diff --git a/fetch/api/resources/echo-content.h2.py b/fetch/api/resources/echo-content.h2.py index d3dcf596baeceb..0be3ece4a5ff32 100644 --- a/fetch/api/resources/echo-content.h2.py +++ b/fetch/api/resources/echo-content.h2.py @@ -1,5 +1,3 @@ -from wptserve.utils import isomorphic_encode - def handle_headers(frame, request, response): response.status = 200 response.headers.update([('Content-Type', 'text/plain')]) diff --git a/tools/requirements_tests.txt b/tools/requirements_tests.txt index 3ee815b98184ff..e3456e681cdee4 100644 --- a/tools/requirements_tests.txt +++ b/tools/requirements_tests.txt @@ -1,3 +1,4 @@ +httpx[http2]==0.22.0 json-e==4.4.3 jsonschema==3.2.0 pyyaml==6.0 diff --git a/tools/third_party/hyper/hyper/__init__.py b/tools/third_party/hyper/hyper/__init__.py deleted file mode 100644 index afa88035298f06..00000000000000 --- a/tools/third_party/hyper/hyper/__init__.py +++ /dev/null @@ -1,36 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper -~~~~~~ - -A module for providing an abstraction layer over the differences between -HTTP/1.1 and HTTP/2. -""" -import logging - -from .common.connection import HTTPConnection -from .http20.connection import HTTP20Connection -from .http20.response import HTTP20Response, HTTP20Push -from .http11.connection import HTTP11Connection -from .http11.response import HTTP11Response - -# Throw import errors on Python <2.7 and 3.0-3.2. -import sys as _sys -if _sys.version_info < (2, 7) or (3, 0) <= _sys.version_info < (3, 3): - raise ImportError( - "hyper only supports Python 2.7 and Python 3.3 or higher." - ) - -__all__ = [ - HTTPConnection, - HTTP20Response, - HTTP20Push, - HTTP20Connection, - HTTP11Connection, - HTTP11Response, -] - -# Set default logging handler. -logging.getLogger(__name__).addHandler(logging.NullHandler()) - -__version__ = '0.7.0' diff --git a/tools/third_party/hyper/hyper/certs.pem b/tools/third_party/hyper/hyper/certs.pem deleted file mode 100644 index 72a750f94fa85f..00000000000000 --- a/tools/third_party/hyper/hyper/certs.pem +++ /dev/null @@ -1,5116 +0,0 @@ - -# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA -# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA -# Label: "GlobalSign Root CA" -# Serial: 4835703278459707669005204 -# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a -# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c -# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99 ------BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw -MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT -aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ -jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp -xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp -1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG -snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ -U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 -9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E -BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B -AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz -yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE -38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP -AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad -DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME -HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== ------END CERTIFICATE----- - -# Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R2 -# Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R2 -# Label: "GlobalSign Root CA - R2" -# Serial: 4835703278459682885658125 -# MD5 Fingerprint: 94:14:77:7e:3e:5e:fd:8f:30:bd:41:b0:cf:e7:d0:30 -# SHA1 Fingerprint: 75:e0:ab:b6:13:85:12:27:1c:04:f8:5f:dd:de:38:e4:b7:24:2e:fe -# SHA256 Fingerprint: ca:42:dd:41:74:5f:d0:b8:1e:b9:02:36:2c:f9:d8:bf:71:9d:a1:bd:1b:1e:fc:94:6f:5b:4c:99:f4:2c:1b:9e ------BEGIN CERTIFICATE----- -MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G -A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp -Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 -MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG -A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL -v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 -eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq -tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd -C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa -zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB -mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH -V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n -bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG -3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs -J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO -291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS -ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd -AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 -TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== ------END CERTIFICATE----- - -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 1999 VeriSign, Inc. - For authorized use only -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 1999 VeriSign, Inc. - For authorized use only -# Label: "Verisign Class 3 Public Primary Certification Authority - G3" -# Serial: 206684696279472310254277870180966723415 -# MD5 Fingerprint: cd:68:b6:a7:c7:c4:ce:75:e0:1d:4f:57:44:61:92:09 -# SHA1 Fingerprint: 13:2d:0d:45:53:4b:69:97:cd:b2:d5:c3:39:e2:55:76:60:9b:5c:c6 -# SHA256 Fingerprint: eb:04:cf:5e:b1:f3:9a:fa:76:2f:2b:b1:20:f2:96:cb:a5:20:c1:b9:7d:b1:58:95:65:b8:1c:b9:a1:7b:72:44 ------BEGIN CERTIFICATE----- -MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl -cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu -LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT -aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD -VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT -aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ -bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu -IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b -N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t -KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu -kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm -CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ -Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu -imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te -2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe -DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC -/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p -F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt -TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== ------END CERTIFICATE----- - -# Issuer: CN=Entrust.net Certification Authority (2048) O=Entrust.net OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited -# Subject: CN=Entrust.net Certification Authority (2048) O=Entrust.net OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited -# Label: "Entrust.net Premium 2048 Secure Server CA" -# Serial: 946069240 -# MD5 Fingerprint: ee:29:31:bc:32:7e:9a:e6:e8:b5:f7:51:b4:34:71:90 -# SHA1 Fingerprint: 50:30:06:09:1d:97:d4:f5:ae:39:f7:cb:e7:92:7d:7d:65:2d:34:31 -# SHA256 Fingerprint: 6d:c4:71:72:e0:1c:bc:b0:bf:62:58:0d:89:5f:e2:b8:ac:9a:d4:f8:73:80:1e:0c:10:b9:c8:37:d2:1e:b1:77 ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML -RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp -bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 -IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 -MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 -LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp -YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG -A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq -K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe -sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX -MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT -XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ -HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH -4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub -j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo -U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf -zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b -u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ -bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er -fF6adulZkMV8gzURZVE= ------END CERTIFICATE----- - -# Issuer: CN=Baltimore CyberTrust Root O=Baltimore OU=CyberTrust -# Subject: CN=Baltimore CyberTrust Root O=Baltimore OU=CyberTrust -# Label: "Baltimore CyberTrust Root" -# Serial: 33554617 -# MD5 Fingerprint: ac:b6:94:a5:9c:17:e0:d7:91:52:9b:b1:97:06:a6:e4 -# SHA1 Fingerprint: d4:de:20:d0:5e:66:fc:53:fe:1a:50:88:2c:78:db:28:52:ca:e4:74 -# SHA256 Fingerprint: 16:af:57:a9:f6:76:b0:ab:12:60:95:aa:5e:ba:de:f2:2a:b3:11:19:d6:44:ac:95:cd:4b:93:db:f3:f2:6a:eb ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ -RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD -VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX -DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y -ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy -VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr -mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr -IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK -mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu -XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy -dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye -jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 -BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 -DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 -9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx -jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 -Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz -ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS -R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp ------END CERTIFICATE----- - -# Issuer: CN=AddTrust Class 1 CA Root O=AddTrust AB OU=AddTrust TTP Network -# Subject: CN=AddTrust Class 1 CA Root O=AddTrust AB OU=AddTrust TTP Network -# Label: "AddTrust Low-Value Services Root" -# Serial: 1 -# MD5 Fingerprint: 1e:42:95:02:33:92:6b:b9:5f:c0:7f:da:d6:b2:4b:fc -# SHA1 Fingerprint: cc:ab:0e:a0:4c:23:01:d6:69:7b:dd:37:9f:cd:12:eb:24:e3:94:9d -# SHA256 Fingerprint: 8c:72:09:27:9a:c0:4e:27:5e:16:d0:7f:d3:b7:75:e8:01:54:b5:96:80:46:e3:1f:52:dd:25:76:63:24:e9:a7 ------BEGIN CERTIFICATE----- -MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU -MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 -b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw -MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD -VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul -CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n -tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl -dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch -PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC -+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O -BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E -BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl -MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk -ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB -IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X -7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz -43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY -eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl -pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA -WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= ------END CERTIFICATE----- - -# Issuer: CN=AddTrust External CA Root O=AddTrust AB OU=AddTrust External TTP Network -# Subject: CN=AddTrust External CA Root O=AddTrust AB OU=AddTrust External TTP Network -# Label: "AddTrust External Root" -# Serial: 1 -# MD5 Fingerprint: 1d:35:54:04:85:78:b0:3f:42:42:4d:bf:20:73:0a:3f -# SHA1 Fingerprint: 02:fa:f3:e2:91:43:54:68:60:78:57:69:4d:f5:e4:5b:68:85:18:68 -# SHA256 Fingerprint: 68:7f:a4:51:38:22:78:ff:f0:c8:b1:1f:8d:43:d5:76:67:1c:6e:b2:bc:ea:b4:13:fb:83:d9:65:d0:6d:2f:f2 ------BEGIN CERTIFICATE----- -MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU -MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs -IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 -MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux -FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h -bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt -H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 -uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX -mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX -a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN -E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 -WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD -VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 -Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU -cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx -IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN -AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH -YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 -6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC -Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX -c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a -mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= ------END CERTIFICATE----- - -# Issuer: CN=AddTrust Public CA Root O=AddTrust AB OU=AddTrust TTP Network -# Subject: CN=AddTrust Public CA Root O=AddTrust AB OU=AddTrust TTP Network -# Label: "AddTrust Public Services Root" -# Serial: 1 -# MD5 Fingerprint: c1:62:3e:23:c5:82:73:9c:03:59:4b:2b:e9:77:49:7f -# SHA1 Fingerprint: 2a:b6:28:48:5e:78:fb:f3:ad:9e:79:10:dd:6b:df:99:72:2c:96:e5 -# SHA256 Fingerprint: 07:91:ca:07:49:b2:07:82:aa:d3:c7:d7:bd:0c:df:c9:48:58:35:84:3e:b2:d7:99:60:09:ce:43:ab:6c:69:27 ------BEGIN CERTIFICATE----- -MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU -MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 -b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx -MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB -ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV -BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV -6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX -GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP -dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH -1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF -62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW -BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw -AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL -MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU -cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv -b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6 -IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/ -iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao -GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh -4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm -XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY= ------END CERTIFICATE----- - -# Issuer: CN=AddTrust Qualified CA Root O=AddTrust AB OU=AddTrust TTP Network -# Subject: CN=AddTrust Qualified CA Root O=AddTrust AB OU=AddTrust TTP Network -# Label: "AddTrust Qualified Certificates Root" -# Serial: 1 -# MD5 Fingerprint: 27:ec:39:47:cd:da:5a:af:e2:9a:01:65:21:a9:4c:bb -# SHA1 Fingerprint: 4d:23:78:ec:91:95:39:b5:00:7f:75:8f:03:3b:21:1e:c5:4d:8b:cf -# SHA256 Fingerprint: 80:95:21:08:05:db:4b:bc:35:5e:44:28:d8:fd:6e:c2:cd:e3:ab:5f:b9:7a:99:42:98:8e:b8:f4:dc:d0:60:16 ------BEGIN CERTIFICATE----- -MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU -MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 -b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1 -MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK -EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh -BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq -xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G -87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i -2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U -WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1 -0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G -A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T -AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr -pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL -ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm -aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv -hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm -hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X -dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3 -P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y -iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no -xqE= ------END CERTIFICATE----- - -# Issuer: CN=Entrust Root Certification Authority O=Entrust, Inc. OU=www.entrust.net/CPS is incorporated by reference/(c) 2006 Entrust, Inc. -# Subject: CN=Entrust Root Certification Authority O=Entrust, Inc. OU=www.entrust.net/CPS is incorporated by reference/(c) 2006 Entrust, Inc. -# Label: "Entrust Root Certification Authority" -# Serial: 1164660820 -# MD5 Fingerprint: d6:a5:c3:ed:5d:dd:3e:00:c1:3d:87:92:1f:1d:3f:e4 -# SHA1 Fingerprint: b3:1e:b1:b7:40:e3:6c:84:02:da:dc:37:d4:4d:f5:d4:67:49:52:f9 -# SHA256 Fingerprint: 73:c1:76:43:4f:1b:c6:d5:ad:f4:5b:0e:76:e7:27:28:7c:8d:e5:76:16:c1:e6:e6:14:1a:2b:2c:bc:7d:8e:4c ------BEGIN CERTIFICATE----- -MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC -VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 -Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW -KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl -cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw -NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw -NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy -ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV -BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo -Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 -4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 -KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI -rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi -94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB -sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi -gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo -kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE -vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA -A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t -O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua -AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP -9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ -eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m -0vdXcDazv/wor3ElhVsT/h5/WrQ8 ------END CERTIFICATE----- - -# Issuer: O=RSA Security Inc OU=RSA Security 2048 V3 -# Subject: O=RSA Security Inc OU=RSA Security 2048 V3 -# Label: "RSA Security 2048 v3" -# Serial: 13297492616345471454730593562152402946 -# MD5 Fingerprint: 77:0d:19:b1:21:fd:00:42:9c:3e:0c:a5:dd:0b:02:8e -# SHA1 Fingerprint: 25:01:90:19:cf:fb:d9:99:1c:b7:68:25:74:8d:94:5f:30:93:95:42 -# SHA256 Fingerprint: af:8b:67:62:a1:e5:28:22:81:61:a9:5d:5c:55:9e:e2:66:27:8f:75:d7:9e:83:01:89:a5:03:50:6a:bd:6b:4c ------BEGIN CERTIFICATE----- -MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6 -MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp -dHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAX -BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAy -MDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt49VcdKA3Xtp -eafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7Jylg -/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGl -wSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnh -AMFRD0xS+ARaqn1y07iHKrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2 -PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpu -AWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NR -MKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYc -HnmYv/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/ -Zb5gEydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+ -f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVO -rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch -6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kApKnXwiJPZ9d3 -7CAFYd4= ------END CERTIFICATE----- - -# Issuer: CN=GeoTrust Global CA O=GeoTrust Inc. -# Subject: CN=GeoTrust Global CA O=GeoTrust Inc. -# Label: "GeoTrust Global CA" -# Serial: 144470 -# MD5 Fingerprint: f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5 -# SHA1 Fingerprint: de:28:f4:a4:ff:e5:b9:2f:a3:c5:03:d1:a3:49:a7:f9:96:2a:82:12 -# SHA256 Fingerprint: ff:85:6a:2d:25:1d:cd:88:d3:66:56:f4:50:12:67:98:cf:ab:aa:de:40:79:9c:72:2d:e4:d2:b5:db:36:a7:3a ------BEGIN CERTIFICATE----- -MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT -MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i -YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG -EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg -R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 -9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq -fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv -iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU -1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ -bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW -MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA -ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l -uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn -Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS -tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF -PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un -hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV -5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== ------END CERTIFICATE----- - -# Issuer: CN=GeoTrust Global CA 2 O=GeoTrust Inc. -# Subject: CN=GeoTrust Global CA 2 O=GeoTrust Inc. -# Label: "GeoTrust Global CA 2" -# Serial: 1 -# MD5 Fingerprint: 0e:40:a7:6c:de:03:5d:8f:d1:0f:e4:d1:8d:f9:6c:a9 -# SHA1 Fingerprint: a9:e9:78:08:14:37:58:88:f2:05:19:b0:6d:2b:0d:2b:60:16:90:7d -# SHA256 Fingerprint: ca:2d:82:a0:86:77:07:2f:8a:b6:76:4f:f0:35:67:6c:fe:3e:5e:32:5e:01:21:72:df:3f:92:09:6d:b7:9b:85 ------BEGIN CERTIFICATE----- -MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEW -MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFs -IENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQG -EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg -R2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvPE1A -PRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/NTL8 -Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hL -TytCOb1kLUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL -5mkWRxHCJ1kDs6ZgwiFAVvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7 -S4wMcoKK+xfNAGw6EzywhIdLFnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe -2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE -FHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUap -EBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6td -EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv -/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN -A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0 -abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF -I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz -4iIprn2DQKi6bA== ------END CERTIFICATE----- - -# Issuer: CN=GeoTrust Universal CA O=GeoTrust Inc. -# Subject: CN=GeoTrust Universal CA O=GeoTrust Inc. -# Label: "GeoTrust Universal CA" -# Serial: 1 -# MD5 Fingerprint: 92:65:58:8b:a2:1a:31:72:73:68:5c:b4:a5:7a:07:48 -# SHA1 Fingerprint: e6:21:f3:35:43:79:05:9a:4b:68:30:9d:8a:2f:74:22:15:87:ec:79 -# SHA256 Fingerprint: a0:45:9b:9f:63:b2:25:59:f5:fa:5d:4c:6d:b3:f9:f7:2f:f1:93:42:03:35:78:f0:73:bf:1d:1b:46:cb:b9:12 ------BEGIN CERTIFICATE----- -MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW -MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy -c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE -BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 -IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV -VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 -cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT -QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh -F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v -c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w -mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd -VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX -teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ -f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe -Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ -nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB -/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY -MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG -9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc -aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX -IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn -ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z -uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN -Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja -QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW -koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 -ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt -DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm -bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= ------END CERTIFICATE----- - -# Issuer: CN=GeoTrust Universal CA 2 O=GeoTrust Inc. -# Subject: CN=GeoTrust Universal CA 2 O=GeoTrust Inc. -# Label: "GeoTrust Universal CA 2" -# Serial: 1 -# MD5 Fingerprint: 34:fc:b8:d0:36:db:9e:14:b3:c2:f2:db:8f:e4:94:c7 -# SHA1 Fingerprint: 37:9a:19:7b:41:85:45:35:0c:a6:03:69:f3:3c:2e:af:47:4f:20:79 -# SHA256 Fingerprint: a0:23:4f:3b:c8:52:7c:a5:62:8e:ec:81:ad:5d:69:89:5d:a5:68:0d:c9:1d:1c:b8:47:7f:33:f8:78:b9:5b:0b ------BEGIN CERTIFICATE----- -MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW -MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy -c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD -VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1 -c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC -AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81 -WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG -FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq -XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL -se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb -KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd -IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73 -y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt -hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc -QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4 -Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV -HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ -KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z -dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ -L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr -Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo -ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY -T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz -GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m -1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV -OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH -6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX -QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS ------END CERTIFICATE----- - -# Issuer: CN=Visa eCommerce Root O=VISA OU=Visa International Service Association -# Subject: CN=Visa eCommerce Root O=VISA OU=Visa International Service Association -# Label: "Visa eCommerce Root" -# Serial: 25952180776285836048024890241505565794 -# MD5 Fingerprint: fc:11:b8:d8:08:93:30:00:6d:23:f9:7e:eb:52:1e:02 -# SHA1 Fingerprint: 70:17:9b:86:8c:00:a4:fa:60:91:52:22:3f:9f:3e:32:bd:e0:05:62 -# SHA256 Fingerprint: 69:fa:c9:bd:55:fb:0a:c7:8d:53:bb:ee:5c:f1:d5:97:98:9f:d0:aa:ab:20:a2:51:51:bd:f1:73:3e:e7:d1:22 ------BEGIN CERTIFICATE----- -MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr -MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl -cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv -bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw -CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h -dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l -cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h -2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E -lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV -ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq -299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t -vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL -dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD -AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF -AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR -zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 -LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd -7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw -++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt -398znM/jra6O1I7mT1GvFpLgXPYHDw== ------END CERTIFICATE----- - -# Issuer: CN=Certum CA O=Unizeto Sp. z o.o. -# Subject: CN=Certum CA O=Unizeto Sp. z o.o. -# Label: "Certum Root CA" -# Serial: 65568 -# MD5 Fingerprint: 2c:8f:9f:66:1d:18:90:b1:47:26:9d:8e:86:82:8c:a9 -# SHA1 Fingerprint: 62:52:dc:40:f7:11:43:a2:2f:de:9e:f7:34:8e:06:42:51:b1:81:18 -# SHA256 Fingerprint: d8:e0:fe:bc:1d:b2:e3:8d:00:94:0f:37:d2:7d:41:34:4d:99:3e:73:4b:99:d5:65:6d:97:78:d4:d8:14:36:24 ------BEGIN CERTIFICATE----- -MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM -MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD -QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM -MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD -QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E -jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo -ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI -ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu -Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg -AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 -HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA -uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa -TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg -xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q -CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x -O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs -6GAqm4VKQPNriiTsBhYscw== ------END CERTIFICATE----- - -# Issuer: CN=AAA Certificate Services O=Comodo CA Limited -# Subject: CN=AAA Certificate Services O=Comodo CA Limited -# Label: "Comodo AAA Services root" -# Serial: 1 -# MD5 Fingerprint: 49:79:04:b0:eb:87:19:ac:47:b0:bc:11:51:9b:74:d0 -# SHA1 Fingerprint: d1:eb:23:a4:6d:17:d6:8f:d9:25:64:c2:f1:f1:60:17:64:d8:e3:49 -# SHA256 Fingerprint: d7:a7:a0:fb:5d:7e:27:31:d7:71:e9:48:4e:bc:de:f7:1d:5f:0c:3e:0a:29:48:78:2b:c8:3e:e0:ea:69:9e:f4 ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- - -# Issuer: CN=Secure Certificate Services O=Comodo CA Limited -# Subject: CN=Secure Certificate Services O=Comodo CA Limited -# Label: "Comodo Secure Services root" -# Serial: 1 -# MD5 Fingerprint: d3:d9:bd:ae:9f:ac:67:24:b3:c8:1b:52:e1:b9:a9:bd -# SHA1 Fingerprint: 4a:65:d5:f4:1d:ef:39:b8:b8:90:4a:4a:d3:64:81:33:cf:c7:a1:d1 -# SHA256 Fingerprint: bd:81:ce:3b:4f:65:91:d1:1a:67:b5:fc:7a:47:fd:ef:25:52:1b:f9:aa:4e:18:b9:e3:df:2e:34:a7:80:3b:e8 ------BEGIN CERTIFICATE----- -MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp -ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow -fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV -BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM -cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S -HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996 -CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk -3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz -6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV -HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud -EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv -Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw -Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww -DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0 -5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj -Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI -gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ -aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl -izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk= ------END CERTIFICATE----- - -# Issuer: CN=Trusted Certificate Services O=Comodo CA Limited -# Subject: CN=Trusted Certificate Services O=Comodo CA Limited -# Label: "Comodo Trusted Services root" -# Serial: 1 -# MD5 Fingerprint: 91:1b:3f:6e:cd:9e:ab:ee:07:fe:1f:71:d2:b3:61:27 -# SHA1 Fingerprint: e1:9f:e3:0e:8b:84:60:9e:80:9b:17:0d:72:a8:c5:ba:6e:14:09:bd -# SHA256 Fingerprint: 3f:06:e5:56:81:d4:96:f5:be:16:9e:b5:38:9f:9f:2b:8f:f6:1e:17:08:df:68:81:72:48:49:cd:5d:27:cb:69 ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0 -aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla -MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO -BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD -VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW -fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt -TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL -fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW -1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7 -kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G -A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD -VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v -ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo -dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu -Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/ -HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32 -pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS -jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+ -xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn -dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi ------END CERTIFICATE----- - -# Issuer: CN=QuoVadis Root Certification Authority O=QuoVadis Limited OU=Root Certification Authority -# Subject: CN=QuoVadis Root Certification Authority O=QuoVadis Limited OU=Root Certification Authority -# Label: "QuoVadis Root CA" -# Serial: 985026699 -# MD5 Fingerprint: 27:de:36:fe:72:b7:00:03:00:9d:f4:f0:1e:6c:04:24 -# SHA1 Fingerprint: de:3f:40:bd:50:93:d3:9b:6c:60:f6:da:bc:07:62:01:00:89:76:c9 -# SHA256 Fingerprint: a4:5e:de:3b:bb:f0:9c:8a:e1:5c:72:ef:c0:72:68:d6:93:a2:1c:99:6f:d5:1e:67:ca:07:94:60:fd:6d:88:73 ------BEGIN CERTIFICATE----- -MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC -TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz -MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw -IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR -dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp -li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D -rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ -WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug -F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU -xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC -Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv -dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw -ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl -IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh -c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy -ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh -Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI -KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T -KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq -y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p -dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD -VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL -MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk -fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 -7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R -cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y -mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW -xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK -SnQ2+Q== ------END CERTIFICATE----- - -# Issuer: CN=QuoVadis Root CA 2 O=QuoVadis Limited -# Subject: CN=QuoVadis Root CA 2 O=QuoVadis Limited -# Label: "QuoVadis Root CA 2" -# Serial: 1289 -# MD5 Fingerprint: 5e:39:7b:dd:f8:ba:ec:82:e9:ac:62:ba:0c:54:00:2b -# SHA1 Fingerprint: ca:3a:fb:cf:12:40:36:4b:44:b2:16:20:88:80:48:39:19:93:7c:f7 -# SHA256 Fingerprint: 85:a0:dd:7d:d7:20:ad:b7:ff:05:f8:3d:54:2b:20:9d:c7:ff:45:28:f7:d6:77:b1:83:89:fe:a5:e5:c4:9e:86 ------BEGIN CERTIFICATE----- -MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x -GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv -b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV -BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W -YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa -GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg -Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J -WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB -rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp -+ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 -ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i -Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz -PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og -/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH -oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI -yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud -EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 -A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL -MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT -ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f -BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn -g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl -fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K -WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha -B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc -hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR -TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD -mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z -ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y -4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza -8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u ------END CERTIFICATE----- - -# Issuer: CN=QuoVadis Root CA 3 O=QuoVadis Limited -# Subject: CN=QuoVadis Root CA 3 O=QuoVadis Limited -# Label: "QuoVadis Root CA 3" -# Serial: 1478 -# MD5 Fingerprint: 31:85:3c:62:94:97:63:b9:aa:fd:89:4e:af:6f:e0:cf -# SHA1 Fingerprint: 1f:49:14:f7:d8:74:95:1d:dd:ae:02:c0:be:fd:3a:2d:82:75:51:85 -# SHA256 Fingerprint: 18:f1:fc:7f:20:5d:f8:ad:dd:eb:7f:e0:07:dd:57:e3:af:37:5a:9c:4d:8d:73:54:6b:f4:f1:fe:d1:e1:8d:35 ------BEGIN CERTIFICATE----- -MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x -GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv -b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV -BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W -YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM -V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB -4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr -H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd -8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv -vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT -mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe -btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc -T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt -WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ -c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A -4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD -VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG -CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 -aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 -aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu -dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw -czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G -A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC -TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg -Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 -7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem -d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd -+LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B -4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN -t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x -DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 -k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s -zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j -Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT -mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK -4SVhM7JZG+Ju1zdXtg2pEto= ------END CERTIFICATE----- - -# Issuer: O=SECOM Trust.net OU=Security Communication RootCA1 -# Subject: O=SECOM Trust.net OU=Security Communication RootCA1 -# Label: "Security Communication Root CA" -# Serial: 0 -# MD5 Fingerprint: f1:bc:63:6a:54:e0:b5:27:f5:cd:e7:1a:e3:4d:6e:4a -# SHA1 Fingerprint: 36:b1:2b:49:f9:81:9e:d7:4c:9e:bc:38:0f:c6:56:8f:5d:ac:b2:f7 -# SHA256 Fingerprint: e7:5e:72:ed:9f:56:0e:ec:6e:b4:80:00:73:a4:3f:c3:ad:19:19:5a:39:22:82:01:78:95:97:4a:99:02:6b:6c ------BEGIN CERTIFICATE----- -MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY -MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t -dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 -WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD -VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 -9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ -DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 -Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N -QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ -xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G -A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T -AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG -kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr -Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 -Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU -JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot -RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== ------END CERTIFICATE----- - -# Issuer: CN=Sonera Class2 CA O=Sonera -# Subject: CN=Sonera Class2 CA O=Sonera -# Label: "Sonera Class 2 Root CA" -# Serial: 29 -# MD5 Fingerprint: a3:ec:75:0f:2e:88:df:fa:48:01:4e:0b:5c:48:6f:fb -# SHA1 Fingerprint: 37:f7:6d:e6:07:7c:90:c5:b1:3e:93:1a:b7:41:10:b4:f2:e4:9a:27 -# SHA256 Fingerprint: 79:08:b4:03:14:c1:38:10:0b:51:8d:07:35:80:7f:fb:fc:f8:51:8a:00:95:33:71:05:ba:38:6b:15:3d:d9:27 ------BEGIN CERTIFICATE----- -MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP -MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx -MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV -BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o -Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt -5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s -3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej -vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu -8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw -DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG -MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil -zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ -3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD -FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 -Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 -ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M ------END CERTIFICATE----- - -# Issuer: CN=UTN-USERFirst-Hardware O=The USERTRUST Network OU=http://www.usertrust.com -# Subject: CN=UTN-USERFirst-Hardware O=The USERTRUST Network OU=http://www.usertrust.com -# Label: "UTN USERFirst Hardware Root CA" -# Serial: 91374294542884704022267039221184531197 -# MD5 Fingerprint: 4c:56:41:e5:0d:bb:2b:e8:ca:a3:ed:18:08:ad:43:39 -# SHA1 Fingerprint: 04:83:ed:33:99:ac:36:08:05:87:22:ed:bc:5e:46:00:e3:be:f9:d7 -# SHA256 Fingerprint: 6e:a5:47:41:d0:04:66:7e:ed:1b:48:16:63:4a:a3:a7:9e:6e:4b:96:95:0f:82:79:da:fc:8d:9b:d8:81:21:37 ------BEGIN CERTIFICATE----- -MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB -lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug -Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho -dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt -SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG -A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe -MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v -d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh -cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn -0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ -M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a -MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd -oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI -DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy -oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD -VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0 -dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy -bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF -BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM -//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli -CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE -CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t -3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS -KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA== ------END CERTIFICATE----- - -# Issuer: CN=Chambers of Commerce Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org -# Subject: CN=Chambers of Commerce Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org -# Label: "Camerfirma Chambers of Commerce Root" -# Serial: 0 -# MD5 Fingerprint: b0:01:ee:14:d9:af:29:18:94:76:8e:f1:69:33:2a:84 -# SHA1 Fingerprint: 6e:3a:55:a4:19:0c:19:5c:93:84:3c:c0:db:72:2e:31:30:61:f0:b1 -# SHA256 Fingerprint: 0c:25:8a:12:a5:67:4a:ef:25:f2:8b:a7:dc:fa:ec:ee:a3:48:e5:41:e6:f5:cc:4e:e6:3b:71:b3:61:60:6a:c3 ------BEGIN CERTIFICATE----- -MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn -MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL -ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg -b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa -MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB -ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw -IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B -AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb -unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d -BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq -7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 -0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX -roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG -A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j -aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p -26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA -BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud -EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN -BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz -aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB -AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd -p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi -1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc -XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 -eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu -tGWaIZDgqtCYvDi1czyL+Nw= ------END CERTIFICATE----- - -# Issuer: CN=Global Chambersign Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org -# Subject: CN=Global Chambersign Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org -# Label: "Camerfirma Global Chambersign Root" -# Serial: 0 -# MD5 Fingerprint: c5:e6:7b:bf:06:d0:4f:43:ed:c4:7a:65:8a:fb:6b:19 -# SHA1 Fingerprint: 33:9b:6b:14:50:24:9b:55:7a:01:87:72:84:d9:e0:2f:c3:d2:d8:e9 -# SHA256 Fingerprint: ef:3c:b4:17:fc:8e:bf:6f:97:87:6c:9e:4e:ce:39:de:1e:a5:fe:64:91:41:d1:02:8b:7d:11:c0:b2:29:8c:ed ------BEGIN CERTIFICATE----- -MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn -MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL -ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo -YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 -MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy -NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G -A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA -A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 -Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s -QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV -eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 -B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh -z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T -AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i -ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w -TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH -MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD -VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE -VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh -bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B -AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM -bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi -ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG -VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c -ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ -AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== ------END CERTIFICATE----- - -# Issuer: CN=XRamp Global Certification Authority O=XRamp Security Services Inc OU=www.xrampsecurity.com -# Subject: CN=XRamp Global Certification Authority O=XRamp Security Services Inc OU=www.xrampsecurity.com -# Label: "XRamp Global CA Root" -# Serial: 107108908803651509692980124233745014957 -# MD5 Fingerprint: a1:0b:44:b3:ca:10:d8:00:6e:9d:0f:d8:0f:92:0a:d1 -# SHA1 Fingerprint: b8:01:86:d1:eb:9c:86:a5:41:04:cf:30:54:f3:4c:52:b7:e5:58:c6 -# SHA256 Fingerprint: ce:cd:dc:90:50:99:d8:da:df:c5:b1:d2:09:b7:37:cb:e2:c1:8c:fb:2c:10:c0:ff:0b:cf:0d:32:86:fc:1a:a2 ------BEGIN CERTIFICATE----- -MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB -gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk -MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY -UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx -NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 -dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy -dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 -38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP -KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q -DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 -qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa -JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi -PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P -BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs -jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 -eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD -ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR -vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt -qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa -IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy -i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ -O+7ETPTsJ3xCwnR8gooJybQDJbw= ------END CERTIFICATE----- - -# Issuer: O=The Go Daddy Group, Inc. OU=Go Daddy Class 2 Certification Authority -# Subject: O=The Go Daddy Group, Inc. OU=Go Daddy Class 2 Certification Authority -# Label: "Go Daddy Class 2 CA" -# Serial: 0 -# MD5 Fingerprint: 91:de:06:25:ab:da:fd:32:17:0c:bb:25:17:2a:84:67 -# SHA1 Fingerprint: 27:96:ba:e6:3f:18:01:e2:77:26:1b:a0:d7:77:70:02:8f:20:ee:e4 -# SHA256 Fingerprint: c3:84:6b:f2:4b:9e:93:ca:64:27:4c:0e:c6:7c:1e:cc:5e:02:4f:fc:ac:d2:d7:40:19:35:0e:81:fe:54:6a:e4 ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh -MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE -YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 -MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo -ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg -MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN -ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA -PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w -wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi -EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY -avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ -YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE -sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h -/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 -IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD -ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy -OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P -TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ -HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER -dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf -ReYNnyicsbkqWletNw+vHX/bvZ8= ------END CERTIFICATE----- - -# Issuer: O=Starfield Technologies, Inc. OU=Starfield Class 2 Certification Authority -# Subject: O=Starfield Technologies, Inc. OU=Starfield Class 2 Certification Authority -# Label: "Starfield Class 2 CA" -# Serial: 0 -# MD5 Fingerprint: 32:4a:4b:bb:c8:63:69:9b:be:74:9a:c6:dd:1d:46:24 -# SHA1 Fingerprint: ad:7e:1c:28:b0:64:ef:8f:60:03:40:20:14:c3:d0:e3:37:0e:b5:8a -# SHA256 Fingerprint: 14:65:fa:20:53:97:b8:76:fa:a6:f0:a9:95:8e:55:90:e4:0f:cc:7f:aa:4f:b7:c2:c8:67:75:21:fb:5f:b6:58 ------BEGIN CERTIFICATE----- -MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl -MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp -U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw -NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE -ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp -ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 -DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf -8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN -+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 -X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa -K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA -1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G -A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR -zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 -YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD -bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 -L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D -eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl -xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp -VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY -WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= ------END CERTIFICATE----- - -# Issuer: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing -# Subject: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing -# Label: "StartCom Certification Authority" -# Serial: 1 -# MD5 Fingerprint: 22:4d:8f:8a:fc:f7:35:c2:bb:57:34:90:7b:8b:22:16 -# SHA1 Fingerprint: 3e:2b:f7:f2:03:1b:96:f3:8c:e6:c4:d8:a8:5d:3e:2d:58:47:6a:0f -# SHA256 Fingerprint: c7:66:a9:be:f2:d4:07:1c:86:3a:31:aa:49:20:e8:13:b2:d1:98:60:8c:b7:b7:cf:e2:11:43:b8:36:df:09:ea ------BEGIN CERTIFICATE----- -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW -MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg -Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9 -MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi -U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh -cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk -pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf -OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C -Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT -Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi -HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM -Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w -+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ -Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 -Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B -26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID -AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE -FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j -ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js -LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM -BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 -Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy -dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh -cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh -YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg -dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp -bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ -YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT -TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ -9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8 -jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW -FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz -ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 -ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L -EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu -L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq -yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC -O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V -um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh -NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14= ------END CERTIFICATE----- - -# Issuer: O=Government Root Certification Authority -# Subject: O=Government Root Certification Authority -# Label: "Taiwan GRCA" -# Serial: 42023070807708724159991140556527066870 -# MD5 Fingerprint: 37:85:44:53:32:45:1f:20:f0:f3:95:e1:25:c4:43:4e -# SHA1 Fingerprint: f4:8b:11:bf:de:ab:be:94:54:20:71:e6:41:de:6b:be:88:2b:40:b9 -# SHA256 Fingerprint: 76:00:29:5e:ef:e8:5b:9e:1f:d6:24:db:76:06:2a:aa:ae:59:81:8a:54:d2:77:4c:d4:c0:b2:c0:11:31:e1:b3 ------BEGIN CERTIFICATE----- -MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/ -MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow -PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB -AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR -IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q -gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy -yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts -F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2 -jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx -ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC -VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK -YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH -EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN -Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud -DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE -MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK -UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ -TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf -qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK -ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE -JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7 -hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1 -EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm -nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX -udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz -ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe -LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl -pYYsfPQS ------END CERTIFICATE----- - -# Issuer: CN=Swisscom Root CA 1 O=Swisscom OU=Digital Certificate Services -# Subject: CN=Swisscom Root CA 1 O=Swisscom OU=Digital Certificate Services -# Label: "Swisscom Root CA 1" -# Serial: 122348795730808398873664200247279986742 -# MD5 Fingerprint: f8:38:7c:77:88:df:2c:16:68:2e:c2:e2:52:4b:b8:f9 -# SHA1 Fingerprint: 5f:3a:fc:0a:8b:64:f6:86:67:34:74:df:7e:a9:a2:fe:f9:fa:7a:51 -# SHA256 Fingerprint: 21:db:20:12:36:60:bb:2e:d4:18:20:5d:a1:1e:e7:a8:5a:65:e2:bc:6e:55:b5:af:7e:78:99:c8:a2:66:d9:2e ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk -MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 -YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg -Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT -AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp -Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9 -m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih -FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/ -TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F -EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco -kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu -HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF -vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo -19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC -L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW -bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX -JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw -FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j -BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc -K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf -ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik -Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB -sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e -3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR -ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip -mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH -b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf -rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms -hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y -zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6 -MBr1mmz0DlP5OlvRHA== ------END CERTIFICATE----- - -# Issuer: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com -# Subject: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com -# Label: "DigiCert Assured ID Root CA" -# Serial: 17154717934120587862167794914071425081 -# MD5 Fingerprint: 87:ce:0b:7b:2a:0e:49:00:e1:58:71:9b:37:a8:93:72 -# SHA1 Fingerprint: 05:63:b8:63:0d:62:d7:5a:bb:c8:ab:1e:4b:df:b5:a8:99:b2:4d:43 -# SHA256 Fingerprint: 3e:90:99:b5:01:5e:8f:48:6c:00:bc:ea:9d:11:1e:e7:21:fa:ba:35:5a:89:bc:f1:df:69:56:1e:3d:c6:32:5c ------BEGIN CERTIFICATE----- -MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv -b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl -cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c -JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP -mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ -wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 -VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ -AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB -AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW -BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun -pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC -dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf -fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm -NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx -H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe -+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== ------END CERTIFICATE----- - -# Issuer: CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com -# Subject: CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com -# Label: "DigiCert Global Root CA" -# Serial: 10944719598952040374951832963794454346 -# MD5 Fingerprint: 79:e4:a9:84:0d:7d:3a:96:d7:c0:4f:e2:43:4c:89:2e -# SHA1 Fingerprint: a8:98:5d:3a:65:e5:e5:c4:b2:d7:d6:6d:40:c6:dd:2f:b1:9c:54:36 -# SHA256 Fingerprint: 43:48:a0:e9:44:4c:78:cb:26:5e:05:8d:5e:89:44:b4:d8:4f:96:62:bd:26:db:25:7f:89:34:a4:43:c7:01:61 ------BEGIN CERTIFICATE----- -MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD -QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT -MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j -b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB -CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 -nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt -43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P -T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 -gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO -BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR -TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw -DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr -hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg -06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF -PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls -YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk -CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= ------END CERTIFICATE----- - -# Issuer: CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com -# Subject: CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com -# Label: "DigiCert High Assurance EV Root CA" -# Serial: 3553400076410547919724730734378100087 -# MD5 Fingerprint: d4:74:de:57:5c:39:b2:d3:9c:85:83:c5:c0:65:49:8a -# SHA1 Fingerprint: 5f:b7:ee:06:33:e2:59:db:ad:0c:4c:9a:e6:d3:8f:1a:61:c7:dc:25 -# SHA256 Fingerprint: 74:31:e5:f4:c3:c1:ce:46:90:77:4f:0b:61:e0:54:40:88:3b:a9:a0:1e:d0:0b:a6:ab:d7:80:6e:d3:b1:18:cf ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j -ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL -MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 -LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug -RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm -+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW -PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM -xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB -Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 -hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg -EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA -FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec -nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z -eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF -hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 -Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe -vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep -+OkuE6N36B9K ------END CERTIFICATE----- - -# Issuer: CN=Class 2 Primary CA O=Certplus -# Subject: CN=Class 2 Primary CA O=Certplus -# Label: "Certplus Class 2 Primary CA" -# Serial: 177770208045934040241468760488327595043 -# MD5 Fingerprint: 88:2c:8c:52:b8:a2:3c:f3:f7:bb:03:ea:ae:ac:42:0b -# SHA1 Fingerprint: 74:20:74:41:72:9c:dd:92:ec:79:31:d8:23:10:8d:c2:81:92:e2:bb -# SHA256 Fingerprint: 0f:99:3c:8a:ef:97:ba:af:56:87:14:0e:d5:9a:d1:82:1b:b4:af:ac:f0:aa:9a:58:b5:d5:7a:33:8a:3a:fb:cb ------BEGIN CERTIFICATE----- -MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw -PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz -cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 -MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz -IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ -ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR -VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL -kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd -EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas -H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 -HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud -DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 -QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu -Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ -AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 -yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR -FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA -ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB -kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 -l7+ijrRU ------END CERTIFICATE----- - -# Issuer: CN=DST Root CA X3 O=Digital Signature Trust Co. -# Subject: CN=DST Root CA X3 O=Digital Signature Trust Co. -# Label: "DST Root CA X3" -# Serial: 91299735575339953335919266965803778155 -# MD5 Fingerprint: 41:03:52:dc:0f:f7:50:1b:16:f0:02:8e:ba:6f:45:c5 -# SHA1 Fingerprint: da:c9:02:4f:54:d8:f6:df:94:93:5f:b1:73:26:38:ca:6a:d7:7c:13 -# SHA256 Fingerprint: 06:87:26:03:31:a7:24:03:d9:09:f1:05:e6:9b:cf:0d:32:e1:bd:24:93:ff:c6:d9:20:6d:11:bc:d6:77:07:39 ------BEGIN CERTIFICATE----- -MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow -PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD -Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O -rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq -OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b -xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw -7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD -aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG -SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 -ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr -AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz -R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 -JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo -Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ ------END CERTIFICATE----- - -# Issuer: CN=DST ACES CA X6 O=Digital Signature Trust OU=DST ACES -# Subject: CN=DST ACES CA X6 O=Digital Signature Trust OU=DST ACES -# Label: "DST ACES CA X6" -# Serial: 17771143917277623872238992636097467865 -# MD5 Fingerprint: 21:d8:4c:82:2b:99:09:33:a2:eb:14:24:8d:8e:5f:e8 -# SHA1 Fingerprint: 40:54:da:6f:1c:3f:40:74:ac:ed:0f:ec:cd:db:79:d1:53:fb:90:1d -# SHA256 Fingerprint: 76:7c:95:5a:76:41:2c:89:af:68:8e:90:a1:c7:0f:55:6c:fd:6b:60:25:db:ea:10:41:6d:7e:b6:83:1f:8c:40 ------BEGIN CERTIFICATE----- -MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb -MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx -ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w -MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD -VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx -FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu -ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7 -gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH -fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a -ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT -ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF -MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk -c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto -dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt -aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI -hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk -QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/ -h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq -nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR -rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2 -9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis= ------END CERTIFICATE----- - -# Issuer: CN=SwissSign Gold CA - G2 O=SwissSign AG -# Subject: CN=SwissSign Gold CA - G2 O=SwissSign AG -# Label: "SwissSign Gold CA - G2" -# Serial: 13492815561806991280 -# MD5 Fingerprint: 24:77:d9:a8:91:d1:3b:fa:88:2d:c2:ff:f8:cd:33:93 -# SHA1 Fingerprint: d8:c5:38:8a:b7:30:1b:1b:6e:d4:7a:e6:45:25:3a:6f:9f:1a:27:61 -# SHA256 Fingerprint: 62:dd:0b:e9:b9:f5:0a:16:3e:a0:f8:e7:5c:05:3b:1e:ca:57:ea:55:c8:68:8f:64:7c:68:81:f2:c8:35:7b:95 ------BEGIN CERTIFICATE----- -MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV -BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln -biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF -MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT -d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 -76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ -bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c -6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE -emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd -MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt -MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y -MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y -FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi -aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM -gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB -qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 -lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn -8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov -L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 -45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO -UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 -O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC -bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv -GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a -77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC -hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 -92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp -Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w -ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt -Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ ------END CERTIFICATE----- - -# Issuer: CN=SwissSign Silver CA - G2 O=SwissSign AG -# Subject: CN=SwissSign Silver CA - G2 O=SwissSign AG -# Label: "SwissSign Silver CA - G2" -# Serial: 5700383053117599563 -# MD5 Fingerprint: e0:06:a1:c9:7d:cf:c9:fc:0d:c0:56:75:96:d8:62:13 -# SHA1 Fingerprint: 9b:aa:e5:9f:56:ee:21:cb:43:5a:be:25:93:df:a7:f0:40:d1:1d:cb -# SHA256 Fingerprint: be:6c:4d:a2:bb:b9:ba:59:b6:f3:93:97:68:37:42:46:c3:c0:05:99:3f:a9:8f:02:0d:1d:ed:be:d4:8a:81:d5 ------BEGIN CERTIFICATE----- -MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE -BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu -IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow -RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY -U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv -Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br -YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF -nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH -6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt -eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ -c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ -MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH -HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf -jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 -5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB -rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU -F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c -wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 -cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB -AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp -WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 -xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ -2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ -IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 -aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X -em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR -dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ -OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ -hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy -tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u ------END CERTIFICATE----- - -# Issuer: CN=GeoTrust Primary Certification Authority O=GeoTrust Inc. -# Subject: CN=GeoTrust Primary Certification Authority O=GeoTrust Inc. -# Label: "GeoTrust Primary Certification Authority" -# Serial: 32798226551256963324313806436981982369 -# MD5 Fingerprint: 02:26:c3:01:5e:08:30:37:43:a9:d0:7d:cf:37:e6:bf -# SHA1 Fingerprint: 32:3c:11:8e:1b:f7:b8:b6:52:54:e2:e2:10:0d:d6:02:90:37:f0:96 -# SHA256 Fingerprint: 37:d5:10:06:c5:12:ea:ab:62:64:21:f1:ec:8c:92:01:3f:c5:f8:2a:e9:8e:e5:33:eb:46:19:b8:de:b4:d0:6c ------BEGIN CERTIFICATE----- -MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY -MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo -R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx -MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK -Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 -AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA -ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 -7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W -kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI -mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G -A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ -KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 -6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl -4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K -oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj -UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU -AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= ------END CERTIFICATE----- - -# Issuer: CN=thawte Primary Root CA O=thawte, Inc. OU=Certification Services Division/(c) 2006 thawte, Inc. - For authorized use only -# Subject: CN=thawte Primary Root CA O=thawte, Inc. OU=Certification Services Division/(c) 2006 thawte, Inc. - For authorized use only -# Label: "thawte Primary Root CA" -# Serial: 69529181992039203566298953787712940909 -# MD5 Fingerprint: 8c:ca:dc:0b:22:ce:f5:be:72:ac:41:1a:11:a8:d8:12 -# SHA1 Fingerprint: 91:c6:d6:ee:3e:8a:c8:63:84:e5:48:c2:99:29:5c:75:6c:81:7b:81 -# SHA256 Fingerprint: 8d:72:2f:81:a9:c1:13:c0:79:1d:f1:36:a2:96:6d:b2:6c:95:0a:97:1d:b4:6b:41:99:f4:ea:54:b7:8b:fb:9f ------BEGIN CERTIFICATE----- -MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB -qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf -Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw -MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV -BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw -NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j -LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG -A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl -IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs -W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta -3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk -6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 -Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J -NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP -r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU -DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz -YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX -xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 -/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ -LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 -jVaMaA== ------END CERTIFICATE----- - -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2006 VeriSign, Inc. - For authorized use only -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2006 VeriSign, Inc. - For authorized use only -# Label: "VeriSign Class 3 Public Primary Certification Authority - G5" -# Serial: 33037644167568058970164719475676101450 -# MD5 Fingerprint: cb:17:e4:31:67:3e:e2:09:fe:45:57:93:f3:0a:fa:1c -# SHA1 Fingerprint: 4e:b6:d5:78:49:9b:1c:cf:5f:58:1e:ad:56:be:3d:9b:67:44:a5:e5 -# SHA256 Fingerprint: 9a:cf:ab:7e:43:c8:d8:80:d0:6b:26:2a:94:de:ee:e4:b4:65:99:89:c3:d0:ca:f1:9b:af:64:05:e4:1a:b7:df ------BEGIN CERTIFICATE----- -MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB -yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL -ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp -U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW -ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL -MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW -ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln -biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp -U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y -aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 -nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex -t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz -SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG -BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ -rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ -NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E -BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH -BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy -aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv -MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE -p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y -5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK -WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ -4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N -hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq ------END CERTIFICATE----- - -# Issuer: CN=SecureTrust CA O=SecureTrust Corporation -# Subject: CN=SecureTrust CA O=SecureTrust Corporation -# Label: "SecureTrust CA" -# Serial: 17199774589125277788362757014266862032 -# MD5 Fingerprint: dc:32:c3:a7:6d:25:57:c7:68:09:9d:ea:2d:a9:a2:d1 -# SHA1 Fingerprint: 87:82:c6:c3:04:35:3b:cf:d2:96:92:d2:59:3e:7d:44:d9:34:ff:11 -# SHA256 Fingerprint: f1:c1:b5:0a:e5:a2:0d:d8:03:0e:c9:f6:bc:24:82:3d:d3:67:b5:25:57:59:b4:e7:1b:61:fc:e9:f7:37:5d:73 ------BEGIN CERTIFICATE----- -MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI -MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x -FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz -MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv -cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz -Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO -0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao -wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj -7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS -8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT -BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg -JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC -NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 -6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ -3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm -D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS -CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR -3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= ------END CERTIFICATE----- - -# Issuer: CN=Secure Global CA O=SecureTrust Corporation -# Subject: CN=Secure Global CA O=SecureTrust Corporation -# Label: "Secure Global CA" -# Serial: 9751836167731051554232119481456978597 -# MD5 Fingerprint: cf:f4:27:0d:d4:ed:dc:65:16:49:6d:3d:da:bf:6e:de -# SHA1 Fingerprint: 3a:44:73:5a:e5:81:90:1f:24:86:61:46:1e:3b:9c:c4:5f:f5:3a:1b -# SHA256 Fingerprint: 42:00:f5:04:3a:c8:59:0e:bb:52:7d:20:9e:d1:50:30:29:fb:cb:d4:1c:a1:b5:06:ec:27:f1:5a:de:7d:ac:69 ------BEGIN CERTIFICATE----- -MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK -MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x -GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx -MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg -Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ -iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa -/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ -jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI -HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 -sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w -gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw -KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG -AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L -URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO -H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm -I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY -iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc -f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW ------END CERTIFICATE----- - -# Issuer: CN=COMODO Certification Authority O=COMODO CA Limited -# Subject: CN=COMODO Certification Authority O=COMODO CA Limited -# Label: "COMODO Certification Authority" -# Serial: 104350513648249232941998508985834464573 -# MD5 Fingerprint: 5c:48:dc:f7:42:72:ec:56:94:6d:1c:cc:71:35:80:75 -# SHA1 Fingerprint: 66:31:bf:9e:f7:4f:9e:b6:c9:d5:a6:0c:ba:6a:be:d1:f7:bd:ef:7b -# SHA256 Fingerprint: 0c:2c:d6:3d:f7:80:6f:a3:99:ed:e8:09:11:6b:57:5b:f8:79:89:f0:65:18:f9:80:8c:86:05:03:17:8b:af:66 ------BEGIN CERTIFICATE----- -MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB -gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV -BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw -MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl -YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P -RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 -UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI -2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 -Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp -+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ -DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O -nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW -/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g -PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u -QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY -SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv -IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ -RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 -zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd -BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB -ZQ== ------END CERTIFICATE----- - -# Issuer: CN=Network Solutions Certificate Authority O=Network Solutions L.L.C. -# Subject: CN=Network Solutions Certificate Authority O=Network Solutions L.L.C. -# Label: "Network Solutions Certificate Authority" -# Serial: 116697915152937497490437556386812487904 -# MD5 Fingerprint: d3:f3:a6:16:c0:fa:6b:1d:59:b1:2d:96:4d:0e:11:2e -# SHA1 Fingerprint: 74:f8:a3:c3:ef:e7:b3:90:06:4b:83:90:3c:21:64:60:20:e5:df:ce -# SHA256 Fingerprint: 15:f0:ba:00:a3:ac:7a:f3:ac:88:4c:07:2b:10:11:a0:77:bd:77:c0:97:f4:01:64:b2:f8:59:8a:bd:83:86:0c ------BEGIN CERTIFICATE----- -MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi -MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu -MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp -dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV -UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO -ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz -c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP -OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl -mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF -BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 -qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw -gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu -bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp -dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 -6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ -h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH -/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv -wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN -pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey ------END CERTIFICATE----- - -# Issuer: CN=WellsSecure Public Root Certificate Authority O=Wells Fargo WellsSecure OU=Wells Fargo Bank NA -# Subject: CN=WellsSecure Public Root Certificate Authority O=Wells Fargo WellsSecure OU=Wells Fargo Bank NA -# Label: "WellsSecure Public Root Certificate Authority" -# Serial: 1 -# MD5 Fingerprint: 15:ac:a5:c2:92:2d:79:bc:e8:7f:cb:67:ed:02:cf:36 -# SHA1 Fingerprint: e7:b4:f6:9d:61:ec:90:69:db:7e:90:a7:40:1a:3c:f4:7d:4f:e8:ee -# SHA256 Fingerprint: a7:12:72:ae:aa:a3:cf:e8:72:7f:7f:b3:9f:0f:b3:d1:e5:42:6e:90:60:b0:6e:e6:f1:3e:9a:3c:58:33:cd:43 ------BEGIN CERTIFICATE----- -MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMx -IDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxs -cyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9v -dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcwNzU0WhcNMjIxMjE0 -MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdl -bGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQD -DC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+r -WxxTkqxtnt3CxC5FlAM1iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjU -Dk/41itMpBb570OYj7OeUt9tkTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcs -HqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNj -z7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFaf -SZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/Slwxl -AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqG -KGh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P -AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0j -BIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkGA1UEBhMC -VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNX -ZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg -Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEB -ALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd -/ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pB -A4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSljqHyita04pO2t/caaH/+Xc/77szWn -k4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9 -iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv -2G0xffX8oRAHh84vWdw+WNs= ------END CERTIFICATE----- - -# Issuer: CN=COMODO ECC Certification Authority O=COMODO CA Limited -# Subject: CN=COMODO ECC Certification Authority O=COMODO CA Limited -# Label: "COMODO ECC Certification Authority" -# Serial: 41578283867086692638256921589707938090 -# MD5 Fingerprint: 7c:62:ff:74:9d:31:53:5e:68:4a:d5:78:aa:1e:bf:23 -# SHA1 Fingerprint: 9f:74:4e:9f:2b:4d:ba:ec:0f:31:2c:50:b6:56:3b:8e:2d:93:c3:11 -# SHA256 Fingerprint: 17:93:92:7a:06:14:54:97:89:ad:ce:2f:8f:34:f7:f0:b6:6d:0f:3a:e3:a3:b8:4d:21:ec:15:db:ba:4f:ad:c7 ------BEGIN CERTIFICATE----- -MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT -IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw -MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy -ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N -T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR -FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J -cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW -BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm -fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv -GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= ------END CERTIFICATE----- - -# Issuer: CN=IGC/A O=PM/SGDN OU=DCSSI -# Subject: CN=IGC/A O=PM/SGDN OU=DCSSI -# Label: "IGC/A" -# Serial: 245102874772 -# MD5 Fingerprint: 0c:7f:dd:6a:f4:2a:b9:c8:9b:bd:20:7e:a9:db:5c:37 -# SHA1 Fingerprint: 60:d6:89:74:b5:c2:65:9e:8a:0f:c1:88:7c:88:d2:46:69:1b:18:2c -# SHA256 Fingerprint: b9:be:a7:86:0a:96:2e:a3:61:1d:ab:97:ab:6d:a3:e2:1c:10:68:b9:7d:55:57:5e:d0:e1:12:79:c1:1c:89:32 ------BEGIN CERTIFICATE----- -MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYT -AkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQ -TS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG -9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIxMzE0MjkyM1oXDTIw -MTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAM -BgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEO -MAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2 -LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaI -s9z4iPf930Pfeo2aSVz2TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2 -xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4 -u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1b -F8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAx -Vs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGd -PDPQtQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNV -HSAEDjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx -NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUF -AAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2FLwV3duJ -L92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3QMZsyK10XZZOY -YLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg -Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2a -NjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R -0982gaEbeC9xs/FZTEYYKKuF0mBWWg== ------END CERTIFICATE----- - -# Issuer: O=SECOM Trust Systems CO.,LTD. OU=Security Communication EV RootCA1 -# Subject: O=SECOM Trust Systems CO.,LTD. OU=Security Communication EV RootCA1 -# Label: "Security Communication EV RootCA1" -# Serial: 0 -# MD5 Fingerprint: 22:2d:a6:01:ea:7c:0a:f7:f0:6c:56:43:3f:77:76:d3 -# SHA1 Fingerprint: fe:b8:c4:32:dc:f9:76:9a:ce:ae:3d:d8:90:8f:fd:28:86:65:64:7d -# SHA256 Fingerprint: a2:2d:ba:68:1e:97:37:6e:2d:39:7d:72:8a:ae:3a:9b:62:96:b9:fd:ba:60:bc:2e:11:f6:47:f2:c6:75:fb:37 ------BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl -MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh -U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz -MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N -IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11 -bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE -RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO -zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5 -bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF -MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1 -VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC -OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G -CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW -tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ -q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb -EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+ -Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O -VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 ------END CERTIFICATE----- - -# Issuer: CN=OISTE WISeKey Global Root GA CA O=WISeKey OU=Copyright (c) 2005/OISTE Foundation Endorsed -# Subject: CN=OISTE WISeKey Global Root GA CA O=WISeKey OU=Copyright (c) 2005/OISTE Foundation Endorsed -# Label: "OISTE WISeKey Global Root GA CA" -# Serial: 86718877871133159090080555911823548314 -# MD5 Fingerprint: bc:6c:51:33:a7:e9:d3:66:63:54:15:72:1b:21:92:93 -# SHA1 Fingerprint: 59:22:a1:e1:5a:ea:16:35:21:f8:98:39:6a:46:46:b0:44:1b:0f:a9 -# SHA256 Fingerprint: 41:c9:23:86:6a:b4:ca:d6:b7:ad:57:80:81:58:2e:02:07:97:a6:cb:df:4f:ff:78:ce:83:96:b3:89:37:d7:f5 ------BEGIN CERTIFICATE----- -MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB -ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly -aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl -ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w -NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G -A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD -VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX -SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR -VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 -w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF -mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg -4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 -4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw -DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw -EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx -SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 -ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 -vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa -hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi -Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ -/L7fCg0= ------END CERTIFICATE----- - -# Issuer: CN=Microsec e-Szigno Root CA O=Microsec Ltd. OU=e-Szigno CA -# Subject: CN=Microsec e-Szigno Root CA O=Microsec Ltd. OU=e-Szigno CA -# Label: "Microsec e-Szigno Root CA" -# Serial: 272122594155480254301341951808045322001 -# MD5 Fingerprint: f0:96:b6:2f:c5:10:d5:67:8e:83:25:32:e8:5e:2e:e5 -# SHA1 Fingerprint: 23:88:c9:d3:71:cc:9e:96:3d:ff:7d:3c:a7:ce:fc:d6:25:ec:19:0d -# SHA256 Fingerprint: 32:7a:3d:76:1a:ba:de:a0:34:eb:99:84:06:27:5c:b1:a4:77:6e:fd:ae:2f:df:6d:01:68:ea:1c:4f:55:67:d0 ------BEGIN CERTIFICATE----- -MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAw -cjELMAkGA1UEBhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNy -b3NlYyBMdGQuMRQwEgYDVQQLEwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9z -ZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0MDYxMjI4NDRaFw0xNzA0MDYxMjI4 -NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEWMBQGA1UEChMN -TWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMTGU1p -Y3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2u -uO/TEdyB5s87lozWbxXGd36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+ -LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/NoqdNAoI/gqyFxuEPkEeZlApxcpMqyabA -vjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjcQR/Ji3HWVBTji1R4P770 -Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJPqW+jqpx -62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcB -AQRbMFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3Aw -LQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAP -BgNVHRMBAf8EBTADAQH/MIIBcwYDVR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIB -AQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3LmUtc3ppZ25vLmh1L1NaU1ov -MIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0AdAB2AOEAbgB5 -ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn -AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABT -AHoAbwBsAGcA4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABh -ACAAcwB6AGUAcgBpAG4AdAAgAGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABo -AHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMAegBpAGcAbgBvAC4AaAB1AC8AUwBa -AFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6Ly93d3cuZS1zemln -bm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NOPU1p -Y3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxP -PU1pY3Jvc2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZv -Y2F0aW9uTGlzdDtiaW5hcnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuB -EGluZm9AZS1zemlnbm8uaHWkdzB1MSMwIQYDVQQDDBpNaWNyb3NlYyBlLVN6aWdu -w7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhTWjEWMBQGA1UEChMNTWlj -cm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhVMIGsBgNV -HSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJI -VTERMA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDAS -BgNVBAsTC2UtU3ppZ25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBS -b290IENBghEAzLjnv04pGv2i3GalHCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS -8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMTnGZjWS7KXHAM/IO8VbH0jgds -ZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FEaGAHQzAxQmHl -7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a -86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfR -hUZLphK3dehKyVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/ -MPMMNz7UwiiAc7EBt51alhQBS6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU= ------END CERTIFICATE----- - -# Issuer: CN=Certigna O=Dhimyotis -# Subject: CN=Certigna O=Dhimyotis -# Label: "Certigna" -# Serial: 18364802974209362175 -# MD5 Fingerprint: ab:57:a6:5b:7d:42:82:19:b5:d8:58:26:28:5e:fd:ff -# SHA1 Fingerprint: b1:2e:13:63:45:86:a4:6f:1a:b2:60:68:37:58:2d:c4:ac:fd:94:97 -# SHA256 Fingerprint: e3:b6:a2:db:2e:d7:ce:48:84:2f:7a:c5:32:41:c7:b7:1d:54:14:4b:fb:40:c1:1f:3f:1d:0b:42:f5:ee:a1:2d ------BEGIN CERTIFICATE----- -MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV -BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X -DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ -BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 -QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny -gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw -zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q -130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 -JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw -DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw -ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT -AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj -AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG -9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h -bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc -fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu -HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w -t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw -WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== ------END CERTIFICATE----- - -# Issuer: CN=Deutsche Telekom Root CA 2 O=Deutsche Telekom AG OU=T-TeleSec Trust Center -# Subject: CN=Deutsche Telekom Root CA 2 O=Deutsche Telekom AG OU=T-TeleSec Trust Center -# Label: "Deutsche Telekom Root CA 2" -# Serial: 38 -# MD5 Fingerprint: 74:01:4a:91:b1:08:c4:58:ce:47:cd:f0:dd:11:53:08 -# SHA1 Fingerprint: 85:a4:08:c0:9c:19:3e:5d:51:58:7d:cd:d6:13:30:fd:8c:de:37:bf -# SHA256 Fingerprint: b6:19:1a:50:d0:c3:97:7f:7d:a9:9b:cd:aa:c8:6a:22:7d:ae:b9:67:9e:c7:0b:a3:b0:c9:d9:22:71:c1:70:d3 ------BEGIN CERTIFICATE----- -MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc -MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj -IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB -IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE -RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl -U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 -IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU -ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC -QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr -rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S -NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc -QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH -txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP -BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC -AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp -tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa -IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl -6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ -xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU -Cm26OWMohpLzGITY+9HPBVZkVw== ------END CERTIFICATE----- - -# Issuer: CN=Cybertrust Global Root O=Cybertrust, Inc -# Subject: CN=Cybertrust Global Root O=Cybertrust, Inc -# Label: "Cybertrust Global Root" -# Serial: 4835703278459682877484360 -# MD5 Fingerprint: 72:e4:4a:87:e3:69:40:80:77:ea:bc:e3:f4:ff:f0:e1 -# SHA1 Fingerprint: 5f:43:e5:b1:bf:f8:78:8c:ac:1c:c7:ca:4a:9a:c6:22:2b:cc:34:c6 -# SHA256 Fingerprint: 96:0a:df:00:63:e9:63:56:75:0c:29:65:dd:0a:08:67:da:0b:9c:bd:6e:77:71:4a:ea:fb:23:49:ab:39:3d:a3 ------BEGIN CERTIFICATE----- -MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG -A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh -bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE -ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS -b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 -7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS -J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y -HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP -t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz -FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY -XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ -MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw -hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js -MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA -A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj -Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx -XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o -omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc -A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW -WL1WMRJOEcgh4LMRkWXbtKaIOM5V ------END CERTIFICATE----- - -# Issuer: O=Chunghwa Telecom Co., Ltd. OU=ePKI Root Certification Authority -# Subject: O=Chunghwa Telecom Co., Ltd. OU=ePKI Root Certification Authority -# Label: "ePKI Root Certification Authority" -# Serial: 28956088682735189655030529057352760477 -# MD5 Fingerprint: 1b:2e:00:ca:26:06:90:3d:ad:fe:6f:15:68:d3:6b:b3 -# SHA1 Fingerprint: 67:65:0d:f1:7e:8e:7e:5b:82:40:a4:f4:56:4b:cf:e2:3d:69:c6:f0 -# SHA256 Fingerprint: c0:a6:f4:dc:63:a2:4b:fd:cf:54:ef:2a:6a:08:2a:0a:72:de:35:80:3e:2f:f5:ff:52:7a:e5:d8:72:06:df:d5 ------BEGIN CERTIFICATE----- -MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe -MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 -ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe -Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw -IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL -SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH -SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh -ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X -DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 -TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ -fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA -sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU -WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS -nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH -dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip -NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC -AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF -MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH -ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB -uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl -PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP -JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ -gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 -j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 -5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB -o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS -/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z -Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE -W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D -hNQ+IIX3Sj0rnP0qCglN6oH4EZw= ------END CERTIFICATE----- - -# Issuer: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE/Kamu Sertifikasyon Merkezi -# Subject: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE/Kamu Sertifikasyon Merkezi -# Label: "T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3" -# Serial: 17 -# MD5 Fingerprint: ed:41:f5:8c:50:c5:2b:9c:73:e6:ee:6c:eb:c2:a8:26 -# SHA1 Fingerprint: 1b:4b:39:61:26:27:6b:64:91:a2:68:6d:d7:02:43:21:2d:1f:1d:96 -# SHA256 Fingerprint: e4:c7:34:30:d7:a5:b5:09:25:df:43:37:0a:0d:21:6e:9a:79:b9:d6:db:83:73:a0:c6:9e:b1:cc:31:c7:c5:2a ------BEGIN CERTIFICATE----- -MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRS -MRgwFgYDVQQHDA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJp -bGltc2VsIHZlIFRla25vbG9qaWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSw -VEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ryb25payB2ZSBLcmlwdG9sb2ppIEFy -YcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNVBAsMGkthbXUgU2Vy -dGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUgS8O2 -ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAe -Fw0wNzA4MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIx -GDAWBgNVBAcMD0dlYnplIC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmls -aW1zZWwgdmUgVGVrbm9sb2ppayBBcmHFn3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBU -QUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZlIEtyaXB0b2xvamkgQXJh -xZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2FtdSBTZXJ0 -aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7Zr -IFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4h -gb46ezzb8R1Sf1n68yJMlaCQvEhOEav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yK -O7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1xnnRFDDtG1hba+818qEhTsXO -fJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR6Oqeyjh1jmKw -lZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL -hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQID -AQABo0IwQDAdBgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/ -BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmP -NOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4N5EY3ATIZJkrGG2AA1nJrvhY0D7t -wyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLTy9LQQfMmNkqblWwM -7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYhLBOh -gLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5n -oN+J1q2MdqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUs -yZyQ2uypQjyttgI= ------END CERTIFICATE----- - -# Issuer: CN=Buypass Class 2 CA 1 O=Buypass AS-983163327 -# Subject: CN=Buypass Class 2 CA 1 O=Buypass AS-983163327 -# Label: "Buypass Class 2 CA 1" -# Serial: 1 -# MD5 Fingerprint: b8:08:9a:f0:03:cc:1b:0d:c8:6c:0b:76:a1:75:64:23 -# SHA1 Fingerprint: a0:a1:ab:90:c9:fc:84:7b:3b:12:61:e8:97:7d:5f:d3:22:61:d3:cc -# SHA256 Fingerprint: 0f:4e:9c:dd:26:4b:02:55:50:d1:70:80:63:40:21:4f:e9:44:34:c9:b0:2f:69:7e:c7:10:fc:5f:ea:fb:5e:38 ------BEGIN CERTIFICATE----- -MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd -MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg -Q2xhc3MgMiBDQSAxMB4XDTA2MTAxMzEwMjUwOVoXDTE2MTAxMzEwMjUwOVowSzEL -MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD -VQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE425KEHK8T1A9vNkYgxC7McXA0 -ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvnma+WwajHQN2lFYxuyHyXA8vmIPLX -l18xoS830r7uvqmtqEyeIWZDO6i88wmjONVZJMHCR3axiFyCO7srpgTXjAePzdVB -HfCuuCkslFJgNJQ72uA40Z0zPhX0kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B -5J2O6O+JzhRMVB0cgRJNcKi+EAUXfh/RuFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3 -WNVyfh9EdrsAiR0WnVE1703CVu9r4Iw7DekCAwEAAaNCMEAwDwYDVR0TAQH/BAUw -AwEB/zAdBgNVHQ4EFgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0PAQH/BAQD -AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLP -gcIV1Xp+DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+ -DKhQ7SLHrQVMdvvt7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKu -BctN518fV4bVIJwo+28TOPX2EZL2fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEseaHs -h7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5wwDX3OaJdZtB7WZ+oRxKaJyOk -LY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho ------END CERTIFICATE----- - -# Issuer: CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. -# Subject: CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. -# Label: "EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1" -# Serial: 5525761995591021570 -# MD5 Fingerprint: 2c:20:26:9d:cb:1a:4a:00:85:b5:b7:5a:ae:c2:01:37 -# SHA1 Fingerprint: 8c:96:ba:eb:dd:2b:07:07:48:ee:30:32:66:a0:f3:98:6e:7c:ae:58 -# SHA256 Fingerprint: 35:ae:5b:dd:d8:f7:ae:63:5c:ff:ba:56:82:a8:f0:0b:95:f4:84:62:c7:10:8e:e9:a0:e5:29:2b:07:4a:af:b2 ------BEGIN CERTIFICATE----- -MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2BgNV -BAMML0VCRyBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx -c8SxMTcwNQYDVQQKDC5FQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXpt -ZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAeFw0wNjA4MTcwMDIxMDlaFw0xNjA4 -MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ryb25payBTZXJ0aWZpa2Eg -SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UECgwuRUJHIEJpbGnFn2ltIFRl -a25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBBLsWeLjELMAkGA1UEBhMCVFIwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDuoIRh0DpqZhAy2DE4f6en5f2h -4fuXd7hxlugTlkaDT7byX3JWbhNgpQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAk -tiHq6yOU/im/+4mRDGSaBUorzAzu8T2bgmmkTPiab+ci2hC6X5L8GCcKqKpE+i4s -tPtGmggDg3KriORqcsnlZR9uKg+ds+g75AxuetpX/dfreYteIAbTdgtsApWjluTL -dlHRKJ2hGvxEok3MenaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZTqNGFav4 -c0JqwmZ2sQomFd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8Um -TDGyY5lhcucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z -+kI2sSXFCjEmN1ZnuqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0O -Lna9XvNRiYuoP1Vzv9s6xiQFlpJIqkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenmHmMW -OeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vmExH8nYQKE3vwO9D8owrXieqW -fo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0Nokb+Clsi7n2 -l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB -/wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSny2re2kcwHwYDVR0jBBgw -FoAU587GT/wWZ5b6SqMHwQSny2re2kcwDQYJKoZIhvcNAQEFBQADggIBAJuYml2+ -8ygjdsZs93/mQJ7ANtyVDR2tFcU22NU57/IeIl6zgrRdu0waypIN30ckHrMk2pGI -6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVGoGgmzJNSroIBk5DKd8pNSe/iWtkqvTDO -TLKBtjDOWU/aWR1qeqRFsIImgYZ29fUQALjuswnoT4cCB64kXPBfrAowzIpAoHME -wfuJJPaaHFy3PApnNgUIMbOv2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqTbCmY -Iai7FvOpEl90tYeY8pUm3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJn -xk1Gj7sURT0KlhaOEKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4Q -DgZxGhBM/nV+/x5XOULK1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9q -Kd+FPNMN4KIYEsxVL0e3p5sC/kH2iExt2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11t -hie3I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQY9iJSrSq3RZj9W6+YKH4 -7ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9AahH3eU7 -QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqT ------END CERTIFICATE----- - -# Issuer: O=certSIGN OU=certSIGN ROOT CA -# Subject: O=certSIGN OU=certSIGN ROOT CA -# Label: "certSIGN ROOT CA" -# Serial: 35210227249154 -# MD5 Fingerprint: 18:98:c0:d6:e9:3a:fc:f9:b0:f5:0c:f7:4b:01:44:17 -# SHA1 Fingerprint: fa:b7:ee:36:97:26:62:fb:2d:b0:2a:f6:bf:03:fd:e8:7c:4b:2f:9b -# SHA256 Fingerprint: ea:a9:62:c4:fa:4a:6b:af:eb:e4:15:19:6d:35:1c:cd:88:8d:4f:53:f3:fa:8a:e6:d7:c4:66:a9:4e:60:42:bb ------BEGIN CERTIFICATE----- -MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT -AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD -QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP -MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do -0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ -UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d -RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ -OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv -JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C -AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O -BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ -LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY -MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ -44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I -Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw -i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN -9u6wWk5JRFRYX0KD ------END CERTIFICATE----- - -# Issuer: CN=CNNIC ROOT O=CNNIC -# Subject: CN=CNNIC ROOT O=CNNIC -# Label: "CNNIC ROOT" -# Serial: 1228079105 -# MD5 Fingerprint: 21:bc:82:ab:49:c4:13:3b:4b:b2:2b:5c:6b:90:9c:19 -# SHA1 Fingerprint: 8b:af:4c:9b:1d:f0:2a:92:f7:da:12:8e:b9:1b:ac:f4:98:60:4b:6f -# SHA256 Fingerprint: e2:83:93:77:3d:a8:45:a6:79:f2:08:0c:c7:fb:44:a3:b7:a1:c3:79:2c:b7:eb:77:29:fd:cb:6a:8d:99:ae:a7 ------BEGIN CERTIFICATE----- -MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJD -TjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2 -MDcwOTE0WhcNMjcwNDE2MDcwOTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMF -Q05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzDo+/hn7E7SIX1mlwh -IhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tizVHa6 -dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZO -V/kbZKKTVrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrC -GHn2emU1z5DrvTOTn1OrczvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gN -v7Sg2Ca+I19zN38m5pIEo3/PIKe38zrKy5nLAgMBAAGjczBxMBEGCWCGSAGG+EIB -AQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscCwQ7vptU7ETAPBgNVHRMB -Af8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991SlgrHAsEO -76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnK -OOK5Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvH -ugDnuL8BV8F3RTIMO/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7Hgvi -yJA/qIYM/PmLXoXLT1tLYhFHxUV8BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fL -buXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2G8kS1sHNzYDzAgE8yGnLRUhj -2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5mmxE= ------END CERTIFICATE----- - -# Issuer: O=Japanese Government OU=ApplicationCA -# Subject: O=Japanese Government OU=ApplicationCA -# Label: "ApplicationCA - Japanese Government" -# Serial: 49 -# MD5 Fingerprint: 7e:23:4e:5b:a7:a5:b4:25:e9:00:07:74:11:62:ae:d6 -# SHA1 Fingerprint: 7f:8a:b0:cf:d0:51:87:6a:66:f3:36:0f:47:c8:8d:8c:d3:35:fc:74 -# SHA256 Fingerprint: 2d:47:43:7d:e1:79:51:21:5a:12:f3:c5:8e:51:c7:29:a5:80:26:ef:1f:cc:0a:5f:b3:d9:dc:01:2f:60:0d:19 ------BEGIN CERTIFICATE----- -MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEc -MBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRp -b25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYT -AkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zlcm5tZW50MRYwFAYDVQQLEw1BcHBs -aWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp23gdE6H -j6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4fl+K -f5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55 -IrmTwcrNwVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cw -FO5cjFW6WY2H/CPek9AEjP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDiht -QWEjdnjDuGWk81quzMKq2edY3rZ+nYVunyoKb58DKTCXKB28t89UKU5RMfkntigm -/qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRUWssmP3HMlEYNllPqa0jQ -k/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNVBAYTAkpQ -MRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOC -seODvOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD -ggEBADlqRHZ3ODrso2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJ -hyzjVOGjprIIC8CFqMjSnHH2HZ9g/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+ -eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYDio+nEhEMy/0/ecGc/WLuo89U -DNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmWdupwX3kSa+Sj -B1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL -rosot4LKGAfmt1t06SAZf7IbiVQ= ------END CERTIFICATE----- - -# Issuer: CN=GeoTrust Primary Certification Authority - G3 O=GeoTrust Inc. OU=(c) 2008 GeoTrust Inc. - For authorized use only -# Subject: CN=GeoTrust Primary Certification Authority - G3 O=GeoTrust Inc. OU=(c) 2008 GeoTrust Inc. - For authorized use only -# Label: "GeoTrust Primary Certification Authority - G3" -# Serial: 28809105769928564313984085209975885599 -# MD5 Fingerprint: b5:e8:34:36:c9:10:44:58:48:70:6d:2e:83:d4:b8:05 -# SHA1 Fingerprint: 03:9e:ed:b8:0b:e7:a0:3c:69:53:89:3b:20:d2:d9:32:3a:4c:2a:fd -# SHA256 Fingerprint: b4:78:b8:12:25:0d:f8:78:63:5c:2a:a7:ec:7d:15:5e:aa:62:5e:e8:29:16:e2:cd:29:43:61:88:6c:d1:fb:d4 ------BEGIN CERTIFICATE----- -MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB -mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT -MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s -eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ -BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg -MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 -BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz -+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm -hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn -5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W -JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL -DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC -huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw -HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB -AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB -zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN -kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD -AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH -SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G -spki4cErx5z481+oghLrGREt ------END CERTIFICATE----- - -# Issuer: CN=thawte Primary Root CA - G2 O=thawte, Inc. OU=(c) 2007 thawte, Inc. - For authorized use only -# Subject: CN=thawte Primary Root CA - G2 O=thawte, Inc. OU=(c) 2007 thawte, Inc. - For authorized use only -# Label: "thawte Primary Root CA - G2" -# Serial: 71758320672825410020661621085256472406 -# MD5 Fingerprint: 74:9d:ea:60:24:c4:fd:22:53:3e:cc:3a:72:d9:29:4f -# SHA1 Fingerprint: aa:db:bc:22:23:8f:c4:01:a1:27:bb:38:dd:f4:1d:db:08:9e:f0:12 -# SHA256 Fingerprint: a4:31:0d:50:af:18:a6:44:71:90:37:2a:86:af:af:8b:95:1f:fb:43:1d:83:7f:1e:56:88:b4:59:71:ed:15:57 ------BEGIN CERTIFICATE----- -MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL -MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp -IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi -BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw -MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh -d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig -YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v -dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ -BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 -papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K -DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 -KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox -XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== ------END CERTIFICATE----- - -# Issuer: CN=thawte Primary Root CA - G3 O=thawte, Inc. OU=Certification Services Division/(c) 2008 thawte, Inc. - For authorized use only -# Subject: CN=thawte Primary Root CA - G3 O=thawte, Inc. OU=Certification Services Division/(c) 2008 thawte, Inc. - For authorized use only -# Label: "thawte Primary Root CA - G3" -# Serial: 127614157056681299805556476275995414779 -# MD5 Fingerprint: fb:1b:5d:43:8a:94:cd:44:c6:76:f2:43:4b:47:e7:31 -# SHA1 Fingerprint: f1:8b:53:8d:1b:e9:03:b6:a6:f0:56:43:5b:17:15:89:ca:f3:6b:f2 -# SHA256 Fingerprint: 4b:03:f4:58:07:ad:70:f2:1b:fc:2c:ae:71:c9:fd:e4:60:4c:06:4c:f5:ff:b6:86:ba:e5:db:aa:d7:fd:d3:4c ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB -rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf -Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw -MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV -BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa -Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl -LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u -MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl -ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm -gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 -YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf -b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 -9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S -zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk -OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV -HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA -2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW -oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu -t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c -KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM -m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu -MdRAGmI0Nj81Aa6sY6A= ------END CERTIFICATE----- - -# Issuer: CN=GeoTrust Primary Certification Authority - G2 O=GeoTrust Inc. OU=(c) 2007 GeoTrust Inc. - For authorized use only -# Subject: CN=GeoTrust Primary Certification Authority - G2 O=GeoTrust Inc. OU=(c) 2007 GeoTrust Inc. - For authorized use only -# Label: "GeoTrust Primary Certification Authority - G2" -# Serial: 80682863203381065782177908751794619243 -# MD5 Fingerprint: 01:5e:d8:6b:bd:6f:3d:8e:a1:31:f8:12:e0:98:73:6a -# SHA1 Fingerprint: 8d:17:84:d5:37:f3:03:7d:ec:70:fe:57:8b:51:9a:99:e6:10:d7:b0 -# SHA256 Fingerprint: 5e:db:7a:c4:3b:82:a0:6a:87:61:e8:d7:be:49:79:eb:f2:61:1f:7d:d7:9b:f9:1c:1c:6b:56:6a:21:9e:d7:66 ------BEGIN CERTIFICATE----- -MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL -MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj -KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 -MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 -eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV -BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw -NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV -BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH -MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL -So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal -tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG -CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT -qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz -rD6ogRLQy7rQkgu2npaqBA+K ------END CERTIFICATE----- - -# Issuer: CN=VeriSign Universal Root Certification Authority O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2008 VeriSign, Inc. - For authorized use only -# Subject: CN=VeriSign Universal Root Certification Authority O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2008 VeriSign, Inc. - For authorized use only -# Label: "VeriSign Universal Root Certification Authority" -# Serial: 85209574734084581917763752644031726877 -# MD5 Fingerprint: 8e:ad:b5:01:aa:4d:81:e4:8c:1d:d1:e1:14:00:95:19 -# SHA1 Fingerprint: 36:79:ca:35:66:87:72:30:4d:30:a5:fb:87:3b:0f:a7:7b:b7:0d:54 -# SHA256 Fingerprint: 23:99:56:11:27:a5:71:25:de:8c:ef:ea:61:0d:df:2f:a0:78:b5:c8:06:7f:4e:82:82:90:bf:b8:60:e8:4b:3c ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB -vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL -ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp -U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W -ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe -Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX -MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 -IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y -IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh -bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF -9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH -H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H -LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN -/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT -rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud -EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw -WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs -exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud -DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 -sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ -seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz -4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ -BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR -lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 -7M2CYfE45k+XmCpajQ== ------END CERTIFICATE----- - -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2007 VeriSign, Inc. - For authorized use only -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2007 VeriSign, Inc. - For authorized use only -# Label: "VeriSign Class 3 Public Primary Certification Authority - G4" -# Serial: 63143484348153506665311985501458640051 -# MD5 Fingerprint: 3a:52:e1:e7:fd:6f:3a:e3:6f:f3:6f:99:1b:f9:22:41 -# SHA1 Fingerprint: 22:d5:d8:df:8f:02:31:d1:8d:f7:9d:b7:cf:8a:2d:64:c9:3f:6c:3a -# SHA256 Fingerprint: 69:dd:d7:ea:90:bb:57:c9:3e:13:5d:c8:5e:a6:fc:d5:48:0b:60:32:39:bd:c4:54:fc:75:8b:2a:26:cf:7f:79 ------BEGIN CERTIFICATE----- -MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL -MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW -ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln -biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp -U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y -aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp -U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg -SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln -biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm -GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve -fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw -AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ -aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj -aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW -kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC -4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga -FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== ------END CERTIFICATE----- - -# Issuer: CN=NetLock Arany (Class Gold) Főtanúsítvány O=NetLock Kft. OU=Tanúsítványkiadók (Certification Services) -# Subject: CN=NetLock Arany (Class Gold) Főtanúsítvány O=NetLock Kft. OU=Tanúsítványkiadók (Certification Services) -# Label: "NetLock Arany (Class Gold) Főtanúsítvány" -# Serial: 80544274841616 -# MD5 Fingerprint: c5:a1:b7:ff:73:dd:d6:d7:34:32:18:df:fc:3c:ad:88 -# SHA1 Fingerprint: 06:08:3f:59:3f:15:a1:04:a0:69:a4:6b:a9:03:d0:06:b7:97:09:91 -# SHA256 Fingerprint: 6c:61:da:c3:a2:de:f0:31:50:6b:e0:36:d2:a6:fe:40:19:94:fb:d1:3d:f9:c8:d4:66:59:92:74:c4:46:ec:98 ------BEGIN CERTIFICATE----- -MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG -EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 -MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl -cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR -dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB -pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM -b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm -aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz -IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT -lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz -AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 -VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG -ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 -BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG -AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M -U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh -bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C -+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC -bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F -uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 -XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= ------END CERTIFICATE----- - -# Issuer: CN=Staat der Nederlanden Root CA - G2 O=Staat der Nederlanden -# Subject: CN=Staat der Nederlanden Root CA - G2 O=Staat der Nederlanden -# Label: "Staat der Nederlanden Root CA - G2" -# Serial: 10000012 -# MD5 Fingerprint: 7c:a5:0f:f8:5b:9a:7d:6d:30:ae:54:5a:e3:42:a2:8a -# SHA1 Fingerprint: 59:af:82:79:91:86:c7:b4:75:07:cb:cf:03:57:46:eb:04:dd:b7:16 -# SHA256 Fingerprint: 66:8c:83:94:7d:a6:3b:72:4b:ec:e1:74:3c:31:a0:e6:ae:d0:db:8e:c5:b3:1b:e3:77:bb:78:4f:91:b6:71:6f ------BEGIN CERTIFICATE----- -MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO -TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh -dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX -DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl -ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv -b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 -qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp -uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU -Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE -pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp -5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M -UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN -GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy -5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv -6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK -eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 -B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ -BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov -L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV -HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG -SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS -CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen -5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 -IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK -gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL -+63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL -vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm -bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk -N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC -Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z -ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== ------END CERTIFICATE----- - -# Issuer: CN=Juur-SK O=AS Sertifitseerimiskeskus -# Subject: CN=Juur-SK O=AS Sertifitseerimiskeskus -# Label: "Juur-SK" -# Serial: 999181308 -# MD5 Fingerprint: aa:8e:5d:d9:f8:db:0a:58:b7:8d:26:87:6c:82:35:55 -# SHA1 Fingerprint: 40:9d:4b:d9:17:b5:5c:27:b6:9b:64:cb:98:22:44:0d:cd:09:b8:89 -# SHA256 Fingerprint: ec:c3:e9:c3:40:75:03:be:e0:91:aa:95:2f:41:34:8f:f8:8b:aa:86:3b:22:64:be:fa:c8:07:90:15:74:e9:39 ------BEGIN CERTIFICATE----- -MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN -AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp -dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTAxMDgzMDE0MjMw -MVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMQsw -CQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEQ -MA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSYRqTCZUXP00B841oiqBB4M8yIsdOB -SvZiF3tfTQou0M+LI+5PAk676w7KvRhj6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkz -ABpTpyHhOEvWgxutr2TC+Rx6jGZITWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvH -LCu3GFH+4Hv2qEivbDtPL+/40UceJlfwUR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMP -PbgFPtGzlc3Yyg/CQ2fbt5PgIoIuvvVoKIO5wTtpeyDaTpxt4brNj3pssAki14sL -2xzVWiZbDcDq5WDQn/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQFMAMBAf8w -ggEWBgNVHSAEggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwIC -MIHDHoHAAFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDk -AGwAagBhAHMAdABhAHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0 -AHMAZQBlAHIAaQBtAGkAcwBrAGUAcwBrAHUAcwAgAGEAbABhAG0ALQBTAEsAIABz -AGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABrAGkAbgBuAGkAdABhAG0AaQBz -AGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nwcy8wKwYDVR0f -BCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2NybC8wHQYDVR0OBBYE -FASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaAFASqekej5ImvGs8KQKcY -P2/v6X2+MA4GA1UdDwEB/wQEAwIB5jANBgkqhkiG9w0BAQUFAAOCAQEAe8EYlFOi -CfP+JmeaUOTDBS8rNXiRTHyoERF5TElZrMj3hWVcRrs7EKACr81Ptcw2Kuxd/u+g -kcm2k298gFTsxwhwDY77guwqYHhpNjbRxZyLabVAyJRld/JXIWY7zoVAtjNjGr95 -HvxcHdMdkxuLDF2FvZkwMhgJkVLpfKG6/2SSmuz+Ne6ML678IIbsSt4beDI3poHS -na9aEhbKmVv8b20OxaAehsmR0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkhMp6q -qIWYNIE5ITuoOlIyPfZrN4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0Z -TbvGRNs2yyqcjg== ------END CERTIFICATE----- - -# Issuer: CN=Hongkong Post Root CA 1 O=Hongkong Post -# Subject: CN=Hongkong Post Root CA 1 O=Hongkong Post -# Label: "Hongkong Post Root CA 1" -# Serial: 1000 -# MD5 Fingerprint: a8:0d:6f:39:78:b9:43:6d:77:42:6d:98:5a:cc:23:ca -# SHA1 Fingerprint: d6:da:a8:20:8d:09:d2:15:4d:24:b5:2f:cb:34:6e:b2:58:b2:8a:58 -# SHA256 Fingerprint: f9:e6:7d:33:6c:51:00:2a:c0:54:c6:32:02:2d:66:dd:a2:e7:e3:ff:f1:0a:d0:61:ed:31:d8:bb:b4:10:cf:b2 ------BEGIN CERTIFICATE----- -MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx -FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg -Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG -A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr -b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ -jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn -PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh -ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 -nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h -q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED -MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC -mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 -7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB -oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs -EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO -fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi -AmvZWg== ------END CERTIFICATE----- - -# Issuer: CN=SecureSign RootCA11 O=Japan Certification Services, Inc. -# Subject: CN=SecureSign RootCA11 O=Japan Certification Services, Inc. -# Label: "SecureSign RootCA11" -# Serial: 1 -# MD5 Fingerprint: b7:52:74:e2:92:b4:80:93:f2:75:e4:cc:d7:f2:ea:26 -# SHA1 Fingerprint: 3b:c4:9f:48:f8:f3:73:a0:9c:1e:bd:f8:5b:b1:c3:65:c7:d8:11:b3 -# SHA256 Fingerprint: bf:0f:ee:fb:9e:3a:58:1a:d5:f9:e9:db:75:89:98:57:43:d2:61:08:5c:4d:31:4f:6f:5d:72:59:aa:42:16:12 ------BEGIN CERTIFICATE----- -MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr -MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG -A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 -MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp -Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD -QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz -i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 -h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV -MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 -UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni -8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC -h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD -VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB -AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm -KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ -X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr -QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 -pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN -QSdJQO7e5iNEOdyhIta6A/I= ------END CERTIFICATE----- - -# Issuer: CN=ACEDICOM Root O=EDICOM OU=PKI -# Subject: CN=ACEDICOM Root O=EDICOM OU=PKI -# Label: "ACEDICOM Root" -# Serial: 7029493972724711941 -# MD5 Fingerprint: 42:81:a0:e2:1c:e3:55:10:de:55:89:42:65:96:22:e6 -# SHA1 Fingerprint: e0:b4:32:2e:b2:f6:a5:68:b6:54:53:84:48:18:4a:50:36:87:43:84 -# SHA256 Fingerprint: 03:95:0f:b4:9a:53:1f:3e:19:91:94:23:98:df:a9:e0:ea:32:d7:ba:1c:dd:9b:c8:5d:b5:7e:d9:40:0b:43:4a ------BEGIN CERTIFICATE----- -MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UE -AwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00x -CzAJBgNVBAYTAkVTMB4XDTA4MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEW -MBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZF -RElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC -AgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHkWLn7 -09gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7 -XBZXehuDYAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5P -Grjm6gSSrj0RuVFCPYewMYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAK -t0SdE3QrwqXrIhWYENiLxQSfHY9g5QYbm8+5eaA9oiM/Qj9r+hwDezCNzmzAv+Yb -X79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbkHQl/Sog4P75n/TSW9R28 -MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTTxKJxqvQU -fecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI -2Sf23EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyH -K9caUPgn6C9D4zq92Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEae -ZAwUswdbxcJzbPEHXEUkFDWug/FqTYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAP -BgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz4SsrSbbXc6GqlPUB53NlTKxQ -MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU9QHnc2VMrFAw -RAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv -bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWIm -fQwng4/F9tqgaHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3 -gvoFNTPhNahXwOf9jU8/kzJPeGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKe -I6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1PwkzQSulgUV1qzOMPPKC8W64iLgpq0i -5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1ThCojz2GuHURwCRi -ipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oIKiMn -MCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZ -o5NjEFIqnxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6 -zqylfDJKZ0DcMDQj3dcEI2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacN -GHk0vFQYXlPKNFHtRQrmjseCNj6nOGOpMCwXEGCSn1WHElkQwg9naRHMTh5+Spqt -r0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3otkYNbn5XOmeUwssfnHdK -Z05phkOTOPu220+DkdRgfks+KzgHVZhepA== ------END CERTIFICATE----- - -# Issuer: CN=Microsec e-Szigno Root CA 2009 O=Microsec Ltd. -# Subject: CN=Microsec e-Szigno Root CA 2009 O=Microsec Ltd. -# Label: "Microsec e-Szigno Root CA 2009" -# Serial: 14014712776195784473 -# MD5 Fingerprint: f8:49:f4:03:bc:44:2d:83:be:48:69:7d:29:64:fc:b1 -# SHA1 Fingerprint: 89:df:74:fe:5c:f4:0f:4a:80:f9:e3:37:7d:54:da:91:e1:01:31:8e -# SHA256 Fingerprint: 3c:5f:81:fe:a5:fa:b8:2c:64:bf:a2:ea:ec:af:cd:e8:e0:77:fc:86:20:a7:ca:e5:37:16:3d:f3:6e:db:f3:78 ------BEGIN CERTIFICATE----- -MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD -VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 -ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G -CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y -OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx -FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp -Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o -dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP -kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc -cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U -fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 -N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC -xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 -+rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM -Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG -SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h -mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk -ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 -tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c -2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t -HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW ------END CERTIFICATE----- - -# Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 -# Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 -# Label: "GlobalSign Root CA - R3" -# Serial: 4835703278459759426209954 -# MD5 Fingerprint: c5:df:b8:49:ca:05:13:55:ee:2d:ba:1a:c3:3e:b0:28 -# SHA1 Fingerprint: d6:9b:56:11:48:f0:1c:77:c5:45:78:c1:09:26:df:5b:85:69:76:ad -# SHA256 Fingerprint: cb:b5:22:d7:b7:f1:27:ad:6a:01:13:86:5b:df:1c:d4:10:2e:7d:07:59:af:63:5a:7c:f4:72:0d:c9:63:c5:3b ------BEGIN CERTIFICATE----- -MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G -A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp -Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 -MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG -A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 -RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT -gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm -KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd -QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ -XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw -DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o -LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU -RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp -jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK -6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX -mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs -Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH -WD9f ------END CERTIFICATE----- - -# Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 -# Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 -# Label: "Autoridad de Certificacion Firmaprofesional CIF A62634068" -# Serial: 6047274297262753887 -# MD5 Fingerprint: 73:3a:74:7a:ec:bb:a3:96:a6:c2:e4:e2:c8:9b:c0:c3 -# SHA1 Fingerprint: ae:c5:fb:3f:c8:e1:bf:c4:e5:4f:03:07:5a:9a:e8:00:b7:f7:b6:fa -# SHA256 Fingerprint: 04:04:80:28:bf:1f:28:64:d4:8f:9a:d4:d8:32:94:36:6a:82:88:56:55:3f:3b:14:30:3f:90:14:7f:5d:40:ef ------BEGIN CERTIFICATE----- -MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE -BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h -cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy -MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg -Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 -thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM -cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG -L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i -NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h -X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b -m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy -Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja -EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T -KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF -6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh -OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD -VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD -VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp -cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv -ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl -AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF -661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 -am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 -ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 -PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS -3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k -SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF -3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM -ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g -StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz -Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB -jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V ------END CERTIFICATE----- - -# Issuer: CN=Izenpe.com O=IZENPE S.A. -# Subject: CN=Izenpe.com O=IZENPE S.A. -# Label: "Izenpe.com" -# Serial: 917563065490389241595536686991402621 -# MD5 Fingerprint: a6:b0:cd:85:80:da:5c:50:34:a3:39:90:2f:55:67:73 -# SHA1 Fingerprint: 2f:78:3d:25:52:18:a7:4a:65:39:71:b5:2c:a2:9c:45:15:6f:e9:19 -# SHA256 Fingerprint: 25:30:cc:8e:98:32:15:02:ba:d9:6f:9b:1f:ba:1b:09:9e:2d:29:9e:0f:45:48:bb:91:4f:36:3b:c0:d4:53:1f ------BEGIN CERTIFICATE----- -MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 -MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 -ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD -VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j -b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq -scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO -xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H -LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX -uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD -yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ -JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q -rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN -BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L -hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB -QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ -HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu -Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg -QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB -BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx -MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA -A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb -laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 -awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo -JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw -LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT -VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk -LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb -UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ -QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ -naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls -QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== ------END CERTIFICATE----- - -# Issuer: CN=Chambers of Commerce Root - 2008 O=AC Camerfirma S.A. -# Subject: CN=Chambers of Commerce Root - 2008 O=AC Camerfirma S.A. -# Label: "Chambers of Commerce Root - 2008" -# Serial: 11806822484801597146 -# MD5 Fingerprint: 5e:80:9e:84:5a:0e:65:0b:17:02:f3:55:18:2a:3e:d7 -# SHA1 Fingerprint: 78:6a:74:ac:76:ab:14:7f:9c:6a:30:50:ba:9e:a8:7e:fe:9a:ce:3c -# SHA256 Fingerprint: 06:3e:4a:fa:c4:91:df:d3:32:f3:08:9b:85:42:e9:46:17:d8:93:d7:fe:94:4e:10:a7:93:7e:e2:9d:96:93:c0 ------BEGIN CERTIFICATE----- -MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD -VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 -IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 -MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz -IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz -MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj -dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw -EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp -MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 -28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq -VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q -DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR -5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL -ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a -Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl -UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s -+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 -Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj -ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx -hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV -HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 -+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN -YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t -L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy -ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt -IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV -HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w -DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW -PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF -5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 -glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH -FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 -pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD -xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG -tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq -jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De -fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg -OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ -d0jQ ------END CERTIFICATE----- - -# Issuer: CN=Global Chambersign Root - 2008 O=AC Camerfirma S.A. -# Subject: CN=Global Chambersign Root - 2008 O=AC Camerfirma S.A. -# Label: "Global Chambersign Root - 2008" -# Serial: 14541511773111788494 -# MD5 Fingerprint: 9e:80:ff:78:01:0c:2e:c1:36:bd:fe:96:90:6e:08:f3 -# SHA1 Fingerprint: 4a:bd:ee:ec:95:0d:35:9c:89:ae:c7:52:a1:2c:5b:29:f6:d6:aa:0c -# SHA256 Fingerprint: 13:63:35:43:93:34:a7:69:80:16:a0:d3:24:de:72:28:4e:07:9d:7b:52:20:bb:8f:bd:74:78:16:ee:be:ba:ca ------BEGIN CERTIFICATE----- -MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD -VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 -IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 -MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD -aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx -MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy -cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG -A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl -BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI -hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed -KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 -G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 -zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 -ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG -HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 -Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V -yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e -beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r -6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh -wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog -zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW -BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr -ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp -ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk -cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt -YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC -CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow -KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI -hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ -UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz -X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x -fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz -a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd -Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd -SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O -AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso -M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge -v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z -09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B ------END CERTIFICATE----- - -# Issuer: CN=Go Daddy Root Certificate Authority - G2 O=GoDaddy.com, Inc. -# Subject: CN=Go Daddy Root Certificate Authority - G2 O=GoDaddy.com, Inc. -# Label: "Go Daddy Root Certificate Authority - G2" -# Serial: 0 -# MD5 Fingerprint: 80:3a:bc:22:c1:e6:fb:8d:9b:3b:27:4a:32:1b:9a:01 -# SHA1 Fingerprint: 47:be:ab:c9:22:ea:e8:0e:78:78:34:62:a7:9f:45:c2:54:fd:e6:8b -# SHA256 Fingerprint: 45:14:0b:32:47:eb:9c:c8:c5:b4:f0:d7:b5:30:91:f7:32:92:08:9e:6e:5a:63:e2:74:9d:d3:ac:a9:19:8e:da ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx -EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT -EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp -ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz -NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH -EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE -AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD -E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH -/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy -DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh -GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR -tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA -AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE -FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX -WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu -9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr -gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo -2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO -LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI -4uJEvlz36hz1 ------END CERTIFICATE----- - -# Issuer: CN=Starfield Root Certificate Authority - G2 O=Starfield Technologies, Inc. -# Subject: CN=Starfield Root Certificate Authority - G2 O=Starfield Technologies, Inc. -# Label: "Starfield Root Certificate Authority - G2" -# Serial: 0 -# MD5 Fingerprint: d6:39:81:c6:52:7e:96:69:fc:fc:ca:66:ed:05:f2:96 -# SHA1 Fingerprint: b5:1c:06:7c:ee:2b:0c:3d:f8:55:ab:2d:92:f4:fe:39:d4:e7:0f:0e -# SHA256 Fingerprint: 2c:e1:cb:0b:f9:d2:f9:e1:02:99:3f:be:21:51:52:c3:b2:dd:0c:ab:de:1c:68:e5:31:9b:83:91:54:db:b7:f5 ------BEGIN CERTIFICATE----- -MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx -EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT -HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs -ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw -MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 -b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj -aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp -Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg -nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 -HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N -Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN -dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 -HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G -CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU -sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 -4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg -8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K -pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 -mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 ------END CERTIFICATE----- - -# Issuer: CN=Starfield Services Root Certificate Authority - G2 O=Starfield Technologies, Inc. -# Subject: CN=Starfield Services Root Certificate Authority - G2 O=Starfield Technologies, Inc. -# Label: "Starfield Services Root Certificate Authority - G2" -# Serial: 0 -# MD5 Fingerprint: 17:35:74:af:7b:61:1c:eb:f4:f9:3c:e2:ee:40:f9:a2 -# SHA1 Fingerprint: 92:5a:8f:8d:2c:6d:04:e0:66:5f:59:6a:ff:22:d8:63:e8:25:6f:3f -# SHA256 Fingerprint: 56:8d:69:05:a2:c8:87:08:a4:b3:02:51:90:ed:cf:ed:b1:97:4a:60:6a:13:c6:e5:29:0f:cb:2a:e6:3e:da:b5 ------BEGIN CERTIFICATE----- -MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx -EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT -HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs -ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 -MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy -ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy -dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p -OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 -8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K -Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe -hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk -6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q -AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI -bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB -ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z -qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd -iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn -0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN -sSi6 ------END CERTIFICATE----- - -# Issuer: CN=AffirmTrust Commercial O=AffirmTrust -# Subject: CN=AffirmTrust Commercial O=AffirmTrust -# Label: "AffirmTrust Commercial" -# Serial: 8608355977964138876 -# MD5 Fingerprint: 82:92:ba:5b:ef:cd:8a:6f:a6:3d:55:f9:84:f6:d6:b7 -# SHA1 Fingerprint: f9:b5:b6:32:45:5f:9c:be:ec:57:5f:80:dc:e9:6e:2c:c7:b2:78:b7 -# SHA256 Fingerprint: 03:76:ab:1d:54:c5:f9:80:3c:e4:b2:e2:01:a0:ee:7e:ef:7b:57:b6:36:e8:a9:3c:9b:8d:48:60:c9:6f:5f:a7 ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz -dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL -MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp -cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP -Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr -ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL -MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 -yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr -VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ -nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ -KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG -XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj -vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt -Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g -N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC -nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= ------END CERTIFICATE----- - -# Issuer: CN=AffirmTrust Networking O=AffirmTrust -# Subject: CN=AffirmTrust Networking O=AffirmTrust -# Label: "AffirmTrust Networking" -# Serial: 8957382827206547757 -# MD5 Fingerprint: 42:65:ca:be:01:9a:9a:4c:a9:8c:41:49:cd:c0:d5:7f -# SHA1 Fingerprint: 29:36:21:02:8b:20:ed:02:f5:66:c5:32:d1:d6:ed:90:9f:45:00:2f -# SHA256 Fingerprint: 0a:81:ec:5a:92:97:77:f1:45:90:4a:f3:8d:5d:50:9f:66:b5:e2:c5:8f:cd:b5:31:05:8b:0e:17:f3:f0:b4:1b ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz -dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL -MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp -cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y -YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua -kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL -QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp -6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG -yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i -QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ -KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO -tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu -QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ -Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u -olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 -x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= ------END CERTIFICATE----- - -# Issuer: CN=AffirmTrust Premium O=AffirmTrust -# Subject: CN=AffirmTrust Premium O=AffirmTrust -# Label: "AffirmTrust Premium" -# Serial: 7893706540734352110 -# MD5 Fingerprint: c4:5d:0e:48:b6:ac:28:30:4e:0a:bc:f9:38:16:87:57 -# SHA1 Fingerprint: d8:a6:33:2c:e0:03:6f:b1:85:f6:63:4f:7d:6a:06:65:26:32:28:27 -# SHA256 Fingerprint: 70:a7:3f:7f:37:6b:60:07:42:48:90:45:34:b1:14:82:d5:bf:0e:69:8e:cc:49:8d:f5:25:77:eb:f2:e9:3b:9a ------BEGIN CERTIFICATE----- -MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz -dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG -A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U -cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf -qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ -JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ -+jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS -s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 -HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 -70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG -V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S -qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S -5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia -C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX -OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE -FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 -KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg -Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B -8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ -MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc -0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ -u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF -u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH -YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 -GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO -RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e -KeC2uAloGRwYQw== ------END CERTIFICATE----- - -# Issuer: CN=AffirmTrust Premium ECC O=AffirmTrust -# Subject: CN=AffirmTrust Premium ECC O=AffirmTrust -# Label: "AffirmTrust Premium ECC" -# Serial: 8401224907861490260 -# MD5 Fingerprint: 64:b0:09:55:cf:b1:d5:99:e2:be:13:ab:a6:5d:ea:4d -# SHA1 Fingerprint: b8:23:6b:00:2f:1d:16:86:53:01:55:6c:11:a4:37:ca:eb:ff:c3:bb -# SHA256 Fingerprint: bd:71:fd:f6:da:97:e4:cf:62:d1:64:7a:dd:25:81:b0:7d:79:ad:f8:39:7e:b4:ec:ba:9c:5e:84:88:82:14:23 ------BEGIN CERTIFICATE----- -MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC -VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ -cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ -BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt -VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D -0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 -ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G -A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G -A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs -aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I -flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== ------END CERTIFICATE----- - -# Issuer: CN=Certum Trusted Network CA O=Unizeto Technologies S.A. OU=Certum Certification Authority -# Subject: CN=Certum Trusted Network CA O=Unizeto Technologies S.A. OU=Certum Certification Authority -# Label: "Certum Trusted Network CA" -# Serial: 279744 -# MD5 Fingerprint: d5:e9:81:40:c5:18:69:fc:46:2c:89:75:62:0f:aa:78 -# SHA1 Fingerprint: 07:e0:32:e0:20:b7:2c:3f:19:2f:06:28:a2:59:3a:19:a7:0f:06:9e -# SHA256 Fingerprint: 5c:58:46:8d:55:f5:8e:49:7e:74:39:82:d2:b5:00:10:b6:d1:65:37:4a:cf:83:a7:d4:a3:2d:b7:68:c4:40:8e ------BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM -MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D -ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU -cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 -WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg -Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw -IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH -UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM -TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU -BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM -kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x -AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV -HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y -sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL -I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 -J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY -VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI -03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= ------END CERTIFICATE----- - -# Issuer: CN=Certinomis - Autorité Racine O=Certinomis OU=0002 433998903 -# Subject: CN=Certinomis - Autorité Racine O=Certinomis OU=0002 433998903 -# Label: "Certinomis - Autorité Racine" -# Serial: 1 -# MD5 Fingerprint: 7f:30:78:8c:03:e3:ca:c9:0a:e2:c9:ea:1e:aa:55:1a -# SHA1 Fingerprint: 2e:14:da:ec:28:f0:fa:1e:8e:38:9a:4e:ab:eb:26:c0:0a:d3:83:c3 -# SHA256 Fingerprint: fc:bf:e2:88:62:06:f7:2b:27:59:3c:8b:07:02:97:e1:2d:76:9e:d1:0e:d7:93:07:05:a8:09:8e:ff:c1:4d:17 ------BEGIN CERTIFICATE----- -MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjET -MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAk -BgNVBAMMHUNlcnRpbm9taXMgLSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4 -Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNl -cnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYwJAYDVQQDDB1DZXJ0 -aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jY -F1AMnmHawE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N -8y4oH3DfVS9O7cdxbwlyLu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWe -rP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K -/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92NjMD2AR5vpTESOH2VwnHu -7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9qc1pkIuVC -28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6 -lSTClrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1E -nn1So2+WLhl+HPNbxxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB -0iSVL1N6aaLwD4ZFjliCK0wi1F6g530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql09 -5gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna4NH4+ej9Uji29YnfAgMBAAGj -WzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQN -jLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ -KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9s -ov3/4gbIOZ/xWqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZM -OH8oMDX/nyNTt7buFHAAQCvaR6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q -619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40nJ+U8/aGH88bc62UeYdocMMzpXDn -2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1BCxMjidPJC+iKunqj -o3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjvJL1v -nxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG -5ERQL1TEqkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWq -pdEdnV1j6CTmNhTih60bWfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZb -dsLLO7XSAPCjDuGtbkD326C00EauFddEwk01+dIL8hf2rGbVJLJP0RyZwG71fet0 -BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/vgt2Fl43N+bYdJeimUV5 ------END CERTIFICATE----- - -# Issuer: CN=Root CA Generalitat Valenciana O=Generalitat Valenciana OU=PKIGVA -# Subject: CN=Root CA Generalitat Valenciana O=Generalitat Valenciana OU=PKIGVA -# Label: "Root CA Generalitat Valenciana" -# Serial: 994436456 -# MD5 Fingerprint: 2c:8c:17:5e:b1:54:ab:93:17:b5:36:5a:db:d1:c6:f2 -# SHA1 Fingerprint: a0:73:e5:c5:bd:43:61:0d:86:4c:21:13:0a:85:58:57:cc:9c:ea:46 -# SHA256 Fingerprint: 8c:4e:df:d0:43:48:f3:22:96:9e:7e:29:a4:cd:4d:ca:00:46:55:06:1c:16:e1:b0:76:42:2e:f3:42:ad:63:0e ------BEGIN CERTIFICATE----- -MIIGizCCBXOgAwIBAgIEO0XlaDANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJF -UzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJ -R1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwHhcN -MDEwNzA2MTYyMjQ3WhcNMjEwNzAxMTUyMjQ3WjBoMQswCQYDVQQGEwJFUzEfMB0G -A1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJR1ZBMScw -JQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGKqtXETcvIorKA3Qdyu0togu8M1JAJke+ -WmmmO3I2F0zo37i7L3bhQEZ0ZQKQUgi0/6iMweDHiVYQOTPvaLRfX9ptI6GJXiKj -SgbwJ/BXufjpTjJ3Cj9BZPPrZe52/lSqfR0grvPXdMIKX/UIKFIIzFVd0g/bmoGl -u6GzwZTNVOAydTGRGmKy3nXiz0+J2ZGQD0EbtFpKd71ng+CT516nDOeB0/RSrFOy -A8dEJvt55cs0YFAQexvba9dHq198aMpunUEDEO5rmXteJajCq+TA81yc477OMUxk -Hl6AovWDfgzWyoxVjr7gvkkHD6MkQXpYHYTqWBLI4bft75PelAgxAgMBAAGjggM7 -MIIDNzAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnBr -aS5ndmEuZXMwEgYDVR0TAQH/BAgwBgEB/wIBAjCCAjQGA1UdIASCAiswggInMIIC -IwYKKwYBBAG/VQIBADCCAhMwggHoBggrBgEFBQcCAjCCAdoeggHWAEEAdQB0AG8A -cgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEAYwBpAPMAbgAgAFIA -YQDtAHoAIABkAGUAIABsAGEAIABHAGUAbgBlAHIAYQBsAGkAdABhAHQAIABWAGEA -bABlAG4AYwBpAGEAbgBhAC4ADQAKAEwAYQAgAEQAZQBjAGwAYQByAGEAYwBpAPMA -bgAgAGQAZQAgAFAAcgDhAGMAdABpAGMAYQBzACAAZABlACAAQwBlAHIAdABpAGYA -aQBjAGEAYwBpAPMAbgAgAHEAdQBlACAAcgBpAGcAZQAgAGUAbAAgAGYAdQBuAGMA -aQBvAG4AYQBtAGkAZQBuAHQAbwAgAGQAZQAgAGwAYQAgAHAAcgBlAHMAZQBuAHQA -ZQAgAEEAdQB0AG8AcgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEA -YwBpAPMAbgAgAHMAZQAgAGUAbgBjAHUAZQBuAHQAcgBhACAAZQBuACAAbABhACAA -ZABpAHIAZQBjAGMAaQDzAG4AIAB3AGUAYgAgAGgAdAB0AHAAOgAvAC8AdwB3AHcA -LgBwAGsAaQAuAGcAdgBhAC4AZQBzAC8AYwBwAHMwJQYIKwYBBQUHAgEWGWh0dHA6 -Ly93d3cucGtpLmd2YS5lcy9jcHMwHQYDVR0OBBYEFHs100DSHHgZZu90ECjcPk+y -eAT8MIGVBgNVHSMEgY0wgYqAFHs100DSHHgZZu90ECjcPk+yeAT8oWykajBoMQsw -CQYDVQQGEwJFUzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0G -A1UECxMGUEtJR1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVu -Y2lhbmGCBDtF5WgwDQYJKoZIhvcNAQEFBQADggEBACRhTvW1yEICKrNcda3Fbcrn -lD+laJWIwVTAEGmiEi8YPyVQqHxK6sYJ2fR1xkDar1CdPaUWu20xxsdzCkj+IHLt -b8zog2EWRpABlUt9jppSCS/2bxzkoXHPjCpaF3ODR00PNvsETUlR4hTJZGH71BTg -9J63NI8KJr2XXPR5OkowGcytT6CYirQxlyric21+eLj4iIlPsSKRZEv1UN4D2+XF -ducTZnV+ZfsBn5OHiJ35Rld8TWCvmHMTI6QgkYH60GFmuH3Rr9ZvHmw96RH9qfmC -IoaZM3Fa6hlXPZHNqcCjbgcTpsnt+GijnsNacgmHKNHEc8RzGF9QdRYxn7fofMM= ------END CERTIFICATE----- - -# Issuer: CN=TWCA Root Certification Authority O=TAIWAN-CA OU=Root CA -# Subject: CN=TWCA Root Certification Authority O=TAIWAN-CA OU=Root CA -# Label: "TWCA Root Certification Authority" -# Serial: 1 -# MD5 Fingerprint: aa:08:8f:f6:f9:7b:b7:f2:b1:a7:1e:9b:ea:ea:bd:79 -# SHA1 Fingerprint: cf:9e:87:6d:d3:eb:fc:42:26:97:a3:b5:a3:7a:a0:76:a9:06:23:48 -# SHA256 Fingerprint: bf:d8:8f:e1:10:1c:41:ae:3e:80:1b:f8:be:56:35:0e:e9:ba:d1:a6:b9:bd:51:5e:dc:5c:6d:5b:87:11:ac:44 ------BEGIN CERTIFICATE----- -MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES -MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU -V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz -WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO -LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE -AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH -K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX -RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z -rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx -3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq -hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC -MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls -XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D -lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn -aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ -YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== ------END CERTIFICATE----- - -# Issuer: O=SECOM Trust Systems CO.,LTD. OU=Security Communication RootCA2 -# Subject: O=SECOM Trust Systems CO.,LTD. OU=Security Communication RootCA2 -# Label: "Security Communication RootCA2" -# Serial: 0 -# MD5 Fingerprint: 6c:39:7d:a4:0e:55:59:b2:3f:d6:41:b1:12:50:de:43 -# SHA1 Fingerprint: 5f:3b:8c:f2:f8:10:b3:7d:78:b4:ce:ec:19:19:c3:73:34:b9:c7:74 -# SHA256 Fingerprint: 51:3b:2c:ec:b8:10:d4:cd:e5:dd:85:39:1a:df:c6:c2:dd:60:d8:7b:b7:36:d2:b5:21:48:4a:a4:7a:0e:be:f6 ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl -MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe -U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX -DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy -dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj -YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV -OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr -zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM -VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ -hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO -ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw -awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs -OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 -DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF -coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc -okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 -t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy -1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ -SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 ------END CERTIFICATE----- - -# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011 O=Hellenic Academic and Research Institutions Cert. Authority -# Subject: CN=Hellenic Academic and Research Institutions RootCA 2011 O=Hellenic Academic and Research Institutions Cert. Authority -# Label: "Hellenic Academic and Research Institutions RootCA 2011" -# Serial: 0 -# MD5 Fingerprint: 73:9f:4c:4b:73:5b:79:e9:fa:ba:1c:ef:6e:cb:d5:c9 -# SHA1 Fingerprint: fe:45:65:9b:79:03:5b:98:a1:61:b5:51:2e:ac:da:58:09:48:22:4d -# SHA256 Fingerprint: bc:10:4f:15:a4:8b:e7:09:dc:a5:42:a7:e1:d4:b9:df:6f:05:45:27:e8:02:ea:a9:2d:59:54:44:25:8a:fe:71 ------BEGIN CERTIFICATE----- -MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix -RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 -dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p -YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw -NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK -EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl -cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl -c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz -dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ -fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns -bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD -75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP -FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp -5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu -b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA -A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p -6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 -TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 -dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys -Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI -l7WdmplNsDz4SgCbZN2fOUvRJ9e4 ------END CERTIFICATE----- - -# Issuer: CN=Actalis Authentication Root CA O=Actalis S.p.A./03358520967 -# Subject: CN=Actalis Authentication Root CA O=Actalis S.p.A./03358520967 -# Label: "Actalis Authentication Root CA" -# Serial: 6271844772424770508 -# MD5 Fingerprint: 69:c1:0d:4f:07:a3:1b:c3:fe:56:3d:04:bc:11:f6:a6 -# SHA1 Fingerprint: f3:73:b3:87:06:5a:28:84:8a:f2:f3:4a:ce:19:2b:dd:c7:8e:9c:ac -# SHA256 Fingerprint: 55:92:60:84:ec:96:3a:64:b9:6e:2a:be:01:ce:0b:a8:6a:64:fb:fe:bc:c7:aa:b5:af:c1:55:b3:7f:d7:60:66 ------BEGIN CERTIFICATE----- -MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE -BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w -MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 -IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC -SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 -ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv -UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX -4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 -KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ -gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb -rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ -51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F -be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe -KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F -v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn -fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 -jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz -ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt -ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL -e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 -jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz -WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V -SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j -pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX -X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok -fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R -K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU -ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU -LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT -LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== ------END CERTIFICATE----- - -# Issuer: O=Trustis Limited OU=Trustis FPS Root CA -# Subject: O=Trustis Limited OU=Trustis FPS Root CA -# Label: "Trustis FPS Root CA" -# Serial: 36053640375399034304724988975563710553 -# MD5 Fingerprint: 30:c9:e7:1e:6b:e6:14:eb:65:b2:16:69:20:31:67:4d -# SHA1 Fingerprint: 3b:c0:38:0b:33:c3:f6:a6:0c:86:15:22:93:d9:df:f5:4b:81:c0:04 -# SHA256 Fingerprint: c1:b4:82:99:ab:a5:20:8f:e9:63:0a:ce:55:ca:68:a0:3e:da:5a:51:9c:88:02:a0:d3:a6:73:be:8f:8e:55:7d ------BEGIN CERTIFICATE----- -MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF -MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL -ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx -MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc -MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ -AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH -iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj -vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA -0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB -OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ -BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E -FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 -GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW -zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 -1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE -f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F -jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN -ZetX2fNXlrtIzYE= ------END CERTIFICATE----- - -# Issuer: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing -# Subject: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing -# Label: "StartCom Certification Authority" -# Serial: 45 -# MD5 Fingerprint: c9:3b:0d:84:41:fc:a4:76:79:23:08:57:de:10:19:16 -# SHA1 Fingerprint: a3:f1:33:3f:e2:42:bf:cf:c5:d1:4e:8f:39:42:98:40:68:10:d1:a0 -# SHA256 Fingerprint: e1:78:90:ee:09:a3:fb:f4:f4:8b:9c:41:4a:17:d6:37:b7:a5:06:47:e9:bc:75:23:22:72:7f:cc:17:42:a9:11 ------BEGIN CERTIFICATE----- -MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW -MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg -Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9 -MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi -U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh -cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk -pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf -OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C -Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT -Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi -HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM -Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w -+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ -Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 -Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B -26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID -AQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD -VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFul -F2mHMMo0aEPQQa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCC -ATgwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5w -ZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVk -aWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENvbW1lcmNpYWwgKFN0 -YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUg -c2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93 -d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgG -CWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1 -dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5fPGFf59Jb2vKXfuM/gTF -wWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWmN3PH/UvS -Ta0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst -0OcNOrg+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNc -pRJvkrKTlMeIFw6Ttn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKl -CcWw0bdT82AUuoVpaiF8H3VhFyAXe2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVF -P0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA2MFrLH9ZXF2RsXAiV+uKa0hK -1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBsHvUwyKMQ5bLm -KhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE -JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ -8dCAWZvLMdibD4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnm -fyWl8kgAwKQB2j8= ------END CERTIFICATE----- - -# Issuer: CN=StartCom Certification Authority G2 O=StartCom Ltd. -# Subject: CN=StartCom Certification Authority G2 O=StartCom Ltd. -# Label: "StartCom Certification Authority G2" -# Serial: 59 -# MD5 Fingerprint: 78:4b:fb:9e:64:82:0a:d3:b8:4c:62:f3:64:f2:90:64 -# SHA1 Fingerprint: 31:f1:fd:68:22:63:20:ee:c6:3b:3f:9d:ea:4a:3e:53:7c:7c:39:17 -# SHA256 Fingerprint: c7:ba:65:67:de:93:a7:98:ae:1f:aa:79:1e:71:2d:37:8f:ae:1f:93:c4:39:7f:ea:44:1b:b7:cb:e6:fd:59:95 ------BEGIN CERTIFICATE----- -MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEW -MBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1 -OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoG -A1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8Oo1XJ -JZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsD -vfOpL9HG4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnoo -D/Uefyf3lLE3PbfHkffiAez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/ -Q0kGi4xDuFby2X8hQxfqp0iVAXV16iulQ5XqFYSdCI0mblWbq9zSOdIxHWDirMxW -RST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbsO+wmETRIjfaAKxojAuuK -HDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8HvKTlXcxN -nw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM -0D4LnMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/i -UUjXuG+v+E5+M5iSFGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9 -Ha90OrInwMEePnWjFqmveiJdnxMaz6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHg -TuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE -AwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJKoZIhvcNAQEL -BQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K -2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfX -UfEpY9Z1zRbkJ4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl -6/2o1PXWT6RbdejF0mCy2wl+JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK -9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG/+gyRr61M3Z3qAFdlsHB1b6uJcDJ -HgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTcnIhT76IxW1hPkWLI -wpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/XldblhY -XzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5l -IxKVCCIcl85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoo -hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr -so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddI ------END CERTIFICATE----- - -# Issuer: CN=Buypass Class 2 Root CA O=Buypass AS-983163327 -# Subject: CN=Buypass Class 2 Root CA O=Buypass AS-983163327 -# Label: "Buypass Class 2 Root CA" -# Serial: 2 -# MD5 Fingerprint: 46:a7:d2:fe:45:fb:64:5a:a8:59:90:9b:78:44:9b:29 -# SHA1 Fingerprint: 49:0a:75:74:de:87:0a:47:fe:58:ee:f6:c7:6b:eb:c6:0b:12:40:99 -# SHA256 Fingerprint: 9a:11:40:25:19:7c:5b:b9:5d:94:e6:3d:55:cd:43:79:08:47:b6:46:b2:3c:df:11:ad:a4:a0:0e:ff:15:fb:48 ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd -MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg -Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow -TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw -HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB -BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr -6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV -L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 -1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx -MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ -QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB -arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr -Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi -FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS -P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN -9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP -AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz -uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h -9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s -A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t -OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo -+fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 -KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 -DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us -H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ -I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 -5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h -3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz -Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= ------END CERTIFICATE----- - -# Issuer: CN=Buypass Class 3 Root CA O=Buypass AS-983163327 -# Subject: CN=Buypass Class 3 Root CA O=Buypass AS-983163327 -# Label: "Buypass Class 3 Root CA" -# Serial: 2 -# MD5 Fingerprint: 3d:3b:18:9e:2c:64:5a:e8:d5:88:ce:0e:f9:37:c2:ec -# SHA1 Fingerprint: da:fa:f7:fa:66:84:ec:06:8f:14:50:bd:c7:c2:81:a5:bc:a9:64:57 -# SHA256 Fingerprint: ed:f7:eb:bc:a2:7a:2a:38:4d:38:7b:7d:40:10:c6:66:e2:ed:b4:84:3e:4c:29:b4:ae:1d:5b:93:32:e6:b2:4d ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd -MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg -Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow -TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw -HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB -BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y -ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E -N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 -tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX -0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c -/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X -KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY -zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS -O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D -34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP -K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 -AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv -Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj -QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV -cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS -IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 -HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa -O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv -033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u -dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE -kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 -3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD -u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq -4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= ------END CERTIFICATE----- - -# Issuer: CN=T-TeleSec GlobalRoot Class 3 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center -# Subject: CN=T-TeleSec GlobalRoot Class 3 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center -# Label: "T-TeleSec GlobalRoot Class 3" -# Serial: 1 -# MD5 Fingerprint: ca:fb:40:a8:4e:39:92:8a:1d:fe:8e:2f:c4:27:ea:ef -# SHA1 Fingerprint: 55:a6:72:3e:cb:f2:ec:cd:c3:23:74:70:19:9d:2a:be:11:e3:81:d1 -# SHA256 Fingerprint: fd:73:da:d3:1c:64:4f:f1:b4:3b:ef:0c:cd:da:96:71:0b:9c:d9:87:5e:ca:7e:31:70:7a:f3:e9:6d:52:2b:bd ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx -KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd -BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl -YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 -OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy -aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 -ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN -8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ -RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 -hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 -ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM -EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj -QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 -A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy -WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ -1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 -6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT -91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml -e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p -TpPDpFQUWw== ------END CERTIFICATE----- - -# Issuer: CN=EE Certification Centre Root CA O=AS Sertifitseerimiskeskus -# Subject: CN=EE Certification Centre Root CA O=AS Sertifitseerimiskeskus -# Label: "EE Certification Centre Root CA" -# Serial: 112324828676200291871926431888494945866 -# MD5 Fingerprint: 43:5e:88:d4:7d:1a:4a:7e:fd:84:2e:52:eb:01:d4:6f -# SHA1 Fingerprint: c9:a8:b9:e7:55:80:5e:58:e3:53:77:a7:25:eb:af:c3:7b:27:cc:d7 -# SHA256 Fingerprint: 3e:84:ba:43:42:90:85:16:e7:75:73:c0:99:2f:09:79:ca:08:4e:46:85:68:1f:f1:95:cc:ba:8a:22:9b:8a:76 ------BEGIN CERTIFICATE----- -MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 -MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 -czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG -CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy -MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl -ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS -b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy -euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO -bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw -WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d -MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE -1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD -VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ -zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB -BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF -BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV -v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG -E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u -uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW -iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v -GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0= ------END CERTIFICATE----- - -# Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007 -# Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007 -# Label: "TURKTRUST Certificate Services Provider Root 2007" -# Serial: 1 -# MD5 Fingerprint: 2b:70:20:56:86:82:a0:18:c8:07:53:12:28:70:21:72 -# SHA1 Fingerprint: f1:7f:6f:b6:31:dc:99:e3:a3:c8:7f:fe:1c:f1:81:10:88:d9:60:33 -# SHA256 Fingerprint: 97:8c:d9:66:f2:fa:a0:7b:a7:aa:95:00:d9:c0:2e:9d:77:f2:cd:ad:a6:ad:6b:a7:4a:f4:b9:1c:66:59:3c:50 ------BEGIN CERTIFICATE----- -MIIEPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvzE/MD0GA1UEAww2VMOc -UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx -c8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV4wXAYDVQQKDFVUw5xS -S1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kg -SGl6bWV0bGVyaSBBLsWeLiAoYykgQXJhbMSxayAyMDA3MB4XDTA3MTIyNTE4Mzcx -OVoXDTE3MTIyMjE4MzcxOVowgb8xPzA9BgNVBAMMNlTDnFJLVFJVU1QgRWxla3Ry -b25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTELMAkGA1UEBhMC -VFIxDzANBgNVBAcMBkFua2FyYTFeMFwGA1UECgxVVMOcUktUUlVTVCBCaWxnaSDE -sGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7F -ni4gKGMpIEFyYWzEsWsgMjAwNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAKu3PgqMyKVYFeaK7yc9SrToJdPNM8Ig3BnuiD9NYvDdE3ePYakqtdTyuTFY -KTsvP2qcb3N2Je40IIDu6rfwxArNK4aUyeNgsURSsloptJGXg9i3phQvKUmi8wUG -+7RP2qFsmmaf8EMJyupyj+sA1zU511YXRxcw9L6/P8JorzZAwan0qafoEGsIiveG -HtyaKhUG9qPw9ODHFNRRf8+0222vR5YXm3dx2KdxnSQM9pQ/hTEST7ruToK4uT6P -IzdezKKqdfcYbwnTrqdUKDT74eA7YH2gvnmJhsifLfkKS8RQouf9eRbHegsYz85M -733WB2+Y8a+xwXrXgTW4qhe04MsCAwEAAaNCMEAwHQYDVR0OBBYEFCnFkKslrxHk -Yb+j/4hhkeYO/pyBMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G -CSqGSIb3DQEBBQUAA4IBAQAQDdr4Ouwo0RSVgrESLFF6QSU2TJ/sPx+EnWVUXKgW -AkD6bho3hO9ynYYKVZ1WKKxmLNA6VpM0ByWtCLCPyA8JWcqdmBzlVPi5RX9ql2+I -aE1KBiY3iAIOtsbWcpnOa3faYjGkVh+uX4132l32iPwa2Z61gfAyuOOI0JzzaqC5 -mxRZNTZPz/OOXl0XrRWV2N2y1RVuAE6zS89mlOTgzbUF2mNXi+WzqtvALhyQRNsa -XRik7r4EW5nVcV9VZWRi1aKbBFmGyGJ353yCRWo9F7/snXUMrqNvWtMvmDb08PUZ -qxFdyKbjKlhqQgnDvZImZjINXQhVdP+MmNAKpoRq0Tl9 ------END CERTIFICATE----- - -# Issuer: CN=D-TRUST Root Class 3 CA 2 2009 O=D-Trust GmbH -# Subject: CN=D-TRUST Root Class 3 CA 2 2009 O=D-Trust GmbH -# Label: "D-TRUST Root Class 3 CA 2 2009" -# Serial: 623603 -# MD5 Fingerprint: cd:e0:25:69:8d:47:ac:9c:89:35:90:f7:fd:51:3d:2f -# SHA1 Fingerprint: 58:e8:ab:b0:36:15:33:fb:80:f7:9b:1b:6d:29:d3:ff:8d:5f:00:f0 -# SHA256 Fingerprint: 49:e7:a4:42:ac:f0:ea:62:87:05:00:54:b5:25:64:b6:50:e4:f4:9e:42:e3:48:d6:aa:38:e0:39:e9:57:b1:c1 ------BEGIN CERTIFICATE----- -MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF -MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD -bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha -ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM -HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 -UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 -tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R -ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM -lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp -/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G -A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G -A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj -dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy -MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl -cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js -L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL -BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni -acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 -o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K -zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 -PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y -Johw1+qRzT65ysCQblrGXnRl11z+o+I= ------END CERTIFICATE----- - -# Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009 O=D-Trust GmbH -# Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009 O=D-Trust GmbH -# Label: "D-TRUST Root Class 3 CA 2 EV 2009" -# Serial: 623604 -# MD5 Fingerprint: aa:c6:43:2c:5e:2d:cd:c4:34:c0:50:4f:11:02:4f:b6 -# SHA1 Fingerprint: 96:c9:1b:0b:95:b4:10:98:42:fa:d0:d8:22:79:fe:60:fa:b9:16:83 -# SHA256 Fingerprint: ee:c5:49:6b:98:8c:e9:86:25:b9:34:09:2e:ec:29:08:be:d0:b0:f3:16:c2:d4:73:0c:84:ea:f1:f3:d3:48:81 ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF -MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD -bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw -NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV -BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn -ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 -3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z -qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR -p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 -HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw -ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea -HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw -Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh -c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E -RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt -dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku -Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp -3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 -nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF -CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na -xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX -KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 ------END CERTIFICATE----- - -# Issuer: CN=Autoridad de Certificacion Raiz del Estado Venezolano O=Sistema Nacional de Certificacion Electronica OU=Superintendencia de Servicios de Certificacion Electronica -# Subject: CN=PSCProcert O=Sistema Nacional de Certificacion Electronica OU=Proveedor de Certificados PROCERT -# Label: "PSCProcert" -# Serial: 11 -# MD5 Fingerprint: e6:24:e9:12:01:ae:0c:de:8e:85:c4:ce:a3:12:dd:ec -# SHA1 Fingerprint: 70:c1:8d:74:b4:28:81:0a:e4:fd:a5:75:d7:01:9f:99:b0:3d:50:74 -# SHA256 Fingerprint: 3c:fc:3c:14:d1:f6:84:ff:17:e3:8c:43:ca:44:0c:00:b9:67:ec:93:3e:8b:fe:06:4c:a1:d7:2c:90:f2:ad:b0 ------BEGIN CERTIFICATE----- -MIIJhjCCB26gAwIBAgIBCzANBgkqhkiG9w0BAQsFADCCAR4xPjA8BgNVBAMTNUF1 -dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9s -YW5vMQswCQYDVQQGEwJWRTEQMA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlz -dHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0 -aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBlcmludGVuZGVuY2lh -IGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUwIwYJ -KoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyODE2NTEw -MFoXDTIwMTIyNTIzNTk1OVowgdExJjAkBgkqhkiG9w0BCQEWF2NvbnRhY3RvQHBy -b2NlcnQubmV0LnZlMQ8wDQYDVQQHEwZDaGFjYW8xEDAOBgNVBAgTB01pcmFuZGEx -KjAoBgNVBAsTIVByb3ZlZWRvciBkZSBDZXJ0aWZpY2Fkb3MgUFJPQ0VSVDE2MDQG -A1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9u -aWNhMQswCQYDVQQGEwJWRTETMBEGA1UEAxMKUFNDUHJvY2VydDCCAiIwDQYJKoZI -hvcNAQEBBQADggIPADCCAgoCggIBANW39KOUM6FGqVVhSQ2oh3NekS1wwQYalNo9 -7BVCwfWMrmoX8Yqt/ICV6oNEolt6Vc5Pp6XVurgfoCfAUFM+jbnADrgV3NZs+J74 -BCXfgI8Qhd19L3uA3VcAZCP4bsm+lU/hdezgfl6VzbHvvnpC2Mks0+saGiKLt38G -ieU89RLAu9MLmV+QfI4tL3czkkohRqipCKzx9hEC2ZUWno0vluYC3XXCFCpa1sl9 -JcLB/KpnheLsvtF8PPqv1W7/U0HU9TI4seJfxPmOEO8GqQKJ/+MMbpfg353bIdD0 -PghpbNjU5Db4g7ayNo+c7zo3Fn2/omnXO1ty0K+qP1xmk6wKImG20qCZyFSTXai2 -0b1dCl53lKItwIKOvMoDKjSuc/HUtQy9vmebVOvh+qBa7Dh+PsHMosdEMXXqP+UH -0quhJZb25uSgXTcYOWEAM11G1ADEtMo88aKjPvM6/2kwLkDd9p+cJsmWN63nOaK/ -6mnbVSKVUyqUtd+tFjiBdWbjxywbk5yqjKPK2Ww8F22c3HxT4CAnQzb5EuE8XL1m -v6JpIzi4mWCZDlZTOpx+FIywBm/xhnaQr/2v/pDGj59/i5IjnOcVdo/Vi5QTcmn7 -K2FjiO/mpF7moxdqWEfLcU8UC17IAggmosvpr2uKGcfLFFb14dq12fy/czja+eev -bqQ34gcnAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/AgEBMDcGA1UdEgQw -MC6CD3N1c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAzNi0w -MB0GA1UdDgQWBBRBDxk4qpl/Qguk1yeYVKIXTC1RVDCCAVAGA1UdIwSCAUcwggFD -gBStuyIdxuDSAaj9dlBSk+2YwU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0 -b3JpZGFkIGRlIENlcnRpZmljYWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xh -bm8xCzAJBgNVBAYTAlZFMRAwDgYDVQQHEwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0 -cml0byBDYXBpdGFsMTYwNAYDVQQKEy1TaXN0ZW1hIE5hY2lvbmFsIGRlIENlcnRp -ZmljYWNpb24gRWxlY3Ryb25pY2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5kZW5jaWEg -ZGUgU2VydmljaW9zIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkq -hkiG9w0BCQEWFmFjcmFpekBzdXNjZXJ0ZS5nb2IudmWCAQowDgYDVR0PAQH/BAQD -AgEGME0GA1UdEQRGMESCDnByb2NlcnQubmV0LnZloBUGBWCGXgIBoAwMClBTQy0w -MDAwMDKgGwYFYIZeAgKgEgwQUklGLUotMzE2MzUzNzMtNzB2BgNVHR8EbzBtMEag -RKBChkBodHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9sY3IvQ0VSVElGSUNBRE8t -UkFJWi1TSEEzODRDUkxERVIuY3JsMCOgIaAfhh1sZGFwOi8vYWNyYWl6LnN1c2Nl -cnRlLmdvYi52ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9v -Y3NwLnN1c2NlcnRlLmdvYi52ZTBBBgNVHSAEOjA4MDYGBmCGXgMBAjAsMCoGCCsG -AQUFBwIBFh5odHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9kcGMwDQYJKoZIhvcN -AQELBQADggIBACtZ6yKZu4SqT96QxtGGcSOeSwORR3C7wJJg7ODU523G0+1ng3dS -1fLld6c2suNUvtm7CpsR72H0xpkzmfWvADmNg7+mvTV+LFwxNG9s2/NkAZiqlCxB -3RWGymspThbASfzXg0gTB1GEMVKIu4YXx2sviiCtxQuPcD4quxtxj7mkoP3Yldmv -Wb8lK5jpY5MvYB7Eqvh39YtsL+1+LrVPQA3uvFd359m21D+VJzog1eWuq2w1n8Gh -HVnchIHuTQfiSLaeS5UtQbHh6N5+LwUeaO6/u5BlOsju6rEYNxxik6SgMexxbJHm -pHmJWhSnFFAFTKQAVzAswbVhltw+HoSvOULP5dAssSS830DD7X9jSr3hTxJkhpXz -sOfIt+FTvZLm8wyWuevo5pLtp4EJFAv8lXrPj9Y0TzYS3F7RNHXGRoAvlQSMx4bE -qCaJqD8Zm4G7UaRKhqsLEQ+xrmNTbSjq3TNWOByyrYDT13K9mmyZY+gAu0F2Bbdb -mRiKw7gSXFbPVgx96OLP7bx0R/vu0xdOIk9W/1DzLuY5poLWccret9W6aAjtmcz9 -opLLabid+Qqkpj5PkygqYWwHJgD/ll9ohri4zspV4KuxPX+Y1zMOWj3YeMLEYC/H -YvBhkdI4sPaeVdtAgAUSM84dkpvRabP/v/GSCmE1P93+hvS84Bpxs2Km ------END CERTIFICATE----- - -# Issuer: CN=China Internet Network Information Center EV Certificates Root O=China Internet Network Information Center -# Subject: CN=China Internet Network Information Center EV Certificates Root O=China Internet Network Information Center -# Label: "China Internet Network Information Center EV Certificates Root" -# Serial: 1218379777 -# MD5 Fingerprint: 55:5d:63:00:97:bd:6a:97:f5:67:ab:4b:fb:6e:63:15 -# SHA1 Fingerprint: 4f:99:aa:93:fb:2b:d1:37:26:a1:99:4a:ce:7f:f0:05:f2:93:5d:1e -# SHA256 Fingerprint: 1c:01:c6:f4:db:b2:fe:fc:22:55:8b:2b:ca:32:56:3f:49:84:4a:cf:c3:2b:7b:e4:b0:ff:59:9f:9e:8c:7a:f7 ------BEGIN CERTIFICATE----- -MIID9zCCAt+gAwIBAgIESJ8AATANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC -Q04xMjAwBgNVBAoMKUNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24g -Q2VudGVyMUcwRQYDVQQDDD5DaGluYSBJbnRlcm5ldCBOZXR3b3JrIEluZm9ybWF0 -aW9uIENlbnRlciBFViBDZXJ0aWZpY2F0ZXMgUm9vdDAeFw0xMDA4MzEwNzExMjVa -Fw0zMDA4MzEwNzExMjVaMIGKMQswCQYDVQQGEwJDTjEyMDAGA1UECgwpQ2hpbmEg -SW50ZXJuZXQgTmV0d29yayBJbmZvcm1hdGlvbiBDZW50ZXIxRzBFBgNVBAMMPkNo -aW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyIEVWIENlcnRp -ZmljYXRlcyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm35z -7r07eKpkQ0H1UN+U8i6yjUqORlTSIRLIOTJCBumD1Z9S7eVnAztUwYyZmczpwA// -DdmEEbK40ctb3B75aDFk4Zv6dOtouSCV98YPjUesWgbdYavi7NifFy2cyjw1l1Vx -zUOFsUcW9SxTgHbP0wBkvUCZ3czY28Sf1hNfQYOL+Q2HklY0bBoQCxfVWhyXWIQ8 -hBouXJE0bhlffxdpxWXvayHG1VA6v2G5BY3vbzQ6sm8UY78WO5upKv23KzhmBsUs -4qpnHkWnjQRmQvaPK++IIGmPMowUc9orhpFjIpryp9vOiYurXccUwVswah+xt54u -gQEC7c+WXmPbqOY4twIDAQABo2MwYTAfBgNVHSMEGDAWgBR8cks5x8DbYqVPm6oY -NJKiyoOCWTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E -FgQUfHJLOcfA22KlT5uqGDSSosqDglkwDQYJKoZIhvcNAQEFBQADggEBACrDx0M3 -j92tpLIM7twUbY8opJhJywyA6vPtI2Z1fcXTIWd50XPFtQO3WKwMVC/GVhMPMdoG -52U7HW8228gd+f2ABsqjPWYWqJ1MFn3AlUa1UeTiH9fqBk1jjZaM7+czV0I664zB -echNdn3e9rG3geCg+aF4RhcaVpjwTj2rHO3sOdwHSPdj/gauwqRcalsyiMXHM4Ws -ZkJHwlgkmeHlPuV1LI5D1l08eB6olYIpUNHRFrrvwb562bTYzB5MRuF3sTGrvSrI -zo9uoV1/A3U05K2JRVRevq4opbs/eHnrc7MKDf2+yfdWrPa37S+bISnHOLaVxATy -wy39FCqQmbkHzJ8= ------END CERTIFICATE----- - -# Issuer: CN=Swisscom Root CA 2 O=Swisscom OU=Digital Certificate Services -# Subject: CN=Swisscom Root CA 2 O=Swisscom OU=Digital Certificate Services -# Label: "Swisscom Root CA 2" -# Serial: 40698052477090394928831521023204026294 -# MD5 Fingerprint: 5b:04:69:ec:a5:83:94:63:18:a7:86:d0:e4:f2:6e:19 -# SHA1 Fingerprint: 77:47:4f:c6:30:e4:0f:4c:47:64:3f:84:ba:b8:c6:95:4a:8a:41:ec -# SHA256 Fingerprint: f0:9b:12:2c:71:14:f4:a0:9b:d4:ea:4f:4a:99:d5:58:b4:6e:4c:25:cd:81:14:0d:29:c0:56:13:91:4c:38:41 ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBk -MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 -YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg -Q0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYT -AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp -Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvEr -jw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r -0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f -2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVP -ACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aF -y6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTA -tukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL -6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0 -uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrAL -acywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velh -k6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q -VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw -FDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O -BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqh -b97iEoHF8TwuMA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4R -fbgZPnm3qKhyN2abGu2sEzsOv2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv -/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82YqZh6NM4OKb3xuqFp1mrjX2lhI -REeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLzo9v/tdhZsnPdTSpx -srpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcsa0vv -aGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT -woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99n -Bjx8Oto0QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5W -t6NlUe07qxS/TFED6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N -8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx2 -9CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5 -wSsSnqaeG8XmDtkx2Q== ------END CERTIFICATE----- - -# Issuer: CN=Swisscom Root EV CA 2 O=Swisscom OU=Digital Certificate Services -# Subject: CN=Swisscom Root EV CA 2 O=Swisscom OU=Digital Certificate Services -# Label: "Swisscom Root EV CA 2" -# Serial: 322973295377129385374608406479535262296 -# MD5 Fingerprint: 7b:30:34:9f:dd:0a:4b:6b:35:ca:31:51:28:5d:ae:ec -# SHA1 Fingerprint: e7:a1:90:29:d3:d5:52:dc:0d:0f:c6:92:d3:ea:88:0d:15:2e:1a:6b -# SHA256 Fingerprint: d9:5f:ea:3c:a4:ee:dc:e7:4c:d7:6e:75:fc:6d:1f:f6:2c:44:1f:0f:a8:bc:77:f0:34:b1:9e:5d:b2:58:01:5d ------BEGIN CERTIFICATE----- -MIIF4DCCA8igAwIBAgIRAPL6ZOJ0Y9ON/RAdBB92ylgwDQYJKoZIhvcNAQELBQAw -ZzELMAkGA1UEBhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdp -dGFsIENlcnRpZmljYXRlIFNlcnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290 -IEVWIENBIDIwHhcNMTEwNjI0MDk0NTA4WhcNMzEwNjI1MDg0NTA4WjBnMQswCQYD -VQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2Vy -dGlmaWNhdGUgU2VydmljZXMxHjAcBgNVBAMTFVN3aXNzY29tIFJvb3QgRVYgQ0Eg -MjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMT3HS9X6lds93BdY7Bx -UglgRCgzo3pOCvrY6myLURYaVa5UJsTMRQdBTxB5f3HSek4/OE6zAMaVylvNwSqD -1ycfMQ4jFrclyxy0uYAyXhqdk/HoPGAsp15XGVhRXrwsVgu42O+LgrQ8uMIkqBPH -oCE2G3pXKSinLr9xJZDzRINpUKTk4RtiGZQJo/PDvO/0vezbE53PnUgJUmfANykR -HvvSEaeFGHR55E+FFOtSN+KxRdjMDUN/rhPSays/p8LiqG12W0OfvrSdsyaGOx9/ -5fLoZigWJdBLlzin5M8J0TbDC77aO0RYjb7xnglrPvMyxyuHxuxenPaHZa0zKcQv -idm5y8kDnftslFGXEBuGCxobP/YCfnvUxVFkKJ3106yDgYjTdLRZncHrYTNaRdHL -OdAGalNgHa/2+2m8atwBz735j9m9W8E6X47aD0upm50qKGsaCnw8qyIL5XctcfaC -NYGu+HuB5ur+rPQam3Rc6I8k9l2dRsQs0h4rIWqDJ2dVSqTjyDKXZpBy2uPUZC5f -46Fq9mDU5zXNysRojddxyNMkM3OxbPlq4SjbX8Y96L5V5jcb7STZDxmPX2MYWFCB -UWVv8p9+agTnNCRxunZLWB4ZvRVgRaoMEkABnRDixzgHcgplwLa7JSnaFp6LNYth -7eVxV4O1PHGf40+/fh6Bn0GXAgMBAAGjgYYwgYMwDgYDVR0PAQH/BAQDAgGGMB0G -A1UdIQQWMBQwEgYHYIV0AVMCAgYHYIV0AVMCAjASBgNVHRMBAf8ECDAGAQH/AgED -MB0GA1UdDgQWBBRF2aWBbj2ITY1x0kbBbkUe88SAnTAfBgNVHSMEGDAWgBRF2aWB -bj2ITY1x0kbBbkUe88SAnTANBgkqhkiG9w0BAQsFAAOCAgEAlDpzBp9SSzBc1P6x -XCX5145v9Ydkn+0UjrgEjihLj6p7jjm02Vj2e6E1CqGdivdj5eu9OYLU43otb98T -PLr+flaYC/NUn81ETm484T4VvwYmneTwkLbUwp4wLh/vx3rEUMfqe9pQy3omywC0 -Wqu1kx+AiYQElY2NfwmTv9SoqORjbdlk5LgpWgi/UOGED1V7XwgiG/W9mR4U9s70 -WBCCswo9GcG/W6uqmdjyMb3lOGbcWAXH7WMaLgqXfIeTK7KK4/HsGOV1timH59yL -Gn602MnTihdsfSlEvoqq9X46Lmgxk7lq2prg2+kupYTNHAq4Sgj5nPFhJpiTt3tm -7JFe3VE/23MPrQRYCd0EApUKPtN236YQHoA96M2kZNEzx5LH4k5E4wnJTsJdhw4S -nr8PyQUQ3nqjsTzyP6WqJ3mtMX0f/fwZacXduT98zca0wjAefm6S139hdlqP65VN -vBFuIXxZN5nQBrz5Bm0yFqXZaajh3DyAHmBR3NdUIR7KYndP+tiPsys6DXhyyWhB -WkdKwqPrGtcKqzwyVcgKEZzfdNbwQBUdyLmPtTbFr/giuMod89a2GQ+fYWVq6nTI -fI/DT11lgh/ZDYnadXL77/FHZxOzyNEZiCcmmpl5fx7kLD977vHeTYuWl8PVP3wb -I+2ksx0WckNLIOFZfsLorSa/ovc= ------END CERTIFICATE----- - -# Issuer: CN=CA Disig Root R1 O=Disig a.s. -# Subject: CN=CA Disig Root R1 O=Disig a.s. -# Label: "CA Disig Root R1" -# Serial: 14052245610670616104 -# MD5 Fingerprint: be:ec:11:93:9a:f5:69:21:bc:d7:c1:c0:67:89:cc:2a -# SHA1 Fingerprint: 8e:1c:74:f8:a6:20:b9:e5:8a:f4:61:fa:ec:2b:47:56:51:1a:52:c6 -# SHA256 Fingerprint: f9:6f:23:f4:c3:e7:9c:07:7a:46:98:8d:5a:f5:90:06:76:a0:f0:39:cb:64:5d:d1:75:49:b2:16:c8:24:40:ce ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV -BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu -MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQy -MDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx -EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjEw -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy3QRk -D2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/o -OI7bm+V8u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3A -fQ+lekLZWnDZv6fXARz2m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJe -IgpFy4QxTaz+29FHuvlglzmxZcfe+5nkCiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8n -oc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTaYVKvJrT1cU/J19IG32PK -/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6vpmumwKj -rckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD -3AjLLhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE -7cderVC6xkGbrPAXZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkC -yC2fg69naQanMVXVz0tv/wQFx1isXxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLd -qvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud -DwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ04IwDQYJKoZI -hvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR -xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaA -SfX8MPWbTx9BLxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXo -HqJPYNcHKfyyo6SdbhWSVhlMCrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpB -emOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5GfbVSUZP/3oNn6z4eGBrxEWi1CXYBmC -AMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85YmLLW1AL14FABZyb -7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKSds+x -DzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvk -F7mGnjixlAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqF -a3qdnom2piiZk4hA9z7NUaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsT -Q6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJa7+h89n07eLw4+1knj0vllJPgFOL ------END CERTIFICATE----- - -# Issuer: CN=CA Disig Root R2 O=Disig a.s. -# Subject: CN=CA Disig Root R2 O=Disig a.s. -# Label: "CA Disig Root R2" -# Serial: 10572350602393338211 -# MD5 Fingerprint: 26:01:fb:d8:27:a7:17:9a:45:54:38:1a:43:01:3b:03 -# SHA1 Fingerprint: b5:61:eb:ea:a4:de:e4:25:4b:69:1a:98:a5:57:47:c2:34:c7:d9:71 -# SHA256 Fingerprint: e2:3d:4a:03:6d:7b:70:e9:f5:95:b1:42:20:79:d2:b9:1e:df:bb:1f:b6:51:a0:63:3e:aa:8a:9d:c5:f8:07:03 ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV -BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu -MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy -MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx -EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe -NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH -PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I -x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe -QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR -yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO -QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 -H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ -QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD -i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs -nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 -rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud -DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI -hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM -tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf -GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb -lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka -+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal -TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i -nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 -gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr -G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os -zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x -L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL ------END CERTIFICATE----- - -# Issuer: CN=ACCVRAIZ1 O=ACCV OU=PKIACCV -# Subject: CN=ACCVRAIZ1 O=ACCV OU=PKIACCV -# Label: "ACCVRAIZ1" -# Serial: 6828503384748696800 -# MD5 Fingerprint: d0:a0:5a:ee:05:b6:09:94:21:a1:7d:f1:b2:29:82:02 -# SHA1 Fingerprint: 93:05:7a:88:15:c6:4f:ce:88:2f:fa:91:16:52:28:78:bc:53:64:17 -# SHA256 Fingerprint: 9a:6e:c0:12:e1:a7:da:9d:be:34:19:4d:47:8a:d7:c0:db:18:22:fb:07:1d:f1:29:81:49:6e:d1:04:38:41:13 ------BEGIN CERTIFICATE----- -MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE -AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw -CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ -BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND -VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb -qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY -HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo -G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA -lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr -IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ -0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH -k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 -4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO -m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa -cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl -uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI -KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls -ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG -AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 -VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT -VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG -CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA -cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA -QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA -7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA -cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA -QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA -czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu -aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt -aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud -DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF -BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp -D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU -JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m -AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD -vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms -tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH -7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h -I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA -h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF -d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H -pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 ------END CERTIFICATE----- - -# Issuer: CN=TWCA Global Root CA O=TAIWAN-CA OU=Root CA -# Subject: CN=TWCA Global Root CA O=TAIWAN-CA OU=Root CA -# Label: "TWCA Global Root CA" -# Serial: 3262 -# MD5 Fingerprint: f9:03:7e:cf:e6:9e:3c:73:7a:2a:90:07:69:ff:2b:96 -# SHA1 Fingerprint: 9c:bb:48:53:f6:a4:f6:d3:52:a4:e8:32:52:55:60:13:f5:ad:af:65 -# SHA256 Fingerprint: 59:76:90:07:f7:68:5d:0f:cd:50:87:2f:9f:95:d5:75:5a:5b:2b:45:7d:81:f3:69:2b:61:0a:98:67:2f:0e:1b ------BEGIN CERTIFICATE----- -MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx -EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT -VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 -NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT -B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF -10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz -0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh -MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH -zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc -46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 -yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi -laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP -oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA -BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE -qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm -4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL -1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn -LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF -H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo -RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ -nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh -15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW -6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW -nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j -wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz -aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy -KwbQBM0= ------END CERTIFICATE----- - -# Issuer: CN=TeliaSonera Root CA v1 O=TeliaSonera -# Subject: CN=TeliaSonera Root CA v1 O=TeliaSonera -# Label: "TeliaSonera Root CA v1" -# Serial: 199041966741090107964904287217786801558 -# MD5 Fingerprint: 37:41:49:1b:18:56:9a:26:f5:ad:c2:66:fb:40:a5:4c -# SHA1 Fingerprint: 43:13:bb:96:f1:d5:86:9b:c1:4e:6a:92:f6:cf:f6:34:69:87:82:37 -# SHA256 Fingerprint: dd:69:36:fe:21:f8:f0:77:c1:23:a1:a5:21:c1:22:24:f7:22:55:b7:3e:03:a7:26:06:93:e8:a2:4b:0f:a3:89 ------BEGIN CERTIFICATE----- -MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw -NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv -b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD -VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 -MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F -VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 -7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X -Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ -/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs -81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm -dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe -Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu -sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 -pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs -slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ -arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD -VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG -9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl -dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx -0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj -TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed -Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 -Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI -OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 -vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW -t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn -HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx -SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= ------END CERTIFICATE----- - -# Issuer: CN=E-Tugra Certification Authority O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. OU=E-Tugra Sertifikasyon Merkezi -# Subject: CN=E-Tugra Certification Authority O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. OU=E-Tugra Sertifikasyon Merkezi -# Label: "E-Tugra Certification Authority" -# Serial: 7667447206703254355 -# MD5 Fingerprint: b8:a1:03:63:b0:bd:21:71:70:8a:6f:13:3a:bb:79:49 -# SHA1 Fingerprint: 51:c6:e7:08:49:06:6e:f3:92:d4:5c:a0:0d:6d:a3:62:8f:c3:52:39 -# SHA256 Fingerprint: b0:bf:d5:2b:b0:d7:d9:bd:92:bf:5d:4d:c1:3d:a2:55:c0:2c:54:2f:37:83:65:ea:89:39:11:f5:5e:55:f2:3c ------BEGIN CERTIFICATE----- -MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV -BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC -aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV -BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 -Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz -MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ -BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp -em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN -ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY -B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH -D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF -Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo -q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D -k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH -fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut -dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM -ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 -zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn -rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX -U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 -Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 -XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF -Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR -HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY -GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c -77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 -+GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK -vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 -FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl -yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P -AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD -y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d -NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== ------END CERTIFICATE----- - -# Issuer: CN=T-TeleSec GlobalRoot Class 2 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center -# Subject: CN=T-TeleSec GlobalRoot Class 2 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center -# Label: "T-TeleSec GlobalRoot Class 2" -# Serial: 1 -# MD5 Fingerprint: 2b:9b:9e:e4:7b:6c:1f:00:72:1a:cc:c1:77:79:df:6a -# SHA1 Fingerprint: 59:0d:2d:7d:88:4f:40:2e:61:7e:a5:62:32:17:65:cf:17:d8:94:e9 -# SHA256 Fingerprint: 91:e2:f5:78:8d:58:10:eb:a7:ba:58:73:7d:e1:54:8a:8e:ca:cd:01:45:98:bc:0b:14:3e:04:1b:17:05:25:52 ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx -KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd -BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl -YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 -OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy -aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 -ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd -AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC -FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi -1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq -jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ -wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj -QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ -WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy -NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC -uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw -IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 -g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN -9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP -BSeOE6Fuwg== ------END CERTIFICATE----- - -# Issuer: CN=Atos TrustedRoot 2011 O=Atos -# Subject: CN=Atos TrustedRoot 2011 O=Atos -# Label: "Atos TrustedRoot 2011" -# Serial: 6643877497813316402 -# MD5 Fingerprint: ae:b9:c4:32:4b:ac:7f:5d:66:cc:77:94:bb:2a:77:56 -# SHA1 Fingerprint: 2b:b1:f5:3e:55:0c:1d:c5:f1:d4:e6:b7:6a:46:4b:55:06:02:ac:21 -# SHA256 Fingerprint: f3:56:be:a2:44:b7:a9:1e:b3:5d:53:ca:9a:d7:86:4a:ce:01:8e:2d:35:d5:f8:f9:6d:df:68:a6:f4:1a:a4:74 ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE -AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG -EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM -FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC -REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp -Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM -VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ -SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ -4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L -cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi -eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV -HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG -A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 -DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j -vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP -DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc -maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D -lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv -KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed ------END CERTIFICATE----- - -# Issuer: CN=QuoVadis Root CA 1 G3 O=QuoVadis Limited -# Subject: CN=QuoVadis Root CA 1 G3 O=QuoVadis Limited -# Label: "QuoVadis Root CA 1 G3" -# Serial: 687049649626669250736271037606554624078720034195 -# MD5 Fingerprint: a4:bc:5b:3f:fe:37:9a:fa:64:f0:e2:fa:05:3d:0b:ab -# SHA1 Fingerprint: 1b:8e:ea:57:96:29:1a:c9:39:ea:b8:0a:81:1a:73:73:c0:93:79:67 -# SHA256 Fingerprint: 8a:86:6f:d1:b2:76:b5:7e:57:8e:92:1c:65:82:8a:2b:ed:58:e9:f2:f2:88:05:41:34:b7:f1:f4:bf:c9:cc:74 ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL -BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc -BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 -MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV -wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe -rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 -68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh -4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp -UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o -abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc -3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G -KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt -hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO -Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt -zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD -ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC -MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 -cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN -qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 -YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv -b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 -8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k -NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj -ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp -q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt -nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD ------END CERTIFICATE----- - -# Issuer: CN=QuoVadis Root CA 2 G3 O=QuoVadis Limited -# Subject: CN=QuoVadis Root CA 2 G3 O=QuoVadis Limited -# Label: "QuoVadis Root CA 2 G3" -# Serial: 390156079458959257446133169266079962026824725800 -# MD5 Fingerprint: af:0c:86:6e:bf:40:2d:7f:0b:3e:12:50:ba:12:3d:06 -# SHA1 Fingerprint: 09:3c:61:f3:8b:8b:dc:7d:55:df:75:38:02:05:00:e1:25:f5:c8:36 -# SHA256 Fingerprint: 8f:e4:fb:0a:f9:3a:4d:0d:67:db:0b:eb:b2:3e:37:c7:1b:f3:25:dc:bc:dd:24:0e:a0:4d:af:58:b4:7e:18:40 ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL -BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc -BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 -MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf -qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW -n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym -c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ -O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 -o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j -IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq -IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz -8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh -vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l -7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG -cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD -ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 -AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC -roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga -W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n -lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE -+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV -csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd -dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg -KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM -HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 -WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M ------END CERTIFICATE----- - -# Issuer: CN=QuoVadis Root CA 3 G3 O=QuoVadis Limited -# Subject: CN=QuoVadis Root CA 3 G3 O=QuoVadis Limited -# Label: "QuoVadis Root CA 3 G3" -# Serial: 268090761170461462463995952157327242137089239581 -# MD5 Fingerprint: df:7d:b9:ad:54:6f:68:a1:df:89:57:03:97:43:b0:d7 -# SHA1 Fingerprint: 48:12:bd:92:3c:a8:c4:39:06:e7:30:6d:27:96:e6:a4:cf:22:2e:7d -# SHA256 Fingerprint: 88:ef:81:de:20:2e:b0:18:45:2e:43:f8:64:72:5c:ea:5f:bd:1f:c2:d9:d2:05:73:07:09:c5:d8:b8:69:0f:46 ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL -BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc -BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 -MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR -/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu -FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR -U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c -ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR -FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k -A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw -eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl -sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp -VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q -A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ -ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD -ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px -KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI -FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv -oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg -u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP -0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf -3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl -8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ -DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN -PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ -ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 ------END CERTIFICATE----- - -# Issuer: CN=DigiCert Assured ID Root G2 O=DigiCert Inc OU=www.digicert.com -# Subject: CN=DigiCert Assured ID Root G2 O=DigiCert Inc OU=www.digicert.com -# Label: "DigiCert Assured ID Root G2" -# Serial: 15385348160840213938643033620894905419 -# MD5 Fingerprint: 92:38:b9:f8:63:24:82:65:2c:57:33:e6:fe:81:8f:9d -# SHA1 Fingerprint: a1:4b:48:d9:43:ee:0a:0e:40:90:4f:3c:e0:a4:c0:91:93:51:5d:3f -# SHA256 Fingerprint: 7d:05:eb:b6:82:33:9f:8c:94:51:ee:09:4e:eb:fe:fa:79:53:a1:14:ed:b2:f4:49:49:45:2f:ab:7d:2f:c1:85 ------BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv -b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl -cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA -n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc -biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp -EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA -bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu -YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB -AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW -BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI -QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I -0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni -lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 -B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv -ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo -IhNzbM8m9Yop5w== ------END CERTIFICATE----- - -# Issuer: CN=DigiCert Assured ID Root G3 O=DigiCert Inc OU=www.digicert.com -# Subject: CN=DigiCert Assured ID Root G3 O=DigiCert Inc OU=www.digicert.com -# Label: "DigiCert Assured ID Root G3" -# Serial: 15459312981008553731928384953135426796 -# MD5 Fingerprint: 7c:7f:65:31:0c:81:df:8d:ba:3e:99:e2:5c:ad:6e:fb -# SHA1 Fingerprint: f5:17:a2:4f:9a:48:c6:c9:f8:a2:00:26:9f:dc:0f:48:2c:ab:30:89 -# SHA256 Fingerprint: 7e:37:cb:8b:4c:47:09:0c:ab:36:55:1b:a6:f4:5d:b8:40:68:0f:ba:16:6a:95:2d:b1:00:71:7f:43:05:3f:c2 ------BEGIN CERTIFICATE----- -MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw -CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu -ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg -RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu -Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf -Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q -RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD -AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY -JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv -6pZjamVFkpUBtA== ------END CERTIFICATE----- - -# Issuer: CN=DigiCert Global Root G2 O=DigiCert Inc OU=www.digicert.com -# Subject: CN=DigiCert Global Root G2 O=DigiCert Inc OU=www.digicert.com -# Label: "DigiCert Global Root G2" -# Serial: 4293743540046975378534879503202253541 -# MD5 Fingerprint: e4:a6:8a:c8:54:ac:52:42:46:0a:fd:72:48:1b:2a:44 -# SHA1 Fingerprint: df:3c:24:f9:bf:d6:66:76:1b:26:80:73:fe:06:d1:cc:8d:4f:82:a4 -# SHA256 Fingerprint: cb:3c:cb:b7:60:31:e5:e0:13:8f:8d:d3:9a:23:f9:de:47:ff:c3:5e:43:c1:14:4c:ea:27:d4:6a:5a:b1:cb:5f ------BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH -MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT -MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j -b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI -2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx -1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ -q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz -tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ -vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV -5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY -1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 -NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG -Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 -8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe -pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl -MrY= ------END CERTIFICATE----- - -# Issuer: CN=DigiCert Global Root G3 O=DigiCert Inc OU=www.digicert.com -# Subject: CN=DigiCert Global Root G3 O=DigiCert Inc OU=www.digicert.com -# Label: "DigiCert Global Root G3" -# Serial: 7089244469030293291760083333884364146 -# MD5 Fingerprint: f5:5d:a4:50:a5:fb:28:7e:1e:0f:0d:cc:96:57:56:ca -# SHA1 Fingerprint: 7e:04:de:89:6a:3e:66:6d:00:e6:87:d3:3f:fa:d9:3b:e8:3d:34:9e -# SHA256 Fingerprint: 31:ad:66:48:f8:10:41:38:c7:38:f3:9e:a4:32:01:33:39:3e:3a:18:cc:02:29:6e:f9:7c:2a:c9:ef:67:31:d0 ------BEGIN CERTIFICATE----- -MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw -CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu -ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe -Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw -EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x -IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF -K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG -fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO -Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd -BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx -AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ -oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 -sycX ------END CERTIFICATE----- - -# Issuer: CN=DigiCert Trusted Root G4 O=DigiCert Inc OU=www.digicert.com -# Subject: CN=DigiCert Trusted Root G4 O=DigiCert Inc OU=www.digicert.com -# Label: "DigiCert Trusted Root G4" -# Serial: 7451500558977370777930084869016614236 -# MD5 Fingerprint: 78:f2:fc:aa:60:1f:2f:b4:eb:c9:37:ba:53:2e:75:49 -# SHA1 Fingerprint: dd:fb:16:cd:49:31:c9:73:a2:03:7d:3f:c8:3a:4d:7d:77:5d:05:e4 -# SHA256 Fingerprint: 55:2f:7b:dc:f1:a7:af:9e:6c:e6:72:01:7f:4f:12:ab:f7:72:40:c7:8e:76:1a:c2:03:d1:d9:d2:0a:c8:99:88 ------BEGIN CERTIFICATE----- -MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg -RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu -Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y -ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If -xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV -ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO -DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ -jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ -CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi -EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM -fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY -uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK -chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t -9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD -ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 -SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd -+SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc -fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa -sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N -cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N -0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie -4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI -r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 -/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm -gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ ------END CERTIFICATE----- - -# Issuer: CN=Certification Authority of WoSign O=WoSign CA Limited -# Subject: CN=Certification Authority of WoSign O=WoSign CA Limited -# Label: "WoSign" -# Serial: 125491772294754854453622855443212256657 -# MD5 Fingerprint: a1:f2:f9:b5:d2:c8:7a:74:b8:f3:05:f1:d7:e1:84:8d -# SHA1 Fingerprint: b9:42:94:bf:91:ea:8f:b6:4b:e6:10:97:c7:fb:00:13:59:b6:76:cb -# SHA256 Fingerprint: 4b:22:d5:a6:ae:c9:9f:3c:db:79:aa:5e:c0:68:38:47:9c:d5:ec:ba:71:64:f7:f2:2d:c1:d6:5f:63:d8:57:08 ------BEGIN CERTIFICATE----- -MIIFdjCCA16gAwIBAgIQXmjWEXGUY1BWAGjzPsnFkTANBgkqhkiG9w0BAQUFADBV -MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxKjAoBgNV -BAMTIUNlcnRpZmljYXRpb24gQXV0aG9yaXR5IG9mIFdvU2lnbjAeFw0wOTA4MDgw -MTAwMDFaFw0zOTA4MDgwMTAwMDFaMFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFX -b1NpZ24gQ0EgTGltaXRlZDEqMCgGA1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgb2YgV29TaWduMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqN -rLiRFVaXe2tcesLea9mhsMMQI/qnobLMMfo+2aYpbxY94Gv4uEBf2zmoAHqLoE1U -fcIiePyOCbiohdfMlZdLdNiefvAA5A6JrkkoRBoQmTIPJYhTpA2zDxIIFgsDcScc -f+Hb0v1naMQFXQoOXXDX2JegvFNBmpGN9J42Znp+VsGQX+axaCA2pIwkLCxHC1l2 -ZjC1vt7tj/id07sBMOby8w7gLJKA84X5KIq0VC6a7fd2/BVoFutKbOsuEo/Uz/4M -x1wdC34FMr5esAkqQtXJTpCzWQ27en7N1QhatH/YHGkR+ScPewavVIMYe+HdVHpR -aG53/Ma/UkpmRqGyZxq7o093oL5d//xWC0Nyd5DKnvnyOfUNqfTq1+ezEC8wQjch -zDBwyYaYD8xYTYO7feUapTeNtqwylwA6Y3EkHp43xP901DfA4v6IRmAR3Qg/UDar -uHqklWJqbrDKaiFaafPz+x1wOZXzp26mgYmhiMU7ccqjUu6Du/2gd/Tkb+dC221K -mYo0SLwX3OSACCK28jHAPwQ+658geda4BmRkAjHXqc1S+4RFaQkAKtxVi8QGRkvA -Sh0JWzko/amrzgD5LkhLJuYwTKVYyrREgk/nkR4zw7CT/xH8gdLKH3Ep3XZPkiWv -HYG3Dy+MwwbMLyejSuQOmbp8HkUff6oZRZb9/D0CAwEAAaNCMEAwDgYDVR0PAQH/ -BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOFmzw7R8bNLtwYgFP6H -EtX2/vs+MA0GCSqGSIb3DQEBBQUAA4ICAQCoy3JAsnbBfnv8rWTjMnvMPLZdRtP1 -LOJwXcgu2AZ9mNELIaCJWSQBnfmvCX0KI4I01fx8cpm5o9dU9OpScA7F9dY74ToJ -MuYhOZO9sxXqT2r09Ys/L3yNWC7F4TmgPsc9SnOeQHrAK2GpZ8nzJLmzbVUsWh2e -JXLOC62qx1ViC777Y7NhRCOjy+EaDveaBk3e1CNOIZZbOVtXHS9dCF4Jef98l7VN -g64N1uajeeAz0JmWAjCnPv/So0M/BVoG6kQC2nz4SNAzqfkHx5Xh9T71XXG68pWp -dIhhWeO/yloTunK0jF02h+mmxTwTv97QRCbut+wucPrXnbes5cVAWubXbHssw1ab -R80LzvobtCHXt2a49CUwi1wNuepnsvRtrtWhnk/Yn+knArAdBtaP4/tIEp9/EaEQ -PkxROpaw0RPxx9gmrjrKkcRpnd8BKWRRb2jaFOwIQZeQjdCygPLPwj2/kWjFgGce -xGATVdVhmVd8upUPYUk6ynW8yQqTP2cOEvIo4jEbwFcW3wh8GcF+Dx+FHgo2fFt+ -J7x6v+Db9NpSvd4MVHAxkUOVyLzwPt0JfjBkUO1/AaQzZ01oT74V77D2AhGiGxMl -OtzCWfHjXEa7ZywCRuoeSKbmW9m1vFGikpbbqsY3Iqb+zCB0oy2pLmvLwIIRIbWT -ee5Ehr7XHuQe+w== ------END CERTIFICATE----- - -# Issuer: CN=CA 沃通根证书 O=WoSign CA Limited -# Subject: CN=CA 沃通根证书 O=WoSign CA Limited -# Label: "WoSign China" -# Serial: 106921963437422998931660691310149453965 -# MD5 Fingerprint: 78:83:5b:52:16:76:c4:24:3b:83:78:e8:ac:da:9a:93 -# SHA1 Fingerprint: 16:32:47:8d:89:f9:21:3a:92:00:85:63:f5:a4:a7:d3:12:40:8a:d6 -# SHA256 Fingerprint: d6:f0:34:bd:94:aa:23:3f:02:97:ec:a4:24:5b:28:39:73:e4:47:aa:59:0f:31:0c:77:f4:8f:df:83:11:22:54 ------BEGIN CERTIFICATE----- -MIIFWDCCA0CgAwIBAgIQUHBrzdgT/BtOOzNy0hFIjTANBgkqhkiG9w0BAQsFADBG -MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNV -BAMMEkNBIOayg+mAmuagueivgeS5pjAeFw0wOTA4MDgwMTAwMDFaFw0zOTA4MDgw -MTAwMDFaMEYxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRl -ZDEbMBkGA1UEAwwSQ0Eg5rKD6YCa5qC56K+B5LmmMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA0EkhHiX8h8EqwqzbdoYGTufQdDTc7WU1/FDWiD+k8H/r -D195L4mx/bxjWDeTmzj4t1up+thxx7S8gJeNbEvxUNUqKaqoGXqW5pWOdO2XCld1 -9AXbbQs5uQF/qvbW2mzmBeCkTVL829B0txGMe41P/4eDrv8FAxNXUDf+jJZSEExf -v5RxadmWPgxDT74wwJ85dE8GRV2j1lY5aAfMh09Qd5Nx2UQIsYo06Yms25tO4dnk -UkWMLhQfkWsZHWgpLFbE4h4TV2TwYeO5Ed+w4VegG63XX9Gv2ystP9Bojg/qnw+L -NVgbExz03jWhCl3W6t8Sb8D7aQdGctyB9gQjF+BNdeFyb7Ao65vh4YOhn0pdr8yb -+gIgthhid5E7o9Vlrdx8kHccREGkSovrlXLp9glk3Kgtn3R46MGiCWOc76DbT52V -qyBPt7D3h1ymoOQ3OMdc4zUPLK2jgKLsLl3Az+2LBcLmc272idX10kaO6m1jGx6K -yX2m+Jzr5dVjhU1zZmkR/sgO9MHHZklTfuQZa/HpelmjbX7FF+Ynxu8b22/8DU0G -AbQOXDBGVWCvOGU6yke6rCzMRh+yRpY/8+0mBe53oWprfi1tWFxK1I5nuPHa1UaK -J/kR8slC/k7e3x9cxKSGhxYzoacXGKUN5AXlK8IrC6KVkLn9YDxOiT7nnO4fuwEC -AwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O -BBYEFOBNv9ybQV0T6GTwp+kVpOGBwboxMA0GCSqGSIb3DQEBCwUAA4ICAQBqinA4 -WbbaixjIvirTthnVZil6Xc1bL3McJk6jfW+rtylNpumlEYOnOXOvEESS5iVdT2H6 -yAa+Tkvv/vMx/sZ8cApBWNromUuWyXi8mHwCKe0JgOYKOoICKuLJL8hWGSbueBwj -/feTZU7n85iYr83d2Z5AiDEoOqsuC7CsDCT6eiaY8xJhEPRdF/d+4niXVOKM6Cm6 -jBAyvd0zaziGfjk9DgNyp115j0WKWa5bIW4xRtVZjc8VX90xJc/bYNaBRHIpAlf2 -ltTW/+op2znFuCyKGo3Oy+dCMYYFaA6eFN0AkLppRQjbbpCBhqcqBT/mhDn4t/lX -X0ykeVoQDF7Va/81XwVRHmyjdanPUIPTfPRm94KNPQx96N97qA4bLJyuQHCH2u2n -FoJavjVsIE4iYdm8UXrNemHcSxH5/mc0zy4EZmFcV5cjjPOGG0jfKq+nwf/Yjj4D -u9gqsPoUJbJRa4ZDhS4HIxaAjUz7tGM7zMN07RujHv41D198HRaG9Q7DlfEvr10l -O1Hm13ZBONFLAzkopR6RctR9q5czxNM+4Gm2KHmgCY0c0f9BckgG/Jou5yD5m6Le -ie2uPAmvylezkolwQOQvT8Jwg0DXJCxr5wkf09XHwQj02w47HAcLQxGEIYbpgNR1 -2KvxAmLBsX5VYc8T1yaw15zLKYs4SgsOkI26oQ== ------END CERTIFICATE----- - -# Issuer: CN=COMODO RSA Certification Authority O=COMODO CA Limited -# Subject: CN=COMODO RSA Certification Authority O=COMODO CA Limited -# Label: "COMODO RSA Certification Authority" -# Serial: 101909084537582093308941363524873193117 -# MD5 Fingerprint: 1b:31:b0:71:40:36:cc:14:36:91:ad:c4:3e:fd:ec:18 -# SHA1 Fingerprint: af:e5:d2:44:a8:d1:19:42:30:ff:47:9f:e2:f8:97:bb:cd:7a:8c:b4 -# SHA256 Fingerprint: 52:f0:e1:c4:e5:8e:c6:29:29:1b:60:31:7f:07:46:71:b8:5d:7e:a8:0d:5b:07:27:34:63:53:4b:32:b4:02:34 ------BEGIN CERTIFICATE----- -MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB -hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV -BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 -MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT -EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR -Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR -6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X -pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC -9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV -/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf -Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z -+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w -qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah -SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC -u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf -Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq -crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E -FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB -/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl -wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM -4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV -2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna -FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ -CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK -boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke -jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL -S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb -QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl -0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB -NVOFBkpdn627G190 ------END CERTIFICATE----- - -# Issuer: CN=USERTrust RSA Certification Authority O=The USERTRUST Network -# Subject: CN=USERTrust RSA Certification Authority O=The USERTRUST Network -# Label: "USERTrust RSA Certification Authority" -# Serial: 2645093764781058787591871645665788717 -# MD5 Fingerprint: 1b:fe:69:d1:91:b7:19:33:a3:72:a8:0f:e1:55:e5:b5 -# SHA1 Fingerprint: 2b:8f:1b:57:33:0d:bb:a2:d0:7a:6c:51:f7:0e:e9:0d:da:b9:ad:8e -# SHA256 Fingerprint: e7:93:c9:b0:2f:d8:aa:13:e2:1c:31:22:8a:cc:b0:81:19:64:3b:74:9c:89:89:64:b1:74:6d:46:c3:d4:cb:d2 ------BEGIN CERTIFICATE----- -MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB -iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl -cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV -BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw -MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV -BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU -aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B -3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY -tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ -Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 -VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT -79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 -c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT -Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l -c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee -UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE -Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd -BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G -A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF -Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO -VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 -ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs -8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR -iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze -Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ -XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ -qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB -VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB -L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG -jjxDah2nGN59PRbxYvnKkKj9 ------END CERTIFICATE----- - -# Issuer: CN=USERTrust ECC Certification Authority O=The USERTRUST Network -# Subject: CN=USERTrust ECC Certification Authority O=The USERTRUST Network -# Label: "USERTrust ECC Certification Authority" -# Serial: 123013823720199481456569720443997572134 -# MD5 Fingerprint: fa:68:bc:d9:b5:7f:ad:fd:c9:1d:06:83:28:cc:24:c1 -# SHA1 Fingerprint: d1:cb:ca:5d:b2:d5:2a:7f:69:3b:67:4d:e5:f0:5a:1d:0c:95:7d:f0 -# SHA256 Fingerprint: 4f:f4:60:d5:4b:9c:86:da:bf:bc:fc:57:12:e0:40:0d:2b:ed:3f:bc:4d:4f:bd:aa:86:e0:6a:dc:d2:a9:ad:7a ------BEGIN CERTIFICATE----- -MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL -MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl -eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT -JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx -MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT -Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg -VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo -I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng -o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G -A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD -VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB -zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW -RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= ------END CERTIFICATE----- - -# Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign ECC Root CA - R4 -# Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign ECC Root CA - R4 -# Label: "GlobalSign ECC Root CA - R4" -# Serial: 14367148294922964480859022125800977897474 -# MD5 Fingerprint: 20:f0:27:68:d1:7e:a0:9d:0e:e6:2a:ca:df:5c:89:8e -# SHA1 Fingerprint: 69:69:56:2e:40:80:f4:24:a1:e7:19:9f:14:ba:f3:ee:58:ab:6a:bb -# SHA256 Fingerprint: be:c9:49:11:c2:95:56:76:db:6c:0a:55:09:86:d7:6e:3b:a0:05:66:7c:44:2c:97:62:b4:fb:b7:73:de:22:8c ------BEGIN CERTIFICATE----- -MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk -MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH -bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX -DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD -QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ -FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw -DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F -uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX -kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs -ewv4n4Q= ------END CERTIFICATE----- - -# Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign ECC Root CA - R5 -# Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign ECC Root CA - R5 -# Label: "GlobalSign ECC Root CA - R5" -# Serial: 32785792099990507226680698011560947931244 -# MD5 Fingerprint: 9f:ad:3b:1c:02:1e:8a:ba:17:74:38:81:0c:a2:bc:08 -# SHA1 Fingerprint: 1f:24:c6:30:cd:a4:18:ef:20:69:ff:ad:4f:dd:5f:46:3a:1b:69:aa -# SHA256 Fingerprint: 17:9f:bc:14:8a:3d:d0:0f:d2:4e:a1:34:58:cc:43:bf:a7:f5:9c:81:82:d7:83:a5:13:f6:eb:ec:10:0c:89:24 ------BEGIN CERTIFICATE----- -MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk -MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH -bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX -DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD -QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc -8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke -hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD -VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI -KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg -515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO -xwy8p2Fp8fc74SrL+SvzZpA3 ------END CERTIFICATE----- - -# Issuer: CN=Staat der Nederlanden Root CA - G3 O=Staat der Nederlanden -# Subject: CN=Staat der Nederlanden Root CA - G3 O=Staat der Nederlanden -# Label: "Staat der Nederlanden Root CA - G3" -# Serial: 10003001 -# MD5 Fingerprint: 0b:46:67:07:db:10:2f:19:8c:35:50:60:d1:0b:f4:37 -# SHA1 Fingerprint: d8:eb:6b:41:51:92:59:e0:f3:e7:85:00:c0:3d:b6:88:97:c9:ee:fc -# SHA256 Fingerprint: 3c:4f:b0:b9:5a:b8:b3:00:32:f4:32:b8:6f:53:5f:e1:72:c1:85:d0:fd:39:86:58:37:cf:36:18:7f:a6:f4:28 ------BEGIN CERTIFICATE----- -MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO -TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh -dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX -DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl -ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv -b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP -cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW -IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX -xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy -KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR -9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az -5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 -6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 -Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP -bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt -BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt -XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF -MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd -INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD -U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp -LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 -Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp -gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh -/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw -0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A -fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq -4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR -1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ -QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM -94B7IWcnMFk= ------END CERTIFICATE----- - -# Issuer: CN=Staat der Nederlanden EV Root CA O=Staat der Nederlanden -# Subject: CN=Staat der Nederlanden EV Root CA O=Staat der Nederlanden -# Label: "Staat der Nederlanden EV Root CA" -# Serial: 10000013 -# MD5 Fingerprint: fc:06:af:7b:e8:1a:f1:9a:b4:e8:d2:70:1f:c0:f5:ba -# SHA1 Fingerprint: 76:e2:7e:c1:4f:db:82:c1:c0:a6:75:b5:05:be:3d:29:b4:ed:db:bb -# SHA256 Fingerprint: 4d:24:91:41:4c:fe:95:67:46:ec:4c:ef:a6:cf:6f:72:e2:8a:13:29:43:2f:9d:8a:90:7a:c4:cb:5d:ad:c1:5a ------BEGIN CERTIFICATE----- -MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO -TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh -dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y -MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg -TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS -b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS -M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC -UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d -Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p -rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l -pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb -j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC -KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS -/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X -cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH -1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP -px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB -/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 -MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI -eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u -2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS -v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC -wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy -CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e -vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 -Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa -Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL -eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 -FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc -7uzXLg== ------END CERTIFICATE----- - -# Issuer: CN=IdenTrust Commercial Root CA 1 O=IdenTrust -# Subject: CN=IdenTrust Commercial Root CA 1 O=IdenTrust -# Label: "IdenTrust Commercial Root CA 1" -# Serial: 13298821034946342390520003877796839426 -# MD5 Fingerprint: b3:3e:77:73:75:ee:a0:d3:e3:7e:49:63:49:59:bb:c7 -# SHA1 Fingerprint: df:71:7e:aa:4a:d9:4e:c9:55:84:99:60:2d:48:de:5f:bc:f0:3a:25 -# SHA256 Fingerprint: 5d:56:49:9b:e4:d2:e0:8b:cf:ca:d0:8a:3e:38:72:3d:50:50:3b:de:70:69:48:e4:2f:55:60:30:19:e5:28:ae ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu -VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw -MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw -JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT -3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU -+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp -S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 -bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi -T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL -vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK -Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK -dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT -c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv -l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N -iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD -ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH -6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt -LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 -nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 -+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK -W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT -AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq -l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG -4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ -mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A -7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H ------END CERTIFICATE----- - -# Issuer: CN=IdenTrust Public Sector Root CA 1 O=IdenTrust -# Subject: CN=IdenTrust Public Sector Root CA 1 O=IdenTrust -# Label: "IdenTrust Public Sector Root CA 1" -# Serial: 13298821034946342390521976156843933698 -# MD5 Fingerprint: 37:06:a5:b0:fc:89:9d:ba:f4:6b:8c:1a:64:cd:d5:ba -# SHA1 Fingerprint: ba:29:41:60:77:98:3f:f4:f3:ef:f2:31:05:3b:2e:ea:6d:4d:45:fd -# SHA256 Fingerprint: 30:d0:89:5a:9a:44:8a:26:20:91:63:55:22:d1:f5:20:10:b5:86:7a:ca:e1:2c:78:ef:95:8f:d4:f4:38:9f:2f ------BEGIN CERTIFICATE----- -MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu -VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN -MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 -MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 -ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy -RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS -bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF -/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R -3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw -EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy -9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V -GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ -2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV -WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD -W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN -AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj -t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV -DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 -TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G -lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW -mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df -WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 -+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ -tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA -GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv -8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c ------END CERTIFICATE----- - -# Issuer: CN=Entrust Root Certification Authority - G2 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2009 Entrust, Inc. - for authorized use only -# Subject: CN=Entrust Root Certification Authority - G2 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2009 Entrust, Inc. - for authorized use only -# Label: "Entrust Root Certification Authority - G2" -# Serial: 1246989352 -# MD5 Fingerprint: 4b:e2:c9:91:96:65:0c:f4:0e:5a:93:92:a0:0a:fe:b2 -# SHA1 Fingerprint: 8c:f4:27:fd:79:0c:3a:d1:66:06:8d:e8:1e:57:ef:bb:93:22:72:d4 -# SHA256 Fingerprint: 43:df:57:74:b0:3e:7f:ef:5f:e4:0d:93:1a:7b:ed:f1:bb:2e:6b:42:73:8c:4e:6d:38:41:10:3d:3a:a7:f3:39 ------BEGIN CERTIFICATE----- -MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC -VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 -cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs -IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz -dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy -NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu -dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt -dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 -aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T -RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN -cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW -wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 -U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 -jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN -BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ -jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ -Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v -1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R -nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH -VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== ------END CERTIFICATE----- - -# Issuer: CN=Entrust Root Certification Authority - EC1 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2012 Entrust, Inc. - for authorized use only -# Subject: CN=Entrust Root Certification Authority - EC1 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2012 Entrust, Inc. - for authorized use only -# Label: "Entrust Root Certification Authority - EC1" -# Serial: 51543124481930649114116133369 -# MD5 Fingerprint: b6:7e:1d:f0:58:c5:49:6c:24:3b:3d:ed:98:18:ed:bc -# SHA1 Fingerprint: 20:d8:06:40:df:9b:25:f5:12:25:3a:11:ea:f7:59:8a:eb:14:b5:47 -# SHA256 Fingerprint: 02:ed:0e:b2:8c:14:da:45:16:5c:56:67:91:70:0d:64:51:d7:fb:56:f0:b2:ab:1d:3b:8e:b0:70:e5:6e:df:f5 ------BEGIN CERTIFICATE----- -MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG -A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 -d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu -dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq -RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy -MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD -VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 -L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g -Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi -A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt -ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH -Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O -BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC -R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX -hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G ------END CERTIFICATE----- - -# Issuer: CN=CFCA EV ROOT O=China Financial Certification Authority -# Subject: CN=CFCA EV ROOT O=China Financial Certification Authority -# Label: "CFCA EV ROOT" -# Serial: 407555286 -# MD5 Fingerprint: 74:e1:b6:ed:26:7a:7a:44:30:33:94:ab:7b:27:81:30 -# SHA1 Fingerprint: e2:b8:29:4b:55:84:ab:6b:58:c2:90:46:6c:ac:3f:b8:39:8f:84:83 -# SHA256 Fingerprint: 5c:c3:d7:8e:4e:1d:5e:45:54:7a:04:e6:87:3e:64:f9:0c:f9:53:6d:1c:cc:2e:f8:00:f3:55:c4:c5:fd:70:fd ------BEGIN CERTIFICATE----- -MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD -TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y -aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx -MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j -aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP -T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 -sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL -TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 -/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp -7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz -EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt -hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP -a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot -aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg -TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV -PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv -cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL -tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd -BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB -ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT -ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL -jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS -ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy -P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 -xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d -Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN -5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe -/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z -AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ -5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su ------END CERTIFICATE----- - -# Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. -# Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. -# Label: "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5" -# Serial: 156233699172481 -# MD5 Fingerprint: da:70:8e:f0:22:df:93:26:f6:5f:9f:d3:15:06:52:4e -# SHA1 Fingerprint: c4:18:f6:4d:46:d1:df:00:3d:27:30:13:72:43:a9:12:11:c6:75:fb -# SHA256 Fingerprint: 49:35:1b:90:34:44:c1:85:cc:dc:5c:69:3d:24:d8:55:5c:b2:08:d6:a8:14:13:07:69:9f:4a:f0:63:19:9d:78 ------BEGIN CERTIFICATE----- -MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UE -BhMCVFIxDzANBgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxn -aSDEsGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkg -QS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1QgRWxla3Ryb25payBTZXJ0aWZpa2Eg -SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAwODA3MDFaFw0yMzA0 -MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0wSwYD -VQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8 -dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBF -bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCUZ4WWe60ghUEoI5RHwWrom -/4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537jVJp45wnEFPzpALFp/kR -Gml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1mep5Fimh3 -4khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z -5UNP9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0 -hO8EuPbJbKoCPrZV4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QID -AQABo0IwQDAdBgNVHQ4EFgQUVpkHHtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/ -BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ5FdnsX -SDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPoBP5yCccLqh0l -VX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq -URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nf -peYVhDfwwvJllpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CF -Yv4HAqGEVka+lgqaE9chTLd8B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW -+qtB4Uu2NQvAmxU= ------END CERTIFICATE----- - -# Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. -# Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. -# Label: "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6" -# Serial: 138134509972618 -# MD5 Fingerprint: f8:c5:ee:2a:6b:be:95:8d:08:f7:25:4a:ea:71:3e:46 -# SHA1 Fingerprint: 8a:5c:8c:ee:a5:03:e6:05:56:ba:d8:1b:d4:f6:c9:b0:ed:e5:2f:e0 -# SHA256 Fingerprint: 8d:e7:86:55:e1:be:7f:78:47:80:0b:93:f6:94:d2:1d:36:8c:c0:6e:03:3e:7f:ab:04:bb:5e:b9:9d:a6:b7:00 ------BEGIN CERTIFICATE----- -MIIEJjCCAw6gAwIBAgIGfaHyZeyKMA0GCSqGSIb3DQEBCwUAMIGxMQswCQYDVQQG -EwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0wSwYDVQQKDERUw5xSS1RSVVNUIEJpbGdp -IMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBB -LsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBI -aXptZXQgU2HEn2xhecSxY8Sxc8SxIEg2MB4XDTEzMTIxODA5MDQxMFoXDTIzMTIx -NjA5MDQxMFowgbExCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExTTBLBgNV -BAoMRFTDnFJLVFJVU1QgQmlsZ2kgxLBsZXRpxZ9pbSB2ZSBCaWxpxZ9pbSBHw7x2 -ZW5sacSfaSBIaXptZXRsZXJpIEEuxZ4uMUIwQAYDVQQDDDlUw5xSS1RSVVNUIEVs -ZWt0cm9uaWsgU2VydGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLEgSDYwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdsGjW6L0UlqMACprx9MfMkU1x -eHe59yEmFXNRFpQJRwXiM/VomjX/3EsvMsew7eKC5W/a2uqsxgbPJQ1BgfbBOCK9 -+bGlprMBvD9QFyv26WZV1DOzXPhDIHiTVRZwGTLmiddk671IUP320EEDwnS3/faA -z1vFq6TWlRKb55cTMgPp1KtDWxbtMyJkKbbSk60vbNg9tvYdDjTu0n2pVQ8g9P0p -u5FbHH3GQjhtQiht1AH7zYiXSX6484P4tZgvsycLSF5W506jM7NE1qXyGJTtHB6p -lVxiSvgNZ1GpryHV+DKdeboaX+UEVU0TRv/yz3THGmNtwx8XEsMeED5gCLMxAgMB -AAGjQjBAMB0GA1UdDgQWBBTdVRcT9qzoSCHK77Wv0QAy7Z6MtTAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAb1gNl0Oq -FlQ+v6nfkkU/hQu7VtMMUszIv3ZnXuaqs6fvuay0EBQNdH49ba3RfdCaqaXKGDsC -QC4qnFAUi/5XfldcEQlLNkVS9z2sFP1E34uXI9TDwe7UU5X+LEr+DXCqu4svLcsy -o4LyVN/Y8t3XSHLuSqMplsNEzm61kod2pLv0kmzOLBQJZo6NrRa1xxsJYTvjIKID -gI6tflEATseWhvtDmHd9KMeP2Cpu54Rvl0EpABZeTeIT6lnAY2c6RPuY/ATTMHKm -9ocJV612ph1jmv3XZch4gyt1O6VbuA1df74jrlZVlFjvH4GMKrLN5ptjnhi85WsG -tAuYSyher4hYyw== ------END CERTIFICATE----- - -# Issuer: CN=Certinomis - Root CA O=Certinomis OU=0002 433998903 -# Subject: CN=Certinomis - Root CA O=Certinomis OU=0002 433998903 -# Label: "Certinomis - Root CA" -# Serial: 1 -# MD5 Fingerprint: 14:0a:fd:8d:a8:28:b5:38:69:db:56:7e:61:22:03:3f -# SHA1 Fingerprint: 9d:70:bb:01:a5:a4:a0:18:11:2e:f7:1c:01:b9:32:c5:34:e7:88:a8 -# SHA256 Fingerprint: 2a:99:f5:bc:11:74:b7:3c:bb:1d:62:08:84:e0:1c:34:e5:1c:cb:39:78:da:12:5f:0e:33:26:88:83:bf:41:58 ------BEGIN CERTIFICATE----- -MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET -MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb -BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz -MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx -FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g -Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2 -fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl -LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV -WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF -TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb -5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc -CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri -wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ -wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG -m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4 -F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng -WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0 -2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF -AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/ -0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw -F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS -g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj -qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN -h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/ -ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V -btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj -Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ -8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW -gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE= ------END CERTIFICATE----- - -# Issuer: CN=OISTE WISeKey Global Root GB CA O=WISeKey OU=OISTE Foundation Endorsed -# Subject: CN=OISTE WISeKey Global Root GB CA O=WISeKey OU=OISTE Foundation Endorsed -# Label: "OISTE WISeKey Global Root GB CA" -# Serial: 157768595616588414422159278966750757568 -# MD5 Fingerprint: a4:eb:b9:61:28:2e:b7:2f:98:b0:35:26:90:99:51:1d -# SHA1 Fingerprint: 0f:f9:40:76:18:d3:d7:6a:4b:98:f0:a8:35:9e:0c:fd:27:ac:cc:ed -# SHA256 Fingerprint: 6b:9c:08:e8:6e:b0:f7:67:cf:ad:65:cd:98:b6:21:49:e5:49:4a:67:f5:84:5e:7b:d1:ed:01:9f:27:b8:6b:d6 ------BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt -MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg -Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i -YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x -CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG -b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh -bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 -HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx -WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX -1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk -u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P -99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r -M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw -AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB -BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh -cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 -gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO -ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf -aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic -Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= ------END CERTIFICATE----- - -# Issuer: CN=Certification Authority of WoSign G2 O=WoSign CA Limited -# Subject: CN=Certification Authority of WoSign G2 O=WoSign CA Limited -# Label: "Certification Authority of WoSign G2" -# Serial: 142423943073812161787490648904721057092 -# MD5 Fingerprint: c8:1c:7d:19:aa:cb:71:93:f2:50:f8:52:a8:1e:ba:60 -# SHA1 Fingerprint: fb:ed:dc:90:65:b7:27:20:37:bc:55:0c:9c:56:de:bb:f2:78:94:e1 -# SHA256 Fingerprint: d4:87:a5:6f:83:b0:74:82:e8:5e:96:33:94:c1:ec:c2:c9:e5:1d:09:03:ee:94:6b:02:c3:01:58:1e:d9:9e:16 ------BEGIN CERTIFICATE----- -MIIDfDCCAmSgAwIBAgIQayXaioidfLwPBbOxemFFRDANBgkqhkiG9w0BAQsFADBY -MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxLTArBgNV -BAMTJENlcnRpZmljYXRpb24gQXV0aG9yaXR5IG9mIFdvU2lnbiBHMjAeFw0xNDEx -MDgwMDU4NThaFw00NDExMDgwMDU4NThaMFgxCzAJBgNVBAYTAkNOMRowGAYDVQQK -ExFXb1NpZ24gQ0EgTGltaXRlZDEtMCsGA1UEAxMkQ2VydGlmaWNhdGlvbiBBdXRo -b3JpdHkgb2YgV29TaWduIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEAvsXEoCKASU+/2YcRxlPhuw+9YH+v9oIOH9ywjj2X4FA8jzrvZjtFB5sg+OPX -JYY1kBaiXW8wGQiHC38Gsp1ij96vkqVg1CuAmlI/9ZqD6TRay9nVYlzmDuDfBpgO -gHzKtB0TiGsOqCR3A9DuW/PKaZE1OVbFbeP3PU9ekzgkyhjpJMuSA93MHD0JcOQg -5PGurLtzaaNjOg9FD6FKmsLRY6zLEPg95k4ot+vElbGs/V6r+kHLXZ1L3PR8du9n -fwB6jdKgGlxNIuG12t12s9R23164i5jIFFTMaxeSt+BKv0mUYQs4kI9dJGwlezt5 -2eJ+na2fmKEG/HgUYFf47oB3sQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD -VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+mCp62XF3RYUCE4MD42b4Pdkr2cwDQYJ -KoZIhvcNAQELBQADggEBAFfDejaCnI2Y4qtAqkePx6db7XznPWZaOzG73/MWM5H8 -fHulwqZm46qwtyeYP0nXYGdnPzZPSsvxFPpahygc7Y9BMsaV+X3avXtbwrAh449G -3CE4Q3RM+zD4F3LBMvzIkRfEzFg3TgvMWvchNSiDbGAtROtSjFA9tWwS1/oJu2yy -SrHFieT801LYYRf+epSEj3m2M1m6D8QL4nCgS3gu+sif/a+RZQp4OBXllxcU3fng -LDT4ONCEIgDAFFEYKwLcMFrw6AF8NTojrwjkr6qOKEJJLvD1mTS+7Q9LGOHSJDy7 -XUe3IfKN0QqZjuNuPq1w4I+5ysxugTH2e5x6eeRncRg= ------END CERTIFICATE----- - -# Issuer: CN=CA WoSign ECC Root O=WoSign CA Limited -# Subject: CN=CA WoSign ECC Root O=WoSign CA Limited -# Label: "CA WoSign ECC Root" -# Serial: 138625735294506723296996289575837012112 -# MD5 Fingerprint: 80:c6:53:ee:61:82:28:72:f0:ff:21:b9:17:ca:b2:20 -# SHA1 Fingerprint: d2:7a:d2:be:ed:94:c0:a1:3c:c7:25:21:ea:5d:71:be:81:19:f3:2b -# SHA256 Fingerprint: 8b:45:da:1c:06:f7:91:eb:0c:ab:f2:6b:e5:88:f5:fb:23:16:5c:2e:61:4b:f8:85:56:2d:0d:ce:50:b2:9b:02 ------BEGIN CERTIFICATE----- -MIICCTCCAY+gAwIBAgIQaEpYcIBr8I8C+vbe6LCQkDAKBggqhkjOPQQDAzBGMQsw -CQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNVBAMT -EkNBIFdvU2lnbiBFQ0MgUm9vdDAeFw0xNDExMDgwMDU4NThaFw00NDExMDgwMDU4 -NThaMEYxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEb -MBkGA1UEAxMSQ0EgV29TaWduIEVDQyBSb290MHYwEAYHKoZIzj0CAQYFK4EEACID -YgAE4f2OuEMkq5Z7hcK6C62N4DrjJLnSsb6IOsq/Srj57ywvr1FQPEd1bPiUt5v8 -KB7FVMxjnRZLU8HnIKvNrCXSf4/CwVqCXjCLelTOA7WRf6qU0NGKSMyCBSah1VES -1ns2o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E -FgQUqv3VWqP2h4syhf3RMluARZPzA7gwCgYIKoZIzj0EAwMDaAAwZQIxAOSkhLCB -1T2wdKyUpOgOPQB0TKGXa/kNUTyh2Tv0Daupn75OcsqF1NnstTJFGG+rrQIwfcf3 -aWMvoeGY7xMQ0Xk/0f7qO3/eVvSQsRUR2LIiFdAvwyYua/GRspBl9JrmkO5K ------END CERTIFICATE----- - -# Issuer: CN=SZAFIR ROOT CA2 O=Krajowa Izba Rozliczeniowa S.A. -# Subject: CN=SZAFIR ROOT CA2 O=Krajowa Izba Rozliczeniowa S.A. -# Label: "SZAFIR ROOT CA2" -# Serial: 357043034767186914217277344587386743377558296292 -# MD5 Fingerprint: 11:64:c1:89:b0:24:b1:8c:b1:07:7e:89:9e:51:9e:99 -# SHA1 Fingerprint: e2:52:fa:95:3f:ed:db:24:60:bd:6e:28:f3:9c:cc:cf:5e:b3:3f:de -# SHA256 Fingerprint: a1:33:9d:33:28:1a:0b:56:e5:57:d3:d3:2b:1c:e7:f9:36:7e:b0:94:bd:5f:a7:2a:7e:50:04:c8:de:d7:ca:fe ------BEGIN CERTIFICATE----- -MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL -BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 -ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw -NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L -cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg -Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN -QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT -3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw -3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6 -3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5 -BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN -XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD -AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF -AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw -8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG -nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP -oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy -d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg -LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== ------END CERTIFICATE----- - -# Issuer: CN=Certum Trusted Network CA 2 O=Unizeto Technologies S.A. OU=Certum Certification Authority -# Subject: CN=Certum Trusted Network CA 2 O=Unizeto Technologies S.A. OU=Certum Certification Authority -# Label: "Certum Trusted Network CA 2" -# Serial: 44979900017204383099463764357512596969 -# MD5 Fingerprint: 6d:46:9e:d9:25:6d:08:23:5b:5e:74:7d:1e:27:db:f2 -# SHA1 Fingerprint: d3:dd:48:3e:2b:bf:4c:05:e8:af:10:f5:fa:76:26:cf:d3:dc:30:92 -# SHA256 Fingerprint: b6:76:f2:ed:da:e8:77:5c:d3:6c:b0:f6:3c:d1:d4:60:39:61:f4:9e:62:65:ba:01:3a:2f:03:07:b6:d0:b8:04 ------BEGIN CERTIFICATE----- -MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB -gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu -QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG -A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz -OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ -VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 -b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA -DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn -0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB -OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE -fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E -Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m -o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i -sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW -OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez -Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS -adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n -3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC -AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ -F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf -CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 -XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm -djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ -WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb -AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq -P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko -b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj -XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P -5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi -DrW5viSP ------END CERTIFICATE----- diff --git a/tools/third_party/hyper/hyper/cli.py b/tools/third_party/hyper/hyper/cli.py deleted file mode 100644 index 1d5384cdd88b46..00000000000000 --- a/tools/third_party/hyper/hyper/cli.py +++ /dev/null @@ -1,264 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/cli -~~~~~~~~~ - -Command line interface for Hyper inspired by Httpie. -""" -import json -import locale -import logging -import sys -from argparse import ArgumentParser, RawTextHelpFormatter -from argparse import OPTIONAL, ZERO_OR_MORE -from pprint import pformat -from textwrap import dedent - -from hyper import HTTPConnection, HTTP20Connection -from hyper import __version__ -from hyper.compat import is_py2, urlencode, urlsplit, write_to_stdout -from hyper.common.util import to_host_port_tuple - - -log = logging.getLogger('hyper') - -PREFERRED_ENCODING = locale.getpreferredencoding() - -# Various separators used in args -SEP_HEADERS = ':' -SEP_QUERY = '==' -SEP_DATA = '=' - -SEP_GROUP_ITEMS = [ - SEP_HEADERS, - SEP_QUERY, - SEP_DATA, -] - - -class KeyValue(object): - """Base key-value pair parsed from CLI.""" - - def __init__(self, key, value, sep, orig): - self.key = key - self.value = value - self.sep = sep - self.orig = orig - - -class KeyValueArgType(object): - """A key-value pair argument type used with `argparse`. - - Parses a key-value arg and constructs a `KeyValue` instance. - Used for headers, form data, and other key-value pair types. - This class is inspired by httpie and implements simple tokenizer only. - """ - def __init__(self, *separators): - self.separators = separators - - def __call__(self, string): - for sep in self.separators: - splitted = string.split(sep, 1) - if len(splitted) == 2: - key, value = splitted - return KeyValue(key, value, sep, string) - - -def make_positional_argument(parser): - parser.add_argument( - 'method', metavar='METHOD', nargs=OPTIONAL, default='GET', - help=dedent(""" - The HTTP method to be used for the request - (GET, POST, PUT, DELETE, ...). - """)) - parser.add_argument( - '_url', metavar='URL', - help=dedent(""" - The scheme defaults to 'https://' if the URL does not include one. - """)) - parser.add_argument( - 'items', - metavar='REQUEST_ITEM', - nargs=ZERO_OR_MORE, - type=KeyValueArgType(*SEP_GROUP_ITEMS), - help=dedent(""" - Optional key-value pairs to be included in the request. - The separator used determines the type: - - ':' HTTP headers: - - Referer:http://httpie.org Cookie:foo=bar User-Agent:bacon/1.0 - - '==' URL parameters to be appended to the request URI: - - search==hyper - - '=' Data fields to be serialized into a JSON object: - - name=Hyper language=Python description='CLI HTTP client' - """)) - - -def make_troubleshooting_argument(parser): - parser.add_argument( - '--version', action='version', version=__version__, - help='Show version and exit.') - parser.add_argument( - '--debug', action='store_true', default=False, - help='Show debugging information (loglevel=DEBUG)') - parser.add_argument( - '--h2', action='store_true', default=False, - help="Do HTTP/2 directly, skipping plaintext upgrade and ignoring " - "NPN/ALPN." - ) - - -def split_host_and_port(hostname): - if ':' in hostname: - return to_host_port_tuple(hostname, default_port=443) - return hostname, None - - -class UrlInfo(object): - def __init__(self): - self.fragment = None - self.host = 'localhost' - self.netloc = None - self.path = '/' - self.port = 443 - self.query = None - self.scheme = 'https' - self.secure = False - - -def set_url_info(args): - info = UrlInfo() - _result = urlsplit(args._url) - for attr in vars(info).keys(): - value = getattr(_result, attr, None) - if value: - setattr(info, attr, value) - - if info.scheme == 'http' and not _result.port: - info.port = 80 - - # Set the secure arg is the scheme is HTTPS, otherwise do unsecured. - info.secure = info.scheme == 'https' - - if info.netloc: - hostname, _ = split_host_and_port(info.netloc) - info.host = hostname # ensure stripping port number - else: - if _result.path: - _path = _result.path.split('/', 1) - hostname, port = split_host_and_port(_path[0]) - info.host = hostname - if info.path == _path[0]: - info.path = '/' - elif len(_path) == 2 and _path[1]: - info.path = '/' + _path[1] - if port is not None: - info.port = port - - log.debug('Url Info: %s', vars(info)) - args.url = info - - -def set_request_data(args): - body, headers, params = {}, {}, {} - for i in args.items: - if i.sep == SEP_HEADERS: - if i.key: - headers[i.key] = i.value - else: - # when overriding a HTTP/2 special header there will be a - # leading colon, which tricks the command line parser into - # thinking the header is empty - k, v = i.value.split(':', 1) - headers[':' + k] = v - elif i.sep == SEP_QUERY: - params[i.key] = i.value - elif i.sep == SEP_DATA: - value = i.value - if is_py2: # pragma: no cover - value = value.decode(PREFERRED_ENCODING) - body[i.key] = value - - if params: - args.url.path += '?' + urlencode(params) - - if body: - content_type = 'application/json' - headers.setdefault('content-type', content_type) - args.body = json.dumps(body) - - if args.method is None: - args.method = 'POST' if args.body else 'GET' - - args.method = args.method.upper() - args.headers = headers - - -def parse_argument(argv=None): - parser = ArgumentParser(formatter_class=RawTextHelpFormatter) - parser.set_defaults(body=None, headers={}) - make_positional_argument(parser) - make_troubleshooting_argument(parser) - args = parser.parse_args(sys.argv[1:] if argv is None else argv) - - if args.debug: - handler = logging.StreamHandler() - handler.setLevel(logging.DEBUG) - log.addHandler(handler) - log.setLevel(logging.DEBUG) - - set_url_info(args) - set_request_data(args) - return args - - -def get_content_type_and_charset(response): - charset = 'utf-8' - content_type = response.headers.get('content-type') - if content_type is None: - return 'unknown', charset - - content_type = content_type[0].decode('utf-8').lower() - type_and_charset = content_type.split(';', 1) - ctype = type_and_charset[0].strip() - if len(type_and_charset) == 2: - charset = type_and_charset[1].strip().split('=')[1] - - return ctype, charset - - -def request(args): - if not args.h2: - conn = HTTPConnection( - args.url.host, args.url.port, secure=args.url.secure - ) - else: # pragma: no cover - conn = HTTP20Connection( - args.url.host, - args.url.port, - secure=args.url.secure, - force_proto='h2' - ) - - conn.request(args.method, args.url.path, args.body, args.headers) - response = conn.get_response() - log.debug('Response Headers:\n%s', pformat(response.headers)) - ctype, charset = get_content_type_and_charset(response) - data = response.read() - return data - - -def main(argv=None): - args = parse_argument(argv) - log.debug('Commandline Argument: %s', args) - data = request(args) - write_to_stdout(data) - - -if __name__ == '__main__': # pragma: no cover - main() diff --git a/tools/third_party/hyper/hyper/common/__init__.py b/tools/third_party/hyper/hyper/common/__init__.py deleted file mode 100644 index cf84291208bb75..00000000000000 --- a/tools/third_party/hyper/hyper/common/__init__.py +++ /dev/null @@ -1,7 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/common -~~~~~~~~~~~~ - -Common code in hyper. -""" diff --git a/tools/third_party/hyper/hyper/common/bufsocket.py b/tools/third_party/hyper/hyper/common/bufsocket.py deleted file mode 100644 index b35393af2a02d0..00000000000000 --- a/tools/third_party/hyper/hyper/common/bufsocket.py +++ /dev/null @@ -1,240 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http20/bufsocket.py -~~~~~~~~~~~~~~~~~~~~~~~~~ - -This file implements a buffered socket wrapper. - -The purpose of this is to avoid the overhead of unnecessary syscalls while -allowing small reads from the network. This represents a potentially massive -performance optimisation at the cost of burning some memory in the userspace -process. -""" -import select -from .exceptions import ConnectionResetError, LineTooLongError - - -class BufferedSocket(object): - """ - A buffered socket wrapper. - - The purpose of this is to avoid the overhead of unnecessary syscalls while - allowing small reads from the network. This represents a potentially - massive performance optimisation at the cost of burning some memory in the - userspace process. - """ - def __init__(self, sck, buffer_size=1000): - """ - Create the buffered socket. - - :param sck: The socket to wrap. - :param buffer_size: The size of the backing buffer in bytes. This - parameter should be set to an appropriate value for your use case. - Small values of ``buffer_size`` increase the overhead of buffer - management: large values cause more memory to be used. - """ - # The wrapped socket. - self._sck = sck - - # The buffer we're using. - self._backing_buffer = bytearray(buffer_size) - self._buffer_view = memoryview(self._backing_buffer) - - # The size of the buffer. - self._buffer_size = buffer_size - - # The start index in the memory view. - self._index = 0 - - # The number of bytes in the buffer. - self._bytes_in_buffer = 0 - - @property - def _remaining_capacity(self): - """ - The maximum number of bytes the buffer could still contain. - """ - return self._buffer_size - self._index - - @property - def _buffer_end(self): - """ - The index of the first free byte in the buffer. - """ - return self._index + self._bytes_in_buffer - - @property - def can_read(self): - """ - Whether or not there is more data to read from the socket. - """ - read = select.select([self._sck], [], [], 0)[0] - if read: - return True - - return False - - @property - def buffer(self): - """ - Get access to the buffer itself. - """ - return self._buffer_view[self._index:self._buffer_end] - - def advance_buffer(self, count): - """ - Advances the buffer by the amount of data consumed outside the socket. - """ - self._index += count - self._bytes_in_buffer -= count - - def new_buffer(self): - """ - This method moves all the data in the backing buffer to the start of - a new, fresh buffer. This gives the ability to read much more data. - """ - def read_all_from_buffer(): - end = self._index + self._bytes_in_buffer - return self._buffer_view[self._index:end] - - new_buffer = bytearray(self._buffer_size) - new_buffer_view = memoryview(new_buffer) - new_buffer_view[0:self._bytes_in_buffer] = read_all_from_buffer() - - self._index = 0 - self._backing_buffer = new_buffer - self._buffer_view = new_buffer_view - - return - - def recv(self, amt): - """ - Read some data from the socket. - - :param amt: The amount of data to read. - :returns: A ``memoryview`` object containing the appropriate number of - bytes. The data *must* be copied out by the caller before the next - call to this function. - """ - # In this implementation you can never read more than the number of - # bytes in the buffer. - if amt > self._buffer_size: - amt = self._buffer_size - - # If the amount of data we've been asked to read is less than the - # remaining space in the buffer, we need to clear out the buffer and - # start over. - if amt > self._remaining_capacity: - self.new_buffer() - - # If there's still some room in the buffer, opportunistically attempt - # to read into it. - # If we don't actually _need_ the data (i.e. there's enough in the - # buffer to satisfy the request), use select to work out if the read - # attempt will block. If it will, don't bother reading. If we need the - # data, always do the read. - if self._bytes_in_buffer >= amt: - should_read = select.select([self._sck], [], [], 0)[0] - else: - should_read = True - - if (self._remaining_capacity > self._bytes_in_buffer and should_read): - count = self._sck.recv_into(self._buffer_view[self._buffer_end:]) - - # The socket just got closed. We should throw an exception if we - # were asked for more data than we can return. - if not count and amt > self._bytes_in_buffer: - raise ConnectionResetError() - self._bytes_in_buffer += count - - # Read out the bytes and update the index. - amt = min(amt, self._bytes_in_buffer) - data = self._buffer_view[self._index:self._index+amt] - - self._index += amt - self._bytes_in_buffer -= amt - - return data - - def fill(self): - """ - Attempts to fill the buffer as much as possible. It will block for at - most the time required to have *one* ``recv_into`` call return. - """ - if not self._remaining_capacity: - self.new_buffer() - - count = self._sck.recv_into(self._buffer_view[self._buffer_end:]) - if not count: - raise ConnectionResetError() - - self._bytes_in_buffer += count - - return - - def readline(self): - """ - Read up to a newline from the network and returns it. The implicit - maximum line length is the buffer size of the buffered socket. - - Note that, unlike recv, this method absolutely *does* block until it - can read the line. - - :returns: A ``memoryview`` object containing the appropriate number of - bytes. The data *must* be copied out by the caller before the next - call to this function. - """ - # First, check if there's anything in the buffer. This is one of those - # rare circumstances where this will work correctly on all platforms. - index = self._backing_buffer.find( - b'\n', - self._index, - self._index + self._bytes_in_buffer - ) - - if index != -1: - length = index + 1 - self._index - data = self._buffer_view[self._index:self._index+length] - self._index += length - self._bytes_in_buffer -= length - return data - - # In this case, we didn't find a newline in the buffer. To fix that, - # read some data into the buffer. To do our best to satisfy the read, - # we should shunt the data down in the buffer so that it's right at - # the start. We don't bother if we're already at the start of the - # buffer. - if self._index != 0: - self.new_buffer() - - while self._bytes_in_buffer < self._buffer_size: - count = self._sck.recv_into(self._buffer_view[self._buffer_end:]) - if not count: - raise ConnectionResetError() - - # We have some more data. Again, look for a newline in that gap. - first_new_byte = self._buffer_end - self._bytes_in_buffer += count - index = self._backing_buffer.find( - b'\n', - first_new_byte, - first_new_byte + count, - ) - - if index != -1: - # The length of the buffer is the index into the - # buffer at which we found the newline plus 1, minus the start - # index of the buffer, which really should be zero. - assert not self._index - length = index + 1 - data = self._buffer_view[:length] - self._index += length - self._bytes_in_buffer -= length - return data - - # If we got here, it means we filled the buffer without ever getting - # a newline. Time to throw an exception. - raise LineTooLongError() - - def __getattr__(self, name): - return getattr(self._sck, name) diff --git a/tools/third_party/hyper/hyper/common/connection.py b/tools/third_party/hyper/hyper/common/connection.py deleted file mode 100644 index dee18d680e49dc..00000000000000 --- a/tools/third_party/hyper/hyper/common/connection.py +++ /dev/null @@ -1,157 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/common/connection -~~~~~~~~~~~~~~~~~~~~~~~ - -Hyper's HTTP/1.1 and HTTP/2 abstraction layer. -""" -from .exceptions import TLSUpgrade, HTTPUpgrade -from ..http11.connection import HTTP11Connection -from ..http20.connection import HTTP20Connection -from ..tls import H2_NPN_PROTOCOLS, H2C_PROTOCOL - - -class HTTPConnection(object): - """ - An object representing a single HTTP connection to a server. - - This object behaves similarly to the Python standard library's - ``HTTPConnection`` object, with a few critical differences. - - Most of the standard library's arguments to the constructor are not - supported by hyper. Most optional parameters apply to *either* HTTP/1.1 or - HTTP/2. - - :param host: The host to connect to. This may be an IP address or a - hostname, and optionally may include a port: for example, - ``'http2bin.org'``, ``'http2bin.org:443'`` or ``'127.0.0.1'``. - :param port: (optional) The port to connect to. If not provided and one - also isn't provided in the ``host`` parameter, defaults to 80. - :param secure: (optional) Whether the request should use TLS. - Defaults to ``False`` for most requests, but to ``True`` for any - request issued to port 443. - :param window_manager: (optional) The class to use to manage flow control - windows. This needs to be a subclass of the - :class:`BaseFlowControlManager - `. If not provided, - :class:`FlowControlManager ` - will be used. - :param enable_push: (optional) Whether the server is allowed to push - resources to the client (see - :meth:`get_pushes() `). - :param ssl_context: (optional) A class with custom certificate settings. - If not provided then hyper's default ``SSLContext`` is used instead. - :param proxy_host: (optional) The proxy to connect to. This can be an IP - address or a host name and may include a port. - :param proxy_port: (optional) The proxy port to connect to. If not provided - and one also isn't provided in the ``proxy`` parameter, defaults to - 8080. - """ - def __init__(self, - host, - port=None, - secure=None, - window_manager=None, - enable_push=False, - ssl_context=None, - proxy_host=None, - proxy_port=None, - **kwargs): - - self._host = host - self._port = port - self._h1_kwargs = { - 'secure': secure, 'ssl_context': ssl_context, - 'proxy_host': proxy_host, 'proxy_port': proxy_port - } - self._h2_kwargs = { - 'window_manager': window_manager, 'enable_push': enable_push, - 'secure': secure, 'ssl_context': ssl_context, - 'proxy_host': proxy_host, 'proxy_port': proxy_port - } - - # Add any unexpected kwargs to both dictionaries. - self._h1_kwargs.update(kwargs) - self._h2_kwargs.update(kwargs) - - self._conn = HTTP11Connection( - self._host, self._port, **self._h1_kwargs - ) - - def request(self, method, url, body=None, headers=None): - """ - This will send a request to the server using the HTTP request method - ``method`` and the selector ``url``. If the ``body`` argument is - present, it should be string or bytes object of data to send after the - headers are finished. Strings are encoded as UTF-8. To use other - encodings, pass a bytes object. The Content-Length header is set to the - length of the body field. - - :param method: The request method, e.g. ``'GET'``. - :param url: The URL to contact, e.g. ``'/path/segment'``. - :param body: (optional) The request body to send. Must be a bytestring - or a file-like object. - :param headers: (optional) The headers to send on the request. - :returns: A stream ID for the request, or ``None`` if the request is - made over HTTP/1.1. - """ - - headers = headers or {} - - try: - return self._conn.request( - method=method, url=url, body=body, headers=headers - ) - except TLSUpgrade as e: - # We upgraded in the NPN/ALPN handshake. We can just go straight to - # the world of HTTP/2. Replace the backing object and insert the - # socket into it. - assert e.negotiated in H2_NPN_PROTOCOLS - - self._conn = HTTP20Connection( - self._host, self._port, **self._h2_kwargs - ) - self._conn._sock = e.sock - - # Because we skipped the connecting logic, we need to send the - # HTTP/2 preamble. - self._conn._send_preamble() - - return self._conn.request( - method=method, url=url, body=body, headers=headers - ) - - def get_response(self, *args, **kwargs): - """ - Returns a response object. - """ - try: - return self._conn.get_response(*args, **kwargs) - except HTTPUpgrade as e: - # We upgraded via the HTTP Upgrade mechanism. We can just - # go straight to the world of HTTP/2. Replace the backing object - # and insert the socket into it. - assert e.negotiated == H2C_PROTOCOL - - self._conn = HTTP20Connection( - self._host, self._port, **self._h2_kwargs - ) - - self._conn._connect_upgrade(e.sock) - # stream id 1 is used by the upgrade request and response - # and is half-closed by the client - - return self._conn.get_response(1) - - # The following two methods are the implementation of the context manager - # protocol. - def __enter__(self): # pragma: no cover - return self - - def __exit__(self, type, value, tb): # pragma: no cover - self._conn.close() - return False # Never swallow exceptions. - - # Can anyone say 'proxy object pattern'? - def __getattr__(self, name): - return getattr(self._conn, name) diff --git a/tools/third_party/hyper/hyper/common/decoder.py b/tools/third_party/hyper/hyper/common/decoder.py deleted file mode 100644 index e86f1f4e09a4fa..00000000000000 --- a/tools/third_party/hyper/hyper/common/decoder.py +++ /dev/null @@ -1,48 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/common/decoder -~~~~~~~~~~~~~~~~~~~~ - -Contains hyper's code for handling compressed bodies. -""" -import zlib - - -class DeflateDecoder(object): - """ - This is a decoding object that wraps ``zlib`` and is used for decoding - deflated content. - - This rationale for the existence of this object is pretty unpleasant. - The HTTP RFC specifies that 'deflate' is a valid content encoding. However, - the spec _meant_ the zlib encoding form. Unfortunately, people who didn't - read the RFC very carefully actually implemented a different form of - 'deflate'. Insanely, ``zlib`` handles them using two wbits values. This is - such a mess it's hard to adequately articulate. - - This class was lovingly borrowed from the excellent urllib3 library under - license: see NOTICES. If you ever see @shazow, you should probably buy him - a drink or something. - """ - def __init__(self): - self._first_try = True - self._data = b'' - self._obj = zlib.decompressobj(zlib.MAX_WBITS) - - def __getattr__(self, name): - return getattr(self._obj, name) - - def decompress(self, data): - if not self._first_try: - return self._obj.decompress(data) - - self._data += data - try: - return self._obj.decompress(data) - except zlib.error: - self._first_try = False - self._obj = zlib.decompressobj(-zlib.MAX_WBITS) - try: - return self.decompress(self._data) - finally: - self._data = None diff --git a/tools/third_party/hyper/hyper/common/exceptions.py b/tools/third_party/hyper/hyper/common/exceptions.py deleted file mode 100644 index 268431abcb5c26..00000000000000 --- a/tools/third_party/hyper/hyper/common/exceptions.py +++ /dev/null @@ -1,73 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/common/exceptions -~~~~~~~~~~~~~~~~~~~~~~~ - -Contains hyper's exceptions. -""" - - -class ChunkedDecodeError(Exception): - """ - An error was encountered while decoding a chunked response. - """ - pass - - -class InvalidResponseError(Exception): - """ - A problem was found with the response that makes it invalid. - """ - pass - - -class SocketError(Exception): - """ - An error occurred during socket operation. - """ - pass - - -class LineTooLongError(Exception): - """ - An attempt to read a line from a socket failed because no newline was - found. - """ - pass - - -# Create our own ConnectionResetError. -try: # pragma: no cover - ConnectionResetError = ConnectionResetError -except NameError: # pragma: no cover - class ConnectionResetError(Exception): - """ - A HTTP connection was unexpectedly reset. - """ - - -class TLSUpgrade(Exception): - """ - We upgraded to a new protocol in the NPN/ALPN handshake. - """ - def __init__(self, negotiated, sock): - super(TLSUpgrade, self).__init__() - self.negotiated = negotiated - self.sock = sock - - -class HTTPUpgrade(Exception): - """ - We upgraded to a new protocol via the HTTP Upgrade response. - """ - def __init__(self, negotiated, sock): - super(HTTPUpgrade, self).__init__() - self.negotiated = negotiated - self.sock = sock - - -class MissingCertFile(Exception): - """ - The certificate file could not be found. - """ - pass diff --git a/tools/third_party/hyper/hyper/common/headers.py b/tools/third_party/hyper/hyper/common/headers.py deleted file mode 100644 index 655a591ac23908..00000000000000 --- a/tools/third_party/hyper/hyper/common/headers.py +++ /dev/null @@ -1,260 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/common/headers -~~~~~~~~~~~~~~~~~~~~~ - -Contains hyper's structures for storing and working with HTTP headers. -""" -import collections - -from hyper.common.util import to_bytestring, to_bytestring_tuple - - -class HTTPHeaderMap(collections.MutableMapping): - """ - A structure that contains HTTP headers. - - HTTP headers are a curious beast. At the surface level they look roughly - like a name-value set, but in practice they have many variations that - make them tricky: - - - duplicate keys are allowed - - keys are compared case-insensitively - - duplicate keys are isomorphic to comma-separated values, *except when - they aren't*! - - they logically contain a form of ordering - - This data structure is an attempt to preserve all of that information - while being as user-friendly as possible. It retains all of the mapping - convenience methods (allowing by-name indexing), while avoiding using a - dictionary for storage. - - When iterated over, this structure returns headers in 'canonical form'. - This form is a tuple, where the first entry is the header name (in - lower-case), and the second entry is a list of header values (in original - case). - - The mapping always emits both names and values in the form of bytestrings: - never unicode strings. It can accept names and values in unicode form, and - will automatically be encoded to bytestrings using UTF-8. The reason for - what appears to be a user-unfriendly decision here is primarily to allow - the broadest-possible compatibility (to make it possible to send headers in - unusual encodings) while ensuring that users are never confused about what - type of data they will receive. - - .. warning:: Note that this data structure makes none of the performance - guarantees of a dictionary. Lookup and deletion is not an O(1) - operation. Inserting a new value *is* O(1), all other - operations are O(n), including *replacing* a header entirely. - """ - def __init__(self, *args, **kwargs): - # The meat of the structure. In practice, headers are an ordered list - # of tuples. This early version of the data structure simply uses this - # directly under the covers. - # - # An important curiosity here is that the headers are not stored in - # 'canonical form', but are instead stored in the form they were - # provided in. This is to ensure that it is always possible to - # reproduce the original header structure if necessary. This leads to - # some unfortunate performance costs on structure access where it is - # often necessary to transform the data into canonical form on access. - # This cost is judged acceptable in low-level code like `hyper`, but - # higher-level abstractions should consider if they really require this - # logic. - self._items = [] - - for arg in args: - self._items.extend(map(lambda x: to_bytestring_tuple(*x), arg)) - - for k, v in kwargs.items(): - self._items.append(to_bytestring_tuple(k, v)) - - def __getitem__(self, key): - """ - Unlike the dict __getitem__, this returns a list of items in the order - they were added. These items are returned in 'canonical form', meaning - that comma-separated values are split into multiple values. - """ - key = to_bytestring(key) - values = [] - - for k, v in self._items: - if _keys_equal(k, key): - values.extend(x[1] for x in canonical_form(k, v)) - - if not values: - raise KeyError("Nonexistent header key: {}".format(key)) - - return values - - def __setitem__(self, key, value): - """ - Unlike the dict __setitem__, this appends to the list of items. - """ - self._items.append(to_bytestring_tuple(key, value)) - - def __delitem__(self, key): - """ - Sadly, __delitem__ is kind of stupid here, but the best we can do is - delete all headers with a given key. To correctly achieve the 'KeyError - on missing key' logic from dictionaries, we need to do this slowly. - """ - key = to_bytestring(key) - indices = [] - for (i, (k, v)) in enumerate(self._items): - if _keys_equal(k, key): - indices.append(i) - - if not indices: - raise KeyError("Nonexistent header key: {}".format(key)) - - for i in indices[::-1]: - self._items.pop(i) - - def __iter__(self): - """ - This mapping iterates like the list of tuples it is. The headers are - returned in canonical form. - """ - for pair in self._items: - for value in canonical_form(*pair): - yield value - - def __len__(self): - """ - The length of this mapping is the number of individual headers in - canonical form. Sadly, this is a somewhat expensive operation. - """ - size = 0 - for _ in self: - size += 1 - - return size - - def __contains__(self, key): - """ - If any header is present with this key, returns True. - """ - key = to_bytestring(key) - return any(_keys_equal(key, k) for k, _ in self._items) - - def keys(self): - """ - Returns an iterable of the header keys in the mapping. This explicitly - does not filter duplicates, ensuring that it's the same length as - len(). - """ - for n, _ in self: - yield n - - def items(self): - """ - This mapping iterates like the list of tuples it is. - """ - return self.__iter__() - - def values(self): - """ - This is an almost nonsensical query on a header dictionary, but we - satisfy it in the exact same way we satisfy 'keys'. - """ - for _, v in self: - yield v - - def get(self, name, default=None): - """ - Unlike the dict get, this returns a list of items in the order - they were added. - """ - try: - return self[name] - except KeyError: - return default - - def iter_raw(self): - """ - Allows iterating over the headers in 'raw' form: that is, the form in - which they were added to the structure. This iteration is in order, - and can be used to rebuild the original headers (e.g. to determine - exactly what a server sent). - """ - for item in self._items: - yield item - - def replace(self, key, value): - """ - Replace existing header with new value. If header doesn't exist this - method work like ``__setitem__``. Replacing leads to deletion of all - existing headers with the same name. - """ - key, value = to_bytestring_tuple(key, value) - indices = [] - for (i, (k, v)) in enumerate(self._items): - if _keys_equal(k, key): - indices.append(i) - - # If the key isn't present, this is easy: just append and abort early. - if not indices: - self._items.append((key, value)) - return - - # Delete all but the first. I swear, this is the correct slicing - # syntax! - base_index = indices[0] - for i in indices[:0:-1]: - self._items.pop(i) - - del self._items[base_index] - self._items.insert(base_index, (key, value)) - - def merge(self, other): - """ - Merge another header set or any other dict-like into this one. - """ - # Short circuit to avoid infinite loops in case we try to merge into - # ourselves. - if other is self: - return - - if isinstance(other, HTTPHeaderMap): - self._items.extend(other.iter_raw()) - return - - for k, v in other.items(): - self._items.append(to_bytestring_tuple(k, v)) - - def __eq__(self, other): - return self._items == other._items - - def __ne__(self, other): - return self._items != other._items - - def __str__(self): # pragma: no cover - return 'HTTPHeaderMap(%s)' % self._items - - def __repr__(self): # pragma: no cover - return str(self) - - -def canonical_form(k, v): - """ - Returns an iterable of key-value-pairs corresponding to the header in - canonical form. This means that the header is split on commas unless for - any reason it's a super-special snowflake (I'm looking at you Set-Cookie). - """ - SPECIAL_SNOWFLAKES = set([b'set-cookie', b'set-cookie2']) - - k = k.lower() - - if k in SPECIAL_SNOWFLAKES: - yield k, v - else: - for sub_val in v.split(b','): - yield k, sub_val.strip() - - -def _keys_equal(x, y): - """ - Returns 'True' if the two keys are equal by the laws of HTTP headers. - """ - return x.lower() == y.lower() diff --git a/tools/third_party/hyper/hyper/common/util.py b/tools/third_party/hyper/hyper/common/util.py deleted file mode 100644 index 6d199a0cdebb41..00000000000000 --- a/tools/third_party/hyper/hyper/common/util.py +++ /dev/null @@ -1,59 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/common/util -~~~~~~~~~~~~~~~~~ - -General utility functions for use with hyper. -""" -from hyper.compat import unicode, bytes, imap -from ..packages.rfc3986.uri import URIReference -from ..compat import is_py3 - - -def to_bytestring(element): - """ - Converts a single string to a bytestring, encoding via UTF-8 if needed. - """ - if isinstance(element, unicode): - return element.encode('utf-8') - elif isinstance(element, bytes): - return element - else: - raise ValueError("Non string type.") - - -def to_bytestring_tuple(*x): - """ - Converts the given strings to a bytestring if necessary, returning a - tuple. Uses ``to_bytestring``. - """ - return tuple(imap(to_bytestring, x)) - - -def to_host_port_tuple(host_port_str, default_port=80): - """ - Converts the given string containing a host and possibly a port - to a tuple. - """ - uri = URIReference( - scheme=None, - authority=host_port_str, - path=None, - query=None, - fragment=None - ) - - host = uri.host.strip('[]') - if not uri.port: - port = default_port - else: - port = int(uri.port) - - return (host, port) - - -def to_native_string(string, encoding='utf-8'): - if isinstance(string, str): - return string - - return string.decode(encoding) if is_py3 else string.encode(encoding) diff --git a/tools/third_party/hyper/hyper/compat.py b/tools/third_party/hyper/hyper/compat.py deleted file mode 100644 index 368b5fedfd9b09..00000000000000 --- a/tools/third_party/hyper/hyper/compat.py +++ /dev/null @@ -1,84 +0,0 @@ -# -*- coding: utf-8 -*- -# flake8: noqa -""" -hyper/compat -~~~~~~~~~~~~ - -Normalizes the Python 2/3 API for internal use. -""" -from contextlib import contextmanager -import sys -import zlib - -try: - from . import ssl_compat -except ImportError: - # TODO log? - ssl_compat = None - -_ver = sys.version_info -is_py2 = _ver[0] == 2 -is_py2_7_9_or_later = _ver[0] >= 2 and _ver[1] >= 7 and _ver[2] >= 9 -is_py3 = _ver[0] == 3 -is_py3_3 = is_py3 and _ver[1] == 3 - - -@contextmanager -def ignore_missing(): - try: - yield - except (AttributeError, NotImplementedError): # pragma: no cover - pass - -if is_py2: - if is_py2_7_9_or_later: - import ssl - else: - ssl = ssl_compat - - from urllib import urlencode - from urlparse import urlparse, urlsplit - from itertools import imap - - def to_byte(char): - return ord(char) - - def decode_hex(b): - return b.decode('hex') - - def write_to_stdout(data): - sys.stdout.write(data + '\n') - sys.stdout.flush() - - # The standard zlib.compressobj() accepts only positional arguments. - def zlib_compressobj(level=6, method=zlib.DEFLATED, wbits=15, memlevel=8, - strategy=zlib.Z_DEFAULT_STRATEGY): - return zlib.compressobj(level, method, wbits, memlevel, strategy) - - unicode = unicode - bytes = str - -elif is_py3: - from urllib.parse import urlencode, urlparse, urlsplit - - imap = map - - def to_byte(char): - return char - - def decode_hex(b): - return bytes.fromhex(b) - - def write_to_stdout(data): - sys.stdout.buffer.write(data + b'\n') - sys.stdout.buffer.flush() - - zlib_compressobj = zlib.compressobj - - if is_py3_3: - ssl = ssl_compat - else: - import ssl - - unicode = str - bytes = bytes diff --git a/tools/third_party/hyper/hyper/contrib.py b/tools/third_party/hyper/hyper/contrib.py deleted file mode 100644 index dccec5185502c0..00000000000000 --- a/tools/third_party/hyper/hyper/contrib.py +++ /dev/null @@ -1,159 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/contrib -~~~~~~~~~~~~~ - -Contains a few utilities for use with other HTTP libraries. -""" -try: - from requests.adapters import HTTPAdapter - from requests.models import Response - from requests.structures import CaseInsensitiveDict - from requests.utils import get_encoding_from_headers - from requests.cookies import extract_cookies_to_jar -except ImportError: # pragma: no cover - HTTPAdapter = object - -from hyper.common.connection import HTTPConnection -from hyper.compat import urlparse -from hyper.tls import init_context - - -class HTTP20Adapter(HTTPAdapter): - """ - A Requests Transport Adapter that uses hyper to send requests over - HTTP/2. This implements some degree of connection pooling to maximise the - HTTP/2 gain. - """ - def __init__(self, *args, **kwargs): - #: A mapping between HTTP netlocs and ``HTTP20Connection`` objects. - self.connections = {} - - def get_connection(self, host, port, scheme, cert=None): - """ - Gets an appropriate HTTP/2 connection object based on - host/port/scheme/cert tuples. - """ - secure = (scheme == 'https') - - if port is None: # pragma: no cover - port = 80 if not secure else 443 - - ssl_context = None - if cert is not None: - ssl_context = init_context(cert=cert) - - try: - conn = self.connections[(host, port, scheme, cert)] - except KeyError: - conn = HTTPConnection( - host, - port, - secure=secure, - ssl_context=ssl_context) - self.connections[(host, port, scheme, cert)] = conn - - return conn - - def send(self, request, stream=False, cert=None, **kwargs): - """ - Sends a HTTP message to the server. - """ - parsed = urlparse(request.url) - conn = self.get_connection( - parsed.hostname, - parsed.port, - parsed.scheme, - cert=cert) - - # Build the selector. - selector = parsed.path - selector += '?' + parsed.query if parsed.query else '' - selector += '#' + parsed.fragment if parsed.fragment else '' - - conn.request( - request.method, - selector, - request.body, - request.headers - ) - resp = conn.get_response() - - r = self.build_response(request, resp) - - if not stream: - r.content - - return r - - def build_response(self, request, resp): - """ - Builds a Requests' response object. This emulates most of the logic of - the standard fuction but deals with the lack of the ``.headers`` - property on the HTTP20Response object. - - Additionally, this function builds in a number of features that are - purely for HTTPie. This is to allow maximum compatibility with what - urllib3 does, so that HTTPie doesn't fall over when it uses us. - """ - response = Response() - - response.status_code = resp.status - response.headers = CaseInsensitiveDict(resp.headers.iter_raw()) - response.raw = resp - response.reason = resp.reason - response.encoding = get_encoding_from_headers(response.headers) - - extract_cookies_to_jar(response.cookies, request, response) - response.url = request.url - - response.request = request - response.connection = self - - # First horrible patch: Requests expects its raw responses to have a - # release_conn method, which I don't. We should monkeypatch a no-op on. - resp.release_conn = lambda: None - - # Next, add the things HTTPie needs. It needs the following things: - # - # - The `raw` object has a property called `_original_response` that is - # a `httplib` response object. - # - `raw._original_response` has three simple properties: `version`, - # `status`, `reason`. - # - `raw._original_response.version` has one of three values: `9`, - # `10`, `11`. - # - `raw._original_response.msg` exists. - # - `raw._original_response.msg._headers` exists and is an iterable of - # two-tuples. - # - # We fake this out. Most of this exists on our response object already, - # and the rest can be faked. - # - # All of this exists for httpie, which I don't have any tests for, - # so I'm not going to bother adding test coverage for it. - class FakeOriginalResponse(object): # pragma: no cover - def __init__(self, headers): - self._headers = headers - - def get_all(self, name, default=None): - values = [] - - for n, v in self._headers: - if n == name.lower(): - values.append(v) - - if not values: - return default - - return values - - def getheaders(self, name): - return self.get_all(name, []) - - response.raw._original_response = orig = FakeOriginalResponse(None) - orig.version = 20 - orig.status = resp.status - orig.reason = resp.reason - orig.msg = FakeOriginalResponse(resp.headers.iter_raw()) - - return response diff --git a/tools/third_party/hyper/hyper/h2/__init__.py b/tools/third_party/hyper/hyper/h2/__init__.py deleted file mode 100755 index 00f22d9623b57b..00000000000000 --- a/tools/third_party/hyper/hyper/h2/__init__.py +++ /dev/null @@ -1,8 +0,0 @@ -# -*- coding: utf-8 -*- -""" -h2 -~~ - -A HTTP/2 implementation. -""" -__version__ = '2.6.2' diff --git a/tools/third_party/hyper/hyper/h2/config.py b/tools/third_party/hyper/hyper/h2/config.py deleted file mode 100755 index f3c6df744faa9d..00000000000000 --- a/tools/third_party/hyper/hyper/h2/config.py +++ /dev/null @@ -1,146 +0,0 @@ -# -*- coding: utf-8 -*- -""" -h2/config -~~~~~~~~~ - -Objects for controlling the configuration of the HTTP/2 stack. -""" - - -class _BooleanConfigOption(object): - """ - Descriptor for handling a boolean config option. This will block - attempts to set boolean config options to non-bools. - """ - def __init__(self, name): - self.name = name - self.attr_name = '_%s' % self.name - - def __get__(self, instance, owner): - return getattr(instance, self.attr_name) - - def __set__(self, instance, value): - if not isinstance(value, bool): - raise ValueError("%s must be a bool" % self.name) - setattr(instance, self.attr_name, value) - - -class DummyLogger(object): - """ - An Logger object that does not actual logging, hence a DummyLogger. - - For the class the log operation is merely a no-op. The intent is to avoid - conditionals being sprinkled throughout the hyper-h2 code for calls to - logging functions when no logger is passed into the corresponding object. - """ - def __init__(self, *vargs): - pass - - def debug(self, *vargs, **kwargs): - """ - No-op logging. Only level needed for now. - """ - pass - - -class H2Configuration(object): - """ - An object that controls the way a single HTTP/2 connection behaves. - - This object allows the users to customize behaviour. In particular, it - allows users to enable or disable optional features, or to otherwise handle - various unusual behaviours. - - This object has very little behaviour of its own: it mostly just ensures - that configuration is self-consistent. - - :param client_side: Whether this object is to be used on the client side of - a connection, or on the server side. Affects the logic used by the - state machine, the default settings values, the allowable stream IDs, - and several other properties. Defaults to ``True``. - :type client_side: ``bool`` - - :param header_encoding: Controls whether the headers emitted by this object - in events are transparently decoded to ``unicode`` strings, and what - encoding is used to do that decoding. For historical reasons, this - defaults to ``'utf-8'``. To prevent the decoding of headers (that is, - to force them to be returned as bytestrings), this can be set to - ``False`` or the empty string. - :type header_encoding: ``str``, ``False``, or ``None`` - - :param validate_outbound_headers: Controls whether the headers emitted - by this object are validated against the rules in RFC 7540. - Disabling this setting will cause outbound header validation to - be skipped, and allow the object to emit headers that may be illegal - according to RFC 7540. Defaults to ``True``. - :type validate_outbound_headers: ``bool`` - - :param normalize_outbound_headers: Controls whether the headers emitted - by this object are normalized before sending. Disabling this setting - will cause outbound header normalization to be skipped, and allow - the object to emit headers that may be illegal according to - RFC 7540. Defaults to ``True``. - :type normalize_outbound_headers: ``bool`` - - :param validate_inbound_headers: Controls whether the headers received - by this object are validated against the rules in RFC 7540. - Disabling this setting will cause inbound header validation to - be skipped, and allow the object to receive headers that may be illegal - according to RFC 7540. Defaults to ``True``. - :type validate_inbound_headers: ``bool`` - - :param logger: A logger that conforms to the requirements for this module, - those being no I/O and no context switches, which is needed in order - to run in asynchronous operation. - - .. versionadded:: 2.6.0 - - :type logger: ``logging.Logger`` - """ - client_side = _BooleanConfigOption('client_side') - validate_outbound_headers = _BooleanConfigOption( - 'validate_outbound_headers' - ) - normalize_outbound_headers = _BooleanConfigOption( - 'normalize_outbound_headers' - ) - validate_inbound_headers = _BooleanConfigOption( - 'validate_inbound_headers' - ) - - def __init__(self, - client_side=True, - header_encoding='utf-8', - validate_outbound_headers=True, - normalize_outbound_headers=True, - validate_inbound_headers=True, - logger=None): - self.client_side = client_side - self.header_encoding = header_encoding - self.validate_outbound_headers = validate_outbound_headers - self.normalize_outbound_headers = normalize_outbound_headers - self.validate_inbound_headers = validate_inbound_headers - self.logger = logger or DummyLogger(__name__) - - @property - def header_encoding(self): - """ - Controls whether the headers emitted by this object in events are - transparently decoded to ``unicode`` strings, and what encoding is used - to do that decoding. For historical reasons, this defaults to - ``'utf-8'``. To prevent the decoding of headers (that is, to force them - to be returned as bytestrings), this can be set to ``False`` or the - empty string. - """ - return self._header_encoding - - @header_encoding.setter - def header_encoding(self, value): - """ - Enforces constraints on the value of header encoding. - """ - if not isinstance(value, (bool, str, type(None))): - raise ValueError("header_encoding must be bool, string, or None") - if value is True: - raise ValueError("header_encoding cannot be True") - self._header_encoding = value diff --git a/tools/third_party/hyper/hyper/h2/connection.py b/tools/third_party/hyper/hyper/h2/connection.py deleted file mode 100755 index 37dc6365470845..00000000000000 --- a/tools/third_party/hyper/hyper/h2/connection.py +++ /dev/null @@ -1,2074 +0,0 @@ -# -*- coding: utf-8 -*- -""" -h2/connection -~~~~~~~~~~~~~ - -An implementation of a HTTP/2 connection. -""" -import base64 - -from enum import Enum, IntEnum - -from hyperframe.exceptions import InvalidPaddingError -from hyperframe.frame import ( - GoAwayFrame, WindowUpdateFrame, HeadersFrame, DataFrame, PingFrame, - PushPromiseFrame, SettingsFrame, RstStreamFrame, PriorityFrame, - ContinuationFrame, AltSvcFrame -) -from hpack.hpack import Encoder, Decoder -from hpack.exceptions import HPACKError - -from .config import H2Configuration -from .errors import ErrorCodes, _error_code_from_int -from .events import ( - WindowUpdated, RemoteSettingsChanged, PingAcknowledged, - SettingsAcknowledged, ConnectionTerminated, PriorityUpdated, - AlternativeServiceAvailable, -) -from .exceptions import ( - ProtocolError, NoSuchStreamError, FlowControlError, FrameTooLargeError, - TooManyStreamsError, StreamClosedError, StreamIDTooLowError, - NoAvailableStreamIDError, RFC1122Error, DenialOfServiceError -) -from .frame_buffer import FrameBuffer -from .settings import Settings, SettingCodes -from .stream import H2Stream, StreamClosedBy -from .utilities import guard_increment_window -from .windows import WindowManager - -try: - from hpack.exceptions import OversizedHeaderListError -except ImportError: # Platform-specific: HPACK < 2.3.0 - # If the exception doesn't exist, it cannot possibly be thrown. Define a - # placeholder name, but don't otherwise worry about it. - class OversizedHeaderListError(Exception): - pass - - -try: - from hyperframe.frame import ExtensionFrame -except ImportError: # Platform-specific: Hyperframe < 5.0.0 - # If the frame doesn't exist, that's just fine: we'll define it ourselves - # and the method will just never be called. - class ExtensionFrame(object): - pass - - -class ConnectionState(Enum): - IDLE = 0 - CLIENT_OPEN = 1 - SERVER_OPEN = 2 - CLOSED = 3 - - -class ConnectionInputs(Enum): - SEND_HEADERS = 0 - SEND_PUSH_PROMISE = 1 - SEND_DATA = 2 - SEND_GOAWAY = 3 - SEND_WINDOW_UPDATE = 4 - SEND_PING = 5 - SEND_SETTINGS = 6 - SEND_RST_STREAM = 7 - SEND_PRIORITY = 8 - RECV_HEADERS = 9 - RECV_PUSH_PROMISE = 10 - RECV_DATA = 11 - RECV_GOAWAY = 12 - RECV_WINDOW_UPDATE = 13 - RECV_PING = 14 - RECV_SETTINGS = 15 - RECV_RST_STREAM = 16 - RECV_PRIORITY = 17 - SEND_ALTERNATIVE_SERVICE = 18 # Added in 2.3.0 - RECV_ALTERNATIVE_SERVICE = 19 # Added in 2.3.0 - - -class AllowedStreamIDs(IntEnum): - EVEN = 0 - ODD = 1 - - -class H2ConnectionStateMachine(object): - """ - A single HTTP/2 connection state machine. - - This state machine, while defined in its own class, is logically part of - the H2Connection class also defined in this file. The state machine itself - maintains very little state directly, instead focusing entirely on managing - state transitions. - """ - # For the purposes of this state machine we treat HEADERS and their - # associated CONTINUATION frames as a single jumbo frame. The protocol - # allows/requires this by preventing other frames from being interleved in - # between HEADERS/CONTINUATION frames. - # - # The _transitions dictionary contains a mapping of tuples of - # (state, input) to tuples of (side_effect_function, end_state). This map - # contains all allowed transitions: anything not in this map is invalid - # and immediately causes a transition to ``closed``. - - _transitions = { - # State: idle - (ConnectionState.IDLE, ConnectionInputs.SEND_HEADERS): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.IDLE, ConnectionInputs.RECV_HEADERS): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.IDLE, ConnectionInputs.SEND_SETTINGS): - (None, ConnectionState.IDLE), - (ConnectionState.IDLE, ConnectionInputs.RECV_SETTINGS): - (None, ConnectionState.IDLE), - (ConnectionState.IDLE, ConnectionInputs.SEND_WINDOW_UPDATE): - (None, ConnectionState.IDLE), - (ConnectionState.IDLE, ConnectionInputs.RECV_WINDOW_UPDATE): - (None, ConnectionState.IDLE), - (ConnectionState.IDLE, ConnectionInputs.SEND_PING): - (None, ConnectionState.IDLE), - (ConnectionState.IDLE, ConnectionInputs.RECV_PING): - (None, ConnectionState.IDLE), - (ConnectionState.IDLE, ConnectionInputs.SEND_GOAWAY): - (None, ConnectionState.CLOSED), - (ConnectionState.IDLE, ConnectionInputs.RECV_GOAWAY): - (None, ConnectionState.CLOSED), - (ConnectionState.IDLE, ConnectionInputs.SEND_PRIORITY): - (None, ConnectionState.IDLE), - (ConnectionState.IDLE, ConnectionInputs.RECV_PRIORITY): - (None, ConnectionState.IDLE), - (ConnectionState.IDLE, ConnectionInputs.SEND_ALTERNATIVE_SERVICE): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.IDLE, ConnectionInputs.RECV_ALTERNATIVE_SERVICE): - (None, ConnectionState.CLIENT_OPEN), - - # State: open, client side. - (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_HEADERS): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_DATA): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_GOAWAY): - (None, ConnectionState.CLOSED), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_WINDOW_UPDATE): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_PING): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_SETTINGS): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_PRIORITY): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_HEADERS): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_PUSH_PROMISE): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_DATA): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_GOAWAY): - (None, ConnectionState.CLOSED), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_WINDOW_UPDATE): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_PING): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_SETTINGS): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_RST_STREAM): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_RST_STREAM): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_PRIORITY): - (None, ConnectionState.CLIENT_OPEN), - (ConnectionState.CLIENT_OPEN, - ConnectionInputs.RECV_ALTERNATIVE_SERVICE): - (None, ConnectionState.CLIENT_OPEN), - - # State: open, server side. - (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_HEADERS): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_PUSH_PROMISE): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_DATA): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_GOAWAY): - (None, ConnectionState.CLOSED), - (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_WINDOW_UPDATE): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_PING): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_SETTINGS): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_PRIORITY): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_HEADERS): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_DATA): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_GOAWAY): - (None, ConnectionState.CLOSED), - (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_WINDOW_UPDATE): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_PING): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_SETTINGS): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_PRIORITY): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_RST_STREAM): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_RST_STREAM): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, - ConnectionInputs.SEND_ALTERNATIVE_SERVICE): - (None, ConnectionState.SERVER_OPEN), - (ConnectionState.SERVER_OPEN, - ConnectionInputs.RECV_ALTERNATIVE_SERVICE): - (None, ConnectionState.SERVER_OPEN), - - # State: closed - (ConnectionState.CLOSED, ConnectionInputs.SEND_GOAWAY): - (None, ConnectionState.CLOSED), - (ConnectionState.CLOSED, ConnectionInputs.RECV_GOAWAY): - (None, ConnectionState.CLOSED), - } - - def __init__(self): - self.state = ConnectionState.IDLE - - def process_input(self, input_): - """ - Process a specific input in the state machine. - """ - if not isinstance(input_, ConnectionInputs): - raise ValueError("Input must be an instance of ConnectionInputs") - - try: - func, target_state = self._transitions[(self.state, input_)] - except KeyError: - old_state = self.state - self.state = ConnectionState.CLOSED - raise ProtocolError( - "Invalid input %s in state %s" % (input_, old_state) - ) - else: - self.state = target_state - if func is not None: # pragma: no cover - return func() - - return [] - - -class H2Connection(object): - """ - A low-level HTTP/2 connection object. This handles building and receiving - frames and maintains both connection and per-stream state for all streams - on this connection. - - This wraps a HTTP/2 Connection state machine implementation, ensuring that - frames can only be sent/received when the connection is in a valid state. - It also builds stream state machines on demand to ensure that the - constraints of those state machines are met as well. Attempts to create - frames that cannot be sent will raise a ``ProtocolError``. - - .. versionchanged:: 2.3.0 - Added the ``header_encoding`` keyword argument. - - .. versionchanged:: 2.5.0 - Added the ``config`` keyword argument. Deprecated the ``client_side`` - and ``header_encoding`` parameters. - - :param client_side: Whether this object is to be used on the client side of - a connection, or on the server side. Affects the logic used by the - state machine, the default settings values, the allowable stream IDs, - and several other properties. Defaults to ``True``. - - .. deprecated:: 2.5.0 - - :type client_side: ``bool`` - - :param header_encoding: Controls whether the headers emitted by this object - in events are transparently decoded to ``unicode`` strings, and what - encoding is used to do that decoding. For historical reason, this - defaults to ``'utf-8'``. To prevent the decoding of headers (that is, - to force them to be returned as bytestrings), this can be set to - ``False`` or the empty string. - - .. deprecated:: 2.5.0 - - :type header_encoding: ``str`` or ``False`` - - :param config: The configuration for the HTTP/2 connection. If provided, - supersedes the deprecated ``client_side`` and ``header_encoding`` - values. - - .. versionadded:: 2.5.0 - - :type config: :class:`H2Configuration ` - """ - # The initial maximum outbound frame size. This can be changed by receiving - # a settings frame. - DEFAULT_MAX_OUTBOUND_FRAME_SIZE = 65535 - - # The initial maximum inbound frame size. This is somewhat arbitrarily - # chosen. - DEFAULT_MAX_INBOUND_FRAME_SIZE = 2**24 - - # The highest acceptable stream ID. - HIGHEST_ALLOWED_STREAM_ID = 2**31 - 1 - - # The largest acceptable window increment. - MAX_WINDOW_INCREMENT = 2**31 - 1 - - # The initial default value of SETTINGS_MAX_HEADER_LIST_SIZE. - DEFAULT_MAX_HEADER_LIST_SIZE = 2**16 - - def __init__(self, client_side=True, header_encoding='utf-8', config=None): - self.state_machine = H2ConnectionStateMachine() - self.streams = {} - self.highest_inbound_stream_id = 0 - self.highest_outbound_stream_id = 0 - self.encoder = Encoder() - self.decoder = Decoder() - - # This won't always actually do anything: for versions of HPACK older - # than 2.3.0 it does nothing. However, we have to try! - self.decoder.max_header_list_size = self.DEFAULT_MAX_HEADER_LIST_SIZE - - #: The configuration for this HTTP/2 connection object. - #: - #: .. versionadded:: 2.5.0 - self.config = config - if self.config is None: - self.config = H2Configuration( - client_side=client_side, - header_encoding=header_encoding, - ) - - # Objects that store settings, including defaults. - # - # We set the MAX_CONCURRENT_STREAMS value to 100 because its default is - # unbounded, and that's a dangerous default because it allows - # essentially unbounded resources to be allocated regardless of how - # they will be used. 100 should be suitable for the average - # application. This default obviously does not apply to the remote - # peer's settings: the remote peer controls them! - # - # We also set MAX_HEADER_LIST_SIZE to a reasonable value. This is to - # advertise our defence against CVE-2016-6581. However, not all - # versions of HPACK will let us do it. That's ok: we should at least - # suggest that we're not vulnerable. - self.local_settings = Settings( - client=self.config.client_side, - initial_values={ - SettingCodes.MAX_CONCURRENT_STREAMS: 100, - SettingCodes.MAX_HEADER_LIST_SIZE: - self.DEFAULT_MAX_HEADER_LIST_SIZE, - } - ) - self.remote_settings = Settings(client=not self.config.client_side) - - # The curent value of the connection flow control windows on the - # connection. - self.outbound_flow_control_window = ( - self.remote_settings.initial_window_size - ) - - #: The maximum size of a frame that can be emitted by this peer, in - #: bytes. - self.max_outbound_frame_size = self.remote_settings.max_frame_size - - #: The maximum size of a frame that can be received by this peer, in - #: bytes. - self.max_inbound_frame_size = self.local_settings.max_frame_size - - # Buffer for incoming data. - self.incoming_buffer = FrameBuffer(server=not self.config.client_side) - - # A private variable to store a sequence of received header frames - # until completion. - self._header_frames = [] - - # Data that needs to be sent. - self._data_to_send = b'' - - # Keeps track of how streams are closed. - # Used to ensure that we don't blow up in the face of frames that were - # in flight when a RST_STREAM was sent. - # Also used to determine whether we should consider a frame received - # while a stream is closed as either a stream error or a connection - # error. - self._closed_streams = {} - - # The flow control window manager for the connection. - self._inbound_flow_control_window_manager = WindowManager( - max_window_size=self.local_settings.initial_window_size - ) - - # When in doubt use dict-dispatch. - self._frame_dispatch_table = { - HeadersFrame: self._receive_headers_frame, - PushPromiseFrame: self._receive_push_promise_frame, - SettingsFrame: self._receive_settings_frame, - DataFrame: self._receive_data_frame, - WindowUpdateFrame: self._receive_window_update_frame, - PingFrame: self._receive_ping_frame, - RstStreamFrame: self._receive_rst_stream_frame, - PriorityFrame: self._receive_priority_frame, - GoAwayFrame: self._receive_goaway_frame, - ContinuationFrame: self._receive_naked_continuation, - AltSvcFrame: self._receive_alt_svc_frame, - ExtensionFrame: self._receive_unknown_frame - } - - def _prepare_for_sending(self, frames): - if not frames: - return - self._data_to_send += b''.join(f.serialize() for f in frames) - assert all(f.body_len <= self.max_outbound_frame_size for f in frames) - - def _open_streams(self, remainder): - """ - A common method of counting number of open streams. Returns the number - of streams that are open *and* that have (stream ID % 2) == remainder. - While it iterates, also deletes any closed streams. - """ - count = 0 - to_delete = [] - - for stream_id, stream in self.streams.items(): - if stream.open and (stream_id % 2 == remainder): - count += 1 - elif stream.closed: - to_delete.append(stream_id) - - for stream_id in to_delete: - stream = self.streams.pop(stream_id) - self._closed_streams[stream_id] = stream.closed_by - - return count - - @property - def open_outbound_streams(self): - """ - The current number of open outbound streams. - """ - outbound_numbers = int(self.config.client_side) - return self._open_streams(outbound_numbers) - - @property - def open_inbound_streams(self): - """ - The current number of open inbound streams. - """ - inbound_numbers = int(not self.config.client_side) - return self._open_streams(inbound_numbers) - - @property - def header_encoding(self): - """ - Controls whether the headers emitted by this object in events are - transparently decoded to ``unicode`` strings, and what encoding is used - to do that decoding. For historical reason, this defaults to - ``'utf-8'``. To prevent the decoding of headers (that is, to force them - to be returned as bytestrings), this can be set to ``False`` or the - empty string. - - .. versionadded:: 2.3.0 - - .. deprecated:: 2.5.0 - Use :data:`config ` instead. - """ - return self.config.header_encoding - - @header_encoding.setter - def header_encoding(self, value): - """ - Setter for header encoding config value. - """ - self.config.header_encoding = value - - @property - def client_side(self): - """ - Whether this object is to be used on the client side of a connection, - or on the server side. Affects the logic used by the state machine, the - default settings values, the allowable stream IDs, and several other - properties. Defaults to ``True``. - - .. deprecated:: 2.5.0 - Use :data:`config ` instead. - """ - return self.config.client_side - - @property - def inbound_flow_control_window(self): - """ - The size of the inbound flow control window for the connection. This is - rarely publicly useful: instead, use :meth:`remote_flow_control_window - `. This - shortcut is largely present to provide a shortcut to this data. - """ - return self._inbound_flow_control_window_manager.current_window_size - - def _begin_new_stream(self, stream_id, allowed_ids): - """ - Initiate a new stream. - - .. versionchanged:: 2.0.0 - Removed this function from the public API. - - :param stream_id: The ID of the stream to open. - :param allowed_ids: What kind of stream ID is allowed. - """ - self.config.logger.debug( - "Attempting to initiate stream ID %d", stream_id - ) - outbound = self._stream_id_is_outbound(stream_id) - highest_stream_id = ( - self.highest_outbound_stream_id if outbound else - self.highest_inbound_stream_id - ) - - if stream_id <= highest_stream_id: - raise StreamIDTooLowError(stream_id, highest_stream_id) - - if (stream_id % 2) != int(allowed_ids): - raise ProtocolError( - "Invalid stream ID for peer." - ) - - s = H2Stream( - stream_id, - config=self.config, - inbound_window_size=self.local_settings.initial_window_size, - outbound_window_size=self.remote_settings.initial_window_size - ) - self.config.logger.debug("Stream ID %d created", stream_id) - s.max_inbound_frame_size = self.max_inbound_frame_size - s.max_outbound_frame_size = self.max_outbound_frame_size - - self.streams[stream_id] = s - self.config.logger.debug("Current streams: %s", self.streams.keys()) - - if outbound: - self.highest_outbound_stream_id = stream_id - else: - self.highest_inbound_stream_id = stream_id - - return s - - def initiate_connection(self): - """ - Provides any data that needs to be sent at the start of the connection. - Must be called for both clients and servers. - """ - self.config.logger.debug("Initializing connection") - self.state_machine.process_input(ConnectionInputs.SEND_SETTINGS) - if self.config.client_side: - preamble = b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n' - else: - preamble = b'' - - f = SettingsFrame(0) - for setting, value in self.local_settings.items(): - f.settings[setting] = value - self.config.logger.debug( - "Send Settings frame: %s", self.local_settings - ) - - self._data_to_send += preamble + f.serialize() - - def initiate_upgrade_connection(self, settings_header=None): - """ - Call to initialise the connection object for use with an upgraded - HTTP/2 connection (i.e. a connection negotiated using the - ``Upgrade: h2c`` HTTP header). - - This method differs from :meth:`initiate_connection - ` in several ways. - Firstly, it handles the additional SETTINGS frame that is sent in the - ``HTTP2-Settings`` header field. When called on a client connection, - this method will return a bytestring that the caller can put in the - ``HTTP2-Settings`` field they send on their initial request. When - called on a server connection, the user **must** provide the value they - received from the client in the ``HTTP2-Settings`` header field to the - ``settings_header`` argument, which will be used appropriately. - - Additionally, this method sets up stream 1 in a half-closed state - appropriate for this side of the connection, to reflect the fact that - the request is already complete. - - Finally, this method also prepares the appropriate preamble to be sent - after the upgrade. - - .. versionadded:: 2.3.0 - - :param settings_header: (optional, server-only): The value of the - ``HTTP2-Settings`` header field received from the client. - :type settings_header: ``bytes`` - - :returns: For clients, a bytestring to put in the ``HTTP2-Settings``. - For servers, returns nothing. - :rtype: ``bytes`` or ``None`` - """ - self.config.logger.debug( - "Upgrade connection. Current settings: %s", self.local_settings - ) - - frame_data = None - # Begin by getting the preamble in place. - self.initiate_connection() - - if self.config.client_side: - f = SettingsFrame(0) - for setting, value in self.local_settings.items(): - f.settings[setting] = value - - frame_data = f.serialize_body() - frame_data = base64.urlsafe_b64encode(frame_data) - elif settings_header: - # We have a settings header from the client. This needs to be - # applied, but we want to throw away the ACK. We do this by - # inserting the data into a Settings frame and then passing it to - # the state machine, but ignoring the return value. - settings_header = base64.urlsafe_b64decode(settings_header) - f = SettingsFrame(0) - f.parse_body(settings_header) - self._receive_settings_frame(f) - - # Set up appropriate state. Stream 1 in a half-closed state: - # half-closed(local) for clients, half-closed(remote) for servers. - # Additionally, we need to set up the Connection state machine. - connection_input = ( - ConnectionInputs.SEND_HEADERS if self.config.client_side - else ConnectionInputs.RECV_HEADERS - ) - self.config.logger.debug("Process input %s", connection_input) - self.state_machine.process_input(connection_input) - - # Set up stream 1. - self._begin_new_stream(stream_id=1, allowed_ids=AllowedStreamIDs.ODD) - self.streams[1].upgrade(self.config.client_side) - return frame_data - - def _get_or_create_stream(self, stream_id, allowed_ids): - """ - Gets a stream by its stream ID. Will create one if one does not already - exist. Use allowed_ids to circumvent the usual stream ID rules for - clients and servers. - - .. versionchanged:: 2.0.0 - Removed this function from the public API. - """ - try: - return self.streams[stream_id] - except KeyError: - return self._begin_new_stream(stream_id, allowed_ids) - - def _get_stream_by_id(self, stream_id): - """ - Gets a stream by its stream ID. Raises NoSuchStreamError if the stream - ID does not correspond to a known stream and is higher than the current - maximum: raises if it is lower than the current maximum. - - .. versionchanged:: 2.0.0 - Removed this function from the public API. - """ - try: - return self.streams[stream_id] - except KeyError: - outbound = self._stream_id_is_outbound(stream_id) - highest_stream_id = ( - self.highest_outbound_stream_id if outbound else - self.highest_inbound_stream_id - ) - - if stream_id > highest_stream_id: - raise NoSuchStreamError(stream_id) - else: - raise StreamClosedError(stream_id) - - def get_next_available_stream_id(self): - """ - Returns an integer suitable for use as the stream ID for the next - stream created by this endpoint. For server endpoints, this stream ID - will be even. For client endpoints, this stream ID will be odd. If no - stream IDs are available, raises :class:`NoAvailableStreamIDError - `. - - .. warning:: The return value from this function does not change until - the stream ID has actually been used by sending or pushing - headers on that stream. For that reason, it should be - called as close as possible to the actual use of the - stream ID. - - .. versionadded:: 2.0.0 - - :raises: :class:`NoAvailableStreamIDError - ` - :returns: The next free stream ID this peer can use to initiate a - stream. - :rtype: ``int`` - """ - # No streams have been opened yet, so return the lowest allowed stream - # ID. - if not self.highest_outbound_stream_id: - next_stream_id = 1 if self.config.client_side else 2 - else: - next_stream_id = self.highest_outbound_stream_id + 2 - self.config.logger.debug( - "Next available stream ID %d", next_stream_id - ) - if next_stream_id > self.HIGHEST_ALLOWED_STREAM_ID: - raise NoAvailableStreamIDError("Exhausted allowed stream IDs") - - return next_stream_id - - def send_headers(self, stream_id, headers, end_stream=False, - priority_weight=None, priority_depends_on=None, - priority_exclusive=None): - """ - Send headers on a given stream. - - This function can be used to send request or response headers: the kind - that are sent depends on whether this connection has been opened as a - client or server connection, and whether the stream was opened by the - remote peer or not. - - If this is a client connection, calling ``send_headers`` will send the - headers as a request. It will also implicitly open the stream being - used. If this is a client connection and ``send_headers`` has *already* - been called, this will send trailers instead. - - If this is a server connection, calling ``send_headers`` will send the - headers as a response. It is a protocol error for a server to open a - stream by sending headers. If this is a server connection and - ``send_headers`` has *already* been called, this will send trailers - instead. - - When acting as a server, you may call ``send_headers`` any number of - times allowed by the following rules, in this order: - - - zero or more times with ``(':status', '1XX')`` (where ``1XX`` is a - placeholder for any 100-level status code). - - once with any other status header. - - zero or one time for trailers. - - That is, you are allowed to send as many informational responses as you - like, followed by one complete response and zero or one HTTP trailer - blocks. - - Clients may send one or two header blocks: one request block, and - optionally one trailer block. - - If it is important to send HPACK "never indexed" header fields (as - defined in `RFC 7451 Section 7.1.3 - `_), the user may - instead provide headers using the HPACK library's :class:`HeaderTuple - ` and :class:`NeverIndexedHeaderTuple - ` objects. - - This method also allows users to prioritize the stream immediately, - by sending priority information on the HEADERS frame directly. To do - this, any one of ``priority_weight``, ``priority_depends_on``, or - ``priority_exclusive`` must be set to a value that is not ``None``. For - more information on the priority fields, see :meth:`prioritize - `. - - .. warning:: In HTTP/2, it is mandatory that all the HTTP/2 special - headers (that is, ones whose header keys begin with ``:``) appear - at the start of the header block, before any normal headers. - If you pass a dictionary to the ``headers`` parameter, it is - unlikely that they will iterate in that order, and your connection - may fail. For this reason, passing a ``dict`` to ``headers`` is - *deprecated*, and will be removed in 3.0. - - .. versionchanged:: 2.3.0 - Added support for using :class:`HeaderTuple - ` objects to store headers. - - .. versionchanged:: 2.4.0 - Added the ability to provide priority keyword arguments: - ``priority_weight``, ``priority_depends_on``, and - ``priority_exclusive``. - - :param stream_id: The stream ID to send the headers on. If this stream - does not currently exist, it will be created. - :type stream_id: ``int`` - - :param headers: The request/response headers to send. - :type headers: An iterable of two tuples of bytestrings or - :class:`HeaderTuple ` objects. - - :param end_stream: Whether this headers frame should end the stream - immediately (that is, whether no more data will be sent after this - frame). Defaults to ``False``. - :type end_stream: ``bool`` - - :param priority_weight: Sets the priority weight of the stream. See - :meth:`prioritize ` for more - about how this field works. Defaults to ``None``, which means that - no priority information will be sent. - :type priority_weight: ``int`` or ``None`` - - :param priority_depends_on: Sets which stream this one depends on for - priority purposes. See :meth:`prioritize - ` for more about how this - field works. Defaults to ``None``, which means that no priority - information will be sent. - :type priority_depends_on: ``int`` or ``None`` - - :param priority_exclusive: Sets whether this stream exclusively depends - on the stream given in ``priority_depends_on`` for priority - purposes. See :meth:`prioritize - ` for more about how this - field workds. Defaults to ``None``, which means that no priority - information will be sent. - :type priority_depends_on: ``bool`` or ``None`` - - :returns: Nothing - """ - self.config.logger.debug( - "Send headers on stream ID %d", stream_id - ) - - # Check we can open the stream. - if stream_id not in self.streams: - max_open_streams = self.remote_settings.max_concurrent_streams - if (self.open_outbound_streams + 1) > max_open_streams: - raise TooManyStreamsError( - "Max outbound streams is %d, %d open" % - (max_open_streams, self.open_outbound_streams) - ) - - self.state_machine.process_input(ConnectionInputs.SEND_HEADERS) - stream = self._get_or_create_stream( - stream_id, AllowedStreamIDs(self.config.client_side) - ) - frames = stream.send_headers( - headers, self.encoder, end_stream - ) - - # We may need to send priority information. - priority_present = ( - (priority_weight is not None) or - (priority_depends_on is not None) or - (priority_exclusive is not None) - ) - - if priority_present: - if not self.config.client_side: - raise RFC1122Error("Servers SHOULD NOT prioritize streams.") - - headers_frame = frames[0] - headers_frame.flags.add('PRIORITY') - frames[0] = _add_frame_priority( - headers_frame, - priority_weight, - priority_depends_on, - priority_exclusive - ) - - self._prepare_for_sending(frames) - - def send_data(self, stream_id, data, end_stream=False, pad_length=None): - """ - Send data on a given stream. - - This method does no breaking up of data: if the data is larger than the - value returned by :meth:`local_flow_control_window - ` for this stream - then a :class:`FlowControlError ` will - be raised. If the data is larger than :data:`max_outbound_frame_size - ` then a - :class:`FrameTooLargeError ` will be - raised. - - Hyper-h2 does this to avoid buffering the data internally. If the user - has more data to send than hyper-h2 will allow, consider breaking it up - and buffering it externally. - - :param stream_id: The ID of the stream on which to send the data. - :type stream_id: ``int`` - :param data: The data to send on the stream. - :type data: ``bytes`` - :param end_stream: (optional) Whether this is the last data to be sent - on the stream. Defaults to ``False``. - :type end_stream: ``bool`` - :param pad_length: (optional) Length of the padding to apply to the - data frame. Defaults to ``None`` for no use of padding. Note that - a value of ``0`` results in padding of length ``0`` - (with the "padding" flag set on the frame). - - .. versionadded:: 2.6.0 - - :type pad_length: ``int`` - :returns: Nothing - """ - self.config.logger.debug( - "Send data on stream ID %d with len %d", stream_id, len(data) - ) - frame_size = len(data) - if pad_length is not None: - if not isinstance(pad_length, int): - raise TypeError("pad_length must be an int") - if pad_length < 0 or pad_length > 255: - raise ValueError("pad_length must be within range: [0, 255]") - # Account for padding bytes plus the 1-byte padding length field. - frame_size += pad_length + 1 - self.config.logger.debug( - "Frame size on stream ID %d is %d", stream_id, frame_size - ) - - if frame_size > self.local_flow_control_window(stream_id): - raise FlowControlError( - "Cannot send %d bytes, flow control window is %d." % - (frame_size, self.local_flow_control_window(stream_id)) - ) - elif frame_size > self.max_outbound_frame_size: - raise FrameTooLargeError( - "Cannot send frame size %d, max frame size is %d" % - (frame_size, self.max_outbound_frame_size) - ) - - self.state_machine.process_input(ConnectionInputs.SEND_DATA) - frames = self.streams[stream_id].send_data( - data, end_stream, pad_length=pad_length - ) - - self._prepare_for_sending(frames) - - self.outbound_flow_control_window -= frame_size - self.config.logger.debug( - "Outbound flow control window size is %d", - self.outbound_flow_control_window - ) - assert self.outbound_flow_control_window >= 0 - - def end_stream(self, stream_id): - """ - Cleanly end a given stream. - - This method ends a stream by sending an empty DATA frame on that stream - with the ``END_STREAM`` flag set. - - :param stream_id: The ID of the stream to end. - :type stream_id: ``int`` - :returns: Nothing - """ - self.config.logger.debug("End stream ID %d", stream_id) - self.state_machine.process_input(ConnectionInputs.SEND_DATA) - frames = self.streams[stream_id].end_stream() - self._prepare_for_sending(frames) - - def increment_flow_control_window(self, increment, stream_id=None): - """ - Increment a flow control window, optionally for a single stream. Allows - the remote peer to send more data. - - .. versionchanged:: 2.0.0 - Rejects attempts to increment the flow control window by out of - range values with a ``ValueError``. - - :param increment: The amount to increment the flow control window by. - :type increment: ``int`` - :param stream_id: (optional) The ID of the stream that should have its - flow control window opened. If not present or ``None``, the - connection flow control window will be opened instead. - :type stream_id: ``int`` or ``None`` - :returns: Nothing - :raises: ``ValueError`` - """ - if not (1 <= increment <= self.MAX_WINDOW_INCREMENT): - raise ValueError( - "Flow control increment must be between 1 and %d" % - self.MAX_WINDOW_INCREMENT - ) - - self.state_machine.process_input(ConnectionInputs.SEND_WINDOW_UPDATE) - - if stream_id is not None: - stream = self.streams[stream_id] - frames = stream.increase_flow_control_window( - increment - ) - else: - self._inbound_flow_control_window_manager.window_opened(increment) - f = WindowUpdateFrame(0) - f.window_increment = increment - frames = [f] - - self.config.logger.debug( - "Increase stream ID %d flow control window by %d", - stream_id, increment - ) - self._prepare_for_sending(frames) - - def push_stream(self, stream_id, promised_stream_id, request_headers): - """ - Push a response to the client by sending a PUSH_PROMISE frame. - - If it is important to send HPACK "never indexed" header fields (as - defined in `RFC 7451 Section 7.1.3 - `_), the user may - instead provide headers using the HPACK library's :class:`HeaderTuple - ` and :class:`NeverIndexedHeaderTuple - ` objects. - - :param stream_id: The ID of the stream that this push is a response to. - :type stream_id: ``int`` - :param promised_stream_id: The ID of the stream that the pushed - response will be sent on. - :type promised_stream_id: ``int`` - :param request_headers: The headers of the request that the pushed - response will be responding to. - :type request_headers: An iterable of two tuples of bytestrings or - :class:`HeaderTuple ` objects. - :returns: Nothing - """ - self.config.logger.debug( - "Send Push Promise frame on stream ID %d", stream_id - ) - - if not self.remote_settings.enable_push: - raise ProtocolError("Remote peer has disabled stream push") - - self.state_machine.process_input(ConnectionInputs.SEND_PUSH_PROMISE) - stream = self._get_stream_by_id(stream_id) - - # We need to prevent users pushing streams in response to streams that - # they themselves have already pushed: see #163 and RFC 7540 § 6.6. The - # easiest way to do that is to assert that the stream_id is not even: - # this shortcut works because only servers can push and the state - # machine will enforce this. - if (stream_id % 2) == 0: - raise ProtocolError("Cannot recursively push streams.") - - new_stream = self._begin_new_stream( - promised_stream_id, AllowedStreamIDs.EVEN - ) - self.streams[promised_stream_id] = new_stream - - frames = stream.push_stream_in_band( - promised_stream_id, request_headers, self.encoder - ) - new_frames = new_stream.locally_pushed() - self._prepare_for_sending(frames + new_frames) - - def ping(self, opaque_data): - """ - Send a PING frame. - - :param opaque_data: A bytestring of length 8 that will be sent in the - PING frame. - :returns: Nothing - """ - self.config.logger.debug("Send Ping frame") - - if not isinstance(opaque_data, bytes) or len(opaque_data) != 8: - raise ValueError("Invalid value for ping data: %r" % opaque_data) - - self.state_machine.process_input(ConnectionInputs.SEND_PING) - f = PingFrame(0) - f.opaque_data = opaque_data - self._prepare_for_sending([f]) - - def reset_stream(self, stream_id, error_code=0): - """ - Reset a stream. - - This method forcibly closes a stream by sending a RST_STREAM frame for - a given stream. This is not a graceful closure. To gracefully end a - stream, try the :meth:`end_stream - ` method. - - :param stream_id: The ID of the stream to reset. - :type stream_id: ``int`` - :param error_code: (optional) The error code to use to reset the - stream. Defaults to :data:`ErrorCodes.NO_ERROR - `. - :type error_code: ``int`` - :returns: Nothing - """ - self.config.logger.debug("Reset stream ID %d", stream_id) - self.state_machine.process_input(ConnectionInputs.SEND_RST_STREAM) - stream = self._get_stream_by_id(stream_id) - frames = stream.reset_stream(error_code) - self._prepare_for_sending(frames) - - def close_connection(self, error_code=0, additional_data=None, - last_stream_id=None): - - """ - Close a connection, emitting a GOAWAY frame. - - .. versionchanged:: 2.4.0 - Added ``additional_data`` and ``last_stream_id`` arguments. - - :param error_code: (optional) The error code to send in the GOAWAY - frame. - :param additional_data: (optional) Additional debug data indicating - a reason for closing the connection. Must be a bytestring. - :param last_stream_id: (optional) The last stream which was processed - by the sender. Defaults to ``highest_inbound_stream_id``. - :returns: Nothing - """ - self.config.logger.debug("Close connection") - self.state_machine.process_input(ConnectionInputs.SEND_GOAWAY) - - # Additional_data must be bytes - if additional_data is not None: - assert isinstance(additional_data, bytes) - - if last_stream_id is None: - last_stream_id = self.highest_inbound_stream_id - - f = GoAwayFrame( - stream_id=0, - last_stream_id=last_stream_id, - error_code=error_code, - additional_data=(additional_data or b'') - ) - self._prepare_for_sending([f]) - - def update_settings(self, new_settings): - """ - Update the local settings. This will prepare and emit the appropriate - SETTINGS frame. - - :param new_settings: A dictionary of {setting: new value} - """ - self.config.logger.debug( - "Update connection settings to %s", new_settings - ) - self.state_machine.process_input(ConnectionInputs.SEND_SETTINGS) - self.local_settings.update(new_settings) - s = SettingsFrame(0) - s.settings = new_settings - self._prepare_for_sending([s]) - - def advertise_alternative_service(self, - field_value, - origin=None, - stream_id=None): - """ - Notify a client about an available Alternative Service. - - An Alternative Service is defined in `RFC 7838 - `_. An Alternative Service - notification informs a client that a given origin is also available - elsewhere. - - Alternative Services can be advertised in two ways. Firstly, they can - be advertised explicitly: that is, a server can say "origin X is also - available at Y". To advertise like this, set the ``origin`` argument - and not the ``stream_id`` argument. Alternatively, they can be - advertised implicitly: that is, a server can say "the origin you're - contacting on stream X is also available at Y". To advertise like this, - set the ``stream_id`` argument and not the ``origin`` argument. - - The explicit method of advertising can be done as long as the - connection is active. The implicit method can only be done after the - client has sent the request headers and before the server has sent the - response headers: outside of those points, Hyper-h2 will forbid sending - the Alternative Service advertisement by raising a ProtocolError. - - The ``field_value`` parameter is specified in RFC 7838. Hyper-h2 does - not validate or introspect this argument: the user is required to - ensure that it's well-formed. ``field_value`` corresponds to RFC 7838's - "Alternative Service Field Value". - - .. note:: It is strongly preferred to use the explicit method of - advertising Alternative Services. The implicit method of - advertising Alternative Services has a number of subtleties - and can lead to inconsistencies between the server and - client. Hyper-h2 allows both mechanisms, but caution is - strongly advised. - - .. versionadded:: 2.3.0 - - :param field_value: The RFC 7838 Alternative Service Field Value. This - argument is not introspected by Hyper-h2: the user is responsible - for ensuring that it is well-formed. - :type field_value: ``bytes`` - - :param origin: The origin/authority to which the Alternative Service - being advertised applies. Must not be provided at the same time as - ``stream_id``. - :type origin: ``bytes`` or ``None`` - - :param stream_id: The ID of the stream which was sent to the authority - for which this Alternative Service advertisement applies. Must not - be provided at the same time as ``origin``. - :type stream_id: ``int`` or ``None`` - - :returns: Nothing. - """ - if not isinstance(field_value, bytes): - raise ValueError("Field must be bytestring.") - - if origin is not None and stream_id is not None: - raise ValueError("Must not provide both origin and stream_id") - - self.state_machine.process_input( - ConnectionInputs.SEND_ALTERNATIVE_SERVICE - ) - - if origin is not None: - # This ALTSVC is sent on stream zero. - f = AltSvcFrame(stream_id=0) - f.origin = origin - f.field = field_value - frames = [f] - else: - stream = self._get_stream_by_id(stream_id) - frames = stream.advertise_alternative_service(field_value) - - self._prepare_for_sending(frames) - - def prioritize(self, stream_id, weight=None, depends_on=None, - exclusive=None): - """ - Notify a server about the priority of a stream. - - Stream priorities are a form of guidance to a remote server: they - inform the server about how important a given response is, so that the - server may allocate its resources (e.g. bandwidth, CPU time, etc.) - accordingly. This exists to allow clients to ensure that the most - important data arrives earlier, while less important data does not - starve out the more important data. - - Stream priorities are explained in depth in `RFC 7540 Section 5.3 - `_. - - This method updates the priority information of a single stream. It may - be called well before a stream is actively in use, or well after a - stream is closed. - - .. warning:: RFC 7540 allows for servers to change the priority of - streams. However, hyper-h2 **does not** allow server - stacks to do this. This is because most clients do not - adequately know how to respond when provided conflicting - priority information, and relatively little utility is - provided by making that functionality available. - - .. note:: hyper-h2 **does not** maintain any information about the - RFC 7540 priority tree. That means that hyper-h2 does not - prevent incautious users from creating invalid priority - trees, particularly by creating priority loops. While some - basic error checking is provided by hyper-h2, users are - strongly recommended to understand their prioritisation - strategies before using the priority tools here. - - .. note:: Priority information is strictly advisory. Servers are - allowed to disregard it entirely. Avoid relying on the idea - that your priority signaling will definitely be obeyed. - - .. versionadded:: 2.4.0 - - :param stream_id: The ID of the stream to prioritize. - :type stream_id: ``int`` - - :param weight: The weight to give the stream. Defaults to ``16``, the - default weight of any stream. May be any value between ``1`` and - ``256`` inclusive. The relative weight of a stream indicates what - proportion of available resources will be allocated to that - stream. - :type weight: ``int`` - - :param depends_on: The ID of the stream on which this stream depends. - This stream will only be progressed if it is impossible to - progress the parent stream (the one on which this one depends). - Passing the value ``0`` means that this stream does not depend on - any other. Defaults to ``0``. - :type depends_on: ``int`` - - :param exclusive: Whether this stream is an exclusive dependency of its - "parent" stream (i.e. the stream given by ``depends_on``). If a - stream is an exclusive dependency of another, that means that all - previously-set children of the parent are moved to become children - of the new exclusively-dependent stream. Defaults to ``False``. - :type exclusive: ``bool`` - """ - if not self.config.client_side: - raise RFC1122Error("Servers SHOULD NOT prioritize streams.") - - self.state_machine.process_input( - ConnectionInputs.SEND_PRIORITY - ) - - frame = PriorityFrame(stream_id) - frame = _add_frame_priority(frame, weight, depends_on, exclusive) - - self._prepare_for_sending([frame]) - - def local_flow_control_window(self, stream_id): - """ - Returns the maximum amount of data that can be sent on stream - ``stream_id``. - - This value will never be larger than the total data that can be sent on - the connection: even if the given stream allows more data, the - connection window provides a logical maximum to the amount of data that - can be sent. - - The maximum data that can be sent in a single data frame on a stream - is either this value, or the maximum frame size, whichever is - *smaller*. - - :param stream_id: The ID of the stream whose flow control window is - being queried. - :type stream_id: ``int`` - :returns: The amount of data in bytes that can be sent on the stream - before the flow control window is exhausted. - :rtype: ``int`` - """ - stream = self._get_stream_by_id(stream_id) - return min( - self.outbound_flow_control_window, - stream.outbound_flow_control_window - ) - - def remote_flow_control_window(self, stream_id): - """ - Returns the maximum amount of data the remote peer can send on stream - ``stream_id``. - - This value will never be larger than the total data that can be sent on - the connection: even if the given stream allows more data, the - connection window provides a logical maximum to the amount of data that - can be sent. - - The maximum data that can be sent in a single data frame on a stream - is either this value, or the maximum frame size, whichever is - *smaller*. - - :param stream_id: The ID of the stream whose flow control window is - being queried. - :type stream_id: ``int`` - :returns: The amount of data in bytes that can be received on the - stream before the flow control window is exhausted. - :rtype: ``int`` - """ - stream = self._get_stream_by_id(stream_id) - return min( - self.inbound_flow_control_window, - stream.inbound_flow_control_window - ) - - def acknowledge_received_data(self, acknowledged_size, stream_id): - """ - Inform the :class:`H2Connection ` that a - certain number of flow-controlled bytes have been processed, and that - the space should be handed back to the remote peer at an opportune - time. - - .. versionadded:: 2.5.0 - - :param acknowledged_size: The total *flow-controlled size* of the data - that has been processed. Note that this must include the amount of - padding that was sent with that data. - :type acknowledged_size: ``int`` - :param stream_id: The ID of the stream on which this data was received. - :type stream_id: ``int`` - :returns: Nothing - :rtype: ``None`` - """ - self.config.logger.debug( - "Ack received data on stream ID %d with size %d", - stream_id, acknowledged_size - ) - if stream_id <= 0: - raise ValueError( - "Stream ID %d is not valid for acknowledge_received_data" % - stream_id - ) - if acknowledged_size < 0: - raise ValueError("Cannot acknowledge negative data") - - frames = [] - - conn_manager = self._inbound_flow_control_window_manager - conn_increment = conn_manager.process_bytes(acknowledged_size) - if conn_increment: - f = WindowUpdateFrame(0) - f.window_increment = conn_increment - frames.append(f) - - try: - stream = self._get_stream_by_id(stream_id) - except StreamClosedError: - # The stream is already gone. We're not worried about incrementing - # the window in this case. - pass - else: - # No point incrementing the windows of closed streams. - if stream.open: - frames.extend( - stream.acknowledge_received_data(acknowledged_size) - ) - - self._prepare_for_sending(frames) - - def data_to_send(self, amt=None): - """ - Returns some data for sending out of the internal data buffer. - - This method is analogous to ``read`` on a file-like object, but it - doesn't block. Instead, it returns as much data as the user asks for, - or less if that much data is not available. It does not perform any - I/O, and so uses a different name. - - :param amt: (optional) The maximum amount of data to return. If not - set, or set to ``None``, will return as much data as possible. - :type amt: ``int`` - :returns: A bytestring containing the data to send on the wire. - :rtype: ``bytes`` - """ - if amt is None: - data = self._data_to_send - self._data_to_send = b'' - return data - else: - data = self._data_to_send[:amt] - self._data_to_send = self._data_to_send[amt:] - return data - - def clear_outbound_data_buffer(self): - """ - Clears the outbound data buffer, such that if this call was immediately - followed by a call to - :meth:`data_to_send `, that - call would return no data. - - This method should not normally be used, but is made available to avoid - exposing implementation details. - """ - self._data_to_send = b'' - - def _acknowledge_settings(self): - """ - Acknowledge settings that have been received. - - .. versionchanged:: 2.0.0 - Removed from public API, removed useless ``event`` parameter, made - automatic. - - :returns: Nothing - """ - self.state_machine.process_input(ConnectionInputs.SEND_SETTINGS) - - changes = self.remote_settings.acknowledge() - - if SettingCodes.INITIAL_WINDOW_SIZE in changes: - setting = changes[SettingCodes.INITIAL_WINDOW_SIZE] - self._flow_control_change_from_settings( - setting.original_value, - setting.new_value, - ) - - # HEADER_TABLE_SIZE changes by the remote part affect our encoder: cf. - # RFC 7540 Section 6.5.2. - if SettingCodes.HEADER_TABLE_SIZE in changes: - setting = changes[SettingCodes.HEADER_TABLE_SIZE] - self.encoder.header_table_size = setting.new_value - - if SettingCodes.MAX_FRAME_SIZE in changes: - setting = changes[SettingCodes.MAX_FRAME_SIZE] - self.max_outbound_frame_size = setting.new_value - for stream in self.streams.values(): - stream.max_outbound_frame_size = setting.new_value - - f = SettingsFrame(0) - f.flags.add('ACK') - return [f] - - def _flow_control_change_from_settings(self, old_value, new_value): - """ - Update flow control windows in response to a change in the value of - SETTINGS_INITIAL_WINDOW_SIZE. - - When this setting is changed, it automatically updates all flow control - windows by the delta in the settings values. Note that it does not - increment the *connection* flow control window, per section 6.9.2 of - RFC 7540. - """ - delta = new_value - old_value - - for stream in self.streams.values(): - stream.outbound_flow_control_window = guard_increment_window( - stream.outbound_flow_control_window, - delta - ) - - def _inbound_flow_control_change_from_settings(self, old_value, new_value): - """ - Update remote flow control windows in response to a change in the value - of SETTINGS_INITIAL_WINDOW_SIZE. - - When this setting is changed, it automatically updates all remote flow - control windows by the delta in the settings values. - """ - delta = new_value - old_value - - for stream in self.streams.values(): - stream._inbound_flow_control_change_from_settings(delta) - - def receive_data(self, data): - """ - Pass some received HTTP/2 data to the connection for handling. - - :param data: The data received from the remote peer on the network. - :type data: ``bytes`` - :returns: A list of events that the remote peer triggered by sending - this data. - """ - self.config.logger.debug( - "Process received data on connection. Received data: %r", data - ) - - events = [] - self.incoming_buffer.add_data(data) - self.incoming_buffer.max_frame_size = self.max_inbound_frame_size - - try: - for frame in self.incoming_buffer: - events.extend(self._receive_frame(frame)) - except InvalidPaddingError: - self._terminate_connection(ErrorCodes.PROTOCOL_ERROR) - raise ProtocolError("Received frame with invalid padding.") - except ProtocolError as e: - # For whatever reason, receiving the frame caused a protocol error. - # We should prepare to emit a GoAway frame before throwing the - # exception up further. No need for an event: the exception will - # do fine. - self._terminate_connection(e.error_code) - raise - - return events - - def _receive_frame(self, frame): - """ - Handle a frame received on the connection. - - .. versionchanged:: 2.0.0 - Removed from the public API. - """ - try: - # I don't love using __class__ here, maybe reconsider it. - frames, events = self._frame_dispatch_table[frame.__class__](frame) - except StreamClosedError as e: - # If the stream was closed by RST_STREAM, we just send a RST_STREAM - # to the remote peer. Otherwise, this is a connection error, and so - # we will re-raise to trigger one. - if self._stream_is_closed_by_reset(e.stream_id): - f = RstStreamFrame(e.stream_id) - f.error_code = e.error_code - self._prepare_for_sending([f]) - events = e._events - else: - raise - except StreamIDTooLowError as e: - # The stream ID seems invalid. This may happen when the closed - # stream has been cleaned up, or when the remote peer has opened a - # new stream with a higher stream ID than this one, forcing it - # closed implicitly. - # - # Check how the stream was closed: depending on the mechanism, it - # is either a stream error or a connection error. - if self._stream_is_closed_by_reset(e.stream_id): - # Closed by RST_STREAM is a stream error. - f = RstStreamFrame(e.stream_id) - f.error_code = ErrorCodes.STREAM_CLOSED - self._prepare_for_sending([f]) - events = [] - elif self._stream_is_closed_by_end(e.stream_id): - # Closed by END_STREAM is a connection error. - raise StreamClosedError(e.stream_id) - else: - # Closed implicitly, also a connection error, but of type - # PROTOCOL_ERROR. - raise - else: - self._prepare_for_sending(frames) - - return events - - def _terminate_connection(self, error_code): - """ - Terminate the connection early. Used in error handling blocks to send - GOAWAY frames. - """ - f = GoAwayFrame(0) - f.last_stream_id = self.highest_inbound_stream_id - f.error_code = error_code - self.state_machine.process_input(ConnectionInputs.SEND_GOAWAY) - self._prepare_for_sending([f]) - - def _receive_headers_frame(self, frame): - """ - Receive a headers frame on the connection. - """ - # If necessary, check we can open the stream. Also validate that the - # stream ID is valid. - if frame.stream_id not in self.streams: - max_open_streams = self.local_settings.max_concurrent_streams - if (self.open_inbound_streams + 1) > max_open_streams: - raise TooManyStreamsError( - "Max outbound streams is %d, %d open" % - (max_open_streams, self.open_outbound_streams) - ) - - # Let's decode the headers. We handle headers as bytes internally up - # until we hang them off the event, at which point we may optionally - # convert them to unicode. - headers = _decode_headers(self.decoder, frame.data) - - events = self.state_machine.process_input( - ConnectionInputs.RECV_HEADERS - ) - stream = self._get_or_create_stream( - frame.stream_id, AllowedStreamIDs(not self.config.client_side) - ) - frames, stream_events = stream.receive_headers( - headers, - 'END_STREAM' in frame.flags, - self.config.header_encoding - ) - - if 'PRIORITY' in frame.flags: - p_frames, p_events = self._receive_priority_frame(frame) - stream_events[0].priority_updated = p_events[0] - stream_events.extend(p_events) - assert not p_frames - - return frames, events + stream_events - - def _receive_push_promise_frame(self, frame): - """ - Receive a push-promise frame on the connection. - """ - if not self.local_settings.enable_push: - raise ProtocolError("Received pushed stream") - - pushed_headers = _decode_headers(self.decoder, frame.data) - - events = self.state_machine.process_input( - ConnectionInputs.RECV_PUSH_PROMISE - ) - - try: - stream = self._get_stream_by_id(frame.stream_id) - except NoSuchStreamError: - # We need to check if the parent stream was reset by us. If it was - # then we presume that the PUSH_PROMISE was in flight when we reset - # the parent stream. Rather than accept the new stream, just reset - # it. - # - # If this was closed naturally, however, we should call this a - # PROTOCOL_ERROR: pushing a stream on a naturally closed stream is - # a real problem because it creates a brand new stream that the - # remote peer now believes exists. - if (self._stream_closed_by(frame.stream_id) == - StreamClosedBy.SEND_RST_STREAM): - f = RstStreamFrame(frame.promised_stream_id) - f.error_code = ErrorCodes.REFUSED_STREAM - return [f], events - - raise ProtocolError("Attempted to push on closed stream.") - - # We need to prevent peers pushing streams in response to streams that - # they themselves have already pushed: see #163 and RFC 7540 § 6.6. The - # easiest way to do that is to assert that the stream_id is not even: - # this shortcut works because only servers can push and the state - # machine will enforce this. - if (frame.stream_id % 2) == 0: - raise ProtocolError("Cannot recursively push streams.") - - try: - frames, stream_events = stream.receive_push_promise_in_band( - frame.promised_stream_id, - pushed_headers, - self.config.header_encoding, - ) - except StreamClosedError: - # The parent stream was reset by us, so we presume that - # PUSH_PROMISE was in flight when we reset the parent stream. - # So we just reset the new stream. - f = RstStreamFrame(frame.promised_stream_id) - f.error_code = ErrorCodes.REFUSED_STREAM - return [f], events - - new_stream = self._begin_new_stream( - frame.promised_stream_id, AllowedStreamIDs.EVEN - ) - self.streams[frame.promised_stream_id] = new_stream - new_stream.remotely_pushed(pushed_headers) - - return frames, events + stream_events - - def _receive_data_frame(self, frame): - """ - Receive a data frame on the connection. - """ - flow_controlled_length = frame.flow_controlled_length - - events = self.state_machine.process_input( - ConnectionInputs.RECV_DATA - ) - self._inbound_flow_control_window_manager.window_consumed( - flow_controlled_length - ) - stream = self._get_stream_by_id(frame.stream_id) - frames, stream_events = stream.receive_data( - frame.data, - 'END_STREAM' in frame.flags, - flow_controlled_length - ) - return frames, events + stream_events - - def _receive_settings_frame(self, frame): - """ - Receive a SETTINGS frame on the connection. - """ - events = self.state_machine.process_input( - ConnectionInputs.RECV_SETTINGS - ) - - # This is an ack of the local settings. - if 'ACK' in frame.flags: - changed_settings = self._local_settings_acked() - ack_event = SettingsAcknowledged() - ack_event.changed_settings = changed_settings - events.append(ack_event) - return [], events - - # Add the new settings. - self.remote_settings.update(frame.settings) - events.append( - RemoteSettingsChanged.from_settings( - self.remote_settings, frame.settings - ) - ) - frames = self._acknowledge_settings() - - return frames, events - - def _receive_window_update_frame(self, frame): - """ - Receive a WINDOW_UPDATE frame on the connection. - """ - # Validate the frame. - if not (1 <= frame.window_increment <= self.MAX_WINDOW_INCREMENT): - raise ProtocolError( - "Flow control increment must be between 1 and %d, received %d" - % (self.MAX_WINDOW_INCREMENT, frame.window_increment) - ) - - events = self.state_machine.process_input( - ConnectionInputs.RECV_WINDOW_UPDATE - ) - - if frame.stream_id: - stream = self._get_stream_by_id(frame.stream_id) - frames, stream_events = stream.receive_window_update( - frame.window_increment - ) - else: - # Increment our local flow control window. - self.outbound_flow_control_window = guard_increment_window( - self.outbound_flow_control_window, - frame.window_increment - ) - - # FIXME: Should we split this into one event per active stream? - window_updated_event = WindowUpdated() - window_updated_event.stream_id = 0 - window_updated_event.delta = frame.window_increment - stream_events = [window_updated_event] - frames = [] - - return frames, events + stream_events - - def _receive_ping_frame(self, frame): - """ - Receive a PING frame on the connection. - """ - events = self.state_machine.process_input( - ConnectionInputs.RECV_PING - ) - flags = [] - - if 'ACK' in frame.flags: - evt = PingAcknowledged() - evt.ping_data = frame.opaque_data - events.append(evt) - else: - f = PingFrame(0) - f.flags = {'ACK'} - f.opaque_data = frame.opaque_data - flags.append(f) - - return flags, events - - def _receive_rst_stream_frame(self, frame): - """ - Receive a RST_STREAM frame on the connection. - """ - events = self.state_machine.process_input( - ConnectionInputs.RECV_RST_STREAM - ) - try: - stream = self._get_stream_by_id(frame.stream_id) - except NoSuchStreamError: - # The stream is missing. That's ok, we just do nothing here. - stream_frames = [] - stream_events = [] - else: - stream_frames, stream_events = stream.stream_reset(frame) - - return stream_frames, events + stream_events - - def _receive_priority_frame(self, frame): - """ - Receive a PRIORITY frame on the connection. - """ - events = self.state_machine.process_input( - ConnectionInputs.RECV_PRIORITY - ) - - event = PriorityUpdated() - event.stream_id = frame.stream_id - event.depends_on = frame.depends_on - event.exclusive = frame.exclusive - - # Weight is an integer between 1 and 256, but the byte only allows - # 0 to 255: add one. - event.weight = frame.stream_weight + 1 - - # A stream may not depend on itself. - if event.depends_on == frame.stream_id: - raise ProtocolError( - "Stream %d may not depend on itself" % frame.stream_id - ) - events.append(event) - - return [], events - - def _receive_goaway_frame(self, frame): - """ - Receive a GOAWAY frame on the connection. - """ - events = self.state_machine.process_input( - ConnectionInputs.RECV_GOAWAY - ) - - # Clear the outbound data buffer: we cannot send further data now. - self.clear_outbound_data_buffer() - - # Fire an appropriate ConnectionTerminated event. - new_event = ConnectionTerminated() - new_event.error_code = _error_code_from_int(frame.error_code) - new_event.last_stream_id = frame.last_stream_id - new_event.additional_data = (frame.additional_data - if frame.additional_data else None) - events.append(new_event) - - return [], events - - def _receive_naked_continuation(self, frame): - """ - A naked CONTINUATION frame has been received. This is always an error, - but the type of error it is depends on the state of the stream and must - transition the state of the stream, so we need to pass it to the - appropriate stream. - """ - stream = self._get_stream_by_id(frame.stream_id) - stream.receive_continuation() - assert False, "Should not be reachable" - - def _receive_alt_svc_frame(self, frame): - """ - An ALTSVC frame has been received. This frame, specified in RFC 7838, - is used to advertise alternative places where the same service can be - reached. - - This frame can optionally be received either on a stream or on stream - 0, and its semantics are different in each case. - """ - events = self.state_machine.process_input( - ConnectionInputs.RECV_ALTERNATIVE_SERVICE - ) - frames = [] - - if frame.stream_id: - # Given that it makes no sense to receive ALTSVC on a stream - # before that stream has been opened with a HEADERS frame, the - # ALTSVC frame cannot create a stream. If the stream is not - # present, we simply ignore the frame. - try: - stream = self._get_stream_by_id(frame.stream_id) - except (NoSuchStreamError, StreamClosedError): - pass - else: - stream_frames, stream_events = stream.receive_alt_svc(frame) - frames.extend(stream_frames) - events.extend(stream_events) - else: - # This frame is sent on stream 0. The origin field on the frame - # must be present, though if it isn't it's not a ProtocolError - # (annoyingly), we just need to ignore it. - if not frame.origin: - return frames, events - - # If we're a server, we want to ignore this (RFC 7838 says so). - if not self.config.client_side: - return frames, events - - event = AlternativeServiceAvailable() - event.origin = frame.origin - event.field_value = frame.field - events.append(event) - - return frames, events - - def _receive_unknown_frame(self, frame): - """ - We have received a frame that we do not understand. This is almost - certainly an extension frame, though it's impossible to be entirely - sure. - - RFC 7540 § 5.5 says that we MUST ignore unknown frame types: so we - do. - """ - # All we do here is log. - self.config.logger.debug( - "Received unknown extension frame (ID %d)", frame.stream_id - ) - return [], [] - - def _local_settings_acked(self): - """ - Handle the local settings being ACKed, update internal state. - """ - changes = self.local_settings.acknowledge() - - if SettingCodes.INITIAL_WINDOW_SIZE in changes: - setting = changes[SettingCodes.INITIAL_WINDOW_SIZE] - self._inbound_flow_control_change_from_settings( - setting.original_value, - setting.new_value, - ) - - if SettingCodes.MAX_HEADER_LIST_SIZE in changes: - setting = changes[SettingCodes.MAX_HEADER_LIST_SIZE] - self.decoder.max_header_list_size = setting.new_value - - if SettingCodes.MAX_FRAME_SIZE in changes: - setting = changes[SettingCodes.MAX_FRAME_SIZE] - self.max_inbound_frame_size = setting.new_value - - if SettingCodes.HEADER_TABLE_SIZE in changes: - setting = changes[SettingCodes.HEADER_TABLE_SIZE] - # This is safe across all hpack versions: some versions just won't - # respect it. - self.decoder.max_allowed_table_size = setting.new_value - - return changes - - def _stream_id_is_outbound(self, stream_id): - """ - Returns ``True`` if the stream ID corresponds to an outbound stream - (one initiated by this peer), returns ``False`` otherwise. - """ - return (stream_id % 2 == int(self.config.client_side)) - - def _stream_closed_by(self, stream_id): - """ - Returns how the stream was closed. - - The return value will be either a member of - ``h2.stream.StreamClosedBy`` or ``None``. If ``None``, the stream was - closed implicitly by the peer opening a stream with a higher stream ID - before opening this one. - """ - if stream_id in self.streams: - return self.streams[stream_id].closed_by - if stream_id in self._closed_streams: - return self._closed_streams[stream_id] - return None - - def _stream_is_closed_by_reset(self, stream_id): - """ - Returns ``True`` if the stream was closed by sending or receiving a - RST_STREAM frame. Returns ``False`` otherwise. - """ - return self._stream_closed_by(stream_id) in ( - StreamClosedBy.RECV_RST_STREAM, StreamClosedBy.SEND_RST_STREAM - ) - - def _stream_is_closed_by_end(self, stream_id): - """ - Returns ``True`` if the stream was closed by sending or receiving an - END_STREAM flag in a HEADERS or DATA frame. Returns ``False`` - otherwise. - """ - return self._stream_closed_by(stream_id) in ( - StreamClosedBy.RECV_END_STREAM, StreamClosedBy.SEND_END_STREAM - ) - - -def _add_frame_priority(frame, weight=None, depends_on=None, exclusive=None): - """ - Adds priority data to a given frame. Does not change any flags set on that - frame: if the caller is adding priority information to a HEADERS frame they - must set that themselves. - - This method also deliberately sets defaults for anything missing. - - This method validates the input values. - """ - # A stream may not depend on itself. - if depends_on == frame.stream_id: - raise ProtocolError( - "Stream %d may not depend on itself" % frame.stream_id - ) - - # Weight must be between 1 and 256. - if weight is not None: - if weight > 256 or weight < 1: - raise ProtocolError( - "Weight must be between 1 and 256, not %d" % weight - ) - else: - # Weight is an integer between 1 and 256, but the byte only allows - # 0 to 255: subtract one. - weight -= 1 - - # Set defaults for anything not provided. - weight = weight if weight is not None else 15 - depends_on = depends_on if depends_on is not None else 0 - exclusive = exclusive if exclusive is not None else False - - frame.stream_weight = weight - frame.depends_on = depends_on - frame.exclusive = exclusive - - return frame - - -def _decode_headers(decoder, encoded_header_block): - """ - Decode a HPACK-encoded header block, translating HPACK exceptions into - sensible hyper-h2 errors. - - This only ever returns bytestring headers: hyper-h2 may emit them as - unicode later, but internally it processes them as bytestrings only. - """ - try: - return decoder.decode(encoded_header_block, raw=True) - except OversizedHeaderListError as e: - # This is a symptom of a HPACK bomb attack: the user has - # disregarded our requirements on how large a header block we'll - # accept. - raise DenialOfServiceError("Oversized header block: %s" % e) - except (HPACKError, IndexError, TypeError, UnicodeDecodeError) as e: - # We should only need HPACKError here, but versions of HPACK older - # than 2.1.0 throw all three others as well. For maximum - # compatibility, catch all of them. - raise ProtocolError("Error decoding header block: %s" % e) diff --git a/tools/third_party/hyper/hyper/h2/errors.py b/tools/third_party/hyper/hyper/h2/errors.py deleted file mode 100755 index 1198b3b8a84f0f..00000000000000 --- a/tools/third_party/hyper/hyper/h2/errors.py +++ /dev/null @@ -1,183 +0,0 @@ -# -*- coding: utf-8 -*- -""" -h2/errors -~~~~~~~~~~~~~~~~~~~ - -Global error code registry containing the established HTTP/2 error codes. - -The current registry is available at: -https://tools.ietf.org/html/rfc7540#section-11.4 -""" -import enum - - -class ErrorCodes(enum.IntEnum): - """ - All known HTTP/2 error codes. - - .. versionadded:: 2.5.0 - """ - #: Graceful shutdown. - NO_ERROR = 0x0 - - #: Protocol error detected. - PROTOCOL_ERROR = 0x1 - - #: Implementation fault. - INTERNAL_ERROR = 0x2 - - #: Flow-control limits exceeded. - FLOW_CONTROL_ERROR = 0x3 - - #: Settings not acknowledged. - SETTINGS_TIMEOUT = 0x4 - - #: Frame received for closed stream. - STREAM_CLOSED = 0x5 - - #: Frame size incorrect. - FRAME_SIZE_ERROR = 0x6 - - #: Stream not processed. - REFUSED_STREAM = 0x7 - - #: Stream cancelled. - CANCEL = 0x8 - - #: Compression state not updated. - COMPRESSION_ERROR = 0x9 - - #: TCP connection error for CONNECT method. - CONNECT_ERROR = 0xa - - #: Processing capacity exceeded. - ENHANCE_YOUR_CALM = 0xb - - #: Negotiated TLS parameters not acceptable. - INADEQUATE_SECURITY = 0xc - - #: Use HTTP/1.1 for the request. - HTTP_1_1_REQUIRED = 0xd - - -def _error_code_from_int(code): - """ - Given an integer error code, returns either one of :class:`ErrorCodes - ` or, if not present in the known set of codes, - returns the integer directly. - """ - try: - return ErrorCodes(code) - except ValueError: - return code - - -#: Graceful shutdown. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.NO_ERROR -#: `. -NO_ERROR = ErrorCodes.NO_ERROR - -#: Protocol error detected. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.PROTOCOL_ERROR -#: `. -PROTOCOL_ERROR = ErrorCodes.PROTOCOL_ERROR - -#: Implementation fault. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.INTERNAL_ERROR -#: `. -INTERNAL_ERROR = ErrorCodes.INTERNAL_ERROR - -#: Flow-control limits exceeded. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.FLOW_CONTROL_ERROR -#: `. -FLOW_CONTROL_ERROR = ErrorCodes.FLOW_CONTROL_ERROR - -#: Settings not acknowledged. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.SETTINGS_TIMEOUT -#: `. -SETTINGS_TIMEOUT = ErrorCodes.SETTINGS_TIMEOUT - -#: Frame received for closed stream. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.STREAM_CLOSED -#: `. -STREAM_CLOSED = ErrorCodes.STREAM_CLOSED - -#: Frame size incorrect. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.FRAME_SIZE_ERROR -#: `. -FRAME_SIZE_ERROR = ErrorCodes.FRAME_SIZE_ERROR - -#: Stream not processed. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.REFUSED_STREAM -#: `. -REFUSED_STREAM = ErrorCodes.REFUSED_STREAM - -#: Stream cancelled. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.CANCEL -#: `. -CANCEL = ErrorCodes.CANCEL - -#: Compression state not updated. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.COMPRESSION_ERROR -#: `. -COMPRESSION_ERROR = ErrorCodes.COMPRESSION_ERROR - -#: TCP connection error for CONNECT method. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.CONNECT_ERROR -#: `. -CONNECT_ERROR = ErrorCodes.CONNECT_ERROR - -#: Processing capacity exceeded. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.ENHANCE_YOUR_CALM -#: `. -ENHANCE_YOUR_CALM = ErrorCodes.ENHANCE_YOUR_CALM - -#: Negotiated TLS parameters not acceptable. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.INADEQUATE_SECURITY -#: `. -INADEQUATE_SECURITY = ErrorCodes.INADEQUATE_SECURITY - -#: Use HTTP/1.1 for the request. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes.HTTP_1_1_REQUIRED -#: `. -HTTP_1_1_REQUIRED = ErrorCodes.HTTP_1_1_REQUIRED - -#: All known HTTP/2 error codes. -#: -#: .. deprecated:: 2.5.0 -#: Deprecated in favour of :class:`ErrorCodes `. -H2_ERRORS = list(ErrorCodes) - -__all__ = ['H2_ERRORS', 'NO_ERROR', 'PROTOCOL_ERROR', 'INTERNAL_ERROR', - 'FLOW_CONTROL_ERROR', 'SETTINGS_TIMEOUT', 'STREAM_CLOSED', - 'FRAME_SIZE_ERROR', 'REFUSED_STREAM', 'CANCEL', 'COMPRESSION_ERROR', - 'CONNECT_ERROR', 'ENHANCE_YOUR_CALM', 'INADEQUATE_SECURITY', - 'HTTP_1_1_REQUIRED', 'ErrorCodes'] diff --git a/tools/third_party/hyper/hyper/h2/events.py b/tools/third_party/hyper/hyper/h2/events.py deleted file mode 100755 index 55f202183541f7..00000000000000 --- a/tools/third_party/hyper/hyper/h2/events.py +++ /dev/null @@ -1,597 +0,0 @@ -# -*- coding: utf-8 -*- -""" -h2/events -~~~~~~~~~ - -Defines Event types for HTTP/2. - -Events are returned by the H2 state machine to allow implementations to keep -track of events triggered by receiving data. Each time data is provided to the -H2 state machine it processes the data and returns a list of Event objects. -""" -import binascii - -from .settings import ChangedSetting, _setting_code_from_int - - -class Event(object): - """ - Base class for h2 events. - """ - pass - - -class RequestReceived(Event): - """ - The RequestReceived event is fired whenever request headers are received. - This event carries the HTTP headers for the given request and the stream ID - of the new stream. - - .. versionchanged:: 2.3.0 - Changed the type of ``headers`` to :class:`HeaderTuple - `. This has no effect on current users. - - .. versionchanged:: 2.4.0 - Added ``stream_ended`` and ``priority_updated`` properties. - """ - def __init__(self): - #: The Stream ID for the stream this request was made on. - self.stream_id = None - - #: The request headers. - self.headers = None - - #: If this request also ended the stream, the associated - #: :class:`StreamEnded ` event will be available - #: here. - #: - #: .. versionadded:: 2.4.0 - self.stream_ended = None - - #: If this request also had associated priority information, the - #: associated :class:`PriorityUpdated ` - #: event will be available here. - #: - #: .. versionadded:: 2.4.0 - self.priority_updated = None - - def __repr__(self): - return "" % ( - self.stream_id, self.headers - ) - - -class ResponseReceived(Event): - """ - The ResponseReceived event is fired whenever response headers are received. - This event carries the HTTP headers for the given response and the stream - ID of the new stream. - - .. versionchanged:: 2.3.0 - Changed the type of ``headers`` to :class:`HeaderTuple - `. This has no effect on current users. - - .. versionchanged:: 2.4.0 - Added ``stream_ended`` and ``priority_updated`` properties. - """ - def __init__(self): - #: The Stream ID for the stream this response was made on. - self.stream_id = None - - #: The response headers. - self.headers = None - - #: If this response also ended the stream, the associated - #: :class:`StreamEnded ` event will be available - #: here. - #: - #: .. versionadded:: 2.4.0 - self.stream_ended = None - - #: If this response also had associated priority information, the - #: associated :class:`PriorityUpdated ` - #: event will be available here. - #: - #: .. versionadded:: 2.4.0 - self.priority_updated = None - - def __repr__(self): - return "" % ( - self.stream_id, self.headers - ) - - -class TrailersReceived(Event): - """ - The TrailersReceived event is fired whenever trailers are received on a - stream. Trailers are a set of headers sent after the body of the - request/response, and are used to provide information that wasn't known - ahead of time (e.g. content-length). This event carries the HTTP header - fields that form the trailers and the stream ID of the stream on which they - were received. - - .. versionchanged:: 2.3.0 - Changed the type of ``headers`` to :class:`HeaderTuple - `. This has no effect on current users. - - .. versionchanged:: 2.4.0 - Added ``stream_ended`` and ``priority_updated`` properties. - """ - def __init__(self): - #: The Stream ID for the stream on which these trailers were received. - self.stream_id = None - - #: The trailers themselves. - self.headers = None - - #: Trailers always end streams. This property has the associated - #: :class:`StreamEnded ` in it. - #: - #: .. versionadded:: 2.4.0 - self.stream_ended = None - - #: If the trailers also set associated priority information, the - #: associated :class:`PriorityUpdated ` - #: event will be available here. - #: - #: .. versionadded:: 2.4.0 - self.priority_updated = None - - def __repr__(self): - return "" % ( - self.stream_id, self.headers - ) - - -class _HeadersSent(Event): - """ - The _HeadersSent event is fired whenever headers are sent. - - This is an internal event, used to determine validation steps on - outgoing header blocks. - """ - pass - - -class _ResponseSent(_HeadersSent): - """ - The _ResponseSent event is fired whenever response headers are sent - on a stream. - - This is an internal event, used to determine validation steps on - outgoing header blocks. - """ - pass - - -class _RequestSent(_HeadersSent): - """ - The _RequestSent event is fired whenever request headers are sent - on a stream. - - This is an internal event, used to determine validation steps on - outgoing header blocks. - """ - pass - - -class _TrailersSent(_HeadersSent): - """ - The _TrailersSent event is fired whenever trailers are sent on a - stream. Trailers are a set of headers sent after the body of the - request/response, and are used to provide information that wasn't known - ahead of time (e.g. content-length). - - This is an internal event, used to determine validation steps on - outgoing header blocks. - """ - pass - - -class _PushedRequestSent(_HeadersSent): - """ - The _PushedRequestSent event is fired whenever pushed request headers are - sent. - - This is an internal event, used to determine validation steps on outgoing - header blocks. - """ - pass - - -class InformationalResponseReceived(Event): - """ - The InformationalResponseReceived event is fired when an informational - response (that is, one whose status code is a 1XX code) is received from - the remote peer. - - The remote peer may send any number of these, from zero upwards. These - responses are most commonly sent in response to requests that have the - ``expect: 100-continue`` header field present. Most users can safely - ignore this event unless you are intending to use the - ``expect: 100-continue`` flow, or are for any reason expecting a different - 1XX status code. - - .. versionadded:: 2.2.0 - - .. versionchanged:: 2.3.0 - Changed the type of ``headers`` to :class:`HeaderTuple - `. This has no effect on current users. - - .. versionchanged:: 2.4.0 - Added ``priority_updated`` property. - """ - def __init__(self): - #: The Stream ID for the stream this informational response was made - #: on. - self.stream_id = None - - #: The headers for this informational response. - self.headers = None - - #: If this response also had associated priority information, the - #: associated :class:`PriorityUpdated ` - #: event will be available here. - #: - #: .. versionadded:: 2.4.0 - self.priority_updated = None - - def __repr__(self): - return "" % ( - self.stream_id, self.headers - ) - - -class DataReceived(Event): - """ - The DataReceived event is fired whenever data is received on a stream from - the remote peer. The event carries the data itself, and the stream ID on - which the data was received. - - .. versionchanged:: 2.4.0 - Added ``stream_ended`` property. - """ - def __init__(self): - #: The Stream ID for the stream this data was received on. - self.stream_id = None - - #: The data itself. - self.data = None - - #: The amount of data received that counts against the flow control - #: window. Note that padding counts against the flow control window, so - #: when adjusting flow control you should always use this field rather - #: than ``len(data)``. - self.flow_controlled_length = None - - #: If this data chunk also completed the stream, the associated - #: :class:`StreamEnded ` event will be available - #: here. - #: - #: .. versionadded:: 2.4.0 - self.stream_ended = None - - def __repr__(self): - return ( - "" % ( - self.stream_id, - self.flow_controlled_length, - _bytes_representation(self.data[:20]), - ) - ) - - -class WindowUpdated(Event): - """ - The WindowUpdated event is fired whenever a flow control window changes - size. HTTP/2 defines flow control windows for connections and streams: this - event fires for both connections and streams. The event carries the ID of - the stream to which it applies (set to zero if the window update applies to - the connection), and the delta in the window size. - """ - def __init__(self): - #: The Stream ID of the stream whose flow control window was changed. - #: May be ``0`` if the connection window was changed. - self.stream_id = None - - #: The window delta. - self.delta = None - - def __repr__(self): - return "" % ( - self.stream_id, self.delta - ) - - -class RemoteSettingsChanged(Event): - """ - The RemoteSettingsChanged event is fired whenever the remote peer changes - its settings. It contains a complete inventory of changed settings, - including their previous values. - - In HTTP/2, settings changes need to be acknowledged. hyper-h2 automatically - acknowledges settings changes for efficiency. However, it is possible that - the caller may not be happy with the changed setting. - - When this event is received, the caller should confirm that the new - settings are acceptable. If they are not acceptable, the user should close - the connection with the error code :data:`PROTOCOL_ERROR - `. - - .. versionchanged:: 2.0.0 - Prior to this version the user needed to acknowledge settings changes. - This is no longer the case: hyper-h2 now automatically acknowledges - them. - """ - def __init__(self): - #: A dictionary of setting byte to - #: :class:`ChangedSetting `, representing - #: the changed settings. - self.changed_settings = {} - - @classmethod - def from_settings(cls, old_settings, new_settings): - """ - Build a RemoteSettingsChanged event from a set of changed settings. - - :param old_settings: A complete collection of old settings, in the form - of a dictionary of ``{setting: value}``. - :param new_settings: All the changed settings and their new values, in - the form of a dictionary of ``{setting: value}``. - """ - e = cls() - for setting, new_value in new_settings.items(): - setting = _setting_code_from_int(setting) - original_value = old_settings.get(setting) - change = ChangedSetting(setting, original_value, new_value) - e.changed_settings[setting] = change - - return e - - def __repr__(self): - return "" % ( - ", ".join(repr(cs) for cs in self.changed_settings.values()), - ) - - -class PingAcknowledged(Event): - """ - The PingAcknowledged event is fired whenever a user-emitted PING is - acknowledged. This contains the data in the ACK'ed PING, allowing the - user to correlate PINGs and calculate RTT. - """ - def __init__(self): - #: The data included on the ping. - self.ping_data = None - - def __repr__(self): - return "" % ( - _bytes_representation(self.ping_data), - ) - - -class StreamEnded(Event): - """ - The StreamEnded event is fired whenever a stream is ended by a remote - party. The stream may not be fully closed if it has not been closed - locally, but no further data or headers should be expected on that stream. - """ - def __init__(self): - #: The Stream ID of the stream that was closed. - self.stream_id = None - - def __repr__(self): - return "" % self.stream_id - - -class StreamReset(Event): - """ - The StreamReset event is fired in two situations. The first is when the - remote party forcefully resets the stream. The second is when the remote - party has made a protocol error which only affects a single stream. In this - case, Hyper-h2 will terminate the stream early and return this event. - - .. versionchanged:: 2.0.0 - This event is now fired when Hyper-h2 automatically resets a stream. - """ - def __init__(self): - #: The Stream ID of the stream that was reset. - self.stream_id = None - - #: The error code given. Either one of :class:`ErrorCodes - #: ` or ``int`` - self.error_code = None - - #: Whether the remote peer sent a RST_STREAM or we did. - self.remote_reset = True - - def __repr__(self): - return "" % ( - self.stream_id, self.error_code, self.remote_reset - ) - - -class PushedStreamReceived(Event): - """ - The PushedStreamReceived event is fired whenever a pushed stream has been - received from a remote peer. The event carries on it the new stream ID, the - ID of the parent stream, and the request headers pushed by the remote peer. - """ - def __init__(self): - #: The Stream ID of the stream created by the push. - self.pushed_stream_id = None - - #: The Stream ID of the stream that the push is related to. - self.parent_stream_id = None - - #: The request headers, sent by the remote party in the push. - self.headers = None - - def __repr__(self): - return ( - "" % ( - self.pushed_stream_id, - self.parent_stream_id, - self.headers, - ) - ) - - -class SettingsAcknowledged(Event): - """ - The SettingsAcknowledged event is fired whenever a settings ACK is received - from the remote peer. The event carries on it the settings that were - acknowedged, in the same format as - :class:`h2.events.RemoteSettingsChanged`. - """ - def __init__(self): - #: A dictionary of setting byte to - #: :class:`ChangedSetting `, representing - #: the changed settings. - self.changed_settings = {} - - def __repr__(self): - return "" % ( - ", ".join(repr(cs) for cs in self.changed_settings.values()), - ) - - -class PriorityUpdated(Event): - """ - The PriorityUpdated event is fired whenever a stream sends updated priority - information. This can occur when the stream is opened, or at any time - during the stream lifetime. - - This event is purely advisory, and does not need to be acted on. - - .. versionadded:: 2.0.0 - """ - def __init__(self): - #: The ID of the stream whose priority information is being updated. - self.stream_id = None - - #: The new stream weight. May be the same as the original stream - #: weight. An integer between 1 and 256. - self.weight = None - - #: The stream ID this stream now depends on. May be ``0``. - self.depends_on = None - - #: Whether the stream *exclusively* depends on the parent stream. If it - #: does, this stream should inherit the current children of its new - #: parent. - self.exclusive = None - - def __repr__(self): - return ( - "" % ( - self.stream_id, - self.weight, - self.depends_on, - self.exclusive - ) - ) - - -class ConnectionTerminated(Event): - """ - The ConnectionTerminated event is fired when a connection is torn down by - the remote peer using a GOAWAY frame. Once received, no further action may - be taken on the connection: a new connection must be established. - """ - def __init__(self): - #: The error code cited when tearing down the connection. Should be - #: one of :class:`ErrorCodes `, but may not be if - #: unknown HTTP/2 extensions are being used. - self.error_code = None - - #: The stream ID of the last stream the remote peer saw. This can - #: provide an indication of what data, if any, never reached the remote - #: peer and so can safely be resent. - self.last_stream_id = None - - #: Additional debug data that can be appended to GOAWAY frame. - self.additional_data = None - - def __repr__(self): - return ( - "" % ( - self.error_code, - self.last_stream_id, - _bytes_representation( - self.additional_data[:20] - if self.additional_data else None) - ) - ) - - -class AlternativeServiceAvailable(Event): - """ - The AlternativeServiceAvailable event is fired when the remote peer - advertises an `RFC 7838 `_ Alternative - Service using an ALTSVC frame. - - This event always carries the origin to which the ALTSVC information - applies. That origin is either supplied by the server directly, or inferred - by hyper-h2 from the ``:authority`` pseudo-header field that was sent by - the user when initiating a given stream. - - This event also carries what RFC 7838 calls the "Alternative Service Field - Value", which is formatted like a HTTP header field and contains the - relevant alternative service information. Hyper-h2 does not parse or in any - way modify that information: the user is required to do that. - - This event can only be fired on the client end of a connection. - - .. versionadded:: 2.3.0 - """ - def __init__(self): - #: The origin to which the alternative service field value applies. - #: This field is either supplied by the server directly, or inferred by - #: hyper-h2 from the ``:authority`` pseudo-header field that was sent - #: by the user when initiating the stream on which the frame was - #: received. - self.origin = None - - #: The ALTSVC field value. This contains information about the HTTP - #: alternative service being advertised by the server. Hyper-h2 does - #: not parse this field: it is left exactly as sent by the server. The - #: structure of the data in this field is given by `RFC 7838 Section 3 - #: `_. - self.field_value = None - - def __repr__(self): - return ( - "" % ( - self.origin.decode('utf-8', 'ignore'), - self.field_value.decode('utf-8', 'ignore'), - ) - ) - - -def _bytes_representation(data): - """ - Converts a bytestring into something that is safe to print on all Python - platforms. - - This function is relatively expensive, so it should not be called on the - mainline of the code. It's safe to use in things like object repr methods - though. - """ - if data is None: - return None - - hex = binascii.hexlify(data) - - # This is moderately clever: on all Python versions hexlify returns a byte - # string. On Python 3 we want an actual string, so we just check whether - # that's what we have. - if not isinstance(hex, str): # pragma: no cover - hex = hex.decode('ascii') - - return hex diff --git a/tools/third_party/hyper/hyper/h2/exceptions.py b/tools/third_party/hyper/hyper/h2/exceptions.py deleted file mode 100755 index 388f9e9a3893d8..00000000000000 --- a/tools/third_party/hyper/hyper/h2/exceptions.py +++ /dev/null @@ -1,186 +0,0 @@ -# -*- coding: utf-8 -*- -""" -h2/exceptions -~~~~~~~~~~~~~ - -Exceptions for the HTTP/2 module. -""" -import h2.errors - - -class H2Error(Exception): - """ - The base class for all exceptions for the HTTP/2 module. - """ - - -class ProtocolError(H2Error): - """ - An action was attempted in violation of the HTTP/2 protocol. - """ - #: The error code corresponds to this kind of Protocol Error. - error_code = h2.errors.ErrorCodes.PROTOCOL_ERROR - - -class FrameTooLargeError(ProtocolError): - """ - The frame that we tried to send or that we received was too large. - """ - #: This error code that corresponds to this kind of Protocol Error. - error_code = h2.errors.ErrorCodes.FRAME_SIZE_ERROR - - -class FrameDataMissingError(ProtocolError): - """ - The frame that we received is missing some data. - - .. versionadded:: 2.0.0 - """ - #: The error code that corresponds to this kind of Protocol Error - error_code = h2.errors.ErrorCodes.FRAME_SIZE_ERROR - - -class TooManyStreamsError(ProtocolError): - """ - An attempt was made to open a stream that would lead to too many concurrent - streams. - """ - pass - - -class FlowControlError(ProtocolError): - """ - An attempted action violates flow control constraints. - """ - #: The error code that corresponds to this kind of - #: :class:`ProtocolError ` - error_code = h2.errors.ErrorCodes.FLOW_CONTROL_ERROR - - -class StreamIDTooLowError(ProtocolError): - """ - An attempt was made to open a stream that had an ID that is lower than the - highest ID we have seen on this connection. - """ - def __init__(self, stream_id, max_stream_id): - #: The ID of the stream that we attempted to open. - self.stream_id = stream_id - - #: The current highest-seen stream ID. - self.max_stream_id = max_stream_id - - def __str__(self): - return "StreamIDTooLowError: %d is lower than %d" % ( - self.stream_id, self.max_stream_id - ) - - -class NoAvailableStreamIDError(ProtocolError): - """ - There are no available stream IDs left to the connection. All stream IDs - have been exhausted. - - .. versionadded:: 2.0.0 - """ - pass - - -class NoSuchStreamError(ProtocolError): - """ - A stream-specific action referenced a stream that does not exist. - - .. versionchanged:: 2.0.0 - Became a subclass of :class:`ProtocolError - ` - """ - def __init__(self, stream_id): - #: The stream ID that corresponds to the non-existent stream. - self.stream_id = stream_id - - -class StreamClosedError(NoSuchStreamError): - """ - A more specific form of - :class:`NoSuchStreamError `. Indicates - that the stream has since been closed, and that all state relating to that - stream has been removed. - """ - def __init__(self, stream_id): - #: The stream ID that corresponds to the nonexistent stream. - self.stream_id = stream_id - - #: The relevant HTTP/2 error code. - self.error_code = h2.errors.ErrorCodes.STREAM_CLOSED - - # Any events that internal code may need to fire. Not relevant to - # external users that may receive a StreamClosedError. - self._events = [] - - -class InvalidSettingsValueError(ProtocolError, ValueError): - """ - An attempt was made to set an invalid Settings value. - - .. versionadded:: 2.0.0 - """ - def __init__(self, msg, error_code): - super(InvalidSettingsValueError, self).__init__(msg) - self.error_code = error_code - - -class InvalidBodyLengthError(ProtocolError): - """ - The remote peer sent more or less data that the Content-Length header - indicated. - - .. versionadded:: 2.0.0 - """ - def __init__(self, expected, actual): - self.expected_length = expected - self.actual_length = actual - - def __str__(self): - return "InvalidBodyLengthError: Expected %d bytes, received %d" % ( - self.expected_length, self.actual_length - ) - - -class UnsupportedFrameError(ProtocolError, KeyError): - """ - The remote peer sent a frame that is unsupported in this context. - - .. versionadded:: 2.1.0 - """ - # TODO: Remove the KeyError in 3.0.0 - pass - - -class RFC1122Error(H2Error): - """ - Emitted when users attempt to do something that is literally allowed by the - relevant RFC, but is sufficiently ill-defined that it's unwise to allow - users to actually do it. - - While there is some disagreement about whether or not we should be liberal - in what accept, it is a truth universally acknowledged that we should be - conservative in what emit. - - .. versionadded:: 2.4.0 - """ - # shazow says I'm going to regret naming the exception this way. If that - # turns out to be true, TELL HIM NOTHING. - pass - - -class DenialOfServiceError(ProtocolError): - """ - Emitted when the remote peer exhibits a behaviour that is likely to be an - attempt to perform a Denial of Service attack on the implementation. This - is a form of ProtocolError that carries a different error code, and allows - more easy detection of this kind of behaviour. - - .. versionadded:: 2.5.0 - """ - #: The error code that corresponds to this kind of - #: :class:`ProtocolError ` - error_code = h2.errors.ErrorCodes.ENHANCE_YOUR_CALM diff --git a/tools/third_party/hyper/hyper/h2/frame_buffer.py b/tools/third_party/hyper/hyper/h2/frame_buffer.py deleted file mode 100755 index bc1f7ca4e8faff..00000000000000 --- a/tools/third_party/hyper/hyper/h2/frame_buffer.py +++ /dev/null @@ -1,184 +0,0 @@ -# -*- coding: utf-8 -*- -""" -h2/frame_buffer -~~~~~~~~~~~~~~~ - -A data structure that provides a way to iterate over a byte buffer in terms of -frames. -""" -from hyperframe.exceptions import UnknownFrameError, InvalidFrameError -from hyperframe.frame import ( - Frame, HeadersFrame, ContinuationFrame, PushPromiseFrame -) - -from .exceptions import ( - ProtocolError, FrameTooLargeError, FrameDataMissingError -) - -# To avoid a DOS attack based on sending loads of continuation frames, we limit -# the maximum number we're perpared to receive. In this case, we'll set the -# limit to 64, which means the largest encoded header block we can receive by -# default is 262144 bytes long, and the largest possible *at all* is 1073741760 -# bytes long. -# -# This value seems reasonable for now, but in future we may want to evaluate -# making it configurable. -CONTINUATION_BACKLOG = 64 - - -class FrameBuffer(object): - """ - This is a data structure that expects to act as a buffer for HTTP/2 data - that allows iteraton in terms of H2 frames. - """ - def __init__(self, server=False): - self.data = b'' - self.max_frame_size = 0 - self._preamble = b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n' if server else b'' - self._preamble_len = len(self._preamble) - self._headers_buffer = [] - - def add_data(self, data): - """ - Add more data to the frame buffer. - - :param data: A bytestring containing the byte buffer. - """ - if self._preamble_len: - data_len = len(data) - of_which_preamble = min(self._preamble_len, data_len) - - if self._preamble[:of_which_preamble] != data[:of_which_preamble]: - raise ProtocolError("Invalid HTTP/2 preamble.") - - data = data[of_which_preamble:] - self._preamble_len -= of_which_preamble - self._preamble = self._preamble[of_which_preamble:] - - self.data += data - - def _parse_frame_header(self, data): - """ - Parses the frame header from the data. Either returns a tuple of - (frame, length), or throws an exception. The returned frame may be None - if the frame is of unknown type. - """ - try: - frame, length = Frame.parse_frame_header(data[:9]) - except UnknownFrameError as e: # Platform-specific: Hyperframe < 5.0 - # Here we do something a bit odd. We want to consume the frame data - # as consistently as possible, but we also don't ever want to yield - # None. Instead, we make sure that, if there is no frame, we - # recurse into ourselves. - # This can only happen now on older versions of hyperframe. - # TODO: Remove in 3.0 - length = e.length - frame = None - except ValueError as e: - # The frame header is invalid. This is a ProtocolError - raise ProtocolError("Invalid frame header received: %s" % str(e)) - - return frame, length - - def _validate_frame_length(self, length): - """ - Confirm that the frame is an appropriate length. - """ - if length > self.max_frame_size: - raise FrameTooLargeError( - "Received overlong frame: length %d, max %d" % - (length, self.max_frame_size) - ) - - def _update_header_buffer(self, f): - """ - Updates the internal header buffer. Returns a frame that should replace - the current one. May throw exceptions if this frame is invalid. - """ - # Check if we're in the middle of a headers block. If we are, this - # frame *must* be a CONTINUATION frame with the same stream ID as the - # leading HEADERS or PUSH_PROMISE frame. Anything else is a - # ProtocolError. If the frame *is* valid, append it to the header - # buffer. - if self._headers_buffer: - stream_id = self._headers_buffer[0].stream_id - valid_frame = ( - f is not None and - isinstance(f, ContinuationFrame) and - f.stream_id == stream_id - ) - if not valid_frame: - raise ProtocolError("Invalid frame during header block.") - - # Append the frame to the buffer. - self._headers_buffer.append(f) - if len(self._headers_buffer) > CONTINUATION_BACKLOG: - raise ProtocolError("Too many continuation frames received.") - - # If this is the end of the header block, then we want to build a - # mutant HEADERS frame that's massive. Use the original one we got, - # then set END_HEADERS and set its data appopriately. If it's not - # the end of the block, lose the current frame: we can't yield it. - if 'END_HEADERS' in f.flags: - f = self._headers_buffer[0] - f.flags.add('END_HEADERS') - f.data = b''.join(x.data for x in self._headers_buffer) - self._headers_buffer = [] - else: - f = None - elif (isinstance(f, (HeadersFrame, PushPromiseFrame)) and - 'END_HEADERS' not in f.flags): - # This is the start of a headers block! Save the frame off and then - # act like we didn't receive one. - self._headers_buffer.append(f) - f = None - - return f - - # The methods below support the iterator protocol. - def __iter__(self): - return self - - def next(self): # Python 2 - # First, check that we have enough data to successfully parse the - # next frame header. If not, bail. Otherwise, parse it. - if len(self.data) < 9: - raise StopIteration() - - try: - f, length = self._parse_frame_header(self.data) - except InvalidFrameError: # pragma: no cover - raise ProtocolError("Received frame with invalid frame header.") - - # Next, check that we have enough length to parse the frame body. If - # not, bail, leaving the frame header data in the buffer for next time. - if len(self.data) < length + 9: - raise StopIteration() - - # Confirm the frame has an appropriate length. - self._validate_frame_length(length) - - # Don't try to parse the body if we didn't get a frame we know about: - # there's nothing we can do with it anyway. - if f is not None: - try: - f.parse_body(memoryview(self.data[9:9+length])) - except InvalidFrameError: - raise FrameDataMissingError("Frame data missing or invalid") - - # At this point, as we know we'll use or discard the entire frame, we - # can update the data. - self.data = self.data[9+length:] - - # Pass the frame through the header buffer. - f = self._update_header_buffer(f) - - # If we got a frame we didn't understand or shouldn't yield, rather - # than return None it'd be better if we just tried to get the next - # frame in the sequence instead. Recurse back into ourselves to do - # that. This is safe because the amount of work we have to do here is - # strictly bounded by the length of the buffer. - return f if f is not None else self.next() - - def __next__(self): # Python 3 - return self.next() diff --git a/tools/third_party/hyper/hyper/h2/settings.py b/tools/third_party/hyper/hyper/h2/settings.py deleted file mode 100755 index fedc5e3c445c71..00000000000000 --- a/tools/third_party/hyper/hyper/h2/settings.py +++ /dev/null @@ -1,376 +0,0 @@ -# -*- coding: utf-8 -*- -""" -h2/settings -~~~~~~~~~~~ - -This module contains a HTTP/2 settings object. This object provides a simple -API for manipulating HTTP/2 settings, keeping track of both the current active -state of the settings and the unacknowledged future values of the settings. -""" -import collections -import enum - -from hyperframe.frame import SettingsFrame - -from h2.errors import ErrorCodes -from h2.exceptions import InvalidSettingsValueError - - -class SettingCodes(enum.IntEnum): - """ - All known HTTP/2 setting codes. - - .. versionadded:: 2.6.0 - """ - - #: Allows the sender to inform the remote endpoint of the maximum size of - #: the header compression table used to decode header blocks, in octets. - HEADER_TABLE_SIZE = SettingsFrame.HEADER_TABLE_SIZE - - #: This setting can be used to disable server push. To disable server push - #: on a client, set this to 0. - ENABLE_PUSH = SettingsFrame.ENABLE_PUSH - - #: Indicates the maximum number of concurrent streams that the sender will - #: allow. - MAX_CONCURRENT_STREAMS = SettingsFrame.MAX_CONCURRENT_STREAMS - - #: Indicates the sender's initial window size (in octets) for stream-level - #: flow control. - INITIAL_WINDOW_SIZE = SettingsFrame.INITIAL_WINDOW_SIZE - - try: # Platform-specific: Hyperframe < 4.0.0 - _max_frame_size = SettingsFrame.SETTINGS_MAX_FRAME_SIZE - except AttributeError: # Platform-specific: Hyperframe >= 4.0.0 - _max_frame_size = SettingsFrame.MAX_FRAME_SIZE - - #: Indicates the size of the largest frame payload that the sender is - #: willing to receive, in octets. - MAX_FRAME_SIZE = _max_frame_size - - try: # Platform-specific: Hyperframe < 4.0.0 - _max_header_list_size = SettingsFrame.SETTINGS_MAX_HEADER_LIST_SIZE - except AttributeError: # Platform-specific: Hyperframe >= 4.0.0 - _max_header_list_size = SettingsFrame.MAX_HEADER_LIST_SIZE - - #: This advisory setting informs a peer of the maximum size of header list - #: that the sender is prepared to accept, in octets. The value is based on - #: the uncompressed size of header fields, including the length of the name - #: and value in octets plus an overhead of 32 octets for each header field. - MAX_HEADER_LIST_SIZE = _max_header_list_size - - -def _setting_code_from_int(code): - """ - Given an integer setting code, returns either one of :class:`SettingCodes - ` or, if not present in the known set of codes, - returns the integer directly. - """ - try: - return SettingCodes(code) - except ValueError: - return code - - -# Aliases for all the settings values. - -#: Allows the sender to inform the remote endpoint of the maximum size of the -#: header compression table used to decode header blocks, in octets. -#: -#: .. deprecated:: 2.6.0 -#: Deprecated in favour of :data:`SettingCodes.HEADER_TABLE_SIZE -#: `. -HEADER_TABLE_SIZE = SettingCodes.HEADER_TABLE_SIZE - -#: This setting can be used to disable server push. To disable server push on -#: a client, set this to 0. -#: -#: .. deprecated:: 2.6.0 -#: Deprecated in favour of :data:`SettingCodes.ENABLE_PUSH -#: `. -ENABLE_PUSH = SettingCodes.ENABLE_PUSH - -#: Indicates the maximum number of concurrent streams that the sender will -#: allow. -#: -#: .. deprecated:: 2.6.0 -#: Deprecated in favour of :data:`SettingCodes.MAX_CONCURRENT_STREAMS -#: `. -MAX_CONCURRENT_STREAMS = SettingCodes.MAX_CONCURRENT_STREAMS - -#: Indicates the sender's initial window size (in octets) for stream-level flow -#: control. -#: -#: .. deprecated:: 2.6.0 -#: Deprecated in favour of :data:`SettingCodes.INITIAL_WINDOW_SIZE -#: `. -INITIAL_WINDOW_SIZE = SettingCodes.INITIAL_WINDOW_SIZE - -#: Indicates the size of the largest frame payload that the sender is willing -#: to receive, in octets. -#: -#: .. deprecated:: 2.6.0 -#: Deprecated in favour of :data:`SettingCodes.MAX_FRAME_SIZE -#: `. -MAX_FRAME_SIZE = SettingCodes.MAX_FRAME_SIZE - -#: This advisory setting informs a peer of the maximum size of header list that -#: the sender is prepared to accept, in octets. The value is based on the -#: uncompressed size of header fields, including the length of the name and -#: value in octets plus an overhead of 32 octets for each header field. -#: -#: .. deprecated:: 2.6.0 -#: Deprecated in favour of :data:`SettingCodes.MAX_HEADER_LIST_SIZE -#: `. -MAX_HEADER_LIST_SIZE = SettingCodes.MAX_HEADER_LIST_SIZE - - -class ChangedSetting: - - def __init__(self, setting, original_value, new_value): - #: The setting code given. Either one of :class:`SettingCodes - #: ` or ``int`` - #: - #: .. versionchanged:: 2.6.0 - self.setting = setting - - #: The original value before being changed. - self.original_value = original_value - - #: The new value after being changed. - self.new_value = new_value - - def __repr__(self): - return ( - "ChangedSetting(setting=%s, original_value=%s, " - "new_value=%s)" - ) % ( - self.setting, - self.original_value, - self.new_value - ) - - -class Settings(collections.MutableMapping): - """ - An object that encapsulates HTTP/2 settings state. - - HTTP/2 Settings are a complex beast. Each party, remote and local, has its - own settings and a view of the other party's settings. When a settings - frame is emitted by a peer it cannot assume that the new settings values - are in place until the remote peer acknowledges the setting. In principle, - multiple settings changes can be "in flight" at the same time, all with - different values. - - This object encapsulates this mess. It provides a dict-like interface to - settings, which return the *current* values of the settings in question. - Additionally, it keeps track of the stack of proposed values: each time an - acknowledgement is sent/received, it updates the current values with the - stack of proposed values. On top of all that, it validates the values to - make sure they're allowed, and raises :class:`InvalidSettingsValueError - ` if they are not. - - Finally, this object understands what the default values of the HTTP/2 - settings are, and sets those defaults appropriately. - - .. versionchanged:: 2.2.0 - Added the ``initial_values`` parameter. - - .. versionchanged:: 2.5.0 - Added the ``max_header_list_size`` property. - - :param client: (optional) Whether these settings should be defaulted for a - client implementation or a server implementation. Defaults to ``True``. - :type client: ``bool`` - :param initial_values: (optional) Any initial values the user would like - set, rather than RFC 7540's defaults. - :type initial_vales: ``MutableMapping`` - """ - def __init__(self, client=True, initial_values=None): - # Backing object for the settings. This is a dictionary of - # (setting: [list of values]), where the first value in the list is the - # current value of the setting. Strictly this doesn't use lists but - # instead uses collections.deque to avoid repeated memory allocations. - # - # This contains the default values for HTTP/2. - self._settings = { - SettingCodes.HEADER_TABLE_SIZE: collections.deque([4096]), - SettingCodes.ENABLE_PUSH: collections.deque([int(client)]), - SettingCodes.INITIAL_WINDOW_SIZE: collections.deque([65535]), - SettingCodes.MAX_FRAME_SIZE: collections.deque([16384]), - } - if initial_values is not None: - for key, value in initial_values.items(): - invalid = _validate_setting(key, value) - if invalid: - raise InvalidSettingsValueError( - "Setting %d has invalid value %d" % (key, value), - error_code=invalid - ) - self._settings[key] = collections.deque([value]) - - def acknowledge(self): - """ - The settings have been acknowledged, either by the user (remote - settings) or by the remote peer (local settings). - - :returns: A dict of {setting: ChangedSetting} that were applied. - """ - changed_settings = {} - - # If there is more than one setting in the list, we have a setting - # value outstanding. Update them. - for k, v in self._settings.items(): - if len(v) > 1: - old_setting = v.popleft() - new_setting = v[0] - changed_settings[k] = ChangedSetting( - k, old_setting, new_setting - ) - - return changed_settings - - # Provide easy-access to well known settings. - @property - def header_table_size(self): - """ - The current value of the :data:`HEADER_TABLE_SIZE - ` setting. - """ - return self[SettingCodes.HEADER_TABLE_SIZE] - - @header_table_size.setter - def header_table_size(self, value): - self[SettingCodes.HEADER_TABLE_SIZE] = value - - @property - def enable_push(self): - """ - The current value of the :data:`ENABLE_PUSH - ` setting. - """ - return self[SettingCodes.ENABLE_PUSH] - - @enable_push.setter - def enable_push(self, value): - self[SettingCodes.ENABLE_PUSH] = value - - @property - def initial_window_size(self): - """ - The current value of the :data:`INITIAL_WINDOW_SIZE - ` setting. - """ - return self[SettingCodes.INITIAL_WINDOW_SIZE] - - @initial_window_size.setter - def initial_window_size(self, value): - self[SettingCodes.INITIAL_WINDOW_SIZE] = value - - @property - def max_frame_size(self): - """ - The current value of the :data:`MAX_FRAME_SIZE - ` setting. - """ - return self[SettingCodes.MAX_FRAME_SIZE] - - @max_frame_size.setter - def max_frame_size(self, value): - self[SettingCodes.MAX_FRAME_SIZE] = value - - @property - def max_concurrent_streams(self): - """ - The current value of the :data:`MAX_CONCURRENT_STREAMS - ` setting. - """ - return self.get(SettingCodes.MAX_CONCURRENT_STREAMS, 2**32+1) - - @max_concurrent_streams.setter - def max_concurrent_streams(self, value): - self[SettingCodes.MAX_CONCURRENT_STREAMS] = value - - @property - def max_header_list_size(self): - """ - The current value of the :data:`MAX_HEADER_LIST_SIZE - ` setting. If not set, - returns ``None``, which means unlimited. - - .. versionadded:: 2.5.0 - """ - return self.get(SettingCodes.MAX_HEADER_LIST_SIZE, None) - - @max_header_list_size.setter - def max_header_list_size(self, value): - self[SettingCodes.MAX_HEADER_LIST_SIZE] = value - - # Implement the MutableMapping API. - def __getitem__(self, key): - val = self._settings[key][0] - - # Things that were created when a setting was received should stay - # KeyError'd. - if val is None: - raise KeyError - - return val - - def __setitem__(self, key, value): - invalid = _validate_setting(key, value) - if invalid: - raise InvalidSettingsValueError( - "Setting %d has invalid value %d" % (key, value), - error_code=invalid - ) - - try: - items = self._settings[key] - except KeyError: - items = collections.deque([None]) - self._settings[key] = items - - items.append(value) - - def __delitem__(self, key): - del self._settings[key] - - def __iter__(self): - return self._settings.