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0b25zYWdpIEtmdC4xGjAYBgNV -BAsTEVRhbnVzaXR2YW55a2lhZG9rMTIwMAYDVQQDEylOZXRMb2NrIFV6bGV0aSAoQ2xhc3MgQikg -VGFudXNpdHZhbnlraWFkbzAeFw05OTAyMjUxNDEwMjJaFw0xOTAyMjAxNDEwMjJaMIGZMQswCQYD -VQQGEwJIVTERMA8GA1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRv -bnNhZ2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxMjAwBgNVBAMTKU5ldExvY2sg -VXpsZXRpIChDbGFzcyBCKSBUYW51c2l0dmFueWtpYWRvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB -iQKBgQCx6gTsIKAjwo84YM/HRrPVG/77uZmeBNwcf4xKgZjupNTKihe5In+DCnVMm8Bp2GQ5o+2S -o/1bXHQawEfKOml2mrriRBf8TKPV/riXiK+IA4kfpPIEPsgHC+b5sy96YhQJRhTKZPWLgLViqNhr -1nGTLbO/CVRY7QbrqHvcQ7GhaQIDAQABo4ICnzCCApswEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNV -HQ8BAf8EBAMCAAYwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZ -RUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRh -dGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQuIEEgaGl0 -ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRv -c2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUg -YXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJh -c2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBz -Oi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6ZXNA -bmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQgdGhl -IHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sgQ1BTIGF2 -YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBj -cHNAbmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4GBAATbrowXr/gOkDFOzT4JwG06sPgzTEdM -43WIEJessDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXan3BukxowOR0w2y7jfLKR -stE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKSNitjrFgBazMpUIaD8QFI ------END CERTIFICATE----- - -NetLock Express (Class C) Root -============================== ------BEGIN CERTIFICATE----- -MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUxETAPBgNVBAcT -CEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0b25zYWdpIEtmdC4xGjAYBgNV -BAsTEVRhbnVzaXR2YW55a2lhZG9rMTQwMgYDVQQDEytOZXRMb2NrIEV4cHJlc3N6IChDbGFzcyBD -KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNTE0MDgxMVoXDTE5MDIyMDE0MDgxMVowgZsxCzAJ -BgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6 -dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE0MDIGA1UEAxMrTmV0TG9j -ayBFeHByZXNzeiAoQ2xhc3MgQykgVGFudXNpdHZhbnlraWFkbzCBnzANBgkqhkiG9w0BAQEFAAOB -jQAwgYkCgYEA6+ywbGGKIyWvYCDj2Z/8kwvbXY2wobNAOoLO/XXgeDIDhlqGlZHtU/qdQPzm6N3Z -W3oDvV3zOwzDUXmbrVWg6dADEK8KuhRC2VImESLH0iDMgqSaqf64gXadarfSNnU+sYYJ9m5tfk63 -euyucYT2BDMIJTLrdKwWRMbkQJMdf60CAwEAAaOCAp8wggKbMBIGA1UdEwEB/wQIMAYBAf8CAQQw -DgYDVR0PAQH/BAQDAgAGMBEGCWCGSAGG+EIBAQQEAwIABzCCAmAGCWCGSAGG+EIBDQSCAlEWggJN -RklHWUVMRU0hIEV6ZW4gdGFudXNpdHZhbnkgYSBOZXRMb2NrIEtmdC4gQWx0YWxhbm9zIFN6b2xn -YWx0YXRhc2kgRmVsdGV0ZWxlaWJlbiBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0LiBB -IGhpdGVsZXNpdGVzIGZvbHlhbWF0YXQgYSBOZXRMb2NrIEtmdC4gdGVybWVrZmVsZWxvc3NlZy1i -aXp0b3NpdGFzYSB2ZWRpLiBBIGRpZ2l0YWxpcyBhbGFpcmFzIGVsZm9nYWRhc2FuYWsgZmVsdGV0 -ZWxlIGF6IGVsb2lydCBlbGxlbm9yemVzaSBlbGphcmFzIG1lZ3RldGVsZS4gQXogZWxqYXJhcyBs -ZWlyYXNhIG1lZ3RhbGFsaGF0byBhIE5ldExvY2sgS2Z0LiBJbnRlcm5ldCBob25sYXBqYW4gYSBo -dHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIGNpbWVuIHZhZ3kga2VyaGV0byBheiBlbGxlbm9y -emVzQG5ldGxvY2submV0IGUtbWFpbCBjaW1lbi4gSU1QT1JUQU5UISBUaGUgaXNzdWFuY2UgYW5k -IHRoZSB1c2Ugb2YgdGhpcyBjZXJ0aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIHRoZSBOZXRMb2NrIENQ -UyBhdmFpbGFibGUgYXQgaHR0cHM6Ly93d3cubmV0bG9jay5uZXQvZG9jcyBvciBieSBlLW1haWwg -YXQgY3BzQG5ldGxvY2submV0LjANBgkqhkiG9w0BAQQFAAOBgQAQrX/XDDKACtiG8XmYta3UzbM2 -xJZIwVzNmtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2gpO0u9f38vf5NNwgMvOOW -gyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4Fp1hBWeAyNDYpQcCNJgEjTME1A== ------END CERTIFICATE----- - -XRamp Global CA Root -==================== ------BEGIN CERTIFICATE----- -MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE -BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj -dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx -HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg -U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu -IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx -foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE -zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs -AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry -xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud -EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap -oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC -AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc -/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt -qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n -nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz -8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw= ------END CERTIFICATE----- - -Go Daddy Class 2 CA -=================== ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY -VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG -A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g -RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD -ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv -2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32 -qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j -YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY -vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O -BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o -atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu -MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG -A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim -PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt -I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ -HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI -Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b -vZ8= ------END CERTIFICATE----- - -Starfield Class 2 CA -==================== ------BEGIN CERTIFICATE----- -MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc -U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg -Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo -MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG -A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG -SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY -bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ -JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm -epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN -F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF -MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f -hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo -bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g -QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs -afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM -PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl -xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD -KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3 -QBFGmh95DmK/D5fs4C8fF5Q= ------END CERTIFICATE----- - -StartCom Certification Authority -================================ ------BEGIN CERTIFICATE----- -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu -ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0 -NjM2WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk -LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg -U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y -o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/ -Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d -eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt -2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z -6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ -osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/ -untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc -UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT -37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE -FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0 -Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNj -YS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUH -AgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRw -Oi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYg -U3RhcnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5 -LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENl -cnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3Rh -cnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilT -dGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC -AgEAFmyZ9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8jhvh -3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUWFjgKXlf2Ysd6AgXm -vB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHk -fY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3 -fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZ -EoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq -yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl -1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/7HW/ -lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkyShNOsF/5oirpt9P/FlUQqmMGqz9IgcgA38coro -g14= ------END CERTIFICATE----- - -Taiwan GRCA -=========== ------BEGIN CERTIFICATE----- -MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQG -EwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X -DTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1owPzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dv -dmVybm1lbnQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBAJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qN -w8XRIePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1qgQdW8or5 -BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKyyhwOeYHWtXBiCAEuTk8O -1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAtsF/tnyMKtsc2AtJfcdgEWFelq16TheEfO -htX7MfP6Mb40qij7cEwdScevLJ1tZqa2jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wov -J5pGfaENda1UhhXcSTvxls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7 -Q3hub/FCVGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHKYS1t -B6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoHEgKXTiCQ8P8NHuJB -O9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThNXo+EHWbNxWCWtFJaBYmOlXqYwZE8 -lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1UdDgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNV -HRMEBTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg2 -09yewDL7MTqKUWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ -TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyfqzvS/3WXy6Tj -Zwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaKZEk9GhiHkASfQlK3T8v+R0F2 -Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFEJPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlU -D7gsL0u8qV1bYH+Mh6XgUmMqvtg7hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6Qz -DxARvBMB1uUO07+1EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+Hbk -Z6MmnD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WXudpVBrkk -7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44VbnzssQwmSNOXfJIoRIM3BKQ -CZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v3Aun+kbfYNucpllQdSNpc5Oy -+fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYsfPQS ------END CERTIFICATE----- - -Swisscom Root CA 1 -================== ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQG -EwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy -dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4 -MTgyMjA2MjBaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln -aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIIC -IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9m2BtRsiM -MW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdihFvkcxC7mlSpnzNApbjyF -NDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/TilftKaNXXsLmREDA/7n29uj/x2lzZAe -AR81sH8A25Bvxn570e56eqeqDFdvpG3FEzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkC -b6dJtDZd0KTeByy2dbcokdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn -7uHbHaBuHYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNFvJbN -cA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo19AOeCMgkckkKmUp -WyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjCL3UcPX7ape8eYIVpQtPM+GP+HkM5 -haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJWbjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNY -MUJDLXT5xp6mig/p/r+D5kNXJLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw -HQYDVR0hBBYwFDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j -BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzcK6FptWfUjNP9 -MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzfky9NfEBWMXrrpA9gzXrzvsMn -jgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7IkVh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQ -MbFamIp1TpBcahQq4FJHgmDmHtqBsfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4H -VtA4oJVwIHaM190e3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtl -vrsRls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ipmXeascCl -OS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HHb6D0jqTsNFFbjCYDcKF3 -1QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksfrK/7DZBaZmBwXarNeNQk7shBoJMBkpxq -nvy5JMWzFYJ+vq6VK+uxwNrjAWALXmmshFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCy -x/yP2FS1k2Kdzs9Z+z0YzirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMW -NY6E0F/6MBr1mmz0DlP5OlvRHA== ------END CERTIFICATE----- - -DigiCert Assured ID Root CA -=========================== ------BEGIN CERTIFICATE----- -MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw -IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx -MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL -ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO -9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy -UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW -/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy -oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf -GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF -66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq -hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc -EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn -SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i -8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe -+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== ------END CERTIFICATE----- - -DigiCert Global Root CA -======================= ------BEGIN CERTIFICATE----- -MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw -HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw -MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 -dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn -TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5 -BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H -4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y -7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB -o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm -8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF -BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr -EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt -tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886 -UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk -CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= ------END CERTIFICATE----- - -DigiCert High Assurance EV Root CA -================================== ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw -KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw -MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ -MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu -Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t -Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS -OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3 -MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ -NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe -h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB -Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY -JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ -V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp -myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK -mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe -vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K ------END CERTIFICATE----- - -Certplus Class 2 Primary CA -=========================== ------BEGIN CERTIFICATE----- -MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UE -BhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFzcyAyIFByaW1hcnkgQ0EwHhcN -OTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2Vy -dHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBANxQltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR -5aiRVhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyLkcAbmXuZ -Vg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCdEgETjdyAYveVqUSISnFO -YFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yasH7WLO7dDWWuwJKZtkIvEcupdM5i3y95e -e++U8Rs+yskhwcWYAqqi9lt3m/V+llU0HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRME -CDAGAQH/AgEKMAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJ -YIZIAYb4QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMuY29t -L0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/AN9WM2K191EBkOvD -P9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8yfFC82x/xXp8HVGIutIKPidd3i1R -TtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMRFcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+ -7UCmnYR0ObncHoUW2ikbhiMAybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW -//1IMwrh3KWBkJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 -l7+ijrRU ------END CERTIFICATE----- - -DST Root CA X3 -============== ------BEGIN CERTIFICATE----- -MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK -ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X -DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1 -cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT -rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9 -UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy -xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d -utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T -AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ -MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug -dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE -GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw -RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS -fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ ------END CERTIFICATE----- - -DST ACES CA X6 -============== ------BEGIN CERTIFICATE----- -MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQG -EwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QxETAPBgNVBAsTCERTVCBBQ0VT -MRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0wMzExMjAyMTE5NThaFw0xNzExMjAyMTE5NTha -MFsxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UE -CxMIRFNUIEFDRVMxFzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPuktKe1jzI -DZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7gLFViYsx+tC3dr5BPTCa -pCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZHfAjIgrrep4c9oW24MFbCswKBXy314pow -GCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4aahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPy -MjwmR/onJALJfh1biEITajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1Ud -EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rkc3Qu -Y29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjtodHRwOi8vd3d3LnRy -dXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMtaW5kZXguaHRtbDAdBgNVHQ4EFgQU -CXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZIhvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V2 -5FYrnJmQ6AgwbN99Pe7lv7UkQIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6t -Fr8hlxCBPeP/h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq -nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpRrscL9yuwNwXs -vFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf29w4LTJxoeHtxMcfrHuBnQfO3 -oKfN5XozNmr6mis= ------END CERTIFICATE----- - -TURKTRUST Certificate Services Provider Root 1 -============================================== ------BEGIN CERTIFICATE----- -MIID+zCCAuOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtzE/MD0GA1UEAww2VMOcUktUUlVTVCBF -bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGDAJUUjEP -MA0GA1UEBwwGQU5LQVJBMVYwVAYDVQQKDE0oYykgMjAwNSBUw5xSS1RSVVNUIEJpbGdpIMSwbGV0 -acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjAeFw0wNTA1MTMx -MDI3MTdaFw0xNTAzMjIxMDI3MTdaMIG3MT8wPQYDVQQDDDZUw5xSS1RSVVNUIEVsZWt0cm9uaWsg -U2VydGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLExCzAJBgNVBAYMAlRSMQ8wDQYDVQQHDAZB -TktBUkExVjBUBgNVBAoMTShjKSAyMDA1IFTDnFJLVFJVU1QgQmlsZ2kgxLBsZXRpxZ9pbSB2ZSBC -aWxpxZ9pbSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEuxZ4uMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAylIF1mMD2Bxf3dJ7XfIMYGFbazt0K3gNfUW9InTojAPBxhEqPZW8qZSwu5GX -yGl8hMW0kWxsE2qkVa2kheiVfrMArwDCBRj1cJ02i67L5BuBf5OI+2pVu32Fks66WJ/bMsW9Xe8i -Si9BB35JYbOG7E6mQW6EvAPs9TscyB/C7qju6hJKjRTP8wrgUDn5CDX4EVmt5yLqS8oUBt5CurKZ -8y1UiBAG6uEaPj1nH/vO+3yC6BFdSsG5FOpU2WabfIl9BJpiyelSPJ6c79L1JuTm5Rh8i27fbMx4 -W09ysstcP4wFjdFMjK2Sx+F4f2VsSQZQLJ4ywtdKxnWKWU51b0dewQIDAQABoxAwDjAMBgNVHRME -BTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAV9VX/N5aAWSGk/KEVTCD21F/aAyT8z5Aa9CEKmu46 -sWrv7/hg0Uw2ZkUd82YCdAR7kjCo3gp2D++Vbr3JN+YaDayJSFvMgzbC9UZcWYJWtNX+I7TYVBxE -q8Sn5RTOPEFhfEPmzcSBCYsk+1Ql1haolgxnB2+zUEfjHCQo3SqYpGH+2+oSN7wBGjSFvW5P55Fy -B0SFHljKVETd96y5y4khctuPwGkplyqjrhgjlxxBKot8KsF8kOipKMDTkcatKIdAaLX/7KfS0zgY -nNN9aV3wxqUeJBujR/xpB2jn5Jq07Q+hh4cCzofSSE7hvP/L8XKSRGQDJereW26fyfJOrN3H ------END CERTIFICATE----- - -TURKTRUST Certificate Services Provider Root 2 -============================================== ------BEGIN CERTIFICATE----- -MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvjE/MD0GA1UEAww2VMOcUktUUlVTVCBF -bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEP -MA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUg -QmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUwHhcN -MDUxMTA3MTAwNzU3WhcNMTUwOTE2MTAwNzU3WjCBvjE/MD0GA1UEAww2VMOcUktUUlVTVCBFbGVr -dHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEPMA0G -A1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmls -acWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpNn7DkUNMwxmYCMjHWHtPFoylzkkBH3MOrHUTpvqe -LCDe2JAOCtFp0if7qnefJ1Il4std2NiDUBd9irWCPwSOtNXwSadktx4uXyCcUHVPr+G1QRT0mJKI -x+XlZEdhR3n9wFHxwZnn3M5q+6+1ATDcRhzviuyV79z/rxAc653YsKpqhRgNF8k+v/Gb0AmJQv2g -QrSdiVFVKc8bcLyEVK3BEx+Y9C52YItdP5qtygy/p1Zbj3e41Z55SZI/4PGXJHpsmxcPbe9TmJEr -5A++WXkHeLuXlfSfadRYhwqp48y2WBmfJiGxxFmNskF1wK1pzpwACPI2/z7woQ8arBT9pmAPAgMB -AAGjQzBBMB0GA1UdDgQWBBTZN7NOBf3Zz58SFq62iS/rJTqIHDAPBgNVHQ8BAf8EBQMDBwYAMA8G -A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHJglrfJ3NgpXiOFX7KzLXb7iNcX/ntt -Rbj2hWyfIvwqECLsqrkw9qtY1jkQMZkpAL2JZkH7dN6RwRgLn7Vhy506vvWolKMiVW4XSf/SKfE4 -Jl3vpao6+XF75tpYHdN0wgH6PmlYX63LaL4ULptswLbcoCb6dxriJNoaN+BnrdFzgw2lGh1uEpJ+ -hGIAF728JRhX8tepb1mIvDS3LoV4nZbcFMMsilKbloxSZj2GFotHuFEJjOp9zYhys2AzsfAKRO8P -9Qk3iCQOLGsgOqL6EfJANZxEaGM7rDNvY7wsu/LSy3Z9fYjYHcgFHW68lKlmjHdxx/qR+i9Rnuk5 -UrbnBEI= ------END CERTIFICATE----- - -SwissSign Gold CA - G2 -====================== ------BEGIN CERTIFICATE----- -MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw -EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN -MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp -c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq -t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C -jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg -vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF -ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR -AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend -jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO -peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR -7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi -GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw -AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64 -OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov -L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm -5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr -44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf -Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m -Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp -mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk -vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf -KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br -NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj -viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ ------END CERTIFICATE----- - -SwissSign Silver CA - G2 -======================== ------BEGIN CERTIFICATE----- -MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT -BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X -DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3 -aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG -9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644 -N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm -+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH -6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu -MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h -qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5 -FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs -ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc -celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X -CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB -tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 -cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P -4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F -kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L -3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx -/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa -DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP -e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu -WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ -DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub -DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u ------END CERTIFICATE----- - -GeoTrust Primary Certification Authority -======================================== ------BEGIN CERTIFICATE----- -MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQG -EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgx -CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQ -cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWN -b6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9 -nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5X9gaBGge -RwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGt -tm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZI -hvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CePbJC/kRYkRj5K -Ts4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl4b7UVXGYNTq+k+qurUKykG/g/CFN -NWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHa -Floxt/m0cYASSJlyc1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG -1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= ------END CERTIFICATE----- - -thawte Primary Root CA -====================== ------BEGIN CERTIFICATE----- -MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UE -BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2 -aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv -cml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3 -MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwg -SW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMv -KGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMT -FnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs -oPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ -1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGc -q/gcfomk6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/K -aAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR32HuHUETVPm4p -afs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD -VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUF -AAOCAQEAeRHAS7ORtvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE -uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX -xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89 -jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH -z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA== ------END CERTIFICATE----- - -VeriSign Class 3 Public Primary Certification Authority - G5 -============================================================ ------BEGIN CERTIFICATE----- -MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE -BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO -ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk -IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB -yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln -biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh -dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz -j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD -Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ -Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r -fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/ -BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv -Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy -aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG -SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+ -X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE -KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC -Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE -ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq ------END CERTIFICATE----- - -SecureTrust CA -============== ------BEGIN CERTIFICATE----- -MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG -EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy -dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe -BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX -OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t -DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH -GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b -01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH -ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/ -BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj -aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ -KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu -SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf -mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ -nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR -3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= ------END CERTIFICATE----- - -Secure Global CA -================ ------BEGIN CERTIFICATE----- -MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG -EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH -bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg -MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg -Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx -YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ -bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g -8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV -HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi -0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud -EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn -oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA -MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+ -OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn -CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5 -3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc -f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW ------END CERTIFICATE----- - -COMODO Certification Authority -============================== ------BEGIN CERTIFICATE----- -MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE -BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG -A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1 -dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb -MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD -T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH -+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww -xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV -4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA -1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI -rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k -b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC -AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP -OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ -RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc -IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN -+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ== ------END CERTIFICATE----- - -Network Solutions Certificate Authority -======================================= ------BEGIN CERTIFICATE----- -MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQG -EwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3Jr -IFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMx -MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu -MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7MEL7xx -jOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6UDL4wpPT -aaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXT -crA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc -/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMB -AAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwubmV0c29sc3NsLmNv -bS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUA -A4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q -4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/ -GGUsyfJj4akH/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv -wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxD -ydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey ------END CERTIFICATE----- - -WellsSecure Public Root Certificate Authority -============================================= ------BEGIN CERTIFICATE----- -MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoM -F1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYw -NAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcN -MDcxMjEzMTcwNzU0WhcNMjIxMjE0MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dl -bGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYD -VQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+rWxxTkqxtnt3CxC5FlAM1 -iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjUDk/41itMpBb570OYj7OeUt9tkTmPOL13 -i0Nj67eT/DBMHAGTthP796EfvyXhdDcsHqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8 -bJVhHlfXBIEyg1J55oNjz7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiB -K0HmOFafSZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/SlwxlAgMB -AAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwu -cGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBQm -lRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0jBIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGB -i6SBiDCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRww -GgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg -Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEBALkVsUSRzCPI -K0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd/ZDJPHV3V3p9+N701NX3leZ0 -bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pBA4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSlj -qHyita04pO2t/caaH/+Xc/77szWnk4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+es -E2fDbbFwRnzVlhE9iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJ -tylv2G0xffX8oRAHh84vWdw+WNs= ------END CERTIFICATE----- - -COMODO ECC Certification Authority -================================== ------BEGIN CERTIFICATE----- -MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC -R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE -ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix -GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR -Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo -b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X -4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni -wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG -FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA -U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= ------END CERTIFICATE----- - -IGC/A -===== ------BEGIN CERTIFICATE----- -MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYTAkZSMQ8wDQYD -VQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVE -Q1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZy -MB4XDTAyMTIxMzE0MjkyM1oXDTIwMTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQI -EwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NT -STEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaIs9z4iPf930Pfeo2aSVz2 -TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCW -So7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYy -HF2fYPepraX/z9E0+X1bF8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNd -frGoRpAxVs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGdPDPQ -tQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNVHSAEDjAMMAoGCCqB -egF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAxNjAfBgNVHSMEGDAWgBSjBS8YYFDC -iQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUFAAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RK -q89toB9RlPhJy3Q2FLwV3duJL92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3Q -MZsyK10XZZOYYLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg -Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2aNjSaTFR+FwNI -lQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R0982gaEbeC9xs/FZTEYYKKuF -0mBWWg== ------END CERTIFICATE----- - -Security Communication EV RootCA1 -================================= ------BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMc -U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNh -dGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIzMloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UE -BhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNl -Y3VyaXR5IENvbW11bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSERMqm4miO -/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gOzXppFodEtZDkBp2uoQSX -WHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4z -ZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDFMxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4 -bepJz11sS6/vmsJWXMY1VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK -9U2vP9eCOKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG -SIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HWtWS3irO4G8za+6xm -iEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZq51ihPZRwSzJIxXYKLerJRO1RuGG -Av8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDbEJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnW -mHyojf6GPgcWkuF75x3sM3Z+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEW -T1MKZPlO9L9OVL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 ------END CERTIFICATE----- - -OISTE WISeKey Global Root GA CA -=============================== ------BEGIN CERTIFICATE----- -MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UE -BhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHlyaWdodCAoYykgMjAwNTEiMCAG -A1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBH -bG9iYWwgUm9vdCBHQSBDQTAeFw0wNTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYD -VQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIw -IAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5 -IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0+zAJs9 -Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxRVVuuk+g3/ytr6dTqvirdqFEr12bDYVxg -Asj1znJ7O7jyTmUIms2kahnBAbtzptf2w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbD -d50kc3vkDIzh2TbhmYsFmQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ -/yxViJGg4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t94B3R -LoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw -AwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ -KoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOxSPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vIm -MMkQyh2I+3QZH4VFvbBsUfk2ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4 -+vg1YFkCExh8vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa -hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZiFj4A4xylNoEY -okxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ/L7fCg0= ------END CERTIFICATE----- - -Microsec e-Szigno Root CA -========================= ------BEGIN CERTIFICATE----- -MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UE -BhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNyb3NlYyBMdGQuMRQwEgYDVQQL -EwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9zZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0 -MDYxMjI4NDRaFw0xNzA0MDYxMjI4NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVz -dDEWMBQGA1UEChMNTWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMT -GU1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2uuO/TEdyB5s87lozWbxXG -d36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/N -oqdNAoI/gqyFxuEPkEeZlApxcpMqyabAvjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjc -QR/Ji3HWVBTji1R4P770Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJ -PqW+jqpx62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcBAQRb -MFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3AwLQYIKwYBBQUHMAKG -IWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAPBgNVHRMBAf8EBTADAQH/MIIBcwYD -VR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIBAQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3 -LmUtc3ppZ25vLmh1L1NaU1ovMIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0A -dAB2AOEAbgB5ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn -AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABTAHoAbwBsAGcA -4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABhACAAcwB6AGUAcgBpAG4AdAAg -AGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABoAHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMA -egBpAGcAbgBvAC4AaAB1AC8AUwBaAFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6 -Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NO -PU1pY3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxPPU1pY3Jv -c2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5h -cnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuBEGluZm9AZS1zemlnbm8uaHWkdzB1MSMw -IQYDVQQDDBpNaWNyb3NlYyBlLVN6aWduw7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhT -WjEWMBQGA1UEChMNTWljcm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhV -MIGsBgNVHSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJIVTER -MA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDASBgNVBAsTC2UtU3pp -Z25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBSb290IENBghEAzLjnv04pGv2i3Gal -HCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMT -nGZjWS7KXHAM/IO8VbH0jgdsZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FE -aGAHQzAxQmHl7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a -86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfRhUZLphK3dehK -yVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/MPMMNz7UwiiAc7EBt51alhQB -S6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU= ------END CERTIFICATE----- - -Certigna -======== ------BEGIN CERTIFICATE----- -MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw -EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3 -MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI -Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q -XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH -GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p -ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg -DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf -Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ -tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ -BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J -SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA -hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+ -ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu -PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY -1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw -WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== ------END CERTIFICATE----- - -AC Ra\xC3\xADz Certic\xC3\xA1mara S.A. -====================================== ------BEGIN CERTIFICATE----- -MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNVBAYT -AkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRlIENlcnRpZmljYWNpw7NuIERpZ2l0YWwg -LSBDZXJ0aWPDoW1hcmEgUy5BLjEjMCEGA1UEAwwaQUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4w -HhcNMDYxMTI3MjA0NjI5WhcNMzAwNDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+ -U29jaWVkYWQgQ2FtZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJh -IFMuQS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEAq2uJo1PMSCMI+8PPUZYILrgIem08kBeGqentLhM0R7LQcNzJPNCN -yu5LF6vQhbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzLfDe3fezTf3MZsGqy2IiKLUV0qPezuMDU -2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQY5fzp6cSsgkiBzPZkc0OnB8OIMfuuzONj8LSWKdf/WU3 -4ojC2I+GdV75LaeHM/J4Ny+LvB2GNzmxlPLYvEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP -2yYe68yQ54v5aHxwD6Mq0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+bMMCm -8Ibbq0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48jilSH5L887uvDdUhf -HjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++EjYfDIJss2yKHzMI+ko6Kh3VOz3vCa -Mh+DkXkwwakfU5tTohVTP92dsxA7SH2JD/ztA/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK -5lw1omdMEWux+IBkAC1vImHFrEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1b -czwmPS9KvqfJpxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE -AwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMDG2gwgaAGA1UdIASBmDCBlTCBkgYEVR0g -ADCBiTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5jZXJ0aWNhbWFyYS5jb20vZHBjLzBaBggrBgEF -BQcCAjBOGkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW507WFzIGRlIGVzdGUgY2VydGlmaWNhZG8gc2Ug -cHVlZGVuIGVuY29udHJhciBlbiBsYSBEUEMuMA0GCSqGSIb3DQEBBQUAA4ICAQBclLW4RZFNjmEf -AygPU3zmpFmps4p6xbD/CHwso3EcIRNnoZUSQDWDg4902zNc8El2CoFS3UnUmjIz75uny3XlesuX -EpBcunvFm9+7OSPI/5jOCk0iAUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/Jre7Ir5v -/zlXdLp6yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dpezy4ydV/NgIlqmjCMRW3 -MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42gzmRkBDI8ck1fj+404HGIGQatlDCIaR4 -3NAvO2STdPCWkPHv+wlaNECW8DYSwaN0jJN+Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wk -eZBWN7PGKX6jD/EpOe9+XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f -/RWmnkJDW2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/pDceiz+/RL5h -RqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9Sy9NgWyo6R35rMDOhYil/SrnhLecU -Iw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ7Ud3YA47Dx7SwNxkBYn8eNZcLCZDqQ== ------END CERTIFICATE----- - -TC TrustCenter Class 2 CA II -============================ ------BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIOLmoAAQACH9dSISwRXDswDQYJKoZIhvcNAQEFBQAwdjELMAkGA1UEBhMC -REUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNVBAsTGVRDIFRydXN0Q2VudGVy -IENsYXNzIDIgQ0ExJTAjBgNVBAMTHFRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0EgSUkwHhcNMDYw -MTEyMTQzODQzWhcNMjUxMjMxMjI1OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1 -c3RDZW50ZXIgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQTElMCMGA1UE -AxMcVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAKuAh5uO8MN8h9foJIIRszzdQ2Lu+MNF2ujhoF/RKrLqk2jftMjWQ+nEdVl//OEd+DFw -IxuInie5e/060smp6RQvkL4DUsFJzfb95AhmC1eKokKguNV/aVyQMrKXDcpK3EY+AlWJU+MaWss2 -xgdW94zPEfRMuzBwBJWl9jmM/XOBCH2JXjIeIqkiRUuwZi4wzJ9l/fzLganx4Duvo4bRierERXlQ -Xa7pIXSSTYtZgo+U4+lK8edJsBTj9WLL1XK9H7nSn6DNqPoByNkN39r8R52zyFTfSUrxIan+GE7u -SNQZu+995OKdy1u2bv/jzVrndIIFuoAlOMvkaZ6vQaoahPUCAwEAAaOCATQwggEwMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjq1RMgKHbVkO3kUrL84J6E1wIqzCB -7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRydXN0Y2VudGVyLmRlL2NybC92Mi90 -Y19jbGFzc18yX2NhX0lJLmNybIaBn2xkYXA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBU -cnVzdENlbnRlciUyMENsYXNzJTIwMiUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21i -SCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u -TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAjNfffu4bgBCzg/XbEeprS6iSGNn3Bzn1LL4G -dXpoUxUc6krtXvwjshOg0wn/9vYua0Fxec3ibf2uWWuFHbhOIprtZjluS5TmVfwLG4t3wVMTZonZ -KNaL80VKY7f9ewthXbhtvsPcW3nS7Yblok2+XnR8au0WOB9/WIFaGusyiC2y8zl3gK9etmF1Kdsj -TYjKUCjLhdLTEKJZbtOTVAB6okaVhgWcqRmY5TFyDADiZ9lA4CQze28suVyrZZ0srHbqNZn1l7kP -JOzHdiEoZa5X6AeIdUpWoNIFOqTmjZKILPPy4cHGYdtBxceb9w4aUUXCYWvcZCcXjFq32nQozZfk -vQ== ------END CERTIFICATE----- - -TC TrustCenter Class 3 CA II -============================ ------BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjELMAkGA1UEBhMC -REUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNVBAsTGVRDIFRydXN0Q2VudGVy -IENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYw -MTEyMTQ0MTU3WhcNMjUxMjMxMjI1OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1 -c3RDZW50ZXIgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UE -AxMcVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJWHt4bNwcwIi9v8Qbxq63W -yKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+QVl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo -6SI7dYnWRBpl8huXJh0obazovVkdKyT21oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZ -uV3bOx4a+9P/FRQI2AlqukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk -2ZyqBwi1Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NXXAek0CSnwPIA1DCB -7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRydXN0Y2VudGVyLmRlL2NybC92Mi90 -Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBU -cnVzdENlbnRlciUyMENsYXNzJTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21i -SCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u -TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlNirTzwppVMXzE -O2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8TtXqluJucsG7Kv5sbviRmEb8 -yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9 -IJqDnxrcOfHFcqMRA/07QlIp2+gB95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal -092Y+tTmBvTwtiBjS+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc -5A== ------END CERTIFICATE----- - -TC TrustCenter Universal CA I -============================= ------BEGIN CERTIFICATE----- -MIID3TCCAsWgAwIBAgIOHaIAAQAC7LdggHiNtgYwDQYJKoZIhvcNAQEFBQAweTELMAkGA1UEBhMC -REUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNVBAsTG1RDIFRydXN0Q2VudGVy -IFVuaXZlcnNhbCBDQTEmMCQGA1UEAxMdVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBIEkwHhcN -MDYwMzIyMTU1NDI4WhcNMjUxMjMxMjI1OTU5WjB5MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMg -VHJ1c3RDZW50ZXIgR21iSDEkMCIGA1UECxMbVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBMSYw -JAYDVQQDEx1UQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0EgSTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAKR3I5ZEr5D0MacQ9CaHnPM42Q9e3s9B6DGtxnSRJJZ4Hgmgm5qVSkr1YnwC -qMqs+1oEdjneX/H5s7/zA1hV0qq34wQi0fiU2iIIAI3TfCZdzHd55yx4Oagmcw6iXSVphU9VDprv -xrlE4Vc93x9UIuVvZaozhDrzznq+VZeujRIPFDPiUHDDSYcTvFHe15gSWu86gzOSBnWLknwSaHtw -ag+1m7Z3W0hZneTvWq3zwZ7U10VOylY0Ibw+F1tvdwxIAUMpsN0/lm7mlaoMwCC2/T42J5zjXM9O -gdwZu5GQfezmlwQek8wiSdeXhrYTCjxDI3d+8NzmzSQfO4ObNDqDNOMCAwEAAaNjMGEwHwYDVR0j -BBgwFoAUkqR1LKSevoFE63n8isWVpesQdXMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AYYwHQYDVR0OBBYEFJKkdSyknr6BROt5/IrFlaXrEHVzMA0GCSqGSIb3DQEBBQUAA4IBAQAo0uCG -1eb4e/CX3CJrO5UUVg8RMKWaTzqwOuAGy2X17caXJ/4l8lfmXpWMPmRgFVp/Lw0BxbFg/UU1z/Cy -vwbZ71q+s2IhtNerNXxTPqYn8aEt2hojnczd7Dwtnic0XQ/CNnm8yUpiLe1r2X1BQ3y2qsrtYbE3 -ghUJGooWMNjsydZHcnhLEEYUjl8Or+zHL6sQ17bxbuyGssLoDZJz3KL0Dzq/YSMQiZxIQG5wALPT -ujdEWBF6AmqI8Dc08BnprNRlc/ZpjGSUOnmFKbAWKwyCPwacx/0QK54PLLae4xW/2TYcuiUaUj0a -7CIMHOCkoj3w6DnPgcB77V0fb8XQC9eY ------END CERTIFICATE----- - -Deutsche Telekom Root CA 2 -========================== ------BEGIN CERTIFICATE----- -MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMT -RGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEG -A1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENBIDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5 -MjM1OTAwWjBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0G -A1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBS -b290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEUha88EOQ5 -bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhCQN/Po7qCWWqSG6wcmtoI -KyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1MjwrrFDa1sPeg5TKqAyZMg4ISFZbavva4VhY -AUlfckE8FQYBjl2tqriTtM2e66foai1SNNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aK -Se5TBY8ZTNXeWHmb0mocQqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTV -jlsB9WoHtxa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAPBgNV -HRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAlGRZrTlk5ynr -E/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756AbrsptJh6sTtU6zkXR34ajgv8HzFZMQSy -zhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpaIzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8 -rZ7/gFnkm0W09juwzTkZmDLl6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4G -dyd1Lx+4ivn+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU -Cm26OWMohpLzGITY+9HPBVZkVw== ------END CERTIFICATE----- - -ComSign Secured CA -================== ------BEGIN CERTIFICATE----- -MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEFBQAwPDEbMBkGA1UE -AxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQGEwJJTDAeFw0w -NDAzMjQxMTM3MjBaFw0yOTAzMTYxNTA0NTZaMDwxGzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBD -QTEQMA4GA1UEChMHQ29tU2lnbjELMAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDGtWhfHZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjWaueP1H5XJLkGieQcPOqs -49ohgHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQPRbsHPaHA+iqYHU4Gk/v1iDurX8sWv+bznkqH -7Rnqwp9D5PGBpX8QTz7RSmKtUxvLg/8HZaWSLWapW7ha9B20IZFKF3ueMv5WJDmyVIRD9YTC2LxB -kMyd1mja6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr9gOUCXDeFhF6K+h2j0kQmHe5Y1yLM5d1 -9guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt6+UarA9z1YJZQIDTAgMBAAGjgacwgaQwDAYDVR0TBAUw -AwEB/zBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29t -U2lnblNlY3VyZWRDQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58ADsA -j8c+DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkqhkiG9w0BAQUFAAOC -AQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7piL1DRYHjZiM/EoZNGeQFsOY3wo3a -BijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2mPtCdsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtp -FhpFfTMDZflScZAmlaxMDPWLkz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP -51qJThRv4zdLhfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+/21OGVZOIJFsnzQz -OjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw== ------END CERTIFICATE----- - -Cybertrust Global Root -====================== ------BEGIN CERTIFICATE----- -MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYGA1UEChMPQ3li -ZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBSb290MB4XDTA2MTIxNTA4 -MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQD -ExZDeWJlcnRydXN0IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -+Mi8vRRQZhP/8NN57CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW -0ozSJ8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2yHLtgwEZL -AfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iPt3sMpTjr3kfb1V05/Iin -89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNzFtApD0mpSPCzqrdsxacwOUBdrsTiXSZT -8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAYXSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2 -MDSgMqAwhi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3JsMB8G -A1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUAA4IBAQBW7wojoFRO -lZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMjWqd8BfP9IjsO0QbE2zZMcwSO5bAi -5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUxXOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2 -hO0j9n0Hq0V+09+zv+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+T -X3EJIrduPuocA06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW -WL1WMRJOEcgh4LMRkWXbtKaIOM5V ------END CERTIFICATE----- - -ePKI Root Certification Authority -================================= ------BEGIN CERTIFICATE----- -MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG -EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg -Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx -MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq -MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs -IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi -lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv -qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX -12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O -WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ -ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao -lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/ -vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi -Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi -MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH -ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0 -1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq -KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV -xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP -NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r -GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE -xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx -gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy -sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD -BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw= ------END CERTIFICATE----- - -T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3 -============================================================================================================================= ------BEGIN CERTIFICATE----- -MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRSMRgwFgYDVQQH -DA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJpbGltc2VsIHZlIFRla25vbG9q -aWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSwVEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ry -b25payB2ZSBLcmlwdG9sb2ppIEFyYcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNV -BAsMGkthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUg -S8O2ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAeFw0wNzA4 -MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIxGDAWBgNVBAcMD0dlYnpl -IC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2ppayBBcmHF -n3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBUQUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZl -IEtyaXB0b2xvamkgQXJhxZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2Ft -dSBTZXJ0aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7ZrIFNl -cnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4hgb46ezzb8R1Sf1n68yJMlaCQvEhO -Eav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yKO7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1 -xnnRFDDtG1hba+818qEhTsXOfJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR -6Oqeyjh1jmKwlZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL -hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQIDAQABo0IwQDAd -BgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmPNOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4 -N5EY3ATIZJkrGG2AA1nJrvhY0D7twyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLT -y9LQQfMmNkqblWwM7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYh -LBOhgLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5noN+J1q2M -dqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUsyZyQ2uypQjyttgI= ------END CERTIFICATE----- - -Buypass Class 2 CA 1 -==================== ------BEGIN CERTIFICATE----- -MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU -QnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3MgQ2xhc3MgMiBDQSAxMB4XDTA2 -MTAxMzEwMjUwOVoXDTE2MTAxMzEwMjUwOVowSzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBh -c3MgQVMtOTgzMTYzMzI3MR0wGwYDVQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE425KEHK8T1A9vNkYgxC7M -cXA0ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvnma+WwajHQN2lFYxuyHyXA8vmIPLXl18xoS83 -0r7uvqmtqEyeIWZDO6i88wmjONVZJMHCR3axiFyCO7srpgTXjAePzdVBHfCuuCkslFJgNJQ72uA4 -0Z0zPhX0kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B5J2O6O+JzhRMVB0cgRJNcKi+EAUXfh/R -uFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3WNVyfh9EdrsAiR0WnVE1703CVu9r4Iw7DekCAwEAAaNC -MEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0P -AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLPgcIV -1Xp+DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+DKhQ7SLHrQVMdvvt -7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKuBctN518fV4bVIJwo+28TOPX2EZL2 -fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEseaHsh7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5w -wDX3OaJdZtB7WZ+oRxKaJyOkLY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho ------END CERTIFICATE----- - -Buypass Class 3 CA 1 -==================== ------BEGIN CERTIFICATE----- -MIIDUzCCAjugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU -QnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3MgQ2xhc3MgMyBDQSAxMB4XDTA1 -MDUwOTE0MTMwM1oXDTE1MDUwOTE0MTMwM1owSzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBh -c3MgQVMtOTgzMTYzMzI3MR0wGwYDVQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAKSO13TZKWTeXx+HgJHqTjnmGcZEC4DVC69TB4sSveZn8AKx -ifZgisRbsELRwCGoy+Gb72RRtqfPFfV0gGgEkKBYouZ0plNTVUhjP5JW3SROjvi6K//zNIqeKNc0 -n6wv1g/xpC+9UrJJhW05NfBEMJNGJPO251P7vGGvqaMU+8IXF4Rs4HyI+MkcVyzwPX6UvCWThOia -AJpFBUJXgPROztmuOfbIUxAMZTpHe2DC1vqRycZxbL2RhzyRhkmr8w+gbCZ2Xhysm3HljbybIR6c -1jh+JIAVMYKWsUnTYjdbiAwKYjT+p0h+mbEwi5A3lRyoH6UsjfRVyNvdWQrCrXig9IsCAwEAAaNC -MEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUOBTmyPCppAP0Tj4io1vy1uCtQHQwDgYDVR0P -AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQABZ6OMySU9E2NdFm/soT4JXJEVKirZgCFPBdy7 -pYmrEzMqnji3jG8CcmPHc3ceCQa6Oyh7pEfJYWsICCD8igWKH7y6xsL+z27sEzNxZy5p+qksP2bA -EllNC1QCkoS72xLvg3BweMhT+t/Gxv/ciC8HwEmdMldg0/L2mSlf56oBzKwzqBwKu5HEA6BvtjT5 -htOzdlSY9EqBs1OdTUDs5XcTRa9bqh/YL0yCe/4qxFi7T/ye/QNlGioOw6UgFpRreaaiErS7GqQj -el/wroQk5PMr+4okoyeYZdowdXb8GZHo2+ubPzK/QJcHJrrM85SFSnonk8+QQtS4Wxam58tAA915 ------END CERTIFICATE----- - -EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 -========================================================================== ------BEGIN CERTIFICATE----- -MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2BgNVBAMML0VCRyBF -bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMTcwNQYDVQQKDC5FQkcg -QmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXptZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAe -Fw0wNjA4MTcwMDIxMDlaFw0xNjA4MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ryb25p -ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UECgwuRUJHIEJpbGnFn2lt -IFRla25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBBLsWeLjELMAkGA1UEBhMCVFIwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQDuoIRh0DpqZhAy2DE4f6en5f2h4fuXd7hxlugTlkaDT7by -X3JWbhNgpQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAktiHq6yOU/im/+4mRDGSaBUorzAzu8T2b -gmmkTPiab+ci2hC6X5L8GCcKqKpE+i4stPtGmggDg3KriORqcsnlZR9uKg+ds+g75AxuetpX/dfr -eYteIAbTdgtsApWjluTLdlHRKJ2hGvxEok3MenaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZ -TqNGFav4c0JqwmZ2sQomFd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8UmTDGy -Y5lhcucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z+kI2sSXFCjEmN1Zn -uqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0OLna9XvNRiYuoP1Vzv9s6xiQFlpJI -qkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenmHmMWOeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vm -ExH8nYQKE3vwO9D8owrXieqWfo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0 -Nokb+Clsi7n2l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB -/wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSny2re2kcwHwYDVR0jBBgwFoAU587GT/wW -Z5b6SqMHwQSny2re2kcwDQYJKoZIhvcNAQEFBQADggIBAJuYml2+8ygjdsZs93/mQJ7ANtyVDR2t -FcU22NU57/IeIl6zgrRdu0waypIN30ckHrMk2pGI6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVGoGgm -zJNSroIBk5DKd8pNSe/iWtkqvTDOTLKBtjDOWU/aWR1qeqRFsIImgYZ29fUQALjuswnoT4cCB64k -XPBfrAowzIpAoHMEwfuJJPaaHFy3PApnNgUIMbOv2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqT -bCmYIai7FvOpEl90tYeY8pUm3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJnxk1Gj7sU -RT0KlhaOEKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4QDgZxGhBM/nV+/x5XOULK -1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9qKd+FPNMN4KIYEsxVL0e3p5sC/kH2iExt -2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11thie3I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQ -Y9iJSrSq3RZj9W6+YKH47ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9 -AahH3eU7QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqT ------END CERTIFICATE----- - -certSIGN ROOT CA -================ ------BEGIN CERTIFICATE----- -MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD -VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa -Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE -CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I -JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH -rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2 -ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD -0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943 -AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B -Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB -AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8 -SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0 -x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt -vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz -TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD ------END CERTIFICATE----- - -CNNIC ROOT -========== ------BEGIN CERTIFICATE----- -MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJDTjEOMAwGA1UE -ChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2MDcwOTE0WhcNMjcwNDE2MDcw -OTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1Qw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzD -o+/hn7E7SIX1mlwhIhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tiz -VHa6dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZOV/kbZKKT -VrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrCGHn2emU1z5DrvTOTn1Or -czvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gNv7Sg2Ca+I19zN38m5pIEo3/PIKe38zrK -y5nLAgMBAAGjczBxMBEGCWCGSAGG+EIBAQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscC -wQ7vptU7ETAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991S -lgrHAsEO76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnKOOK5 -Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvHugDnuL8BV8F3RTIM -O/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7HgviyJA/qIYM/PmLXoXLT1tLYhFHxUV8 -BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fLbuXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2 -G8kS1sHNzYDzAgE8yGnLRUhj2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5m -mxE= ------END CERTIFICATE----- - -ApplicationCA - Japanese Government -=================================== ------BEGIN CERTIFICATE----- -MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEcMBoGA1UEChMT -SmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRpb25DQTAeFw0wNzEyMTIxNTAw -MDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYTAkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zl -cm5tZW50MRYwFAYDVQQLEw1BcHBsaWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAp23gdE6Hj6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4 -fl+Kf5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55IrmTwcrN -wVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cwFO5cjFW6WY2H/CPek9AE -jP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDihtQWEjdnjDuGWk81quzMKq2edY3rZ+nYVu -nyoKb58DKTCXKB28t89UKU5RMfkntigm/qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRU -WssmP3HMlEYNllPqa0jQk/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNV -BAYTAkpQMRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOCseOD -vOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADlqRHZ3ODrs -o2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJhyzjVOGjprIIC8CFqMjSnHH2HZ9g -/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYD -io+nEhEMy/0/ecGc/WLuo89UDNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmW -dupwX3kSa+SjB1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL -rosot4LKGAfmt1t06SAZf7IbiVQ= ------END CERTIFICATE----- - -GeoTrust Primary Certification Authority - G3 -============================================= ------BEGIN CERTIFICATE----- -MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UE -BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0 -IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFy -eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIz -NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAo -YykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT -LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5j -K/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdE -c5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3C -IShwiP/WJmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKu -dlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl1UcCAwEAAaNC -MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMR5yo6hTgMdHNxr -2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9 -cr5HqQ6XErhK8WTTOd8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE -Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD -AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33s -t/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt ------END CERTIFICATE----- - -thawte Primary Root CA - G2 -=========================== ------BEGIN CERTIFICATE----- -MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDELMAkGA1UEBhMC -VVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMu -IC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3Qg -Q0EgLSBHMjAeFw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEV -MBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBG -b3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAt -IEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJS -LSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2twu8x+qi5 -8/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU -mtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUN -G4k8VIZ3KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3K -rr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== ------END CERTIFICATE----- - -thawte Primary Root CA - G3 -=========================== ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UE -BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2 -aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv -cml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0w -ODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh -d3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD -VQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG -A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2At -P0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC -+BsUa0Lfb1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY -7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkGcuYMXDhpxwTW -vGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUkOQIDAQABo0IwQDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJ -KoZIhvcNAQELBQADggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK -A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu -t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC -8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm -er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A= ------END CERTIFICATE----- - -GeoTrust Primary Certification Authority - G2 -============================================= ------BEGIN CERTIFICATE----- -MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMC -VVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IElu -Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1 -OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg -MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdl -b1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEG -BSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33KSLjHUGMc -KiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYD -VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+ -EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7m -ndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2 -npaqBA+K ------END CERTIFICATE----- - -VeriSign Universal Root Certification Authority -=============================================== ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UE -BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO -ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk -IHVzZSBvbmx5MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9u -IEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJV -UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv -cmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl -IG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj -1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGP -MiJhgsWHH26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL72 -9fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMReYTtXlT2NJ8I -AfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPTrJ9VAMf2CGqUuV/c4DPxhGD5WycR -tPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0G -CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O -a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud -DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3 -Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazx -Y8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTx -P/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+P -wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4 -mJO37M2CYfE45k+XmCpajQ== ------END CERTIFICATE----- - -VeriSign Class 3 Public Primary Certification Authority - G4 -============================================================ ------BEGIN CERTIFICATE----- -MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjELMAkGA1UEBhMC -VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3 -b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVz -ZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjEL -MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU -cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRo -b3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5 -IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8 -Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGz -rl0Bp3vefLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB -/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw -HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24u -Y29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMD -A2gAMGUCMGYhDBgmYFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx -AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== ------END CERTIFICATE----- - -NetLock Arany (Class Gold) Főtanúsítvány -============================================ ------BEGIN CERTIFICATE----- -MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G -A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610 -dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB -cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx -MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO -ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv -biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6 -c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu -0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw -/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk -H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw -fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1 -neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW -qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta -YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC -bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna -NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu -dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= ------END CERTIFICATE----- - -Staat der Nederlanden Root CA - G2 -================================== ------BEGIN CERTIFICATE----- -MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE -CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g -Um9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oXDTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMC -TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l -ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ -5291qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8SpuOUfiUtn -vWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPUZ5uW6M7XxgpT0GtJlvOj -CwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvEpMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiil -e7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCR -OME4HYYEhLoaJXhena/MUGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpI -CT0ugpTNGmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy5V65 -48r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv6q012iDTiIJh8BIi -trzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEKeN5KzlW/HdXZt1bv8Hb/C3m1r737 -qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMB -AAGjgZcwgZQwDwYDVR0TAQH/BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcC -ARYxaHR0cDovL3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV -HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqGSIb3DQEBCwUA -A4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLySCZa59sCrI2AGeYwRTlHSeYAz -+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwj -f/ST7ZwaUb7dRUG/kSS0H4zpX897IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaN -kqbG9AclVMwWVxJKgnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfk -CpYL+63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxLvJxxcypF -URmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkmbEgeqmiSBeGCc1qb3Adb -CG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvkN1trSt8sV4pAWja63XVECDdCcAz+3F4h -oKOKwJCcaNpQ5kUQR3i2TtJlycM33+FCY7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoV -IPVVYpbtbZNQvOSqeK3Zywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm -66+KAQ== ------END CERTIFICATE----- - -CA Disig -======== ------BEGIN CERTIFICATE----- -MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzETMBEGA1UEBxMK -QnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwHhcNMDYw -MzIyMDEzOTM0WhcNMTYwMzIyMDEzOTM0WjBKMQswCQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlz -bGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6UShGhJd4NLxs/LxFWYgm -GErENx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIjZkMhsDxkovhqFQ4/61HhVKndBpnXmjxUizkD -Pw/Fzsbrg3ICqB9x8y34dQjbYkzo+s7552oftms1grrijxaSfQUMbEYDXcDtab86wYqg6I7ZuUUo -hwjstMoVvoLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhWS8+2rT+MitcE5eN4TPWGqvWP+j1scaMt -ymfraHtuM6kMgiioTGohQBUgDCZbg8KpFhXAJIJdKxatymP2dACw30PEEGBWZ2NFAgMBAAGjgf8w -gfwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0P -AQH/BAQDAgEGMDYGA1UdEQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cuZGlz -aWcuc2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5zay9jYS9jcmwvY2Ff -ZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2svY2EvY3JsL2NhX2Rpc2lnLmNybDAa -BgNVHSAEEzARMA8GDSuBHpGT5goAAAABAQEwDQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59t -WDYcPQuBDRIrRhCA/ec8J9B6yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3 -mkkp7M5+cTxqEEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l37iYC5oyOGwwoPP/ -CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54GvCKWU3BlxFAKRmukLyeBEicTXxChds6K -ezfqwzlhA5WYOudsiCUI/HloDYd9Yvi0X/vF2Ey9WLw/Q1vUHgFNPGO+I++MzVpQuGhU+QqZMxEA -4Z7CRneC9VkGjCFMhwnN5ag= ------END CERTIFICATE----- - -Juur-SK -======= ------BEGIN CERTIFICATE----- -MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcNAQkBFglwa2lA -c2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRAw -DgYDVQQDEwdKdXVyLVNLMB4XDTAxMDgzMDE0MjMwMVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqG -SIb3DQEJARYJcGtpQHNrLmVlMQswCQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVy -aW1pc2tlc2t1czEQMA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSYRqTCZUXP00B841oiqBB4M8yIsdOBSvZiF3tf -TQou0M+LI+5PAk676w7KvRhj6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkzABpTpyHhOEvWgxutr2TC -+Rx6jGZITWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvHLCu3GFH+4Hv2qEivbDtPL+/40UceJlfw -UR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMPPbgFPtGzlc3Yyg/CQ2fbt5PgIoIuvvVoKIO5wTtpeyDa -Tpxt4brNj3pssAki14sL2xzVWiZbDcDq5WDQn/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQF -MAMBAf8wggEWBgNVHSAEggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwICMIHD -HoHAAFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDkAGwAagBhAHMAdABh -AHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0AHMAZQBlAHIAaQBtAGkAcwBrAGUA -cwBrAHUAcwAgAGEAbABhAG0ALQBTAEsAIABzAGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABr -AGkAbgBuAGkAdABhAG0AaQBzAGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nw -cy8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2NybC8wHQYDVR0OBBYE -FASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaAFASqekej5ImvGs8KQKcYP2/v6X2+MA4G -A1UdDwEB/wQEAwIB5jANBgkqhkiG9w0BAQUFAAOCAQEAe8EYlFOiCfP+JmeaUOTDBS8rNXiRTHyo -ERF5TElZrMj3hWVcRrs7EKACr81Ptcw2Kuxd/u+gkcm2k298gFTsxwhwDY77guwqYHhpNjbRxZyL -abVAyJRld/JXIWY7zoVAtjNjGr95HvxcHdMdkxuLDF2FvZkwMhgJkVLpfKG6/2SSmuz+Ne6ML678 -IIbsSt4beDI3poHSna9aEhbKmVv8b20OxaAehsmR0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkh -Mp6qqIWYNIE5ITuoOlIyPfZrN4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0ZTbvGRNs2 -yyqcjg== ------END CERTIFICATE----- - -Hongkong Post Root CA 1 -======================= ------BEGIN CERTIFICATE----- -MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT -DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx -NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n -IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1 -ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr -auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh -qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY -V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV -HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i -h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio -l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei -IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps -T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT -c4afU9hDDl3WY4JxHYB0yvbiAmvZWg== ------END CERTIFICATE----- - -SecureSign RootCA11 -=================== ------BEGIN CERTIFICATE----- -MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi -SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS -b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw -KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1 -cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL -TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO -wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq -g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP -O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA -bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX -t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh -OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r -bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ -Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01 -y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061 -lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I= ------END CERTIFICATE----- - -ACEDICOM Root -============= ------BEGIN CERTIFICATE----- -MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UEAwwNQUNFRElD -T00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMB4XDTA4 -MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEWMBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoG -A1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHk -WLn709gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7XBZXehuD -YAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5PGrjm6gSSrj0RuVFCPYew -MYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAKt0SdE3QrwqXrIhWYENiLxQSfHY9g5QYb -m8+5eaA9oiM/Qj9r+hwDezCNzmzAv+YbX79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbk -HQl/Sog4P75n/TSW9R28MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTT -xKJxqvQUfecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI2Sf2 -3EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyHK9caUPgn6C9D4zq9 -2Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEaeZAwUswdbxcJzbPEHXEUkFDWug/Fq -TYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz -4SsrSbbXc6GqlPUB53NlTKxQMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU -9QHnc2VMrFAwRAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv -bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWImfQwng4/F9tqg -aHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3gvoFNTPhNahXwOf9jU8/kzJP -eGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKeI6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1Pwk -zQSulgUV1qzOMPPKC8W64iLgpq0i5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1 -ThCojz2GuHURwCRiipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oI -KiMnMCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZo5NjEFIq -nxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6zqylfDJKZ0DcMDQj3dcE -I2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacNGHk0vFQYXlPKNFHtRQrmjseCNj6nOGOp -MCwXEGCSn1WHElkQwg9naRHMTh5+Spqtr0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3o -tkYNbn5XOmeUwssfnHdKZ05phkOTOPu220+DkdRgfks+KzgHVZhepA== ------END CERTIFICATE----- - -Verisign Class 3 Public Primary Certification Authority -======================================================= ------BEGIN CERTIFICATE----- -MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMx -FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5 -IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVow -XzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAz -IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94 -f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Ol -hec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBABByUqkFFBky -CEHwxWsKzH4PIRnN5GfcX6kb5sroc50i2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWX -bj9T/UWZYB2oK0z5XqcJ2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/ -D/xwzoiQ ------END CERTIFICATE----- - -Microsec e-Szigno Root CA 2009 -============================== ------BEGIN CERTIFICATE----- -MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER -MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv -c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o -dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE -BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt -U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA -fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG -0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA -pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm -1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC -AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf -QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE -FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o -lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX -I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 -tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02 -yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi -LXpUq3DDfSJlgnCW ------END CERTIFICATE----- - -E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi -=================================================== ------BEGIN CERTIFICATE----- -MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQG -EwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5TLjE8MDoGA1UEAxMz -ZS1HdXZlbiBLb2sgRWxla3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhZ2xheWljaXNpMB4XDTA3 -MDEwNDExMzI0OFoXDTE3MDEwNDExMzI0OFowdTELMAkGA1UEBhMCVFIxKDAmBgNVBAoTH0VsZWt0 -cm9uaWsgQmlsZ2kgR3V2ZW5saWdpIEEuUy4xPDA6BgNVBAMTM2UtR3V2ZW4gS29rIEVsZWt0cm9u -aWsgU2VydGlmaWthIEhpem1ldCBTYWdsYXlpY2lzaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAMMSIJ6wXgBljU5Gu4Bc6SwGl9XzcslwuedLZYDBS75+PNdUMZTe1RK6UxYC6lhj71vY -8+0qGqpxSKPcEC1fX+tcS5yWCEIlKBHMilpiAVDV6wlTL/jDj/6z/P2douNffb7tC+Bg62nsM+3Y -jfsSSYMAyYuXjDtzKjKzEve5TfL0TW3H5tYmNwjy2f1rXKPlSFxYvEK+A1qBuhw1DADT9SN+cTAI -JjjcJRFHLfO6IxClv7wC90Nex/6wN1CZew+TzuZDLMN+DfIcQ2Zgy2ExR4ejT669VmxMvLz4Bcpk -9Ok0oSy1c+HCPujIyTQlCFzz7abHlJ+tiEMl1+E5YP6sOVkCAwEAAaNCMEAwDgYDVR0PAQH/BAQD -AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ/uRLOU1fqRTy7ZVZoEVtstxNulMA0GCSqG -SIb3DQEBBQUAA4IBAQB/X7lTW2M9dTLn+sR0GstG30ZpHFLPqk/CaOv/gKlR6D1id4k9CnU58W5d -F4dvaAXBlGzZXd/aslnLpRCKysw5zZ/rTt5S/wzw9JKp8mxTq5vSR6AfdPebmvEvFZ96ZDAYBzwq -D2fK/A+JYZ1lpTzlvBNbCNvj/+27BrtqBrF6T2XGgv0enIu1De5Iu7i9qgi0+6N8y5/NkHZchpZ4 -Vwpm+Vganf2XKWDeEaaQHBkc7gGWIjQ0LpH5t8Qn0Xvmv/uARFoW5evg1Ao4vOSR49XrXMGs3xtq -fJ7lddK2l4fbzIcrQzqECK+rPNv3PGYxhrCdU3nt+CPeQuMtgvEP5fqX ------END CERTIFICATE----- - -GlobalSign Root CA - R3 -======================= ------BEGIN CERTIFICATE----- -MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv -YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh -bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT -aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln -bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt -iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ -0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3 -rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl -OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2 -xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE -FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7 -lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8 -EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E -bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18 -YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r -kpeDMdmztcpHWD9f ------END CERTIFICATE----- - -Autoridad de Certificacion Firmaprofesional CIF A62634068 -========================================================= ------BEGIN CERTIFICATE----- -MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA -BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 -MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw -QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB -NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD -Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P -B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY -7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH -ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI -plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX -MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX -LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK -bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU -vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud -EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH -DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp -cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA -bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx -ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx -51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk -R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP -T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f -Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl -osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR -crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR -saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD -KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi -6Et8Vcad+qMUu2WFbm5PEn4KPJ2V ------END CERTIFICATE----- - -Izenpe.com -========== ------BEGIN CERTIFICATE----- -MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG -EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz -MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu -QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ -03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK -ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU -+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC -PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT -OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK -F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK -0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+ -0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB -leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID -AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+ -SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG -NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx -MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O -BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l -Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga -kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q -hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs -g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5 -aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5 -nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC -ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo -Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z -WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== ------END CERTIFICATE----- - -Chambers of Commerce Root - 2008 -================================ ------BEGIN CERTIFICATE----- -MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFD -MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv -bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu -QS4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEy -Mjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNl -ZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF -EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJl -cnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC -AQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKA -XuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorj -h40G072QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/ -ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFHcpOrUMPrCXZk -NNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgvMPMZ4fKecHePOjlO+Bd5g -D2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331 -lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ -0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj -ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2 -EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCI -G8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJ -BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNh -bWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENh -bWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiC -CQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH -AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1 -wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH -3qLPaYRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbU -RWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaHFoI6 -M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2pSB7+R5KBWIBpih1 -YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF -9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK -zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvG -nrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg -OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ ------END CERTIFICATE----- - -Global Chambersign Root - 2008 -============================== ------BEGIN CERTIFICATE----- -MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYDVQQGEwJFVTFD -MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv -bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu -QS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMx -NDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUg -Y3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ -QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD -aGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDf -VtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXf -XjaOcNFccUMd2drvXNL7G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0 -ZJJ0YPP2zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB -/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiMvvKRhI9lNNgA -TH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2Id3UwD2ln58fQ1DJu7xsepeY7s2M -H/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfe -Ox2YItaswTXbo6Al/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF -HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh -wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsogzCtLkykPAgMB -AAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuT -BjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UE -BhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm -aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm -aXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp -1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0 -dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAICIf3DekijZBZRG -/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6 -ReAJ3spED8IXDneRRXozX1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/s -dZ7LoR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVza2Mg -9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yydYhz2rXzdpjEetrHH -foUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9Du -qqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr -P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVq -c5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z -09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B ------END CERTIFICATE----- - -Go Daddy Root Certificate Authority - G2 -======================================== ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT -B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu -MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 -MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 -b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G -A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq -9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD -+qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd -fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl -NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC -MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9 -BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac -vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r -5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV -N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO -LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1 ------END CERTIFICATE----- - -Starfield Root Certificate Authority - G2 -========================================= ------BEGIN CERTIFICATE----- -MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT -B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s -b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 -eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw -DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg -VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB -dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv -W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs -bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk -N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf -ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU -JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol -TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx -4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw -F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K -pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ -c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 ------END CERTIFICATE----- - -Starfield Services Root Certificate Authority - G2 -================================================== ------BEGIN CERTIFICATE----- -MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT -B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s -b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl -IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT -dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg -Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2 -h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa -hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP -LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB -rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw -AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG -SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP -E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy -xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd -iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza -YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6 ------END CERTIFICATE----- - -AffirmTrust Commercial -====================== ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS -BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw -MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly -bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb -DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV -C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6 -BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww -MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV -HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG -hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi -qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv -0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh -sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= ------END CERTIFICATE----- - -AffirmTrust Networking -====================== ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS -BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw -MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly -bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE -Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI -dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24 -/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb -h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV -HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu -UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6 -12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23 -WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9 -/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= ------END CERTIFICATE----- - -AffirmTrust Premium -=================== ------BEGIN CERTIFICATE----- -MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS -BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy -OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy -dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn -BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV -5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs -+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd -GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R -p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI -S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04 -6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5 -/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo -+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv -MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg -Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC -6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S -L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK -+4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV -BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg -IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60 -g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb -zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw== ------END CERTIFICATE----- - -AffirmTrust Premium ECC -======================= ------BEGIN CERTIFICATE----- -MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV -BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx -MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U -cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ -N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW -BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK -BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X -57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM -eQ== ------END CERTIFICATE----- - -Certum Trusted Network CA -========================= ------BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK -ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy -MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU -ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC -l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J -J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4 -fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0 -cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB -Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw -DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj -jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1 -mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj -Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI -03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= ------END CERTIFICATE----- - -Certinomis - Autorité Racine -============================= ------BEGIN CERTIFICATE----- -MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjETMBEGA1UEChMK -Q2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAkBgNVBAMMHUNlcnRpbm9taXMg -LSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkG -A1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYw -JAYDVQQDDB1DZXJ0aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jYF1AMnmHa -wE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N8y4oH3DfVS9O7cdxbwly -Lu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWerP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw -2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92N -jMD2AR5vpTESOH2VwnHu7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9q -c1pkIuVC28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6lSTC -lrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1Enn1So2+WLhl+HPNb -xxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB0iSVL1N6aaLwD4ZFjliCK0wi1F6g -530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql095gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna -4NH4+ej9Uji29YnfAgMBAAGjWzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBQNjLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ -KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9sov3/4gbIOZ/x -WqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZMOH8oMDX/nyNTt7buFHAAQCva -R6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40 -nJ+U8/aGH88bc62UeYdocMMzpXDn2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1B -CxMjidPJC+iKunqjo3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjv -JL1vnxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG5ERQL1TE -qkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWqpdEdnV1j6CTmNhTih60b -WfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZbdsLLO7XSAPCjDuGtbkD326C00EauFddE -wk01+dIL8hf2rGbVJLJP0RyZwG71fet0BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/ -vgt2Fl43N+bYdJeimUV5 ------END CERTIFICATE----- - -Root CA Generalitat Valenciana -============================== ------BEGIN CERTIFICATE----- -MIIGizCCBXOgAwIBAgIEO0XlaDANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJFUzEfMB0GA1UE -ChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJR1ZBMScwJQYDVQQDEx5Sb290 -IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwHhcNMDEwNzA2MTYyMjQ3WhcNMjEwNzAxMTUyMjQ3 -WjBoMQswCQYDVQQGEwJFUzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UE -CxMGUEtJR1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGKqtXETcvIorKA3Qdyu0togu8M1JAJke+WmmmO3I2 -F0zo37i7L3bhQEZ0ZQKQUgi0/6iMweDHiVYQOTPvaLRfX9ptI6GJXiKjSgbwJ/BXufjpTjJ3Cj9B -ZPPrZe52/lSqfR0grvPXdMIKX/UIKFIIzFVd0g/bmoGlu6GzwZTNVOAydTGRGmKy3nXiz0+J2ZGQ -D0EbtFpKd71ng+CT516nDOeB0/RSrFOyA8dEJvt55cs0YFAQexvba9dHq198aMpunUEDEO5rmXte -JajCq+TA81yc477OMUxkHl6AovWDfgzWyoxVjr7gvkkHD6MkQXpYHYTqWBLI4bft75PelAgxAgMB -AAGjggM7MIIDNzAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnBraS5n -dmEuZXMwEgYDVR0TAQH/BAgwBgEB/wIBAjCCAjQGA1UdIASCAiswggInMIICIwYKKwYBBAG/VQIB -ADCCAhMwggHoBggrBgEFBQcCAjCCAdoeggHWAEEAdQB0AG8AcgBpAGQAYQBkACAAZABlACAAQwBl -AHIAdABpAGYAaQBjAGEAYwBpAPMAbgAgAFIAYQDtAHoAIABkAGUAIABsAGEAIABHAGUAbgBlAHIA -YQBsAGkAdABhAHQAIABWAGEAbABlAG4AYwBpAGEAbgBhAC4ADQAKAEwAYQAgAEQAZQBjAGwAYQBy -AGEAYwBpAPMAbgAgAGQAZQAgAFAAcgDhAGMAdABpAGMAYQBzACAAZABlACAAQwBlAHIAdABpAGYA -aQBjAGEAYwBpAPMAbgAgAHEAdQBlACAAcgBpAGcAZQAgAGUAbAAgAGYAdQBuAGMAaQBvAG4AYQBt -AGkAZQBuAHQAbwAgAGQAZQAgAGwAYQAgAHAAcgBlAHMAZQBuAHQAZQAgAEEAdQB0AG8AcgBpAGQA -YQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEAYwBpAPMAbgAgAHMAZQAgAGUAbgBjAHUAZQBu -AHQAcgBhACAAZQBuACAAbABhACAAZABpAHIAZQBjAGMAaQDzAG4AIAB3AGUAYgAgAGgAdAB0AHAA -OgAvAC8AdwB3AHcALgBwAGsAaQAuAGcAdgBhAC4AZQBzAC8AYwBwAHMwJQYIKwYBBQUHAgEWGWh0 -dHA6Ly93d3cucGtpLmd2YS5lcy9jcHMwHQYDVR0OBBYEFHs100DSHHgZZu90ECjcPk+yeAT8MIGV -BgNVHSMEgY0wgYqAFHs100DSHHgZZu90ECjcPk+yeAT8oWykajBoMQswCQYDVQQGEwJFUzEfMB0G -A1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJR1ZBMScwJQYDVQQDEx5S -b290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmGCBDtF5WgwDQYJKoZIhvcNAQEFBQADggEBACRh -TvW1yEICKrNcda3FbcrnlD+laJWIwVTAEGmiEi8YPyVQqHxK6sYJ2fR1xkDar1CdPaUWu20xxsdz -Ckj+IHLtb8zog2EWRpABlUt9jppSCS/2bxzkoXHPjCpaF3ODR00PNvsETUlR4hTJZGH71BTg9J63 -NI8KJr2XXPR5OkowGcytT6CYirQxlyric21+eLj4iIlPsSKRZEv1UN4D2+XFducTZnV+ZfsBn5OH -iJ35Rld8TWCvmHMTI6QgkYH60GFmuH3Rr9ZvHmw96RH9qfmCIoaZM3Fa6hlXPZHNqcCjbgcTpsnt -+GijnsNacgmHKNHEc8RzGF9QdRYxn7fofMM= ------END CERTIFICATE----- - -A-Trust-nQual-03 -================ ------BEGIN CERTIFICATE----- -MIIDzzCCAregAwIBAgIDAWweMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJBVDFIMEYGA1UE -Cgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy -a2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5RdWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5R -dWFsLTAzMB4XDTA1MDgxNzIyMDAwMFoXDTE1MDgxNzIyMDAwMFowgY0xCzAJBgNVBAYTAkFUMUgw -RgYDVQQKDD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 -ZW52ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMMEEEtVHJ1 -c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtPWFuA/OQO8BBC4SA -zewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUjlUC5B3ilJfYKvUWG6Nm9wASOhURh73+n -yfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZznF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPE -SU7l0+m0iKsMrmKS1GWH2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4 -iHQF63n1k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs2e3V -cuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECERqlWdV -eRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAVdRU0VlIXLOThaq/Yy/kgM40 -ozRiPvbY7meIMQQDbwvUB/tOdQ/TLtPAF8fGKOwGDREkDg6lXb+MshOWcdzUzg4NCmgybLlBMRmr -sQd7TZjTXLDR8KdCoLXEjq/+8T/0709GAHbrAvv5ndJAlseIOrifEXnzgGWovR/TeIGgUUw3tKZd -JXDRZslo+S4RFGjxVJgIrCaSD96JntT6s3kr0qN51OyLrIdTaEJMUVF0HhsnLuP1Hyl0Te2v9+GS -mYHovjrHF1D2t8b8m7CKa9aIA5GPBnc6hQLdmNVDeD/GMBWsm2vLV7eJUYs66MmEDNuxUCAKGkq6 -ahq97BvIxYSazQ== ------END CERTIFICATE----- - -TWCA Root Certification Authority -================================= ------BEGIN CERTIFICATE----- -MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ -VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG -EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB -IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx -QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC -oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP -4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r -y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG -9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC -mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW -QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY -T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny -Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== ------END CERTIFICATE----- - -Security Communication RootCA2 -============================== ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc -U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh -dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC -SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy -aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++ -+T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R -3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV -spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K -EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8 -QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB -CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj -u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk -3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q -tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29 -mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 ------END CERTIFICATE----- - -EC-ACC -====== ------BEGIN CERTIFICATE----- -MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UE -BhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0w -ODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD -VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UE -CxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMT -BkVDLUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQGEwJFUzE7 -MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8gKE5JRiBRLTA4MDExNzYt -SSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBDZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZl -Z2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQubmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJh -cnF1aWEgRW50aXRhdHMgZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUND -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R85iK -w5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm4CgPukLjbo73FCeT -ae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaVHMf5NLWUhdWZXqBIoH7nF2W4onW4 -HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNdQlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0a -E9jD2z3Il3rucO2n5nzbcc8tlGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw -0JDnJwIDAQABo4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4opvpXY0wfwYD -VR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBodHRwczovL3d3dy5jYXRjZXJ0 -Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5l -dC92ZXJhcnJlbCAwDQYJKoZIhvcNAQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJ -lF7W2u++AVtd0x7Y/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNa -Al6kSBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhyRp/7SNVe -l+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOSAgu+TGbrIP65y7WZf+a2 -E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xlnJ2lYJU6Un/10asIbvPuW/mIPX64b24D -5EI= ------END CERTIFICATE----- - -Hellenic Academic and Research Institutions RootCA 2011 -======================================================= ------BEGIN CERTIFICATE----- -MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoT -O0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y -aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z -IFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYT -AkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z -IENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNo -IEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI -1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa -71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u -8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH -3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/ -MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8 -MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQu -b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVt -XdMiKahsog2p6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 -TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD -/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N -7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4 ------END CERTIFICATE----- - -Actalis Authentication Root CA -============================== ------BEGIN CERTIFICATE----- -MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM -BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE -AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky -MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz -IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 -IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ -wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa -by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6 -zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f -YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2 -oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l -EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7 -hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8 -EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5 -jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY -iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt -ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI -WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0 -JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx -K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+ -Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC -4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo -2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz -lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem -OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9 -vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== ------END CERTIFICATE----- - -Trustis FPS Root CA -=================== ------BEGIN CERTIFICATE----- -MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQG -EwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQLExNUcnVzdGlzIEZQUyBSb290 -IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTExMzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNV -BAoTD1RydXN0aXMgTGltaXRlZDEcMBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQ -RUN+AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihHiTHcDnlk -H5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjjvSkCqPoc4Vu5g6hBSLwa -cY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zt -o3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlBOrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEA -AaNTMFEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAd -BgNVHQ4EFgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01GX2c -GE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmWzaD+vkAMXBJV+JOC -yinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP41BIy+Q7DsdwyhEQsb8tGD+pmQQ9P -8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZEf1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHV -l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl -iB6XzCGcKQENZetX2fNXlrtIzYE= ------END CERTIFICATE----- - -StartCom Certification Authority -================================ ------BEGIN CERTIFICATE----- -MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu -ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0 -NjM3WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk -LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg -U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y -o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/ -Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d -eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt -2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z -6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ -osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/ -untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc -UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT -37uMdBNSSwIDAQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD -VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQ -Qa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCCATgwLgYIKwYBBQUHAgEWImh0 -dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu -c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENv -bW1lcmNpYWwgKFN0YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0 -aGUgc2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t -L3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBG -cmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5 -fPGFf59Jb2vKXfuM/gTFwWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWm -N3PH/UvSTa0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst0OcN -Org+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNcpRJvkrKTlMeIFw6T -tn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKlCcWw0bdT82AUuoVpaiF8H3VhFyAX -e2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVFP0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA -2MFrLH9ZXF2RsXAiV+uKa0hK1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBs -HvUwyKMQ5bLmKhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE -JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ8dCAWZvLMdib -D4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnmfyWl8kgAwKQB2j8= ------END CERTIFICATE----- - -StartCom Certification Authority G2 -=================================== ------BEGIN CERTIFICATE----- -MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -RzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UE -ChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8O -o1XJJZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsDvfOpL9HG -4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnooD/Uefyf3lLE3PbfHkffi -Aez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/Q0kGi4xDuFby2X8hQxfqp0iVAXV16iul -Q5XqFYSdCI0mblWbq9zSOdIxHWDirMxWRST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbs -O+wmETRIjfaAKxojAuuKHDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8H -vKTlXcxNnw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM0D4L -nMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/iUUjXuG+v+E5+M5iS -FGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9Ha90OrInwMEePnWjFqmveiJdnxMa -z6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHgTuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJ -KoZIhvcNAQELBQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K -2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfXUfEpY9Z1zRbk -J4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl6/2o1PXWT6RbdejF0mCy2wl+ -JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG -/+gyRr61M3Z3qAFdlsHB1b6uJcDJHgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTc -nIhT76IxW1hPkWLIwpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/Xld -blhYXzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5lIxKVCCIc -l85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoohdVddLHRDiBYmxOlsGOm -7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulrso8uBtjRkcfGEvRM/TAXw8HaOFvjqerm -obp573PYtlNXLfbQ4ddI ------END CERTIFICATE----- - -Buypass Class 2 Root CA -======================= ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU -QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X -DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 -eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1 -g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn -9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b -/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU -CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff -awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI -zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn -Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX -Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs -M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD -VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF -AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s -A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI -osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S -aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd -DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD -LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0 -oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC -wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS -CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN -rJgWVqA= ------END CERTIFICATE----- - -Buypass Class 3 Root CA -======================= ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU -QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X -DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 -eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH -sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR -5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh -7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ -ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH -2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV -/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ -RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA -Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq -j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD -VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF -AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV -cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G -uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG -Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8 -ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2 -KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz -6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug -UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe -eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi -Cp/HuZc= ------END CERTIFICATE----- - -T-TeleSec GlobalRoot Class 3 -============================ ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM -IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU -cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx -MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz -dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD -ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK -9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU -NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF -iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W -0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr -AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb -fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT -ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h -P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml -e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw== ------END CERTIFICATE----- - -EE Certification Centre Root CA -=============================== ------BEGIN CERTIFICATE----- -MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQG -EwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2Vy -dGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIw -MTAxMDMwMTAxMDMwWhgPMjAzMDEyMTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlB -UyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRy -ZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUyeuuOF0+W2Ap7kaJjbMeM -TC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvObntl8jixwKIy72KyaOBhU8E2lf/slLo2 -rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIwWFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw -93X2PaRka9ZP585ArQ/dMtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtN -P2MbRMNE1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYDVR0T -AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/zQas8fElyalL1BSZ -MEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF -BQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+Rj -xY6hUFaTlrg4wCQiZrxTFGGVv9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqM -lIpPnTX/dqQGE5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u -uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU -3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/vGVCJYMzpJJUPwssd8m92kMfM -dcGWxZ0= ------END CERTIFICATE----- - -TURKTRUST Certificate Services Provider Root 2007 -================================================= ------BEGIN CERTIFICATE----- -MIIEPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvzE/MD0GA1UEAww2VMOcUktUUlVTVCBF -bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEP -MA0GA1UEBwwGQW5rYXJhMV4wXAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUg -QmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgQXJhbMSxayAyMDA3MB4X -DTA3MTIyNTE4MzcxOVoXDTE3MTIyMjE4MzcxOVowgb8xPzA9BgNVBAMMNlTDnFJLVFJVU1QgRWxl -a3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTELMAkGA1UEBhMCVFIxDzAN -BgNVBAcMBkFua2FyYTFeMFwGA1UECgxVVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp -bGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7Fni4gKGMpIEFyYWzEsWsgMjAwNzCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKu3PgqMyKVYFeaK7yc9SrToJdPNM8Ig3BnuiD9N -YvDdE3ePYakqtdTyuTFYKTsvP2qcb3N2Je40IIDu6rfwxArNK4aUyeNgsURSsloptJGXg9i3phQv -KUmi8wUG+7RP2qFsmmaf8EMJyupyj+sA1zU511YXRxcw9L6/P8JorzZAwan0qafoEGsIiveGHtya -KhUG9qPw9ODHFNRRf8+0222vR5YXm3dx2KdxnSQM9pQ/hTEST7ruToK4uT6PIzdezKKqdfcYbwnT -rqdUKDT74eA7YH2gvnmJhsifLfkKS8RQouf9eRbHegsYz85M733WB2+Y8a+xwXrXgTW4qhe04MsC -AwEAAaNCMEAwHQYDVR0OBBYEFCnFkKslrxHkYb+j/4hhkeYO/pyBMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAQDdr4Ouwo0RSVgrESLFF6QSU2TJ/s -Px+EnWVUXKgWAkD6bho3hO9ynYYKVZ1WKKxmLNA6VpM0ByWtCLCPyA8JWcqdmBzlVPi5RX9ql2+I -aE1KBiY3iAIOtsbWcpnOa3faYjGkVh+uX4132l32iPwa2Z61gfAyuOOI0JzzaqC5mxRZNTZPz/OO -Xl0XrRWV2N2y1RVuAE6zS89mlOTgzbUF2mNXi+WzqtvALhyQRNsaXRik7r4EW5nVcV9VZWRi1aKb -BFmGyGJ353yCRWo9F7/snXUMrqNvWtMvmDb08PUZqxFdyKbjKlhqQgnDvZImZjINXQhVdP+MmNAK -poRq0Tl9 ------END CERTIFICATE----- - -D-TRUST Root Class 3 CA 2 2009 -============================== ------BEGIN CERTIFICATE----- -MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK -DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe -Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE -LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD -ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA -BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv -KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z -p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC -AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ -4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y -eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw -MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G -PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw -OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm -2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 -o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV -dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph -X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I= ------END CERTIFICATE----- - -D-TRUST Root Class 3 CA 2 EV 2009 -================================= ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK -DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw -OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK -DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw -OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS -egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh -zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T -7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60 -sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35 -11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv -cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v -ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El -MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp -b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh -c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+ -PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 -nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX -ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA -NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv -w9y4AyHqnxbxLFS1 ------END CERTIFICATE----- - -PSCProcert -========== ------BEGIN CERTIFICATE----- -MIIJhjCCB26gAwIBAgIBCzANBgkqhkiG9w0BAQsFADCCAR4xPjA8BgNVBAMTNUF1dG9yaWRhZCBk -ZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9sYW5vMQswCQYDVQQGEwJWRTEQ -MA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlzdHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lz -dGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBl -cmludGVuZGVuY2lhIGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUw -IwYJKoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyODE2NTEwMFoXDTIw -MTIyNTIzNTk1OVowgdExJjAkBgkqhkiG9w0BCQEWF2NvbnRhY3RvQHByb2NlcnQubmV0LnZlMQ8w -DQYDVQQHEwZDaGFjYW8xEDAOBgNVBAgTB01pcmFuZGExKjAoBgNVBAsTIVByb3ZlZWRvciBkZSBD -ZXJ0aWZpY2Fkb3MgUFJPQ0VSVDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZp -Y2FjaW9uIEVsZWN0cm9uaWNhMQswCQYDVQQGEwJWRTETMBEGA1UEAxMKUFNDUHJvY2VydDCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANW39KOUM6FGqVVhSQ2oh3NekS1wwQYalNo97BVC -wfWMrmoX8Yqt/ICV6oNEolt6Vc5Pp6XVurgfoCfAUFM+jbnADrgV3NZs+J74BCXfgI8Qhd19L3uA -3VcAZCP4bsm+lU/hdezgfl6VzbHvvnpC2Mks0+saGiKLt38GieU89RLAu9MLmV+QfI4tL3czkkoh -RqipCKzx9hEC2ZUWno0vluYC3XXCFCpa1sl9JcLB/KpnheLsvtF8PPqv1W7/U0HU9TI4seJfxPmO -EO8GqQKJ/+MMbpfg353bIdD0PghpbNjU5Db4g7ayNo+c7zo3Fn2/omnXO1ty0K+qP1xmk6wKImG2 -0qCZyFSTXai20b1dCl53lKItwIKOvMoDKjSuc/HUtQy9vmebVOvh+qBa7Dh+PsHMosdEMXXqP+UH -0quhJZb25uSgXTcYOWEAM11G1ADEtMo88aKjPvM6/2kwLkDd9p+cJsmWN63nOaK/6mnbVSKVUyqU -td+tFjiBdWbjxywbk5yqjKPK2Ww8F22c3HxT4CAnQzb5EuE8XL1mv6JpIzi4mWCZDlZTOpx+FIyw -Bm/xhnaQr/2v/pDGj59/i5IjnOcVdo/Vi5QTcmn7K2FjiO/mpF7moxdqWEfLcU8UC17IAggmosvp -r2uKGcfLFFb14dq12fy/czja+eevbqQ34gcnAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/ -AgEBMDcGA1UdEgQwMC6CD3N1c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAz -Ni0wMB0GA1UdDgQWBBRBDxk4qpl/Qguk1yeYVKIXTC1RVDCCAVAGA1UdIwSCAUcwggFDgBStuyId -xuDSAaj9dlBSk+2YwU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0b3JpZGFkIGRlIENlcnRp -ZmljYWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xhbm8xCzAJBgNVBAYTAlZFMRAwDgYDVQQH -EwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0cml0byBDYXBpdGFsMTYwNAYDVQQKEy1TaXN0ZW1hIE5h -Y2lvbmFsIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5k -ZW5jaWEgZGUgU2VydmljaW9zIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkqhkiG -9w0BCQEWFmFjcmFpekBzdXNjZXJ0ZS5nb2IudmWCAQowDgYDVR0PAQH/BAQDAgEGME0GA1UdEQRG -MESCDnByb2NlcnQubmV0LnZloBUGBWCGXgIBoAwMClBTQy0wMDAwMDKgGwYFYIZeAgKgEgwQUklG -LUotMzE2MzUzNzMtNzB2BgNVHR8EbzBtMEagRKBChkBodHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52 -ZS9sY3IvQ0VSVElGSUNBRE8tUkFJWi1TSEEzODRDUkxERVIuY3JsMCOgIaAfhh1sZGFwOi8vYWNy -YWl6LnN1c2NlcnRlLmdvYi52ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9v -Y3NwLnN1c2NlcnRlLmdvYi52ZTBBBgNVHSAEOjA4MDYGBmCGXgMBAjAsMCoGCCsGAQUFBwIBFh5o -dHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9kcGMwDQYJKoZIhvcNAQELBQADggIBACtZ6yKZu4Sq -T96QxtGGcSOeSwORR3C7wJJg7ODU523G0+1ng3dS1fLld6c2suNUvtm7CpsR72H0xpkzmfWvADmN -g7+mvTV+LFwxNG9s2/NkAZiqlCxB3RWGymspThbASfzXg0gTB1GEMVKIu4YXx2sviiCtxQuPcD4q -uxtxj7mkoP3YldmvWb8lK5jpY5MvYB7Eqvh39YtsL+1+LrVPQA3uvFd359m21D+VJzog1eWuq2w1 -n8GhHVnchIHuTQfiSLaeS5UtQbHh6N5+LwUeaO6/u5BlOsju6rEYNxxik6SgMexxbJHmpHmJWhSn -FFAFTKQAVzAswbVhltw+HoSvOULP5dAssSS830DD7X9jSr3hTxJkhpXzsOfIt+FTvZLm8wyWuevo -5pLtp4EJFAv8lXrPj9Y0TzYS3F7RNHXGRoAvlQSMx4bEqCaJqD8Zm4G7UaRKhqsLEQ+xrmNTbSjq -3TNWOByyrYDT13K9mmyZY+gAu0F2BbdbmRiKw7gSXFbPVgx96OLP7bx0R/vu0xdOIk9W/1DzLuY5 -poLWccret9W6aAjtmcz9opLLabid+Qqkpj5PkygqYWwHJgD/ll9ohri4zspV4KuxPX+Y1zMOWj3Y -eMLEYC/HYvBhkdI4sPaeVdtAgAUSM84dkpvRabP/v/GSCmE1P93+hvS84Bpxs2Km ------END CERTIFICATE----- - -China Internet Network Information Center EV Certificates Root -============================================================== ------BEGIN CERTIFICATE----- -MIID9zCCAt+gAwIBAgIESJ8AATANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCQ04xMjAwBgNV -BAoMKUNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyMUcwRQYDVQQDDD5D -aGluYSBJbnRlcm5ldCBOZXR3b3JrIEluZm9ybWF0aW9uIENlbnRlciBFViBDZXJ0aWZpY2F0ZXMg -Um9vdDAeFw0xMDA4MzEwNzExMjVaFw0zMDA4MzEwNzExMjVaMIGKMQswCQYDVQQGEwJDTjEyMDAG -A1UECgwpQ2hpbmEgSW50ZXJuZXQgTmV0d29yayBJbmZvcm1hdGlvbiBDZW50ZXIxRzBFBgNVBAMM -PkNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyIEVWIENlcnRpZmljYXRl -cyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm35z7r07eKpkQ0H1UN+U8i6y -jUqORlTSIRLIOTJCBumD1Z9S7eVnAztUwYyZmczpwA//DdmEEbK40ctb3B75aDFk4Zv6dOtouSCV -98YPjUesWgbdYavi7NifFy2cyjw1l1VxzUOFsUcW9SxTgHbP0wBkvUCZ3czY28Sf1hNfQYOL+Q2H -klY0bBoQCxfVWhyXWIQ8hBouXJE0bhlffxdpxWXvayHG1VA6v2G5BY3vbzQ6sm8UY78WO5upKv23 -KzhmBsUs4qpnHkWnjQRmQvaPK++IIGmPMowUc9orhpFjIpryp9vOiYurXccUwVswah+xt54ugQEC -7c+WXmPbqOY4twIDAQABo2MwYTAfBgNVHSMEGDAWgBR8cks5x8DbYqVPm6oYNJKiyoOCWTAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUfHJLOcfA22KlT5uqGDSSosqD -glkwDQYJKoZIhvcNAQEFBQADggEBACrDx0M3j92tpLIM7twUbY8opJhJywyA6vPtI2Z1fcXTIWd5 -0XPFtQO3WKwMVC/GVhMPMdoG52U7HW8228gd+f2ABsqjPWYWqJ1MFn3AlUa1UeTiH9fqBk1jjZaM -7+czV0I664zBechNdn3e9rG3geCg+aF4RhcaVpjwTj2rHO3sOdwHSPdj/gauwqRcalsyiMXHM4Ws -ZkJHwlgkmeHlPuV1LI5D1l08eB6olYIpUNHRFrrvwb562bTYzB5MRuF3sTGrvSrIzo9uoV1/A3U0 -5K2JRVRevq4opbs/eHnrc7MKDf2+yfdWrPa37S+bISnHOLaVxATywy39FCqQmbkHzJ8= ------END CERTIFICATE----- - -Swisscom Root CA 2 -================== ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQG -EwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy -dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2 -MjUwNzM4MTRaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln -aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIIC -IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvErjw0DzpPM -LgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r0rk0X2s682Q2zsKwzxNo -ysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJ -wDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVPACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpH -Wrumnf2U5NGKpV+GY3aFy6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1a -SgJA/MTAtukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL6yxS -NLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0uPoTXGiTOmekl9Ab -mbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrALacywlKinh/LTSlDcX3KwFnUey7QY -Ypqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velhk6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3 -qPyZ7iVNTA6z00yPhOgpD/0QVAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw -HQYDVR0hBBYwFDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O -BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqhb97iEoHF8Twu -MA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4RfbgZPnm3qKhyN2abGu2sEzsO -v2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ -82YqZh6NM4OKb3xuqFp1mrjX2lhIREeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLz -o9v/tdhZsnPdTSpxsrpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcs -a0vvaGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciATwoCqISxx -OQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99nBjx8Oto0QuFmtEYE3saW -mA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5Wt6NlUe07qxS/TFED6F+KBZvuim6c779o -+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TC -rvJcwhbtkj6EPnNgiLx29CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX -5OfNeOI5wSsSnqaeG8XmDtkx2Q== ------END CERTIFICATE----- - -Swisscom Root EV CA 2 -===================== ------BEGIN CERTIFICATE----- -MIIF4DCCA8igAwIBAgIRAPL6ZOJ0Y9ON/RAdBB92ylgwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UE -BhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdpdGFsIENlcnRpZmljYXRlIFNl -cnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290IEVWIENBIDIwHhcNMTEwNjI0MDk0NTA4WhcN -MzEwNjI1MDg0NTA4WjBnMQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsT -HERpZ2l0YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxHjAcBgNVBAMTFVN3aXNzY29tIFJvb3QgRVYg -Q0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMT3HS9X6lds93BdY7BxUglgRCgz -o3pOCvrY6myLURYaVa5UJsTMRQdBTxB5f3HSek4/OE6zAMaVylvNwSqD1ycfMQ4jFrclyxy0uYAy -Xhqdk/HoPGAsp15XGVhRXrwsVgu42O+LgrQ8uMIkqBPHoCE2G3pXKSinLr9xJZDzRINpUKTk4Rti -GZQJo/PDvO/0vezbE53PnUgJUmfANykRHvvSEaeFGHR55E+FFOtSN+KxRdjMDUN/rhPSays/p8Li -qG12W0OfvrSdsyaGOx9/5fLoZigWJdBLlzin5M8J0TbDC77aO0RYjb7xnglrPvMyxyuHxuxenPaH -Za0zKcQvidm5y8kDnftslFGXEBuGCxobP/YCfnvUxVFkKJ3106yDgYjTdLRZncHrYTNaRdHLOdAG -alNgHa/2+2m8atwBz735j9m9W8E6X47aD0upm50qKGsaCnw8qyIL5XctcfaCNYGu+HuB5ur+rPQa -m3Rc6I8k9l2dRsQs0h4rIWqDJ2dVSqTjyDKXZpBy2uPUZC5f46Fq9mDU5zXNysRojddxyNMkM3Ox -bPlq4SjbX8Y96L5V5jcb7STZDxmPX2MYWFCBUWVv8p9+agTnNCRxunZLWB4ZvRVgRaoMEkABnRDi -xzgHcgplwLa7JSnaFp6LNYth7eVxV4O1PHGf40+/fh6Bn0GXAgMBAAGjgYYwgYMwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdIQQWMBQwEgYHYIV0AVMCAgYHYIV0AVMCAjASBgNVHRMBAf8ECDAGAQH/AgED -MB0GA1UdDgQWBBRF2aWBbj2ITY1x0kbBbkUe88SAnTAfBgNVHSMEGDAWgBRF2aWBbj2ITY1x0kbB -bkUe88SAnTANBgkqhkiG9w0BAQsFAAOCAgEAlDpzBp9SSzBc1P6xXCX5145v9Ydkn+0UjrgEjihL -j6p7jjm02Vj2e6E1CqGdivdj5eu9OYLU43otb98TPLr+flaYC/NUn81ETm484T4VvwYmneTwkLbU -wp4wLh/vx3rEUMfqe9pQy3omywC0Wqu1kx+AiYQElY2NfwmTv9SoqORjbdlk5LgpWgi/UOGED1V7 -XwgiG/W9mR4U9s70WBCCswo9GcG/W6uqmdjyMb3lOGbcWAXH7WMaLgqXfIeTK7KK4/HsGOV1timH -59yLGn602MnTihdsfSlEvoqq9X46Lmgxk7lq2prg2+kupYTNHAq4Sgj5nPFhJpiTt3tm7JFe3VE/ -23MPrQRYCd0EApUKPtN236YQHoA96M2kZNEzx5LH4k5E4wnJTsJdhw4Snr8PyQUQ3nqjsTzyP6Wq -J3mtMX0f/fwZacXduT98zca0wjAefm6S139hdlqP65VNvBFuIXxZN5nQBrz5Bm0yFqXZaajh3DyA -HmBR3NdUIR7KYndP+tiPsys6DXhyyWhBWkdKwqPrGtcKqzwyVcgKEZzfdNbwQBUdyLmPtTbFr/gi -uMod89a2GQ+fYWVq6nTIfI/DT11lgh/ZDYnadXL77/FHZxOzyNEZiCcmmpl5fx7kLD977vHeTYuW -l8PVP3wbI+2ksx0WckNLIOFZfsLorSa/ovc= ------END CERTIFICATE----- - -CA Disig Root R1 -================ ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAlNLMRMw -EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp -ZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQyMDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sx -EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp -c2lnIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy -3QRkD2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/oOI7bm+V8 -u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3AfQ+lekLZWnDZv6fXARz2 -m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJeIgpFy4QxTaz+29FHuvlglzmxZcfe+5nk -CiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8noc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTa -YVKvJrT1cU/J19IG32PK/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6 -vpmumwKjrckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD3AjL -LhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE7cderVC6xkGbrPAX -ZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkCyC2fg69naQanMVXVz0tv/wQFx1is -XxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLdqvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ -04IwDQYJKoZIhvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR -xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaASfX8MPWbTx9B -LxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXoHqJPYNcHKfyyo6SdbhWSVhlM -CrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpBemOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5Gfb -VSUZP/3oNn6z4eGBrxEWi1CXYBmCAMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85 -YmLLW1AL14FABZyb7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKS -ds+xDzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvkF7mGnjix -lAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqFa3qdnom2piiZk4hA9z7N -UaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsTQ6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJ -a7+h89n07eLw4+1knj0vllJPgFOL ------END CERTIFICATE----- - -CA Disig Root R2 -================ ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw -EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp -ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx -EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp -c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC -w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia -xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7 -A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S -GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV -g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa -5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE -koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A -Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i -Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u -Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM -tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV -sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je -dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8 -1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx -mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01 -utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0 -sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg -UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV -7+ZtsH8tZ/3zbBt1RqPlShfppNcL ------END CERTIFICATE----- - -ACCVRAIZ1 -========= ------BEGIN CERTIFICATE----- -MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB -SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1 -MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH -UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM -jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0 -RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD -aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ -0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG -WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7 -8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR -5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J -9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK -Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw -Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu -Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 -VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM -Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA -QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh -AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA -YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj -AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA -IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk -aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0 -dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2 -MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI -hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E -R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN -YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49 -nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ -TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3 -sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h -I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg -Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd -3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p -EfbRD0tVNEYqi4Y7 ------END CERTIFICATE----- - -TWCA Global Root CA -=================== ------BEGIN CERTIFICATE----- -MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT -CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD -QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK -EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg -Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C -nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV -r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR -Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV -tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W -KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99 -sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p -yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn -kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI -zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g -cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn -LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M -8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg -/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg -lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP -A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m -i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8 -EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3 -zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0= ------END CERTIFICATE----- - -TeliaSonera Root CA v1 -====================== ------BEGIN CERTIFICATE----- -MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE -CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4 -MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW -VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+ -6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA -3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k -B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn -Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH -oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3 -F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ -oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7 -gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc -TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB -AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW -DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm -zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx -0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW -pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV -G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc -c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT -JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2 -qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6 -Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems -WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= ------END CERTIFICATE----- - -E-Tugra Certification Authority -=============================== ------BEGIN CERTIFICATE----- -MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w -DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls -ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN -ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw -NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx -QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl -cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD -DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd -hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K -CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g -ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ -BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0 -E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz -rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq -jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn -rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5 -dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB -/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG -MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK -kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO -XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807 -VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo -a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc -dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV -KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT -Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0 -8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G -C7TbO6Orb1wdtn7os4I07QZcJA== ------END CERTIFICATE----- - -T-TeleSec GlobalRoot Class 2 -============================ ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM -IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU -cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx -MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz -dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD -ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ -SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F -vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970 -2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV -WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy -YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4 -r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf -vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR -3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN -9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg== ------END CERTIFICATE----- - -Atos TrustedRoot 2011 -===================== ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU -cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4 -MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG -A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV -hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr -54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+ -DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320 -HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR -z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R -l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ -bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB -CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h -k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh -TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9 -61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G -3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed ------END CERTIFICATE----- diff --git a/auth-cas/cas.php b/auth-cas/cas.php index 52fa0a64..7ee80fb7 100644 --- a/auth-cas/cas.php +++ b/auth-cas/cas.php @@ -1,6 +1,6 @@ config->get('cas-hostname'), intval($this->config->get('cas-port')), $this->config->get('cas-context') ); - phpCAS::setNoCasServerValidation(); - phpCAS::setCasServerCACert(dirname(__file__).'cacert.pem'); + if($this->config->get('cas-ca-cert-path')) { + phpCAS::setCasServerCACert($this->config->get('cas-ca-cert-path')); + } else { + phpCAS::setNoCasServerValidation(); + } if(!phpCAS::isAuthenticated()) { phpCAS::forceAuthentication(); } else { @@ -132,7 +135,6 @@ function signOn() { return $client; else { - var_dump($this->cas->getProfile()); return new ClientCreateRequest($this, $this->cas->getEmail(), $this->cas->getProfile()); } } diff --git a/auth-cas/config.php b/auth-cas/config.php index 92a93020..d55d9cdc 100644 --- a/auth-cas/config.php +++ b/auth-cas/config.php @@ -29,6 +29,10 @@ function getOptions() { 'label' => 'CAS Server Context', 'configuration' => array('size'=>60, 'length'=>100), )), + 'cas-ca-cert-path' => new TextboxField(array( + 'label' => 'CAS CA Cert Path', + 'configuration' => array('size'=>60, 'length'=>100), + )), 'cas-at-domain' => new TextboxField(array( 'label' => 'CAS e-mail suffix (ex. @domain.tld)', 'configuration' => array('size'=>60, 'length'=>100), From 181746529e0cc80d2d36d2d31a88962bba6fecd1 Mon Sep 17 00:00:00 2001 From: Kevin O'Connor Date: Sun, 29 Mar 2015 16:41:26 -0400 Subject: [PATCH 049/160] Fix small redirect bug --- auth-cas/cas.php | 41 ++++++++++++++++++++++++----------------- auth-cas/config.php | 4 +++- auth-cas/plugin.php | 3 +-- 3 files changed, 28 insertions(+), 20 deletions(-) diff --git a/auth-cas/cas.php b/auth-cas/cas.php index 7ee80fb7..c8cf187e 100644 --- a/auth-cas/cas.php +++ b/auth-cas/cas.php @@ -12,8 +12,11 @@ function __construct($config) { function triggerAuth() { $self = $this; - phpCAS::client(CAS_VERSION_2_0, $this->config->get('cas-hostname'), - intval($this->config->get('cas-port')), $this->config->get('cas-context') + phpCAS::client( + CAS_VERSION_2_0, + $this->config->get('cas-hostname'), + intval($this->config->get('cas-port')), + $this->config->get('cas-context') ); if($this->config->get('cas-ca-cert-path')) { phpCAS::setCasServerCACert($this->config->get('cas-ca-cert-path')); @@ -40,7 +43,8 @@ function getUser() { function setEmail() { if($this->config->get('cas-email-attribute-key') !== null && phpCAS::hasAttribute($this->config->get('cas-email-attribute-key'))) { - $_SESSION[':cas']['email'] = phpCAS::getAttribute($this->config->get('cas-email-attribute-key')); + $_SESSION[':cas']['email'] = phpCAS::getAttribute( + $this->config->get('cas-email-attribute-key')); } else { $email = $this->getUser(); if($this->config->get('cas-at-domain') !== null) { @@ -57,7 +61,8 @@ function getEmail() { function setName() { if($this->config->get('cas-name-attribute-key') !== null && phpCAS::hasAttribute($this->config->get('cas-name-attribute-key'))) { - $_SESSION[':cas']['name'] = phpCAS::getAttribute($this->config->get('cas-name-attribute-key')); + $_SESSION[':cas']['name'] = phpCAS::getAttribute( + $this->config->get('cas-name-attribute-key')); } else { $_SESSION[':cas']['name'] = $this->getUser(); } @@ -90,12 +95,12 @@ function __construct($config) { function signOn() { if (isset($_SESSION[':cas']['user'])) { - if (($staff = new StaffSession($this->cas->getEmail())) - && $staff->getId()) + $staff = new StaffSession($this->cas->getEmail()); + if ($staff && $staff->getId()) { return $staff; - - else + } else { $_SESSION['_staff']['auth']['msg'] = 'Have your administrator create a local account'; + } } } @@ -108,7 +113,7 @@ static function signOut($user) { function triggerAuth() { parent::triggerAuth(); $cas = $this->cas->triggerAuth(); - Http::redirect(ROOT_PATH . 'scp'); + Http::redirect(ROOT_PATH . 'scp/'); } } @@ -129,13 +134,17 @@ function supportsInteractiveAuthentication() { function signOn() { if (isset($_SESSION[':cas']['user'])) { - if (($acct = ClientAccount::lookupByUsername($this->cas->getEmail())) - && $acct->getId() - && ($client = new ClientSession(new EndUser($acct->getUser())))) - return $client; + $acct = ClientAccount::lookupByUsername($this->cas->getEmail()); + $client = null; + if ($acct && $acct->getId()) { + $client = new ClientSession(new EndUser($acct->getUser())); + } - else { - return new ClientCreateRequest($this, $this->cas->getEmail(), $this->cas->getProfile()); + if ($client) { + return $client; + } else { + return new ClientCreateRequest( + $this, $this->cas->getEmail(), $this->cas->getProfile()); } } } @@ -151,5 +160,3 @@ function triggerAuth() { Http::redirect(ROOT_PATH . 'login.php'); } } - - diff --git a/auth-cas/config.php b/auth-cas/config.php index d55d9cdc..edd73119 100644 --- a/auth-cas/config.php +++ b/auth-cas/config.php @@ -28,14 +28,16 @@ function getOptions() { 'cas-context' => new TextboxField(array( 'label' => 'CAS Server Context', 'configuration' => array('size'=>60, 'length'=>100), + 'hint' => 'This value is "/cas" for most installs.', )), 'cas-ca-cert-path' => new TextboxField(array( 'label' => 'CAS CA Cert Path', 'configuration' => array('size'=>60, 'length'=>100), )), 'cas-at-domain' => new TextboxField(array( - 'label' => 'CAS e-mail suffix (ex. @domain.tld)', + 'label' => 'CAS e-mail suffix', 'configuration' => array('size'=>60, 'length'=>100), + 'hint' => 'Use this field if your CAS server does not report an e-mail attribute. ex: "@domain.tld"', )), 'cas-name-attribute-key' => new TextboxField(array( 'label' => 'CAS name attribute key', diff --git a/auth-cas/plugin.php b/auth-cas/plugin.php index 527e2aef..ac775f32 100644 --- a/auth-cas/plugin.php +++ b/auth-cas/plugin.php @@ -1,5 +1,4 @@ 'auth:cas', # notrans 'version' => '0.1', @@ -11,7 +10,7 @@ 'plugin' => 'authentication.php:CasAuthPlugin', 'requires' => array( "jasig/phpcas" => array( - "version" => "dev-master", + "version" => "1.3.3", "map" => array( "jasig/phpcas/source" => 'lib/jasig/phpcas', ) From 7053e59f993fd4ff98f46e291c3fe36d3f466cad Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 2 Apr 2015 10:32:25 -0500 Subject: [PATCH 050/160] make: Add PHAR list support --- make.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/make.php b/make.php index 3ba80dab..c47c0577 100644 --- a/make.php +++ b/make.php @@ -288,6 +288,7 @@ class PluginBuilder extends Module { 'options' => array( 'build' => 'Compile a PHAR file for a plugin', 'hydrate' => 'Prep plugin folders for embedding in osTicket directly', + 'list' => 'Show PHAR contents', ), ), 'plugin' => array( @@ -321,6 +322,14 @@ function run($args, $options) { case 'hydrate': $this->_hydrate($options); break; + case 'list': + $P = new Phar($args[1]); + $base = realpath($args[1]); + foreach (new RecursiveIteratorIterator($P) as $finfo) { + $name = str_replace('phar://'.$base.'/', '', $finfo->getPathname()); + $this->stdout->write($name . "\n"); + } + break; default: $this->fail("Unsupported MAKE action. See help"); } From f581f5fc1ff86a5cb20f14075c06e13b4fa0e4f5 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 2 Apr 2015 10:33:48 -0500 Subject: [PATCH 051/160] make: Don't package test files --- make.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/make.php b/make.php index c47c0577..faf8f7a8 100644 --- a/make.php +++ b/make.php @@ -376,6 +376,10 @@ function _build($plugin, $options) { elseif ($f->isDir()) // Unnecessary continue; + elseif (preg_match('`/tests?/`i', $f->getPathname())) + // Don't package tests + // XXX: Add a option to override this + continue; $content = ''; $local = str_replace($full, $phar_path, $f->getPathname()); if ($options['compress'] && fnmatch('*.php', $f->getPathname())) { @@ -415,6 +419,10 @@ function _hydrate($options) { $right = str_replace(dirname(__file__).'/', '', $dest); $this->stdout->write("Hydrating :: $left => $right\n"); } + if (is_file($source)) { + copy($left, $right); + continue; + } foreach ( $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($source, RecursiveDirectoryIterator::SKIP_DOTS), From 47ae22e9d6419ea24cbc82a04e03f6a06201ab92 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Wed, 30 Jul 2014 14:39:04 -0500 Subject: [PATCH 052/160] i18n: Translate core plugins! --- auth-ldap/authentication.php | 18 +++++- auth-ldap/config.php | 116 ++++++++++++++++++++--------------- auth-oauth/config.php | 30 ++++++--- storage-fs/storage.php | 37 ++++++++--- storage-s3/config.php | 50 ++++++++++----- 5 files changed, 164 insertions(+), 87 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 90d6b1d3..78489f1e 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -405,17 +405,24 @@ function lookupAndSync($username, $dn) { class StaffLDAPAuthentication extends StaffAuthenticationBackend implements AuthDirectorySearch { - static $name = "Active Directory or LDAP"; + static $name = /* trans */ "Active Directory or LDAP"; static $id = "ldap"; function __construct($config) { $this->_ldap = new LDAPAuthentication($config); + $this->config = $config; } function authenticate($username, $password=false, $errors=array()) { return $this->_ldap->authenticate($username, $password); } + function getName() { + $config = $this->config; + list($__, $_N) = $config::translate(); + return $__(static::$name); + } + function lookup($dn) { $hit = $this->_ldap->lookup($dn); if ($hit) { @@ -439,15 +446,22 @@ function search($query) { } class ClientLDAPAuthentication extends UserAuthenticationBackend { - static $name = "Active Directory or LDAP"; + static $name = /* trans */ "Active Directory or LDAP"; static $id = "ldap.client"; function __construct($config) { $this->_ldap = new LDAPAuthentication($config, 'client'); + $this->config = $config; if ($domain = $config->get('domain')) self::$name .= sprintf(' (%s)', $domain); } + function getName() { + $config = $this->config; + list($__, $_N) = $config::translate(); + return $__(static::$name); + } + function authenticate($username, $password=false, $errors=array()) { $object = $this->_ldap->authenticate($username, $password); if ($object instanceof ClientCreateRequest) diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 7e5ee00a..cdf05fb8 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -3,31 +3,45 @@ require_once(INCLUDE_DIR.'/class.plugin.php'); require_once(INCLUDE_DIR.'/class.forms.php'); + class LdapConfig extends PluginConfig { + + // Provide compatibility function for versions of osTicket prior to + // translation support (v1.9.4) + function translate() { + if (!method_exists('Plugin', 'translate')) { + return array( + function($x) { return $x; }, + function($x, $y, $n) { return $n != 1 ? $y : $x; }, + ); + } + return Plugin::translate('auth-ldap'); + } + function getOptions() { + list($__, $_N) = self::translate(); return array( 'msad' => new SectionBreakField(array( 'label' => 'Microsoft® Active Directory', - 'hint' => 'This section should be complete for Active - Directory domains', + 'hint' => $__('This section should be all that is required for Active Directory domains'), )), 'domain' => new TextboxField(array( - 'label' => 'Default Domain', - 'hint' => 'Default domain used in authentication and searches', + 'label' => $__('Default Domain'), + 'hint' => $__('Default domain used in authentication and searches'), 'configuration' => array('size'=>40, 'length'=>60), 'validators' => array( function($self, $val) { if (strpos($val, '.') === false) $self->addError( - 'Fully-qualified domain name is expected'); + $__('Fully-qualified domain name is expected')); }), )), 'dns' => new TextboxField(array( - 'label' => 'DNS Servers', - 'hint' => '(optional) DNS servers to query about AD servers. + 'label' => $__('DNS Servers'), + 'hint' => $__('(optional) DNS servers to query about AD servers. Useful if the AD server is not on the same network as this web server or does not have its DNS configured to - point to the AD servers', + point to the AD servers'), 'configuration' => array('size'=>40), 'validators' => array( function($self, $val) { @@ -35,81 +49,80 @@ function($self, $val) { $servers = explode(',', $val); foreach ($servers as $s) { if (!Validator::is_ip(trim($s))) - $self->addError($s.': Expected an IP address'); + $self->addError(sprintf( + $__('%s: Expected an IP address', $s))); } }), )), 'ldap' => new SectionBreakField(array( - 'label' => 'Generic configuration for LDAP', - 'hint' => 'Not necessary if Active Directory is configured above', + 'label' => $__('Generic configuration for LDAP'), + 'hint' => $__('Not necessary if Active Directory is configured above'), )), 'servers' => new TextareaField(array( 'id' => 'servers', - 'label' => 'LDAP servers', + 'label' => $__('LDAP servers'), 'configuration' => array('html'=>false, 'rows'=>2, 'cols'=>40), - 'hint' => 'Use "server" or "server:port". Place one server ' - .'entry per line', + 'hint' => $__('Use "server" or "server:port". Place one server entry per line'), )), 'tls' => new BooleanField(array( 'id' => 'tls', - 'label' => 'Use TLS', + 'label' => $__('Use TLS'), 'configuration' => array( - 'desc' => 'Use TLS to communicate with the LDAP server') + 'desc' => $__('Use TLS to communicate with the LDAP server')) )), 'conn_info' => new SectionBreakField(array( - 'label' => 'Connection Information', - 'hint' => 'Useful only for information lookups. Not + 'label' => $__('Connection Information'), + 'hint' => $__('Useful only for information lookups. Not necessary for authentication. NOTE that this data is not - necessary if your server allows anonymous searches' + necessary if your server allows anonymous searches') )), 'bind_dn' => new TextboxField(array( - 'label' => 'Search User', - 'hint' => 'Bind DN (distinguised name) to bind to the LDAP - server as in order to perform searches', + 'label' => $__('Search User'), + 'hint' => $__('Bind DN (distinguised name) to bind to the LDAP + server as in order to perform searches'), 'configuration' => array('size'=>40, 'length'=>120), )), 'bind_pw' => new TextboxField(array( 'widget' => 'PasswordWidget', - 'label' => 'Password', - 'hint' => "Password associated with the DN's account", + 'label' => $__('Password'), + 'hint' => $__("Password associated with the DN's account"), 'configuration' => array('size'=>40), )), 'search_base' => new TextboxField(array( - 'label' => 'Search Base', - 'hint' => 'Used when searching for users', + 'label' => $__('Search Base'), + 'hint' => $__('Used when searching for users'), 'configuration' => array('size'=>70, 'length'=>120), )), 'schema' => new ChoiceField(array( - 'label' => 'LDAP Schema', - 'hint' => 'Layout of the user data in the LDAP server', + 'label' => $__('LDAP Schema'), + 'hint' => $__('Layout of the user data in the LDAP server'), 'default' => 'auto', 'choices' => array( - 'auto' => '-- Automatically Detect --', - 'msad' => 'Microsoft Active Directory', - '2307' => 'Posix Account', + 'auto' => '— '.