From c6c0077ac3db6190d1f364360de5af17e9fcd08b Mon Sep 17 00:00:00 2001
From: MichaelMorris <michael.morris@est.tech>
Date: Mon, 22 Jul 2019 14:28:09 +0000
Subject: [PATCH] Implement TLS for calls into VNFM adapter

Issue-ID: SO-2143
Change-Id: I2fcacab7aebc9a22b952d881b0bf2404e1638b37
Signed-off-by: MichaelMorris <michael.morris@est.tech>
---
 .../vnfm/VnfmServiceProviderConfiguration.java     |   8 +++---
 .../src/main/resources/application.yaml            |   7 ++++-
 .../src/main/resources/so-vnfm-adapter.p12         | Bin 0 -> 4079 bytes
 .../{application-test.yaml => application.yaml}    |  14 ++++++++++
 .../adapter/vnfm/tasks/Constants.java              |   2 +-
 .../simulator/services/OperationProgressor.java    |  19 +++++++++++++
 .../src/main/resources/so-vnfm-adapter.crt.pem     |  30 +++++++++++++++++++++
 7 files changed, 75 insertions(+), 5 deletions(-)
 create mode 100644 adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12
 rename adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/{application-test.yaml => application.yaml} (79%)
 create mode 100644 vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem

diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
index 3342e0d054..ab631837db 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
@@ -63,9 +63,9 @@ public class VnfmServiceProviderConfiguration {
 
     private static final Logger logger = LoggerFactory.getLogger(VnfmServiceProviderConfiguration.class);
 
-    @Value("${http.client.ssl.trust-store}")
+    @Value("${http.client.ssl.trust-store:#{null}}")
     private Resource keyStore;
-    @Value("${http.client.ssl.trust-store-password}")
+    @Value("${http.client.ssl.trust-store-password:#{null}}")
     private String keyStorePassword;
 
     @Bean(name = "vnfmServiceProvider")
@@ -77,7 +77,9 @@ public class VnfmServiceProviderConfiguration {
     private HttpRestServiceProvider getHttpRestServiceProvider(final RestTemplate restTemplate,
             final HttpHeadersProvider httpHeadersProvider) {
         setGsonMessageConverter(restTemplate);
-        setTrustStore(restTemplate);
+        if (keyStore != null) {
+            setTrustStore(restTemplate);
+        }
         removeSpringClientFilter(restTemplate);
         return new HttpRestServiceProviderImpl(restTemplate, httpHeadersProvider);
     }
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
index 0bd63dffa9..4434d2edd9 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
@@ -34,6 +34,11 @@ server:
   port: 9092
   tomcat:
     max-threads: 50
+  ssl:
+    key-alias: so@so.onap.org
+    key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
+    key-store: classpath:so-vnfm-adapter.p12
+    key-store-type: PKCS12
 
 mso:
   key: 07a7159d3bf51a0e53be7a8f89699be7
@@ -50,7 +55,7 @@ sdc:
   endpoint: http://sdc.onap/1234A
   
 vnfmadapter:
-  endpoint: http://so-vnfm-adapter.onap:9092
+  endpoint: https://so-vnfm-adapter.onap:9092
 