__iter__() - - def __len__(self): - return len(self._settings) - - def __eq__(self, other): - if isinstance(other, Settings): - return self._settings == other._settings - else: - return NotImplemented - - def __ne__(self, other): - if isinstance(other, Settings): - return not self == other - else: - return NotImplemented - - -def _validate_setting(setting, value): - """ - Confirms that a specific setting has a well-formed value. If the setting is - invalid, returns an error code. Otherwise, returns 0 (NO_ERROR). - """ - if setting == SettingCodes.ENABLE_PUSH: - if value not in (0, 1): - return ErrorCodes.PROTOCOL_ERROR - elif setting == SettingCodes.INITIAL_WINDOW_SIZE: - if not 0 <= value <= 2147483647: # 2^31 - 1 - return ErrorCodes.FLOW_CONTROL_ERROR - elif setting == SettingCodes.MAX_FRAME_SIZE: - if not 16384 <= value <= 16777215: # 2^14 and 2^24 - 1 - return ErrorCodes.PROTOCOL_ERROR - elif setting == SettingCodes.MAX_HEADER_LIST_SIZE: - if value < 0: - return ErrorCodes.PROTOCOL_ERROR - - return 0 diff --git a/tools/third_party/hyper/hyper/h2/stream.py b/tools/third_party/hyper/hyper/h2/stream.py deleted file mode 100755 index 1b1e0b54232bee..00000000000000 --- a/tools/third_party/hyper/hyper/h2/stream.py +++ /dev/null @@ -1,1399 +0,0 @@ -# -*- coding: utf-8 -*- -""" -h2/stream -~~~~~~~~~ - -An implementation of a HTTP/2 stream. -""" -import warnings - -from enum import Enum, IntEnum -from hpack import HeaderTuple -from hyperframe.frame import ( - HeadersFrame, ContinuationFrame, DataFrame, WindowUpdateFrame, - RstStreamFrame, PushPromiseFrame, AltSvcFrame -) - -from .errors import ErrorCodes, _error_code_from_int -from .events import ( - RequestReceived, ResponseReceived, DataReceived, WindowUpdated, - StreamEnded, PushedStreamReceived, StreamReset, TrailersReceived, - InformationalResponseReceived, AlternativeServiceAvailable, - _ResponseSent, _RequestSent, _TrailersSent, _PushedRequestSent -) -from .exceptions import ( - ProtocolError, StreamClosedError, InvalidBodyLengthError, FlowControlError -) -from .utilities import ( - guard_increment_window, is_informational_response, authority_from_headers, - validate_headers, validate_outbound_headers, normalize_outbound_headers, - HeaderValidationFlags, extract_method_header -) -from .windows import WindowManager - - -class StreamState(IntEnum): - IDLE = 0 - RESERVED_REMOTE = 1 - RESERVED_LOCAL = 2 - OPEN = 3 - HALF_CLOSED_REMOTE = 4 - HALF_CLOSED_LOCAL = 5 - CLOSED = 6 - - -class StreamInputs(Enum): - SEND_HEADERS = 0 - SEND_PUSH_PROMISE = 1 - SEND_RST_STREAM = 2 - SEND_DATA = 3 - SEND_WINDOW_UPDATE = 4 - SEND_END_STREAM = 5 - RECV_HEADERS = 6 - RECV_PUSH_PROMISE = 7 - RECV_RST_STREAM = 8 - RECV_DATA = 9 - RECV_WINDOW_UPDATE = 10 - RECV_END_STREAM = 11 - RECV_CONTINUATION = 12 # Added in 2.0.0 - SEND_INFORMATIONAL_HEADERS = 13 # Added in 2.2.0 - RECV_INFORMATIONAL_HEADERS = 14 # Added in 2.2.0 - SEND_ALTERNATIVE_SERVICE = 15 # Added in 2.3.0 - RECV_ALTERNATIVE_SERVICE = 16 # Added in 2.3.0 - UPGRADE_CLIENT = 17 # Added 2.3.0 - UPGRADE_SERVER = 18 # Added 2.3.0 - - -class StreamClosedBy(Enum): - SEND_END_STREAM = 0 - RECV_END_STREAM = 1 - SEND_RST_STREAM = 2 - RECV_RST_STREAM = 3 - - -# This array is initialized once, and is indexed by the stream states above. -# It indicates whether a stream in the given state is open. The reason we do -# this is that we potentially check whether a stream in a given state is open -# quite frequently: given that we check so often, we should do so in the -# fastest and most performant way possible. -STREAM_OPEN = [False for _ in range(0, len(StreamState))] -STREAM_OPEN[StreamState.OPEN] = True -STREAM_OPEN[StreamState.HALF_CLOSED_LOCAL] = True -STREAM_OPEN[StreamState.HALF_CLOSED_REMOTE] = True - - -class H2StreamStateMachine(object): - """ - A single HTTP/2 stream state machine. - - This stream object implements basically the state machine described in - RFC 7540 section 5.1. - - :param stream_id: The stream ID of this stream. This is stored primarily - for logging purposes. - """ - def __init__(self, stream_id): - self.state = StreamState.IDLE - self.stream_id = stream_id - - #: Whether this peer is the client side of this stream. - self.client = None - - # Whether trailers have been sent/received on this stream or not. - self.headers_sent = None - self.trailers_sent = None - self.headers_received = None - self.trailers_received = None - - # How the stream was closed. One of StreamClosedBy. - self.stream_closed_by = None - - def process_input(self, input_): - """ - Process a specific input in the state machine. - """ - if not isinstance(input_, StreamInputs): - raise ValueError("Input must be an instance of StreamInputs") - - try: - func, target_state = _transitions[(self.state, input_)] - except KeyError: - old_state = self.state - self.state = StreamState.CLOSED - raise ProtocolError( - "Invalid input %s in state %s" % (input_, old_state) - ) - else: - previous_state = self.state - self.state = target_state - if func is not None: - try: - return func(self, previous_state) - except ProtocolError: - self.state = StreamState.CLOSED - raise - except AssertionError as e: # pragma: no cover - self.state = StreamState.CLOSED - raise ProtocolError(e) - - return [] - - def request_sent(self, previous_state): - """ - Fires when a request is sent. - """ - self.client = True - self.headers_sent = True - event = _RequestSent() - - return [event] - - def response_sent(self, previous_state): - """ - Fires when something that should be a response is sent. This 'response' - may actually be trailers. - """ - if not self.headers_sent: - if self.client is True or self.client is None: - raise ProtocolError("Client cannot send responses.") - self.headers_sent = True - event = _ResponseSent() - else: - assert not self.trailers_sent - self.trailers_sent = True - event = _TrailersSent() - - return [event] - - def request_received(self, previous_state): - """ - Fires when a request is received. - """ - assert not self.headers_received - assert not self.trailers_received - - self.client = False - self.headers_received = True - event = RequestReceived() - - event.stream_id = self.stream_id - return [event] - - def response_received(self, previous_state): - """ - Fires when a response is received. Also disambiguates between responses - and trailers. - """ - if not self.headers_received: - assert self.client is True - self.headers_received = True - event = ResponseReceived() - else: - assert not self.trailers_received - self.trailers_received = True - event = TrailersReceived() - - event.stream_id = self.stream_id - return [event] - - def data_received(self, previous_state): - """ - Fires when data is received. - """ - event = DataReceived() - event.stream_id = self.stream_id - return [event] - - def window_updated(self, previous_state): - """ - Fires when a window update frame is received. - """ - event = WindowUpdated() - event.stream_id = self.stream_id - return [event] - - def stream_half_closed(self, previous_state): - """ - Fires when an END_STREAM flag is received in the OPEN state, - transitioning this stream to a HALF_CLOSED_REMOTE state. - """ - event = StreamEnded() - event.stream_id = self.stream_id - return [event] - - def stream_ended(self, previous_state): - """ - Fires when a stream is cleanly ended. - """ - self.stream_closed_by = StreamClosedBy.RECV_END_STREAM - event = StreamEnded() - event.stream_id = self.stream_id - return [event] - - def stream_reset(self, previous_state): - """ - Fired when a stream is forcefully reset. - """ - self.stream_closed_by = StreamClosedBy.RECV_RST_STREAM - event = StreamReset() - event.stream_id = self.stream_id - return [event] - - def send_new_pushed_stream(self, previous_state): - """ - Fires on the newly pushed stream, when pushed by the local peer. - - No event here, but definitionally this peer must be a server. - """ - assert self.client is None - self.client = False - self.headers_received = True - return [] - - def recv_new_pushed_stream(self, previous_state): - """ - Fires on the newly pushed stream, when pushed by the remote peer. - - No event here, but definitionally this peer must be a client. - """ - assert self.client is None - self.client = True - self.headers_sent = True - return [] - - def send_push_promise(self, previous_state): - """ - Fires on the already-existing stream when a PUSH_PROMISE frame is sent. - We may only send PUSH_PROMISE frames if we're a server. - """ - if self.client is True: - raise ProtocolError("Cannot push streams from client peers.") - - event = _PushedRequestSent() - return [event] - - def recv_push_promise(self, previous_state): - """ - Fires on the already-existing stream when a PUSH_PROMISE frame is - received. We may only receive PUSH_PROMISE frames if we're a client. - - Fires a PushedStreamReceived event. - """ - if not self.client: - if self.client is None: # pragma: no cover - msg = "Idle streams cannot receive pushes" - else: # pragma: no cover - msg = "Cannot receive pushed streams as a server" - raise ProtocolError(msg) - - event = PushedStreamReceived() - event.parent_stream_id = self.stream_id - return [event] - - def send_end_stream(self, previous_state): - """ - Called when an attempt is made to send END_STREAM in the - HALF_CLOSED_REMOTE state. - """ - self.stream_closed_by = StreamClosedBy.SEND_END_STREAM - - def send_reset_stream(self, previous_state): - """ - Called when an attempt is made to send RST_STREAM in a non-closed - stream state. - """ - self.stream_closed_by = StreamClosedBy.SEND_RST_STREAM - - def reset_stream_on_error(self, previous_state): - """ - Called when we need to forcefully emit another RST_STREAM frame on - behalf of the state machine. - - If this is the first time we've done this, we should also hang an event - off the StreamClosedError so that the user can be informed. We know - it's the first time we've done this if the stream is currently in a - state other than CLOSED. - """ - self.stream_closed_by = StreamClosedBy.SEND_RST_STREAM - - error = StreamClosedError(self.stream_id) - - event = StreamReset() - event.stream_id = self.stream_id - event.error_code = ErrorCodes.STREAM_CLOSED - event.remote_reset = False - error._events = [event] - raise error - - def recv_on_closed_stream(self, previous_state): - """ - Called when an unexpected frame is received on an already-closed - stream. - - An endpoint that receives an unexpected frame should treat it as - a stream error or connection error with type STREAM_CLOSED, depending - on the specific frame. The error handling is done at a higher level: - this just raises the appropriate error. - """ - raise StreamClosedError(self.stream_id) - - def send_on_closed_stream(self, previous_state): - """ - Called when an attempt is made to send data on an already-closed - stream. - - This essentially overrides the standard logic by throwing a - more-specific error: StreamClosedError. This is a ProtocolError, so it - matches the standard API of the state machine, but provides more detail - to the user. - """ - raise StreamClosedError(self.stream_id) - - def recv_push_on_closed_stream(self, previous_state): - """ - Called when a PUSH_PROMISE frame is received on a full stop - stream. - - If the stream was closed by us sending a RST_STREAM frame, then we - presume that the PUSH_PROMISE was in flight when we reset the parent - stream. Rathen than accept the new stream, we just reset it. - Otherwise, we should call this a PROTOCOL_ERROR: pushing a stream on a - naturally closed stream is a real problem because it creates a brand - new stream that the remote peer now believes exists. - """ - assert self.stream_closed_by is not None - - if self.stream_closed_by == StreamClosedBy.SEND_RST_STREAM: - raise StreamClosedError(self.stream_id) - else: - raise ProtocolError("Attempted to push on closed stream.") - - def send_push_on_closed_stream(self, previous_state): - """ - Called when an attempt is made to push on an already-closed stream. - - This essentially overrides the standard logic by providing a more - useful error message. It's necessary because simply indicating that the - stream is closed is not enough: there is now a new stream that is not - allowed to be there. The only recourse is to tear the whole connection - down. - """ - raise ProtocolError("Attempted to push on closed stream.") - - def window_on_closed_stream(self, previous_state): - """ - Called when a WINDOW_UPDATE frame is received on an already-closed - stream. - - If we sent an END_STREAM frame, we just ignore the frame, as instructed - in RFC 7540 Section 5.1. Technically we should eventually consider - WINDOW_UPDATE in this state an error, but we don't have access to a - clock so we just always allow it. If we closed the stream for any other - reason, we behave as we do for receiving any other frame on a closed - stream. - """ - assert self.stream_closed_by is not None - - if self.stream_closed_by == StreamClosedBy.SEND_END_STREAM: - return [] - return self.recv_on_closed_stream(previous_state) - - def reset_on_closed_stream(self, previous_state): - """ - Called when a RST_STREAM frame is received on an already-closed stream. - - If we sent an END_STREAM frame, we just ignore the frame, as instructed - in RFC 7540 Section 5.1. Technically we should eventually consider - RST_STREAM in this state an error, but we don't have access to a clock - so we just always allow it. If we closed the stream for any other - reason, we behave as we do for receiving any other frame on a closed - stream. - """ - assert self.stream_closed_by is not None - - if self.stream_closed_by is StreamClosedBy.SEND_END_STREAM: - return [] - return self.recv_on_closed_stream(previous_state) - - def send_informational_response(self, previous_state): - """ - Called when an informational header block is sent (that is, a block - where the :status header has a 1XX value). - - Only enforces that these are sent *before* final headers are sent. - """ - if self.headers_sent: - raise ProtocolError("Information response after final response") - - event = _ResponseSent() - return [event] - - def recv_informational_response(self, previous_state): - """ - Called when an informational header block is received (that is, a block - where the :status header has a 1XX value). - """ - if self.headers_received: - raise ProtocolError("Informational response after final response") - - event = InformationalResponseReceived() - event.stream_id = self.stream_id - return [event] - - def recv_alt_svc(self, previous_state): - """ - Called when receiving an ALTSVC frame. - - RFC 7838 allows us to receive ALTSVC frames at any stream state, which - is really absurdly overzealous. For that reason, we want to limit the - states in which we can actually receive it. It's really only sensible - to receive it after we've sent our own headers and before the server - has sent its header block: the server can't guarantee that we have any - state around after it completes its header block, and the server - doesn't know what origin we're talking about before we've sent ours. - - For that reason, this function applies a few extra checks on both state - and some of the little state variables we keep around. If those suggest - an unreasonable situation for the ALTSVC frame to have been sent in, - we quietly ignore it (as RFC 7838 suggests). - - This function is also *not* always called by the state machine. In some - states (IDLE, RESERVED_LOCAL, CLOSED) we don't bother to call it, - because we know the frame cannot be valid in that state (IDLE because - the server cannot know what origin the stream applies to, CLOSED - because the server cannot assume we still have state around, - RESERVED_LOCAL because by definition if we're in the RESERVED_LOCAL - state then *we* are the server). - """ - # Servers can't receive ALTSVC frames, but RFC 7838 tells us to ignore - # them. - if self.client is False: - return [] - - # If we've received the response headers from the server they can't - # guarantee we still have any state around. Other implementations - # (like nghttp2) ignore ALTSVC in this state, so we will too. - if self.headers_received: - return [] - - # Otherwise, this is a sensible enough frame to have received. Return - # the event and let it get populated. - return [AlternativeServiceAvailable()] - - def send_alt_svc(self, previous_state): - """ - Called when sending an ALTSVC frame on this stream. - - For consistency with the restrictions we apply on receiving ALTSVC - frames in ``recv_alt_svc``, we want to restrict when users can send - ALTSVC frames to the situations when we ourselves would accept them. - - That means: when we are a server, when we have received the request - headers, and when we have not yet sent our own response headers. - """ - # We should not send ALTSVC after we've sent response headers, as the - # client may have disposed of its state. - if self.headers_sent: - raise ProtocolError( - "Cannot send ALTSVC after sending response headers." - ) - - return - - -# STATE MACHINE -# -# The stream state machine is defined here to avoid the need to allocate it -# repeatedly for each stream. It cannot be defined in the stream class because -# it needs to be able to reference the callbacks defined on the class, but -# because Python's scoping rules are weird the class object is not actually in -# scope during the body of the class object. -# -# For the sake of clarity, we reproduce the RFC 7540 state machine here: -# -# +--------+ -# send PP | | recv PP -# ,--------| idle |--------. -# / | | \ -# v +--------+ v -# +----------+ | +----------+ -# | | | send H / | | -# ,------| reserved | | recv H | reserved |------. -# | | (local) | | | (remote) | | -# | +----------+ v +----------+ | -# | | +--------+ | | -# | | recv ES | | send ES | | -# | send H | ,-------| open |-------. | recv H | -# | | / | | \ | | -# | v v +--------+ v v | -# | +----------+ | +----------+ | -# | | half | | | half | | -# | | closed | | send R / | closed | | -# | | (remote) | | recv R | (local) | | -# | +----------+ | +----------+ | -# | | | | | -# | | send ES / | recv ES / | | -# | | send R / v send R / | | -# | | recv R +--------+ recv R | | -# | send R / `----------->| |<-----------' send R / | -# | recv R | closed | recv R | -# `----------------------->| |<----------------------' -# +--------+ -# -# send: endpoint sends this frame -# recv: endpoint receives this frame -# -# H: HEADERS frame (with implied CONTINUATIONs) -# PP: PUSH_PROMISE frame (with implied CONTINUATIONs) -# ES: END_STREAM flag -# R: RST_STREAM frame -# -# For the purposes of this state machine we treat HEADERS and their -# associated CONTINUATION frames as a single jumbo frame. The protocol -# allows/requires this by preventing other frames from being interleved in -# between HEADERS/CONTINUATION frames. However, if a CONTINUATION frame is -# received without a prior HEADERS frame, it *will* be passed to this state -# machine. The state machine should always reject that frame, either as an -# invalid transition or because the stream is closed. -# -# There is a confusing relationship around PUSH_PROMISE frames. The state -# machine above considers them to be frames belonging to the new stream, -# which is *somewhat* true. However, they are sent with the stream ID of -# their related stream, and are only sendable in some cases. -# For this reason, our state machine implementation below allows for -# PUSH_PROMISE frames both in the IDLE state (as in the diagram), but also -# in the OPEN, HALF_CLOSED_LOCAL, and HALF_CLOSED_REMOTE states. -# Essentially, for hyper-h2, PUSH_PROMISE frames are effectively sent on -# two streams. -# -# The _transitions dictionary contains a mapping of tuples of -# (state, input) to tuples of (side_effect_function, end_state). This -# map contains all allowed transitions: anything not in this map is -# invalid and immediately causes a transition to ``closed``. -_transitions = { - # State: idle - (StreamState.IDLE, StreamInputs.SEND_HEADERS): - (H2StreamStateMachine.request_sent, StreamState.OPEN), - (StreamState.IDLE, StreamInputs.RECV_HEADERS): - (H2StreamStateMachine.request_received, StreamState.OPEN), - (StreamState.IDLE, StreamInputs.RECV_DATA): - (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED), - (StreamState.IDLE, StreamInputs.SEND_PUSH_PROMISE): - (H2StreamStateMachine.send_new_pushed_stream, - StreamState.RESERVED_LOCAL), - (StreamState.IDLE, StreamInputs.RECV_PUSH_PROMISE): - (H2StreamStateMachine.recv_new_pushed_stream, - StreamState.RESERVED_REMOTE), - (StreamState.IDLE, StreamInputs.RECV_ALTERNATIVE_SERVICE): - (None, StreamState.IDLE), - (StreamState.IDLE, StreamInputs.UPGRADE_CLIENT): - (H2StreamStateMachine.request_sent, StreamState.HALF_CLOSED_LOCAL), - (StreamState.IDLE, StreamInputs.UPGRADE_SERVER): - (H2StreamStateMachine.request_received, - StreamState.HALF_CLOSED_REMOTE), - - # State: reserved local - (StreamState.RESERVED_LOCAL, StreamInputs.SEND_HEADERS): - (H2StreamStateMachine.response_sent, StreamState.HALF_CLOSED_REMOTE), - (StreamState.RESERVED_LOCAL, StreamInputs.RECV_DATA): - (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED), - (StreamState.RESERVED_LOCAL, StreamInputs.SEND_WINDOW_UPDATE): - (None, StreamState.RESERVED_LOCAL), - (StreamState.RESERVED_LOCAL, StreamInputs.RECV_WINDOW_UPDATE): - (H2StreamStateMachine.window_updated, StreamState.RESERVED_LOCAL), - (StreamState.RESERVED_LOCAL, StreamInputs.SEND_RST_STREAM): - (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED), - (StreamState.RESERVED_LOCAL, StreamInputs.RECV_RST_STREAM): - (H2StreamStateMachine.stream_reset, StreamState.CLOSED), - (StreamState.RESERVED_LOCAL, StreamInputs.SEND_ALTERNATIVE_SERVICE): - (H2StreamStateMachine.send_alt_svc, StreamState.RESERVED_LOCAL), - (StreamState.RESERVED_LOCAL, StreamInputs.RECV_ALTERNATIVE_SERVICE): - (None, StreamState.RESERVED_LOCAL), - - # State: reserved remote - (StreamState.RESERVED_REMOTE, StreamInputs.RECV_HEADERS): - (H2StreamStateMachine.response_received, - StreamState.HALF_CLOSED_LOCAL), - (StreamState.RESERVED_REMOTE, StreamInputs.RECV_DATA): - (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED), - (StreamState.RESERVED_REMOTE, StreamInputs.SEND_WINDOW_UPDATE): - (None, StreamState.RESERVED_REMOTE), - (StreamState.RESERVED_REMOTE, StreamInputs.RECV_WINDOW_UPDATE): - (H2StreamStateMachine.window_updated, StreamState.RESERVED_REMOTE), - (StreamState.RESERVED_REMOTE, StreamInputs.SEND_RST_STREAM): - (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED), - (StreamState.RESERVED_REMOTE, StreamInputs.RECV_RST_STREAM): - (H2StreamStateMachine.stream_reset, StreamState.CLOSED), - (StreamState.RESERVED_REMOTE, StreamInputs.RECV_ALTERNATIVE_SERVICE): - (H2StreamStateMachine.recv_alt_svc, StreamState.RESERVED_REMOTE), - - # State: open - (StreamState.OPEN, StreamInputs.SEND_HEADERS): - (H2StreamStateMachine.response_sent, StreamState.OPEN), - (StreamState.OPEN, StreamInputs.RECV_HEADERS): - (H2StreamStateMachine.response_received, StreamState.OPEN), - (StreamState.OPEN, StreamInputs.SEND_DATA): - (None, StreamState.OPEN), - (StreamState.OPEN, StreamInputs.RECV_DATA): - (H2StreamStateMachine.data_received, StreamState.OPEN), - (StreamState.OPEN, StreamInputs.SEND_END_STREAM): - (None, StreamState.HALF_CLOSED_LOCAL), - (StreamState.OPEN, StreamInputs.RECV_END_STREAM): - (H2StreamStateMachine.stream_half_closed, - StreamState.HALF_CLOSED_REMOTE), - (StreamState.OPEN, StreamInputs.SEND_WINDOW_UPDATE): - (None, StreamState.OPEN), - (StreamState.OPEN, StreamInputs.RECV_WINDOW_UPDATE): - (H2StreamStateMachine.window_updated, StreamState.OPEN), - (StreamState.OPEN, StreamInputs.SEND_RST_STREAM): - (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED), - (StreamState.OPEN, StreamInputs.RECV_RST_STREAM): - (H2StreamStateMachine.stream_reset, StreamState.CLOSED), - (StreamState.OPEN, StreamInputs.SEND_PUSH_PROMISE): - (H2StreamStateMachine.send_push_promise, StreamState.OPEN), - (StreamState.OPEN, StreamInputs.RECV_PUSH_PROMISE): - (H2StreamStateMachine.recv_push_promise, StreamState.OPEN), - (StreamState.OPEN, StreamInputs.SEND_INFORMATIONAL_HEADERS): - (H2StreamStateMachine.send_informational_response, StreamState.OPEN), - (StreamState.OPEN, StreamInputs.RECV_INFORMATIONAL_HEADERS): - (H2StreamStateMachine.recv_informational_response, StreamState.OPEN), - (StreamState.OPEN, StreamInputs.SEND_ALTERNATIVE_SERVICE): - (H2StreamStateMachine.send_alt_svc, StreamState.OPEN), - (StreamState.OPEN, StreamInputs.RECV_ALTERNATIVE_SERVICE): - (H2StreamStateMachine.recv_alt_svc, StreamState.OPEN), - - # State: half-closed remote - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_HEADERS): - (H2StreamStateMachine.response_sent, StreamState.HALF_CLOSED_REMOTE), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_HEADERS): - (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_DATA): - (None, StreamState.HALF_CLOSED_REMOTE), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_DATA): - (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_END_STREAM): - (H2StreamStateMachine.send_end_stream, StreamState.CLOSED), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_WINDOW_UPDATE): - (None, StreamState.HALF_CLOSED_REMOTE), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_WINDOW_UPDATE): - (H2StreamStateMachine.window_updated, StreamState.HALF_CLOSED_REMOTE), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_RST_STREAM): - (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_RST_STREAM): - (H2StreamStateMachine.stream_reset, StreamState.CLOSED), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_PUSH_PROMISE): - (H2StreamStateMachine.send_push_promise, - StreamState.HALF_CLOSED_REMOTE), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_PUSH_PROMISE): - (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_INFORMATIONAL_HEADERS): - (H2StreamStateMachine.send_informational_response, - StreamState.HALF_CLOSED_REMOTE), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_ALTERNATIVE_SERVICE): - (H2StreamStateMachine.send_alt_svc, StreamState.HALF_CLOSED_REMOTE), - (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_ALTERNATIVE_SERVICE): - (H2StreamStateMachine.recv_alt_svc, StreamState.HALF_CLOSED_REMOTE), - - # State: half-closed local - (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_HEADERS): - (H2StreamStateMachine.response_received, - StreamState.HALF_CLOSED_LOCAL), - (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_DATA): - (H2StreamStateMachine.data_received, StreamState.HALF_CLOSED_LOCAL), - (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_END_STREAM): - (H2StreamStateMachine.stream_ended, StreamState.CLOSED), - (StreamState.HALF_CLOSED_LOCAL, StreamInputs.SEND_WINDOW_UPDATE): - (None, StreamState.HALF_CLOSED_LOCAL), - (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_WINDOW_UPDATE): - (H2StreamStateMachine.window_updated, StreamState.HALF_CLOSED_LOCAL), - (StreamState.HALF_CLOSED_LOCAL, StreamInputs.SEND_RST_STREAM): - (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED), - (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_RST_STREAM): - (H2StreamStateMachine.stream_reset, StreamState.CLOSED), - (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_PUSH_PROMISE): - (H2StreamStateMachine.recv_push_promise, - StreamState.HALF_CLOSED_LOCAL), - (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_INFORMATIONAL_HEADERS): - (H2StreamStateMachine.recv_informational_response, - StreamState.HALF_CLOSED_LOCAL), - (StreamState.HALF_CLOSED_LOCAL, StreamInputs.SEND_ALTERNATIVE_SERVICE): - (H2StreamStateMachine.send_alt_svc, StreamState.HALF_CLOSED_LOCAL), - (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_ALTERNATIVE_SERVICE): - (H2StreamStateMachine.recv_alt_svc, StreamState.HALF_CLOSED_LOCAL), - - # State: closed - (StreamState.CLOSED, StreamInputs.RECV_END_STREAM): - (None, StreamState.CLOSED), - (StreamState.CLOSED, StreamInputs.RECV_ALTERNATIVE_SERVICE): - (None, StreamState.CLOSED), - - # RFC 7540 Section 5.1 defines how the end point should react when - # receiving a frame on a closed stream with the following statements: - # - # > An endpoint that receives any frame other than PRIORITY after receiving - # > a RST_STREAM MUST treat that as a stream error of type STREAM_CLOSED. - # > An endpoint that receives any frames after receiving a frame with the - # > END_STREAM flag set MUST treat that as a connection error of type - # > STREAM_CLOSED. - (StreamState.CLOSED, StreamInputs.RECV_HEADERS): - (H2StreamStateMachine.recv_on_closed_stream, StreamState.CLOSED), - (StreamState.CLOSED, StreamInputs.RECV_DATA): - (H2StreamStateMachine.recv_on_closed_stream, StreamState.CLOSED), - - # > WINDOW_UPDATE or RST_STREAM frames can be received in this state - # > for a short period after a DATA or HEADERS frame containing a - # > END_STREAM flag is sent. - (StreamState.CLOSED, StreamInputs.RECV_WINDOW_UPDATE): - (H2StreamStateMachine.window_on_closed_stream, StreamState.CLOSED), - (StreamState.CLOSED, StreamInputs.RECV_RST_STREAM): - (H2StreamStateMachine.reset_on_closed_stream, StreamState.CLOSED), - - # > A receiver MUST treat the receipt of a PUSH_PROMISE on a stream that is - # > neither "open" nor "half-closed (local)" as a connection error of type - # > PROTOCOL_ERROR. - (StreamState.CLOSED, StreamInputs.RECV_PUSH_PROMISE): - (H2StreamStateMachine.recv_push_on_closed_stream, StreamState.CLOSED), - - # Also, users should be forbidden from sending on closed streams. - (StreamState.CLOSED, StreamInputs.SEND_HEADERS): - (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED), - (StreamState.CLOSED, StreamInputs.SEND_PUSH_PROMISE): - (H2StreamStateMachine.send_push_on_closed_stream, StreamState.CLOSED), - (StreamState.CLOSED, StreamInputs.SEND_RST_STREAM): - (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED), - (StreamState.CLOSED, StreamInputs.SEND_DATA): - (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED), - (StreamState.CLOSED, StreamInputs.SEND_WINDOW_UPDATE): - (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED), - (StreamState.CLOSED, StreamInputs.SEND_END_STREAM): - (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED), -} - - -class H2Stream(object): - """ - A low-level HTTP/2 stream object. This handles building and receiving - frames and maintains per-stream state. - - This wraps a HTTP/2 Stream state machine implementation, ensuring that - frames can only be sent/received when the stream is in a valid state. - Attempts to create frames that cannot be sent will raise a - ``ProtocolError``. - """ - def __init__(self, - stream_id, - config, - inbound_window_size, - outbound_window_size): - self.state_machine = H2StreamStateMachine(stream_id) - self.stream_id = stream_id - self.max_outbound_frame_size = None - self.request_method = None - - # The curent value of the outbound stream flow control window - self.outbound_flow_control_window = outbound_window_size - - # The flow control manager. - self._inbound_window_manager = WindowManager(inbound_window_size) - - # The expected content length, if any. - self._expected_content_length = None - - # The actual received content length. Always tracked. - self._actual_content_length = 0 - - # The authority we believe this stream belongs to. - self._authority = None - - # The configuration for this stream. - self.config = config - - def __repr__(self): - return "<%s id:%d state:%r>" % ( - type(self).__name__, - self.stream_id, - self.state_machine.state - ) - - @property - def inbound_flow_control_window(self): - """ - The size of the inbound flow control window for the stream. This is - rarely publicly useful: instead, use :meth:`remote_flow_control_window - `. This shortcut is - largely present to provide a shortcut to this data. - """ - return self._inbound_window_manager.current_window_size - - @property - def open(self): - """ - Whether the stream is 'open' in any sense: that is, whether it counts - against the number of concurrent streams. - """ - # RFC 7540 Section 5.1.2 defines 'open' for this purpose to mean either - # the OPEN state or either of the HALF_CLOSED states. Perplexingly, - # this excludes the reserved states. - # For more detail on why we're doing this in this slightly weird way, - # see the comment on ``STREAM_OPEN`` at the top of the file. - return STREAM_OPEN[self.state_machine.state] - - @property - def closed(self): - """ - Whether the stream is closed. - """ - return self.state_machine.state == StreamState.CLOSED - - @property - def closed_by(self): - """ - Returns how the stream was closed, as one of StreamClosedBy. - """ - return self.state_machine.stream_closed_by - - def upgrade(self, client_side): - """ - Called by the connection to indicate that this stream is the initial - request/response of an upgraded connection. Places the stream into an - appropriate state. - """ - self.config.logger.debug("Upgrading %r", self) - - assert self.stream_id == 1 - input_ = ( - StreamInputs.UPGRADE_CLIENT if client_side - else StreamInputs.UPGRADE_SERVER - ) - - # This may return events, we deliberately don't want them. - self.state_machine.process_input(input_) - return - - def send_headers(self, headers, encoder, end_stream=False): - """ - Returns a list of HEADERS/CONTINUATION frames to emit as either headers - or trailers. - """ - self.config.logger.debug("Send headers %s on %r", headers, self) - # Convert headers to two-tuples. - # FIXME: The fallback for dictionary headers is to be removed in 3.0. - try: - headers = headers.items() - warnings.warn( - "Implicit conversion of dictionaries to two-tuples for " - "headers is deprecated and will be removed in 3.0.", - DeprecationWarning - ) - except AttributeError: - headers = headers - - # Because encoding headers makes an irreversible change to the header - # compression context, we make the state transition before we encode - # them. - - # First, check if we're a client. If we are, no problem: if we aren't, - # we need to scan the header block to see if this is an informational - # response. - input_ = StreamInputs.SEND_HEADERS - if ((not self.state_machine.client) and - is_informational_response(headers)): - if end_stream: - raise ProtocolError( - "Cannot set END_STREAM on informational responses." - ) - - input_ = StreamInputs.SEND_INFORMATIONAL_HEADERS - - events = self.state_machine.process_input(input_) - - hf = HeadersFrame(self.stream_id) - hdr_validation_flags = self._build_hdr_validation_flags(events) - frames = self._build_headers_frames( - headers, encoder, hf, hdr_validation_flags - ) - - if end_stream: - # Not a bug: the END_STREAM flag is valid on the initial HEADERS - # frame, not the CONTINUATION frames that follow. - self.state_machine.process_input(StreamInputs.SEND_END_STREAM) - frames[0].flags.add('END_STREAM') - - if self.state_machine.trailers_sent and not end_stream: - raise ProtocolError("Trailers must have END_STREAM set.") - - if self.state_machine.client and self._authority is None: - self._authority = authority_from_headers(headers) - - # store request method for _initialize_content_length - self.request_method = extract_method_header(headers) - - return frames - - def push_stream_in_band(self, related_stream_id, headers, encoder): - """ - Returns a list of PUSH_PROMISE/CONTINUATION frames to emit as a pushed - stream header. Called on the stream that has the PUSH_PROMISE frame - sent on it. - """ - self.config.logger.debug("Push stream %r", self) - - # Because encoding headers makes an irreversible change to the header - # compression context, we make the state transition *first*. - - events = self.state_machine.process_input( - StreamInputs.SEND_PUSH_PROMISE - ) - - ppf = PushPromiseFrame(self.stream_id) - ppf.promised_stream_id = related_stream_id - hdr_validation_flags = self._build_hdr_validation_flags(events) - frames = self._build_headers_frames( - headers, encoder, ppf, hdr_validation_flags - ) - - return frames - - def locally_pushed(self): - """ - Mark this stream as one that was pushed by this peer. Must be called - immediately after initialization. Sends no frames, simply updates the - state machine. - """ - # This does not trigger any events. - events = self.state_machine.process_input( - StreamInputs.SEND_PUSH_PROMISE - ) - assert not events - return [] - - def send_data(self, data, end_stream=False, pad_length=None): - """ - Prepare some data frames. Optionally end the stream. - - .. warning:: Does not perform flow control checks. - """ - self.config.logger.debug( - "Send data on %r with end stream set to %s", self, end_stream - ) - - self.state_machine.process_input(StreamInputs.SEND_DATA) - - df = DataFrame(self.stream_id) - df.data = data - if end_stream: - self.state_machine.process_input(StreamInputs.SEND_END_STREAM) - df.flags.add('END_STREAM') - if pad_length is not None: - df.flags.add('PADDED') - df.pad_length = pad_length - - # Subtract flow_controlled_length to account for possible padding - self.outbound_flow_control_window -= df.flow_controlled_length - assert self.outbound_flow_control_window >= 0 - - return [df] - - def end_stream(self): - """ - End a stream without sending data. - """ - self.config.logger.debug("End stream %r", self) - - self.state_machine.process_input(StreamInputs.SEND_END_STREAM) - df = DataFrame(self.stream_id) - df.flags.add('END_STREAM') - return [df] - - def advertise_alternative_service(self, field_value): - """ - Advertise an RFC 7838 alternative service. The semantics of this are - better documented in the ``H2Connection`` class. - """ - self.config.logger.debug( - "Advertise alternative service of %r for %r", field_value, self - ) - self.state_machine.process_input(StreamInputs.SEND_ALTERNATIVE_SERVICE) - asf = AltSvcFrame(self.stream_id) - asf.field = field_value - return [asf] - - def increase_flow_control_window(self, increment): - """ - Increase the size of the flow control window for the remote side. - """ - self.config.logger.debug( - "Increase flow control window for %r by %d", - self, increment - ) - self.state_machine.process_input(StreamInputs.SEND_WINDOW_UPDATE) - self._inbound_window_manager.window_opened(increment) - - wuf = WindowUpdateFrame(self.stream_id) - wuf.window_increment = increment - return [wuf] - - def receive_push_promise_in_band(self, - promised_stream_id, - headers, - header_encoding): - """ - Receives a push promise frame sent on this stream, pushing a remote - stream. This is called on the stream that has the PUSH_PROMISE sent - on it. - """ - self.config.logger.debug( - "Receive Push Promise on %r for remote stream %d", - self, promised_stream_id - ) - events = self.state_machine.process_input( - StreamInputs.RECV_PUSH_PROMISE - ) - events[0].pushed_stream_id = promised_stream_id - - if self.config.validate_inbound_headers: - hdr_validation_flags = self._build_hdr_validation_flags(events) - headers = validate_headers(headers, hdr_validation_flags) - - if header_encoding: - headers = list(_decode_headers(headers, header_encoding)) - events[0].headers = headers - return [], events - - def remotely_pushed(self, pushed_headers): - """ - Mark this stream as one that was pushed by the remote peer. Must be - called immediately after initialization. Sends no frames, simply - updates the state machine. - """ - self.config.logger.debug("%r pushed by remote peer", self) - events = self.state_machine.process_input( - StreamInputs.RECV_PUSH_PROMISE - ) - self._authority = authority_from_headers(pushed_headers) - return [], events - - def receive_headers(self, headers, end_stream, header_encoding): - """ - Receive a set of headers (or trailers). - """ - if is_informational_response(headers): - if end_stream: - raise ProtocolError( - "Cannot set END_STREAM on informational responses" - ) - input_ = StreamInputs.RECV_INFORMATIONAL_HEADERS - else: - input_ = StreamInputs.RECV_HEADERS - - events = self.state_machine.process_input(input_) - - if end_stream: - es_events = self.state_machine.process_input( - StreamInputs.RECV_END_STREAM - ) - events[0].stream_ended = es_events[0] - events += es_events - - self._initialize_content_length(headers) - - if isinstance(events[0], TrailersReceived): - if not end_stream: - raise ProtocolError("Trailers must have END_STREAM set") - - if self.config.validate_inbound_headers: - hdr_validation_flags = self._build_hdr_validation_flags(events) - headers = validate_headers(headers, hdr_validation_flags) - - if header_encoding: - headers = list(_decode_headers(headers, header_encoding)) - - events[0].headers = headers - return [], events - - def receive_data(self, data, end_stream, flow_control_len): - """ - Receive some data. - """ - self.config.logger.debug( - "Receive data on %r with end stream %s and flow control length " - "set to %d", self, end_stream, flow_control_len - ) - events = self.state_machine.process_input(StreamInputs.RECV_DATA) - self._inbound_window_manager.window_consumed(flow_control_len) - self._track_content_length(len(data), end_stream) - - if end_stream: - es_events = self.state_machine.process_input( - StreamInputs.RECV_END_STREAM - ) - events[0].stream_ended = es_events[0] - events.extend(es_events) - - events[0].data = data - events[0].flow_controlled_length = flow_control_len - return [], events - - def receive_window_update(self, increment): - """ - Handle a WINDOW_UPDATE increment. - """ - self.config.logger.debug( - "Receive Window Update on %r for increment of %d", - self, increment - ) - events = self.state_machine.process_input( - StreamInputs.RECV_WINDOW_UPDATE - ) - frames = [] - - # If we encounter a problem with incrementing the flow control window, - # this should be treated as a *stream* error, not a *connection* error. - # That means we need to catch the error and forcibly close the stream. - if events: - events[0].delta = increment - try: - self.outbound_flow_control_window = guard_increment_window( - self.outbound_flow_control_window, - increment - ) - except FlowControlError: - # Ok, this is bad. We're going to need to perform a local - # reset. - event = StreamReset() - event.stream_id = self.stream_id - event.error_code = ErrorCodes.FLOW_CONTROL_ERROR - event.remote_reset = False - - events = [event] - frames = self.reset_stream(event.error_code) - - return frames, events - - def receive_continuation(self): - """ - A naked CONTINUATION frame has been received. This is always an error, - but the type of error it is depends on the state of the stream and must - transition the state of the stream, so we need to handle it. - """ - self.config.logger.debug("Receive Continuation frame on %r", self) - self.state_machine.process_input( - StreamInputs.RECV_CONTINUATION - ) - assert False, "Should not be reachable" - - def receive_alt_svc(self, frame): - """ - An Alternative Service frame was received on the stream. This frame - inherits the origin associated with this stream. - """ - self.config.logger.debug( - "Receive Alternative Service frame on stream %r", self - ) - - # If the origin is present, RFC 7838 says we have to ignore it. - if frame.origin: - return [], [] - - events = self.state_machine.process_input( - StreamInputs.RECV_ALTERNATIVE_SERVICE - ) - - # There are lots of situations where we want to ignore the ALTSVC - # frame. If we need to pay attention, we'll have an event and should - # fill it out. - if events: - assert isinstance(events[0], AlternativeServiceAvailable) - events[0].origin = self._authority - events[0].field_value = frame.field - - return [], events - - def reset_stream(self, error_code=0): - """ - Close the stream locally. Reset the stream with an error code. - """ - self.config.logger.debug( - "Local reset %r with error code: %d", self, error_code - ) - self.state_machine.process_input(StreamInputs.SEND_RST_STREAM) - - rsf = RstStreamFrame(self.stream_id) - rsf.error_code = error_code - return [rsf] - - def stream_reset(self, frame): - """ - Handle a stream being reset remotely. - """ - self.config.logger.debug( - "Remote reset %r with error code: %d", self, frame.error_code - ) - events = self.state_machine.process_input(StreamInputs.RECV_RST_STREAM) - - if events: - # We don't fire an event if this stream is already closed. - events[0].error_code = _error_code_from_int(frame.error_code) - - return [], events - - def acknowledge_received_data(self, acknowledged_size): - """ - The user has informed us that they've processed some amount of data - that was received on this stream. Pass that to the window manager and - potentially return some WindowUpdate frames. - """ - self.config.logger.debug( - "Acknowledge received data with size %d on %r", - acknowledged_size, self - ) - increment = self._inbound_window_manager.process_bytes( - acknowledged_size - ) - if increment: - f = WindowUpdateFrame(self.stream_id) - f.window_increment = increment - return [f] - - return [] - - def _build_hdr_validation_flags(self, events): - """ - Constructs a set of header validation flags for use when normalizing - and validating header blocks. - """ - is_trailer = isinstance( - events[0], (_TrailersSent, TrailersReceived) - ) - is_response_header = isinstance( - events[0], - ( - _ResponseSent, - ResponseReceived, - InformationalResponseReceived - ) - ) - is_push_promise = isinstance( - events[0], (PushedStreamReceived, _PushedRequestSent) - ) - - return HeaderValidationFlags( - is_client=self.state_machine.client, - is_trailer=is_trailer, - is_response_header=is_response_header, - is_push_promise=is_push_promise, - ) - - def _build_headers_frames(self, - headers, - encoder, - first_frame, - hdr_validation_flags): - """ - Helper method to build headers or push promise frames. - """ - # We need to lowercase the header names, and to ensure that secure - # header fields are kept out of compression contexts. - if self.config.normalize_outbound_headers: - headers = normalize_outbound_headers( - headers, hdr_validation_flags - ) - if self.config.validate_outbound_headers: - headers = validate_outbound_headers( - headers, hdr_validation_flags - ) - - encoded_headers = encoder.encode(headers) - - # Slice into blocks of max_outbound_frame_size. Be careful with this: - # it only works right because we never send padded frames or priority - # information on the frames. Revisit this if we do. - header_blocks = [ - encoded_headers[i:i+self.max_outbound_frame_size] - for i in range( - 0, len(encoded_headers), self.max_outbound_frame_size - ) - ] - - frames = [] - first_frame.data = header_blocks[0] - frames.append(first_frame) - - for block in header_blocks[1:]: - cf = ContinuationFrame(self.stream_id) - cf.data = block - frames.append(cf) - - frames[-1].flags.add('END_HEADERS') - return frames - - def _initialize_content_length(self, headers): - """ - Checks the headers for a content-length header and initializes the - _expected_content_length field from it. It's not an error for no - Content-Length header to be present. - """ - if self.request_method == b'HEAD': - self._expected_content_length = 0 - return - - for n, v in headers: - if n == b'content-length': - try: - self._expected_content_length = int(v, 10) - except ValueError: - raise ProtocolError( - "Invalid content-length header: %s" % v - ) - - return - - def _track_content_length(self, length, end_stream): - """ - Update the expected content length in response to data being received. - Validates that the appropriate amount of data is sent. Always updates - the received data, but only validates the length against the - content-length header if one was sent. - - :param length: The length of the body chunk received. - :param end_stream: If this is the last body chunk received. - """ - self._actual_content_length += length - actual = self._actual_content_length - expected = self._expected_content_length - - if expected is not None: - if expected < actual: - raise InvalidBodyLengthError(expected, actual) - - if end_stream and expected != actual: - raise InvalidBodyLengthError(expected, actual) - - def _inbound_flow_control_change_from_settings(self, delta): - """ - We changed SETTINGS_INITIAL_WINDOW_SIZE, which means we need to - update the target window size for flow control. For our flow control - strategy, this means we need to do two things: we need to adjust the - current window size, but we also need to set the target maximum window - size to the new value. - """ - new_max_size = self._inbound_window_manager.max_window_size + delta - self._inbound_window_manager.window_opened(delta) - self._inbound_window_manager.max_window_size = new_max_size - - -def _decode_headers(headers, encoding): - """ - Given an iterable of header two-tuples and an encoding, decodes those - headers using that encoding while preserving the type of the header tuple. - This ensures that the use of ``HeaderTuple`` is preserved. - """ - for header in headers: - # This function expects to work on decoded headers, which are always - # HeaderTuple objects. - assert isinstance(header, HeaderTuple) - - name, value = header - name = name.decode(encoding) - value = value.decode(encoding) - yield header.__class__(name, value) diff --git a/tools/third_party/hyper/hyper/h2/utilities.py b/tools/third_party/hyper/hyper/h2/utilities.py deleted file mode 100755 index 7a525f086ca586..00000000000000 --- a/tools/third_party/hyper/hyper/h2/utilities.py +++ /dev/null @@ -1,585 +0,0 @@ -# -*- coding: utf-8 -*- -""" -h2/utilities -~~~~~~~~~~~~ - -Utility functions that do not belong in a separate module. -""" -import collections -import re -from string import whitespace -import sys - -from hpack import HeaderTuple, NeverIndexedHeaderTuple - -from .exceptions import ProtocolError, FlowControlError - -UPPER_RE = re.compile(b"[A-Z]") - -# A set of headers that are hop-by-hop or connection-specific and thus -# forbidden in HTTP/2. This list comes from RFC 7540 § 8.1.2.2. -CONNECTION_HEADERS = frozenset([ - b'connection', u'connection', - b'proxy-connection', u'proxy-connection', - b'keep-alive', u'keep-alive', - b'transfer-encoding', u'transfer-encoding', - b'upgrade', u'upgrade', -]) - - -_ALLOWED_PSEUDO_HEADER_FIELDS = frozenset([ - b':method', u':method', - b':scheme', u':scheme', - b':authority', u':authority', - b':path', u':path', - b':status', u':status', -]) - - -_SECURE_HEADERS = frozenset([ - # May have basic credentials which are vulnerable to dictionary attacks. - b'authorization', u'authorization', - b'proxy-authorization', u'proxy-authorization', -]) - - -_REQUEST_ONLY_HEADERS = frozenset([ - b':scheme', u':scheme', - b':path', u':path', - b':authority', u':authority', - b':method', u':method' -]) - - -_RESPONSE_ONLY_HEADERS = frozenset([b':status', u':status']) - - -if sys.version_info[0] == 2: # Python 2.X - _WHITESPACE = frozenset(whitespace) -else: # Python 3.3+ - _WHITESPACE = frozenset(map(ord, whitespace)) - - -def _secure_headers(headers, hdr_validation_flags): - """ - Certain headers are at risk of being attacked during the header compression - phase, and so need to be kept out of header compression contexts. This - function automatically transforms certain specific headers into HPACK - never-indexed fields to ensure they don't get added to header compression - contexts. - - This function currently implements two rules: - - - 'authorization' and 'proxy-authorization' fields are automatically made - never-indexed. - - Any 'cookie' header field shorter than 20 bytes long is made - never-indexed. - - These fields are the most at-risk. These rules are inspired by Firefox - and nghttp2. - """ - for header in headers: - if header[0] in _SECURE_HEADERS: - yield NeverIndexedHeaderTuple(*header) - elif header[0] in (b'cookie', u'cookie') and len(header[1]) < 20: - yield NeverIndexedHeaderTuple(*header) - else: - yield header - - -def extract_method_header(headers): - """ - Extracts the request method from the headers list. - """ - for k, v in headers: - if k in (b':method', u':method'): - if not isinstance(v, bytes): - return v.encode('utf-8') - else: - return v - - -def is_informational_response(headers): - """ - Searches a header block for a :status header to confirm that a given - collection of headers are an informational response. Assumes the header - block is well formed: that is, that the HTTP/2 special headers are first - in the block, and so that it can stop looking when it finds the first - header field whose name does not begin with a colon. - - :param headers: The HTTP/2 header block. - :returns: A boolean indicating if this is an informational response. - """ - for n, v in headers: - if isinstance(n, bytes): - sigil = b':' - status = b':status' - informational_start = b'1' - else: - sigil = u':' - status = u':status' - informational_start = u'1' - - # If we find a non-special header, we're done here: stop looping. - if not n.startswith(sigil): - return False - - # This isn't the status header, bail. - if n != status: - continue - - # If the first digit is a 1, we've got informational headers. - return v.startswith(informational_start) - - -def guard_increment_window(current, increment): - """ - Increments a flow control window, guarding against that window becoming too - large. - - :param current: The current value of the flow control window. - :param increment: The increment to apply to that window. - :returns: The new value of the window. - :raises: ``FlowControlError`` - """ - # The largest value the flow control window may take. - LARGEST_FLOW_CONTROL_WINDOW = 2**31 - 1 - - new_size = current + increment - - if new_size > LARGEST_FLOW_CONTROL_WINDOW: - raise FlowControlError( - "May not increment flow control window past %d" % - LARGEST_FLOW_CONTROL_WINDOW - ) - - return new_size - - -def authority_from_headers(headers): - """ - Given a header set, searches for the authority header and returns the - value. - - Note that this doesn't terminate early, so should only be called if the - headers are for a client request. Otherwise, will loop over the entire - header set, which is potentially unwise. - - :param headers: The HTTP header set. - :returns: The value of the authority header, or ``None``. - :rtype: ``bytes`` or ``None``. - """ - for n, v in headers: - # This gets run against headers that come both from HPACK and from the - # user, so we may have unicode floating around in here. We only want - # bytes. - if n in (b':authority', u':authority'): - return v.encode('utf-8') if not isinstance(v, bytes) else v - - return None - - -# Flags used by the validate_headers pipeline to determine which checks -# should be applied to a given set of headers. -HeaderValidationFlags = collections.namedtuple( - 'HeaderValidationFlags', - ['is_client', 'is_trailer', 'is_response_header', 'is_push_promise'] -) - - -def validate_headers(headers, hdr_validation_flags): - """ - Validates a header sequence against a set of constraints from RFC 7540. - - :param headers: The HTTP header set. - :param hdr_validation_flags: An instance of HeaderValidationFlags. - """ - # This validation logic is built on a sequence of generators that are - # iterated over to provide the final header list. This reduces some of the - # overhead of doing this checking. However, it's worth noting that this - # checking remains somewhat expensive, and attempts should be made wherever - # possible to reduce the time spent doing them. - # - # For example, we avoid tuple upacking in loops because it represents a - # fixed cost that we don't want to spend, instead indexing into the header - # tuples. - headers = _reject_uppercase_header_fields( - headers, hdr_validation_flags - ) - headers = _reject_surrounding_whitespace( - headers, hdr_validation_flags - ) - headers = _reject_te( - headers, hdr_validation_flags - ) - headers = _reject_connection_header( - headers, hdr_validation_flags - ) - headers = _reject_pseudo_header_fields( - headers, hdr_validation_flags - ) - headers = _check_host_authority_header( - headers, hdr_validation_flags - ) - headers = _check_path_header(headers, hdr_validation_flags) - - return list(headers) - - -def _reject_uppercase_header_fields(headers, hdr_validation_flags): - """ - Raises a ProtocolError if any uppercase character is found in a header - block. - """ - for header in headers: - if UPPER_RE.search(header[0]): - raise ProtocolError( - "Received uppercase header name %s." % header[0]) - yield header - - -def _reject_surrounding_whitespace(headers, hdr_validation_flags): - """ - Raises a ProtocolError if any header name or value is surrounded by - whitespace characters. - """ - # For compatibility with RFC 7230 header fields, we need to allow the field - # value to be an empty string. This is ludicrous, but technically allowed. - # The field name may not be empty, though, so we can safely assume that it - # must have at least one character in it and throw exceptions if it - # doesn't. - for header in headers: - if header[0][0] in _WHITESPACE or header[0][-1] in _WHITESPACE: - raise ProtocolError( - "Received header name surrounded by whitespace %r" % header[0]) - if header[1] and ((header[1][0] in _WHITESPACE) or - (header[1][-1] in _WHITESPACE)): - raise ProtocolError( - "Received header value surrounded by whitespace %r" % header[1] - ) - yield header - - -def _reject_te(headers, hdr_validation_flags): - """ - Raises a ProtocolError if the TE header is present in a header block and - its value is anything other than "trailers". - """ - for header in headers: - if header[0] in (b'te', u'te'): - if header[1].lower() not in (b'trailers', u'trailers'): - raise ProtocolError( - "Invalid value for Transfer-Encoding header: %s" % - header[1] - ) - - yield header - - -def _reject_connection_header(headers, hdr_validation_flags): - """ - Raises a ProtocolError if the Connection header is present in a header - block. - """ - for header in headers: - if header[0] in CONNECTION_HEADERS: - raise ProtocolError( - "Connection-specific header field present: %s." % header[0] - ) - - yield header - - -def _custom_startswith(test_string, bytes_prefix, unicode_prefix): - """ - Given a string that might be a bytestring or a Unicode string, - return True if it starts with the appropriate prefix. - """ - if isinstance(test_string, bytes): - return test_string.startswith(bytes_prefix) - else: - return test_string.startswith(unicode_prefix) - - -def _assert_header_in_set(string_header, bytes_header, header_set): - """ - Given a set of header names, checks whether the string or byte version of - the header name is present. Raises a Protocol error with the appropriate - error if it's missing. - """ - if not (string_header in header_set or bytes_header in header_set): - raise ProtocolError( - "Header block missing mandatory %s header" % string_header - ) - - -def _reject_pseudo_header_fields(headers, hdr_validation_flags): - """ - Raises a ProtocolError if duplicate pseudo-header fields are found in a - header block or if a pseudo-header field appears in a block after an - ordinary header field. - - Raises a ProtocolError if pseudo-header fields are found in trailers. - """ - seen_pseudo_header_fields = set() - seen_regular_header = False - - for header in headers: - if _custom_startswith(header[0], b':', u':'): - if header[0] in seen_pseudo_header_fields: - raise ProtocolError( - "Received duplicate pseudo-header field %s" % header[0] - ) - - seen_pseudo_header_fields.add(header[0]) - - if seen_regular_header: - raise ProtocolError( - "Received pseudo-header field out of sequence: %s" % - header[0] - ) - - if header[0] not in _ALLOWED_PSEUDO_HEADER_FIELDS: - raise ProtocolError( - "Received custom pseudo-header field %s" % header[0] - ) - - else: - seen_regular_header = True - - yield header - - # Check the pseudo-headers we got to confirm they're acceptable. - _check_pseudo_header_field_acceptability( - seen_pseudo_header_fields, hdr_validation_flags - ) - - -def _check_pseudo_header_field_acceptability(pseudo_headers, - hdr_validation_flags): - """ - Given the set of pseudo-headers present in a header block and the - validation flags, confirms that RFC 7540 allows them. - """ - # Pseudo-header fields MUST NOT appear in trailers - RFC 7540 § 8.1.2.1 - if hdr_validation_flags.is_trailer and pseudo_headers: - raise ProtocolError( - "Received pseudo-header in trailer %s" % pseudo_headers - ) - - # If ':status' pseudo-header is not there in a response header, reject it. - # Similarly, if ':path', ':method', or ':scheme' are not there in a request - # header, reject it. Additionally, if a response contains any request-only - # headers or vice-versa, reject it. - # Relevant RFC section: RFC 7540 § 8.1.2.4 - # https://tools.ietf.org/html/rfc7540#section-8.1.2.4 - if hdr_validation_flags.is_response_header: - _assert_header_in_set(u':status', b':status', pseudo_headers) - invalid_response_headers = pseudo_headers & _REQUEST_ONLY_HEADERS - if invalid_response_headers: - raise ProtocolError( - "Encountered request-only headers %s" % - invalid_response_headers - ) - elif (not hdr_validation_flags.is_response_header and - not hdr_validation_flags.is_trailer): - # This is a request, so we need to have seen :path, :method, and - # :scheme. - _assert_header_in_set(u':path', b':path', pseudo_headers) - _assert_header_in_set(u':method', b':method', pseudo_headers) - _assert_header_in_set(u':scheme', b':scheme', pseudo_headers) - invalid_request_headers = pseudo_headers & _RESPONSE_ONLY_HEADERS - if invalid_request_headers: - raise ProtocolError( - "Encountered response-only headers %s" % - invalid_request_headers - ) - - -def _validate_host_authority_header(headers): - """ - Given the :authority and Host headers from a request block that isn't - a trailer, check that: - 1. At least one of these headers is set. - 2. If both headers are set, they match. - - :param headers: The HTTP header set. - :raises: ``ProtocolError`` - """ - # We use None as a sentinel value. Iterate over the list of headers, - # and record the value of these headers (if present). We don't need - # to worry about receiving duplicate :authority headers, as this is - # enforced by the _reject_pseudo_header_fields() pipeline. - # - # TODO: We should also guard against receiving duplicate Host headers, - # and against sending duplicate headers. - authority_header_val = None - host_header_val = None - - for header in headers: - if header[0] in (b':authority', u':authority'): - authority_header_val = header[1] - elif header[0] in (b'host', u'host'): - host_header_val = header[1] - - yield header - - # If we have not-None values for these variables, then we know we saw - # the corresponding header. - authority_present = (authority_header_val is not None) - host_present = (host_header_val is not None) - - # It is an error for a request header block to contain neither - # an :authority header nor a Host header. - if not authority_present and not host_present: - raise ProtocolError( - "Request header block does not have an :authority or Host header." - ) - - # If we receive both headers, they should definitely match. - if authority_present and host_present: - if authority_header_val != host_header_val: - raise ProtocolError( - "Request header block has mismatched :authority and " - "Host headers: %r / %r" - % (authority_header_val, host_header_val) - ) - - -def _check_host_authority_header(headers, hdr_validation_flags): - """ - Raises a ProtocolError if a header block arrives that does not contain an - :authority or a Host header, or if a header block contains both fields, - but their values do not match. - """ - # We only expect to see :authority and Host headers on request header - # blocks that aren't trailers, so skip this validation if this is a - # response header or we're looking at trailer blocks. - skip_validation = ( - hdr_validation_flags.is_response_header or - hdr_validation_flags.is_trailer - ) - if skip_validation: - return headers - - return _validate_host_authority_header(headers) - - -def _check_path_header(headers, hdr_validation_flags): - """ - Raise a ProtocolError if a header block arrives or is sent that contains an - empty :path header. - """ - def inner(): - for header in headers: - if header[0] in (b':path', u':path'): - if not header[1]: - raise ProtocolError("An empty :path header is forbidden") - - yield header - - # We only expect to see :authority and Host headers on request header - # blocks that aren't trailers, so skip this validation if this is a - # response header or we're looking at trailer blocks. - skip_validation = ( - hdr_validation_flags.is_response_header or - hdr_validation_flags.is_trailer - ) - if skip_validation: - return headers - else: - return inner() - - -def _lowercase_header_names(headers, hdr_validation_flags): - """ - Given an iterable of header two-tuples, rebuilds that iterable with the - header names lowercased. This generator produces tuples that preserve the - original type of the header tuple for tuple and any ``HeaderTuple``. - """ - for header in headers: - if isinstance(header, HeaderTuple): - yield header.__class__(header[0].lower(), header[1]) - else: - yield (header[0].lower(), header[1]) - - -def _strip_surrounding_whitespace(headers, hdr_validation_flags): - """ - Given an iterable of header two-tuples, strip both leading and trailing - whitespace from both header names and header values. This generator - produces tuples that preserve the original type of the header tuple for - tuple and any ``HeaderTuple``. - """ - for header in headers: - if isinstance(header, HeaderTuple): - yield header.__class__(header[0].strip(), header[1].strip()) - else: - yield (header[0].strip(), header[1].strip()) - - -def _strip_connection_headers(headers, hdr_validation_flags): - """ - Strip any connection headers as per RFC7540 § 8.1.2.2. - """ - for header in headers: - if header[0] not in CONNECTION_HEADERS: - yield header - - -def _check_sent_host_authority_header(headers, hdr_validation_flags): - """ - Raises an InvalidHeaderBlockError if we try to send a header block - that does not contain an :authority or a Host header, or if - the header block contains both fields, but their values do not match. - """ - # We only expect to see :authority and Host headers on request header - # blocks that aren't trailers, so skip this validation if this is a - # response header or we're looking at trailer blocks. - skip_validation = ( - hdr_validation_flags.is_response_header or - hdr_validation_flags.is_trailer - ) - if skip_validation: - return headers - - return _validate_host_authority_header(headers) - - -def normalize_outbound_headers(headers, hdr_validation_flags): - """ - Normalizes a header sequence that we are about to send. - - :param headers: The HTTP header set. - :param hdr_validation_flags: An instance of HeaderValidationFlags. - """ - headers = _lowercase_header_names(headers, hdr_validation_flags) - headers = _strip_surrounding_whitespace(headers, hdr_validation_flags) - headers = _strip_connection_headers(headers, hdr_validation_flags) - headers = _secure_headers(headers, hdr_validation_flags) - - return headers - - -def validate_outbound_headers(headers, hdr_validation_flags): - """ - Validates and normalizes a header sequence that we are about to send. - - :param headers: The HTTP header set. - :param hdr_validation_flags: An instance of HeaderValidationFlags. - """ - headers = _reject_te( - headers, hdr_validation_flags - ) - headers = _reject_connection_header( - headers, hdr_validation_flags - ) - headers = _reject_pseudo_header_fields( - headers, hdr_validation_flags - ) - headers = _check_sent_host_authority_header( - headers, hdr_validation_flags - ) - headers = _check_path_header(headers, hdr_validation_flags) - - return headers diff --git a/tools/third_party/hyper/hyper/h2/windows.py b/tools/third_party/hyper/hyper/h2/windows.py deleted file mode 100755 index 6656975f486cec..00000000000000 --- a/tools/third_party/hyper/hyper/h2/windows.py +++ /dev/null @@ -1,139 +0,0 @@ -# -*- coding: utf-8 -*- -""" -h2/windows -~~~~~~~~~~ - -Defines tools for managing HTTP/2 flow control windows. - -The objects defined in this module are used to automatically manage HTTP/2 -flow control windows. Specifically, they keep track of what the size of the -window is, how much data has been consumed from that window, and how much data -the user has already used. It then implements a basic algorithm that attempts -to manage the flow control window without user input, trying to ensure that it -does not emit too many WINDOW_UPDATE frames. -""" -from __future__ import division - -from .exceptions import FlowControlError - - -# The largest acceptable value for a HTTP/2 flow control window. -LARGEST_FLOW_CONTROL_WINDOW = 2**31 - 1 - - -class WindowManager(object): - """ - A basic HTTP/2 window manager. - - :param max_window_size: The maximum size of the flow control window. - :type max_window_size: ``int`` - """ - def __init__(self, max_window_size): - assert max_window_size <= LARGEST_FLOW_CONTROL_WINDOW - self.max_window_size = max_window_size - self.current_window_size = max_window_size - self._bytes_processed = 0 - - def window_consumed(self, size): - """ - We have received a certain number of bytes from the remote peer. This - necessarily shrinks the flow control window! - - :param size: The number of flow controlled bytes we received from the - remote peer. - :type size: ``int`` - :returns: Nothing. - :rtype: ``None`` - """ - self.current_window_size -= size - if self.current_window_size < 0: - raise FlowControlError("Flow control window shrunk below 0") - - def window_opened(self, size): - """ - The flow control window has been incremented, either because of manual - flow control management or because of the user changing the flow - control settings. This can have the effect of increasing what we - consider to be the "maximum" flow control window size. - - This does not increase our view of how many bytes have been processed, - only of how much space is in the window. - - :param size: The increment to the flow control window we received. - :type size: ``int`` - :returns: Nothing - :rtype: ``None`` - """ - self.current_window_size += size - - if self.current_window_size > LARGEST_FLOW_CONTROL_WINDOW: - raise FlowControlError( - "Flow control window mustn't exceed %d" % - LARGEST_FLOW_CONTROL_WINDOW - ) - - if self.current_window_size > self.max_window_size: - self.max_window_size = self.current_window_size - - def process_bytes(self, size): - """ - The application has informed us that it has processed a certain number - of bytes. This may cause us to want to emit a window update frame. If - we do want to emit a window update frame, this method will return the - number of bytes that we should increment the window by. - - :param size: The number of flow controlled bytes that the application - has processed. - :type size: ``int`` - :returns: The number of bytes to increment the flow control window by, - or ``None``. - :rtype: ``int`` or ``None`` - """ - self._bytes_processed += size - return self._maybe_update_window() - - def _maybe_update_window(self): - """ - Run the algorithm. - - Our current algorithm can be described like this. - - 1. If no bytes have been processed, we immediately return 0. There is - no meaningful way for us to hand space in the window back to the - remote peer, so let's not even try. - 2. If there is no space in the flow control window, and we have - processed at least 1024 bytes (or 1/4 of the window, if the window - is smaller), we will emit a window update frame. This is to avoid - the risk of blocking a stream altogether. - 3. If there is space in the flow control window, and we have processed - at least 1/2 of the window worth of bytes, we will emit a window - update frame. This is to minimise the number of window update frames - we have to emit. - - In a healthy system with large flow control windows, this will - irregularly emit WINDOW_UPDATE frames. This prevents us starving the - connection by emitting eleventy bajillion WINDOW_UPDATE frames, - especially in situations where the remote peer is sending a lot of very - small DATA frames. - """ - # TODO: Can the window be smaller than 1024 bytes? If not, we can - # streamline this algorithm. - if not self._bytes_processed: - return None - - max_increment = (self.max_window_size - self.current_window_size) - increment = 0 - - # Note that, even though we may increment less than _bytes_processed, - # we still want to set it to zero whenever we emit an increment. This - # is because we'll always increment up to the maximum we can. - if (self.current_window_size == 0) and ( - self._bytes_processed > min(1024, self.max_window_size // 4)): - increment = min(self._bytes_processed, max_increment) - self._bytes_processed = 0 - elif self._bytes_processed >= (self.max_window_size // 2): - increment = min(self._bytes_processed, max_increment) - self._bytes_processed = 0 - - self.current_window_size += increment - return increment diff --git a/tools/third_party/hyper/hyper/http11/__init__.py b/tools/third_party/hyper/hyper/http11/__init__.py deleted file mode 100644 index 2faef667e45806..00000000000000 --- a/tools/third_party/hyper/hyper/http11/__init__.py +++ /dev/null @@ -1,7 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http11 -~~~~~~~~~~~~ - -The HTTP/1.1 submodule that powers hyper. -""" diff --git a/tools/third_party/hyper/hyper/http11/connection.py b/tools/third_party/hyper/hyper/http11/connection.py deleted file mode 100644 index 61361c3580d703..00000000000000 --- a/tools/third_party/hyper/hyper/http11/connection.py +++ /dev/null @@ -1,384 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http11/connection -~~~~~~~~~~~~~~~~~~~~~~~ - -Objects that build hyper's connection-level HTTP/1.1 abstraction. -""" -import logging -import os -import socket -import base64 - -from collections import Iterable, Mapping - -import collections -from hyperframe.frame import SettingsFrame - -from .response import HTTP11Response -from ..tls import wrap_socket, H2C_PROTOCOL -from ..common.bufsocket import BufferedSocket -from ..common.exceptions import TLSUpgrade, HTTPUpgrade -from ..common.headers import HTTPHeaderMap -from ..common.util import to_bytestring, to_host_port_tuple -from ..compat import bytes - -# We prefer pycohttpparser to the pure-Python interpretation -try: # pragma: no cover - from pycohttpparser.api import Parser -except ImportError: # pragma: no cover - from .parser import Parser - - -log = logging.getLogger(__name__) - -BODY_CHUNKED = 1 -BODY_FLAT = 2 - - -class HTTP11Connection(object): - """ - An object representing a single HTTP/1.1 connection to a server. - - :param host: The host to connect to. This may be an IP address or a - hostname, and optionally may include a port: for example, - ``'twitter.com'``, ``'twitter.com:443'`` or ``'127.0.0.1'``. - :param port: (optional) The port to connect to. If not provided and one - also isn't provided in the ``host`` parameter, defaults to 80. - :param secure: (optional) Whether the request should use TLS. Defaults to - ``False`` for most requests, but to ``True`` for any request issued to - port 443. - :param ssl_context: (optional) A class with custom certificate settings. - If not provided then hyper's default ``SSLContext`` is used instead. - :param proxy_host: (optional) The proxy to connect to. This can be an IP - address or a host name and may include a port. - :param proxy_port: (optional) The proxy port to connect to. If not provided - and one also isn't provided in the ``proxy`` parameter, - defaults to 8080. - """ - def __init__(self, host, port=None, secure=None, ssl_context=None, - proxy_host=None, proxy_port=None, **kwargs): - if port is None: - self.host, self.port = to_host_port_tuple(host, default_port=80) - else: - self.host, self.port = host, port - - # Record whether we plan to secure the request. In future this should - # be extended to a security profile, but a bool will do for now. - # TODO: Actually do something with this! - if secure is not None: - self.secure = secure - elif self.port == 443: - self.secure = True - else: - self.secure = False - - # only send http upgrade headers for non-secure connection - self._send_http_upgrade = not self.secure - - self.ssl_context = ssl_context - self._sock = None - - # Setup proxy details if applicable. - if proxy_host: - if proxy_port is None: - self.proxy_host, self.proxy_port = to_host_port_tuple( - proxy_host, default_port=8080 - ) - else: - self.proxy_host, self.proxy_port = proxy_host, proxy_port - else: - self.proxy_host = None - self.proxy_port = None - - #: The size of the in-memory buffer used to store data from the - #: network. This is used as a performance optimisation. Increase buffer - #: size to improve performance: decrease it to conserve memory. - #: Defaults to 64kB. - self.network_buffer_size = 65536 - - #: The object used to perform HTTP/1.1 parsing. Needs to conform to - #: the standard hyper parsing interface. - self.parser = Parser() - - def connect(self): - """ - Connect to the server specified when the object was created. This is a - no-op if we're already connected. - - :returns: Nothing. - """ - if self._sock is None: - if not self.proxy_host: - host = self.host - port = self.port - else: - host = self.proxy_host - port = self.proxy_port - - sock = socket.create_connection((host, port), 5) - proto = None - - if self.secure: - assert not self.proxy_host, "Proxy with HTTPS not supported." - sock, proto = wrap_socket(sock, host, self.ssl_context) - - log.debug("Selected protocol: %s", proto) - sock = BufferedSocket(sock, self.network_buffer_size) - - if proto not in ('http/1.1', None): - raise TLSUpgrade(proto, sock) - - self._sock = sock - - return - - def request(self, method, url, body=None, headers=None): - """ - This will send a request to the server using the HTTP request method - ``method`` and the selector ``url``. If the ``body`` argument is - present, it should be string or bytes object of data to send after the - headers are finished. Strings are encoded as UTF-8. To use other - encodings, pass a bytes object. The Content-Length header is set to the - length of the body field. - - :param method: The request method, e.g. ``'GET'``. - :param url: The URL to contact, e.g. ``'/path/segment'``. - :param body: (optional) The request body to send. Must be a bytestring, - an iterable of bytestring, or a file-like object. - :param headers: (optional) The headers to send on the request. - :returns: Nothing. - """ - - headers = headers or {} - - method = to_bytestring(method) - url = to_bytestring(url) - - if not isinstance(headers, HTTPHeaderMap): - if isinstance(headers, Mapping): - headers = HTTPHeaderMap(headers.items()) - elif isinstance(headers, Iterable): - headers = HTTPHeaderMap(headers) - else: - raise ValueError( - 'Header argument must be a dictionary or an iterable' - ) - - if self._sock is None: - self.connect() - - if self._send_http_upgrade: - self._add_upgrade_headers(headers) - self._send_http_upgrade = False - - # We may need extra headers. - if body: - body_type = self._add_body_headers(headers, body) - - if b'host' not in headers: - headers[b'host'] = self.host - - # Begin by emitting the header block. - self._send_headers(method, url, headers) - - # Next, send the request body. - if body: - self._send_body(body, body_type) - - return - - def get_response(self): - """ - Returns a response object. - - This is an early beta, so the response object is pretty stupid. That's - ok, we'll fix it later. - """ - headers = HTTPHeaderMap() - - response = None - while response is None: - # 'encourage' the socket to receive data. - self._sock.fill() - response = self.parser.parse_response(self._sock.buffer) - - for n, v in response.headers: - headers[n.tobytes()] = v.tobytes() - - self._sock.advance_buffer(response.consumed) - - if (response.status == 101 and - b'upgrade' in headers['connection'] and - H2C_PROTOCOL.encode('utf-8') in headers['upgrade']): - raise HTTPUpgrade(H2C_PROTOCOL, self._sock) - - return HTTP11Response( - response.status, - response.msg.tobytes(), - headers, - self._sock, - self - ) - - def _send_headers(self, method, url, headers): - """ - Handles the logic of sending the header block. - """ - self._sock.send(b' '.join([method, url, b'HTTP/1.1\r\n'])) - - for name, value in headers.iter_raw(): - name, value = to_bytestring(name), to_bytestring(value) - header = b''.join([name, b': ', value, b'\r\n']) - self._sock.send(header) - - self._sock.send(b'\r\n') - - def _add_body_headers(self, headers, body): - """ - Adds any headers needed for sending the request body. This will always - defer to the user-supplied header content. - - :returns: One of (BODY_CHUNKED, BODY_FLAT), indicating what type of - request body should be used. - """ - if b'content-length' in headers: - return BODY_FLAT - - if b'chunked' in headers.get(b'transfer-encoding', []): - return BODY_CHUNKED - - # For bytestring bodies we upload the content with a fixed length. - # For file objects, we use the length of the file object. - if isinstance(body, bytes): - length = str(len(body)).encode('utf-8') - elif hasattr(body, 'fileno'): - length = str(os.fstat(body.fileno()).st_size).encode('utf-8') - else: - length = None - - if length: - headers[b'content-length'] = length - return BODY_FLAT - - headers[b'transfer-encoding'] = b'chunked' - return BODY_CHUNKED - - def _add_upgrade_headers(self, headers): - # Add HTTP Upgrade headers. - headers[b'connection'] = b'Upgrade, HTTP2-Settings' - headers[b'upgrade'] = H2C_PROTOCOL - - # Encode SETTINGS frame payload in Base64 and put into the HTTP-2 - # Settings header. - http2_settings = SettingsFrame(0) - http2_settings.settings[SettingsFrame.INITIAL_WINDOW_SIZE] = 65535 - encoded_settings = base64.urlsafe_b64encode( - http2_settings.serialize_body() - ) - headers[b'HTTP2-Settings'] = encoded_settings.rstrip(b'=') - - def _send_body(self, body, body_type): - """ - Handles the HTTP/1.1 logic for sending HTTP bodies. This does magical - different things in different cases. - """ - if body_type == BODY_FLAT: - # Special case for files and other 'readable' objects. - if hasattr(body, 'read'): - return self._send_file_like_obj(body) - - # Case for bytestrings. - elif isinstance(body, bytes): - self._sock.send(body) - - return - - # Iterables that set a specific content length. - elif isinstance(body, collections.Iterable): - for item in body: - try: - self._sock.send(item) - except TypeError: - raise ValueError( - "Elements in iterable body must be bytestrings. " - "Illegal element: {}".format(item) - ) - return - - else: - raise ValueError( - 'Request body must be a bytestring, a file-like object ' - 'returning bytestrings or an iterable of bytestrings. ' - 'Got: {}'.format(type(body)) - ) - - # Chunked! - return self._send_chunked(body) - - def _send_chunked(self, body): - """ - Handles the HTTP/1.1 logic for sending a chunk-encoded body. - """ - # Chunked! For chunked bodies we don't special-case, we just iterate - # over what we have and send stuff out. - for chunk in body: - length = '{0:x}'.format(len(chunk)).encode('ascii') - - # For now write this as four 'send' calls. That's probably - # inefficient, let's come back to it. - try: - self._sock.send(length) - self._sock.send(b'\r\n') - self._sock.send(chunk) - self._sock.send(b'\r\n') - except TypeError: - raise ValueError( - "Iterable bodies must always iterate in bytestrings" - ) - - self._sock.send(b'0\r\n\r\n') - return - - def _send_file_like_obj(self, fobj): - """ - Handles streaming a file-like object to the network. - """ - while True: - block = fobj.read(16*1024) - if not block: - break - - try: - self._sock.send(block) - except TypeError: - raise ValueError( - "File-like bodies must return bytestrings. Got: " - "{}".format(type(block)) - ) - - return - - def close(self): - """ - Closes the connection. This closes the socket and then abandons the - reference to it. After calling this method, any outstanding - :class:`Response ` objects will throw - exceptions if attempts are made to read their bodies. - - In some cases this method will automatically be called. - - .. warning:: This method should absolutely only be called when you are - certain the connection object is no longer needed. - """ - self._sock.close() - self._sock = None - - # The following two methods are the implementation of the context manager - # protocol. - def __enter__(self): - return self - - def __exit__(self, type, value, tb): - self.close() - return False # Never swallow exceptions. diff --git a/tools/third_party/hyper/hyper/http11/parser.py b/tools/third_party/hyper/hyper/http11/parser.py deleted file mode 100644 index ee391210dd11ed..00000000000000 --- a/tools/third_party/hyper/hyper/http11/parser.py +++ /dev/null @@ -1,82 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http11/parser -~~~~~~~~~~~~~~~~~~~ - -This module contains hyper's pure-Python HTTP/1.1 parser. This module defines -an abstraction layer for HTTP/1.1 parsing that allows for dropping in other -modules if needed, in order to obtain speedups on your chosen platform. -""" -from collections import namedtuple - - -Response = namedtuple( - 'Response', ['status', 'msg', 'minor_version', 'headers', 'consumed'] -) - - -class ParseError(Exception): - """ - An invalid HTTP message was passed to the parser. - """ - pass - - -class Parser(object): - """ - A single HTTP parser object. - This object is not thread-safe, and it does maintain state that is shared - across parsing requests. For this reason, make sure that access to this - object is synchronized if you use it across multiple threads. - """ - def __init__(self): - pass - - def parse_response(self, buffer): - """ - Parses a single HTTP response from a buffer. - :param buffer: A ``memoryview`` object wrapping a buffer containing a - HTTP response. - :returns: A :class:`Response ` object, or - ``None`` if there is not enough data in the buffer. - """ - # Begin by copying the data out of the buffer. This is necessary - # because as much as possible we want to use the built-in bytestring - # methods, rather than looping over the data in Python. - temp_buffer = buffer.tobytes() - - index = temp_buffer.find(b'\n') - if index == -1: - return None - - version, status, reason = temp_buffer[0:index].split(None, 2) - if not version.startswith(b'HTTP/1.'): - raise ParseError("Not HTTP/1.X!") - - minor_version = int(version[7:]) - status = int(status) - reason = memoryview(reason.strip()) - - # Chomp the newline. - index += 1 - - # Now, parse the headers out. - end_index = index - headers = [] - - while True: - end_index = temp_buffer.find(b'\n', index) - if end_index == -1: - return None - elif (end_index - index) <= 1: - # Chomp the newline - end_index += 1 - break - - name, value = temp_buffer[index:end_index].split(b':', 1) - value = value.strip() - headers.append((memoryview(name), memoryview(value))) - index = end_index + 1 - - resp = Response(status, reason, minor_version, headers, end_index) - return resp diff --git a/tools/third_party/hyper/hyper/http11/response.py b/tools/third_party/hyper/hyper/http11/response.py deleted file mode 100644 index ee23be08c916b9..00000000000000 --- a/tools/third_party/hyper/hyper/http11/response.py +++ /dev/null @@ -1,322 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http11/response -~~~~~~~~~~~~~~~~~~~~~ - -Contains the HTTP/1.1 equivalent of the HTTPResponse object defined in -httplib/http.client. -""" -import logging -import weakref -import zlib - -from ..common.decoder import DeflateDecoder -from ..common.exceptions import ChunkedDecodeError, InvalidResponseError -from ..common.exceptions import ConnectionResetError - -log = logging.getLogger(__name__) - - -class HTTP11Response(object): - """ - An ``HTTP11Response`` wraps the HTTP/1.1 response from the server. It - provides access to the response headers and the entity body. The response - is an iterable object and can be used in a with statement. - """ - def __init__(self, code, reason, headers, sock, connection=None): - #: The reason phrase returned by the server. - self.reason = reason - - #: The status code returned by the server. - self.status = code - - #: The response headers. These are determined upon creation, assigned - #: once, and never assigned again. - self.headers = headers - - #: The response trailers. These are always intially ``None``. - self.trailers = None - - # The socket this response is being sent over. - self._sock = sock - - # Whether we expect the connection to be closed. If we do, we don't - # bother checking for content-length, we just keep reading until - # we no longer can. - self._expect_close = False - if b'close' in self.headers.get(b'connection', []): - self._expect_close = True - - # The expected length of the body. - try: - self._length = int(self.headers[b'content-length'][0]) - except KeyError: - self._length = None - - # Whether we expect a chunked response. - self._chunked = ( - b'chunked' in self.headers.get(b'transfer-encoding', []) - ) - - # One of the following must be true: we must expect that the connection - # will be closed following the body, or that a content-length was sent, - # or that we're getting a chunked response. - # FIXME: Remove naked assert, replace with something better. - assert self._expect_close or self._length is not None or self._chunked - - # This object is used for decompressing gzipped request bodies. Right - # now we only support gzip because that's all the RFC mandates of us. - # Later we'll add support for more encodings. - # This 16 + MAX_WBITS nonsense is to force gzip. See this - # Stack Overflow answer for more: - # http://stackoverflow.com/a/2695466/1401686 - if b'gzip' in self.headers.get(b'content-encoding', []): - self._decompressobj = zlib.decompressobj(16 + zlib.MAX_WBITS) - elif b'deflate' in self.headers.get(b'content-encoding', []): - self._decompressobj = DeflateDecoder() - else: - self._decompressobj = None - - # This is a reference that allows for the Response class to tell the - # parent connection object to throw away its socket object. This is to - # be used when the connection is genuinely closed, so that the user - # can keep using the Connection object. - # Strictly, we take a weakreference to this so that we don't set up a - # reference cycle. - if connection is not None: - self._parent = weakref.ref(connection) - else: - self._parent = None - - self._buffered_data = b'' - self._chunker = None - - def read(self, amt=None, decode_content=True): - """ - Reads the response body, or up to the next ``amt`` bytes. - - :param amt: (optional) The amount of data to read. If not provided, all - the data will be read from the response. - :param decode_content: (optional) If ``True``, will transparently - decode the response data. - :returns: The read data. Note that if ``decode_content`` is set to - ``True``, the actual amount of data returned may be different to - the amount requested. - """ - # Return early if we've lost our connection. - if self._sock is None: - return b'' - - if self._chunked: - return self._normal_read_chunked(amt, decode_content) - - # If we're asked to do a read without a length, we need to read - # everything. That means either the entire content length, or until the - # socket is closed, depending. - if amt is None: - if self._length is not None: - amt = self._length - elif self._expect_close: - return self._read_expect_closed(decode_content) - else: # pragma: no cover - raise InvalidResponseError( - "Response must either have length or Connection: close" - ) - - # Otherwise, we've been asked to do a bounded read. We should read no - # more than the remaining length, obviously. - # FIXME: Handle cases without _length - if self._length is not None: - amt = min(amt, self._length) - - # Now, issue reads until we read that length. This is to account for - # the fact that it's possible that we'll be asked to read more than - # 65kB in one shot. - to_read = amt - chunks = [] - - # Ideally I'd like this to read 'while to_read', but I want to be - # defensive against the admittedly unlikely case that the socket - # returns *more* data than I want. - while to_read > 0: - chunk = self._sock.recv(amt).tobytes() - - # If we got an empty read, but were expecting more, the remote end - # has hung up. Raise an exception if we were expecting more data, - # but if we were expecting the remote end to close then it's ok. - if not chunk: - if self._length is not None or not self._expect_close: - self.close(socket_close=True) - raise ConnectionResetError("Remote end hung up!") - - break - - to_read -= len(chunk) - chunks.append(chunk) - - data = b''.join(chunks) - if self._length is not None: - self._length -= len(data) - - # If we're at the end of the request, we have some cleaning up to do. - # Close the stream, and if necessary flush the buffer. Checking that - # we're at the end is actually obscenely complex: either we've read the - # full content-length or, if we were expecting a closed connection, - # we've had a read shorter than the requested amount. We also have to - # do this before we try to decompress the body. - end_of_request = (self._length == 0 or - (self._expect_close and len(data) < amt)) - - # We may need to decode the body. - if decode_content and self._decompressobj and data: - data = self._decompressobj.decompress(data) - - if decode_content and self._decompressobj and end_of_request: - data += self._decompressobj.flush() - - # We're at the end. Close the connection. Explicit check for zero here - # because self._length might be None. - if end_of_request: - self.close(socket_close=self._expect_close) - - return data - - def read_chunked(self, decode_content=True): - """ - Reads chunked transfer encoded bodies. This method returns a generator: - each iteration of which yields one chunk *unless* the chunks are - compressed, in which case it yields whatever the decompressor provides - for each chunk. - - .. warning:: This may yield the empty string, without that being the - end of the body! - """ - if not self._chunked: - raise ChunkedDecodeError( - "Attempted chunked read of non-chunked body." - ) - - # Return early if possible. - if self._sock is None: - return - - while True: - # Read to the newline to get the chunk length. This is a - # hexadecimal integer. - chunk_length = int(self._sock.readline().tobytes().strip(), 16) - data = b'' - - # If the chunk length is zero, consume the newline and then we're - # done. If we were decompressing data, return the remaining data. - if not chunk_length: - self._sock.readline() - - if decode_content and self._decompressobj: - yield self._decompressobj.flush() - - self.close(socket_close=self._expect_close) - break - - # Then read that many bytes. - while chunk_length > 0: - chunk = self._sock.recv(chunk_length).tobytes() - data += chunk - chunk_length -= len(chunk) - - assert chunk_length == 0 - - # Now, consume the newline. - self._sock.readline() - - # We may need to decode the body. - if decode_content and self._decompressobj and data: - data = self._decompressobj.decompress(data) - - yield data - - return - - def close(self, socket_close=False): - """ - Close the response. This causes the Response to lose access to the - backing socket. In some cases, it can also cause the backing connection - to be torn down. - - :param socket_close: Whether to close the backing socket. - :returns: Nothing. - """ - if socket_close and self._parent is not None: - # The double call is necessary because we need to dereference the - # weakref. If the weakref is no longer valid, that's fine, there's - # no connection object to tell. - parent = self._parent() - if parent is not None: - parent.close() - - self._sock = None - - def _read_expect_closed(self, decode_content): - """ - Implements the logic for an unbounded read on a socket that we expect - to be closed by the remote end. - """ - # In this case, just read until we cannot read anymore. Then, close the - # socket, becuase we know we have to. - chunks = [] - while True: - try: - chunk = self._sock.recv(65535).tobytes() - if not chunk: - break - except ConnectionResetError: - break - else: - chunks.append(chunk) - - self.close(socket_close=True) - - # We may need to decompress the data. - data = b''.join(chunks) - if decode_content and self._decompressobj: - data = self._decompressobj.decompress(data) - data += self._decompressobj.flush() - - return data - - def _normal_read_chunked(self, amt, decode_content): - """ - Implements the logic for calling ``read()`` on a chunked response. - """ - # If we're doing a full read, read it as chunked and then just join - # the chunks together! - if amt is None: - return self._buffered_data + b''.join(self.read_chunked()) - - if self._chunker is None: - self._chunker = self.read_chunked() - - # Otherwise, we have a certain amount of data we want to read. - current_amount = len(self._buffered_data) - - extra_data = [self._buffered_data] - while current_amount < amt: - try: - chunk = next(self._chunker) - except StopIteration: - self.close(socket_close=self._expect_close) - break - - current_amount += len(chunk) - extra_data.append(chunk) - - data = b''.join(extra_data) - self._buffered_data = data[amt:] - return data[:amt] - - # The following methods implement the context manager protocol. - def __enter__(self): - return self - - def __exit__(self, *args): - self.close() - return False # Never swallow exceptions. diff --git a/tools/third_party/hyper/hyper/http20/__init__.py b/tools/third_party/hyper/hyper/http20/__init__.py deleted file mode 100644 index 4a756d2c48491f..00000000000000 --- a/tools/third_party/hyper/hyper/http20/__init__.py +++ /dev/null @@ -1,7 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http20 -~~~~~~~~~~~~ - -The HTTP/2 submodule that powers hyper. -""" diff --git a/tools/third_party/hyper/hyper/http20/connection.py b/tools/third_party/hyper/hyper/http20/connection.py deleted file mode 100644 index 12076cdaf14ead..00000000000000 --- a/tools/third_party/hyper/hyper/http20/connection.py +++ /dev/null @@ -1,850 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http20/connection -~~~~~~~~~~~~~~~~~~~~~~~ - -Objects that build hyper's connection-level HTTP/2 abstraction. -""" -import h2.connection -import h2.events -import h2.settings - -from ..compat import ssl -from ..tls import wrap_socket, H2_NPN_PROTOCOLS, H2C_PROTOCOL -from ..common.exceptions import ConnectionResetError -from ..common.bufsocket import BufferedSocket -from ..common.headers import HTTPHeaderMap -from ..common.util import to_host_port_tuple, to_native_string, to_bytestring -from ..compat import unicode, bytes -from .stream import Stream -from .response import HTTP20Response, HTTP20Push -from .window import FlowControlManager -from .exceptions import ConnectionError, StreamResetError -from . import errors - -import errno -import logging -import socket -import time -import threading - -log = logging.getLogger(__name__) - -DEFAULT_WINDOW_SIZE = 65535 - -TRANSIENT_SSL_ERRORS = (ssl.SSL_ERROR_WANT_READ, ssl.SSL_ERROR_WANT_WRITE) - - -class _LockedObject(object): - """ - A wrapper class that hides a specific object behind a lock. - - The goal here is to provide a simple way to protect access to an object - that cannot safely be simultaneously accessed from multiple threads. The - intended use of this class is simple: take hold of it with a context - manager, which returns the protected object. - """ - def __init__(self, obj): - self.lock = threading.RLock() - self._obj = obj - - def __enter__(self): - self.lock.acquire() - return self._obj - - def __exit__(self, _exc_type, _exc_val, _exc_tb): - self.lock.release() - - -class HTTP20Connection(object): - """ - An object representing a single HTTP/2 connection to a server. - - This object behaves similarly to the Python standard library's - ``HTTPConnection`` object, with a few critical differences. - - Most of the standard library's arguments to the constructor are irrelevant - for HTTP/2 or not supported by hyper. - - :param host: The host to connect to. This may be an IP address or a - hostname, and optionally may include a port: for example, - ``'http2bin.org'``, ``'http2bin.org:443'`` or ``'127.0.0.1'``. - :param port: (optional) The port to connect to. If not provided and one - also isn't provided in the ``host`` parameter, defaults to 443. - :param secure: (optional) Whether the request should use TLS. Defaults to - ``False`` for most requests, but to ``True`` for any request issued to - port 443. - :param window_manager: (optional) The class to use to manage flow control - windows. This needs to be a subclass of the - :class:`BaseFlowControlManager - `. If not provided, - :class:`FlowControlManager ` - will be used. - :param enable_push: (optional) Whether the server is allowed to push - resources to the client (see - :meth:`get_pushes() `). - :param ssl_context: (optional) A class with custom certificate settings. - If not provided then hyper's default ``SSLContext`` is used instead. - :param proxy_host: (optional) The proxy to connect to. This can be an IP - address or a host name and may include a port. - :param proxy_port: (optional) The proxy port to connect to. If not provided - and one also isn't provided in the ``proxy`` parameter, defaults to - 8080. - """ - def __init__(self, host, port=None, secure=None, window_manager=None, - enable_push=False, ssl_context=None, proxy_host=None, - proxy_port=None, force_proto=None, **kwargs): - """ - Creates an HTTP/2 connection to a specific server. - """ - if port is None: - self.host, self.port = to_host_port_tuple(host, default_port=443) - else: - self.host, self.port = host, port - - if secure is not None: - self.secure = secure - elif self.port == 443: - self.secure = True - else: - self.secure = False - - self._enable_push = enable_push - self.ssl_context = ssl_context - - # Setup proxy details if applicable. - if proxy_host: - if proxy_port is None: - self.proxy_host, self.proxy_port = to_host_port_tuple( - proxy_host, default_port=8080 - ) - else: - self.proxy_host, self.proxy_port = proxy_host, proxy_port - else: - self.proxy_host = None - self.proxy_port = None - - #: The size of the in-memory buffer used to store data from the - #: network. This is used as a performance optimisation. Increase buffer - #: size to improve performance: decrease it to conserve memory. - #: Defaults to 64kB. - self.network_buffer_size = 65536 - - self.force_proto = force_proto - - # Concurrency - # - # Use one lock (_lock) to synchronize any interaction with global - # connection state, e.g. stream creation/deletion. - # - # It's ok to use the same in lock all these cases as they occur at - # different/linked points in the connection's lifecycle. - # - # Use another 2 locks (_write_lock, _read_lock) to synchronize - # - _send_cb - # - _recv_cb - # respectively. - # - # I.e, send/recieve on the connection and its streams are serialized - # separately across the threads accessing the connection. This is a - # simple way of providing thread-safety. - # - # _write_lock and _read_lock synchronize all interactions between - # streams and the connnection. There is a third I/O callback, - # _close_stream, passed to a stream's constructor. It does not need to - # be synchronized, it uses _send_cb internally (which is serialized); - # its other activity (safe deletion of the stream from self.streams) - # does not require synchronization. - # - # _read_lock may be acquired when already holding the _write_lock, - # when they both held it is always by acquiring _write_lock first. - # - # Either _read_lock or _write_lock may be acquired whilst holding _lock - # which should always be acquired before either of the other two. - self._lock = threading.RLock() - self._write_lock = threading.RLock() - self._read_lock = threading.RLock() - - # Create the mutable state. - self.