$__('Automatically Detect').' —', + 'msad' => 'Microsoft® Active Directory', + '2307' => 'Posix Account (rfc 2307)', ), )), 'auth' => new SectionBreakField(array( - 'label' => 'Authentication Modes', - 'hint' => 'Accounts must be created locally for both clients and staff before they can be authenticated', - 'hint' => 'Authentication modes for clients and staff - members can be enabled independently', + 'label' => $__('Authentication Modes'), + 'hint' => $__('Authentication modes for clients and staff + members can be enabled independently'), )), 'auth-staff' => new BooleanField(array( - 'label' => 'Staff Authentication', + 'label' => $__('Staff Authentication'), 'default' => true, 'configuration' => array( - 'desc' => 'Enable authentication of staff members' + 'desc' => $__('Enable authentication of staff members') ) )), 'auth-client' => new BooleanField(array( - 'label' => 'Client Authentication', + 'label' => $__('Client Authentication'), 'default' => false, 'configuration' => array( - 'desc' => 'Enable authentication of clients' + 'desc' => $__('Enable authentication of clients') ) )), ); @@ -117,12 +130,14 @@ function($self, $val) { function pre_save(&$config, &$errors) { require_once('include/Net/LDAP2.php'); + list($__, $_N) = self::translate(); global $ost; if ($ost && !extension_loaded('ldap')) { - $ost->setWarning('LDAP extension is not available'); - $errors['err'] = 'LDAP extension is not available. Please - install or enable the `php-ldap` extension on your web server'; + $ost->setWarning($__('LDAP extension is not available')); + $errors['err'] = $__('LDAP extension is not available. Please + install or enable the `php-ldap` extension on your web + server'); return; } @@ -130,15 +145,15 @@ function pre_save(&$config, &$errors) { if (!($servers = LDAPAuthentication::autodiscover($config['domain'], preg_split('/,?\s+/', $config['dns'])))) $this->getForm()->getField('servers')->addError( - "Unable to find LDAP servers for this domain. Try giving + $__("Unable to find LDAP servers for this domain. Try giving an address of one of the DNS servers or manually specify - the LDAP servers for this domain below."); + the LDAP servers for this domain below.")); } else { if (!$config['servers']) $this->getForm()->getField('servers')->addError( - "No servers specified. Either specify a Active Directory - domain or a list of servers"); + $__("No servers specified. Either specify a Active Directory + domain or a list of servers")); else { $servers = array(); foreach (preg_split('/\s+/', $config['servers']) as $host) @@ -179,8 +194,9 @@ function pre_save(&$config, &$errors) { } } if (PEAR::isError($r)) { - $connection_error = - $r->getMessage() .': Unable to bind to '.$info['host']; + $connection_error = sprintf($__( + '%s: Unable to bind to server %s'), + $r->getMessage(), $info['host']); } else { $connection_error = false; @@ -189,7 +205,7 @@ function pre_save(&$config, &$errors) { } if ($connection_error) { $this->getForm()->getField('servers')->addError($connection_error); - $errors['err'] = 'Unable to connect any listed LDAP servers'; + $errors['err'] = $__('Unable to connect any listed LDAP servers'); } if (!$errors && $config['bind_pw']) @@ -200,7 +216,7 @@ function pre_save(&$config, &$errors) { global $msg; if (!$errors) - $msg = 'LDAP configuration updated successfully'; + $msg = $__('LDAP configuration updated successfully'); return !$errors; } diff --git a/auth-oauth/config.php b/auth-oauth/config.php index d1e69f1c..2f767428 100644 --- a/auth-oauth/config.php +++ b/auth-oauth/config.php @@ -3,26 +3,40 @@ require_once INCLUDE_DIR . 'class.plugin.php'; class OauthPluginConfig extends PluginConfig { + + // Provide compatibility function for versions of osTicket prior to + // translation support (v1.9.4) + function translate() { + if (!method_exists('Plugin', 'translate')) { + return array( + function($x) { return $x; }, + function($x, $y, $n) { return $n != 1 ? $y : $x; }, + ); + } + return Plugin::translate('auth-oauth'); + } + function getOptions() { + list($__, $_N) = self::translate(); $modes = new ChoiceField(array( - 'label' => 'Authenticate', + 'label' => $__('Authentication'), 'choices' => array( - '0' => 'Disabled', - 'staff' => 'Agents Only', - 'client' => 'Clients Only', - 'all' => 'Agents and Clients', + '0' => $__('Disabled'), + 'staff' => $__('Agents Only'), + 'client' => $__('Clients Only'), + 'all' => $__('Agents and Clients'), ), )); return array( 'google' => new SectionBreakField(array( - 'label' => 'Google+ Authentication', + 'label' => $__('Google+ Authentication'), )), 'g-client-id' => new TextboxField(array( - 'label' => 'Client ID', + 'label' => $__('Client ID'), 'configuration' => array('size'=>60, 'length'=>100), )), 'g-client-secret' => new TextboxField(array( - 'label' => 'Client Secret', + 'label' => $__('Client Secret'), 'configuration' => array('size'=>60, 'length'=>100), )), 'g-enabled' => clone $modes, diff --git a/storage-fs/storage.php b/storage-fs/storage.php index 625d97f8..95f3025e 100644 --- a/storage-fs/storage.php +++ b/storage-fs/storage.php @@ -76,14 +76,28 @@ function getPath($hash) { } class FsStoragePluginConfig extends PluginConfig { + + // Provide compatibility function for versions of osTicket prior to + // translation support (v1.9.4) + function translate() { + if (!method_exists('Plugin', 'translate')) { + return array( + function($x) { return $x; }, + function($x, $y, $n) { return $n != 1 ? $y : $x; }, + ); + } + return Plugin::translate('storage-fs'); + } + function getOptions() { + list($__, $_N) = self::translate(); return array( 'uploadpath' => new TextboxField(array( - 'label'=>'Base folder for attachment files', - 'hint'=>'The path must already exist and be writeable by the - web server. If the path starts with neither a `/` or a + 'label'=>$__('Base folder for attachment files'), + 'hint'=>$__('The path must already exist and be writeable by the + web server. If the path starts with neither a `/` nor a drive letter, the path will be assumed to be relative to - the root of osTicket', + the root of osTicket'), 'configuration'=>array('size'=>60, 'length'=>255), 'required'=>true, )), @@ -91,6 +105,7 @@ function getOptions() { } function pre_save($config, &$errors) { + list($__, $_N) = self::translate(); $path = $config['uploadpath']; if ($path[0] != '/' && $path[1] != ':') $path = ROOT_DIR . $path; @@ -98,13 +113,13 @@ function pre_save($config, &$errors) { $field = $this->getForm()->getField('uploadpath'); $file = md5(microtime()); if (!@is_dir($path)) - $field->addError('Path does not exist'); + $field->addError($__('Path does not exist')); elseif (!@opendir($path)) - $field->addError('Unable to access directory'); + $field->addError($__('Unable to access directory')); elseif (!@touch("$path/$file")) - $field->addError('Unable to write to directory'); + $field->addError($__('Unable to write to directory')); elseif (!@unlink("$path/$file")) - $field->addError('Unable to remove files from directory'); + $field->addError($__('Unable to remove files from directory')); else touch("$path/.keep"); return true; @@ -115,11 +130,13 @@ class FsStoragePlugin extends Plugin { var $config_class = 'FsStoragePluginConfig'; function bootstrap() { - $uploadpath = $this->getConfig()->get('uploadpath'); + $config = $this->getConfig(); + $uploadpath = $config->get('uploadpath'); + list($__, $_N) = $config::translate(); if ($uploadpath) { FileStorageBackend::register('F', 'FilesystemStorage'); FilesystemStorage::$base = $uploadpath; - FilesystemStorage::$desc = 'Filesystem: '.$uploadpath; + FilesystemStorage::$desc = $__('Filesystem') .': '.$uploadpath; } } } diff --git a/storage-s3/config.php b/storage-s3/config.php index 755f51c3..e6e8779d 100644 --- a/storage-s3/config.php +++ b/storage-s3/config.php @@ -3,14 +3,28 @@ require_once INCLUDE_DIR . 'class.plugin.php'; class S3StoragePluginConfig extends PluginConfig { + + // Provide compatibility function for versions of osTicket prior to + // translation support (v1.9.4) + function translate() { + if (!method_exists('Plugin', 'translate')) { + return array( + function($x) { return $x; }, + function($x, $y, $n) { return $n != 1 ? $y : $x; }, + ); + } + return Plugin::translate('auth-ldap'); + } + function getOptions() { + list($__, $_N) = self::translate(); return array( 'bucket' => new TextboxField(array( - 'label' => 'S3 Bucket', + 'label' => $__('S3 Bucket'), 'configuration' => array('size'=>40), )), 'aws-region' => new ChoiceField(array( - 'label' => 'AWS Region', + 'label' => $__('AWS Region'), 'choices' => array( '' => 'US Standard', 'us-east-1' => 'US East (Northern Virginia)', @@ -25,37 +39,38 @@ function getOptions() { 'default' => '', )), 'acl' => new ChoiceField(array( - 'label' => 'Default ACL for Attachments', + 'label' => $__('Default ACL for Attachments'), 'choices' => array( - '' => 'Use Bucket Default', - 'private' => 'Private', - 'public-read' => 'Public Read', - 'public-read-write' => 'Public Read and Write', - 'authenticated-read' => 'Read for AWS authenticated Users', - 'bucket-owner-read' => 'Read for Bucket Owners', - 'bucket-owner-full-control' => 'Full Control for Bucket Owners', + '' => $__('Use Bucket Default'), + 'private' => $__('Private'), + 'public-read' => $__('Public Read'), + 'public-read-write' => $__('Public Read and Write'), + 'authenticated-read' => $__('Read for AWS authenticated Users'), + 'bucket-owner-read' => $__('Read for Bucket Owners'), + 'bucket-owner-full-control' => $__('Full Control for Bucket Owners'), ), 'default' => '', )), 'access-info' => new SectionBreakField(array( - 'label' => 'Access Information', + 'label' => $__('Access Information'), )), 'aws-key-id' => new TextboxField(array( 'required' => true, 'configuration'=>array('length'=>64, 'size'=>40), - 'label' => 'AWS Access Key ID', + 'label' => $__('AWS Access Key ID'), )), 'secret-access-key' => new TextboxField(array( 'widget' => 'PasswordWidget', 'required' => false, 'configuration'=>array('length'=>64, 'size'=>40), - 'label' => 'AWS Secret Access Key', + 'label' => $__('AWS Secret Access Key'), )), ); } function pre_save(&$config, &$errors) { + list($__, $_N) = self::translate(); $credentials = array( 'key' => $config['aws-key-id'], 'secret' => $config['secret-access-key'] @@ -67,7 +82,7 @@ function pre_save(&$config, &$errors) { if (!$credentials['secret']) $this->getForm()->getField('secret-access-key')->addError( - 'Secret access key is required'); + $__('Secret access key is required')); $s3 = Aws\S3\S3Client::factory($credentials); @@ -75,12 +90,13 @@ function pre_save(&$config, &$errors) { $s3->headBucket(array('Bucket'=>$config['bucket'])); } catch (Aws\S3\Exception\AccessDeniedException $e) { - $errors['err'] = - 'User does not have access to this bucket: '.(string)$e; + $errors['err'] = sprintf( + /* The %s token will become an upstream error message */ + $__('User does not have access to this bucket: %s'), (string)$e); } catch (Aws\S3\Exception\NoSuchBucketException $e) { $this->getForm()->getField('bucket')->addError( - 'Bucket does not exist'); + $__('Bucket does not exist')); } if (!$errors && $config['secret-access-key']) From 945c886b3b488231e4ca149a7fe24822ff5e0bee Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 31 Jul 2014 10:48:58 -0500 Subject: [PATCH 053/160] i18n: Add translations to PHAR files --- make.php | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 167 insertions(+), 3 deletions(-) diff --git a/make.php b/make.php index faf8f7a8..1035895d 100644 --- a/make.php +++ b/make.php @@ -288,7 +288,8 @@ class PluginBuilder extends Module { 'options' => array( 'build' => 'Compile a PHAR file for a plugin', 'hydrate' => 'Prep plugin folders for embedding in osTicket directly', - 'list' => 'Show PHAR contents', + 'list' => 'List the contents of a phar file', + 'unpack' => 'Unpack a PHAR file (similar to unzip)', ), ), 'plugin' => array( @@ -307,9 +308,24 @@ class PluginBuilder extends Module { 'Compress source files when hydrading and building. Useful for saving space when building PHAR files', 'action'=>'store_true', 'default'=>false), + "key" => array('-k','--key','metavar'=>'API-KEY', + 'help'=>'Crowdin project API key.'), + 'osticket' => array('-R', '--osticket', 'metavar'=>'ROOT', + 'help'=>'Root of osTicket installation (required for language compilation)'), ); + static $project = 'osticket-plugins'; + static $crowdin_api_url = 'http://i18n.osticket.com/api/project/{project}/{command}'; + function run($args, $options) { + $this->key = $options['key']; + if (!$this->key && defined('CROWDIN_API_KEY')) + $this->key = CROWDIN_API_KEY; + + if (@$options['osticket']) { + require $options['osticket'] . '/include/class.translation.php'; + } + switch (strtolower($args['action'])) { case 'build': $plugin = $args['plugin']; @@ -319,6 +335,7 @@ function run($args, $options) { $this->_build($plugin, $options); break; + case 'hydrate': $this->_hydrate($options); break; @@ -330,6 +347,29 @@ function run($args, $options) { $this->stdout->write($name . "\n"); } break; + + case 'list': + $plugin = $args['plugin']; + if (!file_exists($plugin)) + $this->fail("PHAR file '$plugin' does not exist"); + + $p = new Phar($plugin); + $total = 0; + foreach (new RecursiveIteratorIterator($p) as $info) { + $this->stdout->write(sprintf( + "% 10.10d %s %s\n", + $info->getSize(), + strftime('%x %X', $info->getMTime()), + str_replace( + array('phar://', realpath($plugin).'/'), + array('',''), + (string) $info))); + $total += $info->getSize(); + } + $this->stdout->write("---------------------------------------\n"); + $this->stdout->write(sprintf("% 10.10d\n", $total)); + break; + default: $this->fail("Unsupported MAKE action. See help"); } @@ -338,6 +378,7 @@ function run($args, $options) { function _build($plugin, $options) { @unlink("$plugin.phar"); $phar = new Phar("$plugin.phar"); + $phar->startBuffering(); if ($options['sign']) { if (!function_exists('openssl_get_privatekey')) @@ -357,7 +398,6 @@ function _build($plugin, $options) { $phar->buildFromDirectory($plugin); // Add library dependencies - $phar->stopBuffering(); if (isset($info['requires'])) { $includes = array(); foreach ($info['requires'] as $lib=>$info) { @@ -396,8 +436,21 @@ function _build($plugin, $options) { } } } + + // Add language files + if (@$this->key) { + foreach ($this->getLanguageFiles($plugin) as $name=>$content) { + $name = ltrim($name, '/'); + if (!$content) continue; + $phar->addFromString("i18n/{$name}", $content); + } + } + else { + $this->stderr->write("Specify Crowdin API key to integrate language files\n"); + } + $phar->setStub('startBuffering(); + $phar->stopBuffering(); } function _hydrate($options) { @@ -449,6 +502,7 @@ function _hydrate($options) { } } } + // TODO: Fetch language files for this plugin } } } @@ -468,6 +522,116 @@ function _http_get($url) { return array($code, $result); } + function _crowdin($command, $args=array()) { + + $url = str_replace(array('{command}', '{project}'), + array($command, self::$project), + self::$crowdin_api_url); + + $args += array('key' => $this->key); + foreach ($args as &$a) + $a = urlencode($a); + unset($a); + $url .= '?' . http_build_query($args); + + return $this->_http_get($url); + } + + function getTranslations() { + error_reporting(E_ALL); + list($code, $body) = $this->_crowdin('status'); + $langs = array(); + + if ($code != 200) { + $this->stderr->write($code.": Bad status from Crowdin fetching translations\n"); + return $langs; + } + $d = new DOMDocument(); + $d->loadXML($body); + + $xp = new DOMXpath($d); + foreach ($xp->query('//language') as $c) { + $name = $code = ''; + foreach ($c->childNodes as $n) { + switch (strtolower($n->nodeName)) { + case 'name': + $name = $n->textContent; + break; + case 'code': + $code = $n->textContent; + break; + } + } + if (!$code) + continue; + $langs[] = $code; + } + return $langs; + } + + function getLanguageFiles($plugin) { + $files = array(); + if (!class_exists('Translation')) + $this->stderr->write("Specify osTicket root path to compile MO files\n"); + + foreach ($this->getTranslations() as $lang) { + list($code, $stuff) = $this->_crowdin("download/$lang.zip"); + if ($code != 200) { + $this->stderr->write("$lang: Unable to download language files\n"); + continue; + } + + $lang = str_replace('-','_',$lang); + + // Extract a few files from the zip archive + $temp = tempnam('/tmp', 'osticket-cli'); + $f = fopen($temp, 'w'); + fwrite($f, $stuff); + fclose($f); + $zip = new ZipArchive(); + $zip->open($temp); + unlink($temp); + + for ($i=0; $i<$zip->numFiles; $i++) { + $info = $zip->statIndex($i); + if (strpos($info['name'], $plugin) === 0) { + $name = substr($info['name'], strlen($plugin)); + $name = ltrim($name, '/'); + if (substr($name, -3) == '.po' && class_exists('Translation')) { + $content = $this->buildMo($zip->getFromIndex($i)); + $name = substr($name, 0, -3) . '.mo.php'; + } + else { + $content = $zip->getFromIndex($i); + } + // Files in the plugin are laid out by (lang)/(file), + // where (file) has the plugin name removed. Files on + // Crowdin are organized by (plugin)/file + $files["$lang/{$name}"] = $content; + } + } + $zip->close(); + } + return $files; + } + + function buildMo($po_contents) { + $pipes = array(); + $msgfmt = proc_open('msgfmt -o- -', + array(0=>array('pipe','r'), 1=>array('pipe','w')), + $pipes); + if (is_resource($msgfmt)) { + fwrite($pipes[0], $po_contents); + fclose($pipes[0]); + $mo_input = fopen('php://temp', 'r+b'); + fwrite($mo_input, stream_get_contents($pipes[1])); + rewind($mo_input); + $mo = Translation::buildHashFile($mo_input, false, true); + fclose($mo_input); + } + return $mo; + } + function ensureComposer() { if (file_exists(dirname(__file__).'/composer.phar')) return true; From 56d5106b62039ff3c79738994f5b9df9cc87295a Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 31 Jul 2014 13:01:55 -0500 Subject: [PATCH 054/160] i18n: Translate the other plugins --- auth-ldap/plugin.php | 4 ++-- auth-oauth/plugin.php | 4 ++-- auth-passthru/config.php | 31 +++++++++++++++++++++++-------- auth-passthru/plugin.php | 4 ++-- storage-fs/plugin.php | 4 ++-- storage-s3/plugin.php | 4 ++-- 6 files changed, 33 insertions(+), 18 deletions(-) diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index 18615443..c2f58da3 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -3,9 +3,9 @@ return array( 'id' => 'auth:ldap', # notrans 'version' => '0.5', - 'name' => 'LDAP Authentication and Lookup', + 'name' => /* trans */ 'LDAP Authentication and Lookup', 'author' => 'Jared Hancock', - 'description' => 'Provides a configurable authentication backend + 'description' => /* trans */ 'Provides a configurable authentication backend which works against Microsoft Active Directory and OpenLdap servers', 'url' => 'http://www.osticket.com/plugins/auth/ldap', diff --git a/auth-oauth/plugin.php b/auth-oauth/plugin.php index 65cd0051..e7f8a770 100644 --- a/auth-oauth/plugin.php +++ b/auth-oauth/plugin.php @@ -3,9 +3,9 @@ return array( 'id' => 'auth:oath2', # notrans 'version' => '0.1', - 'name' => 'Oauth2 Authentication and Lookup', + 'name' => /* trans */ 'Oauth2 Authentication and Lookup', 'author' => 'Jared Hancock', - 'description' => 'Provides a configurable authentication backend + 'description' => /* trans */ 'Provides a configurable authentication backend for authenticating staff and clients using an OATH2 server interface.', 'url' => 'http://www.osticket.com/plugins/auth/oauth', diff --git a/auth-passthru/config.php b/auth-passthru/config.php index 2b9b597e..e5f4669b 100644 --- a/auth-passthru/config.php +++ b/auth-passthru/config.php @@ -2,26 +2,40 @@ require_once(INCLUDE_DIR.'/class.forms.php'); class PassthruAuthConfig extends PluginConfig { + + // Provide compatibility function for versions of osTicket prior to + // translation support (v1.9.4) + function translate() { + if (!method_exists('Plugin', 'translate')) { + return array( + function($x) { return $x; }, + function($x, $y, $n) { return $n != 1 ? $y : $x; }, + ); + } + return Plugin::translate('auth-passthru'); + } + function getOptions() { + list($__, $_N) = self::translate(); return array( 'auth' => new SectionBreakField(array( - 'label' => 'Authentication Modes', - 'hint' => 'Authentication modes for clients and staff + 'label' => $__('Authentication Modes'), + 'hint' => $__('Authentication modes for clients and staff members can be enabled independently. Client discovery - can be supported via a separate backend (such as LDAP)', + can be supported via a separate backend (such as LDAP)'), )), 'auth-staff' => new BooleanField(array( - 'label' => 'Staff Authentication', + 'label' => $__('Staff Authentication'), 'default' => true, 'configuration' => array( - 'desc' => 'Enable authentication of staff members' + 'desc' => $__('Enable authentication of staff members') ) )), 'auth-client' => new BooleanField(array( - 'label' => 'Client Authentication', + 'label' => $__('Client Authentication'), 'default' => false, 'configuration' => array( - 'desc' => 'Enable authentication and discovery of clients' + 'desc' => $__('Enable authentication and discovery of clients') ) )), ); @@ -30,8 +44,9 @@ function getOptions() { function pre_save(&$config, &$errors) { global $msg; + list($__, $_N) = self::translate(); if (!$errors) - $msg = 'Configuration updated successfully'; + $msg = $__('Configuration updated successfully'); return true; } diff --git a/auth-passthru/plugin.php b/auth-passthru/plugin.php index 3324cddc..7b0c693b 100644 --- a/auth-passthru/plugin.php +++ b/auth-passthru/plugin.php @@ -3,9 +3,9 @@ return array( 'id' => 'auth:passthru', # notrans 'version' => '0.1', - 'name' => 'HTTP Passthru Authentication', + 'name' => /* trans */ 'HTTP Passthru Authentication', 'author' => 'Jared Hancock', - 'description' => 'Allows for the HTTP server (Apache or IIS) to perform + 'description' => /* trans */ 'Allows for the HTTP server (Apache or IIS) to perform the authentication of the user. osTicket will match the username from the server authentication to a username defined internally', 'url' => 'http://www.osticket.com/plugins/auth/passthru', diff --git a/storage-fs/plugin.php b/storage-fs/plugin.php index 2628b0db..23c75c34 100644 --- a/storage-fs/plugin.php +++ b/storage-fs/plugin.php @@ -3,9 +3,9 @@ return array( 'id' => 'storage:fs', # notrans 'version' => '0.2', - 'name' => 'Attachments on the filesystem', + 'name' => /* trans */ 'Attachments on the filesystem', 'author' => 'Jared Hancock', - 'description' => 'Enables storing attachments on the filesystem', + 'description' => /* trans */ 'Enables storing attachments on the filesystem', 'url' => 'http://www.osticket.com/plugins/storage-fs', 'plugin' => 'storage.php:FsStoragePlugin' ); diff --git a/storage-s3/plugin.php b/storage-s3/plugin.php index 9c847f5f..402fd108 100644 --- a/storage-s3/plugin.php +++ b/storage-s3/plugin.php @@ -3,9 +3,9 @@ return array( 'id' => 'storage:s3', 'version' => '0.2', - 'name' => 'Attachments hosted in Amazon S3', + 'name' => /* trans */ 'Attachments hosted in Amazon S3', 'author' => 'Jared Hancock', - 'description' => 'Enables storing attachments in Amazon S3', + 'description' => /* trans */ 'Enables storing attachments in Amazon S3', 'url' => 'http://www.osticket.com/plugins/storage-s3', 'requires' => array( "symfony/class-loader" => array( From e6c495c815d1438332e9ab444218632e8f0cc16d Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Fri, 1 Aug 2014 14:05:57 -0500 Subject: [PATCH 055/160] Add some initial docs concerning translations --- README.md | 10 +++++++++ auth-oauth/plugin.php | 2 +- doc/auth-oauth.md | 25 +++++++++++++++++++++ doc/i18n.md | 51 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 doc/auth-oauth.md create mode 100644 doc/i18n.md diff --git a/README.md b/README.md index 6f9e462a..de663dd4 100644 --- a/README.md +++ b/README.md @@ -13,3 +13,13 @@ After cloning, `hydrate` the repo by downloading the third-party library dependencies. php make.php hydrate + +Translating +=========== + +[![Crowdin](https://d322cqt584bo4o.cloudfront.net/osticket-plugins/localized.png)](http://i18n.osticket.com/project/osticket-plugins) + +Translation service is being performed via the Crowdin translation +management software. The project page for the plugins is located at + +http://i18n.osticket.com/projects/osticket-plugins diff --git a/auth-oauth/plugin.php b/auth-oauth/plugin.php index e7f8a770..589d2739 100644 --- a/auth-oauth/plugin.php +++ b/auth-oauth/plugin.php @@ -6,7 +6,7 @@ 'name' => /* trans */ 'Oauth2 Authentication and Lookup', 'author' => 'Jared Hancock', 'description' => /* trans */ 'Provides a configurable authentication backend - for authenticating staff and clients using an OATH2 server + for authenticating staff and clients using an OAUTH2 server interface.', 'url' => 'http://www.osticket.com/plugins/auth/oauth', 'plugin' => 'authentication.php:OauthAuthPlugin', diff --git a/doc/auth-oauth.md b/doc/auth-oauth.md new file mode 100644 index 00000000..21309569 --- /dev/null +++ b/doc/auth-oauth.md @@ -0,0 +1,25 @@ +This OAuth plugin provides SSO sign in from many popular external sources +including Google+, GitHub, Facebook, Windows Azure, and many more. + +**At the current time, only Google+ authentication is implemented.** + +Google+ Authentication +---------------------- +To register for Google+ authentication, + +* Visit the Google Cloud Console (https://console.developers.google.com/) +* Sign in to Google via a relevant account +* Create a project (name it whatever -- osTicket Help Desk) +* Manage the project, navigate to APIs and Auth / Credentials and create an + OAuth Client ID +* Register the key with the URL of your helpdesk plus `api/auth/ext` + (`http://support.mycompany.com/api/auth/ext`). This is called the *Redirect + URI* +* Navigate to APIs & Auth / Consent Screen and fill in the relevant information +* Navigate to APIs & Auth / APIs and add / enable the *Google+ API* +* Install the plugin in osTicket **1.9** +* Configure the plugin with your Google+ Client ID and Secret +* Configure the plugin to authenticate agents (staff), users or both +* Enable the OAuth plugin +* Log out and back in with Google+ +* Enjoy! diff --git a/doc/i18n.md b/doc/i18n.md new file mode 100644 index 00000000..591e6b7f --- /dev/null +++ b/doc/i18n.md @@ -0,0 +1,51 @@ +Making Plugins Translatable +--------------------------- + +The plugin base class has a `translate` static method which is used to +retrieve bootstrapped functions for translations inside the plugin. Use it +to translate strings inside your code: + +```php +class MyPluginsConfig extends PluginConfig { + function getOptions() { + list($__, $_N) = Plugin::translate('my-plugin'); + $__('This string is translatable'); + } +} +``` + +The `translate` method will return two functions (more may be retrieved in +the future), the first is used to translate a single string. The second is +used to translate plural strings. They mimic the `__()` and `_N()` functions +inside the core osTicket code base. + +The $name and other static properties as well as content in the `plugin.php` +file can also be translated. Simply add a comment immediately before the +strings with the content of `trans`, and then translate it when necessary: + +```php +class MyPlugin extends Plugin { + static $name = /* trans */ 'A super-awesome plugin that does stuff'; + + function getName() { + list($__) = self::translate('my-plugin'); + return $__(self::$name); + } +} +``` + +This method overcomes the PHP limitation preventing static properties from +being even remotely dynamic. The PO scanner will recognize the translatable +string by the preceeding `trans` comment. The translated string will be +available in the plugin once translated. + +Compiling PO files +------------------ + +Use the `make-pot` compiler in the osTicket code base to search and compile +the PO file for plugins + + php /path/to/osticket/setup/cli/manage.php i18n make-pot \ + -R auth-plugin \ + -D auth-plugin \ + > auth-plugin.po From 58f6ac2c61747c27ae999d74cf703a03b84ae0db Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 11 Aug 2014 09:58:37 -0500 Subject: [PATCH 056/160] i18n: Fix typo in ldap configuration --- auth-ldap/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-ldap/config.php b/auth-ldap/config.php index cdf05fb8..25ed287a 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -80,7 +80,7 @@ function($self, $val) { )), 'bind_dn' => new TextboxField(array( 'label' => $__('Search User'), - 'hint' => $__('Bind DN (distinguised name) to bind to the LDAP + 'hint' => $__('Bind DN (distinguished name) to bind to the LDAP server as in order to perform searches'), 'configuration' => array('size'=>40, 'length'=>120), )), From 4f7f37ef186b59f196ea657ede41324a17b60600 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 2 Apr 2015 11:02:04 -0500 Subject: [PATCH 057/160] Bump version numbers --- auth-ldap/plugin.php | 2 +- storage-fs/plugin.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index c2f58da3..7e422f56 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -2,7 +2,7 @@ set_include_path(get_include_path().PATH_SEPARATOR.dirname(__file__).'/include'); return array( 'id' => 'auth:ldap', # notrans - 'version' => '0.5', + 'version' => '0.6', 'name' => /* trans */ 'LDAP Authentication and Lookup', 'author' => 'Jared Hancock', 'description' => /* trans */ 'Provides a configurable authentication backend diff --git a/storage-fs/plugin.php b/storage-fs/plugin.php index 23c75c34..0eeba5ae 100644 --- a/storage-fs/plugin.php +++ b/storage-fs/plugin.php @@ -2,7 +2,7 @@ return array( 'id' => 'storage:fs', # notrans - 'version' => '0.2', + 'version' => '0.3', 'name' => /* trans */ 'Attachments on the filesystem', 'author' => 'Jared Hancock', 'description' => /* trans */ 'Enables storing attachments on the filesystem', From 120be51922bfcf1303a99490ac1c6d0a2980a87b Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 9 Apr 2015 12:31:06 -0500 Subject: [PATCH 058/160] ldap: oops: Fix bad translation function usage --- auth-ldap/config.php | 6 +++--- auth-ldap/plugin.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 25ed287a..84fd83e9 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -30,7 +30,7 @@ function getOptions() { 'hint' => $__('Default domain used in authentication and searches'), 'configuration' => array('size'=>40, 'length'=>60), 'validators' => array( - function($self, $val) { + function($self, $val) use ($__) { if (strpos($val, '.') === false) $self->addError( $__('Fully-qualified domain name is expected')); @@ -44,13 +44,13 @@ function($self, $val) { point to the AD servers'), 'configuration' => array('size'=>40), 'validators' => array( - function($self, $val) { + function($self, $val) use ($__) { if (!$val) return; $servers = explode(',', $val); foreach ($servers as $s) { if (!Validator::is_ip(trim($s))) $self->addError(sprintf( - $__('%s: Expected an IP address', $s))); + $__('%s: Expected an IP address'), $s)); } }), )), diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index 7e422f56..025d32b9 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -2,7 +2,7 @@ set_include_path(get_include_path().PATH_SEPARATOR.dirname(__file__).'/include'); return array( 'id' => 'auth:ldap', # notrans - 'version' => '0.6', + 'version' => '0.6.1', 'name' => /* trans */ 'LDAP Authentication and Lookup', 'author' => 'Jared Hancock', 'description' => /* trans */ 'Provides a configurable authentication backend From 30a52ddecfda9350785348510e9c7119f05cda4c Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 9 Apr 2015 22:37:00 -0500 Subject: [PATCH 059/160] ldap, passthru: Fix login with osTicket v1.9-next (post v1.9.7) --- auth-ldap/authentication.php | 12 +++++++++++- auth-ldap/plugin.php | 2 +- auth-passthru/authenticate.php | 7 ++++++- auth-passthru/plugin.php | 2 +- 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 78489f1e..34d78ea8 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -206,6 +206,11 @@ function($match) use ($username, $domain, $config) { return $username; case 'domain': return $domain; + case 'search_base': + if (!$config->get('search_base')) + return 'dc=' . implode(',dc=', + explode('.', $config->get('domain'))); + // Fall through to default default: return $config->get($match[1]); } @@ -359,8 +364,13 @@ function _getUserInfoArray($e, $schema) { function lookupAndSync($username, $dn) { switch ($this->type) { case 'staff': - if (($user = new StaffSession($username)) && $user->getId()) + if (($user = StaffSession::lookup($username)) && $user->getId()) { + if (!$user instanceof StaffSession) { + // osTicket <= v1.9.7 or so + $user = new StaffSession($user->getId()); + } return $user; + } break; case 'client': $c = $this->getConnection(); diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index 025d32b9..765422c4 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -2,7 +2,7 @@ set_include_path(get_include_path().PATH_SEPARATOR.dirname(__file__).'/include'); return array( 'id' => 'auth:ldap', # notrans - 'version' => '0.6.1', + 'version' => '0.6.2', 'name' => /* trans */ 'LDAP Authentication and Lookup', 'author' => 'Jared Hancock', 'description' => /* trans */ 'Provides a configurable authentication backend diff --git a/auth-passthru/authenticate.php b/auth-passthru/authenticate.php index 8cbfb853..8e399b42 100644 --- a/auth-passthru/authenticate.php +++ b/auth-passthru/authenticate.php @@ -26,8 +26,13 @@ function signOn() { list($domain, $username) = explode('\\', $username, 2); $username = trim(strtolower($username)); - if (($user = new StaffSession($username)) && $user->getId()) + if (($user = StaffSession::lookup($username)) && $user->getId()) { + if (!$user instanceof StaffSession) { + // osTicket <= v1.9.7 or so + $user = new StaffSession($user->getId()); + } return $user; + } // TODO: Consider client sessions } diff --git a/auth-passthru/plugin.php b/auth-passthru/plugin.php index 7b0c693b..49093d03 100644 --- a/auth-passthru/plugin.php +++ b/auth-passthru/plugin.php @@ -2,7 +2,7 @@ return array( 'id' => 'auth:passthru', # notrans - 'version' => '0.1', + 'version' => '0.2', 'name' => /* trans */ 'HTTP Passthru Authentication', 'author' => 'Jared Hancock', 'description' => /* trans */ 'Allows for the HTTP server (Apache or IIS) to perform From 7de73afddafbbc851f843a9867bb42e0268b0136 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Thu, 30 Apr 2015 15:50:40 -0500 Subject: [PATCH 060/160] oauth: Fix crash authenticating with `develop-next` --- auth-oauth/google.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/auth-oauth/google.php b/auth-oauth/google.php index ea1ab49e..d79d04e0 100644 --- a/auth-oauth/google.php +++ b/auth-oauth/google.php @@ -45,10 +45,15 @@ function __construct($config) { function signOn() { // TODO: Check session for auth token if (isset($_SESSION[':oauth']['email'])) { - if (($staff = new StaffSession($_SESSION[':oauth']['email'])) - && $staff->getId()) + if (($staff = StaffSession::lookup(array('email' => $_SESSION[':oauth']['email']))) + && $staff->getId() + ) { + if (!$staff instanceof StaffSession) { + // osTicket <= v1.9.7 or so + $staff = new StaffSession($user->getId()); + } return $staff; - + } else $_SESSION['_staff']['auth']['msg'] = 'Have your administrator create a local account'; } From f70b28f047291286f5f775cc128c9a63aa00c403 Mon Sep 17 00:00:00 2001 From: Kevin O'Connor Date: Wed, 3 Jun 2015 21:25:51 -0400 Subject: [PATCH 061/160] Add i18n support --- auth-cas/cas.php | 16 ++++++++++++++-- auth-cas/config.php | 46 ++++++++++++++++++++++++++++++--------------- auth-cas/plugin.php | 8 ++++---- 3 files changed, 49 insertions(+), 21 deletions(-) diff --git a/auth-cas/cas.php b/auth-cas/cas.php index c8cf187e..774f757c 100644 --- a/auth-cas/cas.php +++ b/auth-cas/cas.php @@ -82,7 +82,7 @@ function getProfile() { class CasStaffAuthBackend extends ExternalStaffAuthenticationBackend { static $id = "cas"; - static $name = "CAS"; + static $name = /* trans */ "CAS"; static $service_name = "CAS"; @@ -93,6 +93,12 @@ function __construct($config) { $this->cas = new CasAuth($config); } + function getName() { + $config = $this->config; + list($__, $_N) = $config::translate(); + return $__(static::$name); + } + function signOn() { if (isset($_SESSION[':cas']['user'])) { $staff = new StaffSession($this->cas->getEmail()); @@ -119,7 +125,7 @@ function triggerAuth() { class CasClientAuthBackend extends ExternalUserAuthenticationBackend { static $id = "cas.client"; - static $name = "CAS"; + static $name = /* trans */ "CAS"; static $service_name = "CAS"; @@ -128,6 +134,12 @@ function __construct($config) { $this->cas = new CasAuth($config); } + function getName() { + $config = $this->config; + list($__, $_N) = $config::translate(); + return $__(static::$name); + } + function supportsInteractiveAuthentication() { return false; } diff --git a/auth-cas/config.php b/auth-cas/config.php index edd73119..ec625455 100644 --- a/auth-cas/config.php +++ b/auth-cas/config.php @@ -3,48 +3,64 @@ require_once INCLUDE_DIR . 'class.plugin.php'; class CasPluginConfig extends PluginConfig { + + // Provide compatibility function for versions of osTicket prior to + // translation support (v1.9.4) + function translate() { + if (!method_exists('Plugin', 'translate')) { + return array( + function($x) { return $x; }, + function($x, $y, $n) { return $n != 1 ? $y : $x; }, + ); + } + return Plugin::translate('auth-cas'); + } + function getOptions() { + list($__, $_N) = self::translate(); $modes = new ChoiceField(array( - 'label' => 'Authenticate', + 'label' => $__('Authentication'), + 'default' => "disabled", 'choices' => array( - '0' => 'Disabled', - 'staff' => 'Agents Only', - 'client' => 'Clients Only', - 'all' => 'Agents and Clients', + 'disabled' => $__('Disabled'), + 'staff' => $__('Agents Only'), + 'client' => $__('Clients Only'), + 'all' => $__('Agents and Clients'), ), )); return array( 'cas' => new SectionBreakField(array( - 'label' => 'CAS Authentication', + 'label' => $__('CAS Authentication'), )), 'cas-hostname' => new TextboxField(array( - 'label' => 'CAS Server Hostname', + 'label' => $__('CAS Server Hostname'), 'configuration' => array('size'=>60, 'length'=>100), )), 'cas-port' => new TextboxField(array( - 'label' => 'CAS Server Port', + 'label' => $__('CAS Server Port'), 'configuration' => array('size'=>10, 'length'=>8), )), 'cas-context' => new TextboxField(array( - 'label' => 'CAS Server Context', + 'label' => $__('CAS Server Context'), 'configuration' => array('size'=>60, 'length'=>100), - 'hint' => 'This value is "/cas" for most installs.', + 'hint' => $__('This value is "/cas" for most installs.'), )), 'cas-ca-cert-path' => new TextboxField(array( - 'label' => 'CAS CA Cert Path', + 'label' => $__('CAS CA Cert Path'), 'configuration' => array('size'=>60, 'length'=>100), )), 'cas-at-domain' => new TextboxField(array( - 'label' => 'CAS e-mail suffix', + 'label' => $__('CAS e-mail suffix'), 'configuration' => array('size'=>60, 'length'=>100), - 'hint' => 'Use this field if your CAS server does not report an e-mail attribute. ex: "@domain.tld"', + 'hint' => $__('Use this field if your CAS server does not + report an e-mail attribute. ex: "@domain.tld"'), )), 'cas-name-attribute-key' => new TextboxField(array( - 'label' => 'CAS name attribute key', + 'label' => $__('CAS name attribute key'), 'configuration' => array('size'=>60, 'length'=>100), )), 'cas-email-attribute-key' => new TextboxField(array( - 'label' => 'CAS email attribute key', + 'label' => $__('CAS email attribute key'), 'configuration' => array('size'=>60, 'length'=>100), )), 'cas-enabled' => clone $modes, diff --git a/auth-cas/plugin.php b/auth-cas/plugin.php index ac775f32..a3294d1a 100644 --- a/auth-cas/plugin.php +++ b/auth-cas/plugin.php @@ -1,11 +1,11 @@ 'auth:cas', # notrans - 'version' => '0.1', - 'name' => 'JASIG CAS Authentication', + 'version' => '0.2', + 'name' => /* trans */ 'JASIG CAS Authentication', 'author' => 'Kevin O\'Connor', - 'description' => 'Provides a configurable authentication backend - for authenticating staff and clients using anJASIG CAS interface.', + 'description' => /* trans */ 'Provides a configurable authentication + backend for authenticating staff and clients using CAS.', 'url' => 'http://www.osticket.com/plugins/auth/cas', 'plugin' => 'authentication.php:CasAuthPlugin', 'requires' => array( From 138882c36853b6372aef32e38c97d937bed9d50b Mon Sep 17 00:00:00 2001 From: jakkul Date: Mon, 31 Aug 2015 11:00:43 +0200 Subject: [PATCH 062/160] needed to download Net_LDAP2 properly - as in #38 --- auth-ldap/plugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index 765422c4..06a66a11 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -11,7 +11,7 @@ 'url' => 'http://www.osticket.com/plugins/auth/ldap', 'plugin' => 'authentication.php:LdapAuthPlugin', 'requires' => array( - "pear-pear/Net_LDAP2" => array( + "pear-pear.php.net/Net_LDAP2" => array( "version" => "*", "map" => array( 'pear-pear.php.net/Net_LDAP2' => 'include', From bfeee615650ae8d7754246339c643754627c5670 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 28 Dec 2015 13:53:44 -0600 Subject: [PATCH 063/160] s3: Fix upstream change to Symfony framework --- storage-s3/plugin.php | 10 ++-------- storage-s3/storage.php | 7 +++---- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/storage-s3/plugin.php b/storage-s3/plugin.php index 402fd108..7aaafc8d 100644 --- a/storage-s3/plugin.php +++ b/storage-s3/plugin.php @@ -2,25 +2,19 @@ return array( 'id' => 'storage:s3', - 'version' => '0.2', + 'version' => '0.2.1', 'name' => /* trans */ 'Attachments hosted in Amazon S3', 'author' => 'Jared Hancock', 'description' => /* trans */ 'Enables storing attachments in Amazon S3', 'url' => 'http://www.osticket.com/plugins/storage-s3', 'requires' => array( - "symfony/class-loader" => array( - 'version' => "*", - 'map' => array( - 'symfony/class-loader/Symfony' => 'lib/Symfony', - ), - ), "aws/aws-sdk-php" => array( 'version' => "2.*", 'map' => array( 'aws/aws-sdk-php/src/Aws/S3' => 'lib/Aws/S3', 'aws/aws-sdk-php/src/Aws/Common' => 'lib/Aws/Common', - 'symfony/event-dispatcher/Symfony' => 'lib/Symfony', 'guzzle/guzzle/src/Guzzle' => 'lib/Guzzle', + 'symfony/event-dispatcher' => 'lib/Symfony/Component/EventDispatcher', ), ), ), diff --git a/storage-s3/storage.php b/storage-s3/storage.php index b61eb76b..c6770d83 100644 --- a/storage-s3/storage.php +++ b/storage-s3/storage.php @@ -232,10 +232,9 @@ function bootstrap() { } } -require_once dirname(__file__) - .'/lib/Symfony/Component/ClassLoader/UniversalClassLoader.php'; -use Symfony\Component\ClassLoader\UniversalClassLoader; -$loader = new UniversalClassLoader(); +require_once INCLUDE_DIR . 'UniversalClassLoader.php'; +use Symfony\Component\ClassLoader\UniversalClassLoader_osTicket; +$loader = new UniversalClassLoader_osTicket(); $loader->registerNamespaceFallbacks(array( dirname(__file__).'/lib')); $loader->register(); From 81fb472c588c15dd9bb370e33b2267b2f224af52 Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 28 Dec 2015 13:57:51 -0600 Subject: [PATCH 064/160] doc: Add blurb on building plugins --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index de663dd4..abb24894 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,17 @@ dependencies. php make.php hydrate +Building Plugins +================ +Make any necessary additions or edits to plugins and build PHAR files with +the `make.php` command + + php -dphar.readonly=0 make.php build + +This will compile a PHAR file for the plugin directory. The PHAR will be +named `plugin.phar` and can be dropped into the osTicket `plugins/` folder +directly. + Translating =========== From 7c54aa9c712872dc44b49c3b7342470b2f232303 Mon Sep 17 00:00:00 2001 From: Matt Rhoades Date: Tue, 21 Jun 2016 11:43:00 -0700 Subject: [PATCH 065/160] Update make.php Change the composer pear repo to https from http. This is necessary for newer versions of composer that do not allow unrestricted connections unless secure-http is set to false, which is NOT recommended. Without this change, running hydrate or composer update will result in an error and fail. https://getcomposer.org/doc/06-config.md#secure-http --- make.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make.php b/make.php index 1035895d..b96a7aa7 100644 --- a/make.php +++ b/make.php @@ -666,7 +666,7 @@ function resolveDependencies($autoupdate=true) { "repositories": [ { "type": "pear", - "url": "http://pear.php.net" + "url": "https://pear.php.net" } ], "require": %s, From 17eed1df5734497d41dbe3da203607f0b72423ea Mon Sep 17 00:00:00 2001 From: ntozier Date: Wed, 21 Sep 2016 11:39:00 -0400 Subject: [PATCH 066/160] Update README.md fix url to plugin translation site --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index abb24894..37151ebf 100644 --- a/README.md +++ b/README.md @@ -33,4 +33,4 @@ Translating Translation service is being performed via the Crowdin translation management software. The project page for the plugins is located at -http://i18n.osticket.com/projects/osticket-plugins +https://crowdin.com/project/osticket-plugins From e36336081403960dbbccadec0c306f5209352f85 Mon Sep 17 00:00:00 2001 From: tkteun Date: Thu, 22 Sep 2016 16:18:33 +0200 Subject: [PATCH 067/160] modified pear.php.net to https in composer setup Unsecured http connections are forbidden in configuration. make.php hydrate DOES NOT FUNCTION without https. --- make.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make.php b/make.php index 1035895d..b96a7aa7 100644 --- a/make.php +++ b/make.php @@ -666,7 +666,7 @@ function resolveDependencies($autoupdate=true) { "repositories": [ { "type": "pear", - "url": "http://pear.php.net" + "url": "https://pear.php.net" } ], "require": %s, From 901520fa542ad247053113b98756fb1654ca14b0 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Thu, 11 Jul 2019 10:33:02 -0500 Subject: [PATCH 068/160] Audit Plugin This plugin audits events in the help desk done by Agents and Users. It tracks activities like logging in and out, creating Tickets, creating Departments, changing Configurations, and many more. Audits can be viewed individually for Tickets, Agents, and Users. Additionally, there is a new tab, Audit Logs, on the Dashboard that allows Admins to narrow down audits they would like to see across the whole helpdesk by a date range or specific event. All audit reports can be exported as CSV. --- audit/audit.php | 79 +++ audit/class.audit.php | 805 ++++++++++++++++++++++++++ audit/config.php | 21 + audit/plugin.php | 13 + audit/templates/agent-audit.tmpl.php | 68 +++ audit/templates/auditlogs.tmpl.php | 159 +++++ audit/templates/ticket-audit.tmpl.php | 103 ++++ audit/templates/user-audit.tmpl.php | 62 ++ 8 files changed, 1310 insertions(+) create mode 100644 audit/audit.php create mode 100644 audit/class.audit.php create mode 100644 audit/config.php create mode 100644 audit/plugin.php create mode 100644 audit/templates/agent-audit.tmpl.php create mode 100644 audit/templates/auditlogs.tmpl.php create mode 100644 audit/templates/ticket-audit.tmpl.php create mode 100644 audit/templates/user-audit.tmpl.php diff --git a/audit/audit.php b/audit/audit.php new file mode 100644 index 00000000..dab7001a --- /dev/null +++ b/audit/audit.php @@ -0,0 +1,79 @@ +getConfig(); + if ($config->get('show_view_audits')) + AuditEntry::$show_view_audits = $config->get('show_view_audits'); + + // Ticket audit + Signal::connect('ticket.view.more', function($ticket, &$extras) { + global $thisstaff; + + if (!$thisstaff || !$thisstaff->isAdmin()) + return; + + $extras[] = array( + 'url' => 'ajax.php/audit/ticket/' . $ticket->getId() . '/view', + 'icon' => 'icon-book', + 'name' => __('View Audit Log') + ); + }); + + // User audit + Signal::connect('user.view.more', function($user, &$extras) { + global $thisstaff; + + if (!$thisstaff || !$thisstaff->isAdmin()) + return; + + $extras[] = array( + 'url' => sprintf('phar:///%s/plugins/audit.phar/templates/user-audit.tmpl.php', INCLUDE_DIR), + 'icon' => 'icon-book', + 'name' => __('View Audit Log'), + 'tab' => __('audits') + ); + }); + + // Agent audit + Signal::connect('agent.audit', function($staff, &$extras) { + global $thisstaff; + + if (!$thisstaff || !$thisstaff->isAdmin()) + return; + + $extras[] = array( + 'url' => sprintf('phar:///%s/plugins/audit.phar/templates/agent-audit.tmpl.php', INCLUDE_DIR), + 'tab' => __('audits') + ); + }); + + // Ajax View Ticket Audit + Signal::connect('ajax.scp', function($dispatcher) { + $dispatcher->append( + url_get('^/audit/ticket/(?P\d+)/view$', function($ticketId) { + global $thisstaff; + + $row = Ticket::objects()->filter(array('ticket_id'=>$ticketId))->values_flat('number')->first(); + if (!$row) + Http::response(404, 'No such ticket'); + if (!$thisstaff || !$thisstaff->isAdmin()) + Http::response(403, 'Contact your administrator'); + + include 'templates/ticket-audit.tmpl.php'; + }) + ); + }); +} + + function enable() { + AuditEntry::autoCreateTable(); + return parent::enable(); + } +} diff --git a/audit/class.audit.php b/audit/class.audit.php new file mode 100644 index 00000000..f87b51f2 --- /dev/null +++ b/audit/class.audit.php @@ -0,0 +1,805 @@ + AUDIT_TABLE, + 'pk' => array('id'), + 'ordering' => array('-timestamp'), + 'select_related' => array('staff', 'user'), + 'joins' => array( + 'staff' => array( + 'constraint' => array('staff_id' => 'Staff.staff_id'), + 'null' => true, + ), + 'user' => array( + 'constraint' => array('user_id' => 'User.id'), + 'null' => true, + ), + ), + ); + + //return an array with the object model, getName function, and url prefix + static $types = array( + 'S' => array('Staff', 'getName', 'staff.php'), + 'B' => array('Canned', 'getTitle', 'canned.php'), + 'C' => array('Category', 'getName', 'categories.php'), + 'X' => array('ConfigItem', 'none', 'none'), + 'D' => array('Dept', 'getName', 'departments.php'), + 'M' => array('Email', 'getName', 'emails.php'), + 'I' => array('EmailTemplateGroup', 'getName', 'templates.php'), + 'Q' => array('FAQ', 'getQuestion', 'faq.php'), + 'N' => array('DynamicForm', 'getTitle', 'forms.php'), + 'H' => array('Topic', 'getName', 'helptopics.php'), + 'L' => array('DynamicList', 'getName', 'lists.php'), + 'O' => array('Organization', 'getName', 'orgs.php'), + 'G' => array('Page', 'getName', 'pages.php'), + 'R' => array('Role', 'getName', 'roles.php'), + 'V' => array('SLA', 'getName', 'slas.php'), + 'A' => array('Task', 'getNumber', 'tasks.php'), + 'E' => array('Team', 'getName', 'teams.php'), + 'T' => array('Ticket', 'getNumber', 'tickets.php'), + 'F' => array('Filter', 'getName', 'filters.php'), + 'U' => array('User', 'getName', 'users.php'), + 'J' => array('ClientAccount', 'getUserName', 'users.php'), + ); + + static function bootstrap() { + Signal::connect('object.view', array('AuditEntry', 'auditObjectEvent')); + Signal::connect('object.created', array('AuditEntry', 'auditObjectEvent')); + Signal::connect('object.deleted', array('AuditEntry', 'auditObjectEvent')); + Signal::connect('object.edited', array('AuditEntry', 'auditObjectEvent')); + Signal::connect('person.login', array('AuditEntry', 'auditSpecialEvent')); + Signal::connect('person.logout', array('AuditEntry', 'auditSpecialEvent')); + } + + function getObjectName($class) { + switch ($class) { + case 'Dept': + return __('Department'); + break; + case 'OrganizationModel': + return __('Organization'); + break; + case 'Canned': + return __('Canned Response'); + break; + case 'Topic': + return __('Help Topic'); + break; + case 'Staff': + return __('Agent'); + break; + case 'Filter': + return __('Ticket Filter'); + break; + case 'EmailTemplateGroup': + return __('Email Template'); + break; + case 'DynamicList': + return __('List'); + break; + case 'DynamicForm': + return __('Form'); + break; + case 'ConfigItem': + return __('Configuration'); + break; + case 'ClientAccount': + return __('User Account'); + break; + default: + return $class; + break; + } + } + + static $configurations = array( + 'time_format' => 'Time Format', //Configurations + 'date_format' => 'Date Format', + 'datetime_format' => 'Date and Time Format', + 'daydatetime_format' => 'Day Date and Time Format', + 'default_priority_id' => 'Default Priority', + 'reply_separator' => 'Reply Separator Tag', + 'isonline' => 'Helpdesk Status', + 'staff_ip_binding' => 'Bind Agent Session to IP', + 'staff_max_logins' => 'Staff Max Logins', + 'staff_login_timeout' => 'Staff Login TImeout', + 'staff_session_timeout' => 'Agent Session Timeout', + 'passwd_reset_period' => 'Password Expiration Policy', + 'client_max_logins' => 'User Max Logins', + 'client_login_timeout' => 'User Login TImeout', + 'client_session_timeout' => 'User Session Timeout', + 'max_page_size' => 'Default Page Size', + 'max_open_tickets' => 'Maximum Open Tickets', + 'autolock_minutes' => 'Collision Avoidance Duration', + 'default_priority_id' => 'Ticket Default Priority', + 'default_smtp_id' => 'Default MTA', + 'use_email_priority' => 'Emailed Tickets Priority', + 'enable_kb' => 'Enable Knowledge Base', + 'enable_premade' => 'Enable Canned Responses', + 'enable_captcha' => 'Human Verification:', + 'enable_auto_cron' => 'Fetch on auto-cron', + 'enable_mail_polling' => 'Email Fetching', + 'send_sys_errors' => 'System Errors', + 'send_sql_errors' => 'SQL Errors', + 'send_login_errors' => 'Excessive failed login attempts', + 'strip_quoted_reply' => 'Strip Quoted Reply', + 'ticket_autoresponder' => 'New Ticket Autoresponder', + 'message_autoresponder' => 'New Message Submitter Autoresponder', + 'ticket_notice_active' => 'New Ticket by Agent Autoresponder', + 'ticket_alert_active' => 'New Ticket Alert', + 'ticket_alert_admin' => 'Admin New Ticket Alert', + 'ticket_alert_dept_manager' => 'Manager New Ticket Alert', + 'ticket_alert_dept_members' => 'Dept Members New Ticket Alert', + 'message_alert_active' => 'New Message Alert', + 'message_alert_laststaff' => 'Last Respondent New Message Alert', + 'message_alert_assigned' => 'Assigned Agent / Team New Message Alert', + 'message_alert_dept_manager' => 'Department Manager New Message Alert', + 'note_alert_active' => 'New Internal Activity Alert', + 'note_alert_laststaff' => 'Last Respondent Internal Activity Alert', + 'note_alert_assigned' => 'Assigned Agent / Team Internal Activity Alert', + 'note_alert_dept_manager' => 'Department Manager Internal Activity Alert', + 'transfer_alert_active' => 'Ticket Transfer Alert', + 'transfer_alert_assigned' => 'Assigned Agent / Team Ticket Transfer Alert', + 'transfer_alert_dept_manager' => 'Department Manager Ticket Transfer Alert', + 'transfer_alert_dept_members' => 'Department Members Ticket Transfer Alert', + 'overdue_alert_active' => 'Overdue Ticket Alert', + 'overdue_alert_assigned' => 'Assigned Agent / Team Overdue Ticket Alert', + 'overdue_alert_dept_manager' => 'Department Manager Overdue Ticket Alert', + 'overdue_alert_dept_members' => 'Department Members Overdue Ticket Alert', + 'assigned_alert_active' => 'Ticket Assignment Alert', + 'assigned_alert_staff' => 'Assigned Agent Ticket Assignment Alert', + 'assigned_alert_team_lead' => 'Team Lead Ticket Assignment Alert', + 'assigned_alert_team_members' => 'Team Members Ticket Assignment Alert', + 'auto_claim_tickets' => 'Claim on Response', + 'collaborator_ticket_visibility' => 'Collaborator Tickets Visibility', + 'require_topic_to_close' => 'Require Help Topic to Close', + 'hide_staff_name' => 'Agent Identity Masking', + 'overlimit_notice_active' => 'Overlimit Notice Autoresponder', + 'email_attachments' => 'Email Attachments', + 'ticket_number_format' => 'Default Ticket Number Format', + 'ticket_sequence_id' => 'Default Ticket Number Sequence', + 'queue_bucket_counts' => 'Top-Level Ticket Counts', + 'task_number_format' => 'Default Task Number Format', + 'task_sequence_id' => 'Default Task Number Sequence', + 'log_level' => 'Default Log Level', + 'log_graceperiod' => 'Purge Logs', + 'client_registration' => 'Registration Method', + 'default_ticket_queue' => 'Default Ticket Queue', + 'accept_unregistered_email' => 'Accept All Emails', + 'add_email_collabs' => 'Accept Email Collaborators', + 'helpdesk_url' => 'Helpdesk URL', + 'helpdesk_title' => 'Helpdesk Name/Title', + 'default_dept_id' => 'Default Department', + 'enable_avatars' => 'Show Avatars', + 'enable_richtext' => 'Enable Rich Text', + 'default_locale' => 'Default Locale', + 'default_timezone' => 'Default Time Zone', + 'date_formats' => 'Date and Time Format', + 'system_language' => 'Primary Language', + 'add_secondary_language' => 'Secondary Languages', + 'default_storage_bk' => 'Store Attachments', + 'max_file_size' => 'Agent Maximum File Size', + 'files_req_auth' => 'Login required', + 'default_ticket_status_id' => 'Default Status', + 'default_sla_id' => 'Default SLA', + 'default_help_topic' => 'Default Help Topic', + 'ticket_lock' => 'Lock Semantics', + 'message_autoresponder_collabs' => 'New Message Participant Autoresponder', + 'ticket_alert_acct_manager' => 'Account Manager New Ticket Alert', + 'message_alert_acct_manager' => 'Account Manager New Message Alert', + 'default_task_priority_id' => 'Default Task Priority', + 'task_alert_active' => 'New Task Alert', + 'task_alert_admin' => 'New Task Admin Alert', + 'task_alert_dept_manager' => 'New Task Department Manager Alert', + 'task_alert_dept_members' => 'New Task Department Members Alert', + 'task_activity_alert_active' => 'New Task Activity Alert', + 'task_activity_alert_laststaff' => 'New Task Activity Last Respondent', + 'task_activity_alert_assigned' => 'New Task Activity Assigned Agent / Team', + 'task_activity_alert_dept_manager' => 'New Task Activity Department Manager', + 'task_assignment_alert_active' => 'Task Assignment Alert', + 'task_assignment_alert_staff' => 'Task Assignment Alert Assigned Agent / Team', + 'task_assignment_alert_team_lead' => 'Task Assignment Alert Team Lead', + 'task_assignment_alert_team_members' => 'Task Assignment Alert Team Members', + 'task_transfer_alert_active' => 'Task Transfer Alert', + 'task_transfer_alert_assigned' => 'Task Transfer Alert Assigned Agent / Team', + 'task_transfer_alert_dept_manager' => 'Task Transfer Alert Department Manager', + 'task_transfer_alert_dept_members' => 'Task Transfer Alert Department Members', + 'task_overdue_alert_active' => 'Overdue Task Alert', + 'task_overdue_alert_assigned' => 'Overdue Task Alert Assigned Agent / Team', + 'task_overdue_alert_dept_manager' => 'Overdue Task Alert Department Manager', + 'task_overdue_alert_dept_members' => 'Overdue Task Alert Department Members', + 'agent_name_format' => 'Agent Name Formatting', + 'agent_avatar' => 'Agent Avatar Source', + 'allow_pw_reset' => 'Allow Password Resets', + 'pw_reset_window' => 'Reset Token Expiration', + 'client_name_format' => 'User Name Formatting', + 'client_avatar' => 'User Avatar Source', + 'clients_only' => 'Registration Required', + 'allow_auth_tokens' => 'Authentication Token', + 'client_verify_email' => 'Client Quick Access', + 'restrict_kb' => 'Knowledgebase Require Client Login', + 'default_template_id' => 'Default Template Set', + 'default_email_id' => 'Default System Email', + 'alert_email_id' => 'Default Alert Email', + 'admin_email' => 'Admin Email Address', + 'verify_email_addrs' => 'Verify Email Addresses', + 'name' => 'Name', // Common Configurations + 'isactive' => 'Status', + 'notes' => 'Notes', + 'topic_id' => 'Help Topic', // Email Configurations + 'userid' => 'Username', + 'mail_active' => 'Mail Active', + 'mail_host' => 'Fetching Hostname', + 'mail_port' => 'Fetching Port', + 'mail_proto' => 'Mail Box Protocol', + 'mail_fetchfreq' => 'Fetch Frequency', + 'mail_fetchmax' => 'Emails Per Fetch', + 'postfetch' => 'Fetched Emails', + 'mail_archivefolder' => 'Mail Archive Folder', + 'smtp_active' => 'SMTP Active', + 'smtp_host' => 'SMTP Hostname', + 'smtp_port' => 'SMTP Port', + 'smtp_auth' => 'Authentication Required', + 'smtp_spoofing' => 'Header Spoofing', + 'mail_encryption' => 'Mail Encryption', + 'topic' => 'Name', // Help Topic Configurations + 'ispublic' => 'Type', + 'topic_pid' => 'Parent Topic', + 'dept_id' => 'Department', + 'custom-numbers' => 'Ticket Number Format', + 'number_format' => 'Number Format', + 'sequence_id' => 'Number Sequence', + 'priority_id' => 'Priority', + 'sla_id' => 'SLA Plan', + 'page_id' => 'Thank-You Page', + 'assign' => 'Auto-assign To', + 'noautoresp' => 'Auto-Response', + 'pid' => 'Parent', // Department Configurations + 'ispublic' => 'Type', + 'sla_id' => 'SLA', + 'manager_id' => 'Manager', + 'assignment_flag' => 'Ticket Assignment', + 'disable_auto_claim' => 'Claim on Response', + 'email_id' => 'Outgoing Email', + 'tpl_id' => 'Template Set', + 'ticket_auto_response' => 'New Ticket', + 'message_auto_response' => 'New Message', + 'autoresp_email_id' => 'Auto-Response Email', + 'group_membership' => 'Recipients', + 'signature' => 'Department Signature', + 'grace_period' => 'Grace Period', // SLA Configurations + 'transient' => 'Transient', + 'disable_overdue_alerts' => 'Ticket Overdue Alerts', + 'type' => 'Type', // Page Configurations + 'body' => 'Page Content', + 'name_plural' => 'Plural Name', // List Configurations + 'sort_mode' => 'Sort Order', + 'ticket.activity.notice' => 'New Activity Notice', // Email Template Configurations + 'message.autoresp' => 'New Message Auto-response', + 'ticket.autoreply' => 'New Ticket Auto-reply', + 'ticket.autoresp' => 'New Ticket Auto-response', + 'ticket.notice' => 'New Ticket Notice', + 'ticket.overlimit' => 'Overlimit Notice', + 'note.alert' => 'Internal Activity Alert', + 'message.alert' => 'New Message Alert', + 'ticket.alert' => 'New Ticket Alert', + 'ticket.overdue' => 'Overdue Ticket Alert', + 'assigned.alert' => 'Ticket Assignment Alert', + 'transfer.alert' => 'Ticket Transfer Alert', + 'task.activity.alert' => 'New Activity Alert', + 'task.activity.notice' => 'New Activity Notice', + 'task.alert' => 'New Task Alert', + 'task.overdue.alert' => 'Overdue Task Alert', + 'task.assignment.alert' => 'Task Assignment Alert', + 'task.transfer.alert' => 'Task Transfer Alert', + 'firstname' => 'First Name', // Agent Configurations + 'lastname' => 'Last Name', + 'email' => 'Email', + 'phone' => 'Phone Number', + 'phone_ext' => 'Phone Extension', + 'mobile' => 'Mobile Number', + 'username' => 'Username', + 'default_from_name' => 'Default From Name', + 'thread_view_order' => 'Thread View Order', + 'default_ticket_queue_id' => 'Default Ticket Queue', + 'reply_redirect' => 'Reply Redirect', + // 'isactive' => 'Locked', //adriane: can we change this to islocked? + 'isadmin' => 'Administrator', + 'assigned_only' => 'Limit Access to Assigned', + 'onvacation' => 'Vacation Mode', + 'dept_access' => 'Department Access', + 'role_id' => 'Role', + 'passwd' => 'Password', + 'backend' => 'Backend', + 'lang' => 'Language', + 'timezone' => 'Timezone', + 'locale' => 'Locale', + 'isvisible' => 'Visible', + 'show_assigned_tickets' => 'Show Assigned Tickets', + 'change_passwd' => 'Change Password', + 'auto_refresh_rate' => 'Auto Refresh Rate', + 'default_signature_type' => 'Default Signature Type', + 'default_paper_size' => 'Default Paper Size', + 'user.create' => 'Create Users', // Agent Permissions + 'user.delete' => 'Delete Users', + 'user.edit' => 'Edit Users', + 'user.manage' => 'Manage Users', + 'user.dir' => 'User Directory', + 'org.create' => 'Create Organizations', + 'org.delete' => 'Delete Organizations', + 'org.edit' => 'Edit Organizations', + 'faq.manage' => 'Manage FAQs', + 'emails.banlist' => 'Banlist', + 'search.all' => 'Search All', + 'stats.agents' => 'Stats', + 'isenabled' => 'Status', // Team Configurations + 'lead_id' => 'Team Lead', + 'noalerts' => 'Assignment Alert', + 'ticket.assign' => 'Ticket Assign', // Role Configurations + 'ticket.close' => 'Ticket Close', + 'ticket.create' => 'Ticket Create', + 'ticket.delete' => 'Ticket Delete', + 'ticket.edit' => 'Ticket Edit', + 'thread.edit' => 'Ticket Thread Edit', + 'ticket.reply' => 'Ticket Reply', + 'ticket.refer' => 'Ticket Refer', + 'ticket.release' => 'Ticket Release', + 'ticket.transfer' => 'Ticket Transfer', + 'task.assign' => 'Task Assign', + 'task.close' => 'Task Close', + 'task.create' => 'Task Create', + 'task.delete' => 'Task Delete', + 'task.edit' => 'Task Edit', + 'task.reply' => 'Task Reply', + 'task.transfer' => 'Task Transfer', + 'canned.manage' => 'Manage Canned Responses', + 'execorder' => 'Execution Order', // Ticket Filter Configurations + 'target' => 'Target Channel', + 'match_all_rules' => 'Match All Criteria', + 'stop_onmatch' => 'Stop On Match', + 'manager' => 'Account Manager', // Organization Configurations + 'assign-am-flag' => 'Auto-Assignment', + 'contacts' => 'Contacts', + 'sharing' => 'Ticket Sharing', + 'collab-pc-flag' => 'Auto Collaboration - Primary Contacts', + 'collab-all-flag' => 'Auto Collaboration - Organization Members', + 'domain' => 'Email Domain', + 'org' => 'Organization', // User Account Configurations + 'timezone' => 'Timezone', + 'password' => 'Password', + 'locked-flag' => 'Administratively Locked', + 'unlocked-flag' => 'Unlocked', + 'pwreset-flag' => 'Password Reset Required', + 'pwreset-sent' => 'Send Password Reset EMail', + 'user-registered' => 'Registered', + 'user-org' => 'Add to Organization', + 'forbid-pwchange-flag' => 'User cannot change password', + ); + + static $show_view_audits; + + function __toString() { + return (string) $this->id; + } + + //allows you to specify which part of the $types array you want returned + function getTypeExtra($objectType, $infoType) { + foreach (self::getTypes() as $key => $info) { + if ($objectType == $key) { + switch ($infoType) { + case 'Model': + $extra = __($info[0]); + break; + case 'Name': + $extra = __($info[1]); + break; + case 'URL': + $extra = __($info[2]); + break; + } + } + } + return $extra; + } + + function getPageNav($qwhere) { + $qselect = 'SELECT audit.* '; + $qfrom=' FROM '.AUDIT_TABLE.' audit '; + $total=db_count("SELECT count(*) $qfrom $qwhere"); + $page = ($_GET['p'] && is_numeric($_GET['p']))?$_GET['p']:1; + //pagenate + $pageNav=new Pagenate($total, $page, PAGE_LIMIT); + + return $pageNav; + } + + function getQwhere($objectId, $hide_views=false, $type='') { + $class = is_object($objectId) ? get_class($objectId) : $objectId; + switch ($class) { + case 'User': + $qwhere = sprintf(' WHERE audit.user_id=%s', is_object($objectId) ? $objectId->getId() : $objectId); + break; + case 'Staff': + $qwhere = sprintf(' WHERE audit.staff_id=%s', is_object($objectId) ? $objectId->getId() : $objectId); + break; + case 'Ticket': + $qwhere = sprintf(' WHERE audit.object_id=%s', is_object($objectId) ? $objectId->getId() : $objectId); + break; + case 'AuditEntry': + $qwhere =' WHERE 1'; + $qwhere.=' AND object_type='.db_input($_REQUEST['type'] ?: 'D'); + if ($hide_views) + $qwhere.=' AND event_id='.db_input(Event::getIdByName($_REQUEST['state'])); + if ($_REQUEST['state'] && $_REQUEST['state'] != __('All')) { + $event_id = Event::getIdByName(lcfirst($_REQUEST['state'])); + $qwhere.=' AND event_id='.db_input($event_id); + } + + //dates + $startTime =($_REQUEST['startDate'] && (strlen($_REQUEST['startDate'])>=8))?strtotime($_REQUEST['startDate']):0; + $endTime =($_REQUEST['endDate'] && (strlen($_REQUEST['endDate'])>=8))?strtotime($_REQUEST['endDate']):0; + if( ($startTime && $startTime>time()) or ($startTime>$endTime && $endTime>0)){ + $startTime=$endTime=0; + } else { + if($startTime) + $qwhere.=' AND timestamp>=FROM_UNIXTIME('.$startTime.')'; + if($endTime) + $qwhere.=' AND timestamp<=FROM_UNIXTIME('.$endTime.')'; + } + break; + default: + $qwhere = $type ? sprintf(' WHERE audit.object_id=%d AND audit.object_type = "%s"', $objectId, $type) : + sprintf('WHERE audit.object_id=%d', $objectId); + break; + + } + if (!self::$show_view_audits) + $qwhere.=' AND event_id !='.db_input(Event::getIdByName('viewed')); + + return $qwhere; + } + + function getOrder($order) { + if($_REQUEST['order'] && $orderWays[strtoupper($_REQUEST['order'])]) { + $order=$orderWays[strtoupper($_REQUEST['order'])]; + } + $order=$order?$order:'DESC'; + + return $order; + } + + function getQuery($qs, $objectId, $pageNav, $export, $type='') { + $qselect = 'SELECT audit.* '; + $qfrom=' FROM '.AUDIT_TABLE.' audit '; + $qwhere =self::getQwhere($objectId, false, $type); + + $sortOptions=array('id'=>'audit.id', 'object_id'=>'audit.object_id', 'state'=>'audit.state','type'=>'audit.object_type','ip'=>'audit.ip' + ,'timestamp'=>'audit.timestamp'); + $orderWays=array('DESC'=>'DESC','ASC'=>'ASC'); + $sort=($_REQUEST['sort'] && $sortOptions[strtolower($_REQUEST['sort'])])?strtolower($_REQUEST['sort']):'timestamp'; + //Sorting options... + if($sort && $sortOptions[$sort]) { + $order_column =$sortOptions[$sort]; + } + $order_column=$order_column?$order_column:'timestamp'; + $order = self::getOrder($_REQUEST['order']); + + if($order_column && strpos($order_column,',')){ + $order_column=str_replace(','," $order,",$order_column); + } + $x=$sort.'_sort'; + $$x=' class="'.strtolower($order).'" '; + $order_by="$order_column $order "; + + $query = sprintf("$qselect $qfrom $qwhere %s", + $export ? '' : "ORDER BY $order_by LIMIT ".$pageNav->getStart().",".$pageNav->getLimit()); + + return $query; + } + + function getTableInfo($objectId, $export=false, $type='') { + $qs = array(); + if($_REQUEST['type']) { + $qs += array('type' => $_REQUEST['type']); + } + + //pagenate + $qwhere =self::getQwhere($objectId, false, $type); + $pageNav=self::getPageNav($qwhere); + $query = self::getQuery($qs, $objectId, $pageNav, $export, $type); + $audits=db_query($query); + + if($audits && ($num=db_num_rows($audits))) + $showing=$pageNav->showing().' '.$title; + + $table = array(); + $count = 0; + foreach ($audits as $event) { + $class = is_object($objectId) ? get_class($objectId) : $objectId; + + $table[$count]['id'] = $event['id']; + $table[$count]['staff_id'] = $event['staff_id']; + $table[$count]['user_id'] = $event['user_id']; + $table[$count]['event_id'] = $event['event_id']; + $table[$count]['description'] = self::getDescription($event, $export); + $table[$count]['timestamp'] = Format::datetime($event['timestamp']); + $table[$count]['ip'] = $event['ip']; + $count++; + } + return $table; + } + + static function getTypes() { + return self::$types; + } + + static function getConfigurations() { + return self::$configurations; + } + + function getDescription($event, $export=false, $userType='') { + $event = is_object($event) ? $event->ht : $event; + $data = json_decode($event['data'], true); + $name = ''; + if (!is_array($event)) + $event = $event->ht; + + if (!$person = $data['person']) + $person = $event['staff_id'] ? (Staff::lookup($event['staff_id'])) : (User::lookup($event['user_id'])); + + if ($person) + $name = is_string($person) ? $person : $person->getName()->name; + + if (!$userType) + $userType = $event['staff_id'] ? __('Agent') : __('User'); + + $model = AuditEntry::getTypeExtra($event['object_type'], 'Model'); + $objectName = AuditEntry::getObjectName($model); + $link = $event['object_type'] ? AuditEntry::getObjectLink($event) : ''; + $description = sprintf(__('%s %s %s %s %s'), + $userType, $name, Event::getNameById($event['event_id']), $objectName, $link); + + switch (Event::getNameById($event['event_id'])) { + case 'collab': + $msg = $data['add'] ? 'Added ' : 'Deleted '; + $data = $data['add'] ?: $data['del']; + foreach ($data as $key => $value) { + if (is_numeric($key)) + $name = $value['name']; + } + $message = sprintf(__('%s %s %s Collaborator(s): %s Ticket: %s'), $userType, $person, $msg, $name, $link); + break; + case 'edited': + switch ($event['object_type']) { + case 'X': + foreach (self::getConfigurations() as $key => $value) { + if ($data['key'] == $key) + $configuration = __($value); + } + $message = sprintf(__('%s %s %s: %s'), $name ?: $userType, $data['type'] ?: 'Edited', $objectName, $configuration ?: $data['key']); + break; + case 'T': + case 'A': + if ($data['fields']) { + $fields = array(); + foreach ($data['fields'] as $key => $value) { + if (is_array($data['fields'][$key]) && $key == 'fields') + $key = key($data['fields'][$key]); + if (is_numeric($key)) { + $field = DynamicFormField::objects()->filter(array('id'=>$key))->values_flat('label')->first() ?: array(); + $fields[] = $field[0]; + } else { + $field[0] = ucfirst($key); + } + $message = sprintf(__('%s Edited Field(s): %s %s: %s '), + $name ?: $userType, + !empty($fields) ? implode(',',$fields) : ($field[0] ?: '-'), + $objectName, $link); + } + } + + break; + default: + if ($data['key']) { + foreach (self::getConfigurations() as $key => $value) { + if ($data['key'] == $key) + $configuration = __($value); + } + } + + $message = sprintf(__('%s %s %s %s %s'), $name ?: $userType, $data['status'] ?: 'Edited', $objectName, $link, $configuration ?: $data['key'] ?: ''); + break; + } + break; + case 'login': + case 'logout': + $message = sprintf(__('%s %s %s'),$userType, $name, $data['msg'] ?: Event::getNameById($event['event_id'])); + break; + case 'referred': + case 'transferred': + foreach ($data as $key => $value) { + $name = is_array($value) ? '' : $value; + if ($key != 'name') + $msg = sprintf(__('%s to %s %s'), $description, self::getObjectName(ucfirst($key)), $name); + } + $message = __($msg ?: $description); + break; + case 'assigned': + foreach ($data as $key => $value) { + $assignee = is_array($value) ? '' : $value; + + if ($key != 'name' && $value) + $msg = sprintf(__('%s to %s %s'), $description, self::getObjectName(ucfirst($key)), $assignee); + + if ($key == 'claim') + $msg = sprintf(__('Agent %s Claimed %s'),$name ?: 'Agent', $link); + } + $message = __($msg ?: Event::getNameById($event['event_id'])); + break; + default: + $message = __($description); + break; + } + return $export ? strip_tags($message) : $message; + } + + function getDataName($event) { + $data = json_decode($event->data, true); + if (!$data['name']) { + $rows = AuditEntry::objects() + ->filter(array('object_id'=>$event->object_id)) + ->values_flat('data'); + foreach ($rows as $key => $value) { + $val = json_decode($value[0], true); + if (array_key_exists('name', $val)) { + $data['name'] = $val['name']; + break; + } + else + $data['name'] = __('NA'); + } + } + return $data['name']; + } + + function getDataById($id, $type) { + $row = self::objects() + ->filter(array('object_type'=>$type, 'object_id'=>$id)) + ->values_flat('object_type', 'data', 'object_id') + ->first(); + + return $row ? $row : 0; + } + + function getObjectLink($event) { + $types = self::getTypes(); + $urlPrefix = self::getTypeExtra($event['object_type'], 'URL'); + $data = json_decode($event['data'], true); + $urlIdPrefix = $event['object_type'] == 'I' ? 'tpl_id' : 'id'; + + if ($event['event_id'] != 14) + $link = sprintf('%s', $urlPrefix, $urlIdPrefix, $event['object_id'], $data['name']); + else + $link = sprintf('%s', $data['name']); + + return $link; + } + + static function auditEvent($event_id, $object, $info) { + global $thisstaff, $thisclient; + + $event = static::create(); + + if (isset($info['data'])) + $event->data = $info['data']; + + //set the object_type based on the object's class + if (is_object($object)) { + foreach (self::getTypes() as $key => $info2) { + if (get_class($object) == $info2[0]) + $event->object_type = $key; + } + $event->object_id = $object->ht['id'] ?: $object->getId(); + } else { + $event->object_type = $object[0]; + $event->object_id = $object[1]; + } + + $event->event_id = $event_id; + $event->ip = $_SERVER['REMOTE_ADDR']; + + if ($thisstaff) + $event->staff_id = $thisstaff->getId(); + elseif (is_object($object) && get_class($object) == 'Staff') + $event->staff_id = $object->getId(); + elseif (is_object($object) && get_class($object) == 'User') + $event->user_id = $object->getId(); + elseif ($info['uid']) + $event->user_id = $info['uid']; + elseif ($thisclient) + $event->user_id = $thisclient->getId(); + else + $event->user_id = $object->getUserId(); + + return $event->save(); + } + + static function auditSpecialEvent($object, $info=array()) { + $data = array('person' => $object ? $object->getName()->name : '', + 'msg' => $info['msg'] ?: ''); + $info['data'] = json_encode($data); + $event_id = Event::getIdByName($info['type']); + return static::auditEvent($event_id, $object, $info); + } + + static function auditObjectEvent($object, $info=array()) { + global $thisstaff, $thisclient; + + $types = self::getTypes(); + foreach ($types as $abbrev => $data) { + if (is_object($object) && (get_class($object) == $data[0])) { + switch ($abbrev) { + case 'X': + $data = array('person' => $thisstaff->getName()->name, 'key' => $info['key']); + $info['data'] = json_encode($data); + $event_id = Event::getIdByName($info['type']); + break; + default: + if (!$thisstaff && !$thisclient) + $person = __('User'); + + $name = $object ? call_user_func(array($object, $data[1])) : ''; + $data = array('name' => is_object($name) ? $name->name : $name, + 'person' => $person ?: $thisstaff ? $thisstaff->getName()->name : + $thisclient->getName()->name); + foreach ($info as $key => $value) { + if ($key != 'type') + $data[$key] = $value; + } + + $info['data'] = json_encode($data); + $event_id = Event::getIdByName($info['type']); + break; + } + } + } + return static::auditEvent($event_id, $object, $info); + } + + static function create($vars=array()) { + $event = new static($vars); + $event->timestamp = SqlFunction::NOW(); + return $event; + } + + static function autoCreateTable() { + $sql = 'SHOW TABLES LIKE \''.TABLE_PREFIX.'audit\''; + if (db_num_rows(db_query($sql))) + return true; + else { + $sql = sprintf('INSERT INTO `%s` VALUES + ("", "login",""), + ("", "logout",""), + ("", "message","")', TABLE_PREFIX.'event'); + db_query($sql); + + $sql = sprintf('CREATE TABLE `%s` ( + `id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `object_type` char(1) NOT NULL DEFAULT \'\', + `object_id` int(10) unsigned NOT NULL, + `event_id` int(11) unsigned DEFAULT NULL, + `staff_id` int(10) unsigned NOT NULL DEFAULT \'0\', + `user_id` int(10) unsigned NOT NULL DEFAULT \'0\', + `data` varchar(1024) DEFAULT NULL, + `ip` varchar(64) DEFAULT NULL, + `timestamp` datetime NOT NULL, + PRIMARY KEY (`id`), + KEY `staff_id` (`staff_id`), + KEY `object_type` (`object_type`,`object_id`) + ) CHARSET=utf8', TABLE_PREFIX.'audit'); + return db_query($sql); + } + } +} diff --git a/audit/config.php b/audit/config.php new file mode 100644 index 00000000..87f104c1 --- /dev/null +++ b/audit/config.php @@ -0,0 +1,21 @@ + new BooleanField(array( + 'label' => __('Show View Audits'), + 'default' => true, + 'configuration' => array( + 'desc' => __('Show Audit Logs for when a User or Agent views Tickets') + ) + )), + ); + } + function pre_save(&$config, &$errors) { + global $msg; + if (!$errors) + $msg = __('Configuration updated successfully'); + return true; + } +} diff --git a/audit/plugin.php b/audit/plugin.php new file mode 100644 index 00000000..4915aade --- /dev/null +++ b/audit/plugin.php @@ -0,0 +1,13 @@ + 'audit:ticket', # notrans + 'version' => '0.1', + 'name' => 'Help Desk Audit', + 'author' => 'Jared Hancock', + 'description' => 'Provides a configurable mechanism to audit viewing + and other activity of tickets.', + 'url' => 'http://www.osticket.com/plugins/audit/ticket', + 'plugin' => 'audit.php:AuditPlugin', +); + +?> diff --git a/audit/templates/agent-audit.tmpl.php b/audit/templates/agent-audit.tmpl.php new file mode 100644 index 00000000..472f35a3 --- /dev/null +++ b/audit/templates/agent-audit.tmpl.php @@ -0,0 +1,68 @@ +setURL('staff.php', $args); + + ?> +

+
+ +
" . $staff->getName() . " has performed.
" +); ?> +
+ +
+ '.$pageNav->showing().''; + else + echo sprintf(__('%s does not have any audits'), __('Agent')); + ?> +
+ + + + + + + + + + + + + + + + + + + + + + +
DescriptionTimestampIP Address
+ +
+'; + echo ' '.__('Page').':'.$pageNav->getPageLinks('audits').' '; + echo sprintf('%s', + Http::build_query(array( + 'id' => $staff->getId(), + 'a' => 'export', + 't' => 'audits')), + __('Export')); + echo ''; +} +?> diff --git a/audit/templates/auditlogs.tmpl.php b/audit/templates/auditlogs.tmpl.php new file mode 100644 index 00000000..54ed4301 --- /dev/null +++ b/audit/templates/auditlogs.tmpl.php @@ -0,0 +1,159 @@ +isAdmin()) die('Access Denied'); + +$qs = array(); +if($_REQUEST['type']) + $qs += array('type' => $_REQUEST['type']); +$type='D'; + +if ($_REQUEST['type']) + $type=$_REQUEST['type']; + +if($_REQUEST['state']) + $qs += array('state' => $_REQUEST['state']); +$state=__('All'); + +if ($_REQUEST['state']) + $state=$_REQUEST['state']; + +//dates +$startTime =($_REQUEST['startDate'] && (strlen($_REQUEST['startDate'])>=8))?strtotime($_REQUEST['startDate']):0; +$endTime =($_REQUEST['endDate'] && (strlen($_REQUEST['endDate'])>=8))?strtotime($_REQUEST['endDate']):0; +if( ($startTime && $startTime>time()) or ($startTime>$endTime && $endTime>0)){ + $errors['err']=__('Entered date span is invalid. Selection ignored.'); + $startTime=$endTime=0; +} else { + if($startTime) + $qs += array('startDate' => $_REQUEST['startDate']); + if($endTime) + $qs += array('endDate' => $_REQUEST['endDate']); +} +$order = AuditEntry::getOrder($_REQUEST['order']); +$qs += array('order' => (($order=='DESC') ? 'ASC' : 'DESC')); +$qstr = '&'. Http::build_query($qs); + +$args = array(); +parse_str($_SERVER['QUERY_STRING'], $args); +unset($args['p'], $args['_pjax']); + +// Apply pagination +$events = AuditEntry::getTableInfo('AuditEntry'); +$total = count($events); +$qwhere = AuditEntry::getQwhere('AuditEntry'); +$pageNav=AuditEntry::getPageNav($qwhere); +$pageNav->setURL('audits.php', $args); +?> + + +
+
+
+
+
+
+
+

+ +

+
+
+
+
+ +
+ '.$pageNav->showing().''; + else + echo __('No audits found'); + ?> +
+ + + + + + + + + + + + + + + + + + + + + + + + + +
Description href="audits.php?&sort=timestamp">IP Address
+ +
+'; +if ($total) { //Show options.. + echo ' '.__('Page').':'.$pageNav->getPageLinks().' '; +} +echo sprintf('%s', + Http::build_query(array( + 'a' => 'export', + 't' => 'audits', + 'type' => $type, + 'state' => $state, + 'starttime' => $_REQUEST['startDate'], + 'endtime' => $_REQUEST['endDate'], + )), + __('Export')); +?> +
diff --git a/audit/templates/ticket-audit.tmpl.php b/audit/templates/ticket-audit.tmpl.php new file mode 100644 index 00000000..c324cf28 --- /dev/null +++ b/audit/templates/ticket-audit.tmpl.php @@ -0,0 +1,103 @@ +setURL('tickets.php', $args); +$order = AuditEntry::getOrder($_REQUEST['order']); +$qs = array(); +$qsReverse = array(); +$qs += array('order' => $order); +$qsReverse += array('order' => ($order=='DESC' ? 'ASC' : 'DESC')); +$qstr = Http::build_query($qs); +$qstrReverse = Http::build_query($qsReverse); +$url = '#audit/ticket/' . $ticketId . '/view?'; +$qstr = sprintf('%s&sort=timestamp', $qstr); + ?> +
+

+ +
+
+ '.$pageNav->showing().''; + else + echo sprintf(__('%s does not have any audits'), __('Ticket')); + ?> +
+
+ +
+ + + + + + + + + + + + + + + + + +
Description href="#audit/ticket/8/view?">IP Address
+
+getPageLinks('audits'); +$links = str_replace(''; + echo ' '.__('Page').':'.$links.' '; + echo sprintf('%s', + Http::build_query(array( + 'id' => $ticketId, + 'a' => 'export', + 't' => 'audits')), + __('Export')); + echo '
'; +?> +

+ + + +

+ +
+ + + diff --git a/audit/templates/user-audit.tmpl.php b/audit/templates/user-audit.tmpl.php new file mode 100644 index 00000000..49ce73eb --- /dev/null +++ b/audit/templates/user-audit.tmpl.php @@ -0,0 +1,62 @@ +setURL('users.php', $args); + ?> +

+
+ +
+ '.$pageNav->showing().''; + else + echo sprintf(__('%s does not have any audits'), __('User')); + ?> +
+ + + + + + + + + + + + + + + + + + + + + +
DescriptionTimestampIP Address
+ +