 #Actuator
 management:
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ae4fddc6846bdb4d6b0c05d925123526ba05ca99
GIT binary patch
literal 4079
zcmY+EWmFV^5``DoU06Dn?hvGxS~{g91eOK~k?t<ZMLHMhP*O@tSR|zpq&r2rkx--r
zp6{I(=lz(Od+wc?pC1fKbcl(81w#^*fFWE_s!^8&7}yvENTPHgk_h$JPJ|&r0sj|)
z9DzuX?O)sKZ<&Mf{(Xgyi-B2y1m41sz)Kh>823N+-{-VIXs7n8-fK)}{gY-v8LTYj
z^w4l-WlStUuQm_~9HgO{S-9I!8&kE_^Io55Y>YEiOqJ*$f*cQM%2*|k;6}%q$O$77
zX2YzMmNZ!@B?eYJqec`hL_lKcF}G;1LDKe}+v@Xpem?H{V@av<FTf!0?{-*N_O4ha
zstz*o0-6+4eK6<AoFl!U)jQYJ3O(r7WZa@k?N{Yh^)6zjwZ=gkj<3#B>za{bW$`I9
zNO7+XMs4GRa#S0Lp|8X-3heAiT)4_OoXZ_zff7dA6^PMN+!DvD3F7gyOs&dJ1_QE)
zt-AYUSz2Oe=xY-wco&a@>^(Z%?ug!t%ugSsjjSAz8Wk6GSD6+;e$_OP>Sk0_TNu8e
z69_qTYrSIot&^ZJ)kdMxZ%Yh{81Sv&7M0Lg$AeXnAUu*0h2|k>cN@}Ar>(T`tMlMD
zQ#`NLyq;wn2B2DndhDhm^mE8{U+}+GD#lZE(`}m1-M!<%Q{<a{+h2HIIxIwWR-8E;
zj{Tr|<m*+zux1<jM5u?qx<KIU@C$41a|eYGd~P~Zzq^Y(*jk`)Ja>}RsLxW6dXC2t
zr>M+f(wSRU$|-Wc>k)<`{uzg(KEK!vA!Sd$Ed`*;4CY+q_576e!paN$E|5FeNM>Q0
zvs6E`Lw!Cnq|o4`YPK1_$Gv#uowNmyQ<5X}#cRf;4h#8>;EUV5`HWUK^}^e-C&kmE
z>Z>P#^4z)Qn`99O7if+#PwH(M`IeLQb*Go_+tyEN1Rag#x)s)aI9<%(UpE&gKh0Uu
z<?G1znCR4~(*`HE`aAoAc5iWtdsTSD&GWT1cxpqzx64D`__UIH=kOjqLK`di2)Q@v
z<O34Vkpvw++GLt9e!a~S@R%|7M;bu`D*4tbe%p@T%K&3quzqKmd_i0KtKXZ&Ylpq~
z@G{4CutDndBVsZPmV$>RZeOVGX!Nvv-z)|xJ=;ABlQZm`bWwJz5T7kQ$XGor?aMT%
z%OjnX&R2D<iBvi}yU?*Uev9v>`)<(!pa0H~*eiyJv?oQE?N&F`x=>iZG*crC?(6Lb
z)J!Bdo>y>ob}<d4Sc-E#DwsO=);zmr3T)U4^XWc6mVchr-ePv${SCSw^@mC5Y<8Q~
zb$S9jBV+V9jbAtC)#Mx6@{VNx2G<nF4B4wqG(_1KsMxWRbO=@+np3^D*!Ku*GTEs4
z7&B6t13Z3s@*Ra`Dr|CV&?8(l-f&F1ETKxDxecu7cE|Ef>lr)f$y(pr*i4}PJ$zec
zcE7edxC56=^Hn)B{W<*yfmtfTs~@u-6D1rd>50Z7jaRUbqO($QCLuhFy?2=5;k3=P
zh<QOiqiOBGZAHJuK{Yf}mp#}^IS0Gt&59~?NnQy_V~WzH2=btw=K38~Gmj)F-neQ0
zz*k?K7dRGOX1kzW#?oQnEID%_3Y5H)VQ5FA%HAa?*+%PU-c(nSUTOJD@Y=elOb}VN
zc0dS+1=ZW0&ywFT3iED;+m5$fTv7uM%*#Nr>Zx|oLh@CKc{KI4;H-vm1quS%>|Fsr
