summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2023-07-19 12:51:59 +0200
committercyBerta <cyberta@riseup.net>2023-07-19 12:51:59 +0200
commit49742738417fb3db7e60813ca170dffaab65c8c1 (patch)
tree27453a11c16247eb6cc6c5cee357f1ef285871db
parent33216d22493fa413996a49df2b1ab1def47f9fa0 (diff)
always provide private VPN key over management interface, avoid exposing it in persisted openvpn config. The private key is stored encrypted instead
-rw-r--r--app/src/main/java/de/blinkt/openvpn/VpnProfile.java19
-rw-r--r--app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java2
-rw-r--r--app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java1
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java11
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java56
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java5
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java9
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java3
-rw-r--r--app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java5
-rw-r--r--app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java357
-rw-r--r--app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java28
-rw-r--r--app/src/test/resources/v4/riseup.net.cert96
12 files changed, 145 insertions, 447 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 9f722dfe..780ac9d8 100644
--- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -76,6 +76,7 @@ import de.blinkt.openvpn.core.connection.Connection;
import de.blinkt.openvpn.core.connection.ConnectionAdapter;
import se.leap.bitmaskclient.BuildConfig;
import se.leap.bitmaskclient.R;
+import se.leap.bitmaskclient.base.models.ProviderObservable;
public class VpnProfile implements Serializable, Cloneable {
// Note that this class cannot be moved to core where it belongs since
@@ -442,8 +443,9 @@ public class VpnProfile implements Serializable, Cloneable {
cfg.append(insertFileData("ca", mCaFilename));
// Client Cert + Key
- cfg.append(insertFileData("key", mClientKeyFilename));
cfg.append(insertFileData("cert", mClientCertFilename));
+ mPrivateKey = ProviderObservable.getInstance().getCurrentProvider().getRSAPrivateKey();
+ cfg.append("management-external-key nopadding pkcs1 pss digest\n");
break;
case VpnProfile.TYPE_USERPASS_PKCS12:
@@ -761,7 +763,7 @@ public class VpnProfile implements Serializable, Cloneable {
public Intent prepareStartService(Context context) {
Intent intent = getStartServiceIntent(context);
- // TODO: Handle this?!
+ // This can remain outcommented for now, Bitmask uses VpnProfile.TYPE_CERTIFICATE
// if (mAuthenticationType == VpnProfile.TYPE_KEYSTORE || mAuthenticationType == VpnProfile.TYPE_USERPASS_KEYSTORE) {
// if (getKeyStoreCertificates(context) == null)
// return null;
@@ -843,6 +845,14 @@ public class VpnProfile implements Serializable, Cloneable {
return ExtAuthHelper.getCertificateChain(context, mExternalAuthenticator, mAlias);
}
+ /**
+ * returns an array certificates, depending on the profile type either from the keychain or an external cert provider
+ * @param context
+ * @return pem encoded certificates, where:
+ * [0] is the ca cert
+ * [1] is an optional extra cert
+ * [2] is the vpn certificate
+ */
public String[] getExternalCertificates(Context context) {
return getExternalCertificates(context, 5);
}
@@ -977,8 +987,9 @@ public class VpnProfile implements Serializable, Cloneable {
if (mUseTLSAuth && TextUtils.isEmpty(mTLSAuthFilename))
return R.string.missing_tlsauth;
- if ((mAuthenticationType == TYPE_USERPASS_CERTIFICATES || mAuthenticationType == TYPE_CERTIFICATES)
- && (TextUtils.isEmpty(mClientCertFilename) || TextUtils.isEmpty(mClientKeyFilename)))
+ if ((mAuthenticationType == TYPE_USERPASS_CERTIFICATES &&
+ (TextUtils.isEmpty(mClientCertFilename) || (TextUtils.isEmpty(mClientKeyFilename)))) ||
+ mAuthenticationType == TYPE_CERTIFICATES && TextUtils.isEmpty(mClientCertFilename))
return R.string.missing_certificates;
if ((mAuthenticationType == TYPE_CERTIFICATES || mAuthenticationType == TYPE_USERPASS_CERTIFICATES)
diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
index e8d333e3..ff27a5a2 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
@@ -70,9 +70,7 @@ public class ConfigParser {
"management",
"management-client",
"management-query-remote",
- "management-query-passwords",
"management-query-proxy",
- "management-external-key",
"management-forget-disconnect",
"management-signal",
"management-log-cache",
diff --git a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
index 80427a03..67636762 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
@@ -5,7 +5,6 @@
package de.blinkt.openvpn.core;
-import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java
index 08e13cf6..14c78cc3 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java
@@ -29,6 +29,7 @@ import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_ALLOW_ANONYMO
import static se.leap.bitmaskclient.base.models.Constants.TRANSPORT;
import static se.leap.bitmaskclient.base.models.Constants.TYPE;