+'; + echo ' '.__('Page').':'.$pageNav->getPageLinks('audits').' '; + echo sprintf('%s', + Http::build_query(array( + 'id' => $user ? $user->getId(): $org->getId(), + 'a' => 'export', + 't' => 'audits')), + __('Export')); + echo ''; +} +?> From 5328f788c74c55109752869410c3f6bb45a11cf4 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Mon, 15 Jul 2019 10:44:17 -0500 Subject: [PATCH 069/160] Ticket Audit Pagination Make sure the overlay only stays showing for the ticket audit pagination. If you navigate to another page, it should go away as usual. --- audit/templates/ticket-audit.tmpl.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/audit/templates/ticket-audit.tmpl.php b/audit/templates/ticket-audit.tmpl.php index c324cf28..afd30ca4 100644 --- a/audit/templates/ticket-audit.tmpl.php +++ b/audit/templates/ticket-audit.tmpl.php @@ -94,10 +94,12 @@ } return false; }); - //override pjax:complete to keep showing overlay + //override pjax:complete to keep showing overlay on pagination $(document).on('pjax:complete', function() { - $.toggleOverlay(true); - $('#overlay').show(); + if ($('#popup').is(':visible')) { + $.toggleOverlay(true); + $('#overlay').show(); + } }); }); From 3aee40d7ddac7e3824fc68a3659893bb74615269 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Mon, 15 Jul 2019 12:39:41 -0500 Subject: [PATCH 070/160] Final Touches - Minor wording changes - Check if thisstaff and thisclient is_null rather than !$thisstaff or !$thisclient - Audit agent responses - Remove unused methods - Account for object coming in as an array --- audit/class.audit.php | 67 ++++++++++++++++++++++--------------------- audit/plugin.php | 4 +-- 2 files changed, 37 insertions(+), 34 deletions(-) diff --git a/audit/class.audit.php b/audit/class.audit.php index f87b51f2..db90f3cf 100644 --- a/audit/class.audit.php +++ b/audit/class.audit.php @@ -305,7 +305,7 @@ function getObjectName($class) { 'thread_view_order' => 'Thread View Order', 'default_ticket_queue_id' => 'Default Ticket Queue', 'reply_redirect' => 'Reply Redirect', - // 'isactive' => 'Locked', //adriane: can we change this to islocked? + 'islocked' => 'Locked', 'isadmin' => 'Administrator', 'assigned_only' => 'Limit Access to Assigned', 'onvacation' => 'Vacation Mode', @@ -558,17 +558,30 @@ function getDescription($event, $export=false, $userType='') { $model = AuditEntry::getTypeExtra($event['object_type'], 'Model'); $objectName = AuditEntry::getObjectName($model); $link = $event['object_type'] ? AuditEntry::getObjectLink($event) : ''; + $eventName = Event::getNameById($event['event_id']); $description = sprintf(__('%s %s %s %s %s'), - $userType, $name, Event::getNameById($event['event_id']), $objectName, $link); - - switch (Event::getNameById($event['event_id'])) { + $userType, $name, $eventName, $objectName, $link); + + switch ($eventName) { + case 'message': + $message = sprintf(__('%s %s posted a %s to %s %s'), + $userType, $name, $userType == 'Agent' ? 'reply' : 'message', $objectName, $link); + break; + case 'note': + $message = sprintf(__('%s %s posted a %s to %s %s'), + $userType, $name, $eventName, $objectName, $link); + break; case 'collab': $msg = $data['add'] ? 'Added ' : 'Deleted '; $data = $data['add'] ?: $data['del']; + $name = array(); + $i = 0; foreach ($data as $key => $value) { - if (is_numeric($key)) - $name = $value['name']; + if (is_numeric($key) && $i < 5) + $name[] = ($i < 4) ? $value['name'] : $value['name'] . '...'; + $i++; } + $name = implode(',', $name); $message = sprintf(__('%s %s %s Collaborator(s): %s Ticket: %s'), $userType, $person, $msg, $name, $link); break; case 'edited': @@ -593,7 +606,7 @@ function getDescription($event, $export=false, $userType='') { } else { $field[0] = ucfirst($key); } - $message = sprintf(__('%s Edited Field(s): %s %s: %s '), + $message = sprintf(__('%s %s Edited Field(s): %s %s: %s '), $userType, $name ?: $userType, !empty($fields) ? implode(',',$fields) : ($field[0] ?: '-'), $objectName, $link); @@ -632,9 +645,10 @@ function getDescription($event, $export=false, $userType='') { if ($key != 'name' && $value) $msg = sprintf(__('%s to %s %s'), $description, self::getObjectName(ucfirst($key)), $assignee); - if ($key == 'claim') $msg = sprintf(__('Agent %s Claimed %s'),$name ?: 'Agent', $link); + if ($key == 'auto') + $msg = sprintf(__('Agent SYSTEM Auto Assigned %s to %s'),$link, $name ?: 'Agent'); } $message = __($msg ?: Event::getNameById($event['event_id'])); break; @@ -645,25 +659,6 @@ function getDescription($event, $export=false, $userType='') { return $export ? strip_tags($message) : $message; } - function getDataName($event) { - $data = json_decode($event->data, true); - if (!$data['name']) { - $rows = AuditEntry::objects() - ->filter(array('object_id'=>$event->object_id)) - ->values_flat('data'); - foreach ($rows as $key => $value) { - $val = json_decode($value[0], true); - if (array_key_exists('name', $val)) { - $data['name'] = $val['name']; - break; - } - else - $data['name'] = __('NA'); - } - } - return $data['name']; - } - function getDataById($id, $type) { $row = self::objects() ->filter(array('object_type'=>$type, 'object_id'=>$id)) @@ -747,13 +742,15 @@ static function auditObjectEvent($object, $info=array()) { $event_id = Event::getIdByName($info['type']); break; default: - if (!$thisstaff && !$thisclient) - $person = __('User'); + if (is_null($thisstaff) && is_null($thisclient) && get_class($object) == 'Ticket') { + $person = $object->getUser()->getName()->name; + } elseif (is_null($thisstaff) && is_null($thisclient)) + $person = __('SYSTEM'); $name = $object ? call_user_func(array($object, $data[1])) : ''; $data = array('name' => is_object($name) ? $name->name : $name, - 'person' => $person ?: $thisstaff ? $thisstaff->getName()->name : - $thisclient->getName()->name); + 'person' => $person ? $person : ($thisstaff ? $thisstaff->getName()->name : + $thisclient->getName()->name)); foreach ($info as $key => $value) { if ($key != 'type') $data[$key] = $value; @@ -765,6 +762,11 @@ static function auditObjectEvent($object, $info=array()) { } } } + if (!is_object($object)) { + $info['data'] = json_encode($object); + $event_id = Event::getIdByName($info['type']); + } + return static::auditEvent($event_id, $object, $info); } @@ -782,7 +784,8 @@ static function autoCreateTable() { $sql = sprintf('INSERT INTO `%s` VALUES ("", "login",""), ("", "logout",""), - ("", "message","")', TABLE_PREFIX.'event'); + ("", "message",""), + ("", "note","")', TABLE_PREFIX.'event'); db_query($sql); $sql = sprintf('CREATE TABLE `%s` ( diff --git a/audit/plugin.php b/audit/plugin.php index 4915aade..2c07cdd3 100644 --- a/audit/plugin.php +++ b/audit/plugin.php @@ -3,10 +3,10 @@ 'id' => 'audit:ticket', # notrans 'version' => '0.1', 'name' => 'Help Desk Audit', - 'author' => 'Jared Hancock', + 'author' => 'Adriane Alexander', 'description' => 'Provides a configurable mechanism to audit viewing and other activity of tickets.', - 'url' => 'http://www.osticket.com/plugins/audit/ticket', + 'url' => 'http://www.osticket.com/download', 'plugin' => 'audit.php:AuditPlugin', ); From 9b73d869e470c1cf9cc0c7a837c4bf596d2d6c9e Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Tue, 13 Aug 2019 10:32:26 -0500 Subject: [PATCH 071/160] Audit Email Export This commit allows us to email audit exports to an Agent if we reach the max execution limit. --- audit/audit.php | 81 +++++++++++++++++++++++++++ audit/class.audit.php | 2 +- audit/templates/agent-audit.tmpl.php | 32 +++++++++-- audit/templates/auditlogs.tmpl.php | 40 +++++++++---- audit/templates/ticket-audit.tmpl.php | 32 +++++++++-- audit/templates/user-audit.tmpl.php | 34 ++++++++--- 6 files changed, 188 insertions(+), 33 deletions(-) diff --git a/audit/audit.php b/audit/audit.php index dab7001a..911ccec6 100644 --- a/audit/audit.php +++ b/audit/audit.php @@ -70,6 +70,87 @@ function bootstrap() { }) ); }); + + Signal::connect('ajax.scp', function($dispatcher) { + $dispatcher->append( + url('^/audit/export/build/(?P\w+)/(?P\w+)|uid,(?P\d+)|sid,(?P\d+)|tid,(?P\d+)$', + function($type=NULL, $state=NULL, $uid=NULL, $sid=NULL, $tid=NULL) { + global $thisstaff; + + if (!$thisstaff) + Http::response(403, 'Agent login is required'); + + $show = AuditEntry::$show_view_audits; + if ($type) { + foreach (AuditEntry::getTypes() as $abbrev => $info) { + if ($type == $abbrev) + $name = AuditEntry::getObjectName($info[0]); + } + $filename = sprintf('%s-audits-%s.csv', $name, strftime('%Y%m%d')); + Export::audits('audit', $type, $state, $filename, '', '', 'csv', $show); + } elseif ($uid) { + $userName = User::getNameById($uid); + $filename = sprintf('%s-audits-%s.csv', $userName->name, strftime('%Y%m%d')); + Export::audits('user', '', '', $filename, $tableInfo, $uid, 'csv', $show); + } elseif ($sid) { + $staff = Staff::lookup($sid); + $filename = sprintf('%s-audits-%s.csv', $staff->getName(), strftime('%Y%m%d')); + Export::audits('staff', '', '', $filename, $tableInfo, $sid, 'csv', $show); + } elseif ($tid) { + $ticket = Ticket::lookup($tid); + $filename = sprintf('%s-audits-%s.csv', $ticket->getNumber(), strftime('%Y%m%d')); + Export::audits('ticket', '', '', $filename, $tableInfo, $tid, 'csv', $show); + } + }) + ); + }); + + Signal::connect('ajax.scp', function($dispatcher) { + $dispatcher->append( + url('^/audit/export/status$', function() { + if(!($maxtime = ini_get('max_execution_time'))) + $maxtime = 30; + + if ($_SESSION['export']['end']) { + if (intval($_SESSION['export']['end'] - $_SESSION['export']['start']) >= $maxtime) { + $response = array('status' => 'email'); + } else { + $response = array( + 'status' => 'download', + 'filename' => $_SESSION['export']['filename'], + ); + } + } else + $response = array('status' => 'writing'); + return JsonDataEncoder::encode($response); + }) + ); + }); + + Signal::connect('ajax.scp', function($dispatcher) { + $dispatcher->append( + url('^/audit/export/(?Pemail|download)$', function($status) { + global $thisstaff; + + if (!$status) + Http::response(403, 'Export status is required'); + + $filepath = $_SESSION['export']['tempath']; + $filename = $_SESSION['export']['filename']; + unset($_SESSION['export']); + if ($status === 'download') { + Http::download($filename, 'text/csv'); + $file = readfile($filepath); + fclose($filepath); + exit(); + } elseif ($status === 'email') { + Mailer::sendExportEmail($filename, $filepath, $thisstaff, 'audit'); + fclose($filepath); + } else + Http::response(403, 'Unknown action'); + }) + ); + }); } function enable() { diff --git a/audit/class.audit.php b/audit/class.audit.php index db90f3cf..0fc8c653 100644 --- a/audit/class.audit.php +++ b/audit/class.audit.php @@ -569,7 +569,7 @@ function getDescription($event, $export=false, $userType='') { break; case 'note': $message = sprintf(__('%s %s posted a %s to %s %s'), - $userType, $name, $eventName, $objectName, $link); + $userType, $name, $eventName, $objectName, $link); break; case 'collab': $msg = $data['add'] ? 'Added ' : 'Deleted '; diff --git a/audit/templates/agent-audit.tmpl.php b/audit/templates/agent-audit.tmpl.php index 472f35a3..10eb6c6a 100644 --- a/audit/templates/agent-audit.tmpl.php +++ b/audit/templates/agent-audit.tmpl.php @@ -57,12 +57,32 @@ '; echo ' '.__('Page').':'.$pageNav->getPageLinks('audits').' '; - echo sprintf('%s', - Http::build_query(array( - 'id' => $staff->getId(), - 'a' => 'export', - 't' => 'audits')), - __('Export')); + echo sprintf('%s', __('Export')); echo ''; } ?> + diff --git a/audit/templates/auditlogs.tmpl.php b/audit/templates/auditlogs.tmpl.php index 54ed4301..246074af 100644 --- a/audit/templates/auditlogs.tmpl.php +++ b/audit/templates/auditlogs.tmpl.php @@ -142,18 +142,34 @@ '; -if ($total) { //Show options.. +if ($total) //Show options.. echo ' '.__('Page').':'.$pageNav->getPageLinks().' '; -} -echo sprintf('%s', - Http::build_query(array( - 'a' => 'export', - 't' => 'audits', - 'type' => $type, - 'state' => $state, - 'starttime' => $_REQUEST['startDate'], - 'endtime' => $_REQUEST['endDate'], - )), - __('Export')); +echo sprintf('%s', __('Export')); ?> + + diff --git a/audit/templates/ticket-audit.tmpl.php b/audit/templates/ticket-audit.tmpl.php index afd30ca4..cd1414fb 100644 --- a/audit/templates/ticket-audit.tmpl.php +++ b/audit/templates/ticket-audit.tmpl.php @@ -13,6 +13,7 @@ $qstrReverse = Http::build_query($qsReverse); $url = '#audit/ticket/' . $ticketId . '/view?'; $qstr = sprintf('%s&sort=timestamp', $qstr); +$number = Ticket::objects()->filter(array('ticket_id'=>$ticketId))->values_flat('number')->first(); ?>

@@ -56,12 +57,7 @@ $links = str_replace('?p', '?'.$qstr.'&p', $links); echo '
'; echo ' '.__('Page').':'.$links.' '; - echo sprintf('%s', - Http::build_query(array( - 'id' => $ticketId, - 'a' => 'export', - 't' => 'audits')), - __('Export')); + echo sprintf('%s', __('Export')); echo '
'; ?>

@@ -94,6 +90,8 @@ } return false; }); + + //override pjax:complete to keep showing overlay on pagination $(document).on('pjax:complete', function() { if ($('#popup').is(':visible')) { @@ -101,5 +99,27 @@ $('#overlay').show(); } }); + + $('a.export-audit-csv').on('click', function(){ + showExportPopup("", + '  ' + + "" + ); + $.ajax({ + type: "POST", + url: 'ajax.php/audit/export/build/tid,' + }); + var popopts = { + title: "", + content: "%s.'), + $thisstaff->getEmail()); ?>", + }; + checkExportStatus( + 'ajax.php/audit/export/status', + 'ajax.php/audit/export/', + popopts + ); + }); }); diff --git a/audit/templates/user-audit.tmpl.php b/audit/templates/user-audit.tmpl.php index 49ce73eb..e4d100b9 100644 --- a/audit/templates/user-audit.tmpl.php +++ b/audit/templates/user-audit.tmpl.php @@ -32,7 +32,6 @@ - @@ -43,7 +42,6 @@ - @@ -51,12 +49,32 @@ '; echo ' '.__('Page').':'.$pageNav->getPageLinks('audits').' '; - echo sprintf('%s', - Http::build_query(array( - 'id' => $user ? $user->getId(): $org->getId(), - 'a' => 'export', - 't' => 'audits')), - __('Export')); + echo sprintf('%s', __('Export')); echo '

'; } ?> + From 2190191a83486c99eb6833f1a5b76a648c25db73 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Tue, 3 Sep 2019 14:55:50 -0500 Subject: [PATCH 072/160] Update Audit Exports Make the audit export work with the new implementation of csv exports. --- audit/audit.php | 153 ++++++++++++-------------- audit/templates/agent-audit.tmpl.php | 30 +---- audit/templates/auditlogs.tmpl.php | 35 ++---- audit/templates/ticket-audit.tmpl.php | 32 +----- audit/templates/user-audit.tmpl.php | 31 +----- 5 files changed, 93 insertions(+), 188 deletions(-) diff --git a/audit/audit.php b/audit/audit.php index 911ccec6..505cc3a2 100644 --- a/audit/audit.php +++ b/audit/audit.php @@ -1,5 +1,4 @@ append( - url('^/audit/export/build/(?P\w+)/(?P\w+)|uid,(?P\d+)|sid,(?P\d+)|tid,(?P\d+)$', - function($type=NULL, $state=NULL, $uid=NULL, $sid=NULL, $tid=NULL) { - global $thisstaff; - - if (!$thisstaff) - Http::response(403, 'Agent login is required'); - - $show = AuditEntry::$show_view_audits; - if ($type) { - foreach (AuditEntry::getTypes() as $abbrev => $info) { - if ($type == $abbrev) - $name = AuditEntry::getObjectName($info[0]); - } - $filename = sprintf('%s-audits-%s.csv', $name, strftime('%Y%m%d')); - Export::audits('audit', $type, $state, $filename, '', '', 'csv', $show); - } elseif ($uid) { - $userName = User::getNameById($uid); - $filename = sprintf('%s-audits-%s.csv', $userName->name, strftime('%Y%m%d')); - Export::audits('user', '', '', $filename, $tableInfo, $uid, 'csv', $show); - } elseif ($sid) { - $staff = Staff::lookup($sid); - $filename = sprintf('%s-audits-%s.csv', $staff->getName(), strftime('%Y%m%d')); - Export::audits('staff', '', '', $filename, $tableInfo, $sid, 'csv', $show); - } elseif ($tid) { - $ticket = Ticket::lookup($tid); - $filename = sprintf('%s-audits-%s.csv', $ticket->getNumber(), strftime('%Y%m%d')); - Export::audits('ticket', '', '', $filename, $tableInfo, $tid, 'csv', $show); - } - }) - ); - }); - - Signal::connect('ajax.scp', function($dispatcher) { - $dispatcher->append( - url('^/audit/export/status$', function() { - if(!($maxtime = ini_get('max_execution_time'))) - $maxtime = 30; - - if ($_SESSION['export']['end']) { - if (intval($_SESSION['export']['end'] - $_SESSION['export']['start']) >= $maxtime) { - $response = array('status' => 'email'); - } else { - $response = array( - 'status' => 'download', - 'filename' => $_SESSION['export']['filename'], - ); - } - } else - $response = array('status' => 'writing'); - return JsonDataEncoder::encode($response); - }) - ); - }); - - Signal::connect('ajax.scp', function($dispatcher) { - $dispatcher->append( - url('^/audit/export/(?Pemail|download)$', function($status) { - global $thisstaff; - - if (!$status) - Http::response(403, 'Export status is required'); - - $filepath = $_SESSION['export']['tempath']; - $filename = $_SESSION['export']['filename']; - unset($_SESSION['export']); - if ($status === 'download') { - Http::download($filename, 'text/csv'); - $file = readfile($filepath); - fclose($filepath); - exit(); - } elseif ($status === 'email') { - Mailer::sendExportEmail($filename, $filepath, $thisstaff, 'audit'); - fclose($filepath); - } else - Http::response(403, 'Unknown action'); - }) - ); - }); + $dispatcher->append( + url('^/audit/export/(?P\w+)/(?P\w+)|uid,(?P\d+)|sid,(?P\d+)|tid,(?P\d+)$', + function($type=NULL, $state=NULL, $uid=NULL, $sid=NULL, $tid=NULL) { + global $thisstaff; + + if (!$thisstaff) + Http::response(403, 'Agent login is required'); + + $show = AuditEntry::$show_view_audits; + $data = array(); + if ($type) { + $url = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY); + $qarray = explode('&', $url); + + foreach ($qarray as $key => $value) { + list($k, $v) = explode('=', $value); + $data[$k] = $v; + } + foreach (AuditEntry::getTypes() as $abbrev => $info) { + if ($type == $abbrev) + $name = AuditEntry::getObjectName($info[0]); + } + $filename = sprintf('%s-audits-%s.csv', $name, strftime('%Y%m%d')); + $export = array('audit', $filename, '', '', 'csv', $show, $data); + } elseif ($uid) { + $userName = User::getNameById($uid); + $filename = sprintf('%s-audits-%s.csv', $userName->name, strftime('%Y%m%d')); + $export = array('user', $filename, $tableInfo, $uid, 'csv', $show, $data); + } elseif ($sid) { + $staff = Staff::lookup($sid); + $filename = sprintf('%s-audits-%s.csv', $staff->getName(), strftime('%Y%m%d')); + $export = array('staff', $filename, $tableInfo, $sid, 'csv', $show, $data); + } elseif ($tid) { + $ticket = Ticket::lookup($tid); + $filename = sprintf('%s-audits-%s.csv', $ticket->getNumber(), strftime('%Y%m%d')); + $export = array('ticket', $filename, $tableInfo, $tid, 'csv', $show, $data); + } + + try { + $interval = 5; + // Create desired exporter + $exporter = new CsvExporter(); + $extra = array('filename' => $filename, + 'interval' => $interval); + // Register the export in the session + Exporter::register($exporter, $extra); + // Flush response / return export id and check interval + Http::flush(201, json_encode(['eid' => + $exporter->getId(), 'interval' => $interval])); + // Phew... now we're free to do the export + session_write_close(); // Release session for other requests + ignore_user_abort(1); // Leave us alone bro! + @set_time_limit(0); // Useless when safe_mode is on + // Export to the exporter + $export[] = $exporter; + call_user_func_array(array('Export', 'audits'), $export); + $exporter->close(); + // Sleep 3 times the interval to allow time for file download + sleep($interval*3); + // Email the export if it exists + $exporter->email($thisstaff); + // Delete the file. + @$exporter->delete(); + exit; + } catch (Exception $ex) { + $errors['err'] = __('Unable to prepare the export'); + } + + include 'templates/export.tmpl.php'; + }) + ); + }); } function enable() { diff --git a/audit/templates/agent-audit.tmpl.php b/audit/templates/agent-audit.tmpl.php index 10eb6c6a..74481ceb 100644 --- a/audit/templates/agent-audit.tmpl.php +++ b/audit/templates/agent-audit.tmpl.php @@ -57,32 +57,10 @@ '; echo ' '.__('Page').':'.$pageNav->getPageLinks('audits').' '; - echo sprintf('%s', __('Export')); + echo sprintf('%s', + $staff->getId(), + 'audit-export', + __('Export')); echo ''; } ?> - diff --git a/audit/templates/auditlogs.tmpl.php b/audit/templates/auditlogs.tmpl.php index 246074af..df795a76 100644 --- a/audit/templates/auditlogs.tmpl.php +++ b/audit/templates/auditlogs.tmpl.php @@ -142,34 +142,13 @@ '; -if ($total) //Show options.. +if ($total) { //Show options.. echo ' '.__('Page').':'.$pageNav->getPageLinks().' '; -echo sprintf('%s', __('Export')); +} +echo sprintf('%s', + $type, + $state, + 'audit-export', + __('Export')); ?> - - diff --git a/audit/templates/ticket-audit.tmpl.php b/audit/templates/ticket-audit.tmpl.php index cd1414fb..19c51a0e 100644 --- a/audit/templates/ticket-audit.tmpl.php +++ b/audit/templates/ticket-audit.tmpl.php @@ -13,7 +13,6 @@ $qstrReverse = Http::build_query($qsReverse); $url = '#audit/ticket/' . $ticketId . '/view?'; $qstr = sprintf('%s&sort=timestamp', $qstr); -$number = Ticket::objects()->filter(array('ticket_id'=>$ticketId))->values_flat('number')->first(); ?>

@@ -56,8 +55,11 @@ $links = str_replace('tickets.php?&', $url, $links); $links = str_replace('?p', '?'.$qstr.'&p', $links); echo '
'; - echo ' '.__('Page').':'.$links.' '; - echo sprintf('%s', __('Export')); + echo ' '.__('Page').':'.$pageNav->getPageLinks('audits').' '; + echo sprintf('%s', + $ticketId, + 'audit-export', + __('Export')); echo '
'; ?>

@@ -90,8 +92,6 @@ } return false; }); - - //override pjax:complete to keep showing overlay on pagination $(document).on('pjax:complete', function() { if ($('#popup').is(':visible')) { @@ -99,27 +99,5 @@ $('#overlay').show(); } }); - - $('a.export-audit-csv').on('click', function(){ - showExportPopup("", - '  ' - + "" - ); - $.ajax({ - type: "POST", - url: 'ajax.php/audit/export/build/tid,' - }); - var popopts = { - title: "", - content: "%s.'), - $thisstaff->getEmail()); ?>", - }; - checkExportStatus( - 'ajax.php/audit/export/status', - 'ajax.php/audit/export/', - popopts - ); - }); }); diff --git a/audit/templates/user-audit.tmpl.php b/audit/templates/user-audit.tmpl.php index e4d100b9..2767640e 100644 --- a/audit/templates/user-audit.tmpl.php +++ b/audit/templates/user-audit.tmpl.php @@ -2,7 +2,6 @@ $args = array(); parse_str($_SERVER['QUERY_STRING'], $args); unset($args['p'], $args['_pjax']); - // Apply pagination $events = AuditEntry::getTableInfo($user); $total = count($events); @@ -49,32 +48,10 @@ '; echo ' '.__('Page').':'.$pageNav->getPageLinks('audits').' '; - echo sprintf('%s', __('Export')); + echo sprintf('%s', + $user->getId(), + 'audit-export', + __('Export')); echo '

'; } ?> - From be0b151aab97d8e33e8f90c6af16dce1589b4968 Mon Sep 17 00:00:00 2001 From: JediKev Date: Tue, 17 Sep 2019 11:20:30 -0500 Subject: [PATCH 073/160] ldap: PHP 7.2+ Host:Port Conflict This addresses 160 where setting `host:port` for the "LDAP Servers" option does not work when using PHP 7.2+. In PHP 7.2+ the `host:port` string will be used as the full hostname and since we are not passing a port the system assumes `389`. The end result of this is `host:port:389` which is not valid and fails every time. This adds a regex check for the port number in the string and if exists we add the port number to the `port` option in the `$info` array for `Net_LDAP2::bind()`. The end result of this is `host:port` which is valid and will connect successfully every time. If no port is passed the system assumes the port is the default (`389`) and the end result will be `host:389`. --- auth-ldap/authentication.php | 5 ++++- auth-ldap/config.php | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 34d78ea8..48b27a1c 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -117,7 +117,10 @@ function getServers() { if ($servers) { $hosts = array(); foreach ($servers as $h) - $hosts[] = array('host'=>$h); + if (preg_match('/([^:]+):(\d{1,4})/', $h, $matches)) + $hosts[] = array('host' => $matches[1], 'port' => $matches[2]); + else + $hosts[] = array('host' => $h); return $hosts; } } diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 84fd83e9..c94f4263 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -157,7 +157,10 @@ function pre_save(&$config, &$errors) { else { $servers = array(); foreach (preg_split('/\s+/', $config['servers']) as $host) - $servers[] = array('host' => $host); + if (preg_match('/([^:]+):(\d{1,4})/', $host, $matches)) + $servers[] = array('host' => $matches[1], 'port' => $matches[2]); + else + $servers[] = array('host' => $host); } } $connection_error = false; From d98e5f7d2d768f4ab8296931cf4bea658f1b239e Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Thu, 19 Sep 2019 10:34:41 -0500 Subject: [PATCH 074/160] Final Fixes: - Modify code for lint fixes made in osTicket - Do audit HTML in signal within the plugin - Add missing configuration - Change audit table data field to text type field - Make sure we display text appropriately (translations/htmlchars) --- audit/audit.php | 50 ++++++++++++++++++----------- audit/class.audit.php | 24 ++++++++++---- audit/templates/user-audit.tmpl.php | 12 +++---- 3 files changed, 55 insertions(+), 31 deletions(-) diff --git a/audit/audit.php b/audit/audit.php index 505cc3a2..71927812 100644 --- a/audit/audit.php +++ b/audit/audit.php @@ -14,43 +14,55 @@ function bootstrap() { // Ticket audit Signal::connect('ticket.view.more', function($ticket, &$extras) { global $thisstaff; + if (!$thisstaff || !$thisstaff->isAdmin()) + return; + + echo sprintf('
  • getId() . '/view'); + echo 'onclick="javascript: $.dialog($(this).attr(\'href\').substr(1), 201); return false;"'; + echo sprintf('>', 'icon-book' ?: 'icon-cogs'); + echo __('View Audit Log'); + echo '
  • '; + }); + // User audit tab + Signal::connect('usertab.audit', function($user, &$extras) { + global $thisstaff; if (!$thisstaff || !$thisstaff->isAdmin()) return; - $extras[] = array( - 'url' => 'ajax.php/audit/ticket/' . $ticket->getId() . '/view', - 'icon' => 'icon-book', - 'name' => __('View Audit Log') - ); + $tabTitle = str_replace('-', ' ', __('audits')); + echo sprintf('
  • %s
  • ', __('audits'), __(ucwords($tabTitle))); }); - // User audit - Signal::connect('user.view.more', function($user, &$extras) { + // User audit body + Signal::connect('user.audit', function($user, &$extras) { global $thisstaff; + if (!$thisstaff || !$thisstaff->isAdmin()) + return; + + echo ''; + }); + // Agent audit tab + Signal::connect('agenttab.audit', function($staff, &$extras) { + global $thisstaff; if (!$thisstaff || !$thisstaff->isAdmin()) return; - $extras[] = array( - 'url' => sprintf('phar:///%s/plugins/audit.phar/templates/user-audit.tmpl.php', INCLUDE_DIR), - 'icon' => 'icon-book', - 'name' => __('View Audit Log'), - 'tab' => __('audits') - ); + echo '
  • Audits
  • '; }); - // Agent audit + // Agent audit tab body Signal::connect('agent.audit', function($staff, &$extras) { global $thisstaff; - if (!$thisstaff || !$thisstaff->isAdmin()) return; - $extras[] = array( - 'url' => sprintf('phar:///%s/plugins/audit.phar/templates/agent-audit.tmpl.php', INCLUDE_DIR), - 'tab' => __('audits') - ); + echo ''; }); // Ajax View Ticket Audit diff --git a/audit/class.audit.php b/audit/class.audit.php index 0fc8c653..ac66f48c 100644 --- a/audit/class.audit.php +++ b/audit/class.audit.php @@ -262,6 +262,7 @@ function getObjectName($class) { 'manager_id' => 'Manager', 'assignment_flag' => 'Ticket Assignment', 'disable_auto_claim' => 'Claim on Response', + 'disable_reopen_auto_assign' => 'Reopen Auto Assignment', 'email_id' => 'Outgoing Email', 'tpl_id' => 'Template Set', 'ticket_auto_response' => 'New Ticket', @@ -662,7 +663,7 @@ function getDescription($event, $export=false, $userType='') { function getDataById($id, $type) { $row = self::objects() ->filter(array('object_type'=>$type, 'object_id'=>$id)) - ->values_flat('object_type', 'data', 'object_id') + ->values_flat('object_type', 'object_id', 'data') ->first(); return $row ? $row : 0; @@ -696,10 +697,14 @@ static function auditEvent($event_id, $object, $info) { if (get_class($object) == $info2[0]) $event->object_type = $key; } - $event->object_id = $object->ht['id'] ?: $object->getId(); + if ($event->object_type) + $event->object_id = $object->ht['id'] ?: $object->getId(); + else + return false; } else { $event->object_type = $object[0]; $event->object_id = $object[1]; + $event->data = $object[2]; } $event->event_id = $event_id; @@ -742,7 +747,14 @@ static function auditObjectEvent($object, $info=array()) { $event_id = Event::getIdByName($info['type']); break; default: - if (is_null($thisstaff) && is_null($thisclient) && get_class($object) == 'Ticket') { + $keys = array('updated', 'flags', 'mail_lastfetch', 'permissions', 'status'); + $classes = array('Email', 'Filter', 'Page', 'Role', 'Staff', 'Topic'); + if ($info['orm_audit'] && + (!in_array(get_class($object), $classes) || in_array($info['key'], $keys))) + return false; + + if (is_null($thisstaff) && is_null($thisclient) && + get_class($object) == 'Ticket' && $info['type'] != 'assigned') { $person = $object->getUser()->getName()->name; } elseif (is_null($thisstaff) && is_null($thisclient)) $person = __('SYSTEM'); @@ -752,8 +764,8 @@ static function auditObjectEvent($object, $info=array()) { 'person' => $person ? $person : ($thisstaff ? $thisstaff->getName()->name : $thisclient->getName()->name)); foreach ($info as $key => $value) { - if ($key != 'type') - $data[$key] = $value; + if ($key != 'type') + $data[$key] = $value; } $info['data'] = json_encode($data); @@ -795,7 +807,7 @@ static function autoCreateTable() { `event_id` int(11) unsigned DEFAULT NULL, `staff_id` int(10) unsigned NOT NULL DEFAULT \'0\', `user_id` int(10) unsigned NOT NULL DEFAULT \'0\', - `data` varchar(1024) DEFAULT NULL, + `data` text, `ip` varchar(64) DEFAULT NULL, `timestamp` datetime NOT NULL, PRIMARY KEY (`id`), diff --git a/audit/templates/user-audit.tmpl.php b/audit/templates/user-audit.tmpl.php index 2767640e..8027e24d 100644 --- a/audit/templates/user-audit.tmpl.php +++ b/audit/templates/user-audit.tmpl.php @@ -25,18 +25,18 @@ - - - + + + - - - + + + Date: Fri, 6 Mar 2020 12:53:23 -0600 Subject: [PATCH 075/160] issue: Password Validation This addresses an issue where attempting to use a password that starts with any of these characters (`= - + @`) fails with `Content cannot start with the following characters: = - + @` validation error. This adds a new validator to the Password Field called `noop` that skips validation. LDAP passwords do not need to be validated or checked against any local password policies as we are using an externally created password, not creating a new one inside the software. --- auth-ldap/config.php | 1 + 1 file changed, 1 insertion(+) diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 84fd83e9..2b978ae8 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -87,6 +87,7 @@ function($self, $val) use ($__) { 'bind_pw' => new TextboxField(array( 'widget' => 'PasswordWidget', 'label' => $__('Password'), + 'validator' => 'noop', 'hint' => $__("Password associated with the DN's account"), 'configuration' => array('size'=>40), )), From 3d1990b6de4aea6dd3c6e1d3bb0cffe720cfc505 Mon Sep 17 00:00:00 2001 From: JediKev Date: Tue, 10 Mar 2020 15:13:44 -0500 Subject: [PATCH 076/160] audit: Use X-Forwarded-For Address MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This addresses issue reported at osTicket/osTicket/issues/5315 where the Audit Log plugin uses the REMOTE_ADDR header for the IP Address for some log entries which can be incorrect in some cases. A good case would be a reverse proxy, the `REMOTE_ADDR` header will be the IP Address of the Proxy and not the original Client’s IP. In order to get the actual Client IP Address from a proxied request you need to scan the request for the `X-Forwarded-For` header. osTicket already has function to accomplish this called `get_client_ip()`. This updates `audit/class.audit.php` to use `get_client_ip()` instead of the `REMOTE_ADDR` header which should return the actual Client IP Address. --- audit/class.audit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audit/class.audit.php b/audit/class.audit.php index ac66f48c..0d56018a 100644 --- a/audit/class.audit.php +++ b/audit/class.audit.php @@ -708,7 +708,7 @@ static function auditEvent($event_id, $object, $info) { } $event->event_id = $event_id; - $event->ip = $_SERVER['REMOTE_ADDR']; + $event->ip = osTicket::get_client_ip(); if ($thisstaff) $event->staff_id = $thisstaff->getId(); From 78927bad787982757f817526222c0f458fba7495 Mon Sep 17 00:00:00 2001 From: JediKev Date: Tue, 10 Mar 2020 15:15:58 -0500 Subject: [PATCH 077/160] audit: New Agent DB Error This addresses an issue where having the Audit Log plugin Enabled and creating a new Agent throws a DB Error 1064. This error is due to an incomplete Staff object (as it's being created) which causes issues in later methods. This adds a check for a Staff ID and if none we avoid running the Audit queries. --- audit/templates/agent-audit.tmpl.php | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/audit/templates/agent-audit.tmpl.php b/audit/templates/agent-audit.tmpl.php index 74481ceb..919f72af 100644 --- a/audit/templates/agent-audit.tmpl.php +++ b/audit/templates/agent-audit.tmpl.php @@ -3,11 +3,13 @@ parse_str($_SERVER['QUERY_STRING'], $args); unset($args['p'], $args['_pjax']); -$events = AuditEntry::getTableInfo($staff); -$total = count($events); -$qwhere = AuditEntry::getQwhere($staff); -$pageNav=AuditEntry::getPageNav($qwhere); -$pageNav->setURL('staff.php', $args); +if ($staffId = $staff->getId()) { + $events = AuditEntry::getTableInfo($staff); + $total = count($events); + $qwhere = AuditEntry::getQwhere($staff); + $pageNav=AuditEntry::getPageNav($qwhere); + $pageNav->setURL('staff.php', $args); +} ?>

    @@ -40,7 +42,7 @@ -
    + @@ -56,9 +58,9 @@
    '; - echo ' '.__('Page').':'.$pageNav->getPageLinks('audits').' '; + if ($staffId) echo ' '.__('Page').':'.$pageNav->getPageLinks('audits').' '; echo sprintf('%s', - $staff->getId(), + $staffId, 'audit-export', __('Export')); echo ''; From 03f4c453f73d251944415e6d51f6b42ad376e66b Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Tue, 24 Mar 2020 13:41:14 -0500 Subject: [PATCH 078/160] Issue: Include Templates This coommit fixes an issue we had with including the audit templates. --- audit/audit.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/audit/audit.php b/audit/audit.php index 71927812..ea61bf5b 100644 --- a/audit/audit.php +++ b/audit/audit.php @@ -41,7 +41,7 @@ function bootstrap() { return; echo ''; }); @@ -61,7 +61,7 @@ function bootstrap() { return; echo ''; }); From eacc45719d3ae81eb6ac0d4e72501a588b5bae9d Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Wed, 25 Mar 2020 09:19:53 -0500 Subject: [PATCH 079/160] Audit Log Fixes - Ticket Audit timestamp sort fix - User Audit description formatting fix --- audit/templates/ticket-audit.tmpl.php | 4 +++- audit/templates/user-audit.tmpl.php | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/audit/templates/ticket-audit.tmpl.php b/audit/templates/ticket-audit.tmpl.php index 19c51a0e..7f536410 100644 --- a/audit/templates/ticket-audit.tmpl.php +++ b/audit/templates/ticket-audit.tmpl.php @@ -33,7 +33,9 @@ - + diff --git a/audit/templates/user-audit.tmpl.php b/audit/templates/user-audit.tmpl.php index 8027e24d..c46768fe 100644 --- a/audit/templates/user-audit.tmpl.php +++ b/audit/templates/user-audit.tmpl.php @@ -34,9 +34,9 @@ - - - + + + Date: Wed, 15 Apr 2020 20:55:41 +0200 Subject: [PATCH 080/160] Switching composer to stable version Fix #173 --- make.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make.php b/make.php index b96a7aa7..40ebd409 100644 --- a/make.php +++ b/make.php @@ -640,7 +640,7 @@ function ensureComposer() { } function getComposer() { - list($code, $phar) = $this->_http_get('https://getcomposer.org/composer.phar'); + list($code, $phar) = $this->_http_get('https://getcomposer.org/composer-stable.phar'); if (!($fp = fopen(dirname(__file__).'/composer.phar', 'wb'))) $this->fail('Cannot install composer: Unable to write "composer.phar"'); From 15f30ebc783f4f3bfc8f478facc1a344181c0b04 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Thu, 23 Apr 2020 15:08:53 -0500 Subject: [PATCH 081/160] Issue: Class AuditEntry Not Found This commit allows us to use the object.deleted signal when deleting help topics, categories, and pages which will prevent us from calling the AuditEntry class from the main osTicket codebase. --- audit/class.audit.php | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/audit/class.audit.php b/audit/class.audit.php index ac66f48c..dd5d2538 100644 --- a/audit/class.audit.php +++ b/audit/class.audit.php @@ -737,6 +737,7 @@ static function auditSpecialEvent($object, $info=array()) { static function auditObjectEvent($object, $info=array()) { global $thisstaff, $thisclient; + $event_id = Event::getIdByName($info['type']); $types = self::getTypes(); foreach ($types as $abbrev => $data) { if (is_object($object) && (get_class($object) == $data[0])) { @@ -744,7 +745,6 @@ static function auditObjectEvent($object, $info=array()) { case 'X': $data = array('person' => $thisstaff->getName()->name, 'key' => $info['key']); $info['data'] = json_encode($data); - $event_id = Event::getIdByName($info['type']); break; default: $keys = array('updated', 'flags', 'mail_lastfetch', 'permissions', 'status'); @@ -759,7 +759,7 @@ static function auditObjectEvent($object, $info=array()) { } elseif (is_null($thisstaff) && is_null($thisclient)) $person = __('SYSTEM'); - $name = $object ? call_user_func(array($object, $data[1])) : ''; + $name = $object ? call_user_func(array($object, $data[1])) : __('NA'); $data = array('name' => is_object($name) ? $name->name : $name, 'person' => $person ? $person : ($thisstaff ? $thisstaff->getName()->name : $thisclient->getName()->name)); @@ -769,14 +769,23 @@ static function auditObjectEvent($object, $info=array()) { } $info['data'] = json_encode($data); - $event_id = Event::getIdByName($info['type']); break; } } } if (!is_object($object)) { - $info['data'] = json_encode($object); - $event_id = Event::getIdByName($info['type']); + if (!is_array($object)) { + if ($data = AuditEntry::getDataById($object, $info['abbrev'])) + $name = json_decode($data[2], true); + else { + $name = __('NA'); + $data = array($info['abbrev'], $object); + } + $info['data'] = json_encode($data); + + return static::auditEvent($event_id, $data, $info); + } else + $info['data'] = json_encode($object); } return static::auditEvent($event_id, $object, $info); From 8eafd08f4fa9335c72893aa39a85ce76440b0837 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Thu, 30 Apr 2020 15:35:30 -0500 Subject: [PATCH 082/160] Issue: Extra String in Link This commit fixes an issue with the last commit where the timestamp sort was being added twice which threw off the pagination for the ticket audit modal. --- audit/templates/ticket-audit.tmpl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audit/templates/ticket-audit.tmpl.php b/audit/templates/ticket-audit.tmpl.php index 7f536410..935525ff 100644 --- a/audit/templates/ticket-audit.tmpl.php +++ b/audit/templates/ticket-audit.tmpl.php @@ -34,7 +34,7 @@ From 61a32ba81c3172ba85f11291d84a1fa4fc580fd9 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Fri, 1 May 2020 09:25:22 -0500 Subject: [PATCH 083/160] Audit Issue This commit fixes an issue where the pagination links were not being correctly formatted in the ticket audit modal. --- audit/templates/ticket-audit.tmpl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audit/templates/ticket-audit.tmpl.php b/audit/templates/ticket-audit.tmpl.php index 935525ff..5f1d30dd 100644 --- a/audit/templates/ticket-audit.tmpl.php +++ b/audit/templates/ticket-audit.tmpl.php @@ -57,7 +57,7 @@ $links = str_replace('tickets.php?&', $url, $links); $links = str_replace('?p', '?'.$qstr.'&p', $links); echo '
    '; - echo ' '.__('Page').':'.$pageNav->getPageLinks('audits').' '; + echo ' '.__('Page').':'.$links.' '; echo sprintf('%s', $ticketId, 'audit-export', From 7f5658a86c957413ce0c42cf27b831a9df9d898a Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Wed, 18 Mar 2015 15:46:47 -0500 Subject: [PATCH 084/160] auth: Add concept of a password complexity plugin --- auth-password-complexity/auth.php | 133 ++++++++++++++++++++++++++++ auth-password-complexity/plugin.php | 13 +++ 2 files changed, 146 insertions(+) create mode 100644 auth-password-complexity/auth.php create mode 100644 auth-password-complexity/plugin.php diff --git a/auth-password-complexity/auth.php b/auth-password-complexity/auth.php new file mode 100644 index 00000000..86f4fb18 --- /dev/null +++ b/auth-password-complexity/auth.php @@ -0,0 +1,133 @@ + new ChoiceField(array( + 'label' => 'Enforcement Configuration Scheme', + 'required' => true, + 'choices' => array( + 'cl' => 'Classes', + 'en' => 'Entropy', + ), + 'default' => 'en', + 'hint' => 'Select the mode of configuration of complexity enforcement', + )), + + // Character classes + 'length' => new TextboxField(array( + 'required' => true, + 'label' => 'Minimum Length', + 'configuration' => array( + 'validator' => 'number', + 'size' => 5, + ), + 'default' => 6, + 'visibility' => new VisibilityConstraint( + new Q(array('scheme__eq' => 'cl')), + VisibilityConstraint::HIDDEN + ), + )), + 'classes' => new TextboxField(array( + 'required' => true, + 'label' => 'Character classes required', + 'configuration' => array( + 'validator' => 'number', + 'size' => 5, + ), + 'hint' => 'Require this number of character classes: upper, lower, number, and special characters', + 'default' => 3, + 'visibility' => new VisibilityConstraint( + new Q(array('scheme__eq' => 'cl'))), + )), + + // Entropy + 'entropy' => new ChoiceField(array( + 'required' => true, + 'label' => 'Minimum Entropy', + 'choices' => array( + '32' => 'Weak (32 bits)', + '56' => 'Reasonable (56 bits)', + '80' => 'Strong (80 bits)', + '108' => 'Insane (108 bits)', + ), + 'default' => 32, + 'visibility' => new VisibilityConstraint( + new Q(array('scheme__eq' => 'en'))), + 'hint' => 'Require this password strength for new passwords. See the wikipedia page for password strength for more reading on entropy', + )), + ); + } +} + +class PasswordComplexityPolicy +extends PasswordPolicy { + var $config; + + function __construct($config) { + $this->config = $config; + } + + function processPassword($password, $current=false) { + switch ($this->config->get('scheme')) { + case 'en': + // Calculate total possible char count + if (preg_match('/[a-z]/', $password)) + $chars += 26; + if (preg_match('/[A-Z]/', $password)) + $chars += 26; + if (preg_match('/[0-9]/', $password)) + $chars += 10; + if (preg_match('/[!@#$%^&*()]/', $password)) + $chars += 10; + if (preg_match('/ /', $password)) + $chars += 1; + if (preg_match('@[`~_=+[{\]}\\|;:\'",<.>/?-]@', $password)) + $chars += 20; + // High ASCII / UTF-8 + if (preg_match('/[\x80-\xff]/', $password)) + $chars += 128; + + $entropy = strlen($password) * log($chars) / log(2); + + if ($entropy < $this->config->get('entropy')) + throw new BadPassword( + 'Password is not complex enough. Try a longer one or use upper case letters, number,and symbols.'.' '. + sprintf('Score: %d of %d', $entropy, $this->config->get('entropy')) + ); + break; + + case 'cl': + if (preg_match('/\p{Ll}/u', $password)) + $classes++; + if (preg_match('/\p{Lu}/u', $password)) + $classes++; + if (preg_match('/\p{N}/u', $password)) + $classes++; + if (preg_match('/[\pP\pS\pZ]/u', $password)) + $classes++; + + if (mb_strlen($password) < $this->config->get('length')) { + throw new BadPassword( + sprintf('Password is too short — must be %d characters', + $this->config->get('length')) + ); + } + if ($classes < $this->config->get('classes')) { + throw new BadPassword( + 'Password does not meet complexity requirements. Add upper, lower case letters, number, and symbols' + ); + } + } + } +} + +class PasswordComplexityPlugin +extends Plugin { + var $config_class = 'PasswordComplexityConfig'; + + function bootstrap() { + PasswordPolicy::register(new PasswordComplexityPolicy($this->getConfig())); + } +} diff --git a/auth-password-complexity/plugin.php b/auth-password-complexity/plugin.php new file mode 100644 index 00000000..545dca52 --- /dev/null +++ b/auth-password-complexity/plugin.php @@ -0,0 +1,13 @@ + 'auth:password-complexity', # notrans + 'version' => '0.1', + 'name' => 'Password Complexity Enforcer', + 'author' => 'Jared Hancock', + 'description' => 'Aggrivate your users with password complexity requirements!', + 'url' => 'http://www.osticket.com/plugins/auth/password-complexity', + 'plugin' => 'auth.php:PasswordComplexityPlugin' +); + +?> From 78ae84dd10bb4ec15b1d212c38bf963aea6f9bb8 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Wed, 10 Jun 2020 00:43:44 +0000 Subject: [PATCH 085/160] Password Policy Plugin This commit extends and generalizes PR made by Jared. Notabled changes include; * Make plugin generic password policy plugin as opposed to just password complexity plugin * Support both class of characters AND password strength checking * Support checking policy on login. --- auth-password-complexity/auth.php | 133 -------------------- auth-password-complexity/plugin.php | 13 -- auth-password-policy/auth.php | 189 ++++++++++++++++++++++++++++ auth-password-policy/plugin.php | 13 ++ 4 files changed, 202 insertions(+), 146 deletions(-) delete mode 100644 auth-password-complexity/auth.php delete mode 100644 auth-password-complexity/plugin.php create mode 100644 auth-password-policy/auth.php create mode 100644 auth-password-policy/plugin.php diff --git a/auth-password-complexity/auth.php b/auth-password-complexity/auth.php deleted file mode 100644 index 86f4fb18..00000000 --- a/auth-password-complexity/auth.php +++ /dev/null @@ -1,133 +0,0 @@ - new ChoiceField(array( - 'label' => 'Enforcement Configuration Scheme', - 'required' => true, - 'choices' => array( - 'cl' => 'Classes', - 'en' => 'Entropy', - ), - 'default' => 'en', - 'hint' => 'Select the mode of configuration of complexity enforcement', - )), - - // Character classes - 'length' => new TextboxField(array( - 'required' => true, - 'label' => 'Minimum Length', - 'configuration' => array( - 'validator' => 'number', - 'size' => 5, - ), - 'default' => 6, - 'visibility' => new VisibilityConstraint( - new Q(array('scheme__eq' => 'cl')), - VisibilityConstraint::HIDDEN - ), - )), - 'classes' => new TextboxField(array( - 'required' => true, - 'label' => 'Character classes required', - 'configuration' => array( - 'validator' => 'number', - 'size' => 5, - ), - 'hint' => 'Require this number of character classes: upper, lower, number, and special characters', - 'default' => 3, - 'visibility' => new VisibilityConstraint( - new Q(array('scheme__eq' => 'cl'))), - )), - - // Entropy - 'entropy' => new ChoiceField(array( - 'required' => true, - 'label' => 'Minimum Entropy', - 'choices' => array( - '32' => 'Weak (32 bits)', - '56' => 'Reasonable (56 bits)', - '80' => 'Strong (80 bits)', - '108' => 'Insane (108 bits)', - ), - 'default' => 32, - 'visibility' => new VisibilityConstraint( - new Q(array('scheme__eq' => 'en'))), - 'hint' => 'Require this password strength for new passwords. See the wikipedia page for password strength for more reading on entropy', - )), - ); - } -} - -class PasswordComplexityPolicy -extends PasswordPolicy { - var $config; - - function __construct($config) { - $this->config = $config; - } - - function processPassword($password, $current=false) { - switch ($this->config->get('scheme')) { - case 'en': - // Calculate total possible char count - if (preg_match('/[a-z]/', $password)) - $chars += 26; - if (preg_match('/[A-Z]/', $password)) - $chars += 26; - if (preg_match('/[0-9]/', $password)) - $chars += 10; - if (preg_match('/[!@#$%^&*()]/', $password)) - $chars += 10; - if (preg_match('/ /', $password)) - $chars += 1; - if (preg_match('@[`~_=+[{\]}\\|;:\'",<.>/?-]@', $password)) - $chars += 20; - // High ASCII / UTF-8 - if (preg_match('/[\x80-\xff]/', $password)) - $chars += 128; - - $entropy = strlen($password) * log($chars) / log(2); - - if ($entropy < $this->config->get('entropy')) - throw new BadPassword( - 'Password is not complex enough. Try a longer one or use upper case letters, number,and symbols.'.' '. - sprintf('Score: %d of %d', $entropy, $this->config->get('entropy')) - ); - break; - - case 'cl': - if (preg_match('/\p{Ll}/u', $password)) - $classes++; - if (preg_match('/\p{Lu}/u', $password)) - $classes++; - if (preg_match('/\p{N}/u', $password)) - $classes++; - if (preg_match('/[\pP\pS\pZ]/u', $password)) - $classes++; - - if (mb_strlen($password) < $this->config->get('length')) { - throw new BadPassword( - sprintf('Password is too short — must be %d characters', - $this->config->get('length')) - ); - } - if ($classes < $this->config->get('classes')) { - throw new BadPassword( - 'Password does not meet complexity requirements. Add upper, lower case letters, number, and symbols' - ); - } - } - } -} - -class PasswordComplexityPlugin -extends Plugin { - var $config_class = 'PasswordComplexityConfig'; - - function bootstrap() { - PasswordPolicy::register(new PasswordComplexityPolicy($this->getConfig())); - } -} diff --git a/auth-password-complexity/plugin.php b/auth-password-complexity/plugin.php deleted file mode 100644 index 545dca52..00000000 --- a/auth-password-complexity/plugin.php +++ /dev/null @@ -1,13 +0,0 @@ - 'auth:password-complexity', # notrans - 'version' => '0.1', - 'name' => 'Password Complexity Enforcer', - 'author' => 'Jared Hancock', - 'description' => 'Aggrivate your users with password complexity requirements!', - 'url' => 'http://www.osticket.com/plugins/auth/password-complexity', - 'plugin' => 'auth.php:PasswordComplexityPlugin' -); - -?> diff --git a/auth-password-policy/auth.php b/auth-password-policy/auth.php new file mode 100644 index 00000000..f61149d8 --- /dev/null +++ b/auth-password-policy/auth.php @@ -0,0 +1,189 @@ + new TextboxField(array( + 'required' => true, + 'label' => __('Minimum length'), + 'configuration' => array( + 'validator' => 'number', + 'size' => 4, + ), + 'default' => 8, + 'hint' => __('Minimum characters required'), + )), + // Classes of characters + 'classes' => new ChoiceField(array( + 'required' => true, + 'label' => __('Character classes required'), + 'choices' => array( + '2' => sprintf('%s (2)', __('Two')), + '3' => sprintf('%s (3)', __('Three')), + '4' => sprintf('%s (4)', __('Four')), + ), + 'default' => 3, + 'hint' => __('Require this number of character classes: upper, lower, number, and special characters'), + )), + // Entropy + 'entropy' => new ChoiceField(array( + 'required' => false, + 'label' => __('Password strength'), + 'choices' => array( + '' => __('Disable'), + '32' => sprintf('%s (32 bits)', __('Weak')), + '56' => sprintf('%s (56 bits)', __('Good')), + '80' => sprintf('%s (80 bits)', __('Strong')), + '108' => sprintf('%s (108 bits)', __('Awesome')), + ), + 'default' => '', + 'hint' => sprintf('%s %s', + __('Enforce minimum password entropy.'), + __('See the wikipedia page for password strength for more reading on entropy')), + )), + // Enforcement + 'onlogin' => new BooleanField(array( + 'required' => false, + 'label' => __('Enforce on login'), + 'default' => false, + 'configuration'=>array( + 'desc' => __('Enforce password policies on login') + ), + 'hint' => __('Enforce password policies the next time a user login.') + )), + // Reuse + 'reuse' => new BooleanField(array( + 'required' => false, + 'label' => __('Password reuse'), + 'default' => false, + 'configuration'=>array( + 'desc' => __('Allow reuse') + ), + 'hint' => __('Allow password reuse') + )), + // Expiration + 'expires' => new ChoiceField(array( + 'required' => false, + 'label' => __('Password expiration'), + 'choices' => array( + '' => __('Never expires'), + '30' => __('30 days'), + '60' => __('60 days'), + '90' => __('90 days'), + '180' => __('180 days'), + '365' => __('365 days'), + ), + 'default' => '', + 'hint' => __('Password reset frequency') + )), + ); + } +} + +class PasswordManagementPolicy +extends PasswordPolicy { + var $config; + static $id = 'ppp'; + static $name = /* @trans */ "Password Management Plugin"; + + function __construct($config) { + $this->config = $config; + } + + function onLogin($user, $password) { + if (is_a($user, 'RegisteredUser')) + return; + + // Check password length and strength + if ($this->config->get('onlogin')) + $this->processPassword($password); + + // Check password expiration + if ($this->config->get('expires') + && ($time = $user->getPasswdResetTimestamp()) + && ($time < (time()-($this->config->get('expires')*86400)))) + throw new ExpiredPassword(__('Expired Password')); + } + + function onSet($password, $current=false) { + return $this->processPassword($password, $current); + } + + private function processPassword($password, $current=false) { + + // Current vs. new password + if ($current + && !$this->config->get('reuse') + && 0 === strcasecmp($passwd, $current)) { + throw new BadPassword( + __('New password MUST be different from the current password!')); + } + + // Password length + if (mb_strlen($password) < $this->config->get('length')) { + throw new BadPassword( + sprintf(__('Password is too short — must be %d characters'), + $this->config->get('length')) + ); + } + + // Class of characters + if ($this->config->get('classes')) { + if (preg_match('/\p{Ll}/u', $password)) + $classes++; + if (preg_match('/\p{Lu}/u', $password)) + $classes++; + if (preg_match('/\p{N}/u', $password)) + $classes++; + if (preg_match('/[\pP\pS\pZ]/u', $password)) + $classes++; + + if ($classes < $this->config->get('classes')) + throw new BadPassword(sprintf('%s %s', + __('Password does not meet complexity requirements.'), + __('Add upper, lower case letters, number, and symbols') + )); + } + + // Password strength + if ($this->config->get('entropy')) { + // Calculate total possible char count + if (preg_match('/[a-z]/', $password)) + $chars += 26; + if (preg_match('/[A-Z]/', $password)) + $chars += 26; + if (preg_match('/[0-9]/', $password)) + $chars += 10; + if (preg_match('/[!@#$%^&*()]/', $password)) + $chars += 10; + if (preg_match('/ /', $password)) + $chars += 1; + if (preg_match('@[`~_=+[{\]}\\|;:\'",<.>/?-]@', $password)) + $chars += 20; + // High ASCII / UTF-8 + if (preg_match('/[\x80-\xff]/', $password)) + $chars += 128; + + $entropy = strlen($password) * log($chars) / log(2); + + if ($entropy < $this->config->get('entropy')) + throw new BadPassword(sprintf('%s %s %s', + __('Password is not complex enough.'), + __('Try a longer one or use upper case letters, number,and symbols.'), + sprintf(__('Score: %d of %d'), $entropy, + $this->config->get('entropy')) + )); + } + } +} + +class PasswordManagementPlugin +extends Plugin { + var $config_class = 'PasswordManagementConfig'; + + function bootstrap() { + PasswordPolicy::register(new PasswordManagementPolicy($this->getConfig())); + } +} diff --git a/auth-password-policy/plugin.php b/auth-password-policy/plugin.php new file mode 100644 index 00000000..7dfaefb2 --- /dev/null +++ b/auth-password-policy/plugin.php @@ -0,0 +1,13 @@ + 'auth:password-policy', # notrans + 'version' => '0.1', + 'name' => 'Password Management Policies', + 'author' => 'Jared Hancock, Peter Rotich', + 'description' => 'Aggrivate your users with password management policies!', + 'url' => 'http://www.osticket.com/plugins/auth/password-policy', + 'plugin' => 'auth.php:PasswordManagementPlugin' +); + +?> From 7decf6baf171ddbd6084a52df3f7fa33dbcdc461 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Mon, 30 Nov 2020 15:49:44 -0600 Subject: [PATCH 086/160] Issue: Audit Events This commit fixes an issue where we would always try to add events to the event table when installing the plugin when it was possible that they already existed. Now, we'll check to make sure those events don't exist before creating them, and if they do exist, log a warning (if warnings are being logged for the helpdesk). --- audit/class.audit.php | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/audit/class.audit.php b/audit/class.audit.php index 1751c276..ebc34e36 100644 --- a/audit/class.audit.php +++ b/audit/class.audit.php @@ -798,16 +798,36 @@ static function create($vars=array()) { } static function autoCreateTable() { + global $ost; + $sql = 'SHOW TABLES LIKE \''.TABLE_PREFIX.'audit\''; if (db_num_rows(db_query($sql))) return true; else { - $sql = sprintf('INSERT INTO `%s` VALUES - ("", "login",""), - ("", "logout",""), - ("", "message",""), - ("", "note","")', TABLE_PREFIX.'event'); - db_query($sql); + $event_type = array('login', 'logout', 'message', 'note'); + foreach($event_type as $eType) { + $sql = sprintf("SELECT * FROM `%s` WHERE name = '%s'", + TABLE_PREFIX.'event', $eType); + + $res=db_query($sql); + $count = db_num_rows($res); + + if($count > 0) { + $message = "Event '$eType' already exists."; + $ost->logWarning('Audit Log Installation: Add Events', $message, false); + } else { + // Add event + $sql = sprintf("INSERT INTO `%s` (`id`, `name`, `description`) + VALUES + ('','%s',NULL)", + TABLE_PREFIX.'event', $eType); + + if(!($res=db_query($sql))) { + $message = "Unable to add $eType event to `".TABLE_PREFIX.'event'."`."; + $ost->logWarning('Audit Log Installation: Add Events', $message, false); + } + } + } $sql = sprintf('CREATE TABLE `%s` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, From fd9b326ebdb324e3a50cde3516fb25c84849095f Mon Sep 17 00:00:00 2001 From: Ryno Date: Fri, 15 Jan 2021 14:03:20 +0200 Subject: [PATCH 087/160] Use Composer 1 Modified make.php Currently it's getting composer-stable, which happens to be composer 2. It seems that the installation is not compatible with composer 2. --- make.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make.php b/make.php index 40ebd409..8317a8bd 100644 --- a/make.php +++ b/make.php @@ -640,7 +640,7 @@ function ensureComposer() { } function getComposer() { - list($code, $phar) = $this->_http_get('https://getcomposer.org/composer-stable.phar'); + list($code, $phar) = $this->_http_get('https://getcomposer.org/composer-1.phar'); if (!($fp = fopen(dirname(__file__).'/composer.phar', 'wb'))) $this->fail('Cannot install composer: Unable to write "composer.phar"'); From e16b803e2c0a02d1be62204d1fbbb9bf2b23a83d Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Tue, 2 Feb 2021 09:00:39 -0600 Subject: [PATCH 088/160] Attachments in Amazon S3: Folders This commit adds a new field to the plugin configuration that allows the Admin to put in an S3 Folder Path if they want to upload files to a specific S3 folder. If no folder is provided, the file will be uploaded directly to the S3 Bucket. If a folder is specified and it does not currently exist in S3, the folder will be created. --- storage-s3/config.php | 4 ++++ storage-s3/storage.php | 22 +++++++++++++++------- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/storage-s3/config.php b/storage-s3/config.php index e6e8779d..3fff2473 100644 --- a/storage-s3/config.php +++ b/storage-s3/config.php @@ -23,6 +23,10 @@ function getOptions() { 'label' => $__('S3 Bucket'), 'configuration' => array('size'=>40), )), + 'folder' => new TextboxField(array( + 'label' => $__('S3 Folder Path'), + 'configuration' => array('size'=>40), + )), 'aws-region' => new ChoiceField(array( 'label' => $__('AWS Region'), 'choices' => array( diff --git a/storage-s3/storage.php b/storage-s3/storage.php index c6770d83..cdddc867 100644 --- a/storage-s3/storage.php +++ b/storage-s3/storage.php @@ -54,7 +54,7 @@ function read($bytes=false) { return $chunk; } catch (Aws\S3\Exception\NoSuchKeyException $e) { - throw new IOException($this->meta->getKey() + throw new IOException(self::getKey() .': Unable to locate file: '.(string)$e); } } @@ -63,12 +63,12 @@ function fpassthru() { try { $res = $this->client->getObject(array( 'Bucket' => static::$config['bucket'], - 'Key' => $this->meta->getKey(), + 'Key' => self::getKey(), )); fpassthru($res['Body']); } catch (Aws\S3\Exception\NoSuchKeyException $e) { - throw new IOException($this->meta->getKey() + throw new IOException(self::getKey() .': Unable to locate file: '.(string)$e); } } @@ -109,7 +109,7 @@ function upload($filepath) { $info = $this->client->upload( static::$config['bucket'], - $this->meta->getKey(), + self::getKey(), $filepath, static::$config['acl'] ?: 'private', array('params' => $params) @@ -140,7 +140,7 @@ function sendRedirectUrl($disposition='inline') { $now = time(); Http::redirect($this->client->getObjectUrl( static::$config['bucket'], - $this->meta->getKey(), + self::getKey(), $now + 86400 - ($now % 86400), # Expire at midnight array( 'ResponseContentDisposition' => sprintf("%s; %s;", @@ -154,7 +154,7 @@ function unlink() { try { $this->client->deleteObject(array( 'Bucket' => static::$config['bucket'], - 'Key' => $this->meta->getKey() + 'Key' => self::getKey() )); return true; } @@ -192,7 +192,7 @@ protected function getSignedRequest($command) protected function openReadStream() { $params = array( 'Bucket' => static::$config['bucket'], - 'Key' => $this->meta->getKey(), + 'Key' => self::getKey(), ); // Create the command and serialize the request @@ -217,6 +217,14 @@ protected function openReadStream() { protected function openWriteStream() { $this->body = new EntityBody(fopen('php://temp', 'r+')); } + + function getKey() { + $key = static::$config['folder'] ? + sprintf('%s/%s', static::$config['folder'], $this->meta->getKey()) : + $this->meta->getKey(); + + return $key; + } } require_once 'config.php'; From aea31286a9c4b4f237e8d8f6fbdf3a2c5657406e Mon Sep 17 00:00:00 2001 From: Alex <7813306+mehov@users.noreply.github.com> Date: Fri, 12 Feb 2021 16:03:43 +0200 Subject: [PATCH 089/160] Fix "name : Does not match the regex pattern" Needs to be lowercase. See https://stackoverflow.com/questions/63223402/composer-json-validation-error-for-regex-pattern-a-z0-9-a-z0-9-a/63225886#63225886 for more info. --- make.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make.php b/make.php index 40ebd409..402d49cd 100644 --- a/make.php +++ b/make.php @@ -662,7 +662,7 @@ function resolveDependencies($autoupdate=true) { // Write composer.json file $composer = << Date: Fri, 12 Feb 2021 16:08:29 +0200 Subject: [PATCH 090/160] Fix "pear-pear.php.net/Net_LDAP2 is invalid" > [RuntimeException] > require.pear-pear.php.net/Net_LDAP2 is invalid, it should not contain uppercase characters. Please use pear-pear.php.net/net_ldap2 instead. --- auth-ldap/plugin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index 06a66a11..5f574fb3 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -11,10 +11,10 @@ 'url' => 'http://www.osticket.com/plugins/auth/ldap', 'plugin' => 'authentication.php:LdapAuthPlugin', 'requires' => array( - "pear-pear.php.net/Net_LDAP2" => array( + "pear-pear.php.net/net_ldap2" => array( "version" => "*", "map" => array( - 'pear-pear.php.net/Net_LDAP2' => 'include', + 'pear-pear.php.net/net_ldap2' => 'include', ), ), ), From 2e0ae7fdcd2951f7feb94821938b88cde574c754 Mon Sep 17 00:00:00 2001 From: JediKev Date: Mon, 12 Apr 2021 19:50:15 +0000 Subject: [PATCH 091/160] issue: Host/Port Int Vals This addresses an issue introduced with 162 where the port number is extracted from the Servers textbox but it is a string value instead of an int value. The `Net_LDAP2::__construct()` function expects the port number to be an integer so this casts the port number to an int. --- auth-ldap/authentication.php | 2 +- auth-ldap/config.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 48b27a1c..944d3634 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -118,7 +118,7 @@ function getServers() { $hosts = array(); foreach ($servers as $h) if (preg_match('/([^:]+):(\d{1,4})/', $h, $matches)) - $hosts[] = array('host' => $matches[1], 'port' => $matches[2]); + $hosts[] = array('host' => $matches[1], 'port' => (int) $matches[2]); else $hosts[] = array('host' => $h); return $hosts; diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 9ccfbf0f..ca3380a2 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -159,7 +159,7 @@ function pre_save(&$config, &$errors) { $servers = array(); foreach (preg_split('/\s+/', $config['servers']) as $host) if (preg_match('/([^:]+):(\d{1,4})/', $host, $matches)) - $servers[] = array('host' => $matches[1], 'port' => $matches[2]); + $servers[] = array('host' => $matches[1], 'port' => (int) $matches[2]); else $servers[] = array('host' => $host); } From d7e491c92d425627b042db98b17fbc90fbbbc5b6 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Mon, 3 May 2021 09:38:58 -0500 Subject: [PATCH 092/160] Additional S3 Folder Functionality This commit adds extra functionality needed to ensure that using folders in S3 will still work with helpdesks using the existing plugin without folders as well as working if the name of the S3 folder is changed. We will now store the S3 bucket and folder name in the attrs of the file record so that we know where to retrieve the file from. If no attrs exist and you are downloading a file, we will download from the bucket configured in the plugin --- storage-s3/storage.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/storage-s3/storage.php b/storage-s3/storage.php index cdddc867..db2deb3a 100644 --- a/storage-s3/storage.php +++ b/storage-s3/storage.php @@ -5,6 +5,7 @@ use Aws\S3\S3Client; use Guzzle\Http\EntityBody; use Guzzle\Stream\PhpStreamRequestFactory; +require_once INCLUDE_DIR . 'class.json.php'; class S3StorageBackend extends FileStorageBackend { static $desc; @@ -109,7 +110,7 @@ function upload($filepath) { $info = $this->client->upload( static::$config['bucket'], - self::getKey(), + self::getKey(true), $filepath, static::$config['acl'] ?: 'private', array('params' => $params) @@ -218,13 +219,24 @@ protected function openWriteStream() { $this->body = new EntityBody(fopen('php://temp', 'r+')); } - function getKey() { - $key = static::$config['folder'] ? - sprintf('%s/%s', static::$config['folder'], $this->meta->getKey()) : + function getKey($create=false) { + $attrs = $create ? self::getAttrs() : $this->meta->getAttrs(); + $attrs = JsonDataParser::parse($attrs); + + $key = ($attrs && $attrs['folder']) ? + sprintf('%s/%s', $attrs['folder'], $this->meta->getKey()) : $this->meta->getKey(); return $key; } + + function getAttrs() { + $bucket = static::$config['bucket']; + $folder = (static::$config['folder'] ? static::$config['folder'] : ''); + $attr = JsonDataEncoder::encode(array('bucket' => $bucket, 'folder' => $folder)); + + return $attr; + } } require_once 'config.php'; From 3b26e9754282f8f2c86402a74d0996518154ae93 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Mon, 3 May 2021 12:56:30 -0500 Subject: [PATCH 093/160] Authenticator Plugin This commit adds the Authenticator Plugin to the osTicket Plugins repo. The wording of the Plugin has been changed to specify that it works with other Authenticator apps, and when a QR code is scanned, the title shown in the app is the Helpdesk title. --- auth-2fa/auth2fa.php | 44 ++++++++++ auth-2fa/class.auth2fa.php | 167 +++++++++++++++++++++++++++++++++++++ auth-2fa/config.php | 18 ++++ auth-2fa/plugin.php | 21 +++++ 4 files changed, 250 insertions(+) create mode 100644 auth-2fa/auth2fa.php create mode 100644 auth-2fa/class.auth2fa.php create mode 100644 auth-2fa/config.php create mode 100644 auth-2fa/plugin.php diff --git a/auth-2fa/auth2fa.php b/auth-2fa/auth2fa.php new file mode 100644 index 00000000..027f87ac --- /dev/null +++ b/auth-2fa/auth2fa.php @@ -0,0 +1,44 @@ +delete(); + + $tokens = ConfigItem::getConfigsByNamespace(false, 'auth.agent'); + foreach($tokens as $token) + $token->delete(); + + return parent::disable(); + } +} + +require_once(INCLUDE_DIR.'UniversalClassLoader.php'); +use Symfony\Component\ClassLoader\UniversalClassLoader_osTicket; +$loader = new UniversalClassLoader_osTicket(); +$loader->registerNamespaceFallbacks(array( + dirname(__file__).'/lib')); +$loader->register(); diff --git a/auth-2fa/class.auth2fa.php b/auth-2fa/class.auth2fa.php new file mode 100644 index 00000000..1d3cc59b --- /dev/null +++ b/auth-2fa/class.auth2fa.php @@ -0,0 +1,167 @@ +getQRCode($thisstaff); + if ($auth2FA->validateQRCode($thisstaff)) { + return array( + '' => new FreeTextField(array( + 'configuration' => array( + 'content' => sprintf( + ' + Use an Authenticator application on your phone to scan + the QR Code below. If you lose the QR Code + on the app, you will need to have your 2FA configurations reset by + a helpdesk Administrator. +
    +
    + + ', + $thisstaff->getEmail(), $qrCodeURL), + ) + )), + ); + } + } + + protected function getInputOptions() { + return array( + 'token' => new TextboxField(array( + 'id'=>1, 'label'=>__('Verification Code'), 'required'=>true, 'default'=>'', + 'validator'=>'number', + 'hint'=>__('Please enter the code from your Authenticator app'), + 'configuration'=>array( + 'size'=>40, 'length'=>40, + 'autocomplete' => 'one-time-code', + 'inputmode' => 'numeric', + 'pattern' => '[0-9]*', + 'validator-error' => __('Invalid Code format'), + ), + )), + ); + } + + function validate($form, $user) { + // Make sure form is valid and token exists + if (!($form->isValid() + && ($clean=$form->getClean()) + && $clean['token'])) + return false; + + if (!$this->validateLoginCode($clean['token'])) + return false; + + // upstream validation might throw an exception due to expired token + // or too many attempts (timeout). It's the responsibility of the + // caller to catch and handle such exceptions. + $secretKey = self::getSecretKey(); + if (!$this->_validate($secretKey)) + return false; + + // Validator doesn't do house cleaning - it's our responsibility + $this->onValidate($user); + + return true; + } + + function send($user) { + global $cfg; + + // Get backend configuration for this user + if (!$cfg || !($info = $user->get2FAConfig($this->getId()))) + return false; + + // get configuration + $config = $info['config']; + + // Generate Secret Key + if (!$this->secretKey) + $this->secretKey = self::getSecretKey($user); + + $this->store($this->secretKey); + + return true; + } + + function store($secretKey) { + global $thisstaff; + + $store = &$_SESSION['_2fa'][$this->getId()]; + $store = ['otp' => $secretKey, 'time' => time(), 'strikes' => 0]; + + if ($thisstaff) { + $config = array('config' => array('key' => $secretKey, 'external2fa' => true)); + $_config = new Config('staff.'.$thisstaff->getId()); + $_config->set($this->getId(), JsonDataEncoder::encode($config)); + $thisstaff->_config = $_config->getInfo(); + $errors['err'] = ''; + } + + return $store; + } + + function validateLoginCode($code) { + $auth2FA = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); + $secretKey = self::getSecretKey(); + + return $auth2FA->checkCode($secretKey, $code); + } + + function getSecretKey($staff=false) { + if (!$staff) { + $s = StaffAuthenticationBackend::getUser(); + $staff = Staff::lookup($s->getId()); + } + + if (!$token = ConfigItem::getConfigsByNamespace('staff.'.$staff->getId(), 'auth.agent')) { + $auth2FA = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); + $this->secretKey = $auth2FA->generateSecret(); + $this->store($this->secretKey); + } + + $key = $token->value ?: $this->secretKey; + if (strpos($key, 'config')) { + $key = json_decode($key, true); + $key = $key['config']['key']; + } + + return $key; + } + + function getQRCode($staff=false) { + global $cfg; + + $staffEmail = $staff->getEmail(); + $secretKey = self::getSecretKey($staff); + + return \Sonata\GoogleAuthenticator\GoogleQrUrl::generate($staffEmail, $secretKey, $cfg->getTitle()); + } + + function validateQRCode($staff=false) { + $auth2FA = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); + $secretKey = self::getSecretKey($staff); + $code = self::getCode(); + + return $auth2FA->checkCode($secretKey, $code); + } + + function getCode() { + $auth2FA = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); + $secretKey = self::getSecretKey(); + + return $auth2FA->getCode($secretKey); + } +} diff --git a/auth-2fa/config.php b/auth-2fa/config.php new file mode 100644 index 00000000..362549e5 --- /dev/null +++ b/auth-2fa/config.php @@ -0,0 +1,18 @@ + '2fa:auth', # notrans + 'version' => '0.3', + 'name' => /* trans */ 'Two Factor Authenticator', + 'author' => 'Adriane Alexander', + 'description' => /* trans */ 'Provides 2 Factor Authentication + using an Authenticator App', + 'url' => 'https://www.osticket.com/download', + 'plugin' => 'auth2fa.php:Auth2FAPlugin', + 'requires' => array( + "sonata-project/google-authenticator" => array( + "version" => "*", + "map" => array( + "sonata-project/google-authenticator/src" => 'lib/Sonata/GoogleAuthenticator', + ) + ), + ), +); +?> From 52664e2b3469453ad97cd5c0ffc0e6cf00be68a3 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Wed, 5 May 2021 14:27:05 -0500 Subject: [PATCH 094/160] Issue: Use Static Id This commit makes sure we're using the defined static $id for the database key of the plugin. --- auth-2fa/auth2fa.php | 4 ++-- auth-2fa/class.auth2fa.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/auth-2fa/auth2fa.php b/auth-2fa/auth2fa.php index 027f87ac..115a7309 100644 --- a/auth-2fa/auth2fa.php +++ b/auth-2fa/auth2fa.php @@ -24,11 +24,11 @@ function uninstall() { } function disable() { - $default2fas = ConfigItem::getConfigsByNamespace(false, 'default_2fa', 'auth.agent'); + $default2fas = ConfigItem::getConfigsByNamespace(false, 'default_2fa', static::$id); foreach($default2fas as $default2fa) $default2fa->delete(); - $tokens = ConfigItem::getConfigsByNamespace(false, 'auth.agent'); + $tokens = ConfigItem::getConfigsByNamespace(false, static::$id); foreach($tokens as $token) $token->delete(); diff --git a/auth-2fa/class.auth2fa.php b/auth-2fa/class.auth2fa.php index 1d3cc59b..5c5a59e3 100644 --- a/auth-2fa/class.auth2fa.php +++ b/auth-2fa/class.auth2fa.php @@ -126,7 +126,7 @@ function getSecretKey($staff=false) { $staff = Staff::lookup($s->getId()); } - if (!$token = ConfigItem::getConfigsByNamespace('staff.'.$staff->getId(), 'auth.agent')) { + if (!$token = ConfigItem::getConfigsByNamespace('staff.'.$staff->getId(), static::$id)) { $auth2FA = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); $this->secretKey = $auth2FA->generateSecret(); $this->store($this->secretKey); From e9ba9902ed97af1aef923c44fab03aa4a70bc468 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Fri, 29 Oct 2021 10:20:14 -0500 Subject: [PATCH 095/160] Issue: Undefined Method getUserId This commit fixes an issue in the Audit Plugin in a scenario that if we could not retrieve the staff or user during checks, the default else statement was $object->getUserId(). In the event that the object did not have that method, it resulted in a fatal error. --- audit/class.audit.php | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/audit/class.audit.php b/audit/class.audit.php index ebc34e36..1e5359f5 100644 --- a/audit/class.audit.php +++ b/audit/class.audit.php @@ -710,20 +710,23 @@ static function auditEvent($event_id, $object, $info) { $event->event_id = $event_id; $event->ip = osTicket::get_client_ip(); - if ($thisstaff) - $event->staff_id = $thisstaff->getId(); - elseif (is_object($object) && get_class($object) == 'Staff') - $event->staff_id = $object->getId(); - elseif (is_object($object) && get_class($object) == 'User') - $event->user_id = $object->getId(); - elseif ($info['uid']) - $event->user_id = $info['uid']; - elseif ($thisclient) - $event->user_id = $thisclient->getId(); - else - $event->user_id = $object->getUserId(); + try { + if ($thisstaff) + $event->staff_id = $thisstaff->getId(); + elseif (is_object($object) && get_class($object) == 'Staff') + $event->staff_id = $object->getId(); + elseif (is_object($object) && get_class($object) == 'User') + $event->user_id = $object->getId(); + elseif ($info['uid']) + $event->user_id = $info['uid']; + elseif ($thisclient) + $event->user_id = $thisclient->getId(); + + return $event->save(); + } catch (Exception $e) { + //TODO: Return an error message + } - return $event->save(); } static function auditSpecialEvent($object, $info=array()) { From 6d55c8a37588126ca9217e3cc3c7fc78760ecf16 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Fri, 29 Oct 2021 12:07:55 -0500 Subject: [PATCH 096/160] Issue: Audit Plugin Config Table Updates This commit fixes an issue we had with the audit plugin assuming that any time the config table is being updated, it is by a signed in Agent. --- audit/class.audit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audit/class.audit.php b/audit/class.audit.php index 1e5359f5..69ea1ac8 100644 --- a/audit/class.audit.php +++ b/audit/class.audit.php @@ -746,7 +746,7 @@ static function auditObjectEvent($object, $info=array()) { if (is_object($object) && (get_class($object) == $data[0])) { switch ($abbrev) { case 'X': - $data = array('person' => $thisstaff->getName()->name, 'key' => $info['key']); + $data = array('person' => $thisstaff ? $thisstaff->getName()->name : __('SYSTEM'), 'key' => $info['key']); $info['data'] = json_encode($data); break; default: From 8c5357a3b6bb14f65e6211d7cb673accf701b50e Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Tue, 26 Oct 2021 09:23:30 -0500 Subject: [PATCH 097/160] Issue: 2FA URL Spaces This commit adds an option for an Admin to add a custom Issuer name in the Config for the 2FA plugin. The issueer is the title shown i n an Authenticator app after the QR code is scanned. If no configuration is set up, we use 'osTicket' as the issuer name.. It also fixes an issue where some authenticators cannot handle spaces or special characters in the URL. It strips out spaces and special characters when generating the URL for the QR code. --- auth-2fa/auth2fa.php | 4 ++++ auth-2fa/class.auth2fa.php | 6 +++--- auth-2fa/config.php | 19 +++++++++++++++++++ 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/auth-2fa/auth2fa.php b/auth-2fa/auth2fa.php index 115a7309..7a160cc3 100644 --- a/auth-2fa/auth2fa.php +++ b/auth-2fa/auth2fa.php @@ -8,6 +8,10 @@ class Auth2FAPlugin extends Plugin { var $config_class = "Auth2FAConfig"; function bootstrap() { + $config = $this->getConfig(); + if ($config->get('custom_issuer')) + Auth2FABackend::$custom_issuer = $config->get('custom_issuer'); + TwoFactorAuthenticationBackend::register('Auth2FABackend'); } diff --git a/auth-2fa/class.auth2fa.php b/auth-2fa/class.auth2fa.php index 5c5a59e3..ea5b20ce 100644 --- a/auth-2fa/class.auth2fa.php +++ b/auth-2fa/class.auth2fa.php @@ -6,6 +6,7 @@ class Auth2FABackend extends TwoFactorAuthenticationBackend { static $name = "Authenticator"; static $desc = /* @trans */ 'Verification codes are located in the Authenticator app of your choice on your phone'; + static $custom_issuer; var $secretKey; @@ -142,12 +143,11 @@ function getSecretKey($staff=false) { } function getQRCode($staff=false) { - global $cfg; - $staffEmail = $staff->getEmail(); $secretKey = self::getSecretKey($staff); + $title = preg_replace('/[^A-Za-z0-9]/', '', self::$custom_issuer ?: __('osTicket')); - return \Sonata\GoogleAuthenticator\GoogleQrUrl::generate($staffEmail, $secretKey, $cfg->getTitle()); + return \Sonata\GoogleAuthenticator\GoogleQrUrl::generate($staffEmail, $secretKey, $title); } function validateQRCode($staff=false) { diff --git a/auth-2fa/config.php b/auth-2fa/config.php index 362549e5..c1522550 100644 --- a/auth-2fa/config.php +++ b/auth-2fa/config.php @@ -1,6 +1,7 @@ new TextboxField(array( + 'label' => __('Issuer'), + 'required' => false, + 'configuration' => array('size'=>40), + 'hint' => __('Customize the Issuer shown in your Authenticator app after scanning a QR Code.'), + )), + ); + } + + function pre_save(&$config, &$errors) { + global $msg; + if (!$errors) + $msg = __('Configuration updated successfully'); + return true; + } } From 1559d11d911986763a1117b4876a110cd8ff6c31 Mon Sep 17 00:00:00 2001 From: JediKev Date: Tue, 2 Nov 2021 19:10:52 +0000 Subject: [PATCH 098/160] storage-fs: mkdir Octal Numbers This addresses issue 215 where the permissions for `mkdir()` need to be octal numbers. This updates the permissions from `751` to `0751`. --- storage-fs/storage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage-fs/storage.php b/storage-fs/storage.php index 95f3025e..34115145 100644 --- a/storage-fs/storage.php +++ b/storage-fs/storage.php @@ -69,7 +69,7 @@ function getPath($hash) { // Auto-create the subfolders $base .= '/'.$prefix; if (!is_dir($base)) - mkdir($base, 751); + mkdir($base, 0751); return $base.'/'.$hash; } From 003f25ecc5481d3731719d2a8d2c44a25d79ae52 Mon Sep 17 00:00:00 2001 From: JediKev Date: Fri, 21 Jan 2022 15:26:17 +0000 Subject: [PATCH 099/160] issue: Calling Non-Static Statically This addresses the `Non-static method XXX cannot be called statically` errors. --- audit/class.audit.php | 20 ++++++++++---------- storage-fs/storage.php | 4 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/audit/class.audit.php b/audit/class.audit.php index 69ea1ac8..3b0c2216 100644 --- a/audit/class.audit.php +++ b/audit/class.audit.php @@ -53,7 +53,7 @@ static function bootstrap() { Signal::connect('person.logout', array('AuditEntry', 'auditSpecialEvent')); } - function getObjectName($class) { + static function getObjectName($class) { switch ($class) { case 'Dept': return __('Department'); @@ -386,7 +386,7 @@ function __toString() { } //allows you to specify which part of the $types array you want returned - function getTypeExtra($objectType, $infoType) { + static function getTypeExtra($objectType, $infoType) { foreach (self::getTypes() as $key => $info) { if ($objectType == $key) { switch ($infoType) { @@ -405,7 +405,7 @@ function getTypeExtra($objectType, $infoType) { return $extra; } - function getPageNav($qwhere) { + static function getPageNav($qwhere) { $qselect = 'SELECT audit.* '; $qfrom=' FROM '.AUDIT_TABLE.' audit '; $total=db_count("SELECT count(*) $qfrom $qwhere"); @@ -416,7 +416,7 @@ function getPageNav($qwhere) { return $pageNav; } - function getQwhere($objectId, $hide_views=false, $type='') { + static function getQwhere($objectId, $hide_views=false, $type='') { $class = is_object($objectId) ? get_class($objectId) : $objectId; switch ($class) { case 'User': @@ -462,7 +462,7 @@ function getQwhere($objectId, $hide_views=false, $type='') { return $qwhere; } - function getOrder($order) { + static function getOrder($order) { if($_REQUEST['order'] && $orderWays[strtoupper($_REQUEST['order'])]) { $order=$orderWays[strtoupper($_REQUEST['order'])]; } @@ -471,7 +471,7 @@ function getOrder($order) { return $order; } - function getQuery($qs, $objectId, $pageNav, $export, $type='') { + static function getQuery($qs, $objectId, $pageNav, $export, $type='') { $qselect = 'SELECT audit.* '; $qfrom=' FROM '.AUDIT_TABLE.' audit '; $qwhere =self::getQwhere($objectId, false, $type); @@ -500,7 +500,7 @@ function getQuery($qs, $objectId, $pageNav, $export, $type='') { return $query; } - function getTableInfo($objectId, $export=false, $type='') { + static function getTableInfo($objectId, $export=false, $type='') { $qs = array(); if($_REQUEST['type']) { $qs += array('type' => $_REQUEST['type']); @@ -540,7 +540,7 @@ static function getConfigurations() { return self::$configurations; } - function getDescription($event, $export=false, $userType='') { + static function getDescription($event, $export=false, $userType='') { $event = is_object($event) ? $event->ht : $event; $data = json_decode($event['data'], true); $name = ''; @@ -660,7 +660,7 @@ function getDescription($event, $export=false, $userType='') { return $export ? strip_tags($message) : $message; } - function getDataById($id, $type) { + static function getDataById($id, $type) { $row = self::objects() ->filter(array('object_type'=>$type, 'object_id'=>$id)) ->values_flat('object_type', 'object_id', 'data') @@ -669,7 +669,7 @@ function getDataById($id, $type) { return $row ? $row : 0; } - function getObjectLink($event) { + static function getObjectLink($event) { $types = self::getTypes(); $urlPrefix = self::getTypeExtra($event['object_type'], 'URL'); $data = json_decode($event['data'], true); diff --git a/storage-fs/storage.php b/storage-fs/storage.php index 34115145..10a95fbb 100644 --- a/storage-fs/storage.php +++ b/storage-fs/storage.php @@ -79,7 +79,7 @@ class FsStoragePluginConfig extends PluginConfig { // Provide compatibility function for versions of osTicket prior to // translation support (v1.9.4) - function translate() { + static function translate() { if (!method_exists('Plugin', 'translate')) { return array( function($x) { return $x; }, @@ -104,7 +104,7 @@ function getOptions() { ); } - function pre_save($config, &$errors) { + function pre_save(&$config, &$errors) { list($__, $_N) = self::translate(); $path = $config['uploadpath']; if ($path[0] != '/' && $path[1] != ':') From 7a61fd196599b7abfeb9dc86c3e30b2a9ed20f93 Mon Sep 17 00:00:00 2001 From: JediKev Date: Fri, 21 Jan 2022 15:33:43 +0000 Subject: [PATCH 100/160] issue: Static to Non-Static This updates the static calls that need to be non-static. --- auth-2fa/auth2fa.php | 4 ++-- auth-2fa/class.auth2fa.php | 15 ++++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/auth-2fa/auth2fa.php b/auth-2fa/auth2fa.php index 7a160cc3..427360a1 100644 --- a/auth-2fa/auth2fa.php +++ b/auth-2fa/auth2fa.php @@ -28,11 +28,11 @@ function uninstall() { } function disable() { - $default2fas = ConfigItem::getConfigsByNamespace(false, 'default_2fa', static::$id); + $default2fas = ConfigItem::getConfigsByNamespace(false, 'default_2fa', Auth2FABackend::$id); foreach($default2fas as $default2fa) $default2fa->delete(); - $tokens = ConfigItem::getConfigsByNamespace(false, static::$id); + $tokens = ConfigItem::getConfigsByNamespace(false, Auth2FABackend::$id); foreach($tokens as $token) $token->delete(); diff --git a/auth-2fa/class.auth2fa.php b/auth-2fa/class.auth2fa.php index ea5b20ce..713956eb 100644 --- a/auth-2fa/class.auth2fa.php +++ b/auth-2fa/class.auth2fa.php @@ -68,7 +68,7 @@ function validate($form, $user) { // upstream validation might throw an exception due to expired token // or too many attempts (timeout). It's the responsibility of the // caller to catch and handle such exceptions. - $secretKey = self::getSecretKey(); + $secretKey = $this->getSecretKey(); if (!