zDjBIwRuL1bXyfPoy4HQV37Os<_E`0B?!lcpu|V>f^#HOepE}32Jdd%Zqzt%FFP>tv
zt$zWEhg}P-e?O6ZHk5U&i!~pm3D$VvlVzqJS!v&`lyYl}p>(ek(1vmU7nKmG00RRZ
zzzg68ko#BX`>R|5F97a<e=1La9gO*Z%j5!3AgP{%iw%>22wX@QE(8}87ZDSJA#w5l
zyMzrcKtk?dNXRuN2H@{F|6hXff5Zj<lemt^Lj@#)S#2>_=uh^?m)2L=5(57sZWt2M
z+#C2g4yRBq)8vTI{Tpw4V$L#R!z++WZ4aU+F^>Fv;$J5vRv{hhd}qCo#XLa<fc2;>
zG{qsG(NsV_O8fymkrU;HwIs}_|4<73zOgUb1b_I(o88*BG4!Fg!$>4eVq1!h#A#EJ
zO2S#mpp>j`l{B-|#B$Y0Y1>H=#=2>fp(YdGBy2qsZv|bJ%bKlE(Wo}BpNR%Pr7m02
zDW8XHSi9|ZQ$f{ou>5m`^Fuf_p!R$^&?qJHZ-%QpRhAz#$)!}#df=u;9F}xT<Gtk_
z6nn%Ox#H#v@K}&$q-l|bP*lmz++&KCG3W^ZeRL5xtnYcd_=KrsJ2-NFrnAg%(?-c7
zQr^&C_>sY{C?kd!b&rc{rQx8nk{upA?eh2Jm1En_avw)@MiX6B<F?ON;r$u;^4OJo
z#JJzEK0{7i2sJ&hc#_3Ad%(7tq48-RW#<_iXYlihT+LRB;U~=!nTgSxIOV%y^G=Re
zpI2KFxzC-9NQ-ixiJ;6=#noesi|x0i8}a)W9WoVbJ7o8Hxr6l}^dG{`MXpcgqqn(6
zrH(?Gl$j};@{^J@56a3WT&5B98bGH)rKv1CYbmZcmKPnY>0uP{B9HSQN-q5&<vY|o
zuPzs<#ZB_6aGdHER7dBxtnwY6CYLa*-cliO8c4wSisO%TYqtoL>f5-Msi_=p`ECmN
zlN(~De+A2vT1EUJ;>v0ifyV|-+&!HP`~IHz?YoX~3V-#z*V<kIKa$3vHQ}5X<tA5G
z*qRmWphgRN%Jb#9#9z@Z0)a`B0N-#j7vtGmWR)rQ<&sJA=iQpcMsQWRG;WiIHV<#S
z<7t=d@1H+@N3DFpz&j56Carm$<-YK4;+mRkVLk0pRpq==pk4LyQ;~+nc9C1{9d)}+
zagM}kk-gDdq*$O9daVcHfv4J^V>yb+cSxR7gz}#yGx(}y#Aj9=Nq^HLrYpuk9I`o#
z6j=Fr{*oauYviLU4lFimHYJu!{nQ*+#TXHX$I%9!VRr@|BR*y#+SzDPk$e+@s;`m>
zsi?>Zf=6+^VKy8xO?tn=e-}*nO3;yZ);IPf?@9qQncyZqi!nnQ#FpJ*!r6YiPW(ww
zW5M#C57@lxDEgB)8OQ35aRj1>Zx8bn@)|bK>{<Q(_1=;*2>wVDO3`KdZ2w_fLzUvW
z)|E*KW{quLhOR;I-dZ0#;7?re!=#Q1=!3@k==0TAv6e~=sXdn&rFP2nt5q*s9eEj2
zk_I97bSS+!eTpvjpy<fxcQ+SP>5g%Q7icWkO1p=O5&-+Kg$e!I_|X*e8DBz8SLFh&
z`*)fo$-W=-?Z;2K#MV;Xa!cQQo7*GLNwO}Tbv~^$I3`iET{2WbEO;7EJc!eXGG<%6
z41dyOW6XI&VTfCGf)#gcLDD&klB8yfPI9mgxsv;)GArlS8lgY-J}N2TdAF{3iSZx(
zV(wH5A={e)FKOzupoOrNL;7=1{sws8(w~ap{!K2WhM<Cx3t*zC?Bwv7aWLW($7zxu