import static se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper.useObfsVpn;
+import static se.leap.bitmaskclient.base.utils.ConfigHelper.RSAHelper.parseRsaKeyFromString;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.ERRORS;
import android.os.Parcel;
@@ -44,6 +45,7 @@ import org.json.JSONObject;
import java.net.MalformedURLException;
import java.net.URL;
+import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Locale;
@@ -79,6 +81,8 @@ public final class Provider implements Parcelable {
private String caCert = "";
private String apiVersion = "";
private String privateKey = "";
+
+ private transient RSAPrivateKey rsaPrivateKey = null;
private String vpnCertificate = "";
private long lastEipServiceUpdate = 0L;
private long lastGeoIpUpdate = 0L;
@@ -701,6 +705,13 @@ public final class Provider implements Parcelable {
return privateKey;
}
+ public RSAPrivateKey getRSAPrivateKey() {
+ if (rsaPrivateKey == null) {
+ rsaPrivateKey = parseRsaKeyFromString(privateKey);
+ }
+ return rsaPrivateKey;
+ }
+
public void setPrivateKey(String privateKey) {
this.privateKey = privateKey;
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
index 2412efdd..9289738a 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
@@ -131,35 +131,37 @@ public class ConfigHelper {
return null;
}
- public static RSAPrivateKey parseRsaKeyFromString(String rsaKeyString) {
- RSAPrivateKey key;
- try {
- KeyFactory kf;
- if (Build.VERSION.SDK_INT < Build.VERSION_CODES.P) {
- kf = KeyFactory.getInstance("RSA", "BC");
- } else {
- kf = KeyFactory.getInstance("RSA");
+ public static class RSAHelper {
+ public static RSAPrivateKey parseRsaKeyFromString(String rsaKeyString) {
+ RSAPrivateKey key;
+ try {
+ KeyFactory kf;
+ if (Build.VERSION.SDK_INT < Build.VERSION_CODES.P) {
+ kf = KeyFactory.getInstance("RSA", "BC");
+ } else {
+ kf = KeyFactory.getInstance("RSA");
+ }
+ rsaKeyString = rsaKeyString.replaceFirst("-----BEGIN RSA PRIVATE KEY-----", "").replaceFirst("-----END RSA PRIVATE KEY-----", "");
+ PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.decode(rsaKeyString));
+ key = (RSAPrivateKey) kf.generatePrivate(keySpec);
+ } catch (InvalidKeySpecException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return null;
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ return null;
+ } catch (NullPointerException e) {
+ e.printStackTrace();
+ return null;
+ } catch (NoSuchProviderException e) {
+ e.printStackTrace();
+ return null;
}
- rsaKeyString = rsaKeyString.replaceFirst("-----BEGIN RSA PRIVATE KEY-----", "").replaceFirst("-----END RSA PRIVATE KEY-----", "");
- PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.decode(rsaKeyString));
- key = (RSAPrivateKey) kf.generatePrivate(keySpec);
- } catch (InvalidKeySpecException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- return null;
- } catch (NoSuchAlgorithmException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- return null;
- } catch (NullPointerException e) {
- e.printStackTrace();
- return null;
- } catch (NoSuchProviderException e) {
- e.printStackTrace();
- return null;
- }
- return key;
+ return key;
+ }
}
private static String byteArrayToHex(byte[] input) {
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
index d114665b..5e05b7c1 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
@@ -22,7 +22,6 @@ import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN
import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT;
import static se.leap.bitmaskclient.base.models.Constants.GATEWAYS;
import static se.leap.bitmaskclient.base.models.Constants.HOST;
-import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY;
import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE;
import static se.leap.bitmaskclient.base.models.Constants.SORTED_GATEWAYS;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningCert;
@@ -124,6 +123,7 @@ public class GatewaysManager {
GatewaySelector gatewaySelector;
+
public GatewaysManager(Context context) {
this.context = context;
configureFromCurrentProvider();
@@ -392,7 +392,6 @@ public class GatewaysManager {
try {
JSONObject eipDefinition = provider.getEipServiceJson();
JSONObject secrets = secretsConfigurationFromCurrentProvider();
-
JSONArray gatewaysDefined = new JSONArray();
try {
gatewaysDefined = eipDefinition.getJSONArray(GATEWAYS);
@@ -488,10 +487,8 @@ public class GatewaysManager {
private JSONObject secretsConfigurationFromCurrentProvider() {
JSONObject result = new JSONObject();
Provider provider = ProviderObservable.getInstance().getCurrentProvider();
-
try {
result.put(Provider.CA_CERT, provider.getCaCert());
- result.put(PROVIDER_PRIVATE_KEY, provider.getPrivateKey());
result.put(PROVIDER_VPN_CERTIFICATE, provider.getVpnCertificate());
} catch (JSONException e) {
e.printStackTrace();
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
index 2c22d4f7..fa2ab352 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
@@ -490,13 +490,6 @@ public class VpnConfigGenerator {
+ newLine
+ "</ca>";
- String key =
- "<key>"
- + newLine