__wm_class = window_manager or FlowControlManager - self.__init_state() - - return - - def __init_state(self): - """ - Initializes the 'mutable state' portions of the HTTP/2 connection - object. - - This method exists to enable HTTP20Connection objects to be reused if - they're closed, by resetting the connection object to its basic state - whenever it ends up closed. Any situation that needs to recreate the - connection can call this method and it will be done. - - This is one of the only methods in hyper that is truly private, as - users should be strongly discouraged from messing about with connection - objects themselves. - """ - self._conn = _LockedObject(h2.connection.H2Connection()) - - # Streams are stored in a dictionary keyed off their stream IDs. We - # also save the most recent one for easy access without having to walk - # the dictionary. - # - # We add a set of all streams that we or the remote party forcefully - # closed with RST_STREAM, to avoid encountering issues where frames - # were already in flight before the RST was processed. - # - # Finally, we add a set of streams that recently received data. When - # using multiple threads, this avoids reading on threads that have just - # acquired the I/O lock whose streams have already had their data read - # for them by prior threads. - self.streams = {} - self.recent_stream = None - self.next_stream_id = 1 - self.reset_streams = set() - self.recent_recv_streams = set() - - # The socket used to send data. - self._sock = None - - # Instantiate a window manager. - self.window_manager = self.__wm_class(65535) - - return - - def ping(self, opaque_data): - """ - Send a PING frame. - - Concurrency - ----------- - - This method is thread-safe. - - :param opaque_data: A bytestring of length 8 that will be sent in the - PING frame. - :returns: Nothing - """ - self.connect() - with self._write_lock: - with self._conn as conn: - conn.ping(to_bytestring(opaque_data)) - self._send_outstanding_data() - - def request(self, method, url, body=None, headers=None): - """ - This will send a request to the server using the HTTP request method - ``method`` and the selector ``url``. If the ``body`` argument is - present, it should be string or bytes object of data to send after the - headers are finished. Strings are encoded as UTF-8. To use other - encodings, pass a bytes object. The Content-Length header is set to the - length of the body field. - - Concurrency - ----------- - - This method is thread-safe. - - :param method: The request method, e.g. ``'GET'``. - :param url: The URL to contact, e.g. ``'/path/segment'``. - :param body: (optional) The request body to send. Must be a bytestring - or a file-like object. - :param headers: (optional) The headers to send on the request. - :returns: A stream ID for the request. - """ - headers = headers or {} - - # Concurrency - # - # It's necessary to hold a lock while this method runs to satisfy H2 - # protocol requirements. - # - # - putrequest obtains the next valid new stream_id - # - endheaders sends a http2 message using the new stream_id - # - # If threads interleave these operations, it could result in messages - # being sent in the wrong order, which can lead to the out-of-order - # messages with lower stream IDs being closed prematurely. - with self._write_lock: - stream_id = self.putrequest(method, url) - - default_headers = (':method', ':scheme', ':authority', ':path') - for name, value in headers.items(): - is_default = to_native_string(name) in default_headers - self.putheader(name, value, stream_id, replace=is_default) - - # Convert the body to bytes if needed. - if body and isinstance(body, (unicode, bytes)): - body = to_bytestring(body) - - self.endheaders(message_body=body, final=True, stream_id=stream_id) - - return stream_id - - def _get_stream(self, stream_id): - if stream_id is None: - return self.recent_stream - elif stream_id in self.reset_streams or stream_id not in self.streams: - raise StreamResetError("Stream forcefully closed") - else: - return self.streams[stream_id] - - def get_response(self, stream_id=None): - """ - Should be called after a request is sent to get a response from the - server. If sending multiple parallel requests, pass the stream ID of - the request whose response you want. Returns a - :class:`HTTP20Response ` instance. - If you pass no ``stream_id``, you will receive the oldest - :class:`HTTPResponse ` still outstanding. - - Concurrency - ----------- - - This method is thread-safe. - - :param stream_id: (optional) The stream ID of the request for which to - get a response. - :returns: A :class:`HTTP20Response ` object. - """ - stream = self._get_stream(stream_id) - return HTTP20Response(stream.getheaders(), stream) - - def get_pushes(self, stream_id=None, capture_all=False): - """ - Returns a generator that yields push promises from the server. **Note - that this method is not idempotent**: promises returned in one call - will not be returned in subsequent calls. Iterating through generators - returned by multiple calls to this method simultaneously results in - undefined behavior. - - :param stream_id: (optional) The stream ID of the request for which to - get push promises. - :param capture_all: (optional) If ``False``, the generator will yield - all buffered push promises without blocking. If ``True``, the - generator will first yield all buffered push promises, then yield - additional ones as they arrive, and terminate when the original - stream closes. - :returns: A generator of :class:`HTTP20Push ` objects - corresponding to the streams pushed by the server. - """ - stream = self._get_stream(stream_id) - for promised_stream_id, headers in stream.get_pushes(capture_all): - yield HTTP20Push( - HTTPHeaderMap(headers), self.streams[promised_stream_id] - ) - - def connect(self): - """ - Connect to the server specified when the object was created. This is a - no-op if we're already connected. - - Concurrency - ----------- - - This method is thread-safe. It may be called from multiple threads, and - is a noop for all threads apart from the first. - - :returns: Nothing. - - """ - with self._lock: - if self._sock is not None: - return - - if not self.proxy_host: - host = self.host - port = self.port - else: - host = self.proxy_host - port = self.proxy_port - - sock = socket.create_connection((host, port)) - - if self.secure: - assert not self.proxy_host, "Proxy with HTTPS not supported." - sock, proto = wrap_socket(sock, host, self.ssl_context, - force_proto=self.force_proto) - else: - proto = H2C_PROTOCOL - - log.debug("Selected NPN protocol: %s", proto) - assert proto in H2_NPN_PROTOCOLS or proto == H2C_PROTOCOL - - self._sock = BufferedSocket(sock, self.network_buffer_size) - - self._send_preamble() - - def _connect_upgrade(self, sock): - """ - Called by the generic HTTP connection when we're being upgraded. Locks - in a new socket and places the backing state machine into an upgrade - state, then sends the preamble. - """ - self._sock = sock - - with self._conn as conn: - conn.initiate_upgrade_connection() - conn.update_settings( - {h2.settings.SettingCodes.ENABLE_PUSH: int(self._enable_push)} - ) - self._send_outstanding_data() - - # The server will also send an initial settings frame, so get it. - # However, we need to make sure our stream state is set up properly - # first, or any extra data we receive might cause us problems. - s = self._new_stream(local_closed=True) - self.recent_stream = s - - self._recv_cb() - - def _send_preamble(self): - """ - Sends the necessary HTTP/2 preamble. - """ - # We need to send the connection header immediately on this - # connection, followed by an initial settings frame. - with self._conn as conn: - conn.initiate_connection() - conn.update_settings( - {h2.settings.SettingCodes.ENABLE_PUSH: int(self._enable_push)} - ) - self._send_outstanding_data() - - # The server will also send an initial settings frame, so get it. - self._recv_cb() - - def close(self, error_code=None): - """ - Close the connection to the server. - - Concurrency - ----------- - - This method is thread-safe. - - :param error_code: (optional) The error code to reset all streams with. - :returns: Nothing. - """ - # Concurrency - # - # It's necessary to hold the lock here to ensure that threads closing - # the connection see consistent state, and to prevent creation of - # of new streams while the connection is being closed. - # - # I/O occurs while the lock is held; waiting threads will see a delay. - with self._lock: - # Close all streams - for stream in list(self.streams.values()): - log.debug("Close stream %d" % stream.stream_id) - stream.close(error_code) - - # Send GoAway frame to the server - try: - with self._conn as conn: - conn.close_connection(error_code or 0) - self._send_outstanding_data(tolerate_peer_gone=True) - except Exception as e: # pragma: no cover - log.warn("GoAway frame could not be sent: %s" % e) - - if self._sock is not None: - self._sock.close() - self.__init_state() - - def _send_outstanding_data(self, tolerate_peer_gone=False, - send_empty=True): - # Concurrency - # - # Hold _write_lock; getting and writing data from _conn is synchronized - # - # I/O occurs while the lock is held; waiting threads will see a delay. - with self._write_lock: - with self._conn as conn: - data = conn.data_to_send() - if data or send_empty: - self._send_cb(data, tolerate_peer_gone=tolerate_peer_gone) - - def putrequest(self, method, selector, **kwargs): - """ - This should be the first call for sending a given HTTP request to a - server. It returns a stream ID for the given connection that should be - passed to all subsequent request building calls. - - Concurrency - ----------- - - This method is thread-safe. It can be called from multiple threads, - and each thread should receive a unique stream ID. - - :param method: The request method, e.g. ``'GET'``. - :param selector: The path selector. - :returns: A stream ID for the request. - """ - # Create a new stream. - s = self._new_stream() - - # To this stream we need to immediately add a few headers that are - # HTTP/2 specific. These are: ":method", ":scheme", ":authority" and - # ":path". We can set all of these now. - s.add_header(":method", method) - s.add_header(":scheme", "https" if self.secure else "http") - s.add_header(":authority", self.host) - s.add_header(":path", selector) - - # Save the stream. - self.recent_stream = s - - return s.stream_id - - def putheader(self, header, argument, stream_id=None, replace=False): - """ - Sends an HTTP header to the server, with name ``header`` and value - ``argument``. - - Unlike the ``httplib`` version of this function, this version does not - actually send anything when called. Instead, it queues the headers up - to be sent when you call - :meth:`endheaders() `. - - This method ensures that headers conform to the HTTP/2 specification. - In particular, it strips out the ``Connection`` header, as that header - is no longer valid in HTTP/2. This is to make it easy to write code - that runs correctly in both HTTP/1.1 and HTTP/2. - - :param header: The name of the header. - :param argument: The value of the header. - :param stream_id: (optional) The stream ID of the request to add the - header to. - :returns: Nothing. - """ - stream = self._get_stream(stream_id) - stream.add_header(header, argument, replace) - - return - - def endheaders(self, message_body=None, final=False, stream_id=None): - """ - Sends the prepared headers to the server. If the ``message_body`` - argument is provided it will also be sent to the server as the body of - the request, and the stream will immediately be closed. If the - ``final`` argument is set to True, the stream will also immediately - be closed: otherwise, the stream will be left open and subsequent calls - to ``send()`` will be required. - - :param message_body: (optional) The body to send. May not be provided - assuming that ``send()`` will be called. - :param final: (optional) If the ``message_body`` parameter is provided, - should be set to ``True`` if no further data will be provided via - calls to :meth:`send() `. - :param stream_id: (optional) The stream ID of the request to finish - sending the headers on. - :returns: Nothing. - """ - self.connect() - - stream = self._get_stream(stream_id) - - headers_only = (message_body is None and final) - - # Concurrency: - # - # Hold _write_lock: synchronize access to the connection's HPACK - # encoder and decoder and the subsquent write to the connection - with self._write_lock: - stream.send_headers(headers_only) - - # Send whatever data we have. - if message_body is not None: - stream.send_data(message_body, final) - - self._send_outstanding_data() - - return - - def send(self, data, final=False, stream_id=None): - """ - Sends some data to the server. This data will be sent immediately - (excluding the normal HTTP/2 flow control rules). If this is the last - data that will be sent as part of this request, the ``final`` argument - should be set to ``True``. This will cause the stream to be closed. - - :param data: The data to send. - :param final: (optional) Whether this is the last bit of data to be - sent on this request. - :param stream_id: (optional) The stream ID of the request to send the - data on. - :returns: Nothing. - """ - stream = self._get_stream(stream_id) - stream.send_data(data, final) - - return - - def _new_stream(self, stream_id=None, local_closed=False): - """ - Returns a new stream object for this connection. - """ - # Concurrency - # - # Hold _lock: ensure that threads accessing the connection see - # self.next_stream_id in a consistent state - # - # No I/O occurs, the delay in waiting threads depends on their number. - with self._lock: - s = Stream( - stream_id or self.next_stream_id, - self.__wm_class(DEFAULT_WINDOW_SIZE), - self._conn, - self._send_outstanding_data, - self._recv_cb, - self._stream_close_cb, - ) - s.local_closed = local_closed - self.streams[s.stream_id] = s - self.next_stream_id += 2 - - return s - - def _send_cb(self, data, tolerate_peer_gone=False): - """ - This is the callback used by streams to send data on the connection. - - This acts as a dumb wrapper around the socket send method. - """ - # Concurrency - # - # Hold _write_lock: ensures only writer at a time - # - # I/O occurs while the lock is held; waiting threads will see a delay. - with self._write_lock: - try: - self._sock.sendall(data) - except socket.error as e: - if (not tolerate_peer_gone or - e.errno not in (errno.EPIPE, errno.ECONNRESET)): - raise - - def _adjust_receive_window(self, frame_len): - """ - Adjusts the window size in response to receiving a DATA frame of length - ``frame_len``. May send a WINDOWUPDATE frame if necessary. - """ - # Concurrency - # - # Hold _write_lock; synchronize the window manager update and the - # subsequent potential write to the connection - # - # I/O may occur while the lock is held; waiting threads may see a - # delay. - with self._write_lock: - increment = self.window_manager._handle_frame(frame_len) - - if increment: - with self._conn as conn: - conn.increment_flow_control_window(increment) - self._send_outstanding_data(tolerate_peer_gone=True) - - return - - def _single_read(self): - """ - Performs a single read from the socket and hands the data off to the - h2 connection object. - """ - # Begin by reading what we can from the socket. - # - # Concurrency - # - # Synchronizes reading the data - # - # I/O occurs while the lock is held; waiting threads will see a delay. - with self._read_lock: - if self._sock is None: - raise ConnectionError('tried to read after connection close') - self._sock.fill() - data = self._sock.buffer.tobytes() - self._sock.advance_buffer(len(data)) - with self._conn as conn: - events = conn.receive_data(data) - stream_ids = set(getattr(e, 'stream_id', -1) for e in events) - stream_ids.discard(-1) # sentinel - stream_ids.discard(0) # connection events - self.recent_recv_streams |= stream_ids - - for event in events: - if isinstance(event, h2.events.DataReceived): - self._adjust_receive_window(event.flow_controlled_length) - self.streams[event.stream_id].receive_data(event) - elif isinstance(event, h2.events.PushedStreamReceived): - if self._enable_push: - self._new_stream(event.pushed_stream_id, local_closed=True) - self.streams[event.parent_stream_id].receive_push(event) - else: - # Servers are forbidden from sending push promises when - # the ENABLE_PUSH setting is 0, but the spec leaves the - # client action undefined when they do it anyway. So we - # just refuse the stream and go about our business. - self._send_rst_frame(event.pushed_stream_id, 7) - elif isinstance(event, h2.events.ResponseReceived): - self.streams[event.stream_id].receive_response(event) - elif isinstance(event, h2.events.TrailersReceived): - self.streams[event.stream_id].receive_trailers(event) - elif isinstance(event, h2.events.StreamEnded): - self.streams[event.stream_id].receive_end_stream(event) - elif isinstance(event, h2.events.StreamReset): - if event.stream_id not in self.reset_streams: - self.reset_streams.add(event.stream_id) - self.streams[event.stream_id].receive_reset(event) - elif isinstance(event, h2.events.ConnectionTerminated): - # If we get GoAway with error code zero, we are doing a - # graceful shutdown and all is well. Otherwise, throw an - # exception. - self.close() - - # If an error occured, try to read the error description from - # code registry otherwise use the frame's additional data. - if event.error_code != 0: - try: - name, number, description = errors.get_data( - event.error_code - ) - except ValueError: - error_string = ( - "Encountered error code %d" % event.error_code - ) - else: - error_string = ( - "Encountered error %s %s: %s" % - (name, number, description) - ) - - raise ConnectionError(error_string) - else: - log.info("Received unhandled event %s", event) - - self._send_outstanding_data(tolerate_peer_gone=True, send_empty=False) - - def _recv_cb(self, stream_id=0): - """ - This is the callback used by streams to read data from the connection. - - This stream reads what data it can, and throws it into the underlying - connection, before farming out any events that fire to the relevant - streams. If the socket remains readable, it will then optimistically - continue to attempt to read. - - This is generally called by a stream, not by the connection itself, and - it's likely that streams will read a frame that doesn't belong to them. - - :param stream_id: (optional) The stream ID of the stream reading data - from the connection. - - """ - # Begin by reading what we can from the socket. - # - # Concurrency - # - # Ignore this read if some other thread has recently read data from - # from the requested stream. - # - # The lock here looks broad, but is needed to ensure correct behavior - # when there are multiple readers of the same stream. It is - # re-acquired in the calls to self._single_read. - # - # I/O occurs while the lock is held; waiting threads will see a delay. - with self._read_lock: - log.debug('recv for stream %d with %s already present', - stream_id, - self.recent_recv_streams) - if stream_id in self.recent_recv_streams: - self.recent_recv_streams.discard(stream_id) - return - - # make sure to validate the stream is readable. - # if the connection was reset, this stream id won't appear in - # self.streams and will cause this call to raise an exception. - if stream_id: - self._get_stream(stream_id) - - # TODO: Re-evaluate this. - self._single_read() - count = 9 - retry_wait = 0.05 # can improve responsiveness to delay the retry - - while count and self._sock is not None and self._sock.can_read: - # If the connection has been closed, bail out, but retry - # on transient errors. - try: - self._single_read() - except ConnectionResetError: - break - except ssl.SSLError as e: # pragma: no cover - # these are transient errors that can occur while reading - # from ssl connections. - if e.args[0] in TRANSIENT_SSL_ERRORS: - continue - else: - raise - except socket.error as e: # pragma: no cover - if e.errno in (errno.EINTR, errno.EAGAIN): - # if 'interrupted' or 'try again', continue - time.sleep(retry_wait) - continue - elif e.errno == errno.ECONNRESET: - break - else: - raise - - count -= 1 - - def _send_rst_frame(self, stream_id, error_code): - """ - Send reset stream frame with error code and remove stream from map. - """ - # Concurrency - # - # Hold _write_lock; synchronize generating the reset frame and writing - # it - # - # I/O occurs while the lock is held; waiting threads will see a delay. - with self._write_lock: - with self._conn as conn: - conn.reset_stream(stream_id, error_code=error_code) - self._send_outstanding_data() - - # Concurrency - # - # Hold _lock; the stream storage is being updated. No I/O occurs, any - # delay is proportional to the number of waiting threads. - with self._lock: - try: - del self.streams[stream_id] - self.recent_recv_streams.discard(stream_id) - except KeyError as e: # pragma: no cover - log.warn( - "Stream with id %d does not exist: %s", - stream_id, e) - - # Keep track of the fact that we reset this stream in case there - # are other frames in flight. - self.reset_streams.add(stream_id) - - def _stream_close_cb(self, stream_id): - """ - Called by a stream when it is closing, so that state can be cleared. - """ - try: - del self.streams[stream_id] - self.recent_recv_streams.discard(stream_id) - except KeyError: - pass - - # The following two methods are the implementation of the context manager - # protocol. - def __enter__(self): - return self - - def __exit__(self, type, value, tb): - self.close() - return False # Never swallow exceptions. diff --git a/tools/third_party/hyper/hyper/http20/errors.py b/tools/third_party/hyper/hyper/http20/errors.py deleted file mode 100644 index bcad88595962e9..00000000000000 --- a/tools/third_party/hyper/hyper/http20/errors.py +++ /dev/null @@ -1,77 +0,0 @@ -# -*- coding: utf-8 -*- -# flake8: noqa -""" -hyper/http20/errors -~~~~~~~~~~~~~~~~~~~ - -Global error code registry containing the established HTTP/2 error codes. -The registry is based on a 32-bit space so we use the error code to index into -the array. - -The current registry is available at: -https://tools.ietf.org/html/rfc7540#section-11.4 -""" - -NO_ERROR = {'Name': 'NO_ERROR', - 'Code': '0x0', - 'Description': 'Graceful shutdown'} -PROTOCOL_ERROR = {'Name': 'PROTOCOL_ERROR', - 'Code': '0x1', - 'Description': 'Protocol error detected'} -INTERNAL_ERROR = {'Name': 'INTERNAL_ERROR', - 'Code': '0x2', - 'Description': 'Implementation fault'} -FLOW_CONTROL_ERROR = {'Name': 'FLOW_CONTROL_ERROR', - 'Code': '0x3', - 'Description': 'Flow control limits exceeded'} -SETTINGS_TIMEOUT = {'Name': 'SETTINGS_TIMEOUT', - 'Code': '0x4', - 'Description': 'Settings not acknowledged'} -STREAM_CLOSED = {'Name': 'STREAM_CLOSED', - 'Code': '0x5', - 'Description': 'Frame received for closed stream'} -FRAME_SIZE_ERROR = {'Name': 'FRAME_SIZE_ERROR', - 'Code': '0x6', - 'Description': 'Frame size incorrect'} -REFUSED_STREAM = {'Name': 'REFUSED_STREAM ', - 'Code': '0x7', - 'Description': 'Stream not processed'} -CANCEL = {'Name': 'CANCEL', - 'Code': '0x8', - 'Description': 'Stream cancelled'} -COMPRESSION_ERROR = {'Name': 'COMPRESSION_ERROR', - 'Code': '0x9', - 'Description': 'Compression state not updated'} -CONNECT_ERROR = {'Name': 'CONNECT_ERROR', - 'Code': '0xa', - 'Description': - 'TCP connection error for CONNECT method'} -ENHANCE_YOUR_CALM = {'Name': 'ENHANCE_YOUR_CALM', - 'Code': '0xb', - 'Description': 'Processing capacity exceeded'} -INADEQUATE_SECURITY = {'Name': 'INADEQUATE_SECURITY', - 'Code': '0xc', - 'Description': - 'Negotiated TLS parameters not acceptable'} -HTTP_1_1_REQUIRED = {'Name': 'HTTP_1_1_REQUIRED', - 'Code': '0xd', - 'Description': 'Use HTTP/1.1 for the request'} - -H2_ERRORS = [NO_ERROR, PROTOCOL_ERROR, INTERNAL_ERROR, FLOW_CONTROL_ERROR, - SETTINGS_TIMEOUT, STREAM_CLOSED, FRAME_SIZE_ERROR, REFUSED_STREAM, - CANCEL, COMPRESSION_ERROR, CONNECT_ERROR, ENHANCE_YOUR_CALM, - INADEQUATE_SECURITY, HTTP_1_1_REQUIRED] - - -def get_data(error_code): - """ - Lookup the error code description, if not available throw a value error - """ - if error_code < 0 or error_code >= len(H2_ERRORS): - raise ValueError("Error code is invalid") - - name = H2_ERRORS[error_code]['Name'] - number = H2_ERRORS[error_code]['Code'] - description = H2_ERRORS[error_code]['Description'] - - return name, number, description diff --git a/tools/third_party/hyper/hyper/http20/exceptions.py b/tools/third_party/hyper/hyper/http20/exceptions.py deleted file mode 100644 index 69e25816fdbc40..00000000000000 --- a/tools/third_party/hyper/hyper/http20/exceptions.py +++ /dev/null @@ -1,50 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http20/exceptions -~~~~~~~~~~~~~~~~~~~~~~~ - -This defines exceptions used in the HTTP/2 portion of hyper. -""" - - -class HTTP20Error(Exception): - """ - The base class for all of ``hyper``'s HTTP/2-related exceptions. - """ - pass - - -class HPACKEncodingError(HTTP20Error): - """ - An error has been encountered while performing HPACK encoding. - """ - pass - - -class HPACKDecodingError(HTTP20Error): - """ - An error has been encountered while performing HPACK decoding. - """ - pass - - -class ConnectionError(HTTP20Error): - """ - The remote party signalled an error affecting the entire HTTP/2 - connection, and the connection has been closed. - """ - pass - - -class ProtocolError(HTTP20Error): - """ - The remote party violated the HTTP/2 protocol. - """ - pass - - -class StreamResetError(HTTP20Error): - """ - A stream was forcefully reset by the remote party. - """ - pass diff --git a/tools/third_party/hyper/hyper/http20/response.py b/tools/third_party/hyper/hyper/http20/response.py deleted file mode 100644 index bb339b2fde3992..00000000000000 --- a/tools/third_party/hyper/hyper/http20/response.py +++ /dev/null @@ -1,228 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http20/response -~~~~~~~~~~~~~~~~~~~~~ - -Contains the HTTP/2 equivalent of the HTTPResponse object defined in -httplib/http.client. -""" -import logging -import zlib - -from ..common.decoder import DeflateDecoder -from ..common.headers import HTTPHeaderMap - -log = logging.getLogger(__name__) - - -def strip_headers(headers): - """ - Strips the headers attached to the instance of any header beginning - with a colon that ``hyper`` doesn't understand. This method logs at - warning level about the deleted headers, for discoverability. - """ - # Convert to list to ensure that we don't mutate the headers while - # we iterate over them. - for name in list(headers.keys()): - if name.startswith(b':'): - del headers[name] - - -class HTTP20Response(object): - """ - An ``HTTP20Response`` wraps the HTTP/2 response from the server. It - provides access to the response headers and the entity body. The response - is an iterable object and can be used in a with statement (though due to - the persistent connections used in HTTP/2 this has no effect, and is done - soley for compatibility). - """ - def __init__(self, headers, stream): - #: The reason phrase returned by the server. This is not used in - #: HTTP/2, and so is always the empty string. - self.reason = '' - - status = headers[b':status'][0] - strip_headers(headers) - - #: The status code returned by the server. - self.status = int(status) - - #: The response headers. These are determined upon creation, assigned - #: once, and never assigned again. - self.headers = headers - - # The response trailers. These are always intially ``None``. - self._trailers = None - - # The stream this response is being sent over. - self._stream = stream - - # We always read in one-data-frame increments from the stream, so we - # may need to buffer some for incomplete reads. - self._data_buffer = b'' - - # This object is used for decompressing gzipped request bodies. Right - # now we only support gzip because that's all the RFC mandates of us. - # Later we'll add support for more encodings. - # This 16 + MAX_WBITS nonsense is to force gzip. See this - # Stack Overflow answer for more: - # http://stackoverflow.com/a/2695466/1401686 - if b'gzip' in self.headers.get(b'content-encoding', []): - self._decompressobj = zlib.decompressobj(16 + zlib.MAX_WBITS) - elif b'deflate' in self.headers.get(b'content-encoding', []): - self._decompressobj = DeflateDecoder() - else: - self._decompressobj = None - - @property - def trailers(self): - """ - Trailers on the HTTP message, if any. - - .. warning:: Note that this property requires that the stream is - totally exhausted. This means that, if you have not - completely read from the stream, all stream data will be - read into memory. - """ - if self._trailers is None: - self._trailers = self._stream.gettrailers() or HTTPHeaderMap() - strip_headers(self._trailers) - - return self._trailers - - def read(self, amt=None, decode_content=True): - """ - Reads the response body, or up to the next ``amt`` bytes. - - :param amt: (optional) The amount of data to read. If not provided, all - the data will be read from the response. - :param decode_content: (optional) If ``True``, will transparently - decode the response data. - :returns: The read data. Note that if ``decode_content`` is set to - ``True``, the actual amount of data returned may be different to - the amount requested. - """ - if amt is not None and amt <= len(self._data_buffer): - data = self._data_buffer[:amt] - self._data_buffer = self._data_buffer[amt:] - response_complete = False - elif amt is not None: - read_amt = amt - len(self._data_buffer) - self._data_buffer += self._stream._read(read_amt) - data = self._data_buffer[:amt] - self._data_buffer = self._data_buffer[amt:] - response_complete = len(data) < amt - else: - data = b''.join([self._data_buffer, self._stream._read()]) - response_complete = True - - # We may need to decode the body. - if decode_content and self._decompressobj and data: - data = self._decompressobj.decompress(data) - - # If we're at the end of the request, we have some cleaning up to do. - # Close the stream, and if necessary flush the buffer. - if response_complete: - if decode_content and self._decompressobj: - data += self._decompressobj.flush() - - if self._stream.response_headers: - self.headers.merge(self._stream.response_headers) - - # We're at the end, close the connection. - if response_complete: - self.close() - - return data - - def read_chunked(self, decode_content=True): - """ - Reads chunked transfer encoded bodies. This method returns a generator: - each iteration of which yields one data frame *unless* the frames - contain compressed data and ``decode_content`` is ``True``, in which - case it yields whatever the decompressor provides for each chunk. - - .. warning:: This may yield the empty string, without that being the - end of the body! - """ - while True: - data = self._stream._read_one_frame() - - if data is None: - break - - if decode_content and self._decompressobj: - data = self._decompressobj.decompress(data) - - yield data - - if decode_content and self._decompressobj: - yield self._decompressobj.flush() - - self.close() - - return - - def fileno(self): - """ - Return the ``fileno`` of the underlying socket. This function is - currently not implemented. - """ - raise NotImplementedError("Not currently implemented.") - - def close(self): - """ - Close the response. In effect this closes the backing HTTP/2 stream. - - :returns: Nothing. - """ - self._stream.close() - - # The following methods implement the context manager protocol. - def __enter__(self): - return self - - def __exit__(self, *args): - self.close() - return False # Never swallow exceptions. - - -class HTTP20Push(object): - """ - Represents a request-response pair sent by the server through the server - push mechanism. - """ - def __init__(self, request_headers, stream): - #: The scheme of the simulated request - self.scheme = request_headers[b':scheme'][0] - #: The method of the simulated request (must be safe and cacheable, - #: e.g. GET) - self.method = request_headers[b':method'][0] - #: The authority of the simulated request (usually host:port) - self.authority = request_headers[b':authority'][0] - #: The path of the simulated request - self.path = request_headers[b':path'][0] - - strip_headers(request_headers) - - #: The headers the server attached to the simulated request. - self.request_headers = request_headers - - self._stream = stream - - def get_response(self): - """ - Get the pushed response provided by the server. - - :returns: A :class:`HTTP20Response ` object - representing the pushed response. - """ - return HTTP20Response(self._stream.getheaders(), self._stream) - - def cancel(self): - """ - Cancel the pushed response and close the stream. - - :returns: Nothing. - """ - self._stream.close(8) # CANCEL diff --git a/tools/third_party/hyper/hyper/http20/stream.py b/tools/third_party/hyper/hyper/http20/stream.py deleted file mode 100644 index f4d9247ed66b0e..00000000000000 --- a/tools/third_party/hyper/hyper/http20/stream.py +++ /dev/null @@ -1,341 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http20/stream -~~~~~~~~~~~~~~~~~~~ - -Objects that make up the stream-level abstraction of hyper's HTTP/2 support. - -These objects are not expected to be part of the public HTTP/2 API: they're -intended purely for use inside hyper's HTTP/2 abstraction. - -Conceptually, a single HTTP/2 connection is made up of many streams: each -stream is an independent, bi-directional sequence of HTTP headers and data. -Each stream is identified by a monotonically increasing integer, assigned to -the stream by the endpoint that initiated the stream. -""" -from ..h2 import exceptions as h2Exceptions - -from ..common.headers import HTTPHeaderMap -from .util import h2_safe_headers -import logging - -log = logging.getLogger(__name__) - -# Define the largest chunk of data we'll send in one go. Realistically, we -# should take the MSS into account but that's pretty dull, so let's just say -# 1kB and call it a day. -MAX_CHUNK = 1024 - - -class Stream(object): - """ - A single HTTP/2 stream. - - A stream is an independent, bi-directional sequence of HTTP headers and - data. Each stream is identified by a single integer. From a HTTP - perspective, a stream _approximately_ matches a single request-response - pair. - """ - def __init__(self, - stream_id, - window_manager, - connection, - send_outstanding_data, - recv_cb, - close_cb): - self.stream_id = stream_id - self.headers = HTTPHeaderMap() - - # Set to a key-value set of the response headers once their - # HEADERS..CONTINUATION frame sequence finishes. - self.response_headers = None - - # Set to a key-value set of the response trailers once their - # HEADERS..CONTINUATION frame sequence finishes. - self.response_trailers = None - - # A dict mapping the promised stream ID of a pushed resource to a - # key-value set of its request headers. Entries are added once their - # PUSH_PROMISE..CONTINUATION frame sequence finishes. - self.promised_headers = {} - - # Unconsumed response data chunks. Empties after every call to _read(). - self.data = [] - - # Whether the remote side has completed the stream. - self.remote_closed = False - - # Whether we have closed the stream. - self.local_closed = False - - # There are two flow control windows: one for data we're sending, - # one for data being sent to us. - self._in_window_manager = window_manager - - # Save off a reference to the state machine wrapped with lock. - self._conn = connection - - # Save off a data callback. - self._send_outstanding_data = send_outstanding_data - self._recv_cb = recv_cb - self._close_cb = close_cb - - def add_header(self, name, value, replace=False): - """ - Adds a single HTTP header to the headers to be sent on the request. - """ - if not replace: - self.headers[name] = value - else: - self.headers.replace(name, value) - - def send_headers(self, end_stream=False): - """ - Sends the complete saved header block on the stream. - """ - headers = self.get_headers() - with self._conn as conn: - conn.send_headers(self.stream_id, headers, end_stream) - self._send_outstanding_data() - - if end_stream: - self.local_closed = True - - def send_data(self, data, final): - """ - Send some data on the stream. If this is the end of the data to be - sent, the ``final`` flag _must_ be set to True. If no data is to be - sent, set ``data`` to ``None``. - """ - # Define a utility iterator for file objects. - def file_iterator(fobj): - while True: - data = fobj.read(MAX_CHUNK) - yield data - if len(data) < MAX_CHUNK: - break - - # Build the appropriate iterator for the data, in chunks of CHUNK_SIZE. - if hasattr(data, 'read'): - chunks = file_iterator(data) - else: - chunks = (data[i:i+MAX_CHUNK] - for i in range(0, len(data), MAX_CHUNK)) - - for chunk in chunks: - self._send_chunk(chunk, final) - - def _read(self, amt=None): - """ - Read data from the stream. Unlike a normal read behaviour, this - function returns _at least_ ``amt`` data, but may return more. - """ - def listlen(list): - return sum(map(len, list)) - - # Keep reading until the stream is closed or we get enough data. - while (not self.remote_closed and - (amt is None or listlen(self.data) < amt)): - self._recv_cb(stream_id=self.stream_id) - - result = b''.join(self.data) - self.data = [] - return result - - def _read_one_frame(self): - """ - Reads a single data frame from the stream and returns it. - """ - # Keep reading until the stream is closed or we have a data frame. - while not self.remote_closed and not self.data: - self._recv_cb(stream_id=self.stream_id) - - try: - return self.data.pop(0) - except IndexError: - return None - - def receive_response(self, event): - """ - Receive response headers. - """ - # TODO: If this is called while we're still sending data, we may want - # to stop sending that data and check the response. Early responses to - # big uploads are almost always a problem. - self.response_headers = HTTPHeaderMap(event.headers) - - def receive_trailers(self, event): - """ - Receive response trailers. - """ - self.response_trailers = HTTPHeaderMap(event.headers) - - def receive_push(self, event): - """ - Receive the request headers for a pushed stream. - """ - self.promised_headers[event.pushed_stream_id] = event.headers - - def receive_data(self, event): - """ - Receive a chunk of data. - """ - size = event.flow_controlled_length - increment = self._in_window_manager._handle_frame(size) - - # Append the data to the buffer. - self.data.append(event.data) - - if increment: - try: - with self._conn as conn: - conn.increment_flow_control_window( - increment, stream_id=self.stream_id - ) - except h2Exceptions.StreamClosedError: - # We haven't got to it yet, but the stream is already - # closed. We don't need to increment the window in this - # case! - pass - else: - self._send_outstanding_data() - - def receive_end_stream(self, event): - """ - All of the data is returned now. - """ - self.remote_closed = True - - def receive_reset(self, event): - """ - Stream forcefully reset. - """ - self.remote_closed = True - self._close_cb(self.stream_id) - - def get_headers(self): - """ - Provides the headers to the connection object. - """ - # Strip any headers invalid in H2. - return h2_safe_headers(self.headers) - - def getheaders(self): - """ - Once all data has been sent on this connection, returns a key-value set - of the headers of the response to the original request. - """ - # Keep reading until all headers are received. - while self.response_headers is None: - self._recv_cb(stream_id=self.stream_id) - - # Find the Content-Length header if present. - self._in_window_manager.document_size = ( - int(self.response_headers.get(b'content-length', [0])[0]) - ) - - return self.response_headers - - def gettrailers(self): - """ - Once all data has been sent on this connection, returns a key-value set - of the trailers of the response to the original request. - - .. warning:: Note that this method requires that the stream is - totally exhausted. This means that, if you have not - completely read from the stream, all stream data will be - read into memory. - - :returns: The key-value set of the trailers, or ``None`` if no trailers - were sent. - """ - # Keep reading until the stream is done. - while not self.remote_closed: - self._recv_cb(stream_id=self.stream_id) - - return self.response_trailers - - def get_pushes(self, capture_all=False): - """ - Returns a generator that yields push promises from the server. Note - that this method is not idempotent; promises returned in one call will - not be returned in subsequent calls. Iterating through generators - returned by multiple calls to this method simultaneously results in - undefined behavior. - - :param capture_all: If ``False``, the generator will yield all buffered - push promises without blocking. If ``True``, the generator will - first yield all buffered push promises, then yield additional ones - as they arrive, and terminate when the original stream closes. - """ - while True: - for pair in self.promised_headers.items(): - yield pair - self.promised_headers = {} - if not capture_all or self.remote_closed: - break - self._recv_cb(stream_id=self.stream_id) - - def close(self, error_code=None): - """ - Closes the stream. If the stream is currently open, attempts to close - it as gracefully as possible. - - :param error_code: (optional) The error code to reset the stream with. - :returns: Nothing. - """ - # FIXME: I think this is overbroad, but for now it's probably ok. - if not (self.remote_closed and self.local_closed): - try: - with self._conn as conn: - conn.reset_stream(self.stream_id, error_code or 0) - except h2Exceptions.ProtocolError: - # If for any reason we can't reset the stream, just - # tolerate it. - pass - else: - self._send_outstanding_data(tolerate_peer_gone=True) - self.remote_closed = True - self.local_closed = True - - self._close_cb(self.stream_id) - - @property - def _out_flow_control_window(self): - """ - The size of our outbound flow control window. - """ - - with self._conn as conn: - return conn.local_flow_control_window(self.stream_id) - - def _send_chunk(self, data, final): - """ - Implements most of the sending logic. - - Takes a single chunk of size at most MAX_CHUNK, wraps it in a frame and - sends it. Optionally sets the END_STREAM flag if this is the last chunk - (determined by being of size less than MAX_CHUNK) and no more data is - to be sent. - """ - # If we don't fit in the connection window, try popping frames off the - # connection in hope that one might be a window update frame. - while len(data) > self._out_flow_control_window: - self._recv_cb() - - # If the length of the data is less than MAX_CHUNK, we're probably - # at the end of the file. If this is the end of the data, mark it - # as END_STREAM. - end_stream = False - if len(data) < MAX_CHUNK and final: - end_stream = True - - # Send the frame and decrement the flow control window. - with self._conn as conn: - conn.send_data( - stream_id=self.stream_id, data=data, end_stream=end_stream - ) - self._send_outstanding_data() - - if end_stream: - self.local_closed = True diff --git a/tools/third_party/hyper/hyper/http20/util.py b/tools/third_party/hyper/hyper/http20/util.py deleted file mode 100644 index b116d095e7f1e1..00000000000000 --- a/tools/third_party/hyper/hyper/http20/util.py +++ /dev/null @@ -1,60 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http20/util -~~~~~~~~~~~~~~~~~ - -Utility functions for use with hyper. -""" -from collections import defaultdict - - -def combine_repeated_headers(kvset): - """ - Given a list of key-value pairs (like for HTTP headers!), combines pairs - with the same key together, separating the values with NULL bytes. This - function maintains the order of input keys, because it's awesome. - """ - def set_pop(set, item): - set.remove(item) - return item - - headers = defaultdict(list) - keys = set() - - for key, value in kvset: - headers[key].append(value) - keys.add(key) - - return [(set_pop(keys, k), b'\x00'.join(headers[k])) for k, v in kvset - if k in keys] - - -def split_repeated_headers(kvset): - """ - Given a set of key-value pairs (like for HTTP headers!), finds values that - have NULL bytes in them and splits them into a dictionary whose values are - lists. - """ - headers = defaultdict(list) - - for key, value in kvset: - headers[key] = value.split(b'\x00') - - return dict(headers) - - -def h2_safe_headers(headers): - """ - This method takes a set of headers that are provided by the user and - transforms them into a form that is safe for emitting over HTTP/2. - - Currently, this strips the Connection header and any header it refers to. - """ - stripped = { - i.lower().strip() - for k, v in headers if k == 'connection' - for i in v.split(',') - } - stripped.add('connection') - - return [header for header in headers if header[0] not in stripped] diff --git a/tools/third_party/hyper/hyper/http20/window.py b/tools/third_party/hyper/hyper/http20/window.py deleted file mode 100644 index a4e13c3c1509fc..00000000000000 --- a/tools/third_party/hyper/hyper/http20/window.py +++ /dev/null @@ -1,154 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http20/window -~~~~~~~~~~~~~~~~~~~ - -Objects that understand flow control in hyper. - -HTTP/2 implements connection- and stream-level flow control. This flow -control is mandatory. Unfortunately, it's difficult for hyper to be -all that intelligent about how it manages flow control in a general case. - -This module defines an interface for pluggable flow-control managers. These -managers will define a flow-control policy. This policy will determine when to -send WINDOWUPDATE frames. -""" - - -class BaseFlowControlManager(object): - """ - The abstract base class for flow control managers. - - This class defines the interface for pluggable flow-control managers. A - flow-control manager defines a flow-control policy, which basically boils - down to deciding when to increase the flow control window. - - This decision can be based on a number of factors: - - - the initial window size, - - the size of the document being retrieved, - - the size of the received data frames, - - any other information the manager can obtain - - A flow-control manager may be defined at the connection level or at the - stream level. If no stream-level flow-control manager is defined, an - instance of the connection-level flow control manager is used. - - A class that inherits from this one must not adjust the member variables - defined in this class. They are updated and set by methods on this class. - """ - def __init__(self, initial_window_size, document_size=None): - #: The initial size of the connection window in bytes. This is set at - #: creation time. - self.initial_window_size = initial_window_size - - #: The current size of the connection window. Any methods overridden - #: by the user must not adjust this value. - self.window_size = initial_window_size - - #: The size of the document being retrieved, in bytes. This is - #: retrieved from the Content-Length header, if provided. Note that - #: the total number of bytes that will be received may be larger than - #: this value due to HTTP/2 padding. It should not be assumed that - #: simply because the the document size is smaller than the initial - #: window size that there will never be a need to increase the window - #: size. - self.document_size = document_size - - def increase_window_size(self, frame_size): - """ - Determine whether or not to emit a WINDOWUPDATE frame. - - This method should be overridden to determine, based on the state of - the system and the size of the received frame, whether or not a - WindowUpdate frame should be sent for the stream. - - This method should *not* adjust any of the member variables of this - class. - - Note that this method is called before the window size is decremented - as a result of the frame being handled. - - :param frame_size: The size of the received frame. Note that this *may* - be zero. When this parameter is zero, it's possible that a - WINDOWUPDATE frame may want to be emitted anyway. A zero-length frame - size is usually associated with a change in the size of the receive - window due to a SETTINGS frame. - :returns: The amount to increase the receive window by. Return zero if - the window should not be increased. - """ - raise NotImplementedError( - "FlowControlManager is an abstract base class" - ) - - def blocked(self): - """ - Called whenever the remote endpoint reports that it is blocked behind - the flow control window. - - When this method is called the remote endpoint is signaling that it - has more data to send and that the transport layer is capable of - transmitting it, but that the HTTP/2 flow control window prevents it - being sent. - - This method should return the size by which the window should be - incremented, which may be zero. This method should *not* adjust any - of the member variables of this class. - - :returns: The amount to increase the receive window by. Return zero if - the window should not be increased. - """ - # TODO: Is this method necessary? - raise NotImplementedError( - "FlowControlManager is an abstract base class" - ) - - def _handle_frame(self, frame_size): - """ - This internal method is called by the connection or stream that owns - the flow control manager. It handles the generic behaviour of flow - control managers: namely, keeping track of the window size. - """ - rc = self.increase_window_size(frame_size) - self.window_size -= frame_size - self.window_size += rc - return rc - - def _blocked(self): - """ - This internal method is called by the connection or stream that owns - the flow control manager. It handles the generic behaviour of receiving - BLOCKED frames. - """ - rc = self.blocked() - self.window_size += rc - return rc - - -class FlowControlManager(BaseFlowControlManager): - """ - ``hyper``'s default flow control manager. - - This implements hyper's flow control algorithms. This algorithm attempts to - reduce the number of WINDOWUPDATE frames we send without blocking the - remote endpoint behind the flow control window. - - This algorithm will become more complicated over time. In the current form, - the algorithm is very simple: - - - When the flow control window gets less than 1/4 of the maximum size, - increment back to the maximum. - - Otherwise, if the flow control window gets to less than 1kB, increment - back to the maximum. - """ - def increase_window_size(self, frame_size): - future_window_size = self.window_size - frame_size - - if ((future_window_size < (self.initial_window_size / 4)) or - (future_window_size < 1000)): - return self.initial_window_size - future_window_size - - return 0 - - def blocked(self): - return self.initial_window_size - self.window_size diff --git a/tools/third_party/hyper/hyper/httplib_compat.py b/tools/third_party/hyper/hyper/httplib_compat.py deleted file mode 100644 index deb07cf65606f7..00000000000000 --- a/tools/third_party/hyper/hyper/httplib_compat.py +++ /dev/null @@ -1,116 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/httplib_compat -~~~~~~~~~~~~~~~~~~~~ - -This file defines the publicly-accessible API for hyper. This API also -constitutes the abstraction layer between HTTP/1.1 and HTTP/2. - -This API doesn't currently work, and is a lower priority than the HTTP/2 -stack at this time. -""" -import socket -try: - import http.client as httplib -except ImportError: - import httplib - -from .compat import ssl -from .http20.tls import wrap_socket - -# If there's no NPN support, we're going to drop all support for HTTP/2. -try: - support_20 = ssl.HAS_NPN -except AttributeError: - support_20 = False - -# The HTTPConnection object is currently always the underlying one. -HTTPConnection = httplib.HTTPConnection -HTTPSConnection = httplib.HTTPSConnection - -# If we have NPN support, define our custom one, otherwise just use the -# default. -if support_20: - class HTTPSConnection(object): - """ - An object representing a single HTTPS connection, whether HTTP/1.1 or - HTTP/2. - - More specifically, this object represents an abstraction over the - distinction. This object encapsulates a connection object for one of - the specific types of connection, and delegates most of the work to - that object. - """ - def __init__(self, *args, **kwargs): - # Whatever arguments and keyword arguments are passed to this - # object need to be saved off for when we initialise one of our - # subsidiary objects. - self._original_args = args - self._original_kwargs = kwargs - - # Set up some variables we're going to use later. - self._sock = None - self._conn = None - - # Prepare our backlog of method calls. - self._call_queue = [] - - def __getattr__(self, name): - # Anything that can't be found on this instance is presumably a - # property of underlying connection object. - # We need to be a little bit careful here. There are a few methods - # that can act on a HTTPSConnection before it actually connects to - # the remote server. We don't want to change the semantics of the, - # HTTPSConnection so we need to spot these and queue them up. When - # we actually create the backing Connection, we'll apply them - # immediately. These methods can't throw exceptions, so we should - # be fine. - delay_methods = ["set_tunnel", "set_debuglevel"] - - if self._conn is None and name in delay_methods: - # Return a little closure that saves off the method call to - # apply later. - def capture(obj, *args, **kwargs): - self._call_queue.append((name, args, kwargs)) - return capture - elif self._conn is None: - # We're being told to do something! We can now connect to the - # remote server and build the connection object. - self._delayed_connect() - - # Call through to the underlying object. - return getattr(self._conn, name) - - def _delayed_connect(self): - """ - Called when we need to work out what kind of HTTPS connection we're - actually going to use. - """ - # Because we're ghetto, we're going to quickly create a - # HTTPConnection object to parse the args and kwargs for us, and - # grab the values out. - tempconn = httplib.HTTPConnection(*self._original_args, - **self._original_kwargs) - host = tempconn.host - port = tempconn.port - timeout = tempconn.timeout - source_address = tempconn.source_address - - # Connect to the remote server. - sock = socket.create_connection( - (host, port), - timeout, - source_address - ) - - # Wrap it in TLS. This needs to be looked at in future when I pull - # in the TLS verification logic from urllib3, but right now we - # accept insecurity because no-one's using this anyway. - sock = wrap_socket(sock, host) - - # At this early stage the library can't do HTTP/2, so who cares? - tempconn.sock = sock - self._sock = sock - self._conn = tempconn - - return diff --git a/tools/third_party/hyper/hyper/packages/__init__.py b/tools/third_party/hyper/hyper/packages/__init__.py deleted file mode 100644 index 4cf1e653149787..00000000000000 --- a/tools/third_party/hyper/hyper/packages/__init__.py +++ /dev/null @@ -1,7 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/packages -~~~~~~~~~~~~~~ - -This module contains external packages that are vendored into hyper. -""" diff --git a/tools/third_party/hyper/hyper/packages/hpack/__init__.py b/tools/third_party/hyper/hyper/packages/hpack/__init__.py deleted file mode 100644 index 98b2e0f95aece9..00000000000000 --- a/tools/third_party/hyper/hyper/packages/hpack/__init__.py +++ /dev/null @@ -1,8 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hpack -~~~~~ - -HTTP/2 header encoding for Python. -""" -__version__ = '1.0.1' diff --git a/tools/third_party/hyper/hyper/packages/hpack/compat.py b/tools/third_party/hyper/hyper/packages/hpack/compat.py deleted file mode 100644 index 03a0768e46a785..00000000000000 --- a/tools/third_party/hyper/hyper/packages/hpack/compat.py +++ /dev/null @@ -1,33 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hpack/compat -~~~~~~~~~~~~ - -Normalizes the Python 2/3 API for internal use. -""" -import sys - - -_ver = sys.version_info -is_py2 = _ver[0] == 2 -is_py3 = _ver[0] == 3 - -if is_py2: - def to_byte(char): - return ord(char) - - def decode_hex(b): - return b.decode('hex') - - unicode = unicode - bytes = str - -elif is_py3: - def to_byte(char): - return char - - def decode_hex(b): - return bytes.fromhex(b) - - unicode = str - bytes = bytes diff --git a/tools/third_party/hyper/hyper/packages/hpack/exceptions.py b/tools/third_party/hyper/hyper/packages/hpack/exceptions.py deleted file mode 100644 index 0dbc4d9f1ddded..00000000000000 --- a/tools/third_party/hyper/hyper/packages/hpack/exceptions.py +++ /dev/null @@ -1,42 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/http20/exceptions -~~~~~~~~~~~~~~~~~~~~~~~ - -This defines exceptions used in the HTTP/2 portion of hyper. -""" - -class HTTP20Error(Exception): - """ - The base class for all of ``hyper``'s HTTP/2-related exceptions. - """ - pass - - -class HPACKEncodingError(HTTP20Error): - """ - An error has been encountered while performing HPACK encoding. - """ - pass - - -class HPACKDecodingError(HTTP20Error): - """ - An error has been encountered while performing HPACK decoding. - """ - pass - - -class ConnectionError(HTTP20Error): - """ - The remote party signalled an error affecting the entire HTTP/2 - connection, and the connection has been closed. - """ - pass - - -class ProtocolError(HTTP20Error): - """ - The remote party violated the HTTP/2 protocol. - """ - pass diff --git a/tools/third_party/hyper/hyper/packages/hpack/hpack.py b/tools/third_party/hyper/hyper/packages/hpack/hpack.py deleted file mode 100644 index c3c5663e42ff6a..00000000000000 --- a/tools/third_party/hyper/hyper/packages/hpack/hpack.py +++ /dev/null @@ -1,662 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hpack/hpack -~~~~~~~~~~~ - -Implements the HPACK header compression algorithm as detailed by the IETF. -""" -import collections -import logging - -from .compat import to_byte -from .huffman import HuffmanDecoder, HuffmanEncoder -from .huffman_constants import ( - REQUEST_CODES, REQUEST_CODES_LENGTH -) - -log = logging.getLogger(__name__) - - -def encode_integer(integer, prefix_bits): - """ - This encodes an integer according to the wacky integer encoding rules - defined in the HPACK spec. - """ - log.debug("Encoding %d with %d bits", integer, prefix_bits) - - max_number = (2 ** prefix_bits) - 1 - - if (integer < max_number): - return bytearray([integer]) # Seriously? - else: - elements = [max_number] - integer = integer - max_number - - while integer >= 128: - elements.append((integer % 128) + 128) - integer = integer // 128 # We need integer division - - elements.append(integer) - - return bytearray(elements) - - -def decode_integer(data, prefix_bits): - """ - This decodes an integer according to the wacky integer encoding rules - defined in the HPACK spec. Returns a tuple of the decoded integer and the - number of bytes that were consumed from ``data`` in order to get that - integer. - """ - multiple = lambda index: 128 ** (index - 1) - max_number = (2 ** prefix_bits) - 1 - mask = 0xFF >> (8 - prefix_bits) - index = 0 - - number = to_byte(data[index]) & mask - - if (number == max_number): - - while True: - index += 1 - next_byte = to_byte(data[index]) - - if next_byte >= 128: - number += (next_byte - 128) * multiple(index) - else: - number += next_byte * multiple(index) - break - - log.debug("Decoded %d, consumed %d bytes", number, index + 1) - - return (number, index + 1) - - -def _to_bytes(string): - """ - Convert string to bytes. - """ - if not isinstance(string, (str, bytes)): # pragma: no cover - string = str(string) - - return string if isinstance(string, bytes) else string.encode('utf-8') - - -def header_table_size(table): - """ - Calculates the 'size' of the header table as defined by the HTTP/2 - specification. - """ - # It's phenomenally frustrating that the specification feels it is able to - # tell me how large the header table is, considering that its calculations - # assume a very particular layout that most implementations will not have. - # I appreciate it's an attempt to prevent DoS attacks by sending lots of - # large headers in the header table, but it seems like a better approach - # would be to limit the size of headers. Ah well. - return sum(32 + len(name) + len(value) for name, value in table) - - -class Encoder(object): - """ - An HPACK encoder object. This object takes HTTP headers and emits encoded - HTTP/2 header blocks. - """ - # This is the static table of header fields. - static_table = [ - (b':authority', b''), - (b':method', b'GET'), - (b':method', b'POST'), - (b':path', b'/'), - (b':path', b'/index.html'), - (b':scheme', b'http'), - (b':scheme', b'https'), - (b':status', b'200'), - (b':status', b'204'), - (b':status', b'206'), - (b':status', b'304'), - (b':status', b'400'), - (b':status', b'404'), - (b':status', b'500'), - (b'accept-charset', b''), - (b'accept-encoding', b'gzip, deflate'), - (b'accept-language', b''), - (b'accept-ranges', b''), - (b'accept', b''), - (b'access-control-allow-origin', b''), - (b'age', b''), - (b'allow', b''), - (b'authorization', b''), - (b'cache-control', b''), - (b'content-disposition', b''), - (b'content-encoding', b''), - (b'content-language', b''), - (b'content-length', b''), - (b'content-location', b''), - (b'content-range', b''), - (b'content-type', b''), - (b'cookie', b''), - (b'date', b''), - (b'etag', b''), - (b'expect', b''), - (b'expires', b''), - (b'from', b''), - (b'host', b''), - (b'if-match', b''), - (b'if-modified-since', b''), - (b'if-none-match', b''), - (b'if-range', b''), - (b'if-unmodified-since', b''), - (b'last-modified', b''), - (b'link', b''), - (b'location', b''), - (b'max-forwards', b''), - (b'proxy-authenticate', b''), - (b'proxy-authorization', b''), - (b'range', b''), - (b'referer', b''), - (b'refresh', b''), - (b'retry-after', b''), - (b'server', b''), - (b'set-cookie', b''), - (b'strict-transport-security', b''), - (b'transfer-encoding', b''), - (b'user-agent', b''), - (b'vary', b''), - (b'via', b''), - (b'www-authenticate', b''), - ] - - def __init__(self): - self.header_table = collections.deque() - self._header_table_size = 4096 # This value set by the standard. - self.huffman_coder = HuffmanEncoder( - REQUEST_CODES, REQUEST_CODES_LENGTH - ) - - # We need to keep track of whether the header table size has been - # changed since we last encoded anything. If it has, we need to signal - # that change in the HPACK block. - self._table_size_changed = False - - @property - def header_table_size(self): - return self._header_table_size - - @header_table_size.setter - def header_table_size(self, value): - log.debug( - "Setting header table size to %d from %d", - value, - self._header_table_size - ) - - # If the new value is larger than the current one, no worries! - # Otherwise, we may need to shrink the header table. - if value < self._header_table_size: - current_size = header_table_size(self.header_table) - - while value < current_size: - header = self.header_table.pop() - n, v = header - current_size -= ( - 32 + len(n) + len(v) - ) - - log.debug( - "Removed %s: %s from the encoder header table", n, v - ) - - if value != self._header_table_size: - self._table_size_changed = True - - self._header_table_size = value - - def encode(self, headers, huffman=True): - """ - Takes a set of headers and encodes them into a HPACK-encoded header - block. - - Transforming the headers into a header block is a procedure that can - be modeled as a chain or pipe. First, the headers are encoded. This - encoding can be done a number of ways. If the header name-value pair - are already in the header table we can represent them using the indexed - representation: the same is true if they are in the static table. - Otherwise, a literal representation will be used. - """ - log.debug("HPACK encoding %s", headers) - header_block = [] - - # Turn the headers into a list of tuples if possible. This is the - # natural way to interact with them in HPACK. - if isinstance(headers, dict): - headers = headers.items() - - # Next, walk across the headers and turn them all into bytestrings. - headers = [(_to_bytes(n), _to_bytes(v)) for n, v in headers] - - # Before we begin, if the header table size has been changed we need - # to signal that appropriately. - if self._table_size_changed: - header_block.append(self._encode_table_size_change()) - self._table_size_changed = False - - # We can now encode each header in the block. - header_block.extend( - (self.add(header, huffman) for header in headers) - ) - - header_block = b''.join(header_block) - - log.debug("Encoded header block to %s", header_block) - - return header_block - - def add(self, to_add, huffman=False): - """ - This function takes a header key-value tuple and serializes it. - """ - log.debug("Adding %s to the header table", to_add) - - name, value = to_add - - # Search for a matching header in the header table. - match = self.matching_header(name, value) - - if match is None: - # Not in the header table. Encode using the literal syntax, - # and add it to the header table. - encoded = self._encode_literal(name, value, True, huffman) - self._add_to_header_table(to_add) - return encoded - - # The header is in the table, break out the values. If we matched - # perfectly, we can use the indexed representation: otherwise we - # can use the indexed literal. - index, perfect = match - - if perfect: - # Indexed representation. - encoded = self._encode_indexed(index) - else: - # Indexed literal. We are going to add header to the - # header table unconditionally. It is a future todo to - # filter out headers which are known to be ineffective for - # indexing since they just take space in the table and - # pushed out other valuable headers. - encoded = self._encode_indexed_literal(index, value, huffman) - self._add_to_header_table(to_add) - - return encoded - - def matching_header(self, name, value): - """ - Scans the header table and the static table. Returns a tuple, where the - first value is the index of the match, and the second is whether there - was a full match or not. Prefers full matches to partial ones. - - Upsettingly, the header table is one-indexed, not zero-indexed. - """ - partial_match = None - static_table_len = len(Encoder.static_table) - - for (i, (n, v)) in enumerate(Encoder.static_table): - if n == name: - if v == value: - return (i + 1, Encoder.static_table[i]) - elif partial_match is None: - partial_match = (i + 1, None) - - for (i, (n, v)) in enumerate(self.header_table): - if n == name: - if v == value: - return (i + static_table_len + 1, self.header_table[i]) - elif partial_match is None: - partial_match = (i + static_table_len + 1, None) - - return partial_match - - def _add_to_header_table(self, header): - """ - Adds a header to the header table, evicting old ones if necessary. - """ - # Be optimistic: add the header straight away. - self.header_table.appendleft(header) - - # Now, work out how big the header table is. - actual_size = header_table_size(self.header_table) - - # Loop and remove whatever we need to. - while actual_size > self.header_table_size: - header = self.header_table.pop() - n, v = header - actual_size -= ( - 32 + len(n) + len(v) - ) - - log.debug("Evicted %s: %s from the header table", n, v) - - def _encode_indexed(self, index): - """ - Encodes a header using the indexed representation. - """ - field = encode_integer(index, 7) - field[0] = field[0] | 0x80 # we set the top bit - return bytes(field) - - def _encode_literal(self, name, value, indexing, huffman=False): - """ - Encodes a header with a literal name and literal value. If ``indexing`` - is True, the header will be added to the header table: otherwise it - will not. - """ - prefix = b'\x40' if indexing else b'\x00' - - if huffman: - name = self.huffman_coder.encode(name) - value = self.huffman_coder.encode(value) - - name_len = encode_integer(len(name), 7) - value_len = encode_integer(len(value), 7) - - if huffman: - name_len[0] |= 0x80 - value_len[0] |= 0x80 - - return b''.join([prefix, bytes(name_len), name, bytes(value_len), value]) - - def _encode_indexed_literal(self, index, value, huffman=False): - """ - Encodes a header with an indexed name and a literal value and performs - incremental indexing. - """ - prefix = encode_integer(index, 6) - prefix[0] |= 0x40 - - if huffman: - value = self.huffman_coder.encode(value) - - value_len = encode_integer(len(value), 7) - - if huffman: - value_len[0] |= 0x80 - - return b''.join([bytes(prefix), bytes(value_len), value]) - - def _encode_table_size_change(self): - """ - Produces the encoded form of a header table size change context update. - """ - size_bytes = encode_integer(self.header_table_size, 5) - size_bytes[0] |= 0x20 - return bytes(size_bytes) - - -class Decoder(object): - """ - An HPACK decoder object. - """ - static_table = [ - (b':authority', b''), - (b':method', b'GET'), - (b':method', b'POST'), - (b':path', b'/'), - (b':path', b'/index.html'), - (b':scheme', b'http'), - (b':scheme', b'https'), - (b':status', b'200'), - (b':status', b'204'), - (b':status', b'206'), - (b':status', b'304'), - (b':status', b'400'), - (b':status', b'404'), - (b':status', b'500'), - (b'accept-charset', b''), - (b'accept-encoding', b'gzip, deflate'), - (b'accept-language', b''), - (b'accept-ranges', b''), - (b'accept', b''), - (b'access-control-allow-origin', b''), - (b'age', b''), - (b'allow', b''), - (b'authorization', b''), - (b'cache-control', b''), - (b'content-disposition', b''), - (b'content-encoding', b''), - (b'content-language', b''), - (b'content-length', b''), - (b'content-location', b''), - (b'content-range', b''), - (b'content-type', b''), - (b'cookie', b''), - (b'date', b''), - (b'etag', b''), - (b'expect', b''), - (b'expires', b''), - (b'from', b''), - (b'host', b''), - (b'if-match', b''), - (b'if-modified-since', b''), - (b'if-none-match', b''), - (b'if-range', b''), - (b'if-unmodified-since', b''), - (b'last-modified', b''), - (b'link', b''), - (b'location', b''), - (b'max-forwards', b''), - (b'proxy-authenticate', b''), - (b'proxy-authorization', b''), - (b'range', b''), - (b'referer', b''), - (b'refresh', b''), - (b'retry-after', b''), - (b'server', b''), - (b'set-cookie', b''), - (b'strict-transport-security', b''), - (b'transfer-encoding', b''), - (b'user-agent', b''), - (b'vary', b''), - (b'via', b''), - (b'www-authenticate', b''), - ] - - def __init__(self): - self.header_table = collections.deque() - self._header_table_size = 4096 # This value set by the standard. - self.huffman_coder = HuffmanDecoder( - REQUEST_CODES, REQUEST_CODES_LENGTH - ) - - @property - def header_table_size(self): - return self._header_table_size - - @header_table_size.setter - def header_table_size(self, value): - log.debug( - "Resizing decoder header table to %d from %d", - value, - self._header_table_size - ) - - # If the new value is larger than the current one, no worries! - # Otherwise, we may need to shrink the header table. - if value < self._header_table_size: - current_size = header_table_size(self.header_table) - - while value < current_size: - header = self.header_table.pop() - n, v = header - current_size -= ( - 32 + len(n) + len(v) - ) - - log.debug("Evicting %s: %s from the header table", n, v) - - self._header_table_size = value - - def decode(self, data): - """ - Takes an HPACK-encoded header block and decodes it into a header set. - """ - log.debug("Decoding %s", data) - - headers = [] - data_len = len(data) - current_index = 0 - - while current_index < data_len: - # Work out what kind of header we're decoding. - # If the high bit is 1, it's an indexed field. - current = to_byte(data[current_index]) - indexed = bool(current & 0x80) - - # Otherwise, if the second-highest bit is 1 it's a field that does - # alter the header table. - literal_index = bool(current & 0x40) - - # Otherwise, if the third-highest bit is 1 it's an encoding context - # update. - encoding_update = bool(current & 0x20) - - if indexed: - header, consumed = self._decode_indexed(data[current_index:]) - elif literal_index: - # It's a literal header that does affect the header table. - header, consumed = self._decode_literal_index( - data[current_index:] - ) - elif encoding_update: - # It's an update to the encoding context. - consumed = self._update_encoding_context(data) - header = None - else: - # It's a literal header that does not affect the header table. - header, consumed = self._decode_literal_no_index( - data[current_index:] - ) - - if header: - headers.append(header) - - current_index += consumed - - return [(n.decode('utf-8'), v.decode('utf-8')) for n, v in headers] - - def _add_to_header_table(self, new_header): - """ - Adds a header to the header table, evicting old ones if necessary. - """ - # Be optimistic: add the header straight away. - self.header_table.appendleft(new_header) - - # Now, work out how big the header table is. - actual_size = header_table_size(self.header_table) - - # Loop and remove whatever we need to. - while actual_size > self.header_table_size: - header = self.header_table.pop() - n, v = header - actual_size -= ( - 32 + len(n) + len(v) - ) - - log.debug("Evicting %s: %s from the header table", n, v) - - def _update_encoding_context(self, data): - """ - Handles a byte that updates the encoding context. - """ - # We've been asked to resize the header table. - new_size, consumed = decode_integer(data, 5) - self.header_table_size = new_size - return consumed - - def _decode_indexed(self, data): - """ - Decodes a header represented using the indexed representation. - """ - index, consumed = decode_integer(data, 7) - index -= 1 # Because this idiot table is 1-indexed. Ugh. - - if index >= len(Decoder.static_table): - index -= len(Decoder.static_table) - header = self.header_table[index] - else: - header = Decoder.static_table[index] - - log.debug("Decoded %s, consumed %d", header, consumed) - return header, consumed - - def _decode_literal_no_index(self, data): - return self._decode_literal(data, False) - - def _decode_literal_index(self, data): - return self._decode_literal(data, True) - - def _decode_literal(self, data, should_index): - """ - Decodes a header represented with a literal. - """ - total_consumed = 0 - - # When should_index is true, if the low six bits of the first byte are - # nonzero, the header name is indexed. - # When should_index is false, if the low four bits of the first byte - # are nonzero the header name is indexed. - if should_index: - indexed_name = to_byte(data[0]) & 0x3F - name_len = 6 - else: - indexed_name = to_byte(data[0]) & 0x0F - name_len = 4 - - if indexed_name: - # Indexed header name. - index, consumed = decode_integer(data, name_len) - index -= 1 - - if index >= len(Decoder.static_table): - index -= len(Decoder.static_table) - name = self.header_table[index][0] - else: - name = Decoder.static_table[index][0] - - total_consumed = consumed - length = 0 - else: - # Literal header name. The first byte was consumed, so we need to - # move forward. - data = data[1:] - - length, consumed = decode_integer(data, 7) - name = data[consumed:consumed + length] - - if to_byte(data[0]) & 0x80: - name = self.huffman_coder.decode(name) - total_consumed = consumed + length + 1 # Since we moved forward 1. - - data = data[consumed + length:] - - # The header value is definitely length-based. - length, consumed = decode_integer(data, 7) - value = data[consumed:consumed + length] - - if to_byte(data[0]) & 0x80: - value = self.huffman_coder.decode(value) - - # Updated the total consumed length. - total_consumed += length + consumed - - # If we've been asked to index this, add it to the header table. - header = (name, value) - if should_index: - self._add_to_header_table(header) - - log.debug( - "Decoded %s, total consumed %d bytes, indexed %s", - header, - total_consumed, - should_index - ) - - return header, total_consumed diff --git a/tools/third_party/hyper/hyper/packages/hpack/hpack_compat.py b/tools/third_party/hyper/hyper/packages/hpack/hpack_compat.py deleted file mode 100644 index 87918d7b00e0d0..00000000000000 --- a/tools/third_party/hyper/hyper/packages/hpack/hpack_compat.py +++ /dev/null @@ -1,107 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hpack/hpack_compat -~~~~~~~~~~~~~~~~~~ - -Provides an abstraction layer over two HPACK implementations. - -This module has a pure-Python greenfield HPACK implementation that can be used -on all Python platforms. However, this implementation is both slower and more -memory-hungry than could be achieved with a C-language version. Additionally, -nghttp2's HPACK implementation currently achieves better compression ratios -than hyper's in almost all benchmarks. - -For those who care about efficiency and speed in HPACK, this module allows you -to use nghttp2's HPACK implementation instead of ours. This module detects -whether the nghttp2 bindings are installed, and if they are it wraps them in -a hpack-compatible API and uses them instead of its own. If not, it falls back -to the built-in Python bindings. -""" -import logging -from .hpack import _to_bytes - -log = logging.getLogger(__name__) - -# Attempt to import nghttp2. -try: - import nghttp2 - USE_NGHTTP2 = True - log.debug("Using nghttp2's HPACK implementation.") -except ImportError: - USE_NGHTTP2 = False - log.debug("Using our pure-Python HPACK implementation.") - -if USE_NGHTTP2: - class Encoder(object): - """ - An HPACK encoder object. This object takes HTTP headers and emits - encoded HTTP/2 header blocks. - """ - def __init__(self): - self._e = nghttp2.HDDeflater() - - @property - def header_table_size(self): - """ - Returns the header table size. For the moment this isn't - useful, so we don't use it. - """ - raise NotImplementedError() - - @header_table_size.setter - def header_table_size(self, value): - log.debug("Setting header table size to %d", value) - self._e.change_table_size(value) - - def encode(self, headers, huffman=True): - """ - Encode the headers. The huffman parameter has no effect, it is - simply present for compatibility. - """ - log.debug("HPACK encoding %s", headers) - - # Turn the headers into a list of tuples if possible. This is the - # natural way to interact with them in HPACK. - if isinstance(headers, dict): - headers = headers.items() - - # Next, walk across the headers and turn them all into bytestrings. - headers = [(_to_bytes(n), _to_bytes(v)) for n, v in headers] - - # Now, let nghttp2 do its thing. - header_block = self._e.deflate(headers) - - return header_block - - class Decoder(object): - """ - An HPACK decoder object. - """ - def __init__(self): - self._d = nghttp2.HDInflater() - - @property - def header_table_size(self): - """ - Returns the header table size. For the moment this isn't - useful, so we don't use it. - """ - raise NotImplementedError() - - @header_table_size.setter - def header_table_size(self, value): - log.debug("Setting header table size to %d", value) - self._d.change_table_size(value) - - def decode(self, data): - """ - Takes an HPACK-encoded header block and decodes it into a header - set. - """ - log.debug("Decoding %s", data) - - headers = self._d.inflate(data) - return [(n.decode('utf-8'), v.decode('utf-8')) for n, v in headers] -else: - # Grab the built-in encoder and decoder. - from .hpack import Encoder, Decoder diff --git a/tools/third_party/hyper/hyper/packages/hpack/huffman.py b/tools/third_party/hyper/hyper/packages/hpack/huffman.py deleted file mode 100644 index c8aa276ef5cfa8..00000000000000 --- a/tools/third_party/hyper/hyper/packages/hpack/huffman.py +++ /dev/null @@ -1,136 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hpack/huffman_decoder -~~~~~~~~~~~~~~~~~~~~~ - -An implementation of a bitwise prefix tree specially built for decoding -Huffman-coded content where we already know the Huffman table. -""" -from .compat import to_byte, decode_hex -from .exceptions import HPACKDecodingError - -def _pad_binary(bin_str, req_len=8): - """ - Given a binary string (returned by bin()), pad it to a full byte length. - """ - bin_str = bin_str[2:] # Strip the 0b prefix - return max(0, req_len - len(bin_str)) * '0' + bin_str - -def _hex_to_bin_str(hex_string): - """ - Given a Python bytestring, returns a string representing those bytes in - unicode form. - """ - unpadded_bin_string_list = (bin(to_byte(c)) for c in hex_string) - padded_bin_string_list = map(_pad_binary, unpadded_bin_string_list) - bitwise_message = "".join(padded_bin_string_list) - return bitwise_message - - -class HuffmanDecoder(object): - """ - Decodes a Huffman-coded bytestream according to the Huffman table laid out - in the HPACK specification. - """ - class _Node(object): - def __init__(self, data): - self.data = data - self.mapping = {} - - def __init__(self, huffman_code_list, huffman_code_list_lengths): - self.root = self._Node(None) - for index, (huffman_code, code_length) in enumerate(zip(huffman_code_list, huffman_code_list_lengths)): - self._insert(huffman_code, code_length, index) - - def _insert(self, hex_number, hex_length, letter): - """ - Inserts a Huffman code point into the tree. - """ - hex_number = _pad_binary(bin(hex_number), hex_length) - cur_node = self.root - for digit in hex_number: - if digit not in cur_node.mapping: - cur_node.mapping[digit] = self._Node(None) - cur_node = cur_node.mapping[digit] - cur_node.data = letter - - def decode(self, encoded_string): - """ - Decode the given Huffman coded string. - """ - number = _hex_to_bin_str(encoded_string) - cur_node = self.root - decoded_message = bytearray() - - try: - for digit in number: - cur_node = cur_node.mapping[digit] - if cur_node.data is not None: - # If we get EOS, everything else is padding. - if cur_node.data == 256: - break - - decoded_message.append(cur_node.data) - cur_node = self.root - except KeyError: - # We have a Huffman-coded string that doesn't match our trie. This - # is pretty bad: raise a useful exception. - raise HPACKDecodingError("Invalid Huffman-coded string received.") - return bytes(decoded_message) - - -class HuffmanEncoder(object): - """ - Encodes a string according to the Huffman encoding table defined in the - HPACK specification. - """ - def __init__(self, huffman_code_list, huffman_code_list_lengths): - self.huffman_code_list = huffman_code_list - self.huffman_code_list_lengths = huffman_code_list_lengths - - def encode(self, bytes_to_encode): - """ - Given a string of bytes, encodes them according to the HPACK Huffman - specification. - """ - # If handed the empty string, just immediately return. - if not bytes_to_encode: - return b'' - - final_num = 0 - final_int_len = 0 - - # Turn each byte into its huffman code. These codes aren't necessarily - # octet aligned, so keep track of how far through an octet we are. To - # handle this cleanly, just use a single giant integer. - for char in bytes_to_encode: - byte = to_byte(char) - bin_int_len = self.huffman_code_list_lengths[byte] - bin_int = self.huffman_code_list[byte] & (2 ** (bin_int_len + 1) - 1) - final_num <<= bin_int_len - final_num |= bin_int - final_int_len += bin_int_len - - # Pad out to an octet with ones. - bits_to_be_padded = (8 - (final_int_len % 8)) % 8 - final_num <<= bits_to_be_padded - final_num |= (1 << (bits_to_be_padded)) - 1 - - # Convert the number to hex and strip off the leading '0x' and the - # trailing 'L', if present. - final_num = hex(final_num)[2:].rstrip('L') - - # If this is odd, prepend a zero. - final_num = '0' + final_num if len(final_num) % 2 != 0 else final_num - - # This number should have twice as many digits as bytes. If not, we're - # missing some leading zeroes. Work out how many bytes we want and how - # many digits we have, then add the missing zero digits to the front. - total_bytes = (final_int_len + bits_to_be_padded) // 8 - expected_digits = total_bytes * 2 - - if len(final_num) != expected_digits: - missing_digits = expected_digits - len(final_num) - final_num = ('0' * missing_digits) + final_num - - return decode_hex(final_num) diff --git a/tools/third_party/hyper/hyper/packages/hpack/huffman_constants.py b/tools/third_party/hyper/hyper/packages/hpack/huffman_constants.py deleted file mode 100644 index c2b3bb283e8ff6..00000000000000 --- a/tools/third_party/hyper/hyper/packages/hpack/huffman_constants.py +++ /dev/null @@ -1,288 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hpack/huffman_constants -~~~~~~~~~~~~~~~~~~~~~~~ - -Defines the constant Huffman table. This takes up an upsetting amount of space, -but c'est la vie. -""" - -REQUEST_CODES = [ - 0x1ff8, - 0x7fffd8, - 0xfffffe2, - 0xfffffe3, - 0xfffffe4, - 0xfffffe5, - 0xfffffe6, - 0xfffffe7, - 0xfffffe8, - 0xffffea, - 0x3ffffffc, - 0xfffffe9, - 0xfffffea, - 0x3ffffffd, - 0xfffffeb, - 0xfffffec, - 0xfffffed, - 0xfffffee, - 0xfffffef, - 0xffffff0, - 0xffffff1, - 0xffffff2, - 0x3ffffffe, - 0xffffff3, - 0xffffff4, - 0xffffff5, - 0xffffff6, - 0xffffff7, - 0xffffff8, - 0xffffff9, - 0xffffffa, - 0xffffffb, - 0x14, - 0x3f8, - 0x3f9, - 0xffa, - 0x1ff9, - 0x15, - 0xf8, - 0x7fa, - 0x3fa, - 0x3fb, - 0xf9, - 0x7fb, - 0xfa, - 0x16, - 0x17, - 0x18, - 0x0, - 0x1, - 0x2, - 0x19, - 0x1a, - 0x1b, - 0x1c, - 0x1d, - 0x1e, - 0x1f, - 0x5c, - 0xfb, - 0x7ffc, - 0x20, - 0xffb, - 0x3fc, - 0x1ffa, - 0x21, - 0x5d, - 0x5e, - 0x5f, - 0x60, - 0x61, - 0x62, - 0x63, - 0x64, - 0x65, - 0x66, - 0x67, - 0x68, - 0x69, - 0x6a, - 0x6b, - 0x6c, - 0x6d, - 0x6e, - 0x6f, - 0x70, - 0x71, - 0x72, - 0xfc, - 0x73, - 0xfd, - 0x1ffb, - 0x7fff0, - 0x1ffc, - 0x3ffc, - 0x22, - 0x7ffd, - 0x3, - 0x23, - 0x4, - 0x24, - 0x5, - 0x25, - 0x26, - 0x27, - 0x6, - 0x74, - 0x75, - 0x28, - 0x29, - 0x2a, - 0x7, - 0x2b, - 0x76, - 0x2c, - 0x8, - 0x9, - 0x2d, - 0x77, - 0x78, - 0x79, - 0x7a, - 0x7b, - 0x7ffe, - 0x7fc, - 0x3ffd, - 0x1ffd, - 0xffffffc, - 0xfffe6, - 0x3fffd2, - 0xfffe7, - 0xfffe8, - 0x3fffd3, - 0x3fffd4, - 0x3fffd5, - 0x7fffd9, - 0x3fffd6, - 0x7fffda, - 0x7fffdb, - 0x7fffdc, - 0x7fffdd, - 0x7fffde, - 0xffffeb, - 0x7fffdf, - 0xffffec, - 0xffffed, - 0x3fffd7, - 0x7fffe0, - 0xffffee, - 0x7fffe1, - 0x7fffe2, - 0x7fffe3, - 0x7fffe4, - 0x1fffdc, - 0x3fffd8, - 0x7fffe5, - 0x3fffd9, - 0x7fffe6, - 0x7fffe7, - 0xffffef, - 0x3fffda, - 0x1fffdd, - 0xfffe9, - 0x3fffdb, - 0x3fffdc, - 0x7fffe8, - 0x7fffe9, - 0x1fffde, - 0x7fffea, - 0x3fffdd, - 0x3fffde, - 0xfffff0, - 0x1fffdf, - 0x3fffdf, - 0x7fffeb, - 0x7fffec, - 0x1fffe0, - 0x1fffe1, - 0x3fffe0, - 0x1fffe2, - 0x7fffed, - 0x3fffe1, - 0x7fffee, - 0x7fffef, - 0xfffea, - 0x3fffe2, - 0x3fffe3, - 0x3fffe4, - 0x7ffff0, - 0x3fffe5, - 0x3fffe6, - 0x7ffff1, - 0x3ffffe0, - 0x3ffffe1, - 0xfffeb, - 0x7fff1, - 0x3fffe7, - 0x7ffff2, - 0x3fffe8, - 0x1ffffec, - 0x3ffffe2, - 0x3ffffe3, - 0x3ffffe4, - 0x7ffffde, - 0x7ffffdf, - 0x3ffffe5, - 0xfffff1, - 0x1ffffed, - 0x7fff2, - 0x1fffe3, - 0x3ffffe6, - 0x7ffffe0, - 0x7ffffe1, - 0x3ffffe7, - 0x7ffffe2, - 0xfffff2, - 0x1fffe4, - 0x1fffe5, - 0x3ffffe8, - 0x3ffffe9, - 0xffffffd, - 0x7ffffe3, - 0x7ffffe4, - 0x7ffffe5, - 0xfffec, - 0xfffff3, - 0xfffed, - 0x1fffe6, - 0x3fffe9, - 0x1fffe7, - 0x1fffe8, - 0x7ffff3, - 0x3fffea, - 0x3fffeb, - 0x1ffffee, - 0x1ffffef, - 0xfffff4, - 0xfffff5, - 0x3ffffea, - 0x7ffff4, - 0x3ffffeb, - 0x7ffffe6, - 0x3ffffec, - 0x3ffffed, - 0x7ffffe7, - 0x7ffffe8, - 0x7ffffe9, - 0x7ffffea, - 0x7ffffeb, - 0xffffffe, - 0x7ffffec, - 0x7ffffed, - 0x7ffffee, - 0x7ffffef, - 0x7fffff0, - 0x3ffffee, - 0x3fffffff, -] - -REQUEST_CODES_LENGTH = [ - 13, 23, 28, 28, 28, 28, 28, 28, 28, 24, 30, 28, 28, 30, 28, 28, - 28, 28, 28, 28, 28, 28, 30, 28, 28, 28, 28, 28, 28, 28, 28, 28, - 6, 10, 10, 12, 13, 6, 8, 11, 10, 10, 8, 11, 8, 6, 6, 6, - 5, 5, 5, 6, 6, 6, 6, 6, 6, 6, 7, 8, 15, 6, 12, 10, - 13, 6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 8, 7, 8, 13, 19, 13, 14, 6, - 15, 5, 6, 5, 6, 5, 6, 6, 6, 5, 7, 7, 6, 6, 6, 5, - 6, 7, 6, 5, 5, 6, 7, 7, 7, 7, 7, 15, 11, 14, 13, 28, - 20, 22, 20, 20, 22, 22, 22, 23, 22, 23, 23, 23, 23, 23, 24, 23, - 24, 24, 22, 23, 24, 23, 23, 23, 23, 21, 22, 23, 22, 23, 23, 24, - 22, 21, 20, 22, 22, 23, 23, 21, 23, 22, 22, 24, 21, 22, 23, 23, - 21, 21, 22, 21, 23, 22, 23, 23, 20, 22, 22, 22, 23, 22, 22, 23, - 26, 26, 20, 19, 22, 23, 22, 25, 26, 26, 26, 27, 27, 26, 24, 25, - 19, 21, 26, 27, 27, 26, 27, 24, 21, 21, 26, 26, 28, 27, 27, 27, - 20, 24, 20, 21, 22, 21, 21, 23, 22, 22, 25, 25, 24, 24, 26, 23, - 26, 27, 26, 26, 27, 27, 27, 27, 27, 28, 27, 27, 27, 27, 27, 26, - 30, -] diff --git a/tools/third_party/hyper/hyper/packages/hyperframe/__init__.py b/tools/third_party/hyper/hyper/packages/hyperframe/__init__.py deleted file mode 100644 index 9b6a84e721d68c..00000000000000 --- a/tools/third_party/hyper/hyper/packages/hyperframe/__init__.py +++ /dev/null @@ -1,8 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyperframe -~~~~~~~~~~ - -A module for providing a pure-Python HTTP/2 framing layer. -""" -__version__ = '2.1.0' diff --git a/tools/third_party/hyper/hyper/packages/hyperframe/flags.py b/tools/third_party/hyper/hyper/packages/hyperframe/flags.py deleted file mode 100644 index e8f6300566db44..00000000000000 --- a/tools/third_party/hyper/hyper/packages/hyperframe/flags.py +++ /dev/null @@ -1,40 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyperframe/flags -~~~~~~~~~~~~~~~~ - -Defines basic Flag and Flags data structures. -""" -import collections - - -Flag = collections.namedtuple("Flag", ["name", "bit"]) - - -class Flags(collections.MutableSet): - """ - A simple MutableSet implementation that will only accept known flags as elements. - - Will behave like a regular set(), except that a ValueError will be thrown when .add()ing - unexpected flags. - """ - def __init__(self, defined_flags): - self._valid_flags = set(flag.name for flag in defined_flags) - self._flags = set() - - def __contains__(self, x): - return self._flags.