$this->_validate($secretKey)) return false; @@ -90,7 +90,7 @@ function send($user) { // Generate Secret Key if (!$this->secretKey) - $this->secretKey = self::getSecretKey($user); + $this->secretKey = $this->getSecretKey($user); $this->store($this->secretKey); @@ -116,7 +116,7 @@ function store($secretKey) { function validateLoginCode($code) { $auth2FA = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); - $secretKey = self::getSecretKey(); + $secretKey = $this->getSecretKey(); return $auth2FA->checkCode($secretKey, $code); } @@ -144,7 +144,7 @@ function getSecretKey($staff=false) { function getQRCode($staff=false) { $staffEmail = $staff->getEmail(); - $secretKey = self::getSecretKey($staff); + $secretKey = $this->getSecretKey($staff); $title = preg_replace('/[^A-Za-z0-9]/', '', self::$custom_issuer ?: __('osTicket')); return \Sonata\GoogleAuthenticator\GoogleQrUrl::generate($staffEmail, $secretKey, $title); @@ -152,15 +152,16 @@ function getQRCode($staff=false) { function validateQRCode($staff=false) { $auth2FA = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); - $secretKey = self::getSecretKey($staff); + $secretKey = $this->getSecretKey($staff); $code = self::getCode(); return $auth2FA->checkCode($secretKey, $code); } - function getCode() { + static function getCode() { $auth2FA = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); - $secretKey = self::getSecretKey(); + $self = new Auth2FABackend(); + $secretKey = $self->getSecretKey(); return $auth2FA->getCode($secretKey); } From f3038d9b5f3f3bee8653c0956adf935d6d6079b3 Mon Sep 17 00:00:00 2001 From: JediKev Date: Tue, 25 Jan 2022 19:59:10 +0000 Subject: [PATCH 101/160] issue: Compatible Errors This addresses the `Declaration of Methods should be Compatible with Parent Methods` errors. --- auth-2fa/auth2fa.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-2fa/auth2fa.php b/auth-2fa/auth2fa.php index 427360a1..3d98d4cb 100644 --- a/auth-2fa/auth2fa.php +++ b/auth-2fa/auth2fa.php @@ -19,7 +19,7 @@ function enable() { return parent::enable(); } - function uninstall() { + function uninstall(&$errors) { $errors = array(); self::disable(); From 3eed93ef35ff910e414e7c44f1401f9a3e615228 Mon Sep 17 00:00:00 2001 From: JediKev Date: Tue, 25 Jan 2022 21:08:30 +0000 Subject: [PATCH 102/160] issue: Remove Pear Dependency This removes the Pear Dependency for composer and includes it in lib until we completely rewrite the plugin. --- .gitignore | 3 +- auth-ldap/plugin.php | 9 +- lib/pear-pear.php.net/net_ldap2/Net/LDAP2.php | 1802 +++++++++++++++++ .../net_ldap2/Net/LDAP2/Entry.php | 1096 ++++++++++ .../net_ldap2/Net/LDAP2/Filter.php | 675 ++++++ .../net_ldap2/Net/LDAP2/LDIF.php | 925 +++++++++ .../net_ldap2/Net/LDAP2/RootDSE.php | 240 +++ .../net_ldap2/Net/LDAP2/Schema.php | 622 ++++++ .../Net/LDAP2/SchemaCache.interface.php | 59 + .../net_ldap2/Net/LDAP2/Search.php | 631 ++++++ .../Net/LDAP2/SimpleFileSchemaCache.php | 97 + .../net_ldap2/Net/LDAP2/Util.php | 620 ++++++ make.php | 6 - 13 files changed, 6771 insertions(+), 14 deletions(-) create mode 100644 lib/pear-pear.php.net/net_ldap2/Net/LDAP2.php create mode 100644 lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php create mode 100644 lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Filter.php create mode 100644 lib/pear-pear.php.net/net_ldap2/Net/LDAP2/LDIF.php create mode 100644 lib/pear-pear.php.net/net_ldap2/Net/LDAP2/RootDSE.php create mode 100644 lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Schema.php create mode 100644 lib/pear-pear.php.net/net_ldap2/Net/LDAP2/SchemaCache.interface.php create mode 100644 lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Search.php create mode 100644 lib/pear-pear.php.net/net_ldap2/Net/LDAP2/SimpleFileSchemaCache.php create mode 100644 lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Util.php diff --git a/.gitignore b/.gitignore index 7d383bc6..b49dd722 100644 --- a/.gitignore +++ b/.gitignore @@ -13,7 +13,8 @@ stage *.phar # Ignore installed dependencies and composer if placed here -lib/ +lib/* +!/lib/pear-pear.php.net/ composer.phar composer.lock composer.json diff --git a/auth-ldap/plugin.php b/auth-ldap/plugin.php index 5f574fb3..2757c198 100644 --- a/auth-ldap/plugin.php +++ b/auth-ldap/plugin.php @@ -10,13 +10,8 @@ servers', 'url' => 'http://www.osticket.com/plugins/auth/ldap', 'plugin' => 'authentication.php:LdapAuthPlugin', - 'requires' => array( - "pear-pear.php.net/net_ldap2" => array( - "version" => "*", - "map" => array( - 'pear-pear.php.net/net_ldap2' => 'include', - ), - ), + 'map' => array( + 'pear-pear.php.net/net_ldap2' => 'include' ), ); diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2.php new file mode 100644 index 00000000..14966ef2 --- /dev/null +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2.php @@ -0,0 +1,1802 @@ + +* @author Jan Wagner +* @author Del +* @author Benedikt Hallinger +* @copyright 2003-2007 Tarjej Huse, Jan Wagner, Del Elson, Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id$ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Package includes. +*/ +require_once 'PEAR.php'; +require_once 'Net/LDAP2/RootDSE.php'; +require_once 'Net/LDAP2/Schema.php'; +require_once 'Net/LDAP2/Entry.php'; +require_once 'Net/LDAP2/Search.php'; +require_once 'Net/LDAP2/Util.php'; +require_once 'Net/LDAP2/Filter.php'; +require_once 'Net/LDAP2/LDIF.php'; +require_once 'Net/LDAP2/SchemaCache.interface.php'; +require_once 'Net/LDAP2/SimpleFileSchemaCache.php'; + +/** +* Error constants for errors that are not LDAP errors. +*/ +define('NET_LDAP2_ERROR', 1000); + +/** +* Net_LDAP2 Version +*/ +define('NET_LDAP2_VERSION', '2.1.0'); + +/** +* Net_LDAP2 - manipulate LDAP servers the right way! +* +* @category Net +* @package Net_LDAP2 +* @author Tarjej Huse +* @author Jan Wagner +* @author Del +* @author Benedikt Hallinger +* @copyright 2003-2007 Tarjej Huse, Jan Wagner, Del Elson, Benedikt Hallinger +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP2/ +*/ +class Net_LDAP2 extends PEAR +{ + /** + * Class configuration array + * + * host = the ldap host to connect to + * (may be an array of several hosts to try) + * port = the server port + * version = ldap version (defaults to v 3) + * starttls = when set, ldap_start_tls() is run after connecting. + * bindpw = no explanation needed + * binddn = the DN to bind as. + * basedn = ldap base + * options = hash of ldap options to set (opt => val) + * filter = default search filter + * scope = default search scope + * + * Newly added in 2.0.0RC4, for auto-reconnect: + * auto_reconnect = if set to true then the class will automatically + * attempt to reconnect to the LDAP server in certain + * failure conditionswhen attempting a search, or other + * LDAP operation. Defaults to false. Note that if you + * set this to true, calls to search() may block + * indefinitely if there is a catastrophic server failure. + * min_backoff = minimum reconnection delay period (in seconds). + * current_backoff = initial reconnection delay period (in seconds). + * max_backoff = maximum reconnection delay period (in seconds). + * + * @access protected + * @var array + */ + protected $_config = array('host' => 'localhost', + 'port' => 389, + 'version' => 3, + 'starttls' => false, + 'binddn' => '', + 'bindpw' => '', + 'basedn' => '', + 'options' => array(), + 'filter' => '(objectClass=*)', + 'scope' => 'sub', + 'auto_reconnect' => false, + 'min_backoff' => 1, + 'current_backoff' => 1, + 'max_backoff' => 32); + + /** + * List of hosts we try to establish a connection to + * + * @access protected + * @var array + */ + protected $_host_list = array(); + + /** + * List of hosts that are known to be down. + * + * @access protected + * @var array + */ + protected $_down_host_list = array(); + + /** + * LDAP resource link. + * + * @access protected + * @var resource + */ + protected $_link = false; + + /** + * Net_LDAP2_Schema object + * + * This gets set and returned by {@link schema()} + * + * @access protected + * @var object Net_LDAP2_Schema + */ + protected $_schema = null; + + /** + * Schema cacher function callback + * + * @see registerSchemaCache() + * @var string + */ + protected $_schema_cache = null; + + /** + * Cache for attribute encoding checks + * + * @access protected + * @var array Hash with attribute names as key and boolean value + * to determine whether they should be utf8 encoded or not. + */ + protected $_schemaAttrs = array(); + + /** + * Cache for rootDSE objects + * + * Hash with requested rootDSE attr names as key and rootDSE object as value + * + * Since the RootDSE object itself may request a rootDSE object, + * {@link rootDse()} caches successful requests. + * Internally, Net_LDAP2 needs several lookups to this object, so + * caching increases performance significally. + * + * @access protected + * @var array + */ + protected $_rootDSE_cache = array(); + + /** + * Returns the Net_LDAP2 Release version, may be called statically + * + * @static + * @return string Net_LDAP2 version + */ + public static function getVersion() + { + return NET_LDAP2_VERSION; + } + + /** + * Configure Net_LDAP2, connect and bind + * + * Use this method as starting point of using Net_LDAP2 + * to establish a connection to your LDAP server. + * + * Static function that returns either an error object or the new Net_LDAP2 + * object. Something like a factory. Takes a config array with the needed + * parameters. + * + * @param array $config Configuration array + * + * @access public + * @return Net_LDAP2_Error|Net_LDAP2 Net_LDAP2_Error or Net_LDAP2 object + */ + public static function connect($config = array()) + { + $ldap_check = self::checkLDAPExtension(); + if (self::iserror($ldap_check)) { + return $ldap_check; + } + + @$obj = new Net_LDAP2($config); + + // todo? better errorhandling for setConfig()? + + // connect and bind with credentials in config + $err = $obj->bind(); + if (self::isError($err)) { + return $err; + } + + return $obj; + } + + /** + * Net_LDAP2 constructor + * + * Sets the config array + * + * Please note that the usual way of getting Net_LDAP2 to work is + * to call something like: + * $ldap = Net_LDAP2::connect($ldap_config); + * + * @param array $config Configuration array + * + * @access protected + * @return void + * @see $_config + */ + public function __construct($config = array()) + { + parent::__construct('Net_LDAP2_Error'); + $this->setConfig($config); + } + + /** + * Sets the internal configuration array + * + * @param array $config Configuration array + * + * @access protected + * @return void + */ + protected function setConfig($config) + { + // + // Parameter check -- probably should raise an error here if config + // is not an array. + // + if (! is_array($config)) { + return; + } + + foreach ($config as $k => $v) { + if (isset($this->_config[$k])) { + $this->_config[$k] = $v; + } else { + // map old (Net_LDAP2) parms to new ones + switch($k) { + case "dn": + $this->_config["binddn"] = $v; + break; + case "password": + $this->_config["bindpw"] = $v; + break; + case "tls": + $this->_config["starttls"] = $v; + break; + case "base": + $this->_config["basedn"] = $v; + break; + } + } + } + + // + // Ensure the host list is an array. + // + if (is_array($this->_config['host'])) { + $this->_host_list = $this->_config['host']; + } else { + if (strlen($this->_config['host']) > 0) { + $this->_host_list = array($this->_config['host']); + } else { + $this->_host_list = array(); + // ^ this will cause an error in performConnect(), + // so the user is notified about the failure + } + } + + // + // Reset the down host list, which seems like a sensible thing to do + // if the config is being reset for some reason. + // + $this->_down_host_list = array(); + } + + /** + * Bind or rebind to the ldap-server + * + * This function binds with the given dn and password to the server. In case + * no connection has been made yet, it will be started and startTLS issued + * if appropiate. + * + * The internal bind configuration is not being updated, so if you call + * bind() without parameters, you can rebind with the credentials + * provided at first connecting to the server. + * + * @param string $dn Distinguished name for binding + * @param string $password Password for binding + * + * @access public + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function bind($dn = null, $password = null) + { + // fetch current bind credentials + if (is_null($dn)) { + $dn = $this->_config["binddn"]; + } + if (is_null($password)) { + $password = $this->_config["bindpw"]; + } + + // Connect first, if we haven't so far. + // This will also bind us to the server. + if ($this->_link === false) { + // store old credentials so we can revert them later + // then overwrite config with new bind credentials + $olddn = $this->_config["binddn"]; + $oldpw = $this->_config["bindpw"]; + + // overwrite bind credentials in config + // so performConnect() knows about them + $this->_config["binddn"] = $dn; + $this->_config["bindpw"] = $password; + + // try to connect with provided credentials + $msg = $this->performConnect(); + + // reset to previous config + $this->_config["binddn"] = $olddn; + $this->_config["bindpw"] = $oldpw; + + // see if bind worked + if (self::isError($msg)) { + return $msg; + } + } else { + // do the requested bind as we are + // asked to bind manually + if (is_null($dn)) { + // anonymous bind + $msg = @ldap_bind($this->_link); + } else { + // privileged bind + $msg = @ldap_bind($this->_link, $dn, $password); + } + if (false === $msg) { + return PEAR::raiseError("Bind failed: " . + @ldap_error($this->_link), + @ldap_errno($this->_link)); + } + } + return true; + } + + /** + * Connect to the ldap-server + * + * This function connects to the LDAP server specified in + * the configuration, binds and set up the LDAP protocol as needed. + * + * @access protected + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + protected function performConnect() + { + // Note: Connecting is briefly described in RFC1777. + // Basicly it works like this: + // 1. set up TCP connection + // 2. secure that connection if neccessary + // 3a. setLDAPVersion to tell server which version we want to speak + // 3b. perform bind + // 3c. setLDAPVersion to tell server which version we want to speak + // together with a test for supported versions + // 4. set additional protocol options + + // Return true if we are already connected. + if ($this->_link !== false) { + return true; + } + + // Connnect to the LDAP server if we are not connected. Note that + // with some LDAP clients, ldapperformConnect returns a link value even + // if no connection is made. We need to do at least one anonymous + // bind to ensure that a connection is actually valid. + // + // Ref: http://www.php.net/manual/en/function.ldap-connect.php + + // Default error message in case all connection attempts + // fail but no message is set + $current_error = new PEAR_Error('Unknown connection error'); + + // Catch empty $_host_list arrays. + if (!is_array($this->_host_list) || count($this->_host_list) == 0) { + $current_error = PEAR::raiseError('No Servers configured! Please '. + 'pass in an array of servers to Net_LDAP2'); + return $current_error; + } + + // Cycle through the host list. + foreach ($this->_host_list as $host) { + + // Ensure we have a valid string for host name + if (is_array($host)) { + $current_error = PEAR::raiseError('No Servers configured! '. + 'Please pass in an one dimensional array of servers to '. + 'Net_LDAP2! (multidimensional array detected!)'); + continue; + } + + // Skip this host if it is known to be down. + if (in_array($host, $this->_down_host_list)) { + continue; + } + + // Record the host that we are actually connecting to in case + // we need it later. + $this->_config['host'] = $host; + + // Attempt a connection. + $this->_link = @ldap_connect($host, $this->_config['port']); + if (false === $this->_link) { + $current_error = PEAR::raiseError('Could not connect to ' . + $host . ':' . $this->_config['port']); + $this->_down_host_list[] = $host; + continue; + } + + // If we're supposed to use TLS, do so before we try to bind, + // as some strict servers only allow binding via secure connections + if ($this->_config["starttls"] === true) { + if (self::isError($msg = $this->startTLS())) { + $current_error = $msg; + $this->_link = false; + $this->_down_host_list[] = $host; + continue; + } + } + + // Try to set the configured LDAP version on the connection if LDAP + // server needs that before binding (eg OpenLDAP). + // This could be necessary since rfc-1777 states that the protocol version + // has to be set at the bind request. + // We use force here which means that the test in the rootDSE is skipped; + // this is neccessary, because some strict LDAP servers only allow to + // read the LDAP rootDSE (which tells us the supported protocol versions) + // with authenticated clients. + // This may fail in which case we try again after binding. + // In this case, most probably the bind() or setLDAPVersion()-call + // below will also fail, providing error messages. + $version_set = false; + $ignored_err = $this->setLDAPVersion(0, true); + if (!self::isError($ignored_err)) { + $version_set = true; + } + + // Attempt to bind to the server. If we have credentials configured, + // we try to use them, otherwise its an anonymous bind. + // As stated by RFC-1777, the bind request should be the first + // operation to be performed after the connection is established. + // This may give an protocol error if the server does not support + // V2 binds and the above call to setLDAPVersion() failed. + // In case the above call failed, we try an V2 bind here and set the + // version afterwards (with checking to the rootDSE). + $msg = $this->bind(); + if (self::isError($msg)) { + // The bind failed, discard link and save error msg. + // Then record the host as down and try next one + if ($msg->getCode() == 0x02 && !$version_set) { + // provide a finer grained error message + // if protocol error arieses because of invalid version + $msg = new Net_LDAP2_Error($msg->getMessage(). + " (could not set LDAP protocol version to ". + $this->_config['version'].")", + $msg->getCode()); + } + $this->_link = false; + $current_error = $msg; + $this->_down_host_list[] = $host; + continue; + } + + // Set desired LDAP version if not successfully set before. + // Here, a check against the rootDSE is performed, so we get a + // error message if the server does not support the version. + // The rootDSE entry should tell us which LDAP versions are + // supported. However, some strict LDAP servers only allow + // bound suers to read the rootDSE. + if (!$version_set) { + if (self::isError($msg = $this->setLDAPVersion())) { + $current_error = $msg; + $this->_link = false; + $this->_down_host_list[] = $host; + continue; + } + } + + // Set LDAP parameters, now we know we have a valid connection. + if (isset($this->_config['options']) && + is_array($this->_config['options']) && + count($this->_config['options'])) { + foreach ($this->_config['options'] as $opt => $val) { + $err = $this->setOption($opt, $val); + if (self::isError($err)) { + $current_error = $err; + $this->_link = false; + $this->_down_host_list[] = $host; + continue 2; + } + } + } + + // At this stage we have connected, bound, and set up options, + // so we have a known good LDAP server. Time to go home. + return true; + } + + + // All connection attempts have failed, return the last error. + return $current_error; + } + + /** + * Reconnect to the ldap-server. + * + * In case the connection to the LDAP + * service has dropped out for some reason, this function will reconnect, + * and re-bind if a bind has been attempted in the past. It is probably + * most useful when the server list provided to the new() or connect() + * function is an array rather than a single host name, because in that + * case it will be able to connect to a failover or secondary server in + * case the primary server goes down. + * + * This doesn't return anything, it just tries to re-establish + * the current connection. It will sleep for the current backoff + * period (seconds) before attempting the connect, and if the + * connection fails it will double the backoff period, but not + * try again. If you want to ensure a reconnection during a + * transient period of server downtime then you need to call this + * function in a loop. + * + * @access protected + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + protected function performReconnect() + { + + // Return true if we are already connected. + if ($this->_link !== false) { + return true; + } + + // Default error message in case all connection attempts + // fail but no message is set + $current_error = new PEAR_Error('Unknown connection error'); + + // Sleep for a backoff period in seconds. + sleep($this->_config['current_backoff']); + + // Retry all available connections. + $this->_down_host_list = array(); + $msg = $this->performConnect(); + + // Bail out if that fails. + if (self::isError($msg)) { + $this->_config['current_backoff'] = + $this->_config['current_backoff'] * 2; + if ($this->_config['current_backoff'] > $this->_config['max_backoff']) { + $this->_config['current_backoff'] = $this->_config['max_backoff']; + } + return $msg; + } + + // Now we should be able to safely (re-)bind. + $msg = $this->bind(); + if (self::isError($msg)) { + $this->_config['current_backoff'] = $this->_config['current_backoff'] * 2; + if ($this->_config['current_backoff'] > $this->_config['max_backoff']) { + $this->_config['current_backoff'] = $this->_config['max_backoff']; + } + + // _config['host'] should have had the last connected host stored in it + // by performConnect(). Since we are unable to bind to that host we can safely + // assume that it is down or has some other problem. + $this->_down_host_list[] = $this->_config['host']; + return $msg; + } + + // At this stage we have connected, bound, and set up options, + // so we have a known good LDAP server. Time to go home. + $this->_config['current_backoff'] = $this->_config['min_backoff']; + return true; + } + + /** + * Starts an encrypted session + * + * @access public + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function startTLS() + { + /* Test to see if the server supports TLS first. + This is done via testing the extensions offered by the server. + The OID 1.3.6.1.4.1.1466.20037 tells us, if TLS is supported. + Note, that not all servers allow to feth either the rootDSE or + attributes over an unencrypted channel, so we must ignore errors. */ + $rootDSE = $this->rootDse(); + if (self::isError($rootDSE)) { + /* IGNORE this error, because server may refuse fetching the + RootDSE over an unencrypted connection. */ + //return $this->raiseError("Unable to fetch rootDSE entry ". + //"to see if TLS is supoported: ".$rootDSE->getMessage(), $rootDSE->getCode()); + } else { + /* Fetch suceeded, see, if the server supports TLS. Again, we + ignore errors, because the server may refuse to return + attributes over unencryted connections. */ + $supported_extensions = $rootDSE->getValue('supportedExtension'); + if (self::isError($supported_extensions)) { + /* IGNORE error, because server may refuse attribute + returning over an unencrypted connection. */ + //return $this->raiseError("Unable to fetch rootDSE attribute 'supportedExtension' ". + //"to see if TLS is supoported: ".$supported_extensions->getMessage(), $supported_extensions->getCode()); + } else { + // fetch succeedet, lets see if the server supports it. + // if not, then drop an error. If supported, then do nothing, + // because then we try to issue TLS afterwards. + if (!in_array('1.3.6.1.4.1.1466.20037', $supported_extensions)) { + return $this->raiseError("Server reports that it does not support TLS."); + } + } + } + + // Try to establish TLS. + if (false === @ldap_start_tls($this->_link)) { + // Starting TLS failed. This may be an error, or because + // the server does not support it but did not enable us to + // detect that above. + return $this->raiseError("TLS could not be started: " . + @ldap_error($this->_link), + @ldap_errno($this->_link)); + } else { + return true; // TLS is started now. + } + } + + /** + * alias function of startTLS() for perl-ldap interface + * + * @return void + * @see startTLS() + */ + public function start_tls() + { + $args = func_get_args(); + return call_user_func_array(array( $this, 'startTLS' ), $args); + } + + /** + * Close LDAP connection. + * + * Closes the connection. Use this when the session is over. + * + * @return void + */ + public function done() + { + $this->_Net_LDAP2(); + } + + /** + * Alias for {@link done()} + * + * @return void + * @see done() + */ + public function disconnect() + { + $this->done(); + } + + /** + * Destructor + * + * @access protected + */ + public function _Net_LDAP2() + { + @ldap_close($this->_link); + } + + /** + * Add a new entryobject to a directory. + * + * Use add to add a new Net_LDAP2_Entry object to the directory. + * This also links the entry to the connection used for the add, + * if it was a fresh entry ({@link Net_LDAP2_Entry::createFresh()}) + * + * @param Net_LDAP2_Entry $entry Net_LDAP2_Entry + * + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function add($entry) + { + if (!$entry instanceof Net_LDAP2_Entry) { + return PEAR::raiseError('Parameter to Net_LDAP2::add() must be a Net_LDAP2_Entry object.'); + } + + // Continue attempting the add operation in a loop until we + // get a success, a definitive failure, or the world ends. + $foo = 0; + while (true) { + $link = $this->getLink(); + + if ($link === false) { + // We do not have a successful connection yet. The call to + // getLink() would have kept trying if we wanted one. Go + // home now. + return PEAR::raiseError("Could not add entry " . $entry->dn() . + " no valid LDAP connection could be found."); + } + + if (@ldap_add($link, $entry->dn(), $entry->getValues())) { + // entry successfully added, we should update its $ldap reference + // in case it is not set so far (fresh entry) + if (!$entry->getLDAP() instanceof Net_LDAP2) { + $entry->setLDAP($this); + } + // store, that the entry is present inside the directory + $entry->markAsNew(false); + return true; + } else { + // We have a failure. What type? We may be able to reconnect + // and try again. + $error_code = @ldap_errno($link); + $error_name = Net_LDAP2::errorMessage($error_code); + + if (($error_name === 'LDAP_OPERATIONS_ERROR') && + ($this->_config['auto_reconnect'])) { + + // The server has become disconnected before trying the + // operation. We should try again, possibly with a different + // server. + $this->_link = false; + $this->performReconnect(); + } else { + // Errors other than the above catched are just passed + // back to the user so he may react upon them. + return PEAR::raiseError("Could not add entry " . $entry->dn() . " " . + $error_name, + $error_code); + } + } + } + } + + /** + * Delete an entry from the directory + * + * The object may either be a string representing the dn or a Net_LDAP2_Entry + * object. When the boolean paramter recursive is set, all subentries of the + * entry will be deleted as well. + * + * @param string|Net_LDAP2_Entry $dn DN-string or Net_LDAP2_Entry + * @param boolean $recursive Should we delete all children recursive as well? + * + * @access public + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function delete($dn, $recursive = false) + { + if ($dn instanceof Net_LDAP2_Entry) { + $dn = $dn->dn(); + } + if (false === is_string($dn)) { + return PEAR::raiseError("Parameter is not a string nor an entry object!"); + } + // Recursive delete searches for children and calls delete for them + if ($recursive) { + $result = @ldap_list($this->_link, $dn, '(objectClass=*)', array(null), 0, 0); + if (@ldap_count_entries($this->_link, $result)) { + $subentry = @ldap_first_entry($this->_link, $result); + $this->delete(@ldap_get_dn($this->_link, $subentry), true); + while ($subentry = @ldap_next_entry($this->_link, $subentry)) { + $this->delete(@ldap_get_dn($this->_link, $subentry), true); + } + } + } + + // Continue attempting the delete operation in a loop until we + // get a success, a definitive failure, or the world ends. + while (true) { + $link = $this->getLink(); + + if ($link === false) { + // We do not have a successful connection yet. The call to + // getLink() would have kept trying if we wanted one. Go + // home now. + return PEAR::raiseError("Could not add entry " . $dn . + " no valid LDAP connection could be found."); + } + + if (@ldap_delete($link, $dn)) { + // entry successfully deleted. + return true; + } else { + // We have a failure. What type? + // We may be able to reconnect and try again. + $error_code = @ldap_errno($link); + $error_name = Net_LDAP2::errorMessage($error_code); + + if ((Net_LDAP2::errorMessage($error_code) === 'LDAP_OPERATIONS_ERROR') && + ($this->_config['auto_reconnect'])) { + // The server has become disconnected before trying the + // operation. We should try again, possibly with a + // different server. + $this->_link = false; + $this->performReconnect(); + + } elseif ($error_code == 66) { + // Subentries present, server refused to delete. + // Deleting subentries is the clients responsibility, but + // since the user may not know of the subentries, we do not + // force that here but instead notify the developer so he + // may take actions himself. + return PEAR::raiseError("Could not delete entry $dn because of subentries. Use the recursive parameter to delete them."); + + } else { + // Errors other than the above catched are just passed + // back to the user so he may react upon them. + return PEAR::raiseError("Could not delete entry " . $dn . " " . + $error_name, + $error_code); + } + } + } + } + + /** + * Modify an ldapentry directly on the server + * + * This one takes the DN or a Net_LDAP2_Entry object and an array of actions. + * This array should be something like this: + * + * array('add' => array('attribute1' => array('val1', 'val2'), + * 'attribute2' => array('val1')), + * 'delete' => array('attribute1'), + * 'replace' => array('attribute1' => array('val1')), + * 'changes' => array('add' => ..., + * 'replace' => ..., + * 'delete' => array('attribute1', 'attribute2' => array('val1'))) + * + * The changes array is there so the order of operations can be influenced + * (the operations are done in order of appearance). + * The order of execution is as following: + * 1. adds from 'add' array + * 2. deletes from 'delete' array + * 3. replaces from 'replace' array + * 4. changes (add, replace, delete) in order of appearance + * All subarrays (add, replace, delete, changes) may be given at the same time. + * + * The function calls the corresponding functions of an Net_LDAP2_Entry + * object. A detailed description of array structures can be found there. + * + * Unlike the modification methods provided by the Net_LDAP2_Entry object, + * this method will instantly carry out an update() after each operation, + * thus modifying "directly" on the server. + * + * @param string|Net_LDAP2_Entry $entry DN-string or Net_LDAP2_Entry + * @param array $parms Array of changes + * + * @access public + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function modify($entry, $parms = array()) + { + if (is_string($entry)) { + $entry = $this->getEntry($entry); + if (self::isError($entry)) { + return $entry; + } + } + if (!$entry instanceof Net_LDAP2_Entry) { + return PEAR::raiseError("Parameter is not a string nor an entry object!"); + } + + // Perform changes mentioned separately + foreach (array('add', 'delete', 'replace') as $action) { + if (isset($parms[$action])) { + $msg = $entry->$action($parms[$action]); + if (self::isError($msg)) { + return $msg; + } + $entry->setLDAP($this); + + // Because the @ldap functions are called inside Net_LDAP2_Entry::update(), + // we have to trap the error codes issued from that if we want to support + // reconnection. + while (true) { + $msg = $entry->update(); + + if (self::isError($msg)) { + // We have a failure. What type? We may be able to reconnect + // and try again. + $error_code = $msg->getCode(); + $error_name = Net_LDAP2::errorMessage($error_code); + + if ((Net_LDAP2::errorMessage($error_code) === 'LDAP_OPERATIONS_ERROR') && + ($this->_config['auto_reconnect'])) { + + // The server has become disconnected before trying the + // operation. We should try again, possibly with a different + // server. + $this->_link = false; + $this->performReconnect(); + + } else { + + // Errors other than the above catched are just passed + // back to the user so he may react upon them. + return PEAR::raiseError("Could not modify entry: ".$msg->getMessage()); + } + } else { + // modification succeedet, evaluate next change + break; + } + } + } + } + + // perform combined changes in 'changes' array + if (isset($parms['changes']) && is_array($parms['changes'])) { + foreach ($parms['changes'] as $action => $value) { + + // Because the @ldap functions are called inside Net_LDAP2_Entry::update, + // we have to trap the error codes issued from that if we want to support + // reconnection. + while (true) { + $msg = $this->modify($entry, array($action => $value)); + + if (self::isError($msg)) { + // We have a failure. What type? We may be able to reconnect + // and try again. + $error_code = $msg->getCode(); + $error_name = Net_LDAP2::errorMessage($error_code); + + if ((Net_LDAP2::errorMessage($error_code) === 'LDAP_OPERATIONS_ERROR') && + ($this->_config['auto_reconnect'])) { + + // The server has become disconnected before trying the + // operation. We should try again, possibly with a different + // server. + $this->_link = false; + $this->performReconnect(); + + } else { + // Errors other than the above catched are just passed + // back to the user so he may react upon them. + return $msg; + } + } else { + // modification succeedet, evaluate next change + break; + } + } + } + } + + return true; + } + + /** + * Run a ldap search query + * + * Search is used to query the ldap-database. + * $base and $filter may be ommitted. The one from config will + * then be used. $base is either a DN-string or an Net_LDAP2_Entry + * object in which case its DN willb e used. + * + * Params may contain: + * + * scope: The scope which will be used for searching + * base - Just one entry + * sub - The whole tree + * one - Immediately below $base + * sizelimit: Limit the number of entries returned (default: 0 = unlimited), + * timelimit: Limit the time spent for searching (default: 0 = unlimited), + * attrsonly: If true, the search will only return the attribute names, + * attributes: Array of attribute names, which the entry should contain. + * It is good practice to limit this to just the ones you need. + * [NOT IMPLEMENTED] + * deref: By default aliases are dereferenced to locate the base object for the search, but not when + * searching subordinates of the base object. This may be changed by specifying one of the + * following values: + * + * never - Do not dereference aliases in searching or in locating the base object of the search. + * search - Dereference aliases in subordinates of the base object in searching, but not in + * locating the base object of the search. + * find + * always + * + * Please note, that you cannot override server side limitations to sizelimit + * and timelimit: You can always only lower a given limit. + * + * @param string|Net_LDAP2_Entry $base LDAP searchbase + * @param string|Net_LDAP2_Filter $filter LDAP search filter or a Net_LDAP2_Filter object + * @param array $params Array of options + * + * @access public + * @return Net_LDAP2_Search|Net_LDAP2_Error Net_LDAP2_Search object or Net_LDAP2_Error object + * @todo implement search controls (sorting etc) + */ + public function search($base = null, $filter = null, $params = array()) + { + if (is_null($base)) { + $base = $this->_config['basedn']; + } + if ($base instanceof Net_LDAP2_Entry) { + $base = $base->dn(); // fetch DN of entry, making searchbase relative to the entry + } + if (is_null($filter)) { + $filter = $this->_config['filter']; + } + if ($filter instanceof Net_LDAP2_Filter) { + $filter = $filter->asString(); // convert Net_LDAP2_Filter to string representation + } + if (PEAR::isError($filter)) { + return $filter; + } + if (PEAR::isError($base)) { + return $base; + } + + /* setting searchparameters */ + (isset($params['sizelimit'])) ? $sizelimit = $params['sizelimit'] : $sizelimit = 0; + (isset($params['timelimit'])) ? $timelimit = $params['timelimit'] : $timelimit = 0; + (isset($params['attrsonly'])) ? $attrsonly = $params['attrsonly'] : $attrsonly = 0; + (isset($params['attributes'])) ? $attributes = $params['attributes'] : $attributes = array(); + + // Ensure $attributes to be an array in case only one + // attribute name was given as string + if (!is_array($attributes)) { + $attributes = array($attributes); + } + + // reorganize the $attributes array index keys + // sometimes there are problems with not consecutive indexes + $attributes = array_values($attributes); + + // scoping makes searches faster! + $scope = (isset($params['scope']) ? $params['scope'] : $this->_config['scope']); + + switch ($scope) { + case 'one': + $search_function = 'ldap_list'; + break; + case 'base': + $search_function = 'ldap_read'; + break; + default: + $search_function = 'ldap_search'; + } + + // Continue attempting the search operation until we get a success + // or a definitive failure. + while (true) { + $link = $this->getLink(); + $search = @call_user_func($search_function, + $link, + $base, + $filter, + $attributes, + $attrsonly, + $sizelimit, + $timelimit); + + if ($err = @ldap_errno($link)) { + if ($err == 32) { + // Errorcode 32 = no such object, i.e. a nullresult. + return $obj = new Net_LDAP2_Search ($search, $this, $attributes); + } elseif ($err == 4) { + // Errorcode 4 = sizelimit exeeded. + return $obj = new Net_LDAP2_Search ($search, $this, $attributes); + } elseif ($err == 87) { + // bad search filter + return $this->raiseError(Net_LDAP2::errorMessage($err) . "($filter)", $err); + } elseif (($err == 1) && ($this->_config['auto_reconnect'])) { + // Errorcode 1 = LDAP_OPERATIONS_ERROR but we can try a reconnect. + $this->_link = false; + $this->performReconnect(); + } else { + $msg = "\nParameters:\nBase: $base\nFilter: $filter\nScope: $scope"; + return $this->raiseError(Net_LDAP2::errorMessage($err) . $msg, $err); + } + } else { + return $obj = new Net_LDAP2_Search($search, $this, $attributes); + } + } + } + + /** + * Set an LDAP option + * + * @param string $option Option to set + * @param mixed $value Value to set Option to + * + * @access public + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + */ + public function setOption($option, $value) + { + if ($this->_link) { + if (defined($option)) { + if (@ldap_set_option($this->_link, constant($option), $value)) { + return true; + } else { + $err = @ldap_errno($this->_link); + if ($err) { + $msg = @ldap_err2str($err); + } else { + $err = NET_LDAP2_ERROR; + $msg = Net_LDAP2::errorMessage($err); + } + return $this->raiseError($msg, $err); + } + } else { + return $this->raiseError("Unkown Option requested"); + } + } else { + return $this->raiseError("Could not set LDAP option: No LDAP connection"); + } + } + + /** + * Get an LDAP option value + * + * @param string $option Option to get + * + * @access public + * @return Net_LDAP2_Error|string Net_LDAP2_Error or option value + */ + public function getOption($option) + { + if ($this->_link) { + if (defined($option)) { + if (@ldap_get_option($this->_link, constant($option), $value)) { + return $value; + } else { + $err = @ldap_errno($this->_link); + if ($err) { + $msg = @ldap_err2str($err); + } else { + $err = NET_LDAP2_ERROR; + $msg = Net_LDAP2::errorMessage($err); + } + return $this->raiseError($msg, $err); + } + } else { + $this->raiseError("Unkown Option requested"); + } + } else { + $this->raiseError("No LDAP connection"); + } + } + + /** + * Get the LDAP_PROTOCOL_VERSION that is used on the connection. + * + * A lot of ldap functionality is defined by what protocol version the ldap server speaks. + * This might be 2 or 3. + * + * @return int + */ + public function getLDAPVersion() + { + if ($this->_link) { + $version = $this->getOption("LDAP_OPT_PROTOCOL_VERSION"); + } else { + $version = $this->_config['version']; + } + return $version; + } + + /** + * Set the LDAP_PROTOCOL_VERSION that is used on the connection. + * + * @param int $version LDAP-version that should be used + * @param boolean $force If set to true, the check against the rootDSE will be skipped + * + * @return Net_LDAP2_Error|true Net_LDAP2_Error object or true + * @todo Checking via the rootDSE takes much time - why? fetching and instanciation is quick! + */ + public function setLDAPVersion($version = 0, $force = false) + { + if (!$version) { + $version = $this->_config['version']; + } + + // + // Check to see if the server supports this version first. + // + // Todo: Why is this so horribly slow? + // $this->rootDse() is very fast, as well as Net_LDAP2_RootDSE::fetch() + // seems like a problem at copiyng the object inside PHP?? + // Additionally, this is not always reproducable... + // + if (!$force) { + $rootDSE = $this->rootDse(); + if ($rootDSE instanceof Net_LDAP2_Error) { + return $rootDSE; + } else { + $supported_versions = $rootDSE->getValue('supportedLDAPVersion'); + if (is_string($supported_versions)) { + $supported_versions = array($supported_versions); + } + $check_ok = in_array($version, $supported_versions); + } + } + + if ($force || $check_ok) { + return $this->setOption("LDAP_OPT_PROTOCOL_VERSION", $version); + } else { + return $this->raiseError("LDAP Server does not support protocol version " . $version); + } + } + + + /** + * Tells if a DN does exist in the directory + * + * @param string|Net_LDAP2_Entry $dn The DN of the object to test + * + * @return boolean|Net_LDAP2_Error + */ + public function dnExists($dn) + { + if (PEAR::isError($dn)) { + return $dn; + } + if ($dn instanceof Net_LDAP2_Entry) { + $dn = $dn->dn(); + } + if (false === is_string($dn)) { + return PEAR::raiseError('Parameter $dn is not a string nor an entry object!'); + } + + // search LDAP for that DN by performing a baselevel search for any + // object. We can only find the DN in question this way, or nothing. + $s_opts = array( + 'scope' => 'base', + 'sizelimit' => 1, + 'attributes' => '1.1' // select no attrs + ); + $search = $this->search($dn, '(objectClass=*)', $s_opts); + + if (self::isError($search)) { + return $search; + } + + // retun wehter the DN exists; that is, we found an entry + return ($search->count() == 0)? false : true; + } + + + /** + * Get a specific entry based on the DN + * + * @param string $dn DN of the entry that should be fetched + * @param array $attr Array of Attributes to select. If ommitted, all attributes are fetched. + * + * @return Net_LDAP2_Entry|Net_LDAP2_Error Reference to a Net_LDAP2_Entry object or Net_LDAP2_Error object + * @todo Maybe check against the shema should be done to be sure the attribute type exists + */ + public function getEntry($dn, $attr = array()) + { + if (!is_array($attr)) { + $attr = array($attr); + } + $result = $this->search($dn, '(objectClass=*)', + array('scope' => 'base', 'attributes' => $attr)); + if (self::isError($result)) { + return $result; + } elseif ($result->count() == 0) { + return PEAR::raiseError('Could not fetch entry '.$dn.': no entry found'); + } + $entry = $result->shiftEntry(); + if (false == $entry) { + return PEAR::raiseError('Could not fetch entry (error retrieving entry from search result)'); + } + return $entry; + } + + /** + * Rename or move an entry + * + * This method will instantly carry out an update() after the move, + * so the entry is moved instantly. + * You can pass an optional Net_LDAP2 object. In this case, a cross directory + * move will be performed which deletes the entry in the source (THIS) directory + * and adds it in the directory $target_ldap. + * A cross directory move will switch the Entrys internal LDAP reference so + * updates to the entry will go to the new directory. + * + * Note that if you want to do a cross directory move, you need to + * pass an Net_LDAP2_Entry object, otherwise the attributes will be empty. + * + * @param string|Net_LDAP2_Entry $entry Entry DN or Entry object + * @param string $newdn New location + * @param Net_LDAP2 $target_ldap (optional) Target directory for cross server move; should be passed via reference + * + * @return Net_LDAP2_Error|true + */ + public function move($entry, $newdn, $target_ldap = null) + { + if (is_string($entry)) { + $entry_o = $this->getEntry($entry); + } else { + $entry_o = $entry; + } + if (!$entry_o instanceof Net_LDAP2_Entry) { + return PEAR::raiseError('Parameter $entry is expected to be a Net_LDAP2_Entry object! (If DN was passed, conversion failed)'); + } + if (null !== $target_ldap && !$target_ldap instanceof Net_LDAP2) { + return PEAR::raiseError('Parameter $target_ldap is expected to be a Net_LDAP2 object!'); + } + + if ($target_ldap && $target_ldap !== $this) { + // cross directory move + if (is_string($entry)) { + return PEAR::raiseError('Unable to perform cross directory move: operation requires a Net_LDAP2_Entry object'); + } + if ($target_ldap->dnExists($newdn)) { + return PEAR::raiseError('Unable to perform cross directory move: entry does exist in target directory'); + } + $entry_o->dn($newdn); + $res = $target_ldap->add($entry_o); + if (self::isError($res)) { + return PEAR::raiseError('Unable to perform cross directory move: '.$res->getMessage().' in target directory'); + } + $res = $this->delete($entry_o->currentDN()); + if (self::isError($res)) { + $res2 = $target_ldap->delete($entry_o); // undo add + if (self::isError($res2)) { + $add_error_string = 'Additionally, the deletion (undo add) of $entry in target directory failed.'; + } + return PEAR::raiseError('Unable to perform cross directory move: '.$res->getMessage().' in source directory. '.$add_error_string); + } + $entry_o->setLDAP($target_ldap); + return true; + } else { + // local move + $entry_o->dn($newdn); + $entry_o->setLDAP($this); + return $entry_o->update(); + } + } + + /** + * Copy an entry to a new location + * + * The entry will be immediately copied. + * Please note that only attributes you have + * selected will be copied. + * + * @param Net_LDAP2_Entry $entry Entry object + * @param string $newdn New FQF-DN of the entry + * + * @return Net_LDAP2_Error|Net_LDAP2_Entry Error Message or reference to the copied entry + */ + public function copy($entry, $newdn) + { + if (!$entry instanceof Net_LDAP2_Entry) { + return PEAR::raiseError('Parameter $entry is expected to be a Net_LDAP2_Entry object!'); + } + + $newentry = Net_LDAP2_Entry::createFresh($newdn, $entry->getValues()); + $result = $this->add($newentry); + + if ($result instanceof Net_LDAP2_Error) { + return $result; + } else { + return $newentry; + } + } + + + /** + * Returns the string for an ldap errorcode. + * + * Made to be able to make better errorhandling + * Function based on DB::errorMessage() + * Tip: The best description of the errorcodes is found here: + * http://www.directory-info.com/LDAP2/LDAPErrorCodes.html + * + * @param int $errorcode Error code + * + * @return string The errorstring for the error. + */ + public static function errorMessage($errorcode) + { + $errorMessages = array( + 0x00 => "LDAP_SUCCESS", + 0x01 => "LDAP_OPERATIONS_ERROR", + 0x02 => "LDAP_PROTOCOL_ERROR", + 0x03 => "LDAP_TIMELIMIT_EXCEEDED", + 0x04 => "LDAP_SIZELIMIT_EXCEEDED", + 0x05 => "LDAP_COMPARE_FALSE", + 0x06 => "LDAP_COMPARE_TRUE", + 0x07 => "LDAP_AUTH_METHOD_NOT_SUPPORTED", + 0x08 => "LDAP_STRONG_AUTH_REQUIRED", + 0x09 => "LDAP_PARTIAL_RESULTS", + 0x0a => "LDAP_REFERRAL", + 0x0b => "LDAP_ADMINLIMIT_EXCEEDED", + 0x0c => "LDAP_UNAVAILABLE_CRITICAL_EXTENSION", + 0x0d => "LDAP_CONFIDENTIALITY_REQUIRED", + 0x0e => "LDAP_SASL_BIND_INPROGRESS", + 0x10 => "LDAP_NO_SUCH_ATTRIBUTE", + 0x11 => "LDAP_UNDEFINED_TYPE", + 0x12 => "LDAP_INAPPROPRIATE_MATCHING", + 0x13 => "LDAP_CONSTRAINT_VIOLATION", + 0x14 => "LDAP_TYPE_OR_VALUE_EXISTS", + 0x15 => "LDAP_INVALID_SYNTAX", + 0x20 => "LDAP_NO_SUCH_OBJECT", + 0x21 => "LDAP_ALIAS_PROBLEM", + 0x22 => "LDAP_INVALID_DN_SYNTAX", + 0x23 => "LDAP_IS_LEAF", + 0x24 => "LDAP_ALIAS_DEREF_PROBLEM", + 0x30 => "LDAP_INAPPROPRIATE_AUTH", + 0x31 => "LDAP_INVALID_CREDENTIALS", + 0x32 => "LDAP_INSUFFICIENT_ACCESS", + 0x33 => "LDAP_BUSY", + 0x34 => "LDAP_UNAVAILABLE", + 0x35 => "LDAP_UNWILLING_TO_PERFORM", + 0x36 => "LDAP_LOOP_DETECT", + 0x3C => "LDAP_SORT_CONTROL_MISSING", + 0x3D => "LDAP_INDEX_RANGE_ERROR", + 0x40 => "LDAP_NAMING_VIOLATION", + 0x41 => "LDAP_OBJECT_CLASS_VIOLATION", + 0x42 => "LDAP_NOT_ALLOWED_ON_NONLEAF", + 0x43 => "LDAP_NOT_ALLOWED_ON_RDN", + 0x44 => "LDAP_ALREADY_EXISTS", + 0x45 => "LDAP_NO_OBJECT_CLASS_MODS", + 0x46 => "LDAP_RESULTS_TOO_LARGE", + 0x47 => "LDAP_AFFECTS_MULTIPLE_DSAS", + 0x50 => "LDAP_OTHER", + 0x51 => "LDAP_SERVER_DOWN", + 0x52 => "LDAP_LOCAL_ERROR", + 0x53 => "LDAP_ENCODING_ERROR", + 0x54 => "LDAP_DECODING_ERROR", + 0x55 => "LDAP_TIMEOUT", + 0x56 => "LDAP_AUTH_UNKNOWN", + 0x57 => "LDAP_FILTER_ERROR", + 0x58 => "LDAP_USER_CANCELLED", + 0x59 => "LDAP_PARAM_ERROR", + 0x5a => "LDAP_NO_MEMORY", + 0x5b => "LDAP_CONNECT_ERROR", + 0x5c => "LDAP_NOT_SUPPORTED", + 0x5d => "LDAP_CONTROL_NOT_FOUND", + 0x5e => "LDAP_NO_RESULTS_RETURNED", + 0x5f => "LDAP_MORE_RESULTS_TO_RETURN", + 0x60 => "LDAP_CLIENT_LOOP", + 0x61 => "LDAP_REFERRAL_LIMIT_EXCEEDED", + 1000 => "Unknown Net_LDAP2 Error" + ); + + return isset($errorMessages[$errorcode]) ? + $errorMessages[$errorcode] : + $errorMessages[NET_LDAP2_ERROR] . ' (' . $errorcode . ')'; + } + + /** + * Gets a rootDSE object + * + * This either fetches a fresh rootDSE object or returns it from + * the internal cache for performance reasons, if possible. + * + * @param array $attrs Array of attributes to search for + * + * @access public + * @return Net_LDAP2_Error|Net_LDAP2_RootDSE Net_LDAP2_Error or Net_LDAP2_RootDSE object + */ + public function rootDse($attrs = null) + { + if ($attrs !== null && !is_array($attrs)) { + return PEAR::raiseError('Parameter $attr is expected to be an array!'); + } + + $attrs_signature = serialize($attrs); + + // see if we need to fetch a fresh object, or if we already + // requested this object with the same attributes + if (true || !array_key_exists($attrs_signature, $this->_rootDSE_cache)) { + $rootdse = Net_LDAP2_RootDSE::fetch($this, $attrs); + if ($rootdse instanceof Net_LDAP2_Error) { + return $rootdse; + } + + // search was ok, store rootDSE in cache + $this->_rootDSE_cache[$attrs_signature] = $rootdse; + } + return $this->_rootDSE_cache[$attrs_signature]; + } + + /** + * Alias function of rootDse() for perl-ldap interface + * + * @access public + * @see rootDse() + * @return Net_LDAP2_Error|Net_LDAP2_RootDSE + */ + public function root_dse() + { + $args = func_get_args(); + return call_user_func_array(array($this, 'rootDse'), $args); + } + + /** + * Get a schema object + * + * @param string $dn (optional) Subschema entry dn + * + * @access public + * @return Net_LDAP2_Schema|Net_LDAP2_Error Net_LDAP2_Schema or Net_LDAP2_Error object + */ + public function schema($dn = null) + { + // Schema caching by Knut-Olav Hoven + // If a schema caching object is registered, we use that to fetch + // a schema object. + // See registerSchemaCache() for more info on this. + if ($this->_schema === null) { + if ($this->_schema_cache) { + $cached_schema = $this->_schema_cache->loadSchema(); + if ($cached_schema instanceof Net_LDAP2_Error) { + return $cached_schema; // route error to client + } else { + if ($cached_schema instanceof Net_LDAP2_Schema) { + $this->_schema = $cached_schema; + } + } + } + } + + // Fetch schema, if not tried before and no cached version available. + // If we are already fetching the schema, we will skip fetching. + if ($this->_schema === null) { + // store a temporary error message so subsequent calls to schema() can + // detect, that we are fetching the schema already. + // Otherwise we will get an infinite loop at Net_LDAP2_Schema::fetch() + $this->_schema = new Net_LDAP2_Error('Schema not initialized'); + $this->_schema = Net_LDAP2_Schema::fetch($this, $dn); + + // If schema caching is active, advise the cache to store the schema + if ($this->_schema_cache) { + $caching_result = $this->_schema_cache->storeSchema($this->_schema); + if ($caching_result instanceof Net_LDAP2_Error) { + return $caching_result; // route error to client + } + } + } + return $this->_schema; + } + + /** + * Enable/disable persistent schema caching + * + * Sometimes it might be useful to allow your scripts to cache + * the schema information on disk, so the schema is not fetched + * every time the script runs which could make your scripts run + * faster. + * + * This method allows you to register a custom object that + * implements your schema cache. Please see the SchemaCache interface + * (SchemaCache.interface.php) for informations on how to implement this. + * To unregister the cache, pass null as $cache parameter. + * + * For ease of use, Net_LDAP2 provides a simple file based cache + * which is used in the example below. You may use this, for example, + * to store the schema in a linux tmpfs which results in the schema + * beeing cached inside the RAM which allows nearly instant access. + * + * // Create the simple file cache object that comes along with Net_LDAP2 + * $mySchemaCache_cfg = array( + * 'path' => '/tmp/Net_LDAP2_Schema.cache', + * 'max_age' => 86400 // max age is 24 hours (in seconds) + * ); + * $mySchemaCache = new Net_LDAP2_SimpleFileSchemaCache($mySchemaCache_cfg); + * $ldap = new Net_LDAP2::connect(...); + * $ldap->registerSchemaCache($mySchemaCache); // enable caching + * // now each call to $ldap->schema() will get the schema from disk! + * + * + * @param Net_LDAP2_SchemaCache|null $cache Object implementing the Net_LDAP2_SchemaCache interface + * + * @return true|Net_LDAP2_Error + */ + public function registerSchemaCache($cache) { + if (is_null($cache) + || (is_object($cache) && in_array('Net_LDAP2_SchemaCache', class_implements($cache))) ) { + $this->_schema_cache = $cache; + return true; + } else { + return new Net_LDAP2_Error('Custom schema caching object is either no '. + 'valid object or does not implement the Net_LDAP2_SchemaCache interface!'); + } + } + + + /** + * Checks if phps ldap-extension is loaded + * + * If it is not loaded, it tries to load it manually using PHPs dl(). + * It knows both windows-dll and *nix-so. + * + * @static + * @return Net_LDAP2_Error|true + */ + public static function checkLDAPExtension() + { + if (!extension_loaded('ldap') && !@dl('ldap.' . PHP_SHLIB_SUFFIX)) { + return new Net_LDAP2_Error("It seems that you do not have the ldap-extension installed. Please install it before using the Net_LDAP2 package."); + } else { + return true; + } + } + + /** + * Encodes given attributes from ISO-8859-1 to UTF-8 if needed by schema + * + * This function takes attributes in an array and then checks against the schema if they need + * UTF8 encoding. If that is so, they will be encoded. An encoded array will be returned and + * can be used for adding or modifying. + * + * $attributes is expected to be an array with keys describing + * the attribute names and the values as the value of this attribute: + * $attributes = array('cn' => 'foo', 'attr2' => array('mv1', 'mv2')); + * + * @param array $attributes Array of attributes + * + * @access public + * @return array|Net_LDAP2_Error Array of UTF8 encoded attributes or Error + */ + public function utf8Encode($attributes) + { + return $this->utf8($attributes, 'utf8_encode'); + } + + /** + * Decodes the given attribute values from UTF-8 to ISO-8859-1 if needed by schema + * + * $attributes is expected to be an array with keys describing + * the attribute names and the values as the value of this attribute: + * $attributes = array('cn' => 'foo', 'attr2' => array('mv1', 'mv2')); + * + * @param array $attributes Array of attributes + * + * @access public + * @see utf8Encode() + * @return array|Net_LDAP2_Error Array with decoded attribute values or Error + */ + public function utf8Decode($attributes) + { + return $this->utf8($attributes, 'utf8_decode'); + } + + /** + * Encodes or decodes UTF-8/ISO-8859-1 attribute values if needed by schema + * + * @param array $attributes Array of attributes + * @param array $function Function to apply to attribute values + * + * @access protected + * @return array|Net_LDAP2_Error Array of attributes with function applied to values or Error + */ + protected function utf8($attributes, $function) + { + if (!is_array($attributes) || array_key_exists(0, $attributes)) { + return PEAR::raiseError('Parameter $attributes is expected to be an associative array'); + } + + if (!$this->_schema) { + $this->_schema = $this->schema(); + } + + if (!$this->_link || self::isError($this->_schema) || !function_exists($function)) { + return $attributes; + } + + if (is_array($attributes) && count($attributes) > 0) { + + foreach ($attributes as $k => $v) { + + if (!isset($this->_schemaAttrs[$k])) { + + $attr = $this->_schema->get('attribute', $k); + if (self::isError($attr)) { + continue; + } + + // Encoding is needed if this is a DIR_STR. We assume also + // needed encoding in case the schema contains no syntax + // information (he does not need to, see rfc2252, 4.2) + if (!array_key_exists('syntax', $attr) || false !== strpos($attr['syntax'], '1.3.6.1.4.1.1466.115.121.1.15')) { + $encode = true; + } else { + $encode = false; + } + $this->_schemaAttrs[$k] = $encode; + + } else { + $encode = $this->_schemaAttrs[$k]; + } + + if ($encode) { + if (is_array($v)) { + foreach ($v as $ak => $av) { + $v[$ak] = call_user_func($function, $av); + } + } else { + $v = call_user_func($function, $v); + } + } + $attributes[$k] = $v; + } + } + return $attributes; + } + + /** + * Get the LDAP link resource. It will loop attempting to + * re-establish the connection if the connection attempt fails and + * auto_reconnect has been turned on (see the _config array documentation). + * + * @access public + * @return resource LDAP link + */ + public function getLink() + { + if ($this->_config['auto_reconnect']) { + while (true) { + // + // Return the link handle if we are already connected. Otherwise + // try to reconnect. + // + if ($this->_link !== false) { + return $this->_link; + } else { + $this->performReconnect(); + } + } + } + return $this->_link; + } +} + +/** +* Net_LDAP2_Error implements a class for reporting portable LDAP error messages. +* +* @category Net +* @package Net_LDAP2 +* @author Tarjej Huse +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +*/ +class Net_LDAP2_Error extends PEAR_Error +{ + /** + * Net_LDAP2_Error constructor. + * + * @param string $message String with error message. + * @param integer $code Net_LDAP2 error code + * @param integer $mode what "error mode" to operate in + * @param mixed $level what error level to use for $mode & PEAR_ERROR_TRIGGER + * @param mixed $debuginfo additional debug info, such as the last query + * + * @access public + * @see PEAR_Error + */ + public function __construct($message = 'Net_LDAP2_Error', $code = NET_LDAP2_ERROR, $mode = PEAR_ERROR_RETURN, + $level = E_USER_NOTICE, $debuginfo = null) + { + if (is_int($code)) { + parent::__construct($message . ': ' . Net_LDAP2::errorMessage($code), $code, $mode, $level, $debuginfo); + } else { + parent::__construct("$message: $code", NET_LDAP2_ERROR, $mode, $level, $debuginfo); + } + } +} + +?> diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php new file mode 100644 index 00000000..a48f8221 --- /dev/null +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php @@ -0,0 +1,1096 @@ + +* @author Tarjej Huse +* @author Benedikt Hallinger +* @copyright 2009 Tarjej Huse, Jan Wagner, Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id$ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; +require_once 'Net/LDAP2/Util.php'; + +/** +* Object representation of a directory entry +* +* This class represents a directory entry. You can add, delete, replace +* attributes and their values, rename the entry, delete the entry. +* +* @category Net +* @package Net_LDAP2 +* @author Jan Wagner +* @author Tarjej Huse +* @author Benedikt Hallinger +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP2/ +*/ +class Net_LDAP2_Entry extends PEAR +{ + /** + * Entry ressource identifier + * + * @access protected + * @var ressource + */ + protected $_entry = null; + + /** + * LDAP ressource identifier + * + * @access protected + * @var ressource + */ + protected $_link = null; + + /** + * Net_LDAP2 object + * + * This object will be used for updating and schema checking + * + * @access protected + * @var object Net_LDAP2 + */ + protected $_ldap = null; + + /** + * Distinguished name of the entry + * + * @access protected + * @var string + */ + protected $_dn = null; + + /** + * Attributes + * + * @access protected + * @var array + */ + protected $_attributes = array(); + + /** + * Original attributes before any modification + * + * @access protected + * @var array + */ + protected $_original = array(); + + + /** + * Map of attribute names + * + * @access protected + * @var array + */ + protected $_map = array(); + + + /** + * Is this a new entry? + * + * @access protected + * @var boolean + */ + protected $_new = true; + + /** + * New distinguished name + * + * @access protected + * @var string + */ + protected $_newdn = null; + + /** + * Shall the entry be deleted? + * + * @access protected + * @var boolean + */ + protected $_delete = false; + + /** + * Map with changes to the entry + * + * @access protected + * @var array + */ + protected $_changes = array("add" => array(), + "delete" => array(), + "replace" => array() + ); + /** + * Internal Constructor + * + * Constructor of the entry. Sets up the distinguished name and the entries + * attributes. + * You should not call this method manually! Use {@link Net_LDAP2_Entry::createFresh()} + * or {@link Net_LDAP2_Entry::createConnected()} instead! + * + * @param Net_LDAP2|ressource|array $ldap Net_LDAP2 object, ldap-link ressource or array of attributes + * @param string|ressource $entry Either a DN or a LDAP-Entry ressource + * + * @access protected + * @return none + */ + public function __construct($ldap, $entry = null) + { + parent::__construct('Net_LDAP2_Error'); + + // set up entry resource or DN + if (is_resource($entry)) { + $this->_entry = $entry; + } else { + $this->_dn = $entry; + } + + // set up LDAP link + if ($ldap instanceof Net_LDAP2) { + $this->_ldap = $ldap; + $this->_link = $ldap->getLink(); + } elseif (is_resource($ldap)) { + $this->_link = $ldap; + } elseif (is_array($ldap)) { + // Special case: here $ldap is an array of attributes, + // this means, we have no link. This is a "virtual" entry. + // We just set up the attributes so one can work with the object + // as expected, but an update() fails unless setLDAP() is called. + $this->setAttributes($ldap); + } + + // if this is an entry existing in the directory, + // then set up as old and fetch attrs + if (is_resource($this->_entry) && is_resource($this->_link)) { + $this->_new = false; + $this->_dn = @ldap_get_dn($this->_link, $this->_entry); + $this->setAttributes(); // fetch attributes from server + } + } + + /** + * Creates a fresh entry that may be added to the directory later on + * + * Use this method, if you want to initialize a fresh entry. + * + * The method should be called statically: $entry = Net_LDAP2_Entry::createFresh(); + * You should put a 'objectClass' attribute into the $attrs so the directory server + * knows which object you want to create. However, you may omit this in case you + * don't want to add this entry to a directory server. + * + * The attributes parameter is as following: + * + * $attrs = array( 'attribute1' => array('value1', 'value2'), + * 'attribute2' => 'single value' + * ); + * + * + * @param string $dn DN of the Entry + * @param array $attrs Attributes of the entry + * + * @static + * @return Net_LDAP2_Entry|Net_LDAP2_Error + */ + public static function createFresh($dn, $attrs = array()) + { + if (!is_array($attrs)) { + return PEAR::raiseError("Unable to create fresh entry: Parameter \$attrs needs to be an array!"); + } + + $entry = new Net_LDAP2_Entry($attrs, $dn); + return $entry; + } + + /** + * Creates a Net_LDAP2_Entry object out of an ldap entry resource + * + * Use this method, if you want to initialize an entry object that is + * already present in some directory and that you have read manually. + * + * Please note, that if you want to create an entry object that represents + * some already existing entry, you should use {@link createExisting()}. + * + * The method should be called statically: $entry = Net_LDAP2_Entry::createConnected(); + * + * @param Net_LDAP2 $ldap Net_LDA2 object + * @param resource $entry PHP LDAP entry resource + * + * @static + * @return Net_LDAP2_Entry|Net_LDAP2_Error + */ + public static function createConnected($ldap, $entry) + { + if (!$ldap instanceof Net_LDAP2) { + return PEAR::raiseError("Unable to create connected entry: Parameter \$ldap needs to be a Net_LDAP2 object!"); + } + if (!is_resource($entry)) { + return PEAR::raiseError("Unable to create connected entry: Parameter \$entry needs to be a ldap entry resource!"); + } + + $entry = new Net_LDAP2_Entry($ldap, $entry); + return $entry; + } + + /** + * Creates an Net_LDAP2_Entry object that is considered already existing + * + * Use this method, if you want to modify an already existing entry + * without fetching it first. + * In most cases however, it is better to fetch the entry via Net_LDAP2->getEntry()! + * + * Please note that you should take care if you construct entries manually with this + * because you may get weird synchronisation problems. + * The attributes and values as well as the entry itself are considered existent + * which may produce errors if you try to modify an entry which doesn't really exist + * or if you try to overwrite some attribute with an value already present. + * + * This method is equal to calling createFresh() and after that markAsNew(FALSE). + * + * The method should be called statically: $entry = Net_LDAP2_Entry::createExisting(); + * + * The attributes parameter is as following: + * + * $attrs = array( 'attribute1' => array('value1', 'value2'), + * 'attribute2' => 'single value' + * ); + * + * + * @param string $dn DN of the Entry + * @param array $attrs Attributes of the entry + * + * @static + * @return Net_LDAP2_Entry|Net_LDAP2_Error + */ + public static function createExisting($dn, $attrs = array()) + { + if (!is_array($attrs)) { + return PEAR::raiseError("Unable to create entry object: Parameter \$attrs needs to be an array!"); + } + + $entry = Net_LDAP2_Entry::createFresh($dn, $attrs); + if ($entry instanceof Net_LDAP2_Error) { + return $entry; + } else { + $entry->markAsNew(false); + return $entry; + } + } + + /** + * Get or set the distinguished name of the entry + * + * If called without an argument the current (or the new DN if set) DN gets returned. + * If you provide an DN, this entry is moved to the new location specified if a DN existed. + * If the DN was not set, the DN gets initialized. Call {@link update()} to actually create + * the new Entry in the directory. + * To fetch the current active DN after setting a new DN but before an update(), you can use + * {@link currentDN()} to retrieve the DN that is currently active. + * + * Please note that special characters (eg german umlauts) should be encoded using utf8_encode(). + * You may use {@link Net_LDAP2_Util::canonical_dn()} for properly encoding of the DN. + * + * @param string $dn New distinguished name + * + * @access public + * @return string|true Distinguished name (or true if a new DN was provided) + */ + public function dn($dn = null) + { + if (false == is_null($dn)) { + if (is_null($this->_dn) ) { + $this->_dn = $dn; + } else { + $this->_newdn = $dn; + } + return true; + } + return (isset($this->_newdn) ? $this->_newdn : $this->currentDN()); + } + + /** + * Renames or moves the entry + * + * This is just a convinience alias to {@link dn()} + * to make your code more meaningful. + * + * @param string $newdn The new DN + * + * @return true + */ + public function move($newdn) + { + return $this->dn($newdn); + } + + /** + * Sets the internal attributes array + * + * This fetches the values for the attributes from the server. + * The attribute Syntax will be checked so binary attributes will be returned + * as binary values. + * + * Attributes may be passed directly via the $attributes parameter to setup this + * entry manually. This overrides attribute fetching from the server. + * + * @param array $attributes Attributes to set for this entry + * + * @access protected + * @return void + */ + protected function setAttributes($attributes = null) + { + /* + * fetch attributes from the server + */ + if (is_null($attributes) && is_resource($this->_entry) && is_resource($this->_link)) { + // fetch schema + if ($this->_ldap instanceof Net_LDAP2) { + $schema = $this->_ldap->schema(); + } + // fetch attributes + $attributes = array(); + do { + if (empty($attr)) { + $ber = null; + $attr = @ldap_first_attribute($this->_link, $this->_entry, $ber); + } else { + $attr = @ldap_next_attribute($this->_link, $this->_entry, $ber); + } + if ($attr) { + $func = 'ldap_get_values'; // standard function to fetch value + + // Try to get binary values as binary data + if ($schema instanceof Net_LDAP2_Schema) { + if ($schema->isBinary($attr)) { + $func = 'ldap_get_values_len'; + } + } + // fetch attribute value (needs error checking?) + $attributes[$attr] = $func($this->_link, $this->_entry, $attr); + } + } while ($attr); + } + + /* + * set attribute data directly, if passed + */ + if (is_array($attributes) && count($attributes) > 0) { + if (isset($attributes["count"]) && is_numeric($attributes["count"])) { + unset($attributes["count"]); + } + foreach ($attributes as $k => $v) { + // attribute names should not be numeric + if (is_numeric($k)) { + continue; + } + // map generic attribute name to real one + $this->_map[strtolower($k)] = $k; + // attribute values should be in an array + if (false == is_array($v)) { + $v = array($v); + } + // remove the value count (comes from ldap server) + if (isset($v["count"])) { + unset($v["count"]); + } + $this->_attributes[$k] = $v; + } + } + + // save a copy for later use + $this->_original = $this->_attributes; + } + + /** + * Get the values of all attributes in a hash + * + * The returned hash has the form + * array('attributename' => 'single value', + * 'attributename' => array('value1', value2', value3')) + * Only attributes present at the entry will be returned. + * + * @access public + * @return array Hash of all attributes with their values + */ + public function getValues() + { + $attrs = array(); + foreach ($this->_attributes as $attr => $value) { + $attrs[$attr] = $this->getValue($attr); + } + return $attrs; + } + + /** + * Get the value of a specific attribute + * + * The first parameter is the name of the attribute + * The second parameter influences the way the value is returned: + * 'single': only the first value is returned as string + * 'all': all values are returned in an array + * 'default': in all other cases an attribute value with a single value is + * returned as string, if it has multiple values it is returned + * as an array + * + * If the attribute is not set at this entry (no value or not defined in + * schema), "false" is returned when $option is 'single', an empty string if + * 'default', and an empty array when 'all'. + * + * You may use Net_LDAP2_Schema->checkAttribute() to see if the attribute + * is defined for the objectClasses of this entry. + * + * @param string $attr Attribute name + * @param string $option Option + * + * @access public + * @return string|array + */ + public function getValue($attr, $option = null) + { + $attr = $this->getAttrName($attr); + + // return depending on set $options + if (!array_key_exists($attr, $this->_attributes)) { + // attribute not set + switch ($option) { + case 'single': + $value = false; + break; + case 'all': + $value = array(); + break; + default: + $value = ''; + } + + } else { + // attribute present + switch ($option) { + case 'single': + $value = $this->_attributes[$attr][0]; + break; + case 'all': + $value = $this->_attributes[$attr]; + break; + default: + $value = $this->_attributes[$attr]; + if (count($value) == 1) { + $value = array_shift($value); + } + } + + } + + return $value; + } + + /** + * Alias function of getValue for perl-ldap interface + * + * @see getValue() + * @return string|array|PEAR_Error + */ + public function get_value() + { + $args = func_get_args(); + return call_user_func_array(array( $this, 'getValue' ), $args); + } + + /** + * Returns an array of attributes names + * + * @access public + * @return array Array of attribute names + */ + public function attributes() + { + return array_keys($this->_attributes); + } + + /** + * Returns whether an attribute exists or not + * + * @param string $attr Attribute name + * + * @access public + * @return boolean + */ + public function exists($attr) + { + $attr = $this->getAttrName($attr); + return array_key_exists($attr, $this->_attributes); + } + + /** + * Adds a new attribute or a new value to an existing attribute + * + * The paramter has to be an array of the form: + * array('attributename' => 'single value', + * 'attributename' => array('value1', 'value2)) + * When the attribute already exists the values will be added, else the + * attribute will be created. These changes are local to the entry and do + * not affect the entry on the server until update() is called. + * + * Note, that you can add values of attributes that you haven't selected, but if + * you do so, {@link getValue()} and {@link getValues()} will only return the + * values you added, _NOT_ all values present on the server. To avoid this, just refetch + * the entry after calling {@link update()} or select the attribute. + * + * @param array $attr Attributes to add + * + * @access public + * @return true|Net_LDAP2_Error + */ + public function add($attr = array()) + { + if (false == is_array($attr)) { + return PEAR::raiseError("Parameter must be an array"); + } + if ($this->isNew()) { + $this->setAttributes($attr); + } + foreach ($attr as $k => $v) { + $k = $this->getAttrName($k); + if (false == is_array($v)) { + // Do not add empty values + if ($v == null) { + continue; + } else { + $v = array($v); + } + } + // add new values to existing attribute or add new attribute + if ($this->exists($k)) { + $this->_attributes[$k] = array_unique(array_merge($this->_attributes[$k], $v)); + } else { + $this->_map[strtolower($k)] = $k; + $this->_attributes[$k] = $v; + } + // save changes for update() + if (!isset($this->_changes["add"][$k])) { + $this->_changes["add"][$k] = array(); + } + $this->_changes["add"][$k] = array_unique(array_merge($this->_changes["add"][$k], $v)); + } + + $return = true; + return $return; + } + + /** + * Deletes an whole attribute or a value or the whole entry + * + * The parameter can be one of the following: + * + * "attributename" - The attribute as a whole will be deleted + * array("attributename1", "attributename2) - All given attributes will be + * deleted + * array("attributename" => "value") - The value will be deleted + * array("attributename" => array("value1", "value2") - The given values + * will be deleted + * If $attr is null or omitted , then the whole Entry will be deleted! + * + * These changes are local to the entry and do + * not affect the entry on the server until {@link update()} is called. + * + * Please note that you must select the attribute (at $ldap->search() for example) + * to be able to delete values of it, Otherwise {@link update()} will silently fail + * and remove nothing. + * + * @param string|array $attr Attributes to delete (NULL or missing to delete whole entry) + * + * @access public + * @return true + */ + public function delete($attr = null) + { + if (is_null($attr)) { + $this->_delete = true; + return true; + } + if (is_string($attr)) { + $attr = array($attr); + } + // Make the assumption that attribute names cannot be numeric, + // therefore this has to be a simple list of attribute names to delete + if (is_numeric(key($attr))) { + foreach ($attr as $name) { + if (is_array($name)) { + // someone mixed modes (list mode but specific values given!) + $del_attr_name = array_search($name, $attr); + $this->delete(array($del_attr_name => $name)); + } else { + // mark for update() if this attr was not marked before + $name = $this->getAttrName($name); + if ($this->exists($name)) { + $this->_changes["delete"][$name] = null; + unset($this->_attributes[$name]); + } + } + } + } else { + // Here we have a hash with "attributename" => "value to delete" + foreach ($attr as $name => $values) { + if (is_int($name)) { + // someone mixed modes and gave us just an attribute name + $this->delete($values); + } else { + // mark for update() if this attr was not marked before; + // this time it must consider the selected values also + $name = $this->getAttrName($name); + if ($this->exists($name)) { + if (false == is_array($values)) { + $values = array($values); + } + // save values to be deleted + if (empty($this->_changes["delete"][$name])) { + $this->_changes["delete"][$name] = array(); + } + $this->_changes["delete"][$name] = + array_unique(array_merge($this->_changes["delete"][$name], $values)); + foreach ($values as $value) { + // find the key for the value that should be deleted + $key = array_search($value, $this->_attributes[$name]); + if (false !== $key) { + // delete the value + unset($this->_attributes[$name][$key]); + } + } + } + } + } + } + $return = true; + return $return; + } + + /** + * Replaces attributes or its values + * + * The parameter has to an array of the following form: + * array("attributename" => "single value", + * "attribute2name" => array("value1", "value2"), + * "deleteme1" => null, + * "deleteme2" => "") + * If the attribute does not yet exist it will be added instead (see also $force). + * If the attribue value is null, the attribute will de deleted. + * + * These changes are local to the entry and do + * not affect the entry on the server until {@link update()} is called. + * + * In some cases you are not allowed to read the attributes value (for + * example the ActiveDirectory attribute unicodePwd) but are allowed to + * replace the value. In this case replace() would assume that the attribute + * is not in the directory yet and tries to add it which will result in an + * LDAP_TYPE_OR_VALUE_EXISTS error. + * To force replace mode instead of add, you can set $force to true. + * + * @param array $attr Attributes to replace + * @param bool $force Force replacing mode in case we can't read the attr value but are allowed to replace it + * + * @access public + * @return true|Net_LDAP2_Error + */ + public function replace($attr = array(), $force = false) + { + if (false == is_array($attr)) { + return PEAR::raiseError("Parameter must be an array"); + } + foreach ($attr as $k => $v) { + $k = $this->getAttrName($k); + if (false == is_array($v)) { + // delete attributes with empty values; treat ints as string + if (is_int($v)) { + $v = "$v"; + } + if ($v == null) { + $this->delete($k); + continue; + } else { + $v = array($v); + } + } + // existing attributes will get replaced + if ($this->exists($k) || $force) { + $this->_changes["replace"][$k] = $v; + $this->_attributes[$k] = $v; + } else { + // new ones just get added + $this->add(array($k => $v)); + } + } + $return = true; + return $return; + } + + /** + * Update the entry on the directory server + * + * This will evaluate all changes made so far and send them + * to the directory server. + * Please note, that if you make changes to objectclasses wich + * have mandatory attributes set, update() will currently fail. + * Remove the entry from the server and readd it as new in such cases. + * This also will deal with problems with setting structural object classes. + * + * @param Net_LDAP2 $ldap If passed, a call to setLDAP() is issued prior update, thus switching the LDAP-server. This is for perl-ldap interface compliance + * + * @access public + * @return true|Net_LDAP2_Error + * @todo Entry rename with a DN containing special characters needs testing! + */ + public function update($ldap = null) + { + if ($ldap) { + $msg = $this->setLDAP($ldap); + if (Net_LDAP2::isError($msg)) { + return PEAR::raiseError('You passed an invalid $ldap variable to update()'); + } + } + + // ensure we have a valid LDAP object + $ldap = $this->getLDAP(); + if (!$ldap instanceof Net_LDAP2) { + return PEAR::raiseError("The entries LDAP object is not valid"); + } + + // Get and check link + $link = $ldap->getLink(); + if (!is_resource($link)) { + return PEAR::raiseError("Could not update entry: internal LDAP link is invalid"); + } + + /* + * Delete the entry + */ + if (true === $this->_delete) { + return $ldap->delete($this); + } + + /* + * New entry + */ + if (true === $this->_new) { + $msg = $ldap->add($this); + if (Net_LDAP2::isError($msg)) { + return $msg; + } + $this->_new = false; + $this->_changes['add'] = array(); + $this->_changes['delete'] = array(); + $this->_changes['replace'] = array(); + $this->_original = $this->_attributes; + + // In case the "new" entry was moved after creation, we must + // adjust the internal DNs as the entry was already created + // with the most current DN. + if (false == is_null($this->_newdn)) { + $this->_dn = $this->_newdn; + $this->_newdn = null; + } + + $return = true; + return $return; + } + + /* + * Rename/move entry + */ + if (false == is_null($this->_newdn)) { + if ($ldap->getLDAPVersion() !