- + secrets.getString(PROVIDER_PRIVATE_KEY)
- + newLine
- + "</key>";
-
String openvpnCert =
"<cert>"
+ newLine
@@ -504,7 +497,7 @@ public class VpnConfigGenerator {
+ newLine
+ "</cert>";
- return ca + newLine + key + newLine + openvpnCert;
+ return ca + newLine + openvpnCert;
} catch (JSONException e) {
e.printStackTrace();
return "";
diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java
index 14308875..fdaef28b 100644
--- a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java
+++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java
@@ -43,13 +43,12 @@ import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY;
import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE;
import static se.leap.bitmaskclient.base.models.Provider.CA_CERT;
import static se.leap.bitmaskclient.base.models.Provider.GEOIP_URL;
-import static se.leap.bitmaskclient.base.models.Provider.MOTD_URL;
import static se.leap.bitmaskclient.base.models.Provider.PROVIDER_API_IP;
import static se.leap.bitmaskclient.base.models.Provider.PROVIDER_IP;
+import static se.leap.bitmaskclient.base.utils.ConfigHelper.RSAHelper.parseRsaKeyFromString;
import static se.leap.bitmaskclient.base.utils.ConfigHelper.getDomainFromMainURL;
import static se.leap.bitmaskclient.base.utils.ConfigHelper.getFingerprintFromCertificate;
import static se.leap.bitmaskclient.base.utils.ConfigHelper.getProviderFormattedString;
-import static se.leap.bitmaskclient.base.utils.ConfigHelper.parseRsaKeyFromString;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.deleteProviderDetailsFromPreferences;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getFromPersistedProvider;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getLongFromPersistedProvider;
diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java
index 45a20b1c..feeaf796 100644
--- a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java
+++ b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java
@@ -87,6 +87,7 @@ import static se.leap.bitmaskclient.testutils.MockHelper.mockConfigHelper;
import static se.leap.bitmaskclient.testutils.MockHelper.mockIntent;
import static se.leap.bitmaskclient.testutils.MockHelper.mockPreferenceHelper;
import static se.leap.bitmaskclient.testutils.MockHelper.mockProviderApiConnector;
+import static se.leap.bitmaskclient.testutils.MockHelper.mockRSAHelper;
import static se.leap.bitmaskclient.testutils.MockHelper.mockResources;
import static se.leap.bitmaskclient.testutils.MockHelper.mockResultReceiver;
import static se.leap.bitmaskclient.testutils.MockHelper.mockTextUtils;
@@ -102,7 +103,7 @@ import static se.leap.bitmaskclient.testutils.TestSetupHelper.getProvider;
*/
@RunWith(PowerMockRunner.class)
-@PrepareForTest({ProviderApiManager.class, TextUtils.class, ConfigHelper.class, ProviderApiConnector.class, PreferenceHelper.class, TorStatusObservable.class, android.util.Base64.class})
+@PrepareForTest({ProviderApiManager.class, TextUtils.class, ConfigHelper.RSAHelper.class, ConfigHelper.class, ProviderApiConnector.class, PreferenceHelper.class, TorStatusObservable.class, android.util.Base64.class})
public class ProviderApiManagerTest {
private SharedPreferences mockPreferences;
@@ -805,6 +806,7 @@ public class ProviderApiManagerTest {
Provider provider = getConfiguredProviderAPIv4();
mockConfigHelper(" a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494");
+ mockRSAHelper();
mockBase64();
mockProviderApiConnector(ERROR_DNS_RESUOLUTION_TOR_FALLBACK);
@@ -849,6 +851,7 @@ public class ProviderApiManagerTest {
mockConfigHelper(" a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494");
mockBase64();
+ mockRSAHelper();
mockProviderApiConnector(NO_ERROR_API_V4);
mockPreferences.edit().putBoolean(USE_BRIDGES, true).putBoolean(USE_SNOWFLAKE, true).commit();
diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
index 93231055..3f011a65 100644
--- a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
+++ b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
@@ -13,6 +13,7 @@ import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4;
import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4_HOP;
import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN;
import static se.leap.bitmaskclient.base.models.Constants.OPENVPN_CONFIGURATION;
+import static se.leap.bitmaskclient.testutils.MockHelper.mockRSAHelper;
import static se.leap.bitmaskclient.testutils.MockHelper.mockTextUtils;
import android.content.Context;
@@ -38,6 +39,7 @@ import de.blinkt.openvpn.core.ConfigParser;
import de.blinkt.openvpn.core.connection.Connection;
import de.blinkt.openvpn.core.connection.Obfs4Connection;
import de.blinkt.openvpn.core.connection.Obfs4HopConnection;
+import se.leap.bitmaskclient.base.models.ProviderObservable;
import se.leap.bitmaskclient.base.utils.ConfigHelper;
import se.leap.bitmaskclient.testutils.MockHelper;
import se.leap.bitmaskclient.testutils.TestSetupHelper;
@@ -46,7 +48,7 @@ import se.leap.bitmaskclient.testutils.TestSetupHelper;
* Created by cyberta on 03.10.17.