z-}6XvKo~y80Y21DAg@q-QO-szO6KV%f<6hPI_hItC6g%lwCyZB41fiF%8~95Yp@Vu
zDwbZc8j>U)t>a#<qef&XE>qSD-oDoYuJPn{rk2=vcW#{Gv8o<md|_eQDsHNyie_-t
z5YQ{Hs^`LV+|LkI*-?0Eh<2%1zf)n-2pxA_69Tqz31qJ5pY1yi3D%l$3T8N1hk<P7
zV&|+$p3cj8JjLVOfJ7t`K&6IMVov#QSP}1x=LWh4L`gF2l<(*<U!|gHv*lsqM#0UX
zGw}_6x}%h|M%peyZaRUlAhCH82G(jH$A}Z3pI@od^pN{vSoCRl&s;N*mIIfoTho34
zrW}ctl;)DeT>T;iT;K!?@lLVP)?OOg{{6J|J2QH{FxNMO-#A#zR|$altu8NGQufh`
zziaZ6SS%|VHt45PyG~3RQnm{D<<qdqNy0(9Mw62GR~EYJ9jdHIecs+;o0xhaIj?Wz
zX|(j21&`<mN%^7n7oP5oIdqaP6`wZ_IaZ6YSfM)mFNBY#x7j?NEIS_$LAJL49;)B)
z!d6L#e-Rw7JtQ91m*WjHWB7(U1f9j!8nx8Ma)(|tdEAS=CYTDGt3|DM@VRtgJKB($
zNUwj4FZOuV@Zo2*!SqeY6Mrc~=>1JMi>u6;=1$3o5X<l8M>JFI${KSDp#zDfgK0GL
zZ(4JN(@o{%m$eHLxZ3$~8dCJ41hORM?js{A`NR2<kCz-!;r&Sr!c8xA?p>trtY6vM
zIqfdz3DwOj#jZHP;(-rrq!JhUh;ho#!;K-8Q@r}$^~Oj};?=6d{Ay5ICrdn`Q)1jY
zde7*@T?2MG6%sxJDRGG;h6$%t^uMq_H*>Qx`K91QHadUvN|$kA?3rV&v^{$UqM)<j
z_ahKOit2tTIF7^bfT)7lq}C^6nSS03kXqKn#QQxv%70zlgiYFvys@$kEkpNCIz|h^
zK0Jo5NlZ!_XWE}tbTggox=uIGH;QDB*}e|D+_OD16*0md{?O9T0j!?t@xVXldTT_r
zqs4E3>Am_XI<2^I<8&o0WhkrNR>C0tNA^e-E!FSu*XyB+ArWO>suZ(N2)CjgH5ENw
zie0wH^BxU8zPwDJ8K+K6SL5D^7JNg^TM`^?LoyxKJ!xz;#r(tLW$QjK-A*fhz^=@9
zRmMR&wbx7)6_p_={k^P0Xp%+!tf;;rzldd<&i8bN(=`M9A((y<eH9-yq-@`uKRGob
z91iW&KgzM-&|x&bN<XF1iM)S0Gfe?SlLpAC<7zYq@l~&`izU){3-em%6Hy=L^)j|L
z92Cc>e3I7v3QO$SDg+i{lPh`mMQ<lvl;D%(azaWg%`IHNNi>8!m)%z6wQoSa`WZ%_
zb6@{aV;_IxeKICib6)M_$ka{NMmk%OMep+1v;5e|UTV6#D#f?Bq#W+f!P{VXa$ZHB
zP^Ps`A>kHKtDOv<wgYgoaFK26|8-)QkH5Ir7YyN&Z<a=^E9Y#r6_2HYAoy%2U;31i
zIURIxsL9~$9ShQn*sS~Onza1@y&{IIT1#KDk`{DP44Ua2BPZM9#sP_;<qXO)>b&t?
zCeirw;nAL<aQ&SS<Fm)neWM5G<7lhuJ5D^luZhf82RK@VhozqUd;{4(tJ!l&my!sC
z9%@`_6nuUJ@7XFa{CIEwaM5g=UrGAe#s^y+fI4Wqbq3|10LbirU|%-Qs|P{Y3_A`J
zD7R(>$3>_fE(QB+ctpRh=F3bS@#7JPoN^RBu;(|t?XFq0%dKRdE9+I(%aCfSfXTp^
zVGuBgn-B|=1_S^?C!)Zsz&CNld>0)?U2h;x?hnOkK<J174wSF8kBPe~5h%@k8W_K_
LLWGHh5moRHri7VF