== 3) { + return PEAR::raiseError("Renaming/Moving an entry is only supported in LDAPv3"); + } + // make dn relative to parent (needed for ldap rename) + $parent = Net_LDAP2_Util::ldap_explode_dn($this->_newdn, array('casefolding' => 'none', 'reverse' => false, 'onlyvalues' => false)); + if (Net_LDAP2::isError($parent)) { + return $parent; + } + $child = array_shift($parent); + // maybe the dn consist of a multivalued RDN, we must build the dn in this case + // because the $child-RDN is an array! + if (is_array($child)) { + $child = Net_LDAP2_Util::canonical_dn($child); + } + $parent = Net_LDAP2_Util::canonical_dn($parent); + + // rename/move + if (false == @ldap_rename($link, $this->_dn, $child, $parent, false)) { + + return PEAR::raiseError("Entry not renamed: " . + @ldap_error($link), @ldap_errno($link)); + } + // reflect changes to local copy + $this->_dn = $this->_newdn; + $this->_newdn = null; + } + + /* + * Retrieve a entry that has all attributes we need so that the list of changes to build is created accurately + */ + $fullEntry = $ldap->getEntry( $this->dn() ); + if ( Net_LDAP2::isError($fullEntry) ) { + return PEAR::raiseError("Could not retrieve a full set of attributes to reconcile changes with"); + } + $modifications = array(); + + // ADD + foreach ($this->_changes["add"] as $attr => $value) { + // if attribute exists, we need to combine old and new values + if ($fullEntry->exists($attr)) { + $currentValue = $fullEntry->getValue($attr, "all"); + $value = array_merge( $currentValue, $value ); + } + + $modifications[$attr] = $value; + } + + // DELETE + foreach ($this->_changes["delete"] as $attr => $value) { + // In LDAPv3 you need to specify the old values for deleting + if (is_null($value) && $ldap->getLDAPVersion() === 3) { + $value = $fullEntry->getValue($attr); + } + if (!is_array($value)) { + $value = array($value); + } + + // Find out what is missing from $value and exclude it + $currentValue = isset($modifications[$attr]) ? $modifications[$attr] : $fullEntry->getValue($attr, "all"); + $modifications[$attr] = array_values( array_diff( $currentValue, $value ) ); + } + + // REPLACE + foreach ($this->_changes["replace"] as $attr => $value) { + $modifications[$attr] = $value; + } + + // COMMIT + if (false === @ldap_modify($link, $this->dn(), $modifications)) { + return PEAR::raiseError("Could not modify the entry: " . @ldap_error($link), @ldap_errno($link)); + } + + // all went well, so _original (server) becomes _attributes (local copy), reset _changes too... + $this->_changes['add'] = array(); + $this->_changes['delete'] = array(); + $this->_changes['replace'] = array(); + $this->_original = $this->_attributes; + + $return = true; + return $return; + } + + /** + * Returns the right attribute name + * + * @param string $attr Name of attribute + * + * @access protected + * @return string The right name of the attribute + */ + protected function getAttrName($attr) + { + $name = strtolower($attr); + if (array_key_exists($name, $this->_map)) { + $attr = $this->_map[$name]; + } + return $attr; + } + + /** + * Returns a reference to the LDAP-Object of this entry + * + * @access public + * @return Net_LDAP2|Net_LDAP2_Error Reference to the Net_LDAP2 Object (the connection) or Net_LDAP2_Error + */ + public function getLDAP() + { + if (!$this->_ldap instanceof Net_LDAP2) { + $err = new PEAR_Error('LDAP is not a valid Net_LDAP2 object'); + return $err; + } else { + return $this->_ldap; + } + } + + /** + * Sets a reference to the LDAP-Object of this entry + * + * After setting a Net_LDAP2 object, calling update() will use that object for + * updating directory contents. Use this to dynamicly switch directorys. + * + * @param Net_LDAP2 $ldap Net_LDAP2 object that this entry should be connected to + * + * @access public + * @return true|Net_LDAP2_Error + */ + public function setLDAP($ldap) + { + if (!$ldap instanceof Net_LDAP2) { + return PEAR::raiseError("LDAP is not a valid Net_LDAP2 object"); + } else { + $this->_ldap = $ldap; + return true; + } + } + + /** + * Marks the entry as new/existing. + * + * If an Entry is marked as new, it will be added to the directory + * when calling {@link update()}. + * If the entry is marked as old ($mark = false), then the entry is + * assumed to be present in the directory server wich results in + * modification when calling {@link update()}. + * + * @param boolean $mark Value to set, defaults to "true" + * + * @return void + */ + public function markAsNew($mark = true) + { + $this->_new = ($mark)? true : false; + } + + /** + * Applies a regular expression onto a single- or multivalued attribute (like preg_match()) + * + * This method behaves like PHPs preg_match() but with some exceptions. + * If you want to retrieve match information, then you MUST pass the + * $matches parameter via reference! otherwise you will get no matches. + * Since it is possible to have multi valued attributes the $matches + * array will have a additionally numerical dimension (one for each value): + * + * $matches = array( + * 0 => array (usual preg_match() returnarray), + * 1 => array (usual preg_match() returnarray) + * ) + * + * Please note, that $matches will be initialized to an empty array inside. + * + * Usage example: + * + * $result = $entry->preg_match('/089(\d+)/', 'telephoneNumber', $matches); + * if ( $result === true ){ + * echo "First match: ".$matches[0][1]; // Match of value 1, content of first bracket + * } else { + * if ( Net_LDAP2::isError($result) ) { + * echo "Error: ".$result->getMessage(); + * } else { + * echo "No match found."; + * } + * } + * + * + * Please note that it is important to test for an Net_LDAP2_Error, because objects are + * evaluating to true by default, thus if an error occured, and you only check using "==" then + * you get misleading results. Use the "identical" (===) operator to test for matches to + * avoid this as shown above. + * + * @param string $regex The regular expression + * @param string $attr_name The attribute to search in + * @param array $matches (optional, PASS BY REFERENCE!) Array to store matches in + * + * @return boolean|Net_LDAP2_Error TRUE, if we had a match in one of the values, otherwise false. Net_LDAP2_Error in case something went wrong + */ + public function pregMatch($regex, $attr_name, $matches = array()) + { + $matches = array(); + + // fetch attribute values + $attr = $this->getValue($attr_name, 'all'); + + // perform preg_match() on all values + $match = false; + foreach ($attr as $thisvalue) { + $matches_int = array(); + if (preg_match($regex, $thisvalue, $matches_int)) { + $match = true; + array_push($matches, $matches_int); // store matches in reference + } + } + return $match; + } + + /** + * Alias of {@link pregMatch()} for compatibility to Net_LDAP 1 + * + * @see pregMatch() + * @return boolean|Net_LDAP2_Error + */ + public function preg_match() + { + $args = func_get_args(); + return call_user_func_array(array( $this, 'pregMatch' ), $args); + } + + /** + * Tells if the entry is consiedered as new (not present in the server) + * + * Please note, that this doesn't tell you if the entry is present on the server. + * Use {@link Net_LDAP2::dnExists()} to see if an entry is already there. + * + * @return boolean + */ + public function isNew() + { + return $this->_new; + } + + + /** + * Is this entry going to be deleted once update() is called? + * + * @return boolean + */ + public function willBeDeleted() + { + return $this->_delete; + } + + /** + * Is this entry going to be moved once update() is called? + * + * @return boolean + */ + public function willBeMoved() + { + return ($this->dn() !== $this->currentDN()); + } + + /** + * Returns always the original DN + * + * If an entry will be moved but {@link update()} was not called, + * {@link dn()} will return the new DN. This method however, returns + * always the current active DN. + * + * @return string + */ + public function currentDN() + { + return $this->_dn; + } + + /** + * Returns the attribute changes to be carried out once update() is called + * + * @return array + */ + public function getChanges() + { + return $this->_changes; + } +} +?> diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Filter.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Filter.php new file mode 100644 index 00000000..646cf900 --- /dev/null +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Filter.php @@ -0,0 +1,675 @@ + +* @copyright 2009 Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id$ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; +require_once 'Net/LDAP2/Util.php'; +require_once 'Net/LDAP2/Entry.php'; + +/** +* Object representation of a part of a LDAP filter. +* +* This Class is not completely compatible to the PERL interface! +* +* The purpose of this class is, that users can easily build LDAP filters +* without having to worry about right escaping etc. +* A Filter is built using several independent filter objects +* which are combined afterwards. This object works in two +* modes, depending how the object is created. +* If the object is created using the {@link create()} method, then this is a leaf-object. +* If the object is created using the {@link combine()} method, then this is a container object. +* +* LDAP filters are defined in RFC-2254 and can be found under +* {@link http://www.ietf.org/rfc/rfc2254.txt} +* +* Here a quick copy&paste example: +* +* $filter0 = Net_LDAP2_Filter::create('stars', 'equals', '***'); +* $filter_not0 = Net_LDAP2_Filter::combine('not', $filter0); +* +* $filter1 = Net_LDAP2_Filter::create('gn', 'begins', 'bar'); +* $filter2 = Net_LDAP2_Filter::create('gn', 'ends', 'baz'); +* $filter_comp = Net_LDAP2_Filter::combine('or',array($filter_not0, $filter1, $filter2)); +* +* echo $filter_comp->asString(); +* // This will output: (|(!(stars=\0x5c0x2a\0x5c0x2a\0x5c0x2a))(gn=bar*)(gn=*baz)) +* // The stars in $filter0 are treaten as real stars unless you disable escaping. +* +* +* @category Net +* @package Net_LDAP2 +* @author Benedikt Hallinger +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP2/ +*/ +class Net_LDAP2_Filter extends PEAR +{ + /** + * Storage for combination of filters + * + * This variable holds a array of filter objects + * that should be combined by this filter object. + * + * @access protected + * @var array + */ + protected $_subfilters = array(); + + /** + * Match of this filter + * + * If this is a leaf filter, then a matching rule is stored, + * if it is a container, then it is a logical operator + * + * @access protected + * @var string + */ + protected $_match; + + /** + * Single filter + * + * If we operate in leaf filter mode, + * then the constructing method stores + * the filter representation here + * + * @acces private + * @var string + */ + protected $_filter; + + /** + * Create a new Net_LDAP2_Filter object and parse $filter. + * + * This is for PERL Net::LDAP interface. + * Construction of Net_LDAP2_Filter objects should happen through either + * {@link create()} or {@link combine()} which give you more control. + * However, you may use the perl iterface if you already have generated filters. + * + * @param string $filter LDAP filter string + * + * @see parse() + */ + public function __construct($filter = false) + { + // The optional parameter must remain here, because otherwise create() crashes + if (false !== $filter) { + $filter_o = self::parse($filter); + if (PEAR::isError($filter_o)) { + $this->_filter = $filter_o; // assign error, so asString() can report it + } else { + $this->_filter = $filter_o->asString(); + } + } + } + + /** + * Constructor of a new part of a LDAP filter. + * + * The following matching rules exists: + * - equals: One of the attributes values is exactly $value + * Please note that case sensitiviness is depends on the + * attributes syntax configured in the server. + * - begins: One of the attributes values must begin with $value + * - ends: One of the attributes values must end with $value + * - contains: One of the attributes values must contain $value + * - present | any: The attribute can contain any value but must be existent + * - greater: The attributes value is greater than $value + * - less: The attributes value is less than $value + * - greaterOrEqual: The attributes value is greater or equal than $value + * - lessOrEqual: The attributes value is less or equal than $value + * - approx: One of the attributes values is similar to $value + * + * Negation ("not") can be done by prepending the above operators with the + * "not" or "!" keyword, see example below. + * + * If $escape is set to true (default) then $value will be escaped + * properly. If it is set to false then $value will be treaten as raw filter value string. + * You should escape yourself using {@link Net_LDAP2_Util::escape_filter_value()}! + * + * Examples: + * + * // This will find entries that contain an attribute "sn" that ends with "foobar": + * $filter = Net_LDAP2_Filter::create('sn', 'ends', 'foobar'); + * + * // This will find entries that contain an attribute "sn" that has any value set: + * $filter = Net_LDAP2_Filter::create('sn', 'any'); + * + * // This will build a negated equals filter: + * $filter = Net_LDAP2_Filter::create('sn', 'not equals', 'foobar'); + * + * + * @param string $attr_name Name of the attribute the filter should apply to + * @param string $match Matching rule (equals, begins, ends, contains, greater, less, greaterOrEqual, lessOrEqual, approx, any) + * @param string $value (optional) if given, then this is used as a filter + * @param boolean $escape Should $value be escaped? (default: yes, see {@link Net_LDAP2_Util::escape_filter_value()} for detailed information) + * + * @return Net_LDAP2_Filter|Net_LDAP2_Error + */ + public static function create($attr_name, $match, $value = '', $escape = true) + { + $leaf_filter = new Net_LDAP2_Filter(); + if ($escape) { + $array = Net_LDAP2_Util::escape_filter_value(array($value)); + $value = $array[0]; + } + + $match = strtolower($match); + + // detect negation + $neg_matches = array(); + $negate_filter = false; + if (preg_match('/^(?:not|!)[\s_-](.+)/', $match, $neg_matches)) { + $negate_filter = true; + $match = $neg_matches[1]; + } + + // build basic filter + switch ($match) { + case 'equals': + case '=': + case '==': + $leaf_filter->_filter = '(' . $attr_name . '=' . $value . ')'; + break; + case 'begins': + $leaf_filter->_filter = '(' . $attr_name . '=' . $value . '*)'; + break; + case 'ends': + $leaf_filter->_filter = '(' . $attr_name . '=*' . $value . ')'; + break; + case 'contains': + $leaf_filter->_filter = '(' . $attr_name . '=*' . $value . '*)'; + break; + case 'greater': + case '>': + $leaf_filter->_filter = '(' . $attr_name . '>' . $value . ')'; + break; + case 'less': + case '<': + $leaf_filter->_filter = '(' . $attr_name . '<' . $value . ')'; + break; + case 'greaterorequal': + case '>=': + $leaf_filter->_filter = '(' . $attr_name . '>=' . $value . ')'; + break; + case 'lessorequal': + case '<=': + $leaf_filter->_filter = '(' . $attr_name . '<=' . $value . ')'; + break; + case 'approx': + case '~=': + $leaf_filter->_filter = '(' . $attr_name . '~=' . $value . ')'; + break; + case 'any': + case 'present': // alias that may improve user code readability + $leaf_filter->_filter = '(' . $attr_name . '=*)'; + break; + default: + return PEAR::raiseError('Net_LDAP2_Filter create error: matching rule "' . $match . '" not known!'); + } + + // negate if requested + if ($negate_filter) { + $leaf_filter = Net_LDAP2_Filter::combine('!', $leaf_filter); + } + + return $leaf_filter; + } + + /** + * Combine two or more filter objects using a logical operator + * + * This static method combines two or more filter objects and returns one single + * filter object that contains all the others. + * Call this method statically: $filter = Net_LDAP2_Filter::combine('or', array($filter1, $filter2)) + * If the array contains filter strings instead of filter objects, we will try to parse them. + * + * @param string $log_op The locical operator. May be "and", "or", "not" or the subsequent logical equivalents "&", "|", "!" + * @param array|Net_LDAP2_Filter $filters array with Net_LDAP2_Filter objects + * + * @return Net_LDAP2_Filter|Net_LDAP2_Error + * @static + */ + public static function &combine($log_op, $filters) + { + if (PEAR::isError($filters)) { + return $filters; + } + + // substitude named operators to logical operators + if ($log_op == 'and') $log_op = '&'; + if ($log_op == 'or') $log_op = '|'; + if ($log_op == 'not') $log_op = '!'; + + // tests for sane operation + if ($log_op == '!') { + // Not-combination, here we only accept one filter object or filter string + if ($filters instanceof Net_LDAP2_Filter) { + $filters = array($filters); // force array + } elseif (is_string($filters)) { + $filter_o = self::parse($filters); + if (PEAR::isError($filter_o)) { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: '.$filter_o->getMessage()); + return $err; + } else { + $filters = array($filter_o); + } + } elseif (is_array($filters)) { + if (count($filters) != 1) { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is an array!'); + return $err; + } elseif (!($filters[0] instanceof Net_LDAP2_Filter)) { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is not a valid Net_LDAP2_Filter nor a filter string!'); + return $err; + } + } else { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is not a valid Net_LDAP2_Filter nor a filter string!'); + return $err; + } + } elseif ($log_op == '&' || $log_op == '|') { + if (!is_array($filters) || count($filters) < 2) { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: parameter $filters is not an array or contains less than two Net_LDAP2_Filter objects!'); + return $err; + } + } else { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: logical operator is not known!'); + return $err; + } + + $combined_filter = new Net_LDAP2_Filter(); + foreach ($filters as $key => $testfilter) { // check for errors + if (PEAR::isError($testfilter)) { + return $testfilter; + } elseif (is_string($testfilter)) { + // string found, try to parse into an filter object + $filter_o = self::parse($testfilter); + if (PEAR::isError($filter_o)) { + return $filter_o; + } else { + $filters[$key] = $filter_o; + } + } elseif (!$testfilter instanceof Net_LDAP2_Filter) { + $err = PEAR::raiseError('Net_LDAP2_Filter combine error: invalid object passed in array $filters!'); + return $err; + } + } + + $combined_filter->_subfilters = $filters; + $combined_filter->_match = $log_op; + return $combined_filter; + } + + /** + * Parse FILTER into a Net_LDAP2_Filter object + * + * This parses an filter string into Net_LDAP2_Filter objects. + * + * @param string $FILTER The filter string + * + * @access static + * @return Net_LDAP2_Filter|Net_LDAP2_Error + * @todo Leaf-mode: Do we need to escape at all? what about *-chars?check for the need of encoding values, tackle problems (see code comments) + */ + public static function parse($FILTER) + { + if (preg_match('/^\((.+?)\)$/', $FILTER, $matches)) { + // Check for right bracket syntax: count of unescaped opening + // brackets must match count of unescaped closing brackets. + // At this stage we may have: + // 1. one filter component with already removed outer brackets + // 2. one or more subfilter components + $c_openbracks = preg_match_all('/(?1 is too deep, 1 is ok, 0 is outside any + // subcomponent + for ($curpos = 0; $curpos < strlen($remaining_component); $curpos++) { + $cur_char = substr($remaining_component, $curpos, 1); + + // rise/lower bracket level + if ($cur_char == '(' && $prev_char != '\\') { + $level++; + } elseif ($cur_char == ')' && $prev_char != '\\') { + $level--; + } + + if ($cur_char == '(' && $prev_char == ')' && $level == 1) { + array_push($sub_index_pos, $curpos); // mark the position for splitting + } + $prev_char = $cur_char; + } + + // now perform the splits. To get also the last part, we + // need to add the "END" index to the split array + array_push($sub_index_pos, strlen($remaining_component)); + $subfilters = array(); + $oldpos = 0; + foreach ($sub_index_pos as $s_pos) { + $str_part = substr($remaining_component, $oldpos, $s_pos - $oldpos); + array_push($subfilters, $str_part); + $oldpos = $s_pos; + } + + // some error checking... + if (count($subfilters) == 1) { + // only one subfilter found + } elseif (count($subfilters) > 1) { + // several subfilters found + if ($log_op == "!") { + return PEAR::raiseError("Filter parsing error: invalid filter syntax - NOT operator detected but several arguments given!"); + } + } else { + // this should not happen unless the user specified a wrong filter + return PEAR::raiseError("Filter parsing error: invalid filter syntax - got operator '$log_op' but no argument!"); + } + + // Now parse the subfilters into objects and combine them using the operator + $subfilters_o = array(); + foreach ($subfilters as $s_s) { + $o = self::parse($s_s); + if (PEAR::isError($o)) { + return $o; + } else { + array_push($subfilters_o, self::parse($s_s)); + } + } + + $filter_o = self::combine($log_op, $subfilters_o); + return $filter_o; + + } else { + // This is one leaf filter component, do some syntax checks, then escape and build filter_o + // $matches[1] should be now something like "foo=bar" + + // detect multiple leaf components + // [TODO] Maybe this will make problems with filters containing brackets inside the value + if (stristr($matches[1], ')(')) { + return PEAR::raiseError("Filter parsing error: invalid filter syntax - multiple leaf components detected!"); + } else { + $filter_parts = Net_LDAP2_Util::split_attribute_string($matches[1], true, true); + if (count($filter_parts) != 3) { + return PEAR::raiseError("Filter parsing error: invalid filter syntax - unknown matching rule used"); + } else { + $filter_o = new Net_LDAP2_Filter(); + // [TODO]: Do we need to escape at all? what about *-chars user provide and that should remain special? + // I think, those prevent escaping! We need to check against PERL Net::LDAP! + // $value_arr = Net_LDAP2_Util::escape_filter_value(array($filter_parts[2])); + // $value = $value_arr[0]; + $value = $filter_parts[2]; + $filter_o->_filter = '('.$filter_parts[0].$filter_parts[1].$value.')'; + return $filter_o; + } + } + } + } else { + // ERROR: Filter components must be enclosed in round brackets + return PEAR::raiseError("Filter parsing error: invalid filter syntax - filter components must be enclosed in round brackets"); + } + } + + /** + * Get the string representation of this filter + * + * This method runs through all filter objects and creates + * the string representation of the filter. If this + * filter object is a leaf filter, then it will return + * the string representation of this filter. + * + * @return string|Net_LDAP2_Error + */ + public function asString() + { + if ($this->isLeaf()) { + $return = $this->_filter; + } else { + $return = ''; + foreach ($this->_subfilters as $filter) { + $return = $return.$filter->asString(); + } + $return = '(' . $this->_match . $return . ')'; + } + return $return; + } + + /** + * Alias for perl interface as_string() + * + * @see asString() + * @return string|Net_LDAP2_Error + */ + public function as_string() + { + return $this->asString(); + } + + /** + * Print the text representation of the filter to FH, or the currently selected output handle if FH is not given + * + * This method is only for compatibility to the perl interface. + * However, the original method was called "print" but due to PHP language restrictions, + * we can't have a print() method. + * + * @param resource $FH (optional) A filehandle resource + * + * @return true|Net_LDAP2_Error + */ + public function printMe($FH = false) + { + if (!is_resource($FH)) { + if (PEAR::isError($FH)) { + return $FH; + } + $filter_str = $this->asString(); + if (PEAR::isError($filter_str)) { + return $filter_str; + } else { + print($filter_str); + } + } else { + $filter_str = $this->asString(); + if (PEAR::isError($filter_str)) { + return $filter_str; + } else { + $res = @fwrite($FH, $this->asString()); + if ($res == false) { + return PEAR::raiseError("Unable to write filter string to filehandle \$FH!"); + } + } + } + return true; + } + + /** + * This can be used to escape a string to provide a valid LDAP-Filter. + * + * LDAP will only recognise certain characters as the + * character istself if they are properly escaped. This is + * what this method does. + * The method can be called statically, so you can use it outside + * for your own purposes (eg for escaping only parts of strings) + * + * In fact, this is just a shorthand to {@link Net_LDAP2_Util::escape_filter_value()}. + * For upward compatibiliy reasons you are strongly encouraged to use the escape + * methods provided by the Net_LDAP2_Util class. + * + * @param string $value Any string who should be escaped + * + * @static + * @return string The string $string, but escaped + * @deprecated Do not use this method anymore, instead use Net_LDAP2_Util::escape_filter_value() directly + */ + public static function escape($value) + { + $return = Net_LDAP2_Util::escape_filter_value(array($value)); + return $return[0]; + } + + /** + * Is this a container or a leaf filter object? + * + * @access protected + * @return boolean + */ + protected function isLeaf() + { + if (count($this->_subfilters) > 0) { + return false; // Container! + } else { + return true; // Leaf! + } + } + + /** + * Filter entries using this filter or see if a filter matches + * + * @todo Currently slow and naive implementation with preg_match, could be optimized (esp. begins, ends filters etc) + * @todo Currently only "="-based matches (equals, begins, ends, contains, any) implemented; Implement all the stuff! + * @todo Implement expert code with schema checks in case $entry is connected to a directory + * @param array|Net_LDAP2_Entry The entry (or array with entries) to check + * @param array If given, the array will be appended with entries who matched the filter. Return value is true if any entry matched. + * @return int|Net_LDAP2_Error Returns the number of matched entries or error + */ + function matches(&$entries, &$results=array()) { + $numOfMatches = 0; + + if (!is_array($entries)) { + $all_entries = array(&$entries); + } else { + $all_entries = &$entries; + } + + foreach ($all_entries as $entry) { + // look at the current entry and see if filter matches + + $entry_matched = false; + // if this is not a single component, do calculate all subfilters, + // then assert the partial results with the given combination modifier + if (!$this->isLeaf()) { + + // get partial results from subfilters + $partial_results = array(); + foreach ($this->_subfilters as $filter) { + $partial_results[] = $filter->matches($entry); + } + + // evaluate partial results using this filters combination rule + switch ($this->_match) { + case '!': + // result is the neagtive result of the assertion + $entry_matched = !$partial_results[0]; + break; + + case '&': + // all partial results have to be boolean-true + $entry_matched = !in_array(false, $partial_results); + break; + + case '|': + // at least one partial result has to be true + $entry_matched = in_array(true, $partial_results); + break; + } + + } else { + // Leaf filter: assert given entry + // [TODO]: Could be optimized to avoid preg_match especially with "ends", "begins" etc + + // Translate the LDAP-match to some preg_match expression and evaluate it + list($attribute, $match, $assertValue) = $this->getComponents(); + switch ($match) { + case '=': + $regexp = '/^'.str_replace('*', '.*', $assertValue).'$/i'; // not case sensitive unless specified by schema + $entry_matched = $entry->pregMatch($regexp, $attribute); + break; + + // ------------------------------------- + // [TODO]: implement <, >, <=, >= and =~ + // ------------------------------------- + + default: + $err = PEAR::raiseError("Net_LDAP2_Filter match error: unsupported match rule '$match'!"); + return $err; + } + + } + + // process filter matching result + if ($entry_matched) { + $numOfMatches++; + $results[] = $entry; + } + + } + + return $numOfMatches; + } + + + /** + * Retrieve this leaf-filters attribute, match and value component. + * + * For leaf filters, this returns array(attr, match, value). + * Match is be the logical operator, not the text representation, + * eg "=" instead of "equals". Note that some operators are really + * a combination of operator+value with wildcard, like + * "begins": That will return "=" with the value "value*"! + * + * For non-leaf filters this will drop an error. + * + * @todo $this->_match is not always available and thus not usable here; it would be great if it would set in the factory methods and constructor. + * @return array|Net_LDAP2_Error + */ + function getComponents() { + if ($this->isLeaf()) { + $raw_filter = preg_replace('/^\(|\)$/', '', $this->_filter); + $parts = Net_LDAP2_Util::split_attribute_string($raw_filter, true, true); + if (count($parts) != 3) { + return PEAR::raiseError("Net_LDAP2_Filter getComponents() error: invalid filter syntax - unknown matching rule used"); + } else { + return $parts; + } + } else { + return PEAR::raiseError('Net_LDAP2_Filter getComponents() call is invalid for non-leaf filters!'); + } + } + + +} +?> diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/LDIF.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/LDIF.php new file mode 100644 index 00000000..250e2488 --- /dev/null +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/LDIF.php @@ -0,0 +1,925 @@ + +* @copyright 2009 Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id$ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; +require_once 'Net/LDAP2.php'; +require_once 'Net/LDAP2/Entry.php'; +require_once 'Net/LDAP2/Util.php'; + +/** +* LDIF capabilitys for Net_LDAP2, closely taken from PERLs Net::LDAP +* +* It provides a means to convert between Net_LDAP2_Entry objects and LDAP entries +* represented in LDIF format files. Reading and writing are supported and may +* manipulate single entries or lists of entries. +* +* Usage example: +* +* // Read and parse an ldif-file into Net_LDAP2_Entry objects +* // and print out the DNs. Store the entries for later use. +* require 'Net/LDAP2/LDIF.php'; +* $options = array( +* 'onerror' => 'die' +* ); +* $entries = array(); +* $ldif = new Net_LDAP2_LDIF('test.ldif', 'r', $options); +* do { +* $entry = $ldif->read_entry(); +* $dn = $entry->dn(); +* echo " done building entry: $dn\n"; +* array_push($entries, $entry); +* } while (!$ldif->eof()); +* $ldif->done(); +* +* +* // write those entries to another file +* $ldif = new Net_LDAP2_LDIF('test.out.ldif', 'w', $options); +* $ldif->write_entry($entries); +* $ldif->done(); +* +* +* @category Net +* @package Net_LDAP2 +* @author Benedikt Hallinger +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +* @see http://www.ietf.org/rfc/rfc2849.txt +* @todo Error handling should be PEARified +* @todo LDAPv3 controls are not implemented yet +*/ +class Net_LDAP2_LDIF extends PEAR +{ + /** + * Options + * + * @access protected + * @var array + */ + protected $_options = array('encode' => 'base64', + 'onerror' => null, + 'change' => 0, + 'lowercase' => 0, + 'sort' => 0, + 'version' => null, + 'wrap' => 78, + 'raw' => '' + ); + + /** + * Errorcache + * + * @access protected + * @var array + */ + protected $_error = array('error' => null, + 'line' => 0 + ); + + /** + * Filehandle for read/write + * + * @access protected + * @var array + */ + protected $_FH = null; + + /** + * Says, if we opened the filehandle ourselves + * + * @access protected + * @var array + */ + protected $_FH_opened = false; + + /** + * Linecounter for input file handle + * + * @access protected + * @var array + */ + protected $_input_line = 0; + + /** + * counter for processed entries + * + * @access protected + * @var int + */ + protected $_entrynum = 0; + + /** + * Mode we are working in + * + * Either 'r', 'a' or 'w' + * + * @access protected + * @var string + */ + protected $_mode = false; + + /** + * Tells, if the LDIF version string was already written + * + * @access protected + * @var boolean + */ + protected $_version_written = false; + + /** + * Cache for lines that have build the current entry + * + * @access protected + * @var boolean + */ + protected $_lines_cur = array(); + + /** + * Cache for lines that will build the next entry + * + * @access protected + * @var boolean + */ + protected $_lines_next = array(); + + /** + * Open LDIF file for reading or for writing + * + * new (FILE): + * Open the file read-only. FILE may be the name of a file + * or an already open filehandle. + * If the file doesn't exist, it will be created if in write mode. + * + * new (FILE, MODE, OPTIONS): + * Open the file with the given MODE (see PHPs fopen()), eg "w" or "a". + * FILE may be the name of a file or an already open filehandle. + * PERLs Net_LDAP2 "FILE|" mode does not work curently. + * + * OPTIONS is an associative array and may contain: + * encode => 'none' | 'canonical' | 'base64' + * Some DN values in LDIF cannot be written verbatim and have to be encoded in some way: + * 'none' No encoding. + * 'canonical' See "canonical_dn()" in Net::LDAP::Util. + * 'base64' Use base64. (default, this differs from the Perl interface. + * The perl default is "none"!) + * + * onerror => 'die' | 'warn' | NULL + * Specify what happens when an error is detected. + * 'die' Net_LDAP2_LDIF will croak with an appropriate message. + * 'warn' Net_LDAP2_LDIF will warn (echo) with an appropriate message. + * NULL Net_LDAP2_LDIF will not warn (default), use error(). + * + * change => 1 + * Write entry changes to the LDIF file instead of the entries itself. I.e. write LDAP + * operations acting on the entries to the file instead of the entries contents. + * This writes the changes usually carried out by an update() to the LDIF file. + * + * lowercase => 1 + * Convert attribute names to lowercase when writing. + * + * sort => 1 + * Sort attribute names when writing entries according to the rule: + * objectclass first then all other attributes alphabetically sorted by attribute name + * + * version => '1' + * Set the LDIF version to write to the resulting LDIF file. + * According to RFC 2849 currently the only legal value for this option is 1. + * When this option is set Net_LDAP2_LDIF tries to adhere more strictly to + * the LDIF specification in RFC2489 in a few places. + * The default is NULL meaning no version information is written to the LDIF file. + * + * wrap => 78 + * Number of columns where output line wrapping shall occur. + * Default is 78. Setting it to 40 or lower inhibits wrapping. + * + * raw => REGEX + * Use REGEX to denote the names of attributes that are to be + * considered binary in search results if writing entries. + * Example: raw => "/(?i:^jpegPhoto|;binary)/i" + * + * @param string|ressource $file Filename or filehandle + * @param string $mode Mode to open filename + * @param array $options Options like described above + */ + public function __construct($file, $mode = 'r', $options = array()) + { + parent::__construct('Net_LDAP2_Error'); // default error class + + // First, parse options + // todo: maybe implement further checks on possible values + foreach ($options as $option => $value) { + if (!array_key_exists($option, $this->_options)) { + $this->dropError('Net_LDAP2_LDIF error: option '.$option.' not known!'); + return; + } else { + $this->_options[$option] = strtolower($value); + } + } + + // setup LDIF class + $this->version($this->_options['version']); + + // setup file mode + if (!preg_match('/^[rwa]\+?$/', $mode)) { + $this->dropError('Net_LDAP2_LDIF error: file mode '.$mode.' not supported!'); + } else { + $this->_mode = $mode; + + // setup filehandle + if (is_resource($file)) { + // TODO: checks on mode possible? + $this->_FH =& $file; + } else { + $imode = substr($this->_mode, 0, 1); + if ($imode == 'r') { + if (!file_exists($file)) { + $this->dropError('Unable to open '.$file.' for read: file not found'); + $this->_mode = false; + } + if (!is_readable($file)) { + $this->dropError('Unable to open '.$file.' for read: permission denied'); + $this->_mode = false; + } + } + + if (($imode == 'w' || $imode == 'a')) { + if (file_exists($file)) { + if (!is_writable($file)) { + $this->dropError('Unable to open '.$file.' for write: permission denied'); + $this->_mode = false; + } + } else { + if (!@touch($file)) { + $this->dropError('Unable to create '.$file.' for write: permission denied'); + $this->_mode = false; + } + } + } + + if ($this->_mode) { + $this->_FH = @fopen($file, $this->_mode); + if (false === $this->_FH) { + // Fallback; should never be reached if tests above are good enough! + $this->dropError('Net_LDAP2_LDIF error: Could not open file '.$file); + } else { + $this->_FH_opened = true; + } + } + } + } + } + + /** + * Read one entry from the file and return it as a Net::LDAP::Entry object. + * + * @return Net_LDAP2_Entry + */ + public function read_entry() + { + // read fresh lines, set them as current lines and create the entry + $attrs = $this->next_lines(true); + if (count($attrs) > 0) { + $this->_lines_cur = $attrs; + } + return $this->current_entry(); + } + + /** + * Returns true when the end of the file is reached. + * + * @return boolean + */ + public function eof() + { + return feof($this->_FH); + } + + /** + * Write the entry or entries to the LDIF file. + * + * If you want to build an LDIF file containing several entries AND + * you want to call write_entry() several times, you must open the filehandle + * in append mode ("a"), otherwise you will always get the last entry only. + * + * @param Net_LDAP2_Entry|array $entries Entry or array of entries + * + * @return void + * @todo implement operations on whole entries (adding a whole entry) + */ + public function write_entry($entries) + { + if (!is_array($entries)) { + $entries = array($entries); + } + + foreach ($entries as $entry) { + $this->_entrynum++; + if (!$entry instanceof Net_LDAP2_Entry) { + $this->dropError('Net_LDAP2_LDIF error: entry '.$this->_entrynum.' is not an Net_LDAP2_Entry object'); + } else { + if ($this->_options['change']) { + // LDIF change mode + // fetch change information from entry + $entry_attrs_changes = $entry->getChanges(); + $num_of_changes = count($entry_attrs_changes['add']) + + count($entry_attrs_changes['replace']) + + count($entry_attrs_changes['delete']); + + + $is_changed = ($num_of_changes > 0 || $entry->willBeDeleted() || $entry->willBeMoved()); + + // write version if not done yet + // also write DN of entry + if ($is_changed) { + if (!$this->_version_written) { + $this->write_version(); + } + $this->writeDN($entry->currentDN()); + } + + // process changes + // TODO: consider DN add! + if ($entry->willBeDeleted()) { + $this->writeLine("changetype: delete".PHP_EOL); + } elseif ($entry->willBeMoved()) { + $this->writeLine("changetype: modrdn".PHP_EOL); + $olddn = Net_LDAP2_Util::ldap_explode_dn($entry->currentDN(), array('casefold' => 'none')); // maybe gives a bug if using multivalued RDNs + $oldrdn = array_shift($olddn); + $oldparent = implode(',', $olddn); + $newdn = Net_LDAP2_Util::ldap_explode_dn($entry->dn(), array('casefold' => 'none')); // maybe gives a bug if using multivalued RDNs + $rdn = array_shift($newdn); + $parent = implode(',', $newdn); + $this->writeLine("newrdn: ".$rdn.PHP_EOL); + $this->writeLine("deleteoldrdn: 1".PHP_EOL); + if ($parent !== $oldparent) { + $this->writeLine("newsuperior: ".$parent.PHP_EOL); + } + // TODO: What if the entry has attribute changes as well? + // I think we should check for that and make a dummy + // entry with the changes that is written to the LDIF file + } elseif ($num_of_changes > 0) { + // write attribute change data + $this->writeLine("changetype: modify".PHP_EOL); + foreach ($entry_attrs_changes as $changetype => $entry_attrs) { + foreach ($entry_attrs as $attr_name => $attr_values) { + $this->writeLine("$changetype: $attr_name".PHP_EOL); + if ($attr_values !== null) $this->writeAttribute($attr_name, $attr_values, $changetype); + $this->writeLine("-".PHP_EOL); + } + } + } + + // finish this entrys data if we had changes + if ($is_changed) { + $this->finishEntry(); + } + } else { + // LDIF-content mode + // fetch attributes for further processing + $entry_attrs = $entry->getValues(); + + // sort and put objectclass-attrs to first position + if ($this->_options['sort']) { + ksort($entry_attrs); + if (array_key_exists('objectclass', $entry_attrs)) { + $oc = $entry_attrs['objectclass']; + unset($entry_attrs['objectclass']); + $entry_attrs = array_merge(array('objectclass' => $oc), $entry_attrs); + } + } + + // write data + if (!$this->_version_written) { + $this->write_version(); + } + $this->writeDN($entry->dn()); + foreach ($entry_attrs as $attr_name => $attr_values) { + $this->writeAttribute($attr_name, $attr_values); + } + $this->finishEntry(); + } + } + } + } + + /** + * Write version to LDIF + * + * If the object's version is defined, this method allows to explicitely write the version before an entry is written. + * If not called explicitely, it gets called automatically when writing the first entry. + * + * @return void + */ + public function write_version() + { + $this->_version_written = true; + if (!is_null($this->version())) { + return $this->writeLine('version: '.$this->version().PHP_EOL, 'Net_LDAP2_LDIF error: unable to write version'); + } + } + + /** + * Get or set LDIF version + * + * If called without arguments it returns the version of the LDIF file or NULL if no version has been set. + * If called with an argument it sets the LDIF version to VERSION. + * According to RFC 2849 currently the only legal value for VERSION is 1. + * + * @param int $version (optional) LDIF version to set + * + * @return int + */ + public function version($version = null) + { + if ($version !== null) { + if ($version != 1) { + $this->dropError('Net_LDAP2_LDIF error: illegal LDIF version set'); + } else { + $this->_options['version'] = $version; + } + } + return $this->_options['version']; + } + + /** + * Returns the file handle the Net_LDAP2_LDIF object reads from or writes to. + * + * You can, for example, use this to fetch the content of the LDIF file yourself + * + * @return null|resource + */ + public function &handle() + { + if (!is_resource($this->_FH)) { + $this->dropError('Net_LDAP2_LDIF error: invalid file resource'); + $null = null; + return $null; + } else { + return $this->_FH; + } + } + + /** + * Clean up + * + * This method signals that the LDIF object is no longer needed. + * You can use this to free up some memory and close the file handle. + * The file handle is only closed, if it was opened from Net_LDAP2_LDIF. + * + * @return void + */ + public function done() + { + // close FH if we opened it + if ($this->_FH_opened) { + fclose($this->handle()); + } + + // free variables + foreach (get_object_vars($this) as $name => $value) { + unset($this->$name); + } + } + + /** + * Returns last error message if error was found. + * + * Example: + * + * $ldif->someAction(); + * if ($ldif->error()) { + * echo "Error: ".$ldif->error()." at input line: ".$ldif->error_lines(); + * } + * + * + * @param boolean $as_string If set to true, only the message is returned + * + * @return false|Net_LDAP2_Error + */ + public function error($as_string = false) + { + if (Net_LDAP2::isError($this->_error['error'])) { + return ($as_string)? $this->_error['error']->getMessage() : $this->_error['error']; + } else { + return false; + } + } + + /** + * Returns lines that resulted in error. + * + * Perl returns an array of faulty lines in list context, + * but we always just return an int because of PHPs language. + * + * @return int + */ + public function error_lines() + { + return $this->_error['line']; + } + + /** + * Returns the current Net::LDAP::Entry object. + * + * @return Net_LDAP2_Entry|false + */ + public function current_entry() + { + return $this->parseLines($this->current_lines()); + } + + /** + * Parse LDIF lines of one entry into an Net_LDAP2_Entry object + * + * @param array $lines LDIF lines for one entry + * + * @return Net_LDAP2_Entry|false Net_LDAP2_Entry object for those lines + * @todo what about file inclusions and urls? "jpegphoto:< file:///usr/local/directory/photos/fiona.jpg" + */ + public function parseLines($lines) + { + // parse lines into an array of attributes and build the entry + $attributes = array(); + $dn = false; + foreach ($lines as $line) { + if (preg_match('/^(\w+(;binary)?)(:|::|:<)\s(.+)$/', $line, $matches)) { + $attr =& $matches[1] . $matches[2]; + $delim =& $matches[3]; + $data =& $matches[4]; + + if ($delim == ':') { + // normal data + $attributes[$attr][] = $data; + } elseif ($delim == '::') { + // base64 data + $attributes[$attr][] = base64_decode($data); + } elseif ($delim == ':<') { + // file inclusion + // TODO: Is this the job of the LDAP-client or the server? + $this->dropError('File inclusions are currently not supported'); + //$attributes[$attr][] = ...; + } else { + // since the pattern above, the delimeter cannot be something else. + $this->dropError('Net_LDAP2_LDIF parsing error: invalid syntax at parsing entry line: '.$line); + continue; + } + + if (strtolower($attr) == 'dn') { + // DN line detected + $dn = $attributes[$attr][0]; // save possibly decoded DN + unset($attributes[$attr]); // remove wrongly added "dn: " attribute + } + } else { + // line not in "attr: value" format -> ignore + // maybe we should rise an error here, but this should be covered by + // next_lines() already. A problem arises, if users try to feed data of + // several entries to this method - the resulting entry will + // get wrong attributes. However, this is already mentioned in the + // methods documentation above. + } + } + + if (false === $dn) { + $this->dropError('Net_LDAP2_LDIF parsing error: unable to detect DN for entry'); + return false; + } else { + $newentry = Net_LDAP2_Entry::createFresh($dn, $attributes); + return $newentry; + } + } + + /** + * Returns the lines that generated the current Net::LDAP::Entry object. + * + * Note that this returns an empty array if no lines have been read so far. + * + * @return array Array of lines + */ + public function current_lines() + { + return $this->_lines_cur; + } + + /** + * Returns the lines that will generate the next Net::LDAP::Entry object. + * + * If you set $force to TRUE then you can iterate over the lines that build + * up entries manually. Otherwise, iterating is done using {@link read_entry()}. + * Force will move the file pointer forward, thus returning the next entries lines. + * + * Wrapped lines will be unwrapped. Comments are stripped. + * + * @param boolean $force Set this to true if you want to iterate over the lines manually + * + * @return array + */ + public function next_lines($force = false) + { + // if we already have those lines, just return them, otherwise read + if (count($this->_lines_next) == 0 || $force) { + $this->_lines_next = array(); // empty in case something was left (if used $force) + $entry_done = false; + $fh = &$this->handle(); + $commentmode = false; // if we are in an comment, for wrapping purposes + $datalines_read = 0; // how many lines with data we have read + + while (!$entry_done && !$this->eof()) { + $this->_input_line++; + // Read line. Remove line endings, we want only data; + // this is okay since ending spaces should be encoded + $data = rtrim(fgets($fh)); + if ($data === false) { + // error only, if EOF not reached after fgets() call + if (!$this->eof()) { + $this->dropError('Net_LDAP2_LDIF error: error reading from file at input line '.$this->_input_line, $this->_input_line); + } + break; + } else { + if (count($this->_lines_next) > 0 && preg_match('/^$/', $data)) { + // Entry is finished if we have an empty line after we had data + $entry_done = true; + + // Look ahead if the next EOF is nearby. Comments and empty + // lines at the file end may cause problems otherwise + $current_pos = ftell($fh); + $data = fgets($fh); + while (!feof($fh)) { + if (preg_match('/^\s*$/', $data) || preg_match('/^#/', $data)) { + // only empty lines or comments, continue to seek + // TODO: Known bug: Wrappings for comments are okay but are treaten as + // error, since we do not honor comment mode here. + // This should be a very theoretically case, however + // i am willing to fix this if really necessary. + $this->_input_line++; + $current_pos = ftell($fh); + $data = fgets($fh); + } else { + // Data found if non emtpy line and not a comment!! + // Rewind to position prior last read and stop lookahead + fseek($fh, $current_pos); + break; + } + } + // now we have either the file pointer at the beginning of + // a new data position or at the end of file causing feof() to return true + + } else { + // build lines + if (preg_match('/^version:\s(.+)$/', $data, $match)) { + // version statement, set version + $this->version($match[1]); + } elseif (preg_match('/^\w+(;binary)?::?\s.+$/', $data)) { + // normal attribute: add line + $commentmode = false; + $this->_lines_next[] = trim($data); + $datalines_read++; + } elseif (preg_match('/^\s(.+)$/', $data, $matches)) { + // wrapped data: unwrap if not in comment mode + // note that the \s above is some more liberal than + // the RFC requests as it also matches tabs etc. + if (!$commentmode) { + if ($datalines_read == 0) { + // first line of entry: wrapped data is illegal + $this->dropError('Net_LDAP2_LDIF error: illegal wrapping at input line '.$this->_input_line, $this->_input_line); + } else { + $last = array_pop($this->_lines_next); + $last = $last.$matches[1]; + $this->_lines_next[] = $last; + $datalines_read++; + } + } + } elseif (preg_match('/^#/', $data)) { + // LDIF comments + $commentmode = true; + } elseif (preg_match('/^\s*$/', $data)) { + // empty line but we had no data for this + // entry, so just ignore this line + $commentmode = false; + } else { + $this->dropError('Net_LDAP2_LDIF error: invalid syntax at input line '.$this->_input_line, $this->_input_line); + continue; + } + + } + } + } + } + return $this->_lines_next; + } + + /** + * Convert an attribute and value to LDIF string representation + * + * It honors correct encoding of values according to RFC 2849. + * Line wrapping will occur at the configured maximum but only if + * the value is greater than 40 chars. + * + * @param string $attr_name Name of the attribute + * @param string $attr_value Value of the attribute + * + * @access protected + * @return string LDIF string for that attribute and value + */ + protected function convertAttribute($attr_name, $attr_value) + { + // Handle empty attribute or process + if (strlen($attr_value) == 0) { + $attr_value = " "; + } else { + $base64 = false; + // ASCII-chars that are NOT safe for the + // start and for being inside the value. + // These are the int values of those chars. + $unsafe_init = array(0, 10, 13, 32, 58, 60); + $unsafe = array(0, 10, 13); + + // Test for illegal init char + $init_ord = ord(substr($attr_value, 0, 1)); + if ($init_ord > 127 || in_array($init_ord, $unsafe_init)) { + $base64 = true; + } + + // Test for illegal content char + for ($i = 0; $i < strlen($attr_value); $i++) { + $char_ord = ord(substr($attr_value, $i, 1)); + if ($char_ord > 127 || in_array($char_ord, $unsafe)) { + $base64 = true; + } + } + + // Test for ending space + if (substr($attr_value, -1) == ' ') { + $base64 = true; + } + + // If converting is needed, do it + // Either we have some special chars or a matching "raw" regex + if ($base64 || ($this->_options['raw'] && preg_match($this->_options['raw'], $attr_name))) { + $attr_name .= ':'; + $attr_value = base64_encode($attr_value); + } + + // Lowercase attr names if requested + if ($this->_options['lowercase']) $attr_name = strtolower($attr_name); + + // Handle line wrapping + if ($this->_options['wrap'] > 40 && strlen($attr_value) > $this->_options['wrap']) { + $attr_value = wordwrap($attr_value, $this->_options['wrap'], PHP_EOL." ", true); + } + } + + return $attr_name.': '.$attr_value; + } + + /** + * Convert an entries DN to LDIF string representation + * + * It honors correct encoding of values according to RFC 2849. + * + * @param string $dn UTF8-Encoded DN + * + * @access protected + * @return string LDIF string for that DN + * @todo I am not sure, if the UTF8 stuff is correctly handled right now + */ + protected function convertDN($dn) + { + $base64 = false; + // ASCII-chars that are NOT safe for the + // start and for being inside the dn. + // These are the int values of those chars. + $unsafe_init = array(0, 10, 13, 32, 58, 60); + $unsafe = array(0, 10, 13); + + // Test for illegal init char + $init_ord = ord(substr($dn, 0, 1)); + if ($init_ord >= 127 || in_array($init_ord, $unsafe_init)) { + $base64 = true; + } + + // Test for illegal content char + for ($i = 0; $i < strlen($dn); $i++) { + $char = substr($dn, $i, 1); + if (ord($char) >= 127 || in_array($init_ord, $unsafe)) { + $base64 = true; + } + } + + // Test for ending space + if (substr($dn, -1) == ' ') { + $base64 = true; + } + + // if converting is needed, do it + return ($base64)? 'dn:: '.base64_encode($dn) : 'dn: '.$dn; + } + + /** + * Writes an attribute to the filehandle + * + * @param string $attr_name Name of the attribute + * @param string|array $attr_values Single attribute value or array with attribute values + * + * @access protected + * @return void + */ + protected function writeAttribute($attr_name, $attr_values) + { + // write out attribute content + if (!is_array($attr_values)) { + $attr_values = array($attr_values); + } + foreach ($attr_values as $attr_val) { + $line = $this->convertAttribute($attr_name, $attr_val).PHP_EOL; + $this->writeLine($line, 'Net_LDAP2_LDIF error: unable to write attribute '.$attr_name.' of entry '.$this->_entrynum); + } + } + + /** + * Writes a DN to the filehandle + * + * @param string $dn DN to write + * + * @access protected + * @return void + */ + protected function writeDN($dn) + { + // prepare DN + if ($this->_options['encode'] == 'base64') { + $dn = $this->convertDN($dn).PHP_EOL; + } elseif ($this->_options['encode'] == 'canonical') { + $dn = Net_LDAP2_Util::canonical_dn($dn, array('casefold' => 'none')).PHP_EOL; + } else { + $dn = $dn.PHP_EOL; + } + $this->writeLine($dn, 'Net_LDAP2_LDIF error: unable to write DN of entry '.$this->_entrynum); + } + + /** + * Finishes an LDIF entry + * + * @access protected + * @return void + */ + protected function finishEntry() + { + $this->writeLine(PHP_EOL, 'Net_LDAP2_LDIF error: unable to close entry '.$this->_entrynum); + } + + /** + * Just write an arbitary line to the filehandle + * + * @param string $line Content to write + * @param string $error If error occurs, drop this message + * + * @access protected + * @return true|false + */ + protected function writeLine($line, $error = 'Net_LDAP2_LDIF error: unable to write to filehandle') + { + if (is_resource($this->handle()) && fwrite($this->handle(), $line, strlen($line)) === false) { + $this->dropError($error); + return false; + } else { + return true; + } + } + + /** + * Optionally raises an error and pushes the error on the error cache + * + * @param string $msg Errortext + * @param int $line Line in the LDIF that caused the error + * + * @access protected + * @return void + */ + protected function dropError($msg, $line = null) + { + $this->_error['error'] = new Net_LDAP2_Error($msg); + if ($line !== null) $this->_error['line'] = $line; + + if ($this->_options['onerror'] == 'die') { + die($msg.PHP_EOL); + } elseif ($this->_options['onerror'] == 'warn') { + echo $msg.PHP_EOL; + } + } +} +?> diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/RootDSE.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/RootDSE.php new file mode 100644 index 00000000..0693d956 --- /dev/null +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/RootDSE.php @@ -0,0 +1,240 @@ + +* @copyright 2009 Jan Wagner +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id$ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; + +/** +* Getting the rootDSE entry of a LDAP server +* +* @category Net +* @package Net_LDAP2 +* @author Jan Wagner +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +*/ +class Net_LDAP2_RootDSE extends PEAR +{ + /** + * @access protected + * @var object Net_LDAP2_Entry + **/ + protected $_entry; + + /** + * Class constructor + * + * @param Net_LDAP2_Entry &$entry Net_LDAP2_Entry object of the RootDSE + */ + public function __construct(&$entry) + { + $this->_entry = $entry; + } + + /** + * Fetches a RootDSE object from an LDAP connection + * + * @param Net_LDAP2 $ldap Directory from which the RootDSE should be fetched + * @param array $attrs Array of attributes to search for + * + * @access static + * @return Net_LDAP2_RootDSE|Net_LDAP2_Error + */ + public static function fetch($ldap, $attrs = null) + { + if (!$ldap instanceof Net_LDAP2) { + return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!"); + } + + if (is_array($attrs) && count($attrs) > 0 ) { + $attributes = $attrs; + } else { + $attributes = array('vendorName', + 'vendorVersion', + 'namingContexts', + 'altServer', + 'supportedExtension', + 'supportedControl', + 'supportedSASLMechanisms', + 'supportedLDAPVersion', + 'subschemaSubentry' ); + } + $result = $ldap->search('', '(objectClass=*)', array('attributes' => $attributes, 'scope' => 'base')); + if (self::isError($result)) { + return $result; + } + $entry = $result->shiftEntry(); + if (false === $entry) { + return PEAR::raiseError('Could not fetch RootDSE entry'); + } + $ret = new Net_LDAP2_RootDSE($entry); + return $ret; + } + + /** + * Gets the requested attribute value + * + * Same usuage as {@link Net_LDAP2_Entry::getValue()} + * + * @param string $attr Attribute name + * @param array $options Array of options + * + * @access public + * @return mixed Net_LDAP2_Error object or attribute values + * @see Net_LDAP2_Entry::get_value() + */ + public function getValue($attr = '', $options = '') + { + return $this->_entry->get_value($attr, $options); + } + + /** + * Alias function of getValue() for perl-ldap interface + * + * @see getValue() + * @return mixed + */ + public function get_value() + { + $args = func_get_args(); + return call_user_func_array(array( &$this, 'getValue' ), $args); + } + + /** + * Determines if the extension is supported + * + * @param array $oids Array of oids to check + * + * @access public + * @return boolean + */ + public function supportedExtension($oids) + { + return $this->checkAttr($oids, 'supportedExtension'); + } + + /** + * Alias function of supportedExtension() for perl-ldap interface + * + * @see supportedExtension() + * @return boolean + */ + public function supported_extension() + { + $args = func_get_args(); + return call_user_func_array(array( &$this, 'supportedExtension'), $args); + } + + /** + * Determines if the version is supported + * + * @param array $versions Versions to check + * + * @access public + * @return boolean + */ + public function supportedVersion($versions) + { + return $this->checkAttr($versions, 'supportedLDAPVersion'); + } + + /** + * Alias function of supportedVersion() for perl-ldap interface + * + * @see supportedVersion() + * @return boolean + */ + public function supported_version() + { + $args = func_get_args(); + return call_user_func_array(array(&$this, 'supportedVersion'), $args); + } + + /** + * Determines if the control is supported + * + * @param array $oids Control oids to check + * + * @access public + * @return boolean + */ + public function supportedControl($oids) + { + return $this->checkAttr($oids, 'supportedControl'); + } + + /** + * Alias function of supportedControl() for perl-ldap interface + * + * @see supportedControl() + * @return boolean + */ + public function supported_control() + { + $args = func_get_args(); + return call_user_func_array(array(&$this, 'supportedControl' ), $args); + } + + /** + * Determines if the sasl mechanism is supported + * + * @param array $mechlist SASL mechanisms to check + * + * @access public + * @return boolean + */ + public function supportedSASLMechanism($mechlist) + { + return $this->checkAttr($mechlist, 'supportedSASLMechanisms'); + } + + /** + * Alias function of supportedSASLMechanism() for perl-ldap interface + * + * @see supportedSASLMechanism() + * @return boolean + */ + public function supported_sasl_mechanism() + { + $args = func_get_args(); + return call_user_func_array(array(&$this, 'supportedSASLMechanism'), $args); + } + + /** + * Checks for existance of value in attribute + * + * @param array $values values to check + * @param string $attr attribute name + * + * @access protected + * @return boolean + */ + protected function checkAttr($values, $attr) + { + if (!is_array($values)) $values = array($values); + + foreach ($values as $value) { + if (!@in_array($value, $this->get_value($attr, 'all'))) { + return false; + } + } + return true; + } +} + +?> diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Schema.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Schema.php new file mode 100644 index 00000000..3b090d39 --- /dev/null +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Schema.php @@ -0,0 +1,622 @@ + +* @author Benedikt Hallinger +* @copyright 2009 Jan Wagner, Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id$ +* @link http://pear.php.net/package/Net_LDAP2/ +* @todo see the comment at the end of the file +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; + +/** +* Syntax definitions +* +* Please don't forget to add binary attributes to isBinary() below +* to support proper value fetching from Net_LDAP2_Entry +*/ +define('NET_LDAP2_SYNTAX_BOOLEAN', '1.3.6.1.4.1.1466.115.121.1.7'); +define('NET_LDAP2_SYNTAX_DIRECTORY_STRING', '1.3.6.1.4.1.1466.115.121.1.15'); +define('NET_LDAP2_SYNTAX_DISTINGUISHED_NAME', '1.3.6.1.4.1.1466.115.121.1.12'); +define('NET_LDAP2_SYNTAX_INTEGER', '1.3.6.1.4.1.1466.115.121.1.27'); +define('NET_LDAP2_SYNTAX_JPEG', '1.3.6.1.4.1.1466.115.121.1.28'); +define('NET_LDAP2_SYNTAX_NUMERIC_STRING', '1.3.6.1.4.1.1466.115.121.1.36'); +define('NET_LDAP2_SYNTAX_OID', '1.3.6.1.4.1.1466.115.121.1.38'); +define('NET_LDAP2_SYNTAX_OCTET_STRING', '1.3.6.1.4.1.1466.115.121.1.40'); + +/** +* Load an LDAP Schema and provide information +* +* This class takes a Subschema entry, parses this information +* and makes it available in an array. Most of the code has been +* inspired by perl-ldap( http://perl-ldap.sourceforge.net). +* You will find portions of their implementation in here. +* +* @category Net +* @package Net_LDAP2 +* @author Jan Wagner +* @author Benedikt Hallinger +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +*/ +class Net_LDAP2_Schema extends PEAR +{ + /** + * Map of entry types to ldap attributes of subschema entry + * + * @access public + * @var array + */ + public $types = array( + 'attribute' => 'attributeTypes', + 'ditcontentrule' => 'dITContentRules', + 'ditstructurerule' => 'dITStructureRules', + 'matchingrule' => 'matchingRules', + 'matchingruleuse' => 'matchingRuleUse', + 'nameform' => 'nameForms', + 'objectclass' => 'objectClasses', + 'syntax' => 'ldapSyntaxes' + ); + + /** + * Array of entries belonging to this type + * + * @access protected + * @var array + */ + protected $_attributeTypes = array(); + protected $_matchingRules = array(); + protected $_matchingRuleUse = array(); + protected $_ldapSyntaxes = array(); + protected $_objectClasses = array(); + protected $_dITContentRules = array(); + protected $_dITStructureRules = array(); + protected $_nameForms = array(); + + + /** + * hash of all fetched oids + * + * @access protected + * @var array + */ + protected $_oids = array(); + + /** + * Tells if the schema is initialized + * + * @access protected + * @var boolean + * @see parse(), get() + */ + protected $_initialized = false; + + + /** + * Constructor of the class + * + * @access protected + */ + public function __construct() + { + parent::__construct('Net_LDAP2_Error'); // default error class + } + + /** + * Fetch the Schema from an LDAP connection + * + * @param Net_LDAP2 $ldap LDAP connection + * @param string $dn (optional) Subschema entry dn + * + * @access public + * @return Net_LDAP2_Schema|NET_LDAP2_Error + */ + public static function fetch($ldap, $dn = null) + { + if (!$ldap instanceof Net_LDAP2) { + return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!"); + } + + $schema_o = new Net_LDAP2_Schema(); + + if (is_null($dn)) { + // get the subschema entry via root dse + $dse = $ldap->rootDSE(array('subschemaSubentry')); + if (false == Net_LDAP2::isError($dse)) { + $base = $dse->getValue('subschemaSubentry', 'single'); + if (!Net_LDAP2::isError($base)) { + $dn = $base; + } + } + } + + // Support for buggy LDAP servers (e.g. Siemens DirX 6.x) that incorrectly + // call this entry subSchemaSubentry instead of subschemaSubentry. + // Note the correct case/spelling as per RFC 2251. + if (is_null($dn)) { + // get the subschema entry via root dse + $dse = $ldap->rootDSE(array('subSchemaSubentry')); + if (false == Net_LDAP2::isError($dse)) { + $base = $dse->getValue('subSchemaSubentry', 'single'); + if (!Net_LDAP2::isError($base)) { + $dn = $base; + } + } + } + + // Final fallback case where there is no subschemaSubentry attribute + // in the root DSE (this is a bug for an LDAP v3 server so report this + // to your LDAP vendor if you get this far). + if (is_null($dn)) { + $dn = 'cn=Subschema'; + } + + // fetch the subschema entry + $result = $ldap->search($dn, '(objectClass=*)', + array('attributes' => array_values($schema_o->types), + 'scope' => 'base')); + if (Net_LDAP2::isError($result)) { + return PEAR::raiseError('Could not fetch Subschema entry: '.$result->getMessage()); + } + + $entry = $result->shiftEntry(); + if (!$entry instanceof Net_LDAP2_Entry) { + if ($entry instanceof Net_LDAP2_Error) { + return PEAR::raiseError('Could not fetch Subschema entry: '.$entry->getMessage()); + } else { + return PEAR::raiseError('Could not fetch Subschema entry (search returned '.$result->count().' entries. Check parameter \'basedn\')'); + } + } + + $schema_o->parse($entry); + return $schema_o; + } + + /** + * Return a hash of entries for the given type + * + * Returns a hash of entry for the givene type. Types may be: + * objectclasses, attributes, ditcontentrules, ditstructurerules, matchingrules, + * matchingruleuses, nameforms, syntaxes + * + * @param string $type Type to fetch + * + * @access public + * @return array|Net_LDAP2_Error Array or Net_LDAP2_Error + */ + public function &getAll($type) + { + $map = array('objectclasses' => &$this->_objectClasses, + 'attributes' => &$this->_attributeTypes, + 'ditcontentrules' => &$this->_dITContentRules, + 'ditstructurerules' => &$this->_dITStructureRules, + 'matchingrules' => &$this->_matchingRules, + 'matchingruleuses' => &$this->_matchingRuleUse, + 'nameforms' => &$this->_nameForms, + 'syntaxes' => &$this->_ldapSyntaxes ); + + $key = strtolower($type); + $ret = ((key_exists($key, $map)) ? $map[$key] : PEAR::raiseError("Unknown type $type")); + return $ret; + } + + /** + * Return a specific entry + * + * @param string $type Type of name + * @param string $name Name or OID to fetch + * + * @access public + * @return mixed Entry or Net_LDAP2_Error + */ + public function &get($type, $name) + { + if ($this->_initialized) { + $type = strtolower($type); + if (false == key_exists($type, $this->types)) { + return PEAR::raiseError("No such type $type"); + } + + $name = strtolower($name); + $type_var = &$this->{'_' . $this->types[$type]}; + + if (key_exists($name, $type_var)) { + return $type_var[$name]; + } elseif (key_exists($name, $this->_oids) && $this->_oids[$name]['type'] == $type) { + return $this->_oids[$name]; + } else { + return PEAR::raiseError("Could not find $type $name"); + } + } else { + $return = null; + return $return; + } + } + + + /** + * Fetches attributes that MAY be present in the given objectclass + * + * @param string $oc Name or OID of objectclass + * + * @access public + * @return array|Net_LDAP2_Error Array with attributes or Net_LDAP2_Error + */ + public function may($oc) + { + return $this->_getAttr($oc, 'may'); + } + + /** + * Fetches attributes that MUST be present in the given objectclass + * + * @param string $oc Name or OID of objectclass + * + * @access public + * @return array|Net_LDAP2_Error Array with attributes or Net_LDAP2_Error + */ + public function must($oc) + { + return $this->_getAttr($oc, 'must'); + } + + /** + * Fetches the given attribute from the given objectclass + * + * @param string $oc Name or OID of objectclass + * @param string $attr Name of attribute to fetch + * + * @access protected + * @return array|Net_LDAP2_Error The attribute or Net_LDAP2_Error + */ + protected function _getAttr($oc, $attr) + { + $oc = strtolower($oc); + if (key_exists($oc, $this->_objectClasses) && key_exists($attr, $this->_objectClasses[$oc])) { + return $this->_objectClasses[$oc][$attr]; + } elseif (key_exists($oc, $this->_oids) && + $this->_oids[$oc]['type'] == 'objectclass' && + key_exists($attr, $this->_oids[$oc])) { + return $this->_oids[$oc][$attr]; + } else { + return PEAR::raiseError("Could not find $attr attributes for $oc "); + } + } + + /** + * Returns the name(s) of the immediate superclass(es) + * + * @param string $oc Name or OID of objectclass + * + * @access public + * @return array|Net_LDAP2_Error Array of names or Net_LDAP2_Error + */ + public function superclass($oc) + { + $o = $this->get('objectclass', $oc); + if (Net_LDAP2::isError($o)) { + return $o; + } + return (key_exists('sup', $o) ? $o['sup'] : array()); + } + + /** + * Parses the schema of the given Subschema entry + * + * @param Net_LDAP2_Entry &$entry Subschema entry + * + * @access public + * @return void + */ + public function parse(&$entry) + { + foreach ($this->types as $type => $attr) { + // initialize map type to entry + $type_var = '_' . $attr; + $this->{$type_var} = array(); + + // get values for this type + if ($entry->exists($attr)) { + $values = $entry->getValue($attr); + if (is_array($values)) { + foreach ($values as $value) { + + unset($schema_entry); // this was a real mess without it + + // get the schema entry + $schema_entry = $this->_parse_entry($value); + + // set the type + $schema_entry['type'] = $type; + + // save a ref in $_oids + $this->_oids[$schema_entry['oid']] = &$schema_entry; + + // save refs for all names in type map + $names = $schema_entry['aliases']; + array_push($names, $schema_entry['name']); + foreach ($names as $name) { + $this->{$type_var}[strtolower($name)] = &$schema_entry; + } + } + } + } + } + $this->_initialized = true; + } + + /** + * Parses an attribute value into a schema entry + * + * @param string $value Attribute value + * + * @access protected + * @return array|false Schema entry array or false + */ + protected function &_parse_entry($value) + { + // tokens that have no value associated + $noValue = array('single-value', + 'obsolete', + 'collective', + 'no-user-modification', + 'abstract', + 'structural', + 'auxiliary'); + + // tokens that can have multiple values + $multiValue = array('must', 'may', 'sup'); + + $schema_entry = array('aliases' => array()); // initilization + + $tokens = $this->_tokenize($value); // get an array of tokens + + // remove surrounding brackets + if ($tokens[0] == '(') array_shift($tokens); + if ($tokens[count($tokens) - 1] == ')') array_pop($tokens); // -1 doesnt work on arrays :-( + + $schema_entry['oid'] = array_shift($tokens); // first token is the oid + + // cycle over the tokens until none are left + while (count($tokens) > 0) { + $token = strtolower(array_shift($tokens)); + if (in_array($token, $noValue)) { + $schema_entry[$token] = 1; // single value token + } else { + // this one follows a string or a list if it is multivalued + if (($schema_entry[$token] = array_shift($tokens)) == '(') { + // this creates the list of values and cycles through the tokens + // until the end of the list is reached ')' + $schema_entry[$token] = array(); + while ($tmp = array_shift($tokens)) { + if ($tmp == ')') break; + if ($tmp != '$') array_push($schema_entry[$token], $tmp); + } + } + // create a array if the value should be multivalued but was not + if (in_array($token, $multiValue) && !is_array($schema_entry[$token])) { + $schema_entry[$token] = array($schema_entry[$token]); + } + } + } + // get max length from syntax + if (key_exists('syntax', $schema_entry)) { + if (preg_match('/{(\d+)}/', $schema_entry['syntax'], $matches)) { + $schema_entry['max_length'] = $matches[1]; + } + } + // force a name + if (empty($schema_entry['name'])) { + $schema_entry['name'] = $schema_entry['oid']; + } + // make one name the default and put the other ones into aliases + if (is_array($schema_entry['name'])) { + $aliases = $schema_entry['name']; + $schema_entry['name'] = array_shift($aliases); + $schema_entry['aliases'] = $aliases; + } + return $schema_entry; + } + + /** + * Tokenizes the given value into an array of tokens + * + * @param string $value String to parse + * + * @access protected + * @return array Array of tokens + */ + protected function _tokenize($value) + { + $tokens = array(); // array of tokens + $matches = array(); // matches[0] full pattern match, [1,2,3] subpatterns + + // this one is taken from perl-ldap, modified for php + $pattern = "/\s* (?:([()]) | ([^'\s()]+) | '((?:[^']+|'[^\s)])*)') \s*/x"; + + /** + * This one matches one big pattern wherin only one of the three subpatterns matched + * We are interested in the subpatterns that matched. If it matched its value will be + * non-empty and so it is a token. Tokens may be round brackets, a string, or a string + * enclosed by ' + */ + preg_match_all($pattern, $value, $matches); + + for ($i = 0; $i < count($matches[0]); $i++) { // number of tokens (full pattern match) + for ($j = 1; $j < 4; $j++) { // each subpattern + if (null != trim($matches[$j][$i])) { // pattern match in this subpattern + $tokens[$i] = trim($matches[$j][$i]); // this is the token + } + } + } + return $tokens; + } + + /** + * Returns wether a attribute syntax is binary or not + * + * This method gets used by Net_LDAP2_Entry to decide which + * PHP function needs to be used to fetch the value in the + * proper format (e.g. binary or string) + * + * @param string $attribute The name of the attribute (eg.: 'sn') + * + * @access public + * @return boolean + */ + public function isBinary($attribute) + { + $return = false; // default to false + + // This list contains all syntax that should be treaten as + // containing binary values + // The Syntax Definitons go into constants at the top of this page + $syntax_binary = array( + NET_LDAP2_SYNTAX_OCTET_STRING, + NET_LDAP2_SYNTAX_JPEG + ); + + // Check Syntax + $attr_s = $this->get('attribute', $attribute); + if (Net_LDAP2::isError($attr_s)) { + // Attribute not found in schema + $return = false; // consider attr not binary + } elseif (isset($attr_s['syntax']) && in_array($attr_s['syntax'], $syntax_binary)) { + // Syntax is defined as binary in schema + $return = true; + } else { + // Syntax not defined as binary, or not found + // if attribute is a subtype, check superior attribute syntaxes + if (isset($attr_s['sup'])) { + foreach ($attr_s['sup'] as $superattr) { + $return = $this->isBinary($superattr); + if ($return) { + break; // stop checking parents since we are binary + } + } + } + } + + return $return; + } + + /** + * See if an schema element exists + * + * @param string $type Type of name, see get() + * @param string $name Name or OID + * + * @return boolean + */ + public function exists($type, $name) + { + $entry = $this->get($type, $name); + if ($entry instanceof Net_LDAP2_ERROR) { + return false; + } else { + return true; + } + } + + /** + * See if an attribute is defined in the schema + * + * @param string $attribute Name or OID of the attribute + * @return boolean + */ + public function attributeExists($attribute) + { + return $this->exists('attribute', $attribute); + } + + /** + * See if an objectClass is defined in the schema + * + * @param string $ocl Name or OID of the objectClass + * @return boolean + */ + public function objectClassExists($ocl) + { + return $this->exists('objectclass', $ocl); + } + + + /** + * See to which ObjectClasses an attribute is assigned + * + * The objectclasses are sorted into the keys 'may' and 'must'. + * + * @param string $attribute Name or OID of the attribute + * + * @return array|Net_LDAP2_Error Associative array with OCL names or Error + */ + public function getAssignedOCLs($attribute) + { + $may = array(); + $must = array(); + + // Test if the attribute type is defined in the schema, + // if so, retrieve real name for lookups + $attr_entry = $this->get('attribute', $attribute); + if ($attr_entry instanceof Net_LDAP2_ERROR) { + return PEAR::raiseError("Attribute $attribute not defined in schema: ".$attr_entry->getMessage()); + } else { + $attribute = $attr_entry['name']; + } + + + // We need to get all defined OCLs for this. + $ocls = $this->getAll('objectclasses'); + foreach ($ocls as $ocl => $ocl_data) { + // Fetch the may and must attrs and see if our searched attr is contained. + // If so, record it in the corresponding array. + $ocl_may_attrs = $this->may($ocl); + $ocl_must_attrs = $this->must($ocl); + if (is_array($ocl_may_attrs) && in_array($attribute, $ocl_may_attrs)) { + array_push($may, $ocl_data['name']); + } + if (is_array($ocl_must_attrs) && in_array($attribute, $ocl_must_attrs)) { + array_push($must, $ocl_data['name']); + } + } + + return array('may' => $may, 'must' => $must); + } + + /** + * See if an attribute is available in a set of objectClasses + * + * @param string $attribute Attribute name or OID + * @param array $ocls Names of OCLs to check for + * + * @return boolean TRUE, if the attribute is defined for at least one of the OCLs + */ + public function checkAttribute($attribute, $ocls) + { + foreach ($ocls as $ocl) { + $ocl_entry = $this->get('objectclass', $ocl); + $ocl_may_attrs = $this->may($ocl); + $ocl_must_attrs = $this->must($ocl); + if (is_array($ocl_may_attrs) && in_array($attribute, $ocl_may_attrs)) { + return true; + } + if (is_array($ocl_must_attrs) && in_array($attribute, $ocl_must_attrs)) { + return true; + } + } + return false; // no ocl for the ocls found. + } +} +?> \ No newline at end of file diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/SchemaCache.interface.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/SchemaCache.interface.php new file mode 100644 index 00000000..b5f9ea44 --- /dev/null +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/SchemaCache.interface.php @@ -0,0 +1,59 @@ + +* @copyright 2009 Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id$ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Interface describing a custom schema cache object +* +* To implement a custom schema cache, one must implement this interface and +* pass the instanciated object to Net_LDAP2s registerSchemaCache() method. +*/ +interface Net_LDAP2_SchemaCache +{ + /** + * Return the schema object from the cache + * + * Net_LDAP2 will consider anything returned invalid, except + * a valid Net_LDAP2_Schema object. + * In case you return a Net_LDAP2_Error, this error will be routed + * to the return of the $ldap->schema() call. + * If you return something else, Net_LDAP2 will + * fetch a fresh Schema object from the LDAP server. + * + * You may want to implement a cache aging mechanism here too. + * + * @return Net_LDAP2_Schema|Net_LDAP2_Error|false + */ + public function loadSchema(); + + /** + * Store a schema object in the cache + * + * This method will be called, if Net_LDAP2 has fetched a fresh + * schema object from LDAP and wants to init or refresh the cache. + * + * In case of errors you may return a Net_LDAP2_Error which will + * be routet to the client. + * Note that doing this prevents, that the schema object fetched from LDAP + * will be given back to the client, so only return errors if storing + * of the cache is something crucial (e.g. for doing something else with it). + * Normaly you dont want to give back errors in which case Net_LDAP2 needs to + * fetch the schema once per script run and instead use the error + * returned from loadSchema(). + * + * @return true|Net_LDAP2_Error + */ + public function storeSchema($schema); +} diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Search.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Search.php new file mode 100644 index 00000000..f91681b7 --- /dev/null +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Search.php @@ -0,0 +1,631 @@ + +* @author Benedikt Hallinger +* @copyright 2009 Tarjej Huse, Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id$ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; + +/** +* Result set of an LDAP search +* +* @category Net +* @package Net_LDAP2 +* @author Tarjej Huse +* @author Benedikt Hallinger +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +*/ +class Net_LDAP2_Search extends PEAR implements Iterator +{ + /** + * Search result identifier + * + * @access protected + * @var resource + */ + protected $_search; + + /** + * LDAP resource link + * + * @access protected + * @var resource + */ + protected $_link; + + /** + * Net_LDAP2 object + * + * A reference of the Net_LDAP2 object for passing to Net_LDAP2_Entry + * + * @access protected + * @var object Net_LDAP2 + */ + protected $_ldap; + + /** + * Result entry identifier + * + * @access protected + * @var resource + */ + protected $_entry = null; + + /** + * The errorcode the search got + * + * Some errorcodes might be of interest, but might not be best handled as errors. + * examples: 4 - LDAP_SIZELIMIT_EXCEEDED - indicates a huge search. + * Incomplete results are returned. If you just want to check if there's anything in the search. + * than this is a point to handle. + * 32 - no such object - search here returns a count of 0. + * + * @access protected + * @var int + */ + protected $_errorCode = 0; // if not set - sucess! + + /** + * Cache for all entries already fetched from iterator interface + * + * @access protected + * @var array + */ + protected $_iteratorCache = array(); + + /** + * What attributes we searched for + * + * The $attributes array contains the names of the searched attributes and gets + * passed from $Net_LDAP2->search() so the Net_LDAP2_Search object can tell + * what attributes was searched for ({@link searchedAttrs()) + * + * This variable gets set from the constructor and returned + * from {@link searchedAttrs()} + * + * @access protected + * @var array + */ + protected $_searchedAttrs = array(); + + /** + * Cache variable for storing entries fetched internally + * + * This currently is not used by all functions and need consolidation. + * + * @access protected + * @var array + */ + protected $_entry_cache = false; + + /** + * Cache variable for count() + * + * @see count() + * @access protected + * @var int + */ + protected $_count_cache = null; + + /** + * Constructor + * + * @param resource $search Search result identifier + * @param Net_LDAP2|resource $ldap Net_LDAP2 object or just a LDAP-Link resource + * @param array $attributes (optional) Array with searched attribute names. (see {@link $_searchedAttrs}) + * + * @access public + */ + public function __construct($search, $ldap, $attributes = array()) + { + parent::__construct('Net_LDAP2_Error'); + + $this->setSearch($search); + + if ($ldap instanceof Net_LDAP2) { + $this->_ldap = $ldap; + $this->setLink($this->_ldap->getLink()); + } else { + $this->setLink($ldap); + } + + $this->_errorCode = @ldap_errno($this->_link); + + if (is_array($attributes) && !empty($attributes)) { + $this->_searchedAttrs = $attributes; + } + } + + /** + * Returns an array of entry objects. + * + * @return array Array of entry objects. + */ + public function entries() + { + $entries = array(); + + if (false === $this->_entry_cache) { + // cache is empty: fetch from LDAP + while ($entry = $this->shiftEntry()) { + $entries[] = $entry; + } + $this->_entry_cache = $entries; // store result in cache + } + + return $this->_entry_cache; + } + + /** + * Get the next entry in the searchresult from LDAP server. + * + * This will return a valid Net_LDAP2_Entry object or false, so + * you can use this method to easily iterate over the entries inside + * a while loop. + * + * @return Net_LDAP2_Entry|false Reference to Net_LDAP2_Entry object or false + */ + public function shiftEntry() + { + if (is_null($this->_entry)) { + if(!$this->_entry = @ldap_first_entry($this->_link, $this->_search)) { + $false = false; + return $false; + } + $entry = Net_LDAP2_Entry::createConnected($this->_ldap, $this->_entry); + if ($entry instanceof PEAR_Error) $entry = false; + } else { + if (!