*/
@RunWith(PowerMockRunner.class)
-@PrepareForTest({Log.class, TextUtils.class, PreferenceManager.class, ConfigHelper.ObfsVpnHelper.class})
+@PrepareForTest({Log.class, TextUtils.class, PreferenceManager.class, ProviderObservable.class, ConfigHelper.RSAHelper.class, ConfigHelper.ObfsVpnHelper.class})
public class VpnConfigGeneratorTest {
@Mock(answer = Answers.RETURNS_DEEP_STUBS)
@@ -111,32 +113,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -162,6 +138,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"remote-cert-tls server\n" +
"data-ciphers AES-128-CBC\n" +
@@ -232,32 +209,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -283,6 +234,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"remote-cert-tls server\n" +
"data-ciphers AES-128-CBC\n" +
@@ -352,32 +304,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -403,6 +329,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"route 37.218.247.60 255.255.255.255 net_gateway\n"+
"remote-cert-tls server\n" +
@@ -473,32 +400,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -524,6 +425,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"route 37.218.247.60 255.255.255.255 net_gateway\n"+
"remote-cert-tls server\n" +
@@ -595,32 +497,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -646,6 +522,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"remote-cert-tls server\n" +
"data-ciphers AES-128-CBC\n" +
@@ -716,32 +593,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -767,6 +618,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"remote-cert-tls server\n" +
"data-ciphers AES-128-CBC\n" +
@@ -837,32 +689,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -888,6 +714,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"remote-cert-tls server\n" +
"data-ciphers AES-256-GCM:AES-128-GCM:AES-128-CBC\n" +
@@ -960,32 +787,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -1011,6 +812,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"comp-lzo\n" +
"nobind\n"+
@@ -1087,32 +889,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -1138,6 +914,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"comp-lzo\n" +
"nobind\n"+
@@ -1222,32 +999,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -1273,6 +1024,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"comp-lzo\n" +
"nobind\n"+
@@ -1350,32 +1102,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -1401,6 +1127,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"nobind\n"+
"remote-cert-tls server\n" +
@@ -1475,32 +1202,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -1526,6 +1227,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"route 192.81.208.164 255.255.255.255 net_gateway\n"+
"tun-mtu 48000\n"+
@@ -1604,32 +1306,6 @@ public class VpnConfigGeneratorTest {
"-----END CERTIFICATE-----\n" +
"\n" +
"</ca>\n" +
- "<key>\n" +
- "-----BEGIN RSA PRIVATE KEY-----\n" +
- "MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDUTYWeGgsHS+fjijmziniNqw6h\n" +
- "MBpyK4S/cM6PxV28C33VuOWPTMcIYesctjZANWFCggfFTQSjV5Qaxq9UK4i27tayLbCdlVS6hpbl\n" +