literal 0
HcmV?d00001

diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml
similarity index 79%
rename from adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml
rename to adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml
index 3afc542a1b..8cf8b51b9f 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml
@@ -38,3 +38,17 @@ sdc:
 
 vnfmadapter:
   endpoint: https://so-vnfm-adapter.onap:30406
+  
+#Actuator
+management:
+  endpoints:
+    web:
+      base-path: /manage
+      exposure:
+        include: "*"
+  metrics:
+    se-global-registry: false
+    export:
+      prometheus:
+        enabled: true # Whether exporting of metrics to Prometheus is enabled.
+        step: 1m # Step size (i.e. reporting frequency) to use.
diff --git a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java
index 4cf5131747..c112d200e3 100644
--- a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java
+++ b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java
@@ -45,7 +45,7 @@ public class Constants {
     public static final String UNDERSCORE = "_";
     public static final String SPACE = "\\s+";
 
-    public static final String VNFM_ADAPTER_DEFAULT_URL = "http://so-vnfm-adapter.onap:9092/so/vnfm-adapter/v1/";
+    public static final String VNFM_ADAPTER_DEFAULT_URL = "https://so-vnfm-adapter.onap:9092/so/vnfm-adapter/v1/";
     public static final String VNFM_ADAPTER_DEFAULT_AUTH = "Basic dm5mbTpwYXNzd29yZDEk";
 
     public static final String FORWARD_SLASH = "/";
diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java
index 218cc2de03..83f079c376 100644
--- a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java
+++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java
@@ -1,5 +1,7 @@
 package org.onap.svnfm.simulator.services;
 
+import java.io.IOException;
+import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
@@ -34,10 +36,13 @@ import org.onap.svnfm.simulator.model.Vnfds;
 import org.onap.svnfm.simulator.repository.VnfOperationRepository;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.core.io.ClassPathResource;
 
 public abstract class OperationProgressor implements Runnable {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(OperationProgressor.class);
+    private static final String CERTIFICATE_TO_TRUST = "so-vnfm-adapter.crt.pem";
+
     protected final VnfOperation operation;
     protected final SvnfmService svnfmService;
     private final VnfOperationRepository vnfOperationRepository;
@@ -61,14 +66,25 @@ public abstract class OperationProgressor implements Runnable {
         String callBackUrl = subscriptionService.getSubscriptions().iterator().next().getCallbackUri();
         callBackUrl = callBackUrl.substring(0, callBackUrl.indexOf("/lcn/"));
         apiClient.setBasePath(callBackUrl);
+        apiClient.setSslCaCert(getCertificateToTrust());
         notificationClient = new DefaultApi(apiClient);
 
         final org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.ApiClient grantApiClient =
                 new org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.ApiClient();
         grantApiClient.setBasePath(callBackUrl);
+        grantApiClient.setSslCaCert(getCertificateToTrust());
         grantClient = new org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.api.DefaultApi(grantApiClient);
     }
 