$this->_entry = @ldap_next_entry($this->_link, $this->_entry)) { + $false = false; + return $false; + } + $entry = Net_LDAP2_Entry::createConnected($this->_ldap, $this->_entry); + if ($entry instanceof PEAR_Error) $entry = false; + } + return $entry; + } + + /** + * Alias function of shiftEntry() for perl-ldap interface + * + * @see shiftEntry() + * @return Net_LDAP2_Entry|false + */ + public function shift_entry() + { + $args = func_get_args(); + return call_user_func_array(array( $this, 'shiftEntry' ), $args); + } + + /** + * Retrieve the next entry in the searchresult, but starting from last entry + * + * This is the opposite to {@link shiftEntry()} and is also very useful + * to be used inside a while loop. + * + * @return Net_LDAP2_Entry|false + */ + public function popEntry() + { + if (false === $this->_entry_cache) { + // fetch entries into cache if not done so far + $this->_entry_cache = $this->entries(); + } + + $return = array_pop($this->_entry_cache); + return (null === $return)? false : $return; + } + + /** + * Alias function of popEntry() for perl-ldap interface + * + * @see popEntry() + * @return Net_LDAP2_Entry|false + */ + public function pop_entry() + { + $args = func_get_args(); + return call_user_func_array(array( $this, 'popEntry' ), $args); + } + + /** + * Return entries sorted as array + * + * This returns a array with sorted entries and the values. + * Sorting is done with PHPs {@link array_multisort()}. + * This method relies on {@link as_struct()} to fetch the raw data of the entries. + * + * Please note that attribute names are case sensitive! + * + * Usage example: + * + * // to sort entries first by location, then by surename, but descending: + * $entries = $search->sorted_as_struct(array('locality','sn'), SORT_DESC); + * + * + * @param array $attrs Array of attribute names to sort; order from left to right. + * @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC + * + * @return array|Net_LDAP2_Error Array with sorted entries or error + * @todo what about server side sorting as specified in http://www.ietf.org/rfc/rfc2891.txt? + */ + public function sorted_as_struct($attrs = array('cn'), $order = SORT_ASC) + { + /* + * Old Code, suitable and fast for single valued sorting + * This code should be used if we know that single valued sorting is desired, + * but we need some method to get that knowledge... + */ + /* + $attrs = array_reverse($attrs); + foreach ($attrs as $attribute) { + if (!ldap_sort($this->_link, $this->_search, $attribute)){ + $this->raiseError("Sorting failed for Attribute " . $attribute); + } + } + + $results = ldap_get_entries($this->_link, $this->_search); + + unset($results['count']); //for tidier output + if ($order) { + return array_reverse($results); + } else { + return $results; + }*/ + + /* + * New code: complete "client side" sorting + */ + // first some parameterchecks + if (!is_array($attrs)) { + return PEAR::raiseError("Sorting failed: Parameterlist must be an array!"); + } + if ($order != SORT_ASC && $order != SORT_DESC) { + return PEAR::raiseError("Sorting failed: sorting direction not understood! (neither constant SORT_ASC nor SORT_DESC)"); + } + + // fetch the entries data + $entries = $this->as_struct(); + + // now sort each entries attribute values + // this is neccessary because later we can only sort by one value, + // so we need the highest or lowest attribute now, depending on the + // selected ordering for that specific attribute + foreach ($entries as $dn => $entry) { + foreach ($entry as $attr_name => $attr_values) { + sort($entries[$dn][$attr_name]); + if ($order == SORT_DESC) { + array_reverse($entries[$dn][$attr_name]); + } + } + } + + // reformat entrys array for later use with array_multisort() + $to_sort = array(); // <- will be a numeric array similar to ldap_get_entries + foreach ($entries as $dn => $entry_attr) { + $row = array(); + $row['dn'] = $dn; + foreach ($entry_attr as $attr_name => $attr_values) { + $row[$attr_name] = $attr_values; + } + $to_sort[] = $row; + } + + // Build columns for array_multisort() + // each requested attribute is one row + $columns = array(); + foreach ($attrs as $attr_name) { + foreach ($to_sort as $key => $row) { + $columns[$attr_name][$key] =& $to_sort[$key][$attr_name][0]; + } + } + + // sort the colums with array_multisort, if there is something + // to sort and if we have requested sort columns + if (!empty($to_sort) && !empty($columns)) { + $sort_params = ''; + foreach ($attrs as $attr_name) { + $sort_params .= '$columns[\''.$attr_name.'\'], '.$order.', '; + } + eval("array_multisort($sort_params \$to_sort);"); // perform sorting + } + + return $to_sort; + } + + /** + * Return entries sorted as objects + * + * This returns a array with sorted Net_LDAP2_Entry objects. + * The sorting is actually done with {@link sorted_as_struct()}. + * + * Please note that attribute names are case sensitive! + * Also note, that it is (depending on server capabilitys) possible to let + * the server sort your results. This happens through search controls + * and is described in detail at {@link http://www.ietf.org/rfc/rfc2891.txt} + * + * Usage example: + * + * // to sort entries first by location, then by surename, but descending: + * $entries = $search->sorted(array('locality','sn'), SORT_DESC); + * + * + * @param array $attrs Array of sort attributes to sort; order from left to right. + * @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC + * + * @return array|Net_LDAP2_Error Array with sorted Net_LDAP2_Entries or error + * @todo Entry object construction could be faster. Maybe we could use one of the factorys instead of fetching the entry again + */ + public function sorted($attrs = array('cn'), $order = SORT_ASC) + { + $return = array(); + $sorted = $this->sorted_as_struct($attrs, $order); + if (PEAR::isError($sorted)) { + return $sorted; + } + foreach ($sorted as $key => $row) { + $entry = $this->_ldap->getEntry($row['dn'], $this->searchedAttrs()); + if (!PEAR::isError($entry)) { + array_push($return, $entry); + } else { + return $entry; + } + } + return $return; + } + + /** + * Return entries as array + * + * This method returns the entries and the selected attributes values as + * array. + * The first array level contains all found entries where the keys are the + * DNs of the entries. The second level arrays contian the entries attributes + * such that the keys is the lowercased name of the attribute and the values + * are stored in another indexed array. Note that the attribute values are stored + * in an array even if there is no or just one value. + * + * The array has the following structure: + * + * $return = array( + * 'cn=foo,dc=example,dc=com' => array( + * 'sn' => array('foo'), + * 'multival' => array('val1', 'val2', 'valN') + * ) + * 'cn=bar,dc=example,dc=com' => array( + * 'sn' => array('bar'), + * 'multival' => array('val1', 'valN') + * ) + * ) + * + * + * @return array associative result array as described above + */ + public function as_struct() + { + $return = array(); + $entries = $this->entries(); + foreach ($entries as $entry) { + $attrs = array(); + $entry_attributes = $entry->attributes(); + foreach ($entry_attributes as $attr_name) { + $attr_values = $entry->getValue($attr_name, 'all'); + if (!is_array($attr_values)) { + $attr_values = array($attr_values); + } + $attrs[$attr_name] = $attr_values; + } + $return[$entry->dn()] = $attrs; + } + return $return; + } + + /** + * Set the search objects resource link + * + * @param resource $search Search result identifier + * + * @access public + * @return void + */ + public function setSearch($search) + { + $this->_search = $search; + } + + /** + * Set the ldap ressource link + * + * @param resource $link Link identifier + * + * @access public + * @return void + */ + public function setLink($link) + { + $this->_link = $link; + } + + /** + * Returns the number of entries in the searchresult + * + * @return int Number of entries in search. + */ + public function count() + { + // this catches the situation where OL returned errno 32 = no such object! + if (!$this->_search) { + return 0; + } + // ldap_count_entries is slow (see pear bug #18752) with large results, + // so we cache the result internally. + if ($this->_count_cache === null) { + $this->_count_cache = @ldap_count_entries($this->_link, $this->_search); + } + + return $this->_count_cache; + } + + /** + * Get the errorcode the object got in its search. + * + * @return int The ldap error number. + */ + public function getErrorCode() + { + return $this->_errorCode; + } + + /** + * Destructor + * + * @access protected + */ + public function _Net_LDAP2_Search() + { + @ldap_free_result($this->_search); + } + + /** + * Closes search result + * + * @return void + */ + public function done() + { + $this->_Net_LDAP2_Search(); + } + + /** + * Return the attribute names this search selected + * + * @return array + * @see $_searchedAttrs + * @access protected + */ + protected function searchedAttrs() + { + return $this->_searchedAttrs; + } + + /** + * Tells if this search exceeds a sizelimit + * + * @return boolean + */ + public function sizeLimitExceeded() + { + return ($this->getErrorCode() == 4); + } + + + /* + * SPL Iterator interface methods. + * This interface allows to use Net_LDAP2_Search + * objects directly inside a foreach loop! + */ + /** + * SPL Iterator interface: Return the current element. + * + * The SPL Iterator interface allows you to fetch entries inside + * a foreach() loop: foreach ($search as $dn => $entry) { ... + * + * Of course, you may call {@link current()}, {@link key()}, {@link next()}, + * {@link rewind()} and {@link valid()} yourself. + * + * If the search throwed an error, it returns false. + * False is also returned, if the end is reached + * In case no call to next() was made, we will issue one, + * thus returning the first entry. + * + * @return Net_LDAP2_Entry|false + */ + public function current() + { + if (count($this->_iteratorCache) == 0) { + $this->next(); + reset($this->_iteratorCache); + } + $entry = current($this->_iteratorCache); + return ($entry instanceof Net_LDAP2_Entry)? $entry : false; + } + + /** + * SPL Iterator interface: Return the identifying key (DN) of the current entry. + * + * @see current() + * @return string|false DN of the current entry; false in case no entry is returned by current() + */ + public function key() + { + $entry = $this->current(); + return ($entry instanceof Net_LDAP2_Entry)? $entry->dn() :false; + } + + /** + * SPL Iterator interface: Move forward to next entry. + * + * After a call to {@link next()}, {@link current()} will return + * the next entry in the result set. + * + * @see current() + * @return void + */ + public function next() + { + // fetch next entry. + // if we have no entrys anymore, we add false (which is + // returned by shiftEntry()) so current() will complain. + if (count($this->_iteratorCache) - 1 <= $this->count()) { + $this->_iteratorCache[] = $this->shiftEntry(); + } + + // move on array pointer to current element. + // even if we have added all entries, this will + // ensure proper operation in case we rewind() + next($this->_iteratorCache); + } + + /** + * SPL Iterator interface: Check if there is a current element after calls to {@link rewind()} or {@link next()}. + * + * Used to check if we've iterated to the end of the collection. + * + * @see current() + * @return boolean FALSE if there's nothing more to iterate over + */ + public function valid() + { + return ($this->current() instanceof Net_LDAP2_Entry); + } + + /** + * SPL Iterator interface: Rewind the Iterator to the first element. + * + * After rewinding, {@link current()} will return the first entry in the result set. + * + * @see current() + * @return void + */ + public function rewind() + { + reset($this->_iteratorCache); + } +} + +?> diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/SimpleFileSchemaCache.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/SimpleFileSchemaCache.php new file mode 100644 index 00000000..e4eae153 --- /dev/null +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/SimpleFileSchemaCache.php @@ -0,0 +1,97 @@ + +* @copyright 2009 Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id$ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* A simple file based schema cacher with cache aging. +* +* Once the cache is too old, the loadSchema() method will return false, so +* Net_LDAP2 will fetch a fresh object from the LDAP server that will +* overwrite the current (outdated) old cache. +*/ +class Net_LDAP2_SimpleFileSchemaCache implements Net_LDAP2_SchemaCache +{ + /** + * Internal config of this cache + * + * @see Net_LDAP2_SimpleFileSchemaCache() + * @var array + */ + protected $config = array( + 'path' => '/tmp/Net_LDAP_Schema.cache', + 'max_age' => 1200 + ); + + /** + * Initialize the simple cache + * + * Config is as following: + * path Complete path to the cache file. + * max_age Maximum age of cache in seconds, 0 means "endlessly". + * + * @param array $cfg Config array + */ + public function __construct($cfg) + { + foreach ($cfg as $key => $value) { + if (array_key_exists($key, $this->config)) { + if (gettype($this->config[$key]) != gettype($value)) { + $this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key does not match type ".gettype($this->config[$key])."!"); + } + $this->config[$key] = $value; + } else { + $this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key is not defined!"); + } + } + } + + /** + * Return the schema object from the cache + * + * If file is existent and cache has not expired yet, + * then the cache is deserialized and returned. + * + * @return Net_LDAP2_Schema|Net_LDAP2_Error|false + */ + public function loadSchema() + { + $return = false; // Net_LDAP2 will load schema from LDAP + if (file_exists($this->config['path'])) { + $cache_maxage = filemtime($this->config['path']) + $this->config['max_age']; + if (time() <= $cache_maxage || $this->config['max_age'] == 0) { + $return = unserialize(file_get_contents($this->config['path'])); + } + } + return $return; + } + + /** + * Store a schema object in the cache + * + * This method will be called, if Net_LDAP2 has fetched a fresh + * schema object from LDAP and wants to init or refresh the cache. + * + * To invalidate the cache and cause Net_LDAP2 to refresh the cache, + * you can call this method with null or false as value. + * The next call to $ldap->schema() will then refresh the caches object. + * + * @param mixed $schema The object that should be cached + * @return true|Net_LDAP2_Error|false + */ + public function storeSchema($schema) { + file_put_contents($this->config['path'], serialize($schema)); + return true; + } +} diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Util.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Util.php new file mode 100644 index 00000000..87525e63 --- /dev/null +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Util.php @@ -0,0 +1,620 @@ + +* @copyright 2009 Benedikt Hallinger +* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3 +* @version SVN: $Id$ +* @link http://pear.php.net/package/Net_LDAP2/ +*/ + +/** +* Includes +*/ +require_once 'PEAR.php'; + +/** +* Utility Class for Net_LDAP2 +* +* This class servers some functionality to the other classes of Net_LDAP2 but most of +* the methods can be used separately as well. +* +* @category Net +* @package Net_LDAP2 +* @author Benedikt Hallinger +* @license http://www.gnu.org/copyleft/lesser.html LGPL +* @link http://pear.php.net/package/Net_LDAP22/ +*/ +class Net_LDAP2_Util extends PEAR +{ + /** + * Constructor + * + * @access public + */ + public function __construct() + { + // We do nothing here, since all methods can be called statically. + // In Net_LDAP <= 0.7, we needed a instance of Util, because + // it was possible to do utf8 encoding and decoding, but this + // has been moved to the LDAP class. The constructor remains only + // here to document the downward compatibility of creating an instance. + } + + /** + * Explodes the given DN into its elements + * + * {@link http://www.ietf.org/rfc/rfc2253.txt RFC 2253} says, a Distinguished Name is a sequence + * of Relative Distinguished Names (RDNs), which themselves + * are sets of Attributes. For each RDN a array is constructed where the RDN part is stored. + * + * For example, the DN 'OU=Sales+CN=J. Smith,DC=example,DC=net' is exploded to: + * array( [0] => array([0] => 'OU=Sales', [1] => 'CN=J. Smith'), [2] => 'DC=example', [3] => 'DC=net' ) + * + * [NOT IMPLEMENTED] DNs might also contain values, which are the bytes of the BER encoding of + * the X.500 AttributeValue rather than some LDAP string syntax. These values are hex-encoded + * and prefixed with a #. To distinguish such BER values, ldap_explode_dn uses references to + * the actual values, e.g. '1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com' is exploded to: + * [ { '1.3.6.1.4.1.1466.0' => "\004\002Hi" }, { 'DC' => 'example' }, { 'DC' => 'com' } ]; + * See {@link http://www.vijaymukhi.com/vmis/berldap.htm} for more information on BER. + * + * It also performs the following operations on the given DN: + * - Unescape "\" followed by ",", "+", """, "\", "<", ">", ";", "#", "=", " ", or a hexpair + * and strings beginning with "#". + * - Removes the leading 'OID.' characters if the type is an OID instead of a name. + * - If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order. + * + * OPTIONS is a list of name/value pairs, valid options are: + * casefold Controls case folding of attribute types names. + * Attribute values are not affected by this option. + * The default is to uppercase. Valid values are: + * lower Lowercase attribute types names. + * upper Uppercase attribute type names. This is the default. + * none Do not change attribute type names. + * reverse If TRUE, the RDN sequence is reversed. + * onlyvalues If TRUE, then only attributes values are returned ('foo' instead of 'cn=foo') + * + + * @param string $dn The DN that should be exploded + * @param array $options Options to use + * + * @static + * @return array Parts of the exploded DN + * @todo implement BER + */ + public static function ldap_explode_dn($dn, $options = array('casefold' => 'upper')) + { + if (!isset($options['onlyvalues'])) $options['onlyvalues'] = false; + if (!isset($options['reverse'])) $options['reverse'] = false; + if (!isset($options['casefold'])) $options['casefold'] = 'upper'; + + // Escaping of DN and stripping of "OID." + $dn = self::canonical_dn($dn, array('casefold' => $options['casefold'])); + + // splitting the DN + $dn_array = preg_split('/(?<=[^\\\\]),/', $dn); + + // clear wrong splitting (possibly we have split too much) + // /!\ Not clear, if this is neccessary here + //$dn_array = self::correct_dn_splitting($dn_array, ','); + + // construct subarrays for multivalued RDNs and unescape DN value + // also convert to output format and apply casefolding + foreach ($dn_array as $key => $value) { + $value_u = self::unescape_dn_value($value); + $rdns = self::split_rdn_multival($value_u[0]); + if (count($rdns) > 1) { + // MV RDN! + foreach ($rdns as $subrdn_k => $subrdn_v) { + // Casefolding + if ($options['casefold'] == 'upper') { + $subrdn_v = preg_replace_callback( + "/^\w+=/", + function ($matches) { + return strtoupper($matches[0]); + }, + $subrdn_v + ); + } else if ($options['casefold'] == 'lower') { + $subrdn_v = preg_replace_callback( + "/^\w+=/", + function ($matches) { + return strtolower($matches[0]); + }, + $subrdn_v + ); + } + + if ($options['onlyvalues']) { + preg_match('/(.+?)(?", ";", "#", "=" with a special meaning in RFC 2252 + * are preceeded by ba backslash. Control characters with an ASCII code < 32 are represented as \hexpair. + * Finally all leading and trailing spaces are converted to sequences of \20. + * + * @param array $values An array containing the DN values that should be escaped + * + * @static + * @return array The array $values, but escaped + */ + public static function escape_dn_value($values = array()) + { + // Parameter validation + if (!is_array($values)) { + $values = array($values); + } + + foreach ($values as $key => $val) { + // Escaping of filter meta characters + $val = str_replace('\\', '\\\\', $val); + $val = str_replace(',', '\,', $val); + $val = str_replace('+', '\+', $val); + $val = str_replace('"', '\"', $val); + $val = str_replace('<', '\<', $val); + $val = str_replace('>', '\>', $val); + $val = str_replace(';', '\;', $val); + $val = str_replace('#', '\#', $val); + $val = str_replace('=', '\=', $val); + + // ASCII < 32 escaping + $val = self::asc2hex32($val); + + // Convert all leading and trailing spaces to sequences of \20. + if (preg_match('/^(\s*)(.+?)(\s*)$/', $val, $matches)) { + $val = $matches[2]; + for ($i = 0; $i < strlen($matches[1]); $i++) { + $val = '\20'.$val; + } + for ($i = 0; $i < strlen($matches[3]); $i++) { + $val = $val.'\20'; + } + } + + if (null === $val) $val = '\0'; // apply escaped "null" if string is empty + + $values[$key] = $val; + } + + return $values; + } + + /** + * Undoes the conversion done by escape_dn_value(). + * + * Any escape sequence starting with a baskslash - hexpair or special character - + * will be transformed back to the corresponding character. + * + * @param array $values Array of DN Values + * + * @return array Same as $values, but unescaped + * @static + */ + public static function unescape_dn_value($values = array()) + { + // Parameter validation + if (!is_array($values)) { + $values = array($values); + } + + foreach ($values as $key => $val) { + // strip slashes from special chars + $val = str_replace('\\\\', '\\', $val); + $val = str_replace('\,', ',', $val); + $val = str_replace('\+', '+', $val); + $val = str_replace('\"', '"', $val); + $val = str_replace('\<', '<', $val); + $val = str_replace('\>', '>', $val); + $val = str_replace('\;', ';', $val); + $val = str_replace('\#', '#', $val); + $val = str_replace('\=', '=', $val); + + // Translate hex code into ascii + $values[$key] = self::hex2asc($val); + } + + return $values; + } + + /** + * Returns the given DN in a canonical form + * + * Returns false if DN is not a valid Distinguished Name. + * DN can either be a string or an array + * as returned by ldap_explode_dn, which is useful when constructing a DN. + * The DN array may have be indexed (each array value is a OCL=VALUE pair) + * or associative (array key is OCL and value is VALUE). + * + * It performs the following operations on the given DN: + * - Removes the leading 'OID.' characters if the type is an OID instead of a name. + * - Escapes all RFC 2253 special characters (",", "+", """, "\", "<", ">", ";", "#", "="), slashes ("/"), and any other character where the ASCII code is < 32 as \hexpair. + * - Converts all leading and trailing spaces in values to be \20. + * - If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order. + * + * OPTIONS is a list of name/value pairs, valid options are: + * casefold Controls case folding of attribute type names. + * Attribute values are not affected by this option. The default is to uppercase. + * Valid values are: + * lower Lowercase attribute type names. + * upper Uppercase attribute type names. This is the default. + * none Do not change attribute type names. + * [NOT IMPLEMENTED] mbcescape If TRUE, characters that are encoded as a multi-octet UTF-8 sequence will be escaped as \(hexpair){2,*}. + * reverse If TRUE, the RDN sequence is reversed. + * separator Separator to use between RDNs. Defaults to comma (','). + * + * Note: The empty string "" is a valid DN, so be sure not to do a "$can_dn == false" test, + * because an empty string evaluates to false. Use the "===" operator instead. + * + * @param array|string $dn The DN + * @param array $options Options to use + * + * @static + * @return false|string The canonical DN or FALSE + * @todo implement option mbcescape + */ + public static function canonical_dn($dn, $options = array('casefold' => 'upper', 'separator' => ',')) + { + if ($dn === '') return $dn; // empty DN is valid! + + // options check + if (!isset($options['reverse'])) { + $options['reverse'] = false; + } else { + $options['reverse'] = true; + } + if (!isset($options['casefold'])) $options['casefold'] = 'upper'; + if (!isset($options['separator'])) $options['separator'] = ','; + + + if (!is_array($dn)) { + // It is not clear to me if the perl implementation splits by the user defined + // separator or if it just uses this separator to construct the new DN + $dn = preg_split('/(?<=[^\\\\])'.$options['separator'].'/', $dn); + + // clear wrong splitting (possibly we have split too much) + $dn = self::correct_dn_splitting($dn, $options['separator']); + } else { + // Is array, check, if the array is indexed or associative + $assoc = false; + foreach ($dn as $dn_key => $dn_part) { + if (!is_int($dn_key)) { + $assoc = true; + } + } + // convert to indexed, if associative array detected + if ($assoc) { + $newdn = array(); + foreach ($dn as $dn_key => $dn_part) { + if (is_array($dn_part)) { + ksort($dn_part, SORT_STRING); // we assume here, that the rdn parts are also associative + $newdn[] = $dn_part; // copy array as-is, so we can resolve it later + } else { + $newdn[] = $dn_key.'='.$dn_part; + } + } + $dn =& $newdn; + } + } + + // Escaping and casefolding + foreach ($dn as $pos => $dnval) { + if (is_array($dnval)) { + // subarray detected, this means very surely, that we had + // a multivalued dn part, which must be resolved + $dnval_new = ''; + foreach ($dnval as $subkey => $subval) { + // build RDN part + if (!is_int($subkey)) { + $subval = $subkey.'='.$subval; + } + $subval_processed = self::canonical_dn($subval); + if (false === $subval_processed) return false; + $dnval_new .= $subval_processed.'+'; + } + $dn[$pos] = substr($dnval_new, 0, -1); // store RDN part, strip last plus + } else { + // try to split multivalued RDNS into array + $rdns = self::split_rdn_multival($dnval); + if (count($rdns) > 1) { + // Multivalued RDN was detected! + // The RDN value is expected to be correctly split by split_rdn_multival(). + // It's time to sort the RDN and build the DN! + $rdn_string = ''; + sort($rdns, SORT_STRING); // Sort RDN keys alphabetically + foreach ($rdns as $rdn) { + $subval_processed = self::canonical_dn($rdn); + if (false === $subval_processed) return false; + $rdn_string .= $subval_processed.'+'; + } + + $dn[$pos] = substr($rdn_string, 0, -1); // store RDN part, strip last plus + + } else { + // no multivalued RDN! + // split at first unescaped "=" + $dn_comp = preg_split('/(?<=[^\\\\])=/', $rdns[0], 2); + $ocl = ltrim($dn_comp[0]); // trim left whitespaces 'cause of "cn=foo, l=bar" syntax (whitespace after comma) + $val = $dn_comp[1]; + + // strip 'OID.', otherwise apply casefolding and escaping + if (substr(strtolower($ocl), 0, 4) == 'oid.') { + $ocl = substr($ocl, 4); + } else { + if ($options['casefold'] == 'upper') $ocl = strtoupper($ocl); + if ($options['casefold'] == 'lower') $ocl = strtolower($ocl); + $ocl = self::escape_dn_value(array($ocl)); + $ocl = $ocl[0]; + } + + // escaping of dn-value + $val = self::escape_dn_value(array($val)); + $val = str_replace('/', '\/', $val[0]); + + $dn[$pos] = $ocl.'='.$val; + } + } + } + + if ($options['reverse']) $dn = array_reverse($dn); + return implode($options['separator'], $dn); + } + + /** + * Escapes the given VALUES according to RFC 2254 so that they can be safely used in LDAP filters. + * + * Any control characters with an ACII code < 32 as well as the characters with special meaning in + * LDAP filters "*", "(", ")", and "\" (the backslash) are converted into the representation of a + * backslash followed by two hex digits representing the hexadecimal value of the character. + * + * @param array $values Array of values to escape + * + * @static + * @return array Array $values, but escaped + */ + public static function escape_filter_value($values = array()) + { + // Parameter validation + if (!is_array($values)) { + $values = array($values); + } + + foreach ($values as $key => $val) { + // Escaping of filter meta characters + $val = str_replace('\\', '\5c', $val); + $val = str_replace('*', '\2a', $val); + $val = str_replace('(', '\28', $val); + $val = str_replace(')', '\29', $val); + + // ASCII < 32 escaping + $val = self::asc2hex32($val); + + if (null === $val) $val = '\0'; // apply escaped "null" if string is empty + + $values[$key] = $val; + } + + return $values; + } + + /** + * Undoes the conversion done by {@link escape_filter_value()}. + * + * Converts any sequences of a backslash followed by two hex digits into the corresponding character. + * + * @param array $values Array of values to escape + * + * @static + * @return array Array $values, but unescaped + */ + public static function unescape_filter_value($values = array()) + { + // Parameter validation + if (!is_array($values)) { + $values = array($values); + } + + foreach ($values as $key => $value) { + // Translate hex code into ascii + $values[$key] = self::hex2asc($value); + } + + return $values; + } + + /** + * Converts all ASCII chars < 32 to "\HEX" + * + * @param string $string String to convert + * + * @static + * @return string + */ + public static function asc2hex32($string) + { + for ($i = 0; $i < strlen($string); $i++) { + $char = substr($string, $i, 1); + if (ord($char) < 32) { + $hex = dechex(ord($char)); + if (strlen($hex) == 1) $hex = '0'.$hex; + $string = str_replace($char, '\\'.$hex, $string); + } + } + return $string; + } + + /** + * Converts all Hex expressions ("\HEX") to their original ASCII characters + * + * @param string $string String to convert + * + * @static + * @author beni@php.net, heavily based on work from DavidSmith@byu.net + * @return string + */ + public static function hex2asc($string) + { + $string = preg_replace_callback( + "/\\\[0-9A-Fa-f]{2}/", + function ($matches) { + return chr(hexdec($matches[0])); + }, + $string + ); + return $string; + } + + /** + * Split an multivalued RDN value into an Array + * + * A RDN can contain multiple values, spearated by a plus sign. + * This function returns each separate ocl=value pair of the RDN part. + * + * If no multivalued RDN is detected, an array containing only + * the original rdn part is returned. + * + * For example, the multivalued RDN 'OU=Sales+CN=J. Smith' is exploded to: + * array([0] => 'OU=Sales', [1] => 'CN=J. Smith') + * + * The method trys to be smart if it encounters unescaped "+" characters, but may fail, + * so ensure escaped "+"es in attr names and attr values. + * + * [BUG] If you have a multivalued RDN with unescaped plus characters + * and there is a unescaped plus sign at the end of an value followed by an + * attribute name containing an unescaped plus, then you will get wrong splitting: + * $rdn = 'OU=Sales+C+N=J. Smith'; + * returns: + * array('OU=Sales+C', 'N=J. Smith'); + * The "C+" is treaten as value of the first pair instead as attr name of the second pair. + * To prevent this, escape correctly. + * + * @param string $rdn Part of an (multivalued) escaped RDN (eg. ou=foo OR ou=foo+cn=bar) + * + * @static + * @return array Array with the components of the multivalued RDN or Error + */ + public static function split_rdn_multival($rdn) + { + $rdns = preg_split('/(?, <, >=, <=, ~=). + * + * @param string $attr Attribute and Value Syntax ("foo=bar") + * @param boolean $extended If set to true, also filter-assertion delimeter will be matched + * @param boolean $withDelim If set to true, the return array contains the delimeter at index 1, putting the value to index 2 + * + * @return array Indexed array: 0=attribute name, 1=attribute value OR ($withDelim=true): 0=attr, 1=delimeter, 2=value + */ + public static function split_attribute_string($attr, $extended=false, $withDelim=false) + { + if ($withDelim) $withDelim = PREG_SPLIT_DELIM_CAPTURE; + + if (!$extended) { + return preg_split('/(?=|<=|>|<|~=|=)/', $attr, 2, $withDelim); + } + } + + /** + * Corrects splitting of dn parts + * + * @param array $dn Raw DN array + * @param array $separator Separator that was used when splitting + * + * @return array Corrected array + * @access protected + */ + protected static function correct_dn_splitting($dn = array(), $separator = ',') + { + foreach ($dn as $key => $dn_value) { + $dn_value = $dn[$key]; // refresh value (foreach caches!) + // if the dn_value is not in attr=value format, then we had an + // unescaped separator character inside the attr name or the value. + // We assume, that it was the attribute value. + // [TODO] To solve this, we might ask the schema. Keep in mind, that UTIL class + // must remain independent from the other classes or connections. + if (!preg_match('/.+(? diff --git a/make.php b/make.php index 72845501..09204c94 100644 --- a/make.php +++ b/make.php @@ -663,12 +663,6 @@ function resolveDependencies($autoupdate=true) { $composer = << Date: Tue, 25 Jan 2022 21:12:39 +0000 Subject: [PATCH 103/160] issue: Map Custom Dependencies This adds functionality to map custom decencies on hydrate. A custom dependency is a decency that is not managed through Composer (like auth-ldap is now). This means any decency that is included in lib/ and is configured to be mapped (via plugin config) will be mapped as normal Composer dependencies. --- make.php | 83 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 48 insertions(+), 35 deletions(-) diff --git a/make.php b/make.php index 09204c94..84b667d3 100644 --- a/make.php +++ b/make.php @@ -459,51 +459,64 @@ function _hydrate($options) { // Move things into place foreach (glob(dirname(__file__).'/*/plugin.php') as $plugin) { $p = (include $plugin); - if (!isset($p['requires']) || !is_array($p['requires'])) + if ((!isset($p['requires']) || !is_array($p['requires'])) && !isset($p['map'])) continue; foreach ($p['requires'] as $lib=>$info) { + // Map composer dependencies if (!isset($info['map']) || !is_array($info['map'])) continue; foreach ($info['map'] as $lib=>$local) { $source = dirname(__file__).'/lib/'.$lib; $dest = dirname($plugin).'/'.$local; - if ($this->options['verbose']) { - $left = str_replace(dirname(__file__).'/', '', $source); - $right = str_replace(dirname(__file__).'/', '', $dest); - $this->stdout->write("Hydrating :: $left => $right\n"); - } - if (is_file($source)) { - copy($left, $right); - continue; - } - foreach ( - $iterator = new RecursiveIteratorIterator( - new RecursiveDirectoryIterator($source, RecursiveDirectoryIterator::SKIP_DOTS), - RecursiveIteratorIterator::SELF_FIRST) as $item - ) { - if ($item->isDir()) - continue; - - $target = $dest . DIRECTORY_SEPARATOR . $iterator->getSubPathName(); - $parent = dirname($target); - if (!file_exists($parent)) - mkdir($parent, 0777, true); - // Compress PHP files - if ($options['compress'] && fnmatch('*.php', $item)) { - $p = popen('php -w '.realpath($item), 'r'); - $T = fopen($target, 'w'); - while ($b = fread($p, 8192)) - fwrite($T, $b); - fclose($p); - fclose($T); - } - else { - copy($item, $target); - } - } + $this->mapDependencies($lib, $local, $source, $dest); } // TODO: Fetch language files for this plugin } + // Map custom dependencies + if (!isset($p['map']) || !is_array($p['map'])) + continue; + foreach ($p['map'] as $lib=>$local) { + $source = dirname(__file__).'/lib/'.$lib; + $dest = dirname($plugin).'/'.$local; + $this->mapDependencies($lib, $local, $source, $dest); + } + } + } + + function mapDependencies($lib, $local, $source, $dest) { + if ($this->options['verbose']) { + $left = str_replace(dirname(__file__).'/', '', $source); + $right = str_replace(dirname(__file__).'/', '', $dest); + $this->stdout->write("Hydrating :: $left => $right\n"); + } + if (is_file($source)) { + copy($left, $right); + return; + } + foreach ( + $iterator = new RecursiveIteratorIterator( + new RecursiveDirectoryIterator($source, RecursiveDirectoryIterator::SKIP_DOTS), + RecursiveIteratorIterator::SELF_FIRST) as $item + ) { + if ($item->isDir()) + continue; + + $target = $dest . DIRECTORY_SEPARATOR . $iterator->getSubPathName(); + $parent = dirname($target); + if (!file_exists($parent)) + mkdir($parent, 0777, true); + // Compress PHP files + if ($options['compress'] && fnmatch('*.php', $item)) { + $p = popen('php -w '.realpath($item), 'r'); + $T = fopen($target, 'w'); + while ($b = fread($p, 8192)) + fwrite($T, $b); + fclose($p); + fclose($T); + } + else { + copy($item, $target); + } } } From 17fb51000020b23d3915a2d8ad0f6351dcd4c64c Mon Sep 17 00:00:00 2001 From: JediKev Date: Tue, 25 Jan 2022 21:13:44 +0000 Subject: [PATCH 104/160] issue: Composer 2 This updates the code to use Composer 2 on hydrate so we can utilize latest standards/dependencies. --- make.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make.php b/make.php index 84b667d3..8f677a00 100644 --- a/make.php +++ b/make.php @@ -653,7 +653,7 @@ function ensureComposer() { } function getComposer() { - list($code, $phar) = $this->_http_get('https://getcomposer.org/composer-1.phar'); + list($code, $phar) = $this->_http_get('https://getcomposer.org/composer-2.phar'); if (!($fp = fopen(dirname(__file__).'/composer.phar', 'wb'))) $this->fail('Cannot install composer: Unable to write "composer.phar"'); From 78bd732b09a66d3b89724d676d942da36053babd Mon Sep 17 00:00:00 2001 From: JediKev Date: Tue, 25 Jan 2022 21:21:00 +0000 Subject: [PATCH 105/160] issue: Latest aws-sdk-php This updates the storage-s3 plugin to utilize latest aws-sdk-php. --- storage-s3/config.php | 42 +++++++++++----- storage-s3/plugin.php | 18 ++++--- storage-s3/storage.php | 108 +++++++++++++++++++++-------------------- 3 files changed, 98 insertions(+), 70 deletions(-) diff --git a/storage-s3/config.php b/storage-s3/config.php index 3fff2473..116b96f4 100644 --- a/storage-s3/config.php +++ b/storage-s3/config.php @@ -31,14 +31,31 @@ function getOptions() { 'label' => $__('AWS Region'), 'choices' => array( '' => 'US Standard', - 'us-east-1' => 'US East (Northern Virginia)', - 'us-west-2' => 'US West (Oregon) Region', - 'us-west-1' => 'US West (Northern California) Region', - 'eu-west-1' => 'EU (Ireland) Region', - 'ap-southeast-1' => 'Asia Pacific (Singapore) Region', - 'ap-southeast-2' => 'Asia Pacific (Sydney) Region', - 'ap-northeast-1' => 'Asia Pacific (Tokyo) Region', - 'sa-east-1' => 'South America (Sao Paulo) Region', + 'us-east-1' => 'US East (N. Virginia)', + 'us-east-2' => 'US East (Ohio)', + 'us-west-1' => 'US West (N. California)', + 'us-west-2' => 'US West (Oregon)', + 'af-south-1' => 'Africa (Cape Town)', + 'ap-east-1' => 'Asia Pacific (Hong Kong)', + 'ap-south-1' => 'Asia Pacific (Mumbai)', + 'ap-northeast-3' => 'Asia Pacific (Osaka)', + 'ap-northeast-2' => 'Asia Pacific (Seoul)', + 'ap-southeast-1' => 'Asia Pacific (Singapore)', + 'ap-southeast-2' => 'Asia Pacific (Sydney)', + 'ap-northeast-1' => 'Asia Pacific (Tokyo)', + 'ca-central-1' => 'Canada (Central)', + 'cn-north-1' => 'China (Beijing)', + 'cn-northwest-1' => 'China (Ningxia)', + 'eu-central-1' => 'Europe (Frankfurt)', + 'eu-west-1' => 'Europe (Ireland)', + 'eu-west-2' => 'Europe (London)', + 'eu-south-1' => 'Europe (Milan)', + 'eu-west-3' => 'Europe (Paris)', + 'eu-north-1' => 'Europe (Stockholm)', + 'sa-east-1' => 'South America (São Paulo)', + 'me-south-1' => 'Middle East (Bahrain)', + 'us-gov-east-1' => 'AWS GovCloud (US-East)', + 'us-gov-west-1' => 'AWS GovCloud (US-West)', ), 'default' => '', )), @@ -75,7 +92,7 @@ function getOptions() { function pre_save(&$config, &$errors) { list($__, $_N) = self::translate(); - $credentials = array( + $credentials['credentials'] = array( 'key' => $config['aws-key-id'], 'secret' => $config['secret-access-key'] ?: Crypto::decrypt($this->get('secret-access-key'), SECRET_SALT, @@ -84,11 +101,14 @@ function pre_save(&$config, &$errors) { if ($config['aws-region']) $credentials['region'] = $config['aws-region']; - if (!$credentials['secret']) + if (!$credentials['credentials']['secret']) $this->getForm()->getField('secret-access-key')->addError( $__('Secret access key is required')); - $s3 = Aws\S3\S3Client::factory($credentials); + $credentials['version'] = '2006-03-01'; + $credentials['signature_version'] = 'v4'; + + $s3 = new Aws\S3\S3Client($credentials); try { $s3->headBucket(array('Bucket'=>$config['bucket'])); diff --git a/storage-s3/plugin.php b/storage-s3/plugin.php index 7aaafc8d..41cf9781 100644 --- a/storage-s3/plugin.php +++ b/storage-s3/plugin.php @@ -2,19 +2,23 @@ return array( 'id' => 'storage:s3', - 'version' => '0.2.1', + 'version' => '0.3', 'name' => /* trans */ 'Attachments hosted in Amazon S3', - 'author' => 'Jared Hancock', + 'author' => 'Jared Hancock, Kevin Thorne', 'description' => /* trans */ 'Enables storing attachments in Amazon S3', 'url' => 'http://www.osticket.com/plugins/storage-s3', 'requires' => array( "aws/aws-sdk-php" => array( - 'version' => "2.*", + 'version' => "3.*", 'map' => array( - 'aws/aws-sdk-php/src/Aws/S3' => 'lib/Aws/S3', - 'aws/aws-sdk-php/src/Aws/Common' => 'lib/Aws/Common', - 'guzzle/guzzle/src/Guzzle' => 'lib/Guzzle', - 'symfony/event-dispatcher' => 'lib/Symfony/Component/EventDispatcher', + 'aws/aws-sdk-php/src' => 'lib/Aws', + 'guzzlehttp/guzzle/src' => 'lib/GuzzleHttp', + 'guzzlehttp/promises/src' => 'lib/GuzzleHttp/Promise', + 'guzzlehttp/psr7/src/' => 'lib/GuzzleHttp/Psr7', + 'mtdowling/jmespath.php/src' => 'lib/JmesPath', + 'psr/http-client/src' => 'lib/Psr/Http/Client', + 'psr/http-factory/src' => 'lib/Psr/Http/Factory', + 'psr/http-message/src' => 'lib/Psr/Http/Message', ), ), ), diff --git a/storage-s3/storage.php b/storage-s3/storage.php index db2deb3a..01cb978f 100644 --- a/storage-s3/storage.php +++ b/storage-s3/storage.php @@ -3,9 +3,10 @@ use Aws\S3\Exception\SignatureDoesNotMatchException; use Aws\S3\Model\MultipartUpload\UploadBuilder; use Aws\S3\S3Client; -use Guzzle\Http\EntityBody; -use Guzzle\Stream\PhpStreamRequestFactory; +use GuzzleHttp\Psr7\Stream; require_once INCLUDE_DIR . 'class.json.php'; +require_once 'lib/Aws/functions.php'; +require_once 'lib/GuzzleHttp/functions.php'; class S3StorageBackend extends FileStorageBackend { static $desc; @@ -15,6 +16,8 @@ class S3StorageBackend extends FileStorageBackend { private $body; private $upload_hash; private $upload_hash_final; + static $version = '2006-03-01'; + static $sig_vers = 'v4'; static $blocksize = 8192; # Default read size for sockets @@ -28,18 +31,21 @@ function getConfig() { function __construct($meta) { parent::__construct($meta); - $credentials = array( + $credentials['credentials'] = array( 'key' => static::$config['aws-key-id'], 'secret' => Crypto::decrypt(static::$config['secret-access-key'], SECRET_SALT, static::getConfig()->getNamespace()), ); - if ($config['aws-region']) - $credentials['region'] = $config['aws-region']; + if (static::$config['aws-region']) + $credentials['region'] = static::$config['aws-region']; - $this->client = S3Client::factory($credentials); + $credentials['version'] = self::$version; + $credentials['signature_version'] = self::$sig_vers; + + $this->client = new S3Client($credentials); } - function read($bytes=false) { + function read($bytes=false, $offset=0) { try { if (!$this->body) $this->openReadStream(); @@ -60,13 +66,10 @@ function read($bytes=false) { } } - function fpassthru() { + function passthru() { try { - $res = $this->client->getObject(array( - 'Bucket' => static::$config['bucket'], - 'Key' => self::getKey(), - )); - fpassthru($res['Body']); + while ($block = $this->read()) + print $block; } catch (Aws\S3\Exception\NoSuchKeyException $e) { throw new IOException(self::getKey() @@ -88,7 +91,7 @@ function flush() { } function upload($filepath) { - if ($filepath instanceof EntityBody) { + if ($filepath instanceof Stream) { $filepath->rewind(); // Hashing already performed in the ::write() method } @@ -137,17 +140,18 @@ function getHashDigest($algo) { } // Send a redirect when the file is requested locally - function sendRedirectUrl($disposition='inline') { + function sendRedirectUrl($disposition='inline', $ttl = false) { + // expire based on ttl (if given), otherwise expire at midnight $now = time(); - Http::redirect($this->client->getObjectUrl( - static::$config['bucket'], - self::getKey(), - $now + 86400 - ($now % 86400), # Expire at midnight - array( + $ttl = $ttl ? $now + $ttl : ($now + 86400 - ($now % 86400)); + Http::redirect($this->getSignedRequest( + $this->client->getCommand('GetObject', [ + 'Bucket' => static::$config['bucket'], + 'Key' => self::getKey(), 'ResponseContentDisposition' => sprintf("%s; %s;", $disposition, Http::getDispositionFilename($this->meta->getName())), - ))); + ]), $ttl)->getUri()); return true; } @@ -167,56 +171,56 @@ function unlink() { // Adapted from Aws\S3\StreamWrapper /** - * Serialize and sign a command, returning a request object + * Create a pre-signed Request for the given S3 command object. * - * @param CommandInterface $command Command to sign + * @param Aws\CommandInterface $command Command to create a pre-signed + * URL for. + * @param int|string|\DateTimeInterface $expires The time at which the URL should + * expire. This can be a Unix + * timestamp, a PHP DateTime object, + * or a string that can be evaluated + * by strtotime(). * * @return RequestInterface */ - protected function getSignedRequest($command) + protected function getSignedRequest($command, $expires=0) { - $request = $command->prepare(); - $request->dispatch('request.before_send', - array('request' => $request)); - - return $request; + return $this->client->createPresignedRequest($command, $expires ?: '+30 minutes'); } /** * Initialize the stream wrapper for a read only stream * - * @param array $params Operation parameters - * @param array $errors Any encountered errors to append to - * * @return bool */ protected function openReadStream() { - $params = array( - 'Bucket' => static::$config['bucket'], - 'Key' => self::getKey(), - ); - - // Create the command and serialize the request - $request = $this->getSignedRequest( - $this->client->getCommand('GetObject', $params)); - // Create a stream that uses the EntityBody object - $factory = new PhpStreamRequestFactory(); - $this->body = $factory->fromRequest($request, array(), - array('stream_class' => 'Guzzle\Http\EntityBody')); - + $this->getBody(true); return true; } /** - * Initialize the stream wrapper for a write only stream - * - * @param array $params Operation parameters - * @param array $errors Any encountered errors to append to - * - * @return bool + * Initialize the stream wrapper for a read/write stream */ protected function openWriteStream() { - $this->body = new EntityBody(fopen('php://temp', 'r+')); + $this->body = new Stream(fopen('php://temp', 'r+')); + } + + protected function getBody($stream=false) { + $params = array( + 'Bucket' => static::$config['bucket'], + 'Key' => self::getKey(), + ); + + $command = $this->client->getCommand('GetObject', $params); + $command['@http']['stream'] = $stream; + $result = $this->client->execute($command); + $this->body = $result['Body']; + + // Wrap the body in a caching entity body if seeking is allowed + //if ($this->getOption('seekable') && !$this->body->isSeekable()) { + // $this->body = new CachingStream($this->body); + //} + return $this->body; } function getKey($create=false) { From 7f7d862baab951b76dc3ed0496f1f3779ac1f524 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Mon, 31 Jan 2022 22:09:16 +0000 Subject: [PATCH 106/160] issue: PHP8 Hydrate This commit fixes a PHP warning with the make.php file while trying to hydrate the plugins. --- make.php | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/make.php b/make.php index 8f677a00..bb0286c4 100644 --- a/make.php +++ b/make.php @@ -461,16 +461,18 @@ function _hydrate($options) { $p = (include $plugin); if ((!isset($p['requires']) || !is_array($p['requires'])) && !isset($p['map'])) continue; - foreach ($p['requires'] as $lib=>$info) { - // Map composer dependencies - if (!isset($info['map']) || !is_array($info['map'])) - continue; - foreach ($info['map'] as $lib=>$local) { - $source = dirname(__file__).'/lib/'.$lib; - $dest = dirname($plugin).'/'.$local; - $this->mapDependencies($lib, $local, $source, $dest); + if (isset($p['requires'])) { + foreach ($p['requires'] as $lib=>$info) { + // Map composer dependencies + if (!isset($info['map']) || !is_array($info['map'])) + continue; + foreach ($info['map'] as $lib=>$local) { + $source = dirname(__file__).'/lib/'.$lib; + $dest = dirname($plugin).'/'.$local; + $this->mapDependencies($lib, $local, $source, $dest); + } + // TODO: Fetch language files for this plugin } - // TODO: Fetch language files for this plugin } // Map custom dependencies if (!isset($p['map']) || !is_array($p['map'])) From cd2d38e9ff5e1ad1e672292e5aa84847943cbfb8 Mon Sep 17 00:00:00 2001 From: JediKev Date: Mon, 31 Jan 2022 22:12:56 +0000 Subject: [PATCH 107/160] issue: mapDependencies() Missing Argument This addresses an issue found by @aydreeihn where the `$options` argument was missing from `mapDependencies()`. This adds the parameter so that it can be used. --- make.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/make.php b/make.php index bb0286c4..89bdc074 100644 --- a/make.php +++ b/make.php @@ -469,7 +469,7 @@ function _hydrate($options) { foreach ($info['map'] as $lib=>$local) { $source = dirname(__file__).'/lib/'.$lib; $dest = dirname($plugin).'/'.$local; - $this->mapDependencies($lib, $local, $source, $dest); + $this->mapDependencies($options, $lib, $local, $source, $dest); } // TODO: Fetch language files for this plugin } @@ -480,12 +480,12 @@ function _hydrate($options) { foreach ($p['map'] as $lib=>$local) { $source = dirname(__file__).'/lib/'.$lib; $dest = dirname($plugin).'/'.$local; - $this->mapDependencies($lib, $local, $source, $dest); + $this->mapDependencies($options, $lib, $local, $source, $dest); } } } - function mapDependencies($lib, $local, $source, $dest) { + function mapDependencies($options, $lib, $local, $source, $dest) { if ($this->options['verbose']) { $left = str_replace(dirname(__file__).'/', '', $source); $right = str_replace(dirname(__file__).'/', '', $dest); From 845bc9edcd6daf20cc4f3dc1c84e2e168c2bc9d5 Mon Sep 17 00:00:00 2001 From: JediKev Date: Wed, 2 Feb 2022 19:00:25 +0000 Subject: [PATCH 108/160] issue: auth-ldap Errors This addresses some lingering errors with the auth-ldap plugin. This includes `calling a non-static method statically` and `expects two arguments but received three` errors. --- auth-ldap/authentication.php | 4 ++-- lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php | 5 ++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 944d3634..77ec621a 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -432,7 +432,7 @@ function authenticate($username, $password=false, $errors=array()) { function getName() { $config = $this->config; - list($__, $_N) = $config::translate(); + list($__, $_N) = $config->translate(); return $__(static::$name); } @@ -471,7 +471,7 @@ function __construct($config) { function getName() { $config = $this->config; - list($__, $_N) = $config::translate(); + list($__, $_N) = $config->translate(); return $__(static::$name); } diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php index a48f8221..f0d66a99 100644 --- a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php @@ -363,10 +363,9 @@ protected function setAttributes($attributes = null) $attributes = array(); do { if (empty($attr)) { - $ber = null; - $attr = @ldap_first_attribute($this->_link, $this->_entry, $ber); + $attr = @ldap_first_attribute($this->_link, $this->_entry); } else { - $attr = @ldap_next_attribute($this->_link, $this->_entry, $ber); + $attr = @ldap_next_attribute($this->_link, $this->_entry); } if ($attr) { $func = 'ldap_get_values'; // standard function to fetch value From 2e0f3d626e7993cea9444c98225bb4a7174b1aca Mon Sep 17 00:00:00 2001 From: JediKev Date: Tue, 15 Feb 2022 20:43:15 +0000 Subject: [PATCH 109/160] issue: autodiscover Static This addresses an issue where `LDAPAuthentication::autodiscover()` is not static but is being called statically. This changes the method to static and updates the subsequent calls to static calls. --- auth-ldap/authentication.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 77ec621a..b63c1033 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -76,7 +76,7 @@ function getConfig() { return $this->config; } - function autodiscover($domain, $dns=array()) { + static function autodiscover($domain, $dns=array()) { require_once(PEAR_DIR.'Net/DNS2.php'); // TODO: Lookup DNS server from hosts file if not set $q = new Net_DNS2_Resolver(); @@ -111,7 +111,7 @@ function getServers() { || !($servers = preg_split('/\s+/', $servers))) { if ($domain = $this->getConfig()->get('domain')) { $dns = preg_split('/,?\s+/', $this->getConfig()->get('dns')); - return $this->autodiscover($domain, array_filter($dns)); + return self::autodiscover($domain, array_filter($dns)); } } if ($servers) { From 0b59afbd2d4ccd0522552198a9aaf1ec05b5071e Mon Sep 17 00:00:00 2001 From: JediKev Date: Thu, 21 Apr 2022 18:52:18 +0000 Subject: [PATCH 110/160] security: Audit Log Injection This mitigates a vulnerability discovered by the AppSec Research Team at Checkmarx where it's possible to perform injection via Audit Log plugin. This is due to passing the `order` URL param directly to the select query. This refactors the `getOrder()` method to only return predefined sort orders to prevent using user-input. --- audit/class.audit.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/audit/class.audit.php b/audit/class.audit.php index 3b0c2216..f6ca66df 100644 --- a/audit/class.audit.php +++ b/audit/class.audit.php @@ -463,12 +463,17 @@ static function getQwhere($objectId, $hide_views=false, $type='') { } static function getOrder($order) { - if($_REQUEST['order'] && $orderWays[strtoupper($_REQUEST['order'])]) { - $order=$orderWays[strtoupper($_REQUEST['order'])]; - } - $order=$order?$order:'DESC'; + $or = null; + $orderWays=array('DESC'=>'DESC','ASC'=>'ASC'); + + if ($order && $orderWays[strtoupper($order)]) + $or = $orderWays[strtoupper($order)]; + elseif($_REQUEST['order'] && $orderWays[strtoupper($_REQUEST['order'])]) + $or = $orderWays[strtoupper($_REQUEST['order'])]; + + $or = $or ? $or : 'DESC'; - return $order; + return $or; } static function getQuery($qs, $objectId, $pageNav, $export, $type='') { @@ -478,7 +483,6 @@ static function getQuery($qs, $objectId, $pageNav, $export, $type='') { $sortOptions=array('id'=>'audit.id', 'object_id'=>'audit.object_id', 'state'=>'audit.state','type'=>'audit.object_type','ip'=>'audit.ip' ,'timestamp'=>'audit.timestamp'); - $orderWays=array('DESC'=>'DESC','ASC'=>'ASC'); $sort=($_REQUEST['sort'] && $sortOptions[strtolower($_REQUEST['sort'])])?strtolower($_REQUEST['sort']):'timestamp'; //Sorting options... if($sort && $sortOptions[$sort]) { From 047a1c3ae4f12f8952bbdad8143d5b74fdac14b1 Mon Sep 17 00:00:00 2001 From: JediKev Date: Thu, 21 Apr 2022 18:52:58 +0000 Subject: [PATCH 111/160] xss: Audit Log This mitigates a vulnerability discovered by the AppSec Research Team at Checkmarx where it's possible to perform XSS via the Audit Log plugin. This is due to not properly escaping the `state` and `type` URL params. This adds `Format::htmlchars()` to both params to ensure they are properly escaped. --- audit/templates/auditlogs.tmpl.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/audit/templates/auditlogs.tmpl.php b/audit/templates/auditlogs.tmpl.php index df795a76..78b697f5 100644 --- a/audit/templates/auditlogs.tmpl.php +++ b/audit/templates/auditlogs.tmpl.php @@ -3,18 +3,18 @@ $qs = array(); if($_REQUEST['type']) - $qs += array('type' => $_REQUEST['type']); + $qs += array('type' => Format::htmlchars($_REQUEST['type'])); $type='D'; if ($_REQUEST['type']) - $type=$_REQUEST['type']; + $type=Format::htmlchars($_REQUEST['type']); if($_REQUEST['state']) - $qs += array('state' => $_REQUEST['state']); + $qs += array('state' => Format::htmlchars($_REQUEST['state'])); $state=__('All'); if ($_REQUEST['state']) - $state=$_REQUEST['state']; + $state=Format::htmlchars($_REQUEST['state']); //dates $startTime =($_REQUEST['startDate'] && (strlen($_REQUEST['startDate'])>=8))?strtotime($_REQUEST['startDate']):0; @@ -28,7 +28,7 @@ if($endTime) $qs += array('endDate' => $_REQUEST['endDate']); } -$order = AuditEntry::getOrder($_REQUEST['order']); +$order = AuditEntry::getOrder(Format::htmlchars($_REQUEST['order'])); $qs += array('order' => (($order=='DESC') ? 'ASC' : 'DESC')); $qstr = '&'. Http::build_query($qs); From 3e8a3020f51ee8342b07210d5482c607e739adb4 Mon Sep 17 00:00:00 2001 From: JediKev Date: Thu, 21 Apr 2022 20:05:29 +0000 Subject: [PATCH 112/160] security: Filesystem Listing This helps mitigate a vulnerability discovered by the AppSec Research Team at Checkmarx where it's possible to list the contents of the attachment directory if one setup the directory in the site root without proper permissions, access, etc. This updates the `pre_save()` method so that upon saving the Plugin configuration we create an `.htaccess` file with `Options -Indexes` content so that directory listing is disabled. --- storage-fs/storage.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/storage-fs/storage.php b/storage-fs/storage.php index 10a95fbb..6ab847c7 100644 --- a/storage-fs/storage.php +++ b/storage-fs/storage.php @@ -120,8 +120,11 @@ function pre_save(&$config, &$errors) { $field->addError($__('Unable to write to directory')); elseif (!@unlink("$path/$file")) $field->addError($__('Unable to remove files from directory')); - else + else { touch("$path/.keep"); + if (!is_file("$path/.htaccess")) + file_put_contents("$path/.htaccess", array('Options -Indexes', PHP_EOL, 'Deny from all')); + } return true; } } From faf713183cdecedfcab62ba6d4ed2a320dc69f2e Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Sat, 2 Jul 2022 17:28:58 +0000 Subject: [PATCH 113/160] oauth2: Add OAuth2 Plugin The plugin provides OAuth2 Authentication and Authorization backends --- auth-oauth2/auth.php | 110 ++++++++ auth-oauth2/config.php | 255 +++++++++++++++++ auth-oauth2/oauth2.php | 613 +++++++++++++++++++++++++++++++++++++++++ auth-oauth2/plugin.php | 21 ++ 4 files changed, 999 insertions(+) create mode 100644 auth-oauth2/auth.php create mode 100644 auth-oauth2/config.php create mode 100644 auth-oauth2/oauth2.php create mode 100644 auth-oauth2/plugin.php diff --git a/auth-oauth2/auth.php b/auth-oauth2/auth.php new file mode 100644 index 00000000..1cffe0f8 --- /dev/null +++ b/auth-oauth2/auth.php @@ -0,0 +1,110 @@ +append( + url_get("$url", function () use($id) { + $id = $id ?: $_SESSION['ext:bk:id']; + if (isset($_GET['code']) + && isset($_GET['state']) + && ($bk=self::getAuthBackend($id))) { + $bk->callback($_GET, $id); + } + // Authentication failed or downstream failed to redirect user. + Http::redirect(ROOT_PATH); + }) + ); + }); + } + + private static function registerAuthBackends(PluginConfig $config) { + + $target = $config->get('auth_target') ?: 'none'; + if (in_array($target, array('all', 'agents'))) { + StaffAuthenticationBackend::register( + new OAuth2StaffAuthBackend($config)); + } + if (in_array($target, array('all', 'users'))) { + UserAuthenticationBackend::register( + new OAuth2UserAuthBackend($config)); + } + } + + private static function getAuthBackend($id) { + // Authentication backends + $bk = AuthenticationBackend::lookupBackend($id); + if ($bk instanceof OAuth2AuthBackend) + return $bk; + // OAuth2 Authorization backends + if (($bk=OAuth2AuthorizationBackend::getBackend($id))) + return $bk; + // OAuth2 Authentication backends + if (($bk=OAuth2AuthenticationBackend::getBackend($id))) + return $bk; + } + + public function getNewInstanceOptions() { + $newOptions = []; + foreach (OAuth2AuthenticationBackend::allRegistered() as $bk) { + $newOptions[] = [ + 'name' => $bk::$name, + 'href' => sprintf('plugins.php?id=%d&provider=%s&a=add-instance#instances', + $this->getId(), $bk::$id), + 'class' => '', + 'icon' => $bk::$icon, + ]; + } + return $newOptions; + } + + public function getNewInstanceDefaults($options) { + $defaults = ['auth_type' => 'auth']; + if (isset($options['provider']) + && ($id=$options['provider']) + && (($bk=OAuth2AuthenticationBackend::getBackend($id)))) + $defaults += $bk->getDefaults(); + + return $defaults; + } + + public function init() { + // Register API Endpoint + self::registerEndpoint(); + // Register Oauth2 Authorization Providers + OAuth2ProviderBackend::registerProviders([ + 'plugin_id' => $this->getId()]); + } + + public function bootstrap() { + // Get sideloaded instance config + $config = $this->getConfig(); + // Only register Authentication backends Authorization Backends are + // done on-demand. + if ($config->get('auth_type') == 'auth') + self::registerAuthBackends($config); + } +} + diff --git a/auth-oauth2/config.php b/auth-oauth2/config.php new file mode 100644 index 00000000..b547c687 --- /dev/null +++ b/auth-oauth2/config.php @@ -0,0 +1,255 @@ +get('auth_name'); + } + + public function getServiceName() { + return $this->get('auth_service'); + } + + public function getClientId() { + return $this->get('clientId'); + } + + public function getClientSecret() { + return $this->get('clientSecret'); + } + + public function getScopes() { + return array_map('trim', + explode(',', $this->get('scopes', []))); + } + + public function getAuthorizationUrl() { + return $this->get('urlAuthorize'); + } + + public function getAccessTokenUrl() { + return $this->get('urlAccessToken'); + } + + public function getRedirectUri() { + return $this->get('redirectUri'); + } + + public function getResourceOwnerDetailstUrl() { + return $this->get('urlResourceOwnerDetails'); + } + + public function getAttributeFor($name, $default=null) { + return $this->get("attr_$name", $default); + } + + public function getClientSettings() { + return [ + 'clientId' => $this->getClientId(), + 'clientSecret' => $this->getClientSecret(), + 'redirectUri' => $this->getRedirectUri(), + 'urlAuthorize' => $this->getAuthorizationUrl(), + 'urlAccessToken' => $this->getAccessTokenUrl(), + 'urlResourceOwnerDetails' => $this->getResourceOwnerDetailstUrl(), + 'scopes' => $this->getScopes()]; + } + + function translate() { + return Plugin::translate('auth-oauth2'); + } + + function getOptions() { + list($__, $_N) = self::translate(); + return array( + 'auth_settings' => new SectionBreakField(array( + 'label' => $__('Settings'), + 'hint' => $__('General settings'), + )), + 'auth_name' => new TextboxField(array( + 'label' => $__('Name'), + 'hint' => $__('IdP Name e.g Google'), + 'required' => true, + 'configuration' => array( + 'size' => 34, + 'length' => 125 + ) + ) + ), + 'auth_type' => new ChoiceField(array( + 'label' => $__('Type'), + 'hint' => $__('OAuth2 Type'), + 'required' => true, + 'choices' => array( + 'auth' => $__('Authentication'), + 'autho' => $__('Authorization'), + ), + 'configuration' => array( + 'disabled' => false, + ), + 'default' => 'auth', + ) + ), + 'auth_target' => new ChoiceField(array( + 'label' => $__('Authentication Target'), + 'hint' => $__('Target Audience'), + 'required' => true, + 'choices' => array( + 'none' => $__('None (Disabled)'), + 'agents' => $__('Agents Only'), + 'users' => $__('End Users Only'), + 'all' => $__('Agents and End Users'), + ), + 'default' => 'none', + 'visibility' => new VisibilityConstraint( + new Q(array('auth_type__eq' => 'auth')), + VisibilityConstraint::HIDDEN + ), + ) + ), + 'auth_service' => new TextboxField(array( + 'label' => $__('Authentication Label'), + 'hint' => $__('Sign in With label'), + 'required' => true, + 'configuration' => array( + 'size' => 34, + 'length' => 64 + ), + 'visibility' => new VisibilityConstraint( + new Q(array('auth_type__eq' => 'auth')), + VisibilityConstraint::HIDDEN + ), + ) + ), + 'idp' => new SectionBreakField(array( + 'label' => $__('Identity Provider (IdP) Details'), + 'hint' => $__('Details for third-party identity provider'), + )), + 'clientId' => new TextboxField( + array( + 'label' => $__('Client Id'), + 'hint' => $__('IdP Client / Application Identifier'), + 'required' => true, + 'configuration' => array( + 'size' => 64, + 'length' => 255 + ) + ) + ), + 'clientSecret' => new TextboxField( + array( + 'label' => $__('Client Secret'), + 'hint' => $__('IdP Client Secret'), + 'required' => true, + 'configuration' => array( + 'size' => 64, + 'length' => 255 + ) + ) + ), + 'redirectUri' => new TextboxField( + array( + 'label' => $__('Callback Endpoint'), + 'hint' => $__('Redirect Uri'), + 'required' => true, + 'configuration' => array( + 'size' => 64, + 'length' => 255 + ), + 'validators' => function($f, $v) { + if (!preg_match('[\.*(/api/auth/oauth2)$]isu', $v)) + $f->addError(__('Must be a valid API endpont')); + }, + 'default' => OAuth2Plugin::callback_url(), + ) + ), + 'urlAuthorize' => new TextboxField( + array( + 'label' => $__('Authorization Endpoint'), + 'hint' => $__('Authorization URL'), + 'required' => true, + 'configuration' => array( + 'size' => 64, + 'length' => 255 + ), + 'default' => '', + ) + ), + 'urlAccessToken' => new TextboxField( + array( + 'label' => $__('Token Endpoint'), + 'hint' => $__('Access Token URL'), + 'required' => true, + 'configuration' => array( + 'size' => 64, + 'length' => 255 + ), + 'default' => '', + ) + ), + 'urlResourceOwnerDetails' => new TextboxField( + array( + 'label' => $__('Resource Details Endpoint'), + 'hint' => $__('User Details URL'), + 'required' => true, + 'configuration' => array( + 'size' => 64, + 'length' => 255 + ), + 'default' => '', + ) + ), + 'scopes' => new TextboxField( + array( + 'label' => $__('Scopes'), + 'hint' => $__('Comma or Space separated scopes depending + on IdP requirements'), + 'configuration' => array( + 'size' => 64, + 'length' => 255 + ), + 'default' => OAuth2Plugin::default_scopes(), + ) + ), + 'attr_mapping' => new SectionBreakField(array( + 'label' => $__('User Attributes Mapping'), + 'hint' => $__('Consult your IdP documentation for supported attributes and scope'), + )), + 'attr_username' => new TextboxField(array( + 'label' => $__('User Identifier'), + 'hint' => $__('Unique User Identifier - Username or Email address'), + 'required' => true, + 'default' => 'email', + + )), + 'attr_givenname' => new TextboxField(array( + 'label' => $__('Given Name'), + 'hint' => $__('First name'), + 'default' => 'givenname', + + )), + 'attr_surname' => new TextboxField(array( + 'label' => $__('Surname'), + 'hint' => $__('Last name'), + 'default' => 'surname', + + )), + 'attr_email' => new TextboxField(array( + 'label' => $__('Email Address'), + 'hint' => $__('Email address required to auto-create User accounts. Agents must already exist.'), + 'default' => 'email', + )), + ); + } +} + +class BasicOAuth2Config extends OAuth2Config { + // Only get the basic field options + function getOptions() { + return array_intersect_key(parent::getOptions(), + array_flip(['clientId', 'clientSecret', 'urlAuthorize', + 'urlAccessToken', 'urlResourceOwnerDetails', + 'redirectUri', 'scopes'])); + } +} diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php new file mode 100644 index 00000000..78bfcb18 --- /dev/null +++ b/auth-oauth2/oauth2.php @@ -0,0 +1,613 @@ + + Copyright (c) 2006-2022 osTicket + https://osticket.com + + Credit: + * https://github.com/thephpleague/oauth2-client + * Interwebz + + Released under the GNU General Public License WITHOUT ANY WARRANTY. + See LICENSE.TXT for details. + + vim: expandtab sw=4 ts=4 sts=4: +**********************************************************************/ +include_once 'auth.php'; + +use League\OAuth2\Client\Provider\GenericProvider; + +/** + * OAuth2AuthBackend + * + * Interface class for OAuth2 authentication backends + * + * Not entirely necessary but used to decorate classes to make it easy to + * test if it's an instance of desired backend. + * + */ + +interface OAuth2AuthBackend { + + /** + * Function: handleCallback + * + * Called when we receive OAuth2 auth code + */ + function callBack($resp, $ref=''); + + /** + * Function: redirect util + * + * Called to redirect user to either internal or external urls. + */ + function redirectTo($url); + function setState($state); + function getState(); + function resetState(); + function getAccessToken($code); +} + +/** + * OAuth2AuthenticationTrait + * + * Trait class with the core OAuth2 authentication functions used by + * downstream backends. + * + */ +trait OAuth2AuthenticationTrait { + // OAuth2 Id Provider + private $provider; + // debug mode flag + private $debug = false; + // SESSION store for data like AuthNRequestID + private $session; + // Configuration store + protected $config; + // Supported attributes mapped to scopes - hard coded for now + private $attributes = ['username', 'givenname', 'surname', 'email']; + + function __construct($config, $provider=null) { + $this->config = $config; + // Session data stash for backends + $this->session = &$_SESSION[':oauth'][$this->getId()]; + if ($provider instanceof OAuth2AuthorizationBackend) + $this->provider = $provider; + else + $this->provider = new GenericOauth2Provider(); + + // Get Oauth Client based on provider + $this->client = $this->provider->getClient($config); + } + + function callback($resp, $ref=null) { + try { + if ($this->getState() == $resp['state'] + && ($token=$this->getAccessToken($resp['code'])) + && ($owner=$this->client->getResourceOwner($token)) + && ($attrs=$this->mapAttributes($owner->toArray()))) { + $this->resetState(); + // Attempt to signIn the user based on returned attributes + $result = $this->signIn($attrs); + if ($result instanceof AuthenticatedUser) { + // SignIn successful - login the user and redirect to + // desired panel + if ($this->login($result, $this)) + $this->onSignIn(); + } + } + } catch (Exception $ex) { + return false; + } + } + + function getId() { + return static::$id; + } + + function getName() { + return $this->config->getName(); + } + + function getServiceName() { + return $this->config->getServiceName(); + } + + public function setState($state) { + $this->session['AuthState'] = $state; + } + + public function resetState() { + $this->setState(''); + } + + public function getState() { + return $this->session['AuthState']; + } + + private function mapAttributes(array $result) { + // Mapout the supported attributes only + $attributes = array(); + $result = array_change_key_case($result, CASE_LOWER); + foreach ($this->attributes as $attr) { + if (!($key=$this->config->getAttributeFor($attr))) + continue; + $attributes[$attr] = $result[strtolower($key)] ?: null; + } + // Use email as username if none is provided + if (!isset($attributes['username']) && isset($attributes['email'])) + $attributes['username'] = $attributes['email']; + + return $attributes; + } + + public function getAccessToken($code) { + return $this->client->getAccessToken('authorization_code', + ['code' => $code]); + } + + public function refreshAccessToken($refreshToken) { + return $this->client->getAccessToken('refresh_token', + ['refresh_token' => $refreshToken]); + } + + public function triggerAuth() { + parent::triggerAuth(); + // Regenerate OAuth2 auth request + $authUrl = $this->client->getAuthorizationUrl(); + // Get the state generated for you and store it to the session. + $this->setState($this->client->getState()); + $this->redirectTo($authUrl); + } + + + function redirectTo($url) { + // No cache redirect + header('Pragma: no-cache'); + header('Cache-Control: no-cache, must-revalidate'); + Http::redirect($url); + } + + static function signOut($user) { + parent::signOut($user); + } + + abstract function signIn($attrs); + abstract function onSignIn(); +} + +/** + * OAuth2StaffAuthBackend + * + * Provides OAuth2 authentication backend for agents + */ +class OAuth2StaffAuthBackend extends ExternalStaffAuthenticationBackend +implements OAuth2AuthBackend { + use OAuth2AuthenticationTrait; + static $id = "oauth2.agent"; + static $name = "OAuth2"; + static $service_name = "OAuth2"; + + private function signIn($attrs) { + if ($attrs && isset($attrs['username'])) { + if (($staff = StaffSession::lookup($attrs['username'])) + && $staff->getId()) { + // Older versions + if (!$staff instanceof StaffSession) + $staff = new StaffSession($staff->getId()); + + return $staff; + } else { + $_SESSION['_staff']['auth']['msg'] = sprintf('%s (%s)', + 'Have your administrator create a local account', + Format::htmlchars($attrs['username'])); + } + } + } + + private function onSignIn() { + $this->redirectTo(osTicket::get_base_url().'scp/'); + } + +} + + +/** + * OAuth2UserAuthBackend + * + * Provides OAuth2 authentication backend for users + */ +class OAuth2UserAuthBackend extends ExternalUserAuthenticationBackend +implements OAuth2AuthBackend { + use OAuth2AuthenticationTrait; + static $id = "oauth2.user"; + static $name = "OAuth2"; + static $service_name = "OAuth2"; + + private function signIn($attrs) { + if ($attrs && isset($attrs['username'])) { + if (($acct = ClientAccount::lookupByUsername($attrs['username'])) + && $acct->getId()) + return new ClientSession(new EndUser($acct->getUser())); + // Auto-register user if possible + $email = $attrs['email'] ?: $attrs['username']; + if (Validator::is_email($email)) { + if (!($name = trim(sprintf('%s %s', $attrs['givenname'], $attrs['surname'])))) + $name = $attrs['username']; + $info = ['email' => $email, 'name' => $name]; + $req = new ClientCreateRequest($this, $attrs['username'], $info); + return $req->attemptAutoRegister(); + } + } + } + + private function onSignIn() { + $this->redirectTo(osTicket::get_base_url()); + } +} + +/* + * OAuth Email Auth Backend + * + */ +class OAuth2EmailAuthBackend implements OAuth2AuthBackend { + use OAuth2AuthenticationTrait; + static $id = "oauth2.emailautho"; + private $options; + public $account; + + const ERR_UNKNOWN = 0; + const ERR_EMAIL_MISMATCH = 1; + const ERR_REFRESH_TOKEN = 2; + + function getEmailId() { + return $this->account->getEmailId(); + } + + function getEmailAddress() { + return $this->account->email->getEmail(); + } + + private function updateCredentials($info, &$errors) { + return $this->account->updateCredentials( + $this->provider->getId(), $info, $errors); + } + + public function callback($resp, $ref=null) { + $errors = []; + $err = sprintf('%s_auth_bk', $this->account->getType()); + try { + if ($this->getState() == $resp['state'] + && ($token=$this->getAccessToken($resp['code'])) + && ($owner=$this->client->getResourceOwner($token)) + && ($attrs=$this->mapAttributes($owner->toArray()))) { + $this->resetState(); + $info = [ + 'access_token' => $token->getToken(), + 'refresh_token' => $token->getRefreshToken(), + 'expires' => $token->getExpires(), + 'resource_owner_id' => $token->getResourceOwnerId(), + 'resource_owner_email' => $attrs['email'], + ]; + if (0 && !$this->signIn($attrs)) + $errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs); + elseif (!$info['refresh_token']) + $errors[$err] = $this->error_msg(self::ERR_REFRESH_TOKEN); + elseif (!$this->updateCredentials($info, $errors)) + $errors[$err] = $this->error_msg(self::ERR_UNKNOWN); + } + } catch (Exception $ex) { + $errors[$err] = $ex->getMessage(); + } + // stash errors (if any) to session and redirect + $session = &$_SESSION[':email'][$this->getEmailId()]; + $session = []; + if ($errors) { + $session['errors'] = $errors; + } else { + $session['msg'] = sprintf('%s: %s', + $this->account->getType(), + __('OAuth2 Authorization Successful')); + } + $this->onSignIn(); + } + + public function triggerAuth() { + // Regenerate OAuth2 auth request + $urlOptions = $this->provider->getUrlOptions() ?: []; + $authUrl = $this->client->getAuthorizationUrl($urlOptions); + // Get the state generated for you and store it to the session. + $this->setState($this->client->getState()); + $this->redirectTo($authUrl); + } + + private function signIn($attrs) { + return !strcasecmp($attrs['email'], $this->getEmailAddress()); + } + + private function onSignIn() { + $this->redirectTo(osTicket::get_base_url() + .sprintf('scp/emails.php?id=%d#%s', + $this->getEmailId(), + $this->account->getType()) + ); + } + + private function error_msg($errorno, $attrs=[]) { + switch ($errorno) { + case self::ERR_EMAIL_MISMATCH: + return sprintf(__('Email Mismatch: Expecting Authorization for %s not %s'), + $this->getEmailAddress(), + $attrs['email']); + break; + case self::ERR_REFRESH_TOKEN: + return __('Unable to obtain Refresh Token'); + break; + case self::ERR_UNKNOWN: + default: + return __('Unknown Error'); + } + } +} + +abstract class OAuth2ProviderBackend extends OAuth2AuthorizationBackend { + protected $config; + private $plugin; + private $plugin_id; + static $defaults = []; + + function __construct($options=[]) { + if (isset($options['plugin_id'])) + $this->plugin_id = (int) $options['plugin_id']; + } + + function getId() { + return static::$id; + } + + function getName() { + return static::$name; + } + + function getPluginId() { + return $this->plugin_id; + } + + function getPlugin() { + if (!isset($this->plugin) && $this->plugin_id) + $this->plugin = PluginManager::lookup($this->plugin_id); + + return $this->plugin; + } + + function getConfig($instance=null) { + if ($instance && !is_object($instance)) + $instance = $this->getPluginInstance($instance); + if (!isset($this->config) || $instance) + $this->config = new BasicOAuth2Config($instance); + + return $this->config; + } + + function getConfigForm($vars, $id=null) { + return $this->getConfig($id)->getForm($vars ?: + $this->getDefaults()); + } + + function getDefaults() { + return static::$defaults ?: []; + } + + function getPluginInstance($id) { + return $this->getPlugin()->getInstance($id); + } + + function addPluginInstance($vars, &$errors) { + if (!($plugin=$this->getPlugin())) + return false; + // Add some default values not set on Basic Config + $vars = array_merge($vars, array_intersect_key($this->getDefaults(), + array_flip(['attr_username', 'attr_email', 'attr_givenname', + 'attr_surname']))); + return $plugin->addInstance($vars, $errors); + } + + function getEmailAuthBackend($id) { + list($auth, $a, $i) = self::parseId($id); + if (!strcasecmp($auth, $this->getId()) + && ($instance=$this->getPluginInstance((int) $i)) + && ($config=$instance->getConfig()) + && ($account=EmailAccount::lookup((int) $a)) + && $account->isEnabled()) { + $bk = new OAuth2EmailAuthBackend($config, $this); + $bk->account = $account; + return $bk; + } + } + + function refreshAccessToken($refreshToken, $id, &$errors) { + if (!$refreshToken || !($bk=$this->getEmailAuthBackend($id))) + return false; + + try { + $token = $bk->refreshAccessToken($refreshToken); + return [ + 'access_token' => $token->getToken(), + 'expires' => $token->getExpires()]; + } catch( Exception $ex) { + $errors['refresh_token'] = $ex->getMessage(); + } + } + + function triggerEmailAuth($id) { + if (!($bk=$this->getEmailAuthBackend($id))) + return false; + + $_SESSION['ext:bk:id'] = $id; + $bk->triggerAuth(); + } + + // We delegate call back to Email Authorization backend + function callback($resp, $id='') { + if (!$id || !($bk=$this->getEmailAuthBackend($id))) + return false; + + return $bk->callback($resp, $id); + } + + // Register Authentication Providers (Templates) + static function registerAuthenticationProviders($options=[]) { + OAuth2AuthenticationBackend::register(new + GoogleOAuth2Provider($options)); + OAuth2AuthenticationBackend::register(new + MicrosoftOAuth2Provider($options)); + OAuth2AuthenticationBackend::register(new + OtherOAuth2Provider($options)); + } + + // Register Authorization Providers + static function registerEmailAuthoProviders($options=[]) { + OAuth2AuthorizationBackend::register(new + GoogleEmailOAuth2Provider($options)); + OAuth2AuthorizationBackend::register(new + MicrosoftEmailOAuth2Provider($options)); + OAuth2AuthorizationBackend::register(new + OtherEmailOAuth2Provider($options)); + } + + static function registerProviders($options=[]) { + self::registerEmailAuthoProviders($options); + self::registerAuthenticationProviders($options); + } + + abstract function getClient(PluginConfig $config); +} + +class OAuth2Client extends GenericProvider { + protected function getAuthorizationParameters(array $options) { + // Cleanup prompt conflicts + // approval_prompt, hardcoded upstream, nolonger works for Google + // when attempting to force new refresh token. + $options = parent::getAuthorizationParameters($options); + if (isset($options['prompt']) && isset($options['approval_prompt'])) + unset($options['approval_prompt']); + + return $options; + } +} + + +class GenericOauth2Provider extends Oauth2ProviderBackend { + static $id = 'oauth2:other'; + static $name = 'OAuth2 - Other'; + static $defaults = []; + static $urlOptions = []; + + + function getUrlOptions() { + return static::$urlOptions; + } + + function getClient(PluginConfig $config) { + return new OAuth2Client($config->getClientSettings()); + } +} + +class OtherOauth2Provider extends GenericOauth2Provider { + static $id = 'oauth2:other'; + static $name = 'OAuth2 - Other'; + static $icon = 'icon-plus-sign'; + static $defaults = []; + static $urlOptions = []; + +} + +// Authentication Providers +class GoogleOauth2Provider extends GenericOauth2Provider { + static $id = 'oauth2:google'; + static $name = 'Google'; + static $icon = 'icon-google-plus-sign'; + static $defaults = [ + 'urlAuthorize' => 'https://accounts.google.com/o/oauth2/v2/auth', + 'urlAccessToken' => 'https://oauth2.googleapis.com/token', + 'urlResourceOwnerDetails' => 'https://www.googleapis.com/oauth2/v2/userinfo', + 'scopes' => 'profile https://www.googleapis.com/auth/userinfo.email', + 'auth_name' => 'Google', + 'auth_service' => 'Google', + 'attr_username' => 'email', + 'attr_email' => 'email', + 'attr_givenname' => 'given_name', + 'attr_surname' => 'family_name', + ]; +} + +class MicrosoftOauth2Provider extends GenericOauth2Provider { + static $id = 'oauth2:msmail'; + static $name = 'Microsoft'; + static $icon = 'icon-windows'; + static $defaults = [ + 'urlResourceOwnerDetails' => 'https://graph.microsoft.com/v1.0/me', + 'scopes' => 'https://graph.microsoft.com/.default', + 'auth_name' => 'Microsoft', + 'auth_service' => 'Azure', + 'attr_username' => 'mail', + 'attr_email' => 'mail', + 'attr_givenname' => 'givenname', + 'attr_surname' => 'surname', + ]; +} + +// Authorization Email OAuth Providers +class OtherEmailOauth2Provider extends GenericOauth2Provider { + static $id = 'oauth2:othermail'; + static $name = 'OAuth2 - Other Provider'; + static $defaults = []; + static $urlOptions = []; +} + +class GoogleEmailOauth2Provider extends GenericOauth2Provider { + static $id = 'oauth2:gmail'; + static $name = 'OAuth2 - Google'; + static $defaults = [ + 'urlAuthorize' => 'https://accounts.google.com/o/oauth2/v2/auth', + 'urlAccessToken' => 'https://oauth2.googleapis.com/token', + 'urlResourceOwnerDetails' => 'https://www.googleapis.com/gmail/v1/users/me/profile', + 'scopes' => 'https://mail.google.com/', + 'attr_username' => 'emailaddress', + 'attr_email' => 'emailaddress', + 'attr_givenname' => 'given_name', + 'attr_surname' => 'family_name', + ]; + static $urlOptions = [ + 'responseType' => 'code', + 'access_type' => 'offline', + 'prompt' => 'consent', + 'scope' => ['https://mail.google.com/'], + ]; +} + +class MicrosoftEmailOauth2Provider extends GenericOauth2Provider { + static $id = 'oauth2:msmail'; + static $name = 'OAuth2 - Microsoft'; + static $defaults = [ + 'urlAuthorize' => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize', + 'urlAccessToken' => 'https://login.microsoftonline.com/common/oauth2/v2.0/token', + 'urlResourceOwnerDetails' => 'https://outlook.office.com/api/v1.0/me', + 'scopes' => 'offline_access https://outlook.office.com/IMAP.AccessAsUser.All', + 'attr_username' => 'mail', + 'attr_email' => 'mail', + 'attr_givenname' => 'givenname', + 'attr_surname' => 'surname', + ]; + static $urlOptions = [ + 'tenant' => 'common', + 'accessType' => 'offline_access', + 'scope' => 'offline_access https://outlook.office.com/IMAP.AccessAsUser.All', + ]; +} + +?> diff --git a/auth-oauth2/plugin.php b/auth-oauth2/plugin.php new file mode 100644 index 00000000..c9b2dc6d --- /dev/null +++ b/auth-oauth2/plugin.php @@ -0,0 +1,21 @@ + 'auth:oath2', # notrans + 'version' => '0.1', + 'name' => /* trans */ 'Oauth2 Client', + 'author' => 'Peter Rotich ', + 'description' => /* trans */ 'Provides a configurable Oauth2 authentication and authorization backends. backends.', + 'url' => 'http://www.osticket.com/', + 'plugin' => 'auth.php:OAuth2Plugin', + 'requires' => array( + "league/oauth2-client" => array( + "version" => "*", + "map" => array( + "league/oauth2-client/src" => 'lib/League/OAuth2/Client', + 'guzzlehttp/guzzle/src' => 'lib/GuzzleHttp', + 'guzzlehttp/psr7/src/' => 'lib/Psr7', + ) + ), + ), +); +?