- "Vf4DuI3Gj1Pv1rtITBShtvCf3T7yBnjW4wVpOpsUAAOViKUSvUU3kPPMFWhiGQw8yHYr82ts6XMo\n" +
- "jwMoonW5Ml4e7C7Cr22QesC63q7emNcpUd0pZGT9C33RgDAHZDMrlyjo4HEp1JbUfB0gbmXElJbE\n" +
- "1TNdZ62HhgmMjzTUN1GGrQ1t91AEoEQwaK65o4YSj+yFv6KXZZz5OWaz94tKiN9v26EXtBFmRlyb\n" +
- "6+D9ynSd9LghAgMBAAECggEBANPHLRXkhsHVj1EkzqBx7gXr8CEMmiTvknFh9zvltrZhhDoRQjWr\n" +
- "chPDkcRHY2Cznvy4N0YyqQDD2ULIlZdSAgPxxothFoBruWSD47yMBmLx08ORsDpcqt/YvPAATJI8\n" +
- "IpFNsXcyaXBp/M57oRemgnxp/8UJPJmFdWX99H4hvffh/jdj7POgYiWUaAl37XTYZKZ4nzKU2wpL\n" +
- "EDLj9RKPz9gG7CYp2zrLC9LaAsrXVrKwPBw6g+XwbClaqFj97db3mrY4lr6mTo89qmus1AU+fBDH\n" +
- "3Xlpmc8JwB+30TvhRNKrpLx9cEjuEj7K1gm8Y4dWCjPi+lNbtAyUBcgPJFa/81ECgYEA7pLoBU/Y\n" +
- "ZYjyHFca8FvDBcBh6haHfqJr9doXWtgjDrbi3o2n5wHqfKhFWOH6vPEQozkOVeX1ze6HOiRmGBpW\n" +
- "r+r7x8TD25L7I6HJw3M351RWOAfkF0w/RTVdetcTgduQtfN1u6BDhYSVceXMjyQYx7MhfETWI8Gh\n" +
- "KSYm8OEDYiUCgYEA489fmbrCcUnXzpTsbswJ5NmSoEXbcX8cLxnQuzE0z9GHhQdrMjOpXR76reTW\n" +
- "6jcuudarNcwRUYSWWhjCDKHhpx4HhasWPaHgr7jIzcRw8yZSJRSxKr8sl1qh6g7s47JcmfXOMWLt\n" +
- "yuyE933XrT19Th4ODZHY40Uv35mPjMi9d00CgYEAyRNAQtndBRa7GG/B4Ls2T+6pl+aNJIo4e+no\n" +
- "rURlp800wWabEPRocdBRQmyULBLxduBr2LIMzhgwGSz8b2wji/l9ZA3PFY135bxClVzSzUIjuO3N\n" +
- "rGUzHl2wAAyuAFDSUshzfkPBJRNt8aVBF5PQ3t93ZYmPAmv8LPZe875yX5ECgYEAsUEcwK/ZNW7g\n" +
- "dQPZR4iJNkC4Xu6cBZ6Cnn92swBheEYvLSoNlX0vDZ7aLE3/jzQqrjzC8NP8sbH5jtbuvgeDXZX3\n" +
- "AmGRp5j6C6A61ihAPmEVz3ZfN8SSfJ3vl//PAIg6lyz0J+cy4Q7RkwSeuVQ72Hl4M8TEvmmKC3Af\n" +
- "ispy6Y0CgYEAgl1o2lo+ACyk+oVQPaaPqK3d7WOBFp4eR2nXFor/vsx9igQOlZUgzRDQsR8jo1o9\n" +
- "efOSBf87igrZGgssys89pWa2dnXnz5PMmzkKr6bw4D9Ez6u6Puc9UZhGw/8wDYg6fSosdB9utspm\n" +
- "M698ycef7jBNMDgmhpSvfw5GctoNQ4s=\n" +
- "-----END RSA PRIVATE KEY-----\n" +
- "</key>\n" +
"<cert>\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEjDCCAnSgAwIBAgIQG6MBp/cd9DlY+7cdvp3R3jANBgkqhkiG9w0BAQsFADBmMRAwDgYDVQQK\n" +
@@ -1655,6 +1331,7 @@ public class VpnConfigGeneratorTest {
"K2ZoknT+Nno5jgjFuUR3fZseNizEfx7BteooKQ==\n" +
"-----END CERTIFICATE-----\n" +
"</cert>\n" +
+ "management-external-key nopadding pkcs1 pss digest\n" +
"# crl-verify file missing in config profile\n" +
"route 192.81.208.164 255.255.255.255 net_gateway\n"+
"route 192.81.208.165 255.255.255.255 net_gateway\n"+
@@ -1691,6 +1368,8 @@ public class VpnConfigGeneratorTest {
context = MockHelper.mockContext();
mockTextUtils();
mockStatic(PreferenceManager.class);
+ MockHelper.mockProviderObservable(TestSetupHelper.getConfiguredProvider());
+ MockHelper.mockRSAHelper();
SharedPreferences preferences = mock(SharedPreferences.class, RETURNS_DEEP_STUBS);
when(PreferenceManager.getDefaultSharedPreferences(any(Context.class))).thenReturn(preferences);
when(preferences.getBoolean("usesystemproxy", true)).thenReturn(true);
diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java b/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java
index c272970d..4ef8b9cc 100644
--- a/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java
+++ b/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java
@@ -422,17 +422,11 @@ public class MockHelper {
mockStatic(android.util.Base64.class);