__contains__(x) - - def __iter__(self): - return self._flags.__iter__() - - def __len__(self): - return self._flags.__len__() - - def discard(self, value): - return self._flags.discard(value) - - def add(self, value): - if value not in self._valid_flags: - raise ValueError("Unexpected flag: {}".format(value)) - return self._flags.add(value) diff --git a/tools/third_party/hyper/hyper/packages/hyperframe/frame.py b/tools/third_party/hyper/hyper/packages/hyperframe/frame.py deleted file mode 100644 index 22e20031177d0f..00000000000000 --- a/tools/third_party/hyper/hyper/packages/hyperframe/frame.py +++ /dev/null @@ -1,625 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyperframe/frame -~~~~~~~~~~~~~~~~ - -Defines framing logic for HTTP/2. Provides both classes to represent framed -data and logic for aiding the connection when it comes to reading from the -socket. -""" -import collections -import struct - -from .flags import Flag, Flags - -# The maximum initial length of a frame. Some frames have shorter maximum lengths. -FRAME_MAX_LEN = (2 ** 14) - -# The maximum allowed length of a frame. -FRAME_MAX_ALLOWED_LEN = (2 ** 24) - 1 - - -class Frame(object): - """ - The base class for all HTTP/2 frames. - """ - # The flags defined on this type of frame. - defined_flags = [] - - # The type of the frame. - type = None - - # If 'has-stream', the frame's stream_id must be non-zero. If 'no-stream', - # it must be zero. If 'either', it's not checked. - stream_association = None - - def __init__(self, stream_id, flags=()): - self.stream_id = stream_id - self.flags = Flags(self.defined_flags) - self.body_len = 0 - - for flag in flags: - self.flags.add(flag) - - if self.stream_association == 'has-stream' and not self.stream_id: - raise ValueError('Stream ID must be non-zero') - if self.stream_association == 'no-stream' and self.stream_id: - raise ValueError('Stream ID must be zero') - - def __repr__(self): - flags = ", ".join(self.flags) or "None" - body = self.serialize_body() - if len(body) > 100: - body = str(body[:100]) + "..." - return ( - "{type}(Stream: {stream}; Flags: {flags}): {body}" - ).format(type=type(self).__name__, stream=self.stream_id, flags=flags, body=body) - - @staticmethod - def parse_frame_header(header): - """ - Takes a 9-byte frame header and returns a tuple of the appropriate - Frame object and the length that needs to be read from the socket. - """ - fields = struct.unpack("!HBBBL", header) - # First 24 bits are frame length. - length = (fields[0] << 8) + fields[1] - type = fields[2] - flags = fields[3] - stream_id = fields[4] - - if type not in FRAMES: - raise ValueError("Unknown frame type %d" % type) - - frame = FRAMES[type](stream_id) - frame.parse_flags(flags) - return (frame, length) - - def parse_flags(self, flag_byte): - for flag, flag_bit in self.defined_flags: - if flag_byte & flag_bit: - self.flags.add(flag) - - return self.flags - - def serialize(self): - body = self.serialize_body() - self.body_len = len(body) - - # Build the common frame header. - # First, get the flags. - flags = 0 - - for flag, flag_bit in self.defined_flags: - if flag in self.flags: - flags |= flag_bit - - header = struct.pack( - "!HBBBL", - (self.body_len & 0xFFFF00) >> 8, # Length is spread over top 24 bits - self.body_len & 0x0000FF, - self.type, - flags, - self.stream_id & 0x7FFFFFFF # Stream ID is 32 bits. - ) - - return header + body - - def serialize_body(self): - raise NotImplementedError() - - def parse_body(self, data): - raise NotImplementedError() - - -class Padding(object): - """ - Mixin for frames that contain padding. - """ - def __init__(self, stream_id, pad_length=0, **kwargs): - super(Padding, self).__init__(stream_id, **kwargs) - - self.pad_length = pad_length - - - def serialize_padding_data(self): - if 'PADDED' in self.flags: - return struct.pack('!B', self.pad_length) - return b'' - - def parse_padding_data(self, data): - if 'PADDED' in self.flags: - self.pad_length = struct.unpack('!B', data[:1])[0] - return 1 - return 0 - - @property - def total_padding(self): - """Return the total length of the padding, if any.""" - return self.pad_length - - -class Priority(object): - """ - Mixin for frames that contain priority data. - """ - def __init__(self, stream_id, depends_on=None, stream_weight=None, exclusive=None, **kwargs): - super(Priority, self).__init__(stream_id, **kwargs) - - # The stream ID of the stream on which this stream depends. - self.depends_on = depends_on - - # The weight of the stream. This is an integer between 0 and 256. - self.stream_weight = stream_weight - - # Whether the exclusive bit was set. - self.exclusive = exclusive - - def serialize_priority_data(self): - return struct.pack( - "!LB", - self.depends_on | (int(self.exclusive) << 31), - self.stream_weight - ) - - def parse_priority_data(self, data): - MASK = 0x80000000 - self.depends_on, self.stream_weight = struct.unpack( - "!LB", data[:5] - ) - self.exclusive = bool(self.depends_on & MASK) - self.depends_on &= ~MASK - return 5 - - -class DataFrame(Padding, Frame): - """ - DATA frames convey arbitrary, variable-length sequences of octets - associated with a stream. One or more DATA frames are used, for instance, - to carry HTTP request or response payloads. - """ - defined_flags = [ - Flag('END_STREAM', 0x01), - Flag('PADDED', 0x08), - ] - - type = 0x0 - - stream_association = 'has-stream' - - def __init__(self, stream_id, data=b'', **kwargs): - super(DataFrame, self).__init__(stream_id, **kwargs) - - self.data = data - - def serialize_body(self): - padding_data = self.serialize_padding_data() - padding = b'\0' * self.total_padding - return b''.join([padding_data, self.data, padding]) - - def parse_body(self, data): - padding_data_length = self.parse_padding_data(data) - self.data = data[padding_data_length:len(data)-self.total_padding].tobytes() - self.body_len = len(data) - - @property - def flow_controlled_length(self): - """ - If the frame is padded we need to include the padding length byte in - the flow control used. - """ - padding_len = self.total_padding + 1 if self.total_padding else 0 - return len(self.data) + padding_len - - -class PriorityFrame(Priority, Frame): - """ - The PRIORITY frame specifies the sender-advised priority of a stream. It - can be sent at any time for an existing stream. This enables - reprioritisation of existing streams. - """ - defined_flags = [] - - type = 0x02 - - stream_association = 'has-stream' - - def serialize_body(self): - return self.serialize_priority_data() - - def parse_body(self, data): - self.parse_priority_data(data) - self.body_len = len(data) - - -class RstStreamFrame(Frame): - """ - The RST_STREAM frame allows for abnormal termination of a stream. When sent - by the initiator of a stream, it indicates that they wish to cancel the - stream or that an error condition has occurred. When sent by the receiver - of a stream, it indicates that either the receiver is rejecting the stream, - requesting that the stream be cancelled or that an error condition has - occurred. - """ - defined_flags = [] - - type = 0x03 - - stream_association = 'has-stream' - - def __init__(self, stream_id, error_code=0, **kwargs): - super(RstStreamFrame, self).__init__(stream_id, **kwargs) - - self.error_code = error_code - - def serialize_body(self): - return struct.pack("!L", self.error_code) - - def parse_body(self, data): - if len(data) != 4: - raise ValueError() - - self.error_code = struct.unpack("!L", data)[0] - self.body_len = len(data) - - -class SettingsFrame(Frame): - """ - The SETTINGS frame conveys configuration parameters that affect how - endpoints communicate. The parameters are either constraints on peer - behavior or preferences. - - Settings are not negotiated. Settings describe characteristics of the - sending peer, which are used by the receiving peer. Different values for - the same setting can be advertised by each peer. For example, a client - might set a high initial flow control window, whereas a server might set a - lower value to conserve resources. - """ - defined_flags = [Flag('ACK', 0x01)] - - type = 0x04 - - stream_association = 'no-stream' - - # We need to define the known settings, they may as well be class - # attributes. - HEADER_TABLE_SIZE = 0x01 - ENABLE_PUSH = 0x02 - MAX_CONCURRENT_STREAMS = 0x03 - INITIAL_WINDOW_SIZE = 0x04 - SETTINGS_MAX_FRAME_SIZE = 0x05 - SETTINGS_MAX_HEADER_LIST_SIZE = 0x06 - - def __init__(self, stream_id=0, settings=None, **kwargs): - super(SettingsFrame, self).__init__(stream_id, **kwargs) - - if settings and "ACK" in kwargs.get("flags", ()): - raise ValueError("Settings must be empty if ACK flag is set.") - - # A dictionary of the setting type byte to the value. - self.settings = settings or {} - - def serialize_body(self): - settings = [struct.pack("!HL", setting & 0xFF, value) - for setting, value in self.settings.items()] - return b''.join(settings) - - def parse_body(self, data): - for i in range(0, len(data), 6): - name, value = struct.unpack("!HL", data[i:i+6]) - self.settings[name] = value - - self.body_len = len(data) - - -class PushPromiseFrame(Padding, Frame): - """ - The PUSH_PROMISE frame is used to notify the peer endpoint in advance of - streams the sender intends to initiate. - """ - defined_flags = [ - Flag('END_HEADERS', 0x04), - Flag('PADDED', 0x08) - ] - - type = 0x05 - - stream_association = 'has-stream' - - def __init__(self, stream_id, promised_stream_id=0, data=b'', **kwargs): - super(PushPromiseFrame, self).__init__(stream_id, **kwargs) - - self.promised_stream_id = promised_stream_id - self.data = data - - def serialize_body(self): - padding_data = self.serialize_padding_data() - padding = b'\0' * self.total_padding - data = struct.pack("!L", self.promised_stream_id) - return b''.join([padding_data, data, self.data, padding]) - - def parse_body(self, data): - padding_data_length = self.parse_padding_data(data) - self.promised_stream_id = struct.unpack("!L", data[padding_data_length:padding_data_length + 4])[0] - self.data = data[padding_data_length + 4:].tobytes() - self.body_len = len(data) - - -class PingFrame(Frame): - """ - The PING frame is a mechanism for measuring a minimal round-trip time from - the sender, as well as determining whether an idle connection is still - functional. PING frames can be sent from any endpoint. - """ - defined_flags = [Flag('ACK', 0x01)] - - type = 0x06 - - stream_association = 'no-stream' - - def __init__(self, stream_id=0, opaque_data=b'', **kwargs): - super(PingFrame, self).__init__(stream_id, **kwargs) - - self.opaque_data = opaque_data - - def serialize_body(self): - if len(self.opaque_data) > 8: - raise ValueError() - - data = self.opaque_data - data += b'\x00' * (8 - len(self.opaque_data)) - return data - - def parse_body(self, data): - if len(data) > 8: - raise ValueError() - - self.opaque_data = data.tobytes() - self.body_len = len(data) - - -class GoAwayFrame(Frame): - """ - The GOAWAY frame informs the remote peer to stop creating streams on this - connection. It can be sent from the client or the server. Once sent, the - sender will ignore frames sent on new streams for the remainder of the - connection. - """ - type = 0x07 - - stream_association = 'no-stream' - - def __init__(self, stream_id=0, last_stream_id=0, error_code=0, additional_data=b'', **kwargs): - super(GoAwayFrame, self).__init__(stream_id, **kwargs) - - self.last_stream_id = last_stream_id - self.error_code = error_code - self.additional_data = additional_data - - def serialize_body(self): - data = struct.pack( - "!LL", - self.last_stream_id & 0x7FFFFFFF, - self.error_code - ) - data += self.additional_data - - return data - - def parse_body(self, data): - self.last_stream_id, self.error_code = struct.unpack("!LL", data[:8]) - self.body_len = len(data) - - if len(data) > 8: - self.additional_data = data[8:].tobytes() - - -class WindowUpdateFrame(Frame): - """ - The WINDOW_UPDATE frame is used to implement flow control. - - Flow control operates at two levels: on each individual stream and on the - entire connection. - - Both types of flow control are hop by hop; that is, only between the two - endpoints. Intermediaries do not forward WINDOW_UPDATE frames between - dependent connections. However, throttling of data transfer by any receiver - can indirectly cause the propagation of flow control information toward the - original sender. - """ - type = 0x08 - - stream_association = 'either' - - def __init__(self, stream_id, window_increment=0, **kwargs): - super(WindowUpdateFrame, self).__init__(stream_id, **kwargs) - - self.window_increment = window_increment - - def serialize_body(self): - return struct.pack("!L", self.window_increment & 0x7FFFFFFF) - - def parse_body(self, data): - self.window_increment = struct.unpack("!L", data)[0] - self.body_len = len(data) - - -class HeadersFrame(Padding, Priority, Frame): - """ - The HEADERS frame carries name-value pairs. It is used to open a stream. - HEADERS frames can be sent on a stream in the "open" or "half closed - (remote)" states. - - The HeadersFrame class is actually basically a data frame in this - implementation, because of the requirement to control the sizes of frames. - A header block fragment that doesn't fit in an entire HEADERS frame needs - to be followed with CONTINUATION frames. From the perspective of the frame - building code the header block is an opaque data segment. - """ - type = 0x01 - - stream_association = 'has-stream' - - defined_flags = [ - Flag('END_STREAM', 0x01), - Flag('END_HEADERS', 0x04), - Flag('PADDED', 0x08), - Flag('PRIORITY', 0x20), - ] - - def __init__(self, stream_id, data=b'', **kwargs): - super(HeadersFrame, self).__init__(stream_id, **kwargs) - - self.data = data - - def serialize_body(self): - padding_data = self.serialize_padding_data() - padding = b'\0' * self.total_padding - - if 'PRIORITY' in self.flags: - priority_data = self.serialize_priority_data() - else: - priority_data = b'' - - return b''.join([padding_data, priority_data, self.data, padding]) - - def parse_body(self, data): - padding_data_length = self.parse_padding_data(data) - data = data[padding_data_length:] - - if 'PRIORITY' in self.flags: - priority_data_length = self.parse_priority_data(data) - else: - priority_data_length = 0 - - self.body_len = len(data) - self.data = data[priority_data_length:len(data)-self.total_padding].tobytes() - - -class ContinuationFrame(Frame): - """ - The CONTINUATION frame is used to continue a sequence of header block - fragments. Any number of CONTINUATION frames can be sent on an existing - stream, as long as the preceding frame on the same stream is one of - HEADERS, PUSH_PROMISE or CONTINUATION without the END_HEADERS flag set. - - Much like the HEADERS frame, hyper treats this as an opaque data frame with - different flags and a different type. - """ - type = 0x09 - - stream_association = 'has-stream' - - defined_flags = [Flag('END_HEADERS', 0x04),] - - def __init__(self, stream_id, data=b'', **kwargs): - super(ContinuationFrame, self).__init__(stream_id, **kwargs) - - self.data = data - - def serialize_body(self): - return self.data - - def parse_body(self, data): - self.data = data.tobytes() - self.body_len = len(data) - - -Origin = collections.namedtuple('Origin', ['scheme', 'host', 'port']) - - -class AltSvcFrame(Frame): - """ - The ALTSVC frame is used to advertise alternate services that the current - host, or a different one, can understand. - """ - type = 0xA - - stream_association = 'no-stream' - - def __init__(self, stream_id=0, host=b'', port=0, protocol_id=b'', max_age=0, origin=None, **kwargs): - super(AltSvcFrame, self).__init__(stream_id, **kwargs) - - self.host = host - self.port = port - self.protocol_id = protocol_id - self.max_age = max_age - self.origin = origin - - def serialize_origin(self): - if self.origin is not None: - if self.origin.port is None: - hostport = self.origin.host - else: - hostport = self.origin.host + b':' + str(self.origin.port).encode('ascii') - return self.origin.scheme + b'://' + hostport - return b'' - - def parse_origin(self, data): - if len(data) > 0: - data = data.tobytes() - scheme, hostport = data.split(b'://') - host, _, port = hostport.partition(b':') - self.origin = Origin(scheme=scheme, host=host, - port=int(port) if len(port) > 0 else None) - - def serialize_body(self): - first = struct.pack("!LHxB", self.max_age, self.port, len(self.protocol_id)) - host_length = struct.pack("!B", len(self.host)) - return b''.join([first, self.protocol_id, host_length, self.host, - self.serialize_origin()]) - - def parse_body(self, data): - self.body_len = len(data) - self.max_age, self.port, protocol_id_length = struct.unpack("!LHxB", data[:8]) - pos = 8 - self.protocol_id = data[pos:pos+protocol_id_length].tobytes() - pos += protocol_id_length - host_length = struct.unpack("!B", data[pos:pos+1])[0] - pos += 1 - self.host = data[pos:pos+host_length].tobytes() - pos += host_length - self.parse_origin(data[pos:]) - - -class BlockedFrame(Frame): - """ - The BLOCKED frame indicates that the sender is unable to send data due to a - closed flow control window. - - The BLOCKED frame is used to provide feedback about the performance of flow - control for the purposes of performance tuning and debugging. The BLOCKED - frame can be sent by a peer when flow controlled data cannot be sent due to - the connection- or stream-level flow control. This frame MUST NOT be sent - if there are other reasons preventing data from being sent, either a lack - of available data, or the underlying transport being blocked. - """ - type = 0x0B - - stream_association = 'both' - - defined_flags = [] - - def serialize_body(self): - return b'' - - def parse_body(self, data): - pass - - -# A map of type byte to frame class. -_FRAME_CLASSES = [ - DataFrame, - HeadersFrame, - PriorityFrame, - RstStreamFrame, - SettingsFrame, - PushPromiseFrame, - PingFrame, - GoAwayFrame, - WindowUpdateFrame, - ContinuationFrame, - AltSvcFrame, - BlockedFrame -] -FRAMES = {cls.type: cls for cls in _FRAME_CLASSES} diff --git a/tools/third_party/hyper/hyper/packages/rfc3986/LICENSE b/tools/third_party/hyper/hyper/packages/rfc3986/LICENSE deleted file mode 100644 index 72ce24cf02822e..00000000000000 --- a/tools/third_party/hyper/hyper/packages/rfc3986/LICENSE +++ /dev/null @@ -1,13 +0,0 @@ -Copyright 2014 Ian Cordasco, Rackspace - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/tools/third_party/hyper/hyper/packages/rfc3986/__init__.py b/tools/third_party/hyper/hyper/packages/rfc3986/__init__.py deleted file mode 100644 index a3aea4c4da2c1b..00000000000000 --- a/tools/third_party/hyper/hyper/packages/rfc3986/__init__.py +++ /dev/null @@ -1,45 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright (c) 2014 Rackspace -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" -rfc3986 -======= - -An implementation of semantics and validations described in RFC 3986. See -http://rfc3986.rtfd.org/ for documentation. - -:copyright: (c) 2014 Rackspace -:license: Apache v2.0, see LICENSE for details -""" - -__title__ = 'rfc3986' -__author__ = 'Ian Cordasco' -__author_email__ = 'ian.cordasco@rackspace.com' -__license__ = 'Apache v2.0' -__copyright__ = 'Copyright 2014 Rackspace' -__version__ = '0.3.0' - -from .api import (URIReference, uri_reference, is_valid_uri, normalize_uri, - urlparse) -from .parseresult import ParseResult - -__all__ = ( - 'ParseResult', - 'URIReference', - 'is_valid_uri', - 'normalize_uri', - 'uri_reference', - 'urlparse', -) diff --git a/tools/third_party/hyper/hyper/packages/rfc3986/api.py b/tools/third_party/hyper/hyper/packages/rfc3986/api.py deleted file mode 100644 index 3e9e401aebaf5a..00000000000000 --- a/tools/third_party/hyper/hyper/packages/rfc3986/api.py +++ /dev/null @@ -1,92 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright (c) 2014 Rackspace -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. -""" -rfc3986.api -~~~~~~~~~~~ - -This defines the simple API to rfc3986. This module defines 3 functions and -provides access to the class ``URIReference``. -""" - -from .uri import URIReference -from .parseresult import ParseResult - - -def uri_reference(uri, encoding='utf-8'): - """Parse a URI string into a URIReference. - - This is a convenience function. You could achieve the same end by using - ``URIReference.from_string(uri)``. - - :param str uri: The URI which needs to be parsed into a reference. - :param str encoding: The encoding of the string provided - :returns: A parsed URI - :rtype: :class:`URIReference` - """ - return URIReference.from_string(uri, encoding) - - -def is_valid_uri(uri, encoding='utf-8', **kwargs): - """Determine if the URI given is valid. - - This is a convenience function. You could use either - ``uri_reference(uri).is_valid()`` or - ``URIReference.from_string(uri).is_valid()`` to achieve the same result. - - :param str uri: The URI to be validated. - :param str encoding: The encoding of the string provided - :param bool require_scheme: Set to ``True`` if you wish to require the - presence of the scheme component. - :param bool require_authority: Set to ``True`` if you wish to require the - presence of the authority component. - :param bool require_path: Set to ``True`` if you wish to require the - presence of the path component. - :param bool require_query: Set to ``True`` if you wish to require the - presence of the query component. - :param bool require_fragment: Set to ``True`` if you wish to require the - presence of the fragment component. - :returns: ``True`` if the URI is valid, ``False`` otherwise. - :rtype: bool - """ - return URIReference.from_string(uri, encoding).is_valid(**kwargs) - - -def normalize_uri(uri, encoding='utf-8'): - """Normalize the given URI. - - This is a convenience function. You could use either - ``uri_reference(uri).normalize().unsplit()`` or - ``URIReference.from_string(uri).normalize().unsplit()`` instead. - - :param str uri: The URI to be normalized. - :param str encoding: The encoding of the string provided - :returns: The normalized URI. - :rtype: str - """ - normalized_reference = URIReference.from_string(uri, encoding).normalize() - return normalized_reference.unsplit() - - -def urlparse(uri, encoding='utf-8'): - """Parse a given URI and return a ParseResult. - - This is a partial replacement of the standard library's urlparse function. - - :param str uri: The URI to be parsed. - :param str encoding: The encoding of the string provided. - :returns: A parsed URI - :rtype: :class:`~rfc3986.parseresult.ParseResult` - """ - return ParseResult.from_string(uri, encoding, strict=False) diff --git a/tools/third_party/hyper/hyper/packages/rfc3986/compat.py b/tools/third_party/hyper/hyper/packages/rfc3986/compat.py deleted file mode 100644 index 6fc7f6d808d270..00000000000000 --- a/tools/third_party/hyper/hyper/packages/rfc3986/compat.py +++ /dev/null @@ -1,31 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright (c) 2014 Rackspace -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. -import sys - - -if sys.version_info >= (3, 0): - unicode = str # Python 3.x - - -def to_str(b, encoding): - if hasattr(b, 'decode') and not isinstance(b, unicode): - b = b.decode('utf-8') - return b - - -def to_bytes(s, encoding): - if hasattr(s, 'encode') and not isinstance(s, bytes): - s = s.encode('utf-8') - return s diff --git a/tools/third_party/hyper/hyper/packages/rfc3986/exceptions.py b/tools/third_party/hyper/hyper/packages/rfc3986/exceptions.py deleted file mode 100644 index f9adbde718aa29..00000000000000 --- a/tools/third_party/hyper/hyper/packages/rfc3986/exceptions.py +++ /dev/null @@ -1,21 +0,0 @@ -# -*- coding: utf-8 -*- -class RFC3986Exception(Exception): - pass - - -class InvalidAuthority(RFC3986Exception): - def __init__(self, authority): - super(InvalidAuthority, self).__init__( - "The authority ({0}) is not valid.".format(authority)) - - -class InvalidPort(RFC3986Exception): - def __init__(self, port): - super(InvalidPort, self).__init__( - 'The port ("{0}") is not valid.'.format(port)) - - -class ResolutionError(RFC3986Exception): - def __init__(self, uri): - super(ResolutionError, self).__init__( - "{0} is not an absolute URI.".format(uri.unsplit())) diff --git a/tools/third_party/hyper/hyper/packages/rfc3986/misc.py b/tools/third_party/hyper/hyper/packages/rfc3986/misc.py deleted file mode 100644 index c599434cde10cf..00000000000000 --- a/tools/third_party/hyper/hyper/packages/rfc3986/misc.py +++ /dev/null @@ -1,214 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright (c) 2014 Rackspace -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. -""" -rfc3986.misc -~~~~~~~~~~~~ - -This module contains important constants, patterns, and compiled regular -expressions for parsing and validating URIs and their components. -""" - -import re - -# These are enumerated for the named tuple used as a superclass of -# URIReference -URI_COMPONENTS = ['scheme', 'authority', 'path', 'query', 'fragment'] - -important_characters = { - 'generic_delimiters': ":/?#[]@", - 'sub_delimiters': "!$&'()*+,;=", - # We need to escape the '*' in this case - 're_sub_delimiters': "!$&'()\*+,;=", - 'unreserved_chars': ('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' - '0123456789._~-'), - # We need to escape the '-' in this case: - 're_unreserved': 'A-Za-z0-9._~\-', - } -# For details about delimiters and reserved characters, see: -# http://tools.ietf.org/html/rfc3986#section-2.2 -GENERIC_DELIMITERS = set(important_characters['generic_delimiters']) -SUB_DELIMITERS = set(important_characters['sub_delimiters']) -RESERVED_CHARS = GENERIC_DELIMITERS.union(SUB_DELIMITERS) -# For details about unreserved characters, see: -# http://tools.ietf.org/html/rfc3986#section-2.3 -UNRESERVED_CHARS = set(important_characters['unreserved_chars']) -NON_PCT_ENCODED = RESERVED_CHARS.union(UNRESERVED_CHARS).union('%') - -# Extracted from http://tools.ietf.org/html/rfc3986#appendix-B -component_pattern_dict = { - 'scheme': '[^:/?#]+', - 'authority': '[^/?#]*', - 'path': '[^?#]*', - 'query': '[^#]*', - 'fragment': '.*', - } - -# See http://tools.ietf.org/html/rfc3986#appendix-B -# In this case, we name each of the important matches so we can use -# SRE_Match#groupdict to parse the values out if we so choose. This is also -# modified to ignore other matches that are not important to the parsing of -# the reference so we can also simply use SRE_Match#groups. -expression = ('(?:(?P{scheme}):)?(?://(?P{authority}))?' - '(?P{path})(?:\?(?P{query}))?' - '(?:#(?P{fragment}))?' - ).format(**component_pattern_dict) - -URI_MATCHER = re.compile(expression) - -# ######################### -# Authority Matcher Section -# ######################### - -# Host patterns, see: http://tools.ietf.org/html/rfc3986#section-3.2.2 -# The pattern for a regular name, e.g., www.google.com, api.github.com -reg_name = '(({0})*|[{1}]*)'.format( - '%[0-9A-Fa-f]{2}', - important_characters['re_sub_delimiters'] + - important_characters['re_unreserved'] - ) -# The pattern for an IPv4 address, e.g., 192.168.255.255, 127.0.0.1, -ipv4 = '(\d{1,3}.){3}\d{1,3}' -# Hexadecimal characters used in each piece of an IPv6 address -hexdig = '[0-9A-Fa-f]{1,4}' -# Least-significant 32 bits of an IPv6 address -ls32 = '({hex}:{hex}|{ipv4})'.format(hex=hexdig, ipv4=ipv4) -# Substitutions into the following patterns for IPv6 patterns defined -# http://tools.ietf.org/html/rfc3986#page-20 -subs = {'hex': hexdig, 'ls32': ls32} - -# Below: h16 = hexdig, see: https://tools.ietf.org/html/rfc5234 for details -# about ABNF (Augmented Backus-Naur Form) use in the comments -variations = [ - # 6( h16 ":" ) ls32 - '(%(hex)s:){6}%(ls32)s' % subs, - # "::" 5( h16 ":" ) ls32 - '::(%(hex)s:){5}%(ls32)s' % subs, - # [ h16 ] "::" 4( h16 ":" ) ls32 - '(%(hex)s)?::(%(hex)s:){4}%(ls32)s' % subs, - # [ *1( h16 ":" ) h16 ] "::" 3( h16 ":" ) ls32 - '((%(hex)s:)?%(hex)s)?::(%(hex)s:){3}%(ls32)s' % subs, - # [ *2( h16 ":" ) h16 ] "::" 2( h16 ":" ) ls32 - '((%(hex)s:){0,2}%(hex)s)?::(%(hex)s:){2}%(ls32)s' % subs, - # [ *3( h16 ":" ) h16 ] "::" h16 ":" ls32 - '((%(hex)s:){0,3}%(hex)s)?::%(hex)s:%(ls32)s' % subs, - # [ *4( h16 ":" ) h16 ] "::" ls32 - '((%(hex)s:){0,4}%(hex)s)?::%(ls32)s' % subs, - # [ *5( h16 ":" ) h16 ] "::" h16 - '((%(hex)s:){0,5}%(hex)s)?::%(hex)s' % subs, - # [ *6( h16 ":" ) h16 ] "::" - '((%(hex)s:){0,6}%(hex)s)?::' % subs, - ] - -ipv6 = '(({0})|({1})|({2})|({3})|({4})|({5})|({6})|({7}))'.format(*variations) - -ipv_future = 'v[0-9A-Fa-f]+.[%s]+' % ( - important_characters['re_unreserved'] + - important_characters['re_sub_delimiters'] + - ':') - -ip_literal = '\[({0}|{1})\]'.format(ipv6, ipv_future) - -# Pattern for matching the host piece of the authority -HOST_PATTERN = '({0}|{1}|{2})'.format(reg_name, ipv4, ip_literal) - -SUBAUTHORITY_MATCHER = re.compile(( - '^(?:(?P[A-Za-z0-9_.~\-%:]+)@)?' # userinfo - '(?P{0}?)' # host - ':?(?P\d+)?$' # port - ).format(HOST_PATTERN)) - -IPv4_MATCHER = re.compile('^' + ipv4 + '$') - - -# #################### -# Path Matcher Section -# #################### - -# See http://tools.ietf.org/html/rfc3986#section-3.3 for more information -# about the path patterns defined below. - -# Percent encoded character values -pct_encoded = '%[A-Fa-f0-9]{2}' -pchar = ('([' + important_characters['re_unreserved'] - + important_characters['re_sub_delimiters'] - + ':@]|%s)' % pct_encoded) -segments = { - 'segment': pchar + '*', - # Non-zero length segment - 'segment-nz': pchar + '+', - # Non-zero length segment without ":" - 'segment-nz-nc': pchar.replace(':', '') + '+' - } - -# Path types taken from Section 3.3 (linked above) -path_empty = '^$' -path_rootless = '%(segment-nz)s(/%(segment)s)*' % segments -path_noscheme = '%(segment-nz-nc)s(/%(segment)s)*' % segments -path_absolute = '/(%s)?' % path_rootless -path_abempty = '(/%(segment)s)*' % segments - -# Matcher used to validate path components -PATH_MATCHER = re.compile('^(%s|%s|%s|%s|%s)$' % ( - path_abempty, path_absolute, path_noscheme, path_rootless, path_empty - )) - - -# ################################## -# Query and Fragment Matcher Section -# ################################## - -QUERY_MATCHER = re.compile( - '^([/?:@' + important_characters['re_unreserved'] - + important_characters['re_sub_delimiters'] - + ']|%s)*$' % pct_encoded) - -FRAGMENT_MATCHER = QUERY_MATCHER - -# Scheme validation, see: http://tools.ietf.org/html/rfc3986#section-3.1 -SCHEME_MATCHER = re.compile('^[A-Za-z][A-Za-z0-9+.\-]*$') - -# Relative reference matcher - -# See http://tools.ietf.org/html/rfc3986#section-4.2 for details -relative_part = '(//%s%s|%s|%s|%s)' % ( - component_pattern_dict['authority'], path_abempty, path_absolute, - path_noscheme, path_empty - ) - -RELATIVE_REF_MATCHER = re.compile('^%s(\?%s)?(#%s)?$' % ( - relative_part, QUERY_MATCHER.pattern, FRAGMENT_MATCHER.pattern - )) - -# See http://tools.ietf.org/html/rfc3986#section-3 for definition -hier_part = '(//%s%s|%s|%s|%s)' % ( - component_pattern_dict['authority'], path_abempty, path_absolute, - path_rootless, path_empty - ) - -# See http://tools.ietf.org/html/rfc3986#section-4.3 -ABSOLUTE_URI_MATCHER = re.compile('^%s:%s(\?%s)?$' % ( - component_pattern_dict['scheme'], hier_part, QUERY_MATCHER.pattern[1:-1] - )) - - -# Path merger as defined in http://tools.ietf.org/html/rfc3986#section-5.2.3 -def merge_paths(base_uri, relative_path): - """Merge a base URI's path with a relative URI's path.""" - if base_uri.path is None and base_uri.authority is not None: - return '/' + relative_path - else: - path = base_uri.path or '' - index = path.rfind('/') - return path[:index] + '/' + relative_path diff --git a/tools/third_party/hyper/hyper/packages/rfc3986/normalizers.py b/tools/third_party/hyper/hyper/packages/rfc3986/normalizers.py deleted file mode 100644 index bb0630cb3264fe..00000000000000 --- a/tools/third_party/hyper/hyper/packages/rfc3986/normalizers.py +++ /dev/null @@ -1,115 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright (c) 2014 Rackspace -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. -import re - -from .compat import to_bytes -from .misc import NON_PCT_ENCODED - - -def normalize_scheme(scheme): - return scheme.lower() - - -def normalize_authority(authority): - userinfo, host, port = authority - result = '' - if userinfo: - result += normalize_percent_characters(userinfo) + '@' - if host: - result += host.lower() - if port: - result += ':' + port - return result - - -def normalize_path(path): - if not path: - return path - - path = normalize_percent_characters(path) - return remove_dot_segments(path) - - -def normalize_query(query): - return normalize_percent_characters(query) - - -def normalize_fragment(fragment): - return normalize_percent_characters(fragment) - - -PERCENT_MATCHER = re.compile('%[A-Fa-f0-9]{2}') - - -def normalize_percent_characters(s): - """All percent characters should be upper-cased. - - For example, ``"%3afoo%DF%ab"`` should be turned into ``"%3Afoo%DF%AB"``. - """ - matches = set(PERCENT_MATCHER.findall(s)) - for m in matches: - if not m.isupper(): - s = s.replace(m, m.upper()) - return s - - -def remove_dot_segments(s): - # See http://tools.ietf.org/html/rfc3986#section-5.2.4 for pseudo-code - segments = s.split('/') # Turn the path into a list of segments - output = [] # Initialize the variable to use to store output - - for segment in segments: - # '.' is the current directory, so ignore it, it is superfluous - if segment == '.': - continue - # Anything other than '..', should be appended to the output - elif segment != '..': - output.append(segment) - # In this case segment == '..', if we can, we should pop the last - # element - elif output: - output.pop() - - # If the path starts with '/' and the output is empty or the first string - # is non-empty - if s.startswith('/') and (not output or output[0]): - output.insert(0, '') - - # If the path starts with '/.' or '/..' ensure we add one more empty - # string to add a trailing '/' - if s.endswith(('/.', '/..')): - output.append('') - - return '/'.join(output) - - -def encode_component(uri_component, encoding): - if uri_component is None: - return uri_component - - uri_bytes = to_bytes(uri_component, encoding) - - encoded_uri = bytearray() - - for i in range(0, len(uri_bytes)): - # Will return a single character bytestring on both Python 2 & 3 - byte = uri_bytes[i:i+1] - byte_ord = ord(byte) - if byte_ord < 128 and byte.decode() in NON_PCT_ENCODED: - encoded_uri.extend(byte) - continue - encoded_uri.extend('%{0:02x}'.format(byte_ord).encode()) - - return encoded_uri.decode(encoding) diff --git a/tools/third_party/hyper/hyper/packages/rfc3986/parseresult.py b/tools/third_party/hyper/hyper/packages/rfc3986/parseresult.py deleted file mode 100644 index 2def55b636ffb9..00000000000000 --- a/tools/third_party/hyper/hyper/packages/rfc3986/parseresult.py +++ /dev/null @@ -1,303 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright (c) 2015 Ian Cordasco -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. -from collections import namedtuple - -from . import compat -from . import exceptions -from . import normalizers -from . import uri - -__all__ = ('ParseResult', 'ParseResultBytes') - -PARSED_COMPONENTS = ('scheme', 'userinfo', 'host', 'port', 'path', 'query', - 'fragment') - - -class ParseResultMixin(object): - def _generate_authority(self, attributes): - # I swear I did not align the comparisons below. That's just how they - # happened to align based on pep8 and attribute lengths. - userinfo, host, port = (attributes[p] - for p in ('userinfo', 'host', 'port')) - if (self.userinfo != userinfo or - self.host != host or - self.port != port): - if port: - port = '{0}'.format(port) - return normalizers.normalize_authority( - (compat.to_str(userinfo, self.encoding), - compat.to_str(host, self.encoding), - port) - ) - return self.authority - - def geturl(self): - """Standard library shim to the unsplit method.""" - return self.unsplit() - - @property - def hostname(self): - """Standard library shim for the host portion of the URI.""" - return self.host - - @property - def netloc(self): - """Standard library shim for the authority portion of the URI.""" - return self.authority - - @property - def params(self): - """Standard library shim for the query portion of the URI.""" - return self.query - - -class ParseResult(namedtuple('ParseResult', PARSED_COMPONENTS), - ParseResultMixin): - slots = () - - def __new__(cls, scheme, userinfo, host, port, path, query, fragment, - uri_ref, encoding='utf-8'): - parse_result = super(ParseResult, cls).__new__( - cls, - scheme or None, - userinfo or None, - host, - port or None, - path or None, - query or None, - fragment or None) - parse_result.encoding = encoding - parse_result.reference = uri_ref - return parse_result - - @classmethod - def from_string(cls, uri_string, encoding='utf-8', strict=True): - """Parse a URI from the given unicode URI string. - - :param str uri_string: Unicode URI to be parsed into a reference. - :param str encoding: The encoding of the string provided - :param bool strict: Parse strictly according to :rfc:`3986` if True. - If False, parse similarly to the standard library's urlparse - function. - :returns: :class:`ParseResult` or subclass thereof - """ - reference = uri.URIReference.from_string(uri_string, encoding) - try: - subauthority = reference.authority_info() - except exceptions.InvalidAuthority: - if strict: - raise - userinfo, host, port = split_authority(reference.authority) - else: - # Thanks to Richard Barrell for this idea: - # https://twitter.com/0x2ba22e11/status/617338811975139328 - userinfo, host, port = (subauthority.get(p) - for p in ('userinfo', 'host', 'port')) - - if port: - try: - port = int(port) - except ValueError: - raise exceptions.InvalidPort(port) - - return cls(scheme=reference.scheme, - userinfo=userinfo, - host=host, - port=port, - path=reference.path, - query=reference.query, - fragment=reference.fragment, - uri_ref=reference, - encoding=encoding) - - @property - def authority(self): - """Normalized authority generated from the subauthority parts.""" - return self.reference.authority - - def copy_with(self, scheme=None, userinfo=None, host=None, port=None, - path=None, query=None, fragment=None): - attributes = zip(PARSED_COMPONENTS, - (scheme, userinfo, host, port, path, query, fragment)) - attrs_dict = {} - for name, value in attributes: - if value is None: - value = getattr(self, name) - attrs_dict[name] = value - authority = self._generate_authority(attrs_dict) - ref = self.reference.copy_with(scheme=attrs_dict['scheme'], - authority=authority, - path=attrs_dict['path'], - query=attrs_dict['query'], - fragment=attrs_dict['fragment']) - return ParseResult(uri_ref=ref, encoding=self.encoding, **attrs_dict) - - def encode(self, encoding=None): - encoding = encoding or self.encoding - attrs = dict( - zip(PARSED_COMPONENTS, - (attr.encode(encoding) if hasattr(attr, 'encode') else attr - for attr in self))) - return ParseResultBytes( - uri_ref=self.reference, - encoding=encoding, - **attrs - ) - - def unsplit(self, use_idna=False): - """Create a URI string from the components. - - :returns: The parsed URI reconstituted as a string. - :rtype: str - """ - parse_result = self - if use_idna and self.host: - hostbytes = self.host.encode('idna') - host = hostbytes.decode(self.encoding) - parse_result = self.copy_with(host=host) - return parse_result.reference.unsplit() - - -class ParseResultBytes(namedtuple('ParseResultBytes', PARSED_COMPONENTS), - ParseResultMixin): - def __new__(cls, scheme, userinfo, host, port, path, query, fragment, - uri_ref, encoding='utf-8'): - parse_result = super(ParseResultBytes, cls).__new__( - cls, - scheme or None, - userinfo or None, - host, - port or None, - path or None, - query or None, - fragment or None) - parse_result.encoding = encoding - parse_result.reference = uri_ref - return parse_result - - @classmethod - def from_string(cls, uri_string, encoding='utf-8', strict=True): - """Parse a URI from the given unicode URI string. - - :param str uri_string: Unicode URI to be parsed into a reference. - :param str encoding: The encoding of the string provided - :param bool strict: Parse strictly according to :rfc:`3986` if True. - If False, parse similarly to the standard library's urlparse - function. - :returns: :class:`ParseResultBytes` or subclass thereof - """ - reference = uri.URIReference.from_string(uri_string, encoding) - try: - subauthority = reference.authority_info() - except exceptions.InvalidAuthority: - if strict: - raise - userinfo, host, port = split_authority(reference.authority) - else: - # Thanks to Richard Barrell for this idea: - # https://twitter.com/0x2ba22e11/status/617338811975139328 - userinfo, host, port = (subauthority.get(p) - for p in ('userinfo', 'host', 'port')) - - if port: - try: - port = int(port) - except ValueError: - raise exceptions.InvalidPort(port) - - to_bytes = compat.to_bytes - return cls(scheme=to_bytes(reference.scheme, encoding), - userinfo=to_bytes(userinfo, encoding), - host=to_bytes(host, encoding), - port=port, - path=to_bytes(reference.path, encoding), - query=to_bytes(reference.query, encoding), - fragment=to_bytes(reference.fragment, encoding), - uri_ref=reference, - encoding=encoding) - - @property - def authority(self): - """Normalized authority generated from the subauthority parts.""" - return self.reference.authority.encode(self.encoding) - - def copy_with(self, scheme=None, userinfo=None, host=None, port=None, - path=None, query=None, fragment=None): - attributes = zip(PARSED_COMPONENTS, - (scheme, userinfo, host, port, path, query, fragment)) - attrs_dict = {} - for name, value in attributes: - if value is None: - value = getattr(self, name) - if not isinstance(value, bytes) and hasattr(value, 'encode'): - value = value.encode(self.encoding) - attrs_dict[name] = value - authority = self._generate_authority(attrs_dict) - to_str = compat.to_str - ref = self.reference.copy_with( - scheme=to_str(attrs_dict['scheme'], self.encoding), - authority=authority, - path=to_str(attrs_dict['path'], self.encoding), - query=to_str(attrs_dict['query'], self.encoding), - fragment=to_str(attrs_dict['fragment'], self.encoding) - ) - return ParseResultBytes( - uri_ref=ref, - encoding=self.encoding, - **attrs_dict - ) - - def unsplit(self, use_idna=False): - """Create a URI bytes object from the components. - - :returns: The parsed URI reconstituted as a string. - :rtype: bytes - """ - parse_result = self - if use_idna and self.host: - # self.host is bytes, to encode to idna, we need to decode it - # first - host = self.host.decode(self.encoding) - hostbytes = host.encode('idna') - parse_result = self.copy_with(host=hostbytes) - uri = parse_result.reference.unsplit() - return uri.encode(self.encoding) - - -def split_authority(authority): - # Initialize our expected return values - userinfo = host = port = None - # Initialize an extra var we may need to use - extra_host = None - # Set-up rest in case there is no userinfo portion - rest = authority - - if '@' in authority: - userinfo, rest = authority.rsplit('@', 1) - - # Handle IPv6 host addresses - if rest.startswith('['): - host, rest = rest.split(']', 1) - host += ']' - - if ':' in rest: - extra_host, port = rest.split(':', 1) - elif not host and rest: - host = rest - - if extra_host and not host: - host = extra_host - - return userinfo, host, port diff --git a/tools/third_party/hyper/hyper/packages/rfc3986/uri.py b/tools/third_party/hyper/hyper/packages/rfc3986/uri.py deleted file mode 100644 index b7f5ccb79ca60b..00000000000000 --- a/tools/third_party/hyper/hyper/packages/rfc3986/uri.py +++ /dev/null @@ -1,385 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright (c) 2014 Rackspace -# Copyright (c) 2015 Ian Cordasco -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. -from collections import namedtuple - -from .compat import to_str -from .exceptions import InvalidAuthority, ResolutionError -from .misc import ( - ABSOLUTE_URI_MATCHER, FRAGMENT_MATCHER, IPv4_MATCHER, PATH_MATCHER, - QUERY_MATCHER, SCHEME_MATCHER, SUBAUTHORITY_MATCHER, URI_MATCHER, - URI_COMPONENTS, merge_paths - ) -from .normalizers import ( - encode_component, normalize_scheme, normalize_authority, normalize_path, - normalize_query, normalize_fragment - ) - - -class URIReference(namedtuple('URIReference', URI_COMPONENTS)): - slots = () - - def __new__(cls, scheme, authority, path, query, fragment, - encoding='utf-8'): - ref = super(URIReference, cls).__new__( - cls, - scheme or None, - authority or None, - path or None, - query or None, - fragment or None) - ref.encoding = encoding - return ref - - def __eq__(self, other): - other_ref = other - if isinstance(other, tuple): - other_ref = URIReference(*other) - elif not isinstance(other, URIReference): - try: - other_ref = URIReference.from_string(other) - except TypeError: - raise TypeError( - 'Unable to compare URIReference() to {0}()'.format( - type(other).__name__)) - - # See http://tools.ietf.org/html/rfc3986#section-6.2 - naive_equality = tuple(self) == tuple(other_ref) - return naive_equality or self.normalized_equality(other_ref) - - @classmethod - def from_string(cls, uri_string, encoding='utf-8'): - """Parse a URI reference from the given unicode URI string. - - :param str uri_string: Unicode URI to be parsed into a reference. - :param str encoding: The encoding of the string provided - :returns: :class:`URIReference` or subclass thereof - """ - uri_string = to_str(uri_string, encoding) - - split_uri = URI_MATCHER.match(uri_string).groupdict() - return cls(split_uri['scheme'], split_uri['authority'], - encode_component(split_uri['path'], encoding), - encode_component(split_uri['query'], encoding), - encode_component(split_uri['fragment'], encoding), encoding) - - def authority_info(self): - """Returns a dictionary with the ``userinfo``, ``host``, and ``port``. - - If the authority is not valid, it will raise a ``InvalidAuthority`` - Exception. - - :returns: - ``{'userinfo': 'username:password', 'host': 'www.example.com', - 'port': '80'}`` - :rtype: dict - :raises InvalidAuthority: If the authority is not ``None`` and can not - be parsed. - """ - if not self.authority: - return {'userinfo': None, 'host': None, 'port': None} - - match = SUBAUTHORITY_MATCHER.match(self.authority) - - if match is None: - # In this case, we have an authority that was parsed from the URI - # Reference, but it cannot be further parsed by our - # SUBAUTHORITY_MATCHER. In this case it must not be a valid - # authority. - raise InvalidAuthority(self.authority.encode(self.encoding)) - - # We had a match, now let's ensure that it is actually a valid host - # address if it is IPv4 - matches = match.groupdict() - host = matches.get('host') - - if (host and IPv4_MATCHER.match(host) and not - valid_ipv4_host_address(host)): - # If we have a host, it appears to be IPv4 and it does not have - # valid bytes, it is an InvalidAuthority. - raise InvalidAuthority(self.authority.encode(self.encoding)) - - return matches - - @property - def host(self): - """If present, a string representing the host.""" - try: - authority = self.authority_info() - except InvalidAuthority: - return None - return authority['host'] - - @property - def port(self): - """If present, the port (as a string) extracted from the authority.""" - try: - authority = self.authority_info() - except InvalidAuthority: - return None - return authority['port'] - - @property - def userinfo(self): - """If present, the userinfo extracted from the authority.""" - try: - authority = self.authority_info() - except InvalidAuthority: - return None - return authority['userinfo'] - - def is_absolute(self): - """Determine if this URI Reference is an absolute URI. - - See http://tools.ietf.org/html/rfc3986#section-4.3 for explanation. - - :returns: ``True`` if it is an absolute URI, ``False`` otherwise. - :rtype: bool - """ - return bool(ABSOLUTE_URI_MATCHER.match(self.unsplit())) - - def is_valid(self, **kwargs): - """Determines if the URI is valid. - - :param bool require_scheme: Set to ``True`` if you wish to require the - presence of the scheme component. - :param bool require_authority: Set to ``True`` if you wish to require - the presence of the authority component. - :param bool require_path: Set to ``True`` if you wish to require the - presence of the path component. - :param bool require_query: Set to ``True`` if you wish to require the - presence of the query component. - :param bool require_fragment: Set to ``True`` if you wish to require - the presence of the fragment component. - :returns: ``True`` if the URI is valid. ``False`` otherwise. - :rtype: bool - """ - validators = [ - (self.scheme_is_valid, kwargs.get('require_scheme', False)), - (self.authority_is_valid, kwargs.get('require_authority', False)), - (self.path_is_valid, kwargs.get('require_path', False)), - (self.query_is_valid, kwargs.get('require_query', False)), - (self.fragment_is_valid, kwargs.get('require_fragment', False)), - ] - return all(v(r) for v, r in validators) - - def _is_valid(self, value, matcher, require): - if require: - return (value is not None - and matcher.match(value)) - - # require is False and value is not None - return value is None or matcher.match(value) - - def authority_is_valid(self, require=False): - """Determines if the authority component is valid. - - :param str require: Set to ``True`` to require the presence of this - component. - :returns: ``True`` if the authority is valid. ``False`` otherwise. - :rtype: bool - """ - try: - self.authority_info() - except InvalidAuthority: - return False - - is_valid = self._is_valid(self.authority, - SUBAUTHORITY_MATCHER, - require) - - # Ensure that IPv4 addresses have valid bytes - if is_valid and self.host and IPv4_MATCHER.match(self.host): - return valid_ipv4_host_address(self.host) - - # Perhaps the host didn't exist or if it did, it wasn't an IPv4-like - # address. In either case, we want to rely on the `_is_valid` check, - # so let's return that. - return is_valid - - def scheme_is_valid(self, require=False): - """Determines if the scheme component is valid. - - :param str require: Set to ``True`` to require the presence of this - component. - :returns: ``True`` if the scheme is valid. ``False`` otherwise. - :rtype: bool - """ - return self._is_valid(self.scheme, SCHEME_MATCHER, require) - - def path_is_valid(self, require=False): - """Determines if the path component is valid. - - :param str require: Set to ``True`` to require the presence of this - component. - :returns: ``True`` if the path is valid. ``False`` otherwise. - :rtype: bool - """ - return self._is_valid(self.path, PATH_MATCHER, require) - - def query_is_valid(self, require=False): - """Determines if the query component is valid. - - :param str require: Set to ``True`` to require the presence of this - component. - :returns: ``True`` if the query is valid. ``False`` otherwise. - :rtype: bool - """ - return self._is_valid(self.query, QUERY_MATCHER, require) - - def fragment_is_valid(self, require=False): - """Determines if the fragment component is valid. - - :param str require: Set to ``True`` to require the presence of this - component. - :returns: ``True`` if the fragment is valid. ``False`` otherwise. - :rtype: bool - """ - return self._is_valid(self.fragment, FRAGMENT_MATCHER, require) - - def normalize(self): - """Normalize this reference as described in Section 6.2.2 - - This is not an in-place normalization. Instead this creates a new - URIReference. - - :returns: A new reference object with normalized components. - :rtype: URIReference - """ - # See http://tools.ietf.org/html/rfc3986#section-6.2.2 for logic in - # this method. - return URIReference(normalize_scheme(self.scheme or ''), - normalize_authority( - (self.userinfo, self.host, self.port)), - normalize_path(self.path or ''), - normalize_query(self.query or ''), - normalize_fragment(self.fragment or '')) - - def normalized_equality(self, other_ref): - """Compare this URIReference to another URIReference. - - :param URIReference other_ref: (required), The reference with which - we're comparing. - :returns: ``True`` if the references are equal, ``False`` otherwise. - :rtype: bool - """ - return tuple(self.normalize()) == tuple(other_ref.normalize()) - - def resolve_with(self, base_uri, strict=False): - """Use an absolute URI Reference to resolve this relative reference. - - Assuming this is a relative reference that you would like to resolve, - use the provided base URI to resolve it. - - See http://tools.ietf.org/html/rfc3986#section-5 for more information. - - :param base_uri: Either a string or URIReference. It must be an - absolute URI or it will raise an exception. - :returns: A new URIReference which is the result of resolving this - reference using ``base_uri``. - :rtype: :class:`URIReference` - :raises ResolutionError: If the ``base_uri`` is not an absolute URI. - """ - if not isinstance(base_uri, URIReference): - base_uri = URIReference.from_string(base_uri) - - if not base_uri.is_absolute(): - raise ResolutionError(base_uri) - - # This is optional per - # http://tools.ietf.org/html/rfc3986#section-5.2.1 - base_uri = base_uri.normalize() - - # The reference we're resolving - resolving = self - - if not strict and resolving.scheme == base_uri.scheme: - resolving = resolving.copy_with(scheme=None) - - # http://tools.ietf.org/html/rfc3986#page-32 - if resolving.scheme is not None: - target = resolving.copy_with(path=normalize_path(resolving.path)) - else: - if resolving.authority is not None: - target = resolving.copy_with( - scheme=base_uri.scheme, - path=normalize_path(resolving.path) - ) - else: - if resolving.path is None: - if resolving.query is not None: - query = resolving.query - else: - query = base_uri.query - target = resolving.copy_with( - scheme=base_uri.scheme, - authority=base_uri.authority, - path=base_uri.path, - query=query - ) - else: - if resolving.path.startswith('/'): - path = normalize_path(resolving.path) - else: - path = normalize_path( - merge_paths(base_uri, resolving.path) - ) - target = resolving.copy_with( - scheme=base_uri.scheme, - authority=base_uri.authority, - path=path, - query=resolving.query - ) - return target - - def unsplit(self): - """Create a URI string from the components. - - :returns: The URI Reference reconstituted as a string. - :rtype: str - """ - # See http://tools.ietf.org/html/rfc3986#section-5.3 - result_list = [] - if self.scheme: - result_list.extend([self.scheme, ':']) - if self.authority: - result_list.extend(['//', self.authority]) - if self.path: - result_list.append(self.path) - if self.query: - result_list.extend(['?', self.query]) - if self.fragment: - result_list.extend(['#', self.fragment]) - return ''.join(result_list) - - def copy_with(self, scheme=None, authority=None, path=None, query=None, - fragment=None): - attributes = { - 'scheme': scheme, - 'authority': authority, - 'path': path, - 'query': query, - 'fragment': fragment, - } - for key, value in list(attributes.items()): - if value is None: - del attributes[key] - return self._replace(**attributes) - - -def valid_ipv4_host_address(host): - # If the host exists, and it might be IPv4, check each byte in the - # address. - return all([0 <= int(byte, base=10) <= 255 for byte in host.split('.')]) diff --git a/tools/third_party/hyper/hyper/ssl_compat.py b/tools/third_party/hyper/hyper/ssl_compat.py deleted file mode 100644 index 976b6235931027..00000000000000 --- a/tools/third_party/hyper/hyper/ssl_compat.py +++ /dev/null @@ -1,307 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/ssl_compat -~~~~~~~~~ - -Shoves pyOpenSSL into an API that looks like the standard Python 3.x ssl -module. - -Currently exposes exactly those attributes, classes, and methods that we -actually use in hyper (all method signatures are complete, however). May be -expanded to something more general-purpose in the future. -""" -try: - import StringIO as BytesIO -except ImportError: - from io import BytesIO -import errno -import socket -import time - -from OpenSSL import SSL as ossl -from service_identity.pyopenssl import verify_hostname as _verify - -CERT_NONE = ossl.VERIFY_NONE -CERT_REQUIRED = ossl.VERIFY_PEER | ossl.VERIFY_FAIL_IF_NO_PEER_CERT - -_OPENSSL_ATTRS = dict( - OP_NO_COMPRESSION='OP_NO_COMPRESSION', - PROTOCOL_TLSv1_2='TLSv1_2_METHOD', - PROTOCOL_SSLv23='SSLv23_METHOD', -) - -for external, internal in _OPENSSL_ATTRS.items(): - value = getattr(ossl, internal, None) - if value: - locals()[external] = value - -OP_ALL = 0 -# TODO: Find out the names of these other flags. -for bit in [31] + list(range(10)): - OP_ALL |= 1 << bit - -HAS_NPN = True - - -def _proxy(method): - def inner(self, *args, **kwargs): - return getattr(self._conn, method)(*args, **kwargs) - return inner - -# Referenced in hyper/http20/connection.py. These values come -# from the python ssl package, and must be defined in this file -# for hyper to work in python versions <2.7.9 -SSL_ERROR_WANT_READ = 2 -SSL_ERROR_WANT_WRITE = 3 - - -# TODO missing some attributes -class SSLError(OSError): - pass - - -class CertificateError(SSLError): - pass - - -def verify_hostname(ssl_sock, server_hostname): - """ - A method nearly compatible with the stdlib's match_hostname. - """ - if isinstance(server_hostname, bytes): - server_hostname = server_hostname.decode('ascii') - return _verify(ssl_sock._conn, server_hostname) - - -class SSLSocket(object): - SSL_TIMEOUT = 3 - SSL_RETRY = .01 - - def __init__(self, conn, server_side, do_handshake_on_connect, - suppress_ragged_eofs, server_hostname, check_hostname): - self._conn = conn - self._do_handshake_on_connect = do_handshake_on_connect - self._suppress_ragged_eofs = suppress_ragged_eofs - self._check_hostname = check_hostname - - if server_side: - self._conn.set_accept_state() - else: - if server_hostname: - self._conn.set_tlsext_host_name( - server_hostname.encode('utf-8') - ) - self._server_hostname = server_hostname - # FIXME does this override do_handshake_on_connect=False? - self._conn.set_connect_state() - - if self.connected and self._do_handshake_on_connect: - self.do_handshake() - - @property - def connected(self): - try: - self._conn.getpeername() - except socket.error as e: - if e.errno != errno.ENOTCONN: - # It's an exception other than the one we expected if we're not - # connected. - raise - return False - return True - - # Lovingly stolen from CherryPy - # (http://svn.cherrypy.org/tags/cherrypy-3.2.1/cherrypy/wsgiserver/ssl_pyopenssl.py). - def _safe_ssl_call(self, suppress_ragged_eofs, call, *args, **kwargs): - """Wrap the given call with SSL error-trapping.""" - start = time.time() - while True: - try: - return call(*args, **kwargs) - except (ossl.WantReadError, ossl.WantWriteError): - # Sleep and try again. This is dangerous, because it means - # the rest of the stack has no way of differentiating - # between a "new handshake" error and "client dropped". - # Note this isn't an endless loop: there's a timeout below. - time.sleep(self.SSL_RETRY) - except ossl.Error as e: - if suppress_ragged_eofs and e.args == (-1, 'Unexpected EOF'): - return b'' - raise socket.error(e.args[0]) - - if time.time() - start > self.SSL_TIMEOUT: - raise socket.timeout('timed out') - - def connect(self, address): - self._conn.connect(address) - if self._do_handshake_on_connect: - self.do_handshake() - - def do_handshake(self): - self._safe_ssl_call(False, self._conn.do_handshake) - if self._check_hostname: - verify_hostname(self, self._server_hostname) - - def recv(self, bufsize, flags=None): - return self._safe_ssl_call( - self._suppress_ragged_eofs, - self._conn.recv, - bufsize, - flags - ) - - def recv_into(self, buffer, bufsize=None, flags=None): - # A temporary recv_into implementation. Should be replaced when - # PyOpenSSL has merged pyca/pyopenssl#121. - if bufsize is None: - bufsize = len(buffer) - - data = self.recv(bufsize, flags) - data_len = len(data) - buffer[0:data_len] = data - return data_len - - def send(self, data, flags=None): - return self._safe_ssl_call(False, self._conn.send, data, flags) - - def sendall(self, data, flags=None): - return self._safe_ssl_call(False, self._conn.sendall, data, flags) - - def selected_npn_protocol(self): - proto = self._conn.get_next_proto_negotiated() - if isinstance(proto, bytes): - proto = proto.decode('ascii') - - return proto if proto else None - - def selected_alpn_protocol(self): - proto = self._conn.get_alpn_proto_negotiated() - if isinstance(proto, bytes): - proto = proto.decode('ascii') - - return proto if proto else None - - def getpeercert(self): - def resolve_alias(alias): - return dict( - C='countryName', - ST='stateOrProvinceName', - L='localityName', - O='organizationName', - OU='organizationalUnitName', - CN='commonName', - ).get(alias, alias) - - def to_components(name): - # TODO Verify that these are actually *supposed* to all be - # single-element tuples, and that's not just a quirk of the - # examples I've seen. - return tuple( - [ - (resolve_alias(k.decode('utf-8'), v.decode('utf-8')),) - for k, v in name.get_components() - ] - ) - - # The standard getpeercert() takes the nice X509 object tree returned - # by OpenSSL and turns it into a dict according to some format it seems - # to have made up on the spot. Here, we do our best to emulate that. - cert = self._conn.get_peer_certificate() - result = dict( - issuer=to_components(cert.get_issuer()), - subject=to_components(cert.get_subject()), - version=cert.get_subject(), - serialNumber=cert.get_serial_number(), - notBefore=cert.get_notBefore(), - notAfter=cert.get_notAfter(), - ) - # TODO extensions, including subjectAltName - # (see _decode_certificate in _ssl.c) - return result - - # a dash of magic to reduce boilerplate - methods = ['accept', 'bind', 'close', 'getsockname', 'listen', 'fileno'] - for method in methods: - locals()[method] = _proxy(method) - - -class SSLContext(object): - def __init__(self, protocol): - self.protocol = protocol - self._ctx = ossl.Context(protocol) - self.options = OP_ALL - self.check_hostname = False - self.npn_protos = [] - - @property - def options(self): - return self._options - - @options.setter - def options(self, value): - self._options = value - self._ctx.set_options(value) - - @property - def verify_mode(self): - return self._ctx.get_verify_mode() - - @verify_mode.setter - def verify_mode(self, value): - # TODO verify exception is raised on failure - self._ctx.set_verify( - value, lambda conn, cert, errnum, errdepth, ok: ok - ) - - def set_default_verify_paths(self): - self._ctx.set_default_verify_paths() - - def load_verify_locations(self, cafile=None, capath=None, cadata=None): - # TODO factor out common code - if cafile is not None: - cafile = cafile.encode('utf-8') - if capath is not None: - capath = capath.encode('utf-8') - self._ctx.load_verify_locations(cafile, capath) - if cadata is not None: - self._ctx.load_verify_locations(BytesIO(cadata)) - - def load_cert_chain(self, certfile, keyfile=None, password=None): - self._ctx.use_certificate_file(certfile) - if password is not None: - self._ctx.set_passwd_cb( - lambda max_length, prompt_twice, userdata: password - ) - self._ctx.use_privatekey_file(keyfile or certfile) - - def set_npn_protocols(self, protocols): - self.protocols = list(map(lambda x: x.encode('ascii'), protocols)) - - def cb(conn, protos): - # Detect the overlapping set of protocols. - overlap = set(protos) & set(self.protocols) - - # Select the option that comes last in the list in the overlap. - for p in self.protocols: - if p in overlap: - return p - else: - return b'' - - self._ctx.set_npn_select_callback(cb) - - def set_alpn_protocols(self, protocols): - protocols = list(map(lambda x: x.encode('ascii'), protocols)) - self._ctx.set_alpn_protos(protocols) - - def wrap_socket(self, - sock, - server_side=False, - do_handshake_on_connect=True, - suppress_ragged_eofs=True, - server_hostname=None): - conn = ossl.Connection(self._ctx, sock) - return SSLSocket(conn, server_side, do_handshake_on_connect, - suppress_ragged_eofs, server_hostname, - # TODO what if this is changed after the fact? - self.check_hostname) diff --git a/tools/third_party/hyper/hyper/tls.py b/tools/third_party/hyper/hyper/tls.py deleted file mode 100644 index 422b001cda8624..00000000000000 --- a/tools/third_party/hyper/hyper/tls.py +++ /dev/null @@ -1,133 +0,0 @@ -# -*- coding: utf-8 -*- -""" -hyper/tls -~~~~~~~~~ - -Contains the TLS/SSL logic for use in hyper. -""" -import os.path as path -from .common.exceptions import MissingCertFile -from .compat import ignore_missing, ssl - - -NPN_PROTOCOL = 'h2' -H2_NPN_PROTOCOLS = [NPN_PROTOCOL, 'h2-16', 'h2-15', 'h2-14'] -SUPPORTED_NPN_PROTOCOLS = H2_NPN_PROTOCOLS + ['http/1.1'] - -H2C_PROTOCOL = 'h2c' - -# We have a singleton SSLContext object. There's no reason to be creating one -# per connection. -_context = None - -# Work out where our certificates are. -cert_loc = path.join(path.dirname(__file__), 'certs.pem') - - -def wrap_socket(sock, server_hostname, ssl_context=None, force_proto=None): - """ - A vastly simplified SSL wrapping function. We'll probably extend this to - do more things later. - """ - - global _context - - if ssl_context: - # if an SSLContext is provided then use it instead of default context - _ssl_context = ssl_context - else: - # create the singleton SSLContext we use - if _context is None: # pragma: no cover - _context = init_context() - _ssl_context = _context - - # the spec requires SNI support - ssl_sock = _ssl_context.wrap_socket(sock, server_hostname=server_hostname) - # Setting SSLContext.check_hostname to True only verifies that the - # post-handshake servername matches that of the certificate. We also need - # to check that it matches the requested one. - if _ssl_context.check_hostname: # pragma: no cover - try: - ssl.match_hostname(ssl_sock.getpeercert(), server_hostname) - except AttributeError: - ssl.verify_hostname(ssl_sock, server_hostname) # pyopenssl - - # Allow for the protocol to be forced externally. - proto = force_proto - - # ALPN is newer, so we prefer it over NPN. The odds of us getting - # different answers is pretty low, but let's be sure. - with ignore_missing(): - if proto is None: - proto = ssl_sock.selected_alpn_protocol() - - with ignore_missing(): - if proto is None: - proto = ssl_sock.selected_npn_protocol() - - return (ssl_sock, proto) - - -def init_context(cert_path=None, cert=None, cert_password=None): - """ - Create a new ``SSLContext`` that is correctly set up for an HTTP/2 - connection. This SSL context object can be customized and passed as a - parameter to the :class:`HTTPConnection ` class. - Provide your own certificate file in case you don’t want to use hyper’s - default certificate. The path to the certificate can be absolute or - relative to your working directory. - - :param cert_path: (optional) The path to the certificate file of - “certification authority” (CA) certificates - :param cert: (optional) if string, path to ssl client cert file (.pem). - If tuple, ('cert', 'key') pair. - The certfile string must be the path to a single file in PEM format - containing the certificate as well as any number of CA certificates - needed to establish the certificate’s authenticity. The keyfile string, - if present, must point to a file containing the private key in. - Otherwise the private key will be taken from certfile as well. - :param cert_password: (optional) The password argument may be a function to - call to get the password for decrypting the private key. It will only - be called if the private key is encrypted and a password is necessary. - It will be called with no arguments, and it should return a string, - bytes, or bytearray. If the return value is a string it will be - encoded as UTF-8 before using it to decrypt the key. Alternatively a - string, bytes, or bytearray value may be supplied directly as the - password argument. It will be ignored if the private key is not - encrypted and no password is needed. - :returns: An ``SSLContext`` correctly set up for HTTP/2. - """ - cafile = cert_path or cert_loc - if not cafile or not path.exists(cafile): - err_msg = ("No certificate found at " + str(cafile) + ". Either " + - "ensure the default cert.pem file is included in the " + - "distribution or provide a custom certificate when " + - "creating the connection.") - raise MissingCertFile(err_msg) - - context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) - context.set_default_verify_paths() - context.load_verify_locations(cafile=cafile) - context.verify_mode = ssl.CERT_REQUIRED - context.check_hostname = True - - with ignore_missing(): - context.set_npn_protocols(SUPPORTED_NPN_PROTOCOLS) - - with ignore_missing(): - context.set_alpn_protocols(SUPPORTED_NPN_PROTOCOLS) - - # required by the spec - context.options |= ssl.OP_NO_COMPRESSION - - if cert is not None: - try: - basestring - except NameError: - basestring = (str, bytes) - if not isinstance(cert, basestring): - context.load_cert_chain(cert[0], cert[1], cert_password) - else: - context.load_cert_chain(cert, password=cert_password) - - return context diff --git a/tools/wptserve/tests/functional/base.py b/tools/wptserve/tests/functional/base.py index e5b4b4b9dcba57..8aa19e0d28d41c 100644 --- a/tools/wptserve/tests/functional/base.py +++ b/tools/wptserve/tests/functional/base.py @@ -1,15 +1,15 @@ import base64 import logging import os -import pytest import unittest from urllib.parse import urlencode, urlunsplit from urllib.request import Request as BaseRequest from urllib.request import urlopen -from hyper import HTTP20Connection, tls -import ssl +import httpx +import pytest + from localpaths import repo_root wptserve = pytest.importorskip("wptserve") @@ -91,12 +91,8 @@ def setup_method(self, test_method): http2=True) self.server.start() - context = tls.init_context() - context.check_hostname = False - context.verify_mode = ssl.CERT_NONE - context.set_alpn_protocols(['h2']) - self.conn = HTTP20Connection('%s:%i' % (self.server.host, self.server.port), enable_push=True, secure=True, ssl_context=context) - self.conn.connect() + self.client = httpx.Client(base_url=f'https://{self.server.host}:{self.server.port}', + http2=True, verify=False) def teardown_method(self, test_method): self.server.stop() diff --git a/tools/wptserve/tests/functional/docroot/test_h2_data.py b/tools/wptserve/tests/functional/docroot/test_h2_data.py index ffd6586d393e9f..9770a5a8aa666b 100644 --- a/tools/wptserve/tests/functional/docroot/test_h2_data.py +++ b/tools/wptserve/tests/functional/docroot/test_h2_data.py @@ -1,2 +1,2 @@ def handle_data(frame, request, response): - response.content = frame.data[::-1] + response.content.append(frame.data.swapcase()) diff --git a/tools/wptserve/tests/functional/docroot/test_h2_headers_data.py b/tools/wptserve/tests/functional/docroot/test_h2_headers_data.py index 74a81f81f24a48..32855093e174c6 100644 --- a/tools/wptserve/tests/functional/docroot/test_h2_headers_data.py +++ b/tools/wptserve/tests/functional/docroot/test_h2_headers_data.py @@ -3,4 +3,4 @@ def handle_headers(frame, request, response): response.headers.update([('test', 'passed')]) def handle_data(frame, request, response): - response.content = frame.data[::-1] + response.content.append(frame.data.swapcase()) diff --git a/tools/wptserve/tests/functional/test_handlers.py b/tools/wptserve/tests/functional/test_handlers.py index 1dc2a9ba7bb3e5..26a9f797ecf95e 100644 --- a/tools/wptserve/tests/functional/test_handlers.py +++ b/tools/wptserve/tests/functional/test_handlers.py @@ -316,75 +316,66 @@ def test_as_is(self): class TestH2Handler(TestUsingH2Server): def test_handle_headers(self): - self.conn.request("GET", '/test_h2_headers.py') - resp = self.conn.get_response() + resp = self.client.get('/test_h2_headers.py') - assert resp.status == 203 - assert resp.headers['test'][0] == b'passed' - assert resp.read() == b'' + assert resp.status_code == 203 + assert resp.headers['test'] == 'passed' + assert resp.content == b'' def test_only_main(self): - self.conn.request("GET", '/test_tuple_3.py') - resp = self.conn.get_response() + resp = self.client.get('/test_tuple_3.py') - assert resp.status == 202 - assert resp.headers['Content-Type'][0] == b'text/html' - assert resp.headers['X-Test'][0] == b'PASS' - assert resp.read() == b'PASS' + assert resp.status_code == 202 + assert resp.headers['Content-Type'] == 'text/html' + assert resp.headers['X-Test'] == 'PASS' + assert resp.content == b'PASS' def test_handle_data(self): - self.conn.request("POST", '/test_h2_data.py', body="hello world!") - resp = self.conn.get_response() + resp = self.client.post('/test_h2_data.py', content=b'hello world!') - assert resp.status == 200 - assert resp.read() == b'!dlrow olleh' + assert resp.status_code == 200 + assert resp.content == b'HELLO WORLD!' def test_handle_headers_data(self): - self.conn.request("POST", '/test_h2_headers_data.py', body="hello world!") - resp = self.conn.get_response() + resp = self.client.post('/test_h2_headers_data.py', content=b'hello world!') - assert resp.status == 203 - assert resp.headers['test'][0] == b'passed' - assert resp.read() == b'!dlrow olleh' + assert resp.status_code == 203 + assert resp.headers['test'] == 'passed' + assert resp.content == b'HELLO WORLD!' def test_no_main_or_handlers(self): - self.conn.request("GET", '/no_main.py') - resp = self.conn.get_response() + resp = self.client.get('/no_main.py') - assert resp.status == 500 - assert "No main function or handlers in script " in json.loads(resp.read())["error"]["message"] + assert resp.status_code == 500 + assert "No main function or handlers in script " in json.loads(resp.content)["error"]["message"] def test_not_found(self): - self.conn.request("GET", '/no_exist.py') - resp = self.conn.get_response() + resp = self.client.get('/no_exist.py') - assert resp.status == 404 + assert resp.status_code == 404 def test_requesting_multiple_resources(self): # 1st .py resource - self.conn.request("GET", '/test_h2_headers.py') - resp = self.conn.get_response() + resp = self.client.get('/test_h2_headers.py') - assert resp.status == 203 - assert resp.headers['test'][0] == b'passed' - assert resp.read() == b'' + assert resp.status_code == 203 + assert resp.headers['test'] == 'passed' + assert resp.content == b'' # 2nd .py resource - self.conn.request("GET", '/test_tuple_3.py') - resp = self.conn.get_response() + resp = self.client.get('/test_tuple_3.py') - assert resp.status == 202 - assert resp.headers['Content-Type'][0] == b'text/html' - assert resp.headers['X-Test'][0] == b'PASS' - assert resp.read() == b'PASS' + assert resp.status_code == 202 + assert resp.headers['Content-Type'] == 'text/html' + assert resp.headers['X-Test'] == 'PASS' + assert resp.content == b'PASS' # 3rd .py resource - self.conn.request("GET", '/test_h2_headers.py') - resp = self.conn.get_response() + resp = self.client.get('/test_h2_headers.py') - assert resp.status == 203 - assert resp.headers['test'][0] == b'passed' - assert resp.read() == b'' + assert resp.status_code == 203 + assert resp.headers['test'] == 'passed' + assert resp.content == b'' class TestWorkersHandler(TestWrapperHandlerUsingServer): diff --git a/tools/wptserve/tests/functional/test_response.py b/tools/wptserve/tests/functional/test_response.py index 23f13f86d11f77..635e62833c1ae7 100644 --- a/tools/wptserve/tests/functional/test_response.py +++ b/tools/wptserve/tests/functional/test_response.py @@ -10,7 +10,6 @@ wptserve = pytest.importorskip("wptserve") from .base import TestUsingServer, TestUsingH2Server, doc_root -from h2.exceptions import ProtocolError def send_body_as_header(self): if self._response.add_required_headers: @@ -199,60 +198,11 @@ def handler(request, response): route = ("GET", "/h2test/test", handler) self.server.router.register(*route) - self.conn.request(route[0], route[1]) - resp = self.conn.get_response() + resp = self.client.get(route[1]) - assert resp.status == 202 - assert [x for x in resp.headers.items()] == [(b'server', b'test-h2'), (b'test', b'PASS')] - assert resp.read() == data - - def test_push(self): - data = b"TEST" - push_data = b"PUSH TEST" - - @wptserve.handlers.handler - def handler(request, response): - headers = [ - ('server', 'test-h2'), - ('test', 'PASS'), - ] - response.writer.write_headers(headers, 202) - - promise_headers = [ - (':method', 'GET'), - (':path', '/push-test'), - (':scheme', 'https'), - (':authority', '%s:%i' % (self.server.host, self.server.port)) - ] - push_headers = [ - ('server', 'test-h2'), - ('content-length', str(len(push_data))), - ('content-type', 'text'), - ] - - response.writer.write_push( - promise_headers, - push_stream_id=10, - status=203, - response_headers=push_headers, - response_data=push_data - ) - response.writer.write_data_frame(data, True) - - route = ("GET", "/h2test/test_push", handler) - self.server.router.register(*route) - self.conn.request(route[0], route[1]) - resp = self.conn.get_response() - - assert resp.status == 202 - assert [x for x in resp.headers.items()] == [(b'server', b'test-h2'), (b'test', b'PASS')] - assert resp.read() == data - - push_promise = next(self.conn.get_pushes()) - push = push_promise.get_response() - assert push_promise.path == b'/push-test' - assert push.status == 203 - assert push.read() == push_data + assert resp.status_code == 202 + assert [x for x in resp.headers.items()] == [('server', 'test-h2'), ('test', 'PASS')] + assert resp.content == data def test_set_error(self): @wptserve.handlers.handler @@ -261,11 +211,10 @@ def handler(request, response): route = ("GET", "/h2test/test_set_error", handler) self.server.router.register(*route) - self.conn.request(route[0], route[1]) - resp = self.conn.get_response() + resp = self.client.get(route[1]) - assert resp.status == 503 - assert json.loads(resp.read()) == json.loads("{\"error\": {\"message\": \"Test error\", \"code\": 503}}") + assert resp.status_code == 503 + assert json.loads(resp.content) == json.loads("{\"error\": {\"message\": \"Test error\", \"code\": 503}}") def test_file_like_response(self): @wptserve.handlers.handler @@ -275,11 +224,10 @@ def handler(request, response): route = ("GET", "/h2test/test_file_like_response", handler) self.server.router.register(*route) - self.conn.request(route[0], route[1]) - resp = self.conn.get_response() + resp = self.client.get(route[1]) - assert resp.status == 200 - assert resp.read() == b"Hello, world!" + assert resp.status_code == 200 + assert resp.content == b"Hello, world!" def test_list_response(self): @wptserve.handlers.handler @@ -288,11 +236,10 @@ def handler(request, response): route = ("GET", "/h2test/test_file_like_response", handler) self.server.router.register(*route) - self.conn.request(route[0], route[1]) - resp = self.conn.get_response() + resp = self.client.get(route[1]) - assert resp.status == 200 - assert resp.read() == b"helloworld" + assert resp.status_code == 200 + assert resp.content == b"helloworld" def test_content_longer_than_frame_size(self): @wptserve.handlers.handler @@ -303,28 +250,27 @@ def handler(request, response): route = ("GET", "/h2test/test_content_longer_than_frame_size", handler) self.server.router.register(*route) - self.conn.request(route[0], route[1]) - resp = self.conn.get_response() + resp = self.client.get(route[1]) - assert resp.status == 200 - payload_size = int(resp.headers['payload_size'][0]) + assert resp.status_code == 200 + payload_size = int(resp.headers['payload_size']) assert payload_size - assert resp.read() == b"a" * (payload_size + 5) + assert resp.content == b"a" * (payload_size + 5) def test_encode(self): @wptserve.handlers.handler def handler(request, response): response.encoding = "utf8" - t = response.writer.encode(u"hello") - assert t == "hello" + t = response.writer.encode("hello") + assert t == b"hello" with pytest.raises(ValueError): response.writer.encode(None) route = ("GET", "/h2test/test_content_longer_than_frame_size", handler) self.server.router.register(*route) - self.conn.request(route[0], route[1]) - self.conn.get_response() + resp = self.client.get(route[1]) + assert resp.status_code == 200 def test_raw_header_frame(self): @wptserve.handlers.handler @@ -336,38 +282,23 @@ def handler(request, response): route = ("GET", "/h2test/test_file_like_response", handler) self.server.router.register(*route) - self.conn.request(route[0], route[1]) - resp = self.conn.get_response() - - assert resp.status == 204 - assert resp.headers['server'][0] == b'TEST-H2' - assert resp.read() == b'' - - def test_raw_header_frame_invalid(self): - @wptserve.handlers.handler - def handler(request, response): - response.writer.write_raw_header_frame([ - ('server', 'TEST-H2'), - (':status', '204') - ], end_headers=True) + resp = self.client.get(route[1]) - route = ("GET", "/h2test/test_file_like_response", handler) - self.server.router.register(*route) - self.conn.request(route[0], route[1]) - with pytest.raises(ProtocolError): - # The server can send an invalid HEADER frame, which will cause a protocol error in client - self.conn.get_response() + assert resp.status_code == 204 + assert resp.headers['server'] == 'TEST-H2' + assert resp.content == b'' def test_raw_data_frame(self): @wptserve.handlers.handler def handler(request, response): + response.write_status_headers() response.writer.write_raw_data_frame(data=b'Hello world', end_stream=True) route = ("GET", "/h2test/test_file_like_response", handler) self.server.router.register(*route) - sid = self.conn.request(route[0], route[1]) + resp = self.client.get(route[1]) - assert self.conn.streams[sid]._read() == b'Hello world' + assert resp.content == b'Hello world' def test_raw_header_continuation_frame(self): @wptserve.handlers.handler @@ -382,12 +313,11 @@ def handler(request, response): route = ("GET", "/h2test/test_file_like_response", handler) self.server.router.register(*route) - self.conn.request(route[0], route[1]) - resp = self.conn.get_response() + resp = self.client.get(route[1]) - assert resp.status == 204 - assert resp.headers['server'][0] == b'TEST-H2' - assert resp.read() == b'' + assert resp.status_code == 204 + assert resp.headers['server'] == 'TEST-H2' + assert resp.content == b'' if __name__ == '__main__': unittest.main() diff --git a/tools/wptserve/tests/functional/test_server.py b/tools/wptserve/tests/functional/test_server.py index f3b095cfbf0bdc..939396ddee8375 100644 --- a/tools/wptserve/tests/functional/test_server.py +++ b/tools/wptserve/tests/functional/test_server.py @@ -60,12 +60,20 @@ def handler(request, response): self.assertEqual(200, resp.getcode()) +class TestH2Version(TestUsingH2Server): + # The purpose of this test is to ensure that all TestUsingH2Server tests + # actually end up using HTTP/2, in case there's any protocol negotiation. + def test_http_version(self): + resp = self.client.get('/') + + assert resp.http_version == 'HTTP/2' + + class TestFileHandlerH2(TestUsingH2Server): def test_not_handled(self): - self.conn.request("GET", "/not_existing") - resp = self.conn.get_response() + resp = self.client.get("/not_existing") - assert resp.status == 404 + assert resp.status_code == 404 class TestRewriterH2(TestUsingH2Server): @@ -77,10 +85,9 @@ def handler(request, response): route = ("GET", "/test/rewritten", handler) self.server.rewriter.register("GET", "/test/original", route[1]) self.server.router.register(*route) - self.conn.request("GET", "/test/original") - resp = self.conn.get_response() - assert resp.status == 200 - assert resp.read() == b"/test/rewritten" + resp = self.client.get("/test/original") + assert resp.status_code == 200 + assert resp.content == b"/test/rewritten" class TestRequestHandlerH2(TestUsingH2Server): @@ -91,10 +98,9 @@ def handler(request, response): route = ("GET", "/test/raises", handler) self.server.router.register(*route) - self.conn.request("GET", "/test/raises") - resp = self.conn.get_response() + resp = self.client.get("/test/raises") - assert resp.status == 500 + assert resp.status_code == 500 def test_frame_handler_exception(self): class handler_cls: @@ -103,10 +109,9 @@ def frame_handler(self, request): route = ("GET", "/test/raises", handler_cls()) self.server.router.register(*route) - self.conn.request("GET", "/test/raises") - resp = self.conn.get_response() + resp = self.client.get("/test/raises") - assert resp.status == 500 + assert resp.status_code == 500 if __name__ == "__main__":