> From f5f722becd779e12e8c33c0fbf5b15f0c0b2382e Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Sat, 2 Jul 2022 17:32:21 +0000 Subject: [PATCH 114/160] oauth: Retire the OLD OAuth Plugin Plugin replaced by auth-oauth2 --- auth-oauth/authentication.php | 32 ------- auth-oauth/config.php | 45 ---------- auth-oauth/google.php | 152 ---------------------------------- auth-oauth/plugin.php | 23 ----- 4 files changed, 252 deletions(-) delete mode 100644 auth-oauth/authentication.php delete mode 100644 auth-oauth/config.php delete mode 100644 auth-oauth/google.php delete mode 100644 auth-oauth/plugin.php diff --git a/auth-oauth/authentication.php b/auth-oauth/authentication.php deleted file mode 100644 index 9adc349a..00000000 --- a/auth-oauth/authentication.php +++ /dev/null @@ -1,32 +0,0 @@ -getConfig(); - - # ----- Google Plus --------------------- - $google = $config->get('g-enabled'); - if (in_array($google, array('all', 'staff'))) { - require_once('google.php'); - StaffAuthenticationBackend::register( - new GoogleStaffAuthBackend($this->getConfig())); - } - if (in_array($google, array('all', 'client'))) { - require_once('google.php'); - UserAuthenticationBackend::register( - new GoogleClientAuthBackend($this->getConfig())); - } - } -} - -require_once(INCLUDE_DIR.'UniversalClassLoader.php'); -use Symfony\Component\ClassLoader\UniversalClassLoader_osTicket; -$loader = new UniversalClassLoader_osTicket(); -$loader->registerNamespaceFallbacks(array( - dirname(__file__).'/lib')); -$loader->register(); diff --git a/auth-oauth/config.php b/auth-oauth/config.php deleted file mode 100644 index 2f767428..00000000 --- a/auth-oauth/config.php +++ /dev/null @@ -1,45 +0,0 @@ - $__('Authentication'), - 'choices' => array( - '0' => $__('Disabled'), - 'staff' => $__('Agents Only'), - 'client' => $__('Clients Only'), - 'all' => $__('Agents and Clients'), - ), - )); - return array( - 'google' => new SectionBreakField(array( - 'label' => $__('Google+ Authentication'), - )), - 'g-client-id' => new TextboxField(array( - 'label' => $__('Client ID'), - 'configuration' => array('size'=>60, 'length'=>100), - )), - 'g-client-secret' => new TextboxField(array( - 'label' => $__('Client Secret'), - 'configuration' => array('size'=>60, 'length'=>100), - )), - 'g-enabled' => clone $modes, - ); - } -} diff --git a/auth-oauth/google.php b/auth-oauth/google.php deleted file mode 100644 index d79d04e0..00000000 --- a/auth-oauth/google.php +++ /dev/null @@ -1,152 +0,0 @@ -config = $config; - } - - function triggerAuth() { - $self = $this; - return Auth2::legs(3) - ->set('id', $this->config->get('g-client-id')) - ->set('secret', $this->config->get('g-client-secret')) - ->set('redirect', 'http://' . $_SERVER['HTTP_HOST'] - . ROOT_PATH . 'api/auth/ext') - ->set('scope', 'profile email') - - ->authorize('https://accounts.google.com/o/oauth2/auth') - ->access('https://accounts.google.com/o/oauth2/token') - - ->finally(function($data) use ($self) { - $self->access_token = $data['access_token']; - }); - } -} - -class GoogleStaffAuthBackend extends ExternalStaffAuthenticationBackend { - static $id = "google"; - static $name = "Google Plus"; - - static $sign_in_image_url = "https://developers.google.com/+/images/branding/sign-in-buttons/White-signin_Long_base_44dp.png"; - static $service_name = "Google+"; - - var $config; - - function __construct($config) { - $this->config = $config; - $this->google = new GoogleAuth($config); - } - - function signOn() { - // TODO: Check session for auth token - if (isset($_SESSION[':oauth']['email'])) { - if (($staff = StaffSession::lookup(array('email' => $_SESSION[':oauth']['email']))) - && $staff->getId() - ) { - if (!$staff instanceof StaffSession) { - // osTicket <= v1.9.7 or so - $staff = new StaffSession($user->getId()); - } - return $staff; - } - else - $_SESSION['_staff']['auth']['msg'] = 'Have your administrator create a local account'; - } - } - - static function signOut($user) { - parent::signOut($user); - unset($_SESSION[':oauth']); - } - - - function triggerAuth() { - parent::triggerAuth(); - $google = $this->google->triggerAuth(); - $google->GET( - "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=" - . $this->google->access_token) - ->then(function($response) { - require_once INCLUDE_DIR . 'class.json.php'; - if ($json = JsonDataParser::decode($response->text)) - $_SESSION[':oauth']['email'] = $json['email']; - Http::redirect(ROOT_PATH . 'scp'); - } - ); - } -} - -class GoogleClientAuthBackend extends ExternalUserAuthenticationBackend { - static $id = "google.client"; - static $name = "Google Plus"; - - static $sign_in_image_url = "https://developers.google.com/+/images/branding/sign-in-buttons/Red-signin_Long_base_44dp.png"; - static $service_name = "Google+"; - - function __construct($config) { - $this->config = $config; - $this->google = new GoogleAuth($config); - } - - function supportsInteractiveAuthentication() { - return false; - } - - function signOn() { - // TODO: Check session for auth token - if (isset($_SESSION[':oauth']['email'])) { - if (($acct = ClientAccount::lookupByUsername($_SESSION[':oauth']['email'])) - && $acct->getId() - && ($client = new ClientSession(new EndUser($acct->getUser())))) - return $client; - - elseif (isset($_SESSION[':oauth']['profile'])) { - // TODO: Prepare ClientCreateRequest - $profile = $_SESSION[':oauth']['profile']; - $info = array( - 'email' => $_SESSION[':oauth']['email'], - 'name' => $profile['displayName'], - ); - return new ClientCreateRequest($this, $info['email'], $info); - } - } - } - - static function signOut($user) { - parent::signOut($user); - unset($_SESSION[':oauth']); - } - - function triggerAuth() { - require_once INCLUDE_DIR . 'class.json.php'; - parent::triggerAuth(); - $google = $this->google->triggerAuth(); - $token = $this->google->access_token; - $google->GET( - "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=" - . $token) - ->then(function($response) use ($google, $token) { - if (!($json = JsonDataParser::decode($response->text))) - return; - $_SESSION[':oauth']['email'] = $json['email']; - $google->GET( - "https://www.googleapis.com/plus/v1/people/me?access_token=" - . $token) - ->then(function($response) { - if (!($json = JsonDataParser::decode($response->text))) - return; - $_SESSION[':oauth']['profile'] = $json; - Http::redirect(ROOT_PATH . 'login.php'); - } - ); - } - ); - } -} - - diff --git a/auth-oauth/plugin.php b/auth-oauth/plugin.php deleted file mode 100644 index 589d2739..00000000 --- a/auth-oauth/plugin.php +++ /dev/null @@ -1,23 +0,0 @@ - 'auth:oath2', # notrans - 'version' => '0.1', - 'name' => /* trans */ 'Oauth2 Authentication and Lookup', - 'author' => 'Jared Hancock', - 'description' => /* trans */ 'Provides a configurable authentication backend - for authenticating staff and clients using an OAUTH2 server - interface.', - 'url' => 'http://www.osticket.com/plugins/auth/oauth', - 'plugin' => 'authentication.php:OauthAuthPlugin', - 'requires' => array( - "ohmy/auth" => array( - "version" => "*", - "map" => array( - "ohmy/auth/src" => 'lib', - ) - ), - ), -); - -?> From 2ca1492d03300e57c947905a177fc4f68690dcf7 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Sat, 2 Jul 2022 17:47:05 +0000 Subject: [PATCH 115/160] oauth2: Require osTicket v1.17 --- auth-oauth2/plugin.php | 1 + 1 file changed, 1 insertion(+) diff --git a/auth-oauth2/plugin.php b/auth-oauth2/plugin.php index c9b2dc6d..6d13fa23 100644 --- a/auth-oauth2/plugin.php +++ b/auth-oauth2/plugin.php @@ -2,6 +2,7 @@ return array( 'id' => 'auth:oath2', # notrans 'version' => '0.1', + 'ost_version' => '1.17', # Require osTicket v1.17+ 'name' => /* trans */ 'Oauth2 Client', 'author' => 'Peter Rotich ', 'description' => /* trans */ 'Provides a configurable Oauth2 authentication and authorization backends. backends.', From b6cecc11d3e75d6fda815a6569c60eab913596cf Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Sat, 2 Jul 2022 17:48:33 +0000 Subject: [PATCH 116/160] gitignore: Ignore lib and include directories --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index b49dd722..4397360e 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,10 @@ stage # Ignore compiled phar files *.phar +# Ignore hydrated libs & include dir +**/lib +**/include + # Ignore installed dependencies and composer if placed here lib/* !/lib/pear-pear.php.net/ From 0b507df1f29dc49e9a208803cccc95a9b72fd195 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Wed, 6 Jul 2022 01:08:37 +0000 Subject: [PATCH 117/160] oauth2: Email Authorization Backend Make sure OAuth2 Plugin is active when triggering email authorization. --- auth-oauth2/oauth2.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index 78bfcb18..eba1ea63 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -419,6 +419,8 @@ function addPluginInstance($vars, &$errors) { function getEmailAuthBackend($id) { list($auth, $a, $i) = self::parseId($id); if (!strcasecmp($auth, $this->getId()) + && ($plugin=$this->getPlugin()) + && $plugin->isActive() && ($instance=$this->getPluginInstance((int) $i)) && ($config=$instance->getConfig()) && ($account=EmailAccount::lookup((int) $a)) From 64a75926b807c76b1ad790bc3ac860ad6eaa648a Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Wed, 6 Jul 2022 01:10:11 +0000 Subject: [PATCH 118/160] oauth2: Hydrate the correct libs src. --- auth-oauth2/plugin.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/auth-oauth2/plugin.php b/auth-oauth2/plugin.php index 6d13fa23..fbda54c4 100644 --- a/auth-oauth2/plugin.php +++ b/auth-oauth2/plugin.php @@ -14,7 +14,10 @@ "map" => array( "league/oauth2-client/src" => 'lib/League/OAuth2/Client', 'guzzlehttp/guzzle/src' => 'lib/GuzzleHttp', - 'guzzlehttp/psr7/src/' => 'lib/Psr7', + 'psr/http-client/src' => 'lib/Psr/Http/Client', + 'psr/http-factory/src' => 'lib/Psr/Http/Factory', + 'psr/http-message/src' => 'lib/Psr/Http/Message', + ) ), ), From df8d4d68775c9304e754ceeea7d87b5948bd3609 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Tue, 12 Jul 2022 16:31:30 +0000 Subject: [PATCH 119/160] auth-oauth2: Match osTicket changes for Plugin Config init. --- auth-oauth2/oauth2.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index eba1ea63..5b9091e8 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -387,8 +387,11 @@ function getPlugin() { function getConfig($instance=null) { if ($instance && !is_object($instance)) $instance = $this->getPluginInstance($instance); - if (!isset($this->config) || $instance) - $this->config = new BasicOAuth2Config($instance); + if (!isset($this->config) || $instance) { + $this->config = new BasicOAuth2Config($instance ? + $instance->getNamespace() : null); + $this->config->setInstance($instance); + } return $this->config; } From c91489f2fa10f2ee766b1003d2b72e7c9121c31a Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Wed, 13 Jul 2022 17:30:10 +0000 Subject: [PATCH 120/160] auth-oauth2: Add GuzzleHttp/{Psr7,Promise} --- auth-oauth2/plugin.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/auth-oauth2/plugin.php b/auth-oauth2/plugin.php index fbda54c4..21f36be1 100644 --- a/auth-oauth2/plugin.php +++ b/auth-oauth2/plugin.php @@ -14,6 +14,8 @@ "map" => array( "league/oauth2-client/src" => 'lib/League/OAuth2/Client', 'guzzlehttp/guzzle/src' => 'lib/GuzzleHttp', + 'guzzlehttp/psr7/src' => 'lib/GuzzleHttp/Psr7', + 'guzzlehttp/promises/src' => 'lib/GuzzleHttp/Promise', 'psr/http-client/src' => 'lib/Psr/Http/Client', 'psr/http-factory/src' => 'lib/Psr/Http/Factory', 'psr/http-message/src' => 'lib/Psr/Http/Message', From cb9dcfe68a18f20a01f6ef0353c66dcb094c9a5e Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Tue, 19 Jul 2022 04:03:56 +0000 Subject: [PATCH 121/160] auth-oauth2: Use PasswordField for ClientSecret Password Field supports auto encrypt/decrypt --- auth-oauth2/config.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/auth-oauth2/config.php b/auth-oauth2/config.php index b547c687..d6e4c4e4 100644 --- a/auth-oauth2/config.php +++ b/auth-oauth2/config.php @@ -137,14 +137,17 @@ function getOptions() { ) ) ), - 'clientSecret' => new TextboxField( + 'clientSecret' => new PasswordField( array( + 'widget' => 'PasswordWidget', 'label' => $__('Client Secret'), 'hint' => $__('IdP Client Secret'), - 'required' => true, + 'required' => !$this->getClientSecret(), + 'validator' => 'noop', 'configuration' => array( 'size' => 64, - 'length' => 255 + 'length' => 255, + 'key' => $this->getNamespace(), ) ) ), From c267ebcc32bf204d94099465457a4fae1f826cba Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Tue, 19 Jul 2022 04:06:11 +0000 Subject: [PATCH 122/160] auth-oauth2: Force Email Match Make sure authorized email matches local email address. --- auth-oauth2/oauth2.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index 5b9091e8..f5b89279 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -293,7 +293,7 @@ public function callback($resp, $ref=null) { 'resource_owner_id' => $token->getResourceOwnerId(), 'resource_owner_email' => $attrs['email'], ]; - if (0 && !$this->signIn($attrs)) + if (!$this->signIn($attrs)) $errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs); elseif (!$info['refresh_token']) $errors[$err] = $this->error_msg(self::ERR_REFRESH_TOKEN); From 19875a2822e765f040a829fce1bca71c34cebc9c Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Fri, 22 Jul 2022 15:33:50 +0000 Subject: [PATCH 123/160] auth-oauth2: Fix Scopes This commit addresses scopes related issues --- auth-oauth2/config.php | 10 ++++++++-- auth-oauth2/oauth2.php | 18 ++++++++---------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/auth-oauth2/config.php b/auth-oauth2/config.php index d6e4c4e4..0a9ff7b9 100644 --- a/auth-oauth2/config.php +++ b/auth-oauth2/config.php @@ -46,6 +46,11 @@ public function getAttributeFor($name, $default=null) { } public function getClientSettings() { + // Determine scope separator + $scopeSeparator = ','; + if (stripos($this->getAuthorizationUrl(), 'google') !== false) + $scopeSeparator = ' '; + return [ 'clientId' => $this->getClientId(), 'clientSecret' => $this->getClientSecret(), @@ -53,7 +58,9 @@ public function getClientSettings() { 'urlAuthorize' => $this->getAuthorizationUrl(), 'urlAccessToken' => $this->getAccessTokenUrl(), 'urlResourceOwnerDetails' => $this->getResourceOwnerDetailstUrl(), - 'scopes' => $this->getScopes()]; + 'scopes' => $this->getScopes(), + 'scopeSeparator' => $scopeSeparator, + ]; } function translate() { @@ -212,7 +219,6 @@ function getOptions() { 'size' => 64, 'length' => 255 ), - 'default' => OAuth2Plugin::default_scopes(), ) ), 'attr_mapping' => new SectionBreakField(array( diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index f5b89279..2f9462cb 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -384,12 +384,12 @@ function getPlugin() { return $this->plugin; } - function getConfig($instance=null) { + function getConfig($instance=null, $vars=[]) { if ($instance && !is_object($instance)) $instance = $this->getPluginInstance($instance); if (!isset($this->config) || $instance) { $this->config = new BasicOAuth2Config($instance ? - $instance->getNamespace() : null); + $instance->getNamespace() : null, $vars); $this->config->setInstance($instance); } @@ -397,8 +397,8 @@ function getConfig($instance=null) { } function getConfigForm($vars, $id=null) { - return $this->getConfig($id)->getForm($vars ?: - $this->getDefaults()); + $vars = $vars ?: $this->getDefaults(); + return $this->getConfig($id, $vars)->getForm($vars); } function getDefaults() { @@ -551,7 +551,7 @@ class GoogleOauth2Provider extends GenericOauth2Provider { } class MicrosoftOauth2Provider extends GenericOauth2Provider { - static $id = 'oauth2:msmail'; + static $id = 'oauth2:microsoft'; static $name = 'Microsoft'; static $icon = 'icon-windows'; static $defaults = [ @@ -591,7 +591,6 @@ class GoogleEmailOauth2Provider extends GenericOauth2Provider { 'responseType' => 'code', 'access_type' => 'offline', 'prompt' => 'consent', - 'scope' => ['https://mail.google.com/'], ]; } @@ -601,8 +600,9 @@ class MicrosoftEmailOauth2Provider extends GenericOauth2Provider { static $defaults = [ 'urlAuthorize' => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize', 'urlAccessToken' => 'https://login.microsoftonline.com/common/oauth2/v2.0/token', - 'urlResourceOwnerDetails' => 'https://outlook.office.com/api/v1.0/me', - 'scopes' => 'offline_access https://outlook.office.com/IMAP.AccessAsUser.All', + 'urlResourceOwnerDetails' => 'https://outlook.office.com/api/v2.0/me', + // scopes for offline access & mail (IMAP, POP & SMTP) + 'scopes' => 'offline_access, https://outlook.office.com/IMAP.AccessAsUser.All, https://outlook.office.com/POP.AccessAsUser.All, https://outlook.office.com/SMTP.Send', 'attr_username' => 'mail', 'attr_email' => 'mail', 'attr_givenname' => 'givenname', @@ -611,8 +611,6 @@ class MicrosoftEmailOauth2Provider extends GenericOauth2Provider { static $urlOptions = [ 'tenant' => 'common', 'accessType' => 'offline_access', - 'scope' => 'offline_access https://outlook.office.com/IMAP.AccessAsUser.All', ]; } - ?> From f5e1f541270bbb1828f564c05967c3bd3fb9b145 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Mon, 1 Aug 2022 18:06:24 +0000 Subject: [PATCH 124/160] auth-oauth2: Outlook Office Scopes This commit changes Outlook office scopes separator to space. It also sets separator to comma when scopes are command separated as entered. --- auth-oauth2/config.php | 18 ++++++++++-------- auth-oauth2/oauth2.php | 3 +-- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/auth-oauth2/config.php b/auth-oauth2/config.php index 0a9ff7b9..3afaf4a6 100644 --- a/auth-oauth2/config.php +++ b/auth-oauth2/config.php @@ -46,21 +46,23 @@ public function getAttributeFor($name, $default=null) { } public function getClientSettings() { - // Determine scope separator - $scopeSeparator = ','; - if (stripos($this->getAuthorizationUrl(), 'google') !== false) - $scopeSeparator = ' '; - - return [ + $scopes = $this->getScopes(); + $settings = [ 'clientId' => $this->getClientId(), 'clientSecret' => $this->getClientSecret(), 'redirectUri' => $this->getRedirectUri(), 'urlAuthorize' => $this->getAuthorizationUrl(), 'urlAccessToken' => $this->getAccessTokenUrl(), 'urlResourceOwnerDetails' => $this->getResourceOwnerDetailstUrl(), - 'scopes' => $this->getScopes(), - 'scopeSeparator' => $scopeSeparator, + 'scopes' => $scopes, ]; + + // Use comma separator when we have more than one scopes - this is + // because scopes string is comma exploded. + if ($scopes && count($scopes) > 1) + $settings['scopeSeparator'] = ','; + + return $settings; } function translate() { diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index 2f9462cb..d7d5d0ef 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -601,8 +601,7 @@ class MicrosoftEmailOauth2Provider extends GenericOauth2Provider { 'urlAuthorize' => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize', 'urlAccessToken' => 'https://login.microsoftonline.com/common/oauth2/v2.0/token', 'urlResourceOwnerDetails' => 'https://outlook.office.com/api/v2.0/me', - // scopes for offline access & mail (IMAP, POP & SMTP) - 'scopes' => 'offline_access, https://outlook.office.com/IMAP.AccessAsUser.All, https://outlook.office.com/POP.AccessAsUser.All, https://outlook.office.com/SMTP.Send', + 'scopes' => 'offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send', 'attr_username' => 'mail', 'attr_email' => 'mail', 'attr_givenname' => 'givenname', From 7ebe42f261846846d366f9350d1bdf51b9200266 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Mon, 1 Aug 2022 18:09:03 +0000 Subject: [PATCH 125/160] auth-oauth2: Change version to 0.2 This commit changes the plugin version to 0.2 due to recent changes since 0.1 release --- auth-oauth2/plugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-oauth2/plugin.php b/auth-oauth2/plugin.php index 21f36be1..ddc9f53c 100644 --- a/auth-oauth2/plugin.php +++ b/auth-oauth2/plugin.php @@ -1,7 +1,7 @@ 'auth:oath2', # notrans - 'version' => '0.1', + 'version' => '0.2', 'ost_version' => '1.17', # Require osTicket v1.17+ 'name' => /* trans */ 'Oauth2 Client', 'author' => 'Peter Rotich ', From 276b91afd9efb56bac3b922ba9ed58f9541da80f Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Thu, 4 Aug 2022 18:48:44 +0000 Subject: [PATCH 126/160] auth-oauth2: Email Address Attribute This commit exposes email address atrribute setting when configuring an instance via email interface. --- auth-oauth2/config.php | 23 ++++++++++++++++------- auth-oauth2/oauth2.php | 2 +- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/auth-oauth2/config.php b/auth-oauth2/config.php index 3afaf4a6..7b8124ac 100644 --- a/auth-oauth2/config.php +++ b/auth-oauth2/config.php @@ -215,8 +215,8 @@ function getOptions() { 'scopes' => new TextboxField( array( 'label' => $__('Scopes'), - 'hint' => $__('Comma or Space separated scopes depending - on IdP requirements'), + 'hint' => $__('Comma or Space separated scopes depending on IdP requirements'), + 'required' => true, 'configuration' => array( 'size' => 64, 'length' => 255 @@ -255,12 +255,21 @@ function getOptions() { } } -class BasicOAuth2Config extends OAuth2Config { +class OAuth2EmailConfig extends OAuth2Config { // Only get the basic field options function getOptions() { - return array_intersect_key(parent::getOptions(), - array_flip(['clientId', 'clientSecret', 'urlAuthorize', - 'urlAccessToken', 'urlResourceOwnerDetails', - 'redirectUri', 'scopes'])); + list($__, $_N) = self::translate(); + $basic = array_flip(['clientId', 'clientSecret', 'urlAuthorize', + 'urlAccessToken', 'urlResourceOwnerDetails', 'attr_email', + 'scopes', 'redirectUri']); + $fields = array_merge($basic, array_intersect_key( + parent::getOptions(), $basic)); + $fields['attr_email'] = new TextboxField(array( + 'label' => $__('Email Address Attribute'), + 'hint' => $__('Please consult your provider docs for the correct attribute to use'), + 'required' => true, + )); + + return $fields; } } diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index d7d5d0ef..f1581f55 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -388,7 +388,7 @@ function getConfig($instance=null, $vars=[]) { if ($instance && !is_object($instance)) $instance = $this->getPluginInstance($instance); if (!isset($this->config) || $instance) { - $this->config = new BasicOAuth2Config($instance ? + $this->config = new OAuth2EmailConfig($instance ? $instance->getNamespace() : null, $vars); $this->config->setInstance($instance); } From 2145f555df1a6e75aac5faaea6cbac11a94ad145 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Thu, 4 Aug 2022 18:50:39 +0000 Subject: [PATCH 127/160] auth-oauth2: Email Attribute Error Add ERR_EMAIL_ATTR error to help hint that the attribute is wrong. --- auth-oauth2/oauth2.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index f1581f55..a36fd33d 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -261,8 +261,9 @@ class OAuth2EmailAuthBackend implements OAuth2AuthBackend { public $account; const ERR_UNKNOWN = 0; - const ERR_EMAIL_MISMATCH = 1; - const ERR_REFRESH_TOKEN = 2; + const ERR_EMAIL_ATTR = 1; + const ERR_EMAIL_MISMATCH = 2; + const ERR_REFRESH_TOKEN = 3; function getEmailId() { return $this->account->getEmailId(); @@ -293,7 +294,9 @@ public function callback($resp, $ref=null) { 'resource_owner_id' => $token->getResourceOwnerId(), 'resource_owner_email' => $attrs['email'], ]; - if (!$this->signIn($attrs)) + if (!isset($attrs['email'])) + $errors[$err] = $this->error_msg(self::ERR_EMAIL_ATTR, $attrs); + elseif (!$this->signIn($attrs)) $errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs); elseif (!$info['refresh_token']) $errors[$err] = $this->error_msg(self::ERR_REFRESH_TOKEN); @@ -339,6 +342,9 @@ private function onSignIn() { private function error_msg($errorno, $attrs=[]) { switch ($errorno) { + case self::ERR_EMAIL_ATTR: + return __('Invalid Email Atrribute'); + break; case self::ERR_EMAIL_MISMATCH: return sprintf(__('Email Mismatch: Expecting Authorization for %s not %s'), $this->getEmailAddress(), From a24afc5145a40dc53d001f187dca8dfdf5d6df49 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Fri, 5 Aug 2022 04:45:11 +0000 Subject: [PATCH 128/160] auth-oauth2: Move Scopes Up This commits moves scopes up the list of inputs when configuring an instance via basic/email interface. --- auth-oauth2/config.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/auth-oauth2/config.php b/auth-oauth2/config.php index 7b8124ac..0de2cc65 100644 --- a/auth-oauth2/config.php +++ b/auth-oauth2/config.php @@ -259,9 +259,9 @@ class OAuth2EmailConfig extends OAuth2Config { // Only get the basic field options function getOptions() { list($__, $_N) = self::translate(); - $basic = array_flip(['clientId', 'clientSecret', 'urlAuthorize', - 'urlAccessToken', 'urlResourceOwnerDetails', 'attr_email', - 'scopes', 'redirectUri']); + $basic = array_flip(['clientId', 'clientSecret', 'scopes', + 'urlAuthorize', 'urlAccessToken', 'urlResourceOwnerDetails', + 'attr_email', 'redirectUri']); $fields = array_merge($basic, array_intersect_key( parent::getOptions(), $basic)); $fields['attr_email'] = new TextboxField(array( From 9346b14f18168a0301b7e470e6d5df0106da810c Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Fri, 5 Aug 2022 04:48:40 +0000 Subject: [PATCH 129/160] auth-oauth2: Change version to 0.3 --- auth-oauth2/plugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-oauth2/plugin.php b/auth-oauth2/plugin.php index ddc9f53c..240b4469 100644 --- a/auth-oauth2/plugin.php +++ b/auth-oauth2/plugin.php @@ -1,7 +1,7 @@ 'auth:oath2', # notrans - 'version' => '0.2', + 'version' => '0.3', 'ost_version' => '1.17', # Require osTicket v1.17+ 'name' => /* trans */ 'Oauth2 Client', 'author' => 'Peter Rotich ', From faaea9d944082ee3e7e44eaa678bee126a605cf2 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Mon, 22 Aug 2022 16:06:54 +0000 Subject: [PATCH 130/160] auth-oauth2: Remove maxlength restriction on Config fields This commits removes maxlength restriction on config fields since the url used can be terrifically long depending on the provider. --- auth-oauth2/config.php | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/auth-oauth2/config.php b/auth-oauth2/config.php index 0de2cc65..d5492c88 100644 --- a/auth-oauth2/config.php +++ b/auth-oauth2/config.php @@ -142,7 +142,7 @@ function getOptions() { 'required' => true, 'configuration' => array( 'size' => 64, - 'length' => 255 + 'length' => 0 ) ) ), @@ -155,7 +155,7 @@ function getOptions() { 'validator' => 'noop', 'configuration' => array( 'size' => 64, - 'length' => 255, + 'length' => 0, 'key' => $this->getNamespace(), ) ) @@ -167,7 +167,7 @@ function getOptions() { 'required' => true, 'configuration' => array( 'size' => 64, - 'length' => 255 + 'length' => 0 ), 'validators' => function($f, $v) { if (!preg_match('[\.*(/api/auth/oauth2)$]isu', $v)) @@ -183,7 +183,7 @@ function getOptions() { 'required' => true, 'configuration' => array( 'size' => 64, - 'length' => 255 + 'length' => 0 ), 'default' => '', ) @@ -195,7 +195,7 @@ function getOptions() { 'required' => true, 'configuration' => array( 'size' => 64, - 'length' => 255 + 'length' => 0 ), 'default' => '', ) @@ -207,7 +207,7 @@ function getOptions() { 'required' => true, 'configuration' => array( 'size' => 64, - 'length' => 255 + 'length' => 0 ), 'default' => '', ) @@ -219,7 +219,7 @@ function getOptions() { 'required' => true, 'configuration' => array( 'size' => 64, - 'length' => 255 + 'length' => 0 ), ) ), @@ -232,24 +232,40 @@ function getOptions() { 'hint' => $__('Unique User Identifier - Username or Email address'), 'required' => true, 'default' => 'email', + 'configuration' => array( + 'size' => 64, + 'length' => 0 + ), )), 'attr_givenname' => new TextboxField(array( 'label' => $__('Given Name'), 'hint' => $__('First name'), 'default' => 'givenname', + 'configuration' => array( + 'size' => 64, + 'length' => 0 + ), )), 'attr_surname' => new TextboxField(array( 'label' => $__('Surname'), 'hint' => $__('Last name'), 'default' => 'surname', + 'configuration' => array( + 'size' => 64, + 'length' => 0 + ), )), 'attr_email' => new TextboxField(array( 'label' => $__('Email Address'), 'hint' => $__('Email address required to auto-create User accounts. Agents must already exist.'), 'default' => 'email', + 'configuration' => array( + 'size' => 64, + 'length' => 0 + ), )), ); } From e5070cfd754026068084df4cb7f883d50a7bdfde Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Thu, 25 Aug 2022 17:40:13 +0000 Subject: [PATCH 131/160] auth-oauth2: Change M$ default scope and email attr. Use Mail.ReadWrite by default instead of individual scopes. Change the email default atrribute from mail to EmailAddress. --- auth-oauth2/oauth2.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index a36fd33d..10ad5a51 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -607,9 +607,9 @@ class MicrosoftEmailOauth2Provider extends GenericOauth2Provider { 'urlAuthorize' => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize', 'urlAccessToken' => 'https://login.microsoftonline.com/common/oauth2/v2.0/token', 'urlResourceOwnerDetails' => 'https://outlook.office.com/api/v2.0/me', - 'scopes' => 'offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send', - 'attr_username' => 'mail', - 'attr_email' => 'mail', + 'scopes' => 'offline_access https://outlook.office.com/Mail.ReadWrite', + 'attr_username' => 'EmailAddress', + 'attr_email' => 'EmailAddress', 'attr_givenname' => 'givenname', 'attr_surname' => 'surname', ]; From 5f7272794fb39cd691f737337e63eedd668dc9b2 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Thu, 25 Aug 2022 17:42:38 +0000 Subject: [PATCH 132/160] auth-oauth2: Force prompt even on reauthorization. --- auth-oauth2/oauth2.php | 1 + 1 file changed, 1 insertion(+) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index 10ad5a51..d4bc4199 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -616,6 +616,7 @@ class MicrosoftEmailOauth2Provider extends GenericOauth2Provider { static $urlOptions = [ 'tenant' => 'common', 'accessType' => 'offline_access', + 'prompt' => 'consent', ]; } ?> From 6f17fbc92570dd74518701ff3f8348b6d54a87c2 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Mon, 29 Aug 2022 21:25:10 +0000 Subject: [PATCH 133/160] auth-oauth2: Stash Authorization Result Stash authorization result (errors or msg) via email onject before redirecting --- auth-oauth2/oauth2.php | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index d4bc4199..a10ac492 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -269,6 +269,10 @@ function getEmailId() { return $this->account->getEmailId(); } + function getEmail() { + return $this->account->getEmail(); + } + function getEmailAddress() { return $this->account->email->getEmail(); } @@ -306,16 +310,18 @@ public function callback($resp, $ref=null) { } catch (Exception $ex) { $errors[$err] = $ex->getMessage(); } - // stash errors (if any) to session and redirect - $session = &$_SESSION[':email'][$this->getEmailId()]; - $session = []; - if ($errors) { - $session['errors'] = $errors; - } else { - $session['msg'] = sprintf('%s: %s', - $this->account->getType(), - __('OAuth2 Authorization Successful')); - } + + // stash the results before redirecting + $email = $this->getEmail(); + // TODO: check if email implements StashableTrait + if ($errors) + $email->stash('errors', $errors); + else + $email->stash('msg', sprintf('%s: %s', + $this->account->getType(), + __('OAuth2 Authorization Successful') + )); + // redirect back to email page $this->onSignIn(); } From b3729dbe55a74cd27b7aebb27c7a178854dcce7c Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Fri, 2 Sep 2022 23:18:14 +0000 Subject: [PATCH 134/160] auth-oauth2: Add GenericEmailOauth2Provider This is necessay so we can override the default Config class. --- auth-oauth2/oauth2.php | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index a10ac492..59ca6a37 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -317,7 +317,7 @@ public function callback($resp, $ref=null) { if ($errors) $email->stash('errors', $errors); else - $email->stash('msg', sprintf('%s: %s', + $email->stash('notice', sprintf('%s: %s', $this->account->getType(), __('OAuth2 Authorization Successful') )); @@ -579,14 +579,23 @@ class MicrosoftOauth2Provider extends GenericOauth2Provider { } // Authorization Email OAuth Providers -class OtherEmailOauth2Provider extends GenericOauth2Provider { +class GenericEmailOauth2Provider extends GenericOauth2Provider { + function getPluginInstance($id) { + $i = parent::getPluginInstance($id); + // Set config class for Email Authorization Providers + $i->setConfigClass('OAuth2EmailConfig'); + return $i; + } +} + +class OtherEmailOauth2Provider extends GenericEmailOauth2Provider { static $id = 'oauth2:othermail'; static $name = 'OAuth2 - Other Provider'; static $defaults = []; static $urlOptions = []; } -class GoogleEmailOauth2Provider extends GenericOauth2Provider { +class GoogleEmailOauth2Provider extends GenericEmailOauth2Provider { static $id = 'oauth2:gmail'; static $name = 'OAuth2 - Google'; static $defaults = [ @@ -606,7 +615,7 @@ class GoogleEmailOauth2Provider extends GenericOauth2Provider { ]; } -class MicrosoftEmailOauth2Provider extends GenericOauth2Provider { +class MicrosoftEmailOauth2Provider extends GenericEmailOauth2Provider { static $id = 'oauth2:msmail'; static $name = 'OAuth2 - Microsoft'; static $defaults = [ From 06a31e0d1d815388d2a987df5a4910c4d297dc13 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Fri, 2 Sep 2022 23:21:31 +0000 Subject: [PATCH 135/160] auth-oauth2: OAuth2 Config Improvements - Restructure fields and add visibility options - Add pre_save to reject Authorization updates via plugin interface --- auth-oauth2/auth.php | 7 +- auth-oauth2/config.php | 188 +++++++++++++++++++++++++++++------------ 2 files changed, 140 insertions(+), 55 deletions(-) diff --git a/auth-oauth2/auth.php b/auth-oauth2/auth.php index 1cffe0f8..1d86fd28 100644 --- a/auth-oauth2/auth.php +++ b/auth-oauth2/auth.php @@ -99,11 +99,12 @@ public function init() { } public function bootstrap() { - // Get sideloaded instance config + // Get sideloaded instance config - this is neccessary for backwards + // compatibility before multi-instance support $config = $this->getConfig(); // Only register Authentication backends Authorization Backends are - // done on-demand. - if ($config->get('auth_type') == 'auth') + // done on-demand via Email Account interface + if ($config && $config->isAuthen()) self::registerAuthBackends($config); } } diff --git a/auth-oauth2/config.php b/auth-oauth2/config.php index d5492c88..e579a768 100644 --- a/auth-oauth2/config.php +++ b/auth-oauth2/config.php @@ -4,6 +4,19 @@ class OAuth2Config extends PluginConfig { + public function getAuthType() { + return $this->get('auth_type', 'auth'); + } + + public function isAutho() { + return ($this->getAuthType() + && !strcasecmp($this->getAuthType(), 'autho')); + } + + public function isAuthen() { + return !$this->isAutho(); + } + public function getName() { return $this->get('auth_name'); } @@ -69,7 +82,7 @@ function translate() { return Plugin::translate('auth-oauth2'); } - function getOptions() { + function getAllOptions() { list($__, $_N) = self::translate(); return array( 'auth_settings' => new SectionBreakField(array( @@ -86,20 +99,6 @@ function getOptions() { ) ) ), - 'auth_type' => new ChoiceField(array( - 'label' => $__('Type'), - 'hint' => $__('OAuth2 Type'), - 'required' => true, - 'choices' => array( - 'auth' => $__('Authentication'), - 'autho' => $__('Authorization'), - ), - 'configuration' => array( - 'disabled' => false, - ), - 'default' => 'auth', - ) - ), 'auth_target' => new ChoiceField(array( 'label' => $__('Authentication Target'), 'hint' => $__('Target Audience'), @@ -132,17 +131,48 @@ function getOptions() { ) ), 'idp' => new SectionBreakField(array( - 'label' => $__('Identity Provider (IdP) Details'), - 'hint' => $__('Details for third-party identity provider'), + 'label' => $__('OAuth2 Provider (IdP) Details'), + 'hint' => $__('Authorization instances can be added via Email Account interface'), )), + 'auth_type' => new ChoiceField(array( + 'label' => $__('Type'), + 'hint' => $__('OAuth2 Client Type'), + 'required' => true, + 'choices' => array( + 'auth' => $__('Authentication'), + 'autho' => $__('Authorization'), + ), + 'configuration' => array( + 'disabled' => true, + ), + 'default' => $this->getAuthType(), + ) + ), + 'redirectUri' => new TextboxField( + array( + 'label' => $__('Redirect URI'), + 'hint' => $__('Callback Endpoint'), + 'required' => true, + 'configuration' => array( + 'size' => 64, + 'length' => 0 + ), + 'validators' => function($f, $v) { + if (!preg_match('[\.*(/api/auth/oauth2)$]isu', $v)) + $f->addError(__('Must be a valid API endpont')); + }, + 'default' => OAuth2Plugin::callback_url(), + ) + ), 'clientId' => new TextboxField( array( 'label' => $__('Client Id'), - 'hint' => $__('IdP Client / Application Identifier'), + 'hint' => $__('Client Identifier (Id)'), 'required' => true, 'configuration' => array( 'size' => 64, - 'length' => 0 + 'length' => 0, + 'placeholder' => $__('Client Id') ) ) ), @@ -150,32 +180,19 @@ function getOptions() { array( 'widget' => 'PasswordWidget', 'label' => $__('Client Secret'), - 'hint' => $__('IdP Client Secret'), + 'hint' => $__('Client Secret'), 'required' => !$this->getClientSecret(), 'validator' => 'noop', 'configuration' => array( 'size' => 64, 'length' => 0, 'key' => $this->getNamespace(), + 'placeholder' => $this->getClientSecret() + ? str_repeat('•', strlen($this->getClientSecret())) + : $__('Client Secret'), ) ) ), - 'redirectUri' => new TextboxField( - array( - 'label' => $__('Callback Endpoint'), - 'hint' => $__('Redirect Uri'), - 'required' => true, - 'configuration' => array( - 'size' => 64, - 'length' => 0 - ), - 'validators' => function($f, $v) { - if (!preg_match('[\.*(/api/auth/oauth2)$]isu', $v)) - $f->addError(__('Must be a valid API endpont')); - }, - 'default' => OAuth2Plugin::callback_url(), - ) - ), 'urlAuthorize' => new TextboxField( array( 'label' => $__('Authorization Endpoint'), @@ -236,7 +253,10 @@ function getOptions() { 'size' => 64, 'length' => 0 ), - + 'visibility' => new VisibilityConstraint( + new Q(array('auth_type__eq' => 'auth')), + VisibilityConstraint::HIDDEN + ), )), 'attr_givenname' => new TextboxField(array( 'label' => $__('Given Name'), @@ -246,6 +266,10 @@ function getOptions() { 'size' => 64, 'length' => 0 ), + 'visibility' => new VisibilityConstraint( + new Q(array('auth_type__eq' => 'auth')), + VisibilityConstraint::HIDDEN + ), )), 'attr_surname' => new TextboxField(array( @@ -256,7 +280,10 @@ function getOptions() { 'size' => 64, 'length' => 0 ), - + 'visibility' => new VisibilityConstraint( + new Q(array('auth_type__eq' => 'auth')), + VisibilityConstraint::HIDDEN + ), )), 'attr_email' => new TextboxField(array( 'label' => $__('Email Address'), @@ -269,23 +296,80 @@ function getOptions() { )), ); } -} -class OAuth2EmailConfig extends OAuth2Config { - // Only get the basic field options function getOptions() { - list($__, $_N) = self::translate(); - $basic = array_flip(['clientId', 'clientSecret', 'scopes', - 'urlAuthorize', 'urlAccessToken', 'urlResourceOwnerDetails', - 'attr_email', 'redirectUri']); - $fields = array_merge($basic, array_intersect_key( - parent::getOptions(), $basic)); - $fields['attr_email'] = new TextboxField(array( - 'label' => $__('Email Address Attribute'), - 'hint' => $__('Please consult your provider docs for the correct attribute to use'), - 'required' => true, - )); + return $this->getAllOptions(); + } + function getFields() { + list($__, $_N) = self::translate(); + switch ($this->getAuthType()) { + case 'autho': + // Authorization fields + $base = array_flip(['idp', 'auth_type', 'redirectUri', 'clientId', 'clientSecret', + 'urlAuthorize', 'urlAccessToken', + 'urlResourceOwnerDetails', 'scopes', 'attr_email', + ]); + $fields = array_merge($base, array_intersect_key( + $this->getAllOptions(), $base)); + $fields['attr_email'] = new TextboxField([ + 'label' => $__('Email Address Attribute'), + 'hint' => $__('Please consult your provider docs for the correct attribute to use'), + 'required' => true, + ]); + break; + case 'auth': + default: + $fields = $this->getOptions(); + break; + } return $fields; } + + function pre_save(&$config, &$errors) { + list($__, $_N) = self::translate(); + // Authorization instances can only be managed via Email Account + // interface at the moment. + if ($this->isAutho()) + $errors['err'] = $__('Authorization instances can only be managed via Email Account interface at the moment'); + return !count($errors); + } + + public function getFormOptions() { + list($__, $_N) = self::translate(); + return [ + 'notice' => $this->isAutho() + ? $__('Authorization instances can only be updated via Email Account interface') + : ($this->getClientId() + ? $__('Be careful - changes might break Authentication of the Target Audience') + : '' + ), + ]; + } +} + +class OAuth2EmailConfig extends OAuth2Config { + + public function getAuthType() { + return $this->get('auth_type', 'autho'); + } + + // Notices are handled at Email Account level + public function getFormOptions() { + return []; + } + + // This is necessay so the parent can reject updates on Autho instances via plugins + // intervace which is doesn't have re-authorization capabilities at the + // moment. + function pre_save(&$config, &$errors) { + return true; + } + + function getFields() { + // Remove fields not needed on the Email interface + return array_diff_key(parent::getFields(), + array_flip(['idp', 'auth_type']) + ); + } } From c8cfcf01859e6528c845617a7fe66d51bd481325 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Sat, 3 Sep 2022 02:14:58 +0000 Subject: [PATCH 136/160] auth-oauth2: Change Version to 0.5 --- auth-oauth2/plugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-oauth2/plugin.php b/auth-oauth2/plugin.php index 240b4469..c0a2333a 100644 --- a/auth-oauth2/plugin.php +++ b/auth-oauth2/plugin.php @@ -1,7 +1,7 @@ 'auth:oath2', # notrans - 'version' => '0.3', + 'version' => '0.5', 'ost_version' => '1.17', # Require osTicket v1.17+ 'name' => /* trans */ 'Oauth2 Client', 'author' => 'Peter Rotich ', From 593607fd169b54c55258d88b4104c63ad752bede Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Mon, 19 Sep 2022 22:37:12 +0000 Subject: [PATCH 137/160] auth-oauth2: Add Default Microsoft Endpoints This Commit adds default endpoints and Username attribute for Azure common tenant app. It was not preciously added because endpoints can point to directory specific application. It also adds the posibility to backfill email with principal name if it's an email address. --- auth-oauth2/oauth2.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index 59ca6a37..9312527c 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -134,13 +134,17 @@ private function mapAttributes(array $result) { $attributes = array(); $result = array_change_key_case($result, CASE_LOWER); foreach ($this->attributes as $attr) { - if (!($key=$this->config->getAttributeFor($attr))) + if (!($key=strtolower($this->config->getAttributeFor($attr)))) continue; - $attributes[$attr] = $result[strtolower($key)] ?: null; + $attributes[$attr] = $result[$key] ?: null; } - // Use email as username if none is provided + // Use email as username if none is provided or vice versa! if (!isset($attributes['username']) && isset($attributes['email'])) $attributes['username'] = $attributes['email']; + elseif (!isset($attributes['email']) + && isset($attributes['username']) + && Validator::is_email($attributes['username'])) + $attributes['email'] = $attributes['username']; return $attributes; } @@ -567,11 +571,13 @@ class MicrosoftOauth2Provider extends GenericOauth2Provider { static $name = 'Microsoft'; static $icon = 'icon-windows'; static $defaults = [ + 'urlAuthorize' => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize', + 'urlAccessToken' => 'https://login.microsoftonline.com/common/oauth2/v2.0/token', 'urlResourceOwnerDetails' => 'https://graph.microsoft.com/v1.0/me', 'scopes' => 'https://graph.microsoft.com/.default', 'auth_name' => 'Microsoft', 'auth_service' => 'Azure', - 'attr_username' => 'mail', + 'attr_username' => 'userPrincipalName', 'attr_email' => 'mail', 'attr_givenname' => 'givenname', 'attr_surname' => 'surname', From cf6e72dc0bf4889d2da070f0b035d911a429b268 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Mon, 19 Sep 2022 22:48:22 +0000 Subject: [PATCH 138/160] auth-oauth2: Change Version to 0.6 --- auth-oauth2/plugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-oauth2/plugin.php b/auth-oauth2/plugin.php index c0a2333a..8a4ab9d7 100644 --- a/auth-oauth2/plugin.php +++ b/auth-oauth2/plugin.php @@ -1,7 +1,7 @@ 'auth:oath2', # notrans - 'version' => '0.5', + 'version' => '0.6', 'ost_version' => '1.17', # Require osTicket v1.17+ 'name' => /* trans */ 'Oauth2 Client', 'author' => 'Peter Rotich ', From 2c0fdf79271ff2b1397d54ab3f93f84c76c28f59 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Tue, 27 Sep 2022 20:35:25 +0000 Subject: [PATCH 139/160] hydrate: Expanded matching for files/directories This commit adds support for expanded matching when hydrating libraries. This allows us to only pick part of the library or sdk we need to make the plugin functional without any extra packages. PS: GLOB_BRACE flag used for expanded search is not available on some non GNU systems, like Solaris or Alpine Linux. --- make.php | 9 +++++++++ storage-s3/plugin.php | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/make.php b/make.php index 89bdc074..48afa3f8 100644 --- a/make.php +++ b/make.php @@ -495,6 +495,15 @@ function mapDependencies($options, $lib, $local, $source, $dest) { copy($left, $right); return; } + + // See if we need to do filtering via expandable search + if (preg_match('/{+(.*?)}/', $source)) { + foreach (glob($source, GLOB_BRACE) as $_source) + $this->mapDependencies($options, $lib, $local, $_source, + ($dest.'/'.basename($_source))); + return; + } + foreach ( $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($source, RecursiveDirectoryIterator::SKIP_DOTS), diff --git a/storage-s3/plugin.php b/storage-s3/plugin.php index 41cf9781..373b27ee 100644 --- a/storage-s3/plugin.php +++ b/storage-s3/plugin.php @@ -11,7 +11,7 @@ "aws/aws-sdk-php" => array( 'version' => "3.*", 'map' => array( - 'aws/aws-sdk-php/src' => 'lib/Aws', + 'aws/aws-sdk-php/src/{S3*,*.php}' => 'lib/Aws', 'guzzlehttp/guzzle/src' => 'lib/GuzzleHttp', 'guzzlehttp/promises/src' => 'lib/GuzzleHttp/Promise', 'guzzlehttp/psr7/src/' => 'lib/GuzzleHttp/Psr7', From 3fd8112ecab6db001f3de337daf5d2adc821c54e Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Fri, 30 Sep 2022 07:21:16 +0000 Subject: [PATCH 140/160] storage-s3: v1.17 Compatibility Fixes --- make.php | 2 ++ storage-s3/config.php | 2 +- storage-s3/plugin.php | 6 ++++-- storage-s3/storage.php | 12 ++++++++++-- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/make.php b/make.php index 48afa3f8..6aceaae3 100644 --- a/make.php +++ b/make.php @@ -404,6 +404,8 @@ function _build($plugin, $options) { if (!isset($info['map'])) continue; foreach ($info['map'] as $lib=>$local) { + if (preg_match('/{+(.*?)}/', $lib)) + $lib = dirname($lib); $phar_path = trim($local, '/').'/'; $full = rtrim(dirname(__file__).'/lib/'.$lib,'/').'/'; $files = new RecursiveIteratorIterator( diff --git a/storage-s3/config.php b/storage-s3/config.php index 116b96f4..e655240d 100644 --- a/storage-s3/config.php +++ b/storage-s3/config.php @@ -6,7 +6,7 @@ class S3StoragePluginConfig extends PluginConfig { // Provide compatibility function for versions of osTicket prior to // translation support (v1.9.4) - function translate() { + static function translate() { if (!method_exists('Plugin', 'translate')) { return array( function($x) { return $x; }, diff --git a/storage-s3/plugin.php b/storage-s3/plugin.php index 373b27ee..4a99fc42 100644 --- a/storage-s3/plugin.php +++ b/storage-s3/plugin.php @@ -2,7 +2,8 @@ return array( 'id' => 'storage:s3', - 'version' => '0.3', + 'version' => '0.5', + 'ost_version' => '1.17', # Require osTicket v1.17+ 'name' => /* trans */ 'Attachments hosted in Amazon S3', 'author' => 'Jared Hancock, Kevin Thorne', 'description' => /* trans */ 'Enables storing attachments in Amazon S3', @@ -11,7 +12,8 @@ "aws/aws-sdk-php" => array( 'version' => "3.*", 'map' => array( - 'aws/aws-sdk-php/src/{S3*,*.php}' => 'lib/Aws', + 'aws/aws-sdk-php/src/{Api*,Arn*,ClientSideMonitoring*,Credentials*,DefaultsMode*,Endpoint*,Exception*,Handler*,Retry*,S3*,Signature*,*.php}' => 'lib/Aws', + 'aws/aws-sdk-php/src/data' => 'lib/Aws', 'guzzlehttp/guzzle/src' => 'lib/GuzzleHttp', 'guzzlehttp/promises/src' => 'lib/GuzzleHttp/Promise', 'guzzlehttp/psr7/src/' => 'lib/GuzzleHttp/Psr7', diff --git a/storage-s3/storage.php b/storage-s3/storage.php index 01cb978f..3a717bbf 100644 --- a/storage-s3/storage.php +++ b/storage-s3/storage.php @@ -34,7 +34,7 @@ function __construct($meta) { $credentials['credentials'] = array( 'key' => static::$config['aws-key-id'], 'secret' => Crypto::decrypt(static::$config['secret-access-key'], - SECRET_SALT, static::getConfig()->getNamespace()), + SECRET_SALT, $this->getConfig()->getNamespace()) ); if (static::$config['aws-region']) $credentials['region'] = static::$config['aws-region']; @@ -248,10 +248,18 @@ function getAttrs() { class S3StoragePlugin extends Plugin { var $config_class = 'S3StoragePluginConfig'; + function isMultiInstance() { + return false; + } + function bootstrap() { require_once 'storage.php'; + + //TODO: This needs to target a specific instance + $bucketPath = sprintf('%s%s', $this->getConfig()->get('bucket'), + $this->getConfig()->get('folder') ? '/'. $this->getConfig()->get('folder') : ''); S3StorageBackend::setConfig($this->getConfig()); - S3StorageBackend::$desc = sprintf('S3 (%s)', $this->getConfig()->get('bucket')); + S3StorageBackend::$desc = sprintf('S3 (%s)', $bucketPath); FileStorageBackend::register('3', 'S3StorageBackend'); } } From f52ce37ec8c3cf0c9cf8025982161ca8a3de5b8e Mon Sep 17 00:00:00 2001 From: Thomas Ward Date: Thu, 13 Oct 2022 19:51:39 -0400 Subject: [PATCH 141/160] MS OAuth2: Don't force consent prompt Microsoft OAuth2 endpoints are smart enough that we don't need to tell it to issue a consent prompt. In a number of cases (I tested this with two separate differently configured differently-secured tenants on MS365 today), defining `'prompt' => 'consent'` as one of the url options will force **admin consent** (this is translated to `admin_consent` on the MS365 backend - figured out after a 3 hour power session with MS365 admins and support who discovered this). When you send the OAuth request to MS365, the system is smart enough to determine if you need consent or not, and you do **NOT** need to tell MS365 that a consent window is required. That may be a requisite for other providers, but not MS365 based on the testing I've done. --- auth-oauth2/oauth2.php | 1 - 1 file changed, 1 deletion(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index 9312527c..337c9a17 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -637,7 +637,6 @@ class MicrosoftEmailOauth2Provider extends GenericEmailOauth2Provider { static $urlOptions = [ 'tenant' => 'common', 'accessType' => 'offline_access', - 'prompt' => 'consent', ]; } ?> From 631e83367d5638763ae3c59084b5c39502b8867f Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Wed, 2 Nov 2022 04:51:22 +0000 Subject: [PATCH 142/160] auth-oauth2: Disable Strict Email Matching on Authorization This commit disables strict email match when doing email authorization (getting token). While strict by default was noble, checking for a match is troublesome when a global admin can authorize for an email account or/and its aliases. A strict placeholder flag is set to false default for now with the intention of making it configurable in the future. --- auth-oauth2/oauth2.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index 9312527c..9dc75b76 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -64,6 +64,10 @@ trait OAuth2AuthenticationTrait { private $provider; // debug mode flag private $debug = false; + // Strict flag + // TODO: Make it configurable (checkbox) + private $strict = false; + // SESSION store for data like AuthNRequestID private $session; // Configuration store @@ -105,6 +109,10 @@ function callback($resp, $ref=null) { } } + private function isStrict() { + return (bool) $this->strict; + } + function getId() { return static::$id; } @@ -302,9 +310,10 @@ public function callback($resp, $ref=null) { 'resource_owner_id' => $token->getResourceOwnerId(), 'resource_owner_email' => $attrs['email'], ]; + if (!isset($attrs['email'])) $errors[$err] = $this->error_msg(self::ERR_EMAIL_ATTR, $attrs); - elseif (!$this->signIn($attrs)) + elseif ($this->isStrict() && !$this->signIn($attrs)) $errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs); elseif (!$info['refresh_token']) $errors[$err] = $this->error_msg(self::ERR_REFRESH_TOKEN); From baa0a63d2afedf05d07eb8fbc5d6f361ddd05033 Mon Sep 17 00:00:00 2001 From: aydreeihn Date: Thu, 3 Nov 2022 11:07:14 -0500 Subject: [PATCH 143/160] Issue: Decrease S3 Plugin Size This commit reduces the size of the S3 plugin by only pulling services related to S3 from the AWS SDK. This is done by following the steps outlined here: https://github.com/stobrien89/aws-sdk-php/tree/remove-unused-services/src/Script/Composer --- storage-s3/plugin.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/storage-s3/plugin.php b/storage-s3/plugin.php index 4a99fc42..13ad3101 100644 --- a/storage-s3/plugin.php +++ b/storage-s3/plugin.php @@ -12,8 +12,7 @@ "aws/aws-sdk-php" => array( 'version' => "3.*", 'map' => array( - 'aws/aws-sdk-php/src/{Api*,Arn*,ClientSideMonitoring*,Credentials*,DefaultsMode*,Endpoint*,Exception*,Handler*,Retry*,S3*,Signature*,*.php}' => 'lib/Aws', - 'aws/aws-sdk-php/src/data' => 'lib/Aws', + 'aws/aws-sdk-php/src' => 'lib/Aws', 'guzzlehttp/guzzle/src' => 'lib/GuzzleHttp', 'guzzlehttp/promises/src' => 'lib/GuzzleHttp/Promise', 'guzzlehttp/psr7/src/' => 'lib/GuzzleHttp/Psr7', @@ -24,6 +23,12 @@ ), ), ), + 'scripts' => array( + 'pre-autoload-dump' => 'Aws\\Script\\Composer\\Composer::removeUnusedServices', + ), + 'extra' => array( + 'aws/aws-sdk-php' => 'S3', + ), 'plugin' => 'storage.php:S3StoragePlugin' ); From 1bc8ceffe15bf24e87bbc2a62a0992e4311a4979 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Wed, 30 Nov 2022 08:42:52 +0000 Subject: [PATCH 144/160] auth-oauth2: Resource Owner Email Mismatch When authorizing an email account to obtain a token - some providers, like Office365, allow for global admins to authorize on behalf of the accounts they manage. This is possible when OAuth2 plugin is NOT in strict mode (default: false) - however , on-authorization, the returned resource owner email is set to the authorizing admin email / account which in turn causes account / resource mismatch when the token is used onbehalf of resource owner. This commit changes the plugin so that on mismatch and with strict mode set to false - the email address being authorized is set as the resource owner. --- auth-oauth2/oauth2.php | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index 9dc75b76..2132b08c 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -313,11 +313,23 @@ public function callback($resp, $ref=null) { if (!isset($attrs['email'])) $errors[$err] = $this->error_msg(self::ERR_EMAIL_ATTR, $attrs); - elseif ($this->isStrict() && !$this->signIn($attrs)) - $errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs); elseif (!$info['refresh_token']) $errors[$err] = $this->error_msg(self::ERR_REFRESH_TOKEN); - elseif (!$this->updateCredentials($info, $errors)) + elseif (!$this->signIn($attrs)) { + // On strict mode email mismatch is an error, otherwise + // set email address being authorized as the resource + // owner - with the assumption that a global admin + // authorized the account. + if ($this->isStrict()) + $errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs); + else + $info['resource_owner_email'] = $this->getEmailAddress(); + } + + // Update the credentials if no validation errors + if (!$errors + && !$this->updateCredentials($info, $errors) + && !isset($errors[$err])) $errors[$err] = $this->error_msg(self::ERR_UNKNOWN); } } catch (Exception $ex) { From af8b399c4e7e8e0ae8c042de901a3ada127a9011 Mon Sep 17 00:00:00 2001 From: JediKev Date: Mon, 5 Dec 2022 16:56:36 -0600 Subject: [PATCH 145/160] ldap: Staff Authentication Backend ID This addresses an issue where we are still using the static ID instead of using the Backend ID causing Agent lookups and searches to fail. This updates both places we use the static ID to `getBkId()` instead. This will retrieve the proper Backend ID and will allow Agent lookups and searches to function successfully. --- auth-ldap/authentication.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index b63c1033..6e69a167 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -440,7 +440,7 @@ function lookup($dn) { $hit = $this->_ldap->lookup($dn); if ($hit) { $hit['backend'] = static::$id; - $hit['id'] = static::$id . ':' . $hit['dn']; + $hit['id'] = $this->getBkId() . ':' . $hit['dn']; } return $hit; } @@ -452,7 +452,7 @@ function search($query) { $hits = $this->_ldap->search($query); foreach ($hits as &$h) { $h['backend'] = static::$id; - $h['id'] = static::$id . ':' . $h['dn']; + $h['id'] = $this->getBkId() . ':' . $h['dn']; } return $hits; } From 0ff1fcd390701a016b02859ead7e70d1756f7062 Mon Sep 17 00:00:00 2001 From: JediKev Date: Thu, 2 Feb 2023 14:47:59 -0600 Subject: [PATCH 146/160] oauth2: User/Agent Destination Url This addresses an issue reported on the Forum where you click a direct link from an email or something, you hit the login page, you login via OAuth2 SSO, and when you are redirected back you are not presented with the original URL. This is due to not accounting for the destination URL in the `onSignIn()` methods for the OAuth2 User/Agent backends. This adds a ternary statement that uses the dest URL from the session, otherwise it defaults to the base URL. --- auth-oauth2/oauth2.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index dab021a8..a9845cb7 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -222,7 +222,7 @@ private function signIn($attrs) { } private function onSignIn() { - $this->redirectTo(osTicket::get_base_url().'scp/'); + $this->redirectTo($_SESSION['_staff']['auth']['dest'] ?: osTicket::get_base_url().'scp/'); } } @@ -258,7 +258,7 @@ private function signIn($attrs) { } private function onSignIn() { - $this->redirectTo(osTicket::get_base_url()); + $this->redirectTo($_SESSION['_client']['auth']['dest'] ?: osTicket::get_base_url()); } } From 4cdfa358faa2328b8efa38849902eb071311055b Mon Sep 17 00:00:00 2001 From: JediKev Date: Thu, 2 Feb 2023 15:40:46 -0600 Subject: [PATCH 147/160] ldap: No current() Fatal Error This addresses an issue where `msad` schemas can return `false` when calling `current()` on an LDAP search result. We do not check if `current()` is false before attempting to call `dn()` on it so this adds a check to see if `current()` returns a value before using it. --- auth-ldap/authentication.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index b63c1033..e3afac40 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -386,7 +386,7 @@ function lookupAndSync($username, $dn) { $this->getSearchBase(), sprintf('(|(userPrincipalName=%s)(samAccountName=%s))', $dn, $samid), $opts); - if (!PEAR::isError($r) && $r->count()) + if (!PEAR::isError($r) && $r->count() && $r->current()) $dn = $r->current()->dn(); } From d467c55461b084e2414d78ec441b89721294a0fe Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Thu, 9 Feb 2023 08:09:25 -0800 Subject: [PATCH 148/160] auth-oauth2: Update Refresh Token This commit addresses an issue where Refersh Token expires after 90 days for users using Office 365 as the provider. It turns out Microsoft (Office 365) issues a new Refresh Token everytime Access Token is refreshed, otherwise the original Refresh Token expires after 90 days from the time it was issued. This commit adds the logic to update Refresh Token while refreshing Access Token, **if reissued**. --- auth-oauth2/oauth2.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index dab021a8..50693336 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -465,9 +465,11 @@ function refreshAccessToken($refreshToken, $id, &$errors) { try { $token = $bk->refreshAccessToken($refreshToken); - return [ - 'access_token' => $token->getToken(), - 'expires' => $token->getExpires()]; + return array_filter([ + 'access_token' => $token->getToken(), + 'refresh_token' => $token->getRefreshToken(), + 'expires' => $token->getExpires() + ]); } catch( Exception $ex) { $errors['refresh_token'] = $ex->getMessage(); } From 231acddb12023a3e97e2fa330dd1a13d5894e6e8 Mon Sep 17 00:00:00 2001 From: Marc Banyard Date: Mon, 6 Feb 2023 13:50:12 +0000 Subject: [PATCH 149/160] Fixed issue for Microsoft 365 Shared Mailboxes. This issue has been discussed in the following forum post https://forum.osticket.com/d/101462-oauth2-shared-mailboxes/34 This push fixes and resolves the issue so that the **`resource_owner_email`** is set correctly as the **Shared Mailbox** email on the **_Remote Mailbox_** tab and the **User Mailbox / Global Admin** is set on the **_Outgoing (SMTP)_** tab. The logic for this is - To pickup emails you need to use the email address of the account that emails were sent to, this can either be a **User Mailbox** or a **Shared Mailbox**. - To send emails a **_Licenced Microsoft 365 User Mailbox_** must be used, so the emails are sent from the **User Mailbox** account that is used to authenticate the **Shared Mailbox** or the actual **User Mailbox** on the Microsoft 365 OAuth2 challenge. If using Shared Mailboxes, the User Mailbox account that is used to send emails is often referred to as a **Service Account** or a **Global Admin** account. This account needs to have permissions to be able to access and send emails on behalf of the Shared Mailbox(es) that you configure on your osTicket configuration. --- auth-oauth2/oauth2.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index bd3f7384..888989d7 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -323,7 +323,14 @@ public function callback($resp, $ref=null) { if ($this->isStrict()) $errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs); else - $info['resource_owner_email'] = $this->getEmailAddress(); + // In Microsoft 365 you MUST send emails from a licenced User Mailbox, + // if this is a Shared Mailbox the emails need to be collected from the + // Shared Mailbox, but need to be sent from a User Mailbox. + // This is typically the account you will authenticate with in the + // Microsoft 365 challenge when configuring OAuth2 for the mailbox. + if (!(strcasecmp(($this->account->getType()), "smtp") == 0) + && !(strcasecmp(($this->account->getProtocol()), "smtp") == 0)) + $info['resource_owner_email'] = $this->getEmailAddress(); } // Update the credentials if no validation errors From 512d93d705e9fe8e27be66c82ef42c45a20d0772 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Mon, 13 Feb 2023 09:28:35 -0800 Subject: [PATCH 150/160] auth-oauth2: Office 365 SMTP Resource Owner This commit simply cleans up the logic in commit `231acddb1` to make sure it only targets Office 365 Accounts as intended. --- auth-oauth2/oauth2.php | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index 888989d7..a3a0212f 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -316,21 +316,23 @@ public function callback($resp, $ref=null) { elseif (!$info['refresh_token']) $errors[$err] = $this->error_msg(self::ERR_REFRESH_TOKEN); elseif (!$this->signIn($attrs)) { - // On strict mode email mismatch is an error, otherwise - // set email address being authorized as the resource - // owner - with the assumption that a global admin - // authorized the account. - if ($this->isStrict()) + // SignIn failure indicates email mismatch. + if ($this->isStrict()) { + // On strict mode email mismatch is an error, otherwise + // the email address being authorized is used as the resource + // owner - with the assumption that a global admin + // or a service account authorized the account. $errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs); - else - // In Microsoft 365 you MUST send emails from a licenced User Mailbox, - // if this is a Shared Mailbox the emails need to be collected from the + } elseif (($this->provider instanceof MicrosoftEmailOauth2Provider) + && strcasecmp($this->account->getType(), "smtp") == 0) { + // In Microsoft 365 you MUST send emails from a + // licenced User Mailbox, if this is a Shared + // Mailbox the emails need to be collected from the // Shared Mailbox, but need to be sent from a User Mailbox. // This is typically the account you will authenticate with in the // Microsoft 365 challenge when configuring OAuth2 for the mailbox. - if (!(strcasecmp(($this->account->getType()), "smtp") == 0) - && !(strcasecmp(($this->account->getProtocol()), "smtp") == 0)) - $info['resource_owner_email'] = $this->getEmailAddress(); + $info['resource_owner_email'] = $this->getEmailAddress(); + } } // Update the credentials if no validation errors From eaaf37d0e21cb3fffff89175c6a0f4625d2111b4 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Mon, 13 Feb 2023 14:44:31 -0800 Subject: [PATCH 151/160] auth-oauth2: Strict Match Mode This is a temp hack to delegate strict matching mode checking to provider. --- auth-oauth2/oauth2.php | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index a3a0212f..dc784094 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -64,9 +64,6 @@ trait OAuth2AuthenticationTrait { private $provider; // debug mode flag private $debug = false; - // Strict flag - // TODO: Make it configurable (checkbox) - private $strict = false; // SESSION store for data like AuthNRequestID private $session; @@ -109,10 +106,6 @@ function callback($resp, $ref=null) { } } - private function isStrict() { - return (bool) $this->strict; - } - function getId() { return static::$id; } @@ -277,6 +270,14 @@ class OAuth2EmailAuthBackend implements OAuth2AuthBackend { const ERR_EMAIL_MISMATCH = 2; const ERR_REFRESH_TOKEN = 3; + private function isStrict() { + // TODO: Require osTicket v1.18 and delegate strict checking to + // the email account ($this->account->isStrict()) + // For now the flag is being set via the provider by overloading + // backend id + return ($this->provider && $this->provider->isStrict()); + } + function getEmailId() { return $this->account->getEmailId(); } @@ -310,7 +311,6 @@ public function callback($resp, $ref=null) { 'resource_owner_id' => $token->getResourceOwnerId(), 'resource_owner_email' => $attrs['email'], ]; - if (!isset($attrs['email'])) $errors[$err] = $this->error_msg(self::ERR_EMAIL_ATTR, $attrs); elseif (!$info['refresh_token']) @@ -406,11 +406,18 @@ abstract class OAuth2ProviderBackend extends OAuth2AuthorizationBackend { private $plugin_id; static $defaults = []; + // Strict flag + private $strict = false; + function __construct($options=[]) { if (isset($options['plugin_id'])) $this->plugin_id = (int) $options['plugin_id']; } + function isStrict() { + return (bool) $this->strict; + } + function getId() { return static::$id; } @@ -466,7 +473,7 @@ function addPluginInstance($vars, &$errors) { } function getEmailAuthBackend($id) { - list($auth, $a, $i) = self::parseId($id); + list($auth, $a, $i, $strict) = self::parseId($id); if (!strcasecmp($auth, $this->getId()) && ($plugin=$this->getPlugin()) && $plugin->isActive() @@ -474,6 +481,8 @@ function getEmailAuthBackend($id) { && ($config=$instance->getConfig()) && ($account=EmailAccount::lookup((int) $a)) && $account->isEnabled()) { + // Set strict flag + $this->strict = (bool) $strict; $bk = new OAuth2EmailAuthBackend($config, $this); $bk->account = $account; return $bk; @@ -552,7 +561,7 @@ protected function getAuthorizationParameters(array $options) { } -class GenericOauth2Provider extends Oauth2ProviderBackend { +class GenericOauth2Provider extends OAuth2ProviderBackend { static $id = 'oauth2:other'; static $name = 'OAuth2 - Other'; static $defaults = []; From 029c4c9c6c78dc1b17b6f5e3ef421c529cd98e18 Mon Sep 17 00:00:00 2001 From: Peter Rotich Date: Wed, 15 Feb 2023 10:04:53 -0800 Subject: [PATCH 152/160] auth-oauth2: Leave Resource Owner Alone! This commit reverses changes added in 512d93d7 to remove Application logic from plugin level. Core osTicket will handle Shared Mailbox logic going forward. --- auth-oauth2/oauth2.php | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index dc784094..1f7c2e62 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -311,30 +311,17 @@ public function callback($resp, $ref=null) { 'resource_owner_id' => $token->getResourceOwnerId(), 'resource_owner_email' => $attrs['email'], ]; + if (!isset($attrs['email'])) $errors[$err] = $this->error_msg(self::ERR_EMAIL_ATTR, $attrs); elseif (!$info['refresh_token']) $errors[$err] = $this->error_msg(self::ERR_REFRESH_TOKEN); - elseif (!$this->signIn($attrs)) { - // SignIn failure indicates email mismatch. - if ($this->isStrict()) { - // On strict mode email mismatch is an error, otherwise - // the email address being authorized is used as the resource - // owner - with the assumption that a global admin - // or a service account authorized the account. - $errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs); - } elseif (($this->provider instanceof MicrosoftEmailOauth2Provider) - && strcasecmp($this->account->getType(), "smtp") == 0) { - // In Microsoft 365 you MUST send emails from a - // licenced User Mailbox, if this is a Shared - // Mailbox the emails need to be collected from the - // Shared Mailbox, but need to be sent from a User Mailbox. - // This is typically the account you will authenticate with in the - // Microsoft 365 challenge when configuring OAuth2 for the mailbox. - $info['resource_owner_email'] = $this->getEmailAddress(); - } + elseif (!$this->signIn($attrs) && $this->isStrict()) { + // On strict mode email mismatch is an error + // TODO: Move Strict checking to osTiket core on + // credentials update. + $errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs); } - // Update the credentials if no validation errors if (!$errors && !$this->updateCredentials($info, $errors) From 033767b4a77a106f775a51a0b75b0558c5092461 Mon Sep 17 00:00:00 2001 From: JediKev Date: Fri, 10 Mar 2023 17:33:14 -0600 Subject: [PATCH 153/160] issue: resolveDependencies Scripts and Extra This resolves and issue where when hydrating the S3 plugin it's still including uneeded dependencies even though the plugin info includes the script and extra tags. This is due to `make.php` not taking those into account when resolving the dependencies. This updates the `resolveDependencies` method to account for the scripts and extra tags and will include them if found. This also addresses an small issue where the extra value needs to be an array otherwise it causes fatal error. --- make.php | 14 +++++++++++--- storage-s3/plugin.php | 2 +- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/make.php b/make.php index 6aceaae3..402dc8d2 100644 --- a/make.php +++ b/make.php @@ -677,12 +677,18 @@ function getComposer() { function resolveDependencies($autoupdate=true) { // Build dependency list - $requires = array(); + $requires = $scripts = $extra = []; foreach (glob(dirname(__file__).'/*/plugin.php') as $plugin) { $p = (include $plugin); if (isset($p['requires'])) foreach ($p['requires'] as $lib=>$info) $requires[$lib] = $info['version']; + if (isset($p['scripts'])) + foreach ($p['scripts'] as $name=>$script) + $scripts[$name] = $script; + if (isset($p['extra'])) + foreach ($p['extra'] as $package=>$namespaces) + $extra[$package] = $namespaces; } // Write composer.json file @@ -692,10 +698,12 @@ function resolveDependencies($autoupdate=true) { "require": %s, "config": { "vendor-dir": "lib" - } + }, + "scripts": %s, + "extra": %s } EOF; - $composer = sprintf($composer, json_encode($requires)); + $composer = sprintf($composer, json_encode($requires), json_encode($scripts), json_encode($extra)); if (!($fp = fopen('composer.json', 'w'))) $this->fail('Unable to save "composer.json"'); diff --git a/storage-s3/plugin.php b/storage-s3/plugin.php index 13ad3101..eb33fa73 100644 --- a/storage-s3/plugin.php +++ b/storage-s3/plugin.php @@ -27,7 +27,7 @@ 'pre-autoload-dump' => 'Aws\\Script\\Composer\\Composer::removeUnusedServices', ), 'extra' => array( - 'aws/aws-sdk-php' => 'S3', + 'aws/aws-sdk-php' => ['S3'], ), 'plugin' => 'storage.php:S3StoragePlugin' ); From b120edca05e077c1d89b4d2c611414576986c811 Mon Sep 17 00:00:00 2001 From: JediKev Date: Tue, 21 Mar 2023 11:46:06 -0500 Subject: [PATCH 154/160] oauth2: Okta Defaults This adds the OAuth2 Authentication defaults for Okta provider. This will make Okta setup a little easier. --- auth-oauth2/oauth2.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index 8ddb141c..a2d32a07 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -514,6 +514,8 @@ static function registerAuthenticationProviders($options=[]) { GoogleOAuth2Provider($options)); OAuth2AuthenticationBackend::register(new MicrosoftOAuth2Provider($options)); + OAuth2AuthenticationBackend::register(new + OktaOAuth2Provider($options)); OAuth2AuthenticationBackend::register(new OtherOAuth2Provider($options)); } @@ -612,6 +614,24 @@ class MicrosoftOauth2Provider extends GenericOauth2Provider { ]; } +class OktaOauth2Provider extends GenericOauth2Provider { + static $id = 'oauth2:okta'; + static $name = 'Okta'; + static $icon = 'icon-circle-blank'; + static $defaults = [ + 'urlAuthorize' => 'https://${yourOktaDomain}/oauth2/v1/authorize', + 'urlAccessToken' => 'https://${yourOktaDomain}/oauth2/v1/token', + 'urlResourceOwnerDetails' => 'https://${yourOktaDomain}/oauth2/v1/userinfo', + 'scopes' => 'openid profile email', + 'auth_name' => 'Okta', + 'auth_service' => 'Okta', + 'attr_username' => 'userName', + 'attr_email' => 'email', + 'attr_givenname' => 'given_name', + 'attr_surname' => 'family_name', + ]; +} + // Authorization Email OAuth Providers class GenericEmailOauth2Provider extends GenericOauth2Provider { function getPluginInstance($id) { From 9b2f8b68f22f886d4a721597d9515076c970f492 Mon Sep 17 00:00:00 2001 From: JediKev Date: Fri, 24 Mar 2023 11:36:35 -0500 Subject: [PATCH 155/160] audit: i18n Export Issues This is the second part to the main core pull that fixes an issue where using any other language than English and attempting to export `All` events for a specific object fails. This removes the translation method from the instances that do not need it and cause issues. --- audit/class.audit.php | 2 +- audit/templates/auditlogs.tmpl.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/audit/class.audit.php b/audit/class.audit.php index f6ca66df..505121fb 100644 --- a/audit/class.audit.php +++ b/audit/class.audit.php @@ -433,7 +433,7 @@ static function getQwhere($objectId, $hide_views=false, $type='') { $qwhere.=' AND object_type='.db_input($_REQUEST['type'] ?: 'D'); if ($hide_views) $qwhere.=' AND event_id='.db_input(Event::getIdByName($_REQUEST['state'])); - if ($_REQUEST['state'] && $_REQUEST['state'] != __('All')) { + if ($_REQUEST['state'] && $_REQUEST['state'] != 'All') { $event_id = Event::getIdByName(lcfirst($_REQUEST['state'])); $qwhere.=' AND event_id='.db_input($event_id); } diff --git a/audit/templates/auditlogs.tmpl.php b/audit/templates/auditlogs.tmpl.php index 78b697f5..c1603bc0 100644 --- a/audit/templates/auditlogs.tmpl.php +++ b/audit/templates/auditlogs.tmpl.php @@ -11,7 +11,7 @@ if($_REQUEST['state']) $qs += array('state' => Format::htmlchars($_REQUEST['state'])); -$state=__('All'); +$state='All'; if ($_REQUEST['state']) $state=Format::htmlchars($_REQUEST['state']); From 094219d5df455eabb536f7bc475ded363fe7d638 Mon Sep 17 00:00:00 2001 From: JediKev Date: Wed, 12 Apr 2023 14:13:07 -0500 Subject: [PATCH 156/160] ldap: PHP 8.1 Support This addresses PHP 8.1 compatibilty issues with the LDAP plugin. Since the LDAP resources were converted to LDAP\Connection, LDAP\Result, and LDAP\ResultEntry objects respectively, the previous `is_resource()` checks fail. This updates all relevant cases of `is_resource()` to `!== false` checks to make LDAP plugin compatible with PHP 8.1. --- lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php index f0d66a99..bd6544a7 100644 --- a/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php +++ b/lib/pear-pear.php.net/net_ldap2/Net/LDAP2/Entry.php @@ -151,7 +151,7 @@ public function __construct($ldap, $entry = null) parent::__construct('Net_LDAP2_Error'); // set up entry resource or DN - if (is_resource($entry)) { + if ($entry !== false) { $this->_entry = $entry; } else { $this->_dn = $entry; @@ -161,7 +161,7 @@ public function __construct($ldap, $entry = null) if ($ldap instanceof Net_LDAP2) { $this->_ldap = $ldap; $this->_link = $ldap->getLink(); - } elseif (is_resource($ldap)) { + } elseif ($ldap !== false) { $this->_link = $ldap; } elseif (is_array($ldap)) { // Special case: here $ldap is an array of attributes, @@ -173,7 +173,7 @@ public function __construct($ldap, $entry = null) // if this is an entry existing in the directory, // then set up as old and fetch attrs - if (is_resource($this->_entry) && is_resource($this->_link)) { + if (($this->_entry !== false) && ($this->_link !== false)) { $this->_new = false; $this->_dn = @ldap_get_dn($this->_link, $this->_entry); $this->setAttributes(); // fetch attributes from server @@ -235,7 +235,7 @@ public static function createConnected($ldap, $entry) if (!$ldap instanceof Net_LDAP2) { return PEAR::raiseError("Unable to create connected entry: Parameter \$ldap needs to be a Net_LDAP2 object!"); } - if (!is_resource($entry)) { + if ($entry == false) { return PEAR::raiseError("Unable to create connected entry: Parameter \$entry needs to be a ldap entry resource!"); } @@ -354,7 +354,7 @@ protected function setAttributes($attributes = null) /* * fetch attributes from the server */ - if (is_null($attributes) && is_resource($this->_entry) && is_resource($this->_link)) { + if (is_null($attributes) && ($this->_entry !== false) && ($this->_link !== false)) { // fetch schema if ($this->_ldap instanceof Net_LDAP2) { $schema = $this->_ldap->schema(); @@ -767,7 +767,7 @@ public function update($ldap = null) // Get and check link $link = $ldap->getLink(); - if (!is_resource($link)) { + if ($link == false) { return PEAR::raiseError("Could not update entry: internal LDAP link is invalid"); } From ff814b58edeea689026a59fd894c315e3787ed41 Mon Sep 17 00:00:00 2001 From: JediKev Date: Wed, 12 Apr 2023 14:44:12 -0500 Subject: [PATCH 157/160] ldap: No current() Fatal Error 2 This addresses an error reported in 270 where we are attempting to call `dn()` on `$r->current()` but `current()` can sometimes return `false`. This adds a check for `!$r->current()` before continuing to `dn()`. See similar issue here: 260 --- auth-ldap/authentication.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 69715ecc..20aa6b39 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -238,7 +238,7 @@ function($match) use ($username, $domain, $config) { $schema['lookup']), array('sizelimit' => 1) ); - if (PEAR::isError($r) || !$r->count()) + if (PEAR::isError($r) || !$r->count() || !$r->current()) return null; // Attempt to bind as the DN of the user looked up with the password From 1f17a1133059415b8b7ce5588c1db9296f2df546 Mon Sep 17 00:00:00 2001 From: JediKev Date: Mon, 12 Jun 2023 10:20:05 -0500 Subject: [PATCH 158/160] issue: Password Length This is a commit that goes along with a core commit for password length. We should limit passwords to minimum of 1 and maximum of 128. --- auth-password-policy/auth.php | 40 +++++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/auth-password-policy/auth.php b/auth-password-policy/auth.php index f61149d8..36879300 100644 --- a/auth-password-policy/auth.php +++ b/auth-password-policy/auth.php @@ -9,12 +9,28 @@ function getOptions() { 'required' => true, 'label' => __('Minimum length'), 'configuration' => array( - 'validator' => 'number', + 'validator' => 'regex', + 'regex' => '/(^[1-9]|^[1-9][0-9]|^1[0-1][0-9]|^12[0-8])$/', + 'validator-error' => sprintf('%s %s', __('Minimum'), + __('length must be between 1 and 128')), 'size' => 4, ), 'default' => 8, 'hint' => __('Minimum characters required'), )), + 'maxlength' => new TextboxField(array( + 'required' => true, + 'label' => __('Maximum length'), + 'configuration' => array( + 'validator' => 'regex', + 'regex' => '/(^[1-9]|^[1-9][0-9]|^1[0-1][0-9]|^12[0-8])$/', + 'validator-error' => sprintf('%s %s', __('Maximum'), + __('length must be between 1 and 128')), + 'size' => 4, + ), + 'default' => 128, + 'hint' => __('Minimum characters required'), + )), // Classes of characters 'classes' => new ChoiceField(array( 'required' => true, @@ -80,6 +96,20 @@ function getOptions() { )), ); } + + function pre_save(&$config, &$errors) { + if ($config['length'] >= $config['maxlength']) { + $this->getForm()->getField('length')->addError( + __("Minimum length must be smaller than Maximum length")); + $errors['err'] = __('Unable to update the Instance'); + } + + global $msg; + if (!$errors) + $msg = __('Instance updated successfully'); + + return !$errors; + } } class PasswordManagementPolicy @@ -122,11 +152,17 @@ private function processPassword($password, $current=false) { } // Password length - if (mb_strlen($password) < $this->config->get('length')) { + $pwdlen = mb_strlen($password); + if ($pwdlen < $this->config->get('length')) { throw new BadPassword( sprintf(__('Password is too short — must be %d characters'), $this->config->get('length')) ); + } elseif ($pwdlen > $this->config->get('maxlength')) { + throw new BadPassword( + sprintf(__('Password is too long — must be a maximum of %d characters'), + $this->config->get('maxlength')) + ); } // Class of characters From d17c58aa75cfbd55c41d5c5555c29210fc2d1eb8 Mon Sep 17 00:00:00 2001 From: Gabriel Majeri Date: Fri, 28 Jul 2023 15:13:38 +0300 Subject: [PATCH 159/160] Display account selection prompt for MS365 e-mail auth --- auth-oauth2/oauth2.php | 1 + 1 file changed, 1 insertion(+) diff --git a/auth-oauth2/oauth2.php b/auth-oauth2/oauth2.php index a2d32a07..62ca339e 100644 --- a/auth-oauth2/oauth2.php +++ b/auth-oauth2/oauth2.php @@ -685,6 +685,7 @@ class MicrosoftEmailOauth2Provider extends GenericEmailOauth2Provider { static $urlOptions = [ 'tenant' => 'common', 'accessType' => 'offline_access', + 'prompt' => 'select_account', ]; } ?> From 50ad14572387139a27857a806ad7cb007beb04e2 Mon Sep 17 00:00:00 2001 From: JediKev Date: Mon, 18 Sep 2023 15:54:01 -0500 Subject: [PATCH 160/160] ldap: Hostname REGEX This addresses an issue where `ldap://` and `ldaps://` gets stripped from the hostname by weak REGEX. This updates the REGEX to make it account for `ldap://` and `ldaps://` so that it remains as part of the hostname. This will allow people to typehint LDAPS connections. --- auth-ldap/authentication.php | 4 ++-- auth-ldap/config.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 20aa6b39..2f93de8d 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -117,8 +117,8 @@ function getServers() { if ($servers) { $hosts = array(); foreach ($servers as $h) - if (preg_match('/([^:]+):(\d{1,4})/', $h, $matches)) - $hosts[] = array('host' => $matches[1], 'port' => (int) $matches[2]); + if (preg_match('/((ldaps?:\/\/)?([^:]+)):(\d{1,4})/', $h, $matches)) + $hosts[] = array('host' => $matches[1], 'port' => (int) $matches[4]); else $hosts[] = array('host' => $h); return $hosts; diff --git a/auth-ldap/config.php b/auth-ldap/config.php index ca3380a2..223c9d04 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -158,8 +158,8 @@ function pre_save(&$config, &$errors) { else { $servers = array(); foreach (preg_split('/\s+/', $config['servers']) as $host) - if (preg_match('/([^:]+):(\d{1,4})/', $host, $matches)) - $servers[] = array('host' => $matches[1], 'port' => (int) $matches[2]); + if (preg_match('/((ldaps?:\/\/)?([^:]+)):(\d{1,4})/', $host, $matches)) + $servers[] = array('host' => $matches[1], 'port' => (int) $matches[4]); else $servers[] = array('host' => $host); }
    DescriptionTimestampIP Address
    Description href="#audit/ticket/8/view?">> IP Address
    Description > IP Address
    + QR Code +