when(android.util.Base64.encodeToString(any(), anyInt())).thenAnswer(invocation -> Arrays.toString(Base64.getEncoder().encode((byte[]) invocation.getArguments()[0])));
}
- public static void mockConfigHelper(String mockedFingerprint) throws CertificateEncodingException, NoSuchAlgorithmException {
- mockStatic(ConfigHelper.class);
- when(ConfigHelper.getFingerprintFromCertificate(any(X509Certificate.class), anyString())).thenReturn(mockedFingerprint);
- when(ConfigHelper.checkErroneousDownload(anyString())).thenCallRealMethod();
- when(ConfigHelper.parseX509CertificatesFromString(anyString())).thenCallRealMethod();
- when(ConfigHelper.getProviderFormattedString(any(Resources.class), anyInt())).thenCallRealMethod();
- when(ConfigHelper.timezoneDistance(anyInt(), anyInt())).thenCallRealMethod();
- when(ConfigHelper.isIPv4(anyString())).thenCallRealMethod();
- when(ConfigHelper.isDefaultBitmask()).thenReturn(true);
- when(ConfigHelper.getDomainFromMainURL(anyString())).thenCallRealMethod();
- when(ConfigHelper.parseRsaKeyFromString(anyString())).thenReturn(new RSAPrivateKey() {
+
+ public static void mockRSAHelper() {
+ mockStatic(ConfigHelper.RSAHelper.class);
+
+ when(ConfigHelper.RSAHelper.parseRsaKeyFromString(anyString())).thenReturn(new RSAPrivateKey() {
@Override
public BigInteger getPrivateExponent() {
return BigInteger.TEN;
@@ -460,6 +454,18 @@ public class MockHelper {
});
}
+ public static void mockConfigHelper(String mockedFingerprint) throws CertificateEncodingException, NoSuchAlgorithmException {
+ mockStatic(ConfigHelper.class);
+ when(ConfigHelper.getFingerprintFromCertificate(any(X509Certificate.class), anyString())).thenReturn(mockedFingerprint);
+ when(ConfigHelper.checkErroneousDownload(anyString())).thenCallRealMethod();
+ when(ConfigHelper.parseX509CertificatesFromString(anyString())).thenCallRealMethod();
+ when(ConfigHelper.getProviderFormattedString(any(Resources.class), anyInt())).thenCallRealMethod();
+ when(ConfigHelper.timezoneDistance(anyInt(), anyInt())).thenCallRealMethod();
+ when(ConfigHelper.isIPv4(anyString())).thenCallRealMethod();
+ when(ConfigHelper.isDefaultBitmask()).thenReturn(true);
+ when(ConfigHelper.getDomainFromMainURL(anyString())).thenCallRealMethod();
+ }
+
public static void mockPreferenceHelper(final Provider providerFromPrefs) {
// FIXME use MockSharedPreferences instead of provider
mockStatic(PreferenceHelper.class);
diff --git a/app/src/test/resources/v4/riseup.net.cert b/app/src/test/resources/v4/riseup.net.cert
index e8c0d36f..f9b15e9f 100644
--- a/app/src/test/resources/v4/riseup.net.cert
+++ b/app/src/test/resources/v4/riseup.net.cert
@@ -1,54 +1,54 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAwF9+LpDoovTjKiTTfehwyzaDMtd0590AK/wiqvq5VD5ApLDR
-CFesLkHKP2KVNmDZkhqHcUNezPoGCoVuc1De09B/65t/VEkwt3SkHm7P+bMwXL9m
-x9XTzBTO0U/6PRyl374+QmDo2dapSL+KhncLxxrRbbj6U15b/Q3AbAXuNYyLgjSw
-qlWAfob8DWv/olN0xH0+J/m6WH/TfNR5qpTTez1a31mrWODXdlFZw0kBepZ+UY3r
-nCQvDM64QHmM9TtpOJCQU6uHoW5DvLkrP3D/gCfNb92oitR9QYzX6bq1YvlPdCNH
-p0hj3mc77p82VBnKhBEPE5EbbUvh0uoI/pfD/wIDAQABAoIBAFg68/qTh79FpfKs