+    private InputStream getCertificateToTrust() {
+        try {
+            return new ClassPathResource(CERTIFICATE_TO_TRUST).getInputStream();
+        } catch (final IOException exception) {
+            LOGGER.error("Error reading certificate to trust, https calls to VNFM adapter will fail", exception);
+            return null;
+        }
+    }
+
     @Override
     public void run() {
         try {
@@ -176,6 +192,9 @@ public abstract class OperationProgressor implements Runnable {
                     MediaType.APPLICATION_JSON, authHeader);
         } catch (final ApiException exception) {
             LOGGER.error("Error sending notification: " + notification, exception);
+            LOGGER.error("Response code: {}, body: {}, basePath: {}", exception.getCode(), exception.getResponseBody(),
+                    notificationClient.getApiClient().getBasePath());
+
         }
     }
 
diff --git a/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem b/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem
new file mode 100644
index 0000000000..3c899e3bf5
--- /dev/null
+++ b/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem
@@ -0,0 +1,30 @@
+Bag Attributes
+    friendlyName: so@so.onap.org
+    localKeyID: 54 69 6D 65 20 31 35 36 33 34 36 33 36 32 39 35 38 33 
+subject=/CN=so-vnfm-adapter/emailAddress=/OU=so@so.onap.org/OU=OSAAF/O=ONAP/C=US
+issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_9
+-----BEGIN CERTIFICATE-----
+MIIEITCCAwmgAwIBAgIILuAnLLineoYwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
+bnRlcm1lZGlhdGVDQV85MB4XDTE5MDcxODE1MjcwOVoXDTIwMDcxODE1MjcwOVow
+cDEYMBYGA1UEAwwPc28tdm5mbS1hZGFwdGVyMQ8wDQYJKoZIhvcNAQkBFgAxFzAV
+BgNVBAsMDnNvQHNvLm9uYXAub3JnMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwE
+T05BUDELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCu2NbWjFiZ5Tz5P7daCD6mqJqSWV3f+gkM2VC/UYM/43hd/2ILJbbtsv4uzS/P
+GXl3UIKBjb7zRiDCvLNMFsHCZ9/gIonG1z737S42LCrdVKq/KQ59yIOPrxYmLyiQ
+Xy81ChX77b2KvKPPeF+K/wnh5fLwlcJ18geeCoWGaMK0C/i6J/uUb9z+Ef0Nmtau
+NdXAuUnERCKMra+3kFxZwaRC/gSCy+/s6EQdeaGNiijg03AmrUx9XjrJjHbYMDVo
+OKSxtv0E4fxbfmTpHaKCuN4eg+0nEXw/eiIEuSHJuh3KKv7wRoP/hG/Tdog7x60M
+SD+hdNjCbFP6yAyMPfoxVnjHAgMBAAGjgecwgeQwCQYDVR0TBAIwADAOBgNVHQ8B
+Af8EBAMCBeAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFQGA1Ud
+IwRNMEuAFIH3mVsQuciM3vNSXupOaaBDPqzdoTCkLjAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVOCAQcwHQYDVR0OBBYEFFLrO3T4
+QybeDQ28mHgC/xT5f03qMDAGA1UdEQQpMCeCD3NvLXZuZm0tYWRhcHRlcoIUc28t
+dm5mbS1hZGFwdGVyLm9uYXAwDQYJKoZIhvcNAQELBQADggEBACe+JaVIjTku/QNp
+XoQCNN+sllSZmEHTLmYfpSzY5BY2AeJsgTYqFtAhtp6uQf8Jr993CyEyeJ4if2Z9
+J5NWoJKmY1+a63UphB1mg4sNSCuDxvbxPjtrFkOx/DiB1XEUdoifS9IQSDIIuhaD
+YP6sih1TBOh/2ityCe51Mu1J9/wgb24rlYouVtEyQeIai4dqngFHeQHeNXOnGN0z
+osEcKSYa0C+ZOAomBMT58C2aDz9vyI8YPuzwVSDKndmXUgvrkkVnxk3qJRtghDQc
+RV+4SeZg8s4+5DxKL4AL15IAaAPMJHi+MRtfm7qNzqCEl5sAEzO7S4oVHeWLNFV8
+a9PHErg=
+-----END CERTIFICATE-----
-- 
2.16.6