-VTvIIgNyCxaEbx/w4qVJzPSybdHPg4KFfjnfTB8jGYmcw2bfYKp79GbkSVSlz6N/
-szq8epaXaDQ9a1bTAr8BhkxW8phJsQK43oEE91EAsiKaFeF1hDZsYM28+M8Afz/Y
-acZmT0aQbEFwt48JFhOn/PsOdUSlVy2u4OcrsgvPzaoj4CWw0xE3pcl1fp5wXEu4
-DZljG0J89grOkKQcceTlhXY0wV5PAVcNBp6mf+xQ4J2BU3knpva9oh64hMLJO2Nc
-Epik6CDxIrmQXcepTWhP7XI/7qkT8X+aDUTeGwz8ija1aDhPADvYaVvmZ4JJ8M/P
-/xaEpHECgYEA7xWEOAKebizKsPYHyL6r+FJ/M+HkPiIfjQh0tMl4pL+wsqtQtm0r
-0z8FcyyWG20WLzUYHqPpIXvD1SiMEi5azR9+SN1WDEldr6fE+Rm3OpmXn9hNPvMd
-U944X0liWxmcWnHoQ2Fi9otMUCbsDkIX1+nU9XNjIxdOnJwO++GyUn0CgYEAzfvo
-k1AA2fEau5mEHbvwuYckZDyNGG3qLJAIrm8DGndGvv8SakcEBNW3F0paDecR5jvm
-vLSHccTi6wLKDuGPRc07bOHhJVReVgGBhnDza/gDEs8ebaV8jngvVvdXeejcoxSQ
-Cqt9n8lJ6CiF1sDzYRN5s2uvAXFrGDI7joOG3SsCgYEAjcWGh+gVpmNtNg5Og119
-gFz7DPrwa1+0sd7HxcSKg7cfwnMQA30tNbDzPF6+DDldpFSpntG3lqFbePT4Sneu
-ZGA+dFq7gcGnilfD16rGGjuly6Vp+OAVDfyCFQ7hAgBn1MIi5oHDO0tSz1ylMbdD
-iEcifwITUWWqufdYc0hcg8kCgYBxcn+qutJtNoSRtEB2m+8+T3c0mcDgJpFmD8Io
-SE3+Qpk9UoDS9d/5xbc8ZZ/prk1Gb9FqN0et2lFcPEILJiHhwOIs2s9E3w3B8rxi
-zkzTN1qB/n70xsMuOHViQYH1S9JRI18d8UuUOKmy6rakC8s/uRk7P2C4u73PKsNw
-f3JE1wKBgByE4vJckmwTEbhlNVMI4qlX6vdtT9S6lzgkN9vm+XEPfyn2LARSECqt
-5seVEy8Rs7f/uCiAbY3yGcVwtou86Y3ODxxd0JkA3RUqO25Qep7DPvk4mTUjwDgT
-MHlq0f2Cm/KqwbWLcnwy6c6r5u48vB5cRH/sMG97IUd0vUx3X6xK
+MIIEpAIBAAKCAQEA4qT69bshUibDvQI6CxjHCr2CkqNfY5n+eimMS81npH4dugXk
+2q+tfn87TtSpMUAjjykcUAhX4WEn982vxRfkxjDPhpcoJ1jIQIMnwbT2MpufEagU
+RtK79MHL4uuyfuWVqtwxW9gI/iDI4WiUlaZX+THGcMjQFSlRQ2PJCv8BUSoRsqkA
+VW8XWK6ALLh3pOGbDNmuC2Az5QZF7CPBbU7X/RjRyR80Cm1++tj4pA1JXLc5fvx2
+kGVM6xUnihiaczbVM/6SlRNhSzIEdZFAqC30G3AxqJwd7K39y+H2cfBIH8aVUOp+
+5d540ynCRoOc3zuxEFsOzOx3Xvl9JZlrx9pqMwIDAQABAoIBAQC3LzWP66Hw7lgC
+qowTcAFgku+4acetj0f5oR8+HVUJxM1uD1l7z8ZgmaFsA8KEhhy3lzjFDxlIluhh
+B6RrnvZPoh/53q6brsycJ+W4UPU0zkdxU/Kfk7BLEWAjlvF8Uz/3C2Xxn9kU3Za/
+aXG+yuYMCckkW4qjr/N4jmxuMNH1sI8/jYZBDR7EEJiwNNQPYyxNkmWDusYtKvp3
+YEd0JpUmM3ODVpLlQtFAd4Fg6qfgkNiN8GrgQIKszCAkmUETL/IJmhjDG/dRWHBn
+zViYFp393JyC7aq47FAWGr9LIkJLfhMXTbQiOx5pvPCY9x1748S3Sboc+A8Hn8lU
+d8fpmXwBAoGBAPu6KGQhTwl3cGQQPwJfXrR8c/ACh1krmwlVO2AUdjcyTUgC4D2k
+nlKrCCCVQkihjBCzI1Vefw6dhu64YBa+iH0p+RB+meyP+2LYfO1V8fDEMisgHZKh
++GCJIVXTBZAyCUJlJMFwlLc5+HCzBhsyyn4WC3akvZQOscPQkTFco6kzAoGBAOZ9
+1FE9/z/MWR9Jk9+iK/8aH2sDk+sC83qEUROkJxRab7RPWwfurde/rMz/feUA6fK4
+w1k7+WMOTGIgp62a6C2tCRA80zOJ2eEHseVu1G71QbTW834unY+P7iMcPJw8uiGg
+z1dKWyRZqYMJZ8QQPuUnJg2uP2WwJtr/QIUv6DsBAoGBAIjNAmZoM6vRXSMEMTn4
+2l77w4YL2cJ8ECViTIJKnHQiwh0Acx0M+X2ztRcABqWyJYxtziX21NX8hff1+0Jh
+CYv7438zTjNhjByLyliw/Gr8NMd7DJdDrtfHrnYV2FAk4SNUFEWMCUYKGxokMI1X
+bPRYxqITpXNxCOqBzmYlEkxBAoGAFS7FP34qIivemPCDJY9a6cP11Tjr9DI+PClC
+5kI00TsKfxC39f+qfGSCNgjZAh3WYlc2pNHNNpxOysnjfyH4apI3fgWJB3iIzJSP
+dd18qoHhuwPyNsuD8Xix0wo6S8WM+aA0zfnobGvNF1za63ruvNKfPayg6PCKcZ/5
+xwPDHQECgYBWe0m//LMvBsAtf2ekfIIXarRlfMWAYA5Rc1se+IxEVtThDE3p03N6
+sA2KS/vqandJb+T2MyzRY+4gclwLsMVw+gdXdurO+uywtJmQ67h4tcesfchdiMPw
+JkggjfsewFyhbBnpGqrkvts20WbHWHLa9EBsA+1M4lJe/mhAlcdL9g==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIEmzCCAoOgAwIBAgIQIKutrfucdU13oecG2QmRBTANBgkqhkiG9w0BAQsFADB1
+MIIEmzCCAoOgAwIBAgIQKB/oFW/IM1XFSMBk4QgsSTANBgkqhkiG9w0BAQsFADB1
MRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlz
ZXVwLm5ldDE8MDoGA1UEAwwzUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EgKGNsaWVu
-dCBjZXJ0aWZpY2F0ZXMgb25seSEpMB4XDTIzMDIyODAwMDAwMFoXDTIzMDUzMTAw
-MDAwMFowLTErMCkGA1UEAwwiVU5MSU1JVEVENG9oejc5a2dkcDZwYWtvMWZhOXN3
-dGtyOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBffi6Q6KL04yok
-033ocMs2gzLXdOfdACv8Iqr6uVQ+QKSw0QhXrC5Byj9ilTZg2ZIah3FDXsz6BgqF
-bnNQ3tPQf+ubf1RJMLd0pB5uz/mzMFy/ZsfV08wUztFP+j0cpd++PkJg6NnWqUi/
-ioZ3C8ca0W24+lNeW/0NwGwF7jWMi4I0sKpVgH6G/A1r/6JTdMR9Pif5ulh/03zU
-eaqU03s9Wt9Zq1jg13ZRWcNJAXqWflGN65wkLwzOuEB5jPU7aTiQkFOrh6FuQ7y5
-Kz9w/4AnzW/dqIrUfUGM1+m6tWL5T3QjR6dIY95nO+6fNlQZyoQRDxORG21L4dLq
-CP6Xw/8CAwEAAaNvMG0wHQYDVR0OBBYEFBW4dMo4Un6EVU+I87yL7WSuy9IAMAsG
+dCBjZXJ0aWZpY2F0ZXMgb25seSEpMB4XDTIzMDYxOTAwMDAwMFoXDTIzMDkxOTAw
+MDAwMFowLTErMCkGA1UEAwwiVU5MSU1JVEVEMjV2bzYxZ3U5Mzc5NjhyeXJvdWts
+YnJnZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKk+vW7IVImw70C
+OgsYxwq9gpKjX2OZ/nopjEvNZ6R+HboF5NqvrX5/O07UqTFAI48pHFAIV+FhJ/fN
+r8UX5MYwz4aXKCdYyECDJ8G09jKbnxGoFEbSu/TBy+Lrsn7llarcMVvYCP4gyOFo
+lJWmV/kxxnDI0BUpUUNjyQr/AVEqEbKpAFVvF1iugCy4d6ThmwzZrgtgM+UGRewj
+wW1O1/0Y0ckfNAptfvrY+KQNSVy3OX78dpBlTOsVJ4oYmnM21TP+kpUTYUsyBHWR
+QKgt9BtwMaicHeyt/cvh9nHwSB/GlVDqfuXeeNMpwkaDnN87sRBbDszsd175fSWZ
+a8faajMCAwEAAaNvMG0wHQYDVR0OBBYEFBwYCc4Ox1Fb2/tWgQVu+k/SAakHMAsG
A1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAJBgNVHRMEAjAAMB8GA1Ud
-IwQYMBaAFBf0G9XlKgEBTWuiXTYKKQmWZYBGMA0GCSqGSIb3DQEBCwUAA4ICAQBc
-Ah7+JUyBDDjHJRtRlkIW5jaBMqtIa6D6WXglfMuKaUs2dXYF2DMUFJH8GPEdvazY
-C0IXsZb60WnxSmGxJyAFEe1nWzzZ494lAxSjNmkpCBrqaMISABIvqjCViO5ozZ77
-tKcqZVSjuIQvOtjwsYcTkOn9LR+F1Jzlr8K3mtukhy1U1heYY1EZNH5DMlqDGtyI
-gJfxZiNu1en46Qfx4EenVKCe4pk3RWhXNlv/1XOyRLrz8T7L8LbcOWCkU07N9Qgj
-8SnbzRin/uUNUNjZ00sbcr2NJmmecOZXLz4td/+sGBbONhiPtkU5gbzoXsCUS9Fd
-li0lHDmj4aso934eWwS5xUi5vii2jqgr7STi99JlDR1x+wT56fbWa1EB9J7GWubh
-jMoyoAq6Fs0fl8p+vLSft4TYj/mXcvXJbIPZjqk1oTXm7wGJnh7uXA1NPRS69pUr
-+Z7xEjDXN0SN81xFEBZx7CHXxOlMRa8e9Ch6EvxWfUzzT18rsNpWhYW6XikMFvuQ
-XXDg2vnqXQa5JvOZrmeQ4HqDa+7lm8jBbpPJpWasTE+ebBlHEkaxBBxYqi6/bxXJ
-xNGx9hJA8yoVwURAYkQ8zgfjjx3lEd0zzlRn0sVYWIBxamHisqNRwV1z4iFZIEdQ
-rDc9567yE4enRLKcSEv+aeW/N8pf57sWur0fjUOPbw==
------END CERTIFICATE-----
+IwQYMBaAFBf0G9XlKgEBTWuiXTYKKQmWZYBGMA0GCSqGSIb3DQEBCwUAA4ICAQBl
+84EhWvv8L/nODg6ULqbyZMOIycN1l9up8ruuG3Gz/jFfj6DQZHJTxRXaFhKrK0uR
+wOgccDvme3w31bPbpuKOGfNwI9hotWKkF8qqZ6Gd1msic71DsLxtGzz8gVd+ofxI
+/U/bMh259hFyk2wE39YJVJywPQgJc+wsOsgijLcg71JJzMX2LlAv7sdkWwPljqg7
+BL18gUqJLG5sAYMskRpPI6ls7DNs2fgRxJr4obR6ejPZ697dbNx8IbOOXFl3Su+k
+WZE0wM/bHPP7agG+F4xsjLG6ZyrshaHnt0t/1O6HlJVyC6vht6N2MNeC7fRxAzdf
+PTK7F5SBY3zO3rVVypHP0mBtKwKEqlkKLKKDNowu/677Lis4sqYWaKjGmFIFo7J0
+O6v+PeTEUULMMqY00z4qWVOKZ4kaM3cnEeiWVQKB9D+jcP7omvy2YZEXNSmUVDtM
+qzh/+IzJ0wmrREpYQUSjWQkN8SoEeLATsHvT0dFnlblt6xzr/Vga8nczilPtgagw
+Jx5hmLQ+OnGOF1C00S+7xb3iOFNgH+dyjKIoDpKUO4+3LPSJGkBRGED4rKSCmrUn
+T2mgslMdAb/5lYruhgwEXscJBnK9RdT6D5CJEDISljsSfPBQLHx13uHAC+iCKT0w
+nWFNpoq61mpXWBCkqSgfH3I8wS3W53T6DSusRdmyqg==
+-----END CERTIFICATE----- \ No newline at end of file